From 3e62527ed71a7a362d7ec321e7f026edab35f8e2 Mon Sep 17 00:00:00 2001 From: Seonah Moon Date: Fri, 23 Sep 2016 13:49:53 +0900 Subject: [PATCH] Imported Upstream version 7.50.2 Change-Id: I91c6040940a21b2bebab9d6cab11d50767b7bac4 --- CHANGES | 7847 ++++++------- CMakeLists.txt | 193 +- Makefile.am | 40 +- Makefile.in | 72 +- RELEASE-NOTES | 231 +- acinclude.m4 | 189 +- config.guess | 111 +- config.sub | 20 +- configure | 951 +- configure.ac | 78 +- docs/CHECKSRC.md | 124 + docs/CODE_STYLE.md | 1 + docs/CONTRIBUTE | 261 - docs/CONTRIBUTE.md | 247 + docs/FAQ | 58 +- docs/FEATURES | 4 +- docs/{HISTORY => HISTORY.md} | 4 +- docs/HTTP-COOKIES | 123 - docs/HTTP-COOKIES.md | 104 + docs/HTTP2.md | 30 +- docs/INSTALL | 2 +- docs/{INTERNALS => INTERNALS.md} | 105 +- docs/KNOWN_BUGS | 845 +- docs/LICENSE-MIXING | 130 - docs/LICENSE-MIXING.md | 124 + docs/MANUAL | 8 +- docs/Makefile.am | 16 +- docs/Makefile.in | 16 +- docs/RELEASE-PROCEDURE | 19 +- docs/ROADMAP.md | 41 +- docs/{SECURITY => SECURITY.md} | 13 +- docs/{SSL-PROBLEMS => SSL-PROBLEMS.md} | 14 +- docs/{SSLCERTS => SSLCERTS.md} | 0 docs/THANKS | 83 +- docs/TODO | 363 +- docs/curl-config.pdf | Bin 17775 -> 17775 bytes docs/curl.1 | 124 +- docs/curl.html | 77 +- docs/curl.pdf | Bin 137490 -> 139891 bytes docs/examples/Makefile.am | 2 +- docs/examples/Makefile.in | 2 +- docs/examples/cacertinmem.c | 2 +- docs/examples/curlx.c | 4 +- docs/examples/evhiperfifo.c | 2 +- docs/examples/externalsocket.c | 2 +- docs/examples/ghiper.c | 4 +- docs/examples/hiperfifo.c | 6 +- docs/examples/htmltidy.c | 20 +- docs/examples/http2-serverpush.c | 2 +- docs/examples/opensslthreadlock.c | 8 +- docs/examples/rtsp.c | 8 +- docs/examples/smooth-gtk-thread.c | 2 +- docs/examples/url2file.c | 2 +- docs/libcurl/Makefile.am | 11 +- docs/libcurl/Makefile.in | 11 +- docs/libcurl/curl_easy_cleanup.pdf | Bin 19386 -> 19386 bytes docs/libcurl/curl_easy_duphandle.pdf | Bin 17775 -> 17775 bytes docs/libcurl/curl_easy_escape.pdf | Bin 19512 -> 19512 bytes docs/libcurl/curl_easy_getinfo.3 | 54 +- docs/libcurl/curl_easy_getinfo.html | 51 +- docs/libcurl/curl_easy_getinfo.pdf | Bin 27786 -> 27286 bytes docs/libcurl/curl_easy_init.pdf | Bin 19179 -> 19179 bytes docs/libcurl/curl_easy_pause.3 | 4 +- docs/libcurl/curl_easy_pause.html | 2 +- docs/libcurl/curl_easy_pause.pdf | Bin 24981 -> 25043 bytes docs/libcurl/curl_easy_perform.3 | 4 +- docs/libcurl/curl_easy_perform.html | 2 +- docs/libcurl/curl_easy_perform.pdf | Bin 21115 -> 21965 bytes docs/libcurl/curl_easy_recv.3 | 6 +- docs/libcurl/curl_easy_recv.html | 4 +- docs/libcurl/curl_easy_recv.pdf | Bin 22435 -> 24005 bytes docs/libcurl/curl_easy_reset.pdf | Bin 17118 -> 17118 bytes docs/libcurl/curl_easy_send.3 | 6 +- docs/libcurl/curl_easy_send.html | 4 +- docs/libcurl/curl_easy_send.pdf | Bin 22167 -> 23742 bytes docs/libcurl/curl_easy_setopt.3 | 10 +- docs/libcurl/curl_easy_setopt.html | 8 +- docs/libcurl/curl_easy_setopt.pdf | Bin 47536 -> 47592 bytes docs/libcurl/curl_easy_strerror.pdf | Bin 17032 -> 17032 bytes docs/libcurl/curl_easy_unescape.pdf | Bin 18857 -> 18857 bytes docs/libcurl/curl_escape.pdf | Bin 18194 -> 18194 bytes docs/libcurl/curl_formadd.3 | 4 +- docs/libcurl/curl_formadd.html | 2 +- docs/libcurl/curl_formadd.pdf | Bin 32691 -> 32574 bytes docs/libcurl/curl_formfree.3 | 4 +- docs/libcurl/curl_formfree.html | 2 +- docs/libcurl/curl_formfree.pdf | Bin 17414 -> 18145 bytes docs/libcurl/curl_formget.pdf | Bin 20276 -> 20276 bytes docs/libcurl/curl_free.pdf | Bin 14470 -> 14470 bytes docs/libcurl/curl_getdate.pdf | Bin 22706 -> 22706 bytes docs/libcurl/curl_getenv.pdf | Bin 17145 -> 17145 bytes docs/libcurl/curl_global_cleanup.3 | 8 +- docs/libcurl/curl_global_cleanup.html | 6 +- docs/libcurl/curl_global_cleanup.pdf | Bin 17031 -> 16899 bytes docs/libcurl/curl_global_init.3 | 39 +- docs/libcurl/curl_global_init.html | 25 +- docs/libcurl/curl_global_init.pdf | Bin 20818 -> 21818 bytes docs/libcurl/curl_global_init_mem.pdf | Bin 17304 -> 17304 bytes docs/libcurl/curl_mprintf.3 | 12 +- docs/libcurl/curl_mprintf.html | 5 +- docs/libcurl/curl_mprintf.pdf | Bin 20429 -> 19586 bytes docs/libcurl/curl_multi_add_handle.pdf | Bin 21012 -> 21012 bytes docs/libcurl/curl_multi_assign.pdf | Bin 18580 -> 18580 bytes docs/libcurl/curl_multi_cleanup.pdf | Bin 17392 -> 17392 bytes docs/libcurl/curl_multi_fdset.pdf | Bin 20399 -> 20399 bytes docs/libcurl/curl_multi_info_read.pdf | Bin 22957 -> 22957 bytes docs/libcurl/curl_multi_init.pdf | Bin 16317 -> 16317 bytes docs/libcurl/curl_multi_perform.pdf | Bin 25241 -> 25241 bytes docs/libcurl/curl_multi_remove_handle.pdf | Bin 17178 -> 17178 bytes docs/libcurl/curl_multi_setopt.pdf | Bin 23370 -> 23370 bytes docs/libcurl/curl_multi_socket.3 | 8 +- docs/libcurl/curl_multi_socket.html | 6 +- docs/libcurl/curl_multi_socket.pdf | Bin 28497 -> 28183 bytes docs/libcurl/curl_multi_socket_action.3 | 19 +- docs/libcurl/curl_multi_socket_action.html | 8 +- docs/libcurl/curl_multi_socket_action.pdf | Bin 28623 -> 28351 bytes docs/libcurl/curl_multi_socket_all.3 | 1 + docs/libcurl/curl_multi_socket_all.html | 56 + docs/libcurl/curl_multi_socket_all.pdf | Bin 0 -> 2217 bytes docs/libcurl/curl_multi_strerror.pdf | Bin 14734 -> 14734 bytes docs/libcurl/curl_multi_timeout.3 | 14 +- docs/libcurl/curl_multi_timeout.html | 6 +- docs/libcurl/curl_multi_timeout.pdf | Bin 21467 -> 21906 bytes docs/libcurl/curl_multi_wait.pdf | Bin 22327 -> 22327 bytes docs/libcurl/curl_share_cleanup.pdf | Bin 16877 -> 16877 bytes docs/libcurl/curl_share_init.pdf | Bin 18397 -> 18397 bytes docs/libcurl/curl_share_setopt.3 | 3 +- docs/libcurl/curl_share_setopt.html | 2 +- docs/libcurl/curl_share_setopt.pdf | Bin 21040 -> 21113 bytes docs/libcurl/curl_share_strerror.pdf | Bin 15076 -> 15076 bytes docs/libcurl/curl_slist_append.3 | 4 +- docs/libcurl/curl_slist_append.html | 2 +- docs/libcurl/curl_slist_append.pdf | Bin 16944 -> 17791 bytes docs/libcurl/curl_slist_free_all.pdf | Bin 13664 -> 13664 bytes docs/libcurl/curl_strequal.pdf | Bin 16583 -> 16583 bytes docs/libcurl/curl_unescape.pdf | Bin 17960 -> 17960 bytes docs/libcurl/curl_version.pdf | Bin 15840 -> 15840 bytes docs/libcurl/curl_version_info.pdf | Bin 26144 -> 26144 bytes docs/libcurl/libcurl-easy.pdf | Bin 19068 -> 19068 bytes docs/libcurl/libcurl-errors.3 | 2 + docs/libcurl/libcurl-errors.html | 2 + docs/libcurl/libcurl-errors.pdf | Bin 36942 -> 36983 bytes docs/libcurl/libcurl-multi.3 | 2 +- docs/libcurl/libcurl-multi.html | 2 +- docs/libcurl/libcurl-multi.pdf | Bin 27315 -> 27275 bytes docs/libcurl/libcurl-share.pdf | Bin 19958 -> 19958 bytes docs/libcurl/libcurl-symbols.3 | 23 +- docs/libcurl/libcurl-symbols.html | 22 +- docs/libcurl/libcurl-symbols.pdf | Bin 49257 -> 50443 bytes docs/libcurl/libcurl-thread.3 | 12 +- docs/libcurl/libcurl-thread.html | 8 +- docs/libcurl/libcurl-thread.pdf | Bin 24054 -> 24412 bytes docs/libcurl/libcurl-tutorial.pdf | Bin 94723 -> 94723 bytes docs/libcurl/libcurl.m4 | 2 +- docs/libcurl/libcurl.pdf | Bin 30424 -> 30424 bytes docs/libcurl/opts/CURLINFO_ACTIVESOCKET.pdf | Bin 19969 -> 19969 bytes docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.pdf | Bin 20029 -> 20029 bytes docs/libcurl/opts/CURLINFO_CERTINFO.3 | 6 +- docs/libcurl/opts/CURLINFO_CERTINFO.html | 2 +- docs/libcurl/opts/CURLINFO_CERTINFO.pdf | Bin 18108 -> 18142 bytes docs/libcurl/opts/CURLINFO_CONDITION_UNMET.pdf | Bin 17901 -> 17901 bytes docs/libcurl/opts/CURLINFO_CONNECT_TIME.pdf | Bin 17844 -> 17844 bytes .../opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.pdf | Bin 15588 -> 15588 bytes .../opts/CURLINFO_CONTENT_LENGTH_UPLOAD.pdf | Bin 15068 -> 15068 bytes docs/libcurl/opts/CURLINFO_CONTENT_TYPE.pdf | Bin 17953 -> 17953 bytes docs/libcurl/opts/CURLINFO_COOKIELIST.pdf | Bin 17764 -> 17764 bytes docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.pdf | Bin 18563 -> 18563 bytes docs/libcurl/opts/CURLINFO_FILETIME.3 | 2 +- docs/libcurl/opts/CURLINFO_FILETIME.html | 2 +- docs/libcurl/opts/CURLINFO_FILETIME.pdf | Bin 19520 -> 19522 bytes docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.pdf | Bin 17768 -> 17768 bytes docs/libcurl/opts/CURLINFO_HEADER_SIZE.pdf | Bin 14935 -> 14935 bytes docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.pdf | Bin 18549 -> 18549 bytes docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.pdf | Bin 14684 -> 14684 bytes docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 | 56 + docs/libcurl/opts/CURLINFO_LASTSOCKET.pdf | Bin 18488 -> 18488 bytes docs/libcurl/opts/CURLINFO_LOCAL_IP.pdf | Bin 18028 -> 18028 bytes docs/libcurl/opts/CURLINFO_LOCAL_PORT.pdf | Bin 14497 -> 14497 bytes docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.pdf | Bin 17859 -> 17859 bytes docs/libcurl/opts/CURLINFO_NUM_CONNECTS.pdf | Bin 18828 -> 18828 bytes docs/libcurl/opts/CURLINFO_OS_ERRNO.pdf | Bin 14402 -> 14402 bytes docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.pdf | Bin 18404 -> 18404 bytes docs/libcurl/opts/CURLINFO_PRIMARY_IP.pdf | Bin 18283 -> 18283 bytes docs/libcurl/opts/CURLINFO_PRIMARY_PORT.pdf | Bin 14568 -> 14568 bytes docs/libcurl/opts/CURLINFO_PRIVATE.pdf | Bin 16977 -> 16977 bytes docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.pdf | Bin 19100 -> 19100 bytes docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.pdf | Bin 14643 -> 14643 bytes docs/libcurl/opts/CURLINFO_REDIRECT_TIME.pdf | Bin 18330 -> 18330 bytes docs/libcurl/opts/CURLINFO_REDIRECT_URL.pdf | Bin 18476 -> 18468 bytes docs/libcurl/opts/CURLINFO_REQUEST_SIZE.pdf | Bin 17674 -> 17674 bytes docs/libcurl/opts/CURLINFO_RESPONSE_CODE.pdf | Bin 18845 -> 18845 bytes docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.pdf | Bin 14566 -> 14566 bytes docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.pdf | Bin 17427 -> 17427 bytes docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.pdf | Bin 15115 -> 15115 bytes docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.pdf | Bin 17424 -> 17424 bytes docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.pdf | Bin 14991 -> 14991 bytes docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.pdf | Bin 14507 -> 14507 bytes docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.pdf | Bin 14713 -> 14713 bytes docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.pdf | Bin 14653 -> 14653 bytes docs/libcurl/opts/CURLINFO_SSL_ENGINES.pdf | Bin 17685 -> 17685 bytes docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.pdf | Bin 17340 -> 17340 bytes docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.pdf | Bin 19801 -> 19801 bytes docs/libcurl/opts/CURLINFO_TLS_SESSION.3 | 3 +- docs/libcurl/opts/CURLINFO_TLS_SESSION.html | 2 +- docs/libcurl/opts/CURLINFO_TLS_SESSION.pdf | Bin 19914 -> 20226 bytes docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 | 7 +- docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.html | 6 +- docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.pdf | Bin 26071 -> 26151 bytes docs/libcurl/opts/CURLINFO_TOTAL_TIME.pdf | Bin 17808 -> 17808 bytes .../opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf | Bin 18177 -> 18177 bytes .../opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf | Bin 17909 -> 17909 bytes docs/libcurl/opts/CURLMOPT_MAXCONNECTS.pdf | Bin 17717 -> 17717 bytes .../libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.pdf | Bin 17724 -> 17724 bytes docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf | Bin 17813 -> 17813 bytes docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 | 4 +- .../opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.html | 2 +- .../opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf | Bin 17385 -> 17404 bytes docs/libcurl/opts/CURLMOPT_PIPELINING.3 | 40 +- docs/libcurl/opts/CURLMOPT_PIPELINING.html | 16 +- docs/libcurl/opts/CURLMOPT_PIPELINING.pdf | Bin 15711 -> 16572 bytes .../libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.pdf | Bin 15559 -> 15559 bytes docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.pdf | Bin 14598 -> 14598 bytes docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf | Bin 17036 -> 17036 bytes docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf | Bin 22838 -> 22838 bytes docs/libcurl/opts/CURLMOPT_SOCKETDATA.pdf | Bin 18367 -> 18367 bytes docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 | 18 +- docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html | 13 +- docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.pdf | Bin 20202 -> 20888 bytes docs/libcurl/opts/CURLMOPT_TIMERDATA.pdf | Bin 16692 -> 16692 bytes docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.pdf | Bin 22490 -> 22490 bytes docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.pdf | Bin 14110 -> 14110 bytes docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 | 17 +- docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.html | 7 +- docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.pdf | Bin 19918 -> 20933 bytes docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.pdf | Bin 13014 -> 13014 bytes docs/libcurl/opts/CURLOPT_APPEND.pdf | Bin 13655 -> 13655 bytes docs/libcurl/opts/CURLOPT_AUTOREFERER.pdf | Bin 13058 -> 13058 bytes docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 | 4 +- docs/libcurl/opts/CURLOPT_BUFFERSIZE.html | 2 +- docs/libcurl/opts/CURLOPT_BUFFERSIZE.pdf | Bin 17102 -> 17194 bytes docs/libcurl/opts/CURLOPT_CAINFO.3 | 6 + docs/libcurl/opts/CURLOPT_CAINFO.html | 3 +- docs/libcurl/opts/CURLOPT_CAINFO.pdf | Bin 17566 -> 17850 bytes docs/libcurl/opts/CURLOPT_CAPATH.pdf | Bin 17182 -> 17182 bytes docs/libcurl/opts/CURLOPT_CERTINFO.pdf | Bin 18093 -> 18093 bytes docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.pdf | Bin 19912 -> 19912 bytes docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 | 6 +- docs/libcurl/opts/CURLOPT_CHUNK_DATA.html | 2 +- docs/libcurl/opts/CURLOPT_CHUNK_DATA.pdf | Bin 17289 -> 17459 bytes docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.pdf | Bin 15904 -> 15904 bytes docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.pdf | Bin 17120 -> 17120 bytes docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.pdf | Bin 18336 -> 18336 bytes docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.pdf | Bin 16576 -> 16576 bytes docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.pdf | Bin 16549 -> 16549 bytes docs/libcurl/opts/CURLOPT_CONNECT_ONLY.pdf | Bin 18725 -> 18725 bytes docs/libcurl/opts/CURLOPT_CONNECT_TO.3 | 111 + docs/libcurl/opts/CURLOPT_CONNECT_TO.html | 101 + docs/libcurl/opts/CURLOPT_CONNECT_TO.pdf | Bin 0 -> 22668 bytes .../opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.pdf | Bin 20938 -> 20938 bytes .../opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.pdf | Bin 20947 -> 20947 bytes .../opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 | 4 +- .../opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.html | 2 +- .../opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.pdf | Bin 20918 -> 20920 bytes docs/libcurl/opts/CURLOPT_COOKIE.pdf | Bin 18329 -> 18329 bytes docs/libcurl/opts/CURLOPT_COOKIEFILE.pdf | Bin 18296 -> 18296 bytes docs/libcurl/opts/CURLOPT_COOKIEJAR.pdf | Bin 19915 -> 19915 bytes docs/libcurl/opts/CURLOPT_COOKIELIST.3 | 2 +- docs/libcurl/opts/CURLOPT_COOKIELIST.html | 2 +- docs/libcurl/opts/CURLOPT_COOKIELIST.pdf | Bin 20636 -> 20645 bytes docs/libcurl/opts/CURLOPT_COOKIESESSION.pdf | Bin 13698 -> 13698 bytes docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.pdf | Bin 19069 -> 19069 bytes docs/libcurl/opts/CURLOPT_CRLF.pdf | Bin 13297 -> 13297 bytes docs/libcurl/opts/CURLOPT_CRLFILE.pdf | Bin 18909 -> 18909 bytes docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 | 4 +- docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.html | 2 +- docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.pdf | Bin 21125 -> 20871 bytes docs/libcurl/opts/CURLOPT_DEBUGDATA.pdf | Bin 16921 -> 16921 bytes docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.pdf | Bin 24842 -> 24842 bytes docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.pdf | Bin 19352 -> 19352 bytes docs/libcurl/opts/CURLOPT_DIRLISTONLY.pdf | Bin 17381 -> 17381 bytes docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.pdf | Bin 16490 -> 16490 bytes docs/libcurl/opts/CURLOPT_DNS_INTERFACE.pdf | Bin 13989 -> 13989 bytes docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.pdf | Bin 15707 -> 15707 bytes docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.pdf | Bin 15830 -> 15830 bytes docs/libcurl/opts/CURLOPT_DNS_SERVERS.pdf | Bin 15223 -> 15223 bytes docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.pdf | Bin 18071 -> 18071 bytes docs/libcurl/opts/CURLOPT_EGDSOCKET.pdf | Bin 13637 -> 13637 bytes docs/libcurl/opts/CURLOPT_ERRORBUFFER.pdf | Bin 23143 -> 23143 bytes .../libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.pdf | Bin 15916 -> 15916 bytes docs/libcurl/opts/CURLOPT_FAILONERROR.pdf | Bin 14183 -> 14183 bytes docs/libcurl/opts/CURLOPT_FILETIME.3 | 4 +- docs/libcurl/opts/CURLOPT_FILETIME.html | 2 +- docs/libcurl/opts/CURLOPT_FILETIME.pdf | Bin 19071 -> 19200 bytes docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 | 4 +- docs/libcurl/opts/CURLOPT_FNMATCH_DATA.html | 2 +- docs/libcurl/opts/CURLOPT_FNMATCH_DATA.pdf | Bin 15863 -> 16022 bytes docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.pdf | Bin 15754 -> 15754 bytes docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.pdf | Bin 21130 -> 21130 bytes docs/libcurl/opts/CURLOPT_FORBID_REUSE.pdf | Bin 14985 -> 14985 bytes docs/libcurl/opts/CURLOPT_FRESH_CONNECT.pdf | Bin 16911 -> 16911 bytes docs/libcurl/opts/CURLOPT_FTPPORT.pdf | Bin 15280 -> 15280 bytes docs/libcurl/opts/CURLOPT_FTPSSLAUTH.pdf | Bin 16427 -> 16427 bytes docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.pdf | Bin 13653 -> 13653 bytes .../opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.pdf | Bin 14274 -> 14274 bytes .../opts/CURLOPT_FTP_CREATE_MISSING_DIRS.pdf | Bin 18206 -> 18206 bytes docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.pdf | Bin 16661 -> 16661 bytes docs/libcurl/opts/CURLOPT_FTP_RESPONSE_TIMEOUT.pdf | Bin 17523 -> 17523 bytes docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.pdf | Bin 15324 -> 15324 bytes docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.pdf | Bin 13769 -> 13769 bytes docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.pdf | Bin 15471 -> 15471 bytes docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.pdf | Bin 14852 -> 14852 bytes docs/libcurl/opts/CURLOPT_FTP_USE_PRET.pdf | Bin 13367 -> 13369 bytes docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.pdf | Bin 15327 -> 15327 bytes docs/libcurl/opts/CURLOPT_HEADER.pdf | Bin 17872 -> 17872 bytes docs/libcurl/opts/CURLOPT_HEADERDATA.pdf | Bin 16709 -> 16709 bytes docs/libcurl/opts/CURLOPT_HEADERFUNCTION.pdf | Bin 22417 -> 22417 bytes docs/libcurl/opts/CURLOPT_HEADEROPT.pdf | Bin 17171 -> 17171 bytes docs/libcurl/opts/CURLOPT_HTTP200ALIASES.pdf | Bin 17184 -> 17184 bytes docs/libcurl/opts/CURLOPT_HTTPAUTH.pdf | Bin 22212 -> 22212 bytes docs/libcurl/opts/CURLOPT_HTTPGET.pdf | Bin 18443 -> 18443 bytes docs/libcurl/opts/CURLOPT_HTTPHEADER.pdf | Bin 24392 -> 24392 bytes docs/libcurl/opts/CURLOPT_HTTPPOST.3 | 7 +- docs/libcurl/opts/CURLOPT_HTTPPOST.html | 4 +- docs/libcurl/opts/CURLOPT_HTTPPOST.pdf | Bin 19603 -> 20307 bytes docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.pdf | Bin 16752 -> 16752 bytes .../libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.pdf | Bin 15873 -> 15873 bytes .../opts/CURLOPT_HTTP_TRANSFER_DECODING.pdf | Bin 13449 -> 13449 bytes docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 | 9 +- docs/libcurl/opts/CURLOPT_HTTP_VERSION.html | 6 +- docs/libcurl/opts/CURLOPT_HTTP_VERSION.pdf | Bin 20773 -> 19018 bytes .../libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.pdf | Bin 16264 -> 16264 bytes docs/libcurl/opts/CURLOPT_INFILESIZE.pdf | Bin 18647 -> 18647 bytes docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.pdf | Bin 18761 -> 18761 bytes docs/libcurl/opts/CURLOPT_INTERFACE.pdf | Bin 15957 -> 15957 bytes docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.pdf | Bin 16669 -> 16669 bytes docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.pdf | Bin 18907 -> 18907 bytes docs/libcurl/opts/CURLOPT_IOCTLDATA.pdf | Bin 16450 -> 16450 bytes docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.pdf | Bin 19390 -> 19390 bytes docs/libcurl/opts/CURLOPT_IPRESOLVE.pdf | Bin 13518 -> 13518 bytes docs/libcurl/opts/CURLOPT_ISSUERCERT.pdf | Bin 17510 -> 17510 bytes docs/libcurl/opts/CURLOPT_KEYPASSWD.pdf | Bin 17509 -> 17509 bytes docs/libcurl/opts/CURLOPT_KRBLEVEL.pdf | Bin 14150 -> 14150 bytes docs/libcurl/opts/CURLOPT_LOCALPORT.pdf | Bin 16000 -> 16000 bytes docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.pdf | Bin 16822 -> 16822 bytes docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 | 4 +- docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.html | 2 +- docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.pdf | Bin 18462 -> 18290 bytes docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.pdf | Bin 15754 -> 15754 bytes docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.pdf | Bin 15606 -> 15606 bytes docs/libcurl/opts/CURLOPT_MAIL_AUTH.pdf | Bin 16884 -> 16884 bytes docs/libcurl/opts/CURLOPT_MAIL_FROM.pdf | Bin 14001 -> 14001 bytes docs/libcurl/opts/CURLOPT_MAIL_RCPT.pdf | Bin 18312 -> 18312 bytes docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 | 4 +- docs/libcurl/opts/CURLOPT_MAXCONNECTS.html | 2 +- docs/libcurl/opts/CURLOPT_MAXCONNECTS.pdf | Bin 18556 -> 18559 bytes docs/libcurl/opts/CURLOPT_MAXFILESIZE.pdf | Bin 18237 -> 18237 bytes docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.pdf | Bin 17301 -> 17301 bytes docs/libcurl/opts/CURLOPT_MAXREDIRS.pdf | Bin 18584 -> 18584 bytes docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 | 5 +- .../libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.html | 2 +- docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.pdf | Bin 16019 -> 15677 bytes docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 | 6 +- .../libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.html | 2 +- docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.pdf | Bin 16499 -> 16199 bytes docs/libcurl/opts/CURLOPT_NETRC.pdf | Bin 19028 -> 19028 bytes docs/libcurl/opts/CURLOPT_NETRC_FILE.pdf | Bin 16226 -> 16226 bytes docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.pdf | Bin 16353 -> 16353 bytes docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.pdf | Bin 16205 -> 16205 bytes docs/libcurl/opts/CURLOPT_NOBODY.pdf | Bin 14356 -> 14356 bytes docs/libcurl/opts/CURLOPT_NOPROGRESS.pdf | Bin 17786 -> 17786 bytes docs/libcurl/opts/CURLOPT_NOPROXY.pdf | Bin 14418 -> 14418 bytes docs/libcurl/opts/CURLOPT_NOSIGNAL.pdf | Bin 17528 -> 17528 bytes docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.pdf | Bin 16950 -> 16950 bytes docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.pdf | Bin 21609 -> 21609 bytes docs/libcurl/opts/CURLOPT_PASSWORD.pdf | Bin 16835 -> 16835 bytes docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf | Bin 16343 -> 16343 bytes docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 14 +- docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html | 2 +- docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf | Bin 21340 -> 21339 bytes docs/libcurl/opts/CURLOPT_PIPEWAIT.3 | 10 +- docs/libcurl/opts/CURLOPT_PIPEWAIT.html | 2 +- docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf | Bin 17278 -> 17779 bytes docs/libcurl/opts/CURLOPT_PORT.pdf | Bin 15340 -> 15340 bytes docs/libcurl/opts/CURLOPT_POST.pdf | Bin 18716 -> 18716 bytes docs/libcurl/opts/CURLOPT_POSTFIELDS.3 | 13 +- docs/libcurl/opts/CURLOPT_POSTFIELDS.html | 4 +- docs/libcurl/opts/CURLOPT_POSTFIELDS.pdf | Bin 21393 -> 21085 bytes docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.pdf | Bin 17195 -> 17195 bytes docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.pdf | Bin 14174 -> 14174 bytes docs/libcurl/opts/CURLOPT_POSTQUOTE.pdf | Bin 15882 -> 15882 bytes docs/libcurl/opts/CURLOPT_POSTREDIR.pdf | Bin 18145 -> 18145 bytes docs/libcurl/opts/CURLOPT_PREQUOTE.pdf | Bin 15860 -> 15860 bytes docs/libcurl/opts/CURLOPT_PRIVATE.pdf | Bin 16942 -> 16942 bytes docs/libcurl/opts/CURLOPT_PROGRESSDATA.pdf | Bin 16921 -> 16921 bytes docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.pdf | Bin 21119 -> 21117 bytes docs/libcurl/opts/CURLOPT_PROTOCOLS.pdf | Bin 18467 -> 18467 bytes docs/libcurl/opts/CURLOPT_PROXY.3 | 8 +- docs/libcurl/opts/CURLOPT_PROXY.html | 5 +- docs/libcurl/opts/CURLOPT_PROXY.pdf | Bin 22596 -> 22666 bytes docs/libcurl/opts/CURLOPT_PROXYAUTH.pdf | Bin 17721 -> 17721 bytes docs/libcurl/opts/CURLOPT_PROXYHEADER.pdf | Bin 16922 -> 16922 bytes docs/libcurl/opts/CURLOPT_PROXYPASSWORD.pdf | Bin 17502 -> 17502 bytes docs/libcurl/opts/CURLOPT_PROXYPORT.pdf | Bin 15748 -> 15748 bytes docs/libcurl/opts/CURLOPT_PROXYTYPE.3 | 4 +- docs/libcurl/opts/CURLOPT_PROXYTYPE.html | 2 +- docs/libcurl/opts/CURLOPT_PROXYTYPE.pdf | Bin 17765 -> 17486 bytes docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 | 4 +- docs/libcurl/opts/CURLOPT_PROXYUSERNAME.html | 2 +- docs/libcurl/opts/CURLOPT_PROXYUSERNAME.pdf | Bin 17318 -> 17367 bytes docs/libcurl/opts/CURLOPT_PROXYUSERPWD.pdf | Bin 17169 -> 17169 bytes docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 | 11 +- docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.html | 8 +- docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf | Bin 15343 -> 15660 bytes docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.pdf | Bin 17092 -> 17092 bytes docs/libcurl/opts/CURLOPT_PUT.pdf | Bin 16970 -> 16970 bytes docs/libcurl/opts/CURLOPT_QUOTE.3 | 5 +- docs/libcurl/opts/CURLOPT_QUOTE.html | 2 + docs/libcurl/opts/CURLOPT_QUOTE.pdf | Bin 18835 -> 18989 bytes docs/libcurl/opts/CURLOPT_RANDOM_FILE.pdf | Bin 13165 -> 13165 bytes docs/libcurl/opts/CURLOPT_RANGE.3 | 6 +- docs/libcurl/opts/CURLOPT_RANGE.html | 2 +- docs/libcurl/opts/CURLOPT_RANGE.pdf | Bin 18358 -> 18655 bytes docs/libcurl/opts/CURLOPT_READDATA.3 | 6 +- docs/libcurl/opts/CURLOPT_READDATA.html | 2 +- docs/libcurl/opts/CURLOPT_READDATA.pdf | Bin 18391 -> 18359 bytes docs/libcurl/opts/CURLOPT_READFUNCTION.pdf | Bin 21242 -> 21242 bytes docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.pdf | Bin 18567 -> 18567 bytes docs/libcurl/opts/CURLOPT_REFERER.pdf | Bin 16611 -> 16611 bytes docs/libcurl/opts/CURLOPT_RESOLVE.3 | 14 +- docs/libcurl/opts/CURLOPT_RESOLVE.html | 10 +- docs/libcurl/opts/CURLOPT_RESOLVE.pdf | Bin 20076 -> 21183 bytes docs/libcurl/opts/CURLOPT_RESUME_FROM.pdf | Bin 17885 -> 17885 bytes docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.pdf | Bin 15126 -> 15126 bytes docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.pdf | Bin 13595 -> 13595 bytes docs/libcurl/opts/CURLOPT_RTSP_REQUEST.pdf | Bin 25671 -> 25671 bytes docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.pdf | Bin 13499 -> 13499 bytes docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.pdf | Bin 15854 -> 15854 bytes docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 | 10 +- docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.html | 2 +- docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.pdf | Bin 18863 -> 18869 bytes docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.pdf | Bin 13800 -> 13800 bytes docs/libcurl/opts/CURLOPT_SASL_IR.pdf | Bin 14295 -> 14295 bytes docs/libcurl/opts/CURLOPT_SEEKDATA.pdf | Bin 16781 -> 16781 bytes docs/libcurl/opts/CURLOPT_SEEKFUNCTION.pdf | Bin 19738 -> 19738 bytes docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 | 15 +- docs/libcurl/opts/CURLOPT_SERVICE_NAME.html | 8 +- docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf | Bin 15171 -> 15498 bytes docs/libcurl/opts/CURLOPT_SHARE.pdf | Bin 16529 -> 16529 bytes docs/libcurl/opts/CURLOPT_SOCKOPTDATA.pdf | Bin 16846 -> 16846 bytes docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.pdf | Bin 21841 -> 21841 bytes docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.pdf | Bin 14143 -> 14143 bytes docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 | 16 +- .../opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.html | 9 +- .../libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.pdf | Bin 15580 -> 17845 bytes docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.pdf | Bin 16391 -> 16391 bytes .../opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.pdf | Bin 14610 -> 14610 bytes docs/libcurl/opts/CURLOPT_SSH_KEYDATA.pdf | Bin 17663 -> 17663 bytes docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.pdf | Bin 22147 -> 22147 bytes docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.pdf | Bin 17302 -> 17302 bytes docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.pdf | Bin 19521 -> 19521 bytes docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.pdf | Bin 17690 -> 17690 bytes docs/libcurl/opts/CURLOPT_SSLCERT.pdf | Bin 17042 -> 17042 bytes docs/libcurl/opts/CURLOPT_SSLCERTTYPE.pdf | Bin 14376 -> 14376 bytes docs/libcurl/opts/CURLOPT_SSLENGINE.pdf | Bin 14272 -> 14272 bytes docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 | 4 +- docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.html | 2 +- docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.pdf | Bin 16451 -> 16804 bytes docs/libcurl/opts/CURLOPT_SSLKEY.pdf | Bin 16985 -> 16985 bytes docs/libcurl/opts/CURLOPT_SSLKEYTYPE.pdf | Bin 17153 -> 17153 bytes docs/libcurl/opts/CURLOPT_SSLVERSION.pdf | Bin 15424 -> 15424 bytes docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.pdf | Bin 15130 -> 15130 bytes docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.pdf | Bin 17229 -> 17229 bytes docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.pdf | Bin 23473 -> 23471 bytes docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.pdf | Bin 13349 -> 13349 bytes docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.pdf | Bin 13348 -> 13348 bytes docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf | Bin 13864 -> 13864 bytes docs/libcurl/opts/CURLOPT_SSL_OPTIONS.pdf | Bin 20269 -> 20269 bytes docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.pdf | Bin 13924 -> 13924 bytes docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.pdf | Bin 21755 -> 21755 bytes docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.pdf | Bin 19439 -> 19439 bytes docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf | Bin 14414 -> 14414 bytes docs/libcurl/opts/CURLOPT_STDERR.pdf | Bin 16652 -> 16652 bytes docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.pdf | Bin 17979 -> 17979 bytes docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.pdf | Bin 16314 -> 16308 bytes docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.pdf | Bin 19108 -> 19108 bytes docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 | 47 + docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.html | 65 + docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.pdf | Bin 0 -> 13667 bytes docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.pdf | Bin 17113 -> 17113 bytes docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.pdf | Bin 15902 -> 15902 bytes docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.pdf | Bin 14193 -> 14191 bytes docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 | 12 +- docs/libcurl/opts/CURLOPT_TCP_NODELAY.html | 6 +- docs/libcurl/opts/CURLOPT_TCP_NODELAY.pdf | Bin 14337 -> 14424 bytes docs/libcurl/opts/CURLOPT_TELNETOPTIONS.pdf | Bin 13482 -> 13482 bytes docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.pdf | Bin 15997 -> 15997 bytes docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 | 4 +- docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.pdf | Bin 17804 -> 17804 bytes docs/libcurl/opts/CURLOPT_TIMECONDITION.3 | 2 +- docs/libcurl/opts/CURLOPT_TIMECONDITION.pdf | Bin 19688 -> 19688 bytes docs/libcurl/opts/CURLOPT_TIMEOUT.pdf | Bin 18825 -> 18825 bytes docs/libcurl/opts/CURLOPT_TIMEOUT_MS.pdf | Bin 18943 -> 18943 bytes docs/libcurl/opts/CURLOPT_TIMEVALUE.3 | 2 +- docs/libcurl/opts/CURLOPT_TIMEVALUE.pdf | Bin 17237 -> 17237 bytes docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.pdf | Bin 16462 -> 16462 bytes docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.pdf | Bin 17402 -> 17402 bytes docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.pdf | Bin 16580 -> 16580 bytes docs/libcurl/opts/CURLOPT_TRANSFERTEXT.pdf | Bin 13995 -> 13995 bytes docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 | 4 +- docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.html | 2 +- docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.pdf | Bin 16008 -> 17594 bytes docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.pdf | Bin 18048 -> 18048 bytes docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.pdf | Bin 15653 -> 15653 bytes docs/libcurl/opts/CURLOPT_UPLOAD.pdf | Bin 19528 -> 19528 bytes docs/libcurl/opts/CURLOPT_URL.pdf | Bin 34969 -> 34969 bytes docs/libcurl/opts/CURLOPT_USERAGENT.pdf | Bin 17247 -> 17247 bytes docs/libcurl/opts/CURLOPT_USERNAME.3 | 4 +- docs/libcurl/opts/CURLOPT_USERNAME.html | 2 +- docs/libcurl/opts/CURLOPT_USERNAME.pdf | Bin 19025 -> 18851 bytes docs/libcurl/opts/CURLOPT_USERPWD.pdf | Bin 19426 -> 19426 bytes docs/libcurl/opts/CURLOPT_USE_SSL.pdf | Bin 17222 -> 17222 bytes docs/libcurl/opts/CURLOPT_VERBOSE.pdf | Bin 18237 -> 18237 bytes docs/libcurl/opts/CURLOPT_WILDCARDMATCH.pdf | Bin 24154 -> 24154 bytes docs/libcurl/opts/CURLOPT_WRITEDATA.pdf | Bin 18525 -> 18525 bytes docs/libcurl/opts/CURLOPT_WRITEFUNCTION.pdf | Bin 20755 -> 20749 bytes docs/libcurl/opts/CURLOPT_XFERINFODATA.pdf | Bin 17147 -> 17147 bytes docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.pdf | Bin 20188 -> 20188 bytes docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.pdf | Bin 16959 -> 16959 bytes docs/libcurl/opts/Makefile.am | 1242 ++- docs/libcurl/opts/Makefile.in | 1242 ++- docs/libcurl/symbols-in-versions | 12 +- docs/mk-ca-bundle.html | 2 + docs/mk-ca-bundle.pdf | Bin 21465 -> 21710 bytes include/curl/curl.h | 42 +- include/curl/curlbuild.h | 6 +- include/curl/curlver.h | 10 +- include/curl/mprintf.h | 28 +- include/curl/multi.h | 6 +- lib/Makefile.Watcom | 9 +- lib/Makefile.am | 7 +- lib/Makefile.b32 | 9 +- lib/Makefile.in | 462 +- lib/Makefile.inc | 33 +- lib/Makefile.m32 | 4 + lib/Makefile.netware | 2 +- lib/Makefile.vc10 | 30 +- lib/Makefile.vc11 | 30 +- lib/Makefile.vc12 | 30 +- lib/Makefile.vc14 | 30 +- lib/Makefile.vc6 | 30 +- lib/Makefile.vc7 | 30 +- lib/Makefile.vc8 | 30 +- lib/Makefile.vc9 | 30 +- lib/amigaos.c | 4 +- lib/asyn-ares.c | 22 +- lib/asyn-thread.c | 29 +- lib/asyn.h | 2 +- lib/base64.c | 14 +- lib/checksrc.pl | 284 +- lib/checksrc.whitelist | 12 - lib/conncache.c | 22 +- lib/connect.c | 138 +- lib/connect.h | 46 +- lib/content_encoding.c | 4 +- lib/cookie.c | 20 +- lib/cookie.h | 12 +- lib/curl_addrinfo.c | 34 +- lib/curl_addrinfo.h | 10 +- lib/curl_base64.h | 4 +- lib/curl_config.h.cmake | 9 +- lib/curl_config.h.in | 12 +- lib/curl_fnmatch.c | 4 +- lib/curl_gssapi.c | 63 +- lib/curl_gssapi.h | 6 +- lib/curl_memory.h | 17 +- lib/curl_memrchr.c | 5 +- lib/curl_multibyte.c | 2 + lib/curl_ntlm_core.c | 46 +- lib/curl_ntlm_core.h | 4 +- lib/curl_ntlm_wb.c | 9 +- lib/curl_sasl.c | 1273 +-- lib/curl_sasl.h | 114 +- lib/curl_sasl_sspi.c | 1295 --- lib/curl_setup.h | 43 +- lib/curl_sspi.c | 70 +- lib/curl_threads.c | 4 +- lib/dict.c | 4 +- lib/dotdot.c | 4 +- lib/easy.c | 76 +- lib/easyif.h | 4 +- lib/escape.c | 20 +- lib/escape.h | 2 +- lib/file.c | 65 +- lib/formdata.c | 27 +- lib/formdata.h | 8 +- lib/ftp.c | 108 +- lib/ftp.h | 4 +- lib/getenv.c | 3 +- lib/getinfo.c | 34 +- lib/getinfo.h | 4 +- lib/gopher.c | 2 +- lib/hash.c | 5 +- lib/hmac.c | 5 +- lib/hostasyn.c | 2 +- lib/hostip.c | 27 +- lib/hostip.h | 22 +- lib/hostip4.c | 4 +- lib/hostip6.c | 17 +- lib/hostsyn.c | 8 +- lib/http.c | 440 +- lib/http.h | 10 +- lib/http2.c | 564 +- lib/http2.h | 10 +- lib/http_chunks.c | 6 +- lib/http_digest.c | 21 +- lib/http_digest.h | 2 +- lib/http_negotiate.c | 191 +- lib/http_negotiate.h | 6 +- lib/http_negotiate_sspi.c | 302 - lib/{curl_ntlm.c => http_ntlm.c} | 23 +- lib/{curl_ntlm.h => http_ntlm.h} | 0 lib/http_proxy.c | 45 +- lib/if2ip.c | 5 +- lib/imap.c | 86 +- lib/imap.h | 4 +- lib/inet_ntop.c | 11 +- lib/krb5.c | 13 +- lib/ldap.c | 11 +- lib/libcurl.plist | 6 +- lib/llist.c | 4 +- lib/md5.c | 6 +- lib/memdebug.c | 6 +- lib/memdebug.h | 14 +- lib/mk-ca-bundle.pl | 26 +- lib/mprintf.c | 180 +- lib/multi.c | 779 +- lib/multihandle.h | 8 +- lib/multiif.h | 13 +- lib/netrc.c | 6 +- lib/non-ascii.c | 22 +- lib/non-ascii.h | 16 +- lib/nwlib.c | 48 +- lib/nwos.c | 10 +- lib/openldap.c | 15 +- lib/pingpong.c | 16 +- lib/pipeline.c | 41 +- lib/pipeline.h | 18 +- lib/pop3.c | 40 +- lib/pop3.h | 4 +- lib/progress.c | 93 +- lib/progress.h | 20 +- lib/rtsp.c | 39 +- lib/security.c | 2 +- lib/sendf.c | 139 +- lib/sendf.h | 6 +- lib/share.c | 21 +- lib/share.h | 4 +- lib/sigpipe.h | 4 +- lib/slist.c | 4 +- lib/smb.c | 3 +- lib/smtp.c | 69 +- lib/smtp.h | 4 +- lib/socks.c | 131 +- lib/socks_gssapi.c | 12 +- lib/socks_sspi.c | 15 +- lib/speedcheck.c | 4 +- lib/speedcheck.h | 4 +- lib/splay.h | 4 +- lib/ssh.c | 148 +- lib/ssh.h | 5 +- lib/strdup.c | 6 +- lib/strerror.c | 14 +- lib/system_win32.c | 297 + lib/system_win32.h | 61 + lib/telnet.c | 33 +- lib/tftp.c | 60 +- lib/transfer.c | 224 +- lib/transfer.h | 21 +- lib/url.c | 1023 +- lib/url.h | 38 +- lib/urldata.h | 116 +- lib/vauth/cleartext.c | 157 + lib/vauth/cram.c | 138 + lib/vauth/digest.c | 897 ++ lib/vauth/digest.h | 43 + lib/vauth/digest_sspi.c | 554 + lib/{curl_sasl_gssapi.c => vauth/krb5_gssapi.c} | 167 +- lib/vauth/krb5_sspi.c | 518 + lib/{curl_ntlm_msgs.c => vauth/ntlm.c} | 61 +- lib/{curl_ntlm_msgs.h => vauth/ntlm.h} | 8 +- lib/vauth/ntlm_sspi.c | 335 + lib/vauth/oauth2.c | 86 + lib/vauth/spnego_gssapi.c | 274 + lib/vauth/spnego_sspi.c | 321 + lib/vauth/vauth.c | 147 + lib/vauth/vauth.h | 204 + lib/vtls/axtls.c | 56 +- lib/vtls/axtls.h | 2 +- lib/vtls/cyassl.c | 191 +- lib/vtls/cyassl.h | 21 +- lib/vtls/darwinssl.c | 111 +- lib/vtls/gskit.c | 32 +- lib/vtls/gtls.c | 48 +- lib/vtls/gtls.h | 7 +- lib/vtls/mbedtls.c | 220 +- lib/vtls/mbedtls.h | 19 +- lib/vtls/nss.c | 100 +- lib/vtls/nssg.h | 11 +- lib/vtls/openssl.c | 391 +- lib/vtls/openssl.h | 17 +- lib/vtls/polarssl.c | 169 +- lib/vtls/polarssl.h | 8 +- lib/vtls/schannel.c | 311 +- lib/vtls/schannel.h | 3 + lib/vtls/vtls.c | 129 +- lib/vtls/vtls.h | 67 +- lib/warnless.c | 59 +- lib/warnless.h | 8 +- lib/wildcard.c | 4 +- lib/wildcard.h | 2 +- lib/x509asn1.c | 17 +- lib/x509asn1.h | 4 +- ltmain.sh | 6 +- m4/curl-compilers.m4 | 4 +- m4/curl-confopts.m4 | 14 +- m4/curl-functions.m4 | 270 +- m4/libtool.m4 | 1 - packages/OS400/ccsidcurl.c | 8 +- packages/OS400/curl.inc.in | 19 +- packages/OS400/initscript.sh | 6 +- packages/OS400/make-lib.sh | 2 +- packages/Symbian/group/libcurl.mmp | 15 +- projects/README | 27 +- projects/Windows/VC10/lib/libcurl.vcxproj | 154 +- projects/Windows/VC10/src/curl.vcxproj | 128 +- projects/Windows/VC11/lib/libcurl.vcxproj | 154 +- projects/Windows/VC11/src/curl.vcxproj | 128 +- projects/Windows/VC12/lib/libcurl.vcxproj | 154 +- projects/Windows/VC12/src/curl.vcxproj | 128 +- projects/Windows/VC14/lib/libcurl.vcxproj | 154 +- projects/Windows/VC14/src/curl.vcxproj | 128 +- projects/Windows/VC6/lib/libcurl.dsp | 210 +- projects/Windows/VC6/src/curl.dsp | 112 +- projects/Windows/VC7.1/lib/libcurl.vcproj | 142 +- projects/Windows/VC7.1/src/curl.vcproj | 56 +- projects/Windows/VC7/lib/libcurl.vcproj | 142 +- projects/Windows/VC7/src/curl.vcproj | 56 +- projects/Windows/VC8/lib/libcurl.vcproj | 222 +- projects/Windows/VC8/src/curl.vcproj | 112 +- projects/Windows/VC9/lib/libcurl.vcproj | 222 +- projects/Windows/VC9/src/curl.vcproj | 112 +- projects/checksrc.bat | 55 +- scripts/Makefile.am | 4 +- scripts/Makefile.in | 4 +- src/Makefile.am | 8 +- src/Makefile.in | 8 +- src/Makefile.m32 | 4 + src/Makefile.vc10 | 6 +- src/Makefile.vc11 | 6 +- src/Makefile.vc12 | 6 +- src/Makefile.vc14 | 6 +- src/Makefile.vc6 | 6 +- src/Makefile.vc7 | 6 +- src/Makefile.vc8 | 6 +- src/Makefile.vc9 | 6 +- src/checksrc.whitelist | 3 - src/tool_cb_hdr.c | 5 +- src/tool_cfgable.c | 5 +- src/tool_cfgable.h | 18 +- src/tool_formparse.c | 4 +- src/tool_getparam.c | 67 +- src/tool_help.c | 9 +- src/tool_helpers.c | 2 +- src/tool_hugehelp.c | 10881 ++++++++++--------- src/tool_operate.c | 51 +- src/tool_setopt.c | 3 +- src/tool_urlglob.c | 2 +- src/tool_version.h | 2 +- src/tool_vms.c | 14 +- src/tool_writeout.c | 24 +- tests/CMakeLists.txt | 1 + tests/FILEFORMAT | 6 +- tests/Makefile.am | 15 +- tests/Makefile.in | 15 +- tests/README | 1 + tests/data/Makefile.in | 17 +- tests/data/Makefile.inc | 17 +- tests/data/test1001 | 2 + tests/data/test1002 | 3 + tests/data/test1008 | 2 + tests/data/test1021 | 3 + tests/data/test1034 | 1 + tests/data/test1035 | 1 + tests/data/test1059 | 1 + tests/data/test1060 | 2 + tests/data/test1061 | 2 + tests/data/test1077 | 3 + tests/data/test1078 | 1 + tests/data/test1087 | 3 + tests/data/test1088 | 3 + tests/data/test1092 | 1 + tests/data/test1097 | 1 + tests/data/test1098 | 2 + tests/data/test1104 | 2 + tests/data/test1106 | 1 + tests/data/test1139 | 26 + tests/data/test1140 | 26 + tests/data/test1141 | 70 + tests/data/test1142 | 64 + tests/data/test1143 | 45 + tests/data/test1144 | 62 + tests/data/test1213 | 1 + tests/data/test1214 | 1 + tests/data/test1215 | 2 + tests/data/test1216 | 2 + tests/data/test1218 | 3 + tests/data/test1228 | 2 + tests/data/test1230 | 1 + tests/data/test1232 | 2 + tests/data/test1241 | 2 + tests/data/test1244 | 61 + tests/data/test1312 | 2 +- tests/data/test1314 | 2 + tests/data/test1319 | 1 + tests/data/test1320 | 1 + tests/data/test1321 | 1 + tests/data/test1322 | 57 + tests/data/test1331 | 2 + tests/data/test1415 | 1 + tests/data/test1421 | 2 + tests/data/test1428 | 1 + tests/data/test148 | 1 + tests/data/test1509 | 1 + tests/data/test1517 | 69 + tests/data/test1525 | 1 + tests/data/test1526 | 1 + tests/data/test1527 | 1 + tests/data/test1528 | 1 + tests/data/test16 | 1 + tests/data/test161 | 6 +- tests/data/test162 | 1 + tests/data/test165 | 1 + tests/data/test167 | 2 + tests/data/test168 | 3 + tests/data/test169 | 3 + tests/data/test170 | 1 + tests/data/test1700 | 101 + tests/data/test1701 | 83 + tests/data/test1702 | 78 + tests/data/test171 | 1 + tests/data/test179 | 1 + tests/data/test1800 | 4 +- tests/data/test1801 | 4 +- tests/data/test183 | 2 + tests/data/test184 | 2 + tests/data/test185 | 2 + tests/data/test2047 | 2 + tests/data/test2049 | 64 + tests/data/test2050 | 78 + tests/data/test2051 | 74 + tests/data/test2052 | 68 + tests/data/test206 | 2 + tests/data/test208 | 1 + tests/data/test209 | 2 + tests/data/test213 | 2 + tests/data/test217 | 1 + tests/data/test219 | 37 + tests/data/test233 | 2 + tests/data/test234 | 2 + tests/data/test239 | 2 + tests/data/test243 | 3 + tests/data/test256 | 1 + tests/data/test257 | 3 + tests/data/test258 | 4 + tests/data/test259 | 2 + tests/data/test263 | 1 + tests/data/test264 | 1 + tests/data/test265 | 2 + tests/data/test275 | 1 + tests/data/test278 | 1 + tests/data/test279 | 1 + tests/data/test287 | 1 + tests/data/test299 | 1 + tests/data/test43 | 2 + tests/data/test5 | 1 + tests/data/test503 | 1 + tests/data/test523 | 1 + tests/data/test540 | 3 + tests/data/test547 | 3 + tests/data/test548 | 3 + tests/data/test549 | 1 + tests/data/test550 | 1 + tests/data/test551 | 2 + tests/data/test552 | Bin 142925 -> 142985 bytes tests/data/test555 | 3 + tests/data/test557 | 1 + tests/data/test558 | 5 +- tests/data/test561 | 1 + tests/data/test563 | 1 + tests/data/test590 | 3 + tests/data/test63 | 1 + tests/data/test79 | 1 + tests/data/test80 | 1 + tests/data/test81 | 2 + tests/data/test82 | 1 + tests/data/test83 | 1 + tests/data/test84 | 1 + tests/data/test85 | 1 + tests/data/test93 | 1 + tests/data/test94 | 1 + tests/data/test95 | 1 + tests/http2-server.pl | 75 + tests/libtest/Makefile.am | 5 +- tests/libtest/Makefile.in | 746 +- tests/libtest/Makefile.inc | 5 +- tests/libtest/chkhostname.c | 6 +- tests/libtest/first.c | 6 +- tests/libtest/lib1500.c | 4 +- tests/libtest/lib1501.c | 4 +- tests/libtest/lib1502.c | 5 +- tests/libtest/lib1506.c | 8 +- tests/libtest/lib1507.c | 4 +- tests/libtest/lib1510.c | 8 +- tests/libtest/lib1512.c | 10 +- tests/libtest/lib1515.c | 11 +- tests/libtest/lib1517.c | 116 + tests/libtest/lib1525.c | 6 +- tests/libtest/lib1526.c | 8 +- tests/libtest/lib1527.c | 8 +- tests/libtest/lib1528.c | 4 +- tests/libtest/lib1531.c | 12 +- tests/libtest/lib1900.c | 10 +- tests/libtest/lib500.c | 74 +- tests/libtest/lib501.c | 6 +- tests/libtest/lib504.c | 4 +- tests/libtest/lib505.c | 23 +- tests/libtest/lib506.c | 213 +- tests/libtest/lib508.c | 6 +- tests/libtest/lib509.c | 6 +- tests/libtest/lib510.c | 8 +- tests/libtest/lib511.c | 6 +- tests/libtest/lib513.c | 6 +- tests/libtest/lib514.c | 6 +- tests/libtest/lib515.c | 6 +- tests/libtest/lib516.c | 6 +- tests/libtest/lib518.c | 180 +- tests/libtest/lib519.c | 6 +- tests/libtest/lib520.c | 6 +- tests/libtest/lib521.c | 6 +- tests/libtest/lib523.c | 6 +- tests/libtest/lib524.c | 6 +- tests/libtest/lib525.c | 8 +- tests/libtest/lib530.c | 4 +- tests/libtest/lib537.c | 177 +- tests/libtest/lib539.c | 13 +- tests/libtest/lib540.c | 8 +- tests/libtest/lib541.c | 14 +- tests/libtest/lib542.c | 8 +- tests/libtest/lib543.c | 4 +- tests/libtest/lib544.c | 6 +- tests/libtest/lib547.c | 9 +- tests/libtest/lib549.c | 6 +- tests/libtest/lib552.c | 22 +- tests/libtest/lib553.c | 12 +- tests/libtest/lib554.c | 6 +- tests/libtest/lib555.c | 7 +- tests/libtest/lib556.c | 6 +- tests/libtest/lib557.c | 60 +- tests/libtest/lib558.c | 4 +- tests/libtest/lib562.c | 8 +- tests/libtest/lib566.c | 6 +- tests/libtest/lib567.c | 6 +- tests/libtest/lib568.c | 9 +- tests/libtest/lib569.c | 9 +- tests/libtest/lib570.c | 6 +- tests/libtest/lib571.c | 11 +- tests/libtest/lib572.c | 6 +- tests/libtest/lib573.c | 8 +- tests/libtest/lib574.c | 6 +- tests/libtest/lib576.c | 7 +- tests/libtest/lib578.c | 14 +- tests/libtest/lib579.c | 8 +- tests/libtest/lib582.c | 53 +- tests/libtest/lib586.c | 101 +- tests/libtest/lib590.c | 10 +- tests/libtest/lib597.c | 11 +- tests/libtest/lib598.c | 6 +- tests/libtest/lib599.c | 10 +- tests/libtest/libauthretry.c | 45 +- tests/libtest/libntlmconnect.c | 48 +- tests/libtest/test.h | 274 +- tests/libtest/testutil.c | 4 +- tests/manpage-scan.pl | 287 + tests/nroff-scan.pl | 104 + tests/pathhelp.pm | 761 ++ tests/runtests.pdf | Bin 21980 -> 21980 bytes tests/runtests.pl | 129 +- tests/secureserver.pl | 8 +- tests/server/Makefile.am | 4 +- tests/server/Makefile.in | 5 +- tests/server/fake_ntlm.c | 17 +- tests/server/getpart.c | 6 +- tests/server/resolve.c | 6 +- tests/server/rtspd.c | 107 +- tests/server/sockfilt.c | 59 +- tests/server/sws.c | 104 +- tests/server/testpart.c | 4 +- tests/server/tftpd.c | 126 +- tests/server/util.c | 23 +- tests/serverhelp.pm | 5 +- tests/sshserver.pl | 19 +- tests/testcurl.pdf | Bin 22145 -> 22145 bytes tests/unit/Makefile.am | 5 +- tests/unit/Makefile.in | 7 +- tests/unit/curlcheck.h | 21 +- tests/unit/unit1300.c | 6 +- tests/unit/unit1301.c | 20 +- tests/unit/unit1302.c | 36 +- tests/unit/unit1303.c | 10 +- tests/unit/unit1304.c | 22 +- tests/unit/unit1305.c | 20 +- tests/unit/unit1307.c | 8 +- tests/unit/unit1394.c | 14 +- tests/unit/unit1396.c | 4 +- tests/unit/unit1397.c | 72 +- tests/unit/unit1398.c | 26 +- tests/unit/unit1600.c | 6 +- tests/unit/unit1601.c | 3 +- tests/unit/unit1602.c | 7 +- tests/unit/unit1603.c | 6 +- tests/unit/unit1604.c | 4 +- winbuild/BUILD.WINDOWS.txt | 1 + winbuild/Makefile.vc | 432 +- winbuild/MakefileBuild.vc | 54 +- 1034 files changed, 31749 insertions(+), 22023 deletions(-) create mode 100644 docs/CHECKSRC.md delete mode 100644 docs/CONTRIBUTE create mode 100644 docs/CONTRIBUTE.md rename docs/{HISTORY => HISTORY.md} (100%) delete mode 100644 docs/HTTP-COOKIES create mode 100644 docs/HTTP-COOKIES.md rename docs/{INTERNALS => INTERNALS.md} (93%) delete mode 100644 docs/LICENSE-MIXING create mode 100644 docs/LICENSE-MIXING.md rename docs/{SECURITY => SECURITY.md} (91%) rename docs/{SSL-PROBLEMS => SSL-PROBLEMS.md} (95%) rename docs/{SSLCERTS => SSLCERTS.md} (100%) create mode 100644 docs/libcurl/curl_multi_socket_all.3 create mode 100644 docs/libcurl/curl_multi_socket_all.html create mode 100644 docs/libcurl/curl_multi_socket_all.pdf create mode 100644 docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 create mode 100644 docs/libcurl/opts/CURLOPT_CONNECT_TO.3 create mode 100644 docs/libcurl/opts/CURLOPT_CONNECT_TO.html create mode 100644 docs/libcurl/opts/CURLOPT_CONNECT_TO.pdf create mode 100644 docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 create mode 100644 docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.html create mode 100644 docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.pdf delete mode 100644 lib/checksrc.whitelist delete mode 100644 lib/curl_sasl_sspi.c delete mode 100644 lib/http_negotiate_sspi.c rename lib/{curl_ntlm.c => http_ntlm.c} (92%) rename lib/{curl_ntlm.h => http_ntlm.h} (100%) create mode 100644 lib/system_win32.c create mode 100644 lib/system_win32.h create mode 100644 lib/vauth/cleartext.c create mode 100644 lib/vauth/cram.c create mode 100644 lib/vauth/digest.c create mode 100644 lib/vauth/digest.h create mode 100644 lib/vauth/digest_sspi.c rename lib/{curl_sasl_gssapi.c => vauth/krb5_gssapi.c} (69%) create mode 100644 lib/vauth/krb5_sspi.c rename lib/{curl_ntlm_msgs.c => vauth/ntlm.c} (95%) rename lib/{curl_ntlm_msgs.h => vauth/ntlm.h} (97%) create mode 100644 lib/vauth/ntlm_sspi.c create mode 100644 lib/vauth/oauth2.c create mode 100644 lib/vauth/spnego_gssapi.c create mode 100644 lib/vauth/spnego_sspi.c create mode 100644 lib/vauth/vauth.c create mode 100644 lib/vauth/vauth.h delete mode 100644 src/checksrc.whitelist create mode 100644 tests/data/test1139 create mode 100644 tests/data/test1140 create mode 100644 tests/data/test1141 create mode 100644 tests/data/test1142 create mode 100644 tests/data/test1143 create mode 100644 tests/data/test1144 create mode 100644 tests/data/test1244 create mode 100644 tests/data/test1322 create mode 100644 tests/data/test1517 create mode 100644 tests/data/test1700 create mode 100644 tests/data/test1701 create mode 100644 tests/data/test1702 create mode 100644 tests/data/test2049 create mode 100644 tests/data/test2050 create mode 100644 tests/data/test2051 create mode 100644 tests/data/test2052 create mode 100644 tests/data/test219 create mode 100755 tests/http2-server.pl create mode 100644 tests/libtest/lib1517.c create mode 100644 tests/manpage-scan.pl create mode 100644 tests/nroff-scan.pl create mode 100644 tests/pathhelp.pm diff --git a/CHANGES b/CHANGES index da5ded9..b08f71d 100644 --- a/CHANGES +++ b/CHANGES @@ -6,5470 +6,5683 @@ Changelog -Version 7.48.0 (23 Mar 2016) +Version 7.50.2 (7 Sep 2016) -Daniel Stenberg (23 Mar 2016) -- RELEASE-NOTES: curl 7.48.0 +Daniel Stenberg (7 Sep 2016) +- RELEASE-NOTES: curl 7.50.2 release -- THANKS: 15 new contributors from 7.48.0 release +- THANKS: updated for 7.50.2 -Jay Satiro (23 Mar 2016) -- CURLINFO_TLS_SSL_PTR.3: Warn about limitations - - Bug: https://github.com/curl/curl/issues/685 +Jay Satiro (6 Sep 2016) +- [Gaurav Malhotra brought this change] -Daniel Stenberg (22 Mar 2016) -- Revert "sshserver: remove use of AuthorizedKeysFile2" + openssl: fix CURLINFO_SSL_VERIFYRESULT - It seems we may have some autobuild problems after this commit went - in. Trying to see if a revert helps to get them back. + CURLINFO_SSL_VERIFYRESULT does not get the certificate verification + result when SSL_connect fails because of a certificate verification + error. - This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642. + This fix saves the result of SSL_get_verify_result so that it is + returned by CURLINFO_SSL_VERIFYRESULT. + + Closes https://github.com/curl/curl/pull/995 -- maketgz: add -j to make dist +Daniel Stenberg (6 Sep 2016) +- [Daniel Gustafsson brought this change] + + darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993) - ... makes it a lot faster + While noErr and errSecSuccess are defined as the same value, the API + documentation states that SecPKCS12Import() returns errSecSuccess if + there were no errors in importing. Ensure that a future change of the + defined value doesn't break (however unlikely) and be consistent with + the API docs. -- libcurl-thread.3: minor nroff format fix +- [Daniel Gustafsson brought this change] -- CURLINFO_TLS_SSL_PTR.3: minor nroff format fix + docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994) -- CODE_STYLE: indend example code - - ... to make it look nicer in markdown outputa +- [Marcel Raad brought this change] -Jay Satiro (22 Mar 2016) -- build-wolfssl: Update VS properties for wolfSSL v3.9.0 + openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L - - Do not use wolfSSL's sample user-setting files. + With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup + functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The + replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and + OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is + now called OpenSSL_version_num(). - wolfSSL starting in v3.9.0 has added their own sample user settings that - are applied by default, but we don't use them because we have our own - settings. + [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html + [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html - - Do not use wolfSSL's Visual Studio Unicode character setting. + Closes #992 + +- RELEASE-NOTES: synced with 3d4c0c8b9bc1d + +- http2: return EOF when done uploading without known size - wolfSSL Visual Studio projects use the Unicode character set however our - settings and options imitate mingw build which does not use the Unicode - character set. This does not appear to have any effect at the moment but - better safe than sorry. + Fixes #982 + +- http2: skip the content-length parsing, detect unknown size + +- http2: minor white space edit + +- http2: use named define instead of magic constant in read callback + +- [Craig Davison brought this change] + + configure: make the cpp -P detection not clobber CPPFLAGS + CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF. - These changes are backwards compatible with earlier versions. + Fixes #958 -Steve Holme (22 Mar 2016) -- hostip6: Fixed compilation warnings when verbose strings disabled +- [Olivier Brunel brought this change] + + speed caps: not based on average speeds anymore - warning C4189: 'data': local variable is initialized but not referenced + Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & + CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits + with the cumulative average speed of the entire transfer; While this + might work at times with good/constant connections, in other cases it + can result to the limits simply being "ignored" for more than "short + bursts" (as told in man page). - ...and some minor formatting/spacing changes. - -Daniel Stenberg (21 Mar 2016) -- sshserver: remove use of AuthorizedKeysFile2 + Consider a download that goes on much slower than the limit for some + time (because bandwidth is used elsewhere, server is slow, whatever the + reason), then once things get better, curl would simply ignore the limit + up until the average speed (since the beginning of the transfer) reached + the limit. This could prove the limit useless to effectively avoid + using the entire bandwidth (at least for quite some time). - Support for the (undocumented) AuthorizedKeysFile2 was removed in - OpenSSH 5.9, released in September 2011 + So instead, we now use a "moving starting point" as reference, and every + time at least as much as the limit as been transferred, we can reset + this starting point to the current position. This gets a good limiting + effect that applies to the "current speed" with instant reactivity (in + case of sudden speed burst). - Closes #715 + Closes #971 -Steve Holme (20 Mar 2016) -- connect/ntlm/http: Fixed compilation warnings when verbose strings disabled - - warning C4189: 'data': local variable is initialized but not referenced +- HISTORY.md: the multi socket was put in the wrong year! -- openssl: Fixed compilation warning when /Wall enabled - - warning C4706: assignment within conditional expression +- [Mark Hamilton brought this change] -- CODE_STYLE: Use boolean conditions + tool_helpers.c: fix comment typo (#989) + +- [Mark Hamilton brought this change] + + libtest/test.h: fix typo (#988) + +- CURLMOPT_PIPELINING.3: language + +- CURLMOPT_PIPELINING.3: extended and clarified - Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions. + Especially in regards to the multiplexing part. + +Steve Holme (31 Aug 2016) +- curl_sspi.c: Updated function description comments - Additionally, corrected some example code to adhere to the recommended - coding style. + * Added description to Curl_sspi_free_identity() + * Added parameter and return explanations to Curl_sspi_global_init() + * Added parameter explaination to Curl_sspi_global_cleanup() -- inet_pton.c: Fixed compilation warnings +- README: Corrected the supported Visual Studio versions - warning: conversion to 'unsigned char' from 'int' may alter its value + Missed from commit 8356022d17. -Daniel Stenberg (19 Mar 2016) -- RELEASE-NOTES: synced with 80851028efc2fa9 +- KNOWN_BUGS: Move the Visual Studio project shortcomings from local README -- mbedtls: fix compiler warning +- KNOWN_BUGS: Expand 6.4 to include Kerberos V5 - vtls/mbedtls.h:67:36: warning: implicit declaration of function - ‘mbedtls_sha256’ [-Wimplicit-function-declaration] + ...and discuss a possible solution. -Steve Holme (19 Mar 2016) -- easy: Minor coding standard and style updates +Daniel Stenberg (30 Aug 2016) +- connect: fix #ifdefs for debug versions of conn/streamclose() macros - Following commit c5744340db. Additionally removes the need for a second - 'result code' variable as well. - -Jay Satiro (19 Mar 2016) -- easy: Remove poll failure check in easy_transfer + CURLDEBUG is for the memory debugging - .. because curl_multi_wait can no longer signal poll failure. + DEBUGBUILD is for the extra debug stuff - follow-up to 77e1726 + Pointed-out-by: Steve Holme + +- KNOWN_BUGS: mention some cmake "support gaps" + +Nick Zitzmann (28 Aug 2016) +- darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only - Bug: https://github.com/curl/curl/issues/707 + In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead. -Steve Holme (19 Mar 2016) -- build: Added missing Visual Studio filter files for VC10 onwards +Daniel Stenberg (28 Aug 2016) +- http2: return CURLE_HTTP2_STREAM for unexpected stream close - As these files don't need to contain references to the source files, - although typically do, added basic files which only include three - filters and don't require the project file generator to be modified. + Follow-up to c3e906e9cd0f, seems like a more appropriate error code - These files allow the source code to be viewed in the Solution Explorer - in versions of Visual Studio from 2010 onwards in the same manner as - previous versions did rather than one large view of files. + Suggested-by: Jay Satiro -- ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled - - warning C4706: assignment within conditional expression +- [Tatsuhiro Tsujikawa brought this change] -- config-w32.h: Fixed compilation warning when /Wall enabled + http2: handle closed streams when uploading - warning C4668: 'USE_IPV6' is not defined as a preprocessor macro, - replacing with '0' for '#if/#elif' + Fixes #986 -- imap.c: Fixed compilation warning with /Wall enabled - - warning C4701: potentially uninitialized local variable 'size' used +- http2: make sure stream errors don't needlessly close the connection - Technically this can't happen, as the usage of 'size' is protected by - 'if(parsed)' and 'parsed' is only set after 'size' has been parsed. + With HTTP/2 each transfer is made in an indivial logical stream over the + connection, making most previous errors that caused the connection to get + forced-closed now instead just kill the stream and not the connection. - Anyway, lets keep the compiler happy. + Fixes #941 -- KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms +- Curl_verify_windows_version: minor edit to avoid compiler warnings + + ... instead of if() before the switch(), add a default to the switch so + that the compilers don't warn on "warning: enumeration value + 'PLATFORM_DONT_CARE' not handled in switch" anymore. -Daniel Stenberg (18 Mar 2016) -- bump: the coming release is 7.48.0 +Steve Holme (27 Aug 2016) +- RELEASE-NOTES: Added missing fix from commit 15592143f -- configure: use cpp -P when needed +Jay Satiro (26 Aug 2016) +- schannel: Disable ALPN for Wine since it is causing problems - Since gcc 5, the processor output can get split up on multiple lines - that made the configure script fail to figure out values from - definitions. The fix is to use cpp -P, and this fix now first checks if - cpp -P is necessary and then if cpp -P works before it uses that to - extract defined values. + - Disable ALPN on Wine. - Fixes #719 + - Don't pass input secbuffer when ALPN is disabled. + + When ALPN support was added a change was made to pass an input secbuffer + to initialize the context. When ALPN is enabled the buffer contains the + ALPN information, and when it's disabled the buffer is empty. In either + case this input buffer caused problems with Wine and connections would + not complete. + + Bug: https://github.com/curl/curl/issues/983 + Reported-by: Christian Fillion -Steve Holme (18 Mar 2016) -- formdata.c: Fixed compilation warning +Kamil Dudka (26 Aug 2016) +- [Peter Wang brought this change] + + nss: work around race condition in PK11_FindSlotByName() - formdata.c:390: warning: cast from pointer to integer of different size + Serialise the call to PK11_FindSlotByName() to avoid spurious errors in + a multi-threaded environment. The underlying cause is a race condition + in nssSlot_IsTokenPresent(). - Introduced in commit ca5f9341ef this happens because a char*, which is - 32-bits wide in 32-bit land, is being cast to a curl_off_t which is - 64-bits wide where 64-bit integers are supported by the compiler. + Bug: https://bugzilla.mozilla.org/1297397 - This doesn't happen in 64-bit land as a pointer is the same size as a - curl_off_t. + Closes #985 + +- nss: refuse previously loaded certificate from file - This fix doesn't address the fact that a 64-bit value cannot be used - for CURLFORM_CONTENTLEN when set in a form array and compiled on a - 32-bit platforms, it does at least suppress the compilation warning. + ... when we are not asked to use a certificate from file -Daniel Stenberg (18 Mar 2016) -- FAQ: 2.5 Install libcurl for both 32bit and 64bit? +Daniel Stenberg (26 Aug 2016) +- ftp_done: remove dead code -- [Gisle Vanem brought this change] +- TLS: random file/egd doesn't have to match for conn reuse - openssl: adapt to API breakage in ERR_remove_thread_state() +- test161: add comment for the exit code + +Dan Fandrich (26 Aug 2016) +- test219: Add http as a required feature + +Daniel Stenberg (25 Aug 2016) +- [Michael Kaufmann brought this change] + + HTTP: stop parsing headers when switching to unknown protocols - The OpenSSL API change that broke this is "Convert ERR_STATE to new - multi-threading API": openssl commit 8509dcc. + - unknown protocols probably won't send more headers (e.g. WebSocket) + - improved comments and moved them to the correct case statements - Closes #713 + Closes #899 -- version: init moved to private name space, added protos +- openssl: make build with 1.1.0 again - follow-up to 80015cdd52145 + synced with OpenSSL git master commit cc06906707 -- openssl: verbose: show matching SAN pattern +- INTERNALS: fix title + +- configure: detect zlib with our pkg-config macros - ... to allow users to see which specfic wildcard that matched when such - is used. + ... instead of relying on the pkg-config autoconf macros to be present. - Also minor logic cleanup to simplify the code, and I removed all tabs - from verbose strings. - -Jay Satiro (16 Mar 2016) -- version: thread safety + Fixes #972 (again...) -Steve Holme (16 Mar 2016) -- transfer: Removed redundant HTTP authentication include files +Jay Satiro (25 Aug 2016) +- http2: Remove incorrect comments - It would also seem that share.h is not required here either as there - are no references to the Curl_share structure or functions. + .. also remove same from scp -- easy: Removed redundant HTTP authentication include files +Daniel Stenberg (23 Aug 2016) +- [Ales Novak brought this change] -Jay Satiro (15 Mar 2016) -- CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support + ftp: fix wrong poll on the secondary socket - Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html - Reported-by: Oliver Graute + When we're uploading using FTP and the server issues a tiny pause + between opening the connection to the client's secondary socket, the + client's initial poll() times out, which leads to second poll() which + does not wait for POLLIN on the secondary socket. So that poll() also + has to time out, creating a long (200ms) pause. + + This patch adds the correct flag to the secondary socket, making the + second poll() correctly wait for the connection there too. + + Signed-off-by: Ales Novak + + Closes #978 -Steve Holme (15 Mar 2016) -- curl_sasl: Minor code indent fixes +- RELEASE-NOTES: synced with 95ded2c56 -Daniel Stenberg (14 Mar 2016) -- runtests: mention when run event-based +- configure: make it work without PKG_CHECK_MODULES + + With commit c2f9b78 we added a new dependency on pkg-config for + developers which may be unwanted. This change make the configure script + still work as before if pkg-config isn't installed, it'll just use the + old zlib detection logic without pkg-config. + + Reported-by: Marc Hörsken + + Fixes #972 -- easy: add check to malloc() when running event-based +Marc Hoersken (21 Aug 2016) +- Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6" - ... to allow torture tests then too. + This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554. + + As discussed in #835 SOCKS5 supports IPv6 proxies and destinations. -- memdebug: skip logging the limit countdown, fflush when reached +Daniel Stenberg (21 Aug 2016) +- [Marco Deckel brought this change] -- CODE_STYLE: Space around operators + win: Basic support for Universal Windows Platform apps - As just discussed on the mailing list, also document how we prefer - spacing in expressions. + Closes #820 -- curl: glob_range: no need to check unsigned variable for negative +Steve Holme (21 Aug 2016) +- sasl: Don't use GSSAPI authentication when domain name not specified - cppcheck warned: + Only choose the GSSAPI authentication mechanism when the user name + contains a Windows domain name or the user is a valid UPN. - [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' - is less than zero. + Fixes #718 -- CODE_STYLE: add example for indent style as well +- vauth: Added check for supported SSPI based authentication mechanisms + + Completing commit 00417fd66c and 2708d4259b. -- CODE_STYLE: mention braces for functions too +- http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check + + From commit 2708d4259b. -- docs/Makefile.am: include CODE_STYLE in tarball too +Marc Hoersken (20 Aug 2016) +- socks.c: display the hostname returned by the SOCKS5 proxy server + + Instead of displaying the requested hostname the one returned + by the SOCKS5 proxy server is used in case of connection error. + The requested hostname is displayed earlier in the connection sequence. + + The upper-value of the port is moved to a temporary variable and + replaced with a 0-byte to make sure the hostname is 0-terminated. -- CONTRIBUTE: moved out code style to a separate document +Steve Holme (20 Aug 2016) +- urldata.h: Corrected comment for httpcode which is also populated by SMTP + + As of 7.25.0 and commit 5430007222. -- CODE_STYLE: initial version +Marc Hoersken (20 Aug 2016) +- socks.c: use Curl_printable_address in SOCKS5 connection sequence - Ripped out from CONTRIBUTE into its own document, but also extended from - there. + Replace custom string formatting with Curl_printable_address. + Add additional debug and error output in case of failures. -- curl_sasl.c: minor code indent fixes +- socks.c: align SOCKS4 connection sequence with SOCKS5 + + Calling sscanf is not required since the raw IPv4 address is + available and the protocol can be detected using ai_family. -- multi: simplified singlesocket +Steve Holme (20 Aug 2016) +- http.c: Corrected indentation change from commit 2708d4259b - Since sh_getentry() now checks for invalid sockets itself and by - narrowing the scope of the remove_sock_from_hash variable. + Made by Visual Studio's auto-correct feature and missed by me in my own + code reviews! -- multi: introduce sh_getentry() for looking up sockets in the sockhash +- http: Added calls to Curl_auth_is__supported() - Simplify the code by using a single entry that looks for a socket in the - socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD - at some point and that is ineffective/wrong and this makes it easier to - avoid that. + Hooked up the HTTP authentication layer to query the new 'is mechanism + supported' functions when deciding what mechanism to use. + + As per commit 00417fd66c existing functionality is maintained for now. -- [Jaime Fullaondo brought this change] +Marc Hoersken (20 Aug 2016) +- socks.c: improve verbose output of SOCKS5 connection sequence - multi hash: ensure modulo performed on curl_socket_t - - Closes #712 +- configure.ac: add missing quotes to PKG_CHECK_MODULES -Steve Holme (13 Mar 2016) -- base64: Minor coding standard and style updates +Steve Holme (20 Aug 2016) +- sasl: Added calls to Curl_auth_is__supported() + + Hooked up the SASL authentication layer to query the new 'is mechanism + supported' functions when deciding what mechanism to use. + + For now existing functionality is maintained. -- base64: Use 'CURLcode result' for curl result codes +Daniel Stenberg (19 Aug 2016) +- [Miroslav Franc brought this change] -- negotiate: Use 'CURLcode result' for curl result codes + spnego_sspi: fix memory leak in case *outlen is zero (#970) -Daniel Stenberg (13 Mar 2016) -- [Maksim Kuzevanov brought this change] +- CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex - multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT +Steve Holme (18 Aug 2016) +- vauth: Introduced Curl_auth_is__supported() functions - Closes #703 - -- TODO: Use the RFC6265 test suite + As Windows SSPI authentication calls fail when a particular mechanism + isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 + and Negotiate to allow both HTTP and SASL authentication the opportunity + to query support for a supported mechanism before selecting it. + + For now each function returns TRUE to maintain compatability with the + existing code when called. -Steve Holme (13 Mar 2016) -- checksrc.bat: Added the ability to scan src and lib source independently +Daniel Stenberg (18 Aug 2016) +- test1144: verify HEAD with body-only response -- digest: Use boolean based success code for Curl_sasl_digest_get_pair() +Steve Holme (17 Aug 2016) +- RELEASE-PROCEDURE: Added some more future release dates - Rather than use a 0 and 1 integer base result code use a TRUE / FALSE - based success code. + ...and removed some old ones -- digest: Corrected some typos in comments +Daniel Stenberg (17 Aug 2016) +- [David Woodhouse brought this change] -- krb5: Corrected some typos in function descriptions + curl: allow "pkcs11:" prefix for client certificates + + RFC7512 provides a standard method to reference certificates in PKCS#11 + tokens, by means of a URI starting 'pkcs11:'. + + We're working on fixing various applications so that whenever they would + have been able to use certificates from a file, users can simply insert + a PKCS#11 URI instead and expect it to work. This expectation is now a + part of the Fedora packaging guidelines, for example. + + This doesn't work with cURL because of the way that the colon is used + to separate the certificate argument from the passphrase. So instead of + + curl -E 'pkcs11:manufacturer=piv_II;id=%01' … + + I instead need to invoke cURL with the colon escaped, like this: + + curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … + + This is suboptimal because we want *consistency* — the URI should be + usable in place of a filename anywhere, without having strange + differences for different applications. + + This patch therefore disables the processing in parse_cert_parameter() + when the string starts with 'pkcs11:'. It means you can't pass a + passphrase with an unescaped PKCS#11 URI, but there's no need to do so + because RFC7512 allows a PIN to be given as a 'pin-value' attribute in + the URI itself. + + Also, if users are already using RFC7512 URIs with the colon escaped as + in the above example — even providing a passphrase for cURL to handling + instead of using a pin-value attribute, that will continue to work + because their string will start 'pkcs11\:' and won't match the check. + + What *does* break with this patch is the extremely unlikely case that a + user has a file which is in the local directory and literally named + just "pkcs11", and they have a passphrase on it. If that ever happened, + the user would need to refer to it as './pkcs11:' instead. -- ntlm: Corrected some typos in function descriptions +- nss: make the global variables static -- url: Corrected indentation when calling idna_to_ascii_lz() +- openssl: use regular malloc instead of OPENSSL_malloc + + This allows for better memmory debugging and torture tests. -- idn_win32: Use boolean based success codes +- proxy: fix tests as follow-up to 93b0d907d5 - Rather than use 0 and 1 integer base result codes use a FALSE / TRUE - based success code. + This fixes tests that were added after 113f04e664b as the tests would + fail otherwise. + + We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix + regressions with old and stupid proxies, but we could possibly switch to + using it only for CONNECT or only for NTLM in a future if we want to + gradually reduce it. + + Fixes #954 + + Reported-by: János Fekete -Daniel Stenberg (10 Mar 2016) -- idn_win32.c: warning: Trailing whitespace +- Revert "Proxy-Connection: stop sending this header by default" + + This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68. -Steve Holme (10 Mar 2016) -- idn_win32.c: Fixed compilation warning from commit 9e7fcd4291 +- CURLOPT_PROXY.3: unsupported schemes cause errors now - warning C4267: 'function': conversion from 'size_t' to 'int', - possible loss of data + Follow-up to a96319ebb9 (document the new behavior) -Daniel Stenberg (10 Mar 2016) -- THANKS-filter: unify Michael König +- tests/README: mention nghttpx for HTTP/2 tests -- RELEASE-NOTES: synced with 863c5766dd +- README.md: add our CII Best Practices badge -- ftp: remove a check for NULL(!) +- proxy: polished the error message for unsupported schemes - ... as it implies we need to check for that on all the other variable - references as well (as Coverity otherwise warns us for missing NULL - checks), and we're alredy making sure that the pointer is never NULL. + Follow up to a96319ebb93 -- cookies: first n/v pair in Set-Cookie: is the cookie, then parameters - - RFC 6265 section 4.1.1 spells out that the first name/value pair in the - header is the actual cookie name and content, while the following are - the parameters. - - libcurl previously had a more liberal approach which causes significant - problems when introducing new cookie parameters, like the suggested new - cookie priority draft. +- test219: verify unsupported scheme for proxies get rejected + +- proxy: reject attempts to use unsupported proxy schemes - The previous logic read all n/v pairs from left-to-right and the first - name used that wassn't a known parameter name would be used as the - cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be - a cookie named 'person' while an RFC 6265 compliant parser should - consider that to be a cookie named 'Max-Age' with an (unknown) parameter - 'person'. + I discovered some people have been using "https://example.com" style + strings as proxy and it "works" (curl doesn't complain) because curl + ignores unknown schemes and then assumes plain HTTP instead. - Fixes #709 + I think this misleads users into believing curl uses HTTPS to proxies + when it doesn't. Now curl rejects proxy strings using unsupported + schemes instead of just ignoring and defaulting to HTTP. -- krb5: improved type handling to avoid clang compiler warnings +- RELEASE-NOTES: synced with b7ee5316c2fd5b -- url.c: fix clang warning: no newline at end of file +Marc Hoersken (14 Aug 2016) +- socks.c: Correctly calculate position of port in response packet + + Third commit to fix issue #944 regarding SOCKS5 error handling. + + Reported-by: David Kalnischkies -- curl_multi_wait: never return -1 in 'numfds' +- socks.c: Do not modify and invalidate calculated response length - Such a return value isn't documented but could still happen, and the - curl tool code checks for it. It would happen when the underlying - Curl_poll() function returns an error. Starting now we mask that error - as a user of curl_multi_wait() would have no way to handle it anyway. + Second commit to fix issue #944 regarding SOCKS5 error handling. - Reported-by: Jay Satiro - Closes #707 + Reported-by: David Kalnischkies -- HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link +- socks.c: Move error output after reading the whole response packet + + First commit to fix issue #944 regarding SOCKS5 error handling. + + Reported-by: David Kalnischkies -- curl_multi_wait.3: add example +Daniel Stenberg (13 Aug 2016) +- [Ronnie Mose brought this change] -Steve Holme (8 Mar 2016) -- imap/pop3/smtp: Fixed connections upgraded with TLS are not reused - - Regression since commit 710f14edba. + MANUAL: Remove invalid link to LDAP documentation (#962) - Bug: https://github.com/curl/curl/issues/422 - Reported-by: Justin Ehlert + The server developer.netscape.com does not resolve into any + ip address and can be removed. -Jay Satiro (8 Mar 2016) -- opt-docs: fix heading macros +Jay Satiro (13 Aug 2016) +- openssl: accept subjectAltName iPAddress if no dNSName match - ..SH should be .SH + Undo change introduced in d4643d6 which caused iPAddress match to be + ignored if dNSName was present but did not match. - Bug: https://github.com/curl/curl/issues/705 - Reported-by: Eric S. Raymond + Also, if iPAddress is present but does not match, and dNSName is not + present, fail as no-match. Prior to this change in such a case the CN + would be checked for a match. + + Bug: https://github.com/curl/curl/issues/959 + Reported-by: wmsch@users.noreply.github.com -Kamil Dudka (8 Mar 2016) -- [Tim Rühsen brought this change] +Daniel Stenberg (12 Aug 2016) +- [Dambaev Alexander brought this change] - cookie: do not refuse cookies for localhost + configure.ac: add zlib search with pkg-config - Closes #658 + Closes #956 -Daniel Stenberg (8 Mar 2016) -- ftp_done: clear tunnel_state when secondary socket closes +- rtsp: ignore whitespace in session id - Introducing a function for closing the secondary connection to make this - bug less likely to happen again. + Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at + whitespace as well. - Reported-by: daboul - Closes #701 + Help-by: Erik Janssen -- [Gisle Vanem brought this change] +- HTTP: retry failed HEAD requests too + + Mark's new document about HTTP Retries + (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I + spotted that we don't retry failed HEAD requests which seems totally + inconsistent and I can't see any reason for that separate treatment. + + So, no separate treatment for HEAD starting now. A HTTP request sent + over a reused connection that gets cut off before a single byte is + received will be retried on a fresh connection. + + Made-aware-by: Mark Nottingham - openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages +- mk-ca-bundle.1: document -m, added in 1.26 -- HTTP2.md: HTTP/2 by default for curl's HTTPS connections +- RELEASE-NOTES: synced with e577c43bb5 -- [Anders Bakken brought this change] +- [Erik Janssen brought this change] - pipeline: Sanity check pipeline pointer before accessing it. + rtsp: accept any RTSP session id - I got a crash with this stack: + Makes libcurl work in communication with gstreamer-based RTSP + servers. The original code validates the session id to be in accordance + with the RFC. I think it is better not to do that: - curl/lib/url.c:2873 (Curl_removeHandleFromPipeline) - curl/lib/url.c:2919 (Curl_getoff_all_pipelines) - curl/lib/multi.c:561 (curl_multi_remove_handle) - curl/lib/url.c:415 (Curl_close) - curl/lib/easy.c:859 (curl_easy_cleanup) + - For curl the actual content is a don't care. - Closes #704 - -- HTTP2.md: mention the disable ALPN and NPN options - -- TODO: 17.12 keep running, read instructions from pipe/socket + - The clarity of the RFC is debatable, is $ allowed or only as \$, that + is imho not clear - And delete trailing whitespace - And rename section 17 to "command line tool" from "client" + - Gstreamer seems to url-encode the session id but % is not allowed by + the RFC - Closes #702 - -- README.md: linkified + - less code - It also makes it less readable as plain text, so let's keep this - primarily for github use. + With this patch curl will correctly handle real-life lines like: + Session: biTN4Kc.8%2B1w-AF.; timeout=60 - Removed the top ascii art logo, as it looks weird when markdownified. + Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html -- README.md: markdown version of README +- symbols-in-versions: add CURL_STRICTER - Attempt to make it look more appealing on github + Added in 5fce88aa8c12564 -Jay Satiro (6 Mar 2016) -- mprintf: update trio project link +- [Simon Warta brought this change] -Daniel Stenberg (6 Mar 2016) -- CURLOPT_ACCEPTTIMEOUT_MS.3: added example + winbuild: Allow changing C compiler via environment variable CC (#952) + + This makes it possible to use specific compilers or a cache. + + Sample use for clcache: + set CC=clcache.bat + nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no -- CURLOPT_ACCEPT_ENCODING.3: added example +- LICENSE-MIXING.md: switched to markdown -- CURLOPT_APPEND.3: added example +- docs-make: have markdown files use .md -- CURLOPT_NOPROGRESS.3: added example, conform to stardard style +- curl.h: make CURL_NO_OLDIES define CURL_STRICTER -Steve Holme (6 Mar 2016) -- build-openssl/checksrc.bat: Fixed prepend vs append of Perl path - - Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order - in which Perl was added to the PATH. +- HISTORY.md: use markdown extension -Daniel Stenberg (6 Mar 2016) -- opts: added two examples +- SSLCERTS.md: renamed to markdown extension -- CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example +- INTERNALS.md: use markdown extension for markdown content -- CURLOPT_SSL_CTX_FUNCTION.3: added example - - and removed erroneous reference to test case lib509 +- CONTRIBUTE.md: markdown extension -- curlx.c: use more curl style code +- CONTRIBUTE: changed to markdown -- test46: change cookie expiry date +- CONTRIBUTE: refreshed + +- TODO: added an SSH section and two SFTP things to do + +- TODO: remove the 1.22 duplicated item + +- TODO: move "CURLOPT_MAIL_CLIENT" to SMTP section + +- TODO: API for URL parsing/splitting + +- TODO: move QUIC to the HTTP section + +- [Simon Warta brought this change] + + winbuild: Free name $(CC) in Makefile (#950) - Since two of the cookies would now otherwise expire and cause the test - to fail after commit 20de9b4f09 + In the old line number 290, CC and CURL_CC had the same value. After + that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?). - Discussed in #697 + This gets rid of the CC variable entirely. It is a first step to make it + possible to manualyl set a CC variable in order to be able to change the + compiler. -Jay Satiro (5 Mar 2016) -- [Viktor Szakats brought this change] +- TODO: Use huge HTTP/2 windows - makefile.m32: add missing libs for static -winssl-ssh2 builds +- [Simon Warta brought this change] + + winbuild: Avoid setting redundant CFLAGS to compile commands (#949) - Bug: https://github.com/curl/curl/pull/693 + $(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this, + all arguments in CURL_CFLAGS have been added twice. -- mbedtls: fix user-specified SSL protocol version +Jay Satiro (8 Aug 2016) +- cmake: Enable win32 threaded resolver by default - Prior to this change when a single protocol CURL_SSLVERSION_ was - specified by the user that version was set only as the minimum version - but not as the maximum version as well. + - Turn on USE_THREADS_WIN32 in Windows if ares isn't on + + This change is similar to what we already do in the autotools build. -Steve Holme (5 Mar 2016) -- .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14 +- cmake: Enable win32 large file support by default + + All compilers used by cmake in Windows should support large files. + + - Add test SIZEOF_OFF_T + - Remove outdated test SIZEOF_CURL_OFF_T + - Turn on USE_WIN32_LARGE_FILES in Windows + - Check for 'Largefile' during the features output -- build-openssl.bat: Fixed cannot find perl if installed but not in path +Daniel Stenberg (7 Aug 2016) +- TODO: added several ideas, removed SPDY -- checksrc.bat: Fixed cannot find perl if installed but not in path +- http2: always wait for readable socket + + Since the server can at any time send a HTTP/2 frame to us, we need to + wait for the socket to be readable during all transfers so that we can + act on incoming frames even when uploading etc. + + Reminded-by: Tatsuhiro Tsujikawa -Jay Satiro (5 Mar 2016) -- [Viktor Szakats brought this change] +- RELEASE-NOTES: synced with 7b4bf37a44791 - makefile.m32: fix to allow -ssh2-winssl combination +- [Thomas Glanzmann brought this change] + + mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is defined - In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl - (OpenSSL) option, with no way to override it with -winssl. Since both - libssh2 and curl support using Windows's built-in SSL backend, modify - the logic to allow that combination. + In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal + to 0. This patch also adds a comment how mbedtls must be compiled in + order to make debugging work, and explains the possible debug levels. -- cookie: Don't expire session cookies in remove_expired +- CURLOPT_TCP_NODELAY: now enabled by default - Prior to this change cookies with an expiry date that failed parsing - and were converted to session cookies could be purged in remove_expired. + After a few wasted hours hunting down the reason for slowness during a + TLS handshake that turned out to be because of TCP_NODELAY not being + set, I think we have enough motivation to toggle the default for this + option. We now enable TCP_NODELAY by default and allow applications to + switch it off. - Bug: https://github.com/curl/curl/issues/697 - Reported-by: Seth Mos + This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be + used to disable it. + + Thanks-to: Tim Rühsen + Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html -Daniel Stenberg (3 Mar 2016) -- cookie: remove redundant check +- [Serj Kalichev brought this change] + + TFTP: Fix upload problem with piped input - ... as it was already checked previously within the function. + When input stream for curl is stdin and input stream is not a file but + generated by a script then curl can truncate data transfer to arbitrary + size since a partial packet is treated as end of transfer by TFTP. - Reported-by: Dmitry-Me - Closes #695 + Fixes #857 -Jay Satiro (1 Mar 2016) -- [Anders Bakken brought this change] - - url: if Curl_done is premature then pipeline not in use +- mk-ca-bundle.pl: -m keeps ca cert meta data in output - Prevent a crash if 2 (or more) requests are made to the same host and - pipelining is enabled and the connection does not complete. + Makes the script pass on comments holding meta data to the output + file. Like fingerprinters, issuer, date ranges etc. - Bug: https://github.com/curl/curl/pull/690 + Closes #937 -- [Viktor Szakats brought this change] +- multi: make Curl_expire() work with 0 ms timeouts + + Previously, passing a timeout of zero to Curl_expire() was a magic code + for clearing all timeouts for the handle. That is now instead made with + the new Curl_expire_clear() function and thus a 0 timeout is fine to set + and will trigger a timeout ASAP. + + This will help removing short delays, in particular notable when doing + HTTP/2. - makefile.m32: allow to pass .dll/.exe-specific LDFLAGS +- transfer: return without select when the read loop reached maxcount - using envvars `CURL_LDFLAG_EXTRAS_DLL` and - `CURL_LDFLAG_EXTRAS_EXE` respectively. This - is useful f.e. to pass ASLR-related extra - options, that are required to make this - feature work when using the mingw toolchain. + Regression added in 790d6de48515. The was then added to avoid one + particular transfer to starve out others. But when aborting due to + reading the maxcount, the connection must be marked to be read from + again without first doing a select as for some protocols (like SFTP/SCP) + the data may already have been read off the socket. - Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985 + Reported-by: Dan Donahue + Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html + +Steve Holme (3 Aug 2016) +- [Bill Nagel brought this change] + + mbedtls: Added support for NTLM + +Daniel Stenberg (3 Aug 2016) +- [Sergei Nikulov brought this change] + + travis: removed option to rebuild autotool from source - Closes https://github.com/curl/curl/pull/689 + Fixes #943 -Daniel Stenberg (29 Feb 2016) -- formpost: fix memory leaks in AddFormData error branches +- bump: start working toward 7.50.2 + +Version 7.50.1 (3 Aug 2016) + +Daniel Stenberg (3 Aug 2016) +- THANKS: 7 new contributors from the 7.50.1 release + +- RELEASE-NOTES: 7.50.1 + +- TLS: only reuse connections with the same client cert - Reported-by: Dmitry-Me - Fixes #688 + CVE-2016-5420 + Bug: https://curl.haxx.se/docs/adv_20160803B.html -Jay Satiro (28 Feb 2016) -- getinfo: Fix syntax error when mbedTLS +- TLS: switch off SSL session id when client cert is used - The assignment of the mbedTLS TLS session info in the parent commit was - incorrect. Change the assignment to a pointer to the session structure. + CVE-2016-5419 + Bug: https://curl.haxx.se/docs/adv_20160803A.html + Reported-by: Bru Rom + Contributions-by: Eric Rescorla and Ray Satiro -- getinfo: Add support for mbedTLS TLS session info +- curl_multi_cleanup: clear connection pointer for easy handles - .. and preprocessor check TLS session info is defined for all backends. + CVE-2016-5421 + Bug: https://curl.haxx.se/docs/adv_20160803C.html + Reported-by: Marcelo Echeverria and Fernando Muñoz -Daniel Stenberg (26 Feb 2016) -- ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on +- KNOWN_BUGS: SOCKS proxy not working via IPv6 + + Closes #835 -- file: try reading from files with no size +- KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - Some systems have special files that report as 0 bytes big, but still - contain data that can be read (for example /proc/cpuinfo on - Linux). Starting now, a zero byte size is considered "unknown" size and - will be read as far as possible anyway. + Closes #768 + +- KNOWN_BUGS: transfer-encoding: chunked in HTTP/2 - Reported-by: Jesse Tan + Closes #662 + +- TODO: Provide cmake config-file - Closes #681 + Closes #885 -Jay Satiro (25 Feb 2016) -- configure: warn on invalid ca bundle or path +Patrick Monnerat (2 Aug 2016) +- os400: define BUILDING_LIBCURL in make script. + +Daniel Stenberg (1 Aug 2016) +- RELEASE-NOTES: synced with aa9f536a18b + +Jay Satiro (1 Aug 2016) +- [Thomas Glanzmann brought this change] + + mbedtls: Fix debug function name - - Warn if --with-ca-bundle file does not exist. + This patch is necessary so that curl compiles if MBEDTLS_DEBUG is + defined. - - Warn if --with-ca-path directory does not contain certificates. + Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html + +Daniel Stenberg (1 Aug 2016) +- [Sergei Nikulov brought this change] + + travis: fix OSX build by re-installing libtool - - Improve help messages for both. + Apparently due to a broken homebrew install - Example configure output: + fixes #934 + Closes #939 + +- [Martin Vejnár brought this change] + + win32: fix a potential memory leak in Curl_load_library - ca cert bundle: /some/file (warning: certs not found) - ca cert path: /some/dir (warning: certs not found) + If a call to GetSystemDirectory fails, the `path` pointer that was + previously allocated would be leaked. This makes sure that `path` is + always freed. - Bug: https://github.com/curl/curl/issues/404 - Reported-by: Jeffrey Walton + Closes #938 -Daniel Stenberg (24 Feb 2016) -- Curl_read: check for activated HTTP/1 pipelining, not only requested +- include: revert 9adf3c4 and make public types void * again - ... as when pipelining is used, we read things into a unified buffer and - we don't do that with HTTP/2. This could then easily make programs that - set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data - intermixed or plain broken between HTTP/2 streams. + Many applications assume the actual contents of the public types and use + that do for example forward declarations (saving them from including our + public header) which then breaks when we switch from void * to a struct + *. - Reported-by: Anders Bakken + I'm not convinced we were wrong, but since this practise seems + widespread enough I'm willing to (partly) step down. + + Now libcurl uses the struct itself when it is built and it allows + applications to use the struct type if CURL_STRICTER is defined at the + time of the #include. + + Reported-by: Peter Frühberger + Fixes #926 -Patrick Monnerat (24 Feb 2016) -- os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS +Jay Satiro (28 Jul 2016) +- [Yonggang Luo brought this change] -Jay Satiro (23 Feb 2016) -- getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION + cmake: Fix for schannel support - The two options are almost the same, except in the case of OpenSSL: + The check_library_exists_concat do not check crypt32 library properly. + So include it directly. - CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *. + Bug: https://github.com/curl/curl/pull/917 + Reported-by: Yonggang Luo - CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *. + Bug: https://github.com/curl/curl/issues/935 + Reported-by: Alain Danteny + +- Revert "travis: Install libtool for OS X builds" - For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to - return an SSL pointer for OpenSSL. + Didn't work. - Also, add support for the 'internals' member to point to SSL object for - the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and - wolfSSL. - - Bug: https://github.com/curl/curl/issues/234 - Reported-by: dkjjr89@users.noreply.github.com - - Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html - Reported-by: Michael König + This reverts commit 50723585ed380744358de054e2a55dccee65dfd7. -Daniel Stenberg (23 Feb 2016) -- multi_remove_handle: keep the timeout list until after disconnect - - The internal Curl_done() function uses Curl_expire() at times and that - uses the timeout list. Better clean up the list once we're done using - it. This caused a segfault. +- travis: Install libtool for OS X builds - Reported-by: 蔡文凱 - Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html + CI is failing due to missing libtoolize, so I'm trying this. -Kamil Dudka (23 Feb 2016) -- tests/sshserver.pl: use RSA instead of DSA for host auth - - DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP - test cases to be skipped. Using RSA for host authentication works with - both old and new versions of OpenSSH. - - Reported-by: Karlson2k +Daniel Stenberg (26 Jul 2016) +- [Viktor Szakats brought this change] + + TODO: minor typo in last commit - Closes #676 + merged #931 -Jay Satiro (23 Feb 2016) -- TFTP: add option to suppress TFTP option requests (Part 2) +- TODO: Timeout idle connections from the pool + +Patrick Monnerat (25 Jul 2016) +- os400: minimum supported OS version: V6R1M0. + Do not log compilation informational messages. + +Jay Satiro (24 Jul 2016) +- tests: Fix for http/2 feature - - Add tests. + Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html + Reported-by: Paul Howarth + +Steve Holme (23 Jul 2016) +- README: Mention wolfSSL in the 'Dependencies' section + +- vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO - - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. + As SPNEGO is only defined when these pre-processor variables are defined + there is no need to query them explicitly. + +- spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration - - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. + Typo introduced in commit ad5e9bfd5d. + +Daniel Stenberg (22 Jul 2016) +- SECURITY: mention how to get windows-specific CVEs - Bug: https://github.com/curl/curl/issues/481 + ... and make the distros link a proper link -- [Michael Koenig brought this change] +Dan Fandrich (21 Jul 2016) +- test558: fix test by stripping file paths from FD lines - TFTP: add option to suppress TFTP option requests (Part 1) - - Some TFTP server implementations ignore the "TFTP Option extension" - (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing - problems with libcurl. Another switch for curl_easy_setopt - "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from - sending TFTP option requests to a server, avoiding many problems caused - by faulty implementations. - - Bug: https://github.com/curl/curl/issues/481 +Kamil Dudka (21 Jul 2016) +- tests: distribute the http2-server.pl script, too -Daniel Stenberg (22 Feb 2016) -- [Karlson2k brought this change] +- docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too - runtests: Fixed usage of %PWD on MinGW64 - - Closes #672 +Daniel Stenberg (21 Jul 2016) +- bump: start working on 7.50.1 -Jay Satiro (20 Feb 2016) -- CURLOPT_DEBUGFUNCTION.3: Fix example +Version 7.50.0 (21 Jul 2016) -- [Viktor Szakats brought this change] +Daniel Stenberg (21 Jul 2016) +- RELEASE-NOTES: version 7.50.0 ready - src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support +- THANKS: 13 new contributors from the 7.50.0 release + +Jay Satiro (21 Jul 2016) +- winbuild: fix embedded manifest option - Sync with lib/Makefile.m32 which already uses those variables. + Embedded manifest option didn't work due to typo. - Bug: https://github.com/curl/curl/pull/670 + Reported-by: Stefan Kanthak -Dan Fandrich (20 Feb 2016) -- Enabled test 1437 after the bug fix in commit 3fa220a6 +- vauth: Fix memleak by freeing credentials if out of memory + + This is a follow up to the parent commit dcdd4be which fixes one leak + but creates another by failing to free the credentials handle if out of + memory. Also there's a second location a few lines down where we fail to + do same. This commit fixes both of those issues. -Jay Satiro (19 Feb 2016) -- [Emil Lerner brought this change] +Daniel Stenberg (20 Jul 2016) +- [Saurav Babu brought this change] - curl_sasl: Fix memory leak in digest parser + vauth: Fixed memory leak due to function returning without free - If any parameter in a HTTP DIGEST challenge message is present multiple - times, memory allocated for all but the last entry should be freed. + This patch allocates memory to "output_token" only when it is required + so that memory is not leaked if function returns. + +- test558: updated after ipv6-check move - Bug: https://github.com/curl/curl/pull/667 + Follow-up commit to c50980807c5 to make this test pass. -Dan Fandrich (19 Feb 2016) -- Added test 1437 to verify a memory leak +Jay Satiro (20 Jul 2016) +- connect: disable TFO on Linux when using SSL - Reported-by: neex@users.noreply.github.com + - Linux TFO + TLS is not implemented yet. + + Bug: https://github.com/curl/curl/issues/907 -Jay Satiro (18 Feb 2016) -- CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style +Daniel Stenberg (19 Jul 2016) +- ROADMAP: QUIC and TLS 1.3 + +- RELEASE-NOTES: synced with c50980807c5 + +Jay Satiro (18 Jul 2016) +- [Brian Prodoehl brought this change] + + curl_global_init: Check if IPv6 works - Bug: https://github.com/curl/curl/issues/666 - Reported-by: baumanj@users.noreply.github.com + - Curl_ipv6works() is not thread-safe until after the first call, so + call it once during global init to avoid a possible race condition. + + Bug: https://github.com/curl/curl/issues/915 + PR: https://github.com/curl/curl/pull/918 -- curl.1: HTTP headers for --cookie must be Set-Cookie style +- [Timothy Polich brought this change] + + CURLMOPT_SOCKETFUNCTION.3: fix typo - Bug: https://github.com/curl/curl/issues/666 - Reported-by: baumanj@users.noreply.github.com + Closes https://github.com/curl/curl/pull/914 -Daniel Stenberg (18 Feb 2016) -- curl.1: add a missing dash +- [Miroslav Franc brought this change] -- CONTRIBUTING.md: fix links + library: Fix memory leaks found during static analysis + + Closes https://github.com/curl/curl/pull/913 -- ISSUE_TEMPLATE: github issue template +- [Viktor Szakats brought this change] + + cookie.c: Fix misleading indentation - First version, try this out! + Closes https://github.com/curl/curl/pull/911 -- CONTRIBUTING.md: move into .github +- FAQ: Update FTP directory listing section for MLSD command - To hide github specific files somewhat from the rest. + Explain how some FTP servers support the machine readable listing + format MLSD from RFC 3659 and compare it to LIST. + + Ref: https://github.com/curl/curl/issues/906 -- opts: add references +Daniel Stenberg (1 Jul 2016) +- [Sergei Nikulov brought this change] -- examples/make: add 'checksrc' target + Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING + + Closes #892 -- 10-at-a-time: typecast the argument passed to sleep() +- TODO: 17.4 also brings more HTTP/2 support -- externalsocket.c: fix compiler warning for fwrite return type +- TODO: try next proxy if one doesn't work + + Closes #896 -- anyauthput.c: fix compiler warnings +- conn: don't free easy handle data in handler->disconnect + + Reported-by: Gou Lingfeng + Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html -- simplessl.c: warning: while with space +- test1244: test different proxy ports same URL -- curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function +- curl_global_init.3: improved formatting of the flags + +- curl_global_init.3: expand on the SSL and WIN32 bits purpose - Reported-By: Gisle Vanem + Reported-by: Richard Gray + Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html -- http2: don't decompress gzip decoding automatically +- [Michael Kaufmann brought this change] + + cleanup: minor code cleanup in Curl_http_readwrite_headers() - At one point during the development of HTTP/2, the commit 133cdd29ea0 - introduced automatic decompression of Content-Encoding as that was what - the spec said then. Now however, HTTP/2 should work the same way as - HTTP/1 in this regard. + - the expression of an 'if' was always true + - a 'while' contained a condition that was always true + - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)' + - fixed a typo - Reported-by: Kazuho Oku + Closes #889 + +- SFTP: set a generic error when no SFTP one exists... - Closes #661 + ... as otherwise we could get a 0 which would count as no error and we'd + wrongly continue and could end up segfaulting. + + Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html + Reported-by: 暖和的和暖 -Jay Satiro (16 Feb 2016) -- [Tatsuhiro Tsujikawa brought this change] +- ROADMAP: http2 tests are merged, mention http2 perf - http: Don't break the header into chunks if HTTP/2 +- docs/README.md: to render nicer pages on github - nghttp2 callback deals with TLS layer and therefore the header does not - need to be broken into chunks. + ... as previously the README.cmake would be picked and put at the bottom + of the docs page there and it wasn't very representative! + +- README.md: change host name for the svg logo - Bug: https://github.com/curl/curl/issues/659 - Reported-by: Kazuho Oku + rawgit.com asks to use the domain cdn.rawgit.com for production + + See #900 -Daniel Stenberg (16 Feb 2016) - [Viktor Szakats brought this change] - openssl: use macro to guard the opaque EVP_PKEY branch + README.md: use the SVG logo -- [Viktor Szakats brought this change] +- README.md: logo on top! - openssl: avoid direct PKEY access with OpenSSL 1.1.0 - - by using API instead of accessing an internal structure. - This is required starting OpenSSL 1.1.0-pre3. +- KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some - Closes #650 + Closes #740 -- RELEASE-NOTES: synced with ede0bfc079da +- RELEASE-NOTES: synced with d61c80515aa8 -- [Clint Clayton brought this change] +- [Michael Osipov brought this change] - CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option + acinclude.m4: improve autodetection of CA bundle on FreeBSD - Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use - CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT. + The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle + to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the + discovery process. - Closes #653 + This change also removes the former FreeBSD path that has been obsolete + for 8 years since this FreeBSD ports commit: + https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953 + + Closes #894 -- opt-docs: add more references +- configure: don't specify .lib for libs on windows + + Another follow up for crypt32.lib linking with winssl -- [David Byron brought this change] +- configure: fix winssl LIBS change typo + + follow-up from 120bf29e - SCP: use libssh2_scp_recv2 to support > 2GB files on windows +- TODO: "TCP Fast Open" is done, add monitor pool connections + +- configure: add crypt32.lib for winssl builds - libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any - day now. + Necessary since 6cabd78531f + +- Makefile.vc: link with crypt32.lib for winssl builds - Closes #451 + Necessary since 6cabd78531f + + Fixes #853 -Jay Satiro (13 Feb 2016) -- [Shine Fan brought this change] +- [Joel Depooter brought this change] - gtls: fix for builds lacking encrypted key file support + VC: Add crypt32.lib to Visual Sudio project template files - Bug: https://github.com/curl/curl/pull/651 + Closes #854 -Dan Fandrich (13 Feb 2016) -- test1604: Add to Makefile.inc so it gets run +- vc: fix the build for schannel certinfo support + + Broken since 6cabd785, which adds use of the Curl_extract_certinfo + function from the x509asn1.c file. -Jay Satiro (12 Feb 2016) -- generate.bat: Fix comment bug by removing old comments +- typedefs: use the full structs in internal code... - Remove NOTES section, it's no longer needed since we aren't setting the - errorlevel and more importantly the recently updated URL in the comments - is causing some unusual behavior that breaks the script. + ... and save the typedef'ed names for headers and external APIs. + +- internals: rename the SessionHandle struct to Curl_easy + +- headers: forward declare CURL, CURLM and CURLSH as structs - Closes https://github.com/curl/curl/issues/649 + Instead of typedef'ing to void, typedef to their corresponding actual + struct names to allow compilers to type-check. + + Assisted-by: Reinhard Max -Kamil Dudka (12 Feb 2016) -- curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts +Jay Satiro (22 Jun 2016) +- vtls: Only call add/getsession if session id is enabled - The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man - pages since curl-7_12_3~131. This patch makes it clear in the curl.1 - man page, too. + Prior to this change we called Curl_ssl_getsessionid and + Curl_ssl_addsessionid regardless of whether session ID reusing was + enabled. According to comments that is in case session ID reuse was + disabled but then later enabled. - Bug: https://bugzilla.redhat.com/1305970 + The old way was not intuitive and probably not something users expected. + When a user disables session ID caching I'd guess they don't expect the + session ID to be cached anyway in case the caching is later enabled. -Daniel Stenberg (12 Feb 2016) -- dist: ship buildconf.bat too +Daniel Stenberg (22 Jun 2016) +- curl.1: the used progress meter suffix is k in lower case - As the winbuild/* stuff uses it! + Closes #883 -- curlx_tvdiff: handle 32bit time_t overflows +- [Sergei Nikulov brought this change] + + cmake: now using BUILD_TESTING=ON/OFF - On 32bit systems, make sure we don't overflow and return funky values - for very large time differences. + CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build + tests and enabling CTest integration. Options BUILD_CURL_TESTS and + BUILD_DASHBOARD_REPORTS was removed. - Reported-by: Anders Bakken + Closes #882 - Closes #646 + Reviewed-by: Brad King -- examples: fix some compiler warnings +- [Michael Kaufmann brought this change] -- simplessl.c: fix my breakage + cleanup: fix method names in code comments + + Closes #887 -- examples: adhere to curl code style +Kamil Dudka (21 Jun 2016) +- curl-compilers.m4: improve detection of GCC's -fvisibility= flag - All plain C examples now (mostly) adhere to the curl code style. While - they are only examples, they had diverted so much and contained all - sorts of different mixed code styles by now. Having them use a unified - style helps users and readability. Also, as they get copy-and-pasted - widely by users, making sure they're clean and nice is a good idea. + Some builds of GCC produce output on both stdout and stderr when --help + --verbose is used. The 2>&1 redirection caused them to be arbitrarily + interleaved with each other because of stream buffering. Consequently, + grep failed to match the fvisibility= string in the mixed output, even + though the string was present in GCC's standard output. - 573 checksrc warnings were addressed. + This led to silently disabling symbol hiding in some builds of curl. -- examples/cookie_interface.c: add cleanup call +Daniel Stenberg (19 Jun 2016) +- tests: fix the HTTP/2 tests - cleaning up handles is a good idea as we leak memory otherwise + The HTTP/2 tests brought with commit bf05606ef1f were using the internal + name 'http2' for the HTTP/2 server, while in fact that name was already + used for the second instance of the HTTP server. This made tests using + the second instance (like test 2050) fail after a HTTP/2 test had run. - Also, line wrapped before 80 columns. + The server is now known as HTTP/2 internally and within the + section in test cases. 1700, 1701 and 1702 were updated accordingly. -Kamil Dudka (10 Feb 2016) -- nss: search slash in forward direction in dup_nickname() - - It is wasteful to search it backwards if we look for _any_ slash. +- openssl: use more 'const' to fix build warnings with 1.1.0 branch -- nss: do not count enabled cipher-suites +- curl.1: missed 'T' in the progress unit suffixes + +- curl.1: mention the unix for the progress meter + +Patrick Monnerat (16 Jun 2016) +- os400: add new definitions to ILE/RPG binding. + +Daniel Stenberg (16 Jun 2016) +- openssl: fix cert check with non-DNS name fields present - We only care if at least one cipher-suite is enabled, so it does - not make any sense to iterate till the end and count all enabled - cipher-suites. + Regression introduced in 5f5b62635 (released in 7.48.0) + + Reported-by: Fabian Ruff + Fixes #875 -Daniel Stenberg (10 Feb 2016) -- contributors.sh: make 79 the max column width (from 80) +Dan Fandrich (16 Jun 2016) +- axtls: Use Curl_wait_ms instead of the less-portable usleep -- RELEASE-NOTES: synced with c276aefee3995 +- axtls: Fixed compile after compile 31c521b0 -- mbedtls.c: re-indent to better match curl standards +- tests: Added HTTP proxy keywords to tests 1141 & 1142 -- [Rafael Antonio brought this change] +Jay Satiro (15 Jun 2016) +- [Sergei Nikulov brought this change] - mbedtls: fix memory leak when destroying SSL connection data + cmake: Fix build with winldap - Closes #626 + Bug: https://github.com/curl/curl/pull/874 + Reported-by: Sergei Nikulov -- mbedtls: fix ALPN usage segfault +- CURLOPT_POSTFIELDS.3: Clarify what happens when set empty - Since we didn't keep the input argument around after having called - mbedtls, it could end up accessing the wrong memory when figuring out - the ALPN protocols. + When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a + zero-byte POST. Prior to this change it was documented as sending data + from the read callback. - Closes #642 + This also changes the wording of what happens when empty or NULL so that + it's hopefully easier to understand for people whose primary language + isn't English. + + Bug: https://github.com/curl/curl/issues/862 + Reported-by: Askar Safin -Jay Satiro (9 Feb 2016) -- [Timotej Lazar brought this change] +- [Michael Wallner brought this change] - opts: update references to renamed options + curl_multi_socket_action.3: Fix rewording + + - Remove some erroneous text. + + Closes https://github.com/curl/curl/pull/865 -- KNOWN_BUGS: Update #92 - Windows device prefix +- [Luo Jinghua brought this change] -- tool_doswin: Support for literal path prefix \\?\ + resolve: enable protocol family logic for synthesized IPv6 - For example something like --output \\?\C:\foo + - Enable protocol family logic for IPv6 resolves even when support + for synthesized addresses is enabled. + + This is a follow up to the parent commit that added support for + synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family + logic needed for IPv6 was inadvertently excluded if support for + synthesized addresses was enabled. + + Bug: https://github.com/curl/curl/issues/863 + Ref: https://github.com/curl/curl/pull/866 + Ref: https://github.com/curl/curl/pull/867 -Daniel Stenberg (9 Feb 2016) -- configure: state "BoringSSL" in summary when that was detected +Daniel Stenberg (7 Jun 2016) +- [Luo Jinghua brought this change] -- [David Benjamin brought this change] + resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS + + Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X. + If the current network interface doesn’t support IPv4, but supports + IPv6, NAT64, and DNS64. + + Closes #866 + Fixes #863 - openssl: remove most BoringSSL #ifdefs. +- tests: two more HTTP/2 tests - As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of - BoringSSL #ifdefs in cURL should be unnecessary: + 1701 and 1702 + +- runtests: don't display logs when http2 server fails to start + +- runtests: make stripfile work on stdout as well - - BoringSSL provides no-op stubs for compatibility which replaces most - #ifdefs. + ... and have test 1700 use that to strip out the nghttpx server: headers + +- http2-tests: test1700 is the first real HTTP/2 test - - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove - the compatibility codepath. - - - With a small tweak to an extend_key_56_to_64 call, the NTLM code - builds fine. - - - Switch OCSP-related #ifdefs to the more generally useful - OPENSSL_NO_OCSP. + It requires that 'nghttpx' is in the PATH, and it will run the tests + using nghttpx as a front-end proxy in front of the standard HTTP/1 test + server. This uses HTTP/2 over plain TCP. - The only #ifdefs which remain are Curl_ossl_version and the #undefs to - work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves - that to the consumer. The in-header workaround makes things sensitive to - include order.) - - This change errs on the side of removing conditionals despite many of - the restored codepaths being no-ops. (BoringSSL generally adds no-op - compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are - bad enough!) + If you like me have nghttpx installed in a custom path, you can run test 1700 + like this: - Closes #640 + $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700 -Jay Satiro (8 Feb 2016) -- KNOWN_BUGS: Windows device prefix is required for devices +- RELEASE-NOTES: synced with 34855feeb4c299 -- tool_urlglob: Allow reserved dos device names (Windows) +Steve Holme (6 Jun 2016) +- schannel: Disable ALPN on Windows < 8.1 - Allow --output to reserved dos device names without the device prefix - for backwards compatibility. + Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL + fails on Windows < 8.1 so we need to disable ALPN on these OS versions. - Example: --output NUL can be used instead of --output \\.