5 \___|\___/|_| \_\_____|
9 Version 7.50.2 (7 Sep 2016)
11 Daniel Stenberg (7 Sep 2016)
12 - RELEASE-NOTES: curl 7.50.2 release
14 - THANKS: updated for 7.50.2
16 Jay Satiro (6 Sep 2016)
17 - [Gaurav Malhotra brought this change]
19 openssl: fix CURLINFO_SSL_VERIFYRESULT
21 CURLINFO_SSL_VERIFYRESULT does not get the certificate verification
22 result when SSL_connect fails because of a certificate verification
25 This fix saves the result of SSL_get_verify_result so that it is
26 returned by CURLINFO_SSL_VERIFYRESULT.
28 Closes https://github.com/curl/curl/pull/995
30 Daniel Stenberg (6 Sep 2016)
31 - [Daniel Gustafsson brought this change]
33 darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)
35 While noErr and errSecSuccess are defined as the same value, the API
36 documentation states that SecPKCS12Import() returns errSecSuccess if
37 there were no errors in importing. Ensure that a future change of the
38 defined value doesn't break (however unlikely) and be consistent with
41 - [Daniel Gustafsson brought this change]
43 docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994)
45 - [Marcel Raad brought this change]
47 openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L
49 With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup
50 functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The
51 replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and
52 OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is
53 now called OpenSSL_version_num().
55 [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
56 [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
60 - RELEASE-NOTES: synced with 3d4c0c8b9bc1d
62 - http2: return EOF when done uploading without known size
66 - http2: skip the content-length parsing, detect unknown size
68 - http2: minor white space edit
70 - http2: use named define instead of magic constant in read callback
72 - [Craig Davison brought this change]
74 configure: make the cpp -P detection not clobber CPPFLAGS
76 CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF.
80 - [Olivier Brunel brought this change]
82 speed caps: not based on average speeds anymore
84 Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
85 CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
86 with the cumulative average speed of the entire transfer; While this
87 might work at times with good/constant connections, in other cases it
88 can result to the limits simply being "ignored" for more than "short
89 bursts" (as told in man page).
91 Consider a download that goes on much slower than the limit for some
92 time (because bandwidth is used elsewhere, server is slow, whatever the
93 reason), then once things get better, curl would simply ignore the limit
94 up until the average speed (since the beginning of the transfer) reached
95 the limit. This could prove the limit useless to effectively avoid
96 using the entire bandwidth (at least for quite some time).
98 So instead, we now use a "moving starting point" as reference, and every
99 time at least as much as the limit as been transferred, we can reset
100 this starting point to the current position. This gets a good limiting
101 effect that applies to the "current speed" with instant reactivity (in
102 case of sudden speed burst).
106 - HISTORY.md: the multi socket was put in the wrong year!
108 - [Mark Hamilton brought this change]
110 tool_helpers.c: fix comment typo (#989)
112 - [Mark Hamilton brought this change]
114 libtest/test.h: fix typo (#988)
116 - CURLMOPT_PIPELINING.3: language
118 - CURLMOPT_PIPELINING.3: extended and clarified
120 Especially in regards to the multiplexing part.
122 Steve Holme (31 Aug 2016)
123 - curl_sspi.c: Updated function description comments
125 * Added description to Curl_sspi_free_identity()
126 * Added parameter and return explanations to Curl_sspi_global_init()
127 * Added parameter explaination to Curl_sspi_global_cleanup()
129 - README: Corrected the supported Visual Studio versions
131 Missed from commit 8356022d17.
133 - KNOWN_BUGS: Move the Visual Studio project shortcomings from local README
135 - KNOWN_BUGS: Expand 6.4 to include Kerberos V5
137 ...and discuss a possible solution.
139 Daniel Stenberg (30 Aug 2016)
140 - connect: fix #ifdefs for debug versions of conn/streamclose() macros
142 CURLDEBUG is for the memory debugging
144 DEBUGBUILD is for the extra debug stuff
146 Pointed-out-by: Steve Holme
148 - KNOWN_BUGS: mention some cmake "support gaps"
150 Nick Zitzmann (28 Aug 2016)
151 - darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only
153 In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
155 Daniel Stenberg (28 Aug 2016)
156 - http2: return CURLE_HTTP2_STREAM for unexpected stream close
158 Follow-up to c3e906e9cd0f, seems like a more appropriate error code
160 Suggested-by: Jay Satiro
162 - [Tatsuhiro Tsujikawa brought this change]
164 http2: handle closed streams when uploading
168 - http2: make sure stream errors don't needlessly close the connection
170 With HTTP/2 each transfer is made in an indivial logical stream over the
171 connection, making most previous errors that caused the connection to get
172 forced-closed now instead just kill the stream and not the connection.
176 - Curl_verify_windows_version: minor edit to avoid compiler warnings
178 ... instead of if() before the switch(), add a default to the switch so
179 that the compilers don't warn on "warning: enumeration value
180 'PLATFORM_DONT_CARE' not handled in switch" anymore.
182 Steve Holme (27 Aug 2016)
183 - RELEASE-NOTES: Added missing fix from commit 15592143f
185 Jay Satiro (26 Aug 2016)
186 - schannel: Disable ALPN for Wine since it is causing problems
188 - Disable ALPN on Wine.
190 - Don't pass input secbuffer when ALPN is disabled.
192 When ALPN support was added a change was made to pass an input secbuffer
193 to initialize the context. When ALPN is enabled the buffer contains the
194 ALPN information, and when it's disabled the buffer is empty. In either
195 case this input buffer caused problems with Wine and connections would
198 Bug: https://github.com/curl/curl/issues/983
199 Reported-by: Christian Fillion
201 Kamil Dudka (26 Aug 2016)
202 - [Peter Wang brought this change]
204 nss: work around race condition in PK11_FindSlotByName()
206 Serialise the call to PK11_FindSlotByName() to avoid spurious errors in
207 a multi-threaded environment. The underlying cause is a race condition
208 in nssSlot_IsTokenPresent().
210 Bug: https://bugzilla.mozilla.org/1297397
214 - nss: refuse previously loaded certificate from file
216 ... when we are not asked to use a certificate from file
218 Daniel Stenberg (26 Aug 2016)
219 - ftp_done: remove dead code
221 - TLS: random file/egd doesn't have to match for conn reuse
223 - test161: add comment for the exit code
225 Dan Fandrich (26 Aug 2016)
226 - test219: Add http as a required feature
228 Daniel Stenberg (25 Aug 2016)
229 - [Michael Kaufmann brought this change]
231 HTTP: stop parsing headers when switching to unknown protocols
233 - unknown protocols probably won't send more headers (e.g. WebSocket)
234 - improved comments and moved them to the correct case statements
238 - openssl: make build with 1.1.0 again
240 synced with OpenSSL git master commit cc06906707
242 - INTERNALS: fix title
244 - configure: detect zlib with our pkg-config macros
246 ... instead of relying on the pkg-config autoconf macros to be present.
248 Fixes #972 (again...)
250 Jay Satiro (25 Aug 2016)
251 - http2: Remove incorrect comments
253 .. also remove same from scp
255 Daniel Stenberg (23 Aug 2016)
256 - [Ales Novak brought this change]
258 ftp: fix wrong poll on the secondary socket
260 When we're uploading using FTP and the server issues a tiny pause
261 between opening the connection to the client's secondary socket, the
262 client's initial poll() times out, which leads to second poll() which
263 does not wait for POLLIN on the secondary socket. So that poll() also
264 has to time out, creating a long (200ms) pause.
266 This patch adds the correct flag to the secondary socket, making the
267 second poll() correctly wait for the connection there too.
269 Signed-off-by: Ales Novak <alnovak@suse.cz>
273 - RELEASE-NOTES: synced with 95ded2c56
275 - configure: make it work without PKG_CHECK_MODULES
277 With commit c2f9b78 we added a new dependency on pkg-config for
278 developers which may be unwanted. This change make the configure script
279 still work as before if pkg-config isn't installed, it'll just use the
280 old zlib detection logic without pkg-config.
282 Reported-by: Marc Hörsken
286 Marc Hoersken (21 Aug 2016)
287 - Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6"
289 This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554.
291 As discussed in #835 SOCKS5 supports IPv6 proxies and destinations.
293 Daniel Stenberg (21 Aug 2016)
294 - [Marco Deckel brought this change]
296 win: Basic support for Universal Windows Platform apps
300 Steve Holme (21 Aug 2016)
301 - sasl: Don't use GSSAPI authentication when domain name not specified
303 Only choose the GSSAPI authentication mechanism when the user name
304 contains a Windows domain name or the user is a valid UPN.
308 - vauth: Added check for supported SSPI based authentication mechanisms
310 Completing commit 00417fd66c and 2708d4259b.
312 - http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check
314 From commit 2708d4259b.
316 Marc Hoersken (20 Aug 2016)
317 - socks.c: display the hostname returned by the SOCKS5 proxy server
319 Instead of displaying the requested hostname the one returned
320 by the SOCKS5 proxy server is used in case of connection error.
321 The requested hostname is displayed earlier in the connection sequence.
323 The upper-value of the port is moved to a temporary variable and
324 replaced with a 0-byte to make sure the hostname is 0-terminated.
326 Steve Holme (20 Aug 2016)
327 - urldata.h: Corrected comment for httpcode which is also populated by SMTP
329 As of 7.25.0 and commit 5430007222.
331 Marc Hoersken (20 Aug 2016)
332 - socks.c: use Curl_printable_address in SOCKS5 connection sequence
334 Replace custom string formatting with Curl_printable_address.
335 Add additional debug and error output in case of failures.
337 - socks.c: align SOCKS4 connection sequence with SOCKS5
339 Calling sscanf is not required since the raw IPv4 address is
340 available and the protocol can be detected using ai_family.
342 Steve Holme (20 Aug 2016)
343 - http.c: Corrected indentation change from commit 2708d4259b
345 Made by Visual Studio's auto-correct feature and missed by me in my own
348 - http: Added calls to Curl_auth_is_<mechansism>_supported()
350 Hooked up the HTTP authentication layer to query the new 'is mechanism
351 supported' functions when deciding what mechanism to use.
353 As per commit 00417fd66c existing functionality is maintained for now.
355 Marc Hoersken (20 Aug 2016)
356 - socks.c: improve verbose output of SOCKS5 connection sequence
358 - configure.ac: add missing quotes to PKG_CHECK_MODULES
360 Steve Holme (20 Aug 2016)
361 - sasl: Added calls to Curl_auth_is_<mechansism>_supported()
363 Hooked up the SASL authentication layer to query the new 'is mechanism
364 supported' functions when deciding what mechanism to use.
366 For now existing functionality is maintained.
368 Daniel Stenberg (19 Aug 2016)
369 - [Miroslav Franc brought this change]
371 spnego_sspi: fix memory leak in case *outlen is zero (#970)
373 - CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex
375 Steve Holme (18 Aug 2016)
376 - vauth: Introduced Curl_auth_is_<mechansism>_supported() functions
378 As Windows SSPI authentication calls fail when a particular mechanism
379 isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
380 and Negotiate to allow both HTTP and SASL authentication the opportunity
381 to query support for a supported mechanism before selecting it.
383 For now each function returns TRUE to maintain compatability with the
384 existing code when called.
386 Daniel Stenberg (18 Aug 2016)
387 - test1144: verify HEAD with body-only response
389 Steve Holme (17 Aug 2016)
390 - RELEASE-PROCEDURE: Added some more future release dates
392 ...and removed some old ones
394 Daniel Stenberg (17 Aug 2016)
395 - [David Woodhouse brought this change]
397 curl: allow "pkcs11:" prefix for client certificates
399 RFC7512 provides a standard method to reference certificates in PKCS#11
400 tokens, by means of a URI starting 'pkcs11:'.
402 We're working on fixing various applications so that whenever they would
403 have been able to use certificates from a file, users can simply insert
404 a PKCS#11 URI instead and expect it to work. This expectation is now a
405 part of the Fedora packaging guidelines, for example.
407 This doesn't work with cURL because of the way that the colon is used
408 to separate the certificate argument from the passphrase. So instead of
410 curl -E 'pkcs11:manufacturer=piv_II;id=%01' …
412 I instead need to invoke cURL with the colon escaped, like this:
414 curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …
416 This is suboptimal because we want *consistency* — the URI should be
417 usable in place of a filename anywhere, without having strange
418 differences for different applications.
420 This patch therefore disables the processing in parse_cert_parameter()
421 when the string starts with 'pkcs11:'. It means you can't pass a
422 passphrase with an unescaped PKCS#11 URI, but there's no need to do so
423 because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
426 Also, if users are already using RFC7512 URIs with the colon escaped as
427 in the above example — even providing a passphrase for cURL to handling
428 instead of using a pin-value attribute, that will continue to work
429 because their string will start 'pkcs11\:' and won't match the check.
431 What *does* break with this patch is the extremely unlikely case that a
432 user has a file which is in the local directory and literally named
433 just "pkcs11", and they have a passphrase on it. If that ever happened,
434 the user would need to refer to it as './pkcs11:<passphrase>' instead.
436 - nss: make the global variables static
438 - openssl: use regular malloc instead of OPENSSL_malloc
440 This allows for better memmory debugging and torture tests.
442 - proxy: fix tests as follow-up to 93b0d907d5
444 This fixes tests that were added after 113f04e664b as the tests would
447 We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix
448 regressions with old and stupid proxies, but we could possibly switch to
449 using it only for CONNECT or only for NTLM in a future if we want to
454 Reported-by: János Fekete
456 - Revert "Proxy-Connection: stop sending this header by default"
458 This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
460 - CURLOPT_PROXY.3: unsupported schemes cause errors now
462 Follow-up to a96319ebb9 (document the new behavior)
464 - tests/README: mention nghttpx for HTTP/2 tests
466 - README.md: add our CII Best Practices badge
468 - proxy: polished the error message for unsupported schemes
470 Follow up to a96319ebb93
472 - test219: verify unsupported scheme for proxies get rejected
474 - proxy: reject attempts to use unsupported proxy schemes
476 I discovered some people have been using "https://example.com" style
477 strings as proxy and it "works" (curl doesn't complain) because curl
478 ignores unknown schemes and then assumes plain HTTP instead.
480 I think this misleads users into believing curl uses HTTPS to proxies
481 when it doesn't. Now curl rejects proxy strings using unsupported
482 schemes instead of just ignoring and defaulting to HTTP.
484 - RELEASE-NOTES: synced with b7ee5316c2fd5b
486 Marc Hoersken (14 Aug 2016)
487 - socks.c: Correctly calculate position of port in response packet
489 Third commit to fix issue #944 regarding SOCKS5 error handling.
491 Reported-by: David Kalnischkies
493 - socks.c: Do not modify and invalidate calculated response length
495 Second commit to fix issue #944 regarding SOCKS5 error handling.
497 Reported-by: David Kalnischkies
499 - socks.c: Move error output after reading the whole response packet
501 First commit to fix issue #944 regarding SOCKS5 error handling.
503 Reported-by: David Kalnischkies
505 Daniel Stenberg (13 Aug 2016)
506 - [Ronnie Mose brought this change]
508 MANUAL: Remove invalid link to LDAP documentation (#962)
510 The server developer.netscape.com does not resolve into any
511 ip address and can be removed.
513 Jay Satiro (13 Aug 2016)
514 - openssl: accept subjectAltName iPAddress if no dNSName match
516 Undo change introduced in d4643d6 which caused iPAddress match to be
517 ignored if dNSName was present but did not match.
519 Also, if iPAddress is present but does not match, and dNSName is not
520 present, fail as no-match. Prior to this change in such a case the CN
521 would be checked for a match.
523 Bug: https://github.com/curl/curl/issues/959
524 Reported-by: wmsch@users.noreply.github.com
526 Daniel Stenberg (12 Aug 2016)
527 - [Dambaev Alexander brought this change]
529 configure.ac: add zlib search with pkg-config
533 - rtsp: ignore whitespace in session id
535 Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at
538 Help-by: Erik Janssen
540 - HTTP: retry failed HEAD requests too
542 Mark's new document about HTTP Retries
543 (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I
544 spotted that we don't retry failed HEAD requests which seems totally
545 inconsistent and I can't see any reason for that separate treatment.
547 So, no separate treatment for HEAD starting now. A HTTP request sent
548 over a reused connection that gets cut off before a single byte is
549 received will be retried on a fresh connection.
551 Made-aware-by: Mark Nottingham
553 - mk-ca-bundle.1: document -m, added in 1.26
555 - RELEASE-NOTES: synced with e577c43bb5
557 - [Erik Janssen brought this change]
559 rtsp: accept any RTSP session id
561 Makes libcurl work in communication with gstreamer-based RTSP
562 servers. The original code validates the session id to be in accordance
563 with the RFC. I think it is better not to do that:
565 - For curl the actual content is a don't care.
567 - The clarity of the RFC is debatable, is $ allowed or only as \$, that
570 - Gstreamer seems to url-encode the session id but % is not allowed by
575 With this patch curl will correctly handle real-life lines like:
576 Session: biTN4Kc.8%2B1w-AF.; timeout=60
578 Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
580 - symbols-in-versions: add CURL_STRICTER
582 Added in 5fce88aa8c12564
584 - [Simon Warta brought this change]
586 winbuild: Allow changing C compiler via environment variable CC (#952)
588 This makes it possible to use specific compilers or a cache.
590 Sample use for clcache:
592 nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no
594 - LICENSE-MIXING.md: switched to markdown
596 - docs-make: have markdown files use .md
598 - curl.h: make CURL_NO_OLDIES define CURL_STRICTER
600 - HISTORY.md: use markdown extension
602 - SSLCERTS.md: renamed to markdown extension
604 - INTERNALS.md: use markdown extension for markdown content
606 - CONTRIBUTE.md: markdown extension
608 - CONTRIBUTE: changed to markdown
610 - CONTRIBUTE: refreshed
612 - TODO: added an SSH section and two SFTP things to do
614 - TODO: remove the 1.22 duplicated item
616 - TODO: move "CURLOPT_MAIL_CLIENT" to SMTP section
618 - TODO: API for URL parsing/splitting
620 - TODO: move QUIC to the HTTP section
622 - [Simon Warta brought this change]
624 winbuild: Free name $(CC) in Makefile (#950)
626 In the old line number 290, CC and CURL_CC had the same value. After
627 that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?).
629 This gets rid of the CC variable entirely. It is a first step to make it
630 possible to manualyl set a CC variable in order to be able to change the
633 - TODO: Use huge HTTP/2 windows
635 - [Simon Warta brought this change]
637 winbuild: Avoid setting redundant CFLAGS to compile commands (#949)
639 $(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this,
640 all arguments in CURL_CFLAGS have been added twice.
642 Jay Satiro (8 Aug 2016)
643 - cmake: Enable win32 threaded resolver by default
645 - Turn on USE_THREADS_WIN32 in Windows if ares isn't on
647 This change is similar to what we already do in the autotools build.
649 - cmake: Enable win32 large file support by default
651 All compilers used by cmake in Windows should support large files.
653 - Add test SIZEOF_OFF_T
654 - Remove outdated test SIZEOF_CURL_OFF_T
655 - Turn on USE_WIN32_LARGE_FILES in Windows
656 - Check for 'Largefile' during the features output
658 Daniel Stenberg (7 Aug 2016)
659 - TODO: added several ideas, removed SPDY
661 - http2: always wait for readable socket
663 Since the server can at any time send a HTTP/2 frame to us, we need to
664 wait for the socket to be readable during all transfers so that we can
665 act on incoming frames even when uploading etc.
667 Reminded-by: Tatsuhiro Tsujikawa
669 - RELEASE-NOTES: synced with 7b4bf37a44791
671 - [Thomas Glanzmann brought this change]
673 mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is defined
675 In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal
676 to 0. This patch also adds a comment how mbedtls must be compiled in
677 order to make debugging work, and explains the possible debug levels.
679 - CURLOPT_TCP_NODELAY: now enabled by default
681 After a few wasted hours hunting down the reason for slowness during a
682 TLS handshake that turned out to be because of TCP_NODELAY not being
683 set, I think we have enough motivation to toggle the default for this
684 option. We now enable TCP_NODELAY by default and allow applications to
687 This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
690 Thanks-to: Tim Rühsen
691 Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
693 - [Serj Kalichev brought this change]
695 TFTP: Fix upload problem with piped input
697 When input stream for curl is stdin and input stream is not a file but
698 generated by a script then curl can truncate data transfer to arbitrary
699 size since a partial packet is treated as end of transfer by TFTP.
