Changelog
-Version 7.44.0 (11 Aug 2015)
-
-Daniel Stenberg (11 Aug 2015)
-- RELEASE-NOTES: synced with c75a1e775061
+Version 7.40.0 (7 Jan 2015)
-- [Svyatoslav Mishyn brought this change]
+Daniel Stenberg (7 Jan 2015)
+- RELEASE-NOTES: version 7.40.0
- curl_formget.3: correct return code
+- darwinssl: fix session ID keys to only reuse identical sessions
- Closes #375
-
-- [Svyatoslav Mishyn brought this change]
+ ...to avoid a session ID getting cached without certificate checking and
+ then after a subsequent _enabling_ of the check libcurl could still
+ re-use the session done without cert checks.
+
+ Bug: http://curl.haxx.se/docs/adv_20150108A.html
+ Reported-by: Marc Hesse
- libcurl-tutorial.3: fix formatting
+- tests: make sure CRLFs can't be used in URLs passed to proxy
- Closes #374
+ Bug: http://curl.haxx.se/docs/adv_20150108B.html
-- [Svyatoslav Mishyn brought this change]
+- url-parsing: reject CRLFs within URLs
+
+ Bug: http://curl.haxx.se/docs/adv_20150108B.html
+ Reported-by: Andrey Labunets
- curl_easy_recv.3: fix formatting
+Steve Holme (7 Jan 2015)
+- ldap: Convert attribute output to UTF-8 when Unicode
-- [Anders Bakken brought this change]
+- ldap: Convert DN output to UTF-8 when Unicode
- http2: discard frames with no SessionHandle
-
- Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
- SessionHandle. Apparently mod_h2 will sometimes send a frame for a
- stream_id we're finished with.
+Daniel Stenberg (7 Jan 2015)
+- hostip: remove 'stale' argument from Curl_fetch_addr proto
- Use nghttp2_session_get_stream_user_data and
- nghttp2_session_set_stream_user_data to identify SessionHandles instead
- of a hash.
+ Also, remove the log output of the resolved name is NOT in the cache in
+ the spirit of only telling when something is actually happening.
+
+Steve Holme (7 Jan 2015)
+- ldap/imap: Fixed spelling mistake in comments and variable names
- Closes #372
+ Reported-by: Michael Osipov
+
+Daniel Stenberg (7 Jan 2015)
+- RELEASE-NOTES: updated with ./contributors.sh output
-- RELEASE-NOTES: synced with 9ee40ce2aba
+Dan Fandrich (5 Jan 2015)
+- curl_multibyte.h: Eliminated some trailing whitespace
-- [Viktor Szakats brought this change]
+Steve Holme (4 Jan 2015)
+- RELEASE-NOTES: Synced with ea93252ef1
- build: refer to fixed libidn versions
+- ldap: Fixed Unicode usage for all Win32 builds
- closes #371
+ Otherwise, the fixes in the previous commits would only be applicable
+ to IDN and SSPI based builds and not others such as OpenSSL with LDAP
+ enabled.
-- Revert "configure: disable libidn by default"
-
- This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3.
-
- ... since libidn has since been fixed.
+- ldap: Fixed memory leak from commit efb64fdf80
-- [Jakub Zakrzewski brought this change]
+- ldap: Fix memory leak from commit 3a805c5cc1
- CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define
-
- Otherwise the build only pretended to use GSS-API
+- ldap: Fixed attribute variable warnings when Unicode is enabled
- Closes #370
+ Use 'TCHAR *' for local attribute variable rather than 'char *'.
-- SFTP: fix range request off-by-one in size check
+- ldap: Fixed DN variable warnings when Unicode is enabled
- Reported-by: Tim Stack
+ Use 'TCHAR *' for local DN variable rather than 'char *'.
+
+- ldap: Remove the unescape_elements() function
- Closes #359
+ Due to the recent modifications this function is no longer used.
-- test46: update cookie expire time
+- ldap.c: Fixed compilation warning
- ... since it went old and thus was expired and caused the test to fail!
+ ldap.c:98: warning: extra tokens at end of #endif directive
-Steve Holme (9 Aug 2015)
-- generate.bat: Use buildconf.bat for prerequisite file generation
+- ldap: Fixed support for Unicode filter in Win32 search call
+
+- ldap.c: Fixed compilation warning
+
+ ldap.c:802: warning: comparison between signed and unsigned integer
+ expressions
-- buildconf.bat: Tidy up of comments after recent commits
+- ldap: Fixed support for Unicode attributes in Win32 search call
-- buildconf.bat: Added full generation of src\tool_hugehelp.c
+- ldap: Fixed memory leak from commit efb64fdf80
- Added support for generating the full man page based on code from
- generate.bat.
+ The unescapped DN was not freed after a successful character conversion.
-- buildconf.bat: Added detection of groff, nroff, perl and gzip
+- ldap.c: Fixed compilation error
- To allow for the full generation of tool_hugehelp.c added detection of
- the required programs - based on code from generate.bat.
+ ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
+ just 1
-- buildconf.bat: Move DOS variable clean-up code to separate function
+- ldap.c: Fixed compilation warning
- Rather than duplicate future variables, during clean-up of both success
- and error conditions, use a common function that can be called by both.
+ ldap.c:89: warning: extra tokens at end of #endif directive
-- RELEASE-NOTES: Synced with 39dcf352d2
+- ldap: Fixed support for Unicode DN in Win32 search call
-- buildconf.bat: Added error messages on failure
+- ldap: Fixed Unicode user and password in Win32 bind calls
-- buildconf.bat: Generate and clean files in the same order
+- ldap: Fixed Unicode host name in Win32 initialisation calls
-- buildconf.bat: Maintain compatibility with DOS based systems
+- ldap: Use host.dispname for infof() connection failure messages
- Commit f08e30d7bc broke compatibility with DOS and non Windows NT based
- versions of Windows due to the use of the setlocal command.
+ As host.name may be encoded use dispname for infof() failure messages.
-Jay Satiro (9 Aug 2015)
-- CURLOPT_RESOLVE.3: Note removal support was added in 7.42
-
- Bug: http://curl.haxx.se/mail/lib-2015-08/0019.html
- Reported-by: Inca R
+- ldap: Prefer 'CURLcode result' for curl result codes
-Steve Holme (8 Aug 2015)
-- checksrc.bat: Fixed error when missing *.c and *.h files
+- ldap: Pass write length in all Curl_client_write() calls
- File Not Found
-
-- checksrc.bat: Fixed incorrect 'lib\vtls' path check in commit 333c36b276
+ As we get the length for the DN and attribute variables, and we know
+ the length for the line terminator, pass the length values rather than
+ zero as this will save Curl_client_write() from having to perform an
+ additional strlen() call.
-- checksrc.bat: Fixed error when [directory] isn't a curl source directory
+- ldap: Fixed attribute memory leaks on failed client write
- The system cannot find the file specified.
-
-- checksrc.bat: Added check for unknown arguments
+ Fixed memory leaks from commit 086ad79970 as was noted in the commit
+ comments.
-- scripts: Added missing comments
+- ldap: Fixed DN memory leaks on failed client write
+
+ Fixed memory leaks from commit 086ad79970 as was noted in the commit
+ comments.
-- scripts: Always perform setlocal and endlocal calls in pairs
+- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
- Ensure that there isn't a mismatch between setlocal and endlocal calls,
- which could have happened due to setlocal being called after certain
- error conditions were checked for.
+ curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
+ [8]') to parameter of type 'char *' converts
+ between pointers to integer types with different
+ sign
-- scripts: Allow -help to be specified in any argument
+- ntlm: Use extend_key_56_to_64() for all cryptography engines
- Allow the -help command line argument to be specified in any argument
- and not just as the first.
+ Rather than duplicate the code in setup_des_key() for OpenSSL and in
+ extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
+ the same, use extend_key_56_to_64() for all engines.
-Daniel Stenberg (6 Aug 2015)
-- [juef brought this change]
+- RELEASE-NOTES: Synced with 34f0bd110f
- curl_multi_remove_handle.3: fix formatting
+- curl_ntlm_core.c: Fixed compilation warning
- closes #366
+ curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
+ but not used
-Steve Holme (6 Aug 2015)
-- README: Added notes about 'Running DLL based configurations'
+- endian: Fixed bit-shift in 64-bit integer read functions
- ...as well as a TODO for a future enhancement to the project files.
+ From commit 43792592ca and 4bb5a351b2.
- Thanks-to: Jay Satiro
+ Reported-by: Michael Osipov
-- RELEASE-NOTES: Synced with cf8975387f
+- smb: Use endian functions for reading NBT and message size values
-- buildconf.bat: Synchronise no repository error with generate.bat
+- endian: Added big endian read functions
-- generate.bat: Added a check for the presence of a git repository
+- endian: Added 64-bit integer read function
-- [Jay Satiro brought this change]
+- COPYING: Bumped copyright year to 2015
- build: Added wolfSSL configurations to VC10+ project files
+- version: Bump copyright year to 2015
+
+- smb.c: Fixed compilation warnings
- URL: https://github.com/bagder/curl/pull/174
+ smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
+ smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
+ smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
+ char *' converts between pointers to integer types with
+ different sign
-- [Jay Satiro brought this change]
+- smb: Use endian functions for reading length and offset values
- build: Added wolfSSL build script for Visual Studio projects
-
- Added the wolfSSL build script, based on build-openssl.bat, as well as
- the property sheet and header file required for the upcoming additions
- to the Visual Studio project files.
+- endian: Added 16-bit integer write function
-Daniel Stenberg (6 Aug 2015)
-- CHANGES: refer to the online changelog
+- endian: Fixed Linux compilation issues
- Suggested-by: mc0e
+ Having files named endian.[c|h] seemed to cause issues under Linux so
+ renamed them both to have the curl_ prefix in the filenames.
-- [Isaac Boukris brought this change]
+- [Julien Nabet brought this change]
- NTLM: handle auth for only a single request
-
- Currently when the server responds with 401 on NTLM authenticated
- connection (re-used) we consider it to have failed. However this is
- legitimate and may happen when for example IIS is set configured to
- 'authPersistSingleRequest' or when the request goes thru a proxy (with
- 'via' header).
+ lib1900.c: Fixed cppcheck error
- Implemented by imploying an additional state once a connection is
- re-used to indicate that if we receive 401 we need to restart
- authentication.
+ lib1900.c:182: (style) Array index 'handlenum' is used before limits
+ check
- Closes #363
-
-Steve Holme (5 Aug 2015)
-- RELEASE-NOTES: Synced with 473807b95f
-
-- generate.bat: Use buildconf.bat for prerequisite file clean-up
-
-- buildconf.bat: Added support for file clean-up via -clean
-
-- buildconf.bat: Added progress output
-
-- buildconf.bat: Avoid using goto for file not in repository
+ Bug: https://github.com/bagder/curl/pull/133
-Daniel Stenberg (5 Aug 2015)
-- curl_slist_append.3: add error checking to the example
+- endian: Added standard function descriptions
-Steve Holme (5 Aug 2015)
-- buildconf.bat: Added display of usage text with -help
+- endian: Renamed functions for curl API naming convention
-- buildconf.bat: Added exit codes for error handling
+- endian: Moved write functions to new module
-- buildconf.bat: Added our standard copyright header
+- endian: Moved read functions to new module
-- buildconf.bat: Use lower-case for commands and reserved keywords
+- endian: Introduced endian module
+
+ To allow the little endian functions, currently used in two of the NTLM
+ source files, to be used by other modules such as the SMB module.
-- generate.bat: Only clean prerequisite files when in ALL mode
+- sepheaders.c: Applied curl oding standards
-- generate.bat: Moved error messages out of sub-routines
+- [Julien Nabet brought this change]
-- generate.bat: More use of lower-case for commands and reserved keywords
+ sepheaders.c: Fixed resource leak on failure
-Daniel Stenberg (3 Aug 2015)
-- libcurl.3: fix a single typo
+- vtls: Use '(void) arg' for unused parameters
- Closes #361
-
-- RELEASE-NOTES: synced with c4eb10e2f06f
+ Prefer void for unused parameters, rather than assigning an argument to
+ itself as a) unintelligent compilers won't optimize it out, b) it can't
+ be used for const parameters, c) it will cause compilation warnings for
+ clang with -Wself-assign and d) is inconsistent with other areas of the
+ curl source code.
-- SSH: three state machine fixups
-
- The SSH state machine didn't clear the 'rc' variable appropriately in a
- two places which prevented it from looping the way it should. And it
- lacked an 'else' statement that made it possible to erroneously get
- stuck in the SSH_AUTH_AGENT state.
-
- Reported-by: Tim Stack
+- smb.c: Fixed compilation warning
- Closes #357
+ smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
-- curl_gssapi: remove 'const' to fix compiler warnings
-
- initialization discards 'const' qualifier from pointer target type
+- [Bill Nagel brought this change]
-- docs: formpost needs the full size at start of upload
+ smb: Use the connection's upload buffer
- Closes #360
+ Use the connection's upload buffer instead of allocating our own send
+ buffer.
-Steve Holme (1 Aug 2015)
-- sspi: Fix typo from left over from old code which referenced NTLM
-
- References to NTLM in the identity generation should have been removed
- in commit c469941293 but not all were.
+- RELEASE-NOTES: Synced with 1933f9d33c
-- win32: Fix compilation warnings from commit 40c921f8b8
+- schannel: Moved the ISC return flag definitions to the SSPI module
- connect.c:953:5: warning: initializer element is not computable at load
- time
- connect.c:953:5: warning: missing initializer for field 'dwMinorVersion'
- of 'OSVERSIONINFOEX'
- curl_sspi.c:97:5: warning: initializer element is not computable at load
- time
- curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion'
- of 'OSVERSIONINFOEX'
+ Moved our Initialize Security Context return attribute definitions to
+ the SSPI module, as a) these can be used by other SSPI based providers
+ and b) the ISC required attributes are defined there.
-- schannel: Fix compilation warning from commit 7a8e861a56
-
- schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion'
- of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
+- [Bill Nagel brought this change]
-Daniel Stenberg (31 Jul 2015)
-- libcurl-thread.3: minor reformatting
+ smb: Close the connection after a failed client write
-Jay Satiro (31 Jul 2015)
-- curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs
+- darwinssl: Fixed compilation warning
- Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html
- Reported-by: Eric Ridge
+ vtls.c:683:43: warning: unused parameter 'data'
-- libcurl-thread.3: Warn memory functions must be thread safe
+- sockfilt.c: Fixed compilation warnings
- Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html
- Reported-by: Eric Ridge
-
-Steve Holme (31 Jul 2015)
-- RELEASE-NOTES: Synced with 8b1d00ac1a
+ sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
+ sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
+ its value
-- INSTALL: Minor formatting correction in 'Legacy Windows and SSL' section
+- test1509: Fixed compilation warning
- ...as well as some rewording.
+ lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
+ alter its value
-Kamil Dudka (30 Jul 2015)
-- http: move HTTP/2 cleanup code off http_disconnect()
-
- Otherwise it would never be called for an HTTP/2 connection, which has
- its own disconnect handler.
-
- I spotted this while debugging <https://bugzilla.redhat.com/1248389>
- where the http_disconnect() handler was called on an FTP session handle
- causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *)
- was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
- Curl_add_buffer_free() after printing the "Connection cache is full,
- closing the oldest one." message.
-
- A previously working version of libcurl started to crash after it was
- recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
- actually used. This commit makes it work again although I suspect the
- root cause (reinterpreting session handle data of incompatible protocol)
- still has to be fixed. Otherwise the same will happen when mixing FTP
- and HTTP/2 connections and exceeding the connection cache limit.
+- test556: Fixed compilation warning
- Reported-by: Tomas Tomecek
- Bug: https://bugzilla.redhat.com/1248389
-
-Daniel Stenberg (30 Jul 2015)
-- [Viktor Szakats brought this change]
-
- ABI doc: use secure URL
+ lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
+ alter its value
-- ABI: remove the ascii logo
-
- and made the indent level to 1
+- sasl_gssapi: Fixed use of dummy username with real username
-- libcurl-multi.3: mention curl_multi_wait
+- vtls: Fixed compilation warning and an ignored return code
- ... and some general rewordings to improve this docs.
+ curl_schannel.h:123: warning: right-hand operand of comma expression
+ has no effect
- Reported-by: Tim Stack
+ Some instances of the curlssl_close_all() function were declared with a
+ void return type whilst others as int. The schannel version returned
+ CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
+ return code was ignored by the calling function Curl_ssl_close_all().
- Closes #356
-
-Steve Holme (30 Jul 2015)
-- maketgz: Fixed some VC makefiles missing from the release tarball
+ For the time being and to keep the internal API consistent, changed all
+ declarations to use a void return type.
- VC7, VC11, VC12 and VC14 makefiles were missing from the release
- tarball.
-
-- RELEASE-NOTES: Synced with 2d7e165761
+ To reduce code we might want to consider removing the unimplemented
+ versions and use a void #define like schannel does.
-- build: Added VC14 project files to Makefile.am
+Daniel Stenberg (28 Dec 2014)
+- TODO: 2.3 Better support for same name resolves
-- build: Added VC14 project files
+Steve Holme (28 Dec 2014)
+- test1520: Fixed initial teething problems
- Updates to Makefile.am for the generation of the project files in
- the tarball to follow.
+ * Missing initialisation of upload status caused a seg fault
+ * Missing data termination caused corrupt data to be uploaded
+ * Data verification should be performed in <upload> element
+ * Added missing recipient list cleanup
-Jay Satiro (29 Jul 2015)
-- libcurl-thread.3: Clarify CURLOPT_NOSIGNAL takes long value 1L
+- test1520: Fixed compilation errors
-Steve Holme (28 Jul 2015)
-- generate.bat: Use lower-case for commands and reserved keywords
-
- Whilst there are no coding standards for the batch files used in curl,
- most tend to use lower-case for keywords and upper-case for variables.
+- tests: Added test for bug #1456
-- build: Added initial VC14 support to generate.bat
-
- Visual Studio project files and updates to makefile.am to follow.
+- checksrc.bat: Fixed a problem opening files with spaces in the filename
-- build: Fixed missing .opensdf files from VC10+ .gitignore files
+- openldap: Prefer use of 'CURLcode result'
-- build: Use $(ProjectName) macro for curl.exe and curld.exe filenames
+- openldap: Use 'LDAPMessage *msg' for messages
- This wasn't possible with the old curlsrc project filenames, but like
- commit 2a615a2b64 and 11397eb6dd for libcurl use the built in Visual
- Studio macros for the output filenames.
+ This frees up the 'result' variable for CURLcode based result codes.
-- build: Renamed curl src Visual Studio project files
-
- Following commit 957fcd9049 and in preparation for adding the VC14
- project files renamed the curl source project files.
+- nss: Don't ignore Curl_extract_certinfo() OOM failure
-Daniel Stenberg (28 Jul 2015)
-- [Jay Satiro brought this change]
+- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
- libcurl-thread.3: Revert to stricter handle wording
+- nss: Use 'CURLcode result' for curl result codes
- .. also update formatting and add WinSSL and wolfSSL to the SSL/TLS
- handlers list.
-
-- [Jay Satiro brought this change]
+ ...and don't use CURLE_OK in failure/success comparisons.
- libcurl-thread.3: Consolidate thread safety info
-
- This is a new document to consolidate our thread safety information from
- several documents (curl-www:features, libcurl.3, libcurl-tutorial.3).
- Each document's section on multi-threading will now point to this one.
+- getinfo: Code style policing
-Steve Holme (27 Jul 2015)
-- README: Corrected formatting for 'Legacy Windows and SSL' section
-
- ...as well as some wording.
+- getinfo: Use 'CURLcode result' for curl result codes
-- build-openssl.bat: Added support for VC14
+- darwinssl: Use 'CURLcode result' for curl result codes
-Daniel Stenberg (26 Jul 2015)
-- RELEASE-NOTES: synced with 0f645adc95390e8
+- polarssl: Use 'CURLcode result' for curl result codes
-- test1902: attempt to make the test more reliable
+- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
- Closes #355
-
-- comment: fix comment about adding new option support
-
-Jay Satiro (25 Jul 2015)
-- build-openssl.bat: Show syntax if required args are missing
+ As this feature has been implemented for 7.40.0.
-Daniel Stenberg (26 Jul 2015)
-- TODO: improve how curl works in a windows console window
+- asiohiper.cpp: No need to initialise members of ConnInfo
- Closes #322 for now
+ ...as calloc() automatically clears the area of memory with zeros.
-- 1.11 minimize dependencies with dynamicly loaded modules
+- asiohiper.cpp: Updated for curl coding standards
- Closes #349 for now
+ ...with the exception of the start of block statement curly brackets.
-Jay Satiro (25 Jul 2015)
-- tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
+- code/docs: Use correct case for IPv4 and IPv6
- - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.
+ For consistency, as we seem to have a bit of a mixed bag, changed all
+ instances of ipv4 and ipv6 in comments and documentations to use the
+ correct case.
+
+- runtests: Fixed detection of Unix Sockets feature
- Broken by me several days ago in 172b2be.
- https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b
+ ...following change in curl --version output.
+
+- code/docs: Use Unix rather than UNIX to avoid use of the trademark
- Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html
- Reported-by: Dan Fandrich
+ Use Unix when generically writing about Unix based systems as UNIX is
+ the trademark and should only be used in a particular product's name.
-Daniel Stenberg (25 Jul 2015)
-- configure: check if OpenSSL linking wants -ldl
+- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
- To make it easier to link with static versions of OpenSSL, the configure
- script now checks if -ldl is needed for linking.
+ if2ip.c:119: warning: unused parameter 'remote_scope_id'
- Help-by: TJ Saunders
-
-- [Michael Kaufmann brought this change]
+ ...and some minor code style policing in the same function.
- HTTP: ignore "Content-Encoding: compress"
+- vtls: Don't set cert info count until memory allocation is successful
- Currently, libcurl rejects responses with "Content-Encoding: compress"
- when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
- treat the Content-Encoding "compress" the same as other
- Content-Encodings that it does not support, e.g. "bzip2". That means
- just ignoring it.
-
-- [Marcel Raad brought this change]
+ Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
+ member variable to the requested count, which could then be used
+ incorrectly as libcurl closes down.
- openssl: work around MSVC warning
+- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
- MSVC 12 complains:
+ The return type for this function was 0 on success and 1 on error. This
+ was then examined by the calling functions and, in most cases, used to
+ return CURLE_OUT_OF_MEMORY.
- lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local
- variable 'verstr' used It's a false positive, but as it's normally not,
- I have enabled warning-as-error for that warning.
-
-- [Michał Fita brought this change]
+ Instead use CURLcode for the return type and return the out of memory
+ error directly, propagating it up the call stack.
- configure: add --disable-rt option
-
- This option disables any attempts in configure to create dependency on
- stuff requiring linking to librt.so and libpthread.so, in this case this
- means clock_gettime(CLOCK_MONOTONIC, &mt).
+- configure: Use camel case for UNIX sockets feature output
- We were in need to build curl which doesn't link libpthread.so to avoid
- the following bug:
- https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
+ To match the curl --version output.
-Kamil Dudka (23 Jul 2015)
-- http2: verify success of strchr() in http2_send()
+Marc Hoersken (26 Dec 2014)
+- sockfilt.c: Reduce the number of individual memory allocations
- Detected by Coverity.
+ Merge multiple internal arrays into one, even if some variables
+ will not not be used. They are all created with the number of
+ file descriptors as their size.
- Error: NULL_RETURNS:
- lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times).
- lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr".
- lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf".
- 1300|
- 1301| hdbuf = strchr(hdbuf, 0x0a);
- 1302|-> ++hdbuf;
- 1303|
- 1304| authority_idx = 0;
+ Also fix possible thread handle leak in CloseHandle-loop.
-Jay Satiro (22 Jul 2015)
-- Windows: Fix VerifyVersionInfo calls
-
- - Fix the VerifyVersionInfo calls, which we use to test for the OS major
- version, to also test for the minor version as well as the service pack
- major and minor versions.
+- sockfilt.c: Replace 100ms sleep with thread throttle
- MSDN: "If you are testing the major version, you must also test the
- minor version and the service pack major and minor versions."
+ Improves performance of test cases 574 and 575 by 50%.
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx
+ A value of zero causes the thread to relinquish the remainder
+ of its time slice to any other thread of equal priority that is
+ ready to run. If there are no other threads of equal priority
+ ready to run, the function returns immediately, and the thread
+ continues execution.
- Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098
- Reported-by: Marcel Raad <MarcelRaad@users.noreply.github.com>
+ http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx
-- [Marcel Raad brought this change]
+Steve Holme (25 Dec 2014)
+- tool_help: Use camel case for UNIX sockets feature output
+
+ In line with the other features listed in the --version output,
+ capitalise the UNIX socket feature.
- schannel: Replace deprecated GetVersion with VerifyVersionInfo
+- vtls: Use bool for Curl_ssl_getsessionid() return type
+
+ The return type of this function is a boolean value, and even uses a
+ bool internally, so use bool in the function declaration as well as
+ the variables that store the return value, to avoid any confusion.
-Steve Holme (21 Jul 2015)
-- makefile: Added support for VC14
+- schannel: Minor code style policing for casts
-Patrick Monnerat (21 Jul 2015)
-- os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings.
+- schannel: Prefer 'CURLcode result' for curl result codes
-- libcurl: VERSIONINFO update
- Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname
- requires VERSIONINFO updating.
+- cyassl: Prefer 'CURLcode result' for curl result codes
-- http2: satisfy external references even if http2 is not compiled in.
+- tool_xattr: Use 'CURLcode result' for curl result codes
-Daniel Stenberg (20 Jul 2015)
-- http2: add stream != NULL checks for reliability
+- curl_ntlm_core.c: Fixed compilation warnings
- They should not trigger, but in case of internal problems we at least
- avoid crashes this way.
+ curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
+ 'CryptImportKey' differ in signedness
+ curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
+ incompatible pointer type
+ curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
+ from incompatible pointer type
+
+- RELEASE-NOTES: Synced with 8830df8b66
-Jay Satiro (18 Jul 2015)
-- symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol
+- gtls: Use preferred 'CURLcode result'
-- SSL: Add an option to disable certificate revocation checks
-
- New tool option --ssl-no-revoke.
- New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
+- openldap: Use standard naming for setup connection function
- Currently this option applies only to WinSSL where we have automatic
- certificate revocation checking by default. According to the
- ssl-compared chart there are other backends that have automatic checking
- (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
- some later point.
+ Renamed ldap_setup() to ldap_setup_connection() to follow more widely
+ used function naming.
+
+- rtmp: Use standard naming for setup connection function
- Bug: https://github.com/bagder/curl/issues/264
- Reported-by: zenden2k <zenden2k@gmail.com>
+ Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
+ used function naming.
-- runtests: Allow for spaces in curl custom path
+- smb: Use standard naming for setup connection function
- .. also fix some typos in test's FILEFORMAT spec.
+ Renamed smb_setup() to smb_setup_connection() to follow more widely
+ used function naming.
-- [David Woodhouse brought this change]
+- config-win32.h: Fixed line length > 79 columns
- ntlm_wb: Fix theoretical memory leak
-
- Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix
- hard-coded limit on NTLM auth packet size") introduced a potential
- memory leak on an error path, because we forget to free the buffer
- before returning an error.
-
- Fix this.
-
- Although actually, it never happens in practice because we never *get*
- here with state == NTLMSTATE_TYPE1. The state is always zero. That
- might want cleaning up in a separate patch.
-
- Reported-by: Terri Oda
+- openssl: Prefer we don't use NULL in comparisons
-- strerror: Add CRYPT_E_REVOKED to SSPI error strings
+- build: Removed WIN32 definition from the Visual Studio projects
+
+ As this pre-processor definition is defined in curl_setup.h there is no
+ need to include it in the Visual Studio project files.
-Kamil Dudka (14 Jul 2015)
-- libtest: call PR_Cleanup() on exit if NSPR is used
+- build: Removed WIN64 definition from the libcurl Visual Studio projects
- This prevents valgrind from reporting possibly lost memory that NSPR
- uses for file descriptor cache and other globally allocated internal
- data structures.
+ Removed the WIN64 pre-processor definition from the libcurl project
+ files as:
- Reported-by: Štefan Kremeň
-
-Jay Satiro (14 Jul 2015)
-- [John Malmberg brought this change]
-
- openssl: VMS support for SHA256
+ * WIN64 is not used in our source code
+ * The curl projects files don't define it
+ * It isn't required by or used in the platform SDK
+ * For backwards compatability curl_setup.h defines WIN32
+ * The compiler automatically defines _WIN64 for x64 builds
- setup-vms.h: More symbols for SHA256, hacks for older VAX
+ Historically Visual Studio projects have defined WIN32, in addition to
+ the compiler defined _WIN32 definition, and I had incorrectly changed
+ that to WIN64 for the x64 libcurl builds but not in the curl projects.
- openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX.
+ As such, it is questionable whether this should be defined or not. For
+ more information see the following cache of a discussion that took
+ place on the microsoft.public.vc.mfc newsgroup:
- openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to
- allow building on VAX and 64 bit VMS.
-
-- examples: Fix typo in multi-single.c
-
-Daniel Stenberg (7 Jul 2015)
-- [Tatsuhiro Tsujikawa brought this change]
+ http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html
- http2: Fix memory leak in push header array
+- openssl.c Fix for compilation errors with older versions of OpenSSL
+
+ openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
+ openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
-Dan Fandrich (2 Jul 2015)
-- test2041: fixed line endings in protocol part
+Daniel Stenberg (22 Dec 2014)
+- [John Malmberg brought this change]
-- cyassl: fixed mismatched sha256sum function prototype
+ Fix comment edit in vms/backup_gnv_curl_src.com
+
+ packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.
-Daniel Stenberg (1 Jul 2015)
-- [moparisthebest brought this change]
+- curl: show size of inhibited data when using -v
+
+ To offer some more info and yet it doesn't use more lines.
- SSL: Pinned public key hash support
+- openssl: fix SSL/TLS versions in verbose output
-- examples: provide <DESC> sections
+- openssl: make it compile against openssl 1.1.0-DEV master branch
-- [John Malmberg brought this change]
+Marc Hoersken (22 Dec 2014)
+- sshserver.pl: clarify and streamline variable names
- OpenVMS: VMS Software, Inc now the supplier.
-
- setup-vms.h: Symbol case fixups submitted by Michael Steve
+Daniel Stenberg (21 Dec 2014)
+- openssl: warn for SRP set if SSLv3 is used, not for TLS version
- build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the
- supplier of new versions of VMS. The install kit needs to accept
- VSI as a producer.
+ ... as it requires TLS and it was was left to warn on the default from
+ when default was SSL...
-Jay Satiro (30 Jun 2015)
-- multi: Move http2 push function declarations to header end
-
- This change necessary for binary compatibility.
+- smb: use memcpy() instead of strncpy()
- Prior to this change test 1135 failed due to the order of functions.
-
-- symbols-in-versions: Add new http2 push symbols
+ ... as it never copies the trailing zero anyway and always just the four
+ bytes so let's not mislead anyone into thinking it is actually treated
+ as a string.
- Prior to this change test 1119 failed due to the missing symbols.
+ Coverity CID: 1260214
-Daniel Stenberg (30 Jun 2015)
-- RELEASE-NOTES: synced with e6749055d653
+- [John E. Malmberg brought this change]
-- configure: disable libidn by default
+ VMS: Updates for 0740-0D1220
- For security reasons, until there is a fix.
+ lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
+ More defines to set symbols to uppercase.
- Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
- Reported-by: Gustavo Grieco, Feist Josselin
-
-- SSL-PROBLEMS: mention WinSSL problems in WinXP
-
-- CODE_OF_CONDUCT.md: added
+ src/tool_main.c : Fix parameter to vms_special_exit() call.
- Just to underscore how we treat each other in this project. Nothing new
- really, but could be useful for newcomers and outsiders to see our
- values.
-
-- tool_header_cb: fflush the header stream
+ packages/vms/ :
+ backup_gnv_curl_src.com : Fix the error message to have the correct package.
- Flush the header stream when -D is used so that they are sent off
- earlier.
+ build_curl-config_script.com : Rewrite to be more accurate.
- Bug: https://github.com/bagder/curl/issues/324
- Reported-by: Cédric Connes
-
-- [Roger Leigh brought this change]
-
- tests: Distribute CMakeLists.txt files in subdirectories
-
-- CURLOPT_FAILONERROR.3: mention that it closes the connection
+ build_libcurl_pc.com : Use tool_version.h now.
- Reported-by: bemoody
- Bug: https://github.com/bagder/curl/issues/325
-
-- curl_multi_setopt.3: alpha sort the options
-
-- curl_multi_setopt.3: add the new push options
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- http2: Use nghttp2 library error code for error return value
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- http2: Harden header validation for curl_pushheader_byname
+ build_vms.com : Fix to handle lib/vtls directory.
- Since we do prefix match using given header by application code
- against header name pair in format "NAME:VALUE", and VALUE part can
- contain ":", we have to careful about existence of ":" in header
- parameter. ":" should be allowed to match HTTP/2 pseudo-header field,
- and other use of ":" in header must be treated as error, and
- curl_pushheader_byname should return NULL. This commit implements
- this behaviour.
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- CURLMOPT_PUSHFUNCTION.3: Remove unused variable
-
-- CURLMOPT_PUSHFUNCTION.3: added example
-
-- http2: curl_pushheader_byname now takes a const char *
-
-- http2-serverpush.c: example code
-
-- http2: free all header memory after the push callback
-
-- http2: init the pushed transfer properly
-
-- http2: fixed the header accessor functions for the push callback
-
-- http2: setup the new pushed stream properly
-
-- http2: initial implementation of the push callback
-
-- http2: initial HTTP/2 server push types/docs
-
-- test1531: verify POSTFIELDSIZE set after add_handle
+ curl_gnv_build_steps.txt : Updated build procedure documentation.
- Following the fix made in 903b6e05565bf.
-
-- pretransfer: init state.infilesize here, not in add_handle
+ generate_config_vms_h_curl.com :
+ * VAX does not support 64 bit ints, so no NTLM support for now.
+ * VAX HP SSL port is ancient, needs some help.
+ * Disable NGHTTP2 for now, not ported to VMS.
+ * Disable UNIX_SOCKETS, not available on VMS yet.
+ * HP GSSAPI port does not have gss_nt_service_name.
- ... to properly support that options are set to the handle after it is
- added to the multi handle.
+ gnv_link_curl.com : Update for new curl structure.
- Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html
- Reported-by: Stefan Bühler
-
-Jay Satiro (21 Jun 2015)
-- [Lior Kaplan brought this change]
+ pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
- tool_help: fix --tlsv1 help text to use >= for TLSv1
+Marc Hoersken (21 Dec 2014)
+- sockfilt.c: use non-Ex functions that are available before WinXP
+
+ It was initially reported by Guenter that GetFileSizeEx
+ requires (_WIN32_WINNT >= 0x0500) to be true.
-- INSTALL: Advise use of non-native SSL for Windows <= XP
+- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
- Advise that WinSSL in versions <= XP will not be able to connect to
- servers that no longer support the legacy handshakes and algorithms used
- by those versions, and to use an alternate backend like OpenSSL instead.
+ Second patch to enable Windows support using Cygwin-based OpenSSH.
- Bug: https://github.com/bagder/curl/issues/253
- Reported-by: zenden2k <zenden2k@gmail.com>
+ Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.
-Kamil Dudka (19 Jun 2015)
-- curl_easy_setopt.3: restore contents removed by mistake
+- tests: support spaces in paths to SSH, SSHD and SFTP binaries
- ... in commit curl-7_43_0-18-g570076e
-
-Daniel Stenberg (19 Jun 2015)
-- curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
+ First patch to enable Windows support using Cygwin-based OpenSSH.
-Jay Satiro (18 Jun 2015)
-- cookie: Fix bug in export if any-domain cookie is present
+Steve Holme (20 Dec 2014)
+- non-ascii: Reduce variable usage
- In 3013bb6 I had changed cookie export to ignore any-domain cookies,
- however the logic I used to do so was incorrect, and would lead to a
- busy loop in the case of exporting a cookie list that contained
- any-domain cookies. The result of that is worse though, because in that
- case the other cookies would not be written resulting in an empty file
- once the application is terminated to stop the busy loop.
-
-Dan Fandrich (18 Jun 2015)
-- FTP: fixed compiling with --disable-proxy, broken in b88f980a
+ Removed 'next' variable in Curl_convert_form(). Rather than setting it
+ from 'form->next' and using that to set 'form' after the conversion
+ just use 'form = form->next' instead.
-Daniel Stenberg (18 Jun 2015)
-- tool: always provide negotiate/kerberos options
+- non-ascii: Prefer while loop rather than a do loop
- libcurl can still be built with it, even if the tool is not. Maintain
- independence!
-
-- TODO: Support IDNA2008
-
-- [Viktor Szakats brought this change]
+ This also removes the need to check that the 'form' argument is valid.
- Makefile.m32: add support for CURL_LDFLAG_EXTRAS
+- non-ascii: Reduce variable scope
- It is similar to existing CURL_CFLAG_EXTRAS, but for
- extra linker option.
