summaryrefslogtreecommitdiff
path: root/plugins/FTPFileYM/curl/CHANGES
diff options
context:
space:
mode:
authorKonstantin Nikulin <apollo2k4@narod.ru>2013-11-10 19:52:10 +0000
committerKonstantin Nikulin <apollo2k4@narod.ru>2013-11-10 19:52:10 +0000
commite40ecc70a7db28bdf78dad5d804e07d08a77159c (patch)
tree12d5bcf505c5e8b8ff4dac263d4c276ace4afeb8 /plugins/FTPFileYM/curl/CHANGES
parent5ab9277014a338944af494bccc8395a4513fd1c8 (diff)
cURL lib update to 7.33
git-svn-id: http://svn.miranda-ng.org/main/trunk@6863 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
Diffstat (limited to 'plugins/FTPFileYM/curl/CHANGES')
-rw-r--r--plugins/FTPFileYM/curl/CHANGES8008
1 files changed, 3916 insertions, 4092 deletions
diff --git a/plugins/FTPFileYM/curl/CHANGES b/plugins/FTPFileYM/curl/CHANGES
index 08f0a8f60d..a384fadba8 100644
--- a/plugins/FTPFileYM/curl/CHANGES
+++ b/plugins/FTPFileYM/curl/CHANGES
@@ -6,5746 +6,5570 @@
Changelog
-Version 7.29.0 (6 Feb 2013)
+Version 7.33.0 (13 Oct 2013)
-Daniel Stenberg (6 Feb 2013)
-- vms: config-vms.h is removed, no use trying to distribute it
+Daniel Stenberg (13 Oct 2013)
+- RELEASE-NOTES: synced with 92cf6141ed0de
-- RELEASE-NOTES: mention the SASL buffer overflow
-
-- [Eldar Zaitov brought this change]
-
- Curl_sasl_create_digest_md5_message: fix buffer overflow
-
- When negotiating SASL DIGEST-MD5 authentication, the function
- Curl_sasl_create_digest_md5_message() uses the data provided from the
- server without doing the proper length checks and that data is then
- appended to a local fixed-size buffer on the stack.
-
- This vulnerability can be exploited by someone who is in control of a
- server that a libcurl based program is accessing with POP3, SMTP or
- IMAP. For applications that accept user provided URLs, it is also
- thinkable that a malicious user would feed an application with a URL to
- a server hosting code targetting this flaw.
+- curl: fix --oauth2-bearer in the --help output
- Bug: http://curl.haxx.se/docs/adv_20130206.html
+ After the option rename in 5df04bfafd1
-Steve Holme (6 Feb 2013)
-- FEATURES: Removed erroneous whitespace
+- OpenSSL: improve the grammar of the language in 39beaa5ffbcc
- Removed whitespace introduced in commit 5f8f20f5e65b that caused
- formatting issues when generating the website docs.
+ Reported-by: Petr Pisar
-Yang Tse (6 Feb 2013)
-- setup-vms.h: post VMS patch cleanup - III
-
- - rename post-config-vms.h to setup-vms.h
- - move its inclusion into proper location in curl_setup.h
+- [Andrej E Baranov brought this change]
-- vms_show: post VMS patch cleanup - II
+ OpenSSL: use failf() when subjectAltName mismatches
- - remove multiple declarations of vms_show and add comments
-
-- tool_main.c: post VMS patch cleanup - I
+ Write to CURLOPT_ERRORBUFFER information about mismatch alternative
+ certificate subject names.
- - remove header inclusion already done in curl_setup_once.h
+ Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
-Steve Holme (6 Feb 2013)
-- FEATURES: Added SSPI to list of NTLM libraries
+- curl: rename --bearer to --oauth2-bearer
+
+ The option '--bearer' might be slightly ambiguous in name. It doesn't
+ create any conflict that I am aware of at the moment, however, OAUTH v2
+ is not the only authentication mechanism which uses "bearer" tokens.
+
+ Reported-by: Kyle L. Huff
+ URL: http://curl.haxx.se/mail/lib-2013-10/0064.html
-- FEATURES: Added Secure Transport and qssl to list of SSL libraries
+- [Kamil Dudka brought this change]
-- FEATURES: Added email feature set
+ ssh: improve the logic for detecting blocking direction
- Added SMTP, SMTPS, POP3, POP3S, IMAP and IMAPS features.
+ This fixes a regression introduced by commit 0feeab78 limiting the speed
+ of SCP upload to 16384 B/s on a fast connection (such as localhost).
-- imap.h: Corrected incorrect comment clarification
-
- Corrected comment clarification made in commit 167717b8069a.
+Dan Fandrich (12 Oct 2013)
+- Fixed typo in Makefile.inc that left http2.h out of the tar ball
-- COPYING: Updated copyright year to include 2013
+Daniel Stenberg (11 Oct 2013)
+- [Heinrich Schaefer brought this change]
-Daniel Stenberg (5 Feb 2013)
-- RELEASE-NOTES: synced with 25f351424b3538
-
- 8 more bug fixes mentioned
+ minor fix in doc
-- [John E. Malmberg brought this change]
+- [Gisle Vanem brought this change]
- VMS: fix and generate the VMS build config
-
- config_h.com is a new file that generates a config.h file based on the
- curl_config.h.in file and a quick scan of the configure script. This is
- actually a generic procedure that is shared with other VMS packages.
-
- The existing pre-built config-vms.h had over 100 entries that were not
- correct and in some cases conflicted with the build options available in
- the build_vms.com.
-
- generate_config_vms_h_curl.com is a helper procedure to the
- config_h.com. It covers the cases that the generic config_h.com is not
- able to figure out, and accepts input from the build_vms.com procedure.
+ curl_setup_once: fix errno access for lwip on Windows
- build_curlbuild_h.com is a new file to generate the curlbuild.h file
- that Curl is now using when it is using a curl_config.h file.
-
- post-config-vms.h is a new file that is needed to provide VMS specific
- definitions, and most of them need to be set before the system header
- files are included.
-
- The VMS build procedure is fixed:
-
- 1. Fixed to link in the correct HP ssl library.
- 2. Fixed to detect if HP Kerberos is installed.
- 3. Fixed to detect if HP LDAP is installed.
- 4. Fixed to detect if gnv$libzshr is installed.
- 5. Simplified the input parameter parsing to not use a loop.
- 6. Warn that 64 bit pointer option support is not complete
- in comments.
- 7. Default to IEEE floating if platform supports it so
- resulting libcurl will be compatible with other
- open source projects on VMS.
- 8. Default to LARGEFILE if platform supports it.
- 9. Default to enable SSL, LDAP, Kerberos, libz
- if the libraries are present.
- 10. Build with exact case global symbols for libcurl.
- 11. Generate linker option file needed.
- 12. Compiler list option only commonly needed items.
- 13. fulllist option for those who really want it.
- 14. Create debug symbol file on Alpha, IA64.
+ lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to
+ set network errors. It doesn't; it uses 'errno'.
-- Curl_proxyCONNECT: return once CONNECT is sent
-
- By doing this unconditionally, we infer a simpler and more defined
- behavior. This also has the upside that test 1021 no longer fails for me
- even if I run with valgrind.
-
- Also fixed some wrong comments.
+- test1239: verify 4cd444e01ad and the simulated 304 response
-Steve Holme (5 Feb 2013)
-- email: Reworked comments in the endofresp() functions
-
- Tidied up the comments in the endofresp() functions to be more
- meaningful prior to release.
+- [Derek Higgins brought this change]
-Marc Hoersken (5 Feb 2013)
-- schannel: Removed extended error connection setup flag
-
- According KB975858 this flag may cause problems on Windows 7 and
- Windows Server 2008 R2 systems. Extended error information is not
- currently used by libcurl and therefore not a requirement.
+ HTTP: Output http response 304 when modified time is too old
- The flag may improve the SSL-connection shutdown in case of an
- error. This means it might be a good improvement in the future.
-
- Fixes bug/issue #1187 - thanks for the report
+ When using the -w '%{http_code}' flag and simulating a Not Modified then
+ 304 should be output.
-Daniel Stenberg (5 Feb 2013)
-- [Tor Arntsen brought this change]
+- contributors: helper script to dig out contributors from git
- singleipconnect: Update *sockp for all CURLE_OK
-
- The 56b7c87c7 change left a case where a good sockfd was not copied to
- *sockp before returning with CURLE_OK
+- RELEASE-NOTES: add twos refs to bug reports
-- curl_easy_perform: Value stored to 'mcode' is never read
-
- pointed out by clang-analyzer
+- RELEASE-NOTES: synced with 173160c0d068
-- singleipconnect: remove dead assignment
+Nick Zitzmann (2 Oct 2013)
+- darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
- pointed out by clang-analyzer
+ Credit (for catching a cipher I forgot to add to the blocked ciphers list):
+ https://www.ssllabs.com/ssltest/viewMyClient.html
-Linus Nielsen Feltzing (5 Feb 2013)
-- CURLMOPT_MAXCONNECTS: restore functionality
+Daniel Stenberg (2 Oct 2013)
+- OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
- When a connection is no longer used, it is kept in the cache. If the
- cache is full, the oldest idle connection is closed. If no connection is
- idle, the current one is closed instead.
-
-Steve Holme (5 Feb 2013)
-- RELEASE-NOTES: Updated following recent changes to the email protocols
+ Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
+ should still verify that the host name fields in the server certificate
+ is fine or return failure.
- Added recent additions and fixes following the changes to imap, pop3
- and smtp. Additionally added another contributor that helped to test
- the imap sasl changes.
+ Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
+ Reported-by: Ishan SinghLevett
-- email: Provided extra comments following recent pop3/imap fixes
+- KNOWN_BUGS: #84: CURLINFO_SSL_VERIFYRESULT
- Provided additional clarification about the logic of the authenticate()
- functions following commit 6b6bdc83bd36 and b4270a9af1d0.
+ CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
+ backends and not for any other!
-Daniel Stenberg (5 Feb 2013)
-- [Andrei Kurushin brought this change]
+- [François Charlier brought this change]
- winbuild: include version info for .dll .exe
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1186
+ xattr: add support for FreeBSD xattr API
-- FAQ: clarify 5.13 How do I stop an ongoing transfer
-
- Rich Gray provided good feedback and we now clarify that you can in fact
- stop a multi transfer at any point you like by removing the easy handle.
+- curl_easy_setopt.3: slight clarification of SEEKFUNCTION
-- [Matt Arsenault brought this change]
+Steve Holme (29 Sep 2013)
+- tests: Fixed typos from commit 25a0c96a494297
- cmake: Fix mingw build
+- tests: Updated email addresses in SMTP tests following recent changes
-- [Sergei Nikulov brought this change]
+- test909: Removed custom EHLO response after recent changes
+
+ ...as it is no longer required following capability and authentication
+ changes and is now causing problems following commit 49341628b50007 as
+ the test number is obtained from the client address in the EHLO.
- cmake: updated OpenSSL build
+- ftpserver.pl: Fixed compilation error from commit 49341628b50007
-Steve Holme (4 Feb 2013)
-- pop3.c: Updated variable names to use shorter / more readable variant
+- ftpserver.pl: Moved specifying the test number from the RCPT address
- Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
- the pop3c struct variable used the longer conndata struct rather than
- matching what other code in pop3_authenticate() used.
+ ...to the client address as this frees the RCPT strings to contain
+ just an email address and by passing the test number into curl as the
+ client address remains consistent with POP3 and IMAP tests as they are
+ specified in the URL.
-Guenter Knauf (4 Feb 2013)
-- updated copyright years.
+- ftpserver.pl: Added unwanted argument check to SMTP DATA command handler
-- configure: update the copyright years for the output.
-
-Steve Holme (3 Feb 2013)
-- imap: Fixed no known authentication mechanism when fallback is required
-
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
-
- Note: In order to fallback to Clear Text authentication properly this
- fix adds support for the LOGINDISABLED server capability.
- imap: Fixed no known authentication mechanism when fallback is required
-
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
-
- Note: In order to fallback to Clear Text authentication properly this
- fix adds support for the LOGINDISABLED server capability.
+Daniel Stenberg (29 Sep 2013)
+- getinmemory: remove a comment
- Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
- Reported by: Stanislav Ivochkin
+ The comment mentioned the need to free the data, but the example already
+ does that free
-- pop3: Fixed no known authentication mechanism when fallback is required
+- postinmemory: new example
- Fixed an issue where (lib)curl is compiled without support for a
- supported challenge-response based SASL authentication mechanism, such
- as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
- mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
- authentication.
+ This is similar to getinmemory.c but with an initial POST.
- Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
- Reported by: Stanislav Ivochkin
+ Combined-by: Ulf Samuelsson
-Daniel Stenberg (1 Feb 2013)
-- singleipconnect: simplify and clean up
+- win32: fix Visual Studio 2010 build with WINVER >= 0x600
- Remove timeout argument that's never used.
+ If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform
+ SDK often defaults to high value, e.g. 0x601 (whoch may probably depend
+ on the Windows version being used, in my case Windows 7).
- Make the actual connection get detected on a single spot to reduce code
- duplication.
+ If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(),
+ e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's
+ lib/select.h.
- Store the IPv6 state already when the connection is attempted.
-
-- Curl_perfom: removed
+ Make sure HAVE_STRUCT_POLLFD is defined then.
- Curl_perfom is no longer used anywhere since the always-multi commit
- c43127414d89ccb9, and some related functions were used only from within
- Curl_perfom.
-
-Guenter Knauf (30 Jan 2013)
-- Updated date.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1282
+ Reported-by: "kdekker"
+ Patch-by: Marcel Raad
-Yang Tse (30 Jan 2013)
-- zz40-xc-ovr.m4: fix 'wc' detection - follow-up 2
+Steve Holme (28 Sep 2013)
+- ssluse.c: Fixed compilation warnings when ENGINE not supported
- - Fix a pair of single quotes to double quotes.
-
- URL: http://curl.haxx.se/mail/lib-2013-01/0355.html
- Reported by: Tor Arntsen
+ The function "ssl_ui_reader" was declared but never referenced
+ The function "ssl_ui_writer" was declared but never referenced
-- zz40-xc-ovr.m4: fix 'wc' detection - follow-up
+Daniel Stenberg (27 Sep 2013)
+- configure: use icc options without space
- - Take into account that 'wc' may return leading spaces and/or tabs.
+ The latest version(s) of the icc compiler no longer accept the extra
+ space in the -we (warning enable), -wd (warning disable), etc.
- - Set initial IFS to space, tab and newline.
+ Reported-by: Elmira A Semenova
+ Bug: http://curl.haxx.se/mail/lib-2013-09/0182.html
+
+Steve Holme (25 Sep 2013)
+- imap: Added clarification to the code about odd continuation responses
-- zz40-xc-ovr.m4: fix 'wc' detection
+- ftp.c: Fixed compilation warning
- - Take into account that 'wc' may return leading spaces.
+ There is an implicit conversion from "unsigned long" to "long"
+
+- sasl: Centralised the authentication mechanism strings
- - Set internationalization behavior variables.
+ Moved the standard SASL mechanism strings into curl_sasl.h rather than
+ hard coding the same values over and over again in the protocols that
+ use SASL authentication.
- Tor Arntsen analyzed and reported the issue.
+ For more information about the mechanism strings see:
- URL: http://curl.haxx.se/mail/lib-2013-01/0351.html
+ http://www.iana.org/assignments/sasl-mechanisms
-- zz40-xc-ovr.m4: check another three basic utilities
+Daniel Stenberg (23 Sep 2013)
+- RELEASE-NOTES: added recent contributors missing
-Guenter Knauf (29 Jan 2013)
-- Fixed debug.c to work again unchanged.
-
- Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+Steve Holme (23 Sep 2013)
+- test906: Fixed type-2 response
-Daniel Stenberg (29 Jan 2013)
-- [Nick Zitzmann brought this change]
+- test915: Corrected test number from commit 22bccb0edaf041
- darwinssl: Fix bug where packets were sometimes transmitted twice
-
- There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
- succeed in transmitting at least something, then we'd incorrectly
- resend the packet. Now we never take errSSLWouldBlock as a sign that
- nothing was transferred to/from the server.
+- test906: Fixed type-1 message not handled error
- Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
- Reported by: Bruno de Carvalho
+ ...from commit f81d1e16664976 due to copy paste error.
-- [Nick Zitzmann brought this change]
+- tests: Added SMTP AUTH NTLM test
- FAQ: "Darwinssl" is AKA "Secure Transport" and supports NTLM
+- tests: Added SMTP multiple and invalid --mail-rcpt test
-- RELEASE-NOTES: only list Nick once
-
- Even though he's a fine dude, once is enough for this time!
+- tests: Added SMTP multiple --mail-rcpt test
-Yang Tse (28 Jan 2013)
-- zz40-xc-ovr.m4: 1.0 interface stabilization
-
- - Stabilization results in 4 public interface m4 macros:
- XC_CONFIGURE_PREAMBLE
- XC_CONFIGURE_PREAMBLE_VER_MAJOR
- XC_CONFIGURE_PREAMBLE_VER_MINOR
- XC_CHECK_PATH_SEPARATOR
- - Avoid one level of internal indirection
- - Update comments
- - Drop XC_OVR_ZZ40 macro
+- tests: Added SMTP invalid --mail-rcpt test
-Kamil Dudka (28 Jan 2013)
-- docs: fix typos in man pages
-
- Reported by: Jiri Jaburek
- Bug: https://bugzilla.redhat.com/896544
+- tests: Regrouping of SMTP tests
+
+Daniel Stenberg (22 Sep 2013)
+- [Benoit Sigoure brought this change]
-- docs: update the comments about loading CA certs with NSS
+ test1112: Increase the timeout from 7s to 16s
- Bug: https://bugzilla.redhat.com/696783
+ As someone reported on the mailing list a while back, the hard-coded
+ arbitrary timeout of 7s in test 1112 is not sufficient in some build
+ environments. At Arista Networks we build and test curl as part of our
+ automated build system, and we've run into this timeout 170 times so
+ far. Our build servers are typically quite busy building and testing a
+ lot of code in parallel, so despite being beefy machines with 32 cores
+ and 128GB of RAM we still hit this 7s timeout regularly.
+
+ URL: http://curl.haxx.se/mail/lib-2010-02/0200.html
-Guenter Knauf (28 Jan 2013)
-- Updated dependency libs.
+Steve Holme (22 Sep 2013)
+- tests: Fixed smtp rcpt to addresses
-- Fixed simple.c to work again unchanged.
+- ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses
- Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+ RCPT_smtp() will now check for a correctly formatted TO address which
+ allows for invalid recipient addresses to be added.
-Steve Holme (27 Jan 2013)
-- smtp.c: Fixed unnecessary state change if starttls fails
+- ftpserver.pl: Added cURL SMTP server detection to HELO command handler
- The state machine should only be changed to SMTP_STARTTLS when the
- STARTTLS command has been successfully sent to the server.
+ As curl will send a HELO command after an negative EHLO response, added
+ the same detection from commit b07709f7417c3e to the HELO handler to
+ ensure the test server is identified correctly and an upload isn't
+ performed.
-- pop3.c: Fixed unnecessary state change if starttls fails
-
- The state machine should only be changed to POP3_STARTTLS when the
- STLS command has been successfully sent to the server.
+- ftpserver.pl: Corrected response code for successful RCPT command
-- imap.c: Fixed unnecessary state change if starttls fails
+- ftpserver.pl: Moved invalid RCPT TO: address detection to RCPT handler
- The state machine should only be changed to IMAP_STARTTLS when the
- STARTTLS command has been successfully sent to the server.
+ Rather than detecting the TO address as missing in the DATA handler,
+ moved the detection to the RCPT command handler where an error response
+ can be generated.
-- email: Updated comment regarding ssldone usage
+- RELEASE-NOTES: Corrected missed addition
- Updated the ssldone comment as multi mode is always used internally now.
+ Somehow commit 60a20461629fda missed the last item in the sync list
+ even though I'm sure I added it during editing.
+
+- RELEASE-NOTES: Synced with 6dd8bd8d2f9729
-Yang Tse (26 Jan 2013)
-- zz40-xc-ovr.m4: emit witness message in configure BODY
+- curl.1: Added information about optional login options to --user in manpage
- This avoids witness message in output when running configure --help,
- while sending the message to config.log for other configure runs.
+ Added missing information, from curl 7.31.0, regarding the use of the
+ optional login options that may be specified as part of --user.
+
+ For example:
+
+ --user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols.
-Steve Holme (25 Jan 2013)
-- smtp.c: Added comments to smtp_endofresp()
+- ftpserver.pl: Moved cURL SMTP server detection into EHLO command handler
+
+ Moved the special SMTP server detection code from the DATA command
+ handler, which happens further down the operation chain after EHLO,
+ MAIL and RCPT commands, to the EHLO command as it is the first command
+ to be generated by a SMTP operation as well as containing the special
+ "verifiedserver" string from the URL.
+
+ This not only makes it easier and quicker to detect but also means that
+ cURL doesn't need to specify "verifiedserver" as --mail-from and
+ --mail-rcpt arguments.
- Minor code tidy up to add comments similar to those used in the pop3
- and imap end of resp functions, in order to assist anyone reading the
- code and highlight the similarities between each of these protocols.
+ More importantly, this also makes the upcoming verification changes to
+ the RCPT handler easier to implement.
-Yang Tse (25 Jan 2013)
-- zz40-xc-ovr.m4: truly do version conditional overriding
+Daniel Stenberg (21 Sep 2013)
+- openssl: use correct port number in error message
- - version conditional overriding
- - catch unexpanded XC macros
- - fix double words in comments
+ In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it
+ would output the local port number instead of the remote one which
+ showed when doing SSL over a proxy (but with the correct remote host
+ name). As libcurl only speaks SSL to the remote we know it is the remote
+ port.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1281
+ Reported-by: Gordon Marler
-- zz40-xc-ovr.m4: fix variable assignment of subshell output bashism
+- test1415: adjusted to work for 32bit time_t
- Tor Arntsen analyzed and reported the issue.
+ The libcurl date parser returns INT_MAX for all dates > 2037 so this
+ test is now made to use 2037 instead of 2038 to work the same for both
+ 32bit and 64bit time_t systems.
+
+Steve Holme (21 Sep 2013)
+- tests: Reworked existing SMTP tests to be single recipient based
- URL: http://curl.haxx.se/mail/lib-2013-01/0306.html
+ ...in preparation of upcoming multiple recipient tests.
-- zz40-xc-ovr.m4: reinstate strict AC_REQUIRE macro dependencies
+- ftpserver.pl: Corrected SMTP QUIT response to be more realistic
-- zz40-xc-ovr.m4: avoid double single-quote usage
+Daniel Stenberg (20 Sep 2013)
+- curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
-- zz40-xc-ovr.m4: parentheses balancing of 'case' statements
-
- m4 quadrigraph shell comment technique allows proper autoconf
- parentheses balancing in shell 'case' statements. The presence
- of unbalanced parentheses may otherwise trigger expansion bugs.
+- [Kim Vandry brought this change]
-Steve Holme (24 Jan 2013)
-- smtp.c: Corrected RFC references
+ Documented --dns-* options in curl manpage
+
+Steve Holme (20 Sep 2013)
+- pop3: Added basic SASL XOAUTH2 support
- The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
- previously documented.
+ Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for
+ authentication using RFC6749 "OAuth 2.0 Authorization Framework".
- Added RFC1870 and re-ordered list numerically.
+ The bearer token is expected to be valid for the user specified in
+ conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+ an advertised auth mechanism of "XOAUTH2", the user and access token are
+ formatted as a base64 encoded string and sent to the server as
+ "AUTH XOAUTH2 <bearer token>".
-- smtp.c: Fixed failure detection during TLS upgrade
+- curl: Added clarification to the --mail options in the --help output
- smtp_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to smtps and start the EHLO command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+ ... that these options apply to SMTP only.
-- pop3.c: Fixed failure detection during TLS upgrade
-
- pop3_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to pop3s and start the CAPA command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+- ftpserver.pl: Moved SMTP RCPT response text into command handler
-- imap.c: Fixed failure detection during TLS upgrade
-
- imap_state_upgrade_tls() would attempt to incorrectly complete the
- upgrade to imaps and start the CAPABILITY command if
- Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
- was set to TRUE. This would only happen when a non-blocking API hadn't
- been provided by the SSL implementation and curlssl_connect() was
- called underneath.
+- tests: Added SMTP invalid --mail-from test
-Yang Tse (24 Jan 2013)
-- zz40-xc-ovr.m4: internals overhauling
+Nick Zitzmann (19 Sep 2013)
+- darwinssl: enable BEAST workaround on iOS 7 & later
- - Update comments
- - Execute commands in subshells
- - Faster path separator check
- - Fix missing 'test' command
- - Rename private macros
- - Minimize AC_REQUIRE usage
-
-Steve Holme (23 Jan 2013)
-- email: Removed unnecessary return statements
+ iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0
+ and a CBC cipher, so we now always turn that on unless the user
+ manually turns it off using CURLSSLOPT_ALLOW_BEAST.
- Small tidy up to remove unnecessary return statements prior to the next
- fix.
+ It appears Apple also added some new PSK ciphers, but no interface to
+ use them yet, so we at least support printing them if we find them.
-Yang Tse (23 Jan 2013)
-- zz40-xc-ovr.m4: redirect errors and warnings to stderr
+Steve Holme (19 Sep 2013)
+- tests: Updated SMTP AUTH tests to use the new AUTH directive
+
+ ...rather than specify a customised EHLO response.
-- zz40-xc-ovr.m4: AC_REQUIRE also XC_CONFIGURE_PREAMBLE success message
+- tests: Corrected test913 as the QUIT response is received
-- zz60-xc-ovr.m4: tighten XC_OVR_ZZ60 macro placement requirements
+- tests: Added SMTP large message SIZE test
-- configure: use XC_CONFIGURE_PREAMBLE early checks
+- ftpserver.pl: Updated email regex from commit 98f7ca7e971006
- Some basic checks we make were placed early enough in generated
- configure script when using autoconf 2.5X versions. Newer autoconf
- versions expand these checks much further into the configure script,
- rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement
- of early intended checks across all our autoconf supported versions.
+ ...to not be as strict as it was rejecting valid numeric email
+ addresses.
+
+- tests: Fixed smtp mail from addresses
-- zz40-xc-ovr.m4: provide XC_CONFIGURE_PREAMBLE macro
+- ftpserver.pl: Standardised CAPA and AUTH responses
-Daniel Stenberg (23 Jan 2013)
-- FAQ: update the SSL lib list and wording in question 2.2
+- ftpserver.pl: Corrected POP3 QUIT reply to be more realistic
-Steve Holme (22 Jan 2013)
-- curl_sasl.c: Corrected references to RFC
+- runtests.pl: Fixed syntax error in commit c873375123343e
- The most recent version of the RFC is RFC4422 and not RFC2222 as
- previously documented.
+ Possible unintended interpolation in string at line 796
-- email: Corrected references to SASL RFC
+- runtests.pl: Fixed smtp mail from address
- The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
- previously documented.
+ Following changes to ftpserver.pl fixed the mail from address to be a
+ correctly formatted address otherwise the server response will be 501
+ Invalid address.
-Daniel Stenberg (22 Jan 2013)
-- [Ulion brought this change]
+- ftpserver.pl: Fixed syntax error in commit 98f7ca7e971006
+
+ Can't modify constant item in scalar assignment line 779, near "0;"
- formpost: support quotes, commas and semicolon in file names
+- ftpserver.pl: Expanded the SMTP MAIL handler to validate messages
- - document the double-quote and backslash need be escaped if quoting.
- - libcurl formdata escape double-quote in filename by backslash.
- - curl formparse can parse filename both contains '"' and ',' or ';'.
- - curl now can uploading file with ',' or ';' in filename.
+ MAIl_smtp() will now check for a correctly formatted FROM address as
+ well as the optional SIZE parameter comparing it against the server
+ capability when specified.
+
+Daniel Stenberg (17 Sep 2013)
+- [YAMADA Yasuharu brought this change]
+
+ cookies: add expiration
- Bug: http://curl.haxx.se/bug/view.cgi?id=1171
+ Implement: Expired Cookies These following situation, curl removes
+ cookie(s) from struct CookieInfo if the cookie expired.
+ - Curl_cookie_add()
+ - Curl_cookie_getlist()
+ - cookie_output()
+
+Steve Holme (17 Sep 2013)
+- ftpserver.pl: Corrected response code for successful MAIL command
-- memanalyze.pl: handle fopen() of file names with quotes
+- ftpserver.pl: Moved SMTP MAIL handler into own function
-Yang Tse (21 Jan 2013)
-- xc-cc-check.m4: re-evaluate exporting and AC_SUBST'ing vars
+- dns: fix compilation with MinGW from commit df69440d05f113
- Notes:
+ Avoid 'interface' literal that some MinGW versions define as a macro
- When running a configure script that has nested packages (for example
- libcurl's configure with --enable-ares and c-ares sources embedded in
- curl tree) and AC_CONFIG_SUBDIRS([nested-subdir]) machinery is used to
- automatically run the nested configure script from within the parent
- configure script, it happens that the nested _shell_ script will
- inherit shell variables exported from the parent _shell_ script.
+ Additionally, corrected some very, very minor coding style errors.
+
+- tests: Fixed test 1406 following recent changes in ftpserver.pl
- If for example parent configure script sets and exports LDFLAGS and LIBS
- variables with proper values in order to link either a parent library or
- program with a library which will be configured and built by a nested
- package; It will happen that when the nested configure script runs, the
- nested library does not exist yet and _any_ link-test done in the nested
- configure will fail, such as those that autoconf macros perform in order
- to detect existing compiler and its characteristics, the result is that
- the nested configure script will fail with errors such as:
+ By default the mail server doesn't send the SIZE capability but instead
+ it has to be specified as a supported capability.
+
+- tests: Added test for SMTP SIZE capability
+
+- ftpserver.pl: Added the ability to include spaces in capabilities
- configure: error: C compiler cannot create executables
+ For example:
- For now, we no longer export variables previously exported here.
+ CAPA "SIZE 1048576" 8BITMIME BINARYMIME
- On the other hand, AC_SUBST'ing them is appropriate and even with nested
- packages each package's config.status gets its own package values.
+ will populate the capabilities list with the following in:
- So we reinstate AC_SUBST'ing previously AC_SUBST'ed variables.
+ SIZE 1048576
+ 8BITMIME
+ BINARYMIME
-Daniel Stenberg (21 Jan 2013)
-- FAQ: 3.22 curl -X gives me HTTP problems
+- ftpserver.pl: Corrected response code for successful SMTP QUIT command
-Yang Tse (21 Jan 2013)
-- xc-cc-check.m4: avoid recursive package automake'ing breakage
+- ftpserver.pl: Fixed syntax error in commit 33c1f2876b9029
+
+ Can't modify constant item in postincrement line 727, near "i++"
-- xc-cc-check.m4: mark earlier variables that are to be exported
+- ftpserver.pl: Added CAPA & AUTH directive support to the SMTP EHLO handler
-- configure: autotools compatibility fixes - step I
-
- Fix proper macro expansion order across autotools versions for
- C compiler and preprocessor program checks.
+- ftpserver.pl: Fixed SMTP QUIT handler from dadc495540946e
-Steve Holme (20 Jan 2013)
-- pop3.c: Fixed conditional compilation of the apop response function
+- ftpserver.pl: Moved SMTP EHLO and QUIT handlers in own functions
+
+- ftpserver.pl: Added support for SMTP HELO command
- Extended the fix from commit 8b15c84ea91e to additionally exclude
- pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
- defined.
+ ...and updated test902 as explicit HELO response is no longer required.
-Yang Tse (20 Jan 2013)
-- Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables
+- ftpserver.pl: Added mailbox check to IMAP SELECT handler
-Daniel Stenberg (19 Jan 2013)
-- formadd: reject trying to read a directory where a file is expected
+- ftpserver.pl: Corrected invalid user details check
- Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
- Reported by: Ulrich Doehner
+ ...in both the IMAP LOGIN and POP3 PASS handlers introduced in commit
+ 187ac693744949 and 84ad1569e5fc93 respectively.
-- curl_easy_send.3: document return codes
-
- Reported by: Craig Davison
- Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+- ftpserver.pl: Moved IMAP LOGIN handler into own function
-- curl_easy_recv.3: document return codes
-
- Reported by: Craig Davison
- Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+- ftpserver.pl: Moved POP3 USER and PASS handlers into own functions
-Steve Holme (19 Jan 2013)
-- email: General code tidy up
+- ftpserver.pl: Corrected invalid argument check in POP3 TOP handler
- Corrected some function argument definitions to maximize the 80
- character line length limit and be in keeping with the curl
- coding style.
+ ...which was accidentally introduced in commit 4d6ef6297ae9b6.
-- pop3.c: Fixed a problem with pop3s connections not connecting properly
-
- Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
- correctly and the ssldone flag wouldn't be set to true for pop3s based
- connections.
-
- Bug introduced in commit: 4ffb8a6398ed.
+- ftpserver.pl: Added capability prerequisite for extended POP3 commands
-Daniel Stenberg (18 Jan 2013)
-- RELEASE-NOTES: add references to several bugfixes+changes
+- tests: Updated descriptions to be more meaningful
-Steve Holme (18 Jan 2013)
-- RELEASE-NOTES: Added missing imap fix
-
- Added missing imap fix as per commit 709b3506cd9b.
+- ftpserver.pl: Added support for IMAP NOOP command
-Yang Tse (18 Jan 2013)
-- runtests.pl: make VPATH builds find valgrind.supp
+- imap: Fixed response check for NOOP command
-Daniel Stenberg (18 Jan 2013)
-- RELEASE-NOTES: synced with c43127414d89
+- tests: Updated descriptions to be more meaningful
-- always-multi: always use non-blocking internals
-
- Remove internal separated behavior of the easy vs multi intercace.
- curl_easy_perform() is now using the multi interface itself.
+Daniel Stenberg (13 Sep 2013)
+- curl.1: detail how short/long options work
- Several minor multi interface quirks and bugs have been fixed in the
- process.
-
- Much help with debugging this has been provided by: Yang Tse
+ URL: http://curl.haxx.se/bug/view.cgi?id=1279
+ Suggested-by: Jerry Krinock
-Yang Tse (17 Jan 2013)
-- url.c: fix HTTP CONNECT tunnel establishment upon delayed response
-
- Fixes initial proxy response being processed by the tunneled protocol
- handler instead of the HTTP wrapper handler. This issue would trigger
- upon delayed CONNECT response from the proxy.
+Steve Holme (13 Sep 2013)
+- curl: Fixed usage of DNS options when not using c-ares resolver
- Additionally fixes a multi interface code-path in which connections
- would not time out properly.
+ Commit 32352ed6adddcb introduced various DNS options, however, these
+ would cause curl to exit with CURLE_NOT_BUILT_IN when c-ares wasn't
+ being used as the backend resolver even if the options weren't set
+ by the user.
- This does not fix known bug #39.
+ Additionally corrected some minor coding style errors from the same
+ commit.
+
+Daniel Stenberg (13 Sep 2013)
+- curl_easy_setopt.3: mention RTMP URL quirks
- URL: http://curl.haxx.se/mail/lib-2013-01/0191.html
+ URL: http://curl.haxx.se/bug/view.cgi?id=1278
+ Reported-by: Gorilla Maguila
-Daniel Stenberg (16 Jan 2013)
-- [Yves Arrouye brought this change]
+- [Ben Greear brought this change]
- --libcurl: fix for non-zero default options
+ curl: Add support for various DNS binding options.
+
+ (Passed on to c-ares.)
- If the default value for an option taking a long as its value is non
- zero, and it is set by zero by a command line option, then that command
- line option is not reflected in --libcurl's output. This is because line
- 520-521 of tool_setopt.c look like:
+ Allows something like this:
- if(!lval)
- skip = TRUE;
+ curl --dns-interface sta8 --dns-ipv4-addr 8.8.1.111 --interface sta8 \
+ --localaddr 8.8.1.111 --dns-servers 8.8.8.1 www.google.com
- An example of a command-line option doing so is the -k option that sets
- CURLOPT_SLL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0L, when the
- defaults are non-zero.
+ Signed-off-by: Ben Greear <greearb@candelatech.com>
-- FTP: reject illegal port numbers in EPSV 229 responses
+- [Kim Vandry brought this change]
-Yang Tse (15 Jan 2013)
-- commit bc682cbd follow-up
+ libcurl: New options to bind DNS to local interfaces or IP addresses
-- build: use per-target '_CPPFLAGS' for those currently using default
-
- Automake documents that doing this will make it choose a different name
- for intermediate object files even when sharing source files across
- targets of same Makefile.am.
-
- Up to automake 1.13.1 target's intermediate object files were placed
- in the build subdirectory of the target. We depended on this, probably
- undocumented behavior, to achieve same behavior as if a per-target flag
- had been specified when building targets that actually belong to
- different Makefile.am files.
-
- It seems automake 1.13.2 is going to break behavior mentioned above.
+- libcurl.3: for multi interface connections are held in the multi handle
- So, lets use a documented behavior in order to achieve same purpose,
- across automake versions, no matter where automake wishes to place
- intermediate object files.
+ ... and a few more cleanups/clarifications
+
+Steve Holme (12 Sep 2013)
+- ftpserver.pl: Fixed missing comma from 7fd84b14d219b1
+
+- ftpserver.pl: Fixed variable error introduced in 7fd84b14d219b1
- Our build targets that already were using a per-target '_CFLAGS' or
- '_CPPFLAGS' need no 'fixing', these were already 'fixed'. The only
- Makefile.am or Makefile.in files in libcurl's source tree touched by
- this 'fix' are tests/libtest/Makefile.inc and tests/unit/Makefile.inc.
+ Global symbol "$mailbox" requires explicit package name
-- tests/libtest/Makefile.inc: sort build targets
+- ftpserver.pl: Added support for UID command
-- tests/Makefile.am: remove wildcard usage in EXTRA_DIST
+- ftpserver.pl: Added support for LSUB command
-Kamil Dudka (15 Jan 2013)
-- nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
-
- Do not use the error messages from NSS for errors not occurring in NSS.
+- imap: Fixed response check for LSUB and UID commands
-Steve Holme (14 Jan 2013)
-- TODO: Updated following IMAP SASL additions
+- ftpserver.pl: Added support for IMAP COPY command
-Yang Tse (14 Jan 2013)
-- configure: fix automake 1.13 compatibility
-
- Tested with:
-
- buildconf: autoconf version 2.69
- buildconf: autom4te version 2.69
- buildconf: autoheader version 2.69
- buildconf: automake version 1.13.1
- buildconf: aclocal version 1.13.1
- buildconf: libtool version 2.4
- buildconf: GNU m4 version 1.4.16
+- ftpserver.pl: Added support for IMAP CLOSE and EXPUNGE commands
-Daniel Stenberg (13 Jan 2013)
-- BUGS: update bug tracker URL
-
- ... and refresh number of lines of code
+- ftpserver.pl: Added support for POP3 RSET command
-- Curl_resolver_getsock: fix the function description comment
-
- It referred to it by the wrong name and said it returned the wrong value.
+- ftpserver.pl: Added the ability to remember what messages are deleted
- Reported by: Gisle Vanem
+ ...as this will be required for IMAP CLOSE and EXPUNGE commands as well
+ as the POP3 RSET command.
-Kamil Dudka (11 Jan 2013)
-- nss: clear session cache if a client cert from file is used
+Daniel Stenberg (10 Sep 2013)
+- NI_MAXSERV: remove all use of it
- This commit fixes a regression introduced in 052a08ff.
+ Solaris with the SunStudio Compiler is reportedly missing this define,
+ but as we're using it without any good reason on all the places it was
+ used I've now instead switched to just use sensible buffer sizes that
+ fit a 32 bit decimal number. Which also happens to be smaller than the
+ common NI_MAXSERV value which is 32 on most machines.
- NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
- and if we connect second time to the same server, the cached cert/key
- pair is used. If we use multiple client certificates for different
- paths on the same server, we need to clear the session cache to force
- NSS to call the hook again. The commit 052a08ff prevented the session
- cache from being cleared if a client certificate from file was used.
-
- The condition is now fixed to cover both cases: consssl->client_nickname
- is not NULL if a client certificate from the NSS database is used and
- connssl->obj_clicert is not NULL if a client certificate from file is
- used.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1277
+ Reported-by: D.Flinkmann
+
+- http2: use the support HTTP2 draft version in the upgrade header
- Review by: Kai Engert
+ ... instead of HTTP/2.0 to work fine with the nghttpx proxy/server.
-Yang Tse (11 Jan 2013)
-- sockfilt.c: log file descriptor number on read/write error
+Steve Holme (10 Sep 2013)
+- ldap.c: Fix compilation warning
+
+ warning: comparison between signed and unsigned integer expressions
-- [Gisle Vanem brought this change]
+- [Jiri Hruska brought this change]
- packages/DOS/common.dj: remove COFF debug info generation
-
- gcc on DOS hasn't really supported COFF-debug (-gcoff) on djgpp for a
- long time.
-
- "Sounds like the COFF debug info generation has bit-rotted in GCC.
- Nothing new here, no other platform uses COFF AFAIK."
-
- So lets drop it too.
+ imap/pop3/smtp: Speed up SSL connection initialization
- URL: http://curl.haxx.se/mail/lib-2013-01/0130.html
+ Don't wait for the next callback call (usually 1 second) before
+ continuing with protocol specific connection initialization.
-- curl: ignore SIGPIPE - compilation fix - follow-up
+- ldap.c: Corrected build error from commit 857f999353f333
-- test servers: handle W32/W64 SIGBREAK with exit_signal_handler
+- RELEASE-NOTES: Corrected duplicate in bfefe2400a16b8
-- test servers: fix errno, ERRNO and SOCKERRNO usage for W32/W64
+- RELEASE-NOTES: Corrected typo from bfefe2400a16b8
-- sockfilt.c: fix some W64 compiler warnings
+- RELEASE-NOTES: synced with 25c68903756d6b
-Daniel Stenberg (9 Jan 2013)
-- [Nick Zitzmann brought this change]
+Daniel Stenberg (10 Sep 2013)
+- README.http2: explain nghttp2 a little
- docs: the --with-darwinssl option is available on Apple OSes
+Steve Holme (9 Sep 2013)
+- tests: Added test for POP3 TOP command
-Yang Tse (9 Jan 2013)
-- curl: ignore SIGPIPE - compilation fix
+- ftpserver.pl: Added support for POP3 TOP command
-- build: fix circular header inclusion with other packages
-
- This commit renames lib/setup.h to lib/curl_setup.h and
- renames lib/setup_once.h to lib/curl_setup_once.h.
+- tests: Added test for POP3 UIDL command
+
+- ftpserver.pl: Added support for POP3 UIDL command
+
+Daniel Stenberg (9 Sep 2013)
+- http2: adjust to new nghttp2_pack_settings_payload proto
- Removes the need and usage of a header inclusion guard foreign
- to libcurl. [1]
+ This function was modified in nghttp2 git commit a1c3f89c72e51
+
+Kamil Dudka (9 Sep 2013)
+- url: handle abortion by read/write callbacks, too
- Removes the need and presence of an alarming notice we carried
- in old setup_once.h [2]
+ Otherwise, the FTP protocol would unnecessarily hang 60 seconds if
+ aborted in the CURLOPT_HEADERFUNCTION callback.
- ----------------------------------------
+ Reported by: Tomas Mlcoch
+ Bug: https://bugzilla.redhat.com/1005686
+
+Daniel Stenberg (9 Sep 2013)
+- ldap: fix the build for systems with ldap_url_parse()
- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
- up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
- this single inclusion guard is enough to ensure that inclusion of
- lib/setup_once.h done from lib/setup.h is only done once.
