Changelog
-Version 7.32.0 (11 Aug 2013)
+Version 7.40.0 (7 Jan 2015)
-Daniel Stenberg (11 Aug 2013)
-- THANKS: added contributors from the 7.32.0 release notes
+Daniel Stenberg (7 Jan 2015)
+- RELEASE-NOTES: version 7.40.0
-- [Fabian Keil brought this change]
-
- test1228: add 'HTTP proxy' to the keywords
-
-- [Fabian Keil brought this change]
-
- tests: add keywords for a couple of FILE tests
-
-- [Fabian Keil brought this change]
-
- tests: add 'FAILURE' keywords to tests 1409 and 1410
-
-- [Fabian Keil brought this change]
-
- tests: add keywords for a couple of HTTP tests
-
-- [Fabian Keil brought this change]
-
- tests: add keywords for a couple of FTP tests
-
-- [Fabian Keil brought this change]
-
- test1511: consistently terminate headers with CRLF
-
-- DISABLED: shut of test 1512 for now
+- darwinssl: fix session ID keys to only reuse identical sessions
- It shows intermittent failures and I haven't been able to track them
- down yet. Disable this test for now.
-
-- curl_multi_add_handle.3: ... that timer callback is for event-based
-
-- comments: remove old and wrong multi/easy interface statements
-
-- curl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use
-
-- [John E. Malmberg brought this change]
-
- KNOWN_BUGS: 22 and 57 have been fixed and committed
-
-- RELEASE-NOTES: synced with d20def20462e7
-
-- global dns cache: fix memory leak
+ ...to avoid a session ID getting cached without certificate checking and
+ then after a subsequent _enabling_ of the check libcurl could still
+ re-use the session done without cert checks.
- The take down of the global dns cache didn't take CURLOPT_RESOLVE names
- into account.
+ Bug: http://curl.haxx.se/docs/adv_20150108A.html
+ Reported-by: Marc Hesse
-- global dns cache: didn't work [regression]
+- tests: make sure CRLFs can't be used in URLs passed to proxy
- CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been
- broken since the libcurl 7.29.0 release). While this option has been
- documented as deprecated for almost a decade and nobody even reported
- this bug, it should remain functional.
+ Bug: http://curl.haxx.se/docs/adv_20150108B.html
+
+- url-parsing: reject CRLFs within URLs
- Added test case 1512 to verify
+ Bug: http://curl.haxx.se/docs/adv_20150108B.html
+ Reported-by: Andrey Labunets
-Yang Tse (8 Aug 2013)
-- [John Malmberg brought this change]
+Steve Holme (7 Jan 2015)
+- ldap: Convert attribute output to UTF-8 when Unicode
- packages/vms: update VMS build files
-
- VMS modified files either missing from a previous commit and changes
- to remove references to CVS repositories.
+- ldap: Convert DN output to UTF-8 when Unicode
-Daniel Stenberg (8 Aug 2013)
-- FTP: renamed several local functions
-
- The previous naming scheme ftp_state_post_XXXX() wasn't really helpful
- as it wasn't always immediately after 'xxxx' and it wasn't easy to
- understand what it does based on such a name.
+Daniel Stenberg (7 Jan 2015)
+- hostip: remove 'stale' argument from Curl_fetch_addr proto
- This new one is instead ftp_state_yyyy() where yyyy describes what it
- does or sends.
+ Also, remove the log output of the resolved name is NOT in the cache in
+ the spirit of only telling when something is actually happening.
-- mk-ca-bundle.1: don't install on make install
+Steve Holme (7 Jan 2015)
+- ldap/imap: Fixed spelling mistake in comments and variable names
- Since the mk-ca-bundle tool itself isn't installed with make install,
- there's no point in installing its documentation.
-
- Bug: http://curl.haxx.se/mail/lib-2013-08/0057.html
- Reported-by: Guenter Knauf
+ Reported-by: Michael Osipov
-Yang Tse (7 Aug 2013)
-- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+Daniel Stenberg (7 Jan 2015)
+- RELEASE-NOTES: updated with ./contributors.sh output
-- [John Malmberg brought this change]
+Dan Fandrich (5 Jan 2015)
+- curl_multibyte.h: Eliminated some trailing whitespace
- Building_vms_pcsi_kit
-
- These are the files needed to build VMS distribution packages known as
- PCSI kits.
-
- Also minor update to the existing files, mainly to the documentation and
- file clean up code.
+Steve Holme (4 Jan 2015)
+- RELEASE-NOTES: Synced with ea93252ef1
-Daniel Stenberg (6 Aug 2013)
-- LIBCURL-STRUCTS: new document
-
- This is the first version of this new document, detailing the seven
- perhaps most important internal structs in libcurl source code:
+- ldap: Fixed Unicode usage for all Win32 builds
- 1.1 SessionHandle
- 1.2 connectdata
- 1.3 Curl_multi
- 1.4 Curl_handler
- 1.5 conncache
- 1.6 Curl_share
- 1.7 CookieInfo
+ Otherwise, the fixes in the previous commits would only be applicable
+ to IDN and SSPI based builds and not others such as OpenSSL with LDAP
+ enabled.
-- CONTRIBUTE: minor language polish
+- ldap: Fixed memory leak from commit efb64fdf80
-- FTP: when EPSV gets a 229 but fails to connect, retry with PASV
-
- This is a regression as this logic used to work. It isn't clear when it
- broke, but I'm assuming in 7.28.0 when we went all-multi internally.
-
- This likely never worked with the multi interface. As the failed
- connection is detected once the multi state has reached DO_MORE, the
- Curl_do_more() function was now expanded somewhat so that the
- ftp_do_more() function can request to go "back" to the previous state
- when it makes another attempt - using PASV.
-
- Added test case 1233 to verify this fix. It has the little issue that it
- assumes no service is listening/accepting connections on port 1...
-
- Reported-by: byte_bucket in the #curl IRC channel
+- ldap: Fix memory leak from commit 3a805c5cc1
-Nick Zitzmann (5 Aug 2013)
-- md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard
+- ldap: Fixed attribute variable warnings when Unicode is enabled
- For some reason, OS X 10.5's GCC suddenly stopped working correctly with
- macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I
- worked around this by removing use of the macros and inserting static
- functions that just call CommonCrypto's implementations of the functions
- instead.
+ Use 'TCHAR *' for local attribute variable rather than 'char *'.
-Guenter Knauf (5 Aug 2013)
-- Simplify check for trusted certificates.
+- ldap: Fixed DN variable warnings when Unicode is enabled
- This changes the previous check for untrusted certs to a check for
- certs explicitely marked as trusted.
- The change is backward-compatible (tested with certdata.txt v1.80).
+ Use 'TCHAR *' for local DN variable rather than 'char *'.
-Daniel Stenberg (5 Aug 2013)
-- configure: warn on bad env variable use, don't error
+- ldap: Remove the unescape_elements() function
- Use XC_CHECK_BUILD_FLAGS instead XC_CHECK_USER_FLAGS.
+ Due to the recent modifications this function is no longer used.
-- Revert "configure: don't error out on variable confusions, just warn"
+- ldap.c: Fixed compilation warning
- This reverts commit 6b27703b5f525eccdc0a8409f51de8595c75132a.
+ ldap.c:98: warning: extra tokens at end of #endif directive
-- formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
-
- The internal function that's used to detect known file extensions for
- the default Content-Type got the the wrong pointer passed in when
- CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
- strlen() would be used which could lead to an out-of-bounds read (and
- thus segfault). In most cases it would only lead to it not finding or
- using the correct default content-type.
-
- It also showed that test 554 and test 587 were testing for the
- previous/wrong behavior and now they're updated as well.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1262
- Reported-by: Konstantin Isakov
+- ldap: Fixed support for Unicode filter in Win32 search call
-Guenter Knauf (4 Aug 2013)
-- Skip more untrusted certificates.
+- ldap.c: Fixed compilation warning
- Christian Heimes brought to our attention that the certdata.txt
- format has recently changed [1], causing ca-bundle.crt created
- with mk-ca-bundle.[pl|vbs] to include untrusted certs.
-
- [1] http://lists.debian.org/debian-release/2012/11/msg00411.html
+ ldap.c:802: warning: comparison between signed and unsigned integer
+ expressions
-Daniel Stenberg (4 Aug 2013)
-- configure: don't error out on variable confusions, just warn
+- ldap: Fixed support for Unicode attributes in Win32 search call
-- configure: rephrase the notice in _XC_CHECK_VAR_*
+- ldap: Fixed memory leak from commit efb64fdf80
- Instead of claiming it is an error, we call it a "note" to reduce the
- severity level. But the following text now says the [variable] "*should*
- only be used to specify"... instead of previously having said "may".
+ The unescapped DN was not freed after a successful character conversion.
-- multi: remove data->state.current_conn struct field
+- ldap.c: Fixed compilation error
- Not needed
+ ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
+ just 1
-- multi: remove the one_easy struct field
+- ldap.c: Fixed compilation warning
- Since the merge of SessionHandle with Curl_one_easy, this indirection
- isn't used anymore.
+ ldap.c:89: warning: extra tokens at end of #endif directive
-- multi: rename all Curl_one_easy to SessionHandle
+- ldap: Fixed support for Unicode DN in Win32 search call
-- multi: remove the multi_pos struct field
-
- Since Curl_one_easy is really a SessionHandle now, this indirection
- doesn't exist anymore.
+- ldap: Fixed Unicode user and password in Win32 bind calls
-- multi: remove easy_handle struct field
-
- It isn't needed anymore
+- ldap: Fixed Unicode host name in Win32 initialisation calls
-- multi: remove 'Curl_one_easy' struct, phase 1
-
- The motivation for having a separate struct that keep track of an easy
- handle when using the multi handle was removed when we switched to
- always using the multi interface internally. Now they were just two
- separate struct that was always allocated for each easy handle.
-
- This first step just moves the Curl_one_easy struct members into the
- SessionHandle struct and hides this somehow (== keeps the source code
- changes to a minimum) by defining Curl_one_easy to SessionHandle
-
- The biggest changes in this commit are:
-
- 1 - the linked list of easy handles had to be changed somewhat due
- to the new struct layout. This made the main linked list pointer
- get renamed to 'easyp' and there's also a new pointer to the last
- node, called easylp. It is no longer circular but ends with ->next
- pointing to NULL. New nodes are still added last.
+- ldap: Use host.dispname for infof() connection failure messages
- 2 - easy->state is now called easy->mstate to avoid name collision
+ As host.name may be encoded use dispname for infof() failure messages.
-Steve Holme (2 Aug 2013)
-- Revert "DOCS: Added IMAP URL example for listing new messages"
-
- This reverts commit 82ab5f1b0c7c3f as this was the wrong place to
- document the complexity of IMAP URLs and Custom Requests.
+- ldap: Prefer 'CURLcode result' for curl result codes
-- DOCS: Added IMAP URL example for listing new messages
+- ldap: Pass write length in all Curl_client_write() calls
- In addition to listing the folder contents, in the URL examples, added
- an example to list the new messages waiting in the user's inbox.
-
-Yang Tse (1 Aug 2013)
-- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+ As we get the length for the DN and attribute variables, and we know
+ the length for the line terminator, pass the length values rather than
+ zero as this will save Curl_client_write() from having to perform an
+ additional strlen() call.
-- [John Malmberg brought this change]
-
- Add in the files needed to build libcurl shared images on VMS.
-
- Update the packages/vms/readme file to be current.
-
- Also some files for the GNV based build were either missing or needed an
- update.
-
- curl_crtl_init.c is a special file that is run before main() to
- set up the proper C runtime behavior.
-
- generate_vax_transfer.com generates the VAX transfer vector modules from
- the gnv_libcurl_symbols.opt file.
-
- gnv_conftest.c_first is a helper file needed for configure scripts to
- come up with the expected answers on VMS.
-
- gnv_libcurl_symbols.opt is the public symbols for the libcurl shared
- image.
+- ldap: Fixed attribute memory leaks on failed client write
- gnv_link_curl.com builds the shared libcurl image and rebuilds other
- programs to use it.
-
- macro32_exactcase.patch is a hack to make a local copy of the VMS Macro32
- assembler case sensitive, which is needed to build the VAX transfer modules.
-
- report_openssl_version.c is a tool for help verify that the libcurl
- shared image is being built for a minium version of openssl.
+ Fixed memory leaks from commit 086ad79970 as was noted in the commit
+ comments.
-- curl: second follow-up for commit 5af2bfb9
+- ldap: Fixed DN memory leaks on failed client write
- Display progress-bar unconditionally on first call
+ Fixed memory leaks from commit 086ad79970 as was noted in the commit
+ comments.
-- curl: follow-up for commit 5af2bfb9
+- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
- Use tvnow() and tvdiff() to avoid introducing new linkage issues
-
-Daniel Stenberg (31 Jul 2013)
-- curl: --progress-bar max update frequency now at 5Hz
+ curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
+ [8]') to parameter of type 'char *' converts
+ between pointers to integer types with different
+ sign
-- curl: make --progress-bar update the line less frequently
-
- Also, use memset() instead of a lame loop.
-
- The previous logic that tried to avoid too many updates were very
- ineffective for really fast transfers, as then it could easily end up
- doing hundreds of updates per second that would make a significant
- impact in transfer performance!
+- ntlm: Use extend_key_56_to_64() for all cryptography engines
- Bug: http://curl.haxx.se/mail/archive-2013-07/0031.html
- Reported-by: Marc Doughty
+ Rather than duplicate the code in setup_des_key() for OpenSSL and in
+ extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
+ the same, use extend_key_56_to_64() for all engines.
-Nick Zitzmann (30 Jul 2013)
-- darwinssl: added LFs to some strings passed into infof()
-
- (This doesn't need to appear in the release notes.) I noticed a few places
- where infof() was called, and there should've been an LF at the end of the
- string, but there wasn't.
+- RELEASE-NOTES: Synced with 34f0bd110f
-- darwinssl: fix build error in crypto authentication under Snow Leopard
-
- It turns out Snow Leopard not only has SecItemCopyMatching() defined in
- a header not included by the omnibus header, but it won't work for our
- purposes, because searching for SecIdentityRef objects wasn't added
- to that API until Lion. So we now use the old SecKeychainSearch API
- instead if the user is building under, or running under, Snow Leopard.
+- curl_ntlm_core.c: Fixed compilation warning
- Bug: http://sourceforge.net/p/curl/bugs/1255/
- Reported by: Edward Rudd
+ curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
+ but not used
-- md5 & metalink: use better build macros on Apple operating systems
+- endian: Fixed bit-shift in 64-bit integer read functions
- Previously we used __MAC_10_X and __IPHONE_X to mark digest-generating
- code that was specific to OS X and iOS. Now we use
- __MAC_OS_X_VERSION_MAX_ALLOWED and __IPHONE_OS_VERSION_MAX_ALLOWED
- instead of those macros.
+ From commit 43792592ca and 4bb5a351b2.
- Bug: http://sourceforge.net/p/curl/bugs/1255/
- Reported by: Edward Rudd
+ Reported-by: Michael Osipov
-Yang Tse (29 Jul 2013)
-- tool_operhlp.c: fix add_file_name_to_url() OOM handling
+- smb: Use endian functions for reading NBT and message size values
-- tool_operate.c: fix brace placement for vi/emacs delimiter matching
+- endian: Added big endian read functions
-- tool_operate.c: move <fabdef.h> header inclusion location
+- endian: Added 64-bit integer read function
-Daniel Stenberg (29 Jul 2013)
-- RELEASE-NOTES: synced with b5478a0e033e7
+- COPYING: Bumped copyright year to 2015
-- curl_easy_pause: on unpause, trigger mulit-socket handling
-
- When the multi-socket API is used, we need the handle to be checked
- again when it gets unpaused.
+- version: Bump copyright year to 2015
+
+- smb.c: Fixed compilation warnings
- Bug: http://curl.haxx.se/mail/lib-2013-07/0239.html
- Reported-by: Justin Karneges
+ smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
+ smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
+ smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
-- [John E. Malmberg brought this change]
+- smb: Use endian functions for reading length and offset values
- curl_formadd: fix file upload on VMS
-
- For the standard VMS text file formats, VMS needs to read the file to
- get the actual file size.
-
- For the standard VMS binary file formats, VMS needs a special format of
- fopen() call so that it stops reading at the logical end of file instead
- of at the end of the blocks allocated to the file.
-
- I structured the patch this way as I was not sure about changing the
- structures or parameters to the routines, but would prefer to only call
- the stat() function once and pass the information to where the fopen()
- call is made.
-
- Bug: https://sourceforge.net/p/curl/bugs/758/
+- endian: Added 16-bit integer write function
-- formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
-
- The code for CURLFORM_FILECONTENT had its check for duplicate options
- wrong so that it would reject CURLFORM_PTRNAME if used in combination
- with it (but not CURLFORM_COPYNAME)! The flags field used for this
- purpose cannot be interpreted that broadly.
+- endian: Fixed Linux compilation issues
- Bug: http://curl.haxx.se/mail/lib-2013-07/0258.html
- Reported-by: Byrial Jensen
+ Having files named endian.[c|h] seemed to cause issues under Linux so
+ renamed them both to have the curl_ prefix in the filenames.
-Yang Tse (25 Jul 2013)
-- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+- [Julien Nabet brought this change]
-- [John E. Malmberg brought this change]
+ lib1900.c: Fixed cppcheck error
+
+ lib1900.c:182: (style) Array index 'handlenum' is used before limits
+ check
+
+ Bug: https://github.com/bagder/curl/pull/133
- VMS: intial set of files to allow building using GNV toolkit.
+- endian: Added standard function descriptions
-- string formatting: fix too many arguments for format
+- endian: Renamed functions for curl API naming convention
-- string formatting: fix zero-length printf format string
+- endian: Moved write functions to new module
-- easy.c: curl_easy_getinfo() fix va_start/va_end matching
+- endian: Moved read functions to new module
-- imap.c: imap_sendf() fix va_start/va_end matching
+- endian: Introduced endian module
+
+ To allow the little endian functions, currently used in two of the NTLM
+ source files, to be used by other modules such as the SMB module.
-- string formatting: fix 15+ printf-style format strings
+- sepheaders.c: Applied curl oding standards
-Patrick Monnerat (24 Jul 2013)
-- OS400: sync ILE/RPG binding with current curl.h
+- [Julien Nabet brought this change]
-Yang Tse (24 Jul 2013)
-- string formatting: fix 25+ printf-style format strings
+ sepheaders.c: Fixed resource leak on failure
-Daniel Stenberg (23 Jul 2013)
-- Makefile.am: use LDFLAGS as well when linking libcurl
+- vtls: Use '(void) arg' for unused parameters
- Linking on Solaris 10 x86 with Sun Studio 12 failed when we upgraded
- automake for the release builds.
+ Prefer void for unused parameters, rather than assigning an argument to
+ itself as a) unintelligent compilers won't optimize it out, b) it can't
+ be used for const parameters, c) it will cause compilation warnings for
+ clang with -Wself-assign and d) is inconsistent with other areas of the
+ curl source code.
+
+- smb.c: Fixed compilation warning
- Bug: http://curl.haxx.se/bug/view.cgi?id=1217
- Reported-by: Dagobert Michelsen
+ smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
-- [Fabian Keil brought this change]
+- [Bill Nagel brought this change]
- url.c: Fix dot file path cleanup when using an HTTP proxy
+ smb: Use the connection's upload buffer
- Previously the path was cleaned, but the URL wasn't properly updated.
+ Use the connection's upload buffer instead of allocating our own send
+ buffer.
-- [Fabian Keil brought this change]
+- RELEASE-NOTES: Synced with 1933f9d33c
- tests: test1232 verifies dotdot removal from path with proxy
-
-- [Fabian Keil brought this change]
+- schannel: Moved the ISC return flag definitions to the SSPI module
+
+ Moved our Initialize Security Context return attribute definitions to
+ the SSPI module, as a) these can be used by other SSPI based providers
+ and b) the ISC required attributes are defined there.
- dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify()
+- [Bill Nagel brought this change]
-- [John E. Malmberg brought this change]
+ smb: Close the connection after a failed client write
- build_vms.com: fix debug and float options
+- darwinssl: Fixed compilation warning
- In the reorganization of the build_vms.com the debug and float options
- were not fixed up correctly.
+ vtls.c:683:43: warning: unused parameter 'data'
-- [John E. Malmberg brought this change]
-
- curl: fix upload of a zip file in OpenVMS
+- sockfilt.c: Fixed compilation warnings
- Two fixes:
+ sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+
+- test1509: Fixed compilation warning
- 1. Force output file format to be stream-lf so that partial downloads
- can be continued.
+ lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
+ alter its value
+
+- test556: Fixed compilation warning
- This should have minor impact as if the file does not exist, it was
- created with stream-lf format. The only time this was an issue is if
- there was already an existing file with a different format.
+ lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
+ alter its value
+
+- sasl_gssapi: Fixed use of dummy username with real username
+
+- vtls: Fixed compilation warning and an ignored return code
- 2. Fix file uploads are now fixed.
+ curl_schannel.h:123: warning: right-hand operand of comma expression
+ has no effect
- a. VMS binary files such as ZIP archives are now uploaded
- correctly.
+ Some instances of the curlssl_close_all() function were declared with a
+ void return type whilst others as int. The schannel version returned
+ CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
+ return code was ignored by the calling function Curl_ssl_close_all().
- b. VMS text files are read once to get the correct size
- and then converted to line-feed terminated records as
- they are read into curl.
+ For the time being and to keep the internal API consistent, changed all
+ declarations to use a void return type.
- The default VMS text formats do not contain either line-feed or
- carriage-return terminated records. Those delimiters are added by the
- operating system file read calls if the application requests them.
+ To reduce code we might want to consider removing the unimplemented
+ versions and use a void #define like schannel does.
+
+Daniel Stenberg (28 Dec 2014)
+- TODO: 2.3 Better support for same name resolves
+
+Steve Holme (28 Dec 2014)
+- test1520: Fixed initial teething problems
- Bug: http://curl.haxx.se/bug/view.cgi?id=496
+ * Missing initialisation of upload status caused a seg fault
+ * Missing data termination caused corrupt data to be uploaded
+ * Data verification should be performed in <upload> element
+ * Added missing recipient list cleanup
-Yang Tse (22 Jul 2013)
-- libtest: fix data type of some *_setopt() 'long' arguments
+- test1520: Fixed compilation errors
-- curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output
+- tests: Added test for bug #1456
-- curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
+- checksrc.bat: Fixed a problem opening files with spaces in the filename
-- tool_operate.c: fix passing curl_easy_setopt long arg on some x64 ABIs
-
- We no longer pass our 'bool' data type variables nor constants as
- an argument to my_setopt(), instead we use proper 1L or 0L values.
-
- This also fixes macro used to pass string argument for CURLOPT_SSLCERT,
- CURLOPT_SSLKEY and CURLOPT_EGDSOCKET using my_setopt_str() instead of
- my_setopt().
-
- This also casts enum or int argument data types to long when passed to
- my_setopt_enum().
+- openldap: Prefer use of 'CURLcode result'
-Daniel Stenberg (21 Jul 2013)
-- curl_multi_wait: fix revents
-
- Commit 6d30f8ebed34e7276 didn't work properly. First, it used the wrong
- array index, but this fix also:
-
- 1 - only does the copying if indeed there was any activity
+- openldap: Use 'LDAPMessage *msg' for messages
- 2 - makes sure to properly translate between internal and external
- bitfields, which are not guaranteed to match
-
- Reported-by: Evgeny Turnaev
+ This frees up the 'result' variable for CURLcode based result codes.
-- RELEASE-NOTES: synced with d529f3882b9bca
+- nss: Don't ignore Curl_extract_certinfo() OOM failure
-- curl_easy_perform: gradually increase the delay time
-
- Instead of going 50,100,150 etc millisecond delay time when nothing has
- been found to do or wait for, we now start lower and double each loop as
- in 4,8,16,32 etc.
-
- This lowers the minimum wait without sacrifizing the longer wait too
- much with unnecessary CPU cycles burnt.
-
- Bug: http://curl.haxx.se/mail/lib-2013-07/0103.html
- Reported-by: Andreas Malzahn
+- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
-- ftp_do_more: consider DO_MORE complete when server connects back
-
- In the case of an active connection when ftp_do_more() detects that the
- server has connected back, it must make sure to mark it as complete so
- that the multi_runsingle() function will detect this and move on to the
- next state.
+- nss: Use 'CURLcode result' for curl result codes
- Bug: http://curl.haxx.se/mail/lib-2013-07/0115.html
- Reported-by: Clemens Gruber
+ ...and don't use CURLE_OK in failure/success comparisons.
-Yang Tse (19 Jul 2013)
-- Makefile.b32: Borland makefile adjustments. Tested with BCC 5.5.1
+- getinfo: Code style policing
-- WIN32 MemoryTracking: require UNICODE for wide strdup code support
+- getinfo: Use 'CURLcode result' for curl result codes
-Daniel Stenberg (18 Jul 2013)
-- CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
-
- CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function
- and CURLOPT_PROGRESSFUNCTION is considered deprecated.
-
- This new callback uses pure 'curl_off_t' arguments to pass on full
- resolution sizes. It otherwise retains the same characteristics: the
- same call rate, the same meanings for the arguments and the return code
- is used the same way.
-
- The progressfunc.c example is updated to show how to use the new
- callback for newer libcurls while supporting the older one if built with
- an older libcurl or even built with a newer libcurl while running with
- an older.
+- darwinssl: Use 'CURLcode result' for curl result codes
-Yang Tse (18 Jul 2013)
-- Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage".
-
- This reverts commit 7ed25cc, reinstating commit 8ec2cb5.
-
- As of 18-jul-2013 we still do have code in libcurl that makes use of these
- memory functions. Commit 8ec2cb5 comment still applies and is yet valid.
-
- These memory functions are solely used in Windows builds, so all related
- code is protected with '#ifdef WIN32' preprocessor conditional compilation
- directives.
+- polarssl: Use 'CURLcode result' for curl result codes
+
+- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
- Specifically, wcsdup() _wcsdup() are used when building a Windows target with
- UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case
- when building a Windows UNICODE target with Windows native SSL/TLS support
- enabled.
+ As this feature has been implemented for 7.40.0.
+
+- asiohiper.cpp: No need to initialise members of ConnInfo
- Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage
- of these is hidden behind _tcsdup() which is MS way of dealing with code
- that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS
- header files and those compatible from other compilers use this preprocessor
- conditional compilation directive in order to select at compilation time
- whether 'wide' or 'ansi' MS API functions are used.
+ ...as calloc() automatically clears the area of memory with zeros.
+
+- asiohiper.cpp: Updated for curl coding standards
- Without this code, Windows build targets with Windows native SSL/TLS support
- enabled and MemoryTracking support enabled misbehave in tracking memory usage,
- regardless of being a UNICODE enabled build or not.
+ ...with the exception of the start of block statement curly brackets.
-- xc-am-iface.m4: comments refinement
+- code/docs: Use correct case for IPv4 and IPv6
+
+ For consistency, as we seem to have a bit of a mixed bag, changed all
+ instances of ipv4 and ipv6 in comments and documentations to use the
+ correct case.
-- configure: fix 'subdir-objects' distclean related issue
+- runtests: Fixed detection of Unix Sockets feature
- See XC_AMEND_DISTCLEAN comments for details.
+ ...following change in curl --version output.
-Daniel Stenberg (18 Jul 2013)
-- [Evgeny Turnaev brought this change]
+- code/docs: Use Unix rather than UNIX to avoid use of the trademark
+
+ Use Unix when generically writing about Unix based systems as UNIX is
+ the trademark and should only be used in a particular product's name.
- curl_multi_wait: set revents for extra fds
+- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
- Pass back the revents that happened for the user-provided file
- descriptors.
+ if2ip.c:119: warning: unused parameter 'remote_scope_id'
+
+ ...and some minor code style policing in the same function.
-- [Ben Greear brought this change]
+- vtls: Don't set cert info count until memory allocation is successful
+
+ Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
+ member variable to the requested count, which could then be used
+ incorrectly as libcurl closes down.
- asyn-ares: Don't blank ares servers if none configured.
+- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
- Best to just let c-ares use it's defaults if none are configured
- in (lib)curl.
+ The return type for this function was 0 on success and 1 on error. This
+ was then examined by the calling functions and, in most cases, used to
+ return CURLE_OUT_OF_MEMORY.
- Signed-off-by: Ben Greear <greearb@candelatech.com>
+ Instead use CURLcode for the return type and return the out of memory
+ error directly, propagating it up the call stack.
-- [Sergei Nikulov brought this change]
-
- cmake: Fix for MSVC2010 project generation
+- configure: Use camel case for UNIX sockets feature output
- Fixed issue with static build for MSVC2010.
+ To match the curl --version output.
+
+Marc Hoersken (26 Dec 2014)
+- sockfilt.c: Reduce the number of individual memory allocations
- After some investigation I've discovered known issue
- http://public.kitware.com/Bug/view.php?id=11240 When .rc file is linked
- to static lib it fails with following linker error
+ Merge multiple internal arrays into one, even if some variables
+ will not not be used. They are all created with the number of
+ file descriptors as their size.
- LINK : warning LNK4068: /MACHINE not specified; defaulting to X86
- file.obj : fatal error LNK1112: module machine type 'x64' conflicts with
- target machine type 'X86'
+ Also fix possible thread handle leak in CloseHandle-loop.
+
+- sockfilt.c: Replace 100ms sleep with thread throttle
- Fix add target property /MACHINE: for MSVC generation.
+ Improves performance of test cases 574 and 575 by 50%.
- Also removed old workarounds - it caused errors during msvc build.
+ A value of zero causes the thread to relinquish the remainder
+ of its time slice to any other thread of equal priority that is
+ ready to run. If there are no other threads of equal priority
+ ready to run, the function returns immediately, and the thread
+ continues execution.
- Bug: http://curl.haxx.se/mail/lib-2013-07/0046.html
-
-- mk-ca-bundle.1: point out certdata.txt format docs
-
-Yang Tse (16 Jul 2013)
-- slist.c: Curl_slist_append_nodup() OOM handling fix
+ http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx
-Daniel Stenberg (16 Jul 2013)
-- test1414: FTP PORT download without SIZE support
+Steve Holme (25 Dec 2014)
+- tool_help: Use camel case for UNIX sockets feature output
+
+ In line with the other features listed in the --version output,
+ capitalise the UNIX socket feature.
-Yang Tse (16 Jul 2013)
-- tests/Makefile.am: add configurehelp.pm to DISTCLEANFILES
+- vtls: Use bool for Curl_ssl_getsessionid() return type
+
+ The return type of this function is a boolean value, and even uses a
+ bool internally, so use bool in the function declaration as well as
+ the variables that store the return value, to avoid any confusion.
-Patrick Monnerat (15 Jul 2013)
-- curl_slist_append(): fix error detection
+- schannel: Minor code style policing for casts
-- slist.c: fix indentation
+- schannel: Prefer 'CURLcode result' for curl result codes
-- OS400: new SSL backend GSKit
+- cyassl: Prefer 'CURLcode result' for curl result codes
-- OS400: add slist and certinfo EBCDIC support
+- tool_xattr: Use 'CURLcode result' for curl result codes
-- config-os400.h: enable system strdup(), strcmpi(), etc.
+- curl_ntlm_core.c: Fixed compilation warnings
+
+ curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
+ 'CryptImportKey' differ in signedness
+ curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
+ incompatible pointer type
+ curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
+ from incompatible pointer type
-- x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extract
- Use from qssl backend
+- RELEASE-NOTES: Synced with 8830df8b66
-- ssluse.c,sslgen.c,sslgen.h: move certinfo support to generic SSL
+- gtls: Use preferred 'CURLcode result'
-- Merge branch 'master' of github.com:bagder/curl
+- openldap: Use standard naming for setup connection function
- Merge for resync
+ Renamed ldap_setup() to ldap_setup_connection() to follow more widely
+ used function naming.
-- slist.c, slist.h, cookie.c: new internal procedure Curl_slist_append_nodup()
-
-Yang Tse (15 Jul 2013)
-- sslgen.c: fix Curl_rand() compiler warning
+- rtmp: Use standard naming for setup connection function
- Use simple seeding method upon RANDOM_FILE seeding method failure.
-
-- sslgen.c: fix unreleased Curl_rand() infinite recursion
+ Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
+ used function naming.
-Daniel Stenberg (14 Jul 2013)
-- [Dave Reisner brought this change]
-
- src/tool: allow timeouts to accept decimal values
-
- Implement wrappers around strtod to convert the user argument to a
- double with sane error checking. Use this to allow --max-time and
- --connect-timeout to accept decimal values instead of strictly integers.
+- smb: Use standard naming for setup connection function
- The manpage is updated to make mention of this feature and,
- additionally, forewarn that the actual timeout of the operation can
- vary in its precision (particularly as the value increases in its
- decimal precision).
-
-- [Dave Reisner brought this change]
+ Renamed smb_setup() to smb_setup_connection() to follow more widely
+ used function naming.
- curl.1: fix long line, found by checksrc.pl
+- config-win32.h: Fixed line length > 79 columns
-- [Dave Reisner brought this change]
+- openssl: Prefer we don't use NULL in comparisons
- src/tool_paramhlp: try harder to catch negatives
+- build: Removed WIN32 definition from the Visual Studio projects
- strto* functions happily chomp off leading whitespace, so simply
- checking for str[0] can lead to false negatives. Do the full parse and
- check the out value instead.
-
-- [John E. Malmberg brought this change]
+ As this pre-processor definition is defined in curl_setup.h there is no
+ need to include it in the Visual Studio project files.
- build_vms.com: detect and use zlib shared image
+- build: Removed WIN64 definition from the libcurl Visual Studio projects
- Update the build_vms.com to detect and use zlib shared image installed
- by the ZLIB kit produced by Jean-Francois Pieronne, and the also the
- future ZLIB 1.2.8 kit in addition to the older ZLIB kits.
+ Removed the WIN64 pre-processor definition from the libcurl project
+ files as:
- Also fix the indentation to match one of the common standards used for
- VMS DCL command files and removed the hard tab characters.
+ * WIN64 is not used in our source code
+ * The curl projects files don't define it
+ * It isn't required by or used in the platform SDK
+ * For backwards compatability curl_setup.h defines WIN32
+ * The compiler automatically defines _WIN64 for x64 builds
- Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX.
-
-Yang Tse (14 Jul 2013)
-- url.c: fix parse_url_login() OOM handling
-
-- http_digest.c: SIGSEGV and OOM handling fixes
-
-- url.c: fix parse_login_details() OOM handling
-
-- [John E. Malmberg brought this change]
-
- setup-vms.h: sk_pop symbol tweak
+ Historically Visual Studio projects have defined WIN32, in addition to
+ the compiler defined _WIN32 definition, and I had incorrectly changed
+ that to WIN64 for the x64 libcurl builds but not in the curl projects.
- Newer versions of curl are referencing a sk_pop symbol while the HP
- OpenSSL library has the symbol in uppercase only.
-
-- getinfo.c: fix enumerated type mixed with another type
-
-- test 1511: fix enumerated type mixed with another type
-
-- url.c: fix SIGSEGV
-
-- dotdot.c: fix global declaration shadowing
-
-- easy.c: fix global declaration shadowing
-
-Kamil Dudka (9 Jul 2013)
-- Revert "curl.1: document the --time-cond option in the man page"
+ As such, it is questionable whether this should be defined or not. For
+ more information see the following cache of a discussion that took
+ place on the microsoft.public.vc.mfc newsgroup:
- This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because
- the documentation of --time-cond was duplicated by mistake.
-
- Reported by: Dave Reisner
-
-- curl.1: document the --sasl-ir option in the man page
-
-- curl.1: document the --post303 option in the man page
+ http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html
-- curl.1: document the --time-cond option in the man page
-
-Yang Tse (9 Jul 2013)
-- configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE)
+- openssl.c Fix for compilation errors with older versions of OpenSSL
+
+ openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
+ openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
-- xc-am-iface.m4: provide XC_AUTOMAKE macro
+Daniel Stenberg (22 Dec 2014)
+- [John Malmberg brought this change]
-Guenter Knauf (8 Jul 2013)
-- Added winssl-zlib target to VC builds.
+ Fix comment edit in vms/backup_gnv_curl_src.com
+
+ packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.
-- Synced Makefile.vc6 with recent changes.
+- curl: show size of inhibited data when using -v
- Issue posted to the list by malinowsky AT FTW DOT at.
+ To offer some more info and yet it doesn't use more lines.
-- Added libmetalink URL; added Android versions.
+- openssl: fix SSL/TLS versions in verbose output
-Dan Fandrich (3 Jul 2013)
-- examples: Moved usercertinmem.c to COMPLICATED_EXAMPLES
-
- This prevents it from being built during a "make check" since it
- depends on OpenSSL.
+- openssl: make it compile against openssl 1.1.0-DEV master branch
-Nick Zitzmann (2 Jul 2013)
-- Merge branch 'master' of https://github.com/bagder/curl
+Marc Hoersken (22 Dec 2014)
+- sshserver.pl: clarify and streamline variable names
-- darwinssl: SSLv2 connections are aborted if unsupported by the OS
+Daniel Stenberg (21 Dec 2014)
+- openssl: warn for SRP set if SSLv3 is used, not for TLS version
- I just noticed that OS X no longer supports SSLv2. Other TLS engines return
- an error if the requested protocol isn't supported by the underlying
- engine, so we do that now for SSLv2 if the framework returns an error
- when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is
- only enabled in curl when starting the app with the -2 argument; it's off
- by default. SSLv2 is really old and insecure.)
-
-Marc Hoersken (1 Jul 2013)
-- lib506.c: Fixed possible use of uninitialized variables
+ ... as it requires TLS and it was was left to warn on the default from
+ when default was SSL...
-Kamil Dudka (30 Jun 2013)
-- url: restore the functionality of 'curl -u :'
+- smb: use memcpy() instead of strncpy()
- This commit fixes a regression introduced in
- fddb7b44a79d78e05043e1c97e069308b6b85f79.
+ ... as it never copies the trailing zero anyway and always just the four
+ bytes so let's not mislead anyone into thinking it is actually treated
+ as a string.
- Reported by: Markus Moeller
- Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html
+ Coverity CID: 1260214
-Daniel Stenberg (25 Jun 2013)
-- digest: append the timer to the random for the nonce
+- [John E. Malmberg brought this change]
-- digest: improve nonce generation
+ VMS: Updates for 0740-0D1220
- Use the new improved Curl_rand() to generate better random nonce for
- Digest auth.
-
-- curl.1: fix typo in --xattr description
+ lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
+ More defines to set symbols to uppercase.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1252
- Reported-by: Jean-Noël Rouvignac
-
-- RELEASE-NOTES: synced with 365c5ba39591
-
- The 10 first bug fixes for the pending release...
-
-- formpost: better random boundaries
+ src/tool_main.c : Fix parameter to vms_special_exit() call.
- When doing multi-part formposts, libcurl used a pseudo-random value that
- was seeded with time(). This turns out to be bad for users who formpost
- data that is provided with users who then can guess how the boundary
- string will look like and then they can forge a different formpost part
- and trick the receiver.
+ packages/vms/ :
+ backup_gnv_curl_src.com : Fix the error message to have the correct package.
- My advice to such implementors is (still even after this change) to not
- rely on the boundary strings being cryptographically strong. Fix your
- code and logic to not depend on them that much!
+ build_curl-config_script.com : Rewrite to be more accurate.
- I moved the Curl_rand() function into the sslgen.c source file now to be
- able to take advantage of the SSL library's random function if it
- provides one. If not, try to use the RANDOM_FILE for seeding and as a
- last resort keep the old logic, just modified to also add microseconds
- which makes it harder to properly guess the exact seed.
+ build_libcurl_pc.com : Use tool_version.h now.
- The formboundary() function in formdata.c is now using 64 bit entropy
- for the boundary and therefore the string of dashes was reduced by 4
- letters and there are 16 hex digits following it. The total length is
- thus still the same.
+ build_vms.com : Fix to handle lib/vtls directory.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1251
- Reported-by: "Floris"
-
-- printf: make sure %x are treated unsigned
+ curl_gnv_build_steps.txt : Updated build procedure documentation.
- When using %x, the number must be treated as unsigned as otherwise it
- would get sign-extended on for example 64bit machines and do wrong
- output. This problem showed when doing printf("%08x", 0xffeeddcc) on a
- 64bit host.
-
-- tests: add test1395 to the tarball
-
-- SIGPIPE: don't use 'data' in sigpipe restore
+ generate_config_vms_h_curl.com :
+ * VAX does not support 64 bit ints, so no NTLM support for now.
+ * VAX HP SSL port is ancient, needs some help.
+ * Disable NGHTTP2 for now, not ported to VMS.
+ * Disable UNIX_SOCKETS, not available on VMS yet.
+ * HP GSSAPI port does not have gss_nt_service_name.
- Follow-up fix from 7d80ed64e43515.
+ gnv_link_curl.com : Update for new curl structure.
- The SessionHandle may not be around to use when we restore the sigpipe
- sighandler so we store the no_signal boolean in the local struct to know
- if/how to restore.
+ pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
-- TODO: 1.8 Modified buffer size approach
+Marc Hoersken (21 Dec 2014)
+- sockfilt.c: use non-Ex functions that are available before WinXP
- Thoughts around buffer sizes and what might be possible to do...
+ It was initially reported by Guenter that GetFileSizeEx
+ requires (_WIN32_WINNT >= 0x0500) to be true.
-- c-ares: improve error message on failed resolve
+- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
- When the c-ares based resolver backend failed to resolve a name, it
- tried to show the name that failed from existing structs. This caused
- the wrong output and shown hostname when for example --interface
- [hostname] was used and that name resolving failed.
+ Second patch to enable Windows support using Cygwin-based OpenSSH.
- Now we use the hostname used in the actual resolve attempt in the error
- message as well.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1191
- Reported-by: Kim Vandry
+ Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.
-- ossl_recv: check for an OpenSSL error, don't assume
-
- When we recently started to treat a zero return code from SSL_read() as
- an error we also got false positives - which primarily looks to be
- because the OpenSSL documentation is wrong and a zero return code is not
- at all an error case in many situations.
+- tests: support spaces in paths to SSH, SSHD and SFTP binaries
- Now ossl_recv() will check with ERR_get_error() to see if there is a
- stored error and only then consider it to be a true error if SSL_read()
- returned zero.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1249
- Reported-by: Nach M. S.
- Patch-by: Nach M. S.
