5 \___|\___/|_| \_\_____|
9 Version 7.56.1 (23 Oct 2017)
11 Daniel Stenberg (23 Oct 2017)
12 - RELEASE-NOTES: 7.56.1
14 - THANKS: update at 7.56.1 release time
16 - [Jon DeVree brought this change]
18 mk-ca-bundle: Remove URL for aurora
20 Aurora is no longer used by Mozilla
21 https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
23 - [Jon DeVree brought this change]
25 mk-ca-bundle: Fix URL for NSS
27 The 'tip' is the most recent branch committed to, this should be
28 'default' like the URLs for the browser are.
32 - imap: if a FETCH response has no size, don't call write callback
36 Reported-by: Brian Carpenter and 0xd34db347
37 Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
39 - ftp: reject illegal IP/port in PASV 227 response
41 ... by using range checks. Among other things, this avoids an undefined
42 behavior for a left shift that could happen on negative or very large
47 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
49 Patrick Monnerat (20 Oct 2017)
50 - test653: check reuse of easy handle after mime data change
54 - mime: do not reuse previously computed multipart size
56 The contents might have changed: size must be recomputed.
58 Reported-by: moteus on github
61 - test308: disable if MultiSSL feature enabled
63 Even if OpenSSL is enabled, it might not be the default backend when
64 multi-ssl is enabled, causing the test to fail.
66 - runtests: support MultiSSL client feature
68 - vtls: change struct Curl_ssl `close' field name to `close_one'.
70 On OS/400, `close' is an ASCII system macro that corrupts the code if
71 not used in a context not targetting the close() system API.
73 - os400: add missing symbols in config file.
75 Also adjust makefile to renamed files and warn about installation dirs mix-up.
77 - test652: curl_mime_data + base64 encoder with large contents
79 - mime: limit bas64-encoded lines length to 76 characters
81 Daniel Stenberg (16 Oct 2017)
82 - RELEASE-NOTES: synced with f121575c0
84 - setopt: range check most long options
86 ... filter early instead of risking "funny values" having to be dealt
89 - setopt: avoid integer overflows when setting millsecond values
91 ... that are multiplied by 1000 when stored.
93 For 32 bit long systems, the max value accepted (2147483 seconds) is >
94 596 hours which is unlikely to ever be set by a legitimate application -
95 and previously it didn't work either, it just caused undefined behavior.
97 Also updated the man pages for these timeout options to mention the
102 Viktor Szakats (15 Oct 2017)
103 - makefile.m32: allow to override gcc, ar and ranlib
105 Allow to ovverride certain build tools, making it possible to
106 use LLVM/Clang to build curl. The default behavior is unchanged.
107 To build with clang (as offered by MSYS2), these settings can
112 CURL_RANLIB=llvm-ranlib
114 Closes https://github.com/curl/curl/pull/1993
116 - ldap: silence clang warning
118 Use memset() to initialize a structure to avoid LLVM/Clang warning:
119 ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]
121 Closes https://github.com/curl/curl/pull/1992
123 Daniel Stenberg (14 Oct 2017)
124 - runtests: use valgrind for torture as well
126 NOTE: it makes them terribly slow. I recommend only using valgrind for
127 specific torture tests or using lots of patience.
129 - memdebug: trace send, recv and socket
131 ... to allow them to be included in torture tests too.
135 - configure: remove the C++ compiler check
137 ... we used it only for the fuzzer, which we now have in a separate git
142 Patrick Monnerat (13 Oct 2017)
143 - mime: do not call failf() if easy handle is NULL.
145 Daniel Stenberg (13 Oct 2017)
146 - test651: curl_formadd with huge COPYCONTENTS
148 - mime: fix the content reader to handle >16K data properly
150 Reported-by: Jeroen Ooms
153 Patrick Monnerat (12 Oct 2017)
154 - mime: keep "text/plain" content type if user-specified.
156 Include test cases in 554, 587, 650.
158 Fixes https://github.com/curl/curl/issues/1986
160 - cli tool: use file2memory() to buffer stdin in -F option.
162 Closes PR https://github.com/curl/curl/pull/1985
164 - cli tool: reimplement stdin buffering in -F option.
166 If stdin is not a regular file, its content is memory-buffered to enable
167 a possible data "rewind".
168 In all cases, stdin data size is determined before real use to avoid
169 having an unknown part's size.
171 --libcurl generated code is left as an unbuffered stdin fread/fseek callback
172 part with unknown data size.
174 Buffering is not supported in deprecated curl_formadd() API.
176 Daniel Stenberg (12 Oct 2017)
177 - winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
179 - HELP-US: the label "PR-welcome" is now renamed to "help wanted"
181 following the new github "standard"
183 - RELEASE-NOTES: synced with 5505df7d2
185 Jay Satiro (11 Oct 2017)
186 - [Artak Galoyan brought this change]
188 url: Update current connection SSL verify params in setopt
190 Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
191 connection updates the current connection's (i.e.'connectdata'
192 structure) appropriate ssl_config (and ssl_proxy_config) structures
193 variables, making these options effective for ongoing connection.
195 This functionality was available before and was broken by the
197 "proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
198 CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151.
200 Bug: https://github.com/curl/curl/issues/1941
202 Closes https://github.com/curl/curl/pull/1951
204 Daniel Stenberg (11 Oct 2017)
205 - [David Benjamin brought this change]
207 openssl: don't use old BORINGSSL_YYYYMM macros
209 Those were temporary things we'd add and remove for our own convenience
210 long ago. The last few stayed around for too long as an oversight but
211 have since been removed. These days we have a running
212 BORINGSSL_API_VERSION counter which is bumped when we find it
213 convenient, but 2015-11-19 was quite some time ago, so just check
214 OPENSSL_IS_BORINGSSL.
218 - test950; verify SMTP with custom request
220 - ftpserver: support case insensitive commands
222 - smtp_done: free data before returning (on send failure)
224 ... as otherwise it could leak that memory.
226 Detected by OSS-fuzz:
227 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
229 Assisted-by: Max Dymond
232 - FTP: URL decode path for dir listing in nocwd mode
234 Reported-by: Zenju on github
236 Test 244 added to verify
240 - test298: verify --ftp-method nowcwd with URL encoded path
244 - CURLOPT_XFERINFODATA.3: fix duplicate see also
246 - CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
248 - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
250 - openssl: enable PKCS12 support for !BoringSSL
252 Enable PKCS12 for all non-boringssl builds without relying on configure
255 Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
256 Reported-by: Christian Schmitz
259 - [Kristiyan Tsaklev brought this change]
261 curl: don't pass semicolons when parsing Content-Disposition
263 Test 1422 updated to verify.
267 Patrick Monnerat (9 Oct 2017)
268 - mime: properly unbind mime structure in curl_mime_free().
270 This allows freeing a mime structure bound to the easy handle before
275 Daniel Stenberg (9 Oct 2017)
276 - RTSP: avoid integer overflow on funny RTSP response
278 ... like a very large non-existing RTSP version number.
280 Added test 577 to verify.
282 Detected by OSS-fuzz.
285 Patrick Monnerat (8 Oct 2017)
286 - ftpserver: properly reset $ftptargetdir.
288 - test643: verify curl_mime_subparts() rejects cyclic additions.
290 - mime: refuse to add subparts to one of their own descendants.
292 Reported-by: Alexey Melnichuk
295 - mime: avoid resetting a part's encoder when part's contents change.
297 - mime: improve unbinding top multipart from easy handle.
299 Also avoid dangling pointers in referencing parts.
301 Daniel Stenberg (8 Oct 2017)
302 - RELEASE-NOTES: synced with a4c1c75da30af1
304 - curlver.h: next expected release is 7.57.0
306 Patrick Monnerat (8 Oct 2017)
307 - mime: be tolerant about setting twice the same header list in a part.
309 - docs: clarify form/mime usage of non-regular data files.
311 Daniel Stenberg (8 Oct 2017)
312 - Revert "multi_done: wait for name resolve to finish if still ongoing"
314 This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe.
316 Caused memory leaks in the fuzzer, needs to be done differently.
318 Disable test 1553 for now too, as it causes memory leaks without this
321 - remove_handle: call multi_done() first, then clear dns cache pointer
325 - multi_done: wait for name resolve to finish if still ongoing
327 ... as we must clean up memory.
329 - pingpong: return error when trying to send without connection
331 When imap_done() got called before a connection is setup, it would try
332 to "finish up" and dereffed a NULL pointer.
334 Test case 1553 managed to reproduce. I had to actually use a host name
335 to try to resolve to slow it down, as using the normal local server IP
336 will make libcurl get a connection in the first curl_multi_perform()
337 loop and then the bug doesn't trigger.
340 Assisted-by: Max Dymond
342 Dan Fandrich (6 Oct 2017)
343 - tests: added flaky keyword to tests 587 and 644
345 These are around 5% flaky in my Linux x86 autobuilds.
347 Marcel Raad (6 Oct 2017)
348 - vtls: fix warnings with --disable-crypto-auth
350 When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters
353 Daniel Stenberg (6 Oct 2017)
354 - multi_cleanup: call DONE on handles that never got that
356 ... fixes a memory leak with at least IMAP when remove_handle is never
357 called and the transfer is abruptly just abandoned early.
359 Test 1552 added to verify
362 Assisted-by: Max Dymond
365 - [Benbuck Nason brought this change]
367 strtoofft: Remove extraneous null check
369 Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str'
374 - openssl: fix build without HAVE_OPAQUE_EVP_PKEY
376 Reported-by: Javier Sixto
380 Viktor Szakats (6 Oct 2017)
381 - lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
383 The source code is now prepared to handle the case when both
384 Win32 Crypto and OpenSSL/NSS crypto backends are enabled
385 at the same time, making it now possible to enable `USE_WIN32_CRYPTO`
386 whenever the targeted Windows version supports it. Since this
387 matches the minimum Windows version supported by curl
388 (Windows 2000), enable it unconditionally for the Win32 platform.
390 This in turn enables SMB (and SMBS) protocol support whenever
391 Win32 Crypto is available, regardless of what other crypto backends
394 Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052
396 Closes https://github.com/curl/curl/pull/1943
398 Daniel Stenberg (5 Oct 2017)
399 - build: fix --disable-crypto-auth
401 Reported-by: Wyatt O'Day
405 Jay Satiro (5 Oct 2017)
406 - [Nick Zitzmann brought this change]
408 darwinssl: add support for TLSv1.3
410 Closes https://github.com/curl/curl/pull/1794
412 Daniel Stenberg (4 Oct 2017)
413 - [Felix Kaiser brought this change]
415 docs: fix typo in curl_mime_data_cb man page
419 Viktor Szakats (4 Oct 2017)
420 - lib/Makefile.m32: allow customizing dll suffixes
422 - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated
423 libcurl dll name. Useful to add `-x64` to 64-bit builds so that
424 it can live in the same directory as the 32-bit one. By default
427 - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the
428 generated import library (implib) for libcurl .dll. It defaults
429 to `dll`, and it's useful to modify that to `.dll` to have the
430 standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`.
432 Closes https://github.com/curl/curl/pull/1942
434 Daniel Stenberg (4 Oct 2017)
435 - [Max Dymond brought this change]
437 fuzzer: move to using external curl-fuzzer
439 Use the external curl-fuzzer repository for fuzzing.
443 - failf: skip the sprintf() if there are no consumers
447 - ftp: UBsan fixup 'pointer index expression overflowed'
451 - RELEASE-PROCEDURE: update the release schedule
453 Version 7.56.0 (4 Oct 2017)
455 Daniel Stenberg (4 Oct 2017)
456 - RELEASE-NOTES: curl 7.56.0
458 - THANKS: added new 7.56.0 contributors
460 Jay Satiro (4 Oct 2017)
461 - build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported
463 Ref: https://github.com/curl/curl/issues/1002
465 Michael Kaufmann (3 Oct 2017)
466 - idn: fix source code comment
468 - vtls: compare and clone ssl configs properly
470 Compare these settings in Curl_ssl_config_matches():
471 - verifystatus (CURLOPT_SSL_VERIFYSTATUS)
472 - random_file (CURLOPT_RANDOM_FILE)
473 - egdsocket (CURLOPT_EGDSOCKET)
475 Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
476 and copy the setting "sessionid" unconditionally.
478 This means that reusing connections that are secured with a client
479 certificate is now possible, and the statement "TLS session resumption
480 is disabled when a client certificate is used" in the old advisory at
481 https://curl.haxx.se/docs/adv_20170419.html is obsolete.
483 Reviewed-by: Daniel Stenberg
487 - proxy: read the "no_proxy" variable only if necessary
489 Reviewed-by: Daniel Stenberg
493 Patrick Monnerat (3 Oct 2017)
494 - libcurl-tutorial: add casts in example to avoid compilation warnings.
496 Daniel Stenberg (3 Oct 2017)
497 - examples: bring back curl_formadd-using examples
499 ... now with a -formadd suffix. While the new mime API is introduced in
500 7.56.0 we must acknowledge that lots of users can't upgrade their curl
501 versions immediately.
503 - test1153: verify quoted double-qoutes in PWD response
505 - FTP: zero terminate the entry path even on bad input
507 ... a single double quote could leave the entry path buffer without a zero
508 terminating byte. CVE-2017-1000254
510 Test 1152 added to verify.
512 Reported-by: Max Dymond
513 Bug: https://curl.haxx.se/docs/adv_20171004.html
515 Jay Satiro (2 Oct 2017)
516 - [Sergei Nikulov brought this change]
518 cmake: disable tests and man generation if perl/nroff not found
520 Fixes https://github.com/curl/curl/issues/1500
521 Reported-by: Jay Satiro
523 Fixes https://github.com/curl/curl/pull/1662
524 Assisted-by: Tom Seddon
525 Assisted-by: dpull@users.noreply.github.com
526 Assisted-by: elelel@users.noreply.github.com
528 Closes https://github.com/curl/curl/pull/1924
530 Patrick Monnerat (2 Oct 2017)
531 - libcurl-tutorial: fix two typos.
533 - TODO: remove deprecated form API items.
535 - libcurl-tutorial: describe MIME API and deprecate form API.
537 Include a guide to form/mime API conversion.
539 Daniel Stenberg (30 Sep 2017)
540 - cookie: fix memory leak if path was set twice in header
542 ... this will let the second occurance override the first.
544 Added test 1161 to verify.
546 Reported-by: Max Dymond
550 Dan Fandrich (30 Sep 2017)
551 - test650: Use variable replacement to set the host address and port
553 Otherwise, the test fails when the -b test option is used to set a
554 different test port range.
556 - Set and use more necessary options when some protocols are disabled
558 When curl and libcurl are built with some protocols disabled, they stop
559 setting and receiving some options that don't make sense with those
560 protocols. In particular, when HTTP is disabled many options aren't set
561 that are used only by HTTP. However, some options that appear to be
562 HTTP-only are actually used by other protocols as well (some despite
563 having HTTP in the name) and should be set, but weren't. This change now
564 causes some of these options to be set and used for more (or for all)
565 protocols. In particular, this fixes tests 646 through 649 in an
566 HTTP-disabled build, which use the MIME API in the mail protocols.
568 Daniel Stenberg (29 Sep 2017)
569 - test1160: verifies cookie leak for large cookies
571 The fix done in 20ea22ff735
573 - cookie: fix memory leak on oversized rejection
575 Regression brought by 2bc230de63b
577 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
578 Assisted-by: Max Dymond
582 - [Anders Bakken brought this change]
584 connect: fix race condition with happy eyeballs timeout
586 The timer should be started after conn->connecttime is set. Otherwise
587 the timer could expire without this condition being true:
589 /* should we try another protocol family? */
590 if(i == 0 && conn->tempaddr[1] == NULL &&
591 curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {
595 Michael Kaufmann (28 Sep 2017)
596 - docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
600 - docs: clarify the use of environment variables for proxy
604 - http: add custom empty headers to repeated requests
608 - reuse_conn: don't copy flags that are known to be equal
610 A connection can only be reused if the flags "conn_to_host" and
611 "conn_to_port" match. Therefore it is not necessary to copy these flags
616 Daniel Stenberg (27 Sep 2017)
617 - curl.h: include <sys/select.h> on cygwin too
619 When building with -std=c++14 on cygwin, this header won't be
620 automatically included as it otherwise is.
622 The <sys/select.h> include decision should ideally be reversed and be
623 avoided where that header file doesn't exist.
625 Reported-by: Ian Fette
628 - RELEASE-NOTES: synced with d8ab5dc50
630 Michael Kaufmann (24 Sep 2017)
631 - tests: adjust .gitignore for new tests
633 Jay Satiro (23 Sep 2017)
634 - ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header
636 .. and include the core NTLM header in all NTLM-related source files.
638 Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT
639 but did not include vtls.h where it was defined.
641 Closes https://github.com/curl/curl/pull/1911
643 Daniel Stenberg (23 Sep 2017)
644 - file_range: avoid integer overflow when figuring out byte range
646 When trying to bump the value with one and the value is already at max,
647 it causes an integer overflow.
650 Detected by oss-fuzz:
651 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465
653 Assisted-by: Max Dymond
655 Michael Kaufmann (23 Sep 2017)
656 - tests: fix a compiler warning in test 643
658 Jay Satiro (23 Sep 2017)
659 - symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry
661 - Use spaces instead of tabs as the delimiter.
663 Follow up to 7c52b12 which added the entry. The entry had used tabs but
664 the symbol-scan parser doesn't recognize tabs and would fail the symbol.
666 Viktor Szakats (22 Sep 2017)
667 - metalink: fix NSS issue in MultiSSL builds
669 In MultiSSL mode (i.e. when more than one SSL backend is compiled
670 in), we cannot use the compile time flag `USE_NSS` as indicator that
671 the NSS backend is in use. As far as Metalink is concerned, the SSL
672 backend is only used for MD5, SHA-1 and SHA-256 calculations,
673 therefore one of the available SSL backends is selected at compile
674 time, in a strict order of preference.
676 Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used
677 to determine whether the SSL backend used for Metalink is the NSS
678 backend, and use that to guard the code that wants to de-initialize
679 the NSS-specific data structure.
681 Ref: https://github.com/curl/curl/pull/1848
683 - ntlm: use strict order for SSL backend #if branches
685 With the recently introduced MultiSSL support multiple SSL backends
686 can be compiled into cURL That means that now the order of the SSL
688 One option would be to use the same SSL backend as was configured
689 via `curl_global_sslset()`, however, NTLMv2 support would appear
690 to be available only with some SSL backends. For example, when
691 eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced
692 support for NTLMv1 using Windows' Crypt API, it specifically did
693 *not* introduce NTLMv2 support using Crypt API at the same time.
695 So let's select one specific SSL backend for NTLM support when
696 compiled with multiple SSL backends, using a priority order such
697 that we support NTLMv2 even if only one compiled-in SSL backend can
700 Ref: https://github.com/curl/curl/pull/1848
702 Daniel Stenberg (22 Sep 2017)
703 - symbols-in-versions: add CURLSSLSET_NO_BACKENDS
705 ...fixup from b8e0fe19ec
707 - imap: quote atoms properly when escaping characters
709 Updates test 800 to verify
714 - tests: make the imap server not verify user+password
716 ... as the test cases themselves do that and it makes it easier to add
719 Test 800 updated to use user name + password that need quoting.
721 Test 856 updated to trigger an auth fail differently.
725 - vtls: provide curl_global_sslset() even in non-SSL builds
727 ... it just returns error:
729 Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367
730 Reported-by: Marcel Raad
734 Patrick Monnerat (22 Sep 2017)
735 - form/mime: field names are not allowed to contain zero-valued bytes.
737 Also suppress length argument of curl_mime_name() (names are always
740 Daniel Stenberg (21 Sep 2017)
741 - [Dirk Feytons brought this change]
743 openssl: only verify RSA private key if supported
745 In some cases the RSA key does not support verifying it because it's
746 located on a smart card, an engine wants to hide it, ...
747 Check the flags on the key before trying to verify it.
748 OpenSSL does the same thing internally; see ssl/ssl_rsa.c
752 Marcel Raad (21 Sep 2017)
753 - examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
755 Otherwise, typecheck-gcc.h warns on MinGW-w64.
757 Patrick Monnerat (20 Sep 2017)
758 - mime: rephrase the multipart output state machine (#1898) ...
760 ... in hope coverity will like it much.
762 - mime: fix an explicit null dereference (#1899)
764 Daniel Stenberg (20 Sep 2017)
765 - curl: check fseek() return code and bail on error
767 Detected by coverity. CID 1418137.
769 - smtp: fix memory leak in OOM
771 Regression since ce0881edee
773 Coverity CID 1418139 and CID 1418136 found it, but it was also seen in
776 - RELEASE-NOTES: synced with 5fe85587c
778 - [Pavel P brought this change]
780 cookies: use lock when using CURLINFO_COOKIELIST
784 - [Max Dymond brought this change]
786 ossfuzz: changes before merging the generated corpora
788 Before merging in the oss-fuzz corpora from Google, there are some changes
790 - Add a read corpus script, to display corpus files nicely.
791 - Change the behaviour of the fuzzer so that TLV parse failures all now
792 go down the same execution paths, which should reduce the size of the
794 - Make unknown TLVs a failure to parse, which should decrease the size
795 of the corpora as well.
799 - mime:escape_string minor clarification change
801 ... as it also removes a warning with old gcc versions.
803 Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html
804 Reported-by: Ben Greear
806 - [Max Dymond brought this change]
808 ossfuzz: don't write out to stdout
810 Don't make the fuzzer write out to stdout - instead write some of the
811 contents to a memory block so we exercise the data output code but
816 - cookies: reject oversized cookies
818 ... instead of truncating them.
820 There's no fixed limit for acceptable cookie names in RFC 6265, but the
821 entire cookie is said to be less than 4096 bytes (section 6.1). This is
822 also what browsers seem to implement.
824 We now allow max 5000 bytes cookie header. Max 4095 bytes length per
825 cookie name and value. Name + value together may not exceed 4096 bytes.
827 Added test 1151 to verify
829 Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
830 Reported-by: Kevin Smith
834 - travis: on mac, don't install openssl or libidn
836 - openssl is already installed and causes warnings when trying to
839 - libidn isn't used these days, and homebrew doesn't seem to have a
840 libidn2 package to replace with easily
844 - curl: make str2udouble not return values on error
846 ... previously it would store a return value even when it returned
847 error, which could make the value get used anyway!
849 Reported-by: Brian Carpenter
852 Jay Satiro (18 Sep 2017)
853 - socks: fix incorrect port number in SOCKS4 error message
855 Prior to this change it appears the SOCKS5 port parsing was erroneously
856 used for the SOCKS4 error message, and as a result an incorrect port
857 would be shown in the error message.
859 Bug: https://github.com/curl/curl/issues/1892
860 Reported-by: Jackarain@users.noreply.github.com
862 - [Marc Aldorasi brought this change]
864 schannel: Support partial send for when data is too large
866 Schannel can only encrypt a certain amount of data at once. Instead of
867 failing when too much data is to be sent at once, send as much data as
868 we can and let the caller send the remaining data by calling send again.
870 Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html
872 Closes https://github.com/curl/curl/pull/1890
874 - [David Benjamin brought this change]
876 openssl: add missing includes
878 lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include
879 their headers directly rather than relying on other OpenSSL headers
882 Closes https://github.com/curl/curl/pull/1891
884 Daniel Stenberg (15 Sep 2017)
885 - conversions: fix several compiler warnings
887 - server/getpart: provide dummy function to build conversion enabled
889 - non-ascii: use iconv() with 'char **' argument
891 Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
893 - escape.c: error: pointer targets differ in signedness
895 - docs: clarify the CURLOPT_INTERLEAVE* options behavior
897 - [Max Dymond brought this change]
899 rtsp: Segfault in rtsp.c when using WRITEDATA
901 If the INTERLEAVEFUNCTION is defined, then use that plus the
902 INTERLEAVEDATA information when writing RTP. Otherwise, use
903 WRITEFUNCTION and WRITEDATA.
908 Marcel Raad (15 Sep 2017)
909 - [Isaac Boukris brought this change]
911 tests: enable gssapi in travis-ci linux build
913 Closes https://github.com/curl/curl/pull/1687
915 - [Isaac Boukris brought this change]
917 tests: add initial gssapi test using stub implementation
919 The stub implementation is pre-loaded using LD_PRELOAD
920 and emulates common gssapi uses (only builds if curl is
921 initially built with gssapi support).
923 The initial tests are currently disabled for debug builds
924 as LD_PRELOAD is not used then.