+ Make sure that the custom struct fields are only used by code that
+ doesn't use a struct defintion from the outside.
- Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
- protect inclusion of setup_once.h even after commit ec691ca3, this
- was to avoid a circular header inclusion triggered when building a
- c-ares enabled version with c-ares sources available which also has
- a setup_once.h header. Commit ec691ca3 exposes the real nature of
- __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
- foreign to libcurl belonging to c-ares's setup_once.h
+ Attempts to fix the problem introduced in 3dc6fc42bfc61b
+
+Steve Holme (9 Sep 2013)
+- [Jiri Hruska brought this change]
+
+ pingpong: Check SSL library buffers for already read data
- The renaming this commit does, fixes the circular header inclusion,
- and as such removes the need and usage of a header inclusion guard
- foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
+ Otherwise the connection can get stuck during various phases, waiting
+ for new data on the socket using select() etc., but it will never be
+ received as the data has already been read into SSL library.
+
+- imap: Fixed calculation of transfer when partial FETCH received
- 2 - Due to the circular interdependency of old lib/setup_once.h and the
- c-ares setup_once.h header, old file lib/setup_once.h has carried
- back from 2006 up to now days an alarming and prominent notice about
- the need of keeping libcurl's and c-ares's setup_once.h in sync.
+ The transfer size would be calculated incorrectly if the email contained
+ within the FETCH response, had been partially received by the pingpong
+ layer. As such the following, example output, would be seen if the
+ amount remaining was smaller than the amount received:
- Given that this commit fixes the circular interdependency, the need
- and presence of mentioned notice is removed.
+ * Excess found in a non pipelined read: excess = 1394, size = 262,
+ maxdownload = 262, bytecount = 1374
+ * transfer closed with -1112 bytes remaining to read
- All mentioned interdependencies come back from now old days when
- the c-ares project lived inside a curl subdirectory. This commit
- removes last traces of such fact.
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0170.html
+ Reported-by: John Dunn
-Daniel Stenberg (8 Jan 2013)
-- curl: ignore SIGPIPE
+- ftpserver.pl: Fixed empty array checks
- This is a work-around for bug #1180 which is really libcurl's inability
- to ignore SIGPIPE in a few cases. With this work-around at least curl
- won't suffer from it!
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1180
- Reported by: Lluís Batlle i Rossell
-
-Yang Tse (8 Jan 2013)
-- sockfilt.c: fix some compiler warnings
+ ...from commits 28427b408326a1 and e8313697b6554b.
-Daniel Stenberg (8 Jan 2013)
-- Revert "configure: update req to 2.59"
+- ftpserver: Reworked AUTH support to allow for specifying the mechanisms
- This reverts commit 7a6d8b1b1a8fcc184c36d6b6e741e32250b4bacb.
+ Renamed SUPPORTAUTH to AUTH and added support for specifying a list of
+ supported SASL mechanisms to return to the client.
- URL: http://curl.haxx.se/mail/lib-2013-01/0103.html
+ Additionally added the directive to the FILEFORMAT document.
-Steve Holme (8 Jan 2013)
-- pop3: Added support for non-blocking SSL upgrade
+- ftpserver: Reworked CAPA support to allow for specifying the capabilities
- Added support for asynchronous SSL upgrade when using the
- multi-interface.
-
-Daniel Stenberg (8 Jan 2013)
-- configure: update req to 2.59
+ Renamed SUPPORTCAPA to CAPA and added support for specifying a list of
+ supported capabilities to return to the client.
- I ran the 2.59 version of autoupdate that updates obsoleted configure.ac
- constructs to the 2.59 standard. With a little hands-on fiddling I
- prevented it from ruining the quoting in AS_HELP_STRING() uses.
+ Additionally added the directive to the FILEFORMAT document.
+
+- ftpserver.pl: Corrected POP3 LIST as message numbers should be contiguous
- I subsequently also bumped the required autoconf version to 2.59
- (released in December 2003) as I don't have an older autoconf version
- around to test with and I can't be bothered to install one either...
+ The message numbers given in the LIST response are an index into the
+ list, which are only valid for the current session, rather than being a
+ unique message identifier. An index would only be missing from the LIST
+ response if a DELE command had been issued within the same session and
+ had not been committed by the end of session QUIT command. Once
+ committed the POP3 server will regenerate the message numbers in the
+ next session to be contiguous again. As such our LIST response should
+ list message numbers contiguously until we support a DELE command in the
+ same session.
- Inspired by: Björn Stenberg
- Related blog post: http://cazfi.livejournal.com/195108.html
+ Should a POP3 user require the unique message ID for any or all
+ messages then they should use the extended UIDL command. This command
+ will be supported by the test ftpserver in an upcoming commit.
+
+Daniel Stenberg (8 Sep 2013)
+- [Clemens Gruber brought this change]
-Steve Holme (7 Jan 2013)
-- imap.c: Small tidy up to add missing comment
+ curl_easy_pause: suggest one way to unpause
-- imap: Added support for sasl digest-md5 authentication
+Steve Holme (8 Sep 2013)
+- tests: Updated descriptions to be more meaningful
-- imap: Added support for sasl cram-md5 authentication
+- tests: Added test for POP3 NOOP command
-Marc Hoersken (7 Jan 2013)
-- tests/server/sockfilt.c: Fixed integer comparison warning
+- ftpserver.pl: Added support for POP3 NOOP command
-- tests/server/sockfilt.c: Include required Win32 headers
+- ftpserver.pl: Fixed 'Use of uninitialized value $args in string ne'
-Steve Holme (7 Jan 2013)
-- imap: Added support for sasl ntlm authentication
+- tests: Added test for POP3 STAT command
-- imap: Added support for sasl login authentication
+- ftpserver.pl: Added support for POP STAT command
-- pop3.c: Fixed default authentication detection
+- ftpserver.pl: Moved POP3 QUIT handler into own function
+
+- ftpserver.pl: Reordered the POP3 handlers to be alphabetical
- Fixed an issue where a server may positively respond to the CAPA command
- but not list clear text as a valid authentication type.
+ In preparation for additional POP3 tests, re-ordered the command
+ function defintions to be sorted alphabetically.
-- curl_sasl.c: Small code tidy up following imap changes
+- ftpserver.pl: Corrected misaligned indentation in POP3 handlers
+
+ Fixed incorrect indentation used in both the RETR_pop3 and LIST_pop3
+ functions which was 5 and 9 characters rather than 4 and 8.
-- smtp.c: Small code tidy up following imap changes
+- tests: Added test for POP3 DELE command
-- pop3.c: Small code tidy up following imap changes
+unknown (7 Sep 2013)
+- [Steve Holme brought this change]
-- imap: Added support for sasl plain text authentication
+ ftpserver.pl: Added support for POP3 DELE command
-Marc Hoersken (6 Jan 2013)
-- tests/server/sockfilt.c: Fixed support for listening sockets
-
- This commit fixes support for sockets that are ready to accept
- a new connection and have previously been put into listening mode.
+Daniel Stenberg (7 Sep 2013)
+- http2: include curl_memory.h
- It also includes changes which are the result of investigation
- regarding Windows STDIN. These changes are the preparation for further
- improvements regarding support for reading data from STDIN on Windows.
+ Detected by test 1132
+
+Nick Zitzmann (7 Sep 2013)
+- http: fix build warning under LLVM
- Open issue: WaitForMultipleObjectsEx does not support PIPE handles
- which are returned by GetStdHandle while running without a GUI.
+ When building the code using LLVM Clang without NGHTTP2, I was getting
+ this warning:
+ ../lib/http.h:155:1: warning: empty struct is a GNU extension [-Wgnu]
+ Placing a dummy variable into the data structure silenced the warning.
-- tests/server/sockfilt.c: Set Windows Console to binary mode
+Daniel Stenberg (7 Sep 2013)
+- http2: actually init nghttp2 and send HTTP2-Settings properly
-- tests/server/sockfilt.c: Improved log error messages
-
- Include error code and parameters in error messages.
+- README.http2: how to use it best with the multi API?
-Steve Holme (6 Jan 2013)
-- imap: Introduced the continue response in imap_endofresp()
+- http2: first embryo toward Upgrade:
-- imap: Added support for SASL based authentication mechanism detection
+- http: rename use_http_1_1 to use_http_1_1plus
- Added support for detecting the supported SASL authentication mechanisms
- via the CAPABILITY command.
+ Since it now actually says if 1.1 or a later version should be used.
-Yang Tse (6 Jan 2013)
-- Revert changes relative to lib/*.[ch] recent renaming
-
- This reverts renaming and usage of lib/*.h header files done
- 28-12-2012, reverting 2 commits:
-
- f871de0... build: make use of 76 lib/*.h renamed files
- ffd8e12... build: rename 76 lib/*.h files
-
- This also reverts removal of redundant include guard (redundant thanks
- to changes in above commits) done 2-12-2013, reverting 1 commit:
-
- c087374... curl_setup.h: remove redundant include guard
-
- This also reverts renaming and usage of lib/*.c source files done
- 3-12-2013, reverting 3 commits:
-
- 13606bb... build: make use of 93 lib/*.c renamed files
- 5b6e792... build: rename 93 lib/*.c files
- 7d83dff... build: commit 13606bbfde follow-up 1
-
- Start of related discussion thread:
+- configure: improve CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH
- http://curl.haxx.se/mail/lib-2013-01/0012.html
-
- Asking for confirmation on pushing this revertion commit:
+ The compiler test used a variable before it was assigned when it tried
+ to see how it acts on a mismatching prototype, which could cause a false
+ positive.
+
+- [Petr Písař brought this change]
+
+ Pass password to OpenSSL engine by user interface
- http://curl.haxx.se/mail/lib-2013-01/0048.html
+ Recent OpenSSL uses user interface abstraction to negotiate access to
+ private keys in the cryprographical engines. An OpenSSL application is
+ expected to implement the user interface. Otherwise a default one
+ provided by OpenSSL (interactive standard I/O) will be used and the
+ aplication will have no way how to pass a password to the engine.
- Confirmation summary:
+ Longer-desc: http://curl.haxx.se/mail/lib-2013-08/0265.html
+
+- urlglob: improved error messages and column number on bad use
- http://curl.haxx.se/mail/lib-2013-01/0079.html
+ Introduce a convenience macro and keep of the column better so that it
+ can point out the offending column better.
- NOTICE: The list of 2 files that have been modified by other
- intermixed commits, while renamed, and also by at least one
- of the 6 commits this one reverts follows below. These 2 files
- will exhibit a hole in history unless git's '--follow' option
- is used when viewing logs.
+ Updated test 75 accordingly.
+
+- urlglob: avoid error code translation
- lib/curl_imap.h
- lib/curl_smtp.h
+ By using the correct values from the start we don't have to translate
+ them!
-Daniel Stenberg (6 Jan 2013)
-- mk-ca-bundle.1: convert syntax to what's used elsewhere
+- urlglob: avoid NULL pointer dereference
- ... mostly to make sure roffit works better on it, but also to make our
- man pages use a more unified style.
+ Thanks to clang-analyzer
+
+- [Gisle Vanem brought this change]
-- mk-ca-bundle.1: mention new -f, fix outputfile output
+ http2: use correct include for snprintf
- also edited a few sentences to become more verbose
+ Using the first little merge of nghttp2 into libcurl, I stumbeled on the
+ missing 'snprintf' in MSVCRT. Isn't this how we do it for other libcurl
+ files? I.e. use 'curl_msnprintf' and not 'snprintf' directly:
-- mk-ca-bundle: add -f, support passing to stdout and more
+- --data: mention CRLF treatment when reading from file
+
+- [Geoff Beier brought this change]
+
+ LDAP: fix bad free() when URL parsing failed
- 1. When the downloaded data file from Mozilla is current, but the output
- bundle does not exist: continue processing to create the bundle. The
- goal is to have the output file - not just download the latest input.
+ When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries
+ could be freed even though they sometimes point to data within an
+ allocated area.
- 2. added -f option to force re-processing the file. Useful for
- debugging/testing the process.
+ This change introduces a lud_attrs_dup[] array for the duplicated string
+ pointers, and it removes the unused lud_exts array.
- 3. added support for output to '-' (stdout), allowing the output to be
- piped.
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html
+
+Nick Zitzmann (5 Sep 2013)
+- darwinssl: add support for PKCS#12 files for client authentication
- 4. All progress and error messages go to STDERR rather than STDOUT (3)
+ I also documented the fact that the OpenSSL engine also supports them.
+
+Daniel Stenberg (5 Sep 2013)
+- symbols: added HTTP2 symbols and sorted list
- 5. The script opened and closed the output file many times
- unnecessarily. It now opens it once, does the output and closes it.
+ CURL_HTTP_VERSION_2_0 and CURL_VERSION_HTTP2 are new
+
+- configure: add HTTP2 as a curl-config --feature output
- 6. Backup of the input files happens after successful processing, not
- before.
+ Fixes the test 1014 failure
+
+- curl: unbreak --http1.0 again
- 7. The output is written to a temporary file, and renamed to the
- requested name after backup - this greatly reduces the window where the
- file can be seen partially written.
+ I broke it in 2eabb7d590
+
+- SASL: fix compiler warnings
- 8. all die calls have a \n at the end to suppress perl's traceback - the
- traceback isn't useful to end users.
+ comparison between signed and unsigned integer expressions
- Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html
+ suggest parentheses around '&&' within '||' (twice)
-Yang Tse (5 Jan 2013)
-- imap test server: fix typo in name of SELECT_imap() sub definition
-
- IMAP test server breaking typo introduced with commit b708a522a1
+- curl: add --http1.1 and --http2.0 options
-Steve Holme (4 Jan 2013)
-- imap test server: Added support for the CAPABILITY command
-
- Added support for the CAPABILITY command in preparation of upcoming
- changes.
-
-Daniel Stenberg (3 Jan 2013)
-- writeout: -w now supports remote_ip/port and local_ip/port
-
- Added mention to the curl.1 man page.
-
- Test case 1223 verifies remote_ip/port.
-
-Yang Tse (3 Jan 2013)
-- test 1222: 8 chars object name generation && test 1221: adjustments
-
-Daniel Stenberg (3 Jan 2013)
-- INTERNALS: remove "footnote" never used
-
-Yang Tse (3 Jan 2013)
-- build: commit 13606bbfde follow-up 1
-
-Daniel Stenberg (3 Jan 2013)
-- FAQ: Can I write a server with libcurl?
-
-Yang Tse (3 Jan 2013)
-- build: rename 93 lib/*.c files
-
- 93 lib/*.c source files renamed to use our standard naming scheme.
-
- This commit only does the file renaming.
-
- ----------------------------------------
-
- renamed: lib/amigaos.c -> lib/curl_amigaos.c
- renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c
- renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c
- renamed: lib/axtls.c -> lib/curl_axtls.c
- renamed: lib/base64.c -> lib/curl_base64.c
- renamed: lib/bundles.c -> lib/curl_bundles.c
- renamed: lib/conncache.c -> lib/curl_conncache.c
- renamed: lib/connect.c -> lib/curl_connect.c
- renamed: lib/content_encoding.c -> lib/curl_content_encoding.c
- renamed: lib/cookie.c -> lib/curl_cookie.c
- renamed: lib/cyassl.c -> lib/curl_cyassl.c
- renamed: lib/dict.c -> lib/curl_dict.c
- renamed: lib/easy.c -> lib/curl_easy.c
- renamed: lib/escape.c -> lib/curl_escape.c
- renamed: lib/file.c -> lib/curl_file.c
- renamed: lib/fileinfo.c -> lib/curl_fileinfo.c
- renamed: lib/formdata.c -> lib/curl_formdata.c
- renamed: lib/ftp.c -> lib/curl_ftp.c
- renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c
- renamed: lib/getenv.c -> lib/curl_getenv.c
- renamed: lib/getinfo.c -> lib/curl_getinfo.c
- renamed: lib/gopher.c -> lib/curl_gopher.c
- renamed: lib/gtls.c -> lib/curl_gtls.c
- renamed: lib/hash.c -> lib/curl_hash.c
- renamed: lib/hmac.c -> lib/curl_hmac.c
- renamed: lib/hostasyn.c -> lib/curl_hostasyn.c
- renamed: lib/hostcheck.c -> lib/curl_hostcheck.c
- renamed: lib/hostip.c -> lib/curl_hostip.c
- renamed: lib/hostip4.c -> lib/curl_hostip4.c
- renamed: lib/hostip6.c -> lib/curl_hostip6.c
- renamed: lib/hostsyn.c -> lib/curl_hostsyn.c
- renamed: lib/http.c -> lib/curl_http.c
- renamed: lib/http_chunks.c -> lib/curl_http_chunks.c
- renamed: lib/http_digest.c -> lib/curl_http_digest.c
- renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c
- renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
- renamed: lib/http_proxy.c -> lib/curl_http_proxy.c
- renamed: lib/idn_win32.c -> lib/curl_idn_win32.c
- renamed: lib/if2ip.c -> lib/curl_if2ip.c
- renamed: lib/imap.c -> lib/curl_imap.c
- renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c
- renamed: lib/inet_pton.c -> lib/curl_inet_pton.c
- renamed: lib/krb4.c -> lib/curl_krb4.c
- renamed: lib/krb5.c -> lib/curl_krb5.c
- renamed: lib/ldap.c -> lib/curl_ldap.c
- renamed: lib/llist.c -> lib/curl_llist.c
- renamed: lib/md4.c -> lib/curl_md4.c
- renamed: lib/md5.c -> lib/curl_md5.c
- renamed: lib/memdebug.c -> lib/curl_memdebug.c
- renamed: lib/mprintf.c -> lib/curl_mprintf.c
- renamed: lib/multi.c -> lib/curl_multi.c
- renamed: lib/netrc.c -> lib/curl_netrc.c
- renamed: lib/non-ascii.c -> lib/curl_non_ascii.c
- renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h
- renamed: lib/nonblock.c -> lib/curl_nonblock.c
- renamed: lib/nss.c -> lib/curl_nss.c
- renamed: lib/nwlib.c -> lib/curl_nwlib.c
- renamed: lib/nwos.c -> lib/curl_nwos.c
- renamed: lib/openldap.c -> lib/curl_openldap.c
- renamed: lib/parsedate.c -> lib/curl_parsedate.c
- renamed: lib/pingpong.c -> lib/curl_pingpong.c
- renamed: lib/polarssl.c -> lib/curl_polarssl.c
- renamed: lib/pop3.c -> lib/curl_pop3.c
- renamed: lib/progress.c -> lib/curl_progress.c
- renamed: lib/qssl.c -> lib/curl_qssl.c
- renamed: lib/rawstr.c -> lib/curl_rawstr.c
- renamed: lib/rtsp.c -> lib/curl_rtsp.c
- renamed: lib/security.c -> lib/curl_security.c
- renamed: lib/select.c -> lib/curl_select.c
- renamed: lib/sendf.c -> lib/curl_sendf.c
- renamed: lib/share.c -> lib/curl_share.c
- renamed: lib/slist.c -> lib/curl_slist.c
- renamed: lib/smtp.c -> lib/curl_smtp.c
- renamed: lib/socks.c -> lib/curl_socks.c
- renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
- renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c
- renamed: lib/speedcheck.c -> lib/curl_speedcheck.c
- renamed: lib/splay.c -> lib/curl_splay.c
- renamed: lib/ssh.c -> lib/curl_ssh.c
- renamed: lib/sslgen.c -> lib/curl_sslgen.c
- renamed: lib/ssluse.c -> lib/curl_ssluse.c
- renamed: lib/strdup.c -> lib/curl_strdup.c
- renamed: lib/strequal.c -> lib/curl_strequal.c
- renamed: lib/strerror.c -> lib/curl_strerror.c
- renamed: lib/strtok.c -> lib/curl_strtok.c
- renamed: lib/strtoofft.c -> lib/curl_strtoofft.c
- renamed: lib/telnet.c -> lib/curl_telnet.c
- renamed: lib/tftp.c -> lib/curl_tftp.c
- renamed: lib/timeval.c -> lib/curl_timeval.c
- renamed: lib/transfer.c -> lib/curl_transfer.c
- renamed: lib/url.c -> lib/curl_url.c
- renamed: lib/version.c -> lib/curl_version.c
- renamed: lib/warnless.c -> lib/curl_warnless.c
- renamed: lib/wildcard.c -> lib/curl_wildcard.c
-
- ----------------------------------------
-
-- build: make use of 93 lib/*.c renamed files
-
- 93 *.c source files renamed to use our standard naming scheme.
-
- This change affects 77 files in libcurl's source tree.
-
-Daniel Stenberg (3 Jan 2013)
-- INSTALL: unify the SSL library texts
-
- Make them smaller and more similar for each separate SSL library
- supported by the configure build
-
-Yang Tse (2 Jan 2013)
-- curl_setup.h: remove redundant include guard
-
-- build and tests: curl_10char_object_name() shell function
-
- lib/objnames.inc provides definition of curl_10char_object_name() shell
- function. The intended purpose of this function is to transliterate a
- (*.c) source file name that may be longer than 10 characters, or not,
- into a string with at most 10 characters which may be used as an OS/400
- object name.
-
- Test case 1221 does unit testng of this function and also verifies
- that it is possible to generate distinct short object names for all
- curl and libcurl *.c source file names.
-
- lib/objnames-test.sh is the shell script used for test case 1221.
-
- tests/runtests.pl modified to accept shell script test cases.
-
- More details inside lib/objnames.inc and lib/objnames-test.sh
+- Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without support
-- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
-
- automake 1.13 errors if AM_CONFIG_HEADER is used in configure script.
- automake 1.13 no longer autoupdates AM_CONFIG_HEADER to
- AC_CONFIG_HEADERS, thing which automake has been doing since automake
- version 1.7
+- http2: add http2.[ch] and add nghttp2 version output
+
+- curl -V: output HTTP2 as a feature if present
+
+- curl.h: add CURL_VERSION_HTTP2 as a feature
- Given that our first automake supported version is automake 1.7,
- simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems
- enough to yet support same automake versions.
+ It isn't added as a separate protocol as HTTP2 will be done over HTTP://
+ URLs that can be upgraded to HTTP2 if the server supports it as well.
+
+Steve Holme (4 Sep 2013)
+- imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers
- Dave Reisner reported issue with 1.13 and provided patch.
+ XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP
+ or SMTP server advertised support for it even though a user's password
+ was supplied but bearer token wasn't.
- http://curl.haxx.se/mail/lib-2012-12/0246.html
+ Modified the selection logic so that XOAUTH2 will only be selected if
+ the server supports it and A) The curl user/libcurl programmer has
+ specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2)
+ The bearer token is specified. Obviously if XOAUTH is asked for via
+ the login option but no token is specified the user will receive a
+ authentication failure which makes more sense than no known
+ authentication mechanisms supported!
-- curl-override.m4: provide AC_CONFIG_MACRO_DIR definition conditionally
+Daniel Stenberg (4 Sep 2013)
+- curl.h: added CURL_HTTP_VERSION_2_0
- Provide a 'traceable' AC_CONFIG_MACRO_DIR definition only when using
- an autoconf version that does not provide it, instead of what we were
- doing up to now of providing and overriding AC_CONFIG_MACRO_DIR for
- all autoconf versions.
+ Initial library considerations documented in lib/README.http2
-Steve Holme (30 Dec 2012)
-- imap.c: Minor follow up tidy up
+- configure: added --with-nghttp2
-- imap: Code tidy up prior to adding support for the CAPABILITY command
+- acinclude: fix --without-ca-path when cross-compiling
- * Changing the order of the state machine to represent the order in
- which commands are sent to the server.
+ The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check
+ for paths when cross-compiling) causes --without-ca-path to no longer
+ works when cross-compiling, since ca and capath only ever get set to
+ "no" when not cross-compiling, I attach a patch that works for me. Also
+ in the cross-compilation case, no ca-path seems to be a better default
+ (IMVHO) than empty ca-path.
- * Reworking the imap_endofresp() function as the FETCH response doesn't
- include the command id and shouldn't be part of the length comparison
- that takes into account the id string.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1273
+ Patch-by: Stefan Neis
-- pop3_doing: Applied debug info message when function fails
+Steve Holme (2 Sep 2013)
+- lib1512.c: Fixed compilation warning
+
+ An enumerated type is mixed with another type.
- Applied the same debug message as used in smtp_doing() and imap_doing()
- when pop3_multi_statemach() fails.
+ ...as well as a small coding style error.
-- imap_doing: don't call imap_dophase_done() if already failed
+Guenter Knauf (1 Sep 2013)
+- Killed warning 'res' might be used uninitialized.
+
+Steve Holme (1 Sep 2013)
+- url.c: Fixed compilation warning
- Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done()
- isn't called if imap_multi_statemach() fails.
+ An enumerated type is mixed with another type
-- smtp_doing: don't call smtp_dophase_done() if already failed
+- easy.c: Fixed compilation warning
- Applied the POP3 fix from commit 2897ce7dc2e1 so smtp_dophase_done()
- isn't called if smtp_multi_statemach() fails.
+ warning: `code' might be used uninitialized in this function
-Yang Tse (29 Dec 2012)
-- examples/certinfo.c: fix compiler warning
+Daniel Stenberg (31 Aug 2013)
+- -x: rephrased the --proxy section somewhat
-Steve Holme (29 Dec 2012)
-- pop3.c: Removed unnecessary POP3_STOP state changes
-
- Removed unnecessary state changes in pop3_state_starttls_resp()
- following previous fix in IMAP module.
+Steve Holme (31 Aug 2013)
+- tests: Added test for IMAP CHECK command
-- smtp.c: Added extra comments around SMTP_STOP state change
-
- Provided extra comments in the SMTP module following previous IMAP fix.
+- ftpserver.pl: Added support for the IMAP CHECK command
-- imap.c: Fixed bad state error when logging in with invalid credentials
-
- Fixed a problem with the state machine when attempting to log in with
- invalid credentials. The server would report login failure but libcurl
- would not read the response due to inappropriate IMAP_STOP states being
- set after the login was sent.
+Guenter Knauf (31 Aug 2013)
+- Removed reference to krb4.c.
-Yang Tse (29 Dec 2012)
-- imap.c: remove trailing whitespace
+Steve Holme (31 Aug 2013)
+- ftpserver.pl: Corrected flawed logic in commit 1ca6ed7b75cad0
-Steve Holme (28 Dec 2012)
-- imap.c: Code tidy up - Part 2
-
-- imap.c: Code tidy up - Part 1
-
- Applied some of the comment and layout changes that had already been
- applied to the pop3 and smtp code over the last 6 to 9 months.
-
- This is in preparation of adding SASL based authentication.
-
-- pop3.c: Minor code tidy up
-
- Minor tidy up of comments and layout prior to next part of imap work.
-
-- smtp: Minor code tidy up
-
- Minor tidy up of comments and layout prior to next part of imap work.
-
-- curl_imap.h: Tidy up of comments to be more readable
-
-- imap.c: Code tidy up renaming imapsendf() to imap_sendf()
+- imap: Fixed response check for EXPUNGE command
+
+- ftpserver.pl: Added argument check to IMAP command handlers
- Renamed imapsendf() to imap_sendf() to be more in keeping with the
- other imap functions as well as Curl_pp_sendf() that it replaces.
-
-Yang Tse (28 Dec 2012)
-- build: rename 76 lib/*.h files
-
- 76 private header files renamed to use our standard naming scheme.
-
- This commit only does the file renaming.
-
- ----------------------------------------
+ Added BAD argument check to the following IMAP command handlers:
- renamed: amigaos.h -> curl_amigaos.h
- renamed: arpa_telnet.h -> curl_arpa_telnet.h
- renamed: asyn.h -> curl_asyn.h
- renamed: axtls.h -> curl_axtls.h
- renamed: bundles.h -> curl_bundles.h
- renamed: conncache.h -> curl_conncache.h
- renamed: connect.h -> curl_connect.h
- renamed: content_encoding.h -> curl_content_encoding.h
- renamed: cookie.h -> curl_cookie.h
- renamed: cyassl.h -> curl_cyassl.h
- renamed: dict.h -> curl_dict.h
- renamed: easyif.h -> curl_easyif.h
- renamed: escape.h -> curl_escape.h
- renamed: file.h -> curl_file.h
- renamed: fileinfo.h -> curl_fileinfo.h
- renamed: formdata.h -> curl_formdata.h
- renamed: ftp.h -> curl_ftp.h
- renamed: ftplistparser.h -> curl_ftplistparser.h
- renamed: getinfo.h -> curl_getinfo.h
- renamed: gopher.h -> curl_gopher.h
- renamed: gtls.h -> curl_gtls.h
- renamed: hash.h -> curl_hash.h
- renamed: hostcheck.h -> curl_hostcheck.h
- renamed: hostip.h -> curl_hostip.h
- renamed: http.h -> curl_http.h
- renamed: http_chunks.h -> curl_http_chunks.h
- renamed: http_digest.h -> curl_http_digest.h
- renamed: http_negotiate.h -> curl_http_negotiate.h
- renamed: http_proxy.h -> curl_http_proxy.h
- renamed: if2ip.h -> curl_if2ip.h
- renamed: imap.h -> curl_imap.h
- renamed: inet_ntop.h -> curl_inet_ntop.h
- renamed: inet_pton.h -> curl_inet_pton.h
- renamed: krb4.h -> curl_krb4.h
- renamed: llist.h -> curl_llist.h
- renamed: memdebug.h -> curl_memdebug.h
- renamed: multiif.h -> curl_multiif.h
- renamed: netrc.h -> curl_netrc.h
- renamed: non-ascii.h -> curl_non-ascii.h
- renamed: nonblock.h -> curl_nonblock.h
- renamed: nssg.h -> curl_nssg.h
- renamed: parsedate.h -> curl_parsedate.h
- renamed: pingpong.h -> curl_pingpong.h
- renamed: polarssl.h -> curl_polarssl.h
- renamed: pop3.h -> curl_pop3.h
- renamed: progress.h -> curl_progress.h
- renamed: qssl.h -> curl_qssl.h
- renamed: rawstr.h -> curl_rawstr.h
- renamed: rtsp.h -> curl_rtsp.h
- renamed: select.h -> curl_select.h
- renamed: sendf.h -> curl_sendf.h
- renamed: setup.h -> curl_setup.h
- renamed: setup_once.h -> curl_setup_once.h
- renamed: share.h -> curl_share.h
- renamed: slist.h -> curl_slist.h
- renamed: smtp.h -> curl_smtp.h
- renamed: sockaddr.h -> curl_sockaddr.h
- renamed: socks.h -> curl_socks.h
- renamed: speedcheck.h -> curl_speedcheck.h
- renamed: splay.h -> curl_splay.h
- renamed: ssh.h -> curl_ssh.h
- renamed: sslgen.h -> curl_sslgen.h
- renamed: ssluse.h -> curl_ssluse.h
- renamed: strdup.h -> curl_strdup.h
- renamed: strequal.h -> curl_strequal.h
- renamed: strerror.h -> curl_strerror.h
- renamed: strtok.h -> curl_strtok.h
- renamed: strtoofft.h -> curl_strtoofft.h
- renamed: telnet.h -> curl_telnet.h
- renamed: tftp.h -> curl_tftp.h
- renamed: timeval.h -> curl_timeval.h
- renamed: transfer.h -> curl_transfer.h
- renamed: url.h -> curl_url.h
- renamed: urldata.h -> curl_urldata.h
- renamed: warnless.h -> curl_warnless.h
- renamed: wildcard.h -> curl_wildcard.h
+ APPEND, STORE, LIST, EXAMINE, STATUS and SEARCH
+
+- ftpserver.pl: More whitespace corrections
- ----------------------------------------
-
-- build: make use of 76 lib/*.h renamed files
-
- 76 private header files renamed to use our standard naming scheme.
-
- This change affects 322 files in libcurl's source tree.
-
-- lib/*.h: use our standard naming scheme for header inclusion guards
-
-Steve Holme (28 Dec 2012)
-- imsp.c: Fixed usernames and passwords that contain escape characters
-
- Fixed a problem with sending usernames and passwords that contain
- backslash, quotation mark and space characters.
-
-Daniel Stenberg (27 Dec 2012)
-- curl.1: extend the -X, --request description
-
-- RELEASE-NOTES: synced with e3ed2b82e6
-
-- [Nick Zitzmann brought this change]
-
- darwinssl: Fixed inability to disable peer verification
-
- ... on Snow Leopard and Lion
-
- Snow Leopard introduced the SSLSetSessionOption() function, but it
- doesn't disable peer verification as expected on Snow Leopard or
- Lion (it works as expected in Mountain Lion). So we now use sysctl()
- to detect whether or not the user is using Snow Leopard or Lion,
- and if that's the case, then we now use the deprecated
- SSLSetEnableCertVerify() function instead to disable peer verification.
-
-Yang Tse (26 Dec 2012)
-- curl tool: rename hugehelp files to tool_hugehelp
-
-- curl tool: renaming hugehelp files to tool_hugehelp
-
-- sockfilt.c: commit b44da5a82a follow-up 2
-
-- sockfilt.c: commit b44da5a82a follow-up
-
-- sockfilt.c: fix some compiler warnings
+ LIST_imap() had a second level of indentation at 9 characters and not 8.
-- curl_multi_remove_handle: commit 0aabfd9963 follow-up
+- ftpserver.pl: Small correction tidy up
+
+ Corrected some IMAP variable names and whitespace issues.
-Daniel Stenberg (25 Dec 2012)
-- lib556: enable VERBOSE to ease debugging on failures
+- [Kyle L. Huff brought this change]
-Marc Hoersken (25 Dec 2012)
-- socklift.c: Quick fix to re-add missing code
+ docs: Added documentation for CURLOPT_BEARER
-- socklift.c: Added select_ws function to support Windows
-
- WinSock select() does not support standard file descriptors,
- it can only check SOCKETs. The following function is an attempt
- to create a select() function with support for other handles.
+- [Kyle L. Huff brought this change]
-Yang Tse (25 Dec 2012)
-- Enable tests 1503, 1504 and 1505
+ curl.1: Add usage of '--bearer' option
-- curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
+- tests: Added tests for IMAP CREATE, DELETE and RENAME commands
-- Curl_hash_clean: OOM handling fix
+Daniel Stenberg (30 Aug 2013)
+- ftpserver: Bareword "to_mailbox" not allowed
+
+ Added missing $
-- test 1504 and 1505: same as 1502 but with different cleanup sequences
+Steve Holme (30 Aug 2013)
+- ftpserver.pl: Added support for IMAP CREATE, DELETE and RENAME commands
-Daniel Stenberg (24 Dec 2012)
-- Curl_conncache_foreach: allow callback to break loop
+Daniel Stenberg (29 Aug 2013)
+- FTP: fix getsock during DO_MORE state
- ... and have it take a proper 'struct connectdata *' as first argument
+ ... when doing upload it would return the wrong values at times. This
+ commit attempts to cleanup the mess.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0109.html
+ Reported-by: Mike Mio
-- pop3_doing: don't call pop3_dophase_done() if already failed
+- curl_multi_remove_handle: allow multiple removes
- ... it also clobbered the 'result' return value so that it wouldn't
- return the error back to the parent function properly, which broke test
- 809 when run with 'multi-always'.
+ When removing an already removed handle, avoid that to ruin the
+ internals and just return OK instead.
-Yang Tse (23 Dec 2012)
-- test 1503: same as 1502 but with a different cleanup sequence
+Steve Holme (29 Aug 2013)
+- ftpserver.pl: Updated IMAP EXAMINE handler to use dynamic test data
-- test 1502: OOM handling fixes
+Daniel Stenberg (29 Aug 2013)
+- unit1304: include memdebug and free everything correctly
-- curl_multi_wait: OOM handling fix
+- Curl_parsenetrc: document that the arguments must be allocated
-- [Daniel Stenberg brought this change]
+- easy: rename struct monitor to socketmonitor
+
+ 'struct monitor', introduced in 6cf8413e, already exists in an IRIX
+ header file (sys/mon.h) which gets included via various standard headers
+ by lib/easy.c
+
+ cc-1101 cc: ERROR File = ../../curl/lib/easy.c, Line = 458
+ "monitor" has already been declared in the current scope.
+
+ Reported-by: Tor Arntsen
- curl_multi_wait: avoid an unnecessary memory allocation
+Steve Holme (29 Aug 2013)
+- ftpserver.pl: Added SELECT check to IMAP FETCH and STORE handlers
-- runtests.pl: prepend $srcdir to HTTPTLS server config files path
+- ftpserver.pl: Corrected accidental move of logmsg() call
+
+ Corrected the call to logmsg() in the IMAP SEARCH handler from commit
+ 4ae7b7ea691497 as it should have been outputting the what argument and
+ not the test number.
-- multi.c: OOM handling fix
+Daniel Stenberg (28 Aug 2013)
+- ftpserver: add missing '}' from 4ae7b7ea69149
-- lib543.c: OOM handling fixes
+Steve Holme (28 Aug 2013)
+- ftpserver.pl: Added SELECT check to IMAP SEARCH command
-- configure: add internal sanity check (warn only) on vars for makefiles
+- ftpserver.pl: Fixed IMAP SEARCH command
-Daniel Stenberg (21 Dec 2012)
-- SCP: relative path didn't work
-
- When prefixing a path with /~/ it is supposed to be used relative to the
- user's home directory but it didn't work. Now we cut off the entire
- three byte sequenct "/~/" which seems to be how OpenSSH does it.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=1173
- Reported by: Balaji Parasuram
+Daniel Stenberg (28 Aug 2013)
+- bump: next release is 7.33.0 due to added features
-Yang Tse (21 Dec 2012)
-- configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS
+- symbols-in-versions: add CURLOPT_XOAUTH2_BEARER
-- configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS
+Steve Holme (28 Aug 2013)
+- tests: Added test for IMAP SEARCH command
-- bundles connection caching: some out of memory handling fixes
+Daniel Stenberg (28 Aug 2013)
+- valgrind.supp: fix for regular curl_easy_perform too
+
+ When we introduced curl_easy_perform_ev, this got a slightly modified
+ call trace. Without this, test 165 causes a false positive valgrind
+ error.
-- libntlmconnect.c: fix compiler warnings and OOM handling
+- valgrind.supp: add the event-based call stack-trace too
+
+ Without this, test 165 triggers a valgrind error when ran with
+ curl_easy_perform_ev
-- configure.ac: clear local test intended variables before use
+- multi_socket: improved 100-continue timeout handling
+
+ When waiting for a 100-continue response from the server, the
+ Curl_readwrite() will refuse to run if called until the timeout has been
+ reached.
+
+ We timeout code in multi_socket() allows code to run slightly before the
+ actual timeout time, so for test 154 it could lead to the function being
+ executed but refused in Curl_readwrite() and then the application would
+ just sit idling forever.
+
+ This was detected with runtests.pl -e on test 154.
-- VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c)
+Steve Holme (27 Aug 2013)
+- ftpserver.pl: Added support for IMAP SEARCH command
-- curl-functions.m4: improve gethostname arg 2 data type check
+- tool_operate.c: Fixed compilation warning
+
+ warning: implicit declaration of function 'checkpasswd'
-- setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.
+- curl: Moved check for password out of get parameter loop
- Also reverts commit f254c59dc7
+ Moved the calls to checkpasswd() out of the getparameter() function
+ which allows for any related arguments to be specified on the command
+ line before or after --user (and --proxy-user).
+
+ For example: --bearer doesn't need to be specified before --user to
+ prevent curl from asking for an unnecessary password as is the case
+ with commit e7dcc454c67a2f.
-- configure: check if compiler halts on function prototype mismatch
+- RELEASE-NOTES: synced with acf59be7f09a7
-- warnless.c: fix compiler warnings
+- [Kyle L. Huff brought this change]
-- curl-functions.m4: add gethostname arg 2 data type check and definition
+ curl: added --bearer option to help
+
+ Added the --bearer option to the help output
-Daniel Stenberg (14 Dec 2012)
-- [Nick Zitzmann brought this change]
+- [Kyle L. Huff brought this change]
- darwinssl: Fix implicit conversion compiler warnings
+ curl: added basic SASL XOAUTH2 support
- The Clang compiler found a few implicit conversion problems that have
- now been fixed.
-
-Yang Tse (14 Dec 2012)
-- setup_once.h: HP-UX <sys/socket.h> issue workaround
+ Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
+ --bearer option.
- Issue: When building a 32bit target with large file support HP-UX
- <sys/socket.h> header file may simultaneously provide two different
- sets of declarations for sendfile and sendpath functions, one with
- static and another with external linkage. Given that we do not use
- mentioned functions we really don't care which linkage is the
- appropriate one, but on the other hand, the double declaration emmits
- warnings when using the HP-UX compiler and errors when using modern
- gcc versions resulting in fatal compilation errors.
+ Example usage:
+ curl --url "imaps://imap.gmail.com:993/INBOX/;UID=1" --ssl-reqd
+ --bearer ya29.AHES6Z...OMfsHYI --user username@example.com
+
+- tool_urlglob.c: Fixed compiler warnings
- Mentioned issue is now fixed as long as we don't use sendfile nor
- sendpath functions.
+ warning: 'variable' may be used uninitialized in this function
-- setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
+Daniel Stenberg (26 Aug 2013)
+- security.h: rename to curl_sec.h to avoid name collision
- Inclusion of top two most included header files now done in setup_once.h
+ I brought back security.h in commit bb5529331334e. As we actually
+ already found out back in 2005 in commit 62970da675249, the file name
+ security.h causes problems so I renamed it curl_sec.h instead.
-- setup_once.h: HP-UX specific TRUE and FALSE definitions
+- runtests.pl: allow -vc point to a separate curl binary to verify with
- Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.
+ The specified curl binary will then be used to verify the running
+ server(s) instead of the development version. This is very useful in
+ some cases when the development version fails to verify correctly as
+ then the test case may not run at all.
+
+ The actual test will still be run with the "normal" curl executable
+ (unless the test case specifies something differently).
+
+Steve Holme (26 Aug 2013)
+- [Kyle L. Huff brought this change]
-Daniel Stenberg (12 Dec 2012)
-- gopher: #include cleanup
+ smtp: added basic SASL XOAUTH2 support
- Remove all system file includes from this file as they're not needed
+ Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for
+ authentication using RFC6749 "OAuth 2.0 Authorization Framework".
- Reported by: Dan Fandrich
+ The bearer token is expected to be valid for the user specified in
+ conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+ an advertised auth mechanism of "XOAUTH2", the user and access token are
+ formatted as a base64 encoded string and sent to the server as
+ "AUTH XOAUTH2 <bearer token>".
-Yang Tse (11 Dec 2012)
-- examples/simplessl.c: fix compiler warning
+- [Kyle L. Huff brought this change]
-- examples/externalsocket.c: fix SunPro compilation issue
+ imap: added basic SASL XOAUTH2 support
+
+ Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for
+ authentication using RFC6749 "OAuth 2.0 Authorization Framework".
+
+ The bearer token is expected to be valid for the user specified in
+ conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+ an advertised auth mechanism of "XOAUTH2", the user and access token are
+ formatted as a base64 encoded string and sent to the server as
+ "A001 AUTHENTICATE XOAUTH2 <bearer token>".
-- examples/simplessl.c: fix compiler warning
+- security.h: Fixed compilation warning
+
+ ISO C forbids forward references to 'enum' types
-- build: add bundles and conncache files to other build systems
+Daniel Stenberg (26 Aug 2013)
+- KNOWN_BUGS: refer to bug numbers with the existing number series
+
+ The old numbers would still redirect but who knows for how long...
-- conncache: fix enumerated type mixed with another type
+Steve Holme (25 Aug 2013)
+- [Kyle L. Huff brought this change]
-- examples/anyauthput.c: fix Tru64 compilation issue
+ options: added basic SASL XOAUTH2 support
+
+ Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
+ option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth
+ 2.0 Authorization Framework".
