5 \___|\___/|_| \_\_____|
9 Version 7.49.1 (30 May 2016)
11 Daniel Stenberg (30 May 2016)
12 - RELEASE-NOTES: 7.49.1
14 - [Steve Holme brought this change]
16 loadlibrary: Only load system DLLs from the system directory
18 Inspiration provided by: Daniel Stenberg and Ray Satiro
20 Bug: https://curl.haxx.se/docs/adv_20160530.html
22 Ref: Windows DLL hijacking with curl, CVE-2016-4802
24 - ssh: fix version number check typo
26 Jay Satiro (29 May 2016)
27 - curl_share_setopt.3: Add min ver needed for ssl session lock
29 Bug: https://github.com/curl/curl/issues/826
30 Reported-by: Michael Wallner
32 Daniel Stenberg (29 May 2016)
33 - ssh: fix build for libssh2 before 1.2.6
35 The statvfs functionality was added to libssh2 in that version, so we
36 switch off that functionality when built with older libraries.
40 - mbedtls: fix includes so snprintf() works
42 Regression from the previous *printf() rearrangements, this file missed to
43 include the correct header to make sure snprintf() works universally.
45 Reported-by: Moti Avrahami
46 Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
48 Steve Holme (23 May 2016)
49 - checksrc.pl: Added variants of strcat() & strncat() to banned function list
51 Added support for checking the tchar, unicode and mbcs variants of
52 strcat() and strncat() in the banned function list.
54 Daniel Stenberg (23 May 2016)
55 - smtp: minor ident (white space) fixes
57 - THANKS: updated after script fixes
59 Now giving credit properly to github user names, fixed some UTF-8 issues
60 and added names discovered when contrithanks was improved.
62 - THANKS-filter: more name cleanups
64 - contrithanks.sh: exclude existing names case insensitively
66 - contrithanks.sh: use same grep pattern and -a flag as contributors.sh
68 - contributors.sh: better grep pattern, use grep -a
70 - THANKS-filter: fix more names
72 - contrithanks.sh: do the same github fix as contributors.sh
76 Jay Satiro (23 May 2016)
77 - contributors: Show GitHub username if real name unknown
79 Prior to this change if a GitHub contributor's real name was unknown
80 they would be omitted from the list.
82 Bug: https://github.com/curl/curl/issues/824
84 Daniel Stenberg (21 May 2016)
85 - RELEASE-NOTES: synced with 3caaeffbe8ded4
87 Jay Satiro (20 May 2016)
88 - openssl: cleanup must free compression methods
90 - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
92 Bug: https://github.com/curl/curl/issues/817
93 Reported-by: jveazey@users.noreply.github.com
95 Daniel Stenberg (20 May 2016)
96 - [Gisle Vanem brought this change]
98 curl_multibyte: fix compiler error
100 While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
103 f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
104 to follow 'CURL_EXTERN'
106 f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
107 'curl_domalloc': not in formal parameter list
109 - THANKS-filter: make Jan-E get proper credit
111 - [Jan-E brought this change]
113 winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
117 - [Alexander Traud brought this change]
119 libcurl.m4: Avoid obsolete warning
123 Jay Satiro (20 May 2016)
124 - [Michael Kaufmann brought this change]
126 CURLOPT_CONNECT_TO.3: user must not free the list prematurely
128 The connect-to list isn't copied so as long as the handle may be used
129 for a transfer the list must be valid.
131 Bug: https://github.com/curl/curl/pull/819
132 Reported-by: Michael Kaufmann
134 Daniel Stenberg (19 May 2016)
135 - RELEASE-NOTES: synced with 48114a8634242c
137 - openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
139 See OpenSSL commit 21e001747d4a
141 - http2: use HTTP/2 in the HTTP/1.1-alike header
143 ... when generating them, not "2.0" as the protocol is called just
144 HTTP/2 and nothing else.
146 Jay Satiro (19 May 2016)
147 - dist: include curl_multi_socket_all.3
149 Closes https://github.com/curl/curl/pull/816
151 Steve Holme (18 May 2016)
152 - bump: Start work on 7.49.1
154 Daniel Stenberg (18 May 2016)
155 - curlbuild.h.dist: check __LP64__ as well to fix MIPS build
157 The preprocessor check that sets up the 32bit defines for non-configure
158 builds didn't work properly for MIPS systems as __mips__ is defined for
159 both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.
161 Reported-by: Tomas Jakobsson
164 - [Marcel Raad brought this change]
166 schannel: fix compile break with MSVC XP toolset
168 For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
169 7.1 is used. In this case, _USING_V110_SDK71_ is defined.
173 - dist: include CHECKSRC.md
175 Reported-by: Paul Howarth
176 Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
178 - test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist
180 Reported-by: Ray Satiro
181 Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
183 Version 7.49.0 (17 May 2016)
185 Daniel Stenberg (17 May 2016)
186 - THANKS: 24 new names from 7.49.0 release notes
188 - RELEASE-NOTES: 7.49.0
190 - mbedtls/polarssl: set "hostname" unconditionally
192 ...as otherwise the TLS libs will skip the CN/SAN check and just allow
193 connection to any server. curl previously skipped this function when SNI
194 wasn't used or when connecting to an IP address specified host.
198 Bug: https://curl.haxx.se/docs/adv_20160518A.html
199 Reported-by: Moti Avrahami
201 - [Frank Gevaerts brought this change]
203 CURLOPT_RESOLVE.3: fix typo
207 - docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE
209 - KNOWN_BUGS: GnuTLS backend skips really long certificate fields
213 - CURLOPT_HTTPPOST.3: the data needs to be around while in use
215 - openssl: get_cert_chain: fix NULL dereference
217 CID 1361815: Explicit null dereferenced (FORWARD_NULL)
219 - openssl: get_cert_chain: avoid NULL dereference
221 CID 1361811: Explicit null dereferenced (FORWARD_NULL)
223 - dprintf_formatf: fix (false?) Coverity warning
225 CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
226 we run over 'workend' but the condition says <= workend and for all I
227 can see it should be safe. Compensating for the warning by adding a byte
228 margin in the buffer.
230 Also, removed the extra brace level indentation in the code and made it
231 so that 'workend' is only assigned once within the function.
233 - RELEASE-NOTES: synced with 2dcb5adc72d6
235 - THANKS-filter: fixed Jonathan Cardoso
237 Jay Satiro (15 May 2016)
238 - ftp: fix incorrect out-of-memory code in Curl_pretransfer
240 - Return value type must match function type.
242 s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/
246 Daniel Stenberg (15 May 2016)
247 - ftp wildcard: segfault due to init only in multi_perform
249 The proper FTP wildcard init is now more properly done in Curl_pretransfer()
250 and the corresponding cleanup in Curl_close().
252 The previous place of init/cleanup code made the internal pointer to be NULL
253 when this feature was used with the multi_socket() API, as it was made within
254 the curl_multi_perform() function.
256 Reported-by: Jonathan Cardoso Machado
259 Jay Satiro (13 May 2016)
260 - libcurl-tlibcurl-thread: Update OpenSSL links
262 Because the old OpenSSL link now redirects to their master documentation
263 (currently 1.1.0), which does not document the required actions for
266 Daniel Stenberg (13 May 2016)
267 - [Viktor Szakats brought this change]
269 darwinssl.c: fix OS X codename typo in comment
271 - RELEASE-NOTES: synced with 68701e51c1f7
273 Added 8 bug fixes and 5 more contrbutors
275 - [Jay Satiro brought this change]
277 mprintf: Fix processing of width and prec args
279 Prior to this change a width arg could be erroneously output, and also
280 width and precision args could not be used together without crashing.
282 "%0*d%s", 2, 9, "foo"
292 Test 557 is updated to verify this and more
294 - [Michael Kaufmann brought this change]
296 ConnectionExists: follow-up fix for proxy re-use
298 Follow-up commit to 5823179
302 - [Per Malmberg brought this change]
304 darwinssl: fix certificate verification disable on OS X 10.8
306 The new way of disabling certificate verification doesn't work on
307 Mountain Lion (OS X 10.8) so we need to use the old way in that version
308 too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
313 - [Cory Benfield brought this change]
315 http2: Add space between colon and header value
317 curl's representation of HTTP/2 responses involves transforming the
318 response to a format that is similar to HTTP/1.1. Prior to this change,
319 curl would do this by separating header names and values with only a
320 colon, without introducing a space after the colon.
322 While this is technically a valid way to represent a HTTP/1.1 header
323 block, it is much more common to see a space following the colon. This
324 change introduces that space, to ensure that incautious tools are safely
325 able to parse the header block.
327 This also ensures that the difference between the HTTP/1.1 and HTTP/2
328 response layout is as minimal as possible.
330 Bug: https://github.com/curl/curl/issues/797
335 Kamil Dudka (12 May 2016)
336 - openssl: fix compile-time warning in Curl_ossl_check_cxn()
338 ... introduced in curl-7_48_0-293-g2968c83:
340 Error: COMPILER_WARNING:
341 lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
342 lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
343 may alter its value [-Wconversion]
345 Jay Satiro (11 May 2016)
346 - openssl: stricter connection check function
348 - In the case of recv error, limit returning 'connection still in place'
349 to EINPROGRESS, EAGAIN and EWOULDBLOCK.
351 This is an improvement on the parent commit which changed the openssl
352 connection check to use recv MSG_PEEK instead of SSL_peek.
354 Ref: https://github.com/curl/curl/commit/856baf5#comments
356 Daniel Stenberg (11 May 2016)
357 - [Anders Bakken brought this change]
359 TLS: SSL_peek is not a const operation
361 Calling SSL_peek can cause bytes to be read from the raw socket which in
362 turn can upset the select machinery that determines whether there's data
363 available on the socket.
365 Since Curl_ossl_check_cxn only tries to determine whether the socket is
366 alive and doesn't actually need to see the bytes SSL_peek seems like
367 the wrong function to call.
369 We're able to occasionally reproduce a connect timeout due to this
370 bug. What happens is that Curl doesn't know to call SSL_connect again
371 after the peek happens since data is buffered in the SSL buffer and thus
372 select won't fire for this socket.
376 Jay Satiro (9 May 2016)
377 - [Daniel Stenberg brought this change]
379 TLS: move the ALPN/NPN enable bits to the connection
381 Only protocols that actually have a protocol registered for ALPN and NPN
382 should try to get that negotiated in the TLS handshake. That is only
383 HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
384 would wrongly be used in all handshakes if libcurl was built with it
387 Reported-by: Jay Satiro
391 Daniel Stenberg (8 May 2016)
392 - libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl
394 - [Antonio Larrosa brought this change]
396 connect: fix invalid "Network is unreachable" errors
398 Sometimes, in systems with both ipv4 and ipv6 addresses but where the
399 network doesn't support ipv6, Curl_is_connected returns an error
400 (intermittently) even if the ipv4 socket connects successfully.
402 This happens because there's a for-loop that iterates on the sockets but
403 the error variable is not resetted when the ipv4 is checked and is ok.
405 This patch fixes this problem by setting error to 0 when checking the
406 second socket and not having a result yet.
410 Jay Satiro (5 May 2016)
411 - FAQ: refer to thread safety guidelines
413 Daniel Stenberg (3 May 2016)
414 - connections: non-HTTP proxies on different ports aren't reused either
416 Reported-by: Oleg Pudeyev and fuchaoqun
420 - http: make sure a blank header overrides accept_decoding
422 Reported-by: rcanavan
423 Assisted-by: Isaac Boukris
426 - CHECKSRC.md: clarified, explained the whitelist file
428 - nroff-scan.pl: verify that references are made with \fI
430 - docs: unified man page references to use \fI
432 - TODO: 17.14 --fail without --location should treat 3xx as a failure
436 - RELEASE-NOTES: synced with 7987f5cb14d
438 - [Isaac Boukris brought this change]
440 CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification
442 Mention possible content-length mismatch with sum of bytes reported
443 by write callbacks when auto decoding is enabled.
447 - test1140: run nroff-scan to verify man pages
449 - nroff-scan.pl: verify the .BR references as well
451 - CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference
453 - CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE
455 - curl_easy_pause.3: fix man page reference
457 Jay Satiro (1 May 2016)
458 - tool_cb_hdr: Fix --remote-header-name with schemeless URL
460 - Move the existing scheme check from tool_operate.
462 In the case of --remote-header-name we want to parse Content-disposition
463 for a filename, but only if the scheme is http or https. A recent
464 adjustment 0dc4d8e was made to account for schemeless URLs however it's
465 not 100% accurate. To remedy that I've moved the scheme check to the
466 header callback, since at that point the library has already determined
469 Bug: https://github.com/curl/curl/issues/760
470 Reported-by: Kai Noda
472 Daniel Stenberg (1 May 2016)
473 - tls: make setting pinnedkey option fail if not supported
475 to make it obvious to users trying to use the feature with TLS backends
479 Reported-by: Travis Burtrum
481 - nroff-scan.pl: verifies nroff pages
483 ... not used by any test yet but can be used stand-alone.
485 - opts: fix broken/bad references
487 - [Michael Kaufmann brought this change]
489 docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3
493 - CURLOPT_ACCEPT_ENCODING.3: clarified
497 - curl.1: --mail-rcpt can be used multiple times
502 - [Karlson2k brought this change]
504 tests: Use 'pathhelp' for paths conversions in secureserver.pl
508 - [Karlson2k brought this change]
510 tests: Use 'pathhelp' for paths conversions in sshserver.pl
512 - [Karlson2k brought this change]
514 tests: Use 'pathhelp' for current path in runtests.pl
516 - [Karlson2k brought this change]
518 tests: pathhelp.pm to process paths on Msys/Cygwin
520 - lib: include curl_printf.h as one of the last headers
522 curl_printf.h defines printf to curl_mprintf, etc. This can cause
523 problems with external headers which may use
524 __attribute__((format(printf, ...))) markers etc.
526 To avoid that they cause problems with system includes, we include
527 curl_printf.h after any system headers. That makes the three last
528 headers to always be, and we keep them in this order:
534 None of them include system headers, they all do funny #defines.
536 Reported-by: David Benjamin
540 - memdebug.h: remove inclusion of other headers
542 Mostly because they're not needed, because memdebug.h is always included
543 last of all headers so the others already included the correct ones.
545 But also, starting now we don't want this to accidentally include any
546 system headers, as the header included _before_ this header may add
547 defines and other fun stuff that we won't want used in system includes.
549 - [Jay Satiro brought this change]
551 curl -J: make it work even without http:// scheme on URL
553 It does open up a miniscule risk that one of the other protocols that
554 libcurl could use would send back a Content-Disposition header and then
555 curl would act on it even if not HTTP.
557 A future mitigation for this risk would be to allow the callback to ask
558 libcurl which protocol is being used.
560 Verified with test 1312
564 - manpage-scan.pl: also verify the command line option docs
566 This script now also scans src/tool_getparam.c, docs/curl.1 and
567 src/tool_help.c and will warn if any of them lists a command line option
568 not mentioned in one of the other places.
570 - curl: show the long option version of -q in the -h list
572 - curl: remove "--socks" as "--socks5" turned 8
574 In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated
575 and it has not been documented since. The more explicit socks options
576 (like --socks4 or --socks5) should be used.
578 - curl.1: document the deprecated --ftp-ssl option
580 - curl: remove --http-request
582 It was mentioned as deprecated already in commit ae1912cb0d4 from
583 1999. It has not been documented in this millennium.
585 - curl: mention --ntlm-wb in -h list
587 - curl: -h output lacked --proxy-header
589 - curl.1: document --ntlm-wb
591 - curl.1: document the long format of -q: --disable
593 - curl.1: mention the deprecated --krb4 option
595 - curl.1: document --ftp-ssl-reqd
597 Even if deprecated, document it so that people will find it as old
598 scripts may still use it.
600 - curl: use --telnet-option as documented
602 The code said "telnet-options" but no documentation ever said so. It
603 worked fine since the code is fine with a unique match of the first
606 - getparam: remove support for --ftpport
608 It has been deprecated and undocumented since commit ad5ead8bed7 (Dec
609 2003). --ftp-port is the proper long option name.
611 - curl: make --disable work as long form of -q
613 To make the aliases list reflect reality.
615 - aliases: remove trailing space from capath string
617 - cmdline parse: only single letter options have single-letter strings
619 ... moved around options so that parsing the code to find all
620 single-letter options easier.
622 Jay Satiro (28 Apr 2016)
623 - CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
625 Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html
628 Daniel Stenberg (28 Apr 2016)
629 - curl_easy_getinfo.3: remove superfluous blank lines
631 - test1139: verifies libcurl option man page presence
633 - checks that each option has its own man page present
635 - checks that each option is mentioned in its corresponding index man
638 - curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION
640 ... although it is deprecated.
642 Jay Satiro (28 Apr 2016)
643 - mbedtls: Fix session resume
645 This also fixes PolarSSL session resume.
647 Prior to this change the TLS session information wasn't properly
648 saved and restored for PolarSSL and mbedTLS.
650 Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
651 Reported-by: Thomas Glanzmann
653 Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
654 Reported-by: Moti Avrahami
656 Daniel Stenberg (27 Apr 2016)
657 - RELEASE-NOTES: synced with f4298fcc6d2
659 - [Michael Kaufmann brought this change]
661 opts: Fix some syntax errors in example code fragments
665 - openssl: avoid BN_print a NULL bignum
667 OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
668 numbers so make sure the function handles this.
670 Reported-by: Linus Nordberg
672 - [Marcel Raad brought this change]
674 CONNECT_ONLY: don't close connection on GSS 401/407 reponses
676 Previously, connections were closed immediately before the user had a
677 chance to extract the socket when the proxy required Negotiate
680 This regression was brought in with the security fix in commit
685 - CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
687 - mbedtls.c: silly spellfix of a comment
689 - KNOWN_BUGS: 1.10 Strips trailing dot from host name
693 - test1322: verify stripping of trailing dot from host name
695 While being debated (in #716) and a violation of RFC 7230 section 5.4,
696 this test verifies that the existing functionality works as intended. It
697 strips the dot from the host name and uses the host without dot
698 throughout the internals.
700 - multi: accidentally used resolved host name instead of proxy
702 Regression introduced in 09b5a998
704 Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html
707 - symbols-in-versions: added new CURLSSLBACKEND_ symbols
709 - test148: fixed after the --ftp-create-dirs retry change
711 follow-up commit to 3c1e84f569 as it made curl try a little harder
713 - curl.h: clarify curl_sslbackend for openssl clones and renames
715 - [Karlson2k brought this change]
717 url.c: fixed DEBUGASSERT() for WinSock workaround
719 If buffer is allocated, but nothing is received during prereceive
720 stage, than number of processed bytes must be zero.
724 - KNOWN_BUGS: --interface for ipv6 binds to unusable IP address
728 - TODO: 1.17 Add support for IRIs
730 Adding support for IRIs is a mouthful, but is probably interesting at
731 least for areas and countries where the use of such "URLs" are growing
736 - THANKS-filter: Travis Burtrum
738 - lib1517: checksrc compliance
740 - [moparisthebest brought this change]
742 PolarSSL: Implement public key pinning
744 Patrick Monnerat (22 Apr 2016)
745 - os400: upgrade ILE/RPG binding
747 - curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string
749 Daniel Stenberg (22 Apr 2016)
750 - contributors.sh: make --releasenotes implied
752 It got too annoying to type =)
754 - RELEASE-NOTES: synced with 3c1e84f5693d8093
756 - curl: make --ftp-create-dirs retry on failure
758 The underlying libcurl option used for this feature is
759 CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
760 creation, but it was never set to do that by the command line tool.
764 Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
765 Reported-by: John Wanghui
768 - [Henrik Gaßmann brought this change]
770 winbuild: add mbedtls support
772 Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL
773 options mutual exclusive.
777 - KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables"
779 As of commit d9f3b365a3
781 - [Irfan Adilovic brought this change]
783 configure: ac_cv_ -> curl_cv_ for write-only vars
785 These configure vars are modified in a curl-specific way but never
786 evaluated or loaded from cache, even though they are designated as
787 _cv_. We could either implement proper AC_CACHE_CHECKs for them, or
788 remove them completely.
790 Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and
791 AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after
792 the first configure run with caching.
794 `ac_cv_func_strcasecmp` is curious, see #770.
