5 \___|\___/|_| \_\_____|
9 Version 7.48.0 (23 Mar 2016)
11 Daniel Stenberg (23 Mar 2016)
12 - RELEASE-NOTES: curl 7.48.0
14 - THANKS: 15 new contributors from 7.48.0 release
16 Jay Satiro (23 Mar 2016)
17 - CURLINFO_TLS_SSL_PTR.3: Warn about limitations
19 Bug: https://github.com/curl/curl/issues/685
21 Daniel Stenberg (22 Mar 2016)
22 - Revert "sshserver: remove use of AuthorizedKeysFile2"
24 It seems we may have some autobuild problems after this commit went
25 in. Trying to see if a revert helps to get them back.
27 This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642.
29 - maketgz: add -j to make dist
31 ... makes it a lot faster
33 - libcurl-thread.3: minor nroff format fix
35 - CURLINFO_TLS_SSL_PTR.3: minor nroff format fix
37 - CODE_STYLE: indend example code
39 ... to make it look nicer in markdown outputa
41 Jay Satiro (22 Mar 2016)
42 - build-wolfssl: Update VS properties for wolfSSL v3.9.0
44 - Do not use wolfSSL's sample user-setting files.
46 wolfSSL starting in v3.9.0 has added their own sample user settings that
47 are applied by default, but we don't use them because we have our own
50 - Do not use wolfSSL's Visual Studio Unicode character setting.
52 wolfSSL Visual Studio projects use the Unicode character set however our
53 settings and options imitate mingw build which does not use the Unicode
54 character set. This does not appear to have any effect at the moment but
55 better safe than sorry.
58 These changes are backwards compatible with earlier versions.
60 Steve Holme (22 Mar 2016)
61 - hostip6: Fixed compilation warnings when verbose strings disabled
63 warning C4189: 'data': local variable is initialized but not referenced
65 ...and some minor formatting/spacing changes.
67 Daniel Stenberg (21 Mar 2016)
68 - sshserver: remove use of AuthorizedKeysFile2
70 Support for the (undocumented) AuthorizedKeysFile2 was removed in
71 OpenSSH 5.9, released in September 2011
75 Steve Holme (20 Mar 2016)
76 - connect/ntlm/http: Fixed compilation warnings when verbose strings disabled
78 warning C4189: 'data': local variable is initialized but not referenced
80 - openssl: Fixed compilation warning when /Wall enabled
82 warning C4706: assignment within conditional expression
84 - CODE_STYLE: Use boolean conditions
86 Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions.
88 Additionally, corrected some example code to adhere to the recommended
91 - inet_pton.c: Fixed compilation warnings
93 warning: conversion to 'unsigned char' from 'int' may alter its value
95 Daniel Stenberg (19 Mar 2016)
96 - RELEASE-NOTES: synced with 80851028efc2fa9
98 - mbedtls: fix compiler warning
100 vtls/mbedtls.h:67:36: warning: implicit declaration of function
101 ‘mbedtls_sha256’ [-Wimplicit-function-declaration]
103 Steve Holme (19 Mar 2016)
104 - easy: Minor coding standard and style updates
106 Following commit c5744340db. Additionally removes the need for a second
107 'result code' variable as well.
109 Jay Satiro (19 Mar 2016)
110 - easy: Remove poll failure check in easy_transfer
112 .. because curl_multi_wait can no longer signal poll failure.
116 Bug: https://github.com/curl/curl/issues/707
118 Steve Holme (19 Mar 2016)
119 - build: Added missing Visual Studio filter files for VC10 onwards
121 As these files don't need to contain references to the source files,
122 although typically do, added basic files which only include three
123 filters and don't require the project file generator to be modified.
125 These files allow the source code to be viewed in the Solution Explorer
126 in versions of Visual Studio from 2010 onwards in the same manner as
127 previous versions did rather than one large view of files.
129 - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
131 warning C4706: assignment within conditional expression
133 - config-w32.h: Fixed compilation warning when /Wall enabled
135 warning C4668: 'USE_IPV6' is not defined as a preprocessor macro,
136 replacing with '0' for '#if/#elif'
138 - imap.c: Fixed compilation warning with /Wall enabled
140 warning C4701: potentially uninitialized local variable 'size' used
142 Technically this can't happen, as the usage of 'size' is protected by
143 'if(parsed)' and 'parsed' is only set after 'size' has been parsed.
145 Anyway, lets keep the compiler happy.
147 - KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms
149 Daniel Stenberg (18 Mar 2016)
150 - bump: the coming release is 7.48.0
152 - configure: use cpp -P when needed
154 Since gcc 5, the processor output can get split up on multiple lines
155 that made the configure script fail to figure out values from
156 definitions. The fix is to use cpp -P, and this fix now first checks if
157 cpp -P is necessary and then if cpp -P works before it uses that to
158 extract defined values.
162 Steve Holme (18 Mar 2016)
163 - formdata.c: Fixed compilation warning
165 formdata.c:390: warning: cast from pointer to integer of different size
167 Introduced in commit ca5f9341ef this happens because a char*, which is
168 32-bits wide in 32-bit land, is being cast to a curl_off_t which is
169 64-bits wide where 64-bit integers are supported by the compiler.
171 This doesn't happen in 64-bit land as a pointer is the same size as a
174 This fix doesn't address the fact that a 64-bit value cannot be used
175 for CURLFORM_CONTENTLEN when set in a form array and compiled on a
176 32-bit platforms, it does at least suppress the compilation warning.
178 Daniel Stenberg (18 Mar 2016)
179 - FAQ: 2.5 Install libcurl for both 32bit and 64bit?
181 - [Gisle Vanem brought this change]
183 openssl: adapt to API breakage in ERR_remove_thread_state()
185 The OpenSSL API change that broke this is "Convert ERR_STATE to new
186 multi-threading API": openssl commit 8509dcc.
190 - version: init moved to private name space, added protos
192 follow-up to 80015cdd52145
194 - openssl: verbose: show matching SAN pattern
196 ... to allow users to see which specfic wildcard that matched when such
199 Also minor logic cleanup to simplify the code, and I removed all tabs
200 from verbose strings.
202 Jay Satiro (16 Mar 2016)
203 - version: thread safety
205 Steve Holme (16 Mar 2016)
206 - transfer: Removed redundant HTTP authentication include files
208 It would also seem that share.h is not required here either as there
209 are no references to the Curl_share structure or functions.
211 - easy: Removed redundant HTTP authentication include files
213 Jay Satiro (15 Mar 2016)
214 - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support
216 Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html
217 Reported-by: Oliver Graute
219 Steve Holme (15 Mar 2016)
220 - curl_sasl: Minor code indent fixes
222 Daniel Stenberg (14 Mar 2016)
223 - runtests: mention when run event-based
225 - easy: add check to malloc() when running event-based
227 ... to allow torture tests then too.
229 - memdebug: skip logging the limit countdown, fflush when reached
231 - CODE_STYLE: Space around operators
233 As just discussed on the mailing list, also document how we prefer
234 spacing in expressions.
236 - curl: glob_range: no need to check unsigned variable for negative
240 [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
243 - CODE_STYLE: add example for indent style as well
245 - CODE_STYLE: mention braces for functions too
247 - docs/Makefile.am: include CODE_STYLE in tarball too
249 - CONTRIBUTE: moved out code style to a separate document
251 - CODE_STYLE: initial version
253 Ripped out from CONTRIBUTE into its own document, but also extended from
256 - curl_sasl.c: minor code indent fixes
258 - multi: simplified singlesocket
260 Since sh_getentry() now checks for invalid sockets itself and by
261 narrowing the scope of the remove_sock_from_hash variable.
263 - multi: introduce sh_getentry() for looking up sockets in the sockhash
265 Simplify the code by using a single entry that looks for a socket in the
266 socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD
267 at some point and that is ineffective/wrong and this makes it easier to
270 - [Jaime Fullaondo brought this change]
272 multi hash: ensure modulo performed on curl_socket_t
276 Steve Holme (13 Mar 2016)
277 - base64: Minor coding standard and style updates
279 - base64: Use 'CURLcode result' for curl result codes
281 - negotiate: Use 'CURLcode result' for curl result codes
283 Daniel Stenberg (13 Mar 2016)
284 - [Maksim Kuzevanov brought this change]
286 multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT
290 - TODO: Use the RFC6265 test suite
292 Steve Holme (13 Mar 2016)
293 - checksrc.bat: Added the ability to scan src and lib source independently
295 - digest: Use boolean based success code for Curl_sasl_digest_get_pair()
297 Rather than use a 0 and 1 integer base result code use a TRUE / FALSE
300 - digest: Corrected some typos in comments
302 - krb5: Corrected some typos in function descriptions
304 - ntlm: Corrected some typos in function descriptions
306 - url: Corrected indentation when calling idna_to_ascii_lz()
308 - idn_win32: Use boolean based success codes
310 Rather than use 0 and 1 integer base result codes use a FALSE / TRUE
313 Daniel Stenberg (10 Mar 2016)
314 - idn_win32.c: warning: Trailing whitespace
316 Steve Holme (10 Mar 2016)
317 - idn_win32.c: Fixed compilation warning from commit 9e7fcd4291
319 warning C4267: 'function': conversion from 'size_t' to 'int',
320 possible loss of data
322 Daniel Stenberg (10 Mar 2016)
323 - THANKS-filter: unify Michael König
325 - RELEASE-NOTES: synced with 863c5766dd
327 - ftp: remove a check for NULL(!)
329 ... as it implies we need to check for that on all the other variable
330 references as well (as Coverity otherwise warns us for missing NULL
331 checks), and we're alredy making sure that the pointer is never NULL.
333 - cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
335 RFC 6265 section 4.1.1 spells out that the first name/value pair in the
336 header is the actual cookie name and content, while the following are
339 libcurl previously had a more liberal approach which causes significant
340 problems when introducing new cookie parameters, like the suggested new
341 cookie priority draft.
343 The previous logic read all n/v pairs from left-to-right and the first
344 name used that wassn't a known parameter name would be used as the
345 cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
346 a cookie named 'person' while an RFC 6265 compliant parser should
347 consider that to be a cookie named 'Max-Age' with an (unknown) parameter
352 - krb5: improved type handling to avoid clang compiler warnings
354 - url.c: fix clang warning: no newline at end of file
356 - curl_multi_wait: never return -1 in 'numfds'
358 Such a return value isn't documented but could still happen, and the
359 curl tool code checks for it. It would happen when the underlying
360 Curl_poll() function returns an error. Starting now we mask that error
361 as a user of curl_multi_wait() would have no way to handle it anyway.
363 Reported-by: Jay Satiro
366 - HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link
368 - curl_multi_wait.3: add example
370 Steve Holme (8 Mar 2016)
371 - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
373 Regression since commit 710f14edba.
375 Bug: https://github.com/curl/curl/issues/422
376 Reported-by: Justin Ehlert
378 Jay Satiro (8 Mar 2016)
379 - opt-docs: fix heading macros
383 Bug: https://github.com/curl/curl/issues/705
384 Reported-by: Eric S. Raymond
386 Kamil Dudka (8 Mar 2016)
387 - [Tim Rühsen brought this change]
389 cookie: do not refuse cookies for localhost
393 Daniel Stenberg (8 Mar 2016)
394 - ftp_done: clear tunnel_state when secondary socket closes
396 Introducing a function for closing the secondary connection to make this
397 bug less likely to happen again.
402 - [Gisle Vanem brought this change]
404 openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
406 - HTTP2.md: HTTP/2 by default for curl's HTTPS connections
408 - [Anders Bakken brought this change]
410 pipeline: Sanity check pipeline pointer before accessing it.
412 I got a crash with this stack:
414 curl/lib/url.c:2873 (Curl_removeHandleFromPipeline)
415 curl/lib/url.c:2919 (Curl_getoff_all_pipelines)
416 curl/lib/multi.c:561 (curl_multi_remove_handle)
417 curl/lib/url.c:415 (Curl_close)
418 curl/lib/easy.c:859 (curl_easy_cleanup)
422 - HTTP2.md: mention the disable ALPN and NPN options
424 - TODO: 17.12 keep running, read instructions from pipe/socket
426 And delete trailing whitespace
427 And rename section 17 to "command line tool" from "client"
431 - README.md: linkified
433 It also makes it less readable as plain text, so let's keep this
434 primarily for github use.
436 Removed the top ascii art logo, as it looks weird when markdownified.
438 - README.md: markdown version of README
440 Attempt to make it look more appealing on github
442 Jay Satiro (6 Mar 2016)
443 - mprintf: update trio project link
445 Daniel Stenberg (6 Mar 2016)
446 - CURLOPT_ACCEPTTIMEOUT_MS.3: added example
448 - CURLOPT_ACCEPT_ENCODING.3: added example
450 - CURLOPT_APPEND.3: added example
452 - CURLOPT_NOPROGRESS.3: added example, conform to stardard style
454 Steve Holme (6 Mar 2016)
455 - build-openssl/checksrc.bat: Fixed prepend vs append of Perl path
457 Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order
458 in which Perl was added to the PATH.
460 Daniel Stenberg (6 Mar 2016)
461 - opts: added two examples
463 - CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example
465 - CURLOPT_SSL_CTX_FUNCTION.3: added example
467 and removed erroneous reference to test case lib509
469 - curlx.c: use more curl style code
471 - test46: change cookie expiry date
473 Since two of the cookies would now otherwise expire and cause the test
474 to fail after commit 20de9b4f09
478 Jay Satiro (5 Mar 2016)
479 - [Viktor Szakats brought this change]
481 makefile.m32: add missing libs for static -winssl-ssh2 builds
483 Bug: https://github.com/curl/curl/pull/693
485 - mbedtls: fix user-specified SSL protocol version
487 Prior to this change when a single protocol CURL_SSLVERSION_ was
488 specified by the user that version was set only as the minimum version
489 but not as the maximum version as well.
491 Steve Holme (5 Mar 2016)
492 - .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14
494 - build-openssl.bat: Fixed cannot find perl if installed but not in path
496 - checksrc.bat: Fixed cannot find perl if installed but not in path
498 Jay Satiro (5 Mar 2016)
499 - [Viktor Szakats brought this change]
501 makefile.m32: fix to allow -ssh2-winssl combination
503 In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
504 (OpenSSL) option, with no way to override it with -winssl. Since both
505 libssh2 and curl support using Windows's built-in SSL backend, modify
506 the logic to allow that combination.
508 - cookie: Don't expire session cookies in remove_expired
510 Prior to this change cookies with an expiry date that failed parsing
511 and were converted to session cookies could be purged in remove_expired.
513 Bug: https://github.com/curl/curl/issues/697
514 Reported-by: Seth Mos
516 Daniel Stenberg (3 Mar 2016)
517 - cookie: remove redundant check
519 ... as it was already checked previously within the function.
521 Reported-by: Dmitry-Me
524 Jay Satiro (1 Mar 2016)
525 - [Anders Bakken brought this change]
527 url: if Curl_done is premature then pipeline not in use
529 Prevent a crash if 2 (or more) requests are made to the same host and
530 pipelining is enabled and the connection does not complete.
532 Bug: https://github.com/curl/curl/pull/690
534 - [Viktor Szakats brought this change]
536 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
538 using envvars `CURL_LDFLAG_EXTRAS_DLL` and
539 `CURL_LDFLAG_EXTRAS_EXE` respectively. This
540 is useful f.e. to pass ASLR-related extra
541 options, that are required to make this
542 feature work when using the mingw toolchain.
544 Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985
546 Closes https://github.com/curl/curl/pull/689
548 Daniel Stenberg (29 Feb 2016)
549 - formpost: fix memory leaks in AddFormData error branches
551 Reported-by: Dmitry-Me
554 Jay Satiro (28 Feb 2016)
555 - getinfo: Fix syntax error when mbedTLS
557 The assignment of the mbedTLS TLS session info in the parent commit was
558 incorrect. Change the assignment to a pointer to the session structure.
560 - getinfo: Add support for mbedTLS TLS session info
562 .. and preprocessor check TLS session info is defined for all backends.
564 Daniel Stenberg (26 Feb 2016)
565 - ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on
567 - file: try reading from files with no size
569 Some systems have special files that report as 0 bytes big, but still
570 contain data that can be read (for example /proc/cpuinfo on
571 Linux). Starting now, a zero byte size is considered "unknown" size and
572 will be read as far as possible anyway.
574 Reported-by: Jesse Tan
578 Jay Satiro (25 Feb 2016)
579 - configure: warn on invalid ca bundle or path
581 - Warn if --with-ca-bundle file does not exist.
583 - Warn if --with-ca-path directory does not contain certificates.
585 - Improve help messages for both.
587 Example configure output:
589 ca cert bundle: /some/file (warning: certs not found)
590 ca cert path: /some/dir (warning: certs not found)
592 Bug: https://github.com/curl/curl/issues/404
593 Reported-by: Jeffrey Walton
595 Daniel Stenberg (24 Feb 2016)
596 - Curl_read: check for activated HTTP/1 pipelining, not only requested
598 ... as when pipelining is used, we read things into a unified buffer and
599 we don't do that with HTTP/2. This could then easily make programs that
600 set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data
601 intermixed or plain broken between HTTP/2 streams.
603 Reported-by: Anders Bakken
605 Patrick Monnerat (24 Feb 2016)
606 - os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS
608 Jay Satiro (23 Feb 2016)
609 - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
611 The two options are almost the same, except in the case of OpenSSL:
613 CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.
615 CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.
617 For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
618 return an SSL pointer for OpenSSL.
620 Also, add support for the 'internals' member to point to SSL object for
621 the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
624 Bug: https://github.com/curl/curl/issues/234
625 Reported-by: dkjjr89@users.noreply.github.com
627 Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
628 Reported-by: Michael König
630 Daniel Stenberg (23 Feb 2016)
631 - multi_remove_handle: keep the timeout list until after disconnect
633 The internal Curl_done() function uses Curl_expire() at times and that
634 uses the timeout list. Better clean up the list once we're done using
635 it. This caused a segfault.
638 Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html
640 Kamil Dudka (23 Feb 2016)
641 - tests/sshserver.pl: use RSA instead of DSA for host auth
643 DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
644 test cases to be skipped. Using RSA for host authentication works with
645 both old and new versions of OpenSSH.
647 Reported-by: Karlson2k
651 Jay Satiro (23 Feb 2016)
652 - TFTP: add option to suppress TFTP option requests (Part 2)
656 - Add an example to CURLOPT_TFTP_NO_OPTIONS.3.
658 - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.
660 Bug: https://github.com/curl/curl/issues/481
662 - [Michael Koenig brought this change]
664 TFTP: add option to suppress TFTP option requests (Part 1)
666 Some TFTP server implementations ignore the "TFTP Option extension"
667 (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
668 problems with libcurl. Another switch for curl_easy_setopt
669 "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
670 sending TFTP option requests to a server, avoiding many problems caused
671 by faulty implementations.
673 Bug: https://github.com/curl/curl/issues/481
675 Daniel Stenberg (22 Feb 2016)
676 - [Karlson2k brought this change]
678 runtests: Fixed usage of %PWD on MinGW64
682 Jay Satiro (20 Feb 2016)
683 - CURLOPT_DEBUGFUNCTION.3: Fix example
685 - [Viktor Szakats brought this change]
687 src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
689 Sync with lib/Makefile.m32 which already uses those variables.
691 Bug: https://github.com/curl/curl/pull/670
693 Dan Fandrich (20 Feb 2016)
694 - Enabled test 1437 after the bug fix in commit 3fa220a6
696 Jay Satiro (19 Feb 2016)
697 - [Emil Lerner brought this change]
699 curl_sasl: Fix memory leak in digest parser
701 If any parameter in a HTTP DIGEST challenge message is present multiple
702 times, memory allocated for all but the last entry should be freed.
