5 \___|\___/|_| \_\_____|
9 Version 7.40.0 (7 Jan 2015)
11 Daniel Stenberg (7 Jan 2015)
12 - RELEASE-NOTES: version 7.40.0
14 - darwinssl: fix session ID keys to only reuse identical sessions
16 ...to avoid a session ID getting cached without certificate checking and
17 then after a subsequent _enabling_ of the check libcurl could still
18 re-use the session done without cert checks.
20 Bug: http://curl.haxx.se/docs/adv_20150108A.html
21 Reported-by: Marc Hesse
23 - tests: make sure CRLFs can't be used in URLs passed to proxy
25 Bug: http://curl.haxx.se/docs/adv_20150108B.html
27 - url-parsing: reject CRLFs within URLs
29 Bug: http://curl.haxx.se/docs/adv_20150108B.html
30 Reported-by: Andrey Labunets
32 Steve Holme (7 Jan 2015)
33 - ldap: Convert attribute output to UTF-8 when Unicode
35 - ldap: Convert DN output to UTF-8 when Unicode
37 Daniel Stenberg (7 Jan 2015)
38 - hostip: remove 'stale' argument from Curl_fetch_addr proto
40 Also, remove the log output of the resolved name is NOT in the cache in
41 the spirit of only telling when something is actually happening.
43 Steve Holme (7 Jan 2015)
44 - ldap/imap: Fixed spelling mistake in comments and variable names
46 Reported-by: Michael Osipov
48 Daniel Stenberg (7 Jan 2015)
49 - RELEASE-NOTES: updated with ./contributors.sh output
51 Dan Fandrich (5 Jan 2015)
52 - curl_multibyte.h: Eliminated some trailing whitespace
54 Steve Holme (4 Jan 2015)
55 - RELEASE-NOTES: Synced with ea93252ef1
57 - ldap: Fixed Unicode usage for all Win32 builds
59 Otherwise, the fixes in the previous commits would only be applicable
60 to IDN and SSPI based builds and not others such as OpenSSL with LDAP
63 - ldap: Fixed memory leak from commit efb64fdf80
65 - ldap: Fix memory leak from commit 3a805c5cc1
67 - ldap: Fixed attribute variable warnings when Unicode is enabled
69 Use 'TCHAR *' for local attribute variable rather than 'char *'.
71 - ldap: Fixed DN variable warnings when Unicode is enabled
73 Use 'TCHAR *' for local DN variable rather than 'char *'.
75 - ldap: Remove the unescape_elements() function
77 Due to the recent modifications this function is no longer used.
79 - ldap.c: Fixed compilation warning
81 ldap.c:98: warning: extra tokens at end of #endif directive
83 - ldap: Fixed support for Unicode filter in Win32 search call
85 - ldap.c: Fixed compilation warning
87 ldap.c:802: warning: comparison between signed and unsigned integer
90 - ldap: Fixed support for Unicode attributes in Win32 search call
92 - ldap: Fixed memory leak from commit efb64fdf80
94 The unescapped DN was not freed after a successful character conversion.
96 - ldap.c: Fixed compilation error
98 ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
101 - ldap.c: Fixed compilation warning
103 ldap.c:89: warning: extra tokens at end of #endif directive
105 - ldap: Fixed support for Unicode DN in Win32 search call
107 - ldap: Fixed Unicode user and password in Win32 bind calls
109 - ldap: Fixed Unicode host name in Win32 initialisation calls
111 - ldap: Use host.dispname for infof() connection failure messages
113 As host.name may be encoded use dispname for infof() failure messages.
115 - ldap: Prefer 'CURLcode result' for curl result codes
117 - ldap: Pass write length in all Curl_client_write() calls
119 As we get the length for the DN and attribute variables, and we know
120 the length for the line terminator, pass the length values rather than
121 zero as this will save Curl_client_write() from having to perform an
122 additional strlen() call.
124 - ldap: Fixed attribute memory leaks on failed client write
126 Fixed memory leaks from commit 086ad79970 as was noted in the commit
129 - ldap: Fixed DN memory leaks on failed client write
131 Fixed memory leaks from commit 086ad79970 as was noted in the commit
134 - curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
136 curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
137 [8]') to parameter of type 'char *' converts
138 between pointers to integer types with different
141 - ntlm: Use extend_key_56_to_64() for all cryptography engines
143 Rather than duplicate the code in setup_des_key() for OpenSSL and in
144 extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
145 the same, use extend_key_56_to_64() for all engines.
147 - RELEASE-NOTES: Synced with 34f0bd110f
149 - curl_ntlm_core.c: Fixed compilation warning
151 curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
154 - endian: Fixed bit-shift in 64-bit integer read functions
156 From commit 43792592ca and 4bb5a351b2.
158 Reported-by: Michael Osipov
160 - smb: Use endian functions for reading NBT and message size values
162 - endian: Added big endian read functions
164 - endian: Added 64-bit integer read function
166 - COPYING: Bumped copyright year to 2015
168 - version: Bump copyright year to 2015
170 - smb.c: Fixed compilation warnings
172 smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
173 char *' converts between pointers to integer types with
175 smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
176 char *' converts between pointers to integer types with
178 smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
179 char *' converts between pointers to integer types with
182 - smb: Use endian functions for reading length and offset values
184 - endian: Added 16-bit integer write function
186 - endian: Fixed Linux compilation issues
188 Having files named endian.[c|h] seemed to cause issues under Linux so
189 renamed them both to have the curl_ prefix in the filenames.
191 - [Julien Nabet brought this change]
193 lib1900.c: Fixed cppcheck error
195 lib1900.c:182: (style) Array index 'handlenum' is used before limits
198 Bug: https://github.com/bagder/curl/pull/133
200 - endian: Added standard function descriptions
202 - endian: Renamed functions for curl API naming convention
204 - endian: Moved write functions to new module
206 - endian: Moved read functions to new module
208 - endian: Introduced endian module
210 To allow the little endian functions, currently used in two of the NTLM
211 source files, to be used by other modules such as the SMB module.
213 - sepheaders.c: Applied curl oding standards
215 - [Julien Nabet brought this change]
217 sepheaders.c: Fixed resource leak on failure
219 - vtls: Use '(void) arg' for unused parameters
221 Prefer void for unused parameters, rather than assigning an argument to
222 itself as a) unintelligent compilers won't optimize it out, b) it can't
223 be used for const parameters, c) it will cause compilation warnings for
224 clang with -Wself-assign and d) is inconsistent with other areas of the
227 - smb.c: Fixed compilation warning
229 smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
232 - [Bill Nagel brought this change]
234 smb: Use the connection's upload buffer
236 Use the connection's upload buffer instead of allocating our own send
239 - RELEASE-NOTES: Synced with 1933f9d33c
241 - schannel: Moved the ISC return flag definitions to the SSPI module
243 Moved our Initialize Security Context return attribute definitions to
244 the SSPI module, as a) these can be used by other SSPI based providers
245 and b) the ISC required attributes are defined there.
247 - [Bill Nagel brought this change]
249 smb: Close the connection after a failed client write
251 - darwinssl: Fixed compilation warning
253 vtls.c:683:43: warning: unused parameter 'data'
255 - sockfilt.c: Fixed compilation warnings
257 sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
259 sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
261 sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
263 sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
266 - test1509: Fixed compilation warning
268 lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
271 - test556: Fixed compilation warning
273 lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
276 - sasl_gssapi: Fixed use of dummy username with real username
278 - vtls: Fixed compilation warning and an ignored return code
280 curl_schannel.h:123: warning: right-hand operand of comma expression
283 Some instances of the curlssl_close_all() function were declared with a
284 void return type whilst others as int. The schannel version returned
285 CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
286 return code was ignored by the calling function Curl_ssl_close_all().
288 For the time being and to keep the internal API consistent, changed all
289 declarations to use a void return type.
291 To reduce code we might want to consider removing the unimplemented
292 versions and use a void #define like schannel does.
294 Daniel Stenberg (28 Dec 2014)
295 - TODO: 2.3 Better support for same name resolves
297 Steve Holme (28 Dec 2014)
298 - test1520: Fixed initial teething problems
300 * Missing initialisation of upload status caused a seg fault
301 * Missing data termination caused corrupt data to be uploaded
302 * Data verification should be performed in <upload> element
303 * Added missing recipient list cleanup
305 - test1520: Fixed compilation errors
307 - tests: Added test for bug #1456
309 - checksrc.bat: Fixed a problem opening files with spaces in the filename
311 - openldap: Prefer use of 'CURLcode result'
313 - openldap: Use 'LDAPMessage *msg' for messages
315 This frees up the 'result' variable for CURLcode based result codes.
317 - nss: Don't ignore Curl_extract_certinfo() OOM failure
319 - nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
321 - nss: Use 'CURLcode result' for curl result codes
323 ...and don't use CURLE_OK in failure/success comparisons.
325 - getinfo: Code style policing
327 - getinfo: Use 'CURLcode result' for curl result codes
329 - darwinssl: Use 'CURLcode result' for curl result codes
331 - polarssl: Use 'CURLcode result' for curl result codes
333 - docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
335 As this feature has been implemented for 7.40.0.
337 - asiohiper.cpp: No need to initialise members of ConnInfo
339 ...as calloc() automatically clears the area of memory with zeros.
341 - asiohiper.cpp: Updated for curl coding standards
343 ...with the exception of the start of block statement curly brackets.
345 - code/docs: Use correct case for IPv4 and IPv6
347 For consistency, as we seem to have a bit of a mixed bag, changed all
348 instances of ipv4 and ipv6 in comments and documentations to use the
351 - runtests: Fixed detection of Unix Sockets feature
353 ...following change in curl --version output.
355 - code/docs: Use Unix rather than UNIX to avoid use of the trademark
357 Use Unix when generically writing about Unix based systems as UNIX is
358 the trademark and should only be used in a particular product's name.
360 - ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
362 if2ip.c:119: warning: unused parameter 'remote_scope_id'
364 ...and some minor code style policing in the same function.
366 - vtls: Don't set cert info count until memory allocation is successful
368 Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
369 member variable to the requested count, which could then be used
370 incorrectly as libcurl closes down.
372 - vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
374 The return type for this function was 0 on success and 1 on error. This
375 was then examined by the calling functions and, in most cases, used to
376 return CURLE_OUT_OF_MEMORY.
378 Instead use CURLcode for the return type and return the out of memory
379 error directly, propagating it up the call stack.
381 - configure: Use camel case for UNIX sockets feature output
383 To match the curl --version output.
385 Marc Hoersken (26 Dec 2014)
386 - sockfilt.c: Reduce the number of individual memory allocations
388 Merge multiple internal arrays into one, even if some variables
389 will not not be used. They are all created with the number of
390 file descriptors as their size.
392 Also fix possible thread handle leak in CloseHandle-loop.
394 - sockfilt.c: Replace 100ms sleep with thread throttle
396 Improves performance of test cases 574 and 575 by 50%.
398 A value of zero causes the thread to relinquish the remainder
399 of its time slice to any other thread of equal priority that is
400 ready to run. If there are no other threads of equal priority
401 ready to run, the function returns immediately, and the thread
404 http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx
406 Steve Holme (25 Dec 2014)
407 - tool_help: Use camel case for UNIX sockets feature output
409 In line with the other features listed in the --version output,
410 capitalise the UNIX socket feature.
412 - vtls: Use bool for Curl_ssl_getsessionid() return type
414 The return type of this function is a boolean value, and even uses a
415 bool internally, so use bool in the function declaration as well as
416 the variables that store the return value, to avoid any confusion.
418 - schannel: Minor code style policing for casts
420 - schannel: Prefer 'CURLcode result' for curl result codes
422 - cyassl: Prefer 'CURLcode result' for curl result codes
424 - tool_xattr: Use 'CURLcode result' for curl result codes
426 - curl_ntlm_core.c: Fixed compilation warnings
428 curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
429 'CryptImportKey' differ in signedness
430 curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
431 incompatible pointer type
432 curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
433 from incompatible pointer type
435 - RELEASE-NOTES: Synced with 8830df8b66
437 - gtls: Use preferred 'CURLcode result'
439 - openldap: Use standard naming for setup connection function
441 Renamed ldap_setup() to ldap_setup_connection() to follow more widely
442 used function naming.
444 - rtmp: Use standard naming for setup connection function
446 Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
447 used function naming.
449 - smb: Use standard naming for setup connection function
451 Renamed smb_setup() to smb_setup_connection() to follow more widely
452 used function naming.
454 - config-win32.h: Fixed line length > 79 columns
456 - openssl: Prefer we don't use NULL in comparisons
458 - build: Removed WIN32 definition from the Visual Studio projects
460 As this pre-processor definition is defined in curl_setup.h there is no
461 need to include it in the Visual Studio project files.
463 - build: Removed WIN64 definition from the libcurl Visual Studio projects
465 Removed the WIN64 pre-processor definition from the libcurl project
468 * WIN64 is not used in our source code
469 * The curl projects files don't define it
470 * It isn't required by or used in the platform SDK
471 * For backwards compatability curl_setup.h defines WIN32
472 * The compiler automatically defines _WIN64 for x64 builds
474 Historically Visual Studio projects have defined WIN32, in addition to
475 the compiler defined _WIN32 definition, and I had incorrectly changed
476 that to WIN64 for the x64 libcurl builds but not in the curl projects.
478 As such, it is questionable whether this should be defined or not. For
479 more information see the following cache of a discussion that took
480 place on the microsoft.public.vc.mfc newsgroup:
482 http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html
484 - openssl.c Fix for compilation errors with older versions of OpenSSL
486 openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
487 openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
489 Daniel Stenberg (22 Dec 2014)
490 - [John Malmberg brought this change]
492 Fix comment edit in vms/backup_gnv_curl_src.com
494 packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.
496 - curl: show size of inhibited data when using -v
498 To offer some more info and yet it doesn't use more lines.
500 - openssl: fix SSL/TLS versions in verbose output
502 - openssl: make it compile against openssl 1.1.0-DEV master branch
504 Marc Hoersken (22 Dec 2014)
505 - sshserver.pl: clarify and streamline variable names
507 Daniel Stenberg (21 Dec 2014)
508 - openssl: warn for SRP set if SSLv3 is used, not for TLS version
510 ... as it requires TLS and it was was left to warn on the default from
511 when default was SSL...
513 - smb: use memcpy() instead of strncpy()
515 ... as it never copies the trailing zero anyway and always just the four
516 bytes so let's not mislead anyone into thinking it is actually treated
519 Coverity CID: 1260214
521 - [John E. Malmberg brought this change]
523 VMS: Updates for 0740-0D1220
525 lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
526 More defines to set symbols to uppercase.
528 src/tool_main.c : Fix parameter to vms_special_exit() call.
531 backup_gnv_curl_src.com : Fix the error message to have the correct package.
533 build_curl-config_script.com : Rewrite to be more accurate.
535 build_libcurl_pc.com : Use tool_version.h now.
537 build_vms.com : Fix to handle lib/vtls directory.
539 curl_gnv_build_steps.txt : Updated build procedure documentation.
541 generate_config_vms_h_curl.com :
542 * VAX does not support 64 bit ints, so no NTLM support for now.
543 * VAX HP SSL port is ancient, needs some help.
544 * Disable NGHTTP2 for now, not ported to VMS.
545 * Disable UNIX_SOCKETS, not available on VMS yet.
546 * HP GSSAPI port does not have gss_nt_service_name.
548 gnv_link_curl.com : Update for new curl structure.
550 pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
552 Marc Hoersken (21 Dec 2014)
553 - sockfilt.c: use non-Ex functions that are available before WinXP
555 It was initially reported by Guenter that GetFileSizeEx
556 requires (_WIN32_WINNT >= 0x0500) to be true.
558 - tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
560 Second patch to enable Windows support using Cygwin-based OpenSSH.
562 Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.
564 - tests: support spaces in paths to SSH, SSHD and SFTP binaries
566 First patch to enable Windows support using Cygwin-based OpenSSH.
568 Steve Holme (20 Dec 2014)
569 - non-ascii: Reduce variable usage
571 Removed 'next' variable in Curl_convert_form(). Rather than setting it
572 from 'form->next' and using that to set 'form' after the conversion
573 just use 'form = form->next' instead.
575 - non-ascii: Prefer while loop rather than a do loop
577 This also removes the need to check that the 'form' argument is valid.
579 - non-ascii: Reduce variable scope
581 As 'result' isn't used out side the conversion callback code and
582 previously caused variable shadowing in the libiconv based code.
584 - non-ascii: We prefer 'CURLcode result'
586 This also fixes a variable shadowing issue when HAVE_ICONV is defined
587 as rc was declared for the result code of libiconv based functions.
589 Marc Hoersken (19 Dec 2014)
590 - secureserver.pl: clean up formatting of config and fix verbose output
592 Verbose output was not matching the actual configuration file,
593 because FIPS and Windows conditions were ignored.
595 - secureserver.pl: update Windows detection and fix path conversion
597 - secureserver.pl: make OpenSSL CApath and cert absolute path values
599 Recent stunnel versions (5.08) seem to have trouble with relative
600 paths on Windows. This turns the relative paths into absolute ones.
602 Patrick Monnerat (18 Dec 2014)
603 - if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.
605 - [Kyle J. McKay brought this change]
607 parseurlandfillconn(): fix improper non-numeric scope_id stripping.
608 Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
610 - IPV6: address scope != scope id
611 There was a confusion between these: this commit tries to disambiguate them.
612 - Scope can be computed from the address itself.
613 - Scope id is scope dependent: it is currently defined as 1-based local
614 interface index for link-local scoped addresses, and as a site index(?) for
615 (obsolete) site-local addresses. Linux only supports it for link-local
617 The URL parser properly parses a scope id as an interface index, but stores it
618 in a field named "scope": confusion. The field has been renamed into "scope_id".
619 Curl_if2ip() used the scope id as it was a scope. This caused failures
620 to bind to an interface.
621 Scope is now computed from the addresses and Curl_if2ip() matches them.
622 If redundantly specified in the URL, scope id is check for mismatch with
625 This commit should fix SF bug #1451.
627 - connect: singleipconnect(): properly try other address families after failure
629 Daniel Stenberg (16 Dec 2014)
630 - SFTP: work-around servers that return zero size on STAT
632 Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
633 Pathed-by: Marc Renault
635 - glob_next_url: make the loop count upwards
637 As the former contruct apparently caused a compiler warning, mentioned
640 - tool_operate: we prefer 'CURLcode result'
642 - tool_urlglob: unify return codes to use CURLcode
644 There was a mix of GlobCode, CURLcode and ints and they were mostly
645 passing around CURLcode errors. This change makes the functions use only
646 CURLcode and removes the GlobCode type completely.
648 - tool_urlglob.c: partly reverse dc19789444
650 The loop in glob_next_url() needs to be done backwards to maintain the
651 logic. dc19789444 caused test 1235 to fail.
653 - KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME
655 - [Jay Satiro brought this change]
657 opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
659 Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
660 CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
663 Prior to this change that behavior was only noted in the
664 CURLOPT_TIMEOUT_MS doc.
666 Nick Zitzmann (15 Dec 2014)
667 - darwinssl: fix incorrect usage of aprintf()
669 Commit b13923f changed an snprintf() to use aprintf(), but the API usage
670 wasn't correct, and was causing a crash to occur. This fixes it.
672 Steve Holme (14 Dec 2014)
673 - copyright: Updated the copyright year following recent updates
675 Daniel Stenberg (14 Dec 2014)
676 - tool_urlglob.c: reverse two loops
678 By counting from 0 and up instead of backwards like before, we remove
679 the need for the "funny" check of the unsigned variable when decreased
680 passed zero. Easier to read and less risk for compiler warnings.
682 Marc Hoersken (14 Dec 2014)
683 - tool_urlglob.c: Added braces to clarify the conditions
685 - tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
687 The >= 0 is actually not required, since i underflows and
688 the for-loop is stopped using the < condition, but this
689 makes the VS2012 compiler and code analysis happy.