-Daniel Stenberg (8 Dec 2012)
-- [Colin Watson brought this change]
+- [Kyle L. Huff brought this change]
- configure: fix cross pkg-config detection
+ sasl: added basic SASL XOAUTH2 support
- When cross-compiling, CURL_CHECK_PKGCONFIG was checking for the cross
- pkg-config using ${host}-pkg-config.
+ Added the ability to generated a base64 encoded XOAUTH2 token
+ containing: "user=<username>^Aauth=Bearer <bearer token>^A^A"
+ as per RFC6749 "OAuth 2.0 Authorization Framework".
+
+Daniel Stenberg (25 Aug 2013)
+- FTP: remove krb4 support
- The gold standard for doing this correctly is pkg-config's own macro,
- PKG_PROG_PKG_CONFIG. However, on the assumption that you have a good
- reason not to use that directly (reduced dependencies for maintainer
- builds?), the behaviour of cURL's version should at least match.
- PKG_PROG_PKG_CONFIG uses AC_PATH_TOOL, which ultimately ends up trying
- ${host_alias}-pkg-config; this is not quite the same as what cURL does,
- and may differ because ${host} has been run through config.sub. For
- instance, when cross-building to the armhf architecture on Ubuntu,
- ${host_alias} is arm-linux-gnueabihf while ${host} is
- arm-unknown-linux-gnueabihf. This may also have been the cause of the
- problem reported at http://curl.haxx.se/mail/lib-2012-04/0224.html.
+ We've announced this pending removal for a long time and we've
+ repeatedly asked if anyone would care or if anyone objects. Nobody has
+ objected. It has probably not even been working for a good while since
+ nobody has tested/used this code recently.
- AC_PATH_TOOL is significantly simpler than cURL's current code, and
- dates back to well before the current minimum of Autoconf 2.57, so let's
- use it instead.
+ The stuff in krb4.h that was generic enough to be used by other sources
+ is now present in security.h
-- [Linus Nielsen Feltzing brought this change]
+- easy: define away easy_events() for non-debug builds
- Introducing a new persistent connection caching system using "bundles".
-
- A bundle is a list of all persistent connections to the same host.
- The connection cache consists of a hash of bundles, with the
- hostname as the key.
- The benefits may not be obvious, but they are two:
+- FAQ: editorial updates
- 1) Faster search for connections to reuse, since the hash
- lookup only finds connections to the host in question.
- 2) It lays out the groundworks for an upcoming patch,
- which will introduce multiple HTTP pipelines.
+ Several language fixes. Several reformats that should make the HTML
+ generation of this document look better.
- This patch also removes the awkward list of "closure handles",
- which were needed to send QUIT commands to the FTP server
- when closing a connection.
- Now we allocate a separate closure handle and use that
- one to close all connections.
-
- This has been tested in a live system for a few weeks, and of
- course passes the test suite.
+ Reported-by: Dave Thompson
-- [Fabian Keil brought this change]
+- RELEASE-NOTES: synced with 22adb46a32bee
- runtests and friends: Do not add undefined values to @INC
+- multi: move on from STATE_DONE faster
- On FreeBSD this fixes the warning:
- Use of uninitialized value $p in string eq at /usr/local/lib/perl5/5.14.2/BSDPAN/BSDPAN.pm line 36.
-
-Steve Holme (5 Dec 2012)
-- Merge pull request #52 from isn-/master
+ Make sure we always return CURLM_CALL_MULTI_PERFORM when we reach
+ CURLM_STATE_DONE since the state is transient and it can very well
+ continue executing as there is nothing to wait for.
- small compilation fix
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0211.html
+ Reported-by: Yi Huang
-Stanislav Ivochkin (5 Dec 2012)
-- build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
+- curl.h: name space pollution by "enum type"
+
+ Renamed to "enum curl_khtype" now. Will break compilation for programs
+ that rely on the enum name.
+
+ Bug: https://github.com/bagder/curl/pull/76
+ Reported-by: Shawn Landden
-Yang Tse (5 Dec 2012)
-- libtest: fix some compiler warnings
+- TFTP: make the CURLOPT_LOW_SPEED* options work
+
+ ... this also makes sure that the progess callback gets called more
+ often during TFTP transfers.
+
+ Added test 1238 to verify.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1269
+ Reported-by: Jo3
-- examples: fix compilation issues - commit 7332a7cafb follow-up
+- tftpd: support "writedelay" within <servercmd>
-- examples: fix compilation issues - commit 23f8dca6fb follow-up
+- tftpd: convert 6 global variables into local ones
-- examples: fix compilation issues
+- [Gisle Vanem brought this change]
-- build: explain current role of LIBS in our Makefile.am files
+ curl_easy_perform_ev: make it CURL_EXTERN
- BLANK_AT_MAKETIME may be used in our Makefile.am files to blank
- LIBS variable used in generated makefile at makefile processing
- time. Doing this functionally prevents LIBS from being used for
- all link targets in given makefile.
+ I build curl.exe (using MingW) with '-DCURLDEBUG' and by importing from
+ libcurl.dll. Which means the new curl_easy_perform_ev() must be
+ exported from libcurl.dll.
-Daniel Stenberg (4 Dec 2012)
-- multi: fix re-sending request on early connection close
+- CURLM_ADDED_ALREADY: new error code
- This handling already works with the easy-interface code. When a request
- is sent on a re-used connection that gets closed by the server at the
- same time as the request is sent, the situation may occur so that we can
- send the request and we discover the broken connection as a RECV_ERROR
- in the PERFORM state and then the request needs to be retried on a fresh
- connection. Test 64 broke with 'multi-always-internally'.
+ Doing curl_multi_add_handle() on an easy handle that is already added to
+ a multi handle now returns this error code. It previously returned
+ CURLM_BAD_EASY_HANDLE for this condition.
-Yang Tse (4 Dec 2012)
-- configure: add minimal sanity check on user provided LIBS and LDFLAGS
+- multi_init: moved init code here from add_handle
+
+ The closure_handle is "owned" by the multi handle and it is
+ unconditional so the setting up of it should be in the Curl_multi_handle
+ function rather than curl_multi_add_handle.
-- build: prevent global LIBS from influencing src and lib build targets
+- multi: remove dns cache creation code from *add_handle
- Currently, LIBS is already used through other macros.
+ As it is done unconditionally in multi_init() this code will never run!
-Kamil Dudka (3 Dec 2012)
-- nss: prevent NSS from crashing on client auth hook failure
+- curl_easy_perform_ev: debug/test function
- Although it is not explicitly stated in the documentation, NSS uses
- *pRetCert and *pRetKey even if the client authentication hook returns
- a failure. Namely, if we destroy *pRetCert without clearing *pRetCert
- afterwards, NSS destroys the certificate once again, which causes a
- double free.
+ This function is meant to work *exactly* as curl_easy_perform() but will
+ use the event-based libcurl API internally instead of
+ curl_multi_perform(). To avoid relying on an actual event-based library
+ and to not use non-portable functions (like epoll or similar), there's a
+ rather inefficient emulation layer implemented on top of Curl_poll()
+ instead.
- Reported by: Bob Relyea
-
-Yang Tse (30 Nov 2012)
-- testcurl.pl: build example programs for several autobuilds
+ There's currently some convenience logging done in curl_easy_perform_ev
+ which helps when tracking down problems. They may be suitable to remove
+ or change once things seem to be fine enough.
- Affected autobuilds: IRIX, AIX, Tru64 and AIX.
+ curl has a new --test-event option when built with debug enabled that
+ then uses curl_easy_perform_ev() instead of curl_easy_perform(). If
+ built without debug, using --test-event will only output a warning
+ message.
+
+ NOTE: curl_easy_perform_ev() is not part if the public API on purpose.
+ It is only present in debug builds of libcurl and MUST NOT be considered
+ stable even then. Use it for libcurl-testing purposes only.
+
+ runtests.pl now features an -e command line option that makes it use
+ --test-event for all curl command line tests. The man page is updated.
-- build: prevent global LIBS from influencing examples build targets
+- [Gisle Vanem brought this change]
-- build: prevent global LIBS from influencing libtest build targets
+ transfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONS
-- build: prevent global LIBS from influencing test server build targets
+- test1237: verify 1000+ letter user name + passwords
-- build: fix Windows build targets damaged since commit 550e403f00
+- [Jonathan Nieder brought this change]
-- build: avoid linkage of directly unused libraries
+ url: handle arbitrary-length username and password before '@'
+
+ libcurl quietly truncates usernames, passwords, and options from
+ before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1)
+ characters to fit in fixed-size buffers on the stack. Allocate a
+ buffer large enough to fit the parsed fields on the fly instead to
+ support longer passwords.
+
+ After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH
+ left, so stop defining that constant while at it. The hardcoded max
+ username and password length constants, on the other hand, are still
+ used in HTTP proxy credential handling (which this patch doesn't
+ touch).
+
+ Reported-by: Colby Ranger
-- dd missing NTLM feature for tests 2025, and 2028 to 2032
+- [Jonathan Nieder brought this change]
+
+ url: handle exceptional cases first in parse_url_login()
+
+ Instead of nesting "if(success)" blocks and leaving the reader in
+ suspense about what happens in the !success case, deal with failure
+ cases early, usually with a simple goto to clean up and return from
+ the function.
+
+ No functional change intended. The main effect is to decrease the
+ indentation of this function slightly.
-- avoid mixing of enumerated type with another type
+- [Jonathan Nieder brought this change]
-- multi.c: disambiguate precedence of bitwise and relational operation
+ Curl_setopt: handle arbitrary-length username and password
+
+ libcurl truncates usernames, passwords, and options set with
+ curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters.
+ This doesn't affect the return value from curl_easy_setopt(), so from
+ the caller's point of view, there is no sign anything strange has
+ happened, except that authentication fails.
+
+ For example:
+
+ # Prepare a long (300-char) password.
+ s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s;
+ # Start a server.
+ nc -l -p 8888 | tee out & pid=$!
+ # Tell curl to pass the password to the server.
+ curl --user me:$s http://localhost:8888 & sleep 1; kill $pid
+ # Extract the password.
+ userpass=$(
+ awk '/Authorization: Basic/ {print $3}' <out |
+ tr -d '\r' |
+ base64 -d
+ )
+ password=${userpass#me:}
+ echo ${#password}
+
+ Expected result: 300
+ Actual result: 255
+
+ The fix is simple: allocate appropriately sized buffers on the heap
+ instead of trying to squeeze the provided values into fixed-size
+ on-stack buffers.
+
+ Bug: http://bugs.debian.org/719856
+ Reported-by: Colby Ranger
-Daniel Stenberg (26 Nov 2012)
-- [Fabian Keil brought this change]
+- [Jonathan Nieder brought this change]
- Remove stray CRLF in chunk-encoded content-free request bodies
+ netrc: handle longer username and password
- .. that are sent when auth-negotiating before a chunked
- upload or when setting the 'Transfer-Encoding: chunked'
- header and intentionally sending no content.
+ libcurl truncates usernames and passwords it reads from .netrc to
+ LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
+ the user, to ensure the values returned from Curl_parsenetrc fit in a
+ caller-provided buffer.
- Adjust test565 and test1333 accordingly.
-
-- FAQ: clarify the 3.4 section
+ Fix the interface by passing back dynamically allocated buffers
+ allocated to fit the user's input. The parser still relies on a
+ 256-character buffer to read each line, though.
- You can do custom commands to FTP without sending anything by using the
- CURLOPT_NOBODY, which -I sets.
-
-- [Lijo Antony brought this change]
-
- examples: Updated asiohiper.cpp to remove connect from opensocket
+ So now you can include an ~246-character password in your .netrc,
+ instead of the previous limit of 63 characters.
- Blocking connect on the socket has been removed from opensocket
- callback. opensocket just opens a new socket and gives it back to
- libcurl and libcurl will take care of the connect. sockopt_callback has
- also been removed, as it is no longer required.
+ Reported-by: Colby Ranger
-Yang Tse (23 Nov 2012)
-- build: fix AIX compilation and usage
+- [Jonathan Nieder brought this change]
+
+ url: allocate username, password, and options on the heap
- AIX sys/poll.h header file defines 'events' and 'revents' as C
- preprocessor macros. Usage of these literals in libcurl's external
- API was introduced in commit de24d7bd4c causing AIX build failures.
- Appropriate inclusion of sys/poll.h by libcurl's external interface
- fixes AIX build and usage issues while avoiding a SONAME bump.
+ This makes it possible to increase the size of the buffers when needed
+ in later patches. No functional change yet.
-Steve Holme (23 Nov 2012)
-- DOCS: Updated CURLOPT_CONNECT_ONLY to reflect usage in other protocols
+- [Jonathan Nieder brought this change]
-Daniel Stenberg (23 Nov 2012)
-- test: offer "automake" output and check for perl better
+ url: use goto in create_conn() for exception handling
- runtests.pl -am now uses the "PASS/FAIL: [desc]" output for each
- executed test. You can run 'make test-am' in the root build directory to
- invoke that. The reason for this output style is to better allow generic
- test suite parsers to also grok our test output.
+ Instead of remembering before each "return" statement which temporary
+ allocations, if any, need to be freed, take care to set pointers to
+ NULL when no longer needed and use a goto to a common block to exit
+ the function and free all temporaries.
- The test Makefile now also tests that perl was indeed found and that the
- PERL variable points to an executable before it tries to run the main
- test perl script runtests.pl,
+ No functional change intended. Currently the only temporary buffer in
+ this function is "proxy" which is already correctly freed when
+ appropriate, but there will be more soon.
-- [Fabian Keil brought this change]
+- [Jonathan Nieder brought this change]
- Test 206: Use a Content-Length header for the 407 response
+ sasl: allow arbitrarily long username and password
- Otherwise curl would have to guess where the body ends.
-
-- [Fabian Keil brought this change]
-
- Test 206: Don't respond to a succesful CONNECT request with a body
+ Use appropriately sized buffers on the heap instead of fixed-size
+ buffers on the stack, to allow for longer usernames and passwords.
- It's against the spec and caused test failures when header
- and response were read from the network separately in which
- case bug #39 wasn't triggered.
-
-- htmltitle: use .cpp extension for C++ examples
+ Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
+ MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
-- [Lijo Antony brought this change]
+Steve Holme (19 Aug 2013)
+- [Alex McLellan brought this change]
- examples: Added a c++ example of using multi with boost::asio
+ imap: Fixed response check for SEARCH command
- Added an example for demonstrating the usage of curl multi interface
- with boost::asio in c++
+ Adding this line allows libcurl to return the server response when
+ performing a search command via a custom request.
-- VC Makefiles: add missing hostcheck
+Daniel Stenberg (16 Aug 2013)
+- glob: error out on range overflow
- the newly introduced hostcheck.h/c is missing in the Visual Studio
- Makefiles as obj file.
+ The new multiply() function detects range value overflows. 32bit
+ machines will overflow on a 32bit boundary while 64bit hosts support
+ ranges up to the full 64 bit range.
- Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html
-
-- compiler warning fixes
+ Added test 1236 to verify.
- The conversions from ssize_t to int need to be typecasted.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1267
+ Reported-by: Will Dietz
-- bump: start working on 7.28.2
+- urlglob: better detect unclosed braces, empty lists and overflows
+
+ A rather big overhaul and cleanup.
+
+ 1 - curl wouldn't properly detect and reject globbing that ended with an
+ open brace if there were brackets or braces before it. Like "{}{" or
+ "[0-1]{"
+
+ 2 - curl wouldn't properly reject empty lists so that "{}{}" would
+ result in curl getting (nil) strings in the output.
+
+ 3 - By using strtoul() instead of sscanf() the code will now detected
+ over and underflows. It now also better parses the step argument to only
+ accept positive numbers and only step counters that is smaller than the
+ delta between the maximum and minimum numbers.
+
+ 4 - By switching to unsigned longs instead of signed ints for the
+ counters, the max values for []-ranges are now very large (on 64bit
+ machines).
+
+ 5 - Bumped the maximum number of globs in a single URL to 100 (from 10)
+
+ 6 - Simplified the code somewhat and now it stores fixed strings as
+ single- entry lists. That's also one of the reasons why I did (5) as now
+ all strings between "globs" will take a slot in the array.
+
+ Added test 1234 and 1235 to verify. Updated test 87.
+
+ This commit fixes three separate bug reports.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1264
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1265
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1266
+ Reported-by: Will Dietz
-- THANKS: added 14 contributors from the 7.28.1 release
+- [John Malmberg brought this change]
-Version 7.28.1 (20 Nov 2012)
+ VMS: Add RELEASE-NOTES to vms document
+
+ Add the curl release notes to the release note document generated for
+ VMS packages.
+
+ Add the different filenames generated by a daily build to the
+ cleanup procedures.
-Daniel Stenberg (20 Nov 2012)
-- RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1
+- [Tor Arntsen brought this change]
-Kamil Dudka (20 Nov 2012)
-- [Anthony Bryan brought this change]
+ tests 2032, 2033: Don't hardcode port in expected output
- RELEASE-NOTES: NSS can be used for metalink hashing
+- ftp: convert state names to a global array
+
+ ... just to make them easier to print in debug ouputs while debugging.
+ They are still within #ifdef [debugbuild].
-- [Fabian Keil brought this change]
+- --help: fix the --sasl-ir in the help output
- Get test 2032 working when using valgrind
+- ftp_domore_getsock: when passive mode, the second conn is already there
+
+ This makes the socket callback get called with the proper bitmask as
+ otherwise the application could be left hanging waiting for reading on
+ an upload connection!
- If curl_multi_fdset() sets maxfd to -1, the socket detection
- loop is skipped and thus !found_new_socket is no cause for alarm.
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0043.html
+ Reported-by: Bill Doyle
-- test2032: spurious failure caused by premature termination
+- curl: make --no-[option] work properly for several options
- Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html
+ --create-dirs, --crlf, --socks5-gssapi-nec and --sasl-ir
-Daniel Stenberg (19 Nov 2012)
-- [Fabian Keil brought this change]
+Kamil Dudka (12 Aug 2013)
+- nss: make sure that NSS is initialized
+
+ ... prior to calling PK11_GenerateRandom()
- Fix comment typos in test 517
+Daniel Stenberg (12 Aug 2013)
+- multi: s/easy/data
+
+ With everything being struct SessionHandle pointers now, this rename
+ makes multi.c use the library-wide practise of calling that pointer
+ 'data' instead of the previously used 'easy'.
-- [Fabian Keil brought this change]
+- cleanup: removed one function, made one static
+
+ Moved Curl_easy_addmulti() from easy.c to multi.c, renamed it to
+ easy_addmulti and made it static.
+
+ Removed Curl_easy_initHandleData() and uses of it since it was emptied
+ in commit cdda92ab67b47d74a.
- Test 92 and 194: normalize spaces in the Server headers
+- SessionHandle: the protocol specific pointer is now a void *
+
+ All protocol handler structs are now opaque (void *) in the
+ SessionHandle struct and moved in the request-specific sub-struct
+ 'SingleRequest'. The intension is to keep the protocol specific
+ knowledge in their own dedicated source files [protocol].c etc.
- It makes no difference from curl's point of view but
- makes it more convenient to use the tests with a
- lws-normalizing proxy between curl and the test server.
+ There's some "leakage" where this policy is violated, to be addressed at
+ a later point in time.
-- [Fabian Keil brought this change]
+- urldata: clean up the use of the protocol specific structs
+
+ 1 - always allocate the struct in protocol->setup_connection. Some
+ protocol handlers had to get this function added.
+
+ 2 - always free at the end of a request. This is also an attempt to keep
+ less memory in the handle after it is completed.
- Add a HOSTIP precheck for tests 31 and 1105
+- version number: bump to 7.32.1 for now
- They currently only work for 127.0.0.1 which
- is hardcoded and can't be easily changed.
+ Start working on the next version and up some counters.
+
+Version 7.32.0 (11 Aug 2013)
+
+Daniel Stenberg (11 Aug 2013)
+- THANKS: added contributors from the 7.32.0 release notes
- [Fabian Keil brought this change]
- Let test 8 work as long as %HOSTIP ends with ".0.0.1"
-
- .. and add a precheck to skip the test otherwise.
+ test1228: add 'HTTP proxy' to the keywords
- [Fabian Keil brought this change]
- Add --resolve to the keywords and name of test 1318
-
- This makes it easier to skip it automatically when
- the test suite is used with external proxies.
+ tests: add keywords for a couple of FILE tests
- [Fabian Keil brought this change]
- Add FTP keywords for a couple of currently keyword-less FTP tests
+ tests: add 'FAILURE' keywords to tests 1409 and 1410
- [Fabian Keil brought this change]
- Add keywords for a couple of currently keyword-less HTTP tests
+ tests: add keywords for a couple of HTTP tests
- [Fabian Keil brought this change]
- Use carriage returns in all headers in test 31
-
- Trailing spaces were left unmodifed, assuming they were intentional.
+ tests: add keywords for a couple of FTP tests
- [Fabian Keil brought this change]
- Do not mix CRLF and LF header endings in a couple of HTTP tests
-
- Consistently use CRLF instead. The mixed endings weren't
- documented so I assume they were unintentional.
-
- This change doesn't matter for curl itself but makes using
- the tests with a proxy between curl and the test server
- more convenient.
+ test1511: consistently terminate headers with CRLF
+
+- DISABLED: shut of test 1512 for now
- Tests that consistently use no carriage returns were
- left unmodified as one can easily work around this.
+ It shows intermittent failures and I haven't been able to track them
+ down yet. Disable this test for now.
+
+- curl_multi_add_handle.3: ... that timer callback is for event-based
+
+- comments: remove old and wrong multi/easy interface statements
+
+- curl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use
+
+- [John E. Malmberg brought this change]
+
+ KNOWN_BUGS: 22 and 57 have been fixed and committed
-- fixed memory leak: CURLOPT_RESOLVE with multi interface
+- RELEASE-NOTES: synced with d20def20462e7
+
+- global dns cache: fix memory leak
- DNS cache entries populated with CURLOPT_RESOLVE were not properly freed
- again when done using the multi interface.
+ The take down of the global dns cache didn't take CURLOPT_RESOLVE names
+ into account.
+
+- global dns cache: didn't work [regression]
- Test case 1502 added to verify.
+ CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been
+ broken since the libcurl 7.29.0 release). While this option has been
+ documented as deprecated for almost a decade and nobody even reported
+ this bug, it should remain functional.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3575448
- Reported by: Alex Gruz
+ Added test case 1512 to verify
-- RELEASE-NOTES: synced with ee588fe08807778
-
- 4 more bug fixes and 4 more contributors
+Yang Tse (8 Aug 2013)
+- [John Malmberg brought this change]
-- mem-include-scan: verify memory #includes
+ packages/vms: update VMS build files
- If we use memory functions (malloc, free, strdup etc) in C sources in
- libcurl and we fail to include curl_memory.h or memdebug.h we either
- fail to properly support user-provided memory callbacks or the memory
- leak system of the test suite fails.
+ VMS modified files either missing from a previous commit and changes
+ to remove references to CVS repositories.
+
+Daniel Stenberg (8 Aug 2013)
+- FTP: renamed several local functions
- After Ajit's report of a failure in the first category in http_proxy.c,
- I spotted a few in the second category as well. These problems are now
- tested for by test 1132 which runs a perl program that scans for and
- attempts to check that we use the correct include files if a memory
- related function is used in the source code.
+ The previous naming scheme ftp_state_post_XXXX() wasn't really helpful
+ as it wasn't always immediately after 'xxxx' and it wasn't easy to
+ understand what it does based on such a name.
- Reported by: Ajit Dhumale
- Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html
+ This new one is instead ftp_state_yyyy() where yyyy describes what it
+ does or sends.
-- tftp_rx: code style cleanup
+- mk-ca-bundle.1: don't install on make install
- Fixed checksrc warnings
-
-- [Fabian Keil brought this change]
-
- Fix the libauthretry changes from 7c0cbcf2f61
+ Since the mk-ca-bundle tool itself isn't installed with make install,
+ there's no point in installing its documentation.
- They broke the NTLM tests from 2023 to 2031.
+ Bug: http://curl.haxx.se/mail/lib-2013-08/0057.html
+ Reported-by: Guenter Knauf
-- [Christian Vogt brought this change]
+Yang Tse (7 Aug 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
- tftp_rx: handle resends
+- [John Malmberg brought this change]
+
+ Building_vms_pcsi_kit
- Re-send ACK for block X in case we receive block X data again while
- waiting for block X+1.
+ These are the files needed to build VMS distribution packages known as
+ PCSI kits.
- Based on an earlier patch by Marcin Adamski.
+ Also minor update to the existing files, mainly to the documentation and
+ file clean up code.
-- autoconf: don't force-disable compiler debug option
+Daniel Stenberg (6 Aug 2013)
+- LIBCURL-STRUCTS: new document
+
+ This is the first version of this new document, detailing the seven
+ perhaps most important internal structs in libcurl source code:
- When nothing is told to configure, we should not enforce switching off
- debug options with -g0 (or similar). We instead don't use -g at all in
- that situaion and therefore allow the user's CFLAGS settings possibly
- dictate what to do.
+ 1.1 SessionHandle
+ 1.2 connectdata
+ 1.3 Curl_multi
+ 1.4 Curl_handler
+ 1.5 conncache
+ 1.6 Curl_share
+ 1.7 CookieInfo
-- [Mark Snelling brought this change]
+- CONTRIBUTE: minor language polish
- winbuild: Fix PDB file output
+- FTP: when EPSV gets a 229 but fails to connect, retry with PASV
- And fix some newlines to be proper CRLF
+ This is a regression as this logic used to work. It isn't clear when it
+ broke, but I'm assuming in 7.28.0 when we went all-multi internally.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3586741
-
-- RELEASE-NOTES: synced with fa1ae0abcde
+ This likely never worked with the multi interface. As the failed
+ connection is detected once the multi state has reached DO_MORE, the
+ Curl_do_more() function was now expanded somewhat so that the
+ ftp_do_more() function can request to go "back" to the previous state
+ when it makes another attempt - using PASV.
+
+ Added test case 1233 to verify this fix. It has the little issue that it
+ assumes no service is listening/accepting connections on port 1...
+
+ Reported-by: byte_bucket in the #curl IRC channel
-- [Cristian Rodríguez brought this change]
+Nick Zitzmann (5 Aug 2013)
+- md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard
+
+ For some reason, OS X 10.5's GCC suddenly stopped working correctly with
+ macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I
+ worked around this by removing use of the macros and inserting static
+ functions that just call CommonCrypto's implementations of the functions
+ instead.
- OpenSSL: Disable SSL/TLS compression
+Guenter Knauf (5 Aug 2013)
+- Simplify check for trusted certificates.
- It either causes increased memory usage or exposes users
- to the "CRIME attack" (CVE-2012-4929)
+ This changes the previous check for untrusted certs to a check for
+ certs explicitely marked as trusted.
+ The change is backward-compatible (tested with certdata.txt v1.80).
-- [Sebastian Rasmussen brought this change]
+Daniel Stenberg (5 Aug 2013)
+- configure: warn on bad env variable use, don't error
+
+ Use XC_CHECK_BUILD_FLAGS instead XC_CHECK_USER_FLAGS.
- FILE: Make upload-writes unbuffered by not using FILE streams
+- Revert "configure: don't error out on variable confusions, just warn"
+
+ This reverts commit 6b27703b5f525eccdc0a8409f51de8595c75132a.
-Kamil Dudka (13 Nov 2012)
-- tool_metalink: fix error detection of hash alg initialization
+- formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
- The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly
- without any wrappers and they return 1 for success, 0 otherwise. Hence,
- we have to use the same approach in all the wrapper functions that are
- used for the other crypto libraries.
+ The internal function that's used to detect known file extensions for
+ the default Content-Type got the the wrong pointer passed in when
+ CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
+ strlen() would be used which could lead to an out-of-bounds read (and
+ thus segfault). In most cases it would only lead to it not finding or
+ using the correct default content-type.
- This commit fixes a regression introduced in commit dca8ae5f.
-
-Daniel Stenberg (13 Nov 2012)
-- RELEASE-NOTES: synced with 7c0cbcf2f617b
-
-- [Sergei Nikulov brought this change]
+ It also showed that test 554 and test 587 were testing for the
+ previous/wrong behavior and now they're updated as well.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1262
+ Reported-by: Konstantin Isakov
- fixed Visual Studio 2010 compilation
+Guenter Knauf (4 Aug 2013)
+- Skip more untrusted certificates.
+
+ Christian Heimes brought to our attention that the certdata.txt
+ format has recently changed [1], causing ca-bundle.crt created
+ with mk-ca-bundle.[pl|vbs] to include untrusted certs.
+
+ [1] http://lists.debian.org/debian-release/2012/11/msg00411.html
-- [Anton Malov brought this change]
+Daniel Stenberg (4 Aug 2013)
+- configure: don't error out on variable confusions, just warn
- ftp: EPSV-disable fix over SOCKS
+- configure: rephrase the notice in _XC_CHECK_VAR_*
- Bug: http://curl.haxx.se/bug/view.cgi?id=3586338
+ Instead of claiming it is an error, we call it a "note" to reduce the
+ severity level. But the following text now says the [variable] "*should*
+ only be used to specify"... instead of previously having said "may".
-Patrick Monnerat (12 Nov 2012)
-- Merge branch 'master' of github.com:bagder/curl
+- multi: remove data->state.current_conn struct field
+
+ Not needed
-- OS400: upgrade wrappers for the 7.28.1 release.
+- multi: remove the one_easy struct field
+
+ Since the merge of SessionHandle with Curl_one_easy, this indirection
+ isn't used anymore.
-Daniel Stenberg (12 Nov 2012)
-- runtests: limit execessive logging/output
+- multi: rename all Curl_one_easy to SessionHandle
-- [Gabriel Sjoberg brought this change]
+- multi: remove the multi_pos struct field
+
+ Since Curl_one_easy is really a SessionHandle now, this indirection
+ doesn't exist anymore.
- Digst: Add microseconds into nounce calculation
+- multi: remove easy_handle struct field
- When using only 1 second precision, curl doesn't create new cnonce
- values quickly enough for all uses.
+ It isn't needed anymore
+
+- multi: remove 'Curl_one_easy' struct, phase 1
- For example, issuing the following command multiple times to a recent
- Tomcat causes authentication failures:
+ The motivation for having a separate struct that keep track of an easy
+ handle when using the multi handle was removed when we switched to
+ always using the multi interface internally. Now they were just two
+ separate struct that was always allocated for each easy handle.
- curl --digest -utest:test http://tomcat.test.com:8080/manager/list
+ This first step just moves the Curl_one_easy struct members into the
+ SessionHandle struct and hides this somehow (== keeps the source code
+ changes to a minimum) by defining Curl_one_easy to SessionHandle
- This is because curl uses the same cnonce for several seconds, but
- doesn't increment the nonce counter.  Tomcat correctly interprets
- this as a replay attack and rejects the request.
+ The biggest changes in this commit are:
- When microsecond-precision is available, this commit causes curl to
- change cnonce values much more frequently.
+ 1 - the linked list of easy handles had to be changed somewhat due
+ to the new struct layout. This made the main linked list pointer
+ get renamed to 'easyp' and there's also a new pointer to the last
+ node, called easylp. It is no longer circular but ends with ->next
+ pointing to NULL. New nodes are still added last.
- With microsecond resolution, increasing the nounce length used in the
- headers to 32 was made to further reduce the risk of duplication.
+ 2 - easy->state is now called easy->mstate to avoid name collision
-- SCP/SFTP: improve error code used for send failures
+Steve Holme (2 Aug 2013)
+- Revert "DOCS: Added IMAP URL example for listing new messages"
- Instead of relying on the generic CURLE error for SCP or SFTP send
- failures, try passing back a more suitable error if possible.
-
-- Curl_write: remove unneeded typecast
+ This reverts commit 82ab5f1b0c7c3f as this was the wrong place to
+ document the complexity of IMAP URLs and Custom Requests.
-Kamil Dudka (9 Nov 2012)
-- tool_metalink: allow to use hash algorithms provided by NSS
+- DOCS: Added IMAP URL example for listing new messages
- Fixes bug #3578163:
- http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976
+ In addition to listing the folder contents, in the URL examples, added
+ an example to list the new messages waiting in the user's inbox.
-- tool_metalink: allow to handle failure of hash alg initialization
+Yang Tse (1 Aug 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
-- tool_metalink: introduce metalink_cleanup() in the internal API
-
- ... to release resources allocated at global scope
+- [John Malmberg brought this change]
-Daniel Stenberg (8 Nov 2012)
-- hostcheck: only build for the actual users
+ Add in the files needed to build libcurl shared images on VMS.
- and make local function static
-
-- [Oscar Koeroo brought this change]
-
- SSL: Several SSL-backend related fixes
-
- axTLS:
-
- This will make the axTLS backend perform the RFC2818 checks, honoring
- the VERIFYHOST setting similar to the OpenSSL backend.
-
- Generic for OpenSSL and axTLS:
+ Update the packages/vms/readme file to be current.
- Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
- files to make them genericly available for both the OpenSSL, axTLS and
- other SSL backends. They are now in the new lib/hostcheck.c file.
+ Also some files for the GNV based build were either missing or needed an
+ update.
- CyaSSL:
+ curl_crtl_init.c is a special file that is run before main() to
+ set up the proper C runtime behavior.
- CyaSSL now also has the RFC2818 checks enabled by default. There is a
- limitation that the verifyhost can not be enabled exclusively on the
- Subject CN field comparison. This SSL backend will thus behave like the
- NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
- setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
- too.
+ generate_vax_transfer.com generates the VAX transfer vector modules from
+ the gnv_libcurl_symbols.opt file.
- Schannel:
+ gnv_conftest.c_first is a helper file needed for configure scripts to
+ come up with the expected answers on VMS.
- Updated the schannel information messages: Split the IP address usage
- message from the verifyhost setting and changed the message about
- disabling SNI (Server Name Indication, used in HTTP virtual hosting)
- into a message stating that the Subject Alternative Names checks are
- being disabled when verifyhost is set to 0 or 1. As a side effect of
- switching off the RFC2818 related servername checks with
- SCH_CRED_NO_SERVERNAME_CHECK
- (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
- is being disabled. This effect is not documented in MSDN, but Wireshark
- output clearly shows the effect (details on the libcurl maillist).
+ gnv_libcurl_symbols.opt is the public symbols for the libcurl shared
+ image.
- PolarSSL:
+ gnv_link_curl.com builds the shared libcurl image and rebuilds other
+ programs to use it.
- Fix the prototype change in PolarSSL of ssl_set_session() and the move
- of the peer_cert from the ssl_context to the ssl_session. Found this
- change in the PolarSSL SVN between r1316 and r1317 where the
- POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
- PolarSSL version 1.1.4 the check is to discriminate between lower then
- PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
- trunk jumped from version 1.1.1 to 1.2.0.
+ macro32_exactcase.patch is a hack to make a local copy of the VMS Macro32
+ assembler case sensitive, which is needed to build the VAX transfer modules.
- Generic:
-
- All the SSL backends are fixed and checked to work with the
- ssl.verifyhost as a boolean, which is an internal API change.
+ report_openssl_version.c is a tool for help verify that the libcurl
+ shared image is being built for a minium version of openssl.
-- libcurl: VERSIONINFO update
-
- Since we added the curl_multi_wait function, the VERSIONINFO needed
- updating.
+- curl: second follow-up for commit 5af2bfb9
- Reported by: Patrick Monnerat
+ Display progress-bar unconditionally on first call
-Guenter Knauf (8 Nov 2012)
-- Added .def file to output.
+- curl: follow-up for commit 5af2bfb9
- Requested by Johnny Luong on the libcurl list.
+ Use tvnow() and tvdiff() to avoid introducing new linkage issues
-- Added deps for static metalink-aware MinGW builds.
+Daniel Stenberg (31 Jul 2013)
+- curl: --progress-bar max update frequency now at 5Hz
-Daniel Stenberg (8 Nov 2012)
-- [Fabian Keil brought this change]
-
- Fix compilation of lib1501
-
-- Curl_readwrite: remove debug output
+- curl: make --progress-bar update the line less frequently
- The text "additional stuff not fine" text was added for debug purposes a
- while ago, but it isn't really helping anyone and for some reason some
- Linux distributions provide their libcurls built with debug info still
- present and thus (far too many) users get to read this info.
-
-- RELEASE-NOTES: synced with 487538e87a3d5e
+ Also, use memset() instead of a lame loop.
- 6 new bugfixes and 3 more contributors...
-
-- http_perhapsrewind: consider NTLM over proxy too
+ The previous logic that tried to avoid too many updates were very
+ ineffective for really fast transfers, as then it could easily end up
+ doing hundreds of updates per second that would make a significant
+ impact in transfer performance!
- The logic previously checked for a started NTLM negotiation only for
- host and not also with proxy, leading to problems doing POSTs over a
- proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
- check.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
- Reported by: John Suprock
-
-- [Lars Buitinck brought this change]
+ Bug: http://curl.haxx.se/mail/archive-2013-07/0031.html
+ Reported-by: Marc Doughty
- Curl_connecthost: friendlier "couldn't connect" message
+Nick Zitzmann (30 Jul 2013)
+- darwinssl: added LFs to some strings passed into infof()
+
+ (This doesn't need to appear in the release notes.) I noticed a few places
+ where infof() was called, and there should've been an LF at the end of the
+ string, but there wasn't.
-- test1413: verify redirects to URLs with fragments
+- darwinssl: fix build error in crypto authentication under Snow Leopard
- The bug report claimed it didn't work. This problem was probably fixed
- in 473003fbdf.
+ It turns out Snow Leopard not only has SecItemCopyMatching() defined in
+ a header not included by the omnibus header, but it won't work for our
+ purposes, because searching for SecIdentityRef objects wasn't added
+ to that API until Lion. So we now use the old SecKeychainSearch API
+ instead if the user is building under, or running under, Snow Leopard.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3581898
+ Bug: http://sourceforge.net/p/curl/bugs/1255/
+ Reported by: Edward Rudd
-- URL parser: cut off '#' fragments from URLs (better)
+- md5 & metalink: use better build macros on Apple operating systems
- The existing logic only cut off the fragment from the separate 'path'
- buffer which is used when sending HTTP to hosts. The buffer that held
- the full URL used for proxies were not dealt with. It is now.
+ Previously we used __MAC_10_X and __IPHONE_X to mark digest-generating
+ code that was specific to OS X and iOS. Now we use
+ __MAC_OS_X_VERSION_MAX_ALLOWED and __IPHONE_OS_VERSION_MAX_ALLOWED
+ instead of those macros.
- Test case 5 was updated to use a fragment on a URL over a proxy.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3579813
+ Bug: http://sourceforge.net/p/curl/bugs/1255/
+ Reported by: Edward Rudd
-- OpenSSL/servercert: use correct buffer size, not size of pointer
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3579286
+Yang Tse (29 Jul 2013)
+- tool_operhlp.c: fix add_file_name_to_url() OOM handling
-- curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable
+- tool_operate.c: fix brace placement for vi/emacs delimiter matching
-- test 2027/2030: take duplicate Digest requests into account
-
- With the reversion of ce8311c7e49eca and the new clear logic, this flaw
- is present and we allow it.
+- tool_operate.c: move <fabdef.h> header inclusion location
-- Curl_pretransfer: clear out unwanted auth methods
-
- As a handle can be re-used after having done HTTP auth in a previous
- request, it must make sure to clear out the HTTP types that aren't
- wanted in this new request.
+Daniel Stenberg (29 Jul 2013)
+- RELEASE-NOTES: synced with b5478a0e033e7
-- test1412: verify Digest with repeated URLs
+- curl_easy_pause: on unpause, trigger mulit-socket handling
- This test case verifies that bug 3582718 is fixed.
+ When the multi-socket API is used, we need the handle to be checked
+ again when it gets unpaused.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3582718
- Reported by: Nick Zitzmann (originally)
+ Bug: http://curl.haxx.se/mail/lib-2013-07/0239.html
+ Reported-by: Justin Karneges
-- Revert "Zero out auth structs before transfer"
-
- This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97.
-
- The commit made test 2024 work but caused a regression with repeated
- Digest authentication. We need to fix this differently.
+- [John E. Malmberg brought this change]
-- CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
+ curl_formadd: fix file upload on VMS
- After a research team wrote a document[1] that found several live source
- codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
- option thinking it was a boolean, this change now bans 1 as a value and
- will make libcurl return error for it.
+ For the standard VMS text file formats, VMS needs to read the file to
+ get the actual file size.
- 1 was never a sensible value to use in production but was introduced
- back in the days to help debugging. It was always documented clearly
- this way.
+ For the standard VMS binary file formats, VMS needs a special format of
+ fopen() call so that it stops reading at the logical end of file instead
+ of at the end of the blocks allocated to the file.
- 1 was never supported by all SSL backends in libcurl, so this cleanup
- makes the treatment of it unified.
+ I structured the patch this way as I was not sure about changing the
+ structures or parameters to the routines, but would prefer to only call
+ the stat() function once and pass the information to where the fopen()
+ call is made.
- The report's list of mistakes for this option were all PHP code and
- while there's a binding layer between libcurl and PHP, the PHP team has
- decided that they have an as thin layer as possible on top of libcurl so
- they will not alter or specifically filter a 'TRUE' value for this
- particular option. I sympathize with that position.
+ Bug: https://sourceforge.net/p/curl/bugs/758/
+
+- formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
+
+ The code for CURLFORM_FILECONTENT had its check for duplicate options
+ wrong so that it would reject CURLFORM_PTRNAME if used in combination
+ with it (but not CURLFORM_COPYNAME)! The flags field used for this
+ purpose cannot be interpreted that broadly.
- [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
+ Bug: http://curl.haxx.se/mail/lib-2013-07/0258.html
+ Reported-by: Byrial Jensen
-- gnutls: fix compiler warnings
+Yang Tse (25 Jul 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
-- [Alessandro Ghedini brought this change]
+- [John E. Malmberg brought this change]
- gnutls: print alerts during handshake
+ VMS: intial set of files to allow building using GNV toolkit.
-- [Alessandro Ghedini brought this change]
+- string formatting: fix too many arguments for format
- gnutls: fix the error_is_fatal logic
+- string formatting: fix zero-length printf format string
-- RELEASE-NOTES: synced with fa6d78829fd30ad
+- easy.c: curl_easy_getinfo() fix va_start/va_end matching
-- httpcustomheader.c: free the headers after use
+- imap.c: imap_sendf() fix va_start/va_end matching
-- [Dave Reisner brought this change]
+- string formatting: fix 15+ printf-style format strings
- uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
-
- Since automake 1.12.4, the warnings are issued on running automake:
+Patrick Monnerat (24 Jul 2013)
+- OS400: sync ILE/RPG binding with current curl.h
+
+Yang Tse (24 Jul 2013)
+- string formatting: fix 25+ printf-style format strings
+
+Daniel Stenberg (23 Jul 2013)
+- Makefile.am: use LDFLAGS as well when linking libcurl
- warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
+ Linking on Solaris 10 x86 with Sun Studio 12 failed when we upgraded
+ automake for the release builds.
- Avoid INCLUDES and roll these flags into AM_CPPFLAGS.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1217
+ Reported-by: Dagobert Michelsen
+
+- [Fabian Keil brought this change]
+
+ url.c: Fix dot file path cleanup when using an HTTP proxy
- Compile tested on:
- Ubuntu 10.04 (automake 1:1.11.1-1)
- Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2)
- Arch Linux (automake 1.12.4)
+ Previously the path was cleaned, but the URL wasn't properly updated.