704 Bug: https://github.com/curl/curl/pull/667
706 Dan Fandrich (19 Feb 2016)
707 - Added test 1437 to verify a memory leak
709 Reported-by: neex@users.noreply.github.com
711 Jay Satiro (18 Feb 2016)
712 - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style
714 Bug: https://github.com/curl/curl/issues/666
715 Reported-by: baumanj@users.noreply.github.com
717 - curl.1: HTTP headers for --cookie must be Set-Cookie style
719 Bug: https://github.com/curl/curl/issues/666
720 Reported-by: baumanj@users.noreply.github.com
722 Daniel Stenberg (18 Feb 2016)
723 - curl.1: add a missing dash
725 - CONTRIBUTING.md: fix links
727 - ISSUE_TEMPLATE: github issue template
729 First version, try this out!
731 - CONTRIBUTING.md: move into .github
733 To hide github specific files somewhat from the rest.
735 - opts: add references
737 - examples/make: add 'checksrc' target
739 - 10-at-a-time: typecast the argument passed to sleep()
741 - externalsocket.c: fix compiler warning for fwrite return type
743 - anyauthput.c: fix compiler warnings
745 - simplessl.c: warning: while with space
747 - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
749 Reported-By: Gisle Vanem
751 - http2: don't decompress gzip decoding automatically
753 At one point during the development of HTTP/2, the commit 133cdd29ea0
754 introduced automatic decompression of Content-Encoding as that was what
755 the spec said then. Now however, HTTP/2 should work the same way as
756 HTTP/1 in this regard.
758 Reported-by: Kazuho Oku
762 Jay Satiro (16 Feb 2016)
763 - [Tatsuhiro Tsujikawa brought this change]
765 http: Don't break the header into chunks if HTTP/2
767 nghttp2 callback deals with TLS layer and therefore the header does not
768 need to be broken into chunks.
770 Bug: https://github.com/curl/curl/issues/659
771 Reported-by: Kazuho Oku
773 Daniel Stenberg (16 Feb 2016)
774 - [Viktor Szakats brought this change]
776 openssl: use macro to guard the opaque EVP_PKEY branch
778 - [Viktor Szakats brought this change]
780 openssl: avoid direct PKEY access with OpenSSL 1.1.0
782 by using API instead of accessing an internal structure.
783 This is required starting OpenSSL 1.1.0-pre3.
787 - RELEASE-NOTES: synced with ede0bfc079da
789 - [Clint Clayton brought this change]
791 CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option
793 Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use
794 CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT.
798 - opt-docs: add more references
800 - [David Byron brought this change]
802 SCP: use libssh2_scp_recv2 to support > 2GB files on windows
804 libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any
809 Jay Satiro (13 Feb 2016)
810 - [Shine Fan brought this change]
812 gtls: fix for builds lacking encrypted key file support
814 Bug: https://github.com/curl/curl/pull/651
816 Dan Fandrich (13 Feb 2016)
817 - test1604: Add to Makefile.inc so it gets run
819 Jay Satiro (12 Feb 2016)
820 - generate.bat: Fix comment bug by removing old comments
822 Remove NOTES section, it's no longer needed since we aren't setting the
823 errorlevel and more importantly the recently updated URL in the comments
824 is causing some unusual behavior that breaks the script.
826 Closes https://github.com/curl/curl/issues/649
828 Kamil Dudka (12 Feb 2016)
829 - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
831 The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man
832 pages since curl-7_12_3~131. This patch makes it clear in the curl.1
835 Bug: https://bugzilla.redhat.com/1305970
837 Daniel Stenberg (12 Feb 2016)
838 - dist: ship buildconf.bat too
840 As the winbuild/* stuff uses it!
842 - curlx_tvdiff: handle 32bit time_t overflows
844 On 32bit systems, make sure we don't overflow and return funky values
845 for very large time differences.
847 Reported-by: Anders Bakken
851 - examples: fix some compiler warnings
853 - simplessl.c: fix my breakage
855 - examples: adhere to curl code style
857 All plain C examples now (mostly) adhere to the curl code style. While
858 they are only examples, they had diverted so much and contained all
859 sorts of different mixed code styles by now. Having them use a unified
860 style helps users and readability. Also, as they get copy-and-pasted
861 widely by users, making sure they're clean and nice is a good idea.
863 573 checksrc warnings were addressed.
865 - examples/cookie_interface.c: add cleanup call
867 cleaning up handles is a good idea as we leak memory otherwise
869 Also, line wrapped before 80 columns.
871 Kamil Dudka (10 Feb 2016)
872 - nss: search slash in forward direction in dup_nickname()
874 It is wasteful to search it backwards if we look for _any_ slash.
876 - nss: do not count enabled cipher-suites
878 We only care if at least one cipher-suite is enabled, so it does
879 not make any sense to iterate till the end and count all enabled
882 Daniel Stenberg (10 Feb 2016)
883 - contributors.sh: make 79 the max column width (from 80)
885 - RELEASE-NOTES: synced with c276aefee3995
887 - mbedtls.c: re-indent to better match curl standards
889 - [Rafael Antonio brought this change]
891 mbedtls: fix memory leak when destroying SSL connection data
895 - mbedtls: fix ALPN usage segfault
897 Since we didn't keep the input argument around after having called
898 mbedtls, it could end up accessing the wrong memory when figuring out
903 Jay Satiro (9 Feb 2016)
904 - [Timotej Lazar brought this change]
906 opts: update references to renamed options
908 - KNOWN_BUGS: Update #92 - Windows device prefix
910 - tool_doswin: Support for literal path prefix \\?\
912 For example something like --output \\?\C:\foo
914 Daniel Stenberg (9 Feb 2016)
915 - configure: state "BoringSSL" in summary when that was detected
917 - [David Benjamin brought this change]
919 openssl: remove most BoringSSL #ifdefs.
921 As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
922 BoringSSL #ifdefs in cURL should be unnecessary:
924 - BoringSSL provides no-op stubs for compatibility which replaces most
927 - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
928 the compatibility codepath.
930 - With a small tweak to an extend_key_56_to_64 call, the NTLM code
933 - Switch OCSP-related #ifdefs to the more generally useful
936 The only #ifdefs which remain are Curl_ossl_version and the #undefs to
937 work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
938 that to the consumer. The in-header workaround makes things sensitive to
941 This change errs on the side of removing conditionals despite many of
942 the restored codepaths being no-ops. (BoringSSL generally adds no-op
943 compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
948 Jay Satiro (8 Feb 2016)
949 - KNOWN_BUGS: Windows device prefix is required for devices
951 - tool_urlglob: Allow reserved dos device names (Windows)
953 Allow --output to reserved dos device names without the device prefix
954 for backwards compatibility.
956 Example: --output NUL can be used instead of --output \\.\NUL
958 Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
959 Reported-by: Gisle Vanem
961 Daniel Stenberg (8 Feb 2016)
962 - cookies: allow spaces in cookie names, cut of trailing spaces
964 It turns out Firefox and Chrome both allow spaces in cookie names and
965 there are sites out there using that.
967 Turned out the code meant to strip off trailing space from cookie names
968 didn't work. Fixed now.
970 Test case 8 modified to verify both these changes.
974 Patrick Monnerat (8 Feb 2016)
975 - Merge branch 'master' of github.com:curl/curl
977 - os400: sync ILE/RPG definitions with latest public header files.
979 Daniel Stenberg (8 Feb 2016)
980 - [Ludwig Nussel brought this change]
982 SSLCERTS: update wrt SSL CA certificate store
984 - [Ludwig Nussel brought this change]
986 configure: --with-ca-fallback: use built-in TLS CA fallback
988 When trying to verify a peer without having any root CA certificates
989 set, this makes libcurl use the TLS library's built in default as
994 - Proxy-Connection: stop sending this header by default
996 RFC 7230 says we should stop. Firefox already stopped.
998 Bug: https://github.com/curl/curl/issues/633
999 Reported-By: Brad Fitzpatrick
1003 - bump: work toward the next release
1005 - THANKS: 2 contributors from the 7.47.1 release
1007 - RELEASE-PROCEDURE: remove the github upload part
1009 ... as we're HTTPS on the main site now, there's no point in that
1012 Version 7.47.1 (8 Feb 2016)
1014 Daniel Stenberg (8 Feb 2016)
1015 - RELEASE-NOTES: curl 7.47.1 time!
1017 Jay Satiro (8 Feb 2016)
1018 - tool_operhlp: Check for backslashes in get_url_file_name
1020 Extract the filename from the last slash or backslash. Prior to this
1021 change backslashes could be part of the filename.
1023 This change needed for the curl tool built for Cygwin. Refer to the
1024 CYGWIN addendum in advisory 20160127B.
1026 Bug: https://curl.haxx.se/docs/adv_20160127B.html
1028 Daniel Stenberg (7 Feb 2016)
1029 - RELEASE-NOTES: synced with d6a8869ea34
1031 Jay Satiro (6 Feb 2016)
1032 - openssl: Fix signed/unsigned mismatch warning in X509V3_ext
1034 sk_X509_EXTENSION_num may return an unsigned integer, however the value
1037 Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
1038 Reported-by: Gisle Vanem
1040 Daniel Stenberg (7 Feb 2016)
1041 - TODO: 17.11 -w output to stderr
1043 Jay Satiro (6 Feb 2016)
1044 - [Michael Kaufmann brought this change]
1046 idn_win32: Better error checking
1048 .. also fix a conversion bug in the unused function
1049 curl_win32_ascii_to_idn().
1051 And remove wprintfs on error (Jay).
1053 Bug: https://github.com/curl/curl/pull/637
1055 - [Gisle Vanem brought this change]
1057 examples/asiohiper: Avoid function name collision on Windows
1059 closesocket => close_socket
1060 Winsock already has the former.
1062 Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
1064 - [Gisle Vanem brought this change]
1066 examples/htmltitle: Use _stricmp on Windows
1068 Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html
1070 Daniel Stenberg (6 Feb 2016)
1071 - COPYING: clarify that Daniel is not the sole author
1073 ... done on request and as it is a fair point.
1075 Jay Satiro (5 Feb 2016)
1076 - unit1604: Fix unit setup return code
1078 - tool_doswin: Use type SANITIZEcode in sanitize_file_name
1080 - tool_doswin: Improve sanitization processing
1082 - Add unit test 1604 to test the sanitize_file_name function.
1084 - Use -DCURL_STATICLIB when building libcurltool for unit testing.
1086 - Better detection of reserved DOS device names.
1088 - New flags to modify sanitize behavior:
1090 SANITIZE_ALLOW_COLONS: Allow colons
1091 SANITIZE_ALLOW_PATH: Allow path separators and colons
1092 SANITIZE_ALLOW_RESERVED: Allow reserved device names
1093 SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
1095 - Restore sanitization of banned characters from user-specified outfile.
1097 Prior to this commit sanitization of a user-specified outfile was
1098 temporarily disabled in 2b6dadc because there was no way to allow path
1099 separators and colons through while replacing other banned characters.
1100 Now in such a case we call the sanitize function with
1101 SANITIZE_ALLOW_PATH which allows path separators and colons to pass
1105 Closes https://github.com/curl/curl/issues/624
1106 Reported-by: Octavio Schroeder
1108 - [Viktor Szakats brought this change]
1110 URLs: change more http to https
1112 - sasl_sspi: Fix memory leak in domain populate
1114 Free an existing domain before replacing it.
1116 Bug: https://github.com/curl/curl/issues/635
1117 Reported-by: silveja1@users.noreply.github.com
1119 Daniel Stenberg (4 Feb 2016)
1120 - [Viktor Szakats brought this change]
1122 URLs: follow GitHub project rename (also Travis CI)
1126 - CHANGES.o: fix references to curl.haxx.nu
1128 I removed the scheme prefix from the URLs references this host name, as
1129 we don't own/run that anymore but the name is kept for historic reasons.
1131 - HISTORY: add some info about when we used which host names
1133 Jay Satiro (2 Feb 2016)
1134 - [Viktor Szakats brought this change]
1136 URLs: change more http to https
1138 Dan Fandrich (3 Feb 2016)
1139 - URLs: Change more haxx.se URLs from http: to https:
1141 Daniel Stenberg (3 Feb 2016)
1142 - RELEASE-NOTES: synced with 4af40b364
1144 - URLs: change all http:// URLs to https://
1146 - configure: update the copyright year range in output
1148 - dotdot: allow an empty input string too
1150 It isn't used by the code in current conditions but for safety it seems
1151 sensible to at least not crash on such input.
1153 Extended unit test 1395 to verify this too as well as a plain "/" input.
1155 - HTTPS: update a bunch of URLs from HTTP to HTTPS
1157 - [Sergei Nikulov brought this change]
1159 AppVeyor: updated to handle OpenSSL/WinSSL builds
1163 Jay Satiro (1 Feb 2016)
1164 - tool_operate: Don't sanitize --output path (Windows)
1166 Due to path separators being incorrectly sanitized in --output
1167 pathnames, eg -o c:\foo => c__foo
1169 This is a partial revert of 3017d8a until I write a proper fix. The
1170 remote-name will continue to be sanitized, but if the user specified an
1171 --output with string replacement (#1, #2, etc) that data is unsanitized
1172 until I finish a fix.
1174 Bug: https://github.com/bagder/curl/issues/624
1175 Reported-by: Octavio Schroeder
1177 - curl.1: Explain remote-name behavior if file already exists
1179 .. also warn about letting the server pick the filename.
1181 - [Gisle Vanem brought this change]
1183 urldata: Error on missing SSL backend-specific connect info
1185 Daniel Stenberg (28 Jan 2016)
1186 - bump: towards the next (7.47.1 ?)
1188 - [Sergei Nikulov brought this change]
1190 cmake: fixed when OpenSSL enabled on Windows and schannel detected
1194 Jay Satiro (28 Jan 2016)
1195 - [Sergei Nikulov brought this change]
1197 urldata: moved common variable out of ifdef
1199 Closes https://github.com/bagder/curl/pull/618
1201 - [Viktor Szakats brought this change]
1203 tool_doswin: silence unused function warning
1205 tool_doswin.c:185:14: warning: 'msdosify' defined but not used
1208 Closes https://github.com/bagder/curl/pull/616
1210 Daniel Stenberg (27 Jan 2016)
1211 - getredirect.c: fix variable name
1213 Reported-by: Bernard Spil
1215 Version 7.47.0 (27 Jan 2016)
1217 Daniel Stenberg (27 Jan 2016)
1218 - examples/Makefile.inc: specify programs without .c!
1220 - THANKS: 6 new contributors from 7.47.0 release notes
1222 - [Isaac Boukris brought this change]
1224 NTLM: Fix ConnectionExists to compare Proxy credentials
1226 Proxy NTLM authentication should compare credentials when
1227 re-using a connection similar to host authentication, as it
1228 authenticate the connection.
1231 curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
1232 --proxy-ntlm --next -x http://proxy:port http://host/
1233 [-U fake_user:fake_pwd --proxy-ntlm]
1237 Bug: http://curl.haxx.se/docs/adv_20160127A.html
1239 - [Ray Satiro brought this change]
1241 curl: avoid local drive traversal when saving file (Windows)
1243 curl does not sanitize colons in a remote file name that is used as the
1244 local file name. This may lead to a vulnerability on systems where the
1245 colon is a special path character. Currently Windows/DOS is the only OS
1246 where this vulnerability applies.
1250 Bug: http://curl.haxx.se/docs/adv_20160127B.html
1252 - RELEASE-NOTES: 7.47.0
1254 - FAQ: language fix in 4.19
1256 - [paulehoffman brought this change]
1258 FAQ: Update to point to GitHub
1260 Current FAQ didn't make it clear where the main repo is.
1264 - maketgz: generate date stamp with LC_TIME=C
1266 bug: http://curl.haxx.se/mail/lib-2016-01/0123.html
1268 - curl_multi_socket_action.3: line wrap
1270 - RELEASE-NOTES: synced with d58ba66eeceb
1272 Steve Holme (21 Jan 2016)
1273 - TODO: "Create remote directories" for SMB
1275 Jay Satiro (18 Jan 2016)
1276 - mbedtls: Fix pinned key return value on fail
1278 - Switch from verifying a pinned public key in a callback during the
1279 certificate verification to inline after the certificate verification.
1281 The callback method had three problems:
1283 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
1286 2. If peer certificate verification was disabled the pinned key
1287 verification did not take place as it should.
1289 3. (related to #2) If there was no certificate of depth 0 the callback
1290 would not have checked the pinned public key.
1292 Though all those problems could have been fixed it would have made the
1293 code more complex. Instead we now verify inline after the certificate
1294 verification in mbedtls_connect_step2.
1296 Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
1297 Ref: https://github.com/bagder/curl/pull/601
1299 - tests: Add a test for pinnedpubkey fail even when insecure
1301 Because disabling the peer verification (--insecure) must not disable
1302 the public key pinning check (--pinnedpubkey).
1304 - [Daniel Schauenberg brought this change]
1306 CURLINFO_RESPONSE_CODE.3: add example
1308 Kamil Dudka (15 Jan 2016)
1309 - ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
1311 The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
1312 empty strings specially since curl-7_25_0-31-g05a443a but the behavior
1313 was unintentionally removed in curl-7_38_0-47-gfa7d04f.
1315 This commit restores the original behavior and clarifies it in the
1316 documentation that NULL and "" have both the same meaning when passed
1317 to CURLOPT_SSH_PUBLIC_KEYFILE.
1319 Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
1321 Daniel Stenberg (14 Jan 2016)
1322 - RELEASE-NOTES: synced with 35083ca60ed035a
1324 - openssl: improved error detection/reporting
1326 ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
1327 1.1.0+ returned a new func number of another cerfificate fail so this
1328 required a fix and this is the better way to catch this error anyway.
1330 - openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
1332 - CURLOPT_RESOLVE.3: minor language polish
1334 - configure: assume IPv6 works when cross-compiled
1336 The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
1337 works, and testing like that doesn't work for cross-compiles. These days
1338 IPv6 support is widespread so a blind guess is probably more likely to
1339 be 'yes' than 'no' now.
1341 Further: anyone who cross-compiles can use configure's --disable-ipv6 to
1342 explicitly disable IPv6 and that also works for cross-compiles.
1344 Made happen after discussions in issue #594
1346 - TODO: "Try to URL encode given URL"
1350 - ConnectionExists: only do pipelining/multiplexing when asked
1352 When an HTTP/2 upgrade request fails (no protocol switch), it would
1353 previously detect that as still possible to pipeline on (which is
1354 acorrect) and do that when PIPEWAIT was enabled even if pipelining was
1355 not explictily enabled.
1357 It should only pipelined if explicitly asked to.
1361 - [Mohammad AlSaleh brought this change]
1363 lib: Prefix URLs with lower-case protocol names/schemes
1365 Before this patch, if a URL does not start with the protocol
1366 name/scheme, effective URLs would be prefixed with upper-case protocol
1367 names/schemes. This behavior might not be expected by library users or
1370 For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
1371 URL is "hostname/path". The effective URL would be
1372 "HTTPS://hostname/path" instead of "https://hostname/path".
1374 After this patch, effective URLs would be prefixed with a lower-case
1375 protocol name/scheme.
1379 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
1381 - [Alessandro Ghedini brought this change]
1383 scripts: don't generate and install zsh completion when cross-compiling
1385 - [Alessandro Ghedini brought this change]
1387 scripts: fix zsh completion generation
1389 The script should use the just-built curl, not the system one. This fixes
1390 zsh completion generation when no system curl is installed.
1392 - [Alessandro Ghedini brought this change]
1394 zsh.pl: fail if no curl is found
1396 Instead of generation a broken completion file.
1398 - [Michael Kaufmann brought this change]
1400 IDN host names: Remove the port number before converting to ACE
1404 Jay Satiro (10 Jan 2016)
1405 - runtests: Add mbedTLS to the SSL backends
1407 .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.
