summaryrefslogtreecommitdiff
path: root/libs/libcurl/docs/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libcurl/docs/CHANGES')
-rw-r--r--libs/libcurl/docs/CHANGES7171
1 files changed, 0 insertions, 7171 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
deleted file mode 100644
index cbb1072dc5..0000000000
--- a/libs/libcurl/docs/CHANGES
+++ /dev/null
@@ -1,7171 +0,0 @@
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
-
- Changelog
-
-Version 7.60.0 (15 May 2018)
-
-Daniel Stenberg (15 May 2018)
-- RELEASE-NOTES: 7.60.0 release
-
-- THANKS: added people from the curl 7.60.0 release
-
-- docs/libcurl/index.html: removed
-
- The HTML files are long gone from the dist, now remove the last HTML
- file pointing to those missing files.
-
- d
-
-- [steini2000 brought this change]
-
- http2: remove unused variable
-
- Closes #2570
-
-- [steini2000 brought this change]
-
- http2: use easy handle of stream for logging
-
-- gcc: disable picky gcc-8 function pointer warnings in two places
-
- Reported-by: Rikard Falkeborn
- Bug: #2560
- Closes #2569
-
-- http2: use the correct function pointer typedef
-
- Fixes gcc-8 picky compiler warnings
- Reported-by: Rikard Falkeborn
- Bug: #2560
- Closes #2568
-
-- CODE_STYLE: mention return w/o parens, but sizeof with
-
- ... and remove the github markdown syntax so that it renders better on
- the web site. Also, don't use back-ticks inlined to allow the CSS to
- highlight source code better.
-
-- [Rikard Falkeborn brought this change]
-
- examples: Fix format specifiers
-
- Closes #2561
-
-- [Rikard Falkeborn brought this change]
-
- tool: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- ntlm: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- tests: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- lib: Fix format specifiers
-
-- contributors.sh: use "on github", not at
-
-- http2: getsock fix for uploads
-
- When there's an upload in progress, make sure to wait for the socket to
- become writable.
-
- Detected-by: steini2000 on github
- Bug: #2520
- Closes #2567
-
-- pingpong: fix response cache memcpy overflow
-
- Response data for a handle with a large buffer might be cached and then
- used with the "closure" handle when it has a smaller buffer and then the
- larger cache will be copied and overflow the new smaller heap based
- buffer.
-
- Reported-by: Dario Weisser
- CVE: CVE-2018-1000300
- Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
-
-- http: restore buffer pointer when bad response-line is parsed
-
- ... leaving the k->str could lead to buffer over-reads later on.
-
- CVE: CVE-2018-1000301
- Assisted-by: Max Dymond
-
- Detected by OSS-Fuzz.
- Bug: https://curl.haxx.se/docs/adv_2018-b138.html
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
-
-Patrick Monnerat (13 May 2018)
-- cookies: do not take cookie name as a parameter
-
- RFC 6265 section 4.2.1 does not set restrictions on cookie names.
- This is a follow-up to commit 7f7fcd0.
- Also explicitly check proper syntax of cookie name/value pair.
-
- New test 1155 checks that cookie names are not reserved words.
-
- Reported-By: anshnd at github
- Fixes #2564
- Closes #2566
-
-Daniel Stenberg (12 May 2018)
-- smb: reject negative file sizes
-
- Assisted-by: Max Dymond
-
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
-
-- setup_transfer: deal with both sockets being -1
-
- Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would
- index the array with -1 if neither index was a socket.
-
-- travis: add build using NSS
-
- Closes #2558
-
-- [Sunny Purushe brought this change]
-
- openssl: change FILE ops to BIO ops
-
- To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
- handling is causing problems. This fix changes the OpenSSL backend code
- to use BIO functions instead of FILE I/O functions to circumvent those
- problems.
-
- Closes #2512
-
-- travis: add a build using WolfSSL
-
- Assisted-by: Dan Fandrich
-
- Closes #2528
-
-- RELEASE-NOTES: typo
-
-- RELEASE-NOTES: synced
-
-- [Daniel Gustafsson brought this change]
-
- URLs: fix one more http url
-
- This file wasn't included in commit 4af40b3646d3b09 which updated all
- haxx.se http urls to https. The file was committed prior to that update,
- but may have been merged after it and hence didn't get updated.
-
- Closes #2550
-
-- github/lock: auto-lock closed issues after 90 days of inactivity
-
-- vtls: fix missing commas
-
- follow-up to e66cca046cef
-
-- vtls: use unified "supports" bitfield member in backends
-
- ... instead of previous separate struct fields, to make it easier to
- extend and change individual backends without having to modify them all.
-
- closes #2547
-
-- transfer: don't unset writesockfd on setup of multiplexed conns
-
- Curl_setup_transfer() can be called to setup a new individual transfer
- over a multiplexed connection so it shouldn't unset writesockfd.
-
- Bug: #2520
- Closes #2549
-
-- [Frank Gevaerts brought this change]
-
- configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
-
- They are removed from the compiler flags.
-
- This ensures that make dependency tracking will force a rebuild whenever
- configure --enable-debug or --enable-curldebug changes.
-
- Closes #2548
-
-- http: don't set the "rewind" flag when not uploading anything
-
- It triggers an assert.
-
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
- Closes #2546
-
-- travis: add an mbedtls build
-
- Closes #2531
-
-- configure: only check for CA bundle for file-using SSL backends
-
- When only building with SSL backends that don't use the CA bundle file
- (by default), skip the check.
-
- Fixes #2543
- Fixes #2180
- Closes #2545
-
-- ssh-libssh.c: fix left shift compiler warning
-
- ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
- represent, but 'int' only has 32 bits [-Wshift-overflow=]
-
- 'len' will never be that big anyway so I converted the run-time check to
- a regular assert.
-
-- [Stephan Mühlstrasser brought this change]
-
- URL: fix ASCII dependency in strcpy_url and strlen_url
-
- Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
- changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
- the problem that strcpy_url() was modified unilaterally without also
- modifying strlen_url(). As a consequence strcpy_url() was again
- depending on ASCII encoding.
-
- This change fixes strlen_url() and strcpy_url() in parallel to use a
- common host-encoding independent criterion for deciding whether an URL
- character must be %-escaped.
-
- Closes #2535
-
-- [Denis Ollier brought this change]
-
- docs: remove extraneous commas in man pages
-
- Closes #2544
-
-- RELEASE-NOTES: synced
-
-- Revert "TODO: remove configure --disable-pthreads"
-
- This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.
-
- --disable-pthreads can be used to disable pthreads and get the threaded
- resolver to use the windows threading when building with mingw.
-
-- vtls: don't define MD5_DIGEST_LENGTH for wolfssl
-
- ... as it defines it (too)
-
-- TODO: remove configure --disable-pthreads
-
-Jay Satiro (2 May 2018)
-- [David Garske brought this change]
-
- wolfssl: Fix non-blocking connect
-
- Closes https://github.com/curl/curl/pull/2542
-
-Daniel Stenberg (30 Apr 2018)
-- CURLOPT_URL.3: add ENCODING section [ci skip]
-
- Feedback-by: Michael Kilburn
-
-- KNOWN_BUGS: Client cert with Issuer DN differs between backends
-
- Closes #1411
-
-- KNOWN_BUGS: Passive transfer tries only one IP address
-
- Closes #1508
-
-- KNOWN_BUGS: --upload-file . hang if delay in STDIN
-
- Closes #2051
-
-- KNOWN_BUGS: Connection information when using TCP Fast Open
-
- Closes #1332
-
-- travis: enable libssh2 on both macos and Linux
-
- It seems to not be detected by default anymore (which is a bug I
- believe)
-
- Closes #2541
-
-- TODO: Support the clienthello extension
-
- Closes #2299
-
-- TODO: CLOEXEC
-
- Closes #2252
-
-- tests: provide 'manual' as a feature to optionally require
-
- ... and make test 1026 rely on that feature so that --disable-manual
- builds don't cause test failures.
-
- Reported-by: Max Dymond and Anders Roxell
- Fixes #2533
- Closes #2540
-
-- CURLINFO_PROTOCOL.3: mention the existing defined names
-
-Jay Satiro (27 Apr 2018)
-- [Daniel Gustafsson brought this change]
-
- cookies: remove unused macro
-
- Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
- so remove as it's not part of the published API.
-
- Closes https://github.com/curl/curl/pull/2537
-
-Daniel Stenberg (27 Apr 2018)
-- [Daniel Gustafsson brought this change]
-
- checksrc: force indentation of lines after an else
-
- This extends the INDENTATION case to also handle 'else' statements
- and require proper indentation on the following line. Also fixes the
- offending cases found in the codebase.
-
- Closes #2532
-
-- http2: fix null pointer dereference in http2_connisdead
-
- This function can get called on a connection that isn't setup enough to
- have the 'recv_underlying' function pointer initialized so it would try
- to call the NULL pointer.
-
- Reported-by: Dario Weisser
-
- Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
- Closes #2536
-
-- http2: get rid of another strstr()
-
- Follow-up to 1514c44655e12e: replace another strstr() call done on a
- buffer that might not be zero terminated - with a memchr() call, even if
- we know the substring will be found.
-
- Assisted-by: Max Dymond
-
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
-
- Closes #2534
-
-- cyassl: adapt to libraries without TLS 1.0 support built-in
-
- WolfSSL doesn't enable it by default anymore
-
-- configure: provide --with-wolfssl as an alias for --with-cyassl
-
-- RELEASE-NOTES: synced
-
-- [Daniel Gustafsson brought this change]
-
- os400.c: fix ASSIGNWITHINCONDITION checksrc warnings
-
- All occurrences of assignment within conditional expression in
- os400sys.c rewritten into two steps: first assignment and then the check
- on the success of the assignment. Also adjust related incorrect brace
- positions to match project indentation style.
-
- This was spurred by seeing "if((inp = input_token))", but while in there
- all warnings were fixed.
-
- There should be no functional change from these changes.
-
- Closes #2525
-
-- [Daniel Gustafsson brought this change]
-
- cookies: ensure that we have cookies before writing jar
-
- The jar should be written iff there are cookies, so ensure that we still
- have cookies after expiration to avoid creating an empty file.
-
- Closes #2529
-
-- strcpy_url: only %-encode values >= 0x80
-
- OSS-Fuzz detected
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000
-
- Broke in dd7521bcc1b7
-
-- mime: avoid NULL pointer dereference risk
-
- Coverity detected, CID 1435120
-
- Closes #2527
-
-- [Stephan Mühlstrasser brought this change]
-
- ctype: restore character classification for non-ASCII platforms
-
- With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
- character classification macros and functions were introduced in
- curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
- non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
- of character classification macros when CURL_DOES_CONVERSIONS is
- defined.
-
- Closes #2494
-
-- ftplistparser: keep state between invokes
-
- Fixes FTP wildcard parsing when done over a number of read buffers.
-
- Regression from f786d1f14
-
- Reported-by: wncboy on github
- Fixes #2445
- Closes #2526
-
-- examples/http2-upload: expand buffer to avoid silly warning
-
- http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated
- writing between 2 and 11 bytes into a region of size between 8 and 17
-
-- examples/sftpuploadresume: typecast fseek argument to long
-
- /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long
- int' from 'curl_off_t {aka long long int}' may alter its value
-
-- Revert "ftplistparser: keep state between invokes"
-
- This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934.
-
- Caused fuzzer problems on travis not seen when this was a PR!
-
-- Curl_memchr: zero length input can't match
-
- Avoids undefined behavior.
-
- Reported-by: Geeknik Labs
-
-- ftplistparser: keep state between invokes
-
- Fixes FTP wildcard parsing when doing over a number of read buffers.
-
- Regression from f786d1f14
-
- Reported-by: wncboy on github
- Fixes #2445
- Closes #2519
-
-- ftplistparser: renamed some members and variables
-
- ... to make them better spell out what they're for.
-
-- RELEASE-NOTES: synced
-
-- [Christian Schmitz brought this change]
-
- curl_global_sslset: always provide available backends
-
- Closes #2499
-
-- http2: convert an assert to run-time check
-
- Fuzzing has proven we can reach code in on_frame_recv with status_code
- not having been set, so let's detect that in run-time (instead of with
- assert) and error error accordingly.
-
- (This should no longer happen with the latest nghttp2)
-
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
- Closes #2514
-
-- curl.1: clarify that options and URLs can be mixed
-
- Fixes #2515
- Closes #2517
-
-Jay Satiro (23 Apr 2018)
-- [Archangel_SDY brought this change]
-
- CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
-
- Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780
-
- Closes https://github.com/curl/curl/pull/2504
-
-- [Archangel_SDY brought this change]
-
- schannel: fix build error on targets <= XP
-
- - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't
- support the latter.
-
- Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668
-
- Closes https://github.com/curl/curl/pull/2504
-
-Daniel Stenberg (23 Apr 2018)
-- Revert "ftplistparser: keep state between invokes"
-
- This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9.
-
- Unfortunately this fix introduces memory leaks I've not been able to fix
- in several days. Reverting this for now to get the leaks fixed.
-
-Jay Satiro (21 Apr 2018)
-- tool_help: clarify --max-time unit of time is seconds
-
- Before:
- -m, --max-time <time> Maximum time allowed for the transfer
-
- After:
- -m, --max-time <seconds> Maximum time allowed for the transfer
-
-Daniel Stenberg (20 Apr 2018)
-- http2: handle GOAWAY properly
-
- When receiving REFUSED_STREAM, mark the connection for close and retry
- streams accordingly on another/fresh connection.
-
- Reported-by: Terry Wu
- Fixes #2416
- Fixes #1618
- Closes #2510
-
-- http2: clear the "drain counter" when a stream is closed
-
- This fixes the notorious "httpc->drain_total >= data->state.drain"
- assert.
-
- Reported-by: Anders Bakken
-
- Fixes #1680
- Closes #2509
-
-- http2: avoid strstr() on data not zero terminated
-
- It's not strictly clear if the API contract allows us to call strstr()
- on a string that isn't zero terminated even when we know it will find
- the substring, and clang's ASAN check dislikes us for it.
-
- Also added a check of the return code in case it fails, even if I can't
- think of a situation how that can trigger.
-
- Detected by OSS-Fuzz
- Closes #2513
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
-
-- [Stephan Mühlstrasser brought this change]
-
- openssl: fix subjectAltName check on non-ASCII platforms
-
- Curl_cert_hostcheck operates with the host character set, therefore the
- ASCII subjectAltName string retrieved with OpenSSL must be converted to
- the host encoding before comparison.
-
- Closes #2493
-
-Jay Satiro (20 Apr 2018)
-- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages
-
- - Support handling verbose-mode trace messages of type
- SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
- SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
- SSL3_MT_MESSAGE_HASH
-
- Reported-by: iz8mbw@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/2403
-
-Daniel Stenberg (19 Apr 2018)
-- ftplistparser: keep state between invokes
-
- Regression from f786d1f14
-
- Reported-by: wncboy on github
- Fixes #2445
- Closes #2508
-
-- detect_proxy: only show proxy use if it had contents
-
-- http2: handle on_begin_headers() called more than once
-
- This triggered an assert if called more than once in debug mode (and a
- memory leak if not debug build). With the right sequence of HTTP/2
- headers incoming it can happen.
-
- Detected by OSS-Fuzz
-
- Closes #2507
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
-
-Jay Satiro (18 Apr 2018)
-- [Dan McNulty brought this change]
-
- schannel: add support for CURLOPT_CAINFO
-
- - Move verify_certificate functionality in schannel.c into a new
- file called schannel_verify.c. Additionally, some structure defintions
- from schannel.c have been moved to schannel.h to allow them to be
- used in schannel_verify.c.
-
- - Make verify_certificate functionality for Schannel available on
- all versions of Windows instead of just Windows CE. verify_certificate
- will be invoked on Windows CE or when the user specifies
- CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
-
- - In verify_certificate, create a custom certificate chain engine that
- exclusively trusts the certificate store backed by the CURLOPT_CAINFO
- file.
-
- - doc updates of --cacert/CAINFO support for schannel
-
- - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
- when available. This implements a TODO in schannel.c to improve
- handling of multiple SANs in a certificate. In particular, all SANs
- will now be searched instead of just the first name.
-
- - Update tool_operate.c to not search for the curl-ca-bundle.crt file
- when using Schannel to maintain backward compatibility. Previously,
- any curl-ca-bundle.crt file found in that search would have been
- ignored by Schannel. But, with CAINFO support, the file found by
- that search would have been used as the certificate store and
- could cause issues for any users that have curl-ca-bundle.crt in
- the search path.
-
- - Update url.c to not set the build time CURL_CA_BUNDLE if the selected
- SSL backend is Schannel. We allow setting CA location for schannel
- only when explicitly specified by the user via CURLOPT_CAINFO /
- --cacert.
-
- - Add new test cases 3000 and 3001. These test cases check that the first
- and last SAN, respectively, matches the connection hostname. New test
- certificates have been added for these cases. For 3000, the certificate
- prefix is Server-localhost-firstSAN and for 3001, the certificate
- prefix is Server-localhost-secondSAN.
-
- - Remove TODO 15.2 (Add support for custom server certificate
- validation), this commit addresses it.
-
- Closes https://github.com/curl/curl/pull/1325
-
-- schannel: fix warning
-
- - Fix warning 'integer from pointer without a cast' on 3rd arg in
- CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
- type of the same size.
-
- Follow-up to e35b025.
-
- Caught by Marc's CI builds.
-
-- [Jakub Wilk brought this change]
-
- docs: fix typos
-
- Closes https://github.com/curl/curl/pull/2503
-
-Daniel Stenberg (17 Apr 2018)
-- RELEASE-NOTES: synced
-
-Jay Satiro (17 Apr 2018)
-- [Kees Dekker brought this change]
-
- winbuild: Support custom devel paths for each dependency
-
- - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
- OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
- NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.
-
- - Use lib.exe for making the static library instead of link.exe /lib.
- The latter is undocumented and could cause problems as noted in the
- comments.
-
- - Remove a dangling URL that no longer worked. (I was not able to find
- the IDN download at MSDN/microsoft.com, so it seems to be removed.)
-
- - Remove custom override for release-ssh2-ssl-dll-zlib configuration.
- Nobody knows why it was there and as far as we can see is unnecessary.
-
- Closes https://github.com/curl/curl/pull/2474
-
-Daniel Stenberg (17 Apr 2018)
-- [Jess brought this change]
-
- README.md: add backers and sponsors
-
- Closes #2484
-
-- [Archangel_SDY brought this change]
-
- schannel: add client certificate authentication
-
- Users can now specify a client certificate in system certificates store
- explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`
-
- Closes #2376
-
-Marcel Raad (16 Apr 2018)
-- [toughengineer brought this change]
-
- ntlm_sspi: fix authentication using Credential Manager
-
- If you pass empty user/pass asking curl to use Windows Credential
- Storage (as stated in the docs) and it has valid credentials for the
- domain, e.g.
- curl -v -u : --ntlm example.com
- currently authentication fails.
- This change fixes it by providing proper SPN string to the SSPI API
- calls.
-
- Fixes https://github.com/curl/curl/issues/1622
- Closes https://github.com/curl/curl/pull/1660
-
-Daniel Stenberg (16 Apr 2018)
-- configure: keep LD_LIBRARY_PATH changes local
-
- ... only set it when we actually have to run tests to reduce its impact
- on for example build commands etc.
-
- Fixes #2490
- Closes #2492
-
- Reported-by: Dmitry Mikhirev
-
-Marcel Raad (16 Apr 2018)
-- urldata: make service names unconditional
-
- The ifdefs have become quite long. Also, the condition for the
- definition of CURLOPT_SERVICE_NAME and for setting it from
- CURLOPT_SERVICE_NAME have diverged. We will soon also need the two
- options for NTLM, at least when using SSPI, for
- https://github.com/curl/curl/pull/1660.
- Just make the definitions unconditional to make that easier.
-
- Closes https://github.com/curl/curl/pull/2479
-
-Daniel Stenberg (16 Apr 2018)
-- test1148: tolerate progress updates better
-
- Fixes #2446
- Closes #2488
-
-- [Christian Schmitz brought this change]
-
- ssh: show libSSH2 error code when closing fails
-
- Closes #2500
-
-Jay Satiro (15 Apr 2018)
-- [Daniel Gustafsson brought this change]
-
- vauth: Fix typo
-
- Address various spellings of "credentials".
-
- Closes https://github.com/curl/curl/pull/2496
-
-- [Dagobert Michelsen brought this change]
-
- system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
-
- With specific compiler options selecting the arch like -xarch=sparc on
- newer compilers like Oracle Studio 12.4 there is no definition of
- __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the
- 32ÎíÎñbit subset defined by the V8plus ISA specification, without the
- Visual Instruction Set (VIS), and without other implementation-specific
- ISA extensions. So it should be the same as __sparcv8.
-
- Closes https://github.com/curl/curl/pull/2491
-
-- [Daniel Gustafsson brought this change]
-
- checksrc: Fix typo
-
- Fix typo in "semicolon" spelling and remove stray tab character.
-
- Closes https://github.com/curl/curl/pull/2498
-
-- [Daniel Gustafsson brought this change]
-
- all: Refactor malloc+memset to use calloc
-
- When a zeroed out allocation is required, use calloc() rather than
- malloc() followed by an explicit memset(). The result will be the
- same, but using calloc() everywhere increases consistency in the
- codebase and avoids the risk of subtle bugs when code is injected
- between malloc and memset by accident.
-
- Closes https://github.com/curl/curl/pull/2497
-
-Daniel Stenberg (12 Apr 2018)
-- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too
-
- Verified in test 1502 now
-
- Fixes #2485
- Closes #2486
- Reported-by: Ernst Sjöstrand
-
-- mailmap: add a monnerat fixup [ci skip]
-
-- proxy: show getenv proxy use in verbose output
-
- ... to aid debugging etc as it sometimes isn't immediately obvious why
- curl uses or doesn't use a proxy.
-
- Inspired by #2477
-
- Closes #2480
-
-- travis: build libpsl and make builds use it
-
- closes #2471
-
-- travis: bump to clang 6 and gcc 7
-
- Extra-eye-on-this-by: Marcel Raad
-
- Closes #2478
-
-Marcel Raad (10 Apr 2018)
-- travis: use trusty for coverage build
-
- This works now and precise is in the process of being decommissioned.
-
- Closes https://github.com/curl/curl/pull/2476
-
-- lib: silence null-dereference warnings
-
- In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings
- when dereferencing pointers after DEBUGASSERT-ing that they are not
- NULL.
- Fix this by removing the DEBUGASSERTs.
-
- Suggested-by: Daniel Stenberg
- Ref: https://github.com/curl/curl/pull/2463
-
-- [Kees Dekker brought this change]
-
- winbuild: fix URL
-
- Follow up on https://github.com/curl/curl/pull/2472.
- Now using en-us instead of nl-nl as language code in the URL.
-
- Closes https://github.com/curl/curl/pull/2475
-
-Daniel Stenberg (9 Apr 2018)
-- [Kees Dekker brought this change]
-
- winbuild: updated the documentation
-
- The setenv command no longer exists and visual studio build prompts got
- changed. Used Visual Studio 2015/2017 as reference.
-
- Closes #2472
-
-- test1136: fix cookie order after commit c990eadd1277
-
-- build: cleanup to fix clang warnings/errors
-
- unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
- cast from integer to pointer is a GNU extension
-
- Reported-by: Rikard Falkeborn
-
- Fixes #2466
- Closes #2468
-
-Jay Satiro (7 Apr 2018)
-- examples/sftpuploadresmue: Fix Windows large file seek
-
- - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.
-
- - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
- curl_off_t.
-
- Caught by Marc's CI builds.
-
-Daniel Stenberg (7 Apr 2018)
-- curl_setup: provide a CURL_SA_FAMILY_T type if none exists
-
- ... and use this type instead of 'sa_family_t' in the code since several
- platforms don't have it.
-
- Closes #2463
-
-- [Eric Gallager brought this change]
-
- build: add picky compiler warning flags for gcc 6 and 7
-
-- configure: detect sa_family_t
-
-Jay Satiro (7 Apr 2018)
-- [Stefan Agner brought this change]
-
- tool_operate: Fix retry on FTP 4xx to ignore other protocols
-
- Only treat response code as FTP response codes in case the
- protocol type is FTP.
