1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Changelog 8 9Version 7.37.1 (16 Jul 2014) 10 11Daniel Stenberg (16 Jul 2014) 12- RELEASE-NOTES: synced with 4cb2521595 13 14- test506: verify aa6884845168 15 16 After the fixed cookie lock deadlock, this test now passes and it 17 detects double-locking and double-unlocking of mutexes. 18 19- [Yousuke Kimoto brought this change] 20 21 cookie: avoid mutex deadlock 22 23 ... by removing the extra mutex locks around th call to 24 Curl_flush_cookies() which takes care of the locking itself already. 25 26 Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html 27 28- gnutls: fix compiler warning 29 30 conversion to 'int' from 'long int' may alter its value 31 32Dan Fandrich (15 Jul 2014) 33- test320: strip off the actual negotiated cipher width 34 35 It's irrelevant to the test, and will change depending on which SSL 36 library is being used by libcurl. 37 38- gnutls: detect lack of SRP support in GnuTLS at run-time and try without 39 40 Reported-by: David Woodhouse 41 42Daniel Stenberg (14 Jul 2014) 43- [Michał Górny brought this change] 44 45 configure: respect host tool prefix for krb5-config 46 47 Use ${host_alias}-krb5-config if available. This improves cross- 48 compilation support and fixes multilib on Gentoo (at least). 49 50- [David Woodhouse brought this change] 51 52 gnutls: handle IP address in cert name check 53 54 Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function 55 didn't actually check IP addresses in SubjectAltName, even though it was 56 explicitly documented as doing so. So do it ourselves... 57 58Dan Fandrich (14 Jul 2014) 59- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r 60 61Daniel Stenberg (14 Jul 2014) 62- RELEASE-NOTES: next one is called 7.37.1 63 64Dan Fandrich (13 Jul 2014) 65- gnutls: improved error message if setting cipher list fails 66 67 Reported-by: David Woodhouse 68 69- netrc: fixed thread safety problem by using getpwuid_r if available 70 71 The old way using getpwuid could cause problems in programs that enable 72 reading from netrc files simultaneously in multiple threads. 73 74 Reported-by: David Woodhouse 75 76- RELEASE-NOTES: add the reporter of the previous bug fix 77 78- netrc: treat failure to find home dir same as missing netrc file 79 80 This previously caused a fatal error (with a confusing error code, at 81 that). 82 83 Reported by: Glen A Johnson Jr. 84 85Steve Holme (12 Jul 2014) 86- RELEASE-NOTES: Synced with aaaf9e50ec 87 88- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions 89 90 Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html 91 Reported-by: David Woodhouse 92 93- build: Fixed overridden compiler PDB settings in VC7 to VC12 94 95 The curl tool project files for VC7 to VC12 would override the default 96 setting with the output filename being the same as the linker PDB file. 97 As such the compiler file would be overwritten with the linker file 98 for all debug builds. 99 100 To avoid this overwrite and for consistency with the libcurl project 101 files, removed the setting to force the default filename to be used. 102 103Dan Fandrich (12 Jul 2014) 104- tests: added globbing keyword to URL globbing tests 105 106- Fixed some "statement not reached" warnings 107 108- gnutls: fixed a couple of uninitialized variable references 109 110- gnutls: fixed compilation against versions < 2.12.0 111 112 The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but 113 the code path in which they're referenced here is only ever used for 114 somewhat older GnuTLS versions. This caused undeclared identifier errors 115 when compiling against those. 116 117- gnutls: explicitly added SRP to the priority string 118 119 This seems to have become necessary for SRP support to work starting 120 with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS 121 before the function that takes this priority string, there should be no 122 issue with backward compatibility. 123 124- tests: adjust for capitalization differences in newer gnutls-serv 125 126- test320/1/2/4: fix the port number substitution variables 127 128 These tests have been broken since commit 1958fe57 in Oct. 2011 129 130- tests: document more test identifiers and variables 131 132- gnutls: ignore invalid certificate dates with VERIFYPEER disabled 133 134 This makes the behaviour consistent with what happens if a date can 135 be extracted from the certificate but is expired. 136 137Steve Holme (10 Jul 2014) 138- CURLOPT_UPLOAD: Corrected argument type 139 140Daniel Stenberg (9 Jul 2014) 141- FAQ: expand the thread-safe section 142 143 ... with a mention of *NOSIGNAL, based on talk in bug #1386 144 145Dan Fandrich (9 Jul 2014) 146- url.c: Fixed memory leak on OOM 147 148 This showed itself on some systems with torture failures 149 in tests 1060 and 1061 150 151- Update instances of some obsolete CURLOPTs to their new names 152 153Daniel Stenberg (5 Jul 2014) 154- [Marcel Raad brought this change] 155 156 compiler warnings: potentially uninitialized variables 157 158 ... pointed out by MSVC2013 159 160 Bug: http://curl.haxx.se/bug/view.cgi?id=1391 161 162Kamil Dudka (4 Jul 2014) 163- nss: make the list of CRL items global 164 165 Otherwise NSS could use an already freed item for another connection. 166 167- nss: fix a memory leak when CURLOPT_CRLFILE is used 168 169- nss: make crl_der allocated on heap 170 171 ... and spell it as crl_der instead of crlDER 172 173- nss: let nss_{cache,load}_crl return CURLcode 174 175- tool: oops, forgot to include <plarenas.h> 176 177 ... that contains the declaration of PL_ArenaFinish() 178 179- tool: call PL_ArenaFinish() on exit if NSPR is used 180 181 This prevents valgrind from reporting still reachable memory allocated 182 by NSPR arenas (mainly the freelist). 183 184 Reported-by: Hubert Kario 185 186Daniel Stenberg (3 Jul 2014) 187- [Dimitrios Siganos brought this change] 188 189 example: use correct type (long) for CURLOPT_FOLLOWLOCATION 190 191- [Dimitrios Siganos brought this change] 192 193 Document type of argument for CURLOPT_FOLLOWLOCATION. 194 195- [Dimitrios Siganos brought this change] 196 197 Document type of argument for CURLOPT_ERRORBUFFER. 198 199- [Dimitrios Siganos brought this change] 200 201 Document type of argument for CURLOPT_COPYPOSTFIELDS. 202 203- [Dimitrios Siganos brought this change] 204 205 Document type of argument for CURLOPT_ADDRESS_SCOPE. 206 207- curl.1: minor language fix 208 209 Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html 210 211- [Ray Satiro brought this change] 212 213 progress callback: skip last callback update on errors 214 215 When an error has been detected, skip the final forced call to the 216 progress callback by making sure to pass the current return code 217 variable in the Curl_done() call in the CURLM_STATE_DONE state. 218 219 This avoids the "extra" callback that could occur even if you returned 220 error from the progress callback. 221 222 Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html 223 Reported by: Jonathan Cardoso Machado 224 225Dan Fandrich (2 Jul 2014) 226- opts: fixed some CURLOPT references so they get turned into links 227 228Kamil Dudka (2 Jul 2014) 229- tool: call PR_Cleanup() on exit if NSPR is used 230 231 This prevents valgrind from reporting possibly lost memory that NSPR 232 uses for file descriptor cache and other globally allocated internal 233 data structures. 234 235- nss: make the fallback to SSLv3 work again 236 237 This feature was unintentionally disabled by commit ff92fcfb. 238 239- nss: do not abort on connection failure 240 241 ... due to calling SSL_VersionRangeGet() with NULL file descriptor 242 243 reported-by: upstream tests 305 and 404 244 245Dan Fandrich (1 Jul 2014) 246- opts: Document the socket callback function parameters 247 248Steve Holme (28 Jun 2014) 249- opts: Fixed some typos 250 251Dan Fandrich (25 Jun 2014) 252- curl_easy_setopt.3: fixed the error code for an unsupported option 253 254- opts: added some DEFAULT and RETURN VALUE sections 255 256Daniel Stenberg (21 Jun 2014) 257- libcurl docs: man page edits 258 259 mainly to improve how the web versions render 260 261Dan Fandrich (21 Jun 2014) 262- curl_easy_setopt.3: fixed some typos 263 264Daniel Stenberg (21 Jun 2014) 265- lib man pages: update easy setopt option references 266 267 ... by using the "\fIopt(3)\fP" syntax they will be linked properly when 268 the web version of the page is generated. 269 270- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default 271 272- [Colin Hogben brought this change] 273 274 lib: documentation updates in README.hostip 275 276 c-ares now does support IPv6; 277 avoid implying threaded resolver is Windows-only; 278 two referenced source files were renamed in 7de2f92 279 280- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception 281 282 ... to the always-copy-char *-argument. 283 284 And fix some minor mistakes. 285 286- curl_easy_setopt.3: refer to the individual man pages 287 288 With all the new individual option man pages created, this now refers to 289 each separate one instead of duplicaing the info. Also makes this page 290 easier to overview. 291 292Dan Fandrich (21 Jun 2014) 293- opts: fixed mancheck for out-of-tree builds 294 295Daniel Stenberg (21 Jun 2014) 296- curl_easy_setopt.3: shorten 297 298 shorten descriptions, mostly refer to the separate descriptions 299 300- CURLOPT_DNS_LOCAL_IP4.3: better short desc 301 302Dan Fandrich (20 Jun 2014) 303- opts: document CURLE_OUT_OF_MEMORY among other return values 304 305- opts: fixed some typos 306 307Daniel Stenberg (20 Jun 2014) 308- opts: various corrections 309 310- opts: add the rest of the options 311 312 ... and fixed mancheck to ignore obsolete options 313 314- opts: the final bunch of options as man pages 315 316 Now all current options have their own man pages. 317 318- opts: 37 additional man pages 319 320- CURLOPT_URL: move up the text from "Notes" 321 322- ROADMAP: removed, now ROADMAP.md 323 324- ROADMAP.md: make it markdown formatted 325 326- ROADMAP: initial commit of "curl the next few years" 327 328 To be further discussed, debated and edited 329 330- opts: more man pages 331 332- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' 333 334- opts: makefile now includes all current man pages 335 336- opts: 11 more man pages 337 338Dan Fandrich (18 Jun 2014) 339- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE 340 341- opts: fixed a couple of typos 342 343Patrick Monnerat (18 Jun 2014) 344- OS400: make it compilable again. Make RPG binding up to date. 345 346- buildconf: do not search tools in current directory. 347 348Dan Fandrich (18 Jun 2014) 349- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx 350 351 This is consistent with the existing obsolete error code naming 352 convention. 353 354Daniel Stenberg (18 Jun 2014) 355- opts: 16 more man pages 356 357- opts: more man pages 358 359- CURLOPT_READFUNCTION.3: add short desc 360 361- CURLOPT_LOW_SPEED_LIMIT.3: language 362 363- opts: 4 more man pages 364 365- opts: add all existing man pages to the dist 366 367- libcurl build: use correct dir when cd'ing to opts for pdf building 368 369Dan Fandrich (18 Jun 2014) 370- tests: Use CURLOPT_READDATA instead of the obsolete CURLOPT_INFILE 371 372- opts: fixed a few typos 373 374Daniel Stenberg (18 Jun 2014) 375- opts: 29 more options as man pages 376 377- curl.h: moved two really old deprecated symbols 378 379 ... from the CINIT() enum 380 381- opts: 9 more options as separate man pages 382 383- opts: 3 more options as man pages 384 385- opts: 7 more setopt options as individual man pages 386 387- opts template: provide a filled in error code phrase 388 389- CURLOPT_SOCKOPTFUNCTION.3: clarify return code 390 391- curl.h: reverse the enum/define setup for old symbols 392 393 We now provide the "real" names in the CINIT() macro setup for CURLOPT_* 394 symbols, and we provide backwards compatibility defines for the old 395 symbols as defines instead of vice versa. 396 397 This allows us to better use the CINIT() list to check for existing and 398 current option names. 399 400- CURLOPT_WRITEDATA.3: move version info to AVAILABILITY 401 402- opts: 4 more options with stand-alone man pages 403 404- CURLOPT_READFUNCTION.3: see also the seekfunction 405 406- CURLOPT_IOCTLFUNCTION.3: fill in short desc 407 408Dan Fandrich (17 Jun 2014) 409- CURLOPT_READDATA.3: fixed typo 410 411Daniel Stenberg (17 Jun 2014) 412- [Michał Górny brought this change] 413 414 tool_metalink: Support polarssl as digest provider 415 416- opts: initial makefile 417 418 with a bonus first rough 'mancheck' target to see which man pages that 419 are still missing 420 421- CURLOPT_IOCTLFUNCTION.3: initial man page 422 423- CURLOPT_WRITEFUNCTION: changed the order of some sentences 424 425 First explain the data then describe what the callback should return. 426 427- CURLOPT_WRITEFUNCTION.3: improved language 428 429 Suggestions-by: Jeff Pohlmeyer 430 431- opts docs: 3 more options in their own man pages 432 433- template: a template for adding new option man pages 434 435 Inludes all the sections to consider. 436 437- CURLOPT_WRITEFUNCTION: add RETURN VALUE and DEFAULT sections 438 439- [MAN-AT-ARMS brought this change] 440 441 curlbuild: fix GCC build on SPARC systems without configure script 442 443- CURLOPT_WRITEFUNCTION: initial man page 444 445- CURLOPT_WILDCARDMATCH: initial man page 446 447- CURLOPT_VERBOSE: initial man page 448 449- CURLOPT_NOSIGNAL: initial man page 450 451- CURLOPT_NOPROGRESS: initial man page 452 453- CURLOPT_HEADER: initial man page 454 455Dan Fandrich (15 Jun 2014) 456- sasl: Added back qop argument mistakenly removed in e95ca7ce 457 458 This caused segfaults on tests 823 869 907. 459 460- test1398: Added test to Makefile.am 461 462- https: Fix build when http2 is disabled 463 464Daniel Stenberg (14 Jun 2014) 465- http2: better return code error checking 466 467- [Lindley French brought this change] 468 469 conncache: move the connection counter to the cache struct 470 471 The static connection counter caused a race condition. Moving the 472 connection id counter into conncache solves it, as well as simplifying 473 the related logic. 474 475- http2: avoid segfault when usint the plain-text http2 476 477 This regression was introduced when *init was split into *init and 478 *setup... 479 480Steve Holme (11 Jun 2014) 481- RELEASE-NOTES: Synced with 3aa1329e0a 482 483Daniel Stenberg (11 Jun 2014) 484- curl_sasl: revert the goto for error bailout 485 486 They were added because of an older code path that used allocations and 487 should not have been left in the code. With this change the logic goes 488 back to how it was. 489 490- NTLM: set a fake entropy for debug builds with CURL_ENTROPY set 491 492 Curl_rand() will return a dummy and repatable random value for this 493 case. Makes it possible to write test cases that verify output. 494 495 Also, fake timestamp with CURL_FORCETIME set. 496 497 Only when built debug enabled of course. 498 499 Curl_ssl_random() was not used anymore so it has been 500 removed. Curl_rand() is enough. 501 502 create_digest_md5_message: generate base64 instead of hex string 503 504 curl_sasl: also fix memory leaks in some OOM situations 505 506Steve Holme (11 Jun 2014) 507- tests: Disabled NTLM tests for non-debug builds 508 509 Added required "debug" feature, missed in commit 1c9aaa0bac, as NTLMv2 510 calls Curl_rand() which can only be fixed to a specific entropy in 511 debug builds. 512 513- Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set 514 515Daniel Stenberg (10 Jun 2014) 516- [Marcel Raad brought this change] 517 518 getinfo: HTTP CONNECT code not reset between transfers 519 520 httpproxycode is not reset in Curl_initinfo, so a 407 is not reset even 521 if curl_easy_reset is called between transfers. 522 523 Bug: http://curl.haxx.se/bug/view.cgi?id=1380 524 525- [Alessandro Ghedini brought this change] 526 527 transfer: fix info messages when switching method on 301 and 302 528 529 The method change is forbidden by the obsolete RFC2616, but libcurl did 530 it anyway for compatibility reasons. The new RFC7231 allows this 531 behaviour so there's no need for the scary "Violate RFC 2616/10.3.x" 532 notice. Also update the comments accordingly. 533 534Steve Holme (6 Jun 2014) 535- winbuild: Don't USE_WINSSL when WITH_SSL is being used 536 537 Regression of commit d39bbcfa8d when compiling against OpenSSL. 538 539- RELEASE-NOTES: Synced with 99303bcde5 540 541- build: Fixed Visual Studio static OpenSSL builds following commit c50ce85918 542 543- winbuild: Fixed static OpenSSL builds following commit c50ce85918 544 545- config-win32.h: Updated for VC12 546 547 Bug: http://curl.haxx.se/bug/view.cgi?id=1378 548 Reported and Patched-by: Marcel Raad 549 550Daniel Stenberg (4 Jun 2014) 551- KNOWN_BUGS: #83 was addressed with commit c50ce859187ca 552 553- Curl_ossl_init: call OPENSSL_config for initing engines 554 555 Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html 556 Reported-by: Дмитрий Фалько 557 558- random: use Curl_rand() for proper random data 559 560 The SASL/Digest previously used the current time's seconds + 561 microseconds to add randomness but it is much better to instead get more 562 data from Curl_rand(). 563 564 It will also allow us to easier "fake" that for debug builds on demand 565 in a future. 566 567Steve Holme (2 Jun 2014) 568- curl_sasl: Fixed copy/paste error of now.tv_sec in commit eefeb73af4 569 570Daniel Stenberg (2 Jun 2014) 571- RELEASE-NOTES: synced with d603ed67535 572 573- KNOWN_BUGS: #30 was fixed in 0bc4938eeccce, 7.37.0 574 575Steve Holme (1 Jun 2014) 576- curl_sasl: Fixed compilation warning under DEBUGBUILD 577 578- tests: Fixed up DIGEST-MD5 tests following commit eefeb73af4 579 580- curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex string 581 582 Rather than use a short 8-byte hex string, extended the cnonce to be 583 32-bytes long, like Windows SSPI does. 584 585 Used a combination of random data as well as the current date and 586 time for the generation. 587 588- curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generation 589 590Dan Fandrich (29 May 2014) 591- tests: Fix portability issue with the tftpd server and timeouts 592 593 gcc spit out warning: variable 'x' might be clobbered by 'longjmp' or 594 'vfork' messages for a few variables. These automatic variables were 595 expected to be changed between a setjmp/longjmp and hold their values, 596 so are now marked volatile. 597 598Steve Holme (28 May 2014) 599- RELEASE-NOTES: Synced with 2a615a2b64 600 601- build: Use $(TargetDir) and $(TargetName) macros for VC .lib output files 602 603 As with commit 11397eb6dd, use $(TargetDir) and $(TargetName) for the 604 Import Library output rather than $(OutDir)\$(ProjectName)d.lib and 605 $(OutDir)\$(ProjectName).lib. 606 607- build: Use $(TargetDir) and $(TargetName) macros for VC .pdb output files 608 609 Like with the curl tool project files use $(TargetDir)$(TargetName).pdb 610 rather than $(OutDir)$(ProjectName)d.pdb for the Program Database File 611 output. 612 613Daniel Stenberg (28 May 2014) 614- gnutls: allow building with nghttp2 but without ALPN support 615 616 It might not be the most useful combo, but... 617 618- [Alessandro Ghedini brought this change] 619 620 gnutls: don't use deprecated type names anymore 621 622- [Brad Spencer brought this change] 623 624 select: with winsock, avoid passing unsupported arguments to select() 625 626 "Any two of the parameters, readfds, writefds, or exceptfds, can be 627 given as null. At least one must be non-null, and any non-null 628 descriptor set must contain at least one handle to a socket." 629 630 http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx 631 632 When using select(), cURL doesn't adhere to this (WinSock-specific) 633 rule, and can ask to monitor empty fd_sets, which leads to select() 634 returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious 635 ways as a result (at least when using the curl_multi_socket_action() 636 interface). 637 638 Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html 639 640- url-parser: only use if_nametoindex if detected by configure 641 642 The previous #ifdef detection wasn't good enough. 643 644 Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html 645 Reported-by: Chris Young 646 647- curl_version_info.3: returns a pointer to a static struct 648 649 And clarify that age 3 means 7.16.1 or later. 650 651- [Fabian Frank brought this change] 652 653 polarssl: add ALPN support 654 655 PolarSSL added ALPN support in their 1.3.6 release. 656 657 See: 658 https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released 659 660- curl_easy_reset: reset the URL 661 662 Make sure that the URL is reset and cleared. 