-
-Nick Zitzmann (22 Jun 2013)
-- Merge branch 'master' of https://github.com/bagder/curl
+ First patch to enable Windows support using Cygwin-based OpenSSH.
-- darwinssl: fix crash that started happening in Lion
+Steve Holme (20 Dec 2014)
+- non-ascii: Reduce variable usage
- Something (a recent security update maybe?) changed in Lion, and now it
- has changed SSLCopyPeerTrust such that it may return noErr but also give
- us a null trust, which caught us off guard and caused an eventual crash.
+ Removed 'next' variable in Curl_convert_form(). Rather than setting it
+ from 'form->next' and using that to set 'form' after the conversion
+ just use 'form = form->next' instead.
-Daniel Stenberg (22 Jun 2013)
-- SIGPIPE: ignored while inside the library
-
- ... and restore the ordinary handling again when it returns. This is
- done for curl_easy_perform() and curl_easy_cleanup() only for now - and
- only when built to use OpenSSL as backend as this is the known culprit
- for the spurious SIGPIPEs people have received.
+- non-ascii: Prefer while loop rather than a do loop
- Bug: http://curl.haxx.se/bug/view.cgi?id=1180
- Reported by: Lluís Batlle i Rossell
+ This also removes the need to check that the 'form' argument is valid.
-- KNOWN_BUGS: #83 unable to load non-default openssl engines
-
-- test1396: invoke the correct test tool!
+- non-ascii: Reduce variable scope
- This erroneously run unit test 1310 instead of 1396!
+ As 'result' isn't used out side the conversion callback code and
+ previously caused variable shadowing in the libiconv based code.
-Kamil Dudka (22 Jun 2013)
-- test1230: avoid using hard-wired port number
+- non-ascii: We prefer 'CURLcode result'
- ... to prevent failure when a non-default -b option is given
-
-- curl-config.in: replace tabs by spaces
+ This also fixes a variable shadowing issue when HAVE_ICONV is defined
+ as rc was declared for the result code of libiconv based functions.
-Nick Zitzmann (22 Jun 2013)
-- darwinssl: reform OS-specific #defines
+Marc Hoersken (19 Dec 2014)
+- secureserver.pl: clean up formatting of config and fix verbose output
- This doesn't need to be in the release notes. I cleaned up a lot of the #if
- lines in the code to use MAC_OS_X_VERSION_MIN_REQUIRED and
- MAC_OS_X_VERSION_MAX_ALLOWED instead of checking for whether things like
- __MAC_10_6 or whatever were defined, because for some SDKs Apple has released
- they were defined out of place.
+ Verbose output was not matching the actual configuration file,
+ because FIPS and Windows conditions were ignored.
-Daniel Stenberg (22 Jun 2013)
-- [Alessandro Ghedini brought this change]
-
- docs: fix typo in curl_easy_getinfo manpage
+- secureserver.pl: update Windows detection and fix path conversion
-- dotdot: introducing dot file path cleanup
-
- RFC3986 details how a path part passed in as part of a URI should be
- "cleaned" from dot sequences before getting used. The described
- algorithm is now implemented in lib/dotdot.c with the accompanied test
- case in test 1395.
+- secureserver.pl: make OpenSSL CApath and cert absolute path values
- Bug: http://curl.haxx.se/bug/view.cgi?id=1200
- Reported-by: Alex Vinnik
+ Recent stunnel versions (5.08) seem to have trouble with relative
+ paths on Windows. This turns the relative paths into absolute ones.
-- bump: start working towards what most likely will become 7.32.0
+Patrick Monnerat (18 Dec 2014)
+- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.
-- THANKS: added 24 new contributors from the 7.31.0 release
+- [Kyle J. McKay brought this change]
-Version 7.31.0 (22 Jun 2013)
+ parseurlandfillconn(): fix improper non-numeric scope_id stripping.
+ Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
-Daniel Stenberg (22 Jun 2013)
-- RELEASE-NOTES: synced with 0de7249bb39a2 - 7.31.0
+- IPV6: address scope != scope id
+ There was a confusion between these: this commit tries to disambiguate them.
+ - Scope can be computed from the address itself.
+ - Scope id is scope dependent: it is currently defined as 1-based local
+ interface index for link-local scoped addresses, and as a site index(?) for
+ (obsolete) site-local addresses. Linux only supports it for link-local
+ addresses.
+ The URL parser properly parses a scope id as an interface index, but stores it
+ in a field named "scope": confusion. The field has been renamed into "scope_id".
+ Curl_if2ip() used the scope id as it was a scope. This caused failures
+ to bind to an interface.
+ Scope is now computed from the addresses and Curl_if2ip() matches them.
+ If redundantly specified in the URL, scope id is check for mismatch with
+ the interface index.
+
+ This commit should fix SF bug #1451.
-- unit1396: unit tests to verify curl_easy_(un)escape
+- connect: singleipconnect(): properly try other address families after failure
-- Curl_urldecode: no peeking beyond end of input buffer
-
- Security problem: CVE-2013-2174
+Daniel Stenberg (16 Dec 2014)
+- SFTP: work-around servers that return zero size on STAT
- If a program would give a string like "%FF" to curl_easy_unescape() but
- ask for it to decode only the first byte, it would still parse and
- decode the full hex sequence. The function then not only read beyond the
- allowed buffer but it would also deduct the *unsigned* counter variable
- for how many more bytes there's left to read in the buffer by two,
- making the counter wrap. Continuing this, the function would go on
- reading beyond the buffer and soon writing beyond the allocated target
- buffer...
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
+ Pathed-by: Marc Renault
+
+- glob_next_url: make the loop count upwards
- Bug: http://curl.haxx.se/docs/adv_20130622.html
- Reported-by: Timo Sirainen
+ As the former contruct apparently caused a compiler warning, mentioned
+ in d8efde07e556c.
-Guenter Knauf (20 Jun 2013)
-- Use opened body.out file and write content to it.
+- tool_operate: we prefer 'CURLcode result'
-Daniel Stenberg (20 Jun 2013)
-- multi_socket: react on socket close immediately
+- tool_urlglob: unify return codes to use CURLcode
- As a remedy to the problem when a socket gets closed and a new one is
- opened with the same file descriptor number and as a result
- multi.c:singlesocket() doesn't detect the difference, the new function
- Curl_multi_closed() gets told when a socket is closed so that it can be
- removed from the socket hash. When the old one has been removed, a new
- socket should be detected fine by the singlesocket() on next invoke.
+ There was a mix of GlobCode, CURLcode and ints and they were mostly
+ passing around CURLcode errors. This change makes the functions use only
+ CURLcode and removes the GlobCode type completely.
+
+- tool_urlglob.c: partly reverse dc19789444
- Bug: http://curl.haxx.se/bug/view.cgi?id=1248
- Reported-by: Erik Johansson
+ The loop in glob_next_url() needs to be done backwards to maintain the
+ logic. dc19789444 caused test 1235 to fail.
-- RELEASE-NOTES: synced with e305f5ec715f
+- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME
-- TODO: mention the DANE patch from March
+- [Jay Satiro brought this change]
-- CURLOPT_COOKIELIST: take cookie share lock
+ opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
- When performing COOKIELIST operations the cookie lock needs to be taken
- for the cases where the cookies are shared among multiple handles!
+ Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
+ CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
+ that will be used.
- Verified by Benjamin Gilbert's updated test 506
+ Prior to this change that behavior was only noted in the
+ CURLOPT_TIMEOUT_MS doc.
+
+Nick Zitzmann (15 Dec 2014)
+- darwinssl: fix incorrect usage of aprintf()
- Bug: http://curl.haxx.se/bug/view.cgi?id=1215
- Reported-by: Benjamin Gilbert
+ Commit b13923f changed an snprintf() to use aprintf(), but the API usage
+ wasn't correct, and was causing a crash to occur. This fixes it.
-- [Benjamin Gilbert brought this change]
+Steve Holme (14 Dec 2014)
+- copyright: Updated the copyright year following recent updates
- test506: verify that CURLOPT_COOKIELIST takes share lock
+Daniel Stenberg (14 Dec 2014)
+- tool_urlglob.c: reverse two loops
- It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
+ By counting from 0 and up instead of backwards like before, we remove
+ the need for the "funny" check of the unsigned variable when decreased
+ passed zero. Easier to read and less risk for compiler warnings.
-- TODO: HTTP2/SPDY support
+Marc Hoersken (14 Dec 2014)
+- tool_urlglob.c: Added braces to clarify the conditions
-- curl_easy_setopt.3: clarify CURLOPT_PROGRESSFUNCTION frequency
+- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
- Make it clearer that the CURLOPT_PROGRESSFUNCTION callback will be
- called more frequently than once per second when things are happening.
+ The >= 0 is actually not required, since i underflows and
+ the for-loop is stopped using the < condition, but this
+ makes the VS2012 compiler and code analysis happy.
-- RELEASE-NOTES: synced with 9c3e098259b82
+- tool_binmode.c: Explicitly ignore the return code of setmode
- Mention 7 recent bug fixes and their associated contributors
+ Fixes code analysis warning C6031:
+ return value ignored: <function> could return unexpected value
-- curl_multi_wait.3: clarify the numfds counter
-
-- curl_easy_perform: avoid busy-looping
+- lib: Fixed multiple code analysis warnings if SAL are available
- When curl_multi_wait() finds no file descriptor to wait for, it returns
- instantly and this must be handled gracefully within curl_easy_perform()
- or cause a busy-loop. Starting now, repeated fast returns without any
- file descriptors is detected and a gradually increasing sleep will be
- used (up to a max of 1000 milliseconds) before continuing the loop.
+ warning C28252: Inconsistent annotation for function:
+ parameter has another annotation on this instance
+
+Steve Holme (14 Dec 2014)
+- smb.c: Fixed code analysis warning
- Bug: http://curl.haxx.se/bug/view.cgi?id=1238
- Reported-by: Miguel Angel
+ smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
+ then cast to 64-bit value. Result may not be an expected
+ value
-- [YAMADA Yasuharu brought this change]
+Marc Hoersken (14 Dec 2014)
+- tool_util.c: Use GetTickCount64 if it is available
- cookies: follow-up fix for path checking
+Steve Holme (14 Dec 2014)
+- smb: Use HAVE_PROCESS_H for process.h inclusion
- The initial fix to only compare full path names were done in commit
- 04f52e9b4db0 but found out to be incomplete. This takes should make the
- change more complete and there's now two additional tests to verify
- (test 31 and 62).
+ Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
+ pre-processor define when including process.h.
-- [Sergei Nikulov brought this change]
-
- lib1900: use tutil_tvnow instead of gettimeofday
+Daniel Stenberg (14 Dec 2014)
+- darwinssl: aprintf() to allocate the session key
- Makes it build on windows
+ ... to avoid using a fixed memory size that risks being too large or too
+ small.
-- [Eric Hu brought this change]
+Marc Hoersken (14 Dec 2014)
+- curl_schannel: Improvements to memory re-allocation strategy
+
+ - do not grow memory by doubling its size
+ - do not leak previously allocated memory if reallocation fails
+ - replace while-loop with a single check to make sure
+ that the requested amount of data fits into the buffer
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1450
+ Reported-by: Warren Menzer
- axtls: now done non-blocking
+Steve Holme (14 Dec 2014)
+- asyn-ares: We prefer use of 'CURLcode result'
-- [Eric Hu brought this change]
+Marc Hoersken (14 Dec 2014)
+- curl_schannel.c: Data may be available before connection shutdown
- test2033: requires NTLM support
+Steve Holme (14 Dec 2014)
+- http2: Use 'CURLcode result' for curl result codes
-- KNOWN_BUGS: #82 failed build with Borland compiler
+- asyn-thread: We prefer 'CURLcode result'
-- Curl_output_digest: support auth-int for empty entity body
+- smb: Fixed unnecessary initialisation of struct member variables
- By always returning the md5 for an empty body when auth-int is asked
- for, libcurl now at least sometimes does the right thing.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1235
- Patched-by: Nach M. S.
+ There is no need to set the 'state' and 'result' member variables to
+ SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
+ as calloc() initialises the contents to zero.
-- multi_socket: reduce timeout inaccuracy margin
-
- Allow less room for "triggered too early" mistakes by applications /
- timers on non-windows platforms. Starting now, we assume that a timeout
- call is never made earlier than 3 milliseconds before the actual
- timeout. This greatly improves timeout accuracy on Linux.
+- ntlm: Fixed return code for bad type-2 Target Info
- Bug: http://curl.haxx.se/bug/view.cgi?id=1228
- Reported-by: Hang Su
+ Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
+ buffers just like we do for bad decodes.
-- cert_stuff: avoid double free in the PKCS12 code
+- ntlm: Remove unnecessary casts in readshort_le()
- In the pkcs12 code, we get a list of x509 records returned from
- PKCS12_parse but when iterating over the list and passing each to
- SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from
- the "stack", which made them get freed twice (both in sk_X509_pop_free()
- and then later in SSL_CTX_free).
-
- This isn't really documented anywhere...
+ I don't think both of my fix ups from yesterday were needed to fix the
+ compilation warning, so remove the one that I think is unnecessary and
+ let the next Android autobuild prove/disprove it.
+
+- curl_ntlm_msgs.c: Another attempt to fix compilation warning
- Bug: http://curl.haxx.se/bug/view.cgi?id=1236
- Reported-by: Nikaiw
+ curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
+ 'int' may alter its value
-- cert_stuff: remove code duplication in the pkcs12 logic
+Guenter Knauf (13 Dec 2014)
+- synctime.c: added own user-agent string.
-- [Aleksey Tulinov brought this change]
+Steve Holme (13 Dec 2014)
+- smb.c: Fixed line longer than 79 columns
- axtls: honor disabled VERIFYHOST
+- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
- When VERIFYHOST == 0, libcurl should let invalid certificates to pass.
+ curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
+ 'int' may alter its value
-- [Peter Gal brought this change]
+Guenter Knauf (13 Dec 2014)
+- mk-ca-bundle.pl: restored forced run again.
- curl_easy_setopt.3: HTTP header with no content
+- synctime.c: removed another timeserver URL.
- Update the documentation on how to specify a HTTP header with no
- content.
+ worldtimeserver.com seems also no longer available.
-- RELEASE-NOTES: synced with 87cf677eca55
+- synctime.c: fixed timeserver URLs.
- Added 11 bugs and 7 contributors
+ For getting the date header its not necessary to access special
+ pages or even CGI scripts - all pages including the main index
+ reply with the date header, therefore shortened URLs to domain.
+ Removed worldtime.com; added pool.ntp.org.
-- lib1500: remove bad check
-
- After curl_multi_wait() returns, this test checked that we got exactly
- one file descriptor told to read from, but we cannot be sure that is
- true. curl_multi_wait() will sometimes return earlier without any file
- descriptor to handle, just just because it is a suitable time to call
- *perform().
+Steve Holme (13 Dec 2014)
+- ftp.c: Fixed compilation warning when no verbose string support
- This problem showed up with commit 29bf0598.
-
- Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html
- Reported-by: Fabian Keil
+ ftp.c:819: warning: unused parameter 'lineno'
-- tests/Makefile: typo in the perlcheck target
+- smb: Added state change functions to assist with debugging
- Bug: http://curl.haxx.se/bug/view.cgi?id=1239
- Reported-by: Christian Weisgerber
+ For debugging purposes, and as per other protocols within curl, added
+ state change functions rather than changing the states directly.
-- test1230: verify CONNECT to a numerical ipv6-address
+- ntlm: Use short integer when decoding 16-bit values
-- sws: support extracting test number from CONNECT ipv6-address!
-
- If an ipv6-address is provided to CONNECT, the last hexadecimal group in
- the address will be used as the test number! For example the address
- "[1234::ff]" would be treated as test case 255.
+- RELEASE-NOTES: Synced with 6291a16b20
-- curl_multi_wait: only use internal timer if not -1
+- smtp.c: Fixed compilation warnings
- commit 29bf0598aad5 introduced a problem when the "internal" timeout is
- prefered to the given if shorter, as it didn't consider the case where
- -1 was returned. Now the internal timeout is only considered if not -1.
+ smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
+ smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
+ smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
- Reported-by: Tor Arntsen
- Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html
+ Used array index notation instead.
-Dan Fandrich (3 Jun 2013)
-- libcurl-tutorial.3: added a section on IPv6
+- smb: Disable SMB when 64-bit integers are not supported
- Also added a (correctly-escaped) backslash to the autoexec.bat
- example file and a new Windows character device name with
- a colon as examples of other characters that are special
- and potentially dangerous (this reverts and reworks commit
- 7d8d2a54).
+ This fixes compilation issues with compilers that don't support 64-bit
+ integers through long long or __int64.
-Daniel Stenberg (3 Jun 2013)
-- curl_multi_wait: reduce timeout if the multi handle wants to
-
- If the multi handle's pending timeout is less than what is passed into
- this function, it will now opt to use the shorter time anyway since it
- is a very good hint that the handle wants to process something in a
- shorter time than what otherwise would happen.
-
- curl_multi_wait.3 was updated accordingly to clarify
-
- This is the reason for bug #1224
+- ntlm: Disable NTLM v2 when 64-bit integers are not supported
- Bug: http://curl.haxx.se/bug/view.cgi?id=1224
- Reported-by: Andrii Moiseiev
+ This fixes compilation issues with compilers that don't support 64-bit
+ integers through long long or __int64 which was introduced in commit
+ 07b66cbfa4.
-- multi_runsingle: switch an if() condition for readability
+- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
- ... because there's an identical check right next to it so using the
- operators in the check in the same order increases readability.
+ Previously USE_NTLM2SESSION would only be defined automatically when
+ USE_NTRESPONSES wasn't already defined. Separated the two definitions
+ so that the user can manually set USE_NTRESPONSES themselves but
+ USE_NTLM2SESSION is defined automatically if they don't define it.
-Marc Hoersken (2 Jun 2013)
-- curl_schannel.c: Removed variable unused since 35874298e4
+- smtp.c: Fixed line longer than 79 columns
-- curl_setup.h: Fixed redefinition warning using mingw-w64
-
-Daniel Stenberg (30 May 2013)
-- multi_runsingle: add braces to clarify the code
-
-- libcurl-tutorial.3: remove incorrect backslash
-
- A single backslash in the content is not legal nroff syntax.
+- config-win32.h: Don't enable Windows Crypt API if using OpenSSL
- Reported and fixed by: Eric S. Raymond
- Bug: http://curl.haxx.se/bug/view.cgi?id=1234
+ As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
+ routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
+ automatically when either OpenSSL or NSS are in use - doing so would
+ disable NTLM2Session responses in NTLM type-3 messages.
-- curl_formadd.3: fixed wrong "end-marker" syntax
+- smtp: Fixed inappropriate free of the scratch buffer
- Reported and fixed by: Eric S. Raymond
- Bug: http://curl.haxx.se/bug/view.cgi?id=1233
-
-- curl.1: clarify that --silent still outputs data
-
-- Digest auth: escape user names with \ or " in them
+ If the scratch buffer was allocated in a previous call to
+ Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
+ call and no action taken by that call, then an attempt would be made to
+ try and free the buffer which, by now, would be part of the data->state
+ structure.
- When sending the HTTP Authorization: header for digest, the user name
- needs to be escaped if it contains a double-quote or backslash.
+ This bug was introduced in commit 4bd860a001.
+
+- smtp: Fixed dot stuffing when EOL characters were at end of input buffers
- Test 1229 was added to verify
+ Fixed a problem with the CRLF. detection when multiple buffers were
+ used to upload an email to libcurl and the line ending character(s)
+ appeared at the end of each buffer. This meant any lines which started
+ with . would not be escaped into .. and could be interpreted as the end
+ of transmission string instead.
- Reported and fixed by: Nach M. S
- Bug: http://curl.haxx.se/bug/view.cgi?id=1230
-
-- [Mike Giancola brought this change]
-
- ossl_recv: SSL_read() returning 0 is an error too
+ This only affected libcurl based applications that used a read function
+ and wasn't reproducible with the curl command-line tool.
- SSL_read can return 0 for "not successful", according to the open SSL
- documentation: http://www.openssl.org/docs/ssl/SSL_read.html
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1456
+ Assisted-by: Patrick Monnerat
-- [Mike Giancola brought this change]
+Daniel Stenberg (11 Dec 2014)
+- telnet: fix "cast increases required alignment of target type"
- ossl_send: SSL_write() returning 0 is an error too
+- ntlm_wb_response: fix "statement not reached"
- We found that in specific cases if the connection is abruptly closed,
- the underlying socket is listed in a close_wait state. We continue to
- call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs
- report the socket closed / connection finished. Since we have cases
- where the multi connection is only used once, this can pose a problem
- for us. I've read that if another connection was to come in, curl would
- see the socket as bad and attempt to close it at that time -
- unfortunately, this does not work for us.
+ ... and I could use a break instead of a goto to end the loop.
- I found that in specific situations, if SSL_write returns 0, curl did
- not recognize the socket as closed (or errored out) and did not report
- it to the application. I believe we need to change the code slightly, to
- check if ssl_write returns 0. If so, treat it as an error - the same as
- a negative return code.
-
- For OpenSSL - the ssl_write documentation is here:
- http://www.openssl.org/docs/ssl/SSL_write.html
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
+ Reported-by: Tor Arntsen
-- KNOWN_BUGS: curl -OJC- fails to resume
+Steve Holme (10 Dec 2014)
+- RELEASE-NOTES: Synced with 1cc5194337
- Bug: http://curl.haxx.se/bug/view.cgi?id=1169
+ Added some bug fixes that I had missed in previous synchronisations.
-- Curl_cookie_add: handle IPv6 hosts
+Daniel Stenberg (10 Dec 2014)
+- Curl_unix2addr: avoid using the variable name 'sun'
- 1 - don't skip host names with a colon in them in an attempt to bail out
- on HTTP headers in the cookie file parser. It was only a shortcut anyway
- and trying to parse a file with HTTP headers will still be handled, only
- slightly slower.
+ I suspect this causes compile failures on Solaris:
- 2 - don't skip domain names based on number of dots. The original
- netscape cookie spec had this oddity mentioned and while our code
- decreased the check to only check for two, the existing cookie spec has
- no such dot counting required.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1221
- Reported-by: Stefan Neis
-
-- curl_easy_setopt.3: expand the PROGRESSFUNCTION section
-
- Explain the callback and its arguments better and with more descriptive
- text.
-
-- tests: add test1394 file to the tarball
-
-- tarball: include the xmlstream example
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
-- [David Strauss brought this change]
-
- xmlstream: XML stream parsing example source code
+Steve Holme (10 Dec 2014)
+- url.c: Fixed compilation warning when USE_NTLM is not defined
- Add an XML stream parsing example using Expat. Add missing ignore for
- the binary from an unrelated example.
-
-- [YAMADA Yasuharu brought this change]
+ url.c:3078: warning: variable 'credentialsMatch' set but not used
- cookies: only consider full path matches
-
- I found a bug which cURL sends cookies to the path not to aim at.
- For example:
- - cURL sends a request to http://example.fake/hoge/
- - server returns cookie which with path=/hoge;
- the point is there is NOT the '/' end of path string.
- - cURL sends a request to http://example.fake/hogege/ with the cookie.
+- parsedate.c: Fixed compilation warning
- The reason for this old "feature" is because that behavior is what is
- described in the original netscape cookie spec:
- http://curl.haxx.se/rfc/cookie_spec.html
+ parsedate.c:548: warning: 'parsed' may be used uninitialized in this
+ function
- The current cookie spec (RFC6265) clarifies the situation:
- http://tools.ietf.org/html/rfc6265#section-5.2.4
-
-- [Eric Hu brought this change]
-
- axtls: prevent memleaks on SSL handshake failures
+ As curl_getdate() returns -1 when parsedate() fails we can initialise
+ parsed to -1.
-- Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"
+Daniel Stenberg (10 Dec 2014)
+- TODO: Cache negative name resolves
- This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab.
-
- We don't have any code anywhere in libcurl (or the curl tool) that use
- wcsdup so there's no such memory use to track. It seems to cause mild
- problems with the Borland compiler though that we may avoid by reverting
- this change again.
-
- Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
-
-- RELEASE-NOTES: synced with ae26ee3489588f0
+ Worth exploring
-Guenter Knauf (11 May 2013)
-- Updated zlib version in build files.
-
-Daniel Stenberg (9 May 2013)
-- [Renaud Guillard brought this change]
+- ldap: check Curl_client_write() return codes
+
+ There might be one or two memory leaks left in the error paths.
- OS X framework: fix invalid symbolic link
+- ldap: rename variables to comply to curl standards
-Kamil Dudka (9 May 2013)
-- [Daniel Stenberg brought this change]
+Dan Fandrich (10 Dec 2014)
+- sws.c: Fixed 'rc' may be used uninitialized warning
- nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
+- cookies: Improved OOM handling in cookies
- Reported by: David Strauss
- Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
+ This fixes the test 506 torture test. The internal cookie API really
+ ought to be improved to separate cookie parsing errors (which may be
+ ignored) with OOM errors (which should be fatal).
-Daniel Stenberg (8 May 2013)
-- libtest: gitignore more binary files
-
-- servercert: allow empty subject
+Guenter Knauf (9 Dec 2014)
+- synctime.c: fixed user-agent setting.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1220
- Patch by: John Gardiner Myers
-
-- [Steve Holme brought this change]
-
- tests: Added new SMTP tests to verify commit 99b40451836d
+ Some websites meanwhile refuse to reply to requests from ancient
+ browsers like IE6, therefore I've comment out this setting, but
+ also fixed the string to now fake IE8 if someone enables it.
-- runtests.pl: support nonewline="yes" in client/stdin sections
+Daniel Stenberg (9 Dec 2014)
+- smb: fix unused return code warning
-- build: fixed unit1394 for debug and metlink builds
+Patrick Monnerat (9 Dec 2014)
+- Curl_client_write() & al.: chop long data, convert data only once.
-Kamil Dudka (6 May 2013)
-- unit1394.c: plug the curl tool unit test in
+Guenter Knauf (9 Dec 2014)
+- VC build: added sspi define for winssl-zlib builds.
-- [Jared Jennings brought this change]
+Daniel Stenberg (9 Dec 2014)
+- schannel_recv: return the correct code
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1462
+ Reported-by: Tae Hyoung Ahn
- unit1394.c: basis of a unit test for parse_cert_parameter()
+- http2: avoid logging neg "failure" if h2 was not requested
-- src/Makefile.am: build static lib for unit tests if enabled
+- openldap: do not ignore Curl_client_write() return codes
-- tool_getparam: ensure string termination in parse_cert_parameter()
+- compile: warn on unused return code from Curl_client_write()
-- tool_getparam: fix memleak in handling the -E option
+Patrick Monnerat (8 Dec 2014)
+- SMB: Fix a data size mismatch that broke SMB on big-endian platforms
-- tool_getparam: describe what parse_cert_parameter() does
+Steve Holme (7 Dec 2014)
+- smb: Fixed Windows autoconf builds following commit eb88d778e7
- ... and de-duplicate the code initializing *passphrase
-
-- curl.1: document escape sequences recognized by -E
+ As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
+ either explicitly through --enable-win32-cypto or automatically on
+ _WIN32 based platforms, subsequent builds broke with the following
+ error message:
+
+ "Can't compile NTLM support without a crypto library."
-- [Jared Jennings brought this change]
+- RELEASE-NOTES: Synced with 526603ff05
- curl -E: allow to escape ':' in cert nickname
+- [Bill Nagel brought this change]
-Marc Hoersken (5 May 2013)
-- curl_schannel.c: Fixed invalid memory access during SSL shutdown
+ smb: Build with SSPI enabled
+
+ Build SMB/CIFS protocol support when SSPI is enabled.
-Steve Holme (4 May 2013)
-- smtp: Fix trailing whitespace warning
+- [Bill Nagel brought this change]
-- smtp: Fix compilation warning
+ ntlm: Use Windows Crypt API
- comparison between signed and unsigned integer expressions
-
-- RELEASE-NOTES: synced with 92ef5f19c801
+ Allow the use of the Windows Crypt API for NTLMv1 functions.
-- smtp: Updated RFC-2821 references to RFC-5321
+Dan Fandrich (7 Dec 2014)
+- cookie.c: Refactored cleanup code to simplify
+
+ Also, fixed the outdated comments on the cookie API.
-- smtp: Fixed sending of double CRLF caused by first in EOB
+- get_url_file_name: Fixed crash on OOM on debug build
- If the mail sent during the transfer contains a terminating <CRLF> then
- we should not send the first <CRLF> of the EOB as specified in RFC-5321.
+ This caused a null-pointer dereference which caused a few dozen
+ torture tests to fail.
+
+Steve Holme (6 Dec 2014)
+- sws.c: Fixed compilation warning
- Additionally don't send the <CRLF> if there is "no mail data" as the
- DATA command already includes it.
+ sws.c:2191 warning: 'rc' may be used uninitialized in this function
-- tests: Corrected MAIL SIZE for CRLF line endings
+- ftp.c: Fixed compilation warnings when proxy support disabled
- ... which was missed in commit: f5c3d9538452
+ ftp.c:1827 warning: unused parameter 'newhost'
+ ftp.c:1827 warning: unused parameter 'newport'
-- tests: Corrected infilesize for CRLF line endings
+- smb: Fixed a problem with large file transfers
- ... which was missed in commit: f5c3d9538452
+ Fixed an issue with the message size calculation where the raw bytes
+ from the buffer were interpreted as signed values rather than unsigned
+ values.
+
+ Reported-by: Gisle Vanem
+ Assisted-by: Bill Nagel
-- tests: Corrected test1406 to be RFC2821 compliant
+- smb: Moved the URL decoding into a separate function
-- tests: Corrected test1320 to be RFC2821 compliant
+- smb: Fixed URL encoded URLs not working
-- tests: Corrected typo in test909
-
- Introduced in commit: 514817669e9e
+- Makefile.inc: Added our standard header and updated file formatting
-- tests: Corrected test909 to be RFC2821 compliant
+- Makefile.inc: Updated file formatting
+
+ Aligned continuation character and used space as the separator
+ character as per other makefile files.
-- tests: Updated test references to 909 from 1411
+- curl_md4.h: Updated copyright year following recent edit
- ...and removed references to libcurl and test1406.
+ ...and minor layout adjustment.
-- tests: Renamed test1411 to test909 as this is a main SMTP test
+Patrick Monnerat (5 Dec 2014)
+- SMB: Fix big endian problems. Make it OS/400 aware.
-Daniel Stenberg (1 May 2013)
-- [Lars Johannesen brought this change]
+- OS400: enable NTLM authentication
- bindlocal: move brace out of #ifdef
-
- The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two
- closing braces when it should only have one, so builds without that
- define would fail.
+Steve Holme (5 Dec 2014)
+- multi.c: Fixed compilation warning
- Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html
+ multi.c:2695: warning: declaration of `exp' shadows a global declaration
-Steve Holme (30 Apr 2013)
-- smtp: Tidy up to move the eob counter to the per-request structure
-
- Move the eob counter from the smtp_conn structure to the SMTP structure
- as it is associated with a SMTP payload on a per-request basis.
+Guenter Knauf (5 Dec 2014)
+- build: updated dependencies in makefiles.
-- TODO: Updated following the addition of CURLOPT_SASL_IR
+Steve Holme (5 Dec 2014)
+- sasl: Corrected formatting of function descriptions
-- smtp: Fixed unknown percentage complete in progress bar
-
- The curl command line utility would display the the completed progress
- bar with a percentage of zero as the progress routines didn't know the
- size of the transfer.
+- sasl_gssapi: Added missing function description
-Daniel Stenberg (29 Apr 2013)
-- ftpserver: silence warnings
+- RELEASE-NOTES: Provided better descriptions
- Fix regressions in commit b56e3d43e5d. Make @data local and filter off
- non-numerical digits from $testno in STATUS_imap.
+ As it is often difficult to choose the best description for a single
+ feature when it spans many commits, updated the descriptions for the
+ recent SMB/CIFS protocol and GSS-API additions.
-Steve Holme (29 Apr 2013)
-- ftpserver.pl: Corrected the imap LOGIN response
-
- ...to be more realistic and consistent with the other imap responses.
+- sasl_sspi: Corrected some typos
-- tests: Added imap STATUS command test
-
-- tests: Corrected the SMTP tests to be RFC2821 compliant
-
- The emails that are sent to the server during these tests were
- incorrectly formatted as they contained one or more LF terminated lines
- rather than being CRLF terminated as per Section 2.3.7 of RFC-2821.
+- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
- This wasn't a problem for the test suite as the <stdin> data matched the
- <upload> data but anyone using these tests as reference would be sending
- incorrect data to a server.
+ Don't use a hard coded size of 4 for the security layer and buffer size
+ in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
+ we have done in the sasl_gssapi module.
-- email: Tidy up of *_perform_authenticate()
+- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
- Removed the hard returns from imap and pop3 by using the same style for
- sending the authentication string as smtp. Moved the "Other mechanisms
- not supported" check in smtp to match that of imap and pop3 to provide
- consistency between the three email protocols.
+ Reduced the amount of free's required for the decoded challenge message
+ in Curl_sasl_create_gssapi_security_message() as a result of coding it
+ differently in the sasl_gssapi module.
-- smtp: Updated limit check to be more readable like the check in pop3
+- gssapi: Corrected typo in comments
-- pop3: Added 255 octet limit check when sending initial response
-
- Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
+- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()
-- DOCS: Corrected line length of recent Secure Transport changes
+Daniel Stenberg (4 Dec 2014)
+- [Stefan Bühler brought this change]
-Nick Zitzmann (27 Apr 2013)
-- darwinssl: add TLS crypto authentication
+ http_perhapsrewind: don't abort CONNECT requests
- Users using the Secure Transport (darwinssl) back-end can now use a
- certificate and private key to authenticate with a site using TLS. Because
- Apple's security system is based around the keychain and does not have any
- non-public function to create a SecIdentityRef data structure from data
- loaded outside of the Keychain, the certificate and private key have to be
- loaded into the Keychain first (using the certtool command line tool or
- the Security framework's C API) before we can find it and use it.
+ ...they never have a body
-Steve Holme (27 Apr 2013)
-- Corrected version numbers after bump
+- [Stefan Bühler brought this change]
-Daniel Stenberg (27 Apr 2013)
-- bump version
+ HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
- Since we're adding new stuff, the next release will bump the minor
- version and we're looking forward to 7.31.0
+ Sending NTLM/Negotiate header again after successful authentication
+ breaks the connection with certain Proxies and request types (POST to MS
+ Forefront).
-Steve Holme (27 Apr 2013)
-- RELEASE-NOTES: synced with f4e6e201b146
+- [Stefan Bühler brought this change]
-- DOCS: Updated following the addition of CURLOPT_SASL_IR
+ HTTP: don't abort connections with pending Negotiate authentication
- Documented the the option in curl_easy_setopt() and added it to
- symbols-in-versions.
+ ... similarly to how NTLM works as Negotiate is in fact often NTLM with
+ another name.
-- tests: Corrected command line arguments in test907 and test908
+- [Stefan Bühler brought this change]
-- tests: Added SMTP AUTH with initial response tests
+ fix gdb libtool invocation path
-- tests: Updated SMTP tests to decouple client initial response
-
- Updated test903 and test904 following the addition of CURLOPT_SASL_IR
- as the default behaviour of SMTP AUTH responses is now to not include
- the initial response. New tests with --sasl-ir support to follow.
+Steve Holme (4 Dec 2014)
+- sasl_gssapi: Fixed missing include from commit d3cca934ee
-- imap: Added support for overriding the SASL initial response
-
- In addition to checking for the SASL-IR capability the user can override
- the sending of the client's initial response in the AUTHENTICATION
- command with the use of CURLOPT_SASL_IR should the server erroneously
- not report SASL-IR when it does support it.
-
-- smtp: Added support for disabling the SASL initial response
-
- Updated the default behaviour of sending the client's initial response in the AUTH
- command to not send it and added support for CURLOPT_SASL_IR to allow the user to
- specify including the response.
-
- Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html
- Reported-by: Gokhan Sengun
+Daniel Stenberg (4 Dec 2014)
+- [Jay Satiro brought this change]
-- pop3: Added support for enabling the SASL initial response
+ examples: remove sony.com from 10-at-a-time
- Allowed the user to specify whether to send the client's intial response
- in the AUTH command via CURLOPT_SASL_IR.
+ Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
+ for the sony website because it ends the connection when the request is
+ missing a user agent.
-- sasl-ir: Added --sasl-ir option to curl command line tool
+Steve Holme (4 Dec 2014)
+- sasl_gssapi: Fixed missing decoding debug failure message
-- sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response
+- sasl_gssapi: Fixed honouring of no mutual authentication
-Daniel Stenberg (26 Apr 2013)
-- curl_easy_init: use less mallocs
-
- By introducing an internal alternative to curl_multi_init() that accepts
- parameters to set the hash sizes, easy handles will now use tiny socket
- and connection hash tables since it will only ever add a single easy
- handle to that multi handle.
-
- This decreased the number mallocs in test 40 (which is a rather simple
- and typical easy interface use case) from 1142 to 138. The maximum
- amount of memory allocated used went down from 118969 to 78805.
+- sasl_sspi: Added more Kerberos V5 decoding debug failure messages
-Steve Holme (26 Apr 2013)
-- ftpserver.pl: Fixed imap logout confirmation data
-
- An IMAP server should response with the BYE continuation response before
- confirming the LOGOUT command was successful.
+Daniel Stenberg (4 Dec 2014)
+- [Anthon Pang brought this change]
-Daniel Stenberg (26 Apr 2013)
-- ftp_state_pasv_resp: connect through proxy also when set by env
-
- When connecting back to an FTP server after having sent PASV/EPSV,
- libcurl sometimes didn't use the proxy properly even though the proxy
- was used for the initial connect.
+ docs: Fix FAILONERROR typos
- The function wrongly checked for the CURLOPT_PROXY variable to be set,
- which made it act wrongly if the proxy information was set with an
- environment variable.
+ It returns error for >= 400 HTTP responses.
- Added test case 711 to verify (based on 707 which uses --socks5). Also
- added test712 to verify another variation of setting the proxy: with
- --proxy socks5://
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1218
- Reported-by: Zekun Ni
+ Bug: https://github.com/bagder/curl/pull/129
-Kamil Dudka (26 Apr 2013)
-- [Zdenek Pavlas brought this change]
+- [Peter Wu brought this change]
- url: initialize speed-check data for file:// protocol
+ tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
- ... in order to prevent an artificial timeout event based on stale
- speed-check data from a previous network transfer. This commit fixes
- a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e.
+ Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
+ option in the file generated by --libcurl.
- Bug: https://bugzilla.redhat.com/906031
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (25 Apr 2013)
-- test709: clarify the test in the name
+- [Peter Wu brought this change]
-- sshserver: disable StrictHostKeyChecking
+ opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
- I couldn't figure out why the host key logic isn't working, but having
- it set to yes prevents my SSH-based test cases to run. I also don't see
- a strong need to use strict host key checking on this test server.
+ Add .nf and .fi such that the code gets wrapped in a pre on the web.
+ Fixed grammar, fixed formatting of the "See also" items.
- So I disabled it.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- runtests: log more commands in verbose mode
-
- ... to aid tracking down failures
+Patrick Monnerat (4 Dec 2014)
+- OS400: enable Unix sockets.
-Steve Holme (25 Apr 2013)
-- TODO: Corrected copy/paste typo
+Daniel Stenberg (3 Dec 2014)
+- RELEASE-NOTES: synced with b216427e73b5e9
-- TODO: Added new ideas for future SMTP, POP3 and IMAP features
+- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am
-- TODO: Updated following the addition of ;auth=<MECH> support
+- updateconninfo: clear destination struct before getsockname()
+
+ Otherwise we may read uninitialized bytes later in the unix-domain
+ sockets case.
-- DOCS: Minor rewording / clarification of host name protocol detection
+- curl.1: added --unix-socket
-- RELEASE-NOTES: synced with a8c92cb60890
+- [Peter Wu brought this change]
-- DOCS: Added reference to IETF draft for SMTP URL Interface
+ tool: add --unix-socket option
- ...when mentioning login options. Additional minor clarification of
- "Windows builds" to be "Windows builds with SSPI"as a way of enabling
- NTLM as Windows builds may be built with OpenSSL to enable NTLM or
- without NTLM support altogether.
-
-Linus Nielsen Feltzing (23 Apr 2013)
-- HISTORY: Fix spelling error.
-
-Steve Holme (23 Apr 2013)
-- DOCS: Reworked the scheme calculation explanation under CURLOPT_URL
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- url: Added smtp and pop3 hostnames to the protocol detection list
+- [Peter Wu brought this change]
-Daniel Stenberg (23 Apr 2013)
-- HISTORY: correct some years/dates
+ libcurl: add UNIX domain sockets support
- Thanks to archive.org's wayback machine I updated this document with
- some facts from the early httpget/urlget web page:
+ The ability to do HTTP requests over a UNIX domain socket has been
+ requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
+ discussion happened, no patch seems to get through. I decided to give it
+ a go since I need to test a nginx HTTP server which listens on a UNIX
+ domain socket.
- http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html
-
-- [Alessandro Ghedini brought this change]
-
- tests: add test1511 to check timecond clean-up
+ One patch [3] seems to make it possible to use the
+ CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
+ Another person wrote a Go program which can do HTTP over a UNIX socket
+ for Docker[4] which uses a special URL scheme (though the name contains
+ cURL, it has no relation to the cURL library).
- Verifies the timecond fix in commit c49ed0b6c0f
-
-- [Alessandro Ghedini brought this change]
-
- getinfo.c: reset timecond when clearing session-info variables
+ This patch considers support for UNIX domain sockets at the same level
+ as HTTP proxies / IPv6, it acts as an intermediate socket provider and
+ not as a separate protocol. Since this feature affects network
+ operations, a new feature flag was added ("unix-sockets") with a
+ corresponding CURL_VERSION_UNIX_SOCKETS macro.
- Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783
- Reported-by: Ludovico Cavedon <cavedon@debian.org>
-
-Steve Holme (22 Apr 2013)
-- DOCS: Added information about login options to CURLOPT_USERPWD
-
-- DOCS: Added information about login options in the URL
-
-- url: Fixed missing length check in parse_proxy()
+ A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
+ option enables UNIX domain sockets support for all requests on the
+ handle (replacing IP sockets and skipping proxies).
- Commit 11332577b3cb removed the length check that was performed by the
- old scanf() code.
-
-- url: Fixed crash when no username or password supplied for proxy
+ A new configure option (--enable-unix-sockets) and CMake option
+ (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
+ deliberately did not mark this feature as advanced, this is a
+ feature/component that should easily be available.