691 - tool_binmode.c: Explicitly ignore the return code of setmode
693 Fixes code analysis warning C6031:
694 return value ignored: <function> could return unexpected value
696 - lib: Fixed multiple code analysis warnings if SAL are available
698 warning C28252: Inconsistent annotation for function:
699 parameter has another annotation on this instance
701 Steve Holme (14 Dec 2014)
702 - smb.c: Fixed code analysis warning
704 smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
705 then cast to 64-bit value. Result may not be an expected
708 Marc Hoersken (14 Dec 2014)
709 - tool_util.c: Use GetTickCount64 if it is available
711 Steve Holme (14 Dec 2014)
712 - smb: Use HAVE_PROCESS_H for process.h inclusion
714 Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
715 pre-processor define when including process.h.
717 Daniel Stenberg (14 Dec 2014)
718 - darwinssl: aprintf() to allocate the session key
720 ... to avoid using a fixed memory size that risks being too large or too
723 Marc Hoersken (14 Dec 2014)
724 - curl_schannel: Improvements to memory re-allocation strategy
726 - do not grow memory by doubling its size
727 - do not leak previously allocated memory if reallocation fails
728 - replace while-loop with a single check to make sure
729 that the requested amount of data fits into the buffer
731 Bug: http://curl.haxx.se/bug/view.cgi?id=1450
732 Reported-by: Warren Menzer
734 Steve Holme (14 Dec 2014)
735 - asyn-ares: We prefer use of 'CURLcode result'
737 Marc Hoersken (14 Dec 2014)
738 - curl_schannel.c: Data may be available before connection shutdown
740 Steve Holme (14 Dec 2014)
741 - http2: Use 'CURLcode result' for curl result codes
743 - asyn-thread: We prefer 'CURLcode result'
745 - smb: Fixed unnecessary initialisation of struct member variables
747 There is no need to set the 'state' and 'result' member variables to
748 SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
749 as calloc() initialises the contents to zero.
751 - ntlm: Fixed return code for bad type-2 Target Info
753 Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
754 buffers just like we do for bad decodes.
756 - ntlm: Remove unnecessary casts in readshort_le()
758 I don't think both of my fix ups from yesterday were needed to fix the
759 compilation warning, so remove the one that I think is unnecessary and
760 let the next Android autobuild prove/disprove it.
762 - curl_ntlm_msgs.c: Another attempt to fix compilation warning
764 curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
765 'int' may alter its value
767 Guenter Knauf (13 Dec 2014)
768 - synctime.c: added own user-agent string.
770 Steve Holme (13 Dec 2014)
771 - smb.c: Fixed line longer than 79 columns
773 - curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
775 curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
776 'int' may alter its value
778 Guenter Knauf (13 Dec 2014)
779 - mk-ca-bundle.pl: restored forced run again.
781 - synctime.c: removed another timeserver URL.
783 worldtimeserver.com seems also no longer available.
785 - synctime.c: fixed timeserver URLs.
787 For getting the date header its not necessary to access special
788 pages or even CGI scripts - all pages including the main index
789 reply with the date header, therefore shortened URLs to domain.
790 Removed worldtime.com; added pool.ntp.org.
792 Steve Holme (13 Dec 2014)
793 - ftp.c: Fixed compilation warning when no verbose string support
795 ftp.c:819: warning: unused parameter 'lineno'
797 - smb: Added state change functions to assist with debugging
799 For debugging purposes, and as per other protocols within curl, added
800 state change functions rather than changing the states directly.
802 - ntlm: Use short integer when decoding 16-bit values
804 - RELEASE-NOTES: Synced with 6291a16b20
806 - smtp.c: Fixed compilation warnings
808 smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
809 does not append to the string
810 smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
811 does not append to the string
812 smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
813 does not append to the string
815 Used array index notation instead.
817 - smb: Disable SMB when 64-bit integers are not supported
819 This fixes compilation issues with compilers that don't support 64-bit
820 integers through long long or __int64.
822 - ntlm: Disable NTLM v2 when 64-bit integers are not supported
824 This fixes compilation issues with compilers that don't support 64-bit
825 integers through long long or __int64 which was introduced in commit
828 - ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
830 Previously USE_NTLM2SESSION would only be defined automatically when
831 USE_NTRESPONSES wasn't already defined. Separated the two definitions
832 so that the user can manually set USE_NTRESPONSES themselves but
833 USE_NTLM2SESSION is defined automatically if they don't define it.
835 - smtp.c: Fixed line longer than 79 columns
837 - config-win32.h: Don't enable Windows Crypt API if using OpenSSL
839 As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
840 routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
841 automatically when either OpenSSL or NSS are in use - doing so would
842 disable NTLM2Session responses in NTLM type-3 messages.
844 - smtp: Fixed inappropriate free of the scratch buffer
846 If the scratch buffer was allocated in a previous call to
847 Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
848 call and no action taken by that call, then an attempt would be made to
849 try and free the buffer which, by now, would be part of the data->state
852 This bug was introduced in commit 4bd860a001.
854 - smtp: Fixed dot stuffing when EOL characters were at end of input buffers
856 Fixed a problem with the CRLF. detection when multiple buffers were
857 used to upload an email to libcurl and the line ending character(s)
858 appeared at the end of each buffer. This meant any lines which started
859 with . would not be escaped into .. and could be interpreted as the end
860 of transmission string instead.
862 This only affected libcurl based applications that used a read function
863 and wasn't reproducible with the curl command-line tool.
865 Bug: http://curl.haxx.se/bug/view.cgi?id=1456
866 Assisted-by: Patrick Monnerat
868 Daniel Stenberg (11 Dec 2014)
869 - telnet: fix "cast increases required alignment of target type"
871 - ntlm_wb_response: fix "statement not reached"
873 ... and I could use a break instead of a goto to end the loop.
875 Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
876 Reported-by: Tor Arntsen
878 Steve Holme (10 Dec 2014)
879 - RELEASE-NOTES: Synced with 1cc5194337
881 Added some bug fixes that I had missed in previous synchronisations.
883 Daniel Stenberg (10 Dec 2014)
884 - Curl_unix2addr: avoid using the variable name 'sun'
886 I suspect this causes compile failures on Solaris:
888 Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
890 Steve Holme (10 Dec 2014)
891 - url.c: Fixed compilation warning when USE_NTLM is not defined
893 url.c:3078: warning: variable 'credentialsMatch' set but not used
895 - parsedate.c: Fixed compilation warning
897 parsedate.c:548: warning: 'parsed' may be used uninitialized in this
900 As curl_getdate() returns -1 when parsedate() fails we can initialise
903 Daniel Stenberg (10 Dec 2014)
904 - TODO: Cache negative name resolves
908 - ldap: check Curl_client_write() return codes
910 There might be one or two memory leaks left in the error paths.
912 - ldap: rename variables to comply to curl standards
914 Dan Fandrich (10 Dec 2014)
915 - sws.c: Fixed 'rc' may be used uninitialized warning
917 - cookies: Improved OOM handling in cookies
919 This fixes the test 506 torture test. The internal cookie API really
920 ought to be improved to separate cookie parsing errors (which may be
921 ignored) with OOM errors (which should be fatal).
923 Guenter Knauf (9 Dec 2014)
924 - synctime.c: fixed user-agent setting.
926 Some websites meanwhile refuse to reply to requests from ancient
927 browsers like IE6, therefore I've comment out this setting, but
928 also fixed the string to now fake IE8 if someone enables it.
930 Daniel Stenberg (9 Dec 2014)
931 - smb: fix unused return code warning
933 Patrick Monnerat (9 Dec 2014)
934 - Curl_client_write() & al.: chop long data, convert data only once.
936 Guenter Knauf (9 Dec 2014)
937 - VC build: added sspi define for winssl-zlib builds.
939 Daniel Stenberg (9 Dec 2014)
940 - schannel_recv: return the correct code
942 Bug: http://curl.haxx.se/bug/view.cgi?id=1462
943 Reported-by: Tae Hyoung Ahn
945 - http2: avoid logging neg "failure" if h2 was not requested
947 - openldap: do not ignore Curl_client_write() return codes
949 - compile: warn on unused return code from Curl_client_write()
951 Patrick Monnerat (8 Dec 2014)
952 - SMB: Fix a data size mismatch that broke SMB on big-endian platforms
954 Steve Holme (7 Dec 2014)
955 - smb: Fixed Windows autoconf builds following commit eb88d778e7
957 As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
958 either explicitly through --enable-win32-cypto or automatically on
959 _WIN32 based platforms, subsequent builds broke with the following
962 "Can't compile NTLM support without a crypto library."
964 - RELEASE-NOTES: Synced with 526603ff05
966 - [Bill Nagel brought this change]
968 smb: Build with SSPI enabled
970 Build SMB/CIFS protocol support when SSPI is enabled.
972 - [Bill Nagel brought this change]
974 ntlm: Use Windows Crypt API
976 Allow the use of the Windows Crypt API for NTLMv1 functions.
978 Dan Fandrich (7 Dec 2014)
979 - cookie.c: Refactored cleanup code to simplify
981 Also, fixed the outdated comments on the cookie API.
983 - get_url_file_name: Fixed crash on OOM on debug build
985 This caused a null-pointer dereference which caused a few dozen
986 torture tests to fail.
988 Steve Holme (6 Dec 2014)
989 - sws.c: Fixed compilation warning
991 sws.c:2191 warning: 'rc' may be used uninitialized in this function
993 - ftp.c: Fixed compilation warnings when proxy support disabled
995 ftp.c:1827 warning: unused parameter 'newhost'
996 ftp.c:1827 warning: unused parameter 'newport'
998 - smb: Fixed a problem with large file transfers
1000 Fixed an issue with the message size calculation where the raw bytes
1001 from the buffer were interpreted as signed values rather than unsigned
1004 Reported-by: Gisle Vanem
1005 Assisted-by: Bill Nagel
1007 - smb: Moved the URL decoding into a separate function
1009 - smb: Fixed URL encoded URLs not working
1011 - Makefile.inc: Added our standard header and updated file formatting
1013 - Makefile.inc: Updated file formatting
1015 Aligned continuation character and used space as the separator
1016 character as per other makefile files.
1018 - curl_md4.h: Updated copyright year following recent edit
1020 ...and minor layout adjustment.
1022 Patrick Monnerat (5 Dec 2014)
1023 - SMB: Fix big endian problems. Make it OS/400 aware.
1025 - OS400: enable NTLM authentication
1027 Steve Holme (5 Dec 2014)
1028 - multi.c: Fixed compilation warning
1030 multi.c:2695: warning: declaration of `exp' shadows a global declaration
1032 Guenter Knauf (5 Dec 2014)
1033 - build: updated dependencies in makefiles.
1035 Steve Holme (5 Dec 2014)
1036 - sasl: Corrected formatting of function descriptions
1038 - sasl_gssapi: Added missing function description
1040 - RELEASE-NOTES: Provided better descriptions
1042 As it is often difficult to choose the best description for a single
1043 feature when it spans many commits, updated the descriptions for the
1044 recent SMB/CIFS protocol and GSS-API additions.
1046 - sasl_sspi: Corrected some typos
1048 - sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
1050 Don't use a hard coded size of 4 for the security layer and buffer size
1051 in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
1052 we have done in the sasl_gssapi module.
1054 - sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
1056 Reduced the amount of free's required for the decoded challenge message
1057 in Curl_sasl_create_gssapi_security_message() as a result of coding it
1058 differently in the sasl_gssapi module.
1060 - gssapi: Corrected typo in comments
1062 - sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()
1064 Daniel Stenberg (4 Dec 2014)
1065 - [Stefan Bühler brought this change]
1067 http_perhapsrewind: don't abort CONNECT requests
1069 ...they never have a body
1071 - [Stefan Bühler brought this change]
1073 HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
1075 Sending NTLM/Negotiate header again after successful authentication
1076 breaks the connection with certain Proxies and request types (POST to MS
1079 - [Stefan Bühler brought this change]
1081 HTTP: don't abort connections with pending Negotiate authentication
1083 ... similarly to how NTLM works as Negotiate is in fact often NTLM with
1086 - [Stefan Bühler brought this change]
1088 fix gdb libtool invocation path
1090 Steve Holme (4 Dec 2014)
1091 - sasl_gssapi: Fixed missing include from commit d3cca934ee
1093 Daniel Stenberg (4 Dec 2014)
1094 - [Jay Satiro brought this change]
1096 examples: remove sony.com from 10-at-a-time
1098 Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
1099 for the sony website because it ends the connection when the request is
1100 missing a user agent.
1102 Steve Holme (4 Dec 2014)
1103 - sasl_gssapi: Fixed missing decoding debug failure message
1105 - sasl_gssapi: Fixed honouring of no mutual authentication
1107 - sasl_sspi: Added more Kerberos V5 decoding debug failure messages
1109 Daniel Stenberg (4 Dec 2014)
1110 - [Anthon Pang brought this change]
1112 docs: Fix FAILONERROR typos
1114 It returns error for >= 400 HTTP responses.
1116 Bug: https://github.com/bagder/curl/pull/129
1118 - [Peter Wu brought this change]
1120 tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
1122 Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
1123 option in the file generated by --libcurl.
1125 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1127 - [Peter Wu brought this change]
1129 opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
1131 Add .nf and .fi such that the code gets wrapped in a pre on the web.
1132 Fixed grammar, fixed formatting of the "See also" items.
1134 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1136 Patrick Monnerat (4 Dec 2014)
1137 - OS400: enable Unix sockets.
1139 Daniel Stenberg (3 Dec 2014)
1140 - RELEASE-NOTES: synced with b216427e73b5e9
1142 - opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am
1144 - updateconninfo: clear destination struct before getsockname()
1146 Otherwise we may read uninitialized bytes later in the unix-domain
1149 - curl.1: added --unix-socket
1151 - [Peter Wu brought this change]
1153 tool: add --unix-socket option
1155 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1157 - [Peter Wu brought this change]
1159 libcurl: add UNIX domain sockets support
1161 The ability to do HTTP requests over a UNIX domain socket has been
1162 requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
1163 discussion happened, no patch seems to get through. I decided to give it
1164 a go since I need to test a nginx HTTP server which listens on a UNIX
1167 One patch [3] seems to make it possible to use the
1168 CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
1169 Another person wrote a Go program which can do HTTP over a UNIX socket
1170 for Docker[4] which uses a special URL scheme (though the name contains
1171 cURL, it has no relation to the cURL library).
1173 This patch considers support for UNIX domain sockets at the same level
1174 as HTTP proxies / IPv6, it acts as an intermediate socket provider and
1175 not as a separate protocol. Since this feature affects network
1176 operations, a new feature flag was added ("unix-sockets") with a
1177 corresponding CURL_VERSION_UNIX_SOCKETS macro.
1179 A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
1180 option enables UNIX domain sockets support for all requests on the
1181 handle (replacing IP sockets and skipping proxies).
1183 A new configure option (--enable-unix-sockets) and CMake option
1184 (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
1185 deliberately did not mark this feature as advanced, this is a
1186 feature/component that should easily be available.
1188 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
1189 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
1190 [2]: http://sourceforge.net/p/curl/feature-requests/53/
1191 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
1192 [4]: https://github.com/Soulou/curl-unix-socket
1194 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1196 - [Peter Wu brought this change]
1198 tests: add two HTTP over UNIX socket tests
1200 test1435: a simple test that checks whether a HTTP request can be
1201 performed over the UNIX socket. The hostname/port are interpreted
1202 by sws and should be ignored by cURL.
1204 test1436: test for the ability to do two requests to the same host,
1205 interleaved with one to a different hostname.
1207 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1209 - [Peter Wu brought this change]
1211 tests: add HTTP UNIX socket server testing support
1213 The variable `$ipvnum` can now contain "unix" besides the integers 4
1214 and 6 since the variable. Functions which receive this parameter
1215 have their `$port` parameter renamed to `$port_or_path` to support a
1216 path to the UNIX domain socket (as a "port" is only meaningful for TCP).
1218 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1220 - [Peter Wu brought this change]
1222 sws: try to remove socket and retry bind
1224 If sws is killed it might leave a stale socket file on the filesystem
1225 which would cause an EADDRINUSE error. After this patch, it is checked
1226 whether the socket is really stale and if so, the socket file gets
1227 removed and another bind is executed.
1229 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1231 - [Peter Wu brought this change]
1233 sws: add UNIX domain socket support
1235 This extends sws with a --unix-socket option which causes the port to
1236 be ignored (as the server now listens on the path specified by
1237 --unix-socket). This feature will be available in the following patch
1238 that enables checking for UNIX domain socket support.
1240 Proxy support (CONNECT) is not considered nor tested. It does not make
1241 sense anyway, first connecting through a TCP proxy, then let that TCP
1242 proxy connect to a UNIX socket.
1244 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1246 - [Peter Wu brought this change]
1248 sws: restrict TCP_NODELAY to IP sockets
1250 TCP_NODELAY does not make sense for Unix sockets, so enable it only if
1251 the socket is using IP.
1253 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1255 Dan Fandrich (3 Dec 2014)
1256 - [Dave Reisner brought this change]
1258 curl.1: fix trivial typo
1260 Steve Holme (3 Dec 2014)
1261 - sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()
1263 - sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()
1265 - sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
1267 Added helper function for returning a GSS-API compatible SPN.
1269 Daniel Stenberg (3 Dec 2014)
1270 - NSS: enable the CAPATH option
1272 Bug: http://curl.haxx.se/bug/view.cgi?id=1457
1273 Patch-by: Tomasz Kojm
1275 Steve Holme (3 Dec 2014)
1276 - sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds
1278 - sasl_gssapi: Added GSS-API based Kerberos V5 variables
1280 - sws.c: Fixed compilation warning when IPv6 is disabled
1282 sws.c:69: warning: comma at end of enumerator list
1284 - sasl_gssapi: Made log_gss_error() a common GSS-API function
1286 Made log_gss_error() a common function so that it can be used in both
1287 the http_negotiate code as well as the curl_sasl_gssapi code.
1289 - sasl_gssapi: Introduced GSS-API based SASL module
1291 Added the initial version of curl_sasl_gssapi.c and updated the project
1292 files in preparation for adding GSS-API based Kerberos V5 support.
1294 - smb: Don't try to connect with empty credentials
1296 On some platforms curl would crash if no credentials were used. As such
1297 added detection of such a use case to prevent this from happening.
1299 Reported-by: Gisle Vanem
1301 - smb.c: Coding policing of pointer usage
1303 - configure: Fixed inclusion of SMB when no crypto engines available
1305 Guenter Knauf (1 Dec 2014)
1306 - build: in Makefile.m32 simplified autodetection.
1308 Daniel Stenberg (30 Nov 2014)
1309 - [Peter Wu brought this change]
1311 sws: move away from IPv4/IPv4-only assumption
1313 Instead of depending the socket domain type on use_ipv6, specify the
1314 domain type (AF_INET / AF_INET6) as variable. An enum is used here with
1315 switch to avoid compiler warnings in connect_to, complaining that rc
1316 is possibly undefined (which is not possible as socket_domain is
1319 Besides abstracting the socket type, make the debugging messages be
1320 independent on IP (introduce location_str which points to "port XXXXX").
1321 Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
1323 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1325 - [Peter Wu brought this change]
1327 lib/connect: restrict IP/TCP options to said sockets
1329 This patch prepares for adding UNIX domain sockets support.
1331 TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
1332 apply these to other socket types. bindlocal only works for IP sockets
1333 (independent of TCP/UDP), so filter that out too for other types.