663 664 Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html 665 Reported-by: Jonathan Cardoso Machado 666 667- configure: fix the nghttp2 detection when not found 668 669- configure: detect nghttp2 by default 670 671- [Tatsuhiro Tsujikawa brought this change] 672 673 openssl: Fix uninitialized variable use in NPN callback 674 675 OpenSSL passes out and outlen variable uninitialized to 676 select_next_proto_cb callback function. If the callback function 677 returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled 678 values in out and outlen and processes as such. Previously, if there 679 is no overlap in protocol lists, curl code does not fill any values in 680 these variables and returns SSL_TLSEXT_ERR_OK, which means we are 681 triggering undefined behavior. valgrind warns this. 682 683 This patch fixes this issue by fallback to HTTP/1.1 if there is no 684 overlap. 685 686- curl.1: clarify that -u can't specify a user with colon 687 688Steve Holme (22 May 2014) 689- README: Added Test Suite to the TODO list 690 691- build: Use CURLX_* file lists for Visual Studio curl tool project generation 692 693- tool_getparam.c: Fixed compilation warnings 694 695 There is an implicit conversion from "unsigned long" to "long" 696 697- RELEASE-NOTES: Synced with f634355868 698 699Dan Fandrich (22 May 2014) 700- http: Fix a compiler warning when http2 support is disabled 701 702Steve Holme (22 May 2014) 703- build: Fixed incorrect reference to curl_setup.h in Visual Studio files 704 705 Fixed a copy / paste error from my 2011 project files. 706 707Nick Zitzmann (21 May 2014) 708- darwinssl: fix lint & build warnings in the previous commit 709 710- [Vilmos Nebehaj brought this change] 711 712 Add support for --cacert in DarwinSSL. 713 714 Security Framework on OS X makes it possible to supply extra anchor (CA) 715 certificates via the Certificate, Key, and Trust Services API. This 716 commit makes the '--cacert' option work using this API. 717 718 More information: 719 720 https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html 721 722 The HTTPS tests now pass on OS X except 314, which requires the '--crl' 723 option to work. 724 725Steve Holme (22 May 2014) 726- http.c: Fixed compilation warning 727 728 warning: suggest braces around empty body in an 'else' statement 729 730- bits.close: Fixed compilation warning 731 732 warning: implicit declaration of function 'connclose' 733 734Daniel Stenberg (22 May 2014) 735- bits.close: introduce connection close tracking 736 737 Make all code use connclose() and connkeep() when changing the "close 738 state" for a connection. These two macros take a string argument with an 739 explanation, and debug builds of curl will include that in the debug 740 output. Helps tracking connection re-use/close issues. 741 742Steve Holme (21 May 2014) 743- Makefile.inc: Added curlx headers to assist Visual Studio project generation 744 745- build: Renamed CURLX_ONES file list definition to CURLX_CFILES 746 747 Renamed the CURLX_ONES file list definition in order to a) try and be 748 consistent with other file lists and b) to allow for the addition of 749 the curlx header files, which will assist with Visual Studio project 750 files generation rather than hard coding those files. 751 752- bump: Start working on the next release 753 754Version 7.37.0 (20 May 2014) 755 756Daniel Stenberg (20 May 2014) 757- THANKS: 18 new contributors for 7.37.0 758 759- RELEASE-NOTES: synced with 85f4075bdbf3 760 761 Possibly the final update before release... 762 763Steve Holme (20 May 2014) 764- README: Added some outstanding tasks to the TODO list 765 766 Added a couple of outstanding tasks to the TODO section that we didn't 767 get time to do before the release. 768 769Daniel Stenberg (20 May 2014) 770- http2: make connection re-use work 771 772 Http2 connections would wrongly get closed after each individual 773 request. 774 775 Co-authored-by: Tatsuhiro Tsujikawa 776 Bug: http://curl.haxx.se/bug/view.cgi?id=1374 777 778- [Fabian Frank brought this change] 779 780 ALPN: fix typo in http/1.1 identifier 781 782 According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05 783 it is "http/1.1" and not "http/1.0". 784 785Steve Holme (20 May 2014) 786- build-openssl.bat: Added check for OpenSSL source directory 787 788- build-openssl.bat: Added default source directory when not specified 789 790 Added a default source directory so the user doesn't have to specify 791 one - the same as that, which the Visual Studio project files expect 792 the OpenSSL dependencies to be in. 793 794- Makefile.am: Fixed missing / in VC10+ project file generation 795 796- INSTALL: Updated MSVC 6 caveats 797 798 To use an up to date download link as well as remove duplicate 799 information. 800 801- INSTALL: Updated for new Visual Studio project files 802 803- build: Slight rename of new LIB_* makefile file variables 804 805 In order to try and be consistent between curl and libcurl renamed the 806 recently introduced LIB_* makefile file variables. 807 808- build: Removed old Visual Studio project files 809 810Daniel Stenberg (18 May 2014) 811- maketgz: two more CRLF 812 813 grrr, missed them in my previous fix 814 815- test1014: GSS-API is only in curl-config. not in curl 816 817 Follow-up to commit 121bcfee5d1. curl-config --features now lists 818 GSS-API but it is not a listed feature in curl -V. This should probably 819 be synchronized. 820 821- test1134: verify CREDSPERREQUEST for HTTP 822 823 Verifies that the change in 68f0166a92 works as intended and that 824 different HTTP auth credentials to the same host still re-uses the 825 connection properly. 826 827- maketgz: remove CRLF newlines 828 829Steve Holme (18 May 2014) 830- Makefile.am: Corrected a couple of grammar errors 831 832- Makefile.am: Added new Visual Studio project file generation for curl tool 833 834- Makefile.inc: Added resource file to assist Visual Studio project generation 835 836- [Daniel Stenberg brought this change] 837 838 maketgz: run make vc-ide before make dist 839 840 To get the VC project files generated before packaging! 841 842- Makefile.am: Added new Visual Studio project file generation for libcurl 843 844- Makefile.am: Removed old Visual Studio project file generation 845 846Daniel Stenberg (17 May 2014) 847- RELEASE-NOTES: synced with 831f6dd1d986c9 848 849Steve Holme (17 May 2014) 850- build: Fixed another tabulation issue in the Visual Studio file generator 851 852Dan Fandrich (17 May 2014) 853- axtls: Fixed too long source line 854 855Daniel Stenberg (17 May 2014) 856- configure: add GSS-API to supported features 857 858 Bug: http://curl.haxx.se/bug/view.cgi?id=1344 859 Reported-by: Michael Osipov 860 861- configure: add SPNEGO to supported features 862 863 Bug: http://curl.haxx.se/bug/view.cgi?id=1343 864 Reported-by: Michael Osipov 865 866Dan Fandrich (16 May 2014) 867- axtls: Add a TODO to a potential blocking call with no timeout 868 869Daniel Stenberg (16 May 2014) 870- curl_easy_getinfo.3: clarify CURLINFO_SIZE_DOWNLOAD 871 872 It counts "body" data only, no meta data, no headers. 873 874- curl_easy_setopt.3: prefer XFERINFOFUNCTION to PROGRESSFUNCTION 875 876- HTTP: CREDSPERREQUEST is for HTTP too 877 878 Commit 517b06d657ace (in 7.36.0) that brought the CREDSPERREQUEST flag 879 only set it for HTTPS, making HTTP less good at doing connection re-use 880 than it should be. Now set it for HTTP as well. 881 882 Simple test case 883 884 "curl -v -u foo:bar localhost --next -u bar:foo localhos" 885 886 Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html 887 Reported-by: Kamil Dudka 888 889- RELEASE-NOTES: synced with 53a5b95c21586 890 891- CURLINFO_SSL_VERIFYRESULT: assign at first connect call 892 893 The variable wasn't assigned at all until step3 which would lead to a 894 failed connect never assigning the variable and thus returning a bad 895 value. 896 897 Reported-by: Larry Lin 898 Bug: http://curl.haxx.se/mail/lib-2014-04/0203.html 899 900- timers: fix timer regression involving redirects / reconnects 901 902 In commit 0b3750b5c23c25f (released in 7.36.0) we fixed a timeout issue 903 but instead broke the timings. 904 905 To fix this, I introduce a new timestamp to use for the timeouts and 906 restored the previous timestamp and timestamp position so that the old 907 timer functionality is restored. 908 909 In addition to that, that change also broke connection timeouts for when 910 more than one connect was used (as it would then count the total time 911 from the first connect and not for the most recent one). Now 912 Curl_timeleft() has been modified so that it checks against different 913 start times depending on which timeout it checks. 914 915 Test 1303 is updated accordingly. 916 917 Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html 918 Reported-by: Ryan Braud 919 920Steve Holme (15 May 2014) 921- darwinssl: Updated copyright following recent changes 922 923Nick Zitzmann (14 May 2014) 924- darwinssl: fix potential crash when attempting to copy an identity 925 from a P12 file 926 927 This could've happened if SecPKCS12Import() returned noErr _and_ no 928 identity. 929 930Steve Holme (12 May 2014) 931- RELEASE-NOTES: Synced with 52d16c84d2 932 933Daniel Stenberg (12 May 2014) 934- openssl: unbreak PKCS12 support 935 936 Regression introduced in ce362e8eb9c (7.31.0) 937 938 Bug: http://curl.haxx.se/bug/view.cgi?id=1371 939 Reported-by: Dmitry 940 941Steve Holme (11 May 2014) 942- Makefile.inc: Added resource file to assist Visual Studio project generation 943 944- build: Fixed some tabulation issues in the Visual Studio file generator 945 946- tests: Fixed up DIGEST-MD5 tests following commit 8342b6e1dc 947 948- sasl: Fixed missing qop in the client's challenge-response message 949 950 Whilst the qop directive isn't required to be present in a client's 951 response, as servers should assume a qop of "auth" if it isn't 952 specified, some may return authentication failure if it is missing. 953 954- tool_operate.c: Fixed compilation warning 955 956 An enumerated type is mixed with another type. 957 958- Makefile.inc: Separated the lib and lib/vtls source file variables 959 960 To cater for the automatic generation of the new Visual Studio project 961 files, moved the lib file list into a separated variable so that lib 962 and lib/vtls can be referenced independently. 963 964- RELEASE-NOTES: Synced with 0ab2c444b5 965 966- Makefile.b32: Fixed for vtls changes 967 968 Follow up fix to commits a47c142a88, 11e8066ef9 and 92b9ae5c5d. 969 970 Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html 971 Reported and assisted by: Jon Torrey 972 973Daniel Stenberg (9 May 2014) 974- lib1506: make sure the transfers are not within the same ms 975 976 Just to make sure the test is properly repeatable. 977 978 Bug: http://curl.haxx.se/mail/lib-2014-05/0081.html 979 Reported-by: Henrik 980 981- libtests: add a wait_ms() function 982 983 This allows a libcurl test to portably sleep for a given number of 984 milliseconds. 985 986Steve Holme (9 May 2014) 987- tool_operate.c: Fixed TAB is white space from commit 5b8ae0a985 988 989- tool_urlglob.c: Fixed compilation warning 990 991 An enumerated type is mixed with another type. 992 993- tool_operate.c: Fixed compilation warnings 994 995 An enumerated type is mixed with another type. 996 997- getinfo.c: Fixed compilation warning 998 999 The indicated statement is not reachable. 1000 1001Daniel Stenberg (9 May 2014) 1002- CONTRIBUTE: mention our Bug/Reported-by commit style 1003 1004Kamil Dudka (9 May 2014) 1005- http: avoid auth failure on a duplicated header 1006 1007 ... 'WWW-Authenticate: Negotiate' received from server 1008 1009 Reported by: David Woodhouse 1010 Bug: https://bugzilla.redhat.com/1093348 1011 1012Daniel Stenberg (9 May 2014) 1013- cacertinmem: fix memory leak 1014 1015 While "just" an example it still isn't nice to leak memory. 1016 1017 Bug: http://curl.haxx.se/bug/view.cgi?id=1368 1018 Fixed-by: Marko 1019 1020- TODO: firefox will soon support SSL (HTTPS) to proxy 1021 1022Dan Fandrich (9 May 2014) 1023- test87: Get rid of extraneous square brackets in tag 1024 1025Daniel Stenberg (8 May 2014) 1026- [Patrick Watson brought this change] 1027 1028 mk-ca-bundle: added -p 1029 1030 -p takes a list of Mozilla trust purposes and levels for certificates to 1031 include in output. Takes the form of a comma separated list of 1032 purposes, a colon, and a comma separated list of levels. 1033 1034- FAQ: Added 5.18 Does libcurl use threads? 1035 1036Dan Fandrich (7 May 2014) 1037- RELEASE-NOTES: Added contributor 1038 1039- [Aaro Koskinen brought this change] 1040 1041 configure: Don't set LD_LIBRARY_PATH when cross-compiling 1042 1043 Most of LD_LIBRARY_PATH adjustments are already guarded, but not all. 1044 1045 The patch fixes cross-compilation failure when libidn is present. 1046 1047Steve Holme (7 May 2014) 1048- [Tatsuhiro Tsujikawa brought this change] 1049 1050 http2: Compile with latest nghttp2 1051 1052 Now nghttp2_submit_request returns assigned stream ID, we don't have 1053 to check stream ID using before_stream_send_callback. The 1054 adjust_priority_callback was removed. 1055 1056- curl.1: Added missing --login-options option 1057 1058 ...and removed ;OPTIONS from --user as that functionality was removed 1059 in 7.34.0. 1060 1061- tool_help: Fixed missing --login-options option 1062 1063 ...and removed ;OPTIONS from --user as that functionality was removed 1064 in 7.34.0. 1065 1066- url.c: Fixed compilation warning/error 1067 1068 Depending on compiler line 3505 could generate the following warning or 1069 error: 1070 1071 * warning: ISO C90 forbids mixed declarations and code 1072 * A declaration cannot appear after an executable statement in a block 1073 * error C2275: 'size_t' : illegal use of this type as an expression 1074 1075- TODO: Fixed some spelling mistakes 1076 1077- TODO: Add support for concurrent connections in ftpserver.pl 1078 1079- build: Fixed file format version number in VC12 solution files 1080 1081 Unlike previous versions of Visual Studio the VC12 solution file format 1082 does not increment the format version number, but instead, only changes 1083 the version comment text. 1084 1085 This incorrectly set version number would cause problems for any third 1086 party piece of software that would read the solution file expecting the 1087 version number to be 12.00 and found it to be 13.00, such as some build 1088 accelerators. 1089 1090 Verified against a freshly created solution file which was generated 1091 with VC12. 1092 1093- [Ivo Bellin Salarin brought this change] 1094 1095 build-openssl.bat: Corrected use of angled brackets in help output 1096 1097 Angled brackets were used in the help output to indicate that the 1098 compiler and platform arguments are mandatory. Unfortunately this 1099 caused a "< was unexpected at this time" error as the characters are 1100 interpreted as re-direction characters when not escaped. 1101 1102Dan Fandrich (6 May 2014) 1103- RELEASE-NOTES: changed encoding to UTF-8 1104 1105Daniel Stenberg (6 May 2014) 1106- RELEASE-NOTES: synced with 5de8d84098db1bd2 1107 1108- fix_hostname: strip off a single trailing dot from host name 1109 1110 Primarily for SNI, we need the host name without a trailing dot. 1111 "https://www.example.com." resolves fine but fails on SNI unless the dot 1112 is removed. 1113 1114 Reported-by: Leon Winter 1115 Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html 1116 1117- curl: bail on cookie use when built with disabled cookies 1118 1119- [Daniel Johnson brought this change] 1120 1121 Enable poll on darwin13 1122 1123 Poll has long been broken on Mac OS X. Starting with 10.9 (darwin13) it 1124 now works correctly so this patch enables it there. 1125 1126- curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS 1127 1128Dan Fandrich (5 May 2014) 1129- tests: Use standard libtest return codes when relevant 1130 1131- test1513: Don't return an uninitialized variable on init failure 1132 1133Daniel Stenberg (5 May 2014) 1134- [Jeff King brought this change] 1135 1136 curl_multi_cleanup: ignore SIGPIPE better 1137 1138 When looping and closing each individual connection left open, the 1139 SIGPIPE ignoring was not done and could thus lead to death by signal 13. 1140 1141 Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242 1142 1143- TODO: the FTP HOST command is now in RFC 7151 1144 1145- TODO: Update date and version in man pages 1146 1147 Mentioned in bug #1342 1148 1149- schannel: don't use the connect-timeout during send 1150 1151 As there's a default connection timeout and this wrongly used the 1152 connection timeout during a transfer after the connection is completed, 1153 this function would trigger timeouts during transfers erroneously. 1154 1155 Bug: http://curl.haxx.se/bug/view.cgi?id=1352 1156 Figured-out-by: Radu Simionescu 1157 1158- mprintf: allow %.s with data not being zero terminated 1159 1160 If the precision is indeed shorter than the string, don't strlen() to 1161 find the end because that's not how the precision operator works. 1162 1163 I also added a unit test for curl_msnprintf to make sure this works and 1164 that the fix doesn't a few other basic use cases. I found a POSIX 1165 compliance problem that I marked TODO in the unit test, and I figure we 1166 need to add more tests in the future. 1167 1168 Reported-by: Török Edwin 1169 1170Steve Holme (4 May 2014) 1171- RELEASE-NOTES: Synced with 4febbedc5a 1172 1173- curl_ntlm_core: Fixed use of long long for VC6 and VC7 1174 1175 Commit 07b66cbfa4 unfortunately broke native NTLM message support in 1176 compilers, such as VC6, VC7 and others, that don't support long long 1177 type declarations. This commit fixes VC6 and VC7 as they support the 1178 __int64 extension, however, we should consider an additional fix for 1179 other compilers that don't support this. 1180 1181- config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up 1182 1183 Fixed the HAVE_LONGLONG declaration as long long is supported in Visual 1184 Studio .NET 2003 (VC7.1) onwards. 1185 1186Daniel Stenberg (4 May 2014) 1187- openssl: biomem->data is not zero terminated 1188 1189 So printf(%s) on it or reading before bounds checking is wrong, fixing 1190 it. Could previously lead to reading out of boundary. 1191 1192 Reported-by: Török Edwin 1193 1194- BUILD.WINDOWS: update URL for windows prereqs 1195 1196- easy_perform: spelling mistake in error message 1197 1198Steve Holme (1 May 2014) 1199- Makefile.am: Added build-openssl.bat as README file references it 1200 1201 Missed in commit dce748d3f1. 1202 1203- build: Fixed Visual Studio project file generator missing some files 1204 1205 As of commit 6cdd88f22c the Visual Studio project file generator would 1206 skip the first and last file from each group of files. 1207 1208- build: Added OpenSSL VC build helper for side-by-side compilations 1209 1210- build: Added Visual Studio 2003 .NET (VC7.1) project files 1211 1212 Carrying on from commit 11025613b9 added VC7.1 project files which are 1213 capable of supporting side-by-side compilation, as well as support for 1214 some of the third-party libraries curl uses. 1215 1216Dan Fandrich (1 May 2014) 1217- test585: Fixed NULL pointer dereference in fopen 1218 1219Steve Holme (30 Apr 2014) 1220- build: Fixed generation when source file names contain spaces 1221 1222 This shouldn't happen with the source files in the repository, but 1223 fixed the output when there are spurious files lying around that 1224 contain spaces. For example "pop3 - Copy.c" 1225 1226 By including the offending source file in the project files the user 1227 can then see the file and remove it if necessary. 1228 1229- build: Added VC7 and VC7.1 support to the project file generator 1230 1231 Note: VC7.1 templates are currently not available. 1232 1233- build: Added VC6 and VC12 support to the project file generator 1234 1235- build: Added VC11 support to the project file generator 1236 1237- build: Added VC9 and VC10 support to the project file generator 1238 1239- build: Added Visual Studio project file generator 1240 1241 Added a batch file for generating the Visual Studio project files from 1242 the new template files. 