-
- This fixes an issue where an HTTP download was treated as FTP
- in case libcurl returned with 33. This happens when the
- download has already finished and the server responses 416:
- HTTP/1.1 416 Requested Range Not Satisfiable
-
- This should not be treated as an FTP error.
-
- Fixes #2464
- Closes #2465
-
-Daniel Stenberg (6 Apr 2018)
-- hash: calculate sizes with size_t instead of longs
-
- ... since they return size_t anyway!
-
- closes #2462
-
-- RELEASE-NOTES: synced
-
-- [Jay Satiro brought this change]
-
- build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
-
- .. and do the same for build-wolfssl.bat.
-
- Because MS calls it VC14.1.
-
- Closes https://github.com/curl/curl/pull/2189
-
-- [Kees Dekker brought this change]
-
- winbuild: make the clean target work without build-type
-
- Due to the check in Makefile.vc and MakefileBuild.vc, no make call can
- be invoked unless a build-type was specified. However, a clean target
- only existed when a build type was specified. As a result, the clean
- target was unreachable. Made clean target unconditional.
-
- Closes #2455
-
-- [patelvivekv1993 brought this change]
-
- build-openssl.bat: allow custom paths for VS and perl
-
- Fixes #2430
- Closes #2457
-
-- [Laurie Clark-Michalek brought this change]
-
- FTP: allow PASV on IPv6 connections when a proxy is being used
-
- In the situation of a client connecting to an FTP server using an IPv6
- tunnel proxy, the connection info will indicate that the connection is
- IPv6. However, because the server behing the proxy is IPv4, it is
- permissable to attempt PSV mode. In the case of the FTP server being
- IPv4 only, EPSV will always fail, and with the current logic curl will
- be unable to connect to the server, as the IPv6 fwdproxy causes curl to
- think that EPSV is impossible.
-
- Closes #2432
-
-- [Jon DeVree brought this change]
-
- file: restore old behavior for file:////foo/bar URLs
-
- curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC
- 8089 but then returns an error saying this is unimplemented. This is
- actually a regression in behavior on both Windows and Unix.
-
- Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and
- then passed to the relevant OS API. This means that the behavior of this
- case is actually OS dependent.
-
- The Unix path resolution rules say that the OS must handle swallowing
- the extra "/" and so this path is the same as "/foo/bar"
-
- The Windows path resolution rules say that this is a UNC path and
- automatically handles the SMB access for the program. So curl on Windows
- was already doing Appendix E.3.2 without any special code in curl.
-
- Regression
-
- Closes #2438
-
-- [Gaurav Malhotra brought this change]
-
- Revert "openssl: Don't add verify locations when verifypeer==0"
-
- This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb.
-
- libcurl (with the OpenSSL backend) performs server certificate verification
- even if verifypeer == 0 and the verification result is available using
- CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
- CURLINFO_SSL_VERIFYRESULT to not have useful information for the
- verifypeer == 0 use case (it would always have
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).
-
- Closes #2451
-
-- [Wyatt O'Day brought this change]
-
- tls: fix mbedTLS 2.7.0 build + handle sha256 failures
-
- (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)
-
- Closes #2453
-
-- [Lauri Kasanen brought this change]
-
- cookie: case-insensitive hashing for the domains
-
- closes #2458
-
-Patrick Monnerat (4 Apr 2018)
-- cookie: fix and optimize 2nd top level domain name extraction
-
- This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
- is processed.
-
- test46 updated to cover this case.
-
- Follow-up to commit c990ead.
-
- Ref: https://github.com/curl/curl/pull/2440
-
-Daniel Stenberg (4 Apr 2018)
-- openssl: provide defines for argument typecasts to build warning-free
-
- ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.
-
-- [Bernard Spil brought this change]
-
- openssl: fix build with LibreSSL 2.7
-
- - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
-
- Fixes #2319
- Closes #2447
- Closes #2448
-
- Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
-
-- [Lauri Kasanen brought this change]
-
- cookie: store cookies per top-level-domain-specific hash table
-
- This makes libcurl handle thousands of cookies much better and speedier.
-
- Closes #2440
-
-- [Lauri Kasanen brought this change]
-
- cookies: when reading from a file, only remove_expired once
-
- This drops the cookie load time for 8k cookies from 178ms to 15ms.
-
- Closes #2441
-
-- test1148: set a fixed locale for the test
-
- ...as otherwise it might use a different decimal sign.
-
- Bug: #2436
- Reported-by: Oumph on github
-
-Jay Satiro (31 Mar 2018)
-- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
-
- - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf.
-
- For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar.
-
- Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html
- Reported-by: David L.
-
-Sergei Nikulov (27 Mar 2018)
-- [Michał Janiszewski brought this change]
-
- cmake: Add advapi32 as explicit link library for win32
-
- ARM targets need advapi32 explicitly.
-
- Closes #2363
-
-Daniel Stenberg (27 Mar 2018)
-- TODO: connection cache sharing is now supporte
-
-Jay Satiro (26 Mar 2018)
-- travis: enable apt retry on fail
-
- This is a workaround for an unsolved travis issue that is causing CI
- instances to sporadically fail due to 'unable to connect' issues during
- apt stage.
-
- Ref: https://github.com/travis-ci/travis-ci/issues/8507
- Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909
-
-Michael Kaufmann (26 Mar 2018)
-- runtests.pl: fix warning 'use of uninitialized value'
-
- follow-up to a9a7b60
-
- Closes #2428
-
-Daniel Stenberg (24 Mar 2018)
-- gitignore: ignore more generated files
-
-- threaded resolver: track resolver time and set suitable timeout values
-
- In order to make curl_multi_timeout() return suitable "sleep" times even
- when there's no socket to wait for while the name is being resolved in a
- helper thread.
-
- It will increases the timeouts as time passes.
-
- Closes #2419
-
-- [Howard Chu brought this change]
-
- openldap: fix for NULL return from ldap_get_attribute_ber()
-
- Closes #2399
-
-GitHub (22 Mar 2018)
-- [Sergei Nikulov brought this change]
-
- travis-ci: enable -Werror for CMake builds (#2418)
-
-- [Sergei Nikulov brought this change]
-
- cmake: avoid warn-as-error during config checks (#2411)
-
- - Move the CURL_WERROR option processing after the configuration checks
- to avoid failures in case of warnings during the configuration checks.
-
- This is a partial fix for #2358
-
-- [Sergei Nikulov brought this change]
-
- timeval: remove compilation warning by casting (#2417)
-
- This is fixes #2358
-
-Daniel Stenberg (22 Mar 2018)
-- http2: read pending frames (including GOAWAY) in connection-check
-
- If a connection has received a GOAWAY frame while not being used, the
- function now reads frames off the connection before trying to reuse it
- to avoid reusing connections the server has told us not to use.
-
- Reported-by: Alex Baines
- Fixes #1967
- Closes #2402
-
-- [Bas van Schaik brought this change]
-
- CI: add lgtm.yml for tweaking lgtm.com analysis
-
- Closes #2414
-
-- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text
-
- Reported-by: Michal Trybus
-
- Fixes #2400
-
-- TODO: expand ~/ in config files
-
- Closes #2317
-
-- cookie.d: mention that "-" as filename means stdin
-
- Reported-by: Dongliang Mu
- Fixes #2410
-
-- CURLINFO_COOKIELIST.3: made the example not leak memory
-
- Reported-by: Muz Dima
-
-- vauth/cleartext: fix integer overflow check
-
- Make the integer overflow check not rely on the undefined behavior that
- a size_t wraps around on overflow.
-
- Detected by lgtm.com
- Closes #2408
-
-- lib/curl_path.h: add #ifdef header guard
-
- Detected by lgtm.com
-
-- vauth/ntlm.h: fix the #ifdef header guard
-
- Detected by lgtm.com
-
-Jay Satiro (20 Mar 2018)
-- examples/hiperfifo: checksrc compliance
-
-Daniel Stenberg (19 Mar 2018)
-- [Nikos Tsipinakis brought this change]
-
- parsedate: support UT timezone
-
- RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
- GMT.
-
- Closes #2401
-
-- RELEASE-NOTES: synced
-
-- [Don brought this change]
-
- cmake: add support for brotli
-
- Currently CMake cannot detect Brotli support. This adds detection of the
- libraries and associated header files. It also adds this to the
- generated config.
-
- Closes #2392
-
-- [Chris Araman brought this change]
-
- darwinssl: fix iOS build
-
-Patrick Monnerat (18 Mar 2018)
-- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES
-
-Daniel Stenberg (17 Mar 2018)
-- [Rick Deist brought this change]
-
- resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
-
- This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
- shuffling of IP addresses returned for a hostname when there is more
- than one. This is useful when the application knows that a round robin
- approach is appropriate and is willing to accept the consequences of
- potentially discarding some preference order returned by the system's
- implementation.
-
- Closes #1694
-
-- add_handle/easy_perform: clear errorbuffer on start if set
-
- To offer applications a more defined behavior, we clear the buffer as
- early as possible.
-
- Assisted-by: Jay Satiro
-
- Fixes #2190
- Closes #2377
-
-- [Lawrence Matthews brought this change]
-
- CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
-
- Add --haproxy-protocol for the command line tool
-
- Closes #2162
-
-- curl_version_info.3: fix ssl_version description
-
- Reported-by: Vincas Razma
- Fixes #2364
-
-- multi: improved pending transfers handling => improved performance
-
- When a transfer is requested to get done and it is put in the pending
- queue when limited by number of connections, total or per-host, libcurl
- would previously very aggressively retry *ALL* pending transfers to get
- them transferring. That was very time consuming.
-
- By reducing the aggressiveness in how pending are being retried, we
- waste MUCH less time on putting transfers back into pending again.
-
- Some test cases got a factor 30(!) speed improvement with this change.
-
- Reported-by: Cyril B
- Fixes #2369
- Closes #2383
-
-- pause: when changing pause state, update socket state
-
- Especially unpausing a transfer might have to move the socket back to the
- "currently used sockets" hash to get monitored. Otherwise it would never get
- any more data and get stuck. Easily triggered with pausing using the
- multi_socket API.
-
- Reported-by: Philip Prindeville
- Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
- Fixes #2393
- Closes #2391
-
-- [Philip Prindeville brought this change]
-
- examples/hiperfifo.c: improved
-
- * use member struct event’s instead of pointers to alloc’d struct
- events
-
- * simplify the cases for the mcode_or_die() function via macros;
-
- * make multi_timer_cb() actually do what the block comment says it
- should;
-
- * accept a “stop” command on the FIFO to shut down the service;
-
- * use cleaner notation for unused variables than the (void) hack;
-
- * allow following redirections (304’s);
-
-- rate-limit: use three second window to better handle high speeds
-
- Due to very frequent updates of the rate limit "window", it could
- attempt to rate limit within the same milliseconds and that then made
- the calculations wrong, leading to it not behaving correctly on very
- fast transfers.
-
- This new logic updates the rate limit "window" to be no shorter than the
- last three seconds and only updating the timestamps for this when
- switching between the states TOOFAST/PERFORM.
-
- Reported-by: 刘佩东
- Fixes #2386
- Closes #2388
-
-- [luz.paz brought this change]
-
- cleanup: misc typos in strings and comments
-
- Found via `codespell`
-
- Closes #2389
-
-- RELEASE-NOTES: toward 7.60.0
-
-- [Kobi Gurkan brought this change]
-
- http2: fixes typo
-
- Closes #2387
-
-- user-agent.d:: mention --proxy-header as well
-
- Bug: https://github.com/curl/curl/issues/2381
-
-- transfer: make HTTP without headers count correct body size
-
- This is what "HTTP/0.9" basically looks like.
-
- Reported on IRC
-
- Closes #2382
-
-- test1208: marked flaky
-
- It fails somewhere between every 3rd to 10th travis-CI run
-
-- SECURITY-PROCESS: mention how we write/add advisories
-
-- [dasimx brought this change]
-
- FTP: fix typo in recursive callback detection for seeking
-
- Fixes #2380
-
-Version 7.59.0 (13 Mar 2018)
-
-Daniel Stenberg (13 Mar 2018)
-- release: 7.59.0
-
-Kamil Dudka (13 Mar 2018)
-- tests/.../spnego.py: fix identifier typo
-
- Detected by Coverity Analysis:
-
- Error: IDENTIFIER_TYPO:
- curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
- * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
- * Identifier "SupportedMech" is referenced elsewhere at least 4 times.
- curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
- curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
- curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
- curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?
-
- Closes #2379
-
-Daniel Stenberg (13 Mar 2018)
-- CURLOPT_COOKIEFILE.3: "-" as file name means stdin
-
- Reported-by: Aron Bergman
- Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html
-
- [ci skip]
-
-- Revert "hostip: fix compiler warning: 'variable set but not used'"
-
- This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
-
- The assignment really needs to be there or we risk working with an
- uninitialized pointer.
-
-Michael Kaufmann (12 Mar 2018)
-- limit-rate: fix compiler warning
-
- follow-up to 72a0f62
-
-Viktor Szakats (12 Mar 2018)
-- checksrc.pl: add -i and -m options
-
- To sync it with changes made for the libssh2 project.
- Also cleanup some whitespace.
-
-- curl-openssl.m4: fix spelling [ci skip]
-
-- FAQ: fix a broken URL [ci skip]
-
-Daniel Stenberg (12 Mar 2018)
-- http2: mark the connection for close on GOAWAY
-
- ... don't consider it an error!
-
- Assisted-by: Jay Satiro
- Reported-by: Łukasz Domeradzki
- Fixes #2365
- Closes #2375
-
-- credits: Viktor prefers without accent
-
-- openldap: white space changes, fixed up the copyright years
-
-- openldap: check ldap_get_attribute_ber() results for NULL before using
-
- CVE-2018-1000121
- Reported-by: Dario Weisser
- Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
-
-- FTP: reject path components with control codes
-
- Refuse to operate when given path components featuring byte values lower
- than 32.
-
- Previously, inserting a %00 sequence early in the directory part when
- using the 'singlecwd' ftp method could make curl write a zero byte
- outside of the allocated buffer.
-
- Test case 340 verifies.
-
- CVE-2018-1000120
- Reported-by: Duy Phan Thanh
- Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
-
-- readwrite: make sure excess reads don't go beyond buffer end
-
- CVE-2018-1000122
- Bug: https://curl.haxx.se/docs/adv_2018-b047.html
-
- Detected by OSS-fuzz
-
-- BUGS: updated link to security process
-
-- limit-rate: kick in even before "limit" data has been received
-
- ... and make sure to avoid integer overflows with really large values.
-
- Reported-by: 刘佩东
- Fixes #2371
- Closes #2373
-
-- docs/SECURITY.md -> docs/SECURITY-PROCESS.md
-
-- SECURITY.md: call it the security process
-
-Michael Kaufmann (11 Mar 2018)
-- Curl_range: fix FTP-only and FILE-only builds
-
- follow-up to e04417d
-
-- hostip: fix compiler warning: 'variable set but not used'
-
-Daniel Stenberg (11 Mar 2018)
-- HTTP: allow "header;" to replace an internal header with a blank one
-
- Reported-by: Michael Kaufmann
- Fixes #2357
- Closes #2362
-
-- http2: verbose output new MAX_CONCURRENT_STREAMS values
-
- ... as it is interesting for many users.
-
-- SECURITY: distros' max embargo time is 14 days now
-
-Patrick Monnerat (8 Mar 2018)
-- curl tool: accept --compressed also if Brotli is enabled and zlib is not.
-
-Daniel Stenberg (5 Mar 2018)
-- THANKS + mailmap: remove duplicates, fixup full names
-
-- [sergii.kavunenko brought this change]
-
- WolfSSL: adding TLSv1.3
-
- Closes #2349
-
-- RELEASE-NOTES/THANKS: synced with cc1d4c505
-
-- [Richard Alcock brought this change]
-
- winbuild: prefer documented zlib library names
-
- Check for existence of import and static libraries with documented names
- and use them if they do. Fallback to previous names.
-
- According to
- https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on
- Windows, the names of the import library is "zdll.lib" and static
- library is "zlib.lib".
-
- closes #2354
-
-Marcel Raad (4 Mar 2018)
-- krb5: use nondeprecated functions
-
- gss_seal/gss_unseal have been deprecated in favor of
- gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first
- version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June
- 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and
- "GSS_Unwrap() (formerly GSS_Unseal())".
-
- Use the nondeprecated functions to avoid deprecation warnings.
-
- [1] https://tools.ietf.org/html/rfc2078
- [2] https://tools.ietf.org/html/rfc1964
-
- Closes https://github.com/curl/curl/pull/2356
-
-Daniel Stenberg (4 Mar 2018)
-- curl.1: mention how to add numerical IP addresses in NO_PROXY
-
-- CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addresses
-
-- NO_PROXY: fix for IPv6 numericals in the URL
-
- Added test 1265 that verifies.
-
- Reported-by: steelman on github
- Fixes #2353
- Closes #2355
-
-- build: get CFLAGS (including -werror) used for examples and tests
-
- ... so that the CI and more detects compiler warnings/errors properly!
-
- Closes #2337
-
-Marcel Raad (3 Mar 2018)
-- curl_ctype: fix macro redefinition warnings
-
- On MinGW and Cygwin, GCC and clang have been complaining about macro
- redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this
- by undefining the macros before redefining them as suggested in
- https://github.com/curl/curl/pull/2269.
-
- Suggested-by: Daniel Stenberg
-
-Dan Fandrich (2 Mar 2018)
-- unit1307: proper cleanup on OOM to fix torture tests
-
-Marcel Raad (28 Feb 2018)
-- unit1309: fix warning on Windows x64
-
- When targeting x64, MinGW-w64 complains about conversions between
- 32-bit long and 64-bit pointers. Fix this by reusing the
- GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic
- from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST /
- CURLX_INTEGER_TO_POINTER_CAST.
-
- Closes https://github.com/curl/curl/pull/2341
-
-- travis: update compiler versions
-
- Update clang to version 3.9 and GCC to version 6.
-
- Closes https://github.com/curl/curl/pull/2345
-
-Daniel Stenberg (26 Feb 2018)
-- docs/MANUAL: formfind.pl is not accessible on the site anymore
-
- Fixes #2342
-
-Jay Satiro (24 Feb 2018)
-- curl-openssl.m4: Fix version check for OpenSSL 1.1.1
-
- - Add OpenSSL 1.1.1 to the header/library version lists.
-
- - Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark,
- which was added in that version.
-
- Prior to this change an erroneous header/library mismatch was caused by
- lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1.
-
-Viktor Szakats (23 Feb 2018)
-- lib655: silence compiler warning
-
- Closes https://github.com/curl/curl/pull/2335
-
-- spelling fixes
-
- Detected using the `codespell` tool.
-
- Also contains one URL protocol upgrade.
-
- Closes https://github.com/curl/curl/pull/2334
-
-Daniel Stenberg (24 Feb 2018)
-- projects/README: remove reference to dead IDN link/package
-
- Reported-by: Stefan Kanthak and Rod Widdowson
-
- Fixes #2325
-
-Jay Satiro (23 Feb 2018)
-- [Rod Widdowson brought this change]
-
- winbuild: Use macros for the names of some build utilities
-
- - Add macros to the top of the makefile for rc and mt utilities so that
- it is easier to change their locations.
-
- Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html
- Reported-by: Stefan Kanthak
-
- Closes https://github.com/curl/curl/issues/2329
-
-Daniel Stenberg (23 Feb 2018)
-- TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2
-
-- curl_share_setopt.3: connection cache is shared within multi handles
-
-Jay Satiro (22 Feb 2018)
-- [Rod Widdowson brought this change]
-
- winbuild: Use CALL to run batch scripts
-
- Co-authored-by: Stefan Kanthak
-
- Closes https://github.com/curl/curl/issues/2330
- Closes https://github.com/curl/curl/pull/2331
-
-Patrick Monnerat (22 Feb 2018)
-- os400: add curl_resolver_start_callback type to ILE/RPG binding
-
-Daniel Stenberg (22 Feb 2018)
-- form.d: rephrased somewhat, added two example command lines
-
-Jay Satiro (21 Feb 2018)
-- [Francisco Sedano brought this change]
-
- url: Add option CURLOPT_RESOLVER_START_FUNCTION
-
- - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that
- will be called every time before a new resolve request is started
- (ie before a host is resolved) with a pointer to backend-specific
- resolver data. Currently this is only useful for ares.
-
- - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to
- pass to the resolver start callback.
-
- Closes https://github.com/curl/curl/pull/2311
-
-- lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
-
- - In keeping with the naming of our other connect timeout options rename
- CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.
-
- This change adds the _MS suffix since the option expects milliseconds.
- This is more intuitive for our users since other connect timeout options
- that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
- CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.
-
- The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.
-
- Follow-up to 2427d94 which added the lib and tool option yesterday.
-
- Ref: https://github.com/curl/curl/pull/2260
-
-Patrick Monnerat (21 Feb 2018)
-- sasl: prefer PLAIN mechanism over LOGIN
-
- SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says
- PLAIN should be used instead if available.
-
-Daniel Stenberg (21 Feb 2018)
-- RELEASE-NOTES: synced with 2427d94c6
-
-Jay Satiro (20 Feb 2018)
-- [Anders Bakken brought this change]
-
- url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT
-
- - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
- eyeball timeout value.
-
- - Add new optval macro CURL_HET_DEFAULT to represent the default happy
- eyeballs timeout value (currently 200 ms).
-
- - Add new tool option --happy-eyeballs-timeout-ms to expose
- CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
- other -timeout options in the tool expect seconds not milliseconds.
-
- Closes https://github.com/curl/curl/pull/2260
-
-- hostip: fix 'potentially uninitialized variable' warning
-
- Follow-up to 50d1b33.
-
- Caught by AppVeyor.
-
-Daniel Stenberg (20 Feb 2018)
-- TODO: warning if curl version is not in sync with libcurl version
-
-Jay Satiro (20 Feb 2018)
-- [Anders Bakken brought this change]
-
- CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
-
- This enables users to preresolve but still take advantage of happy
- eyeballs and trying multiple addresses if some are not connecting.
-
- Ref: https://github.com/curl/curl/pull/2260
-
-Daniel Stenberg (20 Feb 2018)
-- [Sergio Borghese brought this change]
-
- examples/sftpuploadresume: resume upload via CURLOPT_APPEND
-
- URL: https://curl.haxx.se/mail/lib-2018-02/0072.html
-
-- curl --version: show PSL if the run-time lib has it enabled
-
- ... not of the #define was set at build-time!
-
-- TODO: "Support in-memory certs/ca certs/keys"
-
- removed SSLKEYLOGFILE support (fixed)
-
- removed "consider SSL patches" (outdated)
-
- Closes #2310
-
-- CURLOPT_HEADER.3: clarify problems with different data sizes
-
-- test1556: verify >16KB headers to the header callback
-
-- header callback: don't chop headers into smaller pieces
-
- Reported-by: Guido Berhoerster
- Fixes #2314
- Closes #2316
-
-- test1154: verify that long HTTP headers get rejected
-
-- http: fix the max header length detection logic
-
- Previously, it would only check for max length if the existing alloc
- buffer was to small to fit it, which often would make the header still
- get used.
-
- Reported-by: Guido Berhoerster
- Bug: https://curl.haxx.se/mail/lib-2018-02/0056.html
-
- Closes #2315
-
-- CURLOPT_HEADERFUNCTION.3: fix typo from d939226813
-
- Reported-by: Erik Johansson
- Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495
-
-- CURLOPT_HEADERFUNCTION.3: mention folded headers
-
-- TODO: 1.1 Option to refuse usernames in URLs
-
- Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas.
-
-- TODO: 1.7 Support HTTP/2 for HTTP(S) proxies
-
-- ssh: add two missing state names
-
- The list of state names (used in debug builds) was out of sync in
- relation to the list of states (used in all builds).
-
- I now added an assert to make sure the sizes of the two lists match, to
- aid in detecting this mistake better in the future.
-
- Regression since c92d2e14cf, shipped in 7.58.0.
-
- Reported-by: Somnath Kundu
-
- Fixes #2312
- Closes #2313
-
-- Revert "KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy"
-
- This reverts commit de9fac00c40db321d44fa6fbab6eb62ec4c83998.
-
- Reported-by: Jay Satiro
-
-Jay Satiro (15 Feb 2018)
-- non-ascii: fix implicit declaration warning
-
- Follow-up to b46cfbc.