703 - mk-ca-bundle.pl: -m keeps ca cert meta data in output
705 Makes the script pass on comments holding meta data to the output
706 file. Like fingerprinters, issuer, date ranges etc.
710 - multi: make Curl_expire() work with 0 ms timeouts
712 Previously, passing a timeout of zero to Curl_expire() was a magic code
713 for clearing all timeouts for the handle. That is now instead made with
714 the new Curl_expire_clear() function and thus a 0 timeout is fine to set
715 and will trigger a timeout ASAP.
717 This will help removing short delays, in particular notable when doing
720 - transfer: return without select when the read loop reached maxcount
722 Regression added in 790d6de48515. The was then added to avoid one
723 particular transfer to starve out others. But when aborting due to
724 reading the maxcount, the connection must be marked to be read from
725 again without first doing a select as for some protocols (like SFTP/SCP)
726 the data may already have been read off the socket.
728 Reported-by: Dan Donahue
729 Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html
731 Steve Holme (3 Aug 2016)
732 - [Bill Nagel brought this change]
734 mbedtls: Added support for NTLM
736 Daniel Stenberg (3 Aug 2016)
737 - [Sergei Nikulov brought this change]
739 travis: removed option to rebuild autotool from source
743 - bump: start working toward 7.50.2
745 Version 7.50.1 (3 Aug 2016)
747 Daniel Stenberg (3 Aug 2016)
748 - THANKS: 7 new contributors from the 7.50.1 release
750 - RELEASE-NOTES: 7.50.1
752 - TLS: only reuse connections with the same client cert
755 Bug: https://curl.haxx.se/docs/adv_20160803B.html
757 - TLS: switch off SSL session id when client cert is used
760 Bug: https://curl.haxx.se/docs/adv_20160803A.html
762 Contributions-by: Eric Rescorla and Ray Satiro
764 - curl_multi_cleanup: clear connection pointer for easy handles
767 Bug: https://curl.haxx.se/docs/adv_20160803C.html
768 Reported-by: Marcelo Echeverria and Fernando Muñoz
770 - KNOWN_BUGS: SOCKS proxy not working via IPv6
774 - KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
778 - KNOWN_BUGS: transfer-encoding: chunked in HTTP/2
782 - TODO: Provide cmake config-file
786 Patrick Monnerat (2 Aug 2016)
787 - os400: define BUILDING_LIBCURL in make script.
789 Daniel Stenberg (1 Aug 2016)
790 - RELEASE-NOTES: synced with aa9f536a18b
792 Jay Satiro (1 Aug 2016)
793 - [Thomas Glanzmann brought this change]
795 mbedtls: Fix debug function name
797 This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
800 Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html
802 Daniel Stenberg (1 Aug 2016)
803 - [Sergei Nikulov brought this change]
805 travis: fix OSX build by re-installing libtool
807 Apparently due to a broken homebrew install
812 - [Martin Vejnár brought this change]
814 win32: fix a potential memory leak in Curl_load_library
816 If a call to GetSystemDirectory fails, the `path` pointer that was
817 previously allocated would be leaked. This makes sure that `path` is
822 - include: revert 9adf3c4 and make public types void * again
824 Many applications assume the actual contents of the public types and use
825 that do for example forward declarations (saving them from including our
826 public header) which then breaks when we switch from void * to a struct
829 I'm not convinced we were wrong, but since this practise seems
830 widespread enough I'm willing to (partly) step down.
832 Now libcurl uses the struct itself when it is built and it allows
833 applications to use the struct type if CURL_STRICTER is defined at the
834 time of the #include.
836 Reported-by: Peter Frühberger
839 Jay Satiro (28 Jul 2016)
840 - [Yonggang Luo brought this change]
842 cmake: Fix for schannel support
844 The check_library_exists_concat do not check crypt32 library properly.
845 So include it directly.
847 Bug: https://github.com/curl/curl/pull/917
848 Reported-by: Yonggang Luo
850 Bug: https://github.com/curl/curl/issues/935
851 Reported-by: Alain Danteny
853 - Revert "travis: Install libtool for OS X builds"
857 This reverts commit 50723585ed380744358de054e2a55dccee65dfd7.
859 - travis: Install libtool for OS X builds
861 CI is failing due to missing libtoolize, so I'm trying this.
863 Daniel Stenberg (26 Jul 2016)
864 - [Viktor Szakats brought this change]
866 TODO: minor typo in last commit
870 - TODO: Timeout idle connections from the pool
872 Patrick Monnerat (25 Jul 2016)
873 - os400: minimum supported OS version: V6R1M0.
874 Do not log compilation informational messages.
876 Jay Satiro (24 Jul 2016)
877 - tests: Fix for http/2 feature
879 Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
880 Reported-by: Paul Howarth
882 Steve Holme (23 Jul 2016)
883 - README: Mention wolfSSL in the 'Dependencies' section
885 - vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO
887 As SPNEGO is only defined when these pre-processor variables are defined
888 there is no need to query them explicitly.
890 - spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
892 Typo introduced in commit ad5e9bfd5d.
894 Daniel Stenberg (22 Jul 2016)
895 - SECURITY: mention how to get windows-specific CVEs
897 ... and make the distros link a proper link
899 Dan Fandrich (21 Jul 2016)
900 - test558: fix test by stripping file paths from FD lines
902 Kamil Dudka (21 Jul 2016)
903 - tests: distribute the http2-server.pl script, too
905 - docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too
907 Daniel Stenberg (21 Jul 2016)
908 - bump: start working on 7.50.1
910 Version 7.50.0 (21 Jul 2016)
912 Daniel Stenberg (21 Jul 2016)
913 - RELEASE-NOTES: version 7.50.0 ready
915 - THANKS: 13 new contributors from the 7.50.0 release
917 Jay Satiro (21 Jul 2016)
918 - winbuild: fix embedded manifest option
920 Embedded manifest option didn't work due to typo.
922 Reported-by: Stefan Kanthak
924 - vauth: Fix memleak by freeing credentials if out of memory
926 This is a follow up to the parent commit dcdd4be which fixes one leak
927 but creates another by failing to free the credentials handle if out of
928 memory. Also there's a second location a few lines down where we fail to
929 do same. This commit fixes both of those issues.
931 Daniel Stenberg (20 Jul 2016)
932 - [Saurav Babu brought this change]
934 vauth: Fixed memory leak due to function returning without free
936 This patch allocates memory to "output_token" only when it is required
937 so that memory is not leaked if function returns.
939 - test558: updated after ipv6-check move
941 Follow-up commit to c50980807c5 to make this test pass.
943 Jay Satiro (20 Jul 2016)
944 - connect: disable TFO on Linux when using SSL
946 - Linux TFO + TLS is not implemented yet.
948 Bug: https://github.com/curl/curl/issues/907
950 Daniel Stenberg (19 Jul 2016)
951 - ROADMAP: QUIC and TLS 1.3
953 - RELEASE-NOTES: synced with c50980807c5
955 Jay Satiro (18 Jul 2016)
956 - [Brian Prodoehl brought this change]
958 curl_global_init: Check if IPv6 works
960 - Curl_ipv6works() is not thread-safe until after the first call, so
961 call it once during global init to avoid a possible race condition.
963 Bug: https://github.com/curl/curl/issues/915
964 PR: https://github.com/curl/curl/pull/918
966 - [Timothy Polich brought this change]
968 CURLMOPT_SOCKETFUNCTION.3: fix typo
970 Closes https://github.com/curl/curl/pull/914
972 - [Miroslav Franc brought this change]
974 library: Fix memory leaks found during static analysis
976 Closes https://github.com/curl/curl/pull/913
978 - [Viktor Szakats brought this change]
980 cookie.c: Fix misleading indentation
982 Closes https://github.com/curl/curl/pull/911
984 - FAQ: Update FTP directory listing section for MLSD command
986 Explain how some FTP servers support the machine readable listing
987 format MLSD from RFC 3659 and compare it to LIST.
989 Ref: https://github.com/curl/curl/issues/906
991 Daniel Stenberg (1 Jul 2016)
992 - [Sergei Nikulov brought this change]
994 Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING
998 - TODO: 17.4 also brings more HTTP/2 support
1000 - TODO: try next proxy if one doesn't work
1004 - conn: don't free easy handle data in handler->disconnect
1006 Reported-by: Gou Lingfeng
1007 Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html
1009 - test1244: test different proxy ports same URL
1011 - curl_global_init.3: improved formatting of the flags
1013 - curl_global_init.3: expand on the SSL and WIN32 bits purpose
1015 Reported-by: Richard Gray
1016 Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html
1018 - [Michael Kaufmann brought this change]
1020 cleanup: minor code cleanup in Curl_http_readwrite_headers()
1022 - the expression of an 'if' was always true
1023 - a 'while' contained a condition that was always true
1024 - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
1029 - SFTP: set a generic error when no SFTP one exists...
1031 ... as otherwise we could get a 0 which would count as no error and we'd
1032 wrongly continue and could end up segfaulting.
1034 Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html
1037 - ROADMAP: http2 tests are merged, mention http2 perf
1039 - docs/README.md: to render nicer pages on github
1041 ... as previously the README.cmake would be picked and put at the bottom
1042 of the docs page there and it wasn't very representative!
1044 - README.md: change host name for the svg logo
1046 rawgit.com asks to use the domain cdn.rawgit.com for production
1050 - [Viktor Szakats brought this change]
1052 README.md: use the SVG logo
1054 - README.md: logo on top!
1056 - KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some
1060 - RELEASE-NOTES: synced with d61c80515aa8
1062 - [Michael Osipov brought this change]
1064 acinclude.m4: improve autodetection of CA bundle on FreeBSD
1066 The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
1067 to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
1070 This change also removes the former FreeBSD path that has been obsolete
1071 for 8 years since this FreeBSD ports commit:
1072 https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953
1076 - configure: don't specify .lib for libs on windows
1078 Another follow up for crypt32.lib linking with winssl
1080 - configure: fix winssl LIBS change typo
1082 follow-up from 120bf29e
1084 - TODO: "TCP Fast Open" is done, add monitor pool connections
1086 - configure: add crypt32.lib for winssl builds
1088 Necessary since 6cabd78531f
1090 - Makefile.vc: link with crypt32.lib for winssl builds
1092 Necessary since 6cabd78531f
1096 - [Joel Depooter brought this change]
1098 VC: Add crypt32.lib to Visual Sudio project template files
1102 - vc: fix the build for schannel certinfo support
1104 Broken since 6cabd785, which adds use of the Curl_extract_certinfo
1105 function from the x509asn1.c file.
1107 - typedefs: use the full structs in internal code...
1109 ... and save the typedef'ed names for headers and external APIs.
1111 - internals: rename the SessionHandle struct to Curl_easy
1113 - headers: forward declare CURL, CURLM and CURLSH as structs
1115 Instead of typedef'ing to void, typedef to their corresponding actual
1116 struct names to allow compilers to type-check.
1118 Assisted-by: Reinhard Max
1120 Jay Satiro (22 Jun 2016)
1121 - vtls: Only call add/getsession if session id is enabled
1123 Prior to this change we called Curl_ssl_getsessionid and
1124 Curl_ssl_addsessionid regardless of whether session ID reusing was
1125 enabled. According to comments that is in case session ID reuse was
1126 disabled but then later enabled.
1128 The old way was not intuitive and probably not something users expected.
1129 When a user disables session ID caching I'd guess they don't expect the
1130 session ID to be cached anyway in case the caching is later enabled.
1132 Daniel Stenberg (22 Jun 2016)
1133 - curl.1: the used progress meter suffix is k in lower case
1137 - [Sergei Nikulov brought this change]
1139 cmake: now using BUILD_TESTING=ON/OFF
1141 CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build
1142 tests and enabling CTest integration. Options BUILD_CURL_TESTS and
1143 BUILD_DASHBOARD_REPORTS was removed.
1147 Reviewed-by: Brad King
1149 - [Michael Kaufmann brought this change]
1151 cleanup: fix method names in code comments
1155 Kamil Dudka (21 Jun 2016)
1156 - curl-compilers.m4: improve detection of GCC's -fvisibility= flag
1158 Some builds of GCC produce output on both stdout and stderr when --help
1159 --verbose is used. The 2>&1 redirection caused them to be arbitrarily
1160 interleaved with each other because of stream buffering. Consequently,
1161 grep failed to match the fvisibility= string in the mixed output, even
1162 though the string was present in GCC's standard output.
1164 This led to silently disabling symbol hiding in some builds of curl.
1166 Daniel Stenberg (19 Jun 2016)
1167 - tests: fix the HTTP/2 tests
1169 The HTTP/2 tests brought with commit bf05606ef1f were using the internal
1170 name 'http2' for the HTTP/2 server, while in fact that name was already
1171 used for the second instance of the HTTP server. This made tests using
1172 the second instance (like test 2050) fail after a HTTP/2 test had run.
1174 The server is now known as HTTP/2 internally and within the <server>
1175 section in test cases. 1700, 1701 and 1702 were updated accordingly.
1177 - openssl: use more 'const' to fix build warnings with 1.1.0 branch
1179 - curl.1: missed 'T' in the progress unit suffixes
1181 - curl.1: mention the unix for the progress meter
1183 Patrick Monnerat (16 Jun 2016)
1184 - os400: add new definitions to ILE/RPG binding.
1186 Daniel Stenberg (16 Jun 2016)
1187 - openssl: fix cert check with non-DNS name fields present
1189 Regression introduced in 5f5b62635 (released in 7.48.0)
1191 Reported-by: Fabian Ruff
1194 Dan Fandrich (16 Jun 2016)
1195 - axtls: Use Curl_wait_ms instead of the less-portable usleep
1197 - axtls: Fixed compile after compile 31c521b0
1199 - tests: Added HTTP proxy keywords to tests 1141 & 1142
1201 Jay Satiro (15 Jun 2016)
1202 - [Sergei Nikulov brought this change]
1204 cmake: Fix build with winldap
1206 Bug: https://github.com/curl/curl/pull/874
1207 Reported-by: Sergei Nikulov
1209 - CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
1211 When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
1212 zero-byte POST. Prior to this change it was documented as sending data
1213 from the read callback.
1215 This also changes the wording of what happens when empty or NULL so that
1216 it's hopefully easier to understand for people whose primary language
1219 Bug: https://github.com/curl/curl/issues/862
1220 Reported-by: Askar Safin
1222 - [Michael Wallner brought this change]
1224 curl_multi_socket_action.3: Fix rewording
1226 - Remove some erroneous text.
1228 Closes https://github.com/curl/curl/pull/865
1230 - [Luo Jinghua brought this change]
1232 resolve: enable protocol family logic for synthesized IPv6
1234 - Enable protocol family logic for IPv6 resolves even when support
1235 for synthesized addresses is enabled.
1237 This is a follow up to the parent commit that added support for
1238 synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
1239 logic needed for IPv6 was inadvertently excluded if support for
1240 synthesized addresses was enabled.
1242 Bug: https://github.com/curl/curl/issues/863
1243 Ref: https://github.com/curl/curl/pull/866
1244 Ref: https://github.com/curl/curl/pull/867
1246 Daniel Stenberg (7 Jun 2016)
1247 - [Luo Jinghua brought this change]
1249 resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
1251 Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
1252 If the current network interface doesn’t support IPv4, but supports
1253 IPv6, NAT64, and DNS64.
1258 - tests: two more HTTP/2 tests
1262 - runtests: don't display logs when http2 server fails to start
1264 - runtests: make stripfile work on stdout as well
1266 ... and have test 1700 use that to strip out the nghttpx server: headers
1268 - http2-tests: test1700 is the first real HTTP/2 test
1270 It requires that 'nghttpx' is in the PATH, and it will run the tests
1271 using nghttpx as a front-end proxy in front of the standard HTTP/1 test
1272 server. This uses HTTP/2 over plain TCP.
1274 If you like me have nghttpx installed in a custom path, you can run test 1700
1277 $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700
1279 - RELEASE-NOTES: synced with 34855feeb4c299
1281 Steve Holme (6 Jun 2016)
1282 - schannel: Disable ALPN on Windows < 8.1
1284 Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
1285 fails on Windows < 8.1 so we need to disable ALPN on these OS versions.
1287 Inspiration provide by: Daniel Seither
1292 Jay Satiro (5 Jun 2016)
1293 - checksrc: Add LoadLibrary to the banned functions list
1295 LoadLibrary was supplanted by Curl_load_library for security
1298 - http: Fix HTTP/2 connection reuse
1300 - Change the parser to not require a minor version for HTTP/2.
1302 HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
1303 in 8243a95 because the parser still expected a minor version.
1305 Bug: https://github.com/curl/curl/issues/855
1306 Reported-by: Andrew Robbins, Frank Gevaerts
1308 Steve Holme (4 Jun 2016)
1309 - connect.c: Fixed compilation warning from commit 332e8d6164
1311 connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
1313 - win32: Used centralised verify windows version function
1317 - win32: Added verify windows version functionality
1319 - win32: Introduced centralised verify windows version function
1321 Kamil Dudka (3 Jun 2016)
1322 - tool_urlglob: fix off-by-one error in glob_parse()
1324 ... causing SIGSEGV while parsing URL with too many globs.
1327 $ curl $(for i in $(seq 101); do printf '{a}'; done)
1329 Reported-by: Romain Coltel
1330 Bug: https://bugzilla.redhat.com/1340757
1332 Daniel Stenberg (1 Jun 2016)
1333 - [Benjamin Kircher brought this change]
1335 libcurl-multi.3: fix small typo
1339 - [Viktor Szakats brought this change]
1341 makefile.m32: add crypt32 for winssl builds
1343 Dependency added by 6cabd78
1347 - [Ivan Avdeev brought this change]
1349 vtls: fix ssl session cache race condition
1351 Sessionid cache management is inseparable from managing individual
1352 session lifetimes. E.g. for reference-counted sessions (like those in
1353 SChannel and OpenSSL engines) every session addition and removal
1354 should be accompanied with refcount increment and decrement
1355 respectively. Failing to do so synchronously leads to a race condition
1356 that causes symptoms like use-after-free and memory corruption.
1358 - makes existing session cache locking explicit, thus allowing
1359 individual engines to manage lock's scope.
1360 - fixes OpenSSL and SChannel engines by putting refcount management
1361 inside this lock's scope in relevant places.
1362 - adds these explicit locking calls to other engines that use
1363 sessionid cache to accommodate for this change. Note, however,
1364 that it is unknown whether any of these engines could also have
1367 Bug: https://github.com/curl/curl/issues/815
1371 - [Andrew Kurushin brought this change]
1373 schannel: add CURLOPT_CERTINFO support
1377 - RELEASE-NOTES: synced with 142ee9fa15002315
1379 - openssl: rename the private SSL_strerror
1381 ... to make it not look like an OpenSSL function
1383 - [Michael Kaufmann brought this change]
1385 openssl: Use correct buffer sizes for error messages
1389 - curl: fix -q [regression]
1391 This broke in 7.49.0 with commit e200034425a7625
1395 - URL parser: allow URLs to use one, two or three slashes
1397 Mostly in order to support broken web sites that redirect to broken URLs
1398 that are accepted by browsers.
1400 Browsers are typically even more leniant than this as the WHATWG URL
1401 spec they should allow an _infinite_ amount. I tested 8000 slashes with
1402 Firefox and it just worked.
1404 Added test case 1141, 1142 and 1143 to verify the new parser.
1408 - [Renaud Lehoux brought this change]
1410 cmake: Added missing mbedTLS support
1414 - [Renaud Lehoux brought this change]
1416 mbedtls: removed unused variables
1420 - [Frank Gevaerts brought this change]
1422 http: add CURLINFO_HTTP_VERSION and %{http_version}
1424 Adds access to the effectively used http version to both libcurl and
1429 - bump: start the journey toward 7.50.0
1431 - [Marcel Raad brought this change]
1433 openssl: fix build with OPENSSL_NO_COMP
1435 With OPENSSL_NO_COMP defined, there is no function
1436 SSL_COMP_free_compression_methods
1440 - [Gisle Vanem brought this change]
1442 memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
1446 - [Jonathan brought this change]
1452 - RELEASE-NOTES: fix vuln link
1454 Version 7.49.1 (30 May 2016)
1456 Daniel Stenberg (30 May 2016)
1457 - RELEASE-NOTES: 7.49.1
1459 - [Steve Holme brought this change]
1461 loadlibrary: Only load system DLLs from the system directory
1463 Inspiration provided by: Daniel Stenberg and Ray Satiro
1465 Bug: https://curl.haxx.se/docs/adv_20160530.html
1467 Ref: Windows DLL hijacking with curl, CVE-2016-4802
1469 - ssh: fix version number check typo
1471 Jay Satiro (29 May 2016)
1472 - curl_share_setopt.3: Add min ver needed for ssl session lock
1474 Bug: https://github.com/curl/curl/issues/826
1475 Reported-by: Michael Wallner
1477 Daniel Stenberg (29 May 2016)
1478 - ssh: fix build for libssh2 before 1.2.6
1480 The statvfs functionality was added to libssh2 in that version, so we
1481 switch off that functionality when built with older libraries.