1243 1244- copyright: Updated following recent edits 1245 1246Dan Fandrich (29 Apr 2014) 1247- runtests.pl: Improved the check for a crash during torture tests 1248 1249- Added a few more const where possible 1250 1251- unit1395: Fixed null pointer dereference on torture test 1252 1253Daniel Stenberg (27 Apr 2014) 1254- [Tatsuhiro Tsujikawa brought this change] 1255 1256 http2: Compile with latest nghttp2 1257 1258 commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required 1259 1260Steve Holme (27 Apr 2014) 1261- build: Added other VC6 output files to the .gitignore list 1262 1263- build: Corrected libcurl PDB file name for x64 builds in VC8 through VC12 1264 1265- build: Added Visual Studio .NET (VC7) project files 1266 1267 Carrying on from commit 11025613b9 added VC7 project files which are 1268 capable of supporting side-by-side compilation, as well as support for 1269 some of the third-party libraries curl uses. 1270 1271- build: Added Visual Studio 6.0 (VC6) project files 1272 1273 Carrying on from commit 11025613b9 added a more thorough version of 1274 the VC6 project files which are capable of supporting side-by-side 1275 compilation, as well as support for some of the third-party libraries 1276 curl uses. 1277 1278Daniel Stenberg (26 Apr 2014) 1279- INFILESIZE: fields in UserDefined must not be changed run-time 1280 1281 set.infilesize in this case was modified in several places, which could 1282 lead to repeated requests using the same handle to get unintendent/wrong 1283 consequences based on what the previous request did! 1284 1285Kamil Dudka (25 Apr 2014) 1286- nss: propagate blocking direction from NSPR I/O 1287 1288 ... during the non-blocking SSL handshake 1289 1290Daniel Stenberg (23 Apr 2014) 1291- test325: verify --proto-redir https=>http 1292 1293- handler: make 'protocol' always specified as a single bit 1294 1295 This makes the findprotocol() function work as intended so that libcurl 1296 can properly be restricted to not support HTTP while still supporting 1297 HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS 1298 bits in the protocol field. 1299 1300 This fixes --proto and --proto-redir for most SSL protocols. 1301 1302 This is done by adding a few new convenience defines that groups HTTP 1303 and HTTPS, FTP and FTPS etc that should then be used when the code wants 1304 to check for both protocols at once. PROTO_FAMILY_[protocol] style. 1305 1306 Bug: https://github.com/bagder/curl/pull/97 1307 Reported-by: drizzt 1308 1309Steve Holme (23 Apr 2014) 1310- build: Added Visual Studio 2013 (VC12) project files 1311 1312 Carrying on from commit 11025613b9 added VC12 project files which are 1313 capable of supporting side-by-side compilation, 32-bit and 64-bit 1314 builds as well as support for some of the third-party libraries curl 1315 uses. 1316 1317Dan Fandrich (23 Apr 2014) 1318- cyassl: Use error-ssl.h when available 1319 1320 Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use 1321 whichever one is available. 1322 1323Steve Holme (22 Apr 2014) 1324- RELEASE-NOTES: Synced with 386ed2d590 1325 1326Daniel Stenberg (22 Apr 2014) 1327- gtls: fix NULL pointer dereference 1328 1329 gnutls_x509_crt_import() must not be called with a NULL certificate 1330 1331 Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html 1332 Reported-by: Damian Dixon 1333 1334- curl_global_init_mem: bump initialized even if already initialized 1335 1336 As this makes curl_global_init_mem() behave the same way as 1337 curl_global_init() already does in that aspect - the same number of 1338 curl_global_cleanup() calls is then required to again decrease the 1339 counter and then eventually do the cleanup. 1340 1341 Bug: http://curl.haxx.se/bug/view.cgi?id=1362 1342 Reported-by: Tristan 1343 1344Kamil Dudka (22 Apr 2014) 1345- nss: implement non-blocking SSL handshake 1346 1347- nss: split Curl_nss_connect() into 4 functions 1348 1349Dan Fandrich (22 Apr 2014) 1350- tests: Fixed torture test for tests 1526 & 1527 1351 1352Marc Hoersken (22 Apr 2014) 1353- sockfilt.c: clean up threaded approach and add documentation 1354 1355- sockfilt.c: zero initialize variable 1356 1357- sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe 1358 1359Daniel Stenberg (22 Apr 2014) 1360- configure: use the nghttp2 path correctly with pkg-config 1361 1362 When --with-nghttp2 was used (without a given path), the 1363 PKG_CONFIG_LIBDIR varialbe could get clobbered and ruin a proper 1364 detection of the library. 1365 1366 Reported-by: Dilyan Palauzov 1367 Bug: http://curl.haxx.se/mail/lib-2014-04/0159.html 1368 1369- [Dilyan Palauzov brought this change] 1370 1371 configure: fix wrong comment 1372 1373 copy and paste error 1374 1375Steve Holme (21 Apr 2014) 1376- build: Fixed output name for Release builds in VC10 and VC11 1377 1378Marc Hoersken (20 Apr 2014) 1379- sockfilt.c: properly handle disk files, pipes and character input 1380 1381- sockfilt.c: ignore non-key-events and continue waiting for input 1382 1383- sockfilt.c: free memory in case of memory allocation errors 1384 1385- multi.c: fix possible invalid memory access in case nfds overflows 1386 1387 ufds might not be allocated in case nfds overflows to zero while 1388 extra_nfds is still non-zero. udfs is then accessed within the 1389 extra_nfds-based for loop. 1390 1391- netrc.c: fix multiple possible dereferences of null pointers 1392 1393- parsedate.c: check sscanf result before passing it to strlen 1394 1395- telnet.c: check sscanf results before passing them to snprintf 1396 1397- telnet.c: fix possible use of uninitialized variable 1398 1399- telnet.c: fix possible use of non-null-terminated strings 1400 1401- url.c: fix possible use of non-null-terminated string with strlen 1402 1403 Follow up on b0e742544be22ede33206a597b22682e51e0c676 1404 1405- tool_writeout.c: initialize string pointer variable 1406 1407- tool_formparse.c: fix possible use of non-null-terminated strings 1408 1409- url.c: fix possible use of non-null-terminated string with strlen 1410 1411- connect.c: fix multiple possible dereferences of null pointers 1412 1413 In case the first address in the tempaddr array is NULL, 1414 the code would previously dereference an unchecked null pointer. 1415 1416- tftp.c: fix possible dereference of null pointer 1417 1418- tool_urlglob.c: added some comments to clarify for loop conditions 1419 1420 I was tempted to change those to >= 0 until I saw that this is 1421 actually a for loop that terminates once i underflows. 1422 1423- socks_sspi.c: added pointer guards to FreeContextBuffer calls 1424 1425 The FreeContextBuffer SAL declaration does not declare the pointer 1426 as optional, therefore it must not be NULL. 1427 1428- md5.c: fix use of uninitialized variable 1429 1430- curl_schannel.c: added explicit cast of structure pointers 1431 1432- curl_schannel.c: fix possible dereference of null pointer 1433 1434Steve Holme (18 Apr 2014) 1435- RELEASE-NOTES: Synced with 33e0cba8f1 1436 1437- curl_easy_setopt: Updated CURLOPT_URL to include IMAP PARTIAL FETCH example 1438 1439- imap: Extended FETCH support to include PARTIAL URL specifier 1440 1441- url.c: Fixed typo in comment 1442 1443- curl_easy_setopt: Updated CURLOPT_URL to include IMAP query string examples 1444 1445- test810: Updated to use new IMAP URL query string functionality 1446 1447- imap: Expanded mailbox SEARCH support to use URL query strings 1448 1449- imap: Added support for parsing URL query strings 1450 1451 Added support for parsing query strings from the URL as defined by 1452 RFC-5092. 1453 1454- imap: Introduced the SEARCH state 1455 1456- imap: Fixed untagged response detection when no data after command 1457 1458 Should a command return untagged responses that contained no data then 1459 the imap_matchresp() function would not detect them as valid responses, 1460 as it wasn't taking the CRLF characters into account at the end of each 1461 line. 1462 1463- build: Added Visual Studio 2012 (VC11) project files 1464 1465 Carrying on from commit 11025613b9 added VC11 project files which are 1466 capable of supporting side-by-side compilation, 32-bit and 64-bit 1467 builds as well as support for some of the third-party libraries curl 1468 uses. 1469 1470- build: Corrected Visual Studio solutions for DLL Release x64 1471 1472Daniel Stenberg (17 Apr 2014) 1473- README.http2: mention some alt-svc thoughts 1474 1475Steve Holme (16 Apr 2014) 1476- Makefile.am: Missed separator in commit fbaa2f8660 1477 1478- build: Added Visual Studio 2010 (VC10) project files 1479 1480 Carrying on from commit 11025613b9 added VC10 project files which are 1481 capable of supporting side-by-side compilation, 32-bit and 64-bit 1482 builds as well as support for some of the third-party libraries curl 1483 uses. 1484 1485Dan Fandrich (14 Apr 2014) 1486- url: only use if_nametoindex() if IFNAMSIZ is available 1487 1488- symbian: fixed typo in comment 1489 1490Steve Holme (9 Apr 2014) 1491- build: Added Visual Studio 2008 (VC9) project files 1492 1493 Carrying on from commit 11025613b9, added VC9 project files which are 1494 capable of supporting side-by-side compilation, 32-bit and 64-bit 1495 builds as well as support for some of the third-party libraries curl 1496 uses. 1497 1498- sas: Added DIGEST-MD5 qop-option validation in native challange handling 1499 1500 Given that we presently support "auth" and not "auth-int" or "auth-conf" 1501 for native challenge-response messages, added client side validation of 1502 the quality-of-protection options from the server's challenge message. 1503 1504Daniel Stenberg (8 Apr 2014) 1505- dist: include the projects/ files in releases 1506 1507 ... the recent MSVC project files added by Steve Holme 1508 1509- strerror: fix comment about vxworks' strerror_r buffer size 1510 1511 Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html 1512 Reported-by: Jeroen Koekkoek 1513 1514Steve Holme (6 Apr 2014) 1515- sasl: Added forward declaration of structures following recent changes 1516 1517 To avoid urldata.h being included from the header file or that the 1518 source file has the correct include order as highlighted by one of 1519 the auto builds recently. 1520 1521- RELEASE-NOTES: Synced with 5cdb61abb2 1522 1523- tests: Disabled DIGEST-MD5 tests when running with SSPI enabled 1524 1525- sasl: Fixed compilation warning 1526 1527 warning: no previous prototype for 'Curl_sasl_create_digest_md5_message' 1528 1529- sasl: Added curl_memory.h include as per test 1132 1530 1531- sasl: Fixed compilation warning in SSPI builds 1532 1533 warning: 'sasl_digest_get_key_value' defined but not used 1534 1535- sasl: Corrected missing free of decoded challenge message from 607883f13c 1536 1537- sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 1538 1539- sasl: Post DIGEST-MD5 SSPI code tidy up 1540 1541 * Added comments to SSPI NTLM message generation 1542 * Added comments to native DIGEST-MD5 code 1543 * Removed redundant identity pointer 1544 1545- sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code 1546 1547 When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not 1548 be included, regardless of whether USE__WINDOWS_SSPI is defined or not. 1549 This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM 1550 in curl_setup.h. 1551 1552- sasl: Added support for DIGEST-MD5 via Windows SSPI 1553 1554- http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined 1555 1556- Makefile.vc6: Added curl_sasl_sspi.c 1557 1558- Makefile.vc6: Follow up fix to commit 45d3f00803 1559 1560- ntlm: Moved the identity generation into shared SSPI code 1561 1562- sasl: Renamed SSPI module following short name clash 1563 1564- sasl: Added initial stub functions for SSPI DIGEST-MD support 1565 1566- sasl: Combined DIGEST-MD5 message decoding and generation 1567 1568Marc Hoersken (5 Apr 2014) 1569- Makefile.vc6: added warnless.c to fix build 1570 1571Steve Holme (5 Apr 2014) 1572- winbuild: Updated the VC++ make instructions following commit 11025613b9 1573 1574 * Added information regarding the February 2003 Platform SDK for VC6 1575 * Updated the introduction to be similar to the IDE projects README 1576 1577Daniel Stenberg (5 Apr 2014) 1578- [Tatsuhiro Tsujikawa brought this change] 1579 1580 http2: Compile with current nghttp2, which supports h2-11 1581 1582Steve Holme (5 Apr 2014) 1583- winbuild: Added Visual Studio 2005 (VC8) project files 1584 1585 Added a more thorough version of the VC8 project files that exist in 1586 the "vs" folder with the intention to add support for other versions of 1587 Visual Studio. These files support side-by-side compilation, 32-bit and 1588 64-bit builds as well as support for some of the third-party libraries 1589 curl uses. 1590 1591Daniel Stenberg (4 Apr 2014) 1592- curl_easy_setopt: fix wrong version number references 1593 1594- docs: this is for 7.37.0 1595 1596 And clarify for curl that --proxy-header now must be used for headers 1597 that are meant for a proxy, and they will not be included if the request 1598 is not for a proxy. 1599 1600- PROXYHEADER: send these headers in "normal" proxy requests too 1601 1602 Updated the docs to clarify and the code accordingly, with test 1528 to 1603 verify: 1604 1605 When CURLHEADER_SEPARATE is set and libcurl is asked to send a request 1606 to a proxy but it isn't CONNECT, then _both_ header lists 1607 (CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the 1608 single request is then made for both the proxy and the server. 1609 1610- test1428: verify --proxy-header 1611 1612- curl.1: documented --proxy-header 1613 1614- [Maciej Puzio brought this change] 1615 1616 curl: add --proxy-header 1617 1618- symbols-in-versions: Added CURLHEADER_* 1619 1620 ... and sorted the list 1621 1622- CURLOPT_HEADEROPT: added 1623 1624 Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER 1625 is actually used or not. 1626 1627- CURLOPT_PROXYHEADER: set headers for proxy-only 1628 1629 Includes docs and new test cases: 1525, 1526 and 1527 1630 1631 Co-written-by: Vijay Panghal 1632 1633- HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue 1634 1635 Without request body there's no point in asking for 100-continue. 1636 1637 Bug: http://curl.haxx.se/bug/view.cgi?id=1349 1638 Reported-by: JimS 1639 1640- ftp: in passive data connect wait for happy eyeballs sockets 1641 1642 When doing passive FTP, the multi state function needs to extract and 1643 use the happy eyeballs sockets to wait for to check for completion! 1644 1645 Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined) 1646 Reported-by: Alan 1647 1648- http2+openssl: fix compiler warnings in ALPN using code 1649 1650Dan Fandrich (3 Apr 2014) 1651- tests: unified use of some keywords 1652 1653- tests: added some missing closing tags 1654 1655Daniel Stenberg (3 Apr 2014) 1656- runtests: insist on a <keywords> section 1657 1658 Since all present tests now have <keywords> listed, this script will now 1659 refuse to run a given test case if no such section is provided. 1660 Hopefully this will help us make sure new test cases get keywords added 1661 at start. 1662 1663- tests: add keywords to the last 7 tests lacking them 1664 1665Steve Holme (1 Apr 2014) 1666- smtp: Fixed login denied with a RFC-821 based server 1667 1668 In addition to commit fe260b75e7 fixed the same issue for RFC-821 based 1669 SMTP servers and allow the credientials to be given to curl even though 1670 they are not used with the server. 1671 1672- tests: Added SMTP with credientials test when not supported by server 1673 1674Daniel Stenberg (1 Apr 2014) 1675- urldata: spellfix comment 1676 1677 Reported-by: Melissa 1678 1679Steve Holme (31 Mar 2014) 1680- RELEASE-NOTES: Synced with dd07e79023 1681 1682- tests: Added SMTP with credentials test for RFC-821 based server 1683 1684 Added SMTP (RFC-821 only) based test case as a reference for the fix 1685 provided by commit fe260b75e7. 1686 1687Daniel Stenberg (31 Mar 2014) 1688- ipv6: strip off zone identifiers in redirects too 1689 1690 Follow up to 9317eced984 makes test 1056 work again. 1691 1692Dan Fandrich (31 Mar 2014) 1693- docs: Removed mention of -g hack when using IPv6 literals 1694 1695 This limitation was removed in commit 0bc4938e 1696 1697Daniel Stenberg (31 Mar 2014) 1698- http2: let openssl mention the exact protocol negotiated 1699 1700 Remove a superfluous "negotiated http2" info line 1701 1702- http2: remove _DRAFT09 from the NPN_HTTP2 enum 1703 1704 We're progressing throught drafts so there's no point in having a fixed 1705 one in a symbol that'll survive. 1706 1707- [Till Maas brought this change] 1708 1709 URL parser: IPv6 zone identifiers are now supported 1710 1711- [Paul Marks brought this change] 1712 1713 curl: stop interpreting IPv6 literals as glob patterns. 1714 1715 This makes it possible to fetch from an IPv6 literal without specifying 1716 the -g option. Globbing remains available elsehwere in the URL. 1717 1718 For example: 1719 curl http://[::1]/file[1-3].txt 1720 1721 This creates no ambiguity, because there is no overlap between the 1722 syntax of valid globs and valid IPv6 literals. Globs contain hyphens 1723 and at most 1 colon, while IPv6 literals have no hyphens, and at least 2 1724 colons. 1725 1726 The peek_ipv6() parser simply whitelists a set of characters and counts 1727 colons, because the real validation happens later on. The character set 1728 includes A-Z, in case someone decides to implement support for scopes 1729 like [fe80::1%25eth0] in the future. 1730 1731 Signed-off-by: Paul Marks <pmarks@google.com> 1732 1733Steve Holme (30 Mar 2014) 1734- test938: Updated to use file input for upload 1735 1736 As the second URL won't be passed input from stdin. 1737 1738- test836: Fixed incorrect username in expected output 1739 1740Daniel Stenberg (30 Mar 2014) 1741- DISABLED: 836, 882 and 938 hang 1742 1743- runtests: check protocol before data 1744 1745 When the protocol part fails, the data usually does too but the protocol 1746 part is often more fundamental and often provide the clues you need to 1747 fix the test case. 1748 1749Steve Holme (30 Mar 2014) 1750- ftpserver.pl: Extended the full text reply regular expression 1751 1752 Extended the regex to include other valid characters such as those used 1753 in the reply text of Test 836. 1754 1755Daniel Stenberg (30 Mar 2014) 1756- keywords: sort case insensitive 1757 1758- tests: remove trailing CRs from keywords 1759 1760- keywords: sort keywords alphabetically 1761 1762- keywords: don't use STDERR for good info 1763 1764Steve Holme (30 Mar 2014) 1765- tests: Added email unit tests to verify login credential connection re-use 1766 1767- tests: Corrected "APOP" authentication keyword 1768 1769- tests: Replaced email authentication keywords with SASL based keywords 1770 1771 As the email protocols implement SASL authentication rather than IMAP, 1772 POP3 and SMTP specific authentication, updated the authentication 1773 keywords to reflect this. 1774 1775- tests: Added "Clear Text" authentication keyword 1776 1777- tests: Added "SASL" authentication keyword 1778 1779- imap-append.c: Fixed compilation errors on some platforms 1780 1781 In the initializer for len, there is no prototype for "strlen". 1782 In this statement, there is no prototype for "memcpy". 1783 1784- ftpserver.pl: Removed some unused variables 1785 1786- ftpserver.pl: Reworked some variable names to be more meaningful 1787 1788- ftpserver.pl: Corrected some indentation in senddata() 1789 1790Daniel Stenberg (29 Mar 2014) 1791- lib1513: fix callback proto to silence warning 1792 1793Steve Holme (29 Mar 2014) 1794- ftpserver.pl: Added fallback to <data> support when using multiple URLs 1795 1796 Added support for falling back to <data> when <data1>, <data2>, etc... 1797 don't exist in the <reply> section of a unit test. 1798 1799- ftpserver.pl: Updated email based get reply data code to use new method 1800 1801- ftpserver.pl: Fixed syntax error from commit 3a29ee41 1802 1803- ftpserver.pl: Updated argument code in STATUS_imap() to be more meaningful 1804 1805- ftpserver.pl: Introduced common method for getting a test's reply data 1806 1807- smtp: Fixed login denied when server doesn't support AUTH capability 1808 1809 Specifying user credentials when the SMTP server doesn't support 1810 authentication would cause curl to display "No known authentication 1811 mechanisms supported!" and return CURLE_LOGIN_DENIED. 1812 1813 Reported-by: Tom Sparrow 1814 Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html 1815 1816Daniel Stenberg (28 Mar 2014) 1817- [Cody Mack brought this change] 1818 1819 winbuild: added warnless.c to fix build 1820 1821Dan Fandrich (26 Mar 2014) 1822- hostcheck: added a system include to define struct in_addr 1823 1824- test1397: Fixed compilation with some SSL backends 1825 1826 The test is only valid when one of four SSL backends is in use, 1827 and must otherwise return success. 1828 1829- test815/816: Use authentication for both URLs 1830 1831 The improved connection reuse logic would otherwise create a new 1832 connection for each one, which isn't supported by the test 1833 server, nor expected by the test. 1834 1835Daniel Stenberg (26 Mar 2014) 1836- mkhelp: generate code for --disable-manual as well 1837 1838 This allows configure --disable-manual to run and build without having 1839 to regenerate the src/tool_hugehelp.c file which otherwise is necessary 1840 since we ship tarballs with that file present. 1841 1842 Reported-by: Remi Gacogne 1843 Bug: http://curl.haxx.se/bug/view.cgi?id=1350 1844 1845- bump: start the 7.37.0 race 1846 1847Version 7.36.0 (26 Mar 2014) 1848 1849Daniel Stenberg (26 Mar 2014) 1850- RELEASE-NOTES: 7.36.0 1851 1852- [Richard J. Moore brought this change] 1853 1854 test1397: unit test for certificate name wildcard handling 1855 1856- Curl_cert_hostcheck: strip trailing dots in host name and wildcard 1857 1858 Reported-by: Richard Moore 1859 1860- Curl_cert_hostcheck: reject IP address wildcard matches 1861 1862 There are server certificates used with IP address in the CN field, but 1863 we MUST not allow wild cart certs for hostnames given as IP addresses 1864 only. Therefore we must make Curl_cert_hostcheck() fail such attempts. 