+ As 'result' isn't used out side the conversion callback code and
+ previously caused variable shadowing in the libiconv based code.
-- RTSP: removed another piece of dead code
+- non-ascii: We prefer 'CURLcode result'
- Coverity CID 1306668
+ This also fixes a variable shadowing issue when HAVE_ICONV is defined
+ as rc was declared for the result code of libiconv based functions.
-- openssl: fix use of uninitialized buffer
-
- Make sure that the error buffer is always initialized and simplify the
- use of it to make the logic easier.
+Marc Hoersken (19 Dec 2014)
+- secureserver.pl: clean up formatting of config and fix verbose output
- Bug: https://github.com/bagder/curl/issues/318
- Reported-by: sneis
+ Verbose output was not matching the actual configuration file,
+ because FIPS and Windows conditions were ignored.
-- examples: more descriptions
+- secureserver.pl: update Windows detection and fix path conversion
-- examples: add descriptions with <DESC>
+- secureserver.pl: make OpenSSL CApath and cert absolute path values
- Using this fixed format for example descriptions, we can generate a
- better list on the web site.
+ Recent stunnel versions (5.08) seem to have trouble with relative
+ paths on Windows. This turns the relative paths into absolute ones.
+
+Patrick Monnerat (18 Dec 2014)
+- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.
-- libcurl-errors.3: fix typo
+- [Kyle J. McKay brought this change]
-- curl_easy_setopt.3: option order doesn't matter
+ parseurlandfillconn(): fix improper non-numeric scope_id stripping.
+ Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
-- openssl: fix build with BoringSSL
+- IPV6: address scope != scope id
+ There was a confusion between these: this commit tries to disambiguate them.
+ - Scope can be computed from the address itself.
+ - Scope id is scope dependent: it is currently defined as 1-based local
+ interface index for link-local scoped addresses, and as a site index(?) for
+ (obsolete) site-local addresses. Linux only supports it for link-local
+ addresses.
+ The URL parser properly parses a scope id as an interface index, but stores it
+ in a field named "scope": confusion. The field has been renamed into "scope_id".
+ Curl_if2ip() used the scope id as it was a scope. This caused failures
+ to bind to an interface.
+ Scope is now computed from the addresses and Curl_if2ip() matches them.
+ If redundantly specified in the URL, scope id is check for mismatch with
+ the interface index.
- OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression
- from cae43a1
+ This commit should fix SF bug #1451.
-- [Paul Howarth brought this change]
+- connect: singleipconnect(): properly try other address families after failure
- openssl: Fix build with openssl < ~ 0.9.8f
+Daniel Stenberg (16 Dec 2014)
+- SFTP: work-around servers that return zero size on STAT
- The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at
- around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks
- builds with older openssls (certainly with 0.9.8b, which is the latest
- older version I have to try with).
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
+ Pathed-by: Marc Renault
-- FTP: do the HTTP CONNECT for data connection blocking
-
- ** WORK-AROUND **
-
- The introduced non-blocking general behaviour for Curl_proxyCONNECT()
- didn't work for the data connection establishment unless it was very
- fast. The newly introduced function argument makes it operate in a more
- blocking manner, more like it used to work in the past. This blocking
- approach is only used when the FTP data connecting through HTTP proxy.
-
- Blocking like this is bad. A better fix would make it work more
- asynchronously.
+- glob_next_url: make the loop count upwards
- Bug: https://github.com/bagder/curl/issues/278
-
-- bump: start the journey toward 7.44.0
-
-Jay Satiro (17 Jun 2015)
-- CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes
+ As the former contruct apparently caused a compiler warning, mentioned
+ in d8efde07e556c.
-- CURLOPT_ERRORBUFFER.3: Improve example
+- tool_operate: we prefer 'CURLcode result'
-Version 7.43.0 (17 Jun 2015)
+- tool_urlglob: unify return codes to use CURLcode
+
+ There was a mix of GlobCode, CURLcode and ints and they were mostly
+ passing around CURLcode errors. This change makes the functions use only
+ CURLcode and removes the GlobCode type completely.
-Daniel Stenberg (17 Jun 2015)
-- RELEASE-NOTES: 7.43.0 release
+- tool_urlglob.c: partly reverse dc19789444
+
+ The loop in glob_next_url() needs to be done backwards to maintain the
+ logic. dc19789444 caused test 1235 to fail.
-- THANKS: updated with 7.43.0 names
+- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME
-- [Kamil Dudka brought this change]
+- [Jay Satiro brought this change]
- http: do not leak basic auth credentials on re-used connections
-
- CVE-2015-3236
+ opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
- This partially reverts commit curl-7_39_0-237-g87c4abb
+ Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
+ CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
+ that will be used.
- Reported-by: Tomas Tomecek, Kamil Dudka
- Bug: http://curl.haxx.se/docs/adv_20150617A.html
+ Prior to this change that behavior was only noted in the
+ CURLOPT_TIMEOUT_MS doc.
-- [Kamil Dudka brought this change]
+Nick Zitzmann (15 Dec 2014)
+- darwinssl: fix incorrect usage of aprintf()
+
+ Commit b13923f changed an snprintf() to use aprintf(), but the API usage
+ wasn't correct, and was causing a crash to occur. This fixes it.
- test2040: verify basic auth on re-used connections
+Steve Holme (14 Dec 2014)
+- copyright: Updated the copyright year following recent updates
-- SMB: rangecheck values read off incoming packet
-
- CVE-2015-3237
-
- Detected by Coverity. CID 1299430.
+Daniel Stenberg (14 Dec 2014)
+- tool_urlglob.c: reverse two loops
- Bug: http://curl.haxx.se/docs/adv_20150617B.html
+ By counting from 0 and up instead of backwards like before, we remove
+ the need for the "funny" check of the unsigned variable when decreased
+ passed zero. Easier to read and less risk for compiler warnings.
-Jay Satiro (17 Jun 2015)
-- schannel: schannel_recv overhaul
-
- This commit is several drafts squashed together. The changes from each
- draft are noted below. If any changes are similar and possibly
- contradictory the change in the latest draft takes precedence.
-
- Bug: https://github.com/bagder/curl/issues/244
- Reported-by: Chris Araman
-
- %%
- %% Draft 1
- %%
- - return 0 if len == 0. that will have to be documented.
- - continue on and process the caches regardless of raw recv
- - if decrypted data will be returned then set the error code to CURLE_OK
- and return its count
- - if decrypted data will not be returned and the connection has closed
- (eg nread == 0) then return 0 and CURLE_OK
- - if decrypted data will not be returned and the connection *hasn't*
- closed then set the error code to CURLE_AGAIN --only if an error code
- isn't already set-- and return -1
- - narrow the Win2k workaround to only Win2k
-
- %%
- %% Draft 2
- %%
- - Trying out a change in flow to handle corner cases.
-
- %%
- %% Draft 3
- %%
- - Back out the lazier decryption change made in draft2.
-
- %%
- %% Draft 4
- %%
- - Some formatting and branching changes
- - Decrypt all encrypted cached data when len == 0
- - Save connection closed state
- - Change special Win2k check to use connection closed state
-
- %%
- %% Draft 5
- %%
- - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
- connection isn't closed.
-
- %%
- %% Draft 6
- %%
- - Save the last error only if it is an unrecoverable error.
-
- Prior to this I saved the last error state in all cases; unfortunately
- the logic to cover that in all cases would lead to some muddle and I'm
- concerned that could then lead to a bug in the future so I've replaced
- it by only recording an unrecoverable error and that state will persist.
-
- - Do not recurse on renegotiation.
-
- Instead we'll continue on to process any trailing encrypted data
- received during the renegotiation only.
+Marc Hoersken (14 Dec 2014)
+- tool_urlglob.c: Added braces to clarify the conditions
+
+- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
- - Move the err checks in cleanup after the check for decrypted data.
+ The >= 0 is actually not required, since i underflows and
+ the for-loop is stopped using the < condition, but this
+ makes the VS2012 compiler and code analysis happy.
+
+- tool_binmode.c: Explicitly ignore the return code of setmode
- In either case decrypted data is always returned but I think it's easier
- to understand when those err checks come after the decrypted data check.
+ Fixes code analysis warning C6031:
+ return value ignored: <function> could return unexpected value
+
+- lib: Fixed multiple code analysis warnings if SAL are available
- %%
- %% Draft 7
- %%
- - Regardless of len value go directly to cleanup if there is an
- unrecoverable error or a close_notify was already received. Prior to
- this change we only acknowledged those two states if len != 0.
+ warning C28252: Inconsistent annotation for function:
+ parameter has another annotation on this instance
+
+Steve Holme (14 Dec 2014)
+- smb.c: Fixed code analysis warning
- - Fix a bug in connection closed behavior: Set the error state in the
- cleanup, because we don't know for sure it's an error until that time.
+ smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
+ then cast to 64-bit value. Result may not be an expected
+ value
+
+Marc Hoersken (14 Dec 2014)
+- tool_util.c: Use GetTickCount64 if it is available
+
+Steve Holme (14 Dec 2014)
+- smb: Use HAVE_PROCESS_H for process.h inclusion
- - (Related to above) In the case the connection is closed go "greedy"
- with the decryption to make sure all remaining encrypted data has been
- decrypted even if it is not needed at that time by the caller. This is
- necessary because we can only tell if the connection closed gracefully
- (close_notify) once all encrypted data has been decrypted.
+ Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
+ pre-processor define when including process.h.
+
+Daniel Stenberg (14 Dec 2014)
+- darwinssl: aprintf() to allocate the session key
- - Do not renegotiate when an unrecoverable error is pending.
+ ... to avoid using a fixed memory size that risks being too large or too
+ small.
+
+Marc Hoersken (14 Dec 2014)
+- curl_schannel: Improvements to memory re-allocation strategy
- %%
- %% Draft 8
- %%
- - Don't show 'server closed the connection' info message twice.
+ - do not grow memory by doubling its size
+ - do not leak previously allocated memory if reallocation fails
+ - replace while-loop with a single check to make sure
+ that the requested amount of data fits into the buffer
- - Show an info message if server closed abruptly (missing close_notify).
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1450
+ Reported-by: Warren Menzer
-Daniel Stenberg (16 Jun 2015)
-- [Paul Oliver brought this change]
+Steve Holme (14 Dec 2014)
+- asyn-ares: We prefer use of 'CURLcode result'
- Fix typo in docs
-
- s/curret/current/
+Marc Hoersken (14 Dec 2014)
+- curl_schannel.c: Data may be available before connection shutdown
-- [Viktor Szakats brought this change]
+Steve Holme (14 Dec 2014)
+- http2: Use 'CURLcode result' for curl result codes
- docs: update URLs
+- asyn-thread: We prefer 'CURLcode result'
-- RELEASE-NOTES: synced with f29f2cbd00dbe5f
+- smb: Fixed unnecessary initialisation of struct member variables
+
+ There is no need to set the 'state' and 'result' member variables to
+ SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
+ as calloc() initialises the contents to zero.
-- [Viktor Szakats brought this change]
+- ntlm: Fixed return code for bad type-2 Target Info
+
+ Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
+ buffers just like we do for bad decodes.
- README: use secure protocol for Git repository
+- ntlm: Remove unnecessary casts in readshort_le()
+
+ I don't think both of my fix ups from yesterday were needed to fix the
+ compilation warning, so remove the one that I think is unnecessary and
+ let the next Android autobuild prove/disprove it.
-- [Viktor Szakats brought this change]
+- curl_ntlm_msgs.c: Another attempt to fix compilation warning
+
+ curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
+ 'int' may alter its value
- HTTP2.md: use SSL/TLS IETF URLs
+Guenter Knauf (13 Dec 2014)
+- synctime.c: added own user-agent string.
-- [Viktor Szakats brought this change]
+Steve Holme (13 Dec 2014)
+- smb.c: Fixed line longer than 79 columns
- LICENSE-MIXING: update URLs
+- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
- * use SSL/TLS where available
- * follow permanent redirects
-
-- LICENSE-MIXING: refreshed
+ curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
+ 'int' may alter its value
-- curl_easy_duphandle: see also *reset
+Guenter Knauf (13 Dec 2014)
+- mk-ca-bundle.pl: restored forced run again.
-- rtsp_do: fix DEAD CODE
+- synctime.c: removed another timeserver URL.
- "At condition p_request, the value of p_request cannot be NULL."
+ worldtimeserver.com seems also no longer available.
+
+- synctime.c: fixed timeserver URLs.
- Coverity CID 1306668.
+ For getting the date header its not necessary to access special
+ pages or even CGI scripts - all pages including the main index
+ reply with the date header, therefore shortened URLs to domain.
+ Removed worldtime.com; added pool.ntp.org.
-- security:choose_mech fix DEAD CODE warning
+Steve Holme (13 Dec 2014)
+- ftp.c: Fixed compilation warning when no verbose string support
- ... by removing the "do {} while (0)" block.
+ ftp.c:819: warning: unused parameter 'lineno'
+
+- smb: Added state change functions to assist with debugging
- Coverity CID 1306669
+ For debugging purposes, and as per other protocols within curl, added
+ state change functions rather than changing the states directly.
+
+- ntlm: Use short integer when decoding 16-bit values
-- curl.1: netrc is in man section 5
+- RELEASE-NOTES: Synced with 6291a16b20
-- curl.1: small format fix
+- smtp.c: Fixed compilation warnings
- use \fI-style instead of .BR for references
+ smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
+ smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
+ smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
+ does not append to the string
+
+ Used array index notation instead.
-- urldata: store POST size in state.infilesize too
+- smb: Disable SMB when 64-bit integers are not supported
- ... to simplify checking when PUT _or_ POST have completed.
+ This fixes compilation issues with compilers that don't support 64-bit
+ integers through long long or __int64.
+
+- ntlm: Disable NTLM v2 when 64-bit integers are not supported
- Reported-by: Frank Meier
- Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
+ This fixes compilation issues with compilers that don't support 64-bit
+ integers through long long or __int64 which was introduced in commit
+ 07b66cbfa4.
-Dan Fandrich (14 Jun 2015)
-- test1530: added http to required features
+- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
+
+ Previously USE_NTLM2SESSION would only be defined automatically when
+ USE_NTRESPONSES wasn't already defined. Separated the two definitions
+ so that the user can manually set USE_NTRESPONSES themselves but
+ USE_NTLM2SESSION is defined automatically if they don't define it.
-Jay Satiro (14 Jun 2015)
-- [Drake Arconis brought this change]
+- smtp.c: Fixed line longer than 79 columns
- build: Fix typo from OpenSSL 1.0.2 version detection fix
+- config-win32.h: Don't enable Windows Crypt API if using OpenSSL
+
+ As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
+ routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
+ automatically when either OpenSSL or NSS are in use - doing so would
+ disable NTLM2Session responses in NTLM type-3 messages.
-- [Drake Arconis brought this change]
+- smtp: Fixed inappropriate free of the scratch buffer
+
+ If the scratch buffer was allocated in a previous call to
+ Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
+ call and no action taken by that call, then an attempt would be made to
+ try and free the buffer which, by now, would be part of the data->state
+ structure.
+
+ This bug was introduced in commit 4bd860a001.
- build: Properly detect OpenSSL 1.0.2 when using configure
+- smtp: Fixed dot stuffing when EOL characters were at end of input buffers
+
+ Fixed a problem with the CRLF. detection when multiple buffers were
+ used to upload an email to libcurl and the line ending character(s)
+ appeared at the end of each buffer. This meant any lines which started
+ with . would not be escaped into .. and could be interpreted as the end
+ of transmission string instead.
+
+ This only affected libcurl based applications that used a read function
+ and wasn't reproducible with the curl command-line tool.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1456
+ Assisted-by: Patrick Monnerat
-- curl_multi_info_read.3: fix example formatting
+Daniel Stenberg (11 Dec 2014)
+- telnet: fix "cast increases required alignment of target type"
-Daniel Stenberg (13 Jun 2015)
-- BINDINGS: there's a new R binding in town!
+- ntlm_wb_response: fix "statement not reached"
+
+ ... and I could use a break instead of a goto to end the loop.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
+ Reported-by: Tor Arntsen
-- BINDINGS: added the Xojo binding
+Steve Holme (10 Dec 2014)
+- RELEASE-NOTES: Synced with 1cc5194337
+
+ Added some bug fixes that I had missed in previous synchronisations.
-Jay Satiro (11 Jun 2015)
-- [Joel Depooter brought this change]
+Daniel Stenberg (10 Dec 2014)
+- Curl_unix2addr: avoid using the variable name 'sun'
+
+ I suspect this causes compile failures on Solaris:
+
+ Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
- schannel: Add support for optional client certificates
+Steve Holme (10 Dec 2014)
+- url.c: Fixed compilation warning when USE_NTLM is not defined
- Some servers will request a client certificate, but not require one.
- This change allows libcurl to connect to such servers when using
- schannel as its ssl/tls backend. When a server requests a client
- certificate, libcurl will now continue the handshake without one,
- rather than terminating the handshake. The server can then decide
- if that is acceptable or not. Prior to this change, libcurl would
- terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
- error.
+ url.c:3078: warning: variable 'credentialsMatch' set but not used
-Daniel Stenberg (11 Jun 2015)
-- curl_easy_cleanup.3: provide more SEE ALSO
+- parsedate.c: Fixed compilation warning
+
+ parsedate.c:548: warning: 'parsed' may be used uninitialized in this
+ function
+
+ As curl_getdate() returns -1 when parsedate() fails we can initialise
+ parsed to -1.
-- debug: remove http2 debug leftovers
+Daniel Stenberg (10 Dec 2014)
+- TODO: Cache negative name resolves
+
+ Worth exploring
-- VERSIONS: now using markdown
+- ldap: check Curl_client_write() return codes
+
+ There might be one or two memory leaks left in the error paths.
-- RELEASE-PROCEDURE: remove ascii logo at the top of file
+- ldap: rename variables to comply to curl standards
-- INTERNALS: absorbed docs/LIBCURL-STRUCTS
+Dan Fandrich (10 Dec 2014)
+- sws.c: Fixed 'rc' may be used uninitialized warning
-- INTERNALS: cat lib/README* >> INTERNALS
-
- and a conversion to markdown. Removed the lib/README.* files. The idea
- being to move toward having INTERNALS as the one and only "book" of
- internals documentation.
+- cookies: Improved OOM handling in cookies
- Added a TOC to top of the document.
+ This fixes the test 506 torture test. The internal cookie API really
+ ought to be improved to separate cookie parsing errors (which may be
+ ignored) with OOM errors (which should be fatal).
-Jay Satiro (8 Jun 2015)
-- openssl: LibreSSL and BoringSSL do not use TLS_client_method
-
- Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of
- TLS_client_method LibreSSL and BoringSSL didn't and still use
- SSLv23_client_method.
+Guenter Knauf (9 Dec 2014)
+- synctime.c: fixed user-agent setting.
- Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009
- Reported-by: asavah@users.noreply.github.com
+ Some websites meanwhile refuse to reply to requests from ancient
+ browsers like IE6, therefore I've comment out this setting, but
+ also fixed the string to now fake IE8 if someone enables it.
-Daniel Stenberg (9 Jun 2015)
-- RELEASE-NOTES: synced with 20ac3458068
+Daniel Stenberg (9 Dec 2014)
+- smb: fix unused return code warning
-- CURLOPT_OPENSOCKETFUNCTION: return error at once
-
- When CURL_SOCKET_BAD is returned in the callback, it should be treated
- as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently
- created when trying to connect to a server.
+Patrick Monnerat (9 Dec 2014)
+- Curl_client_write() & al.: chop long data, convert data only once.
+
+Guenter Knauf (9 Dec 2014)
+- VC build: added sspi define for winssl-zlib builds.
+
+Daniel Stenberg (9 Dec 2014)
+- schannel_recv: return the correct code
- Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1462
+ Reported-by: Tae Hyoung Ahn
-- fopen.c: fix a few compiler warnings
+- http2: avoid logging neg "failure" if h2 was not requested
-- [Ville Skyttä brought this change]
+- openldap: do not ignore Curl_client_write() return codes
- docs: Spelling fixes
+- compile: warn on unused return code from Curl_client_write()
-- [Ville Skyttä brought this change]
+Patrick Monnerat (8 Dec 2014)
+- SMB: Fix a data size mismatch that broke SMB on big-endian platforms
- docs: man page indentation and syntax fixes
+Steve Holme (7 Dec 2014)
+- smb: Fixed Windows autoconf builds following commit eb88d778e7
+
+ As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
+ either explicitly through --enable-win32-cypto or automatically on
+ _WIN32 based platforms, subsequent builds broke with the following
+ error message:
+
+ "Can't compile NTLM support without a crypto library."
-Linus Nielsen (8 Jun 2015)
-- help: Add --proxy-service-name and --service-name to the --help output
+- RELEASE-NOTES: Synced with 526603ff05
-Jay Satiro (7 Jun 2015)
-- openssl: Fix verification of server-sent legacy intermediates
-
- - Try building a chain using issuers in the trusted store first to avoid
- problems with server-sent legacy intermediates.
-
- Prior to this change server-sent legacy intermediates with missing
- legacy issuers would cause verification to fail even if the client's CA
- bundle contained a valid replacement for the intermediate and an
- alternate chain could be constructed that would verify successfully.
-
- https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
+- [Bill Nagel brought this change]
-Daniel Stenberg (5 Jun 2015)
-- BINDINGS: update several URLs
+ smb: Build with SSPI enabled
- Stop linking to the curl.haxx.se anchor pages, they are usually only
- themselves pointers to the real page so better point there directly
- instead.
+ Build SMB/CIFS protocol support when SSPI is enabled.
-- BINDINGS: the curl-rust binding
+- [Bill Nagel brought this change]
-- curl.h: add CURL_HTTP_VERSION_2
+ ntlm: Use Windows Crypt API
- The protocol is named "HTTP/2" after all. It is an alias for the
- existing CURL_HTTP_VERSION_2_0 enum.
+ Allow the use of the Windows Crypt API for NTLMv1 functions.
-- openssl: removed error string #ifdef
+Dan Fandrich (7 Dec 2014)
+- cookie.c: Refactored cleanup code to simplify
- ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
+ Also, fixed the outdated comments on the cookie API.
-- openssl: removed USERDATA_IN_PWD_CALLBACK kludge
+- get_url_file_name: Fixed crash on OOM on debug build
- Code for OpenSSL 0.9.4 serves no purpose anymore!
+ This caused a null-pointer dereference which caused a few dozen
+ torture tests to fail.
-- openssl: remove SSL_get_session()-using code
+Steve Holme (6 Dec 2014)
+- sws.c: Fixed compilation warning
- It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
- later.
+ sws.c:2191 warning: 'rc' may be used uninitialized in this function
-- openssl: remove dummy callback use from SSL_CTX_set_verify()
+- ftp.c: Fixed compilation warnings when proxy support disabled
- The existing callback served no purpose.
-
-- LIBCURL-STRUCTS: clarify for multiplexing
+ ftp.c:1827 warning: unused parameter 'newhost'
+ ftp.c:1827 warning: unused parameter 'newport'
-Jay Satiro (3 Jun 2015)
-- cookie: Stop exporting any-domain cookies
-
- Prior to this change any-domain cookies (cookies without a domain that
- are sent to any domain) were exported with domain name "unknown".
+- smb: Fixed a problem with large file transfers
- Bug: https://github.com/bagder/curl/issues/292
-
-Daniel Stenberg (3 Jun 2015)
-- RELEASE-PROCEDURE: refreshed 'coming dates'
-
-Jay Satiro (2 Jun 2015)
-- curl_setup: Change fopen text macros to use 't' for MSDOS
+ Fixed an issue with the message size calculation where the raw bytes
+ from the buffer were interpreted as signed values rather than unsigned
+ values.
- Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem
+ Assisted-by: Bill Nagel
-Daniel Stenberg (2 Jun 2015)
-- curl_multi_timeout.3: added example
+- smb: Moved the URL decoding into a separate function
-- curl_multi_perform.3: added example
+- smb: Fixed URL encoded URLs not working
-- curl_multi_info_read.3: added example
+- Makefile.inc: Added our standard header and updated file formatting
-- checksrc: detect fopen() for text without the FOPEN_* macros
-
- Follow-up to e8423f9ce150 with discussionis in
- https://github.com/bagder/curl/pull/258
+- Makefile.inc: Updated file formatting
- This check scans for fopen() with a mode string without 'b' present, as
- it may indicate that an FOPEN_* define should rather be used.
-
-- curl_getdate.3: update RFC reference
+ Aligned continuation character and used space as the separator
+ character as per other makefile files.
-Jay Satiro (1 Jun 2015)
-- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
-
- - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"
-
- This change is to explicitly specify when we need to read/write text.
- Unfortunately 't' is not part of POSIX fopen so we can't specify it
- directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.
-
- Prior to this change we had an issue on Windows if an application that
- uses libcurl overrides the default file mode to binary. The default file
- mode in Windows is normally text mode (translation mode) and that's what
- libcurl expects.
+- curl_md4.h: Updated copyright year following recent edit
- Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
- Reported-by: Orgad Shaneh
-
-Daniel Stenberg (1 Jun 2015)
-- http2-upload.c: use PIPEWAIT for playing HTTP/2 better
+ ...and minor layout adjustment.
-- http2-download: check for CURLPIPE_MULTIPLEX properly
-
- Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html
- Reported-by: Rafayel Mkrtchyan
+Patrick Monnerat (5 Dec 2014)
+- SMB: Fix big endian problems. Make it OS/400 aware.
-- [Isaac Boukris brought this change]
+- OS400: enable NTLM authentication
- HTTP-NTLM: fail auth on connection close instead of looping
+Steve Holme (5 Dec 2014)
+- multi.c: Fixed compilation warning
- Bug: https://github.com/bagder/curl/issues/256
-
-- 5.6 Refuse "downgrade" redirects
-
-- README.pingpong: removed
-
-- ROADMAP: remove HTTP/2 multiplexing - its here now
+ multi.c:2695: warning: declaration of `exp' shadows a global declaration
-- HTTP2.md: formatted properly
+Guenter Knauf (5 Dec 2014)
+- build: updated dependencies in makefiles.
-- HTTP2: moved docs into docs/ and make it markdown
+Steve Holme (5 Dec 2014)
+- sasl: Corrected formatting of function descriptions
-- README.http2: refreshed and added multiplexing info
+- sasl_gssapi: Added missing function description
-- dist: add the http2 examples
+- RELEASE-NOTES: Provided better descriptions
+
+ As it is often difficult to choose the best description for a single
+ feature when it spans many commits, updated the descriptions for the
+ recent SMB/CIFS protocol and GSS-API additions.
-- http2 examples: clean up some comments
+- sasl_sspi: Corrected some typos
-- examples: added two programs doing multiplexed HTTP/2
+- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
+
+ Don't use a hard coded size of 4 for the security layer and buffer size
+ in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
+ we have done in the sasl_gssapi module.
-- scripts: moved contributors.sh and contrithanks.sh into subdir
+- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
+
+ Reduced the amount of free's required for the decoded challenge message
+ in Curl_sasl_create_gssapi_security_message() as a result of coding it
+ differently in the sasl_gssapi module.
-- RELEASE-NOTES: synced with c005790ff1c0a
+- gssapi: Corrected typo in comments
-- [Daniel Melani brought this change]
+- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()
- openssl: typo in comment
+Daniel Stenberg (4 Dec 2014)
+- [Stefan Bühler brought this change]
-Jay Satiro (27 May 2015)
-- openssl: Use TLS_client_method for OpenSSL 1.1.0+
-
- SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
- equivalent is TLS_client_method.
+ http_perhapsrewind: don't abort CONNECT requests
- https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
+ ...they never have a body
-Daniel Stenberg (26 May 2015)
-- FAQ: How do I port libcurl to my OS?
+- [Stefan Bühler brought this change]
-Jay Satiro (25 May 2015)
-- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
-
- Document that if Set-Cookie is used without a domain then the cookie is
- sent for any domain and will not be modified.
+ HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
- Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html
- Reported-by: Alexander Dyagilev
-
-Daniel Stenberg (25 May 2015)
-- [Tatsuhiro Tsujikawa brought this change]
+ Sending NTLM/Negotiate header again after successful authentication
+ breaks the connection with certain Proxies and request types (POST to MS
+ Forefront).
- http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer
-
- Previously, after seeing upgrade to HTTP/2, we feed data followed by
- upgrade response headers directly to nghttp2_session_mem_recv() in
- Curl_http2_switched(). But it turns out that passed buffer, mem, is
- part of stream->mem, and callbacks called by
- nghttp2_session_mem_recv() will write stream specific data into
- stream->mem, overwriting input data. This will corrupt input, and
- most likely frame length error is detected by nghttp2 library. The
- fix is first copy the passed data to HTTP/2 connection buffer,
- httpc->inbuf, and call nghttp2_session_mem_recv().
+- [Stefan Bühler brought this change]
-Jay Satiro (24 May 2015)
-- CURLOPT_COOKIE.3: Explain that the cookies won't be modified
+ HTTP: don't abort connections with pending Negotiate authentication
- The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the
- outgoing request(s)." However there seems to be some user confusion
- about cookie modification. Document that the cookies set by this option
- are not modified by the cookie engine.
-
- Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html
- Reported-by: Alexander Dyagilev
-
-- CURLOPT_COOKIELIST.3: Add example
+ ... similarly to how NTLM works as Negotiate is in fact often NTLM with
+ another name.
-Dan Fandrich (24 May 2015)
-- testcurl.pl: use rel2abs to make the source directory absolute
-
- This function makes a platform-specific absolute path which uses
- backslashes on Windows. This form works when passing it on the
- command-line, as well as if the source is on another drive.
+- [Stefan Bühler brought this change]
-- conncache: fixed memory leak on OOM (torture tests)
+ fix gdb libtool invocation path
-Daniel Stenberg (24 May 2015)
-- perl: remove subdir, not touched in 9 years
+Steve Holme (4 Dec 2014)
+- sasl_gssapi: Fixed missing include from commit d3cca934ee
-- log2changes.pl: moved to scripts/
+Daniel Stenberg (4 Dec 2014)
+- [Jay Satiro brought this change]
-- [Alessandro Ghedini brought this change]
+ examples: remove sony.com from 10-at-a-time
+
+ Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
+ for the sony website because it ends the connection when the request is
+ missing a user agent.
- scripts: add zsh.pl for generating zsh completion
+Steve Holme (4 Dec 2014)
+- sasl_gssapi: Fixed missing decoding debug failure message
-Dan Fandrich (23 May 2015)
-- test1510: another flaky test
+- sasl_gssapi: Fixed honouring of no mutual authentication
-Daniel Stenberg (22 May 2015)
-- security: fix "Unchecked return value" from sscanf()
-
- By (void) prefixing it and adding a comment. Did some minor related
- cleanups.
-
- Coverity CID 1299423.
+- sasl_sspi: Added more Kerberos V5 decoding debug failure messages
-- security: simplify choose_mech
-
- Coverity CID 1299424 identified dead code because of checks that could
- never equal true (if the mechanism's name was NULL).
-
- Simplified the function by removing a level of pointers and removing the
- loop and array that weren't used.
+Daniel Stenberg (4 Dec 2014)
+- [Anthon Pang brought this change]
-- RTSP: catch attempted unsupported requests better
+ docs: Fix FAILONERROR typos
- Replace use of assert with code that properly catches bad input at
- run-time even in non-debug builds.
+ It returns error for >= 400 HTTP responses.
- This flaw was sort of detected by Coverity CID 1299425 which claimed the
- "case RTSPREQ_NONE" was dead code.
+ Bug: https://github.com/bagder/curl/pull/129
-- share_init: fix OOM crash
-
- A failed calloc() would lead to NULL pointer use.
-
- Coverity CID 1299427.
+- [Peter Wu brought this change]
-- parse_proxy: switch off tunneling if non-HTTP proxy
-
- non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL
+ tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
- Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
- Reported-by: Sean Boudreau
-
-- curl: fix potential NULL dereference
+ Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
+ option in the file generated by --libcurl.
- Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- http2: on_frame_recv: return early on stream 0
-
- Coverity CID 1299426 warned about possible NULL dereference otherwise,
- but that would only ever happen if we get invalid HTTP/2 data with
- frames for stream 0. Avoid this risk by returning early when stream 0 is
- used.
+- [Peter Wu brought this change]
-- http: removed self assignment
+ opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
- Follow-up fix from b0143a2a33f0
+ Add .nf and .fi such that the code gets wrapped in a pre on the web.
+ Fixed grammar, fixed formatting of the "See also" items.
- Detected by coverity. CID 1299429
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Tatsuhiro Tsujikawa brought this change]
+Patrick Monnerat (4 Dec 2014)
+- OS400: enable Unix sockets.
- http2: Make HTTP Upgrade work
-
- This commit just add implicitly opened stream 1 to streams hash.
+Daniel Stenberg (3 Dec 2014)
+- RELEASE-NOTES: synced with b216427e73b5e9
-Jay Satiro (22 May 2015)
-- strerror: Change SEC_E_ILLEGAL_MESSAGE description
-
- Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
- and language specific, and invariably translated to something not very
- helpful like: "The message received was unexpected or badly formatted."
-
- Bug: https://github.com/bagder/curl/issues/267
- Reported-by: Michael Osipov
+- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am
-- telnet: Fix read-callback change for Windows builds
+- updateconninfo: clear destination struct before getsockname()
- Refer to b0143a2 for more information on the read-callback change.
-
-Daniel Stenberg (21 May 2015)
-- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy!
+ Otherwise we may read uninitialized bytes later in the unix-domain
+ sockets case.
-Dan Fandrich (21 May 2015)
-- testcurl.pl: allow source to be in an arbitrary directory
-
- This way, the build directory can be located on an entirely different
- filesystem from the source code (e.g. a tmpfs).
+- curl.1: added --unix-socket
-Daniel Stenberg (20 May 2015)
-- read_callback: move to SessionHandle from connectdata
-
- With many easy handles using the same connection for multiplexing, it is
- important we store and keep the transfer-oriented stuff in the
- SessionHandle so that callbacks and callback data work fine even when
- many easy handles share the same physical connection.
+- [Peter Wu brought this change]
-- http2: show stream IDs in decimal
+ tool: add --unix-socket option
- It makes them easier to match output from the nghttpd test server.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Tatsuhiro Tsujikawa brought this change]
+- [Peter Wu brought this change]
- http2: Faster http2 upload
+ libcurl: add UNIX domain sockets support
- Previously, when we send all given buffer in data_source_callback, we
- return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream
- temporarily for writing. This itself is good. If this is the sole
- stream in the session, nghttp2_session_want_write() returns zero,
- which means that libcurl does not check writeability of the underlying
- socket. This leads to very slow upload, because it seems curl only
- upload 16k something per 1 second. To fix this, if we still have data
- to send, call nghttp2_session_resume_data after nghttp2_session_send.
- This makes nghttp2_session_want_write() returns nonzero (if connection
- window still opens), and as a result, socket writeability is checked,
- and upload speed becomes normal.
-
-- [Dmitry Eremin-Solenikov brought this change]
-
- gtls: don't fail on non-fatal alerts during handshake
+ The ability to do HTTP requests over a UNIX domain socket has been
+ requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
+ discussion happened, no patch seems to get through. I decided to give it
+ a go since I need to test a nginx HTTP server which listens on a UNIX
+ domain socket.
- Stop curl from failing when non-fatal alert is received during
- handshake. This e.g. fixes lots of problems when working with https
- sites through proxies.
-
-- curl_easy_unescape.3: update RFC reference
+ One patch [3] seems to make it possible to use the
+ CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
+ Another person wrote a Go program which can do HTTP over a UNIX socket
+ for Docker[4] which uses a special URL scheme (though the name contains
+ cURL, it has no relation to the cURL library).
- Reported-by: bsammon
- Bug: https://github.com/bagder/curl/issues/282
-
-Jay Satiro (20 May 2015)
-- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape
+ This patch considers support for UNIX domain sockets at the same level
+ as HTTP proxies / IPv6, it acts as an intermediate socket provider and
+ not as a separate protocol. Since this feature affects network
+ operations, a new feature flag was added ("unix-sockets") with a
+ corresponding CURL_VERSION_UNIX_SOCKETS macro.
- .. also correct some variable naming in curl_easy_escape.3
+ A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
+ option enables UNIX domain sockets support for all requests on the
+ handle (replacing IP sockets and skipping proxies).
- Bug: https://github.com/bagder/curl/issues/281
- Reported-by: bsammon@users.noreply.github.com
-
-Daniel Stenberg (19 May 2015)
-- [Brian Prodoehl brought this change]
-
- openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg
+ A new configure option (--enable-unix-sockets) and CMake option
+ (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
+ deliberately did not mark this feature as advanced, this is a
+ feature/component that should easily be available.
- BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl
- and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and
- OpenSSL.
