_ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | | (__| |_| | _ <| |___ \___|\___/|_| \_\_____| Changelog Version 7.33.0 (13 Oct 2013) Daniel Stenberg (13 Oct 2013) - RELEASE-NOTES: synced with 92cf6141ed0de - curl: fix --oauth2-bearer in the --help output After the option rename in 5df04bfafd1 - OpenSSL: improve the grammar of the language in 39beaa5ffbcc Reported-by: Petr Pisar - [Andrej E Baranov brought this change] OpenSSL: use failf() when subjectAltName mismatches Write to CURLOPT_ERRORBUFFER information about mismatch alternative certificate subject names. Signed-off-by: Andrej E Baranov - curl: rename --bearer to --oauth2-bearer The option '--bearer' might be slightly ambiguous in name. It doesn't create any conflict that I am aware of at the moment, however, OAUTH v2 is not the only authentication mechanism which uses "bearer" tokens. Reported-by: Kyle L. Huff URL: http://curl.haxx.se/mail/lib-2013-10/0064.html - [Kamil Dudka brought this change] ssh: improve the logic for detecting blocking direction This fixes a regression introduced by commit 0feeab78 limiting the speed of SCP upload to 16384 B/s on a fast connection (such as localhost). Dan Fandrich (12 Oct 2013) - Fixed typo in Makefile.inc that left http2.h out of the tar ball Daniel Stenberg (11 Oct 2013) - [Heinrich Schaefer brought this change] minor fix in doc - [Gisle Vanem brought this change] curl_setup_once: fix errno access for lwip on Windows lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to set network errors. It doesn't; it uses 'errno'. - test1239: verify 4cd444e01ad and the simulated 304 response - [Derek Higgins brought this change] HTTP: Output http response 304 when modified time is too old When using the -w '%{http_code}' flag and simulating a Not Modified then 304 should be output. - contributors: helper script to dig out contributors from git - RELEASE-NOTES: add twos refs to bug reports - RELEASE-NOTES: synced with 173160c0d068 Nick Zitzmann (2 Oct 2013) - darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher Credit (for catching a cipher I forgot to add to the blocked ciphers list): https://www.ssllabs.com/ssltest/viewMyClient.html Daniel Stenberg (2 Oct 2013) - OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett - KNOWN_BUGS: #84: CURLINFO_SSL_VERIFYRESULT CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends and not for any other! - [François Charlier brought this change] xattr: add support for FreeBSD xattr API - curl_easy_setopt.3: slight clarification of SEEKFUNCTION Steve Holme (29 Sep 2013) - tests: Fixed typos from commit 25a0c96a494297 - tests: Updated email addresses in SMTP tests following recent changes - test909: Removed custom EHLO response after recent changes ...as it is no longer required following capability and authentication changes and is now causing problems following commit 49341628b50007 as the test number is obtained from the client address in the EHLO. - ftpserver.pl: Fixed compilation error from commit 49341628b50007 - ftpserver.pl: Moved specifying the test number from the RCPT address ...to the client address as this frees the RCPT strings to contain just an email address and by passing the test number into curl as the client address remains consistent with POP3 and IMAP tests as they are specified in the URL. - ftpserver.pl: Added unwanted argument check to SMTP DATA command handler Daniel Stenberg (29 Sep 2013) - getinmemory: remove a comment The comment mentioned the need to free the data, but the example already does that free - postinmemory: new example This is similar to getinmemory.c but with an initial POST. Combined-by: Ulf Samuelsson - win32: fix Visual Studio 2010 build with WINVER >= 0x600 If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform SDK often defaults to high value, e.g. 0x601 (whoch may probably depend on the Windows version being used, in my case Windows 7). If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(), e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's lib/select.h. Make sure HAVE_STRUCT_POLLFD is defined then. Bug: http://curl.haxx.se/bug/view.cgi?id=1282 Reported-by: "kdekker" Patch-by: Marcel Raad Steve Holme (28 Sep 2013) - ssluse.c: Fixed compilation warnings when ENGINE not supported The function "ssl_ui_reader" was declared but never referenced The function "ssl_ui_writer" was declared but never referenced Daniel Stenberg (27 Sep 2013) - configure: use icc options without space The latest version(s) of the icc compiler no longer accept the extra space in the -we (warning enable), -wd (warning disable), etc. Reported-by: Elmira A Semenova Bug: http://curl.haxx.se/mail/lib-2013-09/0182.html Steve Holme (25 Sep 2013) - imap: Added clarification to the code about odd continuation responses - ftp.c: Fixed compilation warning There is an implicit conversion from "unsigned long" to "long" - sasl: Centralised the authentication mechanism strings Moved the standard SASL mechanism strings into curl_sasl.h rather than hard coding the same values over and over again in the protocols that use SASL authentication. For more information about the mechanism strings see: http://www.iana.org/assignments/sasl-mechanisms Daniel Stenberg (23 Sep 2013) - RELEASE-NOTES: added recent contributors missing Steve Holme (23 Sep 2013) - test906: Fixed type-2 response - test915: Corrected test number from commit 22bccb0edaf041 - test906: Fixed type-1 message not handled error ...from commit f81d1e16664976 due to copy paste error. - tests: Added SMTP AUTH NTLM test - tests: Added SMTP multiple and invalid --mail-rcpt test - tests: Added SMTP multiple --mail-rcpt test - tests: Added SMTP invalid --mail-rcpt test - tests: Regrouping of SMTP tests Daniel Stenberg (22 Sep 2013) - [Benoit Sigoure brought this change] test1112: Increase the timeout from 7s to 16s As someone reported on the mailing list a while back, the hard-coded arbitrary timeout of 7s in test 1112 is not sufficient in some build environments. At Arista Networks we build and test curl as part of our automated build system, and we've run into this timeout 170 times so far. Our build servers are typically quite busy building and testing a lot of code in parallel, so despite being beefy machines with 32 cores and 128GB of RAM we still hit this 7s timeout regularly. URL: http://curl.haxx.se/mail/lib-2010-02/0200.html Steve Holme (22 Sep 2013) - tests: Fixed smtp rcpt to addresses - ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses RCPT_smtp() will now check for a correctly formatted TO address which allows for invalid recipient addresses to be added. - ftpserver.pl: Added cURL SMTP server detection to HELO command handler As curl will send a HELO command after an negative EHLO response, added the same detection from commit b07709f7417c3e to the HELO handler to ensure the test server is identified correctly and an upload isn't performed. - ftpserver.pl: Corrected response code for successful RCPT command - ftpserver.pl: Moved invalid RCPT TO: address detection to RCPT handler Rather than detecting the TO address as missing in the DATA handler, moved the detection to the RCPT command handler where an error response can be generated. - RELEASE-NOTES: Corrected missed addition Somehow commit 60a20461629fda missed the last item in the sync list even though I'm sure I added it during editing. - RELEASE-NOTES: Synced with 6dd8bd8d2f9729 - curl.1: Added information about optional login options to --user in manpage Added missing information, from curl 7.31.0, regarding the use of the optional login options that may be specified as part of --user. For example: --user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols. - ftpserver.pl: Moved cURL SMTP server detection into EHLO command handler Moved the special SMTP server detection code from the DATA command handler, which happens further down the operation chain after EHLO, MAIL and RCPT commands, to the EHLO command as it is the first command to be generated by a SMTP operation as well as containing the special "verifiedserver" string from the URL. This not only makes it easier and quicker to detect but also means that cURL doesn't need to specify "verifiedserver" as --mail-from and --mail-rcpt arguments. More importantly, this also makes the upcoming verification changes to the RCPT handler easier to implement. Daniel Stenberg (21 Sep 2013) - openssl: use correct port number in error message In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it would output the local port number instead of the remote one which showed when doing SSL over a proxy (but with the correct remote host name). As libcurl only speaks SSL to the remote we know it is the remote port. Bug: http://curl.haxx.se/bug/view.cgi?id=1281 Reported-by: Gordon Marler - test1415: adjusted to work for 32bit time_t The libcurl date parser returns INT_MAX for all dates > 2037 so this test is now made to use 2037 instead of 2038 to work the same for both 32bit and 64bit time_t systems. Steve Holme (21 Sep 2013) - tests: Reworked existing SMTP tests to be single recipient based ...in preparation of upcoming multiple recipient tests. - ftpserver.pl: Corrected SMTP QUIT response to be more realistic Daniel Stenberg (20 Sep 2013) - curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value - [Kim Vandry brought this change] Documented --dns-* options in curl manpage Steve Holme (20 Sep 2013) - pop3: Added basic SASL XOAUTH2 support Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 ". - curl: Added clarification to the --mail options in the --help output ... that these options apply to SMTP only. - ftpserver.pl: Moved SMTP RCPT response text into command handler - tests: Added SMTP invalid --mail-from test Nick Zitzmann (19 Sep 2013) - darwinssl: enable BEAST workaround on iOS 7 & later iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0 and a CBC cipher, so we now always turn that on unless the user manually turns it off using CURLSSLOPT_ALLOW_BEAST. It appears Apple also added some new PSK ciphers, but no interface to use them yet, so we at least support printing them if we find them. Steve Holme (19 Sep 2013) - tests: Updated SMTP AUTH tests to use the new AUTH directive ...rather than specify a customised EHLO response. - tests: Corrected test913 as the QUIT response is received - tests: Added SMTP large message SIZE test - ftpserver.pl: Updated email regex from commit 98f7ca7e971006 ...to not be as strict as it was rejecting valid numeric email addresses. - tests: Fixed smtp mail from addresses - ftpserver.pl: Standardised CAPA and AUTH responses - ftpserver.pl: Corrected POP3 QUIT reply to be more realistic - runtests.pl: Fixed syntax error in commit c873375123343e Possible unintended interpolation in string at line 796 - runtests.pl: Fixed smtp mail from address Following changes to ftpserver.pl fixed the mail from address to be a correctly formatted address otherwise the server response will be 501 Invalid address. - ftpserver.pl: Fixed syntax error in commit 98f7ca7e971006 Can't modify constant item in scalar assignment line 779, near "0;" - ftpserver.pl: Expanded the SMTP MAIL handler to validate messages MAIl_smtp() will now check for a correctly formatted FROM address as well as the optional SIZE parameter comparing it against the server capability when specified. Daniel Stenberg (17 Sep 2013) - [YAMADA Yasuharu brought this change] cookies: add expiration Implement: Expired Cookies These following situation, curl removes cookie(s) from struct CookieInfo if the cookie expired. - Curl_cookie_add() - Curl_cookie_getlist() - cookie_output() Steve Holme (17 Sep 2013) - ftpserver.pl: Corrected response code for successful MAIL command - ftpserver.pl: Moved SMTP MAIL handler into own function - dns: fix compilation with MinGW from commit df69440d05f113 Avoid 'interface' literal that some MinGW versions define as a macro Additionally, corrected some very, very minor coding style errors. - tests: Fixed test 1406 following recent changes in ftpserver.pl By default the mail server doesn't send the SIZE capability but instead it has to be specified as a supported capability. - tests: Added test for SMTP SIZE capability - ftpserver.pl: Added the ability to include spaces in capabilities For example: CAPA "SIZE 1048576" 8BITMIME BINARYMIME will populate the capabilities list with the following in: SIZE 1048576 8BITMIME BINARYMIME - ftpserver.pl: Corrected response code for successful SMTP QUIT command - ftpserver.pl: Fixed syntax error in commit 33c1f2876b9029 Can't modify constant item in postincrement line 727, near "i++" - ftpserver.pl: Added CAPA & AUTH directive support to the SMTP EHLO handler - ftpserver.pl: Fixed SMTP QUIT handler from dadc495540946e - ftpserver.pl: Moved SMTP EHLO and QUIT handlers in own functions - ftpserver.pl: Added support for SMTP HELO command ...and updated test902 as explicit HELO response is no longer required. - ftpserver.pl: Added mailbox check to IMAP SELECT handler - ftpserver.pl: Corrected invalid user details check ...in both the IMAP LOGIN and POP3 PASS handlers introduced in commit 187ac693744949 and 84ad1569e5fc93 respectively. - ftpserver.pl: Moved IMAP LOGIN handler into own function - ftpserver.pl: Moved POP3 USER and PASS handlers into own functions - ftpserver.pl: Corrected invalid argument check in POP3 TOP handler ...which was accidentally introduced in commit 4d6ef6297ae9b6. - ftpserver.pl: Added capability prerequisite for extended POP3 commands - tests: Updated descriptions to be more meaningful - ftpserver.pl: Added support for IMAP NOOP command - imap: Fixed response check for NOOP command - tests: Updated descriptions to be more meaningful Daniel Stenberg (13 Sep 2013) - curl.1: detail how short/long options work URL: http://curl.haxx.se/bug/view.cgi?id=1279 Suggested-by: Jerry Krinock Steve Holme (13 Sep 2013) - curl: Fixed usage of DNS options when not using c-ares resolver Commit 32352ed6adddcb introduced various DNS options, however, these would cause curl to exit with CURLE_NOT_BUILT_IN when c-ares wasn't being used as the backend resolver even if the options weren't set by the user. Additionally corrected some minor coding style errors from the same commit. Daniel Stenberg (13 Sep 2013) - curl_easy_setopt.3: mention RTMP URL quirks URL: http://curl.haxx.se/bug/view.cgi?id=1278 Reported-by: Gorilla Maguila - [Ben Greear brought this change] curl: Add support for various DNS binding options. (Passed on to c-ares.) Allows something like this: curl --dns-interface sta8 --dns-ipv4-addr 8.8.1.111 --interface sta8 \ --localaddr 8.8.1.111 --dns-servers 8.8.8.1 www.google.com Signed-off-by: Ben Greear - [Kim Vandry brought this change] libcurl: New options to bind DNS to local interfaces or IP addresses - libcurl.3: for multi interface connections are held in the multi handle ... and a few more cleanups/clarifications Steve Holme (12 Sep 2013) - ftpserver.pl: Fixed missing comma from 7fd84b14d219b1 - ftpserver.pl: Fixed variable error introduced in 7fd84b14d219b1 Global symbol "$mailbox" requires explicit package name - ftpserver.pl: Added support for UID command - ftpserver.pl: Added support for LSUB command - imap: Fixed response check for LSUB and UID commands - ftpserver.pl: Added support for IMAP COPY command - ftpserver.pl: Added support for IMAP CLOSE and EXPUNGE commands - ftpserver.pl: Added support for POP3 RSET command - ftpserver.pl: Added the ability to remember what messages are deleted ...as this will be required for IMAP CLOSE and EXPUNGE commands as well as the POP3 RSET command. Daniel Stenberg (10 Sep 2013) - NI_MAXSERV: remove all use of it Solaris with the SunStudio Compiler is reportedly missing this define, but as we're using it without any good reason on all the places it was used I've now instead switched to just use sensible buffer sizes that fit a 32 bit decimal number. Which also happens to be smaller than the common NI_MAXSERV value which is 32 on most machines. Bug: http://curl.haxx.se/bug/view.cgi?id=1277 Reported-by: D.Flinkmann - http2: use the support HTTP2 draft version in the upgrade header ... instead of HTTP/2.0 to work fine with the nghttpx proxy/server. Steve Holme (10 Sep 2013) - ldap.c: Fix compilation warning warning: comparison between signed and unsigned integer expressions - [Jiri Hruska brought this change] imap/pop3/smtp: Speed up SSL connection initialization Don't wait for the next callback call (usually 1 second) before continuing with protocol specific connection initialization. - ldap.c: Corrected build error from commit 857f999353f333 - RELEASE-NOTES: Corrected duplicate in bfefe2400a16b8 - RELEASE-NOTES: Corrected typo from bfefe2400a16b8 - RELEASE-NOTES: synced with 25c68903756d6b Daniel Stenberg (10 Sep 2013) - README.http2: explain nghttp2 a little Steve Holme (9 Sep 2013) - tests: Added test for POP3 TOP command - ftpserver.pl: Added support for POP3 TOP command - tests: Added test for POP3 UIDL command - ftpserver.pl: Added support for POP3 UIDL command Daniel Stenberg (9 Sep 2013) - http2: adjust to new nghttp2_pack_settings_payload proto This function was modified in nghttp2 git commit a1c3f89c72e51 Kamil Dudka (9 Sep 2013) - url: handle abortion by read/write callbacks, too Otherwise, the FTP protocol would unnecessarily hang 60 seconds if aborted in the CURLOPT_HEADERFUNCTION callback. Reported by: Tomas Mlcoch Bug: https://bugzilla.redhat.com/1005686 Daniel Stenberg (9 Sep 2013) - ldap: fix the build for systems with ldap_url_parse() Make sure that the custom struct fields are only used by code that doesn't use a struct defintion from the outside. Attempts to fix the problem introduced in 3dc6fc42bfc61b Steve Holme (9 Sep 2013) - [Jiri Hruska brought this change] pingpong: Check SSL library buffers for already read data Otherwise the connection can get stuck during various phases, waiting for new data on the socket using select() etc., but it will never be received as the data has already been read into SSL library. - imap: Fixed calculation of transfer when partial FETCH received The transfer size would be calculated incorrectly if the email contained within the FETCH response, had been partially received by the pingpong layer. As such the following, example output, would be seen if the amount remaining was smaller than the amount received: * Excess found in a non pipelined read: excess = 1394, size = 262, maxdownload = 262, bytecount = 1374 * transfer closed with -1112 bytes remaining to read Bug: http://curl.haxx.se/mail/lib-2013-08/0170.html Reported-by: John Dunn - ftpserver.pl: Fixed empty array checks ...from commits 28427b408326a1 and e8313697b6554b. - ftpserver: Reworked AUTH support to allow for specifying the mechanisms Renamed SUPPORTAUTH to AUTH and added support for specifying a list of supported SASL mechanisms to return to the client. Additionally added the directive to the FILEFORMAT document. - ftpserver: Reworked CAPA support to allow for specifying the capabilities Renamed SUPPORTCAPA to CAPA and added support for specifying a list of supported capabilities to return to the client. Additionally added the directive to the FILEFORMAT document. - ftpserver.pl: Corrected POP3 LIST as message numbers should be contiguous The message numbers given in the LIST response are an index into the list, which are only valid for the current session, rather than being a unique message identifier. An index would only be missing from the LIST response if a DELE command had been issued within the same session and had not been committed by the end of session QUIT command. Once committed the POP3 server will regenerate the message numbers in the next session to be contiguous again. As such our LIST response should list message numbers contiguously until we support a DELE command in the same session. Should a POP3 user require the unique message ID for any or all messages then they should use the extended UIDL command. This command will be supported by the test ftpserver in an upcoming commit. Daniel Stenberg (8 Sep 2013) - [Clemens Gruber brought this change] curl_easy_pause: suggest one way to unpause Steve Holme (8 Sep 2013) - tests: Updated descriptions to be more meaningful - tests: Added test for POP3 NOOP command - ftpserver.pl: Added support for POP3 NOOP command - ftpserver.pl: Fixed 'Use of uninitialized value $args in string ne' - tests: Added test for POP3 STAT command - ftpserver.pl: Added support for POP STAT command - ftpserver.pl: Moved POP3 QUIT handler into own function - ftpserver.pl: Reordered the POP3 handlers to be alphabetical In preparation for additional POP3 tests, re-ordered the command function defintions to be sorted alphabetically. - ftpserver.pl: Corrected misaligned indentation in POP3 handlers Fixed incorrect indentation used in both the RETR_pop3 and LIST_pop3 functions which was 5 and 9 characters rather than 4 and 8. - tests: Added test for POP3 DELE command unknown (7 Sep 2013) - [Steve Holme brought this change] ftpserver.pl: Added support for POP3 DELE command Daniel Stenberg (7 Sep 2013) - http2: include curl_memory.h Detected by test 1132 Nick Zitzmann (7 Sep 2013) - http: fix build warning under LLVM When building the code using LLVM Clang without NGHTTP2, I was getting this warning: ../lib/http.h:155:1: warning: empty struct is a GNU extension [-Wgnu] Placing a dummy variable into the data structure silenced the warning. Daniel Stenberg (7 Sep 2013) - http2: actually init nghttp2 and send HTTP2-Settings properly - README.http2: how to use it best with the multi API? - http2: first embryo toward Upgrade: - http: rename use_http_1_1 to use_http_1_1plus Since it now actually says if 1.1 or a later version should be used. - configure: improve CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH The compiler test used a variable before it was assigned when it tried to see how it acts on a mismatching prototype, which could cause a false positive. - [Petr Písař brought this change] Pass password to OpenSSL engine by user interface Recent OpenSSL uses user interface abstraction to negotiate access to private keys in the cryprographical engines. An OpenSSL application is expected to implement the user interface. Otherwise a default one provided by OpenSSL (interactive standard I/O) will be used and the aplication will have no way how to pass a password to the engine. Longer-desc: http://curl.haxx.se/mail/lib-2013-08/0265.html - urlglob: improved error messages and column number on bad use Introduce a convenience macro and keep of the column better so that it can point out the offending column better. Updated test 75 accordingly. - urlglob: avoid error code translation By using the correct values from the start we don't have to translate them! - urlglob: avoid NULL pointer dereference Thanks to clang-analyzer - [Gisle Vanem brought this change] http2: use correct include for snprintf Using the first little merge of nghttp2 into libcurl, I stumbeled on the missing 'snprintf' in MSVCRT. Isn't this how we do it for other libcurl files? I.e. use 'curl_msnprintf' and not 'snprintf' directly: - --data: mention CRLF treatment when reading from file - [Geoff Beier brought this change] LDAP: fix bad free() when URL parsing failed When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries could be freed even though they sometimes point to data within an allocated area. This change introduces a lud_attrs_dup[] array for the duplicated string pointers, and it removes the unused lud_exts array. Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html Nick Zitzmann (5 Sep 2013) - darwinssl: add support for PKCS#12 files for client authentication I also documented the fact that the OpenSSL engine also supports them. Daniel Stenberg (5 Sep 2013) - symbols: added HTTP2 symbols and sorted list CURL_HTTP_VERSION_2_0 and CURL_VERSION_HTTP2 are new - configure: add HTTP2 as a curl-config --feature output Fixes the test 1014 failure - curl: unbreak --http1.0 again I broke it in 2eabb7d590 - SASL: fix compiler warnings comparison between signed and unsigned integer expressions suggest parentheses around '&&' within '||' (twice) - curl: add --http1.1 and --http2.0 options - Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without support - http2: add http2.[ch] and add nghttp2 version output - curl -V: output HTTP2 as a feature if present - curl.h: add CURL_VERSION_HTTP2 as a feature It isn't added as a separate protocol as HTTP2 will be done over HTTP:// URLs that can be upgraded to HTTP2 if the server supports it as well. Steve Holme (4 Sep 2013) - imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP or SMTP server advertised support for it even though a user's password was supplied but bearer token wasn't. Modified the selection logic so that XOAUTH2 will only be selected if the server supports it and A) The curl user/libcurl programmer has specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2) The bearer token is specified. Obviously if XOAUTH is asked for via the login option but no token is specified the user will receive a authentication failure which makes more sense than no known authentication mechanisms supported! Daniel Stenberg (4 Sep 2013) - curl.h: added CURL_HTTP_VERSION_2_0 Initial library considerations documented in lib/README.http2 - configure: added --with-nghttp2 - acinclude: fix --without-ca-path when cross-compiling The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check for paths when cross-compiling) causes --without-ca-path to no longer works when cross-compiling, since ca and capath only ever get set to "no" when not cross-compiling, I attach a patch that works for me. Also in the cross-compilation case, no ca-path seems to be a better default (IMVHO) than empty ca-path. Bug: http://curl.haxx.se/bug/view.cgi?id=1273 Patch-by: Stefan Neis Steve Holme (2 Sep 2013) - lib1512.c: Fixed compilation warning An enumerated type is mixed with another type. ...as well as a small coding style error. Guenter Knauf (1 Sep 2013) - Killed warning 'res' might be used uninitialized. Steve Holme (1 Sep 2013) - url.c: Fixed compilation warning An enumerated type is mixed with another type - easy.c: Fixed compilation warning warning: `code' might be used uninitialized in this function Daniel Stenberg (31 Aug 2013) - -x: rephrased the --proxy section somewhat Steve Holme (31 Aug 2013) - tests: Added test for IMAP CHECK command - ftpserver.pl: Added support for the IMAP CHECK command Guenter Knauf (31 Aug 2013) - Removed reference to krb4.c. Steve Holme (31 Aug 2013) - ftpserver.pl: Corrected flawed logic in commit 1ca6ed7b75cad0 - imap: Fixed response check for EXPUNGE command - ftpserver.pl: Added argument check to IMAP command handlers Added BAD argument check to the following IMAP command handlers: APPEND, STORE, LIST, EXAMINE, STATUS and SEARCH - ftpserver.pl: More whitespace corrections LIST_imap() had a second level of indentation at 9 characters and not 8. - ftpserver.pl: Small correction tidy up Corrected some IMAP variable names and whitespace issues. - [Kyle L. Huff brought this change] docs: Added documentation for CURLOPT_BEARER - [Kyle L. Huff brought this change] curl.1: Add usage of '--bearer' option - tests: Added tests for IMAP CREATE, DELETE and RENAME commands Daniel Stenberg (30 Aug 2013) - ftpserver: Bareword "to_mailbox" not allowed Added missing $ Steve Holme (30 Aug 2013) - ftpserver.pl: Added support for IMAP CREATE, DELETE and RENAME commands Daniel Stenberg (29 Aug 2013) - FTP: fix getsock during DO_MORE state ... when doing upload it would return the wrong values at times. This commit attempts to cleanup the mess. Bug: http://curl.haxx.se/mail/lib-2013-08/0109.html Reported-by: Mike Mio - curl_multi_remove_handle: allow multiple removes When removing an already removed handle, avoid that to ruin the internals and just return OK instead. Steve Holme (29 Aug 2013) - ftpserver.pl: Updated IMAP EXAMINE handler to use dynamic test data Daniel Stenberg (29 Aug 2013) - unit1304: include memdebug and free everything correctly - Curl_parsenetrc: document that the arguments must be allocated - easy: rename struct monitor to socketmonitor 'struct monitor', introduced in 6cf8413e, already exists in an IRIX header file (sys/mon.h) which gets included via various standard headers by lib/easy.c cc-1101 cc: ERROR File = ../../curl/lib/easy.c, Line = 458 "monitor" has already been declared in the current scope. Reported-by: Tor Arntsen Steve Holme (29 Aug 2013) - ftpserver.pl: Added SELECT check to IMAP FETCH and STORE handlers - ftpserver.pl: Corrected accidental move of logmsg() call Corrected the call to logmsg() in the IMAP SEARCH handler from commit 4ae7b7ea691497 as it should have been outputting the what argument and not the test number. Daniel Stenberg (28 Aug 2013) - ftpserver: add missing '}' from 4ae7b7ea69149 Steve Holme (28 Aug 2013) - ftpserver.pl: Added SELECT check to IMAP SEARCH command - ftpserver.pl: Fixed IMAP SEARCH command Daniel Stenberg (28 Aug 2013) - bump: next release is 7.33.0 due to added features - symbols-in-versions: add CURLOPT_XOAUTH2_BEARER Steve Holme (28 Aug 2013) - tests: Added test for IMAP SEARCH command Daniel Stenberg (28 Aug 2013) - valgrind.supp: fix for regular curl_easy_perform too When we introduced curl_easy_perform_ev, this got a slightly modified call trace. Without this, test 165 causes a false positive valgrind error. - valgrind.supp: add the event-based call stack-trace too Without this, test 165 triggers a valgrind error when ran with curl_easy_perform_ev - multi_socket: improved 100-continue timeout handling When waiting for a 100-continue response from the server, the Curl_readwrite() will refuse to run if called until the timeout has been reached. We timeout code in multi_socket() allows code to run slightly before the actual timeout time, so for test 154 it could lead to the function being executed but refused in Curl_readwrite() and then the application would just sit idling forever. This was detected with runtests.pl -e on test 154. Steve Holme (27 Aug 2013) - ftpserver.pl: Added support for IMAP SEARCH command - tool_operate.c: Fixed compilation warning warning: implicit declaration of function 'checkpasswd' - curl: Moved check for password out of get parameter loop Moved the calls to checkpasswd() out of the getparameter() function which allows for any related arguments to be specified on the command line before or after --user (and --proxy-user). For example: --bearer doesn't need to be specified before --user to prevent curl from asking for an unnecessary password as is the case with commit e7dcc454c67a2f. - RELEASE-NOTES: synced with acf59be7f09a7 - [Kyle L. Huff brought this change] curl: added --bearer option to help Added the --bearer option to the help output - [Kyle L. Huff brought this change] curl: added basic SASL XOAUTH2 support Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the --bearer option. Example usage: curl --url "imaps://imap.gmail.com:993/INBOX/;UID=1" --ssl-reqd --bearer ya29.AHES6Z...OMfsHYI --user username@example.com - tool_urlglob.c: Fixed compiler warnings warning: 'variable' may be used uninitialized in this function Daniel Stenberg (26 Aug 2013) - security.h: rename to curl_sec.h to avoid name collision I brought back security.h in commit bb5529331334e. As we actually already found out back in 2005 in commit 62970da675249, the file name security.h causes problems so I renamed it curl_sec.h instead. - runtests.pl: allow -vc point to a separate curl binary to verify with The specified curl binary will then be used to verify the running server(s) instead of the development version. This is very useful in some cases when the development version fails to verify correctly as then the test case may not run at all. The actual test will still be run with the "normal" curl executable (unless the test case specifies something differently). Steve Holme (26 Aug 2013) - [Kyle L. Huff brought this change] smtp: added basic SASL XOAUTH2 support Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 ". - [Kyle L. Huff brought this change] imap: added basic SASL XOAUTH2 support Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "A001 AUTHENTICATE XOAUTH2 ". - security.h: Fixed compilation warning ISO C forbids forward references to 'enum' types Daniel Stenberg (26 Aug 2013) - KNOWN_BUGS: refer to bug numbers with the existing number series The old numbers would still redirect but who knows for how long... Steve Holme (25 Aug 2013) - [Kyle L. Huff brought this change] options: added basic SASL XOAUTH2 support Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth 2.0 Authorization Framework". - [Kyle L. Huff brought this change] sasl: added basic SASL XOAUTH2 support Added the ability to generated a base64 encoded XOAUTH2 token containing: "user=^Aauth=Bearer ^A^A" as per RFC6749 "OAuth 2.0 Authorization Framework". Daniel Stenberg (25 Aug 2013) - FTP: remove krb4 support We've announced this pending removal for a long time and we've repeatedly asked if anyone would care or if anyone objects. Nobody has objected. It has probably not even been working for a good while since nobody has tested/used this code recently. The stuff in krb4.h that was generic enough to be used by other sources is now present in security.h - easy: define away easy_events() for non-debug builds - FAQ: editorial updates Several language fixes. Several reformats that should make the HTML generation of this document look better. Reported-by: Dave Thompson - RELEASE-NOTES: synced with 22adb46a32bee - multi: move on from STATE_DONE faster Make sure we always return CURLM_CALL_MULTI_PERFORM when we reach CURLM_STATE_DONE since the state is transient and it can very well continue executing as there is nothing to wait for. Bug: http://curl.haxx.se/mail/lib-2013-08/0211.html Reported-by: Yi Huang - curl.h: name space pollution by "enum type" Renamed to "enum curl_khtype" now. Will break compilation for programs that rely on the enum name. Bug: https://github.com/bagder/curl/pull/76 Reported-by: Shawn Landden - TFTP: make the CURLOPT_LOW_SPEED* options work ... this also makes sure that the progess callback gets called more often during TFTP transfers. Added test 1238 to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=1269 Reported-by: Jo3 - tftpd: support "writedelay" within - tftpd: convert 6 global variables into local ones - [Gisle Vanem brought this change] curl_easy_perform_ev: make it CURL_EXTERN I build curl.exe (using MingW) with '-DCURLDEBUG' and by importing from libcurl.dll. Which means the new curl_easy_perform_ev() must be exported from libcurl.dll. - CURLM_ADDED_ALREADY: new error code Doing curl_multi_add_handle() on an easy handle that is already added to a multi handle now returns this error code. It previously returned CURLM_BAD_EASY_HANDLE for this condition. - multi_init: moved init code here from add_handle The closure_handle is "owned" by the multi handle and it is unconditional so the setting up of it should be in the Curl_multi_handle function rather than curl_multi_add_handle. - multi: remove dns cache creation code from *add_handle As it is done unconditionally in multi_init() this code will never run! - curl_easy_perform_ev: debug/test function This function is meant to work *exactly* as curl_easy_perform() but will use the event-based libcurl API internally instead of curl_multi_perform(). To avoid relying on an actual event-based library and to not use non-portable functions (like epoll or similar), there's a rather inefficient emulation layer implemented on top of Curl_poll() instead. There's currently some convenience logging done in curl_easy_perform_ev which helps when tracking down problems. They may be suitable to remove or change once things seem to be fine enough. curl has a new --test-event option when built with debug enabled that then uses curl_easy_perform_ev() instead of curl_easy_perform(). If built without debug, using --test-event will only output a warning message. NOTE: curl_easy_perform_ev() is not part if the public API on purpose. It is only present in debug builds of libcurl and MUST NOT be considered stable even then. Use it for libcurl-testing purposes only. runtests.pl now features an -e command line option that makes it use --test-event for all curl command line tests. The man page is updated. - [Gisle Vanem brought this change] transfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONS - test1237: verify 1000+ letter user name + passwords - [Jonathan Nieder brought this change] url: handle arbitrary-length username and password before '@' libcurl quietly truncates usernames, passwords, and options from before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters to fit in fixed-size buffers on the stack. Allocate a buffer large enough to fit the parsed fields on the fly instead to support longer passwords. After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH left, so stop defining that constant while at it. The hardcoded max username and password length constants, on the other hand, are still used in HTTP proxy credential handling (which this patch doesn't touch). Reported-by: Colby Ranger - [Jonathan Nieder brought this change] url: handle exceptional cases first in parse_url_login() Instead of nesting "if(success)" blocks and leaving the reader in suspense about what happens in the !success case, deal with failure cases early, usually with a simple goto to clean up and return from the function. No functional change intended. The main effect is to decrease the indentation of this function slightly. - [Jonathan Nieder brought this change] Curl_setopt: handle arbitrary-length username and password libcurl truncates usernames, passwords, and options set with curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters. This doesn't affect the return value from curl_easy_setopt(), so from the caller's point of view, there is no sign anything strange has happened, except that authentication fails. For example: # Prepare a long (300-char) password. s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s; # Start a server. nc -l -p 8888 | tee out & pid=$! # Tell curl to pass the password to the server. curl --user me:$s http://localhost:8888 & sleep 1; kill $pid # Extract the password. userpass=$( awk '/Authorization: Basic/ {print $3}' setup_connection. Some protocol handlers had to get this function added. 2 - always free at the end of a request. This is also an attempt to keep less memory in the handle after it is completed. - version number: bump to 7.32.1 for now Start working on the next version and up some counters. Version 7.32.0 (11 Aug 2013) Daniel Stenberg (11 Aug 2013) - THANKS: added contributors from the 7.32.0 release notes - [Fabian Keil brought this change] test1228: add 'HTTP proxy' to the keywords - [Fabian Keil brought this change] tests: add keywords for a couple of FILE tests - [Fabian Keil brought this change] tests: add 'FAILURE' keywords to tests 1409 and 1410 - [Fabian Keil brought this change] tests: add keywords for a couple of HTTP tests - [Fabian Keil brought this change] tests: add keywords for a couple of FTP tests - [Fabian Keil brought this change] test1511: consistently terminate headers with CRLF - DISABLED: shut of test 1512 for now It shows intermittent failures and I haven't been able to track them down yet. Disable this test for now. - curl_multi_add_handle.3: ... that timer callback is for event-based - comments: remove old and wrong multi/easy interface statements - curl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use - [John E. Malmberg brought this change] KNOWN_BUGS: 22 and 57 have been fixed and committed - RELEASE-NOTES: synced with d20def20462e7 - global dns cache: fix memory leak The take down of the global dns cache didn't take CURLOPT_RESOLVE names into account. - global dns cache: didn't work [regression] CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been broken since the libcurl 7.29.0 release). While this option has been documented as deprecated for almost a decade and nobody even reported this bug, it should remain functional. Added test case 1512 to verify Yang Tse (8 Aug 2013) - [John Malmberg brought this change] packages/vms: update VMS build files VMS modified files either missing from a previous commit and changes to remove references to CVS repositories. Daniel Stenberg (8 Aug 2013) - FTP: renamed several local functions The previous naming scheme ftp_state_post_XXXX() wasn't really helpful as it wasn't always immediately after 'xxxx' and it wasn't easy to understand what it does based on such a name. This new one is instead ftp_state_yyyy() where yyyy describes what it does or sends. - mk-ca-bundle.1: don't install on make install Since the mk-ca-bundle tool itself isn't installed with make install, there's no point in installing its documentation. Bug: http://curl.haxx.se/mail/lib-2013-08/0057.html Reported-by: Guenter Knauf Yang Tse (7 Aug 2013) - packages/vms/Makefile.am: add latest file additions to EXTRA_DIST - [John Malmberg brought this change] Building_vms_pcsi_kit These are the files needed to build VMS distribution packages known as PCSI kits. Also minor update to the existing files, mainly to the documentation and file clean up code. Daniel Stenberg (6 Aug 2013) - LIBCURL-STRUCTS: new document This is the first version of this new document, detailing the seven perhaps most important internal structs in libcurl source code: 1.1 SessionHandle 1.2 connectdata 1.3 Curl_multi 1.4 Curl_handler 1.5 conncache 1.6 Curl_share 1.7 CookieInfo - CONTRIBUTE: minor language polish - FTP: when EPSV gets a 229 but fails to connect, retry with PASV This is a regression as this logic used to work. It isn't clear when it broke, but I'm assuming in 7.28.0 when we went all-multi internally. This likely never worked with the multi interface. As the failed connection is detected once the multi state has reached DO_MORE, the Curl_do_more() function was now expanded somewhat so that the ftp_do_more() function can request to go "back" to the previous state when it makes another attempt - using PASV. Added test case 1233 to verify this fix. It has the little issue that it assumes no service is listening/accepting connections on port 1... Reported-by: byte_bucket in the #curl IRC channel Nick Zitzmann (5 Aug 2013) - md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard For some reason, OS X 10.5's GCC suddenly stopped working correctly with macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I worked around this by removing use of the macros and inserting static functions that just call CommonCrypto's implementations of the functions instead. Guenter Knauf (5 Aug 2013) - Simplify check for trusted certificates. This changes the previous check for untrusted certs to a check for certs explicitely marked as trusted. The change is backward-compatible (tested with certdata.txt v1.80). Daniel Stenberg (5 Aug 2013) - configure: warn on bad env variable use, don't error Use XC_CHECK_BUILD_FLAGS instead XC_CHECK_USER_FLAGS. - Revert "configure: don't error out on variable confusions, just warn" This reverts commit 6b27703b5f525eccdc0a8409f51de8595c75132a. - formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used The internal function that's used to detect known file extensions for the default Content-Type got the the wrong pointer passed in when CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that strlen() would be used which could lead to an out-of-bounds read (and thus segfault). In most cases it would only lead to it not finding or using the correct default content-type. It also showed that test 554 and test 587 were testing for the previous/wrong behavior and now they're updated as well. Bug: http://curl.haxx.se/bug/view.cgi?id=1262 Reported-by: Konstantin Isakov Guenter Knauf (4 Aug 2013) - Skip more untrusted certificates. Christian Heimes brought to our attention that the certdata.txt format has recently changed [1], causing ca-bundle.crt created with mk-ca-bundle.