926 Ref: https://github.com/curl/curl/pull/1687
928 Daniel Stenberg (15 Sep 2017)
929 - test1150: verify same host fetch using different ports over proxy
933 - URL: on connection re-use, still pick the new remote port
935 ... as when a proxy connection is being re-used, it can still get a
936 different remote port.
939 Reported-by: Oli Kingshott
941 - RELEASE-NOTES: synced with 87501e57f
943 - code style: remove wrong uses of multiple spaces
947 - checksrc: detect and warn for multiple spaces
949 - code style: use space after semicolon
951 - checksrc: verify space after semicolons
953 - code style: use spaces around pluses
955 - checksrc: detect and warn for lack of spaces next to plus signs
957 - code style: use spaces around equals signs
959 - checksrc: verify spaces around equals signs
961 ... as the code style mandates.
963 - Curl_checkheaders: make it available for IMAP and SMTP too
965 ... not only HTTP uses this now.
969 - travis: add build without HTTP/SMTP/IMAP
971 Jay Satiro (10 Sep 2017)
972 - mbedtls: enable CA path processing
974 CA path processing was implemented when mbedtls.c was added to libcurl
975 in fe7590f, but it was never enabled.
977 Bug: https://github.com/curl/curl/issues/1877
978 Reported-by: SBKarr@users.noreply.github.com
980 Daniel Stenberg (8 Sep 2017)
981 - rtsp: do not call fwrite() with NULL pointer FILE *
983 If the default write callback is used and no destination has been set, a
984 NULL pointer would be passed to fwrite()'s 4th argument.
986 OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
987 (not publicly open yet)
992 - configure: use -Wno-varargs on clang 3.9[.X] debug builds
994 ... to avoid a clang bug
996 - [Max Dymond brought this change]
998 ossfuzz: add some more handled CURL options
1000 Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT,
1001 MAIL_FROM and uploading data.
1003 - configure: check for C++ compiler after C, to make it non-fatal
1005 The tests for object file/executable file extensions are presumably only
1006 done for the first of these macros in the configure file.
1008 Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
1009 Reported-by: Marcel Raad
1012 Patrick Monnerat (7 Sep 2017)
1013 - form API: add new test 650.
1015 Now that the form API is deprecated and not used anymore in curl tool,
1016 a lot of its features left untested. Test 650 attempts to check all these
1017 features not tested elsewhere.
1019 Jay Satiro (7 Sep 2017)
1020 - configure: fix curl_off_t check's include order
1022 - Prepend srcdir include path instead of append.
1024 Prior to this change it was possible that during the check for the size
1025 of curl_off_t the include path of a user's already installed curl could
1026 come before the include path of the to-be-built curl, resulting in the
1027 system.h of the former being incorrectly included for that check.
1029 Closes https://github.com/curl/curl/pull/1870
1031 Daniel Stenberg (7 Sep 2017)
1032 - [Jakub Zakrzewski brought this change]
1034 KNOWN_BUGS: Remove CMake symbol hiding issue
1036 It has already been fixed in 6140dfc
1038 - http-proxy: when not doing CONNECT, that phase is done immediately
1040 `conn->connect_state` is NULL when doing a regular non-CONNECT request
1041 over the proxy and should therefor be considered complete at once.
1045 Reported-by: Lawrence Wagerfield
1047 - [Johannes Schindelin brought this change]
1049 OpenSSL: fix yet another mistake while encapsulating SSL backend data
1051 Another mistake in my manual fixups of the largely mechanical
1052 search-and-replace ("connssl->" -> "BACKEND->"), just like the previous
1053 commit concerning HTTPS proxies (and hence not caught during my
1059 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1061 - [Johannes Schindelin brought this change]
1063 OpenSSL: fix erroneous SSL backend encapsulation
1065 In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
1066 data, 2017-06-21), this developer prepared for a separation of the
1067 private data of the SSL backends from the general connection data.
1069 This conversion was partially automated (search-and-replace) and
1070 partially manual (e.g. proxy_ssl's backend data).
1072 Sadly, there was a crucial error in the manual part, where the wrong
1073 handle was used: rather than connecting ssl[sockindex]' BIO to the
1074 proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
1075 was an incorrect location to paste "BACKEND->"... d'oh.
1077 Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.
1079 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1081 - [Jay Satiro brought this change]
1083 vtls: fix memory corruption
1085 Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
1086 2017-07-28), the code handling HTTPS proxies was broken because the
1087 pointer to the SSL backend data was not swapped between
1088 conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
1089 instead set to NULL (causing segmentation faults).
1091 [jes: provided the commit message, tested and verified the patch]
1093 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1095 - vtls: switch to CURL_SHA256_DIGEST_LENGTH define
1097 ... instead of the prefix-less version since WolfSSL 3.12 now uses an
1098 enum with that name that causes build failures for us.
1102 Reported-by: Gisle Vanem
1104 - travis: add c-ares enabled builds linux + osx
1108 - HISTORY: added some recent items
1110 Jay Satiro (6 Sep 2017)
1111 - SSL: fix unused parameter warnings
1113 Patrick Monnerat (6 Sep 2017)
1114 - mime: drop internal FILE * support.
1116 - The part kind MIMEKIND_FILE and associated code are suppressed.
1117 - Seek data origin offset not used anymore: suppressed.
1118 - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions
1119 renamed accordingly.
1120 - Curl_getformdata() processes stdin via a callback.
1122 Daniel Stenberg (6 Sep 2017)
1123 - configure: remove --enable-soname-bump and SONAME_BUMP
1125 Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we
1126 determine the native type for `curl_off_t`. To really make sure we
1127 didn't break ABI without bumping SONAME, we introduced logic that
1128 attempted to detect that it would use a different size and thus not be
1129 compatible. We also provided a manual switch that allowed users to tell
1130 configure to bump SONAME by force.
1132 Today, we know of no one who ever got a SONAME bump auto-detected and we
1133 don't know of anyone who's using the manual bump feature. The auto-
1134 detection is also no longer working since we introduced defining
1135 curl_off_t in system.h (7.55.0).
1137 Finally, this bumping logic is not present in the cmake build.
1141 Jay Satiro (6 Sep 2017)
1142 - [Gisle Vanem brought this change]
1144 vtls: select ssl backend case-insensitive (follow-up)
1146 - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well.
1148 - Change Curl_strcasecompare calls to strcasecompare
1149 (maps to the former but shorter).
1151 Follow-up to c290b8f.
1153 Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313
1155 Co-authored-by: Jay Satiro
1157 - openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation
1159 This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations.
1161 The first one, written for old OpenSSL versions:
1162 https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c
1164 The second one, written for BoringSSL and new OpenSSL versions:
1165 https://github.com/curl/curl/pull/1346
1167 Note the first one is GPL licensed but the author gave permission to
1168 waive that license for libcurl.
1170 As of right now this feature is disabled by default, and does not have
1171 a configure option to enable it. To enable this feature define
1172 ENABLE_SSLKEYLOGFILE when building libcurl and set environment
1173 variable SSLKEYLOGFILE to a pathname that will receive the keys.
1175 And in Wireshark change your preferences to point to that key file:
1176 Edit > Preferences > Protocols > SSL > Master-Secret
1178 Co-authored-by: Peter Wu
1180 Ref: https://github.com/curl/curl/pull/1030
1181 Ref: https://github.com/curl/curl/pull/1346
1183 Closes https://github.com/curl/curl/pull/1866
1185 Patrick Monnerat (5 Sep 2017)
1186 - mime: fix a trivial warning.
1188 - mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code.
1190 mime_state is now a typedef.
1192 - mime: implement encoders.
1194 curl_mime_encoder() is operational and documented.
1195 curl tool -F option is extended with ";encoder=".
1196 curl tool --libcurl option generates calls to curl_mime_encoder().
1197 New encoder tests 648 & 649.
1198 Test 1404 extended with an encoder specification.
1200 - runtests.pl: support attribute "nonewline" in part verify/upload.
1202 - [Daniel Stenberg brought this change]
1206 - [Daniel Stenberg brought this change]
1208 mime: unified to use the typedef'd mime structs everywhere
1210 ... and slightly edited to follow our code style better.
1212 - [Daniel Stenberg brought this change]
1214 curl.h: use lower case curl_mime* as for all public symbols
1216 - [Daniel Stenberg brought this change]
1218 docs/curl_mime_*.3: use correct variable types in examples
1220 Kamil Dudka (5 Sep 2017)
1221 - openssl: use OpenSSL's default ciphers by default
1223 Up2date versions of OpenSSL maintain the default reasonably secure
1224 without breaking compatibility, so it is better not to override the
1225 default by curl. Suggested at https://bugzilla.redhat.com/1483972
1229 Viktor Szakats (5 Sep 2017)
1230 - examples/mime: minor example code fixes
1232 Daniel Stenberg (5 Sep 2017)
1233 - docs/curl_mime_*.3: added examples
1235 - configure: add MultiSSL to FEATURES when enabled
1237 ...for curl-config and its corresponding test 1014
1239 - http-proxy: treat all 2xx as CONNECT success
1241 Added test 1904 to verify.
1243 Reported-by: Lawrence Wagerfield
1247 - MAIL-ETIQUETTE: added "1.9 Your emails are public"
1249 - curl.h: fix "unused checksrc ignore", remove dangling reference
1251 ... to a README file that doesn't exist anymore
1253 Viktor Szakats (4 Sep 2017)
1254 - docs: Update to secure URL versions
1256 - mime: use CURL_ZERO_TERMINATED in examples
1258 and some minor whitespace fixes
1260 Daniel Stenberg (4 Sep 2017)
1261 - schannel: return CURLE_SSL_CACERT on failed verification
1263 ... not *CACERT_BADFILE as it isn't really because of a bad file.
1265 Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html
1268 - test1135: fixed after bd8070085f9
1270 - examples/post-callback: stop returning one byte at a time
1272 ... since people copy and paste code from this example and thus they get
1273 an inefficient POST operation without a good reason and sometimes
1274 without understanding why.
1276 Instead this now returns as much data as possible.
1278 - RELEASE-NOTES: fixed the function counter script
1280 - curl.h: make the curl_strequal() protos use the same style
1282 ... as the other functions. Makes it easier to machine-parse!
1284 - docs: curl_mime_*.3 man page formatting edits
1286 - RELEASE-NOTES: synced with 1ab9e9b50
1288 Patrick Monnerat (4 Sep 2017)
1289 - lib: bump version info (soname). Adapt and reenable test 1135.
1291 Daniel Stenberg (3 Sep 2017)
1292 - headers: move the global_sslset() proto from multi.h to curl.h
1294 As it was added to multi.h simply to not break test 1135, which now has
1295 been disabled due to the mime API addition anyway and su we can now move
1296 the sslset stuff to where the other curl_global_* prototypes are.
1298 Patrick Monnerat (3 Sep 2017)
1299 - mime: fix signed/unsigned conversions.
1301 Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
1303 Jay Satiro (3 Sep 2017)
1304 - tool_formparse: fix some trivial warnings
1306 Patrick Monnerat (3 Sep 2017)
1307 - mime: use size_t instead of ssize_t in public API interface.
1309 To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED
1310 has been introduced.
1312 Documentation updated accordingly.
1314 symbols in versions updated. Added form API symbols deprecation info.
1316 - mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
1318 This feature is badly supported in Windows: as a replacement, a caller has
1319 to use curl_mime_data_cb() with fread, fseek and possibly fclose
1320 callbacks to process opened files.
1322 The cli tool and documentation are updated accordingly.
1324 The feature is however kept internally for form API compatibility, with
1325 the known caveats it always had.
1327 As a side effect, stdin size is not determined by the cli tool even if
1328 possible and this results in a chunked transfer encoding. Test 173 is
1329 updated accordingly.
1331 - mime: fix some implicit curl_off_t --> size_t conversion warnings.
1333 - mime: tests and examples.
1335 Additional mime-specific tests.
1336 Existing tests updated to reflect small differences (Expect: 100-continue,
1337 data size change due to empty lines, etc).
1338 Option -F headers= keyword added to tests.
1339 test1135 disabled until the entry point order change is resolved.
1340 New example smtp-mime.
1341 Examples postit2 and multi-post converted from form API to mime API.
1343 - mime: use in curl cli tool instead of form API.
1345 Extended -F option syntax to support multipart mail messages.
1346 -F keyword headers= added to include custom headers in parts.
1347 Documentation upgraded.
1349 - mime: new MIME API.
1351 Available in HTTP, SMTP and IMAP.
1352 Deprecates the FORM API.
1353 See CURLOPT_MIMEPOST.
1354 Lib code and associated documentation.
1356 - test564: Add a warning comment about shell profile output.
1358 Shell profile output makes the SSH server failing and this problem reason
1359 is not easy to find when no hint is given.
1361 - checksrc: disable SPACEBEFOREPAREN for case statement.
1363 The case keyword may be followed by a constant expression and thus should
1364 allow it to start with an open parenthesis.
1366 - runtests.pl: allow <file[1-4]> tags in client section.
1368 This enables tests to create more than one file on the client side.
1370 - runtests.pl: Apply strippart to upload too.
1372 This will allow substitution of boundaries in mail messages.
1374 - Curl_base64_encode: always call with a real data handle.
1376 Some calls in different modules were setting the data handle to NULL, causing
1377 segmentation faults when using builds that enable character code conversions.
1379 - non-ascii: allow conversion functions to be called with a NULL data handle.
1381 - http: fix a memory leakage in checkrtspprefix().
1383 Daniel Stenberg (2 Sep 2017)
1384 - [Max Dymond brought this change]
1386 ossfuzz: Move to C++ for curl_fuzzer.
1388 Automake gets confused if you want to use C++ static libraries with C
1389 code - basically we need to involve the clang++ linker. The easiest way
1390 of achieving this is to rename the C code as C++ code. This gets us a
1391 bit further along the path and ought to be compatible with Google's
1394 - curl_global_sslset: select backend by name case insensitively
1398 - [Max Dymond brought this change]
1400 ossfuzz: additional seed corpora
1402 Create simple seed corpora for:
1410 based off the tests of the same number.
1414 - [Max Dymond brought this change]
1416 ossfuzz: moving towards the ideal integration
1418 - Start with the basic code from the ossfuzz project.
1419 - Rewrite fuzz corpora to be binary files full of Type-Length-Value
1420 data, and write a glue layer in the fuzzing function to convert
1421 corpora into CURL options.
1422 - Have supporting functions to generate corpora from existing tests
1423 - Integrate with Makefile.am
1425 - strcase: corrected comment header for Curl_strcasecompare()
1427 - unit1301: fix error message on first test
1429 - curl_global_sslset.3: show the struct and enum too
1431 ... so that users can actually write code based on the man page alone,
1432 not having to read the header file.
1434 Jay Satiro (31 Aug 2017)
1435 - darwinssl: handle long strings in TLS certs (follow-up)
1437 - Fix handling certificate subjects that are already UTF-8 encoded.
1439 Follow-up to b3b75d1 from two days ago. Since then a copy would be
1440 skipped if the subject was already UTF-8, possibly resulting in a NULL
1443 Ref: https://github.com/curl/curl/issues/1823
1444 Ref: https://github.com/curl/curl/pull/1831
1446 Closes https://github.com/curl/curl/pull/1836
1448 Daniel Stenberg (31 Aug 2017)
1449 - cyassl: call it the "WolfSSL" backend
1451 ... instead of cyassl, as this is the current name for it.
1455 - polarssl: fix multissl breakage
1457 Reported-by: Dan Fandrich
1458 Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html
1461 - configure: remove the leading comma from the backends list
1463 ... when darwinssl is used.
1465 Reported-by: Viktor Szakats
1466 Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493
1470 Kamil Dudka (30 Aug 2017)
1471 - examples/sslbackend.c: fix failure of 'make checksrc'
1473 ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE)
1474 } else if(isdigit(*name)) {
1476 ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE)
1480 Viktor Szakats (30 Aug 2017)
1481 - makefile.m32: add multissl support
1483 Closes https://github.com/curl/curl/pull/1840
1485 Daniel Stenberg (30 Aug 2017)
1486 - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
1488 The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for
1489 CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk
1490 for a similar mistake, define the backend aliases to use the enum values
1493 Reported-by: Gisle Vanem
1494 Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html
1496 - curl_global_sslset.3: clarify
1498 it is a one time *set*, not necessarily a one time use... it can be
1499 called again if the first call failed or just listed the alternatives.
1501 clarify that the available backends are the ones this build supports
1503 plus add some formatting
1505 Reported-by: Rich Gray
1506 Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html
1508 - curl/multi.h: remove duplicated closing c++ brace
1510 Regression since 1328f69d53f2f2e93
1513 Reported-by: Andrei Karas
1515 - RELEASE-NOTES: synced with 8c33c963a
1517 - HELP-US.md: spelling
1519 - HELP-US.md: "How to get started helping out in the curl project"
1523 Dan Fandrich (29 Aug 2017)
1524 - asyn-thread: Fixed cleanup after OOM
1526 destroy_async_data() assumes that if the flag "done" is not set yet, the
1527 thread itself will clean up once the request is complete. But if an
1528 error (generally OOM) occurs before the thread even has a chance to
1529 start, it will never get a chance to clean up and memory will be leaked.
1530 By clearing "done" only just before starting the thread, the correct
1531 cleanup sequence will happen in all cases.
1533 Daniel Stenberg (28 Aug 2017)
1534 - curl_global_init.3: mention curl_global_sslset(3)
1536 Dan Fandrich (28 Aug 2017)
1537 - unit1606: Fixed shadowed variable warning
1539 - asyn-thread: Improved cleanup after OOM situations
1541 - asyn-thread: Set errno to the proper value ENOMEM in OOM situation
1543 This used to be set in some configurations to EAI_MEMORY which is not a
1544 valid value for errno and caused Curl_strerror to fail an assertion.
1546 Daniel Stenberg (28 Aug 2017)
1547 - [Johannes Schindelin brought this change]
1549 configure: Handle "MultiSSL" specially When versioning symbols
1551 There is a mode in which libcurl is compiled with versioned symbols,
1552 depending on the active SSL backend.
1554 When multiple SSL backends are active, it does not make sense to favor
1555 one over the others, so let's not: introduce a new prefix for the case
1556 where multiple SSL backends are compiled into cURL.
1558 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1560 - [Johannes Schindelin brought this change]
1562 configure: allow setting the default SSL backend
1564 Previously, we used as default SSL backend whatever was first in the
1565 `available_backends` array.
1567 However, some users may want to override that default without patching
1570 Now they can: with the --with-default-ssl-backend=<backend> option of
1571 the ./configure script.
1573 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1575 - [Johannes Schindelin brought this change]
1577 vtls: use Curl_ssl_multi pseudo backend only when needed
1579 When only one SSL backend is configured, it is totally unnecessary to
1580 let multissl_init() configure the backend at runtime, we can select the
1581 correct backend at build time already.
1583 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1585 - [Johannes Schindelin brought this change]
1587 version: if built with more than one SSL backend, report all of them
1589 To discern the active one from the inactive ones, put the latter into
1592 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1594 - [Johannes Schindelin brought this change]
1596 version: add the CURL_VERSION_MULTI_SSL feature flag
1598 This new feature flag reports When cURL was built with multiple SSL
1601 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1603 - [Johannes Schindelin brought this change]
1605 metalink: allow compiling with multiple SSL backends
1607 Previously, the code assumed that at most one of the SSL backends would
1608 be compiled in, emulating OpenSSL's functions if the configured backend
1609 was not OpenSSL itself.
1611 However, now we allow building with multiple SSL backends and choosing
1612 one at runtime. Therefore, metalink needs to be adjusted to handle this
1615 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1617 - [Johannes Schindelin brought this change]
1619 docs/examples: demonstrate how to select SSL backends
1621 The newly-introduced curl_global_sslset() function deserves to be
1624 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1626 - [Johannes Schindelin brought this change]
1628 Add a man page for curl_global_sslset()
1630 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1632 - [Johannes Schindelin brought this change]
1634 vtls: introduce curl_global_sslset()
1636 Let's add a compile time safe API to select an SSL backend. This
1637 function needs to be called *before* curl_global_init(), and can be
1640 Side note: we do not explicitly test that it is called before
1641 curl_global_init(), but we do verify that it is not called multiple times
1644 If SSL is used before the function was called, it will use whatever the
1645 CURL_SSL_BACKEND environment variable says (or default to the first
1646 available SSL backend), and if a subsequent call to
1647 curl_global_sslset() disagrees with the previous choice, it will fail
1648 with CURLSSLSET_TOO_LATE.
1650 The function also accepts an "avail" parameter to point to a (read-only)
1651 NULL-terminated list of available backends. This comes in real handy if
1652 an application wants to let the user choose between whatever SSL backends
1653 the currently available libcurl has to offer: simply call
1655 curl_global_sslset(-1, NULL, &avail);
1657 which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
1658 variable to point to the relevant information to present to the user.
1660 Just like with the HTTP/2 push functions, we have to add the function
1661 declaration of curl_global_sslset() function to the header file
1662 *multi.h* because VMS and OS/400 require a stable order of functions
1663 declared in include/curl/*.h (where the header files are sorted
1664 alphabetically). This looks a bit funny, but it cannot be helped.
1666 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1668 - [Johannes Schindelin brought this change]
1670 vtls: refactor out essential information about the SSL backends
1672 There is information about the compiled-in SSL backends that is really
1673 no concern of any code other than the SSL backend itself, such as which
1674 function (if any) implements SHA-256 summing.
1676 And there is information that is really interesting to the user, such as
1677 the name, or the curl_sslbackend value.
1679 Let's factor out the latter into a publicly visible struct. This
1680 information will be used in the upcoming API to set the SSL backend
1683 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1685 - [Johannes Schindelin brought this change]
1687 vtls: allow selecting which SSL backend to use at runtime
1689 When building software for the masses, it is sometimes not possible to
1690 decide for all users which SSL backend is appropriate.
1692 Git for Windows, for example, uses cURL to perform clones, fetches and
1693 pushes via HTTPS, and some users strongly prefer OpenSSL, while other
1694 users really need to use Secure Channel because it offers
1695 enterprise-ready tools to manage credentials via Windows' Credential
1698 The current Git for Windows versions use the ugly work-around of
1699 building libcurl once with OpenSSL support and once with Secure Channel
1700 support, and switching out the binaries in the installer depending on
1703 Needless to say, this is a super ugly workaround that actually only
1704 works in some cases: Git for Windows also comes in a portable form, and
1705 in a form intended for third-party applications requiring Git
1706 functionality, in which cases this "swap out libcurl-4.dll" simply is
1709 Therefore, the Git for Windows project has a vested interest in teaching
1710 cURL to make the SSL backend a *runtime* option.
1712 This patch makes that possible.
1714 By running ./configure with multiple --with-<backend> options, cURL will
1715 be built with multiple backends.
1717 For the moment, the backend can be configured using the environment
1718 variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and
1721 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1723 - [Johannes Schindelin brought this change]
1725 vtls: fold the backend ID into the Curl_ssl structure
1727 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1729 - [Johannes Schindelin brought this change]
1731 curl_ntlm_core: don't complain but #include OpenSSL header if needed
1733 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1735 - [Johannes Schindelin brought this change]
1737 vtls: encapsulate SSL backend-specific data
1739 So far, all of the SSL backends' private data has been declared as
1740 part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
1743 This can only work as long as the SSL backend is a compile-time option,
1744 something we want to change in the next commits.
1746 Therefore, let's encapsulate the exact data needed by each SSL backend
1747 into a private struct, and let's avoid bleeding any SSL backend-specific
1748 information into urldata.h. This is also necessary to allow multiple SSL
1749 backends to be compiled in at the same time, as e.g. OpenSSL's and
1750 CyaSSL's headers cannot be included in the same .c file.
1752 To avoid too many malloc() calls, we simply append the private structs
1753 to the connectdata struct in allocate_conn().
1755 This requires us to take extra care of alignment issues: struct fields
1756 often need to be aligned on certain boundaries e.g. 32-bit values need to
1757 be stored at addresses that divide evenly by 4 (= 32 bit / 8
1760 We do that by assuming that no SSL backend's private data contains any
1761 fields that need to be aligned on boundaries larger than `long long`
1762 (typically 64-bit) would need. Under this assumption, we simply add a
1763 dummy field of type `long long` to the `struct connectdata` struct. This
1764 field will never be accessed but acts as a placeholder for the four
1765 instances of ssl_backend_data instead. the size of each ssl_backend_data
1766 struct is stored in the SSL backend-specific metadata, to allow
1767 allocate_conn() to know how much extra space to allocate, and how to
1768 initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
1771 This would appear to be a little complicated at first, but is really
1772 necessary to encapsulate the private data of each SSL backend correctly.