+ [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
+ [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
+ [2]: http://sourceforge.net/p/curl/feature-requests/53/
+ [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
+ [4]: https://github.com/Soulou/curl-unix-socket
- re #275
-
-Jay Satiro (19 May 2015)
-- curl.1: fix missing space in section --data
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (19 May 2015)
-- transfer: remove erroneous and misleading comment
-
-Kamil Dudka (19 May 2015)
-- http: silence compile-time warnings without USE_NGHTTP2
-
- Error: CLANG_WARNING:
- lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read
-
- Error: COMPILER_WARNING:
- lib/http.c: scope_hint: In function ‘http_disconnect’
- lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
+- [Peter Wu brought this change]
-Jay Satiro (19 May 2015)
-- transfer: Replace __func__ instances with function name
+ tests: add two HTTP over UNIX socket tests
- .. also make __func__ replacement in multi.
+ test1435: a simple test that checks whether a HTTP request can be
+ performed over the UNIX socket. The hostname/port are interpreted
+ by sws and should be ignored by cURL.
- Prior to this change debug builds would fail to build if the compiler
- was building pre-c99 and didn't support __func__.
-
-Daniel Stenberg (19 May 2015)
-- [Viktor Szakats brought this change]
-
- build: bump version in default nghttp2 paths
-
-- INTERNALS: we require nghttp2 1.0.0+ now
-
-Jay Satiro (18 May 2015)
-- http: Add some include guards for the new HTTP/2 stuff
-
-Daniel Stenberg (18 May 2015)
-- http2: store upload state per stream
+ test1436: test for the ability to do two requests to the same host,
+ interleaved with one to a different hostname.
- Use a curl_off_t for upload left
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- http2: fix build when NOT h2-enabled
+- [Peter Wu brought this change]
-- http2: switch to use Curl_hash_destroy()
+ tests: add HTTP UNIX socket server testing support
- as after 4883f7019d3, the *_clean() function only flushes the hash.
-
-- curlver: restore LIBCURL_VERSION_NUM defined as a full number
+ The variable `$ipvnum` can now contain "unix" besides the integers 4
+ and 6 since the variable. Functions which receive this parameter
+ have their `$port` parameter renamed to `$port_or_path` to support a
+ path to the UNIX domain socket (as a "port" is only meaningful for TCP).
- As it breaks configure, curl-config and test 1023 if not.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Anthony Avina brought this change]
+- [Peter Wu brought this change]
- hostip: fix unintended destruction of hash table
+ sws: try to remove socket and retry bind
- .. and added unit1602 for hash.c
-
-- curlver: introducing new version number (checking) macros
-
-- runtests.pl: use 'h2c' now, no -14 anymore
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- http2: Ignore if we have stream ID not in hash in on_stream_close
+ If sws is killed it might leave a stale socket file on the filesystem
+ which would cause an EADDRINUSE error. After this patch, it is checked
+ whether the socket is really stale and if so, the socket file gets
+ removed and another bind is executed.
- We could get stream ID not in the hash in on_stream_close. For
- example, if we decided to reject stream (e.g., PUSH_PROMISE), then we
- don't create stream and store it in hash with its stream ID.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Tatsuhiro Tsujikawa brought this change]
+- [Peter Wu brought this change]
- Require nghttp2 v1.0.0
-
- This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
- and utilize recent version of nghttp2 to simplify the code,
+ sws: add UNIX domain socket support
- First we use nghttp2_option_set_no_recv_client_magic function to
- detect nghttp2 v1.0.0. That function only exists since v1.0.0.
+ This extends sws with a --unix-socket option which causes the port to
+ be ignored (as the server now listens on the path specified by
+ --unix-socket). This feature will be available in the following patch
+ that enables checking for UNIX domain socket support.
- Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
- validates received header field. If it found error, RST_STREAM with
- PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize
- this feature to simplify libcurl code. This commit does this.
+ Proxy support (CONNECT) is not considered nor tested. It does not make
+ sense anyway, first connecting through a TCP proxy, then let that TCP
+ proxy connect to a UNIX socket.
- Migration from 0.7 series are done based on nghttp2 migration
- document. For libcurl, we removed the code sending first 24 bytes
- client magic. It is now done by nghttp2 library.
- on_invalid_frame_recv callback signature changed, and is updated
- accordingly.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- http2: infof length in on_frame_send()
+- [Peter Wu brought this change]
-- pipeline: switch some code over to functions
+ sws: restrict TCP_NODELAY to IP sockets
- ... to "compartmentalize" a bit and make it easier to change behavior
- when multiplexing is used instead of good old pipelining.
-
-- symbols-in-versions: add CURLOPT_PIPEWAIT
-
-- CURLOPT_PIPEWAIT: added
+ TCP_NODELAY does not make sense for Unix sockets, so enable it only if
+ the socket is using IP.
- By setting this option to 1 libcurl will wait for a connection to reveal
- if it is possible to pipeline/multiplex on before it continues.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- Curl_http_readwrite_headers: minor code simplification
+Dan Fandrich (3 Dec 2014)
+- [Dave Reisner brought this change]
-- IsPipeliningPossible: fixed for http2
+ curl.1: fix trivial typo
-- http2: bump the h2 buffer size to 32K for speed
+Steve Holme (3 Dec 2014)
+- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()
-- http2: remove the stream from the hash in stream_close callback
-
- ... and suddenly things work much better!
-
-- http2: if there is paused data, do not clear the drain field
+- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()
-- http2: rename s/data/pausedata
-
-- http2: "stream %x" in all outputs to make it easier to search for
+- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
+
+ Added helper function for returning a GSS-API compatible SPN.
-- http2: Curl_expire() all handles with incoming traffic
+Daniel Stenberg (3 Dec 2014)
+- NSS: enable the CAPATH option
- ... so that they'll get handled next in the multi loop.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1457
+ Patch-by: Tomasz Kojm
-- http2: don't signal settings change for same values
+Steve Holme (3 Dec 2014)
+- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds
-- http2: set default concurrency, fix ConnectionExists for multiplex
+- sasl_gssapi: Added GSS-API based Kerberos V5 variables
-- bundles: store no/default/pipeline/multiplex
+- sws.c: Fixed compilation warning when IPv6 is disabled
- to allow code to act differently on the situation.
-
- Also added some more info message for the connection re-use function to
- make it clearer when connections are not re-used.
+ sws.c:69: warning: comma at end of enumerator list
-- http2: lazy init header_recvbuf
+- sasl_gssapi: Made log_gss_error() a common GSS-API function
- It makes us use less memory when not doing HTTP/2 and subsequently also
- makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
-
-- http2: separate multiplex/pipelining + cleanup memory leaks
-
-- CURLMOPT_PIPELINE: bit 1 is for multiplexing
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- http2: Fix bug that data to be drained are overwritten by pending "paused" data
-
-- [Tatsuhiro Tsujikawa brought this change]
+ Made log_gss_error() a common function so that it can be used in both
+ the http_negotiate code as well as the curl_sasl_gssapi code.
- http2: Don't call nghttp2_session_mem_recv while it is paused by a stream
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- http2: Read data left in connection buffer after pause
+- sasl_gssapi: Introduced GSS-API based SASL module
- Previously when we do pause because of out of buffer, we just throw
- away unread data in connection buffer. This just broke protocol
- framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this
- issue by remembering how much data read, and in the next iteration, we
- process remaining data.
-
-- [Tatsuhiro Tsujikawa brought this change]
+ Added the initial version of curl_sasl_gssapi.c and updated the project
+ files in preparation for adding GSS-API based Kerberos V5 support.
- http2: Fix streams get stuck
+- smb: Don't try to connect with empty credentials
- This commit fixes the bug that streams get stuck if stream gets some
- DATA, and stream->closed becomes true at the same time. Previously,
- in this condition, after we processed DATA, we are going to try to
- read data from underlying transport, but there is no data, and gets
- EAGAIN. There was no code path to evaludate stream->closed.
-
-- http2: store incoming h2 SETTINGS
-
-- pipeline: move function to pipeline.c and make static
+ On some platforms curl would crash if no credentials were used. As such
+ added detection of such a use case to prevent this from happening.
- ... as it was only used from there.
+ Reported-by: Gisle Vanem
-- IsPipeliningPossible: http2 can always "pipeline" (multiplex)
+- smb.c: Coding policing of pointer usage
-- http2: remove debug logging from on_frame_recv
+- configure: Fixed inclusion of SMB when no crypto engines available
-- http2: remove the closed check in http2_recv
-
- With the "drained" functionality we can get here slightly asynchronously
- so the stream have have been closed but there is pending data left to
- read.
+Guenter Knauf (1 Dec 2014)
+- build: in Makefile.m32 simplified autodetection.
-- http2: bump the h2 buffer to 8K
+Daniel Stenberg (30 Nov 2014)
+- [Peter Wu brought this change]
-- http2: Curl_read should not use the single buffer
+ sws: move away from IPv4/IPv4-only assumption
- ... as it does for pipelining when we're multiplexing, as we need the
- different buffers to store incoming data correctly for all streams.
-
-- http2: more debug outputs
-
-- http2: leave WAITPERFORM when conn is multiplexed
+ Instead of depending the socket domain type on use_ipv6, specify the
+ domain type (AF_INET / AF_INET6) as variable. An enum is used here with
+ switch to avoid compiler warnings in connect_to, complaining that rc
+ is possibly undefined (which is not possible as socket_domain is
+ always set).
- No need to wait for our "spot" like for pipelining
-
-- http2: force "drainage" of streams
+ Besides abstracting the socket type, make the debugging messages be
+ independent on IP (introduce location_str which points to "port XXXXX").
+ Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
- ... which is necessary since the socket won't be readable but there is
- data waiting in the buffer.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- http2: move the mem+len pair to the stream struct
+- [Peter Wu brought this change]
-- http2: more stream-oriented data, stream ID 0 is for connections
-
-- http2: move lots of state data to the 'stream' struct
+ lib/connect: restrict IP/TCP options to said sockets
- ... from the connection struct. The stream one being the 'struct HTTP'
- which is kept in the SessionHandle struct (easy handle).
+ This patch prepares for adding UNIX domain sockets support.
- lookup streams for incoming frames in the stream hash, hashing is based
- on the stream id and we get the SessionHandle for the incoming stream
- that way.
-
-- HTTP: partial start at fixing up hash-lookups on http2 frame receival
-
-- http: a stream hash for h2 multiplexing
+ TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
+ apply these to other socket types. bindlocal only works for IP sockets
+ (independent of TCP/UDP), so filter that out too for other types.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- http: a stream hash for h2 multiplexing
+- smb.c: use size_t as input argument types for msg sizes
+
+ This fixes warnings about conversions to int
-- http2: debug log when receiving unexpected stream_id
+Steve Holme (30 Nov 2014)
+- version: The next release will become 7.40.0
-- http2: move stream_id to the HTTP struct (per-stream)
+- [Bill Nagel brought this change]
-- Curl_http2_setup: only do it once and enable multiplex on the server
+ docs: Updated for the SMB protocol
- Once we know we are HTTP/2 enabled we know the server can multiplex.
+ This patch updates the documentation for the SMB/CIFS protocol.
-- http: switch on "pipelining" (multiplexing) for HTTP/2 servers
+- curl tool: Exclude SMB from the protocol redirect
- ... and do not blacklist any.
+ As local files could be accessed through \\localhost\c$.
+
+- [Bill Nagel brought this change]
-- README.pipelining: removed
+ curl tool: Enable support for the SMB protocol
- All the details mentioned here are better documented in man pages
+ This patch enables SMB/CIFS support in the curl command-line tool.
-Dan Fandrich (14 May 2015)
-- build: removed bundles.c from make files
+- smb.c: Fixed compilation warnings
- This file was removed in commit fd137786
+ smb.c:398: warning: comparison of integers of different signs:
+ 'ssize_t' (aka 'long') and 'unsigned long'
+ smb.c:443: warning: comparison of integers of different signs:
+ 'ssize_t' (aka 'long') and 'unsigned long'
-Daniel Stenberg (14 May 2015)
-- Curl_conncache_add_conn: fix memory leak on OOM
+- libcurl: Exclude SMB from the protocol redirect
+
+ As local files could be accessed through \\localhost\c$.
-- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number
+- [Bill Nagel brought this change]
-- conncache: keep bundles on host+port bases, not only host names
+ libcurl: Enable support for the SMB protocol
- Previously we counted all connections to a specific host name and that
- would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example,
- while servers on different port numbers are normally considered
- different "origins" on the web and should thus be considered different
- hosts.
+ This patch enables SMB/CIFS support in libcurl.
-- bundles: merged into conncache.c
+- smb.c: Fixed compilation warnings
- All the existing Curl_bundle* functions were only ever used from within
- the conncache.c file, so I moved them over and made them static (and
- removed the Curl_ prefix).
+ smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
+ int' may alter its value
+ smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
+ int' may alter its value
+ smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
+ smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
+ alter its value
+ smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
+ alter its value
+ smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
+ alter its value
-- hostcache: made all host caches use structs, not pointers
+- smb.c: Renamed SMB command message variables to avoid compiler warnings
- This avoids unnecessary dynamic allocs and as this also removed the last
- users of *hash_alloc() and *hash_destroy(), those two functions are now
- removed.
+ smb.c:489: warning: declaration of 'close' shadows a global declaration
+ smb.c:511: warning: declaration of 'read' shadows a global declaration
+ smb.c:528: warning: declaration of 'write' shadows a global declaration
-- multi: converted socket hash into non-allocated struct
+- smb.c: Fixed compilation warnings
- avoids extra dynamic allocation
+ smb.c:212: warning: unused parameter 'done'
+ smb.c:380: warning: ISO C does not allow extra ';' outside of a function
+ smb.c:812: warning: unused parameter 'premature'
+ smb.c:822: warning: unused parameter 'dead'
-- connection cache: avoid Curl_hash_alloc()
+- smb.c: Fixed compilation warnings
- ... by using plain structs instead of pointers for the connection cache,
- we can avoid several dynamic allocations that weren't necessary.
-
-- proxy: add newline to info message
-
-Patrick Monnerat (8 May 2015)
-- FTP: fix dangling conn->ip_addr dereference on verbose EPSV.
-
-- FTP: Make EPSV use the control IP address rather than the original host.
- This ensures an alternate address is not used.
- Does not apply to proxy tunnel.
-
-Daniel Stenberg (8 May 2015)
-- [Alessandro Ghedini brought this change]
-
- tool_help: fix formatting for --next option
+ smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
+ possible loss of data
+ smb.c:425: warning: conversion from '__int64' to 'unsigned short',
+ possible loss of data
+ smb.c:452: warning: conversion from '__int64' to 'unsigned short',
+ possible loss of data
-- [Egon Eckert brought this change]
-
- opts: improved the TCP keepalive examples
-
-Jay Satiro (8 May 2015)
-- winbuild: Document the option used to statically link the CRT
-
- - Document option RTLIBCFG (runtime library configuration).
+- smb.c: Fixed compilation warnings
- Bug: https://github.com/bagder/curl/issues/254
- Reported-by: Bert Huijben
+ smb.c:162: error: comma at end of enumerator list
+ smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
+ possible loss of data
+ smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
+ possible loss of data
+ smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
+ possible loss of data
-- [Orgad Shaneh brought this change]
+- [Bill Nagel brought this change]
- netrc: Read in text mode when cygwin
-
- Use text mode when cygwin to eliminate trailing carriage returns.
+ smb: Added initial SMB functionality
- Bug: https://github.com/bagder/curl/pull/258
+ Initial implementation of the SMB/CIFS protocol.
-Patrick Monnerat (5 May 2015)
-- OS400: Add SPNEGO service name options to ILE/RPG binding.
+- [Bill Nagel brought this change]
-Daniel Stenberg (4 May 2015)
-- curl_multi_info_read.3: fix typo
+ smb: Added SMB handler interfaces
- Reported-by: Liviu Chircu
+ Added the SMB and SMBS handler interface structures and associated
+ functions required for SMB/CIFS operation.
-- MANUAL: language fix
+- transfer: Code style policing
- Reported-by: Fred Stluka
- Bug: https://github.com/bagder/curl/issues/255
-
-- [Alessandro Ghedini brought this change]
+ Prefer ! rather than NULL in if statements, added comments and updated
+ function spacing, argument spacing and line spacing to be more readble.
- gtls: properly retrieve certificate status
+- transfer: Fixed existing scratch buffer being checked for NULL twice
- Also print the revocation reason if appropriate.
+ If the scratch buffer already existed when the CRLF conversion was
+ performed then the buffer pointer would be checked twice for NULL. This
+ second check is only necessary if the call to malloc() was performed by
+ the first check.
-- OpenSSL: conditional check for SSL3_RT_HEADER
+- smtp: Fixed dot stuffing being performed when no new data read
- The symbol is fairly new.
+ Whilst I had moved the dot stuffing code from being performed before
+ CRLF conversion takes place to after it, in commit 4bd860a001, I had
+ moved it outside the 'when something read' block of code when meant
+ it could perform the dot stuffing twice on partial send if nread
+ happened to contain the right values. It also meant the function could
+ potentially read past the end of buffer. This was highlighted by the
+ following warning:
- Reported-by: Kamil Dudka
+ warning: `nread' might be used uninitialized in this function
-- openssl: skip trace outputs for ssl_ver == 0
-
- The OpenSSL trace callback is wonderfully undocumented but given a
- journey in the source code, it seems the cases were ssl_ver is zero
- doesn't follow the same pattern and thus turned out confusing and
- misleading. For now, we skip doing any CURLINFO_TEXT logging on those
- but keep sending them as CURLINFO_SSL_DATA_OUT/IN.
+Daniel Stenberg (29 Nov 2014)
+- smb.h: fixed picky compiler warning
- Also, I added direction to the text info and I edited some functions
- slightly.
-
- Bug: https://github.com/bagder/curl/issues/219
- Reported-by: Jay Satiro, Ashish Shukla
-
-Marc Hoersken (2 May 2015)
-- schannel.c: Small changes
+ smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]
-- schannel.c: Improve code path and readability
+Steve Holme (29 Nov 2014)
+- tests: Disable test 1013 until SMB is fully added
-- schannel.c: Improve error and return code handling upon aa99a63f03
-
-- [Chris Araman brought this change]
+- [Bill Nagel brought this change]
- schannel: fix regression in schannel_recv
+ smb: Added SMB protocol and port definitions
- https://github.com/bagder/curl/issues/244
-
- Commit 145c263 changed the behavior when Curl_read_plain returns
- CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
- correctly.
+ Added the necessary protocol and port definitions in order to support
+ SMB/CIFS.
+
+- [Bill Nagel brought this change]
-- Bug born in changes made several days ago 9a91e80.
+ smb: Added internal SMB definitions and structures
- Commit: https://github.com/bagder/curl/commit/926cb9f
- Reported-by: Ray Satiro
+ Added the internal definitions and structures necessary for SMB/CIFS
+ support.
-Daniel Stenberg (30 Apr 2015)
-- [Michael Osipov brought this change]
+- [Bill Nagel brought this change]
- configure: remove missing and make it autogenerate
+ smb: Added SMB connection structure
- The missing file has not been autogenerated because a temporary fix was
- employed in acinclude.m4 which blocked update. Removed that fix and a recent
- version of missing is copied to build root.
+ Added the connection structure that will be required in urldata.h for
+ SMB/CIFS based connections.
-- [Michael Osipov brought this change]
+- [Bill Nagel brought this change]
- acinclude.m4: fix test for default CA cert bundle/path
+ smb: Added initial source files for SMB
- test(1) on HP-UX requires a single equals sign and fails with two.
- Let's use one and make every OS happy.
+ Added the initial source files and updated the relevant project files in
+ order to support SMB/CIFS.
-- CONTRIBUTING.md: remove the sourceforge mention
-
- Reported-By: Michael Osipov
+- [Bill Nagel brought this change]
-Dan Fandrich (30 Apr 2015)
-- http_negotiate_sspi: added missing data variable
+ smb: Added configuration options for SMB
+
+ Added --enable-smb and --disable-smb configuration options for the
+ upcoming SMB/CIFS protocol support.
-Daniel Stenberg (30 Apr 2015)
-- [Michael Osipov brought this change]
+Daniel Stenberg (28 Nov 2014)
+- [Peter Wu brought this change]
- configure: remove --automake from libtoolize call
+ runtests.pl: fix startup of IPv6 servers
- That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4.
- Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility".
+ Commit curl-7_23_1-143-g8218064 changed the parameter of
+ responsive_http_server to accept types other than IPv6 (converting
+ from a boolean to a string), but only considered the lower-case "ipv6"
+ and not the "IPv6" variant. This caused all servers to start in IPv4
+ mode instead.
- This option is redundant now.
-
-- [Viktor Szakats brought this change]
-
- build: update depedency versions, urls, example makefiles
+ This patch converts the remaining cases to "ipv6". While not strictly
+ necessary for the run*server variants, these got also converted for
+ consistency and to prevent future errors.
- - update default versions of dependencies (except for rare/old platforms)
- - update urls
- - sync examples makefiles with main ones
- - remove line ending space
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Michael Osipov brought this change]
+- [Peter Wu brought this change]
- configure: remove autogenerated files by autoconf
+ runtests.pl: fix warning message, remove duplicate value
- * install-sh is always regenerated
- * mkinstalldirs was already redudant years ago. Automake uses install for
- that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Anders Bakken brought this change]
-
- curl_multi_add_handle: next is already NULL
-
-Jay Satiro (30 Apr 2015)
-- schannel: Fix out of bounds array
+Steve Holme (27 Nov 2014)
+- http.c: Fixed compilation warnings from features being disabled
- Bug born in changes made several days ago 9a91e80.
+ warning: unused variable 'data'
+ warning: variable 'addcookies' set but not used
- Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
- Reported-by: Brian Chrisman
+ ...and some very minor coding style policing.
-- docs/libcurl: gitignore libcurl-symbols.3
-
- Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html
- Reported-by: Michael Osipov
+- RELEASE-NOTES: Synced with c5399c827d
-- [Viktor Szakats brought this change]
+- tests: Added SMTP with --crlf test case
- lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
-
- This fixes using a multi-target mingw distro to build curl .dll for the
- non-default target.
- (mirroring the same patch present in src/makefile.m32)
+- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion
-Daniel Stenberg (29 Apr 2015)
-- RELEASE-NOTES: synced with cd39b944afc
+- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
- I've not mentioned the bug fixes that were shipped in 7.42.1 from the
- 7_42 branch.
-
-- THANKS: merged from the 7.42.1 release
+ ...and some comment typos!
-- CURLOPT_HEADEROPT: default to separate
+- smtp: Added support for the conversion of Unix newlines during mail send
- Make the HTTP headers separated by default for improved security and
- reduced risk for information leakage.
+ Added support for the automatic conversion of Unix newlines to CRLF
+ during mail uploads.
- Bug: http://curl.haxx.se/docs/adv_20150429.html
- Reported-by: Yehezkel Horowitz, Oren Souroujon
-
-Linus Nielsen (28 Apr 2015)
-- docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation
-
-Daniel Stenberg (28 Apr 2015)
-- hash: simplify Curl_str_key_compare()
+ Feature: http://curl.haxx.se/bug/view.cgi?id=1456
-- dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME
+- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols
-- [Linus Nielsen brought this change]
-
- Negotiate: custom service names for SPNEGO.
+Daniel Stenberg (25 Nov 2014)
+- curl*3: added small examples
- * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
- * Add new curl options, --proxy-service-name and --service-name.
-
-- http2: unify http_conn variable names to 'c'
+ and some minor edits
-- ConnectionExists: call it multi-use instead of pipelining
+- libcurl.3: fix formatting
- So that it fits HTTP/2 as well
+ refer to functions with the man page section properly
-Kamil Dudka (27 Apr 2015)
-- [Paul Howarth brought this change]
+- man pages: SEE ALSO curl_multi_wait
- nss: fix compilation failure with old versions of NSS
-
- Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
+- curl_multi_wait.3: clarify numfds being used if not NULL
-Daniel Stenberg (27 Apr 2015)
-- sws: init http2 state properly
+- multi-single.c: switch to use curl_multi_wait
- It would otherwise cause problems when running tests after 1801 etc.
+ Makes the example much easier and straight-forward!
-- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
-
- ... as it was previouly undocumented what the pointer was.
+- testcurl: bump the version of this script!
-- runtests: use a DISABLED.local file too
+- testcurl: skip reading the setup file if given enough cmdline info
- ... and have git ignore that. Allows for a dev to add tests to ignore in
- local tests and yet don't obstruct a normal git work flow.
-
-Marc Hoersken (26 Apr 2015)
-- schannel.c: Fix typo introduced with 3447c973d0
+ This makes it much easier to run multiple tests in the same directory,
+ just altering the command lines used.
-- schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
+- select.c: fix compilation for VxWorks
- Reported-by: Brian Chrisman
+ Reported-by: Brian
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1455
-Daniel Stenberg (26 Apr 2015)
-- schannel: re-indented file to follow curl style better
-
- white space changes only
+Patrick Monnerat (24 Nov 2014)
+- [moparisthebest brought this change]
-- Curl_ossl_init: load builtin modules
-
- To have engine modules work, we must tell openssl to load builtin
- modules first.
-
- Bug: https://github.com/bagder/curl/pull/206
+ SSL: Add PEM format support for public key pinning
-- configure: follow-up fix for krb5-config
+Kamil Dudka (24 Nov 2014)
+- Revert "repository: ignore patch files generated by git"
- commit 5b66860652 was incomplete so here's a follow-up fix
+ This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61.
- Reported-by: Dagobert Michelsen
- Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
+ Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738
-- openssl: fix serial number output
+Steve Holme (23 Nov 2014)
+- multi.c: Fixed compilation warnings when no verbose string support
- The code extracting the cert serial number was broken and didn't display
- it properly.
-
- Bug: https://github.com/bagder/curl/issues/235
- Reported-by: dkjjr89
+ warning: variable 'connection_id' set but not used
+ warning: unused parameter 'lineno'
-- [Grant Pannell brought this change]
+- RELEASE-NOTES: Synced with 1450712e76
- sasl_sspi: Populate domain from the realm in the challenge
-
- Without this, SSPI based digest auth was broken.
-
- Bug: https://github.com/bagder/curl/pull/141.patch
+- sasl: Tidied up some parameter comments
-Jay Satiro (25 Apr 2015)
-- [Anthony Avina brought this change]
+- sasl: Reduced the need for two sets of NTLM functions
- tool: New option --data-raw to HTTP POST data, '@' allowed.
-
- Add new option --data-raw which is almost the same as --data but does
- not have a special interpretation of the @ character.
-
- Prior to this change there was no (easy) way to pass the @ character as
- the first character in POST data without it being interpreted as a
- special character.
-
- Bug: https://github.com/bagder/curl/issues/198
- Reported-by: Jens Rantil
+- ntlm: Moved NSS initialisation to base decode function
-Dan Fandrich (25 Apr 2015)
-- test2039: fixed line endings that caused a test failure
+- http_ntlm: Fixed additional NSS initialisation call when decoding type-2
+
+ After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
+ twice when decoding a NTLM type-2 message, once directly and the other
+ through the call to Curl_sasl_decode_ntlm_type2_message().
-Daniel Stenberg (24 Apr 2015)
-- [Viktor Szakats brought this change]
+- ntlm: Fixed static'ness of local decode function
- netrc: add unit tests for 'default' support
+- ntlm: Corrected some parameter names and comments
-- [Viktor Szakats brought this change]
+- runtests.pl: Re-aligned feature support comments
- netrc: support 'default' token
+- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature
- The 'default' token has no argument and means to match _any_ domain.
- It must be placed last if there are 'machine <name>' tokens in the same file.
+ In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto
+ feature.
- See full description here:
- https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
+ ...and converted tab characters, from commit 4b4e8a5853, to spaces.
-- ROADMAP.md: extended the HTTP/2 section, reformatted
-
- Elaborated on several of the remaining HTTP/2 parts and made document
- use a format that ends up nicer on the web page:
- http://curl.haxx.se/dev/roadmap.html
+- runtests.pl: Added support for SPNEGO
-Kamil Dudka (23 Apr 2015)
-- curl -z: do not write empty file on unmet condition
-
- This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
- It also introduces a regression test 1424 based on tests 78 and 1423.
-
- Reported-by: Viktor Szakats
- Bug: https://github.com/bagder/curl/issues/237
+- runtests.pl: Added Kerberos detection
-Dan Fandrich (23 Apr 2015)
-- tool: fixed a comment typo
+- runtests.pl: Added GSS-API detection
-- README: convert to UTF-8
+- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list
-Jay Satiro (22 Apr 2015)
-- cyassl: Implement public key pinning
+- FILEFORMAT: Added test requires feature not present information
- Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
+ Such as !SSPI as we do for the NTLM and Digest tests.
-Dan Fandrich (22 Apr 2015)
-- [Alessandro Ghedini brought this change]
-
- curl.1: fix typo
+Daniel Stenberg (20 Nov 2014)
+- http.c: log if it notices HTTP 1.1 after a upgrade to http2
-Kamil Dudka (22 Apr 2015)
-- docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
+- test1801: first real http2 test case
-- tests/unit/.gitignore: hide unit1601 and above, too
+- sws: initial tiny steps toward http2 support
-Daniel Stenberg (22 Apr 2015)
-- connectionexists: follow-up to fd9d3a1ef1f
-
- PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
- enabled.
-
- Mistake-caught-by: Kamil Dudka
+- FILEFORMAT: mention the new upgrade support
-- connectionexists: fix build without NTLM
-
- Do not access NTLM-specific struct fields when built without NTLM
- enabled!
+- test1800: first plain-text http2 test case
- bug: http://curl.haxx.se/?i=231
- Reported-by: Patrick Rapin
+ Verifies the upgrade request, but gets a plain 1.1 response
-- bump: start working toward 7.43.0
+- [Tatsuhiro Tsujikawa brought this change]
-Kamil Dudka (22 Apr 2015)
-- nss: implement public key pinning for NSS backend
+ http: Disable pipelining for HTTP/2 and upgraded connections
- Bug: https://bugzilla.redhat.com/1195771
-
-Daniel Stenberg (22 Apr 2015)
-- dist: include {src,lib}/checksrc.whitelist
+ This commit disables pipelining for HTTP/2 or upgraded connections. For
+ HTTP/2, we do not support multiplexing. In general, requests cannot be
+ pipelined in an upgraded connection, since it is now different protocol.
-Version 7.42.0 (22 Apr 2015)
+- [Brad Harder brought this change]
-Daniel Stenberg (22 Apr 2015)
-- RELEASE-NOTES: updated for 7.42.0
+ CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
-- THANKS: added contributors from 7.42.0 release notes
+Steve Holme (19 Nov 2014)
+- multi-uv.c: Updated for curl coding standards
-- THANKS-filter: a few more alterations to squash
-
-- contrithanks.sh: helper script for maintaining THANKS
-
-- http_done: close Negotiate connections when done
-
- When doing HTTP requests Negotiate authenticated, the entire connnection
- may become authenticated and not just the specific HTTP request which is
- otherwise how HTTP works, as Negotiate can basically use NTLM under the
- hood. curl was not adhering to this fact but would assume that such
- requests would also be authenticated per request.
-
- CVE-2015-3148
-
- Bug: http://curl.haxx.se/docs/adv_20150422B.html
- Reported-by: Isaac Boukris
-
-- fix_hostname: zero length host name caused -1 index offset
-
- If a URL is given with a zero-length host name, like in "http://:80" or
- just ":80", `fix_hostname()` will index the host name pointer with a -1
- offset (as it blindly assumes a non-zero length) and both read and
- assign that address.
-
- CVE-2015-3144
-
- Bug: http://curl.haxx.se/docs/adv_20150422D.html
- Reported-by: Hanno Böck
+- conncache: Fixed specifiers in infof() for long and size_t variables
-- cookie: cookie parser out of boundary memory access
-
- The internal libcurl function called sanitize_cookie_path() that cleans
- up the path element as given to it from a remote site or when read from
- a file, did not properly validate the input. If given a path that
- consisted of a single double-quote, libcurl would index a newly
- allocated memory area with index -1 and assign a zero to it, thus
- destroying heap memory it wasn't supposed to.
-
- CVE-2015-3145
-
- Bug: http://curl.haxx.se/docs/adv_20150422C.html
- Reported-by: Hanno Böck
+- [Peter Wu brought this change]
-- ConnectionExists: for NTLM re-use, require credentials to match
+ cmake: add Kerberos to the supported features
- CVE-2015-3143
+ Updated following commit eda919f and a4b7f71.
- Bug: http://curl.haxx.se/docs/adv_20150422A.html
- Reported-by: Paras Sethia
+ Acked-by: Brad King <brad.king@kitware.com>
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Jay Satiro (21 Apr 2015)
-- [byronhe brought this change]
+- [Peter Wu brought this change]
- openssl: add OPENSSL_NO_SSL3_METHOD check
-
-Daniel Stenberg (20 Apr 2015)
-- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc
+ cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
- Bug: https://github.com/bagder/curl/issues/229
- Reported-by: bsammon
-
-Kamil Dudka (20 Apr 2015)
-- [Mostyn Bramley-Moore brought this change]
-
- configure --with-nss: remove unneeded libs from the fallback
-
-Daniel Stenberg (20 Apr 2015)
-- contributors.sh: fix help output, filter out (-prefix from names
-
-- RELEASE-NOTES: synced with cc0e7ebc3be0
-
-- [Michael Stapelberg brought this change]
-
- CURLMOPT_TIMERFUNCTION.3: Clarify, add an example
-
-- [Viktor Szakáts brought this change]
-
- vtls/openssl: use https in URLs and a comment typo fixed
-
-- curl_version_info.3: fixed the 'protocols' variable type
+ Updated following changes in commit f0d860d.
- Reported-by: John Marshall
- Bug: https://github.com/bagder/curl/issues/225
+ Acked-by: Brad King <brad.king@kitware.com>
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Dan Fandrich (18 Apr 2015)
-- test1423: added missing "file" to server section
+Daniel Stenberg (19 Nov 2014)
+- RELEASE-NOTES: synced with cb13fad733e
-Daniel Stenberg (17 Apr 2015)
-- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods
-
- ... and some minor edits
+- [Jay Satiro brought this change]
-- Revert "HTTP: don't abort connections with pending Negotiate authentication"
+ examples: Wait recommended 100ms when no file descriptors are ready
- This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6.
+ Prior to this change when no file descriptors were ready on platforms
+ other than Windows the multi examples would sleep whatever was in
+ timeout, which may or may not have been less than the minimum
+ recommended value [1] of 100ms.
- Bug: https://github.com/bagder/curl/issues/223
- Reported-by: Michael Osipov
+ [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
-Jay Satiro (17 Apr 2015)
-- cyassl: Fix include order
-
- Prior to this change CyaSSL's build options could redefine some generic
- build symbols.
-
- http://curl.haxx.se/mail/lib-2015-04/0069.html
+- [Waldek Kozba brought this change]
-Kamil Dudka (17 Apr 2015)
-- configure --with-nss: drop redundant if statement
+ multi-uv.c: close the file handle after download
-- configure --with-nss=PATH: query pkg-config if available
-
- Bug: https://github.com/bagder/curl/pull/171
+- [Jon Spencer brought this change]
-Daniel Stenberg (17 Apr 2015)
-- parsecfg: do not continue past a zero termination
+ multi: inform about closed sockets before they are closed
- When a config file line ends without newline, the parsing function could
- continue reading beyond that point in memory.
+ When the connection code decides to close a socket it informs the multi
+ system via the Curl_multi_closed function. The multi system may, in
+ turn, invoke the CURLMOPT_SOCKETFUNCTION function with
+ CURL_POLL_REMOVE. This happens after the socket has already been
+ closed. Reorder the code so that CURL_POLL_REMOVE is called before the
+ socket is closed.
+
+Guenter Knauf (19 Nov 2014)
+- build: in Makefile.m32 moved target autodetection.
- Reported-by: Hanno Böck
+ Moved target autodetection block after defining CC macro.
-Jay Satiro (16 Apr 2015)
-- gitignore: Ignore Windows build output directories
+- build: in Makefile.m32 simplify platform flags.
-Daniel Stenberg (15 Apr 2015)
-- RELEASE-NOTES: synced with 1ba6e4c88e0
+- build: in Makefile.m32 try to detect 64bit target.
-- TODO: 17.9 Choose the name of file in braces for complex URLs
+Daniel Stenberg (19 Nov 2014)
+- [Brad King brought this change]
-- TODO: a little caution that maybe not all ideas are still good
+ CMake: Simplify if() conditions on check result variables
+
+ Remove use of an old hack that takes advantage of the auto-dereference
+ behavior of the if() command to detect if a variable is defined. The
+ hack has the form:
+
+ if("${VAR} MATCHES "^${VAR}$")
+
+ where "${VAR}" is a macro argument reference. Use if(DEFINED) instead.
+ This also avoids warnings for CMake Policy CMP0054 in CMake 3.1.
-- TODO: 17.8 offer color-coded HTTP header output
+- TODO-RELEASE: removed
-- TODO: 17.7 warning when sending binary output to terminal
+- [Carlo Wood brought this change]
-- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes
+ debug: added new connection cache output, plus fixups
+
+ Debug output 'typo' fix.
+
+ Don't print an extra "0x" in
+ * Pipe broke: handle 0x0x2546d88, url = /
+
+ Add debug output.
+ Print the number of connections in the connection cache when
+ adding one, and not only when one is removed.
