diff options
Diffstat (limited to 'plugins/FTPFileYM/curl-7.29.0/CHANGES')
-rw-r--r-- | plugins/FTPFileYM/curl-7.29.0/CHANGES | 5751 |
1 files changed, 5751 insertions, 0 deletions
diff --git a/plugins/FTPFileYM/curl-7.29.0/CHANGES b/plugins/FTPFileYM/curl-7.29.0/CHANGES new file mode 100644 index 0000000000..08f0a8f60d --- /dev/null +++ b/plugins/FTPFileYM/curl-7.29.0/CHANGES @@ -0,0 +1,5751 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Changelog + +Version 7.29.0 (6 Feb 2013) + +Daniel Stenberg (6 Feb 2013) +- vms: config-vms.h is removed, no use trying to distribute it + +- RELEASE-NOTES: mention the SASL buffer overflow + +- [Eldar Zaitov brought this change] + + Curl_sasl_create_digest_md5_message: fix buffer overflow + + When negotiating SASL DIGEST-MD5 authentication, the function + Curl_sasl_create_digest_md5_message() uses the data provided from the + server without doing the proper length checks and that data is then + appended to a local fixed-size buffer on the stack. + + This vulnerability can be exploited by someone who is in control of a + server that a libcurl based program is accessing with POP3, SMTP or + IMAP. For applications that accept user provided URLs, it is also + thinkable that a malicious user would feed an application with a URL to + a server hosting code targetting this flaw. + + Bug: http://curl.haxx.se/docs/adv_20130206.html + +Steve Holme (6 Feb 2013) +- FEATURES: Removed erroneous whitespace + + Removed whitespace introduced in commit 5f8f20f5e65b that caused + formatting issues when generating the website docs. + +Yang Tse (6 Feb 2013) +- setup-vms.h: post VMS patch cleanup - III + + - rename post-config-vms.h to setup-vms.h + - move its inclusion into proper location in curl_setup.h + +- vms_show: post VMS patch cleanup - II + + - remove multiple declarations of vms_show and add comments + +- tool_main.c: post VMS patch cleanup - I + + - remove header inclusion already done in curl_setup_once.h + +Steve Holme (6 Feb 2013) +- FEATURES: Added SSPI to list of NTLM libraries + +- FEATURES: Added Secure Transport and qssl to list of SSL libraries + +- FEATURES: Added email feature set + + Added SMTP, SMTPS, POP3, POP3S, IMAP and IMAPS features. + +- imap.h: Corrected incorrect comment clarification + + Corrected comment clarification made in commit 167717b8069a. + +- COPYING: Updated copyright year to include 2013 + +Daniel Stenberg (5 Feb 2013) +- RELEASE-NOTES: synced with 25f351424b3538 + + 8 more bug fixes mentioned + +- [John E. Malmberg brought this change] + + VMS: fix and generate the VMS build config + + config_h.com is a new file that generates a config.h file based on the + curl_config.h.in file and a quick scan of the configure script. This is + actually a generic procedure that is shared with other VMS packages. + + The existing pre-built config-vms.h had over 100 entries that were not + correct and in some cases conflicted with the build options available in + the build_vms.com. + + generate_config_vms_h_curl.com is a helper procedure to the + config_h.com. It covers the cases that the generic config_h.com is not + able to figure out, and accepts input from the build_vms.com procedure. + + build_curlbuild_h.com is a new file to generate the curlbuild.h file + that Curl is now using when it is using a curl_config.h file. + + post-config-vms.h is a new file that is needed to provide VMS specific + definitions, and most of them need to be set before the system header + files are included. + + The VMS build procedure is fixed: + + 1. Fixed to link in the correct HP ssl library. + 2. Fixed to detect if HP Kerberos is installed. + 3. Fixed to detect if HP LDAP is installed. + 4. Fixed to detect if gnv$libzshr is installed. + 5. Simplified the input parameter parsing to not use a loop. + 6. Warn that 64 bit pointer option support is not complete + in comments. + 7. Default to IEEE floating if platform supports it so + resulting libcurl will be compatible with other + open source projects on VMS. + 8. Default to LARGEFILE if platform supports it. + 9. Default to enable SSL, LDAP, Kerberos, libz + if the libraries are present. + 10. Build with exact case global symbols for libcurl. + 11. Generate linker option file needed. + 12. Compiler list option only commonly needed items. + 13. fulllist option for those who really want it. + 14. Create debug symbol file on Alpha, IA64. + +- Curl_proxyCONNECT: return once CONNECT is sent + + By doing this unconditionally, we infer a simpler and more defined + behavior. This also has the upside that test 1021 no longer fails for me + even if I run with valgrind. + + Also fixed some wrong comments. + +Steve Holme (5 Feb 2013) +- email: Reworked comments in the endofresp() functions + + Tidied up the comments in the endofresp() functions to be more + meaningful prior to release. + +Marc Hoersken (5 Feb 2013) +- schannel: Removed extended error connection setup flag + + According KB975858 this flag may cause problems on Windows 7 and + Windows Server 2008 R2 systems. Extended error information is not + currently used by libcurl and therefore not a requirement. + + The flag may improve the SSL-connection shutdown in case of an + error. This means it might be a good improvement in the future. + + Fixes bug/issue #1187 - thanks for the report + +Daniel Stenberg (5 Feb 2013) +- [Tor Arntsen brought this change] + + singleipconnect: Update *sockp for all CURLE_OK + + The 56b7c87c7 change left a case where a good sockfd was not copied to + *sockp before returning with CURLE_OK + +- curl_easy_perform: Value stored to 'mcode' is never read + + pointed out by clang-analyzer + +- singleipconnect: remove dead assignment + + pointed out by clang-analyzer + +Linus Nielsen Feltzing (5 Feb 2013) +- CURLMOPT_MAXCONNECTS: restore functionality + + When a connection is no longer used, it is kept in the cache. If the + cache is full, the oldest idle connection is closed. If no connection is + idle, the current one is closed instead. + +Steve Holme (5 Feb 2013) +- RELEASE-NOTES: Updated following recent changes to the email protocols + + Added recent additions and fixes following the changes to imap, pop3 + and smtp. Additionally added another contributor that helped to test + the imap sasl changes. + +- email: Provided extra comments following recent pop3/imap fixes + + Provided additional clarification about the logic of the authenticate() + functions following commit 6b6bdc83bd36 and b4270a9af1d0. + +Daniel Stenberg (5 Feb 2013) +- [Andrei Kurushin brought this change] + + winbuild: include version info for .dll .exe + + Bug: http://curl.haxx.se/bug/view.cgi?id=1186 + +- FAQ: clarify 5.13 How do I stop an ongoing transfer + + Rich Gray provided good feedback and we now clarify that you can in fact + stop a multi transfer at any point you like by removing the easy handle. + +- [Matt Arsenault brought this change] + + cmake: Fix mingw build + +- [Sergei Nikulov brought this change] + + cmake: updated OpenSSL build + +Steve Holme (4 Feb 2013) +- pop3.c: Updated variable names to use shorter / more readable variant + + Tidied up code from commit 6b6bdc83bdUpdated where a few instances of + the pop3c struct variable used the longer conndata struct rather than + matching what other code in pop3_authenticate() used. + +Guenter Knauf (4 Feb 2013) +- updated copyright years. + +- configure: update the copyright years for the output. + +Steve Holme (3 Feb 2013) +- imap: Fixed no known authentication mechanism when fallback is required + + Fixed an issue where (lib)curl is compiled without support for a + supported challenge-response based SASL authentication mechanism, such + as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN + mechanisms and (lib)curl doesn't fallback to Clear Text authentication. + + Note: In order to fallback to Clear Text authentication properly this + fix adds support for the LOGINDISABLED server capability. + imap: Fixed no known authentication mechanism when fallback is required + + Fixed an issue where (lib)curl is compiled without support for a + supported challenge-response based SASL authentication mechanism, such + as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN + mechanisms and (lib)curl doesn't fallback to Clear Text authentication. + + Note: In order to fallback to Clear Text authentication properly this + fix adds support for the LOGINDISABLED server capability. + + Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html + Reported by: Stanislav Ivochkin + +- pop3: Fixed no known authentication mechanism when fallback is required + + Fixed an issue where (lib)curl is compiled without support for a + supported challenge-response based SASL authentication mechanism, such + as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN + mechanisms and (lib)curl doesn't fallback to APOP or Clear Text + authentication. + + Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html + Reported by: Stanislav Ivochkin + +Daniel Stenberg (1 Feb 2013) +- singleipconnect: simplify and clean up + + Remove timeout argument that's never used. + + Make the actual connection get detected on a single spot to reduce code + duplication. + + Store the IPv6 state already when the connection is attempted. + +- Curl_perfom: removed + + Curl_perfom is no longer used anywhere since the always-multi commit + c43127414d89ccb9, and some related functions were used only from within + Curl_perfom. + +Guenter Knauf (30 Jan 2013) +- Updated date. + +Yang Tse (30 Jan 2013) +- zz40-xc-ovr.m4: fix 'wc' detection - follow-up 2 + + - Fix a pair of single quotes to double quotes. + + URL: http://curl.haxx.se/mail/lib-2013-01/0355.html + Reported by: Tor Arntsen + +- zz40-xc-ovr.m4: fix 'wc' detection - follow-up + + - Take into account that 'wc' may return leading spaces and/or tabs. + + - Set initial IFS to space, tab and newline. + +- zz40-xc-ovr.m4: fix 'wc' detection + + - Take into account that 'wc' may return leading spaces. + + - Set internationalization behavior variables. + + Tor Arntsen analyzed and reported the issue. + + URL: http://curl.haxx.se/mail/lib-2013-01/0351.html + +- zz40-xc-ovr.m4: check another three basic utilities + +Guenter Knauf (29 Jan 2013) +- Fixed debug.c to work again unchanged. + + Added CURLOPT_FOLLOWLOCATION since example.com is now redirected. + +Daniel Stenberg (29 Jan 2013) +- [Nick Zitzmann brought this change] + + darwinssl: Fix bug where packets were sometimes transmitted twice + + There was a bug where, if SSLWrite() returned errSSLWouldBlock but did + succeed in transmitting at least something, then we'd incorrectly + resend the packet. Now we never take errSSLWouldBlock as a sign that + nothing was transferred to/from the server. + + Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html + Reported by: Bruno de Carvalho + +- [Nick Zitzmann brought this change] + + FAQ: "Darwinssl" is AKA "Secure Transport" and supports NTLM + +- RELEASE-NOTES: only list Nick once + + Even though he's a fine dude, once is enough for this time! + +Yang Tse (28 Jan 2013) +- zz40-xc-ovr.m4: 1.0 interface stabilization + + - Stabilization results in 4 public interface m4 macros: + XC_CONFIGURE_PREAMBLE + XC_CONFIGURE_PREAMBLE_VER_MAJOR + XC_CONFIGURE_PREAMBLE_VER_MINOR + XC_CHECK_PATH_SEPARATOR + - Avoid one level of internal indirection + - Update comments + - Drop XC_OVR_ZZ40 macro + +Kamil Dudka (28 Jan 2013) +- docs: fix typos in man pages + + Reported by: Jiri Jaburek + Bug: https://bugzilla.redhat.com/896544 + +- docs: update the comments about loading CA certs with NSS + + Bug: https://bugzilla.redhat.com/696783 + +Guenter Knauf (28 Jan 2013) +- Updated dependency libs. + +- Fixed simple.c to work again unchanged. + + Added CURLOPT_FOLLOWLOCATION since example.com is now redirected. + +Steve Holme (27 Jan 2013) +- smtp.c: Fixed unnecessary state change if starttls fails + + The state machine should only be changed to SMTP_STARTTLS when the + STARTTLS command has been successfully sent to the server. + +- pop3.c: Fixed unnecessary state change if starttls fails + + The state machine should only be changed to POP3_STARTTLS when the + STLS command has been successfully sent to the server. + +- imap.c: Fixed unnecessary state change if starttls fails + + The state machine should only be changed to IMAP_STARTTLS when the + STARTTLS command has been successfully sent to the server. + +- email: Updated comment regarding ssldone usage + + Updated the ssldone comment as multi mode is always used internally now. + +Yang Tse (26 Jan 2013) +- zz40-xc-ovr.m4: emit witness message in configure BODY + + This avoids witness message in output when running configure --help, + while sending the message to config.log for other configure runs. + +Steve Holme (25 Jan 2013) +- smtp.c: Added comments to smtp_endofresp() + + Minor code tidy up to add comments similar to those used in the pop3 + and imap end of resp functions, in order to assist anyone reading the + code and highlight the similarities between each of these protocols. + +Yang Tse (25 Jan 2013) +- zz40-xc-ovr.m4: truly do version conditional overriding + + - version conditional overriding + - catch unexpanded XC macros + - fix double words in comments + +- zz40-xc-ovr.m4: fix variable assignment of subshell output bashism + + Tor Arntsen analyzed and reported the issue. + + URL: http://curl.haxx.se/mail/lib-2013-01/0306.html + +- zz40-xc-ovr.m4: reinstate strict AC_REQUIRE macro dependencies + +- zz40-xc-ovr.m4: avoid double single-quote usage + +- zz40-xc-ovr.m4: parentheses balancing of 'case' statements + + m4 quadrigraph shell comment technique allows proper autoconf + parentheses balancing in shell 'case' statements. The presence + of unbalanced parentheses may otherwise trigger expansion bugs. + +Steve Holme (24 Jan 2013) +- smtp.c: Corrected RFC references + + The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as + previously documented. + + Added RFC1870 and re-ordered list numerically. + +- smtp.c: Fixed failure detection during TLS upgrade + + smtp_state_upgrade_tls() would attempt to incorrectly complete the + upgrade to smtps and start the EHLO command if + Curl_ssl_connect_nonblocking() returned a failure code and if ssldone + was set to TRUE. This would only happen when a non-blocking API hadn't + been provided by the SSL implementation and curlssl_connect() was + called underneath. + +- pop3.c: Fixed failure detection during TLS upgrade + + pop3_state_upgrade_tls() would attempt to incorrectly complete the + upgrade to pop3s and start the CAPA command if + Curl_ssl_connect_nonblocking() returned a failure code and if ssldone + was set to TRUE. This would only happen when a non-blocking API hadn't + been provided by the SSL implementation and curlssl_connect() was + called underneath. + +- imap.c: Fixed failure detection during TLS upgrade + + imap_state_upgrade_tls() would attempt to incorrectly complete the + upgrade to imaps and start the CAPABILITY command if + Curl_ssl_connect_nonblocking() returned a failure code and if ssldone + was set to TRUE. This would only happen when a non-blocking API hadn't + been provided by the SSL implementation and curlssl_connect() was + called underneath. + +Yang Tse (24 Jan 2013) +- zz40-xc-ovr.m4: internals overhauling + + - Update comments + - Execute commands in subshells + - Faster path separator check + - Fix missing 'test' command + - Rename private macros + - Minimize AC_REQUIRE usage + +Steve Holme (23 Jan 2013) +- email: Removed unnecessary return statements + + Small tidy up to remove unnecessary return statements prior to the next + fix. + +Yang Tse (23 Jan 2013) +- zz40-xc-ovr.m4: redirect errors and warnings to stderr + +- zz40-xc-ovr.m4: AC_REQUIRE also XC_CONFIGURE_PREAMBLE success message + +- zz60-xc-ovr.m4: tighten XC_OVR_ZZ60 macro placement requirements + +- configure: use XC_CONFIGURE_PREAMBLE early checks + + Some basic checks we make were placed early enough in generated + configure script when using autoconf 2.5X versions. Newer autoconf + versions expand these checks much further into the configure script, + rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement + of early intended checks across all our autoconf supported versions. + +- zz40-xc-ovr.m4: provide XC_CONFIGURE_PREAMBLE macro + +Daniel Stenberg (23 Jan 2013) +- FAQ: update the SSL lib list and wording in question 2.2 + +Steve Holme (22 Jan 2013) +- curl_sasl.c: Corrected references to RFC + + The most recent version of the RFC is RFC4422 and not RFC2222 as + previously documented. + +- email: Corrected references to SASL RFC + + The most recent version of the SASL RFC is RFC4422 and not RFC2222 as + previously documented. + +Daniel Stenberg (22 Jan 2013) +- [Ulion brought this change] + + formpost: support quotes, commas and semicolon in file names + + - document the double-quote and backslash need be escaped if quoting. + - libcurl formdata escape double-quote in filename by backslash. + - curl formparse can parse filename both contains '"' and ',' or ';'. + - curl now can uploading file with ',' or ';' in filename. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1171 + +- memanalyze.pl: handle fopen() of file names with quotes + +Yang Tse (21 Jan 2013) +- xc-cc-check.m4: re-evaluate exporting and AC_SUBST'ing vars + + Notes: + + When running a configure script that has nested packages (for example + libcurl's configure with --enable-ares and c-ares sources embedded in + curl tree) and AC_CONFIG_SUBDIRS([nested-subdir]) machinery is used to + automatically run the nested configure script from within the parent + configure script, it happens that the nested _shell_ script will + inherit shell variables exported from the parent _shell_ script. + + If for example parent configure script sets and exports LDFLAGS and LIBS + variables with proper values in order to link either a parent library or + program with a library which will be configured and built by a nested + package; It will happen that when the nested configure script runs, the + nested library does not exist yet and _any_ link-test done in the nested + configure will fail, such as those that autoconf macros perform in order + to detect existing compiler and its characteristics, the result is that + the nested configure script will fail with errors such as: + + configure: error: C compiler cannot create executables + + For now, we no longer export variables previously exported here. + + On the other hand, AC_SUBST'ing them is appropriate and even with nested + packages each package's config.status gets its own package values. + + So we reinstate AC_SUBST'ing previously AC_SUBST'ed variables. + +Daniel Stenberg (21 Jan 2013) +- FAQ: 3.22 curl -X gives me HTTP problems + +Yang Tse (21 Jan 2013) +- xc-cc-check.m4: avoid recursive package automake'ing breakage + +- xc-cc-check.m4: mark earlier variables that are to be exported + +- configure: autotools compatibility fixes - step I + + Fix proper macro expansion order across autotools versions for + C compiler and preprocessor program checks. + +Steve Holme (20 Jan 2013) +- pop3.c: Fixed conditional compilation of the apop response function + + Extended the fix from commit 8b15c84ea91e to additionally exclude + pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is + defined. + +Yang Tse (20 Jan 2013) +- Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables + +Daniel Stenberg (19 Jan 2013) +- formadd: reject trying to read a directory where a file is expected + + Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html + Reported by: Ulrich Doehner + +- curl_easy_send.3: document return codes + + Reported by: Craig Davison + Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html + +- curl_easy_recv.3: document return codes + + Reported by: Craig Davison + Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html + +Steve Holme (19 Jan 2013) +- email: General code tidy up + + Corrected some function argument definitions to maximize the 80 + character line length limit and be in keeping with the curl + coding style. + +- pop3.c: Fixed a problem with pop3s connections not connecting properly + + Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete + correctly and the ssldone flag wouldn't be set to true for pop3s based + connections. + + Bug introduced in commit: 4ffb8a6398ed. + +Daniel Stenberg (18 Jan 2013) +- RELEASE-NOTES: add references to several bugfixes+changes + +Steve Holme (18 Jan 2013) +- RELEASE-NOTES: Added missing imap fix + + Added missing imap fix as per commit 709b3506cd9b. + +Yang Tse (18 Jan 2013) +- runtests.pl: make VPATH builds find valgrind.supp + +Daniel Stenberg (18 Jan 2013) +- RELEASE-NOTES: synced with c43127414d89 + +- always-multi: always use non-blocking internals + + Remove internal separated behavior of the easy vs multi intercace. + curl_easy_perform() is now using the multi interface itself. + + Several minor multi interface quirks and bugs have been fixed in the + process. + + Much help with debugging this has been provided by: Yang Tse + +Yang Tse (17 Jan 2013) +- url.c: fix HTTP CONNECT tunnel establishment upon delayed response + + Fixes initial proxy response being processed by the tunneled protocol + handler instead of the HTTP wrapper handler. This issue would trigger + upon delayed CONNECT response from the proxy. + + Additionally fixes a multi interface code-path in which connections + would not time out properly. + + This does not fix known bug #39. + + URL: http://curl.haxx.se/mail/lib-2013-01/0191.html + +Daniel Stenberg (16 Jan 2013) +- [Yves Arrouye brought this change] + + --libcurl: fix for non-zero default options + + If the default value for an option taking a long as its value is non + zero, and it is set by zero by a command line option, then that command + line option is not reflected in --libcurl's output. This is because line + 520-521 of tool_setopt.c look like: + + if(!lval) + skip = TRUE; + + An example of a command-line option doing so is the -k option that sets + CURLOPT_SLL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0L, when the + defaults are non-zero. + +- FTP: reject illegal port numbers in EPSV 229 responses + +Yang Tse (15 Jan 2013) +- commit bc682cbd follow-up + +- build: use per-target '_CPPFLAGS' for those currently using default + + Automake documents that doing this will make it choose a different name + for intermediate object files even when sharing source files across + targets of same Makefile.am. + + Up to automake 1.13.1 target's intermediate object files were placed + in the build subdirectory of the target. We depended on this, probably + undocumented behavior, to achieve same behavior as if a per-target flag + had been specified when building targets that actually belong to + different Makefile.am files. + + It seems automake 1.13.2 is going to break behavior mentioned above. + + So, lets use a documented behavior in order to achieve same purpose, + across automake versions, no matter where automake wishes to place + intermediate object files. + + Our build targets that already were using a per-target '_CFLAGS' or + '_CPPFLAGS' need no 'fixing', these were already 'fixed'. The only + Makefile.am or Makefile.in files in libcurl's source tree touched by + this 'fix' are tests/libtest/Makefile.inc and tests/unit/Makefile.inc. + +- tests/libtest/Makefile.inc: sort build targets + +- tests/Makefile.am: remove wildcard usage in EXTRA_DIST + +Kamil Dudka (15 Jan 2013) +- nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + + Do not use the error messages from NSS for errors not occurring in NSS. + +Steve Holme (14 Jan 2013) +- TODO: Updated following IMAP SASL additions + +Yang Tse (14 Jan 2013) +- configure: fix automake 1.13 compatibility + + Tested with: + + buildconf: autoconf version 2.69 + buildconf: autom4te version 2.69 + buildconf: autoheader version 2.69 + buildconf: automake version 1.13.1 + buildconf: aclocal version 1.13.1 + buildconf: libtool version 2.4 + buildconf: GNU m4 