\NUL + Inspiration provide by: Daniel Seither - Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 - Reported-by: Gisle Vanem + Closes #848 + Fixes #840 -Daniel Stenberg (8 Feb 2016) -- cookies: allow spaces in cookie names, cut of trailing spaces +Jay Satiro (5 Jun 2016) +- checksrc: Add LoadLibrary to the banned functions list - It turns out Firefox and Chrome both allow spaces in cookie names and - there are sites out there using that. + LoadLibrary was supplanted by Curl_load_library for security + reasons in 6df916d. + +- http: Fix HTTP/2 connection reuse - Turned out the code meant to strip off trailing space from cookie names - didn't work. Fixed now. + - Change the parser to not require a minor version for HTTP/2. - Test case 8 modified to verify both these changes. + HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2 + in 8243a95 because the parser still expected a minor version. - Closes #639 - -Patrick Monnerat (8 Feb 2016) -- Merge branch 'master' of github.com:curl/curl + Bug: https://github.com/curl/curl/issues/855 + Reported-by: Andrew Robbins, Frank Gevaerts -- os400: sync ILE/RPG definitions with latest public header files. +Steve Holme (4 Jun 2016) +- connect.c: Fixed compilation warning from commit 332e8d6164 + + connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else' -Daniel Stenberg (8 Feb 2016) -- [Ludwig Nussel brought this change] +- win32: Used centralised verify windows version function + + Closes #845 - SSLCERTS: update wrt SSL CA certificate store +- win32: Added verify windows version functionality -- [Ludwig Nussel brought this change] +- win32: Introduced centralised verify windows version function - configure: --with-ca-fallback: use built-in TLS CA fallback +Kamil Dudka (3 Jun 2016) +- tool_urlglob: fix off-by-one error in glob_parse() - When trying to verify a peer without having any root CA certificates - set, this makes libcurl use the TLS library's built in default as - fallback. + ... causing SIGSEGV while parsing URL with too many globs. + Minimal example: - Closes #569 + $ curl $(for i in $(seq 101); do printf '{a}'; done) + + Reported-by: Romain Coltel + Bug: https://bugzilla.redhat.com/1340757 -- Proxy-Connection: stop sending this header by default +Daniel Stenberg (1 Jun 2016) +- [Benjamin Kircher brought this change] + + libcurl-multi.3: fix small typo - RFC 7230 says we should stop. Firefox already stopped. + Closes #850 + +- [Viktor Szakats brought this change] + + makefile.m32: add crypt32 for winssl builds - Bug: https://github.com/curl/curl/issues/633 - Reported-By: Brad Fitzpatrick + Dependency added by 6cabd78 - Closes #633 + Closes #849 -- bump: work toward the next release +- [Ivan Avdeev brought this change] -- THANKS: 2 contributors from the 7.47.1 release + vtls: fix ssl session cache race condition + + Sessionid cache management is inseparable from managing individual + session lifetimes. E.g. for reference-counted sessions (like those in + SChannel and OpenSSL engines) every session addition and removal + should be accompanied with refcount increment and decrement + respectively. Failing to do so synchronously leads to a race condition + that causes symptoms like use-after-free and memory corruption. + This commit: + - makes existing session cache locking explicit, thus allowing + individual engines to manage lock's scope. + - fixes OpenSSL and SChannel engines by putting refcount management + inside this lock's scope in relevant places. + - adds these explicit locking calls to other engines that use + sessionid cache to accommodate for this change. Note, however, + that it is unknown whether any of these engines could also have + this race. + + Bug: https://github.com/curl/curl/issues/815 + Fixes #815 + Closes #847 -- RELEASE-PROCEDURE: remove the github upload part +- [Andrew Kurushin brought this change] + + schannel: add CURLOPT_CERTINFO support - ... as we're HTTPS on the main site now, there's no point in that - extra step + Closes #822 -Version 7.47.1 (8 Feb 2016) +- RELEASE-NOTES: synced with 142ee9fa15002315 -Daniel Stenberg (8 Feb 2016) -- RELEASE-NOTES: curl 7.47.1 time! +- openssl: rename the private SSL_strerror + + ... to make it not look like an OpenSSL function -Jay Satiro (8 Feb 2016) -- tool_operhlp: Check for backslashes in get_url_file_name +- [Michael Kaufmann brought this change] + + openssl: Use correct buffer sizes for error messages - Extract the filename from the last slash or backslash. Prior to this - change backslashes could be part of the filename. + Closes #844 + +- curl: fix -q [regression] - This change needed for the curl tool built for Cygwin. Refer to the - CYGWIN addendum in advisory 20160127B. + This broke in 7.49.0 with commit e200034425a7625 - Bug: https://curl.haxx.se/docs/adv_20160127B.html - -Daniel Stenberg (7 Feb 2016) -- RELEASE-NOTES: synced with d6a8869ea34 + Fixes #842 -Jay Satiro (6 Feb 2016) -- openssl: Fix signed/unsigned mismatch warning in X509V3_ext +- URL parser: allow URLs to use one, two or three slashes - sk_X509_EXTENSION_num may return an unsigned integer, however the value - will fit in an int. + Mostly in order to support broken web sites that redirect to broken URLs + that are accepted by browsers. - Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896 - Reported-by: Gisle Vanem + Browsers are typically even more leniant than this as the WHATWG URL + spec they should allow an _infinite_ amount. I tested 8000 slashes with + Firefox and it just worked. + + Added test case 1141, 1142 and 1143 to verify the new parser. + + Closes #791 -Daniel Stenberg (7 Feb 2016) -- TODO: 17.11 -w output to stderr +- [Renaud Lehoux brought this change] -Jay Satiro (6 Feb 2016) -- [Michael Kaufmann brought this change] + cmake: Added missing mbedTLS support + + Closes #837 - idn_win32: Better error checking +- [Renaud Lehoux brought this change] + + mbedtls: removed unused variables - .. also fix a conversion bug in the unused function - curl_win32_ascii_to_idn(). + Closes #838 + +- [Frank Gevaerts brought this change] + + http: add CURLINFO_HTTP_VERSION and %{http_version} - And remove wprintfs on error (Jay). + Adds access to the effectively used http version to both libcurl and + curl. - Bug: https://github.com/curl/curl/pull/637 + Closes #799 -- [Gisle Vanem brought this change] +- bump: start the journey toward 7.50.0 - examples/asiohiper: Avoid function name collision on Windows +- [Marcel Raad brought this change] + + openssl: fix build with OPENSSL_NO_COMP - closesocket => close_socket - Winsock already has the former. + With OPENSSL_NO_COMP defined, there is no function + SSL_COMP_free_compression_methods - Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html + Closes #836 - [Gisle Vanem brought this change] - examples/htmltitle: Use _stricmp on Windows + memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC - Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html + Fixes #828 -Daniel Stenberg (6 Feb 2016) -- COPYING: clarify that Daniel is not the sole author +- [Jonathan brought this change] + + README.md: polish - ... done on request and as it is a fair point. + Closes #834 -Jay Satiro (5 Feb 2016) -- unit1604: Fix unit setup return code +- RELEASE-NOTES: fix vuln link -- tool_doswin: Use type SANITIZEcode in sanitize_file_name +Version 7.49.1 (30 May 2016) -- tool_doswin: Improve sanitization processing +Daniel Stenberg (30 May 2016) +- RELEASE-NOTES: 7.49.1 + +- [Steve Holme brought this change] + + loadlibrary: Only load system DLLs from the system directory - - Add unit test 1604 to test the sanitize_file_name function. + Inspiration provided by: Daniel Stenberg and Ray Satiro - - Use -DCURL_STATICLIB when building libcurltool for unit testing. + Bug: https://curl.haxx.se/docs/adv_20160530.html - - Better detection of reserved DOS device names. + Ref: Windows DLL hijacking with curl, CVE-2016-4802 + +- ssh: fix version number check typo + +Jay Satiro (29 May 2016) +- curl_share_setopt.3: Add min ver needed for ssl session lock - - New flags to modify sanitize behavior: + Bug: https://github.com/curl/curl/issues/826 + Reported-by: Michael Wallner + +Daniel Stenberg (29 May 2016) +- ssh: fix build for libssh2 before 1.2.6 - SANITIZE_ALLOW_COLONS: Allow colons - SANITIZE_ALLOW_PATH: Allow path separators and colons - SANITIZE_ALLOW_RESERVED: Allow reserved device names - SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename + The statvfs functionality was added to libssh2 in that version, so we + switch off that functionality when built with older libraries. - - Restore sanitization of banned characters from user-specified outfile. + Fixes #831 + +- mbedtls: fix includes so snprintf() works - Prior to this commit sanitization of a user-specified outfile was - temporarily disabled in 2b6dadc because there was no way to allow path - separators and colons through while replacing other banned characters. - Now in such a case we call the sanitize function with - SANITIZE_ALLOW_PATH which allows path separators and colons to pass - through. + Regression from the previous *printf() rearrangements, this file missed to + include the correct header to make sure snprintf() works universally. + Reported-by: Moti Avrahami + Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html + +Steve Holme (23 May 2016) +- checksrc.pl: Added variants of strcat() & strncat() to banned function list - Closes https://github.com/curl/curl/issues/624 - Reported-by: Octavio Schroeder + Added support for checking the tchar, unicode and mbcs variants of + strcat() and strncat() in the banned function list. -- [Viktor Szakats brought this change] +Daniel Stenberg (23 May 2016) +- smtp: minor ident (white space) fixes - URLs: change more http to https +- THANKS: updated after script fixes + + Now giving credit properly to github user names, fixed some UTF-8 issues + and added names discovered when contrithanks was improved. -- sasl_sspi: Fix memory leak in domain populate +- THANKS-filter: more name cleanups + +- contrithanks.sh: exclude existing names case insensitively + +- contrithanks.sh: use same grep pattern and -a flag as contributors.sh + +- contributors.sh: better grep pattern, use grep -a + +- THANKS-filter: fix more names + +- contrithanks.sh: do the same github fix as contributors.sh - Free an existing domain before replacing it. + from 1577bfa35ba + +Jay Satiro (23 May 2016) +- contributors: Show GitHub username if real name unknown - Bug: https://github.com/curl/curl/issues/635 - Reported-by: silveja1@users.noreply.github.com + Prior to this change if a GitHub contributor's real name was unknown + they would be omitted from the list. + + Bug: https://github.com/curl/curl/issues/824 -Daniel Stenberg (4 Feb 2016) -- [Viktor Szakats brought this change] +Daniel Stenberg (21 May 2016) +- RELEASE-NOTES: synced with 3caaeffbe8ded4 - URLs: follow GitHub project rename (also Travis CI) +Jay Satiro (20 May 2016) +- openssl: cleanup must free compression methods - Closes #632 - -- CHANGES.o: fix references to curl.haxx.nu + - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. - I removed the scheme prefix from the URLs references this host name, as - we don't own/run that anymore but the name is kept for historic reasons. + Bug: https://github.com/curl/curl/issues/817 + Reported-by: jveazey@users.noreply.github.com -- HISTORY: add some info about when we used which host names +Daniel Stenberg (20 May 2016) +- [Gisle Vanem brought this change] -Jay Satiro (2 Feb 2016) -- [Viktor Szakats brought this change] + curl_multibyte: fix compiler error + + While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was + getting: + + f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' + to follow 'CURL_EXTERN' + + f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: + 'curl_domalloc': not in formal parameter list - URLs: change more http to https +- THANKS-filter: make Jan-E get proper credit -Dan Fandrich (3 Feb 2016) -- URLs: Change more haxx.se URLs from http: to https: +- [Jan-E brought this change] -Daniel Stenberg (3 Feb 2016) -- RELEASE-NOTES: synced with 4af40b364 + winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity + + Closes #818 -- URLs: change all http:// URLs to https:// +- [Alexander Traud brought this change] -- configure: update the copyright year range in output + libcurl.m4: Avoid obsolete warning + + Closes #821 -- dotdot: allow an empty input string too +Jay Satiro (20 May 2016) +- [Michael Kaufmann brought this change] + + CURLOPT_CONNECT_TO.3: user must not free the list prematurely - It isn't used by the code in current conditions but for safety it seems - sensible to at least not crash on such input. + The connect-to list isn't copied so as long as the handle may be used + for a transfer the list must be valid. - Extended unit test 1395 to verify this too as well as a plain "/" input. + Bug: https://github.com/curl/curl/pull/819 + Reported-by: Michael Kaufmann -- HTTPS: update a bunch of URLs from HTTP to HTTPS +Daniel Stenberg (19 May 2016) +- RELEASE-NOTES: synced with 48114a8634242c -- [Sergei Nikulov brought this change] +- openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 + + See OpenSSL commit 21e001747d4a - AppVeyor: updated to handle OpenSSL/WinSSL builds +- http2: use HTTP/2 in the HTTP/1.1-alike header - Closes #621 + ... when generating them, not "2.0" as the protocol is called just + HTTP/2 and nothing else. -Jay Satiro (1 Feb 2016) -- tool_operate: Don't sanitize --output path (Windows) +Jay Satiro (19 May 2016) +- dist: include curl_multi_socket_all.3 - Due to path separators being incorrectly sanitized in --output - pathnames, eg -o c:\foo => c__foo + Closes https://github.com/curl/curl/pull/816 + +Steve Holme (18 May 2016) +- bump: Start work on 7.49.1 + +Daniel Stenberg (18 May 2016) +- curlbuild.h.dist: check __LP64__ as well to fix MIPS build - This is a partial revert of 3017d8a until I write a proper fix. The - remote-name will continue to be sanitized, but if the user specified an - --output with string replacement (#1, #2, etc) that data is unsanitized - until I finish a fix. + The preprocessor check that sets up the 32bit defines for non-configure + builds didn't work properly for MIPS systems as __mips__ is defined for + both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. - Bug: https://github.com/bagder/curl/issues/624 - Reported-by: Octavio Schroeder + Reported-by: Tomas Jakobsson + Fixes #813 -- curl.1: Explain remote-name behavior if file already exists +- [Marcel Raad brought this change] + + schannel: fix compile break with MSVC XP toolset - .. also warn about letting the server pick the filename. + For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK + 7.1 is used. In this case, _USING_V110_SDK71_ is defined. + + Closes #812 -- [Gisle Vanem brought this change] +- dist: include CHECKSRC.md + + Reported-by: Paul Howarth + Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html - urldata: Error on missing SSL backend-specific connect info +- test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist + + Reported-by: Ray Satiro + Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html -Daniel Stenberg (28 Jan 2016) -- bump: towards the next (7.47.1 ?) +Version 7.49.0 (17 May 2016) -- [Sergei Nikulov brought this change] +Daniel Stenberg (17 May 2016) +- THANKS: 24 new names from 7.49.0 release notes - cmake: fixed when OpenSSL enabled on Windows and schannel detected +- RELEASE-NOTES: 7.49.0 + +- mbedtls/polarssl: set "hostname" unconditionally - Closes #617 + ...as otherwise the TLS libs will skip the CN/SAN check and just allow + connection to any server. curl previously skipped this function when SNI + wasn't used or when connecting to an IP address specified host. + + CVE-2016-3739 + + Bug: https://curl.haxx.se/docs/adv_20160518A.html + Reported-by: Moti Avrahami -Jay Satiro (28 Jan 2016) -- [Sergei Nikulov brought this change] +- [Frank Gevaerts brought this change] - urldata: moved common variable out of ifdef + CURLOPT_RESOLVE.3: fix typo - Closes https://github.com/bagder/curl/pull/618 + Closes #811 -- [Viktor Szakats brought this change] +- docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE - tool_doswin: silence unused function warning +- KNOWN_BUGS: GnuTLS backend skips really long certificate fields - tool_doswin.c:185:14: warning: 'msdosify' defined but not used - [-Wunused-function] + Closes #762 + +- CURLOPT_HTTPPOST.3: the data needs to be around while in use + +- openssl: get_cert_chain: fix NULL dereference - Closes https://github.com/bagder/curl/pull/616 + CID 1361815: Explicit null dereferenced (FORWARD_NULL) -Daniel Stenberg (27 Jan 2016) -- getredirect.c: fix variable name +- openssl: get_cert_chain: avoid NULL dereference - Reported-by: Bernard Spil + CID 1361811: Explicit null dereferenced (FORWARD_NULL) -Version 7.47.0 (27 Jan 2016) +- dprintf_formatf: fix (false?) Coverity warning + + CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when + we run over 'workend' but the condition says <= workend and for all I + can see it should be safe. Compensating for the warning by adding a byte + margin in the buffer. + + Also, removed the extra brace level indentation in the code and made it + so that 'workend' is only assigned once within the function. -Daniel Stenberg (27 Jan 2016) -- examples/Makefile.inc: specify programs without .c! +- RELEASE-NOTES: synced with 2dcb5adc72d6 -- THANKS: 6 new contributors from 7.47.0 release notes +- THANKS-filter: fixed Jonathan Cardoso -- [Isaac Boukris brought this change] +Jay Satiro (15 May 2016) +- ftp: fix incorrect out-of-memory code in Curl_pretransfer + + - Return value type must match function type. + + s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/ + + Caught by Travis CI - NTLM: Fix ConnectionExists to compare Proxy credentials +Daniel Stenberg (15 May 2016) +- ftp wildcard: segfault due to init only in multi_perform - Proxy NTLM authentication should compare credentials when - re-using a connection similar to host authentication, as it - authenticate the connection. + The proper FTP wildcard init is now more properly done in Curl_pretransfer() + and the corresponding cleanup in Curl_close(). - Example: - curl -v -x http://proxy:port http://host/ -U good_user:good_pwd - --proxy-ntlm --next -x http://proxy:port http://host/ - [-U fake_user:fake_pwd --proxy-ntlm] - - CVE-2016-0755 + The previous place of init/cleanup code made the internal pointer to be NULL + when this feature was used with the multi_socket() API, as it was made within + the curl_multi_perform() function. - Bug: http://curl.haxx.se/docs/adv_20160127A.html - -- [Ray Satiro brought this change] + Reported-by: Jonathan Cardoso Machado + Fixes #800 - curl: avoid local drive traversal when saving file (Windows) - - curl does not sanitize colons in a remote file name that is used as the - local file name. This may lead to a vulnerability on systems where the - colon is a special path character. Currently Windows/DOS is the only OS - where this vulnerability applies. - - CVE-2016-0754 +Jay Satiro (13 May 2016) +- libcurl-tlibcurl-thread: Update OpenSSL links - Bug: http://curl.haxx.se/docs/adv_20160127B.html + Because the old OpenSSL link now redirects to their master documentation + (currently 1.1.0), which does not document the required actions for + OpenSSL <= 1.0.2. -- RELEASE-NOTES: 7.47.0 +Daniel Stenberg (13 May 2016) +- [Viktor Szakats brought this change] -- FAQ: language fix in 4.19 + darwinssl.c: fix OS X codename typo in comment -- [paulehoffman brought this change] +- RELEASE-NOTES: synced with 68701e51c1f7 + + Added 8 bug fixes and 5 more contrbutors - FAQ: Update to point to GitHub +- [Jay Satiro brought this change] + + mprintf: Fix processing of width and prec args - Current FAQ didn't make it clear where the main repo is. + Prior to this change a width arg could be erroneously output, and also + width and precision args could not be used together without crashing. - Closes #612 - -- maketgz: generate date stamp with LC_TIME=C + "%0*d%s", 2, 9, "foo" - bug: http://curl.haxx.se/mail/lib-2016-01/0123.html + Before: "092" + After: "09foo" + + "%*.*s", 5, 2, "foo" + + Before: crash + After: " fo" + + Test 557 is updated to verify this and more -- curl_multi_socket_action.3: line wrap +- [Michael Kaufmann brought this change] -- RELEASE-NOTES: synced with d58ba66eeceb + ConnectionExists: follow-up fix for proxy re-use + + Follow-up commit to 5823179 + + Closes #648 -Steve Holme (21 Jan 2016) -- TODO: "Create remote directories" for SMB +- [Per Malmberg brought this change] -Jay Satiro (18 Jan 2016) -- mbedtls: Fix pinned key return value on fail + darwinssl: fix certificate verification disable on OS X 10.8 - - Switch from verifying a pinned public key in a callback during the - certificate verification to inline after the certificate verification. + The new way of disabling certificate verification doesn't work on + Mountain Lion (OS X 10.8) so we need to use the old way in that version + too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 + and 10.11. - The callback method had three problems: + Closes #802 + +- [Cory Benfield brought this change] + + http2: Add space between colon and header value - 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH - was not returned. + curl's representation of HTTP/2 responses involves transforming the + response to a format that is similar to HTTP/1.1. Prior to this change, + curl would do this by separating header names and values with only a + colon, without introducing a space after the colon. - 2. If peer certificate verification was disabled the pinned key - verification did not take place as it should. + While this is technically a valid way to represent a HTTP/1.1 header + block, it is much more common to see a space following the colon. This + change introduces that space, to ensure that incautious tools are safely + able to parse the header block. - 3. (related to #2) If there was no certificate of depth 0 the callback - would not have checked the pinned public key. + This also ensures that the difference between the HTTP/1.1 and HTTP/2 + response layout is as minimal as possible. - Though all those problems could have been fixed it would have made the - code more complex. Instead we now verify inline after the certificate - verification in mbedtls_connect_step2. + Bug: https://github.com/curl/curl/issues/797 - Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html - Ref: https://github.com/bagder/curl/pull/601 + Closes #798 + Fixes #797 -- tests: Add a test for pinnedpubkey fail even when insecure +Kamil Dudka (12 May 2016) +- openssl: fix compile-time warning in Curl_ossl_check_cxn() - Because disabling the peer verification (--insecure) must not disable - the public key pinning check (--pinnedpubkey). - -- [Daniel Schauenberg brought this change] - - CURLINFO_RESPONSE_CODE.3: add example + ... introduced in curl-7_48_0-293-g2968c83: + + Error: COMPILER_WARNING: + lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’ + lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’ + may alter its value [-Wconversion] -Kamil Dudka (15 Jan 2016) -- ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL +Jay Satiro (11 May 2016) +- openssl: stricter connection check function - The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle - empty strings specially since curl-7_25_0-31-g05a443a but the behavior - was unintentionally removed in curl-7_38_0-47-gfa7d04f. + - In the case of recv error, limit returning 'connection still in place' + to EINPROGRESS, EAGAIN and EWOULDBLOCK. - This commit restores the original behavior and clarifies it in the - documentation that NULL and "" have both the same meaning when passed - to CURLOPT_SSH_PUBLIC_KEYFILE. + This is an improvement on the parent commit which changed the openssl + connection check to use recv MSG_PEEK instead of SSL_peek. - Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html + Ref: https://github.com/curl/curl/commit/856baf5#comments -Daniel Stenberg (14 Jan 2016) -- RELEASE-NOTES: synced with 35083ca60ed035a +Daniel Stenberg (11 May 2016) +- [Anders Bakken brought this change] -- openssl: improved error detection/reporting + TLS: SSL_peek is not a const operation - ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL - 1.1.0+ returned a new func number of another cerfificate fail so this - required a fix and this is the better way to catch this error anyway. - -- openssl: for 1.1.0+ they now provide a SSLeay() macro of their own - -- CURLOPT_RESOLVE.3: minor language polish - -- configure: assume IPv6 works when cross-compiled + Calling SSL_peek can cause bytes to be read from the raw socket which in + turn can upset the select machinery that determines whether there's data + available on the socket. - The configure test uses AC_TRY_RUN to figure out if an ipv6 socket - works, and testing like that doesn't work for cross-compiles. These days - IPv6 support is widespread so a blind guess is probably more likely to - be 'yes' than 'no' now. + Since Curl_ossl_check_cxn only tries to determine whether the socket is + alive and doesn't actually need to see the bytes SSL_peek seems like + the wrong function to call. - Further: anyone who cross-compiles can use configure's --disable-ipv6 to - explicitly disable IPv6 and that also works for cross-compiles. + We're able to occasionally reproduce a connect timeout due to this + bug. What happens is that Curl doesn't know to call SSL_connect again + after the peek happens since data is buffered in the SSL buffer and thus + select won't fire for this socket. - Made happen after discussions in issue #594 + Closes #795 -- TODO: "Try to URL encode given URL" - - Closes #514 +Jay Satiro (9 May 2016) +- [Daniel Stenberg brought this change] -- ConnectionExists: only do pipelining/multiplexing when asked + TLS: move the ALPN/NPN enable bits to the connection - When an HTTP/2 upgrade request fails (no protocol switch), it would - previously detect that as still possible to pipeline on (which is - acorrect) and do that when PIPEWAIT was enabled even if pipelining was - not explictily enabled. + Only protocols that actually have a protocol registered for ALPN and NPN + should try to get that negotiated in the TLS handshake. That is only + HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN + would wrongly be used in all handshakes if libcurl was built with it + enabled. - It should only pipelined if explicitly asked to. + Reported-by: Jay Satiro - Closes #584 + Fixes #789 -- [Mohammad AlSaleh brought this change] +Daniel Stenberg (8 May 2016) +- libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl - lib: Prefix URLs with lower-case protocol names/schemes - - Before this patch, if a URL does not start with the protocol - name/scheme, effective URLs would be prefixed with upper-case protocol - names/schemes. This behavior might not be expected by library users or - end users. +- [Antonio Larrosa brought this change] + + connect: fix invalid "Network is unreachable" errors - For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the - URL is "hostname/path". The effective URL would be - "HTTPS://hostname/path" instead of "https://hostname/path". + Sometimes, in systems with both ipv4 and ipv6 addresses but where the + network doesn't support ipv6, Curl_is_connected returns an error + (intermittently) even if the ipv4 socket connects successfully. - After this patch, effective URLs would be prefixed with a lower-case - protocol name/scheme. + This happens because there's a for-loop that iterates on the sockets but + the error variable is not resetted when the ipv4 is checked and is ok. - Closes #597 + This patch fixes this problem by setting error to 0 when checking the + second socket and not having a result yet. - Signed-off-by: Mohammad AlSaleh - -- [Alessandro Ghedini brought this change] + Fixes #794 - scripts: don't generate and install zsh completion when cross-compiling +Jay Satiro (5 May 2016) +- FAQ: refer to thread safety guidelines -- [Alessandro Ghedini brought this change] +Daniel Stenberg (3 May 2016) +- connections: non-HTTP proxies on different ports aren't reused either + + Reported-by: Oleg Pudeyev and fuchaoqun + + Fixes #648 - scripts: fix zsh completion generation +- http: make sure a blank header overrides accept_decoding - The script should use the just-built curl, not the system one. This fixes - zsh completion generation when no system curl is installed. + Reported-by: rcanavan + Assisted-by: Isaac Boukris + Closes #785 -- [Alessandro Ghedini brought this change] +- CHECKSRC.md: clarified, explained the whitelist file - zsh.pl: fail if no curl is found - - Instead of generation a broken completion file. +- nroff-scan.pl: verify that references are made with \fI -- [Michael Kaufmann brought this change] +- docs: unified man page references to use \fI - IDN host names: Remove the port number before converting to ACE +- TODO: 17.14 --fail without --location should treat 3xx as a failure - Closes #596 + Closes #727 -Jay Satiro (10 Jan 2016) -- runtests: Add mbedTLS to the SSL backends +- RELEASE-NOTES: synced with 7987f5cb14d + +- [Isaac Boukris brought this change] + + CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification - .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL. + Mention possible content-length mismatch with sum of bytes reported + by write callbacks when auto decoding is enabled. + + See #785 -Daniel Stenberg (10 Jan 2016) -- [Thomas Glanzmann brought this change] +- test1140: run nroff-scan to verify man pages - mbedtls: implement CURLOPT_PINNEDPUBLICKEY +- nroff-scan.pl: verify the .BR references as well -Jay Satiro (9 Jan 2016) -- [Tatsuhiro Tsujikawa brought this change] +- CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference - url: Fix compile error with --enable-werror +- CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE -- [Tatsuhiro Tsujikawa brought this change] +- curl_easy_pause.3: fix man page reference - http2: Ensure that http2_handle_stream_close is called +Jay Satiro (1 May 2016) +- tool_cb_hdr: Fix --remote-header-name with schemeless URL - Previously, when HTTP/2 is enabled and used, and stream has content - length known, Curl_read was not called when there was no bytes left to - read. Because of this, we could not make sure that - http2_handle_stream_close was called for every stream. Since we use - http2_handle_stream_close to emit trailer fields, they were - effectively ignored. This commit changes the code so that Curl_read is - called even if no bytes left to read, to ensure that - http2_handle_stream_close is called for every stream. + - Move the existing scheme check from tool_operate. - Discussed in https://github.com/bagder/curl/pull/564 + In the case of --remote-header-name we want to parse Content-disposition + for a filename, but only if the scheme is http or https. A recent + adjustment 0dc4d8e was made to account for schemeless URLs however it's + not 100% accurate. To remedy that I've moved the scheme check to the + header callback, since at that point the library has already determined + the scheme. + + Bug: https://github.com/curl/curl/issues/760 + Reported-by: Kai Noda -Daniel Stenberg (8 Jan 2016) -- http2: handle the received SETTINGS frame +Daniel Stenberg (1 May 2016) +- tls: make setting pinnedkey option fail if not supported - This regression landed in 5778e6f5 and made libcurl not act on received - settings and instead stayed with its internal defaults. + to make it obvious to users trying to use the feature with TLS backends + not supporting it. - Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html - Reported-by: Bankde + Discussed in #781 + Reported-by: Travis Burtrum -- Revert "multiplex: allow only once HTTP/2 is actually used" - - This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36. +- nroff-scan.pl: verifies nroff pages - Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html + ... not used by any test yet but can be used stand-alone. -Jay Satiro (8 Jan 2016) -- [Tatsuhiro Tsujikawa brought this change] +- opts: fix broken/bad references - http2: Fix PUSH_PROMISE headers being treated as trailers +- [Michael Kaufmann brought this change] + + docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3 - Discussed in https://github.com/bagder/curl/pull/564 + Closes #786 -Daniel Stenberg (8 Jan 2016) -- [Michael Kaufmann brought this change] +- CURLOPT_ACCEPT_ENCODING.3: clarified + + As discussed in #785 - connection reuse: IDN host names fixed +- curl.1: --mail-rcpt can be used multiple times - Use the ACE form of IDN hostnames as key in the connection cache. Add - new tests. + Reported-by: mgendre + Closes #784 + +- [Karlson2k brought this change] + + tests: Use 'pathhelp' for paths conversions in secureserver.pl - Closes #592 + Closes #675 -- tests: mark IPv6 FTP and FTPS tests with the FTP keyword +- [Karlson2k brought this change] -Jay Satiro (7 Jan 2016) -- mbedtls: Fix ALPN support + tests: Use 'pathhelp' for paths conversions in sshserver.pl + +- [Karlson2k brought this change] + + tests: Use 'pathhelp' for current path in runtests.pl + +- [Karlson2k brought this change] + + tests: pathhelp.pm to process paths on Msys/Cygwin + +- lib: include curl_printf.h as one of the last headers - - Fix ALPN reply detection. + curl_printf.h defines printf to curl_mprintf, etc. This can cause + problems with external headers which may use + __attribute__((format(printf, ...))) markers etc. - - Wrap nghttp2 code in ifdef USE_NGHTTP2. + To avoid that they cause problems with system includes, we include + curl_printf.h after any system headers. That makes the three last + headers to always be, and we keep them in this order: + curl_printf.h + curl_memory.h + memdebug.h - Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS. + None of them include system headers, they all do funny #defines. + + Reported-by: David Benjamin + + Fixes #743 -- http2: Fix client write for trailers on stream close +- memdebug.h: remove inclusion of other headers - Check that the trailer buffer exists before attempting a client write - for trailers on stream close. + Mostly because they're not needed, because memdebug.h is always included + last of all headers so the others already included the correct ones. - Refer to comments in https://github.com/bagder/curl/pull/564 + But also, starting now we don't want this to accidentally include any + system headers, as the header included _before_ this header may add + defines and other fun stuff that we won't want used in system includes. -Daniel Stenberg (7 Jan 2016) -- COPYING: update general copyright year range +- [Jay Satiro brought this change] -- ConnectionExists: add missing newline in infof() call + curl -J: make it work even without http:// scheme on URL - Mistake from commit a464f33843ee1 - -- multiplex: allow only once HTTP/2 is actually used + It does open up a miniscule risk that one of the other protocols that + libcurl could use would send back a Content-Disposition header and then + curl would act on it even if not HTTP. - To make sure curl doesn't allow multiplexing before a connection is - upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the - connection uses HTTP/2 as well and not only check what's wanted. + A future mitigation for this risk would be to allow the callback to ask + libcurl which protocol is being used. - Closes #584 + Verified with test 1312 - Patch-by: c0ff + Closes #760 -Jay Satiro (4 Jan 2016) -- curl_global_init.3: Add Windows-specific info for init via DLL +- manpage-scan.pl: also verify the command line option docs - - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows - that initializing libcurl via a DLL's DllMain or static initializer - could cause a deadlock. - - Bug: https://github.com/bagder/curl/issues/586 - Reported-by: marc-groundctl@users.noreply.github.com + This script now also scans src/tool_getparam.c, docs/curl.1 and + src/tool_help.c and will warn if any of them lists a command line option + not mentioned in one of the other places. -Daniel Stenberg (4 Jan 2016) -- FAQ: clarify who to mail about ECCN clarifications +- curl: show the long option version of -q in the -h list -- progressfunc.c: spellfix description +- curl: remove "--socks" as "--socks5" turned 8 + + In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated + and it has not been documented since. The more explicit socks options + (like --socks4 or --socks5) should be used. -- docs/examples/multi-app.c: fix bad desc formatting +- curl.1: document the deprecated --ftp-ssl option -- examples: added descriptions +- curl: remove --http-request + + It was mentioned as deprecated already in commit ae1912cb0d4 from + 1999. It has not been documented in this millennium. -- example/simple.c: add description +- curl: mention --ntlm-wb in -h list -- getredirect.c: a new example +- curl: -h output lacked --proxy-header -Marc Hoersken (27 Dec 2015) -- RELEASE-NOTES: add 5e0e81a9c4e35f04ca +- curl.1: document --ntlm-wb -Daniel Stenberg (26 Dec 2015) -- RELEASE-NOTES: synced with 2aec4359db1088b10d +- curl.1: document the long format of -q: --disable -Marc Hoersken (26 Dec 2015) -- test 1515: add data check +- curl.1: mention the deprecated --krb4 option -- test 1515: add MSYS support by passing a relative path +- curl.1: document --ftp-ssl-reqd - MSYS would otherwise turn a /-style path into a C:\-style path. + Even if deprecated, document it so that people will find it as old + scripts may still use it. -- test 539: use datacheck mode text for ASCII-mode LISTings +- curl: use --telnet-option as documented - While still using datacheck mode binary for the inline reply data. + The code said "telnet-options" but no documentation ever said so. It + worked fine since the code is fine with a unique match of the first + part. -- runtests.pl: check up to 5 data parts with different text modes +- getparam: remove support for --ftpport - Move the text-mode conversion for reply/replycheck from the verify - section into the load section and add support for 4 more check parts. + It has been deprecated and undocumented since commit ad5ead8bed7 (Dec + 2003). --ftp-port is the proper long option name. -Daniel Stenberg (24 Dec 2015) -- CURLOPT_RANGE: for HTTP servers, range support is optional +- curl: make --disable work as long form of -q + + To make the aliases list reflect reality. -Marc Hoersken (24 Dec 2015) -- tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings - -- tests 706 and 707: use datacheck mode text for ASCII-mode LISTings - -- tests 400,403,406: use datacheck mode text for ASCII-mode LISTings +- aliases: remove trailing space from capath string -- sockfilt.c: fix calculation of sleep timeout on Windows +- cmdline parse: only single letter options have single-letter strings - Not converting to double caused small timeouts to be skipped. + ... moved around options so that parsing the code to find all + single-letter options easier. -- tests first.c: fix calculation of sleep timeout on Windows +Jay Satiro (28 Apr 2016) +- CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability - Not converting to double caused small timeouts to be skipped. + Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html + Reported-by: Bru Rom -- test 573: add more debug output +Daniel Stenberg (28 Apr 2016) +- curl_easy_getinfo.3: remove superfluous blank lines -- ftplistparser.c: fix handling of file LISTings using Windows EOL +- test1139: verifies libcurl option man page presence - Previously file.txt[CR][LF] would have been returned as file.tx - (without the last t) if filetype is symlink. Now the t is - included and the internal item_length includes the zero byte. + - checks that each option has its own man page present - Spotted using test 576 on Windows. + - checks that each option is mentioned in its corresponding index man + page -- test 16: fix on Linux (and Windows) by using plain ASCII characters +- curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION - Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel. + ... although it is deprecated. -- tftpd server: add Windows support by writing files in binary mode +Jay Satiro (28 Apr 2016) +- mbedtls: Fix session resume + + This also fixes PolarSSL session resume. + + Prior to this change the TLS session information wasn't properly + saved and restored for PolarSSL and mbedTLS. + + Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html + Reported-by: Thomas Glanzmann + + Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html + Reported-by: Moti Avrahami -- tests 252-255: use datacheck mode text for ASCII-mode LISTings +Daniel Stenberg (27 Apr 2016) +- RELEASE-NOTES: synced with f4298fcc6d2 -- test 16: fix on Windows by converting data file from ANSI to UTF-8 +- [Michael Kaufmann brought this change] -Daniel Stenberg (23 Dec 2015) -- Makefile.inc: s/curl_SOURCES/CURL_FILES + opts: Fix some syntax errors in example code fragments - This allows the root Makefile.am to include the Makefile.inc without - causing automake to warn on it (variables named *_SOURCES are - magic). curl_SOURCES is then instead assigned properly in - src/Makefile.am only. + Fixes #779 + +- openssl: avoid BN_print a NULL bignum - Closes #577 + OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those + numbers so make sure the function handles this. + + Reported-by: Linus Nordberg -- [Anders Bakken brought this change] +- [Marcel Raad brought this change] - ConnectionExists: with *PIPEWAIT, wait for connections + CONNECT_ONLY: don't close connection on GSS 401/407 reponses - Try harder to prevent libcurl from opening up an additional socket when - CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS - handshakes complete first before the decision is made. + Previously, connections were closed immediately before the user had a + chance to extract the socket when the proxy required Negotiate + authentication. - Closes #575 + This regression was brought in with the security fix in commit + 79b9d5f1a42578f + + Closes #655 -- [Anders Bakken brought this change] +- CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0 - Add .dir-locals and set c-basic-offset to 2. +- mbedtls.c: silly spellfix of a comment + +- KNOWN_BUGS: 1.10 Strips trailing dot from host name - This makes it easier for emacs users to automatically get the right - 2-space indentation when they edit curl source files. + Closes #716 + +- test1322: verify stripping of trailing dot from host name - c++-mode is in there as well because Emacs can't easily know if - something is a C or C++ header. + While being debated (in #716) and a violation of RFC 7230 section 5.4, + this test verifies that the existing functionality works as intended. It + strips the dot from the host name and uses the host without dot + throughout the internals. + +- multi: accidentally used resolved host name instead of proxy - Closes #574 + Regression introduced in 09b5a998 + + Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html + Reported-by: BoBo -- [Johannes Schindelin brought this change] +- symbols-in-versions: added new CURLSSLBACKEND_ symbols - configure: detect IPv6 support on Windows +- test148: fixed after the --ftp-create-dirs retry change - This patch was "nicked" from the MINGW-packages project by Daniel. - - https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007 - Signed-off-by: Johannes Schindelin + follow-up commit to 3c1e84f569 as it made curl try a little harder -- configure: allow static builds on mingw +- curl.h: clarify curl_sslbackend for openssl clones and renames + +- [Karlson2k brought this change] + + url.c: fixed DEBUGASSERT() for WinSock workaround - This patch is adopted from the MINGW-packages project. It makes it - possible to build curl both shared and static again. + If buffer is allocated, but nothing is received during prereceive + stage, than number of processed bytes must be zero. - URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl + Closes #778 -Marc Hoersken (17 Dec 2015) -- test 1326: fix file check since curl is outputting binary data +- KNOWN_BUGS: --interface for ipv6 binds to unusable IP address + + Closes #686 for now. -- test 1326: fix getting stuck on Windows due to incomplete request +- TODO: 1.17 Add support for IRIs - The request needs to be read and send in binary mode in order to use - CRLF instead of LF. Adding --upload-file - causes curl to read stdin - in binary mode. + Adding support for IRIs is a mouthful, but is probably interesting at + least for areas and countries where the use of such "URLs" are growing + popularity. + + Closes #776 -Daniel Stenberg (17 Dec 2015) -- RELEASE-NOTES: command line option recount +- THANKS-filter: Travis Burtrum -Dan Fandrich (16 Dec 2015) -- scripts/Makefile: build zsh script even in an out-of-tree build +- lib1517: checksrc compliance -Marc Hoersken (16 Dec 2015) -- sockfilt.c: added some debug output to select_ws +- [moparisthebest brought this change] -- sockfilt.c: keep lines shorter than 80 chars + PolarSSL: Implement public key pinning -- sockfilt.c: do not wait on unreliable file or pipe handle +Patrick Monnerat (22 Apr 2016) +- os400: upgrade ILE/RPG binding + +- curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string + +Daniel Stenberg (22 Apr 2016) +- contributors.sh: make --releasenotes implied - The previous implementation caused issues on modern MSYS2 runtimes. + It got too annoying to type =) -Daniel Stenberg (16 Dec 2015) -- cyassl: deal with lack of *get_peer_certificate +- RELEASE-NOTES: synced with 3c1e84f5693d8093 + +- curl: make --ftp-create-dirs retry on failure - The function is only present in wolfssl/cyassl if it was built with - --enable-opensslextra. With these checks added, pinning support is disabled - unless the TLS lib has that function available. + The underlying libcurl option used for this feature is + CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir + creation, but it was never set to do that by the command line tool. - Also fix the mistake in configure that checks for the wrong lib name. + Now it does. - Closes #566 + Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html + Reported-by: John Wanghui + Help-by: Leif W -- wolfssl: handle builds without SSLv3 support +- [Henrik Gaßmann brought this change] -- [Tatsuhiro Tsujikawa brought this change] + winbuild: add mbedtls support + + Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL + options mutual exclusive. + + Closes #606 - http2: Support trailer fields +- KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables" - This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked - encoding must be used to send trialer fields. HTTP/2 deprecated any - trandfer-encoding, including chunked. But trailer fields are now - always available. + As of commit d9f3b365a3 + +- [Irfan Adilovic brought this change] + + configure: ac_cv_ -> curl_cv_ for write-only vars - Since trailer fields are relatively rare these days (gRPC uses them - extensively though), allocating buffer for trailer fields is done when - we detect that HEADERS frame containing trailer fields is started. We - use Curl_add_buffer_* functions to buffer all trailers, just like we - do for regular header fields. And then deliver them when stream is - closed. We have to be careful here so that all data are delivered to - upper layer before sending trailers to the application. + These configure vars are modified in a curl-specific way but never + evaluated or loaded from cache, even though they are designated as + _cv_. We could either implement proper AC_CACHE_CHECKs for them, or + remove them completely. - We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE - mechanism, but current method is far more simple. + Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and + AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after + the first configure run with caching. - Another possibility is use chunked encoding internally for HTTP/2 - traffic. I have not tested it, but it could add another overhead. + `ac_cv_func_strcasecmp` is curious, see #770. - Closes #564 + `eval "ac_cv_func_$func=yes"` can still cause problems as it works in + tandem with AC_CHECK_FUNCS and then potentially modifies its result. It + would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro, + which works the same as AC_CHECK_FUNCS but relies on caching the values + of curl_cv_func_* variables, without modifiying ac_cv_func_*. -- RELEASE-NOTES: synced with 6c2c019654e658a +- [Irfan Adilovic brought this change] -Jay Satiro (15 Dec 2015) -- x509asn1: Fix host altname verification - - - In Curl_verifyhost check all altnames in the certificate. - - Prior to this change only the first altname was checked. Only the GSKit - SSL backend was affected by this bug. + configure: ac_cv_ -> curl_cv_ for r/w vars - Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html - Reported-by: John Kohl + These configure vars are modified in a curl-specific way and modified by + the configure process, but are never loaded from cache, even though they + are designated as _cv_. We should implement proper AC_CACHE_CHECKs for + them eventually. -Daniel Stenberg (15 Dec 2015) -- curl --expect100-timeout: added +- [Irfan Adilovic brought this change] + + configure: ac_cv_func_clock_gettime -> curl_... - This is the new command line option to set the value for the existing - libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS + This variable must not be cached in its current form, as any cached + information will prevent the next configure run from determining the + correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to + just `curl_`. -- cyassl: fix compiler warning on type conversion +- [Irfan Adilovic brought this change] -- curlver: the pending release will become 7.47.0 + configure: ac_cv_ -> curl_cv_ for all cached vars + + This was automated by: + + sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \ + ack -o 'ac_cv_.*?\b' | \ + sort -u | xargs -n1 bash -c \ + 'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \ + $(git ls-files) + + This only changed the prefix for 16 variables actually checked with + AC_CACHE_CHECK. -- [Anders Bakken brought this change] +- openssl: builds with OpenSSL 1.1.0-pre5 + + The RSA, DSA and DH structs are now opaque and require use of new APIs + + Fixes #763 - setstropt: const-correctness +Steve Holme (20 Apr 2016) +- url.c: Prefer we don't use explicit NULLs in conditions - Closes #565 + Fixed commit fa5fa65a30 to not use NULLs in if condition. -- ROADMAP: implemented HTTP2 for HTTPS-only +Daniel Stenberg (20 Apr 2016) +- [Isaac Boukris brought this change] -- HTTP2.md: spell fix and remove TODO now implemented + NTLM: check for NULL pointer before deferencing + + At ConnectionExists, both check->proxyuser and check->proxypasswd + could be NULL, so make sure to check first. + + Fixes #765 -- libressl: the latest openssl x509 funcs are not in libressl +- [Karlson2k brought this change] -- curl: use 2TLS by default + tests: added test1517 - Make this the default for the curl tool (if built with HTTP/2 powers - enabled) unless a specific HTTP version is requested on the command - line. + ... for checking ability to receive full HTTP response when POST request + is used with slow read callback function. - This should allow more users to get HTTP/2 powers without having to - change anything. + This test checks for bug #657 and verifies the work-around from + 72d5e144fbc6. + + Closes #720 -- http: add libcurl option to allow HTTP/2 for HTTPS only +- [Karlson2k brought this change] + + sendf.c: added ability to call recv() before send() as workaround - ... and stick to 1.1 for HTTP. This is in line with what browsers do and - should have very little risk. + WinSock destroys recv() buffer if send() is failed. As result - server + response may be lost if server sent it while curl is still sending + request. This behavior noticeable on HTTP server short replies if + libcurl use several send() for request (usually for POST request). + To workaround this problem, libcurl use recv() before every send() and + keeps received data in intermediate buffer for further processing. + + Fixes: #657 + Closes: #668 -- openssl: adapt to openssl >= 1.1.0 X509 opaque structs +Kamil Dudka (19 Apr 2016) +- connect: make sure that rc is initialized in singleipconnect() - Closes #491 + This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13: + + Error: CLANG_WARNING: + lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value + 1118| } + 1119| + 1120|-> if(-1 == rc) + 1121| error = SOCKERRNO; + 1122| } -- openssl: avoid BIO_reset() warnings since it returns a value +Daniel Stenberg (19 Apr 2016) +- make/checksrc: use $srcdir, not $top_srcdir -- openssl: adapt to 1.1.0+ name changes +- src/checksrc.whitelist: removed -- scripts/makefile: add standard header +- tool_operate: switch to inline checksrc ignore -- scripts/Makefile: fix GNUism and survive no perl +- lib/checksrc.whitelist: not needed anymore - Closes #555 + ... as checksrc now skips comments + +- vtls.h: remove a space before semicolon - Reported-by: Thomas Klausner + ... that the new checksrc detected -- fix b6d5cb40d7038fe +- darwinssl: removed commented out code -- [Tatsuhiro Tsujikawa brought this change] +- http_chunks: removed checksrc disable + + ... since checksrc now skips comments - http2: Fix hanging paused stream +- imap: inlined checksrc disable instead of whitelist edit + +- checksrc: taught to skip comments - When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we - might not process DATA frame fully. Calling nghttp2_session_mem_recv() - again will continue to process DATA frame, but if there is no incoming - frames, then we have to call it again with 0-length data. Without this, - on_stream_close callback will not be called, and stream could be hanged. + ... but output non-stripped version of the line, even if that then can + make the script identify the wrong position in the line at + times. Showing the line stripped (ie without comments) is just too + surprising. + +- opts/Makefile.am: list all docs file one by one - Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html - Reported-by: Francisco Moraes + ... to make it easier to add lines in patches that won't just break all + other patches trying to add lines too. -- [Christian Stewart brought this change] +- curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN - build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS +- RELEASE-NOTES: synced with 03de4e4b219 - With curl disable verbose strings in http.c the compilation fails due to - the data variable being undefined later on in the function. + (since we just merged two major features) + +- [Alessandro Ghedini brought this change] + + connect: implement TCP Fast Open for Linux - Closes #558 + Closes #660 -Jay Satiro (7 Dec 2015) -- [Gisle Vanem brought this change] +- [Alessandro Ghedini brought this change] - config-win32: Fix warning HAVE_WINSOCK2_H undefined + tool: add --tcp-fastopen option -- [Gisle Vanem brought this change] +- [Alessandro Ghedini brought this change] - openssl: BoringSSL doesn't have CONF_modules_free + connect: implement TCP Fast Open for OS X -- [Gisle Vanem brought this change] +- [Alessandro Ghedini brought this change] - lwip: Fix compatibility issues with later versions - - The name of the header guard in lwIP's has changed from - '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). + url: add CURLOPT_TCP_FASTOPEN option + +- checksrc: pass on -D so the whitelists are found correctly + +- configure: remove check for libresolve - Other fixes: + 'strncasecmp' was once provided by libresolv (no trailing e) for SunOS, + but this check is broken and most likely adds nothing useful. Removing + now. - - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is - used. + Reported-by: Irfan Adilovic - - In memdebug.h, the 'socket' should be undefined first due to lwIP's - lwip_socket() macro. + Discussed in #770 + +- scripts/make: use $(EXEEXT) for executables - - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need - special handling because they were undef'ed in memdebug.h. + Reported-by: bodop - - In select.c we can't use preprocessor conditionals inside select if - MSVC and select is a macro, as it is with lwIP. + Fixes #771 + +- includes: avoid duplicate memory callback typdefs even harder + +- checksrc/makefile.am: use $top_srcdir to find source files - http://curl.haxx.se/mail/lib-2015-12/0023.html - http://curl.haxx.se/mail/lib-2015-12/0024.html + ... to properly support out of source tree builds. -Patrick Monnerat (7 Dec 2015) -- os400: define CURL_VERSION_PSL in ILE/RPG binding +- RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5 -Jay Satiro (7 Dec 2015) -- [Gisle Vanem brought this change] +- opts: fix option references missing (section) - version: Add flag CURL_VERSION_PSL for libpsl +- [Michael Kaufmann brought this change] -- formdata: Check if length is too large for memory - - - If the size of the length type (curl_off_t) is greater than the size - of the size_t type then check before allocating memory to make sure the - value of length will fit in a size_t without overflow. If it doesn't - then return CURLE_BAD_FUNCTION_ARGUMENT. + news: CURLOPT_CONNECT_TO and --connect-to - Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 - Reported-by: Steve Holme - -Steve Holme (3 Dec 2015) -- tests: Corrected copy and pasted comments from commit e643c5c908 + Makes curl connect to the given host+port instead of the host+port found + in the URL. -Daniel Stenberg (3 Dec 2015) -- curl: remove keepalive #ifdef checks done on libcurl's behalf +- makefile.vc6: use d suffix on debug object - They didn't match the ifdef logic used within libcurl anyway so they - could indeed warn for the wrong case - plus the tool cannot know how the - lib actually performs at that level. + To allow both release and debug builds in parallel. + + Reported-by: Rod Widdowson + + Fixes #769 -Steve Holme (2 Dec 2015) -- test947: Corrected typo in test name +Jay Satiro (12 Apr 2016) +- http2: Use size_t type for data drain count + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- tests: Disable the OAUTHBEARER tests when using a non-default port number +- http2: Improve header parsing - Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail - if a custom port number is specified via the -b option of runtests.pl. + - Error if a header line is larger than supported. - Suggested by: Kamil Dudka - Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html - -Daniel Stenberg (2 Dec 2015) -- bump: towards next release + - Warn if cumulative header line length may be larger than supported. - for all we know now, it might be called 7.46.1 + - Allow spaces when parsing the path component. + + - Make sure each header line ends in \r\n. This fixes an out of bounds. + + - Disallow header continuation lines until we decide what to do. + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -Version 7.46.0 (1 Dec 2015) +- http2: Add Curl_http2_strerror for HTTP/2 error codes + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -Daniel Stenberg (1 Dec 2015) -- RELEASE-NOTES: updated contributor count for 7.46.0 +- [Tatsuhiro Tsujikawa brought this change] -- THANKS: new contributors from the 7.46.0 release + http2: Don't increment drain when one header field is received + + Sicne we write header field in temporary location, not in the memory + that upper layer provides, incrementing drain should not happen. + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- THANKS-filter: single Tim Rühsen spelling +- [Tatsuhiro Tsujikawa brought this change] -- docs/examples: gitignore some more built examples + http2: Ensure that http2_handle_stream_close is called + + This commit ensures that streams which was closed in on_stream_close + callback gets passed to http2_handle_stream_close. Previously, this + might not happen. To achieve this, we increment drain property to + forcibly call recv function for that stream. + + To more accurately check that we have no pending event before shutting + down HTTP/2 session, we sum up drain property into + http_conn.drain_total. We only shutdown session if that value is 0. + + With this commit, when stream was closed before reading response + header fields, error code CURLE_HTTP2_STREAM is returned even if + HTTP/2 level error is NO_ERROR. This signals the upper layer that + stream was closed by error just like TCP connection close in HTTP/1. + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- RELEASE-NOTES; this bug was never released +- [Tatsuhiro Tsujikawa brought this change] -- RELEASE-NOTES: synced with e55f15454efacb0 + http2: Process paused data first before tear down http2 session + + This commit ensures that data from network are processed before HTTP/2 + session is terminated. This is achieved by pausing nghttp2 whenever + different stream than current easy handle receives data. + + This commit also fixes the bug that sometimes processing hangs when + multiple HTTP/2 streams are multiplexed. + + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- [Flavio Medeiros brought this change] +- [Tatsuhiro Tsujikawa brought this change] - Curl_read_plain: clean up ifdefs that break statements + http2: Check session closure early in http2_recv - Closes #546 + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- http2: convert some verbose output into debug-only output +- [Tatsuhiro Tsujikawa brought this change] -- http2 push: add missing inits of new stream + http2: Add handling stream level error - - set the correct stream_id for pushed streams - - init maxdownload and size properly - -- http2 push: set weight for new stream + Previously, when a stream was closed with other than NGHTTP2_NO_ERROR + by RST_STREAM, underlying TCP connection was dropped. This is + undesirable since there may be other streams multiplexed and they are + very much fine. This change introduce new error code + CURLE_HTTP2_STREAM, which indicates stream error that only affects the + relevant stream, and connection should be kept open. The existing + CURLE_HTTP2 means connection error in general. - give the new stream the old one's stream_weight internally to avoid - sending a PRIORITY frame unless asked for it + Ref: https://github.com/curl/curl/issues/659 + Ref: https://github.com/curl/curl/pull/663 -- curl_setup.h: undef freeaddrinfo in c-ares block to fix build +Daniel Stenberg (11 Apr 2016) +- http2: drain the socket better... - Fixes warnings 78c25c854a added. - -- nonblock: fix setting non-blocking mode for Amiga + ... but ignore EAGAIN if the stream has ended so that we don't end up in + a loop. This is a follow-up to c8ab613 in order to avoid the problem + d261652 was made to fix. - IoctlSocket() apparently wants a pointer to a long, passed as a char * - in its third parameter. This bug was introduced already back in commit - c5fdeef41d from October 1 2001! + Reported-by: Jay Satiro + Clues-provided-by: Tatsuhiro Tsujikawa - Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html - Reported-by: Norbert Kett + Discussed in #750 -- zsh install: fix DESTDIR support +- KNOWN_BUGS: added info for "Hangs with PolarSSL" + +- KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse - Reported-by: Mohammad AlSaleh + Closes #750 -Dan Fandrich (27 Nov 2015) -- lib: Only define curl_dofreeaddrinfo if struct addrinfo is available +- build: include scripts/ in the dist -Steve Holme (27 Nov 2015) -- tool_paramhlp: Fixed display of URL index in password prompt for --next +Steve Holme (9 Apr 2016) +- CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME - Commit f3bae6ed73 added the URL index to the password prompt when using - --next. Unfortunately, because the size_t specifier (%zu) is not - supported by all sprintf() implementations we use the curl_off_t format - specifier instead. The display of an incorrect value arises on platforms - where size_t and curl_off_t are of a different size. + As these two options provide identical functionality, the former for + SOCK5 proxies and the latter for HTTP proxies, merged the two options + together. + + As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of + 7.49.0. -Daniel Stenberg (25 Nov 2015) -- timecond: do not add if-modified-since without timecondition +- urldata: Use bool for socks5_gssapi_nec as it is a flag - The RTSP code path didn't skip adding the if-modified-since for certain - RTSP code paths, even if CURLOPT_TIMECONDITION was set to - CURL_TIMECOND_NONE. + This value is set to TRUE or FALSE so should be a bool and not a long. + +- url: Ternary operator code style changes + +- CODE_STYLE: Added ternary operator example to 'Space around operators' - Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals - CURL_TIMECOND_IFMODSINCE. + Following conversation on the libcurl mailing list. + +- sasl: Fixed compilation errors from commit 9d89a0387 - Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header + ...when GSS-API or Windows SSPI are not used. -- RELEASE-NOTES: synced with 99d17a5e2ba77e58 +- url: Corrected comments following 9d89a0387 -- examples/README: cut out the incomplete list - - ... and add a generic explanation for them instead. Each example file - should contain its own description these days. +- docs: Added clarification following commit 9d89a0387 -- test1513: make sure the callback is only called once +- Makefile: Fixed echo of checksrc check -- [Daniel Shahaf brought this change] +- checksrc: Fix issue with the autobuilds not picking up the whitelist - build: Install zsh completion - - Fixes #534 - Closes #537 +- checksrc: Added missing vauth and vtls directories -- done: make sure the final progress update is made - - It would previously be skipped if an existing error was returned, but - would lead to a previous value being left there and later used. - CURLINFO_TOTAL_TIME for example. - - Still it avoids that final progress update if we reached DONE as the - result of a callback abort to avoid another callback to be called after - an abort-by-callback. +- ftp/imap/pop3/smtp: Allow the service name to be overridden - Reported-by: Lukas Ruzicka - - Closes #538 + Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5 + authentication in FTP, IMAP, POP3 and SMTP. -- curl: expanded the -XHEAD warning text +- http_negotiate: Calculate service name and proxy service name locally - ... to also mention the specific options used. + Calculate the service name and proxy service names locally, rather than + in url.c which will allow for us to support overriding the service name + for other protocols such as FTP, IMAP, POP3 and SMTP. -- Revert "cleanup: general removal of TODO (and similar) comments" +- ROADMAP: Updated following the move of the authentication code + +Patrick Monnerat (8 Apr 2016) +- KNOWN_BUGS: openldap hangs. TODO: binary SASL. + +Daniel Stenberg (8 Apr 2016) +- KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables - This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. + Closes #603 + +- KNOWN_BUGS: 11.2 error buffer not set... - Feedback-by: Dan Fandrich - URL: http://curl.haxx.se/mail/lib-2015-11/0062.html + Closes #544 -- CURLOPT_HEADERFUNCTION.3: fix typo +- KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS - Refer to _HEADERDATA not _WRITEDATA. + Closes #543 + +- KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects - Reported-by: Michał Piechowski + Closes #522 -- TODO: TCP Fast Open +- TODO: HTTP/2 "prior knowledge" is implemented! -Steve Holme (22 Nov 2015) -- examples: Added website parse-able descriptions to the e-mail examples +- [Damien Vielpeau brought this change] -- TODO: Added another 'multi-interface' idea + mbedtls: fix MBEDTLS_DEBUG builds -- smb.c: Fixed compilation warnings +- mbedtls: implement and provide *_data_pending() - smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may - alter its value - smb.c:146:42: warning: conversion to 'unsigned int' from 'long long - unsigned int' may alter its value - smb.c:146:65: warning: conversion to 'unsigned int' from 'long long - unsigned int' may alter its value + ... as otherwise we might get stuck thinking there's no more data to + handle. + + Reported-by: Damien Vielpeau + + Fixes #737 -- schannel: Corrected copy/paste error in commit 8d17117683 +- mbedtls: follow-up for the previous commit -- schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available +- mbedtls.c: name space pollution fix, Use 'Curl_' + +- mbedtls.c: changed private prefix to mbed_ - Regression from commit 7a8e861a5 as highlighted in the msys autobuilds. + mbedtls_ is the prefix used by the mbedTLS library itself so we should + avoid using that for our private functions. -- examples: Fixed compilation warnings +- mbedtls.h: fix compiler warnings + +- Revert "winbuild: trying to set some files eol=crlf for git" - pop3-multi.c:96:5: warning: implicit declaration of function 'memset' - imap-multi.c:96:5: warning: implicit declaration of function 'memset' - http2-download.c:226:5: warning: implicit declaration of function 'memset' - http2-upload.c:290:5: warning: implicit declaration of function 'memset' - http2-upload.c:290:5: warning: implicit declaration of function 'memset' + This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21. + + Didn't help. Caused problems. + + Fixes #756 -- Makefile.inc: Fixed test run error +- curl.1: use example.com more - test845 not present in tests/data/Makefile.inc + Make (most) example snippets use the example.com domain instead of the + random ones picked and used before. Some of those were probably + legitimate sites and some not. example.com is designed for this purpose. -Daniel Stenberg (20 Nov 2015) -- TODO: remove duplicated title +- [Michael Kaufmann brought this change] -- TODO: added two more libcurl ideas + HTTP2: Add a space character after the status code - Moved some ideas from "next major" to just ordinary ideas since we can - always add new things while keeping the old without doing a "next - major". + The space character after the status code is mandatory, even if the + reason phrase is empty (see RFC 7230 section 3.1.2) + + Closes #755 -Steve Holme (20 Nov 2015) -- tests: Re-enabled tests 889 and 890 following POP3 fix +- [Viktor Szakats brought this change] -- pop3: Differentiate between success and continuation responses + URLs: change http to https in many places + + Closes #754 -- pop3: Added clarity on some server response codes +- winbuild: trying to set some files eol=crlf for git + + Thinking it might help to apply patches etc with git. -Daniel Stenberg (20 Nov 2015) -- [Daniel Shahaf brought this change] +- [Theodore Dubois brought this change] - build: Fix theoretical infinite loops + curl.1: change example for -F - Add error-checking to 'cd' in a few cases where omitting the checks - might result in an infinite loop. + It's a bad idea to send your passwords anywhere, especially over HTTP. + Modified example to send a picture instead. - Closes #535 + Fixes #752 -Patrick Monnerat (19 Nov 2015) -- curl.h: s/#defien/#define/ +- KNOWN_BUGS: reorganized and cleaned up + + Now sorted into categories and organized in the same style we do the + TODO document. It will make each issue linked properly on the + https://curl.haxx.se/docs/knownbugs.html web page. + + The sections should make it easier to find issues and issues related to + areas of the reader's specific interest. -- os400: synchronize ILE/RPG header file +Jay Satiro (6 Apr 2016) +- KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments -- os400: Provide options for libssh2 use in compile scripts. Adjust README. +Steve Holme (6 Apr 2016) +- KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues -Daniel Stenberg (19 Nov 2015) -- [danielsh@apache.org brought this change] +- CHECKSRC.md: Corrected some typos - zsh completion: Preserve single quotes in output - - When an option's help string contains literal single quotes, those - single quotes would be stripped from the option's description in the - completion output (unless the zsh RC_QUOTES option were set while the - completion function was being sourced, which is not the default). This - patch makes the completion output contain single quotes where the --help - output does. +- RELEASE-NOTES: Corrected last updated - Closes #532 + Included a summary of the checksrc.bat updates and combined two krb5 + changes as they should have been implemented at the same time. -Jay Satiro (18 Nov 2015) -- [MaxGiting brought this change] +- vauth: Corrected a number of typos in comments + + Reported-by: Michael Osipov - FAQ: Grammar changes +Jay Satiro (5 Apr 2016) +- KNOWN_BUGS: #94 IMAP custom requests use the LIST handler - Closes https://github.com/bagder/curl/pull/533 + Bug: https://github.com/curl/curl/issues/536 + Reported-by: eXeC64@users.noreply.github.com -Daniel Stenberg (17 Nov 2015) -- http2: http_done: don't free already-freed push headers +Daniel Stenberg (5 Apr 2016) +- KNOWN_BUGS: remove 68, 70 and 72. - The push headers are freed after the push callback has been invoked, - meaning this code should only free the headers if the callback was never - invoked and thus the headers weren't freed at that time. + Due to their age (we don't fully know if they actually remain) and lack + of detail - very few people will bother to find out what they're about + or work on them. If people truly still suffer from any of these, I + assume they will be reported again and then we'll deal with them. - Reported-by: Davey Shafik + 72. "Pausing pipeline problems." + https://curl.haxx.se/mail/lib-2009-07/0214.html + + 70. Problem re-using easy handle after call to curl_multi_remove_handle + https://curl.haxx.se/mail/lib-2009-07/0249.html + + 68. "More questions about ares behavior". + https://curl.haxx.se/mail/lib-2009-08/0012.html -- [Anders Bakken brought this change] +- KNOWN_BUGS: remove 92 and 88, fixed - getconnectinfo: Don't call recv(2) if socket == -1 +- http2: fix connection reuse when PING comes after last DATA - Closes #528 - -- CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header + It turns out the google GFE HTTP/2 servers send a PING frame immediately + after a stream ends and its last DATA has been received by curl. So if + we don't drain that from the socket, it makes the socket readable in + subsequent checks and libcurl then (wrongly) assumes the connection is + dead when trying to reuse the connection. - ... if there are more than one using the same name + Reported-by: Joonas Kuorilehto + + Discussed in #750 -- http2: minor comment typo +- multi: remove trailing space in debug output -- sasl; fix checksrc warnings +- RELEASE-NOTES: synced with 86e97b642fb -Steve Holme (15 Nov 2015) -- RELEASE-NOTES: Adjusted for the recent OAuth 2.0 activity +- CHECKSRC.md: mention cmdline options, fix the bullet list -- tests: Disabled 889 and 890 until we support POP3 continuation responses +- docs/CHECKSRC.md: initial version + +Steve Holme (3 Apr 2016) +- checksrc.bat: Added support for the examples + +Daniel Stenberg (3 Apr 2016) +- lib/src: fix the checksrc invoke - As POP3 final and continuation responses both begin with a + character, - and both the finalcode and contcode variables in SASLprotoc are set as - such, we cannot tell the difference between them when we are expecting - an optional continuation from the server such as the following: + ... now works correctly when invoke from the root makefile + +- nw: please the stricter checksrc + +Steve Holme (3 Apr 2016) +- checksrc.bat: Re-enabled the tests directory by default - + something else from the server - +OK final response + Following the recent changes to the source in the tests directory, + re-enabled tests for the default scan. + +- checksrc.bat: Added tests/server directory support - Disabled these tests until such a time we can tell the responses apart. + In addition to commit 83b174b3f0 and following the recent changes. -- tests: Corrected typos from commit ba4d8f7eba +- tests: Fixed header files to comply with our code style -- tests: Added OAUTHBEARER failure response tests +Daniel Stenberg (3 Apr 2016) +- make checksrc: run it in docs/examples too by default -- oauth2: Support OAUTHBEARER failures sent as continuation responses - - According to RFC7628 a failure message may be sent by the server in a - base64 encoded JSON string as a continuation response. +- docs/examples: remove spurious white spaces all over - Currently only implemented for OAUTHBEARER and not XAUTH2. + ... to please the new, slightly picker, checksrc.pl -Daniel Stenberg (15 Nov 2015) -- RELEASE-NOTES: synced with 808a17ee675 +- tests: fix make checksrc in servers/ -Steve Holme (14 Nov 2015) -- tests: Renamed existing OAuth 2.0 (XOAUTH) tests +- tests: 'make checksrc' now checks server/ too -- tests: Added OAuth 2.0 (OAUTHBEARER) tests +- root/make: have checksrc run in include/curl too -- oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP - - OAUTHBEARER is now the official "registered" SASL mechanism name for - OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some - servers won't support the new mechanism yet. +- tests/server: comply with our code style -Daniel Stenberg (13 Nov 2015) -- RELEASE-NOTES: recounted curl_easy_setopt() options +- code: style updates -- typecheck-gcc.h: add missing slist-using options +- checksrc: check for more malplaced spaces + +- unit: make unit test source code checksrc compliant + +- checksrc: run checksrc in tests when 'make checksrc' in root + +- checksrc: remove debug crap + +- lib557: allow too long lines + +- checksrc: allow ignore of specific warnings within a file (section) + +- checksrc: add warning names, explain on help output + +Steve Holme (3 Apr 2016) +- checksrc.bat: Disable tests by default until warnings are fixed + +- checksrc.bat: Added support for the tests directory + +- vauth: Removed the need for a separate GSS-API based SPN function + +- curl_sasl: Fixed potential null pointer utilisation - CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing + Although this should never happen due to the relationship between the + 'mech' and 'resp' variables, and the way they are allocated together, + it does cause problems for code analysis tools: - Also sorted the list. + V595 The 'mech' pointer was utilized before it was verified against + nullptr. Check lines: 376, 381. curl_sasl.c 376 + + Bug: https://github.com/curl/curl/issues/745 + Reported-by: Alexis La Goutte -- typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA +- spnego: Small code tidy up - ... and sorted curl_is_cb_data_option alphabetically + * Prefer dereference of string pointer rather than strlen() + * Free challenge pointer in one place + * Additional comments -Jay Satiro (13 Nov 2015) -- [Sebastian Pohlschmidt brought this change] +- krb5: Small code tidy up + + * Prefer dereference of string pointer rather than strlen() + * Free challenge pointer in one place + * Additional comments - openssl: Free modules on cleanup +- krb5_gssapi: Only process challenge when present - Curl_ossl_init calls OPENSSL_load_builtin_modules() but - Curl_ossl_cleanup doesn't make a call to free these modules. + This wouldn't cause a problem because of the way the function is called, + but prior to this change, we were processing the challenge message when + the credentials were NULL rather than when the challenge message was + populated. - Bug: https://github.com/bagder/curl/issues/526 + This also brings this part of the Kerberos 5 code in line with the + Negotiate code. -Steve Holme (13 Nov 2015) -- symbols-in-versions: Added new CURLOPTTYPE_STRINGPOINT alias +- krb5: Fixed missing client response when mutual authentication enabled - ...following commit aba281e762 to fix test 1119. - -Daniel Stenberg (13 Nov 2015) -- curl: mark two more options strings for --libcurl output + Although mutual authentication is currently turned off and can only be + enabled by changing libcurl source code, authentication using Kerberos + 5 has been broken since commit 79543caf90 in this use case. -- typecheck-gcc.h: add some missing string types +- krb5_sspi: Only process challenge when present - Also sorted that list alphabetically - -- curl.h: introducing the STRINGPOINT alias + This wouldn't cause a problem because of the way the function is called, + but prior to this change, we were processing the challenge message when + the credentials were NULL rather than when the challenge message was + populated. - As an alias for OBJECTPOINT. Provided to allow us to grep for all string - options easier. + This also brings this part of the Kerberos 5 code in line with the + Negotiate code. -- cleanup: general removal of TODO (and similar) comments +- krb5_sspi: Only generate the output token when its not allocated - They tend to never get updated anyway so they're frequently inaccurate - and we never go back to revisit them anyway. We document issues to work - on properly in KNOWN_BUGS and TODO instead. - -- ftplistparser: remove empty function - -- openssl: remove #if check for 0.9.7 for ENGINE_load_private_key - -- openssl: all supported versions have X509_STORE_set_flags + Prior to this change, we were generating the output token when the + credentials were NULL rather than when the output token was NULL. - Simplify by removing #ifdefs and macros - -- openssl: remove 0.9.3 check + This also brings this part of the Kerberos 5 code in line with the + Negotiate code. -- openssl: remove #ifdefs for < 0.9.5 support +- krb5: Only generate a SPN when its not known - We only support >= 0.9.7 - -- lib/vtls/openssl: remove unused traces of yassl ifdefs - -Dan Fandrich (12 Nov 2015) -- [dfandrich brought this change] - - unit1603: Demote hash mismatch failure to a warning + Prior to this change, we were generating the SPN in the SSPI code when + the credentials were NULL and in the GSS-API code when the context was + empty. It is better to decouple the SPN generation from these checks + and only generate it when the SPN itself is NULL. - The hashes can vary between architectures (e.g. Sparc differs from x86_64). - This is not a fatal problem but just reduces the coverage of these white-box - tests, as the assumptions about into which hash bucket each key falls are no - longer valid. - -- [dfandrich brought this change] - - unit1603: Added unit tests for hash functions - -- [dfandrich brought this change] - - unit1602: Fixed failure in torture test + This also brings this part of the Kerberos 5 code in line with the + Negotiate code. -Steve Holme (12 Nov 2015) -- sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism - - Following the fix in commit d6d58dd558 it is necessary to re-introduce - XOAUTH2 in the default enabled authentication mechanism, which was - removed in commit 7b2012f262, otherwise users will have to specify - AUTH=XOAUTH2 in the URL. +Daniel Stenberg (3 Apr 2016) +- tests/libtest: follow our code style guidelines better - Note: OAuth 2.0 will only be used when the bearer is specified. + ... checksrc of all test code is pending. -- [Stefan Bühler brought this change] - - sasl_sspi: fix identity memory leak in digest authentication +- checksrc.whitelist: remove fopen() uses -- [Stefan Bühler brought this change] +- formdata: use appropriate fopen() macros - sasl_sspi: fixed unicode build for digest authentication +- checksrc: improve the fopen() parser somewhat - Closes #525 - -- oauth2: Re-factored OAuth 2.0 state variable + The quote scanner was too fragile, now look for a comma instead to find + the mode argument. -- sasl: Don't choose OAuth 2.0 if mechanism not advertised +- unit1604: fix snprintf - Regression from commit 9e8ced9890 which meant if --oauth2-bearer was - specified but the SASL mechanism wasn't supported by the server then - the mechanism would be chosen. - -Daniel Stenberg (12 Nov 2015) -- runtests: more compact "System characteristics" output + follow-up to 0326b06 - - no point in repeating curl features that is already listed as features - from the curl -V output + sizeof(pointer) is no good for the buffer size! - - remove the port numbers/unix domain path from the output unless - verbose is used, as that is rarely interesting to users. - -- runtests: rename conditional curl-features to $has_[name] + Reported-by: Viktor Szakats -Steve Holme (11 Nov 2015) -- oauth2: Introduced support for host and port details +Steve Holme (3 Apr 2016) +- unittests: Fixed compilation warnings - Added support to the OAuth 2.0 message function for host and port, in - order to accommodate the official OAUTHBEARER SASL mechanism which is - to be added shortly. - -- curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined - -- cmake: Add missing feature macros in config header (Part 2) + warning: implicit declaration of function 'sprintf_was_used' + [-Wimplicit-function-declaration] - In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols. + Follow up to the modications made to tests/libtest in commit 55452ebdff + as we prefer not to use sprintf() now. -Daniel Stenberg (10 Nov 2015) -- [Douglas Creager brought this change] - - cmake: Add missing feature macros in config header - - The curl_config.h file can be generated either from curl_config.h.cmake - or curl_config.h.in, depending on whether you're building using CMake or - the autotools. The CMake template header doesn't include entries for - all of the protocols that you can disable, which (I think) means that - you can't actually disable those protocols when building via CMake. +Daniel Stenberg (2 Apr 2016) +- curl.1: -w filename_effective was introduced in 7.26.0 - Closes #523 + We never made a 7.25.1 release -- [Douglas Creager brought this change] +- 7.49.0: next release version - BoringSSL: Work with stricter BIO_get_mem_data() +- http2: make use of the nghttp2 error callback - BoringSSL implements `BIO_get_mem_data` as a function, instead of a - macro, and expects the output pointer to be a `char **`. We have to add - an explicit cast to grab the pointer as a `const char **`. + It offers extra info from nghttp2 in certain error cases. Like for + example when trying prior-knowledge http2 on a server that doesn't speak + http2 at all. The error message is passed on as a verbose message to + libcurl. - Closes #524 - -- http2: rectify the http2 version #if check + Discussed in #722 - We need 1.0.0 or later. Also verified by configure. - -Steve Holme (9 Nov 2015) -- oauth2: Don't use XAUTH2 in OAuth 2.0 function name - -- oauth2: Don't use XOAUTH2 in OAuth 2.0 variables + The error callback was added in nghttp2 1.9.0 -- oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments +Steve Holme (2 Apr 2016) +- spnego: Renamed the context's SPN variable - When referring to OAuth 2.0 we should use the official name rather the - SASL mechanism name. + To be consistent with the Kerberos 5 context and other authentication + code. -Daniel Stenberg (9 Nov 2015) -- imap: avoid freeing constant string +- krb5_gssapi: Renamed the status variables - The fix in 1a614c6c3 was wrong and would leed to free() of a fixed - string. - - Pointed-out-by: Kamil Dudka - -- ROADMAP: remove two items already done + For consistency with the spnego code. -- RELEASE-NOTES: synced with 2200bf62054 - -Jay Satiro (9 Nov 2015) -- acinclude: Remove check for 16-bit curl_off_t +- krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argument - Because it's illogical to check for a 16-bit curl_off_t. + For consistency with the spnego and oauth2 code moved the setting of + the host name outside of the Curl_auth_create_gssapi_user_messag() + function. - Ref: https://github.com/bagder/curl/issues/425#issuecomment-154964205 - -Dan Fandrich (8 Nov 2015) -- tool: Fixed a memory leak on OOM introduced in 19cb0c4a + This will allow us to more easily override it in the future. -Steve Holme (8 Nov 2015) -- [Justin Ehlert brought this change] +- test1119: Fixed missing CURL_DID_MEMORY_FUNC_TYPEDEFS symbol - imap: Don't check for continuation when executing a CUSTOMREQUEST +- RELEASE-NOTES: Removed "http_negotiate: Corrected host and proxy host name" - Bug: https://github.com/bagder/curl/issues/486 - Closes https://github.com/bagder/curl/pull/487 + As this was introduced in the recent vauth changes and not a prior + release. -Daniel Stenberg (7 Nov 2015) -- imap: checksrc: remove space after while before paren +Daniel Stenberg (1 Apr 2016) +- RELEASE-NOTES: synced with 0aa8da10bbdafa -- checksrc.whitelist: "missing space after close paren" +Steve Holme (1 Apr 2016) +- http_negotiate: Corrected host and proxy host name being wrong way round - ... when it was within a string! - -Steve Holme (7 Nov 2015) -- opts: Corrected TLS protocols list to include POP3S rather than POP3 + I had accidentally used the proxy server name for the host and the host + server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst + Windows SSPI was quite happy with this, GSS-API wasn't. + + Thanks-to: Michael Osipov -- imap: Quote other 'atom-specials' and not just the space character +- build: Changed the Visual Studio projects warning level from 3 to 4 - Closes #517 + After squashing most of our compiler warnings, up'ed the default + warning level from 3 to 4 in order to increase the likelyhood of + catching future warnings. -- imap: Fixed double quote in LIST command when mailbox contains spaces +Daniel Stenberg (1 Apr 2016) +- [ehlertjd@gmail.com brought this change] -Daniel Stenberg (6 Nov 2015) -- imap: fix compiler warning + IMAP: check pointer before dereferencing it - imap.c:657:13: error: assignment discards 'const' qualifier from pointer - target type [-Werror=discarded-qualifiers] + may be null in the CURLOPT_CONNECT_ONLY case + + Fixes #747 -Steve Holme (6 Nov 2015) -- imap: Don't call imap_atom() when no mailbox specified in LIST command +Steve Holme (1 Apr 2016) +- .gitignore: Added new VC14 SQLite based program database files -Daniel Stenberg (6 Nov 2015) -- curl.1: remove the overlap --range example +- curl_memory.h: Fixed typo in comment - ... it is just weird to include by default even if it still works. + From commit 7218b52c49. -- tftp tests: verify sent options too +- spnego: Corrected some typos in comments - The tftpd test server now logs all received options and thus all TFTP - test cases need to match them exactly. + Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9. + +- memdebug: Ensure curl/curl.h is included before curl_memory.h - Extended test 283 to use and verify --tftp-blksize. + Follow up to commit 7db9782dd6. -Jay Satiro (6 Nov 2015) -- getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value +Daniel Stenberg (1 Apr 2016) +- upload: missing rewind call could make libcurl hang - - Set user info param to the socket returned by Curl_getconnectinfo, - regardless of if the socket is bad. Effectively this means the user info - param now will receive CURL_SOCKET_BAD instead of -1 on bad socket. + When an upload is done, there are two places where that can be detected + and only one of them would rewind the input stream - which sometimes is + necessary for example when doing NTLM HTTP POSTs and more. - - Remove incorrect comments. + This could then end up libcurl hanging. - CURLINFO_ACTIVESOCKET is documented to write CURL_SOCKET_BAD to user - info param but prior to this change it wrote -1. + Figured-out-by: Isaac Boukris + Reported-by: Anatol Belski - Bug: https://github.com/bagder/curl/pull/518 - Reported-by: Marcel Raad + Fixes #741 -Patrick Monnerat (5 Nov 2015) -- curl_ntlm_core: fix 2 curl_off_t constant overflows. - -- os400: adjust specific code to support new options. - -Daniel Stenberg (2 Nov 2015) -- [Lauri Kasanen brought this change] - - rawstr: Speed up Curl_raw_toupper by 40% +- curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFS - Rationale: when starting up a curl-using app, all cookies from the jar - are checked against each other. This was causing a startup delay in the - Fifth browser. + So that we only do the extra typedefs in curl_memory.h when we really + need to and avoid double typedefs. - All tests pass. + follow-up commit to 7218b52c49aeb1 - Signed-off-by: Lauri Kasanen + Thanks-to: Steve Holme -- http redirects: %-encode bytes outside of ascii range +- curl/mprintf.h: remove support for _MPRINTF_REPLACE - Apparently there are sites out there that do redirects to URLs they - provide in plain UTF-8 or similar. Browsers and wget %-encode such - headers when doing a subsequent request. Now libcurl does too. + The define is not in our name space and is therefore not protected by + our API promises. - Added test 1138 to verify. + It was only really used by libcurl internals but was mostly erased from + there already in 8aabbf5 (March 2015). This is supposedly the final + death blow to that define from everywhere. - Closes #473 - -- RELEASE-NOTES: synced with cba5bc585410 - -- symbols-in-version: add all CURL_HTTPPOST_* symbols - -- formadd: support >2GB files on windows + As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I + made the lib tests in tests/libtest/ use curl_printf.h for its redefine + magic and then subsequently the use of sprintf() got banned in the tests + as well (as it is in libcurl internals) and I then replaced them all + with snprintf(). - Closes #425 + In the unlikely event that any users is actually using this define and + gets sad by this change, it is very easily copied to the user's own + code. -- curl.h: s/HTTPPOST_/CURL_HTTPOST_ +- curl_memory.h: avoid the curl/curl.h include - Fixes a name space pollution at the cost of programs using one of these - defines will no longer compile. However, the vast majority of libcurl - programs that do multipart formposts use curl_formadd() to build this - list. - - Closes #506 + Discussed in #743 -- mbedtls: fix "Structurally dead code" +Steve Holme (1 Apr 2016) +- url: Corrected get protocol family for FTP and LDAP - CID 1332129 + Fixed copy/paste error from commit a5aec58726. -- mbedtls: fix "Logically dead code" +Jay Satiro (31 Mar 2016) +- strerror: don't bit shift a signed integer - CID 1332128 + Bug: https://github.com/curl/curl/issues/744 + Reported-by: Alexis La Goutte -- Revert "openssl: engine: remove double-free" - - This reverts commit 370ee919b37cc9a46c36428b2bb1527eae5db2bd. - - Issue #509 has all the details but it was confirmed that the crash was - not due to this, so the previous commit was wrong. +Daniel Stenberg (31 Mar 2016) +- http2: more documentation for prior knowledge -- curl.1: -E: s/private certificate/client certificate - - ... as the certificate is strictly speaking not private. - - Reported-by: John Levon +- [Diego Bes brought this change] -- openssl: engine: remove double-free + http2: support "prior knowledge", no upgrade from HTTP/1.1 - After a successful call to SSL_CTX_use_PrivateKey(), we must not call - EVP_PKEY_free() on the key. + Supports HTTP/2 over clear TCP - Reported-by: nased0 - Closes #509 - -Jay Satiro (27 Oct 2015) -- socks: Fix incorrect port numbers in failed connect messages - -Daniel Stenberg (26 Oct 2015) -- DISTRO-DILEMMA: removed + - Optimize switching to HTTP/2 by removing calls to init and setup + before switching. Switching will eventually call setup and setup calls + init. - Out of date and not kept accurate. It was sort of a problem of the past - anyway. - -- [xiangbin li brought this change] - - MacOSX-Framework: sdk regex fix for sdk 10.10 and later + - Supports new version to “force” the use of HTTP/2 over clean TCP - closes #507 + - Add common line parameter “--http2-prior-knowledge” to the Curl + command line tool. -Jay Satiro (24 Oct 2015) -- build: Fix support for PKG_CONFIG - - - Allow the user to use PKG_CONFIG but not PKGCONFIG. +- imap: remove duplicated function - Background: + The list and search response functions were identical! Merged into one + now. Detected by PVS Studio. - Last week in 14d5a86 a change was made to allow the user to set the - PKGCONFIG variable. Today in 72d99f2 I supplemented that to allow the - more common PKG_CONFIG as an alternative if PKGCONFIG is not set. - - Neither of those changes worked as expected because PKGCONFIG is - occasionally reset in configure and by the CURL_CHECK_PKGCONFIG macro. - Instead in this commit I take the approach that the user may set - PKG_CONFIG only. + Reported-by: Alexis La Goutte -- build: Fix mingw ssl gdi32 order - - - If mingw ssl make sure -lgdi32 comes after ssl libs +- SOCKS5_gssapi_negotiate: don't assume little-endian ints - - Allow PKG_CONFIG to set pkg-config location and options + The code copied one byte from a 32bit integer, which works fine as long + as the byte order is the same. Not a fine assumption. Reported by PVS + Studio. - Bug: https://github.com/bagder/curl/pull/501 - Reported-by: Kang Lin + Reported-by: Alexis La Goutte -Daniel Stenberg (23 Oct 2015) -- RELEASE-NOTES: synced with 03b6e078163f +- http: remove ((expression)) double parentheses -- polarssl/mbedtls: fix name space pollution +- Curl_add_buffer_send: avoid possible NULL dereference - Global private symbols MUST start with Curl_! - -- [Dmitry S. Baikov brought this change] - - mbedTLS: THREADING_SUPPORT compilation fix + ... as we check for a NULL pointer below, we move the derefence to after + the check. Detected by PVS Studio. - Closes #505 + Reported-by: Alexis La Goutte -- test1137: verify --ignore-content-length for FTP - -- curl.1: --ignore-content-length now works for FTP too +- file: remove duplicate checks of the same variable + + ... as it doesn't change in between. Deteced by PVS Studio. + + Reported-by: Alexis La Goutte -- [Kurt Fankhauser brought this change] +Steve Holme (30 Mar 2016) +- [Marcel Raad brought this change] - ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size + openssl: Fix compilation warnings - This allows FTP transfers with growing (or shrinking) files without - causing a transfer error. + When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE + && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++ + 14 complains: - Closes #480 + warning C4701: potentially uninitialized local variable 'palg' used + warning C4701: potentially uninitialized local variable 'psig' used -- CURLOPT_STREAM_WEIGHT.3: call argument 'weight' too +Daniel Stenberg (30 Mar 2016) +- multi: turn Curl_done into file local multi_done - ... and add a little example of what the weight actually means. "Relative - proportion of bandwidth". + ... as it now is used by multi.c only. -- http2: add stream options to dist and curl_easy_setopt.3 - -- http2: s/priority/weight +- multi: multi_reconnect_request is the former Curl_reconnect_request + + now a file local function in multi.c -- http2: on_frame_recv: trust the conn/data input +- multi: move Curl_do and Curl_do_done to multi.c and make static - Removed wrong assert()s + ... called multi_do and multi_do_done as they're file local now. + +Jay Satiro (29 Mar 2016) +- wolfssl: Use ECC supported curves extension - The 'conn' passed in as userdata can be used and there can be other - sessionhandles ('data') than the single one this checked for. + https://github.com/wolfSSL/wolfssl/issues/366 -- http2: added three stream prio/deps options +- build-wolfssl: Allow a broader range of ciphers (Visual Studio) - CURLOPT_STREAM_DEPENDS + This is an update to the build-time options used to build wolfSSL in + Visual Studio for greater compatibility, and make it behave similar to + the way OpenSSL 1.0.2 behaves. Starting in wolfSSL v3.6.6 static ciphers + and SSLv3 are disabled by default at build time, but we can use both. - CURLOPT_STREAM_DEPENDS_E + - Enable static cipher suites TLS_ECDH_ and TLS_RSA_. - CURLOPT_STREAM_PRIORITY - -- RELEASE-NOTES: synced with ace68fdc0cfed83d + - Enable SSLv3 hello. Though in libcurl we disable it by default at + runtime, we make it available so the user can manually select it if + necessary. -- [m-gardet brought this change] +Daniel Stenberg (29 Mar 2016) +- [Isaac Boukris brought this change] - mbedtls:new profile with RSA min key len = 1024. + GSS: make Curl_gss_log_error more verbose - Closes #502 - -- checksrc: add crude // detection - -Jay Satiro (21 Oct 2015) -- [Gisle Vanem brought this change] - - build: fix for MSDOS/djgpp + Also display the GSS_C_GSS_CODE (major code) when specified instead of + only GSS_C_MECH_CODE (minor code). - - Add a VPATH-statement for the vtls/*.c files. + In addition, the old code was printing a colon twice after the prefix + and also miscalculated the length of the buffer in between calls to + gss_display_status (the length of ": " was missing). - - Due to 'vtls/*.c', remove that subdir part from $(OBJECTS). - -Daniel Stenberg (20 Oct 2015) -- copyrights: update Gisle Vanem's email - -- vtls: fix compiler warning for TLS backends without sha256 + Also, gss_buffer is not guaranteed to be NULL terminated and thus need + to restrict reading by its length. - ... noticed with mbedTLS. - -- [Jonas Minnberg brought this change] + Closes #738 - vtls: added support for mbedTLS +- build: use roffit 0.11 feature - closes #496 + ... load file specified as argument. -Jay Satiro (19 Oct 2015) -- [Javier G. Sogo brought this change] - - cmake: Fix for add_subdirectory(curl) use-case - - - Use CURL_BINARY_DIR instead of CMAKE_BINARY_DIR. +- http2: set correct scheme in handler structs [regression] - When including CURL using add_subdirectory the variables - CMAKE_BINARY_DIR and CURL_BINARY_DIR hold different paths. + Since commit a5aec58 the handler schemes need to match for the + connections to be reused and for HTTP/2 multiplexing to work, reusing + connections is very important! - Closes https://github.com/bagder/curl/pull/488 - Closes https://github.com/bagder/curl/pull/498 + Closes #736 -Daniel Stenberg (18 Oct 2015) -- RELEASE-NOTES: synced with 4c773bcb474e +- hostip.c: minor white space edit for style + +- [Viktor Szakats brought this change] -- tests/FILEFORMAT: mention PSL as a valid feture to check for + TODO: use secure protocol in recently added URL - For example in test 1136 + Closes #733 -- teste1136: only run when PSL is enabled +- HTTP2.md: mention libressl and boringssl too -- curl: slist_wc: remove curl_memory.h inclusion - - ... that's for the library only. +- docs/HTTP-COOKIES: converted to markdown -- configure: add PSL to the list of features - - ... to make test 1014 work again after e77b5b7453. +- HTTP2: s/polarssl/mbedtls -- [Daniel Hwang brought this change] +Jay Satiro (28 Mar 2016) +- wolfssl: Add ALPN support - tool: Generate easysrc with last cache linked-list +- tool_operate: remove mixed declaration - Using a last cache linked-list improves the performance of easysrc - generation. - - Bug: https://github.com/bagder/curl/issues/444 - Ref: https://github.com/bagder/curl/issues/429 + This is a follow up to the previous commit. + +Daniel Stenberg (28 Mar 2016) +- curl: warn for --capath use if not supported by libcurl - Closes #452 + Closes #492 -- [Tim Rühsen brought this change] +- TODO: 2.5 Edge-triggered sockets should work - cookies: Add support for Mozilla's Publix Suffix List +- Makefile.am: skip the scripts dir - Use libpsl to check the domain value of Set-Cookie headers (and cookie - jar entries) for not being a Publix Suffix. + Skipping the scripts dir is primarily done for 'make install' so that it + does not attempt to install the zsh completion script as we've not yet + found a proper way to do/run that at install time. - The configure script checks for "libpsl" by default. Disable the check - with --without-libpsl. + By leaving the script dir's Makefile in place, a user can still opt to + run make install manually in there. - Ref: https://publicsuffix.org/ - Ref: https://github.com/publicsuffix/list - Ref: https://github.com/rockdaboot/libpsl - -- [Richard Hosking brought this change] + Closes #620 - curlbuild.h: Fix non-configure compiling to mips and sh4 targets - -- [Anders Bakken brought this change] +- CURLMOPT_SOCKETFUNCTION.3: describe the 'what' argument - http2: Don't pass unitialized name+len pairs to nghttp2_submit_request +- curl_multi_socket_action.3: mark the options properly - bug introduced by 18691642931e5c7ac8af83ac3a84fbcb36000f96. - - Closes #493 + ... to make them appear as links on the html version. -Dan Fandrich (16 Oct 2015) -- test1601: fix compilation with --enable-debug and --disable-crypto-auth +Steve Holme (27 Mar 2016) +- RELEASE-NOTES: Synced with f0bdd72c10 -Daniel Stenberg (16 Oct 2015) -- multi: fix off-by-one finit[] array size +- http_ntlm: Renamed from curl_ntlm.[c|h] - introduced in c6aedf680f6. It needs to be CURLM_STATE_LAST big since it - must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST - is 19 right now. + Renamed the header and source files for this module as they are HTTP + specific and as such, they should use the naming convention as other + HTTP authentication source files do - this revert commit 260ee6b7bf. - Reported-by: Dan Fandrich - Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html + Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind + code needs separating from the HTTP protocol and migrating into the + vauth directory, thus adding support for Winbind to the SASL based + protocols such as IMAP, POP3 and SMTP. -- fread_func: move callback pointer from set to state struct - - ... and assign it from the set.fread_func_set pointer in the - Curl_init_CONNECT function. This A) avoids that we have code that - assigns fields in the 'set' struct (which we always knew was bad) and - more importantly B) it makes it impossibly to accidentally leave the - wrong value for when the handle is re-used etc. - - Introducing a state-init functionality in multi.c, so that we can set a - specific function to get called when we enter a state. The - Curl_init_CONNECT is thus called when switching to the CONNECT state. - - Bug: https://github.com/bagder/curl/issues/346 +Daniel Stenberg (27 Mar 2016) +- [marquis-de-muesli brought this change] + + docs: curlinfo_filetime sftp support, new curlopt_quote "statvfs" - Closes #346 + Closes #677 -Dan Fandrich (14 Oct 2015) -- test1531: case the size to fix the test on non-largefile builds +- [marquis-de-muesli brought this change] -Daniel Stenberg (13 Oct 2015) -- acinclude: remove PKGCONFIG override - - ... and allow it to get set by a caller easier. + SSH: new CURLOPT_QUOTE command "statvfs" - Reported-by: Rainer Jung - Bug: http://curl.haxx.se/mail/lib-2015-10/0035.html + usage: "statvfs path" + returns remote file system statistics -Dan Fandrich (12 Oct 2015) -- docs/INSTALL: Updated example minimal binary sizes +- [marquis-de-muesli brought this change] -Daniel Stenberg (11 Oct 2015) -- [Erik Johansson brought this change] + SSH: support CURLINFO_FILETIME - openssl: Fix set up of pkcs12 certificate verification chain - - sk_X509_pop will decrease the size of the stack which means that the loop would - end after having added only half of the certificates. - - Also make sure that the X509 certificate is freed in case - SSL_CTX_add_extra_chain_cert fails. +- [Karlson2k brought this change] -- ntlm: error out without 64bit support as the code needs it + sshserver.pl: use quotes for given options - It makes it a clearer message for developers reaching that point without - the necessary support. + Fixed failed redirection of stderr with some options. At least on Msys2, + perl fails to redirect stderr if $value contains newline or other weird + characters. + +Jay Satiro (26 Mar 2016) +- url: don't use bad offset in tld_check_name to show error - Thanks-by: Jay Satiro + libidn's tld_check_lz returns an error offset of the first character + that it failed to process, however that offset is not a byte offset and + may not even be in the locale encoding therefore we can't use it to show + the user the character that failed to process. - Closes #78 + Bug: https://github.com/curl/curl/issues/731 + Reported-by: Karlson2k -- curl_global_init: set the memory function pointers correct +Steve Holme (26 Mar 2016) +- http_negotiate: Combine GSS-API and SSPI source files - follow-up from 6f8ecea0 + As the GSS-API and SSPI based source files are no longer library/API + specific, following the extraction of that authentication code to the + vauth directory, combine these files rather than maintain two separate + versions. -- curl_global_init_mem: set function pointers before doing init +- vauth: Moved the Negotiate authentication code to the new vauth directory - ... as in the polarssl TLS backend for example it uses memory functions. + Part 2 of 2 - Moved the GSS-API based Negotiate authentication code. -Jay Satiro (9 Oct 2015) -- http2: Fix http2_recv to return -1 if recv returned -1 +- vauth: Moved the Negotiate authentication code to the new vauth directory - If the underlying recv called by http2_recv returns -1 then that is the - value http2_recv returns to the caller. - -Daniel Stenberg (8 Oct 2015) -- [Svyatoslav Mishyn brought this change] + Part 1 of 2 - Moved the SSPI based Negotiate authentication code. - curl_easy_recv.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET +- warnless.h: Removed spurious character from commit 696bc6b9c9 - Closes #479 + Not picked up by checksrc or Visual Studio but my own code review, this + would haven broken Intel based Unix builds - Perhaps I should learn to + type on my laptop's keyboard before committing! -- [Svyatoslav Mishyn brought this change] - - curl_easy_send.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET - -- [Svyatoslav Mishyn brought this change] +- schannel: Fixed compilation warning from commit f8d88a4913 + + warning C4244: '=': conversion from 'int' to 'unsigned short', possible + loss of data - CURLOPT_CONNECT_ONLY.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET +- warnless?: Added some integer based conversion functions -- CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO +Daniel Stenberg (25 Mar 2016) +- [Dusty Mabe brought this change] -- ntlm: get rid of unconditional use of long long - - ... since some compilers don't have it and instead use other types, such - as __int64. + docs/TODO: Add feature request for metalink in HTTP headers - Reported by: gkinseyhpw - Closes #478 + Closes #729 + Closes #728 -Jay Satiro (8 Oct 2015) -- [Anders Bakken brought this change] +Steve Holme (25 Mar 2016) +- build: Corrected typos from commit 70e56939aa - des: Fix header conditional for Curl_des_set_odd_parity +- vauth: Refactored function names after move to new vauth directory - Follow up to 613e502. + Renamed all the SASL functions that moved to the new vauth directory to + include the correct module name. -Daniel Stenberg (7 Oct 2015) -- configure: build silently by default +- vauth: Updated the copyright year after recent changes - 'make V=1' will make the build verbose like before + As most of this work was performed in 2015 but not pushed until 2016 + updated the copyright year to reflect the public facing changes. -- bump: start climbing toward 7.46.0 +- vauth: Moved the OAuth 2.0 authentication code to the new vauth directory -- RELEASE-PROCEDURE: add the github HTTPS download step +- vauth: Moved the NTLM authentication code to the new vauth directory -Version 7.45.0 (7 Oct 2015) +- vauth: Moved the Kerberos V5 authentication code to the new vauth directory -Daniel Stenberg (7 Oct 2015) -- THANKS: 19 new contributors from the 7.45.0 announcement +- digest.c: Fixed checksrc warnings -- RELEASE-NOTES: synced with 69ea57970080 +- vauth: Moved the DIGEST authentication code to the new vauth directory -Jay Satiro (4 Oct 2015) -- getinfo: Fix return code for unknown CURLINFO options - - - If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION. - - Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on - unknown. That return value is contradicted by the CURLINFO option - documentation which specifies a return of CURLE_UNKNOWN_OPTION on - unknown. +- vauth: Moved the CRAM-MD5 authentication code to the new vauth directory -- [rouzier brought this change] +- vauth: Moved the ClearText authentication code to the new vauth directory - hiperfifo: fix the pointer passed to WRITEDATA - - Closes https://github.com/bagder/curl/pull/471 +- vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files -- [Maksim Stsepanenka brought this change] +- checksrc.bat: Added support for checking the new vauth directory - tool_setopt: fix c_escape truncated octal +- build: Updated all makefiles and project files for the new vauth directory - Closes https://github.com/bagder/curl/pull/469 + Updated the makefiles and Visual Studio project files to support moving + the authentication code to the new lib/vauth directory that was started + in commit 0d04e859e1. -Daniel Stenberg (1 Oct 2015) -- [Orange Tsai brought this change] +Daniel Stenberg (24 Mar 2016) +- [JDepooter brought this change] - gopher: don't send NUL byte + schannel: Add ALPN support - Closes #466 - -Jay Satiro (29 Sep 2015) -- runtests: Fix pid check in checkdied + Add ALPN support for schannel. This allows cURL to negotiate + HTTP/2.0 connections when built with schannel. - Because the 'not' operator has a very low precedence and as a result the - entire statement was erroneously negated and could never be true. - -Daniel Stenberg (30 Sep 2015) -- [Thorsten Schöning brought this change] - - win32: make recent Borland compilers use long long - -- RELEASE-NOTES: synced with 69b89050d4 + Closes #724 -Jay Satiro (28 Sep 2015) -- [Michael Kalinin brought this change] +Steve Holme (24 Mar 2016) +- http: Minor update based on CODE_STYLE guidelines - openssl: Fix algorithm init - - - Change algorithm init to happen after OpenSSL config load. +Daniel Stenberg (23 Mar 2016) +- multi: fix "Operation timed out after" timer - Additional algorithms may be available due to the user's config so we - initialize the algorithms after the user's config is loaded. + Use the local, reasonably updated, 'now' value when creating the message + string to output for the timeout condition. - Bug: https://github.com/bagder/curl/issues/447 - Reported-by: Denis Feklushkin + Fixes #619 -- [Svyatoslav Mishyn brought this change] - - docs: fix unescaped '\n' in man pages +- openssl: boringssl provides the same numbering as openssl - Closes https://github.com/bagder/curl/pull/459 - -Daniel Stenberg (27 Sep 2015) -- http2: set TCP_NODELAY unconditionally + ... so we don't need extra boringssl precautions for for + HAVE_ERR_REMOVE_THREAD_STATE_NOARG. - For a single-stream download from localhost, we managed to increase - transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of - this single fix. + Pointed-out-by: David Benjamin -- http2: avoid superfluous Curl_expire() calls +- openssl: fix ERR_remove_thread_state() for boringssl/libressl - ... only call it when there is data arriving for another handle than the - one that is currently driving it. + The removed arg is only done in OpenSSL - Improves single-stream download performance quite a lot. - - Thanks-to: Tatsuhiro Tsujikawa - Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html - -- readwrite_data: set a max number of loops - - ... as otherwise a really fast pipe can "lock" one transfer for some - protocols, like with HTTP/2. + Bug: https://twitter.com/xtraemeat/status/712564874098917376 -- [Sergei Nikulov brought this change] +- bump: work on 7.48.1 - CI: Added AppVeyor-CI for curl +- RELEASE-PROCEDURE: mention the github release tag edit - Closes #439 + ... and update the coming release dates a bit -- FTP: fix uploading ASCII with unknown size +Steve Holme (23 Mar 2016) +- checksrc.bat: Updated the help to be consistent with generate.bat - ... don't try to increase the supposed file size on newlines if we don't - know what file size it is! - - Patch-by: lzsiga + Follow up to commit a8c7f0fcbf prior to release. -- [Tatsuhiro Tsujikawa brought this change] +Version 7.48.0 (23 Mar 2016) - build: fix failures with -Wcast-align and -Werror - - Closes #457 +Daniel Stenberg (23 Mar 2016) +- RELEASE-NOTES: curl 7.48.0 -- [Tatsuhiro Tsujikawa brought this change] +- THANKS: 15 new contributors from 7.48.0 release - curl-confopts.m4: Add missing ')' - - ... for CURL_CHECK_OPTION_RT +Jay Satiro (23 Mar 2016) +- CURLINFO_TLS_SSL_PTR.3: Warn about limitations - Closes #456 - -Jay Satiro (25 Sep 2015) -- curl_easy_getinfo.3: Add brief description for each CURLINFO - -Daniel Stenberg (23 Sep 2015) -- [Jakub Zakrzewski brought this change] + Bug: https://github.com/curl/curl/issues/685 - CMake: Ensure discovered include dirs are considered +Daniel Stenberg (22 Mar 2016) +- Revert "sshserver: remove use of AuthorizedKeysFile2" - ...during header checks. Otherwise some following header tests - (incorrectly) fail. + It seems we may have some autobuild problems after this commit went + in. Trying to see if a revert helps to get them back. - Closes #436 - -- [Jakub Zakrzewski brought this change] + This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642. - CMake: Put "winsock2.h" before "windows.h" during configure checks +- maketgz: add -j to make dist - "windows.h" includes "winsock.h" what causes many redefinition errors - if "winsock2.h" is included afterwards and can cause build to fail. + ... makes it a lot faster -- tests: disable 1510 due to CI-problems on github +- libcurl-thread.3: minor nroff format fix -- [Mike Crowe brought this change] +- CURLINFO_TLS_SSL_PTR.3: minor nroff format fix - gnutls: Report actual GnuTLS error message for certificate errors - - If GnuTLS fails to read the certificate then include whatever reason it - provides in the failure message reported to the client. +- CODE_STYLE: indend example code - Signed-off-by: Mike Crowe - -- RELEASE-NOTES: synced with 6b56901b56e - -- [Mike Crowe brought this change] + ... to make it look nicer in markdown outputa - gnutls: Support CURLOPT_KEYPASSWD - - The gnutls vtls back-end was previously ignoring any password set via - CURLOPT_KEYPASSWD. Presumably this was because - gnutls_certificate_set_x509_key_file did not support encrypted keys. +Jay Satiro (22 Mar 2016) +- build-wolfssl: Update VS properties for wolfSSL v3.9.0 - gnutls now has a gnutls_certificate_set_x509_key_file2 function that - does support encrypted keys. Let's determine at compile time whether the - available gnutls supports this new function. If it does then use it to - pass the password. If it does not then emit a helpful diagnostic if a - password is set. This is preferable to the previous behaviour of just - failing to read the certificate without giving a reason in that case. + - Do not use wolfSSL's sample user-setting files. - Signed-off-by: Mike Crowe - -- CURLINFO_TLS_SESSION: always return backend info + wolfSSL starting in v3.9.0 has added their own sample user settings that + are applied by default, but we don't use them because we have our own + settings. - ... even for those that don't support providing anything in the - 'internals' struct member since it offers a convenient way for - applications to figure this out. - -- [Daniel Hwang brought this change] - - tool: remove redundant libcurl check + - Do not use wolfSSL's Visual Studio Unicode character setting. - The easysrc generation is run only when --libcurl is initialized. + wolfSSL Visual Studio projects use the Unicode character set however our + settings and options imitate mingw build which does not use the Unicode + character set. This does not appear to have any effect at the moment but + better safe than sorry. - Ref: https://github.com/bagder/curl/issues/429 - Closes #448 - -- [Richard van den Berg brought this change] + These changes are backwards compatible with earlier versions. - CURLOPT_PROXY.3: A proxy given as env variable gets no special treatment +Steve Holme (22 Mar 2016) +- hostip6: Fixed compilation warnings when verbose strings disabled - Closes #449 - -- TODO: 5.7 More compressions + warning C4189: 'data': local variable is initialized but not referenced - Like for example brotli, as being implemented in Firefox now. + ...and some minor formatting/spacing changes. -Jay Satiro (21 Sep 2015) -- tool_operate: Don't call easysrc cleanup unless --libcurl - - - Review of 4d95491. - - The author changed it so easysrc only initializes when --libcurl but did - not do the same for the call to easysrc cleanup. +Daniel Stenberg (21 Mar 2016) +- sshserver: remove use of AuthorizedKeysFile2 - Ref: https://github.com/bagder/curl/issues/429 - -Daniel Stenberg (20 Sep 2015) -- [Viktor Szakats brought this change] - - CURLOPT_PINNEDPUBLICKEY.3: replace test.com with example.com + Support for the (undocumented) AuthorizedKeysFile2 was removed in + OpenSSH 5.9, released in September 2011 - closes #443 + Closes #715 -- KNOWN_BUGS: 91 "curl_easy_perform hangs with imap and PolarSSL" +Steve Holme (20 Mar 2016) +- connect/ntlm/http: Fixed compilation warnings when verbose strings disabled - Closes #334 - -- KNOWN_BUGS: add link to #85 + warning C4189: 'data': local variable is initialized but not referenced -- tests: disable 1801 until fixed - - It is unreliable and causes CI problems on github +- openssl: Fixed compilation warning when /Wall enabled - Closes #380 - -- RELEASE-NOTES: synced with 4d95491636ee - -- [Daniel Lee Hwang brought this change] + warning C4706: assignment within conditional expression - tool: generate easysrc only on --libcurl - - Code should only be generated when --libcurl is used. +- CODE_STYLE: Use boolean conditions - Bug: https://github.com/bagder/curl/issues/429 - Reported-by: @greafhe, Jay Satiro + Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions. - Closes #429 - Closes #442 + Additionally, corrected some example code to adhere to the recommended + coding style. -Jay Satiro (19 Sep 2015) -- vtls: Change designator name for server's pubkey hash - - - Change the designator name we use to show the base64 encoded sha256 - hash of the server's public key from 'pinnedpubkey' to - 'public key hash'. +- inet_pton.c: Fixed compilation warnings - Though the server's public key hash is only shown when comparing pinned - public key hashes, the server's hash may not match one of the pinned. + warning: conversion to 'unsigned char' from 'int' may alter its value -Daniel Stenberg (19 Sep 2015) -- [Isaac Boukris brought this change] +Daniel Stenberg (19 Mar 2016) +- RELEASE-NOTES: synced with 80851028efc2fa9 - NTLM: Reset auth-done when using a fresh connection +- mbedtls: fix compiler warning - With NTLM a new connection will always require authentication. - Fixes #435 + vtls/mbedtls.h:67:36: warning: implicit declaration of function + ‘mbedtls_sha256’ [-Wimplicit-function-declaration] -- [Daniel Hwang brought this change] +Steve Holme (19 Mar 2016) +- easy: Minor coding standard and style updates + + Following commit c5744340db. Additionally removes the need for a second + 'result code' variable as well. - ssl: add server cert's "sha256//" hash to verbose +Jay Satiro (19 Mar 2016) +- easy: Remove poll failure check in easy_transfer - Add a "pinnedpubkey" section to the "Server Certificate" verbose + .. because curl_multi_wait can no longer signal poll failure. - Bug: https://github.com/bagder/curl/issues/410 - Reported-by: W. Mark Kubacki + follow-up to 77e1726 - Closes #430 - Closes #410 - -- [Jakub Zakrzewski brought this change] + Bug: https://github.com/curl/curl/issues/707 - openldap: only part of LDAP query results received +Steve Holme (19 Mar 2016) +- build: Added missing Visual Studio filter files for VC10 onwards - Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f + As these files don't need to contain references to the source files, + although typically do, added basic files which only include three + filters and don't require the project file generator to be modified. - Closes #440 - -- [Alessandro Ghedini brought this change] - - openssl: don't output certinfo data + These files allow the source code to be viewed in the Solution Explorer + in versions of Visual Studio from 2010 onwards in the same manner as + previous versions did rather than one large view of files. -- [Alessandro Ghedini brought this change] +- ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled + + warning C4706: assignment within conditional expression - openssl: refactor certificate parsing to use OpenSSL memory BIO +- config-w32.h: Fixed compilation warning when /Wall enabled - Fixes #427 + warning C4668: 'USE_IPV6' is not defined as a preprocessor macro, + replacing with '0' for '#if/#elif' -Kamil Dudka (18 Sep 2015) -- nss: prevent NSS from incorrectly re-using a session +- imap.c: Fixed compilation warning with /Wall enabled + + warning C4701: potentially uninitialized local variable 'size' used - Without this workaround, NSS re-uses a session cache entry despite the - server name does not match. This causes SNI host name to differ from - the actual host name. Consequently, certain servers (e.g. github.com) - respond by 400 to such requests. + Technically this can't happen, as the usage of 'size' is protected by + 'if(parsed)' and 'parsed' is only set after 'size' has been parsed. - Bug: https://bugzilla.mozilla.org/1202264 + Anyway, lets keep the compiler happy. -- nss: check return values of NSS functions +- KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms -Daniel Stenberg (17 Sep 2015) -- CURLOPT_PINNEDPUBLICKEY.3: mention error code +Daniel Stenberg (18 Mar 2016) +- bump: the coming release is 7.48.0 -- openssl: build with < 0.9.8 +- configure: use cpp -P when needed - ... without sha256 support and no define saying so. + Since gcc 5, the processor output can get split up on multiple lines + that made the configure script fail to figure out values from + definitions. The fix is to use cpp -P, and this fix now first checks if + cpp -P is necessary and then if cpp -P works before it uses that to + extract defined values. - Reported-by: Rajkumar Mandal + Fixes #719 -- libcurl-errors.3: add two missing error codes +Steve Holme (18 Mar 2016) +- formdata.c: Fixed compilation warning - CURLE_SSL_PINNEDPUBKEYNOTMATCH and CURLE_SSL_INVALIDCERTSTATUS - -Jay Satiro (14 Sep 2015) -- CURLOPT_PINNEDPUBLICKEY.3: Improve pubkey extraction example + formdata.c:390: warning: cast from pointer to integer of different size - - Show how a certificate can be obtained using OpenSSL. + Introduced in commit ca5f9341ef this happens because a char*, which is + 32-bits wide in 32-bit land, is being cast to a curl_off_t which is + 64-bits wide where 64-bit integers are supported by the compiler. - Bug: https://github.com/bagder/curl/pull/430 - Reported-by: Daniel Hwang - -Daniel Stenberg (13 Sep 2015) -- http2: removed unused function - -- CURLINFO_ACTIVESOCKET.3: mention it replaces *LASTSOCKET - -- opts: add CURLINFO_* man pages to dist - -- opts: 19 more CURLINFO_* options made into stand-alone man pages - -- RELEASE-NOTES: synced with fad9604613 + This doesn't happen in 64-bit land as a pointer is the same size as a + curl_off_t. + + This fix doesn't address the fact that a 64-bit value cannot be used + for CURLFORM_CONTENTLEN when set in a form array and compiled on a + 32-bit platforms, it does at least suppress the compilation warning. -- curl: customrequest_helper: deal with NULL custom method +Daniel Stenberg (18 Mar 2016) +- FAQ: 2.5 Install libcurl for both 32bit and 64bit? -- [Svyatoslav Mishyn brought this change] +- [Gisle Vanem brought this change] - CURLOPT_FNMATCH_FUNCTION.3: fix typo + openssl: adapt to API breakage in ERR_remove_thread_state() - s => is + The OpenSSL API change that broke this is "Convert ERR_STATE to new + multi-threading API": openssl commit 8509dcc. - Closes #428 + Closes #713 -- curl: point out unnecessary uses of -X in verbose mode - - It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take - down the tone a bit. +- version: init moved to private name space, added protos - It adds a warning for using -XHEAD on other methods becasue that may - lead to a hanging connection. + follow-up to 80015cdd52145 -Jay Satiro (10 Sep 2015) -- curl_sspi: fix possibly undefined CRYPT_E_REVOKED +- openssl: verbose: show matching SAN pattern - Bug: https://github.com/bagder/curl/pull/411 - Reported-by: Viktor Szakats - -- buildconf.bat: fix syntax error - -- [Benjamin Kircher brought this change] - - winbuild: run buildconf.bat if necessary + ... to allow users to see which specfic wildcard that matched when such + is used. + + Also minor logic cleanup to simplify the code, and I removed all tabs + from verbose strings. -- [Svyatoslav Mishyn brought this change] +Jay Satiro (16 Mar 2016) +- version: thread safety - docs: fix argument type for CURLINFO_SPEED_*, CURLINFO_SIZE_* +Steve Holme (16 Mar 2016) +- transfer: Removed redundant HTTP authentication include files - long => double + It would also seem that share.h is not required here either as there + are no references to the Curl_share structure or functions. -Daniel Stenberg (8 Sep 2015) -- [Sergei Nikulov brought this change] +- easy: Removed redundant HTTP authentication include files - cmake: IPv6 : disable Unix header check on Windows platform +Jay Satiro (15 Mar 2016) +- CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support - Closes #409 + Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html + Reported-by: Oliver Graute -- parse_proxy: reject illegal port numbers - - If the port number in the proxy string ended weirdly or the number is - too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 - numerical address is used without enclosing brackets. - - Also mention the bracket requirement for IPv6 numerical addresses to the - man page for CURLOPT_PROXY. - - Closes #415 - - Reported-by: Marcel Raad +Steve Holme (15 Mar 2016) +- curl_sasl: Minor code indent fixes -- FTP: do_more: add check for wait_data_conn in upload case - - In some timing-dependnt cases when a 4xx response immediately followed - after a 150 when a STOR was issued, this function would wrongly return - 'complete == true' while 'wait_data_conn' was still set. - - Closes #405 +Daniel Stenberg (14 Mar 2016) +- runtests: mention when run event-based + +- easy: add check to malloc() when running event-based - Reported-by: Patricia Muscalu + ... to allow torture tests then too. -- [Svyatoslav Mishyn brought this change] +- memdebug: skip logging the limit countdown, fflush when reached - CURLOPT_TLSAUTH_TYPE.3: update description +- CODE_STYLE: Space around operators - Closes #414 - Closes #413 - -- [Svyatoslav Mishyn brought this change] + As just discussed on the mailing list, also document how we prefer + spacing in expressions. - CURLOPT_PATH_AS_IS.3: fix typo +- curl: glob_range: no need to check unsigned variable for negative - leavit => leaveit + cppcheck warned: - closes #412 - -- [Svyatoslav Mishyn brought this change] - - CURLINFO_SSL_VERIFYRESULT.3: add short description + [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n' + is less than zero. -- [Svyatoslav Mishyn brought this change] +- CODE_STYLE: add example for indent style as well - CURLINFO_SSL_ENGINES.3: add short description +- CODE_STYLE: mention braces for functions too -- [Svyatoslav Mishyn brought this change] +- docs/Makefile.am: include CODE_STYLE in tarball too - CURLINFO_CONTENT_LENGTH_UPLOAD.3: replace "receive" with "get" for consistency +- CONTRIBUTE: moved out code style to a separate document -- [Svyatoslav Mishyn brought this change] +- CODE_STYLE: initial version + + Ripped out from CONTRIBUTE into its own document, but also extended from + there. - CURLINFO_REDIRECT_TIME.3: remove redundant '!' +- curl_sasl.c: minor code indent fixes -Kamil Dudka (4 Sep 2015) -- Revert "has: generate the curl/has.h header" +- multi: simplified singlesocket - This reverts commit a60bde79f9adeb135d5c642a07f0d783fbfbbc25 I have - pushed by mistake. Apologies for my incompetent use of the git repo! + Since sh_getentry() now checks for invalid sockets itself and by + narrowing the scope of the remove_sock_from_hash variable. -- nss: do not directly access SSL_ImplementedCiphers[] - - It causes dynamic linking issues at run-time after an update of NSS. +- multi: introduce sh_getentry() for looking up sockets in the sockhash - Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html + Simplify the code by using a single entry that looks for a socket in the + socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD + at some point and that is ineffective/wrong and this makes it easier to + avoid that. -- [Daniel Stenberg brought this change] +- [Jaime Fullaondo brought this change] - has: generate the curl/has.h header + multi hash: ensure modulo performed on curl_socket_t - changed macro name, moved and renamed script to become docs/libcurl/has.pl, - generate code that is checksrc compliant - -Daniel Stenberg (3 Sep 2015) -- gitignore: ignore more generated VC Makefiles + Closes #712 -- projects/Windows/.gitignore: ignore generated files for release +Steve Holme (13 Mar 2016) +- base64: Minor coding standard and style updates -- http2: don't pass on Connection: headers - - RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an - HTTP/2 message containing connection-specific header fields; any message - containing connection-specific header fields MUST be treated as - malformed" - - Closes #401 +- base64: Use 'CURLcode result' for curl result codes -- curl.1: update RFC references +- negotiate: Use 'CURLcode result' for curl result codes -- CURLOPT_POSTREDIR.3: update RFC number and section +Daniel Stenberg (13 Mar 2016) +- [Maksim Kuzevanov brought this change] -- CURLOPT_FOLLOWLOCATION.3: mention methods for redirects + multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT - and some general cleaning up - -- [Marcel Raad brought this change] + Closes #703 - inet_pton.c: Fix MSVC run-time check failure (2) - - This fixes another run-time check failure because of a narrowing cast on - Visual C++. - - Closes #408 +- TODO: Use the RFC6265 test suite -Jay Satiro (3 Sep 2015) -- docs: Warn about any-domain cookies and multiple transfers - - - Warn that cookies without a domain are sent to any domain: - CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie - - - Note that imported Set-Cookie cookies without a domain are no longer - exported: - CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar +Steve Holme (13 Mar 2016) +- checksrc.bat: Added the ability to scan src and lib source independently -Steve Holme (2 Sep 2015) -- tool_sdecls.h: Fixed compilation warning from commit 4a889441d3 +- digest: Use boolean based success code for Curl_sasl_digest_get_pair() - tool_sdecls.h:139 warning: comma at end of enumerator list - -Daniel Stenberg (2 Sep 2015) -- opts: 8 more CURLINFO* options as stand-alone man pages + Rather than use a 0 and 1 integer base result code use a TRUE / FALSE + based success code. -- RELEASE-NOTES: synced with c764cb4add1a8 +- digest: Corrected some typos in comments -- man-pages: more SEE ALSO links +- krb5: Corrected some typos in function descriptions -- opts: more CURLINFO_* options as stand-alone man pages +- ntlm: Corrected some typos in function descriptions -Steve Holme (31 Aug 2015) -- sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled - - Introduced in commit 59f3f92ba6 this function is only implemented when - CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define - the function in the header file either. +- url: Corrected indentation when calling idna_to_ascii_lz() -- sasl: Updated SPN variables and comments for consistency +- idn_win32: Use boolean based success codes - In places the "host name" and "realm" variable was referred to as - "instance" whilst in others it was referred to as "host". + Rather than use 0 and 1 integer base result codes use a FALSE / TRUE + based success code. -Daniel Stenberg (30 Aug 2015) -- configure: check for HMAC_Update in openssl - - Turns out HMAC_Init is now deprecated in openssl master (and I spelled - HMAC_Init_ex wrong in previous commit) +Daniel Stenberg (10 Mar 2016) +- idn_win32.c: warning: Trailing whitespace -Steve Holme (30 Aug 2015) -- win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by default +Steve Holme (10 Mar 2016) +- idn_win32.c: Fixed compilation warning from commit 9e7fcd4291 - Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native - Windows builds don't use the autoconf tools. + warning C4267: 'function': conversion from 'size_t' to 'int', + possible loss of data -- des: Fixed compilation warning from commit 613e5022fe - - curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined; - assuming extern returning int +Daniel Stenberg (10 Mar 2016) +- THANKS-filter: unify Michael König -- buildconf.bat: Fixed double blank line in 'curl manual' warning output +- RELEASE-NOTES: synced with 863c5766dd -- makefiles: Added our standard copyright header +- ftp: remove a check for NULL(!) - But kept the original author, when they were specified in a comment, as - the initial copyright holder. - -Jay Satiro (29 Aug 2015) -- CURLOPT_FILETIME.3: CURLINFO_FILETIME has its own manpage now - -Daniel Stenberg (29 Aug 2015) -- CURLINFO_RESPONSE_CODE.3: added short description - -- opts: 7 initial CURLINFO_* options as stand-alone man pages - -- [Nikolai Kondrashov brought this change] + ... as it implies we need to check for that on all the other variable + references as well (as Coverity otherwise warns us for missing NULL + checks), and we're alredy making sure that the pointer is never NULL. - libcurl.m4: Put braces around empty if body +- cookies: first n/v pair in Set-Cookie: is the cookie, then parameters - Put braces around empty "if" body in libcurl.m4 check to avoid warning: + RFC 6265 section 4.1.1 spells out that the first name/value pair in the + header is the actual cookie name and content, while the following are + the parameters. - suggest braces around empty body in an 'if' statement + libcurl previously had a more liberal approach which causes significant + problems when introducing new cookie parameters, like the suggested new + cookie priority draft. - and make it work with -Werror builds. + The previous logic read all n/v pairs from left-to-right and the first + name used that wassn't a known parameter name would be used as the + cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be + a cookie named 'person' while an RFC 6265 compliant parser should + consider that to be a cookie named 'Max-Age' with an (unknown) parameter + 'person'. - Closes #402 - -- [Svyatoslav Mishyn brought this change] + Fixes #709 - curl_easy_escape.3: escape '\n' - - Closes #398 +- krb5: improved type handling to avoid clang compiler warnings -- [Svyatoslav Mishyn brought this change] +- url.c: fix clang warning: no newline at end of file - curl_easy_{escape,setopt}.3: fix example +- curl_multi_wait: never return -1 in 'numfds' - remove redundant '}' - -- [Sergei Nikulov brought this change] - - cmake: added Windows SSL support + Such a return value isn't documented but could still happen, and the + curl tool code checks for it. It would happen when the underlying + Curl_poll() function returns an error. Starting now we mask that error + as a user of curl_multi_wait() would have no way to handle it anyway. - Closes #399 + Reported-by: Jay Satiro + Closes #707 -- curl: point out the conflicting HTTP methods if used - - It isn't always clear to the user which options that cause the HTTP - methods to conflict so by spelling them out it should hopefully be - easier to understand why curl complains. +- HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link -- curl: clarify that users can only specify one _METHOD_ +- curl_multi_wait.3: add example -- [Svyatoslav Mishyn brought this change] - - curl_easy_{escape,unescape}.3: "char *" vs. "const char *" +Steve Holme (8 Mar 2016) +- imap/pop3/smtp: Fixed connections upgraded with TLS are not reused - Closes #395 - -Patrick Monnerat (24 Aug 2015) -- os400: include new options in wrappers and update ILE/RPG binding. - -Daniel Stenberg (24 Aug 2015) -- KNOWN_BUGS: #2, not reading a HEAD response-body is not a bug + Regression since commit 710f14edba. - ... since HTTP is forbidden to return any such. - -- KNOWN_BUGS: #78 zero-length files is already fixed! - -- [Razvan Cojocaru brought this change] + Bug: https://github.com/curl/curl/issues/422 + Reported-by: Justin Ehlert - getinfo: added CURLINFO_ACTIVESOCKET +Jay Satiro (8 Mar 2016) +- opt-docs: fix heading macros - This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64 - bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable. + ..SH should be .SH - Signed-off-by: Razvan Cojocaru + Bug: https://github.com/curl/curl/issues/705 + Reported-by: Eric S. Raymond -- http2: remove dead code - - Leftovers from when we removed the private socket hash. - - Coverity CID 1317365, "Logically dead code" +Kamil Dudka (8 Mar 2016) +- [Tim Rühsen brought this change] -- ntlm: mark deliberate switch case fall-through + cookie: do not refuse cookies for localhost - Coverity CID 1317367, "Missing break in switch" + Closes #658 -- http2: on_frame_recv: get a proper 'conn' for the debug logging +Daniel Stenberg (8 Mar 2016) +- ftp_done: clear tunnel_state when secondary socket closes - "Explicit null dereferenced (FORWARD_NULL)" + Introducing a function for closing the secondary connection to make this + bug less likely to happen again. - Coverity CID 1317366 - -- RELEASE-NOTES: synced with 2acaf3c804 - -Dan Fandrich (23 Aug 2015) -- tool: fix memory leak with --proto-default option + Reported-by: daboul + Closes #701 -Jay Satiro (22 Aug 2015) -- [Nathaniel Waisbrot brought this change] +- [Gisle Vanem brought this change] - CURLOPT_DEFAULT_PROTOCOL: added - - - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default - protocol for schemeless URLs. - - - Add new tool option --proto-default to expose - CURLOPT_DEFAULT_PROTOCOL. - - In the case of schemeless URLs libcurl will behave in this way: - - When the option is used libcurl will use the supplied default. - - When the option is not used, libcurl will follow its usual plan of - guessing from the hostname and falling back to 'http'. + openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages -- runtests: Allow for spaces in server-verify curl custom path +- HTTP2.md: HTTP/2 by default for curl's HTTPS connections -Daniel Stenberg (22 Aug 2015) -- NTLM: recent boringssl brought DES_set_odd_parity back - - ... so improve the #ifdefs for using our local implementation. +- [Anders Bakken brought this change] -- configure: detect latest boringssl - - Since boringssl brought back DES_set_odd_parity again, it cannot be used - to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define - seems better anyway. - - URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/ - Original-patch-by: Bertrand Simonnet + pipeline: Sanity check pipeline pointer before accessing it. - Closes #393 - -- configure: change functions to detect openssl (clones) + I got a crash with this stack: - ... since boringssl moved the former ones and the check started to fail. + curl/lib/url.c:2873 (Curl_removeHandleFromPipeline) + curl/lib/url.c:2919 (Curl_getoff_all_pipelines) + curl/lib/multi.c:561 (curl_multi_remove_handle) + curl/lib/url.c:415 (Curl_close) + curl/lib/easy.c:859 (curl_easy_cleanup) - URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/ - Original-patch-by: Bertrand Simonnet + Closes #704 -- [Alessandro Ghedini brought this change] +- HTTP2.md: mention the disable ALPN and NPN options - openssl: handle lack of server cert when strict checking disabled +- TODO: 17.12 keep running, read instructions from pipe/socket - If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER - and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server - doesn't present a certificate at all. + And delete trailing whitespace + And rename section 17 to "command line tool" from "client" - Closes #392 + Closes #702 -- ftp: clear the do_more bit when the server has connected +- README.md: linkified - The multi state machine would otherwise go into the DO_MORE state after - DO, even for the case when the FTP state machine had already performed - those duties, which caused libcurl to get stuck in that state and fail - miserably. This occured for for active ftp uploads. + It also makes it less readable as plain text, so let's keep this + primarily for github use. - Reported-by: Patricia Muscalu - -- [Jactry Zeng brought this change] - - travis.yml: Add OS X testbot. - -- [Rémy Léone brought this change] + Removed the top ascii art logo, as it looks weird when markdownified. - travis: Upgrading to container based build - - http://docs.travis-ci.com/user/migrating-from-legacy +- README.md: markdown version of README - Closes #388 - -- RELEASE-NOTES: synced with 14ff86256b13e + Attempt to make it look more appealing on github -- [Erik Janssen brought this change] +Jay Satiro (6 Mar 2016) +- mprintf: update trio project link - rtsp: stop reading empty DESCRIBE responses - - Based-on-patch-by: Jim Hollinger +Daniel Stenberg (6 Mar 2016) +- CURLOPT_ACCEPTTIMEOUT_MS.3: added example -- [Erik Janssen brought this change] +- CURLOPT_ACCEPT_ENCODING.3: added example - rtsp: support basic/digest authentication +- CURLOPT_APPEND.3: added example -- [Sam Roth brought this change] +- CURLOPT_NOPROGRESS.3: added example, conform to stardard style - CURLMOPT_PUSHFUNCTION.3: fix argument types +Steve Holme (6 Mar 2016) +- build-openssl/checksrc.bat: Fixed prepend vs append of Perl path - Closes #389 - Closes #386 + Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order + in which Perl was added to the PATH. -- [Marcel Raad brought this change] +Daniel Stenberg (6 Mar 2016) +- opts: added two examples - inet_pton.c: Fix MSVC run-time check failure - - Visual Studio complains with a message box: - - "Run-Time Check Failure #1 - A cast to a smaller data type has caused a - loss of data. If this was intentional, you should mask the source of - the cast with the appropriate bitmask. - - For example: - char c = (i & 0xFF); - - Changing the code in this way will not affect the quality of the - resulting optimized code." - - This is because only 'val' is cast to unsigned char, so the "& 0xff" has - no effect. - - Closes #387 +- CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example -Jay Satiro (18 Aug 2015) -- docs: Update the redirect protocols disabled by default +- CURLOPT_SSL_CTX_FUNCTION.3: added example - - Clarify that FILE and SCP are disabled by default since 7.19.4 - - Add that SMB and SMBS are disabled by default since 7.40.0 - - Add CURLPROTO_SMBS to the list of protocols + and removed erroneous reference to test case lib509 -- gitignore: Sort for readability - - find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}' +- curlx.c: use more curl style code -Daniel Stenberg (15 Aug 2015) -- curl_easy_getinfo.3: fix superfluous space +- test46: change cookie expiry date - ... and changed "oriented" to "related" + Since two of the cookies would now otherwise expire and cause the test + to fail after commit 20de9b4f09 - Closes #378 - -- CURLOPT_HTTP_VERSION.3: connection re-use goes before version + Discussed in #697 -- [Daniel Kahn Gillmor brought this change] +Jay Satiro (5 Mar 2016) +- [Viktor Szakats brought this change] - curl.1: Document weaknesses in SSLv2 and SSLv3 - - Acknowledge that SSLv3 is also widely considered to be insecure. + makefile.m32: add missing libs for static -winssl-ssh2 builds - Also, provide references for people who want to know more about why it's - insecure. - -Steve Holme (14 Aug 2015) -- generate.bat: Added support for generating only the prerequisite files + Bug: https://github.com/curl/curl/pull/693 -- generate.bat: Only call buildconf.bat if it exists +- mbedtls: fix user-specified SSL protocol version + + Prior to this change when a single protocol CURL_SSLVERSION_ was + specified by the user that version was set only as the minimum version + but not as the maximum version as well. -- generate.bat: Fixed issues when ran in directories with special chars +Steve Holme (5 Mar 2016) +- .