[pl|vbs] to include untrusted certs. [1] http://lists.debian.org/debian-release/2012/11/msg00411.html Daniel Stenberg (4 Aug 2013) - configure: don't error out on variable confusions, just warn - configure: rephrase the notice in _XC_CHECK_VAR_* Instead of claiming it is an error, we call it a "note" to reduce the severity level. But the following text now says the [variable] "*should* only be used to specify"... instead of previously having said "may". - multi: remove data->state.current_conn struct field Not needed - multi: remove the one_easy struct field Since the merge of SessionHandle with Curl_one_easy, this indirection isn't used anymore. - multi: rename all Curl_one_easy to SessionHandle - multi: remove the multi_pos struct field Since Curl_one_easy is really a SessionHandle now, this indirection doesn't exist anymore. - multi: remove easy_handle struct field It isn't needed anymore - multi: remove 'Curl_one_easy' struct, phase 1 The motivation for having a separate struct that keep track of an easy handle when using the multi handle was removed when we switched to always using the multi interface internally. Now they were just two separate struct that was always allocated for each easy handle. This first step just moves the Curl_one_easy struct members into the SessionHandle struct and hides this somehow (== keeps the source code changes to a minimum) by defining Curl_one_easy to SessionHandle The biggest changes in this commit are: 1 - the linked list of easy handles had to be changed somewhat due to the new struct layout. This made the main linked list pointer get renamed to 'easyp' and there's also a new pointer to the last node, called easylp. It is no longer circular but ends with ->next pointing to NULL. New nodes are still added last. 2 - easy->state is now called easy->mstate to avoid name collision Steve Holme (2 Aug 2013) - Revert "DOCS: Added IMAP URL example for listing new messages" This reverts commit 82ab5f1b0c7c3f as this was the wrong place to document the complexity of IMAP URLs and Custom Requests. - DOCS: Added IMAP URL example for listing new messages In addition to listing the folder contents, in the URL examples, added an example to list the new messages waiting in the user's inbox. Yang Tse (1 Aug 2013) - packages/vms/Makefile.am: add latest file additions to EXTRA_DIST - [John Malmberg brought this change] Add in the files needed to build libcurl shared images on VMS. Update the packages/vms/readme file to be current. Also some files for the GNV based build were either missing or needed an update. curl_crtl_init.c is a special file that is run before main() to set up the proper C runtime behavior. generate_vax_transfer.com generates the VAX transfer vector modules from the gnv_libcurl_symbols.opt file. gnv_conftest.c_first is a helper file needed for configure scripts to come up with the expected answers on VMS. gnv_libcurl_symbols.opt is the public symbols for the libcurl shared image. gnv_link_curl.com builds the shared libcurl image and rebuilds other programs to use it. macro32_exactcase.patch is a hack to make a local copy of the VMS Macro32 assembler case sensitive, which is needed to build the VAX transfer modules. report_openssl_version.c is a tool for help verify that the libcurl shared image is being built for a minium version of openssl. - curl: second follow-up for commit 5af2bfb9 Display progress-bar unconditionally on first call - curl: follow-up for commit 5af2bfb9 Use tvnow() and tvdiff() to avoid introducing new linkage issues Daniel Stenberg (31 Jul 2013) - curl: --progress-bar max update frequency now at 5Hz - curl: make --progress-bar update the line less frequently Also, use memset() instead of a lame loop. The previous logic that tried to avoid too many updates were very ineffective for really fast transfers, as then it could easily end up doing hundreds of updates per second that would make a significant impact in transfer performance! Bug: http://curl.haxx.se/mail/archive-2013-07/0031.html Reported-by: Marc Doughty Nick Zitzmann (30 Jul 2013) - darwinssl: added LFs to some strings passed into infof() (This doesn't need to appear in the release notes.) I noticed a few places where infof() was called, and there should've been an LF at the end of the string, but there wasn't. - darwinssl: fix build error in crypto authentication under Snow Leopard It turns out Snow Leopard not only has SecItemCopyMatching() defined in a header not included by the omnibus header, but it won't work for our purposes, because searching for SecIdentityRef objects wasn't added to that API until Lion. So we now use the old SecKeychainSearch API instead if the user is building under, or running under, Snow Leopard. Bug: http://sourceforge.net/p/curl/bugs/1255/ Reported by: Edward Rudd - md5 & metalink: use better build macros on Apple operating systems Previously we used __MAC_10_X and __IPHONE_X to mark digest-generating code that was specific to OS X and iOS. Now we use __MAC_OS_X_VERSION_MAX_ALLOWED and __IPHONE_OS_VERSION_MAX_ALLOWED instead of those macros. Bug: http://sourceforge.net/p/curl/bugs/1255/ Reported by: Edward Rudd Yang Tse (29 Jul 2013) - tool_operhlp.c: fix add_file_name_to_url() OOM handling - tool_operate.c: fix brace placement for vi/emacs delimiter matching - tool_operate.c: move header inclusion location Daniel Stenberg (29 Jul 2013) - RELEASE-NOTES: synced with b5478a0e033e7 - curl_easy_pause: on unpause, trigger mulit-socket handling When the multi-socket API is used, we need the handle to be checked again when it gets unpaused. Bug: http://curl.haxx.se/mail/lib-2013-07/0239.html Reported-by: Justin Karneges - [John E. Malmberg brought this change] curl_formadd: fix file upload on VMS For the standard VMS text file formats, VMS needs to read the file to get the actual file size. For the standard VMS binary file formats, VMS needs a special format of fopen() call so that it stops reading at the logical end of file instead of at the end of the blocks allocated to the file. I structured the patch this way as I was not sure about changing the structures or parameters to the routines, but would prefer to only call the stat() function once and pass the information to where the fopen() call is made. Bug: https://sourceforge.net/p/curl/bugs/758/ - formadd: CURLFORM_FILECONTENT wrongly rejected some option combos The code for CURLFORM_FILECONTENT had its check for duplicate options wrong so that it would reject CURLFORM_PTRNAME if used in combination with it (but not CURLFORM_COPYNAME)! The flags field used for this purpose cannot be interpreted that broadly. Bug: http://curl.haxx.se/mail/lib-2013-07/0258.html Reported-by: Byrial Jensen Yang Tse (25 Jul 2013) - packages/vms/Makefile.am: add latest file additions to EXTRA_DIST - [John E. Malmberg brought this change] VMS: intial set of files to allow building using GNV toolkit. - string formatting: fix too many arguments for format - string formatting: fix zero-length printf format string - easy.c: curl_easy_getinfo() fix va_start/va_end matching - imap.c: imap_sendf() fix va_start/va_end matching - string formatting: fix 15+ printf-style format strings Patrick Monnerat (24 Jul 2013) - OS400: sync ILE/RPG binding with current curl.h Yang Tse (24 Jul 2013) - string formatting: fix 25+ printf-style format strings Daniel Stenberg (23 Jul 2013) - Makefile.am: use LDFLAGS as well when linking libcurl Linking on Solaris 10 x86 with Sun Studio 12 failed when we upgraded automake for the release builds. Bug: http://curl.haxx.se/bug/view.cgi?id=1217 Reported-by: Dagobert Michelsen - [Fabian Keil brought this change] url.c: Fix dot file path cleanup when using an HTTP proxy Previously the path was cleaned, but the URL wasn't properly updated. - [Fabian Keil brought this change] tests: test1232 verifies dotdot removal from path with proxy - [Fabian Keil brought this change] dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify() - [John E. Malmberg brought this change] build_vms.com: fix debug and float options In the reorganization of the build_vms.com the debug and float options were not fixed up correctly. - [John E. Malmberg brought this change] curl: fix upload of a zip file in OpenVMS Two fixes: 1. Force output file format to be stream-lf so that partial downloads can be continued. This should have minor impact as if the file does not exist, it was created with stream-lf format. The only time this was an issue is if there was already an existing file with a different format. 2. Fix file uploads are now fixed. a. VMS binary files such as ZIP archives are now uploaded correctly. b. VMS text files are read once to get the correct size and then converted to line-feed terminated records as they are read into curl. The default VMS text formats do not contain either line-feed or carriage-return terminated records. Those delimiters are added by the operating system file read calls if the application requests them. Bug: http://curl.haxx.se/bug/view.cgi?id=496 Yang Tse (22 Jul 2013) - libtest: fix data type of some *_setopt() 'long' arguments - curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output - curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output - tool_operate.c: fix passing curl_easy_setopt long arg on some x64 ABIs We no longer pass our 'bool' data type variables nor constants as an argument to my_setopt(), instead we use proper 1L or 0L values. This also fixes macro used to pass string argument for CURLOPT_SSLCERT, CURLOPT_SSLKEY and CURLOPT_EGDSOCKET using my_setopt_str() instead of my_setopt(). This also casts enum or int argument data types to long when passed to my_setopt_enum(). Daniel Stenberg (21 Jul 2013) - curl_multi_wait: fix revents Commit 6d30f8ebed34e7276 didn't work properly. First, it used the wrong array index, but this fix also: 1 - only does the copying if indeed there was any activity 2 - makes sure to properly translate between internal and external bitfields, which are not guaranteed to match Reported-by: Evgeny Turnaev - RELEASE-NOTES: synced with d529f3882b9bca - curl_easy_perform: gradually increase the delay time Instead of going 50,100,150 etc millisecond delay time when nothing has been found to do or wait for, we now start lower and double each loop as in 4,8,16,32 etc. This lowers the minimum wait without sacrifizing the longer wait too much with unnecessary CPU cycles burnt. Bug: http://curl.haxx.se/mail/lib-2013-07/0103.html Reported-by: Andreas Malzahn - ftp_do_more: consider DO_MORE complete when server connects back In the case of an active connection when ftp_do_more() detects that the server has connected back, it must make sure to mark it as complete so that the multi_runsingle() function will detect this and move on to the next state. Bug: http://curl.haxx.se/mail/lib-2013-07/0115.html Reported-by: Clemens Gruber Yang Tse (19 Jul 2013) - Makefile.b32: Borland makefile adjustments. Tested with BCC 5.5.1 - WIN32 MemoryTracking: require UNICODE for wide strdup code support Daniel Stenberg (18 Jul 2013) - CURLOPT_XFERINFOFUNCTION: introducing a new progress callback CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function and CURLOPT_PROGRESSFUNCTION is considered deprecated. This new callback uses pure 'curl_off_t' arguments to pass on full resolution sizes. It otherwise retains the same characteristics: the same call rate, the same meanings for the arguments and the return code is used the same way. The progressfunc.c example is updated to show how to use the new callback for newer libcurls while supporting the older one if built with an older libcurl or even built with a newer libcurl while running with an older. Yang Tse (18 Jul 2013) - Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage". This reverts commit 7ed25cc, reinstating commit 8ec2cb5. As of 18-jul-2013 we still do have code in libcurl that makes use of these memory functions. Commit 8ec2cb5 comment still applies and is yet valid. These memory functions are solely used in Windows builds, so all related code is protected with '#ifdef WIN32' preprocessor conditional compilation directives. Specifically, wcsdup() _wcsdup() are used when building a Windows target with UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case when building a Windows UNICODE target with Windows native SSL/TLS support enabled. Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage of these is hidden behind _tcsdup() which is MS way of dealing with code that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS header files and those compatible from other compilers use this preprocessor conditional compilation directive in order to select at compilation time whether 'wide' or 'ansi' MS API functions are used. Without this code, Windows build targets with Windows native SSL/TLS support enabled and MemoryTracking support enabled misbehave in tracking memory usage, regardless of being a UNICODE enabled build or not. - xc-am-iface.m4: comments refinement - configure: fix 'subdir-objects' distclean related issue See XC_AMEND_DISTCLEAN comments for details. Daniel Stenberg (18 Jul 2013) - [Evgeny Turnaev brought this change] curl_multi_wait: set revents for extra fds Pass back the revents that happened for the user-provided file descriptors. - [Ben Greear brought this change] asyn-ares: Don't blank ares servers if none configured. Best to just let c-ares use it's defaults if none are configured in (lib)curl. Signed-off-by: Ben Greear - [Sergei Nikulov brought this change] cmake: Fix for MSVC2010 project generation Fixed issue with static build for MSVC2010. After some investigation I've discovered known issue http://public.kitware.com/Bug/view.php?id=11240 When .rc file is linked to static lib it fails with following linker error LINK : warning LNK4068: /MACHINE not specified; defaulting to X86 file.obj : fatal error LNK1112: module machine type 'x64' conflicts with target machine type 'X86' Fix add target property /MACHINE: for MSVC generation. Also removed old workarounds - it caused errors during msvc build. Bug: http://curl.haxx.se/mail/lib-2013-07/0046.html - mk-ca-bundle.1: point out certdata.txt format docs Yang Tse (16 Jul 2013) - slist.c: Curl_slist_append_nodup() OOM handling fix Daniel Stenberg (16 Jul 2013) - test1414: FTP PORT download without SIZE support Yang Tse (16 Jul 2013) - tests/Makefile.am: add configurehelp.pm to DISTCLEANFILES Patrick Monnerat (15 Jul 2013) - curl_slist_append(): fix error detection - slist.c: fix indentation - OS400: new SSL backend GSKit - OS400: add slist and certinfo EBCDIC support - config-os400.h: enable system strdup(), strcmpi(), etc. - x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extract Use from qssl backend - ssluse.c,sslgen.c,sslgen.h: move certinfo support to generic SSL - Merge branch 'master' of github.com:bagder/curl Merge for resync - slist.c, slist.h, cookie.c: new internal procedure Curl_slist_append_nodup() Yang Tse (15 Jul 2013) - sslgen.c: fix Curl_rand() compiler warning Use simple seeding method upon RANDOM_FILE seeding method failure. - sslgen.c: fix unreleased Curl_rand() infinite recursion Daniel Stenberg (14 Jul 2013) - [Dave Reisner brought this change] src/tool: allow timeouts to accept decimal values Implement wrappers around strtod to convert the user argument to a double with sane error checking. Use this to allow --max-time and --connect-timeout to accept decimal values instead of strictly integers. The manpage is updated to make mention of this feature and, additionally, forewarn that the actual timeout of the operation can vary in its precision (particularly as the value increases in its decimal precision). - [Dave Reisner brought this change] curl.1: fix long line, found by checksrc.pl - [Dave Reisner brought this change] src/tool_paramhlp: try harder to catch negatives strto* functions happily chomp off leading whitespace, so simply checking for str[0] can lead to false negatives. Do the full parse and check the out value instead. - [John E. Malmberg brought this change] build_vms.com: detect and use zlib shared image Update the build_vms.com to detect and use zlib shared image installed by the ZLIB kit produced by Jean-Francois Pieronne, and the also the future ZLIB 1.2.8 kit in addition to the older ZLIB kits. Also fix the indentation to match one of the common standards used for VMS DCL command files and removed the hard tab characters. Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX. Yang Tse (14 Jul 2013) - url.c: fix parse_url_login() OOM handling - http_digest.c: SIGSEGV and OOM handling fixes - url.c: fix parse_login_details() OOM handling - [John E. Malmberg brought this change] setup-vms.h: sk_pop symbol tweak Newer versions of curl are referencing a sk_pop symbol while the HP OpenSSL library has the symbol in uppercase only. - getinfo.c: fix enumerated type mixed with another type - test 1511: fix enumerated type mixed with another type - url.c: fix SIGSEGV - dotdot.c: fix global declaration shadowing - easy.c: fix global declaration shadowing Kamil Dudka (9 Jul 2013) - Revert "curl.1: document the --time-cond option in the man page" This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because the documentation of --time-cond was duplicated by mistake. Reported by: Dave Reisner - curl.1: document the --sasl-ir option in the man page - curl.1: document the --post303 option in the man page - curl.1: document the --time-cond option in the man page Yang Tse (9 Jul 2013) - configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE) - xc-am-iface.m4: provide XC_AUTOMAKE macro Guenter Knauf (8 Jul 2013) - Added winssl-zlib target to VC builds. - Synced Makefile.vc6 with recent changes. Issue posted to the list by malinowsky AT FTW DOT at. - Added libmetalink URL; added Android versions. Dan Fandrich (3 Jul 2013) - examples: Moved usercertinmem.c to COMPLICATED_EXAMPLES This prevents it from being built during a "make check" since it depends on OpenSSL. Nick Zitzmann (2 Jul 2013) - Merge branch 'master' of https://github.com/bagder/curl - darwinssl: SSLv2 connections are aborted if unsupported by the OS I just noticed that OS X no longer supports SSLv2. Other TLS engines return an error if the requested protocol isn't supported by the underlying engine, so we do that now for SSLv2 if the framework returns an error when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is only enabled in curl when starting the app with the -2 argument; it's off by default. SSLv2 is really old and insecure.) Marc Hoersken (1 Jul 2013) - lib506.c: Fixed possible use of uninitialized variables Kamil Dudka (30 Jun 2013) - url: restore the functionality of 'curl -u :' This commit fixes a regression introduced in fddb7b44a79d78e05043e1c97e069308b6b85f79. Reported by: Markus Moeller Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html Daniel Stenberg (25 Jun 2013) - digest: append the timer to the random for the nonce - digest: improve nonce generation Use the new improved Curl_rand() to generate better random nonce for Digest auth. - curl.1: fix typo in --xattr description Bug: http://curl.haxx.se/bug/view.cgi?id=1252 Reported-by: Jean-Noël Rouvignac - RELEASE-NOTES: synced with 365c5ba39591 The 10 first bug fixes for the pending release... - formpost: better random boundaries When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris" - printf: make sure %x are treated unsigned When using %x, the number must be treated as unsigned as otherwise it would get sign-extended on for example 64bit machines and do wrong output. This problem showed when doing printf("%08x", 0xffeeddcc) on a 64bit host. - tests: add test1395 to the tarball - SIGPIPE: don't use 'data' in sigpipe restore Follow-up fix from 7d80ed64e43515. The SessionHandle may not be around to use when we restore the sigpipe sighandler so we store the no_signal boolean in the local struct to know if/how to restore. - TODO: 1.8 Modified buffer size approach Thoughts around buffer sizes and what might be possible to do... - c-ares: improve error message on failed resolve When the c-ares based resolver backend failed to resolve a name, it tried to show the name that failed from existing structs. This caused the wrong output and shown hostname when for example --interface [hostname] was used and that name resolving failed. Now we use the hostname used in the actual resolve attempt in the error message as well. Bug: http://curl.haxx.se/bug/view.cgi?id=1191 Reported-by: Kim Vandry - ossl_recv: check for an OpenSSL error, don't assume When we recently started to treat a zero return code from SSL_read() as an error we also got false positives - which primarily looks to be because the OpenSSL documentation is wrong and a zero return code is not at all an error case in many situations. Now ossl_recv() will check with ERR_get_error() to see if there is a stored error and only then consider it to be a true error if SSL_read() returned zero. Bug: http://curl.haxx.se/bug/view.cgi?id=1249 Reported-by: Nach M. S. Patch-by: Nach M. S. Nick Zitzmann (22 Jun 2013) - Merge branch 'master' of https://github.com/bagder/curl - darwinssl: fix crash that started happening in Lion Something (a recent security update maybe?) changed in Lion, and now it has changed SSLCopyPeerTrust such that it may return noErr but also give us a null trust, which caught us off guard and caused an eventual crash. Daniel Stenberg (22 Jun 2013) - SIGPIPE: ignored while inside the library ... and restore the ordinary handling again when it returns. This is done for curl_easy_perform() and curl_easy_cleanup() only for now - and only when built to use OpenSSL as backend as this is the known culprit for the spurious SIGPIPEs people have received. Bug: http://curl.haxx.se/bug/view.cgi?id=1180 Reported by: Lluís Batlle i Rossell - KNOWN_BUGS: #83 unable to load non-default openssl engines - test1396: invoke the correct test tool! This erroneously run unit test 1310 instead of 1396! Kamil Dudka (22 Jun 2013) - test1230: avoid using hard-wired port number ... to prevent failure when a non-default -b option is given - curl-config.in: replace tabs by spaces Nick Zitzmann (22 Jun 2013) - darwinssl: reform OS-specific #defines This doesn't need to be in the release notes. I cleaned up a lot of the #if lines in the code to use MAC_OS_X_VERSION_MIN_REQUIRED and MAC_OS_X_VERSION_MAX_ALLOWED instead of checking for whether things like __MAC_10_6 or whatever were defined, because for some SDKs Apple has released they were defined out of place. Daniel Stenberg (22 Jun 2013) - [Alessandro Ghedini brought this change] docs: fix typo in curl_easy_getinfo manpage - dotdot: introducing dot file path cleanup RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik - bump: start working towards what most likely will become 7.32.0 - THANKS: added 24 new contributors from the 7.31.0 release Version 7.31.0 (22 Jun 2013) Daniel Stenberg (22 Jun 2013) - RELEASE-NOTES: synced with 0de7249bb39a2 - 7.31.0 - unit1396: unit tests to verify curl_easy_(un)escape - Curl_urldecode: no peeking beyond end of input buffer Security problem: CVE-2013-2174 If a program would give a string like "%FF" to curl_easy_unescape() but ask for it to decode only the first byte, it would still parse and decode the full hex sequence. The function then not only read beyond the allowed buffer but it would also deduct the *unsigned* counter variable for how many more bytes there's left to read in the buffer by two, making the counter wrap. Continuing this, the function would go on reading beyond the buffer and soon writing beyond the allocated target buffer... Bug: http://curl.haxx.se/docs/adv_20130622.html Reported-by: Timo Sirainen Guenter Knauf (20 Jun 2013) - Use opened body.out file and write content to it. Daniel Stenberg (20 Jun 2013) - multi_socket: react on socket close immediately As a remedy to the problem when a socket gets closed and a new one is opened with the same file descriptor number and as a result multi.c:singlesocket() doesn't detect the difference, the new function Curl_multi_closed() gets told when a socket is closed so that it can be removed from the socket hash. When the old one has been removed, a new socket should be detected fine by the singlesocket() on next invoke. Bug: http://curl.haxx.se/bug/view.cgi?id=1248 Reported-by: Erik Johansson - RELEASE-NOTES: synced with e305f5ec715f - TODO: mention the DANE patch from March - CURLOPT_COOKIELIST: take cookie share lock When performing COOKIELIST operations the cookie lock needs to be taken for the cases where the cookies are shared among multiple handles! Verified by Benjamin Gilbert's updated test 506 Bug: http://curl.haxx.se/bug/view.cgi?id=1215 Reported-by: Benjamin Gilbert - [Benjamin Gilbert brought this change] test506: verify that CURLOPT_COOKIELIST takes share lock It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215 - TODO: HTTP2/SPDY support - curl_easy_setopt.3: clarify CURLOPT_PROGRESSFUNCTION frequency Make it clearer that the CURLOPT_PROGRESSFUNCTION callback will be called more frequently than once per second when things are happening. - RELEASE-NOTES: synced with 9c3e098259b82 Mention 7 recent bug fixes and their associated contributors - curl_multi_wait.3: clarify the numfds counter - curl_easy_perform: avoid busy-looping When curl_multi_wait() finds no file descriptor to wait for, it returns instantly and this must be handled gracefully within curl_easy_perform() or cause a busy-loop. Starting now, repeated fast returns without any file descriptors is detected and a gradually increasing sleep will be used (up to a max of 1000 milliseconds) before continuing the loop. Bug: http://curl.haxx.se/bug/view.cgi?id=1238 Reported-by: Miguel Angel - [YAMADA Yasuharu brought this change] cookies: follow-up fix for path checking The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62). - [Sergei Nikulov brought this change] lib1900: use tutil_tvnow instead of gettimeofday Makes it build on windows - [Eric Hu brought this change] axtls: now done non-blocking - [Eric Hu brought this change] test2033: requires NTLM support - KNOWN_BUGS: #82 failed build with Borland compiler - Curl_output_digest: support auth-int for empty entity body By always returning the md5 for an empty body when auth-int is asked for, libcurl now at least sometimes does the right thing. Bug: http://curl.haxx.se/bug/view.cgi?id=1235 Patched-by: Nach M. S. - multi_socket: reduce timeout inaccuracy margin Allow less room for "triggered too early" mistakes by applications / timers on non-windows platforms. Starting now, we assume that a timeout call is never made earlier than 3 milliseconds before the actual timeout. This greatly improves timeout accuracy on Linux. Bug: http://curl.haxx.se/bug/view.cgi?id=1228 Reported-by: Hang Su - cert_stuff: avoid double free in the PKCS12 code In the pkcs12 code, we get a list of x509 records returned from PKCS12_parse but when iterating over the list and passing each to SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from the "stack", which made them get freed twice (both in sk_X509_pop_free() and then later in SSL_CTX_free). This isn't really documented anywhere... Bug: http://curl.haxx.se/bug/view.cgi?id=1236 Reported-by: Nikaiw - cert_stuff: remove code duplication in the pkcs12 logic - [Aleksey Tulinov brought this change] axtls: honor disabled VERIFYHOST When VERIFYHOST == 0, libcurl should let invalid certificates to pass. - [Peter Gal brought this change] curl_easy_setopt.3: HTTP header with no content Update the documentation on how to specify a HTTP header with no content. - RELEASE-NOTES: synced with 87cf677eca55 Added 11 bugs and 7 contributors - lib1500: remove bad check After curl_multi_wait() returns, this test checked that we got exactly one file descriptor told to read from, but we cannot be sure that is true. curl_multi_wait() will sometimes return earlier without any file descriptor to handle, just just because it is a suitable time to call *perform(). This problem showed up with commit 29bf0598. Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html Reported-by: Fabian Keil - tests/Makefile: typo in the perlcheck target Bug: http://curl.haxx.se/bug/view.cgi?id=1239 Reported-by: Christian Weisgerber - test1230: verify CONNECT to a numerical ipv6-address - sws: support extracting test number from CONNECT ipv6-address! If an ipv6-address is provided to CONNECT, the last hexadecimal group in the address will be used as the test number! For example the address "[1234::ff]" would be treated as test case 255. - curl_multi_wait: only use internal timer if not -1 commit 29bf0598aad5 introduced a problem when the "internal" timeout is prefered to the given if shorter, as it didn't consider the case where -1 was returned. Now the internal timeout is only considered if not -1. Reported-by: Tor Arntsen Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html Dan Fandrich (3 Jun 2013) - libcurl-tutorial.3: added a section on IPv6 Also added a (correctly-escaped) backslash to the autoexec.bat example file and a new Windows character device name with a colon as examples of other characters that are special and potentially dangerous (this reverts and reworks commit 7d8d2a54). Daniel Stenberg (3 Jun 2013) - curl_multi_wait: reduce timeout if the multi handle wants to If the multi handle's pending timeout is less than what is passed into this function, it will now opt to use the shorter time anyway since it is a very good hint that the handle wants to process something in a shorter time than what otherwise would happen. curl_multi_wait.3 was updated accordingly to clarify This is the reason for bug #1224 Bug: http://curl.haxx.se/bug/view.cgi?id=1224 Reported-by: Andrii Moiseiev - multi_runsingle: switch an if() condition for readability ... because there's an identical check right next to it so using the operators in the check in the same order increases readability. Marc Hoersken (2 Jun 2013) - curl_schannel.c: Removed variable unused since 35874298e4 - curl_setup.h: Fixed redefinition warning using mingw-w64 Daniel Stenberg (30 May 2013) - multi_runsingle: add braces to clarify the code - libcurl-tutorial.3: remove incorrect backslash A single backslash in the content is not legal nroff syntax. Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1234 - curl_formadd.3: fixed wrong "end-marker" syntax Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1233 - curl.1: clarify that --silent still outputs data - Digest auth: escape user names with \ or " in them When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230 - [Mike Giancola brought this change] ossl_recv: SSL_read() returning 0 is an error too SSL_read can return 0 for "not successful", according to the open SSL documentation: http://www.openssl.org/docs/ssl/SSL_read.html - [Mike Giancola brought this change] ossl_send: SSL_write() returning 0 is an error too We found that in specific cases if the connection is abruptly closed, the underlying socket is listed in a close_wait state. We continue to call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs report the socket closed / connection finished. Since we have cases where the multi connection is only used once, this can pose a problem for us. I've read that if another connection was to come in, curl would see the socket as bad and attempt to close it at that time - unfortunately, this does not work for us. I found that in specific situations, if SSL_write returns 0, curl did not recognize the socket as closed (or errored out) and did not report it to the application. I believe we need to change the code slightly, to check if ssl_write returns 0. If so, treat it as an error - the same as a negative return code. For OpenSSL - the ssl_write documentation is here: http://www.openssl.org/docs/ssl/SSL_write.html - KNOWN_BUGS: curl -OJC- fails to resume Bug: http://curl.haxx.se/bug/view.cgi?id=1169 - Curl_cookie_add: handle IPv6 hosts 1 - don't skip host names with a colon in them in an attempt to bail out on HTTP headers in the cookie file parser. It was only a shortcut anyway and trying to parse a file with HTTP headers will still be handled, only slightly slower. 2 - don't skip domain names based on number of dots. The original netscape cookie spec had this oddity mentioned and while our code decreased the check to only check for two, the existing cookie spec has no such dot counting required. Bug: http://curl.haxx.se/bug/view.cgi?id=1221 Reported-by: Stefan Neis - curl_easy_setopt.3: expand the PROGRESSFUNCTION section Explain the callback and its arguments better and with more descriptive text. - tests: add test1394 file to the tarball - tarball: include the xmlstream example - [David Strauss brought this change] xmlstream: XML stream parsing example source code Add an XML stream parsing example using Expat. Add missing ignore for the binary from an unrelated example. - [YAMADA Yasuharu brought this change] cookies: only consider full path matches I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4 - [Eric Hu brought this change] axtls: prevent memleaks on SSL handshake failures - Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage" This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl (or the curl tool) that use wcsdup so there's no such memory use to track. It seems to cause mild problems with the Borland compiler though that we may avoid by reverting this change again. Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html - RELEASE-NOTES: synced with ae26ee3489588f0 Guenter Knauf (11 May 2013) - Updated zlib version in build files. Daniel Stenberg (9 May 2013) - [Renaud Guillard brought this change] OS X framework: fix invalid symbolic link Kamil Dudka (9 May 2013) - [Daniel Stenberg brought this change] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send Reported by: David Strauss Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html Daniel Stenberg (8 May 2013) - libtest: gitignore more binary files - servercert: allow empty subject Bug: http://curl.haxx.se/bug/view.cgi?id=1220 Patch by: John Gardiner Myers - [Steve Holme brought this change] tests: Added new SMTP tests to verify commit 99b40451836d - runtests.pl: support nonewline="yes" in client/stdin sections - build: fixed unit1394 for debug and metlink builds Kamil Dudka (6 May 2013) - unit1394.c: plug the curl tool unit test in - [Jared Jennings brought this change] unit1394.c: basis of a unit test for parse_cert_parameter() - src/Makefile.am: build static lib for unit tests if enabled - tool_getparam: ensure string termination in parse_cert_parameter() - tool_getparam: fix memleak in handling the -E option - tool_getparam: describe what parse_cert_parameter() does ... and de-duplicate the code initializing *passphrase - curl.1: document escape sequences recognized by -E - [Jared Jennings brought this change] curl -E: allow to escape ':' in cert nickname Marc Hoersken (5 May 2013) - curl_schannel.c: Fixed invalid memory access during SSL shutdown Steve Holme (4 May 2013) - smtp: Fix trailing whitespace warning - smtp: Fix compilation warning comparison between signed and unsigned integer expressions - RELEASE-NOTES: synced with 92ef5f19c801 - smtp: Updated RFC-2821 references to RFC-5321 - smtp: Fixed sending of double CRLF caused by first in EOB If the mail sent during the transfer contains a terminating then we should not send the first of the EOB as specified in RFC-5321. Additionally don't send the if there is "no mail data" as the DATA command already includes it. - tests: Corrected MAIL SIZE for CRLF line endings ... which was missed in commit: f5c3d9538452 - tests: Corrected infilesize for CRLF line endings ... which was missed in commit: f5c3d9538452 - tests: Corrected test1406 to be RFC2821 compliant - tests: Corrected test1320 to be RFC2821 compliant - tests: Corrected typo in test909 Introduced in commit: 514817669e9e - tests: Corrected test909 to be RFC2821 compliant - tests: Updated test references to 909 from 1411 ...and removed references to libcurl and test1406. - tests: Renamed test1411 to test909 as this is a main SMTP test Daniel Stenberg (1 May 2013) - [Lars Johannesen brought this change] bindlocal: move brace out of #ifdef The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two closing braces when it should only have one, so builds without that define would fail. Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html Steve Holme (30 Apr 2013) - smtp: Tidy up to move the eob counter to the per-request structure Move the eob counter from the smtp_conn structure to the SMTP structure as it is associated with a SMTP payload on a per-request basis. - TODO: Updated following the addition of CURLOPT_SASL_IR - smtp: Fixed unknown percentage complete in progress bar The curl command line utility would display the the completed progress bar with a percentage of zero as the progress routines didn't know the size of the transfer. Daniel Stenberg (29 Apr 2013) - ftpserver: silence warnings Fix regressions in commit b56e3d43e5d. Make @data local and filter off non-numerical digits from $testno in STATUS_imap. Steve Holme (29 Apr 2013) - ftpserver.pl: Corrected the imap LOGIN response ...to be more realistic and consistent with the other imap responses. - tests: Added imap STATUS command test - tests: Corrected the SMTP tests to be RFC2821 compliant The emails that are sent to the server during these tests were incorrectly formatted as they contained one or more LF terminated lines rather than being CRLF terminated as per Section 2.3.7 of RFC-2821. This wasn't a problem for the test suite as the data matched the data but anyone using these tests as reference would be sending incorrect data to a server. - email: Tidy up of *_perform_authenticate() Removed the hard returns from imap and pop3 by using the same style for sending the authentication string as smtp. Moved the "Other mechanisms not supported" check in smtp to match that of imap and pop3 to provide consistency between the three email protocols. - smtp: Updated limit check to be more readable like the check in pop3 - pop3: Added 255 octet limit check when sending initial response Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034. - DOCS: Corrected line length of recent Secure Transport changes Nick Zitzmann (27 Apr 2013) - darwinssl: add TLS crypto authentication Users using the Secure Transport (darwinssl) back-end can now use a certificate and private key to authenticate with a site using TLS. Because Apple's security system is based around the keychain and does not have any non-public function to create a SecIdentityRef data structure from data loaded outside of the Keychain, the certificate and private key have to be loaded into the Keychain first (using the certtool command line tool or the Security framework's C API) before we can find it and use it. Steve Holme (27 Apr 2013) - Corrected version numbers after bump Daniel Stenberg (27 Apr 2013) - bump version Since we're adding new stuff, the next release will bump the minor version and we're looking forward to 7.31.0 Steve Holme (27 Apr 2013) - RELEASE-NOTES: synced with f4e6e201b146 - DOCS: Updated following the addition of CURLOPT_SASL_IR Documented the the option in curl_easy_setopt() and added it to symbols-in-versions. - tests: Corrected command line arguments in test907 and test908 - tests: Added SMTP AUTH with initial response tests - tests: Updated SMTP tests to decouple client initial response Updated test903 and test904 following the addition of CURLOPT_SASL_IR as the default behaviour of SMTP AUTH responses is now to not include the initial response. New tests with --sasl-ir support to follow. - imap: Added support for overriding the SASL initial response In addition to checking for the SASL-IR capability the user can override the sending of the client's initial response in the AUTHENTICATION command with the use of CURLOPT_SASL_IR should the server erroneously not report SASL-IR when it does support it. - smtp: Added support for disabling the SASL initial response Updated the default behaviour of sending the client's initial response in the AUTH command to not send it and added support for CURLOPT_SASL_IR to allow the user to specify including the response. Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html Reported-by: Gokhan Sengun - pop3: Added support for enabling the SASL initial response Allowed the user to specify whether to send the client's intial response in the AUTH command via CURLOPT_SASL_IR. - sasl-ir: Added --sasl-ir option to curl command line tool - sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response Daniel Stenberg (26 Apr 2013) - curl_easy_init: use less mallocs By introducing an internal alternative to curl_multi_init() that accepts parameters to set the hash sizes, easy handles will now use tiny socket and connection hash tables since it will only ever add a single easy handle to that multi handle. This decreased the number mallocs in test 40 (which is a rather simple and typical easy interface use case) from 1142 to 138. The maximum amount of memory allocated used went down from 118969 to 78805. Steve Holme (26 Apr 2013) - ftpserver.pl: Fixed imap logout confirmation data An IMAP server should response with the BYE continuation response before confirming the LOGOUT command was successful. Daniel Stenberg (26 Apr 2013) - ftp_state_pasv_resp: connect through proxy also when set by env When connecting back to an FTP server after having sent PASV/EPSV, libcurl sometimes didn't use the proxy properly even though the proxy was used for the initial connect. The function wrongly checked for the CURLOPT_PROXY variable to be set, which made it act wrongly if the proxy information was set with an environment variable. Added test case 711 to verify (based on 707 which uses --socks5). Also added test712 to verify another variation of setting the proxy: with --proxy socks5:// Bug: http://curl.haxx.se/bug/view.cgi?id=1218 Reported-by: Zekun Ni Kamil Dudka (26 Apr 2013) - [Zdenek Pavlas brought this change] url: initialize speed-check data for file:// protocol ... in order to prevent an artificial timeout event based on stale speed-check data from a previous network transfer. This commit fixes a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e. Bug: https://bugzilla.redhat.com/906031 Daniel Stenberg (25 Apr 2013) - test709: clarify the test in the name - sshserver: disable StrictHostKeyChecking I couldn't figure out why the host key logic isn't working, but having it set to yes prevents my SSH-based test cases to run. I also don't see a strong need to use strict host key checking on this test server. So I disabled it. - runtests: log more commands in verbose mode ... to aid tracking down failures Steve Holme (25 Apr 2013) - TODO: Corrected copy/paste typo - TODO: Added new ideas for future SMTP, POP3 and IMAP features - TODO: Updated following the addition of ;auth= support - DOCS: Minor rewording / clarification of host name protocol detection - RELEASE-NOTES: synced with a8c92cb60890 - DOCS: Added reference to IETF draft for SMTP URL Interface ...when mentioning login options. Additional minor clarification of "Windows builds" to be "Windows builds with SSPI"as a way of enabling NTLM as Windows builds may be built with OpenSSL to enable NTLM or without NTLM support altogether. Linus Nielsen Feltzing (23 Apr 2013) - HISTORY: Fix spelling error. Steve Holme (23 Apr 2013) - DOCS: Reworked the scheme calculation explanation under CURLOPT_URL - url: Added smtp and pop3 hostnames to the protocol detection list Daniel Stenberg (23 Apr 2013) - HISTORY: correct some years/dates Thanks to archive.org's wayback machine I updated this document with some facts from the early httpget/urlget web page: http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html - [Alessandro Ghedini brought this change] tests: add test1511 to check timecond clean-up Verifies the timecond fix in commit c49ed0b6c0f - [Alessandro Ghedini brought this change] getinfo.c: reset timecond when clearing session-info variables Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783 Reported-by: Ludovico Cavedon Steve Holme (22 Apr 2013) - DOCS: Added information about login options to CURLOPT_USERPWD - DOCS: Added information about login options in the URL - url: Fixed missing length check in parse_proxy() Commit 11332577b3cb removed the length check that was performed by the old scanf() code. - url: Fixed crash when no username or password supplied for proxy Fixed an issue in parse_proxy(), introduced in commit 11332577b3cb, where an empty username or password (For example: http://:@example.com) would cause a crash. - url: Removed unused text length constants - url: Updated proxy URL parsing to use parse_login_details() - url: Tidy up of setstropt_userpwd() parameters Updated the naming convention of the login parameters to match those of other functions. - url: Tidy up of code and comments following recent changes Tidy up of variable names and comments in setstropt_userpwd() and parse_login_details(). - url: Simplified setstropt_userpwd() following recent changes There is no need to perform separate clearing of data if a NULL option pointer is passed in. Instead this operation can be performed by simply not calling parse_login_details() and letting the rest of the code do the work. - url: Correction to scope of if statements when setting data - url: Fixed memory leak in setstropt_userpwd() setstropt_userpwd() was calling setstropt() in commit fddb7b44a79d to set each of the login details which would duplicate the strings and subsequently cause a memory leak. - RELEASE-NOTES: synced with d535c4a2e1f7 - url: Added overriding of URL login options from CURLOPT_USERPWD - tool_paramhlp: Fixed options being included in username Fix to prevent the options from being displayed when curl requests the user's password if the following command line is specified: --user username;options - url: Added support for parsing login options from the CURLOPT_USERPWD In addition to parsing the optional login options from the URL, added support for parsing them from CURLOPT_USERPWD, to allow the following supported command line: --user username:password;options - url: Added bounds checking to parse_login_details() Added bounds checking when searching for the separator characters within the login string as this string may not be NULL terminated (For example it is the login part of a URL). We do this in preference to allocating a new string to copy the login details into which could then be passed to parse_login_details() for performance reasons. - url: Added size_t cast to pointer based length calculations - url: Corrected minor typo in comment Daniel Stenberg (18 Apr 2013) - CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling When cross-compiling we can't scan and detect existing files or paths. Bug: http://curl.haxx.se/mail/lib-2013-04/0294.html - [Ishan SinghLevett brought this change] usercertinmem.c: add example showing user cert in memory Relies on CURLOPT_SSL_CTX_FUNCTION, which is OpenSSL specific Steve Holme (18 Apr 2013) - url: Fix chksrc longer than 79 columns warning - url: Fix incorrect variable type for result code - url: Fix compiler warning signed and unsigned type in conditional expression - url: Moved parsing of login details out of parse_url_login() Separated the parsing of login details from the processing of them in parse_url_login() ready for use by setstropt_userpwd(). - url: Re-factored set_userpass() and parse_url_userpass() Re-factored these functions to reflect their new behaviour following the addition of login options. - url: Reworked URL parsing to allow overriding by CURLOPT_USERPWD Daniel Stenberg (18 Apr 2013) - maketgz: make bzip2 creation work with Parallel BZIP2 too Apparently the previous usage didn't work with that implementation, while this updated version works with at least both Parallel BZIP2 v1.1.8 and regular bzip "Version 1.0.6, 6-Sept-2010". Linus Nielsen Feltzing (18 Apr 2013) - Add tests/http_pipe.py to the tarball build Steve Holme (16 Apr 2013) - smtp: Re-factored all perform based functions Standardised the naming of all perform based functions to be in the form smtp_perform_something(). - smtp: Added description comments to all perform based functions - smtp: Moved smtp_quit() to be with the other perform functions - smtp: Moved smtp_rcpt_to() to be with the other perform functions - smtp: Moved smtp_mail() to be with the other perform functions Daniel Stenberg (16 Apr 2013) - [Wouter Van Rooy brought this change] curl-config: don't output static libs when they are disabled Curl-config outputs static libraries even when they are disabled in configure. This causes problems with the build of pycurl. - [Dave Reisner brought this change] docs/libcurl: fix formatting in manpage Commit c3ea3eb6 introduced some minor cosmetic errors in curl_mutli_socket_action(3). - [Paul Howarth brought this change] Add extra libs for lib1900 and lib2033 test programs These are needed in cases where clock_gettime is used, from librt. Dan Fandrich (15 Apr 2013) - FAQ: mention that the network connection can be monitored Also note the prohibition on sharing handles across threads. Steve Holme (15 Apr 2013) - pop3: Added missing comment for pop3_state_apop_resp() - smtp: Updated the coding style of smtp_state_servergreet_resp() Updated the coding style, in this function, to be consistant with other response functions rather then performing a hard return on failure. - pop3: Updated the coding style of pop3_state_servergreet_resp() Updated the coding style, in this function, to be consistent with other response functions rather then performing a hard return on failure. - pop3: Re-factored all perform based functions Standardised the naming of all perform based functions to be in the form pop3_perform_something() following the changes made to IMAP. - pop3: Added description comments to all perform based functions - pop3: Moved pop3_quit() to be with the other perform functions - pop3: Moved pop3_command() to be with the other perform functions Started to apply the same tidy up to the POP3 code as applied to the IMAP code in the 7.30.0 release. - RELEASE-NOTES: Removed erroneous spaces - RELEASE-NOTES: synced with 8723cade21fb - smtp: Added support for ;auth= in the URL Added support for specifying the preferred authentication mechanism in the URL as per Internet-Draft 'draft-earhart-url-smtp-00'. - pop3: Reworked authentication type constants ... to use left-shifted values, like those defined in curl.h, rather than 16-bit hexadecimal values. - pop3: Small consistency tidy up - pop3: Added support for ;auth= in the URL Added support for specifying the preferred authentication type and SASL mechanism in the URL as per RFC-2384. - imap: Added support for ;auth= in the URL Added support for specifying the preferred authentication mechanism in the URL as per RFC-5092. - sasl: Reworked SASL mechanism constants ... to use left-shifted values, like those defined in curl.h, rather than 16-bit hexadecimal values. - sasl: Added predefined preferred mechanism values In preparation for the upcoming changes to IMAP, POP3 and SMTP added preferred mechanism values. - url: Added support for parsing login options from the URL As well as parsing the username and password from the URL, added support for parsing the optional options part from the login details, to allow the following supported URL format: schema://username:password;options@example.com/path?q=foobar This will only be used by IMAP, POP3 and SMTP at present but any protocol that may be given login options in the URL will be able to add support for them. - smtp: Fix compiler warning warning: unused variable 'smtp' introduced in commit 73cbd21b5ee6. - smtp: Moved parsing of url path into separate function Daniel Stenberg (12 Apr 2013) - FTP: handle a 230 welcome response ...instead of the 220 we otherwise expect. Made the ftpserver.pl support sending a custom "welcome" and then created test 1219 to verify this fix with such a 230 welcome. Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html Reported by: Anders Havn - configure: try pthread_create without -lpthread For libc variants without a spearate pthread lib (like bionic), try using pthreads without the pthreads lib first and only if that fails try the -lpthread linker flag. Bug: http://curl.haxx.se/bug/view.cgi?id=1216 Reported by: Duncan - FTP: access files in root dir correctly Accessing a file with an absolute path in the root dir but with no directory specified was not handled correctly. This fix comes with four new test cases that verify it. Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html Reported by: Sam Deane Steve Holme (12 Apr 2013) - pop3: Reworked the function description for Curl_pop3_write() - pop3: Added function description to pop3_parse_custom_request() - pop3: Moved utility functions to end of pop3.c Nick Zitzmann (12 Apr 2013) - darwinssl: add TLS session resumption This ought to speed up additional TLS handshakes, at least in theory. Steve Holme (12 Apr 2013) - imap: Added function description to imap_parse_custom_request() - imap: Moved utility functions to end of imap.c (Part 3/3) Moved imap_is_bchar() be with the other utility based functions. - imap: Moved utility functions to end of imap.c (Part 2/3) Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the file allowing all utility functions to be grouped together. - imap: Moved utility functions to end of imap.c (Part 1/3) Moved imap_atom() and imap_sendf() to the end of the file allowing all utility functions to be grouped together. - imap: Corrected function description for imap_connect() Kamil Dudka (12 Apr 2013) - tests: prevent test206, test1060, and test1061 from failing ... in case runtests.pl is invoked with non-default -b option Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42. Daniel Stenberg (12 Apr 2013) - [David Strauss brought this change] libcurl-share.3: update what it does and does not share. Update sharing interface documentation to provide exhaustive list of what it does and does not share. - THANKS: remove duplicated names - bump: start working towards next release - THANKS: added people from the 7.30.0 RELEASE-NOTES Version 7.30.0 (12 Apr 2013) Daniel Stenberg (12 Apr 2013) - RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd20) Most notable the security advisory: http://curl.haxx.se/docs/adv_20130412.html - test1218: another cookie tailmatch test ... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html - [YAMADA Yasuharu brought this change] cookie: fix tailmatching to prevent cross-domain leakage Cookies set for 'example.com' could accidentaly also be sent by libcurl to the 'bexample.com' (ie with a prefix to the first domain name). This is a security vulnerabilty, CVE-2013-1944. Bug: http://curl.haxx.se/docs/adv_20130412.html Guenter Knauf (11 Apr 2013) - Enabled MinGW sync resolver builds. Yang Tse (10 Apr 2013) - if2ip.c: fix compiler warning Guenter Knauf (10 Apr 2013) - Fixed lost OpenSSL output with "-t" - followup. The previously applied patch didnt work on Windows; we cant rely on shell commands like 'echo' since they act diffently on each platform and each shell. In order to keep this script platform-independent the code must only use pure Perl. Daniel Stenberg (9 Apr 2013) - test1217: verify parsing 257 responses with "rubbish" before path Test 1217 verifies commit e0fb2d86c9f78, and without that change this test fails. - [Bill Middlecamp brought this change] FTP: handle "rubbish" in front of directory name in 257 responses When doing PWD, there's a 257 response which apparently some servers prefix with a comment before the path instead of after it as is otherwise the norm. Failing to parse this, several otherwise legitimate use cases break. Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html Guenter Knauf (9 Apr 2013) - Fixed ares-enabled builds with static makefiles. - Fixed lost OpenSSL output with "-t". The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM output wrote to a temporary file. Consequently, the OpenSSL output was lost when the temp file was renamed to the final file at script finish (overwriting the final file written earlier by openssl). Patch posted to the list by Richard Michael (rmichael edgeofthenet org). Daniel Stenberg (9 Apr 2013) - test1216: test tailmatching cookie domains This test is an attempt to repeat the problem YAMADA Yasuharu reported at http://curl.haxx.se/mail/lib-2013-04/0108.html - RELEASe-NOTES: synced with 29fdb2700f797 added "tcpkeepalive on Mac OS X" Nick Zitzmann (8 Apr 2013) - darwinssl: disable insecure ciphers by default I noticed that aria2's SecureTransport code disables insecure ciphers such as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later. That's a good idea, and now we do the same thing in order to prevent curl from accessing a "secure" site that only negotiates insecure ciphersuites. Daniel Stenberg (8 Apr 2013) - [Robert Wruck brought this change] tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSX MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single TCP_KEEPALIVE (see http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html). Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms. - configure: remove CURL_CHECK_FUNC_RECVFROM 1 - We don't use the results from the test and we never did. recvfrom() is only used by the TFTP code and it has not caused any problems. 2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow Steve Holme (8 Apr 2013) - RELEASE-NOTES: Corrected duplicate NTLM memory leaks - RELEASE-NOTES: Removed trailing full stop Daniel Stenberg (8 Apr 2013) - [Fabian Keil brought this change] proxy: make ConnectionExists() check credential of proxyconnections too Previously it only compared credentials if the requested needle connection wasn't using a proxy. This caused NTLM authentication failures when using proxies as the authentication code wasn't send on the connection where the challenge arrived. Added test 1215 to verify: NTLM server authentication through a proxy (This is a modified copy of test 67) - RELEASE-NOTES: sync with 704a5dfca9 - TODO-RELEASE: cleaned up, not really maintained lately Marc Hoersken (7 Apr 2013) - if2ip.c: Fixed another warning: unused parameter 'remote_scope' Daniel Stenberg (7 Apr 2013) - [Marc Hoersken brought this change] cookie.c: Made cookie sort function more deterministic Since qsort implementations vary with regards to handling the order of similiar elements, this change makes the internal sort function more deterministic by comparing path length first, then domain length and finally the cookie name. Spotted with testcase 62 on Windows. Marc Hoersken (7 Apr 2013) - curl_schannel.c: Follow up on memory leak fix ae4558d - Revert "getpart.pm: Strip carriage returns to fix Windows support" This reverts commit e51b23c925a2721cf7c29b2b376d3d8903cfb067. As discussed on the mailinglist, this was not the correct approach. - http_negotiate.c: Fixed passing argument from incompatible pointer type - ftp.c: Added missing brackets around ABOR command logic - sockfilt.c: Fixed detection of client-side connection close WINSOCK only: Since FD_CLOSE is only signaled once, it may trigger at the same time as FD_READ. Data actually being available makes it impossible to detect that the connection was closed by checking that recv returns zero. Another recv attempt could block the connection if it was not closed. This workaround abuses exceptfds in conjunction with readfds to signal that the connection has actually closed. - curl_schannel.c: Fixed memory leak if connection was not successful - if2ip.c: Fixed warning: unused parameter 'remote_scope' - runtests.pl: Fixed --verbose parameter passed to http_pipe.py - sockfilt.c: Reduce CPU load while running under a Windows PIPE - tftpd.c: Apply sread timeout to the whole data transfer session - getpart.pm: Strip carriage returns to fix Windows support Daniel Stenberg (6 Apr 2013) - ftp tests: libcurl returns CURLE_FTP_ACCEPT_FAILED better now Since commit 57aeabcc1a20f, it handles errors on the control connection while waiting for the data connection better. Test 591 and 592 are updated accordingly. - FTP: wait on both connections during active STOR state When doing PORT and upload (STOR), this function needs to extract the file descriptor for both connections so that it will respond immediately when the server eventually connects back. This flaw caused active connections to become unnecessary slow but they would still often work due to the normal polling on a timeout. The bug also would not