1485 - mbedtls: fix includes so snprintf() works
1487 Regression from the previous *printf() rearrangements, this file missed to
1488 include the correct header to make sure snprintf() works universally.
1490 Reported-by: Moti Avrahami
1491 Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
1493 Steve Holme (23 May 2016)
1494 - checksrc.pl: Added variants of strcat() & strncat() to banned function list
1496 Added support for checking the tchar, unicode and mbcs variants of
1497 strcat() and strncat() in the banned function list.
1499 Daniel Stenberg (23 May 2016)
1500 - smtp: minor ident (white space) fixes
1502 - THANKS: updated after script fixes
1504 Now giving credit properly to github user names, fixed some UTF-8 issues
1505 and added names discovered when contrithanks was improved.
1507 - THANKS-filter: more name cleanups
1509 - contrithanks.sh: exclude existing names case insensitively
1511 - contrithanks.sh: use same grep pattern and -a flag as contributors.sh
1513 - contributors.sh: better grep pattern, use grep -a
1515 - THANKS-filter: fix more names
1517 - contrithanks.sh: do the same github fix as contributors.sh
1521 Jay Satiro (23 May 2016)
1522 - contributors: Show GitHub username if real name unknown
1524 Prior to this change if a GitHub contributor's real name was unknown
1525 they would be omitted from the list.
1527 Bug: https://github.com/curl/curl/issues/824
1529 Daniel Stenberg (21 May 2016)
1530 - RELEASE-NOTES: synced with 3caaeffbe8ded4
1532 Jay Satiro (20 May 2016)
1533 - openssl: cleanup must free compression methods
1535 - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
1537 Bug: https://github.com/curl/curl/issues/817
1538 Reported-by: jveazey@users.noreply.github.com
1540 Daniel Stenberg (20 May 2016)
1541 - [Gisle Vanem brought this change]
1543 curl_multibyte: fix compiler error
1545 While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
1548 f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
1549 to follow 'CURL_EXTERN'
1551 f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
1552 'curl_domalloc': not in formal parameter list
1554 - THANKS-filter: make Jan-E get proper credit
1556 - [Jan-E brought this change]
1558 winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
1562 - [Alexander Traud brought this change]
1564 libcurl.m4: Avoid obsolete warning
1568 Jay Satiro (20 May 2016)
1569 - [Michael Kaufmann brought this change]
1571 CURLOPT_CONNECT_TO.3: user must not free the list prematurely
1573 The connect-to list isn't copied so as long as the handle may be used
1574 for a transfer the list must be valid.
1576 Bug: https://github.com/curl/curl/pull/819
1577 Reported-by: Michael Kaufmann
1579 Daniel Stenberg (19 May 2016)
1580 - RELEASE-NOTES: synced with 48114a8634242c
1582 - openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
1584 See OpenSSL commit 21e001747d4a
1586 - http2: use HTTP/2 in the HTTP/1.1-alike header
1588 ... when generating them, not "2.0" as the protocol is called just
1589 HTTP/2 and nothing else.
1591 Jay Satiro (19 May 2016)
1592 - dist: include curl_multi_socket_all.3
1594 Closes https://github.com/curl/curl/pull/816
1596 Steve Holme (18 May 2016)
1597 - bump: Start work on 7.49.1
1599 Daniel Stenberg (18 May 2016)
1600 - curlbuild.h.dist: check __LP64__ as well to fix MIPS build
1602 The preprocessor check that sets up the 32bit defines for non-configure
1603 builds didn't work properly for MIPS systems as __mips__ is defined for
1604 both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.
1606 Reported-by: Tomas Jakobsson
1609 - [Marcel Raad brought this change]
1611 schannel: fix compile break with MSVC XP toolset
1613 For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
1614 7.1 is used. In this case, _USING_V110_SDK71_ is defined.
1618 - dist: include CHECKSRC.md
1620 Reported-by: Paul Howarth
1621 Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
1623 - test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist
1625 Reported-by: Ray Satiro
1626 Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
1628 Version 7.49.0 (17 May 2016)
1630 Daniel Stenberg (17 May 2016)
1631 - THANKS: 24 new names from 7.49.0 release notes
1633 - RELEASE-NOTES: 7.49.0
1635 - mbedtls/polarssl: set "hostname" unconditionally
1637 ...as otherwise the TLS libs will skip the CN/SAN check and just allow
1638 connection to any server. curl previously skipped this function when SNI
1639 wasn't used or when connecting to an IP address specified host.
1643 Bug: https://curl.haxx.se/docs/adv_20160518A.html
1644 Reported-by: Moti Avrahami
1646 - [Frank Gevaerts brought this change]
1648 CURLOPT_RESOLVE.3: fix typo
1652 - docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE
1654 - KNOWN_BUGS: GnuTLS backend skips really long certificate fields
1658 - CURLOPT_HTTPPOST.3: the data needs to be around while in use
1660 - openssl: get_cert_chain: fix NULL dereference
1662 CID 1361815: Explicit null dereferenced (FORWARD_NULL)
1664 - openssl: get_cert_chain: avoid NULL dereference
1666 CID 1361811: Explicit null dereferenced (FORWARD_NULL)
1668 - dprintf_formatf: fix (false?) Coverity warning
1670 CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
1671 we run over 'workend' but the condition says <= workend and for all I
1672 can see it should be safe. Compensating for the warning by adding a byte
1673 margin in the buffer.
1675 Also, removed the extra brace level indentation in the code and made it
1676 so that 'workend' is only assigned once within the function.
1678 - RELEASE-NOTES: synced with 2dcb5adc72d6
1680 - THANKS-filter: fixed Jonathan Cardoso
1682 Jay Satiro (15 May 2016)
1683 - ftp: fix incorrect out-of-memory code in Curl_pretransfer
1685 - Return value type must match function type.
1687 s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/
1691 Daniel Stenberg (15 May 2016)
1692 - ftp wildcard: segfault due to init only in multi_perform
1694 The proper FTP wildcard init is now more properly done in Curl_pretransfer()
1695 and the corresponding cleanup in Curl_close().
1697 The previous place of init/cleanup code made the internal pointer to be NULL
1698 when this feature was used with the multi_socket() API, as it was made within
1699 the curl_multi_perform() function.
1701 Reported-by: Jonathan Cardoso Machado
1704 Jay Satiro (13 May 2016)
1705 - libcurl-tlibcurl-thread: Update OpenSSL links
1707 Because the old OpenSSL link now redirects to their master documentation
1708 (currently 1.1.0), which does not document the required actions for
1711 Daniel Stenberg (13 May 2016)
1712 - [Viktor Szakats brought this change]
1714 darwinssl.c: fix OS X codename typo in comment
1716 - RELEASE-NOTES: synced with 68701e51c1f7
1718 Added 8 bug fixes and 5 more contrbutors
1720 - [Jay Satiro brought this change]
1722 mprintf: Fix processing of width and prec args
1724 Prior to this change a width arg could be erroneously output, and also
1725 width and precision args could not be used together without crashing.
1727 "%0*d%s", 2, 9, "foo"
1732 "%*.*s", 5, 2, "foo"
1737 Test 557 is updated to verify this and more
1739 - [Michael Kaufmann brought this change]
1741 ConnectionExists: follow-up fix for proxy re-use
1743 Follow-up commit to 5823179
1747 - [Per Malmberg brought this change]
1749 darwinssl: fix certificate verification disable on OS X 10.8
1751 The new way of disabling certificate verification doesn't work on
1752 Mountain Lion (OS X 10.8) so we need to use the old way in that version
1753 too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
1758 - [Cory Benfield brought this change]
1760 http2: Add space between colon and header value
1762 curl's representation of HTTP/2 responses involves transforming the
1763 response to a format that is similar to HTTP/1.1. Prior to this change,
1764 curl would do this by separating header names and values with only a
1765 colon, without introducing a space after the colon.
1767 While this is technically a valid way to represent a HTTP/1.1 header
1768 block, it is much more common to see a space following the colon. This
1769 change introduces that space, to ensure that incautious tools are safely
1770 able to parse the header block.
1772 This also ensures that the difference between the HTTP/1.1 and HTTP/2
1773 response layout is as minimal as possible.
1775 Bug: https://github.com/curl/curl/issues/797
1780 Kamil Dudka (12 May 2016)
1781 - openssl: fix compile-time warning in Curl_ossl_check_cxn()
1783 ... introduced in curl-7_48_0-293-g2968c83:
1785 Error: COMPILER_WARNING:
1786 lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
1787 lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
1788 may alter its value [-Wconversion]
1790 Jay Satiro (11 May 2016)
1791 - openssl: stricter connection check function
1793 - In the case of recv error, limit returning 'connection still in place'
1794 to EINPROGRESS, EAGAIN and EWOULDBLOCK.
1796 This is an improvement on the parent commit which changed the openssl
1797 connection check to use recv MSG_PEEK instead of SSL_peek.
1799 Ref: https://github.com/curl/curl/commit/856baf5#comments
1801 Daniel Stenberg (11 May 2016)
1802 - [Anders Bakken brought this change]
1804 TLS: SSL_peek is not a const operation
1806 Calling SSL_peek can cause bytes to be read from the raw socket which in
1807 turn can upset the select machinery that determines whether there's data
1808 available on the socket.
1810 Since Curl_ossl_check_cxn only tries to determine whether the socket is
1811 alive and doesn't actually need to see the bytes SSL_peek seems like
1812 the wrong function to call.
1814 We're able to occasionally reproduce a connect timeout due to this
1815 bug. What happens is that Curl doesn't know to call SSL_connect again
1816 after the peek happens since data is buffered in the SSL buffer and thus
1817 select won't fire for this socket.
1821 Jay Satiro (9 May 2016)
1822 - [Daniel Stenberg brought this change]
1824 TLS: move the ALPN/NPN enable bits to the connection
1826 Only protocols that actually have a protocol registered for ALPN and NPN
1827 should try to get that negotiated in the TLS handshake. That is only
1828 HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
1829 would wrongly be used in all handshakes if libcurl was built with it
1832 Reported-by: Jay Satiro
1836 Daniel Stenberg (8 May 2016)
1837 - libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl
1839 - [Antonio Larrosa brought this change]
1841 connect: fix invalid "Network is unreachable" errors
1843 Sometimes, in systems with both ipv4 and ipv6 addresses but where the
1844 network doesn't support ipv6, Curl_is_connected returns an error
1845 (intermittently) even if the ipv4 socket connects successfully.
1847 This happens because there's a for-loop that iterates on the sockets but
1848 the error variable is not resetted when the ipv4 is checked and is ok.
1850 This patch fixes this problem by setting error to 0 when checking the
1851 second socket and not having a result yet.
1855 Jay Satiro (5 May 2016)
1856 - FAQ: refer to thread safety guidelines
1858 Daniel Stenberg (3 May 2016)
1859 - connections: non-HTTP proxies on different ports aren't reused either
1861 Reported-by: Oleg Pudeyev and fuchaoqun
1865 - http: make sure a blank header overrides accept_decoding
1867 Reported-by: rcanavan
1868 Assisted-by: Isaac Boukris
1871 - CHECKSRC.md: clarified, explained the whitelist file
1873 - nroff-scan.pl: verify that references are made with \fI
1875 - docs: unified man page references to use \fI
1877 - TODO: 17.14 --fail without --location should treat 3xx as a failure
1881 - RELEASE-NOTES: synced with 7987f5cb14d
1883 - [Isaac Boukris brought this change]
1885 CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification
1887 Mention possible content-length mismatch with sum of bytes reported
1888 by write callbacks when auto decoding is enabled.
1892 - test1140: run nroff-scan to verify man pages
1894 - nroff-scan.pl: verify the .BR references as well
1896 - CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference
1898 - CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE
1900 - curl_easy_pause.3: fix man page reference
1902 Jay Satiro (1 May 2016)
1903 - tool_cb_hdr: Fix --remote-header-name with schemeless URL
1905 - Move the existing scheme check from tool_operate.
1907 In the case of --remote-header-name we want to parse Content-disposition
1908 for a filename, but only if the scheme is http or https. A recent
1909 adjustment 0dc4d8e was made to account for schemeless URLs however it's
1910 not 100% accurate. To remedy that I've moved the scheme check to the
1911 header callback, since at that point the library has already determined
1914 Bug: https://github.com/curl/curl/issues/760
1915 Reported-by: Kai Noda
1917 Daniel Stenberg (1 May 2016)
1918 - tls: make setting pinnedkey option fail if not supported
1920 to make it obvious to users trying to use the feature with TLS backends
1924 Reported-by: Travis Burtrum
1926 - nroff-scan.pl: verifies nroff pages
1928 ... not used by any test yet but can be used stand-alone.
1930 - opts: fix broken/bad references
1932 - [Michael Kaufmann brought this change]
1934 docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3
1938 - CURLOPT_ACCEPT_ENCODING.3: clarified
1940 As discussed in #785
1942 - curl.1: --mail-rcpt can be used multiple times
1944 Reported-by: mgendre
1947 - [Karlson2k brought this change]
1949 tests: Use 'pathhelp' for paths conversions in secureserver.pl
1953 - [Karlson2k brought this change]
1955 tests: Use 'pathhelp' for paths conversions in sshserver.pl
1957 - [Karlson2k brought this change]
1959 tests: Use 'pathhelp' for current path in runtests.pl
1961 - [Karlson2k brought this change]
1963 tests: pathhelp.pm to process paths on Msys/Cygwin
1965 - lib: include curl_printf.h as one of the last headers
1967 curl_printf.h defines printf to curl_mprintf, etc. This can cause
1968 problems with external headers which may use
1969 __attribute__((format(printf, ...))) markers etc.
1971 To avoid that they cause problems with system includes, we include
1972 curl_printf.h after any system headers. That makes the three last
1973 headers to always be, and we keep them in this order:
1979 None of them include system headers, they all do funny #defines.
1981 Reported-by: David Benjamin
1985 - memdebug.h: remove inclusion of other headers
1987 Mostly because they're not needed, because memdebug.h is always included
1988 last of all headers so the others already included the correct ones.
1990 But also, starting now we don't want this to accidentally include any
1991 system headers, as the header included _before_ this header may add
1992 defines and other fun stuff that we won't want used in system includes.
1994 - [Jay Satiro brought this change]
1996 curl -J: make it work even without http:// scheme on URL
1998 It does open up a miniscule risk that one of the other protocols that
1999 libcurl could use would send back a Content-Disposition header and then
2000 curl would act on it even if not HTTP.
2002 A future mitigation for this risk would be to allow the callback to ask
2003 libcurl which protocol is being used.
2005 Verified with test 1312
2009 - manpage-scan.pl: also verify the command line option docs
2011 This script now also scans src/tool_getparam.c, docs/curl.1 and
2012 src/tool_help.c and will warn if any of them lists a command line option
2013 not mentioned in one of the other places.
2015 - curl: show the long option version of -q in the -h list
2017 - curl: remove "--socks" as "--socks5" turned 8
2019 In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated
2020 and it has not been documented since. The more explicit socks options
2021 (like --socks4 or --socks5) should be used.
2023 - curl.1: document the deprecated --ftp-ssl option
2025 - curl: remove --http-request
2027 It was mentioned as deprecated already in commit ae1912cb0d4 from
2028 1999. It has not been documented in this millennium.
2030 - curl: mention --ntlm-wb in -h list
2032 - curl: -h output lacked --proxy-header
2034 - curl.1: document --ntlm-wb
2036 - curl.1: document the long format of -q: --disable
2038 - curl.1: mention the deprecated --krb4 option
2040 - curl.1: document --ftp-ssl-reqd
2042 Even if deprecated, document it so that people will find it as old
2043 scripts may still use it.
2045 - curl: use --telnet-option as documented
2047 The code said "telnet-options" but no documentation ever said so. It
2048 worked fine since the code is fine with a unique match of the first
2051 - getparam: remove support for --ftpport
2053 It has been deprecated and undocumented since commit ad5ead8bed7 (Dec
2054 2003). --ftp-port is the proper long option name.
2056 - curl: make --disable work as long form of -q
2058 To make the aliases list reflect reality.
2060 - aliases: remove trailing space from capath string
2062 - cmdline parse: only single letter options have single-letter strings
2064 ... moved around options so that parsing the code to find all
2065 single-letter options easier.
2067 Jay Satiro (28 Apr 2016)
2068 - CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
2070 Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html
2071 Reported-by: Bru Rom
2073 Daniel Stenberg (28 Apr 2016)
2074 - curl_easy_getinfo.3: remove superfluous blank lines
2076 - test1139: verifies libcurl option man page presence
2078 - checks that each option has its own man page present
2080 - checks that each option is mentioned in its corresponding index man
2083 - curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION
2085 ... although it is deprecated.
2087 Jay Satiro (28 Apr 2016)
2088 - mbedtls: Fix session resume
2090 This also fixes PolarSSL session resume.
2092 Prior to this change the TLS session information wasn't properly
2093 saved and restored for PolarSSL and mbedTLS.
2095 Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
2096 Reported-by: Thomas Glanzmann
2098 Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
2099 Reported-by: Moti Avrahami
2101 Daniel Stenberg (27 Apr 2016)
2102 - RELEASE-NOTES: synced with f4298fcc6d2
2104 - [Michael Kaufmann brought this change]
2106 opts: Fix some syntax errors in example code fragments
2110 - openssl: avoid BN_print a NULL bignum
2112 OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
2113 numbers so make sure the function handles this.
2115 Reported-by: Linus Nordberg
2117 - [Marcel Raad brought this change]
2119 CONNECT_ONLY: don't close connection on GSS 401/407 reponses
2121 Previously, connections were closed immediately before the user had a
2122 chance to extract the socket when the proxy required Negotiate
2125 This regression was brought in with the security fix in commit
2130 - CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
2132 - mbedtls.c: silly spellfix of a comment
2134 - KNOWN_BUGS: 1.10 Strips trailing dot from host name
2138 - test1322: verify stripping of trailing dot from host name
2140 While being debated (in #716) and a violation of RFC 7230 section 5.4,
2141 this test verifies that the existing functionality works as intended. It
2142 strips the dot from the host name and uses the host without dot
2143 throughout the internals.
2145 - multi: accidentally used resolved host name instead of proxy
2147 Regression introduced in 09b5a998
2149 Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html
2152 - symbols-in-versions: added new CURLSSLBACKEND_ symbols
2154 - test148: fixed after the --ftp-create-dirs retry change
2156 follow-up commit to 3c1e84f569 as it made curl try a little harder
2158 - curl.h: clarify curl_sslbackend for openssl clones and renames
2160 - [Karlson2k brought this change]
2162 url.c: fixed DEBUGASSERT() for WinSock workaround
2164 If buffer is allocated, but nothing is received during prereceive
2165 stage, than number of processed bytes must be zero.
2169 - KNOWN_BUGS: --interface for ipv6 binds to unusable IP address
2171 Closes #686 for now.
2173 - TODO: 1.17 Add support for IRIs
2175 Adding support for IRIs is a mouthful, but is probably interesting at
2176 least for areas and countries where the use of such "URLs" are growing
2181 - THANKS-filter: Travis Burtrum
2183 - lib1517: checksrc compliance
2185 - [moparisthebest brought this change]
2187 PolarSSL: Implement public key pinning
2189 Patrick Monnerat (22 Apr 2016)
2190 - os400: upgrade ILE/RPG binding
2192 - curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string
2194 Daniel Stenberg (22 Apr 2016)
2195 - contributors.sh: make --releasenotes implied
2197 It got too annoying to type =)
2199 - RELEASE-NOTES: synced with 3c1e84f5693d8093
2201 - curl: make --ftp-create-dirs retry on failure
2203 The underlying libcurl option used for this feature is
2204 CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
2205 creation, but it was never set to do that by the command line tool.