1773 And we need to encapsulate thusly if we ever want to allow selecting
1774 CyaSSL and OpenSSL at runtime, as their headers cannot be included within
1775 the same .c file (there are just too many conflicting definitions and
1776 declarations for that).
1778 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1780 - [Johannes Schindelin brought this change]
1782 vtls: prepare the SSL backends for encapsulated private data
1784 At the moment, cURL's SSL backend needs to be configured at build time.
1785 As such, it is totally okay for them to hard-code their backend-specific
1786 data in the ssl_connect_data struct.
1788 In preparation for making the SSL backend a runtime option, let's make
1789 the access of said private data a bit more abstract so that it can be
1790 adjusted later in an easy manner.
1792 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1794 - [Johannes Schindelin brought this change]
1796 urldata.h: move SSPI-specific #include to correct location
1798 In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables,
1799 2014-12-03), an SSPI-specific field was added to the kerberos5data
1800 struct without moving the #include "curl_sspi.h" later in the same file.
1802 This broke the build when SSPI was enabled, unless Secure Channel was
1803 used as SSL backend, because it just so happens that Secure Channel also
1804 requires "curl_sspi.h" to be #included.
1806 In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled,
1807 2017-02-21), this bug was fixed incorrectly: Instead of moving the
1808 appropriate conditional #include, the Secure Channel-conditional part
1809 was now also SSPI-conditional.
1811 Fix this problem by moving the correct #include instead.
1813 This is also required for an upcoming patch that moves all the Secure
1814 Channel-specific stuff out of urldata.h and encapsulates it properly in
1815 vtls/schannel.c instead.
1817 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1819 - [Johannes Schindelin brought this change]
1821 urldata.h: remove support for obsolete PolarSSL version
1823 Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require
1824 a newer PolarSSL version. No need to keep code trying to support any
1827 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1829 - [Johannes Schindelin brought this change]
1831 getinfo: access SSL internals via Curl_ssl
1833 In the ongoing endeavor to abstract out all SSL backend-specific
1834 functionality, this is the next step: Instead of hard-coding how the
1835 different SSL backends access their internal data in getinfo.c, let's
1836 implement backend-specific functions to do that task.
1838 This will also allow for switching SSL backends as a runtime option.
1840 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1842 - [Johannes Schindelin brought this change]
1844 vtls: move SSL backends' private constants out of their header files
1846 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1848 - [Johannes Schindelin brought this change]
1850 axtls: use Curl_none_* versions of init() and cleanup()
1852 There are convenient no-op versions of the init/cleanup functions now,
1853 no need to define private ones for axTLS.
1855 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1857 - [Johannes Schindelin brought this change]
1859 vtls: remove obsolete declarations of SSL backend functionality
1861 These functions are all available via the Curl_ssl struct now, no need
1862 to declare them separately anymore.
1864 As the global declarations are removed, the corresponding function
1865 definitions are marked as file-local. The only two exceptions here are
1866 Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the
1867 declarations were removed, there are no function definitions to mark
1870 Please note that Curl_nss_force_init() is *still* declared globally, as
1871 the only SSL backend-specific function, because it was introduced
1872 specifically for the use case where cURL was compiled with
1873 `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add
1874 support for NSS, 2010-06-27).
1876 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1878 - [Johannes Schindelin brought this change]
1880 schannel: reorder functions topologically
1882 The _shutdown() function calls the _session_free() function; While this
1883 is not a problem now (because schannel.h declares both functions), a
1884 patch looming in the immediate future with make all of these functions
1887 So let's just move the _session_free() function's definition before it
1890 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1892 - [Johannes Schindelin brought this change]
1894 axtls: reorder functions topologically
1896 The connect_finish() function (like many other functions after it) calls
1897 the Curl_axtls_close() function; While this is not a problem now
1898 (because axtls.h declares the latter function), a patch looming in the
1899 immediate future with make all of these functions file-local.
1901 So let's just move the Curl_axtls_close() function's definition before
1904 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1906 - [Johannes Schindelin brought this change]
1908 vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct
1910 That will allow us to choose the SSL backend at runtime.
1912 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1914 - [Johannes Schindelin brought this change]
1916 vtls: convert the have_curlssl_* constants to runtime flags
1918 The entire idea of introducing the Curl_ssl struct to describe SSL
1919 backends is to prepare for choosing the SSL backend at runtime.
1921 To that end, convert all the #ifdef have_curlssl_* style conditionals
1922 to use bit flags instead.
1924 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1926 - [Johannes Schindelin brought this change]
1928 vtls: move sha256sum into the Curl_ssl struct
1930 The SHA-256 checksumming is also an SSL backend-specific function.
1931 Let's include it in the struct declaring the functionality of SSL
1934 In contrast to MD5, there is no fall-back code. To indicate this, the
1935 respective entries are NULL for those backends that offer no support for
1936 SHA-256 checksumming.
1938 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1940 - [Johannes Schindelin brought this change]
1942 vtls: move md5sum into the Curl_ssl struct
1944 The MD5 summing is also an SSL backend-specific function. So let's
1945 include it, offering the previous fall-back code as a separate function
1946 now: Curl_none_md5sum(). To allow for that, the signature had to be
1947 changed so that an error could be returned from the implementation
1948 (Curl_none_md5sum() can run out of memory).
1950 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1952 - [Johannes Schindelin brought this change]
1954 vtls: use the Curl_ssl struct to access all SSL backends' functionality
1956 This is the first step to unify the SSL backend handling. Now all the
1957 SSL backend-specific functionality is accessed via a global instance of
1958 the Curl_ssl struct.
1960 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1962 - [Johannes Schindelin brought this change]
1964 vtls: declare Curl_ssl structs for every SSL backend
1966 The idea of introducing the Curl_ssl struct was to unify how the SSL
1967 backends are declared and called. To this end, we now provide an
1968 instance of the Curl_ssl struct for each and every SSL backend.
1970 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1972 - [Johannes Schindelin brought this change]
1974 vtls: introduce a new struct for SSL backends
1976 This new struct is similar in nature to Curl_handler: it will define the
1977 functions and capabilities of all the SSL backends (where Curl_handler
1978 defines the functions and capabilities of protocol handlers).
1980 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1982 - [Johannes Schindelin brought this change]
1984 vtls: make sure every _sha256sum()'s first arg is const
1986 This patch makes the signature of the _sha256sum() functions consistent
1987 among the SSL backends, in preparation for unifying the way all SSL
1988 backends are accessed.
1990 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1992 - [Johannes Schindelin brought this change]
1994 vtls: make sure all _data_pending() functions return bool
1996 This patch makes the signature of the _data_pending() functions
1997 consistent among the SSL backends, in preparation for unifying the way
1998 all SSL backends are accessed.
2000 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2002 - [Johannes Schindelin brought this change]
2004 vtls: make sure all _cleanup() functions return void
2006 This patch makes the signature of the _cleanup() functions consistent
2007 among the SSL backends, in preparation for unifying the way all SSL
2008 backends are accessed.
2010 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2012 - [Johannes Schindelin brought this change]
2014 vtls: use consistent signature for _random() implementations
2016 This will make the upcoming multissl backend much easier to implement.
2018 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2020 - strtooff: fix build for systems with long long but no strtoll option
2024 Reported-by: Dan Fandrich
2025 Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615
2027 - darwinssl: handle long strings in TLS certs
2029 ... as the previous fixed length 128 bytes buffer was sometimes too
2035 Reported-by: Benjamin Sergeant
2036 Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann
2038 - system.h: include sys/poll.h for AIX
2040 ... to get the event/revent defines that might be used for the poll
2043 Reported-by: Michael Smith
2047 Dan Fandrich (26 Aug 2017)
2048 - tests: Make sure libtests & unittests call curl_global_cleanup()
2050 These were missed in commit c468c27b.
2052 Jay Satiro (26 Aug 2017)
2053 - [theantigod brought this change]
2055 winbuild: fix embedded manifest option
2057 Embedded manifest option didn't work due to incorrect path.
2059 Fixes https://github.com/curl/curl/issues/1832
2061 Daniel Stenberg (25 Aug 2017)
2062 - fuzz/Makefile.am: remove curlbuild.h leftovers
2064 - examples/threaded-ssl: mention that this is for openssl before 1.1
2066 - imap: use defined names for response codes
2068 When working on this code I found the previous setup a bit weird while
2069 using proper defines increases readability.
2073 - CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
2075 - imap: support PREAUTH
2077 It is a defined possible greeting at server startup that means the
2078 connection is already authenticated. See
2079 https://tools.ietf.org/html/rfc3501#section-7.1.4
2081 Test 846 added to verify.
2086 Jay Satiro (23 Aug 2017)
2087 - config-tpf: define SIZEOF_LONG
2089 Recent changes that replaced CURL_SIZEOF_LONG in the source with
2090 SIZEOF_LONG broke builds that use the premade configuration files and
2091 don't have SIZEOF_LONG defined.
2093 Bug: https://github.com/curl/curl/issues/1816
2095 Dan Fandrich (23 Aug 2017)
2096 - test1453: Fixed <features>
2098 Daniel Stenberg (22 Aug 2017)
2099 - [Gisle Vanem brought this change]
2101 config-dos: add missing defines, SIZEOF_* and two others
2105 - curl: shorten and clean up CA cert verification error message
2107 The previous message was just too long for ordinary people and it was
2108 encouraging users to use `--insecure` a little too easy.
2110 Based-on-work-by: Frank Denis
2115 - request-target.d: mention added in 7.55.0
2117 Marcel Raad (22 Aug 2017)
2118 - tool_main: turn off MinGW CRT's globbing
2120 By default, the MinGW CRT globs command-line arguments. This prevents
2121 getting a single asterisk into an argument as test 1299 does. Turn off
2122 globbing by setting the global variable _CRT_glob to 0 for MinGW.
2124 Fixes https://github.com/curl/curl/issues/1751
2125 Closes https://github.com/curl/curl/pull/1813
2127 Viktor Szakats (22 Aug 2017)
2128 - makefile.m32: add support for libidn2
2130 libidn was replaced with libidn2 last year in configure.
2131 Caveat: libidn2 may depend on a list of further libs.
2132 These can be manually specified via CURL_LDFLAG_EXTRAS.
2134 Closes https://github.com/curl/curl/pull/1815
2136 Jay Satiro (22 Aug 2017)
2137 - [Viktor Szakats brought this change]
2139 config-win32: define SIZEOF_LONG
2141 Recent changes that replaced CURL_SIZEOF_LONG in the source with
2142 SIZEOF_LONG broke builds that use the premade configuration files and
2143 don't have SIZEOF_LONG defined.
2145 Closes https://github.com/curl/curl/pull/1814
2147 Daniel Stenberg (20 Aug 2017)
2148 - cmake: enable picky compiler options with clang and gcc
2152 - curl/system.h: fix build for hppa
2154 Reported-by: John David Anglin
2155 Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10
2157 - [Even Rouault brought this change]
2159 tftp: fix memory leak on too long filename
2163 $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
2165 ==9752== Memcheck, a memory error detector
2166 ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
2167 ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
2168 ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
2170 curl: (71) TFTP file name too long
2173 ==9752== HEAP SUMMARY:
2174 ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
2175 ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
2176 ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2177 ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2178 ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2179 ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2180 ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2181 ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
2182 ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
2183 ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
2184 ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl)
2186 Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
2191 Dan Fandrich (19 Aug 2017)
2192 - runtests: fixed case insensitive matching of keywords
2194 Commit 5c2aac71 didn't work in the case of mixed-case keywords given on
2197 - tests: Make sure libtests call curl_global_cleanup()
2199 This ensures that global data allocations are freed so Valgrind stays
2200 happy. This was a problem with at least PolarSSL and mbedTLS.
2202 Daniel Stenberg (18 Aug 2017)
2203 - RELEASE-NOTES: synced with 8baead425
2205 - scripts/contri*sh: use "git log --use-mailmap"
2207 - mailmap: de-duplify some git authors
2209 - http2_recv: return error better on fatal h2 errors
2212 Figured-out-by: Tatsuhiro Tsujikawa
2214 - KNOWN_BUGS: HTTP test server 'connection-monitor' problems
2218 - curl/system.h: check for __ppc__ as well
2220 ... regression since issue #1774 (commit 10b3df10596a) since obviously
2221 some older gcc doesn't know __powerpc__ while some newer doesn't know
2226 Reported-by: Ryan Schmidt
2228 - [Jan Alexander Steffens (heftig) brought this change]
2230 http: Don't wait on CONNECT when there is no proxy
2232 Since curl 7.55.0, NetworkManager almost always failed its connectivity
2233 check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP
2234 CONNECT process entirely non-blocking).
2236 This patch replaces !Curl_connect_complete with Curl_connect_ongoing,
2237 which returns false if the CONNECT state was left uninitialized and lets
2238 the connection continue.
2243 Also-fixed-by: Gergely Nagy
2245 - [Johannes Schindelin brought this change]
2247 metalink: adjust source code style
2249 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2251 - CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG
2253 - lib557: no longer use CURL_SIZEOF_* defines
2255 - config-win32: define SIZEOF_CURL_OFF_T
2257 - cmake: sizeof curl_off_t, remove unused detections
2259 - system.h: remove all CURL_SIZEOF_* defines
2261 ... as they're not used externally and internally we check for the sizes
2262 already in configure etc.
2266 - ftp: fix CWD when doing multicwd then nocwd on same connection
2270 Reported-by: Peter Lamare
2272 - CURLOPT_SSH_COMPRESSION.3: enable with 1L
2274 (leaves other values reserved for the future)
2276 - compressed-ssh.d: "Added: 7.56.0"
2278 - curl/system.h: checksrc compliance
2280 Jay Satiro (17 Aug 2017)
2281 - [Viktor Szakats brought this change]
2283 ssh: add the ability to enable compression (for SCP/SFTP)
2285 The required low-level logic was already available as part of
2286 `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
2289 This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
2290 (boolean) and the new `curl` command-line option `--compressed-ssh`
2291 to request this `libssh2` feature. To have compression enabled, it
2292 is required that the SSH server supports a (zlib) compatible
2293 compression method and that `libssh2` was built with `zlib` support
2296 [1] https://www.libssh2.org/libssh2_session_flag.html
2298 Ref: https://github.com/curl/curl/issues/1732
2299 Closes https://github.com/curl/curl/pull/1735
2301 - examples/ftpuploadresume: checksrc compliance
2303 - [Maksim Stsepanenka brought this change]
2305 http_proxy: fix build error for CURL_DOES_CONVERSIONS
2307 Closes https://github.com/curl/curl/pull/1793
2309 GitHub (16 Aug 2017)
2310 - [Nick Zitzmann brought this change]
2312 configure: check for __builtin_available() availability (#1788)
2314 This change does two things:
2315 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently
2316 failing trying to compile connectx() in lib/connect.c.)
2317 2. It finally weak-links the connectx() function, and falls back on
2318 connect() when run on older operating systems.
2320 Daniel Stenberg (16 Aug 2017)
2321 - travis: add metalink to some osx builds
2325 - [Max Dymond brought this change]
2327 coverage: Use two coveralls commands to get lib/vtls results
2331 - darwinssi: fix error: variable length array used
2333 - m4/curl-compilers.m4: use proper quotes around string, not backticks
2335 ... when setting clang version to assume 3.7
2337 Caused a lot of "integer expression expected" warnings by configure.
2339 - [Benbuck Nason brought this change]
2341 cmake: remove dead code for DISABLED_THREADSAFE
2345 Jay Satiro (15 Aug 2017)
2346 - [Jakub Zakrzewski brought this change]
2348 curl-confopts.m4: fix --disable-threaded-resolver
2350 Closes https://github.com/curl/curl/issues/1784
2352 Daniel Stenberg (15 Aug 2017)
2353 - [Ryan Winograd brought this change]
2355 progress: Track total times following redirects
2357 Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
2358 `t_pretransfer`, and `t_starttransfer` to track the total times for
2359 these activities when a redirect is followed. Previously, only the times
2360 for the most recent request would be tracked.
2364 - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
2365 now that the function only resets transfer sizes and no longer
2366 modifies any of the progress timers.
2368 - Add a bool to the `Progress` struct that is used to prevent
2369 double-counting `t_starttransfer` times.
2371 Added test case 1399.
2373 Fixes #522 and Known Bug 1.8
2375 Reported-by: joshhe on github
2377 - [Benbuck Nason brought this change]
2379 cmake: remove dead code for CURL_DISABLE_RTMP
2383 Kamil Dudka (15 Aug 2017)
2384 - zsh.pl: produce a working completion script again
2386 Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help
2387 to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to
2388 produce a broken completion script:
2391 _curl:10: no such file or directory: seconds
2395 Daniel Stenberg (15 Aug 2017)
2396 - curlver: toward 7.56.0?
2398 - RELEASE-NOTES: synced with 91c46dc44
2400 - test1449: FTP download range with an too large size
2402 - strtoofft: reduce integer overflow risks globally
2404 ... make sure we bail out on overflows.
2406 Reported-by: Brian Carpenter
2409 - travis: build the examples too
2411 to make sure they keep building warning-free
2415 - runtests: match keywords case insensitively
2417 - examples/ftpuploadresume.c: use portable code
2419 ... converted from the MS specific _snscanf()
2421 Version 7.55.1 (13 Aug 2017)
2423 Daniel Stenberg (13 Aug 2017)
2424 - RELEASE-NOTES/THANKS: curl 7.55.1 release time
2426 - gitignore: ignore .xz now instead of .lzma
2428 - [Sergei Nikulov brought this change]
2430 cmake: Threads detection update. ref: #1702
2434 - ipv6_scope: support unique local addresses
2438 Reported-by: James Slaughter
2440 - [Alex Potapenko brought this change]
2442 curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__
2446 - test1448: verify redirect to IDN using URL
2450 - [Salah-Eddin Shaban brought this change]
2452 redirect: skip URL encoding for host names
2454 This fixes redirects to IDN URLs
2458 Reported by: David Lord
2460 - test2032: mark as flaky (again)
2462 - travis: test cmake build on tarball too
2464 Could've prevented #1755
2466 - [Simon Warta brought this change]
2468 cmake: allow user to override CMAKE_DEBUG_POSTFIX
2472 - connect-to.d: better language
2474 - connect-to.d: clarified
2476 - bagder/Curl_tvdiff_us: fix the math
2478 Regression since adef394ac5 (released in 7.55.0)
2480 Reported-by: Han Qiao
2484 - curl/system.h: add Oracle Solaris Studio
2488 - [Alessandro Ghedini brought this change]
2490 docs: fix typo funtion -> function
2494 Alessandro Ghedini (12 Aug 2017)
2495 - docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description
2497 - docs: fix typo stuct -> struct
2499 Dan Fandrich (12 Aug 2017)
2500 - test1447: require a curl with http support
2502 Daniel Stenberg (11 Aug 2017)
2503 - [Thomas Petazzoni brought this change]
2505 curl/system.h: support more architectures
2507 The long list of architectures in include/curl/system.h is annoying to
2508 maintain, and needs to be extended for each and every architecture to
2511 Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
2512 (we are in the GNUC condition anyway), which tells us if long is 4
2515 This fixes the build of libcurl 7.55.0 on architectures such as
2520 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2522 - test2033: this went flaky again
2524 Suspicion: when we enabled the threaded resolver by default.
2526 - test1447: verifies the parse proxy fix in 6e0e152ce5c
2528 - [Even Rouault brought this change]
2530 parse_proxy(): fix memory leak in case of invalid proxy server name
2532 Fixes the below leak:
2534 $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
2535 curl: (5) Couldn't resolve proxy name
2537 ==5048== HEAP SUMMARY:
2538 ==5048== in use at exit: 532 bytes in 12 blocks
2539 ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
2541 ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
2542 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
2543 ==5048== by 0x4E6CB79: parse_login_details (url.c:5614)
2544 ==5048== by 0x4E6BA82: parse_proxy (url.c:5091)
2545 ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
2546 ==5048== by 0x4E6EA18: create_conn (url.c:6498)
2547 ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967)
2548 ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436)
2549 ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160)
2550 ==5048== by 0x4E7C515: easy_transfer (easy.c:708)
2551 ==5048== by 0x4E7C74A: easy_perform (easy.c:794)
2552 ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813)
2553 ==5048== by 0x414025: operate_do (tool_operate.c:1563)
2555 ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
2556 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
2557 ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621)
2558 ==5048== by 0x4E6BA82: parse_proxy (url.c:5091)
2559 ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
2560 ==5048== by 0x4E6EA18: create_conn (url.c:6498)
2561 ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967)
2562 ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436)
2563 ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160)
2564 ==5048== by 0x4E7C515: easy_transfer (easy.c:708)
2565 ==5048== by 0x4E7C74A: easy_perform (easy.c:794)
2566 ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813)
2567 ==5048== by 0x414025: operate_do (tool_operate.c:1563)
2569 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
2570 Credit to OSS Fuzz for discovery
2574 - RELEASE-NOTES: synced with 37f2195a9
2576 - curlver: bump to 7.55.1
2578 - openssl: fix "error: this statement may fall through"
2582 - [David Benjamin brought this change]
2584 openssl: remove CONST_ASN1_BIT_STRING.
2586 Just making the pointer as const works for the pre-1.1.0 path too.
2590 - maketgz: remove old *.dist files before making the tarball
2592 To avoid "old crap" unintentionally getting shipped.
2594 Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html
2595 Reported-by: Christian Weisgerber
2597 Jay Satiro (10 Aug 2017)
2598 - mkhelp.pl: allow executing this script directly
2600 - Enable execute permission (chmod +x)
2602 - Change interpreter to /usr/bin/env perl
2604 Ref: https://github.com/curl/curl/issues/1743
2606 Daniel Stenberg (10 Aug 2017)
2607 - configure: use the threaded resolver backend by default if possible
2611 - cmake: move cmake_uninstall.cmake to CMake/
2615 - metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
2617 - dist: fix the cmake build by shipping cmake_uninstall.cmake.in too
2621 - travis: verify "make install"
2626 Marcel Raad (10 Aug 2017)
2627 - build: check out *.sln files with Windows line endings
2629 Visual Studio doesn't like LF line endings in solution files and always
2630 converts them to CRLF when doing changes to the solution. Notably, this
2631 affects the solutions in the release archive.
2633 Closes https://github.com/curl/curl/pull/1746
2635 - gitignore: ignore top-level .vs folder
2637 This folder is generated when using the CMake build system from within
2640 Closes https://github.com/curl/curl/pull/1746
2642 Jay Satiro (10 Aug 2017)
2643 - digest_sspi: Don't reuse context if the user/passwd has changed
2645 Bug: https://github.com/curl/curl/issues/1685
2646 Reported-by: paulharris@users.noreply.github.com
2648 Assisted-by: Isaac Boukris
2650 Closes https://github.com/curl/curl/pull/1742
2652 Daniel Stenberg (9 Aug 2017)
2653 - [Adam Sampson brought this change]
2655 dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST
2657 These weren't included in the 7.55.0 release, but are required in order
2658 to run the full test suite.
2662 - [Adam Sampson brought this change]
2664 curl: do bounds check using a double comparison
2666 The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
2667 complete: if the parsed number in num is larger than will fit in a long,
2668 the conversion is undefined behaviour (causing test1427 to fail for me
2669 on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
2670 rid of the cast means the comparison will be done using doubles.
2672 It might make more sense for the max argument to also be a double...
2677 - make install: add 8 missing man pages to the installation
2679 - build: fix 'make install' with configure, install docs/libcurl/* too
2681 Broken since d24838d4da9faa
2683 Reported-by: Bernard Spil
2685 Version 7.55.0 (9 Aug 2017)
2687 Daniel Stenberg (9 Aug 2017)
2688 - RELEASE-NOTES: curl 7.55.0
2690 - THANKS: 20 new contributors in 7.55.0
2692 - [Viktor Szakats brought this change]
2694 docs/comments: Update to secure URL versions
2698 - configure: fix recv/send/select detection on Android
2700 ... since they now provide several functions as
2701 __attribute__((overloadable)), the argument detection logic need
2704 Patched-by: destman at github
2709 Marcel Raad (8 Aug 2017)
2710 - ax_code_coverage.m4: update to latest version
2712 This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
2713 from August 01, 2017. Notably, this removes the lconv version whitelist.
2715 Closes https://github.com/curl/curl/pull/1716
2717 Daniel Stenberg (7 Aug 2017)
2718 - test1427: verify command line parser integer overflow detection
2720 - curl: detect and bail out early on parameter integer overflows
2722 Make the number parser aware of the maximum limit curl accepts for a
2723 value and return an error immediately if larger, instead of running an
2724 integer overflow later.