- Fixed an issue in parse_proxy(), introduced in commit 11332577b3cb,
- where an empty username or password (For example: http://:@example.com)
- would cause a crash.
-
-- url: Removed unused text length constants
+ [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
+ [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
+ [2]: http://sourceforge.net/p/curl/feature-requests/53/
+ [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
+ [4]: https://github.com/Soulou/curl-unix-socket
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- url: Updated proxy URL parsing to use parse_login_details()
+- [Peter Wu brought this change]
-- url: Tidy up of setstropt_userpwd() parameters
+ tests: add two HTTP over UNIX socket tests
- Updated the naming convention of the login parameters to match those of
- other functions.
-
-- url: Tidy up of code and comments following recent changes
+ test1435: a simple test that checks whether a HTTP request can be
+ performed over the UNIX socket. The hostname/port are interpreted
+ by sws and should be ignored by cURL.
- Tidy up of variable names and comments in setstropt_userpwd() and
- parse_login_details().
-
-- url: Simplified setstropt_userpwd() following recent changes
+ test1436: test for the ability to do two requests to the same host,
+ interleaved with one to a different hostname.
- There is no need to perform separate clearing of data if a NULL option
- pointer is passed in. Instead this operation can be performed by simply
- not calling parse_login_details() and letting the rest of the code do
- the work.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- url: Correction to scope of if statements when setting data
+- [Peter Wu brought this change]
-- url: Fixed memory leak in setstropt_userpwd()
+ tests: add HTTP UNIX socket server testing support
- setstropt_userpwd() was calling setstropt() in commit fddb7b44a79d to
- set each of the login details which would duplicate the strings and
- subsequently cause a memory leak.
-
-- RELEASE-NOTES: synced with d535c4a2e1f7
+ The variable `$ipvnum` can now contain "unix" besides the integers 4
+ and 6 since the variable. Functions which receive this parameter
+ have their `$port` parameter renamed to `$port_or_path` to support a
+ path to the UNIX domain socket (as a "port" is only meaningful for TCP).
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- url: Added overriding of URL login options from CURLOPT_USERPWD
+- [Peter Wu brought this change]
-- tool_paramhlp: Fixed options being included in username
+ sws: try to remove socket and retry bind
- Fix to prevent the options from being displayed when curl requests the
- user's password if the following command line is specified:
+ If sws is killed it might leave a stale socket file on the filesystem
+ which would cause an EADDRINUSE error. After this patch, it is checked
+ whether the socket is really stale and if so, the socket file gets
+ removed and another bind is executed.
- --user username;options
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
+
+- [Peter Wu brought this change]
-- url: Added support for parsing login options from the CURLOPT_USERPWD
+ sws: add UNIX domain socket support
- In addition to parsing the optional login options from the URL, added
- support for parsing them from CURLOPT_USERPWD, to allow the following
- supported command line:
+ This extends sws with a --unix-socket option which causes the port to
+ be ignored (as the server now listens on the path specified by
+ --unix-socket). This feature will be available in the following patch
+ that enables checking for UNIX domain socket support.
- --user username:password;options
-
-- url: Added bounds checking to parse_login_details()
+ Proxy support (CONNECT) is not considered nor tested. It does not make
+ sense anyway, first connecting through a TCP proxy, then let that TCP
+ proxy connect to a UNIX socket.
- Added bounds checking when searching for the separator characters within
- the login string as this string may not be NULL terminated (For example
- it is the login part of a URL). We do this in preference to allocating a
- new string to copy the login details into which could then be passed to
- parse_login_details() for performance reasons.
-
-- url: Added size_t cast to pointer based length calculations
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- url: Corrected minor typo in comment
+- [Peter Wu brought this change]
-Daniel Stenberg (18 Apr 2013)
-- CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
+ sws: restrict TCP_NODELAY to IP sockets
- When cross-compiling we can't scan and detect existing files or paths.
+ TCP_NODELAY does not make sense for Unix sockets, so enable it only if
+ the socket is using IP.
- Bug: http://curl.haxx.se/mail/lib-2013-04/0294.html
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Ishan SinghLevett brought this change]
+Dan Fandrich (3 Dec 2014)
+- [Dave Reisner brought this change]
- usercertinmem.c: add example showing user cert in memory
-
- Relies on CURLOPT_SSL_CTX_FUNCTION, which is OpenSSL specific
+ curl.1: fix trivial typo
-Steve Holme (18 Apr 2013)
-- url: Fix chksrc longer than 79 columns warning
+Steve Holme (3 Dec 2014)
+- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()
-- url: Fix incorrect variable type for result code
+- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()
-- url: Fix compiler warning
+- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
- signed and unsigned type in conditional expression
+ Added helper function for returning a GSS-API compatible SPN.
-- url: Moved parsing of login details out of parse_url_login()
+Daniel Stenberg (3 Dec 2014)
+- NSS: enable the CAPATH option
- Separated the parsing of login details from the processing of them in
- parse_url_login() ready for use by setstropt_userpwd().
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1457
+ Patch-by: Tomasz Kojm
-- url: Re-factored set_userpass() and parse_url_userpass()
-
- Re-factored these functions to reflect their new behaviour following the
- addition of login options.
+Steve Holme (3 Dec 2014)
+- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds
-- url: Reworked URL parsing to allow overriding by CURLOPT_USERPWD
+- sasl_gssapi: Added GSS-API based Kerberos V5 variables
-Daniel Stenberg (18 Apr 2013)
-- maketgz: make bzip2 creation work with Parallel BZIP2 too
+- sws.c: Fixed compilation warning when IPv6 is disabled
- Apparently the previous usage didn't work with that implementation,
- while this updated version works with at least both Parallel BZIP2
- v1.1.8 and regular bzip "Version 1.0.6, 6-Sept-2010".
+ sws.c:69: warning: comma at end of enumerator list
-Linus Nielsen Feltzing (18 Apr 2013)
-- Add tests/http_pipe.py to the tarball build
+- sasl_gssapi: Made log_gss_error() a common GSS-API function
+
+ Made log_gss_error() a common function so that it can be used in both
+ the http_negotiate code as well as the curl_sasl_gssapi code.
-Steve Holme (16 Apr 2013)
-- smtp: Re-factored all perform based functions
+- sasl_gssapi: Introduced GSS-API based SASL module
- Standardised the naming of all perform based functions to be in the form
- smtp_perform_something().
+ Added the initial version of curl_sasl_gssapi.c and updated the project
+ files in preparation for adding GSS-API based Kerberos V5 support.
-- smtp: Added description comments to all perform based functions
+- smb: Don't try to connect with empty credentials
+
+ On some platforms curl would crash if no credentials were used. As such
+ added detection of such a use case to prevent this from happening.
+
+ Reported-by: Gisle Vanem
-- smtp: Moved smtp_quit() to be with the other perform functions
+- smb.c: Coding policing of pointer usage
-- smtp: Moved smtp_rcpt_to() to be with the other perform functions
+- configure: Fixed inclusion of SMB when no crypto engines available
-- smtp: Moved smtp_mail() to be with the other perform functions
+Guenter Knauf (1 Dec 2014)
+- build: in Makefile.m32 simplified autodetection.
-Daniel Stenberg (16 Apr 2013)
-- [Wouter Van Rooy brought this change]
+Daniel Stenberg (30 Nov 2014)
+- [Peter Wu brought this change]
- curl-config: don't output static libs when they are disabled
+ sws: move away from IPv4/IPv4-only assumption
- Curl-config outputs static libraries even when they are disabled in
- configure.
+ Instead of depending the socket domain type on use_ipv6, specify the
+ domain type (AF_INET / AF_INET6) as variable. An enum is used here with
+ switch to avoid compiler warnings in connect_to, complaining that rc
+ is possibly undefined (which is not possible as socket_domain is
+ always set).
- This causes problems with the build of pycurl.
-
-- [Dave Reisner brought this change]
-
- docs/libcurl: fix formatting in manpage
+ Besides abstracting the socket type, make the debugging messages be
+ independent on IP (introduce location_str which points to "port XXXXX").
+ Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
- Commit c3ea3eb6 introduced some minor cosmetic errors in
- curl_mutli_socket_action(3).
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Paul Howarth brought this change]
+- [Peter Wu brought this change]
- Add extra libs for lib1900 and lib2033 test programs
+ lib/connect: restrict IP/TCP options to said sockets
- These are needed in cases where clock_gettime is used, from librt.
-
-Dan Fandrich (15 Apr 2013)
-- FAQ: mention that the network connection can be monitored
+ This patch prepares for adding UNIX domain sockets support.
- Also note the prohibition on sharing handles across threads.
-
-Steve Holme (15 Apr 2013)
-- pop3: Added missing comment for pop3_state_apop_resp()
-
-- smtp: Updated the coding style of smtp_state_servergreet_resp()
+ TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
+ apply these to other socket types. bindlocal only works for IP sockets
+ (independent of TCP/UDP), so filter that out too for other types.
- Updated the coding style, in this function, to be consistant with other
- response functions rather then performing a hard return on failure.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- pop3: Updated the coding style of pop3_state_servergreet_resp()
+- smb.c: use size_t as input argument types for msg sizes
- Updated the coding style, in this function, to be consistent with other
- response functions rather then performing a hard return on failure.
+ This fixes warnings about conversions to int
-- pop3: Re-factored all perform based functions
-
- Standardised the naming of all perform based functions to be in the form
- pop3_perform_something() following the changes made to IMAP.
+Steve Holme (30 Nov 2014)
+- version: The next release will become 7.40.0
-- pop3: Added description comments to all perform based functions
+- [Bill Nagel brought this change]
-- pop3: Moved pop3_quit() to be with the other perform functions
+ docs: Updated for the SMB protocol
+
+ This patch updates the documentation for the SMB/CIFS protocol.
-- pop3: Moved pop3_command() to be with the other perform functions
+- curl tool: Exclude SMB from the protocol redirect
- Started to apply the same tidy up to the POP3 code as applied to the
- IMAP code in the 7.30.0 release.
+ As local files could be accessed through \\localhost\c$.
-- RELEASE-NOTES: Removed erroneous spaces
+- [Bill Nagel brought this change]
-- RELEASE-NOTES: synced with 8723cade21fb
+ curl tool: Enable support for the SMB protocol
+
+ This patch enables SMB/CIFS support in the curl command-line tool.
-- smtp: Added support for ;auth=<mech> in the URL
+- smb.c: Fixed compilation warnings
- Added support for specifying the preferred authentication mechanism in
- the URL as per Internet-Draft 'draft-earhart-url-smtp-00'.
+ smb.c:398: warning: comparison of integers of different signs:
+ 'ssize_t' (aka 'long') and 'unsigned long'
+ smb.c:443: warning: comparison of integers of different signs:
+ 'ssize_t' (aka 'long') and 'unsigned long'
-- pop3: Reworked authentication type constants
+- libcurl: Exclude SMB from the protocol redirect
- ... to use left-shifted values, like those defined in curl.h, rather
- than 16-bit hexadecimal values.
+ As local files could be accessed through \\localhost\c$.
-- pop3: Small consistency tidy up
+- [Bill Nagel brought this change]
-- pop3: Added support for ;auth=<mech> in the URL
+ libcurl: Enable support for the SMB protocol
- Added support for specifying the preferred authentication type and SASL
- mechanism in the URL as per RFC-2384.
+ This patch enables SMB/CIFS support in libcurl.
-- imap: Added support for ;auth=<mech> in the URL
+- smb.c: Fixed compilation warnings
- Added support for specifying the preferred authentication mechanism in
- the URL as per RFC-5092.
+ smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
+ int' may alter its value
+ smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
+ int' may alter its value
+ smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
+ smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
+ alter its value
+ smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
+ alter its value
+ smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
-- sasl: Reworked SASL mechanism constants
+- smb.c: Renamed SMB command message variables to avoid compiler warnings
- ... to use left-shifted values, like those defined in curl.h, rather
- than 16-bit hexadecimal values.
+ smb.c:489: warning: declaration of 'close' shadows a global declaration
+ smb.c:511: warning: declaration of 'read' shadows a global declaration
+ smb.c:528: warning: declaration of 'write' shadows a global declaration
-- sasl: Added predefined preferred mechanism values
+- smb.c: Fixed compilation warnings
- In preparation for the upcoming changes to IMAP, POP3 and SMTP added
- preferred mechanism values.
+ smb.c:212: warning: unused parameter 'done'
+ smb.c:380: warning: ISO C does not allow extra ';' outside of a function
+ smb.c:812: warning: unused parameter 'premature'
+ smb.c:822: warning: unused parameter 'dead'
-- url: Added support for parsing login options from the URL
-
- As well as parsing the username and password from the URL, added support
- for parsing the optional options part from the login details, to allow
- the following supported URL format:
+- smb.c: Fixed compilation warnings
- schema://username:password;options@example.com/path?q=foobar
+ smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
+ possible loss of data
+ smb.c:425: warning: conversion from '__int64' to 'unsigned short',
+ possible loss of data
+ smb.c:452: warning: conversion from '__int64' to 'unsigned short',
+ possible loss of data
+
+- smb.c: Fixed compilation warnings
- This will only be used by IMAP, POP3 and SMTP at present but any
- protocol that may be given login options in the URL will be able to
- add support for them.
+ smb.c:162: error: comma at end of enumerator list
+ smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
+ possible loss of data
+ smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
+ possible loss of data
+ smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
+ possible loss of data
-- smtp: Fix compiler warning
+- [Bill Nagel brought this change]
+
+ smb: Added initial SMB functionality
- warning: unused variable 'smtp' introduced in commit 73cbd21b5ee6.
+ Initial implementation of the SMB/CIFS protocol.
-- smtp: Moved parsing of url path into separate function
+- [Bill Nagel brought this change]
-Daniel Stenberg (12 Apr 2013)
-- FTP: handle a 230 welcome response
+ smb: Added SMB handler interfaces
- ...instead of the 220 we otherwise expect.
+ Added the SMB and SMBS handler interface structures and associated
+ functions required for SMB/CIFS operation.
+
+- transfer: Code style policing
- Made the ftpserver.pl support sending a custom "welcome" and then
- created test 1219 to verify this fix with such a 230 welcome.
+ Prefer ! rather than NULL in if statements, added comments and updated
+ function spacing, argument spacing and line spacing to be more readble.
+
+- transfer: Fixed existing scratch buffer being checked for NULL twice
- Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html
- Reported by: Anders Havn
+ If the scratch buffer already existed when the CRLF conversion was
+ performed then the buffer pointer would be checked twice for NULL. This
+ second check is only necessary if the call to malloc() was performed by
+ the first check.
-- configure: try pthread_create without -lpthread
+- smtp: Fixed dot stuffing being performed when no new data read
- For libc variants without a spearate pthread lib (like bionic), try
- using pthreads without the pthreads lib first and only if that fails try
- the -lpthread linker flag.
+ Whilst I had moved the dot stuffing code from being performed before
+ CRLF conversion takes place to after it, in commit 4bd860a001, I had
+ moved it outside the 'when something read' block of code when meant
+ it could perform the dot stuffing twice on partial send if nread
+ happened to contain the right values. It also meant the function could
+ potentially read past the end of buffer. This was highlighted by the
+ following warning:
- Bug: http://curl.haxx.se/bug/view.cgi?id=1216
- Reported by: Duncan
+ warning: `nread' might be used uninitialized in this function
-- FTP: access files in root dir correctly
-
- Accessing a file with an absolute path in the root dir but with no
- directory specified was not handled correctly. This fix comes with four
- new test cases that verify it.
+Daniel Stenberg (29 Nov 2014)
+- smb.h: fixed picky compiler warning
- Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html
- Reported by: Sam Deane
+ smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]
-Steve Holme (12 Apr 2013)
-- pop3: Reworked the function description for Curl_pop3_write()
+Steve Holme (29 Nov 2014)
+- tests: Disable test 1013 until SMB is fully added
-- pop3: Added function description to pop3_parse_custom_request()
+- [Bill Nagel brought this change]
-- pop3: Moved utility functions to end of pop3.c
+ smb: Added SMB protocol and port definitions
+
+ Added the necessary protocol and port definitions in order to support
+ SMB/CIFS.
-Nick Zitzmann (12 Apr 2013)
-- darwinssl: add TLS session resumption
+- [Bill Nagel brought this change]
+
+ smb: Added internal SMB definitions and structures
- This ought to speed up additional TLS handshakes, at least in theory.
+ Added the internal definitions and structures necessary for SMB/CIFS
+ support.
-Steve Holme (12 Apr 2013)
-- imap: Added function description to imap_parse_custom_request()
+- [Bill Nagel brought this change]
-- imap: Moved utility functions to end of imap.c (Part 3/3)
+ smb: Added SMB connection structure
- Moved imap_is_bchar() be with the other utility based functions.
+ Added the connection structure that will be required in urldata.h for
+ SMB/CIFS based connections.
+
+- [Bill Nagel brought this change]
-- imap: Moved utility functions to end of imap.c (Part 2/3)
+ smb: Added initial source files for SMB
- Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the
- file allowing all utility functions to be grouped together.
+ Added the initial source files and updated the relevant project files in
+ order to support SMB/CIFS.
-- imap: Moved utility functions to end of imap.c (Part 1/3)
+- [Bill Nagel brought this change]
+
+ smb: Added configuration options for SMB
- Moved imap_atom() and imap_sendf() to the end of the file allowing all
- utility functions to be grouped together.
+ Added --enable-smb and --disable-smb configuration options for the
+ upcoming SMB/CIFS protocol support.
-- imap: Corrected function description for imap_connect()
+Daniel Stenberg (28 Nov 2014)
+- [Peter Wu brought this change]
-Kamil Dudka (12 Apr 2013)
-- tests: prevent test206, test1060, and test1061 from failing
+ runtests.pl: fix startup of IPv6 servers
+
+ Commit curl-7_23_1-143-g8218064 changed the parameter of
+ responsive_http_server to accept types other than IPv6 (converting
+ from a boolean to a string), but only considered the lower-case "ipv6"
+ and not the "IPv6" variant. This caused all servers to start in IPv4
+ mode instead.
- ... in case runtests.pl is invoked with non-default -b option
+ This patch converts the remaining cases to "ipv6". While not strictly
+ necessary for the run*server variants, these got also converted for
+ consistency and to prevent future errors.
- Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (12 Apr 2013)
-- [David Strauss brought this change]
+- [Peter Wu brought this change]
- libcurl-share.3: update what it does and does not share.
+ runtests.pl: fix warning message, remove duplicate value
- Update sharing interface documentation to provide exhaustive list of
- what it does and does not share.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- THANKS: remove duplicated names
+Steve Holme (27 Nov 2014)
+- http.c: Fixed compilation warnings from features being disabled
+
+ warning: unused variable 'data'
+ warning: variable 'addcookies' set but not used
+
+ ...and some very minor coding style policing.
-- bump: start working towards next release
+- RELEASE-NOTES: Synced with c5399c827d
-- THANKS: added people from the 7.30.0 RELEASE-NOTES
+- tests: Added SMTP with --crlf test case
-Version 7.30.0 (12 Apr 2013)
+- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion
-Daniel Stenberg (12 Apr 2013)
-- RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd20)
+- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
- Most notable the security advisory:
- http://curl.haxx.se/docs/adv_20130412.html
+ ...and some comment typos!
-- test1218: another cookie tailmatch test
+- smtp: Added support for the conversion of Unix newlines during mail send
- ... and make 1216 also verify it with a file input
+ Added support for the automatic conversion of Unix newlines to CRLF
+ during mail uploads.
- These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
- domain tailmatch" vulnerability. See
- http://curl.haxx.se/docs/adv_20130412.html
+ Feature: http://curl.haxx.se/bug/view.cgi?id=1456
-- [YAMADA Yasuharu brought this change]
+- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols
- cookie: fix tailmatching to prevent cross-domain leakage
-
- Cookies set for 'example.com' could accidentaly also be sent by libcurl
- to the 'bexample.com' (ie with a prefix to the first domain name).
+Daniel Stenberg (25 Nov 2014)
+- curl*3: added small examples
- This is a security vulnerabilty, CVE-2013-1944.
-
- Bug: http://curl.haxx.se/docs/adv_20130412.html
+ and some minor edits
-Guenter Knauf (11 Apr 2013)
-- Enabled MinGW sync resolver builds.
+- libcurl.3: fix formatting
+
+ refer to functions with the man page section properly
-Yang Tse (10 Apr 2013)
-- if2ip.c: fix compiler warning
+- man pages: SEE ALSO curl_multi_wait
-Guenter Knauf (10 Apr 2013)
-- Fixed lost OpenSSL output with "-t" - followup.
-
- The previously applied patch didnt work on Windows; we cant rely
- on shell commands like 'echo' since they act diffently on each
- platform and each shell.
- In order to keep this script platform-independent the code must
- only use pure Perl.
+- curl_multi_wait.3: clarify numfds being used if not NULL
-Daniel Stenberg (9 Apr 2013)
-- test1217: verify parsing 257 responses with "rubbish" before path
+- multi-single.c: switch to use curl_multi_wait
- Test 1217 verifies commit e0fb2d86c9f78, and without that change this
- test fails.
+ Makes the example much easier and straight-forward!
-- [Bill Middlecamp brought this change]
+- testcurl: bump the version of this script!
- FTP: handle "rubbish" in front of directory name in 257 responses
+- testcurl: skip reading the setup file if given enough cmdline info
- When doing PWD, there's a 257 response which apparently some servers
- prefix with a comment before the path instead of after it as is
- otherwise the norm.
-
- Failing to parse this, several otherwise legitimate use cases break.
+ This makes it much easier to run multiple tests in the same directory,
+ just altering the command lines used.
+
+- select.c: fix compilation for VxWorks
- Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html
+ Reported-by: Brian
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1455
-Guenter Knauf (9 Apr 2013)
-- Fixed ares-enabled builds with static makefiles.
+Patrick Monnerat (24 Nov 2014)
+- [moparisthebest brought this change]
-- Fixed lost OpenSSL output with "-t".
-
- The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM
- output wrote to a temporary file. Consequently, the OpenSSL output was
- lost when the temp file was renamed to the final file at script finish
- (overwriting the final file written earlier by openssl).
- Patch posted to the list by Richard Michael (rmichael edgeofthenet org).
+ SSL: Add PEM format support for public key pinning
-Daniel Stenberg (9 Apr 2013)
-- test1216: test tailmatching cookie domains
+Kamil Dudka (24 Nov 2014)
+- Revert "repository: ignore patch files generated by git"
- This test is an attempt to repeat the problem YAMADA Yasuharu reported
- at http://curl.haxx.se/mail/lib-2013-04/0108.html
-
-- RELEASe-NOTES: synced with 29fdb2700f797
+ This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61.
- added "tcpkeepalive on Mac OS X"
+ Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738
-Nick Zitzmann (8 Apr 2013)
-- darwinssl: disable insecure ciphers by default
+Steve Holme (23 Nov 2014)
+- multi.c: Fixed compilation warnings when no verbose string support
- I noticed that aria2's SecureTransport code disables insecure ciphers such
- as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
- That's a good idea, and now we do the same thing in order to prevent curl
- from accessing a "secure" site that only negotiates insecure ciphersuites.
+ warning: variable 'connection_id' set but not used
+ warning: unused parameter 'lineno'
+
+- RELEASE-NOTES: Synced with 1450712e76
+
+- sasl: Tidied up some parameter comments
-Daniel Stenberg (8 Apr 2013)
-- [Robert Wruck brought this change]
+- sasl: Reduced the need for two sets of NTLM functions
- tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSX
-
- MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single
- TCP_KEEPALIVE (see
- http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html).
- Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms.
+- ntlm: Moved NSS initialisation to base decode function
-- configure: remove CURL_CHECK_FUNC_RECVFROM
-
- 1 - We don't use the results from the test and we never did. recvfrom()
- is only used by the TFTP code and it has not caused any problems.
+- http_ntlm: Fixed additional NSS initialisation call when decoding type-2
- 2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow
+ After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
+ twice when decoding a NTLM type-2 message, once directly and the other
+ through the call to Curl_sasl_decode_ntlm_type2_message().
-Steve Holme (8 Apr 2013)
-- RELEASE-NOTES: Corrected duplicate NTLM memory leaks
+- ntlm: Fixed static'ness of local decode function
-- RELEASE-NOTES: Removed trailing full stop
+- ntlm: Corrected some parameter names and comments
-Daniel Stenberg (8 Apr 2013)
-- [Fabian Keil brought this change]
+- runtests.pl: Re-aligned feature support comments
- proxy: make ConnectionExists() check credential of proxyconnections too
+- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature
- Previously it only compared credentials if the requested needle
- connection wasn't using a proxy. This caused NTLM authentication
- failures when using proxies as the authentication code wasn't send on
- the connection where the challenge arrived.
+ In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto
+ feature.
- Added test 1215 to verify: NTLM server authentication through a proxy
- (This is a modified copy of test 67)
+ ...and converted tab characters, from commit 4b4e8a5853, to spaces.
-- RELEASE-NOTES: sync with 704a5dfca9
+- runtests.pl: Added support for SPNEGO
-- TODO-RELEASE: cleaned up, not really maintained lately
+- runtests.pl: Added Kerberos detection
-Marc Hoersken (7 Apr 2013)
-- if2ip.c: Fixed another warning: unused parameter 'remote_scope'
+- runtests.pl: Added GSS-API detection
-Daniel Stenberg (7 Apr 2013)
-- [Marc Hoersken brought this change]
+- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list
- cookie.c: Made cookie sort function more deterministic
+- FILEFORMAT: Added test requires feature not present information
- Since qsort implementations vary with regards to handling the order
- of similiar elements, this change makes the internal sort function
- more deterministic by comparing path length first, then domain length
- and finally the cookie name. Spotted with testcase 62 on Windows.
+ Such as !SSPI as we do for the NTLM and Digest tests.
-Marc Hoersken (7 Apr 2013)
-- curl_schannel.c: Follow up on memory leak fix ae4558d
+Daniel Stenberg (20 Nov 2014)
+- http.c: log if it notices HTTP 1.1 after a upgrade to http2
-- Revert "getpart.pm: Strip carriage returns to fix Windows support"
-
- This reverts commit e51b23c925a2721cf7c29b2b376d3d8903cfb067.
- As discussed on the mailinglist, this was not the correct approach.
+- test1801: first real http2 test case
-- http_negotiate.c: Fixed passing argument from incompatible pointer type
+- sws: initial tiny steps toward http2 support
-- ftp.c: Added missing brackets around ABOR command logic
+- FILEFORMAT: mention the new upgrade support
-- sockfilt.c: Fixed detection of client-side connection close
+- test1800: first plain-text http2 test case
- WINSOCK only:
- Since FD_CLOSE is only signaled once, it may trigger at the same
- time as FD_READ. Data actually being available makes it impossible
- to detect that the connection was closed by checking that recv returns
- zero. Another recv attempt could block the connection if it was
- not closed. This workaround abuses exceptfds in conjunction with
- readfds to signal that the connection has actually closed.
+ Verifies the upgrade request, but gets a plain 1.1 response
-- curl_schannel.c: Fixed memory leak if connection was not successful
+- [Tatsuhiro Tsujikawa brought this change]
-- if2ip.c: Fixed warning: unused parameter 'remote_scope'
+ http: Disable pipelining for HTTP/2 and upgraded connections
+
+ This commit disables pipelining for HTTP/2 or upgraded connections. For
+ HTTP/2, we do not support multiplexing. In general, requests cannot be
+ pipelined in an upgraded connection, since it is now different protocol.
+
+- [Brad Harder brought this change]
-- runtests.pl: Fixed --verbose parameter passed to http_pipe.py
+ CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
-- sockfilt.c: Reduce CPU load while running under a Windows PIPE
+Steve Holme (19 Nov 2014)
+- multi-uv.c: Updated for curl coding standards
-- tftpd.c: Apply sread timeout to the whole data transfer session
+- conncache: Fixed specifiers in infof() for long and size_t variables
-- getpart.pm: Strip carriage returns to fix Windows support
+- [Peter Wu brought this change]
-Daniel Stenberg (6 Apr 2013)
-- ftp tests: libcurl returns CURLE_FTP_ACCEPT_FAILED better now
+ cmake: add Kerberos to the supported features
- Since commit 57aeabcc1a20f, it handles errors on the control connection
- while waiting for the data connection better.
+ Updated following commit eda919f and a4b7f71.
- Test 591 and 592 are updated accordingly.
+ Acked-by: Brad King <brad.king@kitware.com>
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- FTP: wait on both connections during active STOR state
+- [Peter Wu brought this change]
+
+ cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
+
+ Updated following changes in commit f0d860d.
- When doing PORT and upload (STOR), this function needs to extract the
- file descriptor for both connections so that it will respond immediately
- when the server eventually connects back.
+ Acked-by: Brad King <brad.king@kitware.com>
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
+
+Daniel Stenberg (19 Nov 2014)
+- RELEASE-NOTES: synced with cb13fad733e
+
+- [Jay Satiro brought this change]
+
+ examples: Wait recommended 100ms when no file descriptors are ready
- This flaw caused active connections to become unnecessary slow but they
- would still often work due to the normal polling on a timeout. The bug
- also would not occur if the server connected back very fast, like when
- testing on local networks.
+ Prior to this change when no file descriptors were ready on platforms
+ other than Windows the multi examples would sleep whatever was in
+ timeout, which may or may not have been less than the minimum
+ recommended value [1] of 100ms.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1183
- Reported by: Daniel Theron
+ [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
+
+- [Waldek Kozba brought this change]
-Marc Hoersken (6 Apr 2013)
-- tftpd.c: Follow up cleanup and restore of previous sockopt
+ multi-uv.c: close the file handle after download
-Daniel Stenberg (6 Apr 2013)
-- [Kim Vandry brought this change]
+- [Jon Spencer brought this change]
- connect: treat an interface bindlocal() problem as a non-fatal error
+ multi: inform about closed sockets before they are closed
- I am using curl_easy_setopt(CURLOPT_INTERFACE, "if!something") to force
- transfers to use a particular interface but the transfer fails with
- CURLE_INTERFACE_FAILED, "Failed binding local connection end" if the
- interface I specify has no IPv6 address. The cause is as follows:
+ When the connection code decides to close a socket it informs the multi
+ system via the Curl_multi_closed function. The multi system may, in
+ turn, invoke the CURLMOPT_SOCKETFUNCTION function with
+ CURL_POLL_REMOVE. This happens after the socket has already been
+ closed. Reorder the code so that CURL_POLL_REMOVE is called before the
+ socket is closed.
+
+Guenter Knauf (19 Nov 2014)
+- build: in Makefile.m32 moved target autodetection.
- The remote hostname resolves successfully and has an IPv6 address and an
- IPv4 address.
+ Moved target autodetection block after defining CC macro.
+
+- build: in Makefile.m32 simplify platform flags.
+
+- build: in Makefile.m32 try to detect 64bit target.
+
+Daniel Stenberg (19 Nov 2014)
+- [Brad King brought this change]
+
+ CMake: Simplify if() conditions on check result variables
- cURL attempts to connect to the IPv6 address first.
+ Remove use of an old hack that takes advantage of the auto-dereference
+ behavior of the if() command to detect if a variable is defined. The
+ hack has the form:
- bindlocal (in lib/connect.c) fails because Curl_if2ip cannot find an
- IPv6 address on the interface.
+ if("${VAR} MATCHES "^${VAR}$")
- This is a fatal error in singleipconnect()
+ where "${VAR}" is a macro argument reference. Use if(DEFINED) instead.
+ This also avoids warnings for CMake Policy CMP0054 in CMake 3.1.
+
+- TODO-RELEASE: removed
+
+- [Carlo Wood brought this change]
+
+ debug: added new connection cache output, plus fixups
- This change will make cURL try the next IP address in the list.
+ Debug output 'typo' fix.
- Also included are two changes related to IPv6 address scope:
+ Don't print an extra "0x" in
+ * Pipe broke: handle 0x0x2546d88, url = /
- - Filter the choice of address in Curl_if2ip to only consider addresses
- with the same scope ID as the connection address (mismatched scope for
- local and remote address does not result in a working connection).
+ Add debug output.
+ Print the number of connections in the connection cache when
+ adding one, and not only when one is removed.
- - bindlocal was ignoring the scope ID of addresses returned by
- Curl_if2ip . Now it uses them.
+ Fix typos in comments.
+
+- multi: move the ending condition into the loop as well
- Bug: http://curl.haxx.se/bug/view.cgi?id=1189
+ ... as it was before I changed the loop in commit e04ccbd50. It caused
+ test 2030 and 2032 to fail.
-Marc Hoersken (6 Apr 2013)
-- tftpd.c: Fixed sread timeout on Windows by setting it manually
+Steve Holme (18 Nov 2014)
+- multi: Prefer we don't use CURLE_OK and NULL in comparisons
-- ftp.pm: Added tskill to support Windows XP Home
+Daniel Stenberg (18 Nov 2014)
+- multi_runsingle: use 'result' for local CURLcode storage
+
+ ... and assign data->result only at the end. Makes the code more compact
+ (easier to read) and more similar to other code.
-- runtests.pl: Modularization of MinGW/Msys compatibility functions
+- multi_runsingle: rename result to rc
+
+ save 'result' for CURLcode types
-- ftp.pm: Made Perl testsuite able to handle Windows processes
+- multi: make multi_runsingle loop internally
+
+ simplifies the use of this function at little cost.
-- util.c: Revert workaround eeefcdf, 6eb56e7 and e3787e8
+- [Carlo Wood brought this change]
-- ftp.pm: Made Perl testsuite able to kill Windows processes
+ multi: when leaving for timeout, close accordingly
+
+ Fixes the problem when a transfer in a pipeline times out.
-- util.c: Follow up cleanup on eeefcdf
+Guenter Knauf (18 Nov 2014)
+- build: in Makefile.m32 add -m32 flag for 32bit.
-Daniel Stenberg (6 Apr 2013)
-- cpp: use #ifdef __MINGW32__ to avoid compiler complaints
-
- ... instead of just #if
+- mk-ca-bundle.vbs: update copyright year.
-Marc Hoersken (6 Apr 2013)
-- util.c: Made write_pidfile write the correct PID on MinGW/Msys
-
- This workaround fixes an issue on MinGW/Msys regarding the Perl
- testsuite scripts not being able to signal or control the server
- processes. The MinGW Perl runtime only sees the Msys processes and
- their corresponding PIDs, but sockfilt (and other servers) wrote the
- Windows PID into their PID-files. Since this PID is useless to the
- testsuite, the write_pidfile function was changed to search for the
- Msys PID and write that into the PID-file.
+- build: in Makefile.m32 pass -F flag to windres.
-Daniel Stenberg (5 Apr 2013)
-- RELEASE-NOTES: synced with 5e722b2d09087
+Steve Holme (17 Nov 2014)
+- config-win32: Fixed build targets for the VS2012+ Windows XP toolset
- 3 more bug fixes, 6 more contributors
+ Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
+ forgotten to include the relevant pre-processor definitions.
-Marc Hoersken (5 Apr 2013)
-- sockfilt.c: Fixed handling of multiple fds being signaled
+- sasl_sspi: Removed note about the NTLM functions being a wrapper
-Kamil Dudka (5 Apr 2013)
-- curl_global_init.3: improve description of CURL_GLOBAL_ALL
+- connect.c: Fixed compilation warning when no verbose string support
- Reported by: Tomas Mlcoch
+ warning: unused parameter 'reason'
-- examples/multi-single.c: fix the order of destructions
-
- ... so that it adheres to the API documentation.
+- easy.c: Fixed compilation warning when no verbose string support
- Reported by: Tomas Mlcoch
+ warning: unused parameter 'easy'
-Daniel Stenberg (5 Apr 2013)
-- Curl_open: restore default MAXCONNECTS to 5
+- win32: Updated some legacy APIs to use the newer extended versions
- At some point recently we lost the default value for the easy handle's
- connection cache, and this change puts it back to 5 - which is the
- former default value and it is documented in the curl_easy_setopt.3 man
- page.
-
-Marc Hoersken (4 Apr 2013)
-- sockfilt.c: Added wrapper functions to fix Windows console issues
+ Updated the usage of some legacy APIs, that are preventing curl from
+ compiling for Windows Store and Windows Phone build targets.
- The new read and write wrapper functions support reading from stdin
- and writing to stdout/stderr on Windows by using the appropriate
- Windows API functions and data types.
-
-Yang Tse (4 Apr 2013)
-- lib1509.c: fix compiler warnings
+ Suggested-by: Stefan Neis
+ Feature: http://sourceforge.net/p/curl/feature-requests/82/
-- easy.c: fix compiler warning
-
-Daniel Stenberg (4 Apr 2013)
-- --engine: spellfix the help message
+- config-win32: Introduce build targets for VS2012+
- Reported by: Fredrik Thulin
+ Visual Studio 2012 introduced support for Windows Store apps as well as
+ supporting Windows Phone 8. Introduced build targets that allow more
+ modern APIs to be used as certain legacy ones are not available on these
+ new platforms.
-Yang Tse (4 Apr 2013)
-- http_negotiate.c: follow-up for commit 3dcc1a9c
+- sasl_sspi: Fixed compilation warnings when no verbose string support
-Linus Nielsen Feltzing (4 Apr 2013)
-- easy: Fix the broken CURLOPT_MAXCONNECTS option
-
- Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in
- curl_easy_perform().
+- sasl_sspi: Added base64 decoding debug failure messages
- Bug: http://curl.haxx.se/bug/view.cgi?id=1212
- Reported-by: Steven Gu
+ Just like in the NTLM code, added infof() failure messages for
+ DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
-Guenter Knauf (4 Apr 2013)
-- Updated copyright date.
+- ntlm: Moved the SSPI based Type-3 message generation into the SASL module
-- Another small output fix for --help and --version.
+- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module
-Yang Tse (4 Apr 2013)
-- http_negotiate.c: fix several SPNEGO memory handling issues
+- ntlm: Moved the SSPI based Type-1 message generation into the SASL module
-Guenter Knauf (4 Apr 2013)
-- Added a cont to specify base64 line wrap.
+- [Michael Osipov brought this change]
-- Fixed version output.
+ kerberos: Use symbol qualified with _KERBEROS5
+
+ For consistency renamed USE_KRB5 to USE_KERBEROS5.
-- Added support for --help and --version options.
+Daniel Stenberg (15 Nov 2014)
+- [Jay Satiro brought this change]
-- Added option to specify length of base64 output.
+ examples: Don't call select() to sleep on windows
+
+ Windows does not support using select() for sleeping without a dummy
+ socket. Instead use Windows' Sleep() and sleep for 100ms which is the
+ minimum suggested value in the curl_multi_fdset() doc.
- Based on a patch posted to the list by Richard Michael.
+ Prior to this change the multi examples would exit prematurely since
+ select() would error instead of sleeping when called without an fd.
+
+ Reported-by: Johan Lantz
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
-Daniel Stenberg (3 Apr 2013)
-- curl_easy_setopt.3: CURLOPT_HTTPGET disables CURLOPT_UPLOAD
+- [Tatsuhiro Tsujikawa brought this change]
-- [Yasuharu Yamada brought this change]
+ http2: Don't send Upgrade headers when we already do HTTP/2
- Curl_cookie_add: only increase numcookies for new cookies
+Steve Holme (15 Nov 2014)
+- sasl: Corrected Curl_sasl_build_spn() function description
- Count up numcookies in Curl_cookie_add() only when cookie is new one
+ There was a mismatch in function parameter names.
-- SO_SNDBUF: don't set SNDBUF for win32 versions vista or later
-
- The Microsoft knowledge-base article
- http://support.microsoft.com/kb/823764 describes how to use SNDBUF to
- overcome a performance shortcoming in winsock, but it doesn't apply to
- Windows Vista and later versions. If the described SNDBUF magic is
- applied when running on those more recent Windows versions, it seems to
- instead have the reversed effect in many cases and thus make libcurl
- perform less good on those systems.
+- tool: Removed krb4 from the supported features
- This fix thus adds a run-time version-check that does the SNDBUF magic
- conditionally depending if it is deemed necessary or not.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1188
- Reported by: Andrew Kurushin
- Tested by: Christian Hägele
+ Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
+ so would not be output with --version, removed krb4 from the supported
+ features output.
-Nick Zitzmann (1 Apr 2013)
-- darwinssl: additional descriptive messages of SSL handshake errors
-
- (This doesn't need to appear in the release notes.)
+- [Michael Osipov brought this change]
-Guenter Knauf (1 Apr 2013)
-- Added dns and connect time to output.
+ tool: Use Kerberos for supported features
-Daniel Stenberg (1 Apr 2013)
-- RELEASE-NOTES: synced with 0614b902136
+- urldata: Don't define sec_complete when no GSS-API support present
+
+ This variable is only used with HAVE_GSSAPI is defined by the FTP code
+ so let's place the definition with the other GSS-API based variables.
-- code-policed
+- [Michael Osipov brought this change]
-- tcpkeepalive: support TCP_KEEPIDLE/TCP_KEEPINTVL on win32
-
- Patch by: Robert Wruck
- Bug: http://curl.haxx.se/bug/view.cgi?id=1209
+ docs: Use consistent naming for Kerberos
-- BINDINGS: BBHTTP is a cocoa binding, Julia has a binding
+- TODO: Lets support QOP options in GSSAPI authentication
-- ftp_sendquote: use PPSENDF, not FTPSENDF
+- sasl_sspi: Corrected a couple of comment typos
+
+- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
- The last remaining code piece that still used FTPSENDF now uses PPSENDF.
- In the problematic case, a PREQUOTE series was done on a re-used
- connection when Curl_pp_init() hadn't been called so it had messed up
- pointers. The init call is done properly from Curl_pp_sendf() so this
- change fixes this particular crash.
+ Rather than define the function as extern in the source files that use
+ it, moved the function declaration into the SASL header file just like
+ the Digest and NTLM clean-up functions.
- Bug: http://curl.haxx.se/mail/lib-2013-03/0319.html
- Reported by: Sam Deane
+ Additionally, added a function description comment block.
-Steve Holme (27 Mar 2013)
-- RELEASE-NOTES: Corrected typo
+- sasl_sspi: Added missing RFC reference for HTTP Digest authentication
-Daniel Stenberg (27 Mar 2013)
-- [Clemens Gruber brought this change]
+- ntlm: Clean-up and standardisation of base64 decoding
- multi-uv.c: remove unused variable
+- ntlm: We prefer 'CURLcode result'
-- RELEASE-NOTES: add two references
+Daniel Stenberg (13 Nov 2014)
+- [Brad King brought this change]
-- test1509: verify proxy header response headers count
+ CMake: Restore order-dependent library checks
- Modified sws to support and use custom CONNECT responses instead of the
- previously naive hard-coded version. Made the HTTP test server able to
- extract test case number from the host name in a CONNECT request by
- finding the number after the last dot. It makes 'machine.moo.123' use
- test case 123.
+ Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies,
+ 2014-08-22) and add a comment explaining the purpose of the original
+ code.
- Adapted a larger amount of tests to the new <connect> style.
+ The check_library_exists_concat macro is intended to be called multiple
+ times on a sequence of possibly dependent libraries. Later libraries
+ may depend on earlier libraries when they are static. They cannot be
+ safely linked in reverse order on some platforms.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1204
- Reported by: Martin Jansen
-
-- [Clemens Gruber brought this change]
+ Signed-off-by: Brad King <brad.king@kitware.com>
- Added libuv example multi-uv.c
+- [Brad King brought this change]
-Yang Tse (25 Mar 2013)
-- NTLM: fix several NTLM code paths memory leaks
-
-- WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage
-
- As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in
- WIN32 specific code, so tracking of these has not been extended for
- other build targets. Without this fix, memory tracking system on
- WIN32 builds, when using these functions, would provide misleading
- results.
+ CMake: Restore order-dependent header checks
- In order to properly extend this support for all targets curl.h
- would have to define curl_wcsdup_callback prototype and consequently
- wchar_t should be visible before that in curl.h. IOW curl_wchar_t
- defined in curlbuild.h and this pulling whatever system header is
- required to get wchar_t definition.
+ Revert commit 1269df2e3b (Cmake: Don't check for all headers each
+ time, 2014-08-15) and add a comment explaining the purpose of the
+ original code.
- Additionally a new curl_global_init_mem() function that also receives
- user defined wcsdup() callback would be required.
-
-- curl_ntlm_msgs.c: revert commit 463082bea4
+ The check_include_file_concat macro is intended to be called multiple
+ times on a sequence of possibly dependent headers. Later headers
+ may depend on earlier headers to provide declarations. They cannot
+ be safely included independently on some platforms.
- reverts unreleased invalid memory leak fix
-
-Daniel Stenberg (23 Mar 2013)
-- RELEASE-NOTES: synced with bc6037ed3ec02
+ For example, many POSIX APIs document including sys/types.h before some
+ other headers. Also on some OS X versions sys/socket.h must be included
+ before net/if.h or the check for the latter will fail.
- More changes, bugfixes and contributors!
+ Signed-off-by: Brad King <brad.king@kitware.com>
-- [Martin Jansen brought this change]
+- [Peter Wu brought this change]
- Curl_proxyCONNECT: count received headers
+ test22: expand a backtick command
- Proxy servers tend to add their own headers at the beginning of
- responses. The size of these headers was not taken into account by
- CURLINFO_HEADER_SIZE before this change.
+ This is the only user of the backtick operator in the command. As the
+ commands will soon not be executed by a shell anymore (but by perl),
+ replace the command with its output.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1204
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Steve Holme (21 Mar 2013)
-- sasl: Corrected a few violations of the curl coding standards
-
- Corrected some incorrectly positioned pointer variable declarations to
- be "char *" rather than "char* ".
+- RELEASE-NOTES: synced with 2ee3c63b13
-- multi.c: Corrected a couple of violations of the curl coding standards
-
- Corrected some incorrectly positioned pointer variable declarations to
- be "type *" rather than "type* ".
+- http2: fix switched macro when http2 is not enabled
-- imap-tests: Added CRLF to reply data to be compliant with RFC-822
-
- Updated the reply data in tests: 800, 801, 802, 804 and 1321 to possess
- the CRLF as per RFC-822.
+- [Tatsuhiro Tsujikawa brought this change]
-- multi.c: Fix compilation warning
+ http2: Deal with HTTP/2 data inside response header buffer
- warning: an enumerated type is mixed with another type
+ Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
+ (thus they are in the same buffer), the trailing HTTP/2 traffic is not
+ processed and lost. The appended data is most likely SETTINGS frame.
+ If it is lost, nghttp2 library complains server does not obey the HTTP/2
+ protocol and issues GOAWAY frame and curl eventually drops connection.
+ This commit fixes this problem and now trailing data is processed.
-- multi.c: fix compilation error
+Steve Holme (11 Nov 2014)
+- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
- warning: conversion from enumeration type to different enumeration type
+ Commit fe0f8967bf fixed a problem with krb5 not being defined as a
+ supported feature when HAVE_GSSAPI is defined, however, it should
+ only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
+ SPNEGO is listed as a feature.
-- lib1900.c: fix compilation warning
+Daniel Stenberg (10 Nov 2014)
+- multi: removed Curl_multi_set_easy_connection
+
+ It isn't used anywhere!
- warning: declaration of 'time' shadows a global declaration
+ Reported-by: Carlo Wood
-Yang Tse (20 Mar 2013)
-- [John E. Malmberg brought this change]
+- [Peter Wu brought this change]
- build_vms.com: use existing curlbuild.h and parsing fix
-
- This patch removes building curlbuild.h from the build_vms.com procedure
- and uses the one in the daily or release tarball instead.
+ symbol-scan.pl: do not require autotools
- packages/vms/build_curlbuild_h.com is obsolete with this change.
+ Makes test1119 pass when building with cmake.
- Accessing the library module name "tool_main" needs different handling
- when the optional extended parsing is enabled.
+ configurehelp.pm is generated by configure (autotools). As cmake does
+ not provide a separate variable for the C preprocessor, default to cpp.
+ Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan:
+ use configure script knowledge about how to run the C preprocessor"),
+ this tool would also use 'cpp'.
- Tested on IA64/VMS 8.4 and VAX/VMS 7.3
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Nick Zitzmann (19 Mar 2013)
-- darwinssl: disable ECC ciphers under Mountain Lion by default
-
- I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are
- turned off until the next point release of OS X.
-
-Steve Holme (18 Mar 2013)
-- FEATURES: Small tidy up for constancy and grammar
+- [Peter Wu brought this change]
-Daniel Stenberg (18 Mar 2013)
-- [Oliver Schindler brought this change]
-
- Curl_proxyCONNECT: clear 'rewindaftersend' on success
-
- After having done a POST over a CONNECT request, the 'rewindaftersend'
- boolean could be holding the previous value which could lead to badness.
+ cmake: add ENABLE_THREADED_RESOLVER, rename ARES
- This should be tested for in a new test case!
+ Fix detection of the AsynchDNS feature which not just depends on
+ pthreads support, but also on whether USE_POSIX_THREADS is set or not.
+ Caught by test 1014.
- Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
-
-Steve Holme (18 Mar 2013)
-- TODO: Reordered the protocol and security sections
+ This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
+ --enable-threaded-resolver of autotools) which also needs a check for
+ HAVE_PTHREAD_H.
- Moved SMTP, POP3, IMAP and New Protocol sections to be listed after the
- other protocols (FTP, HTTP and TELNET) and SASL to be after SSL and
- GnuTLS as these are all security related.
+ For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
+ (--enable-ares). Checks that test for the availability actually use
+ USE_ARES instead as that is the result of whether a-res is available or
+ not (in practice this does not matter as CARES is marked as required
+ package, but nevertheless it is better to write the intent).
- Additionally fixed numbering of the SSL and GnuTLS sections as they
- weren't consecutive.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Yang Tse (18 Mar 2013)
-- tests: specify 'text' mode for some output files in verify section
+- [Peter Wu brought this change]
-Steve Holme (17 Mar 2013)
-- imap: Fixed incorrect initial response generation for SASL AUTHENTICATE
+ cmake: build libhostname for test suite
- Fixed incorrect initial response generation for the NTLM and LOGIN SASL
- authentication mechanisms when the SASL-IR was detected.
+ Used by some test cases via LD_PRELOAD in order to fake the host name.
- Introduced in commit: 6da7dc026c14.
-
-- FEATURES: Expanded the supported enhanced IMAP command list
-
-- TODO: Corrected typo in TOC
-
-- TODO: Added IMAP section and removed unused Other protocols section
-
-- TODO: Added graceful base64 decoding failure to SMTP and POP3
-
-- TODO: Corrected typo on section 10.2 heading
-
-Yang Tse (16 Mar 2013)
-- tests: 96, 558, 1330: strip build subdirectory dependent leading path
-
-Steve Holme (15 Mar 2013)
-- TODO: Added section 10.2 Initial response to POP3 to do list
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- imap-tests: Corrected copy/paste error in test808 reply data
+- [Peter Wu brought this change]
-Yang Tse (15 Mar 2013)
-- unit1330.c: fix date
-
-- tests: add #96 #558 and #1330
+ cmake: fix HAVE_GETHOSTNAME definition
+
+ Otherwise Curl_gethostname always fails. Windows has gethostname
+ since Vista according to
+ http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but
+ accordings to byte_bucket's VC 2005 documentation, it is available even
+ in Windows 95. (possibly after installing a Platform SDK, the
+ Windows Server 2003 SP1 Platform SDK should be sufficient).
- These verfy that the 'memory tracking' subsystem is actually doing its
- job when using curl tool (#96), a test in libtest (#558) and also a unit
- test (#1330), in order to prevent regressions in this functionallity.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Steve Holme (15 Mar 2013)
-- imap-tests: Added test808 for custom EXAMINE command
+- [Peter Wu brought this change]
-Daniel Stenberg (15 Mar 2013)
-- HTTP proxy: insert slash in URL if missing
+ tests: fix libhostname visibility
- curl has been accepting URLs using slightly wrong syntax for a long
- time, such as when completely missing as slash "http://example.org" or
- missing a slash when a query part is given
- "http://example.org?q=foobar".
+ I noticed that a patched cmake build would pass tests with a fake local
+ hostname, but the autotools build skips them:
- curl would translate these into a legitimate HTTP request to servers,
- although as was shown in bug #1206 it was not adjusted properly in the
- cases where a HTTP proxy was used.
+ got unexpected host name back, LD_PRELOAD failed
- Test 1213 and 1214 were added to the test suite to verify this fix.
+ It turns out that -fvisibility=hidden hides the symbol, and since the
+ tests are not part of libcurl, it fails too. Just remove the LIBCURL
+ guard.
- The test HTTP server was adjusted to allow us to specify test number in
- the host name only without using any slashes in a given URL.
+ Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093,
+ "curl.h: stricter CURL_EXTERN linkage decorations logic").
- Bug: http://curl.haxx.se/bug/view.cgi?id=1206
- Reported by: ScottJi
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Steve Holme (14 Mar 2013)
-- ftpserver.pl: Added EXAMINE_imap() for IMAP EXAMINE commands
+- [Peter Wu brought this change]
+
+ tests: fix memleak in server/resolve.c
+
+ This makes LeakSanitizer happy.
- Used hard coded data from RFC-3501 section 6.3.2.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Yang Tse (14 Mar 2013)
-- curl_memory.h: introduce CURLX_NO_MEMORY_CALLBACKS usage possibility
+- configure: assume krb5 when gss-api works
- This commit alone does not fix anything nor modifies existing
- interfaces or behaviors, although it is a prerequisite for other
- fixes.
+ To please test 1014 while we work out if this is truly the a correct
+ assumption.
-- Makefile.vc6: add missing files
+Steve Holme (9 Nov 2014)
+- vtls.h: Fixed compiler warning when compiled without SSL
+
+ vtls.c:185:46: warning: unused parameter 'data'
-Linus Nielsen Feltzing (14 Mar 2013)
-- pipelining: Remove dead code.
+- RELEASE-NOTES: Synced with 2fbf23875f
-- Multiple pipelines and limiting the number of connections.
-
- Introducing a number of options to the multi interface that
- allows for multiple pipelines to the same host, in order to
- optimize the balance between the penalty for opening new
- connections and the potential pipelining latency.
+- ntlm: Added separate SSPI based functions
- Two new options for limiting the number of connections:
+ In preparation for moving the NTLM message code into the SASL module,
+ and separating the native code from the SSPI code, added functions that
+ simply call the functions in curl_ntlm_msg.c.
+
+- http_ntlm: Use the SASL functions instead
- CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
- to the same host. When adding a handle that exceeds this limit,
- that handle will be put in a pending state until another handle is
- finished, so we can reuse the connection.
+ In preparation for moving the NTLM message code into the SASL module
+ use the SASL functions in the HTTP code instead.
+
+Daniel Stenberg (9 Nov 2014)
+- libssh2: detect features based on version, not configure checks
- CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
- When adding a handle that exceeds this limit,
- that handle will be put in a pending state until another handle is
- finished. The free connection will then be reused, if possible, or
- closed if the pending handle can't reuse it.
+ ... so that non-configure builds get the correct functions too based on
+ the libssh2 version used.
+
+- [Nobuhiro Ban brought this change]
+
+ SSH: use the port number as well for known_known checks
- Several new options for pipelining:
+ ... if the libssh2 version is new enough.
- CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
- pipeline is "full" when a connection is to be reused, a new connection
- will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
- If not, the handle will be put in a pending state until a connection is
- ready (either free or a pipe got shorter).
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1448
+
+Steve Holme (9 Nov 2014)
+- INSTALL: Updated pre-processor references to the old VC6 project files
- CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
- be reused if it is currently processing a transfer with a content
- length that is larger than this.
+ Reworked the two sections that discuss modifying the Visual Studio pre-
+ processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
+ project files references as they have been superseded by a more thorough
+ set of project files for VC6 through VC12, but to also give the correct
+ reference to this setting in later versions of Visual Studio.
+
+- INSTALL: Added email protocols to the "Disabling in Win32 builds" section
+
+- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined
+
+- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
- CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
- be reused if it is currently processing a chunk larger than this.
+ USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
+ cryptography weren't disabled, and either a supporting cryptography
+ library or Windows SSPI was being compiled against.
- CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
- pipelining.
+ This means it was not possible to build libcurl without HTTP support
+ and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
+ than introduce a new SASL pre-processor definition, removed the HTTP
+ prerequisite just like USE_SPNEGO and USE_KRB5.
- CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
- pipelining.
+ Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
+ as it is only available to HTTP at present.
- See the curl_multi_setopt() man page for details.
+ This bug dates back to August 2011 when I started to add support for
+ NTLM to SMTP.
-Yang Tse (13 Mar 2013)
-- tool_main.c: remove redundant vms_show storage-class specifier
+- ntlm: Removed an unnecessary free of native Target Info
- vms_show 'extern' storage-class specifier removed from tool_main.c due to...
-
- - Advice from Tor Arntsen: http://curl.haxx.se/mail/lib-2013-03/0164.html
-
- - HP OpenVMS docs stating that 'Extern is the default storage class for
- variables declared outside a function.'
- http://h71000.www7.hp.com/commercial/c/docs/dec_c_help_5.html
- (Storage_Classes section)
+ Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
+ longer required.
-- test509: libcurl initialization with memory callbacks and actual usage
+- ntlm: Moved the native Target Info clean-up from HTTP specific function
-Steve Holme (13 Mar 2013)
-- pop3: Removed unnecessary transfer cancellation
-
- Following commit e450f66a02d8 and the changes in the multi interface
- being used internally, from 7.29.0, the transfer cancellation in
- pop3_dophase_done() is no longer required.
+- ntlm: Moved SSPI clean-up code into SASL module
-Yang Tse (13 Mar 2013)
-- Makefile.am: add VMS files not being included in tarball
+- Makefile.dist: Added support for WinIDN
-- [Tom Grace brought this change]
+- Makefile.vc6: Added support for WinIDN
- build_vms.com: VMS build fixes
-
- Added missing slash in cc_full_list.
- Removed unwanted extra quotes inside symbol tool_main
- for non-VAX architectures that triggered link failure.
- Replaced curl_sys_inc with sys_inc.
+- Makefile.dist: Added some missing SSPI configurations
-- [Tom Grace brought this change]
+- Makefile.dist: Separated the groups of SSL configurations from each other
- tool_main.c: fix VMS global variable storage-class specifier
-
- An extern submits a psect and a global reference to the linker to point
- to it. Using "extern int vms_show = 0" also creates a globaldef.
+- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts
+
+- curl.h: Tidy up of CURL_VERSION_* flags
- The use of the extern by itself does declare a psect but does not declare
- a globalsymbol. It does declare a globalref. But the linker needs one and
- only one globaldef or there is an error.
+ As the list has gotten a little messy and hard to read, especially with
+ the introduction of deprecated items, aligned the values and comments
+ into clean columns and reworked some of the comments in the process.
-Patrick Monnerat (12 Mar 2013)
-- OS400: synchronize RPG binding
+- curl_tool: Added krb5 to the supported features
-Steve Holme (12 Mar 2013)
-- pop3: Fixed continuous wait when using --ftp-list
-
- Don't initiate a transfer when using --ftp-list.
+- configure: Added krb5 to the supported features
+
+- version info: Added Kerberos V5 to the supported features
-Kamil Dudka (12 Mar 2013)
-- [Zdenek Pavlas brought this change]
+Guenter Knauf (7 Nov 2014)
+- mk-ca-bundle.vbs: switch to new certdata.txt url.
- curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
+Steve Holme (7 Nov 2014)
+- RELEASE-NOTES: Synced with dcad09e125
+
+- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
- The flag can be used in pycurl-based applications where using the multi
- interface would not be acceptable because of the performance lost caused
- by implementing the select() loop in python.
+ Fixed a couple of memory leaks as a result of moving code that used to
+ populate allocuserpwd and relied on it's clean up.
+
+- docs: Updated following the addition of SSPI based HTTP digest auth
+
+- sasl_sspi: Tidy up of the existing digest code
- Bug: http://curl.haxx.se/bug/view.cgi?id=1168
- Downstream Bug: https://bugzilla.redhat.com/919127
+ Following the addition of SSPI support for HTTP digest, synchronised
+ elements of the email digest code with that of the new HTTP code.
-- easy: do not ignore poll() failures other than EINTR
+- http_digest: Post SSPI support tidy up
+
+ Post tidy up to ensure commonality of code style and variable names.
-Yang Tse (12 Mar 2013)
-- curl.h: stricter CURL_EXTERN linkage decorations logic
+Dan Fandrich (6 Nov 2014)
+- test552: Don't run HTTP digest tests for SSPI based builds
- No API change involved.
+ Technical difficulties prevented this from going into the
+ previous commit.
+
+Steve Holme (6 Nov 2014)
+- tests: Don't run HTTP digest tests for SSPI based builds
- Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
+ Added !SSPI to the features list of the HTTP digest tests, as SSPI
+ based builds now use the Windows SSPI messaging API rather than the
+ internal functions, and we can't control the random numbers that get
+ used as part of the digest.
-Daniel Stenberg (11 Mar 2013)
-- THANKS: Latin-1'ified Jiri's name
+Daniel Stenberg (6 Nov 2014)
+- curl.1: show zone index use in a URL
-Steve Holme (11 Mar 2013)
-- test806: Added CRLF to reply data to be compliant with RFC-822
+Steve Holme (6 Nov 2014)
+- http_digest: Fixed auth retry loop when SSPI based authentication fails
-Daniel Stenberg (11 Mar 2013)
-- test805: added crlf newlines to make data size match
+- http_digest: Reworked the SSPI based input token storage
- since mails sent are supposed to have CRLF line endings I added them and
- now the data size after (\Seen) matches again properly
+ Reworked the input token (challenge message) storage as what is passed
+ to the buf and desc in the response generation are typically blobs of
+ data rather than strings, so this is more in keeping with other areas
+ of the SSPI code, such as the NTLM message functions.
-- test: fix newline for the data check of 807
+- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
+
+ Added void reference to unused 'data' parameter back to fix compilation
+ warning.
-Yang Tse (11 Mar 2013)
-- test801 to test807: fix protocol section line endings
+- sspi: Align definition values to even columns as we use 2 char spacing
-Steve Holme (10 Mar 2013)
-- Makefile.am: Corrected a couple of spurious tab characters
+- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
- Corrected a couple of tab characters between test702 and test703, and
- between test900 and test901 which should be spaces.
+ Some versions of Microsoft's sspi.h don't define this.
-- [Jiri Hruska brought this change]
+- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
+
+ Introduced in commit 7e6d51a73c these functions and definitions are only
+ required by the internal challenge-response functions now.
- imap: Added test807 for custom request functionality (STORE)
+- sasl_sspi: Added HTTP digest response generation code
-- [Jiri Hruska brought this change]
+- http_digest: Added SSPI based challenge decoding code
- imap: Added test806 for IMAP (folder) LIST command
+- http_digest: Added SSPI based clean-up code
-- [Jiri Hruska brought this change]
+- http_digest: Added SSPI based authentication functions
+
+ This temporarily breaks HTTP digest authentication in SSPI based builds,
+ causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
+ resume normal operation.
- imap: Added test805 for APPEND functionality
+- http_digest: Added required SSPI based variables to digest structure
-- [Jiri Hruska brought this change]
+Daniel Stenberg (6 Nov 2014)
+- [Frank Gevaerts brought this change]
- imap: Added test804 for skipping SELECT if in the same mailbox
+ contributors.sh: --releasenotes reads in names from RELEASE-NOTES
+
+ This is very handy when updating the RELEASE-NOTES as then we sometimes
+ have names added manually in the existing list and we use this script to
+ update the set.
-- [Jiri Hruska brought this change]
+- RELEASE-NOTES: synced with 68542e72a9
- imap: Added test802 and test803 for UIDVALIDITY verification
+- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
- Added one test for a request with matching UIDVALIDITY and one which is
- a mismatched request that will fail.
+ Reported-by: Christian Hägele
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
-- [Jiri Hruska brought this change]
+Steve Holme (5 Nov 2014)
+- build: Fixed Visual Studio project file generation of strdup.[c|h]
+
+ As the curl command-line tool now includes it's own version of strdup(),
+ for platforms that don't have it, fixed up the git respository Visual
+ Studio project file generator to not include the version from lib in the
+ tool project files, rather than having both lib\strdup.[c|h] and
+ src\tool_strdup.[c|h] present.
- imap: Added test801 for UID and SECTION URL parameters
+Daniel Stenberg (5 Nov 2014)
+- tool_strdup.c: include the tool strdup.h
+
+ ... not the lib/ one that the tool no longer uses!
-- [Jiri Hruska brought this change]
+- THANKS-filter: added another Michał Górny version we've used
- imap-tests: Accept quoted parameters in ftpserver.pl
+- contributors.sh: split lists using " and "
- Any IMAP parameter can come in escaped and in double quotes. Added a
- simple function to unquote the command parameters and applied it to
- the IMAP command handlers.
+ ... and require the space after the filtering to make the filter able to
+ remove names.
-- [Jiri Hruska brought this change]
+Steve Holme (5 Nov 2014)
+- http_digest: Fixed memory leaks from commit 6f8d8131b1
- tests: Fix ftpserver.pl indentation
+- sasl: Fixed compilation warning from commit 25264131e2
- The whole of FETCH_imap() had one extra space of indentation, whilst
- APPEND_imap() used indentation of 2 instead of 4 in places.
-
-- Makefile.am: Corrected end of line filler character
+ Added forward declaration of digestdata to overcome the following
+ compilation warning:
- The majority of lines, that specify a test file for inclusion, end with
- a tab character before the slash whilst some end with a space. Corrected
- those that end with a space to end with a tab character as well.
-
-- email-tests: Updated the test data that corresponds to the test number
+ warning: 'struct digestdata' declared inside parameter list
- Finished segregating the email protocol tests, into their own protocol
- based ranges, in preparation of adding more e-mail related tests to the
- test suite.
+ Additionally made the ntlmdata forward declaration dependent on
+ USE_NTLM similar to how digestdata and kerberosdata are.
-- email-tests: Renamed the IMAP test to be 800
+- sasl: Fixed HTTP digest challenges with spaces between auth parameters
- Continued segregating the email protocol tests, into their own protocol
- based ranges, in preparation of adding more e-mail related tests to the
- test suite.
+ Broken as part of the rework, in commit 7e6d51a73c, to assist with the
+ addition of HTTP digest via Windows SSPI.
-- email-tests: Renamed the SMTP tests to be in the range 900-906
+- http_digest: Fixed compilation errors from commit 6f8d8131b1
- Continued segregating the email protocol tests, into their own protocol
- based ranges, in preparation of adding more e-mail related tests to the
- test suite.
+ error: invalid operands to binary
+ warning: pointer targets in assignment differ in signedness
-- email-tests: Renamed the POP3 tests to be in the range 850-857
-
- Started segregating the email protocol tests, into their own protocol
- based ranges, in preparation of adding more e-mail related tests to the
- test suite.
+- http_digest: Moved response generation into SASL module
-Daniel Stenberg (10 Mar 2013)
-- hiperfifo: updated to use current libevent API
-
- Patch by: Myk Taylor
+- http_digest: Moved challenge decoding into SASL module
-Steve Holme (10 Mar 2013)
-- imap: Reworked some function descriptions
+- http_digest: Moved clean-up function into SASL module
-- imap: Added some missing comments to imap_sendf()
+- http_digest: Moved algorithm definitions to SASL module
-- email: Removed hard returns from init functions
+- [Gisle Vanem brought this change]
-Daniel Stenberg (9 Mar 2013)
-- curl_multi_wait: avoid second loop if nothing to do
+ ssh: Fixed build on platforms where R_OK is not defined
- ... hopefully this will also make clang-analyzer stop warning on
- potentional NULL dereferences (which were false positives anyway).
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
+ Reported-by: Jan Ehrhardt
-- multi_runsingle: avoid NULL dereference
+- strdup: Removed irrelevant comment
- When Curl_do() returns failure, the connection pointer could be NULL so
- the code path following needs to that that into account.
-
- Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html
- Reported by: Eric Hu
+ ...as Curl_memdup() duplicates an area of fix size memory, that may be
+ binary, and not a null terminated string.
-Steve Holme (9 Mar 2013)
-- imap: Re-factored all perform based functions
+- url.c: Fixed compilation warning
- Standardised the naming of all perform based functions to be in the form
- imap_perform_something().
-
-Daniel Stenberg (9 Mar 2013)
-- [Cédric Deltheil brought this change]
+ conversion from 'curl_off_t' to 'size_t', possible loss of data
- examples/getinmemory.c: abort the transfer if not enough memory
+- http_digest: Use CURLcode instead of CURLdigest
- No more use exit(3) but instead tell libcurl that no byte has been
- written to let it return a `CURLE_WRITE_ERROR`. In addition, check
- curl easy handle return code.
+ To provide consistent behaviour between the various HTTP authentication
+ functions use CURLcode based error codes for Curl_input_digest()
+ especially as the calling code doesn't use the specific error code just
+ that it failed.
-- RELEASE-NOTES: synced with ca3c0ed3a9c
+Daniel Stenberg (5 Nov 2014)
+- contributors.sh: filter common alternative name spellings
- 8 more bugfixes, one change and a bunch of contributors
+ docs/THANKS-filter is a new filter file for converting contributor names
+ we get or have recorded in alternative formats to the one we already use
+ in THANKS. To help us show individual contributors using a single
+ presentation of their names.
-Yang Tse (9 Mar 2013)
-- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
+- THANKS: added missing contributor from 2012
-Steve Holme (9 Mar 2013)
-- imap: Added description comments to all perform based functions
+- [Frank Gevaerts brought this change]
-- imap: Removed the need for separate custom request functions
+ Remove duplicate names.
- Moved the custom request processing into the LIST command as the logic
- is the same.
-
-- imap: Corrected typo in comment
-
-Yang Tse (9 Mar 2013)
-- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
+ The removed names also appear as:
+ Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
+ Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
+ S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
-Steve Holme (9 Mar 2013)
-- imap: Moved imap_logout() to be grouped with the other perform functions
-
-- email: Updated the function descriptions for the logout / quit functions
+Steve Holme (5 Nov 2014)
+- sspi: Define authentication package name constants
+
+ These were previously hard coded, and whilst defined in security.h,
+ they may or may not be present in old header files given that these
+ defines were never used in the original code.
- Updated the function description comments following commit 4838d196fdbf.
+ Not only that, but there appears to be some ambiguity between the ANSI
+ and UNICODE NTLM definition name in security.h.
-- email: Simplified the logout / quit functions
+Patrick Monnerat (5 Nov 2014)
+- Adjust OS400-specific support to last release
+
+Daniel Stenberg (5 Nov 2014)
+- THANKS: added two missing names and removed a duplicate
- Moved the blocking state machine to the disconnect functions so that the
- logout / quit functions are only responsible for sending the actual
- command needed to logout or quit.
+ ./contributors.sh found these extra ones that somehow had fallen
+ through the cracks and never gotten added here.
- Additionally removed the hard return on failure.
+ Reported-by: Frank Gevaerts
-- email: Tidied up the *_regular_transfer() functions
-
- Added comments and simplified convoluted dophase_done comparison.
+- bump: towards next release
-- email: Simplified nesting of if statements in *_doing() functions
+- THANKS: added names from 7.39.0 release notes
-Daniel Stenberg (8 Mar 2013)
-- RELEASE-NOTES: mention that krb4 is up for consideration
+Version 7.39.0 (5 Nov 2014)
-Steve Holme (8 Mar 2013)
-- imap: Fixed handling of untagged responses for the STORE custom command
-
- Added an exception, for the STORE command, to the untagged response
- processor in imap_endofresp() as servers will back respones containing
- the FETCH keyword instead.
+Daniel Stenberg (5 Nov 2014)
+- RELEASE-NOTES: 7.39.0 release (commit b3875606925)
-Yang Tse (8 Mar 2013)
-- curlbuild.h.dist: enhance non-configure GCC ABI detection logic
+- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
- GCC specific adjustments:
+ When duplicating a handle, the data to post was duplicated using
+ strdup() when it could be binary and contain zeroes and it was not even
+ zero terminated! This caused read out of bounds crashes/segfaults.
- - check __ILP32__ before 32 and 64bit processor architectures in
- order to detect ILP32 programming model on 64 bit processors
- which, of course, also support LP64 programming model, when using
- gcc 4.7 or newer.
+ Since the lib/strdup.c file no longer is easily shared with the curl
+ tool with this change, it now uses its own version instead.
- - keep 32bit processor architecture checks in order to support gcc
- versions older than 4.7 which don't define __ILP32__
+ Bug: http://curl.haxx.se/docs/adv_20141105.html
+ CVE: CVE-2014-3707
+ Reported-By: Symeon Paraschoudis
+
+- lib544.c: use duphandle for test 545
- - check __LP64__ for gcc 3.3 and newer, while keeping 64bit processor
- architecture checks for older versions which don't define __LP64__
+ To verify that curl_easy_duphandle() works fine on a handle that has
+ gotten data stored with *_COPYPOSTFIELDS.
-- curlbuild.h.dist: fix GCC build on ARM systems without configure script
+- tests: add new feature 'SSLpinning'
- Bug: http://curl.haxx.se/bug/view.cgi?id=1205
- Reported by: technion
+ ... and make test 2034 and 2035 require it, and have it set when built
+ with OpenSSL or GnuTLS.
-- [Gisle Vanem brought this change]
+- buildconf: update copyright year
- polarssl.c: fix header filename typo
+Steve Holme (4 Nov 2014)
+- INSTALL: Consistent spacing in section headings, paragraphs and examples
-- configure: use XC_LIBTOOL for portability across libtool versions
+Daniel Stenberg (4 Nov 2014)
+- buildconf: stop checking for libtool
+
+ As we only use libtoolize, only check for that!
-- xc-lt-iface.m4: provide XC_LIBTOOL macro
+Steve Holme (4 Nov 2014)
+- INSTALL: Corrected MIT Kerberos and Heimdal package names
-Steve Holme (7 Mar 2013)
-- imap: Fixed SELECT not being performed for custom requests
+- README: Corrected inconsistent use of --help
-- email: Minor code tidy up following recent changes
+- INSTALL: Use GSS-API rather than GSSAPI
- Removed unwanted braces and added variable initialisation.
+ As implementations are refereed to GSS-API libraries as per the RFC and
+ GSSAPI typically refers to the SASL authentication mechanism.
+
+ ...and minor rewording on the same paragraph.
-- DOCS: Corrected the IMAP URL grammar of the UIDVALIDITY parameter
+- README: Added note about using Visual Studio projects out of git repository
-- FEATURES: Provided a little clarity in some IMAP features
+Daniel Stenberg (4 Nov 2014)
+- [K. R. Walker brought this change]
-- email: Optimised block_statemach() functions
+ cmake: fix ZLIB_INCLUDE_DIRS use
- Optimised the result test in each of the block_statemach() functions.
-
-- DOCS: Added the list command to the IMAP URL section
+ CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
+ http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
- Added examples of the list command and clarified existing example URLs
- following recent changes.
+ Bug: https://github.com/bagder/curl/pull/123
-- FEATURES: Updated for recent imap additions
+- [Jay Satiro brought this change]
+
+ SSL: PolarSSL default min SSL version TLS 1.0
- Updated the imap features list, corrected a typo in the smtp features
- and clarified a pop3 feature.
+ - Prior to this change no SSL minimum version was set by default at
+ runtime for PolarSSL. Therefore in most cases PolarSSL would probably
+ have defaulted to a minimum version of SSLv3 which is no longer secure.
-Daniel Stenberg (7 Mar 2013)
-- version bump: the next release will be 7.30.0
+- opts-Makefile: put more man pages into dist and make hmtl+pdf
-- checksrc: ban unsafe functions
-
- The list of unsafe functions currently consists of sprintf, vsprintf,
- strcat, strncat and gets.
+- curl_multi_setopt.3: refer to stand-alone pages
- Subsequently, some existing code needed updating to avoid warnings on
- this.
+ ... instead of duplicating info.
-Steve Holme (7 Mar 2013)
-- RELEASE-NOTES: Added missing imap fixes and additions
+- opts: more multi options as stand-alone man pages
+
+- Makefile.am: two cmake files are gone
- With all the recent imap changes it wasn't clear what new features and
- fixes should be included in the release notes.
+ 8cb010144 removed the CurlCheckCSourceCompiles.cmake and
+ CurlCheckCSourceRuns.cmake files
-Nick Zitzmann (6 Mar 2013)
-- RELEASE-NOTES: brought this up-to-date with the latest changes
+- opts: made stand-alone man-pages for several multi options
-Steve Holme (6 Mar 2013)
-- [Jiri Hruska brought this change]
+- [Carlo Wood brought this change]
- imap: Fixed test801 and test1321 to specify a message UID
+ Curl_single_getsock: fix hold/pause sock handling
- Just a folder list would be retrieved if UID was not specified now.
+ The previous condition that checked if the socket was marked as readable
+ when also adding a writable one, was incorrect and didn't take the pause
+ bits properly into account.
-- [Jiri Hruska brought this change]
+- [Peter Wu brought this change]
- imap: Fixed ftpserver.pl to allow verification even through LIST command
+ cmake: fix struct sockaddr_storage check
- Commit 198012ee inadvertently broke LIST_imap().
-
-- imap: Tidied up the APPEND and final APPEND response functions
+ CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
+ was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
+ of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
+ to affect the tests, so remove it too[2].
- Removed unnecessary state changes on failure and setting of result codes
- on success.
-
-- imap: Tidied up the final FETCH response function
+ For the non-windows case, remove inet headers as POSIX only requires
+ sys/socket.h.
- Removed unnecessary state change on failure and setting of result code on
- success.
-
-- imap: Tidied up the LIST response function
+ [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
+ [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
- Reworked comments as they referenced custom commands, removed
- unnecessary state change on failure and setting of result code on
- success.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- imap: Removed the custom request response function
+- [Peter Wu brought this change]
+
+ cmake: clean OtherTests, fixing -Werror
+
+ There were several -Wunused warnings and one duplicate macro definition.
+ The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
+ abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
+ insert extra C code. Avoid this broken abstraction and use cmake's
+ check_c_source_compiles directly (works fine with CMake 2.8, maybe
+ even cmake 2.6).
+
+ After cleaning up all related variables (EXTRA_DEFINES,
+ HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
+ add_headers_include macro and remove duplicate header additions before
+ the struct timeval check.
+
+ Oh, and now the code is converted to use CheckCSourceRuns and
+ CheckCSourceCompiles, the two curl-specific helpers can be removed.
+ Unfortunately, the cmake output is now slightly more verbose. Before:
- Removed imap_state_custom_resp() as imap_state_list_resp() provides the
- same functionality.
+ Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
+ Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
+
+ Since check_c_source_compiles prints the varname, now you see:
+
+ Performing Test curl_cv_func_send_test
+ Performing Test curl_cv_func_send_test - Failed
+ Tested: int send(int, const void *, size_t, int)
+
+ Compared cmake output with each other using vimdiff, no functional
+ differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Jiri Hruska brought this change]
+- [Peter Wu brought this change]
- imap: Updated ftpserver.pl to be more compliant, added new commands
+ cmake: fix gethostby{addr,name}_r in CurlTests
- Enriched IMAP capabilities of ftpserver.pl in order to be able to
- add tests for the new IMAP features.
+ This patch cleans up the automatically-generated (?) code and fixes one
+ case that will always fail due to syntax error.
- * Added support for APPEND - Saves uploaded data to log/upload.$testno
- * Added support for LIST - Returns the contents of <reply/> section in
- the current test, like e.g FETCH.
- * Added support for STORE - Returns hardcoded updated flags
- * Changed handling of SELECT - Returns much more information in the
- usual set of untagged responses; uses hardcoded data from an example
- in the IMAP RFC
- * Changed handling of FETCH - Fixed response format
-
-- imap: Added check for empty UID in FETCH command
+ HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
+ character ("int length;q"). Several parameter type and unused variable
+ warnings popped up. This causes a detection failure with -Werror.
- As the UID has to be specified by the user for the FETCH command to work
- correctly, added a check to imap_fetch(), although strictly speaking it
- is protected by the call from imap_perform().
-
-Kamil Dudka (6 Mar 2013)
-- nss: fix misplaced code enabling non-blocking socket mode
+ Observe that the REENTRANT cases are exactly the same as their
+ non-REENTRANT cases except for a `_REENTRANT` macro definition.
+ Merge all these pieces and build one big main function with different
+ cases, but reusing variables where logical.
- The option needs to be set on the SSL socket. Setting it on the model
- takes no effect. Note that the non-blocking mode is still not enabled
- for the handshake because the code is not yet ready for that.
-
-Daniel Stenberg (6 Mar 2013)
-- imap: fix compiler warning
+ For the cases where the parameters where NULL, I looked at
+ lib/hostip4.c to get an idea of the parameters types.
- imap.c:694:21: error: unused variable 'imapc' [-Werror=unused-variable]
-
-Steve Holme (5 Mar 2013)
-- imap: Added support for list command
+ void-cast variables such as 'rc' to avoid -Wuninitialized errors.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- imap: Added list perform and response handler functions
+- [Peter Wu brought this change]
-- imap: Introduced IMAP_LIST state
+ cmake: drop _BSD_SOURCE macro usage
+
+ autotools does not use features.h nor _BSD_SOURCE. As this macro
+ triggers warnings since glibc 2.20, remove it. It should not have
+ functional differences.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- imap: Small tidy up of imap_select() to match imap_append()
+Steve Holme (2 Nov 2014)
+- RELEASE-NOTES: Synced with d71ea7c01e
- Updated the style of imap_select() before adding the LIST command.
+ Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
+ as GSSAPI can be confused with the authentication mechanism rather than
+ a GSS-API implementation library such as MIT or Heimdal.
-- imap: Moved mailbox check from the imap_do() function
+- build: Added WinIDN build configuration options
- In preparation for the addition of the LIST command, moved the mailbox
- check from imap_do() to imap_select() and imap_append().
+ Added support for WinIDN build configurations to the VC6 project files.
-- curl_setup.h: Added S_IRDIR() macro for compilers that don't support it
+- build: Added WinIDN build configuration options
- Commit 26eaa8383001 introduces the use of S_ISDIR() yet some compilers,
- such as MSVC don't support it, so we must define a substitute using
- file flags and mask.
+ Added support for WinIDN build configurations to the VC7 and VC7.1
+ project files.
-Daniel Stenberg (4 Mar 2013)
-- AddFormData: prevent only directories from being posted
+- build: Fixed the pre-processor separator in Visual Studio project files
- Commit f4cc54cb4746ae5a6d (shipped as part of the 7.29.0 release) was a
- bug fix that introduced a regression in that while trying to avoid
- allowing directory names, it also forbade "special" files like character
- devices and more. like "/dev/null" as was used by Oliver who reported
- this regression.
+ A left over from the VC6 project files, so mainly cosmetic in Visual
+ Studio .NET as it can handle both comma and semi-colon characters for
+ separating multiple pre-processor definitions.
- Reported by: Oliver Gondža
- Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html
-
-Nick Zitzmann (3 Mar 2013)
-- darwinssl: fix infinite loop if server disconnected abruptly
+ However, the IDE uses semi-colons if the value is edited, and as such,
+ this may cause problems in future for anyone updating the files or
+ merging patches.
- If the server hung up the connection without sending a closure alert,
- then we'd keep probing the socket for data even though it's dead. Now
- we're ready for this situation.
+ Used the Visual Studio IDE to correct the separator character.
+
+- build: Added optional specific version generation of VC project files
- Bug: http://curl.haxx.se/mail/lib-2013-03/0014.html
- Reported by: Aki Koskinen
+ ..when working from the git repository. This is particularly useful
+ for single development environments where the project files for all
+ supported versions of Visual Studio may not be required.
+
+- [Jay Satiro brought this change]
-Steve Holme (3 Mar 2013)
-- imap: Added comments to imap_append()
+ build-openssl.bat: Fix x64 release build
+
+ Prior to this change if x64 release was specified a failed attempt was
+ made to build x86 release instead.
-- [Jiri Hruska brought this change]
+- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number
- imap: Added required mailbox check for FETCH and APPEND commands
+- CURLOPT_SASL_IR.3: Added supported mechanism information
+
+ ...and removed duplication of what protocols are supported from the
+ description text.
-- pingpong.c: Fix enumerated type mixed with another type
+- opts: Use common wording for MAIL related names
-- smtp: Updated the coding style for state changes after a send operation
+- opts: Use common wording for TLS user/password option names
- Some state changes would be performed after a failure test that
- performed a hard return, whilst others would be performed within a test
- for success. Updated the code, for consistency, so all instances are
- performed within a success test.
+ ...and revised the proxy wording a little as well.
-- pop3: Updated the coding style for state changes after a send operation
+- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
- Some state changes would be performed after a failure test that
- performed a hard return, whilst others would be performed within a test
- for success. Updated the code, for consistency, so all instances are
- performed within a success test.
+ ...and corrected a related typo in curl_easy_setopt.3.