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14 -Daniel Stenberg (14 Aug 2015) -- [Brad King brought this change] +- build-openssl.bat: Fixed cannot find perl if installed but not in path - cmake: Fix CurlTests check for gethostbyname_r with 5 arguments - - Fix the check code to pass 5 arguments instead of 6. This typo was - introduced by commit aebfd4cfbf (cmake: fix gethostby{addr,name}_r in - CurlTests, 2014-10-31). +- checksrc.bat: Fixed cannot find perl if installed but not in path -Steve Holme (14 Aug 2015) -- * buildconf.bat: Fixed issues when ran in directories with special chars - - Bug: https://github.com/bagder/curl/pull/379 - Reported-by: Daniel Seither +Jay Satiro (5 Mar 2016) +- [Viktor Szakats brought this change] -Jay Satiro (13 Aug 2015) -- curl_global_init_mem.3: Stronger thread safety warning + makefile.m32: fix to allow -ssh2-winssl combination - Bug: http://curl.haxx.se/mail/lib-2015-08/0016.html - Reported-by: Eric Ridge - -Daniel Stenberg (12 Aug 2015) -- [Svyatoslav Mishyn brought this change] + In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl + (OpenSSL) option, with no way to override it with -winssl. Since both + libssh2 and curl support using Windows's built-in SSL backend, modify + the logic to allow that combination. - curl_multi_add_handle.3: fix a typo - - "can not" => "cannot" +- cookie: Don't expire session cookies in remove_expired - closes #377 - -- [Alessandro Ghedini brought this change] - - docs: fix typos + Prior to this change cookies with an expiry date that failed parsing + and were converted to session cookies could be purged in remove_expired. - closes #376 - -- bump: start working toward 7.45.0 - -- THANKS: remove duplicate name - -- THANKS-filter: merge Todd's names - -- THANKS: 13 new contributors from the 7.44.0 RELEASE-NOTES - -Version 7.44.0 (11 Aug 2015) - -Daniel Stenberg (11 Aug 2015) -- RELEASE-NOTES: synced with c75a1e775061 - -- [Svyatoslav Mishyn brought this change] + Bug: https://github.com/curl/curl/issues/697 + Reported-by: Seth Mos - curl_formget.3: correct return code +Daniel Stenberg (3 Mar 2016) +- cookie: remove redundant check - Closes #375 - -- [Svyatoslav Mishyn brought this change] - - libcurl-tutorial.3: fix formatting + ... as it was already checked previously within the function. - Closes #374 - -- [Svyatoslav Mishyn brought this change] - - curl_easy_recv.3: fix formatting + Reported-by: Dmitry-Me + Closes #695 +Jay Satiro (1 Mar 2016) - [Anders Bakken brought this change] - http2: discard frames with no SessionHandle - - Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the - SessionHandle. Apparently mod_h2 will sometimes send a frame for a - stream_id we're finished with. + url: if Curl_done is premature then pipeline not in use - Use nghttp2_session_get_stream_user_data and - nghttp2_session_set_stream_user_data to identify SessionHandles instead - of a hash. + Prevent a crash if 2 (or more) requests are made to the same host and + pipelining is enabled and the connection does not complete. - Closes #372 - -- RELEASE-NOTES: synced with 9ee40ce2aba + Bug: https://github.com/curl/curl/pull/690 - [Viktor Szakats brought this change] - build: refer to fixed libidn versions + makefile.m32: allow to pass .dll/.exe-specific LDFLAGS - closes #371 - -- Revert "configure: disable libidn by default" + using envvars `CURL_LDFLAG_EXTRAS_DLL` and + `CURL_LDFLAG_EXTRAS_EXE` respectively. This + is useful f.e. to pass ASLR-related extra + options, that are required to make this + feature work when using the mingw toolchain. - This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3. + Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985 - ... since libidn has since been fixed. - -- [Jakub Zakrzewski brought this change] + Closes https://github.com/curl/curl/pull/689 - CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define - - Otherwise the build only pretended to use GSS-API +Daniel Stenberg (29 Feb 2016) +- formpost: fix memory leaks in AddFormData error branches - Closes #370 + Reported-by: Dmitry-Me + Fixes #688 -- SFTP: fix range request off-by-one in size check - - Reported-by: Tim Stack +Jay Satiro (28 Feb 2016) +- getinfo: Fix syntax error when mbedTLS - Closes #359 + The assignment of the mbedTLS TLS session info in the parent commit was + incorrect. Change the assignment to a pointer to the session structure. -- test46: update cookie expire time +- getinfo: Add support for mbedTLS TLS session info - ... since it went old and thus was expired and caused the test to fail! - -Steve Holme (9 Aug 2015) -- generate.bat: Use buildconf.bat for prerequisite file generation - -- buildconf.bat: Tidy up of comments after recent commits + .. and preprocessor check TLS session info is defined for all backends. -- buildconf.bat: Added full generation of src\tool_hugehelp.c - - Added support for generating the full man page based on code from - generate.bat. +Daniel Stenberg (26 Feb 2016) +- ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on -- buildconf.bat: Added detection of groff, nroff, perl and gzip +- file: try reading from files with no size - To allow for the full generation of tool_hugehelp.c added detection of - the required programs - based on code from generate.bat. - -- buildconf.bat: Move DOS variable clean-up code to separate function + Some systems have special files that report as 0 bytes big, but still + contain data that can be read (for example /proc/cpuinfo on + Linux). Starting now, a zero byte size is considered "unknown" size and + will be read as far as possible anyway. - Rather than duplicate future variables, during clean-up of both success - and error conditions, use a common function that can be called by both. - -- RELEASE-NOTES: Synced with 39dcf352d2 - -- buildconf.bat: Added error messages on failure - -- buildconf.bat: Generate and clean files in the same order - -- buildconf.bat: Maintain compatibility with DOS based systems + Reported-by: Jesse Tan - Commit f08e30d7bc broke compatibility with DOS and non Windows NT based - versions of Windows due to the use of the setlocal command. + Closes #681 -Jay Satiro (9 Aug 2015) -- CURLOPT_RESOLVE.3: Note removal support was added in 7.42 +Jay Satiro (25 Feb 2016) +- configure: warn on invalid ca bundle or path - Bug: http://curl.haxx.se/mail/lib-2015-08/0019.html - Reported-by: Inca R - -Steve Holme (8 Aug 2015) -- checksrc.bat: Fixed error when missing *.c and *.h files + - Warn if --with-ca-bundle file does not exist. - File Not Found - -- checksrc.bat: Fixed incorrect 'lib\vtls' path check in commit 333c36b276 - -- checksrc.bat: Fixed error when [directory] isn't a curl source directory + - Warn if --with-ca-path directory does not contain certificates. - The system cannot find the file specified. - -- checksrc.bat: Added check for unknown arguments - -- scripts: Added missing comments - -- scripts: Always perform setlocal and endlocal calls in pairs + - Improve help messages for both. - Ensure that there isn't a mismatch between setlocal and endlocal calls, - which could have happened due to setlocal being called after certain - error conditions were checked for. - -- scripts: Allow -help to be specified in any argument + Example configure output: - Allow the -help command line argument to be specified in any argument - and not just as the first. - -Daniel Stenberg (6 Aug 2015) -- [juef brought this change] - - curl_multi_remove_handle.3: fix formatting + ca cert bundle: /some/file (warning: certs not found) + ca cert path: /some/dir (warning: certs not found) - closes #366 + Bug: https://github.com/curl/curl/issues/404 + Reported-by: Jeffrey Walton -Steve Holme (6 Aug 2015) -- README: Added notes about 'Running DLL based configurations' +Daniel Stenberg (24 Feb 2016) +- Curl_read: check for activated HTTP/1 pipelining, not only requested - ...as well as a TODO for a future enhancement to the project files. + ... as when pipelining is used, we read things into a unified buffer and + we don't do that with HTTP/2. This could then easily make programs that + set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data + intermixed or plain broken between HTTP/2 streams. - Thanks-to: Jay Satiro - -- RELEASE-NOTES: Synced with cf8975387f - -- buildconf.bat: Synchronise no repository error with generate.bat - -- generate.bat: Added a check for the presence of a git repository + Reported-by: Anders Bakken -- [Jay Satiro brought this change] +Patrick Monnerat (24 Feb 2016) +- os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS - build: Added wolfSSL configurations to VC10+ project files +Jay Satiro (23 Feb 2016) +- getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION - URL: https://github.com/bagder/curl/pull/174 - -- [Jay Satiro brought this change] - - build: Added wolfSSL build script for Visual Studio projects + The two options are almost the same, except in the case of OpenSSL: - Added the wolfSSL build script, based on build-openssl.bat, as well as - the property sheet and header file required for the upcoming additions - to the Visual Studio project files. - -Daniel Stenberg (6 Aug 2015) -- CHANGES: refer to the online changelog + CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *. - Suggested-by: mc0e - -- [Isaac Boukris brought this change] - - NTLM: handle auth for only a single request + CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *. - Currently when the server responds with 401 on NTLM authenticated - connection (re-used) we consider it to have failed. However this is - legitimate and may happen when for example IIS is set configured to - 'authPersistSingleRequest' or when the request goes thru a proxy (with - 'via' header). + For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to + return an SSL pointer for OpenSSL. - Implemented by imploying an additional state once a connection is - re-used to indicate that if we receive 401 we need to restart - authentication. + Also, add support for the 'internals' member to point to SSL object for + the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and + wolfSSL. - Closes #363 - -Steve Holme (5 Aug 2015) -- RELEASE-NOTES: Synced with 473807b95f - -- generate.bat: Use buildconf.bat for prerequisite file clean-up - -- buildconf.bat: Added support for file clean-up via -clean - -- buildconf.bat: Added progress output - -- buildconf.bat: Avoid using goto for file not in repository + Bug: https://github.com/curl/curl/issues/234 + Reported-by: dkjjr89@users.noreply.github.com + + Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html + Reported-by: Michael König -Daniel Stenberg (5 Aug 2015) -- curl_slist_append.3: add error checking to the example - -Steve Holme (5 Aug 2015) -- buildconf.bat: Added display of usage text with -help - -- buildconf.bat: Added exit codes for error handling - -- buildconf.bat: Added our standard copyright header - -- buildconf.bat: Use lower-case for commands and reserved keywords - -- generate.bat: Only clean prerequisite files when in ALL mode - -- generate.bat: Moved error messages out of sub-routines - -- generate.bat: More use of lower-case for commands and reserved keywords - -Daniel Stenberg (3 Aug 2015) -- libcurl.3: fix a single typo +Daniel Stenberg (23 Feb 2016) +- multi_remove_handle: keep the timeout list until after disconnect - Closes #361 - -- RELEASE-NOTES: synced with c4eb10e2f06f - -- SSH: three state machine fixups + The internal Curl_done() function uses Curl_expire() at times and that + uses the timeout list. Better clean up the list once we're done using + it. This caused a segfault. - The SSH state machine didn't clear the 'rc' variable appropriately in a - two places which prevented it from looping the way it should. And it - lacked an 'else' statement that made it possible to erroneously get - stuck in the SSH_AUTH_AGENT state. + Reported-by: 蔡文凱 + Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html + +Kamil Dudka (23 Feb 2016) +- tests/sshserver.pl: use RSA instead of DSA for host auth - Reported-by: Tim Stack + DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP + test cases to be skipped. Using RSA for host authentication works with + both old and new versions of OpenSSH. - Closes #357 - -- curl_gssapi: remove 'const' to fix compiler warnings + Reported-by: Karlson2k - initialization discards 'const' qualifier from pointer target type + Closes #676 -- docs: formpost needs the full size at start of upload +Jay Satiro (23 Feb 2016) +- TFTP: add option to suppress TFTP option requests (Part 2) - Closes #360 - -Steve Holme (1 Aug 2015) -- sspi: Fix typo from left over from old code which referenced NTLM + - Add tests. - References to NTLM in the identity generation should have been removed - in commit c469941293 but not all were. - -- win32: Fix compilation warnings from commit 40c921f8b8 + - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - connect.c:953:5: warning: initializer element is not computable at load - time - connect.c:953:5: warning: missing initializer for field 'dwMinorVersion' - of 'OSVERSIONINFOEX' - curl_sspi.c:97:5: warning: initializer element is not computable at load - time - curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion' - of 'OSVERSIONINFOEX' - -- schannel: Fix compilation warning from commit 7a8e861a56 + - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. - schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion' - of 'OSVERSIONINFOEX' [-Wmissing-field-initializers + Bug: https://github.com/curl/curl/issues/481 -Daniel Stenberg (31 Jul 2015) -- libcurl-thread.3: minor reformatting +- [Michael Koenig brought this change] -Jay Satiro (31 Jul 2015) -- curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs + TFTP: add option to suppress TFTP option requests (Part 1) - Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html - Reported-by: Eric Ridge - -- libcurl-thread.3: Warn memory functions must be thread safe + Some TFTP server implementations ignore the "TFTP Option extension" + (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing + problems with libcurl. Another switch for curl_easy_setopt + "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from + sending TFTP option requests to a server, avoiding many problems caused + by faulty implementations. - Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html - Reported-by: Eric Ridge + Bug: https://github.com/curl/curl/issues/481 -Steve Holme (31 Jul 2015) -- RELEASE-NOTES: Synced with 8b1d00ac1a +Daniel Stenberg (22 Feb 2016) +- [Karlson2k brought this change] -- INSTALL: Minor formatting correction in 'Legacy Windows and SSL' section + runtests: Fixed usage of %PWD on MinGW64 - ...as well as some rewording. + Closes #672 -Kamil Dudka (30 Jul 2015) -- http: move HTTP/2 cleanup code off http_disconnect() - - Otherwise it would never be called for an HTTP/2 connection, which has - its own disconnect handler. - - I spotted this while debugging - where the http_disconnect() handler was called on an FTP session handle - causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) - was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in - Curl_add_buffer_free() after printing the "Connection cache is full, - closing the oldest one." message. - - A previously working version of libcurl started to crash after it was - recompiled with the HTTP/2 support despite the HTTP/2 protocol was not - actually used. This commit makes it work again although I suspect the - root cause (reinterpreting session handle data of incompatible protocol) - still has to be fixed. Otherwise the same will happen when mixing FTP - and HTTP/2 connections and exceeding the connection cache limit. - - Reported-by: Tomas Tomecek - Bug: https://bugzilla.redhat.com/1248389 +Jay Satiro (20 Feb 2016) +- CURLOPT_DEBUGFUNCTION.3: Fix example -Daniel Stenberg (30 Jul 2015) - [Viktor Szakats brought this change] - ABI doc: use secure URL - -- ABI: remove the ascii logo - - and made the indent level to 1 - -- libcurl-multi.3: mention curl_multi_wait - - ... and some general rewordings to improve this docs. - - Reported-by: Tim Stack + src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support - Closes #356 - -Steve Holme (30 Jul 2015) -- maketgz: Fixed some VC makefiles missing from the release tarball + Sync with lib/Makefile.m32 which already uses those variables. - VC7, VC11, VC12 and VC14 makefiles were missing from the release - tarball. + Bug: https://github.com/curl/curl/pull/670 -- RELEASE-NOTES: Synced with 2d7e165761 +Dan Fandrich (20 Feb 2016) +- Enabled test 1437 after the bug fix in commit 3fa220a6 -- build: Added VC14 project files to Makefile.am +Jay Satiro (19 Feb 2016) +- [Emil Lerner brought this change] -- build: Added VC14 project files + curl_sasl: Fix memory leak in digest parser - Updates to Makefile.am for the generation of the project files in - the tarball to follow. - -Jay Satiro (29 Jul 2015) -- libcurl-thread.3: Clarify CURLOPT_NOSIGNAL takes long value 1L - -Steve Holme (28 Jul 2015) -- generate.bat: Use lower-case for commands and reserved keywords + If any parameter in a HTTP DIGEST challenge message is present multiple + times, memory allocated for all but the last entry should be freed. - Whilst there are no coding standards for the batch files used in curl, - most tend to use lower-case for keywords and upper-case for variables. + Bug: https://github.com/curl/curl/pull/667 -- build: Added initial VC14 support to generate.bat +Dan Fandrich (19 Feb 2016) +- Added test 1437 to verify a memory leak - Visual Studio project files and updates to makefile.am to follow. - -- build: Fixed missing .opensdf files from VC10+ .gitignore files + Reported-by: neex@users.noreply.github.com -- build: Use $(ProjectName) macro for curl.exe and curld.exe filenames +Jay Satiro (18 Feb 2016) +- CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style - This wasn't possible with the old curlsrc project filenames, but like - commit 2a615a2b64 and 11397eb6dd for libcurl use the built in Visual - Studio macros for the output filenames. + Bug: https://github.com/curl/curl/issues/666 + Reported-by: baumanj@users.noreply.github.com -- build: Renamed curl src Visual Studio project files +- curl.1: HTTP headers for --cookie must be Set-Cookie style - Following commit 957fcd9049 and in preparation for adding the VC14 - project files renamed the curl source project files. - -Daniel Stenberg (28 Jul 2015) -- [Jay Satiro brought this change] + Bug: https://github.com/curl/curl/issues/666 + Reported-by: baumanj@users.noreply.github.com - libcurl-thread.3: Revert to stricter handle wording - - .. also update formatting and add WinSSL and wolfSSL to the SSL/TLS - handlers list. +Daniel Stenberg (18 Feb 2016) +- curl.1: add a missing dash -- [Jay Satiro brought this change] +- CONTRIBUTING.md: fix links - libcurl-thread.3: Consolidate thread safety info +- ISSUE_TEMPLATE: github issue template - This is a new document to consolidate our thread safety information from - several documents (curl-www:features, libcurl.3, libcurl-tutorial.3). - Each document's section on multi-threading will now point to this one. + First version, try this out! -Steve Holme (27 Jul 2015) -- README: Corrected formatting for 'Legacy Windows and SSL' section +- CONTRIBUTING.md: move into .github - ...as well as some wording. + To hide github specific files somewhat from the rest. -- build-openssl.bat: Added support for VC14 +- opts: add references -Daniel Stenberg (26 Jul 2015) -- RELEASE-NOTES: synced with 0f645adc95390e8 +- examples/make: add 'checksrc' target -- test1902: attempt to make the test more reliable - - Closes #355 +- 10-at-a-time: typecast the argument passed to sleep() -- comment: fix comment about adding new option support +- externalsocket.c: fix compiler warning for fwrite return type -Jay Satiro (25 Jul 2015) -- build-openssl.bat: Show syntax if required args are missing +- anyauthput.c: fix compiler warnings -Daniel Stenberg (26 Jul 2015) -- TODO: improve how curl works in a windows console window - - Closes #322 for now +- simplessl.c: warning: while with space -- 1.11 minimize dependencies with dynamicly loaded modules +- curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function - Closes #349 for now + Reported-By: Gisle Vanem -Jay Satiro (25 Jul 2015) -- tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS +- http2: don't decompress gzip decoding automatically - - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. + At one point during the development of HTTP/2, the commit 133cdd29ea0 + introduced automatic decompression of Content-Encoding as that was what + the spec said then. Now however, HTTP/2 should work the same way as + HTTP/1 in this regard. - Broken by me several days ago in 172b2be. - https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b + Reported-by: Kazuho Oku - Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html - Reported-by: Dan Fandrich + Closes #661 + +Jay Satiro (16 Feb 2016) +- [Tatsuhiro Tsujikawa brought this change] -Daniel Stenberg (25 Jul 2015) -- configure: check if OpenSSL linking wants -ldl + http: Don't break the header into chunks if HTTP/2 - To make it easier to link with static versions of OpenSSL, the configure - script now checks if -ldl is needed for linking. + nghttp2 callback deals with TLS layer and therefore the header does not + need to be broken into chunks. - Help-by: TJ Saunders + Bug: https://github.com/curl/curl/issues/659 + Reported-by: Kazuho Oku -- [Michael Kaufmann brought this change] +Daniel Stenberg (16 Feb 2016) +- [Viktor Szakats brought this change] - HTTP: ignore "Content-Encoding: compress" - - Currently, libcurl rejects responses with "Content-Encoding: compress" - when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should - treat the Content-Encoding "compress" the same as other - Content-Encodings that it does not support, e.g. "bzip2". That means - just ignoring it. + openssl: use macro to guard the opaque EVP_PKEY branch -- [Marcel Raad brought this change] +- [Viktor Szakats brought this change] - openssl: work around MSVC warning + openssl: avoid direct PKEY access with OpenSSL 1.1.0 - MSVC 12 complains: + by using API instead of accessing an internal structure. + This is required starting OpenSSL 1.1.0-pre3. - lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local - variable 'verstr' used It's a false positive, but as it's normally not, - I have enabled warning-as-error for that warning. - -- [Michał Fita brought this change] + Closes #650 - configure: add --disable-rt option - - This option disables any attempts in configure to create dependency on - stuff requiring linking to librt.so and libpthread.so, in this case this - means clock_gettime(CLOCK_MONOTONIC, &mt). - - We were in need to build curl which doesn't link libpthread.so to avoid - the following bug: - https://sourceware.org/bugzilla/show_bug.cgi?id=16628. +- RELEASE-NOTES: synced with ede0bfc079da -Kamil Dudka (23 Jul 2015) -- http2: verify success of strchr() in http2_send() - - Detected by Coverity. - - Error: NULL_RETURNS: - lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times). - lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr". - lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf". - 1300| - 1301| hdbuf = strchr(hdbuf, 0x0a); - 1302|-> ++hdbuf; - 1303| - 1304| authority_idx = 0; +- [Clint Clayton brought this change] -Jay Satiro (22 Jul 2015) -- Windows: Fix VerifyVersionInfo calls - - - Fix the VerifyVersionInfo calls, which we use to test for the OS major - version, to also test for the minor version as well as the service pack - major and minor versions. - - MSDN: "If you are testing the major version, you must also test the - minor version and the service pack major and minor versions." + CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option - https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx + Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use + CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT. - Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098 - Reported-by: Marcel Raad - -- [Marcel Raad brought this change] - - schannel: Replace deprecated GetVersion with VerifyVersionInfo - -Steve Holme (21 Jul 2015) -- makefile: Added support for VC14 - -Patrick Monnerat (21 Jul 2015) -- os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings. - -- libcurl: VERSIONINFO update - Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname - requires VERSIONINFO updating. - -- http2: satisfy external references even if http2 is not compiled in. + Closes #653 -Daniel Stenberg (20 Jul 2015) -- http2: add stream != NULL checks for reliability - - They should not trigger, but in case of internal problems we at least - avoid crashes this way. +- opt-docs: add more references -Jay Satiro (18 Jul 2015) -- symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol +- [David Byron brought this change] -- SSL: Add an option to disable certificate revocation checks - - New tool option --ssl-no-revoke. - New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. + SCP: use libssh2_scp_recv2 to support > 2GB files on windows - Currently this option applies only to WinSSL where we have automatic - certificate revocation checking by default. According to the - ssl-compared chart there are other backends that have automatic checking - (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at - some later point. + libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any + day now. - Bug: https://github.com/bagder/curl/issues/264 - Reported-by: zenden2k + Closes #451 -- runtests: Allow for spaces in curl custom path +Jay Satiro (13 Feb 2016) +- [Shine Fan brought this change] + + gtls: fix for builds lacking encrypted key file support - .. also fix some typos in test's FILEFORMAT spec. + Bug: https://github.com/curl/curl/pull/651 -- [David Woodhouse brought this change] +Dan Fandrich (13 Feb 2016) +- test1604: Add to Makefile.inc so it gets run - ntlm_wb: Fix theoretical memory leak - - Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix - hard-coded limit on NTLM auth packet size") introduced a potential - memory leak on an error path, because we forget to free the buffer - before returning an error. - - Fix this. +Jay Satiro (12 Feb 2016) +- generate.bat: Fix comment bug by removing old comments - Although actually, it never happens in practice because we never *get* - here with state == NTLMSTATE_TYPE1. The state is always zero. That - might want cleaning up in a separate patch. + Remove NOTES section, it's no longer needed since we aren't setting the + errorlevel and more importantly the recently updated URL in the comments + is causing some unusual behavior that breaks the script. - Reported-by: Terri Oda - -- strerror: Add CRYPT_E_REVOKED to SSPI error strings + Closes https://github.com/curl/curl/issues/649 -Kamil Dudka (14 Jul 2015) -- libtest: call PR_Cleanup() on exit if NSPR is used +Kamil Dudka (12 Feb 2016) +- curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts - This prevents valgrind from reporting possibly lost memory that NSPR - uses for file descriptor cache and other globally allocated internal - data structures. + The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man + pages since curl-7_12_3~131. This patch makes it clear in the curl.1 + man page, too. - Reported-by: Štefan Kremeň + Bug: https://bugzilla.redhat.com/1305970 -Jay Satiro (14 Jul 2015) -- [John Malmberg brought this change] +Daniel Stenberg (12 Feb 2016) +- dist: ship buildconf.bat too + + As the winbuild/* stuff uses it! - openssl: VMS support for SHA256 +- curlx_tvdiff: handle 32bit time_t overflows - setup-vms.h: More symbols for SHA256, hacks for older VAX + On 32bit systems, make sure we don't overflow and return funky values + for very large time differences. - openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX. + Reported-by: Anders Bakken - openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to - allow building on VAX and 64 bit VMS. - -- examples: Fix typo in multi-single.c - -Daniel Stenberg (7 Jul 2015) -- [Tatsuhiro Tsujikawa brought this change] - - http2: Fix memory leak in push header array - -Dan Fandrich (2 Jul 2015) -- test2041: fixed line endings in protocol part - -- cyassl: fixed mismatched sha256sum function prototype - -Daniel Stenberg (1 Jul 2015) -- [moparisthebest brought this change] - - SSL: Pinned public key hash support + Closes #646 -- examples: provide sections +- examples: fix some compiler warnings -- [John Malmberg brought this change] +- simplessl.c: fix my breakage - OpenVMS: VMS Software, Inc now the supplier. +- examples: adhere to curl code style - setup-vms.h: Symbol case fixups submitted by Michael Steve + All plain C examples now (mostly) adhere to the curl code style. While + they are only examples, they had diverted so much and contained all + sorts of different mixed code styles by now. Having them use a unified + style helps users and readability. Also, as they get copy-and-pasted + widely by users, making sure they're clean and nice is a good idea. - build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the - supplier of new versions of VMS. The install kit needs to accept - VSI as a producer. + 573 checksrc warnings were addressed. -Jay Satiro (30 Jun 2015) -- multi: Move http2 push function declarations to header end +- examples/cookie_interface.c: add cleanup call - This change necessary for binary compatibility. + cleaning up handles is a good idea as we leak memory otherwise - Prior to this change test 1135 failed due to the order of functions. + Also, line wrapped before 80 columns. -- symbols-in-versions: Add new http2 push symbols +Kamil Dudka (10 Feb 2016) +- nss: search slash in forward direction in dup_nickname() - Prior to this change test 1119 failed due to the missing symbols. - -Daniel Stenberg (30 Jun 2015) -- RELEASE-NOTES: synced with e6749055d653 + It is wasteful to search it backwards if we look for _any_ slash. -- configure: disable libidn by default - - For security reasons, until there is a fix. +- nss: do not count enabled cipher-suites - Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html - Reported-by: Gustavo Grieco, Feist Josselin - -- SSL-PROBLEMS: mention WinSSL problems in WinXP + We only care if at least one cipher-suite is enabled, so it does + not make any sense to iterate till the end and count all enabled + cipher-suites. -- CODE_OF_CONDUCT.md: added - - Just to underscore how we treat each other in this project. Nothing new - really, but could be useful for newcomers and outsiders to see our - values. +Daniel Stenberg (10 Feb 2016) +- contributors.sh: make 79 the max column width (from 80) -- tool_header_cb: fflush the header stream - - Flush the header stream when -D is used so that they are sent off - earlier. - - Bug: https://github.com/bagder/curl/issues/324 - Reported-by: Cédric Connes +- RELEASE-NOTES: synced with c276aefee3995 -- [Roger Leigh brought this change] +- mbedtls.c: re-indent to better match curl standards - tests: Distribute CMakeLists.txt files in subdirectories +- [Rafael Antonio brought this change] -- CURLOPT_FAILONERROR.3: mention that it closes the connection + mbedtls: fix memory leak when destroying SSL connection data - Reported-by: bemoody - Bug: https://github.com/bagder/curl/issues/325 - -- curl_multi_setopt.3: alpha sort the options + Closes #626 -- curl_multi_setopt.3: add the new push options +- mbedtls: fix ALPN usage segfault + + Since we didn't keep the input argument around after having called + mbedtls, it could end up accessing the wrong memory when figuring out + the ALPN protocols. + + Closes #642 -- [Tatsuhiro Tsujikawa brought this change] +Jay Satiro (9 Feb 2016) +- [Timotej Lazar brought this change] - http2: Use nghttp2 library error code for error return value + opts: update references to renamed options -- [Tatsuhiro Tsujikawa brought this change] +- KNOWN_BUGS: Update #92 - Windows device prefix - http2: Harden header validation for curl_pushheader_byname +- tool_doswin: Support for literal path prefix \\?\ - Since we do prefix match using given header by application code - against header name pair in format "NAME:VALUE", and VALUE part can - contain ":", we have to careful about existence of ":" in header - parameter. ":" should be allowed to match HTTP/2 pseudo-header field, - and other use of ":" in header must be treated as error, and - curl_pushheader_byname should return NULL. This commit implements - this behaviour. - -- [Tatsuhiro Tsujikawa brought this change] - - CURLMOPT_PUSHFUNCTION.3: Remove unused variable - -- CURLMOPT_PUSHFUNCTION.3: added example + For example something like --output \\?\C:\foo -- http2: curl_pushheader_byname now takes a const char * +Daniel Stenberg (9 Feb 2016) +- configure: state "BoringSSL" in summary when that was detected -- http2-serverpush.c: example code +- [David Benjamin brought this change] -- http2: free all header memory after the push callback - -- http2: init the pushed transfer properly - -- http2: fixed the header accessor functions for the push callback - -- http2: setup the new pushed stream properly - -- http2: initial implementation of the push callback - -- http2: initial HTTP/2 server push types/docs - -- test1531: verify POSTFIELDSIZE set after add_handle + openssl: remove most BoringSSL #ifdefs. - Following the fix made in 903b6e05565bf. - -- pretransfer: init state.infilesize here, not in add_handle + As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of + BoringSSL #ifdefs in cURL should be unnecessary: - ... to properly support that options are set to the handle after it is - added to the multi handle. + - BoringSSL provides no-op stubs for compatibility which replaces most + #ifdefs. - Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html - Reported-by: Stefan Bühler - -Jay Satiro (21 Jun 2015) -- [Lior Kaplan brought this change] - - tool_help: fix --tlsv1 help text to use >= for TLSv1 - -- INSTALL: Advise use of non-native SSL for Windows <= XP + - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove + the compatibility codepath. - Advise that WinSSL in versions <= XP will not be able to connect to - servers that no longer support the legacy handshakes and algorithms used - by those versions, and to use an alternate backend like OpenSSL instead. + - With a small tweak to an extend_key_56_to_64 call, the NTLM code + builds fine. - Bug: https://github.com/bagder/curl/issues/253 - Reported-by: zenden2k - -Kamil Dudka (19 Jun 2015) -- curl_easy_setopt.3: restore contents removed by mistake + - Switch OCSP-related #ifdefs to the more generally useful + OPENSSL_NO_OCSP. - ... in commit curl-7_43_0-18-g570076e - -Daniel Stenberg (19 Jun 2015) -- curl_easy_setopt.3: mention CURLOPT_PIPEWAIT - -Jay Satiro (18 Jun 2015) -- cookie: Fix bug in export if any-domain cookie is present + The only #ifdefs which remain are Curl_ossl_version and the #undefs to + work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves + that to the consumer. The in-header workaround makes things sensitive to + include order.) - In 3013bb6 I had changed cookie export to ignore any-domain cookies, - however the logic I used to do so was incorrect, and would lead to a - busy loop in the case of exporting a cookie list that contained - any-domain cookies. The result of that is worse though, because in that - case the other cookies would not be written resulting in an empty file - once the application is terminated to stop the busy loop. - -Dan Fandrich (18 Jun 2015) -- FTP: fixed compiling with --disable-proxy, broken in b88f980a - -Daniel Stenberg (18 Jun 2015) -- tool: always provide negotiate/kerberos options + This change errs on the side of removing conditionals despite many of + the restored codepaths being no-ops. (BoringSSL generally adds no-op + compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are + bad enough!) - libcurl can still be built with it, even if the tool is not. Maintain - independence! - -- TODO: Support IDNA2008 + Closes #640 -- [Viktor Szakats brought this change] +Jay Satiro (8 Feb 2016) +- KNOWN_BUGS: Windows device prefix is required for devices - Makefile.m32: add support for CURL_LDFLAG_EXTRAS +- tool_urlglob: Allow reserved dos device names (Windows) - It is similar to existing CURL_CFLAG_EXTRAS, but for - extra linker option. - -- RTSP: removed another piece of dead code + Allow --output to reserved dos device names without the device prefix + for backwards compatibility. + + Example: --output NUL can be used instead of --output \\.\NUL - Coverity CID 1306668 + Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863 + Reported-by: Gisle Vanem -- openssl: fix use of uninitialized buffer +Daniel Stenberg (8 Feb 2016) +- cookies: allow spaces in cookie names, cut of trailing spaces - Make sure that the error buffer is always initialized and simplify the - use of it to make the logic easier. + It turns out Firefox and Chrome both allow spaces in cookie names and + there are sites out there using that. - Bug: https://github.com/bagder/curl/issues/318 - Reported-by: sneis - -- examples: more descriptions - -- examples: add descriptions with + Turned out the code meant to strip off trailing space from cookie names + didn't work. Fixed now. + + Test case 8 modified to verify both these changes. - Using this fixed format for example descriptions, we can generate a - better list on the web site. + Closes #639 -- libcurl-errors.3: fix typo +Patrick Monnerat (8 Feb 2016) +- Merge branch 'master' of github.com:curl/curl -- curl_easy_setopt.3: option order doesn't matter +- os400: sync ILE/RPG definitions with latest public header files. -- openssl: fix build with BoringSSL - - OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression - from cae43a1 +Daniel Stenberg (8 Feb 2016) +- [Ludwig Nussel brought this change] -- [Paul Howarth brought this change] + SSLCERTS: update wrt SSL CA certificate store - openssl: Fix build with openssl < ~ 0.9.8f - - The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at - around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks - builds with older openssls (certainly with 0.9.8b, which is the latest - older version I have to try with). +- [Ludwig Nussel brought this change] -- FTP: do the HTTP CONNECT for data connection blocking + configure: --with-ca-fallback: use built-in TLS CA fallback + + When trying to verify a peer without having any root CA certificates + set, this makes libcurl use the TLS library's built in default as + fallback. - ** WORK-AROUND ** + Closes #569 + +- Proxy-Connection: stop sending this header by default - The introduced non-blocking general behaviour for Curl_proxyCONNECT() - didn't work for the data connection establishment unless it was very - fast. The newly introduced function argument makes it operate in a more - blocking manner, more like it used to work in the past. This blocking - approach is only used when the FTP data connecting through HTTP proxy. + RFC 7230 says we should stop. Firefox already stopped. - Blocking like this is bad. A better fix would make it work more - asynchronously. + Bug: https://github.com/curl/curl/issues/633 + Reported-By: Brad Fitzpatrick - Bug: https://github.com/bagder/curl/issues/278 - -- bump: start the journey toward 7.44.0 - -Jay Satiro (17 Jun 2015) -- CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes + Closes #633 -- CURLOPT_ERRORBUFFER.3: Improve example +- bump: work toward the next release -Version 7.43.0 (17 Jun 2015) +- THANKS: 2 contributors from the 7.47.1 release -Daniel Stenberg (17 Jun 2015) -- RELEASE-NOTES: 7.43.0 release +- RELEASE-PROCEDURE: remove the github upload part + + ... as we're HTTPS on the main site now, there's no point in that + extra step -- THANKS: updated with 7.43.0 names +Version 7.47.1 (8 Feb 2016) -- [Kamil Dudka brought this change] +Daniel Stenberg (8 Feb 2016) +- RELEASE-NOTES: curl 7.47.1 time! - http: do not leak basic auth credentials on re-used connections +Jay Satiro (8 Feb 2016) +- tool_operhlp: Check for backslashes in get_url_file_name - CVE-2015-3236 + Extract the filename from the last slash or backslash. Prior to this + change backslashes could be part of the filename. - This partially reverts commit curl-7_39_0-237-g87c4abb + This change needed for the curl tool built for Cygwin. Refer to the + CYGWIN addendum in advisory 20160127B. - Reported-by: Tomas Tomecek, Kamil Dudka - Bug: http://curl.haxx.se/docs/adv_20150617A.html - -- [Kamil Dudka brought this change] + Bug: https://curl.haxx.se/docs/adv_20160127B.html - test2040: verify basic auth on re-used connections +Daniel Stenberg (7 Feb 2016) +- RELEASE-NOTES: synced with d6a8869ea34 -- SMB: rangecheck values read off incoming packet - - CVE-2015-3237 +Jay Satiro (6 Feb 2016) +- openssl: Fix signed/unsigned mismatch warning in X509V3_ext - Detected by Coverity. CID 1299430. + sk_X509_EXTENSION_num may return an unsigned integer, however the value + will fit in an int. - Bug: http://curl.haxx.se/docs/adv_20150617B.html + Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896 + Reported-by: Gisle Vanem -Jay Satiro (17 Jun 2015) -- schannel: schannel_recv overhaul - - This commit is several drafts squashed together. The changes from each - draft are noted below. If any changes are similar and possibly - contradictory the change in the latest draft takes precedence. - - Bug: https://github.com/bagder/curl/issues/244 - Reported-by: Chris Araman - - %% - %% Draft 1 - %% - - return 0 if len == 0. that will have to be documented. - - continue on and process the caches regardless of raw recv - - if decrypted data will be returned then set the error code to CURLE_OK - and return its count - - if decrypted data will not be returned and the connection has closed - (eg nread == 0) then return 0 and CURLE_OK - - if decrypted data will not be returned and the connection *hasn't* - closed then set the error code to CURLE_AGAIN --only if an error code - isn't already set-- and return -1 - - narrow the Win2k workaround to only Win2k +Daniel Stenberg (7 Feb 2016) +- TODO: 17.11 -w output to stderr + +Jay Satiro (6 Feb 2016) +- [Michael Kaufmann brought this change] + + idn_win32: Better error checking - %% - %% Draft 2 - %% - - Trying out a change in flow to handle corner cases. + .. also fix a conversion bug in the unused function + curl_win32_ascii_to_idn(). - %% - %% Draft 3 - %% - - Back out the lazier decryption change made in draft2. + And remove wprintfs on error (Jay). - %% - %% Draft 4 - %% - - Some formatting and branching changes - - Decrypt all encrypted cached data when len == 0 - - Save connection closed state - - Change special Win2k check to use connection closed state + Bug: https://github.com/curl/curl/pull/637 + +- [Gisle Vanem brought this change] + + examples/asiohiper: Avoid function name collision on Windows - %% - %% Draft 5 - %% - - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the - connection isn't closed. + closesocket => close_socket + Winsock already has the former. - %% - %% Draft 6 - %% - - Save the last error only if it is an unrecoverable error. + Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html + +- [Gisle Vanem brought this change] + + examples/htmltitle: Use _stricmp on Windows - Prior to this I saved the last error state in all cases; unfortunately - the logic to cover that in all cases would lead to some muddle and I'm - concerned that could then lead to a bug in the future so I've replaced - it by only recording an unrecoverable error and that state will persist. + Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html + +Daniel Stenberg (6 Feb 2016) +- COPYING: clarify that Daniel is not the sole author - - Do not recurse on renegotiation. + ... done on request and as it is a fair point. + +Jay Satiro (5 Feb 2016) +- unit1604: Fix unit setup return code + +- tool_doswin: Use type SANITIZEcode in sanitize_file_name + +- tool_doswin: Improve sanitization processing - Instead we'll continue on to process any trailing encrypted data - received during the renegotiation only. + - Add unit test 1604 to test the sanitize_file_name function. - - Move the err checks in cleanup after the check for decrypted data. + - Use -DCURL_STATICLIB when building libcurltool for unit testing. - In either case decrypted data is always returned but I think it's easier - to understand when those err checks come after the decrypted data check. + - Better detection of reserved DOS device names. - %% - %% Draft 7 - %% - - Regardless of len value go directly to cleanup if there is an - unrecoverable error or a close_notify was already received. Prior to - this change we only acknowledged those two states if len != 0. + - New flags to modify sanitize behavior: - - Fix a bug in connection closed behavior: Set the error state in the - cleanup, because we don't know for sure it's an error until that time. + SANITIZE_ALLOW_COLONS: Allow colons + SANITIZE_ALLOW_PATH: Allow path separators and colons + SANITIZE_ALLOW_RESERVED: Allow reserved device names + SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - - (Related to above) In the case the connection is closed go "greedy" - with the decryption to make sure all remaining encrypted data has been - decrypted even if it is not needed at that time by the caller. This is - necessary because we can only tell if the connection closed gracefully - (close_notify) once all encrypted data has been decrypted. + - Restore sanitization of banned characters from user-specified outfile. - - Do not renegotiate when an unrecoverable error is pending. + Prior to this commit sanitization of a user-specified outfile was + temporarily disabled in 2b6dadc because there was no way to allow path + separators and colons through while replacing other banned characters. + Now in such a case we call the sanitize function with + SANITIZE_ALLOW_PATH which allows path separators and colons to pass + through. - %% - %% Draft 8 - %% - - Don't show 'server closed the connection' info message twice. - - Show an info message if server closed abruptly (missing close_notify). + Closes https://github.com/curl/curl/issues/624 + Reported-by: Octavio Schroeder + +- [Viktor Szakats brought this change] -Daniel Stenberg (16 Jun 2015) -- [Paul Oliver brought this change] + URLs: change more http to https - Fix typo in docs +- sasl_sspi: Fix memory leak in domain populate + + Free an existing domain before replacing it. - s/curret/current/ + Bug: https://github.com/curl/curl/issues/635 + Reported-by: silveja1@users.noreply.github.com +Daniel Stenberg (4 Feb 2016) - [Viktor Szakats brought this change] - docs: update URLs - -- RELEASE-NOTES: synced with f29f2cbd00dbe5f + URLs: follow GitHub project rename (also Travis CI) + + Closes #632 -- [Viktor Szakats brought this change] +- CHANGES.o: fix references to curl.haxx.nu + + I removed the scheme prefix from the URLs references this host name, as + we don't own/run that anymore but the name is kept for historic reasons. - README: use secure protocol for Git repository +- HISTORY: add some info about when we used which host names +Jay Satiro (2 Feb 2016) - [Viktor Szakats brought this change] - HTTP2.md: use SSL/TLS IETF URLs + URLs: change more http to https -- [Viktor Szakats brought this change] +Dan Fandrich (3 Feb 2016) +- URLs: Change more haxx.se URLs from http: to https: - LICENSE-MIXING: update URLs - - * use SSL/TLS where available - * follow permanent redirects +Daniel Stenberg (3 Feb 2016) +- RELEASE-NOTES: synced with 4af40b364 -- LICENSE-MIXING: refreshed +- URLs: change all http:// URLs to https:// -- curl_easy_duphandle: see also *reset +- configure: update the copyright year range in output -- rtsp_do: fix DEAD CODE +- dotdot: allow an empty input string too - "At condition p_request, the value of p_request cannot be NULL." + It isn't used by the code in current conditions but for safety it seems + sensible to at least not crash on such input. - Coverity CID 1306668. + Extended unit test 1395 to verify this too as well as a plain "/" input. -- security:choose_mech fix DEAD CODE warning - - ... by removing the "do {} while (0)" block. - - Coverity CID 1306669 +- HTTPS: update a bunch of URLs from HTTP to HTTPS -- curl.1: netrc is in man section 5 +- [Sergei Nikulov brought this change] -- curl.1: small format fix + AppVeyor: updated to handle OpenSSL/WinSSL builds - use \fI-style instead of .BR for references + Closes #621 -- urldata: store POST size in state.infilesize too +Jay Satiro (1 Feb 2016) +- tool_operate: Don't sanitize --output path (Windows) + + Due to path separators being incorrectly sanitized in --output + pathnames, eg -o c:\foo => c__foo - ... to simplify checking when PUT _or_ POST have completed. + This is a partial revert of 3017d8a until I write a proper fix. The + remote-name will continue to be sanitized, but if the user specified an + --output with string replacement (#1, #2, etc) that data is unsanitized + until I finish a fix. - Reported-by: Frank Meier - Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html + Bug: https://github.com/bagder/curl/issues/624 + Reported-by: Octavio Schroeder -Dan Fandrich (14 Jun 2015) -- test1530: added http to required features +- curl.1: Explain remote-name behavior if file already exists + + .. also warn about letting the server pick the filename. -Jay Satiro (14 Jun 2015) -- [Drake Arconis brought this change] +- [Gisle Vanem brought this change] - build: Fix typo from OpenSSL 1.0.2 version detection fix + urldata: Error on missing SSL backend-specific connect info -- [Drake Arconis brought this change] +Daniel Stenberg (28 Jan 2016) +- bump: towards the next (7.47.1 ?) - build: Properly detect OpenSSL 1.0.2 when using configure +- [Sergei Nikulov brought this change] -- curl_multi_info_read.3: fix example formatting + cmake: fixed when OpenSSL enabled on Windows and schannel detected + + Closes #617 -Daniel Stenberg (13 Jun 2015) -- BINDINGS: there's a new R binding in town! +Jay Satiro (28 Jan 2016) +- [Sergei Nikulov brought this change] -- BINDINGS: added the Xojo binding + urldata: moved common variable out of ifdef + + Closes https://github.com/bagder/curl/pull/618 -Jay Satiro (11 Jun 2015) -- [Joel Depooter brought this change] +- [Viktor Szakats brought this change] - schannel: Add support for optional client certificates + tool_doswin: silence unused function warning - Some servers will request a client certificate, but not require one. - This change allows libcurl to connect to such servers when using - schannel as its ssl/tls backend. When a server requests a client - certificate, libcurl will now continue the handshake without one, - rather than terminating the handshake. The server can then decide - if that is acceptable or not. Prior to this change, libcurl would - terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS - error. + tool_doswin.c:185:14: warning: 'msdosify' defined but not used + [-Wunused-function] + + Closes https://github.com/bagder/curl/pull/616 -Daniel Stenberg (11 Jun 2015) -- curl_easy_cleanup.3: provide more SEE ALSO +Daniel Stenberg (27 Jan 2016) +- getredirect.c: fix variable name + + Reported-by: Bernard Spil -- debug: remove http2 debug leftovers +Version 7.47.0 (27 Jan 2016) -- VERSIONS: now using markdown +Daniel Stenberg (27 Jan 2016) +- examples/Makefile.inc: specify programs without .c! -- RELEASE-PROCEDURE: remove ascii logo at the top of file +- THANKS: 6 new contributors from 7.47.0 release notes -- INTERNALS: absorbed docs/LIBCURL-STRUCTS +- [Isaac Boukris brought this change] -- INTERNALS: cat lib/README* >> INTERNALS + NTLM: Fix ConnectionExists to compare Proxy credentials - and a conversion to markdown. Removed the lib/README.* files. The idea - being to move toward having INTERNALS as the one and only "book" of - internals documentation. + Proxy NTLM authentication should compare credentials when + re-using a connection similar to host authentication, as it + authenticate the connection. - Added a TOC to top of the document. - -Jay Satiro (8 Jun 2015) -- openssl: LibreSSL and BoringSSL do not use TLS_client_method + Example: + curl -v -x http://proxy:port http://host/ -U good_user:good_pwd + --proxy-ntlm --next -x http://proxy:port http://host/ + [-U fake_user:fake_pwd --proxy-ntlm] - Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of - TLS_client_method LibreSSL and BoringSSL didn't and still use - SSLv23_client_method. + CVE-2016-0755 - Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 - Reported-by: asavah@users.noreply.github.com + Bug: http://curl.haxx.se/docs/adv_20160127A.html -Daniel Stenberg (9 Jun 2015) -- RELEASE-NOTES: synced with 20ac3458068 +- [Ray Satiro brought this change] -- CURLOPT_OPENSOCKETFUNCTION: return error at once + curl: avoid local drive traversal when saving file (Windows) + + curl does not sanitize colons in a remote file name that is used as the + local file name. This may lead to a vulnerability on systems where the + colon is a special path character. Currently Windows/DOS is the only OS + where this vulnerability applies. + + CVE-2016-0754 + + Bug: http://curl.haxx.se/docs/adv_20160127B.html + +- RELEASE-NOTES: 7.47.0 + +- FAQ: language fix in 4.19 + +- [paulehoffman brought this change] + + FAQ: Update to point to GitHub + + Current FAQ didn't make it clear where the main repo is. + + Closes #612 + +- maketgz: generate date stamp with LC_TIME=C + + bug: http://curl.haxx.se/mail/lib-2016-01/0123.html + +- curl_multi_socket_action.3: line wrap + +- RELEASE-NOTES: synced with d58ba66eeceb + +Steve Holme (21 Jan 2016) +- TODO: "Create remote directories" for SMB + +Jay Satiro (18 Jan 2016) +- mbedtls: Fix pinned key return value on fail + + - Switch from verifying a pinned public key in a callback during the + certificate verification to inline after the certificate verification. + + The callback method had three problems: + + 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH + was not returned. + + 2. If peer certificate verification was disabled the pinned key + verification did not take place as it should. + + 3. (related to #2) If there was no certificate of depth 0 the callback + would not have checked the pinned public key. + + Though all those problems could have been fixed it would have made the + code more complex. Instead we now verify inline after the certificate + verification in mbedtls_connect_step2. + + Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html + Ref: https://github.com/bagder/curl/pull/601 + +- tests: Add a test for pinnedpubkey fail even when insecure + + Because disabling the peer verification (--insecure) must not disable + the public key pinning check (--pinnedpubkey). + +- [Daniel Schauenberg brought this change] + + CURLINFO_RESPONSE_CODE.3: add example + +Kamil Dudka (15 Jan 2016) +- ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL + + The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle + empty strings specially since curl-7_25_0-31-g05a443a but the behavior + was unintentionally removed in curl-7_38_0-47-gfa7d04f. + + This commit restores the original behavior and clarifies it in the + documentation that NULL and "" have both the same meaning when passed + to CURLOPT_SSH_PUBLIC_KEYFILE. + + Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html + +Daniel Stenberg (14 Jan 2016) +- RELEASE-NOTES: synced with 35083ca60ed035a + +- openssl: improved error detection/reporting + + ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL + 1.1.0+ returned a new func number of another cerfificate fail so this + required a fix and this is the better way to catch this error anyway. + +- openssl: for 1.1.0+ they now provide a SSLeay() macro of their own + +- CURLOPT_RESOLVE.3: minor language polish + +- configure: assume IPv6 works when cross-compiled + + The configure test uses AC_TRY_RUN to figure out if an ipv6 socket + works, and testing like that doesn't work for cross-compiles. These days + IPv6 support is widespread so a blind guess is probably more likely to + be 'yes' than 'no' now. + + Further: anyone who cross-compiles can use configure's --disable-ipv6 to + explicitly disable IPv6 and that also works for cross-compiles. + + Made happen after discussions in issue #594 + +- TODO: "Try to URL encode given URL" + + Closes #514 + +- ConnectionExists: only do pipelining/multiplexing when asked + + When an HTTP/2 upgrade request fails (no protocol switch), it would + previously detect that as still possible to pipeline on (which is + acorrect) and do that when PIPEWAIT was enabled even if pipelining was + not explictily enabled. + + It should only pipelined if explicitly asked to. + + Closes #584 + +- [Mohammad AlSaleh brought this change] + + lib: Prefix URLs with lower-case protocol names/schemes + + Before this patch, if a URL does not start with the protocol + name/scheme, effective URLs would be prefixed with upper-case protocol + names/schemes. This behavior might not be expected by library users or + end users. + + For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the + URL is "hostname/path". The effective URL would be + "HTTPS://hostname/path" instead of "https://hostname/path". + + After this patch, effective URLs would be prefixed with a lower-case + protocol name/scheme. + + Closes #597 + + Signed-off-by: Mohammad AlSaleh + +- [Alessandro Ghedini brought this change] + + scripts: don't generate and install zsh completion when cross-compiling + +- [Alessandro Ghedini brought this change] + + scripts: fix zsh completion generation + + The script should use the just-built curl, not the system one. This fixes + zsh completion generation when no system curl is installed. + +- [Alessandro Ghedini brought this change] + + zsh.pl: fail if no curl is found + + Instead of generation a broken completion file. + +- [Michael Kaufmann brought this change] + + IDN host names: Remove the port number before converting to ACE + + Closes #596 + +Jay Satiro (10 Jan 2016) +- runtests: Add mbedTLS to the SSL backends + + .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL. + +Daniel Stenberg (10 Jan 2016) +- [Thomas Glanzmann brought this change] + + mbedtls: implement CURLOPT_PINNEDPUBLICKEY + +Jay Satiro (9 Jan 2016) +- [Tatsuhiro Tsujikawa brought this change] + + url: Fix compile error with --enable-werror + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Ensure that http2_handle_stream_close is called + + Previously, when HTTP/2 is enabled and used, and stream has content + length known, Curl_read was not called when there was no bytes left to + read. Because of this, we could not make sure that + http2_handle_stream_close was called for every stream. Since we use + http2_handle_stream_close to emit trailer fields, they were + effectively ignored. This commit changes the code so that Curl_read is + called even if no bytes left to read, to ensure that + http2_handle_stream_close is called for every stream. + + Discussed in https://github.com/bagder/curl/pull/564 + +Daniel Stenberg (8 Jan 2016) +- http2: handle the received SETTINGS frame + + This regression landed in 5778e6f5 and made libcurl not act on received + settings and instead stayed with its internal defaults. + + Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html + Reported-by: Bankde + +- Revert "multiplex: allow only once HTTP/2 is actually used" + + This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36. + + Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html + +Jay Satiro (8 Jan 2016) +- [Tatsuhiro Tsujikawa brought this change] + + http2: Fix PUSH_PROMISE headers being treated as trailers + + Discussed in https://github.com/bagder/curl/pull/564 + +Daniel Stenberg (8 Jan 2016) +- [Michael Kaufmann brought this change] + + connection reuse: IDN host names fixed + + Use the ACE form of IDN hostnames as key in the connection cache. Add + new tests. + + Closes #592 + +- tests: mark IPv6 FTP and FTPS tests with the FTP keyword + +Jay Satiro (7 Jan 2016) +- mbedtls: Fix ALPN support + + - Fix ALPN reply detection. + + - Wrap nghttp2 code in ifdef USE_NGHTTP2. + + + Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS. + +- http2: Fix client write for trailers on stream close + + Check that the trailer buffer exists before attempting a client write + for trailers on stream close. + + Refer to comments in https://github.com/bagder/curl/pull/564 + +Daniel Stenberg (7 Jan 2016) +- COPYING: update general copyright year range + +- ConnectionExists: add missing newline in infof() call + + Mistake from commit a464f33843ee1 + +- multiplex: allow only once HTTP/2 is actually used + + To make sure curl doesn't allow multiplexing before a connection is + upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the + connection uses HTTP/2 as well and not only check what's wanted. + + Closes #584 + + Patch-by: c0ff + +Jay Satiro (4 Jan 2016) +- curl_global_init.3: Add Windows-specific info for init via DLL + + - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows + that initializing libcurl via a DLL's DllMain or static initializer + could cause a deadlock. + + Bug: https://github.com/bagder/curl/issues/586 + Reported-by: marc-groundctl@users.noreply.github.com + +Daniel Stenberg (4 Jan 2016) +- FAQ: clarify who to mail about ECCN clarifications + +- progressfunc.c: spellfix description + +- docs/examples/multi-app.c: fix bad desc formatting + +- examples: added descriptions + +- example/simple.c: add description + +- getredirect.c: a new example + +Marc Hoersken (27 Dec 2015) +- RELEASE-NOTES: add 5e0e81a9c4e35f04ca + +Daniel Stenberg (26 Dec 2015) +- RELEASE-NOTES: synced with 2aec4359db1088b10d + +Marc Hoersken (26 Dec 2015) +- test 1515: add data check + +- test 1515: add MSYS support by passing a relative path + + MSYS would otherwise turn a /-style path into a C:\-style path. + +- test 539: use datacheck mode text for ASCII-mode LISTings + + While still using datacheck mode binary for the inline reply data. + +- runtests.pl: check up to 5 data parts with different text modes + + Move the text-mode conversion for reply/replycheck from the verify + section into the load section and add support for 4 more check parts. + +Daniel Stenberg (24 Dec 2015) +- CURLOPT_RANGE: for HTTP servers, range support is optional + +Marc Hoersken (24 Dec 2015) +- tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings + +- tests 706 and 707: use datacheck mode text for ASCII-mode LISTings + +- tests 400,403,406: use datacheck mode text for ASCII-mode LISTings + +- sockfilt.c: fix calculation of sleep timeout on Windows - When CURL_SOCKET_BAD is returned in the callback, it should be treated - as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently - created when trying to connect to a server. + Not converting to double caused small timeouts to be skipped. + +- tests first.c: fix calculation of sleep timeout on Windows - Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html + Not converting to double caused small timeouts to be skipped. -- fopen.c: fix a few compiler warnings +- test 573: add more debug output + +- ftplistparser.c: fix handling of file LISTings using Windows EOL + + Previously file.txt[CR][LF] would have been returned as file.tx + (without the last t) if filetype is symlink. Now the t is + included and the internal item_length includes the zero byte. + + Spotted using test 576 on Windows. -- [Ville Skyttä brought this change] +- test 16: fix on Linux (and Windows) by using plain ASCII characters + + Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel. - docs: Spelling fixes +- tftpd server: add Windows support by writing files in binary mode -- [Ville Skyttä brought this change] +- tests 252-255: use datacheck mode text for ASCII-mode LISTings - docs: man page indentation and syntax fixes +- test 16: fix on Windows by converting data file from ANSI to UTF-8 + +Daniel Stenberg (23 Dec 2015) +- Makefile.inc: s/curl_SOURCES/CURL_FILES + + This allows the root Makefile.am to include the Makefile.inc without + causing automake to warn on it (variables named *_SOURCES are + magic). curl_SOURCES is then instead assigned properly in + src/Makefile.am only. + + Closes #577 + +- [Anders Bakken brought this change] + + ConnectionExists: with *PIPEWAIT, wait for connections + + Try harder to prevent libcurl from opening up an additional socket when + CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS + handshakes complete first before the decision is made. + + Closes #575 + +- [Anders Bakken brought this change] + + Add .dir-locals and set c-basic-offset to 2. + + This makes it easier for emacs users to automatically get the right + 2-space indentation when they edit curl source files. + + c++-mode is in there as well because Emacs can't easily know if + something is a C or C++ header. + + Closes #574 + +- [Johannes Schindelin brought this change] + + configure: detect IPv6 support on Windows + + This patch was "nicked" from the MINGW-packages project by Daniel. + + https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007 + Signed-off-by: Johannes Schindelin + +- configure: allow static builds on mingw + + This patch is adopted from the MINGW-packages project. It makes it + possible to build curl both shared and static again. + + URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl + +Marc Hoersken (17 Dec 2015) +- test 1326: fix file check since curl is outputting binary data + +- test 1326: fix getting stuck on Windows due to incomplete request + + The request needs to be read and send in binary mode in order to use + CRLF instead of LF. Adding --upload-file - causes curl to read stdin + in binary mode. + +Daniel Stenberg (17 Dec 2015) +- RELEASE-NOTES: command line option recount + +Dan Fandrich (16 Dec 2015) +- scripts/Makefile: build zsh script even in an out-of-tree build + +Marc Hoersken (16 Dec 2015) +- sockfilt.c: added some debug output to select_ws + +- sockfilt.c: keep lines shorter than 80 chars + +- sockfilt.c: do not wait on unreliable file or pipe handle + + The previous implementation caused issues on modern MSYS2 runtimes. + +Daniel Stenberg (16 Dec 2015) +- cyassl: deal with lack of *get_peer_certificate + + The function is only present in wolfssl/cyassl if it was built with + --enable-opensslextra. With these checks added, pinning support is disabled + unless the TLS lib has that function available. + + Also fix the mistake in configure that checks for the wrong lib name. + + Closes #566 + +- wolfssl: handle builds without SSLv3 support + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Support trailer fields + + This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked + encoding must be used to send trialer fields. HTTP/2 deprecated any + trandfer-encoding, including chunked. But trailer fields are now + always available. + + Since trailer fields are relatively rare these days (gRPC uses them + extensively though), allocating buffer for trailer fields is done when + we detect that HEADERS frame containing trailer fields is started. We + use Curl_add_buffer_* functions to buffer all trailers, just like we + do for regular header fields. And then deliver them when stream is + closed. We have to be careful here so that all data are delivered to + upper layer before sending trailers to the application. + + We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE + mechanism, but current method is far more simple. + + Another possibility is use chunked encoding internally for HTTP/2 + traffic. I have not tested it, but it could add another overhead. + + Closes #564 -Linus Nielsen (8 Jun 2015) -- help: Add --proxy-service-name and --service-name to the --help output +- RELEASE-NOTES: synced with 6c2c019654e658a -Jay Satiro (7 Jun 2015) -- openssl: Fix verification of server-sent legacy intermediates +Jay Satiro (15 Dec 2015) +- x509asn1: Fix host altname verification - - Try building a chain using issuers in the trusted store first to avoid - problems with server-sent legacy intermediates. + - In Curl_verifyhost check all altnames in the certificate. - Prior to this change server-sent legacy intermediates with missing - legacy issuers would cause verification to fail even if the client's CA - bundle contained a valid replacement for the intermediate and an - alternate chain could be constructed that would verify successfully. + Prior to this change only the first altname was checked. Only the GSKit + SSL backend was affected by this bug. - https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html + Reported-by: John Kohl -Daniel Stenberg (5 Jun 2015) -- BINDINGS: update several URLs +Daniel Stenberg (15 Dec 2015) +- curl --expect100-timeout: added - Stop linking to the curl.haxx.se anchor pages, they are usually only - themselves pointers to the real page so better point there directly - instead. + This is the new command line option to set the value for the existing + libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS -- BINDINGS: the curl-rust binding +- cyassl: fix compiler warning on type conversion -- curl.h: add CURL_HTTP_VERSION_2 - - The protocol is named "HTTP/2" after all. It is an alias for the - existing CURL_HTTP_VERSION_2_0 enum. +- curlver: the pending release will become 7.47.0 -- openssl: removed error string #ifdef - - ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore +- [Anders Bakken brought this change] -- openssl: removed USERDATA_IN_PWD_CALLBACK kludge + setstropt: const-correctness - Code for OpenSSL 0.9.4 serves no purpose anymore! + Closes #565 -- openssl: remove SSL_get_session()-using code - - It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or - later. +- ROADMAP: implemented HTTP2 for HTTPS-only -- openssl: remove dummy callback use from SSL_CTX_set_verify() - - The existing callback served no purpose. +- HTTP2.md: spell fix and remove TODO now implemented -- LIBCURL-STRUCTS: clarify for multiplexing +- libressl: the latest openssl x509 funcs are not in libressl -Jay Satiro (3 Jun 2015) -- cookie: Stop exporting any-domain cookies +- curl: use 2TLS by default - Prior to this change any-domain cookies (cookies without a domain that - are sent to any domain) were exported with domain name "unknown". + Make this the default for the curl tool (if built with HTTP/2 powers + enabled) unless a specific HTTP version is requested on the command + line. - Bug: https://github.com/bagder/curl/issues/292 + This should allow more users to get HTTP/2 powers without having to + change anything. -Daniel Stenberg (3 Jun 2015) -- RELEASE-PROCEDURE: refreshed 'coming dates' +- http: add libcurl option to allow HTTP/2 for HTTPS only + + ... and stick to 1.1 for HTTP. This is in line with what browsers do and + should have very little risk. -Jay Satiro (2 Jun 2015) -- curl_setup: Change fopen text macros to use 't' for MSDOS +- openssl: adapt to openssl >= 1.1.0 X509 opaque structs - Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 - Reported-by: Gisle Vanem + Closes #491 -Daniel Stenberg (2 Jun 2015) -- curl_multi_timeout.3: added example +- openssl: avoid BIO_reset() warnings since it returns a value -- curl_multi_perform.3: added example +- openssl: adapt to 1.1.0+ name changes -- curl_multi_info_read.3: added example +- scripts/makefile: add standard header -- checksrc: detect fopen() for text without the FOPEN_* macros +- scripts/Makefile: fix GNUism and survive no perl - Follow-up to e8423f9ce150 with discussionis in - https://github.com/bagder/curl/pull/258 + Closes #555 - This check scans for fopen() with a mode string without 'b' present, as - it may indicate that an FOPEN_* define should rather be used. + Reported-by: Thomas Klausner + +- fix b6d5cb40d7038fe -- curl_getdate.3: update RFC reference +- [Tatsuhiro Tsujikawa brought this change] -Jay Satiro (1 Jun 2015) -- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT - - - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" - - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" - - This change is to explicitly specify when we need to read/write text. - Unfortunately 't' is not part of POSIX fopen so we can't specify it - directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. + http2: Fix hanging paused stream - Prior to this change we had an issue on Windows if an application that - uses libcurl overrides the default file mode to binary. The default file - mode in Windows is normally text mode (translation mode) and that's what - libcurl expects. + When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we + might not process DATA frame fully. Calling nghttp2_session_mem_recv() + again will continue to process DATA frame, but if there is no incoming + frames, then we have to call it again with 0-length data. Without this, + on_stream_close callback will not be called, and stream could be hanged. - Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 - Reported-by: Orgad Shaneh + Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html + Reported-by: Francisco Moraes -Daniel Stenberg (1 Jun 2015) -- http2-upload.c: use PIPEWAIT for playing HTTP/2 better +- [Christian Stewart brought this change] -- http2-download: check for CURLPIPE_MULTIPLEX properly + build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS - Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html - Reported-by: Rafayel Mkrtchyan - -- [Isaac Boukris brought this change] - - HTTP-NTLM: fail auth on connection close instead of looping + With curl disable verbose strings in http.c the compilation fails due to + the data variable being undefined later on in the function. - Bug: https://github.com/bagder/curl/issues/256 - -- 5.6 Refuse "downgrade" redirects - -- README.pingpong: removed - -- ROADMAP: remove HTTP/2 multiplexing - its here now - -- HTTP2.md: formatted properly + Closes #558 -- HTTP2: moved docs into docs/ and make it markdown +Jay Satiro (7 Dec 2015) +- [Gisle Vanem brought this change] -- README.http2: refreshed and added multiplexing info + config-win32: Fix warning HAVE_WINSOCK2_H undefined -- dist: add the http2 examples +- [Gisle Vanem brought this change] -- http2 examples: clean up some comments + openssl: BoringSSL doesn't have CONF_modules_free -- examples: added two programs doing multiplexed HTTP/2 +- [Gisle Vanem brought this change] -- scripts: moved contributors.sh and contrithanks.sh into subdir + lwip: Fix compatibility issues with later versions + + The name of the header guard in lwIP's has changed from + '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). + + Other fixes: + + - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is + used. + + - In memdebug.h, the 'socket' should be undefined first due to lwIP's + lwip_socket() macro. + + - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need + special handling because they were undef'ed in memdebug.h. + + - In select.c we can't use preprocessor conditionals inside select if + MSVC and select is a macro, as it is with lwIP. + + http://curl.haxx.se/mail/lib-2015-12/0023.html + http://curl.haxx.se/mail/lib-2015-12/0024.html -- RELEASE-NOTES: synced with c005790ff1c0a +Patrick Monnerat (7 Dec 2015) +- os400: define CURL_VERSION_PSL in ILE/RPG binding -- [Daniel Melani brought this change] +Jay Satiro (7 Dec 2015) +- [Gisle Vanem brought this change] - openssl: typo in comment + version: Add flag CURL_VERSION_PSL for libpsl -Jay Satiro (27 May 2015) -- openssl: Use TLS_client_method for OpenSSL 1.1.0+ +- formdata: Check if length is too large for memory - SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The - equivalent is TLS_client_method. + - If the size of the length type (curl_off_t) is greater than the size + of the size_t type then check before allocating memory to make sure the + value of length will fit in a size_t without overflow. If it doesn't + then return CURLE_BAD_FUNCTION_ARGUMENT. - https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557 + Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 + Reported-by: Steve Holme -Daniel Stenberg (26 May 2015) -- FAQ: How do I port libcurl to my OS? +Steve Holme (3 Dec 2015) +- tests: Corrected copy and pasted comments from commit e643c5c908 -Jay Satiro (25 May 2015) -- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain - - Document that if Set-Cookie is used without a domain then the cookie is - sent for any domain and will not be modified. +Daniel Stenberg (3 Dec 2015) +- curl: remove keepalive #ifdef checks done on libcurl's behalf - Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html - Reported-by: Alexander Dyagilev - -Daniel Stenberg (25 May 2015) -- [Tatsuhiro Tsujikawa brought this change] + They didn't match the ifdef logic used within libcurl anyway so they + could indeed warn for the wrong case - plus the tool cannot know how the + lib actually performs at that level. - http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer - - Previously, after seeing upgrade to HTTP/2, we feed data followed by - upgrade response headers directly to nghttp2_session_mem_recv() in - Curl_http2_switched(). But it turns out that passed buffer, mem, is - part of stream->mem, and callbacks called by - nghttp2_session_mem_recv() will write stream specific data into - stream->mem, overwriting input data. This will corrupt input, and - most likely frame length error is detected by nghttp2 library. The - fix is first copy the passed data to HTTP/2 connection buffer, - httpc->inbuf, and call nghttp2_session_mem_recv(). +Steve Holme (2 Dec 2015) +- test947: Corrected typo in test name -Jay Satiro (24 May 2015) -- CURLOPT_COOKIE.3: Explain that the cookies won't be modified +- tests: Disable the OAUTHBEARER tests when using a non-default port number - The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the - outgoing request(s)." However there seems to be some user confusion - about cookie modification. Document that the cookies set by this option - are not modified by the cookie engine. + Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail + if a custom port number is specified via the -b option of runtests.pl. - Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html - Reported-by: Alexander Dyagilev - -- CURLOPT_COOKIELIST.3: Add example + Suggested by: Kamil Dudka + Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html -Dan Fandrich (24 May 2015) -- testcurl.pl: use rel2abs to make the source directory absolute +Daniel Stenberg (2 Dec 2015) +- bump: towards next release - This function makes a platform-specific absolute path which uses - backslashes on Windows. This form works when passing it on the - command-line, as well as if the source is on another drive. + for all we know now, it might be called 7.46.1 -- conncache: fixed memory leak on OOM (torture tests) +Version 7.46.0 (1 Dec 2015) -Daniel Stenberg (24 May 2015) -- perl: remove subdir, not touched in 9 years +Daniel Stenberg (1 Dec 2015) +- RELEASE-NOTES: updated contributor count for 7.46.0 -- log2changes.pl: moved to scripts/ +- THANKS: new contributors from the 7.46.0 release -- [Alessandro Ghedini brought this change] +- THANKS-filter: single Tim Rühsen spelling - scripts: add zsh.pl for generating zsh completion +- docs/examples: gitignore some more built examples -Dan Fandrich (23 May 2015) -- test1510: another flaky test +- RELEASE-NOTES; this bug was never released -Daniel Stenberg (22 May 2015) -- security: fix "Unchecked return value" from sscanf() - - By (void) prefixing it and adding a comment. Did some minor related - cleanups. - - Coverity CID 1299423. +- RELEASE-NOTES: synced with e55f15454efacb0 -- security: simplify choose_mech - - Coverity CID 1299424 identified dead code because of checks that could - never equal true (if the mechanism's name was NULL). - - Simplified the function by removing a level of pointers and removing the - loop and array that weren't used. +- [Flavio Medeiros brought this change] -- RTSP: catch attempted unsupported requests better - - Replace use of assert with code that properly catches bad input at - run-time even in non-debug builds. + Curl_read_plain: clean up ifdefs that break statements - This flaw was sort of detected by Coverity CID 1299425 which claimed the - "case RTSPREQ_NONE" was dead code. + Closes #546 -- share_init: fix OOM crash - - A failed calloc() would lead to NULL pointer use. - - Coverity CID 1299427. +- http2: convert some verbose output into debug-only output -- parse_proxy: switch off tunneling if non-HTTP proxy - - non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL +- http2 push: add missing inits of new stream - Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html - Reported-by: Sean Boudreau + - set the correct stream_id for pushed streams + - init maxdownload and size properly -- curl: fix potential NULL dereference +- http2 push: set weight for new stream - Coverity CID 1299428: Dereference after null check (FORWARD_NULL) + give the new stream the old one's stream_weight internally to avoid + sending a PRIORITY frame unless asked for it -- http2: on_frame_recv: return early on stream 0 +- curl_setup.h: undef freeaddrinfo in c-ares block to fix build - Coverity CID 1299426 warned about possible NULL dereference otherwise, - but that would only ever happen if we get invalid HTTP/2 data with - frames for stream 0. Avoid this risk by returning early when stream 0 is - used. + Fixes warnings 78c25c854a added. -- http: removed self assignment +- nonblock: fix setting non-blocking mode for Amiga - Follow-up fix from b0143a2a33f0 + IoctlSocket() apparently wants a pointer to a long, passed as a char * + in its third parameter. This bug was introduced already back in commit + c5fdeef41d from October 1 2001! - Detected by coverity. CID 1299429 - -- [Tatsuhiro Tsujikawa brought this change] + Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html + Reported-by: Norbert Kett - http2: Make HTTP Upgrade work +- zsh install: fix DESTDIR support - This commit just add implicitly opened stream 1 to streams hash. + Reported-by: Mohammad AlSaleh -Jay Satiro (22 May 2015) -- strerror: Change SEC_E_ILLEGAL_MESSAGE description - - Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS - and language specific, and invariably translated to something not very - helpful like: "The message received was unexpected or badly formatted." - - Bug: https://github.com/bagder/curl/issues/267 - Reported-by: Michael Osipov +Dan Fandrich (27 Nov 2015) +- lib: Only define curl_dofreeaddrinfo if struct addrinfo is available -- telnet: Fix read-callback change for Windows builds +Steve Holme (27 Nov 2015) +- tool_paramhlp: Fixed display of URL index in password prompt for --next - Refer to b0143a2 for more information on the read-callback change. - -Daniel Stenberg (21 May 2015) -- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy! + Commit f3bae6ed73 added the URL index to the password prompt when using + --next. Unfortunately, because the size_t specifier (%zu) is not + supported by all sprintf() implementations we use the curl_off_t format + specifier instead. The display of an incorrect value arises on platforms + where size_t and curl_off_t are of a different size. -Dan Fandrich (21 May 2015) -- testcurl.pl: allow source to be in an arbitrary directory +Daniel Stenberg (25 Nov 2015) +- timecond: do not add if-modified-since without timecondition - This way, the build directory can be located on an entirely different - filesystem from the source code (e.g. a tmpfs). - -Daniel Stenberg (20 May 2015) -- read_callback: move to SessionHandle from connectdata + The RTSP code path didn't skip adding the if-modified-since for certain + RTSP code paths, even if CURLOPT_TIMECONDITION was set to + CURL_TIMECOND_NONE. - With many easy handles using the same connection for multiplexing, it is - important we store and keep the transfer-oriented stuff in the - SessionHandle so that callbacks and callback data work fine even when - many easy handles share the same physical connection. - -- http2: show stream IDs in decimal + Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals + CURL_TIMECOND_IFMODSINCE. - It makes them easier to match output from the nghttpd test server. + Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header -- [Tatsuhiro Tsujikawa brought this change] +- RELEASE-NOTES: synced with 99d17a5e2ba77e58 - http2: Faster http2 upload +- examples/README: cut out the incomplete list - Previously, when we send all given buffer in data_source_callback, we - return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream - temporarily for writing. This itself is good. If this is the sole - stream in the session, nghttp2_session_want_write() returns zero, - which means that libcurl does not check writeability of the underlying - socket. This leads to very slow upload, because it seems curl only - upload 16k something per 1 second. To fix this, if we still have data - to send, call nghttp2_session_resume_data after nghttp2_session_send. - This makes nghttp2_session_want_write() returns nonzero (if connection - window still opens), and as a result, socket writeability is checked, - and upload speed becomes normal. - -- [Dmitry Eremin-Solenikov brought this change] + ... and add a generic explanation for them instead. Each example file + should contain its own description these days. - gtls: don't fail on non-fatal alerts during handshake - - Stop curl from failing when non-fatal alert is received during - handshake. This e.g. fixes lots of problems when working with https - sites through proxies. +- test1513: make sure the callback is only called once -- curl_easy_unescape.3: update RFC reference - - Reported-by: bsammon - Bug: https://github.com/bagder/curl/issues/282 +- [Daniel Shahaf brought this change] -Jay Satiro (20 May 2015) -- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape - - .. also correct some variable naming in curl_easy_escape.3 + build: Install zsh completion - Bug: https://github.com/bagder/curl/issues/281 - Reported-by: bsammon@users.noreply.github.com - -Daniel Stenberg (19 May 2015) -- [Brian Prodoehl brought this change] + Fixes #534 + Closes #537 - openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg +- done: make sure the final progress update is made - BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl - and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and - OpenSSL. + It would previously be skipped if an existing error was returned, but + would lead to a previous value being left there and later used. + CURLINFO_TOTAL_TIME for example. - re #275 - -Jay Satiro (19 May 2015) -- curl.1: fix missing space in section --data - -Daniel Stenberg (19 May 2015) -- transfer: remove erroneous and misleading comment - -Kamil Dudka (19 May 2015) -- http: silence compile-time warnings without USE_NGHTTP2 + Still it avoids that final progress update if we reached DONE as the + result of a callback abort to avoid another callback to be called after + an abort-by-callback. - Error: CLANG_WARNING: - lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read + Reported-by: Lukas Ruzicka - Error: COMPILER_WARNING: - lib/http.c: scope_hint: In function ‘http_disconnect’ - lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable] + Closes #538 -Jay Satiro (19 May 2015) -- transfer: Replace __func__ instances with function name - - .. also make __func__ replacement in multi. +- curl: expanded the -XHEAD warning text - Prior to this change debug builds would fail to build if the compiler - was building pre-c99 and didn't support __func__. - -Daniel Stenberg (19 May 2015) -- [Viktor Szakats brought this change] - - build: bump version in default nghttp2 paths - -- INTERNALS: we require nghttp2 1.0.0+ now - -Jay Satiro (18 May 2015) -- http: Add some include guards for the new HTTP/2 stuff + ... to also mention the specific options used. -Daniel Stenberg (18 May 2015) -- http2: store upload state per stream +- Revert "cleanup: general removal of TODO (and similar) comments" - Use a curl_off_t for upload left - -- http2: fix build when NOT h2-enabled - -- http2: switch to use Curl_hash_destroy() + This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. - as after 4883f7019d3, the *_clean() function only flushes the hash. + Feedback-by: Dan Fandrich + URL: http://curl.haxx.se/mail/lib-2015-11/0062.html -- curlver: restore LIBCURL_VERSION_NUM defined as a full number +- CURLOPT_HEADERFUNCTION.3: fix typo - As it breaks configure, curl-config and test 1023 if not. - -- [Anthony Avina brought this change] - - hostip: fix unintended destruction of hash table + Refer to _HEADERDATA not _WRITEDATA. - .. and added unit1602 for hash.c - -- curlver: introducing new version number (checking) macros - -- runtests.pl: use 'h2c' now, no -14 anymore + Reported-by: Michał Piechowski -- [Tatsuhiro Tsujikawa brought this change] +- TODO: TCP Fast Open - http2: Ignore if we have stream ID not in hash in on_stream_close - - We could get stream ID not in the hash in on_stream_close. For - example, if we decided to reject stream (e.g., PUSH_PROMISE), then we - don't create stream and store it in hash with its stream ID. +Steve Holme (22 Nov 2015) +- examples: Added website parse-able descriptions to the e-mail examples -- [Tatsuhiro Tsujikawa brought this change] +- TODO: Added another 'multi-interface' idea - Require nghttp2 v1.0.0 - - This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0, - and utilize recent version of nghttp2 to simplify the code, - - First we use nghttp2_option_set_no_recv_client_magic function to - detect nghttp2 v1.0.0. That function only exists since v1.0.0. - - Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and - validates received header field. If it found error, RST_STREAM with - PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize - this feature to simplify libcurl code. This commit does this. +- smb.c: Fixed compilation warnings - Migration from 0.7 series are done based on nghttp2 migration - document. For libcurl, we removed the code sending first 24 bytes - client magic. It is now done by nghttp2 library. - on_invalid_frame_recv callback signature changed, and is updated - accordingly. + smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may + alter its value + smb.c:146:42: warning: conversion to 'unsigned int' from 'long long + unsigned int' may alter its value + smb.c:146:65: warning: conversion to 'unsigned int' from 'long long + unsigned int' may alter its value -- http2: infof length in on_frame_send() +- schannel: Corrected copy/paste error in commit 8d17117683 -- pipeline: switch some code over to functions +- schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available - ... to "compartmentalize" a bit and make it easier to change behavior - when multiplexing is used instead of good old pipelining. - -- symbols-in-versions: add CURLOPT_PIPEWAIT + Regression from commit 7a8e861a5 as highlighted in the msys autobuilds. -- CURLOPT_PIPEWAIT: added +- examples: Fixed compilation warnings - By setting this option to 1 libcurl will wait for a connection to reveal - if it is possible to pipeline/multiplex on before it continues. - -- Curl_http_readwrite_headers: minor code simplification - -- IsPipeliningPossible: fixed for http2 - -- http2: bump the h2 buffer size to 32K for speed + pop3-multi.c:96:5: warning: implicit declaration of function 'memset' + imap-multi.c:96:5: warning: implicit declaration of function 'memset' + http2-download.c:226:5: warning: implicit declaration of function 'memset' + http2-upload.c:290:5: warning: implicit declaration of function 'memset' + http2-upload.c:290:5: warning: implicit declaration of function 'memset' -- http2: remove the stream from the hash in stream_close callback +- Makefile.inc: Fixed test run error - ... and suddenly things work much better! + test845 not present in tests/data/Makefile.inc -- http2: if there is paused data, do not clear the drain field +Daniel Stenberg (20 Nov 2015) +- TODO: remove duplicated title -- http2: rename s/data/pausedata +- TODO: added two more libcurl ideas + + Moved some ideas from "next major" to just ordinary ideas since we can + always add new things while keeping the old without doing a "next + major". -- http2: "stream %x" in all outputs to make it easier to search for +Steve Holme (20 Nov 2015) +- tests: Re-enabled tests 889 and 890 following POP3 fix -- http2: Curl_expire() all handles with incoming traffic - - ... so that they'll get handled next in the multi loop. +- pop3: Differentiate between success and continuation responses -- http2: don't signal settings change for same values +- pop3: Added clarity on some server response codes -- http2: set default concurrency, fix ConnectionExists for multiplex +Daniel Stenberg (20 Nov 2015) +- [Daniel Shahaf brought this change] -- bundles: store no/default/pipeline/multiplex - - to allow code to act differently on the situation. + build: Fix theoretical infinite loops - Also added some more info message for the connection re-use function to - make it clearer when connections are not re-used. - -- http2: lazy init header_recvbuf + Add error-checking to 'cd' in a few cases where omitting the checks + might result in an infinite loop. - It makes us use less memory when not doing HTTP/2 and subsequently also - makes us not have to cleanup HTTP/2 related data when not using HTTP/2! - -- http2: separate multiplex/pipelining + cleanup memory leaks - -- CURLMOPT_PIPELINE: bit 1 is for multiplexing - -- [Tatsuhiro Tsujikawa brought this change] + Closes #535 - http2: Fix bug that data to be drained are overwritten by pending "paused" data +Patrick Monnerat (19 Nov 2015) +- curl.h: s/#defien/#define/ -- [Tatsuhiro Tsujikawa brought this change] +- os400: synchronize ILE/RPG header file - http2: Don't call nghttp2_session_mem_recv while it is paused by a stream +- os400: Provide options for libssh2 use in compile scripts. Adjust README. -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (19 Nov 2015) +- [danielsh@apache.org brought this change] - http2: Read data left in connection buffer after pause + zsh completion: Preserve single quotes in output + + When an option's help string contains literal single quotes, those + single quotes would be stripped from the option's description in the + completion output (unless the zsh RC_QUOTES option were set while the + completion function was being sourced, which is not the default). This + patch makes the completion output contain single quotes where the --help + output does. - Previously when we do pause because of out of buffer, we just throw - away unread data in connection buffer. This just broke protocol - framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this - issue by remembering how much data read, and in the next iteration, we - process remaining data. + Closes #532 -- [Tatsuhiro Tsujikawa brought this change] +Jay Satiro (18 Nov 2015) +- [MaxGiting brought this change] - http2: Fix streams get stuck + FAQ: Grammar changes - This commit fixes the bug that streams get stuck if stream gets some - DATA, and stream->closed becomes true at the same time. Previously, - in this condition, after we processed DATA, we are going to try to - read data from underlying transport, but there is no data, and gets - EAGAIN. There was no code path to evaludate stream->closed. - -- http2: store incoming h2 SETTINGS + Closes https://github.com/bagder/curl/pull/533 -- pipeline: move function to pipeline.c and make static +Daniel Stenberg (17 Nov 2015) +- http2: http_done: don't free already-freed push headers + + The push headers are freed after the push callback has been invoked, + meaning this code should only free the headers if the callback was never + invoked and thus the headers weren't freed at that time. - ... as it was only used from there. + Reported-by: Davey Shafik -- IsPipeliningPossible: http2 can always "pipeline" (multiplex) +- [Anders Bakken brought this change] -- http2: remove debug logging from on_frame_recv + getconnectinfo: Don't call recv(2) if socket == -1 + + Closes #528 -- http2: remove the closed check in http2_recv +- CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header - With the "drained" functionality we can get here slightly asynchronously - so the stream have have been closed but there is pending data left to - read. + ... if there are more than one using the same name -- http2: bump the h2 buffer to 8K +- http2: minor comment typo -- http2: Curl_read should not use the single buffer - - ... as it does for pipelining when we're multiplexing, as we need the - different buffers to store incoming data correctly for all streams. +- sasl; fix checksrc warnings -- http2: more debug outputs +Steve Holme (15 Nov 2015) +- RELEASE-NOTES: Adjusted for the recent OAuth 2.0 activity -- http2: leave WAITPERFORM when conn is multiplexed +- tests: Disabled 889 and 890 until we support POP3 continuation responses - No need to wait for our "spot" like for pipelining - -- http2: force "drainage" of streams + As POP3 final and continuation responses both begin with a + character, + and both the finalcode and contcode variables in SASLprotoc are set as + such, we cannot tell the difference between them when we are expecting + an optional continuation from the server such as the following: + + + something else from the server + +OK final response - ... which is necessary since the socket won't be readable but there is - data waiting in the buffer. + Disabled these tests until such a time we can tell the responses apart. -- http2: move the mem+len pair to the stream struct +- tests: Corrected typos from commit ba4d8f7eba -- http2: more stream-oriented data, stream ID 0 is for connections +- tests: Added OAUTHBEARER failure response tests -- http2: move lots of state data to the 'stream' struct +- oauth2: Support OAUTHBEARER failures sent as continuation responses - ... from the connection struct. The stream one being the 'struct HTTP' - which is kept in the SessionHandle struct (easy handle). + According to RFC7628 a failure message may be sent by the server in a + base64 encoded JSON string as a continuation response. - lookup streams for incoming frames in the stream hash, hashing is based - on the stream id and we get the SessionHandle for the incoming stream - that way. - -- HTTP: partial start at fixing up hash-lookups on http2 frame receival - -- http: a stream hash for h2 multiplexing + Currently only implemented for OAUTHBEARER and not XAUTH2. -- http: a stream hash for h2 multiplexing +Daniel Stenberg (15 Nov 2015) +- RELEASE-NOTES: synced with 808a17ee675 -- http2: debug log when receiving unexpected stream_id +Steve Holme (14 Nov 2015) +- tests: Renamed existing OAuth 2.0 (XOAUTH) tests -- http2: move stream_id to the HTTP struct (per-stream) +- tests: Added OAuth 2.0 (OAUTHBEARER) tests -- Curl_http2_setup: only do it once and enable multiplex on the server +- oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP - Once we know we are HTTP/2 enabled we know the server can multiplex. + OAUTHBEARER is now the official "registered" SASL mechanism name for + OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some + servers won't support the new mechanism yet. -- http: switch on "pipelining" (multiplexing) for HTTP/2 servers - - ... and do not blacklist any. +Daniel Stenberg (13 Nov 2015) +- RELEASE-NOTES: recounted curl_easy_setopt() options -- README.pipelining: removed +- typecheck-gcc.h: add missing slist-using options - All the details mentioned here are better documented in man pages - -Dan Fandrich (14 May 2015) -- build: removed bundles.c from make files + CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing - This file was removed in commit fd137786 - -Daniel Stenberg (14 May 2015) -- Curl_conncache_add_conn: fix memory leak on OOM - -- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number + Also sorted the list. -- conncache: keep bundles on host+port bases, not only host names +- typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA - Previously we counted all connections to a specific host name and that - would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, - while servers on different port numbers are normally considered - different "origins" on the web and should thus be considered different - hosts. + ... and sorted curl_is_cb_data_option alphabetically -- bundles: merged into conncache.c - - All the existing Curl_bundle* functions were only ever used from within - the conncache.c file, so I moved them over and made them static (and - removed the Curl_ prefix). +Jay Satiro (13 Nov 2015) +- [Sebastian Pohlschmidt brought this change] -- hostcache: made all host caches use structs, not pointers + openssl: Free modules on cleanup - This avoids unnecessary dynamic allocs and as this also removed the last - users of *hash_alloc() and *hash_destroy(), those two functions are now - removed. - -- multi: converted socket hash into non-allocated struct + Curl_ossl_init calls OPENSSL_load_builtin_modules() but + Curl_ossl_cleanup doesn't make a call to free these modules. - avoids extra dynamic allocation + Bug: https://github.com/bagder/curl/issues/526 -- connection cache: avoid Curl_hash_alloc() +Steve Holme (13 Nov 2015) +- symbols-in-versions: Added new CURLOPTTYPE_STRINGPOINT alias - ... by using plain structs instead of pointers for the connection cache, - we can avoid several dynamic allocations that weren't necessary. - -- proxy: add newline to info message - -Patrick Monnerat (8 May 2015) -- FTP: fix dangling conn->ip_addr dereference on verbose EPSV. - -- FTP: Make EPSV use the control IP address rather than the original host. - This ensures an alternate address is not used. - Does not apply to proxy tunnel. - -Daniel Stenberg (8 May 2015) -- [Alessandro Ghedini brought this change] - - tool_help: fix formatting for --next option - -- [Egon Eckert brought this change] + ...following commit aba281e762 to fix test 1119. - opts: improved the TCP keepalive examples +Daniel Stenberg (13 Nov 2015) +- curl: mark two more options strings for --libcurl output -Jay Satiro (8 May 2015) -- winbuild: Document the option used to statically link the CRT - - - Document option RTLIBCFG (runtime library configuration). +- typecheck-gcc.h: add some missing string types - Bug: https://github.com/bagder/curl/issues/254 - Reported-by: Bert Huijben - -- [Orgad Shaneh brought this change] + Also sorted that list alphabetically - netrc: Read in text mode when cygwin +- curl.h: introducing the STRINGPOINT alias - Use text mode when cygwin to eliminate trailing carriage returns. + As an alias for OBJECTPOINT. Provided to allow us to grep for all string + options easier. + +- cleanup: general removal of TODO (and similar) comments - Bug: https://github.com/bagder/curl/pull/258 + They tend to never get updated anyway so they're frequently inaccurate + and we never go back to revisit them anyway. We document issues to work + on properly in KNOWN_BUGS and TODO instead. -Patrick Monnerat (5 May 2015) -- OS400: Add SPNEGO service name options to ILE/RPG binding. +- ftplistparser: remove empty function -Daniel Stenberg (4 May 2015) -- curl_multi_info_read.3: fix typo - - Reported-by: Liviu Chircu +- openssl: remove #if check for 0.9.7 for ENGINE_load_private_key -- MANUAL: language fix +- openssl: all supported versions have X509_STORE_set_flags - Reported-by: Fred Stluka - Bug: https://github.com/bagder/curl/issues/255 + Simplify by removing #ifdefs and macros -- [Alessandro Ghedini brought this change] +- openssl: remove 0.9.3 check - gtls: properly retrieve certificate status +- openssl: remove #ifdefs for < 0.9.5 support - Also print the revocation reason if appropriate. + We only support >= 0.9.7 -- OpenSSL: conditional check for SSL3_RT_HEADER - - The symbol is fairly new. - - Reported-by: Kamil Dudka +- lib/vtls/openssl: remove unused traces of yassl ifdefs -- openssl: skip trace outputs for ssl_ver == 0 - - The OpenSSL trace callback is wonderfully undocumented but given a - journey in the source code, it seems the cases were ssl_ver is zero - doesn't follow the same pattern and thus turned out confusing and - misleading. For now, we skip doing any CURLINFO_TEXT logging on those - but keep sending them as CURLINFO_SSL_DATA_OUT/IN. - - Also, I added direction to the text info and I edited some functions - slightly. +Dan Fandrich (12 Nov 2015) +- [dfandrich brought this change] + + unit1603: Demote hash mismatch failure to a warning - Bug: https://github.com/bagder/curl/issues/219 - Reported-by: Jay Satiro, Ashish Shukla + The hashes can vary between architectures (e.g. Sparc differs from x86_64). + This is not a fatal problem but just reduces the coverage of these white-box + tests, as the assumptions about into which hash bucket each key falls are no + longer valid. -Marc Hoersken (2 May 2015) -- schannel.c: Small changes +- [dfandrich brought this change] -- schannel.c: Improve code path and readability + unit1603: Added unit tests for hash functions -- schannel.c: Improve error and return code handling upon aa99a63f03 +- [dfandrich brought this change] -- [Chris Araman brought this change] + unit1602: Fixed failure in torture test - schannel: fix regression in schannel_recv - - https://github.com/bagder/curl/issues/244 +Steve Holme (12 Nov 2015) +- sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism - Commit 145c263 changed the behavior when Curl_read_plain returns - CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED - correctly. - -- Bug born in changes made several days ago 9a91e80. + Following the fix in commit d6d58dd558 it is necessary to re-introduce + XOAUTH2 in the default enabled authentication mechanism, which was + removed in commit 7b2012f262, otherwise users will have to specify + AUTH=XOAUTH2 in the URL. - Commit: https://github.com/bagder/curl/commit/926cb9f - Reported-by: Ray Satiro - -Daniel Stenberg (30 Apr 2015) -- [Michael Osipov brought this change] + Note: OAuth 2.0 will only be used when the bearer is specified. - configure: remove missing and make it autogenerate - - The missing file has not been autogenerated because a temporary fix was - employed in acinclude.m4 which blocked update. Removed that fix and a recent - version of missing is copied to build root. +- [Stefan Bühler brought this change] -- [Michael Osipov brought this change] + sasl_sspi: fix identity memory leak in digest authentication - acinclude.m4: fix test for default CA cert bundle/path - - test(1) on HP-UX requires a single equals sign and fails with two. - Let's use one and make every OS happy. +- [Stefan Bühler brought this change] -- CONTRIBUTING.md: remove the sourceforge mention + sasl_sspi: fixed unicode build for digest authentication - Reported-By: Michael Osipov + Closes #525 -Dan Fandrich (30 Apr 2015) -- http_negotiate_sspi: added missing data variable +- oauth2: Re-factored OAuth 2.0 state variable -Daniel Stenberg (30 Apr 2015) -- [Michael Osipov brought this change] +- sasl: Don't choose OAuth 2.0 if mechanism not advertised + + Regression from commit 9e8ced9890 which meant if --oauth2-bearer was + specified but the SASL mechanism wasn't supported by the server then + the mechanism would be chosen. - configure: remove --automake from libtoolize call +Daniel Stenberg (12 Nov 2015) +- runtests: more compact "System characteristics" output - That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4. - Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility". + - no point in repeating curl features that is already listed as features + from the curl -V output - This option is redundant now. + - remove the port numbers/unix domain path from the output unless + verbose is used, as that is rarely interesting to users. -- [Viktor Szakats brought this change] +- runtests: rename conditional curl-features to $has_[name] - build: update depedency versions, urls, example makefiles +Steve Holme (11 Nov 2015) +- oauth2: Introduced support for host and port details - - update default versions of dependencies (except for rare/old platforms) - - update urls - - sync examples makefiles with main ones - - remove line ending space + Added support to the OAuth 2.0 message function for host and port, in + order to accommodate the official OAUTHBEARER SASL mechanism which is + to be added shortly. -- [Michael Osipov brought this change] +- curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined - configure: remove autogenerated files by autoconf +- cmake: Add missing feature macros in config header (Part 2) - * install-sh is always regenerated - * mkinstalldirs was already redudant years ago. Automake uses install for - that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html - -- [Anders Bakken brought this change] + In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols. - curl_multi_add_handle: next is already NULL +Daniel Stenberg (10 Nov 2015) +- [Douglas Creager brought this change] -Jay Satiro (30 Apr 2015) -- schannel: Fix out of bounds array - - Bug born in changes made several days ago 9a91e80. + cmake: Add missing feature macros in config header - Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html - Reported-by: Brian Chrisman - -- docs/libcurl: gitignore libcurl-symbols.3 + The curl_config.h file can be generated either from curl_config.h.cmake + or curl_config.h.in, depending on whether you're building using CMake or + the autotools. The CMake template header doesn't include entries for + all of the protocols that you can disable, which (I think) means that + you can't actually disable those protocols when building via CMake. - Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html - Reported-by: Michael Osipov + Closes #523 -- [Viktor Szakats brought this change] +- [Douglas Creager brought this change] - lib/makefile.m32: add arch -m32/-m64 to LDFLAGS + BoringSSL: Work with stricter BIO_get_mem_data() + + BoringSSL implements `BIO_get_mem_data` as a function, instead of a + macro, and expects the output pointer to be a `char **`. We have to add + an explicit cast to grab the pointer as a `const char **`. - This fixes using a multi-target mingw distro to build curl .dll for the - non-default target. - (mirroring the same patch present in src/makefile.m32) + Closes #524 -Daniel Stenberg (29 Apr 2015) -- RELEASE-NOTES: synced with cd39b944afc +- http2: rectify the http2 version #if check - I've not mentioned the bug fixes that were shipped in 7.42.1 from the - 7_42 branch. + We need 1.0.0 or later. Also verified by configure. -- THANKS: merged from the 7.42.1 release +Steve Holme (9 Nov 2015) +- oauth2: Don't use XAUTH2 in OAuth 2.0 function name -- CURLOPT_HEADEROPT: default to separate - - Make the HTTP headers separated by default for improved security and - reduced risk for information leakage. +- oauth2: Don't use XOAUTH2 in OAuth 2.0 variables + +- oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments - Bug: http://curl.haxx.se/docs/adv_20150429.html - Reported-by: Yehezkel Horowitz, Oren Souroujon + When referring to OAuth 2.0 we should use the official name rather the + SASL mechanism name. diff --git a/CMakeLists.txt b/CMakeLists.txt index 06f18cf..7113c7e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -42,6 +42,7 @@ cmake_minimum_required(VERSION 2.8 FATAL_ERROR) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") include(Utilities) include(Macros) +include(CMakeDependentOption) project( CURL C ) @@ -72,11 +73,16 @@ include_directories(${PROJECT_BINARY_DIR}/include/curl) include_directories( ${CURL_SOURCE_DIR}/include ) option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON) -option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON) option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) -option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF) - +if(WIN32) + CMAKE_DEPENDENT_OPTION(ENABLE_THREADED_RESOLVER + "Set to ON to enable threaded DNS lookup" + ON "NOT ENABLE_ARES" + OFF) +else() + option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF) +endif() option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) @@ -108,12 +114,6 @@ if(ENABLE_ARES) set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY}) endif() -option(BUILD_DASHBOARD_REPORTS "Set to ON to activate reporting of cURL builds here http://www.cdash.org/CDashPublic/index.php?project=CURL" OFF) -if(BUILD_DASHBOARD_REPORTS) - #INCLUDE(Dart) - include(CTest) -endif(BUILD_DASHBOARD_REPORTS) - if(MSVC) option(BUILD_RELEASE_DEBUG_DIRS "Set OFF to build each configuration to a separate directory" OFF) mark_as_advanced(BUILD_RELEASE_DEBUG_DIRS) @@ -257,13 +257,17 @@ if(WIN32) endif(WIN32) if(ENABLE_THREADED_RESOLVER) - check_include_file_concat("pthread.h" HAVE_PTHREAD_H) - if(HAVE_PTHREAD_H) - set(CMAKE_THREAD_PREFER_PTHREAD 1) - find_package(Threads) - if(CMAKE_USE_PTHREADS_INIT) - set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) - set(USE_THREADS_POSIX 1) + if(WIN32) + set(USE_THREADS_WIN32 ON) + else() + check_include_file_concat("pthread.h" HAVE_PTHREAD_H) + if(HAVE_PTHREAD_H) + set(CMAKE_THREAD_PREFER_PTHREAD 1) + find_package(Threads) + if(CMAKE_USE_PTHREADS_INIT) + set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) + set(USE_THREADS_POSIX 1) + endif() endif() endif() endif() @@ -330,11 +334,10 @@ if(CMAKE_USE_OPENSSL) endif() if(NOT CURL_DISABLE_LDAP) - if(WIN32) option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) if(USE_WIN32_LDAP) - check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32) + check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32) if(NOT HAVE_WLDAP32) set(USE_WIN32_LDAP OFF) endif() @@ -349,78 +352,78 @@ if(NOT CURL_DISABLE_LDAP) if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") endif() - + # Now that we know, we're not using windows LDAP... - if(NOT USE_WIN32_LDAP) + if(USE_WIN32_LDAP) + check_include_file_concat("winldap.h" HAVE_WINLDAP_H) + check_include_file_concat("winber.h" HAVE_WINBER_H) + else() # Check for LDAP set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) - else() - check_include_file_concat("winldap.h" HAVE_WINLDAP_H) - check_include_file_concat("winber.h" HAVE_WINBER_H) - endif() - - set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) - set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") - if(CMAKE_LDAP_INCLUDE_DIR) - list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR}) - endif() - check_include_file_concat("ldap.h" HAVE_LDAP_H) - check_include_file_concat("lber.h" HAVE_LBER_H) - - if(NOT HAVE_LDAP_H) - message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON") - set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used - elseif(NOT HAVE_LIBLDAP) - message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON") - set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used - else() - if(CMAKE_USE_OPENLDAP) - set(USE_OPENLDAP ON) - endif() + + set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) + set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") if(CMAKE_LDAP_INCLUDE_DIR) - include_directories(${CMAKE_LDAP_INCLUDE_DIR}) - endif() - set(NEED_LBER_H ON) - set(_HEADER_LIST) - if(HAVE_WINDOWS_H) - list(APPEND _HEADER_LIST "windows.h") - endif() - if(HAVE_SYS_TYPES_H) - list(APPEND _HEADER_LIST "sys/types.h") + list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR}) endif() - list(APPEND _HEADER_LIST "ldap.h") + check_include_file_concat("ldap.h" HAVE_LDAP_H) + check_include_file_concat("lber.h" HAVE_LBER_H) + + if(NOT HAVE_LDAP_H) + message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON") + set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) + set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used + elseif(NOT HAVE_LIBLDAP) + message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON") + set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) + set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used + else() + if(CMAKE_USE_OPENLDAP) + set(USE_OPENLDAP ON) + endif() + if(CMAKE_LDAP_INCLUDE_DIR) + include_directories(${CMAKE_LDAP_INCLUDE_DIR}) + endif() + set(NEED_LBER_H ON) + set(_HEADER_LIST) + if(HAVE_WINDOWS_H) + list(APPEND _HEADER_LIST "windows.h") + endif() + if(HAVE_SYS_TYPES_H) + list(APPEND _HEADER_LIST "sys/types.h") + endif() + list(APPEND _HEADER_LIST "ldap.h") - set(_SRC_STRING "") - foreach(_HEADER ${_HEADER_LIST}) - set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n") - endforeach() + set(_SRC_STRING "") + foreach(_HEADER ${_HEADER_LIST}) + set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n") + endforeach() - set(_SRC_STRING - " - ${_INCLUDE_STRING} - int main(int argc, char ** argv) - { - BerValue *bvp = NULL; - BerElement *bep = ber_init(bvp); - ber_free(bep, 1); - return 0; - }" - ) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) - if(HAVE_LIBLBER) - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) - endif() - check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H) + set(_SRC_STRING + " + ${_INCLUDE_STRING} + int main(int argc, char ** argv) + { + BerValue *bvp = NULL; + BerElement *bep = ber_init(bvp); + ber_free(bep, 1); + return 0; + }" + ) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) + if(HAVE_LIBLBER) + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) + endif() + check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H) - if(NOT_NEED_LBER_H) - set(NEED_LBER_H OFF) - else() - set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H") + if(NOT_NEED_LBER_H) + set(NEED_LBER_H OFF) + else() + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H") + endif() endif() endif() @@ -578,6 +581,7 @@ if(NOT UNIX) if(HAVE_SCHANNEL_H) set(USE_SCHANNEL ON) set(SSL_ENABLED ON) + set(CURL_LIBS ${CURL_LIBS} "crypt32") endif() endif() endif() @@ -673,6 +677,7 @@ if(NOT HAVE_SIZEOF_SSIZE_T) set(ssize_t __int64) endif(NOT ssize_t AND SIZEOF___INT64 EQUAL SIZEOF_SIZE_T) endif(NOT HAVE_SIZEOF_SSIZE_T) +# off_t is sized later, after the HAVE_FILE_OFFSET_BITS test # Different sizeofs, etc. @@ -871,9 +876,14 @@ foreach(CURL_TEST ) curl_internal_test(${CURL_TEST}) endforeach(CURL_TEST) + if(HAVE_FILE_OFFSET_BITS) set(_FILE_OFFSET_BITS 64) + set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64") endif(HAVE_FILE_OFFSET_BITS) +check_type_size("off_t" SIZEOF_OFF_T) +set(CMAKE_REQUIRED_FLAGS) + foreach(CURL_TEST HAVE_GLIBC_STRERROR_R HAVE_POSIX_STRERROR_R @@ -935,16 +945,6 @@ if(NOT CURL_SPECIAL_LIBZ) endif(NOT HAVE_ZLIB_H) endif(NOT CURL_SPECIAL_LIBZ) -if(_FILE_OFFSET_BITS) - set(_FILE_OFFSET_BITS 64) -endif(_FILE_OFFSET_BITS) -set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64") -set(CMAKE_EXTRA_INCLUDE_FILES "${CMAKE_CURRENT_SOURCE_DIR}/curl/curl.h") -check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) -set(CMAKE_EXTRA_INCLUDE_FILES) -set(CMAKE_REQUIRED_FLAGS) - - # Check for nonblocking set(HAVE_DISABLED_NONBLOCKING 1) if(HAVE_FIONBIO OR @@ -1017,6 +1017,11 @@ if(WIN32) add_definitions(-D_WIN32_WINNT=0x0501) endif(WIN32) +# For windows, all compilers used by cmake should support large files +if(WIN32) + set(USE_WIN32_LARGE_FILES ON) +endif(WIN32) + if(MSVC) add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) endif(MSVC) @@ -1041,7 +1046,9 @@ add_subdirectory(lib) if(BUILD_CURL_EXE) add_subdirectory(src) endif() -if(BUILD_CURL_TESTS) + +include(CTest) +if(BUILD_TESTING) add_subdirectory(tests) endif() @@ -1066,8 +1073,10 @@ _add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) _add_if("IPv6" ENABLE_IPV6) _add_if("unix-sockets" USE_UNIX_SOCKETS) _add_if("libz" HAVE_LIBZ) -_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) +_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) _add_if("IDN" HAVE_LIBIDN) +_add_if("Largefile" (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND + ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) # TODO SSP1 (WinSSL) check is missing _add_if("SSPI" USE_WINDOWS_SSPI) _add_if("GSS-API" HAVE_GSSAPI) diff --git a/Makefile.am b/Makefile.am index 61cc5ec..2986acf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -149,8 +149,8 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ bin_SCRIPTS = curl-config -SUBDIRS = lib src include scripts -DIST_SUBDIRS = $(SUBDIRS) tests packages docs +SUBDIRS = lib src include +DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc @@ -282,6 +282,9 @@ ca-firefox: lib/firefox-db2pem.sh checksrc: cd lib && $(MAKE) checksrc cd src && $(MAKE) checksrc + cd tests && $(MAKE) checksrc + cd include/curl && $(MAKE) checksrc + cd docs/examples && $(MAKE) checksrc .PHONY: vc-ide @@ -294,6 +297,8 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ + win32_lib_vauth_srcs='$(LIB_VAUTH_CFILES)'; \ + win32_lib_vauth_hdrs='$(LIB_VAUTH_HFILES)'; \ win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \ win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \ win32_src_srcs='$(CURL_CFILES)'; \ @@ -304,6 +309,8 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ \ sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \ sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vauth_srcs=`for file in $$win32_lib_vauth_srcs; do echo $$file; done | sort`; \ + sorted_lib_vauth_hdrs=`for file in $$win32_lib_vauth_hdrs; do echo $$file; done | sort`; \ sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \ sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \ sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \ @@ -314,10 +321,11 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ awk_code='\ function gen_element(type, dir, file)\ {\ + sub(/vauth\//, "", file);\ sub(/vtls\//, "", file);\ \ spaces=" ";\ - if(dir == "lib\\vtls")\ + if(dir == "lib\\vauth" || dir == "lib\\vtls")\ tabs=" ";\ else\ tabs=" ";\ @@ -371,6 +379,14 @@ function gen_element(type, dir, file)\ split(lib_rc, arr);\ for(val in arr) gen_element(proj_type, "lib", arr[val]);\ }\ + else if($$0 == "CURL_LIB_VAUTH_C_FILES") {\ + split(lib_vauth_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VAUTH_H_FILES") {\ + split(lib_vauth_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ else if($$0 == "CURL_LIB_VTLS_C_FILES") {\ split(lib_vtls_srcs, arr);\ for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ @@ -414,6 +430,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \ @@ -432,6 +450,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \ @@ -450,6 +470,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \ @@ -468,6 +490,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \ @@ -486,6 +510,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \ @@ -504,6 +530,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ @@ -522,6 +550,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ @@ -540,6 +570,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ @@ -558,6 +590,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ diff --git a/Makefile.in b/Makefile.in index 509d0db..f86dfc4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -43,7 +43,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -610,10 +610,16 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) bin_SCRIPTS = curl-config -SUBDIRS = lib src include scripts -DIST_SUBDIRS = $(SUBDIRS) tests packages docs +SUBDIRS = lib src include +DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc +LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \ + vauth/digest.c vauth/digest_sspi.c vauth/krb5_gssapi.c \ + vauth/krb5_sspi.c vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c \ + vauth/spnego_gssapi.c vauth/spnego_sspi.c + +LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \ vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c \ @@ -637,12 +643,10 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c \ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c \ openldap.c curl_gethostname.c gopher.c idn_win32.c \ - http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ - asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ - curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ - http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ - curl_des.c + http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ + http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c \ + curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ + x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -657,15 +661,15 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h \ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ - curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ - conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ - dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ - curl_printf.h + http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ + curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \ + curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \ + x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ + curl_printf.h system_win32.h LIB_RCFILES = libcurl.rc -CSOURCES = $(LIB_CFILES) $(LIB_VTLS_CFILES) -HHEADERS = $(LIB_HFILES) $(LIB_VTLS_HFILES) +CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) +HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES) # libcurl has sources that provide functions named curlx_* that aren't part of # the official API, but we re-use the code here to avoid duplication. @@ -1429,6 +1433,9 @@ ca-firefox: lib/firefox-db2pem.sh checksrc: cd lib && $(MAKE) checksrc cd src && $(MAKE) checksrc + cd tests && $(MAKE) checksrc + cd include/curl && $(MAKE) checksrc + cd docs/examples && $(MAKE) checksrc .PHONY: vc-ide @@ -1441,6 +1448,8 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ + win32_lib_vauth_srcs='$(LIB_VAUTH_CFILES)'; \ + win32_lib_vauth_hdrs='$(LIB_VAUTH_HFILES)'; \ win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \ win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \ win32_src_srcs='$(CURL_CFILES)'; \ @@ -1451,6 +1460,8 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ \ sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \ sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vauth_srcs=`for file in $$win32_lib_vauth_srcs; do echo $$file; done | sort`; \ + sorted_lib_vauth_hdrs=`for file in $$win32_lib_vauth_hdrs; do echo $$file; done | sort`; \ sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \ sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \ sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \ @@ -1461,10 +1472,11 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ awk_code='\ function gen_element(type, dir, file)\ {\ + sub(/vauth\//, "", file);\ sub(/vtls\//, "", file);\ \ spaces=" ";\ - if(dir == "lib\\vtls")\ + if(dir == "lib\\vauth" || dir == "lib\\vtls")\ tabs=" ";\ else\ tabs=" ";\ @@ -1518,6 +1530,14 @@ function gen_element(type, dir, file)\ split(lib_rc, arr);\ for(val in arr) gen_element(proj_type, "lib", arr[val]);\ }\ + else if($$0 == "CURL_LIB_VAUTH_C_FILES") {\ + split(lib_vauth_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VAUTH_H_FILES") {\ + split(lib_vauth_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ else if($$0 == "CURL_LIB_VTLS_C_FILES") {\ split(lib_vtls_srcs, arr);\ for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ @@ -1561,6 +1581,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \ @@ -1579,6 +1601,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \ @@ -1597,6 +1621,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \ @@ -1615,6 +1641,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \ @@ -1633,6 +1661,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \ @@ -1651,6 +1681,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ @@ -1669,6 +1701,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ @@ -1687,6 +1721,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ @@ -1705,6 +1741,8 @@ function gen_element(type, dir, file)\ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 54029db..2973b75 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,95 +1,61 @@ -Curl and libcurl 7.48.0 +Curl and libcurl 7.50.2 - Public curl releases: 153 - Command line options: 179 - curl_easy_setopt() options: 221 + Public curl releases: 158 + Command line options: 185 + curl_easy_setopt() options: 224 Public functions in libcurl: 61 - Contributors: 1364 - -This release includes the following changes: - - o configure: --with-ca-fallback: use built-in TLS CA fallback [2] - o TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS [22] - o getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION [25] - o added CODE_STYLE.md [47] + Contributors: 1441 This release includes the following bugfixes: - o Proxy-Connection: stop sending this header by default [1] - o os400: sync ILE/RPG definitions with latest public header files - o cookies: allow spaces in cookie names, cut of trailing spaces [3] - o tool_urlglob: Allow reserved dos device names (Windows) [4] - o openssl: remove most BoringSSL #ifdefs [5] - o tool_doswin: Support for literal path prefix \\?