diff options
Diffstat (limited to 'libs/libcurl/docs/CHANGES')
| -rw-r--r-- | libs/libcurl/docs/CHANGES | 3055 |
1 files changed, 1659 insertions, 1396 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index b03c666643..b924571db6 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,6 +6,1665 @@ Changelog +Version 7.64.1 (27 Mar 2019) + +Daniel Stenberg (27 Mar 2019) +- RELEASE: 7.64.1 + +- Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set" + + This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00. + + Fixes #3708 + +- [Christian Schmitz brought this change] + + ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set + + Closes #3704 + +Jay Satiro (26 Mar 2019) +- tool_cb_wrt: fix writing to Windows null device NUL + + - Improve console detection. + + Prior to this change WriteConsole could be called to write to a handle + that may not be a console, which would cause an error. This issue is + limited to character devices that are not also consoles such as the null + device NUL. + + Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724 + Reported-by: Gisle Vanem + +- CURLMOPT_PIPELINING.3: fix typo + +Daniel Stenberg (25 Mar 2019) +- TODO: config file parsing + + Closes #3698 + +Jay Satiro (24 Mar 2019) +- os400: Disable Alt-Svc by default since it's experimental + + Follow-up to 520f0b4 which added Alt-Svc support and enabled it by + default for OS400. Since the feature is experimental, it should be + disabled by default. + + Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332 + Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html + + Closes https://github.com/curl/curl/pull/3688 + +Dan Fandrich (24 Mar 2019) +- tests: Fixed XML validation errors in some test files. + +- tests: Fix some incorrect precheck error messages. + + [ci skip] + +Daniel Stenberg (22 Mar 2019) +- curl_url.3: this is not experimental anymore + +- travis: bump the used wolfSSL version to 4.0.0 + + Test 311 is now fine, leaving only 313 (CRL) disabled. + + Test 313 details can be found here: + https://github.com/wolfSSL/wolfssl/issues/1546 + + Closes #3697 + +Daniel Gustafsson (22 Mar 2019) +- lib: Fix typos in comments + +David Woodhouse (20 Mar 2019) +- openssl: if cert type is ENG and no key specified, key is ENG too + + Fixes #3692 + Closes #3692 + +Daniel Stenberg (20 Mar 2019) +- sectransp: tvOS 11 is required for ALPN support + + Reported-by: nianxuejie on github + Assisted-by: Nick Zitzmann + Assisted-by: Jay Satiro + Fixes #3689 + Closes #3690 + +- test1541: threaded connection sharing + + The threaded-shared-conn.c example turned into test case. Only works if + pthread was detected. + + An attempt to detect future regressions such as e3a53e3efb942a5 + + Closes #3687 + +Patrick Monnerat (17 Mar 2019) +- os400: alt-svc support. + + Although experimental, enable it in the platform config file. + Upgrade ILE/RPG binding. + +Daniel Stenberg (17 Mar 2019) +- conncache: use conn->data to know if a transfer owns it + + - make sure an already "owned" connection isn't returned unless + multiplexed. + + - clear ->data when returning the connection to the cache again + + Regression since 7.62.0 (probably in commit 1b76c38904f0) + + Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html + + Closes #3686 + +- RELEASE-NOTES: synced + +- [Chris Young brought this change] + + configure: add --with-amissl + + AmiSSL is an Amiga native library which provides a wrapper over OpenSSL. + It also requires all programs using it to use bsdsocket.library + directly, rather than accessing socket functions through clib, which + libcurl was not necessarily doing previously. Configure will now check + for the headers and ensure they are included if found. + + Closes #3677 + +- [Chris Young brought this change] + + vtls: rename some of the SSL functions + + ... in the SSL structure as AmiSSL is using macros for the socket API + functions. + +- [Chris Young brought this change] + + tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr + +- [Chris Young brought this change] + + tool_operate: build on AmigaOS + +- makefile: make checksrc and hugefile commands "silent" + + ... to match the style already used for compiling, linking + etc. Acknowledges 'make V=1' to enable verbose. + + Closes #3681 + +- curl.1: --user and --proxy-user are hidden from ps output + + Suggested-by: Eric Curtin + Improved-by: Dan Fandrich + Ref: #3680 + + Closes #3683 + +- curl.1: mark the argument to --cookie as <data|filename> + + From a discussion in #3676 + + Suggested-by: Tim Rühsen + + Closes #3682 + +Dan Fandrich (14 Mar 2019) +- fuzzer: Only clone the latest fuzzer code, for speed. + +Daniel Stenberg (14 Mar 2019) +- [Dominik Hölzl brought this change] + + Negotiate: fix for HTTP POST with Negotiate + + * Adjusted unit tests 2056, 2057 + * do not generally close connections with CURLAUTH_NEGOTIATE after every request + * moved negotiatedata from UrlState to connectdata + * Added stream rewind logic for CURLAUTH_NEGOTIATE + * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC + * Consider authproblem state for CURLAUTH_NEGOTIATE + * Consider reuse_forbid for CURLAUTH_NEGOTIATE + * moved and adjusted negotiate authentication state handling from + output_auth_headers into Curl_output_negotiate + * Curl_output_negotiate: ensure auth done is always set + * Curl_output_negotiate: Set auth done also if result code is + GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may + also indicate the last challenge request (only works with disabled + Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) + * Consider "Persistent-Auth" header, detect if not present; + Reset/Cleanup negotiate after authentication if no persistent + authentication + * apply changes introduced with #2546 for negotiate rewind logic + + Fixes #1261 + Closes #1975 + +- [Marc Schlatter brought this change] + + http: send payload when (proxy) authentication is done + + The check that prevents payload from sending in case of authentication + doesn't check properly if the authentication is done or not. + + They're cases where the proxy respond "200 OK" before sending + authentication challenge. This change takes care of that. + + Fixes #2431 + Closes #3669 + +- file: fix "Checking if unsigned variable 'readcount' is less than zero." + + Pointed out by codacy + + Closes #3672 + +- memdebug: log pointer before freeing its data + + Coverity warned for two potentional "Use after free" cases. Both are false + positives because the memory wasn't used, it was only the actual pointer + value that was logged. + + The fix still changes the order of execution to avoid the warnings. + + Coverity CID 1443033 and 1443034 + + Closes #3671 + +- RELEASE-NOTES: synced + +Marcel Raad (12 Mar 2019) +- travis: actually use updated compiler versions + + For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the + new GCC versions were only used for the coverage build and for building + nghttp2, while the new clang version was not used at all. + + BoringSSL needs to use the default GCC as it respects CC, but not CXX, + so it would otherwise pass gcc 8 options to g++ 4.8 and fail. + + Also remove GCC 7, it's not needed anymore. + + Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning + + Closes https://github.com/curl/curl/pull/3670 + +- travis: update clang to version 7 + + Closes https://github.com/curl/curl/pull/3670 + +Jay Satiro (11 Mar 2019) +- [Andre Guibert de Bruet brought this change] + + examples/externalsocket: add missing close socket calls + + .. and for Windows also call WSACleanup since we call WSAStartup. + + The example is to demonstrate handling the socket independently of + libcurl. In this case libcurl is not responsible for creating, opening + or closing the socket, it is handled by the application (our example). + + Fixes https://github.com/curl/curl/pull/3663 + +Daniel Stenberg (11 Mar 2019) +- multi: removed unused code for request retries + + This code was once used for the non multi-interface using code path, but + ever since easy_perform was turned into a wrapper around the multi + interface, this code path never runs. + + Closes #3666 + +Jay Satiro (11 Mar 2019) +- doh: inherit some SSL options from user's easy handle + + - Inherit SSL options for the doh handle but not SSL client certs, + SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert, + SSL pinned public key, SSL ciphers, SSL id cache setting, + SSL kerberos or SSL gss-api settings. + + - Fix inheritance of verbose setting. + + - Inherit NOSIGNAL. + + There is no way for the user to set options for the doh (DNS-over-HTTPS) + handles and instead we inherit some options from the user's easy handle. + + My thinking for the SSL options not inherited is they are most likely + not intended by the user for the DOH transfer. I did inherit insecure + because I think that should still be in control of the user. + + Prior to this change doh did not work for me because CAINFO was not + inherited. Also verbose was set always which AFAICT was a bug (#3660). + + Fixes https://github.com/curl/curl/issues/3660 + Closes https://github.com/curl/curl/pull/3661 + +Daniel Stenberg (9 Mar 2019) +- test331: verify set-cookie for dotless host name + + Reproduced bug #3649 + Closes #3659 + +- Revert "cookies: extend domain checks to non psl builds" + + This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. + + Regression shipped in 7.64.0 + Fixes #3649 + +- memdebug: make debug-specific functions use curl_dbg_ prefix + + To not "collide" or use up the regular curl_ name space. Also makes them + easier to detect in helper scripts. + + Closes #3656 + +- cmdline-opts/proxytunnel.d: the option tunnnels all protocols + + Clarify the language and simplify. + + Reported-by: Daniel Lublin + Closes #3658 + +- KNOWN_BUGS: Client cert (MTLS) issues with Schannel + + Closes #3145 + +- ROADMAP: updated to some more current things to work on + +- tests: fix multiple may be used uninitialized warnings + +- RELEASE-NOTES: synced + +- source: fix two 'nread' may be used uninitialized warnings + + Both seem to be false positives but we don't like warnings. + + Closes #3646 + +- gopher: remove check for path == NULL + + Since it can't be NULL and it makes Coverity believe we lack proper NULL + checks. Verified by test 659, landed in commit 15401fa886b. + + Pointed out by Coverity CID 1442746. + + Assisted-by: Dan Fandrich + Fixes #3617 + Closes #3642 + +- examples: only include <curl/curl.h> + + That's the only public curl header we should encourage use of. + + Reviewed-by: Marcel Raad + Closes #3645 + +- ssh: loop the state machine if not done and not blocking + + If the state machine isn't complete, didn't fail and it didn't return + due to blocking it can just as well loop again. + + This addresses the problem with SFTP directory listings where we would + otherwise return back to the parent and as the multi state machine + doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the + doing phase isn't complete, it would return out when in reality there + was more data to deal with. + + Fixes #3506 + Closes #3644 + +Jay Satiro (5 Mar 2019) +- multi: support verbose conncache closure handle + + - Change closure handle to receive verbose setting from the easy handle + most recently added via curl_multi_add_handle. + + The closure handle is a special easy handle used for closing cached + connections. It receives limited settings from the easy handle most + recently added to the multi handle. Prior to this change that did not + include verbose which was a problem because on connection shutdown + verbose mode was not acknowledged. + + Ref: https://github.com/curl/curl/pull/3598 + + Co-authored-by: Daniel Stenberg + + Closes https://github.com/curl/curl/pull/3618 + +Daniel Stenberg (4 Mar 2019) +- CURLU: fix NULL dereference when used over proxy + + Test 659 verifies + + Also fixed the test 658 name + + Closes #3641 + +- altsvc_out: check the return code from Curl_gmtime + + Pointed out by Coverity, CID 1442956. + + Closes #3640 + +- docs/ALTSVC.md: docs describing the approach + + Closes #3498 + +- alt-svc: add a travis build + +- alt-svc: add test 355 and 356 to verify with command line curl + +- alt-svc: the curl command line bits + +- alt-svc: the libcurl bits + +- travis: add build using gnutls + + Closes #3637 + +- RELEASE-NOTES: synced + +- [Simon Legner brought this change] + + scripts/completion.pl: also generate fish completion file + + This is the renamed script formerly known as zsh.pl + + Closes #3545 + +- gnutls: remove call to deprecated gnutls_compression_get_name + + It has been deprecated by GnuTLS since a year ago and now causes build + warnings. + + Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f + Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html + + Closes #3636 + +Jay Satiro (2 Mar 2019) +- system_win32: move win32_init here from easy.c + + .. since system_win32 is a more appropriate location for the functions + and to extern the globals. + + Ref: https://github.com/curl/curl/commit/ca597ad#r32446578 + Reported-by: Gisle Vanem + + Closes https://github.com/curl/curl/pull/3625 + +Daniel Stenberg (1 Mar 2019) +- curl_easy_duphandle.3: clarify that a duped handle has no shares + + Reported-by: Sara Golemon + + Fixes #3592 + Closes #3634 + +- 10-at-a-time.c: fix too long line + +- [Arnaud Rebillout brought this change] + + examples: various fixes in ephiperfifo.c + + The main change here is the timer value that was wrong, it was given in + usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 * + 1000). This resulted in the callback being invoked WAY TOO OFTEN. + + As a quick check you can run this command before and after applying this + commit: + + # shell 1 + ./ephiperfifo 2>&1 | tee ephiperfifo.log + # shell 2 + echo http://hacking.elboulangero.com > hiper.fifo + + Then just compare the size of the logs files. + + Closes #3633 + Fixes #3632 + Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com> + +- urldata: simplify bytecounters + + - no need to have them protocol specific + + - no need to set pointers to them with the Curl_setup_transfer() call + + - make Curl_setup_transfer() operate on a transfer pointer, not + connection + + - switch some counters from long to the more proper curl_off_t type + + Closes #3627 + +- examples/10-at-a-time.c: improve readability and simplify + + - use better variable names to explain their purposes + - convert logic to curl_multi_wait() + +- threaded-resolver: shutdown the resolver thread without error message + + When a transfer is done, the resolver thread will be brought down. That + could accidentally generate an error message in the error buffer even + though this is not an error situationand the transfer would still return + OK. An application that still reads the error buffer could find a + "Could not resolve host: [host name]" message there and get confused. + + Reported-by: Michael Schmid + Fixes #3629 + Closes #3630 + +- [Ԝеѕ brought this change] + + docs: update max-redirs.d phrasing + + clarify redir - "in absurdum" doesn't seem to make sense in this context + + Closes #3631 + +- ssh: fix Condition '!status' is always true + + in the same sftp_done function in both SSH backends. Simplify them + somewhat. + + Pointed out by Codacy. + + Closes #3628 + +- test578: make it read data from the correct test + +- Curl_easy: remove req.maxfd - never used! + + Introduced in 8b6314ccfb, but not used anymore in current code. Unclear + since when. + + Closes #3626 + +- http: set state.infilesize when sending formposts + + Without it set, we would unwillingly triger the "HTTP error before end + of send, stop sending" condition even if the entire POST body had been + sent (since it wouldn't know the expected size) which would + unnecessarily log that message and close the connection when it didn't + have to. + + Reported-by: Matt McClure + Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html + Closes #3624 + +- INSTALL: refer to the current TLS library names and configure options + +- FAQ: minor updates and spelling fixes + +- GOVERNANCE.md: minor spelling fixes + +- Secure Transport: no more "darwinssl" + + Everyone calls it Secure Transport, now we do too. + + Reviewed-by: Nick Zitzmann + + Closes #3619 + +Marcel Raad (27 Feb 2019) +- AppVeyor: add classic MinGW build + + But use the MSYS2 shell rather than the default MSYS shell because of + POSIX path conversion issues. Classic MinGW is only available on the + Visual Studio 2015 image. + + Closes https://github.com/curl/curl/pull/3623 + +- AppVeyor: add MinGW-w64 build + + Add a MinGW-w64 build using CMake's MSYS Makefiles generator. + Use the Visual Studio 2015 image as it has GCC 8, while the + Visual Studio 2017 image only has GCC 7.2. + + Closes https://github.com/curl/curl/pull/3623 + +Daniel Stenberg (27 Feb 2019) +- cookies: only save the cookie file if the engine is enabled + + Follow-up to 8eddb8f4259. + + If the cookieinfo pointer is NULL there really is nothing to save. + + Without this fix, we got a problem when a handle was using shared object + with cookies and is told to "FLUSH" it to file (which worked) and then + the share object was removed and when the easy handle was closed just + afterwards it has no cookieinfo and no cookies so it decided to save an + empty jar (overwriting the file just flushed). + + Test 1905 now verifies that this works. + + Assisted-by: Michael Wallner + Assisted-by: Marcel Raad + + Closes #3621 + +- [DaVieS brought this change] + + cacertinmem.c: use multiple certificates for loading CA-chain + + Closes #3421 + +- urldata: convert bools to bitfields and move to end + + This allows the compiler to pack and align the structs better in + memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 + makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. + + Removed an unused struct field. + + No functionality changes. + + Closes #3610 + +- [Don J Olmstead brought this change] + + curl.h: use __has_declspec_attribute for shared builds + + Closes #3616 + +- curl: display --version features sorted alphabetically + + Closes #3611 + +- runtests: detect "schannel" as an alias for "winssl" + + Follow-up to 180501cb02 + + Reported-by: Marcel Raad + Fixes #3609 + Closes #3620 + +Marcel Raad (26 Feb 2019) +- AppVeyor: update to Visual Studio 2017 + + Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a + moving target anymore as the last update, Update 9, has been released. + + Closes https://github.com/curl/curl/pull/3606 + +- AppVeyor: switch VS 2015 builds to VS 2017 image + + The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed. + + Closes https://github.com/curl/curl/pull/3606 + +- AppVeyor: explicitly select worker image + + Currently, we're using the default Visual Studio 2015 image for + everything. + + Closes https://github.com/curl/curl/pull/3606 + +Daniel Stenberg (26 Feb 2019) +- strerror: make the strerror function use local buffers + + Instead of using a fixed 256 byte buffer in the connectdata struct. + + In my build, this reduces the size of the connectdata struct by 11.8%, + from 2160 to 1904 bytes with no functionality or performance loss. + + This also fixes a bug in schannel's Curl_verify_certificate where it + called Curl_sspi_strerror when it should have called Curl_strerror for + string from GetLastError. the only effect would have been no text or the + wrong text being shown for the error. + + Co-authored-by: Jay Satiro + + Closes #3612 + +- [Michael Wallner brought this change] + + cookies: fix NULL dereference if flushing cookies with no CookieInfo set + + Regression brought by a52e46f3900fb0 (shipped in 7.63.0) + + Closes #3613 + +Marcel Raad (26 Feb 2019) +- AppVeyor: re-enable test 500 + + It's passing now. + + Closes https://github.com/curl/curl/pull/3615 + +- AppVeyor: remove redundant builds + + Remove the Visual Studio 2012 and 2013 builds as they add little value. + + Ref: https://github.com/curl/curl/pull/3606 + Closes https://github.com/curl/curl/pull/3614 + +Daniel Stenberg (25 Feb 2019) +- RELEASE-NOTES: synced + +- [Bernd Mueller brought this change] + + OpenSSL: add support for TLS ASYNC state + + Closes #3591 + +Jay Satiro (25 Feb 2019) +- [Michael Felt brought this change] + + acinclude: add additional libraries to check for LDAP support + + - Add an additional check for LDAP that also checks for OpenSSL since + on AIX those libraries may be required to link LDAP properly. + + Fixes https://github.com/curl/curl/issues/3595 + Closes https://github.com/curl/curl/pull/3596 + +- [georgeok brought this change] + + schannel: support CALG_ECDH_EPHEM algorithm + + Add support for Ephemeral elliptic curve Diffie-Hellman key exchange + algorithm option when selecting ciphers. This became available on the + Win10 SDK. + + Closes https://github.com/curl/curl/pull/3608 + +Daniel Stenberg (24 Feb 2019) +- multi: call multi_done on connect timeouts + + Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get + updated correctly and could end up getting reported to the application + completely wrong (way too small). + + Reported-by: accountantM on github + Fixes #3602 + Closes #3605 + +- examples: remove recursive calls to curl_multi_socket_action + + From within the timer callbacks. Recursive is problematic for several + reasons. They should still work, but this way the examples and the + documentation becomes simpler. I don't think we need to encourage + recursive calls. + + Discussed in #3537 + Closes #3601 + +Marcel Raad (23 Feb 2019) +- configure: remove CURL_CHECK_FUNC_FDOPEN call + + The macro itself has been removed in commit + 11974ac859c5d82def59e837e0db56fef7f6794e. + + Closes https://github.com/curl/curl/pull/3604 + +Daniel Stenberg (23 Feb 2019) +- wolfssl: stop custom-adding curves + + since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in + wolfSSL 3.10.2 and later) it sends these curves by default already. + + Pointed-out-by: David Garske + + Closes #3599 + +- configure: remove the unused fdopen macro + + and the two remaining #ifdefs for it + + Closes #3600 + +Jay Satiro (22 Feb 2019) +- url: change conn shutdown order to unlink data as last step + + - Split off connection shutdown procedure from Curl_disconnect into new + function conn_shutdown. + + - Change the shutdown procedure to close the sockets before + disassociating the transfer. + + Prior to this change the sockets were closed after disassociating the + transfer so SOCKETFUNCTION wasn't called since the transfer was already + disassociated. That likely came about from recent work started in + Jan 2019 (#3442) to separate transfers from connections. + + Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html + Reported-by: Pavel Löbl + + Closes https://github.com/curl/curl/issues/3597 + Closes https://github.com/curl/curl/pull/3598 + +Marcel Raad (22 Feb 2019) +- Fix strict-prototypes GCC warning + + As seen in the MinGW autobuilds. Caused by commit + f26bc29cfec0be84c67cf74065cf8e5e78fd68b7. + +Dan Fandrich (21 Feb 2019) +- tests: Fixed XML validation errors in some test files. + +Daniel Stenberg (20 Feb 2019) +- TODO: Allow SAN names in HTTP/2 server push + + Suggested-by: Nicolas Grekas + +- RELEASE-NOTES: synced + +- curl: remove MANUAL from -M output + + ... and