1409 Daniel Stenberg (10 Jan 2016)
1410 - [Thomas Glanzmann brought this change]
1412 mbedtls: implement CURLOPT_PINNEDPUBLICKEY
1414 Jay Satiro (9 Jan 2016)
1415 - [Tatsuhiro Tsujikawa brought this change]
1417 url: Fix compile error with --enable-werror
1419 - [Tatsuhiro Tsujikawa brought this change]
1421 http2: Ensure that http2_handle_stream_close is called
1423 Previously, when HTTP/2 is enabled and used, and stream has content
1424 length known, Curl_read was not called when there was no bytes left to
1425 read. Because of this, we could not make sure that
1426 http2_handle_stream_close was called for every stream. Since we use
1427 http2_handle_stream_close to emit trailer fields, they were
1428 effectively ignored. This commit changes the code so that Curl_read is
1429 called even if no bytes left to read, to ensure that
1430 http2_handle_stream_close is called for every stream.
1432 Discussed in https://github.com/bagder/curl/pull/564
1434 Daniel Stenberg (8 Jan 2016)
1435 - http2: handle the received SETTINGS frame
1437 This regression landed in 5778e6f5 and made libcurl not act on received
1438 settings and instead stayed with its internal defaults.
1440 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
1443 - Revert "multiplex: allow only once HTTP/2 is actually used"
1445 This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36.
1447 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
1449 Jay Satiro (8 Jan 2016)
1450 - [Tatsuhiro Tsujikawa brought this change]
1452 http2: Fix PUSH_PROMISE headers being treated as trailers
1454 Discussed in https://github.com/bagder/curl/pull/564
1456 Daniel Stenberg (8 Jan 2016)
1457 - [Michael Kaufmann brought this change]
1459 connection reuse: IDN host names fixed
1461 Use the ACE form of IDN hostnames as key in the connection cache. Add
1466 - tests: mark IPv6 FTP and FTPS tests with the FTP keyword
1468 Jay Satiro (7 Jan 2016)
1469 - mbedtls: Fix ALPN support
1471 - Fix ALPN reply detection.
1473 - Wrap nghttp2 code in ifdef USE_NGHTTP2.
1476 Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
1478 - http2: Fix client write for trailers on stream close
1480 Check that the trailer buffer exists before attempting a client write
1481 for trailers on stream close.
1483 Refer to comments in https://github.com/bagder/curl/pull/564
1485 Daniel Stenberg (7 Jan 2016)
1486 - COPYING: update general copyright year range
1488 - ConnectionExists: add missing newline in infof() call
1490 Mistake from commit a464f33843ee1
1492 - multiplex: allow only once HTTP/2 is actually used
1494 To make sure curl doesn't allow multiplexing before a connection is
1495 upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
1496 connection uses HTTP/2 as well and not only check what's wanted.
1502 Jay Satiro (4 Jan 2016)
1503 - curl_global_init.3: Add Windows-specific info for init via DLL
1505 - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
1506 that initializing libcurl via a DLL's DllMain or static initializer
1507 could cause a deadlock.
1509 Bug: https://github.com/bagder/curl/issues/586
1510 Reported-by: marc-groundctl@users.noreply.github.com
1512 Daniel Stenberg (4 Jan 2016)
1513 - FAQ: clarify who to mail about ECCN clarifications
1515 - progressfunc.c: spellfix description
1517 - docs/examples/multi-app.c: fix bad desc formatting
1519 - examples: added descriptions
1521 - example/simple.c: add description
1523 - getredirect.c: a new example
1525 Marc Hoersken (27 Dec 2015)
1526 - RELEASE-NOTES: add 5e0e81a9c4e35f04ca
1528 Daniel Stenberg (26 Dec 2015)
1529 - RELEASE-NOTES: synced with 2aec4359db1088b10d
1531 Marc Hoersken (26 Dec 2015)
1532 - test 1515: add data check
1534 - test 1515: add MSYS support by passing a relative path
1536 MSYS would otherwise turn a /-style path into a C:\-style path.
1538 - test 539: use datacheck mode text for ASCII-mode LISTings
1540 While still using datacheck mode binary for the inline reply data.
1542 - runtests.pl: check up to 5 data parts with different text modes
1544 Move the text-mode conversion for reply/replycheck from the verify
1545 section into the load section and add support for 4 more check parts.
1547 Daniel Stenberg (24 Dec 2015)
1548 - CURLOPT_RANGE: for HTTP servers, range support is optional
1550 Marc Hoersken (24 Dec 2015)
1551 - tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings
1553 - tests 706 and 707: use datacheck mode text for ASCII-mode LISTings
1555 - tests 400,403,406: use datacheck mode text for ASCII-mode LISTings
1557 - sockfilt.c: fix calculation of sleep timeout on Windows
1559 Not converting to double caused small timeouts to be skipped.
1561 - tests first.c: fix calculation of sleep timeout on Windows
1563 Not converting to double caused small timeouts to be skipped.
1565 - test 573: add more debug output
1567 - ftplistparser.c: fix handling of file LISTings using Windows EOL
1569 Previously file.txt[CR][LF] would have been returned as file.tx
1570 (without the last t) if filetype is symlink. Now the t is
1571 included and the internal item_length includes the zero byte.
1573 Spotted using test 576 on Windows.
1575 - test 16: fix on Linux (and Windows) by using plain ASCII characters
1577 Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.
1579 - tftpd server: add Windows support by writing files in binary mode
1581 - tests 252-255: use datacheck mode text for ASCII-mode LISTings
1583 - test 16: fix on Windows by converting data file from ANSI to UTF-8
1585 Daniel Stenberg (23 Dec 2015)
1586 - Makefile.inc: s/curl_SOURCES/CURL_FILES
1588 This allows the root Makefile.am to include the Makefile.inc without
1589 causing automake to warn on it (variables named *_SOURCES are
1590 magic). curl_SOURCES is then instead assigned properly in
1591 src/Makefile.am only.
1595 - [Anders Bakken brought this change]
1597 ConnectionExists: with *PIPEWAIT, wait for connections
1599 Try harder to prevent libcurl from opening up an additional socket when
1600 CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
1601 handshakes complete first before the decision is made.
1605 - [Anders Bakken brought this change]
1607 Add .dir-locals and set c-basic-offset to 2.
1609 This makes it easier for emacs users to automatically get the right
1610 2-space indentation when they edit curl source files.
1612 c++-mode is in there as well because Emacs can't easily know if
1613 something is a C or C++ header.
1617 - [Johannes Schindelin brought this change]
1619 configure: detect IPv6 support on Windows
1621 This patch was "nicked" from the MINGW-packages project by Daniel.
1623 https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
1624 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1626 - configure: allow static builds on mingw
1628 This patch is adopted from the MINGW-packages project. It makes it
1629 possible to build curl both shared and static again.
1631 URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl
1633 Marc Hoersken (17 Dec 2015)
1634 - test 1326: fix file check since curl is outputting binary data
1636 - test 1326: fix getting stuck on Windows due to incomplete request
1638 The request needs to be read and send in binary mode in order to use
1639 CRLF instead of LF. Adding --upload-file - causes curl to read stdin
1642 Daniel Stenberg (17 Dec 2015)
1643 - RELEASE-NOTES: command line option recount
1645 Dan Fandrich (16 Dec 2015)
1646 - scripts/Makefile: build zsh script even in an out-of-tree build
1648 Marc Hoersken (16 Dec 2015)
1649 - sockfilt.c: added some debug output to select_ws
1651 - sockfilt.c: keep lines shorter than 80 chars
1653 - sockfilt.c: do not wait on unreliable file or pipe handle
1655 The previous implementation caused issues on modern MSYS2 runtimes.
1657 Daniel Stenberg (16 Dec 2015)
1658 - cyassl: deal with lack of *get_peer_certificate
1660 The function is only present in wolfssl/cyassl if it was built with
1661 --enable-opensslextra. With these checks added, pinning support is disabled
1662 unless the TLS lib has that function available.
1664 Also fix the mistake in configure that checks for the wrong lib name.
1668 - wolfssl: handle builds without SSLv3 support
1670 - [Tatsuhiro Tsujikawa brought this change]
1672 http2: Support trailer fields
1674 This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked
1675 encoding must be used to send trialer fields. HTTP/2 deprecated any
1676 trandfer-encoding, including chunked. But trailer fields are now
1679 Since trailer fields are relatively rare these days (gRPC uses them
1680 extensively though), allocating buffer for trailer fields is done when
1681 we detect that HEADERS frame containing trailer fields is started. We
1682 use Curl_add_buffer_* functions to buffer all trailers, just like we
1683 do for regular header fields. And then deliver them when stream is
1684 closed. We have to be careful here so that all data are delivered to
1685 upper layer before sending trailers to the application.
1687 We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
1688 mechanism, but current method is far more simple.
1690 Another possibility is use chunked encoding internally for HTTP/2
1691 traffic. I have not tested it, but it could add another overhead.
1695 - RELEASE-NOTES: synced with 6c2c019654e658a
1697 Jay Satiro (15 Dec 2015)
1698 - x509asn1: Fix host altname verification
1700 - In Curl_verifyhost check all altnames in the certificate.
1702 Prior to this change only the first altname was checked. Only the GSKit
1703 SSL backend was affected by this bug.
1705 Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
1706 Reported-by: John Kohl
1708 Daniel Stenberg (15 Dec 2015)
1709 - curl --expect100-timeout: added
1711 This is the new command line option to set the value for the existing
1712 libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
1714 - cyassl: fix compiler warning on type conversion
1716 - curlver: the pending release will become 7.47.0
1718 - [Anders Bakken brought this change]
1720 setstropt: const-correctness
1724 - ROADMAP: implemented HTTP2 for HTTPS-only
1726 - HTTP2.md: spell fix and remove TODO now implemented
1728 - libressl: the latest openssl x509 funcs are not in libressl
1730 - curl: use 2TLS by default
1732 Make this the default for the curl tool (if built with HTTP/2 powers
1733 enabled) unless a specific HTTP version is requested on the command
1736 This should allow more users to get HTTP/2 powers without having to
1739 - http: add libcurl option to allow HTTP/2 for HTTPS only
1741 ... and stick to 1.1 for HTTP. This is in line with what browsers do and
1742 should have very little risk.
1744 - openssl: adapt to openssl >= 1.1.0 X509 opaque structs
1748 - openssl: avoid BIO_reset() warnings since it returns a value
1750 - openssl: adapt to 1.1.0+ name changes
1752 - scripts/makefile: add standard header
1754 - scripts/Makefile: fix GNUism and survive no perl
1758 Reported-by: Thomas Klausner
1760 - fix b6d5cb40d7038fe
1762 - [Tatsuhiro Tsujikawa brought this change]
1764 http2: Fix hanging paused stream
1766 When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
1767 might not process DATA frame fully. Calling nghttp2_session_mem_recv()
1768 again will continue to process DATA frame, but if there is no incoming
1769 frames, then we have to call it again with 0-length data. Without this,
1770 on_stream_close callback will not be called, and stream could be hanged.
1772 Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
1773 Reported-by: Francisco Moraes
1775 - [Christian Stewart brought this change]
1777 build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
1779 With curl disable verbose strings in http.c the compilation fails due to
1780 the data variable being undefined later on in the function.
1784 Jay Satiro (7 Dec 2015)
1785 - [Gisle Vanem brought this change]
1787 config-win32: Fix warning HAVE_WINSOCK2_H undefined
1789 - [Gisle Vanem brought this change]
1791 openssl: BoringSSL doesn't have CONF_modules_free
1793 - [Gisle Vanem brought this change]
1795 lwip: Fix compatibility issues with later versions
1797 The name of the header guard in lwIP's <lwip/opt.h> has changed from
1798 '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).
1802 - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
1805 - In memdebug.h, the 'socket' should be undefined first due to lwIP's
1806 lwip_socket() macro.
1808 - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
1809 special handling because they were undef'ed in memdebug.h.
1811 - In select.c we can't use preprocessor conditionals inside select if
1812 MSVC and select is a macro, as it is with lwIP.
1814 http://curl.haxx.se/mail/lib-2015-12/0023.html
1815 http://curl.haxx.se/mail/lib-2015-12/0024.html
1817 Patrick Monnerat (7 Dec 2015)
1818 - os400: define CURL_VERSION_PSL in ILE/RPG binding
1820 Jay Satiro (7 Dec 2015)
1821 - [Gisle Vanem brought this change]
1823 version: Add flag CURL_VERSION_PSL for libpsl
1825 - formdata: Check if length is too large for memory
1827 - If the size of the length type (curl_off_t) is greater than the size
1828 of the size_t type then check before allocating memory to make sure the
1829 value of length will fit in a size_t without overflow. If it doesn't
1830 then return CURLE_BAD_FUNCTION_ARGUMENT.
1832 Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
1833 Reported-by: Steve Holme
1835 Steve Holme (3 Dec 2015)
1836 - tests: Corrected copy and pasted comments from commit e643c5c908
1838 Daniel Stenberg (3 Dec 2015)
1839 - curl: remove keepalive #ifdef checks done on libcurl's behalf
1841 They didn't match the ifdef logic used within libcurl anyway so they
1842 could indeed warn for the wrong case - plus the tool cannot know how the
1843 lib actually performs at that level.
1845 Steve Holme (2 Dec 2015)
1846 - test947: Corrected typo in test name
1848 - tests: Disable the OAUTHBEARER tests when using a non-default port number
1850 Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail
1851 if a custom port number is specified via the -b option of runtests.pl.
1853 Suggested by: Kamil Dudka
1854 Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html
1856 Daniel Stenberg (2 Dec 2015)
1857 - bump: towards next release
1859 for all we know now, it might be called 7.46.1
1861 Version 7.46.0 (1 Dec 2015)
1863 Daniel Stenberg (1 Dec 2015)
1864 - RELEASE-NOTES: updated contributor count for 7.46.0
1866 - THANKS: new contributors from the 7.46.0 release
1868 - THANKS-filter: single Tim Rühsen spelling
1870 - docs/examples: gitignore some more built examples
1872 - RELEASE-NOTES; this bug was never released
1874 - RELEASE-NOTES: synced with e55f15454efacb0
1876 - [Flavio Medeiros brought this change]
1878 Curl_read_plain: clean up ifdefs that break statements
1882 - http2: convert some verbose output into debug-only output
1884 - http2 push: add missing inits of new stream
1886 - set the correct stream_id for pushed streams
1887 - init maxdownload and size properly
1889 - http2 push: set weight for new stream
1891 give the new stream the old one's stream_weight internally to avoid
1892 sending a PRIORITY frame unless asked for it
1894 - curl_setup.h: undef freeaddrinfo in c-ares block to fix build
1896 Fixes warnings 78c25c854a added.
1898 - nonblock: fix setting non-blocking mode for Amiga
1900 IoctlSocket() apparently wants a pointer to a long, passed as a char *
1901 in its third parameter. This bug was introduced already back in commit
1902 c5fdeef41d from October 1 2001!
1904 Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
1905 Reported-by: Norbert Kett
1907 - zsh install: fix DESTDIR support
1909 Reported-by: Mohammad AlSaleh
1911 Dan Fandrich (27 Nov 2015)
1912 - lib: Only define curl_dofreeaddrinfo if struct addrinfo is available
1914 Steve Holme (27 Nov 2015)
1915 - tool_paramhlp: Fixed display of URL index in password prompt for --next
1917 Commit f3bae6ed73 added the URL index to the password prompt when using
1918 --next. Unfortunately, because the size_t specifier (%zu) is not
1919 supported by all sprintf() implementations we use the curl_off_t format
1920 specifier instead. The display of an incorrect value arises on platforms
1921 where size_t and curl_off_t are of a different size.
1923 Daniel Stenberg (25 Nov 2015)
1924 - timecond: do not add if-modified-since without timecondition
1926 The RTSP code path didn't skip adding the if-modified-since for certain
1927 RTSP code paths, even if CURLOPT_TIMECONDITION was set to
1930 Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
1931 CURL_TIMECOND_IFMODSINCE.
1933 Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
1935 - RELEASE-NOTES: synced with 99d17a5e2ba77e58
1937 - examples/README: cut out the incomplete list
1939 ... and add a generic explanation for them instead. Each example file
1940 should contain its own description these days.
1942 - test1513: make sure the callback is only called once
1944 - [Daniel Shahaf brought this change]
1946 build: Install zsh completion
1951 - done: make sure the final progress update is made
1953 It would previously be skipped if an existing error was returned, but
1954 would lead to a previous value being left there and later used.
1955 CURLINFO_TOTAL_TIME for example.
1957 Still it avoids that final progress update if we reached DONE as the
1958 result of a callback abort to avoid another callback to be called after
1959 an abort-by-callback.
1961 Reported-by: Lukas Ruzicka
1965 - curl: expanded the -XHEAD warning text
1967 ... to also mention the specific options used.
1969 - Revert "cleanup: general removal of TODO (and similar) comments"
1971 This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
1973 Feedback-by: Dan Fandrich
1974 URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
1976 - CURLOPT_HEADERFUNCTION.3: fix typo
1978 Refer to _HEADERDATA not _WRITEDATA.
1980 Reported-by: Michał Piechowski
1982 - TODO: TCP Fast Open
1984 Steve Holme (22 Nov 2015)
1985 - examples: Added website parse-able descriptions to the e-mail examples
1987 - TODO: Added another 'multi-interface' idea
1989 - smb.c: Fixed compilation warnings
1991 smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
1993 smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
1994 unsigned int' may alter its value
1995 smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
1996 unsigned int' may alter its value
1998 - schannel: Corrected copy/paste error in commit 8d17117683
2000 - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
2002 Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
2004 - examples: Fixed compilation warnings
2006 pop3-multi.c:96:5: warning: implicit declaration of function 'memset'
2007 imap-multi.c:96:5: warning: implicit declaration of function 'memset'
2008 http2-download.c:226:5: warning: implicit declaration of function 'memset'
2009 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
2010 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
2012 - Makefile.inc: Fixed test run error
2014 test845 not present in tests/data/Makefile.inc
2016 Daniel Stenberg (20 Nov 2015)
2017 - TODO: remove duplicated title
2019 - TODO: added two more libcurl ideas
2021 Moved some ideas from "next major" to just ordinary ideas since we can
2022 always add new things while keeping the old without doing a "next
2025 Steve Holme (20 Nov 2015)
2026 - tests: Re-enabled tests 889 and 890 following POP3 fix
2028 - pop3: Differentiate between success and continuation responses
2030 - pop3: Added clarity on some server response codes
2032 Daniel Stenberg (20 Nov 2015)
2033 - [Daniel Shahaf brought this change]
2035 build: Fix theoretical infinite loops
2037 Add error-checking to 'cd' in a few cases where omitting the checks
2038 might result in an infinite loop.
2042 Patrick Monnerat (19 Nov 2015)
2043 - curl.h: s/#defien/#define/
2045 - os400: synchronize ILE/RPG header file
2047 - os400: Provide options for libssh2 use in compile scripts. Adjust README.
2049 Daniel Stenberg (19 Nov 2015)
2050 - [danielsh@apache.org brought this change]
2052 zsh completion: Preserve single quotes in output
2054 When an option's help string contains literal single quotes, those
2055 single quotes would be stripped from the option's description in the
2056 completion output (unless the zsh RC_QUOTES option were set while the
2057 completion function was being sourced, which is not the default). This
2058 patch makes the completion output contain single quotes where the --help
2063 Jay Satiro (18 Nov 2015)
2064 - [MaxGiting brought this change]
2066 FAQ: Grammar changes
2068 Closes https://github.com/bagder/curl/pull/533
2070 Daniel Stenberg (17 Nov 2015)
2071 - http2: http_done: don't free already-freed push headers
2073 The push headers are freed after the push callback has been invoked,
2074 meaning this code should only free the headers if the callback was never
2075 invoked and thus the headers weren't freed at that time.