+
+- [Fabian Keil brought this change]
-- libauthretry.c: shorten lines to fit within 80 cols
+ tests: test1232 verifies dotdot removal from path with proxy
-- ftp_readresp: fix build without krb4 support
+- [Fabian Keil brought this change]
+
+ dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify()
+
+- [John E. Malmberg brought this change]
+
+ build_vms.com: fix debug and float options
- Oops, my previous commit broke builds with krb support.
+ In the reorganization of the build_vms.com the debug and float options
+ were not fixed up correctly.
-- test/README: mention the 1500 test number range
+- [John E. Malmberg brought this change]
-- FTP: prevent the multi interface from blocking
+ curl: fix upload of a zip file in OpenVMS
- As pointed out in Bug report #3579064, curl_multi_perform() would
- wrongly use a blocking mechanism internally for some commands which
- could lead to for example a very long block if the LIST response never
- showed.
+ Two fixes:
- The solution was to make sure to properly continue to use the multi
- interface non-blocking state machine.
+ 1. Force output file format to be stream-lf so that partial downloads
+ can be continued.
- The new test 1501 verifies the fix.
+ This should have minor impact as if the file does not exist, it was
+ created with stream-lf format. The only time this was an issue is if
+ there was already an existing file with a different format.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3579064
- Reported by: Guido Berhoerster
-
-Marc Hoersken (1 Nov 2012)
-- winbuild: Use machine type of development environment
+ 2. Fix file uploads are now fixed.
- This patch restores the original behavior instead of always
- falling back to x86 if no MACHINE-type was specified.
-
-- winbuild: Additional clean up
-
-- [Sapien2 brought this change]
-
- Even more winbuild refactoring
-
-- [Sapien2 brought this change]
+ a. VMS binary files such as ZIP archives are now uploaded
+ correctly.
+
+ b. VMS text files are read once to get the correct size
+ and then converted to line-feed terminated records as
+ they are read into curl.
+
+ The default VMS text formats do not contain either line-feed or
+ carriage-return terminated records. Those delimiters are added by the
+ operating system file read calls if the application requests them.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=496
- Minor winbuild refactoring
+Yang Tse (22 Jul 2013)
+- libtest: fix data type of some *_setopt() 'long' arguments
-- [Sapien2 brought this change]
+- curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output
- Architecture selection for winbuild and minor makefiles refactoring
+- curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
-Daniel Stenberg (1 Nov 2012)
-- BUGS: fix the bug tracker URL
+- tool_operate.c: fix passing curl_easy_setopt long arg on some x64 ABIs
- The URL we used before is the one that goes directly to 'add' a bug
- report, but since you can only do that after first having logged in to
- sourceforge, the link often doesn't work for visitors.
+ We no longer pass our 'bool' data type variables nor constants as
+ an argument to my_setopt(), instead we use proper 1L or 0L values.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3582408
- Reported by: Oscar Norlander
-
-- evhiperfifo: fix the pointer passed to WRITEDATA
+ This also fixes macro used to pass string argument for CURLOPT_SSLCERT,
+ CURLOPT_SSLKEY and CURLOPT_EGDSOCKET using my_setopt_str() instead of
+ my_setopt().
- Bug: http://curl.haxx.se/bug/view.cgi?id=3582407
- Reported by: Oscar Norlander
+ This also casts enum or int argument data types to long when passed to
+ my_setopt_enum().
-Guenter Knauf (1 Nov 2012)
-- Fixed MSVC libssh2 static build.
+Daniel Stenberg (21 Jul 2013)
+- curl_multi_wait: fix revents
- Since libssh2 supports now agent stuff it also depends on user32.lib.
- Posted to the list by Jan Ehrhardt.
-
-Daniel Stenberg (23 Oct 2012)
-- tlsauthtype: deal with the string case insensitively
+ Commit 6d30f8ebed34e7276 didn't work properly. First, it used the wrong
+ array index, but this fix also:
- When given a string as 'srp' it didn't work, but required 'SRP'.
- Starting now, the check disregards casing.
+ 1 - only does the copying if indeed there was any activity
- Bug: http://curl.haxx.se/bug/view.cgi?id=3578418
- Reported by: Jeff Connelly
+ 2 - makes sure to properly translate between internal and external
+ bitfields, which are not guaranteed to match
+
+ Reported-by: Evgeny Turnaev
+
+- RELEASE-NOTES: synced with d529f3882b9bca
-- asyn-ares: restore working with c-ares < 1.6.1
+- curl_easy_perform: gradually increase the delay time
- Back in those days the public ares.h header didn't include the
- ares_version.h header so it needs to be included here.
+ Instead of going 50,100,150 etc millisecond delay time when nothing has
+ been found to do or wait for, we now start lower and double each loop as
+ in 4,8,16,32 etc.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3577710
-
-- [Nick Zitzmann brought this change]
+ This lowers the minimum wait without sacrifizing the longer wait too
+ much with unnecessary CPU cycles burnt.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-07/0103.html
+ Reported-by: Andreas Malzahn
- metalink/md5: Use CommonCrypto on Apple operating systems
+- ftp_do_more: consider DO_MORE complete when server connects back
- Previously the Metalink code used Apple's CommonCrypto library only if
- curl was built using the --with-darwinssl option. Now we use CommonCrypto
- on all Apple operating systems including Tiger or later, or iOS 5 or
- later, so you don't need to build --with-darwinssl anymore. Also rolled
- out this change to libcurl's md5 code.
+ In the case of an active connection when ftp_do_more() detects that the
+ server has connected back, it must make sure to mark it as complete so
+ that the multi_runsingle() function will detect this and move on to the
+ next state.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-07/0115.html
+ Reported-by: Clemens Gruber
-- href_extractor.c: fix the URL
+Yang Tse (19 Jul 2013)
+- Makefile.b32: Borland makefile adjustments. Tested with BCC 5.5.1
-- [Michał Kowalczyk brought this change]
+- WIN32 MemoryTracking: require UNICODE for wide strdup code support
- href_extractor: example code extracting href elements
+Daniel Stenberg (18 Jul 2013)
+- CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
- It does so in a streaming manner using the "Streaming HTML parser".
-
-- [Nick Zitzmann brought this change]
+ CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function
+ and CURLOPT_PROGRESSFUNCTION is considered deprecated.
+
+ This new callback uses pure 'curl_off_t' arguments to pass on full
+ resolution sizes. It otherwise retains the same characteristics: the
+ same call rate, the same meanings for the arguments and the return code
+ is used the same way.
+
+ The progressfunc.c example is updated to show how to use the new
+ callback for newer libcurls while supporting the older one if built with
+ an older libcurl or even built with a newer libcurl while running with
+ an older.
- darwinssl: un-broke iOS build, fix error on server disconnect
+Yang Tse (18 Jul 2013)
+- Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage".
+
+ This reverts commit 7ed25cc, reinstating commit 8ec2cb5.
+
+ As of 18-jul-2013 we still do have code in libcurl that makes use of these
+ memory functions. Commit 8ec2cb5 comment still applies and is yet valid.
+
+ These memory functions are solely used in Windows builds, so all related
+ code is protected with '#ifdef WIN32' preprocessor conditional compilation
+ directives.
+
+ Specifically, wcsdup() _wcsdup() are used when building a Windows target with
+ UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case
+ when building a Windows UNICODE target with Windows native SSL/TLS support
+ enabled.
+
+ Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage
+ of these is hidden behind _tcsdup() which is MS way of dealing with code
+ that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS
+ header files and those compatible from other compilers use this preprocessor
+ conditional compilation directive in order to select at compilation time
+ whether 'wide' or 'ansi' MS API functions are used.
- The iOS build was broken by a reference to a function that only existed
- under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the
- server disconnected before libcurl got the chance to hang up first and
- SecureTransport was in use, then we'd raise an error instead of failing
- gracefully.
+ Without this code, Windows build targets with Windows native SSL/TLS support
+ enabled and MemoryTracking support enabled misbehave in tracking memory usage,
+ regardless of being a UNICODE enabled build or not.
-- [Alessandro Ghedini brought this change]
+- xc-am-iface.m4: comments refinement
- gnutls: put reset code into else block
+- configure: fix 'subdir-objects' distclean related issue
- Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
+ See XC_AMEND_DISTCLEAN comments for details.
-Guenter Knauf (13 Oct 2012)
-- Fix now broken libmetalink-aware OpenSSL build.
+Daniel Stenberg (18 Jul 2013)
+- [Evgeny Turnaev brought this change]
-- Revert c44e674; add OpenSSL includes/defines.
+ curl_multi_wait: set revents for extra fds
- The makefile is designed to build against a libmetalink devel package;
- therefore is does not matter what will change inside libmetalink.
- Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds.
+ Pass back the revents that happened for the user-provided file
+ descriptors.
-Daniel Stenberg (10 Oct 2012)
-- version-bump: towards 7.28.1!
+- [Ben Greear brought this change]
-- THANKS: 14 new contributors from 7.28.0
+ asyn-ares: Don't blank ares servers if none configured.
+
+ Best to just let c-ares use it's defaults if none are configured
+ in (lib)curl.
+
+ Signed-off-by: Ben Greear <greearb@candelatech.com>
-Version 7.28.0 (10 Oct 2012)
+- [Sergei Nikulov brought this change]
-Daniel Stenberg (10 Oct 2012)
-- RELEASE-NOTES: synced with 8373ca3641
+ cmake: Fix for MSVC2010 project generation
- One bug, one contributor. Getting ready for release.
-
-- curl_multi_wait: no wait if no descriptors to wait for
+ Fixed issue with static build for MSVC2010.
- This is a minor change in behavior after having been pointed out by Mark
- Tully and discussed on the list. Initially this case would internally
- call poll() with no sockets and a timeout which would equal a sleep for
- that specified time.
+ After some investigation I've discovered known issue
+ http://public.kitware.com/Bug/view.php?id=11240 When .rc file is linked
+ to static lib it fails with following linker error
- Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html
- Reported by: Mark Tully
-
-- TODO-RELEASE: cleanup for 7.28.0
+ LINK : warning LNK4068: /MACHINE not specified; defaulting to X86
+ file.obj : fatal error LNK1112: module machine type 'x64' conflicts with
+ target machine type 'X86'
- one issue is now KNOWN_BUG #79
+ Fix add target property /MACHINE: for MSVC generation.
- the other we just skip since nobody is working on it or is planning to
- start working on it anytime soon
-
-- curl_multi_wait.3: style formatting mistake
-
-Marc Hoersken (8 Oct 2012)
-- ssluse.c: md5.h is required for Curl_ossl_md5sum
-
-Daniel Stenberg (8 Oct 2012)
-- curl_multi_wait.3: fix the name of the man page
-
-- curl_multi_wait.3: renamed the last argument variable for clarity
-
-Marc Hoersken (6 Oct 2012)
-- curl_schannel.c: Fixed caching more data than required
+ Also removed old workarounds - it caused errors during msvc build.
- Do not fill the decrypted data buffer with more data unless
- required in order to return the requested amount of data.
+ Bug: http://curl.haxx.se/mail/lib-2013-07/0046.html
-- curl_schannel: Removed buffer limit and optimized buffer strategy
-
- Since there are servers that seem to return very big encrypted
- data packages, we need to be able to handle those without having
- an internal size limit. To avoid the buffer growing to fast to
- early the initial size was decreased and the minimum free space
- in the buffer was decreased as well.
+- mk-ca-bundle.1: point out certdata.txt format docs
-- lib/socks.c: Merged two size variables into one
+Yang Tse (16 Jul 2013)
+- slist.c: Curl_slist_append_nodup() OOM handling fix
-- lib/socks.c: Avoid type conversions where possible
-
- Streamlined variable names and types to avoid type conversions that
- may result in data being lost on non 32-bit systems.
+Daniel Stenberg (16 Jul 2013)
+- test1414: FTP PORT download without SIZE support
-- lib/curl_schannel.c: Hide size_t conversion warning
+Yang Tse (16 Jul 2013)
+- tests/Makefile.am: add configurehelp.pm to DISTCLEANFILES
-- krb5/curl_rtmp.c: Hide size_t to int type conversion warning
+Patrick Monnerat (15 Jul 2013)
+- curl_slist_append(): fix error detection
-- security.c: Aligned internal type to return type
-
- Use ssize_t instead of int to avoid conversion problems on 64-bit
- systems. Also added curlx_sztosi where necessary.
+- slist.c: fix indentation
-- lib/curl_schannel: Increased maximum buffer size to factor 128
+- OS400: new SSL backend GSKit
-- winbuild/MakefileBuild.vc: Follow up on 0c8ccf7
+- OS400: add slist and certinfo EBCDIC support
-Daniel Stenberg (2 Oct 2012)
-- RELEASE-NOTES: synced with 971f5bcedd418
-
- 9 new bug fixes, 5 changes, 6 more contributors
+- config-os400.h: enable system strdup(), strcmpi(), etc.
-- multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation
-
- During the periods of rate limitation, the speedcheck function wasn't
- called and thus the values weren't updated accordingly and it would then
- easily trigger wrongly once data got transferred again.
-
- Also, the progress callback's return code was not acknowledged in this
- state so it could make an "abort" return code to get ignored and not
- have the documented effect of aborting an ongoing transfer.
-
- Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html
- Reported by: Jie He
+- x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extract
+ Use from qssl backend
-- [Tatsuhiro Tsujikawa brought this change]
+- ssluse.c,sslgen.c,sslgen.h: move certinfo support to generic SSL
- tool_metalink.c: Filtered resource URLs by type
+- Merge branch 'master' of github.com:bagder/curl
- In Metalink v3, the type attribute of url element indicates the
- type of the resource the URL points to. It can include URL to the
- meta data, such as BitTorrent metainfo file. In Curl, we are not
- interested in these meta data URLs. Instead, we are only
- interested in the HTTP and FTP URLs. This change filters out
- non-HTTP and FTP URLs. If we don't filter out them, it will be
- downloaded by curl and hash check will fail if hash is provided
- and next URL will be tried. This change will cut this useless
- network transfer.
+ Merge for resync
-Kamil Dudka (1 Oct 2012)
-- https.c example: remember to call curl_global_init()
-
- ... in order not to leak memory on initializing an SSL library.
+- slist.c, slist.h, cookie.c: new internal procedure Curl_slist_append_nodup()
+
+Yang Tse (15 Jul 2013)
+- sslgen.c: fix Curl_rand() compiler warning
- Reported by: Tomas Mlcoch
+ Use simple seeding method upon RANDOM_FILE seeding method failure.
-Daniel Stenberg (28 Sep 2012)
-- FAQ: remove the date from the topmost line
+- sslgen.c: fix unreleased Curl_rand() infinite recursion
-- FAQ: 5.16 I want a different time-out!
+Daniel Stenberg (14 Jul 2013)
+- [Dave Reisner brought this change]
-- Curl_reconnect_request: clear pointer on failure
+ src/tool: allow timeouts to accept decimal values
- The Curl_reconnect_request() function could end up returning a pointer
- to a free()d struct when Curl_done() failed inside. Clearing the pointer
- unconditionally after Curl_done() avoids this risk.
+ Implement wrappers around strtod to convert the user argument to a
+ double with sane error checking. Use this to allow --max-time and
+ --connect-timeout to accept decimal values instead of strictly integers.
- Reported by: Ho-chi Chen
- Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
+ The manpage is updated to make mention of this feature and,
+ additionally, forewarn that the actual timeout of the operation can
+ vary in its precision (particularly as the value increases in its
+ decimal precision).
-- CURLOPT_CONNECTTIMEOUT: works without signals or posix too!
-
-Marc Hoersken (24 Sep 2012)
-- Makefile.vc6: Follow up on 0c8ccf7
+- [Dave Reisner brought this change]
-- Makefile.vc6: Added missing default library advapi32.lib
+ curl.1: fix long line, found by checksrc.pl
-Daniel Stenberg (19 Sep 2012)
-- HTTP_ONLY: disable more protocols
+- [Dave Reisner brought this change]
-- test2006: Updated expected output to include hash name
+ src/tool_paramhlp: try harder to catch negatives
- Output changed in commit a34197ef77cb
-
-- [Sergei Nikulov brought this change]
+ strto* functions happily chomp off leading whitespace, so simply
+ checking for str[0] can lead to false negatives. Do the full parse and
+ check the out value instead.
- cmake: use standard findxxx modules for cmake v2.8+
-
-- [Sergei Nikulov brought this change]
+- [John E. Malmberg brought this change]
- setup.h: fixed for MS VC10 build
+ build_vms.com: detect and use zlib shared image
- Bug: http://curl.haxx.se/bug/view.cgi?id=3568327
-
-- TODO-RELEASE: push new features to 7.29
+ Update the build_vms.com to detect and use zlib shared image installed
+ by the ZLIB kit produced by Jean-Francois Pieronne, and the also the
+ future ZLIB 1.2.8 kit in addition to the older ZLIB kits.
- Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be
- working on them I have little hope...
+ Also fix the indentation to match one of the common standards used for
+ VMS DCL command files and removed the hard tab characters.
+
+ Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX.
-Marc Hoersken (17 Sep 2012)
-- metalink tests: Updated expected output to include hash name
+Yang Tse (14 Jul 2013)
+- url.c: fix parse_url_login() OOM handling
-Daniel Stenberg (16 Sep 2012)
-- [Sara Golemon brought this change]
+- http_digest.c: SIGSEGV and OOM handling fixes
- curl_multi_wait: Add parameter to return number of active sockets
-
- Minor change to recently introduced function. BC breaking, but since
- curl_multi_wait() doesn't exist in any releases that should be fine.
+- url.c: fix parse_login_details() OOM handling
-Marc Hoersken (14 Sep 2012)
-- socks.c: Fixed warning: conversion to 'int' from 'long unsigned int'
+- [John E. Malmberg brought this change]
-- http_negotiate.c: Fxied warning: unused variable 'rc'
+ setup-vms.h: sk_pop symbol tweak
+
+ Newer versions of curl are referencing a sk_pop symbol while the HP
+ OpenSSL library has the symbol in uppercase only.
-- ssh.c: Fixed warning: implicit conversion from enumeration type
+- getinfo.c: fix enumerated type mixed with another type
-- socks.c: Check that IPv6 is enabled before using it's features
+- test 1511: fix enumerated type mixed with another type
-- checksrc: Fixed line length and comment indentation
+- url.c: fix SIGSEGV
-- socks.c: Updated error messages to handle hostname and IPv6
+- dotdot.c: fix global declaration shadowing
-- socks.c: Added support for IPv6 connections through SOCKSv5 proxy
+- easy.c: fix global declaration shadowing
-Daniel Stenberg (13 Sep 2012)
-- parse_proxy: treat "socks://x" as a socks4 proxy
-
- Selected socks proxy in Google's Chrome browser. Resulting in the
- following environment variables:
-
- NO_PROXY=localhost,127.0.0.0/8
- ALL_PROXY=socks://localhost:1080/
- all_proxy=socks://localhost:1080/
- no_proxy=localhost,127.0.0.0/8
-
- ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP
- proxy.
+Kamil Dudka (9 Jul 2013)
+- Revert "curl.1: document the --time-cond option in the man page"
- Reported by: Scott Bailey
+ This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because
+ the documentation of --time-cond was duplicated by mistake.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
+ Reported by: Dave Reisner
-Kamil Dudka (12 Sep 2012)
-- ssh: do not crash if MD5 fingerprint is not provided by libssh2
-
- The MD5 fingerprint cannot be computed when running in FIPS mode.
+- curl.1: document the --sasl-ir option in the man page
-- ssh: move the fingerprint checking code to a separate fnc
+- curl.1: document the --post303 option in the man page
-Marc Hoersken (12 Sep 2012)
-- tool_metalink.c: Added name of validation hash to messages
-
- This makes it easier to debug broken hashes or hash functions.
+- curl.1: document the --time-cond option in the man page
-- wincrypt: Fixed cross-compilation issues caused by include name
-
- For some reason WinCrypt.h is named wincrypt.h under MinGW.
+Yang Tse (9 Jul 2013)
+- configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE)
-- md5.c: Added support for Microsoft Windows CryptoAPI
+- xc-am-iface.m4: provide XC_AUTOMAKE macro
-- Makefile.m32: Updated to build against libmetalink 0.1.2
-
- The include and library path were moved within libmetalink, this
- patch adjusts the defaults provided within the curl MinGW makefile.
+Guenter Knauf (8 Jul 2013)
+- Added winssl-zlib target to VC builds.
-- tool_metalink.c: Added support for Microsoft Windows CryptoAPI
+- Synced Makefile.vc6 with recent changes.
- Since Metalink support requires a crypto library for hash functions
- and Windows comes with the builtin CryptoAPI, this patch adds that
- API as a fallback to the supported crypto libraries.
- It is automatically used on Windows if no other library is provided.
+ Issue posted to the list by malinowsky AT FTW DOT at.
-- libntlmconnect.c: Fixed typo and conversion
+- Added libmetalink URL; added Android versions.
-- libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer
+Dan Fandrich (3 Jul 2013)
+- examples: Moved usercertinmem.c to COMPLICATED_EXAMPLES
- Fixed tests/libtest/libntlmconnect.c:52: warning: call to
- '_curl_easy_getinfo_err_long' declared with attribute warning:
- curl_easy_getinfo expects a pointer to long for this info
+ This prevents it from being built during a "make check" since it
+ depends on OpenSSL.
-- sws.c: Fixed warning: 'err' may be used uninitialized in this function
+Nick Zitzmann (2 Jul 2013)
+- Merge branch 'master' of https://github.com/bagder/curl
-- libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer
+- darwinssl: SSLv2 connections are aborted if unsupported by the OS
- Windows does not use -1 to represent invalid sockets and the
- SOCKET type is unsigned.
+ I just noticed that OS X no longer supports SSLv2. Other TLS engines return
+ an error if the requested protocol isn't supported by the underlying
+ engine, so we do that now for SSLv2 if the framework returns an error
+ when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is
+ only enabled in curl when starting the app with the -2 argument; it's off
+ by default. SSLv2 is really old and insecure.)
-- nss.c: Fixed warning: 'err' may be used uninitialized in this function
+Marc Hoersken (1 Jul 2013)
+- lib506.c: Fixed possible use of uninitialized variables
-- tool_metalink.c: Fixed error: 'O_BINARY' undeclared
+Kamil Dudka (30 Jun 2013)
+- url: restore the functionality of 'curl -u :'
- Check for O_BINARY which is not available on every system.
-
-- tool_metalink.c: Fixed validation of binary files containing EOF
+ This commit fixes a regression introduced in
+ fddb7b44a79d78e05043e1c97e069308b6b85f79.
- Since Windows/MinGW threat 0x1A as the EOF character, reading binary
- files which contain that byte does not work using text mode.
- The read function will only read until the first 0x1A byte. This
- means that the hash is not computed from the whole file and the
- final validation check using hash comparision fails.
+ Reported by: Markus Moeller
+ Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html
-- winbuild: Added support for building with SPNEGO enabled
-
- Since Simple and Protected GSSAPI Negotiation Mechanism
- is already implemented in curl and supported by the MinGW
- builds, this change adds build support to winbuild makefiles.
+Daniel Stenberg (25 Jun 2013)
+- digest: append the timer to the random for the nonce
-- winbuild: Adjusted order of options to generated config name
+- digest: improve nonce generation
- Cleaned up order of handled build options by ordering them
- nearly alphabetically by using the order of the generated
- config name. Preparation for future/more build options.
-
-Daniel Stenberg (9 Sep 2012)
-- [Anthony Bryan brought this change]
+ Use the new improved Curl_rand() to generate better random nonce for
+ Digest auth.
- MANUAL: clarified user+password in HTTP URLs
+- curl.1: fix typo in --xattr description
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1252
+ Reported-by: Jean-Noël Rouvignac
-- RELEASE-NOTES: synced with 6c6f1f64c2
+- RELEASE-NOTES: synced with 365c5ba39591
- 6 bug fixes to mention, 5 contributors
+ The 10 first bug fixes for the pending release...
-- TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done
+- formpost: better random boundaries
+
+ When doing multi-part formposts, libcurl used a pseudo-random value that
+ was seeded with time(). This turns out to be bad for users who formpost
+ data that is provided with users who then can guess how the boundary
+ string will look like and then they can forge a different formpost part
+ and trick the receiver.
+
+ My advice to such implementors is (still even after this change) to not
+ rely on the boundary strings being cryptographically strong. Fix your
+ code and logic to not depend on them that much!
- -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin
+ I moved the Curl_rand() function into the sslgen.c source file now to be
+ able to take advantage of the SSL library's random function if it
+ provides one. If not, try to use the RANDOM_FILE for seeding and as a
+ last resort keep the old logic, just modified to also add microseconds
+ which makes it harder to properly guess the exact seed.
- -324 - curl_multi_select() vs curl_multi_fdvec() etc
+ The formboundary() function in formdata.c is now using 64 bit entropy
+ for the boundary and therefore the string of dashes was reduced by 4
+ letters and there are 16 hex digits following it. The total length is
+ thus still the same.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1251
+ Reported-by: "Floris"
-Marc Hoersken (9 Sep 2012)
-- curl_schannel.c: Reference count the credential/session handle
+- printf: make sure %x are treated unsigned
- Reference counting the credential handle should avoid that such a
- handle is freed while it is still required for connection shutdown
+ When using %x, the number must be treated as unsigned as otherwise it
+ would get sign-extended on for example 64bit machines and do wrong
+ output. This problem showed when doing printf("%08x", 0xffeeddcc) on a
+ 64bit host.
-Daniel Stenberg (8 Sep 2012)
-- [Nick Zitzmann brought this change]
+- tests: add test1395 to the tarball
- darwinssl: fixed for older Mac OS X versions
+- SIGPIPE: don't use 'data' in sigpipe restore
- SSL didn't work on older cats if built on a newer cat with weak-linking
- turned on to support the older cat
-
-- [David Blaikie brought this change]
+ Follow-up fix from 7d80ed64e43515.
+
+ The SessionHandle may not be around to use when we restore the sigpipe
+ sighandler so we store the no_signal boolean in the local struct to know
+ if/how to restore.
- tool_easysrc.c: Test pointers against NULL
+- TODO: 1.8 Modified buffer size approach
- While validating a new Clang diagnostic (-Wnon-literal-null-conversion -
- yes, the name isn't quite correct in this case, but it suffices) I found
- a few violations of it in Curl.
+ Thoughts around buffer sizes and what might be possible to do...
-- SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
+- c-ares: improve error message on failed resolve
- Bug: http://curl.haxx.se/bug/view.cgi?id=3561305
+ When the c-ares based resolver backend failed to resolve a name, it
+ tried to show the name that failed from existing structs. This caused
+ the wrong output and shown hostname when for example --interface
+ [hostname] was used and that name resolving failed.
- Patch by: Marcel Raad
-
-- mk-ca-bundle: detect start of trust section better
+ Now we use the hostname used in the actual resolve attempt in the error
+ message as well.
- Each certificate section of the input certdata.txt file has a trust
- section following it with details.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1191
+ Reported-by: Kim Vandry
+
+- ossl_recv: check for an OpenSSL error, don't assume
- This script failed to detect the start of the trust for at least one
- cert[*], which made the script continue pass that section into the next
- one where it found an 'untrusted' marker and as a result that certficate
- was not included in the output.
+ When we recently started to treat a zero return code from SSL_read() as
+ an error we also got false positives - which primarily looks to be
+ because the OpenSSL documentation is wrong and a zero return code is not
+ at all an error case in many situations.
- [*] = "Hellenic Academic and Research Institutions RootCA 2011"
+ Now ossl_recv() will check with ERR_get_error() to see if there is a
+ stored error and only then consider it to be a true error if SSL_read()
+ returned zero.
- Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1249
+ Reported-by: Nach M. S.
+ Patch-by: Nach M. S.
-- [Alessandro Ghedini brought this change]
+Nick Zitzmann (22 Jun 2013)
+- Merge branch 'master' of https://github.com/bagder/curl
- gnutls: do not fail on non-fatal handshake errors
+- darwinssl: fix crash that started happening in Lion
- Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
-
-- FILEFORMAT: the FTP commands work for more protocols
+ Something (a recent security update maybe?) changed in Lion, and now it
+ has changed SSLCopyPeerTrust such that it may return noErr but also give
+ us a null trust, which caught us off guard and caused an eventual crash.
-- test1411: verify SMTP without SIZE support
+Daniel Stenberg (22 Jun 2013)
+- SIGPIPE: ignored while inside the library
+
+ ... and restore the ordinary handling again when it returns. This is
+ done for curl_easy_perform() and curl_easy_cleanup() only for now - and
+ only when built to use OpenSSL as backend as this is the known culprit
+ for the spurious SIGPIPEs people have received.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1180
+ Reported by: Lluís Batlle i Rossell
-- [František Kučera brought this change]
+- KNOWN_BUGS: #83 unable to load non-default openssl engines
- SMTP: only send SIZE if supported
+- test1396: invoke the correct test tool!
- SMTP client will send SIZE parameter in MAIL FROM command only if server
- supports it. Without this patch server might say "504 Command parameter
- not implemented" and reject the message.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3564114
+ This erroneously run unit test 1310 instead of 1396!
-- ftpserver: respond with a 250 to SMTP EHLO
+Kamil Dudka (22 Jun 2013)
+- test1230: avoid using hard-wired port number
- ... and specify that SIZE is supported. 250 is the "correct" response
- code according to RFC 2821
+ ... to prevent failure when a non-default -b option is given
-- RELEASE-NOTES: synced with abb0da919300e
+- curl-config.in: replace tabs by spaces
-Dan Fandrich (3 Sep 2012)
-- Updated Symbian build files
+Nick Zitzmann (22 Jun 2013)
+- darwinssl: reform OS-specific #defines
- This is untested, but at least Symbian still has a chance of
- still working now.
+ This doesn't need to be in the release notes. I cleaned up a lot of the #if
+ lines in the code to use MAC_OS_X_VERSION_MIN_REQUIRED and
+ MAC_OS_X_VERSION_MAX_ALLOWED instead of checking for whether things like
+ __MAC_10_6 or whatever were defined, because for some SDKs Apple has released
+ they were defined out of place.
+
+Daniel Stenberg (22 Jun 2013)
+- [Alessandro Ghedini brought this change]
-- Updated build docs w.r.t. Android and binary sizes
+ docs: fix typo in curl_easy_getinfo manpage
-Daniel Stenberg (1 Sep 2012)
-- symbols-in-versions: new CURL_WAIT_* symbols
+- dotdot: introducing dot file path cleanup
+
+ RFC3986 details how a path part passed in as part of a URI should be
+ "cleaned" from dot sequences before getting used. The described
+ algorithm is now implemented in lib/dotdot.c with the accompanied test
+ case in test 1395.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1200
+ Reported-by: Alex Vinnik
-- [Sara Golemon brought this change]
+- bump: start working towards what most likely will become 7.32.0
- Unit test for curl_multi_wait()
+- THANKS: added 24 new contributors from the 7.31.0 release
-- [Sara Golemon brought this change]
+Version 7.31.0 (22 Jun 2013)
- Manpage for curl_multi_wait().
+Daniel Stenberg (22 Jun 2013)
+- RELEASE-NOTES: synced with 0de7249bb39a2 - 7.31.0
-- [Sara Golemon brought this change]
+- unit1396: unit tests to verify curl_easy_(un)escape
- multi: add curl_multi_wait()
+- Curl_urldecode: no peeking beyond end of input buffer
+
+ Security problem: CVE-2013-2174
+
+ If a program would give a string like "%FF" to curl_easy_unescape() but
+ ask for it to decode only the first byte, it would still parse and
+ decode the full hex sequence. The function then not only read beyond the
+ allowed buffer but it would also deduct the *unsigned* counter variable
+ for how many more bytes there's left to read in the buffer by two,
+ making the counter wrap. Continuing this, the function would go on
+ reading beyond the buffer and soon writing beyond the allocated target
+ buffer...
- /*
- * Name: curl_multi_wait()
- *
- * Desc: Poll on all fds within a CURLM set as well as any
- * additional fds passed to the function.
- *
- * Returns: CURLMcode type, general multi error code.
- */
- CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
- struct curl_waitfd extra_fds[],
- unsigned int extra_nfds,
- int timeout_ms);
+ Bug: http://curl.haxx.se/docs/adv_20130622.html
+ Reported-by: Timo Sirainen
-- [Nick Zitzmann brought this change]
+Guenter Knauf (20 Jun 2013)
+- Use opened body.out file and write content to it.
- darwinssl: Bugfix for previous commit for older cats
+Daniel Stenberg (20 Jun 2013)
+- multi_socket: react on socket close immediately
- I accidentally broke functionality for versions of OS X prior to Mountain
- Lion in the previous commit. This commit fixes the problems.
+ As a remedy to the problem when a socket gets closed and a new one is
+ opened with the same file descriptor number and as a result
+ multi.c:singlesocket() doesn't detect the difference, the new function
+ Curl_multi_closed() gets told when a socket is closed so that it can be
+ removed from the socket hash. When the old one has been removed, a new
+ socket should be detected fine by the singlesocket() on next invoke.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1248
+ Reported-by: Erik Johansson
-- [Joe Mason brought this change]
+- RELEASE-NOTES: synced with e305f5ec715f
- Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice
+- TODO: mention the DANE patch from March
-- test2032: bail out after last transfer
+- CURLOPT_COOKIELIST: take cookie share lock
- The test would hang and get aborted with a "ABORTING TEST, since it
- seems that it would have run forever." until I prevented that from
- happening.
+ When performing COOKIELIST operations the cookie lock needs to be taken
+ for the cases where the cookies are shared among multiple handles!
- I also fixed the data file which got broken CRLF line endings when I
- sucked down the path from Joe's repo == my fault.
+ Verified by Benjamin Gilbert's updated test 506
- Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly
- this.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1215
+ Reported-by: Benjamin Gilbert
-- [Joe Mason brought this change]
+- [Benjamin Gilbert brought this change]
- NTLM: re-use existing connection better
+ test506: verify that CURLOPT_COOKIELIST takes share lock
- If we need an NTLM connection and one already exists, always choose that
- one.
+ It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
+
+- TODO: HTTP2/SPDY support
-- [Joe Mason brought this change]
+- curl_easy_setopt.3: clarify CURLOPT_PROGRESSFUNCTION frequency
+
+ Make it clearer that the CURLOPT_PROGRESSFUNCTION callback will be
+ called more frequently than once per second when things are happening.
- NTLM: verify multiple connections work
+- RELEASE-NOTES: synced with 9c3e098259b82
- Add test2032 to test that NTLM does not switch connections in the middle
- of the handshake
+ Mention 7 recent bug fixes and their associated contributors
-- curl.1: list the -w variables sorted alphabetically
+- curl_multi_wait.3: clarify the numfds counter
-- libcurl-share.3: remove wrong info of what can be shared
+- curl_easy_perform: avoid busy-looping
- "Currently you can only share DNS and/or COOKIE data" is incorrect since
- also SSL sessions can be shared.
+ When curl_multi_wait() finds no file descriptor to wait for, it returns
+ instantly and this must be handled gracefully within curl_easy_perform()
+ or cause a busy-loop. Starting now, repeated fast returns without any
+ file descriptors is detected and a gradually increasing sleep will be
+ used (up to a max of 1000 milliseconds) before continuing the loop.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3562261
- Reported by: Joe Mason
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1238
+ Reported-by: Miguel Angel
-- [Dave Reisner brought this change]
+- [YAMADA Yasuharu brought this change]
- examples: use do/while loop for multi examples
+ cookies: follow-up fix for path checking
- It's conceivable that after the first time curl_multi_perform returns,
- the outvalue still_running will be 0, but work will have been done. This
- is shown by a workload of small, purely file:// based URLs. Ensure that
- we always read pending messages off the multi handle by forcing the
- while loop to run at least once.
+ The initial fix to only compare full path names were done in commit
+ 04f52e9b4db0 but found out to be incomplete. This takes should make the
+ change more complete and there's now two additional tests to verify
+ (test 31 and 62).
-- curl.h: fix comment to refer to current names
-
- CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern
- libcurl versions.
+- [Sergei Nikulov brought this change]
-- ftpsget: simple example showing a FTPS fetch
+ lib1900: use tutil_tvnow instead of gettimeofday
+
+ Makes it build on windows
-- sftpget: SFTP is not "SSH FTP"
+- [Eric Hu brought this change]
-- [Armel Asselin brought this change]
+ axtls: now done non-blocking
- sftpget: example showing a simple SFTP download
-
- ... using SSH-agent
+- [Eric Hu brought this change]
-- curl_multi_perform.3: extended/clarified
+ test2033: requires NTLM support
-- INSTALL.cmake: clarify some flaws/limits in the cmake build
+- KNOWN_BUGS: #82 failed build with Borland compiler
-- https.c example: spell check used define
+- Curl_output_digest: support auth-int for empty entity body
- Bug: http://curl.haxx.se/bug/view.cgi?id=3559845
- Reported by: Olivier Berger
-
-- configure: update the copyright years for the output
+ By always returning the md5 for an empty body when auth-int is asked
+ for, libcurl now at least sometimes does the right thing.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1235
+ Patched-by: Nach M. S.
-- [Nick Zitzmann brought this change]
+- multi_socket: reduce timeout inaccuracy margin
+
+ Allow less room for "triggered too early" mistakes by applications /
+ timers on non-windows platforms. Starting now, we assume that a timeout
+ call is never made earlier than 3 milliseconds before the actual
+ timeout. This greatly improves timeout accuracy on Linux.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1228
+ Reported-by: Hang Su
- darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
+- cert_stuff: avoid double free in the PKCS12 code
+
+ In the pkcs12 code, we get a list of x509 records returned from
+ PKCS12_parse but when iterating over the list and passing each to
+ SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from
+ the "stack", which made them get freed twice (both in sk_X509_pop_free()
+ and then later in SSL_CTX_free).
- In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
- of SecureTransport functions, some of which we were using. We now check
- to see if the replacement functions are present, and if so, we use them
- instead. The old functions are still present for users of older
- cats. Also fixed a build warning that started to appear under Mountain
- Lion
+ This isn't really documented anywhere...
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1236
+ Reported-by: Nikaiw
-- curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION
+- cert_stuff: remove code duplication in the pkcs12 logic
-- [Gokhan Sengun brought this change]
+- [Aleksey Tulinov brought this change]
- ftp: active conn, place calling sockopt callback at the end of function
+ axtls: honor disabled VERIFYHOST
- Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket
+ When VERIFYHOST == 0, libcurl should let invalid certificates to pass.
-- [Gokhan Sengun brought this change]
+- [Peter Gal brought this change]
- ftp: active conn, allow application to set sockopt after accept() call
+ curl_easy_setopt.3: HTTP header with no content
- For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.
+ Update the documentation on how to specify a HTTP header with no
+ content.
-- configure: remove the --enable/disable-nonblocking options
+- RELEASE-NOTES: synced with 87cf677eca55
- Removing this option as it currently only functions to lure people into
- wrongly using it and falsely believing that libcurl will work fine
- without using nonblocking sockets internally - which leads to hard to
- track or understand errors.
-
-- [Ant Bryan brought this change]
+ Added 11 bugs and 7 contributors
- MANUAL review
+- lib1500: remove bad check
+
+ After curl_multi_wait() returns, this test checked that we got exactly
+ one file descriptor told to read from, but we cannot be sure that is
+ true. curl_multi_wait() will sometimes return earlier without any file
+ descriptor to handle, just just because it is a suitable time to call
+ *perform().
+
+ This problem showed up with commit 29bf0598.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html
+ Reported-by: Fabian Keil
-- curl.1: shorten lines, avoid referring to libcurl instead of curl
+- tests/Makefile: typo in the perlcheck target
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1239
+ Reported-by: Christian Weisgerber
-- [Ant Bryan brought this change]
+- test1230: verify CONNECT to a numerical ipv6-address
- curl.1: fix more consistent wording
+- sws: support extracting test number from CONNECT ipv6-address!
- "If this option is used several times, the last one will be used."
- uniformity
+ If an ipv6-address is provided to CONNECT, the last hexadecimal group in
+ the address will be used as the test number! For example the address
+ "[1234::ff]" would be treated as test case 255.
-- ssh: use the libssh2 agent API conditionally
+- curl_multi_wait: only use internal timer if not -1
+
+ commit 29bf0598aad5 introduced a problem when the "internal" timeout is
+ prefered to the given if shorter, as it didn't consider the case where
+ -1 was returned. Now the internal timeout is only considered if not -1.
- Commit e351972bc89aa4c brought in the ssh agent support but some uses of
- the libssh2 agent API was done unconditionally which wasn't good enough
- since that API hasn't always been present.
+ Reported-by: Tor Arntsen
+ Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html
-- white space fix: shorten long line
+Dan Fandrich (3 Jun 2013)
+- libcurl-tutorial.3: added a section on IPv6
- ... to please checksrc.pl
+ Also added a (correctly-escaped) backslash to the autoexec.bat
+ example file and a new Windows character device name with
+ a colon as examples of other characters that are special
+ and potentially dangerous (this reverts and reworks commit
+ 7d8d2a54).
-Kamil Dudka (9 Aug 2012)
-- docs: update the links to cipher-suites supported by NSS
+Daniel Stenberg (3 Jun 2013)
+- curl_multi_wait: reduce timeout if the multi handle wants to
- ... and make the list of cipher-suites in nss.c readable by humans.
+ If the multi handle's pending timeout is less than what is passed into
+ this function, it will now opt to use the shorter time anyway since it
+ is a very good hint that the handle wants to process something in a
+ shorter time than what otherwise would happen.
- Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
-
-- nss: do not print misleading NSS error codes
+ curl_multi_wait.3 was updated accordingly to clarify
+
+ This is the reason for bug #1224
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1224
+ Reported-by: Andrii Moiseiev
-Daniel Stenberg (8 Aug 2012)
-- RELEASE-NOTES: synced with 0774386b23
+- multi_runsingle: switch an if() condition for readability
- 5 more bug fixes, one change, 6 contributors
+ ... because there's an identical check right next to it so using the
+ operators in the check in the same order increases readability.
-- [Armel Asselin brought this change]
+Marc Hoersken (2 Jun 2013)
+- curl_schannel.c: Removed variable unused since 35874298e4
- docs: mention CURLSSH_AUTH_AGENT
+- curl_setup.h: Fixed redefinition warning using mingw-w64
-- [Armel Asselin brought this change]
+Daniel Stenberg (30 May 2013)
+- multi_runsingle: add braces to clarify the code
- SSH: added agent based authentication
+- libcurl-tutorial.3: remove incorrect backslash
- CURLSSH_AUTH_AGENT is a new auth type for SSH
+ A single backslash in the content is not legal nroff syntax.
+
+ Reported and fixed by: Eric S. Raymond
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1234
-- bump version to 7.28.0
+- curl_formadd.3: fixed wrong "end-marker" syntax
- I am about to merge the first patch that adds changes into the pending
- release, and thus we bump the minor number.
+ Reported and fixed by: Eric S. Raymond
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1233
-- RELEASE-NOTES: added missing link
+- curl.1: clarify that --silent still outputs data
-- curl_version: fixed Value stored to 'len' is never read
+- Digest auth: escape user names with \ or " in them
+
+ When sending the HTTP Authorization: header for digest, the user name
+ needs to be escaped if it contains a double-quote or backslash.
- Fixed this (harmless) clang-analyzer warning. Also fixed the source
- indentation level.
+ Test 1229 was added to verify
+
+ Reported and fixed by: Nach M. S
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1230
-- TODO-RELEASE: the (nil) bug is fixed
+- [Mike Giancola brought this change]
-- add_next_timeout: minor restructure of code
+ ossl_recv: SSL_read() returning 0 is an error too
- By reading the ->head pointer and using that instead of the ->size
- number to figure out if there's a list remaining we avoid the (false
- positive) clang-analyzer warning that we might dereference of a null
- pointer.