-- imap: Fixed typo in variable assignment
+Guenter Knauf (2 Nov 2014)
+- RELEASE-NOTES: removed obsolete entry; fixed entry.
-- [Jiri Hruska brought this change]
+Steve Holme (2 Nov 2014)
+- RELEASE-NOTES: Synced with e7da67f5d3
- imap: Fixed custom request handling in imap_done()
+- docs: Added mention of Kerberos for CURL_VERSION_SSPI
- Fixed imap_done() so that neither the FINAL states are not entered when
- a custom command has been performed.
+ As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
+ POP3 and SMTP authentication since v7.38.0.
-- [Jiri Hruska brought this change]
-
- imap: Enabled custom requests in imap_select_resp()
+- CURL_VERSION_KERBEROS4: Mark as deprecated
- Changed imap_select_resp() to invoke imap_custom() instead of
- imap_fetch() after the mailbox has been selected if a custom
- command has been set.
-
-- [Jiri Hruska brought this change]
+ Support for Kerberos V4 was removed in v7.33.0.
- imap: Enabled custom requests in imap_perform()
+- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
- Modified imap_perform() to start with the custom command instead of
- SELECT when a custom command is to be performed and no mailbox has
- been given.
+ Typically the USE_WINDOWS_SSPI definition would not be used when the
+ CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
+ configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
+ data structures and functions would incorrectly be used when they
+ shouldn't be.
+
+ Introduced a new USE_KRB5 definition that takes into account the use of
+ CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
-- [Jiri Hruska brought this change]
+- openssl: Use 'CURLcode result'
+
+ More CURLcode fixes.
- imap: Added custom request perform and response handler functions
+Daniel Stenberg (1 Nov 2014)
+- resume: consider a resume from [content-length] to be OK
- Added imap_custom(), which initiates the custom command processing,
- and an associated response handler imap_state_custom_resp(), which
- handles any responses by sending them to the client as body data.
+ Basically since servers often then don't respond well to this and
+ instead send the full contents and then libcurl would instead error out
+ with the assumption that the server doesn't support resume. As the data
+ is then already transfered, this is now considered fine.
- All untagged responses with the same name as the first word of the
- custom request string are accepted, with the exception of SELECT and
- EXAMINE which have responses that cannot be easily identified. An
- extra check has been provided for them so that any untagged responses
- are accepted for them.
-
-- pop3: Fixed unnecessary parent structure reference
+ Test case 1434 added to verify this. Test case 1042 slightly modified.
- Updated pop3 code following recent imap changes.
-
-- [Jiri Hruska brought this change]
+ Reported-by: hugo
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1443
- imap: Added custom request parsing
+Steve Holme (1 Nov 2014)
+- openssl: Use 'CURLcode result'
- Added imap_parse_custom_request() for parsing the CURLOPT_CUSTOMREQUEST
- parameter which URL decodes the value and separates the request from
- any parameters - This makes it easier to filter untagged responses
- by the request command.
+ More standardisation of CURLcode usage and coding style.
-- [Jiri Hruska brought this change]
-
- imap: Introduced custom request parameters
+- openssl: Use 'CURLcode result'
- Added custom request parameters to the per-request structure.
+ ...and some minor code style changes.
-- [Jiri Hruska brought this change]
+- ftplistparser: We prefer 'CURLcode result'
- imap: Introduced IMAP_CUSTOM state
+- opts: Use common wording for user/password option names
-- imap: Minor code tidy up
+- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
- Minor tidy up of code layout and comments following recent changes.
+ As this is covered by the PROTOCOLS section and saves having to update
+ two parts of the document with the same information in future.
-- imap: Simplified the imap_state_append_resp() function
+- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
- Introduced the result code variable to simplify the state changes and
- remove the hard returns.
+ As implementations are refereed to GSS-API libraries as per the RFC and
+ GSSAPI typically refers to an authentication mechanism.
-- imap: Changed successful response logic in imap_state_append_resp()
+- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
- For consistency changed the logic of the imap_state_append_resp()
- function to test for an unsucessful continuation response rather than a
- succesful one.
+ Added missing IMAP to the protocol list.
+
+- code cleanup: Use 'CURLcode result'
-- imap: Standardised imapcode condition tests
+- curl_easy_setopt.3: Fixed lots of typos
+
+- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
- For consistency changed two if(constant != imapcode) tests to be
- if(imapcode != constant).
+ ...as this option affects more that just FTP.
-- imap: Moved imap_append() to be with the other perform functions
+Guenter Knauf (30 Oct 2014)
+- build: added Watcom support to build with WinSSL.
-- [Jiri Hruska brought this change]
+Daniel Stenberg (30 Oct 2014)
+- CURLOPT_PINNEDPUBLICKEY.3: added details
- imap: Enabled APPEND support in imap_perform()
+Steve Holme (30 Oct 2014)
+- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
- Added logic in imap_perform() to perform an APPEND rather than SELECT
- and FETCH if an upload has been specified.
+ Whilst the description included information about SMTP, the protocol
+ list only showed "TTP, FTP, IMAP, POP3".
-- [Jiri Hruska brought this change]
+- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3
- imap: Implemented APPEND final processing
+Daniel Stenberg (29 Oct 2014)
+- openssl: enable NPN separately from ALPN
- The APPEND operation needs to be performed in several steps:
- 1) We send "<tag> APPEND <mailbox> <flags> {<size>}\r\n"
- 2) Server responds with continuation respose "+ ...\r\n"
- 3) We start the transfer and send <size> bytes of data
- 4) Only now we end the request command line by sending "\r\n"
- 5) Server responds with "<tag> OK ...\r\n"
+ ... and allow building with nghttp2 but completely without NPN and ALPN,
+ as nghttp2 can still be used for plain-text HTTP.
- This commit performs steps 4 and 5, in the DONE phase, as more
- processing is required after the transfer.
-
-- [Jiri Hruska brought this change]
+ Reported-by: Lucas Pardue
- imap: Added APPEND perform and response handler functions
+- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
- Added imap_append() function to initiate upload and imap_append_resp()
- to handle the continuation response and start the transfer.
+ ... since the conditional in the code are now based on OpenSSL versions
+ instead to better support non-configure builds.
-- [Jiri Hruska brought this change]
+- opts: added some "SEE ALSO" references
- imap: Introduced IMAP_APPEND and IMAP_APPEND_FINAL states
+Steve Holme (29 Oct 2014)
+- RELEASE-NOTES: Synced with 32913182dc
-- [Jiri Hruska brought this change]
+- vtls.c: Fixed compilation warning
+
+ conversion from 'size_t' to 'unsigned int', possible loss of data
- imap: Updated setting of transfer variables in imap_state_fetch_resp()
+- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
- Add number of bytes retrieved from the PP cache to req.bytecount and set
- req.maxdownload only when starting a proper download.
+ Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
+ acquiring the credentials handle fails. This is then consistent with
+ the code prior to commit f7e24683c4 when log-in credentials were empty.
-- [Jiri Hruska brought this change]
+- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
+
+ Fixed the ability to use the current log-in credentials with DIGEST-MD5.
+ I had previously disabled this functionality in commit 607883f13c as I
+ couldn't get this to work under Windows 8, however, from testing HTTP
+ Digest authentication through Windows SSPI and then further testing of
+ this code I have found it works in Windows 7.
+
+ Some further investigation is required to see what the differences are
+ between Windows 7 and 8, but for now enable this functionality as the
+ code will return an error when AcquireCredentialsHandle() fails.
- imap: Improved FETCH response parsing
+Kamil Dudka (29 Oct 2014)
+- transfer: drop the code handling the ssl_connect_retry flag
- Added safer parsing of the untagged FETCH response line and the size of
- continuation data.
+ Its last use has been removed by the previous commit.
-- imap: Fixed accidentally lossing the result code
+- nss: drop the code for libcurl-level downgrade to SSLv3
- Accidentally lost the result code in imap_state_capability() and
- imap_state_login() with commit b06a78622609.
+ This code was already deactivated by commit
+ ec783dc142129d3860e542b443caaa78a6172d56.
-- imap: Another minor comment addition / tidy up
+- openssl: fix a line length warning
-- imap: Updated the coding style for state changes after a send operation
-
- Some state changes would be performed after a failure test that
- performed a hard return, whilst others would be performed within a test
- for success. Updated the code, for consistency, so all instances are
- performed within a success test.
+Guenter Knauf (29 Oct 2014)
+- Added NetWare support to build with nghttp2.
-- pop3 / smtp: Small comment tidy up
+- Fixed error message since we require ALPN support.
+
+- Check for ALPN via OpenSSL version number.
- Small tidy up to keep some comments consistant across each of the email
- protocols.
+ This check works also with to non-configure platforms.
-- [Jiri Hruska brought this change]
+Steve Holme (28 Oct 2014)
+- sasl_sspi: Fixed typo in comment
- imap: FETCH response handler cleanup before further changes
-
- Removed superfluous NULL assignment after Curl_safefree() and rewrote
- some comments and logging messages.
+- code cleanup: We prefer 'CURLcode result'
-- pop3: Small tidy up of function arguments
+Daniel Stenberg (28 Oct 2014)
+- TODO: consider supporting STAT
-- imap: Small tidy up of function arguments
+- mk-ca-bundle: spell fix "version"
-- smtp: Corrected debug message for POP3_AUTH_FINAL constant
+- HTTP: return larger than 3 digit response codes too
- Following commit ad3177da24b8 corrected the debug message in state()
- from AUTH to AUTH_FINAL.
+ HTTP 1.1 is clearly specified to only allow three digit response codes,
+ and libcurl used sscanf("%3d") for that purpose. This made libcurl
+ support smaller numbers but not larger. It does now, but we will not
+ make any specific promises nor document this further since it is going
+ outside of what HTTP is.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1441
+ Reported-by: Balaji
-- pop3: Corrected debug message for POP3_AUTH_FINAL constant
+- src/: remove version.h.dist from gitignore
- Following commit afad1ce753a1 corrected the debug message in state()
- from AUTH to AUTH_FINAL.
+ It has not been used since commit f7bfdbab in 2011
-- imap: Corrected debug message for IMAP_AUTHENTICATE_FINAL constant
+Steve Holme (26 Oct 2014)
+- ntlm: We prefer 'CURLcode result'
- Following commit 13006f3de9ec corrected the debug message in state()
- from AUTHENTICATE to AUTHENTICATE_FINAL.
+ Continuing commit 0eb3d15ccb more return code variable name changes.
+
+Guenter Knauf (26 Oct 2014)
+- Cosmetics: lowercase non-special subroutine names.
-- [Jiri Hruska brought this change]
+Steve Holme (26 Oct 2014)
+- RELEASE-NOTES: Synced with 07ac29a058
- imap: Fixed error code returned for invalid FETCH response
+- http_negotiate: We prefer 'CURLcode result'
- If the FETCH command does not result in an untagged response the the
- UID is probably invalid. As such do not return CURLE_OK.
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- [Jiri Hruska brought this change]
+- http_negotiate: Fixed missing check for USE_SPNEGO
- imap: Added processing of the final FETCH responses
-
- Not processing the final FETCH responses was not optimal, not only
- because the response code would be ignored but it would also leave data
- unread on the socket which would prohibit connection reuse.
+- sspi: Synchronization of cleanup code between auth mechanisms
-- [Jiri Hruska brought this change]
+- sspi: Renamed max token length variables
+
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
- imap: Introduced FETCH_FINAL state for processing final fetch responses
+- sspi: Renamed expiry time stamp variables
- A typical FETCH response can be broken down into four parts:
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
+
+- sspi: Only call CompleteAuthToken() when complete is needed
- 1) "* <uid> FETCH (<what> {<size>}\r\n", using continuation syntax
- 2) <size> bytes of the actual message
- 3) ")\r\n", finishing the untagged response
- 4) "<tag> OK ...", finishing the command
+ Don't call CompleteAuthToken() after InitializeSecurityContext() has
+ returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
+ function should be called again after receiving a response back from
+ the server.
- Part 1 is read in imap_fetch_resp(), part 2 is consumed in the PERFORM
- phase by the transfer subsystem, parts 3 and 4 are currently ignored.
+ This only affected the Digest and NTLM authentication code.
-- imap: fix autobuild warning
+Dan Fandrich (26 Oct 2014)
+- Added the "flaky" keyword to a number of tests
- Removed whitespace from imap_perform()
+ Each shows evidence of flakiness on at least one platform on
+ the autobuilds. Users can use this keyword to skip these tests
+ if desired.
-- imap: fix compiler warning
+Steve Holme (26 Oct 2014)
+- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
- error: declaration of 'imap' shadows a previous local
+ For consistency with other areas of the NTLM code propagate all errors
+ from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
+ CURLE_OUT_OF_MEMORY.
+
+- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
-- smtp: Re-factored the final SMTP_AUTH constant
+- ntlm: Use 'CURLcode result'
- Changed the final SMTP_AUTH constant to SMTP_AUTH_FINAL for consistency
- with the response function.
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- pop3: Re-factored the final POP3_AUTH constant
+- ntlm: Only define ntlm data structure when USE_NTLM is defined
+
+- ntlm: Changed handles to be dynamic like other SSPI handles
- Changed the final POP3_AUTH constant to POP3_AUTH_FINAL for consistency
- with the response function.
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- imap: Re-factored final IMAP_AUTHENTICATE constant
+- ntlm: Renamed handle variables to match other SSPI structures
- Changed the final IMAP_AUTHENTICATE constant to IMAP_AUTHENTICATE_FINAL
- for consistency with the response function.
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- imap: Updated the coding style of imap_state_servergreet_resp()
+- ntlm: Renamed SSPI based input token variables
- Updated the coding style, in this function, to be consistant with other
- response functions rather then performing a hard return on failure.
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- imap: Reversed the logic of the (un)successful tagged SELECT response
+- ntlm: We prefer 'CURLcode result'
- Reversed the logic of the unsuccessful vs successful tagged SELECT
- response in imap_state_select_resp() to be more logical to read.
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- imap: Reversed the logic of the (un)successful tagged CAPABILITY response
+- build: Added WinIDN build configuration options
- Reversed the logic of the unsuccessful vs successful tagged CAPABILITY
- response in imap_state_capability_resp() to be more logical to read.
+ Added support for WinIDN build configurations to the VC8 and VC9
+ project files.
-- imap: Corrected char* references with char *
+Nick Zitzmann (24 Oct 2014)
+- darwinssl: detect possible future removal of SSLv3 from the framework
- Corrected char* references made in commit: 709b3506cd9b.
+ If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
-- [Jiri Hruska brought this change]
+Patrick Monnerat (24 Oct 2014)
+- gskit.c: remove SSLv3 from SSL default.
- imap: Added processing of more than one response when sent in same packet
-
- Added a loop to imap_statemach_act() in which Curl_pp_readresp() is
- called until the cache is drained. Without this multiple responses
- received in a single packet could result in a hang or delay.
+- gskit.c: use 'CURLcode result'
-- [Jiri Hruska brought this change]
+Daniel Stenberg (24 Oct 2014)
+- [Jay Satiro brought this change]
- imap: Added skipping of SELECT command if already in the same mailbox
+ SSL: Remove SSLv3 from SSL default due to POODLE attack
- Added storage and checking of the last mailbox userd to prevent
- unnecessary switching.
+ - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
+ openssl effectively making the default TLS 1.x. axTLS is not affected
+ since it supports only TLS, and gnutls is not affected since it already
+ defaults to TLS 1.x.
+
+ - Update CURLOPT_SSLVERSION doc
-- [Jiri Hruska brought this change]
+- pipelining: only output "is not blacklisted" in debug builds
- imap: Introduced the mailbox variable
-
- Added the mailbox variable to the per-connection structure in
- preparation for checking for an already selected mailbox.
+- *.3: add/extend "SEE ALSO" sections
-- email: Slight reordering of connection based variables
-
- Reordered the state and ssl_done variables in order to provide more
- consistency between the email protocols as well as for for an upcoming
- change.
+- curl_easy_pause.3: minor wording edit
-- imap: Tidied up comments for connection based variables
+- curl_getdate.3: provide a "SEE ALSO" section
-- DOCS: Added the IMAP UIDVALIDITY property to the CURLOPT_URL section
+- curl_global_init.3: minor formatting fix, add version info
-- [Jiri Hruska brought this change]
+- url.c: use 'CURLcode result'
- imap: Added verification of UIDVALIDITY mailbox attribute
+- code cleanup: we prefer 'CURLcode result'
+
+ ... for the local variable name in functions holding the return
+ code. Using the same name universally makes code easier to read and
+ follow.
- Added support for checking the UIDVALIDITY, and aborting the request, if
- it has been specified in the URL and the server response is different.
+ Also, unify code for checking for CURLcode errors with:
+
+ if(result) or if(!result)
+
+ instead of
+
+ if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
-- [Jiri Hruska brought this change]
+- Curl_add_timecondition: skip superfluous varible assignment
+
+ Detected by cppcheck.
- imap: Added support for parsing the UIDVALIDITY property
+- Curl_pp_flushsend: skip superfluous assignment
- Added support for parsing the UIDVALIDITY property from the SELECT
- response and storing it in the per-connection structure.
+ Detected by cppcheck.
-- [Jiri Hruska brought this change]
+- Curl_pp_readresp: remove superfluous assignment
+
+ Variable already assigned a few lines up.
+
+ Detected by cppcheck.
- imap: Introduced the mailbox_uidvalidity variable
+- Curl_proxyCONNECT: remove superfluous statement
- Added the mailbox_uidvalidity variable to the per-connection structure
- in preparation for checking the UIDVALIDITY mailbox attribute.
+ The variable is already assigned, skip the duplicate assignment.
+
+ Pointed out by cppcheck.
-- imap: Corrected comment in imap_endofresp()
+Guenter Knauf (24 Oct 2014)
+- Added MinGW support to build with nghttp2.
-- imap: Corrected whitespace
+- Added VC ssh2 target to main Makefile.
-- [Jiri Hruska brought this change]
+- Some cosmetics and simplifies.
- imap: Added filtering of CAPABILITY and FETCH untagged responses
+- Remove dependency on openssl and cut.
- Only responses that contain "CAPABILITY" and "FETCH", respectively,
- will be sent to their response handler.
+ Prefer usage of Perl modules for sha1 calculation since there
+ might be systems where openssl is not installed or not in path.
+ If openssl is used for sha1 calculation then dont rely on cut
+ since it is usually not available on other systems than Linux.
+
+Daniel Stenberg (23 Oct 2014)
+- RELEASE-NOTES: synced with e116d0a62
-- [Jiri Hruska brought this change]
+- CURLOPT_RESOLVE.3: add an example
- imap: Added a helper function for upcoming untagged response filtering
+- gnutls: removed dead code
- RFC 3501 states that "the client MUST be prepared to accept any response
- at all times" yet we assume anything received with "* " at the beginning
- is the untagged response we want.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1437
+ Reported-by: Julien
+
+- Curl_rand: Uninitialized variable: r
+
+ This is not actually used uninitialized but we silence warnings.
- Introduced a helper function that checks whether the input looks like a
- response to specified command, so that we may filter the ones we are
- interested in according to the current state.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1437
+ Reported-by: Julien
-- [Jiri Hruska brought this change]
+- opts: provide more and updated examples
- imap: Moved CAPABILITY response handling to imap_state_capability_resp()
+- CURLOPT_RANGE.3: works for SFTP as well
- Introduced similar handling to the FETCH responses, where even the
- untagged data responses are handled by the response handler of the
- individual state.
+ ... and added a small example
-Linus Nielsen Feltzing (26 Feb 2013)
-- Remove unused variable in smtp_state_data_resp()
+- curl.1: edited for clarity
-Steve Holme (25 Feb 2013)
-- email: Small tidy up following recent changes
-
-- smtp: Removed bytecountp from the per-request structure
-
- Removed this pointer to a downloaded bytes counter because it was set in
- smtp_init() to point to the same variable the transfer functions keep
- the count in (k->bytecount), effectively making the code in transfer.c
- "*k->bytecountp = k->bytecount" a no-op.
+- CURLOPT_SSLVERSION.3: provide an example
-- pop3: Removed bytecountp from the per-request structure
-
- Removed this pointer to a downloaded bytes counter because it was set in
- pop3_init() to point to the same variable the transfer functions keep
- the count in (k->bytecount), effectively making the code in transfer.c
- "*k->bytecountp = k->bytecount" a no-op.
+- docs/libcurl/ABI: more markdown friendly
-- [Jiri Hruska brought this change]
+- docs: edited lots of libcurl docs for clarity
- imap: Removed bytecountp from the per-request structure
-
- Removed this pointer to a downloaded bytes counter because it was set in
- imap_init() to point to the same variable the transfer functions keep
- the count in (k->bytecount), effectively making the code in transfer.c
- "*k->bytecountp = k->bytecount" a no-op.
+- opts: added examples
-- [Jiri Hruska brought this change]
+- HISTORY: two glimpses in 2014
- imap: Adjusted SELECT and FETCH function order
+Kamil Dudka (20 Oct 2014)
+- nss: reset SSL handshake state machine
- Moved imap_select() and imap_fetch() to be grouped with the other
- perform functions.
+ ... when the handshake succeeds
+
+ This fixes a connection failure when FTPS handle is reused.
-- [Jiri Hruska brought this change]
+Daniel Stenberg (20 Oct 2014)
+- [Peter Wu brought this change]
- imap: Adjusted SELECT and FETCH state order in imap_statemach_act()
+ cmake: generate pkg-config and curl-config
- Exchanged the position of these states in the switch statements to
- match the state enum, execution and function order.
-
-- imap: Minor tidy up of comments in imap_parse_url_path()
+ Initial work to generate a pkg-config and curl-config script. Static
+ linking (`curl-config --static-libs` and `pkg-config --shared --libs
+ libcurl`) is broken and therefore disabled.
- Tidy up of comments before next round of imap changes.
-
-- imap: Fixed incorrect comparison for STARTTLS in imap_endofresp()
+ CONFIGURE_OPTIONS does not make sense for CMake, use an empty string
+ for now.
- Corrected the comparison type in addition to commit 1dac29fa83a9.
-
-- DOCS: Corrected IMAP URL examples according to RFC5092
+ At least `curl-config --features` and `curl-config --protocols` work
+ which is needed by runtests.pl.
- URL examples that included the UID weren't technically correct although
- would pass the curl parser.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Nick Zitzmann (24 Feb 2013)
-- darwinssl: fix undefined $ssllib warning in runtests.pl
+- [Peter Wu brought this change]
+
+ cmake: use LIBCURL_VERSION from curlver.h
+
+ This matches the behavior from autotools. The auxiliary major, minor
+ and patch components are not needed anymore and therefore removed.
- I also added --with-darwinssl to the list of SSL options in configure.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Steve Holme (24 Feb 2013)
-- imap: Added check for new internal imap response code
+- [Peter Wu brought this change]
-- imap: Changed the order of the response types in imap_endofresp()
+ cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
- From a maintenance point of view the code reads better to view tagged
- responses, then untagged followed by continuation responses.
+ For compatibility with autoconf, it will be used later for curl-config
+ and pkg-config. Not all features and or protocols can be enabled as
+ these are missing additional checks (see new TODOs).
- Additionally, this matches the order of responses in POP3.
+ SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=)
+ and manually verified/modified. SUPPORT_FEATURES is manually added.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Jiri Hruska brought this change]
+- cmake: add CMake/Macros.cmake to the release tarball
- imap: Added stricter parsing of continuation responses
+- test545: make it not use a trailing zero
- Enhanced the parsing to only allow continuation responses in some
- states.
+ CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
+ require a trailing zero of the data and by making sure this test doesn't
+ use one we know it works (combined with valgrind).
-- imap: Simplified memcmp() in tagged response parsing
+Steve Holme (16 Oct 2014)
+- ntlm: Fixed empty type-2 decoded message info text
+
+ Updated the info text when the base-64 decode of the type-2 message
+ returns a null buffer to be more specific.
-- [Jiri Hruska brought this change]
+- ntlm: Fixed empty/bad base-64 decoded buffer return codes
- imap: Reworked the logic of untagged command responses
+- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
-- imap: Corrected spacing of trailing brace
+Daniel Stenberg (16 Oct 2014)
+- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
+
+ ... and only do a single request for clarity.
-- [Jiri Hruska brought this change]
+Steve Holme (15 Oct 2014)
+- sasl_sspi: Fixed some typos
- imap: Added stricter parsing of tagged command responses
-
- Enhanced the parsing of tagged responses which must start with "OK",
- "NO" or "BAD"
+- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO
-- [Jiri Hruska brought this change]
+Daniel Stenberg (15 Oct 2014)
+- [Bruno Thomsen brought this change]
- imap: Simplified command response test in imap_endofresp()
+ mk-ca-bundle: added SHA-384 signature algorithm
+
+ Certificates based on SHA-1 are being phased out[1].
+ So we should expect a rise in certificates based on SHA-2.
+ Adding SHA-384 as a valid signature algorithm.
+
+ [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
+
+ Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
-- [Jiri Hruska brought this change]
+Patrick Monnerat (14 Oct 2014)
+- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope
- imap: Corrected comment in imap_endofresp()
+- Implement pinned public key in GSKit backend
-- DOCS: Corrected layout of POP3 and IMAP URL examples
-
- Corrected layout issues with the POP3 and IMAP URL examples introduced
- in commit cb3ae6894fb2.
+Daniel Stenberg (14 Oct 2014)
+- CURLOPT_TLSAUTH_*.3: fix reference typos
-- DOCS: Updated CURLOPT_URL section following recent POP3 and IMAP changes
+- cleanups: reduce variable scope
- Updated the POP3 sub-section to refer to message ID rather than mailbox.
-
- Added an IMAP sub-section with example URLs depicting the specification
- of mailbox, uid and section.
+ cppcheck pointed these out.
-- pop3: Refactored the mailbox variable as it didn't reflect it's purpose
+- singleipconnect: remove dead assignment never used
- Updated the mailbox variable to correctly reflect it's purpose. The
- name mailbox was a leftover from when IMAP and POP3 support was
- initially added to curl.
+ cppcheck pointed this out.
+
+- pinning: minor code style policing
+
+Patrick Monnerat (13 Oct 2014)
+- Factorize pinned public key code into generic file handling and backend specific
+
+- vtls: remove QsoSSL
-- FEATURES: Updated following recent IMAP changes
+- gskit: supply dummy randomization function
-- [Jiri Hruska brought this change]
+- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation
- imap: Added the ability to FETCH a specific UID and SECTION
+Daniel Stenberg (13 Oct 2014)
+- [Peter Wu brought this change]
+
+ tests: move TESTCASES to Makefile.inc, add show for cmake
+
+ This change allows runtests.pl to be run from the CMake builddir:
- Updated the FETCH command to send the UID and SECTION parsed from the
- URL. By default the BODY specifier doesn't include a section, BODY[] is
- now sent whereas BODY[TEXT] was previously sent. In my opinion
- retrieving just the message text is rarely useful when dealing with
- emails, as the headers are required for example, so that functionality
- is not retained. In can however be simulated by adding SECTION=TEXT to
- the URL.
+ export srcdir=/tmp/curl/tests;
+ perl -I$srcdir $srcdir/runtests.pl -l
- Also updated test801 and test1321 due to the BODY change.
+ In order to make this possible, all test cases have been moved from
+ Makefile.am to Makefile.inc.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- email: Additional tidy up of comments following recent changes
+- [Peter Wu brought this change]
-- smtp: Removed some FTP heritage leftovers
+ cmake: enable IPv6 by default if available
- Removed user and passwd from the SMTP struct as these cannot be set on
- a per-request basis and are leftover from legacy FTP code.
+ ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
+ Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
+ struct sockaddr_in6 is not found in netinet/in.h.
- Changed some comments still using FTP terminology.
-
-- smtp: Moved the per-request variables to the per-request data structure
+ Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
+ platform checks even though POSIX requires a thread-safe getaddrinfo.
- Moved the rcpt variable from the per-connection struct smtp_conn to the
- new per-request struct and fixed references accordingly.
-
-- pop3: Introduced a custom SMTP structure for per-request data
+ Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
- Created a new SMTP structure and changed the type of the smtp proto
- variable in connectdata from FTP* to SMTP*.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-unknown (23 Feb 2013)
-- [Steve Holme brought this change]
+- [Peter Wu brought this change]
- imap: Minor correction of comments for max line length
+ cmake: build tool_hugehelp (ENABLE_MANUAL)
+
+ Rather than always outputting an empty manual page for the '-M' option,
+ generate a full manual page as done by autotools. For simplicity in
+ CMake, always generate the gzipped page as it will not be used anyway
+ when zlib is not available.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (23 Feb 2013)
-- strcasestr: remove check for this unused function
+- [Peter Wu brought this change]
-- pop3: fix compiler warning
+ tests/http_pipe.py: Python 3 support
+
+ The 2to3 tool converted socketserver (which I manually fixed up with an
+ import fallback) and the print(e) line. The xrange option was converted
+ to range, but it seems better to use the '*' operator here for
+ simplicity.
- error: declaration of 'pop3' shadows a previous local
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Steve Holme (23 Feb 2013)
-- [Jiri Hruska brought this change]
+- SECURITY: slightly nicer markdown format
- imap: Added URL parsing of new variables
+- RELEASE-PROCEDURE: better markdown, more content
+
+- RELEASE-NOTES: synced with 6637b237e6eb
- Updated the imap_parse_url_path() function to parse uidvalidity, uid and
- section parameters based on RFC-5092.
+ ... and bumped the planned release version.
-- [Jiri Hruska brought this change]
+- vtls: have vtls.h include the backend header files
+
+ It turned out some features were not enabled in the build since for
+ example url.c #ifdefs on features that are defined on a per-backend
+ basis but vtls.h didn't include the backend headers.
+
+ CURLOPT_CERTINFO was one such feature that was accidentally disabled.
- imap: Introduced imap_is_bchar() function
+- test2036: verify -O with no slash at all in the URL
- Added imap_is_bchar() for testing if a given character is a valid bchar
- or not.
+ Similar to test 76 but that test's URL has a slash just no file name
+ part.
-- [Jiri Hruska brought this change]
+- get_url_file_name: make no slash equal empty string
- imap: Introduced new per-request veriables
+- get_url_file_name: never return a NULL string *and* OK
+
+ Change 987a4a73 assumes that as it simplifies life in the calling
+ function.
- Added uidvalidity, uid and section variables to the per-request IMAP
- structure in preparation for upcoming URL parsing.
+ Reported-by: Fabian Keil
-- pingpong: Renamed curl_ftptransfer to curl_pp_transfer
+- [Jakub Zakrzewski brought this change]
-- pop3: Removed some FTP heritage leftovers
+ Cmake: Build with GSSAPI (MIT or Heimdal)
- Removed user and passwd from the POP3 struct as these cannot be set on
- a per-request basis and are leftover from legacy FTP code.
+ It tries hard to recognise SDK's on different platforms. On windows MIT
+ Kerberos installs SDK with other things and puts path into registry.
+ Heimdal have separate zip archive. On linux pkg-config is tried, then
+ krb5-config script and finally old-style libs and headers detection.
- Changed some comments still using FTP terminology.
+ Command line args:
+ * CMAKE_USE_GSSAPI - enables GSSAPI detection
+ * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
+ (the one with include and lib directories)
-- pop3: Moved the per-request variables to the per-request data structure
-
- Moved the mailbox and custom request variables from the per-connection
- struct pop3_conn to the new per-request struct and fixed references
- accordingly.
+- [Jakub Zakrzewski brought this change]
-- pop3: Introduced a custom POP3 structure for per-request data
+ Cmake: Got rid of setup_curl_dependencies
- Created a new POP3 structure and changed the type of the pop3 proto
- variable in connectdata from FTP* to POP*.
+ There is no need for such function. Include_directories propagate by
+ themselves and having a function with one simple link statement makes
+ little sense.
-- [Jiri Hruska brought this change]
+- [Jakub Zakrzewski brought this change]
- imap: Fixed escaping of mailbox names
+ Cmake: Avoid cycle directory dependencies.
- Used imap_atom() to escape mailbox names in imap_select().
+ Because we prepended libraries to list, CMake had troubles resolving
+ link directory order as it detected some cycles. Appending to list ensures
+ that dependencies will preceed dependees.
-- pingpong: Moved curl_ftptransfer definition to pingpong.h
-
- Moved the ftp transfer structure into pingpong.h so other protocols that
- require it don't have to include ftp.h.
+- [Jakub Zakrzewski brought this change]
-- urldata.h: Fixed comment for opt_no_body variable
+ Cmake: Fix library list provided to cURL tests.
- Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
-
-- email: Minor tidy up following IMAP changes
+ The list must be set after those nice CMake tests as we mess with
+ CMAKE_REQUIRED_LIBRARIES there.
-- [Jiri Hruska brought this change]
+- [Jakub Zakrzewski brought this change]
- imap: Removed more FTP leftovers
+ Cmake: Check for OpenSSL before OpenLDAP.
- Changed some variables and comments still using FTP terminology.
+ OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
+ may result in undefined symbols. Of course, the found OpenSSL libraries
+ must also be linked whenever OpenLDAP is.
-- [Jiri Hruska brought this change]
+- curl_multi_fdset.3: improved the formatting slightly
- imap: Removed some FTP heritage leftovers
+- curl_multi_fdset: explain the fd_set arguments
+
+Kamil Dudka (8 Oct 2014)
+- nss: do not fail if a CRL is already cached
- Removed user and passwd from the IMAP struct as these cannot be set on
- a per-request basis and are leftover from legacy FTP code.
+ This fixes a copy-paste mistake from commit 2968f957.
-- [Jiri Hruska brought this change]
+Patrick Monnerat (8 Oct 2014)
+- OS400: upgrade interface for pinned public key (no implementation yet)
- imap: Introduced a custom IMAP structure for per-request data
+Daniel Stenberg (8 Oct 2014)
+- FormAdd: precaution against memdup() of NULL pointer
- Created a new IMAP structure and changed the type of the imap proto
- variable in connectdata from FTP* to the new IMAP*.
+ Coverity CID 252518. This function is in general far too complicated for
+ its own good and really should be broken down into several smaller
+ funcitons instead - but I'm adding this protection here now since it
+ seems there's a risk the code flow can end up here and dereference a
+ NULL pointer.
+
+- operate: avoid NULL dereference
- Moved the mailbox variable from the per-connection struct imap_conn to
- the new per-request struct and fixed references accordingly.
+ Coverity CID 1241948. dumpeasysrc() would get called with
+ config->current set to NULL which could be dereferenced by a warnf()
+ call.
-- pop3: Updated do phrase clean-up comment
+- do_sec_send: remove dead code
- Following commit 65644b833532 for the IMAP module updated the clean-up
- comment in POP3.
+ Coverity CID 1241951. The condition 'len >= 0' would always be true at
+ that point and thus not necessary to check for.
-- imap: Fixed memory leak when performing multiple selects
+- krb5_encode: remove unused argument
- Moved the clean-up of the mailbox variable from imap_disconnect() to
- imap_done() as this variable is allocated in the do phase, yet would
- have only been freed only once if multiple selects where preformed
- on a single connection.
+ Coverity CID 1241957. Removed the unused argument. As this struct and
+ pointer now are used only for krb5, there's no need to keep unused
+ function arguments around.
-Daniel Stenberg (22 Feb 2013)
-- [Alexander Klauer brought this change]
+- operate_do: skip superfluous check for NULL pointer
+
+ Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
+ file name pointer so skip the check for that - it tricks coverity into
+ believing it can happen and it then warns later on when we use 'outfile'
+ without checking for NULL.
- Documentation: Typo in docs/CONTRIBUTE
+- curl_easy_getinfo.3: spell-fix
- Fixes a typo get → git in docs/CONTRIBUTE.
+ Reported-By: Luan Cestari
-- [Alexander Klauer brought this change]
+- [moparisthebest brought this change]
- repository: ignore patch files generated by git
-
- Ignores the patch files generated by the 'git format-patch' command.
+ GnuTLS: Implement public key pinning
-- [Alexander Klauer brought this change]
+- [moparisthebest brought this change]
- libcurl documentation: clarifications and typos
+ SSL: implement public key pinning
- * Elaborates on default values of some curl_easy_setopt() options.
- * Reminds the user to cast variadic arguments to curl_easy_setopt() to
- 'void *' where curl internally interprets them as such.
- * Clarifies the working of the CURLOPT_SEEKFUNCTION option for
- curl_easy_setopt().
- * Fixes typo 'forth' → 'fourth'.
- * Elaborates on CURL_SOCKET_TIMEOUT.
- * Adds some missing periods.
- * Notes that the return value of curl_version() must not be passed to
- free().
-
-- [Alexander Klauer brought this change]
+ Option --pinnedpubkey takes a path to a public key in DER format and
+ only connect if it matches (currently only implemented with OpenSSL).
+
+ Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
+
+ Extract a public RSA key from a website like so:
+ openssl s_client -connect google.com:443 2>&1 < /dev/null | \
+ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
+ | openssl rsa -pubin -outform DER > google.com.der
- lib/url.c: Generic read/write data pointers
+- multi_runsingle: fix possible memory leak
- Always interprets the pointer passed with the CURLOPT_WRITEDATA or
- CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in
- order to avoid problems in environments where FILE and void pointers
- have non-trivial conversion.
+ Coverity CID 1202837. 'newurl' can in fact be allocated even when
+ Curl_retry_request() returns failure so free it if need be.
-- [Alexander Klauer brought this change]
+- ares::Curl_resolver_cancel: skip checking for NULL conn
+
+ Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
+ the subsequent statement would dereference it!
- libcurl documentation: updates HTML index
+- parseconfig: skip a NULL check
- * Adds several links to documentation of library functions which were
- missing.
- * Marks documentation of deprecated library functions "(deprecated)".
- * Removes spurious .html suffixes.
+ Coverity CID 1154198. This NULL check implies that the pointer _can_ be
+ NULL at this point, which it can't. Thus it is dead code. It tricks
+ static analyzers to warn about dereferencing the pointer since the code
+ seems to imply it can be NULL.
-- ossl_seed: avoid recursive seeding!
+- [Waldek Kozba brought this change]
-Steve Holme (22 Feb 2013)
-- [Jiri Hruska brought this change]
+ multi-uv.c: call curl_multi_info_read() better
+
+ Improves it for low-latency cases (like the communication with
+ localhost)
- Fixed checking the socket if there is data waiting in the cache
+- tool_go_sleep: use (void) to spell out we ignore the return value
- Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is
- more data to be received, rather than the socket state, as a task could
- hang waiting for more data from the socket itself.
+ Coverity CID 1222080.
-- imap.c: Fixed an incorrect variable reference
+- ssh_statemach_act: split out assignment from check
- Fixed an incorrect variable reference which was introduced in commit
- a1701eea289f as a result of a copy and paste from SMTP/POP3.
+ just a minor code style thing to make the code clearer
-- [Jiri Hruska brought this change]
+Marc Hoersken (4 Oct 2014)
+- curl_schannel.c: Fixed possible memory or handle leak
+
+ First try to fix possible memory leaks, in this case:
+ Only connssl->ctxt xor onnssl->cred being initialized.
- pingpong: Introduce Curl_pp_moredata()
+Daniel Stenberg (4 Oct 2014)
+- getparameter: remove dead code
- A simple function to test whether the PP is not sending and there are
- still more data in its receiver cache. This will be later utilized to:
+ Coverity CID 1061126. 'parse' will always be non-NULL here.
+
+- getparameter: comment a switch FALLTHROUGH
- 1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
- not test socket state and just call user's statemach_act() function
- when there are more data to process, because otherwise the task would
- just hang, waiting for more data from the socket.
+ Coverity CID 1061118. Point out that it is on purpose.
+
+- choose_mech: fix return code
- 2) Allow PP users to read multiple responses by looping as long as there
- are more data available and current phase is not finished.
- (Currently needed for correct processing of IMAP SELECT responses.)
+ Coverity CID 1241950. The pointer is never NULL but it might point to
+ NULL.
-Nick Zitzmann (19 Feb 2013)
-- FEATURES: why yes, we do support metalink
+- Curl_sec_read_msg: spell out that we ignore return code
- I just noticed Metalink support wasn't listed as a feature of the tool.
+ Coverity CID 1241947. Since if sscanf() fails, the previously set value
+ remains set.
-- metalink: fix improbable crash parsing metalink filename
+- nonblock: call with (void) to show we ignore the return code
- The this_url pointer wasn't being initialized, so if strdup() would return
- null when copying the filename in a metalink file, then hilarity would
- ensue during the cleanup phase. This change was brought to you by clang,
- which noticed this and raised a warning.
+ Coverity pointed out several of these.
-Yang Tse (19 Feb 2013)
-- smtp.c: fix enumerated type mixed with another type
+- parse_proxy: remove dead code.
+
+ Coverity CID 982331.
-- polarssl threadlock cleanup
+- Curl_debug: document switch fallthroughs
-Nick Zitzmann (18 Feb 2013)
-- docs: schannel and darwinssl documentation improvements
+- curl_multi_remove_handle: remove dead code
- Schannel and darwinssl use the certificates built into the
- OS to do vert verification instead of bundles. darwinssl
- is thread-safe. Corrected typos in the NSS docs.
+ Coverify CID 1157776. Removed a superfluous if() that always evaluated
+ true (and an else clause that never ran), and then re-indented the
+ function accordingly.
-Daniel Stenberg (18 Feb 2013)
-- resolver_error: remove wrong error message output
+- Curl_pipeline_server_blacklisted: handle a NULL server name
- The attempt to use gai_strerror() or alternative function didn't work as
- the 'sock_error' field didn't contain the proper error code. But since
- this hasn't been reported and thus isn't really a big deal I decided to
- just scrap the whole attempt to output the detailed resolver error and
- instead remain with just stating that the resolving of the name failed.
+ Coverity CID 1215284. The server name is extracted with
+ Curl_copy_header_value() and passed in to this function, and
+ copy_header_value can actually can fail and return NULL.
-- [Kim Vandry brought this change]
+- ssh: comment "fallthrough" in switch statement
- Curl_resolver_is_resolved: show proper host name on failed resolve
+- [Jeremy Lin brought this change]
-- Curl_resolver_is_resolved: fix compiler warning
+ ssh: improve key file search
- conversion to 'int' from 'long int' may alter its value
-
-- compiler warning fix
+ For private keys, use the first match from: user-specified key file
+ (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
+
+ Note that the previous code only looked for id_dsa files. id_rsa is
+ now generally preferred, as it supports larger key sizes.
- follow-up to commit ed7174c6f66, rename 'wait' to 'block'
+ For public keys, use the user-specified key file, if provided.
+ Otherwise, try to extract the public key from the private key file.