\ - o mbedtls: fix ALPN usage segfault [6] - o mbedtls: fix memory leak when destroying SSL connection data [7] - o nss: do not count enabled cipher-suites - o examples/cookie_interface.c: add cleanup call - o examples: adhere to curl code style - o curlx_tvdiff: handle 32bit time_t overflows [8] - o dist: ship buildconf.bat too - o curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts [9] - o generate.bat: Fix comment bug by removing old comments [10] - o test1604: Add to Makefile.inc so it gets run - o gtls: fix for builds lacking encrypted key file support [11] - o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12] - o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13] - o cookie: do not refuse cookies to localhost [14] - o openssl: avoid direct PKEY access with OpenSSL 1.1.0 [15] - o http: Don't break the header into chunks if HTTP/2 [16] - o http2: don't decompress gzip decoding automatically [17] - o curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function - o curl.1: add a missing dash - o curl.1: HTTP headers for --cookie must be Set-Cookie style [18] - o CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style [18] - o curl_sasl: Fix memory leak in digest parser [19] - o src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support [20] - o CURLOPT_DEBUGFUNCTION.3: Fix example - o runtests: Fixed usage of %PWD on MinGW64 [21] - o tests/sshserver.pl: use RSA instead of DSA for host auth [23] - o multi_remove_handle: keep the timeout list until after disconnect [24] - o Curl_read: check for activated HTTP/1 pipelining, not only requested - o configure: warn on invalid ca bundle or path [26] - o file: try reading from files with no size [27] - o getinfo: Add support for mbedTLS TLS session info - o formpost: fix memory leaks in AddFormData error branches [28] - o makefile.m32: allow to pass .dll/.exe-specific LDFLAGS [29] - o url: if Curl_done is premature then pipeline not in use [30] - o cookie: remove redundant check [31] - o cookie: Don't expire session cookies in remove_expired [32] - o makefile.m32: fix to allow -ssh2-winssl combination [33] - o checksrc.bat: Fixed cannot find perl if installed but not in path - o build-openssl.bat: Fixed cannot find perl if installed but not in path - o mbedtls: fix user-specified SSL protocol version - o makefile.m32: add missing libs for static -winssl-ssh2 builds [34] - o test46: change cookie expiry date [35] - o pipeline: Sanity check pipeline pointer before accessing it [36] - o openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages - o ftp_done: clear tunnel_state when secondary socket closes [37] - o opt-docs: fix heading macros [38] - o imap/pop3/smtp: Fixed connections upgraded with TLS are not reused [39] - o curl_multi_wait: never return -1 in 'numfds' [40] - o url.c: fix clang warning: no newline at end of file - o krb5: improved type handling to avoid clang compiler warnings - o cookies: first n/v pair in Set-Cookie: is the cookie, then parameters [41] - o multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT [42] - o multi hash: ensure modulo performed on curl_socket_t [43] - o curl: glob_range: no need to check unsigned variable for negative - o easy: add check to malloc() when running event-based - o CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support [44] - o version: thread safety - o openssl: verbose: show matching SAN pattern - o openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state() - o formdata.c: Fixed compilation warning - o configure: use cpp -P when needed [45] - o imap.c: Fixed compilation warning with /Wall enabled - o config-w32.h: Fixed compilation warning when /Wall enabled - o ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled - o build: Added missing Visual Studio filter files for VC10 onwards - o easy: Remove poll failure check in easy_transfer - o mbedtls: fix compiler warning - o build-wolfssl: Update VS properties for wolfSSL v3.9.0 - o Fixed various compilation warnings when verbose strings disabled + o mbedtls: Added support for NTLM + o SSH: fixed SFTP/SCP transfer problems [1] + o multi: make Curl_expire() work with 0 ms timeouts + o mk-ca-bundle.pl: -m keeps ca cert meta data in output [2] + o TFTP: Fix upload problem with piped input [3] + o CURLOPT_TCP_NODELAY: now enabled by default [4] + o mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined [5] + o http2: always wait for readable socket + o cmake: Enable win32 large file support by default + o cmake: Enable win32 threaded resolver by default + o winbuild: Avoid setting redundant CFLAGS to compile commands [6] + o curl.h: make CURL_NO_OLDIES define CURL_STRICTER + o docs: make more markdown files use .md extension + o docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown + o winbuild: Allow changing C compiler via environment variable CC [7] + o rtsp: accept any RTSP session id [8] + o HTTP: retry failed HEAD requests on reused connections too + o configure: add zlib search with pkg-config [9] + o openssl: accept subjectAltName iPAddress if no dNSName match [10] + o MANUAL: Remove invalid link to LDAP documentation [11] + o socks: improved connection procedure [12] + o proxy: reject attempts to use unsupported proxy schemes + o proxy: bring back use of "Proxy-Connection:" [13] + o curl: allow "pkcs11:" prefix for client certificates [14] + o spnego_sspi: fix memory leak in case *outlen is zero [15] + o SOCKS: improve verbose output of SOCKS5 connection sequence + o SOCKS: display the hostname returned by the SOCKS5 proxy server + o http/sasl: Query authentication mechanism supported by SSPI before using + o sasl: Don't use GSSAPI authentication when domain name not specified [16] + o win: Basic support for Universal Windows Platform apps [17] + o nss: fix incorrect use of a previously loaded certificate from file + o nss: work around race condition in PK11_FindSlotByName() [18] + o ftp: fix wrong poll on the secondary socket [19] + o openssl: build warning-free with 1.1.0 (again) + o HTTP: stop parsing headers when switching to unknown protocols [20] + o test219: Add http as a required feature + o TLS: random file/egd doesn't have to match for conn reuse + o schannel: Disable ALPN for Wine since it is causing problems [21] + o http2: make sure stream errors don't needlessly close the connection [22] + o http2: return CURLE_HTTP2_STREAM for unexpected stream close [23] + o darwinssl: --cainfo is intended for backward compatibility only + o speed caps: not based on average speeds anymore [24] + o configure: make the cpp -P detection not clobber CPPFLAGS [25] + o http2: use named define instead of magic constant in read callback + o http2: skip the content-length parsing, detect unknown size + o http2: return EOF when done uploading without known size [26] + o darwinssl: test for errSecSuccess in PKCS12 import rather than noErr [27] + o openssl: fix CURLINFO_SSL_VERIFYRESULT [28] This release includes the following known bugs: @@ -98,62 +64,45 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Anders Bakken, Brad Fitzpatrick, Clint Clayton, Dan Fandrich, - Daniel Stenberg, David Benjamin, David Byron, Emil Lerner, Eric S. Raymond, - Gisle Vanem, Jaime Fullaondo, Jeffrey Walton, Jesse Tan, Justin Ehlert, - Kamil Dudka, Kazuho Oku, Ludwig Nussel, Maksim Kuzevanov, Michael König, - Oliver Graute, Patrick Monnerat, Rafael Antonio, Ray Satiro, Seth Mos, - Shine Fan, Steve Holme, Tatsuhiro Tsujikawa, Timotej Lazar, Tim Rühsen, - Viktor Szakáts, - (30 contributors) + Ales Novak, Bill Nagel, Christian Fillion, Craig Davison, Dambaev Alexander, + Dan Donahue, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, + David Kalnischkies, David Woodhouse, Erik Janssen, Gaurav Malhotra, + János Fekete, Kamil Dudka, Marcel Raad, Marc Hörsken, Marco Deckel, + Mark Hamilton, Mark Nottingham, Michael Kaufmann, Miroslav Franc, + Nick Zitzmann, Olivier Brunel, Peter Wang, Ray Satiro, Ronnie Mose, + Sergei Nikulov, Serj Kalichev, Simon Warta, Steve Holme, Tatsuhiro Tsujikawa, + Thomas Glanzmann, Tim Rühsen, wmsch on github, + (35 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=633 - [2] = https://curl.haxx.se/bug/?i=569 - [3] = https://curl.haxx.se/bug/?i=639 - [4] = https://github.com/curl/curl/commit/4520534#commitcomment-15954863 - [5] = https://curl.haxx.se/bug/?i=640 - [6] = https://curl.haxx.se/bug/?i=642 - [7] = https://curl.haxx.se/bug/?i=626 - [8] = https://curl.haxx.se/bug/?i=646 - [9] = https://bugzilla.redhat.com/1305970 - [10] = https://curl.haxx.se/bug/?i=649 - [11] = https://curl.haxx.se/bug/?i=651 - [12] = https://curl.haxx.se/bug/?i=451 - [13] = https://curl.haxx.se/bug/?i=653 - [14] = https://curl.haxx.se/bug/?i=658 - [15] = https://curl.haxx.se/bug/?i=650 - [16] = https://curl.haxx.se/bug/?i=659 - [17] = https://curl.haxx.se/bug/?i=661 - [18] = https://curl.haxx.se/bug/?i=666 - [19] = https://curl.haxx.se/bug/?i=667 - [20] = https://curl.haxx.se/bug/?i=670 - [21] = https://curl.haxx.se/bug/?i=672 - [22] = https://curl.haxx.se/bug/?i=481 - [23] = https://curl.haxx.se/bug/?i=676 - [24] = https://curl.haxx.se/mail/lib-2016-02/0097.html - [25] = https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html - [26] = https://curl.haxx.se/bug/?i=404 - [27] = https://curl.haxx.se/bug/?i=681 - [28] = https://curl.haxx.se/bug/?i=688 - [29] = https://curl.haxx.se/bug/?i=689 - [30] = https://curl.haxx.se/bug/?i=690 - [31] = https://curl.haxx.se/bug/?i=695 - [32] = https://curl.haxx.se/bug/?i=697 - [33] = https://curl.haxx.se/bug/?i=692 - [34] = https://curl.haxx.se/bug/?i=693 - [35] = https://curl.haxx.se/bug/?i=697 - [36] = https://curl.haxx.se/bug/?i=704 - [37] = https://curl.haxx.se/bug/?i=701 - [38] = https://curl.haxx.se/bug/?i=705 - [39] = https://curl.haxx.se/bug/?i=422 - [40] = https://curl.haxx.se/bug/?i=707 - [41] = https://curl.haxx.se/bug/?i=709 - [42] = https://curl.haxx.se/bug/?i=703 - [43] = https://curl.haxx.se/bug/?i=712 - [44] = https://curl.haxx.se/mail/lib-2016-03/0150.html - [45] = https://curl.haxx.se/bug/?i=719 - [47] = https://curl.haxx.se/dev/code-style.html + [1] = https://curl.haxx.se/mail/lib-2016-07/0057.html + [2] = https://curl.haxx.se/bug/?i=937 + [3] = https://curl.haxx.se/bug/?i=857 + [4] = https://curl.haxx.se/mail/lib-2016-06/0143.html + [5] = https://curl.haxx.se/mail/lib-2016-08/0017.html + [6] = https://curl.haxx.se/bug/?i=949 + [7] = https://curl.haxx.se/bug/?i=952 + [8] = https://curl.haxx.se/mail/lib-2016-08/0076.html + [9] = https://curl.haxx.se/bug/?i=956 + [10] = https://curl.haxx.se/bug/?i=959 + [11] = https://curl.haxx.se/bug/?i=962 + [12] = https://curl.haxx.se/bug/?i=944 + [13] = https://curl.haxx.se/bug/?i=954 + [14] = https://curl.haxx.se/mail/lib-2016-08/0122.html + [15] = https://curl.haxx.se/bug/?i=970 + [16] = https://curl.haxx.se/bug/?i=718 + [17] = https://curl.haxx.se/bug/?i=820 + [18] = https://bugzilla.mozilla.org/1297397 + [19] = https://curl.haxx.se/bug/?i=978 + [20] = https://curl.haxx.se/bug/?i=899 + [21] = https://curl.haxx.se/bug/?i=983 + [22] = https://curl.haxx.se/bug/?i=941 + [23] = https://curl.haxx.se/bug/?i=986 + [24] = https://curl.haxx.se/bug/?i=971 + [25] = https://curl.haxx.se/bug/?i=958 + [26] = https://curl.haxx.se/bug/?i=982 + [27] = https://curl.haxx.se/bug/?i=993 + [28] = https://curl.haxx.se/bug/?i=995 diff --git a/acinclude.m4 b/acinclude.m4 index 2c2e51b..312efcb 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -32,8 +32,8 @@ dnl actually be a single double-quoted string concatenating all them. AC_DEFUN([CURL_CHECK_DEF], [ AC_REQUIRE([CURL_CPP_P])dnl OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl if test -z "$SED"; then @@ -174,7 +174,7 @@ dnl ------------------------------------------------- dnl Check for compilable and valid windows.h header AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ - AC_CACHE_CHECK([for windows.h], [ac_cv_header_windows_h], [ + AC_CACHE_CHECK([for windows.h], [curl_cv_header_windows_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -190,12 +190,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ #endif ]]) ],[ - ac_cv_header_windows_h="yes" + curl_cv_header_windows_h="yes" ],[ - ac_cv_header_windows_h="no" + curl_cv_header_windows_h="no" ]) ]) - case "$ac_cv_header_windows_h" in + case "$curl_cv_header_windows_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WINDOWS_H, 1, [Define to 1 if you have the windows.h header file.]) @@ -212,9 +212,9 @@ dnl Check if building a native Windows target AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([whether build target is a native Windows one], [ac_cv_native_windows], [ - if test "$ac_cv_header_windows_h" = "no"; then - ac_cv_native_windows="no" + AC_CACHE_CHECK([whether build target is a native Windows one], [curl_cv_native_windows], [ + if test "$curl_cv_header_windows_h" = "no"; then + curl_cv_native_windows="no" else AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ @@ -227,13 +227,13 @@ AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ #endif ]]) ],[ - ac_cv_native_windows="yes" + curl_cv_native_windows="yes" ],[ - ac_cv_native_windows="no" + curl_cv_native_windows="no" ]) fi ]) - AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$ac_cv_native_windows" = xyes) + AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) ]) @@ -243,7 +243,7 @@ dnl Check for compilable and valid winsock.h header AC_DEFUN([CURL_CHECK_HEADER_WINSOCK], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock.h], [ac_cv_header_winsock_h], [ + AC_CACHE_CHECK([for winsock.h], [curl_cv_header_winsock_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -260,12 +260,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WINSOCK], [ #endif ]]) ],[ - ac_cv_header_winsock_h="yes" + curl_cv_header_winsock_h="yes" ],[ - ac_cv_header_winsock_h="no" + curl_cv_header_winsock_h="no" ]) ]) - case "$ac_cv_header_winsock_h" in + case "$curl_cv_header_winsock_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WINSOCK_H, 1, [Define to 1 if you have the winsock.h header file.]) @@ -280,7 +280,7 @@ dnl Check for compilable and valid winsock2.h header AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock2.h], [ac_cv_header_winsock2_h], [ + AC_CACHE_CHECK([for winsock2.h], [curl_cv_header_winsock2_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -297,12 +297,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ #endif ]]) ],[ - ac_cv_header_winsock2_h="yes" + curl_cv_header_winsock2_h="yes" ],[ - ac_cv_header_winsock2_h="no" + curl_cv_header_winsock2_h="no" ]) ]) - case "$ac_cv_header_winsock2_h" in + case "$curl_cv_header_winsock2_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WINSOCK2_H, 1, [Define to 1 if you have the winsock2.h header file.]) @@ -317,7 +317,7 @@ dnl Check for compilable and valid ws2tcpip.h header AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CACHE_CHECK([for ws2tcpip.h], [ac_cv_header_ws2tcpip_h], [ + AC_CACHE_CHECK([for ws2tcpip.h], [curl_cv_header_ws2tcpip_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -335,12 +335,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ #endif ]]) ],[ - ac_cv_header_ws2tcpip_h="yes" + curl_cv_header_ws2tcpip_h="yes" ],[ - ac_cv_header_ws2tcpip_h="no" + curl_cv_header_ws2tcpip_h="no" ]) ]) - case "$ac_cv_header_ws2tcpip_h" in + case "$curl_cv_header_ws2tcpip_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1, [Define to 1 if you have the ws2tcpip.h header file.]) @@ -355,7 +355,7 @@ dnl Check for compilable and valid winldap.h header AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winldap.h], [ac_cv_header_winldap_h], [ + AC_CACHE_CHECK([for winldap.h], [curl_cv_header_winldap_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -375,12 +375,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [ #endif ]]) ],[ - ac_cv_header_winldap_h="yes" + curl_cv_header_winldap_h="yes" ],[ - ac_cv_header_winldap_h="no" + curl_cv_header_winldap_h="no" ]) ]) - case "$ac_cv_header_winldap_h" in + case "$curl_cv_header_winldap_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1, [Define to 1 if you have the winldap.h header file.]) @@ -395,7 +395,7 @@ dnl Check for compilable and valid winber.h header AC_DEFUN([CURL_CHECK_HEADER_WINBER], [ AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl - AC_CACHE_CHECK([for winber.h], [ac_cv_header_winber_h], [ + AC_CACHE_CHECK([for winber.h], [curl_cv_header_winber_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -417,12 +417,12 @@ AC_DEFUN([CURL_CHECK_HEADER_WINBER], [ #endif ]]) ],[ - ac_cv_header_winber_h="yes" + curl_cv_header_winber_h="yes" ],[ - ac_cv_header_winber_h="no" + curl_cv_header_winber_h="no" ]) ]) - case "$ac_cv_header_winber_h" in + case "$curl_cv_header_winber_h" in yes) AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1, [Define to 1 if you have the winber.h header file.]) @@ -438,7 +438,7 @@ dnl and check if it is needed even with ldap.h AC_DEFUN([CURL_CHECK_HEADER_LBER], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for lber.h], [ac_cv_header_lber_h], [ + AC_CACHE_CHECK([for lber.h], [curl_cv_header_lber_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -462,12 +462,12 @@ AC_DEFUN([CURL_CHECK_HEADER_LBER], [ ber_free(bep, 1); ]]) ],[ - ac_cv_header_lber_h="yes" + curl_cv_header_lber_h="yes" ],[ - ac_cv_header_lber_h="no" + curl_cv_header_lber_h="no" ]) ]) - if test "$ac_cv_header_lber_h" = "yes"; then + if test "$curl_cv_header_lber_h" = "yes"; then AC_DEFINE_UNQUOTED(HAVE_LBER_H, 1, [Define to 1 if you have the lber.h header file.]) # @@ -518,7 +518,7 @@ dnl Check for compilable and valid ldap.h header AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ AC_REQUIRE([CURL_CHECK_HEADER_LBER])dnl - AC_CACHE_CHECK([for ldap.h], [ac_cv_header_ldap_h], [ + AC_CACHE_CHECK([for ldap.h], [curl_cv_header_ldap_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -544,12 +544,12 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ int res = ldap_unbind(ldp); ]]) ],[ - ac_cv_header_ldap_h="yes" + curl_cv_header_ldap_h="yes" ],[ - ac_cv_header_ldap_h="no" + curl_cv_header_ldap_h="no" ]) ]) - case "$ac_cv_header_ldap_h" in + case "$curl_cv_header_ldap_h" in yes) AC_DEFINE_UNQUOTED(HAVE_LDAP_H, 1, [Define to 1 if you have the ldap.h header file.]) @@ -564,7 +564,7 @@ dnl Check for compilable and valid ldap_ssl.h header AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl - AC_CACHE_CHECK([for ldap_ssl.h], [ac_cv_header_ldap_ssl_h], [ + AC_CACHE_CHECK([for ldap_ssl.h], [curl_cv_header_ldap_ssl_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -592,12 +592,12 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1); ]]) ],[ - ac_cv_header_ldap_ssl_h="yes" + curl_cv_header_ldap_ssl_h="yes" ],[ - ac_cv_header_ldap_ssl_h="no" + curl_cv_header_ldap_ssl_h="no" ]) ]) - case "$ac_cv_header_ldap_ssl_h" in + case "$curl_cv_header_ldap_ssl_h" in yes) AC_DEFINE_UNQUOTED(HAVE_LDAP_SSL_H, 1, [Define to 1 if you have the ldap_ssl.h header file.]) @@ -612,7 +612,7 @@ dnl Check for compilable and valid ldapssl.h header AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [ AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl - AC_CACHE_CHECK([for ldapssl.h], [ac_cv_header_ldapssl_h], [ + AC_CACHE_CHECK([for ldapssl.h], [curl_cv_header_ldapssl_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -644,12 +644,12 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [ LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label); ]]) ],[ - ac_cv_header_ldapssl_h="yes" + curl_cv_header_ldapssl_h="yes" ],[ - ac_cv_header_ldapssl_h="no" + curl_cv_header_ldapssl_h="no" ]) ]) - case "$ac_cv_header_ldapssl_h" in + case "$curl_cv_header_ldapssl_h" in yes) AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1, [Define to 1 if you have the ldapssl.h header file.]) @@ -866,7 +866,7 @@ dnl Check for compilable and valid malloc.h header, dnl and check if it is needed even with stdlib.h AC_DEFUN([CURL_CHECK_HEADER_MALLOC], [ - AC_CACHE_CHECK([for malloc.h], [ac_cv_header_malloc_h], [ + AC_CACHE_CHECK([for malloc.h], [curl_cv_header_malloc_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include @@ -877,12 +877,12 @@ AC_DEFUN([CURL_CHECK_HEADER_MALLOC], [ free(q); ]]) ],[ - ac_cv_header_malloc_h="yes" + curl_cv_header_malloc_h="yes" ],[ - ac_cv_header_malloc_h="no" + curl_cv_header_malloc_h="no" ]) ]) - if test "$ac_cv_header_malloc_h" = "yes"; then + if test "$curl_cv_header_malloc_h" = "yes"; then AC_DEFINE_UNQUOTED(HAVE_MALLOC_H, 1, [Define to 1 if you have the malloc.h header file.]) # @@ -918,7 +918,7 @@ dnl and check if it is needed even with stdlib.h for dnl memory related functions. AC_DEFUN([CURL_CHECK_HEADER_MEMORY], [ - AC_CACHE_CHECK([for memory.h], [ac_cv_header_memory_h], [ + AC_CACHE_CHECK([for memory.h], [curl_cv_header_memory_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include @@ -929,12 +929,12 @@ AC_DEFUN([CURL_CHECK_HEADER_MEMORY], [ free(q); ]]) ],[ - ac_cv_header_memory_h="yes" + curl_cv_header_memory_h="yes" ],[ - ac_cv_header_memory_h="no" + curl_cv_header_memory_h="no" ]) ]) - if test "$ac_cv_header_memory_h" = "yes"; then + if test "$curl_cv_header_memory_h" = "yes"; then AC_DEFINE_UNQUOTED(HAVE_MEMORY_H, 1, [Define to 1 if you have the memory.h header file.]) # @@ -1158,7 +1158,7 @@ AC_DEFUN([CURL_CHECK_FUNC_GETNAMEINFO], [ # AC_DEFINE_UNQUOTED(HAVE_GETNAMEINFO, 1, [Define to 1 if you have the getnameinfo function.]) - ac_cv_func_getnameinfo="yes" + curl_cv_func_getnameinfo="yes" fi fi ]) @@ -1213,7 +1213,7 @@ AC_DEFUN([CURL_CHECK_NI_WITHSCOPEID], [ netdb.h netinet/in.h arpa/inet.h) # AC_CACHE_CHECK([for working NI_WITHSCOPEID], - [ac_cv_working_ni_withscopeid], [ + [curl_cv_working_ni_withscopeid], [ AC_RUN_IFELSE([ AC_LANG_PROGRAM([[ #ifdef HAVE_STDLIB_H @@ -1271,10 +1271,10 @@ AC_DEFUN([CURL_CHECK_NI_WITHSCOPEID], [ ]]) # AC-LANG-PROGRAM ],[ # Exit code == 0. Program worked. - ac_cv_working_ni_withscopeid="yes" + curl_cv_working_ni_withscopeid="yes" ],[ # Exit code != 0. Program failed. - ac_cv_working_ni_withscopeid="no" + curl_cv_working_ni_withscopeid="no" ],[ # Program is not run when cross-compiling. So we assume # NI_WITHSCOPEID will work if we are able to compile it. @@ -1287,13 +1287,13 @@ AC_DEFUN([CURL_CHECK_NI_WITHSCOPEID], [ unsigned int dummy= NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID; ]]) ],[ - ac_cv_working_ni_withscopeid="yes" + curl_cv_working_ni_withscopeid="yes" ],[ - ac_cv_working_ni_withscopeid="no" + curl_cv_working_ni_withscopeid="no" ]) # AC-COMPILE-IFELSE ]) # AC-RUN-IFELSE ]) # AC-CACHE-CHECK - case "$ac_cv_working_ni_withscopeid" in + case "$curl_cv_working_ni_withscopeid" in yes) AC_DEFINE(HAVE_NI_WITHSCOPEID, 1, [Define to 1 if NI_WITHSCOPEID exists and works.]) @@ -1427,7 +1427,7 @@ AC_DEFUN([CURL_CHECK_FUNC_RECV], [ # AC_DEFINE_UNQUOTED(HAVE_RECV, 1, [Define to 1 if you have the recv function.]) - ac_cv_func_recv="yes" + curl_cv_func_recv="yes" fi else AC_MSG_ERROR([Unable to link function recv]) @@ -1594,7 +1594,7 @@ AC_DEFUN([CURL_CHECK_FUNC_SEND], [ # AC_DEFINE_UNQUOTED(HAVE_SEND, 1, [Define to 1 if you have the send function.]) - ac_cv_func_send="yes" + curl_cv_func_send="yes" fi else AC_MSG_ERROR([Unable to link function send]) @@ -1607,7 +1607,7 @@ dnl Check for MSG_NOSIGNAL AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ AC_CHECK_HEADERS(sys/types.h sys/socket.h) - AC_CACHE_CHECK([for MSG_NOSIGNAL], [ac_cv_msg_nosignal], [ + AC_CACHE_CHECK([for MSG_NOSIGNAL], [curl_cv_msg_nosignal], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -1635,12 +1635,12 @@ AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ int flag=MSG_NOSIGNAL; ]]) ],[ - ac_cv_msg_nosignal="yes" + curl_cv_msg_nosignal="yes" ],[ - ac_cv_msg_nosignal="no" + curl_cv_msg_nosignal="no" ]) ]) - case "$ac_cv_msg_nosignal" in + case "$curl_cv_msg_nosignal" in yes) AC_DEFINE_UNQUOTED(HAVE_MSG_NOSIGNAL, 1, [Define to 1 if you have the MSG_NOSIGNAL flag.]) @@ -1658,7 +1658,7 @@ AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl AC_CHECK_HEADERS(sys/types.h sys/time.h time.h sys/socket.h) - AC_CACHE_CHECK([for struct timeval], [ac_cv_struct_timeval], [ + AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -1697,12 +1697,12 @@ AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ ts.tv_usec = 0; ]]) ],[ - ac_cv_struct_timeval="yes" + curl_cv_struct_timeval="yes" ],[ - ac_cv_struct_timeval="no" + curl_cv_struct_timeval="no" ]) ]) - case "$ac_cv_struct_timeval" in + case "$curl_cv_struct_timeval" in yes) AC_DEFINE_UNQUOTED(HAVE_STRUCT_TIMEVAL, 1, [Define to 1 if you have the timeval struct.]) @@ -1740,13 +1740,13 @@ AC_DEFUN([TYPE_SIG_ATOMIC_T], [ ]]) ],[ AC_MSG_RESULT([no]) - ac_cv_sig_atomic_t_volatile="no" + curl_cv_sig_atomic_t_volatile="no" ],[ AC_MSG_RESULT([yes]) - ac_cv_sig_atomic_t_volatile="yes" + curl_cv_sig_atomic_t_volatile="yes" ]) # - if test "$ac_cv_sig_atomic_t_volatile" = "yes"; then + if test "$curl_cv_sig_atomic_t_volatile" = "yes"; then AC_DEFINE(HAVE_SIG_ATOMIC_T_VOLATILE, 1, [Define to 1 if sig_atomic_t is already defined as volatile.]) fi @@ -1878,10 +1878,10 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ ]]) ],[ AC_MSG_RESULT([yes]) - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" ],[ AC_MSG_RESULT([no]) - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" ]) fi dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed @@ -1897,7 +1897,7 @@ dnl check and prepended to LIBS any needed libraries. AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ AC_REQUIRE([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC])dnl # - if test "$ac_cv_func_clock_gettime" = "yes"; then + if test "$curl_func_clock_gettime" = "yes"; then # AC_MSG_CHECKING([for clock_gettime in libraries]) # @@ -1942,11 +1942,11 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ X-unknown) AC_MSG_RESULT([cannot find clock_gettime]) AC_MSG_WARN([HAVE_CLOCK_GETTIME_MONOTONIC will not be defined]) - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" ;; X-) AC_MSG_RESULT([no additional lib required]) - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" ;; *) if test -z "$curl_cv_save_LIBS"; then @@ -1955,13 +1955,13 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ LIBS="$curl_cv_gclk_LIBS $curl_cv_save_LIBS" fi AC_MSG_RESULT([$curl_cv_gclk_LIBS]) - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" ;; esac # dnl only do runtime verification when not cross-compiling if test "x$cross_compiling" != "xyes" && - test "$ac_cv_func_clock_gettime" = "yes"; then + test "$curl_func_clock_gettime" = "yes"; then AC_MSG_CHECKING([if monotonic clock_gettime works]) AC_RUN_IFELSE([ AC_LANG_PROGRAM([[ @@ -1993,12 +1993,12 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ ],[ AC_MSG_RESULT([no]) AC_MSG_WARN([HAVE_CLOCK_GETTIME_MONOTONIC will not be defined]) - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" LIBS="$curl_cv_save_LIBS" ]) fi # - case "$ac_cv_func_clock_gettime" in + case "$curl_func_clock_gettime" in yes) AC_DEFINE_UNQUOTED(HAVE_CLOCK_GETTIME_MONOTONIC, 1, [Define to 1 if you have the clock_gettime function and monotonic timer.]) @@ -2159,7 +2159,7 @@ AC_DEFUN([CURL_CONFIGURE_CURL_SOCKLEN_T], [ AC_MSG_CHECKING([size of curl_socklen_t]) curl_sizeof_curl_socklen_t="unknown" curl_pull_headers_socklen_t="unknown" - if test "$ac_cv_header_ws2tcpip_h" = "yes"; then + if test "$curl_cv_header_ws2tcpip_h" = "yes"; then tst_pull_header_checks='none ws2tcpip' tst_size_checks='4' else @@ -2453,7 +2453,7 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ # AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, [Define to 1 if you have the select function.]) - ac_cv_func_select="yes" + curl_cv_func_select="yes" fi fi ]) @@ -2565,8 +2565,8 @@ dnl regarding the paths this will scan: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat -dnl /usr/local/share/certs/ca-root.crt FreeBSD -dnl /etc/ssl/cert.pem OpenBSD +dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD +dnl /etc/ssl/cert.pem OpenBSD, FreeBSD (symlink) dnl /etc/ssl/certs/ (ca path) SUSE AC_DEFUN([CURL_CHECK_CA_BUNDLE], [ @@ -2640,7 +2640,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), for a in /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/certs/ca-bundle.crt \ /usr/share/ssl/certs/ca-bundle.crt \ - /usr/local/share/certs/ca-root.crt \ + /usr/local/share/certs/ca-root-nss.crt \ /etc/ssl/cert.pem \ "$cac"; do if test -f "$a"; then @@ -3011,7 +3011,7 @@ AC_DEFUN([CURL_CHECK_WIN32_LARGEFILE], [ AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl AC_MSG_CHECKING([whether build target supports WIN32 file API]) curl_win32_file_api="no" - if test "$ac_cv_header_windows_h" = "yes"; then + if test "$curl_cv_header_windows_h" = "yes"; then if test x"$enable_largefile" != "xno"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ @@ -3187,12 +3187,15 @@ TEST EINVAL TEST if test "x$cpp_p" = "xno"; then AC_MSG_WARN([failed to figure out cpp -P alternative]) # without -P - CPPPFLAGS=$OLDCPPFLAGS + CPPPFLAG="" else # with -P - CPPPFLAGS=$CPPFLAGS + CPPPFLAG="-P" fi dnl restore CPPFLAGS CPPFLAGS=$OLDCPPFLAGS + else + # without -P + CPPPFLAG="" fi ]) diff --git a/config.guess b/config.guess index 1659250..0967f2a 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-08-20' +timestamp='2016-04-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ timestamp='2015-08-20' # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -237,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -268,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -376,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -410,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -635,13 +639,13 @@ EOF sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -680,11 +684,11 @@ EOF exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -697,12 +701,12 @@ EOF # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -807,14 +811,14 @@ EOF echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -896,7 +900,7 @@ EOF exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix @@ -919,7 +923,7 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) @@ -965,6 +969,9 @@ EOF ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1120,7 +1127,7 @@ EOF # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1269,6 +1276,9 @@ EOF SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1282,9 +1292,9 @@ EOF UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in @@ -1306,7 +1316,7 @@ EOF exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1337,7 +1347,7 @@ EOF # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1379,7 +1389,7 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1390,6 +1400,9 @@ EOF x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac cat >&2 <&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: failed to figure out cpp -P alternative" >&5 $as_echo "$as_me: WARNING: failed to figure out cpp -P alternative" >&2;} # without -P - CPPPFLAGS=$OLDCPPFLAGS + CPPPFLAG="" else # with -P - CPPPFLAGS=$CPPFLAGS + CPPPFLAG="-P" fi CPPFLAGS=$OLDCPPFLAGS + else + # without -P + CPPPFLAG="" fi @@ -6245,8 +6248,8 @@ if ac_fn_c_try_compile "$LINENO"; then : else OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` if test -z "$SED"; then @@ -6363,8 +6366,8 @@ if ac_fn_c_try_compile "$LINENO"; then : else OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" as_ac_HaveDef=`$as_echo "curl_cv_have_def_$tmp_fmt" | $as_tr_sh` as_ac_Def=`$as_echo "curl_cv_def_$tmp_fmt" | $as_tr_sh` if test -z "$SED"; then @@ -16130,8 +16133,8 @@ esac $as_echo_n "checking if compiler is DEC/Compaq/HP C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16174,8 +16177,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16237,8 +16240,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is HP-UX C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16299,8 +16302,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is IBM C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16369,8 +16372,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is Intel C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16417,8 +16420,8 @@ $as_echo "yes" >&6; } compiler_num="$curl_cv_def___INTEL_COMPILER" OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16493,8 +16496,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is clang... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16566,8 +16569,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is GNU C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16632,8 +16635,8 @@ $as_echo "yes" >&6; } flags_opt_off="-O0" OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16684,8 +16687,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is LCC... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16746,8 +16749,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is SGI MIPSpro C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16790,8 +16793,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16834,8 +16837,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16898,8 +16901,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is SGI MIPS C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -16942,8 +16945,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -17006,8 +17009,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is SunPro C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -17068,8 +17071,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is Tiny C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -17130,8 +17133,8 @@ $as_echo "no" >&6; } $as_echo_n "checking if compiler is Watcom C... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -17177,8 +17180,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext $as_echo "yes" >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -18485,7 +18488,7 @@ $as_echo_n "checking if compiler supports hiding library internal symbols... " > ;; GNU_C) if test "$compiler_num" -ge "304"; then - if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then + if $CC --help --verbose 2>/dev/null | grep fvisibility= >/dev/null ; then tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))" tmp_CFLAGS="-fvisibility=hidden" supports_symbol_hiding="yes" @@ -18702,7 +18705,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 $as_echo_n "checking for windows.h... " >&6; } -if ${ac_cv_header_windows_h+:} false; then : +if ${curl_cv_header_windows_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -18732,19 +18735,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_windows_h="yes" + curl_cv_header_windows_h="yes" else - ac_cv_header_windows_h="no" + curl_cv_header_windows_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_windows_h" >&5 -$as_echo "$ac_cv_header_windows_h" >&6; } - case "$ac_cv_header_windows_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 +$as_echo "$curl_cv_header_windows_h" >&6; } + case "$curl_cv_header_windows_h" in yes) cat >>confdefs.h <<_ACEOF @@ -18762,12 +18765,12 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build target is a native Windows one" >&5 $as_echo_n "checking whether build target is a native Windows one... " >&6; } -if ${ac_cv_native_windows+:} false; then : +if ${curl_cv_native_windows+:} false; then : $as_echo_n "(cached) " >&6 else - if test "$ac_cv_header_windows_h" = "no"; then - ac_cv_native_windows="no" + if test "$curl_cv_header_windows_h" = "no"; then + curl_cv_native_windows="no" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18791,20 +18794,20 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_native_windows="yes" + curl_cv_native_windows="yes" else - ac_cv_native_windows="no" + curl_cv_native_windows="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_native_windows" >&5 -$as_echo "$ac_cv_native_windows" >&6; } - if test "x$ac_cv_native_windows" = xyes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_native_windows" >&5 +$as_echo "$curl_cv_native_windows" >&6; } + if test "x$curl_cv_native_windows" = xyes; then DOING_NATIVE_WINDOWS_TRUE= DOING_NATIVE_WINDOWS_FALSE='#' else @@ -18813,12 +18816,12 @@ else fi -case X-"$ac_cv_native_windows" in +case X-"$curl_cv_native_windows" in X-yes) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winsock.h" >&5 $as_echo_n "checking for winsock.h... " >&6; } -if ${ac_cv_header_winsock_h+:} false; then : +if ${curl_cv_header_winsock_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -18849,19 +18852,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winsock_h="yes" + curl_cv_header_winsock_h="yes" else - ac_cv_header_winsock_h="no" + curl_cv_header_winsock_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winsock_h" >&5 -$as_echo "$ac_cv_header_winsock_h" >&6; } - case "$ac_cv_header_winsock_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock_h" >&5 +$as_echo "$curl_cv_header_winsock_h" >&6; } + case "$curl_cv_header_winsock_h" in yes) cat >>confdefs.h <<_ACEOF @@ -18874,7 +18877,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 $as_echo_n "checking for winsock2.h... " >&6; } -if ${ac_cv_header_winsock2_h+:} false; then : +if ${curl_cv_header_winsock2_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -18905,19 +18908,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winsock2_h="yes" + curl_cv_header_winsock2_h="yes" else - ac_cv_header_winsock2_h="no" + curl_cv_header_winsock2_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winsock2_h" >&5 -$as_echo "$ac_cv_header_winsock2_h" >&6; } - case "$ac_cv_header_winsock2_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 +$as_echo "$curl_cv_header_winsock2_h" >&6; } + case "$curl_cv_header_winsock2_h" in yes) cat >>confdefs.h <<_ACEOF @@ -18930,7 +18933,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ws2tcpip.h" >&5 $as_echo_n "checking for ws2tcpip.h... " >&6; } -if ${ac_cv_header_ws2tcpip_h+:} false; then : +if ${curl_cv_header_ws2tcpip_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -18962,19 +18965,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_ws2tcpip_h="yes" + curl_cv_header_ws2tcpip_h="yes" else - ac_cv_header_ws2tcpip_h="no" + curl_cv_header_ws2tcpip_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_ws2tcpip_h" >&5 -$as_echo "$ac_cv_header_ws2tcpip_h" >&6; } - case "$ac_cv_header_ws2tcpip_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ws2tcpip_h" >&5 +$as_echo "$curl_cv_header_ws2tcpip_h" >&6; } + case "$curl_cv_header_ws2tcpip_h" in yes) cat >>confdefs.h <<_ACEOF @@ -18987,7 +18990,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winldap.h" >&5 $as_echo_n "checking for winldap.h... " >&6; } -if ${ac_cv_header_winldap_h+:} false; then : +if ${curl_cv_header_winldap_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -19021,19 +19024,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winldap_h="yes" + curl_cv_header_winldap_h="yes" else - ac_cv_header_winldap_h="no" + curl_cv_header_winldap_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winldap_h" >&5 -$as_echo "$ac_cv_header_winldap_h" >&6; } - case "$ac_cv_header_winldap_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winldap_h" >&5 +$as_echo "$curl_cv_header_winldap_h" >&6; } + case "$curl_cv_header_winldap_h" in yes) cat >>confdefs.h <<_ACEOF @@ -19046,7 +19049,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winber.h" >&5 $as_echo_n "checking for winber.h... " >&6; } -if ${ac_cv_header_winber_h+:} false; then : +if ${curl_cv_header_winber_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -19082,19 +19085,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winber_h="yes" + curl_cv_header_winber_h="yes" else - ac_cv_header_winber_h="no" + curl_cv_header_winber_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winber_h" >&5 -$as_echo "$ac_cv_header_winber_h" >&6; } - case "$ac_cv_header_winber_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winber_h" >&5 +$as_echo "$curl_cv_header_winber_h" >&6; } + case "$curl_cv_header_winber_h" in yes) cat >>confdefs.h <<_ACEOF @@ -19106,18 +19109,18 @@ _ACEOF ;; *) - ac_cv_header_winsock_h="no" - ac_cv_header_winsock2_h="no" - ac_cv_header_ws2tcpip_h="no" - ac_cv_header_winldap_h="no" - ac_cv_header_winber_h="no" + curl_cv_header_winsock_h="no" + curl_cv_header_winsock2_h="no" + curl_cv_header_ws2tcpip_h="no" + curl_cv_header_winldap_h="no" + curl_cv_header_winber_h="no" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build target supports WIN32 file API" >&5 $as_echo_n "checking whether build target supports WIN32 file API... " >&6; } curl_win32_file_api="no" - if test "$ac_cv_header_windows_h" = "yes"; then + if test "$curl_cv_header_windows_h" = "yes"; then if test x"$enable_largefile" != "xno"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19901,8 +19904,8 @@ fi if test "$HAVE_GETHOSTBYNAME" != "1" then - if test "$ac_cv_header_windows_h" = "yes"; then - if test "$ac_cv_header_winsock_h" = "yes"; then + if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_header_winsock_h" = "yes"; then case $host in *-*-mingw32ce*) winsock_LIB="-lwinsock" @@ -19912,7 +19915,7 @@ then ;; esac fi - if test "$ac_cv_header_winsock2_h" = "yes"; then + if test "$curl_cv_header_winsock2_h" = "yes"; then winsock_LIB="-lws2_32" fi if test ! -z "$winsock_LIB"; then @@ -20133,96 +20136,6 @@ if test "$HAVE_GETHOSTBYNAME" != "1"; then as_fn_error $? "couldn't find libraries for gethostbyname()" "$LINENO" 5 fi -ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" -if test "x$ac_cv_func_strcasecmp" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolve" >&5 -$as_echo_n "checking for strcasecmp in -lresolve... " >&6; } -if ${ac_cv_lib_resolve_strcasecmp+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolve $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -int main (void) -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolve_strcasecmp=yes -else - ac_cv_lib_resolve_strcasecmp=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolve_strcasecmp" >&5 -$as_echo "$ac_cv_lib_resolve_strcasecmp" >&6; } -if test "x$ac_cv_lib_resolve_strcasecmp" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESOLVE 1 -_ACEOF - - LIBS="-lresolve $LIBS" - -fi - -fi - - -if test "$ac_cv_lib_resolve_strcasecmp" = "$ac_cv_func_strcasecmp"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolve" >&5 -$as_echo_n "checking for strcasecmp in -lresolve... " >&6; } -if ${ac_cv_lib_resolve_strcasecmp+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolve -lnsl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -int main (void) -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolve_strcasecmp=yes -else - ac_cv_lib_resolve_strcasecmp=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolve_strcasecmp" >&5 -$as_echo "$ac_cv_lib_resolve_strcasecmp" >&6; } -if test "x$ac_cv_lib_resolve_strcasecmp" = xyes; then : - LIBS="-lresolve $LIBS" -fi - -fi -ac_cv_func_strcasecmp="no" - curl_includes_winsock2="\ /* includes start */ @@ -20243,7 +20156,7 @@ curl_includes_winsock2="\ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 $as_echo_n "checking for windows.h... " >&6; } -if ${ac_cv_header_windows_h+:} false; then : +if ${curl_cv_header_windows_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -20273,19 +20186,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_windows_h="yes" + curl_cv_header_windows_h="yes" else - ac_cv_header_windows_h="no" + curl_cv_header_windows_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_windows_h" >&5 -$as_echo "$ac_cv_header_windows_h" >&6; } - case "$ac_cv_header_windows_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 +$as_echo "$curl_cv_header_windows_h" >&6; } + case "$curl_cv_header_windows_h" in yes) cat >>confdefs.h <<_ACEOF @@ -20303,7 +20216,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winsock.h" >&5 $as_echo_n "checking for winsock.h... " >&6; } -if ${ac_cv_header_winsock_h+:} false; then : +if ${curl_cv_header_winsock_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -20334,19 +20247,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winsock_h="yes" + curl_cv_header_winsock_h="yes" else - ac_cv_header_winsock_h="no" + curl_cv_header_winsock_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winsock_h" >&5 -$as_echo "$ac_cv_header_winsock_h" >&6; } - case "$ac_cv_header_winsock_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock_h" >&5 +$as_echo "$curl_cv_header_winsock_h" >&6; } + case "$curl_cv_header_winsock_h" in yes) cat >>confdefs.h <<_ACEOF @@ -20359,7 +20272,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 $as_echo_n "checking for winsock2.h... " >&6; } -if ${ac_cv_header_winsock2_h+:} false; then : +if ${curl_cv_header_winsock2_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -20390,19 +20303,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winsock2_h="yes" + curl_cv_header_winsock2_h="yes" else - ac_cv_header_winsock2_h="no" + curl_cv_header_winsock2_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winsock2_h" >&5 -$as_echo "$ac_cv_header_winsock2_h" >&6; } - case "$ac_cv_header_winsock2_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 +$as_echo "$curl_cv_header_winsock2_h" >&6; } + case "$curl_cv_header_winsock2_h" in yes) cat >>confdefs.h <<_ACEOF @@ -20557,13 +20470,13 @@ if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext @@ -20571,7 +20484,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # - if test "$ac_cv_func_clock_gettime" = "yes"; then + if test "$curl_func_clock_gettime" = "yes"; then # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime in libraries" >&5 $as_echo_n "checking for clock_gettime in libraries... " >&6; } @@ -20633,12 +20546,12 @@ rm -f core conftest.err conftest.$ac_objext \ $as_echo "cannot find clock_gettime" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&5 $as_echo "$as_me: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&2;} - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" ;; X-) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no additional lib required" >&5 $as_echo "no additional lib required" >&6; } - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" ;; *) if test -z "$curl_cv_save_LIBS"; then @@ -20648,12 +20561,12 @@ $as_echo "no additional lib required" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_gclk_LIBS" >&5 $as_echo "$curl_cv_gclk_LIBS" >&6; } - ac_cv_func_clock_gettime="yes" + curl_func_clock_gettime="yes" ;; esac # if test "x$cross_compiling" != "xyes" && - test "$ac_cv_func_clock_gettime" = "yes"; then + test "$curl_func_clock_gettime" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if monotonic clock_gettime works" >&5 $as_echo_n "checking if monotonic clock_gettime works... " >&6; } if test "$cross_compiling" = yes; then : @@ -20708,7 +20621,7 @@ else $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&5 $as_echo "$as_me: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&2;} - ac_cv_func_clock_gettime="no" + curl_func_clock_gettime="no" LIBS="$curl_cv_save_LIBS" fi @@ -20718,7 +20631,7 @@ fi fi # - case "$ac_cv_func_clock_gettime" in + case "$curl_func_clock_gettime" in yes) cat >>confdefs.h <<_ACEOF @@ -20755,9 +20668,147 @@ else OPT_ZLIB="" fi + + if test -n "$PKG_CONFIG"; then + PKGCONFIG="$PKG_CONFIG" + else + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +$as_echo "$PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + fi + + if test "x$PKGCONFIG" != "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for zlib options with pkg-config" >&5 +$as_echo_n "checking for zlib options with pkg-config... " >&6; } + itexists=` + if test -n ""; then + PKG_CONFIG_LIBDIR="" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --exists zlib >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + PKGCONFIG="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 +$as_echo "found" >&6; } + fi + fi + + + if test "$PKGCONFIG" != "no" ; then + LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS" + LDFLAGS="`$PKGCONFIG --libs-only-L zlib` $LDFLAGS" + CPPFLAGS="`$PKGCONFIG --cflags-only-I zlib` $CPPFLAGS" + OPT_ZLIB="" + HAVE_LIBZ="1" + fi + if test -z "$OPT_ZLIB" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 + if test -z "$HAVE_LIBZ"; then + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 $as_echo_n "checking for inflateEnd in -lz... " >&6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : $as_echo_n "(cached) " >&6 @@ -20797,7 +20848,7 @@ else OPT_ZLIB="/usr/local" fi - + fi fi if test -n "$OPT_ZLIB"; then @@ -20931,7 +20982,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lber.h" >&5 $as_echo_n "checking for lber.h... " >&6; } -if ${ac_cv_header_lber_h+:} false; then : +if ${curl_cv_header_lber_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -20969,19 +21020,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_lber_h="yes" + curl_cv_header_lber_h="yes" else - ac_cv_header_lber_h="no" + curl_cv_header_lber_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_lber_h" >&5 -$as_echo "$ac_cv_header_lber_h" >&6; } - if test "$ac_cv_header_lber_h" = "yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_lber_h" >&5 +$as_echo "$curl_cv_header_lber_h" >&6; } + if test "$curl_cv_header_lber_h" = "yes"; then cat >>confdefs.h <<_ACEOF #define HAVE_LBER_H 1 @@ -21048,7 +21099,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap.h" >&5 $as_echo_n "checking for ldap.h... " >&6; } -if ${ac_cv_header_ldap_h+:} false; then : +if ${curl_cv_header_ldap_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -21088,19 +21139,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_ldap_h="yes" + curl_cv_header_ldap_h="yes" else - ac_cv_header_ldap_h="no" + curl_cv_header_ldap_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_ldap_h" >&5 -$as_echo "$ac_cv_header_ldap_h" >&6; } - case "$ac_cv_header_ldap_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ldap_h" >&5 +$as_echo "$curl_cv_header_ldap_h" >&6; } + case "$curl_cv_header_ldap_h" in yes) cat >>confdefs.h <<_ACEOF @@ -21113,7 +21164,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldapssl.h" >&5 $as_echo_n "checking for ldapssl.h... " >&6; } -if ${ac_cv_header_ldapssl_h+:} false; then : +if ${curl_cv_header_ldapssl_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -21159,19 +21210,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_ldapssl_h="yes" + curl_cv_header_ldapssl_h="yes" else - ac_cv_header_ldapssl_h="no" + curl_cv_header_ldapssl_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_ldapssl_h" >&5 -$as_echo "$ac_cv_header_ldapssl_h" >&6; } - case "$ac_cv_header_ldapssl_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ldapssl_h" >&5 +$as_echo "$curl_cv_header_ldapssl_h" >&6; } + case "$curl_cv_header_ldapssl_h" in yes) cat >>confdefs.h <<_ACEOF @@ -21184,7 +21235,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_ssl.h" >&5 $as_echo_n "checking for ldap_ssl.h... " >&6; } -if ${ac_cv_header_ldap_ssl_h+:} false; then : +if ${curl_cv_header_ldap_ssl_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -21226,19 +21277,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_ldap_ssl_h="yes" + curl_cv_header_ldap_ssl_h="yes" else - ac_cv_header_ldap_ssl_h="no" + curl_cv_header_ldap_ssl_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_ldap_ssl_h" >&5 -$as_echo "$ac_cv_header_ldap_ssl_h" >&6; } - case "$ac_cv_header_ldap_ssl_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ldap_ssl_h" >&5 +$as_echo "$curl_cv_header_ldap_ssl_h" >&6; } + case "$curl_cv_header_ldap_ssl_h" in yes) cat >>confdefs.h <<_ACEOF @@ -21250,7 +21301,7 @@ _ACEOF if test -z "$LDAPLIBNAME" ; then - if test "$ac_cv_native_windows" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then LDAPLIBNAME="wldap32" LBERLIBNAME="no" fi @@ -21929,7 +21980,7 @@ fi $as_echo_n "checking whether to enable Windows native SSL/TLS (Windows native builds only)... " >&6; } if test "$curl_ssl_msg" = "$init_ssl_msg"; then if test "x$OPT_WINSSL" != "xno" && - test "x$ac_cv_native_windows" = "xyes"; then + test "x$curl_cv_native_windows" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -21946,6 +21997,7 @@ $as_echo "#define USE_WINDOWS_SSPI 1" >>confdefs.h USE_WINDOWS_SSPI=1 curl_sspi_msg="enabled" + LIBS="-lcrypt32 $LIBS" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -22714,8 +22766,8 @@ $as_echo "$as_me: Added $LIB_OPENSSL to LD_LIBRARY_PATH" >&6;} $as_echo_n "checking for OpenSSL headers version... " >&6; } OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAGS comes from CURL_CPP_P - CPPFLAGS="$CPPPFLAGS" + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" if test -z "$SED"; then as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 fi @@ -24527,7 +24579,9 @@ done if test "x$cyassllibname" = "xwolfssl"; then for ac_func in wolfSSLv3_client_method \ - wolfSSL_get_peer_certificate + wolfSSL_CTX_UseSupportedCurve \ + wolfSSL_get_peer_certificate \ + wolfSSL_UseALPN do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -24540,12 +24594,14 @@ fi done else - for ac_func in CyaSSL_get_peer_certificate + for ac_func in CyaSSL_CTX_UseSupportedCurve \ + CyaSSL_get_peer_certificate do : - ac_fn_c_check_func "$LINENO" "CyaSSL_get_peer_certificate" "ac_cv_func_CyaSSL_get_peer_certificate" -if test "x$ac_cv_func_CyaSSL_get_peer_certificate" = xyes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_CYASSL_GET_PEER_CERTIFICATE 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -25161,7 +25217,7 @@ fi for a in /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/certs/ca-bundle.crt \ /usr/share/ssl/certs/ca-bundle.crt \ - /usr/local/share/certs/ca-root.crt \ + /usr/local/share/certs/ca-root-nss.crt \ /etc/ssl/cert.pem \ "$cac"; do if test -f "$a"; then @@ -27294,7 +27350,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for malloc.h" >&5 $as_echo_n "checking for malloc.h... " >&6; } -if ${ac_cv_header_malloc_h+:} false; then : +if ${curl_cv_header_malloc_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -27319,19 +27375,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_malloc_h="yes" + curl_cv_header_malloc_h="yes" else - ac_cv_header_malloc_h="no" + curl_cv_header_malloc_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_malloc_h" >&5 -$as_echo "$ac_cv_header_malloc_h" >&6; } - if test "$ac_cv_header_malloc_h" = "yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_malloc_h" >&5 +$as_echo "$curl_cv_header_malloc_h" >&6; } + if test "$curl_cv_header_malloc_h" = "yes"; then cat >>confdefs.h <<_ACEOF #define HAVE_MALLOC_H 1 @@ -27382,7 +27438,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for memory.h" >&5 $as_echo_n "checking for memory.h... " >&6; } -if ${ac_cv_header_memory_h+:} false; then : +if ${curl_cv_header_memory_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -27407,19 +27463,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_memory_h="yes" + curl_cv_header_memory_h="yes" else - ac_cv_header_memory_h="no" + curl_cv_header_memory_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_memory_h" >&5 -$as_echo "$ac_cv_header_memory_h" >&6; } - if test "$ac_cv_header_memory_h" = "yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_memory_h" >&5 +$as_echo "$curl_cv_header_memory_h" >&6; } + if test "$curl_cv_header_memory_h" = "yes"; then cat >>confdefs.h <<_ACEOF #define HAVE_MEMORY_H 1 @@ -27792,7 +27848,7 @@ done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 $as_echo_n "checking for struct timeval... " >&6; } -if ${ac_cv_struct_timeval+:} false; then : +if ${curl_cv_struct_timeval+:} false; then : $as_echo_n "(cached) " >&6 else @@ -27845,19 +27901,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_struct_timeval="yes" + curl_cv_struct_timeval="yes" else - ac_cv_struct_timeval="no" + curl_cv_struct_timeval="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_timeval" >&5 -$as_echo "$ac_cv_struct_timeval" >&6; } - case "$ac_cv_struct_timeval" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_struct_timeval" >&5 +$as_echo "$curl_cv_struct_timeval" >&6; } + case "$curl_cv_struct_timeval" in yes) cat >>confdefs.h <<_ACEOF @@ -28116,7 +28172,7 @@ _ACEOF soname_bump=no -if test x"$ac_cv_native_windows" != "xyes" && +if test x"$curl_cv_native_windows" != "xyes" && test $ac_cv_sizeof_off_t -ne $curl_sizeof_curl_off_t; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: This libcurl built is probably not ABI compatible with previous" >&5 $as_echo "$as_me: WARNING: This libcurl built is probably not ABI compatible with previous" >&2;} @@ -28221,7 +28277,7 @@ curl_includes_ws2tcpip="\ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 $as_echo_n "checking for windows.h... " >&6; } -if ${ac_cv_header_windows_h+:} false; then : +if ${curl_cv_header_windows_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -28251,19 +28307,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_windows_h="yes" + curl_cv_header_windows_h="yes" else - ac_cv_header_windows_h="no" + curl_cv_header_windows_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_windows_h" >&5 -$as_echo "$ac_cv_header_windows_h" >&6; } - case "$ac_cv_header_windows_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 +$as_echo "$curl_cv_header_windows_h" >&6; } + case "$curl_cv_header_windows_h" in yes) cat >>confdefs.h <<_ACEOF @@ -28281,7 +28337,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 $as_echo_n "checking for winsock2.h... " >&6; } -if ${ac_cv_header_winsock2_h+:} false; then : +if ${curl_cv_header_winsock2_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -28312,19 +28368,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_winsock2_h="yes" + curl_cv_header_winsock2_h="yes" else - ac_cv_header_winsock2_h="no" + curl_cv_header_winsock2_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_winsock2_h" >&5 -$as_echo "$ac_cv_header_winsock2_h" >&6; } - case "$ac_cv_header_winsock2_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 +$as_echo "$curl_cv_header_winsock2_h" >&6; } + case "$curl_cv_header_winsock2_h" in yes) cat >>confdefs.h <<_ACEOF @@ -28337,7 +28393,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ws2tcpip.h" >&5 $as_echo_n "checking for ws2tcpip.h... " >&6; } -if ${ac_cv_header_ws2tcpip_h+:} false; then : +if ${curl_cv_header_ws2tcpip_h+:} false; then : $as_echo_n "(cached) " >&6 else @@ -28369,19 +28425,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_ws2tcpip_h="yes" + curl_cv_header_ws2tcpip_h="yes" else - ac_cv_header_ws2tcpip_h="no" + curl_cv_header_ws2tcpip_h="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_ws2tcpip_h" >&5 -$as_echo "$ac_cv_header_ws2tcpip_h" >&6; } - case "$ac_cv_header_ws2tcpip_h" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ws2tcpip_h" >&5 +$as_echo "$curl_cv_header_ws2tcpip_h" >&6; } + case "$curl_cv_header_ws2tcpip_h" in yes) cat >>confdefs.h <<_ACEOF @@ -28506,7 +28562,7 @@ $as_echo "$curl_typeof_curl_socklen_t" >&6; } $as_echo_n "checking size of curl_socklen_t... " >&6; } curl_sizeof_curl_socklen_t="unknown" curl_pull_headers_socklen_t="unknown" - if test "$ac_cv_header_ws2tcpip_h" = "yes"; then + if test "$curl_cv_header_ws2tcpip_h" = "yes"; then tst_pull_header_checks='none ws2tcpip' tst_size_checks='4' else @@ -28884,19 +28940,19 @@ if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_sig_atomic_t_volatile="no" + curl_cv_sig_atomic_t_volatile="no" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - ac_cv_sig_atomic_t_volatile="yes" + curl_cv_sig_atomic_t_volatile="yes" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext # - if test "$ac_cv_sig_atomic_t_volatile" = "yes"; then + if test "$curl_cv_sig_atomic_t_volatile" = "yes"; then $as_echo "#define HAVE_SIG_ATOMIC_T_VOLATILE 1" >>confdefs.h @@ -29190,7 +29246,7 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SELECT 1 _ACEOF - ac_cv_func_select="yes" + curl_cv_func_select="yes" fi fi @@ -29377,7 +29433,7 @@ cat >>confdefs.h <<_ACEOF #define HAVE_RECV 1 _ACEOF - ac_cv_func_recv="yes" + curl_cv_func_recv="yes" fi else as_fn_error $? "Unable to link function recv" "$LINENO" 5 @@ -29601,7 +29657,7 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SEND 1 _ACEOF - ac_cv_func_send="yes" + curl_cv_func_send="yes" fi else as_fn_error $? "Unable to link function send" "$LINENO" 5 @@ -29623,7 +29679,7 @@ done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MSG_NOSIGNAL" >&5 $as_echo_n "checking for MSG_NOSIGNAL... " >&6; } -if ${ac_cv_msg_nosignal+:} false; then : +if ${curl_cv_msg_nosignal+:} false; then : $as_echo_n "(cached) " >&6 else @@ -29665,19 +29721,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_msg_nosignal="yes" + curl_cv_msg_nosignal="yes" else - ac_cv_msg_nosignal="no" + curl_cv_msg_nosignal="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_msg_nosignal" >&5 -$as_echo "$ac_cv_msg_nosignal" >&6; } - case "$ac_cv_msg_nosignal" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_msg_nosignal" >&5 +$as_echo "$curl_cv_msg_nosignal" >&6; } + case "$curl_cv_msg_nosignal" in yes) cat >>confdefs.h <<_ACEOF @@ -29855,11 +29911,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_ALARM 1 _ACEOF - ac_cv_func_alarm="yes" + curl_cv_func_alarm="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_alarm="no" + curl_cv_func_alarm="no" fi @@ -30061,11 +30117,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_BASENAME 1 _ACEOF - ac_cv_func_basename="yes" + curl_cv_func_basename="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_basename="no" + curl_cv_func_basename="no" fi @@ -30228,11 +30284,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_CLOSESOCKET 1 _ACEOF - ac_cv_func_closesocket="yes" + curl_cv_func_closesocket="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_closesocket="no" + curl_cv_func_closesocket="no" fi @@ -30367,11 +30423,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_CLOSESOCKET_CAMEL 1 _ACEOF - ac_cv_func_closesocket_camel="yes" + curl_cv_func_closesocket_camel="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_closesocket_camel="no" + curl_cv_func_closesocket_camel="no" fi @@ -30512,11 +30568,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_CONNECT 1 _ACEOF - ac_cv_func_connect="yes" + curl_cv_func_connect="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_connect="no" + curl_cv_func_connect="no" fi @@ -30689,7 +30745,7 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FCNTL 1 _ACEOF - ac_cv_func_fcntl="yes" + curl_cv_func_fcntl="yes" # tst_compi_fcntl_o_nonblock="unknown" @@ -30701,7 +30757,7 @@ _ACEOF ;; esac # - if test "$ac_cv_func_fcntl" = "yes"; then + if test "$curl_cv_func_fcntl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fcntl O_NONBLOCK is compilable" >&5 $as_echo_n "checking if fcntl O_NONBLOCK is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -30763,17 +30819,17 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FCNTL_O_NONBLOCK 1 _ACEOF - ac_cv_func_fcntl_o_nonblock="yes" + curl_cv_func_fcntl_o_nonblock="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_fcntl_o_nonblock="no" + curl_cv_func_fcntl_o_nonblock="no" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_fcntl="no" + curl_cv_func_fcntl="no" fi @@ -30943,11 +30999,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FDOPEN 1 _ACEOF - ac_cv_func_fdopen="yes" + curl_cv_func_fdopen="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_fdopen="no" + curl_cv_func_fdopen="no" fi @@ -31111,11 +31167,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FREEADDRINFO 1 _ACEOF - ac_cv_func_freeaddrinfo="yes" + curl_cv_func_freeaddrinfo="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_freeaddrinfo="no" + curl_cv_func_freeaddrinfo="no" fi @@ -31290,11 +31346,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FREEIFADDRS 1 _ACEOF - ac_cv_func_freeifaddrs="yes" + curl_cv_func_freeifaddrs="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_freeifaddrs="no" + curl_cv_func_freeifaddrs="no" fi @@ -31524,11 +31580,11 @@ $as_echo "#define HAVE_FSETXATTR_6 1" >>confdefs.h fi # - ac_cv_func_fsetxattr="yes" + curl_cv_func_fsetxattr="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_fsetxattr="no" + curl_cv_func_fsetxattr="no" fi @@ -31673,11 +31729,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_FTRUNCATE 1 _ACEOF - ac_cv_func_ftruncate="yes" + curl_cv_func_ftruncate="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ftruncate="no" + curl_cv_func_ftruncate="no" fi @@ -31914,15 +31970,15 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETADDRINFO 1 _ACEOF - ac_cv_func_getaddrinfo="yes" + curl_cv_func_getaddrinfo="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_getaddrinfo="no" - ac_cv_func_getaddrinfo_threadsafe="no" + curl_cv_func_getaddrinfo="no" + curl_cv_func_getaddrinfo_threadsafe="no" fi # - if test "$ac_cv_func_getaddrinfo" = "yes"; then + if test "$curl_cv_func_getaddrinfo" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo is threadsafe" >&5 $as_echo_n "checking if getaddrinfo is threadsafe... " >&6; } case $host_os in @@ -31964,7 +32020,7 @@ $as_echo_n "checking if getaddrinfo is threadsafe... " >&6; } ;; esac if test "$tst_tsafe_getaddrinfo" = "unknown" && - test "$ac_cv_native_windows" = "yes"; then + test "$curl_cv_native_windows" = "yes"; then tst_tsafe_getaddrinfo="yes" fi if test "$tst_tsafe_getaddrinfo" = "unknown"; then @@ -32087,9 +32143,9 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETADDRINFO_THREADSAFE 1 _ACEOF - ac_cv_func_getaddrinfo_threadsafe="yes" + curl_cv_func_getaddrinfo_threadsafe="yes" else - ac_cv_func_getaddrinfo_threadsafe="no" + curl_cv_func_getaddrinfo_threadsafe="no" fi fi @@ -32228,11 +32284,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GAI_STRERROR 1 _ACEOF - ac_cv_func_gai_strerror="yes" + curl_cv_func_gai_strerror="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gai_strerror="no" + curl_cv_func_gai_strerror="no" fi @@ -32370,11 +32426,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETHOSTBYADDR 1 _ACEOF - ac_cv_func_gethostbyaddr="yes" + curl_cv_func_gethostbyaddr="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gethostbyaddr="no" + curl_cv_func_gethostbyaddr="no" fi @@ -32619,11 +32675,11 @@ $as_echo "#define HAVE_GETHOSTBYADDR_R_8 1" >>confdefs.h fi # - ac_cv_func_gethostbyaddr_r="yes" + curl_cv_func_gethostbyaddr_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gethostbyaddr_r="no" + curl_cv_func_gethostbyaddr_r="no" fi @@ -32761,11 +32817,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETHOSTBYNAME 1 _ACEOF - ac_cv_func_gethostbyname="yes" + curl_cv_func_gethostbyname="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gethostbyname="no" + curl_cv_func_gethostbyname="no" fi @@ -33010,11 +33066,11 @@ $as_echo "#define HAVE_GETHOSTBYNAME_R_6 1" >>confdefs.h fi # - ac_cv_func_gethostbyname_r="yes" + curl_cv_func_gethostbyname_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gethostbyname_r="no" + curl_cv_func_gethostbyname_r="no" fi @@ -33199,11 +33255,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETHOSTNAME 1 _ACEOF - ac_cv_func_gethostname="yes" + curl_cv_func_gethostname="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gethostname="no" + curl_cv_func_gethostname="no" fi @@ -33404,11 +33460,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETIFADDRS 1 _ACEOF - ac_cv_func_getifaddrs="yes" + curl_cv_func_getifaddrs="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_getifaddrs="no" + curl_cv_func_getifaddrs="no" fi @@ -33652,11 +33708,11 @@ $as_echo "#define GETSERVBYPORT_R_BUFSIZE sizeof(struct servent_data)" >>confdef $as_echo "#define GETSERVBYPORT_R_BUFSIZE 4096" >>confdefs.h fi - ac_cv_func_getservbyport_r="yes" + curl_cv_func_getservbyport_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_getservbyport_r="no" + curl_cv_func_getservbyport_r="no" fi @@ -33889,11 +33945,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GMTIME_R 1 _ACEOF - ac_cv_func_gmtime_r="yes" + curl_cv_func_gmtime_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_gmtime_r="no" + curl_cv_func_gmtime_r="no" fi @@ -34135,11 +34191,11 @@ $as_echo "#define HAVE_INET_NTOA_R_3 1" >>confdefs.h fi # - ac_cv_func_inet_ntoa_r="yes" + curl_cv_func_inet_ntoa_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_inet_ntoa_r="no" + curl_cv_func_inet_ntoa_r="no" fi @@ -34382,11 +34438,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_INET_NTOP 1 _ACEOF - ac_cv_func_inet_ntop="yes" + curl_cv_func_inet_ntop="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_inet_ntop="no" + curl_cv_func_inet_ntop="no" fi @@ -34622,11 +34678,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_INET_PTON 1 _ACEOF - ac_cv_func_inet_pton="yes" + curl_cv_func_inet_pton="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_inet_pton="no" + curl_cv_func_inet_pton="no" fi @@ -34805,13 +34861,13 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTL 1 _ACEOF - ac_cv_func_ioctl="yes" + curl_cv_func_ioctl="yes" # tst_compi_ioctl_fionbio="unknown" tst_allow_ioctl_fionbio="unknown" # - if test "$ac_cv_func_ioctl" = "yes"; then + if test "$curl_cv_func_ioctl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctl FIONBIO is compilable" >&5 $as_echo_n "checking if ioctl FIONBIO is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -34873,11 +34929,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTL_FIONBIO 1 _ACEOF - ac_cv_func_ioctl_fionbio="yes" + curl_cv_func_ioctl_fionbio="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctl_fionbio="no" + curl_cv_func_ioctl_fionbio="no" fi @@ -34885,7 +34941,7 @@ $as_echo "no" >&6; } tst_compi_ioctl_siocgifaddr="unknown" tst_allow_ioctl_siocgifaddr="unknown" # - if test "$ac_cv_func_ioctl" = "yes"; then + if test "$curl_cv_func_ioctl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctl SIOCGIFADDR is compilable" >&5 $as_echo_n "checking if ioctl SIOCGIFADDR is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -34948,17 +35004,17 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTL_SIOCGIFADDR 1 _ACEOF - ac_cv_func_ioctl_siocgifaddr="yes" + curl_cv_func_ioctl_siocgifaddr="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctl_siocgifaddr="no" + curl_cv_func_ioctl_siocgifaddr="no" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctl="no" + curl_cv_func_ioctl="no" fi @@ -35093,13 +35149,13 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTLSOCKET 1 _ACEOF - ac_cv_func_ioctlsocket="yes" + curl_cv_func_ioctlsocket="yes" # tst_compi_ioctlsocket_fionbio="unknown" tst_allow_ioctlsocket_fionbio="unknown" # - if test "$ac_cv_func_ioctlsocket" = "yes"; then + if test "$curl_cv_func_ioctlsocket" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ioctlsocket FIONBIO is compilable" >&5 $as_echo_n "checking if ioctlsocket FIONBIO is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -35161,17 +35217,17 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTLSOCKET_FIONBIO 1 _ACEOF - ac_cv_func_ioctlsocket_fionbio="yes" + curl_cv_func_ioctlsocket_fionbio="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctlsocket_fionbio="no" + curl_cv_func_ioctlsocket_fionbio="no" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctlsocket="no" + curl_cv_func_ioctlsocket="no" fi @@ -35316,13 +35372,13 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTLSOCKET_CAMEL 1 _ACEOF - ac_cv_func_ioctlsocket_camel="yes" + curl_cv_func_ioctlsocket_camel="yes" # tst_compi_ioctlsocket_camel_fionbio="unknown" tst_allow_ioctlsocket_camel_fionbio="unknown" # - if test "$ac_cv_func_ioctlsocket_camel" = "yes"; then + if test "$curl_cv_func_ioctlsocket_camel" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if IoctlSocket FIONBIO is compilable" >&5 $as_echo_n "checking if IoctlSocket FIONBIO is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -35384,17 +35440,17 @@ cat >>confdefs.h <<_ACEOF #define HAVE_IOCTLSOCKET_CAMEL_FIONBIO 1 _ACEOF - ac_cv_func_ioctlsocket_camel_fionbio="yes" + curl_cv_func_ioctlsocket_camel_fionbio="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctlsocket_camel_fionbio="no" + curl_cv_func_ioctlsocket_camel_fionbio="no" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_ioctlsocket_camel="no" + curl_cv_func_ioctlsocket_camel="no" fi @@ -35595,11 +35651,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_LOCALTIME_R 1 _ACEOF - ac_cv_func_localtime_r="yes" + curl_cv_func_localtime_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_localtime_r="no" + curl_cv_func_localtime_r="no" fi @@ -35783,11 +35839,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_MEMRCHR 1 _ACEOF - ac_cv_func_memrchr="yes" + curl_cv_func_memrchr="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_memrchr="no" + curl_cv_func_memrchr="no" fi @@ -35985,11 +36041,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_POLL_FINE 1 _ACEOF - ac_cv_func_poll="yes" + curl_cv_func_poll="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_poll="no" + curl_cv_func_poll="no" fi @@ -36127,13 +36183,13 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SETSOCKOPT 1 _ACEOF - ac_cv_func_setsockopt="yes" + curl_cv_func_setsockopt="yes" # tst_compi_setsockopt_so_nonblock="unknown" tst_allow_setsockopt_so_nonblock="unknown" # - if test "$ac_cv_func_setsockopt" = "yes"; then + if test "$curl_cv_func_setsockopt" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setsockopt SO_NONBLOCK is compilable" >&5 $as_echo_n "checking if setsockopt SO_NONBLOCK is compilable... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -36195,17 +36251,17 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SETSOCKOPT_SO_NONBLOCK 1 _ACEOF - ac_cv_func_setsockopt_so_nonblock="yes" + curl_cv_func_setsockopt_so_nonblock="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_setsockopt_so_nonblock="no" + curl_cv_func_setsockopt_so_nonblock="no" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_setsockopt="no" + curl_cv_func_setsockopt="no" fi @@ -36375,11 +36431,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SIGACTION 1 _ACEOF - ac_cv_func_sigaction="yes" + curl_cv_func_sigaction="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_sigaction="no" + curl_cv_func_sigaction="no" fi @@ -36524,11 +36580,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SIGINTERRUPT 1 _ACEOF - ac_cv_func_siginterrupt="yes" + curl_cv_func_siginterrupt="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_siginterrupt="no" + curl_cv_func_siginterrupt="no" fi @@ -36673,11 +36729,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SIGNAL 1 _ACEOF - ac_cv_func_signal="yes" + curl_cv_func_signal="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_signal="no" + curl_cv_func_signal="no" fi @@ -36888,11 +36944,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SIGSETJMP 1 _ACEOF - ac_cv_func_sigsetjmp="yes" + curl_cv_func_sigsetjmp="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_sigsetjmp="no" + curl_cv_func_sigsetjmp="no" fi @@ -37033,11 +37089,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SOCKET 1 _ACEOF - ac_cv_func_socket="yes" + curl_cv_func_socket="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_socket="no" + curl_cv_func_socket="no" fi @@ -37185,11 +37241,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_SOCKETPAIR 1 _ACEOF - ac_cv_func_socketpair="yes" + curl_cv_func_socketpair="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_socketpair="no" + curl_cv_func_socketpair="no" fi @@ -37334,11 +37390,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRCASECMP 1 _ACEOF - ac_cv_func_strcasecmp="yes" + curl_cv_func_strcasecmp="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strcasecmp="no" + curl_cv_func_strcasecmp="no" fi @@ -37483,11 +37539,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRCMPI 1 _ACEOF - ac_cv_func_strcmpi="yes" + curl_cv_func_strcmpi="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strcmpi="no" + curl_cv_func_strcmpi="no" fi @@ -37632,11 +37688,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRDUP 1 _ACEOF - ac_cv_func_strdup="yes" + curl_cv_func_strdup="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strdup="no" + curl_cv_func_strdup="no" fi @@ -38037,11 +38093,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF fi - ac_cv_func_strerror_r="yes" + curl_cv_func_strerror_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strerror_r="no" + curl_cv_func_strerror_r="no" fi # if test "$tst_compi_strerror_r" = "yes" && @@ -38193,11 +38249,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRICMP 1 _ACEOF - ac_cv_func_stricmp="yes" + curl_cv_func_stricmp="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_stricmp="no" + curl_cv_func_stricmp="no" fi @@ -38342,11 +38398,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRNCASECMP 1 _ACEOF - ac_cv_func_strncasecmp="yes" + curl_cv_func_strncasecmp="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strncasecmp="no" + curl_cv_func_strncasecmp="no" fi @@ -38491,11 +38547,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRNCMPI 1 _ACEOF - ac_cv_func_strncmpi="yes" + curl_cv_func_strncmpi="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strncmpi="no" + curl_cv_func_strncmpi="no" fi @@ -38640,11 +38696,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRNICMP 1 _ACEOF - ac_cv_func_strnicmp="yes" + curl_cv_func_strnicmp="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strnicmp="no" + curl_cv_func_strnicmp="no" fi @@ -38789,11 +38845,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRSTR 1 _ACEOF - ac_cv_func_strstr="yes" + curl_cv_func_strstr="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strstr="no" + curl_cv_func_strstr="no" fi @@ -38938,11 +38994,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRTOK_R 1 _ACEOF - ac_cv_func_strtok_r="yes" + curl_cv_func_strtok_r="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strtok_r="no" + curl_cv_func_strtok_r="no" fi @@ -39087,11 +39143,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_STRTOLL 1 _ACEOF - ac_cv_func_strtoll="yes" + curl_cv_func_strtoll="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_strtoll="no" + curl_cv_func_strtoll="no" fi @@ -39261,11 +39317,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_WRITEV 1 _ACEOF - ac_cv_func_writev="yes" + curl_cv_func_writev="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_writev="no" + curl_cv_func_writev="no" fi @@ -39660,13 +39716,13 @@ cat >>confdefs.h <<_ACEOF #define HAVE_GETNAMEINFO 1 _ACEOF - ac_cv_func_getnameinfo="yes" + curl_cv_func_getnameinfo="yes" fi fi if test "$ipv6" = "yes"; then - if test "$ac_cv_func_getaddrinfo" = "yes"; then + if test "$curl_cv_func_getaddrinfo" = "yes"; then $as_echo "#define ENABLE_IPV6 1" >>confdefs.h @@ -39691,7 +39747,7 @@ done # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working NI_WITHSCOPEID" >&5 $as_echo_n "checking for working NI_WITHSCOPEID... " >&6; } -if ${ac_cv_working_ni_withscopeid+:} false; then : +if ${curl_cv_working_ni_withscopeid+:} false; then : $as_echo_n "(cached) " >&6 else @@ -39719,11 +39775,11 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_working_ni_withscopeid="yes" + curl_cv_working_ni_withscopeid="yes" else - ac_cv_working_ni_withscopeid="no" + curl_cv_working_ni_withscopeid="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # AC-COMPILE-IFELSE @@ -39797,12 +39853,12 @@ _ACEOF if ac_fn_c_try_run "$LINENO"; then : # Exit code == 0. Program worked. - ac_cv_working_ni_withscopeid="yes" + curl_cv_working_ni_withscopeid="yes" else # Exit code != 0. Program failed. - ac_cv_working_ni_withscopeid="no" + curl_cv_working_ni_withscopeid="no" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -39811,9 +39867,9 @@ fi # AC-RUN-IFELSE fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_ni_withscopeid" >&5 -$as_echo "$ac_cv_working_ni_withscopeid" >&6; } # AC-CACHE-CHECK - case "$ac_cv_working_ni_withscopeid" in +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_working_ni_withscopeid" >&5 +$as_echo "$curl_cv_working_ni_withscopeid" >&6; } # AC-CACHE-CHECK + case "$curl_cv_working_ni_withscopeid" in yes) $as_echo "#define HAVE_NI_WITHSCOPEID 1" >>confdefs.h @@ -39829,15 +39885,15 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to set a socket into non-blocking mode" >&5 $as_echo_n "checking how to set a socket into non-blocking mode... " >&6; } - if test "x$ac_cv_func_fcntl_o_nonblock" = "xyes"; then + if test "x$curl_cv_func_fcntl_o_nonblock" = "xyes"; then tst_method="fcntl O_NONBLOCK" - elif test "x$ac_cv_func_ioctl_fionbio" = "xyes"; then + elif test "x$curl_cv_func_ioctl_fionbio" = "xyes"; then tst_method="ioctl FIONBIO" - elif test "x$ac_cv_func_ioctlsocket_fionbio" = "xyes"; then + elif test "x$curl_cv_func_ioctlsocket_fionbio" = "xyes"; then tst_method="ioctlsocket FIONBIO" - elif test "x$ac_cv_func_ioctlsocket_camel_fionbio" = "xyes"; then + elif test "x$curl_cv_func_ioctlsocket_camel_fionbio" = "xyes"; then tst_method="IoctlSocket FIONBIO" - elif test "x$ac_cv_func_setsockopt_so_nonblock" = "xyes"; then + elif test "x$curl_cv_func_setsockopt_so_nonblock" = "xyes"; then tst_method="setsockopt SO_NONBLOCK" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tst_method" >&5 @@ -40091,7 +40147,7 @@ else fi -if test "x$ac_cv_native_windows" != "xyes" && +if test "x$curl_cv_native_windows" != "xyes" && test "x$enable_shared" = "xyes"; then build_libhostname=yes else @@ -40234,7 +40290,7 @@ $as_echo_n "checking whether to enable SSPI support (Windows native builds only) if test "${enable_sspi+set}" = set; then : enableval=$enable_sspi; case "$enableval" in yes) - if test "$ac_cv_native_windows" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -40325,7 +40381,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable NTLM delegation to winbind's helper" >&5 $as_echo_n "checking whether to enable NTLM delegation to winbind's helper... " >&6; } - if test "$ac_cv_native_windows" = "yes" || + if test "$curl_cv_native_windows" = "yes" || test "x$SSL_ENABLED" = "x"; then want_ntlm_wb_file="" want_ntlm_wb="no" @@ -40454,7 +40510,7 @@ fi $as_echo_n "checking whether hiding of library internal symbols will actually happen... " >&6; } CFLAG_CURL_SYMBOL_HIDING="" doing_symbol_hiding="no" - if test x"$ac_cv_native_windows" != "xyes" && + if test x"$curl_cv_native_windows" != "xyes" && test "$want_symbol_hiding" = "yes" && test "$supports_symbol_hiding" = "yes"; then doing_symbol_hiding="yes" @@ -40581,8 +40637,8 @@ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ - -o "x$DARWINSSL_ENABLED" = "x1"; then + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" if test "x$CURL_DISABLE_HTTP" != "x1" -a \ @@ -40653,8 +40709,8 @@ fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ - -o "x$DARWINSSL_ENABLED" = "x1" \); then + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" @@ -42685,7 +42741,6 @@ $as_echo X"$file" | cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. diff --git a/configure.ac b/configure.ac index b208d4d..083e18c 100644 --- a/configure.ac +++ b/configure.ac @@ -339,7 +339,7 @@ dnl ********************************************************************** CURL_CHECK_HEADER_WINDOWS CURL_CHECK_NATIVE_WINDOWS -case X-"$ac_cv_native_windows" in +case X-"$curl_cv_native_windows" in X-yes) CURL_CHECK_HEADER_WINSOCK CURL_CHECK_HEADER_WINSOCK2 @@ -348,11 +348,11 @@ case X-"$ac_cv_native_windows" in CURL_CHECK_HEADER_WINBER ;; *) - ac_cv_header_winsock_h="no" - ac_cv_header_winsock2_h="no" - ac_cv_header_ws2tcpip_h="no" - ac_cv_header_winldap_h="no" - ac_cv_header_winber_h="no" + curl_cv_header_winsock_h="no" + curl_cv_header_winsock2_h="no" + curl_cv_header_ws2tcpip_h="no" + curl_cv_header_winldap_h="no" + curl_cv_header_winber_h="no" ;; esac CURL_CHECK_WIN32_LARGEFILE @@ -742,8 +742,8 @@ fi if test "$HAVE_GETHOSTBYNAME" != "1" then dnl This is for winsock systems - if test "$ac_cv_header_windows_h" = "yes"; then - if test "$ac_cv_header_winsock_h" = "yes"; then + if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_header_winsock_h" = "yes"; then case $host in *-*-mingw32ce*) winsock_LIB="-lwinsock" @@ -753,7 +753,7 @@ then ;; esac fi - if test "$ac_cv_header_winsock2_h" = "yes"; then + if test "$curl_cv_header_winsock2_h" = "yes"; then winsock_LIB="-lws2_32" fi if test ! -z "$winsock_LIB"; then @@ -851,17 +851,6 @@ if test "$HAVE_GETHOSTBYNAME" != "1"; then AC_MSG_ERROR([couldn't find libraries for gethostbyname()]) fi -dnl resolve lib? -AC_CHECK_FUNC(strcasecmp, , [ AC_CHECK_LIB(resolve, strcasecmp) ]) - -if test "$ac_cv_lib_resolve_strcasecmp" = "$ac_cv_func_strcasecmp"; then - AC_CHECK_LIB(resolve, strcasecmp, - [LIBS="-lresolve $LIBS"], - , - -lnsl) -fi -ac_cv_func_strcasecmp="no" - CURL_CHECK_LIBS_CONNECT CURL_NETWORK_LIBS=$LIBS @@ -902,17 +891,30 @@ else OPT_ZLIB="" fi + CURL_CHECK_PKGCONFIG(zlib) + + if test "$PKGCONFIG" != "no" ; then + LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS" + LDFLAGS="`$PKGCONFIG --libs-only-L zlib` $LDFLAGS" + CPPFLAGS="`$PKGCONFIG --cflags-only-I zlib` $CPPFLAGS" + OPT_ZLIB="" + HAVE_LIBZ="1" + fi + if test -z "$OPT_ZLIB" ; then - dnl check for the lib first without setting any new path, since many - dnl people have it in the default path - AC_CHECK_LIB(z, inflateEnd, + if test -z "$HAVE_LIBZ"; then + + dnl Check for the lib without setting any new path, since many + dnl people have it in the default path + + AC_CHECK_LIB(z, inflateEnd, dnl libz found, set the variable [HAVE_LIBZ="1" LIBS="-lz $LIBS"], dnl if no lib found, try /usr/local [OPT_ZLIB="/usr/local"]) - + fi fi dnl Add a nonempty path to the compiler flags @@ -999,7 +1001,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then CURL_CHECK_HEADER_LDAP_SSL if test -z "$LDAPLIBNAME" ; then - if test "$ac_cv_native_windows" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then dnl Windows uses a single and unique LDAP library name LDAPLIBNAME="wldap32" LBERLIBNAME="no" @@ -1349,7 +1351,7 @@ AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]), AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) if test "$curl_ssl_msg" = "$init_ssl_msg"; then if test "x$OPT_WINSSL" != "xno" && - test "x$ac_cv_native_windows" = "xyes"; then + test "x$curl_cv_native_windows" = "xyes"; then AC_MSG_RESULT(yes) AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) AC_SUBST(USE_SCHANNEL, [1]) @@ -1359,6 +1361,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) AC_SUBST(USE_WINDOWS_SSPI, [1]) curl_sspi_msg="enabled" + LIBS="-lcrypt32 $LIBS" else AC_MSG_RESULT(no) fi @@ -2206,10 +2209,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then dnl Recent WolfSSL versions build without SSLv3 by default dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* AC_CHECK_FUNCS(wolfSSLv3_client_method \ - wolfSSL_get_peer_certificate) + wolfSSL_CTX_UseSupportedCurve \ + wolfSSL_get_peer_certificate \ + wolfSSL_UseALPN) else dnl Cyassl needs configure --enable-opensslextra to have *get_peer* - AC_CHECK_FUNCS(CyaSSL_get_peer_certificate) + AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \ + CyaSSL_get_peer_certificate) fi if test -n "$cyassllib"; then @@ -3170,7 +3176,7 @@ AC_CHECK_SIZEOF(time_t) AC_CHECK_SIZEOF(off_t) soname_bump=no -if test x"$ac_cv_native_windows" != "xyes" && +if test x"$curl_cv_native_windows" != "xyes" && test $ac_cv_sizeof_off_t -ne $curl_sizeof_curl_off_t; then AC_MSG_WARN([This libcurl built is probably not ABI compatible with previous]) AC_MSG_WARN([builds! You MUST read lib/README.curl_off_t to figure it out.]) @@ -3338,7 +3344,7 @@ dnl and get the types of five of its arguments. CURL_CHECK_FUNC_GETNAMEINFO if test "$ipv6" = "yes"; then - if test "$ac_cv_func_getaddrinfo" = "yes"; then + if test "$curl_cv_func_getaddrinfo" = "yes"; then AC_DEFINE(ENABLE_IPV6, 1, [Define if you want to enable IPv6 support]) IPV6_ENABLED=1 AC_SUBST(IPV6_ENABLED) @@ -3405,7 +3411,7 @@ AM_CONDITIONAL(USE_MANUAL, test x"$USE_MANUAL" = x1) CURL_CHECK_LIB_ARES AM_CONDITIONAL(USE_EMBEDDED_ARES, test x$embedded_ares = xyes) -if test "x$ac_cv_native_windows" != "xyes" && +if test "x$curl_cv_native_windows" != "xyes" && test "x$enable_shared" = "xyes"; then build_libhostname=yes else @@ -3475,7 +3481,7 @@ AC_HELP_STRING([--enable-sspi],[Enable SSPI]) AC_HELP_STRING([--disable-sspi],[Disable SSPI]), [ case "$enableval" in yes) - if test "$ac_cv_native_windows" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then AC_MSG_RESULT(yes) AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) AC_SUBST(USE_WINDOWS_SSPI, [1]) @@ -3704,8 +3710,8 @@ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ - -o "x$DARWINSSL_ENABLED" = "x1"; then + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" if test "x$CURL_DISABLE_HTTP" != "x1" -a \ @@ -3777,8 +3783,8 @@ fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ - -o "x$DARWINSSL_ENABLED" = "x1" \); then + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" diff --git a/docs/CHECKSRC.md b/docs/CHECKSRC.md new file mode 100644 index 0000000..591e066 --- /dev/null +++ b/docs/CHECKSRC.md @@ -0,0 +1,124 @@ +# checksrc + +This is the tool we use within the curl project to scan C source code and +check that it adheres to our [Source Code Style guide](CODE_STYLE.md). + +## Usage + + checksrc.pl [options] [file1] [file2] ... + +## Command line options + +`-W[file]` whitelists that file and excludes it from being checked. Helpful +when, for example, one of the files is generated. + +`-D[dir]` directory name to prepend to file names when accessing them. + +`-h` shows the help output, that also lists all recognized warnings + +## What does checksrc warn for? + +checksrc does not check and verify the code against the entire style guide, +but the script is instead an effort to detect the most common mistakes and +syntax mistakes that contributers make before they get accustomed to our code +style. Heck, many of us regulars do the mistakes too and this script helps us +keep the code in shape. + + checksrc.pl -h + +Lists how to use the script and it lists all existing warnings it has and +problems it detects. At the time of this writing, the existing checksrc +warnings are: + +- `BADCOMMAND`: There's a bad !checksrc! instruction in the code. See the + **Ignore certain warnings** section below for details. + +- `BANNEDFUNC`: A banned function was used. The funtions sprintf, vsprintf, + strcat, strncat, gets are **never** allowed in curl source code. + +- `BRACEELSE`: '} else' on the same line. The else is supposed to be on the + following line. + +- `BRACEPOS`: wrong position for an open brace (`{`). + +- `COMMANOSPACE`: a comma without following space + +- `COPYRIGHT`: the file is missing a copyright statement! + +- `CPPCOMMENTS`: `//` comment detected, that's not C89 compliant + +- `FOPENMODE`: `fopen()` needs a macro for the mode string, use it + +- `INDENTATION`: detected a wrong start column for code. Note that this warning + only checks some specific places and will certainly miss many bad + indentations. + +- `LONGLINE`: A line is longer than 79 columns. + +- `PARENBRACE`: `){` was used without sufficient space in between. + +- `RETURNNOSPACE`: `return` was used without space between the keyword and the + following value. + +- `SPACEAFTERPAREN`: there was a space after open parenthesis, `( text`. + +- `SPACEBEFORECLOSE`: there was a space before a close parenthesis, `text )`. + +- `SPACEBEFORECOMMA`: there was a space before a comma, `one , two`. + +- `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`, + where one was not expected + +- `SPACESEMILCOLON`: there was a space before semicolon, ` ;`. + +- `TABS`: TAB characters are not allowed! + +- `TRAILINGSPACE`: Trailing white space on the line + +- `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, + that's an ignore that should be removed or changed to get used. + +## Ignore certain warnings + +Due to the nature of the source code and the flaws of the checksrc tool, there +is sometimes a need to ignore specific warnings. checksrc allows a few +different ways to do this. + +### Inline ignore + +You can control what to ignore within a specific source file by providing +instructions to checksrc in the source code itself. You need a magic marker +that is `!checksrc!` followed by the instruction. The instruction can ask to +ignore a specific warning N number of times or you ignore all of them until +you mark the end of the ignored section. + +Inline ignores are only done for that single specific source code file. + +Example + + /* !checksrc! disable LONGLINE all */ + +This will ignore the warning for overly long lines until it is re-enabled with: + + /* !checksrc! enable LONGLINE */ + +If the enabling isn't performed before the end of the file, it will be enabled +automatically for the next file. + +You can also opt to ignore just N violations so that if you have a single long +line you just can't shorten and is agreed to be fine anyway: + + /* !checksrc! disable LONGLINE 1 */ + +... and the warning for long lines will be enabled again automatically after +it has ignored that single warning. The number `1` can of course be changed to +any other integer number. It can be used to make sure only the exact intended +instances are ignored and nothing extra. + +### Directory wide ignore patterns + +This is a method we've transitioned away from. Use inline ignores as far as +possible. + +Make a `checksrc.whitelist` file in the directory of the source code with the +false positive, and include the full offending line into this file. diff --git a/docs/CODE_STYLE.md b/docs/CODE_STYLE.md index 033a33b..73a4d94 100644 --- a/docs/CODE_STYLE.md +++ b/docs/CODE_STYLE.md @@ -160,6 +160,7 @@ Examples: ptr = &address; contents = *pointer; complement = ~bits; + empty = (!*string) ? TRUE : FALSE; ## Platform dependent code diff --git a/docs/CONTRIBUTE b/docs/CONTRIBUTE deleted file mode 100644 index 9e84175..0000000 --- a/docs/CONTRIBUTE +++ /dev/null @@ -1,261 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - When Contributing Source Code - - This document is intended to offer guidelines that can be useful to keep in - mind when you decide to contribute to the project. This concerns new features - as well as corrections to existing flaws or bugs. - - 1. Learning cURL - 1.1 Join the Community - 1.2 License - 1.3 What To Read - - 2. Write a good patch - 2.1 Follow code style - 2.2 Non-clobbering All Over - 2.3 Write Separate Patches - 2.4 Patch Against Recent Sources - 2.5 Document - 2.6 Test Cases - - 3. Pushing Out Your Changes - 3.1 Write Access to git Repository - 3.2 How To Make a Patch with git - 3.3 How To Make a Patch without git - 3.4 How to get your changes into the main sources - 3.5 Write good commit messages - 3.6 About pull requests - -============================================================================== - -1. Learning cURL - -1.1 Join the Community - - Skip over to https://curl.haxx.se/mail/ and join the appropriate mailing - list(s). Read up on details before you post questions. Read this file before - you start sending patches! We prefer patches and discussions being held on - the mailing list(s), not sent to individuals. - - Before posting to one of the curl mailing lists, please read up on the mailing - list etiquette: https://curl.haxx.se/mail/etiquette.html - - We also hang out on IRC in #curl on irc.freenode.net - - If you're at all interested in the code side of things, consider clicking - 'watch' on the curl repo at github to get notified on pull requests and new - issues posted there. - -1.2. License - - When contributing with code, you agree to put your changes and new code under - the same license curl and libcurl is already using unless stated and agreed - otherwise. - - If you add a larger piece of code, you can opt to make that file or set of - files to use a different license as long as they don't enforce any changes to - the rest of the package and they make sense. Such "separate parts" can not be - GPL licensed (as we don't want copyleft to affect users of libcurl) but they - must use "GPL compatible" licenses (as we want to allow users to use libcurl - properly in GPL licensed environments). - - When changing existing source code, you do not alter the copyright of the - original file(s). The copyright will still be owned by the original - creator(s) or those who have been assigned copyright by the original - author(s). - - By submitting a patch to the curl project, you are assumed to have the right - to the code and to be allowed by your employer or whatever to hand over that - patch/code to us. We will credit you for your changes as far as possible, to - give credit but also to keep a trace back to who made what changes. Please - always provide us with your full real name when contributing! - -1.3 What To Read - - Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the - most recent changes in the git log. Just lurking on the curl-library mailing - list is gonna give you a lot of insights on what's going on right now. Asking - there is a good idea too. - -2. Write a good patch - -2.1 Follow code style - - When writing C code, follow the CODE_STYLE already established in the - project. Consistent style makes code easier to read and mistakes less likely - to happen. - -2.2 Non-clobbering All Over - - When you write new functionality or fix bugs, it is important that you don't - fiddle all over the source files and functions. Remember that it is likely - that other people have done changes in the same source files as you have and - possibly even in the same functions. If you bring completely new - functionality, try writing it in a new source file. If you fix bugs, try to - fix one bug at a time and send them as separate patches. - -2.3 Write Separate Patches - - It is annoying when you get a huge patch from someone that is said to fix 511 - odd problems, but discussions and opinions don't agree with 510 of them - or - 509 of them were already fixed in a different way. Then the patcher needs to - extract the single interesting patch from somewhere within the huge pile of - source, and that gives a lot of extra work. Preferably, all fixes that - correct different problems should be in their own patch with an attached - description exactly what they correct so that all patches can be selectively - applied by the maintainer or other interested parties. - - Also, separate patches enable bisecting much better when we track problems in - the future. - -2.4 Patch Against Recent Sources - - Please try to get the latest available sources to make your patches - against. It makes the life of the developers so much easier. The very best is - if you get the most up-to-date sources from the git repository, but the - latest release archive is quite OK as well! - -2.5 Document - - Writing docs is dead boring and one of the big problems with many open source - projects. Someone's gotta do it. It makes it a lot easier if you submit a - small description of your fix or your new features with every contribution so - that it can be swiftly added to the package documentation. - - The documentation is always made in man pages (nroff formatted) or plain - ASCII files. All HTML files on the web site and in the release archives are - generated from the nroff/ASCII versions. - -2.6 Test Cases - - Since the introduction of the test suite, we can quickly verify that the main - features are working as they're supposed to. To maintain this situation and - improve it, all new features and functions that are added need to be tested - in the test suite. Every feature that is added should get at least one valid - test case that verifies that it works as documented. If every submitter also - posts a few test cases, it won't end up as a heavy burden on a single person! - - If you don't have test cases or perhaps you have done something that is very - hard to write tests for, do explain exactly how you have otherwise tested and - verified your changes. - -3. Pushing Out Your Changes - -3.1 Write Access to git Repository - - If you are a frequent contributor, or have another good reason, you can of - course get write access to the git repository and then you'll be able to push - your changes straight into the git repo instead of sending changes by mail as - patches. Just ask if this is what you'd want. You will be required to have - posted a few quality patches first, before you can be granted push access. - -3.2 How To Make a Patch with git - - You need to first checkout the repository: - - git clone https://github.com/curl/curl.git - - You then proceed and edit all the files you like and you commit them to your - local repository: - - git commit [file] - - As usual, group your commits so that you commit all changes that at once that - constitutes a logical change. See also section "3.5 Write good commit - messages". - - Once you have done all your commits and you're happy with what you see, you - can make patches out of your changes that are suitable for mailing: - - git format-patch remotes/origin/master - - This creates files in your local directory named NNNN-[name].patch for each - commit. - - Now send those patches off to the curl-library list. You can of course opt to - do that with the 'git send-email' command. - -3.3 How To Make a Patch without git - - Keep a copy of the unmodified curl sources. Make your changes in a separate - source tree. When you think you have something that you want to offer the - curl community, use GNU diff to generate patches. - - If you have modified a single file, try something like: - - diff -u unmodified-file.c my-changed-one.c > my-fixes.diff - - If you have modified several files, possibly in different directories, you - can use diff recursively: - - diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff - - The GNU diff and GNU patch tools exist for virtually all platforms, including - all kinds of Unixes and Windows: - - For unix-like operating systems: - - https://savannah.gnu.org/projects/patch/ - https://www.gnu.org/software/diffutils/ - - For Windows: - - http://gnuwin32.sourceforge.net/packages/patch.htm - http://gnuwin32.sourceforge.net/packages/diffutils.htm - -3.4 How to get your changes into the main sources - - Submit your patch to the curl-library mailing list. - - Make the patch against as recent sources as possible. - - Make sure your patch adheres to the source indent and coding style of already - existing source code. Failing to do so just adds more work for me. - - Respond to replies on the list about the patch and answer questions and/or - fix nits/flaws. This is very important. I will take lack of replies as a sign - that you're not very anxious to get your patch accepted and I tend to simply - drop such patches from my TODO list. - - If you've followed the above paragraphs and your patch still hasn't been - incorporated after some weeks, consider resubmitting it to the list. - -3.5 Write good commit messages - - A short guide to how to do fine commit messages in the curl project. - - ---- start ---- - [area]: [short line describing the main effect] - - [separate the above single line from the rest with an empty line] - - [full description, no wider than 72 columns that describe as much as - possible as to why this change is made, and possibly what things - it fixes and everything else that is related] - - [Bug: link to source of the report or more related discussion] - [Reported-by: John Doe - credit the reporter] - [whatever-else-by: credit all helpers, finders, doers] - ---- stop ---- - - Don't forget to use commit --author="" if you commit someone else's work, - and make sure that you have your own user and email setup correctly in git - before you commit - -3.6 About pull requests - - With git (and especially github) it is easy and tempting to send a pull - request to the curl project to have changes merged this way instead of - mailing patches to the curl-library mailing list. - - We used to dislike this but we're trying to change that and accept that this - is a frictionless way for people to contribute to the project. We now welcome - pull requests! - - We will continue to avoid using github's merge tools to make the history - linear and to make sure commits follow our style guidelines. diff --git a/docs/CONTRIBUTE.md b/docs/CONTRIBUTE.md new file mode 100644 index 0000000..cbda0c0 --- /dev/null +++ b/docs/CONTRIBUTE.md @@ -0,0 +1,247 @@ +# Contributing to the curl project + +This document is intended to offer guidelines on how to best contribute to the +curl project. This concerns new features as well as corrections to existing +flaws or bugs. + +## Learning cURL + +### Join the Community + +Skip over to [https://curl.haxx.se/mail/](https://curl.haxx.se/mail/) and join +the appropriate mailing list(s). Read up on details before you post +questions. Read this file before you start sending patches! We prefer +questions sent to and discussions being held on the mailing list(s), not sent +to individuals. + +Before posting to one of the curl mailing lists, please read up on the +[mailing list etiquette](https://curl.haxx.se/mail/etiquette.html). + +We also hang out on IRC in #curl on irc.freenode.net + +If you're at all interested in the code side of things, consider clicking +'watch' on the [curl repo on github](https://github.com/curl/curl) to get +notified on pull requests and new issues posted there. + +### License and copyright + +When contributing with code, you agree to put your changes and new code under +the same license curl and libcurl is already using unless stated and agreed +otherwise. + +If you add a larger piece of code, you can opt to make that file or set of +files to use a different license as long as they don't enforce any changes to +the rest of the package and they make sense. Such "separate parts" can not be +GPL licensed (as we don't want copyleft to affect users of libcurl) but they +must use "GPL compatible" licenses (as we want to allow users to use libcurl +properly in GPL licensed environments). + +When changing existing source code, you do not alter the copyright of the +original file(s). The copyright will still be owned by the original creator(s) +or those who have been assigned copyright by the original author(s). + +By submitting a patch to the curl project, you are assumed to have the right +to the code and to be allowed by your employer or whatever to hand over that +patch/code to us. We will credit you for your changes as far as possible, to +give credit but also to keep a trace back to who made what changes. Please +always provide us with your full real name when contributing! + +### What To Read + +Source code, the man pages, the [INTERNALS +document](https://curl.haxx.se/dev/internals.html), +[TODO](https://curl.haxx.se/docs/todo.html), +[KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) and the [most recent +changes](https://curl.haxx.se/dev/sourceactivity.html) in git. Just lurking on +the [curl-library mailing +list](https://curl.haxx.se/mail/list.cgi?list=curl-library) will give you a +lot of insights on what's going on right now. Asking there is a good idea too. + +## Write a good patch + +### Follow code style + +When writing C code, follow the +[CODE_STYLE](https://curl.haxx.se/dev/code-style.html) already established in +the project. Consistent style makes code easier to read and mistakes less +likely to happen. Run `make checksrc` before you submit anything, to make sure +you follow the basic style. That script doesn't verify everything, but if it +complains you know you have work to do. + +### Non-clobbering All Over + +When you write new functionality or fix bugs, it is important that you don't +fiddle all over the source files and functions. Remember that it is likely +that other people have done changes in the same source files as you have and +possibly even in the same functions. If you bring completely new +functionality, try writing it in a new source file. If you fix bugs, try to +fix one bug at a time and send them as separate patches. + +### Write Separate Changes + +It is annoying when you get a huge patch from someone that is said to fix 511 +odd problems, but discussions and opinions don't agree with 510 of them - or +509 of them were already fixed in a different way. Then the person merging +this change needs to extract the single interesting patch from somewhere +within the huge pile of source, and that gives a lot of extra work. + +Preferably, each fix that correct a problem should be in its own patch/commit +with its own description/commit message stating exactly what they correct so +that all changes can be selectively applied by the maintainer or other +interested parties. + +Also, separate changes enable bisecting much better when we track problems +and regression in the future. + +### Patch Against Recent Sources + +Please try to get the latest available sources to make your patches against. +It makes the lives of the developers so much easier. The very best is if you +get the most up-to-date sources from the git repository, but the latest +release archive is quite OK as well! + +### Documentation + +Writing docs is dead boring and one of the big problems with many open source +projects. Someone's gotta do it. It makes it a lot easier if you submit a +small description of your fix or your new features with every contribution so +that it can be swiftly added to the package documentation. + +The documentation is always made in man pages (nroff formatted) or plain +ASCII files. All HTML files on the web site and in the release archives are +generated from the nroff/ASCII versions. + +### Test Cases + +Since the introduction of the test suite, we can quickly verify that the main +features are working as they're supposed to. To maintain this situation and +improve it, all new features and functions that are added need to be tested +in the test suite. Every feature that is added should get at least one valid +test case that verifies that it works as documented. If every submitter also +posts a few test cases, it won't end up as a heavy burden on a single person! + +If you don't have test cases or perhaps you have done something that is very +hard to write tests for, do explain exactly how you have otherwise tested and +verified your changes. + +## Sharing Your Changes + +### How to get your changes into the main sources + +Ideally you file a [pull request on +github](https://github.com/curl/curl/pulls), but you can also send your plain +patch to [the curl-library mailing +list](https://curl.haxx.se/mail/list.cgi?list=curl-library). + +Either way, your change will be reviewed and discussed there and you will be +expected to correct flaws pointed out and update accordingly, or the change +risk stalling and eventually just get deleted without action. As a submitter +of a change, you are the owner of that change until it has been merged. + +Respond on the list or on github about the change and answer questions and/or +fix nits/flaws. This is very important. We will take lack of replies as a +sign that you're not very anxious to get your patch accepted and we tend to +simply drop such changes. + +### About pull requests + +With github it is easy to send a [pull +request](https://github.com/curl/curl/pulls) to the curl project to have +changes merged. + +We prefer pull requests to mailed patches, as it makes it a proper git commit +that is easy to merge and they are easy to track and not that easy to loose +in a flood of many emails, like they sometimes do on the mailing lists. + +When you ajust your pull requests after review, consider squashing the +commits so that we can review the full updated version more easily. + +### Making quality patches + +Make the patch against as recent sources as possible. + +If you've followed the tips in this document and your patch still hasn't been +incorporated or responded to after some weeks, consider resubmitting it to +the list or better yet: change it to a pull request. + +### Write good commit messages + +A short guide to how to write commit messages in the curl project. + + ---- start ---- + [area]: [short line describing the main effect] + -- empty line -- + [full description, no wider than 72 columns that describe as much as + possible as to why this change is made, and possibly what things + it fixes and everything else that is related] + -- empty line -- + [Bug: URL to source of the report or more related discussion] + [Reported-by: John Doe - credit the reporter] + [whatever-else-by: credit all helpers, finders, doers] + ---- stop ---- + +Don't forget to use commit --author="" if you commit someone else's work, +and make sure that you have your own user and email setup correctly in git +before you commit + +### Write Access to git Repository + +If you are a very frequent contributor, you may be given push access to the +git repository and then you'll be able to push your changes straight into the +git repo instead of sending changes as pull requests or by mail as patches. + +Just ask if this is what you'd want. You will be required to have posted +several high quality patches first, before you can be granted push access. + +### How To Make a Patch with git + +You need to first checkout the repository: + + git clone https://github.com/curl/curl.git + +You then proceed and edit all the files you like and you commit them to your +local repository: + + git commit [file] + +As usual, group your commits so that you commit all changes that at once that +constitutes a logical change. + +Once you have done all your commits and you're happy with what you see, you +can make patches out of your changes that are suitable for mailing: + + git format-patch remotes/origin/master + +This creates files in your local directory named NNNN-[name].patch for each +commit. + +Now send those patches off to the curl-library list. You can of course opt to +do that with the 'git send-email' command. + +### How To Make a Patch without git + +Keep a copy of the unmodified curl sources. Make your changes in a separate +source tree. When you think you have something