-
- Caught by Travis CI.
-
-Daniel Stenberg (15 Feb 2018)
-- travis: add build with iconv enabled
-
- ... to verify it builds and works fine.
-
- Ref: https://curl.haxx.se/mail/lib-2017-09/0031.html
-
- Closes #1872
-
-- TODO: 18.18 retry on network is unreachable
-
- Closes #1603
-
-- KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy
-
- Closes #1254
-
-Kamil Dudka (15 Feb 2018)
-- nss: use PK11_CreateManagedGenericObject() if available
-
- ... so that the memory allocated by applications using libcurl does not
- grow per each TLS connection.
-
- Bug: https://bugzilla.redhat.com/1510247
-
- Closes #2297
-
-Daniel Stenberg (15 Feb 2018)
-- [Björn Stenberg brought this change]
-
- TODO fixed: Detect when called from within callbacks
-
- Closes #2302
-
-- BINDINGS: fix curb link (and remove ruby-curl-multi)
-
- Reported-by: Klaus Stein
-
-- curl_gssapi: make sure this file too uses our *printf()
-
-- libcurl-security.3: separate file:// section
-
- ... just to make it more apparent. Even if it repeats
- some pieces of information.
-
-- libcurl-security.3: the http://192.168.0.1/my_router_config case
-
- Mentioned-By: Rich Moore
-
-- libcurl-security.3: mention the URL standards problems too
-
-- libcurl-security.3: split out from libcurl-tutorial.3
-
- To make more accessible.
-
- Merged in some new language from "URLs are dangerous things" as discussed on
- the mailing list a few days ago:
-
- Bug: https://curl.haxx.se/mail/lib-2018-02/0013.html
-
-- RELEASE-NOTES: synced with e551910f8
-
-Patrick Monnerat (13 Feb 2018)
-- tests: new tests for http raw mode
-
- Test 319 checks proper raw mode data with non-chunked gzip
- transfer-encoded server data.
- Test 326 checks raw mode with chunked server data.
-
- Bug: #2303
- Closes #2308
-
-Kamil Dudka (12 Feb 2018)
-- tlsauthtype.d: works only if libcurl is built with TLS-SRP support
-
- Bug: https://bugzilla.redhat.com/1542256
-
- Closes #2306
-
-Patrick Monnerat (12 Feb 2018)
-- smtp: fix processing of initial dot in data
-
- RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command
- should be taken into account when chasing the <CRLF>.<CRLF> end marker.
- Thus a leading dot character in data is also subject to escaping.
-
- Tests 911 and test server are adapted to this situation.
- New tests 951 and 952 check proper handling of initial dot in data.
-
- Closes #2304
-
-Daniel Stenberg (12 Feb 2018)
-- sha256: avoid redefine
-
-- [Douglas Mencken brought this change]
-
- sha256: build with OpenSSL < 0.9.8 too
-
- support for SHA-2 was introduced in OpenSSL 0.9.8
-
- Closes #2305
-
-- [Bruno Grasselli brought this change]
-
- README: language fix
-
- s/off/from
-
- Closes #2300
-
-Patrick Monnerat (12 Feb 2018)
-- http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING on
-
- Bug: #2303
- Reported-By: Henry Roeland
-
-Daniel Stenberg (9 Feb 2018)
-- get_posix_time: only check for overflows if they can happen!
-
-Michael Kaufmann (9 Feb 2018)
-- schannel: fix "no previous prototype" compiler warning
-
-Jay Satiro (9 Feb 2018)
-- [Mohammad AlSaleh brought this change]
-
- content_encoding: Add "none" alias to "identity"
-
- Some servers return a "content-encoding" header with a non-standard
- "none" value.
-
- Add "none" as an alias to "identity" as a work-around, to avoid
- unrecognised content encoding type errors.
-
- Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
-
- Closes https://github.com/curl/curl/pull/2298
-
-Steve Holme (8 Feb 2018)
-- build-openssl.bat: Follow up to 648679ab8e to suppress copy/move output
-
-- build-openssl.bat: Fixed incorrect move if destination build folder exists
-
-Michael Kaufmann (8 Feb 2018)
-- schannel: fix compiler warnings
-
- Closes #2296
-
-Steve Holme (7 Feb 2018)
-- curl_addrinfo.c: Allow Unix Domain Sockets to compile under Windows
-
- Windows 10.0.17061 SDK introduces support for Unix Domain Sockets.
- Added the necessary include file to curl_addrinfo.c.
-
- Note: The SDK (which is considered beta) has to be installed, VS 2017
- project file has to be re-targeted for Windows 10.0.17061 and #define
- enabled in config-win32.h.
-
-Patrick Monnerat (7 Feb 2018)
-- fnmatch: optimize processing of consecutive *s and ?s pattern characters
-
- Reported-By: Daniel Stenberg
- Fixes #2291
- Closes #2293
-
-Steve Holme (6 Feb 2018)
-- build-openssl.bat/build-wolfssl.bat: Build platform is optional
-
- Whilst the compiler parameter is mandatory, platform is optional as it
- is automatically calculated by the :configure section.
-
- This partially reverts commit 6d62d2c55d.
-
-Daniel Stenberg (6 Feb 2018)
-- [Patrick Schlangen brought this change]
-
- openssl: Don't add verify locations when verifypeer==0
-
- When peer verification is disabled, calling
- SSL_CTX_load_verify_locations is not necessary. Only call it when
- verification is enabled to save resources and increase performance.
-
- Closes #2290
-
-Steve Holme (5 Feb 2018)
-- build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
-
- ...and not just the Community Edition.
-
-- build-openssl.bat: Extend VC15 support to include Enterprise and Professional
-
- ...and not just the Community Edition.
-
-Michael Kaufmann (5 Feb 2018)
-- time-cond: fix reading the file modification time on Windows
-
- On Windows, stat() may adjust the unix file time by a daylight saving time
- offset. Avoid this by calling GetFileTime() instead.
-
- Fixes #2164
- Closes #2204
-
-Daniel Stenberg (5 Feb 2018)
-- formdata: use the mime-content type function
-
- Reduce code duplication by making Curl_mime_contenttype available and
- used by the formdata function. This also makes the formdata function
- recognize a set of more file extensions by default.
-
- PR #2280 brought this to my attention.
-
- Closes #2282
-
-- getdate: return -1 for out of range
-
- ...as that's how the function is documented to work.
-
- Reported-by: Michael Kaufmann
- Bug found in an autobuild with 32 bit time_t
-
- Closes #2278
-
-- [Ben Greear brought this change]
-
- build: fix termios issue on android cross-compile
-
- Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html
- Signed-off-by: Ben Greear <greearb@candelatech.com>
-
-- time_t-fixes: remove typecasts to 'long' for info.filetime
-
- They're now wrong.
-
- Reported-by: Michael Kaufmann
-
- Closes #2277
-
-- curl_setup: move the precautionary define of SIZEOF_TIME_T
-
- ... up to before it may be used for the TIME_T_MAX/MIN logic.
-
- Reported-by: Michael Kaufmann
-
-- parsedate: s/#if/#ifdef
-
- Reported-by: Michael Kaufmann
- Bug: https://github.com/curl/curl/commit/1c39128d974666107fc6d9ea15f294036851f224#commitcomment-27246479
-
-Patrick Monnerat (31 Jan 2018)
-- fnmatch: pattern syntax can no longer fail
-
- Whenever an expected pattern syntax rule cannot be matched, the
- character starting the rule loses its special meaning and the parsing
- is resumed:
- - backslash at the end of pattern string matches itself.
- - Error in [:keyword:] results in set containing :\[dekorwy.
-
- Unit test 1307 updated for this new situation.
-
- Closes #2273
-
-- fnmatch: accept an alphanum to be followed by a non-alphanum in char set
-
- Also be more tolerant about set pattern syntax.
- Update unit test 1307 accordingly.
-
- Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html
-
-- fnmatch: do not match the empty string with a character set
-
-Jay Satiro (30 Jan 2018)
-- build: fix windows build methods for curl_ctype.c
-
- - Fix winbuild and the VS project generator to treat curl_ctype.{c,h} as
- curlx files since they are required by both src and lib.
-
- Follow-up to 4272a0b which added curl_ctype.
-
-Daniel Stenberg (30 Jan 2018)
-- progress-bar.d: update to match implementation
-
- ... since commit 993dd5651a6
-
- Reported-by: Martin Dreher
- Bug: https://github.com/curl/curl/pull/2242#issuecomment-361059228
-
- Closes #2271
-
-- http2: set DEBUG_HTTP2 to enable more HTTP/2 logging
-
- ... instead of doing it unconditionally in debug builds. It cluttered up
- the output a little too much.
-
-- [Max Dymond brought this change]
-
- file: Check the return code from Curl_range and bail out on error
-
-- [Max Dymond brought this change]
-
- Curl_range: add check to ensure "from <= to"
-
-- [Max Dymond brought this change]
-
- Curl_range: commonize FTP and FILE range handling
-
- Closes #2205
-
-- RELEASE-NOTES: synced with 811beab9f
-
-- curlver: next release will be 7.59.0
-
-- [Michał Janiszewski brought this change]
-
- curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
-
- Closes #2275
-
-- time: support > year 2038 time stamps for system with 32bit long
-
- ... with the introduction of CURLOPT_TIMEVALUE_LARGE and
- CURLINFO_FILETIME_T.
-
- Fixes #2238
- Closes #2264
-
-- curl_easy_reset: clear digest auth state
-
- Bug: https://curl.haxx.se/mail/lib-2018-01/0074.html
- Reported-by: Ruurd Beerstra
- Fixes #2255
- Closes #2272
-
-- [Adam Marcionek brought this change]
-
- winbuild: make linker generate proper PDB
-
- Link.exe requires /DEBUG to properly generate a full pdb file on release
- builds.
-
- Closes #2274
-
-- curl: add --proxy-pinnedpubkey
-
- To verify a proxy's public key. For when using HTTPS proxies.
-
- Fixes #2192
- Closes #2268
-
-- configure: set PATH_SEPARATOR to colon for PATH w/o separator
-
- The logic tries to figure out what the path separator in the $PATH
- variable is, but if there's only one directory in the $PATH it
- fails. This change make configure *guess* on colon instead of erroring
- out, simply because that is probably the more common character.
-
- PATH_SEPARATOR can always be set by the user to override the guessing.
-
- (tricky bug to reproduce, as in my case for example the configure script
- requires binaries in more than one directory so passing in a PATH with a
- single dir fails.)
-
- Reported-by: Earnestly on github
- Fixes #2202
- Closes #2265
-
-- curl_ctype: private is*() type macros and functions
-
- ... since the libc provided one are locale dependent in a way we don't
- want. Also, the "native" isalnum() (for example) works differently on
- different platforms which caused test 1307 failures on macos only.
-
- Closes #2269
-
-Marcel Raad (29 Jan 2018)
-- build: open VC15 projects with VS 2017
-
- Previously, they were opened with Visual Studio 2015 by default, which
- cannot build them.
-
-Daniel Stenberg (29 Jan 2018)
-- RELEASE-NOTES: synced with 094647fca
-
-- TODO: UTF-8 filenames in Content-Disposition
-
- Closes #1888
-
-- KNOWN_BUGS: DICT responses show the underlying protocol
-
- Closes #1809
-
-Jay Satiro (27 Jan 2018)
-- [Alessandro Ghedini brought this change]
-
- docs: fix typos in man pages
-
- Closes https://github.com/curl/curl/pull/2266
-
-Patrick Monnerat (26 Jan 2018)
-- lib555: drop text conversion and encode data as ascii codes
-
- If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs,
- giving a result that is different from what is expected.
- This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data
- to upload in ascii.
-
- Bug: https://github.com/curl/curl/pull/1872
-
-Daniel Stenberg (26 Jan 2018)
-- lib517: make variable static to avoid compiler warning
-
- ... with clang on macos
-
-Patrick Monnerat (26 Jan 2018)
-- lib544: sync ascii code data with textual data
-
- Data mismatch caused test 545 to fail when character encoding
- conversion is enabled.
-
- Bug: https://github.com/curl/curl/pull/1872
-
-Daniel Stenberg (25 Jan 2018)
-- [Travis Burtrum brought this change]
-
- GSKit: restore pinnedpubkey functionality
-
- inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37
-
- Closes #2263
-
-- [Dair Grant brought this change]
-
- darwinssl: Don't import client certificates into Keychain on macOS
-
- Closes #2085
-
-- configure: fix the check for unsigned time_t
-
- Assign the time_t variable negative value and then check if it is
- greater than zero, which will evaluate true for unsigned time_t but
- false for signed time_t.
-
-- parsedate: fix date parsing for systems with 32 bit long
-
- Make curl_getdate() handle dates before 1970 as well (returning negative
- values).
-
- Make test 517 test dates for 64 bit time_t.
-
- This fixes bug (3) mentioned in #2238
-
- Closes #2250
-
-- [McDonough, Tim brought this change]
-
- openssl: fix pinned public key build error in FIPS mode
-
- Here is a version that should work with all versions of openssl 0.9.7
- through 1.1.0.
-
- Links to the docs:
- https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html
- https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html
-
- At the very bottom of the 1.1.0 documentation there is a history section
- that states, " stack allocated EVP_MD_CTXs are no longer supported."
-
- If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a
- simple mapping can be used as described here:
- https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes
-
- Closes #2258
-
-- [Travis Burtrum brought this change]
-
- SChannel/WinSSL: Replace Curl_none_md5sum with Curl_schannel_md5sum
-
-- [Travis Burtrum brought this change]
-
- SChannel/WinSSL: Implement public key pinning
-
- Closes #1429
-
-- bump: towards 7.58.1
-
-- cookies: remove verbose "cookie size:" output
-
- It was once used for some debugging/verifying logic but should never have
- ended up in git!
-
-- TODO: hardcode the "localhost" addresses
-
-- TODO: CURL_REFUSE_CLEARTEXT
-
- An idea that popped up in discussions on twitter.
-
-- progress-bar: don't use stderr explicitly, use bar->out
-
- Reported-By: Gisle Vanem
- Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080
-
-GitHub (24 Jan 2018)
-- [Gisle Vanem brought this change]
-
- Fixes for MSDOS etc.
-
- djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not
- But djgpp seems the only choice for MSDOS anyway.
-
- PellesC do have a 'F_OK' defined in it's <unistd.h>.
-
- Update year in Copyright.
-
-- [Gisle Vanem brought this change]
-
- Fix small typo.
-
-Version 7.58.0 (23 Jan 2018)
-
-Daniel Stenberg (23 Jan 2018)
-- RELEASE: 7.58.0
-
-- [Gisle Vanem brought this change]
-
- progress-bar: get screen width on windows
-
-- test1454: --connect-to with IPv6 address w/o IPv6 support!
-
-- CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
-
- Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html
- Reported-by: John Hascall
-
- Closes #2257
-
-- docs: fix man page syntax to make test 1140 OK again
-
-- http: prevent custom Authorization headers in redirects
-
- ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
- curl already handles Authorization headers created internally.
-
- Note: this changes behavior slightly, for the sake of reducing mistakes.
-
- Added test 317 and 318 to verify.
-
- Reported-by: Craig de Stigter
- Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
-
-- curl: progress bar refresh, get width using ioctl()
-
- Get screen width from the environment variable COLUMNS first, if set. If
- not, use ioctl(). If nether works, assume 79.
-
- Closes #2242
-
- The "refresh" is for the -# output when no total transfer size is
- known. It will now only use a single updated line even for this case:
-
- The "-=O=-" ship moves when data is transferred. The four flying
- "hashes" move (on a sine wave) on each refresh, independent of data.
-
-- RELEASE-NOTES: synced with bb0ffcc36
-
-- libcurl-env.3: first take
-
-- TODO: two possible name resolver improvements
-
-- [Kartik Mahajan brought this change]
-
- http2: don't close connection when single transfer is stopped
-
- Fixes #2237
- Closes #2249
-
-- test558: fix for multissl builds
-
- vtls.c:multissl_init() might do a curl_free() call so strip that out to
- make this work with more builds. We just want to verify that
- memorytracking works so skipping one line is no harm.
-
-- examples/url2file.c: add missing curl_global_cleanup() call
-
- Reported-by: XhstormR on github
- Fixes #2245
-
-- [Michael Gmelin brought this change]
-
- SSH: Fix state machine for ssh-agent authentication
-
- In case an identity didn't match[0], the state machine would fail in
- state SSH_AUTH_AGENT instead of progressing to the next identity in
- ssh-agent. As a result, ssh-agent authentication only worked if the
- identity required happened to be the first added to ssh-agent.
-
- This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which
- stated that the "else" statement was required to prevent getting stuck
- in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
- interface I couldn't see how this could happen or reproduce it and I
- also couldn't find a more detailed description of the problem which
- would explain a test case to reproduce the problem this was supposed to
- fix.
-
- [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED
-
- Closes #2248
-
-- openssl: fix potential memory leak in SSLKEYLOGFILE logic
-
- Coverity CID 1427646.
-
-- openssl: fix the libressl build again
-
- Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is
- late OpenSSL version...
-
- Fixes #2246
- Closes #2247
-
- Reported-by: jungle-boogie on github
-
-- unit1307: test many wildcards too
-
-- curl_fnmatch: only allow 5 '*' sections in a single pattern
-
- ... to avoid excessive recursive calls. The number 5 is totally
- arbitrary and could be modified if someone has a good motivation.
-
-- ftp-wildcard: fix matching an empty string with "*[^a]"
-
- .... and avoid advancing the pointer to trigger an out of buffer read.
-
- Detected by OSS-fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
- Assisted-by: Max Dymond
-
-- SMB: fix numeric constant suffix and variable types
-
- 1. don't use "ULL" suffix since unsupported in older MSVC
- 2. use curl_off_t instead of custom long long ifdefs
- 3. make get_posix_time() not do unaligned data access
-
- Fixes #2211
- Closes #2240
- Reported-by: Chester Liu
-
-- [rouzier brought this change]
-
- CURLOPT_TCP_NODELAY.3: fix typo
-
- Closes #2239
-
-- smtp/pop3/imap_get_message: decrease the data length too...
-
- Follow-up commit to 615edc1f73 which was incomplete.
-
- Assisted-by: Max Dymond
- Detected by OSS-fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
-
-- openssl: enable SSLKEYLOGFILE support by default
-
- Fixes #2210
- Closes #2236
-
-Patrick Monnerat (14 Jan 2018)
-- mime: clone mime tree upon easy handle duplication.
-
- A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
- strongly bound to the handle: there is a pointer to the easy handle in
- each item of the mime tree and following the parent pointer list
- of mime items ends in a dummy part stored within the handle.
-
- Because of this binding, a mime tree cannot be shared between different
- easy handles, thus it needs to be cloned upon easy handle duplication.
-
- There is no way for the caller to get the duplicated mime tree
- handle: it is then set to be automatically destroyed upon freeing the
- new easy handle.
-
- New test 654 checks proper mime structure duplication/release.
-
- Add a warning note in curl_mime_data_cb() documentation about sharing
- user data between duplicated handles.
-
- Closes #2235
-
-- docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
-
-Daniel Stenberg (13 Jan 2018)
-- test395: HTTP with overflow Content-Length value
-
-- test394: verify abort of rubbish in Content-Length: value
-
-- test393: verify --max-filesize with excessive Content-Length
-
-- HTTP: bail out on negative Content-Length: values
-
- ... and make the max filesize check trigger if the value is too big.
-
- Updates test 178.
-
- Reported-by: Brad Spencer
- Fixes #2212
- Closes #2223
-
-Marcel Raad (13 Jan 2018)
-- [Dan Johnson brought this change]
-
- configure.ac: append extra linker flags instead of prepending them.
-
- Link order should list libraries after the libraries that use them,
- so when we're guessing that we might also need to add -ldl in order
- to use -lssl, we should add -ldl after -lssl.
-
- Closes https://github.com/curl/curl/pull/2234
-
-Daniel Stenberg (13 Jan 2018)
-- RELEASE-NOTES: synced with 6fa10c8fa
-
-Jay Satiro (13 Jan 2018)
-- setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
-
- Broken since f121575 (precedes 7.56.1).
-
- Bug: https://github.com/curl/curl/issues/2225
- Reported-by: cmfrolick@users.noreply.github.com
-
- Closes https://github.com/curl/curl/pull/2227
-
-Patrick Monnerat (13 Jan 2018)
-- setopt: reintroduce non-static Curl_vsetopt() for OS400 support
-
- This also upgrades ILE/RPG bindings with latest setopt options.
-
- Reported-By: jonrumsey on github
- Fixes #2230
- Closes #2233
-
-Jay Satiro (11 Jan 2018)
-- [Zhouyihai Ding brought this change]
-
- http2: fix incorrect trailer buffer size
-
- Prior to this change the stored byte count of each trailer was
- miscalculated and 1 less than required. It appears any trailer
- after the first that was passed to Curl_client_write would be truncated
- or corrupted as well as the size. Potentially the size of some
- subsequent trailer could be erroneously extracted from the contents of
- that trailer, and since that size is used by client write an
- out-of-bounds read could occur and cause a crash or be otherwise
- processed by client write.
-
- The bug appears to have been born in 0761a51 (precedes 7.49.0).
-
- Closes https://github.com/curl/curl/pull/2231
-
-- [Basuke Suzuki brought this change]
-
- easy: fix connection ownership in curl_easy_pause
-
- Before calling Curl_client_chop_write(), change the owner of connection
- to the current Curl_easy handle. This will fix the issue #2217.
-
- Fixes https://github.com/curl/curl/issues/2217
- Closes https://github.com/curl/curl/pull/2221
-
-Daniel Stenberg (9 Jan 2018)
-- [Dimitrios Apostolou brought this change]
-
- system.h: Additionally check __LONG_MAX__ for defining curl_off_t
-
- __SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
- in GCC 3.3.
-
- Closes #2216
-
-- COPYING: it's 2018!
-
-- progress: calculate transfer speed on milliseconds if possible
-
- to increase accuracy for quick transfers
-
- Fixes #2200
- Closes #2206
-
-Jay Satiro (7 Jan 2018)
-- scripts: allow all perl scripts to be run directly
-
- - Enable execute permission (chmod +x)
-
- - Change interpreter to /usr/bin/env perl
-
- Closes https://github.com/curl/curl/pull/2222
-
-- mail-rcpt.d: fix short-text description
-
-- build: remove HAVE_LIMITS_H check
-
- .. because limits.h presence isn't optional, it's required by C89.
-
- Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
-
- Closes https://github.com/curl/curl/pull/2215
-
-- openssl: fix memory leak of SSLKEYLOGFILE filename
-
- - Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
- initialization.
-
- Caught by ASAN.
-
-- Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
-
- This reverts commit c97648b55080343bb371522bf4233e94a2a13a99.
-
- SIZEOF_LONG should not be checked in system.h since that macro is only
- defined when building libcurl.
-
- Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
- Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
-
-Michael Kaufmann (30 Dec 2017)
-- test1554: improve the error handling
-
-- test1554: add global initialization and cleanup
-
-Daniel Stenberg (29 Dec 2017)
-- curl_version_info.3: call the argument 'age'
-
- Reported-by: Pete Lomax
- Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html
-
-Patrick Monnerat (27 Dec 2017)
-- [Mikalai Ananenka brought this change]
-
- brotli: data at the end of content can be lost
-
- Decoding loop implementation did not concern the case when all
- received data is consumed by Brotli decoder and the size of decoded
- data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
- For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
- can result in the loss of data at the end of content.
-
- Closes #2194
-
-Jay Satiro (26 Dec 2017)
-- examples/cacertinmem: ignore cert-already-exists error
-
- - Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
- since it's possible the cert may have already been loaded by libcurl.
-
- - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
- Instead have it direct the reader to this cacertinmem.c example.
-
- - Fix the CA certificate to use the right CA for example.com, Digicert.
-
- Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
- Reported-by: Thomas van Hesteren
-
- Closes https://github.com/curl/curl/pull/2182
-
-- [Gisle Vanem brought this change]
-
- tool_getparam: Support size modifiers for --max-filesize
-
- - Move the size modifier detection code from limit-rate to its own
- function so that it can also be used with max-filesize.
-
- Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.