2729 - glob: do not continue parsing after a strtoul() overflow range
2731 Added test 1289 to verify.
2735 Bug: https://curl.haxx.se/docs/adv_20170809A.html
2736 Reported-by: Brian Carpenter
2738 - tftp: reject file name lengths that don't fit
2740 ... and thereby avoid telling send() to send off more bytes than the
2745 Bug: https://curl.haxx.se/docs/adv_20170809B.html
2746 Reported-by: Even Rouault
2748 Credit to OSS-Fuzz for the discovery
2750 - [Even Rouault brought this change]
2752 file: output the correct buffer to the user
2754 Regression brought by 7c312f84ea930d8 (April 2017)
2758 Bug: https://curl.haxx.se/docs/adv_20170809C.html
2760 Credit to OSS-Fuzz for the discovery
2762 - easy_events: make event data static
2764 First: this function is only used in debug-builds and not in
2765 release/real builds. It is used to drive tests using the event-based
2768 A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
2769 CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
2770 funtion returns, namely when curl_multi_remove_handle() is called.
2772 Reported-by: Brian Carpenter
2774 - getparameter: avoid returning uninitialized 'usedarg'
2778 Marcel Raad (5 Aug 2017)
2779 - [Isaac Boukris brought this change]
2781 gssapi: fix memory leak of output token in multi round context
2783 When multiple rounds are needed to establish a security context
2784 (usually ntlm), we overwrite old token with a new one without free.
2785 Found by proposed gss tests using stub a gss implementation (by
2786 valgrind error), though I have confirmed the leak with a real
2787 gssapi implementation as well.
2789 Closes https://github.com/curl/curl/pull/1733
2791 - darwinssl: fix compiler warning
2794 vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
2795 [-Werror,-Wextra-tokens]
2797 This breaks the darwinssl build on Travis. Fix it by making this token
2800 Closes https://github.com/curl/curl/pull/1734
2802 - CMake: fix CURL_WERROR for MSVC
2804 When using CURL_WERROR in MSVC builds, the debug flags were overridden
2805 by the release flags and /WX got added twice in debug mode.
2807 Closes https://github.com/curl/curl/pull/1715
2809 Daniel Stenberg (4 Aug 2017)
2810 - RELEASE-NOTES: synced with 561e9217c
2812 - test1010: verify that #1718 is fixed
2814 ... by doing two transfers in nocwd mode and check that there's no
2815 superfluous CWD command.
2817 - FTP: skip unnecessary CWD when in nocwd mode
2819 ... when reusing a connection. If it didn't do any CWD previously.
2823 Marcel Raad (4 Aug 2017)
2824 - travis: explicitly specify dist
2826 This makes the builds more reproducible as travis is currently rolling
2827 out trusty as default dist [1]. Specifically, this avoids coverage
2828 check failures when trusty is used as seen in [2] until we figure out
2831 [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
2832 [2] https://github.com/curl/curl/pull/1692
2834 Closes https://github.com/curl/curl/pull/1725
2836 Daniel Stenberg (4 Aug 2017)
2837 - travis: BUILD_TYPE => T
2839 (to make the full line appear nicer on travis web UI)
2841 - travis: add osx build with darwinssl
2845 - darwin: silence compiler warnings
2847 With a clang pragma and three type fixes
2851 - BUILD.WINDOWS: mention buildconf.bat for builds off git
2853 - darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
2855 - test130: verify comments in .netrc
2857 - [Gisle Vanem brought this change]
2859 netrc: skip lines starting with '#'
2861 Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
2863 Marcel Raad (3 Aug 2017)
2864 - CMake: set MSVC warning level to 4
2866 The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
2867 consistent with the Visual Studio and NMake builds. Disable level 4
2868 warning C4127 for the library and additionally C4306 for the test
2869 servers to get a clean CURL_WERROR build as that warning is raised in
2870 some macros in older Visual Studio versions.
2872 Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
2873 Closes https://github.com/curl/curl/pull/1711
2875 Daniel Stenberg (2 Aug 2017)
2876 - CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2
2878 Reported-by: Viktor Szakats
2880 - CURLOPT_NETRC.3: mention the file name on windows
2882 ... and CURLOPT_NETRC_FILE(3).
2884 - travis: build osx with libressl too
2886 - travis: build osx with openssl too
2888 - tests/server/util: fix curltime mistake from 4dee50b9c80f9
2890 Marcel Raad (1 Aug 2017)
2891 - curl_threads: fix MSVC compiler warning
2893 Use LongToHandle to convert from long to HANDLE in the Win32
2895 This should fix the following warning when compiling with
2896 MSVC 11 (2012) in 64-bit mode:
2897 lib\curl_threads.c(113): warning C4306:
2898 'type cast' : conversion from 'long' to 'HANDLE' of greater size
2900 Closes https://github.com/curl/curl/pull/1717
2902 Daniel Stenberg (1 Aug 2017)
2903 - BUGS: improved phrasing about security bugs
2905 Reported-by: Max Dymond
2907 - BUGS: clarify how to report security related bugs
2909 - [Brad Spencer brought this change]
2911 multi: fix request timer management
2913 There are some bugs in how timers are managed for a single easy handle
2914 that causes the wrong "next timeout" value to be reported to the
2915 application when a new minimum needs to be recomputed and that new
2916 minimum should be an existing timer that isn't currently set for the
2917 easy handle. When the application drives a set of easy handles via the
2918 `curl_multi_socket_action()` API (for example), it gets told to wait the
2919 wrong amount of time before the next call, which causes requests to
2920 linger for a long time (or, it is my guess, possibly forever).
2922 Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2924 Jay Satiro (1 Aug 2017)
2925 - curl_setup: Define CURL_NO_OLDIES for building libcurl
2927 .. to catch accidental use of deprecated error codes.
2929 Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2931 Daniel Stenberg (1 Aug 2017)
2932 - [Jeremy Tan brought this change]
2934 configure: fix the check for IdnToUnicode
2939 - http: fix response code parser to avoid integer overflow
2941 test 1429 and 1433 were updated to work with the stricter HTTP status line
2945 Reported-by: Brian Carpenter
2947 Jay Satiro (31 Jul 2017)
2948 - [Dwarakanath Yadavalli brought this change]
2950 libcurl: Stop using error codes defined under CURL_NO_OLDIES
2952 Fixes https://github.com/curl/curl/issues/1688
2953 Closes https://github.com/curl/curl/pull/1712
2955 - include.d: clarify --include is only for response headers
2957 Follow-up to 171f8de and de6de94.
2959 Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
2960 Reported-by: Daniel Stenberg
2962 Daniel Stenberg (30 Jul 2017)
2963 - [jasjuang brought this change]
2965 cmake: support make uninstall
2969 - RELEASE-NOTES: synced with 001701c47
2971 Marcel Raad (29 Jul 2017)
2972 - AppVeyor: now really use CURL_WERROR
2974 It was misspelled as CURL_ERROR in commit
2975 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4.
2977 Closes https://github.com/curl/curl/pull/1686
2979 Jay Satiro (29 Jul 2017)
2980 - tool_help: clarify --include is only for response headers
2982 Follow-up to 171f8de.
2984 Ref: https://github.com/curl/curl/issues/1704
2986 - splay: fix signed/unsigned mismatch warning
2988 Follow-up to 4dee50b.
2990 Ref: https://github.com/curl/curl/pull/1693
2992 Daniel Stenberg (28 Jul 2017)
2993 - include.d: clarify that it concerns the response headers
2995 Reported-by: olesteban at github
2998 - [Johannes Schindelin brought this change]
3000 curl_rtmp: fix a compiler warning
3002 The headers of librtmp declare the socket as `int`, and on Windows, that
3003 disagrees with curl_socket_t.
3007 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
3009 - test1323: verify curlx_tvdiff
3011 - timeval: struct curltime is a struct timeval replacement
3013 ... to make all libcurl internals able to use the same data types for
3014 the struct members. The timeval struct differs subtly on several
3015 platforms so it makes it cumbersome to use everywhere.
3020 - darwinssl: fix variable type mistake (regression)
3022 ... which made --tlsv1.2 not work because it would blank the max tls
3025 Reported-by: Nick Miyake
3028 - multi: mention integer overflow risk if using > 500 million sockets
3030 Reported-by: ovidiu-benea@users.noreply.github.com
3035 - checksrc: escape open brace in regex
3037 ... to silence warning.
3039 Kamil Dudka (20 Jul 2017)
3040 - nss: fix a possible use-after-free in SelectClientCert()
3042 ... causing a SIGSEGV in showit() in case the handle used to initiate
3043 the connection has already been freed.
3045 This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.
3047 Reported-by: Rob Sanders
3048 Bug: https://bugzilla.redhat.com/1436158
3050 - nss: unify the coding style of nss_send() and nss_recv()
3052 No changes in behavior intended by this commit.
3054 Marcel Raad (18 Jul 2017)
3055 - tests/server/resolve.c: fix deprecation warning
3057 MSVC warns that gethostbyname is deprecated. Always use getaddrinfo
3058 instead to fix this when IPv6 is enabled, also for IPv4 resolves. This
3059 is also consistent with what libcurl does.
3061 Closes https://github.com/curl/curl/pull/1682
3063 Jay Satiro (17 Jul 2017)
3064 - darwinssl: fix pinnedpubkey build error
3066 - s/SessionHandle/Curl_easy/
3068 Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
3069 Reported-by: Gisle Vanem
3071 Marcel Raad (16 Jul 2017)
3072 - rtspd: fix GCC warning after MSVC warning fix
3075 /tests/server/rtspd.c:1194:10: warning: missing braces around
3076 initializer [-Wmissing-braces]
3078 Fix this by using memset instead of an initializer.
3080 - libtest: fix MSVC warning C4706
3082 With warning level 4, MSVC warns about assignments within conditional
3083 expressions. Change the while loop to a do-while loop to fix this. This
3084 change is also consistent with CODE_STYLE.md.
3086 - sockfilt: suppress conversion warning with explicit cast
3088 MSVC warns when implicitly casting -1 to unsigned long.
3090 - rtspd: fix MSVC level 4 warning
3092 warning C4701: potentially uninitialized local variable 'req' used
3094 - winbuild: re-enable warning C4127 for curl tool
3096 Disabled in cda19a345f6970e22fe8b7a808aeb8f086a21eac. It only needs to
3097 be disabled for libcurl.
3099 - winbuild: build with warning level 4
3101 This is consistent with 7bc64561a2e63ca93e4b0b31d350773ba80955c2, which
3102 changed the warning level from 3 to 4 for the Visual Studio project
3103 files. But disable the level 4 warning C4127 "conditional expression is
3104 constant", as that one is issued by older versions of the Windows SDK
3105 as well as curl itself under some circumstances.
3107 Closes https://github.com/curl/curl/pull/1667
3109 Jay Satiro (12 Jul 2017)
3110 - [Max Dymond brought this change]
3112 travis: install libidn2
3114 Install libidn2 to increase test coverage (IDN tests)
3116 Closes https://github.com/curl/curl/pull/1673
3118 Marcel Raad (12 Jul 2017)
3119 - travis: enable warnings also in release mode
3121 ... to get warnings also on Linux/GCC and OSX/clang.
3123 Closes https://github.com/curl/curl/pull/1666
3125 Daniel Stenberg (12 Jul 2017)
3126 - [Max Dymond brought this change]
3128 travis: install libssh2
3130 Install libssh2 to increase test coverage (SFTP, SCP)
3132 Marcel Raad (12 Jul 2017)
3133 - system.h: include winsock2.h before windows.h
3135 ... to avoid compiler warnings if the user doesn't want
3136 WIN32_LEAN_AND_MEAN.
3138 - build: remove WIN32_LEAN_AND_MEAN from individual build systems
3140 It's defined for all build systems in curl_setup.h since commit
3141 beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro
3142 redefinition warnings in the configure builds.
3144 Closes https://github.com/curl/curl/pull/1677
3146 Jay Satiro (11 Jul 2017)
3147 - ISSUE_TEMPLATE: Add a comment not to file security issues on github
3149 Marcel Raad (11 Jul 2017)
3150 - curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
3152 Make sure to always define WIN32_LEAN_AND_MEAN before including any
3153 Windows headers to avoid pulling in unnecessary headers. This avoids
3154 unnecessary macro clashes and compiler warnings.
3156 Ref: https://github.com/curl/curl/issues/1562
3157 Closes https://github.com/curl/curl/pull/1672
3159 Jay Satiro (11 Jul 2017)
3160 - strerror: Preserve Windows error code in some functions
3162 This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
3163 commit was an earlier draft that I committed by mistake, which was then
3164 remedied by a5834e5 and e909de6, and now this commit. With this commit
3165 there is now no difference between the current code and the changes that
3166 were approved in the final draft.
3168 Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem
3169 Ref: https://github.com/curl/curl/pull/1589
3171 Marcel Raad (10 Jul 2017)
3172 - [Max Dymond brought this change]
3174 tests: Fix up issues with errno in test files
3176 Closes https://github.com/curl/curl/pull/1671
3178 Daniel Stenberg (10 Jul 2017)
3179 - errno: fix non-windows builds after af0216251b94e7
3181 - [Ryan Winograd brought this change]
3183 make: fix docs build on OpenBSD
3187 Marcel Raad (10 Jul 2017)
3188 - ldap: fix MinGW compiler warning
3190 ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with
3191 the latest original MinGW, resulting in compiler warnings since commit
3192 f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8. Fix this for the non-SSPI
3193 case by using ldap_simple_bind_s again instead of ldap_bind_s with
3196 Closes https://github.com/curl/curl/pull/1664
3198 - curl-compilers.m4: disable warning spam with Cygwin's clang
3200 When building with Cygwin or MinGW, libtool uses a wrapper executable
3201 instead of a wrapper script [1], which is written in C and throws
3202 missing-variable-declarations warnings. Don't enable these warnings on
3203 Cygwin and MinGW in order to avoid warnings for every executable built,
3204 which spams the test suite output when using Cygwin's clang.
3206 [1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-executables.html
3208 Closes https://github.com/curl/curl/pull/1665
3210 Jay Satiro (10 Jul 2017)
3211 - curl_setup_once: Remove ERRNO/SET_ERRNO macros
3213 Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
3214 for Win32 and regular errno otherwise.
3216 I reviewed the code and found no justifiable reason for conflating errno
3217 on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
3218 and any Win32 multithreaded CRT supports thread-local errno.
3220 Fixes https://github.com/curl/curl/issues/895
3221 Closes https://github.com/curl/curl/pull/1589
3223 - tool_getparam: fix potentially uninitialized err
3225 Marcel Raad (9 Jul 2017)
3226 - smb: rename variable to fix shadowing warning
3228 GCC 4.6.3 on travis complains:
3229 smb.c: In function ‘get_posix_time’:
3230 smb.c:725:13: error: declaration of ‘time’ shadows a global declaration
3233 Fix this by renaming the variable.
3235 - tool_cb_wrt: fix variable shadowing warning
3238 tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global
3240 /usr/include/unistd.h:782: error: shadowed declaration is here
3242 Fix this by renaming the variable.
3244 Closes https://github.com/curl/curl/pull/1661
3246 Daniel Stenberg (8 Jul 2017)
3247 - RELEASE-NOTES: synced with be2c999b8
3249 - travis: install stunnel
3251 - valgrind.supp: supress OpenSSL false positive seen on travis
3253 - travis: detect and use valgrind for normal builds
3257 - travis: add SMB, DICT, TELNET torture to coverage test
3259 - [Paul Harris brought this change]
3261 cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
3263 Removes BUILD_RELEASE_DEBUG_DIRS since it wasn't used anywhere.
3267 - CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
3269 - [Max Dymond brought this change]
3271 test1452: add telnet negotiation
3273 Add a basic telnet server for negotiating some telnet options before
3274 echoing back any data that's sent to it.
3278 - travis: do more tests in the coverage run
3280 I added a selection of torture and event tests that run "fast enough"
3282 - curl_easy_escape.3: mention the (lack of) encoding
3285 Reported-by: Jeroen Ooms
3287 - [Gisle Vanem brought this change]
3289 memdebug: don't setbuf() if the file open failed
3291 Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151
3293 - appveyor: enable CURL_WERROR on all builds
3295 - cmake: add CURL_WERROR for enabling "warning as errors"
3297 - [Hannes Magnusson brought this change]
3299 cmake: remove spurious "-l" from linker flags
3303 - test506: skip if threaded-resolver
3305 - runtests: support "threaded-resolver" as a feature
3307 ... to let tests require it or skip if present
3309 - asyn-thread.c: fix unused variable warnings on macOS
3311 - http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD
3313 Make the name reflect its use better, and add a short comment describing
3316 - cmake: if inet_pton is used, bump _WIN32_WINNT
3318 ... and make sure inet_pton is always checked for when *not* using Windows,
3319 which is a regression from 4fc6ebe18.
3321 Idea-by: Sergei Nikulov
3323 - select.h: avoid macro redefinition harder
3325 ... by checking the POLLIN define, as the header file checks don't work
3328 - inet_pton: fix include on windows to get prototype
3330 inet_pton() exists on Windows and gets used by our cmake builds. Make
3331 sure the correct header file is included to avoid compiler warnings.
3335 - TODO: 1.10 auto-detect proxy
3339 - TODO: HTTP proxy CONNECT is non-blocking now
3341 - cmake: fix send/recv argument scanner for windows
3343 ... by simply trying the Windows argument types first.
3347 - RELEASE-NOTES: synced with 596cfb6c0
3349 - [Gisle Vanem brought this change]
3351 smb: add support for CURLOPT_FILETIME
3353 Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
3357 - travis: install nghttp2 on linux builds
3361 - [Gisle Vanem brought this change]
3363 smb: fix build for djgpp/MSDOS
3365 bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
3367 - configure: try ldap/lber in reversed order first
3369 When scanning for which LDAP libraries to use, try the -lldap -llber
3370 combination before the reversed order since it has a greater chance of
3371 working when linking with libcurl statically.
3375 Reported-by: David E. Narváez
3377 - configure: remove checks for 5 functions never used
3379 fork, getprotobyname, inet_addr, perror, uname
3383 - dist: add SMB python deps into the tarball
3385 - [Max Dymond brought this change]
3387 test1451: add SMB support to the testbed
3389 Add test 1451 which does some very basic SMB testing using the impacket
3394 - [Max Dymond brought this change]
3396 test: add impacket for SMB testing
3398 Import impacket 0.9.15 for use in SMB testing. This was generated by
3399 doing "pip2.7 install -t . impacket"
3401 Unnecessary files for current testing were deleted.
3403 - travis.yml: use --enable-werror on debug builds
3405 ... to better detect and fault on compiler warnings/errors
3409 - tool_sleep: typecast to avoid macos compiler warning
3411 tool_sleep.c:54:24: error: implicit conversion loses integer precision:
3412 'long' to '__darwin_suseconds_t' (aka 'int')
3413 [-Werror,-Wshorten-64-to-32]
3415 - [Martin Kepplinger brought this change]
3417 timeval.c: Use long long constant type for timeval assignment
3419 On a 64 bit host, sparse says:
3421 timeval.c:148:15: warning: constant 0x7fffffffffffffff is so big it is long
3422 timeval.c:149:12: warning: constant 0x7fffffffffffffff is so big it is long
3424 so let's use long long constant types in order to prevent undesired overflow
3427 Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html
3431 Signed-off-by: Martin Kepplinger <martink@posteo.de>
3433 - url: make the original string get used on subsequent transfers
3435 ... since CURLOPT_URL should follow the same rules as other options:
3436 they remain set until changed or cleared.
3438 Added test 1551 to verify.
3442 Reported-by: Pavel Rochnyak
3444 - [Johannes Schindelin brought this change]
3446 gtls: fix build when sizeof(long) < sizeof(void *)
3448 - Change gnutls pointer/int macros to pointer/curl_socket_t.
3449 Prior to this change they used long type as well.
3451 The size of the `long` data type can be shorter than that of pointer
3452 types. This is the case most notably on Windows.
3454 If C99 were acceptable, we could simply use `intptr_t` here. But we
3455 want to retain C89 compatibility.
3457 Simply use the trick of performing pointer arithmetic with the NULL
3458 pointer: to convert an integer `i` to a pointer, simply take the
3459 address of the `i`th element of a hypothetical character array
3460 starting at address NULL. To convert back, simply cast the pointer
3463 Thanks to Jay Satiro for the initial modification to use curl_socket_t
3464 instead of int/long.
3468 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
3470 - [Ryan Winograd brought this change]
3472 unit1399: fix integer overflow
3477 - [Per Malmberg brought this change]
3479 cmake: Added compatibility options for older Windows versions
3481 CURL_STATIC_CRT and ENABLE_INET_PTON
3485 - unit1399: add logging to time comparison
3487 ... to enable tracking down why autobuilds fail on this
3491 - make: build the docs subdir only from within src
3493 ... and don't build at all in include
3495 Prompted-by-work-by: Simon Warta
3499 - [Max Dymond brought this change]
3501 test1450: fix up DICT server in torture mode
3503 As per https://github.com/curl/curl/pull/1615, the DICT server is a
3504 little spammy in torture mode due to the sockets being torn down
3505 unexpectedly. Fix this by adding some error handling to the handling
3510 - [Max Dymond brought this change]
3512 test1450: add simple testing for DICT
3514 Add a new server which provides a DICT interface. This is intended to
3515 begin coverage testing for lib/dict.c
3519 - [Dan Fandrich brought this change]
3521 test1521: fix out-of-tree builds, broken with 467da3af
3523 The test.h file is no longer in the same directory as the source file,
3524 so that directory needs to be added to the include path.
3529 - [Max Dymond brought this change]
3531 http2: handle PING frames
3533 Add a connection check function to HTTP2 based off RTSP. This causes
3534 PINGs to be handled the next time the connection is reused.
3538 - [Max Dymond brought this change]
3540 handler: refactor connection checking
3542 Add a new type of callback to Curl_handler which performs checks on
3543 the connection. Alter RTSP so that it uses this callback to do its
3544 own check on connection health.
3546 - [dmitrykos brought this change]
3548 openssl: improve fallback seed of PRNG with a time based hash
3552 - [Ryan Winograd brought this change]
3554 progress: prevent resetting t_starttransfer
3556 Prevent `Curl_pgrsTime` from modifying `t_starttransfer` when invoked
3557 with `TIMER_STARTTRANSFER` more than once during a single request.
3559 When a redirect occurs, this is considered a new request and
3560 `t_starttransfer` can be updated to reflect the `t_starttransfer` time
3561 of the redirect request.
3565 Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
3567 - curl_strequal.3: fix typo in SYNOPSIS
3569 Reported-by: Jesse Chisholm
3573 - RELEASE-NOTES: synced with ce2c3ebda
3575 Kamil Dudka (28 Jun 2017)
3576 - curl --socks5-{basic,gssapi}: control socks5 auth
3578 Closes https://github.com/curl/curl/pull/1454
3580 - CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth
3582 If libcurl was built with GSS-API support, it unconditionally advertised
3583 GSS-API authentication while connecting to a SOCKS5 proxy. This caused
3584 problems in environments with improperly configured Kerberos: a stock
3585 libcurl failed to connect, despite libcurl built without GSS-API
3586 connected fine using username and password.
3588 This commit introduces the CURLOPT_SOCKS5_AUTH option to control the
3589 allowed methods for SOCKS5 authentication at run time.
3591 Note that a new option was preferred over reusing CURLOPT_PROXYAUTH
3592 for compatibility reasons because the set of authentication methods
3593 allowed by default was different for HTTP and SOCKS5 proxies.
3595 Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html
3596 Closes https://github.com/curl/curl/pull/1454
3598 - socks: deduplicate the code for auth request
3600 - socks: use proxy_user instead of proxy_name
3602 ... to make it obvious what the data is used for
3604 Daniel Stenberg (27 Jun 2017)
3605 - libtest/make: generate lib1521.c
3607 ... instead of having the generated code checked in. This saves space in
3608 the tarball but primarily automatically adapts to newly added options.
3612 Jay Satiro (26 Jun 2017)
3613 - tool_getparam: fix memory leak on test 1147 OOM (torture tests)
3615 Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
3616 Reported-by: Dan Fandrich
3618 Dan Fandrich (25 Jun 2017)
3619 - test1537: fixed memory leak on OOM
3621 Marcel Raad (25 Jun 2017)
3622 - test1521: fix compiler warnings
3624 The integer literal 3123123123 doesn't fit into a 32-bit signed
3625 integer, so GCC with 32-bit long warns in C90 mode:
3626 this decimal constant is unsigned only in ISO C90 [enabled by default]
3627 Fix this by using ULONG_MAX, which should fit in any curl_off_t and has
3628 the correct suffix to not issue any warnings.