that you want to offer the +curl community, use GNU diff to generate patches. + +If you have modified a single file, try something like: + + diff -u unmodified-file.c my-changed-one.c > my-fixes.diff + +If you have modified several files, possibly in different directories, you +can use diff recursively: + + diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff + +The GNU diff and GNU patch tools exist for virtually all platforms, including +all kinds of Unixes and Windows: + +For unix-like operating systems: + + - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) + - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) + +For Windows: + + - [http://gnuwin32.sourceforge.net/packages/patch.htm](http://gnuwin32.sourceforge.net/packages/patch.htm) + - [http://gnuwin32.sourceforge.net/packages/diffutils.htm](http://gnuwin32.sourceforge.net/packages/diffutils.htm) diff --git a/docs/FAQ b/docs/FAQ index 8608153..d9e538a 100644 --- a/docs/FAQ +++ b/docs/FAQ @@ -968,8 +968,8 @@ FAQ 4.9 Curl can't authenticate to the server that requires NTLM? - NTLM support requires OpenSSL, GnuTLS, NSS, Secure Transport, or Microsoft - Windows libraries at build-time to provide this functionality. + NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or + Microsoft Windows libraries at build-time to provide this functionality. NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You should not use such ones. @@ -1185,25 +1185,9 @@ FAQ your system has such. Note that you must never share the same handle in multiple threads. - libcurl's implementation of timeouts might use signals (depending on what it - was built to use for name resolving), and signal handling is generally not - thread-safe. Multi-threaded Applicationss that call libcurl from different - threads (on different handles) might want to use CURLOPT_NOSIGNAL, e.g.: - - curl_easy_setopt(handle, CURLOPT_NOSIGNAL, true); - - If you use a OpenSSL-powered libcurl in a multi-threaded environment, you - need to provide one or two locking functions: - - https://www.openssl.org/docs/crypto/threads.html - - If you use a GnuTLS-powered libcurl in a multi-threaded environment, you - need to provide locking function(s) for libgcrypt (which is used by GnuTLS - for the crypto functions). - - https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html - - No special locking is needed with a NSS-powered libcurl. NSS is thread-safe. + There may be some exceptions to thread safety depending on how libcurl was + built. Please review the guidelines for thread safety to learn more: + https://curl.haxx.se/libcurl/c/threadsafe.html 5.2 How can I receive all data into a large memory chunk? @@ -1418,17 +1402,27 @@ FAQ CURLOPT_CUSTOMREQUEST to alter what exact listing command libcurl would use to list the files. - The follow-up question that tend to follow the previous one, is how a - program is supposed to parse the directory listing. How does it know what's - a file and what's a dir and what's a symlink etc. The harsh reality is that - FTP provides no such fine and easy-to-parse output. The output format FTP - servers respond to LIST commands are entirely at the server's own liking and - the NLST output doesn't reveal any types and in many cases don't even - include all the directory entries. Also, both LIST and NLST tend to hide - unix-style hidden files (those that start with a dot) by default so you need - to do "LIST -a" or similar to see them. - - The application thus needs to parse the LIST output. One such existing + The follow-up question tends to be how is a program supposed to parse the + directory listing. How does it know what's a file and what's a dir and what's + a symlink etc. If the FTP server supports the MLSD command then it will + return data in a machine-readable format that can be parsed for type. The + types are specified by RFC3659 section 7.5.1. If MLSD is not supported then + you have to work with what you're given. The LIST output format is entirely + at the server's own liking and the NLST output doesn't reveal any types and + in many cases doesn't even include all the directory entries. Also, both LIST + and NLST tend to hide unix-style hidden files (those that start with a dot) + by default so you need to do "LIST -a" or similar to see them. + + Example - List only directories. + ftp.funet.fi supports MLSD and ftp.kernel.org does not: + + curl -s ftp.funet.fi/pub/ -X MLSD | \ + perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/' + + curl -s ftp.kernel.org/pub/linux/kernel/ | \ + perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/' + + If you need to parse LIST output in libcurl one such existing list parser is available at https://cr.yp.to/ftpparse.html Versions of libcurl since 7.21.0 also provide the ability to specify a wildcard to download multiple files from one FTP directory. diff --git a/docs/FEATURES b/docs/FEATURES index 10fbdd5..24fa56d 100644 --- a/docs/FEATURES +++ b/docs/FEATURES @@ -195,8 +195,8 @@ FOOTNOTES *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for example, only supports SSLv3 and TLSv1 *8 = requires libssh2 - *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native - Windows) + *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI + (native Windows) *10 = requires any of the SSL libraries in (*1) above other than axTLS, which does not support SSLv3 *11 = requires libidn or Windows diff --git a/docs/HISTORY b/docs/HISTORY.md similarity index 100% rename from docs/HISTORY rename to docs/HISTORY.md index f878ee1..ea402c6 100644 --- a/docs/HISTORY +++ b/docs/HISTORY.md @@ -178,6 +178,8 @@ August: Curl and libcurl 7.12.1 April. GnuTLS can now optionally be used for the secure layer when curl is built. +April: Added the multi_socket() API + September: TFTP support was added. More than 100,000 unique visitors of the curl web site. 25 mirrors. @@ -193,8 +195,6 @@ nobody had found out in all this time we removed it instead of fixing it. March: security vulnerability: libcurl TFTP Packet Buffer Overflow -April: Added the multi_socket() API - September: The major SONAME number for libcurl was bumped to 4 due to the removal of ftp third party transfer support. diff --git a/docs/HTTP-COOKIES b/docs/HTTP-COOKIES deleted file mode 100644 index 0e43ba7..0000000 --- a/docs/HTTP-COOKIES +++ /dev/null @@ -1,123 +0,0 @@ -Updated: July 3, 2012 (https://curl.haxx.se/docs/http-cookies.html) - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - -HTTP Cookies - - 1. HTTP Cookies - 1.1 Cookie overview - 1.2 Cookies saved to disk - 1.3 Cookies with curl the command line tool - 1.4 Cookies with libcurl - 1.5 Cookies with javascript - -============================================================================== - -1. HTTP Cookies - - 1.1 Cookie overview - - HTTP cookies are pieces of 'name=contents' snippets that a server tells the - client to hold and then the client sends back those the server on subsequent - requests to the same domains/paths for which the cookies were set. - - Cookies are either "session cookies" which typically are forgotten when the - session is over which is often translated to equal when browser quits, or - the cookies aren't session cookies they have expiration dates after which - the client will throw them away. - - Cookies are set to the client with the Set-Cookie: header and are sent to - servers with the Cookie: header. - - For a very long time, the only spec explaining how to use cookies was the - original Netscape spec from 1994: https://curl.haxx.se/rfc/cookie_spec.html - - In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published - and details how cookies work within HTTP. - - 1.2 Cookies saved to disk - - Netscape once created a file format for storing cookies on disk so that they - would survive browser restarts. curl adopted that file format to allow - sharing the cookies with browsers, only to see browsers move away from that - format. Modern browsers no longer use it, while curl still does. - - The netscape cookie file format stores one cookie per physical line in the - file with a bunch of associated meta data, each field separated with - TAB. That file is called the cookiejar in curl terminology. - - When libcurl saves a cookiejar, it creates a file header of its own in which - there is a URL mention that will link to the web version of this document. - - 1.3 Cookies with curl the command line tool - - curl has a full cookie "engine" built in. If you just activate it, you can - have curl receive and send cookies exactly as mandated in the specs. - - Command line options: - - -b, --cookie - - tell curl a file to read cookies from and start the cookie engine, or if - it isn't a file it will pass on the given string. -b name=var works and so - does -b cookiefile. - - -j, --junk-session-cookies - - when used in combination with -b, it will skip all "session cookies" on - load so as to appear to start a new cookie session. - - -c, --cookie-jar - - tell curl to start the cookie engine and write cookies to the given file - after the request(s) - - 1.4 Cookies with libcurl - - libcurl offers several ways to enable and interface the cookie engine. These - options are the ones provided by the native API. libcurl bindings may offer - access to them using other means. - - CURLOPT_COOKIE - - Is used when you want to specify the exact contents of a cookie header to - send to the server. - - CURLOPT_COOKIEFILE - - Tell libcurl to activate the cookie engine, and to read the initial set of - cookies from the given file. Read-only. - - CURLOPT_COOKIEJAR - - Tell libcurl to activate the cookie engine, and when the easy handle is - closed save all known cookies to the given cookiejar file. Write-only. - - CURLOPT_COOKIELIST - - Provide detailed information about a single cookie to add to the internal - storage of cookies. Pass in the cookie as a HTTP header with all the - details set, or pass in a line from a netscape cookie file. This option - can also be used to flush the cookies etc. - - CURLINFO_COOKIELIST - - Extract cookie information from the internal cookie storage as a linked - list. - - 1.5 Cookies with javascript - - These days a lot of the web is built up by javascript. The webbrowser loads - complete programs that render the page you see. These javascript programs - can also set and access cookies. - - Since curl and libcurl are plain HTTP clients without any knowledge of or - capability to handle javascript, such cookies will not be detected or used. - - Often, if you want to mimic what a browser does on such web sites, you can - record web browser HTTP traffic when using such a site and then repeat the - cookie operations using curl or libcurl. diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md new file mode 100644 index 0000000..a1b2834 --- /dev/null +++ b/docs/HTTP-COOKIES.md @@ -0,0 +1,104 @@ +# HTTP Cookies + +## Cookie overview + + Cookies are `name=contents` pairs that a HTTP server tells the client to + hold and then the client sends back those to the server on subsequent + requests to the same domains and paths for which the cookies were set. + + Cookies are either "session cookies" which typically are forgotten when the + session is over which is often translated to equal when browser quits, or + the cookies aren't session cookies they have expiration dates after which + the client will throw them away. + + Cookies are set to the client with the Set-Cookie: header and are sent to + servers with the Cookie: header. + + For a very long time, the only spec explaining how to use cookies was the + original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). + + In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally + published and details how cookies work within HTTP. + +## Cookies saved to disk + + Netscape once created a file format for storing cookies on disk so that they + would survive browser restarts. curl adopted that file format to allow + sharing the cookies with browsers, only to see browsers move away from that + format. Modern browsers no longer use it, while curl still does. + + The netscape cookie file format stores one cookie per physical line in the + file with a bunch of associated meta data, each field separated with + TAB. That file is called the cookiejar in curl terminology. + + When libcurl saves a cookiejar, it creates a file header of its own in which + there is a URL mention that will link to the web version of this document. + +## Cookies with curl the command line tool + + curl has a full cookie "engine" built in. If you just activate it, you can + have curl receive and send cookies exactly as mandated in the specs. + + Command line options: + + `-b, --cookie` + + tell curl a file to read cookies from and start the cookie engine, or if it + isn't a file it will pass on the given string. -b name=var works and so does + -b cookiefile. + + `-j, --junk-session-cookies` + + when used in combination with -b, it will skip all "session cookies" on load + so as to appear to start a new cookie session. + + `-c, --cookie-jar` + + tell curl to start the cookie engine and write cookies to the given file + after the request(s) + +## Cookies with libcurl + + libcurl offers several ways to enable and interface the cookie engine. These + options are the ones provided by the native API. libcurl bindings may offer + access to them using other means. + + `CURLOPT_COOKIE` + + Is used when you want to specify the exact contents of a cookie header to + send to the server. + + `CURLOPT_COOKIEFILE` + + Tell libcurl to activate the cookie engine, and to read the initial set of + cookies from the given file. Read-only. + + `CURLOPT_COOKIEJAR` + + Tell libcurl to activate the cookie engine, and when the easy handle is + closed save all known cookies to the given cookiejar file. Write-only. + + `CURLOPT_COOKIELIST` + + Provide detailed information about a single cookie to add to the internal + storage of cookies. Pass in the cookie as a HTTP header with all the details + set, or pass in a line from a netscape cookie file. This option can also be + used to flush the cookies etc. + + `CURLINFO_COOKIELIST` + + Extract cookie information from the internal cookie storage as a linked + list. + +## Cookies with javascript + + These days a lot of the web is built up by javascript. The webbrowser loads + complete programs that render the page you see. These javascript programs + can also set and access cookies. + + Since curl and libcurl are plain HTTP clients without any knowledge of or + capability to handle javascript, such cookies will not be detected or used. + + Often, if you want to mimic what a browser does on such web sites, you can + record web browser HTTP traffic when using such a site and then repeat the + cookie operations using curl or libcurl. diff --git a/docs/HTTP2.md b/docs/HTTP2.md index bf53820..cc5a5b3 100644 --- a/docs/HTTP2.md +++ b/docs/HTTP2.md @@ -7,7 +7,8 @@ HTTP/2 with curl Build prerequisites ------------------- - nghttp2 - - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version + - OpenSSL, libressl, BoringSSL, NSS, GnutTLS, mbedTLS, wolfSSL or SChannel + with a new enough version. [nghttp2](https://nghttp2.org/) ------------------------------- @@ -51,13 +52,17 @@ SSL libs -------- The challenge is the ALPN and NPN support and all our different SSL -backends. You may need a fairly updated SSL library version for it to -provide the necessary TLS features. Right now we support: - - - OpenSSL: ALPN and NPN - - NSS: ALPN and NPN - - GnuTLS: ALPN - - PolarSSL: ALPN +backends. You may need a fairly updated SSL library version for it to provide +the necessary TLS features. Right now we support: + + - OpenSSL: ALPN and NPN + - libressl: ALPN and NPN + - BoringSSL: ALPN and NPN + - NSS: ALPN and NPN + - GnuTLS: ALPN + - mbedTLS: ALPN + - SChannel: ALPN + - wolfSSL: ALPN Multiplexing ------------ @@ -91,6 +96,9 @@ curl tool curl offers the `--http2` command line option to enable use of HTTP/2. +curl offers the `--http2-prior-knowledge` command line option to enable use of +HTTP/2 without HTTP/1.1 Upgrade. + Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. HTTP Alternative Services @@ -103,9 +111,3 @@ client can use that hint to create a new connection asynchronously. For libcurl, we may introduce a way to bring such clues to the applicaton and/or let a subsequent request use the alternate route automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-14) - -TODO ----- - - - Implement "prior-knowledge" HTTP/2 connections over clear text so that - curl can connect with HTTP/2 at once without 1.1+Upgrade. diff --git a/docs/INSTALL b/docs/INSTALL index d316a1a..2e1075b 100644 --- a/docs/INSTALL +++ b/docs/INSTALL @@ -1101,7 +1101,7 @@ GnuTLS https://www.gnu.org/software/gnutls/ Heimdal http://www.h5l.org/ libidn https://www.gnu.org/software/libidn/ libmetalink https://launchpad.net/libmetalink/ -libssh2 http://www.libssh2.org/ +libssh2 https://www.libssh2.org/ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS OpenLDAP http://www.openldap.org/ diff --git a/docs/INTERNALS b/docs/INTERNALS.md similarity index 93% rename from docs/INTERNALS rename to docs/INTERNALS.md index 698d66e..1691fcc 100644 --- a/docs/INTERNALS +++ b/docs/INTERNALS.md @@ -1,5 +1,5 @@ -Table of Contents -================= +curl internals +============== - [Intro](#intro) - [git](#git) @@ -40,8 +40,8 @@ Table of Contents - [Structs in libcurl](#structs) -curl internals -============== +Intro +===== This project is split in two. The library and the client. The client part uses the library, but the library is designed to allow other applications to @@ -166,8 +166,8 @@ Windows vs Unix Library ======= - (See `LIBCURL-STRUCTS` for a separate document describing all major internal - structs and their purposes.) + (See [Structs in libcurl](#structs) for the separate section describing all + major internal structs and their purposes.) There are plenty of entry points to the library, namely each publicly defined function that libcurl offers to applications. All of those functions are @@ -184,14 +184,14 @@ Library [ `curl_easy_init()`][2] allocates an internal struct and makes some initializations. The returned handle does not reveal internals. This is the - 'SessionHandle' struct which works as an "anchor" struct for all `curl_easy` + 'Curl_easy' struct which works as an "anchor" struct for all `curl_easy` functions. All connections performed will get connect-specific data allocated that should be used for things related to particular connections/requests. [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must be passed in pairs: the parameter-ID and the parameter-value. The list of options is documented in the man page. This function mainly sets things in - the 'SessionHandle' struct. + the 'Curl_easy' struct. `curl_easy_perform()` is just a wrapper function that makes use of the multi API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, @@ -218,7 +218,7 @@ Curl_connect() This function makes sure there's an allocated and initiated 'connectdata' struct that is used for this particular connection only (although there may be several requests performed on the same connect). A bunch of things are - inited/inherited from the SessionHandle struct. + inited/inherited from the Curl_easy struct. Curl_do() @@ -385,11 +385,11 @@ Persistent Connections The persistent connection support in libcurl requires some considerations on how to do things inside of the library. - - The 'SessionHandle' struct returned in the [`curl_easy_init()`][2] call + - The 'Curl_easy' struct returned in the [`curl_easy_init()`][2] call must never hold connection-oriented data. It is meant to hold the root data as well as all the options etc that the library-user may choose. - - The 'SessionHandle' struct holds the "connection cache" (an array of + - The 'Curl_easy' struct holds the "connection cache" (an array of pointers to 'connectdata' structs). - This enables the 'curl handle' to be reused on subsequent transfers. @@ -856,38 +856,38 @@ Structs in libcurl This section should cover 7.32.0 pretty accurately, but will make sense even for older and later versions as things don't change drastically that often. -## SessionHandle +## Curl_easy - The SessionHandle handle struct is the one returned to the outside in the - external API as a "CURL *". This is usually known as an easy handle in API - documentations and examples. + The Curl_easy struct is the one returned to the outside in the external API + as a "CURL *". This is usually known as an easy handle in API documentations + and examples. Information and state that is related to the actual connection is in the 'connectdata' struct. When a transfer is about to be made, libcurl will either create a new connection or re-use an existing one. The particular connectdata that is used by this handle is pointed out by - SessionHandle->easy_conn. + Curl_easy->easy_conn. Data and information that regard this particular single transfer is put in the SingleRequest sub-struct. - When the SessionHandle struct is added to a multi handle, as it must be in - order to do any transfer, the ->multi member will point to the `Curl_multi` - struct it belongs to. The ->prev and ->next members will then be used by the - multi code to keep a linked list of SessionHandle structs that are added to - that same multi handle. libcurl always uses multi so ->multi *will* point to - a `Curl_multi` when a transfer is in progress. + When the Curl_easy struct is added to a multi handle, as it must be in order + to do any transfer, the ->multi member will point to the `Curl_multi` struct + it belongs to. The ->prev and ->next members will then be used by the multi + code to keep a linked list of Curl_easy structs that are added to that same + multi handle. libcurl always uses multi so ->multi *will* point to a + `Curl_multi` when a transfer is in progress. - ->mstate is the multi state of this particular SessionHandle. When + ->mstate is the multi state of this particular Curl_easy. When `multi_runsingle()` is called, it will act on this handle according to which state it is in. The mstate is also what tells which sockets to return for a - specific SessionHandle when [`curl_multi_fdset()`][12] is called etc. + specific Curl_easy when [`curl_multi_fdset()`][12] is called etc. The libcurl source code generally use the name 'data' for the variable that - points to the SessionHandle. + points to the Curl_easy. - When doing multiplexed HTTP/2 transfers, each SessionHandle is associated - with an individual stream, sharing the same connectdata struct. Multiplexing + When doing multiplexed HTTP/2 transfers, each Curl_easy is associated with + an individual stream, sharing the same connectdata struct. Multiplexing makes it even more important to keep things associated with the right thing! ## connectdata @@ -901,22 +901,21 @@ for older and later versions as things don't change drastically that often. the connection can't be kept alive, the connection will be closed after use and then this struct can be removed from the cache and freed. - Thus, the same SessionHandle can be used multiple times and each time select + Thus, the same Curl_easy can be used multiple times and each time select another connectdata struct to use for the connection. Keep this in mind, as it is then important to consider if options or choices are based on the - connection or the SessionHandle. + connection or the Curl_easy. Functions in libcurl will assume that connectdata->data points to the - SessionHandle that uses this connection (for the moment). + Curl_easy that uses this connection (for the moment). As a special complexity, some protocols supported by libcurl require a special disconnect procedure that is more than just shutting down the socket. It can involve sending one or more commands to the server before doing so. Since connections are kept in the connection cache after use, the - original SessionHandle may no longer be around when the time comes to shut - down a particular connection. For this purpose, libcurl holds a special - dummy `closure_handle` SessionHandle in the `Curl_multi` struct to use when - needed. + original Curl_easy may no longer be around when the time comes to shut down + a particular connection. For this purpose, libcurl holds a special dummy + `closure_handle` Curl_easy in the `Curl_multi` struct to use when needed. FTP uses two TCP connections for a typical transfer but it keeps both in this single struct and thus can be considered a single connection for most @@ -932,25 +931,25 @@ for older and later versions as things don't change drastically that often. `Curl_multi` is the multi handle struct exposed as "CURLM *" in external APIs. - This struct holds a list of SessionHandle structs that have been added to - this handle with [`curl_multi_add_handle()`][13]. The start of the list is - ->easyp and ->num_easy is a counter of added SessionHandles. + This struct holds a list of Curl_easy structs that have been added to this + handle with [`curl_multi_add_handle()`][13]. The start of the list is + ->easyp and ->num_easy is a counter of added Curl_easys. ->msglist is a linked list of messages to send back when [`curl_multi_info_read()`][14] is called. Basically a node is added to that - list when an individual SessionHandle's transfer has completed. + list when an individual Curl_easy's transfer has completed. ->hostcache points to the name cache. It is a hash table for looking up name to IP. The nodes have a limited life time in there and this cache is meant to reduce the time for when the same name is wanted within a short period of time. - ->timetree points to a tree of SessionHandles, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each - SessionHandle has one node in the tree. + ->timetree points to a tree of Curl_easys, sorted by the remaining time + until it should be checked - normally some sort of timeout. Each Curl_easy + has one node in the tree. ->sockhash is a hash table to allow fast lookups of socket descriptor to - which SessionHandle that uses that descriptor. This is necessary for the + which Curl_easy that uses that descriptor. This is necessary for the `multi_socket` API. ->conn_cache points to the connection cache. It keeps track of all @@ -977,11 +976,11 @@ for older and later versions as things don't change drastically that often. setup so HTTPS separate from HTTP. ->setup_connection is called to allow the protocol code to allocate protocol - specific data that then gets associated with that SessionHandle for the rest - of this transfer. It gets freed again at the end of the transfer. It will be + specific data that then gets associated with that Curl_easy for the rest of + this transfer. It gets freed again at the end of the transfer. It will be called before the 'connectdata' for the transfer has been selected/created. Most protocols will allocate its private 'struct [PROTOCOL]' here and assign - SessionHandle->req.protop to point to it. + Curl_easy->req.protop to point to it. ->connect_it allows a protocol to do some specific actions after the TCP connect is done, that can still be considered part of the connection phase. @@ -1036,7 +1035,7 @@ for older and later versions as things don't change drastically that often. - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the connection. This flag is no longer used by code, yet still set for a bunch protocol handlers. - + - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to limit which "direction" of socket actions that the main engine will concern itself about. @@ -1051,21 +1050,21 @@ for older and later versions as things don't change drastically that often. ## conncache - Is a hash table with connections for later re-use. Each SessionHandle has - a pointer to its connection cache. Each multi handle sets up a connection - cache that all added SessionHandles share by default. + Is a hash table with connections for later re-use. Each Curl_easy has a + pointer to its connection cache. Each multi handle sets up a connection + cache that all added Curl_easys share by default. ## Curl_share - + The libcurl share API allocates a `Curl_share` struct, exposed to the external API as "CURLSH *". The idea is that the struct can have a set of own versions of caches and pools and then by providing this struct in the `CURLOPT_SHARE` option, those - specific SessionHandles will use the caches/pools that this share handle + specific Curl_easys will use the caches/pools that this share handle holds. - Then individual SessionHandle structs can be made to share specific things + Then individual Curl_easy structs can be made to share specific things that they otherwise wouldn't, such as cookies. The `Curl_share` struct can currently hold cookies, DNS cache and the SSL @@ -1074,7 +1073,7 @@ for older and later versions as things don't change drastically that often. ## CookieInfo This is the main cookie struct. It holds all known cookies and related - information. Each SessionHandle has its own private CookieInfo even when + information. Each Curl_easy has its own private CookieInfo even when they are added to a multi handle. They can be made to share cookies by using the share API. diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index a694ced..5230ecb 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -1,259 +1,586 @@ -These are problems known to exist at the time of this release. Feel free to -join in and help us correct one or more of these! Also be sure to check the -changelog of the current development status, as one or more of these problems -may have been fixed since this was written! - -93. It is not possible to pass a 64-bit value using CURLFORM_CONTENTLEN with - CURLFORM_ARRAY, when compiled on 32-bit platforms that support 64-bit - integers. This is because the underlying structure 'curl_forms' uses a dual - purpose char* for storing these values in via casting. For more information - see the now closed related issue: - https://github.com/curl/curl/issues/608 - -92. curl tool 7.47.1 in Windows will not --output to literal paths \\?\ or to - reserved dos device names unless the device prefix \\.\ is used. To send - output to a device that has a reserved dos device name you can use the - Windows device prefix (eg: --output \\.\NUL). You can also use the - redirection operator to send output to a literal path or a reserved device - name (eg: > NUL). - The next release of curl will support --output in Windows to literal paths - and to reserved device names without the device prefix. - https://github.com/curl/curl/commit/c3aac48 - https://github.com/curl/curl/commit/4fc80f3 - -91. "curl_easy_perform hangs with imap and PolarSSL" - https://github.com/curl/curl/issues/334 - -90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the - code reveals that pingpong.c contains some truncation code, at line 408, - when it deems the server response to be too large truncating it to 40 - characters" - https://curl.haxx.se/bug/view.cgi?id=1366 - -89. Disabling HTTP Pipelining when there are ongoing transfers can lead to - heap corruption and crash. https://curl.haxx.se/bug/view.cgi?id=1411 - -88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus - curl's -R option also doesn't work then. - -87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266 - details how it should be done. The can of worm is basically that we have no - charset handling in curl and ascii >=128 is a challenge for us. Not to - mention that decoding also means that we need to check for nastiness that is - attempted, like "../" sequences and the like. Probably everything to the left - of any embedded slashes should be cut off. - https://curl.haxx.se/bug/view.cgi?id=1294 - -86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 - and SMTP if a failure occurs during the authentication phase of a - connection. - -85. Wrong STARTTRANSFER timer accounting for POST requests - Timer works fine with GET requests, but while using POST the time for - CURLINFO_STARTTRANSFER_TIME is wrong. While using POST - CURLINFO_STARTTRANSFER_TIME minus CURLINFO_PRETRANSFER_TIME is near to zero - every time. - https://github.com/curl/curl/issues/218 - https://curl.haxx.se/bug/view.cgi?id=1213 - -84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS - backends, so relying on this information in a generic app is flaky. - -82. When building with the Windows Borland compiler, it fails because the - "tlib" tool doesn't support hyphens (minus signs) in file names and we have - such in the build. - https://curl.haxx.se/bug/view.cgi?id=1222 - -81. When using -J (with -O), automatically resumed downloading together with - "-C -" fails. Without -J the same command line works! This happens because - the resume logic is worked out before the target file name (and thus its - pre-transfer size) has been figured out! - https://curl.haxx.se/bug/view.cgi?id=1169 - -80. Curl doesn't recognize certificates in DER format in keychain, but it - works with PEM. - https://curl.haxx.se/bug/view.cgi?id=1065 - -79. SMTP. When sending data to multiple recipients, curl will abort and return - failure if one of the recipients indicate failure (on the "RCPT TO" - command). Ordinary mail programs would proceed and still send to the ones - that can receive data. This is subject for change in the future. - https://curl.haxx.se/bug/view.cgi?id=1116 - -75. NTLM authentication involving unicode user name or password only works - properly if built with UNICODE defined together with the WinSSL/schannel - backend. The original problem was mentioned in: - https://curl.haxx.se/mail/lib-2009-10/0024.html - https://curl.haxx.se/bug/view.cgi?id=896 - - The WinSSL/schannel version verified to work as mentioned in - https://curl.haxx.se/mail/lib-2012-07/0073.html - -73. if a connection is made to a FTP server but the server then just never - sends the 220 response or otherwise is dead slow, libcurl will not - acknowledge the connection timeout during that phase but only the "real" - timeout - which may surprise users as it is probably considered to be the - connect phase to most people. Brought up (and is being misunderstood) in: - https://curl.haxx.se/bug/view.cgi?id=856 - -72. "Pausing pipeline problems." - https://curl.haxx.se/mail/lib-2009-07/0214.html - -70. Problem re-using easy handle after call to curl_multi_remove_handle - https://curl.haxx.se/mail/lib-2009-07/0249.html - -68. "More questions about ares behavior". - https://curl.haxx.se/mail/lib-2009-08/0012.html - -67. When creating multipart formposts. The file name part can be encoded with - something beyond ascii but currently libcurl will only pass in the verbatim - string the app provides. There are several browsers that already do this - encoding. The key seems to be the updated draft to RFC2231: - https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 - -66. When using telnet, the time limitation options don't work. - https://curl.haxx.se/bug/view.cgi?id=846 - -65. When doing FTP over a socks proxy or CONNECT through HTTP proxy and the - multi interface is used, libcurl will fail if the (passive) TCP connection - for the data transfer isn't more or less instant as the code does not - properly wait for the connect to be confirmed. See test case 564 for a first - shot at a test case. - -63. When CURLOPT_CONNECT_ONLY is used, the handle cannot reliably be re-used - for any further requests or transfers. The work-around is then to close that - handle with curl_easy_cleanup() and create a new. Some more details: - https://curl.haxx.se/mail/lib-2009-04/0300.html - -61. If an upload using Expect: 100-continue receives an HTTP 417 response, - it ought to be automatically resent without the Expect:. A workaround is - for the client application to redo the transfer after disabling Expect:. - https://curl.haxx.se/mail/archive-2008-02/0043.html - -60. libcurl closes the connection if an HTTP 401 reply is received while it - is waiting for the the 100-continue response. - https://curl.haxx.se/mail/lib-2008-08/0462.html - -58. It seems sensible to be able to use CURLOPT_NOBODY and - CURLOPT_FAILONERROR with FTP to detect if a file exists or not, but it is - not working: https://curl.haxx.se/mail/lib-2008-07/0295.html - -56. When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP - server using the multi interface, the commands are not being sent correctly - and instead the connection is "cancelled" (the operation is considered done) - prematurely. There is a half-baked (busy-looping) patch provided in the bug - report but it cannot be accepted as-is. See - https://curl.haxx.se/bug/view.cgi?id=748 - -55. libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's - library header files exporting symbols/macros that should be kept private - to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ - -52. Gautam Kachroo's issue that identifies a problem with the multi interface - where a connection can be re-used without actually being properly - SSL-negotiated: - https://curl.haxx.se/mail/lib-2008-01/0277.html - -49. If using --retry and the transfer timeouts (possibly due to using -m or - -y/-Y) the next attempt doesn't resume the transfer properly from what was - downloaded in the previous attempt but will truncate and restart at the - original position where it was at before the previous failed attempt. See - https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report - https://qa.mandriva.com/show_bug.cgi?id=22565 - -48. If a CONNECT response-headers are larger than BUFSIZE (16KB) when the - connection is meant to be kept alive (like for NTLM proxy auth), the - function will return prematurely and will confuse the rest of the HTTP - protocol code. This should be very rare. - -43. There seems to be a problem when connecting to the Microsoft telnet server. - https://curl.haxx.se/bug/view.cgi?id=649 - -41. When doing an operation over FTP that requires the ACCT command (but not - when logging in), the operation will fail since libcurl doesn't detect this - and thus fails to issue the correct command: - https://curl.haxx.se/bug/view.cgi?id=635 - -39. Steffen Rumler's Race Condition in Curl_proxyCONNECT: - https://curl.haxx.se/mail/lib-2007-01/0045.html - -38. Kumar Swamy Bhatt's problem in ftp/ssl "LIST" operation: - https://curl.haxx.se/mail/lib-2007-01/0103.html - -35. Both SOCKS5 and SOCKS4 proxy connections are done blocking, which is very - bad when used with the multi interface. - -34. The SOCKS4 connection codes don't properly acknowledge (connect) timeouts. - Also see #12. According to bug #1556528, even the SOCKS5 connect code does - not do it right: https://curl.haxx.se/bug/view.cgi?id=604 - -31. "curl-config --libs" will include details set in LDFLAGS when configure is - run that might be needed only for building libcurl. Further, curl-config - --cflags suffers from the same effects with CFLAGS/CPPFLAGS. - -26. NTLM authentication using SSPI (on Windows) when (lib)curl is running in - "system context" will make it use wrong(?) user name - at least when compared - to what winhttp does. See https://curl.haxx.se/bug/view.cgi?id=535 - -23. SOCKS-related problems: - B) libcurl doesn't support FTPS over a SOCKS proxy. - E) libcurl doesn't support active FTP over a SOCKS proxy - - We probably have even more bugs and lack of features when a SOCKS proxy is - used. - -21. FTP ASCII transfers do not follow RFC959. They don't convert the data - accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 - clearly describes how this should be done: - - The sender converts the data from an internal character representation to - the standard 8-bit NVT-ASCII representation (see the Telnet - specification). The receiver will convert the data from the standard - form to his own internal form. - - Since 7.15.4 at least line endings are converted. - -16. FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , - , and components, encoded as "%00". The problem is that - curl_unescape does not detect this, but instead returns a shortened C - string. From a strict FTP protocol standpoint, NUL is a valid character - within RFC 959 , so the way to handle this correctly in curl would - be to use a data structure other than a plain C string, one that can handle - embedded NUL characters. From a practical standpoint, most FTP servers - would not meaningfully support NUL characters within RFC 959 , - anyway (e.g., Unix pathnames may not contain NUL). - -14. Test case 165 might fail on a system which has libidn present, but with an - old iconv version (2.1.3 is a known bad version), since it doesn't recognize - the charset when named ISO8859-1. Changing the name to ISO-8859-1 makes the - test pass, but instead makes it fail on Solaris hosts that use its native - iconv. - -13. curl version 7.12.2 fails on AIX if compiled with --enable-ares. - The workaround is to combine --enable-ares with --disable-shared - -12. When connecting to a SOCKS proxy, the (connect) timeout is not properly - acknowledged after the actual TCP connect (during the SOCKS "negotiate" - phase). - -10. To get HTTP Negotiate (SPNEGO) authentication to work fine, you need to - provide a (fake) user name (this concerns both curl and the lib) because the - code wrongly only considers authentication if there's a user name provided. - https://curl.haxx.se/bug/view.cgi?id=440 How? - https://curl.haxx.se/mail/lib-2004-08/0182.html - -8. Doing resumed upload over HTTP does not work with '-C -', because curl - doesn't do a HEAD first to get the initial size. This needs to be done - manually for HTTP PUT resume to work, and then '-C [index]'. - -6. libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that - such parts should be sent to the server as 'CWD ' (without an argument). - The only exception to this rule, is that we knowingly break this if the - empty part is first in the path, as then we use the double slashes to - indicate that the user wants to reach the root dir (this exception SHALL - remain even when this bug is fixed). - -5. libcurl doesn't treat the content-length of compressed data properly, as - it seems HTTP servers send the *uncompressed* length in that header and - libcurl thinks of it as the *compressed* length. Some explanations are here: - https://curl.haxx.se/mail/lib-2003-06/0146.html + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Known Bugs + +These are problems and bugs known to exist at the time of this release. Feel +free to join in and help us correct one or more of these! Also be sure to +check the changelog of the current development status, as one or more of these +problems may have been fixed or changed somewhat since this was written! + + 1. HTTP + 1.1 CURLFORM_CONTENTLEN in an array + 1.2 Disabling HTTP Pipelining + 1.3 STARTTRANSFER time is wrong for HTTP POSTs + 1.4 multipart formposts file name encoding + 1.5 Expect-100 meets 417 + 1.6 Unnecessary close when 401 received waiting for 100 + 1.7 CONNECT response larger than 16KB + 1.8 DNS timing is wrong for HTTP redirects + 1.9 HTTP/2 frames while in the connection pool kill reuse + 1.10 Strips trailing dot from host name + 1.11 transfer-encoding: chunked in HTTP/2 + 1.12 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM + + 2. TLS + 2.1 Hangs with PolarSSL + 2.2 CURLINFO_SSL_VERIFYRESULT has limited support + 2.3 DER in keychain + 2.4 GnuTLS backend skips really long certificate fields + + 3. Email protocols + 3.1 IMAP SEARCH ALL truncated response + 3.2 No disconnect command + 3.3 SMTP to multiple recipients + 3.4 POP3 expects "CRLF.CRLF" eob for some single-line responses + + 4. Command line + 4.1 -J with %-encoded file nameas + 4.2 -J with -C - fails + 4.3 --retry and transfer timeouts + + 5. Build and portability issues + 5.1 Windows Borland compiler + 5.2 curl-config --libs contains private details + 5.3 libidn and old iconv + 5.4 AIX shared build with c-ares fails + 5.5 can't handle Unicode arguments in Windows + 5.6 cmake support gaps + 5.7 Visual Studio project gaps + + 6. Authentication + 6.1 NTLM authentication and unicode + 6.2 MIT Kerberos for Windows build + 6.3 NTLM in system context uses wrong name + 6.4 Negotiate and Kerberos V5 need a fake user name + + 7. FTP + 7.1 FTP without or slow 220 response + 7.2 FTP with CONNECT and slow server + 7.3 FTP with NOBODY and FAILONERROR + 7.4 FTP with ACCT + 7.5 ASCII FTP + 7.6 FTP with NULs in URL parts + 7.7 FTP and empty path parts in the URL + 7.8 Premature transfer end but healthy control channel + + 8. TELNET + 8.1 TELNET and time limtiations don't work + 8.2 Microsoft telnet server + + 9. SFTP and SCP + 9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct + + 10. SOCKS + 10.1 SOCKS proxy connections are done blocking + 10.2 SOCKS don't support timeouts + 10.3 FTPS over SOCKS + 10.4 active FTP over a SOCKS + + 11. Internals + 11.1 Curl leaks .onion hostnames in DNS + 11.2 error buffer not set if connection to multiple addresses fails + + 12. LDAP and OpenLDAP + 12.1 OpenLDAP hangs after returning results + + 13 TCP/IP + 13.1 --interface for ipv6 binds to unusable IP address + + +============================================================================== + +1. HTTP + +1.1 CURLFORM_CONTENTLEN in an array + + It is not possible to pass a 64-bit value using CURLFORM_CONTENTLEN with + CURLFORM_ARRAY, when compiled on 32-bit platforms that support 64-bit + integers. This is because the underlying structure 'curl_forms' uses a dual + purpose char* for storing these values in via casting. For more information + see the now closed related issue: + https://github.com/curl/curl/issues/608 + +1.2 Disabling HTTP Pipelining + + Disabling HTTP Pipelining when there are ongoing transfers can lead to + heap corruption and crash. https://curl.haxx.se/bug/view.cgi?id=1411 + +1.3 STARTTRANSFER time is wrong for HTTP POSTs + + Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with + GET requests, but while using POST the time for CURLINFO_STARTTRANSFER_TIME + is wrong. While using POST CURLINFO_STARTTRANSFER_TIME minus + CURLINFO_PRETRANSFER_TIME is near to zero every time. + + https://github.com/curl/curl/issues/218 + https://curl.haxx.se/bug/view.cgi?id=1213 + +1.4 multipart formposts file name encoding + + When creating multipart formposts. The file name part can be encoded with + something beyond ascii but currently libcurl will only pass in the verbatim + string the app provides. There are several browsers that already do this + encoding. The key seems to be the updated draft to RFC2231: + https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + +1.5 Expect-100 meets 417 + + If an upload using Expect: 100-continue receives an HTTP 417 response, it + ought to be automatically resent without the Expect:. A workaround is for + the client application to redo the transfer after disabling Expect:. + https://curl.haxx.se/mail/archive-2008-02/0043.html + +1.6 Unnecessary close when 401 received waiting for 100 + + libcurl closes the connection if an HTTP 401 reply is received while it is + waiting for the the 100-continue response. + https://curl.haxx.se/mail/lib-2008-08/0462.html + +1.7 CONNECT response larger than 16KB + + If a CONNECT response-headers are larger than BUFSIZE (16KB) when the + connection is meant to be kept alive (like for NTLM proxy auth), the function + will return prematurely and will confuse the rest of the HTTP protocol + code. This should be very rare. + +1.8 DNS timing is wrong for HTTP redirects + + When extracting timing information after HTTP redirects, only the last + transfer's results are returned and not the totals: + https://github.com/curl/curl/issues/522 + +1.9 HTTP/2 frames while in the connection pool kill reuse + + If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to + curl while the connection is held in curl's connection pool, the socket will + be found readable when considered for reuse and that makes curl think it is + dead and then it will be closed and a new connection gets created instead. + + This is *best* fixed by adding monitoring to connections while they are kept + in the pool so that pings can be responded to appropriately. + +1.10 Strips trailing dot from host name + + When given a URL wit a trailing dot for the host name part: + "https://example.com./", libcurl will strip off the dot and use the name + without a dot internally and send it dot-less in HTTP Host: headers and in + the TLS SNI field. + + The HTTP part violates RFC 7230 section 5.4 but the SNI part is accordance + with RFC 6066 section 3. + + URLs using these trailing dots are very rare in the wild and we have not seen + or gotten any real-world problems with such URLs reported. The popular + browsers seem to have stayed with not stripping the dot for both uses (thus + they violate RFC 6066 instead of RFC 7230). + + Daniel took the discussion to the HTTPbis mailing list in March 2016: + https://lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0430.html but + there was not major rush or interest to fix this. The impression I get is + that most HTTP people rather not rock the boat now and instead prioritize web + compatibility rather than to strictly adhere to these RFCs. + + Our current approach allows a knowing client to send a custom HTTP header + with the dot added. + + It can also be noted that while adding a trailing dot to the host name in + most (all?) cases will make the name resolve to the same set of IP addresses, + many HTTP servers will not happily accept the trailing dot there unless that + has been specificly configured to be a fine virtual host. + + If URLs with trailing dots for host names become more popular or even just + used more than for just plain fun experiments, I'm sure we will have reason + to go back and reconsider. + + See https://github.com/curl/curl/issues/716 for the discussion. + +1.11 transfer-encoding: chunked in HTTP/2 + + For HTTP/1, when -H transfer-encoding:chunked option is given, curl encodes + the request using chunked encoding. But when HTTP/2 is being used, the + command wrongly sends a request with both content-length and + transfer-encoding: chunked headers being set (and the request body is not + chunked-encoded). See https://github.com/curl/curl/issues/662 + +1.12 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM + + I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM + option of curl_formadd(). I've noticed that if the connection drops at just + the right time, the POST is reattempted without the data from the file. It + seems like the file stream position isn't getting reset to the beginning of + the file. I found the CURLOPT_SEEKFUNCTION option and set that with a + function that performs an fseek() on the FILE*. However, setting that didn't + seem to fix the issue or even get called. See + https://github.com/curl/curl/issues/768 + + +2. TLS + +2.1 Hangs with PolarSSL + + "curl_easy_perform hangs with imap and PolarSSL" + https://github.com/curl/curl/issues/334 + + Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is + necessary. Or if we just wait a little longer we'll rip out all support for + PolarSSL instead... + +2.2 CURLINFO_SSL_VERIFYRESULT has limited support + + CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS + backends, so relying on this information in a generic app is flaky. + +2.3 DER in keychain + + Curl doesn't recognize certificates in DER format in keychain, but it works + with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 + +2.4 GnuTLS backend skips really long certificate fields + + libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the + field is too long in the cert, it'll just return an error and the field will + be displayed blank. + + +3. Email protocols + +3.1 IMAP SEARCH ALL truncated response + + IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the + code reveals that pingpong.c contains some truncation code, at line 408, when + it deems the server response to be too large truncating it to 40 characters" + https://curl.haxx.se/bug/view.cgi?id=1366 + +3.2 No disconnect command + + The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and + SMTP if a failure occurs during the authentication phase of a connection. + +3.3 SMTP to multiple recipients + + When sending data to multiple recipients, curl will abort and return failure + if one of the recipients indicate failure (on the "RCPT TO" + command). Ordinary mail programs would proceed and still send to the ones + that can receive data. This is subject for change in the future. + https://curl.haxx.se/bug/view.cgi?id=1116 + +3.4 POP3 expects "CRLF.CRLF" eob for some single-line responses + + You have to tell libcurl not to expect a body, when dealing with one line + response commands. Please see the POP3 examples and test cases which show + this for the NOOP and DELE commands. https://curl.haxx.se/bug/?i=740 + + +4. Command line + +4.1 -J with %-encoded file nameas + + -J/--remote-header-name doesn't decode %-encoded file names. RFC6266 details + how it should be done. The can of worm is basically that we have no charset + handling in curl and ascii >=128 is a challenge for us. Not to mention that + decoding also means that we need to check for nastiness that is attempted, + like "../" sequences and the like. Probably everything to the left of any + embedded slashes should be cut off. + https://curl.haxx.se/bug/view.cgi?id=1294 + +4.2 -J with -C - fails + + When using -J (with -O), automatically resumed downloading together with "-C + -" fails. Without -J the same command line works! This happens because the + resume logic is worked out before the target file name (and thus its + pre-transfer size) has been figured out! + https://curl.haxx.se/bug/view.cgi?id=1169 + +4.3 --retry and transfer timeouts + + If using --retry and the transfer timeouts (possibly due to using -m or + -y/-Y) the next attempt doesn't resume the transfer properly from what was + downloaded in the previous attempt but will truncate and restart at the + original position where it was at before the previous failed attempt. See + https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report + https://qa.mandriva.com/show_bug.cgi?id=22565 + + +5. Build and portability issues + +5.1 Windows Borland compiler + + When building with the Windows Borland compiler, it fails because the "tlib" + tool doesn't support hyphens (minus signs) in file names and we have such in + the build. https://curl.haxx.se/bug/view.cgi?id=1222 + +5.2 curl-config --libs contains private details + + "curl-config --libs" will include details set in LDFLAGS when configure is + run that might be needed only for building libcurl. Further, curl-config + --cflags suffers from the same effects with CFLAGS/CPPFLAGS. + +5.3 libidn and old iconv + + Test case 165 might fail on a system which has libidn present, but with an + old iconv version (2.1.3 is a known bad version), since it doesn't recognize + the charset when named ISO8859-1. Changing the name to ISO-8859-1 makes the + test pass, but instead makes it fail on Solaris hosts that use its native + iconv. + +5.4 AIX shared build with c-ares fails + + curl version 7.12.2 fails on AIX if compiled with --enable-ares. The + workaround is to combine --enable-ares with --disable-shared + +5.5 can't handle Unicode arguments in Windows + + If a URL or filename can't be encoded using the user's current codepage then + it can only be encoded properly in the Unicode character set. Windows uses + UTF-16 encoding for Unicode and stores it in wide characters, however curl + and libcurl are not equipped for that at the moment. And, except for Cygwin, + Windows can't use UTF-8 as a locale. + + https://curl.haxx.se/bug/?i=345 + https://curl.haxx.se/bug/?i=731 + +5.6 cmake support gaps + + The cmake build setup lacks several features that the autoconf build + offers. This includes: + + - symbol hiding when the shared library is built + - use of correct soname for the shared library build + - support for several TLS backends are missing + - the unit tests cause link failures in regular non-static builds + - no nghttp2 check + +5.7 Visual Studio project gaps + + The Visual Studio projects lack some features that the autoconf and nmake + builds offer, such as the following: + + - support for zlib and nghttp2 + - use of static runtime libraries + - add the test suite components + + In addition to this the following could be implemented: + + - support for other development IDEs + - add PATH environment variables for third-party DLLs + +6. Authentication + +6.1 NTLM authentication and unicode + + NTLM authentication involving unicode user name or password only works + properly if built with UNICODE defined together with the WinSSL/schannel + backend. The original problem was mentioned in: + https://curl.haxx.se/mail/lib-2009-10/0024.html + https://curl.haxx.se/bug/view.cgi?id=896 + + The WinSSL/schannel version verified to work as mentioned in + https://curl.haxx.se/mail/lib-2012-07/0073.html + +6.2 MIT Kerberos for Windows build + + libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's + library header files exporting symbols/macros that should be kept private to + the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ + +6.3 NTLM in system context uses wrong name + + NTLM authentication using SSPI (on Windows) when (lib)curl is running in + "system context" will make it use wrong(?) user name - at least when compared + to what winhttp does. See https://curl.haxx.se/bug/view.cgi?id=535 + +6.4 Negotiate and Kerberos V5 need a fake user name + + In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos + V5 in the e-mail protocols, you need to provide a (fake) user name (this + concerns both curl and the lib) because the code wrongly only considers + authentication if there's a user name provided by setting + conn->bits.user_passwd in url.c https://curl.haxx.se/bug/view.cgi?id=440 How? + https://curl.haxx.se/mail/lib-2004-08/0182.html A possible solution is to + either modify this variable to be set or introduce a variable such as + new conn->bits.want_authentication which is set when any of the authentication + options are set. + + +7. FTP + +7.1 FTP without or slow 220 response + + If a connection is made to a FTP server but the server then just never sends + the 220 response or otherwise is dead slow, libcurl will not acknowledge the + connection timeout during that phase but only the "real" timeout - which may + surprise users as it is probably considered to be the connect phase to most + people. Brought up (and is being misunderstood) in: + https://curl.haxx.se/bug/view.cgi?id=856 + +7.2 FTP with CONNECT and slow server + + When doing FTP over a socks proxy or CONNECT through HTTP proxy and the multi + interface is used, libcurl will fail if the (passive) TCP connection for the + data transfer isn't more or less instant as the code does not properly wait + for the connect to be confirmed. See test case 564 for a first shot at a test + case. + +7.3 FTP with NOBODY and FAILONERROR + + It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR + with FTP to detect if a file exists or not, but it is not working: + https://curl.haxx.se/mail/lib-2008-07/0295.html + +7.4 FTP with ACCT + + When doing an operation over FTP that requires the ACCT command (but not when + logging in), the operation will fail since libcurl doesn't detect this and + thus fails to issue the correct command: + https://curl.haxx.se/bug/view.cgi?id=635 + +7.5 ASCII FTP + + FTP ASCII transfers do not follow RFC959. They don't convert the data + accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 + clearly describes how this should be done: + + The sender converts the data from an internal character representation to + the standard 8-bit NVT-ASCII representation (see the Telnet + specification). The receiver will convert the data from the standard + form to his own internal form. + + Since 7.15.4 at least line endings are converted. + +7.6 FTP with NULs in URL parts + + FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , + , and components, encoded as "%00". The problem is that + curl_unescape does not detect this, but instead returns a shortened C string. + From a strict FTP protocol standpoint, NUL is a valid character within RFC + 959 , so the way to handle this correctly in curl would be to use a + data structure other than a plain C string, one that can handle embedded NUL + characters. From a practical standpoint, most FTP servers would not + meaningfully support NUL characters within RFC 959 , anyway (e.g., + Unix pathnames may not contain NUL). + +7.7 FTP and empty path parts in the URL + + libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that + such parts should be sent to the server as 'CWD ' (without an argument). The + only exception to this rule, is that we knowingly break this if the empty + part is first in the path, as then we use the double slashes to indicate that + the user wants to reach the root dir (this exception SHALL remain even when + this bug is fixed). + +7.8 Premature transfer end but healthy control channel + + When 'multi_done' is called before the transfer has been completed the normal + way, it is considered a "premature" transfer end. In this situation, libcurl + closes the connection assuming it doesn't know the state of the connection so + it can't be reused for subsequent requests. + + With FTP however, this isn't necessarily true but there are a bunch of + situations (listed in the ftp_done code) where it *could* keep the connection + alive even in this situation - but the current code doesn't. Fixing this would + allow libcurl to reuse FTP connections better. + +8. TELNET + +8.1 TELNET and time limtiations don't work + + When using telnet, the time limitation options don't work. + https://curl.haxx.se/bug/view.cgi?id=846 + +8.2 Microsoft telnet server + + There seems to be a problem when connecting to the Microsoft telnet server. + https://curl.haxx.se/bug/view.cgi?id=649 + + +9. SFTP and SCP + +9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct + + When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server + using the multi interface, the commands are not being sent correctly and + instead the connection is "cancelled" (the operation is considered done) + prematurely. There is a half-baked (busy-looping) patch provided in the bug + report but it cannot be accepted as-is. See + https://curl.haxx.se/bug/view.cgi?id=748 + + +10. SOCKS + +10.1 SOCKS proxy connections are done blocking + + Both SOCKS5 and SOCKS4 proxy connections are done blocking, which is very bad + when used with the multi interface. + +10.2 SOCKS don't support timeouts + + The SOCKS4 connection codes don't properly acknowledge (connect) timeouts. + According to bug #1556528, even the SOCKS5 connect code does not do it right: + https://curl.haxx.se/bug/view.cgi?id=604 + + When connecting to a SOCK proxy, the (connect) timeout is not properly + acknowledged after the actual TCP connect (during the SOCKS "negotiate" + phase). + +10.3 FTPS over SOCKS + + libcurl doesn't support FTPS over a SOCKS proxy. + +10.4 active FTP over a SOCKS + + libcurl doesn't support active FTP over a SOCKS proxy + + +11. Internals + +11.1 Curl leaks .onion hostnames in DNS + + Curl sends DNS requests for hostnames with a .onion TLD. This leaks + information about what the user is attempting to access, and violates this + requirement of RFC7686: https://tools.ietf.org/html/rfc7686 + + Issue: https://github.com/curl/curl/issues/543 + +11.2 error buffer not set if connection to multiple addresses fails + + If you ask libcurl to resolve a hostname like example.com to IPv6 addresses + only. But you only have IPv4 connectivity. libcurl will correctly fail with + CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER + remains empty. Issue: https://github.com/curl/curl/issues/544 + + +12. LDAP and OpenLDAP + +12.1 OpenLDAP hangs after returning results + + By configuration defaults, openldap automatically chase referrals on + secondary socket descriptors. The OpenLDAP backend is asynchronous and thus + should monitor all socket descriptors involved. Currently, these secondary + descriptors are not monitored, causing openldap library to never receive + data from them. + + As a temporary workaround, disable referrals chasing by configuration. + + The fix is not easy: proper automatic referrals chasing requires a + synchronous bind callback and monitoring an arbitrary number of socket + descriptors for a single easy handle (currently limited to 5). + + Generic LDAP is synchronous: OK. + + See https://github.com/curl/curl/issues/622 and + https://curl.haxx.se/mail/lib-2016-01/0101.html + + +13 TCP/IP + +13.1 --interface for ipv6 binds to unusable IP address + + Since IPv6 provides a lot of addresses with different scope, binding to an + IPv6 address needs to take the proper care so that it doesn't bind to a + locally scoped address as that is bound to fail. + + https://github.com/curl/curl/issues/686 diff --git a/docs/LICENSE-MIXING b/docs/LICENSE-MIXING deleted file mode 100644 index 68e7156..0000000 --- a/docs/LICENSE-MIXING +++ /dev/null @@ -1,130 +0,0 @@ - License Mixing with apps, libcurl and Third Party Libraries - =========================================================== - -libcurl can be built to use a fair amount of various third party libraries, -libraries that are written and provided by other parties that are distributed -using their own licenses. Even libcurl itself contains code that may cause -problems to some. This document attempts to describe what licenses libcurl and -the other libraries use and what possible dilemmas linking and mixing them all -can lead to for end users. - -I am not a lawyer and this is not legal advice! - -One common dilemma is that GPL[1]-licensed code is not allowed to be linked -with code licensed under the Original BSD license (with the announcement -clause). You may still build your own copies that use them all, but -distributing them as binaries would be to violate the GPL license - unless you -accompany your license with an exception[2]. This particular problem was -addressed when the Modified BSD license was created, which does not have the -announcement clause that collides with GPL. - -libcurl https://curl.haxx.se/docs/copyright.html - - Uses an MIT (or Modified BSD)-style license that is as liberal as - possible. - -OpenSSL https://www.openssl.org/source/license.html - - (May be used for SSL/TLS support) Uses an Original BSD-style license - with an announcement clause that makes it "incompatible" with GPL. You - are not allowed to ship binaries that link with OpenSSL that includes - GPL code (unless that specific GPL code includes an exception for - OpenSSL - a habit that is growing more and more common). If OpenSSL's - licensing is a problem for you, consider using another TLS library. - -GnuTLS http://www.gnutls.org/ - - (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is - a problem for you, consider using another TLS library. Also note that - GnuTLS itself depends on and uses other libs (libgcrypt and - libgpg-error) and they too are LGPL- or GPL-licensed. - -WolfSSL https://www.wolfssl.com/ - - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. - -NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS - - (May be used for SSL/TLS support) Is covered by the MPL[4] license, - the GPL[1] license and the LGPL[3] license. You may choose to license - the code under MPL terms, GPL terms, or LGPL terms. These licenses - grant you different permissions and impose different obligations. You - should select the license that best meets your needs. - -axTLS http://axtls.sourceforge.net/ - - (May be used for SSL/TLS support) Uses a Modified BSD-style license. - -mbedTLS https://tls.mbed.org/ - - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. - -BoringSSL https://boringssl.googlesource.com/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -libressl http://www.libressl.org/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -c-ares https://daniel.haxx.se/projects/c-ares/license.html - - (Used for asynchronous name resolves) Uses an MIT license that is very - liberal and imposes no restrictions on any other library or part you - may link with. - -zlib http://www.zlib.net/zlib_license.html - - (Used for compressed Transfer-Encoding support) Uses an MIT-style - license that shouldn't collide with any other library. - -MIT Kerberos http://web.mit.edu/kerberos/www/dist/ - - (May be used for GSS support) MIT licensed, that shouldn't collide - with any other parts. - -Heimdal http://www.h5l.org - - (May be used for GSS support) Heimdal is Original BSD licensed with - the announcement clause. - -GNU GSS https://www.gnu.org/software/gss/ - - (May be used for GSS support) GNU GSS is GPL licensed. Note that you - may not distribute binary curl packages that uses this if you build - curl to also link and use any Original BSD licensed libraries! - -libidn http://josefsson.org/libidn/ - - (Used for IDNA support) Uses the GNU Lesser General Public - License [3]. LGPL is a variation of GPL with slightly less aggressive - "copyleft". This license requires more requirements to be met when - distributing binaries, see the license for details. Also note that if - you distribute a binary that includes this library, you must also - include the full LGPL license text. Please properly point out what - parts of the distributed package that the license addresses. - -OpenLDAP http://www.openldap.org/software/release/license.html - - (Used for LDAP support) Uses a Modified BSD-style license. Since - libcurl uses OpenLDAP as a shared library only, I have not heard of - anyone that ships OpenLDAP linked with libcurl in an app. - -libssh2 http://www.libssh2.org/ - - (Used for scp and sftp support) libssh2 uses a Modified BSD-style - license. - -[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html -[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on - how to write such an exception to the GPL -[3] = LGPL - GNU Lesser General Public License: - https://www.gnu.org/licenses/lgpl.html -[4] = MPL - Mozilla Public License: - https://www.mozilla.org/MPL/ diff --git a/docs/LICENSE-MIXING.md b/docs/LICENSE-MIXING.md new file mode 100644 index 0000000..0bff73e --- /dev/null +++ b/docs/LICENSE-MIXING.md @@ -0,0 +1,124 @@ +License Mixing +============== + +libcurl can be built to use a fair amount of various third party libraries, +libraries that are written and provided by other parties that are distributed +using their own licenses. Even libcurl itself contains code that may cause +problems to some. This document attempts to describe what licenses libcurl and +the other libraries use and what possible dilemmas linking and mixing them all +can lead to for end users. + +I am not a lawyer and this is not legal advice! + +One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) +licensed code is not allowed to be linked with code licensed under the +[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the +announcement clause). You may still build your own copies that use them all, +but distributing them as binaries would be to violate the GPL license - unless +you accompany your license with an +[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This +particular problem was addressed when the [Modified BSD +license](https://opensource.org/licenses/BSD-3-Clause) was created, which does +not have the announcement clause that collides with GPL. + +## libcurl + + Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is + very liberal. + +## OpenSSL + + (May be used for SSL/TLS support) Uses an Original BSD-style license with an + announcement clause that makes it "incompatible" with GPL. You are not + allowed to ship binaries that link with OpenSSL that includes GPL code + (unless that specific GPL code includes an exception for OpenSSL - a habit + that is growing more and more common). If OpenSSL's licensing is a problem + for you, consider using another TLS library. + +## GnuTLS + + (May be used for SSL/TLS support) Uses the + [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem + for you, consider using another TLS library. Also note that GnuTLS itself + depends on and uses other libs (libgcrypt and libgpg-error) and they too are + LGPL- or GPL-licensed. + +## WolfSSL + + (May be used for SSL/TLS support) Uses the GPL license or a propietary + license. If this is a problem for you, consider using another TLS library. + +## NSS + + (May be used for SSL/TLS support) Is covered by the + [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL + license. You may choose to license the code under MPL terms, GPL terms, or + LGPL terms. These licenses grant you different permissions and impose + different obligations. You should select the license that best meets your + needs. + +## axTLS + + (May be used for SSL/TLS support) Uses a Modified BSD-style license. + +## mbedTLS + + (May be used for SSL/TLS support) Uses the GPL license or a propietary + license. If this is a problem for you, consider using another TLS library. + +## BoringSSL + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## libressl + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## c-ares + + (Used for asynchronous name resolves) Uses an MIT license that is very + liberal and imposes no restrictions on any other library or part you may link + with. + +## zlib + + (Used for compressed Transfer-Encoding support) Uses an MIT-style license + that shouldn't collide with any other library. + +## MIT Kerberos + + (May be used for GSS support) MIT licensed, that shouldn't collide with any + other parts. + +## Heimdal + + (May be used for GSS support) Heimdal is Original BSD licensed with the + announcement clause. + +## GNU GSS + + (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not + distribute binary curl packages that uses this if you build curl to also link + and use any Original BSD licensed libraries! + +## libidn + + (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL + is a variation of GPL with slightly less aggressive "copyleft". This license + requires more requirements to be met when distributing binaries, see the + license for details. Also note that if you distribute a binary that includes + this library, you must also include the full LGPL license text. Please + properly point out what parts of the distributed package that the license + addresses. + +## OpenLDAP + + (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses + OpenLDAP as a shared library only, I have not heard of anyone that ships + OpenLDAP linked with libcurl in an app. + +## libssh2 + + (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. diff --git a/docs/MANUAL b/docs/MANUAL index 08fdb57..0ea3e61 100644 --- a/docs/MANUAL +++ b/docs/MANUAL @@ -817,12 +817,8 @@ LDAP and offer ldap:// support. LDAP is a complex thing and writing an LDAP query is not an easy task. I do - advise you to dig up the syntax description for that elsewhere. Two places - that might suit you are: - - Netscape's "Netscape Directory SDK 3.0 for C Programmer's Guide Chapter 10: - Working with LDAP URLs": - http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm + advise you to dig up the syntax description for that elsewhere. One such + place might be: RFC 2255, "The LDAP URL Format" https://curl.haxx.se/rfc/rfc2255.txt diff --git a/docs/Makefile.am b/docs/Makefile.am index b202a5d..149e0af 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -33,14 +33,14 @@ SUBDIRS = examples libcurl CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) -EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ - README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ - KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ - $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS \ - HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md - -MAN2HTML= roffit < $< >$@ +EXTRA_DIST = MANUAL BUGS CONTRIBUTE.md FAQ FEATURES INTERNALS.md SSLCERTS.md \ + README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ + KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY.md INSTALL \ + $(PDFPAGES) LICENSE-MIXING.md README.netware INSTALL.devcpp \ + MAIL-ETIQUETTE HTTP-COOKIES.md SECURITY.md RELEASE-PROCEDURE SSL-PROBLEMS.md \ + HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md CHECKSRC.md + +MAN2HTML= roffit $< >$@ SUFFIXES = .1 .html .pdf diff --git a/docs/Makefile.in b/docs/Makefile.in index 8451f04..0e96309 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -448,14 +448,14 @@ PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf HTMLPAGES = $(GENHTMLPAGES) index.html SUBDIRS = examples libcurl CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) -EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ - README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ - KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ - $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS \ - HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md - -MAN2HTML = roffit < $< >$@ +EXTRA_DIST = MANUAL BUGS CONTRIBUTE.md FAQ FEATURES INTERNALS.md SSLCERTS.md \ + README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ + KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY.md INSTALL \ + $(PDFPAGES) LICENSE-MIXING.md README.netware INSTALL.devcpp \ + MAIL-ETIQUETTE HTTP-COOKIES.md SECURITY.md RELEASE-PROCEDURE SSL-PROBLEMS.md \ + HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md CHECKSRC.md + +MAN2HTML = roffit $< >$@ SUFFIXES = .1 .html .pdf all: all-recursive diff --git a/docs/RELEASE-PROCEDURE b/docs/RELEASE-PROCEDURE index b0700f3..1b57452 100644 --- a/docs/RELEASE-PROCEDURE +++ b/docs/RELEASE-PROCEDURE @@ -41,6 +41,11 @@ in the curl-www repo (the web site then updates its contents automatically) +on github +--------- + +- edit the newly made release tag so that it is listed as the latest release + inform ------ @@ -78,10 +83,10 @@ Coming dates Based on the description above, here are some planned release dates (at the time of this writing): -- October 7, 2015 (version 7.45.0) -- December 2, 2015 -- January 27, 2016 -- March 23, 2016 -- May 18, 2016 -- July 13, 2016 -- September 7, 2016 +- September 7, 2016 (version 7.50.2) +- November 2, 2016 +- December 28, 2016 +- February 22, 2017 +- April 19, 2017 +- June 14, 2017 +- August 9, 2017 diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index bad9084..367130d 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -8,20 +8,31 @@ possible participation. HTTP/2 ------ -- test suite - - Base this on existing nghttp2 server to start with to make functional - tests. Later on we can adopt that code or work with nghttp2 to provide ways - to have the http2 server respond with broken responses to make sure we deal - with that nicely as well. - - To decide: if we need to bundle parts of the nghttp2 stuff that probably - won't be shipped by many distros. +Improve performance. Measurements and tests have shown that in several cases +doing transfers over HTTP/2 can be notably slower than the same transfer done +over HTTP/1. Some of that difference can be attributed the inefficient window +size handling currently in use but there are probably more to be learned and +worked on to optimize this. + +QUIC +---- + +The standardization process of QUIC has been taken to the IETF and can be +followed on the [IETF QUIC Mailing +list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the +bandwagon. Ideally, this would be done with a separate library/project to +handle the binary/framing layer in a similar fashion to how HTTP/2 is +implemented. This, to allow other projects to benefit from the work and to +thus broaden the interest and chance of others to participate. + +TLS 1.3 +------- -- provide option for HTTP/2 "prior knowledge" over clear text +The new version of the TLS protocol is in the pipeline and will soon start to +get used out in the wild. It offers some new interesting features and will +need the TLS libraries to adapt and quite likely provide additional or +modified APIs. libcurl needs to adapt accordingly. - As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_ - it speaks HTTP/2. HTTP cookies ------------ @@ -55,12 +66,10 @@ make sure there's an easy handle passed in to `curl_formadd()`, `curl_formget()` and `curl_formfree()` by adding replacement functions and deprecating the old ones to allow custom mallocs and more -third-party SASL +Third-party SASL ---------------- -add support for third-party SASL libraries such as Cyrus SASL - may need to -move existing native and SSPI based authentication into vsasl folder after -reworking HTTP and SASL code +Add support for third-party SASL libraries such as Cyrus SASL. SASL authentication in LDAP --------------------------- diff --git a/docs/SECURITY b/docs/SECURITY.md similarity index 91% rename from docs/SECURITY rename to docs/SECURITY.md index 7b245d7..3c07e0b 100644 --- a/docs/SECURITY +++ b/docs/SECURITY.md @@ -66,10 +66,13 @@ announcement. workarounds, when the release is out and make sure to credit all contributors properly. -- Request a CVE number from distros@openwall[1] when also informing and - preparing them for the upcoming public security vulnerability announcement - - attach the advisory draft for information. Note that 'distros' won't accept - an embargo longer than 19 days. +- Request a CVE number from + [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) + when also informing and preparing them for the upcoming public security + vulnerability announcement - attach the advisory draft for information. Note + that 'distros' won't accept an embargo longer than 19 days and they do not + care for Windows-specific flaws. For windows-specific flaws, request CVE + directly from MITRE. - Update the "security advisory" with the CVE number. @@ -91,7 +94,7 @@ announcement. - The security web page on the web site should get the new vulnerability mentioned. -[1] = http://oss-security.openwall.org/wiki/mailing-lists/distros + CURL-SECURITY (at haxx dot se) ------------------------------ diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS.md similarity index 95% rename from docs/SSL-PROBLEMS rename to docs/SSL-PROBLEMS.md index e639871..91803e2 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS.md @@ -4,7 +4,7 @@ | (__| |_| | _ <| |___ \___|\___/|_| \_\_____| -SSL problems +# SSL problems First, let's establish that we often refer to TLS and SSL interchangeably as SSL here. The current protocol is called TLS, it was called SSL a long time @@ -14,19 +14,19 @@ SSL problems fail. This is a document that attempts to details the most common ones and how to mitigate them. -CA certs +## CA certs CA certs are used to digitally verify the server's certificate. You need a "ca bundle" for this. See lots of more details on this in the SSLCERTS document. -CA bundle missing intermediate certificates +## CA bundle missing intermediate certificates When using said CA bundle to verify a server cert, you will experience problems if your CA cert does not have the certificates for the intermediates in the whole trust chain. -Protocol version +## Protocol version Some broken servers fail to support the protocol negotiation properly that SSL servers are supposed to handle. This may cause the connection to fail @@ -38,7 +38,7 @@ Protocol version All versions of SSL are considered insecure and should be avoided. Use TLS. -Ciphers +## Ciphers Clients give servers a list of ciphers to select from. If the list doesn't include any ciphers the server wants/can use, the connection handshake @@ -61,7 +61,7 @@ Ciphers https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 -Allow BEAST +## Allow BEAST BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means to mitigate this attack, it turned out that some broken servers out there in @@ -72,7 +72,7 @@ Allow BEAST but on the other hand it allows curl to connect to that kind of strange servers. -Disabling certificate revocation checks +## Disabling certificate revocation checks Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) depending on the OS or build configuration. The --ssl-no-revoke option was diff --git a/docs/SSLCERTS b/docs/SSLCERTS.md similarity index 100% rename from docs/SSLCERTS rename to docs/SSLCERTS.md diff --git a/docs/THANKS b/docs/THANKS index a57a826..803818f 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -4,6 +4,8 @@ If you have contributed but are missing here, please let us know! +"Captain Basil" +"Spoon Man" Aaro Koskinen Aaron Oneal Aaron Orenstein @@ -18,6 +20,7 @@ Adriano Meirelles Ajit Dhumale Aki Koskinen Akos Pasztory +Alain Danteny Alan Pinstein Albert Chin-A-Young Albert Choy @@ -25,6 +28,7 @@ Ale Vesely Alejandro Alvarez Ayllon Aleksandar Milivojevic Aleksey Tulinov +Ales Novak Alessandro Ghedini Alessandro Vesely Alex Bligh @@ -44,17 +48,20 @@ Alexander Krasnostavsky Alexander Lazic Alexander Pepper Alexander Peslyak +Alexander Traud Alexander Zhuravlev Alexey Borzov Alexey Pesternikov Alexey Simak Alexey Zakhlestin Alexis Carvalho +Alexis La Goutte Alfred Gebert Allen Pulsifer Alona Rossen Amol Pattekar Amr Shahin +Anatol Belski Anatoli Tubman Anders Bakken Anders Gustafsson @@ -82,6 +89,7 @@ Andrew Francis Andrew Fuller Andrew Kurushin Andrew Moise +Andrew Robbins Andrew Wansink Andrew de los Reyes Andrey Labunets @@ -100,6 +108,7 @@ Anton Bychkov Anton Kalmykov Anton Malov Anton Yabchinskiy +Antonio Larrosa Arkadiusz Miskiewicz Armel Asselin Arnaud Compan @@ -173,6 +182,7 @@ Brian Prodoehl Brian R Duffy Brian Ulm Brock Noland +Bru Rom Bruce Mitchener Bruno Thomsen Bruno de Carvalho @@ -203,6 +213,7 @@ Chris Maltby Chris Mumford Chris Smowton Chris Young +Christian Fillion Christian Grothoff Christian Hägele Christian Krause @@ -232,6 +243,7 @@ Colin Hogben Colin Watson Colm Buckley Constantine Sapuntzakis +Cory Benfield Cory Nelson Craig A West Craig Davison @@ -246,10 +258,14 @@ D. Flinkmann Da-Yoon Chung Dag Ekengren Dagobert Michelsen +Dambaev Alexander Damian Dixon Damien Adant +Damien Vielpeau Dan Becker Dan C +Dan Cristian +Dan Donahue Dan Fandrich Dan Locks Dan Nelson @@ -259,6 +275,7 @@ Dan Zitter Daniel Black Daniel Cater Daniel Egger +Daniel Gustafsson Daniel Hwang Daniel Johnson Daniel Kahn Gillmor @@ -293,6 +310,7 @@ David Houlder David Hull David J Meyer David James +David Kalnischkies David Kierznowski David Kimdon David Lang @@ -317,6 +335,7 @@ Dennis Clarke Derek Higgins Detlef Schmier Didier Brisebourg +Diego Bes Diego Casorran Dilyan Palauzov Dima Barsky @@ -353,6 +372,7 @@ Drake Arconis Duane Cathey Duncan Mac-Vicar Prett Dustin Boswell +Dusty Mabe Dylan Ellicott Dylan Salisbury Early Ehlinger @@ -382,6 +402,7 @@ Eric Lubin Eric Melville Eric Mertens Eric Rautman +Eric Rescorla Eric Ridge Eric S. Raymond Eric Thelin @@ -397,17 +418,20 @@ Erwin Authried Ethan Glasser Camp Eugene Kotlyarov Evan Jordan +Evgeny Grin Evgeny Turnaev Eygene Ryabinkin Fabian Frank Fabian Hiernaux Fabian Keil +Fabian Ruff Fabrizio Ammollo Fedor Karpelevitch Feist Josselin Felix Yan Felix von Leitner Feng Tu +Fernando Muñoz Flavio Medeiros Florian Schoppmann Florian Weimer @@ -432,6 +456,7 @@ Gabriel Kuri Gabriel Sjoberg Garrett Holmstrom Gary Maxwell +Gaurav Malhotra Gautam Kachroo Gautam Mani Gavrie Philipson @@ -463,6 +488,7 @@ Glenn Sheridan Google Inc. Gordon Marler Gorilla Maguila +Gou Lingfeng Grant Erickson Grant Pannell Greg Hewgill @@ -498,6 +524,7 @@ Heinrich Ko Heinrich Schaefer Helwing Lutz Hendrik Visage +Henrik Gaßmann Henrik Storner Henry Ludemann Herve Amblard @@ -526,8 +553,10 @@ Inca R Ingmar Runge Ingo Ralf Blum Ingo Wilken +Irfan Adilovic Isaac Boukris Ishan SinghLevett +Ivan Avdeev Ivo Bellin Salarin Jack Zhang Jacky Lam @@ -641,6 +670,7 @@ John Marshall John McGowan John P. McCaskey John Suprock +John Wanghui John Wilkinson John-Mark Bell Johnny Luong @@ -662,6 +692,7 @@ Jonathan Cardoso Machado Machado Jonathan Hseu Jonathan Nieder Jongki Suwandi +Joonas Kuorilehto Jose Alf Jose Kahan Josef Wolf @@ -671,6 +702,7 @@ Josue Andrade Gomes Juan Barreto Juan F. Codagnone Juan Ignacio Hervás +Juan RP Judson Bishop Juergen Wilke Jukka Pihl @@ -686,10 +718,12 @@ Justin Ehlert Justin Fletcher Justin Karneges Justin Maggard +János Fekete Jörg Mueller-Tolk Jörn Hartroth K. R. Walker Kai Engert +Kai Noda Kai Sommerfeld Kai-Uwe Rommel Kalle Vahlman @@ -760,6 +794,7 @@ Linas Vepstas Lindley French Ling Thio Linus Nielsen Feltzing +Linus Nordberg Lior Kaplan Lisa Xu Liviu Chircu @@ -779,6 +814,7 @@ Lukasz Czekierda Luke Amery Luke Call Luke Dashjr +Luo Jinghua Luong Dinh Dung Lyndon Hill Maciej Karpiuk @@ -795,15 +831,17 @@ Marc Boucher Marc Deslauriers Marc Doughty Marc Hesse -Marc Hoersken +Marc Hörsken Marc Kleine-Budde Marc Renault Marcel Raad Marcel Roelofs +Marcelo Echeverria Marcelo Juchem Marcin Adamski Marcin Gryszkalis Marcin Konicki +Marco Deckel Marco G. Salvagno Marco Maggi Marcus Sundberg @@ -813,9 +851,11 @@ Mark Brand Mark Butler Mark Davies Mark Eichin +Mark Hamilton Mark Incley Mark Karpeles Mark Lentczner +Mark Nottingham Mark Salisbury Mark Snelling Mark Tully @@ -824,6 +864,7 @@ Markus Elfring Markus Koetter Markus Moeller Markus Oberhumer +Marquis de Muesli Martijn Koster Martin C. Martin Martin Drasar @@ -833,6 +874,7 @@ Martin Jansen Martin Lemke Martin Skinner Martin Storsjo +Martin Vejnár Marty Kuhrt Maruko Massimiliano Ziccardi @@ -905,12 +947,14 @@ Mike Power Mike Protts Mike Revi Miklos Nemeth +Miroslav Franc Miroslav Spousta Mitz Wark Mohamed Lrhazi Mohammad AlSaleh Mohun Biswas Mostyn Bramley-Moore +Moti Avrahami Myk Taylor Nach M. S. Nagai H @@ -951,11 +995,13 @@ Ofer Ola Mork Olaf Flebbe Olaf Stüben +Oleg Pudeyev Oliver Gondža Oliver Graute Oliver Kuckertz Oliver Schindler Olivier Berger +Olivier Brunel Orange Tsai Oren Souroujon Oren Tirosh @@ -998,8 +1044,10 @@ Pawel A. Gajda Pawel Kierski Pedro Larroy Pedro Neves +Per Malmberg Peter Bray Peter Forret +Peter Frühberger Peter Gal Peter Heuchert Peter Hjalmarsson @@ -1064,12 +1112,14 @@ Ray Dassen Ray Pekowski Ray Satiro Razvan Cojocaru +Reinhard Max Reinout van Schouwen Remi Gacogne Renato Botelho Renaud Chaillat Renaud Duhaut Renaud Guillard +Renaud Lehoux Rene Bernhardt Rene Rebe Reuven Wachtfogel @@ -1084,6 +1134,7 @@ Richard Bramante Richard Clayton Richard Cooper Richard Gorton +Richard Gray Richard Hosking Richard Michael Richard Moore @@ -1110,6 +1161,7 @@ Robin Cornelius Robin Johnson Robin Kay Robson Braga Araujo +Rod Widdowson Rodney Simmons Rodric Glaser Rodrigo Silva @@ -1118,11 +1170,13 @@ Roland Blom Roland Krikava Roland Zimmermann Rolland Dudemaine +Romain Coltel Roman Koifman Roman Mamedov Romulo A. Ceccon Ron Parker Ron Zapp +Ronnie Mose Rosimildo da Silva Roy Shan Rune Kleveland @@ -1152,6 +1206,7 @@ Sara Golemon Saran Neti Sascha Swiercy Saul good +Saurav Babu Scott Bailey Scott Barrett Scott Cantor @@ -1164,6 +1219,7 @@ Senthil Raja Velu Sergei Nikulov Sergey Tatarincev Sergio Ballestrero +Serj Kalichev Seshubabu Pasam Seth Mos Sh Diao @@ -1175,11 +1231,13 @@ Shawn Poulson Shine Fan Shmulik Regev Siddhartha Prakash Jain -Sidney San Martin +Sidney San Martín Siegfried Gyuricsko Simon Dick +Simon H. Simon Josefsson Simon Liu +Simon Warta Song Ma Sonia Subramanian Spacen Jasset @@ -1191,6 +1249,7 @@ Stanislav Ivochkin Stefan Bühler Stefan Eissing Stefan Esser +Stefan Kanthak Stefan Krause Stefan Neis Stefan Teleman @@ -1228,11 +1287,12 @@ T. Bharath T. Yamada TJ Saunders Tae Hyoung Ahn -Taneli Vahakangas +Taneli Vähäkangas Tanguy Fautre Tatsuhiro Tsujikawa Temprimus Terri Oda +Theodore Dubois Thomas Braun Thomas Glanzmann Thomas J. Moore @@ -1259,6 +1319,7 @@ Tim Stack Tim Starling Timo Sirainen Timotej Lazar +Timothy Polich Tinus van den Berg Tobias Markus Tobias Rundström @@ -1279,6 +1340,7 @@ Tom Sparrow Tom Wright Tom Zerucha Tomas Hoger +Tomas Jakobsson Tomas Mlcoch Tomas Pospisek Tomas Szepe @@ -1295,6 +1357,7 @@ Torsten Foertsch Toshio Kuratomi Toshiyuki Maezawa Traian Nicolescu +Travis Burtrum Troels Walsted Hansen Troy Engel Tupone Alfredo @@ -1329,6 +1392,7 @@ W. Mark Kubacki Waldek Kozba Walter J. Mack Ward Willats +Warp Kawada Warren Menzer Wayne Haigh Werner Koch @@ -1353,6 +1417,7 @@ Yehezkel Horowitz Yehoshua Hershberg Yi Huang Yingwei Liu +Yonggang Luo Yousuke Kimoto Yukihiro Kawada Yun SangHo @@ -1363,8 +1428,20 @@ Zdenek Pavlas Zekun Ni Zmey Petroff Zvi Har'El +asavah on github +baumanj on github +bsammon on github +dkjjr89 on github +eXeC64 on github +jveazey on github +kreshano on github +marc-groundctl on github +neex on github nk +silveja1 on github swalkaus at yahoo.com tommink[at]post.pl +vanillajonathan on github +wmsch on github Štefan Kremeň Никита Дорохин diff --git a/docs/TODO b/docs/TODO index 6521838..40b8cc8 100644 --- a/docs/TODO +++ b/docs/TODO @@ -28,19 +28,26 @@ 1.10 Support IDNA2008 1.11 minimize dependencies with dynamicly loaded modules 1.12 have form functions use CURL handle argument - 1.13 Add CURLOPT_MAIL_CLIENT option 1.14 Typesafe curl_easy_setopt() - 1.15 TCP Fast Open + 1.15 Monitor connections in the connection pool 1.16 Try to URL encode given URL + 1.17 Add support for IRIs + 1.18 try next proxy if one doesn't work + 1.19 Timeout idle connections from the pool + 1.20 SRV and URI DNS records + 1.21 API for URL parsing/splitting + 1.23 Offer API to flush the connection pool 2. libcurl - multi interface 2.1 More non-blocking 2.2 Better support for same name resolves 2.3 Non-blocking curl_multi_remove_handle() 2.4 Split connect and authentication process + 2.5 Edge-triggered sockets should work 3. Documentation 3.1 Update date and version in man pages + 3.2 Provide cmake config-file 4. FTP 4.1 HOST @@ -55,10 +62,11 @@ 5.1 Better persistency for HTTP 1.0 5.2 support FF3 sqlite cookie files 5.3 Rearrange request header order - 5.4 SPDY + 5.4 Use huge HTTP/2 windows 5.5 auth= in URLs 5.6 Refuse "downgrade" redirects - 5.7 More compressions + 5.7 Brotli compression + 5.8 QUIC 6. TELNET 6.1 ditch stdin @@ -69,6 +77,7 @@ 7. SMTP 7.1 Pipelining 7.2 Enhanced capability support + 7.3 Add CURLOPT_MAIL_CLIENT option 8. POP3 8.1 Pipelining @@ -98,6 +107,7 @@ 13.6 Provide callback for cert verification 13.7 improve configure --with-ssl 13.8 Support DANE + 13.9 Support TLS v1.3 14. GnuTLS 14.1 SSL engine stuff @@ -111,46 +121,53 @@ 16. SASL 16.1 Other authentication mechanisms 16.2 Add QOP support to GSSAPI authentication - - 17. Command line tool - 17.1 sync - 17.2 glob posts - 17.3 prevent file overwriting - 17.4 simultaneous parallel transfers - 17.5 provide formpost headers - 17.6 warning when setting an option - 17.7 warning when sending binary output to terminal - 17.8 offer color-coded HTTP header output - 17.9 Choose the name of file in braces for complex URLs - 17.10 improve how curl works in a windows console window - 17.11 -w output to stderr - 17.12 keep running, read instructions from pipe/socket - - 18. Build - 18.1 roffit - - 19. Test suite - 19.1 SSL tunnel - 19.2 nicer lacking perl message - 19.3 more protocols supported - 19.4 more platforms supported - 19.5 Add support for concurrent connections - 19.6 Use the RFC6265 test suite - - 20. Next SONAME bump - 20.1 http-style HEAD output for FTP - 20.2 combine error codes - 20.3 extend CURLOPT_SOCKOPTFUNCTION prototype - - 21. Next major release - 21.1 cleanup return codes - 21.2 remove obsolete defines - 21.3 size_t - 21.4 remove several functions - 21.5 remove CURLOPT_FAILONERROR - 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE - 21.7 remove progress meter from libcurl - 21.8 remove 'curl_httppost' from public + 16.3 Support binary messages (i.e.: non-base64) + + 17. SSH protocols + 17.1 Multiplexing + 17.2 SFTP performance + + 18. Command line tool + 18.1 sync + 18.2 glob posts + 18.3 prevent file overwriting + 18.4 simultaneous parallel transfers + 18.5 provide formpost headers + 18.6 warning when setting an option + 18.7 warning when sending binary output to terminal + 18.8 offer color-coded HTTP header output + 18.9 Choose the name of file in braces for complex URLs + 18.10 improve how curl works in a windows console window + 18.11 -w output to stderr + 18.12 keep running, read instructions from pipe/socket + 18.13 support metalink in http headers + 18.14 --fail without --location should treat 3xx as a failure + + 19. Build + 19.1 roffit + + 20. Test suite + 20.1 SSL tunnel + 20.2 nicer lacking perl message + 20.3 more protocols supported + 20.4 more platforms supported + 20.5 Add support for concurrent connections + 20.6 Use the RFC6265 test suite + + 21. Next SONAME bump + 21.1 http-style HEAD output for FTP + 21.2 combine error codes + 21.3 extend CURLOPT_SOCKOPTFUNCTION prototype + + 22. Next major release + 22.1 cleanup return codes + 22.2 remove obsolete defines + 22.3 size_t + 22.4 remove several functions + 22.5 remove CURLOPT_FAILONERROR + 22.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE + 22.7 remove progress meter from libcurl + 22.8 remove 'curl_httppost' from public ============================================================================== @@ -219,11 +236,12 @@ 1.8 Allow SSL (HTTPS) to proxy To prevent local users from snooping on your traffic to the proxy. Supported - by Chrome already: + by Firefox and Chrome already: https://www.chromium.org/developers/design-documents/secure-web-proxy - ...and by Firefox soon: - https://bugzilla.mozilla.org/show_bug.cgi?id=378637 + See this stale work in progress branch: + https://github.com/curl/curl/tree/HTTPS-proxy based on this PR: + https://github.com/curl/curl/pull/305 1.9 Cache negative name resolves @@ -256,16 +274,6 @@ to use and less error-prone. Probably easiest by splitting it into several function calls. -1.13 Add CURLOPT_MAIL_CLIENT option - - Rather than use the URL to specify the mail client string to present in the - HELO and EHLO commands, libcurl should support a new CURLOPT specifically for - specifying this data as the URL is non-standard and to be honest a bit of a - hack ;-) - - Please see the following thread for more information: - https://curl.haxx.se/mail/lib-2012-05/0178.html - 1.14 Typesafe curl_easy_setopt() One of the most common problems in libcurl using applications is the lack of @@ -283,10 +291,19 @@ curl_easy_set_cb() - sets a callback PLUS its callback data -1.15 TCP Fast Open +1.15 Monitor connections in the connection pool + + libcurl's connection cache or pool holds a number of open connections for the + purpose of possible subsequent connection reuse. It may contain a few up to a + significant amount of connections. Currently, libcurl leaves all connections + as they are and first when a connection is iterated over for matching or + reuse purpose it is verified that it is still alive. - RFC 7413 defines how to include data already in the TCP SYN handshake to - reduce latency. + Those connections may get closed by the server side for idleness or they may + get a HTTP/2 ping from the peer to verify that they're still alive. By adding + monitoring of the connections while in the pool, libcurl can detect dead + connections (and close them) better and earlier, and it can handle HTTP/2 + pings to keep such ones alive even when not actively doing transfers on them. 1.16 Try to URL encode given URL @@ -297,6 +314,53 @@ https://github.com/curl/curl/issues/514 +1.17 Add support for IRIs + + IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly + support this, curl/libcurl would need to translate/encode the given input + from the input string encoding into percent encoded output "over the wire". + + To make that work smoothly for curl users even on Windows, curl would + probably need to be able to convert from several input encodings. + +1.18 try next proxy if one doesn't work + + Allow an application to specify a list of proxies to try, and failing to + connect to the first go on and try the next instead until the list is + exhausted. Browsers support this feature at least when they specify proxies + using PACs. + + https://github.com/curl/curl/issues/896 + +1.19 Timeout idle connections from the pool + + libcurl currently keeps connections in its connection pool for an indefinite + period of time, until it either gets reused, gets noticed that it has been + closed by the server or gets pruned to make room for a new connection. + + To reduce overhead (especially for when we add monitoring of the connections + in the pool), we should introduce a timeout so that connections that have + been idle for N seconds get closed. + +1.20 SRV and URI DNS records + + Offer support for resolving SRV and URI DNS records for libcurl to know which + server to connect to for various protocols (including HTTP!). + +1.21 API for URL parsing/splitting + + libcurl has always parsed URLs internally and never exposed any API or + features to allow applications to do it. Still most or many applications + using libcurl need that ability. In polls to users, we've learned that many + libcurl users would like to see and use such an API. + +1.23 Offer API to flush the connection pool + + Sometimes applications want to flush all the existing connections kept alive. + An API could allow a forced flush or just a forced loop that would properly + close all connections that have been closed by the server already. + + 2. libcurl - multi interface 2.1 More non-blocking @@ -336,6 +400,12 @@ phase. As such any failures during authentication won't trigger the relevant QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. +2.5 Edge-triggered sockets should work + + The multi_socket API should work with edge-triggered socket events. One of + the internal actions that need to be improved for this to work perfectly is + the 'maxloops' handling in transfer.c:readwrite_data(). + 3. Documentation 3.1 Update date and version in man pages @@ -344,6 +414,12 @@ pages at release time to use the current date and curl/libcurl version number. +3.2 Provide cmake config-file + + A config-file package is a set of files provided by us to allow applications + to write cmake scripts to find and use libcurl easier. See + https://github.com/curl/curl/issues/885 + 4. FTP 4.1 HOST @@ -415,13 +491,12 @@ This is not detailed in any FTP specification. headers use a default value so only headers that need to be moved have to be specified. -5.4 SPDY - - Chrome and Firefox already support SPDY and lots of web services do. There's - a library for us to use for this (spdylay) that has a similar API and the - same author as nghttp2. +5.4 Use huge HTTP/2 windows - spdylay: https://github.com/tatsuhiro-t/spdylay + We're currently using nghttp2's default window size which is terribly small + (64K). This becomes a bottle neck over high bandwidth networks. We should + instead make the window size to be very big (512MB?) as we really don't do + much flow control anyway. 5.5 auth= in URLs @@ -442,7 +517,7 @@ This is not detailed in any FTP specification. Consider a way to tell curl to refuse to "downgrade" protocol with a redirect and/or possibly a bit that refuses redirect to change protocol completely. -5.7 More compressions +5.7 Brotli compression Compression algorithms that perform better than gzip are being considered for use and inclusion in existing browsers. For example 'brotli'. If servers @@ -450,6 +525,16 @@ This is not detailed in any FTP specification. of this. The algorithm: https://github.com/google/brotli The Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=366559 +5.8 QUIC + + The standardization process of QUIC has been taken to the IETF and can be + followed on the [IETF QUIC Mailing + list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the + bandwagon. Ideally, this would be done with a separate library/project to + handle the binary/framing layer in a similar fashion to how HTTP/2 is + implemented. This, to allow other projects to benefit from the work and to + thus broaden the interest and chance of others to participate. + 6. TELNET @@ -486,6 +571,17 @@ to provide the data to send. Add the ability, for an application that uses libcurl, to obtain the list of capabilities returned from the EHLO command. +7.3 Add CURLOPT_MAIL_CLIENT option + + Rather than use the URL to specify the mail client string to present in the + HELO and EHLO commands, libcurl should support a new CURLOPT specifically for + specifying this data as the URL is non-standard and to be honest a bit of a + hack ;-) + + Please see the following thread for more information: + https://curl.haxx.se/mail/lib-2012-05/0178.html + + 8. POP3 8.1 Pipelining @@ -600,6 +696,18 @@ that doesn't exist on the server, just like --ftp-create-dirs. https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the correct library to base this development on. + Björn Stenberg wrote a separate initial take on DANE that was never + completed. + +13.9 Support TLS v1.3 + + TLS version 1.3 is about to ship and is getting implemented by TLS libraries + as we speak. We should start to support the symbol and make sure all backends + handle it accordingly, then gradually add support as the TLS libraries add + the corresponding support. There may be a need to add some additional options + to allow libcurl to take advantage of the new features in 1.3. + + 14. GnuTLS 14.1 SSL engine stuff @@ -660,9 +768,32 @@ that doesn't exist on the server, just like --ftp-create-dirs. with integrity protection) and auth-conf (Authentication with integrity and privacy protection). -17. Command line tool +16.3 Support binary messages (i.e.: non-base64) + + Mandatory to support LDAP SASL authentication. + + +17. SSH protocols -17.1 sync +17.1 Multiplexing + + SSH is a perfectly fine multiplexed protocols which would allow libcurl to do + multiple parallel transfers from the same host using the same connection, + much in the same spirit as HTTP/2 does. libcurl however does not take + advantage of that ability but will instead always create a new connection for + new transfers even if an existing connection already exists to the host. + + To fix this, libcurl would have to detect an existing connection and "attach" + the new transfer to the existing one. + +17.2 SFTP performance + + libcurl's SFTP transfer performance is sub par and can be improved, mostly by + the approach mentioned in "1.6 Modified buffer size approach". + +18. Command line tool + +18.1 sync "curl --sync http://example.com/feed[1-100].rss" or "curl --sync http://example.net/{index,calendar,history}.html" @@ -671,12 +802,12 @@ that doesn't exist on the server, just like --ftp-create-dirs. remote file is newer than the local file. A Last-Modified HTTP date header should also be used to set the mod date on the downloaded file. -17.2 glob posts +18.2 glob posts Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. This is easily scripted though. -17.3 prevent file overwriting +18.3 prevent file overwriting Add an option that prevents cURL from overwriting existing local files. When used, and there already is an existing file with the target file name @@ -684,14 +815,17 @@ that doesn't exist on the server, just like --ftp-create-dirs. existing). So that index.html becomes first index.html.1 and then index.html.2 etc. -17.4 simultaneous parallel transfers +18.4 simultaneous parallel transfers The client could be told to use maximum N simultaneous parallel transfers and then just make sure that happens. It should of course not make more than one connection to the same remote host. This would require the client to use the multi interface. https://curl.haxx.se/bug/feature.cgi?id=1558595 -17.5 provide formpost headers + Using the multi interface would also allow properly using parallel transfers + with HTTP/2 and supporting HTTP/2 server push from the command line. + +18.5 provide formpost headers Extending the capabilities of the multipart formposting. How about leaving the ';type=foo' syntax as it is and adding an extra tag (headers) which @@ -705,24 +839,24 @@ that doesn't exist on the server, just like --ftp-create-dirs. which should overwrite the program reasonable defaults (plain/text, 8bit...) -17.6 warning when setting an option +18.6 warning when setting an option Display a warning when libcurl returns an error when setting an option. This can be useful to tell when support for a particular feature hasn't been compiled into the library. -17.7 warning when sending binary output to terminal +18.7 warning when sending binary output to terminal Provide a way that prompts the user for confirmation before binary data is sent to the terminal, much in the style 'less' does it. -17.8 offer color-coded HTTP header output +18.8 offer color-coded HTTP header output By offering different color output on the header name and the header contents, they could be made more readable and thus help users working on HTTP services. -17.9 Choose the name of file in braces for complex URLs +18.9 Choose the name of file in braces for complex URLs When using braces to download a list of URLs and you use complicated names in the list of alternatives, it could be handy to allow curl to use other @@ -734,13 +868,13 @@ that doesn't exist on the server, just like --ftp-create-dirs. See https://github.com/curl/curl/issues/221 -17.10 improve how curl works in a windows console window +18.10 improve how curl works in a windows console window If you pull the scrollbar when transferring with curl in a Windows console window, the transfer is interrupted and can get disconnected. This can probably be improved. See https://github.com/curl/curl/issues/322 -17.11 -w output to stderr +18.11 -w output to stderr -w is quite useful, but not to those of us who use curl without -o or -O (such as for scripting through a higher level language). It would be nice to @@ -748,7 +882,7 @@ that doesn't exist on the server, just like --ftp-create-dirs. instead. Proposed name: --write-stderr. See https://github.com/curl/curl/issues/613 -17.12 keep running, read instructions from pipe/socket +18.12 keep running, read instructions from pipe/socket Provide an option that makes curl not exit after the last URL (or even work without a given URL), and then make it read instructions passed on a pipe or @@ -756,37 +890,62 @@ that doesn't exist on the server, just like --ftp-create-dirs. invoke can talk to the still running instance and ask for transfers to get done, and thus maintain its connection pool, DNS cache and more. -18. Build +18.13 support metalink in http headers + + Curl has support for downloading a metalink xml file, processing it, and then + downloading the target of the metalink. This is done via the --metalink option. + It would be nice if metalink also supported downloading via metalink + information that is stored in HTTP headers (RFC 6249). Theoretically this could + also be supported with the --metalink option. + + See https://tools.ietf.org/html/rfc6249 + + See also https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00034.html for + an implematation of this in wget. + +18.14 --fail without --location should treat 3xx as a failure + + To allow a command line like this to detect a redirect and consider it a + failure: + + curl -v --fail -O https://example.com/curl-7.48.0.tar.gz + + ... --fail must treat 3xx responses as failures too. The least problematic + way to implement this is probably to add that new logic in the command line + tool only and not in the underlying CURLOPT_FAILONERROR logic. + + +19. Build -18.1 roffit +19.1 roffit Consider extending 'roffit' to produce decent ASCII output, and use that instead of (g)nroff when building src/tool_hugehelp.c -19. Test suite +20. Test suite -19.1 SSL tunnel +20.1 SSL tunnel Make our own version of stunnel for simple port forwarding to enable HTTPS and FTP-SSL tests without the stunnel dependency, and it could allow us to provide test tools built with either OpenSSL or GnuTLS -19.2 nicer lacking perl message +20.2 nicer lacking perl message If perl wasn't found by the configure script, don't attempt to run the tests but explain something nice why it doesn't. -19.3 more protocols supported +20.3 more protocols supported Extend the test suite to include more protocols. The telnet could just do FTP or http operations (for which we have test servers). -19.4 more platforms supported +20.4 more platforms supported Make the test suite work on more platforms. OpenBSD and Mac OS. Remove fork()s and it should become even more portable. -19.5 Add support for concurrent connections +20.5 Add support for concurrent connections Tests 836, 882 and 938 were designed to verify that separate connections aren't used when using different login credentials in protocols that shouldn't re-use @@ -800,7 +959,7 @@ that doesn't exist on the server, just like --ftp-create-dirs. and thus the wait for connections loop is never entered to receive the second connection. -19.6 Use the RFC6265 test suite +20.6 Use the RFC6265 test suite A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at https://github.com/abarth/http-state/tree/master/tests @@ -810,14 +969,14 @@ that doesn't exist on the server, just like --ftp-create-dirs. incorporated into our regular test suite. -20. Next SONAME bump +21. Next SONAME bump -20.1 http-style HEAD output for FTP +21.1 http-style HEAD output for FTP #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers from being output in NOBODY requests over FTP -20.2 combine error codes +21.2 combine error codes Combine some of the error codes to remove duplicates. The original numbering should not be changed, and the old identifiers would be @@ -842,29 +1001,29 @@ that doesn't exist on the server, just like --ftp-create-dirs. CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED -20.3 extend CURLOPT_SOCKOPTFUNCTION prototype +21.3 extend CURLOPT_SOCKOPTFUNCTION prototype The current prototype only provides 'purpose' that tells what the connection/socket is for, but not any protocol or similar. It makes it hard for applications to differentiate on TCP vs UDP and even HTTP vs FTP and similar. -21. Next major release +22. Next major release -21.1 cleanup return codes +22.1 cleanup return codes curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a CURLMcode. These should be changed to be the same. -21.2 remove obsolete defines +22.2 remove obsolete defines remove obsolete defines from curl/curl.h -21.3 size_t +22.3 size_t make several functions use size_t instead of int in their APIs -21.4 remove several functions +22.4 remove several functions remove the following functions from the public API: @@ -885,18 +1044,18 @@ that doesn't exist on the server, just like --ftp-create-dirs. curl_multi_socket_all -21.5 remove CURLOPT_FAILONERROR +22.5 remove CURLOPT_FAILONERROR Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird internally. Let the app judge success or not for itself. -21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE +22.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE Remove support for a global DNS cache. Anything global is silly, and we already offer the share interface for the same functionality but done "right". -21.7 remove progress meter from libcurl +22.7 remove progress meter from libcurl The internally provided progress meter output doesn't belong in the library. Basically no application wants it (apart from curl) but instead applications @@ -906,7 +1065,7 @@ that doesn't exist on the server, just like --ftp-create-dirs. variable types passed to it instead of doubles so that big files work correctly. -21.8 remove 'curl_httppost' from public +22.8 remove 'curl_httppost' from public curl_formadd() was made to fill in a public struct, but the fact that the struct is public is never really used by application for their own advantage diff --git a/docs/curl-config.pdf b/docs/curl-config.pdf index ebbfaf8e3e3893fdb527b4989a09bae64d5657a0..4129028dee1f0deeacd54a8e993593ceb2fb3720 100644 GIT binary patch delta 331 zcmaFg#rVF9af7uTuSrsJa%xhVp>ASwO48(ecJh2&e zGO++6Z3CmpZuZ)kf{peKXnOe^;?P9y*-1>E=%9ijD!=)m!$L+kOHD3)=c3falFa-( zm&B4(4HqjT14AOf__`6;+mY(C-S$rR_}Xy|5WVrpz*=;-2R zVPxWL;Ns|J1msydTbP(Tn%LP8R1wQ%XUA1sl2}wyQIwj-WoT|_V#uYc>gw;t1pvcN BUWotz delta 331 zcmaFg#rVF9af7uTZ%UGxadL{Kg|3l>QOe|dcJh" (SSL) Tells curl to use the specified certificate directory to verify the @@ -581,9 +598,16 @@ indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and -wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, -GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported. +PEM/DER support: + 7.39.0: OpenSSL, GnuTLS and GSKit + 7.43.0: NSS and wolfSSL/CyaSSL + 7.47.0: mbedtls + 7.49.0: PolarSSL +sha256 support: + 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. + 7.47.0: mbedtls + 7.49.0: PolarSSL +Other SSL backends not supported. If this option is used several times, the last one will be used. .IP "--cert-status" @@ -626,11 +650,10 @@ the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file. -Example, to send your password file to the server, where -\&'password' is the name of the form-field to which /etc/passwd will be the -input: +Example: to send an image to a server, where \&'profile' is the name of the +form-field to which portrait.jpg will be the input: -\fBcurl\fP -F password=@/etc/passwd www.mypasswords.com +\fBcurl\fP -F profile=@portrait.jpg https://example.com/upload.cgi To read content from stdin instead of a file, use - as the filename. This goes for both @ and < constructs. Unfortunately it does not support reading the @@ -640,24 +663,24 @@ transfer starts. You can also tell curl what Content-Type to use by using 'type=', in a manner similar to: -\fBcurl\fP -F "web=@index.html;type=text/html" url.com +\fBcurl\fP -F "web=@index.html;type=text/html" example.com or -\fBcurl\fP -F "name=daniel;type=text/foo" url.com +\fBcurl\fP -F "name=daniel;type=text/foo" example.com You can also explicitly change the name field of a file upload part by setting filename=, like this: -\fBcurl\fP -F "file=@localfile;filename=nameinpost" url.com +\fBcurl\fP -F "file=@localfile;filename=nameinpost" example.com If filename/path contains ',' or ';', it must be quoted by double-quotes like: -\fBcurl\fP -F "file=@\\"localfile\\";filename=\\"nameinpost\\"" url.com +\fBcurl\fP -F "file=@\\"localfile\\";filename=\\"nameinpost\\"" example.com or -\fBcurl\fP -F 'file=@"localfile";filename="nameinpost"' url.com +\fBcurl\fP -F 'file=@"localfile";filename="nameinpost"' example.com Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the filename must be escaped by backslash. @@ -741,6 +764,10 @@ waits for a reply from the server. authentication, but non-encrypted data transfers for efficiency. Fails the transfer if the server doesn't support SSL/TLS. (Added in 7.16.0) that can still be used but will be removed in a future version. +.IP "--ftp-ssl" +(FTP) This deprecated option is now known as \fI--ssl\fP. +.IP "--ftp-ssl-reqd" +(FTP) This deprecated option is now known as \fI--ssl-reqd\fP. .IP "--form-string " (HTTP) Similar to \fI--form\fP except that the value string for the named parameter is used literally. Leading \&'@' and \&'<' characters, and the @@ -788,7 +815,7 @@ intended for a proxy. Example: -\&# curl -H "X-First-Name: Joe" http://192.168.0.1/ +\&# curl -H "X-First-Name: Joe" http://example.com/ \fBWARNING\fP: headers set with this option will be set in all requests - even after redirects are followed, like when told with \fB-L, --location\fP. This @@ -821,7 +848,7 @@ time only. Perform an operation using a specified interface. You can enter interface name, IP address or host name. An example could look like: - curl --interface eth0:1 http://www.netscape.com/ + curl --interface eth0:1 https://www.example.com/ If this option is used several times, the last one will be used. .IP "-j, --junk-session-cookies" @@ -898,14 +925,14 @@ simply try to load .curlrc from the determined home dir. .nf # --- Example file --- # this is a comment -url = "curl.haxx.se" +url = "example.com" output = "curlhere.html" user-agent = "superagent/1.0" # and fetch another URL too -url = "curl.haxx.se/docs/manpage.html" +url = "example.com/docs/manpage.html" -O -referer = "http://nowhereatall.com/" +referer = "http://nowhereatall.example.com/" # --- End of example file --- .fi @@ -940,6 +967,8 @@ This option requires a library built with kerberos4 support. This is not very common. Use \fI-V, --version\fP to see if your curl supports it. If this option is used several times, the last one will be used. +.IP "--krb4 " +(FTP) This is the former name for \fI--krb\fP. Do not use. .IP "-l, --list-only" (FTP) When listing an FTP directory, this switch forces a name-only view. This is @@ -995,10 +1024,6 @@ The given speed is measured in bytes/second, unless a suffix is appended. Appending 'k' or 'K' will count the number as kilobytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G. -The given rate is the average speed counted during the entire transfer. It -means that curl might use higher transfer speeds in short bursts, but over -time it uses no more than the given rate. - If you also use the \fI-Y, --speed-limit\fP option, that option will take precedence and might cripple the rate-limiting slightly, to help keeping the speed-limit logic working. @@ -1053,7 +1078,8 @@ return with exit code 63. files this option has no effect even if the file transfer ends up being larger than this given limit. This concerns both FTP and HTTP transfers. .IP "--mail-rcpt
" -(SMTP) Specify a single address, user name or mailing list name. +(SMTP) Specify a single address, user name or mailing list name. Repeat this +option several times to send to multiple recipients. When performing a mail transfer, the recipient should specify a valid email address to send the mail to. (Added in 7.20.0) @@ -1169,6 +1195,19 @@ effectively disables the proxy. Each name in this list is matched as either a domain which contains the hostname, or the hostname itself. For example, local.com would match local.com, local.com:80, and www.local.com, but not www.notlocal.com. (Added in 7.19.4). +.IP "--connect-to " +For a request to the given "host:port" pair, connect to +"connect-to-host:connect-to-port" instead. +This is suitable to direct the request at a specific server, e.g. at a specific +cluster node in a cluster of servers. +This option is only used to establish the network connection. It does NOT +affect the hostname/port that is used for TLS/SSL (e.g. SNI, certificate +verification) or for the application protocols. +"host" and "port" may be the empty string, meaning "any host/port". +"connect-to-host" and "connect-to-port" may also be the empty string, +meaning "use the request's original host/port". +This option can be used many times to add many connect rules. +(Added in 7.49.0). .IP "--ntlm" (HTTP) Enables NTLM authentication. The NTLM authentication method was designed by Microsoft and is used by IIS web servers. It is a proprietary @@ -1184,13 +1223,17 @@ This option requires a library built with SSL support. Use \fI-V, --version\fP to see if your curl supports NTLM. If this option is used several times, only the first one is used. +.IP "--ntlm-wb" +(HTTP) Enables NTLM much in the style \fI--ntlm\fP does, but hand over the +authentication to the separate binary ntlmauth application that is executed +when needed. .IP "-o, --output " Write output to instead of stdout. If you are using {} or [] to fetch multiple documents, you can use '#' followed by a number in the specifier. That variable will be replaced with the current string for the URL being fetched. Like in: - curl http://{one,two}.site.com -o "file_#1.txt" + curl http://{one,two}.example.com -o "file_#1.txt" or use several variables like: @@ -1427,7 +1470,7 @@ If this option is used several times, the last one will be used. private key file, so passing this option is generally not required. Note that this public key extraction requires libcurl to be linked against a copy of libssh2 1.2.8 or higher that is itself linked against OpenSSL.) -.IP "-q" +.IP "-q, --disable" If used as the first parameter on the command line, the \fIcurlrc\fP config file will not be read and used. See the \fI-K, --config\fP for details on the default config file search path. @@ -1547,6 +1590,9 @@ the number used for the specific protocol the host will be used for. It means you need several entries if you want to provide address for the same host but different ports. +The provided address set by this option will be used even if \fI-4, --ipv4\fP +or \fI-6, --ipv6\fP is set to make curl use another IP version. + This option can be used many times to add many host names to resolve. (Added in 7.21.3) @@ -1607,8 +1653,7 @@ option name can still be used but will be removed in a future version. (FTP, POP3, IMAP, SMTP) Require SSL/TLS for the connection. Terminates the connection if the server doesn't support SSL/TLS. (Added in 7.20.0) -This option was formerly known as \fI--ftp-ssl-reqd\fP (added in 7.15.5). That -option name can still be used but will be removed in a future version. +This option was formerly known as \fI--ftp-ssl-reqd\fP. .IP "--ssl-allow-beast" (SSL) This option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer @@ -1714,14 +1759,16 @@ specifies what to upload and to where. curl also supports "globbing" of the -T argument, meaning that you can upload multiple files to a single URL by using the same URL globbing style supported in the URL, like this: -curl -T "{file1,file2}" http://www.uploadtothissite.com +curl -T "{file1,file2}" http://www.example.com or even -curl -T "img[1-1000].png" ftp://ftp.picturemania.com/upload/ +curl -T "img[1-1000].png" ftp://ftp.example.com/upload/ .IP "--tcp-nodelay" Turn on the TCP_NODELAY option. See the \fIcurl_easy_setopt(3)\fP man page for details about this option. (Added in 7.11.2) +.IP "--tcp-fastopen" +Enable use of TCP Fast Open (RFC7413). (Added in 7.49.0) .IP "--tftp-blksize " (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block size that curl will try to use when transferring data to or from a TFTP server. By @@ -1887,7 +1934,7 @@ The Content-Type of the requested document, if there was any. The ultimate filename that curl writes out to. This is only meaningful if curl is told to write to a file with the \fI--remote-name\fP or \fI--output\fP option. It's most useful in combination with the \fI--remote-header-name\fP -option. (Added in 7.25.1) +option. (Added in 7.26.0) .TP .B ftp_entry_path The initial path curl ended up in when logging on to the remote FTP @@ -1902,6 +1949,9 @@ same info. The numerical code that was found in the last response (from a proxy) to a curl CONNECT request. (Added in 7.12.4) .TP +.B http_version +The http version that was effectively used. (Added in 7.50.0) +.TP .B local_ip The IP address of the local end of the most recently done connection - can be either IPv4 or IPv6 (Added in 7.29.0) diff --git a/docs/curl.html b/docs/curl.html index 7395338..1359016 100644 --- a/docs/curl.html +++ b/docs/curl.html @@ -60,22 +60,22 @@ p.roffit {