796 `eval "ac_cv_func_$func=yes"` can still cause problems as it works in
797 tandem with AC_CHECK_FUNCS and then potentially modifies its result. It
798 would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro,
799 which works the same as AC_CHECK_FUNCS but relies on caching the values
800 of curl_cv_func_* variables, without modifiying ac_cv_func_*.
802 - [Irfan Adilovic brought this change]
804 configure: ac_cv_ -> curl_cv_ for r/w vars
806 These configure vars are modified in a curl-specific way and modified by
807 the configure process, but are never loaded from cache, even though they
808 are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
811 - [Irfan Adilovic brought this change]
813 configure: ac_cv_func_clock_gettime -> curl_...
815 This variable must not be cached in its current form, as any cached
816 information will prevent the next configure run from determining the
817 correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to
820 - [Irfan Adilovic brought this change]
822 configure: ac_cv_ -> curl_cv_ for all cached vars
824 This was automated by:
826 sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
827 ack -o 'ac_cv_.*?\b' | \
828 sort -u | xargs -n1 bash -c \
829 'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
832 This only changed the prefix for 16 variables actually checked with
835 - openssl: builds with OpenSSL 1.1.0-pre5
837 The RSA, DSA and DH structs are now opaque and require use of new APIs
841 Steve Holme (20 Apr 2016)
842 - url.c: Prefer we don't use explicit NULLs in conditions
844 Fixed commit fa5fa65a30 to not use NULLs in if condition.
846 Daniel Stenberg (20 Apr 2016)
847 - [Isaac Boukris brought this change]
849 NTLM: check for NULL pointer before deferencing
851 At ConnectionExists, both check->proxyuser and check->proxypasswd
852 could be NULL, so make sure to check first.
856 - [Karlson2k brought this change]
858 tests: added test1517
860 ... for checking ability to receive full HTTP response when POST request
861 is used with slow read callback function.
863 This test checks for bug #657 and verifies the work-around from
868 - [Karlson2k brought this change]
870 sendf.c: added ability to call recv() before send() as workaround
872 WinSock destroys recv() buffer if send() is failed. As result - server
873 response may be lost if server sent it while curl is still sending
874 request. This behavior noticeable on HTTP server short replies if
875 libcurl use several send() for request (usually for POST request).
876 To workaround this problem, libcurl use recv() before every send() and
877 keeps received data in intermediate buffer for further processing.
882 Kamil Dudka (19 Apr 2016)
883 - connect: make sure that rc is initialized in singleipconnect()
885 This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13:
887 Error: CLANG_WARNING:
888 lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value
892 1121| error = SOCKERRNO;
895 Daniel Stenberg (19 Apr 2016)
896 - make/checksrc: use $srcdir, not $top_srcdir
898 - src/checksrc.whitelist: removed
900 - tool_operate: switch to inline checksrc ignore
902 - lib/checksrc.whitelist: not needed anymore
904 ... as checksrc now skips comments
906 - vtls.h: remove a space before semicolon
908 ... that the new checksrc detected
910 - darwinssl: removed commented out code
912 - http_chunks: removed checksrc disable
914 ... since checksrc now skips comments
916 - imap: inlined checksrc disable instead of whitelist edit
918 - checksrc: taught to skip comments
920 ... but output non-stripped version of the line, even if that then can
921 make the script identify the wrong position in the line at
922 times. Showing the line stripped (ie without comments) is just too
925 - opts/Makefile.am: list all docs file one by one
927 ... to make it easier to add lines in patches that won't just break all
928 other patches trying to add lines too.
930 - curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN
932 - RELEASE-NOTES: synced with 03de4e4b219
934 (since we just merged two major features)
936 - [Alessandro Ghedini brought this change]
938 connect: implement TCP Fast Open for Linux
942 - [Alessandro Ghedini brought this change]
944 tool: add --tcp-fastopen option
946 - [Alessandro Ghedini brought this change]
948 connect: implement TCP Fast Open for OS X
950 - [Alessandro Ghedini brought this change]
952 url: add CURLOPT_TCP_FASTOPEN option
954 - checksrc: pass on -D so the whitelists are found correctly
956 - configure: remove check for libresolve
958 'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
959 but this check is broken and most likely adds nothing useful. Removing
962 Reported-by: Irfan Adilovic
966 - scripts/make: use $(EXEEXT) for executables
972 - includes: avoid duplicate memory callback typdefs even harder
974 - checksrc/makefile.am: use $top_srcdir to find source files
976 ... to properly support out of source tree builds.
978 - RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5
980 - opts: fix option references missing (section)
982 - [Michael Kaufmann brought this change]
984 news: CURLOPT_CONNECT_TO and --connect-to
986 Makes curl connect to the given host+port instead of the host+port found
989 - makefile.vc6: use d suffix on debug object
991 To allow both release and debug builds in parallel.
993 Reported-by: Rod Widdowson
997 Jay Satiro (12 Apr 2016)
998 - http2: Use size_t type for data drain count
1000 Ref: https://github.com/curl/curl/issues/659
1001 Ref: https://github.com/curl/curl/pull/663
1003 - http2: Improve header parsing
1005 - Error if a header line is larger than supported.
1007 - Warn if cumulative header line length may be larger than supported.
1009 - Allow spaces when parsing the path component.
1011 - Make sure each header line ends in \r\n. This fixes an out of bounds.
1013 - Disallow header continuation lines until we decide what to do.
1015 Ref: https://github.com/curl/curl/issues/659
1016 Ref: https://github.com/curl/curl/pull/663
1018 - http2: Add Curl_http2_strerror for HTTP/2 error codes
1020 Ref: https://github.com/curl/curl/issues/659
1021 Ref: https://github.com/curl/curl/pull/663
1023 - [Tatsuhiro Tsujikawa brought this change]
1025 http2: Don't increment drain when one header field is received
1027 Sicne we write header field in temporary location, not in the memory
1028 that upper layer provides, incrementing drain should not happen.
1030 Ref: https://github.com/curl/curl/issues/659
1031 Ref: https://github.com/curl/curl/pull/663
1033 - [Tatsuhiro Tsujikawa brought this change]
1035 http2: Ensure that http2_handle_stream_close is called
1037 This commit ensures that streams which was closed in on_stream_close
1038 callback gets passed to http2_handle_stream_close. Previously, this
1039 might not happen. To achieve this, we increment drain property to
1040 forcibly call recv function for that stream.
1042 To more accurately check that we have no pending event before shutting
1043 down HTTP/2 session, we sum up drain property into
1044 http_conn.drain_total. We only shutdown session if that value is 0.
1046 With this commit, when stream was closed before reading response
1047 header fields, error code CURLE_HTTP2_STREAM is returned even if
1048 HTTP/2 level error is NO_ERROR. This signals the upper layer that
1049 stream was closed by error just like TCP connection close in HTTP/1.
1051 Ref: https://github.com/curl/curl/issues/659
1052 Ref: https://github.com/curl/curl/pull/663
1054 - [Tatsuhiro Tsujikawa brought this change]
1056 http2: Process paused data first before tear down http2 session
1058 This commit ensures that data from network are processed before HTTP/2
1059 session is terminated. This is achieved by pausing nghttp2 whenever
1060 different stream than current easy handle receives data.
1062 This commit also fixes the bug that sometimes processing hangs when
1063 multiple HTTP/2 streams are multiplexed.
1065 Ref: https://github.com/curl/curl/issues/659
1066 Ref: https://github.com/curl/curl/pull/663
1068 - [Tatsuhiro Tsujikawa brought this change]
1070 http2: Check session closure early in http2_recv
1072 Ref: https://github.com/curl/curl/issues/659
1073 Ref: https://github.com/curl/curl/pull/663
1075 - [Tatsuhiro Tsujikawa brought this change]
1077 http2: Add handling stream level error
1079 Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
1080 by RST_STREAM, underlying TCP connection was dropped. This is
1081 undesirable since there may be other streams multiplexed and they are
1082 very much fine. This change introduce new error code
1083 CURLE_HTTP2_STREAM, which indicates stream error that only affects the
1084 relevant stream, and connection should be kept open. The existing
1085 CURLE_HTTP2 means connection error in general.
1087 Ref: https://github.com/curl/curl/issues/659
1088 Ref: https://github.com/curl/curl/pull/663
1090 Daniel Stenberg (11 Apr 2016)
1091 - http2: drain the socket better...
1093 ... but ignore EAGAIN if the stream has ended so that we don't end up in
1094 a loop. This is a follow-up to c8ab613 in order to avoid the problem
1095 d261652 was made to fix.
1097 Reported-by: Jay Satiro
1098 Clues-provided-by: Tatsuhiro Tsujikawa
1102 - KNOWN_BUGS: added info for "Hangs with PolarSSL"
1104 - KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse
1108 - build: include scripts/ in the dist
1110 Steve Holme (9 Apr 2016)
1111 - CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
1113 As these two options provide identical functionality, the former for
1114 SOCK5 proxies and the latter for HTTP proxies, merged the two options
1117 As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
1120 - urldata: Use bool for socks5_gssapi_nec as it is a flag
1122 This value is set to TRUE or FALSE so should be a bool and not a long.
1124 - url: Ternary operator code style changes
1126 - CODE_STYLE: Added ternary operator example to 'Space around operators'
1128 Following conversation on the libcurl mailing list.
1130 - sasl: Fixed compilation errors from commit 9d89a0387
1132 ...when GSS-API or Windows SSPI are not used.
1134 - url: Corrected comments following 9d89a0387
1136 - docs: Added clarification following commit 9d89a0387
1138 - Makefile: Fixed echo of checksrc check
1140 - checksrc: Fix issue with the autobuilds not picking up the whitelist
1142 - checksrc: Added missing vauth and vtls directories
1144 - ftp/imap/pop3/smtp: Allow the service name to be overridden
1146 Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
1147 authentication in FTP, IMAP, POP3 and SMTP.
1149 - http_negotiate: Calculate service name and proxy service name locally
1151 Calculate the service name and proxy service names locally, rather than
1152 in url.c which will allow for us to support overriding the service name
1153 for other protocols such as FTP, IMAP, POP3 and SMTP.
1155 - ROADMAP: Updated following the move of the authentication code
1157 Patrick Monnerat (8 Apr 2016)
1158 - KNOWN_BUGS: openldap hangs. TODO: binary SASL.
1160 Daniel Stenberg (8 Apr 2016)
1161 - KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables
1165 - KNOWN_BUGS: 11.2 error buffer not set...
1169 - KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS
1173 - KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects
1177 - TODO: HTTP/2 "prior knowledge" is implemented!
1179 - [Damien Vielpeau brought this change]
1181 mbedtls: fix MBEDTLS_DEBUG builds
1183 - mbedtls: implement and provide *_data_pending()
1185 ... as otherwise we might get stuck thinking there's no more data to
1188 Reported-by: Damien Vielpeau
1192 - mbedtls: follow-up for the previous commit
1194 - mbedtls.c: name space pollution fix, Use 'Curl_'
1196 - mbedtls.c: changed private prefix to mbed_
1198 mbedtls_ is the prefix used by the mbedTLS library itself so we should
1199 avoid using that for our private functions.
1201 - mbedtls.h: fix compiler warnings
1203 - Revert "winbuild: trying to set some files eol=crlf for git"
1205 This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21.
1207 Didn't help. Caused problems.
1211 - curl.1: use example.com more
1213 Make (most) example snippets use the example.com domain instead of the
1214 random ones picked and used before. Some of those were probably
1215 legitimate sites and some not. example.com is designed for this purpose.
1217 - [Michael Kaufmann brought this change]
1219 HTTP2: Add a space character after the status code
1221 The space character after the status code is mandatory, even if the
1222 reason phrase is empty (see RFC 7230 section 3.1.2)
1226 - [Viktor Szakats brought this change]
1228 URLs: change http to https in many places
1232 - winbuild: trying to set some files eol=crlf for git
1234 Thinking it might help to apply patches etc with git.
1236 - [Theodore Dubois brought this change]
1238 curl.1: change example for -F
1240 It's a bad idea to send your passwords anywhere, especially over HTTP.
1241 Modified example to send a picture instead.
1245 - KNOWN_BUGS: reorganized and cleaned up
1247 Now sorted into categories and organized in the same style we do the
1248 TODO document. It will make each issue linked properly on the
1249 https://curl.haxx.se/docs/knownbugs.html web page.
1251 The sections should make it easier to find issues and issues related to
1252 areas of the reader's specific interest.
1254 Jay Satiro (6 Apr 2016)
1255 - KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments
1257 Steve Holme (6 Apr 2016)
1258 - KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues
1260 - CHECKSRC.md: Corrected some typos
1262 - RELEASE-NOTES: Corrected last updated
1264 Included a summary of the checksrc.bat updates and combined two krb5
1265 changes as they should have been implemented at the same time.
1267 - vauth: Corrected a number of typos in comments
1269 Reported-by: Michael Osipov
1271 Jay Satiro (5 Apr 2016)
1272 - KNOWN_BUGS: #94 IMAP custom requests use the LIST handler
1274 Bug: https://github.com/curl/curl/issues/536
1275 Reported-by: eXeC64@users.noreply.github.com
1277 Daniel Stenberg (5 Apr 2016)
1278 - KNOWN_BUGS: remove 68, 70 and 72.
1280 Due to their age (we don't fully know if they actually remain) and lack
1281 of detail - very few people will bother to find out what they're about
1282 or work on them. If people truly still suffer from any of these, I
1283 assume they will be reported again and then we'll deal with them.
1285 72. "Pausing pipeline problems."
1286 https://curl.haxx.se/mail/lib-2009-07/0214.html
1288 70. Problem re-using easy handle after call to curl_multi_remove_handle
1289 https://curl.haxx.se/mail/lib-2009-07/0249.html
1291 68. "More questions about ares behavior".
1292 https://curl.haxx.se/mail/lib-2009-08/0012.html
1294 - KNOWN_BUGS: remove 92 and 88, fixed
1296 - http2: fix connection reuse when PING comes after last DATA
1298 It turns out the google GFE HTTP/2 servers send a PING frame immediately
1299 after a stream ends and its last DATA has been received by curl. So if
1300 we don't drain that from the socket, it makes the socket readable in
1301 subsequent checks and libcurl then (wrongly) assumes the connection is
1302 dead when trying to reuse the connection.
1304 Reported-by: Joonas Kuorilehto
1308 - multi: remove trailing space in debug output
1310 - RELEASE-NOTES: synced with 86e97b642fb
1312 - CHECKSRC.md: mention cmdline options, fix the bullet list
1314 - docs/CHECKSRC.md: initial version
1316 Steve Holme (3 Apr 2016)
1317 - checksrc.bat: Added support for the examples
1319 Daniel Stenberg (3 Apr 2016)
1320 - lib/src: fix the checksrc invoke
1322 ... now works correctly when invoke from the root makefile
1324 - nw: please the stricter checksrc
1326 Steve Holme (3 Apr 2016)
1327 - checksrc.bat: Re-enabled the tests directory by default
1329 Following the recent changes to the source in the tests directory,
1330 re-enabled tests for the default scan.
1332 - checksrc.bat: Added tests/server directory support
1334 In addition to commit 83b174b3f0 and following the recent changes.
1336 - tests: Fixed header files to comply with our code style
1338 Daniel Stenberg (3 Apr 2016)
1339 - make checksrc: run it in docs/examples too by default
1341 - docs/examples: remove spurious white spaces all over
1343 ... to please the new, slightly picker, checksrc.pl
1345 - tests: fix make checksrc in servers/
1347 - tests: 'make checksrc' now checks server/ too
1349 - root/make: have checksrc run in include/curl too
1351 - tests/server: comply with our code style
1353 - code: style updates
1355 - checksrc: check for more malplaced spaces
1357 - unit: make unit test source code checksrc compliant
1359 - checksrc: run checksrc in tests when 'make checksrc' in root
1361 - checksrc: remove debug crap
1363 - lib557: allow too long lines
1365 - checksrc: allow ignore of specific warnings within a file (section)
1367 - checksrc: add warning names, explain on help output
1369 Steve Holme (3 Apr 2016)
1370 - checksrc.bat: Disable tests by default until warnings are fixed
1372 - checksrc.bat: Added support for the tests directory
1374 - vauth: Removed the need for a separate GSS-API based SPN function
1376 - curl_sasl: Fixed potential null pointer utilisation
1378 Although this should never happen due to the relationship between the
1379 'mech' and 'resp' variables, and the way they are allocated together,
1380 it does cause problems for code analysis tools:
1382 V595 The 'mech' pointer was utilized before it was verified against
1383 nullptr. Check lines: 376, 381. curl_sasl.c 376
1385 Bug: https://github.com/curl/curl/issues/745
1386 Reported-by: Alexis La Goutte
1388 - spnego: Small code tidy up
1390 * Prefer dereference of string pointer rather than strlen()
1391 * Free challenge pointer in one place
1392 * Additional comments
1394 - krb5: Small code tidy up
1396 * Prefer dereference of string pointer rather than strlen()
1397 * Free challenge pointer in one place
1398 * Additional comments
1400 - krb5_gssapi: Only process challenge when present
1402 This wouldn't cause a problem because of the way the function is called,
1403 but prior to this change, we were processing the challenge message when
1404 the credentials were NULL rather than when the challenge message was
1407 This also brings this part of the Kerberos 5 code in line with the
1410 - krb5: Fixed missing client response when mutual authentication enabled
1412 Although mutual authentication is currently turned off and can only be
1413 enabled by changing libcurl source code, authentication using Kerberos
1414 5 has been broken since commit 79543caf90 in this use case.
1416 - krb5_sspi: Only process challenge when present
1418 This wouldn't cause a problem because of the way the function is called,
1419 but prior to this change, we were processing the challenge message when
1420 the credentials were NULL rather than when the challenge message was
1423 This also brings this part of the Kerberos 5 code in line with the
1426 - krb5_sspi: Only generate the output token when its not allocated
1428 Prior to this change, we were generating the output token when the
1429 credentials were NULL rather than when the output token was NULL.
1431 This also brings this part of the Kerberos 5 code in line with the
1434 - krb5: Only generate a SPN when its not known
1436 Prior to this change, we were generating the SPN in the SSPI code when
1437 the credentials were NULL and in the GSS-API code when the context was
1438 empty. It is better to decouple the SPN generation from these checks
1439 and only generate it when the SPN itself is NULL.
1441 This also brings this part of the Kerberos 5 code in line with the
1444 Daniel Stenberg (3 Apr 2016)
1445 - tests/libtest: follow our code style guidelines better
1447 ... checksrc of all test code is pending.
1449 - checksrc.whitelist: remove fopen() uses
1451 - formdata: use appropriate fopen() macros
1453 - checksrc: improve the fopen() parser somewhat
1455 The quote scanner was too fragile, now look for a comma instead to find
1458 - unit1604: fix snprintf
1460 follow-up to 0326b06
1462 sizeof(pointer) is no good for the buffer size!
1464 Reported-by: Viktor Szakats
1466 Steve Holme (3 Apr 2016)
1467 - unittests: Fixed compilation warnings
1469 warning: implicit declaration of function 'sprintf_was_used'
1470 [-Wimplicit-function-declaration]
1472 Follow up to the modications made to tests/libtest in commit 55452ebdff
1473 as we prefer not to use sprintf() now.
