Package: curl Version: 7.88.1-10+deb12u5 Severity: normal Tags: upstream X-Debbugs-Cc: dan...@haxx.se, debbug.c...@sideload.33mail.com
For years a script ran fine which contained a command like this: $ curl -x socks5h://127.0.0.1:9050 --url 'ftps://host.domain.com/word1 word2/dir/' -T "$document" --disable-epsv --netrc-optional but after upgrading from Bullseye to Bookworm (cURL 7.74.0-1.3+deb11u11 to 7.88.1-10+deb12u5), the URL is rejected with this output: curl: (3) URL using bad/illegal format or missing URL The workaround is to manually encode the space like this: 'ftps://host.domain.com/word1%20word2/dir/' /Documentation/ ---------------------------------------- The --url parameter is documented in the man page this way: > --url <url> > Specify a URL to fetch. This option is mostly handy when you want to > specify URL(s) in a config file. < … This is misleading because the URL is not necessarily used to do a *fetch*. So it could cause confusion for people who are transmitting. There is also no mention in the man page whether spaces are accepted or refused, nor is there mention of how encodings are treated. When I experimented with using “%20” in place of a space, my concern was that cURL would further encode /that/ to result in a literal “%20”. User should be explicitly informed. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages curl depends on: ii libc6 2.36-9+deb12u7 ii libcurl4 7.88.1-10+deb12u5 ii zlib1g 1:1.2.13.dfsg-1 curl recommends no packages. curl suggests no packages. -- no debconf information