+ This means that passing --pubkey is typically no longer required,
+ and makes the key-handling behavior more like OpenSSH.
-- compiler warning fix: declaration of 'wait' shadows a global declaration
+- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list
+
+- detect_proxy: fix possible single-byte memory leak
- It seems older gcc installations (at least) will cause warnings if we
- name a variable 'wait'. Now changed to 'block' instead.
+ Coverity CID 1202836. If the proxy environment variable returned an empty
+ string, it would be leaked. While an empty string is not really a proxy, other
+ logic in this function already allows a blank string to be returned so allow
+ that here to avoid the leak.
+
+- multi_runsingle: fix memory leak
- Reported by: Jiří Hruška
- Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
+ Coverity CID 1202837. There's a potential risk that 'newurl' gets
+ overwritten when it was already pointing to allocated memory.
-Nick Zitzmann (17 Feb 2013)
-- MacOSX-Framework: Make script work in Xcode 4.0 and later
+- pop3_perform_authentication: fix memory leak
- Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
- Developer folder was moved, and PowerPC support was removed. The script
- will now adapt to those changes and should be future-proofed against
- additional changes in case Apple moves the Developer folder ever again.
- Also, the minimum OS X version compiler option was removed, so that the
- framework can be built against the latest SDK but still run in older cats.
+ Coverity CID 1215287. There's a potential risk for a memory leak in
+ here, and moving the free call to be unconditional seems like a cheap
+ price to remove the risk.
-Daniel Stenberg (17 Feb 2013)
-- docs: refer to CURLOPT_ACCEPT_ENCODING instead of the old name
+- imap_perform_authentication: fix memory leak
+
+ Coverity CID 1215296. There's a potential risk for a memory leak in
+ here, and moving the free call to be unconditional seems like a cheap
+ price to remove the risk.
-Steve Holme (16 Feb 2013)
-- email: Tidied up result code variables
+- wait_or_timeout: return failure when Curl_poll() fails
- Tidied up result variables to be consistent in name, declaration order
- and default values.
+ Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
+ 'mcode' was uninitialized. Pretty harmless since this is debug code only and
+ would at worst cause an error to _not_ be returned...
-Nick Zitzmann (16 Feb 2013)
-- ntlm_core: fix compiler warning when building with clang
+- curl.1: mention quoting in the URL section
- Fixed a 64-to-32 compiler warning raised when building with
- clang and the --with-darwinssl option.
+ and separate the example URLs with newlines
-Daniel Stenberg (16 Feb 2013)
-- Guile-curl: a new libcurl binding
+Steve Holme (30 Sep 2014)
+- [Bill Nagel brought this change]
-- polarsslthreadlock: #include the proper memory and debug includes
+ smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
+
+ This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
+ sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
+ appears to require the same pointer on a write that follows a retry
+ (CURLE_AGAIN) as discussed here:
- Pointed out by Steve Holme
+ http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
-Steve Holme (16 Feb 2013)
-- email: Removed unnecessary forward declaration
+Daniel Stenberg (30 Sep 2014)
+- RELEASE-NOTES: synced with 53cbea22310f15
+
+- file: reject paths using embedded %00
+
+ Mostly because we use C strings and they end at a binary zero so we know
+ we can't open a file name using an embedded binary zero.
- Due to the reordering of functions in commit 586f5d361474 the forward
- declaration to state_upgrade_tls() are no longer required.
+ Reported-by: research@g0blin.co.uk
-- pop3.c: Added reference to RFC-5034
+Dan Fandrich (26 Sep 2014)
+- test506: Fixed a couple of memory leaks in test
-Daniel Stenberg (15 Feb 2013)
-- [Willem Sparreboom brought this change]
+Daniel Stenberg (25 Sep 2014)
+- [Yousuke Kimoto brought this change]
- PolarSSL: Change to cURL coding style
-
- Repaired all curl/lib/checksrc.pl warnings in the previous four patches
+ CURLOPT_COOKIELIST: Added "RELOAD" command
+
+- [Michael Wallner brought this change]
-- [Willem Sparreboom brought this change]
+ CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303
- PolarSSL: WIN32 threading support for entropy
+- threaded-resolver: revert Curl_expire_latest() switch
- Added WIN32 threading support for PolarSSL entropy if
- --enable-threaded-resolver config flag is set and process.h can be found.
+ The switch to using Curl_expire_latest() in commit cacdc27f52b was a
+ mistake and was against the advice even mentioned in that commit. The
+ comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
+ Curl_expire() the suitable function to use.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1426
+ Reported-By: graysky
-- [Willem Sparreboom brought this change]
+- libcurl docs: improvements all over
- PolarSSL: pthread support for entropy
+Steve Holme (19 Sep 2014)
+- build: Added WinIDN build configuration options
- Added pthread support for polarssl entropy if --enable-threaded-resolver
- config flag is set and pthread.h can be found.
+ Added initial support for WinIDN build configurations to the VC10+
+ project files.
-- [Willem Sparreboom brought this change]
+Daniel Stenberg (19 Sep 2014)
+- tutorial: signals aren't used for the threaded resolver
- PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
+- FAQ: update the pronunciation section
+
+ As we weren't using the correct phonetic description and doing it correctly
+ involves funny letters that I'm sure will cause problems for people in a text
+ document so I instead rephrased it and link to a WAV file with a person
+ actually saying 'curl'.
- Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
+ Reported-By: Dimitar Boevski
-- [Willem Sparreboom brought this change]
+- CURLOPT_COOKIE*: added more cross-references
- PolarSSL: added human readable error strings
+- BINDINGS: add node-libcurl
- Print out human readable error strings for PolarSSL related errors
+ Reported-By: Jonathan Cardoso Machado
+ URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
-Steve Holme (15 Feb 2013)
-- pop3: Removed unnecessary state changes on failure
+- README.http2: updated to reflect current status
-- imap: Removed unnecessary state change on failure
+- formdata: removed unnecessary USE_SSLEAY use
-Daniel Stenberg (15 Feb 2013)
-- metalink_cleanup: yet another follow-up fix
+- curlssl: make tls backend symbols use curlssl in the name
-- metalink_cleanup: define it without argument
+- url: let the backend decide CURLOPT_SSL_CTX_ support
- Since the function takes no argument, the macro shouldn't take one as
- some compilers will error out on that.
+ ... to further remove specific TLS backend knowledge from url.c
-- rename "easy" statemachines: call them block instead
-
- ... since they're not used by the easy interface really, I wanted to
- remove the association. Also, I unified the pingpong statemachine driver
- into a single function with a 'wait' argument: Curl_pp_statemach.
+- vtls: have the backend tell if it supports CERTINFO
-Yang Tse (15 Feb 2013)
-- [Gisle Vanem brought this change]
+- [Catalin Patulea brought this change]
- curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s()
+ configure: allow --with-ca-path with PolarSSL too
+
+ Missed this in af45542c.
+
+ Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
-- [Gisle Vanem brought this change]
+- CURLOPT_CAPATH: return failure if set without backend support
- config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32
+- [Tatsuhiro Tsujikawa brought this change]
-- [Gisle Vanem brought this change]
+ http2: Fix busy loop when EOF is encountered
+
+ Previously we did not handle EOF from underlying transport socket and
+ wrongly just returned error code CURL_AGAIN from http2_recv, which
+ caused busy loop since socket has been closed. This patch adds the
+ code to handle EOF situation and tells the upper layer that we got
+ EOF.
- config-dos.h: define strerror() to strerror_s_() for High-C
+Steve Holme (13 Sep 2014)
+- build: Added batch wrapper to checksrc.pl
-- [Gisle Vanem brought this change]
+- RELEASE-NOTES: Synced with bd3df5ec6d
- config-dos.h: define HAVE_TERMIOS_H only for djgpp
+- [Marcel Raad brought this change]
-Steve Holme (14 Feb 2013)
-- smtp.c: Fixed a trailing whitespace
+ sasl_sspi: Fixed Unicode build
- Remove tailing whitespace introduced in commit 7ed689d24a4e.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1422
+ Verified-by: Steve Holme
-- pop3: Fixed blocking SSL connect when connecting via POP3S
+Daniel Stenberg (12 Sep 2014)
+- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
- A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
- connection layer was reworked in 7.29. Not only would this cause the
- connection to block but had the additional overhead of calling the
- non-blocking connect a little bit later.
-
-- smtp: Refactored the smtp_state_auth_resp() function
+ The former link was turned into a 404 at some point.
- Renamed smtp_state_auth_resp() function to match the implementations in
- IMAP and POP3.
+ Reported-By: Askar Safin
-Daniel Stenberg (14 Feb 2013)
-- remove ifdefs
+- contributors.sh: split list of names at comma
- Clarify the code by reducing ifdefs
+ ... to support a list of names provided in a commit message.
+
+Steve Holme (12 Sep 2014)
+- [Ulrich Telle brought this change]
-- strlcat: remove function
+ ntlm: Fixed HTTP proxy authentication when using Windows SSPI
- This function was only used twice, both in places where performance
- isn't crucial (socks + if2ip). Removing the use of this function removes
- the need to have our private version for systems without it == reduced
- amount of code.
+ Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
+ bug in NTLM handshake for HTTP proxy authentication.
- Also, in the SOCKS case it is clearly better to fail gracefully rather
- than to truncate the results.
+ NTLM handshake for HTTP proxy authentication failed with error
+ SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
+ servers on generating the NTLM Type-3 message.
- This work was triggered by a bug report on the strcal prototype in
- strequal.h.
+ The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
+ to the observations and suggestions made in a bug report for the
+ QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
- strlcat was added in commit db70cd28 in February 2001!
+ Removing all the flags solved the problem.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1192
- Reported by: Jeremy Huddleston
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
+ Reported-by: Ulrich Telle
+ Assisted-by: Steve Holme, Daniel Stenberg
-- Curl_FormBoundary: made static
+Daniel Stenberg (12 Sep 2014)
+- [Ray Satiro brought this change]
+
+ newlines: fix mixed newlines to LF-only
+
+ I use the curl repo mainly on Windows with the typical Windows git
+ checkout which converts the LF line endings in the curl repo to CRLF
+ automatically on checkout. The automatic conversion is not done on files
+ in the repo with mixed line endings. I recently noticed some weird
+ output with projects/build-openssl.bat that I traced back to mixed line
+ endings, so I scanned the repo and there are files (excluding the
+ test data) that have mixed line endings.
- As Curl_FormBoundary() is no longer used outside of this file (since
- commit ad7291c1a9d), it is now renamed to formboundary() and is made
- static.
+ I used this command below to do the scan. Unfortunately it's not as easy
+ as git grep, at least not on Windows. This gets the names of all the
+ files in the repo's HEAD, gets each of those files raw from HEAD, checks
+ for mixed line endings of both LF and CRLF, and prints the name if
+ mixed. I excluded path tests/data/test* because those can have mixed
+ line endings if I understand correctly.
+
+ for f in `git ls-tree --name-only --full-tree -r HEAD`;
+ do if [ -n "${f##tests/data/test*}" ];
+ then git show "HEAD:$f" | \
+ perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
+ if [ $? -ne 0 ];
+ then echo "$f";
+ fi;
+ fi;
+ done
+
+- [Viktor Szakáts brought this change]
-- ossl_seed: fix the last resort PRNG seeding
+ mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces
+
+- ROADMAP: markdown eats underscores
- Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
- this now uses Curl_ossl_random() to get entropy.
+ It interprets them as italic indictors unless we backtick the word.
+
+- ROADMAP: tiny formatting edit for nicer web output
+
+Steve Holme (10 Sep 2014)
+- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions
+
+- INTERNALS: Added email and updated Kerberos details
-Steve Holme (13 Feb 2013)
-- email: Tidy up before additional IMAP work
+- FEATURES: Updated Kerberos details
- Replaced two explicit comparisons of CURLE_OK with boolean alternatives.
+ Added support for Kerberos 5 to the email protocols following the recent
+ additions in 7.38.0.
- General tidy up of comments.
+ Removed Kerberos 4 as this has been gone for a while now.
-- smtp: Removed duplicate pingpong structure initialisation
-
- The smtp_connect() function was setting the member variables of the
- pingpong structure twice, once before calling Curl_pp_init() and once
- after!
+Daniel Stenberg (10 Sep 2014)
+- [Paul Howarth brought this change]
-Yang Tse (13 Feb 2013)
-- move msvc IDE related files to 'vs' directory tree
+ openssl: build fix for versions < 0.9.8e
- Use 'vs' directory tree given that 'vc' intended one clashes
- with an already existing build target in file Makefile.dist.
+ Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
-Daniel Stenberg (13 Feb 2013)
-- install-sh: updated to support multiple source files as arguments
+- mk-ca-bundle.pl: first, try downloading HTTPS with curl
- Version 7.29.0 uses Makefiles generated with a newer version of the
- autotools than the previous 7.28.1. These Makefiles try to install
- e.g. header files by calling install-sh with multiple source files as
- arguments. The bundled install-sh is to old and does not support this.
+ As a sort of step forward, this script will now first try to get the
+ data from the HTTPS URL using curl, and only if that fails it will
+ switch back to the HTTP transfer using perl's native LWP functionality.
+ To reduce the risk of this script being tricked.
- The problem only occurs, if install-sh is actually being used, ie. the
- platform install executable is to old or not usable. Example: Solaris
- 10.
+ Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so
+ we can't really ever completely disable HTTP, but chances are that most
+ users already have a ca cert bundle that trusts the mozilla.org site
+ that this script downloads from.
- The files install-sh and mkinstalldirs are now updated with the automake
- 1.11.3 versions. A better fix might be to completely remove them from
- git and force the files to be added/created during buildconf.
+ A future version of this script will probably switch to require a
+ dedicated "insecure" command line option to allow downloading over HTTP
+ (or unverified HTTPS).
+
+- LICENSE-MIXING: removed krb4 info
- Bug: http://curl.haxx.se/bug/view.cgi?id=1195
- Reported by: Rainer Jung
+ krb4 has been dropped since a while now
+
+- bump: on the 7.38.1-DEV train now!
-Yang Tse (13 Feb 2013)
-- move msvc IDE related files to 'vc' directory tree
+- SSLCERTS: minor updates
+
+ Edited format to look better on the web, added a "it is about trust"
+ section.
-- msvc IDE 'vc' directory tree preparation
+Version 7.38.0 (10 Sep 2014)
-Steve Holme (12 Feb 2013)
-- imap: Corrected a whitespace issue from previous commit
+Daniel Stenberg (10 Sep 2014)
+- dist: two cmake files are no more
- Fixed a small whitespace issue that crept in there in commit
- 508cdf4da4d7.
+ CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b
-- email: Another post optimisation of endofresp() tidy up
+- RELEASE-NOTES: final update for 7.38.0
-- sasl: Fixed null pointer reference when decoding empty digest challenge
+- cookies: reject incoming cookies set for TLDs
- Fixed a null pointer reference when an empty challenge is passed to the
- Curl_sasl_create_digest_md5_message() function.
+ Test 61 was modified to verify this.
- Bug: http://sourceforge.net/p/curl/bugs/1193/
- Reported by: Saran Neti
-
-- email: Post optimisation of endofresp() tidy up
+ CVE-2014-3620
- Removed unnecessary end of line check and return.
+ Reported-by: Tim Ruehsen
+ URL: http://curl.haxx.se/docs/adv_20140910B.html
-Nick Zitzmann (12 Feb 2013)
-- darwinssl: Fix send glitchiness with data > 32 or so KB
+- [Tim Ruehsen brought this change]
+
+ cookies: only use full host matches for hosts used as IP address
+
+ By not detecting and rejecting domain names for partial literal IP
+ addresses properly when parsing received HTTP cookies, libcurl can be
+ fooled to both send cookies to wrong sites and to allow arbitrary sites
+ to set cookies for others.
- An ambiguity in the SSLWrite() documentation lead to a bad inference in the
- code where we assumed SSLWrite() returned the amount of bytes written to
- the socket, when that is not actually true; it returns the amount of data
- that is buffered for writing to the socket if it returns errSSLWouldBlock.
- Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.
+ CVE-2014-3613
- Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
+ Bug: http://curl.haxx.se/docs/adv_20140910A.html
-Steve Holme (12 Feb 2013)
-- pingpong.h: Fixed line length over 78 characters from b56c9eb48e3c
+- HISTORY: fix the 1998 title position
-- pingpong: Optimised the endofresp() function
+- HISTORY: extended and now markdown
+
+- SSLCERTS: converted to markdown
- Reworked the pp->endofresp() function so that the conndata, line and
- line length are passed down to it just as with Curl_client_write()
- rather than each implementation of the function having to query
- these values.
+ Only minor edits to make it generate nice HTML output using markdown, as
+ this document serves both in source release tarballs as on the web site.
- Additionally changed the int return type to bool as this is more
- representative of the function's usage.
+ URL: http://curl.haxx.se/docs/sslcerts.html
-- email: Post STARTLS capability code tidy up (Part Three)
+- ftp-wildcard.c: spell fix
- Corrected the order of the upgrade_tls() functions and moved the handler
- upgrade and getsock() functions out from the middle of the state related
- functions.
+ Reported-By: Frank Gevaerts
-- email: Post STARTLS capability code tidy up (Part Two)
-
- Corrected the order of the pop3_state_capa() / imap_state_capability()
- and the pop3_state_capa_resp() / imap_state_capability_resp() functions
- to match the execution order.
+- RELEASE-NOTES: synced with 921a0c22a6f
-Daniel Stenberg (11 Feb 2013)
-- [ulion brought this change]
+- THANKS: synced with RELEASE-NOTES for 921a0c22a6f
- SOCKS: fix socks proxy when noproxy matched
-
- Test 1212 added to verify
+- polarassl: avoid memset() when clearing the first byte is enough
+
+- [Catalin Patulea brought this change]
+
+ polarssl: support CURLOPT_CAPATH / --capath
- Bug: http://curl.haxx.se/bug/view.cgi?id=1190
+ Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
+
+- SECURITY: eh, make more sense!
-Steve Holme (11 Feb 2013)
-- ntlm: Updated comments for the addition of SASL support to IMAP in v7.29
+- SECURITY: how to join the curl-security list
-- RELEASE-NOTES: Updated following the recent imap/pop3/smtp changes
+- RELEASE-NOTES: fix the required nghttp2 version typo
-Linus Nielsen Feltzing (10 Feb 2013)
-- Fix NULL pointer reference when closing an unused multi handle.
+- [Brandon Casey brought this change]
-Steve Holme (10 Feb 2013)
-- email: Post STARTLS capability code tidy up (Part One)
+ Ensure progress.size_dl/progress.size_ul are always >= 0
+
+ Historically the default "unknown" value for progress.size_dl and
+ progress.size_ul has been zero, since these values are initialized
+ implicitly by the calloc that allocates the curl handle that these
+ variables are a part of. Users of curl that install progress
+ callbacks may expect these values to always be >= 0.
+
+ Currently it is possible for progress.size_dl and progress.size_ul
+ to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
+ Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
+ places currently do, and a following patch will add more). So
+ lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
+ so they make sure that these variables always contain a value that
+ is >= 0.
- Corrected the order of the CAPA / CAPABILITY state machine constants to
- match the execution order.
+ Updates test579 and test599.
+
+ Signed-off-by: Brandon Casey <drafnel@gmail.com>
-- imap: Fixed memory leak following commit f6010d9a0359
+Steve Holme (7 Sep 2014)
+- tests: Added test1420 to the makefile
-- smtp: Added support for the STARTTLS capability (Part Two)
-
- Added honoring of the tls_supported flag when starting a TLS upgrade
- rather than unconditionally attempting it. If the use_ssl flag is set
- to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
- connection will continue to authenticate. If this flag is set to
- CURLUSESSL_ALL then the connection will complete with a failure as it
- did previously.
+- test1420: Removed unnecessary CURLOPT setting
-- pop3: Added support for the STLS capability (Part Three)
-
- Added honoring of the tls_supported flag when starting a TLS upgrade
- rather than unconditionally attempting it. If the use_ssl flag is set
- to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
- connection will continue to authenticate. If this flag is set to
- CURLUSESSL_ALL then the connection will complete with a failure as it
- did previously.
+- tests: Added more "Clear Text" authentication keywords
-- imap: Added support for the STARTTLS capability (Part Three)
-
- Added honoring of the tls_supported flag when starting a TLS upgrade
- rather than unconditionally attempting it. If the use_ssl flag is set
- to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
- connection will continue to authenticate. If this flag is set to
- CURLUSESSL_ALL then the connection will complete with a failure as it
- did previously.
+- tests: Updated "based on" text due to email test renumbering
-Daniel Stenberg (10 Feb 2013)
-- [Alessandro Ghedini brought this change]
+- tests: For consistency added --libcurl to test name
- htmltitle: fix suggested build command
+- tests: Added --libcurl for IMAP test case
-Steve Holme (10 Feb 2013)
-- pop3: Added support for the STLS capability (Part Two)
+- multi.c: Avoid invalid memory read after free() from commit 3c8c873252
- Added sending of initial CAPA command before STLS is sent. This allows
- for the detection of the capability before trying to upgrade the
- connection.
+ As the current element in the list is free()d by Curl_llist_remove(),
+ when the associated connection is pending, reworked the loop to avoid
+ accessing the next element through e->next afterward.
-- imap: Added support for the STARTTLS capability (Part Two)
+- multi.c: Fixed compilation warning from commit 3c8c873252
- Added sending of initial CAPABILITY command before STARTTLS is sent.
- This allows for the detection of the capability before trying to
- upgrade the connection.
+ warning: implicit conversion from enumeration type 'CURLMcode' to
+ different enumeration type 'CURLcode'
-- smtp: Added support for the STLS capability (Part One)
+- url.c: Use CURLAUTH_NONE constant rather than 0
- Introduced detection of the STARTTLS capability, in order to add support
- for TLS upgrades without unconditionally sending the STARTTLS command.
+ Small follow up to commit 898808fa8c to use auth constants rather than
+ hard code value when clearing picked authentication mechanism.
-- pop3: Added support for the STLS capability (Part One)
-
- Introduced detection of the STLS capability, in order to add support
- for TLS upgrades without unconditionally sending the STLS command.
+- RELEASE-NOTES: Synced with fd1ce3856a
-- imap: Added support for the STARTTLS capability (Part One)
+Nick Zitzmann (4 Sep 2014)
+- [Vilmos Nebehaj brought this change]
+
+ darwinssl: Use CopyCertSubject() to check CA cert.
+
+ SecCertificateCopyPublicKey() is not available on iPhone. Use
+ CopyCertSubject() instead to see if the certificate returned by
+ SecCertificateCreateWithData() is valid.
- Introduced detection of the STARTTLS capability, in order to add support
- for TLS upgrades without unconditionally sending the STARTTLS command.
+ Reported-by: Toby Peterson
-- RELEASE-NOTES: synced with 92f7606f29b704
+Steve Holme (4 Sep 2014)
+- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI
-- smtp: Fixed an issue when processing EHLO failure responses (Part 3)
-
- Follow up fix to commit 62bd21746443 to cater for servers that don't
- respond with a 250 in their EHLO responses. Additionally updated the
- SMTP tests to respond with a 250 response code as per RFC5321.
+Daniel Stenberg (4 Sep 2014)
+- MAIL-ETIQUETTE: "1.8 I posted, now what?"
-- pop3: Fixed SASL authentication capability detection
+- CURLOPT_CA*: better refering between *CAINFO and *CAPATH
- Fixed the SASL capability detection to include the space character
- before the authentication mechanism list. Otherwise a capability such
- as SASLSOMETHING would be interpreted as enabling SASL and potentially
- trying to identify SOMETHING as a mechanism.
+ ... and a minor wording edit
-- pop3: Fixed incorrect return value from pop3_endofresp()
+- THANKS: added Dennis Clarke
- Corrected an incorrect return value when -ERR is received from the
- server - introduced in commit b5bb61ee697b (June 2012).
+ Dennis Clarke from Blastwave.org for ensuring that nightly builds run
+ smooth on Solaris!
-- smtp: Fixed an issue when processing EHLO failure responses (Part 2)
+- curl_multi_cleanup: remove superfluous NULL assigns
- Follow up fix to commit 23d17190ee32 as EHLO capabilities can exist
- within a positive response line.
+ ... as the struct is free()d in the end anyway. It was first pointed out
+ to me that one of the ->msglist assignments were supposed to have been
+ ->pending but was a copy and paste mistake when I realized none of the
+ clearing of pointers had to be there.
-- smtp: Fixed an issue with missing capabilities after the AUTH line
+- multi: convert CURLM_STATE_CONNECT_PEND handling to a list
- Follow up to commit 40f9bb787f05 to fix missing capabilities after an
- AUTH line.
-
-Nick Zitzmann (8 Feb 2013)
-- darwinssl: Make certificate errors less techy
+ ... instead of scanning through all handles, stash only the actual
+ handles that are in that state in the new ->pending list and scan that
+ list only. It should be mostly empty or very short. And only used for
+ pipelining.
+
+ This avoids a rather hefty slow-down especially notable if you add many
+ handles to the same multi handle. Regression introduced in commit
+ 0f147887 (version 7.30.0).
- Previously if a problem was found with one of the server's certificates,
- we'd log an OSStatus for the end user to look up. Now we explain what
- was wrong with the site's certificate chain. Also un-did part of the
- previous commit where the code wouldn't catch errSSLServerAuthCompleted
- if built under Leopard.
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html
+ Reported-by: David Meyer
-Guenter Knauf (9 Feb 2013)
-- Updated dependency libs.
+- RELEASE-NOTES: synced with e608324f9f9
-Steve Holme (9 Feb 2013)
-- imap: Corrected some comments
+- [Andre Heinecke brought this change]
-- smtp: Fixed an issue when processing EHLO failure responses
+ polarssl: implement CURLOPT_SSLVERSION
- Fixed a small issue where smtp_endofresp() would look for capabilities
- in the description part of a failure response. In theory a server
- shouldn't respond with SIZE or AUTH in an EHLO command's failure
- response but if it did then capabilities would be unnecessarily set
- before eventually failing.
-
-- pop3: Reworked pop3_endofresp() to simplify it little
+ Forwards the setting as minimum ssl version (if set) to polarssl. If
+ the server does not support the requested version the SSL Handshake will
+ fail.
- Reworked pop3_endofresp() to simplify it and provide consistency between
- imap and smtp.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1419
-- imap: Renamed state variables in imap_authenticate()
-
- Renamed the authstate1 and authstate2 variables in imap_authenticate()
- as the old name was a left over from when there was only one state
- variable which was named due to a clash with the state() function.
+nickzman (1 Sep 2014)
+- Merge pull request #115 from ldx/darwinsslfixpr
- Additionally this provides consistency with the smtp module.
+ darwinssl: now accepts cacert bundles in PEM format in addition to single certs
-- smtp: Reworked smtp_endofresp() to allow for extra capability detection
-
-- smtp: Renamed smtp_state_auth_passwd_resp() function
+Vilmos Nebehaj (1 Sep 2014)
+- Check CA certificate in curl_darwinssl.c.
- Renamed the login password response function to better describe it's
- purpose as well as for consistency with the imap and pop3 modules.
-
-Daniel Stenberg (8 Feb 2013)
-- [Gisle Vanem brought this change]
+ SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
+ if the buffer holds an invalid or corrupt certificate. Call
+ SecCertificateCopyPublicKey() to make sure cacert is a valid
+ certificate.
- ntlm: fix memory leak
+Daniel Stenberg (31 Aug 2014)
+- low-speed-limit: avoid timeout flood
- Running tests\libtest\libntlmconnect.exe reveals a 1 byte (!) leak in
- ./lib/curl_ntlm_msgs.c:
+ Introducing Curl_expire_latest(). To be used when we the code flow only
+ wants to get called at a later time that is "no later than X" so that
+ something can be checked (and another timeout be added).
- perl ..\memanalyze.pl c:memdebug.curl
- Leak detected: memory still allocated: 1 bytes
- At 9771e8, there's 1 bytes.
- allocated by curl_ntlm_msgs.c:399
+ The low-speed logic for example could easily be made to set very many
+ expire timeouts if it would be called faster or sooner than what it had
+ set its own timer and this goes for a few other timers too that aren't
+ explictiy checked for timer expiration in the code.
- Snippet from curl_ntlm_msgs.c:
- /* setup ntlm identity's domain and length */
- dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+ If there's no condition the code that says if(time-passed >= TIME), then
+ Curl_expire_latest() is preferred to Curl_expire().
- (my domlen == 0).
+ If there exists such a condition, it is on the other hand important that
+ Curl_expire() is used and not the other.
- 'dup_domain.tbyte_ptr' looks to be freed in Curl_ntlm_sspi_cleanup() via
- 'ntlm->identity.Domain'. But I see no freeing of 'dup_domain.tchar_ptr'.
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html
+ Reported-by: Florian Weimer
+
+- [Michael Wallner brought this change]
-- DONE: consider callback-aborted transfers premature
+ resolve: cache lookup for async resolvers
- This bug report properly identified that when doing SMTP and aborting
- the transfer with a callback, it must be considered aborted prematurely
- by the code to avoid QUIT etc to be attempted as that would cause a
- hang.
+ While waiting for a host resolve, check if the host cache may have
+ gotten the name already (by someone else), for when the same name is
+ resolved by several simultanoues requests.
- The new test case 1507 verifies this behavior.
+ The resolver thread occasionally gets stuck in getaddrinfo() when the
+ DNS or anything else is crappy or slow, so when a host is found in the
+ DNS cache, leave the thread alone and let itself cleanup the mess.
+
+Vilmos Nebehaj (30 Aug 2014)
+- Fix CA certificate bundle handling in darwinssl.
- Reported by: Patricia Muscalu
- Bug: http://curl.haxx.se/bug/view.cgi?id=1184
+ If the --cacert option is used with a CA certificate bundle that
+ contains multiple CA certificates, iterate through it, adding each
+ certificate as a trusted root CA.
-- FAQ: refreshed some phrases
+Daniel Stenberg (29 Aug 2014)
+- [Askar Safin brought this change]
-Nick Zitzmann (7 Feb 2013)
-- darwinssl: Fix build under Leopard
-
- It turns out that Leopard (OS X 10.5) doesn't have constants for the ECDH
- ciphers in its headers, so the cases for them have been taken out of the
- build when building under Leopard. Also added a standard function for
- getting a string description of a SecCertificateRef.
+ getinfo-times: Typo fixed
-Steve Holme (7 Feb 2013)
-- RELEASE-NOTES: Added new imap features
+- [Askar Safin brought this change]
-- imap: Added support for SASL-IR extension (Part 2)
-
- Modified imap_authenticate() to add support for sending the initial
- response with the AUTHENTICATE command, as per RFC4959.
+ libcurl.3: Typo fixed
-- smtp: Updated SMTP_AUTH_PASSWD state constant
-
- Changed the SMTP_AUTH_PASSWD state constant to SMTP_AUTH_LOGIN_PASSWD to
- better describe the state as the second part of an AUTH LOGIN command,
- as well as for consistency with the imap and pop3 modules.
+- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen
+
+- curl.1: add an example for -H
+
+- FAQ: mention -w in the 4.20 answer as well
-- imap: Added support for SASL-IR extension (Part 1)
+- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses
+
+- CURLOPT_NOBODY.3: clarify this option is for downloads
+
+ When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
+ mode and will do a download (without a body). This is now better
+ explained in this man page.
- Introduced detection of the SASL-IR capability, in order to add support
- for sending the initial response with the AUTHENTICATE command, as per
- RFC4959.
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
+ Reported-by: John Coffey
+
+- INTERNALS: nghttp2 must be 0.6.0 or later
+
+- [Tatsuhiro Tsujikawa brought this change]
-Daniel Stenberg (7 Feb 2013)
-- Revert "vc: remove explicit MSVC6 IDE project file and documentation"
+ Compile with latest nghttp2
+
+Dan Fandrich (26 Aug 2014)
+- THANKS: removed a few more duplicates
+
+Daniel Stenberg (26 Aug 2014)
+- RELEASE-NOTES: synced with 007242257683a
- This reverts commit 0e66d5878edc3d7ffc445116d194b58bbc7504b9.
+ ... and bumped the contributor amount after recount
-Steve Holme (7 Feb 2013)
-- imap: Changed response tag generation to be completely unique
+- THANKS: added 52 missing contributors
- Updated the automatic response tag generation to follow the examples
- given in RC3501, which list a 4 character string such as A001, A002,
- etc.
+ I re-ran contributors.sh on all changes since 7.10 and I found these
+ contributors who are mentioned in the commits but never were added to
+ THANKS before!
- As a unique identifier should be generated for each command the string
- generation is based on the connection id and the incrementing command
- id.
+ I also removed a couple of duplicates (mostly due to different
+ spellings).
+
+- contributors: grep and sort case insensitively
+
+- [Michael Osipov brought this change]
-Dan Fandrich (6 Feb 2013)
-- Tweak the Android.mk file for its new location
+ configure.ac: Add support for recent GSS-API implementations for HP-UX
- This is untested, but ought to be enough to still allow it
- to work automatically when the entire curl source tree is
- dropped into a full Android source tree.
+ By default, configure script assumes that libcurl will use the
+ HP-supplied GSS-API implementation which does not have krb5-config.
+ If a dev needs a more recent version which has that config script,
+ the change will allow to pass an appropriate GSSAPI_ROOT.
-Daniel Stenberg (6 Feb 2013)
-- vc: remove explicit MSVC6 IDE project file and documentation
+- CONNECT: close proxy connections that fail to CONNECT
- VC6 is _very_ old and we provide working makefiles even for that
- compiler. Users who build with the IDE never use that method and project
- file anyway and it was just lingering in the root dir.
+ This is usually due to failed auth. There's no point in us keeping such
+ a connection alive since it shouldn't be re-used anyway.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1381
+ Reported-by: Marcel Raad
-Steve Holme (6 Feb 2013)
-- imap: Small variable rename in preparation for upcoming change
+- RELEASE-NOTES: added two missing HTTP/2 bug fixes
- Renamed a couple of variables and updated some comments in
- preparation for upcoming command id / response tag change.
+ And renamed all http2 references to HTTP/2 in this file
+
+- RELEASE-NOTES: synced with f646e9075f47
-Daniel Stenberg (6 Feb 2013)
-- msvc: move Makefile.msvc.names into winbuild/
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows
- In an attempt to clear up misc files from the root dir
+ At this point I can build libcurl on windows. It provides at least the same
+ list of protocols as for linux build and works with our software.
-- build: move Android.mk to packages/Android/
+- [Jakub Zakrzewski brought this change]
-- emacs files: remove from git and dist
+ Cmake: Removed repeated content from ending blocks
- We don't need them and I doubt many people used them. We also don't have
- any configs for other editors and we wouldn't want that.
+ They are unnecesary in modern CMake and removing them improves readability.
+
+- [Jakub Zakrzewski brought this change]
-Steve Holme (6 Feb 2013)
-- email: Moved starttls code in separate functions
+ Cmake: Removed some useless empty SET statements.
- To help maintain the readability of the code in imap.c, pop3.c and
- smtp.c moved the starttls code into state_starttls() functions.
+ Undefined variables resolve to empty strings and we do not ever test if
+ the variable is defined thus those SETs are superfluous.
-- [Nick Zitzmann brought this change]
+- [Jakub Zakrzewski brought this change]
- FEATURES: More NTLM and SSL changes, added two others, fixed typo
+ Cmake: Removed useless comments from CMakeLists.txt
- Added IDN and HTTP data compression as they were left out of the
- document until now.
+ They look like some relics after changes.
+
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Don't check for all headers each time
- Added notes for qssl, schannel and Secure Transport supporting SSLv2,
- Secure Transport supports NTLM, and axTLS does not support SSLv3.
+ One header at a time is the right way. Apart from that the output on
+ windows goes from:
+ ...
+ -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
+ -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
+ - found
+ -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock2.h
+ -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock2.h - found
+ -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
+ o.h
+ -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
+ o.h - found
+ -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
+ ows.h
+ -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
+ ows.h - found
+ -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock.h
+ -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock.h - found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ filio.h
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ filio.h - not found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ ioctl.h
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ ioctl.h - not found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ resource.h
+ ...
- There was also a typo; "AUTH TSL" should be "AUTH TLS".
+ To much nicer:
+ ...
+ -- Looking for ws2tcpip.h
+ -- Looking for ws2tcpip.h - found
+ -- Looking for winsock2.h
+ -- Looking for winsock2.h - found
+ -- Looking for stdio.h
+ -- Looking for stdio.h - found
+ -- Looking for windows.h
+ -- Looking for windows.h - found
+ -- Looking for winsock.h
+ -- Looking for winsock.h - found
+ -- Looking for sys/filio.h
+ -- Looking for sys/filio.h - not found
+ -- Looking for sys/ioctl.h
+ -- Looking for sys/ioctl.h - not found
+ -- Looking for sys/resource.h
-Kamil Dudka (6 Feb 2013)
-- curl-config.in: do not randomly mix tabs and spaces
+- [Jakub Zakrzewski brought this change]
-Daniel Stenberg (6 Feb 2013)
-- 7.29.1: onwards!
+ Cmake: Append OpenSSL include directory to search path
+
+ At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2.
+ Supported protocols are at least:
+ HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP
+ (those are the ones we have regression tests for
+ in our product's testsuite)
-- THANKS: 12 contributors from 7.29.0
+- [Jakub Zakrzewski brought this change]
-Version 7.29.0 (6 Feb 2013)
+ Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code.
-Daniel Stenberg (6 Feb 2013)
-- vms: config-vms.h is removed, no use trying to distribute it
+- [Jakub Zakrzewski brought this change]
-- RELEASE-NOTES: mention the SASL buffer overflow
+ Cmake: LibSSH2 detection and use.
-- [Eldar Zaitov brought this change]
+- [Jakub Zakrzewski brought this change]
- Curl_sasl_create_digest_md5_message: fix buffer overflow
-
- When negotiating SASL DIGEST-MD5 authentication, the function
- Curl_sasl_create_digest_md5_message() uses the data provided from the
- server without doing the proper length checks and that data is then
- appended to a local fixed-size buffer on the stack.
-
- This vulnerability can be exploited by someone who is in control of a
- server that a libcurl based program is accessing with POP3, SMTP or
- IMAP. For applications that accept user provided URLs, it is also
- thinkable that a malicious user would feed an application with a URL to
- a server hosting code targetting this flaw.
-
- Bug: http://curl.haxx.se/docs/adv_20130206.html
+ Cmake: Moved macros out of the main CMakeLists.txt
-Steve Holme (6 Feb 2013)
-- FEATURES: Removed erroneous whitespace
-
- Removed whitespace introduced in commit 5f8f20f5e65b that caused
- formatting issues when generating the website docs.
+- [Jakub Zakrzewski brought this change]
-Yang Tse (6 Feb 2013)
-- setup-vms.h: post VMS patch cleanup - III
+ Cmake: Added missing protocol-disable switches
- - rename post-config-vms.h to setup-vms.h
- - move its inclusion into proper location in curl_setup.h
+ They already have their defines in config.h. This makes it possible to
+ disable the protocols from command line during configure step.
-- vms_show: post VMS patch cleanup - II
-
- - remove multiple declarations of vms_show and add comments
+- [Jakub Zakrzewski brought this change]
-- tool_main.c: post VMS patch cleanup - I
+ Cmake: Made boolean defines be defined to "1" instead of "ON"
- - remove header inclusion already done in curl_setup_once.h
+ It's by convention, for compatibility and because the comments say so.
+ Just mabe someone have written a test like "#if HAVE_XX==1"
-Steve Holme (6 Feb 2013)
-- FEATURES: Added SSPI to list of NTLM libraries
+- [Jakub Zakrzewski brought this change]
-- FEATURES: Added Secure Transport and qssl to list of SSL libraries
+ Cmake: Require at least CMake 2.8.
+
+ CMake 2.6 is already a bit old. Many bugs have been fixed since
+ its release. We use 2.8 in our company and we have no intention
+ of polluting our environment with old software, so 2.6 would
+ not be tested. This shouldn't be a problem since all one need
+ to build CMake from source is C and C++ compiler.
-- FEATURES: Added email feature set
+- disconnect: don't touch easy-related state on disconnects
+
+ This was done to make sure NTLM state that is bound to a connection
+ doesn't survive and gets used for the subsequent request - but
+ disconnects can also be done to for example make room in the connection
+ cache and thus that connection is not strictly related to the easy
+ handle's current operation.
- Added SMTP, SMTPS, POP3, POP3S, IMAP and IMAPS features.
+ The http authentication state is still kept in the easy handle since all
+ http auth _except_ NTLM is connection independent and thus survive over
+ multiple connections.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
+ Reported-by: Paras S
-- imap.h: Corrected incorrect comment clarification
+- curl.1: clarify --limit-rate's effect on both directions
- Corrected comment clarification made in commit 167717b8069a.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1414
+ Reported-by: teo8976
-- COPYING: Updated copyright year to include 2013
+- curl.1: mention the --post30x options within the --location desc
-Daniel Stenberg (5 Feb 2013)
-- RELEASE-NOTES: synced with 25f351424b3538
-
- 8 more bug fixes mentioned
+Dan Fandrich (22 Aug 2014)
+- sasl: Fixed a memory leak on OOM
-- [John E. Malmberg brought this change]
+Daniel Stenberg (22 Aug 2014)
+- [Frank Meier brought this change]
- VMS: fix and generate the VMS build config
-
- config_h.com is a new file that generates a config.h file based on the
- curl_config.h.in file and a quick scan of the configure script. This is
- actually a generic procedure that is shared with other VMS packages.
+ NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
- The existing pre-built config-vms.h had over 100 entries that were not
- correct and in some cases conflicted with the build options available in
- the build_vms.com.
+ Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
+ since NTLM requires multiple requests that re-use the same connection
+ for the authentication to work
- generate_config_vms_h_curl.com is a helper procedure to the
- config_h.com. It covers the cases that the generic config_h.com is not
- able to figure out, and accepts input from the build_vms.com procedure.
+ Solution: Ignore the forbid reuse flag in case the NTLM authentication
+ handshake is in progress, according to the NTLM state flag.
- build_curlbuild_h.com is a new file to generate the curlbuild.h file
- that Curl is now using when it is using a curl_config.h file.
+ Fixed known bug #77.
+
+Steve Holme (22 Aug 2014)
+- openssl.c: Fixed longer than 79 columns
+
+- openssl.c: Fixed compilation warning
- post-config-vms.h is a new file that is needed to provide VMS specific
- definitions, and most of them need to be set before the system header
- files are included.