1475 Daniel Stenberg (2 Apr 2016)
1476 - curl.1: -w filename_effective was introduced in 7.26.0
1478 We never made a 7.25.1 release
1480 - 7.49.0: next release version
1482 - http2: make use of the nghttp2 error callback
1484 It offers extra info from nghttp2 in certain error cases. Like for
1485 example when trying prior-knowledge http2 on a server that doesn't speak
1486 http2 at all. The error message is passed on as a verbose message to
1491 The error callback was added in nghttp2 1.9.0
1493 Steve Holme (2 Apr 2016)
1494 - spnego: Renamed the context's SPN variable
1496 To be consistent with the Kerberos 5 context and other authentication
1499 - krb5_gssapi: Renamed the status variables
1501 For consistency with the spnego code.
1503 - krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argument
1505 For consistency with the spnego and oauth2 code moved the setting of
1506 the host name outside of the Curl_auth_create_gssapi_user_messag()
1509 This will allow us to more easily override it in the future.
1511 - test1119: Fixed missing CURL_DID_MEMORY_FUNC_TYPEDEFS symbol
1513 - RELEASE-NOTES: Removed "http_negotiate: Corrected host and proxy host name"
1515 As this was introduced in the recent vauth changes and not a prior
1518 Daniel Stenberg (1 Apr 2016)
1519 - RELEASE-NOTES: synced with 0aa8da10bbdafa
1521 Steve Holme (1 Apr 2016)
1522 - http_negotiate: Corrected host and proxy host name being wrong way round
1524 I had accidentally used the proxy server name for the host and the host
1525 server name for the proxy in commit ad5e9bfd5d and 6d6f9ca1d9. Whilst
1526 Windows SSPI was quite happy with this, GSS-API wasn't.
1528 Thanks-to: Michael Osipov
1530 - build: Changed the Visual Studio projects warning level from 3 to 4
1532 After squashing most of our compiler warnings, up'ed the default
1533 warning level from 3 to 4 in order to increase the likelyhood of
1534 catching future warnings.
1536 Daniel Stenberg (1 Apr 2016)
1537 - [ehlertjd@gmail.com brought this change]
1539 IMAP: check pointer before dereferencing it
1541 may be null in the CURLOPT_CONNECT_ONLY case
1545 Steve Holme (1 Apr 2016)
1546 - .gitignore: Added new VC14 SQLite based program database files
1548 - curl_memory.h: Fixed typo in comment
1550 From commit 7218b52c49.
1552 - spnego: Corrected some typos in comments
1554 Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
1556 - memdebug: Ensure curl/curl.h is included before curl_memory.h
1558 Follow up to commit 7db9782dd6.
1560 Daniel Stenberg (1 Apr 2016)
1561 - upload: missing rewind call could make libcurl hang
1563 When an upload is done, there are two places where that can be detected
1564 and only one of them would rewind the input stream - which sometimes is
1565 necessary for example when doing NTLM HTTP POSTs and more.
1567 This could then end up libcurl hanging.
1569 Figured-out-by: Isaac Boukris
1570 Reported-by: Anatol Belski
1574 - curl.h: define CURL_DID_MEMORY_FUNC_TYPEDEFS
1576 So that we only do the extra typedefs in curl_memory.h when we really
1577 need to and avoid double typedefs.
1579 follow-up commit to 7218b52c49aeb1
1581 Thanks-to: Steve Holme
1583 - curl/mprintf.h: remove support for _MPRINTF_REPLACE
1585 The define is not in our name space and is therefore not protected by
1588 It was only really used by libcurl internals but was mostly erased from
1589 there already in 8aabbf5 (March 2015). This is supposedly the final
1590 death blow to that define from everywhere.
1592 As a side-effect, making sure _MPRINTF_REPLACE is gone and not used, I
1593 made the lib tests in tests/libtest/ use curl_printf.h for its redefine
1594 magic and then subsequently the use of sprintf() got banned in the tests
1595 as well (as it is in libcurl internals) and I then replaced them all
1598 In the unlikely event that any users is actually using this define and
1599 gets sad by this change, it is very easily copied to the user's own
1602 - curl_memory.h: avoid the curl/curl.h include
1606 Steve Holme (1 Apr 2016)
1607 - url: Corrected get protocol family for FTP and LDAP
1609 Fixed copy/paste error from commit a5aec58726.
1611 Jay Satiro (31 Mar 2016)
1612 - strerror: don't bit shift a signed integer
1614 Bug: https://github.com/curl/curl/issues/744
1615 Reported-by: Alexis La Goutte
1617 Daniel Stenberg (31 Mar 2016)
1618 - http2: more documentation for prior knowledge
1620 - [Diego Bes brought this change]
1622 http2: support "prior knowledge", no upgrade from HTTP/1.1
1624 Supports HTTP/2 over clear TCP
1626 - Optimize switching to HTTP/2 by removing calls to init and setup
1627 before switching. Switching will eventually call setup and setup calls
1630 - Supports new version to “force” the use of HTTP/2 over clean TCP
1632 - Add common line parameter “--http2-prior-knowledge” to the Curl
1635 - imap: remove duplicated function
1637 The list and search response functions were identical! Merged into one
1638 now. Detected by PVS Studio.
1640 Reported-by: Alexis La Goutte
1642 - SOCKS5_gssapi_negotiate: don't assume little-endian ints
1644 The code copied one byte from a 32bit integer, which works fine as long
1645 as the byte order is the same. Not a fine assumption. Reported by PVS
1648 Reported-by: Alexis La Goutte
1650 - http: remove ((expression)) double parentheses
1652 - Curl_add_buffer_send: avoid possible NULL dereference
1654 ... as we check for a NULL pointer below, we move the derefence to after
1655 the check. Detected by PVS Studio.
1657 Reported-by: Alexis La Goutte
1659 - file: remove duplicate checks of the same variable
1661 ... as it doesn't change in between. Deteced by PVS Studio.
1663 Reported-by: Alexis La Goutte
1665 Steve Holme (30 Mar 2016)
1666 - [Marcel Raad brought this change]
1668 openssl: Fix compilation warnings
1670 When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE
1671 && HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++
1674 warning C4701: potentially uninitialized local variable 'palg' used
1675 warning C4701: potentially uninitialized local variable 'psig' used
1677 Daniel Stenberg (30 Mar 2016)
1678 - multi: turn Curl_done into file local multi_done
1680 ... as it now is used by multi.c only.
1682 - multi: multi_reconnect_request is the former Curl_reconnect_request
1684 now a file local function in multi.c
1686 - multi: move Curl_do and Curl_do_done to multi.c and make static
1688 ... called multi_do and multi_do_done as they're file local now.
1690 Jay Satiro (29 Mar 2016)
1691 - wolfssl: Use ECC supported curves extension
1693 https://github.com/wolfSSL/wolfssl/issues/366
1695 - build-wolfssl: Allow a broader range of ciphers (Visual Studio)
1697 This is an update to the build-time options used to build wolfSSL in
1698 Visual Studio for greater compatibility, and make it behave similar to
1699 the way OpenSSL 1.0.2 behaves. Starting in wolfSSL v3.6.6 static ciphers
1700 and SSLv3 are disabled by default at build time, but we can use both.
1702 - Enable static cipher suites TLS_ECDH_ and TLS_RSA_.
1704 - Enable SSLv3 hello. Though in libcurl we disable it by default at
1705 runtime, we make it available so the user can manually select it if
1708 Daniel Stenberg (29 Mar 2016)
1709 - [Isaac Boukris brought this change]
1711 GSS: make Curl_gss_log_error more verbose
1713 Also display the GSS_C_GSS_CODE (major code) when specified instead of
1714 only GSS_C_MECH_CODE (minor code).
1716 In addition, the old code was printing a colon twice after the prefix
1717 and also miscalculated the length of the buffer in between calls to
1718 gss_display_status (the length of ": " was missing).
1720 Also, gss_buffer is not guaranteed to be NULL terminated and thus need
1721 to restrict reading by its length.
1725 - build: use roffit 0.11 feature
1727 ... load file specified as argument.
1729 - http2: set correct scheme in handler structs [regression]
1731 Since commit a5aec58 the handler schemes need to match for the
1732 connections to be reused and for HTTP/2 multiplexing to work, reusing
1733 connections is very important!
1737 - hostip.c: minor white space edit for style
1739 - [Viktor Szakats brought this change]
1741 TODO: use secure protocol in recently added URL
1745 - HTTP2.md: mention libressl and boringssl too
1747 - docs/HTTP-COOKIES: converted to markdown
1749 - HTTP2: s/polarssl/mbedtls
1751 Jay Satiro (28 Mar 2016)
1752 - wolfssl: Add ALPN support
1754 - tool_operate: remove mixed declaration
1756 This is a follow up to the previous commit.
1758 Daniel Stenberg (28 Mar 2016)
1759 - curl: warn for --capath use if not supported by libcurl
1763 - TODO: 2.5 Edge-triggered sockets should work
1765 - Makefile.am: skip the scripts dir
1767 Skipping the scripts dir is primarily done for 'make install' so that it
1768 does not attempt to install the zsh completion script as we've not yet
1769 found a proper way to do/run that at install time.
1771 By leaving the script dir's Makefile in place, a user can still opt to
1772 run make install manually in there.
1776 - CURLMOPT_SOCKETFUNCTION.3: describe the 'what' argument
1778 - curl_multi_socket_action.3: mark the options properly
1780 ... to make them appear as links on the html version.
1782 Steve Holme (27 Mar 2016)
1783 - RELEASE-NOTES: Synced with f0bdd72c10
1785 - http_ntlm: Renamed from curl_ntlm.[c|h]
1787 Renamed the header and source files for this module as they are HTTP
1788 specific and as such, they should use the naming convention as other
1789 HTTP authentication source files do - this revert commit 260ee6b7bf.
1791 Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind
1792 code needs separating from the HTTP protocol and migrating into the
1793 vauth directory, thus adding support for Winbind to the SASL based
1794 protocols such as IMAP, POP3 and SMTP.
1796 Daniel Stenberg (27 Mar 2016)
1797 - [marquis-de-muesli brought this change]
1799 docs: curlinfo_filetime sftp support, new curlopt_quote "statvfs"
1803 - [marquis-de-muesli brought this change]
1805 SSH: new CURLOPT_QUOTE command "statvfs"
1807 usage: "statvfs path"
1808 returns remote file system statistics
1810 - [marquis-de-muesli brought this change]
1812 SSH: support CURLINFO_FILETIME
1814 - [Karlson2k brought this change]
1816 sshserver.pl: use quotes for given options
1818 Fixed failed redirection of stderr with some options. At least on Msys2,
1819 perl fails to redirect stderr if $value contains newline or other weird
1822 Jay Satiro (26 Mar 2016)
1823 - url: don't use bad offset in tld_check_name to show error
1825 libidn's tld_check_lz returns an error offset of the first character
1826 that it failed to process, however that offset is not a byte offset and
1827 may not even be in the locale encoding therefore we can't use it to show
1828 the user the character that failed to process.
1830 Bug: https://github.com/curl/curl/issues/731
1831 Reported-by: Karlson2k
1833 Steve Holme (26 Mar 2016)
1834 - http_negotiate: Combine GSS-API and SSPI source files
1836 As the GSS-API and SSPI based source files are no longer library/API
1837 specific, following the extraction of that authentication code to the
1838 vauth directory, combine these files rather than maintain two separate
1841 - vauth: Moved the Negotiate authentication code to the new vauth directory
1843 Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
1845 - vauth: Moved the Negotiate authentication code to the new vauth directory
1847 Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
1849 - warnless.h: Removed spurious character from commit 696bc6b9c9
1851 Not picked up by checksrc or Visual Studio but my own code review, this
1852 would haven broken Intel based Unix builds - Perhaps I should learn to
1853 type on my laptop's keyboard before committing!
1855 - schannel: Fixed compilation warning from commit f8d88a4913
1857 warning C4244: '=': conversion from 'int' to 'unsigned short', possible
1860 - warnless?: Added some integer based conversion functions
1862 Daniel Stenberg (25 Mar 2016)
1863 - [Dusty Mabe brought this change]
1865 docs/TODO: Add feature request for metalink in HTTP headers
1870 Steve Holme (25 Mar 2016)
1871 - build: Corrected typos from commit 70e56939aa
1873 - vauth: Refactored function names after move to new vauth directory
1875 Renamed all the SASL functions that moved to the new vauth directory to
1876 include the correct module name.
1878 - vauth: Updated the copyright year after recent changes
1880 As most of this work was performed in 2015 but not pushed until 2016
1881 updated the copyright year to reflect the public facing changes.
1883 - vauth: Moved the OAuth 2.0 authentication code to the new vauth directory
1885 - vauth: Moved the NTLM authentication code to the new vauth directory
1887 - vauth: Moved the Kerberos V5 authentication code to the new vauth directory
1889 - digest.c: Fixed checksrc warnings
1891 - vauth: Moved the DIGEST authentication code to the new vauth directory
1893 - vauth: Moved the CRAM-MD5 authentication code to the new vauth directory
1895 - vauth: Moved the ClearText authentication code to the new vauth directory
1897 - vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files
1899 - checksrc.bat: Added support for checking the new vauth directory
1901 - build: Updated all makefiles and project files for the new vauth directory
1903 Updated the makefiles and Visual Studio project files to support moving
1904 the authentication code to the new lib/vauth directory that was started
1905 in commit 0d04e859e1.
1907 Daniel Stenberg (24 Mar 2016)
1908 - [JDepooter brought this change]
1910 schannel: Add ALPN support
1912 Add ALPN support for schannel. This allows cURL to negotiate
1913 HTTP/2.0 connections when built with schannel.
1917 Steve Holme (24 Mar 2016)
1918 - http: Minor update based on CODE_STYLE guidelines
1920 Daniel Stenberg (23 Mar 2016)
1921 - multi: fix "Operation timed out after" timer
1923 Use the local, reasonably updated, 'now' value when creating the message
1924 string to output for the timeout condition.
1928 - openssl: boringssl provides the same numbering as openssl
1930 ... so we don't need extra boringssl precautions for for
1931 HAVE_ERR_REMOVE_THREAD_STATE_NOARG.
1933 Pointed-out-by: David Benjamin
1935 - openssl: fix ERR_remove_thread_state() for boringssl/libressl
1937 The removed arg is only done in OpenSSL
1939 Bug: https://twitter.com/xtraemeat/status/712564874098917376
1941 - bump: work on 7.48.1
1943 - RELEASE-PROCEDURE: mention the github release tag edit
1945 ... and update the coming release dates a bit
1947 Steve Holme (23 Mar 2016)
1948 - checksrc.bat: Updated the help to be consistent with generate.bat
1950 Follow up to commit a8c7f0fcbf prior to release.
1952 Version 7.48.0 (23 Mar 2016)
1954 Daniel Stenberg (23 Mar 2016)
1955 - RELEASE-NOTES: curl 7.48.0
1957 - THANKS: 15 new contributors from 7.48.0 release
1959 Jay Satiro (23 Mar 2016)
1960 - CURLINFO_TLS_SSL_PTR.3: Warn about limitations
1962 Bug: https://github.com/curl/curl/issues/685
1964 Daniel Stenberg (22 Mar 2016)
1965 - Revert "sshserver: remove use of AuthorizedKeysFile2"
1967 It seems we may have some autobuild problems after this commit went
1968 in. Trying to see if a revert helps to get them back.
1970 This reverts commit 2716350d1f3edc8e929f6ceeee05051090f6d642.
1972 - maketgz: add -j to make dist
1974 ... makes it a lot faster
1976 - libcurl-thread.3: minor nroff format fix
1978 - CURLINFO_TLS_SSL_PTR.3: minor nroff format fix
1980 - CODE_STYLE: indend example code
1982 ... to make it look nicer in markdown outputa
1984 Jay Satiro (22 Mar 2016)
1985 - build-wolfssl: Update VS properties for wolfSSL v3.9.0
1987 - Do not use wolfSSL's sample user-setting files.
1989 wolfSSL starting in v3.9.0 has added their own sample user settings that
1990 are applied by default, but we don't use them because we have our own
1993 - Do not use wolfSSL's Visual Studio Unicode character setting.
1995 wolfSSL Visual Studio projects use the Unicode character set however our
1996 settings and options imitate mingw build which does not use the Unicode
1997 character set. This does not appear to have any effect at the moment but
1998 better safe than sorry.
2001 These changes are backwards compatible with earlier versions.
2003 Steve Holme (22 Mar 2016)
2004 - hostip6: Fixed compilation warnings when verbose strings disabled
2006 warning C4189: 'data': local variable is initialized but not referenced
2008 ...and some minor formatting/spacing changes.
2010 Daniel Stenberg (21 Mar 2016)
2011 - sshserver: remove use of AuthorizedKeysFile2
2013 Support for the (undocumented) AuthorizedKeysFile2 was removed in
2014 OpenSSH 5.9, released in September 2011
2018 Steve Holme (20 Mar 2016)
2019 - connect/ntlm/http: Fixed compilation warnings when verbose strings disabled
2021 warning C4189: 'data': local variable is initialized but not referenced
2023 - openssl: Fixed compilation warning when /Wall enabled
2025 warning C4706: assignment within conditional expression
2027 - CODE_STYLE: Use boolean conditions
2029 Rather than use TRUE, FALSE, NULL, 0 or != 0 in if/while conditions.
2031 Additionally, corrected some example code to adhere to the recommended
2034 - inet_pton.c: Fixed compilation warnings
2036 warning: conversion to 'unsigned char' from 'int' may alter its value
2038 Daniel Stenberg (19 Mar 2016)
2039 - RELEASE-NOTES: synced with 80851028efc2fa9
2041 - mbedtls: fix compiler warning
2043 vtls/mbedtls.h:67:36: warning: implicit declaration of function
2044 ‘mbedtls_sha256’ [-Wimplicit-function-declaration]
2046 Steve Holme (19 Mar 2016)
2047 - easy: Minor coding standard and style updates
2049 Following commit c5744340db. Additionally removes the need for a second
2050 'result code' variable as well.
2052 Jay Satiro (19 Mar 2016)
2053 - easy: Remove poll failure check in easy_transfer
2055 .. because curl_multi_wait can no longer signal poll failure.
2057 follow-up to 77e1726
2059 Bug: https://github.com/curl/curl/issues/707
2061 Steve Holme (19 Mar 2016)
2062 - build: Added missing Visual Studio filter files for VC10 onwards
2064 As these files don't need to contain references to the source files,
2065 although typically do, added basic files which only include three
2066 filters and don't require the project file generator to be modified.
2068 These files allow the source code to be viewed in the Solution Explorer
2069 in versions of Visual Studio from 2010 onwards in the same manner as
2070 previous versions did rather than one large view of files.
2072 - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
2074 warning C4706: assignment within conditional expression
2076 - config-w32.h: Fixed compilation warning when /Wall enabled
2078 warning C4668: 'USE_IPV6' is not defined as a preprocessor macro,
2079 replacing with '0' for '#if/#elif'
2081 - imap.c: Fixed compilation warning with /Wall enabled
2083 warning C4701: potentially uninitialized local variable 'size' used
2085 Technically this can't happen, as the usage of 'size' is protected by
2086 'if(parsed)' and 'parsed' is only set after 'size' has been parsed.
2088 Anyway, lets keep the compiler happy.
2090 - KNOWN_BUGS: #93 Issue with CURLFORM_CONTENTLEN in arrays on 32-bit platforms
2092 Daniel Stenberg (18 Mar 2016)
2093 - bump: the coming release is 7.48.0
2095 - configure: use cpp -P when needed
2097 Since gcc 5, the processor output can get split up on multiple lines
2098 that made the configure script fail to figure out values from
2099 definitions. The fix is to use cpp -P, and this fix now first checks if
2100 cpp -P is necessary and then if cpp -P works before it uses that to
2101 extract defined values.
2105 Steve Holme (18 Mar 2016)
2106 - formdata.c: Fixed compilation warning
2108 formdata.c:390: warning: cast from pointer to integer of different size
2110 Introduced in commit ca5f9341ef this happens because a char*, which is
2111 32-bits wide in 32-bit land, is being cast to a curl_off_t which is
2112 64-bits wide where 64-bit integers are supported by the compiler.
2114 This doesn't happen in 64-bit land as a pointer is the same size as a
2117 This fix doesn't address the fact that a 64-bit value cannot be used
2118 for CURLFORM_CONTENTLEN when set in a form array and compiled on a
2119 32-bit platforms, it does at least suppress the compilation warning.
2121 Daniel Stenberg (18 Mar 2016)
2122 - FAQ: 2.5 Install libcurl for both 32bit and 64bit?
2124 - [Gisle Vanem brought this change]
2126 openssl: adapt to API breakage in ERR_remove_thread_state()
2128 The OpenSSL API change that broke this is "Convert ERR_STATE to new
2129 multi-threading API": openssl commit 8509dcc.
2133 - version: init moved to private name space, added protos
2135 follow-up to 80015cdd52145
2137 - openssl: verbose: show matching SAN pattern
2139 ... to allow users to see which specfic wildcard that matched when such
2142 Also minor logic cleanup to simplify the code, and I removed all tabs
2143 from verbose strings.