-
- For example --max-filesize 1G
-
- Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html
-
- Closes https://github.com/curl/curl/pull/2179
-
-Steve Holme (22 Dec 2017)
-- build: Fixed incorrect script termination from commit ad1dc10e61
-
-- Makefile.vc: Added our standard copyright header
-
-- winbuild: Added support for VC15
-
-- build: Added Visual Studio 2017 project files
-
-- build-wolfssl.bat: Added support for VC15
-
-- build-openssl.bat: Added support for VC15
-
-Jay Satiro (22 Dec 2017)
-- [Dimitrios Apostolou brought this change]
-
- curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
-
- Closes https://github.com/curl/curl/pull/2186
-
-- [Mattias Fornander brought this change]
-
- examples/rtsp: fix error handling macros
-
- Closes https://github.com/curl/curl/pull/2185
-
-Patrick Monnerat (20 Dec 2017)
-- curl_easy_reset: release mime-related data.
-
- Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
- functions dealing with UserDefined structure contents.
- This avoids memory leakages on curl-generated part mime headers.
- New test 2073 checks this using the cli tool --next option: it
- triggers a valgrind error if bug is present.
-
- Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
- Reported-by: Martin Galvan
-
-- content_encoding: rework zlib_inflate
-
- - When zlib version is < 1.2.0.4, process gzip trailer before considering
- extra data as an error.
- - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
- and minimize corrupt data output.
- - Do not try to restart deflate decompression in raw mode if output has
- started or if the leading data is not available anymore.
- - New test 232 checks inflating raw-deflated content.
-
- Closes #2068
-
-- brotli: allow compiling with version 0.6.0.
-
- Some error codes were not yet defined in brotli 0.6.0: do not issue code
- for them in this case.
-
-Daniel Stenberg (13 Dec 2017)
-- CURLOPT_READFUNCTION.3: refer to argument with correct name
-
- Bug: #2175
-
- [ci skip]
-
-- rand: add a clang-analyzer work-around
-
- scan-build would warn on a potential access of an uninitialized
- buffer. I deem it a false positive and had to add this somewhat ugly
- work-around to silence it.
-
-- krb5: fix a potential access of uninitialized memory
-
- A scan-build warning.
-
-- conncache: fix a return code [regression]
-
- This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
- out by scan-build!
-
-- curl: support >256 bytes warning messsages
-
- Bug: #2174
-
-Michael Kaufmann (12 Dec 2017)
-- libssh: fix a syntax error in configure.ac
-
- Follow-up to c92d2e1
-
- Closes #2172
-
-Daniel Stenberg (12 Dec 2017)
-- examples/smtp-mail.c: use separate defines for options and mail
-
- ... to make it clearer that the options want address-only, while the
- headers in an email can also have the real name.
-
- Assisted-by: Sean MacLennan
-
-- THANKS: added missing names
-
- ... as I reran the contrithanks script after the mailmap name fixups.
-
-- mailmap: added/clarified several names
-
-- setopt: less *or equal* than INT_MAX/1000 should be fine
-
- ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
- CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.
-
- Reported-by: Dominik Hölzl
- Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html
-
- Closes #2173
-
-- [Dmitry Kostjuchenko brought this change]
-
- vtls: replaced getenv() with curl_getenv()
-
- Fixed undefined symbol of getenv() which does not exist when compiling
- for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
- curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
- is defined.
-
- Closes #2171
-
-- RELEASE-NOTES: synced with 3b9ea70ee
-
-- TODO: Expose tried IP addresses that failed
-
- Suggested-by: Rainer Canavan
-
- Closes #2126
-
-- curl.1: mention http:// and https:// as valid proxy prefixes
-
-- curl.1: documented two missing valid exit codes
-
-- CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
-
-- Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
-
- This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.
-
- It was actually added rather recently in 8e8afa82cbb629 due to a crash
- that would otherwise happen in the RTSP code. As I don't think we've
- fixed that behavior yet, we better keep this work-around until we have
- fixed it better.
-
-Michael Kaufmann (10 Dec 2017)
-- tests: mark data files as non-executable in git
-
-- tests: update .gitignore for libtests
-
-Daniel Stenberg (10 Dec 2017)
-- multi_done: prune DNS cache
-
- Prune the DNS cache immediately after the dns entry is unlocked in
- multi_done. Timed out entries will then get discarded in a more orderly
- fashion.
-
- Test506 is updated
-
- Reported-by: Oleg Pudeyev
-
- Fixes #2169
- Closes #2170
-
-- mailmap: fixup two old git Author "aliases"
-
-Jay Satiro (10 Dec 2017)
-- openssl: Disable file buffering for Win32 SSLKEYLOGFILE
-
- Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just
- like it does for other platforms. However, the Windows CRT does not
- actually support line buffering (_IOLBF) and will use full buffering
- (_IOFBF) instead. We can't use full buffering because multiple processes
- may be writing to the file and that could lead to corruption, and since
- full buffering is the only buffering available this commit disables
- buffering for Windows SSLKEYLOGFILE entirely (_IONBF).
-
- Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901
-
-Daniel Stenberg (10 Dec 2017)
-- RESOLVE: output verbose text when trying to set a duplicate name
-
- ... to help users understand what is or isn't done!
-
-- CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
-
-- [John DeHelian brought this change]
-
- sftp: allow quoted commands to use relative paths
-
- Closes #1900
-
-Jay Satiro (8 Dec 2017)
-- [Richard Alcock brought this change]
-
- CURLOPT_PRIVATE.3: fix grammar
-
- - Change "never does nothing" double-negative to "never does anything".
-
- Closes https://github.com/curl/curl/pull/2168
-
-Daniel Stenberg (8 Dec 2017)
-- curl: remove __EMX__ #ifdefs
-
- These are OS/2-specific things added to the code in the year 2000. They
- were always ugly. If there's any user left, they still don't need it
- done this way.
-
- Closes #2166
-
-Jay Satiro (8 Dec 2017)
-- openssl: improve data-pending check for https proxy
-
- - Allow proxy_ssl to be checked for pending data even when connssl does
- not yet have an SSL handle.
-
- This change is for posterity. Currently there doesn't seem to be a code
- path that will cause a pending data check when proxyssl could have
- pending data and the connssl handle doesn't yet exist [1].
-
- [1]: Recall that an https proxy connection starts out in connssl but if
- the destination is also https then the proxy SSL backend data is moved
- from connssl to proxyssl, which means connssl handle is temporarily
- empty until an SSL handle for the destination can be created.
-
- Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542
-
- Closes https://github.com/curl/curl/pull/1916
-
-Daniel Stenberg (8 Dec 2017)
-- curl: don't set CURLOPT_INTERLEAVEDATA
-
- That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
- and that option isn't set or used by the curl tool!
-
- Updates the 9 tests that verify --libcurl
-
- Closes #2167
-
-- curl.h: remove incorrect comment about ERRORBUFFER
-
- ... error messages are _not_ sent to stderr if this is not set.
-
-- [Michael Felt brought this change]
-
- configure: add AX_CODE_COVERAGE only if using gcc
-
- Fixes #2076
- Closes #2125
-
-- curl: limit -# update frequency for unknown total size
-
- Make it use a max 10Hz update frequency for this case as well. Return
- early if the "point" hasn't moved since last invoke.
-
- Reported-by: Elliot Saba
-
- Fixes #2158
- Closes #2163
-
-- BINDINGS: another PostgreSQL client
-
- ...the former link is dead.
-
- Reported-by: Frank Gevaerts
-
-- [Zachary Seguin brought this change]
-
- CONNECT: keep close connection flag in http_connect_state struct
-
- Fixes #2088
- Closes #2157
-
-- [Per Malmberg brought this change]
-
- include: get netinet/in.h before linux/tcp.h
-
- ... to allow build on older Linux dists (specifically CentOS 4.8 on gcc
- 4.8.5)
-
- Closes #2160
-
-- openldap: fix checksrc nits
-
-- [Stepan Broz brought this change]
-
- openldap: add commented out debug possibilities
-
- ... to aid debugging openldap library using its built-in debug messages.
-
- Closes #2159
-
-- examples: move threaded-shared-conn.c to the "complicated" ones
-
- ... due it relying on pthreads to link.
-
-- RELEASE-NOTES: synced with b261c44e8
-
- ... and bump next release version to 7.58.0
-
-- [Jan Ehrhardt brought this change]
-
- URL: tolerate backslash after drive letter for FILE:
-
- ... as in "file://c:\some\path\curl.out"
-
- Reviewed-by: Matthew Kerwin
- Closes #2154
-
-- [Randall S. Becker brought this change]
-
- tests: added netinet/in6.h includes in test servers
-
-- [Randall S. Becker brought this change]
-
- configure: check for netinet/in6.h
-
- Needed by HPE NonStop NSE and NSX systems
-
- Fixes #2146
- Closes #2155
-
-- curl-config: add --ssl-backends
-
- Lists all SSL backends that were enabled at build-time.
-
- Suggested-by: Oleg Pudeyev
- Fixes #2128
-
-- conncache: only allow multiplexing within same multi handle
-
- Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing
- only get additional transfers added to them if the existing connection
- is held by the same multi or easy handle. libcurl does not support doing
- HTTP/2 streams in different threads using a shared connection.
-
- Closes #2152
-
-- threaded-shared-conn.c: fixed typo in commenta
-
-- threaded-shared-conn.c: new example
-
-- conncache: fix several lock issues
-
- If the lock is released before the dealings with the bundle is over, it may
- have changed by another thread in the mean time.
-
- Fixes #2132
- Fixes #2151
- Closes #2139
-
-- libssh: remove dead code in sftp_qoute
-
- ... by removing a superfluous NULL pointer check that also confuses
- Coverity.
-
- Fixes #2143
- Closes #2153
-
-- sasl_getmesssage: make sure we have a long enough string to pass
-
- For pop3/imap/smtp, added test 891 to somewhat verify the pop3
- case.
-
- For this, I enhanced the pingpong test server to be able to send back
- responses with LF-only instead of always using CRLF.
-
- Closes #2150
-
-- libssh2: remove dead code from SSH_SFTP_QUOTE
-
- Figured out while reviewing code in the libssh backend. The pointer was
- checked for NULL after having been dereferenced, so we know it would
- always equal true or it would've crashed.
-
- Pointed-out-by: Nikos Mavrogiannopoulos
-
- Bug #2143
- Closes #2148
-
-- ssh-libssh.c: please checksrc
-
-Nikos Mavrogiannopoulos (4 Dec 2017)
-- libssh: fixed dereference in statvfs access
-
- The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS
- handling fails.
-
- Fixes #2142
-
-Daniel Stenberg (4 Dec 2017)
-- [Guitared brought this change]
-
- RESOURCES: update spec names
-
- Closes #2145
-
-Nikos Mavrogiannopoulos (3 Dec 2017)
-- libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
-
- The previous code was incorrectly following the libssh2 error detection
- for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.
-
- Fixes #2142
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-- libssh: no need to call sftp_get_error as ssh_get_error is sufficient
-
- Fixes #2141
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-Daniel Stenberg (2 Dec 2017)
-- libssh: fix minor static code analyzer nits
-
- - remove superfluous NULL check which otherwise tricks the static code
- analyzers to assume NULL pointer dereferences.
-
- - fix fallthrough in switch()
-
- - indent mistake
-
-- openssl: pkcs12 is supported by boringssl
-
- Removes another #ifdef for BoringSSL
-
- Pointed-out-by: David Benjamin
-
- Closes #2134
-
-- [Jay Satiro brought this change]
-
- travis: use pip2 instead of pip
-
- .. since now mac osx image expects pip2 or pip3, and doesn't know pip:
-
- 0.01s$ pip install --user cpp-coveralls
- /Users/travis/.travis/job_stages: line 57: pip: command not found
-
- Ref: https://github.com/travis-ci/travis-ci/issues/8829
-
- Closes https://github.com/curl/curl/pull/2133
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- lib582: do not verify host for SFTP
-
- This SFTP test fails with libssh back-end due to failure to verify
- the peer. Disable peer verification in the test as there seems to
- be the intention of the test.
-
- Note that the libssh back-end automatically verifies the peer's
- host using the default known_hosts file.
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- libssh: added SFTP support
-
- The SFTP back-end supports asynchronous reading only, limited
- to 32-bit file length. Writing is synchronous with no other
- limitations.
-
- This also brings keyboard-interactive authentication.
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- symbols-in-versions: added new symbols with 7.56.3 version
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- .travis.yml: added build --with-libssh
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- libssh2: return CURLE_UPLOAD_FAILED on failure to upload
-
- This brings its in sync with the error code returned by the
- libssh backend.
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- libssh2: send the correct CURLE error code on scp file not found
-
- That also updates tests to expect the right error code
-
- libssh2 back-end returns CURLE_SSH error if the remote file
- is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
- which is sent by the libssh backend.
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-
-- [Nikos Mavrogiannopoulos brought this change]
-
- Added support for libssh SSH SCP back-end
-
- libssh is an alternative library to libssh2.
- https://www.libssh.org/
-
- That patch set also introduces support for ECDSA
- ed25519 keys, as well as gssapi authentication.
-
- Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-
-- RELEASE-NOTES: synced with af8cc7a69
-
-- curlver: towards 7.57.1
-
-- [W. Mark Kubacki brought this change]
-
- lib: don't export all symbols, just everything curl_*
-
- Absent any 'symbol map' or script to limit what gets exported, static
- linking of libraries previously resulted in a libcurl with curl's and
- those other symbols being (re-)exported.
-
- This did not happen if 'versioned symbols' were enabled (which is not
- the default) because then a version script is employed.
-
- This limits exports to everything starting in 'curl_*'., which is
- what "libcurl.vers" exports.
-
- This avoids strange side-effects such as with mixing methods
- from system libraries and those erroneously offered by libcurl.
-
- Closes #2127
-
-- [Johannes Schindelin brought this change]
-
- SSL: Avoid magic allocation of SSL backend specific data
-
- Originally, my idea was to allocate the two structures (or more
- precisely, the connectdata structure and the four SSL backend-specific
- strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
- that they all could be free()d together.
-
- However, getting the alignment right is tricky. Too tricky.
-
- So let's just bite the bullet and allocate the SSL backend-specific
- data separately.
-
- As a consequence, we now have to be very careful to release the memory
- allocated for the SSL backend-specific data whenever we release any
- connectdata.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
- Closes #2119
-
-- examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
-
- Reported-by: Dima Tisnek
-
-- travis: add boringssl build
-
- Uses a separate build without --enable-debug and no valgrind.
-
- The debug option causes far too many warnings in boringssl's headers
- (C++ comments, trailing commas etc). Valgrind triggers some false
- positive errors in thread-local data used by boringssl.
-
- Closes #2118
-
-Version 7.57.0 (29 Nov 2017)
-
-Daniel Stenberg (29 Nov 2017)
-- RELEASE-NOTES: curl 7.57.0
-
-- THANKS: added contributors from 7.57.0 release
-
-- openssl: fix boringssl build again
-
- commit d3ab7c5a21e broke the boringssl build since it doesn't have
- RSA_flags(), so we disable that code block for boringssl builds.
-
- Reported-by: W. Mark Kubacki
- Fixes #2117
-
-- curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided
-
-- libcurl-share.3: the connection cache is shareable now
-
-- global_init: ignore CURL_GLOBAL_SSL's absense
-
- This bit is no longer used. It is not clear what it meant for users to
- "init the TLS" in a world with different TLS backends and since the
- introduction of multissl, libcurl didn't properly work if inited without
- this bit set.
-
- Not a single user responded to the call for users of it:
- https://curl.haxx.se/mail/lib-2017-11/0072.html
-
- Reported-by: Evgeny Grin
- Assisted-by: Jay Satiro
-
- Fixes #2089
- Fixes #2083
- Closes #2107
-
-- ntlm: avoid integer overflow for malloc size
-
- Reported-by: Alex Nichols
- Assisted-by: Kamil Dudka and Max Dymond
-
- CVE-2017-8816
-
- Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
-
-- wildcardmatch: fix heap buffer overflow in setcharset
-
- The code would previous read beyond the end of the pattern string if the
- match pattern ends with an open bracket when the default pattern
- matching function is used.
-
- Detected by OSS-Fuzz:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
-
- CVE-2017-8817
-
- Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
-
-- [Jay Satiro brought this change]
-
- url: fix alignment of ssl_backend_data struct
-
- - Align the array of ssl_backend_data on a max 32 byte boundary.
-
- 8 is likely to be ok but I went with 32 for posterity should one of
- the ssl_backend_data structs change to contain a larger sized variable
- in the future.
-
- Prior to this change (since dev 70f1db3, release 7.56) the connectdata
- structure was undersized by 4 bytes in 32-bit builds with ssl enabled
- because long long * was mistakenly used for alignment instead of
- long long, with the intention being an 8 byte boundary. Also long long
- may not be an available type.
-
- The undersized connectdata could lead to oob read/write past the end in
- what was expected to be the last 4 bytes of the connection's secondary
- socket https proxy ssl_backend_data struct (the secondary socket in a
- connection is used by ftp, others?).
-
- Closes https://github.com/curl/curl/issues/2093
-
- CVE-2017-8818
-
- Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
-
-- ssh: remove check for a NULL pointer (!)
-
- With this check present, scan-build warns that we might dereference this
- point in other places where it isn't first checked for NULL. Thus, if it
- *can* be NULL we have a problem on a few places. However, this pointer
- should not be possible to be NULL here so I remove the check and thus
- also three different scan-build warnings.
-
- Closes #2111
-
-- [Matthew Kerwin brought this change]
-
- test: add test for bad UNC/SMB path in file: URL
-
-- [Matthew Kerwin brought this change]
-
- test: add tests to ensure basic file: URLs
-
-- [Matthew Kerwin brought this change]
-
- URL: update "file:" URL handling
-
- * LOTS of comment updates
- * explicit error for SMB shares (e.g. "file:////share/path/file")
- * more strict handling of authority (i.e. "//localhost/")
- * now accepts dodgy old "C:|" drive letters
- * more precise handling of drive letters in and out of Windows
- (especially recognising both "file:c:/" and "file:/c:/")
-
- Closes #2110
-
-- metalink: fix memory-leak and NULL pointer dereference
-
- Reported by scan-build
-
- Closes #2109
-
-- [Alessandro Ghedini brought this change]
-
- connect: add support for new TCP Fast Open API on Linux
-
- The new API added in Linux 4.11 only requires setting a socket option
- before connecting, without the whole sento() machinery.
-
- Notably, this makes it possible to use TFO with SSL connections on Linux
- as well, without the need to mess around with OpenSSL (or whatever other
- SSL library) internals.
-
- Closes #2056
-
-- make: fix "make distclean"
-
- Fixes #2097
- Closes #2108
-
-- RELEASE-NOTES: synced with 31f18d272
-
-Jay Satiro (23 Nov 2017)
-- connect: improve the bind error message
-
- eg consider a non-existent interface eth8, curl --interface eth8
-
- Before: curl: (45) Could not resolve host: eth8
- After: curl: (45) Couldn't bind to 'eth8'
-
- Bug: https://github.com/curl/curl/issues/2104
- Reported-by: Alfonso Martone
-
-Daniel Stenberg (23 Nov 2017)
-- examples/rtsp: clear RANGE again after use
-
- Fixes #2106
- Reported-by: youngchopin on github
-
-- [Michael Kaufmann brought this change]
-
- test1264: verify URL with space in host name being rejected
-
-- url: reject ASCII control characters and space in host names
-
- Host names like "127.0.0.1 moo" would otherwise be accepted by some
- getaddrinfo() implementations.
-
- Updated test 1034 and 1035 accordingly.
-
- Fixes #2073
- Closes #2092
-
-- Curl_open: fix OOM return error correctly
-
- Closes #2098
-
-- http2: fix "Value stored to 'end' is never read" scan-build error
-
-- http2: fix "Value stored to 'hdbuf' is never read" scan-build error
-
-- openssl: fix "Value stored to 'rc' is never read" scan-build error
-
-- mime: fix "Value stored to 'sz' is never read" scan-build error
-
-- Curl_llist_remove: fix potential NULL pointer deref
-
- Fixes a scan-build warning.
-
-- ntlm: remove unnecessary NULL-check to please scan-build
-
-- BUGS: spellchecked
-
-Jay Satiro (18 Nov 2017)
-- [fmmedeiros brought this change]
-
- examples/curlx: Fix code style
-
- - Add braces around multi-line if statement.
-
- Closes https://github.com/curl/curl/pull/2096
-
-Daniel Stenberg (17 Nov 2017)
-- resolve: allow IP address within [] brackets
-
- ... so that IPv6 addresses can be passed like they can for connect-to
- and how they're used in URLs.
-
- Added test 1324 to verify
- Reported-by: Alex Malinovich
-
- Fixes #2087
- Closes #2091
-
-- [Pavol Markovic brought this change]
-
- macOS: Fix missing connectx function with Xcode version older than 9.0
-
- The previous fix https://github.com/curl/curl/pull/1788 worked just for
- Xcode 9. This commit extends the fix to older Xcode versions effectively
- by not using connectx function.
-
- Fixes https://github.com/curl/curl/issues/1330
- Fixes https://github.com/curl/curl/issues/2080
- Closes https://github.com/curl/curl/pull/1336
- Closes #2082
-
-- [Dirk Feytons brought this change]
-
- openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
-
- Fixes #2079
- Closes #2081
-
-- TODO: ignore private IP addresses in PASV response
-
- Closes #1455
-
-- RELEASE-NOTES: synced with ae7369b6d
-
-Michael Kaufmann (14 Nov 2017)
-- URL: return error on malformed URLs with junk after IPv6 bracket
-
- Follow-up to aadb7c7. Verified by new test 1263.
-
- Closes #2072
-
-Daniel Stenberg (14 Nov 2017)
-- INTERNALS: we may use libidn2 now, not libidn
-
-Patrick Monnerat (13 Nov 2017)
-- zlib/brotli: only include header files in modules needing them
-
- There is a conflict on symbol 'free_func' between openssl/crypto.h and
- zlib.h on AIX. This is an attempt to resolve it.
-
- Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
- Reported-By: Michael Felt
-
-Daniel Stenberg (13 Nov 2017)
-- SMB: fix uninitialized local variable
-
- Reported-by: Brian Carpenter
-
-- [Orgad Shaneh brought this change]
-
- connect.c: remove executable bit on file
-
- Closes #2071
-
-- [hsiao yi brought this change]
-
- README.md: fixed layout
-
- Closes #2069
-
-- setopt: split out curl_easy_setopt() to its own file
-
- ... to make url.c smaller.
-
- Closes #1944
-
-Jay Satiro (10 Nov 2017)
-- [John Starks brought this change]
-
- cmake: Add missing setmode check
-
- Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this,
- curl will corrupt binary files when writing them to stdout on Windows.
-
- Closes https://github.com/curl/curl/pull/2067
-
-Daniel Stenberg (10 Nov 2017)
-- curl_share_setopt: va_end was not called if conncache errors
-
- CID 984459, detected by Coverity
-
-Sergei Nikulov (10 Nov 2017)
-- [John Starks brought this change]
-
- cmake: Correctly include curl.rc in Windows builds (#2064)
-
- Update CMakeLists.txt to add curl.rc to the correct list.
-
-Daniel Stenberg (9 Nov 2017)
-- RELEASE-NOTES: synced with 32828cc4f
-
-- [Luca Boccassi brought this change]
-
- --interface: add support for Linux VRF
-
- The --interface command (CURLOPT_INTERFACE option) already uses
- SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
- address first, which fails in case the user passes a VRF.
-
- Try to use the socket option immediately and parse it as a fallback
- instead. Update the documentation to mention this feature, and that it
- requires the binary to be ran by root or with CAP_NET_RAW capabilities
- for this to work.
-
- Closes #2024
-
-- curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT
-
- Closes #2043
-
-- examples: add shared-connection-cache
-
-- test1554: verify connection cache sharing
-
-- share: add support for sharing the connection cache
-
-- imap: deal with commands case insensitively
-
- As documented in RFC 3501 section 9:
- https://tools.ietf.org/html/rfc3501#section-9
-
- Closes #2061
-
-- connect: store IPv6 connection status after valid connection
-
- ... previously it would store it already in the happy eyeballs stage
- which could lead to the IPv6 bit being set for an IPv4 connection,
- leading to curl not wanting to do EPSV=>PASV for FTP transfers.
-
- Closes #2053
-
-- curl_multi_fdset.3: emphasize curl_multi_timeout
-
- ... even when there's no socket to wait for, the timeout can still be
- very short.
