diff --git a/msvc-deps/curl/CHANGES b/msvc-deps/curl/CHANGES new file mode 100644 index 0000000000000000000000000000000000000000..27f6809d9f2c5aac0e2eec729010a946e601687f --- /dev/null +++ b/msvc-deps/curl/CHANGES @@ -0,0 +1,5600 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Changelog + +Version 7.28.1 (20 Nov 2012) + +Daniel Stenberg (20 Nov 2012) +- RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1 + +Kamil Dudka (20 Nov 2012) +- [Anthony Bryan brought this change] + + RELEASE-NOTES: NSS can be used for metalink hashing + +- [Fabian Keil brought this change] + + Get test 2032 working when using valgrind + + If curl_multi_fdset() sets maxfd to -1, the socket detection + loop is skipped and thus !found_new_socket is no cause for alarm. + +- test2032: spurious failure caused by premature termination + + Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html + +Daniel Stenberg (19 Nov 2012) +- [Fabian Keil brought this change] + + Fix comment typos in test 517 + +- [Fabian Keil brought this change] + + Test 92 and 194: normalize spaces in the Server headers + + It makes no difference from curl's point of view but + makes it more convenient to use the tests with a + lws-normalizing proxy between curl and the test server. + +- [Fabian Keil brought this change] + + Add a HOSTIP precheck for tests 31 and 1105 + + They currently only work for 127.0.0.1 which + is hardcoded and can't be easily changed. + +- [Fabian Keil brought this change] + + Let test 8 work as long as %HOSTIP ends with ".0.0.1" + + .. and add a precheck to skip the test otherwise. + +- [Fabian Keil brought this change] + + Add --resolve to the keywords and name of test 1318 + + This makes it easier to skip it automatically when + the test suite is used with external proxies. + +- [Fabian Keil brought this change] + + Add FTP keywords for a couple of currently keyword-less FTP tests + +- [Fabian Keil brought this change] + + Add keywords for a couple of currently keyword-less HTTP tests + +- [Fabian Keil brought this change] + + Use carriage returns in all headers in test 31 + + Trailing spaces were left unmodifed, assuming they were intentional. + +- [Fabian Keil brought this change] + + Do not mix CRLF and LF header endings in a couple of HTTP tests + + Consistently use CRLF instead. The mixed endings weren't + documented so I assume they were unintentional. + + This change doesn't matter for curl itself but makes using + the tests with a proxy between curl and the test server + more convenient. + + Tests that consistently use no carriage returns were + left unmodified as one can easily work around this. + +- fixed memory leak: CURLOPT_RESOLVE with multi interface + + DNS cache entries populated with CURLOPT_RESOLVE were not properly freed + again when done using the multi interface. + + Test case 1502 added to verify. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3575448 + Reported by: Alex Gruz + +- RELEASE-NOTES: synced with ee588fe08807778 + + 4 more bug fixes and 4 more contributors + +- mem-include-scan: verify memory #includes + + If we use memory functions (malloc, free, strdup etc) in C sources in + libcurl and we fail to include curl_memory.h or memdebug.h we either + fail to properly support user-provided memory callbacks or the memory + leak system of the test suite fails. + + After Ajit's report of a failure in the first category in http_proxy.c, + I spotted a few in the second category as well. These problems are now + tested for by test 1132 which runs a perl program that scans for and + attempts to check that we use the correct include files if a memory + related function is used in the source code. + + Reported by: Ajit Dhumale + Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html + +- tftp_rx: code style cleanup + + Fixed checksrc warnings + +- [Fabian Keil brought this change] + + Fix the libauthretry changes from 7c0cbcf2f61 + + They broke the NTLM tests from 2023 to 2031. + +- [Christian Vogt brought this change] + + tftp_rx: handle resends + + Re-send ACK for block X in case we receive block X data again while + waiting for block X+1. + + Based on an earlier patch by Marcin Adamski. + +- autoconf: don't force-disable compiler debug option + + When nothing is told to configure, we should not enforce switching off + debug options with -g0 (or similar). We instead don't use -g at all in + that situaion and therefore allow the user's CFLAGS settings possibly + dictate what to do. + +- [Mark Snelling brought this change] + + winbuild: Fix PDB file output + + And fix some newlines to be proper CRLF + + Bug: http://curl.haxx.se/bug/view.cgi?id=3586741 + +- RELEASE-NOTES: synced with fa1ae0abcde + +- [Cristian Rodríguez brought this change] + + OpenSSL: Disable SSL/TLS compression + + It either causes increased memory usage or exposes users + to the "CRIME attack" (CVE-2012-4929) + +- [Sebastian Rasmussen brought this change] + + FILE: Make upload-writes unbuffered by not using FILE streams + +Kamil Dudka (13 Nov 2012) +- tool_metalink: fix error detection of hash alg initialization + + The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly + without any wrappers and they return 1 for success, 0 otherwise. Hence, + we have to use the same approach in all the wrapper functions that are + used for the other crypto libraries. + + This commit fixes a regression introduced in commit dca8ae5f. + +Daniel Stenberg (13 Nov 2012) +- RELEASE-NOTES: synced with 7c0cbcf2f617b + +- [Sergei Nikulov brought this change] + + fixed Visual Studio 2010 compilation + +- [Anton Malov brought this change] + + ftp: EPSV-disable fix over SOCKS + + Bug: http://curl.haxx.se/bug/view.cgi?id=3586338 + +Patrick Monnerat (12 Nov 2012) +- Merge branch 'master' of github.com:bagder/curl + +- OS400: upgrade wrappers for the 7.28.1 release. + +Daniel Stenberg (12 Nov 2012) +- runtests: limit execessive logging/output + +- [Gabriel Sjoberg brought this change] + + Digst: Add microseconds into nounce calculation + + When using only 1 second precision, curl doesn't create new cnonce + values quickly enough for all uses. + + For example, issuing the following command multiple times to a recent + Tomcat causes authentication failures: + + curl --digest -utest:test http://tomcat.test.com:8080/manager/list + + This is because curl uses the same cnonce for several seconds, but + doesn't increment the nonce counter.  Tomcat correctly interprets + this as a replay attack and rejects the request. + + When microsecond-precision is available, this commit causes curl to + change cnonce values much more frequently. + + With microsecond resolution, increasing the nounce length used in the + headers to 32 was made to further reduce the risk of duplication. + +- SCP/SFTP: improve error code used for send failures + + Instead of relying on the generic CURLE error for SCP or SFTP send + failures, try passing back a more suitable error if possible. + +- Curl_write: remove unneeded typecast + +Kamil Dudka (9 Nov 2012) +- tool_metalink: allow to use hash algorithms provided by NSS + + Fixes bug #3578163: + http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976 + +- tool_metalink: allow to handle failure of hash alg initialization + +- tool_metalink: introduce metalink_cleanup() in the internal API + + ... to release resources allocated at global scope + +Daniel Stenberg (8 Nov 2012) +- hostcheck: only build for the actual users + + and make local function static + +- [Oscar Koeroo brought this change] + + SSL: Several SSL-backend related fixes + + axTLS: + + This will make the axTLS backend perform the RFC2818 checks, honoring + the VERIFYHOST setting similar to the OpenSSL backend. + + Generic for OpenSSL and axTLS: + + Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c + files to make them genericly available for both the OpenSSL, axTLS and + other SSL backends. They are now in the new lib/hostcheck.c file. + + CyaSSL: + + CyaSSL now also has the RFC2818 checks enabled by default. There is a + limitation that the verifyhost can not be enabled exclusively on the + Subject CN field comparison. This SSL backend will thus behave like the + NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: + setting verifyhost to 0 or 1 will disable the Subject Alt Names checks + too. + + Schannel: + + Updated the schannel information messages: Split the IP address usage + message from the verifyhost setting and changed the message about + disabling SNI (Server Name Indication, used in HTTP virtual hosting) + into a message stating that the Subject Alternative Names checks are + being disabled when verifyhost is set to 0 or 1. As a side effect of + switching off the RFC2818 related servername checks with + SCH_CRED_NO_SERVERNAME_CHECK + (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature + is being disabled. This effect is not documented in MSDN, but Wireshark + output clearly shows the effect (details on the libcurl maillist). + + PolarSSL: + + Fix the prototype change in PolarSSL of ssl_set_session() and the move + of the peer_cert from the ssl_context to the ssl_session. Found this + change in the PolarSSL SVN between r1316 and r1317 where the + POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu + PolarSSL version 1.1.4 the check is to discriminate between lower then + PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN + trunk jumped from version 1.1.1 to 1.2.0. + + Generic: + + All the SSL backends are fixed and checked to work with the + ssl.verifyhost as a boolean, which is an internal API change. + +- libcurl: VERSIONINFO update + + Since we added the curl_multi_wait function, the VERSIONINFO needed + updating. + + Reported by: Patrick Monnerat + +Guenter Knauf (8 Nov 2012) +- Added .def file to output. + + Requested by Johnny Luong on the libcurl list. + +- Added deps for static metalink-aware MinGW builds. + +Daniel Stenberg (8 Nov 2012) +- [Fabian Keil brought this change] + + Fix compilation of lib1501 + +- Curl_readwrite: remove debug output + + The text "additional stuff not fine" text was added for debug purposes a + while ago, but it isn't really helping anyone and for some reason some + Linux distributions provide their libcurls built with debug info still + present and thus (far too many) users get to read this info. + +- RELEASE-NOTES: synced with 487538e87a3d5e + + 6 new bugfixes and 3 more contributors... + +- http_perhapsrewind: consider NTLM over proxy too + + The logic previously checked for a started NTLM negotiation only for + host and not also with proxy, leading to problems doing POSTs over a + proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the + check. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582321 + Reported by: John Suprock + +- [Lars Buitinck brought this change] + + Curl_connecthost: friendlier "couldn't connect" message + +- test1413: verify redirects to URLs with fragments + + The bug report claimed it didn't work. This problem was probably fixed + in 473003fbdf. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3581898 + +- URL parser: cut off '#' fragments from URLs (better) + + The existing logic only cut off the fragment from the separate 'path' + buffer which is used when sending HTTP to hosts. The buffer that held + the full URL used for proxies were not dealt with. It is now. + + Test case 5 was updated to use a fragment on a URL over a proxy. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579813 + +- OpenSSL/servercert: use correct buffer size, not size of pointer + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579286 + +- curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable + +- test 2027/2030: take duplicate Digest requests into account + + With the reversion of ce8311c7e49eca and the new clear logic, this flaw + is present and we allow it. + +- Curl_pretransfer: clear out unwanted auth methods + + As a handle can be re-used after having done HTTP auth in a previous + request, it must make sure to clear out the HTTP types that aren't + wanted in this new request. + +- test1412: verify Digest with repeated URLs + + This test case verifies that bug 3582718 is fixed. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582718 + Reported by: Nick Zitzmann (originally) + +- Revert "Zero out auth structs before transfer" + + This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97. + + The commit made test 2024 work but caused a regression with repeated + Digest authentication. We need to fix this differently. + +- CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value + + After a research team wrote a document[1] that found several live source + codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST + option thinking it was a boolean, this change now bans 1 as a value and + will make libcurl return error for it. + + 1 was never a sensible value to use in production but was introduced + back in the days to help debugging. It was always documented clearly + this way. + + 1 was never supported by all SSL backends in libcurl, so this cleanup + makes the treatment of it unified. + + The report's list of mistakes for this option were all PHP code and + while there's a binding layer between libcurl and PHP, the PHP team has + decided that they have an as thin layer as possible on top of libcurl so + they will not alter or specifically filter a 'TRUE' value for this + particular option. I sympathize with that position. + + [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/ + +- gnutls: fix compiler warnings + +- [Alessandro Ghedini brought this change] + + gnutls: print alerts during handshake + +- [Alessandro Ghedini brought this change] + + gnutls: fix the error_is_fatal logic + +- RELEASE-NOTES: synced with fa6d78829fd30ad + +- httpcustomheader.c: free the headers after use + +- [Dave Reisner brought this change] + + uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES + + Since automake 1.12.4, the warnings are issued on running automake: + + warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') + + Avoid INCLUDES and roll these flags into AM_CPPFLAGS. + + Compile tested on: + Ubuntu 10.04 (automake 1:1.11.1-1) + Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2) + Arch Linux (automake 1.12.4) + +- libauthretry.c: shorten lines to fit within 80 cols + +- ftp_readresp: fix build without krb4 support + + Oops, my previous commit broke builds with krb support. + +- test/README: mention the 1500 test number range + +- FTP: prevent the multi interface from blocking + + As pointed out in Bug report #3579064, curl_multi_perform() would + wrongly use a blocking mechanism internally for some commands which + could lead to for example a very long block if the LIST response never + showed. + + The solution was to make sure to properly continue to use the multi + interface non-blocking state machine. + + The new test 1501 verifies the fix. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3579064 + Reported by: Guido Berhoerster + +Marc Hoersken (1 Nov 2012) +- winbuild: Use machine type of development environment + + This patch restores the original behavior instead of always + falling back to x86 if no MACHINE-type was specified. + +- winbuild: Additional clean up + +- [Sapien2 brought this change] + + Even more winbuild refactoring + +- [Sapien2 brought this change] + + Minor winbuild refactoring + +- [Sapien2 brought this change] + + Architecture selection for winbuild and minor makefiles refactoring + +Daniel Stenberg (1 Nov 2012) +- BUGS: fix the bug tracker URL + + The URL we used before is the one that goes directly to 'add' a bug + report, but since you can only do that after first having logged in to + sourceforge, the link often doesn't work for visitors. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582408 + Reported by: Oscar Norlander + +- evhiperfifo: fix the pointer passed to WRITEDATA + + Bug: http://curl.haxx.se/bug/view.cgi?id=3582407 + Reported by: Oscar Norlander + +Guenter Knauf (1 Nov 2012) +- Fixed MSVC libssh2 static build. + + Since libssh2 supports now agent stuff it also depends on user32.lib. + Posted to the list by Jan Ehrhardt. + +Daniel Stenberg (23 Oct 2012) +- tlsauthtype: deal with the string case insensitively + + When given a string as 'srp' it didn't work, but required 'SRP'. + Starting now, the check disregards casing. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 + Reported by: Jeff Connelly + +- asyn-ares: restore working with c-ares < 1.6.1 + + Back in those days the public ares.h header didn't include the + ares_version.h header so it needs to be included here. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3577710 + +- [Nick Zitzmann brought this change] + + metalink/md5: Use CommonCrypto on Apple operating systems + + Previously the Metalink code used Apple's CommonCrypto library only if + curl was built using the --with-darwinssl option. Now we use CommonCrypto + on all Apple operating systems including Tiger or later, or iOS 5 or + later, so you don't need to build --with-darwinssl anymore. Also rolled + out this change to libcurl's md5 code. + +- href_extractor.c: fix the URL + +- [Michał Kowalczyk brought this change] + + href_extractor: example code extracting href elements + + It does so in a streaming manner using the "Streaming HTML parser". + +- [Nick Zitzmann brought this change] + + darwinssl: un-broke iOS build, fix error on server disconnect + + The iOS build was broken by a reference to a function that only existed + under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the + server disconnected before libcurl got the chance to hang up first and + SecureTransport was in use, then we'd raise an error instead of failing + gracefully. + +- [Alessandro Ghedini brought this change] + + gnutls: put reset code into else block + + Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551 + +Guenter Knauf (13 Oct 2012) +- Fix now broken libmetalink-aware OpenSSL build. + +- Revert c44e674; add OpenSSL includes/defines. + + The makefile is designed to build against a libmetalink devel package; + therefore is does not matter what will change inside libmetalink. + Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds. + +Daniel Stenberg (10 Oct 2012) +- version-bump: towards 7.28.1! + +- THANKS: 14 new contributors from 7.28.0 + +Version 7.28.0 (10 Oct 2012) + +Daniel Stenberg (10 Oct 2012) +- RELEASE-NOTES: synced with 8373ca3641 + + One bug, one contributor. Getting ready for release. + +- curl_multi_wait: no wait if no descriptors to wait for + + This is a minor change in behavior after having been pointed out by Mark + Tully and discussed on the list. Initially this case would internally + call poll() with no sockets and a timeout which would equal a sleep for + that specified time. + + Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html + Reported by: Mark Tully + +- TODO-RELEASE: cleanup for 7.28.0 + + one issue is now KNOWN_BUG #79 + + the other we just skip since nobody is working on it or is planning to + start working on it anytime soon + +- curl_multi_wait.3: style formatting mistake + +Marc Hoersken (8 Oct 2012) +- ssluse.c: md5.h is required for Curl_ossl_md5sum + +Daniel Stenberg (8 Oct 2012) +- curl_multi_wait.3: fix the name of the man page + +- curl_multi_wait.3: renamed the last argument variable for clarity + +Marc Hoersken (6 Oct 2012) +- curl_schannel.c: Fixed caching more data than required + + Do not fill the decrypted data buffer with more data unless + required in order to return the requested amount of data. + +- curl_schannel: Removed buffer limit and optimized buffer strategy + + Since there are servers that seem to return very big encrypted + data packages, we need to be able to handle those without having + an internal size limit. To avoid the buffer growing to fast to + early the initial size was decreased and the minimum free space + in the buffer was decreased as well. + +- lib/socks.c: Merged two size variables into one + +- lib/socks.c: Avoid type conversions where possible + + Streamlined variable names and types to avoid type conversions that + may result in data being lost on non 32-bit systems. + +- lib/curl_schannel.c: Hide size_t conversion warning + +- krb5/curl_rtmp.c: Hide size_t to int type conversion warning + +- security.c: Aligned internal type to return type + + Use ssize_t instead of int to avoid conversion problems on 64-bit + systems. Also added curlx_sztosi where necessary. + +- lib/curl_schannel: Increased maximum buffer size to factor 128 + +- winbuild/MakefileBuild.vc: Follow up on 0c8ccf7 + +Daniel Stenberg (2 Oct 2012) +- RELEASE-NOTES: synced with 971f5bcedd418 + + 9 new bug fixes, 5 changes, 6 more contributors + +- multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation + + During the periods of rate limitation, the speedcheck function wasn't + called and thus the values weren't updated accordingly and it would then + easily trigger wrongly once data got transferred again. + + Also, the progress callback's return code was not acknowledged in this + state so it could make an "abort" return code to get ignored and not + have the documented effect of aborting an ongoing transfer. + + Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html + Reported by: Jie He + +- [Tatsuhiro Tsujikawa brought this change] + + tool_metalink.c: Filtered resource URLs by type + + In Metalink v3, the type attribute of url element indicates the + type of the resource the URL points to. It can include URL to the + meta data, such as BitTorrent metainfo file. In Curl, we are not + interested in these meta data URLs. Instead, we are only + interested in the HTTP and FTP URLs. This change filters out + non-HTTP and FTP URLs. If we don't filter out them, it will be + downloaded by curl and hash check will fail if hash is provided + and next URL will be tried. This change will cut this useless + network transfer. + +Kamil Dudka (1 Oct 2012) +- https.c example: remember to call curl_global_init() + + ... in order not to leak memory on initializing an SSL library. + + Reported by: Tomas Mlcoch + +Daniel Stenberg (28 Sep 2012) +- FAQ: remove the date from the topmost line + +- FAQ: 5.16 I want a different time-out! + +- Curl_reconnect_request: clear pointer on failure + + The Curl_reconnect_request() function could end up returning a pointer + to a free()d struct when Curl_done() failed inside. Clearing the pointer + unconditionally after Curl_done() avoids this risk. + + Reported by: Ho-chi Chen + Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html + +- CURLOPT_CONNECTTIMEOUT: works without signals or posix too! + +Marc Hoersken (24 Sep 2012) +- Makefile.vc6: Follow up on 0c8ccf7 + +- Makefile.vc6: Added missing default library advapi32.lib + +Daniel Stenberg (19 Sep 2012) +- HTTP_ONLY: disable more protocols + +- test2006: Updated expected output to include hash name + + Output changed in commit a34197ef77cb + +- [Sergei Nikulov brought this change] + + cmake: use standard findxxx modules for cmake v2.8+ + +- [Sergei Nikulov brought this change] + + setup.h: fixed for MS VC10 build + + Bug: http://curl.haxx.se/bug/view.cgi?id=3568327 + +- TODO-RELEASE: push new features to 7.29 + + Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be + working on them I have little hope... + +Marc Hoersken (17 Sep 2012) +- metalink tests: Updated expected output to include hash name + +Daniel Stenberg (16 Sep 2012) +- [Sara Golemon brought this change] + + curl_multi_wait: Add parameter to return number of active sockets + + Minor change to recently introduced function. BC breaking, but since + curl_multi_wait() doesn't exist in any releases that should be fine. + +Marc Hoersken (14 Sep 2012) +- socks.c: Fixed warning: conversion to 'int' from 'long unsigned int' + +- http_negotiate.c: Fxied warning: unused variable 'rc' + +- ssh.c: Fixed warning: implicit conversion from enumeration type + +- socks.c: Check that IPv6 is enabled before using it's features + +- checksrc: Fixed line length and comment indentation + +- socks.c: Updated error messages to handle hostname and IPv6 + +- socks.c: Added support for IPv6 connections through SOCKSv5 proxy + +Daniel Stenberg (13 Sep 2012) +- parse_proxy: treat "socks://x" as a socks4 proxy + + Selected socks proxy in Google's Chrome browser. Resulting in the + following environment variables: + + NO_PROXY=localhost,127.0.0.0/8 + ALL_PROXY=socks://localhost:1080/ + all_proxy=socks://localhost:1080/ + no_proxy=localhost,127.0.0.0/8 + + ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP + proxy. + + Reported by: Scott Bailey + + Bug: http://curl.haxx.se/bug/view.cgi?id=3566860 + +Kamil Dudka (12 Sep 2012) +- ssh: do not crash if MD5 fingerprint is not provided by libssh2 + + The MD5 fingerprint cannot be computed when running in FIPS mode. + +- ssh: move the fingerprint checking code to a separate fnc + +Marc Hoersken (12 Sep 2012) +- tool_metalink.c: Added name of validation hash to messages + + This makes it easier to debug broken hashes or hash functions. + +- wincrypt: Fixed cross-compilation issues caused by include name + + For some reason WinCrypt.h is named wincrypt.h under MinGW. + +- md5.c: Added support for Microsoft Windows CryptoAPI + +- Makefile.m32: Updated to build against libmetalink 0.1.2 + + The include and library path were moved within libmetalink, this + patch adjusts the defaults provided within the curl MinGW makefile. + +- tool_metalink.c: Added support for Microsoft Windows CryptoAPI + + Since Metalink support requires a crypto library for hash functions + and Windows comes with the builtin CryptoAPI, this patch adds that + API as a fallback to the supported crypto libraries. + It is automatically used on Windows if no other library is provided. + +- libntlmconnect.c: Fixed typo and conversion + +- libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer + + Fixed tests/libtest/libntlmconnect.c:52: warning: call to + '_curl_easy_getinfo_err_long' declared with attribute warning: + curl_easy_getinfo expects a pointer to long for this info + +- sws.c: Fixed warning: 'err' may be used uninitialized in this function + +- libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer + + Windows does not use -1 to represent invalid sockets and the + SOCKET type is unsigned. + +- nss.c: Fixed warning: 'err' may be used uninitialized in this function + +- tool_metalink.c: Fixed error: 'O_BINARY' undeclared + + Check for O_BINARY which is not available on every system. + +- tool_metalink.c: Fixed validation of binary files containing EOF + + Since Windows/MinGW threat 0x1A as the EOF character, reading binary + files which contain that byte does not work using text mode. + The read function will only read until the first 0x1A byte. This + means that the hash is not computed from the whole file and the + final validation check using hash comparision fails. + +- winbuild: Added support for building with SPNEGO enabled + + Since Simple and Protected GSSAPI Negotiation Mechanism + is already implemented in curl and supported by the MinGW + builds, this change adds build support to winbuild makefiles. + +- winbuild: Adjusted order of options to generated config name + + Cleaned up order of handled build options by ordering them + nearly alphabetically by using the order of the generated + config name. Preparation for future/more build options. + +Daniel Stenberg (9 Sep 2012) +- [Anthony Bryan brought this change] + + MANUAL: clarified user+password in HTTP URLs + +- RELEASE-NOTES: synced with 6c6f1f64c2 + + 6 bug fixes to mention, 5 contributors + +- TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done + + -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin + + -324 - curl_multi_select() vs curl_multi_fdvec() etc + +Marc Hoersken (9 Sep 2012) +- curl_schannel.c: Reference count the credential/session handle + + Reference counting the credential handle should avoid that such a + handle is freed while it is still required for connection shutdown + +Daniel Stenberg (8 Sep 2012) +- [Nick Zitzmann brought this change] + + darwinssl: fixed for older Mac OS X versions + + SSL didn't work on older cats if built on a newer cat with weak-linking + turned on to support the older cat + +- [David Blaikie brought this change] + + tool_easysrc.c: Test pointers against NULL + + While validating a new Clang diagnostic (-Wnon-literal-null-conversion - + yes, the name isn't quite correct in this case, but it suffices) I found + a few violations of it in Curl. + +- SOCKS: truly disable it if CURL_DISABLE_PROXY is defined + + Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 + + Patch by: Marcel Raad + +- mk-ca-bundle: detect start of trust section better + + Each certificate section of the input certdata.txt file has a trust + section following it with details. + + This script failed to detect the start of the trust for at least one + cert[*], which made the script continue pass that section into the next + one where it found an 'untrusted' marker and as a result that certficate + was not included in the output. + + [*] = "Hellenic Academic and Research Institutions RootCA 2011" + + Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html + +- [Alessandro Ghedini brought this change] + + gnutls: do not fail on non-fatal handshake errors + + Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402 + +- FILEFORMAT: the FTP commands work for more protocols + +- test1411: verify SMTP without SIZE support + +- [František Kučera brought this change] + + SMTP: only send SIZE if supported + + SMTP client will send SIZE parameter in MAIL FROM command only if server + supports it. Without this patch server might say "504 Command parameter + not implemented" and reject the message. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3564114 + +- ftpserver: respond with a 250 to SMTP EHLO + + ... and specify that SIZE is supported. 250 is the "correct" response + code according to RFC 2821 + +- RELEASE-NOTES: synced with abb0da919300e + +Dan Fandrich (3 Sep 2012) +- Updated Symbian build files + + This is untested, but at least Symbian still has a chance of + still working now. + +- Updated build docs w.r.t. Android and binary sizes + +Daniel Stenberg (1 Sep 2012) +- symbols-in-versions: new CURL_WAIT_* symbols + +- [Sara Golemon brought this change] + + Unit test for curl_multi_wait() + +- [Sara Golemon brought this change] + + Manpage for curl_multi_wait(). + +- [Sara Golemon brought this change] + + multi: add curl_multi_wait() + + /* + * Name: curl_multi_wait() + * + * Desc: Poll on all fds within a CURLM set as well as any + * additional fds passed to the function. + * + * Returns: CURLMcode type, general multi error code. + */ + CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms); + +- [Nick Zitzmann brought this change] + + darwinssl: Bugfix for previous commit for older cats + + I accidentally broke functionality for versions of OS X prior to Mountain + Lion in the previous commit. This commit fixes the problems. + +- [Joe Mason brought this change] + + Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice + +- test2032: bail out after last transfer + + The test would hang and get aborted with a "ABORTING TEST, since it + seems that it would have run forever." until I prevented that from + happening. + + I also fixed the data file which got broken CRLF line endings when I + sucked down the path from Joe's repo == my fault. + + Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly + this. + +- [Joe Mason brought this change] + + NTLM: re-use existing connection better + + If we need an NTLM connection and one already exists, always choose that + one. + +- [Joe Mason brought this change] + + NTLM: verify multiple connections work + + Add test2032 to test that NTLM does not switch connections in the middle + of the handshake + +- curl.1: list the -w variables sorted alphabetically + +- libcurl-share.3: remove wrong info of what can be shared + + "Currently you can only share DNS and/or COOKIE data" is incorrect since + also SSL sessions can be shared. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3562261 + Reported by: Joe Mason + +- [Dave Reisner brought this change] + + examples: use do/while loop for multi examples + + It's conceivable that after the first time curl_multi_perform returns, + the outvalue still_running will be 0, but work will have been done. This + is shown by a workload of small, purely file:// based URLs. Ensure that + we always read pending messages off the multi handle by forcing the + while loop to run at least once. + +- curl.h: fix comment to refer to current names + + CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern + libcurl versions. + +- ftpsget: simple example showing a FTPS fetch + +- sftpget: SFTP is not "SSH FTP" + +- [Armel Asselin brought this change] + + sftpget: example showing a simple SFTP download + + ... using SSH-agent + +- curl_multi_perform.3: extended/clarified + +- INSTALL.cmake: clarify some flaws/limits in the cmake build + +- https.c example: spell check used define + + Bug: http://curl.haxx.se/bug/view.cgi?id=3559845 + Reported by: Olivier Berger + +- configure: update the copyright years for the output + +- [Nick Zitzmann brought this change] + + darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions + + In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number + of SecureTransport functions, some of which we were using. We now check + to see if the replacement functions are present, and if so, we use them + instead. The old functions are still present for users of older + cats. Also fixed a build warning that started to appear under Mountain + Lion + +- curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION + +- [Gokhan Sengun brought this change] + + ftp: active conn, place calling sockopt callback at the end of function + + Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket + +- [Gokhan Sengun brought this change] + + ftp: active conn, allow application to set sockopt after accept() call + + For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types. + +- configure: remove the --enable/disable-nonblocking options + + Removing this option as it currently only functions to lure people into + wrongly using it and falsely believing that libcurl will work fine + without using nonblocking sockets internally - which leads to hard to + track or understand errors. + +- [Ant Bryan brought this change] + + MANUAL review + +- curl.1: shorten lines, avoid referring to libcurl instead of curl + +- [Ant Bryan brought this change] + + curl.1: fix more consistent wording + + "If this option is used several times, the last one will be used." + uniformity + +- ssh: use the libssh2 agent API conditionally + + Commit e351972bc89aa4c brought in the ssh agent support but some uses of + the libssh2 agent API was done unconditionally which wasn't good enough + since that API hasn't always been present. + +- white space fix: shorten long line + + ... to please checksrc.pl + +Kamil Dudka (9 Aug 2012) +- docs: update the links to cipher-suites supported by NSS + + ... and make the list of cipher-suites in nss.c readable by humans. + + Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html + +- nss: do not print misleading NSS error codes + +Daniel Stenberg (8 Aug 2012) +- RELEASE-NOTES: synced with 0774386b23 + + 5 more bug fixes, one change, 6 contributors + +- [Armel Asselin brought this change] + + docs: mention CURLSSH_AUTH_AGENT + +- [Armel Asselin brought this change] + + SSH: added agent based authentication + + CURLSSH_AUTH_AGENT is a new auth type for SSH + +- bump version to 7.28.0 + + I am about to merge the first patch that adds changes into the pending + release, and thus we bump the minor number. + +- RELEASE-NOTES: added missing link + +- curl_version: fixed Value stored to 'len' is never read + + Fixed this (harmless) clang-analyzer warning. Also fixed the source + indentation level. + +- TODO-RELEASE: the (nil) bug is fixed + +- add_next_timeout: minor restructure of code + + By reading the ->head pointer and using that instead of the ->size + number to figure out if there's a list remaining we avoid the (false + positive) clang-analyzer warning that we might dereference of a null + pointer. + +- verbose messages: fixed output of hostnames in re-used connections + + I suspect this is a regression introduced in commit 207cf150, included + since 7.24.0. + + Avoid showing '(nil)' as hostname in verbose output by making sure the + hostname fixup function is called early enough to set the pointers that + are used for this. The name data is set again for each request even for + re-used connections to handle multiple hostnames over the same + connection (like with proxy) or that the casing etc of the host name is + changed between requests (which has proven to be important at least once + in the past). + + Test1011 was modified to use a redirect with a re-used a connection + since it then showed the bug and now lo longer does. There's currently + no easy way to have the test suite detect 'nil' texts in verbose ouputs + so no tests will detect if this problem gets reintroduced. + + Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html + Reported by: Gisle Vanem + +- [Nick Zitzmann brought this change] + + metalink: Un-broke the build when building --with-darwinssl + +Guenter Knauf (8 Aug 2012) +- Fix some compiler warnings. + +Daniel Stenberg (8 Aug 2012) +- TODO-RELEASE: two bugs fixed + + These are now addressed: + + 323 - patch - select.c / Curl_socket_check() interrupted + + 325 - Avoid leak of local device string when reusing connection + +- curl.1: minor format fix for --data-ascii + + ... and removal of trailing whitespace on a single line + +- [Ant Bryan brought this change] + + curl man page cleanup + +- [Mike Crowe brought this change] + + Avoid leak of local device string when reusing connection + + Ensure that the copy of the CURLOPT_INTERFACE string is freed if we + decide we can reuse an existing connection. + +- Curl_socket_check: fix timeout return value for select users + + This is the same fix applied for the conditional code that uses select() + that was already done for the poll specific code in commit + b61e8b81f5038. + +- [Maxime Larocque brought this change] + + Curl_socket_check: fix return code for timeout + + We found a problem with ftp transfer using libcurl (7.23 and 7.25) + inside an application which is receiving unix signals (SIGUSR1, + SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE + defined). + + Curl_socket_check() uses poll() to wait for the socket, and retries it + when a signal is received (EINTR). However, if a signal is received and + it also happens that the timeout has been reached, Curl_socket_check() + returns -1 instead of 0 (indicating an error instead of a timeout). + + In our case, the result is an aborted connection even before the ftp + banner is received from the server, and a return value of + CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(), + in pingpong.c, actually returns OOM if Curl_socket_check() fails :-) + Funny to debug on a system on which OOM is a possible cause). + + Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html + +- RELEASE-NOTES: synced with b4a558041fdf65c0 + +- TODO-RELEASE: fixed another bug + + bug #3544688 "crash during retry with libcurl and SFTP" + +- WSAPoll: disabled on all windows builds + + Due to WSAPoll bugs, libcurl does not work as intended. When the cURL + library is used to setup a connection to an incorrect port, normally the + result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll, + the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was + reached */. + + On August 1, Jan Koen Annot opened a case for this to Microsoft Premier + Online (https://premier.microsoft.com/). The support engineer handling + the case wrote that the case description is quite clear. He will try to + reproduce the issue and then proceed with troubleshooting it. + + Reported by: Jan Koen Annot + Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html + +- retry request: only access the HTTP data if in fact HTTP + + When figuring out if the data stream needs to be rewound when the + request is to be resent, we must not access the HTTP struct unless the + protocol used is indeed HTTP... + + Bug: http://curl.haxx.se/bug/view.cgi?id=3544688 + +- TODO: support DANE, we already support gnutls without gcrypt + +- curl-config: parentheses fix + + Braces, not parentheses, should be used for shell variable names. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3551460 + Reported by: Edward Sheldrake + +- VC build: add define for openssl + + This fixes a build failure of lib/ssluse.c. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3552997 + +- TODO-RELEASE: two bugs fixed! + +- globbing: fix segfault when >9 globs were used + + Stupid lack of range checks caused the code to overwrite local variables + after glob number nine. Added checks now. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3546353 + +- [Joe Mason brought this change] + + sws: close sockets properly + + Fix a bug where closed sockets (fd -1) were left in the all_sockets + list, because of missing parens in a pointer arithmetic expression + + Reenable the tests that were locking up due to this bug. + +- [Joe Mason brought this change] + + Remove debug logs that were accidentally checked in + +- [Joe Mason brought this change] + + Use select in sws, which has better cross-platform support than poll + +- [Joe Mason brought this change] + + Use cross-platform curlx_nonblock instead of fcntl in sws + +- operate: fix clang-analyzer warnings for never read variables + + Two separate "Value stored to 'XXX' is never read" warnings + +- operate: fix clang-analyzer warning + + Value stored to 'separator' is never read + +- metalink: change code order to build with gnutls-nettle + + Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 + Reported by: Anthony G. Basile + +- gtls: fix build failure by including nettle-specific headers + + Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 + Reported by: Anthony G. Basile + +Guenter Knauf (6 Aug 2012) +- Fixed compiler warning - argument is type long. + +Daniel Stenberg (6 Aug 2012) +- DISABLED: disable the new tests that do NTLM + + The tests 2025, 2028 and 2031 don't work for me so I'll have them + disabled for now until we solve the problem. + +Joe Mason (3 Aug 2012) +- Add tests of auth retries + +- Cleanup handshake after clean NTLM failure + +- Zero out auth structs before transfer + +- Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and + SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value + of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they + won't continue reading until after poll is called again. + +- Change return values of get_request, accept_connection and service_connection to add a return code + for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0 + means there is no data available now so need to wait for poll (new return value) + +- Hoist the loop out of get_request, and make sure that it can be reentered when a request is + half-finished. + + Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we + initialize it from the caller we must be careful not to overwrite the pipeline data. + + Also we now need to handle the case where the buffer is already full when get_request is called - + previously this never happened as it was always called with an empty buffer and looped until done. + + Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll + signals it is readable. + +- Move blocks of code from the sws main loop into their own functions for easier refactoring later. + The next step will be to call the correct function after a poll, rather than looping unconditionally + +- Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should + be redundant once we poll + +Kamil Dudka (30 Jul 2012) +- file: use fdopen() for uploaded files if available + + It eliminates noisy events when using inotify and fixes a TOCTOU issue. + + Bug: https://bugzilla.redhat.com/844385 + +Guenter Knauf (29 Jul 2012) +- Added DWANT_IDN_PROTOTYPES define for MSVC too. + + Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html + +- Added Win32 problems. + +- Added hint to read docs/INSTALL too. + +- Added new file to distro. + +Steve Holme (28 Jul 2012) +- TODO: Updated after 7.27.0 release + + Removed APOP and SASL authentication from the POP3 section and metalink + support from the client section as these features were implemented in + this release. + + Moved adding gssapi to SASL into it's own section rather than repeat it + for each protocol. + +Daniel Stenberg (28 Jul 2012) +- TODO-RELEASE: updated after 7.27.0 release + +- THANKS: 12 new contributors from the 7.27.0 release + +- version bump: start towards next release + + Let's call it 7.27.1 for now, but it it probably going to become 7.28.0 + when released. + +Version 7.27.0 (27 Jul 2012) + +Guenter Knauf (27 Jul 2012) +- Fixed compiler warning 'unused parameter'. + +- Added prototypes to kill compiler warning. + +- Added --with-winidn to configure. + + This needs another look from the configure experts. I tested that + it works so far with MinGW64 cross-compiler; libcurl builds and + links fine, but curl not yet ... + +Daniel Stenberg (27 Jul 2012) +- [Ant Bryan brought this change] + + Update man page info on --metalink and typo. + +- RELEASE-NOTES: remove mentioned of bug never in a release + + The --silent bug came with 7561a0fc834c435 which was never in a release. + Pointed out by Kamil Dudka + +- RELEASE-NOTES: synced with 33b815e894fb + + 4 more bugfixes, 3 more contributors + +Guenter Knauf (26 Jul 2012) +- Changed Windows IDN text to 'WinIDN'. + + Synced the output to the same short form as we now use for + Windows SSL (WinSSL). + +Daniel Stenberg (25 Jul 2012) +- [Nick Zitzmann brought this change] + + darwinssl: fixed freeze involving the multi interface + + Previously the curl_multi interface would freeze if darwinssl was + enabled and at least one of the handles tried to connect to a Web site + using HTTPS. Removed the "wouldblock" state darwinssl was using because + I figured out a solution for our "would block but in which direction?" + dilemma. + +Guenter Knauf (25 Jul 2012) +- Added support for tls-srp to MinGW builds. + +Daniel Stenberg (24 Jul 2012) +- curl_easy_setopt: fix typo + + Reported by: Santhana Todatry + +- keepalive: multiply value for OS-specific units + + DragonFly uses milliseconds, while our API and Linux use full seconds. + + Reported by: John Marino + Bug: http://curl.haxx.se/bug/view.cgi?id=3546257 + +Kamil