2145 Jay Satiro (16 Mar 2016)
2146 - version: thread safety
2148 Steve Holme (16 Mar 2016)
2149 - transfer: Removed redundant HTTP authentication include files
2151 It would also seem that share.h is not required here either as there
2152 are no references to the Curl_share structure or functions.
2154 - easy: Removed redundant HTTP authentication include files
2156 Jay Satiro (15 Mar 2016)
2157 - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support
2159 Bug: https://curl.haxx.se/mail/lib-2016-03/0150.html
2160 Reported-by: Oliver Graute
2162 Steve Holme (15 Mar 2016)
2163 - curl_sasl: Minor code indent fixes
2165 Daniel Stenberg (14 Mar 2016)
2166 - runtests: mention when run event-based
2168 - easy: add check to malloc() when running event-based
2170 ... to allow torture tests then too.
2172 - memdebug: skip logging the limit countdown, fflush when reached
2174 - CODE_STYLE: Space around operators
2176 As just discussed on the mailing list, also document how we prefer
2177 spacing in expressions.
2179 - curl: glob_range: no need to check unsigned variable for negative
2183 [src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
2186 - CODE_STYLE: add example for indent style as well
2188 - CODE_STYLE: mention braces for functions too
2190 - docs/Makefile.am: include CODE_STYLE in tarball too
2192 - CONTRIBUTE: moved out code style to a separate document
2194 - CODE_STYLE: initial version
2196 Ripped out from CONTRIBUTE into its own document, but also extended from
2199 - curl_sasl.c: minor code indent fixes
2201 - multi: simplified singlesocket
2203 Since sh_getentry() now checks for invalid sockets itself and by
2204 narrowing the scope of the remove_sock_from_hash variable.
2206 - multi: introduce sh_getentry() for looking up sockets in the sockhash
2208 Simplify the code by using a single entry that looks for a socket in the
2209 socket hash. As indicated in #712, the code looked for CURL_SOCKET_BAD
2210 at some point and that is ineffective/wrong and this makes it easier to
2213 - [Jaime Fullaondo brought this change]
2215 multi hash: ensure modulo performed on curl_socket_t
2219 Steve Holme (13 Mar 2016)
2220 - base64: Minor coding standard and style updates
2222 - base64: Use 'CURLcode result' for curl result codes
2224 - negotiate: Use 'CURLcode result' for curl result codes
2226 Daniel Stenberg (13 Mar 2016)
2227 - [Maksim Kuzevanov brought this change]
2229 multi_runsingle: avoid loop in CURLM_STATE_WAITPROXYCONNECT
2233 - TODO: Use the RFC6265 test suite
2235 Steve Holme (13 Mar 2016)
2236 - checksrc.bat: Added the ability to scan src and lib source independently
2238 - digest: Use boolean based success code for Curl_sasl_digest_get_pair()
2240 Rather than use a 0 and 1 integer base result code use a TRUE / FALSE
2243 - digest: Corrected some typos in comments
2245 - krb5: Corrected some typos in function descriptions
2247 - ntlm: Corrected some typos in function descriptions
2249 - url: Corrected indentation when calling idna_to_ascii_lz()
2251 - idn_win32: Use boolean based success codes
2253 Rather than use 0 and 1 integer base result codes use a FALSE / TRUE
2256 Daniel Stenberg (10 Mar 2016)
2257 - idn_win32.c: warning: Trailing whitespace
2259 Steve Holme (10 Mar 2016)
2260 - idn_win32.c: Fixed compilation warning from commit 9e7fcd4291
2262 warning C4267: 'function': conversion from 'size_t' to 'int',
2263 possible loss of data
2265 Daniel Stenberg (10 Mar 2016)
2266 - THANKS-filter: unify Michael König
2268 - RELEASE-NOTES: synced with 863c5766dd
2270 - ftp: remove a check for NULL(!)
2272 ... as it implies we need to check for that on all the other variable
2273 references as well (as Coverity otherwise warns us for missing NULL
2274 checks), and we're alredy making sure that the pointer is never NULL.
2276 - cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
2278 RFC 6265 section 4.1.1 spells out that the first name/value pair in the
2279 header is the actual cookie name and content, while the following are
2282 libcurl previously had a more liberal approach which causes significant
2283 problems when introducing new cookie parameters, like the suggested new
2284 cookie priority draft.
2286 The previous logic read all n/v pairs from left-to-right and the first
2287 name used that wassn't a known parameter name would be used as the
2288 cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
2289 a cookie named 'person' while an RFC 6265 compliant parser should
2290 consider that to be a cookie named 'Max-Age' with an (unknown) parameter
2295 - krb5: improved type handling to avoid clang compiler warnings
2297 - url.c: fix clang warning: no newline at end of file
2299 - curl_multi_wait: never return -1 in 'numfds'
2301 Such a return value isn't documented but could still happen, and the
2302 curl tool code checks for it. It would happen when the underlying
2303 Curl_poll() function returns an error. Starting now we mask that error
2304 as a user of curl_multi_wait() would have no way to handle it anyway.
2306 Reported-by: Jay Satiro
2309 - HTTP2.md: add CURL_HTTP_VERSION_2TLS and updated alt-svc link
2311 - curl_multi_wait.3: add example
2313 Steve Holme (8 Mar 2016)
2314 - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
2316 Regression since commit 710f14edba.
2318 Bug: https://github.com/curl/curl/issues/422
2319 Reported-by: Justin Ehlert
2321 Jay Satiro (8 Mar 2016)
2322 - opt-docs: fix heading macros
2326 Bug: https://github.com/curl/curl/issues/705
2327 Reported-by: Eric S. Raymond
2329 Kamil Dudka (8 Mar 2016)
2330 - [Tim Rühsen brought this change]
2332 cookie: do not refuse cookies for localhost
2336 Daniel Stenberg (8 Mar 2016)
2337 - ftp_done: clear tunnel_state when secondary socket closes
2339 Introducing a function for closing the secondary connection to make this
2340 bug less likely to happen again.
2345 - [Gisle Vanem brought this change]
2347 openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
2349 - HTTP2.md: HTTP/2 by default for curl's HTTPS connections
2351 - [Anders Bakken brought this change]
2353 pipeline: Sanity check pipeline pointer before accessing it.
2355 I got a crash with this stack:
2357 curl/lib/url.c:2873 (Curl_removeHandleFromPipeline)
2358 curl/lib/url.c:2919 (Curl_getoff_all_pipelines)
2359 curl/lib/multi.c:561 (curl_multi_remove_handle)
2360 curl/lib/url.c:415 (Curl_close)
2361 curl/lib/easy.c:859 (curl_easy_cleanup)
2365 - HTTP2.md: mention the disable ALPN and NPN options
2367 - TODO: 17.12 keep running, read instructions from pipe/socket
2369 And delete trailing whitespace
2370 And rename section 17 to "command line tool" from "client"
2374 - README.md: linkified
2376 It also makes it less readable as plain text, so let's keep this
2377 primarily for github use.
2379 Removed the top ascii art logo, as it looks weird when markdownified.
2381 - README.md: markdown version of README
2383 Attempt to make it look more appealing on github
2385 Jay Satiro (6 Mar 2016)
2386 - mprintf: update trio project link
2388 Daniel Stenberg (6 Mar 2016)
2389 - CURLOPT_ACCEPTTIMEOUT_MS.3: added example
2391 - CURLOPT_ACCEPT_ENCODING.3: added example
2393 - CURLOPT_APPEND.3: added example
2395 - CURLOPT_NOPROGRESS.3: added example, conform to stardard style
2397 Steve Holme (6 Mar 2016)
2398 - build-openssl/checksrc.bat: Fixed prepend vs append of Perl path
2400 Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order
2401 in which Perl was added to the PATH.
2403 Daniel Stenberg (6 Mar 2016)
2404 - opts: added two examples
2406 - CURLOPT_SSL_CTX_FUNCTION.3: use .NF for example
2408 - CURLOPT_SSL_CTX_FUNCTION.3: added example
2410 and removed erroneous reference to test case lib509
2412 - curlx.c: use more curl style code
2414 - test46: change cookie expiry date
2416 Since two of the cookies would now otherwise expire and cause the test
2417 to fail after commit 20de9b4f09
2421 Jay Satiro (5 Mar 2016)
2422 - [Viktor Szakats brought this change]
2424 makefile.m32: add missing libs for static -winssl-ssh2 builds
2426 Bug: https://github.com/curl/curl/pull/693
2428 - mbedtls: fix user-specified SSL protocol version
2430 Prior to this change when a single protocol CURL_SSLVERSION_ was
2431 specified by the user that version was set only as the minimum version
2432 but not as the maximum version as well.
2434 Steve Holme (5 Mar 2016)
2435 - .gitignore: Added *.VC.opendb and *.vcxproj.user files for VC14
2437 - build-openssl.bat: Fixed cannot find perl if installed but not in path
2439 - checksrc.bat: Fixed cannot find perl if installed but not in path
2441 Jay Satiro (5 Mar 2016)
2442 - [Viktor Szakats brought this change]
2444 makefile.m32: fix to allow -ssh2-winssl combination
2446 In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
2447 (OpenSSL) option, with no way to override it with -winssl. Since both
2448 libssh2 and curl support using Windows's built-in SSL backend, modify
2449 the logic to allow that combination.
2451 - cookie: Don't expire session cookies in remove_expired
2453 Prior to this change cookies with an expiry date that failed parsing
2454 and were converted to session cookies could be purged in remove_expired.
2456 Bug: https://github.com/curl/curl/issues/697
2457 Reported-by: Seth Mos
2459 Daniel Stenberg (3 Mar 2016)
2460 - cookie: remove redundant check
2462 ... as it was already checked previously within the function.
2464 Reported-by: Dmitry-Me
2467 Jay Satiro (1 Mar 2016)
2468 - [Anders Bakken brought this change]
2470 url: if Curl_done is premature then pipeline not in use
2472 Prevent a crash if 2 (or more) requests are made to the same host and
2473 pipelining is enabled and the connection does not complete.
2475 Bug: https://github.com/curl/curl/pull/690
2477 - [Viktor Szakats brought this change]
2479 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
2481 using envvars `CURL_LDFLAG_EXTRAS_DLL` and
2482 `CURL_LDFLAG_EXTRAS_EXE` respectively. This
2483 is useful f.e. to pass ASLR-related extra
2484 options, that are required to make this
2485 feature work when using the mingw toolchain.
2487 Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985
2489 Closes https://github.com/curl/curl/pull/689
2491 Daniel Stenberg (29 Feb 2016)
2492 - formpost: fix memory leaks in AddFormData error branches
2494 Reported-by: Dmitry-Me
2497 Jay Satiro (28 Feb 2016)
2498 - getinfo: Fix syntax error when mbedTLS
2500 The assignment of the mbedTLS TLS session info in the parent commit was
2501 incorrect. Change the assignment to a pointer to the session structure.
2503 - getinfo: Add support for mbedTLS TLS session info
2505 .. and preprocessor check TLS session info is defined for all backends.
2507 Daniel Stenberg (26 Feb 2016)
2508 - ROADMAP: clarify on the TLS proxy, mention HTTP cookies to work on
2510 - file: try reading from files with no size
2512 Some systems have special files that report as 0 bytes big, but still
2513 contain data that can be read (for example /proc/cpuinfo on
2514 Linux). Starting now, a zero byte size is considered "unknown" size and
2515 will be read as far as possible anyway.
2517 Reported-by: Jesse Tan
2521 Jay Satiro (25 Feb 2016)
2522 - configure: warn on invalid ca bundle or path
2524 - Warn if --with-ca-bundle file does not exist.
2526 - Warn if --with-ca-path directory does not contain certificates.
2528 - Improve help messages for both.
2530 Example configure output:
2532 ca cert bundle: /some/file (warning: certs not found)
2533 ca cert path: /some/dir (warning: certs not found)
2535 Bug: https://github.com/curl/curl/issues/404
2536 Reported-by: Jeffrey Walton
2538 Daniel Stenberg (24 Feb 2016)
2539 - Curl_read: check for activated HTTP/1 pipelining, not only requested
2541 ... as when pipelining is used, we read things into a unified buffer and
2542 we don't do that with HTTP/2. This could then easily make programs that
2543 set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data
2544 intermixed or plain broken between HTTP/2 streams.
2546 Reported-by: Anders Bakken
2548 Patrick Monnerat (24 Feb 2016)
2549 - os400: Fix ILE/RPG definition of CURLOPT_TFTP_NO_OPTIONS
2551 Jay Satiro (23 Feb 2016)
2552 - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
2554 The two options are almost the same, except in the case of OpenSSL:
2556 CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.
2558 CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.
2560 For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
2561 return an SSL pointer for OpenSSL.
2563 Also, add support for the 'internals' member to point to SSL object for
2564 the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
2567 Bug: https://github.com/curl/curl/issues/234
2568 Reported-by: dkjjr89@users.noreply.github.com
2570 Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
2571 Reported-by: Michael König
2573 Daniel Stenberg (23 Feb 2016)
2574 - multi_remove_handle: keep the timeout list until after disconnect
2576 The internal Curl_done() function uses Curl_expire() at times and that
2577 uses the timeout list. Better clean up the list once we're done using
2578 it. This caused a segfault.
2581 Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html
2583 Kamil Dudka (23 Feb 2016)
2584 - tests/sshserver.pl: use RSA instead of DSA for host auth
2586 DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
2587 test cases to be skipped. Using RSA for host authentication works with
2588 both old and new versions of OpenSSH.
2590 Reported-by: Karlson2k
2594 Jay Satiro (23 Feb 2016)
2595 - TFTP: add option to suppress TFTP option requests (Part 2)
2599 - Add an example to CURLOPT_TFTP_NO_OPTIONS.3.
2601 - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.
2603 Bug: https://github.com/curl/curl/issues/481
2605 - [Michael Koenig brought this change]
2607 TFTP: add option to suppress TFTP option requests (Part 1)
2609 Some TFTP server implementations ignore the "TFTP Option extension"
2610 (RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
2611 problems with libcurl. Another switch for curl_easy_setopt
2612 "CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
2613 sending TFTP option requests to a server, avoiding many problems caused
2614 by faulty implementations.
2616 Bug: https://github.com/curl/curl/issues/481
2618 Daniel Stenberg (22 Feb 2016)
2619 - [Karlson2k brought this change]
2621 runtests: Fixed usage of %PWD on MinGW64
2625 Jay Satiro (20 Feb 2016)
2626 - CURLOPT_DEBUGFUNCTION.3: Fix example
2628 - [Viktor Szakats brought this change]
2630 src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
2632 Sync with lib/Makefile.m32 which already uses those variables.
2634 Bug: https://github.com/curl/curl/pull/670
2636 Dan Fandrich (20 Feb 2016)
2637 - Enabled test 1437 after the bug fix in commit 3fa220a6
2639 Jay Satiro (19 Feb 2016)
2640 - [Emil Lerner brought this change]
2642 curl_sasl: Fix memory leak in digest parser
2644 If any parameter in a HTTP DIGEST challenge message is present multiple
2645 times, memory allocated for all but the last entry should be freed.
2647 Bug: https://github.com/curl/curl/pull/667
2649 Dan Fandrich (19 Feb 2016)
2650 - Added test 1437 to verify a memory leak
2652 Reported-by: neex@users.noreply.github.com
2654 Jay Satiro (18 Feb 2016)
2655 - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style
2657 Bug: https://github.com/curl/curl/issues/666
2658 Reported-by: baumanj@users.noreply.github.com
2660 - curl.1: HTTP headers for --cookie must be Set-Cookie style
2662 Bug: https://github.com/curl/curl/issues/666
2663 Reported-by: baumanj@users.noreply.github.com
2665 Daniel Stenberg (18 Feb 2016)
2666 - curl.1: add a missing dash
2668 - CONTRIBUTING.md: fix links
2670 - ISSUE_TEMPLATE: github issue template
2672 First version, try this out!
2674 - CONTRIBUTING.md: move into .github
2676 To hide github specific files somewhat from the rest.
2678 - opts: add references
2680 - examples/make: add 'checksrc' target
2682 - 10-at-a-time: typecast the argument passed to sleep()
2684 - externalsocket.c: fix compiler warning for fwrite return type
2686 - anyauthput.c: fix compiler warnings
2688 - simplessl.c: warning: while with space
2690 - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
2692 Reported-By: Gisle Vanem
2694 - http2: don't decompress gzip decoding automatically
2696 At one point during the development of HTTP/2, the commit 133cdd29ea0
2697 introduced automatic decompression of Content-Encoding as that was what
2698 the spec said then. Now however, HTTP/2 should work the same way as
2699 HTTP/1 in this regard.
2701 Reported-by: Kazuho Oku
2705 Jay Satiro (16 Feb 2016)
2706 - [Tatsuhiro Tsujikawa brought this change]
2708 http: Don't break the header into chunks if HTTP/2
2710 nghttp2 callback deals with TLS layer and therefore the header does not
2711 need to be broken into chunks.
2713 Bug: https://github.com/curl/curl/issues/659
2714 Reported-by: Kazuho Oku
2716 Daniel Stenberg (16 Feb 2016)
2717 - [Viktor Szakats brought this change]
2719 openssl: use macro to guard the opaque EVP_PKEY branch
2721 - [Viktor Szakats brought this change]
2723 openssl: avoid direct PKEY access with OpenSSL 1.1.0
2725 by using API instead of accessing an internal structure.
2726 This is required starting OpenSSL 1.1.0-pre3.
2730 - RELEASE-NOTES: synced with ede0bfc079da
2732 - [Clint Clayton brought this change]
2734 CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option
2736 Change the example in the docs for CURLOPT_CONNECTTIMEOUT_MS to use
2737 CURLOPT_CONNECTTIMEOUT_MS instead of CURLOPT_CONNECTTIMEOUT.
2741 - opt-docs: add more references
2743 - [David Byron brought this change]
2745 SCP: use libssh2_scp_recv2 to support > 2GB files on windows
2747 libssh2_scp_recv2 is introduced in libssh2 1.7.0 - to be released "any
2752 Jay Satiro (13 Feb 2016)
2753 - [Shine Fan brought this change]
2755 gtls: fix for builds lacking encrypted key file support
2757 Bug: https://github.com/curl/curl/pull/651
2759 Dan Fandrich (13 Feb 2016)
2760 - test1604: Add to Makefile.inc so it gets run
2762 Jay Satiro (12 Feb 2016)
2763 - generate.bat: Fix comment bug by removing old comments
2765 Remove NOTES section, it's no longer needed since we aren't setting the
2766 errorlevel and more importantly the recently updated URL in the comments
2767 is causing some unusual behavior that breaks the script.
2769 Closes https://github.com/curl/curl/issues/649
2771 Kamil Dudka (12 Feb 2016)
2772 - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts
2774 The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man
2775 pages since curl-7_12_3~131. This patch makes it clear in the curl.1
2778 Bug: https://bugzilla.redhat.com/1305970
2780 Daniel Stenberg (12 Feb 2016)
2781 - dist: ship buildconf.bat too
2783 As the winbuild/* stuff uses it!
2785 - curlx_tvdiff: handle 32bit time_t overflows
2787 On 32bit systems, make sure we don't overflow and return funky values
2788 for very large time differences.
2790 Reported-by: Anders Bakken
2794 - examples: fix some compiler warnings
2796 - simplessl.c: fix my breakage
2798 - examples: adhere to curl code style
2800 All plain C examples now (mostly) adhere to the curl code style. While
2801 they are only examples, they had diverted so much and contained all
2802 sorts of different mixed code styles by now. Having them use a unified
2803 style helps users and readability. Also, as they get copy-and-pasted
2804 widely by users, making sure they're clean and nice is a good idea.
2806 573 checksrc warnings were addressed.