-
-Jay Satiro (9 Nov 2017)
-- content_encoding: fix inflate_stream for no bytes available
-
- - Don't call zlib's inflate() when avail_in stream bytes is 0.
-
- This is a follow up to the parent commit 19e66e5. Prior to that change
- libcurl's inflate_stream could call zlib's inflate even when no bytes
- were available, causing inflate to return Z_BUF_ERROR, and then
- inflate_stream would treat that as a hard error and return
- CURLE_BAD_CONTENT_ENCODING.
-
- According to the zlib FAQ, Z_BUF_ERROR is not fatal.
-
- This bug would happen randomly since packet sizes are arbitrary. A test
- of 10,000 transfers had 55 fail (ie 0.55%).
-
- Ref: https://zlib.net/zlib_faq.html#faq05
-
- Closes https://github.com/curl/curl/pull/2060
-
-Patrick Monnerat (7 Nov 2017)
-- content_encoding: do not write 0 length data
-
-Daniel Stenberg (6 Nov 2017)
-- fnmatch: remove dead code
-
- There was a duplicate check for backslashes in the setcharset()
- function.
-
- Coverity CID 1420611
-
-- url: remove unncessary NULL-check
-
- Since 'conn' won't be NULL in there and we also access the pointer in
- there without the check.
-
- Coverity CID 1420610
-
-Viktor Szakats (6 Nov 2017)
-- src/Makefile.m32: fix typo in brotli lib customization
-
- Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31
-
-- Makefile.m32: allow to customize brotli libs
-
- It adds the ability to link against static brotli libs.
-
- Also fix brotli include path.
-
-Patrick Monnerat (5 Nov 2017)
-- travis: add a job with brotli enabled
-
-- [Viktor Szakats brought this change]
-
- Makefile.m32: add brotli support
-
-- HTTP: implement Brotli content encoding
-
- This uses the brotli external library (https://github.com/google/brotli).
- Brotli becomes a feature: additional curl_version_info() bit and
- structure fields are provided for it and CURLVERSION_NOW bumped.
-
- Tests 314 and 315 check Brotli content unencoding with correct and
- erroneous data.
-
- Some tests are updated to accomodate with the now configuration dependent
- parameters of the Accept-Encoding header.
-
-- HTTP: support multiple Content-Encodings
-
- This is implemented as an output streaming stack of unencoders, the last
- calling the client write procedure.
-
- New test 230 checks this feature.
-
- Bug: https://github.com/curl/curl/pull/2002
- Reported-By: Daniel Bankhead
-
-Jay Satiro (4 Nov 2017)
-- url: remove arg value check from CURLOPT_SSH_AUTH_TYPES
-
- Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value
- check on this option is incorrect; we have to accept any value.
-
- Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES
- erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT.
-
- Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
-
-Daniel Stenberg (4 Nov 2017)
-- ntlm: avoid malloc(0) for zero length passwords
-
- It triggers an assert() when built with memdebug since malloc(0) may
- return NULL *or* a valid pointer.
-
- Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054
-
- Assisted-by: Max Dymond
- Closes #2054
-
-- RELEASE-NOTES: synced with ee8016b3d
-
-- curl: speed up handling of many URLs
-
- By properly keeping track of the last entry in the list of URLs/uploads
- to handle, curl now avoids many meaningless traverses of the list which
- speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
- URLs).
-
- Added test 1291, to verify that it doesn't take ages - but we don't have
- any detection of "too slow" command in the test suite.
-
- Reported-by: arainchik on github
- Fixes #1959
- Closes #2052
-
-- curl: pass through [] in URLs instead of calling globbing error
-
- Assisted-by: Per Lundberg
- Fixes #2044
- Closes #2046
- Closes #2048
-
-- CURLOPT_INFILESIZE: accept -1
-
- Regression since f121575
-
- Reported-by: Petr Voytsik
- Fixes #2047
-
-Jay Satiro (2 Nov 2017)
-- url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
-
- Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT
- erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.
-
-Dan Fandrich (1 Nov 2017)
-- http2: Fixed OOM handling in upgrade request
-
- This caused the torture tests on test 1800 to fail.
-
-- tests: Fixed torture tests on tests 556 and 650
-
- Test cleanup after OOM wasn't being consistently performed.
-
-Daniel Stenberg (1 Nov 2017)
-- CURLOPT_MAXREDIRS: allow -1 as a value
-
- ... which is valid according to documentation. Regression since
- f121575c0b5f.
-
- Verified now in test 501.
-
- Reported-by: cbartl on github
- Fixes #2038
- Closes #2039
-
-- include: remove conncache.h inclusion from where its not needed
-
-Jay Satiro (1 Nov 2017)
-- url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
-
- .. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE.
-
- Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE
- erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT.
-
- Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html
- Reported-by: Andrew Lambert
-
-Daniel Stenberg (31 Oct 2017)
-- cookie: avoid NULL dereference
-
- ... when expiring old cookies.
-
- Reported-by: Pavel Gushchin
- Fixes #2032
- Closes #2035
-
-Marcel Raad (30 Oct 2017)
-- memdebug: use send/recv signature for curl_dosend/curl_dorecv
-
- This avoids build errors and warnings caused by implicit casts.
-
- Closes https://github.com/curl/curl/pull/2031
-
-Daniel Stenberg (30 Oct 2017)
-- [Juro Bystricky brought this change]
-
- mkhelp.pl: support reproducible build
-
- Do not generate line with the current date, such as:
-
- * Generation time: Tue Oct-24 18:01:41 2017
-
- This will improve reproducibility. The generated string is only
- part of a comment, so there should be no adverse consequences.
-
- Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
- closes #2026
-
-Dan Fandrich (30 Oct 2017)
-- runtests.pl: Fixed typo in message
-
-Daniel Stenberg (30 Oct 2017)
-- curlx: the timeval functions are no longer provided as curlx_*
-
- Pointed-out-by: Dmitri Tikhonov
- Bug: #2034
-
-- select: update comments
-
- s/curlx_tvnow/Curl_now
-
-- INTERNALS: remove curlx_tv* functions no longer provided
-
-- [Dmitri Tikhonov brought this change]
-
- timeval: use mach time on MacOS
-
- If clock_gettime() is not supported, use mach_absolute_time() on MacOS.
-
- closes #2033
-
-Patrick Monnerat (29 Oct 2017)
-- cli tool: improve ";type=" handling in -F option arguments
-
-- cli tool: in -F option arg, comma is a delimiter for files only
-
- Also upgrade test 1133 to cover this case and clarify man page about
- form data quoting.
-
- Bug: https://github.com/curl/curl/issues/2022
- Reported-By: omau on github
-
-Daniel Stenberg (29 Oct 2017)
-- timeleft: made two more users of Curl_timeleft use timediff_t
-
-Jakub Zakrzewski (28 Oct 2017)
-- cmake: Export libcurl and curl targets to use by other cmake projects
-
- The config files define curl and libcurl targets as imported targets
- CURL::curl and CURL::libcurl. For backward compatibility with CMake-
- provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
- also set.
-
- Closes #1879
-
-Daniel Stenberg (28 Oct 2017)
-- RELEASE-NOTES: synced with f20cbac97
-
-- [Florin Petriuc brought this change]
-
- auth: Added test cases for RFC7616
-
- Updated docs to include support for RFC7616
-
- Signed-off-by: Florin <petriuc.florin@gmail.com>
-
- Closes #1934
-
-- [Florin Petriuc brought this change]
-
- auth: add support for RFC7616 - HTTP Digest access authentication
-
- Signed-off-by: Florin <petriuc.florin@gmail.com>
-
-- [Daniel Bankhead brought this change]
-
- TODO: support multiple Content-Encodings
-
- Closes #2002
-
-- ROADMAP: cleanup
-
- Removed done stuff. Removed entries no longer considered for the near
- term.
-
-- [Magicansk brought this change]
-
- ROADMAP.md: spelling fixes
-
- Closes #2028
-
-- Curl_timeleft: change return type to timediff_t
-
- returning 'time_t' is problematic when that type is unsigned and we
- return values less than zero to signal "already expired", used in
- several places in the code.
-
- Closes #2021
-
-- appveyor: add a win32 build
-
-- setopt: fix CURLOPT_SSH_AUTH_TYPES option read
-
- Regression since f121575c0b5f
-
- Reported-by: Rob Cotrone
-
-Marcel Raad (27 Oct 2017)
-- resolvers: only include anything if needed
-
- This avoids warnings about unused stuff.
-
- Closes https://github.com/curl/curl/pull/2023
-
-Daniel Stenberg (27 Oct 2017)
-- HELP-US: rename the subtitle too since the label is changed
-
- "PR-welcome" was the former name.
-
-- curl_setup.h: oops, shorten the too long line
-
-- [Martin Storsjo brought this change]
-
- curl_setup: Improve detection of CURL_WINDOWS_APP
-
- If WINAPI_FAMILY is defined, it should be safe to try to include
- winapifamily.h to check what the define evaluates to.
-
- This should fix detection of CURL_WINDOWS_APP if building with
- _WIN32_WINNT set to 0x0600.
-
- Closes #2025
-
-Jay Satiro (26 Oct 2017)
-- transfer: Fix chunked-encoding upload bug
-
- - When uploading via chunked-encoding don't compare file size to bytes
- sent to determine whether the upload has finished.
-
- Chunked-encoding adds its own overhead which why the bytes sent is not
- equal to the file size. Prior to this change if a file was uploaded in
- chunked-encoding and its size was known it was possible that the upload
- could end prematurely without sending the final few chunks. That would
- result in a server hang waiting for the remaining data, likely followed
- by a disconnect.
-
- The scope of this bug is limited to some arbitrary file sizes which have
- not been determined. One size that triggers the bug is 475020.
-
- Bug: https://github.com/curl/curl/issues/2001
- Reported-by: moohoorama@users.noreply.github.com
-
- Closes https://github.com/curl/curl/pull/2010
-
-Daniel Stenberg (26 Oct 2017)
-- timeval: make timediff_t also work on 32bit windows
-
- ... by using curl_off_t for the typedef if time_t is larger than 4
- bytes.
-
- Reported-by: Gisle Vanem
- Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co
- mmitcomment-25205058
- Closes #2019
-
-- curl_fnmatch: return error on illegal wildcard pattern
-
- ... instead of doing an infinite loop!
-
- Added test 1162 to verify.
-
- Reported-by: Max Dymond
- Fixes #2015
- Closes #2017
-
-- [Max Dymond brought this change]
-
- wildcards: don't use with non-supported protocols
-
- Fixes timeouts in the fuzzing tests for non-FTP protocols.
-
- Closes #2016
-
-- [Max Dymond brought this change]
-
- multi: allow table handle sizes to be overridden
-
- Allow users to specify their own hash define for
- CURL_CONNECTION_HASH_SIZE so that both values can be overridden.
-
- Closes #1982
-
-- time: rename Curl_tvnow to Curl_now
-
- ... since the 'tv' stood for timeval and this function does not return a
- timeval struct anymore.
-
- Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
- clean up the descriptive comments.
-
- Closes #2011
-
-- ftplistparser: follow-up cleanup to remove PL_ERROR()
-
-- [Max Dymond brought this change]
-
- ftplistparser: free off temporary memory always
-
- When using the FTP list parser, ensure that the memory that's
- allocated is always freed.
-
- Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
- Closes #2013
-
-- timediff: return timediff_t from the time diff functions
-
- ... to cater for systems with unsigned time_t variables.
-
- - Renamed the functions to curlx_timediff and Curl_timediff_us.
-
- - Added overflow protection for both of them in either direction for
- both 32 bit and 64 bit time_ts
-
- - Reprefixed the curlx_time functions to use Curl_*
-
- Reported-by: Peter Piekarski
- Fixes #2004
- Closes #2005
-
-- [Paul Howarth brought this change]
-
- libtest: Add required test libraries for lib1552 and lib1553
-
- They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.
-
- This fixes build failures on Fedora 13.
-
- Closes #2006
-
-- [Alessandro Ghedini brought this change]
-
- libcurl-tutorial.3: fix typo
-
- closes #2008
-
-Alessandro Ghedini (23 Oct 2017)
-- curl_mime_filedata.3: fix typos
-
-Daniel Stenberg (23 Oct 2017)
-- RELEASE-NOTES: clean slate towards 7.57.0
-
-- [Max Dymond brought this change]
-
- travis: exit if any steps fail
-
- We don't expect any steps to fail in travis. Exit the script if they do.
-
- Closes #1966
-
-Version 7.56.1 (23 Oct 2017)
-
-Daniel Stenberg (23 Oct 2017)
-- RELEASE-NOTES: 7.56.1
-
-- THANKS: update at 7.56.1 release time
-
-- [Jon DeVree brought this change]
-
- mk-ca-bundle: Remove URL for aurora
-
- Aurora is no longer used by Mozilla
- https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
-
-- [Jon DeVree brought this change]
-
- mk-ca-bundle: Fix URL for NSS
-
- The 'tip' is the most recent branch committed to, this should be
- 'default' like the URLs for the browser are.
-
- Closes #1998
-
-- imap: if a FETCH response has no size, don't call write callback
-
- CVE-2017-1000257
-
- Reported-by: Brian Carpenter and 0xd34db347
- Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
-
-- ftp: reject illegal IP/port in PASV 227 response
-
- ... by using range checks. Among other things, this avoids an undefined
- behavior for a left shift that could happen on negative or very large
- values.
-
- Closes #1997
-
- Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
-
-Patrick Monnerat (20 Oct 2017)
-- test653: check reuse of easy handle after mime data change
-
- See issue #1999
-
-- mime: do not reuse previously computed multipart size
-
- The contents might have changed: size must be recomputed.
-
- Reported-by: moteus on github
- Fixes #1999
-
-- test308: disable if MultiSSL feature enabled
-
- Even if OpenSSL is enabled, it might not be the default backend when
- multi-ssl is enabled, causing the test to fail.
-
-- runtests: support MultiSSL client feature
-
-- vtls: change struct Curl_ssl `close' field name to `close_one'.
-
- On OS/400, `close' is an ASCII system macro that corrupts the code if
- not used in a context not targetting the close() system API.
-
-- os400: add missing symbols in config file.
-
- Also adjust makefile to renamed files and warn about installation dirs mix-up.
-
-- test652: curl_mime_data + base64 encoder with large contents
-
-- mime: limit bas64-encoded lines length to 76 characters
-
-Daniel Stenberg (16 Oct 2017)
-- RELEASE-NOTES: synced with f121575c0
-
-- setopt: range check most long options
-
- ... filter early instead of risking "funny values" having to be dealt
- with elsewhere.
-
-- setopt: avoid integer overflows when setting millsecond values
-
- ... that are multiplied by 1000 when stored.
-
- For 32 bit long systems, the max value accepted (2147483 seconds) is >
- 596 hours which is unlikely to ever be set by a legitimate application -
- and previously it didn't work either, it just caused undefined behavior.
-
- Also updated the man pages for these timeout options to mention the
- return code.
-
- Closes #1938
-
-Viktor Szakats (15 Oct 2017)
-- makefile.m32: allow to override gcc, ar and ranlib
-
- Allow to ovverride certain build tools, making it possible to
- use LLVM/Clang to build curl. The default behavior is unchanged.
- To build with clang (as offered by MSYS2), these settings can
- be used:
-
- CURL_CC=clang
- CURL_AR=llvm-ar
- CURL_RANLIB=llvm-ranlib
-
- Closes https://github.com/curl/curl/pull/1993
-
-- ldap: silence clang warning
-
- Use memset() to initialize a structure to avoid LLVM/Clang warning:
- ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]
-
- Closes https://github.com/curl/curl/pull/1992
-
-Daniel Stenberg (14 Oct 2017)
-- runtests: use valgrind for torture as well
-
- NOTE: it makes them terribly slow. I recommend only using valgrind for
- specific torture tests or using lots of patience.
-
-- memdebug: trace send, recv and socket
-
- ... to allow them to be included in torture tests too.
-
- closes #1980
-
-- configure: remove the C++ compiler check
-
- ... we used it only for the fuzzer, which we now have in a separate git
- repo.
-
- Closes #1990
-
-Patrick Monnerat (13 Oct 2017)
-- mime: do not call failf() if easy handle is NULL.
-
-Daniel Stenberg (13 Oct 2017)
-- test651: curl_formadd with huge COPYCONTENTS
-
-- mime: fix the content reader to handle >16K data properly
-
- Reported-by: Jeroen Ooms
- Closes #1988
-
-Patrick Monnerat (12 Oct 2017)
-- mime: keep "text/plain" content type if user-specified.
-
- Include test cases in 554, 587, 650.
-
- Fixes https://github.com/curl/curl/issues/1986
-
-- cli tool: use file2memory() to buffer stdin in -F option.
-
- Closes PR https://github.com/curl/curl/pull/1985
-
-- cli tool: reimplement stdin buffering in -F option.
-
- If stdin is not a regular file, its content is memory-buffered to enable
- a possible data "rewind".
- In all cases, stdin data size is determined before real use to avoid
- having an unknown part's size.
-
- --libcurl generated code is left as an unbuffered stdin fread/fseek callback
- part with unknown data size.
-
- Buffering is not supported in deprecated curl_formadd() API.
-
-Daniel Stenberg (12 Oct 2017)
-- winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
-
-- HELP-US: the label "PR-welcome" is now renamed to "help wanted"
-
- following the new github "standard"
-
-- RELEASE-NOTES: synced with 5505df7d2
-
-Jay Satiro (11 Oct 2017)
-- [Artak Galoyan brought this change]
-
- url: Update current connection SSL verify params in setopt
-
- Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
- connection updates the current connection's (i.e.'connectdata'
- structure) appropriate ssl_config (and ssl_proxy_config) structures
- variables, making these options effective for ongoing connection.
-
- This functionality was available before and was broken by the
- following change:
- "proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
- CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151.
-
- Bug: https://github.com/curl/curl/issues/1941
-
- Closes https://github.com/curl/curl/pull/1951
-
-Daniel Stenberg (11 Oct 2017)
-- [David Benjamin brought this change]
-
- openssl: don't use old BORINGSSL_YYYYMM macros
-
- Those were temporary things we'd add and remove for our own convenience
- long ago. The last few stayed around for too long as an oversight but
- have since been removed. These days we have a running
- BORINGSSL_API_VERSION counter which is bumped when we find it
- convenient, but 2015-11-19 was quite some time ago, so just check
- OPENSSL_IS_BORINGSSL.
-
- Closes #1979
-
-- test950; verify SMTP with custom request
-
-- ftpserver: support case insensitive commands
-
-- smtp_done: free data before returning (on send failure)
-
- ... as otherwise it could leak that memory.
-
- Detected by OSS-fuzz:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
-
- Assisted-by: Max Dymond
- Closes #1977
-
-- FTP: URL decode path for dir listing in nocwd mode
-
- Reported-by: Zenju on github
-
- Test 244 added to verify
- Fixes #1974
- Closes #1976
-
-- test298: verify --ftp-method nowcwd with URL encoded path
-
- Ref: #1974
-
-- CURLOPT_XFERINFODATA.3: fix duplicate see also
-
-- CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
-
-- FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
-
-- openssl: enable PKCS12 support for !BoringSSL
-
- Enable PKCS12 for all non-boringssl builds without relying on configure
- or cmake checks.
-
- Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
- Reported-by: Christian Schmitz
- Closes #1948
-
-- [Kristiyan Tsaklev brought this change]
-
- curl: don't pass semicolons when parsing Content-Disposition
-
- Test 1422 updated to verify.
-
- Closes #1964
-
-Patrick Monnerat (9 Oct 2017)
-- mime: properly unbind mime structure in curl_mime_free().
-
- This allows freeing a mime structure bound to the easy handle before
- curl_easy_cleanup().
-
- Fixes #1970.
-
-Daniel Stenberg (9 Oct 2017)
-- RTSP: avoid integer overflow on funny RTSP response
-
- ... like a very large non-existing RTSP version number.
-
- Added test 577 to verify.
-
- Detected by OSS-fuzz.
- Closes #1969
-
-Patrick Monnerat (8 Oct 2017)
-- ftpserver: properly reset $ftptargetdir.
-
-- test643: verify curl_mime_subparts() rejects cyclic additions.
-
-- mime: refuse to add subparts to one of their own descendants.
-
- Reported-by: Alexey Melnichuk
- Fixes #1962
-
-- mime: avoid resetting a part's encoder when part's contents change.
-
-- mime: improve unbinding top multipart from easy handle.
-
- Also avoid dangling pointers in referencing parts.
-
-Daniel Stenberg (8 Oct 2017)
-- RELEASE-NOTES: synced with a4c1c75da30af1
-
-- curlver.h: next expected release is 7.57.0
-
-Patrick Monnerat (8 Oct 2017)
-- mime: be tolerant about setting twice the same header list in a part.
-
-- docs: clarify form/mime usage of non-regular data files.
-
-Daniel Stenberg (8 Oct 2017)
-- Revert "multi_done: wait for name resolve to finish if still ongoing"
-
- This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe.
-
- Caused memory leaks in the fuzzer, needs to be done differently.
-
- Disable test 1553 for now too, as it causes memory leaks without this
- commit!
-
-- remove_handle: call multi_done() first, then clear dns cache pointer
-
- Closes #1960
-
-- multi_done: wait for name resolve to finish if still ongoing
-
- ... as we must clean up memory.
-
-- pingpong: return error when trying to send without connection
-
- When imap_done() got called before a connection is setup, it would try
- to "finish up" and dereffed a NULL pointer.
-
- Test case 1553 managed to reproduce. I had to actually use a host name
- to try to resolve to slow it down, as using the normal local server IP
- will make libcurl get a connection in the first curl_multi_perform()
- loop and then the bug doesn't trigger.
-
- Fixes #1953
- Assisted-by: Max Dymond
-
-Dan Fandrich (6 Oct 2017)
-- tests: added flaky keyword to tests 587 and 644
-
- These are around 5% flaky in my Linux x86 autobuilds.
-
-Marcel Raad (6 Oct 2017)
-- vtls: fix warnings with --disable-crypto-auth
-
- When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters
- are not used.
-
-Daniel Stenberg (6 Oct 2017)
-- multi_cleanup: call DONE on handles that never got that
-
- ... fixes a memory leak with at least IMAP when remove_handle is never
- called and the transfer is abruptly just abandoned early.
-
- Test 1552 added to verify
-
- Detected by OSS-fuzz
- Assisted-by: Max Dymond
- Closes #1954
-
-- [Benbuck Nason brought this change]
-
- strtoofft: Remove extraneous null check
-
- Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str'
- argument.
-
- Closes #1952
-
-- openssl: fix build without HAVE_OPAQUE_EVP_PKEY
-
- Reported-by: Javier Sixto
- Fixes #1955
- Closes #1956
-
-Viktor Szakats (6 Oct 2017)
-- lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
-
- The source code is now prepared to handle the case when both
- Win32 Crypto and OpenSSL/NSS crypto backends are enabled
- at the same time, making it now possible to enable `USE_WIN32_CRYPTO`
- whenever the targeted Windows version supports it. Since this
- matches the minimum Windows version supported by curl
- (Windows 2000), enable it unconditionally for the Win32 platform.
-
- This in turn enables SMB (and SMBS) protocol support whenever
- Win32 Crypto is available, regardless of what other crypto backends
- are enabled.
-
- Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052
-
- Closes https://github.com/curl/curl/pull/1943
-
-Daniel Stenberg (5 Oct 2017)
-- build: fix --disable-crypto-auth
-
- Reported-by: Wyatt O'Day
- Fixes #1945
- Closes #1947
-
-Jay Satiro (5 Oct 2017)
-- [Nick Zitzmann brought this change]
-
- darwinssl: add support for TLSv1.3
-
- Closes https://github.com/curl/curl/pull/1794
-
-Daniel Stenberg (4 Oct 2017)
-- [Felix Kaiser brought this change]
-
- docs: fix typo in curl_mime_data_cb man page
-
- Closes #1946
-
-Viktor Szakats (4 Oct 2017)
-- lib/Makefile.m32: allow customizing dll suffixes
-
- - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated
- libcurl dll name. Useful to add `-x64` to 64-bit builds so that
- it can live in the same directory as the 32-bit one. By default
- this is empty.
-
- - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the
- generated import library (implib) for libcurl .dll. It defaults
- to `dll`, and it's useful to modify that to `.dll` to have the
- standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`.