remove it from the dist tarball. It has served its time, it + barely gets updated anymore and "everything curl" is now convering all + this document once tried to include, and does it more and better. + + In the compressed scenario, this removes ~15K data from the binary, + which is 25% of the -M output. + + It remains in the git repo for now for as long as the web site builds a + page using that as source. It renders poorly on the site (especially for + mobile users) so its not even good there. + + Closes #3587 + +- http2: verify :athority in push promise requests + + RFC 7540 says we should verify that the push is for an "authoritative" + server. We make sure of this by only allowing push with an :athority + header that matches the host that was asked for in the URL. + + Fixes #3577 + Reported-by: Nicolas Grekas + Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html + Closes #3581 + +- singlesocket: fix the 'sincebefore' placement + + The variable wasn't properly reset within the loop and thus could remain + set for sockets that hadn't been set before and miss notifying the app. + + This is a follow-up to 4c35574 (shipped in curl 7.64.0) + + Reported-by: buzo-ffm on github + Detected-by: Jan Alexander Steffens + Fixes #3585 + Closes #3589 + +- connection: never reuse CONNECT_ONLY conections + + and make CONNECT_ONLY conections never reuse any existing ones either. + + Reported-by: Pavel Löbl + Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html + Closes #3586 + +Patrick Monnerat (19 Feb 2019) +- cli tool: fix mime post with --disable-libcurl-option configure option + + Reported-by: Marcel Raad + Fixes #3576 + Closes #3583 + +Daniel Stenberg (19 Feb 2019) +- x509asn1: cleanup and unify code layout + + - rename 'n' to buflen in functions, and use size_t for them. Don't pass + in negative buffer lengths. + + - move most function comments to above the function starts like we use + to + + - remove several unnecessary typecasts (especially of NULL) + + Reviewed-by: Patrick Monnerat + Closes #3582 + +- curl_multi_remove_handle.3: use at any time, just not from within callbacks + + [ci skip] + +- http: make adding a blank header thread-safe + + Previously the function would edit the provided header in-place when a + semicolon is used to signify an empty header. This made it impossible to + use the same set of custom headers in multiple threads simultaneously. + + This approach now makes a local copy when it needs to edit the string. + + Reported-by: d912e3 on github + Fixes #3578 + Closes #3579 + +- unit1651: survive curl_easy_init() fails + +- [Frank Gevaerts brought this change] + + rand: Fix a mismatch between comments in source and header. + + Reported-by: Björn Stenberg <bjorn@haxx.se> + Closes #3584 + +Patrick Monnerat (18 Feb 2019) +- x509asn1: replace single char with an array + + Although safe in this context, using a single char as an array may + cause invalid accesses to adjacent memory locations. + + Detected by Coverity. + +Daniel Stenberg (18 Feb 2019) +- examples/http2-serverpush: add some sensible error checks + + To avoid NULL pointer dereferences etc in the case of problems. + + Closes #3580 + +Jay Satiro (18 Feb 2019) +- easy: fix win32 init to work without CURL_GLOBAL_WIN32 + + - Change the behavior of win32_init so that the required initialization + procedures are not affected by CURL_GLOBAL_WIN32 flag. + + libcurl via curl_global_init supports initializing for win32 with an + optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop + Winsock initialization. It did so internally by skipping win32_init() + when that flag was set. Since then win32_init() has been expanded to + include required initialization routines that are separate from + Winsock and therefore must be called in all cases. This commit fixes + it so that CURL_GLOBAL_WIN32 only controls the optional win32 + initialization (which is Winsock initialization, according to our doc). + + The only users affected by this change are those that don't pass + CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the + risk of a potential crash. + + Ref: https://github.com/curl/curl/pull/3573 + + Fixes https://github.com/curl/curl/issues/3313 + Closes https://github.com/curl/curl/pull/3575 + +Daniel Gustafsson (17 Feb 2019) +- cookie: Add support for cookie prefixes + + The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes + and how they should affect cookie initialization, which has been + adopted by the major browsers. This adds support for the two prefixes + defined, __Host- and __Secure, and updates the testcase with the + supplied examples from the draft. + + Closes #3554 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- mbedtls: release sessionid resources on error + + If mbedtls_ssl_get_session() fails, it may still have allocated + memory that needs to be freed to avoid leaking. Call the library + API function to release session resources on this errorpath as + well as on Curl_ssl_addsessionid() errors. + + Closes: #3574 + Reported-by: Michał Antoniak <M.Antoniak@posnet.com> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Patrick Monnerat (16 Feb 2019) +- cli tool: refactor encoding conversion sequence for switch case fallthrough. + +- version.c: silent scan-build even when librtmp is not enabled + +Daniel Stenberg (15 Feb 2019) +- RELEASE-NOTES: synced + +- Curl_now: figure out windows version in win32_init + + ... and avoid use of static variables that aren't thread safe. + + Fixes regression from e9ababd4f5a (present in the 7.64.0 release) + + Reported-by: Paul Groke + Fixes #3572 + Closes #3573 + +Marcel Raad (15 Feb 2019) +- unit1307: just fail without FTP support + + I missed to check this in with commit + 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test. + This fixes the actual linker error. + + Closes https://github.com/curl/curl/pull/3568 + +Daniel Stenberg (15 Feb 2019) +- travis: enable valgrind for the iconv tests too + + Closes #3571 + +- travis: add scan-build + + Closes #3564 + +- examples/sftpuploadresume: Value stored to 'result' is never read + + Detected by scan-build + +- examples/http2-upload: cleaned up + + Fix scan-build warnings, no globals, no silly handle scan. Also remove + handles from the multi before cleaning up. + +- examples/http2-download: cleaned up + + To avoid scan-build warnings and global variables. + +- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' + + Detected by scan-build + +- examples/httpcustomheader: Value stored to 'res' is never read + + Detected by scan-build + +- examples: remove superfluous null-pointer checks + + in ftpget, ftpsget and sftpget, so that scan-build stops warning for + potential NULL pointer dereference below! + + Detected by scan-build + +- strip_trailing_dot: make sure NULL is never used for strlen + + scan-build warning: Null pointer passed as an argument to a 'nonnull' + parameter + +- [Jay Satiro brought this change] + + connection_check: restore original conn->data after the check + + - Save the original conn->data before it's changed to the specified + data transfer for the connection check and then restore it afterwards. + + This is a follow-up to 38d8e1b 2019-02-11. + + History: + + It was discovered a month ago that before checking whether to extract a + dead connection that that connection should be associated with a "live" + transfer for the check (ie original conn->data ignored and set to the + passed in data). A fix was landed in 54b201b which did that and also + cleared conn->data after the check. The original conn->data was not + restored, so presumably it was thought that a valid conn->data was no + longer needed. + + Several days later it was discovered that a valid conn->data was needed + after the check and follow-up fix was landed in bbae24c which partially + reverted the original fix and attempted to limit the scope of when + conn->data was changed to only when pruning dead connections. In that + case conn->data was not cleared and the original conn->data not + restored. + + A month later it was discovered that the original fix was somewhat + correct; a "live" transfer is needed for the check in all cases + because original conn->data could be null which could cause a bad deref + at arbitrary points in the check. A fix was landed in 38d8e1b which + expanded the scope to all cases. conn->data was not cleared and the + original conn->data not restored. + + A day later it was discovered that not restoring the original conn->data + may lead to busy loops in applications that use the event interface, and + given this observation it's a pretty safe assumption that there is some + code path that still needs the original conn->data. This commit is the + follow-up fix for that, it restores the original conn->data after the + connection check. + + Assisted-by: tholin@users.noreply.github.com + Reported-by: tholin@users.noreply.github.com + + Fixes https://github.com/curl/curl/issues/3542 + Closes #3559 + +- memdebug: bring back curl_mark_sclose + + Used by debug builds with NSS. + + Reverted from 05b100aee247bb + +Patrick Monnerat (14 Feb 2019) +- transfer.c: do not compute length of undefined hex buffer. + + On non-ascii platforms, the chunked hex header was measured for char code + conversion length, even for chunked trailers that do not have an hex header. + In addition, the efective length is already known: use it. + Since the hex length can be zero, only convert if needed. + + Reported by valgrind. + +Daniel Stenberg (14 Feb 2019) +- KNOWN_BUGS: Cannot compile against a static build of OpenLDAP + + Closes #2367 + +Patrick Monnerat (14 Feb 2019) +- x509asn1: "Dereference of null pointer" + + Detected by scan-build (false positive). + +Daniel Stenberg (14 Feb 2019) +- configure: show features as well in the final summary + + Closes #3569 + +- KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10 + + Closes #2905 + +- KNOWN_BUGS: Deflate error after all content was received + + Closes #2719 + +- gssapi: fix deprecated header warnings + + Heimdal includes on FreeBSD spewed out lots of them. Less so now. + + Closes #3566 + +- TODO: Upgrade to websockets + + Closes #3523 + +- TODO: cmake test suite improvements + + Closes #3109 + +Patrick Monnerat (13 Feb 2019) +- curl: "Dereference of null pointer" + + Rephrase to satisfy scan-build. + +Marcel Raad (13 Feb 2019) +- unit1307: require FTP support + + This test doesn't link without FTP support after + fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch + unavailable without FTP support. + + Closes https://github.com/curl/curl/pull/3565 + +Daniel Stenberg (13 Feb 2019) +- TODO: TFO support on Windows + + Nobody works on this now. + + Closes #3378 + +- multi: Dereference of null pointer + + Mostly a false positive, but this makes the code easier to read anyway. + + Detected by scan-build. + + Closes #3563 + +- urlglob: Argument with 'nonnull' attribute passed null + + Detected by scan-build. + +Jay Satiro (12 Feb 2019) +- schannel: restore some debug output but only for debug builds + + Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy + debug output in DEBUGF but omitted a few lines. + + Ref: https://github.com/curl/curl/commit/84c10dc#r32292900 + +- examples/crawler: Fix the Accept-Encoding setting + + - Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default + supported encodings. + + Prior to this change the specific encodings of gzip and deflate were set + but there's no guarantee they'd be supported by the user's libcurl. + +Daniel Stenberg (12 Feb 2019) +- mime: put the boundary buffer into the curl_mime struct + + ... instead of