2808 - examples/cookie_interface.c: add cleanup call
2810 cleaning up handles is a good idea as we leak memory otherwise
2812 Also, line wrapped before 80 columns.
2814 Kamil Dudka (10 Feb 2016)
2815 - nss: search slash in forward direction in dup_nickname()
2817 It is wasteful to search it backwards if we look for _any_ slash.
2819 - nss: do not count enabled cipher-suites
2821 We only care if at least one cipher-suite is enabled, so it does
2822 not make any sense to iterate till the end and count all enabled
2825 Daniel Stenberg (10 Feb 2016)
2826 - contributors.sh: make 79 the max column width (from 80)
2828 - RELEASE-NOTES: synced with c276aefee3995
2830 - mbedtls.c: re-indent to better match curl standards
2832 - [Rafael Antonio brought this change]
2834 mbedtls: fix memory leak when destroying SSL connection data
2838 - mbedtls: fix ALPN usage segfault
2840 Since we didn't keep the input argument around after having called
2841 mbedtls, it could end up accessing the wrong memory when figuring out
2846 Jay Satiro (9 Feb 2016)
2847 - [Timotej Lazar brought this change]
2849 opts: update references to renamed options
2851 - KNOWN_BUGS: Update #92 - Windows device prefix
2853 - tool_doswin: Support for literal path prefix \\?\
2855 For example something like --output \\?\C:\foo
2857 Daniel Stenberg (9 Feb 2016)
2858 - configure: state "BoringSSL" in summary when that was detected
2860 - [David Benjamin brought this change]
2862 openssl: remove most BoringSSL #ifdefs.
2864 As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
2865 BoringSSL #ifdefs in cURL should be unnecessary:
2867 - BoringSSL provides no-op stubs for compatibility which replaces most
2870 - DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
2871 the compatibility codepath.
2873 - With a small tweak to an extend_key_56_to_64 call, the NTLM code
2876 - Switch OCSP-related #ifdefs to the more generally useful
2879 The only #ifdefs which remain are Curl_ossl_version and the #undefs to
2880 work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
2881 that to the consumer. The in-header workaround makes things sensitive to
2884 This change errs on the side of removing conditionals despite many of
2885 the restored codepaths being no-ops. (BoringSSL generally adds no-op
2886 compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
2891 Jay Satiro (8 Feb 2016)
2892 - KNOWN_BUGS: Windows device prefix is required for devices
2894 - tool_urlglob: Allow reserved dos device names (Windows)
2896 Allow --output to reserved dos device names without the device prefix
2897 for backwards compatibility.
2899 Example: --output NUL can be used instead of --output \\.\NUL
2901 Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
2902 Reported-by: Gisle Vanem
2904 Daniel Stenberg (8 Feb 2016)
2905 - cookies: allow spaces in cookie names, cut of trailing spaces
2907 It turns out Firefox and Chrome both allow spaces in cookie names and
2908 there are sites out there using that.
2910 Turned out the code meant to strip off trailing space from cookie names
2911 didn't work. Fixed now.
2913 Test case 8 modified to verify both these changes.
2917 Patrick Monnerat (8 Feb 2016)
2918 - Merge branch 'master' of github.com:curl/curl
2920 - os400: sync ILE/RPG definitions with latest public header files.
2922 Daniel Stenberg (8 Feb 2016)
2923 - [Ludwig Nussel brought this change]
2925 SSLCERTS: update wrt SSL CA certificate store
2927 - [Ludwig Nussel brought this change]
2929 configure: --with-ca-fallback: use built-in TLS CA fallback
2931 When trying to verify a peer without having any root CA certificates
2932 set, this makes libcurl use the TLS library's built in default as
2937 - Proxy-Connection: stop sending this header by default
2939 RFC 7230 says we should stop. Firefox already stopped.
2941 Bug: https://github.com/curl/curl/issues/633
2942 Reported-By: Brad Fitzpatrick
2946 - bump: work toward the next release
2948 - THANKS: 2 contributors from the 7.47.1 release
2950 - RELEASE-PROCEDURE: remove the github upload part
2952 ... as we're HTTPS on the main site now, there's no point in that
2955 Version 7.47.1 (8 Feb 2016)
2957 Daniel Stenberg (8 Feb 2016)
2958 - RELEASE-NOTES: curl 7.47.1 time!
2960 Jay Satiro (8 Feb 2016)
2961 - tool_operhlp: Check for backslashes in get_url_file_name
2963 Extract the filename from the last slash or backslash. Prior to this
2964 change backslashes could be part of the filename.
2966 This change needed for the curl tool built for Cygwin. Refer to the
2967 CYGWIN addendum in advisory 20160127B.
2969 Bug: https://curl.haxx.se/docs/adv_20160127B.html
2971 Daniel Stenberg (7 Feb 2016)
2972 - RELEASE-NOTES: synced with d6a8869ea34
2974 Jay Satiro (6 Feb 2016)
2975 - openssl: Fix signed/unsigned mismatch warning in X509V3_ext
2977 sk_X509_EXTENSION_num may return an unsigned integer, however the value
2980 Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
2981 Reported-by: Gisle Vanem
2983 Daniel Stenberg (7 Feb 2016)
2984 - TODO: 17.11 -w output to stderr
2986 Jay Satiro (6 Feb 2016)
2987 - [Michael Kaufmann brought this change]
2989 idn_win32: Better error checking
2991 .. also fix a conversion bug in the unused function
2992 curl_win32_ascii_to_idn().
2994 And remove wprintfs on error (Jay).
2996 Bug: https://github.com/curl/curl/pull/637
2998 - [Gisle Vanem brought this change]
3000 examples/asiohiper: Avoid function name collision on Windows
3002 closesocket => close_socket
3003 Winsock already has the former.
3005 Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
3007 - [Gisle Vanem brought this change]
3009 examples/htmltitle: Use _stricmp on Windows
3011 Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html
3013 Daniel Stenberg (6 Feb 2016)
3014 - COPYING: clarify that Daniel is not the sole author
3016 ... done on request and as it is a fair point.
3018 Jay Satiro (5 Feb 2016)
3019 - unit1604: Fix unit setup return code
3021 - tool_doswin: Use type SANITIZEcode in sanitize_file_name
3023 - tool_doswin: Improve sanitization processing
3025 - Add unit test 1604 to test the sanitize_file_name function.
3027 - Use -DCURL_STATICLIB when building libcurltool for unit testing.
3029 - Better detection of reserved DOS device names.
3031 - New flags to modify sanitize behavior:
3033 SANITIZE_ALLOW_COLONS: Allow colons
3034 SANITIZE_ALLOW_PATH: Allow path separators and colons
3035 SANITIZE_ALLOW_RESERVED: Allow reserved device names
3036 SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
3038 - Restore sanitization of banned characters from user-specified outfile.
3040 Prior to this commit sanitization of a user-specified outfile was
3041 temporarily disabled in 2b6dadc because there was no way to allow path
3042 separators and colons through while replacing other banned characters.
3043 Now in such a case we call the sanitize function with
3044 SANITIZE_ALLOW_PATH which allows path separators and colons to pass
3048 Closes https://github.com/curl/curl/issues/624
3049 Reported-by: Octavio Schroeder
3051 - [Viktor Szakats brought this change]
3053 URLs: change more http to https
3055 - sasl_sspi: Fix memory leak in domain populate
3057 Free an existing domain before replacing it.
3059 Bug: https://github.com/curl/curl/issues/635
3060 Reported-by: silveja1@users.noreply.github.com
3062 Daniel Stenberg (4 Feb 2016)
3063 - [Viktor Szakats brought this change]
3065 URLs: follow GitHub project rename (also Travis CI)
3069 - CHANGES.o: fix references to curl.haxx.nu
3071 I removed the scheme prefix from the URLs references this host name, as
3072 we don't own/run that anymore but the name is kept for historic reasons.
3074 - HISTORY: add some info about when we used which host names
3076 Jay Satiro (2 Feb 2016)
3077 - [Viktor Szakats brought this change]
3079 URLs: change more http to https
3081 Dan Fandrich (3 Feb 2016)
3082 - URLs: Change more haxx.se URLs from http: to https:
3084 Daniel Stenberg (3 Feb 2016)
3085 - RELEASE-NOTES: synced with 4af40b364
3087 - URLs: change all http:// URLs to https://
3089 - configure: update the copyright year range in output
3091 - dotdot: allow an empty input string too
3093 It isn't used by the code in current conditions but for safety it seems
3094 sensible to at least not crash on such input.
3096 Extended unit test 1395 to verify this too as well as a plain "/" input.
3098 - HTTPS: update a bunch of URLs from HTTP to HTTPS
3100 - [Sergei Nikulov brought this change]
3102 AppVeyor: updated to handle OpenSSL/WinSSL builds
3106 Jay Satiro (1 Feb 2016)
3107 - tool_operate: Don't sanitize --output path (Windows)
3109 Due to path separators being incorrectly sanitized in --output
3110 pathnames, eg -o c:\foo => c__foo
3112 This is a partial revert of 3017d8a until I write a proper fix. The
3113 remote-name will continue to be sanitized, but if the user specified an
3114 --output with string replacement (#1, #2, etc) that data is unsanitized
3115 until I finish a fix.
3117 Bug: https://github.com/bagder/curl/issues/624
3118 Reported-by: Octavio Schroeder
3120 - curl.1: Explain remote-name behavior if file already exists
3122 .. also warn about letting the server pick the filename.
3124 - [Gisle Vanem brought this change]
3126 urldata: Error on missing SSL backend-specific connect info
3128 Daniel Stenberg (28 Jan 2016)
3129 - bump: towards the next (7.47.1 ?)
3131 - [Sergei Nikulov brought this change]
3133 cmake: fixed when OpenSSL enabled on Windows and schannel detected
3137 Jay Satiro (28 Jan 2016)
3138 - [Sergei Nikulov brought this change]
3140 urldata: moved common variable out of ifdef
3142 Closes https://github.com/bagder/curl/pull/618
3144 - [Viktor Szakats brought this change]
3146 tool_doswin: silence unused function warning
3148 tool_doswin.c:185:14: warning: 'msdosify' defined but not used
3151 Closes https://github.com/bagder/curl/pull/616
3153 Daniel Stenberg (27 Jan 2016)
3154 - getredirect.c: fix variable name
3156 Reported-by: Bernard Spil
3158 Version 7.47.0 (27 Jan 2016)
3160 Daniel Stenberg (27 Jan 2016)
3161 - examples/Makefile.inc: specify programs without .c!
3163 - THANKS: 6 new contributors from 7.47.0 release notes
3165 - [Isaac Boukris brought this change]
3167 NTLM: Fix ConnectionExists to compare Proxy credentials
3169 Proxy NTLM authentication should compare credentials when
3170 re-using a connection similar to host authentication, as it
3171 authenticate the connection.
3174 curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
3175 --proxy-ntlm --next -x http://proxy:port http://host/
3176 [-U fake_user:fake_pwd --proxy-ntlm]
3180 Bug: http://curl.haxx.se/docs/adv_20160127A.html
3182 - [Ray Satiro brought this change]
3184 curl: avoid local drive traversal when saving file (Windows)
3186 curl does not sanitize colons in a remote file name that is used as the
3187 local file name. This may lead to a vulnerability on systems where the
3188 colon is a special path character. Currently Windows/DOS is the only OS
3189 where this vulnerability applies.
3193 Bug: http://curl.haxx.se/docs/adv_20160127B.html
3195 - RELEASE-NOTES: 7.47.0
3197 - FAQ: language fix in 4.19
3199 - [paulehoffman brought this change]
3201 FAQ: Update to point to GitHub
3203 Current FAQ didn't make it clear where the main repo is.
3207 - maketgz: generate date stamp with LC_TIME=C
3209 bug: http://curl.haxx.se/mail/lib-2016-01/0123.html
3211 - curl_multi_socket_action.3: line wrap
3213 - RELEASE-NOTES: synced with d58ba66eeceb
3215 Steve Holme (21 Jan 2016)
3216 - TODO: "Create remote directories" for SMB
3218 Jay Satiro (18 Jan 2016)
3219 - mbedtls: Fix pinned key return value on fail
3221 - Switch from verifying a pinned public key in a callback during the
3222 certificate verification to inline after the certificate verification.
3224 The callback method had three problems:
3226 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
3229 2. If peer certificate verification was disabled the pinned key
3230 verification did not take place as it should.
3232 3. (related to #2) If there was no certificate of depth 0 the callback
3233 would not have checked the pinned public key.
3235 Though all those problems could have been fixed it would have made the
3236 code more complex. Instead we now verify inline after the certificate
3237 verification in mbedtls_connect_step2.
3239 Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
3240 Ref: https://github.com/bagder/curl/pull/601
3242 - tests: Add a test for pinnedpubkey fail even when insecure
3244 Because disabling the peer verification (--insecure) must not disable
3245 the public key pinning check (--pinnedpubkey).
3247 - [Daniel Schauenberg brought this change]
3249 CURLINFO_RESPONSE_CODE.3: add example
3251 Kamil Dudka (15 Jan 2016)
3252 - ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
3254 The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
3255 empty strings specially since curl-7_25_0-31-g05a443a but the behavior
3256 was unintentionally removed in curl-7_38_0-47-gfa7d04f.
3258 This commit restores the original behavior and clarifies it in the
3259 documentation that NULL and "" have both the same meaning when passed
3260 to CURLOPT_SSH_PUBLIC_KEYFILE.
3262 Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
3264 Daniel Stenberg (14 Jan 2016)
3265 - RELEASE-NOTES: synced with 35083ca60ed035a
3267 - openssl: improved error detection/reporting
3269 ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
3270 1.1.0+ returned a new func number of another cerfificate fail so this
3271 required a fix and this is the better way to catch this error anyway.
3273 - openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
3275 - CURLOPT_RESOLVE.3: minor language polish
3277 - configure: assume IPv6 works when cross-compiled
3279 The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
3280 works, and testing like that doesn't work for cross-compiles. These days
3281 IPv6 support is widespread so a blind guess is probably more likely to
3282 be 'yes' than 'no' now.
3284 Further: anyone who cross-compiles can use configure's --disable-ipv6 to
3285 explicitly disable IPv6 and that also works for cross-compiles.
3287 Made happen after discussions in issue #594
3289 - TODO: "Try to URL encode given URL"
3293 - ConnectionExists: only do pipelining/multiplexing when asked
3295 When an HTTP/2 upgrade request fails (no protocol switch), it would
3296 previously detect that as still possible to pipeline on (which is
3297 acorrect) and do that when PIPEWAIT was enabled even if pipelining was
3298 not explictily enabled.
3300 It should only pipelined if explicitly asked to.
3304 - [Mohammad AlSaleh brought this change]
3306 lib: Prefix URLs with lower-case protocol names/schemes
3308 Before this patch, if a URL does not start with the protocol
3309 name/scheme, effective URLs would be prefixed with upper-case protocol
3310 names/schemes. This behavior might not be expected by library users or
3313 For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
3314 URL is "hostname/path". The effective URL would be
3315 "HTTPS://hostname/path" instead of "https://hostname/path".
3317 After this patch, effective URLs would be prefixed with a lower-case
3318 protocol name/scheme.
3322 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
3324 - [Alessandro Ghedini brought this change]
3326 scripts: don't generate and install zsh completion when cross-compiling
3328 - [Alessandro Ghedini brought this change]
3330 scripts: fix zsh completion generation
3332 The script should use the just-built curl, not the system one. This fixes
3333 zsh completion generation when no system curl is installed.
3335 - [Alessandro Ghedini brought this change]
3337 zsh.pl: fail if no curl is found
3339 Instead of generation a broken completion file.
3341 - [Michael Kaufmann brought this change]
3343 IDN host names: Remove the port number before converting to ACE
3347 Jay Satiro (10 Jan 2016)
3348 - runtests: Add mbedTLS to the SSL backends
3350 .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.
3352 Daniel Stenberg (10 Jan 2016)
3353 - [Thomas Glanzmann brought this change]
3355 mbedtls: implement CURLOPT_PINNEDPUBLICKEY
3357 Jay Satiro (9 Jan 2016)
3358 - [Tatsuhiro Tsujikawa brought this change]
3360 url: Fix compile error with --enable-werror
3362 - [Tatsuhiro Tsujikawa brought this change]
3364 http2: Ensure that http2_handle_stream_close is called
3366 Previously, when HTTP/2 is enabled and used, and stream has content
3367 length known, Curl_read was not called when there was no bytes left to
3368 read. Because of this, we could not make sure that
3369 http2_handle_stream_close was called for every stream. Since we use
3370 http2_handle_stream_close to emit trailer fields, they were
3371 effectively ignored. This commit changes the code so that Curl_read is
3372 called even if no bytes left to read, to ensure that
3373 http2_handle_stream_close is called for every stream.
3375 Discussed in https://github.com/bagder/curl/pull/564
3377 Daniel Stenberg (8 Jan 2016)
3378 - http2: handle the received SETTINGS frame
3380 This regression landed in 5778e6f5 and made libcurl not act on received
3381 settings and instead stayed with its internal defaults.
3383 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
3386 - Revert "multiplex: allow only once HTTP/2 is actually used"
3388 This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36.
3390 Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
3392 Jay Satiro (8 Jan 2016)
3393 - [Tatsuhiro Tsujikawa brought this change]
3395 http2: Fix PUSH_PROMISE headers being treated as trailers
3397 Discussed in https://github.com/bagder/curl/pull/564
3399 Daniel Stenberg (8 Jan 2016)
3400 - [Michael Kaufmann brought this change]
3402 connection reuse: IDN host names fixed
3404 Use the ACE form of IDN hostnames as key in the connection cache. Add
3409 - tests: mark IPv6 FTP and FTPS tests with the FTP keyword
3411 Jay Satiro (7 Jan 2016)
3412 - mbedtls: Fix ALPN support
3414 - Fix ALPN reply detection.
3416 - Wrap nghttp2 code in ifdef USE_NGHTTP2.
3419 Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
3421 - http2: Fix client write for trailers on stream close
3423 Check that the trailer buffer exists before attempting a client write
3424 for trailers on stream close.
3426 Refer to comments in https://github.com/bagder/curl/pull/564
3428 Daniel Stenberg (7 Jan 2016)
3429 - COPYING: update general copyright year range
3431 - ConnectionExists: add missing newline in infof() call
3433 Mistake from commit a464f33843ee1
3435 - multiplex: allow only once HTTP/2 is actually used
3437 To make sure curl doesn't allow multiplexing before a connection is
3438 upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
3439 connection uses HTTP/2 as well and not only check what's wanted.
3445 Jay Satiro (4 Jan 2016)
3446 - curl_global_init.3: Add Windows-specific info for init via DLL
3448 - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
3449 that initializing libcurl via a DLL's DllMain or static initializer
3450 could cause a deadlock.
3452 Bug: https://github.com/bagder/curl/issues/586
3453 Reported-by: marc-groundctl@users.noreply.github.com
3455 Daniel Stenberg (4 Jan 2016)
3456 - FAQ: clarify who to mail about ECCN clarifications
3458 - progressfunc.c: spellfix description
3460 - docs/examples/multi-app.c: fix bad desc formatting
3462 - examples: added descriptions
3464 - example/simple.c: add description
3466 - getredirect.c: a new example
3468 Marc Hoersken (27 Dec 2015)
3469 - RELEASE-NOTES: add 5e0e81a9c4e35f04ca
3471 Daniel Stenberg (26 Dec 2015)
3472 - RELEASE-NOTES: synced with 2aec4359db1088b10d
3474 Marc Hoersken (26 Dec 2015)
3475 - test 1515: add data check
3477 - test 1515: add MSYS support by passing a relative path
3479 MSYS would otherwise turn a /-style path into a C:\-style path.
3481 - test 539: use datacheck mode text for ASCII-mode LISTings
3483 While still using datacheck mode binary for the inline reply data.
3485 - runtests.pl: check up to 5 data parts with different text modes
3487 Move the text-mode conversion for reply/replycheck from the verify
3488 section into the load section and add support for 4 more check parts.
3490 Daniel Stenberg (24 Dec 2015)
3491 - CURLOPT_RANGE: for HTTP servers, range support is optional
3493 Marc Hoersken (24 Dec 2015)
3494 - tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings
3496 - tests 706 and 707: use datacheck mode text for ASCII-mode LISTings
3498 - tests 400,403,406: use datacheck mode text for ASCII-mode LISTings
3500 - sockfilt.c: fix calculation of sleep timeout on Windows
3502 Not converting to double caused small timeouts to be skipped.
3504 - tests first.c: fix calculation of sleep timeout on Windows
3506 Not converting to double caused small timeouts to be skipped.
3508 - test 573: add more debug output
3510 - ftplistparser.c: fix handling of file LISTings using Windows EOL
3512 Previously file.txt[CR][LF] would have been returned as file.tx
3513 (without the last t) if filetype is symlink. Now the t is
3514 included and the internal item_length includes the zero byte.