+ warning: declaration of 'minor' shadows a global declaration
+
+Daniel Stenberg (21 Aug 2014)
+- [Haris Okanovic brought this change]
+
+ win32: Fixed WinSock 2 #if
- The VMS build procedure is fixed:
+ A conditionally compiled block in connect.c references WinSock 2
+ symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
+ HAVE_WINSOCK2_H`.
- 1. Fixed to link in the correct HP ssl library.
- 2. Fixed to detect if HP Kerberos is installed.
- 3. Fixed to detect if HP LDAP is installed.
- 4. Fixed to detect if gnv$libzshr is installed.
- 5. Simplified the input parameter parsing to not use a loop.
- 6. Warn that 64 bit pointer option support is not complete
- in comments.
- 7. Default to IEEE floating if platform supports it so
- resulting libcurl will be compatible with other
- open source projects on VMS.
- 8. Default to LARGEFILE if platform supports it.
- 9. Default to enable SSL, LDAP, Kerberos, libz
- if the libraries are present.
- 10. Build with exact case global symbols for libcurl.
- 11. Generate linker option file needed.
- 12. Compiler list option only commonly needed items.
- 13. fulllist option for those who really want it.
- 14. Create debug symbol file on Alpha, IA64.
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html
-- Curl_proxyCONNECT: return once CONNECT is sent
+- Curl_disconnect: don't free the URL
- By doing this unconditionally, we infer a simpler and more defined
- behavior. This also has the upside that test 1021 no longer fails for me
- even if I run with valgrind.
+ The URL is not a property of the connection so it should not be freed in
+ the connection disconnect but in the Curl_close() that frees the easy
+ handle.
- Also fixed some wrong comments.
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
+ Reported-by: Paras S
-Steve Holme (5 Feb 2013)
-- email: Reworked comments in the endofresp() functions
+- help output: minor whitespace edits
- Tidied up the comments in the endofresp() functions to be more
- meaningful prior to release.
+ Should've been amended in the previous commit but wasn't due to a
+ mistake.
-Marc Hoersken (5 Feb 2013)
-- schannel: Removed extended error connection setup flag
-
- According KB975858 this flag may cause problems on Windows 7 and
- Windows Server 2008 R2 systems. Extended error information is not
- currently used by libcurl and therefore not a requirement.
-
- The flag may improve the SSL-connection shutdown in case of an
- error. This means it might be a good improvement in the future.
+- [Zearin brought this change]
+
+ help output: use ≥2 spaces between option and description
- Fixes bug/issue #1187 - thanks for the report
+ ... and some other cleanups
-Daniel Stenberg (5 Feb 2013)
-- [Tor Arntsen brought this change]
+- FAQ: some actually sometimes get paid...
- singleipconnect: Update *sockp for all CURLE_OK
-
- The 56b7c87c7 change left a case where a good sockfd was not copied to
- *sockp before returning with CURLE_OK
+Steve Holme (17 Aug 2014)
+- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge
-- curl_easy_perform: Value stored to 'mcode' is never read
+- sasl_sspi: Renamed GSSAPI mutual authentication parameter
- pointed out by clang-analyzer
+ ...From "mutual" to "mutual_auth" which better describes what it is.
-- singleipconnect: remove dead assignment
+- sasl_sspi: Corrected some of the GSSAPI security message error codes
- pointed out by clang-analyzer
-
-Linus Nielsen Feltzing (5 Feb 2013)
-- CURLMOPT_MAXCONNECTS: restore functionality
+ Corrected a number of the error codes that can be returned from the
+ Curl_sasl_create_gssapi_security_message() function when things go
+ wrong.
- When a connection is no longer used, it is kept in the cache. If the
- cache is full, the oldest idle connection is closed. If no connection is
- idle, the current one is closed instead.
+ It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
+ inbound security challenge can't be decoded correctly or doesn't
+ contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
+ EncryptMessage() fails. Unfortunately the previous error code of
+ CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
+ have been correct in commit 4b491c675f :(
-Steve Holme (5 Feb 2013)
-- RELEASE-NOTES: Updated following recent changes to the email protocols
-
- Added recent additions and fixes following the changes to imap, pop3
- and smtp. Additionally added another contributor that helped to test
- the imap sasl changes.
+- docs: Escaped single backslash
-- email: Provided extra comments following recent pop3/imap fixes
+- TODO: Updated following GSSAPI (Kerberos V5) additions
- Provided additional clarification about the logic of the authenticate()
- functions following commit 6b6bdc83bd36 and b4270a9af1d0.
-
-Daniel Stenberg (5 Feb 2013)
-- [Andrei Kurushin brought this change]
+ Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
+ authentication mechanisms" following recent additions.
+
+ Added SASL 14.2 GSSAPI via GSS-API libraries.
- winbuild: include version info for .dll .exe
+- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
- Bug: http://curl.haxx.se/bug/view.cgi?id=1186
+ This repeats what has already been documented in both the curl manpage
+ and CURLOPT_USERPWD documentation but is provided here for completeness
+ as someone may not especially read the latter when using libcurl.
-- FAQ: clarify 5.13 How do I stop an ongoing transfer
+- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
- Rich Gray provided good feedback and we now clarify that you can in fact
- stop a multi transfer at any point you like by removing the easy handle.
+ Added information about Kerberos V5 requiring the domain part in the
+ user name.
+
+ Mentioned that the user name can be specified in UPN format, and not
+ just in Down-Level Logon Name format, following the information
+ added in commit 7679cb3fa8 reworking the exisitng information in the
+ process.
-- [Matt Arsenault brought this change]
+- docs: Added Kerberos V5 and NTLM domain information to --user
- cmake: Fix mingw build
+- docs: Added Kerberos V5 to the --user SSPI current credentials usage
-- [Sergei Nikulov brought this change]
+- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer
- cmake: updated OpenSSL build
+- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-Steve Holme (4 Feb 2013)
-- pop3.c: Updated variable names to use shorter / more readable variant
-
- Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
- the pop3c struct variable used the longer conndata struct rather than
- matching what other code in pop3_authenticate() used.
+- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-Guenter Knauf (4 Feb 2013)
-- updated copyright years.
+- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-- configure: update the copyright years for the output.
+- email: Added mutual authentication flag
-Steve Holme (3 Feb 2013)
-- imap: Fixed no known authentication mechanism when fallback is required
-
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
+Daniel Stenberg (15 Aug 2014)
+- RELEASE-NOTES: synced with 0187c9e11d079
+
+- http: fix the Content-Range: parser
- Note: In order to fallback to Clear Text authentication properly this
- fix adds support for the LOGINDISABLED server capability.
- imap: Fixed no known authentication mechanism when fallback is required
+ ... to handle "*/[total]". Also, removed the strange hack that made
+ CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
+ CURLE_OK.
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
+ Reported-by: Dimitrios Siganos
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
+
+Steve Holme (14 Aug 2014)
+- email: Introduced the GSSAPI states
+
+- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
- Note: In order to fallback to Clear Text authentication properly this
- fix adds support for the LOGINDISABLED server capability.
+ warning: unused variable 'resp'
- Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
- Reported by: Stanislav Ivochkin
+ warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
-- pop3: Fixed no known authentication mechanism when fallback is required
+- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
- authentication.
+ * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
- Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
- Reported by: Stanislav Ivochkin
+ warning: declaration of 'result' shadows a previous local
-Daniel Stenberg (1 Feb 2013)
-- singleipconnect: simplify and clean up
-
- Remove timeout argument that's never used.
+- curl_sasl.h: Fixed compilation error from commit 4b491c675f
- Make the actual connection get detected on a single spot to reduce code
- duplication.
+ warning: 'struct kerberos5data' declared inside parameter list
- Store the IPv6 state already when the connection is attempted.
+ Due to missing forward declaration.
-- Curl_perfom: removed
+- urldata.h: Fixed compilation warnings from commit 3ec253532e
- Curl_perfom is no longer used anywhere since the always-multi commit
- c43127414d89ccb9, and some related functions were used only from within
- Curl_perfom.
+ warning: extra tokens at end of #endif directive
-Guenter Knauf (30 Jan 2013)
-- Updated date.
+- sasl_sspi: Added GSSAPI message functions
-Yang Tse (30 Jan 2013)
-- zz40-xc-ovr.m4: fix 'wc' detection - follow-up 2
+- urldata: Introduced a GSSAPI (Kerberos V5) data structure
- - Fix a pair of single quotes to double quotes.
-
- URL: http://curl.haxx.se/mail/lib-2013-01/0355.html
- Reported by: Tor Arntsen
+ Added a kerberos5data structure which is similar in nature to the
+ ntlmdata and negotiatedata structures.
-- zz40-xc-ovr.m4: fix 'wc' detection - follow-up
-
- - Take into account that 'wc' may return leading spaces and/or tabs.
+- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module
- - Set initial IFS to space, tab and newline.
+ In preparation for the upcoming SSPI implementation of GSSAPI
+ authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
+ socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
+ SSPI based code.
-- zz40-xc-ovr.m4: fix 'wc' detection
+Daniel Stenberg (13 Aug 2014)
+- mk-ca-bundle.pl: add missing $
+
+- mk-ca-bundle.pl: switched to using hg.mozilla.org
- - Take into account that 'wc' may return leading spaces.
+ ... as mxr.mozilla.org is due to be retired.
- - Set internationalization behavior variables.
+ The new host doesn't support If-Modified-Since nor ETags, meaning that
+ the script will now defer to download and do a post-transfer checksum
+ check to see if a new output is to be generated. The new output format
+ will hold the SHA1 checksum of the source file for that purpose.
- Tor Arntsen analyzed and reported the issue.
+ We call this version 1.22
- URL: http://curl.haxx.se/mail/lib-2013-01/0351.html
+ Reported-by: Ed Morley
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1409
-- zz40-xc-ovr.m4: check another three basic utilities
+- [Jose Alf brought this change]
-Guenter Knauf (29 Jan 2013)
-- Fixed debug.c to work again unchanged.
+ openssl: fix version report for the 0.9.8 branch
- Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+ Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
+ starting from openssl-0.9.8za.
-Daniel Stenberg (29 Jan 2013)
-- [Nick Zitzmann brought this change]
+- [Frank Meier brought this change]
- darwinssl: Fix bug where packets were sometimes transmitted twice
+ create_conn: prune dead connections
+
+ Bringing back the old functionality that was mistakenly removed when the
+ connection cache was remade. When creating a new connection, all the
+ existing ones are checked and those that are known to be dead get
+ disconnected for real and removed from the connection cache. It helps
+ the cache from holding on to very many stale connections and aids in
+ keeping down the number of system sockets in wait states.
- There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
- succeed in transmitting at least something, then we'd incorrectly
- resend the packet. Now we never take errSSLWouldBlock as a sign that
- nothing was transferred to/from the server.
+ Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
- Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
- Reported by: Bruno de Carvalho
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html
-- [Nick Zitzmann brought this change]
+Kamil Dudka (11 Aug 2014)
+- docs/SSLCERTS: update the section about NSS database
+
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
+ Reported-by: David Shaw
- FAQ: "Darwinssl" is AKA "Secure Transport" and supports NTLM
+Daniel Stenberg (11 Aug 2014)
+- [Peter Wang brought this change]
-- RELEASE-NOTES: only list Nick once
+ Curl_poll + Curl_wait_ms: fix timeout return value
- Even though he's a fine dude, once is enough for this time!
-
-Yang Tse (28 Jan 2013)
-- zz40-xc-ovr.m4: 1.0 interface stabilization
+ Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
+ in commits b61e8b8 and c771968:
- - Stabilization results in 4 public interface m4 macros:
- XC_CONFIGURE_PREAMBLE
- XC_CONFIGURE_PREAMBLE_VER_MAJOR
- XC_CONFIGURE_PREAMBLE_VER_MINOR
- XC_CHECK_PATH_SEPARATOR
- - Avoid one level of internal indirection
- - Update comments
- - Drop XC_OVR_ZZ40 macro
+ When poll or select are interrupted and coincides with the timeout
+ elapsing, the functions return -1 indicating an error instead of 0 for
+ the timeout.
-Kamil Dudka (28 Jan 2013)
-- docs: fix typos in man pages
-
- Reported by: Jiri Jaburek
- Bug: https://bugzilla.redhat.com/896544
+Steve Holme (10 Aug 2014)
+- config-tpf.h: Fixed up line lengths > 79 characters
+
+- config-symbian.h: Fixed up line lengths > 79 characters
-- docs: update the comments about loading CA certs with NSS
+- tool_hugehelp.c.cvs: Added copyright
- Bug: https://bugzilla.redhat.com/696783
+ Added copyright due to warning from checksrc.pl.
-Guenter Knauf (28 Jan 2013)
-- Updated dependency libs.
+- RELEASE-NOTES: Synced with cd6ecf6a89
-- Fixed simple.c to work again unchanged.
+- sasl_sspi: Fixed hard coded buffer for response generation
- Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+ Given the SSPI package info query indicates a token size of 4096 bytes,
+ updated to use a dynamic buffer for the response message generation
+ rather than a fixed buffer of 1024 bytes.
-Steve Holme (27 Jan 2013)
-- smtp.c: Fixed unnecessary state change if starttls fails
-
- The state machine should only be changed to SMTP_STARTTLS when the
- STARTTLS command has been successfully sent to the server.
+- sasl_sspi: Fixed missing free of challenge buffer on SPN failure
-- pop3.c: Fixed unnecessary state change if starttls fails
+- http_negotiate_sspi: Tidy up to remove the get_gss_name() function
- The state machine should only be changed to POP3_STARTTLS when the
- STLS command has been successfully sent to the server.
+ Due to the reduction of code in commit 3b924b29 of get_gss_name() the
+ function isn't necessary anymore.
-- imap.c: Fixed unnecessary state change if starttls fails
+- http_negotiate_sspi: Use a dynamic buffer for SPN generation
- The state machine should only be changed to IMAP_STARTTLS when the
- STARTTLS command has been successfully sent to the server.
+ Updated to use a dynamic buffer for the SPN generation via the recently
+ introduced Curl_sasl_build_spn() function rather than a fixed buffer of
+ 1024 characters, which should have been more than enough, but by using
+ the new function removes the need for another variable sname to do the
+ wide character conversion in Unicode builds.
-- email: Updated comment regarding ssldone usage
-
- Updated the ssldone comment as multi mode is always used internally now.
+- sasl: Tidy up to rename SPN variable from URI
-Yang Tse (26 Jan 2013)
-- zz40-xc-ovr.m4: emit witness message in configure BODY
+- sasl: Use a dynamic buffer for SPN generation
- This avoids witness message in output when running configure --help,
- while sending the message to config.log for other configure runs.
+ Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
+ for the SPN generation via the recently introduced Curl_sasl_build_spn()
+ function rather than a fixed buffer of 128 characters.
-Steve Holme (25 Jan 2013)
-- smtp.c: Added comments to smtp_endofresp()
+- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
- Minor code tidy up to add comments similar to those used in the pop3
- and imap end of resp functions, in order to assist anyone reading the
- code and highlight the similarities between each of these protocols.
-
-Yang Tse (25 Jan 2013)
-- zz40-xc-ovr.m4: truly do version conditional overriding
+ Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
+ to a TCHAR when calling InitializeSecurityContext(). This meant that,
+ under Unicode builds, it would not be valid wide character string.
- - version conditional overriding
- - catch unexpanded XC macros
- - fix double words in comments
+ Updated to use the recently introduced Curl_sasl_build_spn() function
+ which performs the correct conversion for us.
-- zz40-xc-ovr.m4: fix variable assignment of subshell output bashism
+- sasl: Introduced Curl_sasl_build_spn() for building a SPN
- Tor Arntsen analyzed and reported the issue.
+ Various parts of the libcurl source code build a SPN for inclusion in
+ authentication data. This information is either used by our own native
+ generation routines or passed to authentication functions in third-party
+ libraries such as SSPI. However, some of these instances use fixed
+ buffers rather than dynamically allocated ones and not all of those that
+ should, convert to wide character strings in Unicode builds.
- URL: http://curl.haxx.se/mail/lib-2013-01/0306.html
+ Implemented a common function that generates a SPN and performs the
+ wide character conversion where necessary.
-- zz40-xc-ovr.m4: reinstate strict AC_REQUIRE macro dependencies
+- sasl_sspi: Fixed memory leak with not releasing Package Info struct
+
+ Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
+ structure after QuerySecurityPackageInfo() had allocated it.
-- zz40-xc-ovr.m4: avoid double single-quote usage
+- [Michael Osipov brought this change]
-- zz40-xc-ovr.m4: parentheses balancing of 'case' statements
+ docs: Update SPNEGO and GSS-API related doc sections
- m4 quadrigraph shell comment technique allows proper autoconf
- parentheses balancing in shell 'case' statements. The presence
- of unbalanced parentheses may otherwise trigger expansion bugs.
+ Reflect recent changes in SPNEGO and GSS-API code in the docs.
+ Update them with appropriate namings and remove visible spots for
+ GSS-Negotiate.
-Steve Holme (24 Jan 2013)
-- smtp.c: Corrected RFC references
+- sspi: Minor code tidy up to standardise coding style
- The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
- previously documented.
+ Following the recent changes and in attempt to align the SSPI based
+ authentication code performed the following:
- Added RFC1870 and re-ordered list numerically.
+ * Use NULL and SECBUFFVERSION rather than hard coded constants.
+ * Avoid comparison of zero in if statements.
+ * Standardised the buf and desc setup code.
-- smtp.c: Fixed failure detection during TLS upgrade
+- schannel: Fixed compilation warning in vtls.c
- smtp_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to smtps and start the EHLO command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+ vtls.c:688:43: warning: unused parameter 'data'
-- pop3.c: Fixed failure detection during TLS upgrade
+- tool_getparam.c: Fixed compilation warning
- pop3_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to pop3s and start the CAPA command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+ warning: `orig_opt' might be used uninitialized in this function
-- imap.c: Fixed failure detection during TLS upgrade
-
- imap_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to imaps and start the CAPABILITY command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+- RELEASE-NOTES: Synced with 159c3aafd8
+
+Daniel Stenberg (8 Aug 2014)
+- curl_ntlm_msgs: make < 80 columns wide
-Yang Tse (24 Jan 2013)
-- zz40-xc-ovr.m4: internals overhauling
+Steve Holme (8 Aug 2014)
+- ntlm: Fixed hard coded buffer for SSPI based auth packet generation
- - Update comments
- - Execute commands in subshells
- - Faster path separator check
- - Fix missing 'test' command
- - Rename private macros
- - Minimize AC_REQUIRE usage
+ Given the SSPI package info query indicates a token size of 2888 bytes,
+ and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
+ for the Type-1 and Type-3 message generation rather than a fixed buffer
+ of 1024 bytes.
-Steve Holme (23 Jan 2013)
-- email: Removed unnecessary return statements
+- ntlm: Added support for SSPI package info query
- Small tidy up to remove unnecessary return statements prior to the next
- fix.
+ Just as with the SSPI implementations of Digest and Negotiate added a
+ package info query so that libcurl can a) return a more appropriate
+ error code when the NTLM package is not supported and b) it can be of
+ use later to allocate a dynamic buffer for the Type-1 and Type-3
+ output tokens rather than use a fixed buffer of 1024 bytes.
-Yang Tse (23 Jan 2013)
-- zz40-xc-ovr.m4: redirect errors and warnings to stderr
+Daniel Stenberg (7 Aug 2014)
+- http2: added some more logging for debugging stream problems
-- zz40-xc-ovr.m4: AC_REQUIRE also XC_CONFIGURE_PREAMBLE success message
+- [Tatsuhiro Tsujikawa brought this change]
-- zz60-xc-ovr.m4: tighten XC_OVR_ZZ60 macro placement requirements
+ HTTP/2: Reset promised stream, not its associated stream.
-- configure: use XC_CONFIGURE_PREAMBLE early checks
-
- Some basic checks we make were placed early enough in generated
- configure script when using autoconf 2.5X versions. Newer autoconf
- versions expand these checks much further into the configure script,
- rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement
- of early intended checks across all our autoconf supported versions.
+- [Tatsuhiro Tsujikawa brought this change]
-- zz40-xc-ovr.m4: provide XC_CONFIGURE_PREAMBLE macro
+ HTTP/2: Move :authority before non-pseudo header fields
-Daniel Stenberg (23 Jan 2013)
-- FAQ: update the SSL lib list and wording in question 2.2
+- http2: show the received header for better debugging
-Steve Holme (22 Jan 2013)
-- curl_sasl.c: Corrected references to RFC
+- openssl: replace call to OPENSSL_config
- The most recent version of the RFC is RFC4422 and not RFC2222 as
- previously documented.
-
-- email: Corrected references to SASL RFC
+ OPENSSL_config() is "strongly recommended" to use but unfortunately that
+ function makes an exit() call on wrongly formatted config files which
+ makes it hard to use in some situations. OPENSSL_config() itself calls
+ CONF_modules_load_file() and we use that instead and we ignore its
+ return code!
- The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
- previously documented.
+ Reported-by: Jan Ehrhardt
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1401
-Daniel Stenberg (22 Jan 2013)
-- [Ulion brought this change]
+Dan Fandrich (7 Aug 2014)
+- [Fabian Keil brought this change]
- formpost: support quotes, commas and semicolon in file names
-
- - document the double-quote and backslash need be escaped if quoting.
- - libcurl formdata escape double-quote in filename by backslash.
- - curl formparse can parse filename both contains '"' and ',' or ';'.
- - curl now can uploading file with ',' or ';' in filename.
+ runtests.pl: Pad test case numbers with up to three zeroes
- Bug: http://curl.haxx.se/bug/view.cgi?id=1171
+ Test case numbers with four digits have been available for a
+ while now.
-- memanalyze.pl: handle fopen() of file names with quotes
+Steve Holme (7 Aug 2014)
+- docs: Added Negotiate to the SSPI current credentials usage description
-Yang Tse (21 Jan 2013)
-- xc-cc-check.m4: re-evaluate exporting and AC_SUBST'ing vars
-
- Notes:
-
- When running a configure script that has nested packages (for example
- libcurl's configure with --enable-ares and c-ares sources embedded in
- curl tree) and AC_CONFIG_SUBDIRS([nested-subdir]) machinery is used to
- automatically run the nested configure script from within the parent
- configure script, it happens that the nested _shell_ script will
- inherit shell variables exported from the parent _shell_ script.
-
- If for example parent configure script sets and exports LDFLAGS and LIBS
- variables with proper values in order to link either a parent library or
- program with a library which will be configured and built by a nested
- package; It will happen that when the nested configure script runs, the
- nested library does not exist yet and _any_ link-test done in the nested
- configure will fail, such as those that autoconf macros perform in order
- to detect existing compiler and its characteristics, the result is that
- the nested configure script will fail with errors such as:
+- TODO: HTTP Digest via Windows SSPI
+
+- TODO: FTP GSSAPI via Windows SSPI
+
+- http_negotiate_sspi: Fixed specific username and password not working
- configure: error: C compiler cannot create executables
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
+ Reported-by: Leonardo Rosati
+
+- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
- For now, we no longer export variables previously exported here.
+ If the server rejects our authentication attempt and curl hasn't
+ called CompleteAuthToken() then the status variable will be
+ SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
- On the other hand, AC_SUBST'ing them is appropriate and even with nested
- packages each package's config.status gets its own package values.
+ As such the existing detection mechanism for determining whether or not
+ the authentication process has finished is not sufficient.
- So we reinstate AC_SUBST'ing previously AC_SUBST'ed variables.
+ However, the WWW-Authenticate: Negotiate header line will not contain
+ any data when the server has exhausted the negotiation, so we can use
+ that coupled with the already allocated context pointer.
-Daniel Stenberg (21 Jan 2013)
-- FAQ: 3.22 curl -X gives me HTTP problems
+Daniel Stenberg (5 Aug 2014)
+- RELEASE-NOTES: synced with 5b37db44a3eb
-Yang Tse (21 Jan 2013)
-- xc-cc-check.m4: avoid recursive package automake'ing breakage
+Dan Fandrich (5 Aug 2014)
+- parsedate.c: fix the return code for an overflow edge condition
-- xc-cc-check.m4: mark earlier variables that are to be exported
+Daniel Stenberg (5 Aug 2014)
+- [Toby Peterson brought this change]
-- configure: autotools compatibility fixes - step I
+ darwinssl: don't use strtok()
- Fix proper macro expansion order across autotools versions for
- C compiler and preprocessor program checks.
+ The GetDarwinVersionNumber() function uses strtok, which is not
+ thread-safe.
-Steve Holme (20 Jan 2013)
-- pop3.c: Fixed conditional compilation of the apop response function
+- Curl_ossl_version: adapted to detect BoringSSL
- Extended the fix from commit 8b15c84ea91e to additionally exclude
- pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
- defined.
+ This seems to be the way it should work. Right now we can't build with
+ BoringSSL and try this out properly due to a minor API breakage.
-Yang Tse (20 Jan 2013)
-- Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables
-
-Daniel Stenberg (19 Jan 2013)
-- formadd: reject trying to read a directory where a file is expected
+- Curl_ossl_version: detect and show libressl
- Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
- Reported by: Ulrich Doehner
+ LibreSSL is otherwise OpenSSL API compliant (so far)
-- curl_easy_send.3: document return codes
-
- Reported by: Craig Davison
- Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+- [Tatsuhiro Tsujikawa brought this change]
-- curl_easy_recv.3: document return codes
+ HTTP/2: Fix infinite loop in readwrite_data()
- Reported by: Craig Davison
- Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+ To prevent infinite loop in readwrite_data() function when stream is
+ reset before any response body comes, reset closed flag to false once
+ it is evaluated to true.
-Steve Holme (19 Jan 2013)
-- email: General code tidy up
-
- Corrected some function argument definitions to maximize the 80
- character line length limit and be in keeping with the curl
- coding style.
+Dan Fandrich (3 Aug 2014)
+- gtls: only define Curl_gtls_seed if Nettle is not being used
-- pop3.c: Fixed a problem with pop3s connections not connecting properly
-
- Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
- correctly and the ssldone flag wouldn't be set to true for pop3s based
- connections.
-
- Bug introduced in commit: 4ffb8a6398ed.
+- ssl: provide Curl_ssl_backend even if no SSL library is available
-Daniel Stenberg (18 Jan 2013)
-- RELEASE-NOTES: add references to several bugfixes+changes
+Daniel Stenberg (2 Aug 2014)
+- [Tatsuhiro Tsujikawa brought this change]
-Steve Holme (18 Jan 2013)
-- RELEASE-NOTES: Added missing imap fix
+ HTTP2: Support expect: 100-continue
- Added missing imap fix as per commit 709b3506cd9b.
+ "Expect: 100-continue", which was once deprecated in HTTP/2, is now
+ resurrected in HTTP/2 draft 14. This change adds its support to
+ HTTP/2 code. This change also includes stricter header field
+ checking.
-Yang Tse (18 Jan 2013)
-- runtests.pl: make VPATH builds find valgrind.supp
+- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
-Daniel Stenberg (18 Jan 2013)
-- RELEASE-NOTES: synced with c43127414d89
+- FEATURES: minor update
-- always-multi: always use non-blocking internals
-
- Remove internal separated behavior of the easy vs multi intercace.
- curl_easy_perform() is now using the multi interface itself.
+- openssl: make ossl_send return CURLE_OK better
- Several minor multi interface quirks and bugs have been fixed in the
- process.
+ Previously it only returned a CURLcode for errors, which is when it
+ returns a different size than what was passed in to it.
- Much help with debugging this has been provided by: Yang Tse
+ The http2 code only checked the curlcode and thus failed.
+
+- RELEASE-NOTES: synced with 7bb4c8cadb5d0
+
+- [Michael Wallner brought this change]
+
+ CURLOPT_HEADEROPT.3: typo: do -> to
-Yang Tse (17 Jan 2013)
-- url.c: fix HTTP CONNECT tunnel establishment upon delayed response
+- [Marcel Raad brought this change]
+
+ schannel: use CryptGenRandom for random numbers
- Fixes initial proxy response being processed by the tunneled protocol
- handler instead of the HTTP wrapper handler. This issue would trigger
- upon delayed CONNECT response from the proxy.
+ This function is available for every Windows version since Windows 95/NT.
- Additionally fixes a multi interface code-path in which connections
- would not time out properly.
+ reference:
+ http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
+
+- curl_version_info.3: 'ssl_version_num' is always 0
- This does not fix known bug #39.
+ ... and has been so since 2005
+
+- ssl: generalize how the ssl backend identifier is set
- URL: http://curl.haxx.se/mail/lib-2013-01/0191.html
+ Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
+ one which was missing previously.
-Daniel Stenberg (16 Jan 2013)
-- [Yves Arrouye brought this change]
+Dan Fandrich (31 Jul 2014)
+- axtls: define curlssl_random using axTLS's PRNG
- --libcurl: fix for non-zero default options
-
- If the default value for an option taking a long as its value is non
- zero, and it is set by zero by a command line option, then that command
- line option is not reflected in --libcurl's output. This is because line
- 520-521 of tool_setopt.c look like:
+- cyassl: fix the test for ASN_NO_SIGNER_E
- if(!lval)
- skip = TRUE;
-
- An example of a command-line option doing so is the -k option that sets
- CURLOPT_SLL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0L, when the
- defaults are non-zero.
+ It's an enum so a macro test won't work. The CyaSSL changelog doesn't
+ say exactly when this error code was introduced, but it's likely
+ to be 2.7.0.
-- FTP: reject illegal port numbers in EPSV 229 responses
+- cyassl: use RNG_GenerateBlock to generate a good random number
-Yang Tse (15 Jan 2013)
-- commit bc682cbd follow-up
+- opts: fixed some typos
-- build: use per-target '_CPPFLAGS' for those currently using default
-
- Automake documents that doing this will make it choose a different name
- for intermediate object files even when sharing source files across
- targets of same Makefile.am.
+- smtp: fixed a segfault during test 1320 torture test
- Up to automake 1.13.1 target's intermediate object files were placed
- in the build subdirectory of the target. We depended on this, probably
- undocumented behavior, to achieve same behavior as if a per-target flag
- had been specified when building targets that actually belong to
- different Makefile.am files.
-
- It seems automake 1.13.2 is going to break behavior mentioned above.
+ Under these circumstances, the connection hasn't been fully established
+ and smtp_connect hasn't been called, yet smtp_done still calls the state
+ machine which dereferences the NULL conn pointer in struct pingpong.
+
+Daniel Stenberg (30 Jul 2014)
+- vtls: repair build without TLS support
- So, lets use a documented behavior in order to achieve same purpose,
- across automake versions, no matter where automake wishes to place
- intermediate object files.
+ ... by defining Curl_ssl_random() properly
+
+- polarssl: provide a (weak) random function
- Our build targets that already were using a per-target '_CFLAGS' or
- '_CPPFLAGS' need no 'fixing', these were already 'fixed'. The only
- Makefile.am or Makefile.in files in libcurl's source tree touched by
- this 'fix' are tests/libtest/Makefile.inc and tests/unit/Makefile.inc.
+ This now provides a weak random function since PolarSSL doesn't have a
+ quick and easy way to provide a good one. It does however provide the
+ framework to make one so it _can_ and _should_ be done...
-- tests/libtest/Makefile.inc: sort build targets
+- [Michael Wallner brought this change]
-- tests/Makefile.am: remove wildcard usage in EXTRA_DIST
+ curl_tlsinfo -> curl_tlssessioninfo
-Kamil Dudka (15 Jan 2013)
-- nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+- cyassl: use the default (weeker) random
- Do not use the error messages from NSS for errors not occurring in NSS.
+ I couldn't find any dedicated function in its API to get a "good" random
+ with.
-Steve Holme (14 Jan 2013)
-- TODO: Updated following IMAP SASL additions
+- cyassl: made it compile with version 2.0.6 again
+
+ ASN_NO_SIGNER_E didn't exist back then!
-Yang Tse (14 Jan 2013)
-- configure: fix automake 1.13 compatibility
+- vtls: make the random function mandatory in the TLS backend
- Tested with:
+ To force each backend implementation to really attempt to provide proper
+ random. If a proper random function is missing, then we can explicitly
+ make use of the default one we use when TLS support is missing.
- buildconf: autoconf version 2.69
- buildconf: autom4te version 2.69
- buildconf: autoheader version 2.69
- buildconf: automake version 1.13.1
- buildconf: aclocal version 1.13.1
- buildconf: libtool version 2.4
- buildconf: GNU m4 version 1.4.16
+ This commit makes sure it works for darwinssl, gnutls, nss and openssl.
-Daniel Stenberg (13 Jan 2013)
-- BUGS: update bug tracker URL
+- libcurl.m4: include the standard source header
- ... and refresh number of lines of code
+ ... with permission from David Shaw
-- Curl_resolver_getsock: fix the function description comment
+Kamil Dudka (28 Jul 2014)
+- nss: do not check the version of NSS at run time
- It referred to it by the wrong name and said it returned the wrong value.
-
- Reported by: Gisle Vanem
+ The minimal required version of NSS is 3.14.x so it does not make sense
+ to check for NSS 3.12.0+ at run time.
+
+Daniel Stenberg (28 Jul 2014)
+- [Anthon Pang brought this change]
-Kamil Dudka (11 Jan 2013)
-- nss: clear session cache if a client cert from file is used
+ curl.h: bring back CURLE_OBSOLETE16
- This commit fixes a regression introduced in 052a08ff.
+ Removing defines, even obsolete ones that haven't been used for a very
+ long time, still break a lot of applications.
- NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
- and if we connect second time to the same server, the cached cert/key
- pair is used. If we use multiple client certificates for different
- paths on the same server, we need to clear the session cache to force
- NSS to call the hook again. The commit 052a08ff prevented the session
- cache from being cleared if a client certificate from file was used.
+ Bug: https://github.com/bagder/curl/pull/106
+
+Dan Fandrich (26 Jul 2014)
+- [Fabian Keil brought this change]
+
+ tests: Fix a couple of incomplete response lines
+
+- [Fabian Keil brought this change]
+
+ runtests.pl: Remove filteroff() which hasn't been used since 2001
+
+- [Fabian Keil brought this change]
+
+ runtests.pl: Don't expect $TESTDIR/DISABLED to exist
- The condition is now fixed to cover both cases: consssl->client_nickname
- is not NULL if a client certificate from the NSS database is used and
- connssl->obj_clicert is not NULL if a client certificate from file is
- used.
+ If a non-standard $TESTDIR is used the file may not be necessary.
- Review by: Kai Engert
+ Previously a "missing" file resulted in the warning:
+ readline() on closed filehandle D at ./runtests.pl line 4940.
-Yang Tse (11 Jan 2013)
-- sockfilt.c: log file descriptor number on read/write error
+- [Fabian Keil brought this change]
-- [Gisle Vanem brought this change]
+ getpart.pm: Fix a comment typo
- packages/DOS/common.dj: remove COFF debug info generation
-
- gcc on DOS hasn't really supported COFF-debug (-gcoff) on djgpp for a
- long time.
+Daniel Stenberg (25 Jul 2014)
+- c-ares: fix build without IPv6 support
- "Sounds like the COFF debug info generation has bit-rotted in GCC.
- Nothing new here, no other platform uses COFF AFAIK."
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
+ Reported-by: Spork Schivago
+
+- Curl_base64url_encode: unit-tested in 1302
+
+- base64: added Curl_base64url_encode()
- So lets drop it too.
+ This is now used by the http2 code. It has two different symbols at the
+ end of the base64 table to make the output "url safe".
- URL: http://curl.haxx.se/mail/lib-2013-01/0130.html
+ Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
-- curl: ignore SIGPIPE - compilation fix - follow-up
+- [Marcel Raad brought this change]
-- test servers: handle W32/W64 SIGBREAK with exit_signal_handler
+ SSPI Negotiate: Fix 3 memory leaks
+
+ Curl_base64_decode allocates the output string by itself and two other
+ strings were not freed either.
-- test servers: fix errno, ERRNO and SOCKERRNO usage for W32/W64
+- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated
-- sockfilt.c: fix some W64 compiler warnings
+- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore
-Daniel Stenberg (9 Jan 2013)
-- [Nick Zitzmann brought this change]
+- [Sergey Nikulov brought this change]
- docs: the --with-darwinssl option is available on Apple OSes
+ libtest: fixed duplicated line in Makefile
+
+ Bug: https://github.com/bagder/curl/pull/105
-Yang Tse (9 Jan 2013)
-- curl: ignore SIGPIPE - compilation fix
+Patrick Monnerat (23 Jul 2014)
+- GSSAPI: remove useless *_MECHANISM defines.
-- build: fix circular header inclusion with other packages
-
- This commit renames lib/setup.h to lib/curl_setup.h and
- renames lib/setup_once.h to lib/curl_setup_once.h.
-
- Removes the need and usage of a header inclusion guard foreign
- to libcurl. [1]
-
- Removes the need and presence of an alarming notice we carried
- in old setup_once.h [2]
-
- ----------------------------------------
+Daniel Stenberg (23 Jul 2014)
+- findprotocol: show unsupported protocol within quotes
- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
- up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
- this single inclusion guard is enough to ensure that inclusion of
- lib/setup_once.h done from lib/setup.h is only done once.
-
- Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
- protect inclusion of setup_once.h even after commit ec691ca3, this
- was to avoid a circular header inclusion triggered when building a
- c-ares enabled version with c-ares sources available which also has
- a setup_once.h header. Commit ec691ca3 exposes the real nature of
- __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
- foreign to libcurl belonging to c-ares's setup_once.h
-
- The renaming this commit does, fixes the circular header inclusion,
- and as such removes the need and usage of a header inclusion guard
- foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
-
- 2 - Due to the circular interdependency of old lib/setup_once.h and the
- c-ares setup_once.h header, old file lib/setup_once.h has carried
- back from 2006 up to now days an alarming and prominent notice about
- the need of keeping libcurl's and c-ares's setup_once.h in sync.
+ ... to aid when for example prefixed with a space or other weird
+ character.
+
+Patrick Monnerat (23 Jul 2014)
+- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date.
+
+Daniel Stenberg (23 Jul 2014)
+- [Marcel Raad brought this change]
+
+ conncache: fix compiler warning
- Given that this commit fixes the circular interdependency, the need
- and presence of mentioned notice is removed.
+ warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
+ of data
- All mentioned interdependencies come back from now old days when
- the c-ares project lived inside a curl subdirectory. This commit
- removes last traces of such fact.
-
-Daniel Stenberg (8 Jan 2013)
-- curl: ignore SIGPIPE
+ The member connection_id of struct connectdata is a long (always a
+ 32-bit signed integer on Visual C++) and the member next_connection_id
+ of struct conncache is a size_t, so one of them should be changed to
+ match the other.
- This is a work-around for bug #1180 which is really libcurl's inability
- to ignore SIGPIPE in a few cases. With this work-around at least curl
- won't suffer from it!
+ This patch the size_t in struct conncache to long (the less invasive
+ change as that variable is only ever used in a single code line).
- Bug: http://curl.haxx.se/bug/view.cgi?id=1180
- Reported by: Lluís Batlle i Rossell
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1399
-Yang Tse (8 Jan 2013)
-- sockfilt.c: fix some compiler warnings
+- RELEASE-NOTES: synced with 81cd24adb8b
-Daniel Stenberg (8 Jan 2013)
-- Revert "configure: update req to 2.59"
+- http2: more and better error checking
- This reverts commit 7a6d8b1b1a8fcc184c36d6b6e741e32250b4bacb.
+ 1 - fixes the warnings when built without http2 support
- URL: http://curl.haxx.se/mail/lib-2013-01/0103.html
+ 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
+ basically when they are about http2 specific things.
-Steve Holme (8 Jan 2013)
-- pop3: Added support for non-blocking SSL upgrade
+Dan Fandrich (23 Jul 2014)
+- cyassl.c: return the correct error code on no CA cert
- Added support for asynchronous SSL upgrade when using the
- multi-interface.
+ CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
+ so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
+ is requested.
-Daniel Stenberg (8 Jan 2013)
-- configure: update req to 2.59
-
- I ran the 2.59 version of autoupdate that updates obsoleted configure.ac
- constructs to the 2.59 standard. With a little hands-on fiddling I
- prevented it from ruining the quoting in AS_HELP_STRING() uses.
-
- I subsequently also bumped the required autoconf version to 2.59
- (released in December 2003) as I don't have an older autoconf version
- around to test with and I can't be bothered to install one either...
-
- Inspired by: Björn Stenberg
- Related blog post: http://cazfi.livejournal.com/195108.html
+Daniel Stenberg (23 Jul 2014)
+- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0
-Steve Holme (7 Jan 2013)
-- imap.c: Small tidy up to add missing comment
+- test1013.pl: remove SPNEGO/GSS-API tweaks
+
+ No longer necessary after Michael Osipov's rework
-- imap: Added support for sasl digest-md5 authentication
+- http_negotiate: remove unused variable
-- imap: Added support for sasl cram-md5 authentication
+- [Michael Osipov brought this change]
-Marc Hoersken (7 Jan 2013)
-- tests/server/sockfilt.c: Fixed integer comparison warning
+ docs: Improve inline GSS-API naming in code documentation
-- tests/server/sockfilt.c: Include required Win32 headers
+- [Michael Osipov brought this change]
-Steve Holme (7 Jan 2013)
-- imap: Added support for sasl ntlm authentication
+ curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
+
+ - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
+ - CURL_VERSION_GSSNEGOTIATE is deprecated which
+ is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
+ CURUL_VERSION_SPNEGO now.
+ - Remove display of feature 'GSS-Negotiate'
-- imap: Added support for sasl login authentication
+- [Michael Osipov brought this change]
-- pop3.c: Fixed default authentication detection
-
- Fixed an issue where a server may positively respond to the CAPA command
- but not list clear text as a valid authentication type.
+ configure/features: Add feature and version info for GSS-API and SPNEGO
-- curl_sasl.c: Small code tidy up following imap changes
+- [Michael Osipov brought this change]
-- smtp.c: Small code tidy up following imap changes
+ HTTP: Remove checkprefix("GSS-Negotiate")
+
+ That auth mech has never existed neither on MS nor on Unix side.
+ There is only Negotiate over SPNEGO.
-- pop3.c: Small code tidy up following imap changes
+- [Michael Osipov brought this change]
-- imap: Added support for sasl plain text authentication
+ curl_gssapi: Add macros for common mechs and pass them appropriately
+
+ Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
+ HTTP, FTP and SOCKS on Unix
-Marc Hoersken (6 Jan 2013)
-- tests/server/sockfilt.c: Fixed support for listening sockets
+- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
- This commit fixes support for sockets that are ready to accept
- a new connection and have previously been put into listening mode.