version 1.4.16 + +Daniel Stenberg (13 Jan 2013) +- BUGS: update bug tracker URL + + ... and refresh number of lines of code + +- Curl_resolver_getsock: fix the function description comment + + It referred to it by the wrong name and said it returned the wrong value. + + Reported by: Gisle Vanem + +Kamil Dudka (11 Jan 2013) +- nss: clear session cache if a client cert from file is used + + This commit fixes a regression introduced in 052a08ff. + + NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback + and if we connect second time to the same server, the cached cert/key + pair is used. If we use multiple client certificates for different + paths on the same server, we need to clear the session cache to force + NSS to call the hook again. The commit 052a08ff prevented the session + cache from being cleared if a client certificate from file was used. + + The condition is now fixed to cover both cases: consssl->client_nickname + is not NULL if a client certificate from the NSS database is used and + connssl->obj_clicert is not NULL if a client certificate from file is + used. + + Review by: Kai Engert + +Yang Tse (11 Jan 2013) +- sockfilt.c: log file descriptor number on read/write error + +- [Gisle Vanem brought this change] + + packages/DOS/common.dj: remove COFF debug info generation + + gcc on DOS hasn't really supported COFF-debug (-gcoff) on djgpp for a + long time. + + "Sounds like the COFF debug info generation has bit-rotted in GCC. + Nothing new here, no other platform uses COFF AFAIK." + + So lets drop it too. + + URL: http://curl.haxx.se/mail/lib-2013-01/0130.html + +- curl: ignore SIGPIPE - compilation fix - follow-up + +- test servers: handle W32/W64 SIGBREAK with exit_signal_handler + +- test servers: fix errno, ERRNO and SOCKERRNO usage for W32/W64 + +- sockfilt.c: fix some W64 compiler warnings + +Daniel Stenberg (9 Jan 2013) +- [Nick Zitzmann brought this change] + + docs: the --with-darwinssl option is available on Apple OSes + +Yang Tse (9 Jan 2013) +- curl: ignore SIGPIPE - compilation fix + +- build: fix circular header inclusion with other packages + + This commit renames lib/setup.h to lib/curl_setup.h and + renames lib/setup_once.h to lib/curl_setup_once.h. + + Removes the need and usage of a header inclusion guard foreign + to libcurl. [1] + + Removes the need and presence of an alarming notice we carried + in old setup_once.h [2] + + ---------------------------------------- + + 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard + up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, + this single inclusion guard is enough to ensure that inclusion of + lib/setup_once.h done from lib/setup.h is only done once. + + Additionally lib/setup.h has always used __SETUP_ONCE_H macro to + protect inclusion of setup_once.h even after commit ec691ca3, this + was to avoid a circular header inclusion triggered when building a + c-ares enabled version with c-ares sources available which also has + a setup_once.h header. Commit ec691ca3 exposes the real nature of + __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard + foreign to libcurl belonging to c-ares's setup_once.h + + The renaming this commit does, fixes the circular header inclusion, + and as such removes the need and usage of a header inclusion guard + foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. + + 2 - Due to the circular interdependency of old lib/setup_once.h and the + c-ares setup_once.h header, old file lib/setup_once.h has carried + back from 2006 up to now days an alarming and prominent notice about + the need of keeping libcurl's and c-ares's setup_once.h in sync. + + Given that this commit fixes the circular interdependency, the need + and presence of mentioned notice is removed. + + All mentioned interdependencies come back from now old days when + the c-ares project lived inside a curl subdirectory. This commit + removes last traces of such fact. + +Daniel Stenberg (8 Jan 2013) +- curl: ignore SIGPIPE + + This is a work-around for bug #1180 which is really libcurl's inability + to ignore SIGPIPE in a few cases. With this work-around at least curl + won't suffer from it! + + Bug: http://curl.haxx.se/bug/view.cgi?id=1180 + Reported by: Lluís Batlle i Rossell + +Yang Tse (8 Jan 2013) +- sockfilt.c: fix some compiler warnings + +Daniel Stenberg (8 Jan 2013) +- Revert "configure: update req to 2.59" + + This reverts commit 7a6d8b1b1a8fcc184c36d6b6e741e32250b4bacb. + + URL: http://curl.haxx.se/mail/lib-2013-01/0103.html + +Steve Holme (8 Jan 2013) +- pop3: Added support for non-blocking SSL upgrade + + Added support for asynchronous SSL upgrade when using the + multi-interface. + +Daniel Stenberg (8 Jan 2013) +- configure: update req to 2.59 + + I ran the 2.59 version of autoupdate that updates obsoleted configure.ac + constructs to the 2.59 standard. With a little hands-on fiddling I + prevented it from ruining the quoting in AS_HELP_STRING() uses. + + I subsequently also bumped the required autoconf version to 2.59 + (released in December 2003) as I don't have an older autoconf version + around to test with and I can't be bothered to install one either... + + Inspired by: Björn Stenberg + Related blog post: http://cazfi.livejournal.com/195108.html + +Steve Holme (7 Jan 2013) +- imap.c: Small tidy up to add missing comment + +- imap: Added support for sasl digest-md5 authentication + +- imap: Added support for sasl cram-md5 authentication + +Marc Hoersken (7 Jan 2013) +- tests/server/sockfilt.c: Fixed integer comparison warning + +- tests/server/sockfilt.c: Include required Win32 headers + +Steve Holme (7 Jan 2013) +- imap: Added support for sasl ntlm authentication + +- imap: Added support for sasl login authentication + +- pop3.c: Fixed default authentication detection + + Fixed an issue where a server may positively respond to the CAPA command + but not list clear text as a valid authentication type. + +- curl_sasl.c: Small code tidy up following imap changes + +- smtp.c: Small code tidy up following imap changes + +- pop3.c: Small code tidy up following imap changes + +- imap: Added support for sasl plain text authentication + +Marc Hoersken (6 Jan 2013) +- tests/server/sockfilt.c: Fixed support for listening sockets + + This commit fixes support for sockets that are ready to accept + a new connection and have previously been put into listening mode. + + It also includes changes which are the result of investigation + regarding Windows STDIN. These changes are the preparation for further + improvements regarding support for reading data from STDIN on Windows. + + Open issue: WaitForMultipleObjectsEx does not support PIPE handles + which are returned by GetStdHandle while running without a GUI. + +- tests/server/sockfilt.c: Set Windows Console to binary mode + +- tests/server/sockfilt.c: Improved log error messages + + Include error code and parameters in error messages. + +Steve Holme (6 Jan 2013) +- imap: Introduced the continue response in imap_endofresp() + +- imap: Added support for SASL based authentication mechanism detection + + Added support for detecting the supported SASL authentication mechanisms + via the CAPABILITY command. + +Yang Tse (6 Jan 2013) +- Revert changes relative to lib/*.[ch] recent renaming + + This reverts renaming and usage of lib/*.h header files done + 28-12-2012, reverting 2 commits: + + f871de0... build: make use of 76 lib/*.h renamed files + ffd8e12... build: rename 76 lib/*.h files + + This also reverts removal of redundant include guard (redundant thanks + to changes in above commits) done 2-12-2013, reverting 1 commit: + + c087374... curl_setup.h: remove redundant include guard + + This also reverts renaming and usage of lib/*.c source files done + 3-12-2013, reverting 3 commits: + + 13606bb... build: make use of 93 lib/*.c renamed files + 5b6e792... build: rename 93 lib/*.c files + 7d83dff... build: commit 13606bbfde follow-up 1 + + Start of related discussion thread: + + http://curl.haxx.se/mail/lib-2013-01/0012.html + + Asking for confirmation on pushing this revertion commit: + + http://curl.haxx.se/mail/lib-2013-01/0048.html + + Confirmation summary: + + http://curl.haxx.se/mail/lib-2013-01/0079.html + + NOTICE: The list of 2 files that have been modified by other + intermixed commits, while renamed, and also by at least one + of the 6 commits this one reverts follows below. These 2 files + will exhibit a hole in history unless git's '--follow' option + is used when viewing logs. + + lib/curl_imap.h + lib/curl_smtp.h + +Daniel Stenberg (6 Jan 2013) +- mk-ca-bundle.1: convert syntax to what's used elsewhere + + ... mostly to make sure roffit works better on it, but also to make our + man pages use a more unified style. + +- mk-ca-bundle.1: mention new -f, fix outputfile output + + also edited a few sentences to become more verbose + +- mk-ca-bundle: add -f, support passing to stdout and more + + 1. When the downloaded data file from Mozilla is current, but the output + bundle does not exist: continue processing to create the bundle. The + goal is to have the output file - not just download the latest input. + + 2. added -f option to force re-processing the file. Useful for + debugging/testing the process. + + 3. added support for output to '-' (stdout), allowing the output to be + piped. + + 4. All progress and error messages go to STDERR rather than STDOUT (3) + + 5. The script opened and closed the output file many times + unnecessarily. It now opens it once, does the output and closes it. + + 6. Backup of the input files happens after successful processing, not + before. + + 7. The output is written to a temporary file, and renamed to the + requested name after backup - this greatly reduces the window where the + file can be seen partially written. + + 8. all die calls have a \n at the end to suppress perl's traceback - the + traceback isn't useful to end users. + + Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html + +Yang Tse (5 Jan 2013) +- imap test server: fix typo in name of SELECT_imap() sub definition + + IMAP test server breaking typo introduced with commit b708a522a1 + +Steve Holme (4 Jan 2013) +- imap test server: Added support for the CAPABILITY command + + Added support for the CAPABILITY command in preparation of upcoming + changes. + +Daniel Stenberg (3 Jan 2013) +- writeout: -w now supports remote_ip/port and local_ip/port + + Added mention to the curl.1 man page. + + Test case 1223 verifies remote_ip/port. + +Yang Tse (3 Jan 2013) +- test 1222: 8 chars object name generation && test 1221: adjustments + +Daniel Stenberg (3 Jan 2013) +- INTERNALS: remove "footnote" never used + +Yang Tse (3 Jan 2013) +- build: commit 13606bbfde follow-up 1 + +Daniel Stenberg (3 Jan 2013) +- FAQ: Can I write a server with libcurl? + +Yang Tse (3 Jan 2013) +- build: rename 93 lib/*.c files + + 93 lib/*.c source files renamed to use our standard naming scheme. + + This commit only does the file renaming. + + ---------------------------------------- + + renamed: lib/amigaos.c -> lib/curl_amigaos.c + renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c + renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c + renamed: lib/axtls.c -> lib/curl_axtls.c + renamed: lib/base64.c -> lib/curl_base64.c + renamed: lib/bundles.c -> lib/curl_bundles.c + renamed: lib/conncache.c -> lib/curl_conncache.c + renamed: lib/connect.c -> lib/curl_connect.c + renamed: lib/content_encoding.c -> lib/curl_content_encoding.c + renamed: lib/cookie.c -> lib/curl_cookie.c + renamed: lib/cyassl.c -> lib/curl_cyassl.c + renamed: lib/dict.c -> lib/curl_dict.c + renamed: lib/easy.c -> lib/curl_easy.c + renamed: lib/escape.c -> lib/curl_escape.c + renamed: lib/file.c -> lib/curl_file.c + renamed: lib/fileinfo.c -> lib/curl_fileinfo.c + renamed: lib/formdata.c -> lib/curl_formdata.c + renamed: lib/ftp.c -> lib/curl_ftp.c + renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c + renamed: lib/getenv.c -> lib/curl_getenv.c + renamed: lib/getinfo.c -> lib/curl_getinfo.c + renamed: lib/gopher.c -> lib/curl_gopher.c + renamed: lib/gtls.c -> lib/curl_gtls.c + renamed: lib/hash.c -> lib/curl_hash.c + renamed: lib/hmac.c -> lib/curl_hmac.c + renamed: lib/hostasyn.c -> lib/curl_hostasyn.c + renamed: lib/hostcheck.c -> lib/curl_hostcheck.c + renamed: lib/hostip.c -> lib/curl_hostip.c + renamed: lib/hostip4.c -> lib/curl_hostip4.c + renamed: lib/hostip6.c -> lib/curl_hostip6.c + renamed: lib/hostsyn.c -> lib/curl_hostsyn.c + renamed: lib/http.c -> lib/curl_http.c + renamed: lib/http_chunks.c -> lib/curl_http_chunks.c + renamed: lib/http_digest.c -> lib/curl_http_digest.c + renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c + renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c + renamed: lib/http_proxy.c -> lib/curl_http_proxy.c + renamed: lib/idn_win32.c -> lib/curl_idn_win32.c + renamed: lib/if2ip.c -> lib/curl_if2ip.c + renamed: lib/imap.c -> lib/curl_imap.c + renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c + renamed: lib/inet_pton.c -> lib/curl_inet_pton.c + renamed: lib/krb4.c -> lib/curl_krb4.c + renamed: lib/krb5.c -> lib/curl_krb5.c + renamed: lib/ldap.c -> lib/curl_ldap.c + renamed: lib/llist.c -> lib/curl_llist.c + renamed: lib/md4.c -> lib/curl_md4.c + renamed: lib/md5.c -> lib/curl_md5.c + renamed: lib/memdebug.c -> lib/curl_memdebug.c + renamed: lib/mprintf.c -> lib/curl_mprintf.c + renamed: lib/multi.c -> lib/curl_multi.c + renamed: lib/netrc.c -> lib/curl_netrc.c + renamed: lib/non-ascii.c -> lib/curl_non_ascii.c + renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h + renamed: lib/nonblock.c -> lib/curl_nonblock.c + renamed: lib/nss.c -> lib/curl_nss.c + renamed: lib/nwlib.c -> lib/curl_nwlib.c + renamed: lib/nwos.c -> lib/curl_nwos.c + renamed: lib/openldap.c -> lib/curl_openldap.c + renamed: lib/parsedate.c -> lib/curl_parsedate.c + renamed: lib/pingpong.c -> lib/curl_pingpong.c + renamed: lib/polarssl.c -> lib/curl_polarssl.c + renamed: lib/pop3.c -> lib/curl_pop3.c + renamed: lib/progress.c -> lib/curl_progress.c + renamed: lib/qssl.c -> lib/curl_qssl.c + renamed: lib/rawstr.c -> lib/curl_rawstr.c + renamed: lib/rtsp.c -> lib/curl_rtsp.c + renamed: lib/security.c -> lib/curl_security.c + renamed: lib/select.c -> lib/curl_select.c + renamed: lib/sendf.c -> lib/curl_sendf.c + renamed: lib/share.c -> lib/curl_share.c + renamed: lib/slist.c -> lib/curl_slist.c + renamed: lib/smtp.c -> lib/curl_smtp.c + renamed: lib/socks.c -> lib/curl_socks.c + renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c + renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c + renamed: lib/speedcheck.c -> lib/curl_speedcheck.c + renamed: lib/splay.c -> lib/curl_splay.c + renamed: lib/ssh.c -> lib/curl_ssh.c + renamed: lib/sslgen.c -> lib/curl_sslgen.c + renamed: lib/ssluse.c -> lib/curl_ssluse.c + renamed: lib/strdup.c -> lib/curl_strdup.c + renamed: lib/strequal.c -> lib/curl_strequal.c + renamed: lib/strerror.c -> lib/curl_strerror.c + renamed: lib/strtok.c -> lib/curl_strtok.c + renamed: lib/strtoofft.c -> lib/curl_strtoofft.c + renamed: lib/telnet.c -> lib/curl_telnet.c + renamed: lib/tftp.c -> lib/curl_tftp.c + renamed: lib/timeval.c -> lib/curl_timeval.c + renamed: lib/transfer.c -> lib/curl_transfer.c + renamed: lib/url.c -> lib/curl_url.c + renamed: lib/version.c -> lib/curl_version.c + renamed: lib/warnless.c -> lib/curl_warnless.c + renamed: lib/wildcard.c -> lib/curl_wildcard.c + + ---------------------------------------- + +- build: make use of 93 lib/*.c renamed files + + 93 *.c source files renamed to use our standard naming scheme. + + This change affects 77 files in libcurl's source tree. + +Daniel Stenberg (3 Jan 2013) +- INSTALL: unify the SSL library texts + + Make them smaller and more similar for each separate SSL library + supported by the configure build + +Yang Tse (2 Jan 2013) +- curl_setup.h: remove redundant include guard + +- build and tests: curl_10char_object_name() shell function + + lib/objnames.inc provides definition of curl_10char_object_name() shell + function. The intended purpose of this function is to transliterate a + (*.c) source file name that may be longer than 10 characters, or not, + into a string with at most 10 characters which may be used as an OS/400 + object name. + + Test case 1221 does unit testng of this function and also verifies + that it is possible to generate distinct short object names for all + curl and libcurl *.c source file names. + + lib/objnames-test.sh is the shell script used for test case 1221. + + tests/runtests.pl modified to accept shell script test cases. + + More details inside lib/objnames.inc and lib/objnames-test.sh + +- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + + automake 1.13 errors if AM_CONFIG_HEADER is used in configure script. + automake 1.13 no longer autoupdates AM_CONFIG_HEADER to + AC_CONFIG_HEADERS, thing which automake has been doing since automake + version 1.7 + + Given that our first automake supported version is automake 1.7, + simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems + enough to yet support same automake versions. + + Dave Reisner reported issue with 1.13 and provided patch. + + http://curl.haxx.se/mail/lib-2012-12/0246.html + +- curl-override.m4: provide AC_CONFIG_MACRO_DIR definition conditionally + + Provide a 'traceable' AC_CONFIG_MACRO_DIR definition only when using + an autoconf version that does not provide it, instead of what we were + doing up to now of providing and overriding AC_CONFIG_MACRO_DIR for + all autoconf versions. + +Steve Holme (30 Dec 2012) +- imap.c: Minor follow up tidy up + +- imap: Code tidy up prior to adding support for the CAPABILITY command + + * Changing the order of the state machine to represent the order in + which commands are sent to the server. + + * Reworking the imap_endofresp() function as the FETCH response doesn't + include the command id and shouldn't be part of the length comparison + that takes into account the id string. + +- pop3_doing: Applied debug info message when function fails + + Applied the same debug message as used in smtp_doing() and imap_doing() + when pop3_multi_statemach() fails. + +- imap_doing: don't call imap_dophase_done() if already failed + + Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done() + isn't called if imap_multi_statemach() fails. + +- smtp_doing: don't call smtp_dophase_done() if already failed + + Applied the POP3 fix from commit 2897ce7dc2e1 so smtp_dophase_done() + isn't called if smtp_multi_statemach() fails. + +Yang Tse (29 Dec 2012) +- examples/certinfo.c: fix compiler warning + +Steve Holme (29 Dec 2012) +- pop3.c: Removed unnecessary POP3_STOP state changes + + Removed unnecessary state changes in pop3_state_starttls_resp() + following previous fix in IMAP module. + +- smtp.c: Added extra comments around SMTP_STOP state change + + Provided extra comments in the SMTP module following previous IMAP fix. + +- imap.c: Fixed bad state error when logging in with invalid credentials + + Fixed a problem with the state machine when attempting to log in with + invalid credentials. The server would report login failure but libcurl + would not read the response due to inappropriate IMAP_STOP states being + set after the login was sent. + +Yang Tse (29 Dec 2012) +- imap.c: remove trailing whitespace + +Steve Holme (28 Dec 2012) +- imap.c: Code tidy up - Part 2 + +- imap.c: Code tidy up - Part 1 + + Applied some of the comment and layout changes that had already been + applied to the pop3 and smtp code over the last 6 to 9 months. + + This is in preparation of adding SASL based authentication. + +- pop3.c: Minor code tidy up + + Minor tidy up of comments and layout prior to next part of imap work. + +- smtp: Minor code tidy up + + Minor tidy up of comments and layout prior to next part of imap work. + +- curl_imap.h: Tidy up of comments to be more readable + +- imap.c: Code tidy up renaming imapsendf() to imap_sendf() + + Renamed imapsendf() to imap_sendf() to be more in keeping with the + other imap functions as well as Curl_pp_sendf() that it replaces. + +Yang Tse (28 Dec 2012) +- build: rename 76 lib/*.h files + + 76 private header files renamed to use our standard naming scheme. + + This commit only does the file renaming. + + ---------------------------------------- + + renamed: amigaos.h -> curl_amigaos.h + renamed: arpa_telnet.h -> curl_arpa_telnet.h + renamed: asyn.h -> curl_asyn.h + renamed: axtls.h -> curl_axtls.h + renamed: bundles.h -> curl_bundles.h + renamed: conncache.h -> curl_conncache.h + renamed: connect.h -> curl_connect.h + renamed: content_encoding.h -> curl_content_encoding.h + renamed: cookie.h -> curl_cookie.h + renamed: cyassl.h -> curl_cyassl.h + renamed: dict.h -> curl_dict.h + renamed: easyif.h -> curl_easyif.h + renamed: escape.h -> curl_escape.h + renamed: file.h -> curl_file.h + renamed: fileinfo.h -> curl_fileinfo.h + renamed: formdata.h -> curl_formdata.h + renamed: ftp.h -> curl_ftp.h + renamed: ftplistparser.h -> curl_ftplistparser.h + renamed: getinfo.h -> curl_getinfo.h + renamed: gopher.h -> curl_gopher.h + renamed: gtls.h -> curl_gtls.h + renamed: hash.h -> curl_hash.h + renamed: hostcheck.h -> curl_hostcheck.h + renamed: hostip.h -> curl_hostip.h + renamed: http.h -> curl_http.h + renamed: http_chunks.h -> curl_http_chunks.h + renamed: http_digest.h -> curl_http_digest.h + renamed: http_negotiate.h -> curl_http_negotiate.h + renamed: http_proxy.h -> curl_http_proxy.h + renamed: if2ip.h -> curl_if2ip.h + renamed: imap.h -> curl_imap.h + renamed: inet_ntop.h -> curl_inet_ntop.h + renamed: inet_pton.h -> curl_inet_pton.h + renamed: krb4.h -> curl_krb4.h + renamed: llist.h -> curl_llist.h + renamed: memdebug.h -> curl_memdebug.h + renamed: multiif.h -> curl_multiif.h + renamed: netrc.h -> curl_netrc.h + renamed: non-ascii.h -> curl_non-ascii.h + renamed: nonblock.h -> curl_nonblock.h + renamed: nssg.h -> curl_nssg.h + renamed: parsedate.h -> curl_parsedate.h + renamed: pingpong.h -> curl_pingpong.h + renamed: polarssl.h -> curl_polarssl.h + renamed: pop3.h -> curl_pop3.h + renamed: progress.h -> curl_progress.h + renamed: qssl.h -> curl_qssl.h + renamed: rawstr.h -> curl_rawstr.h + renamed: rtsp.h -> curl_rtsp.h + renamed: select.h -> curl_select.h + renamed: sendf.h -> curl_sendf.h + renamed: setup.h -> curl_setup.h + renamed: setup_once.h -> curl_setup_once.h + renamed: share.h -> curl_share.h + renamed: slist.h -> curl_slist.h + renamed: smtp.h -> curl_smtp.h + renamed: sockaddr.h -> curl_sockaddr.h + renamed: socks.h -> curl_socks.h + renamed: speedcheck.h -> curl_speedcheck.h + renamed: splay.h -> curl_splay.h + renamed: ssh.h -> curl_ssh.h + renamed: sslgen.h -> curl_sslgen.h + renamed: ssluse.h -> curl_ssluse.h + renamed: strdup.h -> curl_strdup.h + renamed: strequal.h -> curl_strequal.h + renamed: strerror.h -> curl_strerror.h + renamed: strtok.h -> curl_strtok.h + renamed: strtoofft.h -> curl_strtoofft.h + renamed: telnet.h -> curl_telnet.h + renamed: tftp.h -> curl_tftp.h + renamed: timeval.h -> curl_timeval.h + renamed: transfer.h -> curl_transfer.h + renamed: url.h -> curl_url.h + renamed: urldata.h -> curl_urldata.h + renamed: warnless.h -> curl_warnless.h + renamed: wildcard.h -> curl_wildcard.h + + ---------------------------------------- + +- build: make use of 76 lib/*.h renamed files + + 76 private header files renamed to use our standard naming scheme. + + This change affects 322 files in libcurl's source tree. + +- lib/*.h: use our standard naming scheme for header inclusion guards + +Steve Holme (28 Dec 2012) +- imsp.c: Fixed usernames and passwords that contain escape characters + + Fixed a problem with sending usernames and passwords that contain + backslash, quotation mark and space characters. + +Daniel Stenberg (27 Dec 2012) +- curl.1: extend the -X, --request description + +- RELEASE-NOTES: synced with e3ed2b82e6 + +- [Nick Zitzmann brought this change] + + darwinssl: Fixed inability to disable peer verification + + ... on Snow Leopard and Lion + + Snow Leopard introduced the SSLSetSessionOption() function, but it + doesn't disable peer verification as expected on Snow Leopard or + Lion (it works as expected in Mountain Lion). So we now use sysctl() + to detect whether or not the user is using Snow Leopard or Lion, + and if that's the case, then we now use the deprecated + SSLSetEnableCertVerify() function instead to disable peer verification. + +Yang Tse (26 Dec 2012) +- curl tool: rename hugehelp files to tool_hugehelp + +- curl tool: renaming hugehelp files to tool_hugehelp + +- sockfilt.c: commit b44da5a82a follow-up 2 + +- sockfilt.c: commit b44da5a82a follow-up + +- sockfilt.c: fix some compiler warnings + +- curl_multi_remove_handle: commit 0aabfd9963 follow-up + +Daniel Stenberg (25 Dec 2012) +- lib556: enable VERBOSE to ease debugging on failures + +Marc Hoersken (25 Dec 2012) +- socklift.c: Quick fix to re-add missing code + +- socklift.c: Added select_ws function to support Windows + + WinSock select() does not support standard file descriptors, + it can only check SOCKETs. The following function is an attempt + to create a select() function with support for other handles. + +Yang Tse (25 Dec 2012) +- Enable tests 1503, 1504 and 1505 + +- curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE + +- Curl_hash_clean: OOM handling fix + +- test 1504 and 1505: same as 1502 but with different cleanup sequences + +Daniel Stenberg (24 Dec 2012) +- Curl_conncache_foreach: allow callback to break loop + + ... and have it take a proper 'struct connectdata *' as first argument + +- pop3_doing: don't call pop3_dophase_done() if already failed + + ... it also clobbered the 'result' return value so that it wouldn't + return the error back to the parent function properly, which broke test + 809 when run with 'multi-always'. + +Yang Tse (23 Dec 2012) +- test 1503: same as 1502 but with a different cleanup sequence + +- test 1502: OOM handling fixes + +- curl_multi_wait: OOM handling fix + +- [Daniel Stenberg brought this change] + + curl_multi_wait: avoid an unnecessary memory allocation + +- runtests.pl: prepend $srcdir to HTTPTLS server config files path + +- multi.c: OOM handling fix + +- lib543.c: OOM handling fixes + +- configure: add internal sanity check (warn only) on vars for makefiles + +Daniel Stenberg (21 Dec 2012) +- SCP: relative path didn't work + + When prefixing a path with /~/ it is supposed to be used relative to the + user's home directory but it didn't work. Now we cut off the entire + three byte sequenct "/~/" which seems to be how OpenSSH does it. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1173 + Reported by: Balaji Parasuram + +Yang Tse (21 Dec 2012) +- configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS + +- configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS + +- bundles connection caching: some out of memory handling fixes + +- libntlmconnect.c: fix compiler warnings and OOM handling + +- configure.ac: clear local test intended variables before use + +- VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c) + +- curl-functions.m4: improve gethostname arg 2 data type check + +- setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions. + + Also reverts commit f254c59dc7 + +- configure: check if compiler halts on function prototype mismatch + +- warnless.c: fix compiler warnings + +- curl-functions.m4: add gethostname arg 2 data type check and definition + +Daniel Stenberg (14 Dec 2012) +- [Nick Zitzmann brought this change] + + darwinssl: Fix implicit conversion compiler warnings + + The Clang compiler found a few implicit conversion problems that have + now been fixed. + +Yang Tse (14 Dec 2012) +- setup_once.h: HP-UX <sys/socket.h> issue workaround + + Issue: When building a 32bit target with large file support HP-UX + <sys/socket.h> header file may simultaneously provide two different + sets of declarations for sendfile and sendpath functions, one with + static and another with external linkage. Given that we do not use + mentioned functions we really don't care which linkage is the + appropriate one, but on the other hand, the double declaration emmits + warnings when using the HP-UX compiler and errors when using modern + gcc versions resulting in fatal compilation errors. + + Mentioned issue is now fixed as long as we don't use sendfile nor + sendpath functions. + +- setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h> + + Inclusion of top two most included header files now done in setup_once.h + +- setup_once.h: HP-UX specific TRUE and FALSE definitions + + Some HP-UX system headers require TRUE defined to 1 and FALSE to 0. + +Daniel Stenberg (12 Dec 2012) +- gopher: #include cleanup + + Remove all system file includes from this file as they're not needed + + Reported by: Dan Fandrich + +Yang Tse (11 Dec 2012) +- examples/simplessl.c: fix compiler warning + +- examples/externalsocket.c: fix SunPro compilation issue + +- examples/simplessl.c: fix compiler warning + +- build: add bundles and conncache files to other build systems + +- conncache: fix enumerated type mixed with another type + +- examples/anyauthput.c: fix Tru64 compilation issue + +Daniel Stenberg (8 Dec 2012) +- [Colin Watson brought this change] + + configure: fix cross pkg-config detection + + When cross-compiling, CURL_CHECK_PKGCONFIG was checking for the cross + pkg-config using ${host}-pkg-config. + + The gold standard for doing this correctly is pkg-config's own macro, + PKG_PROG_PKG_CONFIG. However, on the assumption that you have a good + reason not to use that directly (reduced dependencies for maintainer + builds?), the behaviour of cURL's version should at least match. + PKG_PROG_PKG_CONFIG uses AC_PATH_TOOL, which ultimately ends up trying + ${host_alias}-pkg-config; this is not quite the same as what cURL does, + and may differ because ${host} has been run through config.sub. For + instance, when cross-building to the armhf architecture on Ubuntu, + ${host_alias} is arm-linux-gnueabihf while ${host} is + arm-unknown-linux-gnueabihf. This may also have been the cause of the + problem reported at http://curl.haxx.se/mail/lib-2012-04/0224.html. + + AC_PATH_TOOL is significantly simpler than cURL's current code, and + dates back to well before the current minimum of Autoconf 2.57, so let's + use it instead. + +- [Linus Nielsen Feltzing brought this change] + + Introducing a new persistent connection caching system using "bundles". + + A bundle is a list of all persistent connections to the same host. + The connection cache consists of a hash of bundles, with the + hostname as the key. + The benefits may not be obvious, but they are two: + + 1) Faster search for connections to reuse, since the hash + lookup only finds connections to the host in question. + 2) It lays out the groundworks for an upcoming patch, + which will introduce multiple HTTP pipelines. + + This patch also removes the awkward list of "closure handles", + which were needed to send QUIT commands to the FTP server + when closing a connection. + Now we allocate a separate closure handle and use that + one to close all connections. + + This has been tested in a live system for a few weeks, and of + course passes the test suite. + +- [Fabian Keil brought this change] + + runtests and friends: Do not add undefined values to @INC + + On FreeBSD this fixes the warning: + Use of uninitialized value $p in string eq at /usr/local/lib/perl5/5.14.2/BSDPAN/BSDPAN.pm line 36. + +Steve Holme (5 Dec 2012) +- Merge pull request #52 from isn-/master + + small compilation fix + +Stanislav Ivochkin (5 Dec 2012) +- build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag + +Yang Tse (5 Dec 2012) +- libtest: fix some compiler warnings + +- examples: fix compilation issues - commit 7332a7cafb follow-up + +- examples: fix compilation issues - commit 23f8dca6fb follow-up + +- examples: fix compilation issues + +- build: explain current role of LIBS in our Makefile.am files + + BLANK_AT_MAKETIME may be used in our Makefile.am files to blank + LIBS variable used in generated makefile at makefile processing + time. Doing this functionally prevents LIBS from being used for + all link targets in given makefile. + +Daniel Stenberg (4 Dec 2012) +- multi: fix re-sending request on early connection close + + This handling already works with the easy-interface code. When a request + is sent on a re-used connection that gets closed by the server at the + same time as the request is sent, the situation may occur so that we can + send the request and we discover the broken connection as a RECV_ERROR + in the PERFORM state and then the request needs to be retried on a fresh + connection. Test 64 broke with 'multi-always-internally'. + +Yang Tse (4 Dec 2012) +- configure: add minimal sanity check on user provided LIBS and LDFLAGS + +- build: prevent global LIBS from influencing src and lib build targets + + Currently, LIBS is already used through other macros. + +Kamil Dudka (3 Dec 2012) +- nss: prevent NSS from crashing on client auth hook failure + + Although it is not explicitly stated in the documentation, NSS uses + *pRetCert and *pRetKey even if the client authentication hook returns + a failure. Namely, if we destroy *pRetCert without clearing *pRetCert + afterwards, NSS destroys the certificate once again, which causes a + double free. + + Reported by: Bob Relyea + +Yang Tse (30 Nov 2012) +- testcurl.pl: build example programs for several autobuilds + + Affected autobuilds: IRIX, AIX, Tru64 and AIX. + +- build: prevent global LIBS from influencing examples build targets + +- build: prevent global LIBS from influencing libtest build targets + +- build: prevent global LIBS from influencing test server build targets + +- build: fix Windows build targets damaged since commit 550e403f00 + +- build: avoid linkage of directly unused libraries + +- dd missing NTLM feature for tests 2025, and 2028 to 2032 + +- avoid mixing of enumerated type with another type + +- multi.c: disambiguate precedence of bitwise and relational operation + +Daniel Stenberg (26 Nov 2012) +- [Fabian Keil brought this change] + + Remove stray CRLF in chunk-encoded content-free request bodies + + .. that are sent when auth-negotiating before a chunked + upload or when setting the 'Transfer-Encoding: chunked' + header and intentionally sending no content. + + Adjust test565 and test1333 accordingly. + +- FAQ: clarify the 3.4 section + + You can do custom commands to FTP without sending anything by using the + CURLOPT_NOBODY, which -I sets. + +- [Lijo Antony brought this change] + + examples: Updated asiohiper.cpp to remove connect from opensocket + + Blocking connect on the socket has been removed from opensocket + callback. opensocket just opens a new socket and gives it back to + libcurl and libcurl will take care of the connect. sockopt_callback has + also been removed, as it is no longer required. + +Yang Tse (23 Nov 2012) +- build: fix AIX compilation and usage + + AIX sys/poll.h header file defines 'events' and 'revents' as C + preprocessor macros. Usage of these literals in libcurl's external + API was introduced in commit de24d7bd4c causing AIX build failures. + Appropriate inclusion of sys/poll.h by libcurl's external interface + fixes AIX build and usage issues while avoiding a SONAME bump. + +Steve Holme (23 Nov 2012) +- DOCS: Updated CURLOPT_CONNECT_ONLY to reflect usage in other protocols + +Daniel Stenberg (23 Nov 2012) +- test: offer "automake" output and check for perl better + + runtests.pl -am now uses the "PASS/FAIL: [desc]" output for each + executed test. You can run 'make test-am' in the root build directory to + invoke that. The reason for this output style is to better allow generic + test suite parsers to also grok our test output. + + The test Makefile now also tests that perl was indeed found and that the + PERL variable points to an executable before it tries to run the main + test perl script runtests.pl, + +- [Fabian Keil brought this change] + + Test 206: Use a Content-Length header for the 407 response + + Otherwise curl would have to guess where the body ends. + +- [Fabian Keil brought this change] + + Test 206: Don't respond to a succesful CONNECT request with a body + + It's against the spec and caused test failures when header + and response were read from the network separately in which + case bug #39 wasn't triggered. + +- htmltitle: use .cpp extension for C++ examples + +- [Lijo Antony brought this change] + + examples: Added a c++ example of using multi with boost::asio + + Added an example for demonstrating the usage of curl multi interface + with boost::asio in c++ + +- VC Makefiles: add missing hostcheck + + the newly introduced hostcheck.h/c is missing in the Visual Studio + Makefiles as obj file. + + Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html + +- compiler warning fixes + + The conversions from ssize_t to int need to be typecasted. + +- bump: start working on 7.28.2 + +- THANKS: added 14 contributors from the 7.28.1 release + +Version 7.28.1 (20 Nov 2012) + +Daniel Stenberg (20 Nov 2012) +- RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1 + +Kamil Dudka (20 Nov 2012) +- [Anthony Bryan brought this change] + + RELEASE-NOTES: NSS can be used for metalink hashing + +- [Fabian Keil brought this change] + + Get test 2032 working when using valgrind + + If curl_multi_fdset() sets maxfd to -1, the socket detection + loop is skipped and thus !found_new_socket is no cause for alarm. + +- test2032: spurious failure caused by premature termination + + Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html + +Daniel Stenberg (19 Nov 2012) +- [Fabian Keil brought this change] + + Fix comment typos in test 517 + +- [Fabian Keil brought this change] + + Test 92 and 194: normalize spaces in the Server headers + + It makes no difference from curl's point of view but + makes it more convenient to use the tests with a + lws-normalizing proxy between curl and the test server. + +- [Fabian Keil brought this change] + + Add a HOSTIP precheck for tests 31 and 1105 + + They currently only work for 127.0.0.1 which + is hardcoded and can't be easily changed. + +- [Fabian Keil brought this change] + + Let test 8 work as long as %HOSTIP ends with ".0.0.1" + + .. and add a precheck to skip the test otherwise. + +- [Fabian Keil brought this change] + + Add --resolve to the keywords and name of test 1318 + + This makes it easier to skip it automatically when + the test suite is used with external proxies. + +- [Fabian Keil brought this change] + + Add FTP keywords for a couple of currently keyword-less FTP tests + +- [Fabian Keil brought this change] + + Add keywords for a couple of currently keyword-less HTTP tests + +- [Fabian Keil brought this change] + + Use carriage returns in all headers in test 31 + + Trailing spaces were left unmodifed, assuming they were intentional. + +- [Fabian Keil brought this change] + + Do not mix CRLF and LF header endings in a couple of HTTP tests + + Consistently use CRLF instead. The mixed endings weren't + documented so I assume they were unintentional. + + This change doesn't matter for curl itself but makes using + the tests with a proxy between curl and the test server + more convenient. + + Tests that consistently use no carriage returns were + left unmodified as one can easily work around this. + +- fixed memory leak: CURLOPT_RESOLVE with multi interface + + DNS cache entries populated with CURLOPT_RESOLVE were not properly freed + again when done using the multi interface. + + Test case 1502 added to verify. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3575448 + Reported by: Alex Gruz + +- RELEASE-NOTES: synced with ee588fe08807778 + + 4 more bug fixes and 4 more contributors + +- mem-include-scan: verify memory #includes + + If we use memory functions (malloc, free, strdup etc) in C sources in + libcurl and we fail to include curl_memory.h or memdebug.h we either + fail to properly support user-provided memory callbacks or the memory + leak system of the test suite fails. + + After Ajit's report of a failure in the first category in http_proxy.c, + I spotted a few in the second category as well. These problems are now + tested for by test 1132 which runs a perl program that scans for and + attempts to check that we use the correct include files if a memory + related function is used in the source code. + + Reported by: Ajit Dhumale + Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html + +- tftp_rx: code style cleanup + + Fixed checksrc warnings + +- [Fabian Keil brought this change] + + Fix the libauthretry changes from 7c0cbcf2f61 + + They broke the NTLM tests from 2023 to 2031. + +- [Christian Vogt brought this change] + + tftp_rx: handle resends + + Re-send ACK for block X in case we receive block X data again while + waiting for block X+1. + + Based on an earlier patch by Marcin Adamski. + +- autoconf: don't force-disable compiler debug option + + When nothing is told to configure, we should not enforce switching off + debug options with -g0 (or similar). We instead don't use -g at all in + that situaion and therefore allow the user's CFLAGS settings possibly + dictate what to do. + +- [Mark Snelling brought this change] + + winbuild: Fix PDB file output + + And fix some newlines to be proper CRLF + + Bug: http://curl.haxx.se/bug/view.cgi?id=3586741 + +- RELEASE-NOTES: synced with fa1ae0abcde + +- [Cristian Rodríguez brought this change] + + OpenSSL: Disable SSL/TLS compression + + It either causes increased memory usage or exposes users + to the "CRIME attack" (CVE-2012-4929) + +- [Sebastian Rasmussen brought this change] + + FILE: Make upload-writes unbuffered by not using FILE streams + +Kamil Dudka (13 Nov 2012) +- tool_metalink: fix error detection of hash alg initialization + + The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly + without any wrappers and they return 1 for success, 0 otherwise. Hence, + we have to use the same approach in all the wrapper functions that are + used for the other crypto libraries. + + This commit fixes a regression introduced in commit dca8ae5f. + +Daniel Stenberg (13 Nov 2012) +- RELEASE-NOTES: synced with 7c0cbcf2f617b + +- [Sergei Nikulov brought this change] + + fixed Visual Studio 2010 compilation + +- [Anton Malov brought this change] + + ftp: EPSV-disable fix over SOCKS + + Bug: http://curl.haxx.se/bug/view.cgi?id=3586338 + +Patrick Monnerat (12 Nov 2012) +- Merge branch 'master' of github.com:bagder/curl + +- OS400: upgrade wrappers for the 7.28.1 release. + +Daniel Stenberg (12 Nov 2012) +- runtests: limit execessive logging/output + +- [Gabriel Sjoberg brought this change] + + Digst: Add microseconds into nounce calculation + + When using only 1 second precision, curl doesn't create new cnonce + values quickly enough for all uses. + + For example, issuing the following command multiple times to a recent + Tomcat causes authentication failures: + + curl --digest -utest:test http://tomcat.test.com:8080/manager/list + + This is because curl uses the same cnonce for several seconds, but + doesn't increment the nonce counter. Tomcat correctly interprets + this as a replay attack and rejects the request. + + When microsecond-precision is available, this commit causes curl to + change cnonce values much more frequently. + + With microsecond resolution, increasing the nounce length used in the + headers to 32 was made to further reduce the risk of duplication. + +- SCP/SFTP: improve error code used for send failures + + Instead of relying on the generic CURLE error for SCP or SFTP send + failures, try passing back a more suitable error if possible. + +- Curl_write: remove unneeded typecast + +Kamil Dudka (9 Nov 2012) +- tool_metalink: allow to use hash algorithms provided by NSS + + Fixes bug #3578163: + http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976 + +- tool_metalink: allow to handle failure of hash alg initialization + +- tool_metalink: introduce metalink_cleanup() in the internal API + + ... to release resources allocated at global scope + +Daniel Stenberg (8 Nov 2012) +- hostcheck: only build for the actual users + + and make local function static + +- [Oscar Koeroo brought this change] + + SSL: Several SSL-backend related fixes + + axTLS: + + This will make the axTLS backend perform the RFC2818 checks, honoring + the VERIFYHOST setting similar to the OpenSSL backend. + + Generic for OpenSSL and axTLS: + + Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c + files to make them genericly available for both the OpenSSL, axTLS and + other SSL backends. They are now in the new lib/hostcheck.c file. + + CyaSSL: + + CyaSSL now also has the RFC2818 checks enabled by default. There is a + limitation that the verifyhost can not be enabled exclusively on the + Subject CN field comparison. This SSL backend will thus behave like the + NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: + setting verifyhost to 0 or 1 will disable the Subject Alt Names checks + too. + + Schannel: + + Updated the schannel information messages: Split the IP address usage + message from the verifyhost setting and changed the message about + disabling SNI (Server Name Indication, used in HTTP virtual hosting) + into a message stating that the Subject Alternative Names checks are + being disabled when verifyhost is set to 0 or 1. As a side effect of + switching off the RFC2818 related servername checks with + SCH_CRED_NO_SERVERNAME_CHECK + (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature + is being disabled. This effect is not documented in MSDN, but Wireshark + output clearly shows the effect (details on the libcurl maillist). + + PolarSSL: + + Fix the prototype change in PolarSSL of ssl_set_session() and the move + of the peer_cert from the ssl_context to the ssl_session. Found this + change in the PolarSSL SVN between r1316 and r1317 where the + POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu + PolarSSL version 1.1.4 the check is to discriminate between lower then + PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN + trunk jumped from version 1.1.1 to 1.2.0. + + Generic: + + All the SSL backends are fixed and checked to work with the + ssl.verifyhost as a boolean, which is an internal API change. + +- libcurl: VERSIONINFO update + + Since we added the curl_multi_wait function, the VERSIONINFO needed + updating. + + Reported by: Patrick Monnerat + +Guenter Knauf (8 Nov 2012) +- Added .def file to output. + + Requested by Johnny Luong on the libcurl list. + +- Added deps for static metalink-aware MinGW builds. + +Daniel Stenberg (8 Nov 2012) +- [Fabian Keil brought this change] + + Fix compilation of lib1501 + +- Curl_readwrite: remove debug output + + The text "additional stuff not fine" text was added for debug purposes a + while ago, but it isn't really helping anyone and for some reason some + Linux distributions provide their libcurls built with debug info still + present and thus (far too many) users get to read this info. + +- RELEASE-NOTES: synced with 487538e87a3d5e + + 6 new bugfixes and 3 more contributors... + +- http_perhapsrewind: consider NTLM over proxy too + + The logic previously checked for a started NTLM negotiation only for + host and not also with proxy, leading to problems doing POSTs over a + proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the + check. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582321 + Reported by: John Suprock + +- [Lars Buitinck brought this change] + + Curl_connecthost: friendlier "couldn't connect" message + +- test1413: verify redirects to URLs with fragments + + The bug report claimed it didn't work. This problem was probably fixed + in 473003fbdf. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3581898 + +- URL parser: cut off '#' fragments from URLs (better) + + The existing logic only cut off the fragment from the separate 'path' + buffer which is used when sending HTTP to hosts. The buffer that held + the full URL used for proxies were not dealt with. It is now. + + Test case 5 was updated to use a fragment on a URL over a proxy. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579813 + +- OpenSSL/servercert: use correct buffer size, not size of pointer + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579286 + +- curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable + +- test 2027/2030: take duplicate Digest requests into account + + With the reversion of ce8311c7e49eca and the new clear logic, this flaw + is present and we allow it. + +- Curl_pretransfer: clear out unwanted auth methods + + As a handle can be re-used after having done HTTP auth in a previous + request, it must make sure to clear out the HTTP types that aren't + wanted in this new request. + +- test1412: verify Digest with repeated URLs + + This test case verifies that bug 3582718 is fixed. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582718 + Reported by: Nick Zitzmann (originally) + +- Revert "Zero out auth structs before transfer" + + This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97. + + The commit made test 2024 work but caused a regression with repeated + Digest authentication. We need to fix this differently. + +- CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value + + After a research team wrote a document[1] that found several live source + codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST + option thinking it was a boolean, this change now bans 1 as a value and + will make libcurl return error for it. + + 1 was never a sensible value to use in production but was introduced + back in the days to help debugging. It was always documented clearly + this way. + + 1 was never supported by all SSL backends in libcurl, so this cleanup + makes the treatment of it unified. + + The report's list of mistakes for this option were all PHP code and + while there's a binding layer between libcurl and PHP, the PHP team has + decided that they have an as thin layer as possible on top of libcurl so + they will not alter or specifically filter a 'TRUE' value for this + particular option. I sympathize with that position. + + [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/ + +- gnutls: fix compiler warnings + +- [Alessandro Ghedini brought this change] + + gnutls: print alerts during handshake + +- [Alessandro Ghedini brought this change] + + gnutls: fix the error_is_fatal logic + +- RELEASE-NOTES: synced with fa6d78829fd30ad + +- httpcustomheader.c: free the headers after use + +- [Dave Reisner brought this change] + + uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES + + Since automake 1.12.4, the warnings are issued on running automake: + + warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') + + Avoid INCLUDES and roll these flags into AM_CPPFLAGS. + + Compile tested on: + Ubuntu 10.04 (automake 1:1.11.1-1) + Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2) + Arch Linux (automake 1.12.4) + +- libauthretry.c: shorten lines to fit within 80 cols + +- ftp_readresp: fix build without krb4 support + + Oops, my previous commit broke builds with krb support. + +- test/README: mention the 1500 test number range + +- FTP: prevent the multi interface from blocking + + As pointed out in Bug report #3579064, curl_multi_perform() would + wrongly use a blocking mechanism internally for some commands which + could lead to for example a very long block if the LIST response never + showed. + + The solution was to make sure to properly continue to use the multi + interface non-blocking state machine. + + The new test 1501 verifies the fix. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579064 + Reported by: Guido Berhoerster + +Marc Hoersken (1 Nov 2012) +- winbuild: Use machine type of development environment + + This patch restores the original behavior instead of always + falling back to x86 if no MACHINE-type was specified. + +- winbuild: Additional clean up + +- [Sapien2 brought this change] + + Even more winbuild refactoring + +- [Sapien2 brought this change] + + Minor winbuild refactoring + +- [Sapien2 brought this change] + + Architecture selection for winbuild and minor makefiles refactoring + +Daniel Stenberg (1 Nov 2012) +- BUGS: fix the bug tracker URL + + The URL we used before is the one that goes directly to 'add' a bug + report, but since you can only do that after first having logged in to + sourceforge, the link often doesn't work for visitors. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582408 + Reported by: Oscar Norlander + +- evhiperfifo: fix the pointer passed to WRITEDATA + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582407 + Reported by: Oscar Norlander + +Guenter Knauf (1 Nov 2012) +- Fixed MSVC libssh2 static build. + + Since libssh2 supports now agent stuff it also depends on user32.lib. + Posted to the list by Jan Ehrhardt. + +Daniel Stenberg (23 Oct 2012) +- tlsauthtype: deal with the string case insensitively + + When given a string as 'srp' it didn't work, but required 'SRP'. + Starting now, the check disregards casing. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 + Reported by: Jeff Connelly + +- asyn-ares: restore working with c-ares < 1.6.1 + + Back in those days the public ares.h header didn't include the + ares_version.h header so it needs to be included here. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3577710 + +- [Nick Zitzmann brought this change] + + metalink/md5: Use CommonCrypto on Apple operating systems + + Previously the Metalink code used Apple's CommonCrypto library only if + curl was built using the --with-darwinssl option. Now we use CommonCrypto + on all Apple operating systems including Tiger or later, or iOS 5 or + later, so you don't need to build --with-darwinssl anymore. Also rolled + out this change to libcurl's md5 code. + +- href_extractor.c: fix the URL + +- [Michał Kowalczyk brought this change] + + href_extractor: example code extracting href elements + + It does so in a streaming manner using the "Streaming HTML parser". + +- [Nick Zitzmann brought this change] + + darwinssl: un-broke iOS build, fix error on server disconnect + + The iOS build was broken by a reference to a function that only existed + under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the + server disconnected before libcurl got the chance to hang up first and + SecureTransport was in use, then we'd raise an error instead of failing + gracefully. + +- [Alessandro Ghedini brought this change] + + gnutls: put reset code into else block + + Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551 + +Guenter Knauf (13 Oct 2012) +- Fix now broken libmetalink-aware OpenSSL build. + +- Revert c44e674; add OpenSSL includes/defines. + + The makefile is designed to build against a libmetalink devel package; + therefore is does not matter what will change inside libmetalink. + Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds. + +Daniel Stenberg (10 Oct 2012) +- version-bump: towards 7.28.1! + +- THANKS: 14 new contributors from 7.28.0 + +Version 7.28.0 (10 Oct 2012) + +Daniel Stenberg (10 Oct 2012) +- RELEASE-NOTES: synced with 8373ca3641 + + One bug, one contributor. Getting ready for release. + +- curl_multi_wait: no wait if no descriptors to wait for + + This is a minor change in behavior after having been pointed out by Mark + Tully and discussed on the list. Initially this case would internally + call poll() with no sockets and a timeout which would equal a sleep for + that specified time. + + Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html + Reported by: Mark Tully + +- TODO-RELEASE: cleanup for 7.28.0 + + one issue is now KNOWN_BUG #79 + + the other we just skip since nobody is working on it or is planning to + start working on it anytime soon + +- curl_multi_wait.3: style formatting mistake + +Marc Hoersken (8 Oct 2012) +- ssluse.c: md5.h is required for Curl_ossl_md5sum + +Daniel Stenberg (8 Oct 2012) +- curl_multi_wait.3: fix the name of the man page + +- curl_multi_wait.3: renamed the last argument variable for clarity + +Marc Hoersken (6 Oct 2012) +- curl_schannel.c: Fixed caching more data than required + + Do not fill the decrypted data buffer with more data unless + required in order to return the requested amount of data. + +- curl_schannel: Removed buffer limit and optimized buffer strategy + + Since there are servers that seem to return very big encrypted + data packages, we need to be able to handle those without having + an internal size limit. To avoid the buffer growing to fast to + early the initial size was decreased and the minimum free space + in the buffer was decreased as well. + +- lib/socks.c: Merged two size variables into one + +- lib/socks.c: Avoid type conversions where possible + + Streamlined variable names and types to avoid type conversions that + may result in data being lost on non 32-bit systems. + +- lib/curl_schannel.c: Hide size_t conversion warning + +- krb5/curl_rtmp.c: Hide size_t to int type conversion warning + +- security.c: Aligned internal type to return type + + Use ssize_t instead of int to avoid conversion problems on 64-bit + systems. Also added curlx_sztosi where necessary. + +- lib/curl_schannel: Increased maximum buffer size to factor 128 + +- winbuild/MakefileBuild.vc: Follow up on 0c8ccf7 + +Daniel Stenberg (2 Oct 2012) +- RELEASE-NOTES: synced with 971f5bcedd418 + + 9 new bug fixes, 5 changes, 6 more contributors + +- multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation + + During the periods of rate limitation, the speedcheck function wasn't + called and thus the values weren't updated accordingly and it would then + easily trigger wrongly once data got transferred again. + + Also, the progress callback's return code was not acknowledged in this + state so it could make an "abort" return code to get ignored and not + have the documented effect of aborting an ongoing transfer. + + Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html + Reported by: Jie He + +- [Tatsuhiro Tsujikawa brought this change] + + tool_metalink.c: Filtered resource URLs by type + + In Metalink v3, the type attribute of url element indicates the + type of the resource the URL points to. It can include URL to the + meta data, such as BitTorrent metainfo file. In Curl, we are not + interested in these meta data URLs. Instead, we are only + interested in the HTTP and FTP URLs. This change filters out + non-HTTP and FTP URLs. If we don't filter out them, it will be + downloaded by curl and hash check will fail if hash is provided + and next URL will be tried. This change will cut this useless + network transfer. + +Kamil Dudka (1 Oct 2012) +- https.c example: remember to call curl_global_init() + + ... in order not to leak memory on initializing an SSL library. + + Reported by: Tomas Mlcoch + +Daniel Stenberg (28 Sep 2012) +- FAQ: remove the date from the topmost line + +- FAQ: 5.16 I want a different time-out! + +- Curl_reconnect_request: clear pointer on failure + + The Curl_reconnect_request() function could end up returning a pointer + to a free()d struct when Curl_done() failed inside. Clearing the pointer + unconditionally after Curl_done() avoids this risk. + + Reported by: Ho-chi Chen + Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html + +- CURLOPT_CONNECTTIMEOUT: works without signals or posix too! + +Marc Hoersken (24 Sep 2012) +- Makefile.vc6: Follow up on 0c8ccf7 + +- Makefile.vc6: Added missing default library advapi32.lib + +Daniel Stenberg (19 Sep 2012) +- HTTP_ONLY: disable more protocols + +- test2006: Updated expected output to include hash name + + Output changed in commit a34197ef77cb + +- [Sergei Nikulov brought this change] + + cmake: use standard findxxx modules for cmake v2.8+ + +- [Sergei Nikulov brought this change] + + setup.h: fixed for MS VC10 build + + Bug: http://curl.haxx.se/bug/view.cgi?id=3568327 + +- TODO-RELEASE: push new features to 7.29 + + Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be + working on them I have little hope... + +Marc Hoersken (17 Sep 2012) +- metalink tests: Updated expected output to include hash name + +Daniel Stenberg (16 Sep 2012) +- [Sara Golemon brought this change] + + curl_multi_wait: Add parameter to return number of active sockets + + Minor change to recently introduced function. BC breaking, but since + curl_multi_wait() doesn't exist in any releases that should be fine. + +Marc Hoersken (14 Sep 2012) +- socks.c: Fixed warning: conversion to 'int' from 'long unsigned int' + +- http_negotiate.c: Fxied warning: unused variable 'rc' + +- ssh.c: Fixed warning: implicit conversion from enumeration type + +- socks.c: Check that IPv6 is enabled before using it's features + +- checksrc: Fixed line length and comment indentation + +- socks.c: Updated error messages to handle hostname and IPv6 + +- socks.c: Added support for IPv6 connections through SOCKSv5 proxy + +Daniel Stenberg (13 Sep 2012) +- parse_proxy: treat "socks://x" as a socks4 proxy + + Selected socks proxy in Google's Chrome browser. Resulting in the + following environment variables: + + NO_PROXY=localhost,127.0.0.0/8 + ALL_PROXY=socks://localhost:1080/ + all_proxy=socks://localhost:1080/ + no_proxy=localhost,127.0.0.0/8 + + ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP + proxy. + + Reported by: Scott Bailey + + Bug: http://curl.haxx.se/bug/view.cgi?id=3566860 + +Kamil Dudka (12 Sep 2012) +- ssh: do not crash if MD5 fingerprint is not provided by libssh2 + + The MD5 fingerprint cannot be computed when running in FIPS mode. + +- ssh: move the fingerprint checking code to a separate fnc + +Marc Hoersken (12 Sep 2012) +- tool_metalink.c: Added name of validation hash to messages + + This makes it easier to debug broken hashes or hash functions. + +- wincrypt: Fixed cross-compilation issues caused by include name + + For some reason WinCrypt.h is named wincrypt.h under MinGW. + +- md5.c: Added support for Microsoft Windows CryptoAPI + +- Makefile.m32: Updated to build against libmetalink 0.1.2 + + The include and library path were moved within libmetalink, this + patch adjusts the defaults provided within the curl MinGW makefile. + +- tool_metalink.c: Added support for Microsoft Windows CryptoAPI + + Since Metalink support requires a crypto library for hash functions + and Windows comes with the builtin CryptoAPI, this patch adds that + API as a fallback to the supported crypto libraries. + It is automatically used on Windows if no other library is provided. + +- libntlmconnect.c: Fixed typo and conversion + +- libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer + + Fixed tests/libtest/libntlmconnect.c:52: warning: call to + '_curl_easy_getinfo_err_long' declared with attribute warning: + curl_easy_getinfo expects a pointer to long for this info + +- sws.c: Fixed warning: 'err' may be used uninitialized in this function + +- libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer + + Windows does not use -1 to represent invalid sockets and the + SOCKET type is unsigned. + +- nss.c: Fixed warning: 'err' may be used uninitialized in this function + +- tool_metalink.c: Fixed error: 'O_BINARY' undeclared + + Check for O_BINARY which is not available on every system. + +- tool_metalink.c: Fixed validation of binary files containing EOF + + Since Windows/MinGW threat 0x1A as the EOF character, reading binary + files which contain that byte does not work using text mode. + The read function will only read until the first 0x1A byte. This + means that the hash is not computed from the whole file and the + final validation check using hash comparision fails. + +- winbuild: Added support for building with SPNEGO enabled + + Since Simple and Protected GSSAPI Negotiation Mechanism + is already implemented in curl and supported by the MinGW + builds, this change adds build support to winbuild makefiles. + +- winbuild: Adjusted order of options to generated config name + + Cleaned up order of handled build options by ordering them + nearly alphabetically by using the order of the generated + config name. Preparation for future/more build options. + +Daniel Stenberg (9 Sep 2012) +- [Anthony Bryan brought this change] + + MANUAL: clarified user+password in HTTP URLs + +- RELEASE-NOTES: synced with 6c6f1f64c2 + + 6 bug fixes to mention, 5 contributors + +- TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done + + -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin + + -324 - curl_multi_select() vs curl_multi_fdvec() etc + +Marc Hoersken (9 Sep 2012) +- curl_schannel.c: Reference count the credential/session handle + + Reference counting the credential handle should avoid that such a + handle is freed while it is still required for connection shutdown + +Daniel Stenberg (8 Sep 2012) +- [Nick Zitzmann brought this change] + + darwinssl: fixed for older Mac OS X versions + + SSL didn't work on older cats if built on a newer cat with weak-linking + turned on to support the older cat + +- [David Blaikie brought this change] + + tool_easysrc.c: Test pointers against NULL + + While validating a new Clang diagnostic (-Wnon-literal-null-conversion - + yes, the name isn't quite correct in this case, but it suffices) I found + a few violations of it in Curl. + +- SOCKS: truly disable it if CURL_DISABLE_PROXY is defined + + Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 + + Patch by: Marcel Raad + +- mk-ca-bundle: detect start of trust section better + + Each certificate section of the input certdata.txt file has a trust + section following it with details. + + This script failed to detect the start of the trust for at least one + cert[*], which made the script continue pass that section into the next + one where it found an 'untrusted' marker and as a result that certficate + was not included in the output. + + [*] = "Hellenic Academic and Research Institutions RootCA 2011" + + Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html + +- [Alessandro Ghedini brought this change] + + gnutls: do not fail on non-fatal handshake errors + + Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402 + +- FILEFORMAT: the FTP commands work for more protocols + +- test1411: verify SMTP without SIZE support + +- [František Kučera brought this change] + + SMTP: only send SIZE if supported + + SMTP client will send SIZE parameter in MAIL FROM command only if server + supports it. Without this patch server might say "504 Command parameter + not implemented" and reject the message. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3564114 + +- ftpserver: respond with a 250 to SMTP EHLO + + ... and specify that SIZE is supported. 250 is the "correct" response + code according to RFC 2821 + +- RELEASE-NOTES: synced with abb0da919300e + +Dan Fandrich (3 Sep 2012) +- Updated Symbian build files + + This is untested, but at least Symbian still has a chance of + still working now. + +- Updated build docs w.r.t. Android and binary sizes + +Daniel Stenberg (1 Sep 2012) +- symbols-in-versions: new CURL_WAIT_* symbols + +- [Sara Golemon brought this change] + + Unit test for curl_multi_wait() + +- [Sara Golemon brought this change] + + Manpage for curl_multi_wait(). + +- [Sara Golemon brought this change] + + multi: add curl_multi_wait() + + /* + * Name: curl_multi_wait() + * + * Desc: Poll on all fds within a CURLM set as well as any + * additional fds passed to the function. + * + * Returns: CURLMcode type, general multi error code. + */ + CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms); + +- [Nick Zitzmann brought this change] + + darwinssl: Bugfix for previous commit for older cats + + I accidentally broke functionality for versions of OS X prior to Mountain + Lion in the previous commit. This commit fixes the problems. + +- [Joe Mason brought this change] + + Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice + +- test2032: bail out after last transfer + + The test would hang and get aborted with a "ABORTING TEST, since it + seems that it would have run forever." until I prevented that from + happening. + + I also fixed the data file which got broken CRLF line endings when I + sucked down the path from Joe's repo == my fault. + + Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly + this. + +- [Joe Mason brought this change] + + NTLM: re-use existing connection better + + If we need an NTLM connection and one already exists, always choose that + one. + +- [Joe Mason brought this change] + + NTLM: verify multiple connections work + + Add test2032 to test that NTLM does not switch connections in the middle + of the handshake + +- curl.1: list the -w variables sorted alphabetically + +- libcurl-share.3: remove wrong info of what can be shared + + "Currently you can only share DNS and/or COOKIE data" is incorrect since + also SSL sessions can be shared. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3562261 + Reported by: Joe Mason + +- [Dave Reisner brought this change] + + examples: use do/while loop for multi examples + + It's conceivable that after the first time curl_multi_perform returns, + the outvalue still_running will be 0, but work will have been done. This + is shown by a workload of small, purely file:// based URLs. Ensure that + we always read pending messages off the multi handle by forcing the + while loop to run at least once. + +- curl.h: fix comment to refer to current names + + CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern + libcurl versions. + +- ftpsget: simple example showing a FTPS fetch + +- sftpget: SFTP is not "SSH FTP" + +- [Armel Asselin brought this change] + + sftpget: example showing a simple SFTP download + + ... using SSH-agent + +- curl_multi_perform.3: extended/clarified + +- INSTALL.cmake: clarify some flaws/limits in the cmake build + +- https.c example: spell check used define + + Bug: http://curl.haxx.se/bug/view.cgi?id=3559845 + Reported by: Olivier Berger + +- configure: update the copyright years for the output + +- [Nick Zitzmann brought this change] + + darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions + + In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number + of SecureTransport functions, some of which we were using. We now check + to see if the replacement functions are present, and if so, we use them + instead. The old functions are still present for users of older + cats. Also fixed a build warning that started to appear under Mountain + Lion + +- curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION + +- [Gokhan Sengun brought this change] + + ftp: active conn, place calling sockopt callback at the end of function + + Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket + +- [Gokhan Sengun brought this change] + + ftp: active conn, allow application to set sockopt after accept() call + + For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types. + +- configure: remove the --enable/disable-nonblocking options + + Removing this option as it currently only functions to lure people into + wrongly using it and falsely believing that libcurl will work fine + without using nonblocking sockets internally - which leads to hard to + track or understand errors. + +- [Ant Bryan brought this change] + + MANUAL review + +- curl.1: shorten lines, avoid referring to libcurl instead of curl + +- [Ant Bryan brought this change] + + curl.1: fix more consistent wording + + "If this option is used several times, the last one will be used." + uniformity + +- ssh: use the libssh2 agent API conditionally + + Commit e351972bc89aa4c brought in the ssh agent support but some uses of + the libssh2 agent API was done unconditionally which wasn't good enough + since that API hasn't always been present. + +- white space fix: shorten long line + + ... to please checksrc.pl + +Kamil Dudka (9 Aug 2012) +- docs: update the links to cipher-suites supported by NSS + + ... and make the list of cipher-suites in nss.c readable by humans. + + Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html + +- nss: do not print misleading NSS error codes + +Daniel Stenberg (8 Aug 2012) +- RELEASE-NOTES: synced with 0774386b23 + + 5 more bug fixes, one change, 6 contributors + +- [Armel Asselin brought this change] + + docs: mention CURLSSH_AUTH_AGENT + +- [Armel Asselin brought this change] + + SSH: added agent based authentication + + CURLSSH_AUTH_AGENT is a new auth type for SSH + +- bump version to 7.28.0 + + I am about to merge the first patch that adds changes into the pending + release, and thus we bump the minor number. + +- RELEASE-NOTES: added missing link + +- curl_version: fixed Value stored to 'len' is never read + + Fixed this (harmless) clang-analyzer warning. Also fixed the source + indentation level. + +- TODO-RELEASE: the (nil) bug is fixed + +- add_next_timeout: minor restructure of code + + By reading the ->head pointer and using that instead of the ->size + number to figure out if there's a list remaining we avoid the (false + positive) clang-analyzer warning that we might dereference of a null + pointer. + +- verbose messages: fixed output of hostnames in re-used connections + + I suspect this is a regression introduced in commit 207cf150, included + since 7.24.0. + + Avoid showing '(nil)' as hostname in verbose output by making sure the + hostname fixup function is called early enough to set the pointers that + are used for this. The name data is set again for each request even for + re-used connections to handle multiple hostnames over the same + connection (like with proxy) or that the casing etc of the host name is + changed between requests (which has proven to be important at least once + in the past). + + Test1011 was modified to use a redirect with a re-used a connection + since it then showed the bug and now lo longer does. There's currently + no easy way to have the test suite detect 'nil' texts in verbose ouputs + so no tests will detect if this problem gets reintroduced. + + Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html + Reported by: Gisle Vanem + +- [Nick Zitzmann brought this change] + + metalink: Un-broke the build when building --with-darwinssl + +Guenter Knauf (8 Aug 2012) +- Fix some compiler warnings. + +Daniel Stenberg (8 Aug 2012) +- TODO-RELEASE: two bugs fixed + + These are now addressed: + + 323 - patch - select.c / Curl_socket_check() interrupted + + 325 - Avoid leak of local device string when reusing connection + +- curl.1: minor format fix for --data-ascii + + ... and removal of trailing whitespace on a single line + +- [Ant Bryan brought this change] + + curl man page cleanup + +- [Mike Crowe brought this change] + + Avoid leak of local device string when reusing connection + + Ensure that the copy of the CURLOPT_INTERFACE string is freed if we + decide we can reuse an existing connection. + +- Curl_socket_check: fix timeout return value for select users + + This is the same fix applied for the conditional code that uses select() + that was already done for the poll specific code in commit + b61e8b81f5038. + +- [Maxime Larocque brought this change] + + Curl_socket_check: fix return code for timeout + + We found a problem with ftp transfer using libcurl (7.23 and 7.25) + inside an application which is receiving unix signals (SIGUSR1, + SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE + defined). + + Curl_socket_check() uses poll() to wait for the socket, and retries it + when a signal is received (EINTR). However, if a signal is received and + it also happens that the timeout has been reached, Curl_socket_check() + returns -1 instead of 0 (indicating an error instead of a timeout). + + In our case, the result is an aborted connection even before the ftp + banner is received from the server, and a return value of + CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(), + in pingpong.c, actually returns OOM if Curl_socket_check() fails :-) + Funny to debug on a system on which OOM is a possible cause). + + Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html + +- RELEASE-NOTES: synced with b4a558041fdf65c0 + +- TODO-RELEASE: fixed another bug + + bug #3544688 "crash during retry with libcurl and SFTP" + +- WSAPoll: disabled on all windows builds + + Due to WSAPoll bugs, libcurl does not work as intended. When the cURL + library is used to setup a connection to an incorrect port, normally the + result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll, + the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was + reached */. + + On August 1, Jan Koen Annot opened a case for this to Microsoft Premier + Online (https://premier.microsoft.com/). The support engineer handling + the case wrote that the case description is quite clear. He will try to + reproduce the issue and then proceed with troubleshooting it. + + Reported by: Jan Koen Annot + Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html + +- retry request: only access the HTTP data if in fact HTTP + + When figuring out if the data stream needs to be rewound when the + request is to be resent, we must not access the HTTP struct unless the + protocol used is indeed HTTP... + + Bug: http://curl.haxx.se/bug/view.cgi?id=3544688 + +- TODO: support DANE, we already support gnutls without gcrypt + +- curl-config: parentheses fix + + Braces, not parentheses, should be used for shell variable names. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3551460 + Reported by: Edward Sheldrake + +- VC build: add define for openssl + + This fixes a build failure of lib/ssluse.c. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3552997 + +- TODO-RELEASE: two bugs fixed! + +- globbing: fix segfault when >9 globs were used + + Stupid lack of range checks caused the code to overwrite local variables + after glob number nine. Added checks now. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3546353 + +- [Joe Mason brought this change] + + sws: close sockets properly + + Fix a bug where closed sockets (fd -1) were left in the all_sockets + list, because of missing parens in a pointer arithmetic expression + + Reenable the tests that were locking up due to this bug. + +- [Joe Mason brought this change] + + Remove debug logs that were accidentally checked in + +- [Joe Mason brought this change] + + Use select in sws, which has better cross-platform support than poll + +- [Joe Mason brought this change] + + Use cross-platform curlx_nonblock instead of fcntl in sws + +- operate: fix clang-analyzer warnings for never read variables + + Two separate "Value stored to 'XXX' is never read" warnings + +- operate: fix clang-analyzer warning + + Value stored to 'separator' is never read + +- metalink: change code order to build with gnutls-nettle + + Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 + Reported by: Anthony G. Basile + +- gtls: fix build failure by including nettle-specific headers + + Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 + Reported by: Anthony G. Basile + +Guenter Knauf (6 Aug 2012) +- Fixed compiler warning - argument is type long. + +Daniel Stenberg (6 Aug 2012) +- DISABLED: disable the new tests that do NTLM + + The tests 2025, 2028 and 2031 don't work for me so I'll have them + disabled for now until we solve the problem. + +Joe Mason (3 Aug 2012) +- Add tests of auth retries + +- Cleanup handshake after clean NTLM failure + +- Zero out auth structs before transfer + +- Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and + SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value + of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they + won't continue reading until after poll is called again. + +- Change return values of get_request, accept_connection and service_connection to add a return code + for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0 + means there is no data available now so need to wait for poll (new return value) + +- Hoist the loop out of get_request, and make sure that it can be reentered when a request is + half-finished. + + Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we + initialize it from the caller we must be careful not to overwrite the pipeline data. + + Also we now need to handle the case where the buffer is already full when get_request is called - + previously this never happened as it was always called with an empty buffer and looped until done. + + Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll + signals it is readable. + +- Move blocks of code from the sws main loop into their own functions for easier refactoring later. + The next step will be to call the correct function after a poll, rather than looping unconditionally + +- Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should + be redundant once we poll + +Kamil Dudka (30 Jul 2012) +- file: use fdopen() for uploaded files if available + + It eliminates noisy events when using inotify and fixes a TOCTOU issue. + + Bug: https://bugzilla.redhat.com/844385 + +Guenter Knauf (29 Jul 2012) +- Added DWANT_IDN_PROTOTYPES define for MSVC too. + + Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html + +- Added Win32 problems. + +- Added hint to read docs/INSTALL too. + +- Added new file to distro. + +Steve Holme (28 Jul 2012) +- TODO: Updated after 7.27.0 release + + Removed APOP and SASL authentication from the POP3 section and metalink + support from the client section as these features were implemented in + this release. + + Moved adding gssapi to SASL into it's own section rather than repeat it + for each protocol. + +Daniel Stenberg (28 Jul 2012) +- TODO-RELEASE: updated after 7.27.0 release + +- THANKS: 12 new contributors from the 7.27.0 release + +- version bump: start towards next release + + Let's call it 7.27.1 for now, but it it probably going to become 7.28.0 + when released. + +Version 7.27.0 (27 Jul 2012) + +Guenter Knauf (27 Jul 2012) +- Fixed compiler warning 'unused parameter'. + +- Added prototypes to kill compiler warning. + +- Added --with-winidn to configure. + + This needs another look from the configure experts. I tested that + it works so far with MinGW64 cross-compiler; libcurl builds and + links fine, but curl not yet ... + +Daniel Stenberg (27 Jul 2012) +- [Ant Bryan brought this change] + + Update man page info on --metalink and typo. + +- RELEASE-NOTES: remove mentioned of bug never in a release + + The --silent bug came with 7561a0fc834c435 which was never in a release. + Pointed out by Kamil Dudka + +- RELEASE-NOTES: synced with 33b815e894fb + + 4 more bugfixes, 3 more contributors + +Guenter Knauf (26 Jul 2012) +- Changed Windows IDN text to 'WinIDN'. + + Synced the output to the same short form as we now use for + Windows SSL (WinSSL). + +Daniel Stenberg (25 Jul 2012) +- [Nick Zitzmann brought this change] + + darwinssl: fixed freeze involving the multi interface + + Previously the curl_multi interface would freeze if darwinssl was + enabled and at least one of the handles tried to connect to a Web site + using HTTPS. Removed the "wouldblock" state darwinssl was using because + I figured out a solution for our "would block but in which direction?" + dilemma. + +Guenter Knauf (25 Jul 2012) +- Added support for tls-srp to MinGW builds. + +Daniel Stenberg (24 Jul 2012) +- curl_easy_setopt: fix typo + + Reported by: Santhana Todatry + +- keepalive: multiply value for OS-specific units + + DragonFly uses milliseconds, while our API and Linux use full seconds. + + Reported by: John Marino + Bug: http://curl.haxx.se/bug/view.cgi?id=3546257 + +Kamil Dudka (22 Jul 2012) +- http: print reason phrase from HTTP status line on error + + Bug: https://bugzilla.redhat.com/676596 + +- tool_operate: fix misplaced initialization of orig_noprogress + + ... and orig_isatty which caused --silent to be entirely ignored in case + the standard output was redirected to a file! + +Daniel Stenberg (21 Jul 2012) +- [Anton Yabchinskiy brought this change] + + Client's "qop" value should not be quoted (RFC2617, section 3.2.2). + +Guenter Knauf (21 Jul 2012) +- Fixed typo. + +Daniel Stenberg (20 Jul 2012) +- make: make distclean work again + + The clean-local hook needed some polish to make sure make distclean + works. Added comment describing why. + +- test Makefile: only feature 'unit' once in the list of dirs + +Dan Fandrich (20 Jul 2012) +- Fixed some typos in documentation + +Guenter Knauf (20 Jul 2012) +- Fixed CR issue with Win32 version on MSYS. + + Previous fix didnt work on Linux ... + +- Fixed CR issue with Win32 version on MSYS. + +- Fixed MSYS <-> Windows path convertion. + + Replaced the Windows real path from mount hack with a more + reliable and simpler hack: the MSYS shell has a builtin pwd + which understands a -W option which does convertion to Windows + paths. Tested and confirmed that this works on all MSYS versions + I have back to a 3 year old one. + +- Follow-up fix to detect SSL libs with MinGW. + + 1) the check for winssl needs to come before nss check + 2) the SSL checks must begin with a new if or else we will + never find any SSL lib with MinGW. + +- Tell git to not convert configure-related files. + +- Trial to teach runtests.pl about WinSSL. + +- Fixed warning 'uninitialized value in numeric gt'. + + This is a MSYS/MinGW-only warning; full warning text is: + Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227. + +Daniel Stenberg (15 Jul 2012) +- RELEASE-NOTES: synced with 9d11716933616 + + Fixed 6 bugs, added 3 contributors + +- multi_runsingle: added precaution against easy_conn NULL pointer + + In many states the easy_conn pointer is referenced and just assumed to + be working. This is an added extra check since analyzing indicates + there's a risk we can end up in these states with a NULL pointer there. + +- getparam: fix the GetStr() macro + + It should return PARAM_NO_MEM if the strdup fails. Spotted by + clang-analyzer + +Guenter Knauf (15 Jul 2012) +- Tell git to not convert configure-related files. + +Daniel Stenberg (13 Jul 2012) +- parse_proxy: remove dead assignment + + Spotted by clang-analyzer + +- ftp_do_more: add missing check of return code + + Spotted by clang-analyzer. The return code was never checked, just + stored. + +- getinfo: use va_end and cut off Curl_ from static funcs + + va_end() needs to be used after va_start() and we don't normally use + Curl_ prefixes for purely static functions. + +- [Philip Craig brought this change] + + Split up Curl_getinfo + + This avoids false positives from clang's scan-build. + +Guenter Knauf (12 Jul 2012) +- Added error checking for curl_global_init(). + +- Added curl_global_* functions. + +- Minor fixes to MinGW makefiles. + +Daniel Stenberg (12 Jul 2012) +- docs: mention CURL_GLOBAL_DEFAULT + +Guenter Knauf (12 Jul 2012) +- Added curl_global_* functions. + +Daniel Stenberg (12 Jul 2012) +- tests: verify the stricter numeric option parser + + Test 1409 and 1410 verifies the stricter numeric option parser + introduced the other day in commit f2b6ebed7b. + +- SWS: use of uninitialized memory fix + + I made "connmon" not get initialized properly before use, and I use the + big hammer and make sure we always clear the entire struct to avoid any + problem like this in the future. + +- test48: verify that HEAD doesn't close extra + + Two commits ago, we fixed a bug where the connction would be closed + prematurely after a HEAD. Now I added connection-monitor to test 48 and + added a second HEAD and make sure that both are sent over the same + connection. + + This triggered a failure before the bug fix and now works. Will help us + avoid a future regression of this kind. + +- connection-monitor: always log disconnect when enabled + + This makes verifying easier and makes us more sure curl closes the + connection only at the correct point in time. Adjusted test 206 and 1008 + accordingly and updated the docs for it. + +- HEAD: don't force-close after response-headers + + A HEAD response has no body length and gets the headers like the + corresponding GET would so it should not get closed after the response + based on the same rules. This mistake caused connections that did HEAD + to get closed too often without a valid reason. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3542731 + Reported by: Eelco Dolstra + +Guenter Knauf (12 Jul 2012) +- Removed trailing empty strings from awk script. + +- Cleaned up version awk script. + +- Added project copyright header. + +- Removed libcurl.imp from Makefile.am. + + Updated .gitignore for NetWare created files. + +- Added missing dependency to export list. + +- Fixed export list path. + +- Changed NetWare build to generate export list. + +- Added pointer to FAQ for linkage errors. + +- Small NetWare makefile tweak. + +- Changed MinGW makefiles to use WINSSL now. + +Daniel Stenberg (10 Jul 2012) +- test231: fix wrong -C use! + +- cmdline: parse numerical options stricter + + 1 - str2offset() no longer accepts negative numbers since offsets are by + nature positive. + + 2 - introduced str2unum() for the command line parser that accepts + numericals which are not supposed to be negative, so that it will + properly complain on apparent bad uses and mistakes. + + Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html + +- docs: switch to proper UTF-8 for text file encoding + +Yang Tse (9 Jul 2012) +- Make Curl_schannel_version() return "WinSSL" + + Modification based on voting result: + + http://curl.haxx.se/mail/lib-2012-07/0104.html + +Daniel Stenberg (9 Jul 2012) +- test 46: use different path lengths to get reliable sort order + + Since the order of the cookies is sorted by the length of the paths, + having them on the same path length will make the test depend on what + order the qsort() implementation will put them. As seen in the + windows/msys output posted by Guenter in this posting: + http://curl.haxx.se/mail/lib-2012-07/0105.html + +- cookie: fixed typo in comment + +- [Christian Hägele brought this change] + + https_getsock: provided for schannel backend as well + + The function https_getsock was only implemented properly when USE_SSLEAY + or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL. + + The problem occurs when Curl_read_plain or Curl_write_plain returns + CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an + the used socket is set to state CURL_POLL_REMOVE and the easy-state is + set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket + should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's + where https_getsock is called and doesn't return any sockets. + +- RELEASE-NOTES: added a URL reference to cookie docs + +Guenter Knauf (8 Jul 2012) +- Removed obsolete include path to project root. + +Daniel Stenberg (8 Jul 2012) +- TODO-RELEASE: issue 316 NTLM over proxy is fixed + +- [Nick Zitzmann brought this change] + + darwinssl: don't use arc4random_buf + + Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the + function is not available prior to iOS 4.3 and OS X 10.7. + +- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format + +- KNOWN_BUGS: #79 - any RCPT TO failure makes and error + +Marc Hoersken (8 Jul 2012) +- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help + +- winbuild: Make USE_WINSSL depend on USE_SSPI + + Since WinSSL cannot be build without SSPI being enabled, + USE_WINSSL now defaults to the value of USE_SSPI. + + The makefile does now raise an error if WinSSL is enabled + while SSPI is disabled. + +- winbuild: Aligned USE_SSPI with other USE_x defines + + Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no. + Backwards compatible change: USE_SSPI can still be passed as external + parameter with yes/no value as long as ENABLE_SSPI is not given. + + USE_x defines are passed around with true/false values internally, + USE_SSPI is now aligned to this approach, but still accepts external + values yes/no being passed, just like the other defines. + +- winbuild: Clean up formatting and variable naming + + - Changed space usage to line up with the whole file + - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be + consistent with the other CFLAGS_x variables + - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS) + instead of appending directly to CFLAGS + +Daniel Stenberg (7 Jul 2012) +- [Nick Zitzmann brought this change] + + darwinssl: output cipher with text, remove SNI warning + + The code was printing a warning when SNI was set up successfully. Oops. + + Printing the cipher number in verbose mode was something only TLS/SSL + programmers might understand, so I had it print the name of the cipher, + just like in the OpenSSL code. That'll be at least a little bit easier + to understand. The SecureTransport API doesn't have a method of getting + a string from a cipher like OpenSSL does, so I had to generate the + strings manually. + +- RELEASE-NOTES: synced with 5a99bce07d + +- KNOWN_BUGS: NTLM with unicode works with schannel/winssl! + + Bug #75 updated with additional info, still remains for builds with + other backends. + +- code police: narrow source to < 80 columns + +Yang Tse (5 Jul 2012) +- unicode NTLM SSPI: cleanup follow-up + +- unicode NTLM SSPI: cleanup + + Reduce the number of #ifdef UNICODE directives used in source files. + +Daniel Stenberg (5 Jul 2012) +- tests: use connection-monitor and verify results + + Test 1008 and 206 don't show the disconnect since it happens when SWS + awaits a new request, but 503 does and so the verify section needs that + string added. + +- http-proxy: keep CONNECT connections alive (for NTLM) + + When doing CONNECT requests, libcurl must make sure the connection is + alive as much as possible. NTLM requires it and it is generally good for + other cases as well. + + NTLM over CONNECT requests has been broken since this regression I + introduced in my CONNECT cleanup commits that started with 41b02378342, + included since 7.25.0. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 + Reported by: Marcel Raad + +- sws: support <servercmd> for CONNECT requests + + I moved out the servercmd parsing into a its own function called + parse_servercmd() and made sure it gets used also when the test number + is extracted from CONNECT requests. It turned out sws didn't do that + previously! + +- FILEFORMAT: provided a full description of connection-monitor + +- lib503: enable verbose to ease debugging this + +- sws: add 'connection-monitor' command support + + Using this, the server will output in the protocol log when the + connection gets disconnected and thus we will verify correctly in the + test cases that the connection doesn't get closed prematurely. This is + important for example NTLM to work. + + Documentation added to FILEFORMAT, test 503 updated to use this. + +Guenter Knauf (4 Jul 2012) +- Removed non-used variable. + +- Added error checking for samples. + +- Renamed vars to avoid shadow global declaration. + +Daniel Stenberg (3 Jul 2012) +- docs: clarify how to start with curl_multi_socket_action + + Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical + application. + +Guenter Knauf (3 Jul 2012) +- Moved some patterns to subfolder's .gitignore. + +- Merge branch 'master' of ssh://github.com/bagder/curl + +- MinGW makefile tweaks for running from sh. + + Added function macros to make path converting easier. + Added CROSSPREFIX to all compile tools. + +Yang Tse (3 Jul 2012) +- [Marc Hoersken brought this change] + + curl_ntlm_msgs.c: Removed unused variable passwd + +Guenter Knauf (3 Jul 2012) +- Added files generated by mingw32, eclipse and VC. + + Posted by Marc Hoersken. + +Daniel Stenberg (3 Jul 2012) +- cookies: change the URL in the cookie jar file header + +- HTTP-COOKIES: clarified and modified layout + +- HTTP-COOKIES: use the FAQ document layout + +- HTTP-COOKIES: added cookie documentation + +Yang Tse (3 Jul 2012) +- curl_ntlm_msgs.c: include <tchar.h> for prototypes + +- [Neil Bowers brought this change] + + testcurl.pl: fix missing semicolon + +Daniel Stenberg (2 Jul 2012) +- [Christian Hägele brought this change] + + unicode NTLM SSPI: heap corruption fixed + + When compiling libcurl with UNICODE defined and using unicode characters + in username. + +Yang Tse (2 Jul 2012) +- testcurl.pl: allow non in-tree c-ares enabled autobuild + +- configure.ac: verify that libmetalink is new enough + + Enabling test2017 to test2022. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Added runtime version check for libmetalink + +- [Tatsuhiro Tsujikawa brought this change] + + Include metalink/metalink.h for libmetalink functions + +Daniel Stenberg (2 Jul 2012) +- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore + +- release: cleaned up plans for this and coming release + +Yang Tse (29 Jun 2012) +- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang + + Currently it is unknown if there is any version of clang that + actually supports -Wstrict-aliasing. What is known is that there + are several that don't support it. + +- test2017 to test2022: more metalink tests + + With this commit, checks done in previous test2017 are now done in test2018. + + Whole range test2017 to test2022 DISABLED until configure is capable of + requiring a new-enough metalink library. + + Don't try these without mentioned check in place! + +- test2005 to test2016: improve failure detection + +- lib582.c: fix conversion warning + +- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes + +- [Marc Hoersken brought this change] + + nss.c: Fixed size_t conversion warnings + +- sslgen.c: cleanup temporary compile-time SSL-backend check + +Daniel Stenberg (28 Jun 2012) +- schannel: provide two additional (dummy) API defines + +Yang Tse (28 Jun 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: message updates + + Print "parsing (...) OK" only when no warnings are generated. If + no file is found in Metalink, treat it FAILED. + + If no digest is provided, print WARNING in parse_metalink(). + Also print validating FAILED after download. + + These changes make tests 2012 to 2016 pass. + +Daniel Stenberg (27 Jun 2012) +- sslgen: avoid compiler error in SSPI builds + +Yang Tse (27 Jun 2012) +- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t' + + Reported by Tatsuhiro Tsujikawa + + http://curl.haxx.se/mail/lib-2012-06/0371.html + +- sslgen.c: add compile-time check for SSL-backend completeness + +- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c + +- build: add curl_schannel and curl_darwinssl files to other build systems + +- tests: add five more Metalink test cases + +- tests: update Metalink message format + +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: updated message format + +- [Nick Zitzmann brought this change] + + DarwinSSL: allow using NTLM authentication + + Allow NTLM authentication when building using SecureTransport (Darwin) for SSL. + + This uses CommonCrypto, a cryptography library that ships with all versions of + iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few + less-common cyphers and doesn't have a big number data structure. + +- curl_darwinssl.h: add newline at end of file + +Daniel Stenberg (26 Jun 2012) +- ossl_seed: remove leftover RAND_screen check + + Before commit 2dded8fedba (dec 2010) there was logic that used + RAND_screen() at times and now I remove the leftover #ifdef check for + it. + + The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious + to keep since it hardly increases randomness but I fear I'll break + something if I remove it now... + +Yang Tse (26 Jun 2012) +- [Nick Zitzmann brought this change] + + DarwinSSL: several adjustments + + - Renamed st_ function prefix to darwinssl_ + - Renamed Curl_st_ function prefix to Curl_darwinssl_ + - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h + - Fixed a teensy little bug that made non-blocking connection attempts block + - Made it so that it builds cleanly against the iOS 5.1 SDK + +- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds + +- [Marc Hoersken brought this change] + + sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing + + Fixed warning: dereferencing pointer does break strict-aliasing rules + by using a union inside the struct Curl_sockaddr_storage declaration. + +Daniel Stenberg (26 Jun 2012) +- SSL cleanup: use crypto functions through the sslgen layer + + curl_ntlm_msgs.c would previously use an #ifdef maze and direct + SSL-library calls instead of using the SSL layer we have for this + purpose. + +- [Nick Zitzmann brought this change] + + darwinssl: add support for native Mac OS X/iOS SSL + +- RELEASE-NOTES: link to more metalink info + +- RELEASE-NOTES: synced with d025af9bb576 + +Yang Tse (25 Jun 2012) +- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() + +- [Marc Hoersken brought this change] + + curl_schannel.c: Replace free() with Curl_safefree() + +- [Tatsuhiro Tsujikawa brought this change] + + curl.1: Updated Metalink description in man page + + Documented that --include will be ignored if both --metalink + and --include are specified. + Also documented that a Metalink file in the local file system + cannot be used if FILE protocol is disabled. + +Steve Holme (24 Jun 2012) +- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol + + Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html + Reported by: Nagai H + +- smtp: Corrected result code for MAIL, RCPT and DATA commands + + Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html + Reported by: Dan + +Daniel Stenberg (24 Jun 2012) +- [Ghennadi Procopciuc brought this change] + + test: Added test HTTP receive cookies over IPv6 + +Yang Tse (22 Jun 2012) +- tests: add another Metalink test case + +- [Tatsuhiro Tsujikawa brought this change] + + tests: Enable test2010 and fixed hash value + +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: ignore --include if --metalink is used. + + Including headers in response body will break Metalink XML parser. + If it is included in the file described in Metalink XML, hash check + will fail. Therefore, --include should be ignored if --metalink is + used. + +- tests: add six Metalink test cases + +- test 2005: add verification of hash checking outcome + +- getpart.pm: remove misleading comment + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Prefixed all Metalink related messages with "Metalink: " + +- [Tatsuhiro Tsujikawa brought this change] + + tests: Added Metalink test case # 2005 + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Restore noprogress and isatty config values. + + The noprogress and isatty in Configurable are global, in a sense + that they persist in one curl invocation. Currently once one + download writes its response data to tty, they are set to FALSE + and they are not restored on successive downloads. This change + first backups the current noprogress and isatty, and restores + them when download does not write its data to tty. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Made --metalink option toggle Metalink functionality + + In this change, --metalink option no longer takes argument. If + it is specified, given URIs are processed as Metalink XML file. + If given URIs are remote (e.g., http URI), curl downloads it + first. Regardless URI is local file (e.g., file URI scheme) or + remote, Metalink XML file is not written to local file system and + the received data is fed into Metalink XML parser directly. This + means with --metalink option, filename related options like -O + and -o are ignored. + + Usage examples: + + $ curl --metalink http://example.org/foo.metalink + + This will download foo.metalink and parse it and then download + the URI described there. + + $ curl --metalink file://foo.metalink + + This will parse local file foo.metalink and then download the URI + described there. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Refactored metalink_checksum + + When creating metalink_checksum from metalink_checksum_t, first + check hex digest is valid for the given hash function. We do + this check in the order of digest_aliases so that first good + match will be chosen (strongest hash function available). As a + result, the metalinkfile now only contains at most one + metalink_checksum because other entries are just redundant. + +- [Gisle Vanem brought this change] + + tool_doswin.c: fix djgpp function _use_lfn() used without a prototype + + http://curl.haxx.se/mail/archive-2012-06/0028.html + +- build: fix RESOURCE bug in lib/Makefile.vc* + + Removed two, not intended to exist, RESOURCE declarations. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3535977 + + And sorted configuration hunks to reflect same internal order + as the one shown in the usage message. + +Daniel Stenberg (20 Jun 2012) +- [Marc Hoersken brought this change] + + schannel: Implement new buffer size strategy + + Increase decrypted and encrypted cache buffers using limitted + doubling strategy. More information on the mailinglist: + http://curl.haxx.se/mail/lib-2012-06/0255.html + + It updates the two remaining reallocations that have already been there + and fixes the other one to use the same "do we need to increase the + buffer"-condition as the other two. CURL_SCHANNEL_BUFFER_STEP_SIZE was + renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it + is now. Since we don't know how much more data we are going to read + during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the + minimum free space required in the buffer for the next operation. + CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since + we don't have a step size now, the define was renamed. + +Yang Tse (20 Jun 2012) +- schannel SSL: fix compiler warning + +- [Mark Salisbury brought this change] + + schannel SSL: fix for renegotiate problem + + In schannel_connect_step2() doread should be initialized based + on connssl->connecting_state. + +- [Tatsuhiro Tsujikawa brought this change] + + runtests.pl: make it support metalink feature + +- getpart.pm: make test definition section/part parser more robust + + Test definition section parts which needed to include xml-lingo as contents + of that part required that the xml-blurb was written as a single line. Now the + xml-data inside the part can be written multiline making it more readable. + + Tested with <client><file> part which is written to disk before <command> runs. + +Daniel Stenberg (20 Jun 2012) +- schannel_connect_step2: checksrc whitespace fix + +Yang Tse (20 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: changes in schannel_connect_step2 + + Process extra data buffer before returning from schannel_connect_step2. + Without this change I've seen WinCE hang when schannel_connect_step2 + returns and calls Curl_socket_ready. + + If the encrypted handshake does not fit in the intial buffer (seen with + large certificate chain), increasing the encrypted data buffer is necessary. + + Fixed warning in curl_schannel.c line 1215. + +- [Mark Salisbury brought this change] + + config-win32ce.h: WinCE config adjustment + + process.h is not present on WinCE + +- [Mark Salisbury brought this change] + + schannel SSL: Made send method handle unexpected cases better + + Implemented timeout loop in schannel_send while sending data. This + is as close as I think we can get to write buffering; I put a big + comment in to explain my thinking. + + With some committer adjustments + +Daniel Stenberg (19 Jun 2012) +- [Marc Hoersken brought this change] + + curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size + +Yang Tse (19 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: Use standard Curl read/write methods + + Replaced calls to swrite with Curl_write_plain and calls to sread + with Curl_read_plain. + + With some committer adjustments + +- schannel SSL: make wording of some trace messages better reflect reality + +Daniel Stenberg (19 Jun 2012) +- [Marc Hoersken brought this change] + + curl_schannel.h: Use BUFSIZE as the initial buffer size if available + + Make the Schannel implementation use libcurl's default buffer size + for the initial received encrypted and decrypted data cache buffers. + The implementation still needs to handle more data since more data + might have already been received or decrypted during the handshake + or a read operation which needs to be cached for the next read. + +Guenter Knauf (19 Jun 2012) +- Fixed NetWare makefile broken from last commit. + +Yang Tse (19 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: Implemented SSL shutdown + + curl_schannel.c - implemented graceful SSL shutdown. If we fail to + shutdown the connection gracefully, I've seen schannel try to use a + session ID for future connects and the server aborts the connection + during the handshake. + +- [Mark Salisbury brought this change] + + schannel SSL: certificate validation on WinCE + + curl_schannel.c - auto certificate validation doesn't seem to work + right on CE. I added a method to perform the certificate validation + which uses CertGetCertificateChain and manually handles the result. + +- [Mark Salisbury brought this change] + + schannel SSL: Added helper methods to simplify code + + Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it + easier to set up SecBuffer & SecBufferDesc structs. + +Guenter Knauf (18 Jun 2012) +- Some more NetWare makefile tweaks for metalink. + +Yang Tse (18 Jun 2012) +- tool_cb_see.c: WinCE build adjustment + +- [Mark Salisbury brought this change] + + setup.h: WinCE build adjustment + +- [Mark Salisbury brought this change] + + ftplistparser.c: do not compile if FTP protocol is not enabled + +- Win32: downplay MS bazillion type synonyms game + + Avoid usage of some MS type synonyms to allow compilation with + compiler headers that don't define these, using simpler synonyms. + +Daniel Stenberg (15 Jun 2012) +- Curl_rtsp_parseheader: avoid useless malloc/free + + Coverity actually pointed out flawed logic in the previous call to + Curl_strntoupper() where the code used sizeof() of a pointer to pass in + a size argument. That code still worked since it only needed to + uppercase 4 letters. Still, the entire malloc/uppercase/free sequence + was pointless since the code has already matched the string once in the + condition that starts the block of code. + +- curl_share_setopt: use va_end() + + As spotted by Coverity, va_end() was not used previously. To make it + used I took away a bunch of return statements and made them into + assignments instead. + +Yang Tse (15 Jun 2012) +- SSPI related code: Unicode support for WinCE - kill compiler warnings + +- [Mark Salisbury brought this change] + + SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up + +- build: add curl_multibyte files to build systems + +- [Mark Salisbury brought this change] + + SSPI related code: Unicode support for WinCE + + SSPI related code now compiles with ANSI and WCHAR versions of security + methods (WinCE requires WCHAR versions of methods). + + Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file. + + curl_sasl.c - include curl_memory.h to use correct memory functions. + + getenv.c and telnet.c - WinCE compatibility fix + + With some committer adjustments + +Guenter Knauf (15 Jun 2012) +- Fixed typo. + +Yang Tse (14 Jun 2012) +- winbuild/MakefileBuild.vc: convert line endings to DOS style + + As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html + +- [Marc Hoersken brought this change] + + winbuild: Allow SSPI build with or without Schannel + + The changes introduced in commit 2bfa57bc32 are not enough + to make it actually possible to use the USE_WINSSL option. + Makefile.vc was not updated and the configuration name which is + used in the build path did not match between both build files. + + This patch fixes those issues and introduces the following changes: + + - Replaced the -schannel name with -winssl in order to be consistent + with the other options + - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes) + - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if + USE_SSL is false and USE_WINSSL was not specified as a parameter + - Separated WINSSL handling from SSPI handling to be consistent with + the other options and their corresponding code path + +- curl.1: 7.27.0 seems next release + +- schannel: fix printf-style format strings + +- Fix bad failf() and info() usage + + Calls to failf() are not supposed to provide trailing newline. + Calls to infof() must provide trailing newline. + + Fixed 30 or so strings. + +- schannel: fix unused parameter warnings + +- schannel: fix comparisons between signed and unsigned + +- schannel: fix discarding qualifier from pointer type + +- schannel: fix shadowing of global declarations + +- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations + +- [Gisle Vanem brought this change] + + urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h + + Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and + OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included + via <winldap.h> in ldap.c. + + http://curl.haxx.se/mail/lib-2012-06/0196.html + +- MakefileBuild.vc: Allow building without SSL + + In order to use Windows native SSL support define 'USE_WINSSL' + +- configure: new option --with-winssl + + This option may be used to build curl/libcurl using SSL/TLS support provided + by MS windows system libraries. Option is mutually exclusive with any other + SSL library. Default value is --without-winssl. + + --with-winssl option implies --with-sspi option. + + Option meaningful only for Windows builds. + +Guenter Knauf (13 Jun 2012) +- Changed Schannel string to SSL-Windows-native. + + This is more descriptive for the user who might + not even know what schannnel is at all. + +Yang Tse (13 Jun 2012) +- schannel: remove version number and identify its use with 'schannel' literal + + Version number is removed in order to make this info consistent with + how we do it with other MS and Linux system libraries for which we don't + provide this info. + + Identifier changed from 'WinSSPI' to 'schannel' given that this is the + actual provider of the SSL/TLS support. libcurl can still be built with + SSPI and without SCHANNEL support. + +Daniel Stenberg (12 Jun 2012) +- singlesocket: remove dead code + + No need to check if 'entry' is non-NULL in a spot where it is already checked + and guaranteed to be non-NULL. + + (Spotted by a Coverity scan) + +- netrc: remove dead code + + Remove two states from the enum and the corresponding code for them as + these states were never reached or used. + + (Spotted by a Coverity scan) + +Yang Tse (12 Jun 2012) +- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing" + + This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e. + + It didn't server its purpose, so lets go back to long-time working code. + +- socks_sspi.c: further cleanup + +- [Marc Hoersken brought this change] + + socks_sspi.c: Clean up and removal of obsolete minor status + + Removed obsolete minor status variable and parameter of status function + which was never used or set at all. Also Curl_sspi_strerror does support + only one status and there is no need for a second sub status. + +Guenter Knauf (12 Jun 2012) +- Removed trailing whitespaces. + +Yang Tse (12 Jun 2012) +- strerror.c: make Curl_sspi_strerror() always return code for errors + +- curl_sspi.h: provide sspi status definitions missing in old headers + +- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function + +- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function + +Daniel Stenberg (11 Jun 2012) +- Revert: 634f7cfee40d4658 partially + + Make sure CURL_VERSION_SSPI is present and works as in previous releases + for ABI and API compatibility reasons. + +- checksrc: shorten a few lines to comply + +- cleanup: remove trailing whitespace + +- [Marc Hoersken brought this change] + + winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI + + Removed specific WITH_SSL=schannel paramter that did not fit the general + schema and complicated the parameters. For now Schannel will be enabled + if SSPI is enabled and OpenSSL is disabled. + +- [Steve Holme brought this change] + + Makefile.vc6: Added version.lib if built with SSPI + +- [Marc Hoersken brought this change] + + winbuild: Updated winbuild scripts to add schannel + +- [Marc Hoersken brought this change] + + mingw32: Fixed warning of USE_SSL being redefined + +- [Marc Hoersken brought this change] + + sspi: Fixed incompatible parameter pointer type in Curl_sspi_version + +- [Marc Hoersken brought this change] + + sspi: Updated RELEASE-NOTES, FEATURES and THANKS + +- [Marc Hoersken brought this change] + + setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined + +- [Marc Hoersken brought this change] + + version: Replaced SSPI feature information with version string details + + Added Windows SSPI version information to the curl version string when + SCHANNEL SSL is not enabled, as the version of the library should also + be included when SSPI is used to generate security contexts. + + Removed SSPI from the feature list as the features are GSS-Negotiate, + NTLM and SSL depending on the usage of the SSPI library. + +- [Steve Holme brought this change] + + sspi.c: Post Curl_sspi_version() rework code tidy up + + Removed duplicate blank lines. + Removed spaces between the not and test in various if statements. + Removed explicit test of NULL in an if statement. + Placed function returns on same line as function declarations. + Replaced the use of curl_maprintf() with aprintf() as it is the + preprocessor job to do this substitution if ENABLE_CURLX_PRINTF + is set. + +- [Steve Holme brought this change] + + sspi: Reworked Curl_sspi_version() to return version components + + Reworked the version function to return four version components rather + than a string that has to be freed by the caller. + +- [Guenter Knauf brought this change] + + configure.ac: Added -lversion if built with SSPI + +- [Marc Hoersken brought this change] + + schannel: Code cleanup and bug fixes + + curl_sspi.c: Fixed mingw32-gcc compiler warnings + curl_sspi.c: Fixed length of error code hex output + + The hex value was printed as signed 64-bit value on 64-bit systems: + SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322) + + It is now correctly printed as the following: + SEC_E_WRONG_PRINCIPAL (0x80090322) + + curl_sspi.c: Fallback to security function table version number + Instead of reporting an unknown version, the interface version is used. + + curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version + curl_schannel: Replaced static buffer sizes with defined names + curl_schannel.c: First brace when declaring functions on column 0 + curl_schannel.c: Put the pointer sign directly at variable name + curl_schannel.c: Use structs directly instead of typedef'ed structs + curl_schannel.c: Removed space before opening brace + curl_schannel.c: Fixed lines being longer than 80 chars + +- [Marc Hoersken brought this change] + + curl_sspi: Added Curl_sspi_version function + + Added new function to get SSPI version as string. + Added required library version.lib to makefiles. + Changed curl_schannel.c to use Curl_sspi_version. + +- [Guenter Knauf brought this change] + + schannel: Updated mingw32 makefiles + +- [Marc Hoersken brought this change] + + schannel: Replace ASCII specific code with general defines + +- [Marc Hoersken brought this change] + + schannel: Added definitions which are missing in mingw32 + +- [Marc Hoersken brought this change] + + schannel: Moved interal struct types to urldata.h + + Moved type definitions in order to avoid inclusion loop + +- [Marc Hoersken brought this change] + + schannel: Fixed compiler warnings about pointer type assignments + +- [Marc Hoersken brought this change] + + schannel: Fixed critical typo in conditions and added buffer length checks + +- [Marc Hoersken brought this change] + + sspi: Refactored socks_sspi and schannel to use same error message functions + + Moved the error constant switch to curl_sspi.c and added two new helper + functions to curl_sspi.