2209 Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
2210 Reported-by: John Wanghui
2213 - [Henrik Gaßmann brought this change]
2215 winbuild: add mbedtls support
2217 Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL
2218 options mutual exclusive.
2222 - KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables"
2224 As of commit d9f3b365a3
2226 - [Irfan Adilovic brought this change]
2228 configure: ac_cv_ -> curl_cv_ for write-only vars
2230 These configure vars are modified in a curl-specific way but never
2231 evaluated or loaded from cache, even though they are designated as
2232 _cv_. We could either implement proper AC_CACHE_CHECKs for them, or
2233 remove them completely.
2235 Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and
2236 AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after
2237 the first configure run with caching.
2239 `ac_cv_func_strcasecmp` is curious, see #770.
2241 `eval "ac_cv_func_$func=yes"` can still cause problems as it works in
2242 tandem with AC_CHECK_FUNCS and then potentially modifies its result. It
2243 would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro,
2244 which works the same as AC_CHECK_FUNCS but relies on caching the values
2245 of curl_cv_func_* variables, without modifiying ac_cv_func_*.
2247 - [Irfan Adilovic brought this change]
2249 configure: ac_cv_ -> curl_cv_ for r/w vars
2251 These configure vars are modified in a curl-specific way and modified by
2252 the configure process, but are never loaded from cache, even though they
2253 are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
2256 - [Irfan Adilovic brought this change]
2258 configure: ac_cv_func_clock_gettime -> curl_...
2260 This variable must not be cached in its current form, as any cached
2261 information will prevent the next configure run from determining the
2262 correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to
2265 - [Irfan Adilovic brought this change]
2267 configure: ac_cv_ -> curl_cv_ for all cached vars
2269 This was automated by:
2271 sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
2272 ack -o 'ac_cv_.*?\b' | \
2273 sort -u | xargs -n1 bash -c \
2274 'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
2277 This only changed the prefix for 16 variables actually checked with
2280 - openssl: builds with OpenSSL 1.1.0-pre5
2282 The RSA, DSA and DH structs are now opaque and require use of new APIs
2286 Steve Holme (20 Apr 2016)
2287 - url.c: Prefer we don't use explicit NULLs in conditions
2289 Fixed commit fa5fa65a30 to not use NULLs in if condition.
2291 Daniel Stenberg (20 Apr 2016)
2292 - [Isaac Boukris brought this change]
2294 NTLM: check for NULL pointer before deferencing
2296 At ConnectionExists, both check->proxyuser and check->proxypasswd
2297 could be NULL, so make sure to check first.
2301 - [Karlson2k brought this change]
2303 tests: added test1517
2305 ... for checking ability to receive full HTTP response when POST request
2306 is used with slow read callback function.
2308 This test checks for bug #657 and verifies the work-around from
2313 - [Karlson2k brought this change]
2315 sendf.c: added ability to call recv() before send() as workaround
2317 WinSock destroys recv() buffer if send() is failed. As result - server
2318 response may be lost if server sent it while curl is still sending
2319 request. This behavior noticeable on HTTP server short replies if
2320 libcurl use several send() for request (usually for POST request).
2321 To workaround this problem, libcurl use recv() before every send() and
2322 keeps received data in intermediate buffer for further processing.
2327 Kamil Dudka (19 Apr 2016)
2328 - connect: make sure that rc is initialized in singleipconnect()
2330 This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13:
2332 Error: CLANG_WARNING:
2333 lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value
2336 1120|-> if(-1 == rc)
2337 1121| error = SOCKERRNO;
2340 Daniel Stenberg (19 Apr 2016)
2341 - make/checksrc: use $srcdir, not $top_srcdir
2343 - src/checksrc.whitelist: removed
2345 - tool_operate: switch to inline checksrc ignore
2347 - lib/checksrc.whitelist: not needed anymore
2349 ... as checksrc now skips comments
2351 - vtls.h: remove a space before semicolon
2353 ... that the new checksrc detected
2355 - darwinssl: removed commented out code
2357 - http_chunks: removed checksrc disable
2359 ... since checksrc now skips comments
2361 - imap: inlined checksrc disable instead of whitelist edit
2363 - checksrc: taught to skip comments
2365 ... but output non-stripped version of the line, even if that then can
2366 make the script identify the wrong position in the line at
2367 times. Showing the line stripped (ie without comments) is just too
2370 - opts/Makefile.am: list all docs file one by one
2372 ... to make it easier to add lines in patches that won't just break all
2373 other patches trying to add lines too.
2375 - curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN
2377 - RELEASE-NOTES: synced with 03de4e4b219
2379 (since we just merged two major features)
2381 - [Alessandro Ghedini brought this change]
2383 connect: implement TCP Fast Open for Linux
2387 - [Alessandro Ghedini brought this change]
2389 tool: add --tcp-fastopen option
2391 - [Alessandro Ghedini brought this change]
2393 connect: implement TCP Fast Open for OS X
2395 - [Alessandro Ghedini brought this change]
2397 url: add CURLOPT_TCP_FASTOPEN option
2399 - checksrc: pass on -D so the whitelists are found correctly
2401 - configure: remove check for libresolve
2403 'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
2404 but this check is broken and most likely adds nothing useful. Removing
2407 Reported-by: Irfan Adilovic
2411 - scripts/make: use $(EXEEXT) for executables
2417 - includes: avoid duplicate memory callback typdefs even harder
2419 - checksrc/makefile.am: use $top_srcdir to find source files
2421 ... to properly support out of source tree builds.
2423 - RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5
2425 - opts: fix option references missing (section)
2427 - [Michael Kaufmann brought this change]
2429 news: CURLOPT_CONNECT_TO and --connect-to
2431 Makes curl connect to the given host+port instead of the host+port found
2434 - makefile.vc6: use d suffix on debug object
2436 To allow both release and debug builds in parallel.
2438 Reported-by: Rod Widdowson
2442 Jay Satiro (12 Apr 2016)
2443 - http2: Use size_t type for data drain count
2445 Ref: https://github.com/curl/curl/issues/659
2446 Ref: https://github.com/curl/curl/pull/663
2448 - http2: Improve header parsing
2450 - Error if a header line is larger than supported.
2452 - Warn if cumulative header line length may be larger than supported.
2454 - Allow spaces when parsing the path component.
2456 - Make sure each header line ends in \r\n. This fixes an out of bounds.
2458 - Disallow header continuation lines until we decide what to do.
2460 Ref: https://github.com/curl/curl/issues/659
2461 Ref: https://github.com/curl/curl/pull/663
2463 - http2: Add Curl_http2_strerror for HTTP/2 error codes
2465 Ref: https://github.com/curl/curl/issues/659
2466 Ref: https://github.com/curl/curl/pull/663
2468 - [Tatsuhiro Tsujikawa brought this change]
2470 http2: Don't increment drain when one header field is received
2472 Sicne we write header field in temporary location, not in the memory
2473 that upper layer provides, incrementing drain should not happen.
2475 Ref: https://github.com/curl/curl/issues/659
2476 Ref: https://github.com/curl/curl/pull/663
2478 - [Tatsuhiro Tsujikawa brought this change]
2480 http2: Ensure that http2_handle_stream_close is called
2482 This commit ensures that streams which was closed in on_stream_close
2483 callback gets passed to http2_handle_stream_close. Previously, this
2484 might not happen. To achieve this, we increment drain property to
2485 forcibly call recv function for that stream.
2487 To more accurately check that we have no pending event before shutting
2488 down HTTP/2 session, we sum up drain property into
2489 http_conn.drain_total. We only shutdown session if that value is 0.
2491 With this commit, when stream was closed before reading response
2492 header fields, error code CURLE_HTTP2_STREAM is returned even if
2493 HTTP/2 level error is NO_ERROR. This signals the upper layer that
2494 stream was closed by error just like TCP connection close in HTTP/1.
2496 Ref: https://github.com/curl/curl/issues/659
2497 Ref: https://github.com/curl/curl/pull/663
2499 - [Tatsuhiro Tsujikawa brought this change]
2501 http2: Process paused data first before tear down http2 session
2503 This commit ensures that data from network are processed before HTTP/2
2504 session is terminated. This is achieved by pausing nghttp2 whenever
2505 different stream than current easy handle receives data.
2507 This commit also fixes the bug that sometimes processing hangs when
2508 multiple HTTP/2 streams are multiplexed.
2510 Ref: https://github.com/curl/curl/issues/659
2511 Ref: https://github.com/curl/curl/pull/663
2513 - [Tatsuhiro Tsujikawa brought this change]
2515 http2: Check session closure early in http2_recv
2517 Ref: https://github.com/curl/curl/issues/659
2518 Ref: https://github.com/curl/curl/pull/663
2520 - [Tatsuhiro Tsujikawa brought this change]
2522 http2: Add handling stream level error
2524 Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
2525 by RST_STREAM, underlying TCP connection was dropped. This is
2526 undesirable since there may be other streams multiplexed and they are
2527 very much fine. This change introduce new error code
2528 CURLE_HTTP2_STREAM, which indicates stream error that only affects the
2529 relevant stream, and connection should be kept open. The existing
2530 CURLE_HTTP2 means connection error in general.
2532 Ref: https://github.com/curl/curl/issues/659
2533 Ref: https://github.com/curl/curl/pull/663
2535 Daniel Stenberg (11 Apr 2016)
2536 - http2: drain the socket better...
2538 ... but ignore EAGAIN if the stream has ended so that we don't end up in
2539 a loop. This is a follow-up to c8ab613 in order to avoid the problem
2540 d261652 was made to fix.
2542 Reported-by: Jay Satiro
2543 Clues-provided-by: Tatsuhiro Tsujikawa
2547 - KNOWN_BUGS: added info for "Hangs with PolarSSL"
2549 - KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse
2553 - build: include scripts/ in the dist
2555 Steve Holme (9 Apr 2016)
2556 - CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
2558 As these two options provide identical functionality, the former for
2559 SOCK5 proxies and the latter for HTTP proxies, merged the two options
2562 As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
2565 - urldata: Use bool for socks5_gssapi_nec as it is a flag
2567 This value is set to TRUE or FALSE so should be a bool and not a long.
2569 - url: Ternary operator code style changes
2571 - CODE_STYLE: Added ternary operator example to 'Space around operators'
2573 Following conversation on the libcurl mailing list.
2575 - sasl: Fixed compilation errors from commit 9d89a0387
2577 ...when GSS-API or Windows SSPI are not used.
2579 - url: Corrected comments following 9d89a0387
2581 - docs: Added clarification following commit 9d89a0387
2583 - Makefile: Fixed echo of checksrc check
2585 - checksrc: Fix issue with the autobuilds not picking up the whitelist
2587 - checksrc: Added missing vauth and vtls directories
2589 - ftp/imap/pop3/smtp: Allow the service name to be overridden
2591 Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
2592 authentication in FTP, IMAP, POP3 and SMTP.
2594 - http_negotiate: Calculate service name and proxy service name locally
2596 Calculate the service name and proxy service names locally, rather than
2597 in url.c which will allow for us to support overriding the service name
2598 for other protocols such as FTP, IMAP, POP3 and SMTP.
2600 - ROADMAP: Updated following the move of the authentication code
2602 Patrick Monnerat (8 Apr 2016)
2603 - KNOWN_BUGS: openldap hangs. TODO: binary SASL.
2605 Daniel Stenberg (8 Apr 2016)
2606 - KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables
2610 - KNOWN_BUGS: 11.2 error buffer not set...
2614 - KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS
2618 - KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects
2622 - TODO: HTTP/2 "prior knowledge" is implemented!
2624 - [Damien Vielpeau brought this change]
2626 mbedtls: fix MBEDTLS_DEBUG builds
2628 - mbedtls: implement and provide *_data_pending()
2630 ... as otherwise we might get stuck thinking there's no more data to
2633 Reported-by: Damien Vielpeau
2637 - mbedtls: follow-up for the previous commit
2639 - mbedtls.c: name space pollution fix, Use 'Curl_'
2641 - mbedtls.c: changed private prefix to mbed_
2643 mbedtls_ is the prefix used by the mbedTLS library itself so we should
2644 avoid using that for our private functions.
2646 - mbedtls.h: fix compiler warnings
2648 - Revert "winbuild: trying to set some files eol=crlf for git"
2650 This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21.
2652 Didn't help. Caused problems.
2656 - curl.1: use example.com more
2658 Make (most) example snippets use the example.com domain instead of the
2659 random ones picked and used before. Some of those were probably
2660 legitimate sites and some not. example.com is designed for this purpose.
2662 - [Michael Kaufmann brought this change]
2664 HTTP2: Add a space character after the status code
2666 The space character after the status code is mandatory, even if the
2667 reason phrase is empty (see RFC 7230 section 3.1.2)
2671 - [Viktor Szakats brought this change]
2673 URLs: change http to https in many places
2677 - winbuild: trying to set some files eol=crlf for git
2679 Thinking it might help to apply patches etc with git.
2681 - [Theodore Dubois brought this change]
2683 curl.1: change example for -F
2685 It's a bad idea to send your passwords anywhere, especially over HTTP.
2686 Modified example to send a picture instead.
2690 - KNOWN_BUGS: reorganized and cleaned up
2692 Now sorted into categories and organized in the same style we do the
2693 TODO document. It will make each issue linked properly on the
2694 https://curl.haxx.se/docs/knownbugs.html web page.
2696 The sections should make it easier to find issues and issues related to
2697 areas of the reader's specific interest.
2699 Jay Satiro (6 Apr 2016)
2700 - KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments
2702 Steve Holme (6 Apr 2016)
2703 - KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues
2705 - CHECKSRC.md: Corrected some typos
2707 - RELEASE-NOTES: Corrected last updated
2709 Included a summary of the checksrc.bat updates and combined two krb5
2710 changes as they should have been implemented at the same time.
2712 - vauth: Corrected a number of typos in comments
2714 Reported-by: Michael Osipov
2716 Jay Satiro (5 Apr 2016)
2717 - KNOWN_BUGS: #94 IMAP custom requests use the LIST handler
2719 Bug: https://github.com/curl/curl/issues/536
2720 Reported-by: eXeC64@users.noreply.github.com
2722 Daniel Stenberg (5 Apr 2016)
2723 - KNOWN_BUGS: remove 68, 70 and 72.
2725 Due to their age (we don't fully know if they actually remain) and lack
2726 of detail - very few people will bother to find out what they're about
2727 or work on them. If people truly still suffer from any of these, I
2728 assume they will be reported again and then we'll deal with them.
2730 72. "Pausing pipeline problems."
2731 https://curl.haxx.se/mail/lib-2009-07/0214.html
2733 70. Problem re-using easy handle after call to curl_multi_remove_handle
2734 https://curl.haxx.se/mail/lib-2009-07/0249.html
2736 68. "More questions about ares behavior".
2737 https://curl.haxx.se/mail/lib-2009-08/0012.html
2739 - KNOWN_BUGS: remove 92 and 88, fixed
2741 - http2: fix connection reuse when PING comes after last DATA
2743 It turns out the google GFE HTTP/2 servers send a PING frame immediately
2744 after a stream ends and its last DATA has been received by curl. So if
2745 we don't drain that from the socket, it makes the socket readable in
2746 subsequent checks and libcurl then (wrongly) assumes the connection is
2747 dead when trying to reuse the connection.
2749 Reported-by: Joonas Kuorilehto
2753 - multi: remove trailing space in debug output
2755 - RELEASE-NOTES: synced with 86e97b642fb
2757 - CHECKSRC.md: mention cmdline options, fix the bullet list
2759 - docs/CHECKSRC.md: initial version
2761 Steve Holme (3 Apr 2016)
2762 - checksrc.bat: Added support for the examples
2764 Daniel Stenberg (3 Apr 2016)
2765 - lib/src: fix the checksrc invoke
2767 ... now works correctly when invoke from the root makefile
2769 - nw: please the stricter checksrc
2771 Steve Holme (3 Apr 2016)
2772 - checksrc.bat: Re-enabled the tests directory by default
2774 Following the recent changes to the source in the tests directory,
2775 re-enabled tests for the default scan.
2777 - checksrc.bat: Added tests/server directory support
2779 In addition to commit 83b174b3f0 and following the recent changes.
2781 - tests: Fixed header files to comply with our code style
2783 Daniel Stenberg (3 Apr 2016)
2784 - make checksrc: run it in docs/examples too by default
2786 - docs/examples: remove spurious white spaces all over
2788 ... to please the new, slightly picker, checksrc.pl
2790 - tests: fix make checksrc in servers/
2792 - tests: 'make checksrc' now checks server/ too
2794 - root/make: have checksrc run in include/curl too
2796 - tests/server: comply with our code style
2798 - code: style updates
2800 - checksrc: check for more malplaced spaces
2802 - unit: make unit test source code checksrc compliant
2804 - checksrc: run checksrc in tests when 'make checksrc' in root
2806 - checksrc: remove debug crap
2808 - lib557: allow too long lines
2810 - checksrc: allow ignore of specific warnings within a file (section)
2812 - checksrc: add warning names, explain on help output
2814 Steve Holme (3 Apr 2016)
2815 - checksrc.bat: Disable tests by default until warnings are fixed
2817 - checksrc.bat: Added support for the tests directory
2819 - vauth: Removed the need for a separate GSS-API based SPN function
2821 - curl_sasl: Fixed potential null pointer utilisation
2823 Although this should never happen due to the relationship between the
2824 'mech' and 'resp' variables, and the way they are allocated together,
2825 it does cause problems for code analysis tools:
2827 V595 The 'mech' pointer was utilized before it was verified against
2828 nullptr. Check lines: 376, 381. curl_sasl.c 376
2830 Bug: https://github.com/curl/curl/issues/745
2831 Reported-by: Alexis La Goutte
2833 - spnego: Small code tidy up
2835 * Prefer dereference of string pointer rather than strlen()
2836 * Free challenge pointer in one place
2837 * Additional comments
2839 - krb5: Small code tidy up
2841 * Prefer dereference of string pointer rather than strlen()
2842 * Free challenge pointer in one place
2843 * Additional comments
2845 - krb5_gssapi: Only process challenge when present
2847 This wouldn't cause a problem because of the way the function is called,
2848 but prior to this change, we were processing the challenge message when
2849 the credentials were NULL rather than when the challenge message was
2852 This also brings this part of the Kerberos 5 code in line with the
2855 - krb5: Fixed missing client response when mutual authentication enabled
2857 Although mutual authentication is currently turned off and can only be
2858 enabled by changing libcurl source code, authentication using Kerberos
2859 5 has been broken since commit 79543caf90 in this use case.
2861 - krb5_sspi: Only process challenge when present
2863 This wouldn't cause a problem because of the way the function is called,
2864 but prior to this change, we were processing the challenge message when
2865 the credentials were NULL rather than when the challenge message was
2868 This also brings this part of the Kerberos 5 code in line with the
2871 - krb5_sspi: Only generate the output token when its not allocated
2873 Prior to this change, we were generating the output token when the
2874 credentials were NULL rather than when the output token was NULL.
2876 This also brings this part of the Kerberos 5 code in line with the
2879 - krb5: Only generate a SPN when its not known
2881 Prior to this change, we were generating the SPN in the SSPI code when
2882 the credentials were NULL and in the GSS-API code when the context was
2883 empty. It is better to decouple the SPN generation from these checks
2884 and only generate it when the SPN itself is NULL.
2886 This also brings this part of the Kerberos 5 code in line with the
2889 Daniel Stenberg (3 Apr 2016)
2890 - tests/libtest: follow our code style guidelines better
2892 ... checksrc of all test code is pending.
2894 - checksrc.whitelist: remove fopen() uses
2896 - formdata: use appropriate fopen() macros
2898 - checksrc: improve the fopen() parser somewhat
2900 The quote scanner was too fragile, now look for a comma instead to find
2903 - unit1604: fix snprintf
2905 follow-up to 0326b06
2907 sizeof(pointer) is no good for the buffer size!
2909 Reported-by: Viktor Szakats
2911 Steve Holme (3 Apr 2016)
2912 - unittests: Fixed compilation warnings
2914 warning: implicit declaration of function 'sprintf_was_used'
2915 [-Wimplicit-function-declaration]
2917 Follow up to the modications made to tests/libtest in commit 55452ebdff
2918 as we prefer not to use sprintf() now.