1335 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1337 - smb.c: use size_t as input argument types for msg sizes
1339 This fixes warnings about conversions to int
1341 Steve Holme (30 Nov 2014)
1342 - version: The next release will become 7.40.0
1344 - [Bill Nagel brought this change]
1346 docs: Updated for the SMB protocol
1348 This patch updates the documentation for the SMB/CIFS protocol.
1350 - curl tool: Exclude SMB from the protocol redirect
1352 As local files could be accessed through \\localhost\c$.
1354 - [Bill Nagel brought this change]
1356 curl tool: Enable support for the SMB protocol
1358 This patch enables SMB/CIFS support in the curl command-line tool.
1360 - smb.c: Fixed compilation warnings
1362 smb.c:398: warning: comparison of integers of different signs:
1363 'ssize_t' (aka 'long') and 'unsigned long'
1364 smb.c:443: warning: comparison of integers of different signs:
1365 'ssize_t' (aka 'long') and 'unsigned long'
1367 - libcurl: Exclude SMB from the protocol redirect
1369 As local files could be accessed through \\localhost\c$.
1371 - [Bill Nagel brought this change]
1373 libcurl: Enable support for the SMB protocol
1375 This patch enables SMB/CIFS support in libcurl.
1377 - smb.c: Fixed compilation warnings
1379 smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
1380 int' may alter its value
1381 smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
1382 int' may alter its value
1383 smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
1385 smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
1387 smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
1389 smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
1392 - smb.c: Renamed SMB command message variables to avoid compiler warnings
1394 smb.c:489: warning: declaration of 'close' shadows a global declaration
1395 smb.c:511: warning: declaration of 'read' shadows a global declaration
1396 smb.c:528: warning: declaration of 'write' shadows a global declaration
1398 - smb.c: Fixed compilation warnings
1400 smb.c:212: warning: unused parameter 'done'
1401 smb.c:380: warning: ISO C does not allow extra ';' outside of a function
1402 smb.c:812: warning: unused parameter 'premature'
1403 smb.c:822: warning: unused parameter 'dead'
1405 - smb.c: Fixed compilation warnings
1407 smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
1408 possible loss of data
1409 smb.c:425: warning: conversion from '__int64' to 'unsigned short',
1410 possible loss of data
1411 smb.c:452: warning: conversion from '__int64' to 'unsigned short',
1412 possible loss of data
1414 - smb.c: Fixed compilation warnings
1416 smb.c:162: error: comma at end of enumerator list
1417 smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
1418 possible loss of data
1419 smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
1420 possible loss of data
1421 smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
1422 possible loss of data
1424 - [Bill Nagel brought this change]
1426 smb: Added initial SMB functionality
1428 Initial implementation of the SMB/CIFS protocol.
1430 - [Bill Nagel brought this change]
1432 smb: Added SMB handler interfaces
1434 Added the SMB and SMBS handler interface structures and associated
1435 functions required for SMB/CIFS operation.
1437 - transfer: Code style policing
1439 Prefer ! rather than NULL in if statements, added comments and updated
1440 function spacing, argument spacing and line spacing to be more readble.
1442 - transfer: Fixed existing scratch buffer being checked for NULL twice
1444 If the scratch buffer already existed when the CRLF conversion was
1445 performed then the buffer pointer would be checked twice for NULL. This
1446 second check is only necessary if the call to malloc() was performed by
1449 - smtp: Fixed dot stuffing being performed when no new data read
1451 Whilst I had moved the dot stuffing code from being performed before
1452 CRLF conversion takes place to after it, in commit 4bd860a001, I had
1453 moved it outside the 'when something read' block of code when meant
1454 it could perform the dot stuffing twice on partial send if nread
1455 happened to contain the right values. It also meant the function could
1456 potentially read past the end of buffer. This was highlighted by the
1459 warning: `nread' might be used uninitialized in this function
1461 Daniel Stenberg (29 Nov 2014)
1462 - smb.h: fixed picky compiler warning
1464 smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]
1466 Steve Holme (29 Nov 2014)
1467 - tests: Disable test 1013 until SMB is fully added
1469 - [Bill Nagel brought this change]
1471 smb: Added SMB protocol and port definitions
1473 Added the necessary protocol and port definitions in order to support
1476 - [Bill Nagel brought this change]
1478 smb: Added internal SMB definitions and structures
1480 Added the internal definitions and structures necessary for SMB/CIFS
1483 - [Bill Nagel brought this change]
1485 smb: Added SMB connection structure
1487 Added the connection structure that will be required in urldata.h for
1488 SMB/CIFS based connections.
1490 - [Bill Nagel brought this change]
1492 smb: Added initial source files for SMB
1494 Added the initial source files and updated the relevant project files in
1495 order to support SMB/CIFS.
1497 - [Bill Nagel brought this change]
1499 smb: Added configuration options for SMB
1501 Added --enable-smb and --disable-smb configuration options for the
1502 upcoming SMB/CIFS protocol support.
1504 Daniel Stenberg (28 Nov 2014)
1505 - [Peter Wu brought this change]
1507 runtests.pl: fix startup of IPv6 servers
1509 Commit curl-7_23_1-143-g8218064 changed the parameter of
1510 responsive_http_server to accept types other than IPv6 (converting
1511 from a boolean to a string), but only considered the lower-case "ipv6"
1512 and not the "IPv6" variant. This caused all servers to start in IPv4
1515 This patch converts the remaining cases to "ipv6". While not strictly
1516 necessary for the run*server variants, these got also converted for
1517 consistency and to prevent future errors.
1519 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1521 - [Peter Wu brought this change]
1523 runtests.pl: fix warning message, remove duplicate value
1525 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1527 Steve Holme (27 Nov 2014)
1528 - http.c: Fixed compilation warnings from features being disabled
1530 warning: unused variable 'data'
1531 warning: variable 'addcookies' set but not used
1533 ...and some very minor coding style policing.
1535 - RELEASE-NOTES: Synced with c5399c827d
1537 - tests: Added SMTP with --crlf test case
1539 - docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion
1541 - smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
1543 ...and some comment typos!
1545 - smtp: Added support for the conversion of Unix newlines during mail send
1547 Added support for the automatic conversion of Unix newlines to CRLF
1548 during mail uploads.
1550 Feature: http://curl.haxx.se/bug/view.cgi?id=1456
1552 - CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols
1554 Daniel Stenberg (25 Nov 2014)
1555 - curl*3: added small examples
1557 and some minor edits
1559 - libcurl.3: fix formatting
1561 refer to functions with the man page section properly
1563 - man pages: SEE ALSO curl_multi_wait
1565 - curl_multi_wait.3: clarify numfds being used if not NULL
1567 - multi-single.c: switch to use curl_multi_wait
1569 Makes the example much easier and straight-forward!
1571 - testcurl: bump the version of this script!
1573 - testcurl: skip reading the setup file if given enough cmdline info
1575 This makes it much easier to run multiple tests in the same directory,
1576 just altering the command lines used.
1578 - select.c: fix compilation for VxWorks
1581 Bug: http://curl.haxx.se/bug/view.cgi?id=1455
1583 Patrick Monnerat (24 Nov 2014)
1584 - [moparisthebest brought this change]
1586 SSL: Add PEM format support for public key pinning
1588 Kamil Dudka (24 Nov 2014)
1589 - Revert "repository: ignore patch files generated by git"
1591 This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61.
1593 Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738
1595 Steve Holme (23 Nov 2014)
1596 - multi.c: Fixed compilation warnings when no verbose string support
1598 warning: variable 'connection_id' set but not used
1599 warning: unused parameter 'lineno'
1601 - RELEASE-NOTES: Synced with 1450712e76
1603 - sasl: Tidied up some parameter comments
1605 - sasl: Reduced the need for two sets of NTLM functions
1607 - ntlm: Moved NSS initialisation to base decode function
1609 - http_ntlm: Fixed additional NSS initialisation call when decoding type-2
1611 After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
1612 twice when decoding a NTLM type-2 message, once directly and the other
1613 through the call to Curl_sasl_decode_ntlm_type2_message().
1615 - ntlm: Fixed static'ness of local decode function
1617 - ntlm: Corrected some parameter names and comments
1619 - runtests.pl: Re-aligned feature support comments
1621 - runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature
1623 In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto
1626 ...and converted tab characters, from commit 4b4e8a5853, to spaces.
1628 - runtests.pl: Added support for SPNEGO
1630 - runtests.pl: Added Kerberos detection
1632 - runtests.pl: Added GSS-API detection
1634 - FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list
1636 - FILEFORMAT: Added test requires feature not present information
1638 Such as !SSPI as we do for the NTLM and Digest tests.
1640 Daniel Stenberg (20 Nov 2014)
1641 - http.c: log if it notices HTTP 1.1 after a upgrade to http2
1643 - test1801: first real http2 test case
1645 - sws: initial tiny steps toward http2 support
1647 - FILEFORMAT: mention the new upgrade support
1649 - test1800: first plain-text http2 test case
1651 Verifies the upgrade request, but gets a plain 1.1 response
1653 - [Tatsuhiro Tsujikawa brought this change]
1655 http: Disable pipelining for HTTP/2 and upgraded connections
1657 This commit disables pipelining for HTTP/2 or upgraded connections. For
1658 HTTP/2, we do not support multiplexing. In general, requests cannot be
1659 pipelined in an upgraded connection, since it is now different protocol.
1661 - [Brad Harder brought this change]
1663 CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
1665 Steve Holme (19 Nov 2014)
1666 - multi-uv.c: Updated for curl coding standards
1668 - conncache: Fixed specifiers in infof() for long and size_t variables
1670 - [Peter Wu brought this change]
1672 cmake: add Kerberos to the supported features
1674 Updated following commit eda919f and a4b7f71.
1676 Acked-by: Brad King <brad.king@kitware.com>
1677 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1679 - [Peter Wu brought this change]
1681 cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
1683 Updated following changes in commit f0d860d.
1685 Acked-by: Brad King <brad.king@kitware.com>
1686 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1688 Daniel Stenberg (19 Nov 2014)
1689 - RELEASE-NOTES: synced with cb13fad733e
1691 - [Jay Satiro brought this change]
1693 examples: Wait recommended 100ms when no file descriptors are ready
1695 Prior to this change when no file descriptors were ready on platforms
1696 other than Windows the multi examples would sleep whatever was in
1697 timeout, which may or may not have been less than the minimum
1698 recommended value [1] of 100ms.
1700 [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
1702 - [Waldek Kozba brought this change]
1704 multi-uv.c: close the file handle after download
1706 - [Jon Spencer brought this change]
1708 multi: inform about closed sockets before they are closed
1710 When the connection code decides to close a socket it informs the multi
1711 system via the Curl_multi_closed function. The multi system may, in
1712 turn, invoke the CURLMOPT_SOCKETFUNCTION function with
1713 CURL_POLL_REMOVE. This happens after the socket has already been
1714 closed. Reorder the code so that CURL_POLL_REMOVE is called before the
1717 Guenter Knauf (19 Nov 2014)
1718 - build: in Makefile.m32 moved target autodetection.
1720 Moved target autodetection block after defining CC macro.
1722 - build: in Makefile.m32 simplify platform flags.
1724 - build: in Makefile.m32 try to detect 64bit target.
1726 Daniel Stenberg (19 Nov 2014)
1727 - [Brad King brought this change]
1729 CMake: Simplify if() conditions on check result variables
1731 Remove use of an old hack that takes advantage of the auto-dereference
1732 behavior of the if() command to detect if a variable is defined. The
1735 if("${VAR} MATCHES "^${VAR}$")
1737 where "${VAR}" is a macro argument reference. Use if(DEFINED) instead.
1738 This also avoids warnings for CMake Policy CMP0054 in CMake 3.1.
1740 - TODO-RELEASE: removed
1742 - [Carlo Wood brought this change]
1744 debug: added new connection cache output, plus fixups
1746 Debug output 'typo' fix.
1748 Don't print an extra "0x" in
1749 * Pipe broke: handle 0x0x2546d88, url = /
1752 Print the number of connections in the connection cache when
1753 adding one, and not only when one is removed.
1755 Fix typos in comments.
1757 - multi: move the ending condition into the loop as well
1759 ... as it was before I changed the loop in commit e04ccbd50. It caused
1760 test 2030 and 2032 to fail.
1762 Steve Holme (18 Nov 2014)
1763 - multi: Prefer we don't use CURLE_OK and NULL in comparisons
1765 Daniel Stenberg (18 Nov 2014)
1766 - multi_runsingle: use 'result' for local CURLcode storage
1768 ... and assign data->result only at the end. Makes the code more compact
1769 (easier to read) and more similar to other code.
1771 - multi_runsingle: rename result to rc
1773 save 'result' for CURLcode types
1775 - multi: make multi_runsingle loop internally
1777 simplifies the use of this function at little cost.
1779 - [Carlo Wood brought this change]
1781 multi: when leaving for timeout, close accordingly
1783 Fixes the problem when a transfer in a pipeline times out.
1785 Guenter Knauf (18 Nov 2014)
1786 - build: in Makefile.m32 add -m32 flag for 32bit.
1788 - mk-ca-bundle.vbs: update copyright year.
1790 - build: in Makefile.m32 pass -F flag to windres.
1792 Steve Holme (17 Nov 2014)
1793 - config-win32: Fixed build targets for the VS2012+ Windows XP toolset
1795 Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
1796 forgotten to include the relevant pre-processor definitions.
1798 - sasl_sspi: Removed note about the NTLM functions being a wrapper
1800 - connect.c: Fixed compilation warning when no verbose string support
1802 warning: unused parameter 'reason'
1804 - easy.c: Fixed compilation warning when no verbose string support
1806 warning: unused parameter 'easy'
1808 - win32: Updated some legacy APIs to use the newer extended versions
1810 Updated the usage of some legacy APIs, that are preventing curl from
1811 compiling for Windows Store and Windows Phone build targets.
1813 Suggested-by: Stefan Neis
1814 Feature: http://sourceforge.net/p/curl/feature-requests/82/
1816 - config-win32: Introduce build targets for VS2012+
1818 Visual Studio 2012 introduced support for Windows Store apps as well as
1819 supporting Windows Phone 8. Introduced build targets that allow more
1820 modern APIs to be used as certain legacy ones are not available on these
1823 - sasl_sspi: Fixed compilation warnings when no verbose string support
1825 - sasl_sspi: Added base64 decoding debug failure messages
1827 Just like in the NTLM code, added infof() failure messages for
1828 DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
1830 - ntlm: Moved the SSPI based Type-3 message generation into the SASL module
1832 - ntlm: Moved the SSPI based Type-2 message decoding into the SASL module
1834 - ntlm: Moved the SSPI based Type-1 message generation into the SASL module
1836 - [Michael Osipov brought this change]
1838 kerberos: Use symbol qualified with _KERBEROS5
1840 For consistency renamed USE_KRB5 to USE_KERBEROS5.
1842 Daniel Stenberg (15 Nov 2014)
1843 - [Jay Satiro brought this change]
1845 examples: Don't call select() to sleep on windows
1847 Windows does not support using select() for sleeping without a dummy
1848 socket. Instead use Windows' Sleep() and sleep for 100ms which is the
1849 minimum suggested value in the curl_multi_fdset() doc.
1851 Prior to this change the multi examples would exit prematurely since
1852 select() would error instead of sleeping when called without an fd.
1854 Reported-by: Johan Lantz
1855 Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
1857 - [Tatsuhiro Tsujikawa brought this change]
1859 http2: Don't send Upgrade headers when we already do HTTP/2
1861 Steve Holme (15 Nov 2014)
1862 - sasl: Corrected Curl_sasl_build_spn() function description
1864 There was a mismatch in function parameter names.
1866 - tool: Removed krb4 from the supported features
1868 Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
1869 so would not be output with --version, removed krb4 from the supported
1872 - [Michael Osipov brought this change]
1874 tool: Use Kerberos for supported features
1876 - urldata: Don't define sec_complete when no GSS-API support present
1878 This variable is only used with HAVE_GSSAPI is defined by the FTP code
1879 so let's place the definition with the other GSS-API based variables.
1881 - [Michael Osipov brought this change]
1883 docs: Use consistent naming for Kerberos
1885 - TODO: Lets support QOP options in GSSAPI authentication
1887 - sasl_sspi: Corrected a couple of comment typos
1889 - sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
1891 Rather than define the function as extern in the source files that use
1892 it, moved the function declaration into the SASL header file just like
1893 the Digest and NTLM clean-up functions.
1895 Additionally, added a function description comment block.
1897 - sasl_sspi: Added missing RFC reference for HTTP Digest authentication
1899 - ntlm: Clean-up and standardisation of base64 decoding
1901 - ntlm: We prefer 'CURLcode result'
1903 Daniel Stenberg (13 Nov 2014)
1904 - [Brad King brought this change]
1906 CMake: Restore order-dependent library checks
1908 Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies,
1909 2014-08-22) and add a comment explaining the purpose of the original
1912 The check_library_exists_concat macro is intended to be called multiple
1913 times on a sequence of possibly dependent libraries. Later libraries
1914 may depend on earlier libraries when they are static. They cannot be
1915 safely linked in reverse order on some platforms.
1917 Signed-off-by: Brad King <brad.king@kitware.com>
1919 - [Brad King brought this change]
1921 CMake: Restore order-dependent header checks
1923 Revert commit 1269df2e3b (Cmake: Don't check for all headers each
1924 time, 2014-08-15) and add a comment explaining the purpose of the
1927 The check_include_file_concat macro is intended to be called multiple
1928 times on a sequence of possibly dependent headers. Later headers
1929 may depend on earlier headers to provide declarations. They cannot
1930 be safely included independently on some platforms.
1932 For example, many POSIX APIs document including sys/types.h before some
1933 other headers. Also on some OS X versions sys/socket.h must be included
1934 before net/if.h or the check for the latter will fail.
1936 Signed-off-by: Brad King <brad.king@kitware.com>
1938 - [Peter Wu brought this change]
1940 test22: expand a backtick command
1942 This is the only user of the backtick operator in the command. As the
1943 commands will soon not be executed by a shell anymore (but by perl),
1944 replace the command with its output.
1946 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1948 - RELEASE-NOTES: synced with 2ee3c63b13
1950 - http2: fix switched macro when http2 is not enabled
1952 - [Tatsuhiro Tsujikawa brought this change]
1954 http2: Deal with HTTP/2 data inside response header buffer
1956 Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
1957 (thus they are in the same buffer), the trailing HTTP/2 traffic is not
1958 processed and lost. The appended data is most likely SETTINGS frame.
1959 If it is lost, nghttp2 library complains server does not obey the HTTP/2
1960 protocol and issues GOAWAY frame and curl eventually drops connection.
1961 This commit fixes this problem and now trailing data is processed.
1963 Steve Holme (11 Nov 2014)
1964 - configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
1966 Commit fe0f8967bf fixed a problem with krb5 not being defined as a
1967 supported feature when HAVE_GSSAPI is defined, however, it should
1968 only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
1969 SPNEGO is listed as a feature.
1971 Daniel Stenberg (10 Nov 2014)
1972 - multi: removed Curl_multi_set_easy_connection
1974 It isn't used anywhere!
1976 Reported-by: Carlo Wood
1978 - [Peter Wu brought this change]
1980 symbol-scan.pl: do not require autotools
1982 Makes test1119 pass when building with cmake.
1984 configurehelp.pm is generated by configure (autotools). As cmake does
1985 not provide a separate variable for the C preprocessor, default to cpp.
1986 Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan:
1987 use configure script knowledge about how to run the C preprocessor"),
1988 this tool would also use 'cpp'.
1990 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
1992 - [Peter Wu brought this change]
1994 cmake: add ENABLE_THREADED_RESOLVER, rename ARES
1996 Fix detection of the AsynchDNS feature which not just depends on
1997 pthreads support, but also on whether USE_POSIX_THREADS is set or not.
1998 Caught by test 1014.
2000 This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
2001 --enable-threaded-resolver of autotools) which also needs a check for
2004 For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
2005 (--enable-ares). Checks that test for the availability actually use
2006 USE_ARES instead as that is the result of whether a-res is available or
2007 not (in practice this does not matter as CARES is marked as required
2008 package, but nevertheless it is better to write the intent).
2010 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2012 - [Peter Wu brought this change]
2014 cmake: build libhostname for test suite
2016 Used by some test cases via LD_PRELOAD in order to fake the host name.
2018 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2020 - [Peter Wu brought this change]
2022 cmake: fix HAVE_GETHOSTNAME definition
2024 Otherwise Curl_gethostname always fails. Windows has gethostname
2025 since Vista according to
2026 http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but
2027 accordings to byte_bucket's VC 2005 documentation, it is available even
2028 in Windows 95. (possibly after installing a Platform SDK, the
2029 Windows Server 2003 SP1 Platform SDK should be sufficient).
2031 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2033 - [Peter Wu brought this change]
2035 tests: fix libhostname visibility
2037 I noticed that a patched cmake build would pass tests with a fake local
2038 hostname, but the autotools build skips them:
2040 got unexpected host name back, LD_PRELOAD failed
2042 It turns out that -fvisibility=hidden hides the symbol, and since the
2043 tests are not part of libcurl, it fails too. Just remove the LIBCURL
2046 Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093,
2047 "curl.h: stricter CURL_EXTERN linkage decorations logic").