2077 Reported-by: Davey Shafik
2079 - [Anders Bakken brought this change]
2081 getconnectinfo: Don't call recv(2) if socket == -1
2085 - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
2087 ... if there are more than one using the same name
2089 - http2: minor comment typo
2091 - sasl; fix checksrc warnings
2093 Steve Holme (15 Nov 2015)
2094 - RELEASE-NOTES: Adjusted for the recent OAuth 2.0 activity
2096 - tests: Disabled 889 and 890 until we support POP3 continuation responses
2098 As POP3 final and continuation responses both begin with a + character,
2099 and both the finalcode and contcode variables in SASLprotoc are set as
2100 such, we cannot tell the difference between them when we are expecting
2101 an optional continuation from the server such as the following:
2103 + something else from the server
2106 Disabled these tests until such a time we can tell the responses apart.
2108 - tests: Corrected typos from commit ba4d8f7eba
2110 - tests: Added OAUTHBEARER failure response tests
2112 - oauth2: Support OAUTHBEARER failures sent as continuation responses
2114 According to RFC7628 a failure message may be sent by the server in a
2115 base64 encoded JSON string as a continuation response.
2117 Currently only implemented for OAUTHBEARER and not XAUTH2.
2119 Daniel Stenberg (15 Nov 2015)
2120 - RELEASE-NOTES: synced with 808a17ee675
2122 Steve Holme (14 Nov 2015)
2123 - tests: Renamed existing OAuth 2.0 (XOAUTH) tests
2125 - tests: Added OAuth 2.0 (OAUTHBEARER) tests
2127 - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
2129 OAUTHBEARER is now the official "registered" SASL mechanism name for
2130 OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
2131 servers won't support the new mechanism yet.
2133 Daniel Stenberg (13 Nov 2015)
2134 - RELEASE-NOTES: recounted curl_easy_setopt() options
2136 - typecheck-gcc.h: add missing slist-using options
2138 CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing
2140 Also sorted the list.
2142 - typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA
2144 ... and sorted curl_is_cb_data_option alphabetically
2146 Jay Satiro (13 Nov 2015)
2147 - [Sebastian Pohlschmidt brought this change]
2149 openssl: Free modules on cleanup
2151 Curl_ossl_init calls OPENSSL_load_builtin_modules() but
2152 Curl_ossl_cleanup doesn't make a call to free these modules.
2154 Bug: https://github.com/bagder/curl/issues/526
2156 Steve Holme (13 Nov 2015)
2157 - symbols-in-versions: Added new CURLOPTTYPE_STRINGPOINT alias
2159 ...following commit aba281e762 to fix test 1119.
2161 Daniel Stenberg (13 Nov 2015)
2162 - curl: mark two more options strings for --libcurl output
2164 - typecheck-gcc.h: add some missing string types
2166 Also sorted that list alphabetically
2168 - curl.h: introducing the STRINGPOINT alias
2170 As an alias for OBJECTPOINT. Provided to allow us to grep for all string
2173 - cleanup: general removal of TODO (and similar) comments
2175 They tend to never get updated anyway so they're frequently inaccurate
2176 and we never go back to revisit them anyway. We document issues to work
2177 on properly in KNOWN_BUGS and TODO instead.
2179 - ftplistparser: remove empty function
2181 - openssl: remove #if check for 0.9.7 for ENGINE_load_private_key
2183 - openssl: all supported versions have X509_STORE_set_flags
2185 Simplify by removing #ifdefs and macros
2187 - openssl: remove 0.9.3 check
2189 - openssl: remove #ifdefs for < 0.9.5 support
2191 We only support >= 0.9.7
2193 - lib/vtls/openssl: remove unused traces of yassl ifdefs
2195 Dan Fandrich (12 Nov 2015)
2196 - [dfandrich brought this change]
2198 unit1603: Demote hash mismatch failure to a warning
2200 The hashes can vary between architectures (e.g. Sparc differs from x86_64).
2201 This is not a fatal problem but just reduces the coverage of these white-box
2202 tests, as the assumptions about into which hash bucket each key falls are no
2205 - [dfandrich brought this change]
2207 unit1603: Added unit tests for hash functions
2209 - [dfandrich brought this change]
2211 unit1602: Fixed failure in torture test
2213 Steve Holme (12 Nov 2015)
2214 - sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism
2216 Following the fix in commit d6d58dd558 it is necessary to re-introduce
2217 XOAUTH2 in the default enabled authentication mechanism, which was
2218 removed in commit 7b2012f262, otherwise users will have to specify
2219 AUTH=XOAUTH2 in the URL.
2221 Note: OAuth 2.0 will only be used when the bearer is specified.
2223 - [Stefan Bühler brought this change]
2225 sasl_sspi: fix identity memory leak in digest authentication
2227 - [Stefan Bühler brought this change]
2229 sasl_sspi: fixed unicode build for digest authentication
2233 - oauth2: Re-factored OAuth 2.0 state variable
2235 - sasl: Don't choose OAuth 2.0 if mechanism not advertised
2237 Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
2238 specified but the SASL mechanism wasn't supported by the server then
2239 the mechanism would be chosen.
2241 Daniel Stenberg (12 Nov 2015)
2242 - runtests: more compact "System characteristics" output
2244 - no point in repeating curl features that is already listed as features
2245 from the curl -V output
2247 - remove the port numbers/unix domain path from the output unless
2248 verbose is used, as that is rarely interesting to users.
2250 - runtests: rename conditional curl-features to $has_[name]
2252 Steve Holme (11 Nov 2015)
2253 - oauth2: Introduced support for host and port details
2255 Added support to the OAuth 2.0 message function for host and port, in
2256 order to accommodate the official OAUTHBEARER SASL mechanism which is
2257 to be added shortly.
2259 - curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined
2261 - cmake: Add missing feature macros in config header (Part 2)
2263 In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
2265 Daniel Stenberg (10 Nov 2015)
2266 - [Douglas Creager brought this change]
2268 cmake: Add missing feature macros in config header
2270 The curl_config.h file can be generated either from curl_config.h.cmake
2271 or curl_config.h.in, depending on whether you're building using CMake or
2272 the autotools. The CMake template header doesn't include entries for
2273 all of the protocols that you can disable, which (I think) means that
2274 you can't actually disable those protocols when building via CMake.
2278 - [Douglas Creager brought this change]
2280 BoringSSL: Work with stricter BIO_get_mem_data()
2282 BoringSSL implements `BIO_get_mem_data` as a function, instead of a
2283 macro, and expects the output pointer to be a `char **`. We have to add
2284 an explicit cast to grab the pointer as a `const char **`.
2288 - http2: rectify the http2 version #if check
2290 We need 1.0.0 or later. Also verified by configure.
2292 Steve Holme (9 Nov 2015)
2293 - oauth2: Don't use XAUTH2 in OAuth 2.0 function name
2295 - oauth2: Don't use XOAUTH2 in OAuth 2.0 variables
2297 - oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
2299 When referring to OAuth 2.0 we should use the official name rather the
2300 SASL mechanism name.
2302 Daniel Stenberg (9 Nov 2015)
2303 - imap: avoid freeing constant string
2305 The fix in 1a614c6c3 was wrong and would leed to free() of a fixed
2308 Pointed-out-by: Kamil Dudka
2310 - ROADMAP: remove two items already done
2312 - RELEASE-NOTES: synced with 2200bf62054
2314 Jay Satiro (9 Nov 2015)
2315 - acinclude: Remove check for 16-bit curl_off_t
2317 Because it's illogical to check for a 16-bit curl_off_t.
2319 Ref: https://github.com/bagder/curl/issues/425#issuecomment-154964205
2321 Dan Fandrich (8 Nov 2015)
2322 - tool: Fixed a memory leak on OOM introduced in 19cb0c4a
2324 Steve Holme (8 Nov 2015)
2325 - [Justin Ehlert brought this change]
2327 imap: Don't check for continuation when executing a CUSTOMREQUEST
2329 Bug: https://github.com/bagder/curl/issues/486
2330 Closes https://github.com/bagder/curl/pull/487
2332 Daniel Stenberg (7 Nov 2015)
2333 - imap: checksrc: remove space after while before paren
2335 - checksrc.whitelist: "missing space after close paren"
2337 ... when it was within a string!
2339 Steve Holme (7 Nov 2015)
2340 - opts: Corrected TLS protocols list to include POP3S rather than POP3
2342 - imap: Quote other 'atom-specials' and not just the space character
2346 - imap: Fixed double quote in LIST command when mailbox contains spaces
2348 Daniel Stenberg (6 Nov 2015)
2349 - imap: fix compiler warning
2351 imap.c:657:13: error: assignment discards 'const' qualifier from pointer
2352 target type [-Werror=discarded-qualifiers]
2354 Steve Holme (6 Nov 2015)
2355 - imap: Don't call imap_atom() when no mailbox specified in LIST command
2357 Daniel Stenberg (6 Nov 2015)
2358 - curl.1: remove the overlap --range example
2360 ... it is just weird to include by default even if it still works.
2362 - tftp tests: verify sent options too
2364 The tftpd test server now logs all received options and thus all TFTP
2365 test cases need to match them exactly.
2367 Extended test 283 to use and verify --tftp-blksize.
2369 Jay Satiro (6 Nov 2015)
2370 - getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
2372 - Set user info param to the socket returned by Curl_getconnectinfo,
2373 regardless of if the socket is bad. Effectively this means the user info
2374 param now will receive CURL_SOCKET_BAD instead of -1 on bad socket.
2376 - Remove incorrect comments.
2378 CURLINFO_ACTIVESOCKET is documented to write CURL_SOCKET_BAD to user
2379 info param but prior to this change it wrote -1.
2381 Bug: https://github.com/bagder/curl/pull/518
2382 Reported-by: Marcel Raad
2384 Patrick Monnerat (5 Nov 2015)
2385 - curl_ntlm_core: fix 2 curl_off_t constant overflows.
2387 - os400: adjust specific code to support new options.
2389 Daniel Stenberg (2 Nov 2015)
2390 - [Lauri Kasanen brought this change]
2392 rawstr: Speed up Curl_raw_toupper by 40%
2394 Rationale: when starting up a curl-using app, all cookies from the jar
2395 are checked against each other. This was causing a startup delay in the
2400 Signed-off-by: Lauri Kasanen <cand@gmx.com>
2402 - http redirects: %-encode bytes outside of ascii range
2404 Apparently there are sites out there that do redirects to URLs they
2405 provide in plain UTF-8 or similar. Browsers and wget %-encode such
2406 headers when doing a subsequent request. Now libcurl does too.
2408 Added test 1138 to verify.
2412 - RELEASE-NOTES: synced with cba5bc585410
2414 - symbols-in-version: add all CURL_HTTPPOST_* symbols
2416 - formadd: support >2GB files on windows
2420 - curl.h: s/HTTPPOST_/CURL_HTTPOST_
2422 Fixes a name space pollution at the cost of programs using one of these
2423 defines will no longer compile. However, the vast majority of libcurl
2424 programs that do multipart formposts use curl_formadd() to build this
2429 - mbedtls: fix "Structurally dead code"
2433 - mbedtls: fix "Logically dead code"
2437 - Revert "openssl: engine: remove double-free"
2439 This reverts commit 370ee919b37cc9a46c36428b2bb1527eae5db2bd.
2441 Issue #509 has all the details but it was confirmed that the crash was
2442 not due to this, so the previous commit was wrong.
2444 - curl.1: -E: s/private certificate/client certificate
2446 ... as the certificate is strictly speaking not private.
2448 Reported-by: John Levon
2450 - openssl: engine: remove double-free
2452 After a successful call to SSL_CTX_use_PrivateKey(), we must not call
2453 EVP_PKEY_free() on the key.
2458 Jay Satiro (27 Oct 2015)
2459 - socks: Fix incorrect port numbers in failed connect messages
2461 Daniel Stenberg (26 Oct 2015)
2462 - DISTRO-DILEMMA: removed
2464 Out of date and not kept accurate. It was sort of a problem of the past
2467 - [xiangbin li brought this change]
2469 MacOSX-Framework: sdk regex fix for sdk 10.10 and later
2473 Jay Satiro (24 Oct 2015)
2474 - build: Fix support for PKG_CONFIG
2476 - Allow the user to use PKG_CONFIG but not PKGCONFIG.
2480 Last week in 14d5a86 a change was made to allow the user to set the
2481 PKGCONFIG variable. Today in 72d99f2 I supplemented that to allow the
2482 more common PKG_CONFIG as an alternative if PKGCONFIG is not set.
2484 Neither of those changes worked as expected because PKGCONFIG is
2485 occasionally reset in configure and by the CURL_CHECK_PKGCONFIG macro.
2486 Instead in this commit I take the approach that the user may set
2489 - build: Fix mingw ssl gdi32 order
2491 - If mingw ssl make sure -lgdi32 comes after ssl libs
2493 - Allow PKG_CONFIG to set pkg-config location and options
2495 Bug: https://github.com/bagder/curl/pull/501
2496 Reported-by: Kang Lin
2498 Daniel Stenberg (23 Oct 2015)
2499 - RELEASE-NOTES: synced with 03b6e078163f
2501 - polarssl/mbedtls: fix name space pollution
2503 Global private symbols MUST start with Curl_!
2505 - [Dmitry S. Baikov brought this change]
2507 mbedTLS: THREADING_SUPPORT compilation fix
2511 - test1137: verify --ignore-content-length for FTP
2513 - curl.1: --ignore-content-length now works for FTP too
2515 - [Kurt Fankhauser brought this change]
2517 ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
2519 This allows FTP transfers with growing (or shrinking) files without
2520 causing a transfer error.
2524 - CURLOPT_STREAM_WEIGHT.3: call argument 'weight' too
2526 ... and add a little example of what the weight actually means. "Relative
2527 proportion of bandwidth".
2529 - http2: add stream options to dist and curl_easy_setopt.3
2531 - http2: s/priority/weight
2533 - http2: on_frame_recv: trust the conn/data input
2535 Removed wrong assert()s
2537 The 'conn' passed in as userdata can be used and there can be other
2538 sessionhandles ('data') than the single one this checked for.
2540 - http2: added three stream prio/deps options
2542 CURLOPT_STREAM_DEPENDS
2544 CURLOPT_STREAM_DEPENDS_E
2546 CURLOPT_STREAM_PRIORITY
2548 - RELEASE-NOTES: synced with ace68fdc0cfed83d
2550 - [m-gardet brought this change]
2552 mbedtls:new profile with RSA min key len = 1024.
2556 - checksrc: add crude // detection
2558 Jay Satiro (21 Oct 2015)
2559 - [Gisle Vanem brought this change]
2561 build: fix for MSDOS/djgpp
2563 - Add a VPATH-statement for the vtls/*.c files.
2565 - Due to 'vtls/*.c', remove that subdir part from $(OBJECTS).
2567 Daniel Stenberg (20 Oct 2015)
2568 - copyrights: update Gisle Vanem's email
2570 - vtls: fix compiler warning for TLS backends without sha256
2572 ... noticed with mbedTLS.
2574 - [Jonas Minnberg brought this change]
2576 vtls: added support for mbedTLS
2580 Jay Satiro (19 Oct 2015)
2581 - [Javier G. Sogo brought this change]
2583 cmake: Fix for add_subdirectory(curl) use-case
2585 - Use CURL_BINARY_DIR instead of CMAKE_BINARY_DIR.
2587 When including CURL using add_subdirectory the variables
2588 CMAKE_BINARY_DIR and CURL_BINARY_DIR hold different paths.
2590 Closes https://github.com/bagder/curl/pull/488
2591 Closes https://github.com/bagder/curl/pull/498
2593 Daniel Stenberg (18 Oct 2015)
2594 - RELEASE-NOTES: synced with 4c773bcb474e
2596 - tests/FILEFORMAT: mention PSL as a valid feture to check for
2598 For example in test 1136
2600 - teste1136: only run when PSL is enabled
2602 - curl: slist_wc: remove curl_memory.h inclusion
2604 ... that's for the library only.
2606 - configure: add PSL to the list of features
2608 ... to make test 1014 work again after e77b5b7453.
2610 - [Daniel Hwang brought this change]
2612 tool: Generate easysrc with last cache linked-list
2614 Using a last cache linked-list improves the performance of easysrc
2617 Bug: https://github.com/bagder/curl/issues/444
2618 Ref: https://github.com/bagder/curl/issues/429
2622 - [Tim Rühsen brought this change]
2624 cookies: Add support for Mozilla's Publix Suffix List
2626 Use libpsl to check the domain value of Set-Cookie headers (and cookie
2627 jar entries) for not being a Publix Suffix.
2629 The configure script checks for "libpsl" by default. Disable the check
2630 with --without-libpsl.
2632 Ref: https://publicsuffix.org/
2633 Ref: https://github.com/publicsuffix/list
2634 Ref: https://github.com/rockdaboot/libpsl
2636 - [Richard Hosking brought this change]
2638 curlbuild.h: Fix non-configure compiling to mips and sh4 targets
2640 - [Anders Bakken brought this change]
2642 http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
2644 bug introduced by 18691642931e5c7ac8af83ac3a84fbcb36000f96.
2648 Dan Fandrich (16 Oct 2015)
2649 - test1601: fix compilation with --enable-debug and --disable-crypto-auth
2651 Daniel Stenberg (16 Oct 2015)
2652 - multi: fix off-by-one finit[] array size
2654 introduced in c6aedf680f6. It needs to be CURLM_STATE_LAST big since it
2655 must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST
2658 Reported-by: Dan Fandrich
2659 Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html
2661 - fread_func: move callback pointer from set to state struct
2663 ... and assign it from the set.fread_func_set pointer in the
2664 Curl_init_CONNECT function. This A) avoids that we have code that
2665 assigns fields in the 'set' struct (which we always knew was bad) and
2666 more importantly B) it makes it impossibly to accidentally leave the
2667 wrong value for when the handle is re-used etc.
2669 Introducing a state-init functionality in multi.c, so that we can set a
2670 specific function to get called when we enter a state. The
2671 Curl_init_CONNECT is thus called when switching to the CONNECT state.
2673 Bug: https://github.com/bagder/curl/issues/346
2677 Dan Fandrich (14 Oct 2015)
2678 - test1531: case the size to fix the test on non-largefile builds
2680 Daniel Stenberg (13 Oct 2015)
2681 - acinclude: remove PKGCONFIG override
2683 ... and allow it to get set by a caller easier.
2685 Reported-by: Rainer Jung
2686 Bug: http://curl.haxx.se/mail/lib-2015-10/0035.html
2688 Dan Fandrich (12 Oct 2015)
2689 - docs/INSTALL: Updated example minimal binary sizes
2691 Daniel Stenberg (11 Oct 2015)
2692 - [Erik Johansson brought this change]
2694 openssl: Fix set up of pkcs12 certificate verification chain
2696 sk_X509_pop will decrease the size of the stack which means that the loop would
2697 end after having added only half of the certificates.
2699 Also make sure that the X509 certificate is freed in case
2700 SSL_CTX_add_extra_chain_cert fails.
2702 - ntlm: error out without 64bit support as the code needs it
2704 It makes it a clearer message for developers reaching that point without
2705 the necessary support.
2707 Thanks-by: Jay Satiro
2711 - curl_global_init: set the memory function pointers correct
2713 follow-up from 6f8ecea0
2715 - curl_global_init_mem: set function pointers before doing init
2717 ... as in the polarssl TLS backend for example it uses memory functions.
2719 Jay Satiro (9 Oct 2015)
2720 - http2: Fix http2_recv to return -1 if recv returned -1
2722 If the underlying recv called by http2_recv returns -1 then that is the
2723 value http2_recv returns to the caller.