3629 Also adds the missing CURLOPT_REQUEST_TARGET from commit
3630 9b167fd090f596eac828817d48c247eeae53407f.
3632 Closes https://github.com/curl/curl/pull/1611
3634 Daniel Stenberg (24 Jun 2017)
3635 - curl/system.h: add check for XTENSA for 32bit gcc
3637 Reported-by: Neil Kolban
3640 - [Henrik S. Gaßmann brought this change]
3642 winbuild: fix boringssl build
3644 Compile with `WIN32_LEAN_AND_MEAN` which prevents `windows.h` from
3645 including too much clutter including `wincrypt.h` which in turn contains
3646 some preprocessor macros that clash with boringssl symbols.
3648 Detect boringssl by checking the existance of `is_boringssl.h` and set
3649 the corresponding `HAVE_BORINGSSL` for compilation which is used in
3650 `ldap.c` to undefine the evil macros.
3654 - progress: progress.timespent needs to be us
3656 follow-up to 64ed44a815e4e to fix test 500 failures
3658 Marcel Raad (24 Jun 2017)
3659 - curl-compilers.m4: fix unknown-warning-option on Apple clang
3661 Since 5598b0bd63f690c151074494ce47ef872f004ab4, clang -v is used to
3662 detect the clang version. The version number was expected to come after
3663 the word "version". For Apple clang, this doesn't work as it has its
3664 own versioning scheme.
3665 The version number is now first searched after the string
3666 "based on LLVM". This works for Apple clang before version 7, and also
3667 for e.g. Ubuntu's clang up to version 3.7. If it's not found and the
3668 version string contains "Apple LLVM version", clang version 3.7 is
3669 assumed, which is the version that comes with Xcode 7. Otherwise, the
3670 version number is still expected after the word "version", which works
3671 for very old Apple clang versions.
3673 Ref: https://trac.macports.org/wiki/XcodeVersionInfo
3674 Fixes https://github.com/curl/curl/issues/1606
3675 Closes https://github.com/curl/curl/pull/1607
3677 Daniel Stenberg (24 Jun 2017)
3678 - progress: fix "time spent", broke in adef394ac
3680 - CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
3682 ... supported since 7.54.1
3684 - maketgz: switch to -6e for xz
3686 To reduce the memory requirement for decompress, and still do almost as
3687 good compression as with -9e.
3689 Pointed-out-by: Dan Fandrich
3691 - libtest/Makefile: remove unused lib1541 variables
3693 - CONTRIBUTE.md: mention the out-of-tree build test too
3695 - maketgz: switch to xz instead of lzma
3697 The compressed output size seems to be a tad bit smaller, but generally
3698 xz seems more preferred these days and is used directly by for example
3699 gentoo instead of bz2.
3701 "Users of LZMA Utils should move to XZ Utils" =>
3702 https://tukaani.org/lzma/
3706 - --request-target: instead of --strip-path-slash
3708 ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.
3710 This option instead provides the full "alternative" target to use in the
3711 request, instead of extracting the path from the URL.
3713 Test 1298 and 1299 updated accordingly.
3716 Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373
3720 Marcel Raad (21 Jun 2017)
3721 - lib1521: fix missing-variable-declarations clang warnings
3723 Declare TU-local variables static.
3725 - travis: enable typecheck-gcc warnings
3727 - switch debug and release configurations so that we get an optimized
3728 build with GCC 4.3+ as required by typecheck-gcc
3729 - enable warnings-as-errors for release builds
3730 (which have warnings disabled)
3732 Closes https://github.com/curl/curl/pull/1595
3734 - typecheck-gcc: add support for CURLINFO_OFF_T
3736 typecheck-gcc expected curl_socket_t instead of curl_off_t arguments
3737 for CURLINFO_OFF_T. Detected by test1521, unfortunately only when run
3740 Closes https://github.com/curl/curl/pull/1592
3742 Daniel Stenberg (21 Jun 2017)
3743 - [Simon Warta brought this change]
3745 ci: whitelist branches to avoid testing feature branches twice
3747 - [Gisle Vanem brought this change]
3749 lib: fix the djgpp build
3751 Bug: https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commitcomment-22655993
3753 Marcel Raad (20 Jun 2017)
3754 - if2ip: fix compiler warning in ISO C90 mode
3756 remote_scope_id is only used when both HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
3757 and ENABLE_IPV6 are defined instead of only one of them.
3759 Daniel Stenberg (20 Jun 2017)
3760 - travis: do the distcheck test build out-of-tree as well
3762 - http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
3764 ... to enable sending "OPTIONS *" which wasn't possible previously.
3766 This option currently only works for HTTP.
3768 Added test cases 1298 + 1299 to verify
3773 - test1521: test getinfo's OFF_T types too
3777 - lib1521: add curl_easy_getinfo calls to the test set
3779 Also added return value checks to make sure no unexpected return codes
3782 - [Simon Warta brought this change]
3784 automake: use $(MKHELP) variable instead if constant mkhelp.pl
3786 this improves symmetry with the rule above
3788 - [Simon Warta brought this change]
3790 mkhelp.pl: fix script name in usage text
3792 - RELEASE-NOTES: synced with 3b80d3ca4
3794 - getinfo: return sizes as curl_off_t
3796 This change introduces new alternatives for the existing six
3797 curl_easy_getinfo() options that return sizes or speeds as doubles. The
3798 new versions are named like the old ones but with an appended '_T':
3800 CURLINFO_CONTENT_LENGTH_DOWNLOAD_T
3801 CURLINFO_CONTENT_LENGTH_UPLOAD_T
3802 CURLINFO_SIZE_DOWNLOAD_T
3803 CURLINFO_SIZE_UPLOAD_T
3804 CURLINFO_SPEED_DOWNLOAD_T
3805 CURLINFO_SPEED_UPLOAD_T
3809 - PIPELINING_SERVER_BL: cleanup the internal list use
3811 The list was freed incorrectly since the llist refactor of
3812 cbae73e1dd959. Added test 1550 to verify that it works and avoid future
3815 Reported-by: Pascal Terjan
3820 - http2: fix OOM crash
3822 torture mode with test 1021 found it
3824 - CURLOPT_PREQUOTE.3: spellfix man page reference
3826 Marcel Raad (18 Jun 2017)
3827 - http_proxy: fix build with http and proxy
3829 After deff7de0eb0e22d2d142b96b9cc84cd8db5d2a48, the build without
3830 CURL_DISABLE_PROXY and CURL_DISABLE_HTTP was failing because of missing
3833 - http_proxy: fix compiler warning
3835 With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a
3836 missing prototype for Curl_connect_free.
3838 Daniel Stenberg (18 Jun 2017)
3839 - TODO: update the TOC too
3841 - TODO: implement support for CURLOPT_PREQUOTE with SFTP
3843 ... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct
3848 - tool_wrte_cb: remove check for config == NULL
3850 ... as it really cannot have reached this far with config being NULL,
3851 thus this is unnecesary and misleading.
3853 Bug: https://news.ycombinator.com/item?id=14577585 and
3854 https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356
3856 Forwarded-to-us-by: Jakub Wilk
3858 - curl: prevent binary output spewed to terminal
3860 ... unless "--output -" is used. Binary detection is done by simply
3861 checking for a binary zero in early data.
3863 Added test 1425 1426 to verify.
3867 Marcel Raad (16 Jun 2017)
3868 - Makefile.m32: enable -W for MinGW32 build
3870 The configure-based build also has this in addition to -Wall.
3872 Closes https://github.com/curl/curl/pull/1578
3874 - curl-compilers.m4: enable comma clang warning
3876 It usually warns when using commas instead of semicolons or other
3877 operators by accident.
3879 Closes https://github.com/curl/curl/pull/1578
3881 - curl-compilers.m4: enable missing-variable-declarations clang warning
3883 It usually warns when forgetting to declare TU-local variables static.
3885 Closes https://github.com/curl/curl/pull/1578
3887 - curl-compilers.m4: enable double-promotion warning
3889 Enable -Wdouble-promotion for both GCC and clang. It warns on implicit
3890 promotion from float to double.
3892 Closes https://github.com/curl/curl/pull/1578
3894 - curl-compilers.m4: enable vla warning for clang
3896 Previously, that warning was only implicitly active in C90 mode.
3897 Enable it unconditionally as already done for GCC.
3899 Closes https://github.com/curl/curl/pull/1578
3901 Daniel Stenberg (16 Jun 2017)
3902 - http-proxy: fix chunked-encoded CONNECT responses
3904 Regression since 5113ad0424.
3906 ... and remove 'flaky' from test 1061 again
3910 - http-proxy: deal with EAGAIN
3912 ... the previous code would reset the header length wrongly (since
3913 5113ad0424). This makes test 1060 reliable again.
3915 Also: make sws send even smaller chunks of data to increase the
3916 likeliness of this happening.
3918 - libtest/libntlmconnect: fix compiler warnings from f94fcdb
3920 - [Jay Satiro brought this change]
3922 HTTPS-Proxy: don't offer h2 for https proxy connections
3924 Bug: https://github.com/curl/curl/issues/1254
3928 - tests: stabilize test 2032 and 2033
3930 Both these tests run the same underlying test code: libntlmconnect.c -
3931 this test code made some assumptions about socket ordering when it used
3932 curl_easy_fdset() and when we changed timing or got accidental changes
3933 in libcurl the tests would fail.
3935 The tests verify that the different transfers keep using the same
3936 connections, which I now instead made sure by adding the number of bytes
3937 each transfer gets and then verifies that they always get the same
3938 amount as when these tests worked.
3942 - test1148: verify the -# progressbar
3946 - test1061: mark as flaky
3948 Fails intermittently on travis builds since a few days. Likely due to
3951 Jay Satiro (16 Jun 2017)
3952 - url: refactor the check for Windows drive letter in path
3954 - Move the logic to detect a Windows drive letter prefix
3955 (eg c: in c:foo) into a function-like macro.
3957 Closes https://github.com/curl/curl/pull/1571
3959 - mk-ca-bundle.pl: Check curl's exit code after certdata download
3961 - No longer allow partial downloads of certdata.
3963 Prior to this change partial downloads were (erroneously?) allowed since
3964 only the server code was checked to be 200.
3966 Bug: https://github.com/curl/curl/pull/1577
3967 Reported-by: Matteo B.
3969 Daniel Stenberg (16 Jun 2017)
3970 - dist: add the fuzz dir to the tarball
3972 - configure: disable nghttp2 too if HTTP has been disabled
3974 - http-proxy: fix build with --disable-proxy or --disable-http
3976 Reported-by: Dan Fandrich
3978 - fuzz/README: document how to build
3982 - [Frederik B brought this change]
3984 fuzz: corpora file structure, initial commit
3986 - [Frederik B brought this change]
3988 fuzz: bring oss-fuzz initial code converted to C89
3990 - http-proxy: only attempt FTP over HTTP proxy
3992 ... all other non-HTTP protocol schemes are now defaulting to "tunnel
3993 trough" mode if a HTTP proxy is specified. In reality there are no HTTP
3994 proxies out there that allow those other schemes.
3996 Assisted-by: Ray Satiro, Michael Kaufmann
4000 - TODO: the generated include file is gone
4002 ... since commit 73a2fcea0b
4004 - curl_setup.h: error out on CURL_WANTS_CA_BUNDLE_ENV use
4006 ... to make it really apparent if there's any user using this on purpose.
4008 Suggested-by: Jay Satiro
4012 - lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
4014 When this define was set, libcurl would check the environment variable
4015 named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This
4016 feature was only defined by the watcom and m32 makefiles and caused
4017 inconsistent behaviours among libcurls built on different platforms.
4019 The curl tool does already feature its own similar logic and the library
4020 does not really need it, and it isn't documented libcurl behavior. So
4021 this change removes it.
4025 - test1147: verify -H on a file
4027 - curl: allow --header and --proxy-header read from file
4029 So many headers can be provided as @filename.
4031 Suggested-by: Timothe Litt
4035 - RELEASE-NOTES: synced with 2ad80eec5
4037 - curl/curlver.h: start working on 7.55.0
4039 - http-proxy: do the HTTP CONNECT process entirely non-blocking
4041 Mentioned as a problem since 2007 (8f87c15bdac63) and of course it
4042 existed even before that.
4046 - progress: let "current speed" be UL + DL speeds combined
4049 Reported-by: Paul Harris
4052 Marcel Raad (14 Jun 2017)
4053 - system.h: fix MinGW build
4055 CURLSYS_PULL_WS2TCPIP_H got renamed to CURL_PULL_WS2TCPIP_H in commit
4056 73a2fcea0b4adea6ba342cd7ed1149782c214ae3.
4058 Daniel Stenberg (14 Jun 2017)
4059 - timers: store internal time stamps as time_t instead of doubles
4061 This gives us accurate precision and it allows us to avoid storing "no
4062 time" for systems with too low timer resolution as we then bump the time
4063 up to 1 microsecond. Should fix test 573 on windows.
4065 Remove the now unused curlx_tvdiff_secs() function.
4067 Maintains the external getinfo() API with using doubles.
4071 - dist: make the hugehelp.c not get regenerated unnecessarily
4073 The maketgz script now makes sure the generated hugehelp.c file in the
4074 tarball is newer than the generated curl.1 man page, so that it doesn't
4075 have to get unnecessarily rebuilt first thing in a typical build. It
4076 thus also removes the need for perl to build off a plain release
4081 - includes: remove curl/curlbuild.h and curl/curlrules.h
4083 Rely entirely on curl/system.h now.
4085 Introduced in Aug 2008 with commit 14240e9e109f. Now gone.
4089 Version 7.54.1 (14 Jun 2017)
4091 Daniel Stenberg (14 Jun 2017)
4094 Dan Fandrich (13 Jun 2017)
4095 - mk-lib1521.pl: updated to match the test changes in 916ec30a
4097 Daniel Stenberg (13 Jun 2017)
4098 - [Stuart Henderson brought this change]
4100 libressl: OCSP and intermediate certs workaround no longer needed
4102 lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed
4103 by intermediate certs, this was fixed in LibreSSL in
4104 https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0
4106 Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html
4108 - url: fix buffer overwrite with file protocol (CVE-2017-9502)
4110 Bug: https://github.com/curl/curl/issues/1540
4111 Advisory: https://curl.haxx.se/docs/adv_20170614.html
4113 Assisted-by: Ray Satiro
4114 Reported-by: Marcel Raad
4116 - urlglob: fix division by zero
4118 The multiply() function that is used to avoid integer overflows, was
4119 itself reason for a possible division by zero error when passed a
4120 specially formatted glob.
4122 Reported-by: GwanYeong Kim
4124 - configure: update the copyright year in the output
4126 - [ygrek brought this change]
4128 BINDINGS: update SP-Forth and OCaml urls
4130 Michael Kaufmann (11 Jun 2017)
4131 - FindWin32CACert: Use a temporary buffer on the stack
4133 Don't malloc() the temporary buffer, and use the correct type:
4134 SearchPath() works with TCHAR, but SearchPathA() works with char.
4135 Set the buffer size to MAX_PATH, because the terminating null byte
4136 is already included in MAX_PATH.
4138 Reviewed-by: Daniel Stenberg
4139 Reviewed-by: Marcel Raad
4143 Dan Fandrich (11 Jun 2017)
4144 - test1521: fixed OOM handling
4146 Daniel Stenberg (9 Jun 2017)
4147 - RELEASE-PROCEDURE: updated future release dates
4149 - [Paul Harris brought this change]
4151 gitignore: ignore all vim swap files
4155 - lib1521: fix compiler warnings on the use of bad 'long' values
4157 Reported-by: Marcel Raad
4158 Bug: https://github.com/curl/curl/commit/cccac4fb2b20d6ed87da7978408c3ecacc464fe4#commitcomment-22453387
4160 - setopt: check CURLOPT_ADDRESS_SCOPE option range
4162 ... and return error instead of triggering an assert() when being way
4165 Jay Satiro (8 Jun 2017)
4166 - [TheAssassin brought this change]
4168 cmake: Fix inconsistency regarding mbed TLS include directory
4170 Previously, one had to set MBEDTLS_INCLUDE_DIR to make CMake find the
4171 headers, but the system complained that mbed TLS wasn't found due to
4172 MBEDTLS_INCLUDE_DIRS (note the trailing s) was not set. This commit
4173 attempts to fix that.
4175 Closes https://github.com/curl/curl/pull/1541
4177 Daniel Stenberg (8 Jun 2017)
4178 - [Ryuichi KAWAMATA brought this change]
4180 examples/multi-uv.c: fix deprecated symbol
4184 - asyn-ares: s/Curl_expire_latest/Curl_expire
4186 - expire: remove Curl_expire_latest()
4188 With the introduction of expire IDs and the fact that existing timers
4189 can be removed now and thus never expire, the concept with adding a
4190 "latest" timer is not working anymore as it risks to not expire at all.
4192 So, to be certain the timers actually are in line and will expire, the
4193 plain Curl_expire() needs to be used. The _latest() function was added
4194 as a sort of shortcut in the past that's quite simply not necessary
4197 Follow-up to 31b39c40cf90
4199 Reported-by: Paul Harris
4203 - [Chris Carlmar brought this change]
4205 configure: fix link with librtmp when specifying path
4207 Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html
4209 - file: make speedcheck use current time for checks
4211 ... as it would previously just get the "now" timestamp before the
4212 transfer starts and then not update it again.
4216 - metalink: remove unused printf() argument
4218 - travis: let some builds *not* use --enable-debug
4220 typecheck-gcc and other things require optimized builds
4224 - README.md: show the coverall coverage on github
4226 - lib1521: fix compiler warnings
4228 - test1521: make the code < 80 columns wide
4230 - test1121: use stricter types to work with typcheck-gcc
4232 - typecheck-gcc: allow CURLOPT_STDERR to be NULL too
4234 - test1521: test *all* curl_easy_setopt options
4236 mk-lib1521.pl generates a test program (lib1521.c) that calls
4237 curl_easy_setopt() for every known option with a few typical values to
4238 make sure they work (ignoring the return codes).
4240 Some small changes were necessary to avoid asserts and NULL accesses
4243 The perl script needs to be manually rerun when we add new options.
4247 Dan Fandrich (5 Jun 2017)
4248 - test1538: added "verbose logs" keyword
4250 These error messages are not displayed with --disable-verbose
4252 Daniel Stenberg (5 Jun 2017)
4253 - test1262: verify ftp download with -z for "if older than this"
4255 Marcel Raad (5 Jun 2017)
4256 - curl_ntlm_core: use Curl_raw_toupper instead of toupper
4258 This was the only remaining use of toupper in the entire source code.
4260 Suggested-by: Daniel Stenberg
4262 Daniel Stenberg (4 Jun 2017)
4263 - RELEASE-NOTES: synced with 65ba92650
4265 Marcel Raad (4 Jun 2017)
4266 - curl_ntlm_core: pass unsigned char to toupper
4268 Otherwise, clang on Cygwin64 warns:
4269 curl_ntlm_core.c:525:35: error: array subscript is of type 'char'
4270 [-Werror,-Wchar-subscripts]
4271 dest[2 * i] = (unsigned char)(toupper(src[i]));
4273 /usr/include/ctype.h:152:25: note: expanded from macro 'toupper'
4274 (void) __CTYPE_PTR[__x]; (toupper) (__x);})
4277 Jay Satiro (3 Jun 2017)
4278 - [Mahmoud Samir Fayed brought this change]
4280 BINDINGS: add Ring binding
4282 Closes https://github.com/curl/curl/pull/1539
4284 Daniel Stenberg (4 Jun 2017)
4285 - CONTRIBUTE.md: mention tests done on pull requests
4287 - travis: add coverage, distcheck and cmake builds
4291 Marcel Raad (3 Jun 2017)
4292 - libtest: fix int-in-bool-context warnings
4295 ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
4297 - libtest: fix implicit-fallthrough warnings with GCC 7
4299 - x509asn1: fix implicit-fallthrough warning with GCC 7
4301 - curl_sasl: fix unused-variable warning
4303 This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
4304 as seen in the autobuilds:
4306 curl_sasl.c:417:9: warning: unused variable 'serverdata'
4309 Daniel Stenberg (3 Jun 2017)
4310 - updatemanpages.pl: error out on too old git version
4312 Marcel Raad (3 Jun 2017)
4313 - cyassl: define build macros before including ssl.h
4315 cyassl/ssl.h needs the macros from cyassl/options.h, so define them
4316 before including cyassl/ssl.h the first time, which happens in
4318 This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8
4319 and therefore redefines the symbols from cyassl/options.h instead of
4320 including the header.
4322 Closes https://github.com/curl/curl/pull/1536
4324 Daniel Stenberg (3 Jun 2017)
4325 - tool_util: remove unused tvdiff_secs and remove tool_ prefix
4329 - dedotdot: fixed output for ".." and "." only input
4331 Found when updating test 1395, which I did to increase test coverage of
4336 Marcel Raad (2 Jun 2017)
4337 - mbedtls: make TU-local variable static
4339 mbedtls_x509_crt_profile_fr is only used locally.
4340 This fixes a missing-variable-declarations warning with clang.
4342 - MD(4|5): silence cast-align clang warning
4344 Unaligned access is on purpose here and the warning is harmless on
4345 affected architectures. GCC knows that, while clang warns on all
4348 Daniel Stenberg (2 Jun 2017)
4349 - test1538: fix typo
4351 - test1538: verify the libcurl strerror API calls
4353 - curl_endian: remove unused functions
4357 - test1537: dedicated tests of the URL (un)escape API calls
4361 - coverage: run event tests too
4363 ... the torture ones are commented out only because they are slooooow.
4365 - build: provide easy code coverage measuring
4369 - typecheck-gcc.h: check CURLINFO_CERTINFO
4371 ... and update the certinfo.c example accordingly.
4373 Fixes https://github.com/curl/curl/issues/846
4375 - typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
4377 ... so that they get the required "struct curl_tlssessioninfo **"
4380 - typecheck-gcc.h: separate getinfo slist checks from other pointers
4384 Marcel Raad (1 Jun 2017)
4385 - curl-compilers.m4: escape square brackets in regex
4387 Otherwise, they are removed in the final configure file.
4388 Also changed sed to "$SED" like in most other calls in this file.
4390 - curl-compilers.m4: fix compiler_num for clang
4392 "clang -dumpversion" always returns "4.2.1", the GCC version that clang
4393 was initially compatible to. Use "clang -v" instead, which returns the
4394 actual clang version.
4396 Fixes https://github.com/curl/curl/issues/1522
4397 Closes https://github.com/curl/curl/pull/1523
4399 Daniel Stenberg (31 May 2017)
4400 - examples/externalsocket.c: s/closesocket/closecb
4402 ... since closesocket is a function in WinSock.
4404 Reported-by: Marcel Raad
4405 Bug: https://github.com/curl/curl/commit/55fcb8485914700132fd1854c9509b66c955efbe#co
4406 mmitcomment-22347818
4408 Marcel Raad (31 May 2017)
4409 - lib583: fix compiler warning
4411 Use CURLMcode for variable 'res' and cast to int where necessary
4412 instead of the other way around. Other tests do the same.
4414 This fixes the following clang warning:
4415 lib583.c:68:15: warning: cast from function call of type 'CURLMcode' to
4416 non-matching type 'int' [-Wbad-function-cast]
4418 Daniel Stenberg (31 May 2017)
4419 - CURLOPT_SSH_KEY*.3: typos
4421 Reported-by: Gisle Vanem
4423 - CURLOPT_STREAM_DEPENDS.3: typo
4425 - CURLOPT_FNMATCH_FUNCTION.3: also modified example to avoid fcpp issues
4427 - CURLOPT_FNMATCH_DATA.3: modified example to avoid fcpp issues
4429 - opts: more than 100 more examples for man pages...
4431 - libtest/lib574.c: use correct callback proto
4433 - examples/sampleconv.c: indent changes, made callbacks static
4435 - example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
4437 Marcel Raad (31 May 2017)
4438 - curl-compilers.m4: enable -Wshift-sign-overflow for clang
4440 clang 2.9+ supports -Wshift-sign-overflow, which warns about undefined
4441 behavior on signed left shifts when shifting by too many places.
4443 Ref: https://github.com/curl/curl/issues/1516
4444 Closes https://github.com/curl/curl/pull/1517
4446 Daniel Stenberg (31 May 2017)
4447 - CURLOPT_PROXY.3: fix test 1140 breakage
4449 Jay Satiro (31 May 2017)
4450 - build-wolfssl: Sync config with wolfSSL 3.11
4452 wolfSSL configure script relevant changes from 3.10 to 3.11:
4454 - Async threading support added; disabled by default without async
4455 crypto, which continues to be disabled by default.