2049 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2051 - [Peter Wu brought this change]
2053 tests: fix memleak in server/resolve.c
2055 This makes LeakSanitizer happy.
2057 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2059 - configure: assume krb5 when gss-api works
2061 To please test 1014 while we work out if this is truly the a correct
2064 Steve Holme (9 Nov 2014)
2065 - vtls.h: Fixed compiler warning when compiled without SSL
2067 vtls.c:185:46: warning: unused parameter 'data'
2069 - RELEASE-NOTES: Synced with 2fbf23875f
2071 - ntlm: Added separate SSPI based functions
2073 In preparation for moving the NTLM message code into the SASL module,
2074 and separating the native code from the SSPI code, added functions that
2075 simply call the functions in curl_ntlm_msg.c.
2077 - http_ntlm: Use the SASL functions instead
2079 In preparation for moving the NTLM message code into the SASL module
2080 use the SASL functions in the HTTP code instead.
2082 Daniel Stenberg (9 Nov 2014)
2083 - libssh2: detect features based on version, not configure checks
2085 ... so that non-configure builds get the correct functions too based on
2086 the libssh2 version used.
2088 - [Nobuhiro Ban brought this change]
2090 SSH: use the port number as well for known_known checks
2092 ... if the libssh2 version is new enough.
2094 Bug: http://curl.haxx.se/bug/view.cgi?id=1448
2096 Steve Holme (9 Nov 2014)
2097 - INSTALL: Updated pre-processor references to the old VC6 project files
2099 Reworked the two sections that discuss modifying the Visual Studio pre-
2100 processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
2101 project files references as they have been superseded by a more thorough
2102 set of project files for VC6 through VC12, but to also give the correct
2103 reference to this setting in later versions of Visual Studio.
2105 - INSTALL: Added email protocols to the "Disabling in Win32 builds" section
2107 - configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined
2109 - build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
2111 USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
2112 cryptography weren't disabled, and either a supporting cryptography
2113 library or Windows SSPI was being compiled against.
2115 This means it was not possible to build libcurl without HTTP support
2116 and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
2117 than introduce a new SASL pre-processor definition, removed the HTTP
2118 prerequisite just like USE_SPNEGO and USE_KRB5.
2120 Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
2121 as it is only available to HTTP at present.
2123 This bug dates back to August 2011 when I started to add support for
2126 - ntlm: Removed an unnecessary free of native Target Info
2128 Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
2131 - ntlm: Moved the native Target Info clean-up from HTTP specific function
2133 - ntlm: Moved SSPI clean-up code into SASL module
2135 - Makefile.dist: Added support for WinIDN
2137 - Makefile.vc6: Added support for WinIDN
2139 - Makefile.dist: Added some missing SSPI configurations
2141 - Makefile.dist: Separated the groups of SSL configurations from each other
2143 - Makefile.dist: Grouped the x64 configurations next to their x86 counterparts
2145 - curl.h: Tidy up of CURL_VERSION_* flags
2147 As the list has gotten a little messy and hard to read, especially with
2148 the introduction of deprecated items, aligned the values and comments
2149 into clean columns and reworked some of the comments in the process.
2151 - curl_tool: Added krb5 to the supported features
2153 - configure: Added krb5 to the supported features
2155 - version info: Added Kerberos V5 to the supported features
2157 Guenter Knauf (7 Nov 2014)
2158 - mk-ca-bundle.vbs: switch to new certdata.txt url.
2160 Steve Holme (7 Nov 2014)
2161 - RELEASE-NOTES: Synced with dcad09e125
2163 - http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
2165 Fixed a couple of memory leaks as a result of moving code that used to
2166 populate allocuserpwd and relied on it's clean up.
2168 - docs: Updated following the addition of SSPI based HTTP digest auth
2170 - sasl_sspi: Tidy up of the existing digest code
2172 Following the addition of SSPI support for HTTP digest, synchronised
2173 elements of the email digest code with that of the new HTTP code.
2175 - http_digest: Post SSPI support tidy up
2177 Post tidy up to ensure commonality of code style and variable names.
2179 Dan Fandrich (6 Nov 2014)
2180 - test552: Don't run HTTP digest tests for SSPI based builds
2182 Technical difficulties prevented this from going into the
2185 Steve Holme (6 Nov 2014)
2186 - tests: Don't run HTTP digest tests for SSPI based builds
2188 Added !SSPI to the features list of the HTTP digest tests, as SSPI
2189 based builds now use the Windows SSPI messaging API rather than the
2190 internal functions, and we can't control the random numbers that get
2191 used as part of the digest.
2193 Daniel Stenberg (6 Nov 2014)
2194 - curl.1: show zone index use in a URL
2196 Steve Holme (6 Nov 2014)
2197 - http_digest: Fixed auth retry loop when SSPI based authentication fails
2199 - http_digest: Reworked the SSPI based input token storage
2201 Reworked the input token (challenge message) storage as what is passed
2202 to the buf and desc in the response generation are typically blobs of
2203 data rather than strings, so this is more in keeping with other areas
2204 of the SSPI code, such as the NTLM message functions.
2206 - sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
2208 Added void reference to unused 'data' parameter back to fix compilation
2211 - sspi: Align definition values to even columns as we use 2 char spacing
2213 - sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
2215 Some versions of Microsoft's sspi.h don't define this.
2217 - sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
2219 Introduced in commit 7e6d51a73c these functions and definitions are only
2220 required by the internal challenge-response functions now.
2222 - sasl_sspi: Added HTTP digest response generation code
2224 - http_digest: Added SSPI based challenge decoding code
2226 - http_digest: Added SSPI based clean-up code
2228 - http_digest: Added SSPI based authentication functions
2230 This temporarily breaks HTTP digest authentication in SSPI based builds,
2231 causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
2232 resume normal operation.
2234 - http_digest: Added required SSPI based variables to digest structure
2236 Daniel Stenberg (6 Nov 2014)
2237 - [Frank Gevaerts brought this change]
2239 contributors.sh: --releasenotes reads in names from RELEASE-NOTES
2241 This is very handy when updating the RELEASE-NOTES as then we sometimes
2242 have names added manually in the existing list and we use this script to
2245 - RELEASE-NOTES: synced with 68542e72a9
2247 - curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
2249 Reported-by: Christian Hägele
2250 Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
2252 Steve Holme (5 Nov 2014)
2253 - build: Fixed Visual Studio project file generation of strdup.[c|h]
2255 As the curl command-line tool now includes it's own version of strdup(),
2256 for platforms that don't have it, fixed up the git respository Visual
2257 Studio project file generator to not include the version from lib in the
2258 tool project files, rather than having both lib\strdup.[c|h] and
2259 src\tool_strdup.[c|h] present.
2261 Daniel Stenberg (5 Nov 2014)
2262 - tool_strdup.c: include the tool strdup.h
2264 ... not the lib/ one that the tool no longer uses!
2266 - THANKS-filter: added another Michał Górny version we've used
2268 - contributors.sh: split lists using " and "
2270 ... and require the space after the filtering to make the filter able to
2273 Steve Holme (5 Nov 2014)
2274 - http_digest: Fixed memory leaks from commit 6f8d8131b1
2276 - sasl: Fixed compilation warning from commit 25264131e2
2278 Added forward declaration of digestdata to overcome the following
2279 compilation warning:
2281 warning: 'struct digestdata' declared inside parameter list
2283 Additionally made the ntlmdata forward declaration dependent on
2284 USE_NTLM similar to how digestdata and kerberosdata are.
2286 - sasl: Fixed HTTP digest challenges with spaces between auth parameters
2288 Broken as part of the rework, in commit 7e6d51a73c, to assist with the
2289 addition of HTTP digest via Windows SSPI.
2291 - http_digest: Fixed compilation errors from commit 6f8d8131b1
2293 error: invalid operands to binary
2294 warning: pointer targets in assignment differ in signedness
2296 - http_digest: Moved response generation into SASL module
2298 - http_digest: Moved challenge decoding into SASL module
2300 - http_digest: Moved clean-up function into SASL module
2302 - http_digest: Moved algorithm definitions to SASL module
2304 - [Gisle Vanem brought this change]
2306 ssh: Fixed build on platforms where R_OK is not defined
2308 Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
2309 Reported-by: Jan Ehrhardt
2311 - strdup: Removed irrelevant comment
2313 ...as Curl_memdup() duplicates an area of fix size memory, that may be
2314 binary, and not a null terminated string.
2316 - url.c: Fixed compilation warning
2318 conversion from 'curl_off_t' to 'size_t', possible loss of data
2320 - http_digest: Use CURLcode instead of CURLdigest
2322 To provide consistent behaviour between the various HTTP authentication
2323 functions use CURLcode based error codes for Curl_input_digest()
2324 especially as the calling code doesn't use the specific error code just
2327 Daniel Stenberg (5 Nov 2014)
2328 - contributors.sh: filter common alternative name spellings
2330 docs/THANKS-filter is a new filter file for converting contributor names
2331 we get or have recorded in alternative formats to the one we already use
2332 in THANKS. To help us show individual contributors using a single
2333 presentation of their names.
2335 - THANKS: added missing contributor from 2012
2337 - [Frank Gevaerts brought this change]
2339 Remove duplicate names.
2341 The removed names also appear as:
2342 Andrés GarcÃa, François Charlier, Gökhan Åžengün, MichaÅ‚ Górny, Sébastien
2343 Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
2344 S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
2346 Steve Holme (5 Nov 2014)
2347 - sspi: Define authentication package name constants
2349 These were previously hard coded, and whilst defined in security.h,
2350 they may or may not be present in old header files given that these
2351 defines were never used in the original code.
2353 Not only that, but there appears to be some ambiguity between the ANSI
2354 and UNICODE NTLM definition name in security.h.
2356 Patrick Monnerat (5 Nov 2014)
2357 - Adjust OS400-specific support to last release
2359 Daniel Stenberg (5 Nov 2014)
2360 - THANKS: added two missing names and removed a duplicate
2362 ./contributors.sh found these extra ones that somehow had fallen
2363 through the cracks and never gotten added here.
2365 Reported-by: Frank Gevaerts
2367 - bump: towards next release
2369 - THANKS: added names from 7.39.0 release notes
2371 Version 7.39.0 (5 Nov 2014)
2373 Daniel Stenberg (5 Nov 2014)
2374 - RELEASE-NOTES: 7.39.0 release (commit b3875606925)
2376 - curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
2378 When duplicating a handle, the data to post was duplicated using
2379 strdup() when it could be binary and contain zeroes and it was not even
2380 zero terminated! This caused read out of bounds crashes/segfaults.
2382 Since the lib/strdup.c file no longer is easily shared with the curl
2383 tool with this change, it now uses its own version instead.
2385 Bug: http://curl.haxx.se/docs/adv_20141105.html
2387 Reported-By: Symeon Paraschoudis
2389 - lib544.c: use duphandle for test 545
2391 To verify that curl_easy_duphandle() works fine on a handle that has
2392 gotten data stored with *_COPYPOSTFIELDS.
2394 - tests: add new feature 'SSLpinning'
2396 ... and make test 2034 and 2035 require it, and have it set when built
2397 with OpenSSL or GnuTLS.
2399 - buildconf: update copyright year
2401 Steve Holme (4 Nov 2014)
2402 - INSTALL: Consistent spacing in section headings, paragraphs and examples
2404 Daniel Stenberg (4 Nov 2014)
2405 - buildconf: stop checking for libtool
2407 As we only use libtoolize, only check for that!
2409 Steve Holme (4 Nov 2014)
2410 - INSTALL: Corrected MIT Kerberos and Heimdal package names
2412 - README: Corrected inconsistent use of --help
2414 - INSTALL: Use GSS-API rather than GSSAPI
2416 As implementations are refereed to GSS-API libraries as per the RFC and
2417 GSSAPI typically refers to the SASL authentication mechanism.
2419 ...and minor rewording on the same paragraph.
2421 - README: Added note about using Visual Studio projects out of git repository
2423 Daniel Stenberg (4 Nov 2014)
2424 - [K. R. Walker brought this change]
2426 cmake: fix ZLIB_INCLUDE_DIRS use
2428 CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
2429 http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
2431 Bug: https://github.com/bagder/curl/pull/123
2433 - [Jay Satiro brought this change]
2435 SSL: PolarSSL default min SSL version TLS 1.0
2437 - Prior to this change no SSL minimum version was set by default at
2438 runtime for PolarSSL. Therefore in most cases PolarSSL would probably
2439 have defaulted to a minimum version of SSLv3 which is no longer secure.
2441 - opts-Makefile: put more man pages into dist and make hmtl+pdf
2443 - curl_multi_setopt.3: refer to stand-alone pages
2445 ... instead of duplicating info.
2447 - opts: more multi options as stand-alone man pages
2449 - Makefile.am: two cmake files are gone
2451 8cb010144 removed the CurlCheckCSourceCompiles.cmake and
2452 CurlCheckCSourceRuns.cmake files
2454 - opts: made stand-alone man-pages for several multi options
2456 - [Carlo Wood brought this change]
2458 Curl_single_getsock: fix hold/pause sock handling
2460 The previous condition that checked if the socket was marked as readable
2461 when also adding a writable one, was incorrect and didn't take the pause
2462 bits properly into account.
2464 - [Peter Wu brought this change]
2466 cmake: fix struct sockaddr_storage check
2468 CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
2469 was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
2470 of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
2471 to affect the tests, so remove it too[2].
2473 For the non-windows case, remove inet headers as POSIX only requires
2476 [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
2477 [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
2479 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2481 - [Peter Wu brought this change]
2483 cmake: clean OtherTests, fixing -Werror
2485 There were several -Wunused warnings and one duplicate macro definition.
2486 The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
2487 abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
2488 insert extra C code. Avoid this broken abstraction and use cmake's
2489 check_c_source_compiles directly (works fine with CMake 2.8, maybe
2492 After cleaning up all related variables (EXTRA_DEFINES,
2493 HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
2494 add_headers_include macro and remove duplicate header additions before
2495 the struct timeval check.
2497 Oh, and now the code is converted to use CheckCSourceRuns and
2498 CheckCSourceCompiles, the two curl-specific helpers can be removed.
2499 Unfortunately, the cmake output is now slightly more verbose. Before:
2501 Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
2502 Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
2504 Since check_c_source_compiles prints the varname, now you see:
2506 Performing Test curl_cv_func_send_test
2507 Performing Test curl_cv_func_send_test - Failed
2508 Tested: int send(int, const void *, size_t, int)
2510 Compared cmake output with each other using vimdiff, no functional
2511 differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
2513 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2515 - [Peter Wu brought this change]
2517 cmake: fix gethostby{addr,name}_r in CurlTests
2519 This patch cleans up the automatically-generated (?) code and fixes one
2520 case that will always fail due to syntax error.
2522 HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
2523 character ("int length;q"). Several parameter type and unused variable
2524 warnings popped up. This causes a detection failure with -Werror.
2526 Observe that the REENTRANT cases are exactly the same as their
2527 non-REENTRANT cases except for a `_REENTRANT` macro definition.
2528 Merge all these pieces and build one big main function with different
2529 cases, but reusing variables where logical.
2531 For the cases where the parameters where NULL, I looked at
2532 lib/hostip4.c to get an idea of the parameters types.
2534 void-cast variables such as 'rc' to avoid -Wuninitialized errors.
2536 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2538 - [Peter Wu brought this change]
2540 cmake: drop _BSD_SOURCE macro usage
2542 autotools does not use features.h nor _BSD_SOURCE. As this macro
2543 triggers warnings since glibc 2.20, remove it. It should not have
2544 functional differences.
2546 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2548 Steve Holme (2 Nov 2014)
2549 - RELEASE-NOTES: Synced with d71ea7c01e
2551 Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
2552 as GSSAPI can be confused with the authentication mechanism rather than
2553 a GSS-API implementation library such as MIT or Heimdal.
2555 - build: Added WinIDN build configuration options
2557 Added support for WinIDN build configurations to the VC6 project files.
2559 - build: Added WinIDN build configuration options
2561 Added support for WinIDN build configurations to the VC7 and VC7.1
2564 - build: Fixed the pre-processor separator in Visual Studio project files
2566 A left over from the VC6 project files, so mainly cosmetic in Visual
2567 Studio .NET as it can handle both comma and semi-colon characters for
2568 separating multiple pre-processor definitions.
2570 However, the IDE uses semi-colons if the value is edited, and as such,
2571 this may cause problems in future for anyone updating the files or
2574 Used the Visual Studio IDE to correct the separator character.
2576 - build: Added optional specific version generation of VC project files
2578 ..when working from the git repository. This is particularly useful
2579 for single development environments where the project files for all
2580 supported versions of Visual Studio may not be required.
2582 - [Jay Satiro brought this change]
2584 build-openssl.bat: Fix x64 release build
2586 Prior to this change if x64 release was specified a failed attempt was
2587 made to build x86 release instead.
2589 - CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number
2591 - CURLOPT_SASL_IR.3: Added supported mechanism information
2593 ...and removed duplication of what protocols are supported from the
2596 - opts: Use common wording for MAIL related names
2598 - opts: Use common wording for TLS user/password option names
2600 ...and revised the proxy wording a little as well.
2602 - CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
2604 ...and corrected a related typo in curl_easy_setopt.3.
2606 Guenter Knauf (2 Nov 2014)
2607 - RELEASE-NOTES: removed obsolete entry; fixed entry.
2609 Steve Holme (2 Nov 2014)
2610 - RELEASE-NOTES: Synced with e7da67f5d3
2612 - docs: Added mention of Kerberos for CURL_VERSION_SSPI
2614 As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
2615 POP3 and SMTP authentication since v7.38.0.
2617 - CURL_VERSION_KERBEROS4: Mark as deprecated
2619 Support for Kerberos V4 was removed in v7.33.0.
2621 - sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
2623 Typically the USE_WINDOWS_SSPI definition would not be used when the
2624 CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
2625 configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
2626 data structures and functions would incorrectly be used when they
2629 Introduced a new USE_KRB5 definition that takes into account the use of
2630 CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2632 - openssl: Use 'CURLcode result'
2634 More CURLcode fixes.
2636 Daniel Stenberg (1 Nov 2014)
2637 - resume: consider a resume from [content-length] to be OK
2639 Basically since servers often then don't respond well to this and
2640 instead send the full contents and then libcurl would instead error out
2641 with the assumption that the server doesn't support resume. As the data
2642 is then already transfered, this is now considered fine.
2644 Test case 1434 added to verify this. Test case 1042 slightly modified.
2647 Bug: http://curl.haxx.se/bug/view.cgi?id=1443
2649 Steve Holme (1 Nov 2014)
2650 - openssl: Use 'CURLcode result'
2652 More standardisation of CURLcode usage and coding style.
2654 - openssl: Use 'CURLcode result'
2656 ...and some minor code style changes.
2658 - ftplistparser: We prefer 'CURLcode result'
2660 - opts: Use common wording for user/password option names
2662 - CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
2664 As this is covered by the PROTOCOLS section and saves having to update
2665 two parts of the document with the same information in future.
2667 - CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
2669 As implementations are refereed to GSS-API libraries as per the RFC and
2670 GSSAPI typically refers to an authentication mechanism.
2672 - CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
2674 Added missing IMAP to the protocol list.
2676 - code cleanup: Use 'CURLcode result'
2678 - curl_easy_setopt.3: Fixed lots of typos
2680 - curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
2682 ...as this option affects more that just FTP.
2684 Guenter Knauf (30 Oct 2014)
2685 - build: added Watcom support to build with WinSSL.
2687 Daniel Stenberg (30 Oct 2014)
2688 - CURLOPT_PINNEDPUBLICKEY.3: added details
2690 Steve Holme (30 Oct 2014)
2691 - CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
2693 Whilst the description included information about SMTP, the protocol
2694 list only showed "TTP, FTP, IMAP, POP3".