allocating it separately and point to it. It is + fixed-size and always used for each part. + + Closes #3561 + +- schannel: be quiet + + Convert numerous infof() calls into debug-build only messages since they + are annoyingly verbose for regular applications. Removed a few. + + Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html + Reported-by: Volker Schmid + Closes #3552 + +- [Romain Geissler brought this change] + + Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning + + Closes #3562 + +- http2: multi_connchanged() moved from multi.c, only used for h2 + + Closes #3557 + +- curl: "Function call argument is an uninitialized value" + + Follow-up to cac0e4a6ad14b42471eb + + Detected by scan-build + Closes #3560 + +- pretransfer: don't strlen() POSTFIELDS set for GET requests + + ... since that data won't be used in the request anyway. + + Fixes #3548 + Reported-by: Renaud Allard + Close #3549 + +- multi: remove verbose "Expire in" ... messages + + Reported-by: James Brown + Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html + Closes #3558 + +- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set + + Reported-by: MAntoniak on github + Fixes #3553 + Closes #3556 + +Daniel Gustafsson (12 Feb 2019) +- non-ascii.c: fix typos in comments + + Fix two occurrences of s/convers/converts/ spotted while reading code. + +Daniel Stenberg (12 Feb 2019) +- fnmatch: disable if FTP is disabled + + Closes #3551 + +- curl_path: only enabled for SSH builds + +- [Frank Gevaerts brought this change] + + tests: add stderr comparison to the test suite + + The code is more or less copied from the stdout comparison code, maybe + some better reuse is possible. + + test 1457 is adjusted to make the output actually match (by using --silent) + test 506 used <stderr> without actually needing it, so that <stderr> block is removed + + Closes #3536 + +Patrick Monnerat (11 Feb 2019) +- cli tool: do not use mime.h private structures. + + Option -F generates an intermediate representation of the mime structure + that is used later to create the libcurl mime structure and generate + the --libcurl statements. + + Reported-by: Daniel Stenberg + Fixes #3532 + Closes #3546 + +Daniel Stenberg (11 Feb 2019) +- curlver: bump to 7.64.1-dev + +- RELEASE-NOTES: synced + + and bump the version in progress to 7.64.1. If we merge any "change" + before the cut-off date, we update again. + +Daniel Gustafsson (11 Feb 2019) +- curl: follow-up to 3f16990ec84 + + Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was + inadvertently introducing a new bug in the ternary expression. + + Close #3555 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- dns: release sharelock as soon as possible + + There is no benefit to holding the data sharelock when freeing the + addrinfo in case it fails, so ensure releaseing it as soon as we can + rather than holding on to it. This also aligns the code with other + consumers of sharelocks. + + Closes #3516 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (11 Feb 2019) +- curl: follow-up to b49652ac66cc0 + + On FreeBSD, return non-zero on error otherwise zero. + + Reported-by: Marcel Raad + +- multi: (void)-prefix when ignoring return values + + ... and added braces to two function calls which fixes warnings if they + are replace by empty macros at build-time. + +- curl: fix FreeBSD compiler warning in the --xattr code + + Closes #3550 + +- connection_check: set ->data to the transfer doing the check + + The http2 code for connection checking needs a transfer to use. Make + sure a working one is set before handler->connection_check() is called. + + Reported-by: jnbr on github + Fixes #3541 + Closes #3547 + +- hostip: make create_hostcache_id avoid alloc + free + + Closes #3544 + +- scripts/singleuse: script to use to track single-use functions + + That is functions that are declared global but are not used from outside + of the file in which it is declared. Such functions should be made + static or even at times be removed. + + It also verifies that all used curl_ prefixed functions are "blessed" + + Closes #3538 + +- cleanup: make local functions static + + urlapi: turn three local-only functions into statics + + conncache: make conncache_find_first_connection static + + multi: make detach_connnection static + + connect: make getaddressinfo static + + curl_ntlm_core: make hmac_md5 static + + http2: make two functions static + + http: make http_setup_conn static + + connect: make tcpnodelay static + + tests: make UNITTEST a thing to mark functions with, so they can be static for + normal builds and non-static for unit test builds + + ... and mark Curl_shuffle_addr accordingly. + + url: make up_free static + + setopt: make vsetopt static + + curl_endian: make write32_le static + + rtsp: make rtsp_connisdead static + + warnless: remove unused functions + + memdebug: remove one unused function, made another static + +Dan Fandrich (10 Feb 2019) +- cirrus: Added FreeBSD builds using Cirrus CI. + + The build logs will be at https://cirrus-ci.com/github/curl/curl + + Some tests are currently failing and so disabled for now. The SSH server + isn't starting for the SSH tests due to unsupported options used in its + config file. The DICT server also is failing on startup. + +Daniel Stenberg (9 Feb 2019) +- url/idnconvert: remove scan for <= 32 ascii values + + The check was added back in fa939220df before the URL parser would catch + these problems and therefore these will never trigger now. + + Closes #3539 + +- urlapi: reduce variable scope, remove unreachable 'break' + + Both nits pointed out by codacy.com + + Closes #3540 + +Alessandro Ghedini (7 Feb 2019) +- zsh.pl: escape ':' character + + ':' is interpreted as separator by zsh, so if used as part of the argument + or option's description it needs to be escaped. + + The problem can be reproduced as follows: + + % curl --reso<TAB> + % curl -E <TAB> + + Bug: https://bugs.debian.org/921452 + +- zsh.pl: update regex to better match curl -h output + + The current regex fails to match '<...>' arguments properly (e.g. those + with spaces in them), which causes an completion script with wrong + descriptions for some options. + + Here's a diff of the generated completion script, comparing the previous + version to the one with this fix: + + --- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000 + +++ _curl 2019-02-05 20:57:29.453349040 +0000 + @@ -9,48 +9,48 @@ + + _arguments -C -S \ + --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \ + + --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \ + {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \ + {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \ + {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \ + --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \ + - --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \ + + --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \ + {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \ + --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \ + --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \ + - --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \ + --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \ + --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \ + - --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \ + - --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \ + + --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \ + --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \ + --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \ + + --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \ + --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \ + + --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \ + {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \ + --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \ + --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \ + - --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \ + + --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \ + --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \ + --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \ + - --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \ + {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \ + --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \ + --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \ + {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \ + - --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \ + - --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \ + - {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \ + - --location-trusted'[--location, and send auth to other hosts]':'Like' \ + + --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \ + --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \ + {-O,--remote-name}'[Write output to a file named as the remote file]' \ + + --retry-connrefused'[Retry on connection refused (use with --retry)]' \ + + --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \ + --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \ + --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \ + --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \ + {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \ + + {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \ + {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \ + --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \ + --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \ + - --ignore-content-length'[the size of the remote resource]':'Ignore' \ + {-k,--insecure}'[Allow insecure server connections when using SSL]' \ + + --location-trusted'[Like --location, and send auth to other hosts]' \ + --mail-auth'[Originator address of the original email]':'<address>' \ + --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \ + --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \ + @@ -62,18 +62,19 @@ + --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \ + --cacert'[CA certificate to verify peer against]':'<file>':_files \ + {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \ + + --ignore-content-length'[Ignore the size of the remote resource]' \ + {-i,--include}'[Include protocol response headers in the output]' \ + --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \ + --unix-socket'[Connect through this Unix domain socket]':'<path>' \ + {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \ + - --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \ + {-o,--output}'[Write to file instead of stdout]':'<file>':_files \ + - {-J,--remote-header-name}'[the header-provided filename]':'Use' \ + + --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \ + --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \ + {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \ + {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \ + --capath'[CA directory to verify peer against]':'<dir>':_files \ + {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \ + + --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \ + --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \ + {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \ + --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \ + @@ -81,52 +82,49 @@ + {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \ + --egd-file'[EGD socket path for random data]':'<file>':_files \ + --fail-early'[Fail on first transfer error, do not continue]' \ + - --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \ + - --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \ + + {-J,--remote-header-name}'[Use the header-provided filename]' \ + --retry-max-time'[Retry only within this period]':'<seconds>' \ + --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \ + --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \ + - --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \ + - --ssl-allow-beast'[security flaw to improve interop]':'Allow' \ + --cert-status'[Verify the status of the server certificate]' \ + - --ftp-create-dirs'[the remote dirs if not present]':'Create' \ + {-:,--next}'[Make next URL use its separate set of options]' \ + --proxy-key-type'[Private key file type for proxy]':'<type>' \ + - --remote-name-all'[the remote file name for all URLs]':'Use' \ + {-X,--request}'[Specify request command to use]':'<command>' \ + --retry'[Retry request if transient problems occur]':'<num>' \ + - --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \ + --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \ + --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \ + --create-dirs'[Create necessary local directory hierarchy]' \ + + --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \ + --max-redirs'[Maximum number of redirects allowed]':'<num>' \ + {-n,--netrc}'[Must read .netrc for user name and password]' \ + + {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \ + --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \ + --sasl-ir'[Enable initial response in SASL authentication]' \ + - --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \ + + --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \ + + --ssl-allow-beast'[Allow security flaw to improve interop]' \ + + --ftp-create-dirs'[Create the remote dirs if not present]' \ + --interface'[Use network INTERFACE (or address)]':'<name>' \ + --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \ + --netrc-file'[Specify FILE for netrc]':'<filename>':_files \ + {-N,--no-buffer}'[Disable buffering of the output stream]' \ + --proxy-service-name'[SPNEGO proxy service name]':'<name>' \ + - --styled-output'[styled output for HTTP headers]':'Enable' \ + + --remote-name-all'[Use the remote file name for all URLs]' \ + + --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \ + --max-filesize'[Maximum file size to download]':'<bytes>' \ + --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \ + --no-keepalive'[Disable TCP keepalive on the connection]' \ + {-#,--progress-bar}'[Display transfer progress as a bar]' \ + - {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \ + - --proxy-anyauth'[any proxy authentication method]':'Pick' \ + {-Q,--quote}'[Send command(s) to server before transfer]' \ + - --request-target'[the target for this request]':'Specify' \ + + --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \ + {-u,--user}'[Server user and password]':'<user:password>' \ + {-K,--config}'[Read config from a file]':'<file>':_files \ + {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \ + --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \ + - --disallow-username-in-url'[username in url]':'Disallow' \ + --krb'[Enable Kerberos with security <level>]':'<level>' \ + --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \ + --proxy-digest'[Use Digest authentication on the proxy]' \ + --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \ + + --styled-output'[Enable styled output for HTTP headers]' \ + {-b,--cookie}'[Send cookies from string/file]':'<data>' \ + --data-urlencode'[HTTP POST data url encoded]':'<data>' \ + --delegation'[GSS-API delegation permission]':'<LEVEL>' \ + @@ -134,7 +132,10 @@ + --post301'[Do not switch to GET after following a 301]' \ + --post302'[Do not switch to GET after following a 302]' \ + --post303'[Do not switch to GET after following a 303]' \ + + --proxy-anyauth'[Pick any proxy authentication method]' \ + + --request-target'[Specify the target for this request]' \ + --trace-time'[Add time stamps to trace/verbose output]' \ + + --disallow-username-in-url'[Disallow username in url]' \ + --dns-servers'[DNS server addrs to use]':'<addresses>' \ + {-G,--get}'[Put the post data in the URL and use GET]' \ + --limit-rate'[Limit transfer speed to RATE]':'<speed>' \ + @@ -148,21 +149,21 @@ + --metalink'[Process given URLs as metalink XML file]' \ + --tr-encoding'[Request compressed transfer encoding]' \ + --xattr'[Store metadata in extended file attributes]' \ + - --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \ + --pass'[Pass phrase for the private key]':'<phrase>' \ + --proxy-ntlm'[Use NTLM authentication on the proxy]' \ + {-S,--show-error}'[Show error even when -s is used]' \ + - --ciphers'[of ciphers> SSL ciphers to use]':'<list' \ + + --ciphers'[SSL ciphers to use]':'<list of ciphers>' \ + --form-string'[Specify multipart MIME data]':'<name=string>' \ + --login-options'[Server login options]':'<options>' \ + --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \ + - --tftp-no-options'[not send any TFTP options]':'Do' \ + {-v,--verbose}'[Make the operation more talkative]' \ + + --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \ + --proxy-key'[Private key for HTTPS proxy]':'<key>' \ + {-F,--form}'[Specify multipart MIME data]':'<name=content>' \ + --mail-from'[Mail from this address]':'<address>' \ + --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \ + --proto'[Enable/disable PROTOCOLS]':'<protocols>' \ + + --tftp-no-options'[Do not send any TFTP options]' \ + --tlsauthtype'[TLS authentication type]':'<type>' \ + --doh-url'[Resolve host names over DOH]':'<URL>' \ + --no-sessionid'[Disable SSL session-ID reusing]' \ + @@ -173,14 +174,13 @@ + --ftp-ssl-ccc'[Send CCC after authenticating]' \ + {-4,--ipv4}'[Resolve names to IPv4 addresses]' \ + {-6,--ipv6}'[Resolve names to IPv6 addresses]' \ + - --netrc-optional'[either .netrc or URL]':'Use' \ + --service-name'[SPNEGO service name]':'<name>' \ + {-V,--version}'[Show version number and quit]' \ + --data-ascii'[HTTP POST ASCII data]':'<data>' \ + --ftp-account'[Account data string]':'<data>' \ + - --compressed-ssh'[SSH compression]':'Enable' \ + --disable-eprt'[Inhibit using EPRT or LPRT]' \ + --ftp-method'[Control CWD usage]':'<method>' \ + + --netrc-optional'[Use either .netrc or URL]' \ + --pubkey'[SSH Public key file name]':'<key>' \ + --raw'[Do HTTP "raw"; no transfer decoding]' \ + --anyauth'[Pick any authentication method]' \ + @@ -189,6 +189,7 @@ + --no-alpn'[Disable the ALPN TLS extension]' \ + --tcp-nodelay'[Use the TCP_NODELAY option]' \ + {-B,--use-ascii}'[Use ASCII/text transfer]' \ + + --compressed-ssh'[Enable SSH compression]' \ + --digest'[Use HTTP Digest Authentication]' \ + --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \ + --engine'[Crypto engine to use]':'<name>' \ + +Marcel Raad (7 Feb 2019) +- tool_operate: fix typecheck warning + + Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning: + tool_operate.c: In function 'operate_do': + ../include/curl/typecheck-gcc.h:47:9: error: call to + '_curl_easy_setopt_err_long' declared with attribute warning: + curl_easy_setopt expects a long argument for this option [-Werror] + + Closes https://github.com/curl/curl/pull/3534 + +Jay Satiro (6 Feb 2019) +- [Chris Araman brought this change] + + url: close TLS before removing conn from cache + + - Fix potential crashes in schannel shutdown. + + Ensure any TLS shutdown messages are sent before removing the + association between the connection and the easy handle. Reverts + @bagder's previous partial fix for #3412. + + Fixes https://github.com/curl/curl/issues/3412 + Fixes https://github.com/curl/curl/issues/3505 + Closes https://github.com/curl/curl/pull/3531 + +Daniel Gustafsson (6 Feb 2019) +- INTERNALS.md: fix subsection depth and link + + The Kerberos subsection was mistakenly a subsubsection under FTP, and + the curlx subsection was missing an anchor for the TOC link. + + Closes #3529 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Version 7.64.0 (6 Feb 2019) Daniel Stenberg (6 Feb 2019) @@ -6351,1399 +8010,3 @@ Daniel Stenberg (12 May 2018) Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 - -- setup_transfer: deal with both sockets being -1 - - Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would - index the array with -1 if neither index was a socket. - -- travis: add build using NSS - - Closes #2558 - -- [Sunny Purushe brought this change] - - openssl: change FILE ops to BIO ops - - To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES - handling is causing problems. This fix changes the OpenSSL backend code - to use BIO functions instead of FILE I/O functions to circumvent those - problems. - - Closes #2512 - -- travis: add a build using WolfSSL - - Assisted-by: Dan Fandrich - - Closes #2528 - -- RELEASE-NOTES: typo - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - URLs: fix one more http url - - This file wasn't included in commit 4af40b3646d3b09 which updated all - haxx.se http urls to https. The file was committed prior to that update, - but may have been merged after it and hence didn't get updated. - - Closes #2550 - -- github/lock: auto-lock closed issues after 90 days of inactivity - -- vtls: fix missing commas - - follow-up to e66cca046cef - -- vtls: use unified "supports" bitfield member in backends - - ... instead of previous separate struct fields, to make it easier to - extend and change individual backends without having to modify them all. - - closes #2547 - -- transfer: don't unset writesockfd on setup of multiplexed conns - - Curl_setup_transfer() can be called to setup a new individual transfer - over a multiplexed connection so it shouldn't unset writesockfd. - - Bug: #2520 - Closes #2549 - -- [Frank Gevaerts brought this change] - - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h - - They are removed from the compiler flags. - - This ensures that make dependency tracking will force a rebuild whenever - configure --enable-debug or --enable-curldebug changes. - - Closes #2548 - -- http: don't set the "rewind" flag when not uploading anything - - It triggers an assert. - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 - Closes #2546 - -- travis: add an mbedtls build - - Closes #2531 - -- configure: only check for CA bundle for file-using SSL backends - - When only building with SSL backends that don't use the CA bundle file - (by default), skip the check. - - Fixes #2543 - Fixes #2180 - Closes #2545 - -- ssh-libssh.c: fix left shift compiler warning - - ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to - represent, but 'int' only has 32 bits [-Wshift-overflow=] - - 'len' will never be that big anyway so I converted the run-time check to - a regular assert. - -- [Stephan Mühlstrasser brought this change] - - URL: fix ASCII dependency in strcpy_url and strlen_url - - Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the - changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of - the problem that strcpy_url() was modified unilaterally without also - modifying strlen_url(). As a consequence strcpy_url() was again - depending on ASCII encoding. - - This change fixes strlen_url() and strcpy_url() in parallel to use a - common host-encoding independent criterion for deciding whether an URL - character must be %-escaped. - - Closes #2535 - -- [Denis Ollier brought this change] - - docs: remove extraneous commas in man pages - - Closes #2544 - -- RELEASE-NOTES: synced - -- Revert "TODO: remove configure --disable-pthreads" - - This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3. - - --disable-pthreads can be used to disable pthreads and get the threaded - resolver to use the windows threading when building with