4457 wolfSSL configure script relevant changes from 3.11 to 3.11.1 (beta):
4459 - TLS 1.3 beta support added; disabled by default.
4461 For experimenting I put in a comment block the defines needed to enable
4462 TLS 1.3 support (ie the equivalent of --enable-tls13).
4464 Daniel Stenberg (30 May 2017)
4465 - opts: more examples added to man pages
4467 - docs: clarify NO_PROXY further
4471 - CURLOPT_PROXY.3: describe the environment variables more
4473 - transfer: init the infilesize from the postfields...
4475 ... with a strlen() if no size was set, and do this in the pretransfer
4476 function so that the info is set early. Otherwise, the default strlen()
4477 done on the POSTFIELDS data never sets state.infilesize.
4479 Reported-by: Vincas Razma
4482 Jay Satiro (29 May 2017)
4483 - test557: fix ubsan runtime error due to int left shift
4485 - Test curl_msnprintf negative int width arg using INT_MIN instead of
4486 1 << 31 which is undefined behavior.
4488 Closes https://github.com/curl/curl/issues/1516
4490 - mbedtls: fix variable shadow warning
4492 vtls/mbedtls.c:804:69: warning: declaration of 'entropy' shadows a global declaration [-Wshadow]
4493 CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
4496 Daniel Stenberg (29 May 2017)
4497 - RELEASE-NOTES: synced with 3aaac8c2f
4499 Dan Fandrich (28 May 2017)
4500 - tests: removed some redundant empty <stdout> sections
4502 - runtests.pl: removed <precommand> feature
4504 This hasn't been used in over a decade. <precheck> can still be used to
4505 run commands before the main test.
4507 Daniel Stenberg (27 May 2017)
4508 - opts: more examples added in option man pages
4510 Dan Fandrich (27 May 2017)
4511 - runtests.pl: removed unused arguments to valgrindparse
4513 Daniel Stenberg (25 May 2017)
4514 - TODO: 6.4 is done, send telnet data in chunks
4516 - [Phil Crump brought this change]
4518 docs/CURLOPT_SSLVERSION.3: Correct define name in example
4522 - ssh: fix 'left' may be used uninitialized
4524 follow-up to f31760e63b4e
4526 Reported-by: Michael Kaufmann
4527 Bug: https://github.com/curl/curl/pull/1495#issuecomment-303982793
4529 Michael Kaufmann (24 May 2017)
4530 - time: fix type conversions and compiler warnings
4532 Fix bugs and compiler warnings on systems with 32-bit long and
4535 Reviewed-by: Daniel Stenberg
4539 Marcel Raad (24 May 2017)
4540 - examples: fix Wimplicit-fallthrough warnings
4542 This is contained in -Wextra with GCC 7.
4544 Daniel Stenberg (24 May 2017)
4545 - [Anatol Belski brought this change]
4547 winbuild: fix the nghttp2 build
4551 GitHub (24 May 2017)
4552 - [Sergei Nikulov brought this change]
4554 LDAP: documentation update per #878 changes (#1506)
4556 Daniel Stenberg (23 May 2017)
4557 - redirect: store the "would redirect to" URL when max redirs is reached
4559 Test 1261 added to verify.
4561 Reported-by: Lloyd Fournier
4566 GitHub (24 May 2017)
4567 - [Sergei Nikulov brought this change]
4569 LDAP: fixed checksrc issue
4571 - [Sergei Nikulov brought this change]
4573 LDAP: using ldap_bind_s on Windows with methods (#878)
4575 * LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG)
4577 * ldap: updated per build options handling
4579 * ldap: fixed logic for auth selection
4581 Daniel Stenberg (23 May 2017)
4582 - [Akhil Kedia brought this change]
4584 cmake: fix build on Ubuntu 14.04
4586 Fixed a syntax error with setting cache variables (The type and
4587 docstring were missing), resulting in build errors. Quoted the
4588 CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without
4589 quotes in C code, resulting in build errors.
4593 Signed-off-by: Akhil <akhil.kedia@samsung.com>
4595 - url: fix declaration of 'pipe' shadows a global declaration
4597 follow-up to 4cdb1be8246c
4599 Kamil Dudka (22 May 2017)
4600 - memdebug: fix compilation failure
4602 .... caused by a typo in the last commit (fixing issue #1504):
4604 memdebug.c: In function ‘curl_fclose’:
4605 memdebug.c:444:3: error: implicit declaration of function
4606 ‘DEBUGDEBUGASSERT’ [-Werror=implicit-function-declaration]
4608 Daniel Stenberg (22 May 2017)
4609 - assert: avoid, use DEBUGASSERT instead!
4611 ... as it does extra checks to actually work.
4613 Reported-by: jonrumsey at github
4616 - [Simon Warta brought this change]
4618 cmake: remove unused variables: GNUTLS_ENABLED, NSS_ENABLED
4620 - [Simon Warta brought this change]
4622 cmake: remove CURL_CA_BUNDLE from cmake TODO
4624 - [Simon Warta brought this change]
4626 cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
4630 - [Simon Warta brought this change]
4632 cmake: add CURL_CA_BUNDLE/CURL_CA_FALLBACK/CURL_CA_PATH options
4634 - [Simon Warta brought this change]
4636 cmake: Add CURL_CA_FALLBACK to curl_config.h.cmake
4638 This is for symmetry with the autoconf generated curl_config.h.in
4640 - RELEASE-NOTES: synced with 052a14e3c
4642 Michael Kaufmann (20 May 2017)
4643 - tests: stabilize test 1034
4645 Pass the invalid domain name on stdin. On some systems, the test
4646 framework cannot pass invalid UTF-8 sequences on the command line.
4650 Daniel Stenberg (20 May 2017)
4651 - ssh: ignore timeouts during disconnect
4653 ... as otherwise it risks not cleaning up the libssh2 handle properly
4654 which leads to memory leak!
4656 Assisted-by: Joel Depooter
4661 Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html
4663 - ghiper.c/hiperfifo.c: add comment about missing timer functionality
4665 It takes someone to read up on the APIs of these libraries to figure out
4666 how to do this correctly.
4668 Reported-by: Michael Kaufmann
4672 - asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input
4674 That means delete the timer.
4676 Reported-by: Michael Kaufmann
4679 - cmdline-opts/write-out.d: s/-L/--location
4681 Since the man page generator wants the long option name version to
4682 generate the proper output.
4684 - [Bernhard M. Wiedemann brought this change]
4686 mkhelp.pl: do not add current time into curl binary
4688 ... as part of hugehelpgz rodata to make build reproducible.
4690 See https://reproducible-builds.org/ for why this is good
4694 - oauth2-bearer.d: mention the <token> argument
4696 Nick Zitzmann (16 May 2017)
4697 - darwinssl: Fix exception when processing a client-side certificate file
4698 if no error was raised by the API but the SecIdentityRef was null
4702 Daniel Stenberg (16 May 2017)
4703 - curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
4705 Reported-by: wyattoday at github
4708 - docs/cmdline-opts/config.d: edit for language
4710 - RELEASE-NOTES: synced with eb16305e6
4712 - [moparisthebest brought this change]
4714 SecureTransport/DarwinSSL: Implement public key pinning
4718 - man pages: fix example syntax errors
4720 follow-up to 5ddad099b42b50
4722 - docs/libcurl/opts: added more examples in man pages
4724 - CURLOPT_HTTPPROXYTUNNEL: clarify, add example
4726 - curl: show the libcurl release date in --version output
4728 ... and support and additional "security patched" date for those who
4729 enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
4732 Building with non-release headers shows the date as [unreleased].
4734 Also: this changes the date format generated in the curlver.h file to be
4735 "YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
4736 make it easier on the eye and easier to parse. Example (new) date
4739 Suggested-by: Brian Childs
4743 Dan Fandrich (13 May 2017)
4744 - url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enough
4746 Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not
4747 exceedingly tiny and will break if it is. This same check is already
4748 done at run time in the CURLOPT_BUFFERSIZE option.
4750 - lib510: don't write past the end of the buffer if it's too small
4752 - tests: added missing keywords "chunked Transfer-Encoding"
4754 Daniel Stenberg (13 May 2017)
4755 - THANKS: add a few missing names
4757 ... I found them in the commit logs from the early years
4759 Dan Fandrich (13 May 2017)
4760 - tests: made a couple of prechecks consistent with others
4762 Also removed a TODO suggesting caching the precheck results. Tests
4763 showed this would save about 0.1 sec on the total test run time on a
4764 relatively modern system, an unnoticeable gain at the cost of longer and
4765 more complicated code. There would also be a danger that a cached test
4766 result would be inappropriately returned, such as when other test
4767 dependencies (like environment variables) are different or when the
4768 precheck causes side effects (like filesystem changes).
4770 Daniel Stenberg (12 May 2017)
4771 - FAQ: add 7.4 to toc
4773 ... and delete trailing whitespace
4777 - multi: remove leftover debug infof() calls from e9fd794a6
4779 - pipeline: fix mistakenly trying to pipeline POSTs
4781 The function IsPipeliningPossible() would return TRUE if either
4782 pipelining OR HTTP/2 were possible on a connection, which would lead to
4783 it returning TRUE even for POSTs on HTTP/1 connections.
4785 It now returns a bitmask so that the caller can differentiate which kind
4786 the connection allows.
4790 Reported-by: stootill at github
4792 Jay Satiro (12 May 2017)
4793 - [Ron Eldor brought this change]
4795 mbedtls: Support server renegotiation request
4797 Tested with servers: IIS 7.5; OpenSSL 1.0.2.
4799 Closes https://github.com/curl/curl/pull/1475
4801 Marcel Raad (11 May 2017)
4802 - cookie_interface: fix -Wcomma warning
4804 clang 5.0 complains:
4805 possible misuse of comma operator here [-Wcomma]
4807 - formdata: fix -Wcomma warning
4809 clang 5.0 complains:
4810 possible misuse of comma operator here [-Wcomma]
4812 Change the comma to a semicolon to fix that.
4814 Daniel Stenberg (10 May 2017)
4815 - multi: use a fixed array of timers instead of malloc
4817 ... since the total amount is low this is faster, easier and reduces
4820 Also, Curl_expire_done() can now mark an expire timeout as done so that
4825 - multi: assign IDs to all timers and make each timer singleton
4827 A) reduces the timeout lists drastically
4829 B) prevents a lot of superfluous loops for timers that expires "in vain"
4830 when it has actually already been extended to fire later on
4832 - [Richard Hsu brought this change]
4834 tests: remove superfluous test 1399
4836 @MarcelRaad noted that `test1399` causes infinite loop on MinGW.
4837 Looking into this, seems like it is related to how Windows handles
4838 CRLF. See https://github.com/curl/curl/commit/9e093f by @mback2k.
4839 Removing `test1399` as it's identical to `test1326` then with such a
4842 Test 1399 was broughy by commit 862b02f8947039e
4846 Dan Fandrich (9 May 2017)
4847 - tests: make test file names more unique
4849 Include the test number in the names of files written out by tests to
4850 reduce the chance of accidental duplication and to make it more clear
4851 which test is associated with which file.
4853 - tests: removed redundant --trace-ascii arguments
4855 This is already added by the test suite; it's not clear why all these
4856 tests had it, unless it's cargo-culting.
4858 Marcel Raad (9 May 2017)
4859 - tool: fix remaining -Wcast-qual warnings
4861 Avoid casting away low-level const.
4863 Daniel Stenberg (9 May 2017)
4864 - formboundary: convert assert into run-time check
4866 ... to really make sure the boundary fits in the target buffer.
4868 Fixes unused parameter 'buflen' warning.
4870 Reported-by: Michael Kaufmann
4871 Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754
4873 Dan Fandrich (9 May 2017)
4874 - tests: list the primary server first in the server section
4876 Daniel Stenberg (8 May 2017)
4877 - curl: generate the --help output
4879 ... using the docs/cmdline-opts/gen.pl script, so that we get all the
4880 command line option documentation from the same source.
4882 The generation of the list has to be done manually and pasted into the
4887 - tests: updated for modified fake random
4889 - [Jay Satiro brought this change]
4891 rand: treat fake entropy the same regardless of endianness
4893 When the random seed is purposely made predictable for testing purposes
4894 by using the CURL_ENTROPY environment variable, process that data in an
4895 endian agnostic way so the the initial random seed is the same
4896 regardless of endianness.
4898 - Change Curl_rand to write to a char array instead of int array.
4900 - Add Curl_rand_hex to write random hex characters to a buffer.
4905 Co-authored-by: Daniel Stenberg
4906 Reported-by: Michael Kaufmann
4908 Dan Fandrich (8 May 2017)
4909 - tests: give each stunnel.conf file a unique name
4911 Otherwise, subsequent uses of stunnel overwrite the configuration file
4912 of previous invocations so they can no longer be inspected.
4914 Marcel Raad (8 May 2017)
4915 - tool_msgs: remove wrong cast
4917 Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable
4918 type from int to size_t, so don't cast the result of strlen to int
4921 - tftpd: fix signed/unsigned mismatch warnings
4923 alarm's argument is unsigned.
4925 - libtest: fix MinGW-w64 warnings
4927 long is 32 bits while size_t is 64 bits on MinGW-w64, so
4928 typecheck-gcc.h complains when using size_t for a long option.
4929 Also, curl_socket_t is unsigned long long rather than int.
4931 Daniel Stenberg (8 May 2017)
4932 - curl.1: depend the build on the Makefile.inc too
4934 ... to also make it update when we remove files, like we did for
4935 --environment in commit a8e388dd1095.
4937 - RELEASE-NOTES: synced with e3f84efc32d6b01a
4939 - runtests: fix "use of undefined value" warning in -R handling
4941 Marcel Raad (8 May 2017)
4942 - test537: use correct variable type
4944 Avoids narrowing conversion warnings because rlim_t is usually
4947 Closes https://github.com/curl/curl/pull/1469
4949 - sendrecv: fix MinGW-w64 warning
4951 The first argument to select is an int, while curl_socket_t is
4952 unsigned long long when using WinSock. It's ignored anyway [1].
4954 [1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms740141.aspx
4956 - tool_parsecfg: fix -Wcast-qual warning
4958 Don't convert string literal to char * before assigning it to
4961 - asyn-thread: fix unused macro warnings
4963 Don't do anything in this file if CURLRES_THREADED is not defined.
4965 - tftp: silence bad-function-cast warning
4967 The cases this warns about are handled elsewhere, so just use an
4968 intermediate variable to silence the warning.
4970 Daniel Stenberg (7 May 2017)
4971 - [canavan at github brought this change]
4973 buildconf: fix hang on IRIX
4975 Apparently, /usr/bin/m4 ignores the --version parameter and waits for
4980 - opts: fix bad example formatting \n => \\n
4982 ...to render properly nroff.
4984 - opts: examples added to 8 more libcurl option man pages
4986 - curl: remove tool_writeenv.[ch]
4988 ... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
4989 support and its platform specific behavior has been annoying ever
4990 since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since
4991 then. Most probably not actually used for years.
4995 Dan Fandrich (6 May 2017)
4996 - runtests.pl: simplify the datacheck read section
4998 Also, document that numbered datacheck sections are possible.
5000 Marcel Raad (5 May 2017)
5001 - tests: fix -Wcast-qual warnings
5003 Avoid casting string literals to non-const char *.
5005 Daniel Stenberg (5 May 2017)
5006 - docs/opts: 24 more man pages now have examples
5008 - docs/opts: 23 more man pages now have examples
5010 - tests/server: run checksrc by default in debug-builds
5012 - curl_slist_append.3: clarify a NULL input creates a new list
5014 Marcel Raad (5 May 2017)
5015 - unit1305: fix compiler warning
5017 calloc and ai_addrlen expect different (usually unsigned) types.
5019 Daniel Stenberg (5 May 2017)
5020 - runtests: use -R for random order
5022 Suggested-by: Dan Fandrich
5024 - runtests: add -o to run test cases in scrambled order
5026 ... instead of numerical order.
5030 Dan Fandrich (4 May 2017)
5031 - sockfilt.c: shortened too long line
5033 Marcel Raad (4 May 2017)
5034 - tests/server: make string literals const
5036 assign string literals to const char * instead of char * in order to
5037 avoid a lot of these warnings:
5038 cast from 'const char *' to 'char *' drops const qualifier
5041 Dan Fandrich (4 May 2017)
5042 - schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
5044 - test557: set a known good numeric locale
5046 Windows does not allow setting the locale with environment variables (as
5047 the test attempted to do), so the test failed when run with a user
5048 locale that has a comma as radixchar. Changed the test to call
5049 setlocale() explicitly to ensure that a known working locale is set even
5052 Daniel Stenberg (4 May 2017)
5053 - curl: fix warning "comma at end of enumerator list"
5055 - test559: verify use of minimum CURLOPT_BUFFERSIZE
5057 Marcel Raad (4 May 2017)
5058 - curl_setup_once: use SEND_QUAL_ARG2 for swrite
5060 SEND_QUAL_ARG2 had to be set, but was never used. Use it in swrite to
5061 avoid warnings about casting away low-level const.
5063 Closes https://github.com/curl/curl/pull/1464
5065 Daniel Stenberg (4 May 2017)
5066 - CURLINFO_REDIRECT_URL.3: add example
5068 - CURLINFO_EFFECTIVE_URL.3: add example
5070 Marcel Raad (3 May 2017)
5071 - lib: fix compiler warnings
5073 Fix the following warnings when building the tests by using the correct
5075 cast from 'const char *' to 'void *' drops const qualifier
5077 implicit conversion changes signedness [-Wsign-conversion]
5079 - typecheck-gcc: add support for CURLINFO_SOCKET
5081 Closes https://github.com/curl/curl/pull/1452
5083 - typecheck-gcc: add missing string options
5085 Closes https://github.com/curl/curl/pull/1452
5087 Daniel Stenberg (3 May 2017)
5088 - abstract-unix-socket.d: shorten the help text to fit within 79 cols
5090 - RELEASE-NOTES: synced with 862b02f89
5092 - [Richard Hsu brought this change]
5094 Telnet: Write full buffer instead of byte-by-byte
5096 Previous TODO wanting to write in chunks. We should support writing more
5097 at once since some TELNET servers may respond immediately upon first
5098 byte written such as WHOIS servers.
5102 - curl: non-boolean command line args reject --no- prefixes
5104 ... and instead properly respond with an error message to the user
5105 instead of silently ignoring.
5110 Marcel Raad (2 May 2017)
5111 - testpart: remove _MPRINTF_REPLACE
5113 Support for _MPRINTF_REPLACE in mprintf.h was removed in
5114 55452ebdff47f98bf3cc383f1dfc3623fcaefefd, replaced with curl_printf.h.
5116 Dan Fandrich (2 May 2017)
5117 - gtls: fixed a lingering BUFSIZE reference
5119 Daniel Stenberg (2 May 2017)
5120 - ssh: fix compiler warning from e40e9d7f0de
5122 - url: let CURLOPT_BUFFERSIZE realloc to smaller sizes too
5126 - BUFSIZE: rename to READBUFFER_*, make separate MASTERBUF_SIZE
5128 - openssl: use local stack for temp storage
5130 - sendf: remove use of BUFSIZE from debug data conversions
5132 The buffer can have other sizes.
5134 - buffer: use data->set.buffer_size instead of BUFSIZE
5136 ... to properly use the dynamically set buffer size!
5138 - krb5: use private buffer for temp string, not receive buffer
5140 - upload: UPLOAD_BUFSIZE is now for the upload buffer
5142 - unit1606: do not print/access buffer
5144 It was a wrong assumption that it could do that!
5146 - http-proxy: use a dedicated CONNECT response buffer
5148 To make it suitably independent of the receive buffer and its flexible
5151 - transfer: fix minor buffer_size mistake
5153 - failf: use private buffer, don't clobber receive buffer
5155 - pingpong: use the set buffer size
5157 - http2: use the correct set buffer size
5159 - http: don't clobber the receive buffer for timecond
5161 - buffer_size: make sure it always has the correct size
5163 Removes the need for CURL_BUFSIZE
5165 - file: use private buffer for C-L output
5167 ... instead of clobbering the download buffer.
5169 - CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
5171 The buffer is needed to receive FTP, HTTP CONNECT responses etc so
5172 already at this size things risk breaking and smaller is certainly not
5175 - ftp: use private buffer for temp storage, not receive buffer
5177 - http: use private user:password output buffer
5179 Don't clobber the receive buffer.
5181 Marcel Raad (1 May 2017)
5182 - anyauthput: remove unused code
5184 The definition of TRUE was introduced in
5185 4a728747e6f8845e500910e397dfc99aaf4a7984 and is not used anymore since
5186 e664cd5826d43930fcc5b5dbaedbec94af33184b.
5187 The usage of intptr_t was removed in
5188 32e38b8f42477cf5ce3c3fef2fcc9db82f7fb7be.
5190 Jay Satiro (1 May 2017)
5191 - tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
5193 - Include tool_convert.h where needed.
5195 Bug: https://github.com/curl/curl/issues/1460
5196 Reported-by: Gisle Vanem
5198 - curl_setup: Ensure no more than one IDN lib is enabled
5200 Prior to this change it was possible for libcurl to be built with both
5201 Windows' native IDN lib (normaliz) and libidn2 enabled. It appears that
5202 doesn't offer any benefit --and could cause a bug-- since libcurl's IDN
5203 handling is written to use either one but not both.
5205 Bug: https://github.com/curl/curl/issues/1441#issuecomment-297689856
5206 Reported-by: Gisle Vanem
5208 Marcel Raad (1 May 2017)
5209 - getpart: use correct variable type
5211 This fixes the following clang warning:
5212 getpart.c:201:17: warning: cast from function call of type 'CURLcode'
5213 to non-matching type 'int' [-Wbad-function-cast]
5215 - tests: declare TU-local variables static
5217 This fixes missing-variable-declarations warnings when building with
5220 - tool_cb_prg: fix double-promotion warning
5223 tool_cb_prg.c:86:22: error: implicit conversion increases
5224 floating-point precision: 'float' to 'double'
5225 [-Werror,-Wdouble-promotion]
5227 Fix this by using a double instead of a float constant.
5229 Dan Fandrich (1 May 2017)
5230 - examples: fixed too long line and too long string warnings
5232 Marcel Raad (30 Apr 2017)
5233 - examples: declare TU-local variables static
5235 This fixes missing-variable-declarations warnings when building with
5238 - http2: declare TU-local variables static
5240 This fixes the following clang warnings:
5242 http2.c:184:27: error: no previous extern declaration for non-static
5243 variable 'Curl_handler_http2' [-Werror,-Wmissing-variable-declarations]
5244 http2.c:204:27: error: no previous extern declaration for non-static
5245 variable 'Curl_handler_http2_ssl'
5246 [-Werror,-Wmissing-variable-declarations]
5248 Dan Fandrich (30 Apr 2017)
5249 - unit1604: fixed indentation
5251 - unit1604: fixed compilation under Windows, broken in the previous commit
5253 - tests: fixed OOM handling of unit tests to abort test
5255 It's dangerous to continue to run the test when a memory alloc fails.
5257 Marcel Raad (29 Apr 2017)
5258 - curl_rtmp: fix missing-variable-declarations warnings
5262 curl_rtmp.c:61:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmp' [-Werror,-Wmissing-variable-declarations]
5263 curl_rtmp.c:81:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpt' [-Werror,-Wmissing-variable-declarations]
5264 curl_rtmp.c:101:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpe' [-Werror,-Wmissing-variable-declarations]
5265 curl_rtmp.c:121:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpte' [-Werror,-Wmissing-variable-declarations]
5266 curl_rtmp.c:141:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmps' [-Werror,-Wmissing-variable-declarations]
5267 curl_rtmp.c:161:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpts' [-Werror,-Wmissing-variable-declarations]
5269 Fix this by including the header file.
5271 Dan Fandrich (29 Apr 2017)
5272 - url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
5274 - tests: added --remote-time tests for remaining protocols that support it
5276 - runtests.pl: support multiline <postcheck> commands
5278 - tool_operate: use utimes instead of obsolescent utime when available
5280 - test1443: test --remote-time
5282 - http-proxy: removed unused argument in CURL_DISABLE_PROXY case
5284 Missed in commit 55c3c02e
5286 Daniel Stenberg (27 Apr 2017)
5287 - cookie_interface.c: changed the other domain to example.com too
5289 - cookie_interface.c: fix cookie domain so the example works
5291 Dan Fandrich (26 Apr 2017)
5292 - Makefile: fix make dist
5294 Commit 80a87e8a broke 'make dist' as it can't handle installing from
5295 absolute target names. Rearranged the dependencies so the absolute name
5296 is used for building but the relative name is use for distributing.