+ This reverts commit cb3e6dfa3511 and instead fixes the problem
+ differently.
- It also includes changes which are the result of investigation
- regarding Windows STDIN. These changes are the preparation for further
- improvements regarding support for reading data from STDIN on Windows.
+ The reverted commit addressed a test failure in test 1021 by simplifying
+ and generalizing the code flow in a way that damaged the
+ performance. Now we modify the flow so that Curl_proxyCONNECT() again
+ does as much as possible in one go, yet still do test 1021 with and
+ without valgrind. It failed due to mistakes in the multi state machine.
- Open issue: WaitForMultipleObjectsEx does not support PIPE handles
- which are returned by GetStdHandle while running without a GUI.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1397
+ Reported-by: Paul Saab
-- tests/server/sockfilt.c: Set Windows Console to binary mode
+- [Marcel Raad brought this change]
-- tests/server/sockfilt.c: Improved log error messages
+ url.c: use the preferred symbol name: *READDATA
+
+ with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
+ symbol (*INFILE) is used
- Include error code and parameters in error messages.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1398
-Steve Holme (6 Jan 2013)
-- imap: Introduced the continue response in imap_endofresp()
+Dan Fandrich (19 Jul 2014)
+- [Alessandro Ghedini brought this change]
-- imap: Added support for SASL based authentication mechanism detection
-
- Added support for detecting the supported SASL authentication mechanisms
- via the CAPABILITY command.
+ CURLOPT_CHUNK_BGN_FUNCTION: fix typo
-Yang Tse (6 Jan 2013)
-- Revert changes relative to lib/*.[ch] recent renaming
-
- This reverts renaming and usage of lib/*.h header files done
- 28-12-2012, reverting 2 commits:
+Kamil Dudka (18 Jul 2014)
+- [Alessandro Ghedini brought this change]
+
+ build: link curl to NSS libraries when NSS support is enabled
- f871de0... build: make use of 76 lib/*.h renamed files
- ffd8e12... build: rename 76 lib/*.h files
+ This fixes a build failure on Debian caused by commit
+ 24c3cdce88f39731506c287cb276e8bf4a1ce393.
- This also reverts removal of redundant include guard (redundant thanks
- to changes in above commits) done 2-12-2013, reverting 1 commit:
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
+
+Steve Holme (17 Jul 2014)
+- build: Removed unnecessary XML Documentation file directive from VC8 to VC12
- c087374... curl_setup.h: remove redundant include guard
+ The curl tool project files for VC8 to VC12 would set this setting to
+ $(IntDir) which is the Visual Studio default value. To avoid confusion
+ when viewing settings from within Visual Studio and for consistency
+ with the libcurl project files removed this setting.
- This also reverts renaming and usage of lib/*.c source files done
- 3-12-2013, reverting 3 commits:
+ Conflicts:
+ projects/Windows/VC10/src/curlsrc.tmpl
+ projects/Windows/VC11/src/curlsrc.tmpl
+ projects/Windows/VC12/src/curlsrc.tmpl
+ projects/Windows/VC8/src/curlsrc.tmpl
+ projects/Windows/VC9/src/curlsrc.tmpl
+
+- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12
- 13606bb... build: make use of 93 lib/*.c renamed files
- 5b6e792... build: rename 93 lib/*.c files
- 7d83dff... build: commit 13606bbfde follow-up 1
+ The curl tool project files for VC7 to VC12 would set this settings to
+ $(IntDir)$(TargetName).pch which is the Visual Studio default value. To
+ avoid confusion when viewing settings from within Visual Studio and for
+ consistency with the libcurl project files removed this setting.
- Start of related discussion thread:
+ Conflicts:
+ projects/Windows/VC10/src/curlsrc.tmpl
+ projects/Windows/VC11/src/curlsrc.tmpl
+ projects/Windows/VC12/src/curlsrc.tmpl
+ projects/Windows/VC8/src/curlsrc.tmpl
+ projects/Windows/VC9/src/curlsrc.tmpl
+
+- build: Removed unnecessary ASM and Object file directives in VC7 to VC12
- http://curl.haxx.se/mail/lib-2013-01/0012.html
+ The curl tool project files for VC7 to VC12 would set these settings to
+ $(IntDir) which is the Visual Studio default value. To avoid confusion
+ when viewing settings from within Visual Studio and for consistency
+ with the libcurl project files removed these two settings.
+
+Daniel Stenberg (17 Jul 2014)
+- [Dave Reisner brought this change]
+
+ src/Makefile.am: add .DELETE_ON_ERROR
- Asking for confirmation on pushing this revertion commit:
+ This prevents targets like tool_hugehelp.c from leaving around
+ half-constructed files if the rule fails with GNU make.
- http://curl.haxx.se/mail/lib-2013-01/0048.html
+ Reported-by: Rafaël Carré <funman@videolan.org>
+
+- THANKS: added new contributors from 7.37.1 announcement
+
+Dan Fandrich (17 Jul 2014)
+- testcurl.pl: log the value of --runtestopts in the test header
+
+Daniel Stenberg (16 Jul 2014)
+- RELEASE-NOTES: cleared, working towards next release
+
+- curl_gssapi.c: make line shorter than 80 columns
+
+- [David Woodhouse brought this change]
+
+ Fix negotiate auth to proxies to track correct state
+
+- [David Woodhouse brought this change]
+
+ Don't abort Negotiate auth when the server has a response for us
- Confirmation summary:
+ It's wrong to assume that we can send a single SPNEGO packet which will
+ complete the authentication. It's a *negotiation* — the clue is in the
+ name. So make sure we handle responses from the server.
- http://curl.haxx.se/mail/lib-2013-01/0079.html
+ Curl_input_negotiate() will already handle bailing out if it thinks the
+ state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
+ talking to us, so we should avoid endless loops that way.
+
+- [David Woodhouse brought this change]
+
+ Don't clear GSSAPI state between each exchange in the negotiation
- NOTICE: The list of 2 files that have been modified by other
- intermixed commits, while renamed, and also by at least one
- of the 6 commits this one reverts follows below. These 2 files
- will exhibit a hole in history unless git's '--follow' option
- is used when viewing logs.
+ GSSAPI doesn't work very well if we forget everything ever time.
- lib/curl_imap.h
- lib/curl_smtp.h
+ XX: Is Curl_http_done() the right place to do the final cleanup?
-Daniel Stenberg (6 Jan 2013)
-- mk-ca-bundle.1: convert syntax to what's used elsewhere
-
- ... mostly to make sure roffit works better on it, but also to make our
- man pages use a more unified style.
+- [David Woodhouse brought this change]
-- mk-ca-bundle.1: mention new -f, fix outputfile output
+ Use SPNEGO for HTTP Negotiate
- also edited a few sentences to become more verbose
-
-- mk-ca-bundle: add -f, support passing to stdout and more
+ This is the correct way to do SPNEGO. Just ask for it
- 1. When the downloaded data file from Mozilla is current, but the output
- bundle does not exist: continue processing to create the bundle. The
- goal is to have the output file - not just download the latest input.
+ Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
+ isn't available. Of course, we bail out when the server responds with the
+ challenge packet, since we don't expect that. But I'll fix that bug next...
+
+- [David Woodhouse brought this change]
+
+ Remove all traces of FBOpenSSL SPNEGO support
- 2. added -f option to force re-processing the file. Useful for
- debugging/testing the process.
+ This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
+ allows client and server to negotiate the underlying mechanism which will
+ actually be used to authenticate. This is *often* Kerberos, and can also
+ be NTLM and other things. And to complicate matters, there are various
+ different OIDs which can be used to specify the Kerberos mechanism too.
- 3. added support for output to '-' (stdout), allowing the output to be
- piped.
+ A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
+ and will exchange GSSAPI tokens which are appropriate for that mechanism.
- 4. All progress and error messages go to STDERR rather than STDOUT (3)
+ But this SPNEGO implementation just strips the incoming SPNEGO packet
+ and extracts the token, if any. And completely discards the information
+ about *which* mechanism is being used. Then we *assume* it was Kerberos,
+ and feed the token into gss_init_sec_context() with the default
+ mechanism (GSS_S_NO_OID for the mech_type argument).
- 5. The script opened and closed the output file many times
- unnecessarily. It now opens it once, does the output and closes it.
+ Furthermore... broken as this code is, it was never even *used* for input
+ tokens anyway, because higher layers of curl would just bail out if the
+ server actually said anything *back* to us in the negotiation. We assume
+ that we send a single token to the server, and it accepts it. If the server
+ wants to continue the exchange (as is required for NTLM and for SPNEGO
+ to do anything useful), then curl was broken anyway.
- 6. Backup of the input files happens after successful processing, not
- before.
+ So the only bit which actually did anything was the bit in
+ Curl_output_negotiate(), which always generates an *initial* SPNEGO
+ token saying "Hey, I support only the Kerberos mechanism and this is its
+ token".
- 7. The output is written to a temporary file, and renamed to the
- requested name after backup - this greatly reduces the window where the
- file can be seen partially written.
+ You could have done that by manually just prefixing the Kerberos token
+ with the appropriate bytes, if you weren't going to do any proper SPNEGO
+ handling. There's no need for the FBOpenSSL library at all.
- 8. all die calls have a \n at the end to suppress perl's traceback - the
- traceback isn't useful to end users.
+ The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
+ SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
+ is for. And then it should all Just Work™.
- Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html
+ That 'sane way' will be added in a subsequent patch, as will bug fixes
+ for our failure to handle any exchange other than a single outbound
+ token to the server which results in immediate success.
-Yang Tse (5 Jan 2013)
-- imap test server: fix typo in name of SELECT_imap() sub definition
-
- IMAP test server breaking typo introduced with commit b708a522a1
+- [David Woodhouse brought this change]
-Steve Holme (4 Jan 2013)
-- imap test server: Added support for the CAPABILITY command
-
- Added support for the CAPABILITY command in preparation of upcoming
- changes.
-
-Daniel Stenberg (3 Jan 2013)
-- writeout: -w now supports remote_ip/port and local_ip/port
-
- Added mention to the curl.1 man page.
-
- Test case 1223 verifies remote_ip/port.
-
-Yang Tse (3 Jan 2013)
-- test 1222: 8 chars object name generation && test 1221: adjustments
-
-Daniel Stenberg (3 Jan 2013)
-- INTERNALS: remove "footnote" never used
-
-Yang Tse (3 Jan 2013)
-- build: commit 13606bbfde follow-up 1
-
-Daniel Stenberg (3 Jan 2013)
-- FAQ: Can I write a server with libcurl?
-
-Yang Tse (3 Jan 2013)
-- build: rename 93 lib/*.c files
-
- 93 lib/*.c source files renamed to use our standard naming scheme.
-
- This commit only does the file renaming.
-
- ----------------------------------------
-
- renamed: lib/amigaos.c -> lib/curl_amigaos.c
- renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c
- renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c
- renamed: lib/axtls.c -> lib/curl_axtls.c
- renamed: lib/base64.c -> lib/curl_base64.c
- renamed: lib/bundles.c -> lib/curl_bundles.c
- renamed: lib/conncache.c -> lib/curl_conncache.c
- renamed: lib/connect.c -> lib/curl_connect.c
- renamed: lib/content_encoding.c -> lib/curl_content_encoding.c
- renamed: lib/cookie.c -> lib/curl_cookie.c
- renamed: lib/cyassl.c -> lib/curl_cyassl.c
- renamed: lib/dict.c -> lib/curl_dict.c
- renamed: lib/easy.c -> lib/curl_easy.c
- renamed: lib/escape.c -> lib/curl_escape.c
- renamed: lib/file.c -> lib/curl_file.c
- renamed: lib/fileinfo.c -> lib/curl_fileinfo.c
- renamed: lib/formdata.c -> lib/curl_formdata.c
- renamed: lib/ftp.c -> lib/curl_ftp.c
- renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c
- renamed: lib/getenv.c -> lib/curl_getenv.c
- renamed: lib/getinfo.c -> lib/curl_getinfo.c
- renamed: lib/gopher.c -> lib/curl_gopher.c
- renamed: lib/gtls.c -> lib/curl_gtls.c
- renamed: lib/hash.c -> lib/curl_hash.c
- renamed: lib/hmac.c -> lib/curl_hmac.c
- renamed: lib/hostasyn.c -> lib/curl_hostasyn.c
- renamed: lib/hostcheck.c -> lib/curl_hostcheck.c
- renamed: lib/hostip.c -> lib/curl_hostip.c
- renamed: lib/hostip4.c -> lib/curl_hostip4.c
- renamed: lib/hostip6.c -> lib/curl_hostip6.c
- renamed: lib/hostsyn.c -> lib/curl_hostsyn.c
- renamed: lib/http.c -> lib/curl_http.c
- renamed: lib/http_chunks.c -> lib/curl_http_chunks.c
- renamed: lib/http_digest.c -> lib/curl_http_digest.c
- renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c
- renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
- renamed: lib/http_proxy.c -> lib/curl_http_proxy.c
- renamed: lib/idn_win32.c -> lib/curl_idn_win32.c
- renamed: lib/if2ip.c -> lib/curl_if2ip.c
- renamed: lib/imap.c -> lib/curl_imap.c
- renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c
- renamed: lib/inet_pton.c -> lib/curl_inet_pton.c
- renamed: lib/krb4.c -> lib/curl_krb4.c
- renamed: lib/krb5.c -> lib/curl_krb5.c
- renamed: lib/ldap.c -> lib/curl_ldap.c
- renamed: lib/llist.c -> lib/curl_llist.c
- renamed: lib/md4.c -> lib/curl_md4.c
- renamed: lib/md5.c -> lib/curl_md5.c
- renamed: lib/memdebug.c -> lib/curl_memdebug.c
- renamed: lib/mprintf.c -> lib/curl_mprintf.c
- renamed: lib/multi.c -> lib/curl_multi.c
- renamed: lib/netrc.c -> lib/curl_netrc.c
- renamed: lib/non-ascii.c -> lib/curl_non_ascii.c
- renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h
- renamed: lib/nonblock.c -> lib/curl_nonblock.c
- renamed: lib/nss.c -> lib/curl_nss.c
- renamed: lib/nwlib.c -> lib/curl_nwlib.c
- renamed: lib/nwos.c -> lib/curl_nwos.c
- renamed: lib/openldap.c -> lib/curl_openldap.c
- renamed: lib/parsedate.c -> lib/curl_parsedate.c
- renamed: lib/pingpong.c -> lib/curl_pingpong.c
- renamed: lib/polarssl.c -> lib/curl_polarssl.c
- renamed: lib/pop3.c -> lib/curl_pop3.c
- renamed: lib/progress.c -> lib/curl_progress.c
- renamed: lib/qssl.c -> lib/curl_qssl.c
- renamed: lib/rawstr.c -> lib/curl_rawstr.c
- renamed: lib/rtsp.c -> lib/curl_rtsp.c
- renamed: lib/security.c -> lib/curl_security.c
- renamed: lib/select.c -> lib/curl_select.c
- renamed: lib/sendf.c -> lib/curl_sendf.c
- renamed: lib/share.c -> lib/curl_share.c
- renamed: lib/slist.c -> lib/curl_slist.c
- renamed: lib/smtp.c -> lib/curl_smtp.c
- renamed: lib/socks.c -> lib/curl_socks.c
- renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
- renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c
- renamed: lib/speedcheck.c -> lib/curl_speedcheck.c
- renamed: lib/splay.c -> lib/curl_splay.c
- renamed: lib/ssh.c -> lib/curl_ssh.c
- renamed: lib/sslgen.c -> lib/curl_sslgen.c
- renamed: lib/ssluse.c -> lib/curl_ssluse.c
- renamed: lib/strdup.c -> lib/curl_strdup.c
- renamed: lib/strequal.c -> lib/curl_strequal.c
- renamed: lib/strerror.c -> lib/curl_strerror.c
- renamed: lib/strtok.c -> lib/curl_strtok.c
- renamed: lib/strtoofft.c -> lib/curl_strtoofft.c
- renamed: lib/telnet.c -> lib/curl_telnet.c
- renamed: lib/tftp.c -> lib/curl_tftp.c
- renamed: lib/timeval.c -> lib/curl_timeval.c
- renamed: lib/transfer.c -> lib/curl_transfer.c
- renamed: lib/url.c -> lib/curl_url.c
- renamed: lib/version.c -> lib/curl_version.c
- renamed: lib/warnless.c -> lib/curl_warnless.c
- renamed: lib/wildcard.c -> lib/curl_wildcard.c
-
- ----------------------------------------
-
-- build: make use of 93 lib/*.c renamed files
-
- 93 *.c source files renamed to use our standard naming scheme.
-
- This change affects 77 files in libcurl's source tree.
-
-Daniel Stenberg (3 Jan 2013)
-- INSTALL: unify the SSL library texts
-
- Make them smaller and more similar for each separate SSL library
- supported by the configure build
-
-Yang Tse (2 Jan 2013)
-- curl_setup.h: remove redundant include guard
-
-- build and tests: curl_10char_object_name() shell function
-
- lib/objnames.inc provides definition of curl_10char_object_name() shell
- function. The intended purpose of this function is to transliterate a
- (*.c) source file name that may be longer than 10 characters, or not,
- into a string with at most 10 characters which may be used as an OS/400
- object name.
-
- Test case 1221 does unit testng of this function and also verifies
- that it is possible to generate distinct short object names for all
- curl and libcurl *.c source file names.
-
- lib/objnames-test.sh is the shell script used for test case 1221.
-
- tests/runtests.pl modified to accept shell script test cases.
-
- More details inside lib/objnames.inc and lib/objnames-test.sh
+ ntlm_wb: Avoid invoking ntlm_auth helper with empty username
-- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
-
- automake 1.13 errors if AM_CONFIG_HEADER is used in configure script.
- automake 1.13 no longer autoupdates AM_CONFIG_HEADER to
- AC_CONFIG_HEADERS, thing which automake has been doing since automake
- version 1.7
-
- Given that our first automake supported version is automake 1.7,
- simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems
- enough to yet support same automake versions.
-
- Dave Reisner reported issue with 1.13 and provided patch.
+- [David Woodhouse brought this change]
+
+ ntlm_wb: Fix hard-coded limit on NTLM auth packet size
- http://curl.haxx.se/mail/lib-2012-12/0246.html
+ Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
+ a hard limit once let's just make it cope by reallocating as necessary.
+
+Version 7.37.1 (16 Jul 2014)
-- curl-override.m4: provide AC_CONFIG_MACRO_DIR definition conditionally
+Daniel Stenberg (16 Jul 2014)
+- RELEASE-NOTES: synced with 4cb2521595
+
+- test506: verify aa6884845168
- Provide a 'traceable' AC_CONFIG_MACRO_DIR definition only when using
- an autoconf version that does not provide it, instead of what we were
- doing up to now of providing and overriding AC_CONFIG_MACRO_DIR for
- all autoconf versions.
+ After the fixed cookie lock deadlock, this test now passes and it
+ detects double-locking and double-unlocking of mutexes.
-Steve Holme (30 Dec 2012)
-- imap.c: Minor follow up tidy up
+- [Yousuke Kimoto brought this change]
-- imap: Code tidy up prior to adding support for the CAPABILITY command
+ cookie: avoid mutex deadlock
- * Changing the order of the state machine to represent the order in
- which commands are sent to the server.
+ ... by removing the extra mutex locks around th call to
+ Curl_flush_cookies() which takes care of the locking itself already.
- * Reworking the imap_endofresp() function as the FETCH response doesn't
- include the command id and shouldn't be part of the length comparison
- that takes into account the id string.
+ Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html
-- pop3_doing: Applied debug info message when function fails
+- gnutls: fix compiler warning
- Applied the same debug message as used in smtp_doing() and imap_doing()
- when pop3_multi_statemach() fails.
+ conversion to 'int' from 'long int' may alter its value
-- imap_doing: don't call imap_dophase_done() if already failed
+Dan Fandrich (15 Jul 2014)
+- test320: strip off the actual negotiated cipher width
- Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done()
- isn't called if imap_multi_statemach() fails.
+ It's irrelevant to the test, and will change depending on which SSL
+ library is being used by libcurl.
-- smtp_doing: don't call smtp_dophase_done() if already failed
+- gnutls: detect lack of SRP support in GnuTLS at run-time and try without
- Applied the POP3 fix from commit 2897ce7dc2e1 so smtp_dophase_done()
- isn't called if smtp_multi_statemach() fails.
+ Reported-by: David Woodhouse
-Yang Tse (29 Dec 2012)
-- examples/certinfo.c: fix compiler warning
+Daniel Stenberg (14 Jul 2014)
+- [Michał Górny brought this change]
-Steve Holme (29 Dec 2012)
-- pop3.c: Removed unnecessary POP3_STOP state changes
+ configure: respect host tool prefix for krb5-config
- Removed unnecessary state changes in pop3_state_starttls_resp()
- following previous fix in IMAP module.
+ Use ${host_alias}-krb5-config if available. This improves cross-
+ compilation support and fixes multilib on Gentoo (at least).
-- smtp.c: Added extra comments around SMTP_STOP state change
-
- Provided extra comments in the SMTP module following previous IMAP fix.
+- [David Woodhouse brought this change]
-- imap.c: Fixed bad state error when logging in with invalid credentials
+ gnutls: handle IP address in cert name check
- Fixed a problem with the state machine when attempting to log in with
- invalid credentials. The server would report login failure but libcurl
- would not read the response due to inappropriate IMAP_STOP states being
- set after the login was sent.
+ Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
+ didn't actually check IP addresses in SubjectAltName, even though it was
+ explicitly documented as doing so. So do it ourselves...
+
+Dan Fandrich (14 Jul 2014)
+- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r
-Yang Tse (29 Dec 2012)
-- imap.c: remove trailing whitespace
+Daniel Stenberg (14 Jul 2014)
+- RELEASE-NOTES: next one is called 7.37.1
-Steve Holme (28 Dec 2012)
-- imap.c: Code tidy up - Part 2
-
-- imap.c: Code tidy up - Part 1
-
- Applied some of the comment and layout changes that had already been
- applied to the pop3 and smtp code over the last 6 to 9 months.
-
- This is in preparation of adding SASL based authentication.
-
-- pop3.c: Minor code tidy up
-
- Minor tidy up of comments and layout prior to next part of imap work.
-
-- smtp: Minor code tidy up
-
- Minor tidy up of comments and layout prior to next part of imap work.
-
-- curl_imap.h: Tidy up of comments to be more readable
-
-- imap.c: Code tidy up renaming imapsendf() to imap_sendf()
+Dan Fandrich (13 Jul 2014)
+- gnutls: improved error message if setting cipher list fails
- Renamed imapsendf() to imap_sendf() to be more in keeping with the
- other imap functions as well as Curl_pp_sendf() that it replaces.
-
-Yang Tse (28 Dec 2012)
-- build: rename 76 lib/*.h files
-
- 76 private header files renamed to use our standard naming scheme.
-
- This commit only does the file renaming.
-
- ----------------------------------------
+ Reported-by: David Woodhouse
+
+- netrc: fixed thread safety problem by using getpwuid_r if available
- renamed: amigaos.h -> curl_amigaos.h
- renamed: arpa_telnet.h -> curl_arpa_telnet.h
- renamed: asyn.h -> curl_asyn.h
- renamed: axtls.h -> curl_axtls.h
- renamed: bundles.h -> curl_bundles.h
- renamed: conncache.h -> curl_conncache.h
- renamed: connect.h -> curl_connect.h
- renamed: content_encoding.h -> curl_content_encoding.h
- renamed: cookie.h -> curl_cookie.h
- renamed: cyassl.h -> curl_cyassl.h
- renamed: dict.h -> curl_dict.h
- renamed: easyif.h -> curl_easyif.h
- renamed: escape.h -> curl_escape.h
- renamed: file.h -> curl_file.h
- renamed: fileinfo.h -> curl_fileinfo.h
- renamed: formdata.h -> curl_formdata.h
- renamed: ftp.h -> curl_ftp.h
- renamed: ftplistparser.h -> curl_ftplistparser.h
- renamed: getinfo.h -> curl_getinfo.h
- renamed: gopher.h -> curl_gopher.h
- renamed: gtls.h -> curl_gtls.h
- renamed: hash.h -> curl_hash.h
- renamed: hostcheck.h -> curl_hostcheck.h
- renamed: hostip.h -> curl_hostip.h
- renamed: http.h -> curl_http.h
- renamed: http_chunks.h -> curl_http_chunks.h
- renamed: http_digest.h -> curl_http_digest.h
- renamed: http_negotiate.h -> curl_http_negotiate.h
- renamed: http_proxy.h -> curl_http_proxy.h
- renamed: if2ip.h -> curl_if2ip.h
- renamed: imap.h -> curl_imap.h
- renamed: inet_ntop.h -> curl_inet_ntop.h
- renamed: inet_pton.h -> curl_inet_pton.h
- renamed: krb4.h -> curl_krb4.h
- renamed: llist.h -> curl_llist.h
- renamed: memdebug.h -> curl_memdebug.h
- renamed: multiif.h -> curl_multiif.h
- renamed: netrc.h -> curl_netrc.h
- renamed: non-ascii.h -> curl_non-ascii.h
- renamed: nonblock.h -> curl_nonblock.h
- renamed: nssg.h -> curl_nssg.h
- renamed: parsedate.h -> curl_parsedate.h
- renamed: pingpong.h -> curl_pingpong.h
- renamed: polarssl.h -> curl_polarssl.h
- renamed: pop3.h -> curl_pop3.h
- renamed: progress.h -> curl_progress.h
- renamed: qssl.h -> curl_qssl.h
- renamed: rawstr.h -> curl_rawstr.h
- renamed: rtsp.h -> curl_rtsp.h
- renamed: select.h -> curl_select.h
- renamed: sendf.h -> curl_sendf.h
- renamed: setup.h -> curl_setup.h
- renamed: setup_once.h -> curl_setup_once.h
- renamed: share.h -> curl_share.h
- renamed: slist.h -> curl_slist.h
- renamed: smtp.h -> curl_smtp.h
- renamed: sockaddr.h -> curl_sockaddr.h
- renamed: socks.h -> curl_socks.h
- renamed: speedcheck.h -> curl_speedcheck.h
- renamed: splay.h -> curl_splay.h
- renamed: ssh.h -> curl_ssh.h
- renamed: sslgen.h -> curl_sslgen.h
- renamed: ssluse.h -> curl_ssluse.h
- renamed: strdup.h -> curl_strdup.h
- renamed: strequal.h -> curl_strequal.h
- renamed: strerror.h -> curl_strerror.h
- renamed: strtok.h -> curl_strtok.h
- renamed: strtoofft.h -> curl_strtoofft.h
- renamed: telnet.h -> curl_telnet.h
- renamed: tftp.h -> curl_tftp.h
- renamed: timeval.h -> curl_timeval.h
- renamed: transfer.h -> curl_transfer.h
- renamed: url.h -> curl_url.h
- renamed: urldata.h -> curl_urldata.h
- renamed: warnless.h -> curl_warnless.h
- renamed: wildcard.h -> curl_wildcard.h
+ The old way using getpwuid could cause problems in programs that enable
+ reading from netrc files simultaneously in multiple threads.
- ----------------------------------------
+ Reported-by: David Woodhouse
+
+- RELEASE-NOTES: add the reporter of the previous bug fix
-- build: make use of 76 lib/*.h renamed files
+- netrc: treat failure to find home dir same as missing netrc file
- 76 private header files renamed to use our standard naming scheme.
+ This previously caused a fatal error (with a confusing error code, at
+ that).
- This change affects 322 files in libcurl's source tree.
+ Reported by: Glen A Johnson Jr.
-- lib/*.h: use our standard naming scheme for header inclusion guards
+Steve Holme (12 Jul 2014)
+- RELEASE-NOTES: Synced with aaaf9e50ec
+
+- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
+
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
+ Reported-by: David Woodhouse
-Steve Holme (28 Dec 2012)
-- imsp.c: Fixed usernames and passwords that contain escape characters
+- build: Fixed overridden compiler PDB settings in VC7 to VC12
- Fixed a problem with sending usernames and passwords that contain
- backslash, quotation mark and space characters.
+ The curl tool project files for VC7 to VC12 would override the default
+ setting with the output filename being the same as the linker PDB file.
+ As such the compiler file would be overwritten with the linker file
+ for all debug builds.
+
+ To avoid this overwrite and for consistency with the libcurl project
+ files, removed the setting to force the default filename to be used.
-Daniel Stenberg (27 Dec 2012)
-- curl.1: extend the -X, --request description
+Dan Fandrich (12 Jul 2014)
+- tests: added globbing keyword to URL globbing tests
-- RELEASE-NOTES: synced with e3ed2b82e6
+- Fixed some "statement not reached" warnings
-- [Nick Zitzmann brought this change]
+- gnutls: fixed a couple of uninitialized variable references
- darwinssl: Fixed inability to disable peer verification
+- gnutls: fixed compilation against versions < 2.12.0
- ... on Snow Leopard and Lion
+ The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
+ the code path in which they're referenced here is only ever used for
+ somewhat older GnuTLS versions. This caused undeclared identifier errors
+ when compiling against those.
+
+- gnutls: explicitly added SRP to the priority string
- Snow Leopard introduced the SSLSetSessionOption() function, but it
- doesn't disable peer verification as expected on Snow Leopard or
- Lion (it works as expected in Mountain Lion). So we now use sysctl()
- to detect whether or not the user is using Snow Leopard or Lion,
- and if that's the case, then we now use the deprecated
- SSLSetEnableCertVerify() function instead to disable peer verification.
+ This seems to have become necessary for SRP support to work starting
+ with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
+ before the function that takes this priority string, there should be no
+ issue with backward compatibility.
-Yang Tse (26 Dec 2012)
-- curl tool: rename hugehelp files to tool_hugehelp
+- tests: adjust for capitalization differences in newer gnutls-serv
+
+- test320/1/2/4: fix the port number substitution variables
+
+ These tests have been broken since commit 1958fe57 in Oct. 2011
-- curl tool: renaming hugehelp files to tool_hugehelp
+- tests: document more test identifiers and variables
-- sockfilt.c: commit b44da5a82a follow-up 2
+- gnutls: ignore invalid certificate dates with VERIFYPEER disabled
+
+ This makes the behaviour consistent with what happens if a date can
+ be extracted from the certificate but is expired.
-- sockfilt.c: commit b44da5a82a follow-up
+Steve Holme (10 Jul 2014)
+- CURLOPT_UPLOAD: Corrected argument type
-- sockfilt.c: fix some compiler warnings
+Daniel Stenberg (9 Jul 2014)
+- FAQ: expand the thread-safe section
+
+ ... with a mention of *NOSIGNAL, based on talk in bug #1386
-- curl_multi_remove_handle: commit 0aabfd9963 follow-up
+Dan Fandrich (9 Jul 2014)
+- url.c: Fixed memory leak on OOM
+
+ This showed itself on some systems with torture failures
+ in tests 1060 and 1061
-Daniel Stenberg (25 Dec 2012)
-- lib556: enable VERBOSE to ease debugging on failures
+- Update instances of some obsolete CURLOPTs to their new names
-Marc Hoersken (25 Dec 2012)
-- socklift.c: Quick fix to re-add missing code
+Daniel Stenberg (5 Jul 2014)
+- [Marcel Raad brought this change]
-- socklift.c: Added select_ws function to support Windows
+ compiler warnings: potentially uninitialized variables
+
+ ... pointed out by MSVC2013
- WinSock select() does not support standard file descriptors,
- it can only check SOCKETs. The following function is an attempt
- to create a select() function with support for other handles.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1391
-Yang Tse (25 Dec 2012)
-- Enable tests 1503, 1504 and 1505
+Kamil Dudka (4 Jul 2014)
+- nss: make the list of CRL items global
+
+ Otherwise NSS could use an already freed item for another connection.
-- curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
+- nss: fix a memory leak when CURLOPT_CRLFILE is used
-- Curl_hash_clean: OOM handling fix
+- nss: make crl_der allocated on heap
+
+ ... and spell it as crl_der instead of crlDER
-- test 1504 and 1505: same as 1502 but with different cleanup sequences
+- nss: let nss_{cache,load}_crl return CURLcode
-Daniel Stenberg (24 Dec 2012)
-- Curl_conncache_foreach: allow callback to break loop
+- tool: oops, forgot to include <plarenas.h>
- ... and have it take a proper 'struct connectdata *' as first argument
+ ... that contains the declaration of PL_ArenaFinish()
-- pop3_doing: don't call pop3_dophase_done() if already failed
+- tool: call PL_ArenaFinish() on exit if NSPR is used
- ... it also clobbered the 'result' return value so that it wouldn't
- return the error back to the parent function properly, which broke test
- 809 when run with 'multi-always'.
+ This prevents valgrind from reporting still reachable memory allocated
+ by NSPR arenas (mainly the freelist).
+
+ Reported-by: Hubert Kario
+
+Daniel Stenberg (3 Jul 2014)
+- [Dimitrios Siganos brought this change]
-Yang Tse (23 Dec 2012)
-- test 1503: same as 1502 but with a different cleanup sequence
+ example: use correct type (long) for CURLOPT_FOLLOWLOCATION
-- test 1502: OOM handling fixes
+- [Dimitrios Siganos brought this change]
-- curl_multi_wait: OOM handling fix
+ Document type of argument for CURLOPT_FOLLOWLOCATION.
-- [Daniel Stenberg brought this change]
+- [Dimitrios Siganos brought this change]
- curl_multi_wait: avoid an unnecessary memory allocation
+ Document type of argument for CURLOPT_ERRORBUFFER.
-- runtests.pl: prepend $srcdir to HTTPTLS server config files path
+- [Dimitrios Siganos brought this change]
-- multi.c: OOM handling fix
+ Document type of argument for CURLOPT_COPYPOSTFIELDS.
-- lib543.c: OOM handling fixes
+- [Dimitrios Siganos brought this change]
-- configure: add internal sanity check (warn only) on vars for makefiles
+ Document type of argument for CURLOPT_ADDRESS_SCOPE.
-Daniel Stenberg (21 Dec 2012)
-- SCP: relative path didn't work
+- curl.1: minor language fix
+
+ Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
+
+- [Ray Satiro brought this change]
+
+ progress callback: skip last callback update on errors
+
+ When an error has been detected, skip the final forced call to the
+ progress callback by making sure to pass the current return code
+ variable in the Curl_done() call in the CURLM_STATE_DONE state.
- When prefixing a path with /~/ it is supposed to be used relative to the
- user's home directory but it didn't work. Now we cut off the entire
- three byte sequenct "/~/" which seems to be how OpenSSH does it.
+ This avoids the "extra" callback that could occur even if you returned
+ error from the progress callback.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1173
- Reported by: Balaji Parasuram
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
+ Reported by: Jonathan Cardoso Machado
-Yang Tse (21 Dec 2012)
-- configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS
+Dan Fandrich (2 Jul 2014)
+- opts: fixed some CURLOPT references so they get turned into links
-- configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS
+Kamil Dudka (2 Jul 2014)
+- tool: call PR_Cleanup() on exit if NSPR is used
+
+ This prevents valgrind from reporting possibly lost memory that NSPR
+ uses for file descriptor cache and other globally allocated internal
+ data structures.
+
+- nss: make the fallback to SSLv3 work again
+
+ This feature was unintentionally disabled by commit ff92fcfb.
-- bundles connection caching: some out of memory handling fixes
+- nss: do not abort on connection failure
+
+ ... due to calling SSL_VersionRangeGet() with NULL file descriptor
+
+ reported-by: upstream tests 305 and 404
-- libntlmconnect.c: fix compiler warnings and OOM handling
+Dan Fandrich (1 Jul 2014)
+- opts: Document the socket callback function parameters
-- configure.ac: clear local test intended variables before use
+Steve Holme (28 Jun 2014)
+- opts: Fixed some typos
-- VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c)
+Dan Fandrich (25 Jun 2014)
+- curl_easy_setopt.3: fixed the error code for an unsupported option
-- curl-functions.m4: improve gethostname arg 2 data type check
+- opts: added some DEFAULT and RETURN VALUE sections
-- setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.
+Daniel Stenberg (21 Jun 2014)
+- libcurl docs: man page edits
- Also reverts commit f254c59dc7
+ mainly to improve how the web versions render
-- configure: check if compiler halts on function prototype mismatch
+Dan Fandrich (21 Jun 2014)
+- curl_easy_setopt.3: fixed some typos
-- warnless.c: fix compiler warnings
+Daniel Stenberg (21 Jun 2014)
+- lib man pages: update easy setopt option references
+
+ ... by using the "\fIopt(3)\fP" syntax they will be linked properly when
+ the web version of the page is generated.
-- curl-functions.m4: add gethostname arg 2 data type check and definition
+- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default
-Daniel Stenberg (14 Dec 2012)
-- [Nick Zitzmann brought this change]
+- [Colin Hogben brought this change]
- darwinssl: Fix implicit conversion compiler warnings
+ lib: documentation updates in README.hostip
- The Clang compiler found a few implicit conversion problems that have
- now been fixed.
+ c-ares now does support IPv6;
+ avoid implying threaded resolver is Windows-only;
+ two referenced source files were renamed in 7de2f92
-Yang Tse (14 Dec 2012)
-- setup_once.h: HP-UX <sys/socket.h> issue workaround
+- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
- Issue: When building a 32bit target with large file support HP-UX
- <sys/socket.h> header file may simultaneously provide two different
- sets of declarations for sendfile and sendpath functions, one with
- static and another with external linkage. Given that we do not use
- mentioned functions we really don't care which linkage is the
- appropriate one, but on the other hand, the double declaration emmits
- warnings when using the HP-UX compiler and errors when using modern
- gcc versions resulting in fatal compilation errors.
+ ... to the always-copy-char *-argument.
- Mentioned issue is now fixed as long as we don't use sendfile nor
- sendpath functions.
+ And fix some minor mistakes.
-- setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
+- curl_easy_setopt.3: refer to the individual man pages
- Inclusion of top two most included header files now done in setup_once.h
+ With all the new individual option man pages created, this now refers to
+ each separate one instead of duplicaing the info. Also makes this page
+ easier to overview.
-- setup_once.h: HP-UX specific TRUE and FALSE definitions
+Dan Fandrich (21 Jun 2014)
+- opts: fixed mancheck for out-of-tree builds
+
+Daniel Stenberg (21 Jun 2014)
+- curl_easy_setopt.3: shorten
- Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.
+ shorten descriptions, mostly refer to the separate descriptions
+
+- CURLOPT_DNS_LOCAL_IP4.3: better short desc
-Daniel Stenberg (12 Dec 2012)
-- gopher: #include cleanup
+Dan Fandrich (20 Jun 2014)
+- opts: document CURLE_OUT_OF_MEMORY among other return values
+
+- opts: fixed some typos
+
+Daniel Stenberg (20 Jun 2014)
+- opts: various corrections
+
+- opts: add the rest of the options
- Remove all system file includes from this file as they're not needed
+ ... and fixed mancheck to ignore obsolete options
+
+- opts: the final bunch of options as man pages
- Reported by: Dan Fandrich
+ Now all current options have their own man pages.
-Yang Tse (11 Dec 2012)
-- examples/simplessl.c: fix compiler warning
+- opts: 37 additional man pages
-- examples/externalsocket.c: fix SunPro compilation issue
+- CURLOPT_URL: move up the text from "Notes"
-- examples/simplessl.c: fix compiler warning
+- ROADMAP: removed, now ROADMAP.md
-- build: add bundles and conncache files to other build systems
+- ROADMAP.md: make it markdown formatted
-- conncache: fix enumerated type mixed with another type
+- ROADMAP: initial commit of "curl the next few years"
+
+ To be further discussed, debated and edited
-- examples/anyauthput.c: fix Tru64 compilation issue
+- opts: more man pages
-Daniel Stenberg (8 Dec 2012)
-- [Colin Watson brought this change]
+- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'
- configure: fix cross pkg-config detection
-
- When cross-compiling, CURL_CHECK_PKGCONFIG was checking for the cross
- pkg-config using ${host}-pkg-config.
-
- The gold standard for doing this correctly is pkg-config's own macro,
- PKG_PROG_PKG_CONFIG. However, on the assumption that you have a good
- reason not to use that directly (reduced dependencies for maintainer
- builds?), the behaviour of cURL's version should at least match.
- PKG_PROG_PKG_CONFIG uses AC_PATH_TOOL, which ultimately ends up trying
- ${host_alias}-pkg-config; this is not quite the same as what cURL does,
- and may differ because ${host} has been run through config.sub. For
- instance, when cross-building to the armhf architecture on Ubuntu,
- ${host_alias} is arm-linux-gnueabihf while ${host} is
- arm-unknown-linux-gnueabihf. This may also have been the cause of the
- problem reported at http://curl.haxx.se/mail/lib-2012-04/0224.html.
-
- AC_PATH_TOOL is significantly simpler than cURL's current code, and
- dates back to well before the current minimum of Autoconf 2.57, so let's
- use it instead.
+- opts: makefile now includes all current man pages
-- [Linus Nielsen Feltzing brought this change]
+- opts: 11 more man pages
- Introducing a new persistent connection caching system using "bundles".
-
- A bundle is a list of all persistent connections to the same host.
- The connection cache consists of a hash of bundles, with the
- hostname as the key.
- The benefits may not be obvious, but they are two:
-
- 1) Faster search for connections to reuse, since the hash
- lookup only finds connections to the host in question.
- 2) It lays out the groundworks for an upcoming patch,
- which will introduce multiple HTTP pipelines.
-
- This patch also removes the awkward list of "closure handles",
- which were needed to send QUIT commands to the FTP server
- when closing a connection.
- Now we allocate a separate closure handle and use that
- one to close all connections.
-
- This has been tested in a live system for a few weeks, and of
- course passes the test suite.
+Dan Fandrich (18 Jun 2014)
+- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE
-- [Fabian Keil brought this change]
+- opts: fixed a couple of typos
- runtests and friends: Do not add undefined values to @INC
-
- On FreeBSD this fixes the warning:
- Use of uninitialized value $p in string eq at /usr/local/lib/perl5/5.14.2/BSDPAN/BSDPAN.pm line 36.
+Patrick Monnerat (18 Jun 2014)
+- OS400: make it compilable again. Make RPG binding up to date.
-Steve Holme (5 Dec 2012)
-- Merge pull request #52 from isn-/master
+- buildconf: do not search tools in current directory.
+
+Dan Fandrich (18 Jun 2014)
+- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
- small compilation fix
+ This is consistent with the existing obsolete error code naming
+ convention.
+
+Daniel Stenberg (18 Jun 2014)
+- opts: 16 more man pages