2920 Daniel Stenberg (2 Apr 2016)
2921 - curl.1: -w filename_effective was introduced in 7.26.0
2923 We never made a 7.25.1 release
2925 - 7.49.0: next release version
2927 - http2: make use of the nghttp2 error callback
2929 It offers extra info from nghttp2 in certain error cases. Like for
2930 example when trying prior-knowledge http2 on a server that doesn't speak
2931 http2 at all. The error message is passed on as a verbose message to
2936 The error callback was added in nghttp2 1.9.0
2938 Steve Holme (2 Apr 2016)
2939 - spnego: Renamed the context's SPN variable
2941 To be consistent with the Kerberos 5 context and other authentication
2944 - krb5_gssapi: Renamed the status variables
2946 For consistency with the spnego code.
2948 - krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argument
2950 For consistency with the spnego and oauth2 code moved the setting of
2951 the host name outside of the Curl_auth_create_gssapi_user_messag()
2954 This will allow us to more easily override it in the future.
2956 - test1119: Fixed missing CURL_DID_MEMORY_FUNC_TYPEDEFS symbol
2958 - RELEASE-NOTES: Removed "http_negotiate: Corrected host and proxy host name"
2960 As this was introduced in the recent vauth changes and not a prior
2963 Daniel Stenberg (1 Apr 2016)
2964 - RELEASE-NOTES: synced with 0aa8da10bbdafa
2966 Steve Holme (1 Apr 2016)
2967 - http_negotiate: Corrected host and proxy host name being wrong way round
2969 I had accidentally used the proxy server name for the host and the host
2970 server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst
2971 Windows SSPI was quite happy with this, GSS-API wasn't.
2973 Thanks-to: Michael Osipov
2975 - build: Changed the Visual Studio projects warning level from 3 to 4
2977 After squashing most of our compiler warnings, up'ed the default
2978 warning level from 3 to 4 in order to increase the likelyhood of
2979 catching future warnings.
2981 Daniel Stenberg (1 Apr 2016)
2982 - [ehlertjd@gmail.com brought this change]
2984 IMAP: check pointer before dereferencing it
2986 may be null in the CURLOPT_CONNECT_ONLY case
2990 Steve Holme (1 Apr 2016)
2991 - .gitignore: Added new VC14 SQLite based program database files
2993 - curl_memory.h: Fixed typo in comment
2995 From commit 7218b52c49.
2997 - spnego: Corrected some typos in comments
2999 Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
3001 - memdebug: Ensure curl/curl.h is included before curl_memory.h
3003 Follow up to commit 7db9782dd6.
3005 Daniel Stenberg (1 Apr 2016)
3006 - upload: missing rewind call could make libcurl hang
3008 When an upload is done, there are two places where that can be detected
3009 and only one of them would rewind the input stream - which sometimes is
3010 necessary for example when doing NTLM HTTP POSTs and more.
3012 This could then end up libcurl hanging.
3014 Figured-out-by: Isaac Boukris
3015 Reported-by: Anatol Belski
3019 - curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFS
3021 So that we only do the extra typedefs in curl_memory.h when we really
3022 need to and avoid double typedefs.
3024 follow-up commit to 7218b52c49aeb1
3026 Thanks-to: Steve Holme
3028 - curl/mprintf.h: remove support for _MPRINTF_REPLACE
3030 The define is not in our name space and is therefore not protected by
3033 It was only really used by libcurl internals but was mostly erased from
3034 there already in 8aabbf5 (March 2015). This is supposedly the final
3035 death blow to that define from everywhere.
3037 As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I
3038 made the lib tests in tests/libtest/ use curl_printf.h for its redefine
3039 magic and then subsequently the use of sprintf() got banned in the tests
3040 as well (as it is in libcurl internals) and I then replaced them all
3043 In the unlikely event that any users is actually using this define and
3044 gets sad by this change, it is very easily copied to the user's own
3047 - curl_memory.h: avoid the curl/curl.h include
3051 Steve Holme (1 Apr 2016)
3052 - url: Corrected get protocol family for FTP and LDAP
3054 Fixed copy/paste error from commit a5aec58726.
3056 Jay Satiro (31 Mar 2016)
3057 - strerror: don't bit shift a signed integer
3059 Bug: https://github.com/curl/curl/issues/744
3060 Reported-by: Alexis La Goutte
3062 Daniel Stenberg (31 Mar 2016)
3063 - http2: more documentation for prior knowledge
3065 - [Diego Bes brought this change]
3067 http2: support "prior knowledge", no upgrade from HTTP/1.1
3069 Supports HTTP/2 over clear TCP
3071 - Optimize switching to HTTP/2 by removing calls to init and setup
3072 before switching. Switching will eventually call setup and setup calls
3075 - Supports new version to “force” the use of HTTP/2 over clean TCP
3077 - Add common line parameter “--http2-prior-knowledge” to the Curl
3080 - imap: remove duplicated function
3082 The list and search response functions were identical! Merged into one
3083 now. Detected by PVS Studio.
3085 Reported-by: Alexis La Goutte
3087 - SOCKS5_gssapi_negotiate: don't assume little-endian ints
3089 The code copied one byte from a 32bit integer, which works fine as long
3090 as the byte order is the same. Not a fine assumption. Reported by PVS
3093 Reported-by: Alexis La Goutte
3095 - http: remove ((expression)) double parentheses
3097 - Curl_add_buffer_send: avoid possible NULL dereference
3099 ... as we check for a NULL pointer below, we move the derefence to after
3100 the check. Detected by PVS Studio.
3102 Reported-by: Alexis La Goutte
3104 - file: remove duplicate checks of the same variable
3106 ... as it doesn't change in between. Deteced by PVS Studio.
3108 Reported-by: Alexis La Goutte
3110 Steve Holme (30 Mar 2016)
3111 - [Marcel Raad brought this change]
3113 openssl: Fix compilation warnings
3115 When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE
3116 && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++
3119 warning C4701: potentially uninitialized local variable 'palg' used
3120 warning C4701: potentially uninitialized local variable 'psig' used
3122 Daniel Stenberg (30 Mar 2016)
3123 - multi: turn Curl_done into file local multi_done
3125 ... as it now is used by multi.c only.
3127 - multi: multi_reconnect_request is the former Curl_reconnect_request
3129 now a file local function in multi.c
3131 - multi: move Curl_do and Curl_do_done to multi.c and make static
3133 ... called multi_do and multi_do_done as they're file local now.
3135 Jay Satiro (29 Mar 2016)
3136 - wolfssl: Use ECC supported curves extension
3138 https://github.com/wolfSSL/wolfssl/issues/366
3140 - build-wolfssl: Allow a broader range of ciphers (Visual Studio)
3142 This is an update to the build-time options used to build wolfSSL in
3143 Visual Studio for greater compatibility, and make it behave similar to
3144 the way OpenSSL 1.0.2 behaves. Starting in wolfSSL v3.6.6 static ciphers
3145 and SSLv3 are disabled by default at build time, but we can use both.
3147 - Enable static cipher suites TLS_ECDH_ and TLS_RSA_.
3149 - Enable SSLv3 hello. Though in libcurl we disable it by default at
3150 runtime, we make it available so the user can manually select it if
3153 Daniel Stenberg (29 Mar 2016)
3154 - [Isaac Boukris brought this change]
3156 GSS: make Curl_gss_log_error more verbose
3158 Also display the GSS_C_GSS_CODE (major code) when specified instead of
3159 only GSS_C_MECH_CODE (minor code).
3161 In addition, the old code was printing a colon twice after the prefix
3162 and also miscalculated the length of the buffer in between calls to
3163 gss_display_status (the length of ": " was missing).
3165 Also, gss_buffer is not guaranteed to be NULL terminated and thus need
3166 to restrict reading by its length.
3170 - build: use roffit 0.11 feature
3172 ... load file specified as argument.
3174 - http2: set correct scheme in handler structs [regression]
3176 Since commit a5aec58 the handler schemes need to match for the
3177 connections to be reused and for HTTP/2 multiplexing to work, reusing
3178 connections is very important!
3182 - hostip.c: minor white space edit for style
3184 - [Viktor Szakats brought this change]
3186 TODO: use secure protocol in recently added URL
3190 - HTTP2.md: mention libressl and boringssl too
3192 - docs/HTTP-COOKIES: converted to markdown
3194 - HTTP2: s/polarssl/mbedtls
3196 Jay Satiro (28 Mar 2016)
3197 - wolfssl: Add ALPN support
3199 - tool_operate: remove mixed declaration
3201 This is a follow up to the previous commit.
3203 Daniel Stenberg (28 Mar 2016)
3204 - curl: warn for --capath use if not supported by libcurl
3208 - TODO: 2.5 Edge-triggered sockets should work
3210 - Makefile.am: skip the scripts dir
3212 Skipping the scripts dir is primarily done for 'make install' so that it
3213 does not attempt to install the zsh completion script as we've not yet
3214 found a proper way to do/run that at install time.
3216 By leaving the script dir's Makefile in place, a user can still opt to
3217 run make install manually in there.
3221 - CURLMOPT_SOCKETFUNCTION.3: describe the 'what' argument
3223 - curl_multi_socket_action.3: mark the options properly
3225 ... to make them appear as links on the html version.
3227 Steve Holme (27 Mar 2016)
3228 - RELEASE-NOTES: Synced with f0bdd72c10
3230 - http_ntlm: Renamed from curl_ntlm.[c|h]
3232 Renamed the header and source files for this module as they are HTTP
3233 specific and as such, they should use the naming convention as other
3234 HTTP authentication source files do - this revert commit 260ee6b7bf.
3236 Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind
3237 code needs separating from the HTTP protocol and migrating into the
3238 vauth directory, thus adding support for Winbind to the SASL based
3239 protocols such as IMAP, POP3 and SMTP.
3241 Daniel Stenberg (27 Mar 2016)
3242 - [marquis-de-muesli brought this change]
3244 docs: curlinfo_filetime sftp support, new curlopt_quote "statvfs"
3248 - [marquis-de-muesli brought this change]
3250 SSH: new CURLOPT_QUOTE command "statvfs"
3252 usage: "statvfs path"
3253 returns remote file system statistics
3255 - [marquis-de-muesli brought this change]
3257 SSH: support CURLINFO_FILETIME
3259 - [Karlson2k brought this change]
3261 sshserver.pl: use quotes for given options
3263 Fixed failed redirection of stderr with some options. At least on Msys2,
3264 perl fails to redirect stderr if $value contains newline or other weird
3267 Jay Satiro (26 Mar 2016)
3268 - url: don't use bad offset in tld_check_name to show error
3270 libidn's tld_check_lz returns an error offset of the first character
3271 that it failed to process, however that offset is not a byte offset and
3272 may not even be in the locale encoding therefore we can't use it to show
3273 the user the character that failed to process.
3275 Bug: https://github.com/curl/curl/issues/731
3276 Reported-by: Karlson2k
3278 Steve Holme (26 Mar 2016)
3279 - http_negotiate: Combine GSS-API and SSPI source files
3281 As the GSS-API and SSPI based source files are no longer library/API
3282 specific, following the extraction of that authentication code to the
3283 vauth directory, combine these files rather than maintain two separate
3286 - vauth: Moved the Negotiate authentication code to the new vauth directory
3288 Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
3290 - vauth: Moved the Negotiate authentication code to the new vauth directory
3292 Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
3294 - warnless.h: Removed spurious character from commit 696bc6b9c9
3296 Not picked up by checksrc or Visual Studio but my own code review, this
3297 would haven broken Intel based Unix builds - Perhaps I should learn to
3298 type on my laptop's keyboard before committing!
3300 - schannel: Fixed compilation warning from commit f8d88a4913
3302 warning C4244: '=': conversion from 'int' to 'unsigned short', possible
3305 - warnless?: Added some integer based conversion functions
3307 Daniel Stenberg (25 Mar 2016)
3308 - [Dusty Mabe brought this change]
3310 docs/TODO: Add feature request for metalink in HTTP headers
3315 Steve Holme (25 Mar 2016)
3316 - build: Corrected typos from commit 70e56939aa
3318 - vauth: Refactored function names after move to new vauth directory
3320 Renamed all the SASL functions that moved to the new vauth directory to
3321 include the correct module name.
3323 - vauth: Updated the copyright year after recent changes
3325 As most of this work was performed in 2015 but not pushed until 2016
3326 updated the copyright year to reflect the public facing changes.
3328 - vauth: Moved the OAuth 2.0 authentication code to the new vauth directory
3330 - vauth: Moved the NTLM authentication code to the new vauth directory
3332 - vauth: Moved the Kerberos V5 authentication code to the new vauth directory
3334 - digest.c: Fixed checksrc warnings
3336 - vauth: Moved the DIGEST authentication code to the new vauth directory
3338 - vauth: Moved the CRAM-MD5 authentication code to the new vauth directory
3340 - vauth: Moved the ClearText authentication code to the new vauth directory
3342 - vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files
3344 - checksrc.bat: Added support for checking the new vauth directory
3346 - build: Updated all makefiles and project files for the new vauth directory
3348 Updated the makefiles and Visual Studio project files to support moving
3349 the authentication code to the new lib/vauth directory that was started
3350 in commit 0d04e859e1.
3352 Daniel Stenberg (24 Mar 2016)
3353 - [JDepooter brought this change]
3355 schannel: Add ALPN support
3357 Add ALPN support for schannel. This allows cURL to negotiate
3358 HTTP/2.0 connections when built with schannel.
3362 Steve Holme (24 Mar 2016)
3363 - http: Minor update based on CODE_STYLE guidelines
3365 Daniel Stenberg (23 Mar 2016)
3366 - multi: fix "Operation timed out after" timer
3368 Use the local, reasonably updated, 'now' value when creating the message
3369 string to output for the timeout condition.
3373 - openssl: boringssl provides the same numbering as openssl
3375 ... so we don't need extra boringssl precautions for for
3376 HAVE_ERR_REMOVE_THREAD_STATE_NOARG.
3378 Pointed-out-by: David Benjamin
3380 - openssl: fix ERR_remove_thread_state() for boringssl/libressl
3382 The removed arg is only done in OpenSSL
3384 Bug: https://twitter.com/xtraemeat/status/712564874098917376
3386 - bump: work on 7.48.1
3388 - RELEASE-PROCEDURE: mention the github release tag edit
3390 ... and update the coming release dates a bit
3392 Steve Holme (23 Mar 2016)
3393 - checksrc.bat: Updated the help to be consistent with generate.bat
3395 Follow up to commit a8c7f0fcbf prior to release.
3397 Version 7.48.0 (23 Mar 2016)
3399 Daniel Stenberg (23 Mar 2016)
3400 - RELEASE-NOTES: curl 7.48.0
3402 - THANKS: 15 new contributors from 7.48.0 release
3404 Jay Satiro (23 Mar 2016)
3405 - CURLINFO_TLS_SSL_PTR.3: Warn about limitations
3407 Bug: https://github.com/curl/curl/issues/685
3409 Daniel Stenberg (22 Mar 2016)
3410 - Revert "sshserver: remove use of AuthorizedKeysFile2"
3412 It seems we may have some autobuild problems after this commit went
3413 in. Trying to see if a revert helps to get them back.
3415 This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642.
3417 - maketgz: add -j to make dist
3419 ... makes it a lot faster
3421 - libcurl-thread.3: minor nroff format fix
3423 - CURLINFO_TLS_SSL_PTR.3: minor nroff format fix
3425 - CODE_STYLE: indend example code
3427 ... to make it look nicer in markdown outputa
3429 Jay Satiro (22 Mar 2016)
3430 - build-wolfssl: Update VS properties for wolfSSL v3.9.0
3432 - Do not use wolfSSL's sample user-setting files.
3434 wolfSSL starting in v3.9.0 has added their own sample user settings that
3435 are applied by default, but we don't use them because we have our own
3438 - Do not use wolfSSL's Visual Studio Unicode character setting.
3440 wolfSSL Visual Studio projects use the Unicode character set however our
3441 settings and options imitate mingw build which does not use the Unicode
3442 character set. This does not appear to have any effect at the moment but
3443 better safe than sorry.
3446 These changes are backwards compatible with earlier versions.
3448 Steve Holme (22 Mar 2016)
3449 - hostip6: Fixed compilation warnings when verbose strings disabled
3451 warning C4189: 'data': local variable is initialized but not referenced
3453 ...and some minor formatting/spacing changes.
3455 Daniel Stenberg (21 Mar 2016)
3456 - sshserver: remove use of AuthorizedKeysFile2
3458 Support for the (undocumented) AuthorizedKeysFile2 was removed in
3459 OpenSSH 5.9, released in September 2011
3463 Steve Holme (20 Mar 2016)
3464 - connect/ntlm/http: Fixed compilation warnings when verbose strings disabled
3466 warning C4189: 'data': local variable is initialized but not referenced
3468 - openssl: Fixed compilation warning when /Wall enabled
3470 warning C4706: assignment within conditional expression
3472 - CODE_STYLE: Use boolean conditions
3474 Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions.
3476 Additionally, corrected some example code to adhere to the recommended
3479 - inet_pton.c: Fixed compilation warnings
3481 warning: conversion to 'unsigned char' from 'int' may alter its value
3483 Daniel Stenberg (19 Mar 2016)
3484 - RELEASE-NOTES: synced with 80851028efc2fa9
3486 - mbedtls: fix compiler warning
3488 vtls/mbedtls.h:67:36: warning: implicit declaration of function
3489 ‘mbedtls_sha256’ [-Wimplicit-function-declaration]
3491 Steve Holme (19 Mar 2016)
3492 - easy: Minor coding standard and style updates
3494 Following commit c5744340db. Additionally removes the need for a second
3495 'result code' variable as well.
3497 Jay Satiro (19 Mar 2016)
3498 - easy: Remove poll failure check in easy_transfer
3500 .. because curl_multi_wait can no longer signal poll failure.
3502 follow-up to 77e1726
3504 Bug: https://github.com/curl/curl/issues/707
3506 Steve Holme (19 Mar 2016)
3507 - build: Added missing Visual Studio filter files for VC10 onwards
3509 As these files don't need to contain references to the source files,
3510 although typically do, added basic files which only include three
3511 filters and don't require the project file generator to be modified.
3513 These files allow the source code to be viewed in the Solution Explorer
3514 in versions of Visual Studio from 2010 onwards in the same manner as
3515 previous versions did rather than one large view of files.
3517 - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
3519 warning C4706: assignment within conditional expression
3521 - config-w32.h: Fixed compilation warning when /Wall enabled
3523 warning C4668: 'USE_IPV6' is not defined as a preprocessor macro,
3524 replacing with '0' for '#if/#elif'
3526 - imap.c: Fixed compilation warning with /Wall enabled
3528 warning C4701: potentially uninitialized local variable 'size' used
3530 Technically this can't happen, as the usage of 'size' is protected by
3531 'if(parsed)' and 'parsed' is only set after 'size' has been parsed.
3533 Anyway, lets keep the compiler happy.
3535 - KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms
3537 Daniel Stenberg (18 Mar 2016)
3538 - bump: the coming release is 7.48.0
3540 - configure: use cpp -P when needed
3542 Since gcc 5, the processor output can get split up on multiple lines
3543 that made the configure script fail to figure out values from
3544 definitions. The fix is to use cpp -P, and this fix now first checks if
3545 cpp -P is necessary and then if cpp -P works before it uses that to
3546 extract defined values.
3550 Steve Holme (18 Mar 2016)
3551 - formdata.c: Fixed compilation warning
3553 formdata.c:390: warning: cast from pointer to integer of different size
3555 Introduced in commit ca5f9341ef this happens because a char*, which is
3556 32-bits wide in 32-bit land, is being cast to a curl_off_t which is
3557 64-bits wide where 64-bit integers are supported by the compiler.
3559 This doesn't happen in 64-bit land as a pointer is the same size as a
3562 This fix doesn't address the fact that a 64-bit value cannot be used
3563 for CURLFORM_CONTENTLEN when set in a form array and compiled on a
3564 32-bit platforms, it does at least suppress the compilation warning.
3566 Daniel Stenberg (18 Mar 2016)
3567 - FAQ: 2.5 Install libcurl for both 32bit and 64bit?
3569 - [Gisle Vanem brought this change]
3571 openssl: adapt to API breakage in ERR_remove_thread_state()
3573 The OpenSSL API change that broke this is "Convert ERR_STATE to new
3574 multi-threading API": openssl commit 8509dcc.
3578 - version: init moved to private name space, added protos
3580 follow-up to 80015cdd52145
3582 - openssl: verbose: show matching SAN pattern
3584 ... to allow users to see which specfic wildcard that matched when such
3587 Also minor logic cleanup to simplify the code, and I removed all tabs
3588 from verbose strings.