1865 1866 Bug: http://curl.haxx.se/docs/adv_20140326B.html 1867 Reported-by: Richard Moore 1868 1869- [Steve Holme brought this change] 1870 1871 url: Fixed connection re-use when using different log-in credentials 1872 1873 In addition to FTP, other connection based protocols such as IMAP, POP3, 1874 SMTP, SCP, SFTP and LDAP require a new connection when different log-in 1875 credentials are specified. Fixed the detection logic to include these 1876 other protocols. 1877 1878 Bug: http://curl.haxx.se/docs/adv_20140326A.html 1879 1880- THANKS: 14 new friends from the 7.36.0 announcement 1881 1882- RELEASE-NOTES: synced with 3ebfaf6a0399b6a 1883 1884Steve Holme (23 Mar 2014) 1885- tool_operate: Fixed uninitialised variable under some error situations 1886 1887 For example when a URL is not specified or the headers file fails to 1888 open. 1889 1890- tool_parsecfg: Reworked error handling from commit fc59a9e1 1891 1892- tool_getparam: Removed "dead assignment" code introduced in commit 1a9b58fc 1893 1894Daniel Stenberg (22 Mar 2014) 1895- [Gisle Vanem brought this change] 1896 1897 polarssl: avoid extra newlines in debug messages 1898 1899 The debug messages printed inside PolarSSL always seems to end with a 1900 newline. So 'infof()' should not add one. Besides the trace 'line' 1901 should be 'const'. 1902 1903- rtsp: parse "Session:" header properly 1904 1905 The parser skipped the initial letter, which presumably often is 1906 whitespace but doesn't have to be. 1907 1908 Reported-by: Mike Hasselberg 1909 Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html 1910 1911- runtests.pl: verify specified test cases 1912 1913 To better allow arguments like "1 to 9999" without flooding the terminal 1914 with error messages, the given test cases range is now checked and only 1915 test numbers with existing files are actually run. 1916 1917Dan Fandrich (19 Mar 2014) 1918- RELEASE-NOTES: fixed typo 1919 1920Daniel Stenberg (19 Mar 2014) 1921- trynextip: don't store 'ai' on failed connects... 1922 1923 It leads to the "next family" tries starting from the wrong point and thus 1924 fails! 1925 1926 Bug: http://curl.haxx.se/bug/view.cgi?id=1337 1927 Reported-by: ricker 1928 1929- RELEASE-NOTES: synced with 47f8e99e78c 1930 1931- [Gaël PORTAY brought this change] 1932 1933 polarssl: fix possible handshake timeout issue in multi. 1934 1935 Because of the socket is unblocking, PolarSSL does need call to getsock to 1936 get the action to perform in multi environment. 1937 1938 In some cases, it might happen we have not received yet all data to perform 1939 the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state 1940 is updated but because of the getsock has not the proper #define macro to, 1941 the library never prevents to select socket for input thus the socket will 1942 never be awaken when last data is available. Thus it leads to timeout. 1943 1944- [Gaël PORTAY brought this change] 1945 1946 polarssl: break compatibility with version older than 1.3. 1947 1948 Remove all #ifdef/else/endif macros that ensure compatibility with polarssl 1949 version previous than 1.3. 1950 1951- [Gaël PORTAY brought this change] 1952 1953 polarssl: drop use of 1.2 compatibility header. 1954 1955 API has changed since version 1.3. A compatibility header has been created 1956 to ensure forward compatibility for code using old API: 1957 * x509 certificate structure has been renamed to from x509_cert to 1958 x509_crt 1959 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa, 1960 ssl_set_own_cert is for generic keys 1961 * ssl_default_ciphersuites has been replaced by function 1962 ssl_list_ciphersuites() 1963 1964 This patch drops the use of the compatibly header. 1965 1966- polarssl: added missing end-of-comment from previous commit 1967 1968- polarssl: now require 1.3.0+ 1969 1970 Also fixed a function name change in the version requirement bump 1971 1972- [hasufell brought this change] 1973 1974 polarssl: fix compilation 1975 1976 Rename x509_cert to x509_crt and add "compat-1.2.h" 1977 include. 1978 This would still need some more thorough conversion 1979 in order to drop "compat-1.2.h" include. 1980 1981Kamil Dudka (15 Mar 2014) 1982- nss: allow to enable/disable new AES GCM cipher-suites 1983 1984 ... if built against a new enough version of NSS 1985 1986- nss: allow to enable/disable new HMAC-SHA256 cipher-suites 1987 1988 ... if built against a new enough version of NSS 1989 1990- nss: do not enable AES cipher-suites by default 1991 1992 ... but allow them to be enabled/disabled explicitly. The default 1993 policy should be maintained at the NSS level. 1994 1995Dan Fandrich (15 Mar 2014) 1996- tests: made the SASL modes separate keywords 1997 1998- tests: added missing HTTP NTLM auth keywords 1999 2000 Also, removed an unneeded strippart 2001 2002- tests: disable valgrind on the remaining scp/sftp tests 2003 2004- valgrind.supp: added another test 165 suppression 2005 2006 This one seems to come and go as the optimizer decides how best 2007 to inline some functions. 2008 2009- ssh: prevent a logic error that could result in an infinite loop 2010 2011- docs: fixed a bunch of typos 2012 2013- test640/1: add tests for --head with sftp and scp 2014 2015 This option is currently rather useless with these protocols 2016 when no quote command is given, but it is valid. 2017 2018- ssh: removed a redundant close state transition 2019 2020- ssh: abort immediately on a header callback error 2021 2022Daniel Stenberg (14 Mar 2014) 2023- chunked-encoding: provide a readable error string for chunked errors 2024 2025- TODO: remove http2, we now have it 2026 2027- [Tatsuhiro Tsujikawa brought this change] 2028 2029 http2: free resources on disconnect 2030 2031 ... and use Curl_safefree() instead of free() 2032 2033- openssl: info massage with SSL version used 2034 2035 Patch-by: byte_bucket 2036 2037Steve Holme (9 Mar 2014) 2038- RELEASE-NOTES: Synced with 8ddda0e999 2039 2040Daniel Stenberg (9 Mar 2014) 2041- README.http2: clarify the build prerequisites 2042 2043- SSL-PROBLEMS: add "missing intermediate certificates" piece 2044 2045- SSL-PROBLEMS: describes common curl+SSL problems 2046 2047Nick Zitzmann (8 Mar 2014) 2048- docs: remove documentation on setting up krb4 support 2049 2050 The information about building with Kerberos4 support was half a year out 2051 of date. We dropped support for that. 2052 2053Daniel Stenberg (6 Mar 2014) 2054- ssh: fix compiler warning converting ssize_t to int 2055 2056Dan Fandrich (6 Mar 2014) 2057- ssh: Fixed a style warning 2058 2059 Also, combined a couple of #ifdef sections 2060 2061- ssh: Pass errors from libssh2_sftp_read up the stack 2062 2063Daniel Stenberg (6 Mar 2014) 2064- parse_remote_port: error out on illegal port numbers better 2065 2066- remote_port: allow connect to port 0 2067 2068 Port number zero is perfectly allowed to connect to. I moved to storing 2069 the remote port number in an int so that -1 means undefined and 0-65535 2070 can be used for legitimate port numbers. 2071 2072- multi_runsingle: move timestamp into INIT 2073 2074 Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the 2075 drawback that for actions that go back to the CONNECT state, the time 2076 stamp is reset and for the multi_socket API there's no corresponding 2077 Curl_expire() then so the timeout logic gets wrong! 2078 2079 Reported-by: Brad Spencer 2080 Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html 2081 2082- hostcheck: update comment after previous change 2083 2084- hostcheck: Curl_cert_hostcheck is not used by NSS builds 2085 2086- [Michael Osipov brought this change] 2087 2088 configure: call it GSS-API 2089 2090 ... since that’s how the RFC calls it. 2091 2092- x509asn: moved out Curl_verifyhost from NSS builds 2093 2094 ... as it isn't used then! 2095 2096- NSS: avoid compiler warnings when built without http2 support 2097 2098- [Jiri Malak brought this change] 2099 2100 Rework Open Watcom make files to use standard Wmake features 2101 2102 Remove slash/backslash problem, now only slashes are used, 2103 Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it. 2104 Enable spaces in path. 2105 Use internal rm command for all host platforms 2106 Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported 2107 2108- [Jiri Malak brought this change] 2109 2110 parsedate: Fixed compilation warning 2111 2112 Remove compilation message for platforms where size of long type 2113 is equal size of int type. 2114 2115Steve Holme (2 Mar 2014) 2116- RELEASE-NOTES: Synced with 7fef4016de 2117 2118- tool: Do not output libcurl source for the information only parameters 2119 2120 Ensure a source file isn't generated for the following informational 2121 command line parameters when --libcurl is specified: 2122 2123 --help, --manual, --version and --engine list 2124 2125 As the output would only include a fairly empty looking main() function 2126 and a call to curl_easy_init() and curl_easy_cleanup() when performed 2127 with --engine list. 2128 2129- tool: Fixed libcurl source output for multiple operations 2130 2131 Correctly output libcurl source code that includes multiply operations 2132 as specified by --next. Note that each operation evaluates to a single 2133 curl_easy_perform() in source code form. 2134 2135 Also note that the output could be optimised a little so global config 2136 options are only output once rather than per operation as is presently 2137 the case. 2138 2139- tool_metalink.h: Fixed compilation warning 2140 2141 warning: declaration of 'struct GlobalConfig' will not be visible 2142 outside of this function 2143 2144- tool: Moved internal variable isatty to the global config 2145 2146- tool_operate.c: Fixed compilation error 2147 2148 incompatible types - from 'OperationConfig *' to 'GlobalConfig *' 2149 2150- tool: Moved --libcurl to the global config 2151 2152- tool: Moved --progress-bar to the global config 2153 2154- tool: Moved --stderr to the global config 2155 2156- transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5e 2157 2158Daniel Stenberg (28 Feb 2014) 2159- [Tatsuhiro Tsujikawa brought this change] 2160 2161 Fix bug that HTTP/2 hangs if whole response body is read with headers 2162 2163 For HTTP/2, we may read up everything including responde body with 2164 header fields in Curl_http_readwrite_headers. If no content-length is 2165 provided, curl waits for the connection close, which we emulate it 2166 using conn->proto.httpc.closed = TRUE. The thing is if we read 2167 everything, then http2_recv won't be called and we cannot signal the 2168 HTTP/2 stream has closed. As a workaround, we return nonzero from 2169 data_pending to call http2_recv. 2170 2171- http2: build with current nghttp2 version 2172 2173 nghttp2 has yet again extended its callback struct and this is an 2174 attempt to make curl compile with nghttp2 from current git 2175 2176Dan Fandrich (28 Feb 2014) 2177- tool_main: Fixed a memory leak on main_init error 2178 2179Steve Holme (28 Feb 2014) 2180- test96: Updated accordly for recent changes 2181 2182- tool_cfgable: Code policing of structure pointers 2183 2184- tool: Moved --trace and --verbose to the global config 2185 2186- tool_main: Forgot to initialise the first operation's global pointer 2187 2188- tool: Moved --silient to the global config 2189 2190 Other global options such as --libcurl, --trace and --verbose to 2191 follow. 2192 2193- tool_cfgable: Added GlobalConfig pointer to OperationConfig 2194 2195 In order to ease the moving of global options such as the error stream, 2196 updated the OperationConfig structure to point to the GlobalConfig. 2197 2198- tool: Added support to .curlrc for URL specific options 2199 2200 In addition to adding support for URL specific options via the command 2201 line with --next it is now possible to specify "next" in .curlrc. 2202 2203- tool: Reworked argument parsing to use --next/-: 2204 2205 Follow up to commit 1a9b58fcb2 to replace the : command line option 2206 with --next and -:. 2207 2208- tool_getparam: Added initial support for --next/-: 2209 2210 Added initial support for --next/-: which will be used to replace the 2211 rather confusing : command line operation what was used for the URL 2212 specific options prototype. 2213 2214Dan Fandrich (26 Feb 2014) 2215- valgrind.supp: tweaked a test 165 suppression 2216 2217 A recent change seems to have slightly changed the call stack 2218 produced by the gcc optimizer. 2219 2220nickzman (25 Feb 2014) 2221- Merge pull request #93 from d235j/darwinssl_ip_address_fix 2222 2223 darwinssl: don't omit CN verification when an IP address is used 2224 2225Daniel Stenberg (25 Feb 2014) 2226- parse_args: fix a too long source code line 2227 2228- [naota brought this change] 2229 2230 configure: Tiny fix to honor POSIX 2231 2232 Change "==" to "=" to honor POSIX test construction. 2233 2234Steve Holme (25 Feb 2014) 2235- tool_help: Moved --no-alpn and --no-npn to be listed alphabetically 2236 2237 ...and added the HTTP suffix as these options are only used for HTTP2 2238 based connections. 2239 2240- tool: Moved --showerror to the global config 2241 2242 Other global options such as --libcurl, --trace and --verbose to 2243 follow. 2244 2245- tool_getparam: Added global config to getparameter() 2246 2247 In preparation for parsing global options added the GlobalConfig 2248 structure to the getparameter() function. 2249 2250- tool_getparam.h: Fixed compilation warning 2251 2252 warning: declaration of 'struct GlobalConfig' will not be visible 2253 outside of this function 2254 2255Marc Hoersken (24 Feb 2014) 2256- RELEASE-NOTES: Updated for 63fc8ee7 2257 2258Steve Holme (24 Feb 2014) 2259- tool_cfgable: Added support for knowing the current operation 2260 2261Marc Hoersken (24 Feb 2014) 2262- curl_schannel.c: Updated copyright years 2263 2264- [David Ryskalczyk brought this change] 2265 2266 winssl: Enable hostname verification of IP address using SAN or CN 2267 2268 Original commit message was: 2269 Don't omit CN verification in SChannel when an IP address is used. 2270 2271 Side-effect of this change: 2272 SChannel and CryptoAPI do not support the iPAddress subjectAltName 2273 according to RFC 2818. If present, SChannel will first compare the 2274 IP address to the dNSName subjectAltNames and then fallback to the 2275 most specific Common Name in the Subject field of the certificate. 2276 2277 This means that after this change curl will not connect to SSL/TLS 2278 hosts as long as the IP address is not specified in the SAN or CN 2279 of the server certificate or the verifyhost option is disabled. 2280 2281Steve Holme (24 Feb 2014) 2282- tool_operate: Moved easy handle cleanup into tool_main 2283 2284Marc Hoersken (24 Feb 2014) 2285- tool_hugehelp: partially reverted 24e22e10 2286 2287 Compilation was not possible if manuel is disabled due this error: 2288 error: macro "hugehelp" passed 1 arguments, but takes just 0 2289 void hugehelp(void) {} 2290 2291Steve Holme (24 Feb 2014) 2292- tool_main: Moved easy handle into global config structure 2293 2294David Ryskalczyk (23 Feb 2014) 2295- Don't omit CN verification in DarwinSSL when an IP address is used. 2296 2297Steve Holme (23 Feb 2014) 2298- tool: Fixed line longer than 79 characters from commit 705a4cb549 2299 2300- tool_main: Corrected typo from commit d6b9f054e9 in Symbian code 2301 2302- tool_main: Moved OperateConfig cleanup into main_free() 2303 2304- tool_main: Moved initial OperateConfig creation into main_init() 2305 2306- tool_cfgable: Added global config structure 2307 2308- tool_cfgable: Renamed Configurable structure to OperationConfig 2309 2310 To allow for the addition of a global config structure and prevent 2311 confusion between the two. 2312 2313- tool: Fixed incorrect return code with --version from commit c10bf9bb36 2314 2315- RELEASE-NOTES: Synced with 8c80840d01 2316 2317- tool_getparam: Moved tool_help() call into operate() 2318 2319- tool_getparam: Moved hugehelp() call into operate() 2320 2321- tool_getparam: Moved tool_version_info() call into operate() 2322 2323- tool_cfgable: Removed list_engine flag from config structure 2324 2325 In preparation for separating the global config options from the per 2326 operation config options, reworked the list engines code to not use a 2327 member variable in the Configurable structure. 2328 2329- tool_operate: Start to use CURLcode rather than int for return codes 2330 2331 To help assist with the detection of incorrect return codes, as per 2332 commits ee23d13a79, 33b8960dc8 and aba98991a5, updated the operate 2333 based functions to return CURLcode error codes. 2334 2335- tool: Fixed incorrect return code when setting HTTP request fails 2336 2337 During initialisation SetHTTPrequest() may fail and cURL would return 2338 PARAM_BAD_USE, which is equivalent to CURLE_NOT_BUILT_IN in cURL error 2339 terms. 2340 2341 Instead, return CURLE_FAILED_INIT as we do for other functions that may 2342 fail during initialisation. 2343 2344- tool_getparam: Moved version information into separate function in tool_help 2345 2346- tool_operhlp.h: Fixed compilation warning 2347 2348 warning: 'struct Configurable' declared inside parameter list 2349 2350- tool_operhlp: Consolidated engine output code into tool_help 2351 2352- tool_operate: Moved list engines into separate function in tool_help 2353 2354Marc Hoersken (22 Feb 2014) 2355- RELEASE-NOTES: added note about impact of changes to WinSSL defaults 2356 2357- stunnel: regenerated self-signed test certificate with SHA1 hash 2358 2359 The previous test certificate contained a MD5 hash which is not 2360 supported using TLSv1.2 with Schannel on Windows 7 or newer. 2361 2362 See the update to this blog post on IEInternals / MSDN: 2363 http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/ 2364 misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx 2365 2366 "Update: If the server negotiates a TLS1.2 connection with a 2367 Windows 7 or 8 schannel.dll-using client application, and it 2368 provides a certificate chain which uses the (weak) MD5 hash 2369 algorithm, the client will abort the connection (TCP/IP FIN) 2370 upon receipt of the certificate." 2371 2372Dan Fandrich (22 Feb 2014) 2373- easy: Fixed a memory leak on OOM condition 2374 2375Steve Holme (20 Feb 2014) 2376- tool_paramhlp: Fixed compilation warnings 2377 2378 declaration of 'index' shadows a global declaration 2379 2380- lib1515.c: Fixed #include path in commit 647f83e809 2381 2382Daniel Stenberg (19 Feb 2014) 2383- [Maks Naumov brought this change] 2384 2385 test1515: fix compilation with msvc 2386 2387 ... or any other systems lacking a native snprintf 2388 2389- SFTP: skip reading the dir when NOBODY=1 2390 2391 When asking for an SFTP directory with NOBODY set, no directory contents 2392 should be retrieved. 2393 2394 Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html 2395 2396Dan Fandrich (18 Feb 2014) 2397- axtls: comment the call ssl_read repeatedly loop 2398 2399Kamil Dudka (18 Feb 2014) 2400- curl.1: update the description of --tlsv1 2401 2402 ... and mention the --tlsv1.[0-2] options in the --tslv1 entry 2403 2404 Reported-by: Hubert Kario 2405 2406Daniel Stenberg (18 Feb 2014) 2407- curl_version.3: recommend using curl_version_info() instead 2408 2409- curl_version_info.3: added *HTTP2 2410 2411 ... and edited language slightly 2412 2413- curl_multi_assign.3: updated language 2414 2415- libcurl.3: edited slightly to improve readability 2416 2417- curl_easy_perform.3: extended and clarified 2418 2419- curl_multi_add_handle.3: clarify multi vs easy use 2420 2421 it is only WHILE added to a multi handle that it can't be used with the 2422 easy interface 2423 2424- [Tatsuhiro Tsujikawa brought this change] 2425 2426 http2: Support HTTP POST/PUT 2427 2428 This patch enables HTTP POST/PUT in HTTP2. 2429 We disabled Expect header field and chunked transfer encoding 2430 since HTTP2 forbids them. 2431 In HTTP1, Curl sends small upload data with request headers, but 2432 HTTP2 requires upload data must be in DATA frame separately. 2433 So we added some conditionals to achieve this. 2434 2435- RELEASE-NOTES: synced with 854aca5420f 2436 2437- multi: ignore sigpipe internally 2438 2439 When the multi API is used we must also ignore SIGPIPE signals when 2440 caused by things we do, like they can easily be generated by OpenSSL. 2441 2442Dan Fandrich (17 Feb 2014) 2443- tests: Made the crypto test feature usable 2444 2445 This feature specifies the availability of cryptographic 2446 authentication, which can be disabled at compile-time 2447 2448- configure: Fix the --disable-crypto-auth option 2449 2450 It now disables NTLM and GSS authentication methods, and produces 2451 compilable code when SSL is enabled. 