2725 Daniel Stenberg (8 Oct 2015)
2726 - [Svyatoslav Mishyn brought this change]
2728 curl_easy_recv.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
2732 - [Svyatoslav Mishyn brought this change]
2734 curl_easy_send.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
2736 - [Svyatoslav Mishyn brought this change]
2738 CURLOPT_CONNECT_ONLY.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
2740 - CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
2742 - ntlm: get rid of unconditional use of long long
2744 ... since some compilers don't have it and instead use other types, such
2747 Reported by: gkinseyhpw
2750 Jay Satiro (8 Oct 2015)
2751 - [Anders Bakken brought this change]
2753 des: Fix header conditional for Curl_des_set_odd_parity
2755 Follow up to 613e502.
2757 Daniel Stenberg (7 Oct 2015)
2758 - configure: build silently by default
2760 'make V=1' will make the build verbose like before
2762 - bump: start climbing toward 7.46.0
2764 - RELEASE-PROCEDURE: add the github HTTPS download step
2766 Version 7.45.0 (7 Oct 2015)
2768 Daniel Stenberg (7 Oct 2015)
2769 - THANKS: 19 new contributors from the 7.45.0 announcement
2771 - RELEASE-NOTES: synced with 69ea57970080
2773 Jay Satiro (4 Oct 2015)
2774 - getinfo: Fix return code for unknown CURLINFO options
2776 - If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION.
2778 Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on
2779 unknown. That return value is contradicted by the CURLINFO option
2780 documentation which specifies a return of CURLE_UNKNOWN_OPTION on
2783 - [rouzier brought this change]
2785 hiperfifo: fix the pointer passed to WRITEDATA
2787 Closes https://github.com/bagder/curl/pull/471
2789 - [Maksim Stsepanenka brought this change]
2791 tool_setopt: fix c_escape truncated octal
2793 Closes https://github.com/bagder/curl/pull/469
2795 Daniel Stenberg (1 Oct 2015)
2796 - [Orange Tsai brought this change]
2798 gopher: don't send NUL byte
2802 Jay Satiro (29 Sep 2015)
2803 - runtests: Fix pid check in checkdied
2805 Because the 'not' operator has a very low precedence and as a result the
2806 entire statement was erroneously negated and could never be true.
2808 Daniel Stenberg (30 Sep 2015)
2809 - [Thorsten Schöning brought this change]
2811 win32: make recent Borland compilers use long long
2813 - RELEASE-NOTES: synced with 69b89050d4
2815 Jay Satiro (28 Sep 2015)
2816 - [Michael Kalinin brought this change]
2818 openssl: Fix algorithm init
2820 - Change algorithm init to happen after OpenSSL config load.
2822 Additional algorithms may be available due to the user's config so we
2823 initialize the algorithms after the user's config is loaded.
2825 Bug: https://github.com/bagder/curl/issues/447
2826 Reported-by: Denis Feklushkin
2828 - [Svyatoslav Mishyn brought this change]
2830 docs: fix unescaped '\n' in man pages
2832 Closes https://github.com/bagder/curl/pull/459
2834 Daniel Stenberg (27 Sep 2015)
2835 - http2: set TCP_NODELAY unconditionally
2837 For a single-stream download from localhost, we managed to increase
2838 transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of
2841 - http2: avoid superfluous Curl_expire() calls
2843 ... only call it when there is data arriving for another handle than the
2844 one that is currently driving it.
2846 Improves single-stream download performance quite a lot.
2848 Thanks-to: Tatsuhiro Tsujikawa
2849 Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html
2851 - readwrite_data: set a max number of loops
2853 ... as otherwise a really fast pipe can "lock" one transfer for some
2854 protocols, like with HTTP/2.
2856 - [Sergei Nikulov brought this change]
2858 CI: Added AppVeyor-CI for curl
2862 - FTP: fix uploading ASCII with unknown size
2864 ... don't try to increase the supposed file size on newlines if we don't
2865 know what file size it is!
2869 - [Tatsuhiro Tsujikawa brought this change]
2871 build: fix failures with -Wcast-align and -Werror
2875 - [Tatsuhiro Tsujikawa brought this change]
2877 curl-confopts.m4: Add missing ')'
2879 ... for CURL_CHECK_OPTION_RT
2883 Jay Satiro (25 Sep 2015)
2884 - curl_easy_getinfo.3: Add brief description for each CURLINFO
2886 Daniel Stenberg (23 Sep 2015)
2887 - [Jakub Zakrzewski brought this change]
2889 CMake: Ensure discovered include dirs are considered
2891 ...during header checks. Otherwise some following header tests
2896 - [Jakub Zakrzewski brought this change]
2898 CMake: Put "winsock2.h" before "windows.h" during configure checks
2900 "windows.h" includes "winsock.h" what causes many redefinition errors
2901 if "winsock2.h" is included afterwards and can cause build to fail.
2903 - tests: disable 1510 due to CI-problems on github
2905 - [Mike Crowe brought this change]
2907 gnutls: Report actual GnuTLS error message for certificate errors
2909 If GnuTLS fails to read the certificate then include whatever reason it
2910 provides in the failure message reported to the client.
2912 Signed-off-by: Mike Crowe <mac@mcrowe.com>
2914 - RELEASE-NOTES: synced with 6b56901b56e
2916 - [Mike Crowe brought this change]
2918 gnutls: Support CURLOPT_KEYPASSWD
2920 The gnutls vtls back-end was previously ignoring any password set via
2921 CURLOPT_KEYPASSWD. Presumably this was because
2922 gnutls_certificate_set_x509_key_file did not support encrypted keys.
2924 gnutls now has a gnutls_certificate_set_x509_key_file2 function that
2925 does support encrypted keys. Let's determine at compile time whether the
2926 available gnutls supports this new function. If it does then use it to
2927 pass the password. If it does not then emit a helpful diagnostic if a
2928 password is set. This is preferable to the previous behaviour of just
2929 failing to read the certificate without giving a reason in that case.
2931 Signed-off-by: Mike Crowe <mac@mcrowe.com>
2933 - CURLINFO_TLS_SESSION: always return backend info
2935 ... even for those that don't support providing anything in the
2936 'internals' struct member since it offers a convenient way for
2937 applications to figure this out.
2939 - [Daniel Hwang brought this change]
2941 tool: remove redundant libcurl check
2943 The easysrc generation is run only when --libcurl is initialized.
2945 Ref: https://github.com/bagder/curl/issues/429
2949 - [Richard van den Berg brought this change]
2951 CURLOPT_PROXY.3: A proxy given as env variable gets no special treatment
2955 - TODO: 5.7 More compressions
2957 Like for example brotli, as being implemented in Firefox now.
2959 Jay Satiro (21 Sep 2015)
2960 - tool_operate: Don't call easysrc cleanup unless --libcurl
2962 - Review of 4d95491.
2964 The author changed it so easysrc only initializes when --libcurl but did
2965 not do the same for the call to easysrc cleanup.
2967 Ref: https://github.com/bagder/curl/issues/429
2969 Daniel Stenberg (20 Sep 2015)
2970 - [Viktor Szakats brought this change]
2972 CURLOPT_PINNEDPUBLICKEY.3: replace test.com with example.com
2976 - KNOWN_BUGS: 91 "curl_easy_perform hangs with imap and PolarSSL"
2980 - KNOWN_BUGS: add link to #85
2982 - tests: disable 1801 until fixed
2984 It is unreliable and causes CI problems on github
2988 - RELEASE-NOTES: synced with 4d95491636ee
2990 - [Daniel Lee Hwang brought this change]
2992 tool: generate easysrc only on --libcurl
2994 Code should only be generated when --libcurl is used.
2996 Bug: https://github.com/bagder/curl/issues/429
2997 Reported-by: @greafhe, Jay Satiro
3002 Jay Satiro (19 Sep 2015)
3003 - vtls: Change designator name for server's pubkey hash
3005 - Change the designator name we use to show the base64 encoded sha256
3006 hash of the server's public key from 'pinnedpubkey' to
3009 Though the server's public key hash is only shown when comparing pinned
3010 public key hashes, the server's hash may not match one of the pinned.
3012 Daniel Stenberg (19 Sep 2015)
3013 - [Isaac Boukris brought this change]
3015 NTLM: Reset auth-done when using a fresh connection
3017 With NTLM a new connection will always require authentication.
3020 - [Daniel Hwang brought this change]
3022 ssl: add server cert's "sha256//" hash to verbose
3024 Add a "pinnedpubkey" section to the "Server Certificate" verbose
3026 Bug: https://github.com/bagder/curl/issues/410
3027 Reported-by: W. Mark Kubacki
3032 - [Jakub Zakrzewski brought this change]
3034 openldap: only part of LDAP query results received
3036 Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f
3040 - [Alessandro Ghedini brought this change]
3042 openssl: don't output certinfo data
3044 - [Alessandro Ghedini brought this change]
3046 openssl: refactor certificate parsing to use OpenSSL memory BIO
3050 Kamil Dudka (18 Sep 2015)
3051 - nss: prevent NSS from incorrectly re-using a session
3053 Without this workaround, NSS re-uses a session cache entry despite the
3054 server name does not match. This causes SNI host name to differ from
3055 the actual host name. Consequently, certain servers (e.g. github.com)
3056 respond by 400 to such requests.
3058 Bug: https://bugzilla.mozilla.org/1202264
3060 - nss: check return values of NSS functions
3062 Daniel Stenberg (17 Sep 2015)
3063 - CURLOPT_PINNEDPUBLICKEY.3: mention error code
3065 - openssl: build with < 0.9.8
3067 ... without sha256 support and no define saying so.
3069 Reported-by: Rajkumar Mandal
3071 - libcurl-errors.3: add two missing error codes
3073 CURLE_SSL_PINNEDPUBKEYNOTMATCH and CURLE_SSL_INVALIDCERTSTATUS
3075 Jay Satiro (14 Sep 2015)
3076 - CURLOPT_PINNEDPUBLICKEY.3: Improve pubkey extraction example
3078 - Show how a certificate can be obtained using OpenSSL.
3080 Bug: https://github.com/bagder/curl/pull/430
3081 Reported-by: Daniel Hwang
3083 Daniel Stenberg (13 Sep 2015)
3084 - http2: removed unused function
3086 - CURLINFO_ACTIVESOCKET.3: mention it replaces *LASTSOCKET
3088 - opts: add CURLINFO_* man pages to dist
3090 - opts: 19 more CURLINFO_* options made into stand-alone man pages
3092 - RELEASE-NOTES: synced with fad9604613
3094 - curl: customrequest_helper: deal with NULL custom method
3096 - [Svyatoslav Mishyn brought this change]
3098 CURLOPT_FNMATCH_FUNCTION.3: fix typo
3104 - curl: point out unnecessary uses of -X in verbose mode
3106 It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
3107 down the tone a bit.
3109 It adds a warning for using -XHEAD on other methods becasue that may
3110 lead to a hanging connection.
3112 Jay Satiro (10 Sep 2015)
3113 - curl_sspi: fix possibly undefined CRYPT_E_REVOKED
3115 Bug: https://github.com/bagder/curl/pull/411
3116 Reported-by: Viktor Szakats
3118 - buildconf.bat: fix syntax error
3120 - [Benjamin Kircher brought this change]
3122 winbuild: run buildconf.bat if necessary
3124 - [Svyatoslav Mishyn brought this change]
3126 docs: fix argument type for CURLINFO_SPEED_*, CURLINFO_SIZE_*
3130 Daniel Stenberg (8 Sep 2015)
3131 - [Sergei Nikulov brought this change]
3133 cmake: IPv6 : disable Unix header check on Windows platform
3137 - parse_proxy: reject illegal port numbers
3139 If the port number in the proxy string ended weirdly or the number is
3140 too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
3141 numerical address is used without enclosing brackets.
3143 Also mention the bracket requirement for IPv6 numerical addresses to the
3144 man page for CURLOPT_PROXY.
3148 Reported-by: Marcel Raad
3150 - FTP: do_more: add check for wait_data_conn in upload case
3152 In some timing-dependnt cases when a 4xx response immediately followed
3153 after a 150 when a STOR was issued, this function would wrongly return
3154 'complete == true' while 'wait_data_conn' was still set.
3158 Reported-by: Patricia Muscalu
3160 - [Svyatoslav Mishyn brought this change]
3162 CURLOPT_TLSAUTH_TYPE.3: update description
3167 - [Svyatoslav Mishyn brought this change]
3169 CURLOPT_PATH_AS_IS.3: fix typo
3175 - [Svyatoslav Mishyn brought this change]
3177 CURLINFO_SSL_VERIFYRESULT.3: add short description
3179 - [Svyatoslav Mishyn brought this change]
3181 CURLINFO_SSL_ENGINES.3: add short description
3183 - [Svyatoslav Mishyn brought this change]
3185 CURLINFO_CONTENT_LENGTH_UPLOAD.3: replace "receive" with "get" for consistency
3187 - [Svyatoslav Mishyn brought this change]
3189 CURLINFO_REDIRECT_TIME.3: remove redundant '!'
3191 Kamil Dudka (4 Sep 2015)
3192 - Revert "has: generate the curl/has.h header"
3194 This reverts commit a60bde79f9adeb135d5c642a07f0d783fbfbbc25 I have
3195 pushed by mistake. Apologies for my incompetent use of the git repo!
3197 - nss: do not directly access SSL_ImplementedCiphers[]
3199 It causes dynamic linking issues at run-time after an update of NSS.
3201 Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
3203 - [Daniel Stenberg brought this change]
3205 has: generate the curl/has.h header
3207 changed macro name, moved and renamed script to become docs/libcurl/has.pl,
3208 generate code that is checksrc compliant
3210 Daniel Stenberg (3 Sep 2015)
3211 - gitignore: ignore more generated VC Makefiles
3213 - projects/Windows/.gitignore: ignore generated files for release
3215 - http2: don't pass on Connection: headers
3217 RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an
3218 HTTP/2 message containing connection-specific header fields; any message
3219 containing connection-specific header fields MUST be treated as
3224 - curl.1: update RFC references
3226 - CURLOPT_POSTREDIR.3: update RFC number and section
3228 - CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
3230 and some general cleaning up
3232 - [Marcel Raad brought this change]
3234 inet_pton.c: Fix MSVC run-time check failure (2)
3236 This fixes another run-time check failure because of a narrowing cast on
3241 Jay Satiro (3 Sep 2015)
3242 - docs: Warn about any-domain cookies and multiple transfers
3244 - Warn that cookies without a domain are sent to any domain:
3245 CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie
3247 - Note that imported Set-Cookie cookies without a domain are no longer
3249 CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar
3251 Steve Holme (2 Sep 2015)
3252 - tool_sdecls.h: Fixed compilation warning from commit 4a889441d3
3254 tool_sdecls.h:139 warning: comma at end of enumerator list
3256 Daniel Stenberg (2 Sep 2015)
3257 - opts: 8 more CURLINFO* options as stand-alone man pages
3259 - RELEASE-NOTES: synced with c764cb4add1a8
3261 - man-pages: more SEE ALSO links
3263 - opts: more CURLINFO_* options as stand-alone man pages
3265 Steve Holme (31 Aug 2015)
3266 - sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
3268 Introduced in commit 59f3f92ba6 this function is only implemented when
3269 CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define
3270 the function in the header file either.
3272 - sasl: Updated SPN variables and comments for consistency
3274 In places the "host name" and "realm" variable was referred to as
3275 "instance" whilst in others it was referred to as "host".
3277 Daniel Stenberg (30 Aug 2015)
3278 - configure: check for HMAC_Update in openssl
3280 Turns out HMAC_Init is now deprecated in openssl master (and I spelled
3281 HMAC_Init_ex wrong in previous commit)
3283 Steve Holme (30 Aug 2015)
3284 - win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by default
3286 Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native
3287 Windows builds don't use the autoconf tools.
3289 - des: Fixed compilation warning from commit 613e5022fe
3291 curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined;
3292 assuming extern returning int
3294 - buildconf.bat: Fixed double blank line in 'curl manual' warning output
3296 - makefiles: Added our standard copyright header
3298 But kept the original author, when they were specified in a comment, as
3299 the initial copyright holder.
3301 Jay Satiro (29 Aug 2015)
3302 - CURLOPT_FILETIME.3: CURLINFO_FILETIME has its own manpage now
3304 Daniel Stenberg (29 Aug 2015)
3305 - CURLINFO_RESPONSE_CODE.3: added short description
3307 - opts: 7 initial CURLINFO_* options as stand-alone man pages
3309 - [Nikolai Kondrashov brought this change]
3311 libcurl.m4: Put braces around empty if body
3313 Put braces around empty "if" body in libcurl.m4 check to avoid warning:
3315 suggest braces around empty body in an 'if' statement
3317 and make it work with -Werror builds.
3321 - [Svyatoslav Mishyn brought this change]
3323 curl_easy_escape.3: escape '\n'
3327 - [Svyatoslav Mishyn brought this change]
3329 curl_easy_{escape,setopt}.3: fix example
3331 remove redundant '}'
3333 - [Sergei Nikulov brought this change]
3335 cmake: added Windows SSL support
3339 - curl: point out the conflicting HTTP methods if used
3341 It isn't always clear to the user which options that cause the HTTP
3342 methods to conflict so by spelling them out it should hopefully be
3343 easier to understand why curl complains.
3345 - curl: clarify that users can only specify one _METHOD_
3347 - [Svyatoslav Mishyn brought this change]
3349 curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
3353 Patrick Monnerat (24 Aug 2015)
3354 - os400: include new options in wrappers and update ILE/RPG binding.
3356 Daniel Stenberg (24 Aug 2015)
3357 - KNOWN_BUGS: #2, not reading a HEAD response-body is not a bug
3359 ... since HTTP is forbidden to return any such.
3361 - KNOWN_BUGS: #78 zero-length files is already fixed!
3363 - [Razvan Cojocaru brought this change]
3365 getinfo: added CURLINFO_ACTIVESOCKET
3367 This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64
3368 bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable.
3370 Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
3372 - http2: remove dead code
3374 Leftovers from when we removed the private socket hash.
3376 Coverity CID 1317365, "Logically dead code"
3378 - ntlm: mark deliberate switch case fall-through
3380 Coverity CID 1317367, "Missing break in switch"
3382 - http2: on_frame_recv: get a proper 'conn' for the debug logging
3384 "Explicit null dereferenced (FORWARD_NULL)"
3386 Coverity CID 1317366
3388 - RELEASE-NOTES: synced with 2acaf3c804
3390 Dan Fandrich (23 Aug 2015)
3391 - tool: fix memory leak with --proto-default option
3393 Jay Satiro (22 Aug 2015)
3394 - [Nathaniel Waisbrot brought this change]
3396 CURLOPT_DEFAULT_PROTOCOL: added
3398 - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
3399 protocol for schemeless URLs.
3401 - Add new tool option --proto-default to expose
3402 CURLOPT_DEFAULT_PROTOCOL.
3404 In the case of schemeless URLs libcurl will behave in this way:
3406 When the option is used libcurl will use the supplied default.
3408 When the option is not used, libcurl will follow its usual plan of
3409 guessing from the hostname and falling back to 'http'.
3411 - runtests: Allow for spaces in server-verify curl custom path
3413 Daniel Stenberg (22 Aug 2015)
3414 - NTLM: recent boringssl brought DES_set_odd_parity back
3416 ... so improve the #ifdefs for using our local implementation.
3418 - configure: detect latest boringssl
3420 Since boringssl brought back DES_set_odd_parity again, it cannot be used
3421 to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
3422 seems better anyway.
3424 URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
3425 Original-patch-by: Bertrand Simonnet
3429 - configure: change functions to detect openssl (clones)
3431 ... since boringssl moved the former ones and the check started to fail.
3433 URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
3434 Original-patch-by: Bertrand Simonnet
3436 - [Alessandro Ghedini brought this change]
3438 openssl: handle lack of server cert when strict checking disabled
3440 If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
3441 and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
3442 doesn't present a certificate at all.
3446 - ftp: clear the do_more bit when the server has connected
3448 The multi state machine would otherwise go into the DO_MORE state after
3449 DO, even for the case when the FTP state machine had already performed
3450 those duties, which caused libcurl to get stuck in that state and fail
3451 miserably. This occured for for active ftp uploads.
3453 Reported-by: Patricia Muscalu
3455 - [Jactry Zeng brought this change]
3457 travis.yml: Add OS X testbot.