3590 Jay Satiro (16 Mar 2016)
3591 - version: thread safety
3593 Steve Holme (16 Mar 2016)
3594 - transfer: Removed redundant HTTP authentication include files
3596 It would also seem that share.h is not required here either as there
3597 are no references to the Curl_share structure or functions.
3599 - easy: Removed redundant HTTP authentication include files
3601 Jay Satiro (15 Mar 2016)
3602 - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support
3604 Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html
3605 Reported-by: Oliver Graute
3607 Steve Holme (15 Mar 2016)
3608 - curl_sasl: Minor code indent fixes
3610 Daniel Stenberg (14 Mar 2016)
3611 - runtests: mention when run event-based
3613 - easy: add check to malloc() when running event-based
3615 ... to allow torture tests then too.
3617 - memdebug: skip logging the limit countdown, fflush when reached
3619 - CODE_STYLE: Space around operators
3621 As just discussed on the mailing list, also document how we prefer
3622 spacing in expressions.
3624 - curl: glob_range: no need to check unsigned variable for negative
3628 [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
3631 - CODE_STYLE: add example for indent style as well
3633 - CODE_STYLE: mention braces for functions too
3635 - docs/Makefile.am: include CODE_STYLE in tarball too
3637 - CONTRIBUTE: moved out code style to a separate document
3639 - CODE_STYLE: initial version
3641 Ripped out from CONTRIBUTE into its own document, but also extended from
3644 - curl_sasl.c: minor code indent fixes
3646 - multi: simplified singlesocket
3648 Since sh_getentry() now checks for invalid sockets itself and by
3649 narrowing the scope of the remove_sock_from_hash variable.
3651 - multi: introduce sh_getentry() for looking up sockets in the sockhash
3653 Simplify the code by using a single entry that looks for a socket in the
3654 socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD
3655 at some point and that is ineffective/wrong and this makes it easier to
3658 - [Jaime Fullaondo brought this change]
3660 multi hash: ensure modulo performed on curl_socket_t
3664 Steve Holme (13 Mar 2016)
3665 - base64: Minor coding standard and style updates
3667 - base64: Use 'CURLcode result' for curl result codes
3669 - negotiate: Use 'CURLcode result' for curl result codes
3671 Daniel Stenberg (13 Mar 2016)
3672 - [Maksim Kuzevanov brought this change]
3674 multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT
3678 - TODO: Use the RFC6265 test suite
3680 Steve Holme (13 Mar 2016)
3681 - checksrc.bat: Added the ability to scan src and lib source independently
3683 - digest: Use boolean based success code for Curl_sasl_digest_get_pair()
3685 Rather than use a 0 and 1 integer base result code use a TRUE / FALSE
3688 - digest: Corrected some typos in comments
3690 - krb5: Corrected some typos in function descriptions
3692 - ntlm: Corrected some typos in function descriptions
3694 - url: Corrected indentation when calling idna_to_ascii_lz()
3696 - idn_win32: Use boolean based success codes
3698 Rather than use 0 and 1 integer base result codes use a FALSE / TRUE
3701 Daniel Stenberg (10 Mar 2016)
3702 - idn_win32.c: warning: Trailing whitespace
3704 Steve Holme (10 Mar 2016)
3705 - idn_win32.c: Fixed compilation warning from commit 9e7fcd4291
3707 warning C4267: 'function': conversion from 'size_t' to 'int',
3708 possible loss of data
3710 Daniel Stenberg (10 Mar 2016)
3711 - THANKS-filter: unify Michael König
3713 - RELEASE-NOTES: synced with 863c5766dd
3715 - ftp: remove a check for NULL(!)
3717 ... as it implies we need to check for that on all the other variable
3718 references as well (as Coverity otherwise warns us for missing NULL
3719 checks), and we're alredy making sure that the pointer is never NULL.
3721 - cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
3723 RFC 6265 section 4.1.1 spells out that the first name/value pair in the
3724 header is the actual cookie name and content, while the following are
3727 libcurl previously had a more liberal approach which causes significant
3728 problems when introducing new cookie parameters, like the suggested new
3729 cookie priority draft.
3731 The previous logic read all n/v pairs from left-to-right and the first
3732 name used that wassn't a known parameter name would be used as the
3733 cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
3734 a cookie named 'person' while an RFC 6265 compliant parser should
3735 consider that to be a cookie named 'Max-Age' with an (unknown) parameter
3740 - krb5: improved type handling to avoid clang compiler warnings
3742 - url.c: fix clang warning: no newline at end of file
3744 - curl_multi_wait: never return -1 in 'numfds'
3746 Such a return value isn't documented but could still happen, and the
3747 curl tool code checks for it. It would happen when the underlying
3748 Curl_poll() function returns an error. Starting now we mask that error
3749 as a user of curl_multi_wait() would have no way to handle it anyway.
3751 Reported-by: Jay Satiro
3754 - HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link
3756 - curl_multi_wait.3: add example
3758 Steve Holme (8 Mar 2016)
3759 - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
3761 Regression since commit 710f14edba.
3763 Bug: https://github.com/curl/curl/issues/422
3764 Reported-by: Justin Ehlert
3766 Jay Satiro (8 Mar 2016)
3767 - opt-docs: fix heading macros
3771 Bug: https://github.com/curl/curl/issues/705
3772 Reported-by: Eric S. Raymond
3774 Kamil Dudka (8 Mar 2016)
3775 - [Tim Rühsen brought this change]
3777 cookie: do not refuse cookies for localhost
3781 Daniel Stenberg (8 Mar 2016)
3782 - ftp_done: clear tunnel_state when secondary socket closes
3784 Introducing a function for closing the secondary connection to make this
3785 bug less likely to happen again.
3790 - [Gisle Vanem brought this change]
3792 openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
3794 - HTTP2.md: HTTP/2 by default for curl's HTTPS connections
3796 - [Anders Bakken brought this change]
3798 pipeline: Sanity check pipeline pointer before accessing it.
3800 I got a crash with this stack:
3802 curl/lib/url.c:2873 (Curl_removeHandleFromPipeline)
3803 curl/lib/url.c:2919 (Curl_getoff_all_pipelines)
3804 curl/lib/multi.c:561 (curl_multi_remove_handle)
3805 curl/lib/url.c:415 (Curl_close)
3806 curl/lib/easy.c:859 (curl_easy_cleanup)
3810 - HTTP2.md: mention the disable ALPN and NPN options
3812 - TODO: 17.12 keep running, read instructions from pipe/socket
3814 And delete trailing whitespace
3815 And rename section 17 to "command line tool" from "client"
3819 - README.md: linkified
3821 It also makes it less readable as plain text, so let's keep this
3822 primarily for github use.
3824 Removed the top ascii art logo, as it looks weird when markdownified.
3826 - README.md: markdown version of README
3828 Attempt to make it look more appealing on github
3830 Jay Satiro (6 Mar 2016)
3831 - mprintf: update trio project link
3833 Daniel Stenberg (6 Mar 2016)
3834 - CURLOPT_ACCEPTTIMEOUT_MS.3: added example
3836 - CURLOPT_ACCEPT_ENCODING.3: added example
3838 - CURLOPT_APPEND.3: added example
3840 - CURLOPT_NOPROGRESS.3: added example, conform to stardard style
3842 Steve Holme (6 Mar 2016)
3843 - build-openssl/checksrc.bat: Fixed prepend vs append of Perl path
3845 Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order
3846 in which Perl was added to the PATH.
3848 Daniel Stenberg (6 Mar 2016)
3849 - opts: added two examples
3851 - CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example
3853 - CURLOPT_SSL_CTX_FUNCTION.3: added example
3855 and removed erroneous reference to test case lib509
3857 - curlx.c: use more curl style code
3859 - test46: change cookie expiry date
3861 Since two of the cookies would now otherwise expire and cause the test
3862 to fail after commit 20de9b4f09
3866 Jay Satiro (5 Mar 2016)
3867 - [Viktor Szakats brought this change]
3869 makefile.m32: add missing libs for static -winssl-ssh2 builds
3871 Bug: https://github.com/curl/curl/pull/693
3873 - mbedtls: fix user-specified SSL protocol version
3875 Prior to this change when a single protocol CURL_SSLVERSION_ was
3876 specified by the user that version was set only as the minimum version
3877 but not as the maximum version as well.
3879 Steve Holme (5 Mar 2016)
3880 - .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14
3882 - build-openssl.bat: Fixed cannot find perl if installed but not in path
3884 - checksrc.bat: Fixed cannot find perl if installed but not in path
3886 Jay Satiro (5 Mar 2016)
3887 - [Viktor Szakats brought this change]
3889 makefile.m32: fix to allow -ssh2-winssl combination
3891 In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
3892 (OpenSSL) option, with no way to override it with -winssl. Since both
3893 libssh2 and curl support using Windows's built-in SSL backend, modify
3894 the logic to allow that combination.
3896 - cookie: Don't expire session cookies in remove_expired
3898 Prior to this change cookies with an expiry date that failed parsing
3899 and were converted to session cookies could be purged in remove_expired.
3901 Bug: https://github.com/curl/curl/issues/697
3902 Reported-by: Seth Mos
3904 Daniel Stenberg (3 Mar 2016)
3905 - cookie: remove redundant check
3907 ... as it was already checked previously within the function.
3909 Reported-by: Dmitry-Me
3912 Jay Satiro (1 Mar 2016)
3913 - [Anders Bakken brought this change]
3915 url: if Curl_done is premature then pipeline not in use
3917 Prevent a crash if 2 (or more) requests are made to the same host and
3918 pipelining is enabled and the connection does not complete.
3920 Bug: https://github.com/curl/curl/pull/690
3922 - [Viktor Szakats brought this change]
3924 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
3926 using envvars `CURL_LDFLAG_EXTRAS_DLL` and
3927 `CURL_LDFLAG_EXTRAS_EXE` respectively. This
3928 is useful f.e. to pass ASLR-related extra
3929 options, that are required to make this
3930 feature work when using the mingw toolchain.
3932 Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985
3934 Closes https://github.com/curl/curl/pull/689
3936 Daniel Stenberg (29 Feb 2016)
3937 - formpost: fix memory leaks in AddFormData error branches
3939 Reported-by: Dmitry-Me
3942 Jay Satiro (28 Feb 2016)
3943 - getinfo: Fix syntax error when mbedTLS
3945 The assignment of the mbedTLS TLS session info in the parent commit was
3946 incorrect. Change the assignment to a pointer to the session structure.
3948 - getinfo: Add support for mbedTLS TLS session info
3950 .. and preprocessor check TLS session info is defined for all backends.
3952 Daniel Stenberg (26 Feb 2016)
3953 - ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on
3955 - file: try reading from files with no size
3957 Some systems have special files that report as 0 bytes big, but still
3958 contain data that can be read (for example /proc/cpuinfo on
3959 Linux). Starting now, a zero byte size is considered "unknown" size and
3960 will be read as far as possible anyway.
3962 Reported-by: Jesse Tan
3966 Jay Satiro (25 Feb 2016)
3967 - configure: warn on invalid ca bundle or path
3969 - Warn if --with-ca-bundle file does not exist.
3971 - Warn if --with-ca-path directory does not contain certificates.
3973 - Improve help messages for both.
3975 Example configure output:
3977 ca cert bundle: /some/file (warning: certs not found)
3978 ca cert path: /some/dir (warning: certs not found)
3980 Bug: https://github.com/curl/curl/issues/404
3981 Reported-by: Jeffrey Walton
3983 Daniel Stenberg (24 Feb 2016)
3984 - Curl_read: check for activated HTTP/1 pipelining, not only requested
3986 ... as when pipelining is used, we read things into a unified buffer and
3987 we don't do that with HTTP/2. This could then easily make programs that
3988 set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data
3989 intermixed or plain broken between HTTP/2 streams.
3991 Reported-by: Anders Bakken
3993 Patrick Monnerat (24 Feb 2016)
3994 - os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS
3996 Jay Satiro (23 Feb 2016)
3997 - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
3999 The two options are almost the same, except in the case of OpenSSL:
4001 CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.
4003 CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.
4005 For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
4006 return an SSL pointer for OpenSSL.
4008 Also, add support for the 'internals' member to point to SSL object for
4009 the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
4012 Bug: https://github.com/curl/curl/issues/234
4013 Reported-by: dkjjr89@users.noreply.github.com
4015 Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
4016 Reported-by: Michael König
4018 Daniel Stenberg (23 Feb 2016)
4019 - multi_remove_handle: keep the timeout list until after disconnect
4021 The internal Curl_done() function uses Curl_expire() at times and that
4022 uses the timeout list. Better clean up the list once we're done using
4023 it. This caused a segfault.
4026 Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html
4028 Kamil Dudka (23 Feb 2016)
4029 - tests/sshserver.pl: use RSA instead of DSA for host auth
4031 DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
4032 test cases to be skipped. Using RSA for host authentication works with
4033 both old and new versions of OpenSSH.
4035 Reported-by: Karlson2k
4039 Jay Satiro (23 Feb 2016)
4040 - TFTP: add option to suppress TFTP option requests (Part 2)
4044 - Add an example to CURLOPT_TFTP_NO_OPTIONS.3.
4046 - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.
4048 Bug: https://github.com/curl/curl/issues/481
4050 - [Michael Koenig brought this change]
4052 TFTP: add option to suppress TFTP option requests (Part 1)
4054 Some TFTP server implementations ignore the "TFTP Option extension"
4055 (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
4056 problems with libcurl. Another switch for curl_easy_setopt
4057 "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
4058 sending TFTP option requests to a server, avoiding many problems caused
4059 by faulty implementations.
4061 Bug: https://github.com/curl/curl/issues/481
4063 Daniel Stenberg (22 Feb 2016)
4064 - [Karlson2k brought this change]
4066 runtests: Fixed usage of %PWD on MinGW64
4070 Jay Satiro (20 Feb 2016)
4071 - CURLOPT_DEBUGFUNCTION.3: Fix example
4073 - [Viktor Szakats brought this change]
4075 src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
4077 Sync with lib/Makefile.m32 which already uses those variables.
4079 Bug: https://github.com/curl/curl/pull/670
4081 Dan Fandrich (20 Feb 2016)
4082 - Enabled test 1437 after the bug fix in commit 3fa220a6
4084 Jay Satiro (19 Feb 2016)
4085 - [Emil Lerner brought this change]
4087 curl_sasl: Fix memory leak in digest parser
4089 If any parameter in a HTTP DIGEST challenge message is present multiple
4090 times, memory allocated for all but the last entry should be freed.
4092 Bug: https://github.com/curl/curl/pull/667
4094 Dan Fandrich (19 Feb 2016)
4095 - Added test 1437 to verify a memory leak
4097 Reported-by: neex@users.noreply.github.com
4099 Jay Satiro (18 Feb 2016)
4100 - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style
4102 Bug: https://github.com/curl/curl/issues/666
4103 Reported-by: baumanj@users.noreply.github.com
4105 - curl.1: HTTP headers for --cookie must be Set-Cookie style
4107 Bug: https://github.com/curl/curl/issues/666
4108 Reported-by: baumanj@users.noreply.github.com
4110 Daniel Stenberg (18 Feb 2016)
4111 - curl.1: add a missing dash
4113 - CONTRIBUTING.md: fix links
4115 - ISSUE_TEMPLATE: github issue template
4117 First version, try this out!
4119 - CONTRIBUTING.md: move into .github
4121 To hide github specific files somewhat from the rest.
4123 - opts: add references
4125 - examples/make: add 'checksrc' target
4127 - 10-at-a-time: typecast the argument passed to sleep()
4129 - externalsocket.c: fix compiler warning for fwrite return type
4131 - anyauthput.c: fix compiler warnings
4133 - simplessl.c: warning: while with space
4135 - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
4137 Reported-By: Gisle Vanem
4139 - http2: don't decompress gzip decoding automatically
4141 At one point during the development of HTTP/2, the commit 133cdd29ea0
4142 introduced automatic decompression of Content-Encoding as that was what
4143 the spec said then. Now however, HTTP/2 should work the same way as
4144 HTTP/1 in this regard.
4146 Reported-by: Kazuho Oku
4150 Jay Satiro (16 Feb 2016)
4151 - [Tatsuhiro Tsujikawa brought this change]
4153 http: Don't break the header into chunks if HTTP/2
4155 nghttp2 callback deals with TLS layer and therefore the header does not
4156 need to be broken into chunks.
4158 Bug: https://github.com/curl/curl/issues/659
4159 Reported-by: Kazuho Oku
4161 Daniel Stenberg (16 Feb 2016)
4162 - [Viktor Szakats brought this change]
4164 openssl: use macro to guard the opaque EVP_PKEY branch
4166 - [Viktor Szakats brought this change]
4168 openssl: avoid direct PKEY access with OpenSSL 1.1.0
4170 by using API instead of accessing an internal structure.
4171 This is required starting OpenSSL 1.1.0-pre3.
4175 - RELEASE-NOTES: synced with ede0bfc079da
4177 - [Clint Clayton brought this change]
4179 CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option
4181 Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use
4182 CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT.
4186 - opt-docs: add more references
4188 - [David Byron brought this change]
4190 SCP: use libssh2_scp_recv2 to support > 2GB files on windows
4192 libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any
4197 Jay Satiro (13 Feb 2016)
4198 - [Shine Fan brought this change]
4200 gtls: fix for builds lacking encrypted key file support
4202 Bug: https://github.com/curl/curl/pull/651
4204 Dan Fandrich (13 Feb 2016)
4205 - test1604: Add to Makefile.inc so it gets run
4207 Jay Satiro (12 Feb 2016)
4208 - generate.bat: Fix comment bug by removing old comments
4210 Remove NOTES section, it's no longer needed since we aren't setting the
4211 errorlevel and more importantly the recently updated URL in the comments
4212 is causing some unusual behavior that breaks the script.
4214 Closes https://github.com/curl/curl/issues/649
4216 Kamil Dudka (12 Feb 2016)
4217 - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
4219 The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man
4220 pages since curl-7_12_3~131. This patch makes it clear in the curl.1
4223 Bug: https://bugzilla.redhat.com/1305970
4225 Daniel Stenberg (12 Feb 2016)
4226 - dist: ship buildconf.bat too
4228 As the winbuild/* stuff uses it!
4230 - curlx_tvdiff: handle 32bit time_t overflows
4232 On 32bit systems, make sure we don't overflow and return funky values
4233 for very large time differences.
4235 Reported-by: Anders Bakken
4239 - examples: fix some compiler warnings
4241 - simplessl.c: fix my breakage
4243 - examples: adhere to curl code style
4245 All plain C examples now (mostly) adhere to the curl code style. While
4246 they are only examples, they had diverted so much and contained all
4247 sorts of different mixed code styles by now. Having them use a unified
4248 style helps users and readability. Also, as they get copy-and-pasted
4249 widely by users, making sure they're clean and nice is a good idea.
4251 573 checksrc warnings were addressed.
4253 - examples/cookie_interface.c: add cleanup call
4255 cleaning up handles is a good idea as we leak memory otherwise
4257 Also, line wrapped before 80 columns.
4259 Kamil Dudka (10 Feb 2016)
4260 - nss: search slash in forward direction in dup_nickname()
4262 It is wasteful to search it backwards if we look for _any_ slash.
4264 - nss: do not count enabled cipher-suites
4266 We only care if at least one cipher-suite is enabled, so it does
4267 not make any sense to iterate till the end and count all enabled
4270 Daniel Stenberg (10 Feb 2016)
4271 - contributors.sh: make 79 the max column width (from 80)
4273 - RELEASE-NOTES: synced with c276aefee3995
4275 - mbedtls.c: re-indent to better match curl standards
4277 - [Rafael Antonio brought this change]
4279 mbedtls: fix memory leak when destroying SSL connection data
4283 - mbedtls: fix ALPN usage segfault
4285 Since we didn't keep the input argument around after having called
4286 mbedtls, it could end up accessing the wrong memory when figuring out
4291 Jay Satiro (9 Feb 2016)
4292 - [Timotej Lazar brought this change]
4294 opts: update references to renamed options
4296 - KNOWN_BUGS: Update #92 - Windows device prefix
4298 - tool_doswin: Support for literal path prefix \\?\
4300 For example something like --output \\?\C:\foo
4302 Daniel Stenberg (9 Feb 2016)
4303 - configure: state "BoringSSL" in summary when that was detected
4305 - [David Benjamin brought this change]
4307 openssl: remove most BoringSSL #ifdefs.