-
- Closes https://github.com/curl/curl/pull/1942
-
-Daniel Stenberg (4 Oct 2017)
-- [Max Dymond brought this change]
-
- fuzzer: move to using external curl-fuzzer
-
- Use the external curl-fuzzer repository for fuzzing.
-
- Closes #1923
-
-- failf: skip the sprintf() if there are no consumers
-
- Closes #1936
-
-- ftp: UBsan fixup 'pointer index expression overflowed'
-
- Closes #1939
-
-- RELEASE-PROCEDURE: update the release schedule
-
-Version 7.56.0 (4 Oct 2017)
-
-Daniel Stenberg (4 Oct 2017)
-- RELEASE-NOTES: curl 7.56.0
-
-- THANKS: added new 7.56.0 contributors
-
-Jay Satiro (4 Oct 2017)
-- build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported
-
- Ref: https://github.com/curl/curl/issues/1002
-
-Michael Kaufmann (3 Oct 2017)
-- idn: fix source code comment
-
-- vtls: compare and clone ssl configs properly
-
- Compare these settings in Curl_ssl_config_matches():
- - verifystatus (CURLOPT_SSL_VERIFYSTATUS)
- - random_file (CURLOPT_RANDOM_FILE)
- - egdsocket (CURLOPT_EGDSOCKET)
-
- Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
- and copy the setting "sessionid" unconditionally.
-
- This means that reusing connections that are secured with a client
- certificate is now possible, and the statement "TLS session resumption
- is disabled when a client certificate is used" in the old advisory at
- https://curl.haxx.se/docs/adv_20170419.html is obsolete.
-
- Reviewed-by: Daniel Stenberg
-
- Closes #1917
-
-- proxy: read the "no_proxy" variable only if necessary
-
- Reviewed-by: Daniel Stenberg
-
- Closes #1919
-
-Patrick Monnerat (3 Oct 2017)
-- libcurl-tutorial: add casts in example to avoid compilation warnings.
-
-Daniel Stenberg (3 Oct 2017)
-- examples: bring back curl_formadd-using examples
-
- ... now with a -formadd suffix. While the new mime API is introduced in
- 7.56.0 we must acknowledge that lots of users can't upgrade their curl
- versions immediately.
-
-- test1153: verify quoted double-qoutes in PWD response
-
-- FTP: zero terminate the entry path even on bad input
-
- ... a single double quote could leave the entry path buffer without a zero
- terminating byte. CVE-2017-1000254
-
- Test 1152 added to verify.
-
- Reported-by: Max Dymond
- Bug: https://curl.haxx.se/docs/adv_20171004.html
-
-Jay Satiro (2 Oct 2017)
-- [Sergei Nikulov brought this change]
-
- cmake: disable tests and man generation if perl/nroff not found
-
- Fixes https://github.com/curl/curl/issues/1500
- Reported-by: Jay Satiro
-
- Fixes https://github.com/curl/curl/pull/1662
- Assisted-by: Tom Seddon
- Assisted-by: dpull@users.noreply.github.com
- Assisted-by: elelel@users.noreply.github.com
-
- Closes https://github.com/curl/curl/pull/1924
-
-Patrick Monnerat (2 Oct 2017)
-- libcurl-tutorial: fix two typos.
-
-- TODO: remove deprecated form API items.
-
-- libcurl-tutorial: describe MIME API and deprecate form API.
-
- Include a guide to form/mime API conversion.
-
-Daniel Stenberg (30 Sep 2017)
-- cookie: fix memory leak if path was set twice in header
-
- ... this will let the second occurance override the first.
-
- Added test 1161 to verify.
-
- Reported-by: Max Dymond
- Fixes #1932
- Closes #1933
-
-Dan Fandrich (30 Sep 2017)
-- test650: Use variable replacement to set the host address and port
-
- Otherwise, the test fails when the -b test option is used to set a
- different test port range.
-
-- Set and use more necessary options when some protocols are disabled
-
- When curl and libcurl are built with some protocols disabled, they stop
- setting and receiving some options that don't make sense with those
- protocols. In particular, when HTTP is disabled many options aren't set
- that are used only by HTTP. However, some options that appear to be
- HTTP-only are actually used by other protocols as well (some despite
- having HTTP in the name) and should be set, but weren't. This change now
- causes some of these options to be set and used for more (or for all)
- protocols. In particular, this fixes tests 646 through 649 in an
- HTTP-disabled build, which use the MIME API in the mail protocols.
-
-Daniel Stenberg (29 Sep 2017)
-- test1160: verifies cookie leak for large cookies
-
- The fix done in 20ea22ff735
-
-- cookie: fix memory leak on oversized rejection
-
- Regression brought by 2bc230de63b
-
- Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
- Assisted-by: Max Dymond
-
- Closes #1930
-
-- [Anders Bakken brought this change]
-
- connect: fix race condition with happy eyeballs timeout
-
- The timer should be started after conn->connecttime is set. Otherwise
- the timer could expire without this condition being true:
-
- /* should we try another protocol family? */
- if(i == 0 && conn->tempaddr[1] == NULL &&
- curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {
-
- Ref: #1928
-
-Michael Kaufmann (28 Sep 2017)
-- docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
-
- Closes #1922
-
-- docs: clarify the use of environment variables for proxy
-
- Closes #1921
-
-- http: add custom empty headers to repeated requests
-
- Closes #1920
-
-- reuse_conn: don't copy flags that are known to be equal
-
- A connection can only be reused if the flags "conn_to_host" and
- "conn_to_port" match. Therefore it is not necessary to copy these flags
- in reuse_conn().
-
- Closes #1918
-
-Daniel Stenberg (27 Sep 2017)
-- curl.h: include <sys/select.h> on cygwin too
-
- When building with -std=c++14 on cygwin, this header won't be
- automatically included as it otherwise is.
-
- The <sys/select.h> include decision should ideally be reversed and be
- avoided where that header file doesn't exist.
-
- Reported-by: Ian Fette
- Fixes #1925
-
-- RELEASE-NOTES: synced with d8ab5dc50
-
-Michael Kaufmann (24 Sep 2017)
-- tests: adjust .gitignore for new tests
-
-Jay Satiro (23 Sep 2017)
-- ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header
-
- .. and include the core NTLM header in all NTLM-related source files.
-
- Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT
- but did not include vtls.h where it was defined.
-
- Closes https://github.com/curl/curl/pull/1911
-
-Daniel Stenberg (23 Sep 2017)
-- file_range: avoid integer overflow when figuring out byte range
-
- When trying to bump the value with one and the value is already at max,
- it causes an integer overflow.
-
- Closes #1908
- Detected by oss-fuzz:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465
-
- Assisted-by: Max Dymond
-
-Michael Kaufmann (23 Sep 2017)
-- tests: fix a compiler warning in test 643
-
-Jay Satiro (23 Sep 2017)
-- symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry
-
- - Use spaces instead of tabs as the delimiter.
-
- Follow up to 7c52b12 which added the entry. The entry had used tabs but
- the symbol-scan parser doesn't recognize tabs and would fail the symbol.
-
-Viktor Szakats (22 Sep 2017)
-- metalink: fix NSS issue in MultiSSL builds
-
- In MultiSSL mode (i.e. when more than one SSL backend is compiled
- in), we cannot use the compile time flag `USE_NSS` as indicator that
- the NSS backend is in use. As far as Metalink is concerned, the SSL
- backend is only used for MD5, SHA-1 and SHA-256 calculations,
- therefore one of the available SSL backends is selected at compile
- time, in a strict order of preference.
-
- Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used
- to determine whether the SSL backend used for Metalink is the NSS
- backend, and use that to guard the code that wants to de-initialize
- the NSS-specific data structure.
-
- Ref: https://github.com/curl/curl/pull/1848
-
-- ntlm: use strict order for SSL backend #if branches
-
- With the recently introduced MultiSSL support multiple SSL backends
- can be compiled into cURL That means that now the order of the SSL
-
- One option would be to use the same SSL backend as was configured
- via `curl_global_sslset()`, however, NTLMv2 support would appear
- to be available only with some SSL backends. For example, when
- eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced
- support for NTLMv1 using Windows' Crypt API, it specifically did
- *not* introduce NTLMv2 support using Crypt API at the same time.
-
- So let's select one specific SSL backend for NTLM support when
- compiled with multiple SSL backends, using a priority order such
- that we support NTLMv2 even if only one compiled-in SSL backend can
- be used for that.
-
- Ref: https://github.com/curl/curl/pull/1848
-
-Daniel Stenberg (22 Sep 2017)
-- symbols-in-versions: add CURLSSLSET_NO_BACKENDS
-
- ...fixup from b8e0fe19ec
-
-- imap: quote atoms properly when escaping characters
-
- Updates test 800 to verify
-
- Fixes #1902
- Closes #1903
-
-- tests: make the imap server not verify user+password
-
- ... as the test cases themselves do that and it makes it easier to add
- crazy test cases.
-
- Test 800 updated to use user name + password that need quoting.
-
- Test 856 updated to trigger an auth fail differently.
-
- Ref: #1902
-
-- vtls: provide curl_global_sslset() even in non-SSL builds
-
- ... it just returns error:
-
- Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367
- Reported-by: Marcel Raad
-
- Closes #1906
-
-Patrick Monnerat (22 Sep 2017)
-- form/mime: field names are not allowed to contain zero-valued bytes.
-
- Also suppress length argument of curl_mime_name() (names are always
- zero-terminated).
-
-Daniel Stenberg (21 Sep 2017)
-- [Dirk Feytons brought this change]
-
- openssl: only verify RSA private key if supported
-
- In some cases the RSA key does not support verifying it because it's
- located on a smart card, an engine wants to hide it, ...
- Check the flags on the key before trying to verify it.
- OpenSSL does the same thing internally; see ssl/ssl_rsa.c
-
- Closes #1904
-
-Marcel Raad (21 Sep 2017)
-- examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
-
- Otherwise, typecheck-gcc.h warns on MinGW-w64.
-
-Patrick Monnerat (20 Sep 2017)
-- mime: rephrase the multipart output state machine (#1898) ...
-
- ... in hope coverity will like it much.
-
-- mime: fix an explicit null dereference (#1899)
-
-Daniel Stenberg (20 Sep 2017)
-- curl: check fseek() return code and bail on error
-
- Detected by coverity. CID 1418137.
-
-- smtp: fix memory leak in OOM
-
- Regression since ce0881edee
-
- Coverity CID 1418139 and CID 1418136 found it, but it was also seen in
- torture testing.
-
-- RELEASE-NOTES: synced with 5fe85587c
-
-- [Pavel Pavlov brought this change]
-
- cookies: use lock when using CURLINFO_COOKIELIST
-
- Closes #1896
-
-- [Max Dymond brought this change]
-
- ossfuzz: changes before merging the generated corpora
-
- Before merging in the oss-fuzz corpora from Google, there are some changes
- to the fuzzer.
- - Add a read corpus script, to display corpus files nicely.
- - Change the behaviour of the fuzzer so that TLV parse failures all now
- go down the same execution paths, which should reduce the size of the
- corpora.
- - Make unknown TLVs a failure to parse, which should decrease the size
- of the corpora as well.
-
- Closes #1881
-
-- mime:escape_string minor clarification change
-
- ... as it also removes a warning with old gcc versions.
-
- Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html
- Reported-by: Ben Greear
-
-- [Max Dymond brought this change]
-
- ossfuzz: don't write out to stdout
-
- Don't make the fuzzer write out to stdout - instead write some of the
- contents to a memory block so we exercise the data output code but
- quietly.
-
- Closes #1885
-
-- cookies: reject oversized cookies
-
- ... instead of truncating them.
-
- There's no fixed limit for acceptable cookie names in RFC 6265, but the
- entire cookie is said to be less than 4096 bytes (section 6.1). This is
- also what browsers seem to implement.
-
- We now allow max 5000 bytes cookie header. Max 4095 bytes length per
- cookie name and value. Name + value together may not exceed 4096 bytes.
-
- Added test 1151 to verify
-
- Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
- Reported-by: Kevin Smith
-
- Closes #1894
-
-- travis: on mac, don't install openssl or libidn
-
- - openssl is already installed and causes warnings when trying to
- install again
-
- - libidn isn't used these days, and homebrew doesn't seem to have a
- libidn2 package to replace with easily
-
- Closes #1895
-
-- curl: make str2udouble not return values on error
-
- ... previously it would store a return value even when it returned
- error, which could make the value get used anyway!
-
- Reported-by: Brian Carpenter
- Closes #1893
-
-Jay Satiro (18 Sep 2017)
-- socks: fix incorrect port number in SOCKS4 error message
-
- Prior to this change it appears the SOCKS5 port parsing was erroneously
- used for the SOCKS4 error message, and as a result an incorrect port
- would be shown in the error message.
-
- Bug: https://github.com/curl/curl/issues/1892
- Reported-by: Jackarain@users.noreply.github.com
-
-- [Marc Aldorasi brought this change]
-
- schannel: Support partial send for when data is too large
-
- Schannel can only encrypt a certain amount of data at once. Instead of
- failing when too much data is to be sent at once, send as much data as
- we can and let the caller send the remaining data by calling send again.
-
- Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html
-
- Closes https://github.com/curl/curl/pull/1890
-
-- [David Benjamin brought this change]
-
- openssl: add missing includes
-
- lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include
- their headers directly rather than relying on other OpenSSL headers
- including things.
-
- Closes https://github.com/curl/curl/pull/1891
-
-Daniel Stenberg (15 Sep 2017)
-- conversions: fix several compiler warnings
-
-- server/getpart: provide dummy function to build conversion enabled
-
-- non-ascii: use iconv() with 'char **' argument
-
- Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
-
-- escape.c: error: pointer targets differ in signedness
-
-- docs: clarify the CURLOPT_INTERLEAVE* options behavior
-
-- [Max Dymond brought this change]
-
- rtsp: Segfault in rtsp.c when using WRITEDATA
-
- If the INTERLEAVEFUNCTION is defined, then use that plus the
- INTERLEAVEDATA information when writing RTP. Otherwise, use
- WRITEFUNCTION and WRITEDATA.
-
- Fixes #1880
- Closes #1884
-
-Marcel Raad (15 Sep 2017)
-- [Isaac Boukris brought this change]
-
- tests: enable gssapi in travis-ci linux build
-
- Closes https://github.com/curl/curl/pull/1687
-
-- [Isaac Boukris brought this change]
-
- tests: add initial gssapi test using stub implementation
-
- The stub implementation is pre-loaded using LD_PRELOAD
- and emulates common gssapi uses (only builds if curl is
- initially built with gssapi support).
-
- The initial tests are currently disabled for debug builds
- as LD_PRELOAD is not used then.
-
- Ref: https://github.com/curl/curl/pull/1687
-
-Daniel Stenberg (15 Sep 2017)
-- test1150: verify same host fetch using different ports over proxy
-
- Closes #1889
-
-- URL: on connection re-use, still pick the new remote port
-
- ... as when a proxy connection is being re-used, it can still get a
- different remote port.
-
- Fixes #1887
- Reported-by: Oli Kingshott
-
-- RELEASE-NOTES: synced with 87501e57f
-
-- code style: remove wrong uses of multiple spaces
-
- Closes #1878
-
-- checksrc: detect and warn for multiple spaces
-
-- code style: use space after semicolon
-
-- checksrc: verify space after semicolons
-
-- code style: use spaces around pluses
-
-- checksrc: detect and warn for lack of spaces next to plus signs
-
-- code style: use spaces around equals signs
-
-- checksrc: verify spaces around equals signs
-
- ... as the code style mandates.
-
-- Curl_checkheaders: make it available for IMAP and SMTP too
-
- ... not only HTTP uses this now.
-
- Closes #1875
-
-- travis: add build without HTTP/SMTP/IMAP
-
-Jay Satiro (10 Sep 2017)
-- mbedtls: enable CA path processing
-
- CA path processing was implemented when mbedtls.c was added to libcurl
- in fe7590f, but it was never enabled.
-
- Bug: https://github.com/curl/curl/issues/1877
- Reported-by: SBKarr@users.noreply.github.com
-
-Daniel Stenberg (8 Sep 2017)
-- rtsp: do not call fwrite() with NULL pointer FILE *
-
- If the default write callback is used and no destination has been set, a
- NULL pointer would be passed to fwrite()'s 4th argument.
-
- OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
- (not publicly open yet)
-
- Detected by OSS-fuzz
- Closes #1874
-
-- configure: use -Wno-varargs on clang 3.9[.X] debug builds
-
- ... to avoid a clang bug
-
-- [Max Dymond brought this change]
-
- ossfuzz: add some more handled CURL options
-
- Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT,
- MAIL_FROM and uploading data.
-
-- configure: check for C++ compiler after C, to make it non-fatal
-
- The tests for object file/executable file extensions are presumably only
- done for the first of these macros in the configure file.
-
- Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
- Reported-by: Marcel Raad
- Closes #1873
-
-Patrick Monnerat (7 Sep 2017)
-- form API: add new test 650.
-
- Now that the form API is deprecated and not used anymore in curl tool,
- a lot of its features left untested. Test 650 attempts to check all these
- features not tested elsewhere.
-
-Jay Satiro (7 Sep 2017)
-- configure: fix curl_off_t check's include order
-
- - Prepend srcdir include path instead of append.
-
- Prior to this change it was possible that during the check for the size
- of curl_off_t the include path of a user's already installed curl could
- come before the include path of the to-be-built curl, resulting in the
- system.h of the former being incorrectly included for that check.
-
- Closes https://github.com/curl/curl/pull/1870
-
-Daniel Stenberg (7 Sep 2017)
-- [Jakub Zakrzewski brought this change]
-
- KNOWN_BUGS: Remove CMake symbol hiding issue
-
- It has already been fixed in 6140dfc
-
-- http-proxy: when not doing CONNECT, that phase is done immediately
-
- `conn->connect_state` is NULL when doing a regular non-CONNECT request
- over the proxy and should therefor be considered complete at once.
-
- Fixes #1853
- Closes #1862
- Reported-by: Lawrence Wagerfield
-
-- [Johannes Schindelin brought this change]
-
- OpenSSL: fix yet another mistake while encapsulating SSL backend data
-
- Another mistake in my manual fixups of the largely mechanical
- search-and-replace ("connssl->" -> "BACKEND->"), just like the previous
- commit concerning HTTPS proxies (and hence not caught during my
- earlier testing).
-
- Fixes #1855
- Closes #1871
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- OpenSSL: fix erroneous SSL backend encapsulation
-
- In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
- data, 2017-06-21), this developer prepared for a separation of the
- private data of the SSL backends from the general connection data.
-
- This conversion was partially automated (search-and-replace) and
- partially manual (e.g. proxy_ssl's backend data).
-
- Sadly, there was a crucial error in the manual part, where the wrong
- handle was used: rather than connecting ssl[sockindex]' BIO to the
- proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
- was an incorrect location to paste "BACKEND->"... d'oh.
-
- Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Jay Satiro brought this change]
-
- vtls: fix memory corruption
-
- Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
- 2017-07-28), the code handling HTTPS proxies was broken because the
- pointer to the SSL backend data was not swapped between
- conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
- instead set to NULL (causing segmentation faults).
-
- [jes: provided the commit message, tested and verified the patch]
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- vtls: switch to CURL_SHA256_DIGEST_LENGTH define
-
- ... instead of the prefix-less version since WolfSSL 3.12 now uses an
- enum with that name that causes build failures for us.
-
- Fixes #1865
- Closes #1867
- Reported-by: Gisle Vanem
-
-- travis: add c-ares enabled builds linux + osx
-
- Closes #1868
-
-- HISTORY: added some recent items
-
-Jay Satiro (6 Sep 2017)
-- SSL: fix unused parameter warnings
-
-Patrick Monnerat (6 Sep 2017)
-- mime: drop internal FILE * support.
-
- - The part kind MIMEKIND_FILE and associated code are suppressed.
- - Seek data origin offset not used anymore: suppressed.
- - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions
- renamed accordingly.
- - Curl_getformdata() processes stdin via a callback.
-
-Daniel Stenberg (6 Sep 2017)
-- configure: remove --enable-soname-bump and SONAME_BUMP
-
- Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we
- determine the native type for `curl_off_t`. To really make sure we
- didn't break ABI without bumping SONAME, we introduced logic that
- attempted to detect that it would use a different size and thus not be
- compatible. We also provided a manual switch that allowed users to tell
- configure to bump SONAME by force.
-
- Today, we know of no one who ever got a SONAME bump auto-detected and we
- don't know of anyone who's using the manual bump feature. The auto-
- detection is also no longer working since we introduced defining
- curl_off_t in system.h (7.55.0).
-
- Finally, this bumping logic is not present in the cmake build.
-
- Closes #1861
-
-Jay Satiro (6 Sep 2017)
-- [Gisle Vanem brought this change]
-
- vtls: select ssl backend case-insensitive (follow-up)
-
- - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well.
-
- - Change Curl_strcasecompare calls to strcasecompare
- (maps to the former but shorter).
-
- Follow-up to c290b8f.
-
- Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313
-
- Co-authored-by: Jay Satiro
-
-- openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation
-
- This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations.
-
- The first one, written for old OpenSSL versions:
- https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c
-
- The second one, written for BoringSSL and new OpenSSL versions:
- https://github.com/curl/curl/pull/1346
-
- Note the first one is GPL licensed but the author gave permission to
- waive that license for libcurl.
-
- As of right now this feature is disabled by default, and does not have
- a configure option to enable it. To enable this feature define
- ENABLE_SSLKEYLOGFILE when building libcurl and set environment
- variable SSLKEYLOGFILE to a pathname that will receive the keys.
-
- And in Wireshark change your preferences to point to that key file:
- Edit > Preferences > Protocols > SSL > Master-Secret
-
- Co-authored-by: Peter Wu
-
- Ref: https://github.com/curl/curl/pull/1030
- Ref: https://github.com/curl/curl/pull/1346
-
- Closes https://github.com/curl/curl/pull/1866
-
-Patrick Monnerat (5 Sep 2017)
-- mime: fix a trivial warning.
-
-- mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code.
-
- mime_state is now a typedef.
-
-- mime: implement encoders.
-
- curl_mime_encoder() is operational and documented.
- curl tool -F option is extended with ";encoder=".
- curl tool --libcurl option generates calls to curl_mime_encoder().
- New encoder tests 648 & 649.
- Test 1404 extended with an encoder specification.
-
-- runtests.pl: support attribute "nonewline" in part verify/upload.
-
-- [Daniel Stenberg brought this change]
-
- fixup data/test1135
-
-- [Daniel Stenberg brought this change]
-
- mime: unified to use the typedef'd mime structs everywhere
-
- ... and slightly edited to follow our code style better.
-
-- [Daniel Stenberg brought this change]
-
- curl.h: use lower case curl_mime* as for all public symbols
-
-- [Daniel Stenberg brought this change]
-
- docs/curl_mime_*.3: use correct variable types in examples
-
-Kamil Dudka (5 Sep 2017)
-- openssl: use OpenSSL's default ciphers by default
-
- Up2date versions of OpenSSL maintain the default reasonably secure
- without breaking compatibility, so it is better not to override the
- default by curl. Suggested at https://bugzilla.redhat.com/1483972
-
- Closes #1846
-
-Viktor Szakats (5 Sep 2017)
-- examples/mime: minor example code fixes
-
-Daniel Stenberg (5 Sep 2017)
-- docs/curl_mime_*.3: added examples
-
-- configure: add MultiSSL to FEATURES when enabled
-
- ...for curl-config and its corresponding test 1014
-
-- http-proxy: treat all 2xx as CONNECT success
-
- Added test 1904 to verify.
-
- Reported-by: Lawrence Wagerfield
- Fixes #1859
- Closes #1860
-
-- MAIL-ETIQUETTE: added "1.9 Your emails are public"
-
-- curl.h: fix "unused checksrc ignore", remove dangling reference
-
- ... to a README file that doesn't exist anymore
-
-Viktor Szakats (4 Sep 2017)
-- docs: Update to secure URL versions
-
-- mime: use CURL_ZERO_TERMINATED in examples
-
- and some minor whitespace fixes
-
-Daniel Stenberg (4 Sep 2017)
-- schannel: return CURLE_SSL_CACERT on failed verification
-
- ... not *CACERT_BADFILE as it isn't really because of a bad file.