+ SSL_read can return 0 for "not successful", according to the open SSL
+ documentation: http://www.openssl.org/docs/ssl/SSL_read.html
-- verbose messages: fixed output of hostnames in re-used connections
-
- I suspect this is a regression introduced in commit 207cf150, included
- since 7.24.0.
+- [Mike Giancola brought this change]
+
+ ossl_send: SSL_write() returning 0 is an error too
- Avoid showing '(nil)' as hostname in verbose output by making sure the
- hostname fixup function is called early enough to set the pointers that
- are used for this. The name data is set again for each request even for
- re-used connections to handle multiple hostnames over the same
- connection (like with proxy) or that the casing etc of the host name is
- changed between requests (which has proven to be important at least once
- in the past).
+ We found that in specific cases if the connection is abruptly closed,
+ the underlying socket is listed in a close_wait state. We continue to
+ call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs
+ report the socket closed / connection finished. Since we have cases
+ where the multi connection is only used once, this can pose a problem
+ for us. I've read that if another connection was to come in, curl would
+ see the socket as bad and attempt to close it at that time -
+ unfortunately, this does not work for us.
- Test1011 was modified to use a redirect with a re-used a connection
- since it then showed the bug and now lo longer does. There's currently
- no easy way to have the test suite detect 'nil' texts in verbose ouputs
- so no tests will detect if this problem gets reintroduced.
+ I found that in specific situations, if SSL_write returns 0, curl did
+ not recognize the socket as closed (or errored out) and did not report
+ it to the application. I believe we need to change the code slightly, to
+ check if ssl_write returns 0. If so, treat it as an error - the same as
+ a negative return code.
- Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
- Reported by: Gisle Vanem
-
-- [Nick Zitzmann brought this change]
-
- metalink: Un-broke the build when building --with-darwinssl
+ For OpenSSL - the ssl_write documentation is here:
+ http://www.openssl.org/docs/ssl/SSL_write.html
-Guenter Knauf (8 Aug 2012)
-- Fix some compiler warnings.
+- KNOWN_BUGS: curl -OJC- fails to resume
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1169
-Daniel Stenberg (8 Aug 2012)
-- TODO-RELEASE: two bugs fixed
+- Curl_cookie_add: handle IPv6 hosts
- These are now addressed:
+ 1 - don't skip host names with a colon in them in an attempt to bail out
+ on HTTP headers in the cookie file parser. It was only a shortcut anyway
+ and trying to parse a file with HTTP headers will still be handled, only
+ slightly slower.
- 323 - patch - select.c / Curl_socket_check() interrupted
+ 2 - don't skip domain names based on number of dots. The original
+ netscape cookie spec had this oddity mentioned and while our code
+ decreased the check to only check for two, the existing cookie spec has
+ no such dot counting required.
- 325 - Avoid leak of local device string when reusing connection
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1221
+ Reported-by: Stefan Neis
-- curl.1: minor format fix for --data-ascii
+- curl_easy_setopt.3: expand the PROGRESSFUNCTION section
- ... and removal of trailing whitespace on a single line
-
-- [Ant Bryan brought this change]
+ Explain the callback and its arguments better and with more descriptive
+ text.
- curl man page cleanup
+- tests: add test1394 file to the tarball
-- [Mike Crowe brought this change]
+- tarball: include the xmlstream example
- Avoid leak of local device string when reusing connection
-
- Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
- decide we can reuse an existing connection.
+- [David Strauss brought this change]
-- Curl_socket_check: fix timeout return value for select users
+ xmlstream: XML stream parsing example source code
- This is the same fix applied for the conditional code that uses select()
- that was already done for the poll specific code in commit
- b61e8b81f5038.
+ Add an XML stream parsing example using Expat. Add missing ignore for
+ the binary from an unrelated example.
-- [Maxime Larocque brought this change]
+- [YAMADA Yasuharu brought this change]
- Curl_socket_check: fix return code for timeout
-
- We found a problem with ftp transfer using libcurl (7.23 and 7.25)
- inside an application which is receiving unix signals (SIGUSR1,
- SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
- defined).
+ cookies: only consider full path matches
- Curl_socket_check() uses poll() to wait for the socket, and retries it
- when a signal is received (EINTR). However, if a signal is received and
- it also happens that the timeout has been reached, Curl_socket_check()
- returns -1 instead of 0 (indicating an error instead of a timeout).
+ I found a bug which cURL sends cookies to the path not to aim at.
+ For example:
+ - cURL sends a request to http://example.fake/hoge/
+ - server returns cookie which with path=/hoge;
+ the point is there is NOT the '/' end of path string.
+ - cURL sends a request to http://example.fake/hogege/ with the cookie.
- In our case, the result is an aborted connection even before the ftp
- banner is received from the server, and a return value of
- CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
- in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
- Funny to debug on a system on which OOM is a possible cause).
+ The reason for this old "feature" is because that behavior is what is
+ described in the original netscape cookie spec:
+ http://curl.haxx.se/rfc/cookie_spec.html
- Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html
+ The current cookie spec (RFC6265) clarifies the situation:
+ http://tools.ietf.org/html/rfc6265#section-5.2.4
-- RELEASE-NOTES: synced with b4a558041fdf65c0
+- [Eric Hu brought this change]
-- TODO-RELEASE: fixed another bug
-
- bug #3544688 "crash during retry with libcurl and SFTP"
+ axtls: prevent memleaks on SSL handshake failures
-- WSAPoll: disabled on all windows builds
+- Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"
- Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
- library is used to setup a connection to an incorrect port, normally the
- result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
- the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
- reached */.
+ This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab.
- On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
- Online (https://premier.microsoft.com/). The support engineer handling
- the case wrote that the case description is quite clear. He will try to
- reproduce the issue and then proceed with troubleshooting it.
+ We don't have any code anywhere in libcurl (or the curl tool) that use
+ wcsdup so there's no such memory use to track. It seems to cause mild
+ problems with the Borland compiler though that we may avoid by reverting
+ this change again.
- Reported by: Jan Koen Annot
- Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html
+ Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
-- retry request: only access the HTTP data if in fact HTTP
-
- When figuring out if the data stream needs to be rewound when the
- request is to be resent, we must not access the HTTP struct unless the
- protocol used is indeed HTTP...
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3544688
+- RELEASE-NOTES: synced with ae26ee3489588f0
-- TODO: support DANE, we already support gnutls without gcrypt
+Guenter Knauf (11 May 2013)
+- Updated zlib version in build files.
-- curl-config: parentheses fix
-
- Braces, not parentheses, should be used for shell variable names.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3551460
- Reported by: Edward Sheldrake
+Daniel Stenberg (9 May 2013)
+- [Renaud Guillard brought this change]
-- VC build: add define for openssl
-
- This fixes a build failure of lib/ssluse.c.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3552997
+ OS X framework: fix invalid symbolic link
-- TODO-RELEASE: two bugs fixed!
+Kamil Dudka (9 May 2013)
+- [Daniel Stenberg brought this change]
-- globbing: fix segfault when >9 globs were used
+ nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
- Stupid lack of range checks caused the code to overwrite local variables
- after glob number nine. Added checks now.
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3546353
+ Reported by: David Strauss
+ Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
-- [Joe Mason brought this change]
+Daniel Stenberg (8 May 2013)
+- libtest: gitignore more binary files
- sws: close sockets properly
-
- Fix a bug where closed sockets (fd -1) were left in the all_sockets
- list, because of missing parens in a pointer arithmetic expression
+- servercert: allow empty subject
- Reenable the tests that were locking up due to this bug.
-
-- [Joe Mason brought this change]
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1220
+ Patch by: John Gardiner Myers
- Remove debug logs that were accidentally checked in
+- [Steve Holme brought this change]
-- [Joe Mason brought this change]
+ tests: Added new SMTP tests to verify commit 99b40451836d
- Use select in sws, which has better cross-platform support than poll
+- runtests.pl: support nonewline="yes" in client/stdin sections
-- [Joe Mason brought this change]
+- build: fixed unit1394 for debug and metlink builds
- Use cross-platform curlx_nonblock instead of fcntl in sws
+Kamil Dudka (6 May 2013)
+- unit1394.c: plug the curl tool unit test in
-- operate: fix clang-analyzer warnings for never read variables
-
- Two separate "Value stored to 'XXX' is never read" warnings
+- [Jared Jennings brought this change]
-- operate: fix clang-analyzer warning
-
- Value stored to 'separator' is never read
+ unit1394.c: basis of a unit test for parse_cert_parameter()
-- metalink: change code order to build with gnutls-nettle
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
- Reported by: Anthony G. Basile
+- src/Makefile.am: build static lib for unit tests if enabled
-- gtls: fix build failure by including nettle-specific headers
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
- Reported by: Anthony G. Basile
+- tool_getparam: ensure string termination in parse_cert_parameter()
-Guenter Knauf (6 Aug 2012)
-- Fixed compiler warning - argument is type long.
+- tool_getparam: fix memleak in handling the -E option
-Daniel Stenberg (6 Aug 2012)
-- DISABLED: disable the new tests that do NTLM
+- tool_getparam: describe what parse_cert_parameter() does
- The tests 2025, 2028 and 2031 don't work for me so I'll have them
- disabled for now until we solve the problem.
+ ... and de-duplicate the code initializing *passphrase
-Joe Mason (3 Aug 2012)
-- Add tests of auth retries
+- curl.1: document escape sequences recognized by -E
-- Cleanup handshake after clean NTLM failure
+- [Jared Jennings brought this change]
-- Zero out auth structs before transfer
+ curl -E: allow to escape ':' in cert nickname
-- Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and
- SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value
- of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they
- won't continue reading until after poll is called again.
+Marc Hoersken (5 May 2013)
+- curl_schannel.c: Fixed invalid memory access during SSL shutdown
-- Change return values of get_request, accept_connection and service_connection to add a return code
- for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0
- means there is no data available now so need to wait for poll (new return value)
+Steve Holme (4 May 2013)
+- smtp: Fix trailing whitespace warning
-- Hoist the loop out of get_request, and make sure that it can be reentered when a request is
- half-finished.
-
- Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we
- initialize it from the caller we must be careful not to overwrite the pipeline data.
-
- Also we now need to handle the case where the buffer is already full when get_request is called -
- previously this never happened as it was always called with an empty buffer and looped until done.
+- smtp: Fix compilation warning
- Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll
- signals it is readable.
+ comparison between signed and unsigned integer expressions
-- Move blocks of code from the sws main loop into their own functions for easier refactoring later.
- The next step will be to call the correct function after a poll, rather than looping unconditionally
+- RELEASE-NOTES: synced with 92ef5f19c801
-- Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should
- be redundant once we poll
+- smtp: Updated RFC-2821 references to RFC-5321
-Kamil Dudka (30 Jul 2012)
-- file: use fdopen() for uploaded files if available
+- smtp: Fixed sending of double CRLF caused by first in EOB
- It eliminates noisy events when using inotify and fixes a TOCTOU issue.
+ If the mail sent during the transfer contains a terminating <CRLF> then
+ we should not send the first <CRLF> of the EOB as specified in RFC-5321.
- Bug: https://bugzilla.redhat.com/844385
+ Additionally don't send the <CRLF> if there is "no mail data" as the
+ DATA command already includes it.
-Guenter Knauf (29 Jul 2012)
-- Added DWANT_IDN_PROTOTYPES define for MSVC too.
+- tests: Corrected MAIL SIZE for CRLF line endings
- Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html
+ ... which was missed in commit: f5c3d9538452
-- Added Win32 problems.
-
-- Added hint to read docs/INSTALL too.
-
-- Added new file to distro.
-
-Steve Holme (28 Jul 2012)
-- TODO: Updated after 7.27.0 release
-
- Removed APOP and SASL authentication from the POP3 section and metalink
- support from the client section as these features were implemented in
- this release.
+- tests: Corrected infilesize for CRLF line endings
- Moved adding gssapi to SASL into it's own section rather than repeat it
- for each protocol.
+ ... which was missed in commit: f5c3d9538452
-Daniel Stenberg (28 Jul 2012)
-- TODO-RELEASE: updated after 7.27.0 release
+- tests: Corrected test1406 to be RFC2821 compliant
-- THANKS: 12 new contributors from the 7.27.0 release
+- tests: Corrected test1320 to be RFC2821 compliant
-- version bump: start towards next release
+- tests: Corrected typo in test909
- Let's call it 7.27.1 for now, but it it probably going to become 7.28.0
- when released.
+ Introduced in commit: 514817669e9e
-Version 7.27.0 (27 Jul 2012)
+- tests: Corrected test909 to be RFC2821 compliant
-Guenter Knauf (27 Jul 2012)
-- Fixed compiler warning 'unused parameter'.
-
-- Added prototypes to kill compiler warning.
-
-- Added --with-winidn to configure.
+- tests: Updated test references to 909 from 1411
- This needs another look from the configure experts. I tested that
- it works so far with MinGW64 cross-compiler; libcurl builds and
- links fine, but curl not yet ...
+ ...and removed references to libcurl and test1406.
-Daniel Stenberg (27 Jul 2012)
-- [Ant Bryan brought this change]
+- tests: Renamed test1411 to test909 as this is a main SMTP test
- Update man page info on --metalink and typo.
+Daniel Stenberg (1 May 2013)
+- [Lars Johannesen brought this change]
-- RELEASE-NOTES: remove mentioned of bug never in a release
+ bindlocal: move brace out of #ifdef
- The --silent bug came with 7561a0fc834c435 which was never in a release.
- Pointed out by Kamil Dudka
-
-- RELEASE-NOTES: synced with 33b815e894fb
+ The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two
+ closing braces when it should only have one, so builds without that
+ define would fail.
- 4 more bugfixes, 3 more contributors
+ Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html
-Guenter Knauf (26 Jul 2012)
-- Changed Windows IDN text to 'WinIDN'.
+Steve Holme (30 Apr 2013)
+- smtp: Tidy up to move the eob counter to the per-request structure
- Synced the output to the same short form as we now use for
- Windows SSL (WinSSL).
+ Move the eob counter from the smtp_conn structure to the SMTP structure
+ as it is associated with a SMTP payload on a per-request basis.
-Daniel Stenberg (25 Jul 2012)
-- [Nick Zitzmann brought this change]
+- TODO: Updated following the addition of CURLOPT_SASL_IR
- darwinssl: fixed freeze involving the multi interface
+- smtp: Fixed unknown percentage complete in progress bar
- Previously the curl_multi interface would freeze if darwinssl was
- enabled and at least one of the handles tried to connect to a Web site
- using HTTPS. Removed the "wouldblock" state darwinssl was using because
- I figured out a solution for our "would block but in which direction?"
- dilemma.
+ The curl command line utility would display the the completed progress
+ bar with a percentage of zero as the progress routines didn't know the
+ size of the transfer.
-Guenter Knauf (25 Jul 2012)
-- Added support for tls-srp to MinGW builds.
-
-Daniel Stenberg (24 Jul 2012)
-- curl_easy_setopt: fix typo
+Daniel Stenberg (29 Apr 2013)
+- ftpserver: silence warnings
- Reported by: Santhana Todatry
+ Fix regressions in commit b56e3d43e5d. Make @data local and filter off
+ non-numerical digits from $testno in STATUS_imap.
-- keepalive: multiply value for OS-specific units
-
- DragonFly uses milliseconds, while our API and Linux use full seconds.
+Steve Holme (29 Apr 2013)
+- ftpserver.pl: Corrected the imap LOGIN response
- Reported by: John Marino
- Bug: http://curl.haxx.se/bug/view.cgi?id=3546257
+ ...to be more realistic and consistent with the other imap responses.
-Kamil Dudka (22 Jul 2012)
-- http: print reason phrase from HTTP status line on error
-
- Bug: https://bugzilla.redhat.com/676596
+- tests: Added imap STATUS command test
-- tool_operate: fix misplaced initialization of orig_noprogress
+- tests: Corrected the SMTP tests to be RFC2821 compliant
- ... and orig_isatty which caused --silent to be entirely ignored in case
- the standard output was redirected to a file!
-
-Daniel Stenberg (21 Jul 2012)
-- [Anton Yabchinskiy brought this change]
+ The emails that are sent to the server during these tests were
+ incorrectly formatted as they contained one or more LF terminated lines
+ rather than being CRLF terminated as per Section 2.3.7 of RFC-2821.
+
+ This wasn't a problem for the test suite as the <stdin> data matched the
+ <upload> data but anyone using these tests as reference would be sending
+ incorrect data to a server.
- Client's "qop" value should not be quoted (RFC2617, section 3.2.2).
+- email: Tidy up of *_perform_authenticate()
+
+ Removed the hard returns from imap and pop3 by using the same style for
+ sending the authentication string as smtp. Moved the "Other mechanisms
+ not supported" check in smtp to match that of imap and pop3 to provide
+ consistency between the three email protocols.
-Guenter Knauf (21 Jul 2012)
-- Fixed typo.
+- smtp: Updated limit check to be more readable like the check in pop3
-Daniel Stenberg (20 Jul 2012)
-- make: make distclean work again
+- pop3: Added 255 octet limit check when sending initial response
- The clean-local hook needed some polish to make sure make distclean
- works. Added comment describing why.
-
-- test Makefile: only feature 'unit' once in the list of dirs
+ Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
-Dan Fandrich (20 Jul 2012)
-- Fixed some typos in documentation
+- DOCS: Corrected line length of recent Secure Transport changes
-Guenter Knauf (20 Jul 2012)
-- Fixed CR issue with Win32 version on MSYS.
+Nick Zitzmann (27 Apr 2013)
+- darwinssl: add TLS crypto authentication
- Previous fix didnt work on Linux ...
+ Users using the Secure Transport (darwinssl) back-end can now use a
+ certificate and private key to authenticate with a site using TLS. Because
+ Apple's security system is based around the keychain and does not have any
+ non-public function to create a SecIdentityRef data structure from data
+ loaded outside of the Keychain, the certificate and private key have to be
+ loaded into the Keychain first (using the certtool command line tool or
+ the Security framework's C API) before we can find it and use it.
-- Fixed CR issue with Win32 version on MSYS.
+Steve Holme (27 Apr 2013)
+- Corrected version numbers after bump
-- Fixed MSYS <-> Windows path convertion.
+Daniel Stenberg (27 Apr 2013)
+- bump version
- Replaced the Windows real path from mount hack with a more
- reliable and simpler hack: the MSYS shell has a builtin pwd
- which understands a -W option which does convertion to Windows
- paths. Tested and confirmed that this works on all MSYS versions
- I have back to a 3 year old one.
+ Since we're adding new stuff, the next release will bump the minor
+ version and we're looking forward to 7.31.0
-- Follow-up fix to detect SSL libs with MinGW.
+Steve Holme (27 Apr 2013)
+- RELEASE-NOTES: synced with f4e6e201b146
+
+- DOCS: Updated following the addition of CURLOPT_SASL_IR
- 1) the check for winssl needs to come before nss check
- 2) the SSL checks must begin with a new if or else we will
- never find any SSL lib with MinGW.
+ Documented the the option in curl_easy_setopt() and added it to
+ symbols-in-versions.
-- Tell git to not convert configure-related files.
+- tests: Corrected command line arguments in test907 and test908
-- Trial to teach runtests.pl about WinSSL.
+- tests: Added SMTP AUTH with initial response tests
-- Fixed warning 'uninitialized value in numeric gt'.
+- tests: Updated SMTP tests to decouple client initial response
- This is a MSYS/MinGW-only warning; full warning text is:
- Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227.
+ Updated test903 and test904 following the addition of CURLOPT_SASL_IR
+ as the default behaviour of SMTP AUTH responses is now to not include
+ the initial response. New tests with --sasl-ir support to follow.
-Daniel Stenberg (15 Jul 2012)
-- RELEASE-NOTES: synced with 9d11716933616
+- imap: Added support for overriding the SASL initial response
- Fixed 6 bugs, added 3 contributors
+ In addition to checking for the SASL-IR capability the user can override
+ the sending of the client's initial response in the AUTHENTICATION
+ command with the use of CURLOPT_SASL_IR should the server erroneously
+ not report SASL-IR when it does support it.
-- multi_runsingle: added precaution against easy_conn NULL pointer
+- smtp: Added support for disabling the SASL initial response
+
+ Updated the default behaviour of sending the client's initial response in the AUTH
+ command to not send it and added support for CURLOPT_SASL_IR to allow the user to
+ specify including the response.
- In many states the easy_conn pointer is referenced and just assumed to
- be working. This is an added extra check since analyzing indicates
- there's a risk we can end up in these states with a NULL pointer there.
+ Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html
+ Reported-by: Gokhan Sengun
-- getparam: fix the GetStr() macro
+- pop3: Added support for enabling the SASL initial response
- It should return PARAM_NO_MEM if the strdup fails. Spotted by
- clang-analyzer
+ Allowed the user to specify whether to send the client's intial response
+ in the AUTH command via CURLOPT_SASL_IR.
-Guenter Knauf (15 Jul 2012)
-- Tell git to not convert configure-related files.
+- sasl-ir: Added --sasl-ir option to curl command line tool
-Daniel Stenberg (13 Jul 2012)
-- parse_proxy: remove dead assignment
-
- Spotted by clang-analyzer
+- sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response
-- ftp_do_more: add missing check of return code
+Daniel Stenberg (26 Apr 2013)
+- curl_easy_init: use less mallocs
- Spotted by clang-analyzer. The return code was never checked, just
- stored.
-
-- getinfo: use va_end and cut off Curl_ from static funcs
+ By introducing an internal alternative to curl_multi_init() that accepts
+ parameters to set the hash sizes, easy handles will now use tiny socket
+ and connection hash tables since it will only ever add a single easy
+ handle to that multi handle.
- va_end() needs to be used after va_start() and we don't normally use
- Curl_ prefixes for purely static functions.
+ This decreased the number mallocs in test 40 (which is a rather simple
+ and typical easy interface use case) from 1142 to 138. The maximum
+ amount of memory allocated used went down from 118969 to 78805.
-- [Philip Craig brought this change]
-
- Split up Curl_getinfo
+Steve Holme (26 Apr 2013)
+- ftpserver.pl: Fixed imap logout confirmation data
- This avoids false positives from clang's scan-build.
-
-Guenter Knauf (12 Jul 2012)
-- Added error checking for curl_global_init().
-
-- Added curl_global_* functions.
+ An IMAP server should response with the BYE continuation response before
+ confirming the LOGOUT command was successful.
-- Minor fixes to MinGW makefiles.
-
-Daniel Stenberg (12 Jul 2012)
-- docs: mention CURL_GLOBAL_DEFAULT
-
-Guenter Knauf (12 Jul 2012)
-- Added curl_global_* functions.
-
-Daniel Stenberg (12 Jul 2012)
-- tests: verify the stricter numeric option parser
+Daniel Stenberg (26 Apr 2013)
+- ftp_state_pasv_resp: connect through proxy also when set by env
- Test 1409 and 1410 verifies the stricter numeric option parser
- introduced the other day in commit f2b6ebed7b.
-
-- SWS: use of uninitialized memory fix
+ When connecting back to an FTP server after having sent PASV/EPSV,
+ libcurl sometimes didn't use the proxy properly even though the proxy
+ was used for the initial connect.
- I made "connmon" not get initialized properly before use, and I use the
- big hammer and make sure we always clear the entire struct to avoid any
- problem like this in the future.
-
-- test48: verify that HEAD doesn't close extra
+ The function wrongly checked for the CURLOPT_PROXY variable to be set,
+ which made it act wrongly if the proxy information was set with an
+ environment variable.
- Two commits ago, we fixed a bug where the connction would be closed
- prematurely after a HEAD. Now I added connection-monitor to test 48 and
- added a second HEAD and make sure that both are sent over the same
- connection.
+ Added test case 711 to verify (based on 707 which uses --socks5). Also
+ added test712 to verify another variation of setting the proxy: with
+ --proxy socks5://
- This triggered a failure before the bug fix and now works. Will help us
- avoid a future regression of this kind.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1218
+ Reported-by: Zekun Ni
-- connection-monitor: always log disconnect when enabled
-
- This makes verifying easier and makes us more sure curl closes the
- connection only at the correct point in time. Adjusted test 206 and 1008
- accordingly and updated the docs for it.
+Kamil Dudka (26 Apr 2013)
+- [Zdenek Pavlas brought this change]
-- HEAD: don't force-close after response-headers
+ url: initialize speed-check data for file:// protocol
- A HEAD response has no body length and gets the headers like the
- corresponding GET would so it should not get closed after the response
- based on the same rules. This mistake caused connections that did HEAD
- to get closed too often without a valid reason.
+ ... in order to prevent an artificial timeout event based on stale
+ speed-check data from a previous network transfer. This commit fixes
+ a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
- Reported by: Eelco Dolstra
+ Bug: https://bugzilla.redhat.com/906031
-Guenter Knauf (12 Jul 2012)
-- Removed trailing empty strings from awk script.
+Daniel Stenberg (25 Apr 2013)
+- test709: clarify the test in the name
-- Cleaned up version awk script.
-
-- Added project copyright header.
+- sshserver: disable StrictHostKeyChecking
+
+ I couldn't figure out why the host key logic isn't working, but having
+ it set to yes prevents my SSH-based test cases to run. I also don't see
+ a strong need to use strict host key checking on this test server.
+
+ So I disabled it.
-- Removed libcurl.imp from Makefile.am.
+- runtests: log more commands in verbose mode
- Updated .gitignore for NetWare created files.
+ ... to aid tracking down failures
-- Added missing dependency to export list.
+Steve Holme (25 Apr 2013)
+- TODO: Corrected copy/paste typo
-- Fixed export list path.
+- TODO: Added new ideas for future SMTP, POP3 and IMAP features
-- Changed NetWare build to generate export list.
+- TODO: Updated following the addition of ;auth=<MECH> support
-- Added pointer to FAQ for linkage errors.
+- DOCS: Minor rewording / clarification of host name protocol detection
-- Small NetWare makefile tweak.
+- RELEASE-NOTES: synced with a8c92cb60890
-- Changed MinGW makefiles to use WINSSL now.
+- DOCS: Added reference to IETF draft for SMTP URL Interface
+
+ ...when mentioning login options. Additional minor clarification of
+ "Windows builds" to be "Windows builds with SSPI"as a way of enabling
+ NTLM as Windows builds may be built with OpenSSL to enable NTLM or
+ without NTLM support altogether.
-Daniel Stenberg (10 Jul 2012)
-- test231: fix wrong -C use!
+Linus Nielsen Feltzing (23 Apr 2013)
+- HISTORY: Fix spelling error.
-- cmdline: parse numerical options stricter
-
- 1 - str2offset() no longer accepts negative numbers since offsets are by
- nature positive.
+Steve Holme (23 Apr 2013)
+- DOCS: Reworked the scheme calculation explanation under CURLOPT_URL
+
+- url: Added smtp and pop3 hostnames to the protocol detection list
+
+Daniel Stenberg (23 Apr 2013)
+- HISTORY: correct some years/dates
- 2 - introduced str2unum() for the command line parser that accepts
- numericals which are not supposed to be negative, so that it will
- properly complain on apparent bad uses and mistakes.
+ Thanks to archive.org's wayback machine I updated this document with
+ some facts from the early httpget/urlget web page:
- Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html
+ http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html
-- docs: switch to proper UTF-8 for text file encoding
+- [Alessandro Ghedini brought this change]
-Yang Tse (9 Jul 2012)
-- Make Curl_schannel_version() return "WinSSL"
-
- Modification based on voting result:
+ tests: add test1511 to check timecond clean-up
- http://curl.haxx.se/mail/lib-2012-07/0104.html
+ Verifies the timecond fix in commit c49ed0b6c0f
+
+- [Alessandro Ghedini brought this change]
-Daniel Stenberg (9 Jul 2012)
-- test 46: use different path lengths to get reliable sort order
+ getinfo.c: reset timecond when clearing session-info variables
- Since the order of the cookies is sorted by the length of the paths,
- having them on the same path length will make the test depend on what
- order the qsort() implementation will put them. As seen in the
- windows/msys output posted by Guenter in this posting:
- http://curl.haxx.se/mail/lib-2012-07/0105.html
+ Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783
+ Reported-by: Ludovico Cavedon <cavedon@debian.org>
-- cookie: fixed typo in comment
+Steve Holme (22 Apr 2013)
+- DOCS: Added information about login options to CURLOPT_USERPWD
-- [Christian Hägele brought this change]
+- DOCS: Added information about login options in the URL
- https_getsock: provided for schannel backend as well
+- url: Fixed missing length check in parse_proxy()
- The function https_getsock was only implemented properly when USE_SSLEAY
- or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.
+ Commit 11332577b3cb removed the length check that was performed by the
+ old scanf() code.
+
+- url: Fixed crash when no username or password supplied for proxy
- The problem occurs when Curl_read_plain or Curl_write_plain returns
- CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
- the used socket is set to state CURL_POLL_REMOVE and the easy-state is
- set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
- should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
- where https_getsock is called and doesn't return any sockets.
+ Fixed an issue in parse_proxy(), introduced in commit 11332577b3cb,
+ where an empty username or password (For example: http://:@example.com)
+ would cause a crash.
-- RELEASE-NOTES: added a URL reference to cookie docs
+- url: Removed unused text length constants
-Guenter Knauf (8 Jul 2012)
-- Removed obsolete include path to project root.
+- url: Updated proxy URL parsing to use parse_login_details()
-Daniel Stenberg (8 Jul 2012)
-- TODO-RELEASE: issue 316 NTLM over proxy is fixed
+- url: Tidy up of setstropt_userpwd() parameters
+
+ Updated the naming convention of the login parameters to match those of
+ other functions.
-- [Nick Zitzmann brought this change]
+- url: Tidy up of code and comments following recent changes
+
+ Tidy up of variable names and comments in setstropt_userpwd() and
+ parse_login_details().
- darwinssl: don't use arc4random_buf
+- url: Simplified setstropt_userpwd() following recent changes
- Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
- function is not available prior to iOS 4.3 and OS X 10.7.
+ There is no need to perform separate clearing of data if a NULL option
+ pointer is passed in. Instead this operation can be performed by simply
+ not calling parse_login_details() and letting the rest of the code do
+ the work.
-- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format
+- url: Correction to scope of if statements when setting data
-- KNOWN_BUGS: #79 - any RCPT TO failure makes and error
+- url: Fixed memory leak in setstropt_userpwd()
+
+ setstropt_userpwd() was calling setstropt() in commit fddb7b44a79d to
+ set each of the login details which would duplicate the strings and
+ subsequently cause a memory leak.
-Marc Hoersken (8 Jul 2012)
-- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help
+- RELEASE-NOTES: synced with d535c4a2e1f7
-- winbuild: Make USE_WINSSL depend on USE_SSPI
+- url: Added overriding of URL login options from CURLOPT_USERPWD
+
+- tool_paramhlp: Fixed options being included in username
- Since WinSSL cannot be build without SSPI being enabled,
- USE_WINSSL now defaults to the value of USE_SSPI.
+ Fix to prevent the options from being displayed when curl requests the
+ user's password if the following command line is specified:
- The makefile does now raise an error if WinSSL is enabled
- while SSPI is disabled.
+ --user username;options
-- winbuild: Aligned USE_SSPI with other USE_x defines
+- url: Added support for parsing login options from the CURLOPT_USERPWD
- Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no.
- Backwards compatible change: USE_SSPI can still be passed as external
- parameter with yes/no value as long as ENABLE_SSPI is not given.
+ In addition to parsing the optional login options from the URL, added
+ support for parsing them from CURLOPT_USERPWD, to allow the following
+ supported command line:
- USE_x defines are passed around with true/false values internally,
- USE_SSPI is now aligned to this approach, but still accepts external
- values yes/no being passed, just like the other defines.
+ --user username:password;options
-- winbuild: Clean up formatting and variable naming
+- url: Added bounds checking to parse_login_details()
- - Changed space usage to line up with the whole file
- - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be
- consistent with the other CFLAGS_x variables
- - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS)
- instead of appending directly to CFLAGS
+ Added bounds checking when searching for the separator characters within
+ the login string as this string may not be NULL terminated (For example
+ it is the login part of a URL). We do this in preference to allocating a
+ new string to copy the login details into which could then be passed to
+ parse_login_details() for performance reasons.
+
+- url: Added size_t cast to pointer based length calculations
-Daniel Stenberg (7 Jul 2012)
-- [Nick Zitzmann brought this change]
+- url: Corrected minor typo in comment
- darwinssl: output cipher with text, remove SNI warning
+Daniel Stenberg (18 Apr 2013)
+- CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
- The code was printing a warning when SNI was set up successfully. Oops.
+ When cross-compiling we can't scan and detect existing files or paths.
- Printing the cipher number in verbose mode was something only TLS/SSL
- programmers might understand, so I had it print the name of the cipher,
- just like in the OpenSSL code. That'll be at least a little bit easier
- to understand. The SecureTransport API doesn't have a method of getting
- a string from a cipher like OpenSSL does, so I had to generate the
- strings manually.
+ Bug: http://curl.haxx.se/mail/lib-2013-04/0294.html
-- RELEASE-NOTES: synced with 5a99bce07d
+- [Ishan SinghLevett brought this change]
-- KNOWN_BUGS: NTLM with unicode works with schannel/winssl!
+ usercertinmem.c: add example showing user cert in memory
- Bug #75 updated with additional info, still remains for builds with
- other backends.
+ Relies on CURLOPT_SSL_CTX_FUNCTION, which is OpenSSL specific
-- code police: narrow source to < 80 columns
+Steve Holme (18 Apr 2013)
+- url: Fix chksrc longer than 79 columns warning
-Yang Tse (5 Jul 2012)
-- unicode NTLM SSPI: cleanup follow-up
+- url: Fix incorrect variable type for result code
-- unicode NTLM SSPI: cleanup
+- url: Fix compiler warning
- Reduce the number of #ifdef UNICODE directives used in source files.
+ signed and unsigned type in conditional expression
-Daniel Stenberg (5 Jul 2012)
-- tests: use connection-monitor and verify results
+- url: Moved parsing of login details out of parse_url_login()
- Test 1008 and 206 don't show the disconnect since it happens when SWS
- awaits a new request, but 503 does and so the verify section needs that
- string added.
+ Separated the parsing of login details from the processing of them in
+ parse_url_login() ready for use by setstropt_userpwd().
-- http-proxy: keep CONNECT connections alive (for NTLM)
-
- When doing CONNECT requests, libcurl must make sure the connection is
- alive as much as possible. NTLM requires it and it is generally good for
- other cases as well.
-
- NTLM over CONNECT requests has been broken since this regression I
- introduced in my CONNECT cleanup commits that started with 41b02378342,
- included since 7.25.0.
+- url: Re-factored set_userpass() and parse_url_userpass()
- Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
- Reported by: Marcel Raad
+ Re-factored these functions to reflect their new behaviour following the
+ addition of login options.
-- sws: support <servercmd> for CONNECT requests
-
- I moved out the servercmd parsing into a its own function called
- parse_servercmd() and made sure it gets used also when the test number
- is extracted from CONNECT requests. It turned out sws didn't do that
- previously!
+- url: Reworked URL parsing to allow overriding by CURLOPT_USERPWD
-- FILEFORMAT: provided a full description of connection-monitor
+Daniel Stenberg (18 Apr 2013)
+- maketgz: make bzip2 creation work with Parallel BZIP2 too
+
+ Apparently the previous usage didn't work with that implementation,
+ while this updated version works with at least both Parallel BZIP2
+ v1.1.8 and regular bzip "Version 1.0.6, 6-Sept-2010".
-- lib503: enable verbose to ease debugging this
+Linus Nielsen Feltzing (18 Apr 2013)
+- Add tests/http_pipe.py to the tarball build
-- sws: add 'connection-monitor' command support
-
- Using this, the server will output in the protocol log when the
- connection gets disconnected and thus we will verify correctly in the
- test cases that the connection doesn't get closed prematurely. This is
- important for example NTLM to work.
+Steve Holme (16 Apr 2013)
+- smtp: Re-factored all perform based functions
- Documentation added to FILEFORMAT, test 503 updated to use this.
+ Standardised the naming of all perform based functions to be in the form
+ smtp_perform_something().
-Guenter Knauf (4 Jul 2012)
-- Removed non-used variable.
+- smtp: Added description comments to all perform based functions
-- Added error checking for samples.
+- smtp: Moved smtp_quit() to be with the other perform functions
-- Renamed vars to avoid shadow global declaration.
+- smtp: Moved smtp_rcpt_to() to be with the other perform functions
-Daniel Stenberg (3 Jul 2012)
-- docs: clarify how to start with curl_multi_socket_action
-
- Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical
- application.
+- smtp: Moved smtp_mail() to be with the other perform functions
-Guenter Knauf (3 Jul 2012)
-- Moved some patterns to subfolder's .gitignore.
+Daniel Stenberg (16 Apr 2013)
+- [Wouter Van Rooy brought this change]
-- Merge branch 'master' of ssh://github.com/bagder/curl
+ curl-config: don't output static libs when they are disabled
+
+ Curl-config outputs static libraries even when they are disabled in
+ configure.
+
+ This causes problems with the build of pycurl.
-- MinGW makefile tweaks for running from sh.
+- [Dave Reisner brought this change]
+
+ docs/libcurl: fix formatting in manpage
- Added function macros to make path converting easier.
- Added CROSSPREFIX to all compile tools.
+ Commit c3ea3eb6 introduced some minor cosmetic errors in
+ curl_mutli_socket_action(3).
-Yang Tse (3 Jul 2012)
-- [Marc Hoersken brought this change]
+- [Paul Howarth brought this change]
- curl_ntlm_msgs.c: Removed unused variable passwd
+ Add extra libs for lib1900 and lib2033 test programs
+
+ These are needed in cases where clock_gettime is used, from librt.
-Guenter Knauf (3 Jul 2012)
-- Added files generated by mingw32, eclipse and VC.
+Dan Fandrich (15 Apr 2013)
+- FAQ: mention that the network connection can be monitored
- Posted by Marc Hoersken.
+ Also note the prohibition on sharing handles across threads.
-Daniel Stenberg (3 Jul 2012)
-- cookies: change the URL in the cookie jar file header
+Steve Holme (15 Apr 2013)
+- pop3: Added missing comment for pop3_state_apop_resp()
-- HTTP-COOKIES: clarified and modified layout
+- smtp: Updated the coding style of smtp_state_servergreet_resp()
+
+ Updated the coding style, in this function, to be consistant with other
+ response functions rather then performing a hard return on failure.
-- HTTP-COOKIES: use the FAQ document layout
+- pop3: Updated the coding style of pop3_state_servergreet_resp()
+
+ Updated the coding style, in this function, to be consistent with other
+ response functions rather then performing a hard return on failure.
-- HTTP-COOKIES: added cookie documentation
+- pop3: Re-factored all perform based functions
+
+ Standardised the naming of all perform based functions to be in the form
+ pop3_perform_something() following the changes made to IMAP.
-Yang Tse (3 Jul 2012)
-- curl_ntlm_msgs.c: include <tchar.h> for prototypes
+- pop3: Added description comments to all perform based functions
-- [Neil Bowers brought this change]
+- pop3: Moved pop3_quit() to be with the other perform functions
- testcurl.pl: fix missing semicolon
+- pop3: Moved pop3_command() to be with the other perform functions
+
+ Started to apply the same tidy up to the POP3 code as applied to the
+ IMAP code in the 7.30.0 release.
-Daniel Stenberg (2 Jul 2012)
-- [Christian Hägele brought this change]
+- RELEASE-NOTES: Removed erroneous spaces
- unicode NTLM SSPI: heap corruption fixed
-
- When compiling libcurl with UNICODE defined and using unicode characters
- in username.
+- RELEASE-NOTES: synced with 8723cade21fb
-Yang Tse (2 Jul 2012)
-- testcurl.pl: allow non in-tree c-ares enabled autobuild
+- smtp: Added support for ;auth=<mech> in the URL
+
+ Added support for specifying the preferred authentication mechanism in
+ the URL as per Internet-Draft 'draft-earhart-url-smtp-00'.
-- configure.ac: verify that libmetalink is new enough
+- pop3: Reworked authentication type constants
- Enabling test2017 to test2022.
+ ... to use left-shifted values, like those defined in curl.h, rather
+ than 16-bit hexadecimal values.
-- [Tatsuhiro Tsujikawa brought this change]
+- pop3: Small consistency tidy up
- curl: Added runtime version check for libmetalink
+- pop3: Added support for ;auth=<mech> in the URL
+
+ Added support for specifying the preferred authentication type and SASL
+ mechanism in the URL as per RFC-2384.
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: Added support for ;auth=<mech> in the URL
+
+ Added support for specifying the preferred authentication mechanism in
+ the URL as per RFC-5092.
- Include metalink/metalink.h for libmetalink functions
+- sasl: Reworked SASL mechanism constants
+
+ ... to use left-shifted values, like those defined in curl.h, rather
+ than 16-bit hexadecimal values.
-Daniel Stenberg (2 Jul 2012)
-- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore
+- sasl: Added predefined preferred mechanism values
+
+ In preparation for the upcoming changes to IMAP, POP3 and SMTP added
+ preferred mechanism values.
-- release: cleaned up plans for this and coming release
+- url: Added support for parsing login options from the URL
+
+ As well as parsing the username and password from the URL, added support
+ for parsing the optional options part from the login details, to allow
+ the following supported URL format:
+
+ schema://username:password;options@example.com/path?q=foobar
+
+ This will only be used by IMAP, POP3 and SMTP at present but any
+ protocol that may be given login options in the URL will be able to
+ add support for them.
-Yang Tse (29 Jun 2012)
-- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang
+- smtp: Fix compiler warning
- Currently it is unknown if there is any version of clang that
- actually supports -Wstrict-aliasing. What is known is that there
- are several that don't support it.
+ warning: unused variable 'smtp' introduced in commit 73cbd21b5ee6.
+
+- smtp: Moved parsing of url path into separate function
-- test2017 to test2022: more metalink tests
+Daniel Stenberg (12 Apr 2013)
+- FTP: handle a 230 welcome response
- With this commit, checks done in previous test2017 are now done in test2018.
+ ...instead of the 220 we otherwise expect.
- Whole range test2017 to test2022 DISABLED until configure is capable of
- requiring a new-enough metalink library.
+ Made the ftpserver.pl support sending a custom "welcome" and then
+ created test 1219 to verify this fix with such a 230 welcome.
- Don't try these without mentioned check in place!
+ Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html
+ Reported by: Anders Havn
-- test2005 to test2016: improve failure detection
-
-- lib582.c: fix conversion warning
+- configure: try pthread_create without -lpthread
+
+ For libc variants without a spearate pthread lib (like bionic), try
+ using pthreads without the pthreads lib first and only if that fails try
+ the -lpthread linker flag.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1216
+ Reported by: Duncan
-- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes
+- FTP: access files in root dir correctly
+
+ Accessing a file with an absolute path in the root dir but with no
+ directory specified was not handled correctly. This fix comes with four
+ new test cases that verify it.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html
+ Reported by: Sam Deane
-- [Marc Hoersken brought this change]
+Steve Holme (12 Apr 2013)
+- pop3: Reworked the function description for Curl_pop3_write()
- nss.c: Fixed size_t conversion warnings
+- pop3: Added function description to pop3_parse_custom_request()
-- sslgen.c: cleanup temporary compile-time SSL-backend check
+- pop3: Moved utility functions to end of pop3.c
-Daniel Stenberg (28 Jun 2012)
-- schannel: provide two additional (dummy) API defines
+Nick Zitzmann (12 Apr 2013)
+- darwinssl: add TLS session resumption
+
+ This ought to speed up additional TLS handshakes, at least in theory.