+
+ Fix typos in comments.
-Jay Satiro (14 Apr 2015)
-- cyassl: Add support for TLS extension SNI
+- multi: move the ending condition into the loop as well
+
+ ... as it was before I changed the loop in commit e04ccbd50. It caused
+ test 2030 and 2032 to fail.
-Daniel Stenberg (13 Apr 2015)
-- [Matthew Hall brought this change]
+Steve Holme (18 Nov 2014)
+- multi: Prefer we don't use CURLE_OK and NULL in comparisons
- gitignore: ignore test-driver file
+Daniel Stenberg (18 Nov 2014)
+- multi_runsingle: use 'result' for local CURLcode storage
+
+ ... and assign data->result only at the end. Makes the code more compact
+ (easier to read) and more similar to other code.
-- [Matthew Hall brought this change]
+- multi_runsingle: rename result to rc
+
+ save 'result' for CURLcode types
- vtls_openssl: improve PKCS#12 load failure error message
+- multi: make multi_runsingle loop internally
+
+ simplifies the use of this function at little cost.
-- [Matthew Hall brought this change]
+- [Carlo Wood brought this change]
- vtls_openssl: fix minor typo in PKCS#12 load routine
+ multi: when leaving for timeout, close accordingly
+
+ Fixes the problem when a transfer in a pipeline times out.
-- [Matthew Hall brought this change]
+Guenter Knauf (18 Nov 2014)
+- build: in Makefile.m32 add -m32 flag for 32bit.
- vtls_openssl: improve client certificate load failure error messages
+- mk-ca-bundle.vbs: update copyright year.
-- [Matthew Hall brought this change]
+- build: in Makefile.m32 pass -F flag to windres.
- vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant
+Steve Holme (17 Nov 2014)
+- config-win32: Fixed build targets for the VS2012+ Windows XP toolset
+
+ Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
+ forgotten to include the relevant pre-processor definitions.
-- BUGS: refer to the github issue tracker now as primary
+- sasl_sspi: Removed note about the NTLM functions being a wrapper
-- firefox-db2pem: fix wildcard to find Firefox default profile
-
- At some point, Firefox has changed and generates different directory
- names for the default profile that made this script fail to find them.
+- connect.c: Fixed compilation warning when no verbose string support
- Bug: https://github.com/bagder/curl/issues/207
- Reported-by: sneakyimp
+ warning: unused parameter 'reason'
-Jay Satiro (11 Apr 2015)
-- cyassl: Include the CyaSSL build config
+- easy.c: Fixed compilation warning when no verbose string support
- CyaSSL >= 2.6.0 may have an options.h that was generated during
- its build by configure.
+ warning: unused parameter 'easy'
-- build: Generate source prerequisites for Visual Studio in generate.bat
+- win32: Updated some legacy APIs to use the newer extended versions
- Prior to this change Visual Studio builds could fail due to missing
- prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h.
+ Updated the usage of some legacy APIs, that are preventing curl from
+ compiling for Windows Store and Windows Phone build targets.
- http://curl.haxx.se/mail/lib-2015-04/0034.html
+ Suggested-by: Stefan Neis
+ Feature: http://sourceforge.net/p/curl/feature-requests/82/
-Daniel Stenberg (9 Apr 2015)
-- [Viktor Szakats brought this change]
-
- lib/makefile.m32: add missing libs to build libcurl.dll
+- config-win32: Introduce build targets for VS2012+
- Add 'gdi32' and 'crypt32' Windows implibs to avoid failure
- while building libcurl.dll using the mingw compiler.
- The same logic is used in 'src/makefile.m32' when
- building curl.exe.
+ Visual Studio 2012 introduced support for Windows Store apps as well as
+ supporting Windows Phone 8. Introduced build targets that allow more
+ modern APIs to be used as certain legacy ones are not available on these
+ new platforms.
-Kamil Dudka (8 Apr 2015)
-- test142[23]: verify that an empty file is stored on success
+- sasl_sspi: Fixed compilation warnings when no verbose string support
-- src/tool_operate: create output file on successful download
-
- ... of an empty file
+- sasl_sspi: Added base64 decoding debug failure messages
- Bug: https://github.com/bagder/curl/issues/183
+ Just like in the NTLM code, added infof() failure messages for
+ DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
-- src/tool_cb_wrt: separate fnc for output file creation
+- ntlm: Moved the SSPI based Type-3 message generation into the SASL module
-Daniel Stenberg (7 Apr 2015)
-- [Da-Yoon Chung brought this change]
+- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module
- lib/transfer.c: Remove factor of 8 from sleep time calculation
-
- The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and
- rate_bps are both in bytes. When using the rate limiting option, curl
- waits 8 times too long, and then transfers very quickly until the
- average rate reaches the limit. The average rate follows the limit over
- time, but the actual traffic is bursty.
-
- Thanks-to: Benjamin Gilbert
+- ntlm: Moved the SSPI based Type-1 message generation into the SASL module
-- [Jay Satiro brought this change]
+- [Michael Osipov brought this change]
- x509asn1: Silence x64 loss-of-data warning on RSA key length assignment
+ kerberos: Use symbol qualified with _KERBEROS5
- The key length in bits will always fit in an unsigned long so the
- loss-of-data warning assigning the result of x64 pointer arithmetic to
- an unsigned long is unnecessary.
+ For consistency renamed USE_KRB5 to USE_KERBEROS5.
+Daniel Stenberg (15 Nov 2014)
- [Jay Satiro brought this change]
- cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
+ examples: Don't call select() to sleep on windows
- Also fix it so that all ERR_error_string calls use an error buffer.
- CyaSSL's implementation of ERR_error_string only writes the error when
- an error buffer is passed.
+ Windows does not support using select() for sleeping without a dummy
+ socket. Instead use Windows' Sleep() and sleep for 100ms which is the
+ minimum suggested value in the curl_multi_fdset() doc.
- http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
-
-- [Jay Satiro brought this change]
-
- cyassl: Remove 'Connecting to' message from cyassl_connect_step2
+ Prior to this change the multi examples would exit prematurely since
+ select() would error instead of sleeping when called without an fd.
- Prior to this change libcurl could show multiple 'CyaSSL: Connecting to'
- messages since cyassl_connect_step2 is called multiple times, typically.
- The message is superfluous even once since libcurl already informs the
- user elsewhere in code that it is connecting.
+ Reported-by: Johan Lantz
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
-- [Viktor Szakats brought this change]
+- [Tatsuhiro Tsujikawa brought this change]
- checksrc.bat: quotes to support an SRC_DIR with spaces
+ http2: Don't send Upgrade headers when we already do HTTP/2
-- hostip: fix compiler warnings
+Steve Holme (15 Nov 2014)
+- sasl: Corrected Curl_sasl_build_spn() function description
- introduced in the previous mini-series of 3 commits
-
-- [Stefan Bühler brought this change]
+ There was a mismatch in function parameter names.
- actually implement CURLOPT_RESOLVE removals
+- tool: Removed krb4 from the supported features
- - also log when a CURLOPT_RESOLVE entry couldn't get parsed
+ Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
+ so would not be output with --version, removed krb4 from the supported
+ features output.
-- [Stefan Bühler brought this change]
-
- move Curl_share_lock and ref counting into Curl_fetch_addr
+- [Michael Osipov brought this change]
-- [Stefan Bühler brought this change]
+ tool: Use Kerberos for supported features
- fix refreshing of obsolete dns cache entries
+- urldata: Don't define sec_complete when no GSS-API support present
- - cache entries must be also refreshed when they are in use
- - have the cache count as inuse reference too, freeing timestamp == 0 special
- value
- - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed
- - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh)
- - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special
- reference anymore, and it would also release non CURLOPT_RESOLVE references
- - fix locking in Curl_hostcache_clean
- - fix unit1305.c: hash now keeps a reference, need to set inuse = 1
+ This variable is only used with HAVE_GSSAPI is defined by the FTP code
+ so let's place the definition with the other GSS-API based variables.
-- RELEASE-NOTES: synced with abf6bddc14a
+- [Michael Osipov brought this change]
-- [Jay Satiro brought this change]
+ docs: Use consistent naming for Kerberos
- checksrc.bat: Check lib\vtls source
+- TODO: Lets support QOP options in GSSAPI authentication
-- [Jay Satiro brought this change]
+- sasl_sspi: Corrected a couple of comment typos
- cyassl: Set minimum protocol version before CTX callback
+- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
+
+ Rather than define the function as extern in the source files that use
+ it, moved the function declaration into the SASL header file just like
+ the Digest and NTLM clean-up functions.
- This change is to allow the user's CTX callback to change the minimum
- protocol version in the CTX without us later overriding it, as we did
- prior to this change.
+ Additionally, added a function description comment block.
-- [Jay Satiro brought this change]
+- sasl_sspi: Added missing RFC reference for HTTP Digest authentication
- build-openssl.bat: Fix mixed line endings
-
- Use LF not CRLF, throughout. msysgit will only convert a file to CRLF
- on checkout if it's not mixed.
+- ntlm: Clean-up and standardisation of base64 decoding
-- [Jay Satiro brought this change]
+- ntlm: We prefer 'CURLcode result'
+
+Daniel Stenberg (13 Nov 2014)
+- [Brad King brought this change]
- cyassl: Fix certificate load check
+ CMake: Restore order-dependent library checks
- SSL_CTX_load_verify_locations can return negative values on fail,
- therefore to check for failure we check if load is != 1 (success)
- instead of if load is == 0 (failure), the latter being incorrect given
- that behavior.
+ Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies,
+ 2014-08-22) and add a comment explaining the purpose of the original
+ code.
+
+ The check_library_exists_concat macro is intended to be called multiple
+ times on a sequence of possibly dependent libraries. Later libraries
+ may depend on earlier libraries when they are static. They cannot be
+ safely linked in reverse order on some platforms.
+
+ Signed-off-by: Brad King <brad.king@kitware.com>
-- [Tatsuhiro Tsujikawa brought this change]
+- [Brad King brought this change]
- http2: Fix missing nghttp2_session_send call in Curl_http2_switched
+ CMake: Restore order-dependent header checks
+
+ Revert commit 1269df2e3b (Cmake: Don't check for all headers each
+ time, 2014-08-15) and add a comment explaining the purpose of the
+ original code.
- Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to
- parse incoming data which were already received while curl was handling
- upgrade. But we didn't call nghttp2_session_send, and it led to make
- curl not send any response to the received frames. Most likely, we
- received SETTINGS from server at this point, so we missed opportunity to
- send SETTINGS + ACK. This commit adds missing nghttp2_session_send call
- in Curl_http2_switched to fix this issue.
+ The check_include_file_concat macro is intended to be called multiple
+ times on a sequence of possibly dependent headers. Later headers
+ may depend on earlier headers to provide declarations. They cannot
+ be safely included independently on some platforms.
- Bug: https://github.com/bagder/curl/issues/192
- Reported-by: Stefan Eissing
+ For example, many POSIX APIs document including sys/types.h before some
+ other headers. Also on some OS X versions sys/socket.h must be included
+ before net/if.h or the check for the latter will fail.
+
+ Signed-off-by: Brad King <brad.king@kitware.com>
+
+- [Peter Wu brought this change]
-- cookie: handle spaces after the name in Set-Cookie
+ test22: expand a backtick command
- "name =value" is fine and the space should just be skipped.
+ This is the only user of the backtick operator in the command. As the
+ commands will soon not be executed by a shell anymore (but by perl),
+ replace the command with its output.
- Updated test 31 to also test for this.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
+
+- RELEASE-NOTES: synced with 2ee3c63b13
+
+- http2: fix switched macro when http2 is not enabled
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ http2: Deal with HTTP/2 data inside response header buffer
- Bug: https://github.com/bagder/curl/issues/195
- Reported-by: cromestant
- Help-by: Frank Gevaerts
+ Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
+ (thus they are in the same buffer), the trailing HTTP/2 traffic is not
+ processed and lost. The appended data is most likely SETTINGS frame.
+ If it is lost, nghttp2 library complains server does not obey the HTTP/2
+ protocol and issues GOAWAY frame and curl eventually drops connection.
+ This commit fixes this problem and now trailing data is processed.
-- [Jay Satiro brought this change]
+Steve Holme (11 Nov 2014)
+- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
+
+ Commit fe0f8967bf fixed a problem with krb5 not being defined as a
+ supported feature when HAVE_GSSAPI is defined, however, it should
+ only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
+ SPNEGO is listed as a feature.
- cyassl: Fix library initialization return value
+Daniel Stenberg (10 Nov 2014)
+- multi: removed Curl_multi_set_easy_connection
- (Curl_cyassl_init)
- - Return 1 on success, 0 in failure.
+ It isn't used anywhere!
- Prior to this change the fail path returned an incorrect value and the
- evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
- Ironically that combined with the way curl_global_init tests SSL library
- initialization (!Curl_ssl_init()) meant that CyaSSL having been
- successfully initialized would be seen as that even though the code path
- and return value in Curl_cyassl_init were wrong.
+ Reported-by: Carlo Wood
-- [Thomas Ruecker brought this change]
+- [Peter Wu brought this change]
- CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
-
- Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200"
- under certain conditions:
+ symbol-scan.pl: do not require autotools
- client_wants_icy_headers (connection_t *con)
- {
- const char *val;
+ Makes test1119 pass when building with cmake.
- if (!con)
- return 1;
+ configurehelp.pm is generated by configure (autotools). As cmake does
+ not provide a separate variable for the C preprocessor, default to cpp.
+ Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan:
+ use configure script knowledge about how to run the C preprocessor"),
+ this tool would also use 'cpp'.
- val = get_user_agent (con);
- if (!val || !val[0] || strcmp (val, "(null)") == 0)
- return 1;
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
+
+- [Peter Wu brought this change]
+
+ cmake: add ENABLE_THREADED_RESOLVER, rename ARES
- if (con->food.client->use_icy)
- return 1;
- if (strncasecmp (val, "winamp", 6) == 0)
- return 1;
- if (strncasecmp (val, "Shoutcast", 9) == 0)
- return 1;
+ Fix detection of the AsynchDNS feature which not just depends on
+ pthreads support, but also on whether USE_POSIX_THREADS is set or not.
+ Caught by test 1014.
- return 0;
- }
+ This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
+ --enable-threaded-resolver of autotools) which also needs a check for
+ HAVE_PTHREAD_H.
- So mainly if there is no 'user agent' or it is '(null)' or contains
- 'winamp' or 'Shoutcast'.
+ For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
+ (--enable-ares). Checks that test for the availability actually use
+ USE_ARES instead as that is the result of whether a-res is available or
+ not (in practice this does not matter as CARES is marked as required
+ package, but nevertheless it is better to write the intent).
- No mainstream distribution carries Icecast 1.3.x anymore, after all
- it was released in 2002 and superseded by Icecast 2.x.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Dan Fandrich (31 Mar 2015)
-- axtls: add timeout within Curl_axtls_connect
+- [Peter Wu brought this change]
+
+ cmake: build libhostname for test suite
+
+ Used by some test cases via LD_PRELOAD in order to fake the host name.
- This allows test 405 to pass on axTLS.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (30 Mar 2015)
-- [Jay Satiro brought this change]
+- [Peter Wu brought this change]
- checksrc: Windows-specific input fixes
-
- lib/config-win32ce.h
- - Fix whitespace for checksrc compliance.
+ cmake: fix HAVE_GETHOSTNAME definition
- lib/checksrc.pl
- - Remove trailing carriage returns from input.
+ Otherwise Curl_gethostname always fails. Windows has gethostname
+ since Vista according to
+ http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but
+ accordings to byte_bucket's VC 2005 documentation, it is available even
+ in Windows 95. (possibly after installing a Platform SDK, the
+ Windows Server 2003 SP1 Platform SDK should be sufficient).
- projects/checksrc.bat
- - Ignore tool_hugehelp.c.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Dagobert Michelsen brought this change]
+- [Peter Wu brought this change]
- configure: Use KRB5CONFIG for krb5-config
+ tests: fix libhostname visibility
- Allows the user to easier override its path.
+ I noticed that a patched cmake build would pass tests with a fake local
+ hostname, but the autotools build skips them:
- Bug: http://curl.haxx.se/bug/view.cgi?id=1486
-
-- multi: remove_handle: move pending connections
+ got unexpected host name back, LD_PRELOAD failed
- If the handle removed from the multi handle happens to be the one
- "owning" the pipeline other transfers will be waiting indefinitely. Now
- we move such handles back to connect to have them race (again) for
- getting the connection and thus avoid hanging.
+ It turns out that -fvisibility=hidden hides the symbol, and since the
+ tests are not part of libcurl, it fails too. Just remove the LIBCURL
+ guard.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1465
- Reported-by: Jiri Dvorak
-
-- KNOWN_BUGS: 89 is bug #1411
+ Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093,
+ "curl.h: stricter CURL_EXTERN linkage decorations logic").
- Disabling pipelining on multi handle with in-progress pipelined requests
- leads to heap corruption and crash
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Jay Satiro brought this change]
+- [Peter Wu brought this change]
- cyassl: CTX callback cosmetic changes and doc fix
+ tests: fix memleak in server/resolve.c
- - More descriptive fail message for NO_FILESYSTEM builds.
- - Cosmetic changes.
- - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
-
-- RELEASE-NOTES: synced with d2feb71752f
-
-Dan Fandrich (28 Mar 2015)
-- tool_operate: only set SSL options if SSL is enabled
-
-- runtests.pl: detect WolfSSL as yassl
+ This makes LeakSanitizer happy.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (27 Mar 2015)
-- [Kyle L. Huff brought this change]
+- configure: assume krb5 when gss-api works
+
+ To please test 1014 while we work out if this is truly the a correct
+ assumption.
- cyassl: add SSL context callback support for CyaSSL
+Steve Holme (9 Nov 2014)
+- vtls.h: Fixed compiler warning when compiled without SSL
- Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
- handles CyaSSL instances using NO_FILESYSTEM.
+ vtls.c:185:46: warning: unused parameter 'data'
-- [Kyle L. Huff brought this change]
+- RELEASE-NOTES: Synced with 2fbf23875f
- cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
+- ntlm: Added separate SSPI based functions
- CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
- CyaSSL. This reference causes build errors when compiling with
- NO_FILESYSTEM.
+ In preparation for moving the NTLM message code into the SASL module,
+ and separating the native code from the SSPI code, added functions that
+ simply call the functions in curl_ntlm_msg.c.
-- [Jay Satiro brought this change]
+- http_ntlm: Use the SASL functions instead
+
+ In preparation for moving the NTLM message code into the SASL module
+ use the SASL functions in the HTTP code instead.
- build: Fix libcurl.sln erroneous mixed configurations
+Daniel Stenberg (9 Nov 2014)
+- libssh2: detect features based on version, not configure checks
- Prior to this change some Release configurations had an active
- configuration assignment to their Debug counterpart.
+ ... so that non-configure builds get the correct functions too based on
+ the libssh2 version used.
-- [Jay Satiro brought this change]
+- [Nobuhiro Ban brought this change]
- vtls: Don't accept unknown CURLOPT_SSLVERSION values
+ SSH: use the port number as well for known_known checks
+
+ ... if the libssh2 version is new enough.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1448
-- [Jay Satiro brought this change]
+Steve Holme (9 Nov 2014)
+- INSTALL: Updated pre-processor references to the old VC6 project files
+
+ Reworked the two sections that discuss modifying the Visual Studio pre-
+ processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
+ project files references as they have been superseded by a more thorough
+ set of project files for VC6 through VC12, but to also give the correct
+ reference to this setting in later versions of Visual Studio.
- url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
+- INSTALL: Added email protocols to the "Disabling in Win32 builds" section
-- [Paul Howarth brought this change]
+- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined
- build: link curl to openssl libraries when openssl support is enabled
+- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
- This fixes a build failure where openssl and libmetalink are used
- together and the system linker does not do implicit linking (e.g.
- Fedora 13 and later releases). The MD5 functions required for
- metalink support must be pulled in from the openssl crypto library.
+ USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
+ cryptography weren't disabled, and either a supporting cryptography
+ library or Windows SSPI was being compiled against.
- This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133,
- which fixes the same sort of problem for NSS builds.
-
-- multi: on a request completion, check all CONNECT_PEND transfers
+ This means it was not possible to build libcurl without HTTP support
+ and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
+ than introduce a new SASL pre-processor definition, removed the HTTP
+ prerequisite just like USE_SPNEGO and USE_KRB5.
- ... even if they don't have an associated connection anymore. It could
- leave the waiting transfers pending with no active one on the
- connection.
+ Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
+ as it is only available to HTTP at present.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1465
- Reported-by: Jiri Dvorak
-
-- [Emil Lerner brought this change]
+ This bug dates back to August 2011 when I started to add support for
+ NTLM to SMTP.
- globbing: fix url number calculation when using range with step
+- ntlm: Removed an unnecessary free of native Target Info
- In function glob_range, the number of urls was multiplied by (max - min
- + 1), regardless of step. The correct formula is (max - min) / step + 1
+ Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
+ longer required.
-- README.http2: refreshed and added TODO items
+- ntlm: Moved the native Target Info clean-up from HTTP specific function
-- [Emil Lerner brought this change]
-
- globbing: fix step parsing for character globbing ranges
-
- The glob_range function used wrong offset (3 instead of 4) for parsing
- integer step inside character range specification, which led to 'bad
- range' error when using character ranges with explicitly specified step
- (such as '[a-z:2]')
+- ntlm: Moved SSPI clean-up code into SASL module
-- polarssl: called mbedTLS in 1.3.10 and later
+- Makefile.dist: Added support for WinIDN
-- polarssl: remove dead code
-
- and simplify code by changing if-elses to a switch()
-
- CID 1291706: Logically dead code. Execution cannot reach this statement
+- Makefile.vc6: Added support for WinIDN
-- polarssl: remove superfluous for(;;) loop
-
- "unreachable: Since the loop increment is unreachable, the loop body
- will never execute more than once."
-
- Coverity CID 1291707
+- Makefile.dist: Added some missing SSPI configurations
-- Curl_ssl_md5sum: return CURLcode
-
- ... since the funciton can fail on OOM. Check this return code.
-
- Coverity CID 1291705.
+- Makefile.dist: Separated the groups of SSL configurations from each other
-- [Jay Satiro brought this change]
+- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts
- cyassl: default to highest possible TLS version
-
- (cyassl_connect_step1)
- - Use TLS 1.0-1.2 by default when available.
+- curl.h: Tidy up of CURL_VERSION_* flags
- CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
- version.
-
- cyassl/cyassl@322f79f
+ As the list has gotten a little messy and hard to read, especially with
+ the introduction of deprecated items, aligned the values and comments
+ into clean columns and reworked some of the comments in the process.
-- [Jay Satiro brought this change]
+- curl_tool: Added krb5 to the supported features
- cyassl: Check for invalid length parameter in Curl_cyassl_random
+- configure: Added krb5 to the supported features
-- [Jay Satiro brought this change]
+- version info: Added Kerberos V5 to the supported features
- cyassl: If wolfSSL then identify as such in version string
+Guenter Knauf (7 Nov 2014)
+- mk-ca-bundle.vbs: switch to new certdata.txt url.
-Dan Fandrich (24 Mar 2015)
-- symbols-in-versions: added CURLOPT_PATH_AS_IS
+Steve Holme (7 Nov 2014)
+- RELEASE-NOTES: Synced with dcad09e125
-- testcurl.pl: add the --notes option to supply more info about a build
+- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
- Support for notes has been in place for a while, but it required
- being added to the setup file manually.
+ Fixed a couple of memory leaks as a result of moving code that used to
+ populate allocuserpwd and relied on it's clean up.
+
+- docs: Updated following the addition of SSPI based HTTP digest auth
-- curl_memory: make curl_memory.h the second-last header file loaded
+- sasl_sspi: Tidy up of the existing digest code
- This header file must be included after all header files except
- memdebug.h, as it does similar memory function redefinitions and can be
- similarly affected by conflicting definitions in system or dependent
- library headers.
+ Following the addition of SSPI support for HTTP digest, synchronised
+ elements of the email digest code with that of the new HTTP code.
-Daniel Stenberg (24 Mar 2015)
-- openssl: do the OCSP work-around for libressl too
+- http_digest: Post SSPI support tidy up
- I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
- still require the work-around for stapling to work.
+ Post tidy up to ensure commonality of code style and variable names.
-- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
+Dan Fandrich (6 Nov 2014)
+- test552: Don't run HTTP digest tests for SSPI based builds
- URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
- Reported-by: Alessandro Ghedini
+ Technical difficulties prevented this from going into the
+ previous commit.
-- openssl: adapt to ASN1/X509 things gone opaque in 1.1
+Steve Holme (6 Nov 2014)
+- tests: Don't run HTTP digest tests for SSPI based builds
+
+ Added !SSPI to the features list of the HTTP digest tests, as SSPI
+ based builds now use the Windows SSPI messaging API rather than the
+ internal functions, and we can't control the random numbers that get
+ used as part of the digest.
-Dan Fandrich (24 Mar 2015)
-- [Jay Satiro brought this change]
+Daniel Stenberg (6 Nov 2014)
+- curl.1: show zone index use in a URL
- curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description
+Steve Holme (6 Nov 2014)
+- http_digest: Fixed auth retry loop when SSPI based authentication fails
-- [Viktor Szakáts brought this change]
+- http_digest: Reworked the SSPI based input token storage
+
+ Reworked the input token (challenge message) storage as what is passed
+ to the buf and desc in the response generation are typically blobs of
+ data rather than strings, so this is more in keeping with other areas
+ of the SSPI code, such as the NTLM message functions.
- CURLOPT_HTTPHEADER.3: fix typo in recent commit
+- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
+
+ Added void reference to unused 'data' parameter back to fix compilation
+ warning.
-- [Viktor Szakáts brought this change]
+- sspi: Align definition values to even columns as we use 2 char spacing
- CURLOPT_PATH_AS_IS.3: add type 'long' to prototype
+- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
+
+ Some versions of Microsoft's sspi.h don't define this.
-- vtls: fix compile with --disable-crypto-auth but with SSL
+- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
- This is a strange combination of options, but is allowed.
+ Introduced in commit 7e6d51a73c these functions and definitions are only
+ required by the internal challenge-response functions now.
-Patrick Monnerat (24 Mar 2015)
-- os400: define new options in ILE/RPG binding.
+- sasl_sspi: Added HTTP digest response generation code
-Daniel Stenberg (24 Mar 2015)
-- RELEASE-NOTES: synced with f6878609361
+- http_digest: Added SSPI based challenge decoding code
-- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS
+- http_digest: Added SSPI based clean-up code
-- CURLOPT_PATH_AS_IS: added
-
- --path-as-is is the command line option
+- http_digest: Added SSPI based authentication functions
- Added docs in curl.1 and CURLOPT_PATH_AS_IS.3
+ This temporarily breaks HTTP digest authentication in SSPI based builds,
+ causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
+ resume normal operation.
+
+- http_digest: Added required SSPI based variables to digest structure
+
+Daniel Stenberg (6 Nov 2014)
+- [Frank Gevaerts brought this change]
+
+ contributors.sh: --releasenotes reads in names from RELEASE-NOTES
- Added test in test 1241
+ This is very handy when updating the RELEASE-NOTES as then we sometimes
+ have names added manually in the existing list and we use this script to
+ update the set.
-- [Yamada Yasuharu brought this change]
+- RELEASE-NOTES: synced with 68542e72a9
- curl_easy_recv/send: make them work with the multi interface
+- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
- By making sure Curl_getconnectinfo() uses the correct connection cache
- to find the last connection.
+ Reported-by: Christian Hägele
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
-- http2: move the init too for when its actually needed
+Steve Holme (5 Nov 2014)
+- build: Fixed Visual Studio project file generation of strdup.[c|h]
- ... it would otherwise lead to memory leakage if we never actually do
- the switch.
+ As the curl command-line tool now includes it's own version of strdup(),
+ for platforms that don't have it, fixed up the git respository Visual
+ Studio project file generator to not include the version from lib in the
+ tool project files, rather than having both lib\strdup.[c|h] and
+ src\tool_strdup.[c|h] present.
-Dan Fandrich (23 Mar 2015)
-- dict: rename byte to avoid compiler shadowed declaration warning
+Daniel Stenberg (5 Nov 2014)
+- tool_strdup.c: include the tool strdup.h
- This conflicted with a WolfSSL typedef.
+ ... not the lib/ one that the tool no longer uses!
-- cyassl: include version.h to ensure the version macros are defined
+- THANKS-filter: added another Michał Górny version we've used
-- test1513: eliminated race condition in test run
+- contributors.sh: split lists using " and "
- It seems that some systems (e.g. fairly consistently in some recent
- Solaris autobuilds) would manage to get to the connect phase before the
- progress callback was called, resulting in a CURLE_COULDNT_CONNECT
- error. Reworked the test to point at a test server that never returns a
- full result so the progress callback always gets a chance to be called
- before the transfer can complete in some other way.
+ ... and require the space after the filtering to make the filter able to
+ remove names.
-Nick Zitzmann (21 Mar 2015)
-- darwinsssl: add support for TLS False Start
-
- TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
+Steve Holme (5 Nov 2014)
+- http_digest: Fixed memory leaks from commit 6f8d8131b1
-Daniel Stenberg (21 Mar 2015)
-- gtls: add check of return code
+- sasl: Fixed compilation warning from commit 25264131e2
- Coverity CID 1291167 pointed out that 'rc' was received but never used when
- gnutls_credentials_set() was used. Added return code check now.
-
-- gtls: dereferencing NULL pointer
+ Added forward declaration of digestdata to overcome the following
+ compilation warning:
- Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
- NULL if gnutls_certificate_get_peers() had previously failed.
-
-- gtls: avoid uninitialized variable.
+ warning: 'struct digestdata' declared inside parameter list
- Coverity CID 1291166 pointed out that we could read this variable
- uninitialized.
+ Additionally made the ntlmdata forward declaration dependent on
+ USE_NTLM similar to how digestdata and kerberosdata are.
-Dan Fandrich (21 Mar 2015)
-- tests/certs: rebuild certificates with modified key usage bits
+- sasl: Fixed HTTP digest challenges with spaces between auth parameters
- The certificates were missing the digitalSignature and keyAgreement
- usage types, of which at least digitalSignature was checked by CyaSSL.
- This caused the test server in test 310 (among others) to fail the
- startup verification and therefore run (see
- http://curl.haxx.se/mail/lib-2014-07/0303.html).
+ Broken as part of the rework, in commit 7e6d51a73c, to assist with the
+ addition of HTTP digest via Windows SSPI.
-- tests/certs: added make target to rebuild certificates
+- http_digest: Fixed compilation errors from commit 6f8d8131b1
- The certificate generation scripts were also updated to better match the
- format of the certificates currently checked in.
+ error: invalid operands to binary
+ warning: pointer targets in assignment differ in signedness
-Daniel Stenberg (21 Mar 2015)
-- x509asn1: add /* fallthrough */ in switch() case
+- http_digest: Moved response generation into SASL module
-- x509asn1: minor edit to unconfuse Coverity
-
- CID 1202732 warns on the previous use, although I cannot fine any
- problems with it. I'm doing this change only to make the code use a more
- familiar approach to accomplish the same thing.
+- http_digest: Moved challenge decoding into SASL module
-- [Dagobert Michelsen brought this change]
+- http_digest: Moved clean-up function into SASL module
- testcurl: Allow '=' in values given on command line
+- http_digest: Moved algorithm definitions to SASL module
-- nss: error: unused variable 'connssl'
+- [Gisle Vanem brought this change]
-Dan Fandrich (21 Mar 2015)
-- test938: added missing closing tags
+ ssh: Fixed build on platforms where R_OK is not defined
+
+ Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
+ Reported-by: Jan Ehrhardt
-- cyassl: use new library version macro when available
+- strdup: Removed irrelevant comment
+
+ ...as Curl_memdup() duplicates an area of fix size memory, that may be
+ binary, and not a null terminated string.
-Kamil Dudka (20 Mar 2015)
-- [Alessandro Ghedini brought this change]
+- url.c: Fixed compilation warning
+
+ conversion from 'curl_off_t' to 'size_t', possible loss of data
- curl: add --false-start option
+- http_digest: Use CURLcode instead of CURLdigest
+
+ To provide consistent behaviour between the various HTTP authentication
+ functions use CURLcode based error codes for Curl_input_digest()
+ especially as the calling code doesn't use the specific error code just
+ that it failed.
-- [Alessandro Ghedini brought this change]
+Daniel Stenberg (5 Nov 2014)
+- contributors.sh: filter common alternative name spellings
+
+ docs/THANKS-filter is a new filter file for converting contributor names
+ we get or have recorded in alternative formats to the one we already use
+ in THANKS. To help us show individual contributors using a single
+ presentation of their names.
- nss: add support for TLS False Start
+- THANKS: added missing contributor from 2012
-- [Alessandro Ghedini brought this change]
+- [Frank Gevaerts brought this change]
- url: add CURLOPT_SSL_FALSESTART option
+ Remove duplicate names.
- This option can be used to enable/disable TLS False Start defined in the RFC
- draft-bmoeller-tls-falsestart.
+ The removed names also appear as:
+ Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
+ Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
+ S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
-Patrick Monnerat (20 Mar 2015)
-- [Alessandro Ghedini brought this change]
-
- gtls: implement CURLOPT_CERTINFO
-
-Daniel Stenberg (20 Mar 2015)
-- [Alessandro Ghedini brought this change]
+Steve Holme (5 Nov 2014)
+- sspi: Define authentication package name constants
+
+ These were previously hard coded, and whilst defined in security.h,
+ they may or may not be present in old header files given that these
+ defines were never used in the original code.
+
+ Not only that, but there appears to be some ambiguity between the ANSI
+ and UNICODE NTLM definition name in security.h.
- openssl: try to avoid accessing OCSP structs when possible
+Patrick Monnerat (5 Nov 2014)
+- Adjust OS400-specific support to last release
-- CURLOPT_URL.3: spelling!
+Daniel Stenberg (5 Nov 2014)
+- THANKS: added two missing names and removed a duplicate
+
+ ./contributors.sh found these extra ones that somehow had fallen
+ through the cracks and never gotten added here.
Reported-by: Frank Gevaerts
-- CURLOPT_URL.3: Added "SECURITY CONCERNS"
+- bump: towards next release
-- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
+- THANKS: added names from 7.39.0 release notes
-Dan Fandrich (19 Mar 2015)
-- cyassl: detect the library as renamed wolfssl
-
- This change was made in CyaSSL/WolfSSL ver. 3.4.0
+Version 7.39.0 (5 Nov 2014)
-Daniel Stenberg (19 Mar 2015)
-- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
+Daniel Stenberg (5 Nov 2014)
+- RELEASE-NOTES: 7.39.0 release (commit b3875606925)
+
+- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
- We prematurely changed protocol handler to HTTP/2 which made things very
- slow (and wrong).
+ When duplicating a handle, the data to post was duplicated using
+ strdup() when it could be binary and contain zeroes and it was not even
+ zero terminated! This caused read out of bounds crashes/segfaults.
- Reported-by: Stefan Eissing
- Bug: https://github.com/bagder/curl/issues/169
-
-Dan Fandrich (19 Mar 2015)
-- axtls: version 1.5.2 now requires that config.h be manually included
-
-Daniel Stenberg (19 Mar 2015)
-- metalink: fix resource leak in OOM
+ Since the lib/strdup.c file no longer is easily shared with the curl
+ tool with this change, it now uses its own version instead.
- Coverity CID 1288826
+ Bug: http://curl.haxx.se/docs/adv_20141105.html
+ CVE: CVE-2014-3707
+ Reported-By: Symeon Paraschoudis
-Dan Fandrich (18 Mar 2015)
-- docs/libcurl: clean up libcurl-symbols.3
+- lib544.c: use duphandle for test 545
+
+ To verify that curl_easy_duphandle() works fine on a handle that has
+ gotten data stored with *_COPYPOSTFIELDS.
-- docs/libcurl: check that all options with man pages are referenced
+- tests: add new feature 'SSLpinning'
- If a man page exists in the opts/ directory, it must also be referenced
- either in curl_easy_setopt.3 or curl_multi_setopt.3
+ ... and make test 2034 and 2035 require it, and have it set when built
+ with OpenSSL or GnuTLS.
-- curl_easy_setopt.3: added a few missing options
+- buildconf: update copyright year
-Kamil Dudka (18 Mar 2015)
-- nss: explicitly tell NSS to disable NPN/ALPN
+Steve Holme (4 Nov 2014)
+- INSTALL: Consistent spacing in section headings, paragraphs and examples
+
+Daniel Stenberg (4 Nov 2014)
+- buildconf: stop checking for libtool
- ... if disabled at libcurl level. Otherwise, we would allow to
- negotiate NPN despite curl was invoked with the --no-npn option.
+ As we only use libtoolize, only check for that!
-Daniel Stenberg (18 Mar 2015)
-- [Jay Satiro brought this change]
+Steve Holme (4 Nov 2014)
+- INSTALL: Corrected MIT Kerberos and Heimdal package names
- mkhelp: Remove trailing carriage return from every line of input
+- README: Corrected inconsistent use of --help
+
+- INSTALL: Use GSS-API rather than GSSAPI
- - Get rid of this flood of warnings in Windows mingw build:
- warning: missing terminating " character
+ As implementations are refereed to GSS-API libraries as per the RFC and
+ GSSAPI typically refers to the SASL authentication mechanism.