2452 2453Daniel Stenberg (17 Feb 2014) 2454- curl_multi_setopt.3: clarify CURLMOPT_MAXCONNECTS 2455 2456- [Shao Shuchao brought this change] 2457 2458 ConnectionDone: default maxconnects to 4 x number of easy handles 2459 2460 ... as documented! 2461 2462- examples: remove all use of CURLM_CALL_MULTI_PERFORM 2463 2464 ... since it is never returned since a long while back. 2465 2466- [Colin Hogben brought this change] 2467 2468 curl_easy_setopt.3: Add another non-matching hostname 2469 2470 For the avoidance of doubt, show a domain which contains the no-proxy 2471 pattern but not at the top level. 2472 2473- axtls: bump copyright year 2474 2475- [Fabian Frank brought this change] 2476 2477 axtls: call ssl_read repeatedly 2478 2479 Perform more work in between sleeps. This is work around the 2480 fact that axtls does not expose any knowledge about when work needs 2481 to be performed. Depending on connection and how often perform is 2482 being called this can save ~25% of time on SSL handshakes (measured 2483 on 20ms latency connection calling perform roughly every 10ms). 2484 2485- [Yehezkel Horowitz brought this change] 2486 2487 url_easy_setopt.3: Add undocumented values of curl_infotype 2488 2489 ... for debug function 2490 2491- ConnectionExists: re-use connections better 2492 2493 When allowing NTLM, the re-use connection logic was too focused on 2494 finding an existing NTLM connection to use and didn't properly allow 2495 re-use of other ones. This made the logic not re-use perfectly re-usable 2496 connections. 2497 2498 Added test case 1418 and 1419 to verify. 2499 2500 Regression brought in 8ae35102c (curl 7.35.0) 2501 2502 Reported-by: Jeff King 2503 Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213 2504 2505Steve Holme (16 Feb 2014) 2506- tool_paramhlp: Added URL index to password prompt for multiple operations 2507 2508Marc Hoersken (16 Feb 2014) 2509- sockfilt.c: add undefs which are required after 6239146e 2510 2511Steve Holme (16 Feb 2014) 2512- warnless: Updated copyright year for recent changes 2513 2514Marc Hoersken (16 Feb 2014) 2515- warnless: add wrapper function for read and write on Windows 2516 2517Steve Holme (16 Feb 2014) 2518- examples: Added IMAP LSUB example 2519 2520- tool_operate: Changed the required argument check/get to be upfront 2521 2522 Rather than check for required arguments, and prompt for any host and 2523 proxy passwords, as each operation is performed, changed the code so 2524 all configurations are checked before any operations are performed. 2525 2526 This allows the user to input all the required passwords, for example, 2527 upfront rather than wait for each operation. 2528 2529- tool_operate: Moved required argument getting into separate function 2530 2531Dan Fandrich (15 Feb 2014) 2532- valgrind: added another test 165 suppression 2533 2534 This one is needed with the gcc options -fstack-protector-all -O2 2535 That brings the number of suppressions for test 165 to four, and I 2536 suspect I could find another two missing without trying very hard. I'm 2537 beginning to think suppressions isn't the best way to handle these 2538 kinds of cases. 2539 2540Marc Hoersken (15 Feb 2014) 2541- testsuite: more Windows line-endings fixes 2542 2543- test1114: fix line-endings checks on Windows after 75f00de 2544 2545- test1113: fix line-endings checks on Windows after 75f00de5 2546 2547- lib1515.c: Added support for Windows using the Sleep function 2548 2549- HTTP tests: use CRLF as header seperator according to RFC 2616 2550 2551 Updates the test suite to handle binary-mode header output. 2552 2553- curl: output protocol headers using binary mode 2554 2555 Since protocol headers contain explicit line-endings there should 2556 be no automatic conversion to ASCII text or CRLF line-endings. 2557 2558 This might break third party tools that already depend on this 2559 behaviour. We might need to introduce an option to make this optional. 2560 2561- HTTP tests: use CRLF as header seperator according to RFC 2616 2562 2563 Changes LF to CRLF and disables automatic output conversion. 2564 2565- testsuite: use binary output mode for custom curl test tools 2566 2567 Do not try to convert line-endings to CRLF on Windows by setting stdout 2568 to binary mode, just like the curl tool does if --ascii is not specified. 2569 2570 This should prevent corrupted stdout line-ending output like CRCRLF. 2571 2572 In order to make the previously naive text-aware tests work with 2573 binary mode on Windows, text-mode is disabled for them if it is not 2574 actually part of the test case and line-endings are corrected. 2575 2576- testsuite: changed HTTP and RTSP header line-endings to CRLF 2577 2578 According to RFC 2616 and RFC 2326 individual protocol elements, like 2579 headers and except the actual content, are terminated by using CRLF. 2580 2581 Therefore the test data files for these protocols need to contain 2582 mixed line-endings if the actual protocol elements use CRLF while 2583 the file uses LF. 2584 2585Daniel Stenberg (14 Feb 2014) 2586- [Colin Hogben brought this change] 2587 2588 curl_easy_setopt.3: Fix word order of CURLOPT_PROXY section 2589 2590 The word CURLOPT_PROXYPORT became detached from its sentence when the 2591 note about the default was added. 2592 2593Patrick Monnerat (14 Feb 2014) 2594- OS400: Add new options to RPG binding. 2595 2596Dan Fandrich (14 Feb 2014) 2597- valgrind: added suppression on optimized code 2598 2599 gcc 4.7.2 with -O2 will optimize Curl_connect by inlining some 2600 functions two levels deep, which makes the valgrind suppression 2601 fail to match. The underlying reason for these idna suppressions is 2602 a gcc strlen optimization when compiling libidn; compiling it with 2603 -fno-builtin-strlen makes this suppression unnecessary. 2604 2605Daniel Stenberg (14 Feb 2014) 2606- [Arvid Norberg brought this change] 2607 2608 dict: fix memory leak in OOM exit path 2609 2610 Bug: https://github.com/bagder/curl/pull/90 2611 2612- Curl_urldecode: don't allow NULL as receiver 2613 2614 For a function that returns a decoded version of a string, it seems 2615 really strange to allow a NULL pointer to get passed in which then 2616 prevents the decoded data from being returned! 2617 2618 This functionality was not documented anywhere either. 2619 2620 If anyone would use it that way, that memory would've been leaked. 2621 2622 Bug: https://github.com/bagder/curl/pull/90 2623 Reported-by: Arvid Norberg 2624 2625- RELEASE-NOTES: synced with 378af08c992 2626 2627- ConnectionExists: reusing possible HTTP+NTLM connections better 2628 2629 Make sure that the special NTLM magic we do is for HTTP+NTLM only since 2630 that's where the authenticated connection is a weird non-standard 2631 paradigm. 2632 2633 Regression brought in 8ae35102c (curl 7.35.0) 2634 2635 Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html 2636 Reported-by: Dan Fandrich 2637 2638- [Tiit Pikma brought this change] 2639 2640 transfer: make Expect: 100-continue timeout configurable. 2641 2642 Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the 2643 CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable. 2644 2645- [Thomas Braun brought this change] 2646 2647 Fix compilation with make mingw32 2648 2649 The source files from lib/vtls where generated in lib instead of lib/vtls. 2650 2651 Verified-by: Thomas Braun <thomas.braun@virtuell-zuhause.de> 2652 2653- chunked decoder: track overflows correctly 2654 2655 The code didn't properly check the return codes to detect overflows so 2656 it could trigger incorrectly. Like on mingw32. 2657 2658 Regression introduced in 345891edba (curl 7.35.0) 2659 2660 Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html 2661 Reported-by: LM 2662 2663- [Fabian Frank brought this change] 2664 2665 curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0 2666 2667- [Fabian Frank brought this change] 2668 2669 openssl: honor --[no-]alpn|npn command line switch 2670 2671 Disable ALPN or NPN if requested by the user. 2672 2673- [Fabian Frank brought this change] 2674 2675 gtls: honor --[no-]alpn command line switch 2676 2677 Disable ALPN if requested by the user. 2678 2679Dan Fandrich (11 Feb 2014) 2680- tests: Disabled broken test 1316 2681 2682 See http://curl.haxx.se/mail/lib-2014-02/0004.html for a 2683 discussion on the problem. 2684 2685Daniel Stenberg (11 Feb 2014) 2686- version: next release will become 7.36.0 2687 2688- curl_easy_setopt.3: add CURLOPT_SSL_ENABLE_ALPN/NPN 2689 2690Steve Holme (10 Feb 2014) 2691- tool_cfgable: Moved easy handle cleanup to fix pingpong logout issues 2692 2693 Commmit c5f8e2f5f4 removed the easy handle clean-up from tool_operate, 2694 letting the code that was already present in free_config_fields() 2695 perform the task. Unfortunately, this wasn't the correct place to do 2696 this as it broke protocols, that would perform a logout, as the main 2697 clean-up in tool_main had already been called. 2698 2699Dan Fandrich (10 Feb 2014) 2700- secureserver: Only set stunnel FIPS option when available 2701 2702 It seems the fips config option causes an error if FIPS mode was 2703 not enabled at stunnel compile-time. FIPS support was disabled 2704 by default in stunnel 5.00, so this is probably really only needed 2705 on versions between 4.32 and 5.00. 2706 2707Daniel Stenberg (10 Feb 2014) 2708- [Fabian Frank brought this change] 2709 2710 NPN/ALPN: allow disabling via command line 2711 2712 when using --http2 one can now selectively disable NPN or ALPN with 2713 --no-alpn and --no-npn. for now honored with NSS only. 2714 2715 TODO: honor this option with GnuTLS and OpenSSL 2716 2717- [Fabian Frank brought this change] 2718 2719 nss: use correct preprocessor macro 2720 2721 SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection, 2722 but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a 2723 preprocessor macro. 2724 2725Steve Holme (9 Feb 2014) 2726- tests: Added test for IMAP LSUB command 2727 2728- tests: Removed test 807 as it has been superseded by tests 815 and 816 2729 2730- tests: Updated the titles of tests 815 and 816 2731 2732Daniel Stenberg (9 Feb 2014) 2733- tool_metalink: fix compiler warning when built without metalink 2734 2735Steve Holme (9 Feb 2014) 2736- tool_operate: Move the trace and error file closure to tool_cfgable 2737 2738- TODO: Removed url-specific options 2739 2740- tests: Re-enabled IMAP tests that require URL specific option support 2741 2742- RELEASE-NOTES: Synced with 8e62f7a6503a 2743 2744Marc Hoersken (9 Feb 2014) 2745- secureserver: FIPS option is only supported since stunnel 5.00 2746 2747Steve Holme (9 Feb 2014) 2748- tool_operate: Added support for performing URL specific operations 2749 2750- tool_operate: Let curl handle cleanup take place in config_free() 2751 2752Dan Fandrich (9 Feb 2014) 2753- formdata: Must use Curl_safefree instead of free 2754 2755Daniel Stenberg (8 Feb 2014) 2756- test96: updated according to recent changes 2757 2758- runtests: allow <strippart> to remove lines 2759 2760 For verify file, if the strippart condition removes the line completely 2761 it is now removed from the array. 2762 2763Steve Holme (8 Feb 2014) 2764- tool_getparam: Added support for parsing of specific URL options 2765 2766Dan Fandrich (8 Feb 2014) 2767- secureserver: Disable FIPS mode for stunnel 2768 2769 It's unnecessary for curl testing, and it can otherwise cause 2770 stunnel to fail to start if OpenSSL doesn't support FIPS mode. 2771 2772- formdata: Fixed memory leak on OOM condition 2773 2774- runtests: Disable valgrind when debugging 2775 2776 This was already mostly being done, except that analysis after the 2777 test still assumed that the valgrind log files would be available. An 2778 alternative way to handle the valgrind + gdb combination could be to 2779 enable one of the valgrind debugger hooks. 2780 2781Steve Holme (7 Feb 2014) 2782- tool_cfgable: For consistency renamed init_config() to config_init() 2783 2784- tool_cfgable: Introduced config_free() function 2785 2786Daniel Stenberg (7 Feb 2014) 2787- --help: add missing --tlsv1.x options 2788 2789Steve Holme (7 Feb 2014) 2790- lib1515.c: Fixed various compilation warnings 2791 2792 lib1515.c:38:26 warning: unused parameter 'curl' 2793 lib1515.c:38:81 warning: unused parameter 'ptr' 2794 lib1515.c:38:5 warning: no previous prototype for 'debug_callback' 2795 lib1515.c:46:5 warning: no previous prototype for 'do_one_request' 2796 lib1515.c:120:3 warning: ISO C90 forbids mixed declarations and code 2797 2798 As well as some code policing such as white space and braces. 2799 2800Daniel Stenberg (7 Feb 2014) 2801- http2: updated README after NSS addition 2802 2803 Changed the support to a little matrix and added brief explanation of 2804 what ALPN and NPN are for. 2805 2806- nss: support pre-ALPN versions 2807 2808- [Fabian Frank brought this change] 2809 2810 nss: ALPN and NPN support 2811 2812 Add ALPN and NPN support for NSS. This allows cURL to negotiate 2813 HTTP/2.0 connections when built with NSS. 2814 2815- formpost: use semicolon in multipart/mixed 2816 2817 Not comma, which is an inconsistency and a mistake probably inherited 2818 from the examples section of RFC1867. 2819 2820 This bug has been present since the day curl started to support 2821 multipart formposts, back in the 90s. 2822 2823 Reported-by: Rob Davies 2824 Bug: http://curl.haxx.se/bug/view.cgi?id=1333 2825 2826Dan Fandrich (6 Feb 2014) 2827- tests: Document use of the MEMDEBUG_LOG_SYNC macro 2828 2829- ssh: Fixed a NULL pointer dereference on OOM condition 2830 2831Steve Holme (6 Feb 2014) 2832- nss: Updated copyright year for recent edits 2833 2834Daniel Stenberg (6 Feb 2014) 2835- [Remi Gacogne brought this change] 2836 2837 100-continue: fix timeout condition 2838 2839 When using the multi socket interface, libcurl calls the 2840 curl_multi_timer_callback asking to be woken up after 2841 CURL_TIMEOUT_EXPECT_100 milliseconds. 2842 2843 After the timeout has expired, calling curl_multi_socket_action with 2844 CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired 2845 timeouts. When handling the 100-continue one, the following check in 2846 Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds 2847 passed since the timeout has been set! 2848 2849 It seems logical to consider that having waited for exactly 2850 CURL_TIMEOUT_EXPECT_100 ms is enough. 2851 2852 Bug: http://curl.haxx.se/bug/view.cgi?id=1334 2853 2854- [Fabian Frank brought this change] 2855 2856 nss: prefer highest available TLS version 2857 2858 Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 2859 if --tlsv1[.N] was not specified on the command line. 2860 2861- [Romulo A. Ceccon brought this change] 2862 2863 tests: add test for bug #1327 (dns cache timeout) 2864 2865 Fix for bug #1303 (030a2b8cb) was not complete. 2866 libcurl still pruned DNS entries added manually 2867 after detecting a dead connection. This test 2868 checks such behavior. 2869 2870- [Romulo A. Ceccon brought this change] 2871 2872 tests: add test for bug #1303 (dns cache timeout) 2873 2874 Test-case 1515 reproduces bug #1303, where libcurl 2875 would incorrectly prune DNS entries added via 2876 CURLOPT_RESOLVE after the DNS_CACHE_TIMEOUT had 2877 expired. 2878 2879- http2: spell fixed README and added version requirement 2880 2881Steve Holme (6 Feb 2014) 2882- tool_operate: Removed unused argument parameters from operate_do() 2883 2884- tool_operate: Moved list SSL engines code into operate() 2885 2886- tool_operate: Moved argument parsing into operate() 2887 2888Daniel Stenberg (5 Feb 2014) 2889- runtests: add suppression generator help 2890 2891 Leave the valgrind --gen-suppressions option in there, commented, to 2892 make it easier for next update. 2893 2894- valgrind: updated suppressions file 2895 2896 The call stack was modified in 2dc7ad23 so the supressions didn't work 2897 anymore. 2898 2899- runtests: detect 'ares' better 2900 2901 ... caused false detections of the threaded resolver otherwise 2902 2903Steve Holme (5 Feb 2014) 2904- tool_operate: Moved .curlrc parsing code into operate() 2905 2906- tool_operate: Moved locale setup code into operate_init() 2907 2908Daniel Stenberg (5 Feb 2014) 2909- http2: minor update of the README 2910 2911- [Fabian Frank brought this change] 2912 2913 http2: rely on content-encoding header 2914 2915 A server might respond with a content-encoding header and a response 2916 that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the 2917 client did not send an accept-encoding header earlier. The server might 2918 not send a content-encoding header if the identity encoding was used to 2919 encode the response. 2920 2921 See: 2922 http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3 2923 2924Dan Fandrich (4 Feb 2014) 2925- tool_operate: shortened too-long source line 2926 2927Steve Holme (4 Feb 2014) 2928- tool_operate: Introduced operate_free() function 2929 2930- tool_operate: Introduced operate_init() function 2931 2932- tool_operate: Introduced new operate() function 2933 2934Daniel Stenberg (4 Feb 2014) 2935- http2: enforce gzip auto-decompress 2936 2937 As this is mandated by the http2 spec draft-09 2938 2939- [Tatsuhiro Tsujikawa brought this change] 2940 2941 http2: handle incoming data larger than remaining buffer 2942 2943- [Tatsuhiro Tsujikawa brought this change] 2944 2945 http2: Check stream ID we are interested in 2946 2947- [Tatsuhiro Tsujikawa brought this change] 2948 2949 http2: store response header in temporary buffer 2950 2951- [Tatsuhiro Tsujikawa brought this change] 2952 2953 HTTP2: add layer between existing http and socket(TLS) layer 2954 2955 This patch chooses different approach to integrate HTTP2 into HTTP curl 2956 stack. The idea is that we insert HTTP2 layer between HTTP code and 2957 socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade), 2958 we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the 2959 original callbacks in http_conn struct. When sending serialized data by 2960 nghttp2, we use original Curl_send callback. Likewise, when reading data 2961 from network, we use original Curl_recv callback. In this way we can 2962 treat both TLS and non-TLS connections. 2963 2964 With this patch, one can transfer contents from https://twitter.com and 2965 from nghttp2 test server in plain HTTP as well. 2966 2967 The code still has rough edges. The notable one is I could not figure 2968 out how to call nghttp2_session_send() when underlying socket is 2969 writable. 2970 2971- [Fabian Frank brought this change] 2972 2973 gtls: add ALPN support 2974 2975 Add ALPN support when using GnuTLS >= 3.2.0. This allows 2976 libcurl to negotiate HTTP/2.0 for https connections when 2977 built with GnuTLS. 2978 2979 See: 2980 http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029 2981 http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 2982 2983Steve Holme (3 Feb 2014) 2984- tool_operate: Moved libcurl information gathering to tool_main 2985 2986Daniel Stenberg (3 Feb 2014) 2987- [Fabian Frank brought this change] 2988 2989 openssl: add ALPN support 2990 2991 Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the 2992 server, who can respond with either one or none of the two. OpenSSL >= 2993 1.0.2 is required, which means as of today obtaining a snapshot from 2994 ftp://ftp.openssl.org/snapshot/. 2995 2996 See: 2997 http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 2998 https://github.com/openssl/openssl/blob/ba168244a14bbd056e502d7daa04cae4aabe9d0d/ssl/ssl_lib.c#L1787 2999 3000Steve Holme (3 Feb 2014) 3001- tool_operate: Moved command line argument parsing into separate function 3002 3003- tool_operate: Simplified parse .curlrc decision logic 3004 3005- tool_operate: Moved main initialisation and cleanup code into tool_main 3006 3007- tool_main: Fixed compilation warning from commit 0104678c79 3008 3009 no previous prototype for function 'memory_tracking_init' 3010 3011- tool_main: Changed stack based config struct to be heap based 3012 3013Dan Fandrich (3 Feb 2014) 3014- tests: Moved some comments so the test data files parse as XML 3015 3016Steve Holme (2 Feb 2014) 3017- tool_operate: Moved memory tracking initialisation into tool_main 3018 3019- tests: Fixed test172 cookie expiry 3020 3021 The test contains a cookie jar file where one of the cookies has an 3022 expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has 3023 now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test 3024 179. 3025 3026 Reported-by: Adam Sampson 3027 Bug: http://curl.haxx.se/bug/view.cgi?id=1330 3028 3029- tool_operate: Moved initial config setup into new init_config() function 3030 3031- tool_main: Moved config struct initialisation into a separate function 3032 3033 In preparation for adding URL specific options moved the initialisation 3034 of the Configurable structure into a separate function in tool_cfgable. 