3459 - [Rémy Léone brought this change]
3461 travis: Upgrading to container based build
3463 http://docs.travis-ci.com/user/migrating-from-legacy
3467 - RELEASE-NOTES: synced with 14ff86256b13e
3469 - [Erik Janssen brought this change]
3471 rtsp: stop reading empty DESCRIBE responses
3473 Based-on-patch-by: Jim Hollinger
3475 - [Erik Janssen brought this change]
3477 rtsp: support basic/digest authentication
3479 - [Sam Roth brought this change]
3481 CURLMOPT_PUSHFUNCTION.3: fix argument types
3486 - [Marcel Raad brought this change]
3488 inet_pton.c: Fix MSVC run-time check failure
3490 Visual Studio complains with a message box:
3492 "Run-Time Check Failure #1 - A cast to a smaller data type has caused a
3493 loss of data. If this was intentional, you should mask the source of
3494 the cast with the appropriate bitmask.
3497 char c = (i & 0xFF);
3499 Changing the code in this way will not affect the quality of the
3500 resulting optimized code."
3502 This is because only 'val' is cast to unsigned char, so the "& 0xff" has
3507 Jay Satiro (18 Aug 2015)
3508 - docs: Update the redirect protocols disabled by default
3510 - Clarify that FILE and SCP are disabled by default since 7.19.4
3511 - Add that SMB and SMBS are disabled by default since 7.40.0
3512 - Add CURLPROTO_SMBS to the list of protocols
3514 - gitignore: Sort for readability
3516 find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
3518 Daniel Stenberg (15 Aug 2015)
3519 - curl_easy_getinfo.3: fix superfluous space
3521 ... and changed "oriented" to "related"
3525 - CURLOPT_HTTP_VERSION.3: connection re-use goes before version
3527 - [Daniel Kahn Gillmor brought this change]
3529 curl.1: Document weaknesses in SSLv2 and SSLv3
3531 Acknowledge that SSLv3 is also widely considered to be insecure.
3533 Also, provide references for people who want to know more about why it's
3536 Steve Holme (14 Aug 2015)
3537 - generate.bat: Added support for generating only the prerequisite files
3539 - generate.bat: Only call buildconf.bat if it exists
3541 - generate.bat: Fixed issues when ran in directories with special chars
3543 Daniel Stenberg (14 Aug 2015)
3544 - [Brad King brought this change]
3546 cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
3548 Fix the check code to pass 5 arguments instead of 6. This typo was
3549 introduced by commit aebfd4cfbf (cmake: fix gethostby{addr,name}_r in
3550 CurlTests, 2014-10-31).
3552 Steve Holme (14 Aug 2015)
3553 - * buildconf.bat: Fixed issues when ran in directories with special chars
3555 Bug: https://github.com/bagder/curl/pull/379
3556 Reported-by: Daniel Seither
3558 Jay Satiro (13 Aug 2015)
3559 - curl_global_init_mem.3: Stronger thread safety warning
3561 Bug: http://curl.haxx.se/mail/lib-2015-08/0016.html
3562 Reported-by: Eric Ridge
3564 Daniel Stenberg (12 Aug 2015)
3565 - [Svyatoslav Mishyn brought this change]
3567 curl_multi_add_handle.3: fix a typo
3569 "can not" => "cannot"
3573 - [Alessandro Ghedini brought this change]
3579 - bump: start working toward 7.45.0
3581 - THANKS: remove duplicate name
3583 - THANKS-filter: merge Todd's names
3585 - THANKS: 13 new contributors from the 7.44.0 RELEASE-NOTES
3587 Version 7.44.0 (11 Aug 2015)
3589 Daniel Stenberg (11 Aug 2015)
3590 - RELEASE-NOTES: synced with c75a1e775061
3592 - [Svyatoslav Mishyn brought this change]
3594 curl_formget.3: correct return code
3598 - [Svyatoslav Mishyn brought this change]
3600 libcurl-tutorial.3: fix formatting
3604 - [Svyatoslav Mishyn brought this change]
3606 curl_easy_recv.3: fix formatting
3608 - [Anders Bakken brought this change]
3610 http2: discard frames with no SessionHandle
3612 Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
3613 SessionHandle. Apparently mod_h2 will sometimes send a frame for a
3614 stream_id we're finished with.
3616 Use nghttp2_session_get_stream_user_data and
3617 nghttp2_session_set_stream_user_data to identify SessionHandles instead
3622 - RELEASE-NOTES: synced with 9ee40ce2aba
3624 - [Viktor Szakats brought this change]
3626 build: refer to fixed libidn versions
3630 - Revert "configure: disable libidn by default"
3632 This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3.
3634 ... since libidn has since been fixed.
3636 - [Jakub Zakrzewski brought this change]
3638 CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define
3640 Otherwise the build only pretended to use GSS-API
3644 - SFTP: fix range request off-by-one in size check
3646 Reported-by: Tim Stack
3650 - test46: update cookie expire time
3652 ... since it went old and thus was expired and caused the test to fail!
3654 Steve Holme (9 Aug 2015)
3655 - generate.bat: Use buildconf.bat for prerequisite file generation
3657 - buildconf.bat: Tidy up of comments after recent commits
3659 - buildconf.bat: Added full generation of src\tool_hugehelp.c
3661 Added support for generating the full man page based on code from
3664 - buildconf.bat: Added detection of groff, nroff, perl and gzip
3666 To allow for the full generation of tool_hugehelp.c added detection of
3667 the required programs - based on code from generate.bat.
3669 - buildconf.bat: Move DOS variable clean-up code to separate function
3671 Rather than duplicate future variables, during clean-up of both success
3672 and error conditions, use a common function that can be called by both.
3674 - RELEASE-NOTES: Synced with 39dcf352d2
3676 - buildconf.bat: Added error messages on failure
3678 - buildconf.bat: Generate and clean files in the same order
3680 - buildconf.bat: Maintain compatibility with DOS based systems
3682 Commit f08e30d7bc broke compatibility with DOS and non Windows NT based
3683 versions of Windows due to the use of the setlocal command.
3685 Jay Satiro (9 Aug 2015)
3686 - CURLOPT_RESOLVE.3: Note removal support was added in 7.42
3688 Bug: http://curl.haxx.se/mail/lib-2015-08/0019.html
3691 Steve Holme (8 Aug 2015)
3692 - checksrc.bat: Fixed error when missing *.c and *.h files
3696 - checksrc.bat: Fixed incorrect 'lib\vtls' path check in commit 333c36b276
3698 - checksrc.bat: Fixed error when [directory] isn't a curl source directory
3700 The system cannot find the file specified.
3702 - checksrc.bat: Added check for unknown arguments
3704 - scripts: Added missing comments
3706 - scripts: Always perform setlocal and endlocal calls in pairs
3708 Ensure that there isn't a mismatch between setlocal and endlocal calls,
3709 which could have happened due to setlocal being called after certain
3710 error conditions were checked for.
3712 - scripts: Allow -help to be specified in any argument
3714 Allow the -help command line argument to be specified in any argument
3715 and not just as the first.
3717 Daniel Stenberg (6 Aug 2015)
3718 - [juef brought this change]
3720 curl_multi_remove_handle.3: fix formatting
3724 Steve Holme (6 Aug 2015)
3725 - README: Added notes about 'Running DLL based configurations'
3727 ...as well as a TODO for a future enhancement to the project files.
3729 Thanks-to: Jay Satiro
3731 - RELEASE-NOTES: Synced with cf8975387f
3733 - buildconf.bat: Synchronise no repository error with generate.bat
3735 - generate.bat: Added a check for the presence of a git repository
3737 - [Jay Satiro brought this change]
3739 build: Added wolfSSL configurations to VC10+ project files
3741 URL: https://github.com/bagder/curl/pull/174
3743 - [Jay Satiro brought this change]
3745 build: Added wolfSSL build script for Visual Studio projects
3747 Added the wolfSSL build script, based on build-openssl.bat, as well as
3748 the property sheet and header file required for the upcoming additions
3749 to the Visual Studio project files.
3751 Daniel Stenberg (6 Aug 2015)
3752 - CHANGES: refer to the online changelog
3756 - [Isaac Boukris brought this change]
3758 NTLM: handle auth for only a single request
3760 Currently when the server responds with 401 on NTLM authenticated
3761 connection (re-used) we consider it to have failed. However this is
3762 legitimate and may happen when for example IIS is set configured to
3763 'authPersistSingleRequest' or when the request goes thru a proxy (with
3766 Implemented by imploying an additional state once a connection is
3767 re-used to indicate that if we receive 401 we need to restart
3772 Steve Holme (5 Aug 2015)
3773 - RELEASE-NOTES: Synced with 473807b95f
3775 - generate.bat: Use buildconf.bat for prerequisite file clean-up
3777 - buildconf.bat: Added support for file clean-up via -clean
3779 - buildconf.bat: Added progress output
3781 - buildconf.bat: Avoid using goto for file not in repository
3783 Daniel Stenberg (5 Aug 2015)
3784 - curl_slist_append.3: add error checking to the example
3786 Steve Holme (5 Aug 2015)
3787 - buildconf.bat: Added display of usage text with -help
3789 - buildconf.bat: Added exit codes for error handling
3791 - buildconf.bat: Added our standard copyright header
3793 - buildconf.bat: Use lower-case for commands and reserved keywords
3795 - generate.bat: Only clean prerequisite files when in ALL mode
3797 - generate.bat: Moved error messages out of sub-routines
3799 - generate.bat: More use of lower-case for commands and reserved keywords
3801 Daniel Stenberg (3 Aug 2015)
3802 - libcurl.3: fix a single typo
3806 - RELEASE-NOTES: synced with c4eb10e2f06f
3808 - SSH: three state machine fixups
3810 The SSH state machine didn't clear the 'rc' variable appropriately in a
3811 two places which prevented it from looping the way it should. And it
3812 lacked an 'else' statement that made it possible to erroneously get
3813 stuck in the SSH_AUTH_AGENT state.
3815 Reported-by: Tim Stack
3819 - curl_gssapi: remove 'const' to fix compiler warnings
3821 initialization discards 'const' qualifier from pointer target type
3823 - docs: formpost needs the full size at start of upload
3827 Steve Holme (1 Aug 2015)
3828 - sspi: Fix typo from left over from old code which referenced NTLM
3830 References to NTLM in the identity generation should have been removed
3831 in commit c469941293 but not all were.
3833 - win32: Fix compilation warnings from commit 40c921f8b8
3835 connect.c:953:5: warning: initializer element is not computable at load
3837 connect.c:953:5: warning: missing initializer for field 'dwMinorVersion'
3838 of 'OSVERSIONINFOEX'
3839 curl_sspi.c:97:5: warning: initializer element is not computable at load
3841 curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion'
3842 of 'OSVERSIONINFOEX'
3844 - schannel: Fix compilation warning from commit 7a8e861a56
3846 schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion'
3847 of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
3849 Daniel Stenberg (31 Jul 2015)
3850 - libcurl-thread.3: minor reformatting
3852 Jay Satiro (31 Jul 2015)
3853 - curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs
3855 Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html
3856 Reported-by: Eric Ridge
3858 - libcurl-thread.3: Warn memory functions must be thread safe
3860 Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html
3861 Reported-by: Eric Ridge
3863 Steve Holme (31 Jul 2015)
3864 - RELEASE-NOTES: Synced with 8b1d00ac1a
3866 - INSTALL: Minor formatting correction in 'Legacy Windows and SSL' section
3868 ...as well as some rewording.
3870 Kamil Dudka (30 Jul 2015)
3871 - http: move HTTP/2 cleanup code off http_disconnect()
3873 Otherwise it would never be called for an HTTP/2 connection, which has
3874 its own disconnect handler.
3876 I spotted this while debugging <https://bugzilla.redhat.com/1248389>
3877 where the http_disconnect() handler was called on an FTP session handle
3878 causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *)
3879 was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
3880 Curl_add_buffer_free() after printing the "Connection cache is full,
3881 closing the oldest one." message.
3883 A previously working version of libcurl started to crash after it was
3884 recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
3885 actually used. This commit makes it work again although I suspect the
3886 root cause (reinterpreting session handle data of incompatible protocol)
3887 still has to be fixed. Otherwise the same will happen when mixing FTP
3888 and HTTP/2 connections and exceeding the connection cache limit.
3890 Reported-by: Tomas Tomecek
3891 Bug: https://bugzilla.redhat.com/1248389
3893 Daniel Stenberg (30 Jul 2015)
3894 - [Viktor Szakats brought this change]
3896 ABI doc: use secure URL
3898 - ABI: remove the ascii logo
3900 and made the indent level to 1
3902 - libcurl-multi.3: mention curl_multi_wait
3904 ... and some general rewordings to improve this docs.
3906 Reported-by: Tim Stack
3910 Steve Holme (30 Jul 2015)
3911 - maketgz: Fixed some VC makefiles missing from the release tarball
3913 VC7, VC11, VC12 and VC14 makefiles were missing from the release
3916 - RELEASE-NOTES: Synced with 2d7e165761
3918 - build: Added VC14 project files to Makefile.am
3920 - build: Added VC14 project files
3922 Updates to Makefile.am for the generation of the project files in
3923 the tarball to follow.
3925 Jay Satiro (29 Jul 2015)
3926 - libcurl-thread.3: Clarify CURLOPT_NOSIGNAL takes long value 1L
3928 Steve Holme (28 Jul 2015)
3929 - generate.bat: Use lower-case for commands and reserved keywords
3931 Whilst there are no coding standards for the batch files used in curl,
3932 most tend to use lower-case for keywords and upper-case for variables.
3934 - build: Added initial VC14 support to generate.bat
3936 Visual Studio project files and updates to makefile.am to follow.
3938 - build: Fixed missing .opensdf files from VC10+ .gitignore files
3940 - build: Use $(ProjectName) macro for curl.exe and curld.exe filenames
3942 This wasn't possible with the old curlsrc project filenames, but like
3943 commit 2a615a2b64 and 11397eb6dd for libcurl use the built in Visual
3944 Studio macros for the output filenames.
3946 - build: Renamed curl src Visual Studio project files
3948 Following commit 957fcd9049 and in preparation for adding the VC14
3949 project files renamed the curl source project files.
3951 Daniel Stenberg (28 Jul 2015)
3952 - [Jay Satiro brought this change]
3954 libcurl-thread.3: Revert to stricter handle wording
3956 .. also update formatting and add WinSSL and wolfSSL to the SSL/TLS
3959 - [Jay Satiro brought this change]
3961 libcurl-thread.3: Consolidate thread safety info
3963 This is a new document to consolidate our thread safety information from
3964 several documents (curl-www:features, libcurl.3, libcurl-tutorial.3).
3965 Each document's section on multi-threading will now point to this one.
3967 Steve Holme (27 Jul 2015)
3968 - README: Corrected formatting for 'Legacy Windows and SSL' section
3970 ...as well as some wording.
3972 - build-openssl.bat: Added support for VC14
3974 Daniel Stenberg (26 Jul 2015)
3975 - RELEASE-NOTES: synced with 0f645adc95390e8
3977 - test1902: attempt to make the test more reliable
3981 - comment: fix comment about adding new option support
3983 Jay Satiro (25 Jul 2015)
3984 - build-openssl.bat: Show syntax if required args are missing
3986 Daniel Stenberg (26 Jul 2015)
3987 - TODO: improve how curl works in a windows console window
3991 - 1.11 minimize dependencies with dynamicly loaded modules
3995 Jay Satiro (25 Jul 2015)
3996 - tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
3998 - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.
4000 Broken by me several days ago in 172b2be.
4001 https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b
4003 Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html
4004 Reported-by: Dan Fandrich
4006 Daniel Stenberg (25 Jul 2015)
4007 - configure: check if OpenSSL linking wants -ldl
4009 To make it easier to link with static versions of OpenSSL, the configure
4010 script now checks if -ldl is needed for linking.
4012 Help-by: TJ Saunders
4014 - [Michael Kaufmann brought this change]
4016 HTTP: ignore "Content-Encoding: compress"
4018 Currently, libcurl rejects responses with "Content-Encoding: compress"
4019 when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
4020 treat the Content-Encoding "compress" the same as other
4021 Content-Encodings that it does not support, e.g. "bzip2". That means
4024 - [Marcel Raad brought this change]
4026 openssl: work around MSVC warning
4030 lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local
4031 variable 'verstr' used It's a false positive, but as it's normally not,
4032 I have enabled warning-as-error for that warning.
4034 - [Michał Fita brought this change]
4036 configure: add --disable-rt option
4038 This option disables any attempts in configure to create dependency on
4039 stuff requiring linking to librt.so and libpthread.so, in this case this
4040 means clock_gettime(CLOCK_MONOTONIC, &mt).
4042 We were in need to build curl which doesn't link libpthread.so to avoid
4044 https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
4046 Kamil Dudka (23 Jul 2015)
4047 - http2: verify success of strchr() in http2_send()
4049 Detected by Coverity.
4051 Error: NULL_RETURNS:
4052 lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times).
4053 lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr".
4054 lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf".
4056 1301| hdbuf = strchr(hdbuf, 0x0a);
4059 1304| authority_idx = 0;
4061 Jay Satiro (22 Jul 2015)
4062 - Windows: Fix VerifyVersionInfo calls
4064 - Fix the VerifyVersionInfo calls, which we use to test for the OS major
4065 version, to also test for the minor version as well as the service pack
4066 major and minor versions.
4068 MSDN: "If you are testing the major version, you must also test the
4069 minor version and the service pack major and minor versions."
4071 https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx
4073 Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098
4074 Reported-by: Marcel Raad <MarcelRaad@users.noreply.github.com>
4076 - [Marcel Raad brought this change]
4078 schannel: Replace deprecated GetVersion with VerifyVersionInfo
4080 Steve Holme (21 Jul 2015)
4081 - makefile: Added support for VC14
4083 Patrick Monnerat (21 Jul 2015)
4084 - os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings.
4086 - libcurl: VERSIONINFO update
4087 Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname
4088 requires VERSIONINFO updating.
4090 - http2: satisfy external references even if http2 is not compiled in.
4092 Daniel Stenberg (20 Jul 2015)
4093 - http2: add stream != NULL checks for reliability
4095 They should not trigger, but in case of internal problems we at least
4096 avoid crashes this way.
4098 Jay Satiro (18 Jul 2015)
4099 - symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol
4101 - SSL: Add an option to disable certificate revocation checks
4103 New tool option --ssl-no-revoke.
4104 New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
4106 Currently this option applies only to WinSSL where we have automatic
4107 certificate revocation checking by default. According to the
4108 ssl-compared chart there are other backends that have automatic checking
4109 (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
4112 Bug: https://github.com/bagder/curl/issues/264
4113 Reported-by: zenden2k <zenden2k@gmail.com>
4115 - runtests: Allow for spaces in curl custom path
4117 .. also fix some typos in test's FILEFORMAT spec.
4119 - [David Woodhouse brought this change]
4121 ntlm_wb: Fix theoretical memory leak
4123 Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix
4124 hard-coded limit on NTLM auth packet size") introduced a potential
4125 memory leak on an error path, because we forget to free the buffer
4126 before returning an error.
4130 Although actually, it never happens in practice because we never *get*
4131 here with state == NTLMSTATE_TYPE1. The state is always zero. That
4132 might want cleaning up in a separate patch.
4134 Reported-by: Terri Oda
4136 - strerror: Add CRYPT_E_REVOKED to SSPI error strings
4138 Kamil Dudka (14 Jul 2015)
4139 - libtest: call PR_Cleanup() on exit if NSPR is used
4141 This prevents valgrind from reporting possibly lost memory that NSPR
4142 uses for file descriptor cache and other globally allocated internal
4145 Reported-by: Štefan Kremeň
4147 Jay Satiro (14 Jul 2015)
4148 - [John Malmberg brought this change]
4150 openssl: VMS support for SHA256
4152 setup-vms.h: More symbols for SHA256, hacks for older VAX
4154 openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX.