- The warning is due to the carriage return. When msysgit checks out files
- from the repo by default it converts the line endings to CRLF. Prior to
- this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF
- format the trailing carriage returns caused unnecessary CR in the
- output.
+ ...and minor rewording on the same paragraph.
-- RELEASE-NOTES: synced with e539f01567
+- README: Added note about using Visual Studio projects out of git repository
-- [Christian Weisgerber brought this change]
+Daniel Stenberg (4 Nov 2014)
+- [K. R. Walker brought this change]
- docs/libcurl: make portability fix
+ cmake: fix ZLIB_INCLUDE_DIRS use
- Using $< in a non-suffix rule context is a GNU make idiom. This bug was
- introduced in 7.41.0.
-
-Dan Fandrich (17 Mar 2015)
-- checksrc: Fix whitelist on out-of-tree builds
-
-Daniel Stenberg (17 Mar 2015)
-- [Stefan Bühler brought this change]
+ CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
+ http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
+
+ Bug: https://github.com/bagder/curl/pull/123
- Curl_sh_entry: remove unused 'timestamp'
+- [Jay Satiro brought this change]
-- HTTP: don't use Expect: headers when on HTTP/2
+ SSL: PolarSSL default min SSL version TLS 1.0
- Reported-by: Stefan Eissing
- Bug: https://github.com/bagder/curl/issues/169
+ - Prior to this change no SSL minimum version was set by default at
+ runtime for PolarSSL. Therefore in most cases PolarSSL would probably
+ have defaulted to a minimum version of SSLv3 which is no longer secure.
-- checksrc: detect and remove space before trailing semicolons
+- opts-Makefile: put more man pages into dist and make hmtl+pdf
-- checksrc: introduce a whitelisting concept
+- curl_multi_setopt.3: refer to stand-alone pages
+
+ ... instead of duplicating info.
-- checksrc: use space after comma
+- opts: more multi options as stand-alone man pages
-- checksrc: use space before paren in "return (expr);"
+- Makefile.am: two cmake files are gone
+
+ 8cb010144 removed the CurlCheckCSourceCompiles.cmake and
+ CurlCheckCSourceRuns.cmake files
-- CONTRIBUTE: refer to git log instead of deprecated CHANGES file
+- opts: made stand-alone man-pages for several multi options
-- CURLOPT_*.3: more examples and edits
+- [Carlo Wood brought this change]
-- CURLOPT_*.3: added lots of small example sections
+ Curl_single_getsock: fix hold/pause sock handling
+
+ The previous condition that checked if the socket was marked as readable
+ when also adding a writable one, was incorrect and didn't take the pause
+ bits properly into account.
-- CURLOPT_PRIVATE.3: provide an example
+- [Peter Wu brought this change]
-- CURLOPT_*TIMEOUT.3: provide examples
+ cmake: fix struct sockaddr_storage check
+
+ CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
+ was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
+ of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
+ to affect the tests, so remove it too[2].
+
+ For the non-windows case, remove inet headers as POSIX only requires
+ sys/socket.h.
+
+ [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
+ [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- CURLOPT_USERAGENT.3: added an example
+- [Peter Wu brought this change]
-- CURLOPT_STDERR.3: added an example
+ cmake: clean OtherTests, fixing -Werror
+
+ There were several -Wunused warnings and one duplicate macro definition.
+ The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
+ abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
+ insert extra C code. Avoid this broken abstraction and use cmake's
+ check_c_source_compiles directly (works fine with CMake 2.8, maybe
+ even cmake 2.6).
+
+ After cleaning up all related variables (EXTRA_DEFINES,
+ HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
+ add_headers_include macro and remove duplicate header additions before
+ the struct timeval check.
+
+ Oh, and now the code is converted to use CheckCSourceRuns and
+ CheckCSourceCompiles, the two curl-specific helpers can be removed.
+ Unfortunately, the cmake output is now slightly more verbose. Before:
+
+ Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
+ Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
+
+ Since check_c_source_compiles prints the varname, now you see:
+
+ Performing Test curl_cv_func_send_test
+ Performing Test curl_cv_func_send_test - Failed
+ Tested: int send(int, const void *, size_t, int)
+
+ Compared cmake output with each other using vimdiff, no functional
+ differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- curl_easy_perform.3: remove superfluous close brace from example
+- [Peter Wu brought this change]
-- free: instead of Curl_safefree()
+ cmake: fix gethostby{addr,name}_r in CurlTests
+
+ This patch cleans up the automatically-generated (?) code and fixes one
+ case that will always fail due to syntax error.
- Since we just started make use of free(NULL) in order to simplify code,
- this change takes it a step further and:
+ HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
+ character ("int length;q"). Several parameter type and unused variable
+ warnings popped up. This causes a detection failure with -Werror.
- - converts lots of Curl_safefree() calls to good old free()
- - makes Curl_safefree() not check the pointer before free()
+ Observe that the REENTRANT cases are exactly the same as their
+ non-REENTRANT cases except for a `_REENTRANT` macro definition.
+ Merge all these pieces and build one big main function with different
+ cases, but reusing variables where logical.
- The (new) rule of thumb is: if you really want a function call that
- frees a pointer and then assigns it to NULL, then use Curl_safefree().
- But we will prefer just using free() from now on.
+ For the cases where the parameters where NULL, I looked at
+ lib/hostip4.c to get an idea of the parameters types.
+
+ void-cast variables such as 'rc' to avoid -Wuninitialized errors.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Markus Elfring brought this change]
+- [Peter Wu brought this change]
- Bug #149: Deletion of unnecessary checks before a few calls of cURL functions
+ cmake: drop _BSD_SOURCE macro usage
- The following functions return immediately if a null pointer was passed.
- * Curl_cookie_cleanup
- * curl_formfree
+ autotools does not use features.h nor _BSD_SOURCE. As this macro
+ triggers warnings since glibc 2.20, remove it. It should not have
+ functional differences.
- It is therefore not needed that a function caller repeats a corresponding check.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
+
+Steve Holme (2 Nov 2014)
+- RELEASE-NOTES: Synced with d71ea7c01e
- This issue was fixed by using the software Coccinelle 1.0.0-rc24.
+ Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
+ as GSSAPI can be confused with the authentication mechanism rather than
+ a GSS-API implementation library such as MIT or Heimdal.
+
+- build: Added WinIDN build configuration options
- Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
+ Added support for WinIDN build configurations to the VC6 project files.
-- [Markus Elfring brought this change]
+- build: Added WinIDN build configuration options
+
+ Added support for WinIDN build configurations to the VC7 and VC7.1
+ project files.
- Bug #149: Deletion of unnecessary checks before calls of the function "free"
+- build: Fixed the pre-processor separator in Visual Studio project files
+
+ A left over from the VC6 project files, so mainly cosmetic in Visual
+ Studio .NET as it can handle both comma and semi-colon characters for
+ separating multiple pre-processor definitions.
- The function "free" is documented in the way that no action shall occur for
- a passed null pointer. It is therefore not needed that a function caller
- repeats a corresponding check.
- http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first
+ However, the IDE uses semi-colons if the value is edited, and as such,
+ this may cause problems in future for anyone updating the files or
+ merging patches.
- This issue was fixed by using the software Coccinelle 1.0.0-rc24.
+ Used the Visual Studio IDE to correct the separator character.
+
+- build: Added optional specific version generation of VC project files
- Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
+ ..when working from the git repository. This is particularly useful
+ for single development environments where the project files for all
+ supported versions of Visual Studio may not be required.
- [Jay Satiro brought this change]
- connect: Fix happy eyeballs logic for IPv4-only builds
-
- Bug: https://github.com/bagder/curl/pull/168
-
- (trynextip)
- - Don't try the "other" protocol family unless IPv6 is available. In an
- IPv4-only build the other family can only be IPv6 which is unavailable.
-
- This change essentially stops IPv4-only builds from attempting the
- "happy eyeballs" secondary parallel connection that is supposed to be
- used by the "other" address family.
-
- Prior to this change in IPv4-only builds that secondary parallel
- connection attempt could be erroneously used by the same family (IPv4)
- which caused a bug where every address after the first for a host could
- be tried twice, often in parallel. This change fixes that bug. An
- example of the bug is shown below.
-
- Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4:
-
- * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000)
- * Rebuilt URL to: http://MTEST/
- * Added connection 0. The cache now contains 1 members
- * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083
- (connection #0)
- * Trying 127.0.0.2...
- * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163
- (connection #0)
- * Trying 127.0.0.3...
- * connect to 127.0.0.2 port 80 failed: Connection refused
- * Trying 127.0.0.3...
- * connect to 127.0.0.3 port 80 failed: Connection refused
- * Trying 127.0.0.4...
- * connect to 127.0.0.3 port 80 failed: Connection refused
- * Trying 127.0.0.4...
- * connect to 127.0.0.4 port 80 failed: Connection refused
- * connect to 127.0.0.4 port 80 failed: Connection refused
- * Failed to connect to MTEST port 80: Connection refused
- * Closing connection 0
- * The cache now contains 0 members
- * Expire cleared
- curl: (7) Failed to connect to MTEST port 80: Connection refused
-
- The bug was born in commit bagder/curl@2d435c7.
-
-- mksymbolsmanpage.pl: use std header and generate better nroff header
+ build-openssl.bat: Fix x64 release build
+
+ Prior to this change if x64 release was specified a failed attempt was
+ made to build x86 release instead.
-- [Frank Meier brought this change]
+- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number
- closesocket: call multi socket cb on close even with custom close
-
- In function Curl_closesocket() in connect.c the call to
- Curl_multi_closed() was wrongly omitted if a socket close function
- (CURLOPT_CLOSESOCKETFUNCTION) is registered.
+- CURLOPT_SASL_IR.3: Added supported mechanism information
- That would lead to not removing the socket from the internal hash table
- and not calling the multi socket callback appropriately.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1493
+ ...and removed duplication of what protocols are supported from the
+ description text.
-- [Tobias Stoeckmann brought this change]
+- opts: Use common wording for MAIL related names
- hostip: Fix signal race in Curl_resolv_timeout.
+- opts: Use common wording for TLS user/password option names
- A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is
- configured to interrupt system calls and uses siglongjmp to return into
- the function if alarm() goes off.
+ ...and revised the proxy wording a little as well.
+
+- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
- The signal handler is installed before curl_jmpenv is initialized.
- This means that an already installed alarm timer could trigger the
- newly installed signal handler, leading to undefined behavior when it
- accesses the uninitialized curl_jmpenv.
+ ...and corrected a related typo in curl_easy_setopt.3.
+
+Guenter Knauf (2 Nov 2014)
+- RELEASE-NOTES: removed obsolete entry; fixed entry.
+
+Steve Holme (2 Nov 2014)
+- RELEASE-NOTES: Synced with e7da67f5d3
+
+- docs: Added mention of Kerberos for CURL_VERSION_SSPI
- Even if there is no previously installed alarm available, the code in
- Curl_resolv_timeout itself installs an alarm before the environment is
- fully set up. If the process is sent into suspend right after that, the
- signal handler could be called too early as in previous scenario.
+ As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
+ POP3 and SMTP authentication since v7.38.0.
+
+- CURL_VERSION_KERBEROS4: Mark as deprecated
- To fix this, the signal handler should only be installed and the alarm
- timer only be set after sigsetjmp has been called.
+ Support for Kerberos V4 was removed in v7.33.0.
-- http2: detect prematures close without data transfered
+- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
- ... by using the regular Curl_http_done() method which checks for
- that. This makes test 1801 fail consistently with error 56 (which seems
- fine) to that test is also updated here.
+ Typically the USE_WINDOWS_SSPI definition would not be used when the
+ CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
+ configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
+ data structures and functions would incorrectly be used when they
+ shouldn't be.
- Reported-by: Ben Darnell
- Bug: https://github.com/bagder/curl/issues/166
+ Introduced a new USE_KRB5 definition that takes into account the use of
+ CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
-Dan Fandrich (13 Mar 2015)
-- test320: Expect the Host header to be the first header
+- openssl: Use 'CURLcode result'
- Required for the test to work after a5d994941c2b.
+ More CURLcode fixes.
-Daniel Stenberg (12 Mar 2015)
-- RELEASE-NOTES: synced with 186e46d88dd
-
-- openssl: use colons properly in the ciphers list
-
- While the previous string worked, this is the documented format.
+Daniel Stenberg (1 Nov 2014)
+- resume: consider a resume from [content-length] to be OK
- Reported-by: Richard Moore
-
-- openssl: sort the ciphers on strength
+ Basically since servers often then don't respond well to this and
+ instead send the full contents and then libcurl would instead error out
+ with the assumption that the server doesn't support resume. As the data
+ is then already transfered, this is now considered fine.
- This makes curl pick better (stronger) ciphers by default. The strongest
- available ciphers are fine according to the HTTP/2 spec so an OpenSSL
- built curl is no longer rejected by string HTTP/2 servers.
+ Test case 1434 added to verify this. Test case 1042 slightly modified.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1487
+ Reported-by: hugo
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1443
-- [Fabian Keil brought this change]
+Steve Holme (1 Nov 2014)
+- openssl: Use 'CURLcode result'
+
+ More standardisation of CURLcode usage and coding style.
- test203[0-3]: Expect the Host header to be the first header
+- openssl: Use 'CURLcode result'
- Required for the tests to work after a5d994941c2b.
+ ...and some minor code style changes.
+
+- ftplistparser: We prefer 'CURLcode result'
-- openssl: show the cipher selection to use
+- opts: Use common wording for user/password option names
-- http: always send Host: header as first header
+- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
- ...after the method line:
+ As this is covered by the PROTOCOLS section and saves having to update
+ two parts of the document with the same information in future.
+
+- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
- "Since the Host field-value is critical information for handling a
- request, a user agent SHOULD generate Host as the first header field
- following the request-line." / RFC 7230 section 5.4
+ As implementations are refereed to GSS-API libraries as per the RFC and
+ GSSAPI typically refers to an authentication mechanism.
+
+- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
- Additionally, this will also make libcurl ignore multiple specified
- custom Host: headers and only use the first one. Test 1121 has been
- updated accordingly
+ Added missing IMAP to the protocol list.
+
+- code cleanup: Use 'CURLcode result'
+
+- curl_easy_setopt.3: Fixed lots of typos
+
+- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
- Bug: http://curl.haxx.se/bug/view.cgi?id=1491
- Reported-by: Rainer Canavan
+ ...as this option affects more that just FTP.
+
+Guenter Knauf (30 Oct 2014)
+- build: added Watcom support to build with WinSSL.
-- [Alexander Pepper brought this change]
+Daniel Stenberg (30 Oct 2014)
+- CURLOPT_PINNEDPUBLICKEY.3: added details
- mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".
+Steve Holme (30 Oct 2014)
+- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
- Also unified printing to STDERR by creating the helper method "report".
+ Whilst the description included information about SMTP, the protocol
+ list only showed "TTP, FTP, IMAP, POP3".
-- proxy: re-use proxy connections (regression)
+- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3
+
+Daniel Stenberg (29 Oct 2014)
+- openssl: enable NPN separately from ALPN
- When checking for a connection to re-use, a proxy-using request must
- check for and use a proxy connection and not one based on the host
- name!
+ ... and allow building with nghttp2 but completely without NPN and ALPN,
+ as nghttp2 can still be used for plain-text HTTP.
- Added test 1421 to verify
+ Reported-by: Lucas Pardue
+
+- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
- Bug: http://curl.haxx.se/bug/view.cgi?id=1492
+ ... since the conditional in the code are now based on OpenSSL versions
+ instead to better support non-configure builds.
-- [Jay Satiro brought this change]
+- opts: added some "SEE ALSO" references
- memanalyze.pl: handle free(NULL)
+Steve Holme (29 Oct 2014)
+- RELEASE-NOTES: Synced with 32913182dc
-- [Jay Satiro brought this change]
+- vtls.c: Fixed compilation warning
+
+ conversion from 'size_t' to 'unsigned int', possible loss of data
- .travis.yml: Change CI make test to make test-full
+- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
- - Change the continuous integration script to use 'make test-full'
- instead of just 'make test' so that the diagnostic log output is
- printed to stdout when a test fails.
+ Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
+ acquiring the credentials handle fails. This is then consistent with
+ the code prior to commit f7e24683c4 when log-in credentials were empty.
+
+- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
- - Change the continuous integration script to use
- './configure --enable-debug' instead of just './configure' so that the
- memory analyzer will work during testing.
+ Fixed the ability to use the current log-in credentials with DIGEST-MD5.
+ I had previously disabled this functionality in commit 607883f13c as I
+ couldn't get this to work under Windows 8, however, from testing HTTP
+ Digest authentication through Windows SSPI and then further testing of
+ this code I have found it works in Windows 7.
- Prior to this change Travis used its default C test script:
- ./configure && make && make test
+ Some further investigation is required to see what the differences are
+ between Windows 7 and 8, but for now enable this functionality as the
+ code will return an error when AcquireCredentialsHandle() fails.
-- [Alessandro Ghedini brought this change]
+Kamil Dudka (29 Oct 2014)
+- transfer: drop the code handling the ssl_connect_retry flag
+
+ Its last use has been removed by the previous commit.
- gtls: correctly align certificate status verification messages
+- nss: drop the code for libcurl-level downgrade to SSLv3
+
+ This code was already deactivated by commit
+ ec783dc142129d3860e542b443caaa78a6172d56.
-- [Alessandro Ghedini brought this change]
+- openssl: fix a line length warning
- gtls: don't print double newline after certificate dates
+Guenter Knauf (29 Oct 2014)
+- Added NetWare support to build with nghttp2.
-- [Alessandro Ghedini brought this change]
+- Fixed error message since we require ALPN support.
- gtls: print negotiated TLS version and full cipher suite name
+- Check for ALPN via OpenSSL version number.
- Instead of priting cipher and MAC algorithms names separately, print the
- whole cipher suite string which also includes the key exchange algorithm,
- along with the negotiated TLS version.
+ This check works also with to non-configure platforms.
-- gtls: fix compiler warnings
+Steve Holme (28 Oct 2014)
+- sasl_sspi: Fixed typo in comment
-- [Alessandro Ghedini brought this change]
+- code cleanup: We prefer 'CURLcode result'
- gtls: add support for CURLOPT_CAPATH
+Daniel Stenberg (28 Oct 2014)
+- TODO: consider supporting STAT
-- [stopiccot brought this change]
+- mk-ca-bundle: spell fix "version"
- MacOSX-Framework: use @rpath instead of @executable_path
+- HTTP: return larger than 3 digit response codes too
- Bug: https://github.com/bagder/curl/pull/157
-
-- RELEASE-NOTES: synced with c19349951
-
-- multi: fix *getsock() with CONNECT
+ HTTP 1.1 is clearly specified to only allow three digit response codes,
+ and libcurl used sscanf("%3d") for that purpose. This made libcurl
+ support smaller numbers but not larger. It does now, but we will not
+ make any specific promises nor document this further since it is going
+ outside of what HTTP is.
- The code used some happy eyeballs logic even _after_ CONNECT has been
- sent to a proxy, while the happy eyeball phase is already (should be)
- over by then.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1441
+ Reported-by: Balaji
+
+- src/: remove version.h.dist from gitignore
- This is solved by splitting the multi state into two separate states
- introducing the new SENDPROTOCONNECT state.
+ It has not been used since commit f7bfdbab in 2011
+
+Steve Holme (26 Oct 2014)
+- ntlm: We prefer 'CURLcode result'
- Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html
- Reported-by: Peter Laser
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- conncontrol: only log changes to the connection bit
+Guenter Knauf (26 Oct 2014)
+- Cosmetics: lowercase non-special subroutine names.
-- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
+Steve Holme (26 Oct 2014)
+- RELEASE-NOTES: Synced with 07ac29a058
+
+- http_negotiate: We prefer 'CURLcode result'
- Since they already exist and will make comparing easier
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- http2: make the info-message about receiving HTTP2 headers debug-only
+- http_negotiate: Fixed missing check for USE_SPNEGO
-- [Alessandro Ghedini brought this change]
+- sspi: Synchronization of cleanup code between auth mechanisms
- urldata: remove unused asked_for_h2 field
+- sspi: Renamed max token length variables
+
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- [Alessandro Ghedini brought this change]
+- sspi: Renamed expiry time stamp variables
+
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
- polarssl: make it possible to enable ALPN/NPN without HTTP2
+- sspi: Only call CompleteAuthToken() when complete is needed
+
+ Don't call CompleteAuthToken() after InitializeSecurityContext() has
+ returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
+ function should be called again after receiving a response back from
+ the server.
+
+ This only affected the Digest and NTLM authentication code.
-- [Alessandro Ghedini brought this change]
+Dan Fandrich (26 Oct 2014)
+- Added the "flaky" keyword to a number of tests
+
+ Each shows evidence of flakiness on at least one platform on
+ the autobuilds. Users can use this keyword to skip these tests
+ if desired.
- nss: make it possible to enable ALPN/NPN without HTTP2
+Steve Holme (26 Oct 2014)
+- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
+
+ For consistency with other areas of the NTLM code propagate all errors
+ from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
+ CURLE_OUT_OF_MEMORY.
-- [Alessandro Ghedini brought this change]
+- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
- gtls: make it possible to enable ALPN/NPN without HTTP2
+- ntlm: Use 'CURLcode result'
+
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- [Alessandro Ghedini brought this change]
+- ntlm: Only define ntlm data structure when USE_NTLM is defined
- openssl: make it possible to enable ALPN/NPN without HTTP2
+- ntlm: Changed handles to be dynamic like other SSPI handles
+
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- metalink: add some error checks
+- ntlm: Renamed handle variables to match other SSPI structures
- malloc() and strdup() calls without checking return codes.
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
+
+- ntlm: Renamed SSPI based input token variables
- Reported-by: Markus Elfring
- Bug: https://github.com/bagder/curl/issues/150
+ Code cleanup to try and synchronise code between the different SSPI
+ based authentication mechanisms.
-- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
+- ntlm: We prefer 'CURLcode result'
- Reported-by: Jonathan Cardoso
+ Continuing commit 0eb3d15ccb more return code variable name changes.
-- urldata: fix gnutls build
+- build: Added WinIDN build configuration options
+
+ Added support for WinIDN build configurations to the VC8 and VC9
+ project files.
-Steve Holme (5 Mar 2015)
-- openssl: Removed use of USE_SSLEAY from the Visual Studio project files
+Nick Zitzmann (24 Oct 2014)
+- darwinssl: detect possible future removal of SSLv3 from the framework
- In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor
- variable from the Visual Studio project files as it isn't required
- anymore.
+ If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
-Daniel Stenberg (5 Mar 2015)
-- multi: fix memory-leak on timeout (regression)
+Patrick Monnerat (24 Oct 2014)
+- gskit.c: remove SSLv3 from SSL default.
+
+- gskit.c: use 'CURLcode result'
+
+Daniel Stenberg (24 Oct 2014)
+- [Jay Satiro brought this change]
+
+ SSL: Remove SSLv3 from SSL default due to POODLE attack
- Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't
- necesarily clear everything up, like formpost data.
+ - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
+ openssl effectively making the default TLS 1.x. axTLS is not affected
+ since it supports only TLS, and gnutls is not affected since it already
+ defaults to TLS 1.x.
- Bug: https://github.com/bagder/curl/issues/147
- Reported-by: Michel Promonet
- Patched-by: Michel Promonet
+ - Update CURLOPT_SSLVERSION doc
-- configure: follow-up fix from 709cf76f6
-
- OpenSSL handling was a little broken.
+- pipelining: only output "is not blacklisted" in debug builds
-- openssl: remove all uses of USE_SSLEAY
-
- SSLeay was the name of the library that was subsequently turned into
- OpenSSL many moons ago (1999). curl does not work with the old SSLeay
- library since years. This is now reflected by only using USE_OPENSSL in
- code that depends on OpenSSL.
+- *.3: add/extend "SEE ALSO" sections
-- [Sergei Nikulov brought this change]
+- curl_easy_pause.3: minor wording edit
- cmake: handle build definitions CURLDEBUG/DEBUGBUILD
-
- Acked-by: Brad King
+- curl_getdate.3: provide a "SEE ALSO" section
+
+- curl_global_init.3: minor formatting fix, add version info
-- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
+- url.c: use 'CURLcode result'
-- symbols.pl: handle '-' in the deprecated field
+- code cleanup: we prefer 'CURLcode result'
- ... which otherwise made the script skip the _LAST define for some
- symbols.
+ ... for the local variable name in functions holding the return
+ code. Using the same name universally makes code easier to read and
+ follow.
- Reported-by: Jeroen Ooms
- Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html
+ Also, unify code for checking for CURLcode errors with:
+
+ if(result) or if(!result)
+
+ instead of
+
+ if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
-- curl.1: fix "The the" typo
+- Curl_add_timecondition: skip superfluous varible assignment
- Reported-by: Jon Seymour
+ Detected by cppcheck.
-- vtls: use curl_printf.h all over
+- Curl_pp_flushsend: skip superfluous assignment
- No need to use _MPRINTF_REPLACE internally.
+ Detected by cppcheck.
-- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
+- Curl_pp_readresp: remove superfluous assignment
+
+ Variable already assigned a few lines up.
+
+ Detected by cppcheck.
-- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used
+- Curl_proxyCONNECT: remove superfluous statement
+
+ The variable is already assigned, skip the duplicate assignment.
+
+ Pointed out by cppcheck.
-- [Sergei Nikulov brought this change]
+Guenter Knauf (24 Oct 2014)
+- Added MinGW support to build with nghttp2.
- libtest: fixed linker errors on msvc
-
- Bug: https://github.com/bagder/curl/pull/144
+- Added VC ssh2 target to main Makefile.
-- mprintf.h: remove #ifdef CURLDEBUG
-
- ... and as a consequence, introduce curl_printf.h with that re-define
- magic instead and make all libcurl code use that instead.
+- Some cosmetics and simplifies.
-- tool_getpass: remove unused curl/mprintf.h include
+- Remove dependency on openssl and cut.
+
+ Prefer usage of Perl modules for sha1 calculation since there
+ might be systems where openssl is not installed or not in path.
+ If openssl is used for sha1 calculation then dont rely on cut
+ since it is usually not available on other systems than Linux.
-- CONTRIBUTING.md: file for advice on github
+Daniel Stenberg (23 Oct 2014)
+- RELEASE-NOTES: synced with e116d0a62
-- [Viktor Szakáts brought this change]
+- CURLOPT_RESOLVE.3: add an example
- BINDINGS: add link to Harbour bindings
+- gnutls: removed dead code
- And UTF8-fix a few names
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1437
+ Reported-by: Julien
-- CURLOPT_HEADERFUNCTION.3: typo in error code name
+- Curl_rand: Uninitialized variable: r
+
+ This is not actually used uninitialized but we silence warnings.
- Reported-by: Jonathan Cardoso
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1437
+ Reported-by: Julien
-- BINDINGS: tclcurl moved
+- opts: provide more and updated examples
+
+- CURLOPT_RANGE.3: works for SFTP as well
- Reporte-by: Steve Havelka
+ ... and added a small example
-- [Jay Satiro brought this change]
+- curl.1: edited for clarity
- opts: Fix pipelining examples
+- CURLOPT_SSLVERSION.3: provide an example
-- [Jay Satiro brought this change]
+- docs/libcurl/ABI: more markdown friendly
- curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS
+- docs: edited lots of libcurl docs for clarity
-- CONTRIBUTE: the new more github-friendly attitude!
+- opts: added examples
-Steve Holme (28 Feb 2015)
-- RELEASE-NOTES: Synced with 921d195187
+- HISTORY: two glimpses in 2014
-Kamil Dudka (28 Feb 2015)
-- tool: wrap lines longer than 79 columns
+Kamil Dudka (20 Oct 2014)
+- nss: reset SSL handshake state machine
+
+ ... when the handshake succeeds
- ... to avoid a build failure when configured with --enable-debug
+ This fixes a connection failure when FTPS handle is reused.
-Steve Holme (27 Feb 2015)
-- [Tatsuhiro Tsujikawa brought this change]
+Daniel Stenberg (20 Oct 2014)
+- [Peter Wu brought this change]
- http2: Return error if stream was closed with other than NO_ERROR
+ cmake: generate pkg-config and curl-config
- Previously, we just ignored error code passed to
- on_stream_close_callback and just return 0 (success) after stream
- closure even if stream was reset with error. This patch records error
- code in on_stream_close_callback, and return -1 and use CURLE_HTTP2
- error code on abnormal stream closure.
-
-- tool: Updated the warnf() function to use the GlobalConfig structure
+ Initial work to generate a pkg-config and curl-config script. Static
+ linking (`curl-config --static-libs` and `pkg-config --shared --libs
+ libcurl`) is broken and therefore disabled.
+
+ CONFIGURE_OPTIONS does not make sense for CMake, use an empty string
+ for now.
+
+ At least `curl-config --features` and `curl-config --protocols` work
+ which is needed by runtests.pl.
- As the 'error' and 'mute' options are now part of the GlobalConfig,
- rather than per Operation, updated the warnf() function to use this
- structure rather than the OperationConfig.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- build: Removed DataExecutionPrevention directive from VC9+ project files
+- [Peter Wu brought this change]
+
+ cmake: use LIBCURL_VERSION from curlver.h
+
+ This matches the behavior from autotools. The auxiliary major, minor
+ and patch components are not needed anymore and therefore removed.
- Removed the DataExecutionPrevention directive from the project files for
- Visual Studio 2008 and above. The XML value in the VC9 project files was
- set to "0" (Default) whilst the VC10+ project files contained an empty
- XML element.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- build: Use default RandomizedBaseAddress directive in VC9+ project files
+- [Peter Wu brought this change]
+
+ cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
+
+ For compatibility with autoconf, it will be used later for curl-config
+ and pkg-config. Not all features and or protocols can be enabled as
+ these are missing additional checks (see new TODOs).
- Visual Studio 2008 introduced support for the address space layout
- randomization (ASLR) feature of Windows Vista. However, upgrading the
- VC8 project files to VC9 and above disabled this feature.
+ SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=)
+ and manually verified/modified. SUPPORT_FEATURES is manually added.
- Removed the RandomizedBaseAddress directive to enabled the default
- setting (/DYNAMICBASE). Note: This doesn't appear to have any negative
- impact when compiled and ran on Windows XP.
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- build: Added support to Generate.bat for files in the upcoming vauth folder
+- cmake: add CMake/Macros.cmake to the release tarball
-Daniel Stenberg (25 Feb 2015)
-- http2: return recv error on unexpected EOF
+- test545: make it not use a trailing zero
- Pointed-out-by: Tatsuhiro Tsujikawa
- Bug: http://curl.haxx.se/bug/view.cgi?id=1487
+ CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
+ require a trailing zero of the data and by making sure this test doesn't
+ use one we know it works (combined with valgrind).
-Kamil Dudka (25 Feb 2015)
-- dist: add symbol-scan.pl to the tarball
+Steve Holme (16 Oct 2014)
+- ntlm: Fixed empty type-2 decoded message info text
- ... in order to make test1135 succeed
+ Updated the info text when the base-64 decode of the type-2 message
+ returns a null buffer to be more specific.
-Daniel Stenberg (25 Feb 2015)
-- http2: move lots of verbose output to be debug-only
+- ntlm: Fixed empty/bad base-64 decoded buffer return codes
-Kamil Dudka (25 Feb 2015)
-- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
+- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
+
+Daniel Stenberg (16 Oct 2014)
+- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
- Otherwise it expands to:
+ ... and only do a single request for clarity.
+
+Steve Holme (15 Oct 2014)
+- sasl_sspi: Fixed some typos
+
+- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO
+
+Daniel Stenberg (15 Oct 2014)
+- [Bruno Thomsen brought this change]
+
+ mk-ca-bundle: added SHA-384 signature algorithm
- echo ""/etc/pki/tls/certs/ca-bundle.crt""
+ Certificates based on SHA-1 are being phased out[1].
+ So we should expect a rise in certificates based on SHA-2.
+ Adding SHA-384 as a valid signature algorithm.
- Detected by ShellCheck:
+ [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
- curl-config:74:16: warning: The double quotes around this do
- nothing. Remove or escape them. [SC2140]
+ Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
+
+Patrick Monnerat (14 Oct 2014)
+- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope
+
+- Implement pinned public key in GSKit backend
+
+Daniel Stenberg (14 Oct 2014)
+- CURLOPT_TLSAUTH_*.3: fix reference typos
-- nss: do not skip Curl_nss_seed() if data is NULL
+- cleanups: reduce variable scope
- In that case, we only skip writing the error message for failed NSS
- initialization (while still returning the correct error code).
+ cppcheck pointed these out.
-- nss: improve error handling in Curl_nss_random()
+- singleipconnect: remove dead assignment never used
- The vtls layer now checks the return value, so it is no longer necessary
- to abort if a random number cannot be provided by NSS. This also fixes
- the following Coverity report:
-
- Error: FORWARD_NULL (CWE-476):
- lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
- lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
- lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
+ cppcheck pointed this out.
-Daniel Stenberg (25 Feb 2015)
-- RELEASE-PROCEDURE: add some more future release dates
-
- ... and remove some old ones
+- pinning: minor code style policing
-- sws: timeout idle CONNECT connections
+Patrick Monnerat (13 Oct 2014)
+- Factorize pinned public key code into generic file handling and backend specific
-- bump: start working toward 7.42.0
+- vtls: remove QsoSSL
-Version 7.41.0 (25 Feb 2015)
+- gskit: supply dummy randomization function
-Daniel Stenberg (25 Feb 2015)
-- THANKS: added contributors from the 7.41.0 RELEASE-NOTES
+- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation
-- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)
+Daniel Stenberg (13 Oct 2014)
+- [Peter Wu brought this change]
-Marc Hoersken (25 Feb 2015)
-- Revert "telnet.c: fix handling of 0 being returned from custom read function"
+ tests: move TESTCASES to Makefile.inc, add show for cmake
- This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.
-
-- telnet.c: fix invalid use of custom read function if not being set
+ This change allows runtests.pl to be run from the CMake builddir:
- obj_count can be 1 if the custom read function is set or the stdin
- handle is a reference to a pipe. Since the pipe should be handled
- using the PeekNamedPipe-check below, the custom read function should
- only be used if it is actually enabled.
-
-- telnet.c: fix handling of 0 being returned from custom read function
+ export srcdir=/tmp/curl/tests;
+ perl -I$srcdir $srcdir/runtests.pl -l
- According to [1]: "Returning 0 will signal end-of-file to the library
- and cause it to stop the current transfer."
- This change makes the Windows telnet code handle this case accordingly.
+ In order to make this possible, all test cases have been moved from
+ Makefile.am to Makefile.inc.
- [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (24 Feb 2015)
-- sws: stop logging about TPC_NODELAY nonsense
+- [Peter Wu brought this change]
-- lib530: make it less timing sensible
+ cmake: enable IPv6 by default if available
- ... by making sure the first request is completed before doing the
- remainder.
-
-Kamil Dudka (23 Feb 2015)
-- connect: wait for IPv4 connection attempts
-
- ... even if the last IPv6 connection attempt has failed.
+ ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
+ Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
+ struct sockaddr_in6 is not found in netinet/in.h.
- Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
-
-- connect: avoid skipping an IPv4 address
+ Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
+ platform checks even though POSIX requires a thread-safe getaddrinfo.
- ... in case the protocol versions are mixed in a DNS response
- (IPv6 -> IPv4 -> IPv6).
+ Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
- Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-Daniel Stenberg (23 Feb 2015)
-- RELEASE-NOTES: synced with 5e4395eab839d
+- [Peter Wu brought this change]
-- ROADMAP: curl_easy_setopt.3 has already been split up
+ cmake: build tool_hugehelp (ENABLE_MANUAL)
- Remove cmake as marked for removal. It is in much better state now.
-
-- ROADMAP: extend the HTTP/2 stuff, remove SPDY
+ Rather than always outputting an empty manual page for the '-M' option,
+ generate a full manual page as done by autotools. For simplicity in
+ CMake, always generate the gzipped page as it will not be used anyway
+ when zlib is not available.
+
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Julian Ospald brought this change]
+- [Peter Wu brought this change]
- configure: allow both --with-ca-bundle and --with-ca-path
-
- SSL_CTX_load_verify_locations by default (and if given non-Null
- parameters) searches the CAfile first and falls back to CApath. This
- allows for CAfile to be a basis (e.g. installed by the package manager)
- and CApath to be a user configured directory.
+ tests/http_pipe.py: Python 3 support
- This wasn't reflected by the previous configure constraint which this
- patch fixes.
+ The 2to3 tool converted socketserver (which I manually fixed up with an
+ import fallback) and the print(e) line. The xrange option was converted
+ to range, but it seems better to use the '*' operator here for
+ simplicity.
- Bug: https://github.com/bagder/curl/pull/139
+ Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-- [Ben Boeckel brought this change]
+- SECURITY: slightly nicer markdown format
- cmake: install the dll file to the correct directory
+- RELEASE-PROCEDURE: better markdown, more content
-- [Alessandro Ghedini brought this change]
+- RELEASE-NOTES: synced with 6637b237e6eb
+
+ ... and bumped the planned release version.