2696 - CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3
2698 Daniel Stenberg (29 Oct 2014)
2699 - openssl: enable NPN separately from ALPN
2701 ... and allow building with nghttp2 but completely without NPN and ALPN,
2702 as nghttp2 can still be used for plain-text HTTP.
2704 Reported-by: Lucas Pardue
2706 - configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
2708 ... since the conditional in the code are now based on OpenSSL versions
2709 instead to better support non-configure builds.
2711 - opts: added some "SEE ALSO" references
2713 Steve Holme (29 Oct 2014)
2714 - RELEASE-NOTES: Synced with 32913182dc
2716 - vtls.c: Fixed compilation warning
2718 conversion from 'size_t' to 'unsigned int', possible loss of data
2720 - sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
2722 Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
2723 acquiring the credentials handle fails. This is then consistent with
2724 the code prior to commit f7e24683c4 when log-in credentials were empty.
2726 - sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
2728 Fixed the ability to use the current log-in credentials with DIGEST-MD5.
2729 I had previously disabled this functionality in commit 607883f13c as I
2730 couldn't get this to work under Windows 8, however, from testing HTTP
2731 Digest authentication through Windows SSPI and then further testing of
2732 this code I have found it works in Windows 7.
2734 Some further investigation is required to see what the differences are
2735 between Windows 7 and 8, but for now enable this functionality as the
2736 code will return an error when AcquireCredentialsHandle() fails.
2738 Kamil Dudka (29 Oct 2014)
2739 - transfer: drop the code handling the ssl_connect_retry flag
2741 Its last use has been removed by the previous commit.
2743 - nss: drop the code for libcurl-level downgrade to SSLv3
2745 This code was already deactivated by commit
2746 ec783dc142129d3860e542b443caaa78a6172d56.
2748 - openssl: fix a line length warning
2750 Guenter Knauf (29 Oct 2014)
2751 - Added NetWare support to build with nghttp2.
2753 - Fixed error message since we require ALPN support.
2755 - Check for ALPN via OpenSSL version number.
2757 This check works also with to non-configure platforms.
2759 Steve Holme (28 Oct 2014)
2760 - sasl_sspi: Fixed typo in comment
2762 - code cleanup: We prefer 'CURLcode result'
2764 Daniel Stenberg (28 Oct 2014)
2765 - TODO: consider supporting STAT
2767 - mk-ca-bundle: spell fix "version"
2769 - HTTP: return larger than 3 digit response codes too
2771 HTTP 1.1 is clearly specified to only allow three digit response codes,
2772 and libcurl used sscanf("%3d") for that purpose. This made libcurl
2773 support smaller numbers but not larger. It does now, but we will not
2774 make any specific promises nor document this further since it is going
2775 outside of what HTTP is.
2777 Bug: http://curl.haxx.se/bug/view.cgi?id=1441
2780 - src/: remove version.h.dist from gitignore
2782 It has not been used since commit f7bfdbab in 2011
2784 Steve Holme (26 Oct 2014)
2785 - ntlm: We prefer 'CURLcode result'
2787 Continuing commit 0eb3d15ccb more return code variable name changes.
2789 Guenter Knauf (26 Oct 2014)
2790 - Cosmetics: lowercase non-special subroutine names.
2792 Steve Holme (26 Oct 2014)
2793 - RELEASE-NOTES: Synced with 07ac29a058
2795 - http_negotiate: We prefer 'CURLcode result'
2797 Continuing commit 0eb3d15ccb more return code variable name changes.
2799 - http_negotiate: Fixed missing check for USE_SPNEGO
2801 - sspi: Synchronization of cleanup code between auth mechanisms
2803 - sspi: Renamed max token length variables
2805 Code cleanup to try and synchronise code between the different SSPI
2806 based authentication mechanisms.
2808 - sspi: Renamed expiry time stamp variables
2810 Code cleanup to try and synchronise code between the different SSPI
2811 based authentication mechanisms.
2813 - sspi: Only call CompleteAuthToken() when complete is needed
2815 Don't call CompleteAuthToken() after InitializeSecurityContext() has
2816 returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
2817 function should be called again after receiving a response back from
2820 This only affected the Digest and NTLM authentication code.
2822 Dan Fandrich (26 Oct 2014)
2823 - Added the "flaky" keyword to a number of tests
2825 Each shows evidence of flakiness on at least one platform on
2826 the autobuilds. Users can use this keyword to skip these tests
2829 Steve Holme (26 Oct 2014)
2830 - ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
2832 For consistency with other areas of the NTLM code propagate all errors
2833 from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
2834 CURLE_OUT_OF_MEMORY.
2836 - ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
2838 - ntlm: Use 'CURLcode result'
2840 Continuing commit 0eb3d15ccb more return code variable name changes.
2842 - ntlm: Only define ntlm data structure when USE_NTLM is defined
2844 - ntlm: Changed handles to be dynamic like other SSPI handles
2846 Code cleanup to try and synchronise code between the different SSPI
2847 based authentication mechanisms.
2849 - ntlm: Renamed handle variables to match other SSPI structures
2851 Code cleanup to try and synchronise code between the different SSPI
2852 based authentication mechanisms.
2854 - ntlm: Renamed SSPI based input token variables
2856 Code cleanup to try and synchronise code between the different SSPI
2857 based authentication mechanisms.
2859 - ntlm: We prefer 'CURLcode result'
2861 Continuing commit 0eb3d15ccb more return code variable name changes.
2863 - build: Added WinIDN build configuration options
2865 Added support for WinIDN build configurations to the VC8 and VC9
2868 Nick Zitzmann (24 Oct 2014)
2869 - darwinssl: detect possible future removal of SSLv3 from the framework
2871 If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2873 Patrick Monnerat (24 Oct 2014)
2874 - gskit.c: remove SSLv3 from SSL default.
2876 - gskit.c: use 'CURLcode result'
2878 Daniel Stenberg (24 Oct 2014)
2879 - [Jay Satiro brought this change]
2881 SSL: Remove SSLv3 from SSL default due to POODLE attack
2883 - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
2884 openssl effectively making the default TLS 1.x. axTLS is not affected
2885 since it supports only TLS, and gnutls is not affected since it already
2886 defaults to TLS 1.x.
2888 - Update CURLOPT_SSLVERSION doc
2890 - pipelining: only output "is not blacklisted" in debug builds
2892 - *.3: add/extend "SEE ALSO" sections
2894 - curl_easy_pause.3: minor wording edit
2896 - curl_getdate.3: provide a "SEE ALSO" section
2898 - curl_global_init.3: minor formatting fix, add version info
2900 - url.c: use 'CURLcode result'
2902 - code cleanup: we prefer 'CURLcode result'
2904 ... for the local variable name in functions holding the return
2905 code. Using the same name universally makes code easier to read and
2908 Also, unify code for checking for CURLcode errors with:
2910 if(result) or if(!result)
2914 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2916 - Curl_add_timecondition: skip superfluous varible assignment
2918 Detected by cppcheck.
2920 - Curl_pp_flushsend: skip superfluous assignment
2922 Detected by cppcheck.
2924 - Curl_pp_readresp: remove superfluous assignment
2926 Variable already assigned a few lines up.
2928 Detected by cppcheck.
2930 - Curl_proxyCONNECT: remove superfluous statement
2932 The variable is already assigned, skip the duplicate assignment.
2934 Pointed out by cppcheck.
2936 Guenter Knauf (24 Oct 2014)
2937 - Added MinGW support to build with nghttp2.
2939 - Added VC ssh2 target to main Makefile.
2941 - Some cosmetics and simplifies.
2943 - Remove dependency on openssl and cut.
2945 Prefer usage of Perl modules for sha1 calculation since there
2946 might be systems where openssl is not installed or not in path.
2947 If openssl is used for sha1 calculation then dont rely on cut
2948 since it is usually not available on other systems than Linux.
2950 Daniel Stenberg (23 Oct 2014)
2951 - RELEASE-NOTES: synced with e116d0a62
2953 - CURLOPT_RESOLVE.3: add an example
2955 - gnutls: removed dead code
2957 Bug: http://curl.haxx.se/bug/view.cgi?id=1437
2960 - Curl_rand: Uninitialized variable: r
2962 This is not actually used uninitialized but we silence warnings.
2964 Bug: http://curl.haxx.se/bug/view.cgi?id=1437
2967 - opts: provide more and updated examples
2969 - CURLOPT_RANGE.3: works for SFTP as well
2971 ... and added a small example
2973 - curl.1: edited for clarity
2975 - CURLOPT_SSLVERSION.3: provide an example
2977 - docs/libcurl/ABI: more markdown friendly
2979 - docs: edited lots of libcurl docs for clarity
2981 - opts: added examples
2983 - HISTORY: two glimpses in 2014
2985 Kamil Dudka (20 Oct 2014)
2986 - nss: reset SSL handshake state machine
2988 ... when the handshake succeeds
2990 This fixes a connection failure when FTPS handle is reused.
2992 Daniel Stenberg (20 Oct 2014)
2993 - [Peter Wu brought this change]
2995 cmake: generate pkg-config and curl-config
2997 Initial work to generate a pkg-config and curl-config script. Static
2998 linking (`curl-config --static-libs` and `pkg-config --shared --libs
2999 libcurl`) is broken and therefore disabled.
3001 CONFIGURE_OPTIONS does not make sense for CMake, use an empty string
3004 At least `curl-config --features` and `curl-config --protocols` work
3005 which is needed by runtests.pl.
3007 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3009 - [Peter Wu brought this change]
3011 cmake: use LIBCURL_VERSION from curlver.h
3013 This matches the behavior from autotools. The auxiliary major, minor
3014 and patch components are not needed anymore and therefore removed.
3016 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3018 - [Peter Wu brought this change]
3020 cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
3022 For compatibility with autoconf, it will be used later for curl-config
3023 and pkg-config. Not all features and or protocols can be enabled as
3024 these are missing additional checks (see new TODOs).
3026 SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=)
3027 and manually verified/modified. SUPPORT_FEATURES is manually added.
3029 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3031 - cmake: add CMake/Macros.cmake to the release tarball
3033 - test545: make it not use a trailing zero
3035 CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
3036 require a trailing zero of the data and by making sure this test doesn't
3037 use one we know it works (combined with valgrind).
3039 Steve Holme (16 Oct 2014)
3040 - ntlm: Fixed empty type-2 decoded message info text
3042 Updated the info text when the base-64 decode of the type-2 message
3043 returns a null buffer to be more specific.
3045 - ntlm: Fixed empty/bad base-64 decoded buffer return codes
3047 - ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
3049 Daniel Stenberg (16 Oct 2014)
3050 - httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
3052 ... and only do a single request for clarity.
3054 Steve Holme (15 Oct 2014)
3055 - sasl_sspi: Fixed some typos
3057 - sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO
3059 Daniel Stenberg (15 Oct 2014)
3060 - [Bruno Thomsen brought this change]
3062 mk-ca-bundle: added SHA-384 signature algorithm
3064 Certificates based on SHA-1 are being phased out[1].
3065 So we should expect a rise in certificates based on SHA-2.
3066 Adding SHA-384 as a valid signature algorithm.
3068 [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
3070 Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
3072 Patrick Monnerat (14 Oct 2014)
3073 - OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope
3075 - Implement pinned public key in GSKit backend
3077 Daniel Stenberg (14 Oct 2014)
3078 - CURLOPT_TLSAUTH_*.3: fix reference typos
3080 - cleanups: reduce variable scope
3082 cppcheck pointed these out.
3084 - singleipconnect: remove dead assignment never used
3086 cppcheck pointed this out.
3088 - pinning: minor code style policing
3090 Patrick Monnerat (13 Oct 2014)
3091 - Factorize pinned public key code into generic file handling and backend specific
3093 - vtls: remove QsoSSL
3095 - gskit: supply dummy randomization function
3097 - vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation
3099 Daniel Stenberg (13 Oct 2014)
3100 - [Peter Wu brought this change]
3102 tests: move TESTCASES to Makefile.inc, add show for cmake
3104 This change allows runtests.pl to be run from the CMake builddir:
3106 export srcdir=/tmp/curl/tests;
3107 perl -I$srcdir $srcdir/runtests.pl -l
3109 In order to make this possible, all test cases have been moved from
3110 Makefile.am to Makefile.inc.
3112 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3114 - [Peter Wu brought this change]
3116 cmake: enable IPv6 by default if available
3118 ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
3119 Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
3120 struct sockaddr_in6 is not found in netinet/in.h.
3122 Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
3123 platform checks even though POSIX requires a thread-safe getaddrinfo.
3125 Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
3127 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3129 - [Peter Wu brought this change]
3131 cmake: build tool_hugehelp (ENABLE_MANUAL)
3133 Rather than always outputting an empty manual page for the '-M' option,
3134 generate a full manual page as done by autotools. For simplicity in
3135 CMake, always generate the gzipped page as it will not be used anyway
3136 when zlib is not available.
3138 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3140 - [Peter Wu brought this change]
3142 tests/http_pipe.py: Python 3 support
3144 The 2to3 tool converted socketserver (which I manually fixed up with an
3145 import fallback) and the print(e) line. The xrange option was converted
3146 to range, but it seems better to use the '*' operator here for
3149 Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3151 - SECURITY: slightly nicer markdown format
3153 - RELEASE-PROCEDURE: better markdown, more content
3155 - RELEASE-NOTES: synced with 6637b237e6eb
3157 ... and bumped the planned release version.
3159 - vtls: have vtls.h include the backend header files
3161 It turned out some features were not enabled in the build since for
3162 example url.c #ifdefs on features that are defined on a per-backend
3163 basis but vtls.h didn't include the backend headers.
3165 CURLOPT_CERTINFO was one such feature that was accidentally disabled.
3167 - test2036: verify -O with no slash at all in the URL
3169 Similar to test 76 but that test's URL has a slash just no file name
3172 - get_url_file_name: make no slash equal empty string
3174 - get_url_file_name: never return a NULL string *and* OK
3176 Change 987a4a73 assumes that as it simplifies life in the calling
3179 Reported-by: Fabian Keil
3181 - [Jakub Zakrzewski brought this change]
3183 Cmake: Build with GSSAPI (MIT or Heimdal)
3185 It tries hard to recognise SDK's on different platforms. On windows MIT
3186 Kerberos installs SDK with other things and puts path into registry.
3187 Heimdal have separate zip archive. On linux pkg-config is tried, then
3188 krb5-config script and finally old-style libs and headers detection.
3191 * CMAKE_USE_GSSAPI - enables GSSAPI detection
3192 * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
3193 (the one with include and lib directories)
3195 - [Jakub Zakrzewski brought this change]
3197 Cmake: Got rid of setup_curl_dependencies
3199 There is no need for such function. Include_directories propagate by
3200 themselves and having a function with one simple link statement makes
3203 - [Jakub Zakrzewski brought this change]
3205 Cmake: Avoid cycle directory dependencies.
3207 Because we prepended libraries to list, CMake had troubles resolving
3208 link directory order as it detected some cycles. Appending to list ensures
3209 that dependencies will preceed dependees.
3211 - [Jakub Zakrzewski brought this change]
3213 Cmake: Fix library list provided to cURL tests.
3215 The list must be set after those nice CMake tests as we mess with
3216 CMAKE_REQUIRED_LIBRARIES there.
3218 - [Jakub Zakrzewski brought this change]
3220 Cmake: Check for OpenSSL before OpenLDAP.
3222 OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
3223 may result in undefined symbols. Of course, the found OpenSSL libraries
3224 must also be linked whenever OpenLDAP is.
3226 - curl_multi_fdset.3: improved the formatting slightly
3228 - curl_multi_fdset: explain the fd_set arguments
3230 Kamil Dudka (8 Oct 2014)
3231 - nss: do not fail if a CRL is already cached
3233 This fixes a copy-paste mistake from commit 2968f957.
3235 Patrick Monnerat (8 Oct 2014)
3236 - OS400: upgrade interface for pinned public key (no implementation yet)
3238 Daniel Stenberg (8 Oct 2014)
3239 - FormAdd: precaution against memdup() of NULL pointer
3241 Coverity CID 252518. This function is in general far too complicated for
3242 its own good and really should be broken down into several smaller
3243 funcitons instead - but I'm adding this protection here now since it
3244 seems there's a risk the code flow can end up here and dereference a
3247 - operate: avoid NULL dereference
3249 Coverity CID 1241948. dumpeasysrc() would get called with
3250 config->current set to NULL which could be dereferenced by a warnf()
3253 - do_sec_send: remove dead code
3255 Coverity CID 1241951. The condition 'len >= 0' would always be true at
3256 that point and thus not necessary to check for.
3258 - krb5_encode: remove unused argument
3260 Coverity CID 1241957. Removed the unused argument. As this struct and
3261 pointer now are used only for krb5, there's no need to keep unused
3262 function arguments around.
3264 - operate_do: skip superfluous check for NULL pointer
3266 Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
3267 file name pointer so skip the check for that - it tricks coverity into
3268 believing it can happen and it then warns later on when we use 'outfile'
3269 without checking for NULL.
3271 - curl_easy_getinfo.3: spell-fix
3273 Reported-By: Luan Cestari
3275 - [moparisthebest brought this change]
3277 GnuTLS: Implement public key pinning
3279 - [moparisthebest brought this change]
3281 SSL: implement public key pinning
3283 Option --pinnedpubkey takes a path to a public key in DER format and
3284 only connect if it matches (currently only implemented with OpenSSL).
3286 Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
3288 Extract a public RSA key from a website like so:
3289 openssl s_client -connect google.com:443 2>&1 < /dev/null | \
3290 sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
3291 | openssl rsa -pubin -outform DER > google.com.der
3293 - multi_runsingle: fix possible memory leak
3295 Coverity CID 1202837. 'newurl' can in fact be allocated even when
3296 Curl_retry_request() returns failure so free it if need be.
3298 - ares::Curl_resolver_cancel: skip checking for NULL conn
3300 Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
3301 the subsequent statement would dereference it!
3303 - parseconfig: skip a NULL check
3305 Coverity CID 1154198. This NULL check implies that the pointer _can_ be
3306 NULL at this point, which it can't. Thus it is dead code. It tricks
3307 static analyzers to warn about dereferencing the pointer since the code
3308 seems to imply it can be NULL.
3310 - [Waldek Kozba brought this change]
3312 multi-uv.c: call curl_multi_info_read() better
3314 Improves it for low-latency cases (like the communication with
3317 - tool_go_sleep: use (void) to spell out we ignore the return value
3319 Coverity CID 1222080.
3321 - ssh_statemach_act: split out assignment from check
3323 just a minor code style thing to make the code clearer
3325 Marc Hoersken (4 Oct 2014)
3326 - curl_schannel.c: Fixed possible memory or handle leak
3328 First try to fix possible memory leaks, in this case:
3329 Only connssl->ctxt xor onnssl->cred being initialized.
3331 Daniel Stenberg (4 Oct 2014)
3332 - getparameter: remove dead code
3334 Coverity CID 1061126. 'parse' will always be non-NULL here.
3336 - getparameter: comment a switch FALLTHROUGH
3338 Coverity CID 1061118. Point out that it is on purpose.
3340 - choose_mech: fix return code
3342 Coverity CID 1241950. The pointer is never NULL but it might point to
3345 - Curl_sec_read_msg: spell out that we ignore return code
3347 Coverity CID 1241947. Since if sscanf() fails, the previously set value
3350 - nonblock: call with (void) to show we ignore the return code
3352 Coverity pointed out several of these.
3354 - parse_proxy: remove dead code.
3356 Coverity CID 982331.
3358 - Curl_debug: document switch fallthroughs
3360 - curl_multi_remove_handle: remove dead code
3362 Coverify CID 1157776. Removed a superfluous if() that always evaluated
3363 true (and an else clause that never ran), and then re-indented the
3364 function accordingly.
3366 - Curl_pipeline_server_blacklisted: handle a NULL server name
3368 Coverity CID 1215284. The server name is extracted with
3369 Curl_copy_header_value() and passed in to this function, and
3370 copy_header_value can actually can fail and return NULL.