3035 3036Marc Hoersken (1 Feb 2014) 3037- test 500: workaround low timer resolution on Windows 3038 3039 Since the timer resolution is lower, there are actually cases that 3040 the compared values are equal. Therefore we check for previous 3041 timestamps being greater than the current one instead. 3042 3043- test suite: stop conversion of valid output to CRLF on Windows 3044 3045 Since the output isn't actually being written in text-mode and it 3046 was rather used as a workaround, disable text-mode for these tests. 3047 3048- HTTP tests: use CRLF as header seperator according to RFC 2616 3049 3050- FTP tests: enable text-mode for more datacheck sections 3051 3052- FTP tests: enable text-mode for data and datacheck sections 3053 3054- runtests.pl: added support for text-mode within datacheck section 3055 3056- ftpserver.pl: directory LISTings use [CR][LF] for ASCII transfer 3057 3058 According to section 2.2 of RFC959 the End-of-Line is defined as: 3059 The end-of-line sequence defines the separation of printing 3060 lines. The sequence is Carriage Return, followed by Line Feed. 3061 3062 Verified by sniffing traffic between a Windows FTP client (FileZilla) 3063 and Unix-hosted FTP server (ProFTPD). 3064 3065- runtests.pl: reverse line-ending conversion on Windows 3066 3067 It makes more sense to convert the expected output to [CR][LF] on 3068 Windows than to force the actual, probably correct, output to [LF]. 3069 3070 This way it is actually possible to see if curl outputs the correct 3071 line-ending excepted by a text-aware test case. 3072 3073- winssl: improved default SSL/TLS protocol selection 3074 3075 For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 3076 if it is not explicitly enabled within grbitEnabledProtocols. 3077 3078 More information can be found on MSDN: 3079 http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx 3080 3081Steve Holme (31 Jan 2014) 3082- INSTALL: Corrected mentioned version number as release 7.34.1 became 7.35.0 3083 3084- RELEASE-NOTES: Synced with 0f213fdca1 3085 3086Dan Fandrich (31 Jan 2014) 3087- pipeline: Fixed a NULL pointer dereference on OOM 3088 3089- tests: make the authorization retry tests pass the torture tests 3090 3091- ftp: fixed a memory leak on wildcard error path 3092 3093- netrc: Fixed a memory leak in an OOM condition 3094 3095Steve Holme (30 Jan 2014) 3096- ntlm: Fixed a memory leak when using NTLM with a proxy server 3097 3098- tests: Missed updating a type-3 message in commit 1c9aaa0bac 3099 3100Daniel Stenberg (30 Jan 2014) 3101- http2: fix size check in on_data_chunk_recv 3102 3103- http2: add CRLF when first data arrives 3104 3105Steve Holme (30 Jan 2014) 3106- tests: Updated NTLM tests for NTLMv2 type-3 message 3107 3108Daniel Stenberg (30 Jan 2014) 3109- [Tatsuhiro Tsujikawa brought this change] 3110 3111 http2_recv: Return written length on CURLE_AGAIN 3112 3113- [Tatsuhiro Tsujikawa brought this change] 3114 3115 http2: Use nghttp2_session_mem_recv and nghttp2_session_upgrade 3116 3117- http2: call it "HTTP 2" and not 2.0 3118 3119 The minor version will be dropped for HTTP 2 so it will make sense to 3120 avoid using it in option names etc. 3121 3122- http2: basic version of receiving DATA 3123 3124- http2: convert HEADER frames to HTTP1-like headers 3125 3126 ... and then go through the "normal" HTTP engine. 3127 3128- http2: fix EWOULDBLOCK in recv_callback() 3129 3130- http2: do the POST Upgrade dance properly 3131 3132Steve Holme (30 Jan 2014) 3133- ntlm: Use static client nonce for the test suite 3134 3135Daniel Stenberg (30 Jan 2014) 3136- http2.h: provide empty macros for non-http2 builds 3137 3138- [Fabian Frank brought this change] 3139 3140 http2: switch into http2 mode if NPN indicates 3141 3142 Check the NPN result before preparing an HTTP request and switch into 3143 HTTP/2.0 mode if necessary. This is a work in progress, the actual code 3144 to prepare and send the request using nghttp2 is still missing from 3145 Curl_http2_send_request(). 3146 3147- http2: s/Curl_http2_request/Curl_http2_request_upgrade 3148 3149 To better reflect its purpose 3150 3151- http2-openssl: verify that NPN functionality is present 3152 3153- [Fabian Frank brought this change] 3154 3155 openssl: set up hooks with to perform NPN 3156 3157 NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0 3158 connections. It is expected to be replaced by ALPN in the future. If 3159 HTTP/2.0 is negotiated, this is indicated for the entire connection and 3160 http.c is expected to initialize itself for HTTP/2.0 instead of 3161 HTTP/1.1. 3162 3163 see: 3164 http://technotes.googlecode.com/git/nextprotoneg.html 3165 http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 3166 3167- http2: added stubs for all nghttp2 callbacks 3168 3169 This makes it easier to trace what's happening. 3170 3171- http2: use FIRSTSOCKET instead of 0 to index the sockets array 3172 3173- http2: receive and log the received header frames 3174 3175- http2_recv: log nghttp2 return codes for debugging purposes 3176 3177- HTTP2: reject nghttp2 versions before 0.3.0 3178 3179- [Gisle Vanem brought this change] 3180 3181 http2: adjusted to newer nghttp2_session_callbacks struct 3182 3183 the number of elements in the 'nghttp2_session_callbacks' structure is 3184 now reduced by 2 in version 0.3.0 (I'm not sure when the change 3185 happened, but checking for ver 0.3.0 work for me). 3186 3187- [Gisle Vanem brought this change] 3188 3189 HTTP2: Wrong NgHTTP2 user-data 3190 3191 Something is wrong in 'userp' for the HTTP2 recv_callback(). The 3192 session is created using bogus user-data; '&conn' and not 'conn'. 3193 3194 I noticed this since the socket-value in Curl_read_plain() was set to a 3195 impossible high value. 3196 3197- NTLM: error: conversion to 'int' from 'long int' may alter its value 3198 3199 Fixed two compiler nits 3200 3201Steve Holme (29 Jan 2014) 3202- ntlm: Coding style policing dating back to 2011 3203 3204- ntlm: Use a timestamp of 01/01/1970 for the test suite 3205 3206- ntlm: Updated Curl_ntlm_core_mk_ntlmv2_resp() to use local variables 3207 3208 ...until the function is successful when it returns them in the out 3209 parameters. 3210 3211- ntlm: Added cross platform support for writing NTLMv2 timestamp in buffer 3212 3213 Added conversion functions write32_le() and write64_le() to ensure the 3214 NTLMv2 timestamp is always written in little-endian. 3215 3216- [Prash Dush brought this change] 3217 3218 ntlm: Added support for NTLMv2 3219 3220Kamil Dudka (29 Jan 2014) 3221- nss: do not use the NSS_ENABLE_ECC define 3222 3223 It is not provided by NSS public headers. 3224 3225 Bug: https://bugzilla.redhat.com/1058776 3226 3227- nss: do not fail if NSS does not implement a cipher 3228 3229 ... that the user does not ask for 3230 3231Daniel Stenberg (29 Jan 2014) 3232- http2: switch recv/send functions to http2 ones after 101 3233 3234- http2: handle 101 responses and switch to HTTP2 3235 3236- examples: gitignore more binaries 3237 3238- bump: start working on 7.35.1 3239 3240- THANKS: 19 new contributors from the 7.35.0 release notes 3241 3242Version 7.35.0 (29 Jan 2014) 3243 3244Daniel Stenberg (29 Jan 2014) 3245- RELEASE-NOTES: done for 7.35.0 3246 3247Dan Fandrich (29 Jan 2014) 3248- tests: make a few lib15?? tests pass the OOM torture tests 3249 3250- lib1900: make the test pass the OOM torture tests 3251 3252- oauth2: Fixed a memory leak in an OOM condition 3253 3254- unit1304: make the test pass the OOM torture tests 3255 3256- unit1396: make the test pass the OOM torture tests 3257 3258Daniel Stenberg (28 Jan 2014) 3259- [Romulo A. Ceccon brought this change] 3260 3261 hostip: don't remove DNS entries that are in use 3262 3263 hostcache_timestamp_remove() should remove old *unused* entries from the 3264 host cache, but it never checked whether the entry was actually in 3265 use. This complements commit 030a2b8cb. 3266 3267 Bug: http://curl.haxx.se/bug/view.cgi?id=1327 3268 3269Dan Fandrich (28 Jan 2014) 3270- RELEASE-NOTES: changed encoding to UTF-8 like previous releases 3271 3272Daniel Stenberg (28 Jan 2014) 3273- TFTP: fix crash on time-out 3274 3275 tftp_done() can get called with its TFTP state pointer still being NULL 3276 on an early time-out, which caused a segfault when dereferenced. 3277 3278 Reported-by: Glenn Sheridan 3279 Bug: http://curl.haxx.se/mail/lib-2014-01/0246.html 3280 3281Steve Holme (28 Jan 2014) 3282- RELEASE-NOTES: Synced with 5a47062cada9 3283 3284Daniel Stenberg (28 Jan 2014) 3285- [Maks Naumov brought this change] 3286 3287 getpass: fix password parsing from console 3288 3289 Incorrect password if use backspace while entered the password. 3290 3291 Regression from f7bfdbabf2d5398f4c266eabb0992a04af661f22 3292 3293 The '?:' operator has lower priority than the '-' operator 3294 3295Dan Fandrich (26 Jan 2014) 3296- docs/INSTALL: Updated example minimal binary sizes 3297 3298Marc Hoersken (26 Jan 2014) 3299- testsuite: visualize line-endings in output comparison diffs 3300 3301- sockfilt.c: follow up cleanup commit on 49b63cf3 3302 3303- http-pipe tests: use text as output data mode to support Windows 3304 3305- sockfilt.c: fixed and simplified Windows select function 3306 3307 Since the previous complex select function with initial support for 3308 non-socket file descriptors, did not actually work correctly for 3309 Console handles, this change simplifies the whole procedure by using 3310 an internal waiting thread for the stdin console handle. 3311 3312 The previous implementation made it continuously trigger for the stdin 3313 handle if it was being redirected to a parent process instead of 3314 an actual Console input window. 3315 3316 This approach supports actual Console input handles as well as 3317 anonymous Pipe handles which are used during input redirection. 3318 3319 It depends on the fact that ReadFile supports trying to read zero bytes 3320 which makes it wait for the handle to become ready for reading. 3321 3322- http_pipe.py: replaced epoll with select to support Windows 3323 3324 Removed Unix-specific functionality in order to support Windows: 3325 - select.epoll replaced with select.select 3326 - SocketServer.ForkingMixIn replaced with SocketServer.ForkingMixIn 3327 - socket.MSG_DONTWAIT replaced with socket.setblocking(False) 3328 3329 Even though epoll has a better performance and improved socket handling 3330 than select, this change should not affect the actual test case. 3331 3332Dan Fandrich (25 Jan 2014) 3333- tests: Added missing HTTP proxy keywords 3334 3335- tests: added missing <features> http to a number of tests 3336 3337- tests: Added a keyword for tests depending on internal info logs 3338 3339- runtests: Don't log command every torture iteration in verbose 3340 3341- tests: Added missing http feature to tests 509 & 1513 3342 3343- netrc: Fixed a memory and file descriptor leak on OOM 3344 3345- test1514: Used the macros for host and port number 3346 3347- multi: Fixed a memory leak on OOM condition 3348 3349Daniel Stenberg (23 Jan 2014) 3350- curl_easy_setopt.3: remove what auth types that work for CURLOPT_PROXYAUTH 3351 3352 The list was out of date and the paragraph already refers to the 3353 CURLOPT_HTTPAUTH explanation. All the auth bits are explained properly 3354 there. 3355 3356 It also removes the ambiguity for what the "added" phrase refers to. 3357 3358 This change based on pull request #85 on github 3359 3360 URL: https://github.com/bagder/curl/pull/85 3361 Reported-by: gnawhleinad 3362 3363Dan Fandrich (22 Jan 2014) 3364- test1514: Got rid of a non-const initializer C99ism 3365 3366Steve Holme (21 Jan 2014) 3367- RELEASE-NOTES: added another missing bug ref 3368 3369Daniel Stenberg (21 Jan 2014) 3370- RELEASE-NOTES: added missing bug ref 3371 3372- [Fabian Frank brought this change] 3373 3374 axtls: fix compiler warning on conversion ssize_t => int 3375 3376- [Fabian Frank brought this change] 3377 3378 SFTP: stat remote file also when CURLOPT_NOBODY is 1 3379 3380 Make it possible to call 3381 curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize) 3382 and related functions on remote sftp:// files, without downloading them. 3383 3384 Reported-by: Yingwei Liu 3385 Bug: http://curl.haxx.se/mail/lib-2014-01/0139.html 3386 3387- RELEASE-NOTES: synced with 12ecd56da77 3388 3389- contributors.sh: output list RELEASE-NOTES formatted 3390 3391- [Cédric Deltheil brought this change] 3392 3393 test1514: added - no more negative Content-Length (HTTP POST) 3394 3395 This covers changes from commit afd288b2. 3396 3397- [Cédric Deltheil brought this change] 3398 3399 HTTP POST: omit Content-Length if data size is unknown 3400 3401 This prevents sending a `Content-Length: -1` header, e.g this ocurred 3402 with the following combination: 3403 3404 * standard HTTP POST (no chunked encoding), 3405 * user-defined read function set, 3406 * `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set. 3407 3408 With this fix it now behaves like HTTP PUT. 3409 3410- [Fabian Frank brought this change] 3411 3412 disable GnuTLS insecure ciphers 3413 3414 Make GnuTLS old and new consistent, specify the desired protocol, cipher 3415 and certificate type in always in both modes. Disable insecure ciphers 3416 as reported by howsmyssl.com. Honor not only --sslv3, but also the 3417 --tlsv1[.N] switches. 3418 3419 Related Bug: http://curl.haxx.se/bug/view.cgi?id=1323 3420 3421- curl_getdate.3: edited, removed references to pre 7.12.2 functionality 3422 3423- gtls: fix compiler warnings on conversions size_t => unsigned int 3424 3425Steve Holme (19 Jan 2014) 3426- tool: Fixed incorrect return code if password prompting runs out of memory 3427 3428 Due to the changes in commit 3c929ff9f6ea and lack of subsequent 3429 updates, curl could return a CURLE_FTP_ACCEPT_FAILED error if 3430 checkpasswd() ran out of memory in versions 7.33.0 and 7.34.0. 3431 3432 Updated the function declaration and return code to return 3433 CURLE_OUT_OF_MEMORY and CURLE_OK where appropriate. 3434 3435- RELEASE-NOTES: Synced with 2cac75c4e400 3436 3437- http_chunks.c: Fixed compilation warnings under some 32-bit systems 3438 3439 conversion from 'curl_off_t' to 'size_t', possible loss of data 3440 3441 Where curl_off_t is a 64-bit word and size_t is 32-bit - for example 3442 with 32-bit Windows builds. 3443 3444- tool: Fixed incorrect return code if command line parser runs out of memory 3445 3446 In the rare instance where getparameter() may return PARAM_NO_MEM whilst 3447 parsing a URL, cURL would return this error code, which is equivalent to 3448 CURLE_FTP_ACCEPT_FAILED in cURL error codes terms. 3449 3450 Instead, return CURLE_FAILED_INIT and output the failure reason as per 3451 the other usage of getparameter(). 3452 3453Daniel Stenberg (18 Jan 2014) 3454- [Tobias Markus brought this change] 3455 3456 Subject: progress bar: increase update frequency to 10Hz 3457 3458 Increasing the update frequency of the progress bar to 10Hz greatly 3459 improves the visual appearance of the progress bar (at least in my 3460 impression). 3461 3462 Signed-off-by: Tobias Markus <tobias@markus-regensburg.de> 3463 3464- [Tobias Markus brought this change] 3465 3466 progress bar: always update when at 100% 3467 3468 Currently, the progress bar is updated at 5Hz. Because it is often not 3469 updated to 100% when the download is finished and curl exits, the bar 3470 is often "stuck" at 90-something, thus irritating the user. 3471 3472 This patch fixes this by always updating the progress bar (instead of 3473 waiting for 200ms to have elapsed) while the download is finished but 3474 curl has not yet exited. This should not greatly affect performance 3475 because that moment is rather short. 3476 3477 Signed-off-by: Tobias Markus <tobias@markus-regensburg.de> 3478 3479Steve Holme (18 Jan 2014) 3480- win32: Added additional preprocessor check for Version Helper API 3481 3482 A follow up patch to commit d2671340a613 as _WIN32_WINNT_WIN2K and 3483 _WIN32_WINNT_WIN2K may not be defined on all systems. 3484 3485- win32: Corrected the preprocessor check for Version Helper API 3486 3487 Following some auto build failures after commit c7a76bb056f31e changed 3488 the preprocessor check to use _WIN32_WINNT. 3489 3490Daniel Stenberg (17 Jan 2014) 3491- cookie: max-age fixes 3492 3493 1 - allow >31 bit max-age values 3494 3495 2 - don't overflow on extremely large max-age values when we add the 3496 value to the current time 3497 3498 3 - make sure max-age takes precedence over expires as dictated by 3499 RFC6265 3500 3501 Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html 3502 Reported-by: Chen Prog 3503 3504- test1417: verify chunked-encoding transfer without CR 3505 3506 As was introduced in 8f6b4be8af04 3507 3508- chunked parsing: relax the CR strictness 3509 3510 Allow for chunked-encoding data to get parsed with only LF line endings. 3511 This is allowed by browsers. 3512 3513- test1416: verify the chunked size overflow detection 3514 3515- chunked-parser: abort on overflows, allow 64 bit chunks 3516 3517Dan Fandrich (17 Jan 2014) 3518- Fixed some XML syntax issues in the test data 3519 3520 Also, make the ftp server return a canned response that doesn't 3521 cause XML verification problems. Although the test file format 3522 isn't technically XML, it's still handy to be able to use XML 3523 tools to verify and manipulate them. 3524 3525Daniel Stenberg (16 Jan 2014) 3526- [Michael Osipov brought this change] 3527 3528 configure: fix gssapi linking on HP-UX 3529 3530 The issue is with HP-UX that is comes with HP flavor of MIT 3531 Kerberos. This means that there is no krb5-config and the lib is called 3532 libgss.so 3533 3534 Bug: http://curl.haxx.se/bug/view.cgi?id=1321 3535 3536- Curl_cookie_add: remove 'now' from curl_getdate() call 3537 3538 The now argument is unused by curl_getdate() 3539 3540Steve Holme (15 Jan 2014) 3541- pop3-dele.c: Added missing CURLOPT_NOBODY following feedback 3542 3543Daniel Stenberg (16 Jan 2014) 3544- connect.c:942:84: warning: Longer than 79 columns 3545 3546Steve Holme (15 Jan 2014) 3547- connect.c: Corrected version compare in commit c7a76bb056f31e 3548 3549- RELEASE-NOTES: Synced with c7a76bb056f31e 3550 3551- win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 3552 3553 Starting with Visual Studio 2013 (VC12) and Windows 8.1 the 3554 GetVersionInfoEx() function has been marked as deprecated and it's 3555 return value atered. Updated connect.c and curl_sspi.c to use 3556 VerifyVersionInfo() where possible, which has been available since 3557 Windows 2000. 3558 3559Daniel Stenberg (14 Jan 2014) 3560- curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* 3561 3562- TODO: Allow SSL (HTTPS) to proxy 3563 3564- TODO: remove FTP proxy and more SSL libraries 3565 3566- TODO: Detect when called from witin callbacks 3567 3568Marc Hoersken (13 Jan 2014) 3569- secureserver.pl: follow up fix for 87ade5f 3570 3571 Since /dev/stdout is not always emulated on Windows, 3572 just skip the output option on Windows. 3573 3574 MinGW/msys support /dev/stdout only from a new login shell. 3575 3576Daniel Stenberg (13 Jan 2014) 3577- [Colin Hogben brought this change] 3578 3579 error message: Sensible message on timeout when transfer size unknown 3580 3581 A transfer timeout could result in an error message such as "Operation 3582 timed out after 3000 milliseconds with 19 bytes of -1 received". This 3583 patch removes the non-sensical "of -1" when the size of the transfer 3584 is unknown, mirroring the logic in lib/transfer.c 3585 3586Marc Hoersken (13 Jan 2014) 3587- secureserver.pl: added full support for tstunnel on Windows 3588 3589 tstunnel on Windows does not support the pid option and is unable 3590 to write to an output log that is already being used as a redirection 3591 target for stdout. Therefore it does now output all log data to stdout 3592 by default and secureserver.pl creates a fake pidfile on Windows. 3593 3594Steve Holme (12 Jan 2014) 3595- examples: Fixed compilation errors 3596 3597 error: 'MULTI_PERFORM_HANG_TIMEOUT' undeclared 3598 3599- imap-multi.c: Corrected typo 3600 3601- smtp-multi.c: Minor coding style tidyup following POP3 and IMAP additions 3602 3603- examples: Added IMAP multi example 3604 3605- pop3-multi.c: Corrected copy/paste typo 3606 3607- examples: Added POP3 multi example 3608 3609- examples: Added comments to SMTP multi example based on other MAIL examples 3610 3611- examples: Removed user information and TLS setup from SMTP multi example 3612 3613 Simplified the SMTP multi example as this example should demonstrate 3614 the differences the easy and multi interfaces rather than introduce new 3615 concepts such as user authentication and TLS which are shown in the TLS 3616 and SSL examples. 3617 3618- examples: Updated SMTP MAIL example to return libcurl result code 3619 3620- examples: Synchronised comments between SMTP MAIL examples 3621 3622- examples: Updated SMTP MAIL example to use a read function for data 3623 3624 Updated to read data from a callback rather than from stdio as this is 3625 more realistic to most use cases. 