- nss: fix NPN/ALPN protocol negotiation
+- vtls: have vtls.h include the backend header files
- Correctly check for memcmp() return value (it returns 0 if the strings match).
+ It turned out some features were not enabled in the build since for
+ example url.c #ifdefs on features that are defined on a per-backend
+ basis but vtls.h didn't include the backend headers.
- This is not really important, since curl is going to use http/1.1 anyway, but
- it's still a bug I guess.
+ CURLOPT_CERTINFO was one such feature that was accidentally disabled.
-- [Alessandro Ghedini brought this change]
-
- polarssl: fix ALPN protocol negotiation
+- test2036: verify -O with no slash at all in the URL
- Correctly check for strncmp() return value (it returns 0 if the strings
- match).
+ Similar to test 76 but that test's URL has a slash just no file name
+ part.
-- [Sergei Nikulov brought this change]
+- get_url_file_name: make no slash equal empty string
- CMake: Fix generation of tool_hugehelp.c on windows
+- get_url_file_name: never return a NULL string *and* OK
- Use "cmake -E echo" instead of "echo".
+ Change 987a4a73 assumes that as it simplifies life in the calling
+ function.
- Reviewed-by: Brad King <brad.king@kitware.com>
+ Reported-by: Fabian Keil
-- [Sergei Nikulov brought this change]
+- [Jakub Zakrzewski brought this change]
- CMake: fix winsock2 detection on windows
-
- Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
- the winsock2 API from windows.h. Simplify the order of checks to
- avoid extra conditions.
+ Cmake: Build with GSSAPI (MIT or Heimdal)
- Use check_include_file instead of check_include_file_concat to look
- for OpenSSL headers. They do not need to participate in a sequence
- of dependent system headers. Also they may cause winsock.h to be
- included before ws2tcpip.h, causing the latter to not be detected
- in the sequence.
+ It tries hard to recognise SDK's on different platforms. On windows MIT
+ Kerberos installs SDK with other things and puts path into registry.
+ Heimdal have separate zip archive. On linux pkg-config is tried, then
+ krb5-config script and finally old-style libs and headers detection.
- Reviewed-by: Brad King <brad.king@kitware.com>
+ Command line args:
+ * CMAKE_USE_GSSAPI - enables GSSAPI detection
+ * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
+ (the one with include and lib directories)
-- [Alessandro Ghedini brought this change]
-
- gtls: fix build with HTTP2
-
-Steve Holme (16 Feb 2015)
-- Makefile.vc6: Corrected typos in rename of darwinssl.obj
-
-Nick Zitzmann (15 Feb 2015)
-- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"
-
-Steve Holme (14 Feb 2015)
-- RELEASE-NOTES: Synced with 6f89f86c3d
-
-- tests/README: Updated to reflect email test ranges
+- [Jakub Zakrzewski brought this change]
-- [Alessandro Ghedini brought this change]
+ Cmake: Got rid of setup_curl_dependencies
+
+ There is no need for such function. Include_directories propagate by
+ themselves and having a function with one simple link statement makes
+ little sense.
- curl.1: --cert-status is also supported by OpenSSL now
+- [Jakub Zakrzewski brought this change]
-- build: Removed Visual Studio SuppressStartupBanner directive for VC8+
+ Cmake: Avoid cycle directory dependencies.
- Visual Studio 2005 and above defaults to disabling the startup banner
- for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
- is no need to explicitly set the SuppressStartupBanner directive, as
- this is a leftover from the VC7 and VC7.1 projects being upgraded to
- VC8 and above.
+ Because we prepended libraries to list, CMake had troubles resolving
+ link directory order as it detected some cycles. Appending to list ensures
+ that dependencies will preceed dependees.
-Kamil Dudka (12 Feb 2015)
-- openssl: fix a compile-time warning
-
- lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
+- [Jakub Zakrzewski brought this change]
-Steve Holme (11 Feb 2015)
-- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
+ Cmake: Fix library list provided to cURL tests.
- For consistency with other conditionally compiled code in openssl.c,
- use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
- HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
- not included.
+ The list must be set after those nice CMake tests as we mess with
+ CMAKE_REQUIRED_LIBRARIES there.
-Patrick Monnerat (11 Feb 2015)
-- ftp: accept all 2xx responses to the PORT command
+- [Jakub Zakrzewski brought this change]
-Steve Holme (9 Feb 2015)
-- openssl: Disable OCSP in old versions of OpenSSL
+ Cmake: Check for OpenSSL before OpenLDAP.
- Versions of OpenSSL prior to v0.9.8h do not support the necessary
- functions for OCSP stapling.
+ OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
+ may result in undefined symbols. Of course, the found OpenSSL libraries
+ must also be linked whenever OpenLDAP is.
-Daniel Stenberg (9 Feb 2015)
-- [Tatsuhiro Tsujikawa brought this change]
+- curl_multi_fdset.3: improved the formatting slightly
- http2: Fix bug that associated stream canceled on PUSH_PROMISE
+- curl_multi_fdset: explain the fd_set arguments
+
+Kamil Dudka (8 Oct 2014)
+- nss: do not fail if a CRL is already cached
- Previously we don't ignore PUSH_PROMISE header fields in on_header
- callback. It makes header values mixed with following HEADERS,
- resulting protocol error.
+ This fixes a copy-paste mistake from commit 2968f957.
-- [Jay Satiro brought this change]
+Patrick Monnerat (8 Oct 2014)
+- OS400: upgrade interface for pinned public key (no implementation yet)
- polarssl: Fix exclusive SSL protocol version options
+Daniel Stenberg (8 Oct 2014)
+- FormAdd: precaution against memdup() of NULL pointer
- Prior to this change the options for exclusive SSL protocol versions did
- not actually set the protocol exclusive.
-
- http://curl.haxx.se/mail/lib-2015-01/0002.html
- Reported-by: Dan Fandrich
-
-- [Jay Satiro brought this change]
+ Coverity CID 252518. This function is in general far too complicated for
+ its own good and really should be broken down into several smaller
+ funcitons instead - but I'm adding this protection here now since it
+ seems there's a risk the code flow can end up here and dereference a
+ NULL pointer.
- gskit: Fix exclusive SSLv3 option
+- operate: avoid NULL dereference
+
+ Coverity CID 1241948. dumpeasysrc() would get called with
+ config->current set to NULL which could be dereferenced by a warnf()
+ call.
-- curl.1: clarify that -X is used for all requests
+- do_sec_send: remove dead code
- Reported-by: Jon Seymour
+ Coverity CID 1241951. The condition 'len >= 0' would always be true at
+ that point and thus not necessary to check for.
-- curl.1: add warning when using -H and redirects
+- krb5_encode: remove unused argument
+
+ Coverity CID 1241957. Removed the unused argument. As this struct and
+ pointer now are used only for krb5, there's no need to keep unused
+ function arguments around.
-Steve Holme (7 Feb 2015)
-- schannel: Removed curl_ prefix from source files
+- operate_do: skip superfluous check for NULL pointer
- Removed the curl_ prefix from the schannel source files as discussed
- with Marc and Daniel at FOSDEM.
+ Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
+ file name pointer so skip the check for that - it tricks coverity into
+ believing it can happen and it then warns later on when we use 'outfile'
+ without checking for NULL.
-Daniel Stenberg (6 Feb 2015)
-- md5: use axTLS's own MD5 functions when available
+- curl_easy_getinfo.3: spell-fix
+
+ Reported-By: Luan Cestari
-- MD(4|5): make the MD4_* and MD5_* functions static
+- [moparisthebest brought this change]
-- axtls: fix conversion from size_t to int warning
+ GnuTLS: Implement public key pinning
-Steve Holme (5 Feb 2015)
-- ftp: Use 'CURLcode result' for curl result codes
+- [moparisthebest brought this change]
-Daniel Stenberg (5 Feb 2015)
-- openssl: SSL_SESSION->ssl_version no longer exist
+ SSL: implement public key pinning
- The struct went private in 1.0.2 so we cannot read the version number
- from there anymore. Use SSL_version() instead!
+ Option --pinnedpubkey takes a path to a public key in DER format and
+ only connect if it matches (currently only implemented with OpenSSL).
- Reported-by: Gisle Vanem
- Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
-
-Dan Fandrich (4 Feb 2015)
-- unit1600: Fix compilation when NTLM is disabled
+ Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
+
+ Extract a public RSA key from a website like so:
+ openssl s_client -connect google.com:443 2>&1 < /dev/null | \
+ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
+ | openssl rsa -pubin -outform DER > google.com.der
-Daniel Stenberg (4 Feb 2015)
-- MD5: fix compiler warnings and code style nits
+- multi_runsingle: fix possible memory leak
+
+ Coverity CID 1202837. 'newurl' can in fact be allocated even when
+ Curl_retry_request() returns failure so free it if need be.
-- MD5: replace implementation
+- ares::Curl_resolver_cancel: skip checking for NULL conn
- The previous one was "encumbered" by RSA Inc - to avoid the licensing
- restrictions it has being replaced. This is the initial import,
- inserting the md5.c and md5.h files from
- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
+ the subsequent statement would dereference it!
+
+- parseconfig: skip a NULL check
- Code-by: Alexander Peslyak
+ Coverity CID 1154198. This NULL check implies that the pointer _can_ be
+ NULL at this point, which it can't. Thus it is dead code. It tricks
+ static analyzers to warn about dereferencing the pointer since the code
+ seems to imply it can be NULL.
-- MD4: fix compiler warnings and code style nits
+- [Waldek Kozba brought this change]
-- MD4: replace implementation
+ multi-uv.c: call curl_multi_info_read() better
- The previous one was "encumbered" by RSA Inc - to avoid the licensing
- restrictions it has being replaced. This is the initial import,
- inserting the md4.c and md4.h files from
- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
+ Improves it for low-latency cases (like the communication with
+ localhost)
+
+- tool_go_sleep: use (void) to spell out we ignore the return value
- Code-by: Alexander Peslyak
+ Coverity CID 1222080.
-Steve Holme (4 Feb 2015)
-- telnet: Prefer 'CURLcode result' for curl result codes
+- ssh_statemach_act: split out assignment from check
+
+ just a minor code style thing to make the code clearer
-- hostasyn: Prefer 'CURLcode result' for curl result codes
+Marc Hoersken (4 Oct 2014)
+- curl_schannel.c: Fixed possible memory or handle leak
+
+ First try to fix possible memory leaks, in this case:
+ Only connssl->ctxt xor onnssl->cred being initialized.
-- schannel: Prefer 'CURLcode result' for curl result codes
+Daniel Stenberg (4 Oct 2014)
+- getparameter: remove dead code
+
+ Coverity CID 1061126. 'parse' will always be non-NULL here.
-Daniel Stenberg (3 Feb 2015)
-- unit1601: MD5 unit tests
+- getparameter: comment a switch FALLTHROUGH
+
+ Coverity CID 1061118. Point out that it is on purpose.
-- unit1600: unit test for Curl_ntlm_core_mk_nt_hash
+- choose_mech: fix return code
+
+ Coverity CID 1241950. The pointer is never NULL but it might point to
+ NULL.
-- unit1600: NTLM unit test
+- Curl_sec_read_msg: spell out that we ignore return code
+
+ Coverity CID 1241947. Since if sscanf() fails, the previously set value
+ remains set.
-- tests/README: add a new range, clean up some language
+- nonblock: call with (void) to show we ignore the return code
+
+ Coverity pointed out several of these.
-- [Jay Satiro brought this change]
+- parse_proxy: remove dead code.
+
+ Coverity CID 982331.
- opts: CURLOPT_CAINFO availability depends on SSL engine
+- Curl_debug: document switch fallthroughs
-- getpass: protect include with proper #ifdef
+- curl_multi_remove_handle: remove dead code
- Reported-by: Tamir
+ Coverify CID 1157776. Removed a superfluous if() that always evaluated
+ true (and an else clause that never ran), and then re-indented the
+ function accordingly.
-- getpass_r: read from stdin, not stdout!
+- Curl_pipeline_server_blacklisted: handle a NULL server name
- The file number used was wrong. This bug was introduced over 10 years
- ago, proving this function isn't used much...
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1476
- Reported-by: Tamir
+ Coverity CID 1215284. The server name is extracted with
+ Curl_copy_header_value() and passed in to this function, and
+ copy_header_value can actually can fail and return NULL.
+
+- ssh: comment "fallthrough" in switch statement
-- test1135: verify the CURL_EXTERN order in header files
+- [Jeremy Lin brought this change]
-- Makefile.am: fix 'make distcheck'
+ ssh: improve key file search
- ... by removing generated files from the *_DIST variable [*] and instead
- generate them with a .dist suffix, since that is then handled and put
- into the release archive by our generic dist-hook.
+ For private keys, use the first match from: user-specified key file
+ (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
- [*] = 'make distcheck' fails with non-existing files listed there
+ Note that the previous code only looked for id_dsa files. id_rsa is
+ now generally preferred, as it supports larger key sizes.
+
+ For public keys, use the user-specified key file, if provided.
+ Otherwise, try to extract the public key from the private key file.
+ This means that passing --pubkey is typically no longer required,
+ and makes the key-handling behavior more like OpenSSH.
+
+- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list
-Steve Holme (2 Feb 2015)
-- curl_sasl.c: More code policing
+- detect_proxy: fix possible single-byte memory leak
- Better use of 80 character line limit, comment corrections and line
- spacing preferences.
+ Coverity CID 1202836. If the proxy environment variable returned an empty
+ string, it would be leaked. While an empty string is not really a proxy, other
+ logic in this function already allows a blank string to be returned so allow
+ that here to avoid the leak.
-Daniel Stenberg (2 Feb 2015)
-- libcurl-symbols: first basic shot for autogenerated docs
+- multi_runsingle: fix memory leak
+
+ Coverity CID 1202837. There's a potential risk that 'newurl' gets
+ overwritten when it was already pointing to allocated memory.
-- FAQ: minor edit of 3.22
+- pop3_perform_authentication: fix memory leak
+
+ Coverity CID 1215287. There's a potential risk for a memory leak in
+ here, and moving the free call to be unconditional seems like a cheap
+ price to remove the risk.
-Steve Holme (2 Feb 2015)
-- build: Added removal of Visual Studio project files
+- imap_perform_authentication: fix memory leak
- Added the removal of the locally generated project files so one
- may revert to a clean repository.
+ Coverity CID 1215296. There's a potential risk for a memory leak in
+ here, and moving the free call to be unconditional seems like a cheap
+ price to remove the risk.
-- build: Renamed top level Visual Studio solution files
+- wait_or_timeout: return failure when Curl_poll() fails
- In preparation for adding the test suite and examples projects renamed
- the top level "all" solution files to better describe what they are.
+ Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
+ 'mcode' was uninitialized. Pretty harmless since this is debug code only and
+ would at worst cause an error to _not_ be returned...
+
+- curl.1: mention quoting in the URL section
- This will also enable us to use "curl" rather than "curlsrc" for the
- command line tool solution and project files, which will simplify some
- of the configuration.
+ and separate the example URLs with newlines
+
+Steve Holme (30 Sep 2014)
+- [Bill Nagel brought this change]
-- build: Enabled DEBUGBUILD in Visual Studio debug builds
+ smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
- Defined the DEBUGBUILD pre-processor variable to allow extra logging,
- which is particularly useful in debug builds, as we use this and Visual
- Studio typically uses _DEBUG.
+ This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
+ sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
+ appears to require the same pointer on a write that follows a retry
+ (CURLE_AGAIN) as discussed here:
- We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
- defined but that would also affect the makefile based builds which we
- probably don't want to do.
+ http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
-- build: Removed unused Visual Studio bscmake settings
+Daniel Stenberg (30 Sep 2014)
+- RELEASE-NOTES: synced with 53cbea22310f15
-Daniel Stenberg (2 Feb 2015)
-- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
+- file: reject paths using embedded %00
- And modify the text to refer to HTTP 2 as it isn't called "2.0".
+ Mostly because we use C strings and they end at a binary zero so we know
+ we can't open a file name using an embedded binary zero.
- Reported-By: Michael Wallner
+ Reported-by: research@g0blin.co.uk
+
+Dan Fandrich (26 Sep 2014)
+- test506: Fixed a couple of memory leaks in test
-Marc Hoersken (31 Jan 2015)
-- TODO: moved WinSSL/SChannel todo items into docs
+Daniel Stenberg (25 Sep 2014)
+- [Yousuke Kimoto brought this change]
-Daniel Stenberg (29 Jan 2015)
-- [Michael Kaufmann brought this change]
+ CURLOPT_COOKIELIST: Added "RELOAD" command
- CURLOPT_SEEKFUNCTION.3: also when server closes a connection
+- [Michael Wallner brought this change]
-Steve Holme (29 Jan 2015)
-- curl_sasl.c: Fixed compilation warning when cryptography is disabled
+ CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303
+
+- threaded-resolver: revert Curl_expire_latest() switch
+
+ The switch to using Curl_expire_latest() in commit cacdc27f52b was a
+ mistake and was against the advice even mentioned in that commit. The
+ comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
+ Curl_expire() the suitable function to use.
- curl_sasl.c:1506: warning: unused variable 'chlg'
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1426
+ Reported-By: graysky
-- curl_sasl.c: Fixed compilation warning when verbose debug output disabled
+- libcurl docs: improvements all over
+
+Steve Holme (19 Sep 2014)
+- build: Added WinIDN build configuration options
- curl_sasl.c:1317: warning: unused parameter 'conn'
+ Added initial support for WinIDN build configurations to the VC10+
+ project files.
-- ntlm_core: Use own odd parity function when crypto engine doesn't have one
+Daniel Stenberg (19 Sep 2014)
+- tutorial: signals aren't used for the threaded resolver
-- ntlm_core: Prefer sizeof(key) rather than hard coded sizes
+- FAQ: update the pronunciation section
+
+ As we weren't using the correct phonetic description and doing it correctly
+ involves funny letters that I'm sure will cause problems for people in a text
+ document so I instead rephrased it and link to a WAV file with a person
+ actually saying 'curl'.
+
+ Reported-By: Dimitar Boevski
-- ntlm_core: Added consistent comments to DES functions
+- CURLOPT_COOKIE*: added more cross-references
-- des: Added Curl_des_set_odd_parity()
+- BINDINGS: add node-libcurl
- Added Curl_des_set_odd_parity() for use when cryptography engines
- don't include this functionality.
+ Reported-By: Jonathan Cardoso Machado
+ URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
-- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests
+- README.http2: updated to reflect current status
-- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests
+- formdata: removed unnecessary USE_SSLEAY use
-- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests
+- curlssl: make tls backend symbols use curlssl in the name
-- sasl: Minor code policing and grammar corrections
+- url: let the backend decide CURLOPT_SSL_CTX_ support
+
+ ... to further remove specific TLS backend knowledge from url.c
-Daniel Stenberg (28 Jan 2015)
-- [Gisle Vanem brought this change]
+- vtls: have the backend tell if it supports CERTINFO
- ldap: build with BoringSSL
+- [Catalin Patulea brought this change]
-- security: avoid compiler warning
+ configure: allow --with-ca-path with PolarSSL too
- Possible access to uninitialised memory '&nread' at line 140 of
- lib/security.c in function 'ftp_send_command'.
+ Missed this in af45542c.
- Reported-by: Rich Burridge
+ Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
-- runtests: identify BoringSSL and libressl
+- CURLOPT_CAPATH: return failure if set without backend support
-Patrick Monnerat (27 Jan 2015)
-- docs: cite SASL external authentication.
+- [Tatsuhiro Tsujikawa brought this change]
-- sasl: remove XOAUTH2 from default enabled authentication mechanism.
+ http2: Fix busy loop when EOF is encountered
+
+ Previously we did not handle EOF from underlying transport socket and
+ wrongly just returned error code CURL_AGAIN from http2_recv, which
+ caused busy loop since socket has been closed. This patch adds the
+ code to handle EOF situation and tells the upper layer that we got
+ EOF.
-- test: add test cases for sasl external authentication (imap/pop3/smtp).
+Steve Holme (13 Sep 2014)
+- build: Added batch wrapper to checksrc.pl
-- imap: remove automatic password setting: it breaks external sasl authentication
+- RELEASE-NOTES: Synced with bd3df5ec6d
-- sasl: implement EXTERNAL authentication mechanism.
- Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
- by not setting the password.
+- [Marcel Raad brought this change]
-Steve Holme (27 Jan 2015)
-- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
+ sasl_sspi: Fixed Unicode build
- Modified the Curl_ossl_cert_status_request() function to return FALSE
- when built with BoringSSL or when OpenSSL is missing the necessary TLS
- extensions.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1422
+ Verified-by: Steve Holme
-- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
+Daniel Stenberg (12 Sep 2014)
+- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
- Fixed the build of openssl.c when OpenSSL is built without the necessary
- TLS extensions for OCSP stapling.
+ The former link was turned into a 404 at some point.
- Reported-by: John E. Malmberg
+ Reported-By: Askar Safin
-- [Brad Spencer brought this change]
-
- curl_setup: Disable SMB/CIFS support when HTTP only
-
-- RELEASE-NOTES: Synced with 37824498a3
-
-Daniel Stenberg (22 Jan 2015)
-- configure: remove detection of the old yassl emulation API
+- contributors.sh: split list of names at comma
- ... as that is ancient history and not used.
-
-- OCSP stapling: disabled when build with BoringSSL
+ ... to support a list of names provided in a commit message.
-- [Alessandro Ghedini brought this change]
+Steve Holme (12 Sep 2014)
+- [Ulrich Telle brought this change]
- openssl: add support for the Certificate Status Request TLS extension
+ ntlm: Fixed HTTP proxy authentication when using Windows SSPI
- Also known as "status_request" or OCSP stapling, defined in RFC6066
- section 8.
+ Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
+ bug in NTLM handshake for HTTP proxy authentication.
- Thanks-to: Joe Mason
- - for the work-around for the OpenSSL bug.
-
-- BoringSSL: fix build for non-configure builds
+ NTLM handshake for HTTP proxy authentication failed with error
+ SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
+ servers on generating the NTLM Type-3 message.
+
+ The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
+ to the observations and suggestions made in a bug report for the
+ QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
+
+ Removing all the flags solved the problem.
- HAVE_BORINGSSL gets defined now by configure and should be defined by
- other build systems in case a BoringSSL build is desired.
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
+ Reported-by: Ulrich Telle
+ Assisted-by: Steve Holme, Daniel Stenberg
-- configure: fix BoringSSL detection and detect libresssl
+Daniel Stenberg (12 Sep 2014)
+- [Ray Satiro brought this change]
-Steve Holme (22 Jan 2015)
-- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
+ newlines: fix mixed newlines to LF-only
- Commit 7a8b2885e2 made some functions static and removed the public
- Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
- is the naming convention we use in this source file.
+ I use the curl repo mainly on Windows with the typical Windows git
+ checkout which converts the LF line endings in the curl repo to CRLF
+ automatically on checkout. The automatic conversion is not done on files
+ in the repo with mixed line endings. I recently noticed some weird
+ output with projects/build-openssl.bat that I traced back to mixed line
+ endings, so I scanned the repo and there are files (excluding the
+ test data) that have mixed line endings.
+
+ I used this command below to do the scan. Unfortunately it's not as easy
+ as git grep, at least not on Windows. This gets the names of all the
+ files in the repo's HEAD, gets each of those files raw from HEAD, checks
+ for mixed line endings of both LF and CRLF, and prints the name if
+ mixed. I excluded path tests/data/test* because those can have mixed
+ line endings if I understand correctly.
+
+ for f in `git ls-tree --name-only --full-tree -r HEAD`;
+ do if [ -n "${f##tests/data/test*}" ];
+ then git show "HEAD:$f" | \
+ perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
+ if [ $? -ne 0 ];
+ then echo "$f";
+ fi;
+ fi;
+ done
-- curl_sasl: Minor code policing following recent commits
+- [Viktor Szakáts brought this change]
-Daniel Stenberg (22 Jan 2015)
-- [John Malmberg brought this change]
+ mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces
- openvms: Handle openssl/0.8.9zb version parsing
+- ROADMAP: markdown eats underscores
- packages/vms/gnv_link_curl.com was assuming only a single letter suffix
- in the openssl version. That assumption has been fixed for 7.40.
+ It interprets them as italic indictors unless we backtick the word.
-- BoringSSL: detected by configure, switches off NTLM
+- ROADMAP: tiny formatting edit for nicer web output
-- BoringSSL: no PKCS12 support nor ERR_remove_state
+Steve Holme (10 Sep 2014)
+- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions
-- [Leith Bade brought this change]
+- INTERNALS: Added email and updated Kerberos details
- BoringSSL: fix build
+- FEATURES: Updated Kerberos details
+
+ Added support for Kerberos 5 to the email protocols following the recent
+ additions in 7.38.0.
+
+ Removed Kerberos 4 as this has been gone for a while now.
-Steve Holme (20 Jan 2015)
-- curl_sasl.c: chlglen is not used when cryptography is disabled
+Daniel Stenberg (10 Sep 2014)
+- [Paul Howarth brought this change]
-- curl_sasl.c: Fixed compilation warning when cyptography is disabled
+ openssl: build fix for versions < 0.9.8e
- curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
- variable
+ Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
-- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
+- mk-ca-bundle.pl: first, try downloading HTTPS with curl
+
+ As a sort of step forward, this script will now first try to get the
+ data from the HTTPS URL using curl, and only if that fails it will
+ switch back to the HTTP transfer using perl's native LWP functionality.
+ To reduce the risk of this script being tricked.
- curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
+ Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so
+ we can't really ever completely disable HTTP, but chances are that most
+ users already have a ca cert bundle that trusts the mozilla.org site
+ that this script downloads from.
- This error could also happen for non-SSPI builds when cryptography is
- disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
+ A future version of this script will probably switch to require a
+ dedicated "insecure" command line option to allow downloading over HTTP
+ (or unverified HTTPS).
-Patrick Monnerat (20 Jan 2015)
-- SASL: make some procedures local-scoped
+- LICENSE-MIXING: removed krb4 info
+
+ krb4 has been dropped since a while now
-- SASL: common state engine for imap/pop3/smtp
+- bump: on the 7.38.1-DEV train now!
-- SASL: common URL option and auth capabilities decoders for all protocols
+- SSLCERTS: minor updates
+
+ Edited format to look better on the web, added a "it is about trust"
+ section.
-- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
+Version 7.38.0 (10 Sep 2014)
-Daniel Stenberg (20 Jan 2015)
-- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
+Daniel Stenberg (10 Sep 2014)
+- dist: two cmake files are no more
- Reported-by: Chris Young
+ CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b
-- [Chris Young brought this change]
+- RELEASE-NOTES: final update for 7.38.0
- timeval: typecast for better type (on Amiga)
+- cookies: reject incoming cookies set for TLDs
- There is an issue with conflicting "struct timeval" definitions with
- certain AmigaOS releases and C libraries, depending on what gets
- included when. It's a minor difference - the OS one is unsigned,
- whereas the common structure has signed elements. If the OS one ends up
- getting defined, this causes a timing calculation error in curl.
-
- It's easy enough to resolve this at the curl end, by casting the
- potentially errorneous calculation to a signed long.
-
-- openssl: do public key pinning check independently
+ Test 61 was modified to verify this.
- ... of the other cert verification checks so that you can set verifyhost
- and verifypeer to FALSE and still check the public key.
+ CVE-2014-3620
- Bug: http://curl.haxx.se/bug/view.cgi?id=1471
- Reported-by: Kyle J. McKay
+ Reported-by: Tim Ruehsen
+ URL: http://curl.haxx.se/docs/adv_20140910B.html
-Patrick Monnerat (19 Jan 2015)
-- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
+- [Tim Ruehsen brought this change]
-Steve Holme (18 Jan 2015)
-- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
+ cookies: only use full host matches for hosts used as IP address
- For consistency with other USE_WIN32_ defines as well as the
- USE_OPENLDAP define.
-
-- http_negotiate: Use dynamic buffer for SPN generation
+ By not detecting and rejecting domain names for partial literal IP
+ addresses properly when parsing received HTTP cookies, libcurl can be
+ fooled to both send cookies to wrong sites and to allow arbitrary sites
+ to set cookies for others.
- Use a dynamicly allocated buffer for the temporary SPN variable similar
- to how the SASL GSS-API code does, rather than using a fixed buffer of
- 2048 characters.
-
-- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
-
-- sasl_gssapi: Fixed memory leak with local SPN variable
+ CVE-2014-3613
+
+ Bug: http://curl.haxx.se/docs/adv_20140910A.html
-Daniel Stenberg (17 Jan 2015)
-- http_negotiate.c: unused variable 'ret'
+- HISTORY: fix the 1998 title position
-Steve Holme (17 Jan 2015)
-- gskit.h: Code policing of function pointer arguments
+- HISTORY: extended and now markdown
-- vtls: Removed unimplemented overrides of curlssl_close_all()
+- SSLCERTS: converted to markdown
- Carrying on from commit 037cd0d991, removed the following unimplemented
- instances of curlssl_close_all():
+ Only minor edits to make it generate nice HTML output using markdown, as
+ this document serves both in source release tarballs as on the web site.
- Curl_axtls_close_all()
- Curl_darwinssl_close_all()
- Curl_cyassl_close_all()
- Curl_gskit_close_all()
- Curl_gtls_close_all()
- Curl_nss_close_all()
- Curl_polarssl_close_all()
+ URL: http://curl.haxx.se/docs/sslcerts.html
-- vtls: Separate the SSL backend definition from the API setup
+- ftp-wildcard.c: spell fix
- Slight code cleanup as the SSL backend #define is mixed up with the API
- function setup.
+ Reported-By: Frank Gevaerts
-- vtls: Fixed compilation errors when SSL not used
-
- Fixed the following warning and error from commit 3af90a6e19 when SSL
- is not being used:
-
- url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
- assuming extern returning int
-
- error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
- referenced in function Curl_setopt
+- RELEASE-NOTES: synced with 921a0c22a6f
-- http_negotiate: Added empty decoded challenge message info text
+- THANKS: synced with RELEASE-NOTES for 921a0c22a6f
-- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
+- polarassl: avoid memset() when clearing the first byte is enough
-- http_negotiate_sspi: Prefer use of 'attrs' for context attributes
-
- Use the same variable name as other areas of SSPI code.
+- [Catalin Patulea brought this change]
-- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
+ polarssl: support CURLOPT_CAPATH / --capath
- Use the SECURITY_STATUS typedef rather than a unsigned long for the
- QuerySecurityPackageInfo() return and rename the variable as per other
- areas of SSPI code.
+ Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
-- http_negotiate_sspi: Use 'CURLcode result' for CURL result code
+- SECURITY: eh, make more sense!
-- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
-
- Missed Curl_read64_be() in commit bb12d44471 :(
+- SECURITY: how to join the curl-security list
-Daniel Stenberg (16 Jan 2015)
-- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0
+- RELEASE-NOTES: fix the required nghttp2 version typo
-- curlver.h: next release is 7.41.0 due to the changes
+- [Brandon Casey brought this change]
-- RELEASE-NOTES: mention the new OCSP stapling options, bump version
+ Ensure progress.size_dl/progress.size_ul are always >= 0
+
+ Historically the default "unknown" value for progress.size_dl and
+ progress.size_ul has been zero, since these values are initialized
+ implicitly by the calloc that allocates the curl handle that these
+ variables are a part of. Users of curl that install progress
+ callbacks may expect these values to always be >= 0.
+
+ Currently it is possible for progress.size_dl and progress.size_ul
+ to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
+ Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
+ places currently do, and a following patch will add more). So
+ lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
+ so they make sure that these variables always contain a value that
+ is >= 0.
+
+ Updates test579 and test599.
+
+ Signed-off-by: Brandon Casey <drafnel@gmail.com>
-- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile
+Steve Holme (7 Sep 2014)
+- tests: Added test1420 to the makefile
-- help: add --cert-status to --help output
+- test1420: Removed unnecessary CURLOPT setting
-- copyright years: after OCSP stapling changes
+- tests: Added more "Clear Text" authentication keywords
-- [Alessandro Ghedini brought this change]
+- tests: Updated "based on" text due to email test renumbering
- curl: add --cert-status option
-
- This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
+- tests: For consistency added --libcurl to test name
-- [Alessandro Ghedini brought this change]
+- tests: Added --libcurl for IMAP test case
- nss: add support for the Certificate Status Request TLS extension
+- multi.c: Avoid invalid memory read after free() from commit 3c8c873252
- Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
-
- This requires NSS 3.15 or higher.
-
-- [Alessandro Ghedini brought this change]
+ As the current element in the list is free()d by Curl_llist_remove(),
+ when the associated connection is pending, reworked the loop to avoid
+ accessing the next element through e->next afterward.
- gtls: add support for the Certificate Status Request TLS extension
-
- Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
+- multi.c: Fixed compilation warning from commit 3c8c873252
- This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
- at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
- response verfication to fail even on valid responses.
+ warning: implicit conversion from enumeration type 'CURLMcode' to
+ different enumeration type 'CURLcode'
-- [Alessandro Ghedini brought this change]
-
- url: add CURLOPT_SSL_VERIFYSTATUS option
+- url.c: Use CURLAUTH_NONE constant rather than 0
- This option can be used to enable/disable certificate status verification using
- the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
-
- This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
- certificate status verification fails, and the Curl_ssl_cert_status_request()
- function, used to check whether the SSL backend supports the status_request
- extension.
-
-- TheArtOfHttpScripting: skip the date at the top, we have git
+ Small follow up to commit 898808fa8c to use auth constants rather than
+ hard code value when clearing picked authentication mechanism.
-- TheArtOfHttpScripting: phrase it TLS lib agnostic
+- RELEASE-NOTES: Synced with fd1ce3856a
-Steve Holme (16 Jan 2015)
-- TODO: Added some SMB ideas
+Nick Zitzmann (4 Sep 2014)
+- [Vilmos Nebehaj brought this change]
-- RELEASE-NOTES: Synced with 5f09947d28
+ darwinssl: Use CopyCertSubject() to check CA cert.
+
+ SecCertificateCopyPublicKey() is not available on iPhone. Use
+ CopyCertSubject() instead to see if the certificate returned by
+ SecCertificateCreateWithData() is valid.
+
+ Reported-by: Toby Peterson
-- build-openssl.bat: Added check for Perl installation
+Steve Holme (4 Sep 2014)
+- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI
-- checksrc.bat: Better detection of Perl installation
+Daniel Stenberg (4 Sep 2014)
+- MAIL-ETIQUETTE: "1.8 I posted, now what?"
-- curl_endian: Fixed build when 64-bit integers are not supported
+- CURLOPT_CA*: better refering between *CAINFO and *CAPATH
- Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
- Reported-by: John E. Malmberg
+ ... and a minor wording edit
-Daniel Stenberg (15 Jan 2015)
-- [Yun SangHo brought this change]
-
- curl.h: remove extra space
+- THANKS: added Dennis Clarke
+
+ Dennis Clarke from Blastwave.org for ensuring that nightly builds run
+ smooth on Solaris!
-- Curl_pretransfer: reset expected transfer sizes
+- curl_multi_cleanup: remove superfluous NULL assigns
- Reported-by: Mohammad AlSaleh
- Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
+ ... as the struct is free()d in the end anyway. It was first pointed out
+ to me that one of the ->msglist assignments were supposed to have been
+ ->pending but was a copy and paste mistake when I realized none of the
+ clearing of pointers had to be there.
-Marc Hoersken (12 Jan 2015)
-- curl_schannel.c: mark session as removed from cache if not freed
+- multi: convert CURLM_STATE_CONNECT_PEND handling to a list
- If the session is still used by active SSL/TLS connections, it
- cannot be closed yet. Thus we mark the session as not being cached
- any longer so that the reference counting mechanism in
- Curl_schannel_shutdown is used to close and free the session.
+ ... instead of scanning through all handles, stash only the actual
+ handles that are in that state in the new ->pending list and scan that
+ list only. It should be mostly empty or very short. And only used for
+ pipelining.
- Reported-by: Jean-Francois Durand
+ This avoids a rather hefty slow-down especially notable if you add many
+ handles to the same multi handle. Regression introduced in commit
+ 0f147887 (version 7.30.0).
+
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html
+ Reported-by: David Meyer
-Steve Holme (9 Jan 2015)
-- RELEASE-NOTES: Synced with d21b66835f
+- RELEASE-NOTES: synced with e608324f9f9
-Guenter Knauf (9 Jan 2015)
-- Merge pull request #134 from vszakats/mingw-m64
-
- add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
+- [Andre Heinecke brought this change]
-- Merge pull request #136 from vszakats/mingw-allow-custom-cflags
+ polarssl: implement CURLOPT_SSLVERSION
- mingw build: allow to pass custom CFLAGS
-
-Daniel Stenberg (9 Jan 2015)
-- NSS: fix compiler error when built http2-enabled
+ Forwards the setting as minimum ssl version (if set) to polarssl. If
+ the server does not support the requested version the SSL Handshake will
+ fail.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1419
-Steve Holme (9 Jan 2015)
-- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
+nickzman (1 Sep 2014)
+- Merge pull request #115 from ldx/darwinsslfixpr
- Better code reuse and consistency in calls to gss_import_name().