4309 As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
4310 BoringSSL #ifdefs in cURL should be unnecessary:
4312 - BoringSSL provides no-op stubs for compatibility which replaces most
4315 - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
4316 the compatibility codepath.
4318 - With a small tweak to an extend_key_56_to_64 call, the NTLM code
4321 - Switch OCSP-related #ifdefs to the more generally useful
4324 The only #ifdefs which remain are Curl_ossl_version and the #undefs to
4325 work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
4326 that to the consumer. The in-header workaround makes things sensitive to
4329 This change errs on the side of removing conditionals despite many of
4330 the restored codepaths being no-ops. (BoringSSL generally adds no-op
4331 compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
4336 Jay Satiro (8 Feb 2016)
4337 - KNOWN_BUGS: Windows device prefix is required for devices
4339 - tool_urlglob: Allow reserved dos device names (Windows)
4341 Allow --output to reserved dos device names without the device prefix
4342 for backwards compatibility.
4344 Example: --output NUL can be used instead of --output \\.\NUL
4346 Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
4347 Reported-by: Gisle Vanem
4349 Daniel Stenberg (8 Feb 2016)
4350 - cookies: allow spaces in cookie names, cut of trailing spaces
4352 It turns out Firefox and Chrome both allow spaces in cookie names and
4353 there are sites out there using that.
4355 Turned out the code meant to strip off trailing space from cookie names
4356 didn't work. Fixed now.
4358 Test case 8 modified to verify both these changes.
4362 Patrick Monnerat (8 Feb 2016)
4363 - Merge branch 'master' of github.com:curl/curl
4365 - os400: sync ILE/RPG definitions with latest public header files.
4367 Daniel Stenberg (8 Feb 2016)
4368 - [Ludwig Nussel brought this change]
4370 SSLCERTS: update wrt SSL CA certificate store
4372 - [Ludwig Nussel brought this change]
4374 configure: --with-ca-fallback: use built-in TLS CA fallback
4376 When trying to verify a peer without having any root CA certificates
4377 set, this makes libcurl use the TLS library's built in default as
4382 - Proxy-Connection: stop sending this header by default
4384 RFC 7230 says we should stop. Firefox already stopped.
4386 Bug: https://github.com/curl/curl/issues/633
4387 Reported-By: Brad Fitzpatrick
4391 - bump: work toward the next release
4393 - THANKS: 2 contributors from the 7.47.1 release
4395 - RELEASE-PROCEDURE: remove the github upload part
4397 ... as we're HTTPS on the main site now, there's no point in that
4400 Version 7.47.1 (8 Feb 2016)
4402 Daniel Stenberg (8 Feb 2016)
4403 - RELEASE-NOTES: curl 7.47.1 time!
4405 Jay Satiro (8 Feb 2016)
4406 - tool_operhlp: Check for backslashes in get_url_file_name
4408 Extract the filename from the last slash or backslash. Prior to this
4409 change backslashes could be part of the filename.
4411 This change needed for the curl tool built for Cygwin. Refer to the
4412 CYGWIN addendum in advisory 20160127B.
4414 Bug: https://curl.haxx.se/docs/adv_20160127B.html
4416 Daniel Stenberg (7 Feb 2016)
4417 - RELEASE-NOTES: synced with d6a8869ea34
4419 Jay Satiro (6 Feb 2016)
4420 - openssl: Fix signed/unsigned mismatch warning in X509V3_ext
4422 sk_X509_EXTENSION_num may return an unsigned integer, however the value
4425 Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
4426 Reported-by: Gisle Vanem
4428 Daniel Stenberg (7 Feb 2016)
4429 - TODO: 17.11 -w output to stderr
4431 Jay Satiro (6 Feb 2016)
4432 - [Michael Kaufmann brought this change]
4434 idn_win32: Better error checking
4436 .. also fix a conversion bug in the unused function
4437 curl_win32_ascii_to_idn().
4439 And remove wprintfs on error (Jay).
4441 Bug: https://github.com/curl/curl/pull/637
4443 - [Gisle Vanem brought this change]
4445 examples/asiohiper: Avoid function name collision on Windows
4447 closesocket => close_socket
4448 Winsock already has the former.
4450 Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
4452 - [Gisle Vanem brought this change]
4454 examples/htmltitle: Use _stricmp on Windows
4456 Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html
4458 Daniel Stenberg (6 Feb 2016)
4459 - COPYING: clarify that Daniel is not the sole author
4461 ... done on request and as it is a fair point.
4463 Jay Satiro (5 Feb 2016)
4464 - unit1604: Fix unit setup return code
4466 - tool_doswin: Use type SANITIZEcode in sanitize_file_name
4468 - tool_doswin: Improve sanitization processing
4470 - Add unit test 1604 to test the sanitize_file_name function.
4472 - Use -DCURL_STATICLIB when building libcurltool for unit testing.
4474 - Better detection of reserved DOS device names.
4476 - New flags to modify sanitize behavior:
4478 SANITIZE_ALLOW_COLONS: Allow colons
4479 SANITIZE_ALLOW_PATH: Allow path separators and colons
4480 SANITIZE_ALLOW_RESERVED: Allow reserved device names
4481 SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
4483 - Restore sanitization of banned characters from user-specified outfile.
4485 Prior to this commit sanitization of a user-specified outfile was
4486 temporarily disabled in 2b6dadc because there was no way to allow path
4487 separators and colons through while replacing other banned characters.
4488 Now in such a case we call the sanitize function with
4489 SANITIZE_ALLOW_PATH which allows path separators and colons to pass
4493 Closes https://github.com/curl/curl/issues/624
4494 Reported-by: Octavio Schroeder
4496 - [Viktor Szakats brought this change]
4498 URLs: change more http to https
4500 - sasl_sspi: Fix memory leak in domain populate
4502 Free an existing domain before replacing it.
4504 Bug: https://github.com/curl/curl/issues/635
4505 Reported-by: silveja1@users.noreply.github.com
4507 Daniel Stenberg (4 Feb 2016)
4508 - [Viktor Szakats brought this change]
4510 URLs: follow GitHub project rename (also Travis CI)
4514 - CHANGES.o: fix references to curl.haxx.nu
4516 I removed the scheme prefix from the URLs references this host name, as
4517 we don't own/run that anymore but the name is kept for historic reasons.
4519 - HISTORY: add some info about when we used which host names
4521 Jay Satiro (2 Feb 2016)
4522 - [Viktor Szakats brought this change]
4524 URLs: change more http to https
4526 Dan Fandrich (3 Feb 2016)
4527 - URLs: Change more haxx.se URLs from http: to https:
4529 Daniel Stenberg (3 Feb 2016)
4530 - RELEASE-NOTES: synced with 4af40b364
4532 - URLs: change all http:// URLs to https://
4534 - configure: update the copyright year range in output
4536 - dotdot: allow an empty input string too
4538 It isn't used by the code in current conditions but for safety it seems
4539 sensible to at least not crash on such input.
4541 Extended unit test 1395 to verify this too as well as a plain "/" input.
4543 - HTTPS: update a bunch of URLs from HTTP to HTTPS
4545 - [Sergei Nikulov brought this change]
4547 AppVeyor: updated to handle OpenSSL/WinSSL builds
4551 Jay Satiro (1 Feb 2016)
4552 - tool_operate: Don't sanitize --output path (Windows)
4554 Due to path separators being incorrectly sanitized in --output
4555 pathnames, eg -o c:\foo => c__foo
4557 This is a partial revert of 3017d8a until I write a proper fix. The
4558 remote-name will continue to be sanitized, but if the user specified an
4559 --output with string replacement (#1, #2, etc) that data is unsanitized
4560 until I finish a fix.
4562 Bug: https://github.com/bagder/curl/issues/624
4563 Reported-by: Octavio Schroeder
4565 - curl.1: Explain remote-name behavior if file already exists
4567 .. also warn about letting the server pick the filename.
4569 - [Gisle Vanem brought this change]
4571 urldata: Error on missing SSL backend-specific connect info
4573 Daniel Stenberg (28 Jan 2016)
4574 - bump: towards the next (7.47.1 ?)
4576 - [Sergei Nikulov brought this change]
4578 cmake: fixed when OpenSSL enabled on Windows and schannel detected
4582 Jay Satiro (28 Jan 2016)
4583 - [Sergei Nikulov brought this change]
4585 urldata: moved common variable out of ifdef
4587 Closes https://github.com/bagder/curl/pull/618
4589 - [Viktor Szakats brought this change]
4591 tool_doswin: silence unused function warning
4593 tool_doswin.c:185:14: warning: 'msdosify' defined but not used
4596 Closes https://github.com/bagder/curl/pull/616
4598 Daniel Stenberg (27 Jan 2016)
4599 - getredirect.c: fix variable name
4601 Reported-by: Bernard Spil
4603 Version 7.47.0 (27 Jan 2016)
4605 Daniel Stenberg (27 Jan 2016)
4606 - examples/Makefile.inc: specify programs without .c!
4608 - THANKS: 6 new contributors from 7.47.0 release notes
4610 - [Isaac Boukris brought this change]
4612 NTLM: Fix ConnectionExists to compare Proxy credentials
4614 Proxy NTLM authentication should compare credentials when
4615 re-using a connection similar to host authentication, as it
4616 authenticate the connection.
4619 curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
4620 --proxy-ntlm --next -x http://proxy:port http://host/
4621 [-U fake_user:fake_pwd --proxy-ntlm]
4625 Bug: http://curl.haxx.se/docs/adv_20160127A.html
4627 - [Ray Satiro brought this change]
4629 curl: avoid local drive traversal when saving file (Windows)
4631 curl does not sanitize colons in a remote file name that is used as the
4632 local file name. This may lead to a vulnerability on systems where the
4633 colon is a special path character. Currently Windows/DOS is the only OS
4634 where this vulnerability applies.
4638 Bug: http://curl.haxx.se/docs/adv_20160127B.html
4640 - RELEASE-NOTES: 7.47.0
4642 - FAQ: language fix in 4.19
4644 - [paulehoffman brought this change]
4646 FAQ: Update to point to GitHub
4648 Current FAQ didn't make it clear where the main repo is.
4652 - maketgz: generate date stamp with LC_TIME=C
4654 bug: http://curl.haxx.se/mail/lib-2016-01/0123.html
4656 - curl_multi_socket_action.3: line wrap
4658 - RELEASE-NOTES: synced with d58ba66eeceb
4660 Steve Holme (21 Jan 2016)
4661 - TODO: "Create remote directories" for SMB
4663 Jay Satiro (18 Jan 2016)
4664 - mbedtls: Fix pinned key return value on fail
4666 - Switch from verifying a pinned public key in a callback during the
4667 certificate verification to inline after the certificate verification.
4669 The callback method had three problems:
4671 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
4674 2. If peer certificate verification was disabled the pinned key
4675 verification did not take place as it should.
4677 3. (related to #2) If there was no certificate of depth 0 the callback
4678 would not have checked the pinned public key.
4680 Though all those problems could have been fixed it would have made the
4681 code more complex. Instead we now verify inline after the certificate
4682 verification in mbedtls_connect_step2.
4684 Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
4685 Ref: https://github.com/bagder/curl/pull/601
4687 - tests: Add a test for pinnedpubkey fail even when insecure
4689 Because disabling the peer verification (--insecure) must not disable
4690 the public key pinning check (--pinnedpubkey).
4692 - [Daniel Schauenberg brought this change]
4694 CURLINFO_RESPONSE_CODE.3: add example
4696 Kamil Dudka (15 Jan 2016)
4697 - ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
4699 The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
4700 empty strings specially since curl-7_25_0-31-g05a443a but the behavior
4701 was unintentionally removed in curl-7_38_0-47-gfa7d04f.
4703 This commit restores the original behavior and clarifies it in the
4704 documentation that NULL and "" have both the same meaning when passed
4705 to CURLOPT_SSH_PUBLIC_KEYFILE.
4707 Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
4709 Daniel Stenberg (14 Jan 2016)
4710 - RELEASE-NOTES: synced with 35083ca60ed035a
4712 - openssl: improved error detection/reporting
4714 ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
4715 1.1.0+ returned a new func number of another cerfificate fail so this
4716 required a fix and this is the better way to catch this error anyway.
4718 - openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
4720 - CURLOPT_RESOLVE.3: minor language polish
4722 - configure: assume IPv6 works when cross-compiled
4724 The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
4725 works, and testing like that doesn't work for cross-compiles. These days
4726 IPv6 support is widespread so a blind guess is probably more likely to
4727 be 'yes' than 'no' now.
4729 Further: anyone who cross-compiles can use configure's --disable-ipv6 to
4730 explicitly disable IPv6 and that also works for cross-compiles.
4732 Made happen after discussions in issue #594
4734 - TODO: "Try to URL encode given URL"
4738 - ConnectionExists: only do pipelining/multiplexing when asked
4740 When an HTTP/2 upgrade request fails (no protocol switch), it would
4741 previously detect that as still possible to pipeline on (which is
4742 acorrect) and do that when PIPEWAIT was enabled even if pipelining was
4743 not explictily enabled.
4745 It should only pipelined if explicitly asked to.
4749 - [Mohammad AlSaleh brought this change]
4751 lib: Prefix URLs with lower-case protocol names/schemes
4753 Before this patch, if a URL does not start with the protocol
4754 name/scheme, effective URLs would be prefixed with upper-case protocol
4755 names/schemes. This behavior might not be expected by library users or
4758 For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
4759 URL is "hostname/path". The effective URL would be
4760 "HTTPS://hostname/path" instead of "https://hostname/path".
4762 After this patch, effective URLs would be prefixed with a lower-case
4763 protocol name/scheme.
4767 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
4769 - [Alessandro Ghedini brought this change]
4771 scripts: don't generate and install zsh completion when cross-compiling
4773 - [Alessandro Ghedini brought this change]
4775 scripts: fix zsh completion generation
4777 The script should use the just-built curl, not the system one. This fixes
4778 zsh completion generation when no system curl is installed.
4780 - [Alessandro Ghedini brought this change]
4782 zsh.pl: fail if no curl is found
4784 Instead of generation a broken completion file.
4786 - [Michael Kaufmann brought this change]
4788 IDN host names: Remove the port number before converting to ACE
4792 Jay Satiro (10 Jan 2016)
4793 - runtests: Add mbedTLS to the SSL backends
4795 .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.
4797 Daniel Stenberg (10 Jan 2016)
4798 - [Thomas Glanzmann brought this change]
4800 mbedtls: implement CURLOPT_PINNEDPUBLICKEY
4802 Jay Satiro (9 Jan 2016)
4803 - [Tatsuhiro Tsujikawa brought this change]
4805 url: Fix compile error with --enable-werror
4807 - [Tatsuhiro Tsujikawa brought this change]
4809 http2: Ensure that http2_handle_stream_close is called
4811 Previously, when HTTP/2 is enabled and used, and stream has content
4812 length known, Curl_read was not called when there was no bytes left to
4813 read. Because of this, we could not make sure that
4814 http2_handle_stream_close was called for every stream. Since we use
4815 http2_handle_stream_close to emit trailer fields, they were
4816 effectively ignored. This commit changes the code so that Curl_read is
4817 called even if no bytes left to read, to ensure that
4818 http2_handle_stream_close is called for every stream.
4820 Discussed in https://github.com/bagder/curl/pull/564
4822 Daniel Stenberg (8 Jan 2016)
4823 - http2: handle the received SETTINGS frame
4825 This regression landed in 5778e6f5 and made libcurl not act on received
4826 settings and instead stayed with its internal defaults.
4828 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
4831 - Revert "multiplex: allow only once HTTP/2 is actually used"
4833 This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36.
4835 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
4837 Jay Satiro (8 Jan 2016)
4838 - [Tatsuhiro Tsujikawa brought this change]
4840 http2: Fix PUSH_PROMISE headers being treated as trailers
4842 Discussed in https://github.com/bagder/curl/pull/564
4844 Daniel Stenberg (8 Jan 2016)
4845 - [Michael Kaufmann brought this change]
4847 connection reuse: IDN host names fixed
4849 Use the ACE form of IDN hostnames as key in the connection cache. Add
4854 - tests: mark IPv6 FTP and FTPS tests with the FTP keyword
4856 Jay Satiro (7 Jan 2016)
4857 - mbedtls: Fix ALPN support
4859 - Fix ALPN reply detection.
4861 - Wrap nghttp2 code in ifdef USE_NGHTTP2.
4864 Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
4866 - http2: Fix client write for trailers on stream close
4868 Check that the trailer buffer exists before attempting a client write
4869 for trailers on stream close.
4871 Refer to comments in https://github.com/bagder/curl/pull/564
4873 Daniel Stenberg (7 Jan 2016)
4874 - COPYING: update general copyright year range
4876 - ConnectionExists: add missing newline in infof() call
4878 Mistake from commit a464f33843ee1
4880 - multiplex: allow only once HTTP/2 is actually used
4882 To make sure curl doesn't allow multiplexing before a connection is
4883 upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
4884 connection uses HTTP/2 as well and not only check what's wanted.
4890 Jay Satiro (4 Jan 2016)
4891 - curl_global_init.3: Add Windows-specific info for init via DLL
4893 - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
4894 that initializing libcurl via a DLL's DllMain or static initializer
4895 could cause a deadlock.
4897 Bug: https://github.com/bagder/curl/issues/586
4898 Reported-by: marc-groundctl@users.noreply.github.com
4900 Daniel Stenberg (4 Jan 2016)
4901 - FAQ: clarify who to mail about ECCN clarifications
4903 - progressfunc.c: spellfix description
4905 - docs/examples/multi-app.c: fix bad desc formatting
4907 - examples: added descriptions
4909 - example/simple.c: add description
4911 - getredirect.c: a new example
4913 Marc Hoersken (27 Dec 2015)
4914 - RELEASE-NOTES: add 5e0e81a9c4e35f04ca
4916 Daniel Stenberg (26 Dec 2015)
4917 - RELEASE-NOTES: synced with 2aec4359db1088b10d
4919 Marc Hoersken (26 Dec 2015)
4920 - test 1515: add data check
4922 - test 1515: add MSYS support by passing a relative path
4924 MSYS would otherwise turn a /-style path into a C:\-style path.
4926 - test 539: use datacheck mode text for ASCII-mode LISTings
4928 While still using datacheck mode binary for the inline reply data.
4930 - runtests.pl: check up to 5 data parts with different text modes
4932 Move the text-mode conversion for reply/replycheck from the verify
4933 section into the load section and add support for 4 more check parts.
4935 Daniel Stenberg (24 Dec 2015)
4936 - CURLOPT_RANGE: for HTTP servers, range support is optional
4938 Marc Hoersken (24 Dec 2015)
4939 - tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings
4941 - tests 706 and 707: use datacheck mode text for ASCII-mode LISTings
4943 - tests 400,403,406: use datacheck mode text for ASCII-mode LISTings
4945 - sockfilt.c: fix calculation of sleep timeout on Windows
4947 Not converting to double caused small timeouts to be skipped.
4949 - tests first.c: fix calculation of sleep timeout on Windows
4951 Not converting to double caused small timeouts to be skipped.
4953 - test 573: add more debug output
4955 - ftplistparser.c: fix handling of file LISTings using Windows EOL
4957 Previously file.txt[CR][LF] would have been returned as file.tx
4958 (without the last t) if filetype is symlink. Now the t is
4959 included and the internal item_length includes the zero byte.
4961 Spotted using test 576 on Windows.
4963 - test 16: fix on Linux (and Windows) by using plain ASCII characters
4965 Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.
4967 - tftpd server: add Windows support by writing files in binary mode
4969 - tests 252-255: use datacheck mode text for ASCII-mode LISTings
4971 - test 16: fix on Windows by converting data file from ANSI to UTF-8
4973 Daniel Stenberg (23 Dec 2015)
4974 - Makefile.inc: s/curl_SOURCES/CURL_FILES
4976 This allows the root Makefile.am to include the Makefile.inc without
4977 causing automake to warn on it (variables named *_SOURCES are
4978 magic). curl_SOURCES is then instead assigned properly in
4979 src/Makefile.am only.
4983 - [Anders Bakken brought this change]
4985 ConnectionExists: with *PIPEWAIT, wait for connections
4987 Try harder to prevent libcurl from opening up an additional socket when
4988 CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
4989 handshakes complete first before the decision is made.
4993 - [Anders Bakken brought this change]
4995 Add .dir-locals and set c-basic-offset to 2.
4997 This makes it easier for emacs users to automatically get the right
4998 2-space indentation when they edit curl source files.