5298 Marcel Raad (26 Apr 2017)
5299 - lib: remove unused code
5301 This fixes the following clang warnings:
5302 macro is not used [-Wunused-macros]
5303 will never be executed [-Wunreachable-code]
5305 Closes https://github.com/curl/curl/pull/1448
5307 Daniel Stenberg (26 Apr 2017)
5308 - http-proxy: remove unused argument from Curl_proxyCONNECT()
5310 - [Martin Kepplinger brought this change]
5312 url: declare get_protocol_family() static
5314 get_protocol_family() is not defined static even though there is a
5315 static local forward declaration. Let's simply make the definition match
5318 Bug: https://curl.haxx.se/mail/lib-2017-04/0127.html
5320 - examples: ftpuploadfrommem.c
5322 Uploads data to an FTP site, directly from memory.
5326 Kamil Dudka (25 Apr 2017)
5327 - nss: load libnssckbi.so if no other trust is specified
5329 The module contains a more comprehensive set of trust information than
5330 supported by nss-pem, because libnssckbi.so also includes information
5331 about distrusted certificates.
5333 Reviewed-by: Kai Engert
5336 - nss: factorize out nss_{un,}load_module to separate fncs
5338 No change of behavior is intended by this commit.
5340 - nss: do not leak PKCS #11 slot while loading a key
5342 It could prevent nss-pem from being unloaded later on.
5344 Bug: https://bugzilla.redhat.com/1444860
5346 Marcel Raad (25 Apr 2017)
5347 - typecheck-gcc: fix _curl_is_slist_info
5349 Info values starting with CURLINFO_SOCKET expect a curl_socket_t, not a
5350 curl_slist argument.
5352 This fixes the following GCC warning when building the examples with
5355 ../../include/curl/typecheck-gcc.h:126:42: warning: call to
5356 ‘_curl_easy_getinfo_err_curl_slist’ declared with attribute warning:
5357 curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this
5358 info [enabled by default]
5359 sendrecv.c:90:11: note: in expansion of macro ‘curl_easy_getinfo’
5360 res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd);
5362 Closes https://github.com/curl/curl/pull/1447
5364 Daniel Stenberg (25 Apr 2017)
5365 - curl: set a 100K buffer size by default
5367 Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian
5370 Before (middle performing run out 9):
5376 After (middle performing run out 9)
5378 real 0m26.356s (93.9%)
5379 user 0m5.324s (47.4%)
5380 sys 0m8.368s (65.0%)
5382 Also, doing SFTP over a 200 millsecond latency link is now about 6 times
5387 - transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload()
5389 The data->req.uploadbuf struct member served no good purpose, instead we
5390 use ->state.uploadbuffer directly. It makes it clearer in the code which
5391 buffer that's being used.
5393 Removed the 'SingleRequest *' argument from the readwrite_upload() proto
5394 as it can be derived from the Curl_easy struct. Also made the code in
5395 the readwrite_upload() function use the 'k->' shortcut to all references
5396 to struct fields in 'data->req', which previously was made with a mix of
5399 Jay Satiro (25 Apr 2017)
5400 - configure: stop prepending to LDFLAGS, CPPFLAGS
5402 - Change prepends to appends because user's LDFLAGS and CPPFLAGS should
5403 always come first so they're searched before ours.
5405 Bug: https://github.com/curl/curl/issues/1420
5406 Reported-by: Helmut K. C. Tessarek
5408 Marcel Raad (25 Apr 2017)
5409 - if2ip: fix -Wcast-align warning
5411 Follow-up to 119037325de02579f5c58256ca2ed2a0aa592c86, which fixed the
5412 warning in the HAVE_GETIFADDRS block, but not in the
5413 HAVE_IOCTL_SIOCGIFADDR block.
5415 Dan Fandrich (24 Apr 2017)
5416 - Makefile: avoid use of GNU-specific form of $<
5418 $< is only allowed in implicit rules in some non-GNU makes (e.g. BSD,
5419 AIX) so avoid use elsewhere by referencing the dependent curl.1 file
5420 directly instead. This is somewhat tricky because the file is supplied
5421 in the packaged tar ball (but not in git) but must still be able to be
5422 rebuilt when its dependencies change. The right thing must happen in
5423 both tar ball and git source trees, as well as in both in-tree and
5426 Kamil Dudka (24 Apr 2017)
5427 - nss: adapt to the new Curl_llist API
5429 This commit fixes compilation failure caused by
5430 cbae73e1dd95946597ea74ccb580c30f78e3fa73.
5432 Marcel Raad (24 Apr 2017)
5433 - curl-compilers.m4: accept -Og and -Ofast GCC flags
5435 -Og, introduced in GCC 4.8, optimizes for debugging experience.
5436 -Ofast, introduced in GCC 4.7, builds on -O3 and enables further
5437 optimizations breaking strict standards compliance.
5438 When specified in CFLAGS, these were always overridden by -O0 or -O2.
5439 Fix this by adding them to flags_opt_all.
5441 Ref: https://gcc.gnu.org/onlinedocs/gcc-4.8.0/gcc/Optimize-Options.html
5442 Ref: https://github.com/curl/curl/pull/1404#issuecomment-296401570
5443 Closes https://github.com/curl/curl/pull/1440
5445 Daniel Stenberg (24 Apr 2017)
5446 - RELEASE-NOTES: synced with c68fed875
5448 - configure: fix the -ldl check for openssl, add -lpthread check
5450 The check for if -ldl is needed to build with (a statically built)
5451 openssl was broken. This repairs the check, and adds a check for
5452 -lpthread as well since OpenSSL 1.1.0+ does in fact require -lpthread so
5453 only adding -ldl for a static openssl build is no longer enough.
5455 Reported-by: Jay Satiro
5459 - llist: fix a comment after cbae73e1dd9
5461 Pointed-it-by: Kevin Ji
5462 URL: https://github.com/curl/curl/commit/cbae73e1dd95946597ea74ccb580c30f78e3fa73#commitcomment-21872622
5464 Jay Satiro (22 Apr 2017)
5465 - schannel: Don't treat encrypted partial record as pending data
5467 - Track when the cached encrypted data contains only a partial record
5468 that can't be decrypted without more data (SEC_E_INCOMPLETE_MESSAGE).
5470 - Change Curl_schannel_data_pending to return false in such a case.
5472 Other SSL libraries have pending data functions that behave similarly.
5474 Ref: https://github.com/curl/curl/pull/1387
5476 Closes https://github.com/curl/curl/pull/1392
5478 Daniel Stenberg (22 Apr 2017)
5479 - [Alan Jenkins brought this change]
5481 multi: clarify condition in curl_multi_wait
5483 `if(nfds || extra_nfds) {` is followed by `malloc(nfds * ...)`.
5485 If `extra_fs` could be non-zero when `nfds` was zero, then we have
5486 `malloc(0)` which is allowed to return `NULL`. But, malloc returning
5487 NULL can be confusing. In this code, the next line would treat the NULL
5488 as an allocation failure.
5490 It turns out, if `nfds` is zero then `extra_nfds` must also be zero.
5491 The final value of `nfds` includes `extra_nfds`. So the test for
5492 `extra_nfds` is redundant. It can only confuse the reader.
5496 Marcel Raad (22 Apr 2017)
5497 - lib: fix maybe-uninitialized warnings
5499 With -Og, GCC complains:
5501 easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
5503 ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
5504 vauth/digest.c:208:9: note: ‘tok_buf’ was declared here
5506 ../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
5507 vauth/digest.c:566:15: note: ‘tok_buf’ was declared here
5509 Fix this by initializing the variables.
5511 Dan Fandrich (22 Apr 2017)
5512 - gnutls: removed some code when --disable-verbose is configured
5514 This reduces the binary size and fixes a compile warning.
5516 Daniel Stenberg (22 Apr 2017)
5517 - llist: no longer uses malloc
5519 The 'list element' struct now has to be within the data that is being
5520 added to the list. Removes 16.6% (tiny) mallocs from a simple HTTP
5521 transfer. (96 => 80)
5523 Also removed return codes since the llist functions can't fail now.
5525 Test 1300 updated accordingly.
5529 Marcel Raad (21 Apr 2017)
5530 - typecheck-gcc: handle function pointers properly
5532 All the callbacks passed to curl_easy_setopt are defined as function
5533 pointers. The possibility to pass both functions and function pointers
5534 was handled for the callbacks that typecheck-gcc.h defined as
5535 compatible, but not for the public callback types themselves.
5537 This makes all compatible callback types defined in typecheck-gcc.h
5538 function pointers too and checks all functions uniformly with
5539 _curl_callback_compatible, which handles both functions and function
5542 A symptom of the problem was a warning in tool_operate.c with
5543 --disable-libcurl-option and without --enable-debug as that file
5544 passes the callback functions to curl_easy_setopt directly.
5546 Fixes https://github.com/curl/curl/issues/1403
5547 Closes https://github.com/curl/curl/pull/1404
5549 Dan Fandrich (21 Apr 2017)
5550 - mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
5552 In that case, use libcurl's internal MD4 routine. This fixes tests 1013
5553 and 1014 which were failing due to configure assuming NTLM and SMB were
5554 always available whenever mbed TLS was in use (which is now true).
5556 Daniel Stenberg (21 Apr 2017)
5557 - tests: remove the html and PDF versions from the tarball
5559 - openssl: fix memory leak in servercert
5561 ... when failing to get the server certificate.
5563 - Revert "src/Makefile.am: avoid explicit $<"
5565 This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5.
5567 Since it broke out-of-tree builds from tarballs. See discussion in #1432
5569 - bump: start working on next release
5571 - src/Makefile.am: avoid explicit $<
5573 ... since apparently "BSD make" doesn't support it.
5575 Reported-by: Thomas Klausner
5578 Version 7.54.0 (19 Apr 2017)
5580 Daniel Stenberg (19 Apr 2017)
5581 - THANKS: add contributors from 7.54.0 release notes
5583 - RELEASE-NOTES: curl 7.54.0
5585 Marcel Raad (18 Apr 2017)
5586 - nss: fix MinGW compiler warnings
5588 This fixes 3 warnings issued by MinGW:
5589 1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of
5590 PRInt32, which is 64 bits on Windows. Fixed this by including the
5591 corresponding header file instead of redeclaring the function, which is
5592 supported even though it is in the private include folder. [1]
5593 2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit
5594 narrowing cast is needed.
5595 3. Curl_timeleft returns time_t instead of long since commit
5596 21aa32d30dbf319f2d336e0cb68d3a3235869fbb.
5598 [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_ImportTCPSocket
5600 Closes https://github.com/curl/curl/pull/1393
5602 Daniel Stenberg (18 Apr 2017)
5603 - [Jay Satiro brought this change]
5605 TLS: Fix switching off SSL session id when client cert is used
5607 Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl
5608 will each have their own sessionid flag.
5610 Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
5611 this issue had been fixed in 247d890, CVE-2016-5419.
5613 Bug: https://github.com/curl/curl/issues/1341
5614 Reported-by: lijian996@users.noreply.github.com
5616 The new incarnation of this bug is called CVE-2017-7468 and is documented
5617 here: https://curl.haxx.se/docs/adv_20170419.html
5619 - [David Benjamin brought this change]
5621 openssl: don't try to print nonexistant peer private keys
5623 X.509 certificates carry public keys, not private keys. Fields
5624 corresponding to the private half of the key will always be NULL.
5628 - [David Benjamin brought this change]
5630 openssl: fix thread-safety bugs in error-handling
5632 ERR_error_string with NULL parameter is not thread-safe. The library
5633 writes the string into some static buffer. Two threads doing this at
5634 once may clobber each other and run into problems. Switch to
5635 ERR_error_string_n which avoids this problem and is explicitly
5638 Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
5639 comments (fixed buffer size, explaining that ERR_error_string_n was
5640 added in a particular version) date to when ossl_strerror tried to
5641 support pre-ERR_error_string_n OpenSSLs.
5645 - [David Benjamin brought this change]
5647 openssl: make SSL_ERROR_to_str more future-proof
5649 Rather than making assumptions about the values, use a switch-case.
5653 - [Daniel Gustafsson brought this change]
5655 code: fix typos and style in comments
5657 A few random typos, and minor whitespace cleanups, found in comments
5662 Marcel Raad (17 Apr 2017)
5663 - extern-scan.pl: strip trailing CR
5665 This makes test 1135 pass with CRLF checkouts.
5667 Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
5668 Closes https://github.com/curl/curl/pull/1422
5670 - configure.ac: ignore CR after version numbers
5672 Ignore everything after the version numbers in LIBCURL_VERSION and
5673 LIBCURL_VERSION_NUM to ged rid of the extra CR character.
5674 This makes tests 1022 and 1023 pass on Linux with a CRLF checkout.
5676 Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
5677 Closes https://github.com/curl/curl/pull/1422
5679 - .gitattributes: force shell scripts to LF
5681 Bash on Linux errors out on CR characters.
5682 This makes tests 1221 and 1222 pass on Linux with a CRLF checkout.
5684 Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
5685 Closes https://github.com/curl/curl/pull/1422
5687 - unit1303: fix compiler warning
5689 MinGW-w64 complains:
5690 warning: conversion to 'long int' from 'time_t {aka long long int}' may
5691 alter its value [-Wconversion]
5692 Fix this by using the correct type.
5694 Daniel Stenberg (16 Apr 2017)
5695 - RELEASE-NOTES: synced with 1451271e0
5697 - [Larry Stefani brought this change]
5699 http2: fix handle leak in error path
5701 Add missing newhandle free call in push_promise().
5705 - [Larry Stefani brought this change]
5707 mbedtls: fix memory leak in error path
5709 Add missing our_ssl_sessionid free call in mbed_connect_step3().
5713 Marcel Raad (15 Apr 2017)
5714 - curl-compilers.m4: turn implicit function declarations into errors
5716 This adds -Werror-implicit-function-declaration for GCC 2.95+ so that
5717 these errors are visible at the point where they occur instead of only
5719 Implicit function declarations are illegal in C99 and C++ anyway, and
5720 the same warning has been turned into an error for ICC in commit
5721 3072c5b8a127057aa922b7c51051bbb4a630b091.
5723 Ref: https://gcc.gnu.org/onlinedocs/gcc-2.95.2/gcc_2.html#SEC8
5724 Ref: https://curl.haxx.se/mail/lib-2017-04/0001.html
5725 Closes https://github.com/curl/curl/pull/1419
5727 - test1541: also test for CURL_PULL_WS2TCPIP_H
5729 Ref: https://github.com/curl/curl/issues/1408
5730 Closes https://github.com/curl/curl/pull/1412
5732 - tests/server/util: prefer <poll.h> over <sys/poll.h>
5734 Follow-up to aa573c3c55cda72ec5ef677d87f6f46a53385f0c
5736 Ref: https://github.com/curl/curl/pull/1406
5738 Daniel Stenberg (11 Apr 2017)
5739 - Curl_expire_latest: ignore already expired timers
5741 If the existing timer is still in there but has expired, the new timer
5744 Reported-by: Rainer Canavan
5745 Bug: https://curl.haxx.se/mail/lib-2017-04/0030.html
5748 - system.h: fix mingw section
5750 Reported-by: Marcel Raad
5754 Marcel Raad (11 Apr 2017)
5755 - polarssl: unbreak build with versions < 1.3.8
5757 ssl_session_init was only introduced in version 1.3.8, the penultimate
5758 version. The function only contains a memset, so replace it with that.
5760 Suggested-by: Jay Satiro
5761 Fixes https://github.com/curl/curl/issues/1401
5763 - poll: prefer <poll.h> over <sys/poll.h>
5765 The POSIX standard location is <poll.h>. Using <sys/poll.h> results in
5766 warning spam when using the musl standard library.
5768 Closes https://github.com/curl/curl/pull/1406
5770 Daniel Stenberg (10 Apr 2017)
5771 - [Alexis La Goutte brought this change]
5773 openssl: fix this statement may fall through [-Wimplicit-fallthrough=]
5777 Kamil Dudka (10 Apr 2017)
5778 - nss: load CA certificates even with --insecure
5780 ... because they may include an intermediate certificate for a client
5781 certificate and the intermediate certificate needs to be presented to
5782 the server, no matter if we verify the peer or not.
5784 Reported-by: thraidh
5787 Daniel Stenberg (10 Apr 2017)
5788 - RELEASE-NOTES: synced with f9d1e9a27f7e1
5790 Dan Fandrich (10 Apr 2017)
5791 - libcurl-thread.3: fixed a bad macro that caused test 1140 to fail
5793 Daniel Stenberg (9 Apr 2017)
5794 - libcurl-thread.3: also mention threaded-resolver
5796 Reported-by: Alex Bligh
5797 Bug: https://curl.haxx.se/mail/lib-2017-04/0044.html
5799 - .github/stale.yml: enable the stale bot
5801 Issues and PRs with no activity for 180 days will get marked as stale,
5802 and if no further activity happens within 14 more days, the issue gets
5805 This follows our established policy of not letting stalled bugs "get in
5806 the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs
5810 Jay Satiro (8 Apr 2017)
5811 - CURLINFO_SCHEME.3: fix variable type
5813 - Change documented param type to char ** from incorrect long *.
5815 Marcel Raad (8 Apr 2017)
5816 - INSTALL.md: fix secure transport configure arguments
5818 --without-ssl is needed instead of --with-winssl.
5820 - vtls: fix unreferenced variable warnings
5822 ... by moving the variables into the correct #ifdef block.
5824 Daniel Stenberg (7 Apr 2017)
5825 - BUGS: "Bugs in old versions"
5827 - system.h: add section for tcc
5831 Marcel Raad (7 Apr 2017)
5832 - schannel: fix compiler warnings
5834 When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps
5835 directly to its argument. As it is declared as a pointer to const and
5836 InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW
5837 issue a warning about implicitly casting away the const. Fix this by declaring
5838 the variables as pointers to non-const.
5840 Closes https://github.com/curl/curl/pull/1394
5842 - [Isaac Boukris brought this change]
5844 sspi: print out InitializeSecurityContext() error message
5846 Reported-by: Carsten (talksinmath)
5851 - gtls: fix compiler warning
5853 Curl_timeleft returns time_t instead of long since commit
5854 21aa32d30dbf319f2d336e0cb68d3a3235869fbb.
5856 Daniel Stenberg (6 Apr 2017)
5857 - test1606: verify speedcheck
5859 - low_speed_limit: improved function for longer time periods
5861 Previously, periods of fast speed between periods of slow speed would
5862 not count and could still erroneously trigger a timeout.
5864 Reported-by: Paul Harris
5868 - system.h: set sizeof long to 4 on "default 32 bit" systems
5870 Triggered a test failure on test 1541 for the build known as
5871 "Linux 4.4 i686 tcc 0.9.26 glibc 2.20"
5873 Marcel Raad (6 Apr 2017)
5874 - nss: fix build after e60fe20fdf94e829ba5fce33f7a9d6c281149f7d
5876 Curl_llist_alloc is now Curl_llist_init.
5878 Closes https://github.com/curl/curl/pull/1391
5880 Daniel Stenberg (6 Apr 2017)
5881 - INSTALL.cmake: more problems
5883 and mention specific issues where they are discussed
5885 - test1541: ignore the curl_off_t variable type name comparison
5887 ... the sizes and the formatting strings are what's really important and
5888 avoids problems with int64_t vs "long long".
5890 Bug: https://curl.haxx.se/mail/lib-2017-04/0019.html
5892 - Revert "configure: prefer 'long long' to int64_t for curl_off_t"
5894 This reverts commit 81284374bf3c670d2050f8562edeb69f060b07cc.
5896 Due to mingw32 brekage.
5898 Marcel Raad (5 Apr 2017)
5899 - tool_operate: fix MinGW compiler warning
5902 tool_operate.c:197:15: error: comparison is always true due to limited range
5903 of data type [-Werror=type-limits]
5905 Fix this by only doing the comparison if 'long' is large enough to hold the
5906 constant it is compared with.
5908 Closes https://github.com/curl/curl/pull/1378
5910 - tool_operate: move filetime code to its own function
5912 Ref: https://github.com/curl/curl/pull/1378
5914 Daniel Stenberg (5 Apr 2017)
5915 - configure: prefer 'long long' to int64_t for curl_off_t
5917 Since it is a native type and it makes it less complicated to find a
5918 matching one in system.h
5920 Bug: https://curl.haxx.se/mail/lib-2017-04/0010.html
5921 Reported-by: Dan Fandrich
5925 - [Dániel Bakai brought this change]
5927 tests: added test for Curl_splaygetbest to unit1309
5929 This checks the new behavior of Curl_splaygetbest, so that the smallest
5930 node not larger than the key is removed, and FIFO behavior is kept even
5931 when there are multiple nodes with the same key.
5935 - [Dániel Bakai brought this change]
5937 multi: fix queueing of pending easy handles
5939 Multi handles repeatedly invert the queue of pending easy handles when
5940 used with CURLMOPT_MAX_TOTAL_CONNECTIONS. This is caused by a multistep
5941 process involving Curl_splaygetbest and violates the FIFO property of
5943 This patch fixes this issue by redefining the "best" node in the
5944 context of timeouts as the "smallest not larger than now", and
5945 implementing the necessary data structure modifications to do this
5946 effectively, namely:
5947 - splay nodes with the same key are now stored in a doubly-linked
5948 circular list instead of a non-circular one to enable O(1)
5949 insertion to the tail of the list
5950 - Curl_splayinsert inserts nodes with the same key to the tail of
5952 - in case of multiple nodes with the same key, the one on the head of
5953 the list gets selected
5955 Marcel Raad (4 Apr 2017)
5956 - tool: fix Windows Unicode build
5958 ... by explicitly calling the ANSI versions of Windows API functions where
5961 Daniel Stenberg (4 Apr 2017)
5962 - [Martin Kepplinger brought this change]
5964 curl_sasl: declare mechtable static
5966 struct mechtable is only used locally here. It can be declared static.
5968 Jay Satiro (4 Apr 2017)
5969 - [Antti Hätälä brought this change]
5971 url: don't free postponed data on connection reuse
5973 - Don't free postponed data on a connection that will be reused since
5974 doing so can cause data loss when pipelining.
5976 Only Windows builds are affected by this.
5978 Closes https://github.com/curl/curl/issues/1380
5980 Daniel Stenberg (4 Apr 2017)
5981 - RELEASE-NOTES: synced with 4f2e348f9b42c69c480
5983 - hash: move key into hash struct to reduce mallocs
5985 This removes one tiny malloc for each hash struct allocated. In a simple
5986 case like "curl localhost", this save three mallocs.
5990 - llist: replace Curl_llist_alloc with Curl_llist_init
5992 No longer allocate the curl_llist head struct for lists separately.
5994 Removes 17 (15%) tiny allocations in a normal "curl localhost" invoke.
5998 Jay Satiro (4 Apr 2017)
5999 - easy: silence compiler warning
6001 Safe to silence warning adding time delta of poll, which can trigger on
6002 Windows since sizeof time_t > sizeof long.
6004 warning C4244: '+=' : conversion from 'time_t' to 'long', possible loss
6007 Daniel Stenberg (4 Apr 2017)
6008 - [Richlv brought this change]
6010 docs: minor typo in write-out.d
6014 - include: curl/system.h is a run-time version of curlbuild.h
6016 system.h is aimed to replace curlbuild.h at a later point in time when
6017 we feel confident system.h works sufficiently well.
6019 curl/system.h is currently used in parallel with curl/curlbuild.h
6021 curl/system.h determines a data sizes, data types and include file
6022 status based on available preprocessor defines instead of getting
6023 generated at build-time. This, in order to avoid relying on a build-time
6024 generated file that makes it complicated to do 32 and 64 bit bields from
6025 the same installed set of headers.