mingw. - -- vtls: don't define MD5_DIGEST_LENGTH for wolfssl - - ... as it defines it (too) - -- TODO: remove configure --disable-pthreads - -Jay Satiro (2 May 2018) -- [David Garske brought this change] - - wolfssl: Fix non-blocking connect - - Closes https://github.com/curl/curl/pull/2542 - -Daniel Stenberg (30 Apr 2018) -- CURLOPT_URL.3: add ENCODING section [ci skip] - - Feedback-by: Michael Kilburn - -- KNOWN_BUGS: Client cert with Issuer DN differs between backends - - Closes #1411 - -- KNOWN_BUGS: Passive transfer tries only one IP address - - Closes #1508 - -- KNOWN_BUGS: --upload-file . hang if delay in STDIN - - Closes #2051 - -- KNOWN_BUGS: Connection information when using TCP Fast Open - - Closes #1332 - -- travis: enable libssh2 on both macos and Linux - - It seems to not be detected by default anymore (which is a bug I - believe) - - Closes #2541 - -- TODO: Support the clienthello extension - - Closes #2299 - -- TODO: CLOEXEC - - Closes #2252 - -- tests: provide 'manual' as a feature to optionally require - - ... and make test 1026 rely on that feature so that --disable-manual - builds don't cause test failures. - - Reported-by: Max Dymond and Anders Roxell - Fixes #2533 - Closes #2540 - -- CURLINFO_PROTOCOL.3: mention the existing defined names - -Jay Satiro (27 Apr 2018) -- [Daniel Gustafsson brought this change] - - cookies: remove unused macro - - Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, - so remove as it's not part of the published API. - - Closes https://github.com/curl/curl/pull/2537 - -Daniel Stenberg (27 Apr 2018) -- [Daniel Gustafsson brought this change] - - checksrc: force indentation of lines after an else - - This extends the INDENTATION case to also handle 'else' statements - and require proper indentation on the following line. Also fixes the - offending cases found in the codebase. - - Closes #2532 - -- http2: fix null pointer dereference in http2_connisdead - - This function can get called on a connection that isn't setup enough to - have the 'recv_underlying' function pointer initialized so it would try - to call the NULL pointer. - - Reported-by: Dario Weisser - - Follow-up to db1b2c7fe9b093f8 (never shipped in a release) - Closes #2536 - -- http2: get rid of another strstr() - - Follow-up to 1514c44655e12e: replace another strstr() call done on a - buffer that might not be zero terminated - with a memchr() call, even if - we know the substring will be found. - - Assisted-by: Max Dymond - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 - - Closes #2534 - -- cyassl: adapt to libraries without TLS 1.0 support built-in - - WolfSSL doesn't enable it by default anymore - -- configure: provide --with-wolfssl as an alias for --with-cyassl - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - os400.c: fix ASSIGNWITHINCONDITION checksrc warnings - - All occurrences of assignment within conditional expression in - os400sys.c rewritten into two steps: first assignment and then the check - on the success of the assignment. Also adjust related incorrect brace - positions to match project indentation style. - - This was spurred by seeing "if((inp = input_token))", but while in there - all warnings were fixed. - - There should be no functional change from these changes. - - Closes #2525 - -- [Daniel Gustafsson brought this change] - - cookies: ensure that we have cookies before writing jar - - The jar should be written iff there are cookies, so ensure that we still - have cookies after expiration to avoid creating an empty file. - - Closes #2529 - -- strcpy_url: only %-encode values >= 0x80 - - OSS-Fuzz detected - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 - - Broke in dd7521bcc1b7 - -- mime: avoid NULL pointer dereference risk - - Coverity detected, CID 1435120 - - Closes #2527 - -- [Stephan Mühlstrasser brought this change] - - ctype: restore character classification for non-ASCII platforms - - With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic - character classification macros and functions were introduced in - curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on - non-ASCII, e.g. EBCDIC platforms. This change restores the previous set - of character classification macros when CURL_DOES_CONVERSIONS is - defined. - - Closes #2494 - -- ftplistparser: keep state between invokes - - Fixes FTP wildcard parsing when done over a number of read buffers. - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2526 - -- examples/http2-upload: expand buffer to avoid silly warning - - http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated - writing between 2 and 11 bytes into a region of size between 8 and 17 - -- examples/sftpuploadresume: typecast fseek argument to long - - /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long - int' from 'curl_off_t {aka long long int}' may alter its value - -- Revert "ftplistparser: keep state between invokes" - - This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. - - Caused fuzzer problems on travis not seen when this was a PR! - -- Curl_memchr: zero length input can't match - - Avoids undefined behavior. - - Reported-by: Geeknik Labs - -- ftplistparser: keep state between invokes - - Fixes FTP wildcard parsing when doing over a number of read buffers. - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2519 - -- ftplistparser: renamed some members and variables - - ... to make them better spell out what they're for. - -- RELEASE-NOTES: synced - -- [Christian Schmitz brought this change] - - curl_global_sslset: always provide available backends - - Closes #2499 - -- http2: convert an assert to run-time check - - Fuzzing has proven we can reach code in on_frame_recv with status_code - not having been set, so let's detect that in run-time (instead of with - assert) and error error accordingly. - - (This should no longer happen with the latest nghttp2) - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 - Closes #2514 - -- curl.1: clarify that options and URLs can be mixed - - Fixes #2515 - Closes #2517 - -Jay Satiro (23 Apr 2018) -- [Archangel_SDY brought this change] - - CURLOPT_SSLCERT.3: improve WinSSL-specific usage info - - Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 - - Closes https://github.com/curl/curl/pull/2504 - -- [Archangel_SDY brought this change] - - schannel: fix build error on targets <= XP - - - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't - support the latter. - - Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 - - Closes https://github.com/curl/curl/pull/2504 - -Daniel Stenberg (23 Apr 2018) -- Revert "ftplistparser: keep state between invokes" - - This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. - - Unfortunately this fix introduces memory leaks I've not been able to fix - in several days. Reverting this for now to get the leaks fixed. - -Jay Satiro (21 Apr 2018) -- tool_help: clarify --max-time unit of time is seconds - - Before: - -m, --max-time <time> Maximum time allowed for the transfer - - After: - -m, --max-time <seconds> Maximum time allowed for the transfer - -Daniel Stenberg (20 Apr 2018) -- http2: handle GOAWAY properly - - When receiving REFUSED_STREAM, mark the connection for close and retry - streams accordingly on another/fresh connection. - - Reported-by: Terry Wu - Fixes #2416 - Fixes #1618 - Closes #2510 - -- http2: clear the "drain counter" when a stream is closed - - This fixes the notorious "httpc->drain_total >= data->state.drain" - assert. - - Reported-by: Anders Bakken - - Fixes #1680 - Closes #2509 - -- http2: avoid strstr() on data not zero terminated - - It's not strictly clear if the API contract allows us to call strstr() - on a string that isn't zero terminated even when we know it will find - the substring, and clang's ASAN check dislikes us for it. - - Also added a check of the return code in case it fails, even if I can't - think of a situation how that can trigger. - - Detected by OSS-Fuzz - Closes #2513 - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760 - -- [Stephan Mühlstrasser brought this change] - - openssl: fix subjectAltName check on non-ASCII platforms - - Curl_cert_hostcheck operates with the host character set, therefore the - ASCII subjectAltName string retrieved with OpenSSL must be converted to - the host encoding before comparison. - - Closes #2493 - -Jay Satiro (20 Apr 2018) -- openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages - - - Support handling verbose-mode trace messages of type - SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, - SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, - SSL3_MT_MESSAGE_HASH - - Reported-by: iz8mbw@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/2403 - -Daniel Stenberg (19 Apr 2018) -- ftplistparser: keep state between invokes - - Regression from f786d1f14 - - Reported-by: wncboy on github - Fixes #2445 - Closes #2508 - -- detect_proxy: only show proxy use if it had contents - -- http2: handle on_begin_headers() called more than once - - This triggered an assert if called more than once in debug mode (and a - memory leak if not debug build). With the right sequence of HTTP/2 - headers incoming it can happen. - - Detected by OSS-Fuzz - - Closes #2507 - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764 - -Jay Satiro (18 Apr 2018) -- [Dan McNulty brought this change] - - schannel: add support for CURLOPT_CAINFO - - - Move verify_certificate functionality in schannel.c into a new - file called schannel_verify.c. Additionally, some structure defintions - from schannel.c have been moved to schannel.h to allow them to be - used in schannel_verify.c. - - - Make verify_certificate functionality for Schannel available on - all versions of Windows instead of just Windows CE. verify_certificate - will be invoked on Windows CE or when the user specifies - CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - - - In verify_certificate, create a custom certificate chain engine that - exclusively trusts the certificate store backed by the CURLOPT_CAINFO - file. - - - doc updates of --cacert/CAINFO support for schannel - - - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString - when available. This implements a TODO in schannel.c to improve - handling of multiple SANs in a certificate. In particular, all SANs - will now be searched instead of just the first name. - - - Update tool_operate.c to not search for the curl-ca-bundle.crt file - when using Schannel to maintain backward compatibility. Previously, - any curl-ca-bundle.crt file found in that search would have been - ignored by Schannel. But, with CAINFO support, the file found by - that search would have been used as the certificate store and - could cause issues for any users that have curl-ca-bundle.crt in - the search path. - - - Update url.c to not set the build time CURL_CA_BUNDLE if the selected - SSL backend is Schannel. We allow setting CA location for schannel - only when explicitly specified by the user via CURLOPT_CAINFO / - --cacert. - - - Add new test cases 3000 and 3001. These test cases check that the first - and last SAN, respectively, matches the connection hostname. New test - certificates have been added for these cases. For 3000, the certificate - prefix is Server-localhost-firstSAN and for 3001, the certificate - prefix is Server-localhost-secondSAN. - - - Remove TODO 15.2 (Add support for custom server certificate - validation), this commit addresses it. - - Closes https://github.com/curl/curl/pull/1325 - -- schannel: fix warning - - - Fix warning 'integer from pointer without a cast' on 3rd arg in - CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer - type of the same size. - - Follow-up to e35b025. - - Caught by Marc's CI builds. - -- [Jakub Wilk brought this change] - - docs: fix typos - - Closes https://github.com/curl/curl/pull/2503 - -Daniel Stenberg (17 Apr 2018) -- RELEASE-NOTES: synced - -Jay Satiro (17 Apr 2018) -- [Kees Dekker brought this change] - - winbuild: Support custom devel paths for each dependency - - - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, - OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, - NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. - - - Use lib.exe for making the static library instead of link.exe /lib. - The latter is undocumented and could cause problems as noted in the - comments. - - - Remove a dangling URL that no longer worked. (I was not able to find - the IDN download at MSDN/microsoft.com, so it seems to be removed.) - - - Remove custom override for release-ssh2-ssl-dll-zlib configuration. - Nobody knows why it was there and as far as we can see is unnecessary. - - Closes https://github.com/curl/curl/pull/2474 - -Daniel Stenberg (17 Apr 2018) -- [Jess brought this change] - - README.md: add backers and sponsors - - Closes #2484 - -- [Archangel_SDY brought this change] - - schannel: add client certificate authentication - - Users can now specify a client certificate in system certificates store - explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` - - Closes #2376 - -Marcel Raad (16 Apr 2018) -- [toughengineer brought this change] - - ntlm_sspi: fix authentication using Credential Manager - - If you pass empty user/pass asking curl to use Windows Credential - Storage (as stated in the docs) and it has valid credentials for the - domain, e.g. - curl -v -u : --ntlm example.com - currently authentication fails. - This change fixes it by providing proper SPN string to the SSPI API - calls. - - Fixes https://github.com/curl/curl/issues/1622 - Closes https://github.com/curl/curl/pull/1660 - -Daniel Stenberg (16 Apr 2018) -- configure: keep LD_LIBRARY_PATH changes local - - ... only set it when we actually have to run tests to reduce its impact - on for example build commands etc. - - Fixes #2490 - Closes #2492 - - Reported-by: Dmitry Mikhirev - -Marcel Raad (16 Apr 2018) -- urldata: make service names unconditional - - The ifdefs have become quite long. Also, the condition for the - definition of CURLOPT_SERVICE_NAME and for setting it from - CURLOPT_SERVICE_NAME have diverged. We will soon also need the two - options for NTLM, at least when using SSPI, for - https://github.com/curl/curl/pull/1660. - Just make the definitions unconditional to make that easier. - - Closes https://github.com/curl/curl/pull/2479 - -Daniel Stenberg (16 Apr 2018) -- test1148: tolerate progress updates better - - Fixes #2446 - Closes #2488 - -- [Christian Schmitz brought this change] - - ssh: show libSSH2 error code when closing fails - - Closes #2500 - -Jay Satiro (15 Apr 2018) -- [Daniel Gustafsson brought this change] - - vauth: Fix typo - - Address various spellings of "credentials". - - Closes https://github.com/curl/curl/pull/2496 - -- [Dagobert Michelsen brought this change] - - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection - - With specific compiler options selecting the arch like -xarch=sparc on - newer compilers like Oracle Studio 12.4 there is no definition of - __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the - 32ÎíÎñbit subset defined by the V8plus ISA specification, without the - Visual Instruction Set (VIS), and without other implementation-specific - ISA extensions. So it should be the same as __sparcv8. - - Closes https://github.com/curl/curl/pull/2491 - -- [Daniel Gustafsson brought this change] - - checksrc: Fix typo - - Fix typo in "semicolon" spelling and remove stray tab character. - - Closes https://github.com/curl/curl/pull/2498 - -- [Daniel Gustafsson brought this change] - - all: Refactor malloc+memset to use calloc - - When a zeroed out allocation is required, use calloc() rather than - malloc() followed by an explicit memset(). The result will be the - same, but using calloc() everywhere increases consistency in the - codebase and avoids the risk of subtle bugs when code is injected - between malloc and memset by accident. - - Closes https://github.com/curl/curl/pull/2497 - -Daniel Stenberg (12 Apr 2018) -- duphandle: make sure CURLOPT_RESOLVE is duplicated fine too - - Verified in test 1502 now - - Fixes #2485 - Closes #2486 - Reported-by: Ernst Sjöstrand - -- mailmap: add a monnerat fixup [ci skip] - -- proxy: show getenv proxy use in verbose output - - ... to aid debugging etc as it sometimes isn't immediately obvious why - curl uses or doesn't use a proxy. - - Inspired by #2477 - - Closes #2480 - -- travis: build libpsl and make builds use it - - closes #2471 - -- travis: bump to clang 6 and gcc 7 - - Extra-eye-on-this-by: Marcel Raad - - Closes #2478 - -Marcel Raad (10 Apr 2018) -- travis: use trusty for coverage build - - This works now and precise is in the process of being decommissioned. - - Closes https://github.com/curl/curl/pull/2476 - -- lib: silence null-dereference warnings - - In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings - when dereferencing pointers after DEBUGASSERT-ing that they are not - NULL. - Fix this by removing the DEBUGASSERTs. - - Suggested-by: Daniel Stenberg - Ref: https://github.com/curl/curl/pull/2463 - -- [Kees Dekker brought this change] - - winbuild: fix URL - - Follow up on https://github.com/curl/curl/pull/2472. - Now using en-us instead of nl-nl as language code in the URL. - - Closes https://github.com/curl/curl/pull/2475 - -Daniel Stenberg (9 Apr 2018) -- [Kees Dekker brought this change] - - winbuild: updated the documentation - - The setenv command no longer exists and visual studio build prompts got - changed. Used Visual Studio 2015/2017 as reference. - - Closes #2472 - -- test1136: fix cookie order after commit c990eadd1277 - -- build: cleanup to fix clang warnings/errors - - unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a - cast from integer to pointer is a GNU extension - - Reported-by: Rikard Falkeborn - - Fixes #2466 - Closes #2468 - -Jay Satiro (7 Apr 2018) -- examples/sftpuploadresmue: Fix Windows large file seek - - - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. - - - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print - curl_off_t. - - Caught by Marc's CI builds. - -Daniel Stenberg (7 Apr 2018) -- curl_setup: provide a CURL_SA_FAMILY_T type if none exists - - ... and use this type instead of 'sa_family_t' in the code since several - platforms don't have it. - - Closes #2463 - -- [Eric Gallager brought this change] - - build: add picky compiler warning flags for gcc 6 and 7 - -- configure: detect sa_family_t - -Jay Satiro (7 Apr 2018) -- [Stefan Agner brought this change] - - tool_operate: Fix retry on FTP 4xx to ignore other protocols - - Only treat response code as FTP response codes in case the - protocol type is FTP. - - This fixes an issue where an HTTP download was treated as FTP - in case libcurl returned with 33. This happens when the - download has already finished and the server responses 416: - HTTP/1.1 416 Requested Range Not Satisfiable - - This should not be treated as an FTP error. - - Fixes #2464 - Closes #2465 - -Daniel Stenberg (6 Apr 2018) -- hash: calculate sizes with size_t instead of longs - - ... since they return size_t anyway! - - closes #2462 - -- RELEASE-NOTES: synced - -- [Jay Satiro brought this change] - - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 - - .. and do the same for build-wolfssl.bat. - - Because MS calls it VC14.1. - - Closes https://github.com/curl/curl/pull/2189 - -- [Kees Dekker brought this change] - - winbuild: make the clean target work without build-type - - Due to the check in Makefile.vc and MakefileBuild.vc, no make call can - be invoked unless a build-type was specified. However, a clean target - only existed when a build type was specified. As a result, the clean - target was unreachable. Made clean target unconditional. - - Closes #2455 - -- [patelvivekv1993 brought this change] - - build-openssl.bat: allow custom paths for VS and perl - - Fixes #2430 - Closes #2457 - -- [Laurie Clark-Michalek brought this change] - - FTP: allow PASV on IPv6 connections when a proxy is being used - - In the situation of a client connecting to an FTP server using an IPv6 - tunnel proxy, the connection info will indicate that the connection is - IPv6. However, because the server behing the proxy is IPv4, it is - permissable to attempt PSV mode. In the case of the FTP server being - IPv4 only, EPSV will always fail, and with the current logic curl will - be unable to connect to the server, as the IPv6 fwdproxy causes curl to - think that EPSV is impossible. - - Closes #2432 - -- [Jon DeVree brought this change] - - file: restore old behavior for file:////foo/bar URLs - - curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC - 8089 but then returns an error saying this is unimplemented. This is - actually a regression in behavior on both Windows and Unix. - - Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and - then passed to the relevant OS API. This means that the behavior of this - case is actually OS dependent. - - The Unix path resolution rules say that the OS must handle swallowing - the extra "/" and so this path is the same as "/foo/bar" - - The Windows path resolution rules say that this is a UNC path and - automatically handles the SMB access for the program. So curl on Windows - was already doing Appendix E.3.2 without any special code in curl. - - Regression - - Closes #2438 - -- [Gaurav Malhotra brought this change] - - Revert "openssl: Don't add verify locations when verifypeer==0" - - This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. - - libcurl (with the OpenSSL backend) performs server certificate verification - even if verifypeer == 0 and the verification result is available using - CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the - CURLINFO_SSL_VERIFYRESULT to not have useful information for the - verifypeer == 0 use case (it would always have - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). - - Closes #2451 - -- [Wyatt O'Day brought this change] - - tls: fix mbedTLS 2.7.0 build + handle sha256 failures - - (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) - - Closes #2453 - -- [Lauri Kasanen brought this change] - - cookie: case-insensitive hashing for the domains - - closes #2458 - -Patrick Monnerat (4 Apr 2018) -- cookie: fix and optimize 2nd top level domain name extraction - - This fixes a segfault occurring when a name of the (invalid) form "domain..tld" - is processed. - - test46 updated to cover this case. - - Follow-up to commit c990ead. - - Ref: https://github.com/curl/curl/pull/2440 - -Daniel Stenberg (4 Apr 2018) -- openssl: provide defines for argument typecasts to build warning-free - - ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types. - -- [Bernard Spil brought this change] - - openssl: fix build with LibreSSL 2.7 - - - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API - - Fixes #2319 - Closes #2447 - Closes #2448 - - Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> - -- [Lauri Kasanen brought this change] - - cookie: store cookies per top-level-domain-specific hash table - - This makes libcurl handle thousands of cookies much better and speedier. - - Closes #2440 - -- [Lauri Kasanen brought this change] - - cookies: when reading from a file, only remove_expired once - - This drops the cookie load time for 