3516 Spotted using test 576 on Windows.
3518 - test 16: fix on Linux (and Windows) by using plain ASCII characters
3520 Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.
3522 - tftpd server: add Windows support by writing files in binary mode
3524 - tests 252-255: use datacheck mode text for ASCII-mode LISTings
3526 - test 16: fix on Windows by converting data file from ANSI to UTF-8
3528 Daniel Stenberg (23 Dec 2015)
3529 - Makefile.inc: s/curl_SOURCES/CURL_FILES
3531 This allows the root Makefile.am to include the Makefile.inc without
3532 causing automake to warn on it (variables named *_SOURCES are
3533 magic). curl_SOURCES is then instead assigned properly in
3534 src/Makefile.am only.
3538 - [Anders Bakken brought this change]
3540 ConnectionExists: with *PIPEWAIT, wait for connections
3542 Try harder to prevent libcurl from opening up an additional socket when
3543 CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
3544 handshakes complete first before the decision is made.
3548 - [Anders Bakken brought this change]
3550 Add .dir-locals and set c-basic-offset to 2.
3552 This makes it easier for emacs users to automatically get the right
3553 2-space indentation when they edit curl source files.
3555 c++-mode is in there as well because Emacs can't easily know if
3556 something is a C or C++ header.
3560 - [Johannes Schindelin brought this change]
3562 configure: detect IPv6 support on Windows
3564 This patch was "nicked" from the MINGW-packages project by Daniel.
3566 https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
3567 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
3569 - configure: allow static builds on mingw
3571 This patch is adopted from the MINGW-packages project. It makes it
3572 possible to build curl both shared and static again.
3574 URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl
3576 Marc Hoersken (17 Dec 2015)
3577 - test 1326: fix file check since curl is outputting binary data
3579 - test 1326: fix getting stuck on Windows due to incomplete request
3581 The request needs to be read and send in binary mode in order to use
3582 CRLF instead of LF. Adding --upload-file - causes curl to read stdin
3585 Daniel Stenberg (17 Dec 2015)
3586 - RELEASE-NOTES: command line option recount
3588 Dan Fandrich (16 Dec 2015)
3589 - scripts/Makefile: build zsh script even in an out-of-tree build
3591 Marc Hoersken (16 Dec 2015)
3592 - sockfilt.c: added some debug output to select_ws
3594 - sockfilt.c: keep lines shorter than 80 chars
3596 - sockfilt.c: do not wait on unreliable file or pipe handle
3598 The previous implementation caused issues on modern MSYS2 runtimes.
3600 Daniel Stenberg (16 Dec 2015)
3601 - cyassl: deal with lack of *get_peer_certificate
3603 The function is only present in wolfssl/cyassl if it was built with
3604 --enable-opensslextra. With these checks added, pinning support is disabled
3605 unless the TLS lib has that function available.
3607 Also fix the mistake in configure that checks for the wrong lib name.
3611 - wolfssl: handle builds without SSLv3 support
3613 - [Tatsuhiro Tsujikawa brought this change]
3615 http2: Support trailer fields
3617 This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked
3618 encoding must be used to send trialer fields. HTTP/2 deprecated any
3619 trandfer-encoding, including chunked. But trailer fields are now
3622 Since trailer fields are relatively rare these days (gRPC uses them
3623 extensively though), allocating buffer for trailer fields is done when
3624 we detect that HEADERS frame containing trailer fields is started. We
3625 use Curl_add_buffer_* functions to buffer all trailers, just like we
3626 do for regular header fields. And then deliver them when stream is
3627 closed. We have to be careful here so that all data are delivered to
3628 upper layer before sending trailers to the application.
3630 We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
3631 mechanism, but current method is far more simple.
3633 Another possibility is use chunked encoding internally for HTTP/2
3634 traffic. I have not tested it, but it could add another overhead.
3638 - RELEASE-NOTES: synced with 6c2c019654e658a
3640 Jay Satiro (15 Dec 2015)
3641 - x509asn1: Fix host altname verification
3643 - In Curl_verifyhost check all altnames in the certificate.
3645 Prior to this change only the first altname was checked. Only the GSKit
3646 SSL backend was affected by this bug.
3648 Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
3649 Reported-by: John Kohl
3651 Daniel Stenberg (15 Dec 2015)
3652 - curl --expect100-timeout: added
3654 This is the new command line option to set the value for the existing
3655 libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
3657 - cyassl: fix compiler warning on type conversion
3659 - curlver: the pending release will become 7.47.0
3661 - [Anders Bakken brought this change]
3663 setstropt: const-correctness
3667 - ROADMAP: implemented HTTP2 for HTTPS-only
3669 - HTTP2.md: spell fix and remove TODO now implemented
3671 - libressl: the latest openssl x509 funcs are not in libressl
3673 - curl: use 2TLS by default
3675 Make this the default for the curl tool (if built with HTTP/2 powers
3676 enabled) unless a specific HTTP version is requested on the command
3679 This should allow more users to get HTTP/2 powers without having to
3682 - http: add libcurl option to allow HTTP/2 for HTTPS only
3684 ... and stick to 1.1 for HTTP. This is in line with what browsers do and
3685 should have very little risk.
3687 - openssl: adapt to openssl >= 1.1.0 X509 opaque structs
3691 - openssl: avoid BIO_reset() warnings since it returns a value
3693 - openssl: adapt to 1.1.0+ name changes
3695 - scripts/makefile: add standard header
3697 - scripts/Makefile: fix GNUism and survive no perl
3701 Reported-by: Thomas Klausner
3703 - fix b6d5cb40d7038fe
3705 - [Tatsuhiro Tsujikawa brought this change]
3707 http2: Fix hanging paused stream
3709 When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
3710 might not process DATA frame fully. Calling nghttp2_session_mem_recv()
3711 again will continue to process DATA frame, but if there is no incoming
3712 frames, then we have to call it again with 0-length data. Without this,
3713 on_stream_close callback will not be called, and stream could be hanged.
3715 Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
3716 Reported-by: Francisco Moraes
3718 - [Christian Stewart brought this change]
3720 build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
3722 With curl disable verbose strings in http.c the compilation fails due to
3723 the data variable being undefined later on in the function.
3727 Jay Satiro (7 Dec 2015)
3728 - [Gisle Vanem brought this change]
3730 config-win32: Fix warning HAVE_WINSOCK2_H undefined
3732 - [Gisle Vanem brought this change]
3734 openssl: BoringSSL doesn't have CONF_modules_free
3736 - [Gisle Vanem brought this change]
3738 lwip: Fix compatibility issues with later versions
3740 The name of the header guard in lwIP's <lwip/opt.h> has changed from
3741 '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).
3745 - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
3748 - In memdebug.h, the 'socket' should be undefined first due to lwIP's
3749 lwip_socket() macro.
3751 - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
3752 special handling because they were undef'ed in memdebug.h.
3754 - In select.c we can't use preprocessor conditionals inside select if
3755 MSVC and select is a macro, as it is with lwIP.
3757 http://curl.haxx.se/mail/lib-2015-12/0023.html
3758 http://curl.haxx.se/mail/lib-2015-12/0024.html
3760 Patrick Monnerat (7 Dec 2015)
3761 - os400: define CURL_VERSION_PSL in ILE/RPG binding
3763 Jay Satiro (7 Dec 2015)
3764 - [Gisle Vanem brought this change]
3766 version: Add flag CURL_VERSION_PSL for libpsl
3768 - formdata: Check if length is too large for memory
3770 - If the size of the length type (curl_off_t) is greater than the size
3771 of the size_t type then check before allocating memory to make sure the
3772 value of length will fit in a size_t without overflow. If it doesn't
3773 then return CURLE_BAD_FUNCTION_ARGUMENT.
3775 Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
3776 Reported-by: Steve Holme
3778 Steve Holme (3 Dec 2015)
3779 - tests: Corrected copy and pasted comments from commit e643c5c908
3781 Daniel Stenberg (3 Dec 2015)
3782 - curl: remove keepalive #ifdef checks done on libcurl's behalf
3784 They didn't match the ifdef logic used within libcurl anyway so they
3785 could indeed warn for the wrong case - plus the tool cannot know how the
3786 lib actually performs at that level.
3788 Steve Holme (2 Dec 2015)
3789 - test947: Corrected typo in test name
3791 - tests: Disable the OAUTHBEARER tests when using a non-default port number
3793 Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail
3794 if a custom port number is specified via the -b option of runtests.pl.
3796 Suggested by: Kamil Dudka
3797 Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html
3799 Daniel Stenberg (2 Dec 2015)
3800 - bump: towards next release
3802 for all we know now, it might be called 7.46.1
3804 Version 7.46.0 (1 Dec 2015)
3806 Daniel Stenberg (1 Dec 2015)
3807 - RELEASE-NOTES: updated contributor count for 7.46.0
3809 - THANKS: new contributors from the 7.46.0 release
3811 - THANKS-filter: single Tim Rühsen spelling
3813 - docs/examples: gitignore some more built examples
3815 - RELEASE-NOTES; this bug was never released
3817 - RELEASE-NOTES: synced with e55f15454efacb0
3819 - [Flavio Medeiros brought this change]
3821 Curl_read_plain: clean up ifdefs that break statements
3825 - http2: convert some verbose output into debug-only output
3827 - http2 push: add missing inits of new stream
3829 - set the correct stream_id for pushed streams
3830 - init maxdownload and size properly
3832 - http2 push: set weight for new stream
3834 give the new stream the old one's stream_weight internally to avoid
3835 sending a PRIORITY frame unless asked for it
3837 - curl_setup.h: undef freeaddrinfo in c-ares block to fix build
3839 Fixes warnings 78c25c854a added.
3841 - nonblock: fix setting non-blocking mode for Amiga
3843 IoctlSocket() apparently wants a pointer to a long, passed as a char *
3844 in its third parameter. This bug was introduced already back in commit
3845 c5fdeef41d from October 1 2001!
3847 Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
3848 Reported-by: Norbert Kett
3850 - zsh install: fix DESTDIR support
3852 Reported-by: Mohammad AlSaleh
3854 Dan Fandrich (27 Nov 2015)
3855 - lib: Only define curl_dofreeaddrinfo if struct addrinfo is available
3857 Steve Holme (27 Nov 2015)
3858 - tool_paramhlp: Fixed display of URL index in password prompt for --next
3860 Commit f3bae6ed73 added the URL index to the password prompt when using
3861 --next. Unfortunately, because the size_t specifier (%zu) is not
3862 supported by all sprintf() implementations we use the curl_off_t format
3863 specifier instead. The display of an incorrect value arises on platforms
3864 where size_t and curl_off_t are of a different size.
3866 Daniel Stenberg (25 Nov 2015)
3867 - timecond: do not add if-modified-since without timecondition
3869 The RTSP code path didn't skip adding the if-modified-since for certain
3870 RTSP code paths, even if CURLOPT_TIMECONDITION was set to
3873 Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
3874 CURL_TIMECOND_IFMODSINCE.
3876 Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
3878 - RELEASE-NOTES: synced with 99d17a5e2ba77e58
3880 - examples/README: cut out the incomplete list
3882 ... and add a generic explanation for them instead. Each example file
3883 should contain its own description these days.
3885 - test1513: make sure the callback is only called once
3887 - [Daniel Shahaf brought this change]
3889 build: Install zsh completion
3894 - done: make sure the final progress update is made
3896 It would previously be skipped if an existing error was returned, but
3897 would lead to a previous value being left there and later used.
3898 CURLINFO_TOTAL_TIME for example.
3900 Still it avoids that final progress update if we reached DONE as the
3901 result of a callback abort to avoid another callback to be called after
3902 an abort-by-callback.
3904 Reported-by: Lukas Ruzicka
3908 - curl: expanded the -XHEAD warning text
3910 ... to also mention the specific options used.
3912 - Revert "cleanup: general removal of TODO (and similar) comments"
3914 This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
3916 Feedback-by: Dan Fandrich
3917 URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
3919 - CURLOPT_HEADERFUNCTION.3: fix typo
3921 Refer to _HEADERDATA not _WRITEDATA.
3923 Reported-by: Michał Piechowski
3925 - TODO: TCP Fast Open
3927 Steve Holme (22 Nov 2015)
3928 - examples: Added website parse-able descriptions to the e-mail examples
3930 - TODO: Added another 'multi-interface' idea
3932 - smb.c: Fixed compilation warnings
3934 smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
3936 smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
3937 unsigned int' may alter its value
3938 smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
3939 unsigned int' may alter its value
3941 - schannel: Corrected copy/paste error in commit 8d17117683
3943 - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
3945 Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
3947 - examples: Fixed compilation warnings
3949 pop3-multi.c:96:5: warning: implicit declaration of function 'memset'
3950 imap-multi.c:96:5: warning: implicit declaration of function 'memset'
3951 http2-download.c:226:5: warning: implicit declaration of function 'memset'
3952 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
3953 http2-upload.c:290:5: warning: implicit declaration of function 'memset'
3955 - Makefile.inc: Fixed test run error
3957 test845 not present in tests/data/Makefile.inc
3959 Daniel Stenberg (20 Nov 2015)
3960 - TODO: remove duplicated title
3962 - TODO: added two more libcurl ideas
3964 Moved some ideas from "next major" to just ordinary ideas since we can
3965 always add new things while keeping the old without doing a "next
3968 Steve Holme (20 Nov 2015)
3969 - tests: Re-enabled tests 889 and 890 following POP3 fix
3971 - pop3: Differentiate between success and continuation responses
3973 - pop3: Added clarity on some server response codes
3975 Daniel Stenberg (20 Nov 2015)
3976 - [Daniel Shahaf brought this change]
3978 build: Fix theoretical infinite loops
3980 Add error-checking to 'cd' in a few cases where omitting the checks
3981 might result in an infinite loop.
3985 Patrick Monnerat (19 Nov 2015)
3986 - curl.h: s/#defien/#define/
3988 - os400: synchronize ILE/RPG header file
3990 - os400: Provide options for libssh2 use in compile scripts. Adjust README.
3992 Daniel Stenberg (19 Nov 2015)
3993 - [danielsh@apache.org brought this change]
3995 zsh completion: Preserve single quotes in output
3997 When an option's help string contains literal single quotes, those
3998 single quotes would be stripped from the option's description in the
3999 completion output (unless the zsh RC_QUOTES option were set while the
4000 completion function was being sourced, which is not the default). This
4001 patch makes the completion output contain single quotes where the --help
4006 Jay Satiro (18 Nov 2015)
4007 - [MaxGiting brought this change]
4009 FAQ: Grammar changes
4011 Closes https://github.com/bagder/curl/pull/533
4013 Daniel Stenberg (17 Nov 2015)
4014 - http2: http_done: don't free already-freed push headers
4016 The push headers are freed after the push callback has been invoked,
4017 meaning this code should only free the headers if the callback was never
4018 invoked and thus the headers weren't freed at that time.
4020 Reported-by: Davey Shafik
4022 - [Anders Bakken brought this change]
4024 getconnectinfo: Don't call recv(2) if socket == -1
4028 - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
4030 ... if there are more than one using the same name
4032 - http2: minor comment typo
4034 - sasl; fix checksrc warnings
4036 Steve Holme (15 Nov 2015)
4037 - RELEASE-NOTES: Adjusted for the recent OAuth 2.0 activity
4039 - tests: Disabled 889 and 890 until we support POP3 continuation responses
4041 As POP3 final and continuation responses both begin with a + character,
4042 and both the finalcode and contcode variables in SASLprotoc are set as
4043 such, we cannot tell the difference between them when we are expecting
4044 an optional continuation from the server such as the following:
4046 + something else from the server
4049 Disabled these tests until such a time we can tell the responses apart.
4051 - tests: Corrected typos from commit ba4d8f7eba
4053 - tests: Added OAUTHBEARER failure response tests
4055 - oauth2: Support OAUTHBEARER failures sent as continuation responses
4057 According to RFC7628 a failure message may be sent by the server in a
4058 base64 encoded JSON string as a continuation response.
4060 Currently only implemented for OAUTHBEARER and not XAUTH2.
4062 Daniel Stenberg (15 Nov 2015)
4063 - RELEASE-NOTES: synced with 808a17ee675
4065 Steve Holme (14 Nov 2015)
4066 - tests: Renamed existing OAuth 2.0 (XOAUTH) tests
4068 - tests: Added OAuth 2.0 (OAUTHBEARER) tests
4070 - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
4072 OAUTHBEARER is now the official "registered" SASL mechanism name for
4073 OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
4074 servers won't support the new mechanism yet.
4076 Daniel Stenberg (13 Nov 2015)
4077 - RELEASE-NOTES: recounted curl_easy_setopt() options
4079 - typecheck-gcc.h: add missing slist-using options
4081 CURLOPT_RESOLVE and CURLOPT_PROXYHEADER were missing
4083 Also sorted the list.
4085 - typecheck-gcc.h: added CURLOPT_CLOSESOCKETDATA
4087 ... and sorted curl_is_cb_data_option alphabetically
4089 Jay Satiro (13 Nov 2015)
4090 - [Sebastian Pohlschmidt brought this change]
4092 openssl: Free modules on cleanup
4094 Curl_ossl_init calls OPENSSL_load_builtin_modules() but
4095 Curl_ossl_cleanup doesn't make a call to free these modules.
4097 Bug: https://github.com/bagder/curl/issues/526
4099 Steve Holme (13 Nov 2015)
4100 - symbols-in-versions: Added new CURLOPTTYPE_STRINGPOINT alias
4102 ...following commit aba281e762 to fix test 1119.
4104 Daniel Stenberg (13 Nov 2015)
4105 - curl: mark two more options strings for --libcurl output
4107 - typecheck-gcc.h: add some missing string types
4109 Also sorted that list alphabetically
4111 - curl.h: introducing the STRINGPOINT alias
4113 As an alias for OBJECTPOINT. Provided to allow us to grep for all string
4116 - cleanup: general removal of TODO (and similar) comments
4118 They tend to never get updated anyway so they're frequently inaccurate
4119 and we never go back to revisit them anyway. We document issues to work
4120 on properly in KNOWN_BUGS and TODO instead.
4122 - ftplistparser: remove empty function
4124 - openssl: remove #if check for 0.9.7 for ENGINE_load_private_key
4126 - openssl: all supported versions have X509_STORE_set_flags
4128 Simplify by removing #ifdefs and macros
4130 - openssl: remove 0.9.3 check
4132 - openssl: remove #ifdefs for < 0.9.5 support
4134 We only support >= 0.9.7
4136 - lib/vtls/openssl: remove unused traces of yassl ifdefs
4138 Dan Fandrich (12 Nov 2015)
4139 - [dfandrich brought this change]
4141 unit1603: Demote hash mismatch failure to a warning
4143 The hashes can vary between architectures (e.g. Sparc differs from x86_64).
4144 This is not a fatal problem but just reduces the coverage of these white-box
4145 tests, as the assumptions about into which hash bucket each key falls are no
4148 - [dfandrich brought this change]
4150 unit1603: Added unit tests for hash functions
4152 - [dfandrich brought this change]
4154 unit1602: Fixed failure in torture test
4156 Steve Holme (12 Nov 2015)
4157 - sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism
4159 Following the fix in commit d6d58dd558 it is necessary to re-introduce
4160 XOAUTH2 in the default enabled authentication mechanism, which was
4161 removed in commit 7b2012f262, otherwise users will have to specify
4162 AUTH=XOAUTH2 in the URL.
4164 Note: OAuth 2.0 will only be used when the bearer is specified.
4166 - [Stefan Bühler brought this change]
4168 sasl_sspi: fix identity memory leak in digest authentication
4170 - [Stefan Bühler brought this change]
4172 sasl_sspi: fixed unicode build for digest authentication
4176 - oauth2: Re-factored OAuth 2.0 state variable
4178 - sasl: Don't choose OAuth 2.0 if mechanism not advertised
4180 Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
4181 specified but the SASL mechanism wasn't supported by the server then
4182 the mechanism would be chosen.