3372 - ssh: comment "fallthrough" in switch statement
3374 - [Jeremy Lin brought this change]
3376 ssh: improve key file search
3378 For private keys, use the first match from: user-specified key file
3379 (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
3381 Note that the previous code only looked for id_dsa files. id_rsa is
3382 now generally preferred, as it supports larger key sizes.
3384 For public keys, use the user-specified key file, if provided.
3385 Otherwise, try to extract the public key from the private key file.
3386 This means that passing --pubkey is typically no longer required,
3387 and makes the key-handling behavior more like OpenSSH.
3389 - CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list
3391 - detect_proxy: fix possible single-byte memory leak
3393 Coverity CID 1202836. If the proxy environment variable returned an empty
3394 string, it would be leaked. While an empty string is not really a proxy, other
3395 logic in this function already allows a blank string to be returned so allow
3396 that here to avoid the leak.
3398 - multi_runsingle: fix memory leak
3400 Coverity CID 1202837. There's a potential risk that 'newurl' gets
3401 overwritten when it was already pointing to allocated memory.
3403 - pop3_perform_authentication: fix memory leak
3405 Coverity CID 1215287. There's a potential risk for a memory leak in
3406 here, and moving the free call to be unconditional seems like a cheap
3407 price to remove the risk.
3409 - imap_perform_authentication: fix memory leak
3411 Coverity CID 1215296. There's a potential risk for a memory leak in
3412 here, and moving the free call to be unconditional seems like a cheap
3413 price to remove the risk.
3415 - wait_or_timeout: return failure when Curl_poll() fails
3417 Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
3418 'mcode' was uninitialized. Pretty harmless since this is debug code only and
3419 would at worst cause an error to _not_ be returned...
3421 - curl.1: mention quoting in the URL section
3423 and separate the example URLs with newlines
3425 Steve Holme (30 Sep 2014)
3426 - [Bill Nagel brought this change]
3428 smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
3430 This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
3431 sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
3432 appears to require the same pointer on a write that follows a retry
3433 (CURLE_AGAIN) as discussed here:
3435 http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
3437 Daniel Stenberg (30 Sep 2014)
3438 - RELEASE-NOTES: synced with 53cbea22310f15
3440 - file: reject paths using embedded %00
3442 Mostly because we use C strings and they end at a binary zero so we know
3443 we can't open a file name using an embedded binary zero.
3445 Reported-by: research@g0blin.co.uk
3447 Dan Fandrich (26 Sep 2014)
3448 - test506: Fixed a couple of memory leaks in test
3450 Daniel Stenberg (25 Sep 2014)
3451 - [Yousuke Kimoto brought this change]
3453 CURLOPT_COOKIELIST: Added "RELOAD" command
3455 - [Michael Wallner brought this change]
3457 CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303
3459 - threaded-resolver: revert Curl_expire_latest() switch
3461 The switch to using Curl_expire_latest() in commit cacdc27f52b was a
3462 mistake and was against the advice even mentioned in that commit. The
3463 comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
3464 Curl_expire() the suitable function to use.
3466 Bug: http://curl.haxx.se/bug/view.cgi?id=1426
3467 Reported-By: graysky
3469 - libcurl docs: improvements all over
3471 Steve Holme (19 Sep 2014)
3472 - build: Added WinIDN build configuration options
3474 Added initial support for WinIDN build configurations to the VC10+
3477 Daniel Stenberg (19 Sep 2014)
3478 - tutorial: signals aren't used for the threaded resolver
3480 - FAQ: update the pronunciation section
3482 As we weren't using the correct phonetic description and doing it correctly
3483 involves funny letters that I'm sure will cause problems for people in a text
3484 document so I instead rephrased it and link to a WAV file with a person
3485 actually saying 'curl'.
3487 Reported-By: Dimitar Boevski
3489 - CURLOPT_COOKIE*: added more cross-references
3491 - BINDINGS: add node-libcurl
3493 Reported-By: Jonathan Cardoso Machado
3494 URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
3496 - README.http2: updated to reflect current status
3498 - formdata: removed unnecessary USE_SSLEAY use
3500 - curlssl: make tls backend symbols use curlssl in the name
3502 - url: let the backend decide CURLOPT_SSL_CTX_ support
3504 ... to further remove specific TLS backend knowledge from url.c
3506 - vtls: have the backend tell if it supports CERTINFO
3508 - [Catalin Patulea brought this change]
3510 configure: allow --with-ca-path with PolarSSL too
3512 Missed this in af45542c.
3514 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
3516 - CURLOPT_CAPATH: return failure if set without backend support
3518 - [Tatsuhiro Tsujikawa brought this change]
3520 http2: Fix busy loop when EOF is encountered
3522 Previously we did not handle EOF from underlying transport socket and
3523 wrongly just returned error code CURL_AGAIN from http2_recv, which
3524 caused busy loop since socket has been closed. This patch adds the
3525 code to handle EOF situation and tells the upper layer that we got
3528 Steve Holme (13 Sep 2014)
3529 - build: Added batch wrapper to checksrc.pl
3531 - RELEASE-NOTES: Synced with bd3df5ec6d
3533 - [Marcel Raad brought this change]
3535 sasl_sspi: Fixed Unicode build
3537 Bug: http://curl.haxx.se/bug/view.cgi?id=1422
3538 Verified-by: Steve Holme
3540 Daniel Stenberg (12 Sep 2014)
3541 - libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
3543 The former link was turned into a 404 at some point.
3545 Reported-By: Askar Safin
3547 - contributors.sh: split list of names at comma
3549 ... to support a list of names provided in a commit message.
3551 Steve Holme (12 Sep 2014)
3552 - [Ulrich Telle brought this change]
3554 ntlm: Fixed HTTP proxy authentication when using Windows SSPI
3556 Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
3557 bug in NTLM handshake for HTTP proxy authentication.
3559 NTLM handshake for HTTP proxy authentication failed with error
3560 SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
3561 servers on generating the NTLM Type-3 message.
3563 The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
3564 to the observations and suggestions made in a bug report for the
3565 QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
3567 Removing all the flags solved the problem.
3569 Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
3570 Reported-by: Ulrich Telle
3571 Assisted-by: Steve Holme, Daniel Stenberg
3573 Daniel Stenberg (12 Sep 2014)
3574 - [Ray Satiro brought this change]
3576 newlines: fix mixed newlines to LF-only
3578 I use the curl repo mainly on Windows with the typical Windows git
3579 checkout which converts the LF line endings in the curl repo to CRLF
3580 automatically on checkout. The automatic conversion is not done on files
3581 in the repo with mixed line endings. I recently noticed some weird
3582 output with projects/build-openssl.bat that I traced back to mixed line
3583 endings, so I scanned the repo and there are files (excluding the
3584 test data) that have mixed line endings.
3586 I used this command below to do the scan. Unfortunately it's not as easy
3587 as git grep, at least not on Windows. This gets the names of all the
3588 files in the repo's HEAD, gets each of those files raw from HEAD, checks
3589 for mixed line endings of both LF and CRLF, and prints the name if
3590 mixed. I excluded path tests/data/test* because those can have mixed
3591 line endings if I understand correctly.
3593 for f in `git ls-tree --name-only --full-tree -r HEAD`;
3594 do if [ -n "${f##tests/data/test*}" ];
3595 then git show "HEAD:$f" | \
3596 perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
3603 - [Viktor Szakáts brought this change]
3605 mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces
3607 - ROADMAP: markdown eats underscores
3609 It interprets them as italic indictors unless we backtick the word.
3611 - ROADMAP: tiny formatting edit for nicer web output
3613 Steve Holme (10 Sep 2014)
3614 - ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions
3616 - INTERNALS: Added email and updated Kerberos details
3618 - FEATURES: Updated Kerberos details
3620 Added support for Kerberos 5 to the email protocols following the recent
3621 additions in 7.38.0.
3623 Removed Kerberos 4 as this has been gone for a while now.
3625 Daniel Stenberg (10 Sep 2014)
3626 - [Paul Howarth brought this change]
3628 openssl: build fix for versions < 0.9.8e
3630 Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
3632 - mk-ca-bundle.pl: first, try downloading HTTPS with curl
3634 As a sort of step forward, this script will now first try to get the
3635 data from the HTTPS URL using curl, and only if that fails it will
3636 switch back to the HTTP transfer using perl's native LWP functionality.
3637 To reduce the risk of this script being tricked.
3639 Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so
3640 we can't really ever completely disable HTTP, but chances are that most
3641 users already have a ca cert bundle that trusts the mozilla.org site
3642 that this script downloads from.
3644 A future version of this script will probably switch to require a
3645 dedicated "insecure" command line option to allow downloading over HTTP
3646 (or unverified HTTPS).
3648 - LICENSE-MIXING: removed krb4 info
3650 krb4 has been dropped since a while now
3652 - bump: on the 7.38.1-DEV train now!
3654 - SSLCERTS: minor updates
3656 Edited format to look better on the web, added a "it is about trust"
3659 Version 7.38.0 (10 Sep 2014)
3661 Daniel Stenberg (10 Sep 2014)
3662 - dist: two cmake files are no more
3664 CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b
3666 - RELEASE-NOTES: final update for 7.38.0
3668 - cookies: reject incoming cookies set for TLDs
3670 Test 61 was modified to verify this.
3674 Reported-by: Tim Ruehsen
3675 URL: http://curl.haxx.se/docs/adv_20140910B.html
3677 - [Tim Ruehsen brought this change]
3679 cookies: only use full host matches for hosts used as IP address
3681 By not detecting and rejecting domain names for partial literal IP
3682 addresses properly when parsing received HTTP cookies, libcurl can be
3683 fooled to both send cookies to wrong sites and to allow arbitrary sites
3684 to set cookies for others.
3688 Bug: http://curl.haxx.se/docs/adv_20140910A.html
3690 - HISTORY: fix the 1998 title position
3692 - HISTORY: extended and now markdown
3694 - SSLCERTS: converted to markdown
3696 Only minor edits to make it generate nice HTML output using markdown, as
3697 this document serves both in source release tarballs as on the web site.
3699 URL: http://curl.haxx.se/docs/sslcerts.html
3701 - ftp-wildcard.c: spell fix
3703 Reported-By: Frank Gevaerts
3705 - RELEASE-NOTES: synced with 921a0c22a6f
3707 - THANKS: synced with RELEASE-NOTES for 921a0c22a6f
3709 - polarassl: avoid memset() when clearing the first byte is enough
3711 - [Catalin Patulea brought this change]
3713 polarssl: support CURLOPT_CAPATH / --capath
3715 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
3717 - SECURITY: eh, make more sense!
3719 - SECURITY: how to join the curl-security list
3721 - RELEASE-NOTES: fix the required nghttp2 version typo
3723 - [Brandon Casey brought this change]
3725 Ensure progress.size_dl/progress.size_ul are always >= 0
3727 Historically the default "unknown" value for progress.size_dl and
3728 progress.size_ul has been zero, since these values are initialized
3729 implicitly by the calloc that allocates the curl handle that these
3730 variables are a part of. Users of curl that install progress
3731 callbacks may expect these values to always be >= 0.
3733 Currently it is possible for progress.size_dl and progress.size_ul
3734 to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
3735 Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
3736 places currently do, and a following patch will add more). So
3737 lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
3738 so they make sure that these variables always contain a value that
3741 Updates test579 and test599.
3743 Signed-off-by: Brandon Casey <drafnel@gmail.com>
3745 Steve Holme (7 Sep 2014)
3746 - tests: Added test1420 to the makefile
3748 - test1420: Removed unnecessary CURLOPT setting
3750 - tests: Added more "Clear Text" authentication keywords
3752 - tests: Updated "based on" text due to email test renumbering
3754 - tests: For consistency added --libcurl to test name
3756 - tests: Added --libcurl for IMAP test case
3758 - multi.c: Avoid invalid memory read after free() from commit 3c8c873252
3760 As the current element in the list is free()d by Curl_llist_remove(),
3761 when the associated connection is pending, reworked the loop to avoid
3762 accessing the next element through e->next afterward.
3764 - multi.c: Fixed compilation warning from commit 3c8c873252
3766 warning: implicit conversion from enumeration type 'CURLMcode' to
3767 different enumeration type 'CURLcode'
3769 - url.c: Use CURLAUTH_NONE constant rather than 0
3771 Small follow up to commit 898808fa8c to use auth constants rather than
3772 hard code value when clearing picked authentication mechanism.
3774 - RELEASE-NOTES: Synced with fd1ce3856a
3776 Nick Zitzmann (4 Sep 2014)
3777 - [Vilmos Nebehaj brought this change]
3779 darwinssl: Use CopyCertSubject() to check CA cert.
3781 SecCertificateCopyPublicKey() is not available on iPhone. Use
3782 CopyCertSubject() instead to see if the certificate returned by
3783 SecCertificateCreateWithData() is valid.
3785 Reported-by: Toby Peterson
3787 Steve Holme (4 Sep 2014)
3788 - RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI
3790 Daniel Stenberg (4 Sep 2014)
3791 - MAIL-ETIQUETTE: "1.8 I posted, now what?"
3793 - CURLOPT_CA*: better refering between *CAINFO and *CAPATH
3795 ... and a minor wording edit
3797 - THANKS: added Dennis Clarke
3799 Dennis Clarke from Blastwave.org for ensuring that nightly builds run
3802 - curl_multi_cleanup: remove superfluous NULL assigns
3804 ... as the struct is free()d in the end anyway. It was first pointed out
3805 to me that one of the ->msglist assignments were supposed to have been
3806 ->pending but was a copy and paste mistake when I realized none of the
3807 clearing of pointers had to be there.
3809 - multi: convert CURLM_STATE_CONNECT_PEND handling to a list
3811 ... instead of scanning through all handles, stash only the actual
3812 handles that are in that state in the new ->pending list and scan that
3813 list only. It should be mostly empty or very short. And only used for
3816 This avoids a rather hefty slow-down especially notable if you add many
3817 handles to the same multi handle. Regression introduced in commit
3818 0f147887 (version 7.30.0).
3820 Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html
3821 Reported-by: David Meyer
3823 - RELEASE-NOTES: synced with e608324f9f9
3825 - [Andre Heinecke brought this change]
3827 polarssl: implement CURLOPT_SSLVERSION
3829 Forwards the setting as minimum ssl version (if set) to polarssl. If
3830 the server does not support the requested version the SSL Handshake will
3833 Bug: http://curl.haxx.se/bug/view.cgi?id=1419
3835 nickzman (1 Sep 2014)
3836 - Merge pull request #115 from ldx/darwinsslfixpr
3838 darwinssl: now accepts cacert bundles in PEM format in addition to single certs
3840 Vilmos Nebehaj (1 Sep 2014)
3841 - Check CA certificate in curl_darwinssl.c.
3843 SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
3844 if the buffer holds an invalid or corrupt certificate. Call
3845 SecCertificateCopyPublicKey() to make sure cacert is a valid
3848 Daniel Stenberg (31 Aug 2014)
3849 - low-speed-limit: avoid timeout flood
3851 Introducing Curl_expire_latest(). To be used when we the code flow only
3852 wants to get called at a later time that is "no later than X" so that
3853 something can be checked (and another timeout be added).
3855 The low-speed logic for example could easily be made to set very many
3856 expire timeouts if it would be called faster or sooner than what it had
3857 set its own timer and this goes for a few other timers too that aren't
3858 explictiy checked for timer expiration in the code.
3860 If there's no condition the code that says if(time-passed >= TIME), then
3861 Curl_expire_latest() is preferred to Curl_expire().
3863 If there exists such a condition, it is on the other hand important that
3864 Curl_expire() is used and not the other.
3866 Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html
3867 Reported-by: Florian Weimer
3869 - [Michael Wallner brought this change]
3871 resolve: cache lookup for async resolvers
3873 While waiting for a host resolve, check if the host cache may have
3874 gotten the name already (by someone else), for when the same name is
3875 resolved by several simultanoues requests.
3877 The resolver thread occasionally gets stuck in getaddrinfo() when the
3878 DNS or anything else is crappy or slow, so when a host is found in the
3879 DNS cache, leave the thread alone and let itself cleanup the mess.
3881 Vilmos Nebehaj (30 Aug 2014)
3882 - Fix CA certificate bundle handling in darwinssl.
3884 If the --cacert option is used with a CA certificate bundle that
3885 contains multiple CA certificates, iterate through it, adding each
3886 certificate as a trusted root CA.
3888 Daniel Stenberg (29 Aug 2014)
3889 - [Askar Safin brought this change]
3891 getinfo-times: Typo fixed
3893 - [Askar Safin brought this change]
3895 libcurl.3: Typo fixed
3897 - curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen
3899 - curl.1: add an example for -H
3901 - FAQ: mention -w in the 4.20 answer as well
3903 - FAQ: 4.20 curl doesn't return error for HTTP non-200 responses
3905 - CURLOPT_NOBODY.3: clarify this option is for downloads
3907 When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
3908 mode and will do a download (without a body). This is now better
3909 explained in this man page.
3911 Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
3912 Reported-by: John Coffey
3914 - INTERNALS: nghttp2 must be 0.6.0 or later
3916 - [Tatsuhiro Tsujikawa brought this change]
3918 Compile with latest nghttp2
3920 Dan Fandrich (26 Aug 2014)
3921 - THANKS: removed a few more duplicates
3923 Daniel Stenberg (26 Aug 2014)
3924 - RELEASE-NOTES: synced with 007242257683a
3926 ... and bumped the contributor amount after recount
3928 - THANKS: added 52 missing contributors
3930 I re-ran contributors.sh on all changes since 7.10 and I found these
3931 contributors who are mentioned in the commits but never were added to
3934 I also removed a couple of duplicates (mostly due to different
3937 - contributors: grep and sort case insensitively
3939 - [Michael Osipov brought this change]
3941 configure.ac: Add support for recent GSS-API implementations for HP-UX
3943 By default, configure script assumes that libcurl will use the
3944 HP-supplied GSS-API implementation which does not have krb5-config.
3945 If a dev needs a more recent version which has that config script,
3946 the change will allow to pass an appropriate GSSAPI_ROOT.
3948 - CONNECT: close proxy connections that fail to CONNECT
3950 This is usually due to failed auth. There's no point in us keeping such
3951 a connection alive since it shouldn't be re-used anyway.
3953 Bug: http://curl.haxx.se/bug/view.cgi?id=1381
3954 Reported-by: Marcel Raad
3956 - RELEASE-NOTES: added two missing HTTP/2 bug fixes
3958 And renamed all http2 references to HTTP/2 in this file
3960 - RELEASE-NOTES: synced with f646e9075f47
3962 - [Jakub Zakrzewski brought this change]
3964 Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows
3966 At this point I can build libcurl on windows. It provides at least the same
3967 list of protocols as for linux build and works with our software.
3969 - [Jakub Zakrzewski brought this change]
3971 Cmake: Removed repeated content from ending blocks
3973 They are unnecesary in modern CMake and removing them improves readability.
3975 - [Jakub Zakrzewski brought this change]
3977 Cmake: Removed some useless empty SET statements.
3979 Undefined variables resolve to empty strings and we do not ever test if
3980 the variable is defined thus those SETs are superfluous.
3982 - [Jakub Zakrzewski brought this change]
3984 Cmake: Removed useless comments from CMakeLists.txt
3986 They look like some relics after changes.
3988 - [Jakub Zakrzewski brought this change]
3990 Cmake: Don't check for all headers each time
3992 One header at a time is the right way. Apart from that the output on
3995 -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
3996 -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
3998 -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
4000 -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
4002 -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
4004 -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
4006 -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
4008 -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
4010 -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
4012 -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
4014 -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
4016 -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
4018 -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
4020 -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
4022 -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
4028 -- Looking for ws2tcpip.h
4029 -- Looking for ws2tcpip.h - found
4030 -- Looking for winsock2.h
4031 -- Looking for winsock2.h - found
4032 -- Looking for stdio.h
4033 -- Looking for stdio.h - found
4034 -- Looking for windows.h
4035 -- Looking for windows.h - found
4036 -- Looking for winsock.h
4037 -- Looking for winsock.h - found
4038 -- Looking for sys/filio.h
4039 -- Looking for sys/filio.h - not found
4040 -- Looking for sys/ioctl.h
4041 -- Looking for sys/ioctl.h - not found
4042 -- Looking for sys/resource.h
4044 - [Jakub Zakrzewski brought this change]
4046 Cmake: Append OpenSSL include directory to search path
4048 At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2.
4049 Supported protocols are at least:
4050 HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP
4051 (those are the ones we have regression tests for
4052 in our product's testsuite)
4054 - [Jakub Zakrzewski brought this change]
4056 Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code.