+ darwinssl: now accepts cacert bundles in PEM format in addition to single certs
-Viktor Szakats (9 Jan 2015)
-- mingw build: allow to pass custom CFLAGS
+Vilmos Nebehaj (1 Sep 2014)
+- Check CA certificate in curl_darwinssl.c.
+
+ SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
+ if the buffer holds an invalid or corrupt certificate. Call
+ SecCertificateCopyPublicKey() to make sure cacert is a valid
+ certificate.
-Daniel Stenberg (8 Jan 2015)
-- FTP: if EPSV fails on IPV6 connections, bail out
+Daniel Stenberg (31 Aug 2014)
+- low-speed-limit: avoid timeout flood
- ... instead of trying PASV, since PASV can't work with IPv6.
+ Introducing Curl_expire_latest(). To be used when we the code flow only
+ wants to get called at a later time that is "no later than X" so that
+ something can be checked (and another timeout be added).
- Reported-by: Vojtěch Král
-
-- FTP: fix IPv6 host using link-local address
+ The low-speed logic for example could easily be made to set very many
+ expire timeouts if it would be called faster or sooner than what it had
+ set its own timer and this goes for a few other timers too that aren't
+ explictiy checked for timer expiration in the code.
- ... and make sure we can connect the data connection to a host name that
- is longer than 48 bytes.
+ If there's no condition the code that says if(time-passed >= TIME), then
+ Curl_expire_latest() is preferred to Curl_expire().
- Also simplifies the code somewhat by re-using the original host name
- more, as it is likely still in the DNS cache.
+ If there exists such a condition, it is on the other hand important that
+ Curl_expire() is used and not the other.
- Original-Patch-by: Vojtěch Král
- Bug: http://curl.haxx.se/bug/view.cgi?id=1468
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html
+ Reported-by: Florian Weimer
-Steve Holme (8 Jan 2015)
-- [Sam Schanken brought this change]
+- [Michael Wallner brought this change]
- winbuild: Added option to build with c-ares
+ resolve: cache lookup for async resolvers
- Added support for a WITH_CARES option to be used when invoking nmake
- via Makefile.vc. This option enables linking against both the DLL and
- static versions of the c-ares libraries, as well as the debug and
- release varients, depending on the value of DEBUG. The USE_ARES
- preprocessor symbol is also defined.
-
-Guenter Knauf (8 Jan 2015)
-- NetWare build: added TLS-SRP enabled build.
+ While waiting for a host resolve, check if the host cache may have
+ gotten the name already (by someone else), for when the same name is
+ resolved by several simultanoues requests.
+
+ The resolver thread occasionally gets stuck in getaddrinfo() when the
+ DNS or anything else is crappy or slow, so when a host is found in the
+ DNS cache, leave the thread alone and let itself cleanup the mess.
-Steve Holme (8 Jan 2015)
-- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
+Vilmos Nebehaj (30 Aug 2014)
+- Fix CA certificate bundle handling in darwinssl.
- Bug: http://curl.haxx.se/bug/view.cgi?id=1469
- Reported-by: Thomas Klausner
+ If the --cacert option is used with a CA certificate bundle that
+ contains multiple CA certificates, iterate through it, adding each
+ certificate as a trusted root CA.
-Viktor Szakats (8 Jan 2015)
-- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS
+Daniel Stenberg (29 Aug 2014)
+- [Askar Safin brought this change]
-Daniel Stenberg (8 Jan 2015)
-- bump: start working towards 7.40.1
+ getinfo-times: Typo fixed
-- THANKS: 14 new contributors from the 7.40.0 release notes
+- [Askar Safin brought this change]
-Version 7.40.0 (7 Jan 2015)
+ libcurl.3: Typo fixed
-Daniel Stenberg (7 Jan 2015)
-- RELEASE-NOTES: version 7.40.0
+- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen
-- darwinssl: fix session ID keys to only reuse identical sessions
+- curl.1: add an example for -H
+
+- FAQ: mention -w in the 4.20 answer as well
+
+- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses
+
+- CURLOPT_NOBODY.3: clarify this option is for downloads
- ...to avoid a session ID getting cached without certificate checking and
- then after a subsequent _enabling_ of the check libcurl could still
- re-use the session done without cert checks.
+ When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
+ mode and will do a download (without a body). This is now better
+ explained in this man page.
- Bug: http://curl.haxx.se/docs/adv_20150108A.html
- Reported-by: Marc Hesse
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
+ Reported-by: John Coffey
-- tests: make sure CRLFs can't be used in URLs passed to proxy
-
- Bug: http://curl.haxx.se/docs/adv_20150108B.html
+- INTERNALS: nghttp2 must be 0.6.0 or later
-- url-parsing: reject CRLFs within URLs
-
- Bug: http://curl.haxx.se/docs/adv_20150108B.html
- Reported-by: Andrey Labunets
+- [Tatsuhiro Tsujikawa brought this change]
-Steve Holme (7 Jan 2015)
-- ldap: Convert attribute output to UTF-8 when Unicode
+ Compile with latest nghttp2
-- ldap: Convert DN output to UTF-8 when Unicode
+Dan Fandrich (26 Aug 2014)
+- THANKS: removed a few more duplicates
-Daniel Stenberg (7 Jan 2015)
-- hostip: remove 'stale' argument from Curl_fetch_addr proto
+Daniel Stenberg (26 Aug 2014)
+- RELEASE-NOTES: synced with 007242257683a
- Also, remove the log output of the resolved name is NOT in the cache in
- the spirit of only telling when something is actually happening.
+ ... and bumped the contributor amount after recount
-Steve Holme (7 Jan 2015)
-- ldap/imap: Fixed spelling mistake in comments and variable names
+- THANKS: added 52 missing contributors
- Reported-by: Michael Osipov
+ I re-ran contributors.sh on all changes since 7.10 and I found these
+ contributors who are mentioned in the commits but never were added to
+ THANKS before!
+
+ I also removed a couple of duplicates (mostly due to different
+ spellings).
-Daniel Stenberg (7 Jan 2015)
-- RELEASE-NOTES: updated with ./contributors.sh output
+- contributors: grep and sort case insensitively
-Dan Fandrich (5 Jan 2015)
-- curl_multibyte.h: Eliminated some trailing whitespace
+- [Michael Osipov brought this change]
-Steve Holme (4 Jan 2015)
-- RELEASE-NOTES: Synced with ea93252ef1
+ configure.ac: Add support for recent GSS-API implementations for HP-UX
+
+ By default, configure script assumes that libcurl will use the
+ HP-supplied GSS-API implementation which does not have krb5-config.
+ If a dev needs a more recent version which has that config script,
+ the change will allow to pass an appropriate GSSAPI_ROOT.
-- ldap: Fixed Unicode usage for all Win32 builds
+- CONNECT: close proxy connections that fail to CONNECT
- Otherwise, the fixes in the previous commits would only be applicable
- to IDN and SSPI based builds and not others such as OpenSSL with LDAP
- enabled.
+ This is usually due to failed auth. There's no point in us keeping such
+ a connection alive since it shouldn't be re-used anyway.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1381
+ Reported-by: Marcel Raad
-- ldap: Fixed memory leak from commit efb64fdf80
+- RELEASE-NOTES: added two missing HTTP/2 bug fixes
+
+ And renamed all http2 references to HTTP/2 in this file
-- ldap: Fix memory leak from commit 3a805c5cc1
+- RELEASE-NOTES: synced with f646e9075f47
-- ldap: Fixed attribute variable warnings when Unicode is enabled
-
- Use 'TCHAR *' for local attribute variable rather than 'char *'.
+- [Jakub Zakrzewski brought this change]
-- ldap: Fixed DN variable warnings when Unicode is enabled
+ Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows
- Use 'TCHAR *' for local DN variable rather than 'char *'.
+ At this point I can build libcurl on windows. It provides at least the same
+ list of protocols as for linux build and works with our software.
-- ldap: Remove the unescape_elements() function
-
- Due to the recent modifications this function is no longer used.
+- [Jakub Zakrzewski brought this change]
-- ldap.c: Fixed compilation warning
+ Cmake: Removed repeated content from ending blocks
- ldap.c:98: warning: extra tokens at end of #endif directive
+ They are unnecesary in modern CMake and removing them improves readability.
-- ldap: Fixed support for Unicode filter in Win32 search call
+- [Jakub Zakrzewski brought this change]
-- ldap.c: Fixed compilation warning
+ Cmake: Removed some useless empty SET statements.
- ldap.c:802: warning: comparison between signed and unsigned integer
- expressions
+ Undefined variables resolve to empty strings and we do not ever test if
+ the variable is defined thus those SETs are superfluous.
-- ldap: Fixed support for Unicode attributes in Win32 search call
+- [Jakub Zakrzewski brought this change]
-- ldap: Fixed memory leak from commit efb64fdf80
+ Cmake: Removed useless comments from CMakeLists.txt
- The unescapped DN was not freed after a successful character conversion.
+ They look like some relics after changes.
-- ldap.c: Fixed compilation error
-
- ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
- just 1
+- [Jakub Zakrzewski brought this change]
-- ldap.c: Fixed compilation warning
+ Cmake: Don't check for all headers each time
+
+ One header at a time is the right way. Apart from that the output on
+ windows goes from:
+ ...
+ -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
+ -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
+ - found
+ -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock2.h
+ -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock2.h - found
+ -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
+ o.h
+ -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
+ o.h - found
+ -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
+ ows.h
+ -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
+ ows.h - found
+ -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock.h
+ -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
+ ock.h - found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ filio.h
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ filio.h - not found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ ioctl.h
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ ioctl.h - not found
+ -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
+ resource.h
+ ...
+
+ To much nicer:
+ ...
+ -- Looking for ws2tcpip.h
+ -- Looking for ws2tcpip.h - found
+ -- Looking for winsock2.h
+ -- Looking for winsock2.h - found
+ -- Looking for stdio.h
+ -- Looking for stdio.h - found
+ -- Looking for windows.h
+ -- Looking for windows.h - found
+ -- Looking for winsock.h
+ -- Looking for winsock.h - found
+ -- Looking for sys/filio.h
+ -- Looking for sys/filio.h - not found
+ -- Looking for sys/ioctl.h
+ -- Looking for sys/ioctl.h - not found
+ -- Looking for sys/resource.h
+
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Append OpenSSL include directory to search path
- ldap.c:89: warning: extra tokens at end of #endif directive
+ At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2.
+ Supported protocols are at least:
+ HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP
+ (those are the ones we have regression tests for
+ in our product's testsuite)
-- ldap: Fixed support for Unicode DN in Win32 search call
+- [Jakub Zakrzewski brought this change]
-- ldap: Fixed Unicode user and password in Win32 bind calls
+ Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code.
-- ldap: Fixed Unicode host name in Win32 initialisation calls
+- [Jakub Zakrzewski brought this change]
-- ldap: Use host.dispname for infof() connection failure messages
+ Cmake: LibSSH2 detection and use.
+
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Moved macros out of the main CMakeLists.txt
+
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Added missing protocol-disable switches
- As host.name may be encoded use dispname for infof() failure messages.
+ They already have their defines in config.h. This makes it possible to
+ disable the protocols from command line during configure step.
-- ldap: Prefer 'CURLcode result' for curl result codes
+- [Jakub Zakrzewski brought this change]
-- ldap: Pass write length in all Curl_client_write() calls
+ Cmake: Made boolean defines be defined to "1" instead of "ON"
- As we get the length for the DN and attribute variables, and we know
- the length for the line terminator, pass the length values rather than
- zero as this will save Curl_client_write() from having to perform an
- additional strlen() call.
+ It's by convention, for compatibility and because the comments say so.
+ Just mabe someone have written a test like "#if HAVE_XX==1"
-- ldap: Fixed attribute memory leaks on failed client write
+- [Jakub Zakrzewski brought this change]
+
+ Cmake: Require at least CMake 2.8.
- Fixed memory leaks from commit 086ad79970 as was noted in the commit
- comments.
+ CMake 2.6 is already a bit old. Many bugs have been fixed since
+ its release. We use 2.8 in our company and we have no intention
+ of polluting our environment with old software, so 2.6 would
+ not be tested. This shouldn't be a problem since all one need
+ to build CMake from source is C and C++ compiler.
-- ldap: Fixed DN memory leaks on failed client write
+- disconnect: don't touch easy-related state on disconnects
- Fixed memory leaks from commit 086ad79970 as was noted in the commit
- comments.
+ This was done to make sure NTLM state that is bound to a connection
+ doesn't survive and gets used for the subsequent request - but
+ disconnects can also be done to for example make room in the connection
+ cache and thus that connection is not strictly related to the easy
+ handle's current operation.
+
+ The http authentication state is still kept in the easy handle since all
+ http auth _except_ NTLM is connection independent and thus survive over
+ multiple connections.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
+ Reported-by: Paras S
-- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
+- curl.1: clarify --limit-rate's effect on both directions
- curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
- [8]') to parameter of type 'char *' converts
- between pointers to integer types with different
- sign
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1414
+ Reported-by: teo8976
-- ntlm: Use extend_key_56_to_64() for all cryptography engines
+- curl.1: mention the --post30x options within the --location desc
+
+Dan Fandrich (22 Aug 2014)
+- sasl: Fixed a memory leak on OOM
+
+Daniel Stenberg (22 Aug 2014)
+- [Frank Meier brought this change]
+
+ NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
- Rather than duplicate the code in setup_des_key() for OpenSSL and in
- extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
- the same, use extend_key_56_to_64() for all engines.
+ Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
+ since NTLM requires multiple requests that re-use the same connection
+ for the authentication to work
+
+ Solution: Ignore the forbid reuse flag in case the NTLM authentication
+ handshake is in progress, according to the NTLM state flag.
+
+ Fixed known bug #77.
+
+Steve Holme (22 Aug 2014)
+- openssl.c: Fixed longer than 79 columns
-- RELEASE-NOTES: Synced with 34f0bd110f
+- openssl.c: Fixed compilation warning
+
+ warning: declaration of 'minor' shadows a global declaration
-- curl_ntlm_core.c: Fixed compilation warning
+Daniel Stenberg (21 Aug 2014)
+- [Haris Okanovic brought this change]
+
+ win32: Fixed WinSock 2 #if
- curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
- but not used
+ A conditionally compiled block in connect.c references WinSock 2
+ symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
+ HAVE_WINSOCK2_H`.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html
-- endian: Fixed bit-shift in 64-bit integer read functions
+- Curl_disconnect: don't free the URL
- From commit 43792592ca and 4bb5a351b2.
+ The URL is not a property of the connection so it should not be freed in
+ the connection disconnect but in the Curl_close() that frees the easy
+ handle.
- Reported-by: Michael Osipov
+ Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
+ Reported-by: Paras S
-- smb: Use endian functions for reading NBT and message size values
+- help output: minor whitespace edits
+
+ Should've been amended in the previous commit but wasn't due to a
+ mistake.
-- endian: Added big endian read functions
+- [Zearin brought this change]
-- endian: Added 64-bit integer read function
+ help output: use ≥2 spaces between option and description
+
+ ... and some other cleanups
-- COPYING: Bumped copyright year to 2015
+- FAQ: some actually sometimes get paid...
-- version: Bump copyright year to 2015
+Steve Holme (17 Aug 2014)
+- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge
-- smb.c: Fixed compilation warnings
+- sasl_sspi: Renamed GSSAPI mutual authentication parameter
- smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
- char *' converts between pointers to integer types with
- different sign
- smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
- char *' converts between pointers to integer types with
- different sign
- smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
- char *' converts between pointers to integer types with
- different sign
+ ...From "mutual" to "mutual_auth" which better describes what it is.
-- smb: Use endian functions for reading length and offset values
+- sasl_sspi: Corrected some of the GSSAPI security message error codes
+
+ Corrected a number of the error codes that can be returned from the
+ Curl_sasl_create_gssapi_security_message() function when things go
+ wrong.
+
+ It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
+ inbound security challenge can't be decoded correctly or doesn't
+ contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
+ EncryptMessage() fails. Unfortunately the previous error code of
+ CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
+ have been correct in commit 4b491c675f :(
-- endian: Added 16-bit integer write function
+- docs: Escaped single backslash
-- endian: Fixed Linux compilation issues
+- TODO: Updated following GSSAPI (Kerberos V5) additions
- Having files named endian.[c|h] seemed to cause issues under Linux so
- renamed them both to have the curl_ prefix in the filenames.
+ Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
+ authentication mechanisms" following recent additions.
+
+ Added SASL 14.2 GSSAPI via GSS-API libraries.
-- [Julien Nabet brought this change]
+- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
+
+ This repeats what has already been documented in both the curl manpage
+ and CURLOPT_USERPWD documentation but is provided here for completeness
+ as someone may not especially read the latter when using libcurl.
- lib1900.c: Fixed cppcheck error
+- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
- lib1900.c:182: (style) Array index 'handlenum' is used before limits
- check
+ Added information about Kerberos V5 requiring the domain part in the
+ user name.
- Bug: https://github.com/bagder/curl/pull/133
+ Mentioned that the user name can be specified in UPN format, and not
+ just in Down-Level Logon Name format, following the information
+ added in commit 7679cb3fa8 reworking the exisitng information in the
+ process.
-- endian: Added standard function descriptions
+- docs: Added Kerberos V5 and NTLM domain information to --user
-- endian: Renamed functions for curl API naming convention
+- docs: Added Kerberos V5 to the --user SSPI current credentials usage
-- endian: Moved write functions to new module
+- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer
-- endian: Moved read functions to new module
+- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-- endian: Introduced endian module
-
- To allow the little endian functions, currently used in two of the NTLM
- source files, to be used by other modules such as the SMB module.
+- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-- sepheaders.c: Applied curl oding standards
+- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
-- [Julien Nabet brought this change]
+- email: Added mutual authentication flag
- sepheaders.c: Fixed resource leak on failure
+Daniel Stenberg (15 Aug 2014)
+- RELEASE-NOTES: synced with 0187c9e11d079
-- vtls: Use '(void) arg' for unused parameters
+- http: fix the Content-Range: parser
- Prefer void for unused parameters, rather than assigning an argument to
- itself as a) unintelligent compilers won't optimize it out, b) it can't
- be used for const parameters, c) it will cause compilation warnings for
- clang with -Wself-assign and d) is inconsistent with other areas of the
- curl source code.
-
-- smb.c: Fixed compilation warning
+ ... to handle "*/[total]". Also, removed the strange hack that made
+ CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
+ CURLE_OK.
- smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
- alter its value
+ Reported-by: Dimitrios Siganos
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
-- [Bill Nagel brought this change]
+Steve Holme (14 Aug 2014)
+- email: Introduced the GSSAPI states
- smb: Use the connection's upload buffer
+- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
- Use the connection's upload buffer instead of allocating our own send
- buffer.
+ warning: unused variable 'resp'
+
+ warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
-- RELEASE-NOTES: Synced with 1933f9d33c
+- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
+
+ * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
+
+ warning: declaration of 'result' shadows a previous local
-- schannel: Moved the ISC return flag definitions to the SSPI module
+- curl_sasl.h: Fixed compilation error from commit 4b491c675f
- Moved our Initialize Security Context return attribute definitions to
- the SSPI module, as a) these can be used by other SSPI based providers
- and b) the ISC required attributes are defined there.
+ warning: 'struct kerberos5data' declared inside parameter list
+
+ Due to missing forward declaration.
-- [Bill Nagel brought this change]
+- urldata.h: Fixed compilation warnings from commit 3ec253532e
+
+ warning: extra tokens at end of #endif directive
- smb: Close the connection after a failed client write
+- sasl_sspi: Added GSSAPI message functions
-- darwinssl: Fixed compilation warning
+- urldata: Introduced a GSSAPI (Kerberos V5) data structure
- vtls.c:683:43: warning: unused parameter 'data'
+ Added a kerberos5data structure which is similar in nature to the
+ ntlmdata and negotiatedata structures.
-- sockfilt.c: Fixed compilation warnings
+- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module
- sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
- its value
- sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
- its value
- sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
- its value
- sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
- its value
+ In preparation for the upcoming SSPI implementation of GSSAPI
+ authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
+ socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
+ SSPI based code.
-- test1509: Fixed compilation warning
+Daniel Stenberg (13 Aug 2014)
+- mk-ca-bundle.pl: add missing $
+
+- mk-ca-bundle.pl: switched to using hg.mozilla.org
- lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
- alter its value
+ ... as mxr.mozilla.org is due to be retired.
+
+ The new host doesn't support If-Modified-Since nor ETags, meaning that
+ the script will now defer to download and do a post-transfer checksum
+ check to see if a new output is to be generated. The new output format
+ will hold the SHA1 checksum of the source file for that purpose.
+
+ We call this version 1.22
+
+ Reported-by: Ed Morley
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1409
-- test556: Fixed compilation warning
+- [Jose Alf brought this change]
+
+ openssl: fix version report for the 0.9.8 branch
- lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
- alter its value
+ Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
+ starting from openssl-0.9.8za.
-- sasl_gssapi: Fixed use of dummy username with real username
+- [Frank Meier brought this change]
-- vtls: Fixed compilation warning and an ignored return code
+ create_conn: prune dead connections
- curl_schannel.h:123: warning: right-hand operand of comma expression
- has no effect
+ Bringing back the old functionality that was mistakenly removed when the
+ connection cache was remade. When creating a new connection, all the
+ existing ones are checked and those that are known to be dead get
+ disconnected for real and removed from the connection cache. It helps
+ the cache from holding on to very many stale connections and aids in
+ keeping down the number of system sockets in wait states.
- Some instances of the curlssl_close_all() function were declared with a
- void return type whilst others as int. The schannel version returned
- CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
- return code was ignored by the calling function Curl_ssl_close_all().
+ Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
- For the time being and to keep the internal API consistent, changed all
- declarations to use a void return type.
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html
+
+Kamil Dudka (11 Aug 2014)
+- docs/SSLCERTS: update the section about NSS database
- To reduce code we might want to consider removing the unimplemented
- versions and use a void #define like schannel does.
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
+ Reported-by: David Shaw
-Daniel Stenberg (28 Dec 2014)
-- TODO: 2.3 Better support for same name resolves
+Daniel Stenberg (11 Aug 2014)
+- [Peter Wang brought this change]
-Steve Holme (28 Dec 2014)
-- test1520: Fixed initial teething problems
+ Curl_poll + Curl_wait_ms: fix timeout return value
- * Missing initialisation of upload status caused a seg fault
- * Missing data termination caused corrupt data to be uploaded
- * Data verification should be performed in <upload> element
- * Added missing recipient list cleanup
+ Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
+ in commits b61e8b8 and c771968:
+
+ When poll or select are interrupted and coincides with the timeout
+ elapsing, the functions return -1 indicating an error instead of 0 for
+ the timeout.
-- test1520: Fixed compilation errors
+Steve Holme (10 Aug 2014)
+- config-tpf.h: Fixed up line lengths > 79 characters
-- tests: Added test for bug #1456
+- config-symbian.h: Fixed up line lengths > 79 characters
-- checksrc.bat: Fixed a problem opening files with spaces in the filename
+- tool_hugehelp.c.cvs: Added copyright
+
+ Added copyright due to warning from checksrc.pl.
-- openldap: Prefer use of 'CURLcode result'
+- RELEASE-NOTES: Synced with cd6ecf6a89
-- openldap: Use 'LDAPMessage *msg' for messages
+- sasl_sspi: Fixed hard coded buffer for response generation
- This frees up the 'result' variable for CURLcode based result codes.
-
-- nss: Don't ignore Curl_extract_certinfo() OOM failure
+ Given the SSPI package info query indicates a token size of 4096 bytes,
+ updated to use a dynamic buffer for the response message generation
+ rather than a fixed buffer of 1024 bytes.
-- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
+- sasl_sspi: Fixed missing free of challenge buffer on SPN failure
-- nss: Use 'CURLcode result' for curl result codes
+- http_negotiate_sspi: Tidy up to remove the get_gss_name() function
- ...and don't use CURLE_OK in failure/success comparisons.
-
-- getinfo: Code style policing
+ Due to the reduction of code in commit 3b924b29 of get_gss_name() the
+ function isn't necessary anymore.
-- getinfo: Use 'CURLcode result' for curl result codes
+- http_negotiate_sspi: Use a dynamic buffer for SPN generation
+
+ Updated to use a dynamic buffer for the SPN generation via the recently
+ introduced Curl_sasl_build_spn() function rather than a fixed buffer of
+ 1024 characters, which should have been more than enough, but by using
+ the new function removes the need for another variable sname to do the
+ wide character conversion in Unicode builds.
-- darwinssl: Use 'CURLcode result' for curl result codes
+- sasl: Tidy up to rename SPN variable from URI
-- polarssl: Use 'CURLcode result' for curl result codes
+- sasl: Use a dynamic buffer for SPN generation
+
+ Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
+ for the SPN generation via the recently introduced Curl_sasl_build_spn()
+ function rather than a fixed buffer of 128 characters.
-- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
+- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
- As this feature has been implemented for 7.40.0.
+ Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
+ to a TCHAR when calling InitializeSecurityContext(). This meant that,
+ under Unicode builds, it would not be valid wide character string.
+
+ Updated to use the recently introduced Curl_sasl_build_spn() function
+ which performs the correct conversion for us.
-- asiohiper.cpp: No need to initialise members of ConnInfo
+- sasl: Introduced Curl_sasl_build_spn() for building a SPN
- ...as calloc() automatically clears the area of memory with zeros.
+ Various parts of the libcurl source code build a SPN for inclusion in
+ authentication data. This information is either used by our own native
+ generation routines or passed to authentication functions in third-party
+ libraries such as SSPI. However, some of these instances use fixed
+ buffers rather than dynamically allocated ones and not all of those that
+ should, convert to wide character strings in Unicode builds.
+
+ Implemented a common function that generates a SPN and performs the
+ wide character conversion where necessary.
-- asiohiper.cpp: Updated for curl coding standards
+- sasl_sspi: Fixed memory leak with not releasing Package Info struct
- ...with the exception of the start of block statement curly brackets.
+ Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
+ structure after QuerySecurityPackageInfo() had allocated it.
-- code/docs: Use correct case for IPv4 and IPv6
+- [Michael Osipov brought this change]
+
+ docs: Update SPNEGO and GSS-API related doc sections
- For consistency, as we seem to have a bit of a mixed bag, changed all
- instances of ipv4 and ipv6 in comments and documentations to use the
- correct case.
+ Reflect recent changes in SPNEGO and GSS-API code in the docs.
+ Update them with appropriate namings and remove visible spots for
+ GSS-Negotiate.
-- runtests: Fixed detection of Unix Sockets feature
+- sspi: Minor code tidy up to standardise coding style
- ...following change in curl --version output.
+ Following the recent changes and in attempt to align the SSPI based
+ authentication code performed the following:
+
+ * Use NULL and SECBUFFVERSION rather than hard coded constants.
+ * Avoid comparison of zero in if statements.
+ * Standardised the buf and desc setup code.
-- code/docs: Use Unix rather than UNIX to avoid use of the trademark
+- schannel: Fixed compilation warning in vtls.c
- Use Unix when generically writing about Unix based systems as UNIX is
- the trademark and should only be used in a particular product's name.
+ vtls.c:688:43: warning: unused parameter 'data'
-- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
+- tool_getparam.c: Fixed compilation warning
- if2ip.c:119: warning: unused parameter 'remote_scope_id'
+ warning: `orig_opt' might be used uninitialized in this function
+
+- RELEASE-NOTES: Synced with 159c3aafd8
+
+Daniel Stenberg (8 Aug 2014)
+- curl_ntlm_msgs: make < 80 columns wide
+
+Steve Holme (8 Aug 2014)
+- ntlm: Fixed hard coded buffer for SSPI based auth packet generation
- ...and some minor code style policing in the same function.
+ Given the SSPI package info query indicates a token size of 2888 bytes,
+ and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
+ for the Type-1 and Type-3 message generation rather than a fixed buffer
+ of 1024 bytes.
-- vtls: Don't set cert info count until memory allocation is successful
+- ntlm: Added support for SSPI package info query
- Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
- member variable to the requested count, which could then be used
- incorrectly as libcurl closes down.
+ Just as with the SSPI implementations of Digest and Negotiate added a
+ package info query so that libcurl can a) return a more appropriate
+ error code when the NTLM package is not supported and b) it can be of
+ use later to allocate a dynamic buffer for the Type-1 and Type-3
+ output tokens rather than use a fixed buffer of 1024 bytes.
-- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
+Daniel Stenberg (7 Aug 2014)
+- http2: added some more logging for debugging stream problems
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ HTTP/2: Reset promised stream, not its associated stream.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ HTTP/2: Move :authority before non-pseudo header fields
+
+- http2: show the received header for better debugging
+
+- openssl: replace call to OPENSSL_config
- The return type for this function was 0 on success and 1 on error. This
- was then examined by the calling functions and, in most cases, used to
- return CURLE_OUT_OF_MEMORY.
+ OPENSSL_config() is "strongly recommended" to use but unfortunately that
+ function makes an exit() call on wrongly formatted config files which
+ makes it hard to use in some situations. OPENSSL_config() itself calls
+ CONF_modules_load_file() and we use that instead and we ignore its
+ return code!
- Instead use CURLcode for the return type and return the out of memory
- error directly, propagating it up the call stack.
+ Reported-by: Jan Ehrhardt
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1401
-- configure: Use camel case for UNIX sockets feature output
+Dan Fandrich (7 Aug 2014)
+- [Fabian Keil brought this change]
+
+ runtests.pl: Pad test case numbers with up to three zeroes
- To match the curl --version output.
+ Test case numbers with four digits have been available for a
+ while now.
-Marc Hoersken (26 Dec 2014)
-- sockfilt.c: Reduce the number of individual memory allocations
+Steve Holme (7 Aug 2014)
+- docs: Added Negotiate to the SSPI current credentials usage description
+
+- TODO: HTTP Digest via Windows SSPI
+
+- TODO: FTP GSSAPI via Windows SSPI
+
+- http_negotiate_sspi: Fixed specific username and password not working
- Merge multiple internal arrays into one, even if some variables
- will not not be used. They are all created with the number of
- file descriptors as their size.
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
+ Reported-by: Leonardo Rosati
+
+- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
- Also fix possible thread handle leak in CloseHandle-loop.
+ If the server rejects our authentication attempt and curl hasn't
+ called CompleteAuthToken() then the status variable will be
+ SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
+
+ As such the existing detection mechanism for determining whether or not
+ the authentication process has finished is not sufficient.
+
+ However, the WWW-Authenticate: Negotiate header line will not contain
+ any data when the server has exhausted the negotiation, so we can use
+ that coupled with the already allocated context pointer.
-- sockfilt.c: Replace 100ms sleep with thread throttle
+Daniel Stenberg (5 Aug 2014)
+- RELEASE-NOTES: synced with 5b37db44a3eb
+
+Dan Fandrich (5 Aug 2014)
+- parsedate.c: fix the return code for an overflow edge condition
+
+Daniel Stenberg (5 Aug 2014)
+- [Toby Peterson brought this change]
+
+ darwinssl: don't use strtok()
- Improves performance of test cases 574 and 575 by 50%.
+ The GetDarwinVersionNumber() function uses strtok, which is not
+ thread-safe.
+
+- Curl_ossl_version: adapted to detect BoringSSL
- A value of zero causes the thread to relinquish the remainder
- of its time slice to any other thread of equal priority that is
- ready to run. If there are no other threads of equal priority
- ready to run, the function returns immediately, and the thread
- continues execution.
+ This seems to be the way it should work. Right now we can't build with
+ BoringSSL and try this out properly due to a minor API breakage.
+
+- Curl_ossl_version: detect and show libressl
- http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx
+ LibreSSL is otherwise OpenSSL API compliant (so far)
-Steve Holme (25 Dec 2014)
-- tool_help: Use camel case for UNIX sockets feature output
+- [Tatsuhiro Tsujikawa brought this change]
+
+ HTTP/2: Fix infinite loop in readwrite_data()
- In line with the other features listed in the --version output,
- capitalise the UNIX socket feature.
+ To prevent infinite loop in readwrite_data() function when stream is
+ reset before any response body comes, reset closed flag to false once
+ it is evaluated to true.
-- vtls: Use bool for Curl_ssl_getsessionid() return type
+Dan Fandrich (3 Aug 2014)
+- gtls: only define Curl_gtls_seed if Nettle is not being used
+
+- ssl: provide Curl_ssl_backend even if no SSL library is available
+
+Daniel Stenberg (2 Aug 2014)
+- [Tatsuhiro Tsujikawa brought this change]
+
+ HTTP2: Support expect: 100-continue
- The return type of this function is a boolean value, and even uses a
- bool internally, so use bool in the function declaration as well as
- the variables that store the return value, to avoid any confusion.
+ "Expect: 100-continue", which was once deprecated in HTTP/2, is now
+ resurrected in HTTP/2 draft 14. This change adds its support to
+ HTTP/2 code. This change also includes stricter header field
+ checking.
-- schannel: Minor code style policing for casts
+- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
-- schannel: Prefer 'CURLcode result' for curl result codes
+- FEATURES: minor update
-- cyassl: Prefer 'CURLcode result' for curl result codes
+- openssl: make ossl_send return CURLE_OK better
+
+ Previously it only returned a CURLcode for errors, which is when it
+ returns a different size than what was passed in to it.
+
+ The http2 code only checked the curlcode and thus failed.
-- tool_xattr: Use 'CURLcode result' for curl result codes
+- RELEASE-NOTES: synced with 7bb4c8cadb5d0
-- curl_ntlm_core.c: Fixed compilation warnings
+- [Michael Wallner brought this change]
+
+ CURLOPT_HEADEROPT.3: typo: do -> to
+
+- [Marcel Raad brought this change]
+
+ schannel: use CryptGenRandom for random numbers
- curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
- 'CryptImportKey' differ in signedness
- curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
- incompatible pointer type
- curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
- from incompatible pointer type
+ This function is available for every Windows version since Windows 95/NT.
+
+ reference:
+ http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
-- RELEASE-NOTES: Synced with 8830df8b66
+- curl_version_info.3: 'ssl_version_num' is always 0
+
+ ... and has been so since 2005
-- gtls: Use preferred 'CURLcode result'
+- ssl: generalize how the ssl backend identifier is set
+
+ Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
+ one which was missing previously.
+
+Dan Fandrich (31 Jul 2014)
+- axtls: define curlssl_random using axTLS's PRNG
+
+- cyassl: fix the test for ASN_NO_SIGNER_E
+
+ It's an enum so a macro test won't work. The CyaSSL changelog doesn't
+ say exactly when this error code was introduced, but it's likely
+ to be 2.7.0.
+
+- cyassl: use RNG_GenerateBlock to generate a good random number
+
+- opts: fixed some typos
-- openldap: Use standard naming for setup connection function
+- smtp: fixed a segfault during test 1320 torture test
- Renamed ldap_setup() to ldap_setup_connection() to follow more widely
- used function naming.
+ Under these circumstances, the connection hasn't been fully established
+ and smtp_connect hasn't been called, yet smtp_done still calls the state
+ machine which dereferences the NULL conn pointer in struct pingpong.
-- rtmp: Use standard naming for setup connection function
+Daniel Stenberg (30 Jul 2014)
+- vtls: repair build without TLS support
- Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
- used function naming.
+ ... by defining Curl_ssl_random() properly
-- smb: Use standard naming for setup connection function
+- polarssl: provide a (weak) random function
- Renamed smb_setup() to smb_setup_connection() to follow more widely
- used function naming.
+ This now provides a weak random function since PolarSSL doesn't have a
+ quick and easy way to provide a good one. It does however provide the
+ framework to make one so it _can_ and _should_ be done...
-- config-win32.h: Fixed line length > 79 columns
+- [Michael Wallner brought this change]
-- openssl: Prefer we don't use NULL in comparisons
+ curl_tlsinfo -> curl_tlssessioninfo
-- build: Removed WIN32 definition from the Visual Studio projects
+- cyassl: use the default (weeker) random
- As this pre-processor definition is defined in curl_setup.h there is no
- need to include it in the Visual Studio project files.
+ I couldn't find any dedicated function in its API to get a "good" random
+ with.
-- build: Removed WIN64 definition from the libcurl Visual Studio projects
-
- Removed the WIN64 pre-processor definition from the libcurl project
- files as:
+- cyassl: made it compile with version 2.0.6 again
- * WIN64 is not used in our source code
- * The curl projects files don't define it
- * It isn't required by or used in the platform SDK
- * For backwards compatability curl_setup.h defines WIN32
- * The compiler automatically defines _WIN64 for x64 builds
+ ASN_NO_SIGNER_E didn't exist back then!
+
+- vtls: make the random function mandatory in the TLS backend
- Historically Visual Studio projects have defined WIN32, in addition to
- the compiler defined _WIN32 definition, and I had incorrectly changed
- that to WIN64 for the x64 libcurl builds but not in the curl projects.
+ To force each backend implementation to really attempt to provide proper
+ random. If a proper random function is missing, then we can explicitly
+ make use of the default one we use when TLS support is missing.