4184 Daniel Stenberg (12 Nov 2015)
4185 - runtests: more compact "System characteristics" output
4187 - no point in repeating curl features that is already listed as features
4188 from the curl -V output
4190 - remove the port numbers/unix domain path from the output unless
4191 verbose is used, as that is rarely interesting to users.
4193 - runtests: rename conditional curl-features to $has_[name]
4195 Steve Holme (11 Nov 2015)
4196 - oauth2: Introduced support for host and port details
4198 Added support to the OAuth 2.0 message function for host and port, in
4199 order to accommodate the official OAUTHBEARER SASL mechanism which is
4200 to be added shortly.
4202 - curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined
4204 - cmake: Add missing feature macros in config header (Part 2)
4206 In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
4208 Daniel Stenberg (10 Nov 2015)
4209 - [Douglas Creager brought this change]
4211 cmake: Add missing feature macros in config header
4213 The curl_config.h file can be generated either from curl_config.h.cmake
4214 or curl_config.h.in, depending on whether you're building using CMake or
4215 the autotools. The CMake template header doesn't include entries for
4216 all of the protocols that you can disable, which (I think) means that
4217 you can't actually disable those protocols when building via CMake.
4221 - [Douglas Creager brought this change]
4223 BoringSSL: Work with stricter BIO_get_mem_data()
4225 BoringSSL implements `BIO_get_mem_data` as a function, instead of a
4226 macro, and expects the output pointer to be a `char **`. We have to add
4227 an explicit cast to grab the pointer as a `const char **`.
4231 - http2: rectify the http2 version #if check
4233 We need 1.0.0 or later. Also verified by configure.
4235 Steve Holme (9 Nov 2015)
4236 - oauth2: Don't use XAUTH2 in OAuth 2.0 function name
4238 - oauth2: Don't use XOAUTH2 in OAuth 2.0 variables
4240 - oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
4242 When referring to OAuth 2.0 we should use the official name rather the
4243 SASL mechanism name.
4245 Daniel Stenberg (9 Nov 2015)
4246 - imap: avoid freeing constant string
4248 The fix in 1a614c6c3 was wrong and would leed to free() of a fixed
4251 Pointed-out-by: Kamil Dudka
4253 - ROADMAP: remove two items already done
4255 - RELEASE-NOTES: synced with 2200bf62054
4257 Jay Satiro (9 Nov 2015)
4258 - acinclude: Remove check for 16-bit curl_off_t
4260 Because it's illogical to check for a 16-bit curl_off_t.
4262 Ref: https://github.com/bagder/curl/issues/425#issuecomment-154964205
4264 Dan Fandrich (8 Nov 2015)
4265 - tool: Fixed a memory leak on OOM introduced in 19cb0c4a
4267 Steve Holme (8 Nov 2015)
4268 - [Justin Ehlert brought this change]
4270 imap: Don't check for continuation when executing a CUSTOMREQUEST
4272 Bug: https://github.com/bagder/curl/issues/486
4273 Closes https://github.com/bagder/curl/pull/487
4275 Daniel Stenberg (7 Nov 2015)
4276 - imap: checksrc: remove space after while before paren
4278 - checksrc.whitelist: "missing space after close paren"
4280 ... when it was within a string!
4282 Steve Holme (7 Nov 2015)
4283 - opts: Corrected TLS protocols list to include POP3S rather than POP3
4285 - imap: Quote other 'atom-specials' and not just the space character
4289 - imap: Fixed double quote in LIST command when mailbox contains spaces
4291 Daniel Stenberg (6 Nov 2015)
4292 - imap: fix compiler warning
4294 imap.c:657:13: error: assignment discards 'const' qualifier from pointer
4295 target type [-Werror=discarded-qualifiers]
4297 Steve Holme (6 Nov 2015)
4298 - imap: Don't call imap_atom() when no mailbox specified in LIST command
4300 Daniel Stenberg (6 Nov 2015)
4301 - curl.1: remove the overlap --range example
4303 ... it is just weird to include by default even if it still works.
4305 - tftp tests: verify sent options too
4307 The tftpd test server now logs all received options and thus all TFTP
4308 test cases need to match them exactly.
4310 Extended test 283 to use and verify --tftp-blksize.
4312 Jay Satiro (6 Nov 2015)
4313 - getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
4315 - Set user info param to the socket returned by Curl_getconnectinfo,
4316 regardless of if the socket is bad. Effectively this means the user info
4317 param now will receive CURL_SOCKET_BAD instead of -1 on bad socket.
4319 - Remove incorrect comments.
4321 CURLINFO_ACTIVESOCKET is documented to write CURL_SOCKET_BAD to user
4322 info param but prior to this change it wrote -1.
4324 Bug: https://github.com/bagder/curl/pull/518
4325 Reported-by: Marcel Raad
4327 Patrick Monnerat (5 Nov 2015)
4328 - curl_ntlm_core: fix 2 curl_off_t constant overflows.
4330 - os400: adjust specific code to support new options.
4332 Daniel Stenberg (2 Nov 2015)
4333 - [Lauri Kasanen brought this change]
4335 rawstr: Speed up Curl_raw_toupper by 40%
4337 Rationale: when starting up a curl-using app, all cookies from the jar
4338 are checked against each other. This was causing a startup delay in the
4343 Signed-off-by: Lauri Kasanen <cand@gmx.com>
4345 - http redirects: %-encode bytes outside of ascii range
4347 Apparently there are sites out there that do redirects to URLs they
4348 provide in plain UTF-8 or similar. Browsers and wget %-encode such
4349 headers when doing a subsequent request. Now libcurl does too.
4351 Added test 1138 to verify.
4355 - RELEASE-NOTES: synced with cba5bc585410
4357 - symbols-in-version: add all CURL_HTTPPOST_* symbols
4359 - formadd: support >2GB files on windows
4363 - curl.h: s/HTTPPOST_/CURL_HTTPOST_
4365 Fixes a name space pollution at the cost of programs using one of these
4366 defines will no longer compile. However, the vast majority of libcurl
4367 programs that do multipart formposts use curl_formadd() to build this
4372 - mbedtls: fix "Structurally dead code"
4376 - mbedtls: fix "Logically dead code"
4380 - Revert "openssl: engine: remove double-free"
4382 This reverts commit 370ee919b37cc9a46c36428b2bb1527eae5db2bd.
4384 Issue #509 has all the details but it was confirmed that the crash was
4385 not due to this, so the previous commit was wrong.
4387 - curl.1: -E: s/private certificate/client certificate
4389 ... as the certificate is strictly speaking not private.
4391 Reported-by: John Levon
4393 - openssl: engine: remove double-free
4395 After a successful call to SSL_CTX_use_PrivateKey(), we must not call
4396 EVP_PKEY_free() on the key.
4401 Jay Satiro (27 Oct 2015)
4402 - socks: Fix incorrect port numbers in failed connect messages
4404 Daniel Stenberg (26 Oct 2015)
4405 - DISTRO-DILEMMA: removed
4407 Out of date and not kept accurate. It was sort of a problem of the past
4410 - [xiangbin li brought this change]
4412 MacOSX-Framework: sdk regex fix for sdk 10.10 and later
4416 Jay Satiro (24 Oct 2015)
4417 - build: Fix support for PKG_CONFIG
4419 - Allow the user to use PKG_CONFIG but not PKGCONFIG.
4423 Last week in 14d5a86 a change was made to allow the user to set the
4424 PKGCONFIG variable. Today in 72d99f2 I supplemented that to allow the
4425 more common PKG_CONFIG as an alternative if PKGCONFIG is not set.
4427 Neither of those changes worked as expected because PKGCONFIG is
4428 occasionally reset in configure and by the CURL_CHECK_PKGCONFIG macro.
4429 Instead in this commit I take the approach that the user may set
4432 - build: Fix mingw ssl gdi32 order
4434 - If mingw ssl make sure -lgdi32 comes after ssl libs
4436 - Allow PKG_CONFIG to set pkg-config location and options
4438 Bug: https://github.com/bagder/curl/pull/501
4439 Reported-by: Kang Lin
4441 Daniel Stenberg (23 Oct 2015)
4442 - RELEASE-NOTES: synced with 03b6e078163f
4444 - polarssl/mbedtls: fix name space pollution
4446 Global private symbols MUST start with Curl_!
4448 - [Dmitry S. Baikov brought this change]
4450 mbedTLS: THREADING_SUPPORT compilation fix
4454 - test1137: verify --ignore-content-length for FTP
4456 - curl.1: --ignore-content-length now works for FTP too
4458 - [Kurt Fankhauser brought this change]
4460 ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
4462 This allows FTP transfers with growing (or shrinking) files without
4463 causing a transfer error.
4467 - CURLOPT_STREAM_WEIGHT.3: call argument 'weight' too
4469 ... and add a little example of what the weight actually means. "Relative
4470 proportion of bandwidth".
4472 - http2: add stream options to dist and curl_easy_setopt.3
4474 - http2: s/priority/weight
4476 - http2: on_frame_recv: trust the conn/data input
4478 Removed wrong assert()s
4480 The 'conn' passed in as userdata can be used and there can be other
4481 sessionhandles ('data') than the single one this checked for.
4483 - http2: added three stream prio/deps options
4485 CURLOPT_STREAM_DEPENDS
4487 CURLOPT_STREAM_DEPENDS_E
4489 CURLOPT_STREAM_PRIORITY
4491 - RELEASE-NOTES: synced with ace68fdc0cfed83d
4493 - [m-gardet brought this change]
4495 mbedtls:new profile with RSA min key len = 1024.
4499 - checksrc: add crude // detection
4501 Jay Satiro (21 Oct 2015)
4502 - [Gisle Vanem brought this change]
4504 build: fix for MSDOS/djgpp
4506 - Add a VPATH-statement for the vtls/*.c files.
4508 - Due to 'vtls/*.c', remove that subdir part from $(OBJECTS).
4510 Daniel Stenberg (20 Oct 2015)
4511 - copyrights: update Gisle Vanem's email
4513 - vtls: fix compiler warning for TLS backends without sha256
4515 ... noticed with mbedTLS.
4517 - [Jonas Minnberg brought this change]
4519 vtls: added support for mbedTLS
4523 Jay Satiro (19 Oct 2015)
4524 - [Javier G. Sogo brought this change]
4526 cmake: Fix for add_subdirectory(curl) use-case
4528 - Use CURL_BINARY_DIR instead of CMAKE_BINARY_DIR.
4530 When including CURL using add_subdirectory the variables
4531 CMAKE_BINARY_DIR and CURL_BINARY_DIR hold different paths.
4533 Closes https://github.com/bagder/curl/pull/488
4534 Closes https://github.com/bagder/curl/pull/498
4536 Daniel Stenberg (18 Oct 2015)
4537 - RELEASE-NOTES: synced with 4c773bcb474e
4539 - tests/FILEFORMAT: mention PSL as a valid feture to check for
4541 For example in test 1136
4543 - teste1136: only run when PSL is enabled
4545 - curl: slist_wc: remove curl_memory.h inclusion
4547 ... that's for the library only.
4549 - configure: add PSL to the list of features
4551 ... to make test 1014 work again after e77b5b7453.
4553 - [Daniel Hwang brought this change]
4555 tool: Generate easysrc with last cache linked-list
4557 Using a last cache linked-list improves the performance of easysrc
4560 Bug: https://github.com/bagder/curl/issues/444
4561 Ref: https://github.com/bagder/curl/issues/429
4565 - [Tim Rühsen brought this change]
4567 cookies: Add support for Mozilla's Publix Suffix List
4569 Use libpsl to check the domain value of Set-Cookie headers (and cookie
4570 jar entries) for not being a Publix Suffix.
4572 The configure script checks for "libpsl" by default. Disable the check
4573 with --without-libpsl.
4575 Ref: https://publicsuffix.org/
4576 Ref: https://github.com/publicsuffix/list
4577 Ref: https://github.com/rockdaboot/libpsl
4579 - [Richard Hosking brought this change]
4581 curlbuild.h: Fix non-configure compiling to mips and sh4 targets
4583 - [Anders Bakken brought this change]
4585 http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
4587 bug introduced by 18691642931e5c7ac8af83ac3a84fbcb36000f96.
4591 Dan Fandrich (16 Oct 2015)
4592 - test1601: fix compilation with --enable-debug and --disable-crypto-auth
4594 Daniel Stenberg (16 Oct 2015)
4595 - multi: fix off-by-one finit[] array size
4597 introduced in c6aedf680f6. It needs to be CURLM_STATE_LAST big since it
4598 must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST
4601 Reported-by: Dan Fandrich
4602 Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html
4604 - fread_func: move callback pointer from set to state struct
4606 ... and assign it from the set.fread_func_set pointer in the
4607 Curl_init_CONNECT function. This A) avoids that we have code that
4608 assigns fields in the 'set' struct (which we always knew was bad) and
4609 more importantly B) it makes it impossibly to accidentally leave the
4610 wrong value for when the handle is re-used etc.
4612 Introducing a state-init functionality in multi.c, so that we can set a
4613 specific function to get called when we enter a state. The
4614 Curl_init_CONNECT is thus called when switching to the CONNECT state.
4616 Bug: https://github.com/bagder/curl/issues/346
4620 Dan Fandrich (14 Oct 2015)
4621 - test1531: case the size to fix the test on non-largefile builds
4623 Daniel Stenberg (13 Oct 2015)
4624 - acinclude: remove PKGCONFIG override
4626 ... and allow it to get set by a caller easier.
4628 Reported-by: Rainer Jung
4629 Bug: http://curl.haxx.se/mail/lib-2015-10/0035.html
4631 Dan Fandrich (12 Oct 2015)
4632 - docs/INSTALL: Updated example minimal binary sizes
4634 Daniel Stenberg (11 Oct 2015)
4635 - [Erik Johansson brought this change]
4637 openssl: Fix set up of pkcs12 certificate verification chain
4639 sk_X509_pop will decrease the size of the stack which means that the loop would
4640 end after having added only half of the certificates.
4642 Also make sure that the X509 certificate is freed in case
4643 SSL_CTX_add_extra_chain_cert fails.
4645 - ntlm: error out without 64bit support as the code needs it
4647 It makes it a clearer message for developers reaching that point without
4648 the necessary support.
4650 Thanks-by: Jay Satiro
4654 - curl_global_init: set the memory function pointers correct
4656 follow-up from 6f8ecea0
4658 - curl_global_init_mem: set function pointers before doing init
4660 ... as in the polarssl TLS backend for example it uses memory functions.
4662 Jay Satiro (9 Oct 2015)
4663 - http2: Fix http2_recv to return -1 if recv returned -1
4665 If the underlying recv called by http2_recv returns -1 then that is the
4666 value http2_recv returns to the caller.
4668 Daniel Stenberg (8 Oct 2015)
4669 - [Svyatoslav Mishyn brought this change]
4671 curl_easy_recv.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
4675 - [Svyatoslav Mishyn brought this change]
4677 curl_easy_send.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
4679 - [Svyatoslav Mishyn brought this change]
4681 CURLOPT_CONNECT_ONLY.3: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
4683 - CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
4685 - ntlm: get rid of unconditional use of long long
4687 ... since some compilers don't have it and instead use other types, such
4690 Reported by: gkinseyhpw
4693 Jay Satiro (8 Oct 2015)
4694 - [Anders Bakken brought this change]
4696 des: Fix header conditional for Curl_des_set_odd_parity
4698 Follow up to 613e502.
4700 Daniel Stenberg (7 Oct 2015)
4701 - configure: build silently by default
4703 'make V=1' will make the build verbose like before
4705 - bump: start climbing toward 7.46.0
4707 - RELEASE-PROCEDURE: add the github HTTPS download step
4709 Version 7.45.0 (7 Oct 2015)
4711 Daniel Stenberg (7 Oct 2015)
4712 - THANKS: 19 new contributors from the 7.45.0 announcement
4714 - RELEASE-NOTES: synced with 69ea57970080
4716 Jay Satiro (4 Oct 2015)
4717 - getinfo: Fix return code for unknown CURLINFO options
4719 - If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION.
4721 Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on
4722 unknown. That return value is contradicted by the CURLINFO option
4723 documentation which specifies a return of CURLE_UNKNOWN_OPTION on
4726 - [rouzier brought this change]
4728 hiperfifo: fix the pointer passed to WRITEDATA
4730 Closes https://github.com/bagder/curl/pull/471
4732 - [Maksim Stsepanenka brought this change]
4734 tool_setopt: fix c_escape truncated octal
4736 Closes https://github.com/bagder/curl/pull/469
4738 Daniel Stenberg (1 Oct 2015)
4739 - [Orange Tsai brought this change]
4741 gopher: don't send NUL byte
4745 Jay Satiro (29 Sep 2015)
4746 - runtests: Fix pid check in checkdied
4748 Because the 'not' operator has a very low precedence and as a result the
4749 entire statement was erroneously negated and could never be true.
4751 Daniel Stenberg (30 Sep 2015)
4752 - [Thorsten Schöning brought this change]
4754 win32: make recent Borland compilers use long long
4756 - RELEASE-NOTES: synced with 69b89050d4
4758 Jay Satiro (28 Sep 2015)
4759 - [Michael Kalinin brought this change]
4761 openssl: Fix algorithm init
4763 - Change algorithm init to happen after OpenSSL config load.
4765 Additional algorithms may be available due to the user's config so we
4766 initialize the algorithms after the user's config is loaded.
4768 Bug: https://github.com/bagder/curl/issues/447
4769 Reported-by: Denis Feklushkin
4771 - [Svyatoslav Mishyn brought this change]
4773 docs: fix unescaped '\n' in man pages
4775 Closes https://github.com/bagder/curl/pull/459
4777 Daniel Stenberg (27 Sep 2015)
4778 - http2: set TCP_NODELAY unconditionally
4780 For a single-stream download from localhost, we managed to increase
4781 transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of
4784 - http2: avoid superfluous Curl_expire() calls
4786 ... only call it when there is data arriving for another handle than the
4787 one that is currently driving it.
4789 Improves single-stream download performance quite a lot.
4791 Thanks-to: Tatsuhiro Tsujikawa
4792 Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html
4794 - readwrite_data: set a max number of loops
4796 ... as otherwise a really fast pipe can "lock" one transfer for some
4797 protocols, like with HTTP/2.
4799 - [Sergei Nikulov brought this change]
4801 CI: Added AppVeyor-CI for curl
4805 - FTP: fix uploading ASCII with unknown size
4807 ... don't try to increase the supposed file size on newlines if we don't
4808 know what file size it is!
4812 - [Tatsuhiro Tsujikawa brought this change]
4814 build: fix failures with -Wcast-align and -Werror
4818 - [Tatsuhiro Tsujikawa brought this change]
4820 curl-confopts.m4: Add missing ')'
4822 ... for CURL_CHECK_OPTION_RT
4826 Jay Satiro (25 Sep 2015)
4827 - curl_easy_getinfo.3: Add brief description for each CURLINFO
4829 Daniel Stenberg (23 Sep 2015)
4830 - [Jakub Zakrzewski brought this change]
4832 CMake: Ensure discovered include dirs are considered
4834 ...during header checks. Otherwise some following header tests
4839 - [Jakub Zakrzewski brought this change]
4841 CMake: Put "winsock2.h" before "windows.h" during configure checks
4843 "windows.h" includes "winsock.h" what causes many redefinition errors
4844 if "winsock2.h" is included afterwards and can cause build to fail.
4846 - tests: disable 1510 due to CI-problems on github
4848 - [Mike Crowe brought this change]
4850 gnutls: Report actual GnuTLS error message for certificate errors
4852 If GnuTLS fails to read the certificate then include whatever reason it
4853 provides in the failure message reported to the client.
4855 Signed-off-by: Mike Crowe <mac@mcrowe.com>
4857 - RELEASE-NOTES: synced with 6b56901b56e
4859 - [Mike Crowe brought this change]
4861 gnutls: Support CURLOPT_KEYPASSWD
4863 The gnutls vtls back-end was previously ignoring any password set via
4864 CURLOPT_KEYPASSWD. Presumably this was because
4865 gnutls_certificate_set_x509_key_file did not support encrypted keys.
4867 gnutls now has a gnutls_certificate_set_x509_key_file2 function that
4868 does support encrypted keys. Let's determine at compile time whether the
4869 available gnutls supports this new function. If it does then use it to
4870 pass the password. If it does not then emit a helpful diagnostic if a
4871 password is set. This is preferable to the previous behaviour of just
4872 failing to read the certificate without giving a reason in that case.