4058 - [Jakub Zakrzewski brought this change]
4060 Cmake: LibSSH2 detection and use.
4062 - [Jakub Zakrzewski brought this change]
4064 Cmake: Moved macros out of the main CMakeLists.txt
4066 - [Jakub Zakrzewski brought this change]
4068 Cmake: Added missing protocol-disable switches
4070 They already have their defines in config.h. This makes it possible to
4071 disable the protocols from command line during configure step.
4073 - [Jakub Zakrzewski brought this change]
4075 Cmake: Made boolean defines be defined to "1" instead of "ON"
4077 It's by convention, for compatibility and because the comments say so.
4078 Just mabe someone have written a test like "#if HAVE_XX==1"
4080 - [Jakub Zakrzewski brought this change]
4082 Cmake: Require at least CMake 2.8.
4084 CMake 2.6 is already a bit old. Many bugs have been fixed since
4085 its release. We use 2.8 in our company and we have no intention
4086 of polluting our environment with old software, so 2.6 would
4087 not be tested. This shouldn't be a problem since all one need
4088 to build CMake from source is C and C++ compiler.
4090 - disconnect: don't touch easy-related state on disconnects
4092 This was done to make sure NTLM state that is bound to a connection
4093 doesn't survive and gets used for the subsequent request - but
4094 disconnects can also be done to for example make room in the connection
4095 cache and thus that connection is not strictly related to the easy
4096 handle's current operation.
4098 The http authentication state is still kept in the easy handle since all
4099 http auth _except_ NTLM is connection independent and thus survive over
4100 multiple connections.
4102 Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
4103 Reported-by: Paras S
4105 - curl.1: clarify --limit-rate's effect on both directions
4107 Bug: http://curl.haxx.se/bug/view.cgi?id=1414
4108 Reported-by: teo8976
4110 - curl.1: mention the --post30x options within the --location desc
4112 Dan Fandrich (22 Aug 2014)
4113 - sasl: Fixed a memory leak on OOM
4115 Daniel Stenberg (22 Aug 2014)
4116 - [Frank Meier brought this change]
4118 NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
4120 Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
4121 since NTLM requires multiple requests that re-use the same connection
4122 for the authentication to work
4124 Solution: Ignore the forbid reuse flag in case the NTLM authentication
4125 handshake is in progress, according to the NTLM state flag.
4127 Fixed known bug #77.
4129 Steve Holme (22 Aug 2014)
4130 - openssl.c: Fixed longer than 79 columns
4132 - openssl.c: Fixed compilation warning
4134 warning: declaration of 'minor' shadows a global declaration
4136 Daniel Stenberg (21 Aug 2014)
4137 - [Haris Okanovic brought this change]
4139 win32: Fixed WinSock 2 #if
4141 A conditionally compiled block in connect.c references WinSock 2
4142 symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
4145 Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html
4147 - Curl_disconnect: don't free the URL
4149 The URL is not a property of the connection so it should not be freed in
4150 the connection disconnect but in the Curl_close() that frees the easy
4153 Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
4154 Reported-by: Paras S
4156 - help output: minor whitespace edits
4158 Should've been amended in the previous commit but wasn't due to a
4161 - [Zearin brought this change]
4163 help output: use ≥2 spaces between option and description
4165 ... and some other cleanups
4167 - FAQ: some actually sometimes get paid...
4169 Steve Holme (17 Aug 2014)
4170 - sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge
4172 - sasl_sspi: Renamed GSSAPI mutual authentication parameter
4174 ...From "mutual" to "mutual_auth" which better describes what it is.
4176 - sasl_sspi: Corrected some of the GSSAPI security message error codes
4178 Corrected a number of the error codes that can be returned from the
4179 Curl_sasl_create_gssapi_security_message() function when things go
4182 It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
4183 inbound security challenge can't be decoded correctly or doesn't
4184 contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
4185 EncryptMessage() fails. Unfortunately the previous error code of
4186 CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
4187 have been correct in commit 4b491c675f :(
4189 - docs: Escaped single backslash
4191 - TODO: Updated following GSSAPI (Kerberos V5) additions
4193 Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
4194 authentication mechanisms" following recent additions.
4196 Added SASL 14.2 GSSAPI via GSS-API libraries.
4198 - CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
4200 This repeats what has already been documented in both the curl manpage
4201 and CURLOPT_USERPWD documentation but is provided here for completeness
4202 as someone may not especially read the latter when using libcurl.
4204 - CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
4206 Added information about Kerberos V5 requiring the domain part in the
4209 Mentioned that the user name can be specified in UPN format, and not
4210 just in Down-Level Logon Name format, following the information
4211 added in commit 7679cb3fa8 reworking the exisitng information in the
4214 - docs: Added Kerberos V5 and NTLM domain information to --user
4216 - docs: Added Kerberos V5 to the --user SSPI current credentials usage
4218 - sasl_sspi: Tell the server we don't support a GSSAPI receive buffer
4220 - smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
4222 - pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
4224 - imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
4226 - email: Added mutual authentication flag
4228 Daniel Stenberg (15 Aug 2014)
4229 - RELEASE-NOTES: synced with 0187c9e11d079
4231 - http: fix the Content-Range: parser
4233 ... to handle "*/[total]". Also, removed the strange hack that made
4234 CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
4237 Reported-by: Dimitrios Siganos
4238 Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
4240 Steve Holme (14 Aug 2014)
4241 - email: Introduced the GSSAPI states
4243 - curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
4245 warning: unused variable 'resp'
4247 warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
4249 - SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
4251 * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
4253 warning: declaration of 'result' shadows a previous local
4255 - curl_sasl.h: Fixed compilation error from commit 4b491c675f
4257 warning: 'struct kerberos5data' declared inside parameter list
4259 Due to missing forward declaration.
4261 - urldata.h: Fixed compilation warnings from commit 3ec253532e
4263 warning: extra tokens at end of #endif directive
4265 - sasl_sspi: Added GSSAPI message functions
4267 - urldata: Introduced a GSSAPI (Kerberos V5) data structure
4269 Added a kerberos5data structure which is similar in nature to the
4270 ntlmdata and negotiatedata structures.
4272 - sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module
4274 In preparation for the upcoming SSPI implementation of GSSAPI
4275 authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
4276 socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
4279 Daniel Stenberg (13 Aug 2014)
4280 - mk-ca-bundle.pl: add missing $
4282 - mk-ca-bundle.pl: switched to using hg.mozilla.org
4284 ... as mxr.mozilla.org is due to be retired.
4286 The new host doesn't support If-Modified-Since nor ETags, meaning that
4287 the script will now defer to download and do a post-transfer checksum
4288 check to see if a new output is to be generated. The new output format
4289 will hold the SHA1 checksum of the source file for that purpose.
4291 We call this version 1.22
4293 Reported-by: Ed Morley
4294 Bug: http://curl.haxx.se/bug/view.cgi?id=1409
4296 - [Jose Alf brought this change]
4298 openssl: fix version report for the 0.9.8 branch
4300 Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
4301 starting from openssl-0.9.8za.
4303 - [Frank Meier brought this change]
4305 create_conn: prune dead connections
4307 Bringing back the old functionality that was mistakenly removed when the
4308 connection cache was remade. When creating a new connection, all the
4309 existing ones are checked and those that are known to be dead get
4310 disconnected for real and removed from the connection cache. It helps
4311 the cache from holding on to very many stale connections and aids in
4312 keeping down the number of system sockets in wait states.
4314 Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
4316 Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html
4318 Kamil Dudka (11 Aug 2014)
4319 - docs/SSLCERTS: update the section about NSS database
4321 Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
4322 Reported-by: David Shaw
4324 Daniel Stenberg (11 Aug 2014)
4325 - [Peter Wang brought this change]
4327 Curl_poll + Curl_wait_ms: fix timeout return value
4329 Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
4330 in commits b61e8b8 and c771968:
4332 When poll or select are interrupted and coincides with the timeout
4333 elapsing, the functions return -1 indicating an error instead of 0 for
4336 Steve Holme (10 Aug 2014)
4337 - config-tpf.h: Fixed up line lengths > 79 characters
4339 - config-symbian.h: Fixed up line lengths > 79 characters
4341 - tool_hugehelp.c.cvs: Added copyright
4343 Added copyright due to warning from checksrc.pl.
4345 - RELEASE-NOTES: Synced with cd6ecf6a89
4347 - sasl_sspi: Fixed hard coded buffer for response generation
4349 Given the SSPI package info query indicates a token size of 4096 bytes,
4350 updated to use a dynamic buffer for the response message generation
4351 rather than a fixed buffer of 1024 bytes.
4353 - sasl_sspi: Fixed missing free of challenge buffer on SPN failure
4355 - http_negotiate_sspi: Tidy up to remove the get_gss_name() function
4357 Due to the reduction of code in commit 3b924b29 of get_gss_name() the
4358 function isn't necessary anymore.
4360 - http_negotiate_sspi: Use a dynamic buffer for SPN generation
4362 Updated to use a dynamic buffer for the SPN generation via the recently
4363 introduced Curl_sasl_build_spn() function rather than a fixed buffer of
4364 1024 characters, which should have been more than enough, but by using
4365 the new function removes the need for another variable sname to do the
4366 wide character conversion in Unicode builds.
4368 - sasl: Tidy up to rename SPN variable from URI
4370 - sasl: Use a dynamic buffer for SPN generation
4372 Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
4373 for the SPN generation via the recently introduced Curl_sasl_build_spn()
4374 function rather than a fixed buffer of 128 characters.
4376 - sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
4378 Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
4379 to a TCHAR when calling InitializeSecurityContext(). This meant that,
4380 under Unicode builds, it would not be valid wide character string.
4382 Updated to use the recently introduced Curl_sasl_build_spn() function
4383 which performs the correct conversion for us.
4385 - sasl: Introduced Curl_sasl_build_spn() for building a SPN
4387 Various parts of the libcurl source code build a SPN for inclusion in
4388 authentication data. This information is either used by our own native
4389 generation routines or passed to authentication functions in third-party
4390 libraries such as SSPI. However, some of these instances use fixed
4391 buffers rather than dynamically allocated ones and not all of those that
4392 should, convert to wide character strings in Unicode builds.
4394 Implemented a common function that generates a SPN and performs the
4395 wide character conversion where necessary.
4397 - sasl_sspi: Fixed memory leak with not releasing Package Info struct
4399 Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
4400 structure after QuerySecurityPackageInfo() had allocated it.
4402 - [Michael Osipov brought this change]
4404 docs: Update SPNEGO and GSS-API related doc sections
4406 Reflect recent changes in SPNEGO and GSS-API code in the docs.
4407 Update them with appropriate namings and remove visible spots for
4410 - sspi: Minor code tidy up to standardise coding style
4412 Following the recent changes and in attempt to align the SSPI based
4413 authentication code performed the following:
4415 * Use NULL and SECBUFFVERSION rather than hard coded constants.
4416 * Avoid comparison of zero in if statements.
4417 * Standardised the buf and desc setup code.
4419 - schannel: Fixed compilation warning in vtls.c
4421 vtls.c:688:43: warning: unused parameter 'data'
4423 - tool_getparam.c: Fixed compilation warning
4425 warning: `orig_opt' might be used uninitialized in this function
4427 - RELEASE-NOTES: Synced with 159c3aafd8
4429 Daniel Stenberg (8 Aug 2014)
4430 - curl_ntlm_msgs: make < 80 columns wide
4432 Steve Holme (8 Aug 2014)
4433 - ntlm: Fixed hard coded buffer for SSPI based auth packet generation
4435 Given the SSPI package info query indicates a token size of 2888 bytes,
4436 and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
4437 for the Type-1 and Type-3 message generation rather than a fixed buffer
4440 - ntlm: Added support for SSPI package info query
4442 Just as with the SSPI implementations of Digest and Negotiate added a
4443 package info query so that libcurl can a) return a more appropriate
4444 error code when the NTLM package is not supported and b) it can be of
4445 use later to allocate a dynamic buffer for the Type-1 and Type-3
4446 output tokens rather than use a fixed buffer of 1024 bytes.
4448 Daniel Stenberg (7 Aug 2014)
4449 - http2: added some more logging for debugging stream problems
4451 - [Tatsuhiro Tsujikawa brought this change]
4453 HTTP/2: Reset promised stream, not its associated stream.
4455 - [Tatsuhiro Tsujikawa brought this change]
4457 HTTP/2: Move :authority before non-pseudo header fields
4459 - http2: show the received header for better debugging
4461 - openssl: replace call to OPENSSL_config
4463 OPENSSL_config() is "strongly recommended" to use but unfortunately that
4464 function makes an exit() call on wrongly formatted config files which
4465 makes it hard to use in some situations. OPENSSL_config() itself calls
4466 CONF_modules_load_file() and we use that instead and we ignore its
4469 Reported-by: Jan Ehrhardt
4470 Bug: http://curl.haxx.se/bug/view.cgi?id=1401
4472 Dan Fandrich (7 Aug 2014)
4473 - [Fabian Keil brought this change]
4475 runtests.pl: Pad test case numbers with up to three zeroes
4477 Test case numbers with four digits have been available for a
4480 Steve Holme (7 Aug 2014)
4481 - docs: Added Negotiate to the SSPI current credentials usage description
4483 - TODO: HTTP Digest via Windows SSPI
4485 - TODO: FTP GSSAPI via Windows SSPI
4487 - http_negotiate_sspi: Fixed specific username and password not working
4489 Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
4490 Reported-by: Leonardo Rosati
4492 - http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
4494 If the server rejects our authentication attempt and curl hasn't
4495 called CompleteAuthToken() then the status variable will be
4496 SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
4498 As such the existing detection mechanism for determining whether or not
4499 the authentication process has finished is not sufficient.
4501 However, the WWW-Authenticate: Negotiate header line will not contain
4502 any data when the server has exhausted the negotiation, so we can use
4503 that coupled with the already allocated context pointer.
4505 Daniel Stenberg (5 Aug 2014)
4506 - RELEASE-NOTES: synced with 5b37db44a3eb
4508 Dan Fandrich (5 Aug 2014)
4509 - parsedate.c: fix the return code for an overflow edge condition
4511 Daniel Stenberg (5 Aug 2014)
4512 - [Toby Peterson brought this change]
4514 darwinssl: don't use strtok()
4516 The GetDarwinVersionNumber() function uses strtok, which is not
4519 - Curl_ossl_version: adapted to detect BoringSSL
4521 This seems to be the way it should work. Right now we can't build with
4522 BoringSSL and try this out properly due to a minor API breakage.
4524 - Curl_ossl_version: detect and show libressl
4526 LibreSSL is otherwise OpenSSL API compliant (so far)
4528 - [Tatsuhiro Tsujikawa brought this change]
4530 HTTP/2: Fix infinite loop in readwrite_data()
4532 To prevent infinite loop in readwrite_data() function when stream is
4533 reset before any response body comes, reset closed flag to false once
4534 it is evaluated to true.
4536 Dan Fandrich (3 Aug 2014)
4537 - gtls: only define Curl_gtls_seed if Nettle is not being used
4539 - ssl: provide Curl_ssl_backend even if no SSL library is available
4541 Daniel Stenberg (2 Aug 2014)
4542 - [Tatsuhiro Tsujikawa brought this change]
4544 HTTP2: Support expect: 100-continue
4546 "Expect: 100-continue", which was once deprecated in HTTP/2, is now
4547 resurrected in HTTP/2 draft 14. This change adds its support to
4548 HTTP/2 code. This change also includes stricter header field
4551 - CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
4553 - FEATURES: minor update
4555 - openssl: make ossl_send return CURLE_OK better
4557 Previously it only returned a CURLcode for errors, which is when it
4558 returns a different size than what was passed in to it.
4560 The http2 code only checked the curlcode and thus failed.
4562 - RELEASE-NOTES: synced with 7bb4c8cadb5d0
4564 - [Michael Wallner brought this change]
4566 CURLOPT_HEADEROPT.3: typo: do -> to
4568 - [Marcel Raad brought this change]
4570 schannel: use CryptGenRandom for random numbers
4572 This function is available for every Windows version since Windows 95/NT.
4575 http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
4577 - curl_version_info.3: 'ssl_version_num' is always 0
4579 ... and has been so since 2005
4581 - ssl: generalize how the ssl backend identifier is set
4583 Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
4584 one which was missing previously.
4586 Dan Fandrich (31 Jul 2014)
4587 - axtls: define curlssl_random using axTLS's PRNG
4589 - cyassl: fix the test for ASN_NO_SIGNER_E
4591 It's an enum so a macro test won't work. The CyaSSL changelog doesn't
4592 say exactly when this error code was introduced, but it's likely
4595 - cyassl: use RNG_GenerateBlock to generate a good random number
4597 - opts: fixed some typos
4599 - smtp: fixed a segfault during test 1320 torture test
4601 Under these circumstances, the connection hasn't been fully established
4602 and smtp_connect hasn't been called, yet smtp_done still calls the state
4603 machine which dereferences the NULL conn pointer in struct pingpong.
4605 Daniel Stenberg (30 Jul 2014)
4606 - vtls: repair build without TLS support
4608 ... by defining Curl_ssl_random() properly
4610 - polarssl: provide a (weak) random function
4612 This now provides a weak random function since PolarSSL doesn't have a
4613 quick and easy way to provide a good one. It does however provide the
4614 framework to make one so it _can_ and _should_ be done...
4616 - [Michael Wallner brought this change]
4618 curl_tlsinfo -> curl_tlssessioninfo
4620 - cyassl: use the default (weeker) random
4622 I couldn't find any dedicated function in its API to get a "good" random
4625 - cyassl: made it compile with version 2.0.6 again
4627 ASN_NO_SIGNER_E didn't exist back then!
4629 - vtls: make the random function mandatory in the TLS backend
4631 To force each backend implementation to really attempt to provide proper
4632 random. If a proper random function is missing, then we can explicitly
4633 make use of the default one we use when TLS support is missing.
4635 This commit makes sure it works for darwinssl, gnutls, nss and openssl.
4637 - libcurl.m4: include the standard source header
4639 ... with permission from David Shaw
4641 Kamil Dudka (28 Jul 2014)
4642 - nss: do not check the version of NSS at run time
4644 The minimal required version of NSS is 3.14.x so it does not make sense
4645 to check for NSS 3.12.0+ at run time.
4647 Daniel Stenberg (28 Jul 2014)
4648 - [Anthon Pang brought this change]
4650 curl.h: bring back CURLE_OBSOLETE16
4652 Removing defines, even obsolete ones that haven't been used for a very
4653 long time, still break a lot of applications.
4655 Bug: https://github.com/bagder/curl/pull/106
4657 Dan Fandrich (26 Jul 2014)
4658 - [Fabian Keil brought this change]
4660 tests: Fix a couple of incomplete response lines
4662 - [Fabian Keil brought this change]
4664 runtests.pl: Remove filteroff() which hasn't been used since 2001
4666 - [Fabian Keil brought this change]
4668 runtests.pl: Don't expect $TESTDIR/DISABLED to exist
4670 If a non-standard $TESTDIR is used the file may not be necessary.
4672 Previously a "missing" file resulted in the warning:
4673 readline() on closed filehandle D at ./runtests.pl line 4940.
4675 - [Fabian Keil brought this change]
4677 getpart.pm: Fix a comment typo
4679 Daniel Stenberg (25 Jul 2014)
4680 - c-ares: fix build without IPv6 support
4682 Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
4683 Reported-by: Spork Schivago
4685 - Curl_base64url_encode: unit-tested in 1302
4687 - base64: added Curl_base64url_encode()
4689 This is now used by the http2 code. It has two different symbols at the
4690 end of the base64 table to make the output "url safe".