-
- Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html
- Closes #1858
-
-- test1135: fixed after bd8070085f9
-
-- examples/post-callback: stop returning one byte at a time
-
- ... since people copy and paste code from this example and thus they get
- an inefficient POST operation without a good reason and sometimes
- without understanding why.
-
- Instead this now returns as much data as possible.
-
-- RELEASE-NOTES: fixed the function counter script
-
-- curl.h: make the curl_strequal() protos use the same style
-
- ... as the other functions. Makes it easier to machine-parse!
-
-- docs: curl_mime_*.3 man page formatting edits
-
-- RELEASE-NOTES: synced with 1ab9e9b50
-
-Patrick Monnerat (4 Sep 2017)
-- lib: bump version info (soname). Adapt and reenable test 1135.
-
-Daniel Stenberg (3 Sep 2017)
-- headers: move the global_sslset() proto from multi.h to curl.h
-
- As it was added to multi.h simply to not break test 1135, which now has
- been disabled due to the mime API addition anyway and su we can now move
- the sslset stuff to where the other curl_global_* prototypes are.
-
-Patrick Monnerat (3 Sep 2017)
-- mime: fix signed/unsigned conversions.
-
- Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
-
-Jay Satiro (3 Sep 2017)
-- tool_formparse: fix some trivial warnings
-
-Patrick Monnerat (3 Sep 2017)
-- mime: use size_t instead of ssize_t in public API interface.
-
- To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED
- has been introduced.
-
- Documentation updated accordingly.
-
- symbols in versions updated. Added form API symbols deprecation info.
-
-- mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
-
- This feature is badly supported in Windows: as a replacement, a caller has
- to use curl_mime_data_cb() with fread, fseek and possibly fclose
- callbacks to process opened files.
-
- The cli tool and documentation are updated accordingly.
-
- The feature is however kept internally for form API compatibility, with
- the known caveats it always had.
-
- As a side effect, stdin size is not determined by the cli tool even if
- possible and this results in a chunked transfer encoding. Test 173 is
- updated accordingly.
-
-- mime: fix some implicit curl_off_t --> size_t conversion warnings.
-
-- mime: tests and examples.
-
- Additional mime-specific tests.
- Existing tests updated to reflect small differences (Expect: 100-continue,
- data size change due to empty lines, etc).
- Option -F headers= keyword added to tests.
- test1135 disabled until the entry point order change is resolved.
- New example smtp-mime.
- Examples postit2 and multi-post converted from form API to mime API.
-
-- mime: use in curl cli tool instead of form API.
-
- Extended -F option syntax to support multipart mail messages.
- -F keyword headers= added to include custom headers in parts.
- Documentation upgraded.
-
-- mime: new MIME API.
-
- Available in HTTP, SMTP and IMAP.
- Deprecates the FORM API.
- See CURLOPT_MIMEPOST.
- Lib code and associated documentation.
-
-- test564: Add a warning comment about shell profile output.
-
- Shell profile output makes the SSH server failing and this problem reason
- is not easy to find when no hint is given.
-
-- checksrc: disable SPACEBEFOREPAREN for case statement.
-
- The case keyword may be followed by a constant expression and thus should
- allow it to start with an open parenthesis.
-
-- runtests.pl: allow <file[1-4]> tags in client section.
-
- This enables tests to create more than one file on the client side.
-
-- runtests.pl: Apply strippart to upload too.
-
- This will allow substitution of boundaries in mail messages.
-
-- Curl_base64_encode: always call with a real data handle.
-
- Some calls in different modules were setting the data handle to NULL, causing
- segmentation faults when using builds that enable character code conversions.
-
-- non-ascii: allow conversion functions to be called with a NULL data handle.
-
-- http: fix a memory leakage in checkrtspprefix().
-
-Daniel Stenberg (2 Sep 2017)
-- [Max Dymond brought this change]
-
- ossfuzz: Move to C++ for curl_fuzzer.
-
- Automake gets confused if you want to use C++ static libraries with C
- code - basically we need to involve the clang++ linker. The easiest way
- of achieving this is to rename the C code as C++ code. This gets us a
- bit further along the path and ought to be compatible with Google's
- version of clang.
-
-- curl_global_sslset: select backend by name case insensitively
-
- Closes #1849
-
-- [Max Dymond brought this change]
-
- ossfuzz: additional seed corpora
-
- Create simple seed corpora for:
- - FTP
- - telnet
- - dict
- - tftp
- - imap
- - pop3
-
- based off the tests of the same number.
-
- Closes #1842
-
-- [Max Dymond brought this change]
-
- ossfuzz: moving towards the ideal integration
-
- - Start with the basic code from the ossfuzz project.
- - Rewrite fuzz corpora to be binary files full of Type-Length-Value
- data, and write a glue layer in the fuzzing function to convert
- corpora into CURL options.
- - Have supporting functions to generate corpora from existing tests
- - Integrate with Makefile.am
-
-- strcase: corrected comment header for Curl_strcasecompare()
-
-- unit1301: fix error message on first test
-
-- curl_global_sslset.3: show the struct and enum too
-
- ... so that users can actually write code based on the man page alone,
- not having to read the header file.
-
-Jay Satiro (31 Aug 2017)
-- darwinssl: handle long strings in TLS certs (follow-up)
-
- - Fix handling certificate subjects that are already UTF-8 encoded.
-
- Follow-up to b3b75d1 from two days ago. Since then a copy would be
- skipped if the subject was already UTF-8, possibly resulting in a NULL
- deref later on.
-
- Ref: https://github.com/curl/curl/issues/1823
- Ref: https://github.com/curl/curl/pull/1831
-
- Closes https://github.com/curl/curl/pull/1836
-
-Daniel Stenberg (31 Aug 2017)
-- cyassl: call it the "WolfSSL" backend
-
- ... instead of cyassl, as this is the current name for it.
-
- Closes #1844
-
-- polarssl: fix multissl breakage
-
- Reported-by: Dan Fandrich
- Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html
- Closes #1843
-
-- configure: remove the leading comma from the backends list
-
- ... when darwinssl is used.
-
- Reported-by: Viktor Szakats
- Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493
-
- Closes #1845
-
-Kamil Dudka (30 Aug 2017)
-- examples/sslbackend.c: fix failure of 'make checksrc'
-
- ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE)
- } else if(isdigit(*name)) {
- ^
- ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE)
- } else
- ^
-
-Viktor Szakats (30 Aug 2017)
-- makefile.m32: add multissl support
-
- Closes https://github.com/curl/curl/pull/1840
-
-Daniel Stenberg (30 Aug 2017)
-- curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
-
- The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for
- CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk
- for a similar mistake, define the backend aliases to use the enum values
- instead.
-
- Reported-by: Gisle Vanem
- Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html
-
-- curl_global_sslset.3: clarify
-
- it is a one time *set*, not necessarily a one time use... it can be
- called again if the first call failed or just listed the alternatives.
-
- clarify that the available backends are the ones this build supports
-
- plus add some formatting
-
- Reported-by: Rich Gray
- Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html
-
-- curl/multi.h: remove duplicated closing c++ brace
-
- Regression since 1328f69d53f2f2e93
-
- Fixes #1841
- Reported-by: Andrei Karas
-
-- RELEASE-NOTES: synced with 8c33c963a
-
-- HELP-US.md: spelling
-
-- HELP-US.md: "How to get started helping out in the curl project"
-
- Closes #1837
-
-Dan Fandrich (29 Aug 2017)
-- asyn-thread: Fixed cleanup after OOM
-
- destroy_async_data() assumes that if the flag "done" is not set yet, the
- thread itself will clean up once the request is complete. But if an
- error (generally OOM) occurs before the thread even has a chance to
- start, it will never get a chance to clean up and memory will be leaked.
- By clearing "done" only just before starting the thread, the correct
- cleanup sequence will happen in all cases.
-
-Daniel Stenberg (28 Aug 2017)
-- curl_global_init.3: mention curl_global_sslset(3)
-
-Dan Fandrich (28 Aug 2017)
-- unit1606: Fixed shadowed variable warning
-
-- asyn-thread: Improved cleanup after OOM situations
-
-- asyn-thread: Set errno to the proper value ENOMEM in OOM situation
-
- This used to be set in some configurations to EAI_MEMORY which is not a
- valid value for errno and caused Curl_strerror to fail an assertion.
-
-Daniel Stenberg (28 Aug 2017)
-- [Johannes Schindelin brought this change]
-
- configure: Handle "MultiSSL" specially When versioning symbols
-
- There is a mode in which libcurl is compiled with versioned symbols,
- depending on the active SSL backend.
-
- When multiple SSL backends are active, it does not make sense to favor
- one over the others, so let's not: introduce a new prefix for the case
- where multiple SSL backends are compiled into cURL.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- configure: allow setting the default SSL backend
-
- Previously, we used as default SSL backend whatever was first in the
- `available_backends` array.
-
- However, some users may want to override that default without patching
- the source code.
-
- Now they can: with the --with-default-ssl-backend=<backend> option of
- the ./configure script.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: use Curl_ssl_multi pseudo backend only when needed
-
- When only one SSL backend is configured, it is totally unnecessary to
- let multissl_init() configure the backend at runtime, we can select the
- correct backend at build time already.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- version: if built with more than one SSL backend, report all of them
-
- To discern the active one from the inactive ones, put the latter into
- parentheses.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- version: add the CURL_VERSION_MULTI_SSL feature flag
-
- This new feature flag reports When cURL was built with multiple SSL
- backends.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- metalink: allow compiling with multiple SSL backends
-
- Previously, the code assumed that at most one of the SSL backends would
- be compiled in, emulating OpenSSL's functions if the configured backend
- was not OpenSSL itself.
-
- However, now we allow building with multiple SSL backends and choosing
- one at runtime. Therefore, metalink needs to be adjusted to handle this
- scenario, too.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- docs/examples: demonstrate how to select SSL backends
-
- The newly-introduced curl_global_sslset() function deserves to be
- show-cased.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- Add a man page for curl_global_sslset()
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: introduce curl_global_sslset()
-
- Let's add a compile time safe API to select an SSL backend. This
- function needs to be called *before* curl_global_init(), and can be
- called only once.
-
- Side note: we do not explicitly test that it is called before
- curl_global_init(), but we do verify that it is not called multiple times
- (even implicitly).
-
- If SSL is used before the function was called, it will use whatever the
- CURL_SSL_BACKEND environment variable says (or default to the first
- available SSL backend), and if a subsequent call to
- curl_global_sslset() disagrees with the previous choice, it will fail
- with CURLSSLSET_TOO_LATE.
-
- The function also accepts an "avail" parameter to point to a (read-only)
- NULL-terminated list of available backends. This comes in real handy if
- an application wants to let the user choose between whatever SSL backends
- the currently available libcurl has to offer: simply call
-
- curl_global_sslset(-1, NULL, &avail);
-
- which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
- variable to point to the relevant information to present to the user.
-
- Just like with the HTTP/2 push functions, we have to add the function
- declaration of curl_global_sslset() function to the header file
- *multi.h* because VMS and OS/400 require a stable order of functions
- declared in include/curl/*.h (where the header files are sorted
- alphabetically). This looks a bit funny, but it cannot be helped.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: refactor out essential information about the SSL backends
-
- There is information about the compiled-in SSL backends that is really
- no concern of any code other than the SSL backend itself, such as which
- function (if any) implements SHA-256 summing.
-
- And there is information that is really interesting to the user, such as
- the name, or the curl_sslbackend value.
-
- Let's factor out the latter into a publicly visible struct. This
- information will be used in the upcoming API to set the SSL backend
- globally.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: allow selecting which SSL backend to use at runtime
-
- When building software for the masses, it is sometimes not possible to
- decide for all users which SSL backend is appropriate.
-
- Git for Windows, for example, uses cURL to perform clones, fetches and
- pushes via HTTPS, and some users strongly prefer OpenSSL, while other
- users really need to use Secure Channel because it offers
- enterprise-ready tools to manage credentials via Windows' Credential
- Store.
-
- The current Git for Windows versions use the ugly work-around of
- building libcurl once with OpenSSL support and once with Secure Channel
- support, and switching out the binaries in the installer depending on
- the user's choice.
-
- Needless to say, this is a super ugly workaround that actually only
- works in some cases: Git for Windows also comes in a portable form, and
- in a form intended for third-party applications requiring Git
- functionality, in which cases this "swap out libcurl-4.dll" simply is
- not an option.
-
- Therefore, the Git for Windows project has a vested interest in teaching
- cURL to make the SSL backend a *runtime* option.
-
- This patch makes that possible.
-
- By running ./configure with multiple --with-<backend> options, cURL will
- be built with multiple backends.
-
- For the moment, the backend can be configured using the environment
- variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and
- "schannel").
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: fold the backend ID into the Curl_ssl structure
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- curl_ntlm_core: don't complain but #include OpenSSL header if needed
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: encapsulate SSL backend-specific data
-
- So far, all of the SSL backends' private data has been declared as
- part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
- block.
-
- This can only work as long as the SSL backend is a compile-time option,
- something we want to change in the next commits.
-
- Therefore, let's encapsulate the exact data needed by each SSL backend
- into a private struct, and let's avoid bleeding any SSL backend-specific
- information into urldata.h. This is also necessary to allow multiple SSL
- backends to be compiled in at the same time, as e.g. OpenSSL's and
- CyaSSL's headers cannot be included in the same .c file.
-
- To avoid too many malloc() calls, we simply append the private structs
- to the connectdata struct in allocate_conn().
-
- This requires us to take extra care of alignment issues: struct fields
- often need to be aligned on certain boundaries e.g. 32-bit values need to
- be stored at addresses that divide evenly by 4 (= 32 bit / 8
- bit-per-byte).
-
- We do that by assuming that no SSL backend's private data contains any
- fields that need to be aligned on boundaries larger than `long long`
- (typically 64-bit) would need. Under this assumption, we simply add a
- dummy field of type `long long` to the `struct connectdata` struct. This
- field will never be accessed but acts as a placeholder for the four
- instances of ssl_backend_data instead. the size of each ssl_backend_data
- struct is stored in the SSL backend-specific metadata, to allow
- allocate_conn() to know how much extra space to allocate, and how to
- initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
- pointers.
-
- This would appear to be a little complicated at first, but is really
- necessary to encapsulate the private data of each SSL backend correctly.
- And we need to encapsulate thusly if we ever want to allow selecting
- CyaSSL and OpenSSL at runtime, as their headers cannot be included within
- the same .c file (there are just too many conflicting definitions and
- declarations for that).
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: prepare the SSL backends for encapsulated private data
-
- At the moment, cURL's SSL backend needs to be configured at build time.
- As such, it is totally okay for them to hard-code their backend-specific
- data in the ssl_connect_data struct.
-
- In preparation for making the SSL backend a runtime option, let's make
- the access of said private data a bit more abstract so that it can be
- adjusted later in an easy manner.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- urldata.h: move SSPI-specific #include to correct location
-
- In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables,
- 2014-12-03), an SSPI-specific field was added to the kerberos5data
- struct without moving the #include "curl_sspi.h" later in the same file.
-
- This broke the build when SSPI was enabled, unless Secure Channel was
- used as SSL backend, because it just so happens that Secure Channel also
- requires "curl_sspi.h" to be #included.
-
- In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled,
- 2017-02-21), this bug was fixed incorrectly: Instead of moving the
- appropriate conditional #include, the Secure Channel-conditional part
- was now also SSPI-conditional.
-
- Fix this problem by moving the correct #include instead.
-
- This is also required for an upcoming patch that moves all the Secure
- Channel-specific stuff out of urldata.h and encapsulates it properly in
- vtls/schannel.c instead.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- urldata.h: remove support for obsolete PolarSSL version
-
- Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require
- a newer PolarSSL version. No need to keep code trying to support any
- older version.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- getinfo: access SSL internals via Curl_ssl
-
- In the ongoing endeavor to abstract out all SSL backend-specific
- functionality, this is the next step: Instead of hard-coding how the
- different SSL backends access their internal data in getinfo.c, let's
- implement backend-specific functions to do that task.
-
- This will also allow for switching SSL backends as a runtime option.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: move SSL backends' private constants out of their header files
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- axtls: use Curl_none_* versions of init() and cleanup()
-
- There are convenient no-op versions of the init/cleanup functions now,
- no need to define private ones for axTLS.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: remove obsolete declarations of SSL backend functionality
-
- These functions are all available via the Curl_ssl struct now, no need
- to declare them separately anymore.
-
- As the global declarations are removed, the corresponding function
- definitions are marked as file-local. The only two exceptions here are
- Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the
- declarations were removed, there are no function definitions to mark
- file-local.
-
- Please note that Curl_nss_force_init() is *still* declared globally, as
- the only SSL backend-specific function, because it was introduced
- specifically for the use case where cURL was compiled with
- `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add
- support for NSS, 2010-06-27).
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- schannel: reorder functions topologically
-
- The _shutdown() function calls the _session_free() function; While this
- is not a problem now (because schannel.h declares both functions), a
- patch looming in the immediate future with make all of these functions
- file-local.
-
- So let's just move the _session_free() function's definition before it
- is called.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- axtls: reorder functions topologically
-
- The connect_finish() function (like many other functions after it) calls
- the Curl_axtls_close() function; While this is not a problem now
- (because axtls.h declares the latter function), a patch looming in the
- immediate future with make all of these functions file-local.
-
- So let's just move the Curl_axtls_close() function's definition before
- it is called.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct
-
- That will allow us to choose the SSL backend at runtime.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: convert the have_curlssl_* constants to runtime flags
-
- The entire idea of introducing the Curl_ssl struct to describe SSL
- backends is to prepare for choosing the SSL backend at runtime.
-
- To that end, convert all the #ifdef have_curlssl_* style conditionals
- to use bit flags instead.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: move sha256sum into the Curl_ssl struct
-
- The SHA-256 checksumming is also an SSL backend-specific function.
- Let's include it in the struct declaring the functionality of SSL
- backends.
-
- In contrast to MD5, there is no fall-back code. To indicate this, the
- respective entries are NULL for those backends that offer no support for
- SHA-256 checksumming.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: move md5sum into the Curl_ssl struct
-
- The MD5 summing is also an SSL backend-specific function. So let's
- include it, offering the previous fall-back code as a separate function
- now: Curl_none_md5sum(). To allow for that, the signature had to be
- changed so that an error could be returned from the implementation
- (Curl_none_md5sum() can run out of memory).
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: use the Curl_ssl struct to access all SSL backends' functionality
-
- This is the first step to unify the SSL backend handling. Now all the
- SSL backend-specific functionality is accessed via a global instance of
- the Curl_ssl struct.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: declare Curl_ssl structs for every SSL backend
-
- The idea of introducing the Curl_ssl struct was to unify how the SSL
- backends are declared and called. To this end, we now provide an
- instance of the Curl_ssl struct for each and every SSL backend.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: introduce a new struct for SSL backends
-
- This new struct is similar in nature to Curl_handler: it will define the
- functions and capabilities of all the SSL backends (where Curl_handler
- defines the functions and capabilities of protocol handlers).
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: make sure every _sha256sum()'s first arg is const
-
- This patch makes the signature of the _sha256sum() functions consistent
- among the SSL backends, in preparation for unifying the way all SSL
- backends are accessed.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: make sure all _data_pending() functions return bool
-
- This patch makes the signature of the _data_pending() functions
- consistent among the SSL backends, in preparation for unifying the way
- all SSL backends are accessed.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: make sure all _cleanup() functions return void
-
- This patch makes the signature of the _cleanup() functions consistent
- among the SSL backends, in preparation for unifying the way all SSL
- backends are accessed.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
- vtls: use consistent signature for _random() implementations
-
- This will make the upcoming multissl backend much easier to implement.
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- strtooff: fix build for systems with long long but no strtoll option
-
- Closes #1829
-
- Reported-by: Dan Fandrich
- Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615
-
-- darwinssl: handle long strings in TLS certs
-
- ... as the previous fixed length 128 bytes buffer was sometimes too
- small.
-
- Fixes #1823
- Closes #1831
-
- Reported-by: Benjamin Sergeant
- Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann
-
-- system.h: include sys/poll.h for AIX
-
- ... to get the event/revent defines that might be used for the poll
- struct.
-
- Reported-by: Michael Smith
- Fixes #1828
- Closes #1833
-
-Dan Fandrich (26 Aug 2017)
-- tests: Make sure libtests & unittests call curl_global_cleanup()
-
- These were missed in commit c468c27b.
-
-Jay Satiro (26 Aug 2017)
-- [theantigod brought this change]
-
- winbuild: fix embedded manifest option
-
- Embedded manifest option didn't work due to incorrect path.
-
- Fixes https://github.com/curl/curl/issues/1832
-
-Daniel Stenberg (25 Aug 2017)
-- fuzz/Makefile.am: remove curlbuild.h leftovers
-
-- examples/threaded-ssl: mention that this is for openssl before 1.1
-
-- imap: use defined names for response codes
-
- When working on this code I found the previous setup a bit weird while
- using proper defines increases readability.
-
- Closes #1824
-
-- CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
-
-- imap: support PREAUTH
-
- It is a defined possible greeting at server startup that means the
- connection is already authenticated. See
- https://tools.ietf.org/html/rfc3501#section-7.1.4
-
- Test 846 added to verify.
-
- Fixes #1818
- Closes #1820
-
-Jay Satiro (23 Aug 2017)
-- config-tpf: define SIZEOF_LONG
-
- Recent changes that replaced CURL_SIZEOF_LONG in the source with
- SIZEOF_LONG broke builds that use the premade configuration files and
- don't have SIZEOF_LONG defined.
-
- Bug: https://github.com/curl/curl/issues/1816
-
-Dan Fandrich (23 Aug 2017)
-- test1453: Fixed <features>
-
-Daniel Stenberg (22 Aug 2017)
-- [Gisle Vanem brought this change]
-
- config-dos: add missing defines, SIZEOF_* and two others
-
- Bug: #1816
-
-- curl: shorten and clean up CA cert verification error message
-
- The previous message was just too long for ordinary people and it was
- encouraging users to use `--insecure` a little too easy.
-
- Based-on-work-by: Frank Denis
-
- Closes #1810
- Closes #1817
-
-- request-target.d: mention added in 7.55.0
-
-Marcel Raad (22 Aug 2017)
-- tool_main: turn off MinGW CRT's globbing
-
- By default, the MinGW CRT globs command-line arguments. This prevents
- getting a single asterisk into an argument as test 1299 does. Turn off
- globbing by setting the global variable _CRT_glob to 0 for MinGW.
-
- Fixes https://github.com/curl/curl/issues/1751
- Closes https://github.com/curl/curl/pull/1813
-
-Viktor Szakats (22 Aug 2017)
-- makefile.m32: add support for libidn2
-
- libidn was replaced with libidn2 last year in configure.
- Caveat: libidn2 may depend on a list of further libs.
- These can be manually specified via CURL_LDFLAG_EXTRAS.
-
- Closes https://github.com/curl/curl/pull/1815
-
-Jay Satiro (22 Aug 2017)
-- [Viktor Szakats brought this change]
-
- config-win32: define SIZEOF_LONG
-
- Recent changes that replaced CURL_SIZEOF_LONG in the source with
- SIZEOF_LONG broke builds that use the premade configuration files and
- don't have SIZEOF_LONG defined.
-
- Closes https://github.com/curl/curl/pull/1814
-
-Daniel Stenberg (20 Aug 2017)
-- cmake: enable picky compiler options with clang and gcc
-
- closes #1799
-
-- curl/system.h: fix build for hppa
-
- Reported-by: John David Anglin
- Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10
-
-- [Even Rouault brought this change]
-
- tftp: fix memory leak on too long filename
-
- Fixes
-
- $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
-
- ==9752== Memcheck, a memory error detector
- ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
- ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
- ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
- ==9752==
- curl: (71) TFTP file name too long
-
- ==9752==
- ==9752== HEAP SUMMARY:
- ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
- ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
- ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
- ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
- ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl)
-
- Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
- Credit to OSS Fuzz
-
- Closes #1808
-
-Dan Fandrich (19 Aug 2017)
-- runtests: fixed case insensitive matching of keywords
-
- Commit 5c2aac71 didn't work in the case of mixed-case keywords given on
- the command-line.
-
-- tests: Make sure libtests call curl_global_cleanup()
-
- This ensures that global data allocations are freed so Valgrind stays
- happy. This was a problem with at least PolarSSL and mbedTLS.