3626 3627Daniel Stenberg (12 Jan 2014) 3628- OpenSSL: deselect weak ciphers by default 3629 3630 By default even recent versions of OpenSSL support and accept both 3631 "export strength" ciphers, small-bitsize ciphers as well as downright 3632 deprecated ones. 3633 3634 This change sets a default cipher set that avoids the worst ciphers, and 3635 subsequently makes https://www.howsmyssl.com/a/check no longer grade 3636 curl/OpenSSL connects as 'Bad'. 3637 3638 Bug: http://curl.haxx.se/bug/view.cgi?id=1323 3639 Reported-by: Jeff Hodges 3640 3641- multi: remove MULTI_TIMEOUT_INACCURACY 3642 3643 With the recently added timeout "reminder" functionality, there's no 3644 reason left for us to execute timeout code before the time is 3645 ripe. Simplifies the handling too. 3646 3647 This will make the *TIMEOUT and *CONNECTTIMEOUT options more accurate 3648 again, which probably is most important when the *_MS versions are used. 3649 3650 In multi_socket, make sure to update 'now' after having handled activity 3651 on a socket. 3652 3653Steve Holme (11 Jan 2014) 3654- Makefile.dist: Added support for VC7 3655 3656 Currently VC7 and VC7.1 builds have to be ran with the VC variable set 3657 to vc6 which is not only inconsistent with the nmake winbuild system 3658 but also with newer versions of Visual Studio supported by this file. 3659 3660 Note: This doesn't break the build for anyone still running with the 3661 VC variable set to vc6 or not set (which defaults to vc6). 3662 3663- RELEASE-NOTES: Synced with 980659a2caa285 3664 3665Daniel Stenberg (10 Jan 2014) 3666- multi_socket: remind app if timeout didn't run 3667 3668 BACKGROUND: 3669 3670 We have learned that on some systems timeout timers are inaccurate and 3671 might occasionally fire off too early. To make the multi_socket API work 3672 with this, we made libcurl execute timeout actions a bit early too if 3673 they are within our MULTI_TIMEOUT_INACCURACY. (added in commit 3674 2c72732ebf, present since 7.21.0) 3675 3676 Switching everything to the multi API made this inaccuracy problem 3677 slightly more notable as now everyone can be affected. 3678 3679 Recently (commit 21091549c02) we tweaked that inaccuracy value to make 3680 timeouts more accurate and made it platform specific. We also figured 3681 out that we have code at places that check for fixed timeout values so 3682 they MUST NOT run too early as then they will not trigger at all (see 3683 commit be28223f35 and a691e044705) - so there are definitately problems 3684 with running timeouts before they're supposed to run. (We've handled 3685 that so far by adding the inaccuracy margin to those specific timeouts.) 3686 3687 The libcurl multi_socket API tells the application with a callback that 3688 a timeout expires in N milliseconds (and it explicitly will not tell it 3689 again for the same timeout), and the application is then supposed to 3690 call libcurl when that timeout expires. When libcurl subsequently gets 3691 called with curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...), it 3692 knows that the application thinks the timeout expired - and alas, if it 3693 is within the inaccuracy level libcurl will run code handling that 3694 handle. 3695 3696 If the application says CURL_SOCKET_TIMEOUT to libcurl and _isn't_ 3697 within the inaccuracy level, libcurl will not consider the timeout 3698 expired and it will not tell the application again since the timeout 3699 value is still the same. 3700 3701 NOW: 3702 3703 This change introduces a modified behavior here. If the application says 3704 CURL_SOCKET_TIMEOUT and libcurl finds no timeout code to run, it will 3705 inform the application about the timeout value - *again* even if it is 3706 the same timeout that it already told about before (although libcurl 3707 will of course tell it the updated time so that it'll still get the 3708 correct remaining time). This way, we will not risk that the application 3709 believes it has done its job and libcurl thinks the time hasn't come yet 3710 to run any code and both just sit waiting. This also allows us to 3711 decrease the MULTI_TIMEOUT_INACCURACY margin, but that will be handled 3712 in a separate commit. 3713 3714 A repeated timeout update to the application risk that the timeout will 3715 then fire again immediately and we have what basically is a busy-loop 3716 until the time is fine even for libcurl. If that becomes a problem, we 3717 need to address it. 3718 3719- threaded-resolver: never use NULL hints with getaddrinfo 3720 3721 The net effect of this bug as it appeared to users, would be that 3722 libcurl would timeout in the connect phase. 3723 3724 When disabling IPv6 use but still using getaddrinfo, libcurl would 3725 wrongly not init the "hints" struct field in init_thread_sync() which 3726 would subsequently lead to a getaddrinfo() invoke with a zeroed hints 3727 with ai_socktype set to 0 instead of SOCK_STREAM. This would lead to 3728 different behaviors on different platforms but basically incorrect 3729 output. 3730 3731 This code was introduced in 483ff1ca75cbea, released in curl 7.20.0. 3732 3733 This bug became a problem now due to the happy eyeballs code and how 3734 libcurl now traverses the getaddrinfo() results differently. 3735 3736 Bug: http://curl.haxx.se/mail/lib-2014-01/0061.html 3737 Reported-by: Fabian Frank 3738 Debugged-by: Fabian Frank 3739 3740Nick Zitzmann (9 Jan 2014) 3741- darwinssl: un-break Leopard build after PKCS#12 change 3742 3743 It turns out errSecDecode wasn't defined in Leopard's headers. So 3744 we use the enum's value instead. 3745 3746 Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html 3747 Reported by: Abram Pousada 3748 3749Daniel Stenberg (8 Jan 2014) 3750- Curl_updateconninfo: don't do anything for UDP "connections" 3751 3752 getpeername() doesn't work for UDP sockets since they're not connected 3753 3754 Reported-by: Priyanka Shah 3755 Bug: http://curl.haxx.se/mail/archive-2014-01/0016.html 3756 3757- info: remove debug output 3758 3759 Removed some of the infof() calls that were added with the recent 3760 pipeline improvements but they're not useful to the vast majority of 3761 readers and the pipelining seems to fundamentaly work - the debugging 3762 outputs can easily be added there if debugging these functions is needed 3763 again. 3764 3765- runtests: disable memory tracking with threaded resolver 3766 3767 The built-in memory debug system doesn't work with multi-threaded use so 3768 instead of causing annoying false positives, disable the memory tracking 3769 if the threaded resolver is used. 3770 3771- trynextip: fix build for non-IPV6 capable systems 3772 3773 AF_INET6 may not exist then 3774 3775 Patched-by: Iida Yosiaki 3776 Bug: http://curl.haxx.se/bug/view.cgi?id=1322 3777 3778Steve Holme (8 Jan 2014) 3779- makefile: Added support for VC12 3780 3781- makefile: Added support for VC11 3782 3783- winbuild: Follow up fix for a47c142a88c0, 11e8066ef956 and 92b9ae5c5d59 3784 3785Daniel Stenberg (7 Jan 2014) 3786- mk-ca-bundle.1: document -d 3787 3788Steve Holme (7 Jan 2014) 3789- RELEASE-NOTES: Synced with 8ae35102c43d8d 3790 3791Daniel Stenberg (7 Jan 2014) 3792- ConnectionExists: fix NTLM check for new connection 3793 3794 When the requested authentication bitmask includes NTLM, we cannot 3795 re-use a connection for another username/password as we then risk 3796 re-using NTLM (connection-based auth). 3797 3798 This has the unfortunate downside that if you include NTLM as a possible 3799 auth, you cannot re-use connections for other usernames/passwords even 3800 if NTLM doesn't end up the auth type used. 3801 3802 Reported-by: Paras S 3803 Patched-by: Paras S 3804 Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html 3805 3806Steve Holme (5 Jan 2014) 3807- examples: Added required libcurl version information to SMTP examples 3808 3809Daniel Stenberg (5 Jan 2014) 3810- mk-ca-bundle.pl: avoid warnings with -d without parameter 3811 3812- [Leif W brought this change] 3813 3814 mk-ca-bundle: introduces -d and warns about using this script 3815 3816Steve Holme (5 Jan 2014) 3817- Makefile: Added missing WinSSL and x64 configurations 3818 3819Marc Hoersken (5 Jan 2014) 3820- docs/INTERNALS: follow up fix for 11e8066 and 92b9ae5 3821 3822- packages: follow up fix for a47c142, 11e8066 and 92b9ae5 3823 3824- multi.c: fix possible dereference of null pointer 3825 3826Steve Holme (5 Jan 2014) 3827- Examples: Renamed SMTP MAIL example to match other email examples 3828 3829- examples: Added POP3 TLS example 3830 3831- examples: Added IMAP NOOP example 3832 3833- examples: Added POP3 NOOP example 3834 3835- pop3-stat.c: Corrected small typo from commit 91d62e9abd761c 3836 3837- examples: Added POP3 STAT example 3838 3839- examples: Added POP3 TOP example 3840 3841- examples: Added POP3 DELE example 3842 3843- examples: Added POP3 UIDL example 3844 3845- examples: Added POP3 RETR example 3846 3847- examples: Added return of error code in POP3 examples 3848 3849- runtests.pl: Updated copyright year after edit from d718abd968aeb4 3850 3851- examples: Reworked POP3 examples for additional upcoming POP3 examples 3852 3853- examples: Added SMTP SSL example 3854 3855- examples: Added IMAP SSL and TLS examples 3856 3857Marc Hoersken (5 Jan 2014) 3858- runtests.pl: check for tstunnel command on Windows 3859 3860 The Windows console version of stunnel is called "tstunnel", while 3861 running "stunnel" on Windows spawns a new console window which 3862 cannot be handled by the testsuite. 3863 3864- testcurl.pl: always show the last 5 commits even with --nogitpull 3865 3866Daniel Stenberg (4 Jan 2014) 3867- ftp tests: provide LIST responses in the test file itself 3868 3869 Previously LIST always returned a fixed hardcoded list that the ftp 3870 server code knew about, mostly since the server didn't get any test case 3871 number in the LIST scenario. Starting now, doing a CWD to a directory 3872 named test-[number] will make the test server remember that number and 3873 consider it a test case so that a subsequent LIST command will send the 3874 <data> section of that test case back. 3875 3876 It allows LIST tests to be made more similar to how all other tests 3877 work. 3878 3879 Test 100 was updated to provide its own directory listing. 3880 3881Steve Holme (4 Jan 2014) 3882- examples: Standardised username and password settings for all email examples 3883 3884 Replaced the use of CURLOPT_USERPWD for the preferred CURLOPT_USERNAME 3885 and CURLOPT_PASSWORD options and used the same username and password for 3886 all email examples which is the same as that used in the test suite. 3887 3888- Updated copyright year for recent changes 3889 3890Marc Hoersken (4 Jan 2014) 3891- secureserver.pl: support for stunnel-path with nun-alphanum chars 3892 3893 This is desired to support stunnel installations on Windows. 3894 3895- conncache.c: fix possible dereference of null pointer 3896 3897- docs: primarily refer to schannel as WinSSL 3898 3899Steve Holme (4 Jan 2014) 3900- examples: Added IMAP COPY example 3901 3902- examples: Added IMAP DELETE example 3903 3904- examples: Added IMAP CREATE example 3905 3906Daniel Stenberg (4 Jan 2014) 3907- FTP parselist: fix "total" parser 3908 3909 A regression introduced in 7f3b87d8782eae1 (present in the 7.21.4 release) 3910 broke the total parser. Now skip the whitespace and the digits. 3911 3912 Reported-by: Justin Maggard 3913 Bug: http://curl.haxx.se/mail/lib-2014-01/0019.html 3914 3915- test1513: fix spelling 3916 3917Marc Hoersken (3 Jan 2014) 3918- Makefile.vc6: follow up fix for 11e8066 and 92b9ae5 3919 3920Daniel Stenberg (3 Jan 2014) 3921- test1513: added - verify early progress callback return fail 3922 3923 Verify the change brought in commit 8e11731653061. It makes sure that 3924 returning a failure from the progress callback even very early results 3925 in the correct return code. 3926 3927- progresscallback: make CURLE_ABORTED_BY_CALLBACK get returned better 3928 3929 When the progress callback returned 1 at a very early state, the code 3930 would not make CURLE_ABORTED_BY_CALLBACK get returned but the process 3931 would still be interrupted. In the HTTP case, this would then cause a 3932 CURLE_GOT_NOTHING to erroneously get returned instead. 3933 3934 Reported-by: Petr Novak 3935 Bug: http://curl.haxx.se/bug/view.cgi?id=1318 3936 3937Marc Hoersken (3 Jan 2014) 3938- unittests: do not include curl_memory.h 3939 3940 memdebug.h already contains all required definitions and including 3941 curl_memory.h causes errors like the following: 3942 3943 tests/unit/unit1394.c:119: undefined reference to `Curl_cfree' 3944 tests/unit/unit1394.c:120: undefined reference to `Curl_cfree' 3945 3946Daniel Stenberg (3 Jan 2014) 3947- pipeline: remove print_pipeline() 3948 3949 This is a debug function only and serves no purpose in production code, 3950 it only slows things down. I left the code #ifdef'ed for possible future 3951 pipeline debugging. 3952 3953 Also, this was a global function without proper namespace usage. 3954 3955 Reported-by: He Qin 3956 Bug: http://curl.haxx.se/bug/view.cgi?id=1320 3957 3958- openssl: allow explicit sslv2 selection 3959 3960 If OpenSSL is built to support SSLv2 this brings back the ability to 3961 explicitly select that as a protocol level. 3962 3963 Reported-by: Steve Holme 3964 Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html 3965 3966Steve Holme (2 Jan 2014) 3967- Bumped copyright year to 2014 3968 3969- Updated copyright year for recent changes 3970 3971Marc Hoersken (3 Jan 2014) 3972- vtls/nssg.h: fixed include references to moved file 3973 3974Daniel Stenberg (3 Jan 2014) 3975- [Christian Weisgerber brought this change] 3976 3977 curl_easy_setopt.3: fix formatting mistakes 3978 3979 This fixes two markup typos I noticed in curl_easy_setopt.3. (The use 3980 of bold vs. italics seems a bit inconsistent in that page, but it should 3981 at least be valid man syntax.) 3982 3983- [Barry Abrahamson brought this change] 3984 3985 OpenSSL: Fix forcing SSLv3 connections 3986 3987 Some feedback provided by byte_bucket on IRC pointed out that commit 3988 db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a 3989 newer protocol when it should be only allowing for SSLv3. 3990 3991 This change fixes that. 3992 3993 When SSLv3 connection is forced, don't allow SSL negotiations for newer 3994 versions. Feedback provided by byte_bucket in #curl. This behavior is 3995 also consistent with the other force flags like --tlsv1.1 which doesn't 3996 allow for TLSv1.2 negotiation, etc 3997 3998 Feedback-by: byte_bucket 3999 Bug: http://curl.haxx.se/bug/view.cgi?id=1319 4000 4001Guenter Knauf (2 Jan 2014) 4002- Trial to fix the nmake Makefile for vtls files. 4003 4004Steve Holme (2 Jan 2014) 4005- examples: Added IMAP SEARCH example 4006 4007- examples: Added IMAP EXAMINE mailbox folder example 4008 4009Guenter Knauf (2 Jan 2014) 4010- Fix NetWare build for vtls files. 4011 4012Daniel Stenberg (1 Jan 2014) 4013- CMakeLists.txt: add standard curl source code header 4014 4015- CMakeLists.txt: add warning about the cmake build's state 4016 4017Steve Holme (1 Jan 2014) 4018- examples: Updated SMTP multi example to be more realistic 4019 4020 Updated the contents of the email and payload callback as per the IMAP 4021 and other SMTP examples. 4022 4023Daniel Stenberg (1 Jan 2014) 4024- [Barry Abrahamson brought this change] 4025 4026 OpenSSL: Fix forcing SSLv3 connections 4027 4028 Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing 4029 SSLv3 will always return the error "curl: (35) Unsupported SSL protocol 4030 version" Can be replicated with `curl -I -3 https://www.google.com/`. 4031 This fix simply allows for v3 to be forced. 4032 4033Steve Holme (1 Jan 2014) 4034- examples: Corrected unescaped backslash in imap-store.c 4035 4036- examples: Update SMTP TLS example mail content to be RFC-2821 compliant 4037 4038 ...and made some minor coding style changes to better match the curl 4039 coding standards as well as the other email related examples. 4040 4041- examples: Added IMAP APPEND example 4042 4043- examples: Added IMAP STORE example 4044 4045- RELEASE-NOTES: Synced with 7de2e032584d44 4046 4047- examples: Added IMAP LIST mailbox example 4048 4049- examples: Updated IMAP fetch example for libcurl 7.30.0 4050 4051- examples: Rename before adding additional email examples 4052 4053- examples: Added SMTP EXPN command example 4054 4055- examples: Added SMTP email verification example 4056 4057- imap: Fixed line length warning 4058 4059- mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TU 4060 4061 Following commit 0aafd77fa4c6f2, replaced the internal usage of 4062 FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we 4063 expect API programmers to use. 4064 4065 This negates the need for separate definitions which were subtly 4066 different under different platforms/compilers. 4067 4068- examples: Updated copyright year for recent edits 4069 4070- examples: Corrected incorrect indentation in smtp-multi.c 4071 4072- examples: Updated SMTP examples to set CURLOPT_UPLOAD 4073 4074- mprintf: Added support for I, I32 and I64 size specifiers 4075 4076 Added support to the built-in printf() replacement functions, for these 4077 non-ANSI extensions when compiling under Visual Studio, Borland, Watcom 4078 and MinGW. 4079 4080 This fixes problems when generating libcurl source code that contains 4081 curl_off_t variables. 4082 4083- curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE 4084 4085 Although added to CURLOPT_INFILESIZE in commit ee3d3adc6fe155 it was 4086 never added to CURLOPT_INFILESIZE_LARGE. 4087 4088- tests: Disabled NTLM tests when running with SSPI enabled 4089 4090- connect.c: Fixed compilation warning 4091 4092 warning: 'res' may be used uninitialized in this function 4093 4094- runtests.pl: Fixed slightly incorrect regex in commit 28dd47d4d41900 4095 4096- [Björn Stenberg brought this change] 4097 4098 connect: Try all addresses in first connection attempt 4099 4100 Fixes a bug when all addresses in the first family fail immediately, due 4101 to "Network unreachable" for example, curl would hang and never try the 4102 next address family. 4103 4104 Iterate through all address families when to trying establish the first 4105 connection attempt. 4106 4107 Bug: http://curl.haxx.se/bug/view.cgi?id=1315 4108 Reported-by: Michal Górny and Anthony G. Basile 4109 4110- runtests.pl: Optimised feature present checking code 4111 4112 ...to exclude not present features. 4113 4114- runtests.pl: Added the ability to run tests when a feature is not present 4115 4116- ftpserver.pl: Fixed compilation error 4117 4118 Unmatched right curly bracket at line 758, at end of line 4119 4120- ftpserver.pl: Reworked SMTP verified server detection 4121 4122 Following the addition of informational commands to the SMTP protocol, 4123 the test server is no longer required to return the verified server 4124 information in responses that curl only outputs in verbose mode. 4125 4126 Instead, a similar detection mechanism to that used by FTP, IMAP and 4127 POP3 can now be used. 4128 4129- sendf.c: Fixed compilation warning from f2d234a4dd9bcc 4130 4131 sendf.c:450:81: warning: Longer than 79 columns 4132 4133- FILE: Fixed sending of data would always return CURLE_WRITE_ERROR 4134 4135 Introduced in commit 2a4ee0d2215556 sending of data via the FILE 4136 protocol would always return CURLE_WRITE_ERROR regardless of whether 4137 CURL_WRITEFUNC_PAUSE was returned from the callback function or not. 4138 4139Daniel Stenberg (26 Dec 2013) 4140- FILE: we don't support paused transfers using this protocol 4141 4142 Make sure that we detect such attempts and return a proper error code 4143 instead of silently handling this in problematic ways. 4144 4145 Updated the documentation to mention this limitation. 4146 4147 Bug: http://curl.haxx.se/bug/view.cgi?id=1286 4148 4149Steve Holme (26 Dec 2013) 4150- vtls: Updated comments referencing sslgen.c and ssluse.c 4151 4152- vtls: Fixed up include of vtls.h 4153 4154Daniel Stenberg (25 Dec 2013) 4155- curl_dofree: allow free(NULL) 4156 4157 Previously this memdebug free() replacement didn't properly work with a 4158 NULL argument which has made us write code that avoids calling 4159 free(NULL) - which causes some extra nuisance and unnecessary code. 4160 Starting now, we should allow free(NULL) even when built with the 4161 memdebug system enabled. 4162 4163 free(NULL) is permitted by POSIX 4164 4165Steve Holme (25 Dec 2013) 4166- RELEASE-NOTES: Synced with 0ff0a994ada62a 4167 4168Daniel Stenberg (25 Dec 2013) 4169- Curl_thread_create: use Curl_safefree to allow NULL better 4170 4171 free() itself allows a NULL input but our memory debug system requires 4172 Curl_safefree() to be used instead when a "legitimate" NULL may be freed. Like 4173 in the code here. 4174 4175 Pointed-out-by: Steve Holme 4176 4177- [Luke Dashjr brought this change] 4178 4179 threaded resolver: Use pthread_t * for curl_thread_t 4180 4181 ... since pthread_t may be non-scalar and/or may represent a real thread 4182 with scalar 0. 