4692 Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
4694 - [Marcel Raad brought this change]
4696 SSPI Negotiate: Fix 3 memory leaks
4698 Curl_base64_decode allocates the output string by itself and two other
4699 strings were not freed either.
4701 - symbols: CURL_VERSION_GSSNEGOTIATE is deprecated
4703 - test1013.pl: GSS-Negotiate doesn't exist as a feature anymore
4705 - [Sergey Nikulov brought this change]
4707 libtest: fixed duplicated line in Makefile
4709 Bug: https://github.com/bagder/curl/pull/105
4711 Patrick Monnerat (23 Jul 2014)
4712 - GSSAPI: remove useless *_MECHANISM defines.
4714 Daniel Stenberg (23 Jul 2014)
4715 - findprotocol: show unsupported protocol within quotes
4717 ... to aid when for example prefixed with a space or other weird
4720 Patrick Monnerat (23 Jul 2014)
4721 - GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date.
4723 Daniel Stenberg (23 Jul 2014)
4724 - [Marcel Raad brought this change]
4726 conncache: fix compiler warning
4728 warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
4731 The member connection_id of struct connectdata is a long (always a
4732 32-bit signed integer on Visual C++) and the member next_connection_id
4733 of struct conncache is a size_t, so one of them should be changed to
4736 This patch the size_t in struct conncache to long (the less invasive
4737 change as that variable is only ever used in a single code line).
4739 Bug: http://curl.haxx.se/bug/view.cgi?id=1399
4741 - RELEASE-NOTES: synced with 81cd24adb8b
4743 - http2: more and better error checking
4745 1 - fixes the warnings when built without http2 support
4747 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
4748 basically when they are about http2 specific things.
4750 Dan Fandrich (23 Jul 2014)
4751 - cyassl.c: return the correct error code on no CA cert
4753 CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
4754 so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
4757 Daniel Stenberg (23 Jul 2014)
4758 - symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0
4760 - test1013.pl: remove SPNEGO/GSS-API tweaks
4762 No longer necessary after Michael Osipov's rework
4764 - http_negotiate: remove unused variable
4766 - [Michael Osipov brought this change]
4768 docs: Improve inline GSS-API naming in code documentation
4770 - [Michael Osipov brought this change]
4772 curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
4774 - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
4775 - CURL_VERSION_GSSNEGOTIATE is deprecated which
4776 is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
4777 CURUL_VERSION_SPNEGO now.
4778 - Remove display of feature 'GSS-Negotiate'
4780 - [Michael Osipov brought this change]
4782 configure/features: Add feature and version info for GSS-API and SPNEGO
4784 - [Michael Osipov brought this change]
4786 HTTP: Remove checkprefix("GSS-Negotiate")
4788 That auth mech has never existed neither on MS nor on Unix side.
4789 There is only Negotiate over SPNEGO.
4791 - [Michael Osipov brought this change]
4793 curl_gssapi: Add macros for common mechs and pass them appropriately
4795 Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
4796 HTTP, FTP and SOCKS on Unix
4798 - CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
4800 This reverts commit cb3e6dfa3511 and instead fixes the problem
4803 The reverted commit addressed a test failure in test 1021 by simplifying
4804 and generalizing the code flow in a way that damaged the
4805 performance. Now we modify the flow so that Curl_proxyCONNECT() again
4806 does as much as possible in one go, yet still do test 1021 with and
4807 without valgrind. It failed due to mistakes in the multi state machine.
4809 Bug: http://curl.haxx.se/bug/view.cgi?id=1397
4810 Reported-by: Paul Saab
4812 - [Marcel Raad brought this change]
4814 url.c: use the preferred symbol name: *READDATA
4816 with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
4817 symbol (*INFILE) is used
4819 Bug: http://curl.haxx.se/bug/view.cgi?id=1398
4821 Dan Fandrich (19 Jul 2014)
4822 - [Alessandro Ghedini brought this change]
4824 CURLOPT_CHUNK_BGN_FUNCTION: fix typo
4826 Kamil Dudka (18 Jul 2014)
4827 - [Alessandro Ghedini brought this change]
4829 build: link curl to NSS libraries when NSS support is enabled
4831 This fixes a build failure on Debian caused by commit
4832 24c3cdce88f39731506c287cb276e8bf4a1ce393.
4834 Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
4836 Steve Holme (17 Jul 2014)
4837 - build: Removed unnecessary XML Documentation file directive from VC8 to VC12
4839 The curl tool project files for VC8 to VC12 would set this setting to
4840 $(IntDir) which is the Visual Studio default value. To avoid confusion
4841 when viewing settings from within Visual Studio and for consistency
4842 with the libcurl project files removed this setting.
4845 projects/Windows/VC10/src/curlsrc.tmpl
4846 projects/Windows/VC11/src/curlsrc.tmpl
4847 projects/Windows/VC12/src/curlsrc.tmpl
4848 projects/Windows/VC8/src/curlsrc.tmpl
4849 projects/Windows/VC9/src/curlsrc.tmpl
4851 - build: Removed unnecessary Precompiled Header file directive in VC7 to VC12
4853 The curl tool project files for VC7 to VC12 would set this settings to
4854 $(IntDir)$(TargetName).pch which is the Visual Studio default value. To
4855 avoid confusion when viewing settings from within Visual Studio and for
4856 consistency with the libcurl project files removed this setting.
4859 projects/Windows/VC10/src/curlsrc.tmpl
4860 projects/Windows/VC11/src/curlsrc.tmpl
4861 projects/Windows/VC12/src/curlsrc.tmpl
4862 projects/Windows/VC8/src/curlsrc.tmpl
4863 projects/Windows/VC9/src/curlsrc.tmpl
4865 - build: Removed unnecessary ASM and Object file directives in VC7 to VC12
4867 The curl tool project files for VC7 to VC12 would set these settings to
4868 $(IntDir) which is the Visual Studio default value. To avoid confusion
4869 when viewing settings from within Visual Studio and for consistency
4870 with the libcurl project files removed these two settings.
4872 Daniel Stenberg (17 Jul 2014)
4873 - [Dave Reisner brought this change]
4875 src/Makefile.am: add .DELETE_ON_ERROR
4877 This prevents targets like tool_hugehelp.c from leaving around
4878 half-constructed files if the rule fails with GNU make.
4880 Reported-by: Rafaël Carré <funman@videolan.org>
4882 - THANKS: added new contributors from 7.37.1 announcement
4884 Dan Fandrich (17 Jul 2014)
4885 - testcurl.pl: log the value of --runtestopts in the test header
4887 Daniel Stenberg (16 Jul 2014)
4888 - RELEASE-NOTES: cleared, working towards next release
4890 - curl_gssapi.c: make line shorter than 80 columns
4892 - [David Woodhouse brought this change]
4894 Fix negotiate auth to proxies to track correct state
4896 - [David Woodhouse brought this change]
4898 Don't abort Negotiate auth when the server has a response for us
4900 It's wrong to assume that we can send a single SPNEGO packet which will
4901 complete the authentication. It's a *negotiation* — the clue is in the
4902 name. So make sure we handle responses from the server.
4904 Curl_input_negotiate() will already handle bailing out if it thinks the
4905 state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
4906 talking to us, so we should avoid endless loops that way.
4908 - [David Woodhouse brought this change]
4910 Don't clear GSSAPI state between each exchange in the negotiation
4912 GSSAPI doesn't work very well if we forget everything ever time.
4914 XX: Is Curl_http_done() the right place to do the final cleanup?
4916 - [David Woodhouse brought this change]
4918 Use SPNEGO for HTTP Negotiate
4920 This is the correct way to do SPNEGO. Just ask for it
4922 Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
4923 isn't available. Of course, we bail out when the server responds with the
4924 challenge packet, since we don't expect that. But I'll fix that bug next...
4926 - [David Woodhouse brought this change]
4928 Remove all traces of FBOpenSSL SPNEGO support
4930 This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
4931 allows client and server to negotiate the underlying mechanism which will
4932 actually be used to authenticate. This is *often* Kerberos, and can also
4933 be NTLM and other things. And to complicate matters, there are various
4934 different OIDs which can be used to specify the Kerberos mechanism too.
4936 A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
4937 and will exchange GSSAPI tokens which are appropriate for that mechanism.
4939 But this SPNEGO implementation just strips the incoming SPNEGO packet
4940 and extracts the token, if any. And completely discards the information
4941 about *which* mechanism is being used. Then we *assume* it was Kerberos,
4942 and feed the token into gss_init_sec_context() with the default
4943 mechanism (GSS_S_NO_OID for the mech_type argument).
4945 Furthermore... broken as this code is, it was never even *used* for input
4946 tokens anyway, because higher layers of curl would just bail out if the
4947 server actually said anything *back* to us in the negotiation. We assume
4948 that we send a single token to the server, and it accepts it. If the server
4949 wants to continue the exchange (as is required for NTLM and for SPNEGO
4950 to do anything useful), then curl was broken anyway.
4952 So the only bit which actually did anything was the bit in
4953 Curl_output_negotiate(), which always generates an *initial* SPNEGO
4954 token saying "Hey, I support only the Kerberos mechanism and this is its
4957 You could have done that by manually just prefixing the Kerberos token
4958 with the appropriate bytes, if you weren't going to do any proper SPNEGO
4959 handling. There's no need for the FBOpenSSL library at all.
4961 The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
4962 SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
4963 is for. And then it should all Just Workâ„¢.
4965 That 'sane way' will be added in a subsequent patch, as will bug fixes
4966 for our failure to handle any exchange other than a single outbound
4967 token to the server which results in immediate success.
4969 - [David Woodhouse brought this change]
4971 ntlm_wb: Avoid invoking ntlm_auth helper with empty username
4973 - [David Woodhouse brought this change]
4975 ntlm_wb: Fix hard-coded limit on NTLM auth packet size
4977 Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
4978 a hard limit once let's just make it cope by reallocating as necessary.
4980 Version 7.37.1 (16 Jul 2014)
4982 Daniel Stenberg (16 Jul 2014)
4983 - RELEASE-NOTES: synced with 4cb2521595
4985 - test506: verify aa6884845168
4987 After the fixed cookie lock deadlock, this test now passes and it
4988 detects double-locking and double-unlocking of mutexes.
4990 - [Yousuke Kimoto brought this change]
4992 cookie: avoid mutex deadlock
4994 ... by removing the extra mutex locks around th call to
4995 Curl_flush_cookies() which takes care of the locking itself already.
4997 Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html
4999 - gnutls: fix compiler warning
5001 conversion to 'int' from 'long int' may alter its value
5003 Dan Fandrich (15 Jul 2014)
5004 - test320: strip off the actual negotiated cipher width
5006 It's irrelevant to the test, and will change depending on which SSL
5007 library is being used by libcurl.
5009 - gnutls: detect lack of SRP support in GnuTLS at run-time and try without
5011 Reported-by: David Woodhouse
5013 Daniel Stenberg (14 Jul 2014)
5014 - [Michał Górny brought this change]
5016 configure: respect host tool prefix for krb5-config
5018 Use ${host_alias}-krb5-config if available. This improves cross-
5019 compilation support and fixes multilib on Gentoo (at least).
5021 - [David Woodhouse brought this change]
5023 gnutls: handle IP address in cert name check
5025 Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
5026 didn't actually check IP addresses in SubjectAltName, even though it was
5027 explicitly documented as doing so. So do it ourselves...
5029 Dan Fandrich (14 Jul 2014)
5030 - build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r
5032 Daniel Stenberg (14 Jul 2014)
5033 - RELEASE-NOTES: next one is called 7.37.1
5035 Dan Fandrich (13 Jul 2014)
5036 - gnutls: improved error message if setting cipher list fails
5038 Reported-by: David Woodhouse
5040 - netrc: fixed thread safety problem by using getpwuid_r if available
5042 The old way using getpwuid could cause problems in programs that enable
5043 reading from netrc files simultaneously in multiple threads.
5045 Reported-by: David Woodhouse
5047 - RELEASE-NOTES: add the reporter of the previous bug fix
5049 - netrc: treat failure to find home dir same as missing netrc file
5051 This previously caused a fatal error (with a confusing error code, at
5054 Reported by: Glen A Johnson Jr.
5056 Steve Holme (12 Jul 2014)
5057 - RELEASE-NOTES: Synced with aaaf9e50ec
5059 - ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
5061 Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
5062 Reported-by: David Woodhouse
5064 - build: Fixed overridden compiler PDB settings in VC7 to VC12
5066 The curl tool project files for VC7 to VC12 would override the default
5067 setting with the output filename being the same as the linker PDB file.
5068 As such the compiler file would be overwritten with the linker file
5069 for all debug builds.
5071 To avoid this overwrite and for consistency with the libcurl project
5072 files, removed the setting to force the default filename to be used.
5074 Dan Fandrich (12 Jul 2014)
5075 - tests: added globbing keyword to URL globbing tests
5077 - Fixed some "statement not reached" warnings
5079 - gnutls: fixed a couple of uninitialized variable references
5081 - gnutls: fixed compilation against versions < 2.12.0
5083 The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
5084 the code path in which they're referenced here is only ever used for
5085 somewhat older GnuTLS versions. This caused undeclared identifier errors
5086 when compiling against those.
5088 - gnutls: explicitly added SRP to the priority string
5090 This seems to have become necessary for SRP support to work starting
5091 with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
5092 before the function that takes this priority string, there should be no
5093 issue with backward compatibility.
5095 - tests: adjust for capitalization differences in newer gnutls-serv
5097 - test320/1/2/4: fix the port number substitution variables
5099 These tests have been broken since commit 1958fe57 in Oct. 2011
5101 - tests: document more test identifiers and variables
5103 - gnutls: ignore invalid certificate dates with VERIFYPEER disabled
5105 This makes the behaviour consistent with what happens if a date can
5106 be extracted from the certificate but is expired.
5108 Steve Holme (10 Jul 2014)
5109 - CURLOPT_UPLOAD: Corrected argument type
5111 Daniel Stenberg (9 Jul 2014)
5112 - FAQ: expand the thread-safe section
5114 ... with a mention of *NOSIGNAL, based on talk in bug #1386
5116 Dan Fandrich (9 Jul 2014)
5117 - url.c: Fixed memory leak on OOM
5119 This showed itself on some systems with torture failures
5120 in tests 1060 and 1061
5122 - Update instances of some obsolete CURLOPTs to their new names
5124 Daniel Stenberg (5 Jul 2014)
5125 - [Marcel Raad brought this change]
5127 compiler warnings: potentially uninitialized variables
5129 ... pointed out by MSVC2013
5131 Bug: http://curl.haxx.se/bug/view.cgi?id=1391
5133 Kamil Dudka (4 Jul 2014)
5134 - nss: make the list of CRL items global
5136 Otherwise NSS could use an already freed item for another connection.
5138 - nss: fix a memory leak when CURLOPT_CRLFILE is used
5140 - nss: make crl_der allocated on heap
5142 ... and spell it as crl_der instead of crlDER
5144 - nss: let nss_{cache,load}_crl return CURLcode
5146 - tool: oops, forgot to include <plarenas.h>
5148 ... that contains the declaration of PL_ArenaFinish()
5150 - tool: call PL_ArenaFinish() on exit if NSPR is used
5152 This prevents valgrind from reporting still reachable memory allocated
5153 by NSPR arenas (mainly the freelist).
5155 Reported-by: Hubert Kario
5157 Daniel Stenberg (3 Jul 2014)
5158 - [Dimitrios Siganos brought this change]
5160 example: use correct type (long) for CURLOPT_FOLLOWLOCATION
5162 - [Dimitrios Siganos brought this change]
5164 Document type of argument for CURLOPT_FOLLOWLOCATION.
5166 - [Dimitrios Siganos brought this change]
5168 Document type of argument for CURLOPT_ERRORBUFFER.
5170 - [Dimitrios Siganos brought this change]
5172 Document type of argument for CURLOPT_COPYPOSTFIELDS.
5174 - [Dimitrios Siganos brought this change]
5176 Document type of argument for CURLOPT_ADDRESS_SCOPE.
5178 - curl.1: minor language fix
5180 Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
5182 - [Ray Satiro brought this change]
5184 progress callback: skip last callback update on errors
5186 When an error has been detected, skip the final forced call to the
5187 progress callback by making sure to pass the current return code
5188 variable in the Curl_done() call in the CURLM_STATE_DONE state.
5190 This avoids the "extra" callback that could occur even if you returned
5191 error from the progress callback.
5193 Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
5194 Reported by: Jonathan Cardoso Machado
5196 Dan Fandrich (2 Jul 2014)
5197 - opts: fixed some CURLOPT references so they get turned into links
5199 Kamil Dudka (2 Jul 2014)
5200 - tool: call PR_Cleanup() on exit if NSPR is used
5202 This prevents valgrind from reporting possibly lost memory that NSPR
5203 uses for file descriptor cache and other globally allocated internal
5206 - nss: make the fallback to SSLv3 work again
5208 This feature was unintentionally disabled by commit ff92fcfb.
5210 - nss: do not abort on connection failure
5212 ... due to calling SSL_VersionRangeGet() with NULL file descriptor
5214 reported-by: upstream tests 305 and 404
5216 Dan Fandrich (1 Jul 2014)
5217 - opts: Document the socket callback function parameters
5219 Steve Holme (28 Jun 2014)
5220 - opts: Fixed some typos
5222 Dan Fandrich (25 Jun 2014)
5223 - curl_easy_setopt.3: fixed the error code for an unsupported option
5225 - opts: added some DEFAULT and RETURN VALUE sections
5227 Daniel Stenberg (21 Jun 2014)
5228 - libcurl docs: man page edits
5230 mainly to improve how the web versions render
5232 Dan Fandrich (21 Jun 2014)
5233 - curl_easy_setopt.3: fixed some typos
5235 Daniel Stenberg (21 Jun 2014)
5236 - lib man pages: update easy setopt option references
5238 ... by using the "\fIopt(3)\fP" syntax they will be linked properly when
5239 the web version of the page is generated.
5241 - opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default
5243 - [Colin Hogben brought this change]
5245 lib: documentation updates in README.hostip
5247 c-ares now does support IPv6;
5248 avoid implying threaded resolver is Windows-only;
5249 two referenced source files were renamed in 7de2f92
5251 - curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
5253 ... to the always-copy-char *-argument.
5255 And fix some minor mistakes.
5257 - curl_easy_setopt.3: refer to the individual man pages
5259 With all the new individual option man pages created, this now refers to
5260 each separate one instead of duplicaing the info. Also makes this page
5263 Dan Fandrich (21 Jun 2014)
5264 - opts: fixed mancheck for out-of-tree builds
5266 Daniel Stenberg (21 Jun 2014)
5267 - curl_easy_setopt.3: shorten
5269 shorten descriptions, mostly refer to the separate descriptions
5271 - CURLOPT_DNS_LOCAL_IP4.3: better short desc
5273 Dan Fandrich (20 Jun 2014)
5274 - opts: document CURLE_OUT_OF_MEMORY among other return values
5276 - opts: fixed some typos
5278 Daniel Stenberg (20 Jun 2014)
5279 - opts: various corrections
5281 - opts: add the rest of the options
5283 ... and fixed mancheck to ignore obsolete options
5285 - opts: the final bunch of options as man pages
5287 Now all current options have their own man pages.
5289 - opts: 37 additional man pages
5291 - CURLOPT_URL: move up the text from "Notes"
5293 - ROADMAP: removed, now ROADMAP.md
5295 - ROADMAP.md: make it markdown formatted
5297 - ROADMAP: initial commit of "curl the next few years"
5299 To be further discussed, debated and edited
5301 - opts: more man pages
5303 - CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'
5305 - opts: makefile now includes all current man pages
5307 - opts: 11 more man pages
5309 Dan Fandrich (18 Jun 2014)
5310 - opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE
5312 - opts: fixed a couple of typos
5314 Patrick Monnerat (18 Jun 2014)
5315 - OS400: make it compilable again. Make RPG binding up to date.
5317 - buildconf: do not search tools in current directory.
5319 Dan Fandrich (18 Jun 2014)
5320 - curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
5322 This is consistent with the existing obsolete error code naming
5325 Daniel Stenberg (18 Jun 2014)
5326 - opts: 16 more man pages