occur if the server connected back very fast, like when testing on local networks. Bug: http://curl.haxx.se/bug/view.cgi?id=1183 Reported by: Daniel Theron Marc Hoersken (6 Apr 2013) - tftpd.c: Follow up cleanup and restore of previous sockopt Daniel Stenberg (6 Apr 2013) - [Kim Vandry brought this change] connect: treat an interface bindlocal() problem as a non-fatal error I am using curl_easy_setopt(CURLOPT_INTERFACE, "if!something") to force transfers to use a particular interface but the transfer fails with CURLE_INTERFACE_FAILED, "Failed binding local connection end" if the interface I specify has no IPv6 address. The cause is as follows: The remote hostname resolves successfully and has an IPv6 address and an IPv4 address. cURL attempts to connect to the IPv6 address first. bindlocal (in lib/connect.c) fails because Curl_if2ip cannot find an IPv6 address on the interface. This is a fatal error in singleipconnect() This change will make cURL try the next IP address in the list. Also included are two changes related to IPv6 address scope: - Filter the choice of address in Curl_if2ip to only consider addresses with the same scope ID as the connection address (mismatched scope for local and remote address does not result in a working connection). - bindlocal was ignoring the scope ID of addresses returned by Curl_if2ip . Now it uses them. Bug: http://curl.haxx.se/bug/view.cgi?id=1189 Marc Hoersken (6 Apr 2013) - tftpd.c: Fixed sread timeout on Windows by setting it manually - ftp.pm: Added tskill to support Windows XP Home - runtests.pl: Modularization of MinGW/Msys compatibility functions - ftp.pm: Made Perl testsuite able to handle Windows processes - util.c: Revert workaround eeefcdf, 6eb56e7 and e3787e8 - ftp.pm: Made Perl testsuite able to kill Windows processes - util.c: Follow up cleanup on eeefcdf Daniel Stenberg (6 Apr 2013) - cpp: use #ifdef __MINGW32__ to avoid compiler complaints ... instead of just #if Marc Hoersken (6 Apr 2013) - util.c: Made write_pidfile write the correct PID on MinGW/Msys This workaround fixes an issue on MinGW/Msys regarding the Perl testsuite scripts not being able to signal or control the server processes. The MinGW Perl runtime only sees the Msys processes and their corresponding PIDs, but sockfilt (and other servers) wrote the Windows PID into their PID-files. Since this PID is useless to the testsuite, the write_pidfile function was changed to search for the Msys PID and write that into the PID-file. Daniel Stenberg (5 Apr 2013) - RELEASE-NOTES: synced with 5e722b2d09087 3 more bug fixes, 6 more contributors Marc Hoersken (5 Apr 2013) - sockfilt.c: Fixed handling of multiple fds being signaled Kamil Dudka (5 Apr 2013) - curl_global_init.3: improve description of CURL_GLOBAL_ALL Reported by: Tomas Mlcoch - examples/multi-single.c: fix the order of destructions ... so that it adheres to the API documentation. Reported by: Tomas Mlcoch Daniel Stenberg (5 Apr 2013) - Curl_open: restore default MAXCONNECTS to 5 At some point recently we lost the default value for the easy handle's connection cache, and this change puts it back to 5 - which is the former default value and it is documented in the curl_easy_setopt.3 man page. Marc Hoersken (4 Apr 2013) - sockfilt.c: Added wrapper functions to fix Windows console issues The new read and write wrapper functions support reading from stdin and writing to stdout/stderr on Windows by using the appropriate Windows API functions and data types. Yang Tse (4 Apr 2013) - lib1509.c: fix compiler warnings - easy.c: fix compiler warning Daniel Stenberg (4 Apr 2013) - --engine: spellfix the help message Reported by: Fredrik Thulin Yang Tse (4 Apr 2013) - http_negotiate.c: follow-up for commit 3dcc1a9c Linus Nielsen Feltzing (4 Apr 2013) - easy: Fix the broken CURLOPT_MAXCONNECTS option Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in curl_easy_perform(). Bug: http://curl.haxx.se/bug/view.cgi?id=1212 Reported-by: Steven Gu Guenter Knauf (4 Apr 2013) - Updated copyright date. - Another small output fix for --help and --version. Yang Tse (4 Apr 2013) - http_negotiate.c: fix several SPNEGO memory handling issues Guenter Knauf (4 Apr 2013) - Added a cont to specify base64 line wrap. - Fixed version output. - Added support for --help and --version options. - Added option to specify length of base64 output. Based on a patch posted to the list by Richard Michael. Daniel Stenberg (3 Apr 2013) - curl_easy_setopt.3: CURLOPT_HTTPGET disables CURLOPT_UPLOAD - [Yasuharu Yamada brought this change] Curl_cookie_add: only increase numcookies for new cookies Count up numcookies in Curl_cookie_add() only when cookie is new one - SO_SNDBUF: don't set SNDBUF for win32 versions vista or later The Microsoft knowledge-base article http://support.microsoft.com/kb/823764 describes how to use SNDBUF to overcome a performance shortcoming in winsock, but it doesn't apply to Windows Vista and later versions. If the described SNDBUF magic is applied when running on those more recent Windows versions, it seems to instead have the reversed effect in many cases and thus make libcurl perform less good on those systems. This fix thus adds a run-time version-check that does the SNDBUF magic conditionally depending if it is deemed necessary or not. Bug: http://curl.haxx.se/bug/view.cgi?id=1188 Reported by: Andrew Kurushin Tested by: Christian Hägele Nick Zitzmann (1 Apr 2013) - darwinssl: additional descriptive messages of SSL handshake errors (This doesn't need to appear in the release notes.) Guenter Knauf (1 Apr 2013) - Added dns and connect time to output. Daniel Stenberg (1 Apr 2013) - RELEASE-NOTES: synced with 0614b902136 - code-policed - tcpkeepalive: support TCP_KEEPIDLE/TCP_KEEPINTVL on win32 Patch by: Robert Wruck Bug: http://curl.haxx.se/bug/view.cgi?id=1209 - BINDINGS: BBHTTP is a cocoa binding, Julia has a binding - ftp_sendquote: use PPSENDF, not FTPSENDF The last remaining code piece that still used FTPSENDF now uses PPSENDF. In the problematic case, a PREQUOTE series was done on a re-used connection when Curl_pp_init() hadn't been called so it had messed up pointers. The init call is done properly from Curl_pp_sendf() so this change fixes this particular crash. Bug: http://curl.haxx.se/mail/lib-2013-03/0319.html Reported by: Sam Deane Steve Holme (27 Mar 2013) - RELEASE-NOTES: Corrected typo Daniel Stenberg (27 Mar 2013) - [Clemens Gruber brought this change] multi-uv.c: remove unused variable - RELEASE-NOTES: add two references - test1509: verify proxy header response headers count Modified sws to support and use custom CONNECT responses instead of the previously naive hard-coded version. Made the HTTP test server able to extract test case number from the host name in a CONNECT request by finding the number after the last dot. It makes 'machine.moo.123' use test case 123. Adapted a larger amount of tests to the new style. Bug: http://curl.haxx.se/bug/view.cgi?id=1204 Reported by: Martin Jansen - [Clemens Gruber brought this change] Added libuv example multi-uv.c Yang Tse (25 Mar 2013) - NTLM: fix several NTLM code paths memory leaks - WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in WIN32 specific code, so tracking of these has not been extended for other build targets. Without this fix, memory tracking system on WIN32 builds, when using these functions, would provide misleading results. In order to properly extend this support for all targets curl.h would have to define curl_wcsdup_callback prototype and consequently wchar_t should be visible before that in curl.h. IOW curl_wchar_t defined in curlbuild.h and this pulling whatever system header is required to get wchar_t definition. Additionally a new curl_global_init_mem() function that also receives user defined wcsdup() callback would be required. - curl_ntlm_msgs.c: revert commit 463082bea4 reverts unreleased invalid memory leak fix Daniel Stenberg (23 Mar 2013) - RELEASE-NOTES: synced with bc6037ed3ec02 More changes, bugfixes and contributors! - [Martin Jansen brought this change] Curl_proxyCONNECT: count received headers Proxy servers tend to add their own headers at the beginning of responses. The size of these headers was not taken into account by CURLINFO_HEADER_SIZE before this change. Bug: http://curl.haxx.se/bug/view.cgi?id=1204 Steve Holme (21 Mar 2013) - sasl: Corrected a few violations of the curl coding standards Corrected some incorrectly positioned pointer variable declarations to be "char *" rather than "char* ". - multi.c: Corrected a couple of violations of the curl coding standards Corrected some incorrectly positioned pointer variable declarations to be "type *" rather than "type* ". - imap-tests: Added CRLF to reply data to be compliant with RFC-822 Updated the reply data in tests: 800, 801, 802, 804 and 1321 to possess the CRLF as per RFC-822. - multi.c: Fix compilation warning warning: an enumerated type is mixed with another type - multi.c: fix compilation error warning: conversion from enumeration type to different enumeration type - lib1900.c: fix compilation warning warning: declaration of 'time' shadows a global declaration Yang Tse (20 Mar 2013) - [John E. Malmberg brought this change] build_vms.com: use existing curlbuild.h and parsing fix This patch removes building curlbuild.h from the build_vms.com procedure and uses the one in the daily or release tarball instead. packages/vms/build_curlbuild_h.com is obsolete with this change. Accessing the library module name "tool_main" needs different handling when the optional extended parsing is enabled. Tested on IA64/VMS 8.4 and VAX/VMS 7.3 Nick Zitzmann (19 Mar 2013) - darwinssl: disable ECC ciphers under Mountain Lion by default I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are turned off until the next point release of OS X. Steve Holme (18 Mar 2013) - FEATURES: Small tidy up for constancy and grammar Daniel Stenberg (18 Mar 2013) - [Oliver Schindler brought this change] Curl_proxyCONNECT: clear 'rewindaftersend' on success After having done a POST over a CONNECT request, the 'rewindaftersend' boolean could be holding the previous value which could lead to badness. This should be tested for in a new test case! Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ Steve Holme (18 Mar 2013) - TODO: Reordered the protocol and security sections Moved SMTP, POP3, IMAP and New Protocol sections to be listed after the other protocols (FTP, HTTP and TELNET) and SASL to be after SSL and GnuTLS as these are all security related. Additionally fixed numbering of the SSL and GnuTLS sections as they weren't consecutive. Yang Tse (18 Mar 2013) - tests: specify 'text' mode for some output files in verify section Steve Holme (17 Mar 2013) - imap: Fixed incorrect initial response generation for SASL AUTHENTICATE Fixed incorrect initial response generation for the NTLM and LOGIN SASL authentication mechanisms when the SASL-IR was detected. Introduced in commit: 6da7dc026c14. - FEATURES: Expanded the supported enhanced IMAP command list - TODO: Corrected typo in TOC - TODO: Added IMAP section and removed unused Other protocols section - TODO: Added graceful base64 decoding failure to SMTP and POP3 - TODO: Corrected typo on section 10.2 heading Yang Tse (16 Mar 2013) - tests: 96, 558, 1330: strip build subdirectory dependent leading path Steve Holme (15 Mar 2013) - TODO: Added section 10.2 Initial response to POP3 to do list - imap-tests: Corrected copy/paste error in test808 reply data Yang Tse (15 Mar 2013) - unit1330.c: fix date - tests: add #96 #558 and #1330 These verfy that the 'memory tracking' subsystem is actually doing its job when using curl tool (#96), a test in libtest (#558) and also a unit test (#1330), in order to prevent regressions in this functionallity. Steve Holme (15 Mar 2013) - imap-tests: Added test808 for custom EXAMINE command Daniel Stenberg (15 Mar 2013) - HTTP proxy: insert slash in URL if missing curl has been accepting URLs using slightly wrong syntax for a long time, such as when completely missing as slash "http://example.org" or missing a slash when a query part is given "http://example.org?q=foobar". curl would translate these into a legitimate HTTP request to servers, although as was shown in bug #1206 it was not adjusted properly in the cases where a HTTP proxy was used. Test 1213 and 1214 were added to the test suite to verify this fix. The test HTTP server was adjusted to allow us to specify test number in the host name only without using any slashes in a given URL. Bug: http://curl.haxx.se/bug/view.cgi?id=1206 Reported by: ScottJi Steve Holme (14 Mar 2013) - ftpserver.pl: Added EXAMINE_imap() for IMAP EXAMINE commands Used hard coded data from RFC-3501 section 6.3.2. Yang Tse (14 Mar 2013) - curl_memory.h: introduce CURLX_NO_MEMORY_CALLBACKS usage possibility This commit alone does not fix anything nor modifies existing interfaces or behaviors, although it is a prerequisite for other fixes. - Makefile.vc6: add missing files Linus Nielsen Feltzing (14 Mar 2013) - pipelining: Remove dead code. - Multiple pipelines and limiting the number of connections. Introducing a number of options to the multi interface that allows for multiple pipelines to the same host, in order to optimize the balance between the penalty for opening new connections and the potential pipelining latency. Two new options for limiting the number of connections: CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections to the same host. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished, so we can reuse the connection. CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished. The free connection will then be reused, if possible, or closed if the pending handle can't reuse it. Several new options for pipelining: CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a pipeline is "full" when a connection is to be reused, a new connection will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it. If not, the handle will be put in a pending state until a connection is ready (either free or a pipe got shorter). CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a transfer with a content length that is larger than this. CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a chunk larger than this. CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow pipelining. CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow pipelining. See the curl_multi_setopt() man page for details. Yang Tse (13 Mar 2013) - tool_main.c: remove redundant vms_show storage-class specifier vms_show 'extern' storage-class specifier removed from tool_main.c due to... - Advice from Tor Arntsen: http://curl.haxx.se/mail/lib-2013-03/0164.html - HP OpenVMS docs stating that 'Extern is the default storage class for variables declared outside a function.' http://h71000.www7.hp.com/commercial/c/docs/dec_c_help_5.html (Storage_Classes section) - test509: libcurl initialization with memory callbacks and actual usage Steve Holme (13 Mar 2013) - pop3: Removed unnecessary transfer cancellation Following commit e450f66a02d8 and the changes in the multi interface being used internally, from 7.29.0, the transfer cancellation in pop3_dophase_done() is no longer required. Yang Tse (13 Mar 2013) - Makefile.am: add VMS files not being included in tarball - [Tom Grace brought this change] build_vms.com: VMS build fixes Added missing slash in cc_full_list. Removed unwanted extra quotes inside symbol tool_main for non-VAX architectures that triggered link failure. Replaced curl_sys_inc with sys_inc. - [Tom Grace brought this change] tool_main.c: fix VMS global variable storage-class specifier An extern submits a psect and a global reference to the linker to point to it. Using "extern int vms_show = 0" also creates a globaldef. The use of the extern by itself does declare a psect but does not declare a globalsymbol. It does declare a globalref. But the linker needs one and only one globaldef or there is an error. Patrick Monnerat (12 Mar 2013) - OS400: synchronize RPG binding Steve Holme (12 Mar 2013) - pop3: Fixed continuous wait when using --ftp-list Don't initiate a transfer when using --ftp-list. Kamil Dudka (12 Mar 2013) - [Zdenek Pavlas brought this change] curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag The flag can be used in pycurl-based applications where using the multi interface would not be acceptable because of the performance lost caused by implementing the select() loop in python. Bug: http://curl.haxx.se/bug/view.cgi?id=1168 Downstream Bug: https://bugzilla.redhat.com/919127 - easy: do not ignore poll() failures other than EINTR Yang Tse (12 Mar 2013) - curl.h: stricter CURL_EXTERN linkage decorations logic No API change involved. Info: http://curl.haxx.se/mail/lib-2013-02/0234.html Daniel Stenberg (11 Mar 2013) - THANKS: Latin-1'ified Jiri's name Steve Holme (11 Mar 2013) - test806: Added CRLF to reply data to be compliant with RFC-822 Daniel Stenberg (11 Mar 2013) - test805: added crlf newlines to make data size match since mails sent are supposed to have CRLF line endings I added them and now the data size after (\Seen) matches again properly - test: fix newline for the data check of 807 Yang Tse (11 Mar 2013) - test801 to test807: fix protocol section line endings Steve Holme (10 Mar 2013) - Makefile.am: Corrected a couple of spurious tab characters Corrected a couple of tab characters between test702 and test703, and between test900 and test901 which should be spaces. - [Jiri Hruska brought this change] imap: Added test807 for custom request functionality (STORE) - [Jiri Hruska brought this change] imap: Added test806 for IMAP (folder) LIST command - [Jiri Hruska brought this change] imap: Added test805 for APPEND functionality - [Jiri Hruska brought this change] imap: Added test804 for skipping SELECT if in the same mailbox - [Jiri Hruska brought this change] imap: Added test802 and test803 for UIDVALIDITY verification Added one test for a request with matching UIDVALIDITY and one which is a mismatched request that will fail. - [Jiri Hruska brought this change] imap: Added test801 for UID and SECTION URL parameters - [Jiri Hruska brought this change] imap-tests: Accept quoted parameters in ftpserver.pl Any IMAP parameter can come in escaped and in double quotes. Added a simple function to unquote the command parameters and applied it to the IMAP command handlers. - [Jiri Hruska brought this change] tests: Fix ftpserver.pl indentation The whole of FETCH_imap() had one extra space of indentation, whilst APPEND_imap() used indentation of 2 instead of 4 in places. - Makefile.am: Corrected end of line filler character The majority of lines, that specify a test file for inclusion, end with a tab character before the slash whilst some end with a space. Corrected those that end with a space to end with a tab character as well. - email-tests: Updated the test data that corresponds to the test number Finished segregating the email protocol tests, into their own protocol based ranges, in preparation of adding more e-mail related tests to the test suite. - email-tests: Renamed the IMAP test to be 800 Continued segregating the email protocol tests, into their own protocol based ranges, in preparation of adding more e-mail related tests to the test suite. - email-tests: Renamed the SMTP tests to be in the range 900-906 Continued segregating the email protocol tests, into their own protocol based ranges, in preparation of adding more e-mail related tests to the test suite. - email-tests: Renamed the POP3 tests to be in the range 850-857 Started segregating the email protocol tests, into their own protocol based ranges, in preparation of adding more e-mail related tests to the test suite. Daniel Stenberg (10 Mar 2013) - hiperfifo: updated to use current libevent API Patch by: Myk Taylor Steve Holme (10 Mar 2013) - imap: Reworked some function descriptions - imap: Added some missing comments to imap_sendf() - email: Removed hard returns from init functions Daniel Stenberg (9 Mar 2013) - curl_multi_wait: avoid second loop if nothing to do ... hopefully this will also make clang-analyzer stop warning on potentional NULL dereferences (which were false positives anyway). - multi_runsingle: avoid NULL dereference When Curl_do() returns failure, the connection pointer could be NULL so the code path following needs to that that into account. Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html Reported by: Eric Hu Steve Holme (9 Mar 2013) - imap: Re-factored all perform based functions Standardised the naming of all perform based functions to be in the form imap_perform_something(). Daniel Stenberg (9 Mar 2013) - [Cédric Deltheil brought this change] examples/getinmemory.c: abort the transfer if not enough memory No more use exit(3) but instead tell libcurl that no byte has been written to let it return a `CURLE_WRITE_ERROR`. In addition, check curl easy handle return code. - RELEASE-NOTES: synced with ca3c0ed3a9c 8 more bugfixes, one change and a bunch of contributors Yang Tse (9 Mar 2013) - Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility Steve Holme (9 Mar 2013) - imap: Added description comments to all perform based functions - imap: Removed the need for separate custom request functions Moved the custom request processing into the LIST command as the logic is the same. - imap: Corrected typo in comment Yang Tse (9 Mar 2013) - Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility Steve Holme (9 Mar 2013) - imap: Moved imap_logout() to be grouped with the other perform functions - email: Updated the function descriptions for the logout / quit functions Updated the function description comments following commit 4838d196fdbf. - email: Simplified the logout / quit functions Moved the blocking state machine to the disconnect functions so that the logout / quit functions are only responsible for sending the actual command needed to logout or quit. Additionally removed the hard return on failure. - email: Tidied up the *_regular_transfer() functions Added comments and simplified convoluted dophase_done comparison. - email: Simplified nesting of if statements in *_doing() functions Daniel Stenberg (8 Mar 2013) - RELEASE-NOTES: mention that krb4 is up for consideration Steve Holme (8 Mar 2013) - imap: Fixed handling of untagged responses for the STORE custom command Added an exception, for the STORE command, to the untagged response processor in imap_endofresp() as servers will back respones containing the FETCH keyword instead. Yang Tse (8 Mar 2013) - curlbuild.h.dist: enhance non-configure GCC ABI detection logic GCC specific adjustments: - check __ILP32__ before 32 and 64bit processor architectures in order to detect ILP32 programming model on 64 bit processors which, of course, also support LP64 programming model, when using gcc 4.7 or newer. - keep 32bit processor architecture checks in order to support gcc versions older than 4.7 which don't define __ILP32__ - check __LP64__ for gcc 3.3 and newer, while keeping 64bit processor architecture checks for older versions which don't define __LP64__ - curlbuild.h.dist: fix GCC build on ARM systems without configure script Bug: http://curl.haxx.se/bug/view.cgi?id=1205 Reported by: technion - [Gisle Vanem brought this change] polarssl.c: fix header filename typo - configure: use XC_LIBTOOL for portability across libtool versions - xc-lt-iface.m4: provide XC_LIBTOOL macro Steve Holme (7 Mar 2013) - imap: Fixed SELECT not being performed for custom requests - email: Minor code tidy up following recent changes Removed unwanted braces and added variable initialisation. - DOCS: Corrected the IMAP URL grammar of the UIDVALIDITY parameter - FEATURES: Provided a little clarity in some IMAP features - email: Optimised block_statemach() functions Optimised the result test in each of the block_statemach() functions. - DOCS: Added the list command to the IMAP URL section Added examples of the list command and clarified existing example URLs following recent changes. - FEATURES: Updated for recent imap additions Updated the imap features list, corrected a typo in the smtp features and clarified a pop3 feature. Daniel Stenberg (7 Mar 2013) - version bump: the next release will be 7.30.0 - checksrc: ban unsafe functions The list of unsafe functions currently consists of sprintf, vsprintf, strcat, strncat and gets. Subsequently, some existing code needed updating to avoid warnings on this. Steve Holme (7 Mar 2013) - RELEASE-NOTES: Added missing imap fixes and additions With all the recent imap changes it wasn't clear what new features and fixes should be included in the release notes. Nick Zitzmann (6 Mar 2013) - RELEASE-NOTES: brought this up-to-date with the latest changes Steve Holme (6 Mar 2013) - [Jiri Hruska brought this change] imap: Fixed test801 and test1321 to specify a message UID Just a folder list would be retrieved if UID was not specified now. - [Jiri Hruska brought this change] imap: Fixed ftpserver.pl to allow verification even through LIST command Commit 198012ee inadvertently broke LIST_imap(). - imap: Tidied up the APPEND and final APPEND response functions Removed unnecessary state changes on failure and setting of result codes on success. - imap: Tidied up the final FETCH response function Removed unnecessary state change on failure and setting of result code on success. - imap: Tidied up the LIST response function Reworked comments as they referenced custom commands, removed unnecessary state change on failure and setting of result code on success. - imap: Removed the custom request response function Removed imap_state_custom_resp() as imap_state_list_resp() provides the same functionality. - [Jiri Hruska brought this change] imap: Updated ftpserver.pl to be more compliant, added new commands Enriched IMAP capabilities of ftpserver.pl in order to be able to add tests for the new IMAP features. * Added support for APPEND - Saves uploaded data to log/upload.$testno * Added support for LIST - Returns the contents of section in the current test, like e.g FETCH. * Added support for STORE - Returns hardcoded updated flags * Changed handling of SELECT - Returns much more information in the usual set of untagged responses; uses hardcoded data from an example in the IMAP RFC * Changed handling of FETCH - Fixed response format - imap: Added check for empty UID in FETCH command As the UID has to be specified by the user for the FETCH command to work correctly, added a check to imap_fetch(), although strictly speaking it is protected by the call from imap_perform(). Kamil Dudka (6 Mar 2013) - nss: fix misplaced code enabling non-blocking socket mode The option needs to be set on the SSL socket. Setting it on the model takes no effect. Note that the non-blocking mode is still not enabled for the handshake because the code is not yet ready for that. Daniel Stenberg (6 Mar 2013) - imap: fix compiler warning imap.c:694:21: error: unused variable 'imapc' [-Werror=unused-variable] Steve Holme (5 Mar 2013) - imap: Added support for list command - imap: Added list perform and response handler functions - imap: Introduced IMAP_LIST state - imap: Small tidy up of imap_select() to match imap_append() Updated the style of imap_select() before adding the LIST command. - imap: Moved mailbox check from the imap_do() function In preparation for the addition of the LIST command, moved the mailbox check from imap_do() to imap_select() and imap_append(). - curl_setup.h: Added S_IRDIR() macro for compilers that don't support it Commit 26eaa8383001 introduces the use of S_ISDIR() yet some compilers, such as MSVC don't support it, so we must define a substitute using file flags and mask. Daniel Stenberg (4 Mar 2013) - AddFormData: prevent only directories from being posted Commit f4cc54cb4746ae5a6d (shipped as part of the 7.29.0 release) was a bug fix that introduced a regression in that while trying to avoid allowing directory names, it also forbade "special" files like character devices and more. like "/dev/null" as was used by Oliver who reported this regression. Reported by: Oliver Gondža Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html Nick Zitzmann (3 Mar 2013) - darwinssl: fix infinite loop if server disconnected abruptly If the server hung up the connection without sending a closure alert, then we'd keep probing the socket for data even though it's dead. Now we're ready for this situation. Bug: http://curl.haxx.se/mail/lib-2013-03/0014.html Reported by: Aki Koskinen Steve Holme (3 Mar 2013) - imap: Added comments to imap_append() - [Jiri Hruska brought this change] imap: Added required mailbox check for FETCH and APPEND commands - pingpong.c: Fix enumerated type mixed with another type - smtp: Updated the coding style for state changes after a send operation Some state changes would be performed after a failure test that performed a hard return, whilst others would be performed within a test for success. Updated the code, for consistency, so all instances are performed within a success test. - pop3: Updated the coding style for state changes after a send operation Some state changes would be performed after a failure test that performed a hard return, whilst others would be performed within a test for success. Updated the code, for consistency, so all instances are performed within a success test. - imap: Fixed typo in variable assignment - [Jiri Hruska brought this change] imap: Fixed custom request handling in imap_done() Fixed imap_done() so that neither the FINAL states are not entered when a custom command has been performed. - [Jiri Hruska brought this change] imap: Enabled custom requests in imap_select_resp() Changed imap_select_resp() to invoke imap_custom() instead of imap_fetch() after the mailbox has been selected if a custom command has been set. - [Jiri Hruska brought this change] imap: Enabled custom requests in imap_perform() Modified imap_perform() to start with the custom command instead of SELECT when a custom command is to be performed and no mailbox has been given. - [Jiri Hruska brought this change] imap: Added custom request perform and response handler functions Added imap_custom(), which initiates the custom command processing, and an associated response handler imap_state_custom_resp(), which handles any responses by sending them to the client as body data. All untagged responses with the same name as the first word of the custom request string are accepted, with the exception of SELECT and EXAMINE which have responses that cannot be easily identified. An extra check has been provided for them so that any untagged responses are accepted for them. - pop3: Fixed unnecessary parent structure reference Updated pop3 code following recent imap changes. - [Jiri Hruska brought this change] imap: Added custom request parsing Added imap_parse_custom_request() for parsing the CURLOPT_CUSTOMREQUEST parameter which URL decodes the value and separates the request from any parameters - This makes it easier to filter untagged responses by the request command. - [Jiri Hruska brought this change] imap: Introduced custom request parameters Added custom request parameters to the per-request structure. - [Jiri Hruska brought this change] imap: Introduced IMAP_CUSTOM state - imap: Minor code tidy up Minor tidy up of code layout and comments following recent changes. - imap: Simplified the imap_state_append_resp() function Introduced the result code variable to simplify the state changes and remove the hard returns. - imap: Changed successful response logic in imap_state_append_resp() For consistency changed the logic of the imap_state_append_resp() function to test for an unsucessful continuation response rather than a succesful one. - imap: Standardised imapcode condition tests For consistency changed two if(constant != imapcode) tests to be if(imapcode != constant). - imap: Moved imap_append() to be with the other perform functions - [Jiri Hruska brought this change] imap: Enabled APPEND support in imap_perform() Added logic in imap_perform() to perform an APPEND rather than SELECT and FETCH if an upload has been specified. - [Jiri Hruska brought this change] imap: Implemented APPEND final processing The APPEND operation needs to be performed in several steps: 1) We send " APPEND {}\r\n" 2) Server responds with continuation respose "+ ...\r\n" 3) We start the transfer and send bytes of data 4) Only now we end the request command line by sending "\r\n" 5) Server responds with " OK ...\r\n" This commit performs steps 4 and 5, in the DONE phase, as more processing is required after the transfer. - [Jiri Hruska brought this change] imap: Added APPEND perform and response handler functions Added imap_append() function to initiate upload and imap_append_resp() to handle the continuation response and start the transfer. - [Jiri Hruska brought this change] imap: Introduced IMAP_APPEND and IMAP_APPEND_FINAL states - [Jiri Hruska brought this change] imap: Updated setting of transfer variables in imap_state_fetch_resp() Add number of bytes retrieved from the PP cache to req.bytecount and set req.maxdownload only when starting a proper download. - [Jiri Hruska brought this change] imap: Improved FETCH response parsing Added safer parsing of the untagged FETCH response line and the size of continuation data. - imap: Fixed accidentally lossing the result code Accidentally lost the result code in imap_state_capability() and imap_state_login() with commit b06a78622609. - imap: Another minor comment addition / tidy up - imap: Updated the coding style for state changes after a send operation Some state changes would be performed after a failure test that performed a hard return, whilst others would be performed within a test for success. Updated the code, for consistency, so all instances are performed within a success test. - pop3 / smtp: Small comment tidy up Small tidy up to keep some comments consistant across each of the email protocols. - [Jiri Hruska brought this change] imap: FETCH response handler cleanup before further changes Removed superfluous NULL assignment after Curl_safefree() and rewrote some comments and logging messages. - pop3: Small tidy up of function arguments - imap: Small tidy up of function arguments - smtp: Corrected debug message for POP3_AUTH_FINAL constant Following commit ad3177da24b8 corrected the debug message in state() from AUTH to AUTH_FINAL. - pop3: Corrected debug message for POP3_AUTH_FINAL constant Following commit afad1ce753a1 corrected the debug message in state() from AUTH to AUTH_FINAL. - imap: Corrected debug message for IMAP_AUTHENTICATE_FINAL constant Following commit 13006f3de9ec corrected the debug message in state() from AUTHENTICATE to AUTHENTICATE_FINAL. - [Jiri Hruska brought this change] imap: Fixed error code returned for invalid FETCH response If the FETCH command does not result in an untagged response the the UID is probably invalid. As such do not return CURLE_OK. - [Jiri Hruska brought this change] imap: Added processing of the final FETCH responses Not processing the final FETCH responses was not optimal, not only because the response code would be ignored but it would also leave data unread on the socket which would prohibit connection reuse. - [Jiri Hruska brought this change] imap: Introduced FETCH_FINAL state for processing final fetch responses A typical FETCH response can be broken down into four parts: 1) "* FETCH ( {}\r\n", using continuation syntax 2) bytes of the actual message 3) ")\r\n", finishing the untagged response 4) " OK ...", finishing the command Part 1 is read in imap_fetch_resp(), part 2 is consumed in the PERFORM phase by the transfer subsystem, parts 3 and 4 are currently ignored. - imap: fix autobuild warning Removed whitespace from imap_perform() - imap: fix compiler warning error: declaration of 'imap' shadows a previous local - smtp: Re-factored the final SMTP_AUTH constant Changed the final SMTP_AUTH constant to SMTP_AUTH_FINAL for consistency with the response function. - pop3: Re-factored the final POP3_AUTH constant Changed the final POP3_AUTH constant to POP3_AUTH_FINAL for consistency with the response function. - imap: Re-factored final IMAP_AUTHENTICATE constant Changed the final IMAP_AUTHENTICATE constant to IMAP_AUTHENTICATE_FINAL for consistency with the response function. - imap: Updated the coding style of imap_state_servergreet_resp() Updated the coding style, in this function, to be consistant with other response functions rather then performing a hard return on failure. - imap: Reversed the logic of the (un)successful tagged SELECT response Reversed the logic of the unsuccessful vs successful tagged SELECT response in imap_state_select_resp() to be more logical to read. - imap: Reversed the logic of the (un)successful tagged CAPABILITY response Reversed the logic of the unsuccessful vs successful tagged CAPABILITY response in imap_state_capability_resp() to be more logical to read. - imap: Corrected char* references with char * Corrected char* references made in commit: 709b3506cd9b. - [Jiri Hruska brought this change] imap: Added processing of more than one response when sent in same packet Added a loop to imap_statemach_act() in which Curl_pp_readresp() is called until the cache is drained. Without this multiple responses received in a single packet could result in a hang or delay. - [Jiri Hruska brought this change] imap: Added skipping of SELECT command if already in the same mailbox Added storage and checking of the last mailbox userd to prevent unnecessary switching. - [Jiri Hruska brought this change] imap: Introduced the mailbox variable Added the mailbox variable to the per-connection structure in preparation for checking for an already selected mailbox. - email: Slight reordering of connection based variables Reordered the state and ssl_done variables in order to provide more consistency between the email protocols as well as for for an upcoming change. - imap: Tidied up comments for connection based variables - DOCS: Added the IMAP UIDVALIDITY property to the CURLOPT_URL section - [Jiri Hruska brought this change] imap: Added verification of UIDVALIDITY mailbox attribute Added support for checking the UIDVALIDITY, and aborting the request, if it has been specified in the URL and the server response is different. - [Jiri Hruska brought this change] imap: Added support for parsing the UIDVALIDITY property Added support for parsing the UIDVALIDITY property from the SELECT response and storing it in the per-connection structure. - [Jiri Hruska brought this change] imap: Introduced the mailbox_uidvalidity variable Added the mailbox_uidvalidity variable to the per-connection structure in preparation for checking the UIDVALIDITY mailbox attribute. - imap: Corrected comment in imap_endofresp() - imap: Corrected whitespace - [Jiri Hruska brought this change] imap: Added filtering of CAPABILITY and FETCH untagged responses Only responses that contain "CAPABILITY" and "FETCH", respectively, will be sent to their response handler. - [Jiri Hruska brought this change] imap: Added a helper function for upcoming untagged response filtering RFC 3501 states that "the client MUST be prepared to accept any response at all times" yet we assume anything received with "* " at the beginning is the untagged response we want. Introduced a helper function that checks whether the input looks like a response to specified command, so that we may filter the ones we are interested in according to the current state. - [Jiri Hruska brought this change] imap: Moved CAPABILITY response handling to imap_state_capability_resp() Introduced similar handling to the FETCH responses, where even the untagged data responses are handled by the response handler of the individual state. Linus Nielsen Feltzing (26 Feb 2013) - Remove unused variable in smtp_state_data_resp() Steve Holme (25 Feb 2013) - email: Small tidy up following recent changes - smtp: Removed bytecountp from the per-request structure Removed this pointer to a downloaded bytes counter because it was set in smtp_init() to point to the same variable the transfer functions keep the count in (k->bytecount), effectively making the code in transfer.c "*k->bytecountp = k->bytecount" a no-op. - pop3: Removed bytecountp from the per-request structure Removed this pointer to a downloaded bytes counter because it was set in pop3_init() to point to the same variable the transfer functions keep the count in (k->bytecount), effectively making the code in transfer.c "*k->bytecountp = k->bytecount" a no-op. - [Jiri Hruska brought this change] imap: Removed bytecountp from the per-request structure Removed this pointer to a downloaded bytes counter because it was set in imap_init() to point to the same variable the transfer functions keep the count in (k->bytecount), effectively making the code in transfer.c "*k->bytecountp = k->bytecount" a no-op. - [Jiri Hruska brought this change] imap: Adjusted SELECT and FETCH function order Moved imap_select() and imap_fetch() to be grouped with the other perform functions. - [Jiri Hruska brought this change] imap: Adjusted SELECT and FETCH state order in imap_statemach_act() Exchanged the position of these states in the switch statements to match the state enum, execution and function order. - imap: Minor tidy up of comments in imap_parse_url_path() Tidy up of comments before next round of imap changes. - imap: Fixed incorrect comparison for STARTTLS in imap_endofresp() Corrected the comparison type in addition to commit 1dac29fa83a9. - DOCS: Corrected IMAP URL examples according to RFC5092 URL examples that included the UID weren't technically correct although would pass the curl parser. Nick Zitzmann (24 Feb 2013) - darwinssl: fix undefined $ssllib warning in runtests.pl I also added --with-darwinssl to the list of SSL options in configure. Steve Holme (24 Feb 