You can specify multiple URLs or parts of URLs by writing part sets within braces as in:

  http://site.{one,two,three}.com

or you can get sequences of alphanumeric series by using [] as in: -

  ftp://ftp.numericals.com/file[1-100].txt -

  ftp://ftp.numericals.com/file[001-100].txt (with leading zeros) -

  ftp://ftp.letters.com/file[a-z].txt +

  ftp://ftp.example.com/file[1-100].txt +

  ftp://ftp.example.com/file[001-100].txt (with leading zeros) +

  ftp://ftp.example.com/file[a-z].txt

Nested sequences are not supported, but you can use several ones next to each other: -

  http://any.org/archive[1996-1999]/vol[1-4]/part{a,b,c}.html +

  http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html

You can specify any amount of URLs on the command line. They will be fetched in a sequential manner in the specified order.

You can specify a step counter for the ranges to get every Nth number or letter: -

  http://www.numericals.com/file[1-100:10].txt -

  http://www.letters.com/file[a-z:2].txt +

  http://example.com/file[1-100:10].txt +

  http://example.com/file[a-z:2].txt

When using [] or {} sequences when invoked from a command line prompt, you probably have to put the full URL within double quotes to avoid the shell from interfering with it. This also goes for other characters treated special, like for example '&', '?' and '*'.

Provide the IPv6 zone index in the URL with an escaped percentage sign and the interface name. Like in

  http://[fe80::3%25eth0]/

If you specify URL without protocol:// prefix, curl will attempt to guess what protocol you might want. It will then default to HTTP but try other protocols based on often-used host name prefixes. For example, for host names starting with "ftp." curl will assume you want to speak FTP.

curl will do its best to use what you pass to it as a URL. It is not trying to validate it as a syntactically correct URL by any means but is instead very liberal with what it accepts.

curl will attempt to re-use connections for multiple file transfers, so that getting many files from the same server will not do multiple connects / handshakes. This improves speed. Of course this is only done on files specified on a single command line and cannot be used between separate curl invokes.

PROGRESS METER

-

curl normally displays a progress meter during operations, indicating the amount of transferred data, transfer speeds and estimated time left, etc. +

curl normally displays a progress meter during operations, indicating the amount of transferred data, transfer speeds and estimated time left, etc. The progress meter displays number of bytes and the speeds are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 bytes.

curl displays this data to the terminal by default, so if you invoke curl to do an operation and it is about to write data to the terminal, it disables the progress meter as otherwise it would mess up the output mixing progress meter and response data.

If you want a progress meter for HTTP POST or PUT requests, you need to redirect the response output to a file, using shell redirect (>), -o [file] or similar.

It is not the same case for FTP upload as that operation does not spit out any response data to the terminal. @@ -94,6 +94,9 @@ p.roffit {

(HTTP) Tells curl to use HTTP version 1.1. This is the internal default version. (Added in 7.33.0)

--http2

(HTTP) Tells curl to issue its requests using HTTP 2. This requires that the underlying libcurl was built to support it. (Added in 7.33.0) +

--http2-prior-knowledge +

(HTTP) Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge that the server supports HTTP/2 straight away. HTTPS requests will still do HTTP/2 the standard way with negotiated protocol version in the TLS handshake. +

HTTP/2 support in general also requires that the underlying libcurl was built to support it. (Added in 7.49.0)

--no-npn

Disable the NPN TLS extension. NPN is enabled by default if libcurl was built with an SSL library that supports NPN. NPN is used by a libcurl that supports HTTP 2 to negotiate HTTP 2 support with the server during https sessions.

(Added in 7.36.0) @@ -234,7 +237,7 @@ p.roffit {

-E, --cert <certificate[:password]>

(SSL) Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if using any other engine. If the optional password isn't specified, it will be queried for on the terminal. Note that this option assumes a "certificate" file that is the private key and the client certificate concatenated! See --cert and --key to specify them independently.

If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. If the nickname contains ":", it needs to be preceded by "\" so that it is not recognized as password delimiter. If the nickname contains "\", it needs to be escaped as "\\" so that it is not recognized as an escape character. -

(iOS and Mac OS X only) If curl is built against Secure Transport, then the certificate string can either be the name of a certificate/private key in the system or user keychain, or the path to a PKCS#12-encoded certificate and private key. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. +

(iOS and macOS only) If curl is built against Secure Transport, then the certificate string can either be the name of a certificate/private key in the system or user keychain, or the path to a PKCS#12-encoded certificate and private key. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.

If this option is used several times, the last one will be used.

--engine <name>

Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list of build-time supported engines. Note that not all (or none) of the engines may be available at run-time. @@ -253,6 +256,7 @@ p.roffit {

curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set, and uses the given path as a path to a CA cert bundle. This option overrides that variable.

The windows version of curl will automatically look for a CA certs file named ´curl-ca-bundle.crt´, either in the same directory as curl.exe, or in the Current Working Directory, or in any folder along your PATH.

If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be available for this option to work properly. +

(iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain.

If this option is used several times, the last one will be used.

--capath <CA certificate directory>

(SSL) Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be provided by separating them with ":" (e.g. "path1:path2:path3"). The certificates must be in PEM format, and if curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently than using --cacert if the --cacert file contains many CA certificates. @@ -260,7 +264,7 @@ p.roffit {

--pinnedpubkey <pinned public key (hashes)>

(SSL) Tells curl to use the specified public key file (or hashes) to verify the peer. This can be a path to a file which contains a single public key in PEM or DER format, or any number of base64 encoded sha256 hashes preceded by ´sha256//´ and separated by ´;´

When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported. +

PEM/DER support:   7.39.0: OpenSSL, GnuTLS and GSKit   7.43.0: NSS and wolfSSL/CyaSSL   7.47.0: mbedtls   7.49.0: PolarSSL sha256 support:   7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL.   7.47.0: mbedtls   7.49.0: PolarSSL Other SSL backends not supported.

If this option is used several times, the last one will be used.

--cert-status

(SSL) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension. @@ -275,19 +279,19 @@ p.roffit {

This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407).

-F, --form <name=content>

(HTTP) This lets curl emulate a filled-in form in which a user has pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data according to RFC 2388. This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file. -

Example, to send your password file to the server, where 'password' is the name of the form-field to which /etc/passwd will be the input: -

curl -F password=@/etc/passwd www.mypasswords.com +

Example: to send an image to a server, where 'profile' is the name of the form-field to which portrait.jpg will be the input: +

curl -F profile=@portrait.jpg https://example.com/upload.cgi

To read content from stdin instead of a file, use - as the filename. This goes for both @ and < constructs. Unfortunately it does not support reading the file from a named pipe or similar, as it needs the full size before the transfer starts.

You can also tell curl what Content-Type to use by using 'type=', in a manner similar to: -

curl -F "web=@index.html;type=text/html" url.com +

curl -F "web=@index.html;type=text/html" example.com

or -

curl -F "name=daniel;type=text/foo" url.com +

curl -F "name=daniel;type=text/foo" example.com

You can also explicitly change the name field of a file upload part by setting filename=, like this: -

curl -F "file=@localfile;filename=nameinpost" url.com +

curl -F "file=@localfile;filename=nameinpost" example.com

If filename/path contains ',' or ';', it must be quoted by double-quotes like: -

curl -F "file=@\"localfile\";filename=\"nameinpost\"" url.com +

curl -F "file=@\"localfile\";filename=\"nameinpost\"" example.com

or -

curl -F 'file=@"localfile";filename="nameinpost"' url.com +

curl -F 'file=@"localfile";filename="nameinpost"' example.com

Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the filename must be escaped by backslash.

See further examples and details in the MANUAL.

This option can be used multiple times. @@ -325,6 +329,10 @@ p.roffit {

(FTP) Use CCC (Clear Command Channel) Sets the CCC mode. The passive mode will not initiate the shutdown, but instead wait for the server to do it, and will not reply to the shutdown from the server. The active mode initiates the shutdown and waits for a reply from the server. (Added in 7.16.2)

--ftp-ssl-control

(FTP) Require SSL/TLS for the FTP login, clear for transfer. Allows secure authentication, but non-encrypted data transfers for efficiency. Fails the transfer if the server doesn't support SSL/TLS. (Added in 7.16.0) that can still be used but will be removed in a future version. +

--ftp-ssl +

(FTP) This deprecated option is now known as --ssl. +

--ftp-ssl-reqd +

(FTP) This deprecated option is now known as --ssl-reqd.

--form-string <name=string>

(HTTP) Similar to --form except that the value string for the named parameter is used literally. Leading '@' and '<' characters, and the ';type=' string in the value have no special meaning. Use this in preference to --form if there's any possibility that the string value may accidentally trigger the '@' or '<' features of --form.

-g, --globoff @@ -339,7 +347,7 @@ p.roffit {

See also the -A, --user-agent and -e, --referer options.

Starting in 7.37.0, you need --proxy-header to send custom headers intended for a proxy.

Example: -

# curl -H "X-First-Name: Joe" http://192.168.0.1/ +

# curl -H "X-First-Name: Joe" http://example.com/

WARNING: headers set with this option will be set in all requests - even after redirects are followed, like when told with -L, --location. This can lead to the header being sent to other hosts than the original host, so sensitive headers should be used with caution combined with following redirects.

This option can be used multiple times to add/replace/remove multiple headers.

--hostpubmd5 <md5> @@ -353,7 +361,7 @@ p.roffit {

(HTTP/FTP/FILE) Fetch the HTTP-header only! HTTP-servers feature the command HEAD which this uses to get nothing but the header of a document. When used on an FTP or FILE file, curl displays the file size and last modification time only.

--interface <name>

Perform an operation using a specified interface. You can enter interface name, IP address or host name. An example could look like: -

 curl --interface eth0:1 http://www.netscape.com/ +

 curl --interface eth0:1 https://www.example.com/

If this option is used several times, the last one will be used.

-j, --junk-session-cookies

(HTTP) When curl is told to read cookies from a given file, this option will make it discard all "session cookies". This will basically have the same effect as if a new session is started. Typical browsers always discard session cookies when they're closed down. @@ -378,14 +386,14 @@ p.roffit { 

 # --- Example file ---
 # this is a comment
-url = "curl.haxx.se"
+url = "example.com"
 output = "curlhere.html"
 user-agent = "superagent/1.0"
  
 # and fetch another URL too
-url = "curl.haxx.se/docs/manpage.html"
+url = "example.com/docs/manpage.html"
 -O
-referer = "http://nowhereatall.com/"
+referer = "http://nowhereatall.example.com/"
 # --- End of example file ---
@@ -404,6 +412,8 @@ referer = "http://nowhereatall.com/"

(FTP) Enable Kerberos authentication and use. The level must be entered and should be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a level that is not one of these, 'private' will instead be used.

This option requires a library built with kerberos4 support. This is not very common. Use -V, --version to see if your curl supports it.

If this option is used several times, the last one will be used. +

--krb4 <level> +

(FTP) This is the former name for --krb. Do not use.

-l, --list-only

(FTP) When listing an FTP directory, this switch forces a name-only view. This is especially useful if the user wants to machine-parse the contents of an FTP directory since the normal directory view doesn't use a standard look or format. When used like this, the option causes a NLST command to be sent to the server instead of LIST.

Note: Some FTP servers list only files in their response to NLST; they do not include sub-directories and symbolic links. @@ -419,7 +429,6 @@ referer = "http://nowhereatall.com/"

--limit-rate <speed>

Specify the maximum transfer rate you want curl to use - for both downloads and uploads. This feature is useful if you have a limited pipe and you'd like your transfer not to use your entire bandwidth. To make it slower than it otherwise would be.

The given speed is measured in bytes/second, unless a suffix is appended. Appending 'k' or 'K' will count the number as kilobytes, 'm' or M' makes it megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G. -

The given rate is the average speed counted during the entire transfer. It means that curl might use higher transfer speeds in short bursts, but over time it uses no more than the given rate.

If you also use the -Y, --speed-limit option, that option will take precedence and might cripple the rate-limiting slightly, to help keeping the speed-limit logic working.

If this option is used several times, the last one will be used.

--local-port <num>[-num] @@ -443,7 +452,7 @@ referer = "http://nowhereatall.com/"

Specify the maximum size (in bytes) of a file to download. If the file requested is larger than this value, the transfer will not start and curl will return with exit code 63.

NOTE: The file size is not always known prior to download, and for such files this option has no effect even if the file transfer ends up being larger than this given limit. This concerns both FTP and HTTP transfers.

--mail-rcpt <address> -

(SMTP) Specify a single address, user name or mailing list name. +

(SMTP) Specify a single address, user name or mailing list name. Repeat this option several times to send to multiple recipients.

When performing a mail transfer, the recipient should specify a valid email address to send the mail to. (Added in 7.20.0)

When performing an address verification (VRFY command), the recipient should be specified as the user name or user name and domain (as per Section 3.5 of RFC 5321). (Added in 7.34.0)

When performing a mailing list expand (EXPN command), the recipient should be specified using the mailing list name, such as "Friends" or "London-Office". (Added in 7.34.0) @@ -486,14 +495,18 @@ referer = "http://nowhereatall.com/"

Note that this is the negated option name documented. You can thus use --sessionid to enforce session-ID caching.

--noproxy <no-proxy-list>

Comma-separated list of hosts which do not use a proxy, if one is specified. The only wildcard is a single * character, which matches all hosts, and effectively disables the proxy. Each name in this list is matched as either a domain which contains the hostname, or the hostname itself. For example, local.com would match local.com, local.com:80, and www.local.com, but not www.notlocal.com. (Added in 7.19.4). +

--connect-to <host:port:connect-to-host:connect-to-port> +

For a request to the given "host:port" pair, connect to "connect-to-host:connect-to-port" instead. This is suitable to direct the request at a specific server, e.g. at a specific cluster node in a cluster of servers. This option is only used to establish the network connection. It does NOT affect the hostname/port that is used for TLS/SSL (e.g. SNI, certificate verification) or for the application protocols. "host" and "port" may be the empty string, meaning "any host/port". "connect-to-host" and "connect-to-port" may also be the empty string, meaning "use the request's original host/port". This option can be used many times to add many connect rules. (Added in 7.49.0).

--ntlm

(HTTP) Enables NTLM authentication. The NTLM authentication method was designed by Microsoft and is used by IIS web servers. It is a proprietary protocol, reverse-engineered by clever people and implemented in curl based on their efforts. This kind of behavior should not be endorsed, you should encourage everyone who uses NTLM to switch to a public and documented authentication method instead, such as Digest.

If you want to enable NTLM for your proxy authentication, then use --proxy-ntlm.

This option requires a library built with SSL support. Use -V, --version to see if your curl supports NTLM.

If this option is used several times, only the first one is used. +

--ntlm-wb +

(HTTP) Enables NTLM much in the style --ntlm does, but hand over the authentication to the separate binary ntlmauth application that is executed when needed.

-o, --output <file>

Write output to <file> instead of stdout. If you are using {} or [] to fetch multiple documents, you can use '#' followed by a number in the <file> specifier. That variable will be replaced with the current string for the URL being fetched. Like in: -

  curl http://{one,two}.site.com -o "file_#1.txt" +

  curl http://{one,two}.example.com -o "file_#1.txt"

or use several variables like:

  curl http://{site,host}.host[1-5].com -o "#1_#2"

You may use this option as many times as the number of URLs you have. @@ -603,7 +616,7 @@ referer = "http://nowhereatall.com/"

(SSH) Public key file name. Allows you to provide your public key in this separate file.

If this option is used several times, the last one will be used.

(As of 7.39.0, curl attempts to automatically extract the public key from the private key file, so passing this option is generally not required. Note that this public key extraction requires libcurl to be linked against a copy of libssh2 1.2.8 or higher that is itself linked against OpenSSL.) -

-q +

-q, --disable

If used as the first parameter on the command line, the curlrc config file will not be read and used. See the -K, --config for details on the default config file search path.

-Q, --quote <command>

(FTP/SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote commands are sent BEFORE the transfer takes place (just after the initial PWD command in an FTP transfer, to be exact). To make commands take place after a successful transfer, prefix them with a dash '-'. To make commands be sent after curl has changed the working directory, just before the transfer command(s), prefix the command with a '+' (this is only supported for FTP). You may specify any number of commands. If the server returns failure for one of the commands, the entire operation will be aborted. You must send syntactically correct FTP commands as RFC 959 defines to FTP servers, or one of the commands listed below to SFTP servers. This option can be used multiple times. When speaking to an FTP server, prefix the command with an asterisk (*) to make curl continue even if the command fails as by default curl will stop at first failure. @@ -656,6 +669,7 @@ referer = "http://nowhereatall.com/"

This option changes the default action for all given URLs to be dealt with as if -O, --remote-name were used for each one. So if you want to disable that for a specific URL after --remote-name-all has been used, you must use "-o -" or --no-remote-name. (Added in 7.19.0)

--resolve <host:port:address>

Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to provide address for the same host but different ports. +

The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version.

This option can be used many times to add many host names to resolve.

(Added in 7.21.3)

--retry <num> @@ -679,10 +693,10 @@ referer = "http://nowhereatall.com/"

When used with -s it makes curl show an error message if it fails.

--ssl

(FTP, POP3, IMAP, SMTP) Try to use SSL/TLS for the connection. Reverts to a non-secure connection if the server doesn't support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for different levels of encryption required. (Added in 7.20.0) -

This option was formerly known as --ftp-ssl (Added in 7.11.0). That option name can still be used but will be removed in a future version. +

This option was formerly known as --ftp-ssl (Added in 7.11.0). That option name can still be used but will be removed in a future version.

--ssl-reqd

(FTP, POP3, IMAP, SMTP) Require SSL/TLS for the connection. Terminates the connection if the server doesn't support SSL/TLS. (Added in 7.20.0) -

This option was formerly known as --ftp-ssl-reqd (added in 7.15.5). That option name can still be used but will be removed in a future version. +

This option was formerly known as --ftp-ssl-reqd.

--ssl-allow-beast

(SSL) This option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer may use workarounds known to cause interoperability problems with some older SSL implementations. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that. (Added in 7.25.0)

--ssl-no-revoke @@ -725,11 +739,13 @@ referer = "http://nowhereatall.com/"

This transfers the specified local file to the remote URL. If there is no file part in the specified URL, Curl will append the local file name. NOTE that you must use a trailing / on the last directory to really prove to Curl that there is no file name or curl will think that your last directory name is the remote file name to use. That will most likely cause the upload operation to fail. If this is used on an HTTP(S) server, the PUT command will be used.

Use the file name "-" (a single dash) to use stdin instead of a given file. Alternately, the file name "." (a single period) may be specified instead of "-" to use stdin in non-blocking mode to allow reading server output while stdin is being uploaded.

You can specify one -T for each URL on the command line. Each -T + URL pair specifies what to upload and to where. curl also supports "globbing" of the -T argument, meaning that you can upload multiple files to a single URL by using the same URL globbing style supported in the URL, like this: -

curl -T "{file1,file2}" http://www.uploadtothissite.com +

curl -T "{file1,file2}" http://www.example.com

or even -

curl -T "img[1-1000].png" ftp://ftp.picturemania.com/upload/ +

curl -T "img[1-1000].png" ftp://ftp.example.com/upload/

--tcp-nodelay

Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man page for details about this option. (Added in 7.11.2) +

--tcp-fastopen +

Enable use of TCP Fast Open (RFC7413). (Added in 7.49.0)

--tftp-blksize <value>

(TFTP) Set TFTP BLKSIZE option (must be >512). This is the block size that curl will try to use when transferring data to or from a TFTP server. By default 512 bytes will be used.

If this option is used several times, the last one will be used. @@ -796,10 +812,11 @@ referer = "http://nowhereatall.com/"

The variables available are:

content_type The Content-Type of the requested document, if there was any. -

filename_effective The ultimate filename that curl writes out to. This is only meaningful if curl is told to write to a file with the --remote-name or --output option. It's most useful in combination with the --remote-header-name option. (Added in 7.25.1) +

filename_effective The ultimate filename that curl writes out to. This is only meaningful if curl is told to write to a file with the --remote-name or --output option. It's most useful in combination with the --remote-header-name option. (Added in 7.26.0)

ftp_entry_path The initial path curl ended up in when logging on to the remote FTP server. (Added in 7.15.4)

http_code The numerical response code that was found in the last retrieved HTTP(S) or FTP(s) transfer. In 7.18.2 the alias response_code was added to show the same info.

http_connect The numerical code that was found in the last response (from a proxy) to a curl CONNECT request. (Added in 7.12.4) +

http_version The http version that was effectively used. (Added in 7.50.0)

local_ip The IP address of the local end of the most recently done connection - can be either IPv4 or IPv6 (Added in 7.29.0)

local_port The local port number of the most recently done connection (Added in 7.29.0)