8k cookies from 178ms to 15ms. - - Closes #2441 - -- test1148: set a fixed locale for the test - - ...as otherwise it might use a different decimal sign. - - Bug: #2436 - Reported-by: Oumph on github - -Jay Satiro (31 Mar 2018) -- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T - - - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. - - For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. - - Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html - Reported-by: David L. - -Sergei Nikulov (27 Mar 2018) -- [Michał Janiszewski brought this change] - - cmake: Add advapi32 as explicit link library for win32 - - ARM targets need advapi32 explicitly. - - Closes #2363 - -Daniel Stenberg (27 Mar 2018) -- TODO: connection cache sharing is now supporte - -Jay Satiro (26 Mar 2018) -- travis: enable apt retry on fail - - This is a workaround for an unsolved travis issue that is causing CI - instances to sporadically fail due to 'unable to connect' issues during - apt stage. - - Ref: https://github.com/travis-ci/travis-ci/issues/8507 - Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909 - -Michael Kaufmann (26 Mar 2018) -- runtests.pl: fix warning 'use of uninitialized value' - - follow-up to a9a7b60 - - Closes #2428 - -Daniel Stenberg (24 Mar 2018) -- gitignore: ignore more generated files - -- threaded resolver: track resolver time and set suitable timeout values - - In order to make curl_multi_timeout() return suitable "sleep" times even - when there's no socket to wait for while the name is being resolved in a - helper thread. - - It will increases the timeouts as time passes. - - Closes #2419 - -- [Howard Chu brought this change] - - openldap: fix for NULL return from ldap_get_attribute_ber() - - Closes #2399 - -GitHub (22 Mar 2018) -- [Sergei Nikulov brought this change] - - travis-ci: enable -Werror for CMake builds (#2418) - -- [Sergei Nikulov brought this change] - - cmake: avoid warn-as-error during config checks (#2411) - - - Move the CURL_WERROR option processing after the configuration checks - to avoid failures in case of warnings during the configuration checks. - - This is a partial fix for #2358 - -- [Sergei Nikulov brought this change] - - timeval: remove compilation warning by casting (#2417) - - This is fixes #2358 - -Daniel Stenberg (22 Mar 2018) -- http2: read pending frames (including GOAWAY) in connection-check - - If a connection has received a GOAWAY frame while not being used, the - function now reads frames off the connection before trying to reuse it - to avoid reusing connections the server has told us not to use. - - Reported-by: Alex Baines - Fixes #1967 - Closes #2402 - -- [Bas van Schaik brought this change] - - CI: add lgtm.yml for tweaking lgtm.com analysis - - Closes #2414 - -- CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text - - Reported-by: Michal Trybus - - Fixes #2400 - -- TODO: expand ~/ in config files - - Closes #2317 - -- cookie.d: mention that "-" as filename means stdin - - Reported-by: Dongliang Mu - Fixes #2410 - -- CURLINFO_COOKIELIST.3: made the example not leak memory - - Reported-by: Muz Dima - -- vauth/cleartext: fix integer overflow check - - Make the integer overflow check not rely on the undefined behavior that - a size_t wraps around on overflow. - - Detected by lgtm.com - Closes #2408 - -- lib/curl_path.h: add #ifdef header guard - - Detected by lgtm.com - -- vauth/ntlm.h: fix the #ifdef header guard - - Detected by lgtm.com - -Jay Satiro (20 Mar 2018) -- examples/hiperfifo: checksrc compliance - -Daniel Stenberg (19 Mar 2018) -- [Nikos Tsipinakis brought this change] - - parsedate: support UT timezone - - RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with - GMT. - - Closes #2401 - -- RELEASE-NOTES: synced - -- [Don brought this change] - - cmake: add support for brotli - - Currently CMake cannot detect Brotli support. This adds detection of the - libraries and associated header files. It also adds this to the - generated config. - - Closes #2392 - -- [Chris Araman brought this change] - - darwinssl: fix iOS build - -Patrick Monnerat (18 Mar 2018) -- ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES - -Daniel Stenberg (17 Mar 2018) -- [Rick Deist brought this change] - - resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES - - This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request - shuffling of IP addresses returned for a hostname when there is more - than one. This is useful when the application knows that a round robin - approach is appropriate and is willing to accept the consequences of - potentially discarding some preference order returned by the system's - implementation. - - Closes #1694 - -- add_handle/easy_perform: clear errorbuffer on start if set - - To offer applications a more defined behavior, we clear the buffer as - early as possible. - - Assisted-by: Jay Satiro - - Fixes #2190 - Closes #2377 - -- [Lawrence Matthews brought this change] - - CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol - - Add --haproxy-protocol for the command line tool - - Closes #2162 - -- curl_version_info.3: fix ssl_version description - - Reported-by: Vincas Razma - Fixes #2364 - -- multi: improved pending transfers handling => improved performance - - When a transfer is requested to get done and it is put in the pending - queue when limited by number of connections, total or per-host, libcurl - would previously very aggressively retry *ALL* pending transfers to get - them transferring. That was very time consuming. - - By reducing the aggressiveness in how pending are being retried, we - waste MUCH less time on putting transfers back into pending again. - - Some test cases got a factor 30(!) speed improvement with this change. - - Reported-by: Cyril B - Fixes #2369 - Closes #2383 - -- pause: when changing pause state, update socket state - - Especially unpausing a transfer might have to move the socket back to the - "currently used sockets" hash to get monitored. Otherwise it would never get - any more data and get stuck. Easily triggered with pausing using the - multi_socket API. - - Reported-by: Philip Prindeville - Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html - Fixes #2393 - Closes #2391 - -- [Philip Prindeville brought this change] - - examples/hiperfifo.c: improved - - * use member struct event’s instead of pointers to alloc’d struct - events - - * simplify the cases for the mcode_or_die() function via macros; - - * make multi_timer_cb() actually do what the block comment says it - should; - - * accept a “stop” command on the FIFO to shut down the service; - - * use cleaner notation for unused variables than the (void) hack; - - * allow following redirections (304’s); - -- rate-limit: use three second window to better handle high speeds - - Due to very frequent updates of the rate limit "window", it could - attempt to rate limit within the same milliseconds and that then made - the calculations wrong, leading to it not behaving correctly on very - fast transfers. - - This new logic updates the rate limit "window" to be no shorter than the - last three seconds and only updating the timestamps for this when - switching between the states TOOFAST/PERFORM. - - Reported-by: 刘佩东 - Fixes #2386 - Closes #2388 - -- [luz.paz brought this change] - - cleanup: misc typos in strings and comments - - Found via `codespell` - - Closes #2389 - -- RELEASE-NOTES: toward 7.60.0 - -- [Kobi Gurkan brought this change] - - http2: fixes typo - - Closes #2387 - -- user-agent.d:: mention --proxy-header as well - - Bug: https://github.com/curl/curl/issues/2381 - -- transfer: make HTTP without headers count correct body size - - This is what "HTTP/0.9" basically looks like. - - Reported on IRC - - Closes #2382 - -- test1208: marked flaky - - It fails somewhere between every 3rd to 10th travis-CI run - -- SECURITY-PROCESS: mention how we write/add advisories - -- [dasimx brought this change] - - FTP: fix typo in recursive callback detection for seeking - - Fixes #2380 - -Version 7.59.0 (13 Mar 2018) - -Daniel Stenberg (13 Mar 2018) -- release: 7.59.0 - -Kamil Dudka (13 Mar 2018) -- tests/.../spnego.py: fix identifier typo - - Detected by Coverity Analysis: - - Error: IDENTIFIER_TYPO: - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: - * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. - * Identifier "SupportedMech" is referenced elsewhere at least 4 times. - curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". - curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). - curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? - - Closes #2379 - -Daniel Stenberg (13 Mar 2018) -- CURLOPT_COOKIEFILE.3: "-" as file name means stdin - - Reported-by: Aron Bergman - Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html - - [ci skip] - -- Revert "hostip: fix compiler warning: 'variable set but not used'" - - This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. - - The assignment really needs to be there or we risk working with an - uninitialized pointer. - -Michael Kaufmann (12 Mar 2018) -- limit-rate: fix compiler warning - - follow-up to 72a0f62 - -Viktor Szakats (12 Mar 2018) -- checksrc.pl: add -i and -m options - - To sync it with changes made for the libssh2 project. - Also cleanup some whitespace. - -- curl-openssl.m4: fix spelling [ci skip] - -- FAQ: fix a broken URL [ci skip] - -Daniel Stenberg (12 Mar 2018) -- http2: mark the connection for close on GOAWAY - - ... don't consider it an error! - - Assisted-by: Jay Satiro - Reported-by: Łukasz Domeradzki - Fixes #2365 - Closes #2375 - -- credits: Viktor prefers without accent - -- openldap: white space changes, fixed up the copyright years - -- openldap: check ldap_get_attribute_ber() results for NULL before using - - CVE-2018-1000121 - Reported-by: Dario Weisser - Bug: https://curl.haxx.se/docs/adv_2018-97a2.html - -- FTP: reject path components with control codes - - Refuse to operate when given path components featuring byte values lower - than 32. - - Previously, inserting a %00 sequence early in the directory part when - using the 'singlecwd' ftp method could make curl write a zero byte - outside of the allocated buffer. - - Test case 340 verifies. - - CVE-2018-1000120 - Reported-by: Duy Phan Thanh - Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html - -- readwrite: make sure excess reads don't go beyond buffer end - - CVE-2018-1000122 - Bug: https://curl.haxx.se/docs/adv_2018-b047.html - - Detected by OSS-fuzz - -- BUGS: updated link to security process - -- limit-rate: kick in even before "limit" data has been received - - ... and make sure to avoid integer overflows with really large values. - - Reported-by: 刘佩东 - Fixes #2371 - Closes #2373 - -- docs/SECURITY.md -> docs/SECURITY-PROCESS.md - -- SECURITY.md: call it the security process - -Michael Kaufmann (11 Mar 2018) -- Curl_range: fix FTP-only and FILE-only builds - - follow-up to e04417d - -- hostip: fix compiler warning: 'variable set but not used' - -Daniel Stenberg (11 Mar 2018) -- HTTP: allow "header;" to replace an internal header with a blank one - - Reported-by: Michael Kaufmann - Fixes #2357 - Closes #2362 - -- http2: verbose output new MAX_CONCURRENT_STREAMS values - - ... as it is interesting for many users. - -- SECURITY: distros' max embargo time is 14 days now - -Patrick Monnerat (8 Mar 2018) -- curl tool: accept --compressed also if Brotli is enabled and zlib is not. - -Daniel Stenberg (5 Mar 2018) -- THANKS + mailmap: remove duplicates, fixup full names - -- [sergii.kavunenko brought this change] - - WolfSSL: adding TLSv1.3 - - Closes #2349 |