-Yang Tse (28 Jun 2012)
-- [Tatsuhiro Tsujikawa brought this change]
+Steve Holme (12 Apr 2013)
+- imap: Added function description to imap_parse_custom_request()
- Metalink: message updates
+- imap: Moved utility functions to end of imap.c (Part 3/3)
- Print "parsing (...) OK" only when no warnings are generated. If
- no file is found in Metalink, treat it FAILED.
+ Moved imap_is_bchar() be with the other utility based functions.
+
+- imap: Moved utility functions to end of imap.c (Part 2/3)
- If no digest is provided, print WARNING in parse_metalink().
- Also print validating FAILED after download.
+ Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the
+ file allowing all utility functions to be grouped together.
+
+- imap: Moved utility functions to end of imap.c (Part 1/3)
- These changes make tests 2012 to 2016 pass.
+ Moved imap_atom() and imap_sendf() to the end of the file allowing all
+ utility functions to be grouped together.
-Daniel Stenberg (27 Jun 2012)
-- sslgen: avoid compiler error in SSPI builds
+- imap: Corrected function description for imap_connect()
-Yang Tse (27 Jun 2012)
-- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
+Kamil Dudka (12 Apr 2013)
+- tests: prevent test206, test1060, and test1061 from failing
- Reported by Tatsuhiro Tsujikawa
+ ... in case runtests.pl is invoked with non-default -b option
- http://curl.haxx.se/mail/lib-2012-06/0371.html
+ Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
-- sslgen.c: add compile-time check for SSL-backend completeness
+Daniel Stenberg (12 Apr 2013)
+- [David Strauss brought this change]
-- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c
-
-- build: add curl_schannel and curl_darwinssl files to other build systems
+ libcurl-share.3: update what it does and does not share.
+
+ Update sharing interface documentation to provide exhaustive list of
+ what it does and does not share.
-- tests: add five more Metalink test cases
+- THANKS: remove duplicated names
-- tests: update Metalink message format
+- bump: start working towards next release
-- [Tatsuhiro Tsujikawa brought this change]
+- THANKS: added people from the 7.30.0 RELEASE-NOTES
- Metalink: updated message format
+Version 7.30.0 (12 Apr 2013)
-- [Nick Zitzmann brought this change]
+Daniel Stenberg (12 Apr 2013)
+- RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd20)
+
+ Most notable the security advisory:
+ http://curl.haxx.se/docs/adv_20130412.html
- DarwinSSL: allow using NTLM authentication
+- test1218: another cookie tailmatch test
- Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.
+ ... and make 1216 also verify it with a file input
- This uses CommonCrypto, a cryptography library that ships with all versions of
- iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
- less-common cyphers and doesn't have a big number data structure.
+ These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
+ domain tailmatch" vulnerability. See
+ http://curl.haxx.se/docs/adv_20130412.html
-- curl_darwinssl.h: add newline at end of file
+- [YAMADA Yasuharu brought this change]
-Daniel Stenberg (26 Jun 2012)
-- ossl_seed: remove leftover RAND_screen check
+ cookie: fix tailmatching to prevent cross-domain leakage
- Before commit 2dded8fedba (dec 2010) there was logic that used
- RAND_screen() at times and now I remove the leftover #ifdef check for
- it.
+ Cookies set for 'example.com' could accidentaly also be sent by libcurl
+ to the 'bexample.com' (ie with a prefix to the first domain name).
- The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
- to keep since it hardly increases randomness but I fear I'll break
- something if I remove it now...
-
-Yang Tse (26 Jun 2012)
-- [Nick Zitzmann brought this change]
-
- DarwinSSL: several adjustments
+ This is a security vulnerabilty, CVE-2013-1944.
- - Renamed st_ function prefix to darwinssl_
- - Renamed Curl_st_ function prefix to Curl_darwinssl_
- - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- - Fixed a teensy little bug that made non-blocking connection attempts block
- - Made it so that it builds cleanly against the iOS 5.1 SDK
+ Bug: http://curl.haxx.se/docs/adv_20130412.html
-- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds
+Guenter Knauf (11 Apr 2013)
+- Enabled MinGW sync resolver builds.
-- [Marc Hoersken brought this change]
+Yang Tse (10 Apr 2013)
+- if2ip.c: fix compiler warning
- sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
+Guenter Knauf (10 Apr 2013)
+- Fixed lost OpenSSL output with "-t" - followup.
- Fixed warning: dereferencing pointer does break strict-aliasing rules
- by using a union inside the struct Curl_sockaddr_storage declaration.
+ The previously applied patch didnt work on Windows; we cant rely
+ on shell commands like 'echo' since they act diffently on each
+ platform and each shell.
+ In order to keep this script platform-independent the code must
+ only use pure Perl.
-Daniel Stenberg (26 Jun 2012)
-- SSL cleanup: use crypto functions through the sslgen layer
+Daniel Stenberg (9 Apr 2013)
+- test1217: verify parsing 257 responses with "rubbish" before path
- curl_ntlm_msgs.c would previously use an #ifdef maze and direct
- SSL-library calls instead of using the SSL layer we have for this
- purpose.
+ Test 1217 verifies commit e0fb2d86c9f78, and without that change this
+ test fails.
-- [Nick Zitzmann brought this change]
+- [Bill Middlecamp brought this change]
- darwinssl: add support for native Mac OS X/iOS SSL
+ FTP: handle "rubbish" in front of directory name in 257 responses
+
+ When doing PWD, there's a 257 response which apparently some servers
+ prefix with a comment before the path instead of after it as is
+ otherwise the norm.
+
+ Failing to parse this, several otherwise legitimate use cases break.
+
+ Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html
-- RELEASE-NOTES: link to more metalink info
+Guenter Knauf (9 Apr 2013)
+- Fixed ares-enabled builds with static makefiles.
-- RELEASE-NOTES: synced with d025af9bb576
+- Fixed lost OpenSSL output with "-t".
+
+ The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM
+ output wrote to a temporary file. Consequently, the OpenSSL output was
+ lost when the temp file was renamed to the final file at script finish
+ (overwriting the final file written earlier by openssl).
+ Patch posted to the list by Richard Michael (rmichael edgeofthenet org).
-Yang Tse (25 Jun 2012)
-- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree()
+Daniel Stenberg (9 Apr 2013)
+- test1216: test tailmatching cookie domains
+
+ This test is an attempt to repeat the problem YAMADA Yasuharu reported
+ at http://curl.haxx.se/mail/lib-2013-04/0108.html
-- [Marc Hoersken brought this change]
+- RELEASe-NOTES: synced with 29fdb2700f797
+
+ added "tcpkeepalive on Mac OS X"
- curl_schannel.c: Replace free() with Curl_safefree()
+Nick Zitzmann (8 Apr 2013)
+- darwinssl: disable insecure ciphers by default
+
+ I noticed that aria2's SecureTransport code disables insecure ciphers such
+ as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
+ That's a good idea, and now we do the same thing in order to prevent curl
+ from accessing a "secure" site that only negotiates insecure ciphersuites.
-- [Tatsuhiro Tsujikawa brought this change]
+Daniel Stenberg (8 Apr 2013)
+- [Robert Wruck brought this change]
- curl.1: Updated Metalink description in man page
+ tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSX
- Documented that --include will be ignored if both --metalink
- and --include are specified.
- Also documented that a Metalink file in the local file system
- cannot be used if FILE protocol is disabled.
+ MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single
+ TCP_KEEPALIVE (see
+ http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html).
+ Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms.
-Steve Holme (24 Jun 2012)
-- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
+- configure: remove CURL_CHECK_FUNC_RECVFROM
- Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
- Reported by: Nagai H
-
-- smtp: Corrected result code for MAIL, RCPT and DATA commands
+ 1 - We don't use the results from the test and we never did. recvfrom()
+ is only used by the TFTP code and it has not caused any problems.
- Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
- Reported by: Dan
+ 2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow
+
+Steve Holme (8 Apr 2013)
+- RELEASE-NOTES: Corrected duplicate NTLM memory leaks
-Daniel Stenberg (24 Jun 2012)
-- [Ghennadi Procopciuc brought this change]
+- RELEASE-NOTES: Removed trailing full stop
- test: Added test HTTP receive cookies over IPv6
+Daniel Stenberg (8 Apr 2013)
+- [Fabian Keil brought this change]
-Yang Tse (22 Jun 2012)
-- tests: add another Metalink test case
+ proxy: make ConnectionExists() check credential of proxyconnections too
+
+ Previously it only compared credentials if the requested needle
+ connection wasn't using a proxy. This caused NTLM authentication
+ failures when using proxies as the authentication code wasn't send on
+ the connection where the challenge arrived.
+
+ Added test 1215 to verify: NTLM server authentication through a proxy
+ (This is a modified copy of test 67)
-- [Tatsuhiro Tsujikawa brought this change]
+- RELEASE-NOTES: sync with 704a5dfca9
- tests: Enable test2010 and fixed hash value
+- TODO-RELEASE: cleaned up, not really maintained lately
-- [Tatsuhiro Tsujikawa brought this change]
+Marc Hoersken (7 Apr 2013)
+- if2ip.c: Fixed another warning: unused parameter 'remote_scope'
- Metalink: ignore --include if --metalink is used.
+Daniel Stenberg (7 Apr 2013)
+- [Marc Hoersken brought this change]
+
+ cookie.c: Made cookie sort function more deterministic
- Including headers in response body will break Metalink XML parser.
- If it is included in the file described in Metalink XML, hash check
- will fail. Therefore, --include should be ignored if --metalink is
- used.
+ Since qsort implementations vary with regards to handling the order
+ of similiar elements, this change makes the internal sort function
+ more deterministic by comparing path length first, then domain length
+ and finally the cookie name. Spotted with testcase 62 on Windows.
-- tests: add six Metalink test cases
+Marc Hoersken (7 Apr 2013)
+- curl_schannel.c: Follow up on memory leak fix ae4558d
-- test 2005: add verification of hash checking outcome
+- Revert "getpart.pm: Strip carriage returns to fix Windows support"
+
+ This reverts commit e51b23c925a2721cf7c29b2b376d3d8903cfb067.
+ As discussed on the mailinglist, this was not the correct approach.
-- getpart.pm: remove misleading comment
+- http_negotiate.c: Fixed passing argument from incompatible pointer type
-- [Tatsuhiro Tsujikawa brought this change]
+- ftp.c: Added missing brackets around ABOR command logic
- curl: Prefixed all Metalink related messages with "Metalink: "
+- sockfilt.c: Fixed detection of client-side connection close
+
+ WINSOCK only:
+ Since FD_CLOSE is only signaled once, it may trigger at the same
+ time as FD_READ. Data actually being available makes it impossible
+ to detect that the connection was closed by checking that recv returns
+ zero. Another recv attempt could block the connection if it was
+ not closed. This workaround abuses exceptfds in conjunction with
+ readfds to signal that the connection has actually closed.
-- [Tatsuhiro Tsujikawa brought this change]
+- curl_schannel.c: Fixed memory leak if connection was not successful
- tests: Added Metalink test case # 2005
+- if2ip.c: Fixed warning: unused parameter 'remote_scope'
-- [Tatsuhiro Tsujikawa brought this change]
+- runtests.pl: Fixed --verbose parameter passed to http_pipe.py
- curl: Restore noprogress and isatty config values.
-
- The noprogress and isatty in Configurable are global, in a sense
- that they persist in one curl invocation. Currently once one
- download writes its response data to tty, they are set to FALSE
- and they are not restored on successive downloads. This change
- first backups the current noprogress and isatty, and restores
- them when download does not write its data to tty.
+- sockfilt.c: Reduce CPU load while running under a Windows PIPE
-- [Tatsuhiro Tsujikawa brought this change]
+- tftpd.c: Apply sread timeout to the whole data transfer session
- curl: Made --metalink option toggle Metalink functionality
-
- In this change, --metalink option no longer takes argument. If
- it is specified, given URIs are processed as Metalink XML file.
- If given URIs are remote (e.g., http URI), curl downloads it
- first. Regardless URI is local file (e.g., file URI scheme) or
- remote, Metalink XML file is not written to local file system and
- the received data is fed into Metalink XML parser directly. This
- means with --metalink option, filename related options like -O
- and -o are ignored.
+- getpart.pm: Strip carriage returns to fix Windows support
+
+Daniel Stenberg (6 Apr 2013)
+- ftp tests: libcurl returns CURLE_FTP_ACCEPT_FAILED better now
- Usage examples:
+ Since commit 57aeabcc1a20f, it handles errors on the control connection
+ while waiting for the data connection better.
- $ curl --metalink http://example.org/foo.metalink
+ Test 591 and 592 are updated accordingly.
+
+- FTP: wait on both connections during active STOR state
- This will download foo.metalink and parse it and then download
- the URI described there.
+ When doing PORT and upload (STOR), this function needs to extract the
+ file descriptor for both connections so that it will respond immediately
+ when the server eventually connects back.
- $ curl --metalink file://foo.metalink
+ This flaw caused active connections to become unnecessary slow but they
+ would still often work due to the normal polling on a timeout. The bug
+ also would not occur if the server connected back very fast, like when
+ testing on local networks.
- This will parse local file foo.metalink and then download the URI
- described there.
-
-- [Tatsuhiro Tsujikawa brought this change]
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1183
+ Reported by: Daniel Theron
- curl: Refactored metalink_checksum
-
- When creating metalink_checksum from metalink_checksum_t, first
- check hex digest is valid for the given hash function. We do
- this check in the order of digest_aliases so that first good
- match will be chosen (strongest hash function available). As a
- result, the metalinkfile now only contains at most one
- metalink_checksum because other entries are just redundant.
+Marc Hoersken (6 Apr 2013)
+- tftpd.c: Follow up cleanup and restore of previous sockopt
-- [Gisle Vanem brought this change]
+Daniel Stenberg (6 Apr 2013)
+- [Kim Vandry brought this change]
- tool_doswin.c: fix djgpp function _use_lfn() used without a prototype
+ connect: treat an interface bindlocal() problem as a non-fatal error
- http://curl.haxx.se/mail/archive-2012-06/0028.html
-
-- build: fix RESOURCE bug in lib/Makefile.vc*
+ I am using curl_easy_setopt(CURLOPT_INTERFACE, "if!something") to force
+ transfers to use a particular interface but the transfer fails with
+ CURLE_INTERFACE_FAILED, "Failed binding local connection end" if the
+ interface I specify has no IPv6 address. The cause is as follows:
- Removed two, not intended to exist, RESOURCE declarations.
+ The remote hostname resolves successfully and has an IPv6 address and an
+ IPv4 address.
- Bug: http://curl.haxx.se/bug/view.cgi?id=3535977
+ cURL attempts to connect to the IPv6 address first.
- And sorted configuration hunks to reflect same internal order
- as the one shown in the usage message.
-
-Daniel Stenberg (20 Jun 2012)
-- [Marc Hoersken brought this change]
-
- schannel: Implement new buffer size strategy
+ bindlocal (in lib/connect.c) fails because Curl_if2ip cannot find an
+ IPv6 address on the interface.
- Increase decrypted and encrypted cache buffers using limitted
- doubling strategy. More information on the mailinglist:
- http://curl.haxx.se/mail/lib-2012-06/0255.html
+ This is a fatal error in singleipconnect()
- It updates the two remaining reallocations that have already been there
- and fixes the other one to use the same "do we need to increase the
- buffer"-condition as the other two. CURL_SCHANNEL_BUFFER_STEP_SIZE was
- renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
- is now. Since we don't know how much more data we are going to read
- during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
- minimum free space required in the buffer for the next operation.
- CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
- we don't have a step size now, the define was renamed.
-
-Yang Tse (20 Jun 2012)
-- schannel SSL: fix compiler warning
-
-- [Mark Salisbury brought this change]
-
- schannel SSL: fix for renegotiate problem
+ This change will make cURL try the next IP address in the list.
- In schannel_connect_step2() doread should be initialized based
- on connssl->connecting_state.
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- runtests.pl: make it support metalink feature
-
-- getpart.pm: make test definition section/part parser more robust
+ Also included are two changes related to IPv6 address scope:
- Test definition section parts which needed to include xml-lingo as contents
- of that part required that the xml-blurb was written as a single line. Now the
- xml-data inside the part can be written multiline making it more readable.
+ - Filter the choice of address in Curl_if2ip to only consider addresses
+ with the same scope ID as the connection address (mismatched scope for
+ local and remote address does not result in a working connection).
- Tested with <client><file> part which is written to disk before <command> runs.
+ - bindlocal was ignoring the scope ID of addresses returned by
+ Curl_if2ip . Now it uses them.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1189
-Daniel Stenberg (20 Jun 2012)
-- schannel_connect_step2: checksrc whitespace fix
+Marc Hoersken (6 Apr 2013)
+- tftpd.c: Fixed sread timeout on Windows by setting it manually
-Yang Tse (20 Jun 2012)
-- [Mark Salisbury brought this change]
+- ftp.pm: Added tskill to support Windows XP Home
- schannel SSL: changes in schannel_connect_step2
-
- Process extra data buffer before returning from schannel_connect_step2.
- Without this change I've seen WinCE hang when schannel_connect_step2
- returns and calls Curl_socket_ready.
-
- If the encrypted handshake does not fit in the intial buffer (seen with
- large certificate chain), increasing the encrypted data buffer is necessary.
-
- Fixed warning in curl_schannel.c line 1215.
+- runtests.pl: Modularization of MinGW/Msys compatibility functions
-- [Mark Salisbury brought this change]
+- ftp.pm: Made Perl testsuite able to handle Windows processes
- config-win32ce.h: WinCE config adjustment
-
- process.h is not present on WinCE
+- util.c: Revert workaround eeefcdf, 6eb56e7 and e3787e8
+
+- ftp.pm: Made Perl testsuite able to kill Windows processes
-- [Mark Salisbury brought this change]
+- util.c: Follow up cleanup on eeefcdf
- schannel SSL: Made send method handle unexpected cases better
+Daniel Stenberg (6 Apr 2013)
+- cpp: use #ifdef __MINGW32__ to avoid compiler complaints
- Implemented timeout loop in schannel_send while sending data. This
- is as close as I think we can get to write buffering; I put a big
- comment in to explain my thinking.
+ ... instead of just #if
+
+Marc Hoersken (6 Apr 2013)
+- util.c: Made write_pidfile write the correct PID on MinGW/Msys
- With some committer adjustments
+ This workaround fixes an issue on MinGW/Msys regarding the Perl
+ testsuite scripts not being able to signal or control the server
+ processes. The MinGW Perl runtime only sees the Msys processes and
+ their corresponding PIDs, but sockfilt (and other servers) wrote the
+ Windows PID into their PID-files. Since this PID is useless to the
+ testsuite, the write_pidfile function was changed to search for the
+ Msys PID and write that into the PID-file.
-Daniel Stenberg (19 Jun 2012)
-- [Marc Hoersken brought this change]
+Daniel Stenberg (5 Apr 2013)
+- RELEASE-NOTES: synced with 5e722b2d09087
+
+ 3 more bug fixes, 6 more contributors
- curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size
+Marc Hoersken (5 Apr 2013)
+- sockfilt.c: Fixed handling of multiple fds being signaled
-Yang Tse (19 Jun 2012)
-- [Mark Salisbury brought this change]
+Kamil Dudka (5 Apr 2013)
+- curl_global_init.3: improve description of CURL_GLOBAL_ALL
+
+ Reported by: Tomas Mlcoch
- schannel SSL: Use standard Curl read/write methods
+- examples/multi-single.c: fix the order of destructions
- Replaced calls to swrite with Curl_write_plain and calls to sread
- with Curl_read_plain.
+ ... so that it adheres to the API documentation.
- With some committer adjustments
-
-- schannel SSL: make wording of some trace messages better reflect reality
+ Reported by: Tomas Mlcoch
-Daniel Stenberg (19 Jun 2012)
-- [Marc Hoersken brought this change]
+Daniel Stenberg (5 Apr 2013)
+- Curl_open: restore default MAXCONNECTS to 5
+
+ At some point recently we lost the default value for the easy handle's
+ connection cache, and this change puts it back to 5 - which is the
+ former default value and it is documented in the curl_easy_setopt.3 man
+ page.
- curl_schannel.h: Use BUFSIZE as the initial buffer size if available
+Marc Hoersken (4 Apr 2013)
+- sockfilt.c: Added wrapper functions to fix Windows console issues
- Make the Schannel implementation use libcurl's default buffer size
- for the initial received encrypted and decrypted data cache buffers.
- The implementation still needs to handle more data since more data
- might have already been received or decrypted during the handshake
- or a read operation which needs to be cached for the next read.
+ The new read and write wrapper functions support reading from stdin
+ and writing to stdout/stderr on Windows by using the appropriate
+ Windows API functions and data types.
-Guenter Knauf (19 Jun 2012)
-- Fixed NetWare makefile broken from last commit.
+Yang Tse (4 Apr 2013)
+- lib1509.c: fix compiler warnings
-Yang Tse (19 Jun 2012)
-- [Mark Salisbury brought this change]
+- easy.c: fix compiler warning
- schannel SSL: Implemented SSL shutdown
+Daniel Stenberg (4 Apr 2013)
+- --engine: spellfix the help message
- curl_schannel.c - implemented graceful SSL shutdown. If we fail to
- shutdown the connection gracefully, I've seen schannel try to use a
- session ID for future connects and the server aborts the connection
- during the handshake.
+ Reported by: Fredrik Thulin
-- [Mark Salisbury brought this change]
+Yang Tse (4 Apr 2013)
+- http_negotiate.c: follow-up for commit 3dcc1a9c
- schannel SSL: certificate validation on WinCE
+Linus Nielsen Feltzing (4 Apr 2013)
+- easy: Fix the broken CURLOPT_MAXCONNECTS option
+
+ Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in
+ curl_easy_perform().
- curl_schannel.c - auto certificate validation doesn't seem to work
- right on CE. I added a method to perform the certificate validation
- which uses CertGetCertificateChain and manually handles the result.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1212
+ Reported-by: Steven Gu
-- [Mark Salisbury brought this change]
+Guenter Knauf (4 Apr 2013)
+- Updated copyright date.
- schannel SSL: Added helper methods to simplify code
-
- Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
- easier to set up SecBuffer & SecBufferDesc structs.
+- Another small output fix for --help and --version.
-Guenter Knauf (18 Jun 2012)
-- Some more NetWare makefile tweaks for metalink.
+Yang Tse (4 Apr 2013)
+- http_negotiate.c: fix several SPNEGO memory handling issues
-Yang Tse (18 Jun 2012)
-- tool_cb_see.c: WinCE build adjustment
+Guenter Knauf (4 Apr 2013)
+- Added a cont to specify base64 line wrap.
-- [Mark Salisbury brought this change]
+- Fixed version output.
- setup.h: WinCE build adjustment
+- Added support for --help and --version options.
-- [Mark Salisbury brought this change]
+- Added option to specify length of base64 output.
+
+ Based on a patch posted to the list by Richard Michael.
- ftplistparser.c: do not compile if FTP protocol is not enabled
+Daniel Stenberg (3 Apr 2013)
+- curl_easy_setopt.3: CURLOPT_HTTPGET disables CURLOPT_UPLOAD
-- Win32: downplay MS bazillion type synonyms game
+- [Yasuharu Yamada brought this change]
+
+ Curl_cookie_add: only increase numcookies for new cookies
- Avoid usage of some MS type synonyms to allow compilation with
- compiler headers that don't define these, using simpler synonyms.
+ Count up numcookies in Curl_cookie_add() only when cookie is new one
-Daniel Stenberg (15 Jun 2012)
-- Curl_rtsp_parseheader: avoid useless malloc/free
+- SO_SNDBUF: don't set SNDBUF for win32 versions vista or later
+
+ The Microsoft knowledge-base article
+ http://support.microsoft.com/kb/823764 describes how to use SNDBUF to
+ overcome a performance shortcoming in winsock, but it doesn't apply to
+ Windows Vista and later versions. If the described SNDBUF magic is
+ applied when running on those more recent Windows versions, it seems to
+ instead have the reversed effect in many cases and thus make libcurl
+ perform less good on those systems.
+
+ This fix thus adds a run-time version-check that does the SNDBUF magic
+ conditionally depending if it is deemed necessary or not.
- Coverity actually pointed out flawed logic in the previous call to
- Curl_strntoupper() where the code used sizeof() of a pointer to pass in
- a size argument. That code still worked since it only needed to
- uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
- was pointless since the code has already matched the string once in the
- condition that starts the block of code.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1188
+ Reported by: Andrew Kurushin
+ Tested by: Christian Hägele
-- curl_share_setopt: use va_end()
+Nick Zitzmann (1 Apr 2013)
+- darwinssl: additional descriptive messages of SSL handshake errors
- As spotted by Coverity, va_end() was not used previously. To make it
- used I took away a bunch of return statements and made them into
- assignments instead.
+ (This doesn't need to appear in the release notes.)
-Yang Tse (15 Jun 2012)
-- SSPI related code: Unicode support for WinCE - kill compiler warnings
+Guenter Knauf (1 Apr 2013)
+- Added dns and connect time to output.
-- [Mark Salisbury brought this change]
+Daniel Stenberg (1 Apr 2013)
+- RELEASE-NOTES: synced with 0614b902136
- SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up
+- code-policed
-- build: add curl_multibyte files to build systems
+- tcpkeepalive: support TCP_KEEPIDLE/TCP_KEEPINTVL on win32
+
+ Patch by: Robert Wruck
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1209
-- [Mark Salisbury brought this change]
+- BINDINGS: BBHTTP is a cocoa binding, Julia has a binding
- SSPI related code: Unicode support for WinCE
-
- SSPI related code now compiles with ANSI and WCHAR versions of security
- methods (WinCE requires WCHAR versions of methods).
-
- Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.
-
- curl_sasl.c - include curl_memory.h to use correct memory functions.
+- ftp_sendquote: use PPSENDF, not FTPSENDF
- getenv.c and telnet.c - WinCE compatibility fix
+ The last remaining code piece that still used FTPSENDF now uses PPSENDF.
+ In the problematic case, a PREQUOTE series was done on a re-used
+ connection when Curl_pp_init() hadn't been called so it had messed up
+ pointers. The init call is done properly from Curl_pp_sendf() so this
+ change fixes this particular crash.
- With some committer adjustments
+ Bug: http://curl.haxx.se/mail/lib-2013-03/0319.html
+ Reported by: Sam Deane
-Guenter Knauf (15 Jun 2012)
-- Fixed typo.
+Steve Holme (27 Mar 2013)
+- RELEASE-NOTES: Corrected typo
-Yang Tse (14 Jun 2012)
-- winbuild/MakefileBuild.vc: convert line endings to DOS style
-
- As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html
+Daniel Stenberg (27 Mar 2013)
+- [Clemens Gruber brought this change]
-- [Marc Hoersken brought this change]
+ multi-uv.c: remove unused variable
+
+- RELEASE-NOTES: add two references
- winbuild: Allow SSPI build with or without Schannel
+- test1509: verify proxy header response headers count
- The changes introduced in commit 2bfa57bc32 are not enough
- to make it actually possible to use the USE_WINSSL option.
- Makefile.vc was not updated and the configuration name which is
- used in the build path did not match between both build files.
+ Modified sws to support and use custom CONNECT responses instead of the
+ previously naive hard-coded version. Made the HTTP test server able to
+ extract test case number from the host name in a CONNECT request by
+ finding the number after the last dot. It makes 'machine.moo.123' use
+ test case 123.
- This patch fixes those issues and introduces the following changes:
+ Adapted a larger amount of tests to the new <connect> style.
- - Replaced the -schannel name with -winssl in order to be consistent
- with the other options
- - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes)
- - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if
- USE_SSL is false and USE_WINSSL was not specified as a parameter
- - Separated WINSSL handling from SSPI handling to be consistent with
- the other options and their corresponding code path
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1204
+ Reported by: Martin Jansen
-- curl.1: 7.27.0 seems next release
+- [Clemens Gruber brought this change]
-- schannel: fix printf-style format strings
+ Added libuv example multi-uv.c
-- Fix bad failf() and info() usage
+Yang Tse (25 Mar 2013)
+- NTLM: fix several NTLM code paths memory leaks
+
+- WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage
- Calls to failf() are not supposed to provide trailing newline.
- Calls to infof() must provide trailing newline.
+ As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in
+ WIN32 specific code, so tracking of these has not been extended for
+ other build targets. Without this fix, memory tracking system on
+ WIN32 builds, when using these functions, would provide misleading
+ results.
- Fixed 30 or so strings.
-
-- schannel: fix unused parameter warnings
-
-- schannel: fix comparisons between signed and unsigned
-
-- schannel: fix discarding qualifier from pointer type
+ In order to properly extend this support for all targets curl.h
+ would have to define curl_wcsdup_callback prototype and consequently
+ wchar_t should be visible before that in curl.h. IOW curl_wchar_t
+ defined in curlbuild.h and this pulling whatever system header is
+ required to get wchar_t definition.
+
+ Additionally a new curl_global_init_mem() function that also receives
+ user defined wcsdup() callback would be required.
-- schannel: fix shadowing of global declarations
+- curl_ntlm_msgs.c: revert commit 463082bea4
+
+ reverts unreleased invalid memory leak fix
-- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations
+Daniel Stenberg (23 Mar 2013)
+- RELEASE-NOTES: synced with bc6037ed3ec02
+
+ More changes, bugfixes and contributors!
-- [Gisle Vanem brought this change]
+- [Martin Jansen brought this change]
- urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
+ Curl_proxyCONNECT: count received headers
- Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
- OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
- via <winldap.h> in ldap.c.
+ Proxy servers tend to add their own headers at the beginning of
+ responses. The size of these headers was not taken into account by
+ CURLINFO_HEADER_SIZE before this change.
- http://curl.haxx.se/mail/lib-2012-06/0196.html
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1204
-- MakefileBuild.vc: Allow building without SSL
+Steve Holme (21 Mar 2013)
+- sasl: Corrected a few violations of the curl coding standards
- In order to use Windows native SSL support define 'USE_WINSSL'
+ Corrected some incorrectly positioned pointer variable declarations to
+ be "char *" rather than "char* ".
-- configure: new option --with-winssl
-
- This option may be used to build curl/libcurl using SSL/TLS support provided
- by MS windows system libraries. Option is mutually exclusive with any other
- SSL library. Default value is --without-winssl.
+- multi.c: Corrected a couple of violations of the curl coding standards
- --with-winssl option implies --with-sspi option.
-
- Option meaningful only for Windows builds.
+ Corrected some incorrectly positioned pointer variable declarations to
+ be "type *" rather than "type* ".
-Guenter Knauf (13 Jun 2012)
-- Changed Schannel string to SSL-Windows-native.
+- imap-tests: Added CRLF to reply data to be compliant with RFC-822
- This is more descriptive for the user who might
- not even know what schannnel is at all.
+ Updated the reply data in tests: 800, 801, 802, 804 and 1321 to possess
+ the CRLF as per RFC-822.
-Yang Tse (13 Jun 2012)
-- schannel: remove version number and identify its use with 'schannel' literal
-
- Version number is removed in order to make this info consistent with
- how we do it with other MS and Linux system libraries for which we don't
- provide this info.
+- multi.c: Fix compilation warning
- Identifier changed from 'WinSSPI' to 'schannel' given that this is the
- actual provider of the SSL/TLS support. libcurl can still be built with
- SSPI and without SCHANNEL support.
+ warning: an enumerated type is mixed with another type
-Daniel Stenberg (12 Jun 2012)
-- singlesocket: remove dead code
+- multi.c: fix compilation error
- No need to check if 'entry' is non-NULL in a spot where it is already checked
- and guaranteed to be non-NULL.
+ warning: conversion from enumeration type to different enumeration type
+
+- lib1900.c: fix compilation warning
- (Spotted by a Coverity scan)
+ warning: declaration of 'time' shadows a global declaration
+
+Yang Tse (20 Mar 2013)
+- [John E. Malmberg brought this change]
-- netrc: remove dead code
+ build_vms.com: use existing curlbuild.h and parsing fix
- Remove two states from the enum and the corresponding code for them as
- these states were never reached or used.
+ This patch removes building curlbuild.h from the build_vms.com procedure
+ and uses the one in the daily or release tarball instead.
- (Spotted by a Coverity scan)
-
-Yang Tse (12 Jun 2012)
-- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
+ packages/vms/build_curlbuild_h.com is obsolete with this change.
- This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e.
+ Accessing the library module name "tool_main" needs different handling
+ when the optional extended parsing is enabled.
- It didn't server its purpose, so lets go back to long-time working code.
-
-- socks_sspi.c: further cleanup
-
-- [Marc Hoersken brought this change]
+ Tested on IA64/VMS 8.4 and VAX/VMS 7.3
- socks_sspi.c: Clean up and removal of obsolete minor status
+Nick Zitzmann (19 Mar 2013)
+- darwinssl: disable ECC ciphers under Mountain Lion by default
- Removed obsolete minor status variable and parameter of status function
- which was never used or set at all. Also Curl_sspi_strerror does support
- only one status and there is no need for a second sub status.
-
-Guenter Knauf (12 Jun 2012)
-- Removed trailing whitespaces.
-
-Yang Tse (12 Jun 2012)
-- strerror.c: make Curl_sspi_strerror() always return code for errors
-
-- curl_sspi.h: provide sspi status definitions missing in old headers
+ I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are
+ turned off until the next point release of OS X.
-- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function
+Steve Holme (18 Mar 2013)
+- FEATURES: Small tidy up for constancy and grammar
-- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function
+Daniel Stenberg (18 Mar 2013)
+- [Oliver Schindler brought this change]
-Daniel Stenberg (11 Jun 2012)
-- Revert: 634f7cfee40d4658 partially
+ Curl_proxyCONNECT: clear 'rewindaftersend' on success
- Make sure CURL_VERSION_SSPI is present and works as in previous releases
- for ABI and API compatibility reasons.
-
-- checksrc: shorten a few lines to comply
-
-- cleanup: remove trailing whitespace
-
-- [Marc Hoersken brought this change]
+ After having done a POST over a CONNECT request, the 'rewindaftersend'
+ boolean could be holding the previous value which could lead to badness.
+
+ This should be tested for in a new test case!
+
+ Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
- winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI
+Steve Holme (18 Mar 2013)
+- TODO: Reordered the protocol and security sections
+
+ Moved SMTP, POP3, IMAP and New Protocol sections to be listed after the
+ other protocols (FTP, HTTP and TELNET) and SASL to be after SSL and
+ GnuTLS as these are all security related.
- Removed specific WITH_SSL=schannel paramter that did not fit the general
- schema and complicated the parameters. For now Schannel will be enabled
- if SSPI is enabled and OpenSSL is disabled.
+ Additionally fixed numbering of the SSL and GnuTLS sections as they
+ weren't consecutive.
-- [Steve Holme brought this change]
+Yang Tse (18 Mar 2013)
+- tests: specify 'text' mode for some output files in verify section
- Makefile.vc6: Added version.lib if built with SSPI
+Steve Holme (17 Mar 2013)
+- imap: Fixed incorrect initial response generation for SASL AUTHENTICATE
+
+ Fixed incorrect initial response generation for the NTLM and LOGIN SASL
+ authentication mechanisms when the SASL-IR was detected.
+
+ Introduced in commit: 6da7dc026c14.
-- [Marc Hoersken brought this change]
+- FEATURES: Expanded the supported enhanced IMAP command list
- winbuild: Updated winbuild scripts to add schannel
+- TODO: Corrected typo in TOC
-- [Marc Hoersken brought this change]
+- TODO: Added IMAP section and removed unused Other protocols section
- mingw32: Fixed warning of USE_SSL being redefined
+- TODO: Added graceful base64 decoding failure to SMTP and POP3
-- [Marc Hoersken brought this change]
+- TODO: Corrected typo on section 10.2 heading
- sspi: Fixed incompatible parameter pointer type in Curl_sspi_version
+Yang Tse (16 Mar 2013)
+- tests: 96, 558, 1330: strip build subdirectory dependent leading path
-- [Marc Hoersken brought this change]
+Steve Holme (15 Mar 2013)
+- TODO: Added section 10.2 Initial response to POP3 to do list
- sspi: Updated RELEASE-NOTES, FEATURES and THANKS
+- imap-tests: Corrected copy/paste error in test808 reply data
-- [Marc Hoersken brought this change]
+Yang Tse (15 Mar 2013)
+- unit1330.c: fix date
- setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined
+- tests: add #96 #558 and #1330
+
+ These verfy that the 'memory tracking' subsystem is actually doing its
+ job when using curl tool (#96), a test in libtest (#558) and also a unit
+ test (#1330), in order to prevent regressions in this functionallity.
-- [Marc Hoersken brought this change]
+Steve Holme (15 Mar 2013)
+- imap-tests: Added test808 for custom EXAMINE command
- version: Replaced SSPI feature information with version string details
+Daniel Stenberg (15 Mar 2013)
+- HTTP proxy: insert slash in URL if missing
- Added Windows SSPI version information to the curl version string when
- SCHANNEL SSL is not enabled, as the version of the library should also
- be included when SSPI is used to generate security contexts.
+ curl has been accepting URLs using slightly wrong syntax for a long
+ time, such as when completely missing as slash "http://example.org" or
+ missing a slash when a query part is given
+ "http://example.org?q=foobar".
- Removed SSPI from the feature list as the features are GSS-Negotiate,
- NTLM and SSL depending on the usage of the SSPI library.
-
-- [Steve Holme brought this change]
-
- sspi.c: Post Curl_sspi_version() rework code tidy up
+ curl would translate these into a legitimate HTTP request to servers,
+ although as was shown in bug #1206 it was not adjusted properly in the
+ cases where a HTTP proxy was used.
- Removed duplicate blank lines.
- Removed spaces between the not and test in various if statements.
- Removed explicit test of NULL in an if statement.
- Placed function returns on same line as function declarations.
- Replaced the use of curl_maprintf() with aprintf() as it is the
- preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
- is set.
-
-- [Steve Holme brought this change]
+ Test 1213 and 1214 were added to the test suite to verify this fix.
+
+ The test HTTP server was adjusted to allow us to specify test number in
+ the host name only without using any slashes in a given URL.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1206
+ Reported by: ScottJi
- sspi: Reworked Curl_sspi_version() to return version components
+Steve Holme (14 Mar 2013)
+- ftpserver.pl: Added EXAMINE_imap() for IMAP EXAMINE commands
- Reworked the version function to return four version components rather
- than a string that has to be freed by the caller.
+ Used hard coded data from RFC-3501 section 6.3.2.
-- [Guenter Knauf brought this change]
+Yang Tse (14 Mar 2013)
+- curl_memory.h: introduce CURLX_NO_MEMORY_CALLBACKS usage possibility
+
+ This commit alone does not fix anything nor modifies existing
+ interfaces or behaviors, although it is a prerequisite for other
+ fixes.
- configure.ac: Added -lversion if built with SSPI
+- Makefile.vc6: add missing files
-- [Marc Hoersken brought this change]
+Linus Nielsen Feltzing (14 Mar 2013)
+- pipelining: Remove dead code.
- schannel: Code cleanup and bug fixes
+- Multiple pipelines and limiting the number of connections.
- curl_sspi.c: Fixed mingw32-gcc compiler warnings
- curl_sspi.c: Fixed length of error code hex output
+ Introducing a number of options to the multi interface that
+ allows for multiple pipelines to the same host, in order to
+ optimize the balance between the penalty for opening new
+ connections and the potential pipelining latency.
- The hex value was printed as signed 64-bit value on 64-bit systems:
- SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)
+ Two new options for limiting the number of connections:
- It is now correctly printed as the following:
- SEC_E_WRONG_PRINCIPAL (0x80090322)
+ CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
+ to the same host. When adding a handle that exceeds this limit,
+ that handle will be put in a pending state until another handle is
+ finished, so we can reuse the connection.
- curl_sspi.c: Fallback to security function table version number
- Instead of reporting an unknown version, the interface version is used.
+ CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
+ When adding a handle that exceeds this limit,
+ that handle will be put in a pending state until another handle is
+ finished. The free connection will then be reused, if possible, or
+ closed if the pending handle can't reuse it.
- curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
- curl_schannel: Replaced static buffer sizes with defined names
- curl_schannel.c: First brace when declaring functions on column 0
- curl_schannel.c: Put the pointer sign directly at variable name
- curl_schannel.c: Use structs directly instead of typedef'ed structs
- curl_schannel.c: Removed space before opening brace
- curl_schannel.c: Fixed lines being longer than 80 chars
-
-- [Marc Hoersken brought this change]
-
- curl_sspi: Added Curl_sspi_version function
+ Several new options for pipelining:
- Added new function to get SSPI version as string.
- Added required library version.lib to makefiles.
- Changed curl_schannel.c to use Curl_sspi_version.
-
-- [Guenter Knauf brought this change]
-
- schannel: Updated mingw32 makefiles
-
-- [Marc Hoersken brought this change]
-
- schannel: Replace ASCII specific code with general defines
-
-- [Marc Hoersken brought this change]
-
- schannel: Added definitions which are missing in mingw32
-
-- [Marc Hoersken brought this change]
+ CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
+ pipeline is "full" when a connection is to be reused, a new connection
+ will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
+ If not, the handle will be put in a pending state until a connection is
+ ready (either free or a pipe got shorter).
+
+ CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
+ be reused if it is currently processing a transfer with a content
+ length that is larger than this.
+
+ CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
+ be reused if it is currently processing a chunk larger than this.
+
+ CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
+ pipelining.
+
+ CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
+ pipelining.
+
+ See the curl_multi_setopt() man page for details.
- schannel: Moved interal struct types to urldata.h
+Yang Tse (13 Mar 2013)
+- tool_main.c: remove redundant vms_show storage-class specifier
+
+ vms_show 'extern' storage-class specifier removed from tool_main.c due to...
- Moved type definitions in order to avoid inclusion loop
+ - Advice from Tor Arntsen: http://curl.haxx.se/mail/lib-2013-03/0164.html
+
+ - HP OpenVMS docs stating that 'Extern is the default storage class for
+ variables declared outside a function.'
+ http://h71000.www7.hp.com/commercial/c/docs/dec_c_help_5.html
+ (Storage_Classes section)
-- [Marc Hoersken brought this change]
+- test509: libcurl initialization with memory callbacks and actual usage
- schannel: Fixed compiler warnings about pointer type assignments
+Steve Holme (13 Mar 2013)
+- pop3: Removed unnecessary transfer cancellation
+
+ Following commit e450f66a02d8 and the changes in the multi interface
+ being used internally, from 7.29.0, the transfer cancellation in
+ pop3_dophase_done() is no longer required.
-- [Marc Hoersken brought this change]
+Yang Tse (13 Mar 2013)
+- Makefile.am: add VMS files not being included in tarball
- schannel: Fixed critical typo in conditions and added buffer length checks
+- [Tom Grace brought this change]
-- [Marc Hoersken brought this change]
-
- sspi: Refactored socks_sspi and schannel to use same error message functions
+ build_vms.com: VMS build fixes
- Moved the error constant switch to curl_sspi.c and added two new helper
- functions to curl_sspi.[ch] which either return the constant or a fully
- translated message representing the SSPI security status.
- Updated socks_sspi.c and curl_schannel.c to use the new functions.
+ Added missing slash in cc_full_list.
+ Removed unwanted extra quotes inside symbol tool_main
+ for non-VAX architectures that triggered link failure.
+ Replaced curl_sys_inc with sys_inc.