4156 openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to
4157 allow building on VAX and 64 bit VMS.
4159 - examples: Fix typo in multi-single.c
4161 Daniel Stenberg (7 Jul 2015)
4162 - [Tatsuhiro Tsujikawa brought this change]
4164 http2: Fix memory leak in push header array
4166 Dan Fandrich (2 Jul 2015)
4167 - test2041: fixed line endings in protocol part
4169 - cyassl: fixed mismatched sha256sum function prototype
4171 Daniel Stenberg (1 Jul 2015)
4172 - [moparisthebest brought this change]
4174 SSL: Pinned public key hash support
4176 - examples: provide <DESC> sections
4178 - [John Malmberg brought this change]
4180 OpenVMS: VMS Software, Inc now the supplier.
4182 setup-vms.h: Symbol case fixups submitted by Michael Steve
4184 build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the
4185 supplier of new versions of VMS. The install kit needs to accept
4188 Jay Satiro (30 Jun 2015)
4189 - multi: Move http2 push function declarations to header end
4191 This change necessary for binary compatibility.
4193 Prior to this change test 1135 failed due to the order of functions.
4195 - symbols-in-versions: Add new http2 push symbols
4197 Prior to this change test 1119 failed due to the missing symbols.
4199 Daniel Stenberg (30 Jun 2015)
4200 - RELEASE-NOTES: synced with e6749055d653
4202 - configure: disable libidn by default
4204 For security reasons, until there is a fix.
4206 Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
4207 Reported-by: Gustavo Grieco, Feist Josselin
4209 - SSL-PROBLEMS: mention WinSSL problems in WinXP
4211 - CODE_OF_CONDUCT.md: added
4213 Just to underscore how we treat each other in this project. Nothing new
4214 really, but could be useful for newcomers and outsiders to see our
4217 - tool_header_cb: fflush the header stream
4219 Flush the header stream when -D is used so that they are sent off
4222 Bug: https://github.com/bagder/curl/issues/324
4223 Reported-by: Cédric Connes
4225 - [Roger Leigh brought this change]
4227 tests: Distribute CMakeLists.txt files in subdirectories
4229 - CURLOPT_FAILONERROR.3: mention that it closes the connection
4231 Reported-by: bemoody
4232 Bug: https://github.com/bagder/curl/issues/325
4234 - curl_multi_setopt.3: alpha sort the options
4236 - curl_multi_setopt.3: add the new push options
4238 - [Tatsuhiro Tsujikawa brought this change]
4240 http2: Use nghttp2 library error code for error return value
4242 - [Tatsuhiro Tsujikawa brought this change]
4244 http2: Harden header validation for curl_pushheader_byname
4246 Since we do prefix match using given header by application code
4247 against header name pair in format "NAME:VALUE", and VALUE part can
4248 contain ":", we have to careful about existence of ":" in header
4249 parameter. ":" should be allowed to match HTTP/2 pseudo-header field,
4250 and other use of ":" in header must be treated as error, and
4251 curl_pushheader_byname should return NULL. This commit implements
4254 - [Tatsuhiro Tsujikawa brought this change]
4256 CURLMOPT_PUSHFUNCTION.3: Remove unused variable
4258 - CURLMOPT_PUSHFUNCTION.3: added example
4260 - http2: curl_pushheader_byname now takes a const char *
4262 - http2-serverpush.c: example code
4264 - http2: free all header memory after the push callback
4266 - http2: init the pushed transfer properly
4268 - http2: fixed the header accessor functions for the push callback
4270 - http2: setup the new pushed stream properly
4272 - http2: initial implementation of the push callback
4274 - http2: initial HTTP/2 server push types/docs
4276 - test1531: verify POSTFIELDSIZE set after add_handle
4278 Following the fix made in 903b6e05565bf.
4280 - pretransfer: init state.infilesize here, not in add_handle
4282 ... to properly support that options are set to the handle after it is
4283 added to the multi handle.
4285 Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html
4286 Reported-by: Stefan Bühler
4288 Jay Satiro (21 Jun 2015)
4289 - [Lior Kaplan brought this change]
4291 tool_help: fix --tlsv1 help text to use >= for TLSv1
4293 - INSTALL: Advise use of non-native SSL for Windows <= XP
4295 Advise that WinSSL in versions <= XP will not be able to connect to
4296 servers that no longer support the legacy handshakes and algorithms used
4297 by those versions, and to use an alternate backend like OpenSSL instead.
4299 Bug: https://github.com/bagder/curl/issues/253
4300 Reported-by: zenden2k <zenden2k@gmail.com>
4302 Kamil Dudka (19 Jun 2015)
4303 - curl_easy_setopt.3: restore contents removed by mistake
4305 ... in commit curl-7_43_0-18-g570076e
4307 Daniel Stenberg (19 Jun 2015)
4308 - curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
4310 Jay Satiro (18 Jun 2015)
4311 - cookie: Fix bug in export if any-domain cookie is present
4313 In 3013bb6 I had changed cookie export to ignore any-domain cookies,
4314 however the logic I used to do so was incorrect, and would lead to a
4315 busy loop in the case of exporting a cookie list that contained
4316 any-domain cookies. The result of that is worse though, because in that
4317 case the other cookies would not be written resulting in an empty file
4318 once the application is terminated to stop the busy loop.
4320 Dan Fandrich (18 Jun 2015)
4321 - FTP: fixed compiling with --disable-proxy, broken in b88f980a
4323 Daniel Stenberg (18 Jun 2015)
4324 - tool: always provide negotiate/kerberos options
4326 libcurl can still be built with it, even if the tool is not. Maintain
4329 - TODO: Support IDNA2008
4331 - [Viktor Szakats brought this change]
4333 Makefile.m32: add support for CURL_LDFLAG_EXTRAS
4335 It is similar to existing CURL_CFLAG_EXTRAS, but for
4336 extra linker option.
4338 - RTSP: removed another piece of dead code
4340 Coverity CID 1306668
4342 - openssl: fix use of uninitialized buffer
4344 Make sure that the error buffer is always initialized and simplify the
4345 use of it to make the logic easier.
4347 Bug: https://github.com/bagder/curl/issues/318
4350 - examples: more descriptions
4352 - examples: add descriptions with <DESC>
4354 Using this fixed format for example descriptions, we can generate a
4355 better list on the web site.
4357 - libcurl-errors.3: fix typo
4359 - curl_easy_setopt.3: option order doesn't matter
4361 - openssl: fix build with BoringSSL
4363 OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression
4366 - [Paul Howarth brought this change]
4368 openssl: Fix build with openssl < ~ 0.9.8f
4370 The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at
4371 around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks
4372 builds with older openssls (certainly with 0.9.8b, which is the latest
4373 older version I have to try with).
4375 - FTP: do the HTTP CONNECT for data connection blocking
4379 The introduced non-blocking general behaviour for Curl_proxyCONNECT()
4380 didn't work for the data connection establishment unless it was very
4381 fast. The newly introduced function argument makes it operate in a more
4382 blocking manner, more like it used to work in the past. This blocking
4383 approach is only used when the FTP data connecting through HTTP proxy.
4385 Blocking like this is bad. A better fix would make it work more
4388 Bug: https://github.com/bagder/curl/issues/278
4390 - bump: start the journey toward 7.44.0
4392 Jay Satiro (17 Jun 2015)
4393 - CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes
4395 - CURLOPT_ERRORBUFFER.3: Improve example
4397 Version 7.43.0 (17 Jun 2015)
4399 Daniel Stenberg (17 Jun 2015)
4400 - RELEASE-NOTES: 7.43.0 release
4402 - THANKS: updated with 7.43.0 names
4404 - [Kamil Dudka brought this change]
4406 http: do not leak basic auth credentials on re-used connections
4410 This partially reverts commit curl-7_39_0-237-g87c4abb
4412 Reported-by: Tomas Tomecek, Kamil Dudka
4413 Bug: http://curl.haxx.se/docs/adv_20150617A.html
4415 - [Kamil Dudka brought this change]
4417 test2040: verify basic auth on re-used connections
4419 - SMB: rangecheck values read off incoming packet
4423 Detected by Coverity. CID 1299430.
4425 Bug: http://curl.haxx.se/docs/adv_20150617B.html
4427 Jay Satiro (17 Jun 2015)
4428 - schannel: schannel_recv overhaul
4430 This commit is several drafts squashed together. The changes from each
4431 draft are noted below. If any changes are similar and possibly
4432 contradictory the change in the latest draft takes precedence.
4434 Bug: https://github.com/bagder/curl/issues/244
4435 Reported-by: Chris Araman
4440 - return 0 if len == 0. that will have to be documented.
4441 - continue on and process the caches regardless of raw recv
4442 - if decrypted data will be returned then set the error code to CURLE_OK
4443 and return its count
4444 - if decrypted data will not be returned and the connection has closed
4445 (eg nread == 0) then return 0 and CURLE_OK
4446 - if decrypted data will not be returned and the connection *hasn't*
4447 closed then set the error code to CURLE_AGAIN --only if an error code
4448 isn't already set-- and return -1
4449 - narrow the Win2k workaround to only Win2k
4454 - Trying out a change in flow to handle corner cases.
4459 - Back out the lazier decryption change made in draft2.
4464 - Some formatting and branching changes
4465 - Decrypt all encrypted cached data when len == 0
4466 - Save connection closed state
4467 - Change special Win2k check to use connection closed state
4472 - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
4473 connection isn't closed.
4478 - Save the last error only if it is an unrecoverable error.
4480 Prior to this I saved the last error state in all cases; unfortunately
4481 the logic to cover that in all cases would lead to some muddle and I'm
4482 concerned that could then lead to a bug in the future so I've replaced
4483 it by only recording an unrecoverable error and that state will persist.
4485 - Do not recurse on renegotiation.
4487 Instead we'll continue on to process any trailing encrypted data
4488 received during the renegotiation only.
4490 - Move the err checks in cleanup after the check for decrypted data.
4492 In either case decrypted data is always returned but I think it's easier
4493 to understand when those err checks come after the decrypted data check.
4498 - Regardless of len value go directly to cleanup if there is an
4499 unrecoverable error or a close_notify was already received. Prior to
4500 this change we only acknowledged those two states if len != 0.
4502 - Fix a bug in connection closed behavior: Set the error state in the
4503 cleanup, because we don't know for sure it's an error until that time.
4505 - (Related to above) In the case the connection is closed go "greedy"
4506 with the decryption to make sure all remaining encrypted data has been
4507 decrypted even if it is not needed at that time by the caller. This is
4508 necessary because we can only tell if the connection closed gracefully
4509 (close_notify) once all encrypted data has been decrypted.
4511 - Do not renegotiate when an unrecoverable error is pending.
4516 - Don't show 'server closed the connection' info message twice.
4518 - Show an info message if server closed abruptly (missing close_notify).
4520 Daniel Stenberg (16 Jun 2015)
4521 - [Paul Oliver brought this change]
4527 - [Viktor Szakats brought this change]
4531 - RELEASE-NOTES: synced with f29f2cbd00dbe5f
4533 - [Viktor Szakats brought this change]
4535 README: use secure protocol for Git repository
4537 - [Viktor Szakats brought this change]
4539 HTTP2.md: use SSL/TLS IETF URLs
4541 - [Viktor Szakats brought this change]
4543 LICENSE-MIXING: update URLs
4545 * use SSL/TLS where available
4546 * follow permanent redirects
4548 - LICENSE-MIXING: refreshed
4550 - curl_easy_duphandle: see also *reset
4552 - rtsp_do: fix DEAD CODE
4554 "At condition p_request, the value of p_request cannot be NULL."
4556 Coverity CID 1306668.
4558 - security:choose_mech fix DEAD CODE warning
4560 ... by removing the "do {} while (0)" block.
4562 Coverity CID 1306669
4564 - curl.1: netrc is in man section 5
4566 - curl.1: small format fix
4568 use \fI-style instead of .BR for references
4570 - urldata: store POST size in state.infilesize too
4572 ... to simplify checking when PUT _or_ POST have completed.
4574 Reported-by: Frank Meier
4575 Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
4577 Dan Fandrich (14 Jun 2015)
4578 - test1530: added http to required features
4580 Jay Satiro (14 Jun 2015)
4581 - [Drake Arconis brought this change]
4583 build: Fix typo from OpenSSL 1.0.2 version detection fix
4585 - [Drake Arconis brought this change]
4587 build: Properly detect OpenSSL 1.0.2 when using configure
4589 - curl_multi_info_read.3: fix example formatting
4591 Daniel Stenberg (13 Jun 2015)
4592 - BINDINGS: there's a new R binding in town!
4594 - BINDINGS: added the Xojo binding
4596 Jay Satiro (11 Jun 2015)
4597 - [Joel Depooter brought this change]
4599 schannel: Add support for optional client certificates
4601 Some servers will request a client certificate, but not require one.
4602 This change allows libcurl to connect to such servers when using
4603 schannel as its ssl/tls backend. When a server requests a client
4604 certificate, libcurl will now continue the handshake without one,
4605 rather than terminating the handshake. The server can then decide
4606 if that is acceptable or not. Prior to this change, libcurl would
4607 terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
4610 Daniel Stenberg (11 Jun 2015)
4611 - curl_easy_cleanup.3: provide more SEE ALSO
4613 - debug: remove http2 debug leftovers
4615 - VERSIONS: now using markdown
4617 - RELEASE-PROCEDURE: remove ascii logo at the top of file
4619 - INTERNALS: absorbed docs/LIBCURL-STRUCTS
4621 - INTERNALS: cat lib/README* >> INTERNALS
4623 and a conversion to markdown. Removed the lib/README.* files. The idea
4624 being to move toward having INTERNALS as the one and only "book" of
4625 internals documentation.
4627 Added a TOC to top of the document.
4629 Jay Satiro (8 Jun 2015)
4630 - openssl: LibreSSL and BoringSSL do not use TLS_client_method
4632 Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of
4633 TLS_client_method LibreSSL and BoringSSL didn't and still use
4634 SSLv23_client_method.
4636 Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009
4637 Reported-by: asavah@users.noreply.github.com
4639 Daniel Stenberg (9 Jun 2015)
4640 - RELEASE-NOTES: synced with 20ac3458068
4642 - CURLOPT_OPENSOCKETFUNCTION: return error at once
4644 When CURL_SOCKET_BAD is returned in the callback, it should be treated
4645 as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently
4646 created when trying to connect to a server.
4648 Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
4650 - fopen.c: fix a few compiler warnings
4652 - [Ville Skyttä brought this change]
4654 docs: Spelling fixes
4656 - [Ville Skyttä brought this change]
4658 docs: man page indentation and syntax fixes
4660 Linus Nielsen (8 Jun 2015)
4661 - help: Add --proxy-service-name and --service-name to the --help output
4663 Jay Satiro (7 Jun 2015)
4664 - openssl: Fix verification of server-sent legacy intermediates
4666 - Try building a chain using issuers in the trusted store first to avoid
4667 problems with server-sent legacy intermediates.
4669 Prior to this change server-sent legacy intermediates with missing
4670 legacy issuers would cause verification to fail even if the client's CA
4671 bundle contained a valid replacement for the intermediate and an
4672 alternate chain could be constructed that would verify successfully.
4674 https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
4676 Daniel Stenberg (5 Jun 2015)
4677 - BINDINGS: update several URLs
4679 Stop linking to the curl.haxx.se anchor pages, they are usually only
4680 themselves pointers to the real page so better point there directly
4683 - BINDINGS: the curl-rust binding
4685 - curl.h: add CURL_HTTP_VERSION_2
4687 The protocol is named "HTTP/2" after all. It is an alias for the
4688 existing CURL_HTTP_VERSION_2_0 enum.
4690 - openssl: removed error string #ifdef
4692 ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
4694 - openssl: removed USERDATA_IN_PWD_CALLBACK kludge
4696 Code for OpenSSL 0.9.4 serves no purpose anymore!
4698 - openssl: remove SSL_get_session()-using code
4700 It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
4703 - openssl: remove dummy callback use from SSL_CTX_set_verify()
4705 The existing callback served no purpose.
4707 - LIBCURL-STRUCTS: clarify for multiplexing
4709 Jay Satiro (3 Jun 2015)
4710 - cookie: Stop exporting any-domain cookies
4712 Prior to this change any-domain cookies (cookies without a domain that
4713 are sent to any domain) were exported with domain name "unknown".
4715 Bug: https://github.com/bagder/curl/issues/292
4717 Daniel Stenberg (3 Jun 2015)
4718 - RELEASE-PROCEDURE: refreshed 'coming dates'
4720 Jay Satiro (2 Jun 2015)
4721 - curl_setup: Change fopen text macros to use 't' for MSDOS
4723 Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
4724 Reported-by: Gisle Vanem
4726 Daniel Stenberg (2 Jun 2015)
4727 - curl_multi_timeout.3: added example
4729 - curl_multi_perform.3: added example
4731 - curl_multi_info_read.3: added example
4733 - checksrc: detect fopen() for text without the FOPEN_* macros
4735 Follow-up to e8423f9ce150 with discussionis in
4736 https://github.com/bagder/curl/pull/258
4738 This check scans for fopen() with a mode string without 'b' present, as
4739 it may indicate that an FOPEN_* define should rather be used.
4741 - curl_getdate.3: update RFC reference
4743 Jay Satiro (1 Jun 2015)
4744 - curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
4746 - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
4747 - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"
4749 This change is to explicitly specify when we need to read/write text.
4750 Unfortunately 't' is not part of POSIX fopen so we can't specify it
4751 directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.
4753 Prior to this change we had an issue on Windows if an application that
4754 uses libcurl overrides the default file mode to binary. The default file
4755 mode in Windows is normally text mode (translation mode) and that's what
4758 Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
4759 Reported-by: Orgad Shaneh
4761 Daniel Stenberg (1 Jun 2015)
4762 - http2-upload.c: use PIPEWAIT for playing HTTP/2 better
4764 - http2-download: check for CURLPIPE_MULTIPLEX properly
4766 Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html
4767 Reported-by: Rafayel Mkrtchyan
4769 - [Isaac Boukris brought this change]
4771 HTTP-NTLM: fail auth on connection close instead of looping
4773 Bug: https://github.com/bagder/curl/issues/256
4775 - 5.6 Refuse "downgrade" redirects
4777 - README.pingpong: removed
4779 - ROADMAP: remove HTTP/2 multiplexing - its here now
4781 - HTTP2.md: formatted properly
4783 - HTTP2: moved docs into docs/ and make it markdown
4785 - README.http2: refreshed and added multiplexing info
4787 - dist: add the http2 examples
4789 - http2 examples: clean up some comments
4791 - examples: added two programs doing multiplexed HTTP/2
4793 - scripts: moved contributors.sh and contrithanks.sh into subdir
4795 - RELEASE-NOTES: synced with c005790ff1c0a
4797 - [Daniel Melani brought this change]
4799 openssl: typo in comment
4801 Jay Satiro (27 May 2015)
4802 - openssl: Use TLS_client_method for OpenSSL 1.1.0+
4804 SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
4805 equivalent is TLS_client_method.
4807 https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
4809 Daniel Stenberg (26 May 2015)
4810 - FAQ: How do I port libcurl to my OS?
4812 Jay Satiro (25 May 2015)
4813 - CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
4815 Document that if Set-Cookie is used without a domain then the cookie is
4816 sent for any domain and will not be modified.
4818 Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html
4819 Reported-by: Alexander Dyagilev
4821 Daniel Stenberg (25 May 2015)
4822 - [Tatsuhiro Tsujikawa brought this change]
4824 http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer
4826 Previously, after seeing upgrade to HTTP/2, we feed data followed by
4827 upgrade response headers directly to nghttp2_session_mem_recv() in
4828 Curl_http2_switched(). But it turns out that passed buffer, mem, is
4829 part of stream->mem, and callbacks called by
4830 nghttp2_session_mem_recv() will write stream specific data into
4831 stream->mem, overwriting input data. This will corrupt input, and
4832 most likely frame length error is detected by nghttp2 library. The
4833 fix is first copy the passed data to HTTP/2 connection buffer,
4834 httpc->inbuf, and call nghttp2_session_mem_recv().