6027 Test 1541 verifies that system.h comes to the same conclusion that
6032 - multi: make curl_multi_wait avoid malloc in the typical case
6034 When only a few additional file descriptors are used, avoid the malloc.
6038 Marcel Raad (3 Apr 2017)
6039 - tests/server/util: remove in6addr_any for recent MinGW
6041 In ancient MinGW versions, in6addr_any was declared as extern, but not
6042 defined. Because of that, 22a0c57746ae12506b1ba0f0fafffd26c1907d6a added
6043 definitions for in6addr_any when compiling with MinGW. The bug was fixed in
6044 w32api version 3.6 from 2006, so this workaround is not needed anymore for
6047 This fixes the following MinGW-w64 warnings because the MinGW-w64 version of
6048 IN6ADDR_ANY_INIT has the two additional braces inside the macro:
6049 util.c:59:14: warning: braces around scalar initializer
6050 util.c:59:40: warning: excess elements in scalar initializer
6052 Ref: https://sourceforge.net/p/mingw/mingw-org-wsl/ci/e4803e0da25c57ae1ad0fa75ae2b7182ff7fa339/tree/w32api/ChangeLog
6053 Closes https://github.com/curl/curl/pull/1379
6055 Daniel Stenberg (3 Apr 2017)
6056 - docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
6058 Jay Satiro (31 Mar 2017)
6059 - fail-early.d: fix typos
6061 - docs: Explain --fail-early does not imply --fail
6063 Closes https://github.com/curl/curl/pull/1375
6065 Daniel Stenberg (1 Apr 2017)
6066 - telnet: (win32) fix read callback return variable
6068 telnet.c(1427,21): warning: comparison of constant 268435456 with
6069 expression of type 'CURLcode' is always false
6071 telnet.c(1433,21): warning: comparison of constant 268435457 with
6072 expression of type 'CURLcode' is always false
6074 Reviewed-by: Jay Satiro
6075 Reported-by: Gisle Vanem
6076 Bug: https://github.com/curl/curl/issues/1225#issuecomment-290340890
6080 - CTestConfig.cmake: removed, unused
6082 - libcurl.def: removed, unused
6084 - docs/index.html: removed, was not shipped anyway
6086 - dist: add missing files to the tarball
6088 Peter Wu (30 Mar 2017)
6089 - cmake: fix build with cmake 2.8.12.2
6091 For some reason, CMake 2.8.12.2 did not expand the list argument in a
6092 single DEPENDS argument. Remove the quotes, so it gets expanded into
6093 multiple arguments for add_custom_command and add_custom_target.
6095 Fixes https://github.com/curl/curl/issues/1370
6098 Marcel Raad (30 Mar 2017)
6099 - ssh: fix narrowing conversion warning
6101 'left' is used as time_t but declared as long.
6103 error: conversion to 'long int' from 'time_t {aka long long int}' may alter
6104 its value [-Werror=conversion]
6105 Changed the declaration to time_t.
6107 - http2: silence unused parameter warnings
6109 In release mode, MinGW complains:
6110 error: unused parameter 'lib_error_code' [-Werror=unused-parameter]
6112 Daniel Stenberg (30 Mar 2017)
6113 - [Hanno Böck brought this change]
6115 curl: fix callback functions to match prototype
6117 The function tool_debug_cb doesn't match curl_debug_callback in curl.h
6118 (unsigned vs. signed char* for 3rd param).
6120 Bug: https://curl.haxx.se/mail/lib-2017-03/0120.html
6122 - [Alexis La Goutte brought this change]
6124 gcc7: fix ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
6128 Marcel Raad (30 Mar 2017)
6129 - schannel: fix unused variable warning
6131 If CURL_DISABLE_VERBOSE_STRINGS is defined, hostname is not used in
6132 schannel_connect_step3.
6134 - connect: fix unreferenced parameter warning
6136 When CURL_DISABLE_VERBOSE_STRINGS is defined, the reason parameter in
6137 Curl_conncontrol is not used as the infof macro expands to nothing.
6139 - select: use correct SIZEOF_ constant
6141 At least under Windows, there is no SIZEOF_LONG, so it evaluates to 0 even
6142 though sizeof(int) == sizeof(long). This should probably have been
6143 CURL_SIZEOF_LONG, but the type of timeout_ms changed from long to time_t
6145 This triggered MSVC warning C4668 about implicitly replacing undefined
6148 Closes https://github.com/curl/curl/pull/1362
6150 Daniel Stenberg (30 Mar 2017)
6151 - cmake: add cmake file in docs/libcurl/opts/ to dist
6153 - cmake: add more missing files to the dist
6155 - docs/Makefile.am: include CMakeLists.txt in the dist tarball
6157 Marcel Raad (29 Mar 2017)
6158 - NTLM: check for features with #ifdef instead of #if
6160 Feature defines are normally checked with #ifdef instead of #if in the rest of
6161 the codebase. Additionally, some compilers warn when a macro is implicitly
6162 evaluated to 0 because it is not defined, which was the case here.
6164 Ref: https://github.com/curl/curl/pull/1362#discussion_r108605101
6165 Closes https://github.com/curl/curl/pull/1367
6167 Daniel Stenberg (29 Mar 2017)
6168 - [Hanno Böck brought this change]
6170 curl: fix callback argument inconsistency
6172 As you can see the callback definition uses a char* for the first
6173 argument, while the function uses a void*.
6175 URL: https://curl.haxx.se/mail/lib-2017-03/0116.html
6177 - RELEASE-NOTES: synced with 556c51a2df
6179 - [madblobfish brought this change]
6185 - [Maksim Stsepanenka brought this change]
6187 make: use the variable MAKE for recursive calls
6191 - conncache: make hashkey avoid malloc
6193 ... to make it much faster. Idea developed with primepie on IRC.
6197 Kamil Dudka (28 Mar 2017)
6198 - http: do not treat FTPS over CONNECT as HTTPS
6200 If we use FTPS over CONNECT, the TLS handshake for the FTPS control
6201 connection needs to be initiated in the SENDPROTOCONNECT state, not
6202 the WAITPROXYCONNECT state. Otherwise, if the TLS handshake completed
6203 without blocking, the information about the completed TLS handshake
6204 would be saved to a wrong flag. Consequently, the TLS handshake would
6205 be initiated in the SENDPROTOCONNECT state once again on the same
6206 connection, resulting in a failure of the TLS handshake. I was able to
6207 observe the failure with the NSS backend if curl ran through valgrind.
6209 Note that this commit partially reverts curl-7_21_6-52-ge34131d.
6211 Daniel Stenberg (28 Mar 2017)
6212 - pause: handle mixed types of data when paused
6214 When receiving chunked encoded data with trailers, and the write
6215 callback returns PAUSE, there might be both body and header to store to
6216 resend on unpause. Previously libcurl returned error for that case.
6218 Added test case 1540 to verify.
6220 Reported-by: Stephen Toub
6224 Jay Satiro (28 Mar 2017)
6225 - [Isaac Boukris brought this change]
6227 http: Fix proxy connection reuse with basic-auth
6229 When using basic-auth, connections and proxy connections
6230 can be re-used with different Authorization headers since
6231 it does not authenticate the connection (like NTLM does).
6233 For instance, the below command should re-use the proxy
6234 connection, but it currently doesn't:
6235 curl -v -U alice:a -x http://localhost:8181 http://localhost/
6236 --next -U bob:b -x http://localhost:8181 http://localhost/
6238 This is a regression since refactoring of ConnectionExists()
6239 as part of: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151
6241 Fix the above by removing the username and password compare
6242 when re-using proxy connection at proxy_info_matches().
6244 However, this fix brings back another bug would make curl
6245 to re-print the old proxy-authorization header of previous
6246 proxy basic-auth connection because it wasn't cleared.
6248 For instance, in the below command the second request should
6249 fail if the proxy requires authentication, but would succeed
6250 after the above fix (and before aforementioned commit):
6251 curl -v -U alice:a -x http://localhost:8181 http://localhost/
6252 --next -x http://localhost:8181 http://localhost/
6254 Fix this by clearing conn->allocptr.proxyuserpwd after use
6255 unconditionally, same as we do for conn->allocptr.userpwd.
6257 Also fix test 540 to not expect digest auth header to be
6258 resent when connection is reused.
6260 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
6262 Closes https://github.com/curl/curl/pull/1350
6264 - openssl: exclude DSA code when OPENSSL_NO_DSA is defined
6266 - Fix compile errors that occur in openssl.c when OpenSSL lib was
6267 built without DSA support.
6269 Bug: https://github.com/curl/curl/issues/1361
6270 Reported-by: neheb@users.noreply.github.com
6272 - examples/fopen: checksrc compliance
6274 Marcel Raad (28 Mar 2017)
6275 - schannel: fix variable shadowing warning
6277 No need to redeclare the variable.
6279 - multi: fix MinGW-w64 compiler warnings
6281 error: conversion to 'long int' from 'time_t {aka long long int}' may alter
6282 its value [-Werror=conversion]
6284 - .gitattributes: turn off CRLF for *.am
6286 If Makefile.am uses CRLF, buildconf in a Windows checkout fails with:
6287 ".ibtoolize: error: AC_CONFIG_MACRO_DIRS([m4]) conflicts with
6288 ACLOCAL_AMFLAGS=-I m4"
6290 Daniel Stenberg (26 Mar 2017)
6291 - [klemens brought this change]
6297 - curl: check for end of input in writeout backslash handling
6299 Reported-by: Brian Carpenter
6301 Added test 1442 to verify
6303 Marcel Raad (24 Mar 2017)
6304 - tests/README: make "Run" section foolproof
6306 curl must be built before building the tests.
6308 Closes https://github.com/curl/curl/pull/1352
6310 Daniel Stenberg (23 Mar 2017)
6311 - openssl: fix comparison between signed and unsigned integer expressions
6313 Marcel Raad (23 Mar 2017)
6314 - [Edward Kimmel brought this change]
6316 asiohiper: make sure socket is open in event_cb
6318 Send curl_socket_t to event_cb and make sure it hasn't been closed yet.
6320 Closes https://github.com/curl/curl/pull/1318
6322 Dan Fandrich (23 Mar 2017)
6323 - openssl: made the error table static const
6325 Jay Satiro (23 Mar 2017)
6326 - openssl: fall back on SSL_ERROR_* string when no error detail
6328 - If SSL_get_error is called but no extended error detail is available
6329 then show that SSL_ERROR_* as a string.
6331 Prior to this change there was some inconsistency in that case: the
6332 SSL_ERROR_* code may or may not have been shown, or may have been shown
6333 as unknown even if it was known.
6335 Ref: https://github.com/curl/curl/issues/1300
6337 Closes https://github.com/curl/curl/pull/1348
6339 Dan Fandrich (23 Mar 2017)
6340 - mkhelp: disable compression if the perl gzip module is unavailable
6342 This is nowadays included with the base perl distribution, but wasn't
6343 prior to about perl 5.14
6345 Daniel Stenberg (23 Mar 2017)
6346 - [Anders Roxell brought this change]
6348 tests/README: mention nroff for --manual tests
6350 Signed-off-by: Anders Roxell <anders.roxell@gmail.com>
6354 - CURLINFO_PRIMARY_IP.3: add example
6356 - travis: run tests-nonflaky instead of tests-full
6358 - make: introduce 'test-nonflaky' target
6360 Running this in the root build dir will invoke the test suite to only
6361 run tests not marked as 'flaky'.
6365 Jay Satiro (21 Mar 2017)
6366 - [Ales Mlakar brought this change]
6368 mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION
6370 Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html
6372 Closes https://github.com/curl/curl/pull/1272
6374 Peter Wu (21 Mar 2017)
6375 - cmake: add support for building HTML and PDF docs
6377 Note that for some reason there is this warning (that also exists with
6378 autotools, added since curl-7_15_1-94-ga718cb05f):
6380 docs/libcurl/curl_multi_socket_all.3:1: can't open `man3/curl_multi_socket.3': No such file or directory
6382 Additionally, adjust the roffit --mandir option to support creating
6383 links when doing out-of-tree builds.
6385 Ref: https://github.com/curl/curl/pull/1288
6387 - cmake: build manual pages (including curl.1)
6389 Also make Perl mandatory to allow building the docs.
6391 While CMakeLists.txt could probably read the list of manual pages from
6392 Makefile.am, actually putting those in CMakeLists.txt is cleaner so that
6393 is what is done here.
6396 Ref: https://github.com/curl/curl/pull/1288
6398 - docs: split file lists into Makefile.inc
6400 For easier sharing with CMake. The contents were reformatted to use
6401 two-space indent and expanded tabs (matching lib/Makefile.common).
6403 Ref: https://github.com/curl/curl/pull/1288
6405 Daniel Stenberg (21 Mar 2017)
6406 - examples: comment typos in http2 examples
6408 - RELEASE-NOTES: typo
6410 - RELEASE-NOTES: synced with 6e0f26c8a8c28df
6412 - multi: fix streamclose() crash in debug mode
6414 The code would refer to the wrong data pointer. Only debug builds do
6415 this - for verbosity.
6417 Reported-by: zelinchen@users.noreply.github.com
6420 - CONTRIBUTE: mention referring to github issues in commit msgs
6422 Dan Fandrich (20 Mar 2017)
6423 - runtests.pl: fixed display of the Gopher IPv6 port number
6425 - tests: fixed the documented test server port numbers
6427 - test714/5: added HTTP as a required feature
6429 These tests use an HTTP proxy so require that curl be built with HTTP
6432 - tests: strip more options from non-HTTP --libcurl tests
6434 The CURLOPT_USERAGENT and CURLOPT_MAXREDIRS options are only set if HTTP
6435 support is available, so ignore them in tests where HTTP is not
6438 Jay Satiro (18 Mar 2017)
6439 - [Palo Markovic brought this change]
6441 darwinssl: fix typo in variable name
6443 Broken a week ago in 6448f98.
6445 Closes https://github.com/curl/curl/pull/1337
6447 - tool_operate: Fix showing HTTPS-Proxy options on CURLE_SSL_CACERT
6449 - Show the HTTPS-proxy options on CURLE_SSL_CACERT if libcurl was built
6450 with HTTPS-proxy support.
6452 Prior to this change those options were shown only if an HTTPS-proxy was
6453 specified by --proxy, but that did not take into account environment
6454 variables such as http_proxy, https_proxy, etc. Follow-up to e1187c4.
6456 Bug: https://github.com/curl/curl/issues/1331
6457 Reported-by: Nehal J Wani
6459 - CURLINFO_LOCAL_PORT.3: fix typo
6461 Daniel Stenberg (16 Mar 2017)
6462 - CURLINFO_LOCAL_PORT.3: added example
6464 - SSLCERTS.md: mention HTTPS proxies and their separate options
6466 - BINDINGS: a Delphi binding
6468 - KNOWN_BUGS: remove libidn related issue
6470 ... as we no longer use libidn
6472 Dan Fandrich (14 Mar 2017)
6473 - build: removed redundant DEPENDENCIES from makefiles
6475 Daniel Stenberg (13 Mar 2017)
6476 - [Sylvestre Ledru brought this change]
6478 Improve code readbility
6480 ... by removing the else branch after a return, break or continue.
6484 Jay Satiro (13 Mar 2017)
6485 - [Anatol Belski brought this change]
6487 winbuild: add basic support for OpenSSL 1.1.x
6489 - Auto-detect OpenSSL 1.1 libs
6491 Closes https://github.com/curl/curl/pull/1322
6493 Daniel Stenberg (13 Mar 2017)
6494 - RELEASE-NOTES: synced with c25e0761d0fc49c4
6496 - make: regenerate docs/curl.1 by runinng make in docs
6498 ... previously, docs/ was only a dist subdir, now also a build subdir.
6500 Reported-by: Dan Fandrich
6501 Bug: https://curl.haxx.se/mail/lib-2017-03/0017.html
6503 Dan Fandrich (12 Mar 2017)
6504 - test1440/1: depend on well-defined file: behaviour
6506 Depend on the known behaviour of URLs for nonexistent files rather than
6507 the undefined behaviour of URLs for directories (which fails on Windows).
6508 The test isn't about file: URLs at all, so the URL used doesn't really
6511 - tests: clear the SSL_CERT_FILE variable on --libcurl tests
6513 Otherwise, the contents will end up in the output and fail the
6516 - test1287: added verbose logs keyword
6518 - tool_writeout: fixed a buffer read overrun on --write-out
6520 If a % ended the statement, the string's trailing NUL would be skipped
6521 and memory past the end of the buffer would be accessed and potentially
6522 displayed as part of the --write-out output. Added tests 1440 and 1441
6523 to check for this kind of condition.
6525 Reported-by: Brian Carpenter
6527 Jay Satiro (12 Mar 2017)
6528 - [Desmond O. Chang brought this change]
6530 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
6532 - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
6533 proxy CONNECT response headers from the user callback functions
6534 CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.
6536 - Add new tool option --suppress-connect-headers to expose
6537 CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
6538 response headers from --dump-header and --include.
6540 Assisted-by: Jay Satiro
6541 Assisted-by: CarloCannas@users.noreply.github.com
6542 Closes https://github.com/curl/curl/pull/783
6544 - http_proxy: Ignore TE and CL in CONNECT 2xx responses
6546 A client MUST ignore any Content-Length or Transfer-Encoding header
6547 fields received in a successful response to CONNECT.
6548 "Successful" described as: 2xx (Successful). RFC 7231 4.3.6
6550 Prior to this change such a case would cause an error.
6552 In some ways this bug appears to be a regression since c50b878. Prior to
6553 that libcurl may have appeared to function correctly in such cases by
6554 acting on those headers instead of causing an error. But that behavior
6557 Bug: https://github.com/curl/curl/issues/1317
6558 Reported-by: mkzero@users.noreply.github.com
6560 - [Thomas Glanzmann brought this change]
6562 mbedtls: fix typo in variable name
6564 Broken a few days ago in 6448f98.
6566 Bug: https://curl.haxx.se/mail/lib-2017-03/0015.html
6568 Michael Kaufmann (11 Mar 2017)
6569 - tests: fix the authretry tests
6571 Do not call curl_easy_reset() between the requests, because the
6572 auth state must be preserved for these tests.
6574 Follow-up to 0afbcfd
6576 - proxy: skip SSL initialization for closed connections
6578 This prevents a "Descriptor is not a socket" error for WinSSL.
6580 Reported-by: Antony74@users.noreply.github.com
6581 Reviewed-by: Jay Satiro
6583 Fixes https://github.com/curl/curl/issues/1239
6585 - curl_easy_reset: Also reset the authentication state
6587 Follow-up to 5278462
6588 See https://github.com/curl/curl/issues/1095
6590 - [Isaac Boukris brought this change]
6592 authneg: clear auth.multi flag at http_done
6594 This flag is meant for the current request based on authentication
6595 state, once the request is done we can clear the flag.
6597 Also change auth.multi to auth.multipass for better readability.
6599 Fixes https://github.com/curl/curl/issues/1095
6600 Closes https://github.com/curl/curl/pull/1326
6602 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
6603 Reported-by: Michael Kaufmann
6605 Dan Fandrich (11 Mar 2017)
6606 - url: don't compile detect_proxy if HTTP support is disabled
6608 - cmdline-opts: fixed a few typos
6610 Daniel Stenberg (10 Mar 2017)
6611 - README.md: add coverity and travis badges
6613 - ISSUE_TEMPLATE: for bugs, ask questions on the mailing list
6615 and try to add the top comment within an HTML comment in the hope
6616 that it might get hidden if the text is kept
6618 - openssl: add two /* FALLTHROUGH */ to satisfy coverity
6620 CID 1402159 and 1402158
6622 - tests: disabled 1903 now
6624 Test 1903 is doing HTTP pipelining, and that is a timing and ordering
6625 sensitive operation and this fails far too often on the Travis CI
6626 leading to people more or less ignoring test failures there. Not good.
6628 The end of pipelning is probably coming sooner rather than later
6631 Dan Fandrich (9 Mar 2017)
6632 - tls-max.d: added to the makefile
6634 - build: fixed making man page in out-of-tree tarball builds
6636 The man page taken from the release package is found in a different
6637 location than if it's built from source. It must be referenced as $< in
6638 the rule to get its correct location in the VPATH.
6640 - mkhelp: simplified the gzip code
6642 This eliminates the need for an external gzip program, which wasn't
6643 working with Busybox's gzip, anyway. It now compresses using perl's
6646 - polarssl: fixed compile errors introduced in 6448f98c
6648 Daniel Stenberg (8 Mar 2017)
6649 - bump: next release will be known as 7.54.0
6651 ...due to the newly added CURL_SSLVERSION_MAX_* functionality
6653 - openssl: unbreak the build after 6448f98c1857de
6655 Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)
6657 Kamil Dudka (8 Mar 2017)
6658 - [Jozef Kralik brought this change]
6660 vtls: add options to specify range of enabled TLS versions
6662 This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
6663 the --tls-max option of the curl tool.
6665 Closes https://github.com/curl/curl/pull/1166
6667 Daniel Stenberg (8 Mar 2017)
6668 - RELEASE-NOTES: synced with 6888a670aa01
6670 - MANPAGE: clarify the dash situation in meta data
6672 - insecure.d: clarify that this is for server connections
6674 Assisted-by: Ray Satiro
6675 Bug: https://curl.haxx.se/mail/lib-2017-03/0002.html
6677 Dan Fandrich (8 Mar 2017)
6678 - test1260: added http as a required feature
6680 Daniel Stenberg (7 Mar 2017)
6681 - [Steve Brokenshire brought this change]
6683 maketgz: Run updatemanpages.pl to update man pages
6685 maketgz now runs scripts/updatemanpages.pl to update the man pages .TH
6686 section to use the current date and curl/libcurl version.
6692 - [Steve Brokenshire brought this change]
6694 gitignore: Ignore man page dist files
6696 Ignore man page dist files generated by scripts/updatemanpages.pl
6698 - [Steve Brokenshire brought this change]
6700 Makefile.am: Remove distribution man pages when running 'make clean'
6702 - [Steve Brokenshire brought this change]
6704 Makefile.am: Added scripts/updatemanpages.pl to EXTRA_DIST
6706 - [Steve Brokenshire brought this change]
6708 updatemanpages.pl: Update man pages to use current date and versions
6710 Added script to update man pages to use the current date and
6711 curl/libcurl versions.
6713 updatemanpages.pl has three arrays: list of directories to look in,
6714 list of extensions to process, list of files to exclude from
6717 Check man page in git repoistory using the date from the existing man
6718 page before updating to avoid updating the man page if no change is
6721 If data is received from the git command then update the man page with
6722 the current date and version otherwise leave alone.
6724 Applied patch from badger to make the date argument optional, change the
6725 git command used, added date argument to processfile subroutine and
6726 print to STDERR if no date is found in a man page.
6728 Added code to process the changed man page into a new man page with
6729 .dist added to the filename to keep the original source files unchanged.
6730 Updated POD documentation to reflect that the date argument optional.
6732 Code style is in line with CODE_STYLE.md.
6734 Directories: docs/ docs/libcurl/ docs/libcurl/opts/ tests/
6736 Excluded files: mk-ca-bundle.1 template.3
6740 - [Tatsuhiro Tsujikawa brought this change]
6742 http2: Fix assertion error on redirect with CL=0
6744 This fixes assertion error which occurs when redirect is done with 0
6745 length body via HTTP/2, and the easy handle is reused, but new
6746 connection is established due to hostname change:
6748 curl: http2.c:1572: ssize_t http2_recv(struct connectdata *,
6749 int, char *, size_t, CURLcode *):
6750 Assertion `httpc->drain_total >= data->state.drain' failed.
6752 To fix this bug, ensure that http2_handle_stream is called.
6757 - ares: Curl_resolver_wait_resolv: clear *entry first in function
6759 - ares: better error return on timeouts
6761 Assisted-by: Ray Satiro
6763 Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
6765 Jay Satiro (6 Mar 2017)
6766 - KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password
6768 Bug: https://github.com/curl/curl/issues/1308
6769 Reported-by: Justin Clift
6771 Dan Fandrich (6 Mar 2017)
6772 - test1260: removed errant XML tag
6774 Daniel Stenberg (6 Mar 2017)
6775 - URL: return error on malformed URLs with junk after port number
6777 ... because it causes confusion with users. Example URLs:
6779 "http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will
6780 parse and claim uses port number 80, while libcurl would use port number
6783 "http://user@example.com:80@localhost" which by the WHATWG URL spec will
6784 be treated to contain user name 'user@example.com' but according to
6785 RFC3986 is user name 'user' for the host 'example.com' and then port 80
6786 is followed by "@localhost"
6788 Both these formats are now rejected, and verified so in test 1260.
6790 Reported-by: Orange Tsai
6792 - BINDINGS: update the Lua-cURL URL
6794 - [Sylvestre Ledru brought this change]
6796 BINDINGS: add Scilab binding
6800 - BINDINGS: add go-curl and perl6-net-curl
6802 Reported-by: Peter Pentchev
6804 - BINDINGS: add misssing C++ bindings
6806 Reported-by: Giuseppe Persico