5000 c++-mode is in there as well because Emacs can't easily know if
5001 something is a C or C++ header.
5005 - [Johannes Schindelin brought this change]
5007 configure: detect IPv6 support on Windows
5009 This patch was "nicked" from the MINGW-packages project by Daniel.
5011 https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
5012 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
5014 - configure: allow static builds on mingw
5016 This patch is adopted from the MINGW-packages project. It makes it
5017 possible to build curl both shared and static again.
5019 URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl
5021 Marc Hoersken (17 Dec 2015)
5022 - test 1326: fix file check since curl is outputting binary data
5024 - test 1326: fix getting stuck on Windows due to incomplete request
5026 The request needs to be read and send in binary mode in order to use
5027 CRLF instead of LF. Adding --upload-file - causes curl to read stdin
5030 Daniel Stenberg (17 Dec 2015)
5031 - RELEASE-NOTES: command line option recount
5033 Dan Fandrich (16 Dec 2015)
5034 - scripts/Makefile: build zsh script even in an out-of-tree build
5036 Marc Hoersken (16 Dec 2015)
5037 - sockfilt.c: added some debug output to select_ws
5039 - sockfilt.c: keep lines shorter than 80 chars
5041 - sockfilt.c: do not wait on unreliable file or pipe handle
5043 The previous implementation caused issues on modern MSYS2 runtimes.
5045 Daniel Stenberg (16 Dec 2015)
5046 - cyassl: deal with lack of *get_peer_certificate
5048 The function is only present in wolfssl/cyassl if it was built with
5049 --enable-opensslextra. With these checks added, pinning support is disabled
5050 unless the TLS lib has that function available.
5052 Also fix the mistake in configure that checks for the wrong lib name.
5056 - wolfssl: handle builds without SSLv3 support
5058 - [Tatsuhiro Tsujikawa brought this change]
5060 http2: Support trailer fields
5062 This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked
5063 encoding must be used to send trialer fields. HTTP/2 deprecated any
5064 trandfer-encoding, including chunked. But trailer fields are now
5067 Since trailer fields are relatively rare these days (gRPC uses them
5068 extensively though), allocating buffer for trailer fields is done when
5069 we detect that HEADERS frame containing trailer fields is started. We
5070 use Curl_add_buffer_* functions to buffer all trailers, just like we
5071 do for regular header fields. And then deliver them when stream is
5072 closed. We have to be careful here so that all data are delivered to
5073 upper layer before sending trailers to the application.
5075 We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
5076 mechanism, but current method is far more simple.
5078 Another possibility is use chunked encoding internally for HTTP/2
5079 traffic. I have not tested it, but it could add another overhead.
5083 - RELEASE-NOTES: synced with 6c2c019654e658a
5085 Jay Satiro (15 Dec 2015)
5086 - x509asn1: Fix host altname verification
5088 - In Curl_verifyhost check all altnames in the certificate.
5090 Prior to this change only the first altname was checked. Only the GSKit
5091 SSL backend was affected by this bug.
5093 Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
5094 Reported-by: John Kohl
5096 Daniel Stenberg (15 Dec 2015)
5097 - curl --expect100-timeout: added
5099 This is the new command line option to set the value for the existing
5100 libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
5102 - cyassl: fix compiler warning on type conversion
5104 - curlver: the pending release will become 7.47.0
5106 - [Anders Bakken brought this change]
5108 setstropt: const-correctness
5112 - ROADMAP: implemented HTTP2 for HTTPS-only
5114 - HTTP2.md: spell fix and remove TODO now implemented
5116 - libressl: the latest openssl x509 funcs are not in libressl
5118 - curl: use 2TLS by default
5120 Make this the default for the curl tool (if built with HTTP/2 powers
5121 enabled) unless a specific HTTP version is requested on the command
5124 This should allow more users to get HTTP/2 powers without having to
5127 - http: add libcurl option to allow HTTP/2 for HTTPS only
5129 ... and stick to 1.1 for HTTP. This is in line with what browsers do and
5130 should have very little risk.
5132 - openssl: adapt to openssl >= 1.1.0 X509 opaque structs
5136 - openssl: avoid BIO_reset() warnings since it returns a value
5138 - openssl: adapt to 1.1.0+ name changes
5140 - scripts/makefile: add standard header
5142 - scripts/Makefile: fix GNUism and survive no perl
5146 Reported-by: Thomas Klausner
5148 - fix b6d5cb40d7038fe
5150 - [Tatsuhiro Tsujikawa brought this change]
5152 http2: Fix hanging paused stream
5154 When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
5155 might not process DATA frame fully. Calling nghttp2_session_mem_recv()
5156 again will continue to process DATA frame, but if there is no incoming
5157 frames, then we have to call it again with 0-length data. Without this,
5158 on_stream_close callback will not be called, and stream could be hanged.
5160 Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
5161 Reported-by: Francisco Moraes
5163 - [Christian Stewart brought this change]
5165 build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
5167 With curl disable verbose strings in http.c the compilation fails due to
5168 the data variable being undefined later on in the function.
5172 Jay Satiro (7 Dec 2015)
5173 - [Gisle Vanem brought this change]
5175 config-win32: Fix warning HAVE_WINSOCK2_H undefined
5177 - [Gisle Vanem brought this change]
5179 openssl: BoringSSL doesn't have CONF_modules_free
5181 - [Gisle Vanem brought this change]
5183 lwip: Fix compatibility issues with later versions
5185 The name of the header guard in lwIP's <lwip/opt.h> has changed from
5186 '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).
5190 - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
5193 - In memdebug.h, the 'socket' should be undefined first due to lwIP's
5194 lwip_socket() macro.
5196 - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
5197 special handling because they were undef'ed in memdebug.h.
5199 - In select.c we can't use preprocessor conditionals inside select if
5200 MSVC and select is a macro, as it is with lwIP.
5202 http://curl.haxx.se/mail/lib-2015-12/0023.html
5203 http://curl.haxx.se/mail/lib-2015-12/0024.html
5205 Patrick Monnerat (7 Dec 2015)
5206 - os400: define CURL_VERSION_PSL in ILE/RPG binding
5208 Jay Satiro (7 Dec 2015)
5209 - [Gisle Vanem brought this change]
5211 version: Add flag CURL_VERSION_PSL for libpsl
5213 - formdata: Check if length is too large for memory
5215 - If the size of the length type (curl_off_t) is greater than the size
5216 of the size_t type then check before allocating memory to make sure the
5217 value of length will fit in a size_t without overflow. If it doesn't
5218 then return CURLE_BAD_FUNCTION_ARGUMENT.
5220 Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
5221 Reported-by: Steve Holme
5223 Steve Holme (3 Dec 2015)
5224 - tests: Corrected copy and pasted comments from commit e643c5c908
5226 Daniel Stenberg (3 Dec 2015)
5227 - curl: remove keepalive #ifdef checks done on libcurl's behalf
5229 They didn't match the ifdef logic used within libcurl anyway so they
5230 could indeed warn for the wrong case - plus the tool cannot know how the
5231 lib actually performs at that level.
5233 Steve Holme (2 Dec 2015)
5234 - test947: Corrected typo in test name
5236 - tests: Disable the OAUTHBEARER tests when using a non-default port number
5238 Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail
5239 if a custom port number is specified via the -b option of runtests.pl.
5241 Suggested by: Kamil Dudka
5242 Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html
5244 Daniel Stenberg (2 Dec 2015)
5245 - bump: towards next release
5247 for all we know now, it might be called 7.46.1
5249 Version 7.46.0 (1 Dec 2015)
5251 Daniel Stenberg (1 Dec 2015)
5252 - RELEASE-NOTES: updated contributor count for 7.46.0
5254 - THANKS: new contributors from the 7.46.0 release
5256 - THANKS-filter: single Tim Rühsen spelling
5258 - docs/examples: gitignore some more built examples
5260 - RELEASE-NOTES; this bug was never released
5262 - RELEASE-NOTES: synced with e55f15454efacb0
5264 - [Flavio Medeiros brought this change]
5266 Curl_read_plain: clean up ifdefs that break statements
5270 - http2: convert some verbose output into debug-only output
5272 - http2 push: add missing inits of new stream
5274 - set the correct stream_id for pushed streams
5275 - init maxdownload and size properly
5277 - http2 push: set weight for new stream
5279 give the new stream the old one's stream_weight internally to avoid
5280 sending a PRIORITY frame unless asked for it
5282 - curl_setup.h: undef freeaddrinfo in c-ares block to fix build
5284 Fixes warnings 78c25c854a added.
5286 - nonblock: fix setting non-blocking mode for Amiga
5288 IoctlSocket() apparently wants a pointer to a long, passed as a char *
5289 in its third parameter. This bug was introduced already back in commit
5290 c5fdeef41d from October 1 2001!
5292 Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
5293 Reported-by: Norbert Kett
5295 - zsh install: fix DESTDIR support
5297 Reported-by: Mohammad AlSaleh
5299 Dan Fandrich (27 Nov 2015)
5300 - lib: Only define curl_dofreeaddrinfo if struct addrinfo is available
5302 Steve Holme (27 Nov 2015)
5303 - tool_paramhlp: Fixed display of URL index in password prompt for --next
5305 Commit f3bae6ed73 added the URL index to the password prompt when using
5306 --next. Unfortunately, because the size_t specifier (%zu) is not
5307 supported by all sprintf() implementations we use the curl_off_t format
5308 specifier instead. The display of an incorrect value arises on platforms
5309 where size_t and curl_off_t are of a different size.
5311 Daniel Stenberg (25 Nov 2015)
5312 - timecond: do not add if-modified-since without timecondition
5314 The RTSP code path didn't skip adding the if-modified-since for certain
5315 RTSP code paths, even if CURLOPT_TIMECONDITION was set to
5318 Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
5319 CURL_TIMECOND_IFMODSINCE.
5321 Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
5323 - RELEASE-NOTES: synced with 99d17a5e2ba77e58
5325 - examples/README: cut out the incomplete list
5327 ... and add a generic explanation for them instead. Each example file
5328 should contain its own description these days.
5330 - test1513: make sure the callback is only called once
5332 - [Daniel Shahaf brought this change]
5334 build: Install zsh completion
5339 - done: make sure the final progress update is made
5341 It would previously be skipped if an existing error was returned, but
5342 would lead to a previous value being left there and later used.
5343 CURLINFO_TOTAL_TIME for example.
5345 Still it avoids that final progress update if we reached DONE as the
5346 result of a callback abort to avoid another callback to be called after
5347 an abort-by-callback.
5349 Reported-by: Lukas Ruzicka
5353 - curl: expanded the -XHEAD warning text
5355 ... to also mention the specific options used.
5357 - Revert "cleanup: general removal of TODO (and similar) comments"
5359 This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
5361 Feedback-by: Dan Fandrich
5362 URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
5364 - CURLOPT_HEADERFUNCTION.3: fix typo
5366 Refer to _HEADERDATA not _WRITEDATA.
5368 Reported-by: Michał Piechowski
5370 - TODO: TCP Fast Open
5372 Steve Holme (22 Nov 2015)
5373 - examples: Added website parse-able descriptions to the e-mail examples
5375 - TODO: Added another 'multi-interface' idea
5377 - smb.c: Fixed compilation warnings
5379 smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
5381 smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
5382 unsigned int' may alter its value
5383 smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
5384 unsigned int' may alter its value
5386 - schannel: Corrected copy/paste error in commit 8d17117683
5388 - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
5390 Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
5392 - examples: Fixed compilation warnings
5394 pop3-multi.c:96:5: warning: implicit declaration of function 'memset'
5395 imap-multi.c:96:5: warning: implicit declaration of function 'memset'
5396 http2-download.c:226:5: warning: implicit declaration of function 'memset'
5397 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
5398 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
5400 - Makefile.inc: Fixed test run error
5402 test845 not present in tests/data/Makefile.inc
5404 Daniel Stenberg (20 Nov 2015)
5405 - TODO: remove duplicated title
5407 - TODO: added two more libcurl ideas
5409 Moved some ideas from "next major" to just ordinary ideas since we can
5410 always add new things while keeping the old without doing a "next
5413 Steve Holme (20 Nov 2015)
5414 - tests: Re-enabled tests 889 and 890 following POP3 fix
5416 - pop3: Differentiate between success and continuation responses
5418 - pop3: Added clarity on some server response codes
5420 Daniel Stenberg (20 Nov 2015)
5421 - [Daniel Shahaf brought this change]
5423 build: Fix theoretical infinite loops
5425 Add error-checking to 'cd' in a few cases where omitting the checks
5426 might result in an infinite loop.
5430 Patrick Monnerat (19 Nov 2015)
5431 - curl.h: s/#defien/#define/
5433 - os400: synchronize ILE/RPG header file
5435 - os400: Provide options for libssh2 use in compile scripts. Adjust README.
5437 Daniel Stenberg (19 Nov 2015)
5438 - [danielsh@apache.org brought this change]
5440 zsh completion: Preserve single quotes in output
5442 When an option's help string contains literal single quotes, those
5443 single quotes would be stripped from the option's description in the
5444 completion output (unless the zsh RC_QUOTES option were set while the
5445 completion function was being sourced, which is not the default). This
5446 patch makes the completion output contain single quotes where the --help
5451 Jay Satiro (18 Nov 2015)
5452 - [MaxGiting brought this change]
5454 FAQ: Grammar changes
5456 Closes https://github.com/bagder/curl/pull/533
5458 Daniel Stenberg (17 Nov 2015)
5459 - http2: http_done: don't free already-freed push headers
5461 The push headers are freed after the push callback has been invoked,
5462 meaning this code should only free the headers if the callback was never
5463 invoked and thus the headers weren't freed at that time.
5465 Reported-by: Davey Shafik
5467 - [Anders Bakken brought this change]
5469 getconnectinfo: Don't call recv(2) if socket == -1
5473 - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
5475 ... if there are more than one using the same name
5477 - http2: minor comment typo
5479 - sasl; fix checksrc warnings
5481 Steve Holme (15 Nov 2015)
5482 - RELEASE-NOTES: Adjusted for the recent OAuth 2.0 activity
5484 - tests: Disabled 889 and 890 until we support POP3 continuation responses
5486 As POP3 final and continuation responses both begin with a + character,
5487 and both the finalcode and contcode variables in SASLprotoc are set as
5488 such, we cannot tell the difference between them when we are expecting
5489 an optional continuation from the server such as the following:
5491 + something else from the server
5494 Disabled these tests until such a time we can tell the responses apart.
5496 - tests: Corrected typos from commit ba4d8f7eba
5498 - tests: Added OAUTHBEARER failure response tests
5500 - oauth2: Support OAUTHBEARER failures sent as continuation responses
5502 According to RFC7628 a failure message may be sent by the server in a
5503 base64 encoded JSON string as a continuation response.
5505 Currently only implemented for OAUTHBEARER and not XAUTH2.
5507 Daniel Stenberg (15 Nov 2015)
5508 - RELEASE-NOTES: synced with 808a17ee675
5510 Steve Holme (14 Nov 2015)
5511 - tests: Renamed existing OAuth 2.0 (XOAUTH) tests
5513 - tests: Added OAuth 2.0 (OAUTHBEARER) tests
5515 - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
5517 OAUTHBEARER is now the official "registered" SASL mechanism name for
5518 OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
5519 servers won't support the new mechanism yet.
5521 Daniel Stenberg (13 Nov 2015)
5522 - RELEASE-NOTES: recounted curl_easy_setopt() options
5524 - typecheck-gcc.h: add missing slist-using options
5526 CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing
5528 Also sorted the list.
5530 - typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA
5532 ... and sorted curl_is_cb_data_option alphabetically
5534 Jay Satiro (13 Nov 2015)
5535 - [Sebastian Pohlschmidt brought this change]
5537 openssl: Free modules on cleanup
5539 Curl_ossl_init calls OPENSSL_load_builtin_modules() but
5540 Curl_ossl_cleanup doesn't make a call to free these modules.
5542 Bug: https://github.com/bagder/curl/issues/526
5544 Steve Holme (13 Nov 2015)
5545 - symbols-in-versions: Added new CURLOPTTYPE_STRINGPOINT alias
5547 ...following commit aba281e762 to fix test 1119.
5549 Daniel Stenberg (13 Nov 2015)
5550 - curl: mark two more options strings for --libcurl output
5552 - typecheck-gcc.h: add some missing string types
5554 Also sorted that list alphabetically
5556 - curl.h: introducing the STRINGPOINT alias
5558 As an alias for OBJECTPOINT. Provided to allow us to grep for all string
5561 - cleanup: general removal of TODO (and similar) comments
5563 They tend to never get updated anyway so they're frequently inaccurate
5564 and we never go back to revisit them anyway. We document issues to work
5565 on properly in KNOWN_BUGS and TODO instead.
5567 - ftplistparser: remove empty function
5569 - openssl: remove #if check for 0.9.7 for ENGINE_load_private_key
5571 - openssl: all supported versions have X509_STORE_set_flags
5573 Simplify by removing #ifdefs and macros
5575 - openssl: remove 0.9.3 check
5577 - openssl: remove #ifdefs for < 0.9.5 support
5579 We only support >= 0.9.7
5581 - lib/vtls/openssl: remove unused traces of yassl ifdefs
5583 Dan Fandrich (12 Nov 2015)
5584 - [dfandrich brought this change]
5586 unit1603: Demote hash mismatch failure to a warning
5588 The hashes can vary between architectures (e.g. Sparc differs from x86_64).
5589 This is not a fatal problem but just reduces the coverage of these white-box
5590 tests, as the assumptions about into which hash bucket each key falls are no
5593 - [dfandrich brought this change]
5595 unit1603: Added unit tests for hash functions
5597 - [dfandrich brought this change]
5599 unit1602: Fixed failure in torture test
5601 Steve Holme (12 Nov 2015)
5602 - sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism
5604 Following the fix in commit d6d58dd558 it is necessary to re-introduce
5605 XOAUTH2 in the default enabled authentication mechanism, which was
5606 removed in commit 7b2012f262, otherwise users will have to specify
5607 AUTH=XOAUTH2 in the URL.
5609 Note: OAuth 2.0 will only be used when the bearer is specified.
5611 - [Stefan Bühler brought this change]
5613 sasl_sspi: fix identity memory leak in digest authentication
5615 - [Stefan Bühler brought this change]
5617 sasl_sspi: fixed unicode build for digest authentication
5621 - oauth2: Re-factored OAuth 2.0 state variable
5623 - sasl: Don't choose OAuth 2.0 if mechanism not advertised
5625 Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
5626 specified but the SASL mechanism wasn't supported by the server then
5627 the mechanism would be chosen.
5629 Daniel Stenberg (12 Nov 2015)
5630 - runtests: more compact "System characteristics" output
5632 - no point in repeating curl features that is already listed as features
5633 from the curl -V output
5635 - remove the port numbers/unix domain path from the output unless
5636 verbose is used, as that is rarely interesting to users.
5638 - runtests: rename conditional curl-features to $has_[name]
5640 Steve Holme (11 Nov 2015)
5641 - oauth2: Introduced support for host and port details
5643 Added support to the OAuth 2.0 message function for host and port, in
5644 order to accommodate the official OAUTHBEARER SASL mechanism which is
5645 to be added shortly.
5647 - curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined
5649 - cmake: Add missing feature macros in config header (Part 2)
5651 In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
5653 Daniel Stenberg (10 Nov 2015)
5654 - [Douglas Creager brought this change]
5656 cmake: Add missing feature macros in config header
5658 The curl_config.h file can be generated either from curl_config.h.cmake
5659 or curl_config.h.in, depending on whether you're building using CMake or
5660 the autotools. The CMake template header doesn't include entries for
5661 all of the protocols that you can disable, which (I think) means that
5662 you can't actually disable those protocols when building via CMake.
5666 - [Douglas Creager brought this change]
5668 BoringSSL: Work with stricter BIO_get_mem_data()
5670 BoringSSL implements `BIO_get_mem_data` as a function, instead of a
5671 macro, and expects the output pointer to be a `char **`. We have to add
5672 an explicit cast to grab the pointer as a `const char **`.
5676 - http2: rectify the http2 version #if check
5678 We need 1.0.0 or later. Also verified by configure.
5680 Steve Holme (9 Nov 2015)
5681 - oauth2: Don't use XAUTH2 in OAuth 2.0 function name
5683 - oauth2: Don't use XOAUTH2 in OAuth 2.0 variables
5685 - oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
5687 When referring to OAuth 2.0 we should use the official name rather the
5688 SASL mechanism name.