num_connects Number of new connects made in the recent transfer. (Added in 7.12.3) diff --git a/docs/curl.pdf b/docs/curl.pdf index 98e4a42f455412b3420eb58d8b2ee2f60b502639..72401010d81c399e2dd1bbc495d31f8063f735ac 100644 GIT binary patch delta 109089 zcmZUaV{;`8w5(&>wmr#??POxxwv8Rzwryu(+qUgYoQdvxs_wa8?zgV~0bRY;vsO|Q z%;PXjf)sGVd214L=Zc;uT5O-bA#@bMPMPRflU7b&0o))hWA@3v0w4U0W-w$SgXJ)+Gd5cH-M4DJs`8we=wP=fyr!l zJmz^SdFy>Iz6{9&(zK>PBtbb3qGS|)?;OiL3B6d4V<>gcN)v=XIQB z?VuOEvC`3MgOs-g_gb)q$xPo)b%NsKY$lYOLmd!WRte)(134$4@AoG!cTVC%+eUjs z;u=`AzGjuE(S9S)zJooO%@wIbkF7Y)-RCE4g_ac?eA;f&%*lDS_V|db(O3UTJ=Zhu z6e|%P-uuE|yKk?Dfh!OOQ)9-sQO4k2Lt`b}^g9)qLLmeeIcU{ZZIM16Ug3-~D2T#} zUDI7Onu=WUjIu~WZmY2C_am?RaTF%Lx&siiI_s;K#-`Q$qp2cVEm7?{`T6B@=2Iv( zg6~$$zx;HkK*BL`SWkA2dDiyD-oJKk5I}t)Kc8KBH;5|f3hL6~7^B9;+PtwRpxY|tP*;Y#&)3b9r@u@9EzM5=DN&GNA4lGxdj)7g zejD~RiTtqd9FgJi;JN}v)2sgo!?H8bUO$?~qkjix)%opsld0g_Q5YLJR7`T2({bGb z=O=LBuL1TlLxP1Hl`FsJ>+VT)EP@a=8>VtQ9vu37>P@zvauhP29M;2Zd^_T2G`E>@ zm?3kfCuTU$gLNH)H9w%6yEC=Mkqy-A&09DtETB33rfKZMqCi{fVRDN)v%uD{aG`o+ z&mL+~K%YIWI8kfdTHxKcsjYfql2ikiibt1n2_e=N_nISG^40;c+XOHj)qwm4ulL}X zu~D1EbVI4Ld#+qFibhXHeB6^oh76#x2k96D^M+lJVPq1TiujtnFJQbcn*_pjP|XY9 zm4QA?xw;uNGW2kAxpe-1otGLyy83XM^z9qd(&FRym~U;Rm*og>(J!Z$PP4&iGFQ+> zELiWYXz<`*d!{2xr?y|@G$WG8vzivqqrdSpBQF~9tGd7ER}n3zQ(L)CnPF06YzFkT zyHUA|S91BNHJ%j-r!*sc$p9NmC!?@PjD+Gmd!b2MiQw|Y$|Q*F)RAY&>Hr>{yDPWC zQIF>BA&?PA5)+kJ*O0%eXaxwE-N4CXF?qcle#=)Q7yY7Ie*BY22`&^}W~vh!qxJ## zNnQ=6x`qH?RFJIRP?TzKVRxeBj5iahMP}&;kk`xfbPF@5Ypssi9|GG-xfs=`DsKjn z?HDZBN?jpisnV{-0Du^|+G&Nf@C#oSbKe%p`Z4kgU2=9S^}p# zI+`K$wuUP%`cu?5_Po?(Hmw@(cp^>aN;pleP_tlZ)vPN^ znWfxaUaw)Kr=$*n<3P8qCIPGhOuJsoUW9jR^}g}+=|tMr-<)%{Yo>0Ub1fT~GmAY8 zS5dzu`h=W`rdrB=Nx{=Bb}q_+zAyy(q{P-3ZdV3Me~K=)yY&e2b5|~E|E7X9FlkNd(F=#NsEUee6&-m4j7d7 zv}o+Twe6Zgb7jFLAfdiczBRJ=u{@02kxx;|FL)TFw*du-gk(>llfYu?hi|yfn|-yC zTIsX8Z=E8L6ywb~P9qjoKIccJ?)z_O79Ni>tD@$Ml z64eh|>*P5_f`kM|AB~Nym}GDL!UKwQi`Ag*zJKa>V8d3dk=yZ$aJ>Z*tYgA?RS7R+ zI)kmL%Yd|)LCHs7!ljxgY+Y6DUjYnSWtUk|Y9BF0PyV;Y%vd&i0`emj!6-NH#VSG% zl^HR<^ZxP?H#xcYx+p~V36!t1wksI zBOoa@eX2PR9vEvg@8XtmM8r7=Cj0L+(e#GzG_c&_yc+s=!k?3M^D!X*D#X)U`w>>v zFMFd|Piup8af24*3vH|Nxq4!em(bfmTFV%LjRCyBclI~%SG2k3#L{SUlX7M@kLRl> zNL|`_C8AK>!RO=rJ5_2OBKS!jFs$|zn?OZn`$4{ik_mW*d!)1}LhXIXAU4*}&eSbv zYQj<$w4olsyD6&kp4x z11&#b(=)Spn2`(suV2EWUP3LzgqvW2)#GBP&ECN{F28`hsA^UYP^o?%bn@=+0UTH~ zz7PN({qt*$(?}YHcd^ic?X-!K#b~=gH0i9p&j~eU9$79Dsn3SNOnioa453O*!0vnt ztDTI{>u5CuO6Kqn7V3k?KOKTM(HqnymR1XNxXlTWG$i^m|Nfx`slvTA9Hu`F{$Op0 zVdLOaF6(Me35LkXg!s)w+kfwE_pm$ThQ8+S0h;{~H{998U*NzWNa8-j`(!;>e6U|^ z$=g~t#QnqNBT}cG^mOg{@oaZa%u@5diiytv5Wd5gHRDIDHtdcQPDf{zw;cQ zt_2V?1$EkVxkyXby|Iq7ysd9h&qZvauV48eN0&Qis(df>3Ve0nn(v>A8S!6ApMKGh zxPFcNHBY>~Qs9ZFh11TB{B@szWG%et8!xvz;PqIYzvE|k>l?Jcc9(F<6kl|%f;byi zYeW26pTkcp9QwiGUEA=%=Zne~auID@750~+tLO?}lnXmwWcH9_66YsRZ-tH0)0d~} z;bPoj_Y42UyV4=X3`v;!6SW#&bbh;s&ED%@3MUF;Y%${xr;`bm`-?v}1}z=lLrs_~ z!1?IhORxAwjl)k>1m8i}@`d!302gsm|Bp|lDCFP@?}Zl4UA=Kd22U;MMwMkXEriLs zTjm+X>u_s>fv;&(|7amsYD{Lr~Y^|L*i}TD$D&fAdgT&H^5b*t;_nKFeYX8AsWv8Zr5C|1zPSX zYmTjtlKYu%m{Feisjx>OG`#B@>zK)7OPzZay>+f25+$T*pGJ9M`gL7?80$o+j8|Yg zYb5xKXX1&G;ut!0i3-z+=^h6nm~!j=#k~6=*Q%&nRjTL6USV)G^vW~-Lc4JRkd1hy zpN8jhK6J5M^rf05%Iun2N!Sj5RoI|Aunq}jjW!4PER3$G*-;MdH zU!kEK``iO{xspb;e226F#A4O_NS1jwvb>1)qx^8gSnFBYHlIdiOl578&*?OHKD`i_ zn=eFVRpNqS>Js=LrBJVU)W=bU(jlcADU0o*`0__ zQ5i#PB@6m;*v7#Ik~0XO2NAaYCFn42oB=>JfS5uaO!9^E?|}KBmrI z4SFLK?%MAJU4|`e(baI%%`zz2$HxeN{Hir-0lzqFCpHB z$M*Z?umXmrXiZTjyg^-?!J&@fFoEJxvEO0ufwR=#QA;^ir&;vT^oN?Qj&=^dZ&%Unv2(R&mAEl(!GED z`R3`E)AIr|9{;7*LS5S`fvg@5cSs5d`#$`aU3$>4i!sE%p5>x{v1k`hrl>l(zol>5Hwp_5*xocIzKdmHf zWi8-0It-7;Kyo6nOiK{HV$0J9c~d+ycRAD5gisdf78L*+1osT4N09Ma+;Br@w+aB; zfyp7$`nP}wCfyUzrx$c8xU#wbB~bNLWe_#j*kb*tDo6HTm_uV^-Nxb7t?u)-_?(Sp z#5TN0IpGyrbb~WrBPPoi#8v!?MoLm#330gVKQ*R3B9ODcSFoiOxra|h4PU;K*Wp7V zI-W+8n}^wxWk^qRH!t$rJN_GRpU$saSiC>Kim;SUT11P16(p6wRLpi~)-59YYhu7a z_GsPJHm$yrB2Vj6zs`Ayww+MXFws}Ch)H9%AQ#Y2(;;Ll%180#&Q#feu)6bn)ydX0 zVQMS0?ux-Q#>$DrT2rD}EZ~2HoWnV_}bsoU^N_E7KKGg%;ZTMiN9JfhV54sNk_JE(U88 zC#`)RaZpNr+zseS?oh`dId2F}GOq?l@RqBNZiI&w~E>mI?=1?o&S6Fmb?I4faSw}fh6Z)&YKKM3`V<# zDWMHarERic22H22(BLepuo@bp?jld5ArlLNR_tGpSi~ts<|)!c-Q@yj%*L3wQ9Df9 z28p&EU#A@|uva?dG~>Ok6A8)qqx2 zaEqqEk_L{dZz+#sz(3;!ea=LXeClP%#(}FIIvTpvtrDEU55$QO@F2v8eZl4vD- zJRd6~O@II)yl8@#c!)#?GMp4lnv-5d=<_Bma1}H)Uv&7S&AjP{*&xsoAJ2~5ez!T) zglu9CQv^HmUn+H8O^TLZ)B&}vlctyEr2hs;?6ca*)7PEU*f#uYSWTx8rg{vGa0HUP zVrJ+Cu6J?V5n zo-C$_YZRfk^KmJ+(*aJhvcN0&@o#)2uNvQ?5_DfixolzPzaqEoTYx!JWW=Ami1ODb zWFT87p+X$67Sj+=dTu*cT~IDF8q*pm&7G8kl<`P*dhO~UInvHcdIXf!=O69{P6CMf z)3I{G^^Ru>e|MK>X8(avPLp+Vww9QLSr-v>c7_D>3u`#pL&P(G)HT3zD zZ1nB=vBri#9sGu8q>SL2-r##+VjMhUYSbYB6amjk6hJD zj2S*-t}dCh0~bTCZqoEbo-bi}Qg>SY*tvNjV<5oxTZ#0MrnwtM?7f6URfc5NUKi^_ zWSd8=_J_@oFBd2kr9SjJB${oaD4HDIv8OzH-pAAsR5r{$h((bZlRJ;zryqME96@}l z^RUkwthv7+9#iKyZa84G>!9&7n*Re<{6+yVvp02dbv84ygZoc87+b^r;v!)o`5(c` z#li8vCM)azHTn3MWzFm@TrEjhlM^tgfqL;FgC>~83cw^q_q3&N-SRDE8y5E*FhgJ*6g{UjT7o4RAXl$vJzDIbEcy(T%3fz=Aa zZr59Lfp6XBf`bNEid2-$(SSE;H_4Tzi@*OIvIXl7V?ytNDnr;qj+_Y4xJ3U(pKNgd zN|l(Q?7EpVqU)!zA`@xrIXpkfk^ap_O%LsF4xSsxo;d~2>DF@i?v0YsFKM8_!=$Je7<9PSzp%f;JIH&=gswK*WZ%-c9RF!W{_!8Z!m zXW!cC#~45{#^GG~jRhI6a%OX1FkTd4K`VeBRIYU#n4p`aHxSv(`G=v163DF}t`(=r zy#&tn*L(D^&`RfwwnqMNLg}oOaQ|2Jj3xCuYek*9-we^}a3B}ra-^YYZeGrIR-saG z9Vh`?#$*cuh}3|`Rz@5h#|XLqYe}Ti_PDM36O}}hlP1pklrQ9OctaE6Ey^Fh1druyxl00K;o2eTu(Iuiu3RtFVJ~%=+H#=_s zka$?au08@f}U3#&ieg4cGd26Q%*_l0bx+KOAnEu&(aT~l6^7Q^%m^c*&nNs)JD zplKji`E<5OG4K+WAjWq-sH~}q=MTe!92*pkmfEDu1|wFMAdP806Rp@B`xT>XanBl3 zzbp4EWQFW^$9NO!8;~Y8_ryih>g(ta8MT=@AFjq&Ol0lbsS<@WV06g>a;968pHQa7 ztnIuniYf?6+7-7eT6Q4kOJ5jWg8?CYbvOF40o1th$qgbQi1i^03uNH1GD@t`Q7E%_ z(S;CHil*%~C0~gs{(09QJ_)wB!uJATGc0L)=?I`ILU#=%iWc|+IU zAo&P+dsPN@>;HqW}9e!lUzbS-EKGZZgUrXbN%P8G^ie`}mS zz%9cy6>`V`R;=$!Y2BKz8NmFY^^8F8ccK~D9Ex+)Wyj_)`TpM@qWiZW!uvOZ`!_)- zK85B(Twp&sL^t;~^_eGhHlgh;MLeQ~CKqm?-OA9m7Cp zbIEM?)P{#E_XiOZ^;~DoyqO!9r3T(?*+9#^8t{`H0d%e2itH1f3XYwrU_uiexmM{J zvw}ycB|H<%rwNRKp~=cn){k7EtcVxsYfPJ^!k-bYLfH$;_PM_|aHD@&xH>CS$DD~m zK*2L<)B=x~U-_*7c%Dt_DxEr}D*~DGBqCNyOxFf*?RI0Iu;3yxz_;tdX3AyLjddCk z0kYc*PM?XiXPk^^8uoFx{|VBw8aLt0QtKJbjH!}>Z5Wr0OI7`2^ueEZc}CrTpKl$# zv1QA<)b%nSB#}Uk_Cyss3Gdb4|ArMG#$VH|W9F0n zEr}L2!MOvr$4^->LKBHL4=Hh!H(-b@JKdxlqq+b%{=QFshh`D!3Gu&zzP(i|1I9+h z1V6+xF;r0gS{Six?UFgCQwdJ4y}Z5VTIO}EFMxUK;U?=|3a|4&xRJS%qF}8MJnTM# z>m^7G@mbl^VnNay^-q`h#Lpo4fHTEDnEH6N10{m{_v11lW(ZFTTV z!tw4(&$q41t9d6?(8PQKPKCo+{wbNnP7p5tK5aaGcA3#f~i5k*S=f*6jtvg9JwhE@@ zv`ex9PwpP#jsF5FLyc4g>|5yReq^i97taX|j8&4s zGKz`z4o*uB7lph|*{;WSMC5o~TlPz@D-v381cC3*`BBhNuJ~Y6G)M zGcw~Tc(c0+b2`BEI_#$HGTDgwuVV>j1M3`P@Jo$V>cN=D z!FdKMry4Pe(R65`He!u^ZRuzy>#&Z3ug?XGtns~@1d+&l)a`Yo4W68P-d!+9E3v6j zrvYORmGN>KK8GuDeRm}_BliVyc8rs~xFw#$3r~$Uz&`ijgx=Ryl`+xk$pR9N;k|Lv+r}xOmQl&9aWFM^w37?Sc#3yUa zk;1d^Mvk%fL9P1>;e$}G#4TucXf8UixmVFEGy3H!ING zoqdfHz%DeqC27JnlE+yi6+12;gOKqnB?urTfx2qFO8DA$x+h?ixM@J zENG1@FBUx4a5CaVCHt*h$OS zLd_2ej6zoq*lLrrfVJ{%;P!kWg2tm#02!PwSaC8yCvL4eba<*xdrU^4X<)7bg7@sh zRxt<6swXcF|EtYyDBl1u@CoYNXZDFL8LqpE%oj2m@v*If$0dA`+~#!Lf-bAj3kOx5 zZS77vRZIr^zDRswzc?|o?WFDGd``Z(O0#tv5-whN0N^p9*|U@;`hrG4*EpX z6pkrDz9~q3@QHy)q->&)LRN_awVe1Ov$uEsbuCY5RR^e;kzbvoc1Wt|i?93uMCyGI@A&N#=;;r}E|7b1GrZ;(PEb z{(eG<>z-TuGJriy?e+kS^{H_qNNXhtoM>&Q%?uYTA!LGk8Zt~@ z7kXXAN-tniY$|hH5?LRJWtc>r^=W=+(iWBzMA{%Cxje^B1xZQ`%c!>IBJ_s&5#S(R zxfy_`mEc*K4`I<{DDW?rmj>0sSoeAExJS=n|HG+rroxD6#Z!QRR@ ziH9J(P%~Ml!hrHxb^33YOd=~iX_-E0IP4^uO*)Q`Dsb42r=$cpX9~}B1ivjD*X+LO zR~|}Ia6XDs%D$y!EiCE<>0RsKYG@w?$sE&6)@;h7D7vQSr(P~(^VGuYu=2*z2uGa^ zCvzQl)R-Ur`w^kR{025^y_q|u$8Hg~loY%WGt|#>N&bC8(auW1iO^#l!Fl<$Ts0(c z6&sC03fHrQHxdMxg=DKSwaLac;r1%FQ5spAuG=J-HXP+A#q(;brr;f}};B2*D(vQ=ID# z9V$WnZOswWSLE%7x93)sa}fwIynXX~yxq70o(uYrvixeyJ@}`CC!^20J8~1gr{9xx zZ(cE-(46n3WnO&rC2*GZ^f5fs(;sR<9ENMU1Mw%@DR7u?Dq73EksU(;qgOprhfbQJ ze6h9O2bl=y@B5>DhHFXSs`&sWhHnt#$Bk4aLgC&UH!OmHX<8aBLi1^q@^R3$RM^EBUdGzd0D+xN>yQP>dDSvsKGjC( z+0q6MVpDbtSr|`DX24P7Bnf4kisYU9`b(j6M z+s%YyVgW#|H2HfTzLT&0H$b+%IUswHN+TPBWq0hjY zW4#8R9zG6xA9cF92;Lwcvs{`VJBghxkr5k@)V_?(l>8smpm>sOowjAzyS!V3kZU% z%oG>Oi@nO+`xbwN`^Ta#zBZ3587QQeLF)s}kBn)Uv+ce~C{>0=*c0d`$UuETbL}qg zKf@pfU>T4%d0{*@nnIXW+ul--iQOKldGpqpgvtiL4Iv2OMCKx%7%?Z0@E{F@EXY)k zRPO;22|70b!xV-bDaGr;Dk~Wl#tOck^rIE&inGFb+ugUEgKHAH$}2Ubdy0jckO$zs zEwH~Dis)q0D~&Aq*C$_4mZx|lmuh{&EF3?T5l)^OPYKM2fGFGW;-zk6` zk|kN(lnDm={?wu3y=>H!D+q`dAGh=E_uDtF%Pv2j3Y?P{ zt|8S8Cc$&YlD!<$KDLbf72jrVXb6;nMIUx_e`(_-IR?dUX#vA0vL8>^rG9C4VXP_#*35lKNEVp{3x`J+j|}&AaL=5!r3=Gd`$0`?ZUe@Kt39(H<5D|# zx6EuSG*wp0J9j1y(*r<=f(N3pjOkBDe<=%`zLyZ62tOBR8f)bYNAJdsCS)1kIr*$i zHaRGGGa#bx$^`)iJvaY)5vQA2C6=ZY{_)*m#`}8ZQ+2d-mL(WqNNgVdR7h;PJCE+f zMY8isdX5!JlMSaHkjmh^jMk7e$SNe|?@4ajOGa@{sr8!Jp7!vc2WgkAlK`FBMAzkzZ1b4I)=gM`;6Qkb4 zxzJDA35=)dx|^(Vq_&z*3LVP-~zZ4nRly7 zb>YZA(d1+?^6YS*46sG_&i*FL3JHkG-gR%+e1`&mz?mMsN|N>I@E};Z0UXJ`bfQ2T zhwVR@UjltW>;4gC4O~eTXJncMZp}LwvsBO1Z9+#y36ycQu|()fO-DZo#5*qU8R_V@ zy-%RvL_QQr>1TO9x1@qi0pSb<#2;F2(JOAFx65RP9?|j9ih`yu#h2^EoSvlR%p6;x zxads`##*GF`VDgJFwHq|KTp%5Uv|O1k%C3f-J$g6WJ~g8JVs zkLi$Qf5j&`*s;be@1E1-USo}i?5)G{4(hcgvS>TDKRfSHS+Ody#D|L^j0`hg3y2~A z*$|zG6Kz40V`XQ_SHa8DYUxx(R_4}Z&1KxX&}$jEC-HOGP1%>~hh2$_B>n|bnEPiu ztvf*w%xc8;*{Lagj#fda+6D~%OL5rj(hY;K*Y(Vw zv^M_Q-kDtJCj~neh({KZ6gC}2)^Yy;NN0hfbaq!E&)8F6!K)*(Q69$GjTJ6cZ*Q6v zt#{e{%gaO5`4U5X)RfLm)9E0Tn7~8No>`!=Aw(Q;G|T9E|MGFbdpZYd(=n)`1->sT z1O;f;T79m|zS{1#ifZYofB*4Aybe8#kR6IA z+LT2GlyeB)^^95JVnPDvqK5HhkzBEgGooo?b+JtFqCgPFtSpe|CqMizW$ziJ;W#;g zcBf%HvP(v{EJtJ>4qmTK<+(QImSK@xCq^l}aGn;v;?GeeT&1?decDv!;@+fOI5IpA8Ox?bJ24 z;Q7CuDb?{Mu4Vk*zpGdDQZJh@C1Ag@E_V@&Z%p`CpLnonjF{%u7KN6s1Ql0v~WO$u#5fu zJ@?h!p^dNF&W3hVz@LY%!yd`CNRsGGis0(`tlZa;mkkTl-c&eBwxUBS#vVg~6{8f< zNJJ{@GC$PO0?%M6yBX8J&;jMR+e$GSE}&vbB#}*=rU47V46E-f{KlR?d3vp5%-$ur z>ZM`;zLtk2yhg|(EBoPY?%hK&e^>vCu!QUJi3f>P$>V3q*8;Cu`bJ5Lb4tY)_s9^@knV0 z9b)+)wmzplKos>jED{`Ftnp+B)w@2%1q**IySkKb2xFS>aVGr$rpJ|dalkRkMvqER6$nS;S3o~9 z&U~nhO_=2+2RMQgX59%9;TI%L)?Q!8s&%~H1NCJRRZE7th0(P=rGMd-YM?r*ezfIm zVut~Vtd}_S*eb~(UlD2dD}qdvk0mDgdR}gORUg3OBG`3?WTUGW?MK~1nz3Zh0=c5* zbc+kT^4Sk|j6P0N`^8bUE&-x)-!dxwnU1F_e8aa>+yL){ZoLCz$l=Y&Z)x$qd9Y++x*dy$3xJrnk(!zjr)(w7bqw6B*MQ*^7VjmE# zr-^VsaiKx7!MFeCHI_i;$YkNr_<(LL4cRa_iU&^Zb=09u*uEbf`hM3(;e_=!c*e!D z%2#5h#KNf6c?B_4W?^p)Xc?1TIuCjSt#MFdqWn=HuPz@n4IF$#;v1fjB?TG$9EgbC zjtVfTHmJq&g>Q&|+$)KC55P#!Vh0oqk~H$Cy7`Awhv+XjpSRAUYuh z^G})>MQO#l(=nLf2SJG4Bitev@=X`<+}scoA(+=xj5=>m(I{nyWy0?T-!7D$5*CH0 zjD^De8T;<`t5lkx>{5PW%5w=zH~9$1X-{yNsZI_^q-{eq`!uSj=5PKsR}f&N z!JM``#dT?5qs|p3T2t7CHzyEjvjI!#lpnyp(>6~)<#nguQz*pi#~YwcyHQF|e(ECb z)t82pA*Er8WVgfFZ~&9Gt!70LV^{Gcov)XuvZh{0pZ|0*)-E}mVDT6BjGqVlhJx_< z6;v}@_zbe&w_2xV5J}<&Z)YaT9A8!!H7`Wsf-iFR!!bvi6e+XikN`Na208KbM;M~e z9>vH0^FRnbLj6TtdwCh@%9(CM=HFKgZfHjs-`jmFfJmN*>F3FjL8ZyVVGY0ECa1Hf zx6o;HUODuP+icEuM%NsM$fA+fA#gEL_e&ojgNk0rRxj8&9Rb!!wcT7c&fr2z;s@Fh zf&^g%+IMftZFs}LK?o#TUhE=ttGm!=^r#AS2{$_+Cku1(a8^T`B@gxz1#N*+dpphN zaHw-dv^=x_?1i-G4dpd$_YM~lj7uIutL(wZoQ~{M;>qUWbwYWBsJTB1DVMC0_vmZu zF66gLDbn*KGZaKV%`r@23rY=Y;+7XT_>&L`mH~b>AIxG7+e7zg-TX%H|BX0m-#Zxl|(e#{fu+ z^ah~-C?Ta!Xg^o^IYf{S=T!Pq=vu6PS%p{ba)o$*3s7V&A>j1he_PcXW^Nxmbx-SV*067 z4bTwOt!^!GT_EJ0+K#$Cx6jHAvKjLlXEooxl`aecE~&Rk`|f9$={|XKY=9&g%#6to zJHNV(8vOvc(!SWgg<6GpurHFh;C`k`u*K?43`x}Z!6Fvs`)I~576#9xU&m_Yj1g*^ zd_bQm-~6N&U8cweBm4AfH>Pms_-h1g8w*nApyl2wY~bTmVbxVMC0m}E@KY!ZTgb7q zyG8oNnvn>XRQE#(Yo8_)a`L=?0Lqm49^w(k#SmUNQxwTV9Ql^Jv!NYllU^m(L!fEu z152b=UUsZ#jyCo)x%?zl`VY-PrXwZ)coh@A_xYIDuoFx^NgLef3!yAHqLh4ZOnY?(jCXF!)%x)#4pqUw1sK1RwWUZ zXoLfE7h?{gG{~ZGB;Z8BqX5IHEfbX#YM%}I40yYP;T6=h1sz!S&FtX2fd;P@CsGsq9)Vo=!dPoM%w59*=&%nn=Gdj8_@_ z74fCxLh}!^Nb>Z0%wxAhw1PH1XxWFr!VF2+EZWwAS_vYzC=m1{!hh;TPa&KUw5DzF z2Mx4lMOb`(Pe~^5ikN%Fyj_+IX=T<~1sP$DrcIre_&1lt!&RU|{PY|7FU6Xoq4$Rtn zPJ(gO2{sla&TbSi^blidfP16OE-Wr!VBzwKURJ&-i&t~FpXo(n^rBjxePPjYe_VG% zHUkE;`~@ARjxja@pJA(JMTGPquw1iS`<>bfA4%(+S7PMxAj8wTp(?q5(0_RwrezPUuZ4p*?Gj4PA`m6c;iJoG zpAW(14W~gISw+ztcGzq}<)dv1E!oiZygqHgV}S*qGQY2w zCYg9BD<2_oNU{zUw1P2aHqEvGY%^ytPD0vWD2oM+&poU{V_yS%2aE|XkX8RUAt|Y2 zcRzZG+&s9ScGlJOhMu;9AJf7FhZ$NiX-Dx*MJcL$v-`HavI$wrN^|C+-gomZe5{+P zMT*L}GSm2GT-A6mw4-}++JF=z;2uA%8{KB$;vD1d)gl9MzUE4W7nSB0^f0D~Z#1fN z*wqN6jbFjbN(}EF;WOM>yogC^i(38}pUHCT6{*v!8J$h;LJFgE*j(@j`!TH-77VWN zc(9(b!^Pns&c%dqq=j|zc`9_$qIQCP1d63g#j3Z>LJ2!cH~il}Yh|kj^s!2tGQm-o z4lLTq4PHY@>k)1oZb09Z=F{H?^2w9#q;Aa@Q0BsTr@{?-#I5|Ux~w9UvX6TsiiQo+ z*r*U|AFuO?jk{CAoZDq$Lo2o7(Ugp~c-}dWfK2#)TSFt}^D~);AG&%1$I)oq$zB%G z5mU@`@=ODW<+kDH?@dNQ{Qg{zJJgk51oV)kcWmb`48LZ*^MNGm_dh4cw=Jkvyw3zL zj1%1oCI(5K0}yn-^9o2ssneSkV@8u1r(!KG*dXsZsv$Z<_D588n4YA*e|#vMF|}nN zKZTC*Vo*9qd>uA9D8;lls$SiSGjF%%bhns9zDN;RbB>>BqDKRD8STbgifyCZ^TyP< zEL*x;E14AIe*=jm7#GjaOtZyQ*I(oiy6wOC*|Dr{srhomdsbVg9>l%YeI_#`7rP7w$uI76EPK8QG@rrnV)sMg6ehocZQ$itV61YxoF(}6wP{7& z&B2Ix6tLH;;4goqiU!1y!3_b<`t%Ram@UuAo%X&cQ5O{!pNmQw(;SfW`E?h2{O{|H zIy~k>D8zQX+gpFX3;%?kFy9syiG|Z!cxzAVNGnyV%1~FP$8~NHx~ZJ|K6kr^Y)j~- zu(Wn<9qy!3^DBu@r#5cP;$=M++2ic)RDgTV4sZ@xAsz1Y9yGUu)g9L*T6hpjg;v%g z#_T2rb-0p#z4|>g!4X*m;p$Z4JzsF}?FLy65x*8wm^zWLg0Mqg)cYeO<0*C&^Gr0W z#GDfndl(8n6#jQK;*0|rg{!Y%A~LT+J0;Go^v;Z_bQp;=c4XJ%v|G!?*{0mm$m9b8 z0N7iswy4(LnZ2N|$7|0j7)B=n9*eAq$Cb0y_<0OP!~Ll?hX4n3P-dUqghf0tI}|nrs46jokHvqY>fsGB~U4hk<$Otj{bh2i%+;^(rwpi5Z<|D3@EQ8N!Hk#FCLRW*mQ`HISG6%kfqpf{Va7hK) z$h{KdN+!*qCfqo#c~kK+>U738I|A8;K-YqydO~tRHVOh!Hp=T~c8d4re|az(q_zm0 zO0XVyuOU@MMa%Pc>i^!UT#H?n_~jpws~3N|hIrbp6fm1^l?0y1Q0(EqUh^F+_yZ1R zhZX$)ciaDWu*sSHBOnfx@!0xKD+9Cc$m=HuqWE7QIHy)^vd#V~b^gt;>k^ zSiYImSF;~T(5Jb>_{5uI8e}Ri_83&t2A_8Vm_uvYWUdRobXo&$LwuS`f5YXc6-K~o zA4}iAHu*8&AEu@M=zevAuo*%i^m;$?js{ZJt{^+zC zZ~F|IgUK5F-71BaB`J=iUx=x7fHwp=Yn6l*st>~3!2$7+tU$~xvZ21Cophj&*33q` z#qLG(LDb6tz1Rv&sWE&uqNeYt+d_Pgdqs3NI!zhb`1^-EYab0FZ-F8*iaZb=FM8VdC)bg9a;Gt4 z&m(yGXDEC@l8_-S5i{Aa9^4F^FGYsPB=czh6s3lh%w4>hzvt&)&aBwv!aX1)+(ruEjJy^{WA3f;b4kO%u$lp z(^P7!*MmRmiiy}AdbWMBA7X&$44YOAV(55$X?w68_;mp@-o`YE7AZ*1Ris)cQHoJA zK6C7o-MdR*1{=PLN_$hER-Tua`u`#89Gf$N)@>WxwylnB+cw@<9XoGq+qUhbW83N2 zwv$f!_Sto7-&1wJuOBeitU1PGAwFxBGiy_7Qx)VPQQvsfCig=~zcx)r9#`po0nWrt zQ7baP4$VUYjXG-huW)M7kxu6DlsTGN>hNndg?{S6t!Cw0epQO6Oo*2z)0c8-N;<-B zz}Er7q=i@+{ca*V=BgOmoc9Bl^Vxu4q7iEPr#EmZ>0w`_jk(GaK>ayp0h5}|KS8Rq zab_`$xeA?8r)z%nETz4KK&l#|8$AYhP*4U1E_#+XFUBw8VxSyv0#TkhL*RGYE`!!- z;vc4h7qYic@ZvF7SYP?@Ou=w2J4~xUkYEIjR0XmOm$+dq+~vH45@x$0y@V_;L0Uje za14aVUgR;Fx3ZI&K^H@O?&1FH>t9HZJ0>r_8oVcq)ZFtBLbYWozh_8*jtwjQ2S$|a zz~YLJRXRgzTK$KIl3c^EXCj2N)Jw*oE~)1R`?hL^=PR!ooiJu+EXrVUOfL@URb6mO zL#Ulobk*i0QLJDPddcqzjwfLQP65h%Z#^KC6_Ms0uEX`^e%>Evx95+kB(}Q`&6_Sm zEphBa)5eb_4ircFbmcq>#2xo*`c@EG_|w1rl&quo|d= zMoxc^Z98J7#}JUo2gzfwNpQ#ZG9A7<$fdQv`566Zv{L{Zw=w;Af32Nv?WXu`;Lwoj z&7)oNVNZ*u$GYO@1{tiUWhDQOmepyJK9spC4f`}FuW@~Qd12T}dpF4}4DIFtqH5ku z$&1e0Td7z-&I}3FR2hxG7#?vx^AotSUUlFt*|~=JxhShS8G(_CDBCHV|vJ^OB-!Z)q+|i%m9-kBhl_! z8n!EFvjvK6U1jDL1CrG777!p(__SdXP%ziP^d%HO*^Z!}9oqG5kAKo97I|ZIZx3hk zm)lX$Rue0$@Gl{E4?JRIZ9hX}*c;taxO=aRqg|9u15g#VmkX7`fKZ_>DCku665Ktt zdbymCKcmLGwl&*JkpJ-5U;-~~->kwYl!Sd^LQumZs?{Vx*cGIxFm!MAp|^v7WBx{f z));6sRj%fEkxTfHfZ~RWEIE=LR9(8Pd-hYv8N~(Zn8ntz)^lvk=Vd_(*-2llLF_fMLZM! z5sTJOQCZ$KlVHY<(%Zd6$u1M3l+e!saDKP3`!OCPZFu%%3|(bg5r{FzzGVvTyZK!4 zSkh`cFBDX4$p5c~faXX+?mneHshJP$gZ0-GL#)apwLJyB0O1d$k6EBv?rXpXqx0wg z^~dUteg;kfz{9wu0stNtnur@6}B}X3SGR=_?3U=--h1)KEZ(fmpF`S6(-S z4|6MT@#L6x6Y4JztJl7LqnMZzyr$ZD!z~Ay4l~$zDXipZIG1L|=vNhRqxL9}y!$Ph zZ~Vkfr~GOSmTOGrA4nBI>B^H>*M=ONC`k9~w>Flot*~ZVtupW<%VilC_m4QwnYhOa zdInXxwLLx9`-%C-Dpvv@3s`MD<`{&Le+F-I5P~~;wQI-y2wSSB6#nV-VS(~=znf(5 z5?HjFONEn}OIVO{DGr-y4v63|H48aUTQ{ufX?goNI=(?~XZY5K8!A{+%7cu7q{7}> z*wQ$+Tfxy5G9%E$A$TfNYisCv1Bbbt(FL39n;-)}8^%q+eNo(`5M{FXRxOGF@*u%J zUO5CY1pN2)1tPPQm~ls-d3Pavt2zp5LzV|29P>;H0p+DYAgK zAD#^%oW#h`Zvru3ng-SECx`}F-BI}dVPZ-|*@wu{cKbji@|(bAnE@XByd)ezw1MaA zx~4Ag$`Gh^BgCxc1CjuOtoVp3tqdXAj{xX5dHg|u9_Yz)l8vRvp%Y2@_#s5mD4`8b zC~gxB8+nK5)z8pQEL&;_y^g#9_TcJvRdg^6xh}x>HwaoQ5r|9)l0SrwOO~`1i*@vU z#h#b9>NC*ffPnfp41{wLIC#O@jWh&HuuG`VctlqjlMfgT3mZ%q5U|bz8cT(q@vU;7 zWjn_pM#I_Jv&wKmER_tFTEFvm`&do(rrV!8Te)^H`g3v8R1Ag($Ne`;lkfb;X-A4h z@#%)BHW z&sUC0GngcW`x$1op7VGi^!xmY&dr{TD5_`S54b!VD|B*fXG&~{iX2aV`UMZUM6zv* zfo-6PJWNl%xEFhO4z&G;Rin&s!6Sz4OFzTUw_v3T#Y-LVh7349QuM#=#eaWJE9HHm z1gz~tuh*w)f{8Mc=e)soxWX};lvyUBF9X=yG(69rLj?8L_xa&-$$1F0a9nP;5Rv!A zxbpL9o)LrPLuEq5Tm)EaP9aHhaNiaB%=bzCpS5ad;l%y)NtzmI{GQoeC{GXob5;>h3L;1)!8$LXdN_I#;wc zQA${i1s_>+Hw>cA%qDkUz%wyfb*GFQ+D|G(onr!?ZP|0GG!^DuKI|CEyfuGME$AvpUrC50lSd*-&{3FceIcF$Z#o}ERGkAH@^l%ZK-$QiPyBOz zZZa3BPn`0-p632Ay+mIk!*0I7$J=A)WA%BDPuH8y`TrV)r}b;tVR*vJrwpRh>0gSe zeT5g2@yZgn`|9cNh%(ax3UPlAMfpYl(yW7F%PUQMG}|F~%!-ZI5~}^%(9h|B((DF% zsC|vV$oJyh`pqZ*F}RMw^6ID5&$Q#RrRUASJ&hTi;$xi_cCwHv7tjAi0>l5K)s}N; zK%iy2z@u#d0tRGiMlOe_tM7*=O#PpX@~8XW!!GlsZVk3^hvo+X;LW?r$x$ev-ZI}y zMmWD$MWvHSX&hGkgbePtFQe2NYo6rqlKw8`5rfNN=HcC`GQhRddYeYG`EKtov)n(f zDPQx=CTp!@*ADFRUMTBK=u7@paFdv`tKC(W*CrLe!}jZQFs~Cei5?sRDx=xE$;Lg4 zOxFavsjTeW^V*pYfR)(hzboc?88jt{b50F3uCzBM^Ej^iosUhEehMjAIN}%B0a%oM zk?9}Qo4!4{ms1&Zgj_K`zSohjRGJ88=aPs=>E0Fk(ys2X>d&5rw0BU6z~t8}CrbI!cnyJuQ=4_t za_yy6C3>Mja#Y?Xvv{w2r>E4a%C?fb0AbdGnn@<=Av*VCAuqq;&ww2It(+~E>`Fg6 zT?U=aWoo-{`S#c&>A~AcH0x@-G?3>lw%%j9H(VS&4B|Y|^an5mLjB|dF1R-#^k!*e zSJ;iQs35yJ;0s`mZ==EQJ5l!i=7p9&_yO}$FBc2$4B^OL%btE^yspWn=bqgv%QwMp zsnsV}(o6xI=2p`m3<6?sgXpzMWY*)lkqI+G8(GSx(x7olJx_n9qiFxHZURUB1?n4HC|86Va$SpxLhSckVJ}Exoc&w@N9YM=8QW z9R#inYrxh8bY}V!9pk0a+ihN|bFo}9Ov(t!j}S@b=38xKUIAeloI8qVUp`+`c%{Ss zZaqEw4SHqBJBr->DCoX=O?l&U$`k4U%?nkmYyW(3v-S!!+qh4uD3knrZA0)8JSwl) zWwY}(AnVK#{WDnTVDK>aDZdP(ohqw>0;R=b*~FMburO+(hS=8#O1#&>d*(#s;{}Jw z*ot8<5AlHmiE3)R7d+29RC3w`0Zpd!V{~4=kwo%CRHp+qS5t6){ojXuNlLfDuCYUI z4%4&n=MOBpH>9-I?PF+NY5LTVXNi6Z8V09Ppi>!rL#kXyqjh<*617=8}7tj+H$O zD8V}Gl%m&w-|r%A3jMdtl@KH&rSW^Oq!P(Uo|I9r1KEA`{ol)gbpyJeS|y}uvxEPv zHFY=0DT#zx>U=Ew^g%fI=ERIJ?9hMccU4bCqTG8Y`yxE|Bxa4Q$tvoosns7WiQWRo zfX&9sk6eIO2l&)N_->X9%aKYKn|R*wp+J;|Klc6vze{J%wdGdQ$U?FkGd!o1+!89- zYWq7Dz2eRvgUB!%-DI#Hp<)l_Tb_Hx{Dd_tb3#pncINjAlj%(|ZYyo#1<2)W*fqg7 zTimt}Iv?d1zeXWGqcQ>XNv(AdhND9yz(1lB`(_q?POc`~B(eMZUWc30IQI%X%?vqf zXUX(ba~)I2WOIQ=FCPHnbo6dNi(%1P`F};>nO;a|Xml){Z zyN=DpZVZtW9x;i@B6wR@yRW!ML5{1)GGEu^NOa${2jj9j{f3TxijqSjKopBFK@~tmOFQ?ZL z+B)?q#G4x)Qog1s$EHy|Rr5BB$Lp*{AGM3pjEr*=>%E8C(jGLJcrKF+LV7TfTIrB? zL~H^cvIwg04;XiJTj4In18~X+6gypQQi)l447IT9(w7|up)u0M_{=#Nhm9)Ry}=2h zOZEqO#&)y{VsGN(IZ-%WCyxq)&t7*5djN`xpY90ML|TzBvbGHkT-R8fY=Qil8<=lA&grpU!9#bY{1=Hx;MSzHVOS3|y9O)T+csp6o+OWk5Q?s%(tn2Ddf? zg{8e3m5WL+93)cCimU}dCNfVekL&v>l(4UQ+5%hkd~?57@Fz3&)E@WMT3#_)rWyT&euk3Qd$Zi=PsBfR^-6U_YU z%?ItJRMf>_4`k=LPaxKl%;_*&Mzngt*wWvS$12V5YKmk+*Z9RRUD*KYBEU|qs2uE1 zgKbm)^hqUE>bZ+J1Xcb>sSl(Oo=Ns#g)S;nm$p>(fjBf>Q5S5n&D`k?k?_4S+ITw% zt?)?er`3-~UDbsG5jY)L1uo-v%3p?y;rV|-;cQ%)QAgMK|1AUUaIr;02nf(CtjKZ^ z=iJkJm%~m+!t|??vb@2Ipm=Az`bAY?U939UTkQCPFm0iN1oZlJ>5A-17_J8vAjG+s zuQ7wTEup(;mY}@ z@|@5o*`bsWotzY-QlVIgLIOjvc-MI|Gb2MrOJ`w=a}78+8YUypyrU&#!vlE#k$>&x z$MY#Y_`bh3*9XDDLe91q$ikph(_|buW9wu`ZOgVlFqV~wMKxAljq;Ofys*0=>wuX# z@_VC)7rUXtaYcWD$maK{>r-Ya@sy+FV{sso4+Xlm5^>1vi=(8v>U%vw~ z0%Ru9`F7yv#Z)eL#_GjMQFx$#MidF6or}Ui@g*3lc136=Zc|jyiWYaqxRF=~+%H@# zs7P~NOwovYA`4uXp@2EP#6Bc5*z&>-Fd9gw7Ie>ftFG#&PAQ1Tt;Fa8ck z8l2{o(x=(Y=YzSoS4Z>iU#u3LOOU%j1k&LP-0-X83RN1T6lLfITV+~Tb z7jh6NT0Bc~<`$3KX|<13I5$cGq=146g*`?r)pY4#iknAN9^=8yGg;UycZA{mL=UHb-e*!3#gM zcGRov(X!jD6s^UihjuqY!heYn@)9TZ|8kz33~Sxib+fb5>C^tY1f07}XpTfmQ@*lk zhi~_Er}aIYKgN{53^~t4wRLVhn{Q^sx~!&*0L!WBG1v4Wcb%pL8!Vt5YEU(=Q zr0yKnsyQxG1+>IJKqkzOW;L2!%(F@hzlwry#dNB_G4$v(kH7kVOAf?TnXbt?+S$XP z5rx{(n&K$NGo@E`GB&>8;(mZLf?3Fsayam>_WNL0sg4wI0lPJ3Mn>p0T|XI>o0JX- zfk-A?_G3}b-Jn6&nr=K^t1d4C+|Ne>Z5)MZun8{nv7GAWLK&eVtz39e-B~N|c_>8563~nZK+<%XtHHE622{26@vLRtWFxJ0fbn*n&P8ny z^ByY^`F>&}RR}LXr*Ar5x5Sx`hxr<3s|{4{$0JJE;___j>-X^pu8+^aPM=pRO5g1l z_>F!=A#{Pk&KBK+!tJOZ>gZD1l>=yalRTB-PAY&74KZ?O%Z7%=$=ka;J`a)yh(en_ z2>Jfa+$8!S52!1#LtVFeDj!u7SC2vEkdP16(dYu9Tr-}E_zb*_>&&+i578g)V>i*5=xL;I`NSS^LffO{s4G1Uc(J)&uX1NE z2H(*o^24BA-h7u&7{msHWAIhR)qJyPagc6ewJdT@)j%I8rgIm()lxx8b@6M_E zawnlppQq~LkC`V0B*qU0g(r$#wzZkg)5wCRWjW@f1I7Qrwb`k!DwL7Ge z^^ZTyd#gFdRO1_z@RHWsyICl~0s2M3iIn^?xq+`E{IqK4Md1K4D>rip7+V}T>`ZRX z<%D7d)D#}_O{XhmPCjE`?FSEe&U&z{qGir0A@kKcUVrA&KfT6b^cHMeGq zfq5sHM6nfa$V250urKT~;kjxjLG$*T&+=1`rgR^osFo1@9vf8CSlR4X4qH?_ULz}S zll-)|nm_2Kc) zNWzA;HYMCyM6#lAzp8B(h(XYQ*@60qQF0;NWP!v-;2YI$M_#lPORuV;aoy}yg>OF^$Um1>V5S! ztmzzf%+4s$4#rd5cnCyap?_;p`bebaz70hl5%@nqTn7qnXS4uaZxn`UD1rerPA88U zynqHCE&K-@dsORxJ!#{9>6%*s<|ZeibO{@Sbe+Puc(kBc8hN2wb%AIo$-F)2nb&J? zEozcW)n#p3Hm_Se^c-B$NFU!^T2y9kyzr7`dFffpAokt>@XPHcikFg zFPo9T7<6)6b(yYcI1y|vnNGLJ9NgayO2W2Zp4|J9C{gARx6#q$sUzSZO8dSkcN7Y} zb<2)w`#LlApy?UR0A{Ro$EeGsNn&&tsg3tdvS&nq{i_VUxMcw)mQPDU*v$9QS-jY_&)SWR5lLqFr97pm$?b&TSH#OmOYDGrGohvU(fP zbU;~f8;G#OE7O!n&)|t%y6EZeZmWFxc?9C9O+ixG#6Torbvd_}r|hrwWVpwuuE#&ki%|l0{!Q#Up?!pc=R@3$yNxoy%RuwEf$Np8 zmdQ;P%m??Ujev;pfxKcjjzm-V%!ZlXs?HXin*Old)gk{4AT7Hxv^{T}r*Nqv?Ssv23@tcoSVo^094qdh?APS=> z`g^fYD6g3OT_(PU33lZi*S|&0vsc7Uq7t(4dHsAsrO~|CLu`sjOqSudH=(;m%_PZN ztX{4kD6Sr9M7fC_*CIXJQe{|k4po{pC@_H;)57>2 zf>zTmQ%up0%I%$_9a=F}sJoP~_hm-dX|ya)P@6(;*~|O9xdxRql7Cn|!+suU<=Z;# z^a6exK7s_=u_h(wys+NTIb8=kqQC$1Ve$Hy`#IX@T^F-7EfJG74dGTUd{UTQz)JxF zPWslb-0n>CL;L1NKqm(fIUI%jaD|j5x)#g_RL0rnX|?)MNiuh&@Vy?S@|8$uh#iv3gb_x_Q1z)V5sf9LA|#A=TJw!Pf! z+{q^fMh~t=ttbu+nbZ_$gvbTvlLWJ%6p!zL zcYL6+B6v?MgO)07I%6gTo*$2&VsL)O9OUEq+#Q>czP_LIdU5C7#^FdgyopiMzLdW) z@VBvuEHY;|e7jVGcoPM@XIA6Pz9@_^@=4xzzEL=SzEweDa+tCDHCCKs@X%izPTUz9xah=D!E4h3_fPR?{ z9?}n8@$FP-`<(Dp)?5zs@sLke6I;?#2=?bI*xZTjMVxBWJYAp5=f)aa1A@=%F*aaP z0CnY$(K9ex<^1*dWHYjT6Xx26+gwH{GoVIhvrBN}ktkq;3yQdB!?Z>F;5v1~_Oaok zn1ejz$b@}ltXWP>x4jBC+dz!F1mMe{ zF$m84J&MroG&QM5UxJw_NTL3Uy2ddb-sslcA`egC<7yCQIsFTyqTf#Xd)~3ac4ZT% zr`6;K>YP!W5TYmh2$s@9dRw&T#UDg3UX$T!M@t|$(QveG_qF2=Tgma9qhN!<5)nog z!e5Q&ObMYQQ~CZ%Ln;zXvwE*D6JWL8>ead?E@8MBcnLr3?0x-Z4{gQDi>&0mGK#z1 zzk&Y!%Wz+pmX?;0eK?+X87aK_%}I>iIv- zS#bb}l&o{D%K`dYnPht$8wG3f_|Jow^+22j90P3il*~qL9c=TPn)F-~b70|R-IXGf z5v;w0=|K#Mkm$*CN~4=GJODwj^CAdn5KRMI5&6qWEaT34@Hj%thJNx#? zXQAz{aSSZX;!QQ{vgHchJo6@tmLD_dIj2T{S`=6YT&8xplKGiNgVvY z{2srfeosA(k>|VzuF9vJQ}T~@`~~mkxxgdo1qiJOn50$REo~dg(E}-3UUEZu8~GUj zKF>0~_e@5(9xmHf5xy81{$biP^flz$7- zN{@Dt3HqYo7D@-+?hTy1Z*Wya+s@QZ3Jn%nZpNZ;y@_2|{ZoCN|8Zyal<8obIQ~n% zd1dZ~B{EoiCtp};whAm$GjOaKXY|$`jT|~=2xd``CgZ{GEr;E2{^pJrFGiP$jHs|$ zC@dJr0}L{C=H>5p_7Xpp8=8R?4!@I233^@>A6%V$+@#HNYpyHhf!csOg|S44tU>9x z$qYNt#+;Lcjd-iRueD7J#Q1AD$I3WAl4xT7;1YwV#M|o0!5Sc`@ubsFi)z(L0cMQT zFY-c7>04?*#Nj~#FIv2#CKZgpn)n}v)!0lIAvp#Ac0d47rWdd@eJ?Fu@akv+P$S(j z+(s++s@diL!UHF11-Vu+kxrC2;|1f3WLQ9iqTneFczckFV3xL1XdStrR z`VFb8;2>4>FiF!lFk#VbW#lYEVwKRojKV)4LcThwcmV|icZ&zY^(0gFAB@>sy)V6^ zu)5xujXw4tHI*W8nx8h`-7PzRrw4M3*NA97U9V4ITodgFB?&1$Rq^=PekRK^y`-|I z5im=e1TCYm@tt?zC%D?r%pI9E!BkF=QY>Q&;i`e7efvCK-^28p!)qxek zXA0}uh=EC_BmLZ+Aq*x_b@8C^26r5@UtJ!x0fd8Z@Aje8rS$i=mXd zvP_VS^s%u{Amqr|erFAOjHb*$pS}Z)oU`_{-FOQ%I;4AKACxWa1P+Vc{^2CNX201I z0RS>=6tVysNN}Y#?cLTE=;&3akNTx7^_hc5CUj7d#21gFb3--RWe!H$nmZ6Wa8BWN zkyY2oD*JYrA^dm4<-)QOUNq^CH>fu+Hf_eB2#JU{pCG(O8orekuquINHJoDG+bL0+*04R?T z&i-n~$4&mUDhy2t_Ux2Dj`>6aG_KcLzCy`-^$ zFl>-IMmeyl@9M+6d-$DX{do+L>w-7GddR#b5AE=8Tf`DR7c3iv`(>wiKNptbQ;!!$ z+>lvDdX=d}il)F4>K~NEGc7Am@d9*NW2gE>cvA_;uKMQ~bQU0#-Cg$u4o_r7WPfQ_ z2Y-Y6VT)kAm?e*Uim&AUDu>v=YqU1T){Bt!2)?=yGunV>{8TLzTH9l@#Sb*N;emzUDt2B(f&xc*_FhgL z4ny2o2D(Ysa0nS}$ZlPi5oSG(QFZ+!6zi{vQco3Z-SEohLSf_bKn6zN;zs$`nc)r@`E?t6C|S*G<;wKap_kixDaM5t+6d7fY~P$5#i&CAm{* zB=E~V8k)7Mq1SNT140fw?SypBxlMpUJnNnzcH;%;?sSeh*4Ov1WsT|`EMK9DaL%)A ze9g9tYqD6nUb)@;^`l{$N`AdfALa&{r*_Z&b){dO+@lq5y|G$PM{@?zwtl0|1^^uE zTS6>_pKYtYE|(ZL^KRCTVAxY3A``4RZC!I+;^KmsJJ>QD6D-^)yM`ZmGHf(o;MC>t zp5O&;*p}(FsmU)g*{(icd~!Wve3w3RlEr)CklUfoI}0K|OxLW92b;F1?yzk%VB1wV z;9(p0t9h4cAHl|>3*mtOVTV3@N$JEJx`S%w)4M^qUkrkm~DzzlJy!ZqOT zQDOB8deLYB-tRySXs_b4pyAT*OPfvia3agZ z?mp;QyNzc?Q5{}adr1-hj~H+QPAZEl1pO$1h88|Z7NyZ=E~-NlqB{!2o5G88L(MGU zg@bTX7ggC(m&Ov|GrITXpWr)#%50$Q=zwCB&}rqk0jYs^HrMp%#~;X|46Pm8ZA7Kn zImU4)KEsx9muzLjEp^UQV;qqN-1KdfJN3fMhJHuA)j4U(if-nA{j2r|osMFw2^x>p zIHV%GRTt!*el7v@2HVbG7o208*u??jqrUD9fqB<~$==_vD{z@6a>E zmr+Y3>rNWRvEoX~$g_(j052mbhk8RAqI7b=85E8%1i4cWoPNG*QE{U1%h1Z_{V~v6wO?95#W)Q(qfQ2Ln#S=YbD;_nJ zJdLu2^nDK3&%N4x&PZLsdSmMKLs^IeKfcIGF?}`zlL)OS^B`>v`3-or0rwT0>L$7D zX*gM?TK?Hh`26m+nT11UQ@3!4W7kGB5_E;@{#E(JQyc4YtEZ(UQ7ZCc`Xd{kgFaQI zyzxT+vrPdWmM~>CMODjxZmp(HP;aIcHPmD@nT4dZJm88}Qn%QGI0_So$us4QGA?vXG{$Lsp~yKJPb&bgmzt54Ekrt0C>V zb-%+fD}Z+JDnKSwvD)gmKiY1}X9!b}?;bXZnXN?Gw%hgql@=-XqbXIJ_imQ+i7i1F z+ovDB^tUrF0#KpAq{v~ax4ACbJDSm#z)4^I}oP_b|dAc7A(@HtU0ZW~?C&jTO?f5xWF@h5a zf|)f4Y5X|ncIu$WIp%kLRp_XQD3?~8J_u%1k+$eK(jmgK4VQmRCJ)b?l57DW zY2{t*9zcQzzzwa?wqNmPtjrEu_<#}P7kXZDqpR$E81= z1J`K4Tv;6COIJgr+BiH&zGTr;##p$HXewYU)y=4nTm<{*A7=Hq2TkDR;;0-MjH1CrB3x_F`DApz}N=))-xc4wi4kkHs&IZ(vR=)Fa@?w<4#u0TVx}w-hU%TohTP z)3u78sUPYeV#tCffn9z;UbZSm%6&uZ1Dw7G{LZPpUudCMdnx;iqb(L>JBv|bivgHK z8P&a9RsC=X=pvqLimblGb?wI(+ek_4_fHk>H!HJ}g(cmo>}4-aoSiPB-hP!fq9*|- zw;qMe3e`)w%CM8a! z(#KeFVnLi$M2@hIh5BI#-x7f`1t%Zid$$hn_fjX&+Jw{I|0WX_?2~$QK@%@xz$f>S z;T2jCZs>^pw|@=@(tY6enT+U;56;TQnoRF50!-D}{C9lme_Ag2>*)Rz?okAX;2xf+ z_DNdH^u&(rD(z1Y^nwr^2rCfwV&HoG?0F|BNv>O|og6Dm#`(FR--qiZJbb4y=~v^f zM|d_DGOiDigXoLz<@dw5X)3%wIZ8*-SCEnCPW&?}=q zDuw>*eSbOT`9|OHLr~#)yTxa!4sUM`RIH;vhFKZzt^D;xt)W3QR< zD9s(xb3^4rIfouj&nvu%?+R_Ff|O%_4)e$FeEJK$@U~txj)u>64tdERH(u=ZJ^oc5 zkZ3A)AEj{8K?_PycS{q9LzxVp(P>7@VBTsJIp1F;e78}aiV(b1L5ze2bTPq#JhkZ` zx+v9#&0Tl8YrXl9%Hc+TXz+i0<0=&N+(7li^8wL`(rw_7x%(6kIIK5i?&$qnGC0ksJ zYGpR2CWl&N$j(=tWj^zbuGOfpq!?sT=y}zNscuHsqevB0rzSeK$vU?MyW~563a>xF zZ=OGb+oIyWgvGa(^R?OwCfTDo1j*x`T0H;as6We=;l?XN{#N;A1>925ugsZ(?3FD; zchr3`={Bv%(@fqByHQrSDu3_044gyN#P;J!D34b#XbI6{{!<&a!`NSgp6YP*e#HL! zDP3Q-Gs04M_JZN9^;et*e4ZaAUZ30QcGi}z_zA72UYdpsARW{@2X1?XOzk*sA=< z!|-I6wvITsuU@Vw!%V0UYc(IrubK;)dvm;MIR#TIozoFPw9AmsG0CV=^yo_=wls%P zB>clvgqmD9TO@FU71!1oX6JU}Ptlu)-*cNC&BkFSdrAfw5*Kiu@`x=!YqNz zO1{&m=kg+_2Xxo1ZmF>W?I)b=9&Lq?Q@d|{8#kL<{OWnKv_9ciM#awbw4hZ|HQEpI zwsJ(2CiscDob6}NaEg*Ri47GzR`&)`_X+rS{fMC7>sryc)P#LmyPf2!$kk&ZeaB5e z<;)ylp7Ag}=4OGavT!uo-P$fq`gd^NY=2WYLiK2I7}zlKIN1;1TH^4o3R_o7HuzH* zhI51=jn2u-JM&@>6q&=AE~-u@tb;5k#nEC7WeR729Zf>1)b|Qec*mXy=q9mHFrr0x zNJe3KGjh2(W)#bilvv4RlXz3^#n3!HHByELb=X3SV}X3R;iiL(VNDHA>yZMj?8g4Y z|E{m<2Xw<>4cP~&^8oRFev~UB7F-LvUVFYzx?|g9;2vB%fU?dW&ZBBxUj(dVyhNT= zTuUyk^=IF5)zC~4t#O#n$RzSFr~u+54Nvr@abQuuOif?j8hDLkC5z z)pXpYR`b78>yP3GwAyp+;ZCU;yjV}r_+eMjk|Q?0CoW8;qJD&?l~hQ^b-b>Jt@yOP zzYiRzYw)p-IWVa(OgP-GcTadI=jQ=}W`=SyAe4HULt#;Vx0&4R&XlMQCIbdkQbgi9 zfrNx2Id+31h(#nnY<_o?Xk&U2yHh`c)YmCJ8d_VsFV7ZpTp+HZu$EVco@#L zi5y=;YdAnU;$KovU1Vjo8}!GVPp*3kkaB(1wq8$|wD~f04%Ai=g1Akujn0utD z*V_I4%$;O2|E@jXFE(ePTvMi-Y`MA>_yv%}F?P(QV~=gziSHPnX=>l>3>){Nk?`-t zgbZ;5M0t2Q@BJ8BFfiD$XSmPpB@o*hLKiOMK{q2s6wa<-+)VXO%m~G)@1Wezc?A-7I+o&~otd zMpIMCNFaL;W+f1Q(_laztk~vYVw}it!@k_P%B2ur`hveq`%GkVgky-i+}0)?2l)Ul z@#)LW%AyuBl2bsb35ony!}|=}j4Q<#gxGGkkHZIR40_T0z6F?=Q zH?sNl)gab`p-&YUUO$|j5o9aR;a#fo!f<-1t*D`}kycQF4^HpF3cFkhD^2rm1-Fiu zn183f5ebW_cADmtp;Se#B@n!{z>yc>Jxje%+DdQNqVhDEm1cn}J18M`-6048CNHPm zf>1QI>buww=4926FzRGeP>-}N@jfLc6xcLuANn+MR$2p$O_&XCTb~PQDcW^e=O|As zF#cly_s4Bs#X)2G#F|dO%UfoFO>GKFg39}uY2CEw?ovy9% z!+C2I^PlO;l@@upBm!%G{hU&TV53A%g}_TaF8TpH;(Wh<5QH40ctM>GxMwsWbh5Pr z5<{pJRTMV7=$Gy?C(!;L2+0os^~;>I0Y3jx7|jc-4iGT#>wsHPun?>g_?*H+K5{kb z?OnVLVL)e~C(FaO>-`1yA2}&-wY(a-p7&*j?}u-@snLFU>W_ne$D0nmYVG39hqkU) zlrA0Xi&Ea-3?1wEcX#8UfjD@-(up~%pXV+tXwEEz<$P{?>eqHnwx8>W)+LF&byADB z8g7_Z4W@oJUY`jJn8>>xiL92V_oLhY7TL_GUFqtv zZENbs(+?vi1EfwE^uw2J-S;oQ-uiz#(c%YZ3rnIq64{Uq9mm2psW=T9DsqVd2|PXW zV`^+n{kdp$8@~J3J4dzqdf{Nw zP;8f^o)M5U5BVY5)>d^J4_bUMxIwz5w_CMzHdN}U10S~nf`6qO=uNyIHL9kl6_67X z-Y62XhKODynzwNYXhE70(c}R6m2M8N#_hu=eQgdS55wY>S#t57Xp9&fcv*X8t~aqe z?mB%qZeln2#4y04G}J%Zx|8&`w?}jDKt%RLlJrNJM3^%u<{R4ai$%YSy`GOn_{4S$ zwgbHFH#ivUay&;8&^Ir^Y_Z@l{$T!oH{DWGQ=>QWTH4dt^Wt3Qg_qt0%SDAj&gdAc z6MB&5Sx+Z!%n+$&(-49Nfh_OK&=W0>0)9T!dQgHjl}7gK{{WRhYQO1*`TkSWJz{xq z!`4xiEzKaym06034E+qJdaQQNridr>5DF{hNfC!;&+Ry?xHQl5!d8D&kQHi8c>3(^ zn^%nXf281{kOtX5Y}vUxvO!XG-PSkiVpYNh!rb<({R&c)^bBTMW)g+f2c4p- zLjp{VG;*X`V*mR0!%qyp?7HJfl@fx!i!Aj%k}Y^}&mN^NEj$ja5(7V;6|b{;9AvZQ z>~%LvwS$Tr8SsjLl4pN5nZvYS*`v(55#RkD<liqPijyr}RZv$#TJ8u%<3YP8$H zePFrk6+exgisjok_nQ9EK_)1B!w8-#`;B3{bON15x&MsqSrzm!1wrtru%VOX+?NS=9^TxPW2vF@3!I_UU$RcdlQ=GH!N-M0zrP`K z>Fs5Wp%IGI(#y@oS_!=#B(6m1bssn{`}1;@BqcL#F1r4*(7{u}-8Sn0gR=E?bYl=f z5xUq@rY@*J@Hl_Ag^Bu0jetQ8kz3WVP#UNzYQOB8mum)La+Je}%fpCzFQG72lo!$GzLF$b(yDnYDd*MCBn zlhkEL1Sg4+caee9XcH0Zii?s^W$J$G{HeMCE^M@wwsPhw4_uThAc=oIf!gJIkeX^1u0S<=Yhr8xL*)V>YA)Ayu^@F zG?^-A6as%Hi|k@1>#`l>jpd{)B2H5Lt{G;eYPWfiEt(lg0ytYXU{1>6g^VF(>#Edg zn3>rHnzdEF)&vm!M(wI~$0{ME6sHDBeiXsBY_4GMsOopH3DWL!{rTl3VP#>y)UGc- zjeW_?TfkA>R?TrEtw6KYb0U`qpp7!6>JHC>oMeBmG-w15&}j7opZTV)hMcc!jYdZm?pLH=v>o!e<)dL(mNDGG8^%=<@p33iaHFwvQv zxj)SMBZEMjWxU+r8?AI0yS)n*J+>Q{7;;zf>!Nc=Z4ThmquWnH` zxHf<2R!zjDC7Ig!NI--oy|pYGeJ!2XDT+sY|Si zv5Pn>3BA*xVt`Cj4^#XF>QD8ohF+4}Ax_FmshR}Ik}lkv%cQmAybjaEz17#%`xMr$iYIE3s{oAO=e-GeLooICG(D%_ui@I4q#wazHRxf^2-M>G6MD zRf#JkG%~%5=4<2l9s^_r_4>e6b zyX%JW78?8B)T1;5<+2u4*K0dpk&y^u9>gv*0j+5#Volx9o94wmmZ7SF|9k4bMrY|D z`gWzo$TP@&ZJZd6)s8&*&mDXAPyc@_Ws-lVR{rc6)r~Uu@)q1tW*RL}Xno^pv|7b@ zeMQu#QVrq{r=}*C<89&EGUhJLNwS1h#y^S~$m_Yo=s-5Fh% zS>j#g6M|gQz%^PJ8UGC2Zc!*|SfLkMO*oL*sSp+gNv@-OA{PgmSF5t`>+;FW{sJ{r zT%2oRhC24`pk&xgNyIVQmh<3z`t1WOk20xb5Cjo53DgWE&_SKXAVPZ9NYMEy8a|-` zFMTgbMGT$YaxTyVsQ2l3%zuAD?H+93JC)*3$0y3p6gtyRXmiar7eei2{ISaSGGeQMze#%10bDv-KVorO&2z#@XLiljURuioEOY9DArdZ zobp;yJ$*W_(wLf2Y_(d5{z1HJOn&*P+#ecwJByw7hYBU{Mp_qPXcn-7ulVKb8d}oQ_NQaW!-JE}t!XR^pRHk2;P*GPj#B(ttgMsNLjdl3Vh|YoeY$+^+$Z6nR z2n%Q3g|L{lLBX>$n-l|RqnDeyNAK0A9NVrjvnk9E64!>jMji8E$e!Q}|Ady%Cz|$~ zT2m#cMoCfxMog!;Gipd+os+uMgvPE}%=9)vNscmd$5Q?)s`7uPtJGk)*lID6r_)5v z*K^N>6WCh-P-QonIXxsTP47YFuVJwBW&%9(Ips<3w5{=H#f<{k}uP zua%O(OK6a)W`=sKmjY1~Jhw+60f|j3US>$jFykfeFw^d2q2$hbl-^aS!Z@iAr6*~7 z70K0UB=ES#LIQtGr#y4+cn%fZSaETZNHMcJ?vKq_quBJotEQo;&EgY!Z8ks);w9(r z|1|-6b^|+{m_DVP@H2NPN`K4&@lkJHVHgxCO2mr-j50>C8w2oz>jodi93u8_2SuV4 z2lmFG$-;;pdbz&(2fqFb1Z6TVWo~41baG{3Z3<;>WN(v=aqyZZeq&^MX=Qy$n~Hh3VT3!CkgSrf2S zurv>Omb1;_Do8V)r7_!_u0DTy<=8i$yx`M{{fJMiwTN<_XR-H7(T+vKrrWE3Z+^ZC z6Sl_Bro!P^?XB1QP7TNL;ZViw2mJc;YV%n?6$t$l5Aw{M^U3@0jQsGtm<7oD9$!} z={8dPZfq*{AlZP6fymfHJ+NQi#AM#u?Kl}3Wr^Oi+{^M&jR)3k^}=2rxVBmIC#!1AkmE}-(Ep82aeT@ufW7|js8UI`7Gwvh0&Ux)P zG6%O6I}}5?=j@aBx~gQw>XxNEz&FxQYjt81o@pc2>w4FAyD}Iu-XhF-7&(jh=CXIlW0#YU-o920-^ZdK>T+y~zBx1GU^_N! z+x1Mz{>utJ_=)_4`=0JO5^phC<&(g>6)GPb-8!RJ$C(oB$Qp> zBelajlRV84I6c@IDy4n%i0>FT;`ywuNi>Xmd$@y$tBkWJPvc6^-tbU8%;B} z<~e;TU0R#86RznJ3_6a3A&%v3y^LxG<{-ZHqd|%v8BimD{#3#05+lLG37sFkB@$M` zHy_u=u`nf==Fgze76*CFssgNIIjHK&@qnyf8xzfzL6i`)Pi02XjSZoM&~IfijJ+c! zgM**mzJ8<0!7iKF*Dn0%8SD>KVW=oY$l1w(wVlobdsu;W^IW8!1(LID3&glEarWC@ zwzR%tIywxVF;ogUN4UB+O+^s&b+&d;;gBXo-{xu)0+Z3dg!Y9YguT9 z9qNPB5m_aXG3h(O|40;xitV?nfO4OPUV(b~fpYxkshv(eD72089t*nuK&E#`*_#7L zWeP(b(e%D*YStT5uTImPHsm@xje>4tbZG(Z??L8~1s;BON08z8h zR!x6Vp{F=|jeQJ`;lNXII5w11YOhV#J?i2Jd{4g8Yl%kI#4DAR7VNt*ki*`86|ns< z9M!9vo73sEO6&<-P6#)LaRBJX(&uG&?{;gD(j9ex3}!0u@1g_2{486N zlg6nIQB6>9G*k9~G_yOfZQlU~;PIt^z~RBtCu&gHw|=!>FVqzAAhPUDwiu#BH7tUt z9X=F~ZqHornea48CQ_?cVVv>Y54@praDh<*Iw7-M;MJ-u`id1zV`Kvs#52jkGt+;a zU)Yd2hhGpC!x|I!Le(X9IJ14R@IRoE3!N*0+3E|pW-cKvP0XE!&W(x&qM6+4ois?=3P0S&iUwpyDA&|XQ73zkhT&HDb$DtmrD1IFLqAyX+Rub~qmFHVn7DaOtnn?oVi7uCzTI9N(3>Rz>~_6Dne8;k>+WU#wL?KM*c%N|&6$~0iA>;tOU2-$ zp0R2*D5sV{RXu!XCmS?BnPPw2Ka#>V6GBcy=4Jeg0=-jJlY;H~Gs7IF>lf=!rq|#Y|nqQ^q7#L^u;#- z8ce-jiewL(YCBC{mMVz63`RUC*j~QWGCmEpNhp!Pd7;{sNJIDe9i9BkxO1Go$kj<3P7?;82|D zaVvi#!U+yvdQDrfGt_^JMk}-r{K5b$r!$@q!(n!c8)*Wry#{&sw*0-{ULzj9of`dM zqR;og-v0Vm)8PaR(5oD0gdqQL;(}LimyHKKPPh^L>3?D~HA2qo%Nk7cd93QP?nW(7 zjHaJLa?PZ!S>5Fjq2DxI{fH;A!&2Q=xW*S7Peg~iF%|UQsvpm6VS2tlbN!rqsb^k=GSuw-5M8yJTwd;N8%@l<@2bV3c|o z3etvdTKFKPt-Q9WTY9sny0OP3LN8IaW3Lfk$pO}>S5}5NCJDfula_NM3!#ATi>D{9 z$elUMfZ{NHj@J>r5kck~kif4sv~^-2NAJJsZ5GhJLZ$##9($qBe(k2wR(DN&2&ef=%-{al zs|YIex)Hq4+AN6Zp|_i>f8guCgc+e~lbe|u1Tr@^Hj}xTL4TcCYj4{|7X7YYF>p|r zT1aCK-we77cv~0E)@{78vMmrV0!AEJtSM3975Fy_;RUip709bH)Aa{Y;sc!v3?~iNCL~AfX4V&5ZXb5qly|eVL?U zwVSCpkx3ki)qipJ##tYl^3G9rbMXUyn=ic}m1z<>zh>1TE5-17{_oX4W;kZ)M`D%F zT$zR`o#4FOcST*bBCB%IZFSLzeb!_<-RY(kyF=TFcUrW2y)HiKT+|gU5-k>pbzObB z7oSQk%A(Q>(Q4Y+Vb!}waoiT2Ud~s4&Xgxs*SJur*neEu?z1&kuj{g|7NTyAC0-}?=ho}>7I9mffRm%}?$9ENS=)!S zZdxf`Y{&#xhLO3E4ze*S+A%?7E3%|bV2_BAFWrdzQ=tNCtb28C&N9zwf$P~9#$ID( zqkChj`hQ!D_uWzJ%0x#+flU1&I1JE$w+7R|S!CEPzg0^)spiM)I_=9b=U!48APVPjg{PJ+);1X$1ny{ zBwqljx$;<)CBdg_v|+NWH74zLy6U8OS%G|x4Y0>0#<1SQv;B6?PzasJwpfD!*n`Rz zyrmKbyK_s`x_RUPl$tn>(7pU+A(l&CjEm2g=k#=!Jpi-FE@v>5K_6PZ9%HVgpMSW@ zz5waN=`8Or5SymniMB%;rHO(Eh#&@3b@>ciQ-<4bz&G|}9o>s45cufV*4mqi*RQTW zb7~w~B?!Zlf2bYL-p4c5|~7q1X;?rNsadMa8jsc)GDeb-ys1*bXUXfF)ptGc5m z(-ynE&4|6p7)X=|n&I+vW8XPeCVw4L+=77%!rP(DMOoJmbOeg5A2L1@N!p zY}W7<VRW3&$@I^1jT7hRp)(uA5vpoM6%o+_*_O znap)fp-qqZ#6k$!uThqH(SMvh7cV+XRAU%u$qzu=+n-})Qg>$KfSoV`tI)Ta=$OpiA;<7G3&B(X`%1A0Uf#e%Nxf7Fc7Ju35=xj^5^2_4ht-gFst%TKGNwb}F2XXP>5a31)`mBM(|@f;rH$yPZak*4k8?dX zOfz2)a5~O(c>*8wtq7uZC?H3F)Km2lCSz_R6|#mobf%lZA43bdfyik^C_Y|!K%@7? zf(U{jJ*fx-7$X{NFY1~{B9XF2_mwtkru%k=*q~u{=tMbVDL|VG!Y7Fy0viULP^*wx z065Q<)Ou`5B!2^n(MQGA#|$=b$6qd&Rur0u^=tcxJv*r^Zmq-slbll|dnp@FY3V)qmV~`=#IF1$X&fR_$SjwRz&# z@}>2l(Hl6`^kM;8p{kj?!vI{VNk(F1m3#+vrpX;=-;&rjCbMu1>e!wVrp}X0n;B!s zG0Qq;Mhs%ZmXyAAgFRzTP}o%+Xx@jmBcB`l7AD$cUqz zl9UYzD{iLXFP3&`KUQrhv?sSw?^J2}`E7MiqNf)+)yZV2RF93p5-N71-&?CPcvOoM zbis6JC8)Ex=QPaJos((uWQlPR!CAw z>VM9Hiv-S2XB8cCT~vpU3qWa2taSO}k44|XxOM(~vwZ!BIe7r@7beoyJiD>pI zrAU$jrb8xb93lYl8cV&ZxxP{_N^G)GL%gXM>5<9BiA0yM{4&o`-N1beX(8RaIjgb& zGsQp(80uYb{K7ICY|lZRoMbxYd^ zg%^1^c0g+As$ry{y0&Z-VMYp0nx+%E!ZOL{lw}y}1i{lm39{0hpdZEe(=m$xJT}*p z32my|9+|m3JUn48=7Kxt_V)VX_V#DUted8hNs3k#-c);? z^p!!4B%(Y^BFLDL!1S46#OriS9AyViDsMOBffHReFLK;$hEAS0#rc0OWZP~piu`TU zX6K9PgPb04K+U)LL4mg7mWa#*=_^m#XL_U7;hYWaQglGYGF#2i~ zu@DC12^G?!tJUnE`1@ZcU&6_gkfR#|H#abouA@PJ%~{)W+sF}p=U2>|z=RkBGq^gg ztxB@W#);OeSah;mQYr-!poujI&;Te}`38SZ+p6=7F)q~?dEZOhz+tL+5%F`rtzR&7YRmBR&WyhLhUp6(vZ>O%vSywEt7B23DD7K4K za1kO-?CU%hwAxc2bCIM;V7_P(OM==5eWyD4y8oVFy3vflL$oh>4;q7{$ri-Lcqz zmb)i*-k00G`iwm_r<=6ot@{2nIOvNew5mq9ot4_M&eqYUH4e# zDDm+!A0dy%h5v<=lw(Q)Y&||=Qqpnu?e*IgyS@H?#j-kAyGr5nBp8aQ9=v|@9n0E+ zb*JO8X?wtk0k(D1vyPJaxyaQf1m3KF>rMxQv;P}xw;T4VDrQMTvi+|eS}9Pw376_a zlM<9S6q*_yoIk8@f$Zx#+W=pGUW$-=o(P*|5NI6^69SX%5 zLqtLVad9vUO7e)#dKTDWT3O)>dzBN?f^6W(qD7+Vyl&r|s+>Nhd^J0DB@sk_JdC5U zRRcqISKF${S|Y1uNOy^)(`CDYKG-((=bSE+RruegWmg1Xa|L0L7<>i2bds+y)fZRj zMI9XakMhDYc2T7?4y^&9{OHtzu0FzA&=0iGe8LHij|Ik+JIPu zQb%8Jz$@J;Nr>Bsd8;TumUY*E7g;_7Cb~|lo3DR$@2n?X(H0+1Wm|M~`*PD}?GxK9 zeP~Q7V&_y=JwV>?(ew0C97Yygfo(^E6SgyVd{iY73E&@&4KFn(VDD{nI5ah9@4DiG z@?yyYf8@Ns>STvfr_{GSx^gFpmXYV1gxx#tW6>^!=eQabGLCp05BYI_I^0$tIZ$Of zp-P>tLEQ-^MWt|K*D)l-xx6%>0cZDAta?lR(jV0QO;Y&JQgpGJBG@THf2 z=^*@9DEZ4OY>w2pniYJ3!pD=#3tw~V?o<)3sfc*GW#^?&IZqRRC#wN&ApekU_hntU z$E*b#(t{w~zMyYGTbG$)U0HASV>Lhl;EqY88d3l^WHv}{;XjPAOGl4!&c};}Tuy3T zboG@MAhishAQ;n=5=S9Uf*Weit7C4=59^o<{E*+X3>nA@0|nbA<~RC?vPaam3Bfc z9+%Kjn0iv~fxVIPo7Z>iWgIwMld5v;2uFmL$lo-5@siy&Xhy1y-U`C$2gK8zLOE0D z`&=Q+vZfQu7Np-Do0^K;sL1vHJkdfVBFeYL{conYhv-;;!gcmW56!9>rQADD`BEh4 z{CP`l20RAEUceK7E^Tc|i6%?&bl5aixy9}351nEJpHn;PCcpjR zR@yFai@sI(O8`8pE%b1#9)45|U|i&u6^E>>*sg63j5b+mR=@0MDvFY^p`6;L=@W*& zi$l#i$D&n#oS9Dx`}TVMcGOMu8$8;n%39sY&pVa!419_>v`~-1{j|O9U87p#WuPGj zi)P^*j9vB~3vyOyyo9Oq30Og+*Aq}03x*Kru4l3`UHMO}BTJ(}iAW-C=QS2p+L4_N zh$L6m0ok7_1V~$^qh|j|%-t@*g=tEl{dg(>*;giizu%}cBo}nXOhG(2$Rzm^HHSfx z$RSPfK$t_v)>cS$-fA+c?A_~cZ*;mOhEFNSLPoK6FSg{Sj4RePV~Gx#s+{^j!N}5A zto*a^VA}^v*i8sba4!-gfyK(&J9UXXpgiPvKV$ng!^SOkN2Fyx-`j^64r1zbGjE;* zVwj?TJ6rO;(LEMm08R&z0zG}0h&85If26$$AEru_#nd$6&aEySXAjPA^IUO5?ds(Od%F_w$95y;LN775FYBDfH`7Z*KW5=ewg(DLYi3OT_~Xdx+a@m_ zmaCa7RSweBSW;iBaA6`n&*HM!j@ZEzp2Pz#Lr?b+*I$vemLQVRnSKk+^2^6PX*iQJQC^hRS1|5W362gqg z%&mVIpvi5izhGmz2y7VcYubg9ZSUaExriKgJiL@y?WfI+iDu{_s#d4v1)j|mo_Jwm zRYPBDexAd%8wLQ((@Pj*jAD^ zGK?OLHF`oLlHOE>w#)j>QVOtQf<%J}yfqha!R(TFld;G4w%fNSD&ZV@I5|oO zT1L6{jp6e^YXz8c`2OBG_e%*T_Y>hX+nJM!MKC-CVR&Dte&_6`rLUYl7MzsaRpp`7 z*~kvf2^E0@v6Unc=y};sLX0(k!+R!Y*Hl$ARRr{y9EY~^W*FL@PLsHZ_2)BnM=r|{ z#w2S}0tVxLu6xKnkrN#7-Tz|qcCZz8%i4! z!l}NPeOGqwrnpv~Zd42VRwHA_DubkbcfE$f!OyY6yyqb89R@*dgg#||ha;eP`vZI; zp1ggxCN3^}Z7e$apZo}WU$_G99dzE zQqA8GJ@D%aKZJURCOyfGrkd#VvQdVE)bi0pTc)!kd2)3mq%u%0EhTpvo7y~08jGG7 zJe%Tj`RS9|&`_01L0hUK;oX~<*3Wv!G~_{~QHAN5`4K&Iyn~Ij8#!J`30JgiAl>f6?5$ z_%#s+b>oV|&F34B9}4rYXvB|OEJ*2#?fypZ@kHW_BnzB06Wiv-OHwCIBC$Q+f81Ne z*w+u1_plMK@o8iGVdi9MWPQlnF|Wn^c=P-ApEp4)Z2WFZ9FE7mlXMzgErIh@sD0f3=srU<(Y5jpsV9o26EcS}=xCW%wm*vG01Z>xLuJp) z*ogyw0$}C_43TqNcX_E8ZR3eQJ7SBn=pf9d*+Dnp*hjkRZ#Eadf6o#e!YTT?VzQQV}yf0G2+gwyhB4@n6^ zbEs84t~Mo3oVspm9?Hvg6C8De$r{0V&Uf1lQ(hV80DgtocZ79Q>(~kXY)!s%RSrkw zasjjecmmRr7C?N$C_hH43(^&% z0>`Hf&p4%)dG>-i9AW{1sFAq>o|s0v%OKSYC5x^t@5I>FQURYrje8C%O;YRISK5?w zM+ONuc9fv~xuI#&)E#dhZv`lD`}3`iEKCqfl3bxot~1w|f6qlXfMc5HUYS+2xm zRd?*now#k-+J{@P@loe4%q%oeWVMm{1bnIU0yJFna#;4yAYGKwm_8pXbe7wLcK0WJ z0*|jCGAA6W10Ugqz7xCg1QQLuAVs4=Mpxit+m3kiHE&MH-`|DrxJD=`_wB$PGBSPCWA}u`??)0oOBZ4b6O!P44dMSzi_me@#6nou|aTbvJBSeq`X*@ybx& zT~Hi6u214|CZUukGEVSYq({`cGR@Xmbg<&amRWJOr25HwmnR$Aa2Z_U}TFkeu z$ZPx5^@Df`7X5H<UFizVh8-gPwJ+Jhu%!3G5z)KAsahiSTz zgXj^he=I2M2TMI{*fsP^C-vib=y-hGFWq2-582bqF$-tcl2osq4%=NY@p;bW^ea@6 zLvM**YT>2LO{v*2Bz&K;;!gJ1+^8-B3puaQY$(hy=yIb}I#`6Ix<;CDqK&Ljh_$q% z>)=t}cMJGMT9%mto)<#}1)AWd;ht0KM#>mke=5t)Iep~RcoO@$^W;^Hz|~WMgF$6v zG$bdwQT7Z0WX&G>QDJ&N)6$8q{e$(7?e^mf`tu2*{k0)Lx|S4%g=6#9ro2 zK(*iBiR*brgOl}Q*-=7LM^i`IEd@fDq|<}Z)G)8>Ze=LMObO@2E=E{LoSFU9^M*$U zf62qYiBqoBnO1vl;3V0M#8|_j>r1{l;K*aA2E{PafJ7=|H(SW9C^pqcV}KmOY`6e^ zCFDmznnX)A{uYFwf238acIdluEEuv9valL1V%N*OIFd}8jZKCWxBbC@Dnorso4mDE}e6Ly3rkW#vY@Os|? zY}yclI@LJ>ksFVMOypT#DKJg?Tyc9K_=q2KRTUbLsp~}P%o}TM-!uoC;b;(R?tcwI z2`bwrhC-UN@=(vjd6;P_^kLHDw7MeZ@Os@1^Z>1=TxOxZP(k6k6LinRaztUte}p82 zc0P9X^6o^JHa+hMOVQNTjAb|@uWB9Y(sz?N=b4ewvqGnyiFUgh3NfI3rQCPNLOV=a zBc$uMNr{I;^clcEmvom8DBd64PKkZrHMkA52YN_HAF)7*a@5UkqFRBW7BQ)^g?2q4}5{}c}3Y-=x+cxgU7=@jeRJ8u!w79(Fu^kfo~vj4*UEsa7; zKJAE;*mHE@S*%;Xb?C>)e+`nOd$Q+c^B^mhjm7u;8H;|Rn*pwYM%X|1OBtt6eK&MP zSL-jn71uS?-)P2|EKN~pucwt&G>#{7!k za)BW)p+#@DH~+@Ze*pMvz1EYux*G#FGB=ahx zvj3*#)y+f5_U)C!_E%r7Bz?&2KWWK+TEQ10e6ZSGnRg@$6$@imL@`^HS2B!56#8s+ zzFL3t^wbm^E;kGIGyJqzDlZmsenkbU`zP3%HVK#n=hAT^0fR~ z=r;eiW8;x;r%${M;RwUPxa!(hK-g-m$dKGz(lo-rPJ$$0lsqp9+b-!^p;tE%pbg402YhL9G*HwJi(Ww-m zg7R@4TT0vlH6&73S<6mGw$*vHr}6>g(se~JIz_cNFDJIoXZ{6J#IA~7xF}!v$g5(C zy>z4vpXX)X3ARG(XV62R74&~)>cv1r zWEwj*FP2Su?AQ-UmNmM4*|ACyIq(ht^nP^@UD@|;0(DjG0X6&PH9NHcMwOJBLGsZw zftR-(JrwLgA9d2rilLn+)b%CAGQ-PxiB$t!)a9jaZAel${ycoB%NBBo^;w>ZE$|RcD~UmU?#uQ2VC5em{R`sA}Cn;g;xkLJKD$5|}d5Wqp(PVqbuhVv+mgS7zG{4vXr z>M9lrsB8x)8hz?p=S6JQaL^+JCRHFt_K0LmFX<-#nkJN`4gc%I-QRzq{>l;xYqK!4 z_ae5fHsO5*R}zyPYkHm>cz0GRr zFS`9{+2|~9TJ}SADqpmEC_^)ybvI09_}&(h0Kn6mCKtV z#NEQMDa>@hNq5#Xq5C1H?C1(TV7uM|U%tC$%VklU!ow5BA?JTXZ3n8SY~T>6o9uc< zCuvfd;2q!*FB(I00)yn1N{@))*vz@dCmN0Z2l=2W8zYnhP4`_>m&_nSvBo}yKLrdD z4*5y8?WxI5CFJs_XO_XRBYEZeJOPq2rB)!{s~eOfH8x5c_2a@W6YiH+c2iILm$E4K=&w4{v|5`QKYlNpoyCP4mY=5yGq{ zx+8BqlYONklvra>(gwBRz=zC_d=Dmb(f}=;j>ozI-HZPR14HfuxgqX>?Qx zC+al^Kv5ehUFJ!=d0a-KoK8$z|p;A z*O98!cI$z#K{WP0oU5e?80>ofBw!U9Ns1yICm4T-9@wK$JL-AK8_VC)*KitMq7CaAO!iJ<#h3C9p%+9pBvCoX_V45~&lqTugQ_I$Ho_ zHxqw7U>**vVv8c8MX^80a-bAutzCilV@HLM_W6va$mXf2*teh|EzR!UzPm->yE?54 zAPU6b=4P{aW9H(xC-z76luXFXX6N^zF-8p-h|4$QzK9o!*mUBW-xoRoS1U{w>_ITP zb{BqQndL3E2Mud%UD`$28OLAjOAx@%W8!}e6f=-$XV5emCOQjuD?+ul1L)l39W=0D zKVs`mJu-#UD-PgJ;SIBGJ~&3ifG1%=jC*RUG7I`(1@BGdXeF=G;*{wNBhJJKI&3-= zsmsccy+%lA>jlXIAop9v#c=_=>_ovIIF8$?X_uq`7W#=Giesbo@_mKPYd1{zz14qd zf|)P}AR!(!umH>eTdS}(96@jNQ@PQ}=P_M0M;l^>oCwXfgAwDsC5+z&ko9IU(V1@3 zCf}Ne(-OEg9GM<;`q`YjTSx~7j=3~3EP_YOSD{ci*XYQ0A!F0lr@ZJ`vR_b_2N9U4 z+RiGk?a&nPbCWdBi@=hBuyp4e{ZHP)QB1`8Gt)nLle3+x}zl- za?qEl2FHg>nKc)9zyhY5BZGja7dJn!U%~TUwQl%@Ef^fG;|#X``QL5fRuM#_yQV}y zjQmbitw8FB{lKg2>oUuC31;kNAkLvRCo7$%z6g-?r}{w+=oo;x}&+TowI}onsm6x z@5Q+@yKQCH@qi;#vo0Cq^h46U4N$LW(bZT z0ALOU(;ci}R2Idtn3l9L5GIdo+!z2j6^%Wmyx1h3s43qcI^6clylsDJ?b`5sSlW%m zV>(C1h3O-)6ulSLsWWWAU}>7*-D1K7+%qdn$L-Rm$QZr_h)dS}f` zye)Wy-3rJ)r`*5#<>UL?SHpe;1MjQ3;9-YZxsyUcSz@SdiJI0|hH}=N@({xO63zmc z2s{!#cOCY@+^E_ePq`uRgF8rXHSIF{6xLKI0|PJ|$7F&qzTc@}$r zE!wGQn0vha*X}QykSBue$_=*j!-Vbj8}GYM+ugrm3w{+b&%%I?!~?;F&?iiF`H>av zo;_?u#PeLHUe!Obp+23Pid9n6`nn>y$Z@tHH8zuqFi@a`7>(se2 z!C8TSoX=GUd(}9dSwYsl`dLU55DC{aw;^wFamO1wRy0jV z+mUg?9vs;PkL5BDG8Og#BFOOepLXx*V?0*uRFucMt!TY3vy|s#okMhHZM1GV zZQHhOJNaT;729?ywr$&XQeoZv=Z~+uLtL2P;&ndp zBPj1X{AX)hokXePy9%g3thkZ=K5-QD-m zdYQYfuWpmg^9-1RqxRqf3E?POons)t(-_dRPgvibHYXo;r@MA!*T|{qe2|I=RYgE`_(5$2L~0NZj8gU^p(INd#jm*-NG&8&bXjJ2wx|Y|?HyFn^JjbP z*~PK2hPo(J3kU5L_b=$@hd*L(M^>`AN_Qg_n3uJ9wQ6KUiE<*5rrz5=7 zDGUO@=uNC`D?T2{!qE6tyr)|LZ6D4*q!hd;K=u9ssbg&e0E6q*uz@GzC3alcrnu!=HB|sL`5HM;KW?brVWUelsw1ia?!3F4x5SoJA&jD6T4J;aa0kkUL zx9C#CZ5dz;#EGX7qJ*cC>0!p+kzl&ajrPl`jf`ywx(xjoWf@R_YxTUz3tQ<^=ylFl zJRpP)VN-&O?kKEsG`sy^jV*XR7GP$*+4oA|ece7hbqKHK0UoV1fx*w3S0f&KvL_+> zKEuN;lf+%haouZ++7~rSH#?ANLKTcjD8DpxzlIh;kii%90O>NwgvD6u6D4ce&z42< zlZ>U~s9gK~6S-&rKMfH=h#ydwJ6$D!Q^U;9b3h=*Eryn}$ZO>q#hf_G6SJeGVh^kPiBK|<>xs^6M6;@{& ze?n=OY5-HX{o8bs-jGnf^_Bdvq1HqOkhH={Q7(ER?3*(KF<%)pb-of`lqjUA$=TMo zF8iWl-9ZpQJ$nkS;4taTQ-36^S4%6zJ3@*VGsw@Ei(0tFY68Bb%@TrglczAHvn*Qi ztw2`EyLP*_@c6PAWbd**5ydT~{MgoSPV6nzusDhz2qw@{`H)81-3QwmiF>sc^^>^> z42Ib~h-_TNEh(2q|HL{)DWzM{i~ODlqj_B8&$~Uq%RPm{zG|G+8uU@+K2g;$Y`>qy zIoXCdGwk5oOKPCLZ+?>*1eVrZ7ovisqkBP`0wuu&GS9-5zKJ4LGfIDI=eQhnd5?El zie={NNBkxwW86JrCg&j8aoK}&XkO}G1qIq)9drK zxLXgXOy3jZSqXD@g9Xp)+P>;(e-<2Af^Hc|lM3UEk*$CtYnxgj71m$F77n(2cw8JN zT1ES#ZiSnSem+6qOqMb4eAA|MWd!-a1*6W-Fqc=|{uONXGH9 zTvl-td8Vnd`wZS#srGBwx-v@%F;HN8>+de08z55ieFBj;=*sW$C5io<0m(e7)zA#` zj4mbi3%?ikHg1h|}fUbso18YbagiwRYeEYe6y# zm}LfO@|UbzNJ6u{IiA??M&y$gW&w^%;`+fOMW%oix`BqJ=qt*3M-+5Ux+HD4&2yCX z>`B3+5!KeP^dFjo^m%It!sa^Kw5ADZ5k9Mm#|itoC7>bs$KpC_Qa%O_tL7{2PxDgd zsXtzpW-gs&cj#9Wd24MNq<&ScSvT>3Fe7viq|igX)8Qg%wH7pdgq4LuPTfVXQHK$&x`tWH$tQd>1!v4v6FkH2?9ybblMI~==dp7^PR$(;`IiU)P({kF zN^Xql(4qJ=)b$0JJl4Q;i;B%>wy|O~l*KGatG@>)!~s;b%V96(d#olN zLlybkBA24Jbu7)tJowBl)q@(D6UVQbIG-Ypkq9f_GEkU#=P?K1`#hq()kEzKU5$s=;i^YX;M?-s#*lb=YOw@KfrBVC z0>vj+FP?)SZ#1TGxIBnGY^LK>1eD#-4mEQEBpW+}1@n#dMlBQ{N>*10*?D8o>B+QF ziwN>8LE)S|{9ct}QST1`8$sxqO*$>T9qANjmsK*E&*hbj@HcLf^25o?G?gF5k8cZA z>I?zzZsAYYT2(I!&Qo1nvSwOJi8bOf`HX#*74N-Jz516L(aI9PbG+{U>0S|I$P*Q6 ztCuvEJ9pS*>n!+QhCY{;1>YAv=ajxG16SJ*sCik7eLyZ%yq|CYo*BRI83);?YMP=w*qgYLF;Y* z3iZnD2uqacP;@KHq7V{5I6uba{)z&J8N2KsVE*<>ACth+zb!=-uIri z#2!8Z`|dA1P5fOO0GADWJ1kupzQWFJ z(d`u+vaEMLU85PPeA1&4TWE~|=ZP4yVkI7{RLtXc(tu$QX~vqMett}SSf|SJ4LNqZ zn2u3iJX*ho{v<$1bsilk*|qmF6j*Z3w0}!xPv$HoPB&}{^D_z}$h?FvFx{NEOsvi$ ztM~9$pn@j8GMQ)#74CmMVqB~o$wu=cKZND~+nxJCML6<@XiK8b+~J{tzswiXZ@F`* zyEiyS1r>^;bD&iushSp?37p06xSaNfUlVrL8%<{KPxN3x`pGO3}JQ$UqZ9cRn( z&%CZ#-+QoVO!hx+-miq!vY*NH;o$W7RfE&~*N|;@_k$NE6nB5sM6HF{D1w*4)pFV~ zo{Cwo2HoU(E7y_P^vp-&T2o<#&*w4|ZKL1fvzx!7%t~_;Wc3w~+BN5gd&Bpv8j=|j zcM!she8ue$PgI)NP?01cQ|*>Xp!)2GUO|i>2CV}v1sh}`zT|VOxj#@z^$>+I9hieL z$M$Hp$5v)-!;1Nvf@in%JL&j2Eob&r4A;xI(W)t-$Kyh4`^h`w3T+50J~TDjq{O<~ z(!5`qyxl#>V)o!F`1SN!-OkE}n3LT?-K85oP4>^2=U=1#XR85#f~TPO$dBl(MxD{Q zCdz-A!4Kl#<*5!b64VD{%RRiTI_;+TbxML-*U50y81UT+8|M63_!mt2Kw*sSukvC9kNl;Bo*+rl7cU-cmc z?deomKh2V!U*Bw8ZtH`oVUvz?Siw_M`c|r!Z^=7Tr2>1kYxa?*3BfD~j;<0N4QBaP zhKC^{B;I!(Iz;sKcUQ_GbdUbKMci&({fA;&-iFu=gcB3MdY{c0QE7SCdK8(5UDk?c zQC!TlAC@?Nmc<~0QBFj^b2dss^?A;V@foJlr8 z+zcF&FQAx~XaVPeUw@2k%1X^0DF69-JFBx(=ct-EYxm2u$u!j3XN~vv7t1%Cak0%su)=z3)=$MVa9&p*ku60DgeO8RP7{=bvJ?TG1Oc%=5 zvMt}Y^}M0G`l-cl1q~h~ElS@&l)(g`4miArT1#}80({XzN(FaaWHOWkGsrbvv+1D{ z&k4gjMzk*-%dAfIk-_3IHy?{=6@lDHb0_r6ik2cG0N0A9F);ux{v6nf+dtVWjHdIQudo;y*Zr3LUT;YWx zUn{~Cjfpyx@kg47m0y>I!iBDowlT<^1w40aRsj-A{wk=gM0~4l0`;F@I;-9Adcu&; z3m{vIw>W4@e(e1+C~+8=@xgqyY8w1YfCM)eBY_llq3atWp{AjglWhmSdZ4ybP3axb+RQgfu_jb_kmGT@Ze2V@t3=k^1WF`2qnECer1<3Suz@Oik zIGabNkmHGl!-N8jOCPEru^rv!qC-~fBgCZr zbV~Je#+u!B`Pc5_^wZePBqSco`2QN?=7L$ODmZlM(-#?Jv{5}fJbe&K0eMCsY@}^J5yt`O%Z{co@ zW_)lAk`ij#bb5nAkk(7`L5MNNC*+sZ)(bd%!oo*}2m&ZhX&jf9c=%bTy1|3ue^o9-7(mDO#p+Cn}xL zFSBsuD@BCC@EN~a%FOWqCwQn+sEg@E&+TU`UN)AoTA%cVYbT37rhucD?8CC3Qy|DI z3Woclr`;m8WKiVWL36t`qfv-Og7#-q*vW`m2UEu+kaeFWU`aU_18fl*KpHLNJ4R>Q z8#$2;bE#MYS9DG}3ir5^AbQzkTD95AzM*9No+V0p{4WHTpy+OUH&7lna+U(-%^{gX zn)G^ysihNyQo6{}1bvU&b|WEn{>eIAqXlm5t3Hzvb&0gegVv1e1P^f=K<7s|BJF#9 zU9bg|S7O7zSfP1a091mV)$?^(-m347x3`kmOBy20|%{l?+E|L|zzloC+# z?(18(dvlVmR7OLYY7@?R3O1DbX3uH!rrXc19t4_F|%}r6e?p})9do?#h^Yv8@yLH#87wC(g2P@+9&!1 z;9zN-2z3O70^GV{k`QG!F6(-Du=q}QmUXR`<$eGTy4$f3*FD8%`u^q2r1|kHJTUI9 zW880?xQ2a<5=)VgME&7eLfe*6G@Mal11U&rz@>4Srw2OgiGQdIkfw2c3fAZ-3*`pd zlOFwX9wn@c$<$eYJ$;VFfn(Pz*6+Z2%k62a>DfY}1HiRs;aZm1-0*v|oc)PL-tojB zY^W+cFeWfMMgtN{=7sk(*xPgTx3UGs*M^59*7 zx8LWV0q^Ba#)y?=_Ztc#^CO2QaXmfj>*Dj*?Cr=TGp4*OE8P~bT_-M{I0<1CiuysburxrrBRi~U(WRurhrk#tT$l-}k&~}0 zsk;K50m$x23UrCbEb3SXGwPESl(eoof=2X2fFih|B|<)eRyP0$G@v$(W5X z1(c`2xm~NU2=Qa^zvJqm+HSKAa&L>N99~@+ANjsqr~feym6PR zxyTJsQY)LP#=jO`kG~coC6A$F@*k%W1U$S9*yhAD-!@#mBizDUy@#N~8sw*bIb#Wc zu6wH?>c(&Jl7`|-TLu%&CI!-WqQiyG0@dIUV0@G|fY$UA)NEt`-%C%VT%BfbaLi(} z-9S2@A@y)Tq?LB%OJ&p-OVy>#Q!@P$0WW?(#S+~eG+%08hZrFI>;fx=8X>y<_$QcM0xD|+Wd>mp+I3N&&GI2s zR|jZ&p5k!~*7wE4WOUMe19fi@Guk!`H^&5CDrlm-kiuQiah*^}$&U^5XPtMfN0OF7N|t zuILMj@uzI1dHmlM{jfjTLX3sgR8-k=4nPC%<75Z*)#e3dccmxhe>`!m|6!U-M=t>w zy|wkR1mx9gdyZc(d9lWJ?Hbj#9JX7jMPGI2YVBN1E$GPC=w7qWj0n~E>nhu<)z{)L z`I==M&->Uh73#_%x+nD*A3k}@9e;!4D%81tYvqc)2>n}HJuKIjpY@|6i)R5qG_|Pd zh9PU6{Nh=rQAgyA^84dA$Xks5i^ad;6SK zIh^$$Oc@cegRWaj0(Lx#gB$_h&bfrZw=;;()HVH{6)uGB{fX5pIHH)?!(N#c&Devt z-ucdmK{kDA0Uw4GzwXUx?8j8Yb@8<`FXEHdm+3Wm=+93henw6*fy#pbV}6kS!<>!) zk>C7%?Oa8;Cv{Sdf0`3?EdQ);B|{Z)?es4|k%%#3rB8kv*=Z@Qvnz`7$m_GE3)?{? z<1XZlct7KN`L*+b^QQP;{)GN>GkNi;vOxE1?e4dy$#lFce2MN%!5=_}7I#9r0Vuwx zaM|^joaeB=kIq*9JAkLWawoT0M&P_jvtSXoRF`z-{U*^LRQT#&rJ0WEq|c>;tuny_ zVVe7JJb^hXkRYcm{+8FU4Y^kz#4?7u^|v=S5kFWf$zcXNLjbT*tb|)>t0Q*Gw>$Z@P&F?Uo#Rg}3pA#`G1~9wY&b!` zfi^Maj2T50i#Xq#kUaY^KuwkC10@CgUsdHL8+nbar3=Bis^(VH zcUhG(=0!t<#0N@OvVK5bBB>{Shzb?1kTHdd*=Dj74>2)=y^TGWVS|S|?ti zDyl=&;f%1fvdA_^H^KyBl@=mVPc5EuX^{Y@5t4oCD;GffSbF+({v+HF_TH{q-wB>NlJ8HXp}m? zcESS8Q67NmuGj5ux6gBy@Fl=u^JL_9i8RAX1M_rwSs!;!$XQK^A96m4LH1hs;b5h`Hk1v>hgHxeiY`;*X z>zl@4W85MyGW|cVLa_{wt5jr_O0Y<6#IZ@|CNIEzm57SEb))@HXv?jSdvD^l)n5hl z@}rSM2!pF3AJ(lmPSI8<*Gq#O!YIv=2!kqy#RM9U`>Ml4qr{8 z@FrWc!c}=vrP<854~!zl;|$`sk$_WSUOWGG3HRjln9t2Vn$Hx?Fxr!WzbZi0da{ zU_G}6cH3eU-u|_&I{nmxHkd~1=8|)vGb**ZY_i!dE3DWVmDo_QSGI4;J2uhrplrAdI@#4mt!c^V+9@~j)m00lp}LOL%KG|nrRXQ^aMB;}G^ zVmOn?)7Ma8)xFm)D)0Te^WkI?ob1dEiW=#DCrgVT0oP)3*kGsTvffZgyGZeEQ-;%G z#UF;CTh{$b?*>k4hHpAk5@AkhyDyN{%Gn~k~7-T)3K`6Bmz;P3Zr2CYg4{Rn8a z@w1p;Q`0jkgg>qqNOy%HlovgZS)^nx5l1WG8`<&m`23@Tq_>SgLM%hLX+mjj36npg zV`C0FawZEXJmqDMoPxHGYwReA2rYH~0t!*V?k;w_z;zRVLrUSzm4h##T7Cd(idePI zIYRpPcEX9lNc z*WIGAi}Yw>Uf(e@r`O6eM*v{<*gHX#uQ6wCV$X`|@wJVWr4S?ln-Kn4VpP%?a-pk6 zR$5hH*&Nn*i>z?7PN?I?@?c6y_;T3>%WTCr-FYAgX}**}M|_mPciDl+8RgD?3?`|? z$onZ2Jd~%aQJL95*u%E~eIG*Y?jEDx5a(%Dn2^8^@VcTe~QlP~N$)Jq)h7g*USZt4ejty0w>ntX>dvDy4rw*Ca z?%qDkbj~@rRYl@V#ICFdTkTv1{65AJKN2~NC!uhaiX9( z+>u9q^BiPMP_ZOnMSyNLS4lY1(TI=uIepSS2Cf*jI$|ZjYXJW}U<5D2TlaEX?x(W( z5+O8S607<6eX}PKSX$tf-(6w{TUt~1C`Fwj%H2- z7<2%_FcUEElGtR;j>Fc!G>)DYtFktmT)@N;6FV(`MNdiaN;moLY)i6DWegF)BC~)~ z|IR3o5oE~A1ZdyaBLv34@j7bnn45XaHBEW^?y|X4sHe3 z77D2UU%So@=I6`7*cyh3>3`SN>|9LAgU2F(Ypro-5)PE^M;fFaSEi{TYXjU?5^rzY zS6NHmOmx4bcc4bW#;sv$m~xbwAMnLf7nrq)LlhThAtIi(WJ7?ie$Nz`GUC)B|KnK| zU>hGp!$G-q6*m4F0}*zY*Ys=hW$e3kBq)Yo^A_Dbes&?C#A~c6yCxo1VA?Zn#MTd> zzs0pFul5=T=rygovp z@)VW-Q571wEe_~BG!A)mt0`Mn`1}xZKwKmWof)9;l+<&QWKD8dW#C{W?nRB)#52=7 zpvbhYBP8~WaL4kQW(#*fC6TkFoexFPGAtZP_cNS^_l`R#3fMlrT@~w3CA6{Qc7Dpa zGuPM8%h%U7b64i)qg#*4>1BWxy;=9z#+M4`W-4~YFrxUzodgLc;cORxIT4|kMYTxM z+7I~U(>Eg47yGr{Kl_2uBEQ}13GqO`Ld(T^veeuY68o3zB&?H{;K`HtSO#+c6jZ3K z)npMV#9*qlrDA8=m2S`^jun^=+}D37Ss}|g8^qc<`wE|7DynosSHOx(ix%%48w}j1 zNNaN#;T7RUq43tR2nDjYT=k!W&nVy%nl3_>@gYC2eX~6>UU>Q~I8S-4@1Ck>2h>%Q zoA7pljYW)5j@205gR50>JTW!C=XF`lvvBz{P+O*rV5so`MfeP(rh^F6N0vgVlPh?S z#D-0~BA7~6N7UzHdO!#@D>LaGZC(P=X(OMmsOsd3Du{|w0y7w5D@LpovHhC3?jQYt zVuomtehxQUm_Ol#ug3eCgj2-JXY5a(GGQNEP0wh;`gN-u`EQx(eQl&s-uMfJL$pD3 z-f);v_?4=YJD;C0X53G;DELGq`?*Z+n@hi!W>jv>)|+f?*8$VL4yy?W2xsbpG-vO} zW#`HGev+^Q74%|Sh9r*sW7u9=1=0{>Z@kbsEJh5NUEv9Zs`c1ND)Xs~E$-vNvAj^Q zm3f8Rq9jbryAyu2S@Id8n<+o(ady1*FzYrW95Xki79N|51gQ=t&hwEA)vFj;HZ3!0(GcSv0bU8 zd7TP;yT$C(0chrC+zU`q2rv|5IGv4=M&j@|t)?hv8$eo8$Z);pmA2&k_Dg`m4#|+1 zREa;_#Z?CkIC4p!VwH%-MsjNvhoXrB4N>Eag3rhH<$uVIb(ka*4TMqbHUlmO?B8#& z_2+ZO?>D0;oPVQHIX??gIsaz%8KC}!RoMG{gvR|IhQ{@qhsO1n+pB~AG^21#NJo7d zMbTt~0$jYFm~E=QkN&%zK@~LuoM$Lw{-*J{Bz8x$MYFR{E0OAHq;nEcX;dreG8Eg} z@8Q+I<#!q-ZE?R)baH2j!id-^X(m0E!Uvm;aH*6}C`jGH3d@ojiyG4E>q@s^wZ%G! z_fZt6wThEql+O(z2BuLdiTO29Z+Mrzd_Z~L19$~#tHY?ug*_p6SALikxFX}7#l;M) z{-{%huigfKw)(Fo&)~F&R5~-M zI`(v%W(h#-PJXnH$Er$folfaFxMnIBQA&&W zT8(Aacd{CUE8qb40C2Nx0JuEU zb^BVbDtgN~n%Sw%E2~&ct-LCEik~7jk5hj&b1Utq-^a|rip@AYcW#I?XFNNAk;c6* zs_@Bxb$U3Nb2~!m8C$Ei1X><4^ z^ObO=DP z(0S!MMWU;+RHzoEIbE$$AA*R>Q#*p)jtl)W%3sGm>k_35COvFG^}f=GCiBZn0j_`> z4a1d{l7g+)@q!z*wd570VT|_IX7~=S`v=?@c4VDAbAc2o{?5I^! zarq<2=~&__C4Q-$#<(F+W@x_zf7v$#ED>fz~*m!4jQ&;$dv9}hT0sWI>C<3t!=g8#DV;_<4-J~WCPY4W&d zAGOksgmQ=$X*&%3g+i&Q$TbvRNOB}OWq5z=(gBgSTP~6gW@Sybn-^fU%-SLtFBiMI zEa0V7{AWW}60Gpi*Qa9QoG5G4`Yr46@gBl_gB#;%CrUha2>+Rdsm3E-_ko3Qe z{gkVz@$6w8ecrXi*tkjXIoA!1A6?f;fKiO-nG{-ep`NHxuR#tbu+>v7XA<^IaF94g ziigLXOsh76k+vqf=xdk0f;g=7p<*dwBT1WoGR*TOfV{r5df6;rYqx{#JF%YgSh}4F z_d5ZD|`S|c_18XQk$9qtzuzoAaOJ=Z}Z=kEQW-;TwB zz}y0q*C`$nEj(6A*;4D}|G<_6%0Kj!;8?&=A^9K`mJ`t?jl=z=l61~wVV{j!!-MRZ zYvZkc11O8)6NZ=#1Za5IBlW0AjFwJ-XT$bAksxR0x(g0D zPca#3Z1{RYTSWC5{nOt%Fafv=QdSaWkB;QU?q^?)rd$t%7}+tzHIf(lZT2dSX_o*! zfR)?qKet@Jv_aP_4rV>lq96vBKQm)-9Vd#@KgW684x1Kz2bpKEO5cgB)C=6nttnhO z9z=4k&EI&Ixjm}-TxV$Y#%ol$9)os!JN36yoab%GgiSs`E`kb_5GZ%zV6~6OmGjBJ zOewlS8An(f^Rnb%X#E4jcC$qkDuo{A0C|;m?T(pp`X5WbolbW_=ow|!Vi?Rj>8Tp?LXKP0j?>}s!JM3O5xNKQ(C06)nCqRjUPBHR{n0ce zj-Wh6GkO8q;j4S4PLxUInmCw<+|xD7k53n9m+I62zqzR!EyD9rKf5!%myaaS?-ru7Y?l z;R)kVhiw%3l}CEfdg^ir4sLa}fX2idPDraxb`czXAX!IChNjKS$vlTWzE?Nf8+e~| ztHW9!!?oYq1x)AGn_F`?yNY1o5+um^QSe;iQ;!#x2JQo&R+CE1_d&86f|zn-u7ZxFNp}ERccpaHlBFo z`a$qs^s1VeVmcbE2PRcT)~LCvQkH%@kecgw9{;9wRh#QCKUCW3JbZHTkvd8c`lfU> zh4<>;MfU@(t%=$d@A zTE(zvpyQdp`e>{W(^s3GiZ8wlZE)F*G;u-lBZ;!pcSt#Flg5+^I7XPLF# zWcABPW(ADHyccM8bv~G-kQMJ8{AQTB4EJrTQ+<`yw3~M4n3{4Yn}Wn0G|u%8>lq1_ zB0Wt19D7fW(Zb|9RnM|pxy_(KMU?00>?r-C6Zw&GYF(2h(t;9>0I?8W_U?+#^m?cX zA!W@6p|ZB<`U7g1sjEuWPE;{b7)ea4Gf`S0P6QYcZf|B3gFn(1{BmJPqpE4_e<-HO zeOzoke`lC|k=y*|hE8!BKLci17xkc2Gjtn0EFq-hMNwlu9YurK8I$^O9n(Yso9#Bc z@~4Y9P3sKXfD=iYBI>;R&TOk$@*eB{RD5<1 zFRL=2Nz6MMH}V>d0(Rvb^M@1IMCxGP3sI4{->N;}RC$MI-)*qU2FiF^poO0fKZL~_ z1#@Wdwr+B{+}ip?pnUh#R5v4%PmR#S(pNrk;)G%jwvzL8qK?H={+!T6MQIL2tp)@R zvZ9j)J{IXxc_XGYj5fJkz3E@{_vOVglno;dC}^3})_f?jXuON?Tk24u^0dtA4CIYU zpFh1UDt2VZIh|6sT)F$pe%&a1?tn~xIG1(U$VXD&dM`yU zj5n*&uBD`3j$2YPnMz?=JAn9eO9QC>a3$ZcafBy_%pm$Tf#PBWyc7XVB@HGod7W)` zow-36Jk=0TFf)_)O&XbYcjD_|$_OB+bdIptY?xb67qRl+YZ+rsI#%})yzQEj_yRJ` z#==aUr$kewatmIX7Jec2jE4BM*2O^Bu9dRhkole5@-{Wnwi)k5z zSa=4PnLw|mwF|6*3vxakv$qnjLP4>I+)kOsL%KBy3zWxI#tjF04X}nc!X@$vmZ*naRy@V8xM)XnJ-RepX>zwLlOiknf z@3;j!t!kY7oyu(&a92JF7et*PLx0OTjjtnFTDV<-&&|fxOP9GF*8$_ItgGLF6QegI z5egB>mVmo86O^8P!ZVEJ0klRQsdb4a_w|R!bIwhA9r&~@0Pu0 zZU>?m4lJ4T*86iZpRqy=?hIRz-?Axr@2cjuVR=R?jS?#MnJBj|duUx7ko#I;#f-1= zxcE?Ty?6yZeswwQ!8m1t^4o0=<%o_~aJWPC9*nIVcTa4aL^!