Dudka (22 Jul 2012) +- http: print reason phrase from HTTP status line on error + + Bug: https://bugzilla.redhat.com/676596 + +- tool_operate: fix misplaced initialization of orig_noprogress + + ... and orig_isatty which caused --silent to be entirely ignored in case + the standard output was redirected to a file! + +Daniel Stenberg (21 Jul 2012) +- [Anton Yabchinskiy brought this change] + + Client's "qop" value should not be quoted (RFC2617, section 3.2.2). + +Guenter Knauf (21 Jul 2012) +- Fixed typo. + +Daniel Stenberg (20 Jul 2012) +- make: make distclean work again + + The clean-local hook needed some polish to make sure make distclean + works. Added comment describing why. + +- test Makefile: only feature 'unit' once in the list of dirs + +Dan Fandrich (20 Jul 2012) +- Fixed some typos in documentation + +Guenter Knauf (20 Jul 2012) +- Fixed CR issue with Win32 version on MSYS. + + Previous fix didnt work on Linux ... + +- Fixed CR issue with Win32 version on MSYS. + +- Fixed MSYS <-> Windows path convertion. + + Replaced the Windows real path from mount hack with a more + reliable and simpler hack: the MSYS shell has a builtin pwd + which understands a -W option which does convertion to Windows + paths. Tested and confirmed that this works on all MSYS versions + I have back to a 3 year old one. + +- Follow-up fix to detect SSL libs with MinGW. + + 1) the check for winssl needs to come before nss check + 2) the SSL checks must begin with a new if or else we will + never find any SSL lib with MinGW. + +- Tell git to not convert configure-related files. + +- Trial to teach runtests.pl about WinSSL. + +- Fixed warning 'uninitialized value in numeric gt'. + + This is a MSYS/MinGW-only warning; full warning text is: + Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227. + +Daniel Stenberg (15 Jul 2012) +- RELEASE-NOTES: synced with 9d11716933616 + + Fixed 6 bugs, added 3 contributors + +- multi_runsingle: added precaution against easy_conn NULL pointer + + In many states the easy_conn pointer is referenced and just assumed to + be working. This is an added extra check since analyzing indicates + there's a risk we can end up in these states with a NULL pointer there. + +- getparam: fix the GetStr() macro + + It should return PARAM_NO_MEM if the strdup fails. Spotted by + clang-analyzer + +Guenter Knauf (15 Jul 2012) +- Tell git to not convert configure-related files. + +Daniel Stenberg (13 Jul 2012) +- parse_proxy: remove dead assignment + + Spotted by clang-analyzer + +- ftp_do_more: add missing check of return code + + Spotted by clang-analyzer. The return code was never checked, just + stored. + +- getinfo: use va_end and cut off Curl_ from static funcs + + va_end() needs to be used after va_start() and we don't normally use + Curl_ prefixes for purely static functions. + +- [Philip Craig brought this change] + + Split up Curl_getinfo + + This avoids false positives from clang's scan-build. + +Guenter Knauf (12 Jul 2012) +- Added error checking for curl_global_init(). + +- Added curl_global_* functions. + +- Minor fixes to MinGW makefiles. + +Daniel Stenberg (12 Jul 2012) +- docs: mention CURL_GLOBAL_DEFAULT + +Guenter Knauf (12 Jul 2012) +- Added curl_global_* functions. + +Daniel Stenberg (12 Jul 2012) +- tests: verify the stricter numeric option parser + + Test 1409 and 1410 verifies the stricter numeric option parser + introduced the other day in commit f2b6ebed7b. + +- SWS: use of uninitialized memory fix + + I made "connmon" not get initialized properly before use, and I use the + big hammer and make sure we always clear the entire struct to avoid any + problem like this in the future. + +- test48: verify that HEAD doesn't close extra + + Two commits ago, we fixed a bug where the connction would be closed + prematurely after a HEAD. Now I added connection-monitor to test 48 and + added a second HEAD and make sure that both are sent over the same + connection. + + This triggered a failure before the bug fix and now works. Will help us + avoid a future regression of this kind. + +- connection-monitor: always log disconnect when enabled + + This makes verifying easier and makes us more sure curl closes the + connection only at the correct point in time. Adjusted test 206 and 1008 + accordingly and updated the docs for it. + +- HEAD: don't force-close after response-headers + + A HEAD response has no body length and gets the headers like the + corresponding GET would so it should not get closed after the response + based on the same rules. This mistake caused connections that did HEAD + to get closed too often without a valid reason. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3542731 + Reported by: Eelco Dolstra + +Guenter Knauf (12 Jul 2012) +- Removed trailing empty strings from awk script. + +- Cleaned up version awk script. + +- Added project copyright header. + +- Removed libcurl.imp from Makefile.am. + + Updated .gitignore for NetWare created files. + +- Added missing dependency to export list. + +- Fixed export list path. + +- Changed NetWare build to generate export list. + +- Added pointer to FAQ for linkage errors. + +- Small NetWare makefile tweak. + +- Changed MinGW makefiles to use WINSSL now. + +Daniel Stenberg (10 Jul 2012) +- test231: fix wrong -C use! + +- cmdline: parse numerical options stricter + + 1 - str2offset() no longer accepts negative numbers since offsets are by + nature positive. + + 2 - introduced str2unum() for the command line parser that accepts + numericals which are not supposed to be negative, so that it will + properly complain on apparent bad uses and mistakes. + + Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html + +- docs: switch to proper UTF-8 for text file encoding + +Yang Tse (9 Jul 2012) +- Make Curl_schannel_version() return "WinSSL" + + Modification based on voting result: + + http://curl.haxx.se/mail/lib-2012-07/0104.html + +Daniel Stenberg (9 Jul 2012) +- test 46: use different path lengths to get reliable sort order + + Since the order of the cookies is sorted by the length of the paths, + having them on the same path length will make the test depend on what + order the qsort() implementation will put them. As seen in the + windows/msys output posted by Guenter in this posting: + http://curl.haxx.se/mail/lib-2012-07/0105.html + +- cookie: fixed typo in comment + +- [Christian Hägele brought this change] + + https_getsock: provided for schannel backend as well + + The function https_getsock was only implemented properly when USE_SSLEAY + or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL. + + The problem occurs when Curl_read_plain or Curl_write_plain returns + CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an + the used socket is set to state CURL_POLL_REMOVE and the easy-state is + set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket + should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's + where https_getsock is called and doesn't return any sockets. + +- RELEASE-NOTES: added a URL reference to cookie docs + +Guenter Knauf (8 Jul 2012) +- Removed obsolete include path to project root. + +Daniel Stenberg (8 Jul 2012) +- TODO-RELEASE: issue 316 NTLM over proxy is fixed + +- [Nick Zitzmann brought this change] + + darwinssl: don't use arc4random_buf + + Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the + function is not available prior to iOS 4.3 and OS X 10.7. + +- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format + +- KNOWN_BUGS: #79 - any RCPT TO failure makes and error + +Marc Hoersken (8 Jul 2012) +- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help + +- winbuild: Make USE_WINSSL depend on USE_SSPI + + Since WinSSL cannot be build without SSPI being enabled, + USE_WINSSL now defaults to the value of USE_SSPI. + + The makefile does now raise an error if WinSSL is enabled + while SSPI is disabled. + +- winbuild: Aligned USE_SSPI with other USE_x defines + + Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no. + Backwards compatible change: USE_SSPI can still be passed as external + parameter with yes/no value as long as ENABLE_SSPI is not given. + + USE_x defines are passed around with true/false values internally, + USE_SSPI is now aligned to this approach, but still accepts external + values yes/no being passed, just like the other defines. + +- winbuild: Clean up formatting and variable naming + + - Changed space usage to line up with the whole file + - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be + consistent with the other CFLAGS_x variables + - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS) + instead of appending directly to CFLAGS + +Daniel Stenberg (7 Jul 2012) +- [Nick Zitzmann brought this change] + + darwinssl: output cipher with text, remove SNI warning + + The code was printing a warning when SNI was set up successfully. Oops. + + Printing the cipher number in verbose mode was something only TLS/SSL + programmers might understand, so I had it print the name of the cipher, + just like in the OpenSSL code. That'll be at least a little bit easier + to understand. The SecureTransport API doesn't have a method of getting + a string from a cipher like OpenSSL does, so I had to generate the + strings manually. + +- RELEASE-NOTES: synced with 5a99bce07d + +- KNOWN_BUGS: NTLM with unicode works with schannel/winssl! + + Bug #75 updated with additional info, still remains for builds with + other backends. + +- code police: narrow source to < 80 columns + +Yang Tse (5 Jul 2012) +- unicode NTLM SSPI: cleanup follow-up + +- unicode NTLM SSPI: cleanup + + Reduce the number of #ifdef UNICODE directives used in source files. + +Daniel Stenberg (5 Jul 2012) +- tests: use connection-monitor and verify results + + Test 1008 and 206 don't show the disconnect since it happens when SWS + awaits a new request, but 503 does and so the verify section needs that + string added. + +- http-proxy: keep CONNECT connections alive (for NTLM) + + When doing CONNECT requests, libcurl must make sure the connection is + alive as much as possible. NTLM requires it and it is generally good for + other cases as well. + + NTLM over CONNECT requests has been broken since this regression I + introduced in my CONNECT cleanup commits that started with 41b02378342, + included since 7.25.0. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 + Reported by: Marcel Raad + +- sws: support for CONNECT requests + + I moved out the servercmd parsing into a its own function called + parse_servercmd() and made sure it gets used also when the test number + is extracted from CONNECT requests. It turned out sws didn't do that + previously! + +- FILEFORMAT: provided a full description of connection-monitor + +- lib503: enable verbose to ease debugging this + +- sws: add 'connection-monitor' command support + + Using this, the server will output in the protocol log when the + connection gets disconnected and thus we will verify correctly in the + test cases that the connection doesn't get closed prematurely. This is + important for example NTLM to work. + + Documentation added to FILEFORMAT, test 503 updated to use this. + +Guenter Knauf (4 Jul 2012) +- Removed non-used variable. + +- Added error checking for samples. + +- Renamed vars to avoid shadow global declaration. + +Daniel Stenberg (3 Jul 2012) +- docs: clarify how to start with curl_multi_socket_action + + Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical + application. + +Guenter Knauf (3 Jul 2012) +- Moved some patterns to subfolder's .gitignore. + +- Merge branch 'master' of ssh://github.com/bagder/curl + +- MinGW makefile tweaks for running from sh. + + Added function macros to make path converting easier. + Added CROSSPREFIX to all compile tools. + +Yang Tse (3 Jul 2012) +- [Marc Hoersken brought this change] + + curl_ntlm_msgs.c: Removed unused variable passwd + +Guenter Knauf (3 Jul 2012) +- Added files generated by mingw32, eclipse and VC. + + Posted by Marc Hoersken. + +Daniel Stenberg (3 Jul 2012) +- cookies: change the URL in the cookie jar file header + +- HTTP-COOKIES: clarified and modified layout + +- HTTP-COOKIES: use the FAQ document layout + +- HTTP-COOKIES: added cookie documentation + +Yang Tse (3 Jul 2012) +- curl_ntlm_msgs.c: include for prototypes + +- [Neil Bowers brought this change] + + testcurl.pl: fix missing semicolon + +Daniel Stenberg (2 Jul 2012) +- [Christian Hägele brought this change] + + unicode NTLM SSPI: heap corruption fixed + + When compiling libcurl with UNICODE defined and using unicode characters + in username. + +Yang Tse (2 Jul 2012) +- testcurl.pl: allow non in-tree c-ares enabled autobuild + +- configure.ac: verify that libmetalink is new enough + + Enabling test2017 to test2022. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Added runtime version check for libmetalink + +- [Tatsuhiro Tsujikawa brought this change] + + Include metalink/metalink.h for libmetalink functions + +Daniel Stenberg (2 Jul 2012) +- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore + +- release: cleaned up plans for this and coming release + +Yang Tse (29 Jun 2012) +- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang + + Currently it is unknown if there is any version of clang that + actually supports -Wstrict-aliasing. What is known is that there + are several that don't support it. + +- test2017 to test2022: more metalink tests + + With this commit, checks done in previous test2017 are now done in test2018. + + Whole range test2017 to test2022 DISABLED until configure is capable of + requiring a new-enough metalink library. + + Don't try these without mentioned check in place! + +- test2005 to test2016: improve failure detection + +- lib582.c: fix conversion warning + +- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes + +- [Marc Hoersken brought this change] + + nss.c: Fixed size_t conversion warnings + +- sslgen.c: cleanup temporary compile-time SSL-backend check + +Daniel Stenberg (28 Jun 2012) +- schannel: provide two additional (dummy) API defines + +Yang Tse (28 Jun 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: message updates + + Print "parsing (...) OK" only when no warnings are generated. If + no file is found in Metalink, treat it FAILED. + + If no digest is provided, print WARNING in parse_metalink(). + Also print validating FAILED after download. + + These changes make tests 2012 to 2016 pass. + +Daniel Stenberg (27 Jun 2012) +- sslgen: avoid compiler error in SSPI builds + +Yang Tse (27 Jun 2012) +- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t' + + Reported by Tatsuhiro Tsujikawa + + http://curl.haxx.se/mail/lib-2012-06/0371.html + +- sslgen.c: add compile-time check for SSL-backend completeness + +- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c + +- build: add curl_schannel and curl_darwinssl files to other build systems + +- tests: add five more Metalink test cases + +- tests: update Metalink message format + +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: updated message format + +- [Nick Zitzmann brought this change] + + DarwinSSL: allow using NTLM authentication + + Allow NTLM authentication when building using SecureTransport (Darwin) for SSL. + + This uses CommonCrypto, a cryptography library that ships with all versions of + iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few + less-common cyphers and doesn't have a big number data structure. + +- curl_darwinssl.h: add newline at end of file + +Daniel Stenberg (26 Jun 2012) +- ossl_seed: remove leftover RAND_screen check + + Before commit 2dded8fedba (dec 2010) there was logic that used + RAND_screen() at times and now I remove the leftover #ifdef check for + it. + + The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious + to keep since it hardly increases randomness but I fear I'll break + something if I remove it now... + +Yang Tse (26 Jun 2012) +- [Nick Zitzmann brought this change] + + DarwinSSL: several adjustments + + - Renamed st_ function prefix to darwinssl_ + - Renamed Curl_st_ function prefix to Curl_darwinssl_ + - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h + - Fixed a teensy little bug that made non-blocking connection attempts block + - Made it so that it builds cleanly against the iOS 5.1 SDK + +- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds + +- [Marc Hoersken brought this change] + + sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing + + Fixed warning: dereferencing pointer does break strict-aliasing rules + by using a union inside the struct Curl_sockaddr_storage declaration. + +Daniel Stenberg (26 Jun 2012) +- SSL cleanup: use crypto functions through the sslgen layer + + curl_ntlm_msgs.c would previously use an #ifdef maze and direct + SSL-library calls instead of using the SSL layer we have for this + purpose. + +- [Nick Zitzmann brought this change] + + darwinssl: add support for native Mac OS X/iOS SSL + +- RELEASE-NOTES: link to more metalink info + +- RELEASE-NOTES: synced with d025af9bb576 + +Yang Tse (25 Jun 2012) +- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() + +- [Marc Hoersken brought this change] + + curl_schannel.c: Replace free() with Curl_safefree() + +- [Tatsuhiro Tsujikawa brought this change] + + curl.1: Updated Metalink description in man page + + Documented that --include will be ignored if both --metalink + and --include are specified. + Also documented that a Metalink file in the local file system + cannot be used if FILE protocol is disabled. + +Steve Holme (24 Jun 2012) +- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol + + Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html + Reported by: Nagai H + +- smtp: Corrected result code for MAIL, RCPT and DATA commands + + Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html + Reported by: Dan + +Daniel Stenberg (24 Jun 2012) +- [Ghennadi Procopciuc brought this change] + + test: Added test HTTP receive cookies over IPv6 + +Yang Tse (22 Jun 2012) +- tests: add another Metalink test case + +- [Tatsuhiro Tsujikawa brought this change] + + tests: Enable test2010 and fixed hash value + +- [Tatsuhiro Tsujikawa brought this change] + + Metalink: ignore --include if --metalink is used. + + Including headers in response body will break Metalink XML parser. + If it is included in the file described in Metalink XML, hash check + will fail. Therefore, --include should be ignored if --metalink is + used. + +- tests: add six Metalink test cases + +- test 2005: add verification of hash checking outcome + +- getpart.pm: remove misleading comment + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Prefixed all Metalink related messages with "Metalink: " + +- [Tatsuhiro Tsujikawa brought this change] + + tests: Added Metalink test case # 2005 + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Restore noprogress and isatty config values. + + The noprogress and isatty in Configurable are global, in a sense + that they persist in one curl invocation. Currently once one + download writes its response data to tty, they are set to FALSE + and they are not restored on successive downloads. This change + first backups the current noprogress and isatty, and restores + them when download does not write its data to tty. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Made --metalink option toggle Metalink functionality + + In this change, --metalink option no longer takes argument. If + it is specified, given URIs are processed as Metalink XML file. + If given URIs are remote (e.g., http URI), curl downloads it + first. Regardless URI is local file (e.g., file URI scheme) or + remote, Metalink XML file is not written to local file system and + the received data is fed into Metalink XML parser directly. This + means with --metalink option, filename related options like -O + and -o are ignored. + + Usage examples: + + $ curl --metalink http://example.org/foo.metalink + + This will download foo.metalink and parse it and then download + the URI described there. + + $ curl --metalink file://foo.metalink + + This will parse local file foo.metalink and then download the URI + described there. + +- [Tatsuhiro Tsujikawa brought this change] + + curl: Refactored metalink_checksum + + When creating metalink_checksum from metalink_checksum_t, first + check hex digest is valid for the given hash function. We do + this check in the order of digest_aliases so that first good + match will be chosen (strongest hash function available). As a + result, the metalinkfile now only contains at most one + metalink_checksum because other entries are just redundant. + +- [Gisle Vanem brought this change] + + tool_doswin.c: fix djgpp function _use_lfn() used without a prototype + + http://curl.haxx.se/mail/archive-2012-06/0028.html + +- build: fix RESOURCE bug in lib/Makefile.vc* + + Removed two, not intended to exist, RESOURCE declarations. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3535977 + + And sorted configuration hunks to reflect same internal order + as the one shown in the usage message. + +Daniel Stenberg (20 Jun 2012) +- [Marc Hoersken brought this change] + + schannel: Implement new buffer size strategy + + Increase decrypted and encrypted cache buffers using limitted + doubling strategy. More information on the mailinglist: + http://curl.haxx.se/mail/lib-2012-06/0255.html + + It updates the two remaining reallocations that have already been there + and fixes the other one to use the same "do we need to increase the + buffer"-condition as the other two. CURL_SCHANNEL_BUFFER_STEP_SIZE was + renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it + is now. Since we don't know how much more data we are going to read + during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the + minimum free space required in the buffer for the next operation. + CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since + we don't have a step size now, the define was renamed. + +Yang Tse (20 Jun 2012) +- schannel SSL: fix compiler warning + +- [Mark Salisbury brought this change] + + schannel SSL: fix for renegotiate problem + + In schannel_connect_step2() doread should be initialized based + on connssl->connecting_state. + +- [Tatsuhiro Tsujikawa brought this change] + + runtests.pl: make it support metalink feature + +- getpart.pm: make test definition section/part parser more robust + + Test definition section parts which needed to include xml-lingo as contents + of that part required that the xml-blurb was written as a single line. Now the + xml-data inside the part can be written multiline making it more readable. + + Tested with part which is written to disk before runs. + +Daniel Stenberg (20 Jun 2012) +- schannel_connect_step2: checksrc whitespace fix + +Yang Tse (20 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: changes in schannel_connect_step2 + + Process extra data buffer before returning from schannel_connect_step2. + Without this change I've seen WinCE hang when schannel_connect_step2 + returns and calls Curl_socket_ready. + + If the encrypted handshake does not fit in the intial buffer (seen with + large certificate chain), increasing the encrypted data buffer is necessary. + + Fixed warning in curl_schannel.c line 1215. + +- [Mark Salisbury brought this change] + + config-win32ce.h: WinCE config adjustment + + process.h is not present on WinCE + +- [Mark Salisbury brought this change] + + schannel SSL: Made send method handle unexpected cases better + + Implemented timeout loop in schannel_send while sending data. This + is as close as I think we can get to write buffering; I put a big + comment in to explain my thinking. + + With some committer adjustments + +Daniel Stenberg (19 Jun 2012) +- [Marc Hoersken brought this change] + + curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size + +Yang Tse (19 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: Use standard Curl read/write methods + + Replaced calls to swrite with Curl_write_plain and calls to sread + with Curl_read_plain. + + With some committer adjustments + +- schannel SSL: make wording of some trace messages better reflect reality + +Daniel Stenberg (19 Jun 2012) +- [Marc Hoersken brought this change] + + curl_schannel.h: Use BUFSIZE as the initial buffer size if available + + Make the Schannel implementation use libcurl's default buffer size + for the initial received encrypted and decrypted data cache buffers. + The implementation still needs to handle more data since more data + might have already been received or decrypted during the handshake + or a read operation which needs to be cached for the next read. + +Guenter Knauf (19 Jun 2012) +- Fixed NetWare makefile broken from last commit. + +Yang Tse (19 Jun 2012) +- [Mark Salisbury brought this change] + + schannel SSL: Implemented SSL shutdown + + curl_schannel.c - implemented graceful SSL shutdown. If we fail to + shutdown the connection gracefully, I've seen schannel try to use a + session ID for future connects and the server aborts the connection + during the handshake. + +- [Mark Salisbury brought this change] + + schannel SSL: certificate validation on WinCE + + curl_schannel.c - auto certificate validation doesn't seem to work + right on CE. I added a method to perform the certificate validation + which uses CertGetCertificateChain and manually handles the result. + +- [Mark Salisbury brought this change] + + schannel SSL: Added helper methods to simplify code + + Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it + easier to set up SecBuffer & SecBufferDesc structs. + +Guenter Knauf (18 Jun 2012) +- Some more NetWare makefile tweaks for metalink. + +Yang Tse (18 Jun 2012) +- tool_cb_see.c: WinCE build adjustment + +- [Mark Salisbury brought this change] + + setup.h: WinCE build adjustment + +- [Mark Salisbury brought this change] + + ftplistparser.c: do not compile if FTP protocol is not enabled + +- Win32: downplay MS bazillion type synonyms game + + Avoid usage of some MS type synonyms to allow compilation with + compiler headers that don't define these, using simpler synonyms. + +Daniel Stenberg (15 Jun 2012) +- Curl_rtsp_parseheader: avoid useless malloc/free + + Coverity actually pointed out flawed logic in the previous call to + Curl_strntoupper() where the code used sizeof() of a pointer to pass in + a size argument. That code still worked since it only needed to + uppercase 4 letters. Still, the entire malloc/uppercase/free sequence + was pointless since the code has already matched the string once in the + condition that starts the block of code. + +- curl_share_setopt: use va_end() + + As spotted by Coverity, va_end() was not used previously. To make it + used I took away a bunch of return statements and made them into + assignments instead. + +Yang Tse (15 Jun 2012) +- SSPI related code: Unicode support for WinCE - kill compiler warnings + +- [Mark Salisbury brought this change] + + SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up + +- build: add curl_multibyte files to build systems + +- [Mark Salisbury brought this change] + + SSPI related code: Unicode support for WinCE + + SSPI related code now compiles with ANSI and WCHAR versions of security + methods (WinCE requires WCHAR versions of methods). + + Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file. + + curl_sasl.c - include curl_memory.h to use correct memory functions. + + getenv.c and telnet.c - WinCE compatibility fix + + With some committer adjustments + +Guenter Knauf (15 Jun 2012) +- Fixed typo. + +Yang Tse (14 Jun 2012) +- winbuild/MakefileBuild.vc: convert line endings to DOS style + + As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html + +- [Marc Hoersken brought this change] + + winbuild: Allow SSPI build with or without Schannel + + The changes introduced in commit 2bfa57bc32 are not enough + to make it actually possible to use the USE_WINSSL option. + Makefile.vc was not updated and the configuration name which is + used in the build path did not match between both build files. + + This patch fixes those issues and introduces the following changes: + + - Replaced the -schannel name with -winssl in order to be consistent + with the other options + - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes) + - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if + USE_SSL is false and USE_WINSSL was not specified as a parameter + - Separated WINSSL handling from SSPI handling to be consistent with + the other options and their corresponding code path + +- curl.1: 7.27.0 seems next release + +- schannel: fix printf-style format strings + +- Fix bad failf() and info() usage + + Calls to failf() are not supposed to provide trailing newline. + Calls to infof() must provide trailing newline. + + Fixed 30 or so strings. + +- schannel: fix unused parameter warnings + +- schannel: fix comparisons between signed and unsigned + +- schannel: fix discarding qualifier from pointer type + +- schannel: fix shadowing of global declarations + +- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations + +- [Gisle Vanem brought this change] + + urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h + + Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and + OCSP_RESPONSE are enum values in CyaSSL and defines in included + via in ldap.c. + + http://curl.haxx.se/mail/lib-2012-06/0196.html + +- MakefileBuild.vc: Allow building without SSL + + In order to use Windows native SSL support define 'USE_WINSSL' + +- configure: new option --with-winssl + + This option may be used to build curl/libcurl using SSL/TLS support provided + by MS windows system libraries. Option is mutually exclusive with any other + SSL library. Default value is --without-winssl. + + --with-winssl option implies --with-sspi option. + + Option meaningful only for Windows builds. + +Guenter Knauf (13 Jun 2012) +- Changed Schannel string to SSL-Windows-native. + + This is more descriptive for the user who might + not even know what schannnel is at all. + +Yang Tse (13 Jun 2012) +- schannel: remove version number and identify its use with 'schannel' literal + + Version number is removed in order to make this info consistent with + how we do it with other MS and Linux system libraries for which we don't + provide this info. + + Identifier changed from 'WinSSPI' to 'schannel' given that this is the + actual provider of the SSL/TLS support. libcurl can still be built with + SSPI and without SCHANNEL support. + +Daniel Stenberg (12 Jun 2012) +- singlesocket: remove dead code + + No need to check if 'entry' is non-NULL in a spot where it is already checked + and guaranteed to be non-NULL. + + (Spotted by a Coverity scan) + +- netrc: remove dead code + + Remove two states from the enum and the corresponding code for them as + these states were never reached or used. + + (Spotted by a Coverity scan) + +Yang Tse (12 Jun 2012) +- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing" + + This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e. + + It didn't server its purpose, so lets go back to long-time working code. + +- socks_sspi.c: further cleanup + +- [Marc Hoersken brought this change] + + socks_sspi.c: Clean up and removal of obsolete minor status + + Removed obsolete minor status variable and parameter of status function + which was never used or set at all. Also Curl_sspi_strerror does support + only one status and there is no need for a second sub status. + +Guenter Knauf (12 Jun 2012) +- Removed trailing whitespaces. + +Yang Tse (12 Jun 2012) +- strerror.c: make Curl_sspi_strerror() always return code for errors + +- curl_sspi.h: provide sspi status definitions missing in old headers + +- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function + +- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function + +Daniel Stenberg (11 Jun 2012) +- Revert: 634f7cfee40d4658 partially + + Make sure CURL_VERSION_SSPI is present and works as in previous releases + for ABI and API compatibility reasons. + +- checksrc: shorten a few lines to comply + +- cleanup: remove trailing whitespace + +- [Marc Hoersken brought this change] + + winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI + + Removed specific WITH_SSL=schannel paramter that did not fit the general + schema and complicated the parameters. For now Schannel will be enabled + if SSPI is enabled and OpenSSL is disabled. + +- [Steve Holme brought this change] + + Makefile.vc6: Added version.lib if built with SSPI + +- [Marc Hoersken brought this change] + + winbuild: Updated winbuild scripts to add schannel + +- [Marc Hoersken brought this change] + + mingw32: Fixed warning of USE_SSL being redefined + +- [Marc Hoersken brought this change] + + sspi: Fixed incompatible parameter pointer type in Curl_sspi_version + +- [Marc Hoersken brought this change] + + sspi: Updated RELEASE-NOTES, FEATURES and THANKS + +- [Marc Hoersken brought this change] + + setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined + +- [Marc Hoersken brought this change] + + version: Replaced SSPI feature information with version string details + + Added Windows SSPI version information to the curl version string when + SCHANNEL SSL is not enabled, as the version of the library should also + be included when SSPI is used to generate security contexts. + + Removed SSPI from the feature list as the features are GSS-Negotiate, + NTLM and SSL depending on the usage of the SSPI library. + +- [Steve Holme brought this change] + + sspi.c: Post Curl_sspi_version() rework code tidy up + + Removed duplicate blank lines. + Removed spaces between the not and test in various if statements. + Removed explicit test of NULL in an if statement. + Placed function returns on same line as function declarations. + Replaced the use of curl_maprintf() with aprintf() as it is the + preprocessor job to do this substitution if ENABLE_CURLX_PRINTF + is set. + +- [Steve Holme brought this change] + + sspi: Reworked Curl_sspi_version() to return version components + + Reworked the version function to return four version components rather + than a string that has to be freed by the caller. + +- [Guenter Knauf brought this change] + + configure.ac: Added -lversion if built with SSPI + +- [Marc Hoersken brought this change] + + schannel: Code cleanup and bug fixes + + curl_sspi.c: Fixed mingw32-gcc compiler warnings + curl_sspi.c: Fixed length of error code hex output + + The hex value was printed as signed 64-bit value on 64-bit systems: + SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322) + + It is now correctly printed as the following: + SEC_E_WRONG_PRINCIPAL (0x80090322) + + curl_sspi.c: Fallback to security function table version number + Instead of reporting an unknown version, the interface version is used. + + curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version + curl_schannel: Replaced static buffer sizes with defined names + curl_schannel.c: First brace when declaring functions on column 0 + curl_schannel.c: Put the pointer sign directly at variable name + curl_schannel.c: Use structs directly instead of typedef'ed structs + curl_schannel.c: Removed space before opening brace + curl_schannel.c: Fixed lines being longer than 80 chars + +- [Marc Hoersken brought this change] + + curl_sspi: Added Curl_sspi_version function + + Added new function to get SSPI version as string. + Added required library version.lib to makefiles. + Changed curl_schannel.c to use Curl_sspi_version. + +- [Guenter Knauf brought this change] + + schannel: Updated mingw32 makefiles + +- [Marc Hoersken brought this change] + + schannel: Replace ASCII specific code with general defines + +- [Marc Hoersken brought this change] + + schannel: Added definitions which are missing in mingw32 + +- [Marc Hoersken brought this change] + + schannel: Moved interal struct types to urldata.h + + Moved type definitions in order to avoid inclusion loop + +- [Marc Hoersken brought this change] + + schannel: Fixed compiler warnings about pointer type assignments + +- [Marc Hoersken brought this change] + + schannel: Fixed critical typo in conditions and added buffer length checks + +- [Marc Hoersken brought this change] + + sspi: Refactored socks_sspi and schannel to use same error message functions + + Moved the error constant switch to curl_sspi.c and added two new helper + functions to curl_sspi.