4874 Signed-off-by: Mike Crowe <mac@mcrowe.com>
4876 - CURLINFO_TLS_SESSION: always return backend info
4878 ... even for those that don't support providing anything in the
4879 'internals' struct member since it offers a convenient way for
4880 applications to figure this out.
4882 - [Daniel Hwang brought this change]
4884 tool: remove redundant libcurl check
4886 The easysrc generation is run only when --libcurl is initialized.
4888 Ref: https://github.com/bagder/curl/issues/429
4892 - [Richard van den Berg brought this change]
4894 CURLOPT_PROXY.3: A proxy given as env variable gets no special treatment
4898 - TODO: 5.7 More compressions
4900 Like for example brotli, as being implemented in Firefox now.
4902 Jay Satiro (21 Sep 2015)
4903 - tool_operate: Don't call easysrc cleanup unless --libcurl
4905 - Review of 4d95491.
4907 The author changed it so easysrc only initializes when --libcurl but did
4908 not do the same for the call to easysrc cleanup.
4910 Ref: https://github.com/bagder/curl/issues/429
4912 Daniel Stenberg (20 Sep 2015)
4913 - [Viktor Szakats brought this change]
4915 CURLOPT_PINNEDPUBLICKEY.3: replace test.com with example.com
4919 - KNOWN_BUGS: 91 "curl_easy_perform hangs with imap and PolarSSL"
4923 - KNOWN_BUGS: add link to #85
4925 - tests: disable 1801 until fixed
4927 It is unreliable and causes CI problems on github
4931 - RELEASE-NOTES: synced with 4d95491636ee
4933 - [Daniel Lee Hwang brought this change]
4935 tool: generate easysrc only on --libcurl
4937 Code should only be generated when --libcurl is used.
4939 Bug: https://github.com/bagder/curl/issues/429
4940 Reported-by: @greafhe, Jay Satiro
4945 Jay Satiro (19 Sep 2015)
4946 - vtls: Change designator name for server's pubkey hash
4948 - Change the designator name we use to show the base64 encoded sha256
4949 hash of the server's public key from 'pinnedpubkey' to
4952 Though the server's public key hash is only shown when comparing pinned
4953 public key hashes, the server's hash may not match one of the pinned.
4955 Daniel Stenberg (19 Sep 2015)
4956 - [Isaac Boukris brought this change]
4958 NTLM: Reset auth-done when using a fresh connection
4960 With NTLM a new connection will always require authentication.
4963 - [Daniel Hwang brought this change]
4965 ssl: add server cert's "sha256//" hash to verbose
4967 Add a "pinnedpubkey" section to the "Server Certificate" verbose
4969 Bug: https://github.com/bagder/curl/issues/410
4970 Reported-by: W. Mark Kubacki
4975 - [Jakub Zakrzewski brought this change]
4977 openldap: only part of LDAP query results received
4979 Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f
4983 - [Alessandro Ghedini brought this change]
4985 openssl: don't output certinfo data
4987 - [Alessandro Ghedini brought this change]
4989 openssl: refactor certificate parsing to use OpenSSL memory BIO
4993 Kamil Dudka (18 Sep 2015)
4994 - nss: prevent NSS from incorrectly re-using a session
4996 Without this workaround, NSS re-uses a session cache entry despite the
4997 server name does not match. This causes SNI host name to differ from
4998 the actual host name. Consequently, certain servers (e.g. github.com)
4999 respond by 400 to such requests.
5001 Bug: https://bugzilla.mozilla.org/1202264
5003 - nss: check return values of NSS functions
5005 Daniel Stenberg (17 Sep 2015)
5006 - CURLOPT_PINNEDPUBLICKEY.3: mention error code
5008 - openssl: build with < 0.9.8
5010 ... without sha256 support and no define saying so.
5012 Reported-by: Rajkumar Mandal
5014 - libcurl-errors.3: add two missing error codes
5016 CURLE_SSL_PINNEDPUBKEYNOTMATCH and CURLE_SSL_INVALIDCERTSTATUS
5018 Jay Satiro (14 Sep 2015)
5019 - CURLOPT_PINNEDPUBLICKEY.3: Improve pubkey extraction example
5021 - Show how a certificate can be obtained using OpenSSL.
5023 Bug: https://github.com/bagder/curl/pull/430
5024 Reported-by: Daniel Hwang
5026 Daniel Stenberg (13 Sep 2015)
5027 - http2: removed unused function
5029 - CURLINFO_ACTIVESOCKET.3: mention it replaces *LASTSOCKET
5031 - opts: add CURLINFO_* man pages to dist
5033 - opts: 19 more CURLINFO_* options made into stand-alone man pages
5035 - RELEASE-NOTES: synced with fad9604613
5037 - curl: customrequest_helper: deal with NULL custom method
5039 - [Svyatoslav Mishyn brought this change]
5041 CURLOPT_FNMATCH_FUNCTION.3: fix typo
5047 - curl: point out unnecessary uses of -X in verbose mode
5049 It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
5050 down the tone a bit.
5052 It adds a warning for using -XHEAD on other methods becasue that may
5053 lead to a hanging connection.
5055 Jay Satiro (10 Sep 2015)
5056 - curl_sspi: fix possibly undefined CRYPT_E_REVOKED
5058 Bug: https://github.com/bagder/curl/pull/411
5059 Reported-by: Viktor Szakats
5061 - buildconf.bat: fix syntax error
5063 - [Benjamin Kircher brought this change]
5065 winbuild: run buildconf.bat if necessary
5067 - [Svyatoslav Mishyn brought this change]
5069 docs: fix argument type for CURLINFO_SPEED_*, CURLINFO_SIZE_*
5073 Daniel Stenberg (8 Sep 2015)
5074 - [Sergei Nikulov brought this change]
5076 cmake: IPv6 : disable Unix header check on Windows platform
5080 - parse_proxy: reject illegal port numbers
5082 If the port number in the proxy string ended weirdly or the number is
5083 too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
5084 numerical address is used without enclosing brackets.
5086 Also mention the bracket requirement for IPv6 numerical addresses to the
5087 man page for CURLOPT_PROXY.
5091 Reported-by: Marcel Raad
5093 - FTP: do_more: add check for wait_data_conn in upload case
5095 In some timing-dependnt cases when a 4xx response immediately followed
5096 after a 150 when a STOR was issued, this function would wrongly return
5097 'complete == true' while 'wait_data_conn' was still set.
5101 Reported-by: Patricia Muscalu
5103 - [Svyatoslav Mishyn brought this change]
5105 CURLOPT_TLSAUTH_TYPE.3: update description
5110 - [Svyatoslav Mishyn brought this change]
5112 CURLOPT_PATH_AS_IS.3: fix typo
5118 - [Svyatoslav Mishyn brought this change]
5120 CURLINFO_SSL_VERIFYRESULT.3: add short description
5122 - [Svyatoslav Mishyn brought this change]
5124 CURLINFO_SSL_ENGINES.3: add short description
5126 - [Svyatoslav Mishyn brought this change]
5128 CURLINFO_CONTENT_LENGTH_UPLOAD.3: replace "receive" with "get" for consistency
5130 - [Svyatoslav Mishyn brought this change]
5132 CURLINFO_REDIRECT_TIME.3: remove redundant '!'
5134 Kamil Dudka (4 Sep 2015)
5135 - Revert "has: generate the curl/has.h header"
5137 This reverts commit a60bde79f9adeb135d5c642a07f0d783fbfbbc25 I have
5138 pushed by mistake. Apologies for my incompetent use of the git repo!
5140 - nss: do not directly access SSL_ImplementedCiphers[]
5142 It causes dynamic linking issues at run-time after an update of NSS.
5144 Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
5146 - [Daniel Stenberg brought this change]
5148 has: generate the curl/has.h header
5150 changed macro name, moved and renamed script to become docs/libcurl/has.pl,
5151 generate code that is checksrc compliant
5153 Daniel Stenberg (3 Sep 2015)
5154 - gitignore: ignore more generated VC Makefiles
5156 - projects/Windows/.gitignore: ignore generated files for release
5158 - http2: don't pass on Connection: headers
5160 RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an
5161 HTTP/2 message containing connection-specific header fields; any message
5162 containing connection-specific header fields MUST be treated as
5167 - curl.1: update RFC references
5169 - CURLOPT_POSTREDIR.3: update RFC number and section
5171 - CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
5173 and some general cleaning up
5175 - [Marcel Raad brought this change]
5177 inet_pton.c: Fix MSVC run-time check failure (2)
5179 This fixes another run-time check failure because of a narrowing cast on
5184 Jay Satiro (3 Sep 2015)
5185 - docs: Warn about any-domain cookies and multiple transfers
5187 - Warn that cookies without a domain are sent to any domain:
5188 CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie
5190 - Note that imported Set-Cookie cookies without a domain are no longer
5192 CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar
5194 Steve Holme (2 Sep 2015)
5195 - tool_sdecls.h: Fixed compilation warning from commit 4a889441d3
5197 tool_sdecls.h:139 warning: comma at end of enumerator list
5199 Daniel Stenberg (2 Sep 2015)
5200 - opts: 8 more CURLINFO* options as stand-alone man pages
5202 - RELEASE-NOTES: synced with c764cb4add1a8
5204 - man-pages: more SEE ALSO links
5206 - opts: more CURLINFO_* options as stand-alone man pages
5208 Steve Holme (31 Aug 2015)
5209 - sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
5211 Introduced in commit 59f3f92ba6 this function is only implemented when
5212 CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define
5213 the function in the header file either.
5215 - sasl: Updated SPN variables and comments for consistency
5217 In places the "host name" and "realm" variable was referred to as
5218 "instance" whilst in others it was referred to as "host".
5220 Daniel Stenberg (30 Aug 2015)
5221 - configure: check for HMAC_Update in openssl
5223 Turns out HMAC_Init is now deprecated in openssl master (and I spelled
5224 HMAC_Init_ex wrong in previous commit)
5226 Steve Holme (30 Aug 2015)
5227 - win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by default
5229 Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native
5230 Windows builds don't use the autoconf tools.
5232 - des: Fixed compilation warning from commit 613e5022fe
5234 curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined;
5235 assuming extern returning int
5237 - buildconf.bat: Fixed double blank line in 'curl manual' warning output
5239 - makefiles: Added our standard copyright header
5241 But kept the original author, when they were specified in a comment, as
5242 the initial copyright holder.
5244 Jay Satiro (29 Aug 2015)
5245 - CURLOPT_FILETIME.3: CURLINFO_FILETIME has its own manpage now
5247 Daniel Stenberg (29 Aug 2015)
5248 - CURLINFO_RESPONSE_CODE.3: added short description
5250 - opts: 7 initial CURLINFO_* options as stand-alone man pages
5252 - [Nikolai Kondrashov brought this change]
5254 libcurl.m4: Put braces around empty if body
5256 Put braces around empty "if" body in libcurl.m4 check to avoid warning:
5258 suggest braces around empty body in an 'if' statement
5260 and make it work with -Werror builds.
5264 - [Svyatoslav Mishyn brought this change]
5266 curl_easy_escape.3: escape '\n'
5270 - [Svyatoslav Mishyn brought this change]
5272 curl_easy_{escape,setopt}.3: fix example
5274 remove redundant '}'
5276 - [Sergei Nikulov brought this change]
5278 cmake: added Windows SSL support
5282 - curl: point out the conflicting HTTP methods if used
5284 It isn't always clear to the user which options that cause the HTTP
5285 methods to conflict so by spelling them out it should hopefully be
5286 easier to understand why curl complains.
5288 - curl: clarify that users can only specify one _METHOD_
5290 - [Svyatoslav Mishyn brought this change]
5292 curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
5296 Patrick Monnerat (24 Aug 2015)
5297 - os400: include new options in wrappers and update ILE/RPG binding.
5299 Daniel Stenberg (24 Aug 2015)
5300 - KNOWN_BUGS: #2, not reading a HEAD response-body is not a bug
5302 ... since HTTP is forbidden to return any such.
5304 - KNOWN_BUGS: #78 zero-length files is already fixed!
5306 - [Razvan Cojocaru brought this change]
5308 getinfo: added CURLINFO_ACTIVESOCKET
5310 This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64
5311 bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable.
5313 Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
5315 - http2: remove dead code
5317 Leftovers from when we removed the private socket hash.
5319 Coverity CID 1317365, "Logically dead code"
5321 - ntlm: mark deliberate switch case fall-through
5323 Coverity CID 1317367, "Missing break in switch"
5325 - http2: on_frame_recv: get a proper 'conn' for the debug logging
5327 "Explicit null dereferenced (FORWARD_NULL)"
5329 Coverity CID 1317366
5331 - RELEASE-NOTES: synced with 2acaf3c804
5333 Dan Fandrich (23 Aug 2015)
5334 - tool: fix memory leak with --proto-default option
5336 Jay Satiro (22 Aug 2015)
5337 - [Nathaniel Waisbrot brought this change]
5339 CURLOPT_DEFAULT_PROTOCOL: added
5341 - Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
5342 protocol for schemeless URLs.
5344 - Add new tool option --proto-default to expose
5345 CURLOPT_DEFAULT_PROTOCOL.
5347 In the case of schemeless URLs libcurl will behave in this way:
5349 When the option is used libcurl will use the supplied default.
5351 When the option is not used, libcurl will follow its usual plan of
5352 guessing from the hostname and falling back to 'http'.
5354 - runtests: Allow for spaces in server-verify curl custom path
5356 Daniel Stenberg (22 Aug 2015)
5357 - NTLM: recent boringssl brought DES_set_odd_parity back
5359 ... so improve the #ifdefs for using our local implementation.
5361 - configure: detect latest boringssl
5363 Since boringssl brought back DES_set_odd_parity again, it cannot be used
5364 to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
5365 seems better anyway.
5367 URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
5368 Original-patch-by: Bertrand Simonnet
5372 - configure: change functions to detect openssl (clones)
5374 ... since boringssl moved the former ones and the check started to fail.
5376 URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
5377 Original-patch-by: Bertrand Simonnet
5379 - [Alessandro Ghedini brought this change]
5381 openssl: handle lack of server cert when strict checking disabled
5383 If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
5384 and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
5385 doesn't present a certificate at all.
5389 - ftp: clear the do_more bit when the server has connected
5391 The multi state machine would otherwise go into the DO_MORE state after
5392 DO, even for the case when the FTP state machine had already performed
5393 those duties, which caused libcurl to get stuck in that state and fail
5394 miserably. This occured for for active ftp uploads.
5396 Reported-by: Patricia Muscalu
5398 - [Jactry Zeng brought this change]
5400 travis.yml: Add OS X testbot.
5402 - [Rémy Léone brought this change]
5404 travis: Upgrading to container based build
5406 http://docs.travis-ci.com/user/migrating-from-legacy
5410 - RELEASE-NOTES: synced with 14ff86256b13e
5412 - [Erik Janssen brought this change]
5414 rtsp: stop reading empty DESCRIBE responses
5416 Based-on-patch-by: Jim Hollinger
5418 - [Erik Janssen brought this change]
5420 rtsp: support basic/digest authentication
5422 - [Sam Roth brought this change]
5424 CURLMOPT_PUSHFUNCTION.3: fix argument types
5429 - [Marcel Raad brought this change]
5431 inet_pton.c: Fix MSVC run-time check failure
5433 Visual Studio complains with a message box:
5435 "Run-Time Check Failure #1 - A cast to a smaller data type has caused a
5436 loss of data. If this was intentional, you should mask the source of
5437 the cast with the appropriate bitmask.
5440 char c = (i & 0xFF);
5442 Changing the code in this way will not affect the quality of the
5443 resulting optimized code."
5445 This is because only 'val' is cast to unsigned char, so the "& 0xff" has
5450 Jay Satiro (18 Aug 2015)
5451 - docs: Update the redirect protocols disabled by default
5453 - Clarify that FILE and SCP are disabled by default since 7.19.4
5454 - Add that SMB and SMBS are disabled by default since 7.40.0
5455 - Add CURLPROTO_SMBS to the list of protocols
5457 - gitignore: Sort for readability
5459 find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
5461 Daniel Stenberg (15 Aug 2015)
5462 - curl_easy_getinfo.3: fix superfluous space
5464 ... and changed "oriented" to "related"
5468 - CURLOPT_HTTP_VERSION.3: connection re-use goes before version
5470 - [Daniel Kahn Gillmor brought this change]
5472 curl.1: Document weaknesses in SSLv2 and SSLv3
5474 Acknowledge that SSLv3 is also widely considered to be insecure.
5476 Also, provide references for people who want to know more about why it's
5479 Steve Holme (14 Aug 2015)
5480 - generate.bat: Added support for generating only the prerequisite files
5482 - generate.bat: Only call buildconf.bat if it exists
5484 - generate.bat: Fixed issues when ran in directories with special chars
5486 Daniel Stenberg (14 Aug 2015)
5487 - [Brad King brought this change]
5489 cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
5491 Fix the check code to pass 5 arguments instead of 6. This typo was
5492 introduced by commit aebfd4cfbf (cmake: fix gethostby{addr,name}_r in
5493 CurlTests, 2014-10-31).
5495 Steve Holme (14 Aug 2015)
5496 - * buildconf.bat: Fixed issues when ran in directories with special chars
5498 Bug: https://github.com/bagder/curl/pull/379
5499 Reported-by: Daniel Seither
5501 Jay Satiro (13 Aug 2015)
5502 - curl_global_init_mem.3: Stronger thread safety warning
5504 Bug: http://curl.haxx.se/mail/lib-2015-08/0016.html
5505 Reported-by: Eric Ridge
5507 Daniel Stenberg (12 Aug 2015)
5508 - [Svyatoslav Mishyn brought this change]
5510 curl_multi_add_handle.3: fix a typo
5512 "can not" => "cannot"
5516 - [Alessandro Ghedini brought this change]
5522 - bump: start working toward 7.45.0
5524 - THANKS: remove duplicate name
5526 - THANKS-filter: merge Todd's names
5528 - THANKS: 13 new contributors from the 7.44.0 RELEASE-NOTES
5530 Version 7.44.0 (11 Aug 2015)
5532 Daniel Stenberg (11 Aug 2015)
5533 - RELEASE-NOTES: synced with c75a1e775061
5535 - [Svyatoslav Mishyn brought this change]
5537 curl_formget.3: correct return code
5541 - [Svyatoslav Mishyn brought this change]
5543 libcurl-tutorial.3: fix formatting
5547 - [Svyatoslav Mishyn brought this change]
5549 curl_easy_recv.3: fix formatting
5551 - [Anders Bakken brought this change]
5553 http2: discard frames with no SessionHandle
5555 Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
5556 SessionHandle. Apparently mod_h2 will sometimes send a frame for a
5557 stream_id we're finished with.
5559 Use nghttp2_session_get_stream_user_data and
5560 nghttp2_session_set_stream_user_data to identify SessionHandles instead
5565 - RELEASE-NOTES: synced with 9ee40ce2aba
5567 - [Viktor Szakats brought this change]
5569 build: refer to fixed libidn versions
5573 - Revert "configure: disable libidn by default"
5575 This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3.
5577 ... since libidn has since been fixed.
5579 - [Jakub Zakrzewski brought this change]
5581 CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define
5583 Otherwise the build only pretended to use GSS-API
5587 - SFTP: fix range request off-by-one in size check
5589 Reported-by: Tim Stack
5593 - test46: update cookie expire time
5595 ... since it went old and thus was expired and caused the test to fail!
5597 Steve Holme (9 Aug 2015)
5598 - generate.bat: Use buildconf.bat for prerequisite file generation
5600 - buildconf.bat: Tidy up of comments after recent commits
5602 - buildconf.bat: Added full generation of src\tool_hugehelp.c
5604 Added support for generating the full man page based on code from
5607 - buildconf.bat: Added detection of groff, nroff, perl and gzip
5609 To allow for the full generation of tool_hugehelp.c added detection of
5610 the required programs - based on code from generate.bat.
5612 - buildconf.bat: Move DOS variable clean-up code to separate function
5614 Rather than duplicate future variables, during clean-up of both success
5615 and error conditions, use a common function that can be called by both.