- As such, it is questionable whether this should be defined or not. For
- more information see the following cache of a discussion that took
- place on the microsoft.public.vc.mfc newsgroup:
+ This commit makes sure it works for darwinssl, gnutls, nss and openssl.
+
+- libcurl.m4: include the standard source header
- http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html
+ ... with permission from David Shaw
-- openssl.c Fix for compilation errors with older versions of OpenSSL
+Kamil Dudka (28 Jul 2014)
+- nss: do not check the version of NSS at run time
- openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
- openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
+ The minimal required version of NSS is 3.14.x so it does not make sense
+ to check for NSS 3.12.0+ at run time.
-Daniel Stenberg (22 Dec 2014)
-- [John Malmberg brought this change]
+Daniel Stenberg (28 Jul 2014)
+- [Anthon Pang brought this change]
- Fix comment edit in vms/backup_gnv_curl_src.com
+ curl.h: bring back CURLE_OBSOLETE16
- packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.
-
-- curl: show size of inhibited data when using -v
+ Removing defines, even obsolete ones that haven't been used for a very
+ long time, still break a lot of applications.
- To offer some more info and yet it doesn't use more lines.
+ Bug: https://github.com/bagder/curl/pull/106
-- openssl: fix SSL/TLS versions in verbose output
+Dan Fandrich (26 Jul 2014)
+- [Fabian Keil brought this change]
-- openssl: make it compile against openssl 1.1.0-DEV master branch
+ tests: Fix a couple of incomplete response lines
-Marc Hoersken (22 Dec 2014)
-- sshserver.pl: clarify and streamline variable names
+- [Fabian Keil brought this change]
-Daniel Stenberg (21 Dec 2014)
-- openssl: warn for SRP set if SSLv3 is used, not for TLS version
-
- ... as it requires TLS and it was was left to warn on the default from
- when default was SSL...
+ runtests.pl: Remove filteroff() which hasn't been used since 2001
-- smb: use memcpy() instead of strncpy()
+- [Fabian Keil brought this change]
+
+ runtests.pl: Don't expect $TESTDIR/DISABLED to exist
- ... as it never copies the trailing zero anyway and always just the four
- bytes so let's not mislead anyone into thinking it is actually treated
- as a string.
+ If a non-standard $TESTDIR is used the file may not be necessary.
- Coverity CID: 1260214
+ Previously a "missing" file resulted in the warning:
+ readline() on closed filehandle D at ./runtests.pl line 4940.
-- [John E. Malmberg brought this change]
+- [Fabian Keil brought this change]
- VMS: Updates for 0740-0D1220
+ getpart.pm: Fix a comment typo
+
+Daniel Stenberg (25 Jul 2014)
+- c-ares: fix build without IPv6 support
- lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
- More defines to set symbols to uppercase.
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
+ Reported-by: Spork Schivago
+
+- Curl_base64url_encode: unit-tested in 1302
+
+- base64: added Curl_base64url_encode()
- src/tool_main.c : Fix parameter to vms_special_exit() call.
+ This is now used by the http2 code. It has two different symbols at the
+ end of the base64 table to make the output "url safe".
- packages/vms/ :
- backup_gnv_curl_src.com : Fix the error message to have the correct package.
+ Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
+
+- [Marcel Raad brought this change]
+
+ SSPI Negotiate: Fix 3 memory leaks
- build_curl-config_script.com : Rewrite to be more accurate.
+ Curl_base64_decode allocates the output string by itself and two other
+ strings were not freed either.
+
+- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated
+
+- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore
+
+- [Sergey Nikulov brought this change]
+
+ libtest: fixed duplicated line in Makefile
- build_libcurl_pc.com : Use tool_version.h now.
+ Bug: https://github.com/bagder/curl/pull/105
+
+Patrick Monnerat (23 Jul 2014)
+- GSSAPI: remove useless *_MECHANISM defines.
+
+Daniel Stenberg (23 Jul 2014)
+- findprotocol: show unsupported protocol within quotes
- build_vms.com : Fix to handle lib/vtls directory.
+ ... to aid when for example prefixed with a space or other weird
+ character.
+
+Patrick Monnerat (23 Jul 2014)
+- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date.
+
+Daniel Stenberg (23 Jul 2014)
+- [Marcel Raad brought this change]
+
+ conncache: fix compiler warning
- curl_gnv_build_steps.txt : Updated build procedure documentation.
+ warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
+ of data
- generate_config_vms_h_curl.com :
- * VAX does not support 64 bit ints, so no NTLM support for now.
- * VAX HP SSL port is ancient, needs some help.
- * Disable NGHTTP2 for now, not ported to VMS.
- * Disable UNIX_SOCKETS, not available on VMS yet.
- * HP GSSAPI port does not have gss_nt_service_name.
+ The member connection_id of struct connectdata is a long (always a
+ 32-bit signed integer on Visual C++) and the member next_connection_id
+ of struct conncache is a size_t, so one of them should be changed to
+ match the other.
- gnv_link_curl.com : Update for new curl structure.
+ This patch the size_t in struct conncache to long (the less invasive
+ change as that variable is only ever used in a single code line).
- pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1399
-Marc Hoersken (21 Dec 2014)
-- sockfilt.c: use non-Ex functions that are available before WinXP
-
- It was initially reported by Guenter that GetFileSizeEx
- requires (_WIN32_WINNT >= 0x0500) to be true.
+- RELEASE-NOTES: synced with 81cd24adb8b
-- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
+- http2: more and better error checking
- Second patch to enable Windows support using Cygwin-based OpenSSH.
+ 1 - fixes the warnings when built without http2 support
- Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.
+ 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
+ basically when they are about http2 specific things.
-- tests: support spaces in paths to SSH, SSHD and SFTP binaries
+Dan Fandrich (23 Jul 2014)
+- cyassl.c: return the correct error code on no CA cert
- First patch to enable Windows support using Cygwin-based OpenSSH.
+ CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
+ so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
+ is requested.
-Steve Holme (20 Dec 2014)
-- non-ascii: Reduce variable usage
-
- Removed 'next' variable in Curl_convert_form(). Rather than setting it
- from 'form->next' and using that to set 'form' after the conversion
- just use 'form = form->next' instead.
+Daniel Stenberg (23 Jul 2014)
+- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0
-- non-ascii: Prefer while loop rather than a do loop
+- test1013.pl: remove SPNEGO/GSS-API tweaks
- This also removes the need to check that the 'form' argument is valid.
+ No longer necessary after Michael Osipov's rework
-- non-ascii: Reduce variable scope
-
- As 'result' isn't used out side the conversion callback code and
- previously caused variable shadowing in the libiconv based code.
+- http_negotiate: remove unused variable
-- non-ascii: We prefer 'CURLcode result'
-
- This also fixes a variable shadowing issue when HAVE_ICONV is defined
- as rc was declared for the result code of libiconv based functions.
+- [Michael Osipov brought this change]
-Marc Hoersken (19 Dec 2014)
-- secureserver.pl: clean up formatting of config and fix verbose output
-
- Verbose output was not matching the actual configuration file,
- because FIPS and Windows conditions were ignored.
+ docs: Improve inline GSS-API naming in code documentation
-- secureserver.pl: update Windows detection and fix path conversion
+- [Michael Osipov brought this change]
-- secureserver.pl: make OpenSSL CApath and cert absolute path values
+ curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
- Recent stunnel versions (5.08) seem to have trouble with relative
- paths on Windows. This turns the relative paths into absolute ones.
+ - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
+ - CURL_VERSION_GSSNEGOTIATE is deprecated which
+ is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
+ CURUL_VERSION_SPNEGO now.
+ - Remove display of feature 'GSS-Negotiate'
-Patrick Monnerat (18 Dec 2014)
-- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.
+- [Michael Osipov brought this change]
-- [Kyle J. McKay brought this change]
+ configure/features: Add feature and version info for GSS-API and SPNEGO
- parseurlandfillconn(): fix improper non-numeric scope_id stripping.
- Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
+- [Michael Osipov brought this change]
-- IPV6: address scope != scope id
- There was a confusion between these: this commit tries to disambiguate them.
- - Scope can be computed from the address itself.
- - Scope id is scope dependent: it is currently defined as 1-based local
- interface index for link-local scoped addresses, and as a site index(?) for
- (obsolete) site-local addresses. Linux only supports it for link-local
- addresses.
- The URL parser properly parses a scope id as an interface index, but stores it
- in a field named "scope": confusion. The field has been renamed into "scope_id".
- Curl_if2ip() used the scope id as it was a scope. This caused failures
- to bind to an interface.
- Scope is now computed from the addresses and Curl_if2ip() matches them.
- If redundantly specified in the URL, scope id is check for mismatch with
- the interface index.
+ HTTP: Remove checkprefix("GSS-Negotiate")
- This commit should fix SF bug #1451.
+ That auth mech has never existed neither on MS nor on Unix side.
+ There is only Negotiate over SPNEGO.
-- connect: singleipconnect(): properly try other address families after failure
+- [Michael Osipov brought this change]
-Daniel Stenberg (16 Dec 2014)
-- SFTP: work-around servers that return zero size on STAT
+ curl_gssapi: Add macros for common mechs and pass them appropriately
- Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
- Pathed-by: Marc Renault
+ Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
+ HTTP, FTP and SOCKS on Unix
-- glob_next_url: make the loop count upwards
+- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
- As the former contruct apparently caused a compiler warning, mentioned
- in d8efde07e556c.
+ This reverts commit cb3e6dfa3511 and instead fixes the problem
+ differently.
+
+ The reverted commit addressed a test failure in test 1021 by simplifying
+ and generalizing the code flow in a way that damaged the
+ performance. Now we modify the flow so that Curl_proxyCONNECT() again
+ does as much as possible in one go, yet still do test 1021 with and
+ without valgrind. It failed due to mistakes in the multi state machine.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1397
+ Reported-by: Paul Saab
-- tool_operate: we prefer 'CURLcode result'
+- [Marcel Raad brought this change]
-- tool_urlglob: unify return codes to use CURLcode
+ url.c: use the preferred symbol name: *READDATA
- There was a mix of GlobCode, CURLcode and ints and they were mostly
- passing around CURLcode errors. This change makes the functions use only
- CURLcode and removes the GlobCode type completely.
-
-- tool_urlglob.c: partly reverse dc19789444
+ with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
+ symbol (*INFILE) is used
- The loop in glob_next_url() needs to be done backwards to maintain the
- logic. dc19789444 caused test 1235 to fail.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1398
-- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME
+Dan Fandrich (19 Jul 2014)
+- [Alessandro Ghedini brought this change]
-- [Jay Satiro brought this change]
+ CURLOPT_CHUNK_BGN_FUNCTION: fix typo
- opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
+Kamil Dudka (18 Jul 2014)
+- [Alessandro Ghedini brought this change]
+
+ build: link curl to NSS libraries when NSS support is enabled
- Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
- CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
- that will be used.
+ This fixes a build failure on Debian caused by commit
+ 24c3cdce88f39731506c287cb276e8bf4a1ce393.
- Prior to this change that behavior was only noted in the
- CURLOPT_TIMEOUT_MS doc.
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
-Nick Zitzmann (15 Dec 2014)
-- darwinssl: fix incorrect usage of aprintf()
+Steve Holme (17 Jul 2014)
+- build: Removed unnecessary XML Documentation file directive from VC8 to VC12
- Commit b13923f changed an snprintf() to use aprintf(), but the API usage
- wasn't correct, and was causing a crash to occur. This fixes it.
+ The curl tool project files for VC8 to VC12 would set this setting to
+ $(IntDir) which is the Visual Studio default value. To avoid confusion
+ when viewing settings from within Visual Studio and for consistency
+ with the libcurl project files removed this setting.
+
+ Conflicts:
+ projects/Windows/VC10/src/curlsrc.tmpl
+ projects/Windows/VC11/src/curlsrc.tmpl
+ projects/Windows/VC12/src/curlsrc.tmpl
+ projects/Windows/VC8/src/curlsrc.tmpl
+ projects/Windows/VC9/src/curlsrc.tmpl
-Steve Holme (14 Dec 2014)
-- copyright: Updated the copyright year following recent updates
+- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12
+
+ The curl tool project files for VC7 to VC12 would set this settings to
+ $(IntDir)$(TargetName).pch which is the Visual Studio default value. To
+ avoid confusion when viewing settings from within Visual Studio and for
+ consistency with the libcurl project files removed this setting.
+
+ Conflicts:
+ projects/Windows/VC10/src/curlsrc.tmpl
+ projects/Windows/VC11/src/curlsrc.tmpl
+ projects/Windows/VC12/src/curlsrc.tmpl
+ projects/Windows/VC8/src/curlsrc.tmpl
+ projects/Windows/VC9/src/curlsrc.tmpl
-Daniel Stenberg (14 Dec 2014)
-- tool_urlglob.c: reverse two loops
+- build: Removed unnecessary ASM and Object file directives in VC7 to VC12
- By counting from 0 and up instead of backwards like before, we remove
- the need for the "funny" check of the unsigned variable when decreased
- passed zero. Easier to read and less risk for compiler warnings.
+ The curl tool project files for VC7 to VC12 would set these settings to
+ $(IntDir) which is the Visual Studio default value. To avoid confusion
+ when viewing settings from within Visual Studio and for consistency
+ with the libcurl project files removed these two settings.
-Marc Hoersken (14 Dec 2014)
-- tool_urlglob.c: Added braces to clarify the conditions
+Daniel Stenberg (17 Jul 2014)
+- [Dave Reisner brought this change]
-- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
+ src/Makefile.am: add .DELETE_ON_ERROR
- The >= 0 is actually not required, since i underflows and
- the for-loop is stopped using the < condition, but this
- makes the VS2012 compiler and code analysis happy.
-
-- tool_binmode.c: Explicitly ignore the return code of setmode
+ This prevents targets like tool_hugehelp.c from leaving around
+ half-constructed files if the rule fails with GNU make.
- Fixes code analysis warning C6031:
- return value ignored: <function> could return unexpected value
+ Reported-by: Rafaël Carré <funman@videolan.org>
-- lib: Fixed multiple code analysis warnings if SAL are available
-
- warning C28252: Inconsistent annotation for function:
- parameter has another annotation on this instance
+- THANKS: added new contributors from 7.37.1 announcement
-Steve Holme (14 Dec 2014)
-- smb.c: Fixed code analysis warning
+Dan Fandrich (17 Jul 2014)
+- testcurl.pl: log the value of --runtestopts in the test header
+
+Daniel Stenberg (16 Jul 2014)
+- RELEASE-NOTES: cleared, working towards next release
+
+- curl_gssapi.c: make line shorter than 80 columns
+
+- [David Woodhouse brought this change]
+
+ Fix negotiate auth to proxies to track correct state
+
+- [David Woodhouse brought this change]
+
+ Don't abort Negotiate auth when the server has a response for us
- smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
- then cast to 64-bit value. Result may not be an expected
- value
+ It's wrong to assume that we can send a single SPNEGO packet which will
+ complete the authentication. It's a *negotiation* — the clue is in the
+ name. So make sure we handle responses from the server.
+
+ Curl_input_negotiate() will already handle bailing out if it thinks the
+ state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
+ talking to us, so we should avoid endless loops that way.
-Marc Hoersken (14 Dec 2014)
-- tool_util.c: Use GetTickCount64 if it is available
+- [David Woodhouse brought this change]
-Steve Holme (14 Dec 2014)
-- smb: Use HAVE_PROCESS_H for process.h inclusion
+ Don't clear GSSAPI state between each exchange in the negotiation
- Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
- pre-processor define when including process.h.
+ GSSAPI doesn't work very well if we forget everything ever time.
+
+ XX: Is Curl_http_done() the right place to do the final cleanup?
-Daniel Stenberg (14 Dec 2014)
-- darwinssl: aprintf() to allocate the session key
+- [David Woodhouse brought this change]
+
+ Use SPNEGO for HTTP Negotiate
- ... to avoid using a fixed memory size that risks being too large or too
- small.
+ This is the correct way to do SPNEGO. Just ask for it
+
+ Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
+ isn't available. Of course, we bail out when the server responds with the
+ challenge packet, since we don't expect that. But I'll fix that bug next...
-Marc Hoersken (14 Dec 2014)
-- curl_schannel: Improvements to memory re-allocation strategy
+- [David Woodhouse brought this change]
+
+ Remove all traces of FBOpenSSL SPNEGO support
- - do not grow memory by doubling its size
- - do not leak previously allocated memory if reallocation fails
- - replace while-loop with a single check to make sure
- that the requested amount of data fits into the buffer
+ This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
+ allows client and server to negotiate the underlying mechanism which will
+ actually be used to authenticate. This is *often* Kerberos, and can also
+ be NTLM and other things. And to complicate matters, there are various
+ different OIDs which can be used to specify the Kerberos mechanism too.
+
+ A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
+ and will exchange GSSAPI tokens which are appropriate for that mechanism.
+
+ But this SPNEGO implementation just strips the incoming SPNEGO packet
+ and extracts the token, if any. And completely discards the information
+ about *which* mechanism is being used. Then we *assume* it was Kerberos,
+ and feed the token into gss_init_sec_context() with the default
+ mechanism (GSS_S_NO_OID for the mech_type argument).
+
+ Furthermore... broken as this code is, it was never even *used* for input
+ tokens anyway, because higher layers of curl would just bail out if the
+ server actually said anything *back* to us in the negotiation. We assume
+ that we send a single token to the server, and it accepts it. If the server
+ wants to continue the exchange (as is required for NTLM and for SPNEGO
+ to do anything useful), then curl was broken anyway.
+
+ So the only bit which actually did anything was the bit in
+ Curl_output_negotiate(), which always generates an *initial* SPNEGO
+ token saying "Hey, I support only the Kerberos mechanism and this is its
+ token".
- Bug: http://curl.haxx.se/bug/view.cgi?id=1450
- Reported-by: Warren Menzer
+ You could have done that by manually just prefixing the Kerberos token
+ with the appropriate bytes, if you weren't going to do any proper SPNEGO
+ handling. There's no need for the FBOpenSSL library at all.
+
+ The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
+ SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
+ is for. And then it should all Just Work™.
+
+ That 'sane way' will be added in a subsequent patch, as will bug fixes
+ for our failure to handle any exchange other than a single outbound
+ token to the server which results in immediate success.
-Steve Holme (14 Dec 2014)
-- asyn-ares: We prefer use of 'CURLcode result'
+- [David Woodhouse brought this change]
-Marc Hoersken (14 Dec 2014)
-- curl_schannel.c: Data may be available before connection shutdown
+ ntlm_wb: Avoid invoking ntlm_auth helper with empty username
-Steve Holme (14 Dec 2014)
-- http2: Use 'CURLcode result' for curl result codes
+- [David Woodhouse brought this change]
-- asyn-thread: We prefer 'CURLcode result'
+ ntlm_wb: Fix hard-coded limit on NTLM auth packet size
+
+ Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
+ a hard limit once let's just make it cope by reallocating as necessary.
-- smb: Fixed unnecessary initialisation of struct member variables
+Version 7.37.1 (16 Jul 2014)
+
+Daniel Stenberg (16 Jul 2014)
+- RELEASE-NOTES: synced with 4cb2521595
+
+- test506: verify aa6884845168
- There is no need to set the 'state' and 'result' member variables to
- SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
- as calloc() initialises the contents to zero.
+ After the fixed cookie lock deadlock, this test now passes and it
+ detects double-locking and double-unlocking of mutexes.
-- ntlm: Fixed return code for bad type-2 Target Info
+- [Yousuke Kimoto brought this change]
+
+ cookie: avoid mutex deadlock
- Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
- buffers just like we do for bad decodes.
+ ... by removing the extra mutex locks around th call to
+ Curl_flush_cookies() which takes care of the locking itself already.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html
-- ntlm: Remove unnecessary casts in readshort_le()
+- gnutls: fix compiler warning
- I don't think both of my fix ups from yesterday were needed to fix the
- compilation warning, so remove the one that I think is unnecessary and
- let the next Android autobuild prove/disprove it.
+ conversion to 'int' from 'long int' may alter its value
-- curl_ntlm_msgs.c: Another attempt to fix compilation warning
+Dan Fandrich (15 Jul 2014)
+- test320: strip off the actual negotiated cipher width
- curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
- 'int' may alter its value
+ It's irrelevant to the test, and will change depending on which SSL
+ library is being used by libcurl.
-Guenter Knauf (13 Dec 2014)
-- synctime.c: added own user-agent string.
+- gnutls: detect lack of SRP support in GnuTLS at run-time and try without
+
+ Reported-by: David Woodhouse
-Steve Holme (13 Dec 2014)
-- smb.c: Fixed line longer than 79 columns
+Daniel Stenberg (14 Jul 2014)
+- [Michał Górny brought this change]
-- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
+ configure: respect host tool prefix for krb5-config
- curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
- 'int' may alter its value
+ Use ${host_alias}-krb5-config if available. This improves cross-
+ compilation support and fixes multilib on Gentoo (at least).
-Guenter Knauf (13 Dec 2014)
-- mk-ca-bundle.pl: restored forced run again.
+- [David Woodhouse brought this change]
-- synctime.c: removed another timeserver URL.
+ gnutls: handle IP address in cert name check
- worldtimeserver.com seems also no longer available.
+ Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
+ didn't actually check IP addresses in SubjectAltName, even though it was
+ explicitly documented as doing so. So do it ourselves...
-- synctime.c: fixed timeserver URLs.
-
- For getting the date header its not necessary to access special
- pages or even CGI scripts - all pages including the main index
- reply with the date header, therefore shortened URLs to domain.
- Removed worldtime.com; added pool.ntp.org.
+Dan Fandrich (14 Jul 2014)
+- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r
-Steve Holme (13 Dec 2014)
-- ftp.c: Fixed compilation warning when no verbose string support
-
- ftp.c:819: warning: unused parameter 'lineno'
+Daniel Stenberg (14 Jul 2014)
+- RELEASE-NOTES: next one is called 7.37.1
-- smb: Added state change functions to assist with debugging
+Dan Fandrich (13 Jul 2014)
+- gnutls: improved error message if setting cipher list fails
- For debugging purposes, and as per other protocols within curl, added
- state change functions rather than changing the states directly.
+ Reported-by: David Woodhouse
-- ntlm: Use short integer when decoding 16-bit values
+- netrc: fixed thread safety problem by using getpwuid_r if available
+
+ The old way using getpwuid could cause problems in programs that enable
+ reading from netrc files simultaneously in multiple threads.
+
+ Reported-by: David Woodhouse
-- RELEASE-NOTES: Synced with 6291a16b20
+- RELEASE-NOTES: add the reporter of the previous bug fix
-- smtp.c: Fixed compilation warnings
+- netrc: treat failure to find home dir same as missing netrc file
- smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
- does not append to the string
- smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
- does not append to the string
- smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
- does not append to the string
+ This previously caused a fatal error (with a confusing error code, at
+ that).
- Used array index notation instead.
+ Reported by: Glen A Johnson Jr.
-- smb: Disable SMB when 64-bit integers are not supported
-
- This fixes compilation issues with compilers that don't support 64-bit
- integers through long long or __int64.
+Steve Holme (12 Jul 2014)
+- RELEASE-NOTES: Synced with aaaf9e50ec
-- ntlm: Disable NTLM v2 when 64-bit integers are not supported
+- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
- This fixes compilation issues with compilers that don't support 64-bit
- integers through long long or __int64 which was introduced in commit
- 07b66cbfa4.
+ Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
+ Reported-by: David Woodhouse
-- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
+- build: Fixed overridden compiler PDB settings in VC7 to VC12
- Previously USE_NTLM2SESSION would only be defined automatically when
- USE_NTRESPONSES wasn't already defined. Separated the two definitions
- so that the user can manually set USE_NTRESPONSES themselves but
- USE_NTLM2SESSION is defined automatically if they don't define it.
+ The curl tool project files for VC7 to VC12 would override the default
+ setting with the output filename being the same as the linker PDB file.
+ As such the compiler file would be overwritten with the linker file
+ for all debug builds.
+
+ To avoid this overwrite and for consistency with the libcurl project
+ files, removed the setting to force the default filename to be used.
-- smtp.c: Fixed line longer than 79 columns
+Dan Fandrich (12 Jul 2014)
+- tests: added globbing keyword to URL globbing tests
-- config-win32.h: Don't enable Windows Crypt API if using OpenSSL
+- Fixed some "statement not reached" warnings
+
+- gnutls: fixed a couple of uninitialized variable references
+
+- gnutls: fixed compilation against versions < 2.12.0
- As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
- routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
- automatically when either OpenSSL or NSS are in use - doing so would
- disable NTLM2Session responses in NTLM type-3 messages.
+ The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
+ the code path in which they're referenced here is only ever used for
+ somewhat older GnuTLS versions. This caused undeclared identifier errors
+ when compiling against those.
-- smtp: Fixed inappropriate free of the scratch buffer
+- gnutls: explicitly added SRP to the priority string
- If the scratch buffer was allocated in a previous call to
- Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
- call and no action taken by that call, then an attempt would be made to
- try and free the buffer which, by now, would be part of the data->state
- structure.
+ This seems to have become necessary for SRP support to work starting
+ with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
+ before the function that takes this priority string, there should be no
+ issue with backward compatibility.
+
+- tests: adjust for capitalization differences in newer gnutls-serv
+
+- test320/1/2/4: fix the port number substitution variables
- This bug was introduced in commit 4bd860a001.
+ These tests have been broken since commit 1958fe57 in Oct. 2011
-- smtp: Fixed dot stuffing when EOL characters were at end of input buffers
+- tests: document more test identifiers and variables
+
+- gnutls: ignore invalid certificate dates with VERIFYPEER disabled
- Fixed a problem with the CRLF. detection when multiple buffers were
- used to upload an email to libcurl and the line ending character(s)
- appeared at the end of each buffer. This meant any lines which started
- with . would not be escaped into .. and could be interpreted as the end
- of transmission string instead.
+ This makes the behaviour consistent with what happens if a date can
+ be extracted from the certificate but is expired.
+
+Steve Holme (10 Jul 2014)
+- CURLOPT_UPLOAD: Corrected argument type
+
+Daniel Stenberg (9 Jul 2014)
+- FAQ: expand the thread-safe section
- This only affected libcurl based applications that used a read function
- and wasn't reproducible with the curl command-line tool.
+ ... with a mention of *NOSIGNAL, based on talk in bug #1386
+
+Dan Fandrich (9 Jul 2014)
+- url.c: Fixed memory leak on OOM
- Bug: http://curl.haxx.se/bug/view.cgi?id=1456
- Assisted-by: Patrick Monnerat
+ This showed itself on some systems with torture failures
+ in tests 1060 and 1061
-Daniel Stenberg (11 Dec 2014)
-- telnet: fix "cast increases required alignment of target type"
+- Update instances of some obsolete CURLOPTs to their new names
-- ntlm_wb_response: fix "statement not reached"
+Daniel Stenberg (5 Jul 2014)
+- [Marcel Raad brought this change]
+
+ compiler warnings: potentially uninitialized variables
- ... and I could use a break instead of a goto to end the loop.
+ ... pointed out by MSVC2013
- Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
- Reported-by: Tor Arntsen
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1391
-Steve Holme (10 Dec 2014)
-- RELEASE-NOTES: Synced with 1cc5194337
+Kamil Dudka (4 Jul 2014)
+- nss: make the list of CRL items global
- Added some bug fixes that I had missed in previous synchronisations.
+ Otherwise NSS could use an already freed item for another connection.
-Daniel Stenberg (10 Dec 2014)
-- Curl_unix2addr: avoid using the variable name 'sun'
-
- I suspect this causes compile failures on Solaris:
+- nss: fix a memory leak when CURLOPT_CRLFILE is used
+
+- nss: make crl_der allocated on heap
- Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
+ ... and spell it as crl_der instead of crlDER
-Steve Holme (10 Dec 2014)
-- url.c: Fixed compilation warning when USE_NTLM is not defined
+- nss: let nss_{cache,load}_crl return CURLcode
+
+- tool: oops, forgot to include <plarenas.h>
- url.c:3078: warning: variable 'credentialsMatch' set but not used
+ ... that contains the declaration of PL_ArenaFinish()
-- parsedate.c: Fixed compilation warning
+- tool: call PL_ArenaFinish() on exit if NSPR is used
- parsedate.c:548: warning: 'parsed' may be used uninitialized in this
- function
+ This prevents valgrind from reporting still reachable memory allocated
+ by NSPR arenas (mainly the freelist).
- As curl_getdate() returns -1 when parsedate() fails we can initialise
- parsed to -1.
+ Reported-by: Hubert Kario
-Daniel Stenberg (10 Dec 2014)
-- TODO: Cache negative name resolves
-
- Worth exploring
+Daniel Stenberg (3 Jul 2014)
+- [Dimitrios Siganos brought this change]
-- ldap: check Curl_client_write() return codes
-
- There might be one or two memory leaks left in the error paths.
+ example: use correct type (long) for CURLOPT_FOLLOWLOCATION
-- ldap: rename variables to comply to curl standards
+- [Dimitrios Siganos brought this change]
-Dan Fandrich (10 Dec 2014)
-- sws.c: Fixed 'rc' may be used uninitialized warning
+ Document type of argument for CURLOPT_FOLLOWLOCATION.
-- cookies: Improved OOM handling in cookies
-
- This fixes the test 506 torture test. The internal cookie API really
- ought to be improved to separate cookie parsing errors (which may be
- ignored) with OOM errors (which should be fatal).
+- [Dimitrios Siganos brought this change]
-Guenter Knauf (9 Dec 2014)
-- synctime.c: fixed user-agent setting.
-
- Some websites meanwhile refuse to reply to requests from ancient
- browsers like IE6, therefore I've comment out this setting, but
- also fixed the string to now fake IE8 if someone enables it.
+ Document type of argument for CURLOPT_ERRORBUFFER.
-Daniel Stenberg (9 Dec 2014)
-- smb: fix unused return code warning
+- [Dimitrios Siganos brought this change]
-Patrick Monnerat (9 Dec 2014)
-- Curl_client_write() & al.: chop long data, convert data only once.
+ Document type of argument for CURLOPT_COPYPOSTFIELDS.
-Guenter Knauf (9 Dec 2014)
-- VC build: added sspi define for winssl-zlib builds.
+- [Dimitrios Siganos brought this change]
-Daniel Stenberg (9 Dec 2014)
-- schannel_recv: return the correct code
+ Document type of argument for CURLOPT_ADDRESS_SCOPE.
+
+- curl.1: minor language fix
- Bug: http://curl.haxx.se/bug/view.cgi?id=1462
- Reported-by: Tae Hyoung Ahn
+ Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
-- http2: avoid logging neg "failure" if h2 was not requested
+- [Ray Satiro brought this change]
-- openldap: do not ignore Curl_client_write() return codes
+ progress callback: skip last callback update on errors
+
+ When an error has been detected, skip the final forced call to the
+ progress callback by making sure to pass the current return code
+ variable in the Curl_done() call in the CURLM_STATE_DONE state.
+
+ This avoids the "extra" callback that could occur even if you returned
+ error from the progress callback.
+
+ Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
+ Reported by: Jonathan Cardoso Machado
-- compile: warn on unused return code from Curl_client_write()
+Dan Fandrich (2 Jul 2014)
+- opts: fixed some CURLOPT references so they get turned into links
-Patrick Monnerat (8 Dec 2014)
-- SMB: Fix a data size mismatch that broke SMB on big-endian platforms
+Kamil Dudka (2 Jul 2014)
+- tool: call PR_Cleanup() on exit if NSPR is used
+
+ This prevents valgrind from reporting possibly lost memory that NSPR
+ uses for file descriptor cache and other globally allocated internal
+ data structures.
-Steve Holme (7 Dec 2014)
-- smb: Fixed Windows autoconf builds following commit eb88d778e7
+- nss: make the fallback to SSLv3 work again
- As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
- either explicitly through --enable-win32-cypto or automatically on
- _WIN32 based platforms, subsequent builds broke with the following
- error message:
+ This feature was unintentionally disabled by commit ff92fcfb.
+
+- nss: do not abort on connection failure
- "Can't compile NTLM support without a crypto library."
+ ... due to calling SSL_VersionRangeGet() with NULL file descriptor
+
+ reported-by: upstream tests 305 and 404
-- RELEASE-NOTES: Synced with 526603ff05
+Dan Fandrich (1 Jul 2014)
+- opts: Document the socket callback function parameters
-- [Bill Nagel brought this change]
+Steve Holme (28 Jun 2014)
+- opts: Fixed some typos
- smb: Build with SSPI enabled
-
- Build SMB/CIFS protocol support when SSPI is enabled.
+Dan Fandrich (25 Jun 2014)
+- curl_easy_setopt.3: fixed the error code for an unsupported option
-- [Bill Nagel brought this change]
+- opts: added some DEFAULT and RETURN VALUE sections
- ntlm: Use Windows Crypt API
+Daniel Stenberg (21 Jun 2014)
+- libcurl docs: man page edits
- Allow the use of the Windows Crypt API for NTLMv1 functions.
+ mainly to improve how the web versions render
-Dan Fandrich (7 Dec 2014)
-- cookie.c: Refactored cleanup code to simplify
-
- Also, fixed the outdated comments on the cookie API.
+Dan Fandrich (21 Jun 2014)
+- curl_easy_setopt.3: fixed some typos
-- get_url_file_name: Fixed crash on OOM on debug build
+Daniel Stenberg (21 Jun 2014)
+- lib man pages: update easy setopt option references
- This caused a null-pointer dereference which caused a few dozen
- torture tests to fail.
+ ... by using the "\fIopt(3)\fP" syntax they will be linked properly when
+ the web version of the page is generated.
-Steve Holme (6 Dec 2014)
-- sws.c: Fixed compilation warning
+- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default
+
+- [Colin Hogben brought this change]
+
+ lib: documentation updates in README.hostip
- sws.c:2191 warning: 'rc' may be used uninitialized in this function
+ c-ares now does support IPv6;
+ avoid implying threaded resolver is Windows-only;
+ two referenced source files were renamed in 7de2f92
-- ftp.c: Fixed compilation warnings when proxy support disabled
+- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
- ftp.c:1827 warning: unused parameter 'newhost'
- ftp.c:1827 warning: unused parameter 'newport'
+ ... to the always-copy-char *-argument.
+
+ And fix some minor mistakes.
-- smb: Fixed a problem with large file transfers
+- curl_easy_setopt.3: refer to the individual man pages
- Fixed an issue with the message size calculation where the raw bytes
- from the buffer were interpreted as signed values rather than unsigned
- values.
+ With all the new individual option man pages created, this now refers to
+ each separate one instead of duplicaing the info. Also makes this page
+ easier to overview.
+
+Dan Fandrich (21 Jun 2014)
+- opts: fixed mancheck for out-of-tree builds
+
+Daniel Stenberg (21 Jun 2014)
+- curl_easy_setopt.3: shorten
- Reported-by: Gisle Vanem
- Assisted-by: Bill Nagel
+ shorten descriptions, mostly refer to the separate descriptions
-- smb: Moved the URL decoding into a separate function
+- CURLOPT_DNS_LOCAL_IP4.3: better short desc
-- smb: Fixed URL encoded URLs not working
+Dan Fandrich (20 Jun 2014)
+- opts: document CURLE_OUT_OF_MEMORY among other return values
-- Makefile.inc: Added our standard header and updated file formatting
+- opts: fixed some typos
-- Makefile.inc: Updated file formatting
+Daniel Stenberg (20 Jun 2014)
+- opts: various corrections
+
+- opts: add the rest of the options
- Aligned continuation character and used space as the separator
- character as per other makefile files.
+ ... and fixed mancheck to ignore obsolete options
-- curl_md4.h: Updated copyright year following recent edit
+- opts: the final bunch of options as man pages
- ...and minor layout adjustment.
+ Now all current options have their own man pages.
-Patrick Monnerat (5 Dec 2014)
-- SMB: Fix big endian problems. Make it OS/400 aware.
+- opts: 37 additional man pages
-- OS400: enable NTLM authentication
+- CURLOPT_URL: move up the text from "Notes"
-Steve Holme (5 Dec 2014)
-- multi.c: Fixed compilation warning
+- ROADMAP: removed, now ROADMAP.md
+
+- ROADMAP.md: make it markdown formatted
+
+- ROADMAP: initial commit of "curl the next few years"
- multi.c:2695: warning: declaration of `exp' shadows a global declaration
+ To be further discussed, debated and edited
-Guenter Knauf (5 Dec 2014)
-- build: updated dependencies in makefiles.
+- opts: more man pages
-Steve Holme (5 Dec 2014)
-- sasl: Corrected formatting of function descriptions
+- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'
+
+- opts: makefile now includes all current man pages
+
+- opts: 11 more man pages
+
+Dan Fandrich (18 Jun 2014)
+- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE
+
+- opts: fixed a couple of typos
+
+Patrick Monnerat (18 Jun 2014)
+- OS400: make it compilable again. Make RPG binding up to date.
+
+- buildconf: do not search tools in current directory.
+
+Dan Fandrich (18 Jun 2014)
+- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
+
+ This is consistent with the existing obsolete error code naming
+ convention.
+
+Daniel Stenberg (18 Jun 2014)
+- opts: 16 more man pages