-
-Daniel Stenberg (18 Aug 2017)
-- RELEASE-NOTES: synced with 8baead425
-
-- scripts/contri*sh: use "git log --use-mailmap"
-
-- mailmap: de-duplify some git authors
-
-- http2_recv: return error better on fatal h2 errors
-
- Ref #1012
- Figured-out-by: Tatsuhiro Tsujikawa
-
-- KNOWN_BUGS: HTTP test server 'connection-monitor' problems
-
- Closes #868
-
-- curl/system.h: check for __ppc__ as well
-
- ... regression since issue #1774 (commit 10b3df10596a) since obviously
- some older gcc doesn't know __powerpc__ while some newer doesn't know
- __ppc__ ...
-
- Fixes #1797
- Closes #1798
- Reported-by: Ryan Schmidt
-
-- [Jan Alexander Steffens (heftig) brought this change]
-
- http: Don't wait on CONNECT when there is no proxy
-
- Since curl 7.55.0, NetworkManager almost always failed its connectivity
- check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP
- CONNECT process entirely non-blocking).
-
- This patch replaces !Curl_connect_complete with Curl_connect_ongoing,
- which returns false if the CONNECT state was left uninitialized and lets
- the connection continue.
-
- Closes #1803
- Fixes #1804
-
- Also-fixed-by: Gergely Nagy
-
-- [Johannes Schindelin brought this change]
-
- metalink: adjust source code style
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG
-
-- lib557: no longer use CURL_SIZEOF_* defines
-
-- config-win32: define SIZEOF_CURL_OFF_T
-
-- cmake: sizeof curl_off_t, remove unused detections
-
-- system.h: remove all CURL_SIZEOF_* defines
-
- ... as they're not used externally and internally we check for the sizes
- already in configure etc.
-
- Closes #1767
-
-- ftp: fix CWD when doing multicwd then nocwd on same connection
-
- Fixes #1782
- Closes #1787
- Reported-by: Peter Lamare
-
-- CURLOPT_SSH_COMPRESSION.3: enable with 1L
-
- (leaves other values reserved for the future)
-
-- compressed-ssh.d: "Added: 7.56.0"
-
-- curl/system.h: checksrc compliance
-
-Jay Satiro (17 Aug 2017)
-- [Viktor Szakats brought this change]
-
- ssh: add the ability to enable compression (for SCP/SFTP)
-
- The required low-level logic was already available as part of
- `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
- option.)
-
- This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
- (boolean) and the new `curl` command-line option `--compressed-ssh`
- to request this `libssh2` feature. To have compression enabled, it
- is required that the SSH server supports a (zlib) compatible
- compression method and that `libssh2` was built with `zlib` support
- enabled.
-
- [1] https://www.libssh2.org/libssh2_session_flag.html
-
- Ref: https://github.com/curl/curl/issues/1732
- Closes https://github.com/curl/curl/pull/1735
-
-- examples/ftpuploadresume: checksrc compliance
-
-- [Maksim Stsepanenka brought this change]
-
- http_proxy: fix build error for CURL_DOES_CONVERSIONS
-
- Closes https://github.com/curl/curl/pull/1793
-
-GitHub (16 Aug 2017)
-- [Nick Zitzmann brought this change]
-
- configure: check for __builtin_available() availability (#1788)
-
- This change does two things:
- 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently
- failing trying to compile connectx() in lib/connect.c.)
- 2. It finally weak-links the connectx() function, and falls back on
- connect() when run on older operating systems.
-
-Daniel Stenberg (16 Aug 2017)
-- travis: add metalink to some osx builds
-
- Closes #1790
-
-- [Max Dymond brought this change]
-
- coverage: Use two coveralls commands to get lib/vtls results
-
- closes #1747
-
-- darwinssi: fix error: variable length array used
-
-- m4/curl-compilers.m4: use proper quotes around string, not backticks
-
- ... when setting clang version to assume 3.7
-
- Caused a lot of "integer expression expected" warnings by configure.
-
-- [Benbuck Nason brought this change]
-
- cmake: remove dead code for DISABLED_THREADSAFE
-
- Closes #1786
-
-Jay Satiro (15 Aug 2017)
-- [Jakub Zakrzewski brought this change]
-
- curl-confopts.m4: fix --disable-threaded-resolver
-
- Closes https://github.com/curl/curl/issues/1784
-
-Daniel Stenberg (15 Aug 2017)
-- [Ryan Winograd brought this change]
-
- progress: Track total times following redirects
-
- Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`,
- `t_pretransfer`, and `t_starttransfer` to track the total times for
- these activities when a redirect is followed. Previously, only the times
- for the most recent request would be tracked.
-
- Related changes:
-
- - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes`
- now that the function only resets transfer sizes and no longer
- modifies any of the progress timers.
-
- - Add a bool to the `Progress` struct that is used to prevent
- double-counting `t_starttransfer` times.
-
- Added test case 1399.
-
- Fixes #522 and Known Bug 1.8
- Closes #1602
- Reported-by: joshhe on github
-
-- [Benbuck Nason brought this change]
-
- cmake: remove dead code for CURL_DISABLE_RTMP
-
- Closes #1785
-
-Kamil Dudka (15 Aug 2017)
-- zsh.pl: produce a working completion script again
-
- Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help
- to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to
- produce a broken completion script:
-
- % curl --<TAB>
- _curl:10: no such file or directory: seconds
-
- Closes #1779
-
-Daniel Stenberg (15 Aug 2017)
-- curlver: toward 7.56.0?
-
-- RELEASE-NOTES: synced with 91c46dc44
-
-- test1449: FTP download range with an too large size
-
-- strtoofft: reduce integer overflow risks globally
-
- ... make sure we bail out on overflows.
-
- Reported-by: Brian Carpenter
- Closes #1758
-
-- travis: build the examples too
-
- to make sure they keep building warning-free
-
- Closes #1777
-
-- runtests: match keywords case insensitively
-
-- examples/ftpuploadresume.c: use portable code
-
- ... converted from the MS specific _snscanf()
-
-Version 7.55.1 (13 Aug 2017)
-
-Daniel Stenberg (13 Aug 2017)
-- RELEASE-NOTES/THANKS: curl 7.55.1 release time
-
-- gitignore: ignore .xz now instead of .lzma
-
-- [Sergei Nikulov brought this change]
-
- cmake: Threads detection update. ref: #1702
-
- Closes #1719
-
-- ipv6_scope: support unique local addresses
-
- Fixes #1764
- Closes #1773
- Reported-by: James Slaughter
-
-- [Alex Potapenko brought this change]
-
- curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__
-
- Closes #1774
-
-- test1448: verify redirect to IDN using URL
-
- Closes #1772
-
-- [Salah-Eddin Shaban brought this change]
-
- redirect: skip URL encoding for host names
-
- This fixes redirects to IDN URLs
-
- Fixes #1441
- Closes #1762
- Reported by: David Lord
-
-- test2032: mark as flaky (again)
-
-- travis: test cmake build on tarball too
-
- Could've prevented #1755
-
-- [Simon Warta brought this change]
-
- cmake: allow user to override CMAKE_DEBUG_POSTFIX
-
- Closes #1763
-
-- connect-to.d: better language
-
-- connect-to.d: clarified
-
-- bagder/Curl_tvdiff_us: fix the math
-
- Regression since adef394ac5 (released in 7.55.0)
-
- Reported-by: Han Qiao
- Fixes #1769
- Closes #1771
-
-- curl/system.h: add Oracle Solaris Studio
-
- Fixes #1752
-
-- [Alessandro Ghedini brought this change]
-
- docs: fix typo funtion -> function
-
- Closes #1770
-
-Alessandro Ghedini (12 Aug 2017)
-- docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description
-
-- docs: fix typo stuct -> struct
-
-Dan Fandrich (12 Aug 2017)
-- test1447: require a curl with http support
-
-Daniel Stenberg (11 Aug 2017)
-- [Thomas Petazzoni brought this change]
-
- curl/system.h: support more architectures
-
- The long list of architectures in include/curl/system.h is annoying to
- maintain, and needs to be extended for each and every architecture to
- support.
-
- Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
- (we are in the GNUC condition anyway), which tells us if long is 4
- bytes or 8 bytes.
-
- This fixes the build of libcurl 7.55.0 on architectures such as
- OpenRISC or ARC.
-
- Closes #1766
-
- Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-- test2033: this went flaky again
-
- Suspicion: when we enabled the threaded resolver by default.
-
-- test1447: verifies the parse proxy fix in 6e0e152ce5c
-
-- [Even Rouault brought this change]
-
- parse_proxy(): fix memory leak in case of invalid proxy server name
-
- Fixes the below leak:
-
- $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
- curl: (5) Couldn't resolve proxy name
- ==5048==
- ==5048== HEAP SUMMARY:
- ==5048== in use at exit: 532 bytes in 12 blocks
- ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
- ==5048==
- ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
- ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==5048== by 0x4E6CB79: parse_login_details (url.c:5614)
- ==5048== by 0x4E6BA82: parse_proxy (url.c:5091)
- ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
- ==5048== by 0x4E6EA18: create_conn (url.c:6498)
- ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967)
- ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436)
- ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160)
- ==5048== by 0x4E7C515: easy_transfer (easy.c:708)
- ==5048== by 0x4E7C74A: easy_perform (easy.c:794)
- ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813)
- ==5048== by 0x414025: operate_do (tool_operate.c:1563)
- ==5048==
- ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
- ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621)
- ==5048== by 0x4E6BA82: parse_proxy (url.c:5091)
- ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
- ==5048== by 0x4E6EA18: create_conn (url.c:6498)
- ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967)
- ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436)
- ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160)
- ==5048== by 0x4E7C515: easy_transfer (easy.c:708)
- ==5048== by 0x4E7C74A: easy_perform (easy.c:794)
- ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813)
- ==5048== by 0x414025: operate_do (tool_operate.c:1563)
-
- Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
- Credit to OSS Fuzz for discovery
-
- Closes #1761
-
-- RELEASE-NOTES: synced with 37f2195a9
-
-- curlver: bump to 7.55.1
-
-- openssl: fix "error: this statement may fall through"
-
- A gcc7 warning.
-
-- [David Benjamin brought this change]
-
- openssl: remove CONST_ASN1_BIT_STRING.
-
- Just making the pointer as const works for the pre-1.1.0 path too.
-
- Closes #1759
-
-- maketgz: remove old *.dist files before making the tarball
-
- To avoid "old crap" unintentionally getting shipped.
-
- Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html
- Reported-by: Christian Weisgerber
-
-Jay Satiro (10 Aug 2017)
-- mkhelp.pl: allow executing this script directly
-
- - Enable execute permission (chmod +x)
-
- - Change interpreter to /usr/bin/env perl
-
- Ref: https://github.com/curl/curl/issues/1743
-
-Daniel Stenberg (10 Aug 2017)
-- configure: use the threaded resolver backend by default if possible
-
- Closes #1647
-
-- cmake: move cmake_uninstall.cmake to CMake/
-
- Closes #1756
-
-- metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
-
-- dist: fix the cmake build by shipping cmake_uninstall.cmake.in too
-
- Fixes #1755
-
-- travis: verify "make install"
-
- Help-by: Jay Satiro
- Closes #1753
-
-Marcel Raad (10 Aug 2017)
-- build: check out *.sln files with Windows line endings
-
- Visual Studio doesn't like LF line endings in solution files and always
- converts them to CRLF when doing changes to the solution. Notably, this
- affects the solutions in the release archive.
-
- Closes https://github.com/curl/curl/pull/1746
-
-- gitignore: ignore top-level .vs folder
-
- This folder is generated when using the CMake build system from within
- Visual Studio.
-
- Closes https://github.com/curl/curl/pull/1746
-
-Jay Satiro (10 Aug 2017)
-- digest_sspi: Don't reuse context if the user/passwd has changed
-
- Bug: https://github.com/curl/curl/issues/1685
- Reported-by: paulharris@users.noreply.github.com
-
- Assisted-by: Isaac Boukris
-
- Closes https://github.com/curl/curl/pull/1742
-
-Daniel Stenberg (9 Aug 2017)
-- [Adam Sampson brought this change]
-
- dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST
-
- These weren't included in the 7.55.0 release, but are required in order
- to run the full test suite.
-
- Closes #1744
-
-- [Adam Sampson brought this change]
-
- curl: do bounds check using a double comparison
-
- The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
- complete: if the parsed number in num is larger than will fit in a long,
- the conversion is undefined behaviour (causing test1427 to fail for me
- on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
- rid of the cast means the comparison will be done using doubles.
-
- It might make more sense for the max argument to also be a double...
-
- Fixes #1750
- Closes #1749
-
-- make install: add 8 missing man pages to the installation
-
-- build: fix 'make install' with configure, install docs/libcurl/* too
-
- Broken since d24838d4da9faa
-
- Reported-by: Bernard Spil
-
-Version 7.55.0 (9 Aug 2017)
-
-Daniel Stenberg (9 Aug 2017)
-- RELEASE-NOTES: curl 7.55.0
-
-- THANKS: 20 new contributors in 7.55.0
-
-- [Viktor Szakats brought this change]
-
- docs/comments: Update to secure URL versions
-
- Closes #1741
-
-- configure: fix recv/send/select detection on Android
-
- ... since they now provide several functions as
- __attribute__((overloadable)), the argument detection logic need
- updates.
-
- Patched-by: destman at github
-
- Fixes #1738
- Closes #1739
-
-Marcel Raad (8 Aug 2017)
-- ax_code_coverage.m4: update to latest version
-
- This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
- from August 01, 2017. Notably, this removes the lconv version whitelist.
-
- Closes https://github.com/curl/curl/pull/1716
-
-Daniel Stenberg (7 Aug 2017)
-- test1427: verify command line parser integer overflow detection
-
-- curl: detect and bail out early on parameter integer overflows
-
- Make the number parser aware of the maximum limit curl accepts for a
- value and return an error immediately if larger, instead of running an
- integer overflow later.
-
- Fixes #1730
- Closes #1736
-
-- glob: do not continue parsing after a strtoul() overflow range
-
- Added test 1289 to verify.
-
- CVE-2017-1000101
-
- Bug: https://curl.haxx.se/docs/adv_20170809A.html
- Reported-by: Brian Carpenter
-
-- tftp: reject file name lengths that don't fit
-
- ... and thereby avoid telling send() to send off more bytes than the
- size of the buffer!
-
- CVE-2017-1000100
-
- Bug: https://curl.haxx.se/docs/adv_20170809B.html
- Reported-by: Even Rouault
-
- Credit to OSS-Fuzz for the discovery
-
-- [Even Rouault brought this change]
-
- file: output the correct buffer to the user
-
- Regression brought by 7c312f84ea930d8 (April 2017)
-
- CVE-2017-1000099
-
- Bug: https://curl.haxx.se/docs/adv_20170809C.html
-
- Credit to OSS-Fuzz for the discovery
-
-- easy_events: make event data static
-
- First: this function is only used in debug-builds and not in
- release/real builds. It is used to drive tests using the event-based
- API.
-
- A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
- CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
- funtion returns, namely when curl_multi_remove_handle() is called.
-
- Reported-by: Brian Carpenter
-
-- getparameter: avoid returning uninitialized 'usedarg'
-
- Fixes #1728
-
-Marcel Raad (5 Aug 2017)
-- [Isaac Boukris brought this change]
-
- gssapi: fix memory leak of output token in multi round context
-
- When multiple rounds are needed to establish a security context
- (usually ntlm), we overwrite old token with a new one without free.
- Found by proposed gss tests using stub a gss implementation (by
- valgrind error), though I have confirmed the leak with a real
- gssapi implementation as well.
-
- Closes https://github.com/curl/curl/pull/1733
-
-- darwinssl: fix compiler warning
-
- clang complains:
- vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
- [-Werror,-Wextra-tokens]
-
- This breaks the darwinssl build on Travis. Fix it by making this token
- a comment.
-
- Closes https://github.com/curl/curl/pull/1734
-
-- CMake: fix CURL_WERROR for MSVC
-
- When using CURL_WERROR in MSVC builds, the debug flags were overridden
- by the release flags and /WX got added twice in debug mode.
-
- Closes https://github.com/curl/curl/pull/1715
-
-Daniel Stenberg (4 Aug 2017)
-- RELEASE-NOTES: synced with 561e9217c
-
-- test1010: verify that #1718 is fixed
-
- ... by doing two transfers in nocwd mode and check that there's no
- superfluous CWD command.
-
-- FTP: skip unnecessary CWD when in nocwd mode
-
- ... when reusing a connection. If it didn't do any CWD previously.
-
- Fixes #1718
-
-Marcel Raad (4 Aug 2017)
-- travis: explicitly specify dist
-
- This makes the builds more reproducible as travis is currently rolling
- out trusty as default dist [1]. Specifically, this avoids coverage
- check failures when trusty is used as seen in [2] until we figure out
- what's wrong.
-
- [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
- [2] https://github.com/curl/curl/pull/1692
-
- Closes https://github.com/curl/curl/pull/1725
-
-Daniel Stenberg (4 Aug 2017)
-- travis: BUILD_TYPE => T
-
- (to make the full line appear nicer on travis web UI)
-
-- travis: add osx build with darwinssl
-
- Closes #1706
-
-- darwin: silence compiler warnings
-
- With a clang pragma and three type fixes
-
- Fixes #1722
-
-- BUILD.WINDOWS: mention buildconf.bat for builds off git
-
-- darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
-
-- test130: verify comments in .netrc
-
-- [Gisle Vanem brought this change]
-
- netrc: skip lines starting with '#'
-
- Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
-
-Marcel Raad (3 Aug 2017)
-- CMake: set MSVC warning level to 4
-
- The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
- consistent with the Visual Studio and NMake builds. Disable level 4
- warning C4127 for the library and additionally C4306 for the test
- servers to get a clean CURL_WERROR build as that warning is raised in
- some macros in older Visual Studio versions.
-
- Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
- Closes https://github.com/curl/curl/pull/1711
-
-Daniel Stenberg (2 Aug 2017)
-- CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2
-
- Reported-by: Viktor Szakats
-
-- CURLOPT_NETRC.3: mention the file name on windows
-
- ... and CURLOPT_NETRC_FILE(3).
-
-- travis: build osx with libressl too
-
-- travis: build osx with openssl too
-
-- tests/server/util: fix curltime mistake from 4dee50b9c80f9
-
-Marcel Raad (1 Aug 2017)
-- curl_threads: fix MSVC compiler warning
-
- Use LongToHandle to convert from long to HANDLE in the Win32
- implementation.
- This should fix the following warning when compiling with
- MSVC 11 (2012) in 64-bit mode:
- lib\curl_threads.c(113): warning C4306:
- 'type cast' : conversion from 'long' to 'HANDLE' of greater size
-
- Closes https://github.com/curl/curl/pull/1717
-
-Daniel Stenberg (1 Aug 2017)
-- BUGS: improved phrasing about security bugs
-
- Reported-by: Max Dymond
-
-- BUGS: clarify how to report security related bugs
-
-- [Brad Spencer brought this change]
-
- multi: fix request timer management
-
- There are some bugs in how timers are managed for a single easy handle
- that causes the wrong "next timeout" value to be reported to the
- application when a new minimum needs to be recomputed and that new
- minimum should be an existing timer that isn't currently set for the
- easy handle. When the application drives a set of easy handles via the
- `curl_multi_socket_action()` API (for example), it gets told to wait the
- wrong amount of time before the next call, which causes requests to
- linger for a long time (or, it is my guess, possibly forever).
-
- Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
-
-Jay Satiro (1 Aug 2017)
-- curl_setup: Define CURL_NO_OLDIES for building libcurl
-
- .. to catch accidental use of deprecated error codes.
-
- Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
-
-Daniel Stenberg (1 Aug 2017)
-- [Jeremy Tan brought this change]
-
- configure: fix the check for IdnToUnicode
-
- Fixes #1669
- Closes #1713
-
-- http: fix response code parser to avoid integer overflow
-
- test 1429 and 1433 were updated to work with the stricter HTTP status line
- parser.
-
- Closes #1714
- Reported-by: Brian Carpenter
-
-Jay Satiro (31 Jul 2017)
-- [Dwarakanath Yadavalli brought this change]
-
- libcurl: Stop using error codes defined under CURL_NO_OLDIES
-
- Fixes https://github.com/curl/curl/issues/1688
- Closes https://github.com/curl/curl/pull/1712
-
-- include.d: clarify --include is only for response headers
-
- Follow-up to 171f8de and de6de94.
-
- Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
- Reported-by: Daniel Stenberg
-
-Daniel Stenberg (30 Jul 2017)
-- [Jason Juang brought this change]
-
- cmake: support make uninstall
-
- Closes #1674
-
-- RELEASE-NOTES: synced with 001701c47
-
-Marcel Raad (29 Jul 2017)
-- AppVeyor: now really use CURL_WERROR
-
- It was misspelled as CURL_ERROR in commit
- 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4.
-
- Closes https://github.com/curl/curl/pull/1686
-
-Jay Satiro (29 Jul 2017)
-- tool_help: clarify --include is only for response headers
-
- Follow-up to 171f8de.
-
- Ref: https://github.com/curl/curl/issues/1704
-
-- splay: fix signed/unsigned mismatch warning
-
- Follow-up to 4dee50b.
-
- Ref: https://github.com/curl/curl/pull/1693
-
-Daniel Stenberg (28 Jul 2017)
-- include.d: clarify that it concerns the response headers
-
- Reported-by: olesteban at github
- Fixes #1704
-
-- [Johannes Schindelin brought this change]
-
- curl_rtmp: fix a compiler warning
-
- The headers of librtmp declare the socket as `int`, and on Windows, that
- disagrees with curl_socket_t.
-
- Bug: #1652
-
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- test1323: verify curlx_tvdiff
-
-- timeval: struct curltime is a struct timeval replacement
-
- ... to make all libcurl internals able to use the same data types for
- the struct members. The timeval struct differs subtly on several
- platforms so it makes it cumbersome to use everywhere.
-
- Ref: #1652
- Closes #1693
-
-- darwinssl: fix variable type mistake (regression)
-
- ... which made --tlsv1.2 not work because it would blank the max tls
- version variable.
-
- Reported-by: Nick Miyake
- Bug: #1703
-
-- multi: mention integer overflow risk if using > 500 million sockets
-
- Reported-by: ovidiu-benea@users.noreply.github.com
-
- Closes #1675
- Closes #1683
-
-- checksrc: escape open brace in regex
-
- ... to silence warning.
-
-Kamil Dudka (20 Jul 2017)
-- nss: fix a possible use-after-free in SelectClientCert()
-
- ... causing a SIGSEGV in showit() in case the handle used to initiate
- the connection has already been freed.
-
- This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.
-
- Reported-by: Rob Sanders
- Bug: https://bugzilla.redhat.com/1436158
-
-- nss: unify the coding style of nss_send() and nss_recv()
-
- No changes in behavior intended by this commit.
-
-Marcel Raad (18 Jul 2017)
-- tests/server/resolve.c: fix deprecation warning
-
- MSVC warns that gethostbyname is deprecated. Always use getaddrinfo
- instead to fix this when IPv6 is enabled, also for IPv4 resolves. This
- is also consistent with what libcurl does.
-
- Closes https://github.com/curl/curl/pull/1682
-
-Jay Satiro (17 Jul 2017)
-- darwinssl: fix pinnedpubkey build error
-
- - s/SessionHandle/Curl_easy/
-
- Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
- Reported-by: Gisle Vanem
-
-Marcel Raad (16 Jul 2017)
-- rtspd: fix GCC warning after MSVC warning fix
-
- Older GCC warns:
- /tests/server/rtspd.c:1194:10: warning: missing braces around
- initializer [-Wmissing-braces]
-
- Fix this by using memset instead of an initializer.
-
-- libtest: fix MSVC warning C4706
-
- With warning level 4, MSVC warns about assignments within conditional
- expressions. Change the while loop to a do-while loop to fix this. This
- change is also consistent with CODE_STYLE.md.
-
-- sockfilt: suppress conversion warning with explicit cast
-
- MSVC warns when implicitly casting -1 to unsigned long.
-
-- rtspd: fix MSVC level 4 warning
-
- warning C4701: potentially uninitialized local variable 'req' used
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 04:04:53 +0000