[ch] which either return the constant or a fully + translated message representing the SSPI security status. + Updated socks_sspi.c and curl_schannel.c to use the new functions. + +- [Marc Hoersken brought this change] + + schannel: Added special shutdown check for Windows 2000 Professional + + Windows 2000 Professional: Schannel returns SEC_E_OK instead + of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer + is zero and the first byte of the encrypted packet is 0x15, + the application can safely assume that the message was a + close_notify message and change the return value to + SEC_I_CONTEXT_EXPIRED. + + Connection shutdown does not mean that there is no data to read + Correctly handle incomplete message and ask curl to re-read + Fixed buffer for decrypted being to small + Re-structured read condition to be more effective + Removed obsolete verbose messages + Changed memory reduction method to keep a minimum buffer of size 4096 + +- [Marc Hoersken brought this change] + + schannel: Implemented SSL/TLS renegotiation + + Updated TODO information and added related MSDN articles + +- [Marc Hoersken brought this change] + + schannel: Save session credential handles in session cache + +- [Marc Hoersken brought this change] + + schannel: Code cleanup + +- [Marc Hoersken brought this change] + + schannel: Check for required context attributes + +- [Marc Hoersken brought this change] + + schannel: Allow certificate and revocation checks being deactivated + +- [Marc Hoersken brought this change] + + schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI + +- [Marc Hoersken brought this change] + + http: Replaced specific SSL libraries list in https_getsock fallback + +- [Marc Hoersken brought this change] + + connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing + + Fixed warning: dereferencing pointer does break strict-aliasing rules + by using a union instead of separate pointer variables. + Internal union sockaddr_u could probably be moved to generic header. + Thanks to Paul Howarth for the hint about using unions for this. + + Important for winbuild: Separate declaration of sockaddr_u pointer. + The pointer variable *sock cannot be declared and initialized right + after the union declaration. Therefore it has to be a separate statement. + +- [Marc Hoersken brought this change] + + curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated + +Yang Tse (11 Jun 2012) +- tests: fix test definitions # 1355, 1363, 1385 and 1393 + + -i without HTTP protocol shall not include headers in the output + +Daniel Stenberg (10 Jun 2012) +- Curl_pgrsDone: return int and acknowledge return code + + Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an + abort instruction or similar we need to return that info back and + subsequently properly handle return codes from Curl_pgrsDone() where + used. + + (Spotted by a Coverity scan) + +Steve Holme (10 Jun 2012) +- [Marc Hoersken brought this change] + + winbuild: Fixed environment variables being lost + + Fixed USE_IPV6 and USE_IDN not being passed + from Makefile.vc to MakefileBuild.vc + Fixed whitespace and formatting issues + Fixed typo and format in help message + +Guenter Knauf (9 Jun 2012) +- Added metalink support to NetWare builds. + +Steve Holme (9 Jun 2012) +- smtp.c: Removed unused variable + +- smtp: Post apop feature code tidy up + +- pop3: Post apop feature code tidy up + +- pop3: Added support for apop authentication + +- pop3: Enhanced the extended authentication mechanism detection + + Enhanced the authentication type / mechanism detection in preparation + for the introduction of APOP support. + +- pop3.c: Fixed length of SASL check + +Yang Tse (9 Jun 2012) +- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed + +- tests: fix test definitions # 1370 and 1371 + + -J without -O shall not honor C-D filename + +Daniel Stenberg (9 Jun 2012) +- OpenSSL: support longer certificate subject names + + Previously it would use a 256 byte buffer and thus cut off very long + subject names. The limit is now upped to the receive buffer size, 16K. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3533045 + Reported by: Anthony G. Basile + +Kamil Dudka (8 Jun 2012) +- ssl: fix duplicated SSL handshake with multi interface and proxy + + Bug: https://bugzilla.redhat.com/788526 + Reported by: Enrico Scholz + +Daniel Stenberg (8 Jun 2012) +- tool_getparam.h: fix compiler error + + forward declare the Configurable struct + +- metalink: restore some includes + + Commit eeeba1496cbca removed them and thus broke my Linux build + +- openldap: OOM fixes + + when calloc fails, return error! (Detected by Fortify) + + Reported by: Robert B. Harris + +Steve Holme (8 Jun 2012) +- sasl: Re-factored mechanism constants in preparation for APOP work + +Yang Tse (8 Jun 2012) +- metalink: build fixes and adjustments II + + Additionally, make hash checking ability mandatory in order to allow metalink + support in curl. + + A command line option could be introduced to skip hash checking at runtime, + but the ability to check hashes should always be built-in when providing + metalink support. + +Guenter Knauf (8 Jun 2012) +- Added metalink support to MinGW builds. + +Daniel Stenberg (7 Jun 2012) +- log2changes.pl: fix the Version output + + Previously it could easily wrongly get repeated + +Yang Tse (7 Jun 2012) +- metalink: build fixes and adjustments I + +Daniel Stenberg (7 Jun 2012) +- lib554.c: use curl_formadd() properly + + The length/size options take longs so make sure to pass on such types. + + Reported by: Neil Bowers + Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html + +Steve Holme (7 Jun 2012) +- smtp.c: Re-factored the smtp_state_*_resp() functions + + Re-factored the smtp_state_*_resp() functions to 1) Match the constants + that were refactored in commit 00fddba6727c, 2) To be more readable and + 3) To match their counterparties in pop3.c. + +Yang Tse (7 Jun 2012) +- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed + +- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP + +- tests 1348 to 1363: test definition polishing + + Verify that the "Saved to filename 'blabla'" message is only displayed when + the 'blabla' filename being used _actually_ has been specified by the server + in the Content-Disposition header. + + Use relative path for unintended file creation postcheck. + +Steve Holme (6 Jun 2012) +- smtp: Re-factored the SMTP_AUTH* state machine constants + + Re-factored the SMTP_AUTH* constants, that are used by the state + machine, to be clearer to read. + +Guenter Knauf (6 Jun 2012) +- Added hint for pkg-config wrapper script. + +- Updated Android section with recent NDK. + + The r7b had some bugs, and shouldnt be used. + +Yang Tse (6 Jun 2012) +- Disable non-HTTP header related tests + + These now detect incompleate header data and fail + +- tests 1348 to 1363: compleate header data part of test definition + +- tests 1334 to 1363 revisited. + + Add a postcheck section to verify unintended file creation. + + Remove needless <file> checks in verify section. Renumbering where appropriate. + +- tests: adjust file part behavior in test verify section. + + When a <file> part is now specified with no contents at all, this + will actually verify that the specified file has no contents at all. + Previously file contents would be ignored. + +Steve Holme (5 Jun 2012) +- smtp.c: Removed whitespace + +- pop3: Another small code tidy up + + Missed some comments that we identified during the SMTP tidy up earlier. + +- smtp: Post authentication code tidy up + + Corrected lines longer than 78 characters. + + Removed unnecessary braces in smtp_state_helo_resp(). + + Introduced some comments in data sending functions. + + Tidied up comments to match changes made in pop3.c. + +Yang Tse (5 Jun 2012) +- tests 1348 to 1363: add a comma in test description + +Steve Holme (5 Jun 2012) +- email: Removed duplicated header file + +- sasl: Renamed Curl_sasl_decode_ntlm_type2_message() + + For consistency with other SASL based functions renamed this function + to Curl_sasl_create_ntlm_type3_message() which better describes its + usage. + +- pop3: Post authentication code tidy up + + Corrected lines longer than 78 characters. + + Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the + AUTH command is no longer sent on its own. + + Introduced some comments in data sending functions. + + Another attempt at trying to rational code and comment style. + +- pop3: Added support for sasl digest-md5 authentication + +Yang Tse (4 Jun 2012) +- sasl: add reference for curl_sasl + +- Makefile.inc: tab adjustment + +Daniel Stenberg (4 Jun 2012) +- pop3 tests: CAPA instead of AUTH + + After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check + for CAPA instead of AUTH. + +Steve Holme (4 Jun 2012) +- sasl: Added service parameter to Curl_sasl_create_digest_md5_message() + + Added a service type parameter to Curl_sasl_create_digest_md5_message() + to allow the function to be used by different services rather than being + hard coded to "smtp". + +Yang Tse (4 Jun 2012) +- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol + + Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN. + + Currently 1363 fails, so disabled for now. + +Steve Holme (4 Jun 2012) +- tests: Updated pop3 tests for change in auth mechanism detection + +- pop3: Changed the sasl mechanism detection from auth to capa + + Not all SASL enabled POP3 servers support the AUTH command on its own + when trying to detect the supported mechanisms. As such changed the + mechanism detection to use the CAPA command instead. + +Daniel Stenberg (4 Jun 2012) +- curl_easy_setopt.3: proto updates + cleanups + + - For all *FUNCTION options, they now all show the complete prototype in + the description. Previously some of them would just refer to a + typedef'ed function pointer in the curl.h header. + + - I made the phrasing of that "Pass a pointer to a function that matches + the following prototype" the same for all *FUNCTION option descriptions. + + - I removed some uses of 'should'. I think I sometimes over-use this + word as in many places I actually mean MUST or otherwise more specific + and not-so-optional synonyms. + +Yang Tse (4 Jun 2012) +- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol + + Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN. + + Currently 1355 fails, so disabled for now. + +- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol + +Steve Holme (4 Jun 2012) +- sasl: Small code tidy up + + Reworked variable names in Curl_sasl_create_cram_md5_message() to match + those in Curl_sasl_create_digest_md5_message() as they are more + appropriate. + +- sasl: Moved digest-md5 authentication message creation from smtp.c + + Moved the digest-md5 message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- sasl: Small code tidy up before moving digest-md5 over + + Correction of comments and variable names. + +- RELEASE-NOTES: Added missing addition of sasl login support + +- pop3: Added support for sasl cram-md5 authentication + +Daniel Stenberg (3 Jun 2012) +- Curl_sasl_create_plain_message: remove TAB + +Steve Holme (3 Jun 2012) +- sasl: Small code tidy up + + Added some comments and removed an unreferenced variable. + +- pop3.c: Added conditional compilation for NTLM function calls + + Added USE_NTLM condition compilation around the NTLM functions called + from pop3_statemach_act() introduced in commit 69f7156ad96877. + +- sasl: Moved cram-md5 authentication message creation from smtp.c + + Moved the cram-md5 message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- pop3: Fixed an issue with changes introduced in commit c267c53017bc + + Because pop3_endofresp() is called for each line of data yet is not + passed the line and line length, so we have to use the data pointed to + by pp->linestart_resp which contains the whole packet, the mechanisms + were being detected in one call yet the function would be called for + each line of data. + + Using curl with verbose mode enabled would show that one line of data + would be received in response to the AUTH command, before the AUTH + <mechanism> command was sent to the server and then the next few lines + of the original AUTH command would be displayed before the response from + the AUTH <mechanism> command. This would then cause problems when + parsing the CRAM-MD5 challenge data as extra data was contained in the + buffer. + + Changed the parsing so that each line is checked for the mechanisms + and the function returns FALSE until the whole of the AUTH response has + been processed. + +Daniel Stenberg (3 Jun 2012) +- version: bump to 7.27.0 for next release + + Due to new features + +- RELEASE-NOTES: synced with c4e3578e4bf + + Also bumped the contributor number and next release is to become 7.27.0 + +- THANKS: 16 new contributors from the 7.26.0 release + +Steve Holme (3 Jun 2012) +- DOCS: Fixed list in Section 18.2 not displaying correctly on web site + +- DOCS: Corrected missed heading renumbering from commit 530675a1ad7 + +- DOCS: Added IMAP and LDAP sections + + Added new sections 11. IMAP and 12. LDAP to document adding SASL based + authentication. + + Renumbered current sections 11 to 17 as 13 to 19. + + Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option. + +- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8 + + Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup() + is just a nop. + +- pop3.c:Corrected typo in commit 69ba0da8272d + +- pop3: Fixed the issue of having to supply the user name for all requests + + Previously it wasn't possible to connect to POP3 and not specify the + user name as a CURLE_ACCESS_DENIED error would be returned. This error + occurred because USER would be sent to the server with a blank user name + if no mailbox user was specified as the server would reply with -ERR. + + This wasn't a problem prior to the 7.26.0 release but with the + introduction of custom commands the user and/or application developer + might want to issue a CAPA command without having to log in as a + specific mailbox user. + + Additionally this fix won't send the newly introduced AUTH command if no + user name is specified. + +- pop3.c: Small code tidy up + + Corrected lines exceeding 78 characters. + + Repositioned some comments and added extra clarity. + +- sasl: Corrected variable names in comments and parameters + +- pop3: Added support for sasl ntlm authentication + +- sasl: Small comment style tidy up following ntlm commit + +- sasl: Moved ntlm authentication message handling from smtp.c + + Moved the ntlm message creation and decoding from smtp.c into the sasl + module to allow for use by other modules such as pop3. + +- pop3: Added support for sasl login authentication + +Yang Tse (1 Jun 2012) +- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol + +- tests: support test definitions with up to 5 file checks in <verify> section + + This is done introducing tags <file1> to <file4> besides existing <file> one, + as well as corresponding <stripfile1> to <stripfile4> ones, that can be used + in the <verify> section in the same way as the non-numbered ones. + +Steve Holme (31 May 2012) +- sasl: Moved login authentication message creation from smtp.c + + Moved the login message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp() + + Rather than encoding the password message itself the + smtp_state_authpasswd_resp() function now delegates the work to the same + function that smtp_state_authlogin_resp() and smtp_authenticate() use + when constructing the encoded user name. + +- smtp.c: Re-factored smtp_auth_login_user() for use with passwords + + In preparation for moving to the SASL module re-factored the + smtp_auth_login_user() function to smtp_auth_login() so that it can be + used for both user names and passwords as sending both of these under + the login authentication mechanism is the same. + +- pop3: Added support for sasl plain text authentication + +- curl_ntlm_msgs.c: Corrected small spelling mistake in comments + +- sasl: Moved plain text authentication message creation from smtp.c + + Moved the plain text message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +Yang Tse (30 May 2012) +- configure: fix LDAPS disabling related misplaced closing parenthesis + +- pop3 test server: allow pop3 test server verification to succeed again + + Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further + pop3 test server expansion for tests that require CAPA or AUTH support, + although this will need some extra work to make it fully functional. + +Steve Holme (28 May 2012) +- pop3: Introduced the continue response in pop3_endofresp() + +- pop3: Changed response code from O and E to + and - + + The POP3 protocol doesn't really have the concept of error codes and + uses +, +OK and -ERR in response to commands to indicate continue, + success and error. + + The AUTH command is one of those commands that requires multiple pieces + of data to be sent to the server where the server will respond with + as + part of the handshaking. This meant changing the values before + continuing with the next stage of adding authentication support. + +- pop3: Small code tidy up following authentication work so far + + Changed the order of the state machine to match the order of actual + events. + + Reworked some comments and function parameter positioning that I missed + the other day. + +Kamil Dudka (28 May 2012) +- nss: use human-readable error messages provided by NSS + + Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html + +Daniel Stenberg (27 May 2012) +- test1013.pl: filter out Metalink + + Since it isn't a feature supported by curl-config we can't compare that + with the --version output + +- pop3: remove variable-not-used warnings + +Steve Holme (27 May 2012) +- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH + + Additionally corrected another RFC link that I missed yesterday. + +- pop3: Added support for SASL based authentication mechanism detection + + Added support for detecting the supported SASL authentication mechanisms + via the AUTH command. There are two ways of detecting them, either by + using the AUTH command, that will return -ERR if not supported or by + using the CAPA command which will return SASL and the list of mechanisms + if supported, not include SASL if SASL authentication is not supported + or -ERR if the CAPA command is not supported. As such it seems simpler + to use the AUTH command and fallback to normal clear text authentication + if the the command is not supported. + + Additionally updated the test cases to return -ERR when the AUTH command + is encountered. Additional test cases will be added when support for the + individual authentication mechanisms is added. + +Daniel Stenberg (27 May 2012) +- pop3: remove trailing whitespace + +Steve Holme (27 May 2012) +- pop3: Code tidy up before the introduction of authentication code + + Moved EOB definition into header file. + + Switched the logic around in pop3_endofresp() to allow for the + introduction of auth-mechanism detection. + + Repositioned second and third function variables where they will fit + within the 78 character line limit. + + Tidied up some comments. + +Guenter Knauf (27 May 2012) +- Enabled OpenSSL static linkage. + +- Enabled OpenSSL static linkage. + +- Try to detect OpenSSL build type automatically. + +Daniel Stenberg (26 May 2012) +- metalink: fix build errors when disabled + +- [Tatsuhiro Tsujikawa brought this change] + + Reduced #ifdef HAVE_METALINK + +- [Tatsuhiro Tsujikawa brought this change] + + Disable hash check if neither OpenSSL nor GNUTLS is installed. + +- [Tatsuhiro Tsujikawa brought this change] + + Format GETOUT_METALINK nicely + +- [Tatsuhiro Tsujikawa brought this change] + + Minimize usage of structs from libmetalink + +- [Tatsuhiro Tsujikawa brought this change] + + Check checksum of downloaded file if checksum is available + + Metalink file contains several hash types of checksums, such as + md5, sha-1, sha-256, etc. To deal with these checksums, I created + abstraction layer based on lib/curl_md5.h and + lib/md5.c. Basically, they are almost the same but I changed the + code so that it is not hash type dependent. Currently, + GNUTLS(nettle or gcrypt) and OpenSSL functions are supported. + + Checksum checking is done by reopening download file. If there + is an I/O error, the current implementation just prints error + message and does not try next resource. + + In this patch, the supported hash types are: md5, sha-1 and sha-256. + +- [Tatsuhiro Tsujikawa brought this change] + + Always create directory hierarchy for Metalink. + + Filenames contained in Metalink file can include directory information. + Filenames are unique in Metalink file, taking into account the directory + information. So we need to create the directory hierarchy. + + Curl has --create-dirs option, but we create directory hierarchy for + Metalink downloads regardless of the option value. + + This patch also put metalink int variable outside of HAVE_LIBMETALINK + guard. This reduces the number of #ifdefs. + +- [Tatsuhiro Tsujikawa brought this change] + + Fixed segmentation fault when Metalink has no valid file or no resource. + +- [Tatsuhiro Tsujikawa brought this change] + + Support media-type parameter in Content-Type + +- [Tatsuhiro Tsujikawa brought this change] + + Print "Metalink" in Features if Metalink support is enabled. + +- [Tatsuhiro Tsujikawa brought this change] + + Removed trailing space + +- [ant brought this change] + + Add --metalink to --help + +- [ant brought this change] + + Add Metalink information and --metalink option to man page + +- [ant brought this change] + + Add Metalink information and --metalink option to man page + +- [ant brought this change] + + Adds Metalink information to INSTALL + +- [Tatsuhiro Tsujikawa brought this change] + + --metalink option is available regardless of Metalink support. + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: parse downloaded Metalink file + + Parse downloaded Metalink file and add downloads described there. Fixed + compile error without metalink support. + +- [Tatsuhiro Tsujikawa brought this change] + + Fixed HAVE_LIBMETALINK conditional is always true + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: minor metalinkfile fix + + Don't update config->metalinkfile_last in operate(). Use local variable + to point to the current metalinkfile. + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: show help message even if disabled + + Print message if --metalink is used while metalink support is not + enabled. Migrated Metalink support in tool_operate.c and removed + operatemetalink(). + +- [Tatsuhiro Tsujikawa brought this change] + + Applied patches from Daniel + +- [Tatsuhiro Tsujikawa brought this change] + + Support Metalink. + + This change adds experimental Metalink support to curl. + To enable Metalink support, run configure with --with-libmetalink. + To feed Metalink file to curl, use --metalink option like this: + + $ curl -O --metalink foo.metalink + + We use libmetalink to parse Metalink files. + +Steve Holme (26 May 2012) +- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL + +- DOCS: Changed domain names in various examples to example.com + + Updated various references of real domain names to example.com as per + RFC-2606. + +- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR + + Setting bit 2 for this value was documented as having a constant value + defined as CURL_REDIR_POST_303 yet referenced a 302 request. + + Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three + bits and fixed problems with the bolding of keywords in this section. + +- DOCS: Standardised how RFCs are referenced. + + Standardised how RFCs are referenced so that the website may autolink to + the correct documentation on ietf.org. Additionally removed the one link + to RFC3986 on curl.haxx.se. + +Yang Tse (26 May 2012) +- Fix libcurl.pc and curl-config generation for static MingW* cross builds + +Daniel Stenberg (25 May 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Made -D option work with -O and -J. + + To achieve this, first new structure HeaderData is defined to hold + necessary data to perform header-related work. Then tool_header_cb now + receives HeaderData pointer as userdata. All header-related work + (currently, dumping header and Content-Disposition inspection) are done + in this callback function. HeaderData.outs->config is used to determine + whether each work is done. + + Unit tests were also updated because after this change, curl code always + sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA. + + Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine. + +Steve Holme (25 May 2012) +- sasl: Re-factored auth-mechanism constants to be more generic + +- smtp: Moved auth-mechanism constants into a separate header file + + Move the SMTP_AUTH constants into a separate header file in + preparation for adding SASL based authentication to POP3 as the two + protocols will need to share them. + +Kamil Dudka (25 May 2012) +- nss: avoid using explicit casts of code pointers + +Steve Holme (24 May 2012) +- DOCS: Added LDAP to the CURLOPT_URL section + +- TODO: Removed DIGEST-MD5 authentication from SMTP to do list + + Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as + the feature was added to SMTP in 7.26.0. + + Also corrected small spelling mistake. + +Daniel Stenberg (24 May 2012) +- bump to 7.26.1: start working towards next release + +Version 7.26.0 (24 May 2012) + +Daniel Stenberg (24 May 2012) +- RELEASE-NOTES: synced with ef60fdbd73 + + Just before 7.26.0 is about to ship + +Steve Holme (22 May 2012) +- smtp: Fixed an issue with the multi-interface always sending postdata + + Due to the result code being reset to CURLE_OK when smtp_dophase_done() + was called, postdata would incorrectly be sent to the server when the + MAIL FROM or RCPT command was rejected. + + As such, libcurl would return the wrong result code from performing the + operation and additionally set CURLINFO_RESPONSE_CODE to be that + returned by the postdata command. + + Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html + Reported by: Gokhan Sengun + +- DOCS: Updated version number for features added in the pending release + +Daniel Stenberg (22 May 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Fixed compile error with GNUTLS+NETTLE + + In nettle/md5.h, md5_init and md5_update are defined as macros to + nettle_md5_init and nettle_md5_update respectively. This causes + error when using MD5_params.md5_init and md5_update. This patch + renames these members as md5_init_func and md5_update_func to + avoid name conflict. For completeness, MD5_params.md5_final was + also renamed as md5_final_func. + + The changes in curl_ntlm_core.c is conversion error and fixed by + casting to proper type. + +- TODO-RELEASE: mention the pending biggies for 7.27.0 + +- [Jan Ehrhardt brought this change] + + winbuild: fix IPv6 enabled build + + The existing check was wrong so IPv6 support would never be enabled + +- 7.26.0: will be the next release version + +- RELEASE-NOTES: synced with 8ae1e657e82a + + And mention that this will become 7.26.0 + +Guenter Knauf (22 May 2012) +- Updated dependency libary versions. + +Daniel Stenberg (20 May 2012) +- curl-config.1: fix curl-config usage in example + + The curl-config command must be used twice in the single command line to + work properly in some environments. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3528241 + Reported by: Julian Taylor + +Steve Holme (17 May 2012) +- smtp: Fixed non-escaping of dot character at beginning of line + + A dot character at the beginning of a line would not be escaped to a + double dot as required by RFC-2821, instead it would be deleted by the + mail server. Please see section 4.5.2 of the RFC for more information. + + Note: This fix also simplifies the detection of repeated CRLF.CRLF + combinations, such as CRLF.CRLF.CRLF, a little rather than having to + advance the eob counter to 2. + +Daniel Stenberg (16 May 2012) +- FAQ: updated 1.10 How many are using curl? + + Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/ + +- disable-versioned-symbols: removed superfluous 'fi' + + The commit e315927a1a left this in + +- MakefileBuild.vc: use the correct IDN variable + + The variable that control IDN enablement is called USE_IDN within these + Makefiles + +- [Pierre Chapuis brought this change] + + autoconf: improve handling of versioned symbols + + It checks whether versioned symbols should be enabled before checking + whether it is possible (i.e. the linker supports --version-script) or + not. This avoids a useless warning when building cURL on a platform that + does not use GNU ld. + + Moreover, it fixes broken indentation of this chunk of code. + +- curl.1: clarify -x usage + + 1 - fix the syntax in the .IP line + + 2 - Provided user names and passwords are URL decoded by libcurl + + Bug: http://curl.haxx.se/bug/view.cgi?id=3525935 + +- NTLM: is supported in GnuTLS builds too + + ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4 + +- TODO: happy eyeballs is now RFC6555 + +- my_useragent: shorten user-agent + + The built-in user-agent will now only say curl/[version] and nothing + else in an attempt to decrease overhead in HTTP requests. + +- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too + +Claes Jakobsson (3 May 2012) +- Add note about default timeout in CURLOPT_TIMEOUT + +Daniel Stenberg (2 May 2012) +- [Gokhan Sengun brought this change] + + MD5: OOM fix + + check whether md5 initialization succeeded before updating digest of + buffers onto it + +- REALEASE-NOTES: synced with 64f48e884e3c1 + +- [Jan Schaumann brought this change] + + add newly created manual page + +- [Jan Schaumann brought this change] + + add a manual page for mk-ca-bundle + +Guenter Knauf (26 Apr 2012) +- Updated dependency lib versions. + +Daniel Stenberg (23 Apr 2012) +- URL parse: reject numerical IPv6 addresses outside brackets + + Roman Mamedov spotted (in + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would + not complain when given a URL with an IPv6 numerical address without + brackets. It would simply cut off the last ":[hex]" part and thus not + work correctly. + + That's a URL using an illegal syntax and now libcurl will instead return + a clear error code and error message detailing the error. + + The above mentioned bug report claims this to be a regression but + libcurl does not guarantee functionality when given URLs that aren't + following the URL spec (RFC3986 mostly). I consider the fact that it + used to handle this differently a mere coincidence. + +- Curl_MD5_init: fix OOM memory leak + + Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html + Reported by: Michael Mueller + +- [Gokhan Sengun brought this change] + + OpenSSL cert: provide more details when cert check fails + + curl needs to be more chatty regarding certificate verification failure + during SSL handshake + +Yang Tse (23 Apr 2012) +- Revert "sspi: Added version information" + + This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a. + +- Revert "sspi - Small code tidy up" + + This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687. + +- Revert "Fixed 'extra tokens at end of #endif directive'." + + This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6. + +- Revert "Fixed 'Trailing whitespace' found by checksrc." + + This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523. + +- Revert "sspi: Code tidy up to remove unused variable." + + This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac. + +- Revert "Add -lversion if build with SSPI." + + This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85. + +Guenter Knauf (23 Apr 2012) +- Add -lversion if build with SSPI. + +Steve Holme (22 Apr 2012) +- sspi: Code tidy up to remove unused variable. + +Guenter Knauf (22 Apr 2012) +- Fixed 'Trailing whitespace' found by checksrc. + +- Fixed 'extra tokens at end of #endif directive'. + +Steve Holme (22 Apr 2012) +- sspi - Small code tidy up + +- sspi: Added version information + + Added version information for Windows SSPI to curl's main version + string and removed SSPI from the features string. + +Daniel Stenberg (20 Apr 2012) +- HTTP: empty chunked POST ended up in two zero size chunks + + When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the + size of the POST was zero length, it made libcurl first send a zero + chunk and then the terminating one. This could confuse a receiver and it + should rather just send the terminating chunk as it does with this fix. + + Test case 1333 is added to verify. + + Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html + Reported by: Arnaud Compan + +Guenter Knauf (20 Apr 2012) +- Updated dependency lib versions. + +Daniel Stenberg (19 Apr 2012) +- singleipconnect: return OK even when Curl_socket() fails + + Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0). + + The singleipconnect() function must not return an error if Curl_socket() + returns an error. It should then simply return OK and pass a SOCKET_BAD + back simply because that is how the user of this function expects it to + work and something else is not fine. + + Reported by: Blaise Potard + Bug: http://curl.haxx.se/bug/view.cgi?id=3516508 + +Yang Tse (19 Apr 2012) +- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up + + MIPSPro compiler detected curl_easy_getinfo() related missing adjustments. + SunPro compiler detected curl tool --libcurl option related missing adjustments. + +- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes + + Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported. + + Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE. + +- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' + + Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to + 'unsigned long' for proper handling and operating. + +- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed + + Info: http://curl.haxx.se/mail/lib-2012-04/0170.html + +- Some explicit conversion to 'long' of curl_easy_setopt() third argument + + Explicit conversion to 'long' of curl_easy_setopt() third argument for options + CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are + docummented to be used. + +- build adjustments: commit 9e24b9c7 follow-up + +Daniel Stenberg (17 Apr 2012) +- -# progress meter: avoid superfluous updates and duplicate lines + + By comparing if a different "progress point" is reached or not since the + previous update, the progress function callback for this now avoids many + superfluous screen updates. This has the nice side-effect that it fixes + a problem that causes a second progress meter line. + + The second line output happened because when we use the -# progress + meter, we force a newline output after the transfer in the main loop in + curl, but when libcurl calls the progress callback from + curl_easy_cleanup() it would then output the progress display + again. Possibly the naive newline output is wrong but this optimization + was suitable anyway... + + Reported by: Daniel Theron + Bug: http://curl.haxx.se/bug/view.cgi?id=3517418 + +Yang Tse (16 Apr 2012) +- nss.c: fix compiler warning + +- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds + + When building a Windows target with gcc 4.5 or newer and strict compiler + warnings enabled use -Wno-pedantic-ms-format in addition to other flags. + +Kamil Dudka (16 Apr 2012) +- tests/valgrind.pm: suppress memleaks of NSS_InitContext() + + Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224 + +Yang Tse (14 Apr 2012) +- setup_once.h: tighten requirements for stdbool.h header inclusion + + Include stdbool.h only when it is available and configure is capable of + detecting a proper 'bool' data type when the header is included. + + Compilation fix for old or unpatched versions of XL C compiler. + + Report: http://curl.haxx.se/mail/archive-2012-04/0022.html + +- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage + + Usage in other code paths already protected and requiring even newer versions. + +- [Jonathan Nieder brought this change] + + headers: surround GCC attribute names with double underscores + + This protects from attribute names being defined by third party's code. + + Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html + +Guenter Knauf (13 Apr 2012) +- Updated copyright year. + +Yang Tse (13 Apr 2012) +- testcurl.pl: build example programs for Android cross-compiles + +- nss.c: fix compiler warning + +- examples: fix compiler warnings + +Kamil Dudka (13 Apr 2012) +- nss: provide human-readable names for NSS errors + +- nss: use NSS_InitContext() to initialize NSS if available + + NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent + collisions on NSS initialization/shutdown with other libraries. + + Bug: https://bugzilla.redhat.com/738456 + +- nss: unconditionally require PK11_CreateGenericObject() + + This bumps the minimal supported version of NSS to 3.12.x. + +Guenter Knauf (13 Apr 2012) +- Set batch mode to 755 to make Cygwin git pulls work. + +- Added section for Android configure cross-compile. + +- Added NetWare export. + +Yang Tse (12 Apr 2012) +- testcurl.pl: build example programs for MinGW cross-compiles + +- tool_operate.c: fix compiler warning + +- url.c: fix compiler warning + +Guenter Knauf (12 Apr 2012) +- Updated dependency lib versions (2nd try). + +- Updated dependency lib versions. + +Yang Tse (12 Apr 2012) +- tool_formparse.c: rename a couple of vars to avoid declaration shadowing + +- OS400/initscript.sh: fix db2_name() module name generation + + Allow repeatable file name length reduction on file names with underscore or + dash characters. This is done in order to better support libcurl's existing + source file names and allow OS/400 package to build out of the box again. + +- testcurl.pl: log more environment vars that modify configure and build behavior + +- configure: NATIVE_WINDOWS no longer defined in config files + +- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files + + configure script now provides conditional definitions for Makefile.am + that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles + when appropriate. + + Additionally, configure script option for symbol hiding control is now + named --enable-symbol-hiding --disable-symbol-hiding. While still valid, + old option name --enable-hidden-symbols --disable-hidden-symbols will + be deprecated in some future release. + +- build adjustments: functionally revert commits 4d3fb91f and bbfe1182 + + Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix. + +- test servers: build adjustment + + Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might + leak from lib/setup.h into source files where this should not be defined. + +- libtests: build adjustment + + Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might + leak from lib/setup.h into source files where this should not be defined. + +- curl tool: make setup.h first header included in tool_setup.h again + +- curl tool: use configuration files from lib directory - follow-up II + + lib/config-win32.h no longer copied to src/config-win32.h + +- configure: Windows cross-compilation fixes + + BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h, + configure will generate appropriate conditionals so that mentioned symbols + get defined and used in Makefiles at compilation time + +- curl tool: make curl.h first header included in tool_setup.h + +- curl tool: use configuration files from lib directory - follow-up I + + amigaos.[ch] now integrates nicely with any libcurl build + +- curl tool: use configuration files from lib directory + + Configuration files such as curl_config.h and all config-*.h no longer exist + nor are generated/copied into 'src' directory, now these only exist in 'lib' + directory from where curl tool sources uses them. + + Additionally old src/setup.h has been refactored into src/tool_setup.h which + now pulls lib/setup.h + + The possibility of a makefile needing an include path adjustment exists. + +Daniel Stenberg (6 Apr 2012) +- PolarSSL: correct return code for CRL matches + + When a server certificate matches one in the given CRL file, the code + now returns CURLE_SSL_CACERT as test case 313 expects and verifies. + +- PolarSSL: include version number in version string + + Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the + same style other libs and components do. + +- test: added test 1332 that tests --post303 + +- curl: add --post303 to set the CURL_REDIR_POST_303 option + +- [Andrei Cipu brought this change] + + CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL + + As it turns out, some people do want that after all. + +- test1331: cookies on a 407 response + + Verify that cookies are sent back even after a 407 response has been + received + +- [Dag Ekengren brought this change] + + PolarSSL: add support for asynchronous connect + +- [Tim Heckman brought this change] + + Revert "access the CA source file using HTTPS" + + This reverts commit f7e2ab6. + + This change caused fetching of the certificates to become unreliable. + + Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html + Reported by: Tim Heckman + +- [Andrei Cipu brought this change] + + IPv6 cookie domain: get rid of the first bracket before the second. + + Commit 97b66ebe was copying a smaller buffer, thus duplicating the last + character. + +- MAIL-ETIQUETTE: Added "How to unsubscribe" + + ... as it seems to hard for some people + +Yang Tse (4 Apr 2012) +- ftp.c: ftplistparser related OOM handling fix + +- smtp.c: fix compiler warnings + +- lib599.c: fix compiler warning + +Daniel Stenberg (4 Apr 2012) +- runtests: yassl and polarssl are not openssl + + Don't set the "has_openssl" variable if yassl or polarssl is found as + they will simply not work as 100% drop-in replacements for some of the + stuff the "OpenSSL" feature is used for. + + I spotted this problem when doing test runs with PolarSSL builds. + +- [Lijo Antony brought this change] + + connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails + + Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback + returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT + conveys incorrect information to the user. + +Steve Holme (2 Apr 2012) +- pop3: Reworked the command sending and handling + + Reworked the command sending from two specific LIST and RETR command + functions into a single command based function as well as the two + associated response handlers into a generic command handler. + +Daniel Stenberg (1 Apr 2012) +- [Dave Reisner brought this change] + + curl tool: add filename_effective token for --write-out + + By modifying the parameter list for ourWriteOut() and passing the + OutStruct that collects data in tool_operate, we get access to the + remote name that we're writing to. Shell scripters should find this + useful when used in conjuntion with the --remote-header-name option. + +Steve Holme (1 Apr 2012) +- smtp.c: Code policing and tidy up + +Daniel Stenberg (1 Apr 2012) +- [Armel Asselin brought this change] + + SSH: public key can now be an empty string + + If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will + pass no public key to libssh2 which then tries to compute it from the + private key. This is known to work when libssh2 1.4.0+ is linked against + OpenSSL. + +- [Tatsuhiro Tsujikawa brought this change] + + OpenSSL: Made cert hostname check conform to RFC 6125 + + This change replaces RFC 2818 based hostname check in OpenSSL build with + RFC 6125 [1] based one. + + The hostname check in RFC 2818 is ambiguous and each project implements + it in the their own way and they are slightly different. I check curl, + gnutls, Firefox and Chrome and they are all different. + + I don't think there is a bug in current implementation of hostname + check. But it is not as strict as the modern browsers do. Currently, + curl allows multiple wildcard character '*' and it matches '.'. (as + described in the comment in ssluse.c). + + Firefox implementation is also based on RFC 2818 but it only allows at + most one wildcard character and it must be in the left-most label in the + pattern and the wildcard must not be followed by any character in the + label.[2] Chromium implementation is based on RFC 6125 as my patch does. + Firefox and Chromium both require wildcard in the left-most label in the + presented identifier. + + This patch is more strict than the current implementation, so there may + be some cases where old curl works but new one does not. But at the same + time I think it is good practice to follow the modern browsers do and + follow the newer RFC. + + [1] http://tools.ietf.org/html/rfc6125#section-6.4.3 + [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483 + +- HTTP: reset expected DL/UL sizes on redirects + + With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the + download size was known (like with a Content-Length header), but the + subsequent URL (transfered after the 3xx page) was chunked encoded, then + the previous "known download size" would linger and cause the progress + meter to get incorrect information, ie the former value would remain + being sent in. This could easily result in downloads that were WAY + larger than "expected" and would cause >100% outputs with the curl + command line tool. + + Test case 599 was created and it was used to repeat the bug and then + verify the fix. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3510057 + Reported by: Michael Wallner + +Steve Holme (31 Mar 2012) +- [Gökhan Şengün brought this change] + + smtp: Add support for DIGEST-MD5 authentication + +- [Gökhan Şengün brought this change] + + smtp: Cody tidy up of md5 digest length + + Replaced the hard coded md5 digest length (16) with a preprocessor + constant + +- [Gökhan Şengün brought this change] + + md5: Add support for calculating the md5 sum of buffers incrementally + + It is now possible to calculate the md5 sum as the stream of buffers + becomes known where as previously it was only possible to calculate the + md5 sum of a pre-prepared buffer. + +Daniel Stenberg (31 Mar 2012) +- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https" + + This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770. + + It turned out that "improvement" instead made the fetching of the + certificates unreliable + + Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html + Reported by: Tim Heckman + +Steve Holme (31 Mar 2012) +- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST + +- pop3: Added support for additional pop3 commands + + This feature allows the user to specify and use additional POP3 + commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or + curl's -X command line option. + +Yang Tse (30 Mar 2012) +- [tetetest tetetest brought this change] + + CMakeLists.txt: fix Windows LDAP/LDAPS option handling + + bug: http://curl.haxx.se/mail/lib-2012-03/0278.html + +- [tetetest tetetest brought this change] + + CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix + + bug: http://curl.haxx.se/mail/lib-2012-03/0255.html + +Steve Holme (28 Mar 2012) +- TODO: Corrected POP3 section heading + +Yang Tse (28 Mar 2012) +- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness + + Take in account that h_errno might be a modifiable lvalue not defined as + a C preprocessor macro + +Steve Holme (27 Mar 2012) +- TODO: Added SMTP and POP3 specific features + +Yang Tse (27 Mar 2012) +- [Olaf Flebbe brought this change] + + tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0 + + curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0 + + bug: http://curl.haxx.se/bug/view.cgi?id=3511794 + +- test #1405: support HTTP disabled builds + +Steve Holme (26 Mar 2012) +- test #809: Updated error code to match recent pop3 changes + +Yang Tse (25 Mar 2012) +- ssh.c: code cleanup, Curl_safefree() already nullifies pointer + +- fix some compiler warnings + +Steve Holme (25 Mar 2012) +- pop3.c: Corrected problem with state() introduced in 01690ed2bce5 + +- pop.c: Small code tidy up + +- pop3: Removed the need for the single message LIST command handler + + Simplified the code to remove the need for a separate "LIST <msg id>" + command handler and state machine and instead use the LIST command + handler for both operations. |