4836 Jay Satiro (24 May 2015)
4837 - CURLOPT_COOKIE.3: Explain that the cookies won't be modified
4839 The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the
4840 outgoing request(s)." However there seems to be some user confusion
4841 about cookie modification. Document that the cookies set by this option
4842 are not modified by the cookie engine.
4844 Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html
4845 Reported-by: Alexander Dyagilev
4847 - CURLOPT_COOKIELIST.3: Add example
4849 Dan Fandrich (24 May 2015)
4850 - testcurl.pl: use rel2abs to make the source directory absolute
4852 This function makes a platform-specific absolute path which uses
4853 backslashes on Windows. This form works when passing it on the
4854 command-line, as well as if the source is on another drive.
4856 - conncache: fixed memory leak on OOM (torture tests)
4858 Daniel Stenberg (24 May 2015)
4859 - perl: remove subdir, not touched in 9 years
4861 - log2changes.pl: moved to scripts/
4863 - [Alessandro Ghedini brought this change]
4865 scripts: add zsh.pl for generating zsh completion
4867 Dan Fandrich (23 May 2015)
4868 - test1510: another flaky test
4870 Daniel Stenberg (22 May 2015)
4871 - security: fix "Unchecked return value" from sscanf()
4873 By (void) prefixing it and adding a comment. Did some minor related
4876 Coverity CID 1299423.
4878 - security: simplify choose_mech
4880 Coverity CID 1299424 identified dead code because of checks that could
4881 never equal true (if the mechanism's name was NULL).
4883 Simplified the function by removing a level of pointers and removing the
4884 loop and array that weren't used.
4886 - RTSP: catch attempted unsupported requests better
4888 Replace use of assert with code that properly catches bad input at
4889 run-time even in non-debug builds.
4891 This flaw was sort of detected by Coverity CID 1299425 which claimed the
4892 "case RTSPREQ_NONE" was dead code.
4894 - share_init: fix OOM crash
4896 A failed calloc() would lead to NULL pointer use.
4898 Coverity CID 1299427.
4900 - parse_proxy: switch off tunneling if non-HTTP proxy
4902 non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL
4904 Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
4905 Reported-by: Sean Boudreau
4907 - curl: fix potential NULL dereference
4909 Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
4911 - http2: on_frame_recv: return early on stream 0
4913 Coverity CID 1299426 warned about possible NULL dereference otherwise,
4914 but that would only ever happen if we get invalid HTTP/2 data with
4915 frames for stream 0. Avoid this risk by returning early when stream 0 is
4918 - http: removed self assignment
4920 Follow-up fix from b0143a2a33f0
4922 Detected by coverity. CID 1299429
4924 - [Tatsuhiro Tsujikawa brought this change]
4926 http2: Make HTTP Upgrade work
4928 This commit just add implicitly opened stream 1 to streams hash.
4930 Jay Satiro (22 May 2015)
4931 - strerror: Change SEC_E_ILLEGAL_MESSAGE description
4933 Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
4934 and language specific, and invariably translated to something not very
4935 helpful like: "The message received was unexpected or badly formatted."
4937 Bug: https://github.com/bagder/curl/issues/267
4938 Reported-by: Michael Osipov
4940 - telnet: Fix read-callback change for Windows builds
4942 Refer to b0143a2 for more information on the read-callback change.
4944 Daniel Stenberg (21 May 2015)
4945 - CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy!
4947 Dan Fandrich (21 May 2015)
4948 - testcurl.pl: allow source to be in an arbitrary directory
4950 This way, the build directory can be located on an entirely different
4951 filesystem from the source code (e.g. a tmpfs).
4953 Daniel Stenberg (20 May 2015)
4954 - read_callback: move to SessionHandle from connectdata
4956 With many easy handles using the same connection for multiplexing, it is
4957 important we store and keep the transfer-oriented stuff in the
4958 SessionHandle so that callbacks and callback data work fine even when
4959 many easy handles share the same physical connection.
4961 - http2: show stream IDs in decimal
4963 It makes them easier to match output from the nghttpd test server.
4965 - [Tatsuhiro Tsujikawa brought this change]
4967 http2: Faster http2 upload
4969 Previously, when we send all given buffer in data_source_callback, we
4970 return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream
4971 temporarily for writing. This itself is good. If this is the sole
4972 stream in the session, nghttp2_session_want_write() returns zero,
4973 which means that libcurl does not check writeability of the underlying
4974 socket. This leads to very slow upload, because it seems curl only
4975 upload 16k something per 1 second. To fix this, if we still have data
4976 to send, call nghttp2_session_resume_data after nghttp2_session_send.
4977 This makes nghttp2_session_want_write() returns nonzero (if connection
4978 window still opens), and as a result, socket writeability is checked,
4979 and upload speed becomes normal.
4981 - [Dmitry Eremin-Solenikov brought this change]
4983 gtls: don't fail on non-fatal alerts during handshake
4985 Stop curl from failing when non-fatal alert is received during
4986 handshake. This e.g. fixes lots of problems when working with https
4987 sites through proxies.
4989 - curl_easy_unescape.3: update RFC reference
4991 Reported-by: bsammon
4992 Bug: https://github.com/bagder/curl/issues/282
4994 Jay Satiro (20 May 2015)
4995 - CURLOPT_POSTFIELDS.3: Mention curl_easy_escape
4997 .. also correct some variable naming in curl_easy_escape.3
4999 Bug: https://github.com/bagder/curl/issues/281
5000 Reported-by: bsammon@users.noreply.github.com
5002 Daniel Stenberg (19 May 2015)
5003 - [Brian Prodoehl brought this change]
5005 openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg
5007 BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl
5008 and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and
5013 Jay Satiro (19 May 2015)
5014 - curl.1: fix missing space in section --data
5016 Daniel Stenberg (19 May 2015)
5017 - transfer: remove erroneous and misleading comment
5019 Kamil Dudka (19 May 2015)
5020 - http: silence compile-time warnings without USE_NGHTTP2
5022 Error: CLANG_WARNING:
5023 lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read
5025 Error: COMPILER_WARNING:
5026 lib/http.c: scope_hint: In function ‘http_disconnect’
5027 lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
5029 Jay Satiro (19 May 2015)
5030 - transfer: Replace __func__ instances with function name
5032 .. also make __func__ replacement in multi.
5034 Prior to this change debug builds would fail to build if the compiler
5035 was building pre-c99 and didn't support __func__.
5037 Daniel Stenberg (19 May 2015)
5038 - [Viktor Szakats brought this change]
5040 build: bump version in default nghttp2 paths
5042 - INTERNALS: we require nghttp2 1.0.0+ now
5044 Jay Satiro (18 May 2015)
5045 - http: Add some include guards for the new HTTP/2 stuff
5047 Daniel Stenberg (18 May 2015)
5048 - http2: store upload state per stream
5050 Use a curl_off_t for upload left
5052 - http2: fix build when NOT h2-enabled
5054 - http2: switch to use Curl_hash_destroy()
5056 as after 4883f7019d3, the *_clean() function only flushes the hash.
5058 - curlver: restore LIBCURL_VERSION_NUM defined as a full number
5060 As it breaks configure, curl-config and test 1023 if not.
5062 - [Anthony Avina brought this change]
5064 hostip: fix unintended destruction of hash table
5066 .. and added unit1602 for hash.c
5068 - curlver: introducing new version number (checking) macros
5070 - runtests.pl: use 'h2c' now, no -14 anymore
5072 - [Tatsuhiro Tsujikawa brought this change]
5074 http2: Ignore if we have stream ID not in hash in on_stream_close
5076 We could get stream ID not in the hash in on_stream_close. For
5077 example, if we decided to reject stream (e.g., PUSH_PROMISE), then we
5078 don't create stream and store it in hash with its stream ID.
5080 - [Tatsuhiro Tsujikawa brought this change]
5082 Require nghttp2 v1.0.0
5084 This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
5085 and utilize recent version of nghttp2 to simplify the code,
5087 First we use nghttp2_option_set_no_recv_client_magic function to
5088 detect nghttp2 v1.0.0. That function only exists since v1.0.0.
5090 Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
5091 validates received header field. If it found error, RST_STREAM with
5092 PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize
5093 this feature to simplify libcurl code. This commit does this.
5095 Migration from 0.7 series are done based on nghttp2 migration
5096 document. For libcurl, we removed the code sending first 24 bytes
5097 client magic. It is now done by nghttp2 library.
5098 on_invalid_frame_recv callback signature changed, and is updated
5101 - http2: infof length in on_frame_send()
5103 - pipeline: switch some code over to functions
5105 ... to "compartmentalize" a bit and make it easier to change behavior
5106 when multiplexing is used instead of good old pipelining.
5108 - symbols-in-versions: add CURLOPT_PIPEWAIT
5110 - CURLOPT_PIPEWAIT: added
5112 By setting this option to 1 libcurl will wait for a connection to reveal
5113 if it is possible to pipeline/multiplex on before it continues.
5115 - Curl_http_readwrite_headers: minor code simplification
5117 - IsPipeliningPossible: fixed for http2
5119 - http2: bump the h2 buffer size to 32K for speed
5121 - http2: remove the stream from the hash in stream_close callback
5123 ... and suddenly things work much better!
5125 - http2: if there is paused data, do not clear the drain field
5127 - http2: rename s/data/pausedata
5129 - http2: "stream %x" in all outputs to make it easier to search for
5131 - http2: Curl_expire() all handles with incoming traffic
5133 ... so that they'll get handled next in the multi loop.
5135 - http2: don't signal settings change for same values
5137 - http2: set default concurrency, fix ConnectionExists for multiplex
5139 - bundles: store no/default/pipeline/multiplex
5141 to allow code to act differently on the situation.
5143 Also added some more info message for the connection re-use function to
5144 make it clearer when connections are not re-used.
5146 - http2: lazy init header_recvbuf
5148 It makes us use less memory when not doing HTTP/2 and subsequently also
5149 makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
5151 - http2: separate multiplex/pipelining + cleanup memory leaks
5153 - CURLMOPT_PIPELINE: bit 1 is for multiplexing
5155 - [Tatsuhiro Tsujikawa brought this change]
5157 http2: Fix bug that data to be drained are overwritten by pending "paused" data
5159 - [Tatsuhiro Tsujikawa brought this change]
5161 http2: Don't call nghttp2_session_mem_recv while it is paused by a stream
5163 - [Tatsuhiro Tsujikawa brought this change]
5165 http2: Read data left in connection buffer after pause
5167 Previously when we do pause because of out of buffer, we just throw
5168 away unread data in connection buffer. This just broke protocol
5169 framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this
5170 issue by remembering how much data read, and in the next iteration, we
5171 process remaining data.
5173 - [Tatsuhiro Tsujikawa brought this change]
5175 http2: Fix streams get stuck
5177 This commit fixes the bug that streams get stuck if stream gets some
5178 DATA, and stream->closed becomes true at the same time. Previously,
5179 in this condition, after we processed DATA, we are going to try to
5180 read data from underlying transport, but there is no data, and gets
5181 EAGAIN. There was no code path to evaludate stream->closed.
5183 - http2: store incoming h2 SETTINGS
5185 - pipeline: move function to pipeline.c and make static
5187 ... as it was only used from there.
5189 - IsPipeliningPossible: http2 can always "pipeline" (multiplex)
5191 - http2: remove debug logging from on_frame_recv
5193 - http2: remove the closed check in http2_recv
5195 With the "drained" functionality we can get here slightly asynchronously
5196 so the stream have have been closed but there is pending data left to
5199 - http2: bump the h2 buffer to 8K
5201 - http2: Curl_read should not use the single buffer
5203 ... as it does for pipelining when we're multiplexing, as we need the
5204 different buffers to store incoming data correctly for all streams.
5206 - http2: more debug outputs
5208 - http2: leave WAITPERFORM when conn is multiplexed
5210 No need to wait for our "spot" like for pipelining
5212 - http2: force "drainage" of streams
5214 ... which is necessary since the socket won't be readable but there is
5215 data waiting in the buffer.
5217 - http2: move the mem+len pair to the stream struct
5219 - http2: more stream-oriented data, stream ID 0 is for connections
5221 - http2: move lots of state data to the 'stream' struct
5223 ... from the connection struct. The stream one being the 'struct HTTP'
5224 which is kept in the SessionHandle struct (easy handle).
5226 lookup streams for incoming frames in the stream hash, hashing is based
5227 on the stream id and we get the SessionHandle for the incoming stream
5230 - HTTP: partial start at fixing up hash-lookups on http2 frame receival
5232 - http: a stream hash for h2 multiplexing
5234 - http: a stream hash for h2 multiplexing
5236 - http2: debug log when receiving unexpected stream_id
5238 - http2: move stream_id to the HTTP struct (per-stream)
5240 - Curl_http2_setup: only do it once and enable multiplex on the server
5242 Once we know we are HTTP/2 enabled we know the server can multiplex.
5244 - http: switch on "pipelining" (multiplexing) for HTTP/2 servers
5246 ... and do not blacklist any.
5248 - README.pipelining: removed
5250 All the details mentioned here are better documented in man pages
5252 Dan Fandrich (14 May 2015)
5253 - build: removed bundles.c from make files
5255 This file was removed in commit fd137786
5257 Daniel Stenberg (14 May 2015)
5258 - Curl_conncache_add_conn: fix memory leak on OOM
5260 - CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number
5262 - conncache: keep bundles on host+port bases, not only host names
5264 Previously we counted all connections to a specific host name and that
5265 would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example,
5266 while servers on different port numbers are normally considered
5267 different "origins" on the web and should thus be considered different
5270 - bundles: merged into conncache.c
5272 All the existing Curl_bundle* functions were only ever used from within
5273 the conncache.c file, so I moved them over and made them static (and
5274 removed the Curl_ prefix).
5276 - hostcache: made all host caches use structs, not pointers
5278 This avoids unnecessary dynamic allocs and as this also removed the last
5279 users of *hash_alloc() and *hash_destroy(), those two functions are now
5282 - multi: converted socket hash into non-allocated struct
5284 avoids extra dynamic allocation
5286 - connection cache: avoid Curl_hash_alloc()
5288 ... by using plain structs instead of pointers for the connection cache,
5289 we can avoid several dynamic allocations that weren't necessary.
5291 - proxy: add newline to info message
5293 Patrick Monnerat (8 May 2015)
5294 - FTP: fix dangling conn->ip_addr dereference on verbose EPSV.
5296 - FTP: Make EPSV use the control IP address rather than the original host.
5297 This ensures an alternate address is not used.
5298 Does not apply to proxy tunnel.
5300 Daniel Stenberg (8 May 2015)
5301 - [Alessandro Ghedini brought this change]
5303 tool_help: fix formatting for --next option
5305 - [Egon Eckert brought this change]
5307 opts: improved the TCP keepalive examples
5309 Jay Satiro (8 May 2015)
5310 - winbuild: Document the option used to statically link the CRT
5312 - Document option RTLIBCFG (runtime library configuration).
5314 Bug: https://github.com/bagder/curl/issues/254
5315 Reported-by: Bert Huijben
5317 - [Orgad Shaneh brought this change]
5319 netrc: Read in text mode when cygwin
5321 Use text mode when cygwin to eliminate trailing carriage returns.
5323 Bug: https://github.com/bagder/curl/pull/258
5325 Patrick Monnerat (5 May 2015)
5326 - OS400: Add SPNEGO service name options to ILE/RPG binding.
5328 Daniel Stenberg (4 May 2015)
5329 - curl_multi_info_read.3: fix typo
5331 Reported-by: Liviu Chircu
5333 - MANUAL: language fix
5335 Reported-by: Fred Stluka
5336 Bug: https://github.com/bagder/curl/issues/255
5338 - [Alessandro Ghedini brought this change]
5340 gtls: properly retrieve certificate status
5342 Also print the revocation reason if appropriate.
5344 - OpenSSL: conditional check for SSL3_RT_HEADER
5346 The symbol is fairly new.
5348 Reported-by: Kamil Dudka
5350 - openssl: skip trace outputs for ssl_ver == 0
5352 The OpenSSL trace callback is wonderfully undocumented but given a
5353 journey in the source code, it seems the cases were ssl_ver is zero
5354 doesn't follow the same pattern and thus turned out confusing and
5355 misleading. For now, we skip doing any CURLINFO_TEXT logging on those
5356 but keep sending them as CURLINFO_SSL_DATA_OUT/IN.
5358 Also, I added direction to the text info and I edited some functions
5361 Bug: https://github.com/bagder/curl/issues/219
5362 Reported-by: Jay Satiro, Ashish Shukla
5364 Marc Hoersken (2 May 2015)
5365 - schannel.c: Small changes
5367 - schannel.c: Improve code path and readability
5369 - schannel.c: Improve error and return code handling upon aa99a63f03
5371 - [Chris Araman brought this change]
5373 schannel: fix regression in schannel_recv
5375 https://github.com/bagder/curl/issues/244
5377 Commit 145c263 changed the behavior when Curl_read_plain returns
5378 CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
5381 - Bug born in changes made several days ago 9a91e80.
5383 Commit: https://github.com/bagder/curl/commit/926cb9f
5384 Reported-by: Ray Satiro
5386 Daniel Stenberg (30 Apr 2015)
5387 - [Michael Osipov brought this change]
5389 configure: remove missing and make it autogenerate
5391 The missing file has not been autogenerated because a temporary fix was
5392 employed in acinclude.m4 which blocked update. Removed that fix and a recent
5393 version of missing is copied to build root.
5395 - [Michael Osipov brought this change]
5397 acinclude.m4: fix test for default CA cert bundle/path
5399 test(1) on HP-UX requires a single equals sign and fails with two.
5400 Let's use one and make every OS happy.
5402 - CONTRIBUTING.md: remove the sourceforge mention
5404 Reported-By: Michael Osipov
5406 Dan Fandrich (30 Apr 2015)
5407 - http_negotiate_sspi: added missing data variable
5409 Daniel Stenberg (30 Apr 2015)
5410 - [Michael Osipov brought this change]
5412 configure: remove --automake from libtoolize call
5414 That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4.
5415 Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility".
5417 This option is redundant now.
5419 - [Viktor Szakats brought this change]
5421 build: update depedency versions, urls, example makefiles
5423 - update default versions of dependencies (except for rare/old platforms)
5425 - sync examples makefiles with main ones
5426 - remove line ending space
5428 - [Michael Osipov brought this change]
5430 configure: remove autogenerated files by autoconf
5432 * install-sh is always regenerated
5433 * mkinstalldirs was already redudant years ago. Automake uses install for
5434 that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html
5436 - [Anders Bakken brought this change]
5438 curl_multi_add_handle: next is already NULL
5440 Jay Satiro (30 Apr 2015)
5441 - schannel: Fix out of bounds array
5443 Bug born in changes made several days ago 9a91e80.
5445 Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
5446 Reported-by: Brian Chrisman
5448 - docs/libcurl: gitignore libcurl-symbols.3
5450 Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html
5451 Reported-by: Michael Osipov
5453 - [Viktor Szakats brought this change]
5455 lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
5457 This fixes using a multi-target mingw distro to build curl .dll for the
5459 (mirroring the same patch present in src/makefile.m32)
5461 Daniel Stenberg (29 Apr 2015)
5462 - RELEASE-NOTES: synced with cd39b944afc
5464 I've not mentioned the bug fixes that were shipped in 7.42.1 from the
5467 - THANKS: merged from the 7.42.1 release
5469 - CURLOPT_HEADEROPT: default to separate
5471 Make the HTTP headers separated by default for improved security and
5472 reduced risk for information leakage.
5474 Bug: http://curl.haxx.se/docs/adv_20150429.html
5475 Reported-by: Yehezkel Horowitz, Oren Souroujon