2013) - imap: Added check for new internal imap response code - imap: Changed the order of the response types in imap_endofresp() From a maintenance point of view the code reads better to view tagged responses, then untagged followed by continuation responses. Additionally, this matches the order of responses in POP3. - [Jiri Hruska brought this change] imap: Added stricter parsing of continuation responses Enhanced the parsing to only allow continuation responses in some states. - imap: Simplified memcmp() in tagged response parsing - [Jiri Hruska brought this change] imap: Reworked the logic of untagged command responses - imap: Corrected spacing of trailing brace - [Jiri Hruska brought this change] imap: Added stricter parsing of tagged command responses Enhanced the parsing of tagged responses which must start with "OK", "NO" or "BAD" - [Jiri Hruska brought this change] imap: Simplified command response test in imap_endofresp() - [Jiri Hruska brought this change] imap: Corrected comment in imap_endofresp() - DOCS: Corrected layout of POP3 and IMAP URL examples Corrected layout issues with the POP3 and IMAP URL examples introduced in commit cb3ae6894fb2. - DOCS: Updated CURLOPT_URL section following recent POP3 and IMAP changes Updated the POP3 sub-section to refer to message ID rather than mailbox. Added an IMAP sub-section with example URLs depicting the specification of mailbox, uid and section. - pop3: Refactored the mailbox variable as it didn't reflect it's purpose Updated the mailbox variable to correctly reflect it's purpose. The name mailbox was a leftover from when IMAP and POP3 support was initially added to curl. - FEATURES: Updated following recent IMAP changes - [Jiri Hruska brought this change] imap: Added the ability to FETCH a specific UID and SECTION Updated the FETCH command to send the UID and SECTION parsed from the URL. By default the BODY specifier doesn't include a section, BODY[] is now sent whereas BODY[TEXT] was previously sent. In my opinion retrieving just the message text is rarely useful when dealing with emails, as the headers are required for example, so that functionality is not retained. In can however be simulated by adding SECTION=TEXT to the URL. Also updated test801 and test1321 due to the BODY change. - email: Additional tidy up of comments following recent changes - smtp: Removed some FTP heritage leftovers Removed user and passwd from the SMTP struct as these cannot be set on a per-request basis and are leftover from legacy FTP code. Changed some comments still using FTP terminology. - smtp: Moved the per-request variables to the per-request data structure Moved the rcpt variable from the per-connection struct smtp_conn to the new per-request struct and fixed references accordingly. - pop3: Introduced a custom SMTP structure for per-request data Created a new SMTP structure and changed the type of the smtp proto variable in connectdata from FTP* to SMTP*. unknown (23 Feb 2013) - [Steve Holme brought this change] imap: Minor correction of comments for max line length Daniel Stenberg (23 Feb 2013) - strcasestr: remove check for this unused function - pop3: fix compiler warning error: declaration of 'pop3' shadows a previous local Steve Holme (23 Feb 2013) - [Jiri Hruska brought this change] imap: Added URL parsing of new variables Updated the imap_parse_url_path() function to parse uidvalidity, uid and section parameters based on RFC-5092. - [Jiri Hruska brought this change] imap: Introduced imap_is_bchar() function Added imap_is_bchar() for testing if a given character is a valid bchar or not. - [Jiri Hruska brought this change] imap: Introduced new per-request veriables Added uidvalidity, uid and section variables to the per-request IMAP structure in preparation for upcoming URL parsing. - pingpong: Renamed curl_ftptransfer to curl_pp_transfer - pop3: Removed some FTP heritage leftovers Removed user and passwd from the POP3 struct as these cannot be set on a per-request basis and are leftover from legacy FTP code. Changed some comments still using FTP terminology. - pop3: Moved the per-request variables to the per-request data structure Moved the mailbox and custom request variables from the per-connection struct pop3_conn to the new per-request struct and fixed references accordingly. - pop3: Introduced a custom POP3 structure for per-request data Created a new POP3 structure and changed the type of the pop3 proto variable in connectdata from FTP* to POP*. - [Jiri Hruska brought this change] imap: Fixed escaping of mailbox names Used imap_atom() to escape mailbox names in imap_select(). - pingpong: Moved curl_ftptransfer definition to pingpong.h Moved the ftp transfer structure into pingpong.h so other protocols that require it don't have to include ftp.h. - urldata.h: Fixed comment for opt_no_body variable Corrected comment for opt_no_body variable to CURLOPT_NOBODY. - email: Minor tidy up following IMAP changes - [Jiri Hruska brought this change] imap: Removed more FTP leftovers Changed some variables and comments still using FTP terminology. - [Jiri Hruska brought this change] imap: Removed some FTP heritage leftovers Removed user and passwd from the IMAP struct as these cannot be set on a per-request basis and are leftover from legacy FTP code. - [Jiri Hruska brought this change] imap: Introduced a custom IMAP structure for per-request data Created a new IMAP structure and changed the type of the imap proto variable in connectdata from FTP* to the new IMAP*. Moved the mailbox variable from the per-connection struct imap_conn to the new per-request struct and fixed references accordingly. - pop3: Updated do phrase clean-up comment Following commit 65644b833532 for the IMAP module updated the clean-up comment in POP3. - imap: Fixed memory leak when performing multiple selects Moved the clean-up of the mailbox variable from imap_disconnect() to imap_done() as this variable is allocated in the do phase, yet would have only been freed only once if multiple selects where preformed on a single connection. Daniel Stenberg (22 Feb 2013) - [Alexander Klauer brought this change] Documentation: Typo in docs/CONTRIBUTE Fixes a typo get → git in docs/CONTRIBUTE. - [Alexander Klauer brought this change] repository: ignore patch files generated by git Ignores the patch files generated by the 'git format-patch' command. - [Alexander Klauer brought this change] libcurl documentation: clarifications and typos * Elaborates on default values of some curl_easy_setopt() options. * Reminds the user to cast variadic arguments to curl_easy_setopt() to 'void *' where curl internally interprets them as such. * Clarifies the working of the CURLOPT_SEEKFUNCTION option for curl_easy_setopt(). * Fixes typo 'forth' → 'fourth'. * Elaborates on CURL_SOCKET_TIMEOUT. * Adds some missing periods. * Notes that the return value of curl_version() must not be passed to free(). - [Alexander Klauer brought this change] lib/url.c: Generic read/write data pointers Always interprets the pointer passed with the CURLOPT_WRITEDATA or CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in order to avoid problems in environments where FILE and void pointers have non-trivial conversion. - [Alexander Klauer brought this change] libcurl documentation: updates HTML index * Adds several links to documentation of library functions which were missing. * Marks documentation of deprecated library functions "(deprecated)". * Removes spurious .html suffixes. - ossl_seed: avoid recursive seeding! Steve Holme (22 Feb 2013) - [Jiri Hruska brought this change] Fixed checking the socket if there is data waiting in the cache Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is more data to be received, rather than the socket state, as a task could hang waiting for more data from the socket itself. - imap.c: Fixed an incorrect variable reference Fixed an incorrect variable reference which was introduced in commit a1701eea289f as a result of a copy and paste from SMTP/POP3. - [Jiri Hruska brought this change] pingpong: Introduce Curl_pp_moredata() A simple function to test whether the PP is not sending and there are still more data in its receiver cache. This will be later utilized to: 1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to not test socket state and just call user's statemach_act() function when there are more data to process, because otherwise the task would just hang, waiting for more data from the socket. 2) Allow PP users to read multiple responses by looping as long as there are more data available and current phase is not finished. (Currently needed for correct processing of IMAP SELECT responses.) Nick Zitzmann (19 Feb 2013) - FEATURES: why yes, we do support metalink I just noticed Metalink support wasn't listed as a feature of the tool. - metalink: fix improbable crash parsing metalink filename The this_url pointer wasn't being initialized, so if strdup() would return null when copying the filename in a metalink file, then hilarity would ensue during the cleanup phase. This change was brought to you by clang, which noticed this and raised a warning. Yang Tse (19 Feb 2013) - smtp.c: fix enumerated type mixed with another type - polarssl threadlock cleanup Nick Zitzmann (18 Feb 2013) - docs: schannel and darwinssl documentation improvements Schannel and darwinssl use the certificates built into the OS to do vert verification instead of bundles. darwinssl is thread-safe. Corrected typos in the NSS docs. Daniel Stenberg (18 Feb 2013) - resolver_error: remove wrong error message output The attempt to use gai_strerror() or alternative function didn't work as the 'sock_error' field didn't contain the proper error code. But since this hasn't been reported and thus isn't really a big deal I decided to just scrap the whole attempt to output the detailed resolver error and instead remain with just stating that the resolving of the name failed. - [Kim Vandry brought this change] Curl_resolver_is_resolved: show proper host name on failed resolve - Curl_resolver_is_resolved: fix compiler warning conversion to 'int' from 'long int' may alter its value - compiler warning fix follow-up to commit ed7174c6f66, rename 'wait' to 'block' - compiler warning fix: declaration of 'wait' shadows a global declaration It seems older gcc installations (at least) will cause warnings if we name a variable 'wait'. Now changed to 'block' instead. Reported by: Jiří Hruška Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html Nick Zitzmann (17 Feb 2013) - MacOSX-Framework: Make script work in Xcode 4.0 and later Apple made a number of changes to Xcode 4. The SDKs were moved, the entire Developer folder was moved, and PowerPC support was removed. The script will now adapt to those changes and should be future-proofed against additional changes in case Apple moves the Developer folder ever again. Also, the minimum OS X version compiler option was removed, so that the framework can be built against the latest SDK but still run in older cats. Daniel Stenberg (17 Feb 2013) - docs: refer to CURLOPT_ACCEPT_ENCODING instead of the old name Steve Holme (16 Feb 2013) - email: Tidied up result code variables Tidied up result variables to be consistent in name, declaration order and default values. Nick Zitzmann (16 Feb 2013) - ntlm_core: fix compiler warning when building with clang Fixed a 64-to-32 compiler warning raised when building with clang and the --with-darwinssl option. Daniel Stenberg (16 Feb 2013) - Guile-curl: a new libcurl binding - polarsslthreadlock: #include the proper memory and debug includes Pointed out by Steve Holme Steve Holme (16 Feb 2013) - email: Removed unnecessary forward declaration Due to the reordering of functions in commit 586f5d361474 the forward declaration to state_upgrade_tls() are no longer required. - pop3.c: Added reference to RFC-5034 Daniel Stenberg (15 Feb 2013) - [Willem Sparreboom brought this change] PolarSSL: Change to cURL coding style Repaired all curl/lib/checksrc.pl warnings in the previous four patches - [Willem Sparreboom brought this change] PolarSSL: WIN32 threading support for entropy Added WIN32 threading support for PolarSSL entropy if --enable-threaded-resolver config flag is set and process.h can be found. - [Willem Sparreboom brought this change] PolarSSL: pthread support for entropy Added pthread support for polarssl entropy if --enable-threaded-resolver config flag is set and pthread.h can be found. - [Willem Sparreboom brought this change] PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define - [Willem Sparreboom brought this change] PolarSSL: added human readable error strings Print out human readable error strings for PolarSSL related errors Steve Holme (15 Feb 2013) - pop3: Removed unnecessary state changes on failure - imap: Removed unnecessary state change on failure Daniel Stenberg (15 Feb 2013) - metalink_cleanup: yet another follow-up fix - metalink_cleanup: define it without argument Since the function takes no argument, the macro shouldn't take one as some compilers will error out on that. - rename "easy" statemachines: call them block instead ... since they're not used by the easy interface really, I wanted to remove the association. Also, I unified the pingpong statemachine driver into a single function with a 'wait' argument: Curl_pp_statemach. Yang Tse (15 Feb 2013) - [Gisle Vanem brought this change] curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s() - [Gisle Vanem brought this change] config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32 - [Gisle Vanem brought this change] config-dos.h: define strerror() to strerror_s_() for High-C - [Gisle Vanem brought this change] config-dos.h: define HAVE_TERMIOS_H only for djgpp Steve Holme (14 Feb 2013) - smtp.c: Fixed a trailing whitespace Remove tailing whitespace introduced in commit 7ed689d24a4e. - pop3: Fixed blocking SSL connect when connecting via POP3S A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS connection layer was reworked in 7.29. Not only would this cause the connection to block but had the additional overhead of calling the non-blocking connect a little bit later. - smtp: Refactored the smtp_state_auth_resp() function Renamed smtp_state_auth_resp() function to match the implementations in IMAP and POP3. Daniel Stenberg (14 Feb 2013) - remove ifdefs Clarify the code by reducing ifdefs - strlcat: remove function This function was only used twice, both in places where performance isn't crucial (socks + if2ip). Removing the use of this function removes the need to have our private version for systems without it == reduced amount of code. Also, in the SOCKS case it is clearly better to fail gracefully rather than to truncate the results. This work was triggered by a bug report on the strcal prototype in strequal.h. strlcat was added in commit db70cd28 in February 2001! Bug: http://curl.haxx.se/bug/view.cgi?id=1192 Reported by: Jeremy Huddleston - Curl_FormBoundary: made static As Curl_FormBoundary() is no longer used outside of this file (since commit ad7291c1a9d), it is now renamed to formboundary() and is made static. - ossl_seed: fix the last resort PRNG seeding Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(), this now uses Curl_ossl_random() to get entropy. Steve Holme (13 Feb 2013) - email: Tidy up before additional IMAP work Replaced two explicit comparisons of CURLE_OK with boolean alternatives. General tidy up of comments. - smtp: Removed duplicate pingpong structure initialisation The smtp_connect() function was setting the member variables of the pingpong structure twice, once before calling Curl_pp_init() and once after! Yang Tse (13 Feb 2013) - move msvc IDE related files to 'vs' directory tree Use 'vs' directory tree given that 'vc' intended one clashes with an already existing build target in file Makefile.dist. Daniel Stenberg (13 Feb 2013) - install-sh: updated to support multiple source files as arguments Version 7.29.0 uses Makefiles generated with a newer version of the autotools than the previous 7.28.1. These Makefiles try to install e.g. header files by calling install-sh with multiple source files as arguments. The bundled install-sh is to old and does not support this. The problem only occurs, if install-sh is actually being used, ie. the platform install executable is to old or not usable. Example: Solaris 10. The files install-sh and mkinstalldirs are now updated with the automake 1.11.3 versions. A better fix might be to completely remove them from git and force the files to be added/created during buildconf. Bug: http://curl.haxx.se/bug/view.cgi?id=1195 Reported by: Rainer Jung Yang Tse (13 Feb 2013) - move msvc IDE related files to 'vc' directory tree - msvc IDE 'vc' directory tree preparation Steve Holme (12 Feb 2013) - imap: Corrected a whitespace issue from previous commit Fixed a small whitespace issue that crept in there in commit 508cdf4da4d7. - email: Another post optimisation of endofresp() tidy up - sasl: Fixed null pointer reference when decoding empty digest challenge Fixed a null pointer reference when an empty challenge is passed to the Curl_sasl_create_digest_md5_message() function. Bug: http://sourceforge.net/p/curl/bugs/1193/ Reported by: Saran Neti - email: Post optimisation of endofresp() tidy up Removed unnecessary end of line check and return. Nick Zitzmann (12 Feb 2013) - darwinssl: Fix send glitchiness with data > 32 or so KB An ambiguity in the SSLWrite() documentation lead to a bad inference in the code where we assumed SSLWrite() returned the amount of bytes written to the socket, when that is not actually true; it returns the amount of data that is buffered for writing to the socket if it returns errSSLWouldBlock. Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written. Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html Steve Holme (12 Feb 2013) - pingpong.h: Fixed line length over 78 characters from b56c9eb48e3c - pingpong: Optimised the endofresp() function Reworked the pp->endofresp() function so that the conndata, line and line length are passed down to it just as with Curl_client_write() rather than each implementation of the function having to query these values. Additionally changed the int return type to bool as this is more representative of the function's usage. - email: Post STARTLS capability code tidy up (Part Three) Corrected the order of the upgrade_tls() functions and moved the handler upgrade and getsock() functions out from the middle of the state related functions. - email: Post STARTLS capability code tidy up (Part Two) Corrected the order of the pop3_state_capa() / imap_state_capability() and the pop3_state_capa_resp() / imap_state_capability_resp() functions to match the execution order. Daniel Stenberg (11 Feb 2013) - [ulion brought this change] SOCKS: fix socks proxy when noproxy matched Test 1212 added to verify Bug: http://curl.haxx.se/bug/view.cgi?id=1190 Steve Holme (11 Feb 2013) - ntlm: Updated comments for the addition of SASL support to IMAP in v7.29 - RELEASE-NOTES: Updated following the recent imap/pop3/smtp changes Linus Nielsen Feltzing (10 Feb 2013) - Fix NULL pointer reference when closing an unused multi handle. Steve Holme (10 Feb 2013) - email: Post STARTLS capability code tidy up (Part One) Corrected the order of the CAPA / CAPABILITY state machine constants to match the execution order. - imap: Fixed memory leak following commit f6010d9a0359 - smtp: Added support for the STARTTLS capability (Part Two) Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously. - pop3: Added support for the STLS capability (Part Three) Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously. - imap: Added support for the STARTTLS capability (Part Three) Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously. Daniel Stenberg (10 Feb 2013) - [Alessandro Ghedini brought this change] htmltitle: fix suggested build command Steve Holme (10 Feb 2013) - pop3: Added support for the STLS capability (Part Two) Added sending of initial CAPA command before STLS is sent. This allows for the detection of the capability before trying to upgrade the connection. - imap: Added support for the STARTTLS capability (Part Two) Added sending of initial CAPABILITY command before STARTTLS is sent. This allows for the detection of the capability before trying to upgrade the connection. - smtp: Added support for the STLS capability (Part One) Introduced detection of the STARTTLS capability, in order to add support for TLS upgrades without unconditionally sending the STARTTLS command. - pop3: Added support for the STLS capability (Part One) Introduced detection of the STLS capability, in order to add support for TLS upgrades without unconditionally sending the STLS command. - imap: Added support for the STARTTLS capability (Part One) Introduced detection of the STARTTLS capability, in order to add support for TLS upgrades without unconditionally sending the STARTTLS command.