4183 4184 Bug: http://curl.haxx.se/bug/view.cgi?id=1314 4185 4186Steve Holme (24 Dec 2013) 4187- imap: Fixed auth preference not being honored when CAPABILITY not supported 4188 4189 If a user indicated they preferred to authenticate using a SASL 4190 mechanism, but SASL authentication wasn't supported by the server, curl 4191 would always fall back to clear text when CAPABILITY wasn't supported, 4192 even though the user didn't want to use this. 4193 4194- pop3: Fixed auth preference not being honored when CAPA not supported 4195 4196 If a user indicated they preferred to authenticate using APOP or a SASL 4197 mechanism, but neither were supported by the server, curl would always 4198 fall back to clear text when CAPA wasn't supported, even though the 4199 user didn't want to use this. 4200 4201 This also fixes the auto build failure caused by commit 6f2d5f0562f64a. 4202 4203Daniel Stenberg (24 Dec 2013) 4204- TheArtOfHttpScripting: major update, converted layout and more 4205 4206- Curl_pp_readresp: use memmove not memcpy, possibly overlapping areas 4207 4208 Fixes commit 1deac31eba7 4209 4210Steve Holme (24 Dec 2013) 4211- RELEASE-NOTES: Corrected copy/paste typo 4212 4213- pop3: Fixed APOP being determined by CAPA response rather than by timestamp 4214 4215 This commit replaces that of 9f260b5d6610f3 because according to RFC-2449, 4216 section 6, there is no APOP capability "...even though APOP is an 4217 optional command in [POP3]. Clients discover server support of APOP by 4218 the presence in the greeting banner of an initial challenge enclosed in 4219 angle brackets." 4220 4221- tests: Removed APOP timestamp from default server greeting 4222 4223- test936: Corrected login details from commit 7246255416617a 4224 4225- ftpserver.pl: Updated custom full text REPLY regex 4226 4227 SASL downgrade tests: 833, 835, 879, 881, 935 and 937 would fail as 4228 they contained a minus sign in their authentication mechanism and this 4229 would be missed by the custom reply parser. 4230 4231- tests: Corrected syntax error from commit 7246255416617a 4232 4233- tests: Added SMTP SASL downgrade tests 4234 4235- tests: Added POP3 SASL downgrade tests 4236 4237- tests: Added IMAP SASL downgrade tests 4238 4239Daniel Stenberg (22 Dec 2013) 4240- docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE:// 4241 4242- FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE 4243 4244 The FILE:// code doesn't support this option - and it doesn't make sense 4245 to support it as long as it works as it does since then it'd only block 4246 even longer. 4247 4248 But: setting CURLOPT_MAX_RECV_SPEED_LARGE would make the transfer first 4249 get done and then libcurl would wait until the average speed would get 4250 low enough. This happened because the transfer happens completely in the 4251 DO state for FILE:// but then it would still unconditionally continue in 4252 to the PERFORM state where the speed check is made. 4253 4254 Starting now, the code will skip from DO_DONE to DONE immediately if no 4255 socket is set to be recv()ed or send()ed to. 4256 4257 Bug: http://curl.haxx.se/bug/view.cgi?id=1312 4258 Reported-by: Mohammad AlSaleh 4259 4260Steve Holme (22 Dec 2013) 4261- ftpserver.pl: Fixed runtime warning from commit 7da9c95bcf1fe6 4262 4263 Use of uninitialized value $FTPARG in concatenation (.) or string at 4264 line 3255. 4265 4266- ftpserver.pl: Added the ability to send custom full text replies 4267 4268- ftpserver.pl: Added the ability to specify custom full text replies 4269 4270- ftpserver.pl: Renamed commandreply variable from customreply 4271 4272- tests: Added SASL cancellation keywords 4273 4274 Added SASL CANCELLATION keywords to differentiate these tests from the 4275 upcoming SASL downgrade tests. 4276 4277- email: Fixed segfault introduced in commit 195b63f99c2fe3 4278 4279Daniel Stenberg (22 Dec 2013) 4280- code police: fix indent level to silence checksrc complaints 4281 4282Steve Holme (21 Dec 2013) 4283- email: Extended the login options to support multiple auth mechanisms 4284 4285Daniel Stenberg (22 Dec 2013) 4286- Curl_pp_readresp: replace stupid loop with memcpy 4287 4288- Curl_pp_readresp: zero terminate line 4289 4290 The comment in the code mentions the zero terminating after having 4291 copied data, but it mistakingly zero terminated the source data and not 4292 the destination! This caused the test 864 problem discussed on the list: 4293 4294 http://curl.haxx.se/mail/lib-2013-12/0113.html 4295 Signed-off-by: Daniel Stenberg <daniel@haxx.se> 4296 4297Steve Holme (21 Dec 2013) 4298- Revert "pop3: Added debug information to assist with test864 failure" 4299 4300 This reverts commit 727d798d680f29c8b3cb7d7f03d6b6a3eb4356da. 4301 4302- pop3: Added debug information to assist with test864 failure 4303 4304- RELEASE-NOTES: Synced with 812c5ace759d04 4305 4306- pop3: Fixed APOP timestamp detection from commit 1cfb436a2f1795 4307 4308Daniel Stenberg (20 Dec 2013) 4309- Makefile.inc: use standard source header 4310 4311- Makefile.inc: specify the vtls sources+headers separately 4312 4313- vtls: renamed sslgen.[ch] to vtls.[ch] 4314 4315- openssl: renamed backend files to openssl.[ch] 4316 4317- vtls: moved all TLS/SSL source and header files into subdir 4318 4319- vtls: created subdir, moved sslgen.[ch] there, updated all include lines 4320 4321Steve Holme (20 Dec 2013) 4322- pop3: Fixed selection of APOP when server replies with an invalid timestamp 4323 4324 Although highlighted by a bug in commit 1cfb436a2f1795, APOP 4325 authentication could be chosen if the server was to reply with an empty 4326 or missing timestamp in the server greeting and APOP was given in the 4327 capability list by the server. 4328 4329- pop3: Fixed processing of more than one response when sent in same packet 4330 4331 Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is 4332 called until the cache is drained. Without this multiple responses 4333 received in a single packet could result in a hang or delay. 4334 4335- pop3: Moved CAPA response handling to pop3_state_capa_resp() 4336 4337 Similar to the processing of untagged CAPABILITY responses in IMAP and 4338 multi-line EHLO responses in SMTP, moved the processing of multi-line 4339 CAPA responses to pop3_state_capa_resp(). 4340 4341- pop3: Moved APOP detection into pop3_state_servergreet_resp() 4342 4343 In an effort to reduce what pop3_endofresp() does and bring the POP3 4344 source back inline with the IMAP and SMTP protocols, moved the APOP 4345 detection into pop3_state_servergreet_resp(). 4346 4347- curl_easy_setopt: Fixed OAuth 2.0 Bearer option name 4348 4349 Bug: http://curl.haxx.se/bug/view.cgi?id=1313 4350 Reported-by: Viktor Szakáts 4351 4352Daniel Stenberg (18 Dec 2013) 4353- curl.1: remove URL encoding phrase from --data description 4354 4355 ... it could be misleading a reader into thinking it _has_ to be encoded. 4356 4357Steve Holme (18 Dec 2013) 4358- imap/pop3/smtp: Added support for SASL authentication downgrades 4359 4360 Added support for downgrading the SASL authentication mechanism when the 4361 decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances 4362 the previously added support for graceful cancellation by allowing the 4363 client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even 4364 APOP / clear text (in the case of POP3 and IMAP) when supported by the 4365 server. 4366 4367Daniel Stenberg (18 Dec 2013) 4368- RELEASE-PROCEDURE: new document 4369 4370- gitignore: ignore .dirstamp files 4371 4372- smtp: fix compiler warning 4373 4374 smtp.c:478:21: error: unused variable 'smtpc' [-Werror=unused-variable] 4375 4376Steve Holme (18 Dec 2013) 4377- smtp: Moved the calculation of SASL login details into a separate function 4378 4379- pop3: Moved the calculation of SASL login details into a separate function 4380 4381- imap: Moved the calculation of SASL login details into a separate function 4382 4383- smtp: Moved the sending of the AUTH command into a separate function 4384 4385- pop3: Moved the sending of the AUTH command into a separate function 4386 4387- imap: Moved the sending of the AUTHENICATE command into a separate function 4388 4389- email: Renamed *_perform_authenticate() functions 4390 4391 In preparation for the upcoming SASL downgrade feature renamed the 4392 imap__perform_authenticate(), pop3__perform_authenticate() and 4393 smtp__perform_authenticate() functions. 4394 4395Daniel Stenberg (17 Dec 2013) 4396- bump: start working on the next release 4397 4398Version 7.34.0 (16 Dec 2013) 4399 4400Daniel Stenberg (16 Dec 2013) 4401- RELEASE-NOTES: synced with c0ef05e67 4402 4403 ... for the pending 7.34.0 release 4404 4405 Upped the contributor count 4406 4407- THANKS: add contributors from 7.34.0 release 4408 4409 24 new great friends 4410 4411- gtls: respect *VERIFYHOST independently of *VERIFYPEER 4412 4413 Security flaw CVE-2013-6422 4414 4415 This is conceptually the same problem and fix that 3c3622b6 brought to the 4416 OpenSSL backend and that resulted in CVE-2013-4545. 4417 4418 This version of the problem was independently introduced to the GnuTLS 4419 backend with commit 59cf93cc, present in the code since the libcurl 4420 7.21.4 release. 4421 4422 Advisory: http://curl.haxx.se/docs/adv_20131217.html 4423 Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html 4424 Reported-by: Marc Deslauriers 4425 4426- curl.1 document -J doesn't %-decode 4427 4428 ...also added as KNOWN_BUG #87 with reference to bug #1294 4429 4430- multi: add timer inaccuracy margin to timeout/connecttimeout 4431 4432 Since all systems have inaccuracy in the timeout handling it is 4433 imperative that we add an inaccuracy margin to the general timeout and 4434 connecttimeout handling with the multi interface. This way, when the 4435 timeout fires we should be fairly sure that it has passed the timeout 4436 value and will be suitably detected. 4437 4438 For cases where the timeout fire before the actual timeout, we would 4439 otherwise consume the timeout action and still not run the timeout code 4440 since the condition wasn't met. 4441 4442 Reported-by: He Qin 4443 Bug: http://curl.haxx.se/bug/view.cgi?id=1298 4444 4445- RELEASE-NOTES: synced with dd4d9ea542 4446 4447- curl_easy_setopt: clarify some USERPWD and PROXYUSERPWD details 4448 4449- login options: remove the ;[options] support from CURLOPT_USERPWD 4450 4451 To avoid the regression when users pass in passwords containing semi- 4452 colons, we now drop the ability to set the login options with the same 4453 options. Support for login options in CURLOPT_USERPWD was added in 4454 7.31.0. 4455 4456 Test case 83 was modified to verify that colons and semi-colons can be 4457 used as part of the password when using -u (CURLOPT_USERPWD). 4458 4459 Bug: http://curl.haxx.se/bug/view.cgi?id=1311 4460 Reported-by: Petr Bahula 4461 Assisted-by: Steve Holme 4462 Signed-off-by: Daniel Stenberg <daniel@haxx.se> 4463 4464Steve Holme (14 Dec 2013) 4465- imap: Fixed exclude of clear text when using auth=* in commit 75cd7fd66762bb 4466 4467 It is not 100% clear whether * should include clear text LOGIN or not 4468 from RFC-5092, however, including it is then consistent with current 4469 POP3 behaviour where clear text, APOP or SASL may be chosen. 4470 4471- imap: Fixed incorrect fallback to clear text authentication 4472 4473 If a specific SASL authentication mechanism was requested by the user 4474 as part of the login options but wasn't supported by the server then 4475 curl would fallback to clear text, when it shouldn't, rather than 4476 reporting "No known authentication mechanisms supported" as the POP3 4477 and SMTP protocols do. 4478 4479Daniel Stenberg (11 Dec 2013) 4480- [Eric Lubin brought this change] 4481 4482 parsedate: avoid integer overflow 4483 4484 In C, signed integer overflow is undefined behavior. Thus, the compiler 4485 is allowed to assume that it will not occur. In the check for an 4486 overflow, the developer assumes that the signed integer of type time_t 4487 will wrap around if it overflows. However, this behavior is undefined in 4488 the C standard. Thus, when the compiler sees this, it simplifies t + 4489 delta < t to delta < 0. Since delta > 0 and delta < 0 can't both be 4490 true, the entire if statement is optimized out under certain 4491 optimization levels. Thus, the parsedate function would return 4492 PARSEDATE_OK with an undefined value in the time, instead of return -1 = 4493 PARSEDATE_FAIL. 4494 4495- parseconfig: warn if unquoted white spaces are detected 4496 4497 Commit 0db811b6 made some existing config files pass on unexpected 4498 values to libcurl that made it somewhat hard to track down what was 4499 really going on. 4500 4501 This code detects unquoted white spaces in the parameter when parsing a 4502 config file as that would be one symptom and it is generally a bad 4503 syntax anyway. 4504 4505- RELEASE-NOTES: recount contributors and libcurl options 4506 4507- RELEASE-NOTES: synced with c4f46e97ca6c 4508 4509- [James Dury brought this change] 4510 4511 TFTP: let tftp_multi_statemach()'s return codes through 4512 4513 It would otherwise always clobber the return code with new function 4514 calls and it couldn't return timeout etc. 4515 4516 Bug: http://curl.haxx.se/bug/view.cgi?id=1310 4517 4518Nick Zitzmann (7 Dec 2013) 4519- [Melissa Mears brought this change] 4520 4521 darwinssl: Fix #if 10.6.0 for SecKeychainSearch 4522 4523 The comment here says that SecKeychainSearch causes a deprecation 4524 warning when used with a minimum Mac OS X SDK version of 10.7.0, which 4525 is correct. However, the #if guard did not match. It was intended to 4526 only use the code if 10.6.0 support was enabled, but it had 10.7.0 4527 instead. This caused a warning if the minimum was exactly 10.7.0. 4528 4529Daniel Stenberg (6 Dec 2013) 4530- [Christian Weisgerber brought this change] 4531 4532 curl.h: <sys/select.h> for OpenBSD 4533 4534 curl.h should also include <sys/select.h> on OpenBSD to reliably 4535 pull in select(). Typically, including <sys/time.h> will be enough, 4536 but not if strict standards-compliance is requested (e.g. by defining 4537 _XOPEN_SOURCE). 4538 4539- digest: fix CURLAUTH_DIGEST_IE 4540 4541 The URI that is passed in as part of the Authorization: header needs to 4542 be cut off at '?' if CURLAUTH_DIGEST_IE is set. Previously the code only 4543 did when calculating the MD5sum. 4544 4545 Bug: http://curl.haxx.se/bug/view.cgi?id=1308 4546 Patched-by: Sergey Tatarincev 4547 4548- Curl_is_connected: use proxy name in error message when proxy is used 4549 4550 (bug introduced in 255826c4, never present in a release) 4551 4552 Reported-by: Dima Tisnek 4553 Bug: http://curl.haxx.se/mail/lib-2013-12/0006.html 4554 4555Steve Holme (4 Dec 2013) 4556- imap/pop3: Post graceful cancellation consistency changes 4557 4558- [Melissa Mears brought this change] 4559 4560 pop3: Fix POP3_TYPE_ANY signed compilation warning 4561 4562 POP3_TYPE_ANY, or ~0, is written to pop3c->preftype in lib/pop3c.c, an 4563 unsigned int variable. The result of ~0 is -1, which caused a warning 4564 due to writing a negative number to an unsigned variable. To fix this, 4565 make the expression ~0U so that its value is considered the unsigned 4566 number UINT_MAX which is what SASL_AUTH_ANY does in curl_sasl.h. 4567 4568Kamil Dudka (2 Dec 2013) 4569- tool_metalink: do not use HAVE_NSS_INITCONTEXT 4570 4571 ... no longer provided by the configure script 4572 4573- nss: make sure that 'sslver' is always initialized 4574 4575- nss: unconditionally require NSS_InitContext() 4576 4577 ... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway 4578 4579- nss: allow to use TLS > 1.0 if built against recent NSS 4580 4581 Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html 4582 4583- nss: put SSL version selection into separate fnc 4584 4585- nss: use a better API for controlling SSL version 4586 4587 This change introduces a dependency on NSS 3.14+. 4588 4589Patrick Monnerat (2 Dec 2013) 4590- OS400: sync wrappers and RPG binding. 4591 4592Steve Holme (1 Dec 2013) 4593- multi.c: Fixed compilation warning 4594 4595 warning: declaration of 'pipe' shadows a global declaration 4596 4597- RELEASE-NOTES: Synced with ad3836448efbb7 4598 4599- base64: Corrected typo from commit f3ee587775c88a 4600 4601- base64: Post extended extended validation tidy up 4602 4603 Reduced the separate processing of the last quantum to be performed in 4604 the main decoding loop and renamed some variables for consistency. 4605 4606- base64: Extended validation to look for invalid characters 4607 4608 Extended the basic validation in commit e17c1b25bc33eb to return a 4609 failure when invalid base64 characters are included. 4610 4611- base64: Post basic validation tidy up 4612 4613 Due to the length checks introduced in commit e17c1b25bc33eb there is no 4614 need to allow for extra space in the output buffer for a non-padded last 4615 quantum. 4616 4617- curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy up 4618 4619 1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the 4620 mailing list. 4621 2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our 4622 function naming convention. 4623 3) Updated sessioninfo.c example accordingly. 4624 4625Daniel Stenberg (29 Nov 2013) 4626- parseconfig: dash options can't specified with colon or equals 4627 4628 Bug: http://curl.haxx.se/bug/view.cgi?id=1297 4629 Reported-by: Michael Osipov 4630 4631- curl.1: -G also takes --data-urlencode data 4632 4633- globbing: curl glob counter mismatch with {} list use 4634 4635 The "fixed string" function wrongly bumped the "urlnum" counter which 4636 made curl output the total number of URLs wrong when using 4637 {one,two,three} lists in globs. 4638 4639 Reported-by: Michael-O 4640 Bug: http://curl.haxx.se/bug/view.cgi?id=1305 4641 4642Steve Holme (28 Nov 2013) 4643- [Christian Grothoff brought this change] 4644 4645 sessioninfo.c: Added sample code for CURLINFO_TLS_SESSION 4646 4647 Added a simple example to show how one can use CURLINFO_TLS_SESSION for 4648 obtaining extensive TLS certificate information. 4649 4650- multi.c: Fixed compilation error introduced in commit a900d45489fc14 4651 4652 Systems that define SIGPIPE_VARIABLE as a noop would not compile as 4653 restore_pipe was defined afterwards. 4654 4655- [Christian Grothoff brought this change] 4656 4657 curl_easy_getopt: Handle API violation gracefully 4658 4659 This fixes a NULL dereference in the case where the client asks for 4660 CURLINFO_TLS_SESSION data after the (TLS) session has already been 4661 destroyed (i.e. curl_easy_perform has already completed for this 4662 handle). Instead of crashing, we now return a CURLSSLBACKEND_NONE 4663 error. 4664 4665- KNOWN_BUGS: #86: Disconnect commands may not be sent by IMAP, POP3 and SMTP 4666 4667Daniel Stenberg (27 Nov 2013) 4668- [Jeff King brought this change] 4669 4670 curl_multi_cleanup: ignore SIGPIPE 4671 4672 This is an extension to the fix in 7d80ed64e43515. We may 4673 call Curl_disconnect() while cleaning up the multi handle, 4674 which could lead to openssl sending packets, which could get 4675 a SIGPIPE. 4676 4677 Signed-off-by: Jeff King <peff@peff.net> 4678 4679- [Jeff King brought this change] 4680 4681 sigpipe: factor out sigpipe_reset from easy.c 4682 4683 Commit 7d80ed64e43515 introduced some helpers to handle 4684 sigpipe in easy.c. However, that fix was incomplete, and we 4685 need to add more callers in other files. The first step is 4686 making the helpers globally accessible. 4687 4688 Since the functions are small and should generally end up 4689 inlined anyway, we simply define them in the header as 4690 static functions. 4691 4692 Signed-off-by: Jeff King <peff@peff.net> 4693 4694- [Björn Stenberg brought this change] 4695 4696 connect: Try next ip directly after immediate connect fail 4697 4698 This fixes a rare Happy Eyeballs bug where if the first IP family runs 4699 out of addresses before the second-family-timer fires, and the second 4700 IP family's first connect fails immediately, no further IPs of the 4701 second family are attempted. 4702 4703- hostip: don't prune DNS cache entries that are in use 4704 4705 When adding entries to the DNS cache with CURLOPT_RESOLVE, they are 4706 marked 'inuse' forever to prevent them from ever being removed in normal 4707 operations. Still, the code that pruned out-of-date DNS entries didn't 4708 care for the 'inuse' struct field and pruned it anyway! 4709 4710 Reported-by: Romulo A. Ceccon 4711 Bug: http://curl.haxx.se/bug/view.cgi?id=1303 4712 4713Steve Holme (24 Nov 2013) 4714- RELEASE-NOTES: Synced with 35e476a3f6cdd5 4715