-- [Marc Hoersken brought this change]
+- [Tom Grace brought this change]
- schannel: Added special shutdown check for Windows 2000 Professional
+ tool_main.c: fix VMS global variable storage-class specifier
- Windows 2000 Professional: Schannel returns SEC_E_OK instead
- of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
- is zero and the first byte of the encrypted packet is 0x15,
- the application can safely assume that the message was a
- close_notify message and change the return value to
- SEC_I_CONTEXT_EXPIRED.
+ An extern submits a psect and a global reference to the linker to point
+ to it. Using "extern int vms_show = 0" also creates a globaldef.
- Connection shutdown does not mean that there is no data to read
- Correctly handle incomplete message and ask curl to re-read
- Fixed buffer for decrypted being to small
- Re-structured read condition to be more effective
- Removed obsolete verbose messages
- Changed memory reduction method to keep a minimum buffer of size 4096
+ The use of the extern by itself does declare a psect but does not declare
+ a globalsymbol. It does declare a globalref. But the linker needs one and
+ only one globaldef or there is an error.
-- [Marc Hoersken brought this change]
+Patrick Monnerat (12 Mar 2013)
+- OS400: synchronize RPG binding
- schannel: Implemented SSL/TLS renegotiation
+Steve Holme (12 Mar 2013)
+- pop3: Fixed continuous wait when using --ftp-list
- Updated TODO information and added related MSDN articles
+ Don't initiate a transfer when using --ftp-list.
-- [Marc Hoersken brought this change]
+Kamil Dudka (12 Mar 2013)
+- [Zdenek Pavlas brought this change]
- schannel: Save session credential handles in session cache
+ curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
+
+ The flag can be used in pycurl-based applications where using the multi
+ interface would not be acceptable because of the performance lost caused
+ by implementing the select() loop in python.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1168
+ Downstream Bug: https://bugzilla.redhat.com/919127
-- [Marc Hoersken brought this change]
+- easy: do not ignore poll() failures other than EINTR
- schannel: Code cleanup
+Yang Tse (12 Mar 2013)
+- curl.h: stricter CURL_EXTERN linkage decorations logic
+
+ No API change involved.
+
+ Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
-- [Marc Hoersken brought this change]
+Daniel Stenberg (11 Mar 2013)
+- THANKS: Latin-1'ified Jiri's name
- schannel: Check for required context attributes
+Steve Holme (11 Mar 2013)
+- test806: Added CRLF to reply data to be compliant with RFC-822
-- [Marc Hoersken brought this change]
+Daniel Stenberg (11 Mar 2013)
+- test805: added crlf newlines to make data size match
+
+ since mails sent are supposed to have CRLF line endings I added them and
+ now the data size after (\Seen) matches again properly
- schannel: Allow certificate and revocation checks being deactivated
+- test: fix newline for the data check of 807
-- [Marc Hoersken brought this change]
+Yang Tse (11 Mar 2013)
+- test801 to test807: fix protocol section line endings
- schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI
+Steve Holme (10 Mar 2013)
+- Makefile.am: Corrected a couple of spurious tab characters
+
+ Corrected a couple of tab characters between test702 and test703, and
+ between test900 and test901 which should be spaces.
-- [Marc Hoersken brought this change]
+- [Jiri Hruska brought this change]
- http: Replaced specific SSL libraries list in https_getsock fallback
+ imap: Added test807 for custom request functionality (STORE)
-- [Marc Hoersken brought this change]
+- [Jiri Hruska brought this change]
- connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
-
- Fixed warning: dereferencing pointer does break strict-aliasing rules
- by using a union instead of separate pointer variables.
- Internal union sockaddr_u could probably be moved to generic header.
- Thanks to Paul Howarth for the hint about using unions for this.
-
- Important for winbuild: Separate declaration of sockaddr_u pointer.
- The pointer variable *sock cannot be declared and initialized right
- after the union declaration. Therefore it has to be a separate statement.
+ imap: Added test806 for IMAP (folder) LIST command
-- [Marc Hoersken brought this change]
+- [Jiri Hruska brought this change]
- curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated
+ imap: Added test805 for APPEND functionality
-Yang Tse (11 Jun 2012)
-- tests: fix test definitions # 1355, 1363, 1385 and 1393
-
- -i without HTTP protocol shall not include headers in the output
+- [Jiri Hruska brought this change]
-Daniel Stenberg (10 Jun 2012)
-- Curl_pgrsDone: return int and acknowledge return code
-
- Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
- abort instruction or similar we need to return that info back and
- subsequently properly handle return codes from Curl_pgrsDone() where
- used.
-
- (Spotted by a Coverity scan)
+ imap: Added test804 for skipping SELECT if in the same mailbox
-Steve Holme (10 Jun 2012)
-- [Marc Hoersken brought this change]
+- [Jiri Hruska brought this change]
- winbuild: Fixed environment variables being lost
+ imap: Added test802 and test803 for UIDVALIDITY verification
- Fixed USE_IPV6 and USE_IDN not being passed
- from Makefile.vc to MakefileBuild.vc
- Fixed whitespace and formatting issues
- Fixed typo and format in help message
-
-Guenter Knauf (9 Jun 2012)
-- Added metalink support to NetWare builds.
-
-Steve Holme (9 Jun 2012)
-- smtp.c: Removed unused variable
+ Added one test for a request with matching UIDVALIDITY and one which is
+ a mismatched request that will fail.
-- smtp: Post apop feature code tidy up
+- [Jiri Hruska brought this change]
-- pop3: Post apop feature code tidy up
+ imap: Added test801 for UID and SECTION URL parameters
-- pop3: Added support for apop authentication
+- [Jiri Hruska brought this change]
-- pop3: Enhanced the extended authentication mechanism detection
+ imap-tests: Accept quoted parameters in ftpserver.pl
- Enhanced the authentication type / mechanism detection in preparation
- for the introduction of APOP support.
+ Any IMAP parameter can come in escaped and in double quotes. Added a
+ simple function to unquote the command parameters and applied it to
+ the IMAP command handlers.
-- pop3.c: Fixed length of SASL check
+- [Jiri Hruska brought this change]
-Yang Tse (9 Jun 2012)
-- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed
-
-- tests: fix test definitions # 1370 and 1371
+ tests: Fix ftpserver.pl indentation
- -J without -O shall not honor C-D filename
+ The whole of FETCH_imap() had one extra space of indentation, whilst
+ APPEND_imap() used indentation of 2 instead of 4 in places.
-Daniel Stenberg (9 Jun 2012)
-- OpenSSL: support longer certificate subject names
-
- Previously it would use a 256 byte buffer and thus cut off very long
- subject names. The limit is now upped to the receive buffer size, 16K.
+- Makefile.am: Corrected end of line filler character
- Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
- Reported by: Anthony G. Basile
+ The majority of lines, that specify a test file for inclusion, end with
+ a tab character before the slash whilst some end with a space. Corrected
+ those that end with a space to end with a tab character as well.
-Kamil Dudka (8 Jun 2012)
-- ssl: fix duplicated SSL handshake with multi interface and proxy
+- email-tests: Updated the test data that corresponds to the test number
- Bug: https://bugzilla.redhat.com/788526
- Reported by: Enrico Scholz
+ Finished segregating the email protocol tests, into their own protocol
+ based ranges, in preparation of adding more e-mail related tests to the
+ test suite.
-Daniel Stenberg (8 Jun 2012)
-- tool_getparam.h: fix compiler error
+- email-tests: Renamed the IMAP test to be 800
- forward declare the Configurable struct
+ Continued segregating the email protocol tests, into their own protocol
+ based ranges, in preparation of adding more e-mail related tests to the
+ test suite.
-- metalink: restore some includes
+- email-tests: Renamed the SMTP tests to be in the range 900-906
- Commit eeeba1496cbca removed them and thus broke my Linux build
+ Continued segregating the email protocol tests, into their own protocol
+ based ranges, in preparation of adding more e-mail related tests to the
+ test suite.
-- openldap: OOM fixes
+- email-tests: Renamed the POP3 tests to be in the range 850-857
- when calloc fails, return error! (Detected by Fortify)
+ Started segregating the email protocol tests, into their own protocol
+ based ranges, in preparation of adding more e-mail related tests to the
+ test suite.
+
+Daniel Stenberg (10 Mar 2013)
+- hiperfifo: updated to use current libevent API
- Reported by: Robert B. Harris
+ Patch by: Myk Taylor
-Steve Holme (8 Jun 2012)
-- sasl: Re-factored mechanism constants in preparation for APOP work
+Steve Holme (10 Mar 2013)
+- imap: Reworked some function descriptions
-Yang Tse (8 Jun 2012)
-- metalink: build fixes and adjustments II
-
- Additionally, make hash checking ability mandatory in order to allow metalink
- support in curl.
-
- A command line option could be introduced to skip hash checking at runtime,
- but the ability to check hashes should always be built-in when providing
- metalink support.
+- imap: Added some missing comments to imap_sendf()
-Guenter Knauf (8 Jun 2012)
-- Added metalink support to MinGW builds.
+- email: Removed hard returns from init functions
-Daniel Stenberg (7 Jun 2012)
-- log2changes.pl: fix the Version output
+Daniel Stenberg (9 Mar 2013)
+- curl_multi_wait: avoid second loop if nothing to do
- Previously it could easily wrongly get repeated
+ ... hopefully this will also make clang-analyzer stop warning on
+ potentional NULL dereferences (which were false positives anyway).
-Yang Tse (7 Jun 2012)
-- metalink: build fixes and adjustments I
-
-Daniel Stenberg (7 Jun 2012)
-- lib554.c: use curl_formadd() properly
+- multi_runsingle: avoid NULL dereference
- The length/size options take longs so make sure to pass on such types.
+ When Curl_do() returns failure, the connection pointer could be NULL so
+ the code path following needs to that that into account.
- Reported by: Neil Bowers
- Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html
+ Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html
+ Reported by: Eric Hu
-Steve Holme (7 Jun 2012)
-- smtp.c: Re-factored the smtp_state_*_resp() functions
+Steve Holme (9 Mar 2013)
+- imap: Re-factored all perform based functions
- Re-factored the smtp_state_*_resp() functions to 1) Match the constants
- that were refactored in commit 00fddba6727c, 2) To be more readable and
- 3) To match their counterparties in pop3.c.
-
-Yang Tse (7 Jun 2012)
-- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed
+ Standardised the naming of all perform based functions to be in the form
+ imap_perform_something().
-- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP
+Daniel Stenberg (9 Mar 2013)
+- [Cédric Deltheil brought this change]
-- tests 1348 to 1363: test definition polishing
+ examples/getinmemory.c: abort the transfer if not enough memory
- Verify that the "Saved to filename 'blabla'" message is only displayed when
- the 'blabla' filename being used _actually_ has been specified by the server
- in the Content-Disposition header.
-
- Use relative path for unintended file creation postcheck.
+ No more use exit(3) but instead tell libcurl that no byte has been
+ written to let it return a `CURLE_WRITE_ERROR`. In addition, check
+ curl easy handle return code.
-Steve Holme (6 Jun 2012)
-- smtp: Re-factored the SMTP_AUTH* state machine constants
+- RELEASE-NOTES: synced with ca3c0ed3a9c
- Re-factored the SMTP_AUTH* constants, that are used by the state
- machine, to be clearer to read.
+ 8 more bugfixes, one change and a bunch of contributors
-Guenter Knauf (6 Jun 2012)
-- Added hint for pkg-config wrapper script.
+Yang Tse (9 Mar 2013)
+- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
-- Updated Android section with recent NDK.
-
- The r7b had some bugs, and shouldnt be used.
+Steve Holme (9 Mar 2013)
+- imap: Added description comments to all perform based functions
-Yang Tse (6 Jun 2012)
-- Disable non-HTTP header related tests
+- imap: Removed the need for separate custom request functions
- These now detect incompleate header data and fail
-
-- tests 1348 to 1363: compleate header data part of test definition
+ Moved the custom request processing into the LIST command as the logic
+ is the same.
-- tests 1334 to 1363 revisited.
-
- Add a postcheck section to verify unintended file creation.
-
- Remove needless <file> checks in verify section. Renumbering where appropriate.
+- imap: Corrected typo in comment
-- tests: adjust file part behavior in test verify section.
-
- When a <file> part is now specified with no contents at all, this
- will actually verify that the specified file has no contents at all.
- Previously file contents would be ignored.
+Yang Tse (9 Mar 2013)
+- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
-Steve Holme (5 Jun 2012)
-- smtp.c: Removed whitespace
+Steve Holme (9 Mar 2013)
+- imap: Moved imap_logout() to be grouped with the other perform functions
-- pop3: Another small code tidy up
+- email: Updated the function descriptions for the logout / quit functions
- Missed some comments that we identified during the SMTP tidy up earlier.
+ Updated the function description comments following commit 4838d196fdbf.
-- smtp: Post authentication code tidy up
-
- Corrected lines longer than 78 characters.
+- email: Simplified the logout / quit functions
- Removed unnecessary braces in smtp_state_helo_resp().
+ Moved the blocking state machine to the disconnect functions so that the
+ logout / quit functions are only responsible for sending the actual
+ command needed to logout or quit.
- Introduced some comments in data sending functions.
+ Additionally removed the hard return on failure.
+
+- email: Tidied up the *_regular_transfer() functions
- Tidied up comments to match changes made in pop3.c.
+ Added comments and simplified convoluted dophase_done comparison.
-Yang Tse (5 Jun 2012)
-- tests 1348 to 1363: add a comma in test description
+- email: Simplified nesting of if statements in *_doing() functions
-Steve Holme (5 Jun 2012)
-- email: Removed duplicated header file
+Daniel Stenberg (8 Mar 2013)
+- RELEASE-NOTES: mention that krb4 is up for consideration
-- sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
+Steve Holme (8 Mar 2013)
+- imap: Fixed handling of untagged responses for the STORE custom command
- For consistency with other SASL based functions renamed this function
- to Curl_sasl_create_ntlm_type3_message() which better describes its
- usage.
+ Added an exception, for the STORE command, to the untagged response
+ processor in imap_endofresp() as servers will back respones containing
+ the FETCH keyword instead.
-- pop3: Post authentication code tidy up
+Yang Tse (8 Mar 2013)
+- curlbuild.h.dist: enhance non-configure GCC ABI detection logic
+
+ GCC specific adjustments:
- Corrected lines longer than 78 characters.
+ - check __ILP32__ before 32 and 64bit processor architectures in
+ order to detect ILP32 programming model on 64 bit processors
+ which, of course, also support LP64 programming model, when using
+ gcc 4.7 or newer.
- Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
- AUTH command is no longer sent on its own.
+ - keep 32bit processor architecture checks in order to support gcc
+ versions older than 4.7 which don't define __ILP32__
- Introduced some comments in data sending functions.
+ - check __LP64__ for gcc 3.3 and newer, while keeping 64bit processor
+ architecture checks for older versions which don't define __LP64__
+
+- curlbuild.h.dist: fix GCC build on ARM systems without configure script
- Another attempt at trying to rational code and comment style.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1205
+ Reported by: technion
-- pop3: Added support for sasl digest-md5 authentication
+- [Gisle Vanem brought this change]
-Yang Tse (4 Jun 2012)
-- sasl: add reference for curl_sasl
+ polarssl.c: fix header filename typo
-- Makefile.inc: tab adjustment
+- configure: use XC_LIBTOOL for portability across libtool versions
-Daniel Stenberg (4 Jun 2012)
-- pop3 tests: CAPA instead of AUTH
-
- After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check
- for CAPA instead of AUTH.
+- xc-lt-iface.m4: provide XC_LIBTOOL macro
-Steve Holme (4 Jun 2012)
-- sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
-
- Added a service type parameter to Curl_sasl_create_digest_md5_message()
- to allow the function to be used by different services rather than being
- hard coded to "smtp".
+Steve Holme (7 Mar 2013)
+- imap: Fixed SELECT not being performed for custom requests
-Yang Tse (4 Jun 2012)
-- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol
-
- Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN.
+- email: Minor code tidy up following recent changes
- Currently 1363 fails, so disabled for now.
+ Removed unwanted braces and added variable initialisation.
-Steve Holme (4 Jun 2012)
-- tests: Updated pop3 tests for change in auth mechanism detection
+- DOCS: Corrected the IMAP URL grammar of the UIDVALIDITY parameter
-- pop3: Changed the sasl mechanism detection from auth to capa
-
- Not all SASL enabled POP3 servers support the AUTH command on its own
- when trying to detect the supported mechanisms. As such changed the
- mechanism detection to use the CAPA command instead.
+- FEATURES: Provided a little clarity in some IMAP features
-Daniel Stenberg (4 Jun 2012)
-- curl_easy_setopt.3: proto updates + cleanups
-
- - For all *FUNCTION options, they now all show the complete prototype in
- the description. Previously some of them would just refer to a
- typedef'ed function pointer in the curl.h header.
+- email: Optimised block_statemach() functions
- - I made the phrasing of that "Pass a pointer to a function that matches
- the following prototype" the same for all *FUNCTION option descriptions.
-
- - I removed some uses of 'should'. I think I sometimes over-use this
- word as in many places I actually mean MUST or otherwise more specific
- and not-so-optional synonyms.
+ Optimised the result test in each of the block_statemach() functions.
-Yang Tse (4 Jun 2012)
-- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol
+- DOCS: Added the list command to the IMAP URL section
- Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN.
+ Added examples of the list command and clarified existing example URLs
+ following recent changes.
+
+- FEATURES: Updated for recent imap additions
- Currently 1355 fails, so disabled for now.
+ Updated the imap features list, corrected a typo in the smtp features
+ and clarified a pop3 feature.
-- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol
+Daniel Stenberg (7 Mar 2013)
+- version bump: the next release will be 7.30.0
-Steve Holme (4 Jun 2012)
-- sasl: Small code tidy up
+- checksrc: ban unsafe functions
- Reworked variable names in Curl_sasl_create_cram_md5_message() to match
- those in Curl_sasl_create_digest_md5_message() as they are more
- appropriate.
+ The list of unsafe functions currently consists of sprintf, vsprintf,
+ strcat, strncat and gets.
+
+ Subsequently, some existing code needed updating to avoid warnings on
+ this.
-- sasl: Moved digest-md5 authentication message creation from smtp.c
+Steve Holme (7 Mar 2013)
+- RELEASE-NOTES: Added missing imap fixes and additions
- Moved the digest-md5 message creation from smtp.c into the sasl module
- to allow for use by other modules such as pop3.
+ With all the recent imap changes it wasn't clear what new features and
+ fixes should be included in the release notes.
+
+Nick Zitzmann (6 Mar 2013)
+- RELEASE-NOTES: brought this up-to-date with the latest changes
+
+Steve Holme (6 Mar 2013)
+- [Jiri Hruska brought this change]
-- sasl: Small code tidy up before moving digest-md5 over
+ imap: Fixed test801 and test1321 to specify a message UID
- Correction of comments and variable names.
+ Just a folder list would be retrieved if UID was not specified now.
-- RELEASE-NOTES: Added missing addition of sasl login support
+- [Jiri Hruska brought this change]
-- pop3: Added support for sasl cram-md5 authentication
+ imap: Fixed ftpserver.pl to allow verification even through LIST command
+
+ Commit 198012ee inadvertently broke LIST_imap().
-Daniel Stenberg (3 Jun 2012)
-- Curl_sasl_create_plain_message: remove TAB
+- imap: Tidied up the APPEND and final APPEND response functions
+
+ Removed unnecessary state changes on failure and setting of result codes
+ on success.
-Steve Holme (3 Jun 2012)
-- sasl: Small code tidy up
+- imap: Tidied up the final FETCH response function
- Added some comments and removed an unreferenced variable.
+ Removed unnecessary state change on failure and setting of result code on
+ success.
-- pop3.c: Added conditional compilation for NTLM function calls
+- imap: Tidied up the LIST response function
- Added USE_NTLM condition compilation around the NTLM functions called
- from pop3_statemach_act() introduced in commit 69f7156ad96877.
+ Reworked comments as they referenced custom commands, removed
+ unnecessary state change on failure and setting of result code on
+ success.
-- sasl: Moved cram-md5 authentication message creation from smtp.c
+- imap: Removed the custom request response function
- Moved the cram-md5 message creation from smtp.c into the sasl module
- to allow for use by other modules such as pop3.
+ Removed imap_state_custom_resp() as imap_state_list_resp() provides the
+ same functionality.
+
+- [Jiri Hruska brought this change]
-- pop3: Fixed an issue with changes introduced in commit c267c53017bc
+ imap: Updated ftpserver.pl to be more compliant, added new commands
- Because pop3_endofresp() is called for each line of data yet is not
- passed the line and line length, so we have to use the data pointed to
- by pp->linestart_resp which contains the whole packet, the mechanisms
- were being detected in one call yet the function would be called for
- each line of data.
+ Enriched IMAP capabilities of ftpserver.pl in order to be able to
+ add tests for the new IMAP features.
- Using curl with verbose mode enabled would show that one line of data
- would be received in response to the AUTH command, before the AUTH
- <mechanism> command was sent to the server and then the next few lines
- of the original AUTH command would be displayed before the response from
- the AUTH <mechanism> command. This would then cause problems when
- parsing the CRAM-MD5 challenge data as extra data was contained in the
- buffer.
+ * Added support for APPEND - Saves uploaded data to log/upload.$testno
+ * Added support for LIST - Returns the contents of <reply/> section in
+ the current test, like e.g FETCH.
+ * Added support for STORE - Returns hardcoded updated flags
+ * Changed handling of SELECT - Returns much more information in the
+ usual set of untagged responses; uses hardcoded data from an example
+ in the IMAP RFC
+ * Changed handling of FETCH - Fixed response format
+
+- imap: Added check for empty UID in FETCH command
- Changed the parsing so that each line is checked for the mechanisms
- and the function returns FALSE until the whole of the AUTH response has
- been processed.
+ As the UID has to be specified by the user for the FETCH command to work
+ correctly, added a check to imap_fetch(), although strictly speaking it
+ is protected by the call from imap_perform().
-Daniel Stenberg (3 Jun 2012)
-- version: bump to 7.27.0 for next release
+Kamil Dudka (6 Mar 2013)
+- nss: fix misplaced code enabling non-blocking socket mode
- Due to new features
+ The option needs to be set on the SSL socket. Setting it on the model
+ takes no effect. Note that the non-blocking mode is still not enabled
+ for the handshake because the code is not yet ready for that.
-- RELEASE-NOTES: synced with c4e3578e4bf
+Daniel Stenberg (6 Mar 2013)
+- imap: fix compiler warning
- Also bumped the contributor number and next release is to become 7.27.0
+ imap.c:694:21: error: unused variable 'imapc' [-Werror=unused-variable]
-- THANKS: 16 new contributors from the 7.26.0 release
+Steve Holme (5 Mar 2013)
+- imap: Added support for list command
-Steve Holme (3 Jun 2012)
-- DOCS: Fixed list in Section 18.2 not displaying correctly on web site
+- imap: Added list perform and response handler functions
-- DOCS: Corrected missed heading renumbering from commit 530675a1ad7
+- imap: Introduced IMAP_LIST state
-- DOCS: Added IMAP and LDAP sections
-
- Added new sections 11. IMAP and 12. LDAP to document adding SASL based
- authentication.
+- imap: Small tidy up of imap_select() to match imap_append()
- Renumbered current sections 11 to 17 as 13 to 19.
-
- Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option.
+ Updated the style of imap_select() before adding the LIST command.
-- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8
+- imap: Moved mailbox check from the imap_do() function
- Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
- is just a nop.
-
-- pop3.c:Corrected typo in commit 69ba0da8272d
+ In preparation for the addition of the LIST command, moved the mailbox
+ check from imap_do() to imap_select() and imap_append().
-- pop3: Fixed the issue of having to supply the user name for all requests
+- curl_setup.h: Added S_IRDIR() macro for compilers that don't support it
- Previously it wasn't possible to connect to POP3 and not specify the
- user name as a CURLE_ACCESS_DENIED error would be returned. This error
- occurred because USER would be sent to the server with a blank user name
- if no mailbox user was specified as the server would reply with -ERR.
+ Commit 26eaa8383001 introduces the use of S_ISDIR() yet some compilers,
+ such as MSVC don't support it, so we must define a substitute using
+ file flags and mask.
+
+Daniel Stenberg (4 Mar 2013)
+- AddFormData: prevent only directories from being posted
- This wasn't a problem prior to the 7.26.0 release but with the
- introduction of custom commands the user and/or application developer
- might want to issue a CAPA command without having to log in as a
- specific mailbox user.
+ Commit f4cc54cb4746ae5a6d (shipped as part of the 7.29.0 release) was a
+ bug fix that introduced a regression in that while trying to avoid
+ allowing directory names, it also forbade "special" files like character
+ devices and more. like "/dev/null" as was used by Oliver who reported
+ this regression.
- Additionally this fix won't send the newly introduced AUTH command if no
- user name is specified.
+ Reported by: Oliver Gondža
+ Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html
-- pop3.c: Small code tidy up
+Nick Zitzmann (3 Mar 2013)
+- darwinssl: fix infinite loop if server disconnected abruptly
- Corrected lines exceeding 78 characters.
+ If the server hung up the connection without sending a closure alert,
+ then we'd keep probing the socket for data even though it's dead. Now
+ we're ready for this situation.
- Repositioned some comments and added extra clarity.
-
-- sasl: Corrected variable names in comments and parameters
-
-- pop3: Added support for sasl ntlm authentication
+ Bug: http://curl.haxx.se/mail/lib-2013-03/0014.html
+ Reported by: Aki Koskinen
-- sasl: Small comment style tidy up following ntlm commit
+Steve Holme (3 Mar 2013)
+- imap: Added comments to imap_append()
-- sasl: Moved ntlm authentication message handling from smtp.c
-
- Moved the ntlm message creation and decoding from smtp.c into the sasl
- module to allow for use by other modules such as pop3.
+- [Jiri Hruska brought this change]
-- pop3: Added support for sasl login authentication
+ imap: Added required mailbox check for FETCH and APPEND commands
-Yang Tse (1 Jun 2012)
-- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol
+- pingpong.c: Fix enumerated type mixed with another type
-- tests: support test definitions with up to 5 file checks in <verify> section
+- smtp: Updated the coding style for state changes after a send operation
- This is done introducing tags <file1> to <file4> besides existing <file> one,
- as well as corresponding <stripfile1> to <stripfile4> ones, that can be used
- in the <verify> section in the same way as the non-numbered ones.
+ Some state changes would be performed after a failure test that
+ performed a hard return, whilst others would be performed within a test
+ for success. Updated the code, for consistency, so all instances are
+ performed within a success test.
-Steve Holme (31 May 2012)
-- sasl: Moved login authentication message creation from smtp.c
+- pop3: Updated the coding style for state changes after a send operation
- Moved the login message creation from smtp.c into the sasl module
- to allow for use by other modules such as pop3.
+ Some state changes would be performed after a failure test that
+ performed a hard return, whilst others would be performed within a test
+ for success. Updated the code, for consistency, so all instances are
+ performed within a success test.
-- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
-
- Rather than encoding the password message itself the
- smtp_state_authpasswd_resp() function now delegates the work to the same
- function that smtp_state_authlogin_resp() and smtp_authenticate() use
- when constructing the encoded user name.
+- imap: Fixed typo in variable assignment
-- smtp.c: Re-factored smtp_auth_login_user() for use with passwords
-
- In preparation for moving to the SASL module re-factored the
- smtp_auth_login_user() function to smtp_auth_login() so that it can be
- used for both user names and passwords as sending both of these under
- the login authentication mechanism is the same.
+- [Jiri Hruska brought this change]
-- pop3: Added support for sasl plain text authentication
+ imap: Fixed custom request handling in imap_done()
+
+ Fixed imap_done() so that neither the FINAL states are not entered when
+ a custom command has been performed.
-- curl_ntlm_msgs.c: Corrected small spelling mistake in comments
+- [Jiri Hruska brought this change]
-- sasl: Moved plain text authentication message creation from smtp.c
+ imap: Enabled custom requests in imap_select_resp()
- Moved the plain text message creation from smtp.c into the sasl module
- to allow for use by other modules such as pop3.
+ Changed imap_select_resp() to invoke imap_custom() instead of
+ imap_fetch() after the mailbox has been selected if a custom
+ command has been set.
-Yang Tse (30 May 2012)
-- configure: fix LDAPS disabling related misplaced closing parenthesis
+- [Jiri Hruska brought this change]
-- pop3 test server: allow pop3 test server verification to succeed again
+ imap: Enabled custom requests in imap_perform()
- Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further
- pop3 test server expansion for tests that require CAPA or AUTH support,
- although this will need some extra work to make it fully functional.
+ Modified imap_perform() to start with the custom command instead of
+ SELECT when a custom command is to be performed and no mailbox has
+ been given.
-Steve Holme (28 May 2012)
-- pop3: Introduced the continue response in pop3_endofresp()
+- [Jiri Hruska brought this change]
-- pop3: Changed response code from O and E to + and -
+ imap: Added custom request perform and response handler functions
- The POP3 protocol doesn't really have the concept of error codes and
- uses +, +OK and -ERR in response to commands to indicate continue,
- success and error.
+ Added imap_custom(), which initiates the custom command processing,
+ and an associated response handler imap_state_custom_resp(), which
+ handles any responses by sending them to the client as body data.
- The AUTH command is one of those commands that requires multiple pieces
- of data to be sent to the server where the server will respond with + as
- part of the handshaking. This meant changing the values before
- continuing with the next stage of adding authentication support.
+ All untagged responses with the same name as the first word of the
+ custom request string are accepted, with the exception of SELECT and
+ EXAMINE which have responses that cannot be easily identified. An
+ extra check has been provided for them so that any untagged responses
+ are accepted for them.
-- pop3: Small code tidy up following authentication work so far
+- pop3: Fixed unnecessary parent structure reference
- Changed the order of the state machine to match the order of actual
- events.
-
- Reworked some comments and function parameter positioning that I missed
- the other day.
+ Updated pop3 code following recent imap changes.
-Kamil Dudka (28 May 2012)
-- nss: use human-readable error messages provided by NSS
-
- Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
+- [Jiri Hruska brought this change]
-Daniel Stenberg (27 May 2012)
-- test1013.pl: filter out Metalink
+ imap: Added custom request parsing
- Since it isn't a feature supported by curl-config we can't compare that
- with the --version output
+ Added imap_parse_custom_request() for parsing the CURLOPT_CUSTOMREQUEST
+ parameter which URL decodes the value and separates the request from
+ any parameters - This makes it easier to filter untagged responses
+ by the request command.
-- pop3: remove variable-not-used warnings
+- [Jiri Hruska brought this change]
-Steve Holme (27 May 2012)
-- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
+ imap: Introduced custom request parameters
- Additionally corrected another RFC link that I missed yesterday.
+ Added custom request parameters to the per-request structure.
-- pop3: Added support for SASL based authentication mechanism detection
-
- Added support for detecting the supported SASL authentication mechanisms
- via the AUTH command. There are two ways of detecting them, either by
- using the AUTH command, that will return -ERR if not supported or by
- using the CAPA command which will return SASL and the list of mechanisms
- if supported, not include SASL if SASL authentication is not supported
- or -ERR if the CAPA command is not supported. As such it seems simpler
- to use the AUTH command and fallback to normal clear text authentication
- if the the command is not supported.
-
- Additionally updated the test cases to return -ERR when the AUTH command
- is encountered. Additional test cases will be added when support for the
- individual authentication mechanisms is added.
+- [Jiri Hruska brought this change]
-Daniel Stenberg (27 May 2012)
-- pop3: remove trailing whitespace
+ imap: Introduced IMAP_CUSTOM state
-Steve Holme (27 May 2012)
-- pop3: Code tidy up before the introduction of authentication code
-
- Moved EOB definition into header file.
-
- Switched the logic around in pop3_endofresp() to allow for the
- introduction of auth-mechanism detection.
-
- Repositioned second and third function variables where they will fit
- within the 78 character line limit.
+- imap: Minor code tidy up
- Tidied up some comments.
+ Minor tidy up of code layout and comments following recent changes.
-Guenter Knauf (27 May 2012)
-- Enabled OpenSSL static linkage.
+- imap: Simplified the imap_state_append_resp() function
+
+ Introduced the result code variable to simplify the state changes and
+ remove the hard returns.
-- Enabled OpenSSL static linkage.
+- imap: Changed successful response logic in imap_state_append_resp()
+
+ For consistency changed the logic of the imap_state_append_resp()
+ function to test for an unsucessful continuation response rather than a
+ succesful one.
-- Try to detect OpenSSL build type automatically.
+- imap: Standardised imapcode condition tests
+
+ For consistency changed two if(constant != imapcode) tests to be
+ if(imapcode != constant).
-Daniel Stenberg (26 May 2012)
-- metalink: fix build errors when disabled
+- imap: Moved imap_append() to be with the other perform functions
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Reduced #ifdef HAVE_METALINK
+ imap: Enabled APPEND support in imap_perform()
+
+ Added logic in imap_perform() to perform an APPEND rather than SELECT
+ and FETCH if an upload has been specified.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Disable hash check if neither OpenSSL nor GNUTLS is installed.
+ imap: Implemented APPEND final processing
+
+ The APPEND operation needs to be performed in several steps:
+ 1) We send "<tag> APPEND <mailbox> <flags> {<size>}\r\n"
+ 2) Server responds with continuation respose "+ ...\r\n"
+ 3) We start the transfer and send <size> bytes of data
+ 4) Only now we end the request command line by sending "\r\n"
+ 5) Server responds with "<tag> OK ...\r\n"
+
+ This commit performs steps 4 and 5, in the DONE phase, as more
+ processing is required after the transfer.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Format GETOUT_METALINK nicely
+ imap: Added APPEND perform and response handler functions
+
+ Added imap_append() function to initiate upload and imap_append_resp()
+ to handle the continuation response and start the transfer.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Minimize usage of structs from libmetalink
+ imap: Introduced IMAP_APPEND and IMAP_APPEND_FINAL states
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Check checksum of downloaded file if checksum is available
+ imap: Updated setting of transfer variables in imap_state_fetch_resp()
- Metalink file contains several hash types of checksums, such as
- md5, sha-1, sha-256, etc. To deal with these checksums, I created
- abstraction layer based on lib/curl_md5.h and
- lib/md5.c. Basically, they are almost the same but I changed the
- code so that it is not hash type dependent. Currently,
- GNUTLS(nettle or gcrypt) and OpenSSL functions are supported.
-
- Checksum checking is done by reopening download file. If there
- is an I/O error, the current implementation just prints error
- message and does not try next resource.
-
- In this patch, the supported hash types are: md5, sha-1 and sha-256.
+ Add number of bytes retrieved from the PP cache to req.bytecount and set
+ req.maxdownload only when starting a proper download.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Always create directory hierarchy for Metalink.
-
- Filenames contained in Metalink file can include directory information.
- Filenames are unique in Metalink file, taking into account the directory
- information. So we need to create the directory hierarchy.
+ imap: Improved FETCH response parsing
- Curl has --create-dirs option, but we create directory hierarchy for
- Metalink downloads regardless of the option value.
-
- This patch also put metalink int variable outside of HAVE_LIBMETALINK
- guard. This reduces the number of #ifdefs.
+ Added safer parsing of the untagged FETCH response line and the size of
+ continuation data.
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: Fixed accidentally lossing the result code
+
+ Accidentally lost the result code in imap_state_capability() and
+ imap_state_login() with commit b06a78622609.
- Fixed segmentation fault when Metalink has no valid file or no resource.
+- imap: Another minor comment addition / tidy up
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: Updated the coding style for state changes after a send operation
+
+ Some state changes would be performed after a failure test that
+ performed a hard return, whilst others would be performed within a test
+ for success. Updated the code, for consistency, so all instances are
+ performed within a success test.
- Support media-type parameter in Content-Type
+- pop3 / smtp: Small comment tidy up
+
+ Small tidy up to keep some comments consistant across each of the email
+ protocols.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Print "Metalink" in Features if Metalink support is enabled.
+ imap: FETCH response handler cleanup before further changes
+
+ Removed superfluous NULL assignment after Curl_safefree() and rewrote
+ some comments and logging messages.
-- [Tatsuhiro Tsujikawa brought this change]
+- pop3: Small tidy up of function arguments
- Removed trailing space
+- imap: Small tidy up of function arguments
-- [ant brought this change]
+- smtp: Corrected debug message for POP3_AUTH_FINAL constant
+
+ Following commit ad3177da24b8 corrected the debug message in state()
+ from AUTH to AUTH_FINAL.
- Add --metalink to --help
+- pop3: Corrected debug message for POP3_AUTH_FINAL constant
+
+ Following commit afad1ce753a1 corrected the debug message in state()
+ from AUTH to AUTH_FINAL.
-- [ant brought this change]
+- imap: Corrected debug message for IMAP_AUTHENTICATE_FINAL constant
+
+ Following commit 13006f3de9ec corrected the debug message in state()
+ from AUTHENTICATE to AUTHENTICATE_FINAL.
- Add Metalink information and --metalink option to man page
+- [Jiri Hruska brought this change]
-- [ant brought this change]
+ imap: Fixed error code returned for invalid FETCH response
+
+ If the FETCH command does not result in an untagged response the the
+ UID is probably invalid. As such do not return CURLE_OK.
- Add Metalink information and --metalink option to man page
+- [Jiri Hruska brought this change]
-- [ant brought this change]
+ imap: Added processing of the final FETCH responses
+
+ Not processing the final FETCH responses was not optimal, not only
+ because the response code would be ignored but it would also leave data
+ unread on the socket which would prohibit connection reuse.
- Adds Metalink information to INSTALL
+- [Jiri Hruska brought this change]
-- [Tatsuhiro Tsujikawa brought this change]
+ imap: Introduced FETCH_FINAL state for processing final fetch responses
+
+ A typical FETCH response can be broken down into four parts:
+
+ 1) "* <uid> FETCH (<what> {<size>}\r\n", using continuation syntax
+ 2) <size> bytes of the actual message
+ 3) ")\r\n", finishing the untagged response
+ 4) "<tag> OK ...", finishing the command
+
+ Part 1 is read in imap_fetch_resp(), part 2 is consumed in the PERFORM
+ phase by the transfer subsystem, parts 3 and 4 are currently ignored.
- --metalink option is available regardless of Metalink support.
+- imap: fix autobuild warning
+
+ Removed whitespace from imap_perform()
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: fix compiler warning
+
+ error: declaration of 'imap' shadows a previous local
- metalink: parse downloaded Metalink file
+- smtp: Re-factored the final SMTP_AUTH constant
- Parse downloaded Metalink file and add downloads described there. Fixed
- compile error without metalink support.
+ Changed the final SMTP_AUTH constant to SMTP_AUTH_FINAL for consistency
+ with the response function.
-- [Tatsuhiro Tsujikawa brought this change]
+- pop3: Re-factored the final POP3_AUTH constant
+
+ Changed the final POP3_AUTH constant to POP3_AUTH_FINAL for consistency
+ with the response function.
- Fixed HAVE_LIBMETALINK conditional is always true
+- imap: Re-factored final IMAP_AUTHENTICATE constant
+
+ Changed the final IMAP_AUTHENTICATE constant to IMAP_AUTHENTICATE_FINAL
+ for consistency with the response function.
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: Updated the coding style of imap_state_servergreet_resp()
+
+ Updated the coding style, in this function, to be consistant with other
+ response functions rather then performing a hard return on failure.
- metalink: minor metalinkfile fix
+- imap: Reversed the logic of the (un)successful tagged SELECT response
- Don't update config->metalinkfile_last in operate(). Use local variable
- to point to the current metalinkfile.
+ Reversed the logic of the unsuccessful vs successful tagged SELECT
+ response in imap_state_select_resp() to be more logical to read.
-- [Tatsuhiro Tsujikawa brought this change]
+- imap: Reversed the logic of the (un)successful tagged CAPABILITY response
+
+ Reversed the logic of the unsuccessful vs successful tagged CAPABILITY
+ response in imap_state_capability_resp() to be more logical to read.
- metalink: show help message even if disabled
+- imap: Corrected char* references with char *
- Print message if --metalink is used while metalink support is not
- enabled. Migrated Metalink support in tool_operate.c and removed
- operatemetalink().
+ Corrected char* references made in commit: 709b3506cd9b.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Applied patches from Daniel
+ imap: Added processing of more than one response when sent in same packet
+
+ Added a loop to imap_statemach_act() in which Curl_pp_readresp() is
+ called until the cache is drained. Without this multiple responses
+ received in a single packet could result in a hang or delay.
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Support Metalink.
-
- This change adds experimental Metalink support to curl.
- To enable Metalink support, run configure with --with-libmetalink.
- To feed Metalink file to curl, use --metalink option like this:
-
- $ curl -O --metalink foo.metalink
+ imap: Added skipping of SELECT command if already in the same mailbox
- We use libmetalink to parse Metalink files.
+ Added storage and checking of the last mailbox userd to prevent
+ unnecessary switching.
-Steve Holme (26 May 2012)
-- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL
+- [Jiri Hruska brought this change]
-- DOCS: Changed domain names in various examples to example.com
+ imap: Introduced the mailbox variable
- Updated various references of real domain names to example.com as per
- RFC-2606.
+ Added the mailbox variable to the per-connection structure in
+ preparation for checking for an already selected mailbox.
-- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
+- email: Slight reordering of connection based variables
- Setting bit 2 for this value was documented as having a constant value
- defined as CURL_REDIR_POST_303 yet referenced a 302 request.
-
- Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
- bits and fixed problems with the bolding of keywords in this section.
+ Reordered the state and ssl_done variables in order to provide more
+ consistency between the email protocols as well as for for an upcoming
+ change.
-- DOCS: Standardised how RFCs are referenced.
-
- Standardised how RFCs are referenced so that the website may autolink to
- the correct documentation on ietf.org. Additionally removed the one link
- to RFC3986 on curl.haxx.se.
+- imap: Tidied up comments for connection based variables
-Yang Tse (26 May 2012)
-- Fix libcurl.pc and curl-config generation for static MingW* cross builds
+- DOCS: Added the IMAP UIDVALIDITY property to the CURLOPT_URL section
-Daniel Stenberg (25 May 2012)
-- [Tatsuhiro Tsujikawa brought this change]
+- [Jiri Hruska brought this change]
- Made -D option work with -O and -J.
-
- To achieve this, first new structure HeaderData is defined to hold
- necessary data to perform header-related work. Then tool_header_cb now
- receives HeaderData pointer as userdata. All header-related work
- (currently, dumping header and Content-Disposition inspection) are done
- in this callback function. HeaderData.outs->config is used to determine
- whether each work is done.
-
- Unit tests were also updated because after this change, curl code always
- sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA.
+ imap: Added verification of UIDVALIDITY mailbox attribute
- Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine.
+ Added support for checking the UIDVALIDITY, and aborting the request, if
+ it has been specified in the URL and the server response is different.
-Steve Holme (25 May 2012)
-- sasl: Re-factored auth-mechanism constants to be more generic
+- [Jiri Hruska brought this change]
-- smtp: Moved auth-mechanism constants into a separate header file
+ imap: Added support for parsing the UIDVALIDITY property
- Move the SMTP_AUTH constants into a separate header file in
- preparation for adding SASL based authentication to POP3 as the two
- protocols will need to share them.
+ Added support for parsing the UIDVALIDITY property from the SELECT
+ response and storing it in the per-connection structure.
-Kamil Dudka (25 May 2012)
-- nss: avoid using explicit casts of code pointers
+- [Jiri Hruska brought this change]
-Steve Holme (24 May 2012)
-- DOCS: Added LDAP to the CURLOPT_URL section
-
-- TODO: Removed DIGEST-MD5 authentication from SMTP to do list
-
- Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as
- the feature was added to SMTP in 7.26.0.
+ imap: Introduced the mailbox_uidvalidity variable
- Also corrected small spelling mistake.