|%sGuouh}ubpL-9~Sdo3J7p|*Rkr%4uK6mFs}MZOEyE0&(v zX_&d4JrXT|8(CcTr>1zm+P~7cp3`*=FI3cP<5#ulVIk%dNNBJ~KJ+F|T5j+wRf|VN z%f*{$*%iJ4P~Wy5jDJS5CQJ{^9iwJ|txG-x3+gmm4%tVo2MR>AvcLELdrCcpuPs#J zv|iDWp`P6^M-ll#Un>o#pN_t*sKt`ZdWp+ihRG>7%X+a4x=Nl4YHzsI`l{`fd!Tw? zp1lzF>Qog(a!dNlJ*g|pvr~Muo&M}5E4|B&mw4I@c)m=y80l8{z6UGm?@oNDn*VoG zUzP~mie$-TE_qMzf@jU*f_jO~!LH?s)cMJ|zu1iawK;7&&oe3|6_fId5$|GOc9z*t z938RPvlE|OlinfUj}td%?Hs35dzoOP12wY%6&ZX2Uz_h1MTiA=Cu-#ho=8-&k5CY& zJP;=xuv`|yhLh<+J3jgQ3fnoNEZ*diN)&J3+N0XX7%a2zmz+$Xg(y~HEo$Cw7aCTd zbqT)B@DL)6CMfq`ygvV5hx6@JGy*55++!2GWLfCpx+3UgQ|7$0l6+%yH9_%ID9(f4M8}x zhFi=vVcx~14>uX#L~FyK$dO%L2-D2uQU(z=ls}a;$b8UTvZ{2%4B^!;D>#x11mN2Yoo1(njHT`5q3@hu=~MTjbDtxd-If029w#IF8b+9_AP>1_0ct* z8y8fdxqlZZu?w)&gU&4_f5tq`6}op%EIyHiq4A_`YxW!6Yt7R}3SECGyt6Fx^RsBWm&iRN zn8@&+cG~J_<@vGy)lhC;!`g$8{5$3&M|y`r`v{NbZBl?`=Ya;9)jzj2Fj}Nv%_yZJ zFt35nOk2KO_)==vX6qX>FQLZ*;8|i@#gwM5Sn`St+A~Iz1sr;;{OyP6pfgJKik$yD zWZZL%DmNcL(X`Vg)OM+5TARSI7JzJLQ(Iaz)m{hvqSHFE6NLE0pP?)8K+YGkP?}d* zA=cp^QJ2Z^*~@hNxZBg%S02k7PsP9uef~6E5`nEZ&Tje? zPX%vo`sY1P=Y$k%UtyiA)_E9b{(_tj6VpIhl-)y%)3LU9+ulQYV4^Ha7H#Uuv#?R;8w~IUojD(#w8d=c;7%G`Sscre#x*vw zUsh&{_q|kk-$n1JmmtVg5MmO5uyO~{=yE8~|~W`TyUam^ld<3IDr9F>|uA{)Pkw{u!z@ZQ>7G|5I!BpG=Mg4*z;q zuh+|`V;_T9wBpFR!n>>v)=o`=S&(8C`pM0{P<&46ihw zO^e|>f=xF$lFg)NYtEM%bI{yLiS6Z4V4S17tqJi4dk1vFZjI|cc^hO;y?-{#{0)s4 z%l2pQkKD0R$!muv_K6SKb`Bbw4g#K>qRIeQk1LNT_(p^1Eg$9JbtrH@WNb38w4_|| z_WP+qf-jrr4^@#O|MrY|<#GI3bGNP%p7LA-1Ux=HhktE_GWInTk`>D51=h!kZZ%9# z%27(p!9q&1neqqKc0Kd!n3@Asej?O0U&O!EpGTBB&##byK!~<#L`8{4xNe6ne>npl z|Lhs*AKm{chSY|+3X+T_#>Ei7d=|Q{RETaJAxRG7Jdfr)Z73pj4e87_G)lhw%PEUK zn^l8>o-no^KzOW_tBa)+0x%W-!Qo)ZJOxnt>Sr}q$A{Ui72NvT=%wE=X0^1f`BzA1 z*FvaUm1YhC36k$%9G1+=>9zF6NxlIXxEx?SkVDbzz1_j(Z}q9v+g7?$G@ER`b|OtC z23e8LEl)@C@Dd&=VS;>h?~LY?jq9dYaa{E8I4K{52pYFdp zH`^rt@vuFmcErd=$RthaBj5R=-37&%$2SohO+6A)m+DESWa(KPb*f$TS8)RHxW@d; z6;&qeJ#3Lkbvtf5A!x*j`iH}Wh>8p0rBQ$@52&e&nHMVoTG2x)e8)AWZf(K3KRIQd z4wa@K6@3xtRpoHc%Np-OMt21#ZvcSTYlXeM?naa`b-H22Gmrpd_mj*d34abXA`pWP^CsExyms4=}5IS z);NFlVq>a8c(Al-gT{?AKzaYF2hh$sK_Sb%nzSi1*uneTKZ0Rkl5o$bXGlvTr@6Xv z3VFL3-ZISHv3i?9WmrNP1+SImOT?@)K;M>|4Hip8PF>1-^^}bvoDZm;hJ`u%tr$!1 zlkFmcLzhui$`F(to~UDRRVvVww^L`5uTC1;<_EiZ9Dt}=rlMA)GFhZfVk_$ow4)_T z6%@BzCE_>2?@BhFX~L(P660Bos8_X|Crdl9_QaA4m34Z%FP1V*kn<_UnQPYxD?G7WG{5>m8QyKW??OQLnNApNnQ;VP^Lu-IuWpDc*BsZ#z%z_&X zR&ZWf6ehezr=~=S44zh%g3WqmJXM__X)K&U%0nk7HPOx$V3;?qsTh0+aP$>NKsw~2 zpZ6(slEkC%s=qh)OW0G4C@}A@&QI2TVK7UZ5Ng{`4T~DtsQF_}`jOIoyqs!iFJ2yr zyL?Q(b-c@@aczKyX>Im^1-EI4IET*(={A_`g5iTpo$W|Kh-~H%Ie^8}zxDKU(3y9? zJz}^}$~K4NrPAis>WOX7&T#f2DjyuHFHzo^m?pgA?EjE;j@_9+?UIgd+qP}nwr%@~ zZQEAI={V`6W81dXF(zl`tar{@=RfQZwePCBYIi%WykP4{+2tk;EJeeJ{l2mM<$M~; zq$FpA&vn+3osYjJJ+F&2Wl(4`j0VVAfx8IVmJ?78tda&1T&;m9lWu_ueDJs#G$`l4 zZh_-LiMmuqAV+PN-6%ia#A;q3GhJ23D_te`Pm~ZbqQ3oygNAp`-M+`p*>0~<((MK* zl2Tg{ywu9ZxQe}-?3^OEG4HIcI6)7 zgql3L5{qTUE8*EQ#fgX5A*hbE>CB%tFavfgpE&kt_$_MY1~8?veun0&{hYDv8@;B$ z)>72vD-G$gbm~=eek?MxeUrAvp+u;TFpkAJHt^~3gaE`@F_@K`p^Az6yR%bUzwQnX zKO_v&oZh}Zao+BVx32b*VZKl7UrTImARFqk2Uk&UnIs7(II0qedeT#uX|<^#hk#fJ z$~RlL9rSy6G-5s4w>JCm>FTE{kS3v4tVNPn`f!3>OuP)JVr(8c^fGJ@GNU~y_dje0 zYnx|&hC%jTie-XR46xMEF8T5e?XSk4SbvM`Iau9^C8x#j+2Vvqr=!;*(!ZD>|5~k? zmr=jqz^F!v+(@W1HG`=5t|-TlUILO_&&YrF-gY5+Boj32^jAWMkO`JuRjWwFqWYWh znuJH$I?$p5hR8v~%s?v?()e1__+Y)$r@}T*1NN!3Wl089F#7=1vb?@#QZxkdaEx%I z`4$;Y&D08ocgEN3>mNzTf=g)~TND*+4H+o`c4u?Te#tNw$iWD8LpM)a0Mf<@s6fDv`RUcXnUo zpAeAA&Y#1d^}DM>QdauvImy(QzKTQ_X&Tx;1N93bP%zz5mR0-KG7*A7{m zq}MCb$iy1LDs51b=5234b+&pT(gr=pIr z_(%U;e(JGh6q_6zTnTyrwv2EMDeOE~!T4anu692cIsCnq@M$468hWoFmI>DCaGu&L z+6a9#)I!d)O{m(t01keepp-Y9#<}|`f$l!-i`P%WjjTPGr=GVm441qHEAt_-5kF8C zhrH(fpZ#>MhBo6t=|+Fu6>(Q1^);$#kC$UP3-*jRXpg6gCl&k_W@8F3I+EjvKiSCE z?Ouv9j%J#AK9~M>yr232jraR@eqPV3+3O7%fHbH1N>eqKM(4^I)R=hb4K2%WLd_Kq zL9dU08qtv>LAT*L?;1N=Q2FMg7+|e$$OC^GK5)NH_^$1fpFrRuyn24M0{x#>^Wb7_MJ}(}Lrv|$AIk$*^ zFo2D|-R>sKD{m^~qp+H^ZFjd=q_>4l#$-t6rz*#6mtdWK)~w^Ffu!C(e^|pTHksd( z^K_ntG1jbwLkSL;KO~Nf(F~^!98zkq(TglMt^hnQL!8-y%Q^|Z*qnvYC=hRAEZmrqt>330 zs*3r;%D9Gd-&rR4sVGj<*^R($kwts(9M}FyPo|vpWGu7*_ZTgNAT6PJAO;rJ88v~Y zvMj%m2x$pRfl*#Qo_;zJEvCZDb_B)@Xs=TrCWcxLuLV?uUx)ceOnw=Vn!0I@iUNj0 z|Gd3Hk>K)>8A^|;>qE8-vTFI9;ov#*S4psvvYv@%74sa5U15McLU>A7J5vgE6q(jR z-jr{SlYtYKZae9l0Z2@7RhvfoV;dYMm#K}UtN61oz=w3^++u)k%hf{=22z5xqxo%1 zDT!x7*j(Qsv+95e$B(o0r*pSzi~)r+tk;8EAaUGzTP#lvRlRRT=JGXHB$#|YE2$9V|f^~ z`S$QY6<{VQjVsvI4oU7`NG?I%C)`&}iAyK&#NONE$D_7sLcYbgMES3-#IT z6i+MH;g0eYAAwxl`EnJ(kfgsUfOMoB?tvvsL81C!_RXjN67}`2mb>dx8FfuEbIX+g z@19_oQqp+zsfhlBrXA4WIsvfkmIMX14I#Gxi>h~@Ud-POef-!G#{iWkF%F3J>(3babfl=&k8L06bmf7?KHMvDSQGg zpbV8EaB!`<#)vLUDKRFo?J?=ds}psa(IYBdcqcxS zuwIpOI|sc*`g<|atW9g_OqAjKuzDg?>jqU|`LYoi zZ*o)7!X$@I7tkETe?WVkV2T|*_PN<4D-k!GY#@*^6e?IZ)tB74^Krwv;=GoTj2XAI-5PkO@Zy>t>IS`U?v}y#R80dtK!8k|!|w&`fWrbTn5^*uSK+j(hw7rJ>9UC5CPQ` z@typgvN?@flXKWxYL_fA<)N5~d0ew(_fvez=f1P>x|R3}fyUhhKg(ZKr@Xv{Ba6;U zVM8cw43MdaL069#PqHPNC`A@xD0s1yO2wzky+qL9a$cMwb5DjRiC47eIu5j|-&R+A0k=4f8jz@`?8NdbZs7CwmH?8s`JA5$vH|5Y$N{tWD zl$g7M`n<(UPk_wl=({X*!Qx_IgJ2tjXcG~$mQ>N7VYoBPVF_y%jBM2|tu)e%tCS17 z+;9k=T&hHJ3jNL}?F4Nbb|u}lxE}Q#%$d^uMgz)fQpTDz4V0=CP%(`X)ZNS0scwR) zU_h22v|5W9x;)sMAM^f$5?olmF#0DiC$B4L1QBq+B{OI91sK9>2=a*%qO3KxI3Lc^ z^^kSJ&|6TGBBFq6)Rsjawu~&w?;mVHc_dr(c^e_ZB9K9Lw4P+R=ed%H4dOH|99<|7 z!M-^EMNIGgghNymZhRB9djc~@835?{6Y<$m%eg2Yrd9{eN9$ljxPfjL#Xn4S zuO>+HS101GX~8hHn(#lv$B}1S)?=4RHz1FF7j{muXdGf|34jG9fBD?!z~>g@udk09 z>}e&-=W|o#g1vmlB-pt5gB+r?ZPsy7=1OEc&S*cFydZSTjMnjVY^{P@Y~5!Tb?oDw1pYl@mjDs==tIL+S#_c z1dUa2ep-UWL#H2A>iTA9^Ll$Tq1jGq0^+rXHTD$#FP$v@K(9UvY+MYb3E;&A9(xiA zt*j2X7#Y_;R#5)hslQflgF2Lbu!=IoRHgur_?k!_9h&-J9Zx@)fX?WXi{4-{iVWew z3k@|3|3h#34M4K|L%BzO;gjli-fbXgo?Ye1W7iznliPc8CZ=kqdRn*Pw~yQ_YqS&c z_b+DjBKxz36w($FEl~(60(f{Iv>Bv2R2Dd=hS?lo3zGWHh1DE9>_l?wHxYp?=F(Zq zr{?ps`X?UwmioQ&U7^O``mcJ;lQEoHS|R8Kkybu<9$705ah61GGC?&T3)H=A=;#ii ziCp;nel-QS^nuSFoCt41xiWG_ZX8)VbZZu?G8_6+F;uf_YUlQWkUniABj$f!V_E-m zjpb(H{7*-KEdv=C7&T)C1DFz^z2UI=-+_n4K=B8fqyZz~86%IREwYq2-$Y1X0<%^- z+mdvi}QMzx+f43SwVKxHylg6^*|oO-j10woD;gQdeR|1; zyT8ooQp=W4Pt`SUnxbQWWdLfwI)GRkl(l<;N;LvOe{39 zY*PX5$aNEC6Fq6ldHP*&9eJTeauMQP0V^1X4rA_WE%;&p$*n(`vQ*S)5tO^NGsK6C z4l#%fN|oABS1fPu=W)IgsMh*a>D9&|r-xI-A_}Os;j`RFzp+3*uj2TK84dEL>?>1o zEJBhVD&nv#50}p2fv)ZEj5S5LPEHsVH5q4+8B6=ZblBbX4|`&!PgvaB`V?%48n05O1J^^?EDfnm}b*6)AdcPH{~^*D?I@wEpV| znWrr?-~4{d!I&+NjTZmNsAOzDa8WNF&3QCr5Vwc0yc8(v%HJQkVmPB|;}ue+RII?% zq*41G)Tk|%q+%i8R8BImJU~qM9T+J2nV^Xb5M<^6^{@@e=R5Tz_a0VPA@mX&X+IW5 zQYidrUieDJ>S|XNk+<+gdBM<8H5~RU-{jV*dV>_WYM_|$07U_F(R2HK8%DI3!DOUO zey6__Y|JFp@6hUG@*Vra#ApGqR$cB$DP$r1g%m`{W*Z#-DV*vjAqv<_CZ$joI0T?L z^Zm|%Y_jn+mn=%bZy%4|KkPULQky!Y!1F)~Z-1IY-ZT0^%#UubI}3;;OOxfFZlgKI z^rDDzv**Ld*`SRsJR!@OZPMVNL4tUl@dEp$)2@K$a_kcRV3OhN0#!X{-4M{SsZq}u z-4QWF6+*8P#N>@GVs_QO7u&aq=jf-QFT>vheALl%;x{us>CbSKw##(}uTLdA*8X%A zU$e&6l^kv*yYAReZ}$e=y%Ej~9Eo14FSv zEW<A2$@gpwtBxe zMIezro`yzv2ts51Uft~2M2|mg7ys&g@EQ0Vi2`f?)8uIhsWwe>@BK522rb9zLNPw4 z~X8mtQgD8-chT**W&d^uc;Ad&B2C<(Y09 zok%eH{%AM+a<5P1LG+z*&vjw)F5LJa@*$#8akBA_#$kyjkQA3%2#iz%n{xH9+_tX| z3_xNZcUXN0P30Gu=yYfY#x&A$so`d|tE|zOg*njUu>*3A`}IoX?^F6!IG?R{Y$ljHFkYtO75VIkO&`reRZ=p>E8|yKXhx zLFK<&2K77~@aO-=%|aDk@VD6@dPnF~JOyYGHq(Qj4*$T9&xVJH9L2FPAZHch>7doE ztyc?*+_g&qRk1q1~7@!$DBl>Pj$hy-d0RZx2XzXNh1_$UMK zCn0=jiQWyvSaNgUTvXk9p*5M9lgh)ldAS4O6h>3e8Ka~<^yE`HMi$98pSLCG=c0VILP;;EqU6k=QU zE-QZ*^joR~6Vz0slBG)klo$x)F#?dVo&h5G@s$J3g8Fc7u`0XQ%<<8|7$aiBh*iC@ zw?t~_J-P=4t>PhEIso$!mVa)$@7lpxtLUtZI=-xsMAKf(iyey=% zI8Ekb9_6TqeIOEnw9=tATeQ!9SSN*^t@TQb?YYr7`Xg4iFME1i$sF3Y)cw;`He8m0|)HrgO>@6 z@NBQTqb5M#Xa+5x{0gqq;&6{oaFJ9~NXLNHz#5rRBh&m~!%8LGwuQmokcp6CtT03n zv&~$0kh)D zVr>S2Qgz`A*iD)34fBB}0i!L+38MxR(!1@Lb z(S%1DMq%7S5p^fS_TG|14diUmiC2wy5jpPoYl|sZ&Wx4AAQl}Hpiln=FZd09F?mJ! zza<3Qe+q?6>`WQRguvned&kY+$X~sE!M7P!x-l44&;8Je$9{D&di%pU7x??diR35EWt8bcL;vYSC%uzWvN-R~tlf?MdS`Ejio)=EmCf-47yj$bI7~ z%4kD=uz05*sq7oICJQG=f*Jt*U96Ra)oLxTO<8}QfewZoy~a%0fdf^J%?y59PSG_E zIK@wol1_l*20g*QPX8`*@8yPolKXpy8J6YtS5d+y`IUg}W_|8WM$JBA5Mq0%Ub($? zF|1{~!l}*z#jFc}1CI{9X}&}dlPq4YX?&(oq!-eA)Ms}XsclaTXt3Yjn{&T^K}Uns zPV*0ig3UeA5sP$+5!^PSN=hq2752E!ztG<%>dT0LT6?tH8XAw9$Jg8~u9~d1 zEtD*I{xedsdmn1i>nJui0@=d~kQe=p+M1qeHj}#!IY~9STk#x6+aQ;Y{zPBod!lp@7GWKlWka1Nb)ySQ~ zV`2vMH(!lF_stkYm-?1y>&_2PD43_UaYF>Z`Js#&Lqi#R zXUZ__?^fy%Uuh$z-(0I#xXBZMnEW06=E1%9eMbk;cOar`31-}yeaOW^cKLSmCf$TE5Zh@!Vrbr4WwMHt^hc)q)C_A(sN^#MzoMH$SW6{O z6_0?dio`u=^GA*OW&MPuxS*?UAkzRr$QcwkJ{8o6$AJp!5bgOLGYZtN=7J3E_8=Hz zqlGxO;8(FBaBYtMeF=g&tTTADE zNufP7df2$JKe_wQ^~_m4ljp_);3^4$*)0`G5iD0Wrpm7(*$>8RRcBfOZ$tpzTdta= zUz(VV(~wI`jBBkpKE8UI8SvuWJ5=~-4-<$PE1HhmJps;Nu(aa@)@w5yayME_$Kj4b zUjHHzrZ-~xz906lW*DdCYxB;g8gFvr2Xa)IjH@lqDkLZfWaWN(mT)z-Zf5#fTN>v% zHf`B)5zy@_SGk?2KF|;nGq?cRnJtHE4qCn9^&yL(CW&T#s6weprpm6%S#x>B&(j2G zxjl{SCJxlRYUS9=!FNv5BHogqI)kz>w9tIQ;yBv@QS30CTPSWk=W0p6L1xxW?0b2M z*4yUx8@6haa0h)OagI~u!tLOa#W0rp-dZN{X4b?fAtU|jdI+@{CLX|M(bW?gygU75 z=I&y*76}}+D(zoCTTXrupd3)2l$7eQC_KoIm53?^p!$feAS54N@v6^&=nM=HIpx<- z(DM%O%-~ClAghs)>zi_9%pgicm@pHLd7Y;RIe85vmj2=*7)e`I_n4BJdt)3WwA)eE zU^Uxj3S<~L_ws~YFjfHk{3UchJ*ZTR59ocSZk@;?1Mbt$@Y4Bk$FTdfLL}SUl!W=- z+?J!+BNH(80~a?F&b6MuR%3UaEzVX{0e{}qznuznqFY?w`7b9>8Wnw_ZbzR0Fw;Hdnx^NuM zB;3;1X)RNpeHLhn)82%b99*mAlnGl8eLuM>ScJ<+XeDO;Eh$jqRuestFuZ$LUfLHN z_@7H?5hAC9?P3+e%1bxh;poPbcW5;lf(cVgyr!FYNf9+;VM@Hwf!TcyEL)FfbN021 zJsf)0+|tq<<`e*I9@+vtpiCy6FFk5lZ_?3V<0BC+wp^KIi@UVsg$i@d&4?sTF1a&*{}Ej7xI`oP6Etsep?S1Sb708RN{b&a)_i z*tQfb`(!qNuH3f}RGhhv4~n=vqJVMIQ55ZU?B-T8cc1a~7pjLKT+WH5W!IJic3AoQ z{a~b(LxA#+8fr5AEz*&9(QClpc+_R8!fNvi5#HG`C7U4WQebr4F% z%T?@(%1f*%=HX+?;f{YmwLc$3U#mHOURk*nMAtpm{Z^{GYl`3I#t@QwIH5m`qF)>6yY4 z3?F)4cwhv=5n#{DFRqI`B9Wl(=0WeUv{G6MyJXW#x9E+jzjFsf58=U-_KJu@`2uXR zUqFk~y^|LFj92)Oppo>ZeX_)PQgl-^AXI+${`#|P*3_wi^;-zfa(B!eNC?bVGvGS< z8|wb;_fcX0aj%IVW`VD`uLfKNa$YBfh)SC7?3 zu|Oi9I(2=-$EB`z(jwSG)Kg_+l-~?Wod85db~W8`KWoY^WK3^ZGsv}qRh~i>lB6pIB`?amA|+WhgdWmpkHAGy^>olc)jSkjU{A#)9`ZTj ztdNM}8nKi&I_ie`NEt8g(tfYErWj?5HqJPTJEN5=26&1kLU||0L~AaPHyh%F4NqE0 zb|bWUt*3M+_1+BE2>w2kT;?|-k7uh|X1Ky)2VktlKQuxRDII0SwREp(Gmg;$2H^Nd?uKlI=~Q6`@8s#fFsd;CZE;$EeIsDd zGw%;n+_1-}YCYu+D{?NmT`cp~*mla>8&P&M_yy;|8SIP2;Kax)rO*|=2~Wg+w+gZF zM&cRhgC}m9G_R4}a*=P|71lG0`PYP7{IYc9$FV2HGD;daJMbi=ET82-rj+(99l%BMhXlZy}e)wm&y)aJejbaIsV5ZlfQd;|TK`N74})ZED~7?f>x!WF zbg*^=v@F|Tyb}oz6=*d10RYLl1z!z4$oWP_4XA?e3&Q*OPRDyoZqpT*1Z%5g%@SS3 zJWxSGT$m?BrO&&G#R*RtDBThY>enWk>p|3yGdIt4YS|APZ^$ePS*=ujw{U_+a)+l9 zNd11HL;!R71#6;1U{r92Pf4LSd zho)1_!q^ah+Mpz{Zitox6!?CfEM%V@wEf<}m*G>0!sp7tdh(}G{;4M)%2{$-6P|!B zj1qh}qL*0ZmE}B?ZFPM;wSz<_ki*x9OME`rb|_ z?4Khaodnv+5XA*gvTHBCR=#|}skZ4-zqkSfN@%=8H3Y?QYZeH6eEItT?v}AMTO@xX zt&$~a#*zZ_(Y>U)Xo5 z^}NezF&d5)=~1DvPPDG(Y3%xsM}Jw0%a)1g{aQv}uf;Jkd@GP>N{ZQ}DoeRNO>Zt- z;m_4SN4vm__!I7VJAdvo0m!`uQ}nC&2ZIRA5S9 zaMCMXVp>ugvB_lN;I%IukTnpCJ7lN5>vZYCpi#S%if`-TzqSZh5Uzk;tNL)%XUU*9 zO#Djs&_Or=Z|6$zNUHcf`N<|L`d;|g*uO)43xoo_#%!gzT;sB_md4{(i*fx_G|`^& zs2=iznxp$xZ(4_oc}51gFW|XOMQ~Px>m0_AcOpc|DnfAazE=f5#g4tdetRU^xXW}Z zTKYp}*}Iwkf<483AiKzr^RXBv5+Fkv6=BTzEP5#-*>ZpKfkHa8f9 zcqTL>&Q_xDTz$cTJSg%O*Pb0pg&=$YEyO@_wl+cWUqR8u!zp*KJD~YF2qV)lB7pM| zF4Ea!f!gCZpLuQWS;qmL&luO+EfeaFI;)%T-~#a=X5TJWQ7~d6j=MtDT~VT|x1W(C zM|(UaHOO<=0t3f@AxiV*or!XkMbKI8eW=q#SEGqMHZs9c02puZk?zoX7uxl6i7zl`rjVqCLo4ChsDylFJbUNIful&}0vVK(vwM%90&a2K*G z78;4>YH~jaFadEqA50`Y+U_6I=k)f13@z=`?lm6O43&T8O{MgUe+OgB9OLRb3MYuF zqt@1fXu{Q09yAnRdZhV**l&(LLku$^Apb9#l`6 zEGi=^*%LThqyAmFgaVFibsN@9nxM?qcXIbb;pq(V*`Dij^lZ8y*yBUX1!GdraFOcAh=M3Qf$yq1DtjNFBc- zs*VUN?R#=zn}M6GilX$@pX~Z4l`lm5T4xQm)c}hhgq-AVB7ZeqiDau@OxX48JL`vT zS;|$;2cZjOQ8Dp<)ghh5bKhw_6y5aoj301eqEPUSq>@DTxyHKEsd?S zi2~GDvE|NQF0rF#246U5h$bXvESjRh6pKN{!3|9KW{vWSC9@@`Xl~P}gk~rp-Gkju zF2eaV^(9S@P;IY$X$VwA*@~LkIzcF`d6rL5j>0zobs(uOX!7ec99RCs%o~W20OS={ z%^>n*N>yFwX2&}(WdV!drbnjBqI=t;j1g@mNcK){w!U1)PdyAutB{-D5)w*44-~os5 z3$);^V314`SY9aClxIV?qYT_sY)^jpj8)ochotXgiJZ~1tP(PU%hyNFArY7Jr)Kw$ z$&cPCzZjmeQTcMz=4+F#X?bvsxAhE*^tX^|SLh$ruZ7@!BGbz(k&^DnU=<<6U5(GU z-kT+$U5ibLV&Gum%wV7P3T^}q3;_YZyB54jyUzv*t@og49rUp9sJDJAX-C=@Qtyu$ z;6v6_c*|wo`;8orj?|IxbgO&ac^Q|P6kkxDLtg$Bcy3ba)({W?^!7TX_3~qsvu|d! z4#kOOcrBseDe>CNJGOQf%4Ad{GZ7;)@u7XmjfXo|zCh*U1xd8z1s-}k( zF7kT($PE5-&Pgsl>RGm3^)l5g2U8cQe_-^dsf3owmCA^Fm>PC7>Z`<$M@nR^Hx_j} z*R~XU)C>zHtFrRl)`PeAo46a=EjtyzhmCx{06DhIW}CA>As*lV&dRbb%bYL&QC~Ln z5y%<8r7o;ZOrtty_6#jQXane!77xCoYQ$NWvuVvwqhHm)R9Tl(CP!sx5VJEz05{k0m zWZ#E}*CYP%Rt)}?R^;?n1?cLsWNsZqia4gSA@MPlO%PQX8sri7GK&(F9Dv+Bu=y3G zEpfhUgwJ!gvV_V8rRiJ7DD)~5rCDI;;WNpbI&p10eqLYYa9R$XHm7~U#Ue$QUj(f0 z#Dgl~Pz;ZRDr%xXpomKO?u9GIG9-wF0SjKnJ`yY$yd6uCFvRn@fF%5^(Q9}#-6QkL z++cNn|JmTiDG;HRQVgZLwVI1Ky1aRLAauVca?1GT{mE{#uySV*@cmao?f@jo-{re>>;G_62tduRE>^8*y zUu(5O9?#O-C;+kO&=(|T8G`4@kHvMFFVp(um z$D#K0a)kK*OKuC$0~~s$W;HwwyxM;Nkt_3<{{@JAGQj+&q-KX_@MZZq1KxIL{%3hZ zd{jJf7GZm^urq!OGjF}A+~U)q@n^OuckA*|aB8;Zhc2hZx%s|vtdz=L6BA+*QM_}h zKGNIe-D*$|(3Q%Epw@N7V1fHBg|dl9>0Lu;#Z(x?bZ8w6kj)JG*VU}9g+>{KtG5+f z<3cdO26xqek#RCH^x9NlHH+v~+K#3de&D^+vuH{@V!(!VCv=>J@7Inq^I)F-Ks267 z2!j*Cyc**7@A`^&EIa-4-sdwuSM-|3$HOkCca065H%=5;cCiVPsrdlF)t+BXA+1z(j+>j8$BKJJ{zCKU~f2ry| z^;B!R2}V=a6?DMP?g^i^J>$Y77m^->(ZnG9My7Vb^J!k~P>}c?#Hu*55b`d-FFM2* zKN8su&}ZIp%wP$!482_}I!jX=^FYpIJ1TKrpW`4Q7AO0=gp!{%!9RZzJhHCKHx}IQ z?QxWFJ^nlOpr4*z#AO$vs$%`UoV6k%wAn8m9l21M-kaCR-wI`kKir_XjAHx#Y>jz8ru(k;aCp!j_ zYBm7w5K~d?#5u3Cp)cUrpq(~os;))9cq?97^QC#`@A^8<##dAJytMfRqti(Lwh!Y8 zsPmO^C%HxM`g$`-?`*3*XOf6!<-H`>7u8$5HHh* zVv6CycQzN%TkZ-UwZjf38svH=n5ZKL2;M_+?!~Za-}52IGwl!=U!r?nR$(KRpGW0U z#D{9KbC2NW=xcGKcd7t9p!uM6xz!@;03W?^+@Rz>TaO zbmpH=w<+uU!#hFcL#a9hy;8Ym-VoZkM6WLILmjCnyowA$Tc#$+$yXuYQOOK1LRo80 z7Rgq2ViP>oYt*hne5j$cL?Bq`CEI~16H&rEzArZ@5_OxnO8b#OMwF30w`SxJOE|xE z^n4U=q#pf^?~O&tk7f=D>aK?baQ$w5EG}e!0E?;mi0!`P;yxkiSjRZ_3~bhkUY(sc zU4z44!oTe93e`vWgK&ST%G*C$&g>?Kb0GHWQLP8J5rRX91;#|&c~09F?{G2!eQZ3jC% zOXm2i(>4c`;aRdQ*0TO9NKkrI{|p3r_qm$o3j0%Z0zMlwvgJYNRNn#icWP&>)n|1> zJHUJuri`*ZR@?>7j?tU!VT>XxtDol?h1|N#Sp#Cry53ayAcAHdv4^_9XIoE_Cce8E z2hDq_m^9KwBw{!N&=^mnV)^Hwo;6Go3-fF47gaXVn7r=x0&}&Eof`^%9-Iz*7&8-; z{ADMq+7enGUYB*EKPLFO>|J4Cae$RA=e8a?iP2y=%@ zNS|$}LsG_M+1X6q_-xaznp0J@z>uvopM{i-{nrvZX;mTm5|^gs34DIQLEr!(j{?68 zq$y4YSVVG;R9>+TY+st55N>&4!r>|O&){b69A}z>Mvm)LZh94ApTGi>6>f=Jxx}{w zYrc>-K)mCn_8!Jt2nhb`qm>AeGQT_mbju1Svnl6mT_#ZP*&)!6#rpZ03G?U_S`s;u z49iW^js+YK$AAom1;yo{w>Az7JI}>IB!9Z)$km`xo|+#yk-%$OcD99dGgsepdxGBG z{WrKze<-Bq#6&mpqTvKKnCIsmztOfpk08e9kKr&BWPrC*jOHQP4vkX$3PDv}t{Op# zUt3jVGf4}~AIQPcILh<{s`FQ&_03u|xqlqx1l&A_xirIi*pG8>a?p~aSVW>=J#$*s zZfCGx-gQk=p}fcuPrfGU-oArcD$q@`MO%qh%SJ`&VwY*$8&BR=9u!t!m0h&QJys7L z5C}6asawq|j|M>$#UwCcJBGS`R6KUqCa6FaO5)kNF52vW^6AoUM!`(P;rfWtY)O`t z6>&;vWfBo}Qq5UnJlNlOQRB!T(2Qo4cEI<1?)IbyY|Ye4Pd3-;Ev}A{$4b{_)Pdyz zRwY~Rv0oos!7$ijJ5tFtp2Kd)tV8+?*!8EGc2M~2cdK%!#t%)OrJu(Fe(Ll;(8%G; z1xp*D7x?#psW6FUNMXiN{Tc5vbLd;%6xQn!5j*nt{?J2X<(6*C@q8p%nO_moP(NK7O1=jD{6y?wT;{KDwYS;F zhDT-DYR_AHG%1!*AzFQ9F5U)`>`Q@dnrX#eS!@zU6Ayxg^p6oYjOm{wpA?qzx*QAa zvA&F{LuNz)j3#9a@zLWcAMdUYnSrMYrVz`&1@ydN27Doo?rDBxWQqN#dTwsEjNf8E zs=iEX!(~GP?nl*M>Q=_L9y8qd+p^?I^EiyeEuDpI&CMQ;n}|508Shb-WtV z*7qza(!k@51~t-are8`gO*(}goi(7k-dTYh8E3%UDYmm zEEPlg@Wl-eWNFepQrZrQY=oDaepG!fC7l9u%IEl)Mgtcvq6XEQV%j z8U;o7Rtdp&>J*o!b${lRJO3e0BnnxNe);&yz8kO;8vNS98Bvjd?4&d$pf2XIS4~)? znh%E@iH{JY)KH&*K~jri1~t5c^>uK;6UkcI zYs~wqxUa@*8YRTL3Zf}KsSc`1Is_HM7ZiB10-PdqNphA4i@WIr=I7i+P!suFE#7! zkD2x50sf4?#C!^*f<8Fgw2R1BT%>)99sh@|a}3TT>e_Xl*tTuk6WjJAnb>yn#5N|* z#GKf+ZDV5FJbAx!-c#qt`L}Cz_wKH)>b+O>y4QVqpRo^i8>fu(SanYGA1S4x13K4EY4bi=GG?CJaOhkU>^e#yKau0 zRigTuI&Zc08W!frNGS+i=kMSx01HxoIp&*ZrZ^R>)4az$m8Y&OVG-|}+XzqakvPfm zJ1ZV;gkw4|!N2axG0djeI3R&j)XcRKMgCB}m~TF*m=Cj*M?Ua>#FK=p!?2tWC=U=? zhHa6vb1$-3v_8fS`;E^A7t#d`v5JYwo9Ztc>Qb*c_veiPiOdS?&viufKBlR1hXqHJ zyXy)H2o=hF4%m5sOTNFM9-mFcBZr4t zTR#1JurWD_(E^Tbo^KaruMLZMbp&sDOl1N13LYyQS1p+hqSFVq=%)fP*{wxUsr5ae z!_{J@syvOdwsfH;@l+GIIE&tXe4NycuDD#9&G`863Q`f;;{*6d}km+*|R62O?Iw z8q2#n!0hF6O(d{hcU{t$+bxX&82HRw&IeUmUvaQ3xnhV|J^{v*HuMtcqj{o{yrbI8 zmwiPIEfI4)Tp)rsLau!ob!x<08(0r_Q2fhRaJe&OoKJq&Z<`xfw8y;PcFwW-tP$x~ z0jPHLh;Crauz6DZTo9I+^G<8y2$`(iLLqz!9YQ^<_`j23Gq9FER20@ zrW)Un&O7Xls)J(}R=NNU$biXjKVw-wDC2PmI9K)PeQ>mZ3G?abX}H(!HM#HJfMX_g z8C7HcTMA`qw(mJ0r*2sKgV*F*YFRL-alCnGM!J!q>?RiYHkFs&BsE)|twS0hPlzNh z)0Ja2tX;x~rlpZ)lUI%5@DDpJR4~0v7#t0^&Tq*Bz`1{titL1^hyu3F9|idjTMedGxq zS&lmM=MD&v+=z@W;a4T|ZtULRi?+OHVeyWtJk=6*?9joH5UsFK5;I=1Sf63ha2V?% zT6oBxQd0uvu_&`ycLL<2dlb+fMK}{UDp=oI4OeyTqu}*`bbE>=>%Xjg(#9dLgfV@7 zFhuf+qRGrJ2w)(H5;oLW@2rND48+=~%&}!Z`}JypfS)X^nVS;!iQFc_P@vFKwUlvn z-fTsvNO>~c^>i%;Jx?GL*RI65epf6l1qvgq%fD>tV%~$i%C6Ki*k92mj@L!y`v0Nz z=kecuh!!wDL_gittk5X5k(ho$Zz5TLSV~-~$^0v+0)XJMq_3f+tp!~nU9@?q4MK;I z^j5BmYCss+bcFN6<~Q~rh3O36u+c`V3f4FvPTepU2kf=(BgqQY3-=-!TtWXp<(EY^ zozzG}3ok+ZXv_M5`T7LIlVJXt`d1O~?M}VCBF>;?Go9VmRG_;610A2Y^s+iEb>e$ z_NB@^-w%K4pPR)gsyZ%C`Z#jDv8x_R8hz2a?b_4Pj~quW9z_39CPfg-2xA=|wBk~= zq^xJh1Xg6OrfcG_U9^@=9qrNxPNoVckMl=$YPJa;S7Q6+0JT1TVNx1Ld}&zY+vON+ zF%CGj+Gnow-Q3}PUS{U6e%?Rdgw=~`HvPD8UEZ8Xx#GBZT}Cq7EIxUy|MTtc3Vb$Q zQG;kWNq?%M6Yr)GZ)S=*b#BExOz=eYp8NZ)OsMtZxiiHyL-%j)(-G`ETQBcI4XGL& z+<(a|--c$OO!(*g@}hB%z|_`(=Cz(`Tlr@7Y0(5eB~+XiLJL5InGrRVq4nP3n98jF zEPRIpp-CcE?J$EM8`x7gCujH>YDA8P(JJQ{Nt7{|?6{0h)DB(Ca4sp}7fZ8W-1xOJ z1MEij()Hs_*8kC4j%>fp|8b=2C_fw`Os|T+(_Rnitg-5*t~!6`5B;FMzH)xb(iFVh zZ5PT8DTZY{|KtrTx@;}fjDZkn!ABf3z0zziy9wsG8G%)?7(t_`?xvE}ZncVl*@D1yP`7RgLs@rnYso+qj2R1hVkw=(^ z8D)2o9(lUhM`mC01IH6f* z`YOhAsag#tOeBtkB1$0e9I%eu((e*Ybu?8jnNp3lMix~E_Ow^FCOm4kj_~*HC~OQsNP~EBusydg0mD{t1yGwzJ%*4g)S@&(vPIb-7biObo4VP zJLY)1T56C+jL=7$phHwKK0J^^t+N?4nz)(r98Qfe65=P7l9`|uGFnA0lb6|EWi~aN zK!3B$-QET_gW(?A4-FwfiueoPfc;4KUqd(1T(@M%yL=Fa@5;`XiNuH|8QichtUZuw zhg1uoZ*_}m7E!Hs0q&~?oD4Vny{id{+UVPS_3?WxB4(dDas8GqgdiurH5u#N5Sa5}j=CXBeS&OzE>{$uG zNSIgyWmM`}k<=YBSeAng2hyOlaEe;j${F#k9pBKzn!ZSs-7-&a*o_NRT=3Tk1Qqa* z*FR9d!RRO;s3w`ujO-#SVp>+Fb%fRxgqu$TPL!TmQ8yZ&CDz zlL`U~5r7Q`h%NlyDq}RKSV&p)Chs*SJW&UyCSZDbGYmjmQF=N_$c_QRUQ;O4eMSXy0|K-EBr5U9KTFLV@Qx4q~lN@Awd{ zOZJtdjko<1P*?x%@9$k2!@)bR&Z=X)_#T*%IRU|7^wo;+!IJuDroqwn6rP9G+3|wK zSrNU7l#4V`B=+VZ^GDO#ve{Wp=5%9S--b|1b0aBMi?|}=m-U6#w;=EPu_*HiA)H%y zNe-xa9Gs@4nQo%wjdBHl`3;vxMy9Y$G#r|r2<}i*z_^WOZXOPhVpd!tALrZm=ZAWT zR62#xG%bsc5_^TuGz&O0(KG~QCWBQAZnKTcI>+fJRcTl%+Fb&9eivveX4jb>ujK}c zC$coO0S_Ao{>ZE77R&}d_yaz+*k$>T@M#$pXPpeW=+@Knu8#vmpoZn3ctB9R21Xa~ojP@7ANg znTZIAtpu4Ihosfojg^?`odl6s2Scl@)*Ni<(LNtdixa+h7?8v3L+}L0be{M`sf3;D z_Spi?xNwXIFZ-TDVxqz<>+Y`wIB~4E^4KUhKpQs!gPnie|eig z^$7Z~ocWzqV-biKd^XbnYS9P-|RaCgOl=qm50sp$4 zvyPxB~M3l?cQA3S%r#tU~U@28Kh<5xbP7n7>ZMSl30zukNw!@N6S{65;+r^F52 zL;f@1KYG=^EJ9=BkGln%?QQ?l7YL^R`mcN7e)sqQrs)0i{za`?bfSj%(cIN;I{ep*f zFw237vnA=KBS8vz0s|;a9o)j90 zg&^83Twbf4FmlE`F+6L=#AM040@m8mw6LVr+X|fTOZWo^b)gl|?0RtC3@ZdAXH_%-)}LFliXYd#Y6I*s149*U204yTO38SK-n z^H@aYTU$!@q(K`cy`cBPx$wtz0`?v1sz0vofLDz*XOL=WEJ@gsn4%6KdJKZ>Q_1 zv`~euqW4U0X8`F9#xT~*G2}v8Hs-j#Od-^6ynu@7VCnfuk90g=`u=Lwjj608U)crn zy3)X~POAn4p6YOr>WE`K^aj753N$s4N2re050pHB0r=RUDMSQ6^mTiqdFy%#o zIu25Pm;e1As5b8jM6K>;n#txx7h}9Rh_T6KiHc`Q&%7qfJEi55Z`mDnXRPM_Hfc6; zV)T)*D4tlwu;+Kpnb!(BGaax#F27avx09*1ai-4$q56fAp-ZheTx_O+DB7`Aw626 zK;hKMdQNzcu2- z?y@UoxOKo8bKzu%!2KK%W0&+2OHo)9h)*h;;N`|b{m|8v=W~Ml2|F6q${~im05rDF z;%dXS*^p&P88oK2#dcb@;_q1#5sR`RNYEf-BGk=6LlaBz_Al2SMs~m-6+$|cR%MQm zQ8I5xaTzN>9_c(gDdn{tm9?9{#LTbf^~V{psS>%C3ulfN$Ep?Kch4z;cQ=Qf1v^^3 z#RONYE-lxz1K&-MV&#KMH~RuL2bS0bNhg^GDeo^eq8v;yokS_$YV`yI)gN(#p`4b3 ztP~}@>sP^nM8fP6TqE-SRkjkiq`GXwNXe0HKM1AeY=b&&unUeRJ^W*cQ-2AtM;Q&; zFkgMdJ_=^^_a0m}Uyk&w5@p;hXqfpJhmDdL&y+Zfe*M+=V@mxT{t^J@0_XYD)MeA5 zuvr3D>ECVMTM+Qc8?F)Y1$Cx{nsXX>{)bVmOjgaCQ{sQI2nJ zRIH=|AlS8S+uE|-Ow?OC{^;mj=+Jn|qF@s})gk?{qLYWtVh}9Qt9b`$1r99CNIISj5VcTnI*n^c4q*1S$)k}5>&SOLaT^agK=QJ zapOMRh+abiXBK_@g(CcU=m3#hrtzN!~QJ!1j6Lt6Y684$gdnf5w{p^q+ipt*! zlYZLA;g~>y!fxsgsy*z{gl7gf4j%a)Pn&85%Wx$akk!f zVvo-%d4Qjqv(kCs?vOtwRW??XMBk9)tarVStpvvZqgk3~F0bLv3;S%*{`ijt!o0s9 z)PHi1Zx$j8JIimQ|M}-;Yrn^d`uXi%Z!e31NtWoPj}9@nX~HBxb+dYz7gA4+o*wH; zCtF2MmC5u3_b9myFRfj-yp9Ql4nWP^hd(+wA5(DMZ;4i5G#{vXT=Y?4HTpeDhpvU0ShQ5A6;*RUV=oodZ~sn z{Q45PbDJ$&72%v#+yoi@a075PLrrRNXU7j4CpfRJ4ySg1kZC!$_P9=&pca_5t?b8O zQoTuVkS`vcmH&N2pqZ~EZL})i#ToS6@69$WRY%5|SL+`+XddtYc_WvVy)7Lnr%mCU zX)OQCk)zyT54^pNDDBuR&FEoDY^5nBNqJeavr4I2uqth%jI(?k{YR*NP;MmA>c(bL zi`e7i<^J&RbH%$|YEIyoVVz%gy@M78Jb(4dO?|T*Lo|X+UY1wdI&An}+LtC8uXE^t zI95Yabd8rGv$4E4h=YdL2y|{z>+2G0Rx~`}`FaoMyV?K#@FRQgR%^t0xrfqG+MubN zv60L_OubS5?pw4WF-V;meH`|((V4ZyZ66A#jRN8ZzTlJV6Ou=KdN>hY3eBJS}6o)NOV44@$@?1TdkaZrF^j#Cj@+%QunXMj+*X zlQU=zgjKFS@SzR_eC_aa|GKRktw+!ZL@2%Qltyl>SKUYDpeEDm5N|B?koVeP2BiCa`pe}3(@>GZ8EZ2lXjZ!l+GrW5*Uz<$J! zu2De zmhQ3CIl?{z8|30kIry2Y6yOWui5o9H@*a-2r`&Ge&<%2CYFR)6DsI}%64)GA3QZg= zJwp@(dRKe&qMu@ga}Td*UcG1>W>>u{S*gV8+e~%yY-Kp7Bojn5yf};%izG#T=O92Cg8)Xe0Bcy zK*g`U+6$x1ntU(iWy3Fo&_9nYoo*kH82~rop6hsRmD@X;zL5ve;pi#nQq(Qw{pU7! z{520Edg!M#xvLT!X~_f@yX?vtCe_>lucUUeY=sP+xFz}bM9iD5wdHk z&IXb)Mr4m2ww0Ir50d%S#fM3zP3Tn)x#h677_lGAbt8MfC7rRQ;Mf0U0*diT+7c)O z?I!YXYC6_%y`MOJ1#qhkc2f8am8kXcL%MvH>H&m0{UE9hIxR%K2)C4?@K)?p1r>!o z&u#_O1mXIM>Vuj_K83W082f{+mUfXj^jU}1l@N;ABU>RHdAUg=15ZT&*I1J?UjciC z1Z?{kclu*0z8cg}a5q(-#E&QypL7g2)B)|gBG2`D!j3TdlHDJ!#4p_My?4CmMiZd4 z0#4=<7P1~9eNdhroe^v?V6-S}X`dx1A?}O`0Kzt%=ue0rUtqXB@ZzbqR{v91<6%jS zw))=V|6^YMZE58Dr@BWlJ!wt|++&+d@F8vdZX!0y_ZK3(-{V)t!l?+Oh(JM_LmjR30gL#~>_^U@>bvfWqv$>7pI5KK?@gh;tb`>w=h7VUMobYM zcyx`^LnZiAOd2d&eLjesyE#9>?GE>%qU*k!{qFLAPYSIubP03^1~oYI7YXmMePrVS z?dt)VOB*GEaKDhERV632Y_vv<09v^73pc`9+&9@POa@0n_t|SiopbLWPgY-M+mE7T zh;!V1%##+Fmgb2rCll@6pIJ#!<3Bpumxi^Pvo~@bagX0ep6Zgsc9>fA*;1VHxHtz1 zC&*13)g{ev5VTA>`WNvvy>+$VK1Zs6)_f`r6d>dos3_&vS5-+LwYFpBtLazxCfiX2 zKDH}S0r&%CD8mKl1T@2lT_KNl=i1}^T^JPS(B25@>-WhWivif>L1Lm|zKcn3h+CZP zYy|lnQSAOm$n3xLsDNsp7Js*@Z?`u+Y&v1muDrY1KRo!GHi>1O&e!r7)-n=-_*`A; zz1K-Scol5}cSJGphgbSkHApI;GfgK2VvklE4voM;jy4lULDPef(Q zA@xvPACROmsEvZR(~W)hAeK%mp8S6ym=l>q9Lmi7;0*F0ezL}xAihmb4?>h;!LAUg ziJV_R!qn*8RM4pPhg9ydnE?9q9e)TYc%!EH=P>01Ppr)iD+za5Csn=kbK4>;_=Uf%gX zJplC>$!d^aoKUw6uCQ_Z4M7Y38;a`F`}q(QPS^hYaH=J@43~|D5EQp3gcv2B|6*UFR)I{ihRT_ zTvS;p;Y@Cu9n8=IEd?U&N+WAAvtc(@Fl6e+Vd;d{Ewhx!w$AqZM8b7`kz>4L(~<%xrP@`vo__0{7Z zjG~*NTdr0XNLA$gGejO_KV($JMt31(D!p~gcI-j&xP5#DzVhS`u&0GP{rd(E9Sj!r zXX%hYE`MPX*r5|8|2TD#XG5d2%|+WQx)$D39w$WCzJsfoxObQdp=-Xe(&g+$~5X1}22=As==F8shRPjFjB` zQysZL`zy14cDBDpR;`V>NzC)?O4IkrZ5M0(&V9MoNDC6OI4kq+B8QHbzuhE~#HQtd z6TQ1+@Lk18eY>qfyg`mIAo|1?e|BwnK@0K>nacABJ9A;pvZkTV0Gs!A>uxp+=o~y& zCD0ewz8vSXM%nK*SPLhE@09{+M?S}ij-^OIUm|ym=8HN8B$fAj`L&LPBu{QJYt;wK zN*QWb)tRKzlM9$VfV{1nT~k#W=r?Saf1TSHmi}hm5&_xXQ?swZWmTh*>Q~%^nyMPO zbOW-ao$PJ3{sTUZDll}f+nOm$&TSZ*U;W{4Ib6lM2%Yj5G&xT^&q)raB0V@UW{w!J zIyK80@6IKIoU(F+X%mMjZL`}cnY1v1%{$lOa2oyB{FX7V!IAZEtso zT{#Fz{qEe=Jrq-fW6SJdKLPzAI!*%vY2}gZvMsJGvmrBAz*U4oB7J)sQYxlKLgfXmOBa!i>#zp@bzu}waZkc1#mFpzLA)d zWQvstnEb9mOR;9T=W%tVU8Eb=E?{vtUB!Wstu1mYXaR&gYYIH}Is!+5c8-&W5TCCx zY_|h>zp3DthsWtCGLrv^me%K@WUc-kX=dE(cj*d*Z)~svrrb;^oT|_rGUE&YF{gYS z!O+YD2A#`Aw6e*DE`9?c|A8lCloaE@GnJ5s$9LZ0O|+hVk)QYCzbjCtc>gnWzD%D@ zPL@!#6%Kb8A9%jj zED@ld*e}FKxWmS6Bx1YYmKWq(!Bak@P z7h9-E#pNPt^GwA#!_?K18|Yc!!DqsVFp%^>hu)p4nr!PM3tv$JGs$PDx=bv=-9~k6zG@QN7<5L%x`O+>53?5-Qs?4>JV<`g_ zWPQN2REf@%Pe1V&!p+iyyack9=Ez}0z3**j9`sz}3E-Xbo`(ZOYY47dj637AV=_(I zqv!Z@ziE=xe=S>WIvl8ie8nlpzba3Y8in^+)EHD`I z%QJFEtFShEV1g!?7h$WQ+mp(V?i|%E}(_E&s(EYk9 z)j}4dml0aU8AcpkiH|%?AzTLwk;)M-;V05lsq3SYsd~$5xVFv{7H9h`tJ~8q*mE!HS6MoI_E2XV9b^c!k{^_}D|z!a%8t|HvlK`W)}C`=Wa`|Q5}~$CYdxL9 ziV)G&vqc77N;-ZD#>pT`H-Wvi_@qD?IWVJ*m#ZV9r;Nx(1cz zEhBKN;{(ayV`FUo%Y)0aef=I{xg!-p_cNJD;O@NL7S^iZAIMUO5TVGZ~A@ z0QJ;4k;u=-iV6cr&@xN`#wY=$jEXSVWLyl08HgdsFYzyi+iKnCTHj!w*u1*$(&$r9 zgZX{~mSL246?cG&sN`b)zhk$FtI-u3N}d4rNQkY0tI^XNXpH?$1()|M0yDef7TgO1 zQSBVNV0I24>$*^&-+1WKoWMxkgFE#WwQlJX#hs2N55}+y&166?F`Xd@CMXr*Tusg@ zUJ;I6+6T#a<&XDmGDtZCD7ng3W|7!BT90c5eA%z@~zFo)L!3RR%48MzzFpJ=eK2+E%fI)8=@oD+?E_A_1)99z{^pKwP7#nS9Lvf`u}IGj71rXre- zd@LUSb4Zj~To-~4OS5Y!PQ$~Kz5V%MJ$R_NgWT8ds0n=mO8Ch+CXLV=MrWfn9S$g{@ z5*HV7-ZY_{^h@WAL!q(^bBlHze6ex#^lhzbQ`bpgTxTsipRO;9SjKNM$I|Qa!+~d1 zjS0a}1goF}Jl|DLTRVMJK`)eYX$m_^O38|IQ}oQMdS%#>#%)N8pSssTU!=&vfFo(- z`-eN>teUFzbfZ&$uD>dYynku0O^U&QkVGHdf*t*wTkga(e`n z2|s@TpA4z|5VR@`K|I9DR)c*}+m`o5{ZRz}cKRwfR#VJ^HE{K3vz=uTS3NSX_r>Sc z02nE>d#|~X0t+bnsUkZNl5@JUeQ1)Ss7GmBCg_8&Hq2N)H~rDkZOsvQ0w37n65~65 zcL9fCe5A7c35~zT+kJ7>apaxv+#^6X!pO~J8hmTDKM;R>flOc}*#5tprOAKbx-2~Z z)kd&z@v!}0umca*|AFuF^E1hr+L^mp5VP3i&AsH&VQM& zkJ_O07N>L9q<6@bY6pKZt@o9nBN%^>>MOPhpp#M=_~gA2N!#U`oNZkt2x%d6!M8SG9%UV*Fll6N zQjNy;HAxCa{lm*R6!7*})2;+~deI`Z!5#78C(LQeV7M9iZRQG=*xgXH&old|ddf{6 zNP{5#w{q5b!MiKzp?p_&CAGXqo}OtCQmxkr*xC{L!egRG>rv+>hd~rzier!5zJXr; z@@#^JW)-%(v z2CDs@J|Wm(U{sN_Xg4L5q&{__7O)fsO6qv@t&$2jNa&0F3VVbbZ%5)~nINOfHR$&l z{VCM2j*%Lp{D;W>5UThuH#^+d`d}R$tKNYgHTqy2zR_XOjBc;eaa$W7Wo9hIUl=v& zRx-tJuLCQMhFu(14RyNEVA-yUBHVlT4c74cVnQ15m6^dRWkOf#n@|H^f{M6UU`ESd zmuPbd$IjSVmI_!6d;^^=;{Z7>)iCfa?(u<>pc&rH#)|TZofntbfsq(4}*s53zUzB@OCpEa!{VZqII2dG|)9 zsA|#GhuH(H@HY;BeLt!WxiR$8N=M{uVZ1T!c8d6i0H%wT(D__{KTS^ zG3Zrs4EW%bp^=Ke&)bSyDsGruP4>{Jeqt;Pe(sGYP#KQ5UnD5{mA>W7*+zcknzYtg&ZU&AH`?UdIGi``I$*Nn^Ci+Co*cYPehbP|3a4L#b#UJX z@KoQfuX9Ct5(|)4a#BTrW%_qUoby!7G%M?PmLBFlftGIY9xL}h26QV3^8Ybe>hxmd zPu9Shy?yvCmDka#kK*mwJpMHJjfLgl*V#d^`mwoeiO&tM@1>O2s+85a9(!%%(L#C7 zrPmoW^OPux(9RdJ#Nvc&9iS*MO=hGi>zmRmIv^>qhRv13LSDnK3T0=d`r81bDhz3h zI7ic+zwND=9VVP8qayJ@iKs&hProo}`{oX7z&29t|FhWrmtw=h!p-yF#g0AIFdSgt zOz#B{$4VV50U)IQ^#+)ru<-DFuYoGCOcM5XF2t}QdQFdD5;3Q0raVqIRLz7!{2~vKf^=zs zsMN1C072?V8i4CRG1OH2^zYGkj4;(K9Wa_Im<+&6mB|2b|Ic~N$r%9M|G5~o89ocZ z_P>XzdfES-=Oz35Hs3cy1@NTiB?Ab+{`0)JIRJi0HB}u|HT6`z96%;02XpgN4uA^q zeUv?wB=wJwi(s zkR*enL%@VXqDqy*fTPw4q4t2=MA9%CX7sig(!0wxc~wj5J0;nSckY2=|58QZMurv$ zPIORRi8o1_v~#m}8v44~dLv5T{JQ+wko5aIYr$^bb=$T5Mu>T{fgLz#EFV5TA_HX5 z!q)c?N_J%S*+nqJjY<~`^`rommkbL%3oBSP^a02I((8A5y)iMHBGR0$lj-&+JY%Di&6E+bzkL zGg#Pyf!Ra^aVSnqD*HsjJL&ZdKMQY(^M5T99?Bw1w<%W@f@y5-Pd;yfop9T7 zUe>d_&8hUhN1Hg+C<7G(n7c>=8pb>g%k(k;>@l&J8B0b|n0aLV7vc;Q6@61xP(Xg7?t=~@y4$n)Wv z&?I@37RK~9{I!YLiY6#%;Yi^T18@VhyW+;EEa^L_Oep-jrpB8axO!&Tz2T`I)9Z5%umwQut1|F7!vYdpenv-uA2M?;pG}5Xjs^2K`e`xPW z&oZBmpQ(XRs@kfl@|)}&&gI7C_NUv$wwZ1&ueT?OC+F&AlaUPrS~le&x48K9xtobXgQZNi1Gx@bEf?&xDZVg}xu^oWnL8h_&nqs)Ls zElN2?Z41Tw{^3VReYJkG*MGU$NGBA6c*iYUODp4(yAr3vsMR2tfo(aU!MKh69LgZN z{QiOn2+@oYm~e82MNgb=qiZKXVExBRHO6Lb?gfEtSrxX->H$DlfCcm`lSdhG`M;F| z(PDqj21$_NT&1;7Q78`B05uhQM$D_NoD>>$Omu12)_>Rafm!->i9`NeS}3{ye6T(7 zD(_|VopO===__g0f~zfIoCI$zJ3Uj)`#^~NK+vWU8<(=-p&hE&IVR?CHTITkKF*+@ zG0?_kL1{9;LfC-KRT95?;jKmogRks;)_7gCJ@&k=ns)>r7MoW;-69MuB!#-V0u)@fLqdX-s zAjvoan5l%vLQ^@V+7^Lo#_ZIEr-HH(Hq=*i4HXp%-j1XLV--4z8h6Sf{N}K+fhVqGw)RLxeSNk` zBUvGcQ?9gVbrFf*=XxR%I!lHCt$ZSeCIv;$s%`2Eh+S{b!>c`>ddi`f&_6*xJU{4d z-!yh)oKC*GP6n5=YPZx)7<|y38g2&82C0cK5*FZ9a3e3$K%lF(?33+Aw`nRhK#4~@ zV2x}ue%tMjUDwCWNj;|3t^=-xsh_1O3ozsy`WcpSQ2mz>l9T_0o&~)Sn#Ar)T_xn6 z8-rgiDk46VpS`!oNeN%-4mQZJ%C)c9M=U3_G8N3Prd$3-z!eKK_*D5C+*C1#WY7Uf z%y%-3qI}jgKtG)UQz|f6B!5t)bfAuV1V&IEhzEt^HloDW`ngWCfq96L+>?}0CQh-a zfS;HdO2itsS|L41$oVAP{g*n8A3kMQe2 z3`udfk?X*WUN_1N*bp;?c2o)n;wm-gbPC)eHrZ~GZf{=qN>2aGTnfFc z-qx4Uzx(M%Rc@WLLBB(W5lZ7Og;mUA$&!l@C@|F(NWw|dE0Lj^7) zR~^kMm`3B5+OoC{MXpMNh)ldA!@(MKfsoO~J^eWDSlG~j>FBX_v-V~ELjzvAG*wMn#Z<0vgFjCaj9*5R6J zgz{Bdgt*{e&|`g<2@3fKRW)~_n8i#ZkydeC~% z9gGVnf$e;aYnFL!xyT&u;YHi-%zpPK--{va@)rEj^}sQKTl_tQz$K~@WI1qx1Z@xl z=M?PsnB}%!>+?=&q5U*+HZQR~*yKXOTE3vd zYc93K1zl0M-umalzl@Jg$NSlVF_(Dx3l!7KD2#{CLS%(t+YGkr?se^J-1^w&ESnc^ zZ22C>Yb|}Vyp)D`GsD`nXc{0N*Tu-p(HXo%ZeH{sXN^3!7ffGDX1D>4+u{JSNnjhL zny0&M;@G}WE}PdlJ_xtoz3OxF2LcYH4zz&)z?x<8n?A8cLB)hOc2A5q!XW;-;cLM| z^pJS;uc~Kt=#k9a=W&cg+?IFbVt8B#h9TWzLv)}1sx~h*Nsfbb&oX|_8!aK~Q;#cl zaA#fhfFF{iQTKqyoyb8&0^xW%9=;~^#%RT0;2d$UE^eVZ8YI8u=a+|YDSCu$|MP`* zmo zAE8clQ2p_Q*QAd{IySq+wa8yki(w+jJFS^oF7XdsB-f>tkC(HIwTKH(q~L zCtUSP_U7#e!cv^kI-3Pb_AySYVwXCDjvY}{OqR=gkmJSQ8b%i>&2NLeesHYJ?WNp@ z_u8ZaqX(Hji$>N8Wusy32L{tBllN9DyysOhxSZ*K3AABES^z} zV|sGjX~5(-{WZg(Hs;96gi0j2LMCTTS7EqgsKX_?DMG5?Wc+KpJ!cE<&Djb*t1Rk$ zr>x=@IxwTuYVu;#PBo$MQ3KK8S%1!3$M>Bd+FFL?^Q5a~(&M|Q2;ClXnNMf>-4uem z&*Hb_9+t`y(DhBO5g83Vp4NA)^Q46rys|+8$*Ztv8E^BlY2V%NBfs$l5&_=PyJLR0 z*>k@E*0{Ml`}~_8v-lW0SVg7BUT-%-)|4;btzsz^YwKiiVU^KP=2QH!$;;09e29#n z$-Ux|wSkth_?0_~iumRhk?mfTRedM*N<-edx7dtN!^~F1vQ`JrfurXPIR*vQfiRyk?=17Y&|WbFc~)&9 zphDD1BM5nnR>~Bd*tl8Q$k`UWs;%7It>aX%(j%6GhM!jN|CH*ZKd*5GNw4oK_(5-| z&+{lNl6mH~-g_SDTWzNddh|kFFC=VwI94bilvQq>U$S}Sf*z+)Go8YZum)LMUPMS( z;_cnd4uR#Y?%EM*L#^<9pp>5EZlBhf!UgPFWS+aF-=VJQt68=TWsWR&pC+*2+sw|( zo6O3Gc!j(w{h`I=f8Kk;w_K#vlHMXA?@_qL)n5CYm`qhgUyterq8s~;%iu<@Ov|<^ z@glGIlV!x6LI;XeVb-E$lMQ{sw?o0Zy{yCE=|dX{Q$K{cYbZyRc`&gf`5yv!Gxr<` zd-tqvqHL}wO-FJ38+lbz%M*iCEsC_ZWUa-0Nm|p|=pDq~ z5ZN4-RKI%5KSEXSQJeGyo-Ogh50W%LpJ05fyGOb{<7VNRP=A@S?+1wiBHH##oN=k0 zGa`qXU5_Mor)3>y%OITDri)x0yu+{2lJRQF=jFh2(vE{@%cZaU0k1YcqXE$eP67$qG zL<~;UTNxZw?r1jPvlsr@E)=x9Lcj~ko`kl1uL|OD;(o%aR+HN=U+Qm#V2g$wyyK1B z_ULv}lKZyu_H2*oYkyj@9B?M|MZH$V`#*LJ=B50xuqVhTI9?@B-J6RmPow3W_8wu8 z1@Moq2i9kv#CA_HIae^g+~Oxoq%5n(pJA8G>NOJ{5B$7;r#eaDNq{?>^+07!`ulK^ zh&$nKUr(+*3e?*ETrjI|Oy>=9k>x4tmt=n95V^|=zJ0G7Zf`?M4rO?m3?@L~KaSZ| zU8(48YGiA{E|Rlbg(Ww9Jv-@)_YBxQ9Nw*PbC->YuleWcnlF9Dv0fv?ZTCk79HRL* z@6?YL+~fA0yRLFI&q$jqrnW$o-!{`E`6FlnjC;5APv5+JF1H0s_NhIUj67Dn{Q6pE zUs__+{OIwg`GT=}M(2cV>8%=XqzR}(J7!7ZZgcosWpDW2`R^8d##5!tR zb6aZN@${=N7p>N`QCh$Bg~vS@I*88Rf>vS-28@x+u3JD;wqMB#_#&r)}O)q zeO8foel;9)Gtk%TyTnw<1MLcO)PrWhvX#M+1L6BWhP<XHtf<>Mdi8bP~ zXYb#lMEL6lzTSGRi<`;*MNze#7u=Iy=io)pZ77|!S!3`Ovrv3VfX=rSX6LVb=ec&| znlpX1vk?>MUNn;S|G@DO;Hl%BQmq&k+pWq!t#@S$Ip z?8`OTN7^Ei`JzwSC2!{Na?Ipijy}uLC~lS(&Yi9|T@Daog4IiF7tXm6`^^!rtajya zIBxpZ6(w;ib%aE}cZ1#C{q>h53j}`ZGV)zF{Gh#XYTTFUiy2Pp60OY#6Gc=c1JN$rm}V;<-lJF+Jy zW7{P)r5ZRc((ylXcm;^tREyPw(BbD)jj?1;CRdkdZ0+{r5$=L|(0KY&1Xf*~3V1TwPy+e_Ij<_vPwP zx=1PK?ThC|rZ@ihRHV@u(C;&sJ#nje-hO_>^Gf!^{2BWppJx*_%>m6vx79fvyK*gD zl~T`F`BpROZJt()MR%s)8*;>gykF#=(usuXN=U@G;aKvPWZs6YY`NcVzi>H@EZzM4 zAZ~47p>>~Qv-Ah!gqWP18%~GP{jHLA@;%z?>~kiibji`?{cWB5PH_&Z`w)#0j7X!{@r|=a-E>2}T*?8hu`?BM5&K*INN<~z zN~q!*Fz{aVcU58-6@67#2MOn!q#Go*nkOcI|8eXzy$)ew3VzDDwq0?+bSvd3M+1v2 zEEiO$mzTwA+rX}We3!|N$z~bd!zs*HO;~(Q%C_^?##}8OPpZ^BUhpubP`SKUzDtdccV%X1JHc`7!)-300!!X*~IyU@zLvFU} zdoG8gdWNSA4Nec{#A(YkF{*!HIoD-WmN%XE;6?f8DK_zIn!76;hq9z)(<^*)E4v?x z+#m>bJvB^uxw^siiQsm>S(YCS-#id{myluG9D+KFpmA!P>8q{kL0)UGf|en- z&iH+#iD`0od1(4BV`I_V!)acF8x=}icf9P9_LpB#fp;d=+pyU=``o=TTfF0EFS4X# z)1|d1`H120tc#|axc_^p^3!dJMfs03jRTEFx_w61Q{WRF|SQBA074s4Q!pb^2fz9}EBct2$R;OmFMc8w8HdTY- zrKa)-iB8645zEK=Os5)#+ipCx>O9x{5uR$5jQEaSVVn zy{4L{+9@k6;u(4|zjk0@HeMEaiSVfA;_)lI0z>EeM+)D97nMbFZN4xt@UVVDQfM`( z?CzDKk_#N(%za0L*Y3$}4LqWK1`Er0TwZp6c;8G5`@!XKPWt20#(m{v5%H`qO*+;e zx%>U1eRa4b&bEbtr!NQW-R4=eXe`O^i(=XJ+}DczBu+>4J|+z@2tJHi64zmqP% z4z17-J?z2XX5)A*T!kXDX#j7s6=Q$JE|~Xoq0+cVgtK&E=tqX3vd9qc=mz$?rXOmz z85BR%U{HJBX!c{cHbq-G($B-yYJ=}yX04QhUHZ>|Kw{-BDYUu;&zRyK2Z$tULI z#-*%n^YdBe-;cRbRymRWE9^7e*Y7(&qBt};)IXHqlC%7&@aB27&`Az2D5H;SVUx|_ ztLzh99~Y&I%{Mg){eh{f-_Uz`?|sZoF8r4VYTj0Sv7>F8q^y>4d{T6yWr$dSmiWs;mps{^(?K$eYKz;rhia-A;tClS5TAEp zjF*;zB#}AE`%`oj-+4w>9hr}_cMb9ox$*%yWe)* zsz0QBHs@nJS7=TD!=5vtEI9L{0+RKSn}@c^-)dKK&z$!x%6XQ@$J=_HQmLpIcg)jU zR!Vp_s@IxH;DXSYxcP4O+>%fC22YeAzV@m|-}QbpIHNC-nK`%Uw{OUB#?9-?m$O0U z`NjU*)k><=5H8bW&kx9!%k^o`h`jJktb9G(*pU0k3G^kq)F~PbUY>plhPplPkH2Sp zG>VOXXOA;&$Zx&Wo~L(Y=g9y!$q)WACFYF6&xgh4M$Hp)j`yk2S7JX!eAU9C;~R<1e7eB`KeVLLjcN_@g_hA$|%m7{}4X|1-dwu#S*Fj!DX zYAY%jB3@A?B}kYTg{{pth8y#eqkA4kBUU@iV-&FcJ6gv5cH_)p`Ehg3hAKH?o^}9R zw!aX4XsFR_vqe4~|IUrPXUyg_%qR&HOsi3T-}_zZZ1kskqRo0Y3A=djPh8yNyiNHhO{A+w zTjp3lXX>?YPoD0-5bJs}Uf_o1yK1&0uVq$pJLmeHn3!$eRCwOnsRos9bjY{Y(!)Dd z*BhlB%a`U%E<(!ldn_?>=S3oO(ui;MbB4DZVx`*5?FP5Jc5v8z3Dpfeeu$ik(9C#rB(h#u|-6| z;cUSEp}{`GJ)G{I-S>Ruh6i>ic7ivT=x^b|Gew=T#DpdWldfO-9NjR^IQZtdSj&;I zj+}el5lJ7-ZbZa*Z+5eciIA=K!>q3rWH@iqN zlPk?Biqf9Y%=VYt{3I~(W=uze{7<^J0KtlUF3Lcn-OT*bH^;->!8?-L>Fxy|n0Vo} zlP%5C^-Cr5TFLOwv5pvD!@}nA;$VsCIkWy^c6#U+FomPOl! zv#zoo(<@cyJham|)_hL=oc_!JglE zo2R%xH&2UVKhd}C0{h9X3=B^6yYUv5mR1(l7+G`6KP+T181NSaKC(D6*owyDt<14l zaug#IgC^Jm)@5Q4|KBFWFfkn5M3#j}1`tUe4})K62pcuZ#2`&e6=!A${NK2~WoA(O z-$wq=nid6sBYX6!(u(`XH(6wFRF;IEG;kwCx^M6E^tq+uWe77zBcsUK12zi4198w;Um5S~o+?C;|s zGE5|rqJFY6h$A>MIC1d%mw+)20*9;C)5v%Xnuf*WU~m9o{WuuLfkOxDXc!nnGZ%uf zxIYy|e$yTUVMu5pKpFghC`dxlz=~ijYAyr;1EI$OeuUo@j1uQ(5JCueBFb!lA^2Ip z5(rF2D+oa(7>g1DEJ(nhOircYQ8b85#t^736a)79+lN$!c(h;)1V{DpGi*j+kcjJy z3lWGI6b-P&(a-<~7^NnJ!TpB=2}A;(RtEfwhWx80c=k4luznz5h{vGqh#_Jjlwe>B z5*9U=N+Y0XU?D`@I;VnY0ht6)1TC2SpF*hTUr^S9u_zi4LZY6d`F$LOA=Aph0u19r zO$J)SQRRZbG3Ye{wqznIJt4pXUbh|~6bsT5MFU*P=n$aNNGLTiz!=zH&i~CZfFU{{ zAuNeNYj7e&ixotOfN~%Zf`!qJ0sQdmOhI)FmJHKQCPFX`Lm~zpB|r!skFo-l9|>(i z92Pv3Z@sfH5D`N_Py?w%n1%)c5MDnS!ePmnbt?f2!4Y8U=~C+F@2mv;uvk?3QfY+0 zXvn_ysYXA26f=Cp?CTL9Li71V*hG z(7;IaiZKw{)DRejN4XO?j))~8=*dJpf!2h0bo2wn$D+qk8KNN{!jo|5_y9^1{t0yC z?+OTr1RA&j&o@C?fy$7G8V5ojgNA6T5Hvaf8WD{^2v`XLMg<6!A#uH*s3ipR7nuGY zTtxI-AcTYlacX^}u?zu+g@~fm{QEarK~eaR5>6x$X?#p1(MCFkj6nq)l^=S=0FNN@ zKjVuAnVK6kn1(F0c z7sTN2bCF+tA`u4RPop)4`g-5ryP znvt;R6a#)Iqp=_80&KlrL5PHdu_$E#KOA~4mG);7eD=5K$3P(XQISq%ND~VrB7n2? zf~gGA@d0RfOw?0020jE04?qqE4W@rKgtP|7)1o~{W||Pg;b}Sv5{!d>IrX_qiM<K}36 z2z~PF-i!A!bjW?{y|;LGq|NO{9N+B!G&|?t{l*9;6Q>Cz2_;1sn@)DEM-65giHo2f zr^j-T>0Gt2I{Bj3eK}E#hl=Mc9|x_BYcEKE-$s#$rY|tNBdVj(UU=^-u~XKWP4-@2 zO#eQutX(99Mqp^bsgD~Kt+xWE>m^sNqwle&2Ab~L2|Jbe4dZLFC-1*@!HV&+ecZ>& z1`5ryujVWo{xwu3XtygvBwyvfuAZzZ&7)z}oeM*_bKHDqy-kzN9j^2)J!|u-S?gv6X53o&U96JKf zjn|TpPW8Od)v{bWflHJCx0*G-Lb-rXi<-@SLD5{+rrvIT+{O+k9v^ga&4(}G{F&Yec#Yz?OyRJbTA`%P(4U)~oo(r_s4wpJ zWS)EtvF@8Eeg_l|KGy^uiIo<{b)|aSU0nRvrmC3GHqPvDiK~ozSPF){E0&_b8}RK3 zkB2?yfQ+^W*JV(uJOdYKrtAJy#;~*v`%_RrhmXf;mg3jn^4P{{Q9;|>c0db^pTLQM zE@<+n0UZn4dTr19)stLb=ox(Ob9qi66zt{lwpJhYCPD%wypN*TR&2*W9y|3gbNCEz zgiyU3)fxd^KtEpYc6K@{N2eE%yLeVr*m$g4*aS!~H5Aru?;3TQzS@@VLeb2gJ@^OF zbmpYuSiNU+o^{WrcH)RxR2@tzoVjFu0Jf&f(zzM%~4SAjE-=HHE2%Ed_7&^wBY=nWelK>UzgU;Z0S>Gkg^l=tY2&y|9XN)mv zS#^BjXnb$Vo^~4|5t4r8buh)tAiSC6pQ~*l?|dDTHrR}IY7Looo$}ZPKY%^JybvBz?;{mC}9XF2tXrkzUYPUTd&3r;U%fH_W@qDK%E2F?QYG0&DB*_IjD^fO z42~<^XmkYtD;p=1kPdVEy=2<6K(cL+^jwdWU0UZM-%SncGBkK+g?;BNJgv3ix8_>k zgsH~3;>LEFqTH%=eG|KNT=Q!{1~%!#hi!~QBdQq2*H73$LM*!@MuQ%D~SctT_2%?mb(v%C2xp z6M=+<;Qd-yDSl)aCQN{4;iFLln>tvZW!r(-?;4FOFiQZ4Bx$kIp~*-9`SSF@u>t4% za8e-FTKI}5r5{1fa{^W`0FVmRi}&vpG}-(nh66!EBKuXF+g4&4kP3=swqmJ%R9ZO* zXugzOR8bF<^&xluXm75HpC0H?Cl@Y6jG_a1?z$*XhF)t4MHuUZC(l4E-%wURi*jmU zv}(Mo=?DTwKFgi9$k+EZM1Q5yshZCBVb&EJQnhb1;o0iwVU5Qf-v4!}uLQ}=UBF>K zsKblzQiV-54Xle_T?4(QSfZv8G3`KgzK7^G(ETF{u3p+L{5{K zA;Jzcx0nzUBO-eRszs{ft=qL+XPNiIA;Fh&SGd1QO7P+#9D*dq@ELz6sWOO((xO3R zh4{O_QC9Riewgy#or{=-#Q}|7&)*Rsf$uyLQ1ff(*`m%7qVkp)GI$Nm1YaH&Rmk??2Yo& z%Mp(!uX&j@d!X=svN?`#=pnSh1U=`fDGp;9QHhs?lA{Z!)HMMjWu^-wV6+}7bnSrT zv2zumi$rJmU~GADR-p@E2@=6_l-G1yeUT@N1nkxcblEo+PP3J^LVM1Vx&N*hEm7TH zR$2Me^S+%{3OELirwBM6J4se0LkV?f$8`YZ^*4E7FPU{?&}F!OP2yY!y9OtiE9GW2 zySYPkshJZiC-decXCCZ_$q3j5@$W#%oAajHD0D1o0g|!56;`6s?a+@}vnq8C#(2h= zTY>QP$T@-3VtNXgIc5n1N>BA*O?9?kXP-YUYZYTXe;xl_y;W^&AfA@XXYOGA77f?L z)qkV6X}OsrugZlWM%-O)Q$+m+9f#XNVFOvSBB@rF=1TiUrgur_v#&l0vhV>ik0GnO znHNd7h`chaK5qD=W5}-J!6o6kRHLR1bxHC(k&kZmgJ;Dawn;g6pDbevLoZp$`~hw^ zrjXzJhPkU%+UhLU(=*8OJdD&bKWD7D(`7C0o*5?IKDS7kMpkx17Zw0euy%}xmqcv{ zT`|3{M;vcMpH1QRvGCd*+BqmYrxj7I4x%@A-tu#e3GMQDTBp1Frra9>pf_B&3BSRB z{~*e$tlE<0p>aW3xRb4+MSxo4&Rb*1-LINzjtIf-NaRAf_KH=EY(UvsyO+0FjeCcg*55ujD{;u1vRdVxik-z_3%fM zyAD?G#r302u*xJN)9q1CYj34z<59}3B$?e!xGE2--%fAbFFytH$l{I;gQTtm?D?=E z1@PNGqd7DkwA_nupn&%UkUOS0DO`lniHcnNY#&WHPIXj64*7yI_r_?;L>mZ`pO`FY zuz9V*S7>hP7{yK1;py&lFQzSw7a!tRoq4g5L2?w*F^&U%quVz>%}%GcdV&qYPTnnq z=VJGFBvENA5GegS4k(6YnWx$K1~}eF^I(E$fqsss6-A+jn?MlZhlRP!wVNt@3H21) zC|RREpId>?JZV>)NypY}>GfO}>@Y8kOsH>Ieyzg6bZ&y|a<}J#kD`_LLnRfV7aunq zsPUT*09CTy-xN$w+GH-Hcuj2r$>kg_;%;YZ%FjAGrATA#AB)_!Xxy+T@zz$zC@@Kdku$l#7}T(fynUJcp_Y2-Er< z(~LQinM+=d@U!AmpJGEf=9vfbQahDe{Wfs}h~N{NVbWZ1BvQ%brJ9uTZtsZZ6@>=j6WC!;;;W=4l&9xx^bxeAQJz-_1)Hl3Y znHCeJ@}hF@{Xd#H6rNShN0uzP+gDSlhCbYfSC{$ys>M?QIw#D+OYni*HI9i@a_OVj zr*;t;lt6>4t*^_+Pe#L`^4HGSeC`9-*2t=uNtUT3h;qACPQ5jA_MD4@P#OYgpDT2( zVr5ciLj``}2HrvftoBvMW^h6#7HDnpMfttD8zbT^QW2xX10CStm(VGYjd&F0fLk2_ zPq#s1nJA*PuN)c(yk_bpyXHV1?#TdX-lbvTsG&Q89XgDa$ zj=*B0QFSb8D^MxRlAiH{F!Gz_EHPrc`%ULp%ECE(NyIZ8{OcP62Cj0!z+nNd>GsYI z2&{vo`1goW%lH~JcV5;pL{gKZU<)B9*#A-H4GHQ>_RUqY$arya{mYR6m={2FjRuD2 z`Si%$Oo&jOb{0zAHsk;zJ@o!)??G$t&~pX;^Y_~>JojG)2x&mFyA`@|q*YtZU$DgW z7e~{76<*^{r0|O6o)9Ol*5`q3*0(Jk62NQJv+!b2!j0+M+}<6B`q0ftUZ&|=vjrt~ zb^WJJE{^TZ<7>HQM~&@OCe}BIv_zY;uiviQ=;X&Cn|(nAO{yQ=`yqJ9VGLQ;XUcxF zc7=w?mKYlroeBfGX6HK?Mc75rST1%Z3f)B$`sPO$g=h6A?o)7mfjb|_eW)cfhrkf3 zvo1T*#esTwZtXKjV=~L54#BST3CuK7s|GNnGuq{}UDGk5U<(+`Fjsqf4?=tY?+1DE zsqNd7l1*k>j_sRvn#dJxvsDK(Ugrgke5Xv# zaGv3P={qbqN&LvmNR#xo0`BfKvW3t8!5~vpx$4F=QXB{+lyEo52yeN?*B1`4JAb@ywJdMZ| z1*9A3`?0KZP11>5`eY2_@C{>OF}Wge7YOA3>h6n!;t@!w>9ml*Df%E)xF5(9(94A4 zJWYN-a!a`QjE2lB1P4>Ho>|V7?4aNH_^@@#4Z!_lyw{Ja?KlHl06U8p@j@F=6|3|j9ErO zcjriyY2L3!++q%)58~G}(n0egxm{C3N==we$><92!mT42g;E*EG<2s;9Hg3T7FKL7g_66<|z+$A6U-aYyc2JmU`aFK&Kvn%H$ zDM7vUu`qPa0dVy9#E-C}PGdN!6O^w&$NHjdOb;{Gn*9-cN2KVZlrtrKCP6GMVr&c( zqJ-bRML$qgt(IxPn0rv^*%!tF77mN`uqF31td>}jl~)wNYK2sA5BR%MOHO{@W0gzB zKCC#OtJO~%*HQOl37pF75Wd*<>>1%ZyM$Zdi>Q10m`Vz@w8L^EAD%61rxcQ8!gbZa z4230#qI=8|21o486>U&x7De1Qhisg>LSp!7J?wCOFv~1O5oI8%?HGvg*C;vNj( zhz`CXS7PVuyM`VrcY+k#)Rw}@#1KQ!M@t#%7gC~0#8HgWtpGuiMF?}utFp)0qkOM{ zWe|;yT9oa!dR6cHSmPI1;Y;qmM7R{VDsAwWxc_yXQfKur2l$Lm%UV0*y(sZ)C34K< zC`VuQ9%9w%2JT+03yhidpdjBM4*fJ=I1zhukw-_pg{-G1qa9^Mv0&GLulmc!`e)7b zD?U!mz*-b(|4HrfugvhiO6U5h-3oFBOcpWDNAil*Sy$?!XF1DH|60n6eaS6;*76mW zV(>A=;{ZSV5wma8nK4g9{K%VF*M6#cw9M8q# zf`k8b?m2q(B$2q{4xw>QQJy?zx?25cpNTpd&;a;>!wG`FJ+^aAu zY~MLV5OJ^?{1&;BZqrX?cTQggQ1)MMPH-?pl?l)`=u%%p-4;W6aaoY7Y9J8iOv#2m^){OZwe zhb&){wFEJLMiUlw& zi061Ylp4HMIIvsiWhPq!a4F4yB`yGc82xr@}7rf#Hi7s;p_z8WKQRJ$Ne8k8(t%R$@*b80%y;BE3 z-)y5{Y^fqxPYp&XnRbzkQDuCJ$L>sh-&X6W;u5lz_WZ%0#h z)Besc=2P+vdsypFYq4sguozej`p2?=eh;y)swlUwI}jXnG=n-|$N-IEPE1(5Q(3n~ z%|C}X=Hd??=hTZAj<0^PM3UVDBu&2=j!5DBio8ZN7e)gyXY;p_mz{?hL9;4MH4*Ic zn>NWCN^uUpFph^F34!YM9SHvS8Uhs#jp*+_kW8guDCH>y&G`DdZ`_kRO&_xvH_D@~ z?&7aontkD~?1qQ%*w|U&of$+owqPtw;_LnOJ^Gn2UKD^0N4&DMe7JxC#5Bm^vvbVE zgp8h$Xs*bP)91Wap%~lF69b22MTiV{6oC5(g&JWbDvW!bYO32- zYwgfb{TYZ!fa4AfKg2rrx9Iv?AR7C_iv88rRk%U#a8cGmqg*Ts%-{m=kRNI;J`rkw z3t}j8mtbw3sqQJb`-$N*H0beZ?Gxm_!8S&u+pKK-`yjE5|GDxrhkrhBTW+%|6|)w_ zgB1LSQp%})G^E#`&Ff2fQ$orkcMMSiWhgkwc^0EA64YB5g4A4|$&4sWRoin(|GoL+ zx}ftxE~1emfv+_c2=QSwzZBK|bLcaDRZBGBnLv(n`K*LPO%d6f@T4(^tJYHm<4edb zJSqm;vV0B!edy^9YbIetNtgu;M0`LmS&1CwXzgpJD~4LYD%v0en?7SLiu-$p33QRzl6(-Dylv1pFZNh)u6Ew<@s2aG?OIOSxL(G?r5^r!L`>GQ^0>gh3@@&eh%&i0Nso8uL%|bo!}4 zWkyKsGouXvEpp*fU75&xcIK8!jpg0@{;{M}Fu?uW97*w77bZ5$FDk{5C{L*Fgsej# z&E}&38H3{ahsO`T${)Nt*WnuJ;6*-}n@OKc!W40kUkQTu+!DH8MC_eV_r68@C4YL- zM$^k`4)`eC5#^!6T;<=@b9Y)g;mpU2ZWyJ1c%RMn^ZPAdakojut$>1nF%h9-R6=sf|N1K8jYV{F5W^* zu{JETsvqpEA_F8DAwsm8QjQsUqD04$)7G7L3Iz0PqYuogrb?*VJ{w;LJ8YfWtx<2@ zb$eV=bhD{t+lbGC;BKW>#61b7|A}cT=cX_O_zQqrVwdZszA#ZI31O7&w=7mQW5yrT z?dUB%rpo(7AoL{7wiK0xV#ak6Z0j`6jtRXvceNP4xG^Hmts^0kb_Mg1YfWz_@1xV@ zOjm8G{*jhtzr*HHYO=dBm%6LGwo7QkJ=0vQ@jNdxOyp9sG7`#c7@oY=vtEj&xGRXLXAFI;7^u`0_a5%v|h5 zZ!ss%(gk42E02DWH##%)TV_^oQPeVJG@mw5FOIf0B`5;Z%<)X?7!dcOpc=#q}0=@RRvwd^Lu z@2L8blJnXa1rGB~36*qIRbS-rs6X<;21kTGnfh~vFE_VA_~d91`{;f5L@kM0__IU3 z96~atJoQ_&E$l{WAvYJv1T~pt57N*~6wtA>0=er2Jf{Iygk5LG(*_6iErjLjN~xKz zvivz0dF`W@K)avT0cQWCX8F#jpuaR{;J5yxko|cAz=^U+V_NSO`75^jG&ithpP3K) zJ&&5?r*=Fq`umDJt?8e$cO^outDA5(hG6#=&cwr5NZ zpfvMCn!(d`wm;fpr!kV`$F@X7e6G8ZNvAU2&6?LPyAQ|paHYd~8Y5n)2Wozq0$j~z z;-RZM9-6C0bJXI0E~n>nsE_c(R05@pQKC+e3Dsiz^2$EoC%)(b7Nz8MLZ+?vt5+6o#!%dW`=Q-~u1E5(P*v$7p|2RqpmV0_PC!}V1&KP*kO3)Y zT#^zYxV}_SG5L3{JhQ%?-|2qp`hRb|u1b!;LZ`$K1J%jX(}Z!*IZkl0(P8k~+Zxq0 zmDXBLcK~<5#ET}lffDCR`xD)_-sQt*`3LaZ4VdQj752=20hy$t2+4Y&Ks8plaB6sC zY1*HK#ADON{?sx7=|Rv6BMrmVN`aihoAv#r$s4I*)|J6O#Y3ocVqi05tlSC=&;aQa zuwO4U{oVh)?iLV>u?nbbZ#ySrW{-oV@*x=a7f6f>lEhS{lZJ(}N)h}V45lc5v6aFe zGu9WK{!?NI03pGJRO6-sroeT1e*dUH<@S%^r_xX8Hny-&VJzDfh}~Na->Io8O6)@d zKx+X2s;%V3q|GWe8OzBm%r)!bUl|>wy1@*^4KN2q8N`{XILWXyYTyD=55I5D zu)<4W6x`Hh)7|4@yoW=HXj$=1SrE}Skt8ot$Y39snlnF!>gB^OJ%+I`nM=5AYNYQo{DahBx93IblcN00eeJZ6aASnDA=xG8TH3@ zMlhnJSk$cxL@+Xs+weF)df*T{V-E2So5)eYMXcvCvJ0Rptk&;$I`vBXm6 zIuA%e*BMj?e(zB~KOOOUaX*|g<|W)@E{427=1u}PbXITxAj@RBPAb5Drb^?wb~4%S z*`zbc<=+d;AYF^*NncD5S&?cD`Yc~|{BE(*LFCJ7k2ArNIMDkVCcngx#E-ueO8HOy z1S>NK6(D3Zzop7qp3LteuCi<*fAjGFhNh>X0Mu;&Vz(Z)aR%i=XHJ%_R)#D#Y)rTJ z=^}wLiwgD^*rZ5Yd%vy53A94Bu+Q2^z?|z-v84&R&cTTd6%D0q8!}CQ5xxrO zMbrODb+s?^;578eoq657ae|MiXdR)f^ics8h_L0Sg(%U#&@~36!7pCFv&m{bC8P${ zFV6X(H4U0o+R~xfgMRP3?hop?Na=}1EyYmyDwdEBlMW0>)|S=Fo9MWke3-4BNCZ%z zZ^W5`(llomoCqJAK-LQ`GLJgNR7vVu?Vj1c@Sh7=UkK`{(l2NY;S3_2-NqDvi99Vy?UEnm zSZWms&~E`63T&S3k1A62Nc5coX3B;GxgHu<26J>Y=Te`>LRxibpg4fPek~|3E^CLd z(l*gmE%gY;x;+0^%qL?7%oLEclxqQVe$9{YP7^7hjgYJ88WiH=l*IIi`F85g>?osk z7>KbL#tz+yHD@M*Wz3;S-sC0ozo$BKCjT090k2R#ma8|@LnAH}KuE|KvqQ(+!Jfd0 zSBLtGeQ|>P?!M7XnvewFqh7cX@1?|{R&PGcx0XdM%q{Uw$t5KU0@WVF;bbuQ3+z zOah8C(n^$d%c2FHx$pGH7~30XQOK79ycho%3IS*!7fLeK4QdOD`PkXZ{Ysy= zIr+#XrzhmU#shMbE1Ztr3|D~QSnMa~PTYE<#yCh|Rw_Y@+HA0*m}DmKzj1kSEMTzB zMQC{?Bb;GvE&9YHaA`VhD|i7)NA|@=?%`x&dhlmB+_w-glEd4`;0IDl)PUvlocwO4 zMME=H2200-9xp8JZ@!#Tzd5s)kaS@A4^KYNWd)nxAxKwW+`L6eZRon+x9WML`Pk*n= zObrb^eMVcew3}I^YQo4ZpSDC)5@mMA=vp{GmgMmx&+t#LTkQpCat7npD?+V*_oz@l zYXB5P&Xwh!u3^E(Z<&Fxa=CoVbu&`LRkY!JVgBu9zU2-kbcf8%<&}b9dW$Tnl^r=Ir}y(N(&;Z0z6r0v+A_?wZO_ z_y7J)En1BH5?558^w{i*oZ(S zKTw{;YHA9_mJtQ!c%Lc2thp1DDr8Wp>$Lhx@@jn=V&{^6gh%Zg&=*fdwS{_fM!y?f zTN+C}*T85^8S=C|IZ3sL`?rTDzGxKb0r7Rh^7;;{DKA&A)bJnM4LT!Fa?oK zcyk7Jxw9P}^&@~rUCleDb3T%I{Rk80s%}qD#?-8mAr&NsUENfvmMf?~Yo0i!b3d61 zG+Vp)VK#>QA2x(fuf|pruskNJU(Nb-AuVEl4ocKJX&*IGA@eD$^=$lAo;sv5`YfNe zq{Z!gh(7jTZ^8wBwY2aH?n~oo-7b2|$#Mwp{Mh_!gKupVAA5Np@uq71H00!%8jx70 zI0$si!3v)rl$1u~uOlGeicVhRjK2sY;C|{W#awDbST~6klIlf?8Bc?8sR zg4^3aLYoG=#=N3DS3aHV|9+a?@WNXE?SFinp965A?R zdL=)v0ybY(KN@OH3V+w+5r$W(UFllM2lj4rZQTPQuoWb~n>MGFN($r@j3=W9S705( z^0lDW$Gxc(#mch$0+5e%bWX3zy|;F6*s8*j1M>>>Z=p5ah*GFG#F3qe*<3xJCA!;j zqlH;=mU6MAI*pzz;1dJX2bL4Hjl8KK{S&wYocx@3+f;P%Ewf+c#~O;xp_meh;E?5J z!9sx8X@;8eKMniNg`vslK|(C<|7&WCu5q(i3LYVa2J}hr~UbZgOmc z&_-hVc~cOPi0u50d>K0iHIcFu6v@MohD`u&ZnBisaPTnYo&Z0siQZxYmNo9uRT$|^T5?gbujBwYab8$eSX-?SG zR$7FQOW5VZC{hBjuZcSmVqoDo+Y2o`k?F`)ImB_JrgvUY43E=E&hC_g14JHcD@K4a z^T8@pUG?n$mSTRZR9c7a*;jz>hY=t)rb50`>(0G;@wp)9b#ohreL%@%jec8aPJRz5 zQalYPrApYW=%O4Df5+}1BJVOW*JtHITcN}kX^uh@fHSrQ-K2=C!+pz4+D#*js)l3) zM*7Lqxw-nt`FIU~grP%CD}ymbK|}y;tOv!J%Rp~C_qA1E7^LV7Qx4q&g?kU=G=2{j z7L98&pQ#P+iz>$_t(z%s!#$$9Mc{&%GG^@|Tf{revA5D*Ty>Fbf~rLouRm)Z4>mMj zLMKMRg1Eb-VFA*{F%pg{{LxEJkgMW@ps1P1a$B=?!g5QFpsIpr=2O|A5MF^NNV@KB z!?v9=z0@L?nv|7r`U}D5@^(?k%zrp;{uu`^jJqbd8@PU(b9@BOi~tGDYiq$;kgg4h zl_#uBHa+H?{VDUM$X^k;l ztBFRMoJLaz%YT4yjBSe*UR3~jXXhf>JWYPxHoM8R8JyjXp=%h@T2MvsAJs4xMSj$o z9;u#ysG7f^@z^yem;@yz8Xf++^M)Xrl}|u9U=L7I5j!#f3F+cdDNQm*G*`az3hYD` ztv4Ljx8vQ9GuT)n?&s(1nS0}@MYHq9lND$zE8fcE7Yo9rRF;%^%g+ZUT-gWI+=N#H z=7$8~mFyR0h%d~S?rDTx;V0*KtXd*1S}!d`RST2VS;x3PLan3F$)OWGKI6@H5b~>k z4a$?;DAxSdiE zK_)(dS8JG;gEu;4GwHRNDWGViDP7VLOpaYpA%MI~a47pT45lsWMMfAe%^{@wJC=gGjsoXK0^du+&}*M&KVRFTzN#`; zNdtr}yCnYur8cvML)oV`5q=-!s2n+EcR$w6rhcY?q)vLM@x8S;Ib8XfBZ9j zVZV1?L}1)G_Iw(oq10W6Lmob|@JZjLh%yRR31pM33>7Rp6(4_wh%Z_PEfabqr6yPYXF8u#3?cXjpWcitMKbwTsG1SX>}B>zhP}WbP?81!^hxtSEW` zcQ^KS?01&}J_NB;pp|I_me9RcOJzyWy>RsyD0r7cc0NF7C>oyR&?OMNRKD9F0uz?KBlii|Mb4SB^$$w*JDnvZsSjo2PO$ZaOy z3trh|7;RN`vTk$b$!c+;&7hNncCk#r47nOMj@3~$>FVct-i-EJEGkFII?`Xo_3cHZ4fwY@C69QRQWJ@ z{ClwbMglFC6v{F^WYPPOtX39@k_}wEn4yldbGv;ejB--`3x^hGHK>@Z#!6|++~8H$dM>ntdBH0p$gf75c+?0+_@}=X zS!W^UR!kteN)V-Tix0EFzavTR%9Z=DL|mWGOl>=y^vE367bmU#eLO7Y z;*^|!_Szf-qi^-fcgZ@dmjS-=FT7l=d@WmZZC>L=ePd)InC{$*j@fhukg z-F1QUP{w;!^i|WQ(j}}=8L=4e5=^W};bal3yV`be(g+}Uc!BI8DhB3Zn#V;pKoOkn z*{RwjBfE^XIUtXN+_R<8z=wTxGOQOXQKEoH%JJzIXxfJF{H}CV8(<1j%;Oj7$+xaH zWBPF}x9J~^ZW8q$YbTZ#^;A0`igT<9C1$CWYoJ&_R;pxi57zS5&eD;4c9HXv=E3T5 z0U6gdYqy*HioDn*+yr)@dcnJ&xfPV0N;bMwP2dbSxL$p<^5G?{ovg_+gTP65F~0}H zGW#UR?BY0oEatGP${;};rpyTkctSJ{PQ%fmp4{rUM7iG!9K`CsXB1LIJ6B<*=W(U@#Zq|KApwT-&EC%4i z#z>8GJ%15@G~IZkC1>LF#g9n}5%Ggve(F~JH~}3!JYijZ1CxIG_pIpJ9((ACsZxqW zH=pF^)q-{@`Z8|mg(G-I&;Y-bSz;wLY~4Y$T$qdx77)n!QMQ9%>e!SN;Z}mW+p~he(xDtnUhc$n1>?dHZWI&mo@>vJLjs z#71GlCs>IU*Q|1?-Snxcn6rRRadi?>^3Ry@w1x-bL##gS^HB*->7j8#M40$wdGE6-yo8QVvvvM+96~vWs{4o{^BwRu^$k5on~G3@iGPEH>8EY611(O+Y)dkqD-p zLkf(tGN6<8l!t86;Nsk)t%Tr(HY~YiGaC+p9i}&?oY+uA0ThNv`=~vD*Syy(TpHV^ z|4bCa2usUzkH2kKMD@eDp4YxwJ+5^^J`6ntfndWuLkfL*IG~jLHmV7Y@$9h_scSJ^ zYB0VTd!e=MK&L*a)GUi)&G$t4pG^KHkm|CFA86>dH`DGB@se>FlQkEz=)|~UW5}IP zw6m;zv`r>uu~mWln4>#U-ZL#d2D6Q=kyk*eUyMDw)Owd#;z7ctb|3osrg}(+0@FaW{2Jc=L$!NW$V? z2_%vs(OftAF*2j0t*$5!U&)<9^!nN10PiC{#fDKm6P=xqpU&0MOjtir(DN05`m<#B zhnSxxx?svizPm;>VL-%FyL?Y3b4xpOAtq4}brE66wE8*84XeKy5c2_l(zeO{xTvg( zKNn9-NVz~NjCGIvHVz#8rxaEQ^AilZ1=N=j66N-{t*Y7|qNHxcy^%O@fvv#?j4^8v z_d{mv&1!gv>k44e>Cco2N4*sr9q=j2R)i47FD^W1vS+=P5>pcZU*(`SeA6zNvTjMs zF&~XNawb@y6Q__btmIs zV=%K~8cKcIzTw$d_alVFms6*Csz?Wt;EUrSKayiDu`%SL+q~`bavsPsw4X*UW9rMw z%1T^ytoB-XOStr^yfdE-I+<^k`r@b!sua$g-VEXIdbR=XaOjk=t&+UzkH_on;G20S9CGD&f76dnxdb z&0ePClb;a^(y;!&F7z09RS~6&B#9C=D$#R#P4m#3vpEMj-1e2@=rGvtu}I{c4yE`@TLBY(UlFk3hz`_%bWK2gz1EZsn2DJJLgqtZSec{Jj> zf&w%L9sME$xbAyXPz3Lxu%*gp+Q%Zwzla)zVMU{EEA%R0@K3y@1_kF*1d+i zGY@=p*sjmWhG>&ZDWfvFPf0TN_a7&>w;Y#bK{rD^^ojBEo3VU#^SPoPZ)`L~(l#k^ zb+0L?-hES!*Q3=!5s0cN!CvBF4q!*zQSFaK@(~$3?~fMGh+m(aTD4_w|C>Sf!J)`m_|%Wq z?RvhZXJLV0O)G4(M1x*aSB#f()3QJDLlCCdgvRKwKCnUHY1)tICjE->%?^8_%vi$LN@NQ$6z;RoNRxvZMQRy7uV^JP0PHa_aw+M8cY zOr@JF3h0@#MxLLtDLL1iG+9KqHTaSa$j>-+GQ%f|4}JNod?iq^>E^PwbRDODo!LTn zVonj-;%;4w%hG~zpXE~#x2O?BN#bm2eW3yWI!XI-_~}t-y}B*ogEv8PFisZ+z_E!R z8MS6Rt>1w6sR|2RCcV_rXyd`+6x^zdNk*>i1G-DkknYD#X}SnD$#rCyQkNoNd?sEm zarFtP5>lUvcH3w_Kb366Zs;`{z=vDFwWO2KBUSr4vtnerCl{$-2Kc@c%))(`jfhik zj{`adiAqoAvXSaK@Jvxu>!AHi-+9W7;_5Znk&m1vHlVI~A2I;aJh^dwEDKM-ie$#1etFdj{wj0~FlM~yv(b%?aH)w1& zYP|jayL+>HG56!xdJ5#&`#W1%qvc813vEi zWMG4Sdfo2(ARF8Qm1$4f9zN^|HDKLF7y5PqL7mo+v;KGq$a*LNifU5v>@G-7wonru0*eNth z$x>50>D#pLZu|;282Na+PXv}*{V%jlxriCB93JcT2!eCxw57FTsGp9iA*k>46v#Ue zih8Pb=_CjWTuuFRZOxGqRh#7U5w`;Aq&Za5@GOb>-c{1&HrZ$&3cD|RUAHrKf1h5r zAJ-hlLkcX@npQ9!t8AX?tR;aAoaNK@^RCk7Qp@|Y2F*I0GVYAFsns zu*kqEKpEY*P=@$PxA&L7-I$WT_F7m%hZZ% z&u3M#O8XGFCi^8Qf`Xhz^&S-vic=l32NyBl{BCEg-GX~}J8KAV3Iac;cFr-Xd5H3V zuDg{QO*AjAX^YMhHW+>Ud`e5p_jc3Z+;t2XGg_4LcnGo;%`sdeA`S+zy2Xtm6JAz< zGaYf#YF903SSYRioiPgR2`7pn+{UomJ`SmX*tGo{4;SR3G{N&%aE^0rH> zH&A7!q21viCtC+IqB*~5Olz$8`uKX>LtaJ480(I)#ky-f8o->+6<6->o$cx{v@;Nr zreH%XVM6YkTer%X4c+-c5Q#6BTz}>Y)=R*c?U$gR)g=$0b)8X;^kzldy#|>W)-}}q zB5pnli@>}?XR~s3sPbkbW`oO|7+Eehzw2N~AY3>x4UEBI;YXloDp7qaUvL-TSsk^^ z!>&@Irc_;i%UY?T<(M@&=63lNAaXpENBL_EyPNbwtkF9on@VM``^Qgk5s;C$<8YVo zM)-CY{P#>il+}iMhV!UYGF&-1%j_!WWMO&INPp_e^?>#)>Qw~aIV#2tJV?qx#T54a zT*i834on}jgV(gjM=aqaQiK#YUCS%2qJlQVLiTpu+im~S+rOKwF#yiK`$r~jMOoQ- zH%Af6y;fAxrIwv0+D`>m8;N;R)%~J&cStWi%F0_KB{3-aicm@_350Vagb`_(H)dsik-(h+MS|WmHPOi7^hAd0y|Yd*$11iB2@BMXBE& zBKBQa3JGEv^zX8*r8ei*h6Ryu!KWXTBR%Lq$%JXte*UXov87X9vfPH|&Uf`kdPe8m zwB_flkG`Ill!h^T?7G>KAIT#oM_I2QhRTTrtJ;0A6o6K%2f>#2v;fgRrxly`bARCbw<*A z?Cuh;Al}z(PYg;@!S(#3Ue!`km#Ak`kQxB~rR!1eW<{Du9r)Sbb>dgF>aqOe}CUP~*+ zW5Q23`%=0T64}^$DzacWiq<%o{hf}4 zqM;*?&HWfcN)=)#|%TMxVuM)$XT}ZO&T#xp{ zFmk_Cq*$WfcGugg$s|a?(^&-Y(YDPTIUl%Z*BYUye3^gr49YG7WnK|NEjs6ST(m)x zm8&ChCAXge8Z8V1IXMkaK&f^*#iQ@8y!HwWc;wVqq&4xYW0jw@FOgznhLs{so)waY zN4m|4AlvlpX*2I?GWv(jf&(&1d{VMo-wMe=vx3rU^KAJHmslrQmq$`l2>#-^XX#qkZj}SM8ya5P{KCH+o0=RY0O}q~%xyg+6^4R5H}^0_x<)fIvbB? zlJxam)XyAe7)9*u^Ab{j^cAkCt00+itA8q@cMPX_@nkt?r$e9qGY%fXfT)R%A!=2UHtI=o^ zoAb``40GMaU(c8OS4FJ2vIfN=k4=k74!P<>PDnKap4R$Q-bAETT| zw?Fin&AktAOz|u=fpvzu}ces{2+di&z(`DH-q6WQ~7waYeB>Nq0h2*b*SNfd%vQ1Q>U&%S?|La$BOX8dlLTm3c2JB zKrH>b-RG|lW}t!lG%v&s|t>w$rOb*8YMKoX>JfZ4gE+F7_YDmvti zWQvaDuXj+?t~4n5p4OU*y2+$LA}3BE>_QoKuzl9|99=;KBTv}5c+eV3{{p$KV%`>3 zv|5sU8vB?Xp08PtWh-%?OYc-$!TmrifEy@PsBej%%sY}?3yn$;N_l_JzSowJfn0ZL@d&e$+Qx|F^;;2s!~JOPWC)F6wBaau z3EC3B#L;jlT678_$uG+w69}MO3G`WmSU}_l@*VkZXXX!{__ec^kB-DsENl zZDMsTnQvOe0R(91zh)Wph`b^?P+??~7yFS3vz5Q$la zsq7GQRk@!uQ>&6pGz(4vIF~t*j-Ac87A_~ikoFIrM^2x@q#*7tMwET9mtioM%qb&i zKP`@P1Xrw)CkA{=P9&jz4sxUr7qNp^X|GZOBMVsQ4k*spc!P~|eyYVUS(!z<-4kGA zM42+KToF+>=&^x3C~N{9Swk5{54wu+-APlmNHFPSs(*K!#K~|1NZEP*SZxV8sgTUJ zgyTH^VI8Oc73QDZ%Lssh@Uf->E-KSB;Wrwz);~~<^>(NYve2ZEkC2@C%8jH|F_7eY(>3fb-Y6a_+}z;H$Z^Dl|y=NQ!&olPR%!|*4yB^Vfv^gCqC%!sJ}qA zhui~S*E2ruk{@xU8jn!Luq1^JkU1H5W(5#$sd!OUL!xfL%7b4=hmNy(R+cX5=llcN zdM|x^y+^p{0OSq9Vcs*nXWBoh-S%#|z&P=T@jsg#R&k{|5zW0R@^+a5q_%H>RZ&Mh ztgnj{sMjjJxqk&8g>bQi806izT||zJtgacOA1WBUGNv#H`tWw;7K{pLqt8slHN|>; zd~#|f2%8eXlN;$;(j;V$%D9TP{$PaWZ54#y%US+zrGzAk(eg~ZtiCNbPEn{XzUt4v zWJjM;5%E`affaW7l_loCgBAmoT}0~t#Y_0kj0p6?@d+bYf&Fusj95|9xYV*fX>5VW zpl+L?hO3To$J5Q*``7l&`T}ZESj?}EV${F%R6nADW#zfiid=H#>YsfnZY_0?q)Q|{ zgpmX}q!KE74$V0a52EuD&>Qvy_Te3uw_+TtWRnl@pT5nv&wRRi*my>$zXiJp6a5ki zU6D0k*c*b#9!NB{4wiM4Vo-8*--o$-h@{2L74!r}o{Nrs1I7wx8S z;dvYYMQGnFY*-={IiW*J?!4c5Bl0>U%~59L(A?lV$d8^^QPYf4tqkZnl!dyGx&#ZnKHCvxoXTrD}UqlJ4I zHyQ)w-pY;={^f$Xvu2Af)>}sf_@)ZNK{-|+L)o#`_TS*xBF&-lx%J&pX4eG;?J%^Y17uKjEmjkZUyE94gub?{^xTTh51A-$$6|@^F6;e9s{u% z>!drsEm8sY4pb)?&cPsdENNRCc==cp2Nh+)@L!9iF&j3tWcqLObL>1Q_HpPmiAzMq zyHdry)0^isiM2l!L%AQS^L?c=bs#_$M7J9jL>Qn8Qx48>@_m<6Wtr%W9XRMuflSRo z>1ujq#Zx2#?m(#L*w*>Upg8V<2%@h;eKFv|=agU7(vmN2k+*IQ3mC}%0zp?y?N9De z#{*^IO5Ri#273N0y8VxM;FJqV7NVFVd#1{SZub$KfF3iDlF7RyZ8(F(Ea{Kt z3nUOH$W;C+qLSsrF)nJT$%>r4t*2hDkX!jOF2bNG^|dv3biIGK8DrNOonXfxpbveY z&_Otb|7H{j!R^(%o$ugDYGn_qJKXU`P3 z?~3PvGphS3Vc-(XeK!1^3YFWy`@*8_=E}eD#ta`QZ?rqlt$i~Jjj$9SKNu%)LhJrG zdgb=RBhz%!E7^B}P*FwK9if9ySDebIr^_W1^ z(*hhc`&Ozoc()fEj!(xNoa)(iqH-ind9P8XZ_J|s1wYg~5%f@>Uzcx<6 z3|3dVG6SJ_bi}Mdy+)OlINk(KTn=6+X0yKFWi={Q(iP`e1PiTm0Dsup*2^99D%!|vtDVA%7$+pQeFb! zV4G0cEAO(U8>+s(03)6XHm`lq#Rb;kSC4+$MX}SN{-e%;JS6Q|bXBKAc25gC)*yDO zxUP)FfV6bP?A z#mQZzwW%9tWl(j(MC?Ymtj@wuXri{6*%g9ZT5qhdv3uWiDv%?!&25+*Gz5_*OF*tb zTJ+sXf|`jt6oaBh$|Bpd@`l8*Z$PEsOGE-cV8z=4ySne)Iy;_kD$gC=*4X}-FR{8d zzP~rVgBMDid(4ahjeim1YlR1OkA)Fr~;d(Lkh<|b4m$frl_&+sqXirt=L1M z97z~|&&YMkYU)3YhDI&qI_Vm$LjBeB@bOe>>Y`^^9wrrmoN$yvl1UxZ&1af?s4W?; z-AHv3dOmdRtI?n>z~xwI)ByNS5e@(Djca(@fuv)KYSz15&b$8fP6oTI1*&hq&1c|p zLU+5x$s#_#?*3wO_0+Zf#*ltx-LdS0*Czsd+3#HNeR75hQ7!cCJ@5n4j(nulm?z%S7owu+GZ&;lFlU_`y1{L)tydrCu@NVfy`H z6a6Fu<%#;R1V`coT~M@eqQJa+9@Bi=%O48QR&C<=UGpFaB;j4i>N9AyUDt|D{~f~T z0{GYW9U|-VZoWHodubD9Ss2C!XjgSN2BHw@Uls3-YW!3oPps989HVw>4yGxd&|%O> z9oMSToH^YQe^b~k9BTFT8wu-nKt*ZYAI~Yvw4L`GH>P6|{JW^}y8*cKKL*3NTwMoE zUO^=HQ&}tWb3FSUjNWe2xJ%zFFA#aJZbd%5orG=PUke5HQMug0Q>v*x|n8xsAJi}#1C_Fbxy z$=I-tTf~V|ex-I4he?v8$sv4Gus&C4NUp7#F$P=U_?J8QyPG;g@#xw*Lfk&$f>r01 zH4;<~7J~`8cz81P5%<9?Ato7ISZF2@R<^b6b&5_BPssA9x&T8aH63O9H_)k4?j0-^ zb!BeOX?aRSU)h+jZ8}8Jgys@7OrSAqnj}xj4jplVR7;cEl_Z`@Q+)p@k$Ru@Y5U&b zcdzHy`^FpLw39M%kb%L+-~Dsm{gTC$4Ta})iXq1tWzob6sc?Dj5q?9OAtpiL-ejTj z^}1(LL`z|=I{=p&UOZ^d62TeHg*k7uTz`PrR%RtlB&;if?_}b}X}_z$PMD!qm&cjW z`G(AZx@bCrPc~DHh)P!Zt3jasf(p&phkn~#p(YkX3ja0iAuHBxg^f`6(N)6@@`VG> z;EbK@c}pAi>X=Ti^x-!gM<|^v2YQ)8RXU|c1_&s0_(ke94?TdU4@!7Tc6ax3 zc_8|>?J`ZSm3~Jz7u?F$cTD2=YnzLOrai(`fP(2)P+I*Hu3ffNcNRPynz@8Lxcu7y z6+fT|fECLvrc9CX_6cSDg)0$Ps#>CwWfEpMETG?_`y2^x>?K()(Fi!O0Pc zW|?;=2TY0zwOq!M8`-bW6QRbxUT+w~9$H>v`nzW#wT1oQcNZbRs9k$8<1fq|htUz` zwKlPpWBoJbc=IzsL2{XhHR^BGg$=1m)t^@Noz(C2LuMjL)dZjEAC6Oahylp>#S&e} z)V(hk_ZNbL!+K3TAn}~vT5EW3zv4U)xSGQzuK`^xde1*XOJG6j3h8419EE$8%IQC) z5u>P=CnuSbC}s2KC0xBHkaiQ~)-PIlW>wPd83f76o_|{Q>J^q}oqZ`6Aq3{8oidBw zU|cLideRiKROYh0-N@c&e3c35YzN_?23NM-@-l9;3Km#QMUzp;?`EriI{zXh>xeI- zodv>5oH&2})wwW)!5S{s`)0-K8;>b-xaSzJd5mV|;UnhxRH@!$v+m)@?E8E=K?