+ Added the mailbox_uidvalidity variable to the per-connection structure
+ in preparation for checking the UIDVALIDITY mailbox attribute.
+
+- imap: Corrected comment in imap_endofresp()
-Daniel Stenberg (24 May 2012)
-- bump to 7.26.1: start working towards next release
+- imap: Corrected whitespace
-Version 7.26.0 (24 May 2012)
+- [Jiri Hruska brought this change]
-Daniel Stenberg (24 May 2012)
-- RELEASE-NOTES: synced with ef60fdbd73
+ imap: Added filtering of CAPABILITY and FETCH untagged responses
- Just before 7.26.0 is about to ship
+ Only responses that contain "CAPABILITY" and "FETCH", respectively,
+ will be sent to their response handler.
-Steve Holme (22 May 2012)
-- smtp: Fixed an issue with the multi-interface always sending postdata
+- [Jiri Hruska brought this change]
+
+ imap: Added a helper function for upcoming untagged response filtering
- Due to the result code being reset to CURLE_OK when smtp_dophase_done()
- was called, postdata would incorrectly be sent to the server when the
- MAIL FROM or RCPT command was rejected.
+ RFC 3501 states that "the client MUST be prepared to accept any response
+ at all times" yet we assume anything received with "* " at the beginning
+ is the untagged response we want.
- As such, libcurl would return the wrong result code from performing the
- operation and additionally set CURLINFO_RESPONSE_CODE to be that
- returned by the postdata command.
+ Introduced a helper function that checks whether the input looks like a
+ response to specified command, so that we may filter the ones we are
+ interested in according to the current state.
+
+- [Jiri Hruska brought this change]
+
+ imap: Moved CAPABILITY response handling to imap_state_capability_resp()
- Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
- Reported by: Gokhan Sengun
+ Introduced similar handling to the FETCH responses, where even the
+ untagged data responses are handled by the response handler of the
+ individual state.
-- DOCS: Updated version number for features added in the pending release
+Linus Nielsen Feltzing (26 Feb 2013)
+- Remove unused variable in smtp_state_data_resp()
-Daniel Stenberg (22 May 2012)
-- [Tatsuhiro Tsujikawa brought this change]
+Steve Holme (25 Feb 2013)
+- email: Small tidy up following recent changes
- Fixed compile error with GNUTLS+NETTLE
-
- In nettle/md5.h, md5_init and md5_update are defined as macros to
- nettle_md5_init and nettle_md5_update respectively. This causes
- error when using MD5_params.md5_init and md5_update. This patch
- renames these members as md5_init_func and md5_update_func to
- avoid name conflict. For completeness, MD5_params.md5_final was
- also renamed as md5_final_func.
+- smtp: Removed bytecountp from the per-request structure
- The changes in curl_ntlm_core.c is conversion error and fixed by
- casting to proper type.
+ Removed this pointer to a downloaded bytes counter because it was set in
+ smtp_init() to point to the same variable the transfer functions keep
+ the count in (k->bytecount), effectively making the code in transfer.c
+ "*k->bytecountp = k->bytecount" a no-op.
-- TODO-RELEASE: mention the pending biggies for 7.27.0
+- pop3: Removed bytecountp from the per-request structure
+
+ Removed this pointer to a downloaded bytes counter because it was set in
+ pop3_init() to point to the same variable the transfer functions keep
+ the count in (k->bytecount), effectively making the code in transfer.c
+ "*k->bytecountp = k->bytecount" a no-op.
-- [Jan Ehrhardt brought this change]
+- [Jiri Hruska brought this change]
- winbuild: fix IPv6 enabled build
+ imap: Removed bytecountp from the per-request structure
- The existing check was wrong so IPv6 support would never be enabled
+ Removed this pointer to a downloaded bytes counter because it was set in
+ imap_init() to point to the same variable the transfer functions keep
+ the count in (k->bytecount), effectively making the code in transfer.c
+ "*k->bytecountp = k->bytecount" a no-op.
-- 7.26.0: will be the next release version
+- [Jiri Hruska brought this change]
-- RELEASE-NOTES: synced with 8ae1e657e82a
+ imap: Adjusted SELECT and FETCH function order
- And mention that this will become 7.26.0
+ Moved imap_select() and imap_fetch() to be grouped with the other
+ perform functions.
-Guenter Knauf (22 May 2012)
-- Updated dependency libary versions.
+- [Jiri Hruska brought this change]
-Daniel Stenberg (20 May 2012)
-- curl-config.1: fix curl-config usage in example
-
- The curl-config command must be used twice in the single command line to
- work properly in some environments.
+ imap: Adjusted SELECT and FETCH state order in imap_statemach_act()
- Bug: http://curl.haxx.se/bug/view.cgi?id=3528241
- Reported by: Julian Taylor
+ Exchanged the position of these states in the switch statements to
+ match the state enum, execution and function order.
-Steve Holme (17 May 2012)
-- smtp: Fixed non-escaping of dot character at beginning of line
-
- A dot character at the beginning of a line would not be escaped to a
- double dot as required by RFC-2821, instead it would be deleted by the
- mail server. Please see section 4.5.2 of the RFC for more information.
+- imap: Minor tidy up of comments in imap_parse_url_path()
- Note: This fix also simplifies the detection of repeated CRLF.CRLF
- combinations, such as CRLF.CRLF.CRLF, a little rather than having to
- advance the eob counter to 2.
+ Tidy up of comments before next round of imap changes.
-Daniel Stenberg (16 May 2012)
-- FAQ: updated 1.10 How many are using curl?
+- imap: Fixed incorrect comparison for STARTTLS in imap_endofresp()
- Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/
+ Corrected the comparison type in addition to commit 1dac29fa83a9.
-- disable-versioned-symbols: removed superfluous 'fi'
+- DOCS: Corrected IMAP URL examples according to RFC5092
- The commit e315927a1a left this in
+ URL examples that included the UID weren't technically correct although
+ would pass the curl parser.
-- MakefileBuild.vc: use the correct IDN variable
+Nick Zitzmann (24 Feb 2013)
+- darwinssl: fix undefined $ssllib warning in runtests.pl
- The variable that control IDN enablement is called USE_IDN within these
- Makefiles
+ I also added --with-darwinssl to the list of SSL options in configure.
-- [Pierre Chapuis brought this change]
+Steve Holme (24 Feb 2013)
+- imap: Added check for new internal imap response code
- autoconf: improve handling of versioned symbols
+- imap: Changed the order of the response types in imap_endofresp()
- It checks whether versioned symbols should be enabled before checking
- whether it is possible (i.e. the linker supports --version-script) or
- not. This avoids a useless warning when building cURL on a platform that
- does not use GNU ld.
+ From a maintenance point of view the code reads better to view tagged
+ responses, then untagged followed by continuation responses.
- Moreover, it fixes broken indentation of this chunk of code.
+ Additionally, this matches the order of responses in POP3.
-- curl.1: clarify -x usage
-
- 1 - fix the syntax in the .IP line
-
- 2 - Provided user names and passwords are URL decoded by libcurl
-
- Bug: http://curl.haxx.se/bug/view.cgi?id=3525935
+- [Jiri Hruska brought this change]
-- NTLM: is supported in GnuTLS builds too
+ imap: Added stricter parsing of continuation responses
- ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4
+ Enhanced the parsing to only allow continuation responses in some
+ states.
-- TODO: happy eyeballs is now RFC6555
+- imap: Simplified memcmp() in tagged response parsing
-- my_useragent: shorten user-agent
-
- The built-in user-agent will now only say curl/[version] and nothing
- else in an attempt to decrease overhead in HTTP requests.
+- [Jiri Hruska brought this change]
-- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too
+ imap: Reworked the logic of untagged command responses
-Claes Jakobsson (3 May 2012)
-- Add note about default timeout in CURLOPT_TIMEOUT
+- imap: Corrected spacing of trailing brace
-Daniel Stenberg (2 May 2012)
-- [Gokhan Sengun brought this change]
+- [Jiri Hruska brought this change]
- MD5: OOM fix
+ imap: Added stricter parsing of tagged command responses
- check whether md5 initialization succeeded before updating digest of
- buffers onto it
+ Enhanced the parsing of tagged responses which must start with "OK",
+ "NO" or "BAD"
-- REALEASE-NOTES: synced with 64f48e884e3c1
+- [Jiri Hruska brought this change]
-- [Jan Schaumann brought this change]
+ imap: Simplified command response test in imap_endofresp()
- add newly created manual page
+- [Jiri Hruska brought this change]
-- [Jan Schaumann brought this change]
+ imap: Corrected comment in imap_endofresp()
- add a manual page for mk-ca-bundle
-
-Guenter Knauf (26 Apr 2012)
-- Updated dependency lib versions.
-
-Daniel Stenberg (23 Apr 2012)
-- URL parse: reject numerical IPv6 addresses outside brackets
+- DOCS: Corrected layout of POP3 and IMAP URL examples
- Roman Mamedov spotted (in
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
- not complain when given a URL with an IPv6 numerical address without
- brackets. It would simply cut off the last ":[hex]" part and thus not
- work correctly.
+ Corrected layout issues with the POP3 and IMAP URL examples introduced
+ in commit cb3ae6894fb2.
+
+- DOCS: Updated CURLOPT_URL section following recent POP3 and IMAP changes
- That's a URL using an illegal syntax and now libcurl will instead return
- a clear error code and error message detailing the error.
+ Updated the POP3 sub-section to refer to message ID rather than mailbox.
- The above mentioned bug report claims this to be a regression but
- libcurl does not guarantee functionality when given URLs that aren't
- following the URL spec (RFC3986 mostly). I consider the fact that it
- used to handle this differently a mere coincidence.
+ Added an IMAP sub-section with example URLs depicting the specification
+ of mailbox, uid and section.
-- Curl_MD5_init: fix OOM memory leak
+- pop3: Refactored the mailbox variable as it didn't reflect it's purpose
- Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
- Reported by: Michael Mueller
+ Updated the mailbox variable to correctly reflect it's purpose. The
+ name mailbox was a leftover from when IMAP and POP3 support was
+ initially added to curl.
-- [Gokhan Sengun brought this change]
+- FEATURES: Updated following recent IMAP changes
- OpenSSL cert: provide more details when cert check fails
-
- curl needs to be more chatty regarding certificate verification failure
- during SSL handshake
+- [Jiri Hruska brought this change]
-Yang Tse (23 Apr 2012)
-- Revert "sspi: Added version information"
+ imap: Added the ability to FETCH a specific UID and SECTION
- This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a.
-
-- Revert "sspi - Small code tidy up"
+ Updated the FETCH command to send the UID and SECTION parsed from the
+ URL. By default the BODY specifier doesn't include a section, BODY[] is
+ now sent whereas BODY[TEXT] was previously sent. In my opinion
+ retrieving just the message text is rarely useful when dealing with
+ emails, as the headers are required for example, so that functionality
+ is not retained. In can however be simulated by adding SECTION=TEXT to
+ the URL.
- This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687.
+ Also updated test801 and test1321 due to the BODY change.
-- Revert "Fixed 'extra tokens at end of #endif directive'."
-
- This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6.
+- email: Additional tidy up of comments following recent changes
-- Revert "Fixed 'Trailing whitespace' found by checksrc."
+- smtp: Removed some FTP heritage leftovers
+
+ Removed user and passwd from the SMTP struct as these cannot be set on
+ a per-request basis and are leftover from legacy FTP code.
- This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523.
+ Changed some comments still using FTP terminology.
-- Revert "sspi: Code tidy up to remove unused variable."
+- smtp: Moved the per-request variables to the per-request data structure
- This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac.
+ Moved the rcpt variable from the per-connection struct smtp_conn to the
+ new per-request struct and fixed references accordingly.
-- Revert "Add -lversion if build with SSPI."
+- pop3: Introduced a custom SMTP structure for per-request data
- This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85.
+ Created a new SMTP structure and changed the type of the smtp proto
+ variable in connectdata from FTP* to SMTP*.
-Guenter Knauf (23 Apr 2012)
-- Add -lversion if build with SSPI.
+unknown (23 Feb 2013)
+- [Steve Holme brought this change]
-Steve Holme (22 Apr 2012)
-- sspi: Code tidy up to remove unused variable.
+ imap: Minor correction of comments for max line length
-Guenter Knauf (22 Apr 2012)
-- Fixed 'Trailing whitespace' found by checksrc.
+Daniel Stenberg (23 Feb 2013)
+- strcasestr: remove check for this unused function
-- Fixed 'extra tokens at end of #endif directive'.
+- pop3: fix compiler warning
+
+ error: declaration of 'pop3' shadows a previous local
-Steve Holme (22 Apr 2012)
-- sspi - Small code tidy up
+Steve Holme (23 Feb 2013)
+- [Jiri Hruska brought this change]
-- sspi: Added version information
+ imap: Added URL parsing of new variables
- Added version information for Windows SSPI to curl's main version
- string and removed SSPI from the features string.
+ Updated the imap_parse_url_path() function to parse uidvalidity, uid and
+ section parameters based on RFC-5092.
-Daniel Stenberg (20 Apr 2012)
-- HTTP: empty chunked POST ended up in two zero size chunks
-
- When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
- size of the POST was zero length, it made libcurl first send a zero
- chunk and then the terminating one. This could confuse a receiver and it
- should rather just send the terminating chunk as it does with this fix.
-
- Test case 1333 is added to verify.
+- [Jiri Hruska brought this change]
+
+ imap: Introduced imap_is_bchar() function
- Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
- Reported by: Arnaud Compan
+ Added imap_is_bchar() for testing if a given character is a valid bchar
+ or not.
-Guenter Knauf (20 Apr 2012)
-- Updated dependency lib versions.
+- [Jiri Hruska brought this change]
-Daniel Stenberg (19 Apr 2012)
-- singleipconnect: return OK even when Curl_socket() fails
+ imap: Introduced new per-request veriables
- Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0).
+ Added uidvalidity, uid and section variables to the per-request IMAP
+ structure in preparation for upcoming URL parsing.
+
+- pingpong: Renamed curl_ftptransfer to curl_pp_transfer
+
+- pop3: Removed some FTP heritage leftovers
- The singleipconnect() function must not return an error if Curl_socket()
- returns an error. It should then simply return OK and pass a SOCKET_BAD
- back simply because that is how the user of this function expects it to
- work and something else is not fine.
+ Removed user and passwd from the POP3 struct as these cannot be set on
+ a per-request basis and are leftover from legacy FTP code.
- Reported by: Blaise Potard
- Bug: http://curl.haxx.se/bug/view.cgi?id=3516508
+ Changed some comments still using FTP terminology.
-Yang Tse (19 Apr 2012)
-- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
+- pop3: Moved the per-request variables to the per-request data structure
- MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
- SunPro compiler detected curl tool --libcurl option related missing adjustments.
+ Moved the mailbox and custom request variables from the per-connection
+ struct pop3_conn to the new per-request struct and fixed references
+ accordingly.
-- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
+- pop3: Introduced a custom POP3 structure for per-request data
- Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.
-
- Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.
+ Created a new POP3 structure and changed the type of the pop3 proto
+ variable in connectdata from FTP* to POP*.
+
+- [Jiri Hruska brought this change]
-- Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
+ imap: Fixed escaping of mailbox names
- Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
- 'unsigned long' for proper handling and operating.
+ Used imap_atom() to escape mailbox names in imap_select().
-- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed
+- pingpong: Moved curl_ftptransfer definition to pingpong.h
- Info: http://curl.haxx.se/mail/lib-2012-04/0170.html
+ Moved the ftp transfer structure into pingpong.h so other protocols that
+ require it don't have to include ftp.h.
-- Some explicit conversion to 'long' of curl_easy_setopt() third argument
+- urldata.h: Fixed comment for opt_no_body variable
- Explicit conversion to 'long' of curl_easy_setopt() third argument for options
- CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are
- docummented to be used.
+ Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
-- build adjustments: commit 9e24b9c7 follow-up
+- email: Minor tidy up following IMAP changes
-Daniel Stenberg (17 Apr 2012)
-- -# progress meter: avoid superfluous updates and duplicate lines
-
- By comparing if a different "progress point" is reached or not since the
- previous update, the progress function callback for this now avoids many
- superfluous screen updates. This has the nice side-effect that it fixes
- a problem that causes a second progress meter line.
-
- The second line output happened because when we use the -# progress
- meter, we force a newline output after the transfer in the main loop in
- curl, but when libcurl calls the progress callback from
- curl_easy_cleanup() it would then output the progress display
- again. Possibly the naive newline output is wrong but this optimization
- was suitable anyway...
+- [Jiri Hruska brought this change]
+
+ imap: Removed more FTP leftovers
- Reported by: Daniel Theron
- Bug: http://curl.haxx.se/bug/view.cgi?id=3517418
+ Changed some variables and comments still using FTP terminology.
-Yang Tse (16 Apr 2012)
-- nss.c: fix compiler warning
+- [Jiri Hruska brought this change]
-- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds
+ imap: Removed some FTP heritage leftovers
- When building a Windows target with gcc 4.5 or newer and strict compiler
- warnings enabled use -Wno-pedantic-ms-format in addition to other flags.
+ Removed user and passwd from the IMAP struct as these cannot be set on
+ a per-request basis and are leftover from legacy FTP code.
-Kamil Dudka (16 Apr 2012)
-- tests/valgrind.pm: suppress memleaks of NSS_InitContext()
-
- Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
+- [Jiri Hruska brought this change]
-Yang Tse (14 Apr 2012)
-- setup_once.h: tighten requirements for stdbool.h header inclusion
+ imap: Introduced a custom IMAP structure for per-request data
- Include stdbool.h only when it is available and configure is capable of
- detecting a proper 'bool' data type when the header is included.
+ Created a new IMAP structure and changed the type of the imap proto
+ variable in connectdata from FTP* to the new IMAP*.
- Compilation fix for old or unpatched versions of XL C compiler.
+ Moved the mailbox variable from the per-connection struct imap_conn to
+ the new per-request struct and fixed references accordingly.
+
+- pop3: Updated do phrase clean-up comment
- Report: http://curl.haxx.se/mail/archive-2012-04/0022.html
+ Following commit 65644b833532 for the IMAP module updated the clean-up
+ comment in POP3.
-- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
+- imap: Fixed memory leak when performing multiple selects
- Usage in other code paths already protected and requiring even newer versions.
+ Moved the clean-up of the mailbox variable from imap_disconnect() to
+ imap_done() as this variable is allocated in the do phase, yet would
+ have only been freed only once if multiple selects where preformed
+ on a single connection.
-- [Jonathan Nieder brought this change]
+Daniel Stenberg (22 Feb 2013)
+- [Alexander Klauer brought this change]
- headers: surround GCC attribute names with double underscores
-
- This protects from attribute names being defined by third party's code.
+ Documentation: Typo in docs/CONTRIBUTE
- Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html
+ Fixes a typo get → git in docs/CONTRIBUTE.
-Guenter Knauf (13 Apr 2012)
-- Updated copyright year.
+- [Alexander Klauer brought this change]
-Yang Tse (13 Apr 2012)
-- testcurl.pl: build example programs for Android cross-compiles
+ repository: ignore patch files generated by git
+
+ Ignores the patch files generated by the 'git format-patch' command.
-- nss.c: fix compiler warning
+- [Alexander Klauer brought this change]
-- examples: fix compiler warnings
+ libcurl documentation: clarifications and typos
+
+ * Elaborates on default values of some curl_easy_setopt() options.
+ * Reminds the user to cast variadic arguments to curl_easy_setopt() to
+ 'void *' where curl internally interprets them as such.
+ * Clarifies the working of the CURLOPT_SEEKFUNCTION option for
+ curl_easy_setopt().
+ * Fixes typo 'forth' → 'fourth'.
+ * Elaborates on CURL_SOCKET_TIMEOUT.
+ * Adds some missing periods.
+ * Notes that the return value of curl_version() must not be passed to
+ free().
-Kamil Dudka (13 Apr 2012)
-- nss: provide human-readable names for NSS errors
+- [Alexander Klauer brought this change]
-- nss: use NSS_InitContext() to initialize NSS if available
+ lib/url.c: Generic read/write data pointers
- NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
- collisions on NSS initialization/shutdown with other libraries.
-
- Bug: https://bugzilla.redhat.com/738456
+ Always interprets the pointer passed with the CURLOPT_WRITEDATA or
+ CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in
+ order to avoid problems in environments where FILE and void pointers
+ have non-trivial conversion.
+
+- [Alexander Klauer brought this change]
-- nss: unconditionally require PK11_CreateGenericObject()
+ libcurl documentation: updates HTML index
- This bumps the minimal supported version of NSS to 3.12.x.
+ * Adds several links to documentation of library functions which were
+ missing.
+ * Marks documentation of deprecated library functions "(deprecated)".
+ * Removes spurious .html suffixes.
-Guenter Knauf (13 Apr 2012)
-- Set batch mode to 755 to make Cygwin git pulls work.
+- ossl_seed: avoid recursive seeding!
-- Added section for Android configure cross-compile.
+Steve Holme (22 Feb 2013)
+- [Jiri Hruska brought this change]
-- Added NetWare export.
+ Fixed checking the socket if there is data waiting in the cache
+
+ Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is
+ more data to be received, rather than the socket state, as a task could
+ hang waiting for more data from the socket itself.
-Yang Tse (12 Apr 2012)
-- testcurl.pl: build example programs for MinGW cross-compiles
+- imap.c: Fixed an incorrect variable reference
+
+ Fixed an incorrect variable reference which was introduced in commit
+ a1701eea289f as a result of a copy and paste from SMTP/POP3.
-- tool_operate.c: fix compiler warning
+- [Jiri Hruska brought this change]
-- url.c: fix compiler warning
+ pingpong: Introduce Curl_pp_moredata()
+
+ A simple function to test whether the PP is not sending and there are
+ still more data in its receiver cache. This will be later utilized to:
+
+ 1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
+ not test socket state and just call user's statemach_act() function
+ when there are more data to process, because otherwise the task would
+ just hang, waiting for more data from the socket.
+
+ 2) Allow PP users to read multiple responses by looping as long as there
+ are more data available and current phase is not finished.
+ (Currently needed for correct processing of IMAP SELECT responses.)
-Guenter Knauf (12 Apr 2012)
-- Updated dependency lib versions (2nd try).
+Nick Zitzmann (19 Feb 2013)
+- FEATURES: why yes, we do support metalink
+
+ I just noticed Metalink support wasn't listed as a feature of the tool.
-- Updated dependency lib versions.
+- metalink: fix improbable crash parsing metalink filename
+
+ The this_url pointer wasn't being initialized, so if strdup() would return
+ null when copying the filename in a metalink file, then hilarity would
+ ensue during the cleanup phase. This change was brought to you by clang,
+ which noticed this and raised a warning.
-Yang Tse (12 Apr 2012)
-- tool_formparse.c: rename a couple of vars to avoid declaration shadowing
+Yang Tse (19 Feb 2013)
+- smtp.c: fix enumerated type mixed with another type
-- OS400/initscript.sh: fix db2_name() module name generation
+- polarssl threadlock cleanup
+
+Nick Zitzmann (18 Feb 2013)
+- docs: schannel and darwinssl documentation improvements
- Allow repeatable file name length reduction on file names with underscore or
- dash characters. This is done in order to better support libcurl's existing
- source file names and allow OS/400 package to build out of the box again.
+ Schannel and darwinssl use the certificates built into the
+ OS to do vert verification instead of bundles. darwinssl
+ is thread-safe. Corrected typos in the NSS docs.
-- testcurl.pl: log more environment vars that modify configure and build behavior
+Daniel Stenberg (18 Feb 2013)
+- resolver_error: remove wrong error message output
+
+ The attempt to use gai_strerror() or alternative function didn't work as
+ the 'sock_error' field didn't contain the proper error code. But since
+ this hasn't been reported and thus isn't really a big deal I decided to
+ just scrap the whole attempt to output the detailed resolver error and
+ instead remain with just stating that the resolving of the name failed.
-- configure: NATIVE_WINDOWS no longer defined in config files
+- [Kim Vandry brought this change]
-- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
-
- configure script now provides conditional definitions for Makefile.am
- that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
- when appropriate.
+ Curl_resolver_is_resolved: show proper host name on failed resolve
+
+- Curl_resolver_is_resolved: fix compiler warning
- Additionally, configure script option for symbol hiding control is now
- named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
- old option name --enable-hidden-symbols --disable-hidden-symbols will
- be deprecated in some future release.
+ conversion to 'int' from 'long int' may alter its value
-- build adjustments: functionally revert commits 4d3fb91f and bbfe1182
+- compiler warning fix
- Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix.
+ follow-up to commit ed7174c6f66, rename 'wait' to 'block'
-- test servers: build adjustment
+- compiler warning fix: declaration of 'wait' shadows a global declaration
+
+ It seems older gcc installations (at least) will cause warnings if we
+ name a variable 'wait'. Now changed to 'block' instead.
- Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
- leak from lib/setup.h into source files where this should not be defined.
+ Reported by: Jiří Hruška
+ Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
-- libtests: build adjustment
+Nick Zitzmann (17 Feb 2013)
+- MacOSX-Framework: Make script work in Xcode 4.0 and later
- Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
- leak from lib/setup.h into source files where this should not be defined.
+ Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
+ Developer folder was moved, and PowerPC support was removed. The script
+ will now adapt to those changes and should be future-proofed against
+ additional changes in case Apple moves the Developer folder ever again.
+ Also, the minimum OS X version compiler option was removed, so that the
+ framework can be built against the latest SDK but still run in older cats.
-- curl tool: make setup.h first header included in tool_setup.h again
+Daniel Stenberg (17 Feb 2013)
+- docs: refer to CURLOPT_ACCEPT_ENCODING instead of the old name
-- curl tool: use configuration files from lib directory - follow-up II
+Steve Holme (16 Feb 2013)
+- email: Tidied up result code variables
- lib/config-win32.h no longer copied to src/config-win32.h
+ Tidied up result variables to be consistent in name, declaration order
+ and default values.
-- configure: Windows cross-compilation fixes
+Nick Zitzmann (16 Feb 2013)
+- ntlm_core: fix compiler warning when building with clang
- BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
- configure will generate appropriate conditionals so that mentioned symbols
- get defined and used in Makefiles at compilation time
+ Fixed a 64-to-32 compiler warning raised when building with
+ clang and the --with-darwinssl option.
-- curl tool: make curl.h first header included in tool_setup.h
+Daniel Stenberg (16 Feb 2013)
+- Guile-curl: a new libcurl binding
-- curl tool: use configuration files from lib directory - follow-up I
+- polarsslthreadlock: #include the proper memory and debug includes
- amigaos.[ch] now integrates nicely with any libcurl build
+ Pointed out by Steve Holme
-- curl tool: use configuration files from lib directory
-
- Configuration files such as curl_config.h and all config-*.h no longer exist
- nor are generated/copied into 'src' directory, now these only exist in 'lib'
- directory from where curl tool sources uses them.
-
- Additionally old src/setup.h has been refactored into src/tool_setup.h which
- now pulls lib/setup.h
+Steve Holme (16 Feb 2013)
+- email: Removed unnecessary forward declaration
- The possibility of a makefile needing an include path adjustment exists.
+ Due to the reordering of functions in commit 586f5d361474 the forward
+ declaration to state_upgrade_tls() are no longer required.
-Daniel Stenberg (6 Apr 2012)
-- PolarSSL: correct return code for CRL matches
-
- When a server certificate matches one in the given CRL file, the code
- now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
+- pop3.c: Added reference to RFC-5034
+
+Daniel Stenberg (15 Feb 2013)
+- [Willem Sparreboom brought this change]
-- PolarSSL: include version number in version string
+ PolarSSL: Change to cURL coding style
- Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
- same style other libs and components do.
+ Repaired all curl/lib/checksrc.pl warnings in the previous four patches
-- test: added test 1332 that tests --post303
+- [Willem Sparreboom brought this change]
-- curl: add --post303 to set the CURL_REDIR_POST_303 option
+ PolarSSL: WIN32 threading support for entropy
+
+ Added WIN32 threading support for PolarSSL entropy if
+ --enable-threaded-resolver config flag is set and process.h can be found.
-- [Andrei Cipu brought this change]
+- [Willem Sparreboom brought this change]
- CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
+ PolarSSL: pthread support for entropy
- As it turns out, some people do want that after all.
+ Added pthread support for polarssl entropy if --enable-threaded-resolver
+ config flag is set and pthread.h can be found.
-- test1331: cookies on a 407 response
+- [Willem Sparreboom brought this change]
+
+ PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
- Verify that cookies are sent back even after a 407 response has been
- received
+ Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
-- [Dag Ekengren brought this change]
+- [Willem Sparreboom brought this change]
- PolarSSL: add support for asynchronous connect
+ PolarSSL: added human readable error strings
+
+ Print out human readable error strings for PolarSSL related errors
-- [Tim Heckman brought this change]
+Steve Holme (15 Feb 2013)
+- pop3: Removed unnecessary state changes on failure
- Revert "access the CA source file using HTTPS"
-
- This reverts commit f7e2ab6.
-
- This change caused fetching of the certificates to become unreliable.
-
- Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
- Reported by: Tim Heckman
+- imap: Removed unnecessary state change on failure
-- [Andrei Cipu brought this change]
+Daniel Stenberg (15 Feb 2013)
+- metalink_cleanup: yet another follow-up fix
- IPv6 cookie domain: get rid of the first bracket before the second.
+- metalink_cleanup: define it without argument
- Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
- character.
+ Since the function takes no argument, the macro shouldn't take one as
+ some compilers will error out on that.
-- MAIL-ETIQUETTE: Added "How to unsubscribe"
+- rename "easy" statemachines: call them block instead
- ... as it seems to hard for some people
+ ... since they're not used by the easy interface really, I wanted to
+ remove the association. Also, I unified the pingpong statemachine driver
+ into a single function with a 'wait' argument: Curl_pp_statemach.
-Yang Tse (4 Apr 2012)
-- ftp.c: ftplistparser related OOM handling fix
+Yang Tse (15 Feb 2013)
+- [Gisle Vanem brought this change]
-- smtp.c: fix compiler warnings
+ curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s()
-- lib599.c: fix compiler warning
+- [Gisle Vanem brought this change]
-Daniel Stenberg (4 Apr 2012)
-- runtests: yassl and polarssl are not openssl
-
- Don't set the "has_openssl" variable if yassl or polarssl is found as
- they will simply not work as 100% drop-in replacements for some of the
- stuff the "OpenSSL" feature is used for.
-
- I spotted this problem when doing test runs with PolarSSL builds.
+ config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32
-- [Lijo Antony brought this change]
+- [Gisle Vanem brought this change]
- connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
-
- Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
- returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
- conveys incorrect information to the user.
+ config-dos.h: define strerror() to strerror_s_() for High-C
-Steve Holme (2 Apr 2012)
-- pop3: Reworked the command sending and handling
-
- Reworked the command sending from two specific LIST and RETR command
- functions into a single command based function as well as the two
- associated response handlers into a generic command handler.
+- [Gisle Vanem brought this change]
-Daniel Stenberg (1 Apr 2012)
-- [Dave Reisner brought this change]
+ config-dos.h: define HAVE_TERMIOS_H only for djgpp
- curl tool: add filename_effective token for --write-out
+Steve Holme (14 Feb 2013)
+- smtp.c: Fixed a trailing whitespace
- By modifying the parameter list for ourWriteOut() and passing the
- OutStruct that collects data in tool_operate, we get access to the
- remote name that we're writing to. Shell scripters should find this
- useful when used in conjuntion with the --remote-header-name option.
+ Remove tailing whitespace introduced in commit 7ed689d24a4e.
-Steve Holme (1 Apr 2012)
-- smtp.c: Code policing and tidy up
-
-Daniel Stenberg (1 Apr 2012)
-- [Armel Asselin brought this change]
+- pop3: Fixed blocking SSL connect when connecting via POP3S
+
+ A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
+ connection layer was reworked in 7.29. Not only would this cause the
+ connection to block but had the additional overhead of calling the
+ non-blocking connect a little bit later.
- SSH: public key can now be an empty string
+- smtp: Refactored the smtp_state_auth_resp() function
- If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
- pass no public key to libssh2 which then tries to compute it from the
- private key. This is known to work when libssh2 1.4.0+ is linked against
- OpenSSL.
+ Renamed smtp_state_auth_resp() function to match the implementations in
+ IMAP and POP3.
-- [Tatsuhiro Tsujikawa brought this change]
+Daniel Stenberg (14 Feb 2013)
+- remove ifdefs
+
+ Clarify the code by reducing ifdefs
- OpenSSL: Made cert hostname check conform to RFC 6125
+- strlcat: remove function
- This change replaces RFC 2818 based hostname check in OpenSSL build with
- RFC 6125 [1] based one.
+ This function was only used twice, both in places where performance
+ isn't crucial (socks + if2ip). Removing the use of this function removes
+ the need to have our private version for systems without it == reduced
+ amount of code.
- The hostname check in RFC 2818 is ambiguous and each project implements
- it in the their own way and they are slightly different. I check curl,
- gnutls, Firefox and Chrome and they are all different.
+ Also, in the SOCKS case it is clearly better to fail gracefully rather
+ than to truncate the results.
- I don't think there is a bug in current implementation of hostname
- check. But it is not as strict as the modern browsers do. Currently,
- curl allows multiple wildcard character '*' and it matches '.'. (as
- described in the comment in ssluse.c).
+ This work was triggered by a bug report on the strcal prototype in
+ strequal.h.
- Firefox implementation is also based on RFC 2818 but it only allows at
- most one wildcard character and it must be in the left-most label in the
- pattern and the wildcard must not be followed by any character in the
- label.[2] Chromium implementation is based on RFC 6125 as my patch does.
- Firefox and Chromium both require wildcard in the left-most label in the
- presented identifier.
+ strlcat was added in commit db70cd28 in February 2001!
- This patch is more strict than the current implementation, so there may
- be some cases where old curl works but new one does not. But at the same
- time I think it is good practice to follow the modern browsers do and
- follow the newer RFC.
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1192
+ Reported by: Jeremy Huddleston
+
+- Curl_FormBoundary: made static
- [1] http://tools.ietf.org/html/rfc6125#section-6.4.3
- [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
+ As Curl_FormBoundary() is no longer used outside of this file (since
+ commit ad7291c1a9d), it is now renamed to formboundary() and is made
+ static.
-- HTTP: reset expected DL/UL sizes on redirects
+- ossl_seed: fix the last resort PRNG seeding
+
+ Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
+ this now uses Curl_ossl_random() to get entropy.
+
+Steve Holme (13 Feb 2013)
+- email: Tidy up before additional IMAP work
+
+ Replaced two explicit comparisons of CURLE_OK with boolean alternatives.
- With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
- download size was known (like with a Content-Length header), but the
- subsequent URL (transfered after the 3xx page) was chunked encoded, then
- the previous "known download size" would linger and cause the progress
- meter to get incorrect information, ie the former value would remain
- being sent in. This could easily result in downloads that were WAY
- larger than "expected" and would cause >100% outputs with the curl
- command line tool.
+ General tidy up of comments.
+
+- smtp: Removed duplicate pingpong structure initialisation
- Test case 599 was created and it was used to repeat the bug and then
- verify the fix.
+ The smtp_connect() function was setting the member variables of the
+ pingpong structure twice, once before calling Curl_pp_init() and once
+ after!
+
+Yang Tse (13 Feb 2013)
+- move msvc IDE related files to 'vs' directory tree
- Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
- Reported by: Michael Wallner
+ Use 'vs' directory tree given that 'vc' intended one clashes
+ with an already existing build target in file Makefile.dist.
-Steve Holme (31 Mar 2012)
-- [Gökhan Şengün brought this change]
+Daniel Stenberg (13 Feb 2013)
+- install-sh: updated to support multiple source files as arguments
+
+ Version 7.29.0 uses Makefiles generated with a newer version of the
+ autotools than the previous 7.28.1. These Makefiles try to install
+ e.g. header files by calling install-sh with multiple source files as
+ arguments. The bundled install-sh is to old and does not support this.
+
+ The problem only occurs, if install-sh is actually being used, ie. the
+ platform install executable is to old or not usable. Example: Solaris
+ 10.
+
+ The files install-sh and mkinstalldirs are now updated with the automake
+ 1.11.3 versions. A better fix might be to completely remove them from
+ git and force the files to be added/created during buildconf.
+
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1195
+ Reported by: Rainer Jung
- smtp: Add support for DIGEST-MD5 authentication
+Yang Tse (13 Feb 2013)
+- move msvc IDE related files to 'vc' directory tree
-- [Gökhan Şengün brought this change]
+- msvc IDE 'vc' directory tree preparation
- smtp: Cody tidy up of md5 digest length
+Steve Holme (12 Feb 2013)
+- imap: Corrected a whitespace issue from previous commit
- Replaced the hard coded md5 digest length (16) with a preprocessor
- constant
+ Fixed a small whitespace issue that crept in there in commit
+ 508cdf4da4d7.
-- [Gökhan Şengün brought this change]
+- email: Another post optimisation of endofresp() tidy up
- md5: Add support for calculating the md5 sum of buffers incrementally
+- sasl: Fixed null pointer reference when decoding empty digest challenge
+
+ Fixed a null pointer reference when an empty challenge is passed to the
+ Curl_sasl_create_digest_md5_message() function.
- It is now possible to calculate the md5 sum as the stream of buffers
- becomes known where as previously it was only possible to calculate the
- md5 sum of a pre-prepared buffer.
+ Bug: http://sourceforge.net/p/curl/bugs/1193/
+ Reported by: Saran Neti
-Daniel Stenberg (31 Mar 2012)
-- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
+- email: Post optimisation of endofresp() tidy up
- This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770.
+ Removed unnecessary end of line check and return.
+
+Nick Zitzmann (12 Feb 2013)
+- darwinssl: Fix send glitchiness with data > 32 or so KB
- It turned out that "improvement" instead made the fetching of the
- certificates unreliable
+ An ambiguity in the SSLWrite() documentation lead to a bad inference in the
+ code where we assumed SSLWrite() returned the amount of bytes written to
+ the socket, when that is not actually true; it returns the amount of data
+ that is buffered for writing to the socket if it returns errSSLWouldBlock.
+ Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.
- Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
- Reported by: Tim Heckman
+ Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
-Steve Holme (31 Mar 2012)
-- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST
+Steve Holme (12 Feb 2013)
+- pingpong.h: Fixed line length over 78 characters from b56c9eb48e3c
-- pop3: Added support for additional pop3 commands
+- pingpong: Optimised the endofresp() function
+
+ Reworked the pp->endofresp() function so that the conndata, line and
+ line length are passed down to it just as with Curl_client_write()
+ rather than each implementation of the function having to query
+ these values.
- This feature allows the user to specify and use additional POP3
- commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
- curl's -X command line option.
+ Additionally changed the int return type to bool as this is more
+ representative of the function's usage.
-Yang Tse (30 Mar 2012)
-- [tetetest tetetest brought this change]
+- email: Post STARTLS capability code tidy up (Part Three)
+
+ Corrected the order of the upgrade_tls() functions and moved the handler
+ upgrade and getsock() functions out from the middle of the state related
+ functions.
- CMakeLists.txt: fix Windows LDAP/LDAPS option handling
+- email: Post STARTLS capability code tidy up (Part Two)
- bug: http://curl.haxx.se/mail/lib-2012-03/0278.html
+ Corrected the order of the pop3_state_capa() / imap_state_capability()
+ and the pop3_state_capa_resp() / imap_state_capability_resp() functions
+ to match the execution order.
-- [tetetest tetetest brought this change]
+Daniel Stenberg (11 Feb 2013)
+- [ulion brought this change]
- CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix
+ SOCKS: fix socks proxy when noproxy matched
+
+ Test 1212 added to verify
- bug: http://curl.haxx.se/mail/lib-2012-03/0255.html
+ Bug: http://curl.haxx.se/bug/view.cgi?id=1190
-Steve Holme (28 Mar 2012)
-- TODO: Corrected POP3 section heading
+Steve Holme (11 Feb 2013)
+- ntlm: Updated comments for the addition of SASL support to IMAP in v7.29
-Yang Tse (28 Mar 2012)
-- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
+- RELEASE-NOTES: Updated following the recent imap/pop3/smtp changes
+
+Linus Nielsen Feltzing (10 Feb 2013)
+- Fix NULL pointer reference when closing an unused multi handle.
+
+Steve Holme (10 Feb 2013)
+- email: Post STARTLS capability code tidy up (Part One)
- Take in account that h_errno might be a modifiable lvalue not defined as
- a C preprocessor macro
+ Corrected the order of the CAPA / CAPABILITY state machine constants to
+ match the execution order.
-Steve Holme (27 Mar 2012)
-- TODO: Added SMTP and POP3 specific features
+- imap: Fixed memory leak following commit f6010d9a0359
-Yang Tse (27 Mar 2012)
-- [Olaf Flebbe brought this change]
+- smtp: Added support for the STARTTLS capability (Part Two)
+
+ Added honoring of the tls_supported flag when starting a TLS upgrade
+ rather than unconditionally attempting it. If the use_ssl flag is set
+ to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+ connection will continue to authenticate. If this flag is set to
+ CURLUSESSL_ALL then the connection will complete with a failure as it
+ did previously.
- tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0
+- pop3: Added support for the STLS capability (Part Three)
- curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0
+ Added honoring of the tls_supported flag when starting a TLS upgrade
+ rather than unconditionally attempting it. If the use_ssl flag is set
+ to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+ connection will continue to authenticate. If this flag is set to
+ CURLUSESSL_ALL then the connection will complete with a failure as it
+ did previously.
+
+- imap: Added support for the STARTTLS capability (Part Three)
- bug: http://curl.haxx.se/bug/view.cgi?id=3511794
+ Added honoring of the tls_supported flag when starting a TLS upgrade
+ rather than unconditionally attempting it. If the use_ssl flag is set
+ to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+ connection will continue to authenticate. If this flag is set to
+ CURLUSESSL_ALL then the connection will complete with a failure as it
+ did previously.
-- test #1405: support HTTP disabled builds
+Daniel Stenberg (10 Feb 2013)
+- [Alessandro Ghedini brought this change]
-Steve Holme (26 Mar 2012)
-- test #809: Updated error code to match recent pop3 changes
+ htmltitle: fix suggested build command
-Yang Tse (25 Mar 2012)
-- ssh.c: code cleanup, Curl_safefree() already nullifies pointer
+Steve Holme (10 Feb 2013)
+- pop3: Added support for the STLS capability (Part Two)
+
+ Added sending of initial CAPA command before STLS is sent. This allows
+ for the detection of the capability before trying to upgrade the
+ connection.
-- fix some compiler warnings
+- imap: Added support for the STARTTLS capability (Part Two)
+
+ Added sending of initial CAPABILITY command before STARTTLS is sent.
+ This allows for the detection of the capability before trying to
+ upgrade the connection.
-Steve Holme (25 Mar 2012)
-- pop3.c: Corrected problem with state() introduced in 01690ed2bce5
+- smtp: Added support for the STLS capability (Part One)
+
+ Introduced detection of the STARTTLS capability, in order to add support
+ for TLS upgrades without unconditionally sending the STARTTLS command.
-- pop.c: Small code tidy up
+- pop3: Added support for the STLS capability (Part One)
+
+ Introduced detection of the STLS capability, in order to add support
+ for TLS upgrades without unconditionally sending the STLS command.
-- pop3: Removed the need for the single message LIST command handler
+- imap: Added support for the STARTTLS capability (Part One)
- Simplified the code to remove the need for a separate "LIST <msg id>"
- command handler and state machine and instead use the LIST command
- handler for both operations.
+ Introduced detection of the STARTTLS capability, in order to add support
+ for TLS upgrades without unconditionally sending the STARTTLS command.