[ch] which either return the constant or a fully + translated message representing the SSPI security status. + Updated socks_sspi.c and curl_schannel.c to use the new functions. + +- [Marc Hoersken brought this change] + + schannel: Added special shutdown check for Windows 2000 Professional + + Windows 2000 Professional: Schannel returns SEC_E_OK instead + of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer + is zero and the first byte of the encrypted packet is 0x15, + the application can safely assume that the message was a + close_notify message and change the return value to + SEC_I_CONTEXT_EXPIRED. + + Connection shutdown does not mean that there is no data to read + Correctly handle incomplete message and ask curl to re-read + Fixed buffer for decrypted being to small + Re-structured read condition to be more effective + Removed obsolete verbose messages + Changed memory reduction method to keep a minimum buffer of size 4096 + +- [Marc Hoersken brought this change] + + schannel: Implemented SSL/TLS renegotiation + + Updated TODO information and added related MSDN articles + +- [Marc Hoersken brought this change] + + schannel: Save session credential handles in session cache + +- [Marc Hoersken brought this change] + + schannel: Code cleanup + +- [Marc Hoersken brought this change] + + schannel: Check for required context attributes + +- [Marc Hoersken brought this change] + + schannel: Allow certificate and revocation checks being deactivated + +- [Marc Hoersken brought this change] + + schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI + +- [Marc Hoersken brought this change] + + http: Replaced specific SSL libraries list in https_getsock fallback + +- [Marc Hoersken brought this change] + + connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing + + Fixed warning: dereferencing pointer does break strict-aliasing rules + by using a union instead of separate pointer variables. + Internal union sockaddr_u could probably be moved to generic header. + Thanks to Paul Howarth for the hint about using unions for this. + + Important for winbuild: Separate declaration of sockaddr_u pointer. + The pointer variable *sock cannot be declared and initialized right + after the union declaration. Therefore it has to be a separate statement. + +- [Marc Hoersken brought this change] + + curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated + +Yang Tse (11 Jun 2012) +- tests: fix test definitions # 1355, 1363, 1385 and 1393 + + -i without HTTP protocol shall not include headers in the output + +Daniel Stenberg (10 Jun 2012) +- Curl_pgrsDone: return int and acknowledge return code + + Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an + abort instruction or similar we need to return that info back and + subsequently properly handle return codes from Curl_pgrsDone() where + used. + + (Spotted by a Coverity scan) + +Steve Holme (10 Jun 2012) +- [Marc Hoersken brought this change] + + winbuild: Fixed environment variables being lost + + Fixed USE_IPV6 and USE_IDN not being passed + from Makefile.vc to MakefileBuild.vc + Fixed whitespace and formatting issues + Fixed typo and format in help message + +Guenter Knauf (9 Jun 2012) +- Added metalink support to NetWare builds. + +Steve Holme (9 Jun 2012) +- smtp.c: Removed unused variable + +- smtp: Post apop feature code tidy up + +- pop3: Post apop feature code tidy up + +- pop3: Added support for apop authentication + +- pop3: Enhanced the extended authentication mechanism detection + + Enhanced the authentication type / mechanism detection in preparation + for the introduction of APOP support. + +- pop3.c: Fixed length of SASL check + +Yang Tse (9 Jun 2012) +- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed + +- tests: fix test definitions # 1370 and 1371 + + -J without -O shall not honor C-D filename + +Daniel Stenberg (9 Jun 2012) +- OpenSSL: support longer certificate subject names + + Previously it would use a 256 byte buffer and thus cut off very long + subject names. The limit is now upped to the receive buffer size, 16K. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3533045 + Reported by: Anthony G. Basile + +Kamil Dudka (8 Jun 2012) +- ssl: fix duplicated SSL handshake with multi interface and proxy + + Bug: https://bugzilla.redhat.com/788526 + Reported by: Enrico Scholz + +Daniel Stenberg (8 Jun 2012) +- tool_getparam.h: fix compiler error + + forward declare the Configurable struct + +- metalink: restore some includes + + Commit eeeba1496cbca removed them and thus broke my Linux build + +- openldap: OOM fixes + + when calloc fails, return error! (Detected by Fortify) + + Reported by: Robert B. Harris + +Steve Holme (8 Jun 2012) +- sasl: Re-factored mechanism constants in preparation for APOP work + +Yang Tse (8 Jun 2012) +- metalink: build fixes and adjustments II + + Additionally, make hash checking ability mandatory in order to allow metalink + support in curl. + + A command line option could be introduced to skip hash checking at runtime, + but the ability to check hashes should always be built-in when providing + metalink support. + +Guenter Knauf (8 Jun 2012) +- Added metalink support to MinGW builds. + +Daniel Stenberg (7 Jun 2012) +- log2changes.pl: fix the Version output + + Previously it could easily wrongly get repeated + +Yang Tse (7 Jun 2012) +- metalink: build fixes and adjustments I + +Daniel Stenberg (7 Jun 2012) +- lib554.c: use curl_formadd() properly + + The length/size options take longs so make sure to pass on such types. + + Reported by: Neil Bowers + Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html + +Steve Holme (7 Jun 2012) +- smtp.c: Re-factored the smtp_state_*_resp() functions + + Re-factored the smtp_state_*_resp() functions to 1) Match the constants + that were refactored in commit 00fddba6727c, 2) To be more readable and + 3) To match their counterparties in pop3.c. + +Yang Tse (7 Jun 2012) +- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed + +- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP + +- tests 1348 to 1363: test definition polishing + + Verify that the "Saved to filename 'blabla'" message is only displayed when + the 'blabla' filename being used _actually_ has been specified by the server + in the Content-Disposition header. + + Use relative path for unintended file creation postcheck. + +Steve Holme (6 Jun 2012) +- smtp: Re-factored the SMTP_AUTH* state machine constants + + Re-factored the SMTP_AUTH* constants, that are used by the state + machine, to be clearer to read. + +Guenter Knauf (6 Jun 2012) +- Added hint for pkg-config wrapper script. + +- Updated Android section with recent NDK. + + The r7b had some bugs, and shouldnt be used. + +Yang Tse (6 Jun 2012) +- Disable non-HTTP header related tests + + These now detect incompleate header data and fail + +- tests 1348 to 1363: compleate header data part of test definition + +- tests 1334 to 1363 revisited. + + Add a postcheck section to verify unintended file creation. + + Remove needless checks in verify section. Renumbering where appropriate. + +- tests: adjust file part behavior in test verify section. + + When a part is now specified with no contents at all, this + will actually verify that the specified file has no contents at all. + Previously file contents would be ignored. + +Steve Holme (5 Jun 2012) +- smtp.c: Removed whitespace + +- pop3: Another small code tidy up + + Missed some comments that we identified during the SMTP tidy up earlier. + +- smtp: Post authentication code tidy up + + Corrected lines longer than 78 characters. + + Removed unnecessary braces in smtp_state_helo_resp(). + + Introduced some comments in data sending functions. + + Tidied up comments to match changes made in pop3.c. + +Yang Tse (5 Jun 2012) +- tests 1348 to 1363: add a comma in test description + +Steve Holme (5 Jun 2012) +- email: Removed duplicated header file + +- sasl: Renamed Curl_sasl_decode_ntlm_type2_message() + + For consistency with other SASL based functions renamed this function + to Curl_sasl_create_ntlm_type3_message() which better describes its + usage. + +- pop3: Post authentication code tidy up + + Corrected lines longer than 78 characters. + + Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the + AUTH command is no longer sent on its own. + + Introduced some comments in data sending functions. + + Another attempt at trying to rational code and comment style. + +- pop3: Added support for sasl digest-md5 authentication + +Yang Tse (4 Jun 2012) +- sasl: add reference for curl_sasl + +- Makefile.inc: tab adjustment + +Daniel Stenberg (4 Jun 2012) +- pop3 tests: CAPA instead of AUTH + + After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check + for CAPA instead of AUTH. + +Steve Holme (4 Jun 2012) +- sasl: Added service parameter to Curl_sasl_create_digest_md5_message() + + Added a service type parameter to Curl_sasl_create_digest_md5_message() + to allow the function to be used by different services rather than being + hard coded to "smtp". + +Yang Tse (4 Jun 2012) +- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol + + Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN. + + Currently 1363 fails, so disabled for now. + +Steve Holme (4 Jun 2012) +- tests: Updated pop3 tests for change in auth mechanism detection + +- pop3: Changed the sasl mechanism detection from auth to capa + + Not all SASL enabled POP3 servers support the AUTH command on its own + when trying to detect the supported mechanisms. As such changed the + mechanism detection to use the CAPA command instead. + +Daniel Stenberg (4 Jun 2012) +- curl_easy_setopt.3: proto updates + cleanups + + - For all *FUNCTION options, they now all show the complete prototype in + the description. Previously some of them would just refer to a + typedef'ed function pointer in the curl.h header. + + - I made the phrasing of that "Pass a pointer to a function that matches + the following prototype" the same for all *FUNCTION option descriptions. + + - I removed some uses of 'should'. I think I sometimes over-use this + word as in many places I actually mean MUST or otherwise more specific + and not-so-optional synonyms. + +Yang Tse (4 Jun 2012) +- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol + + Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN. + + Currently 1355 fails, so disabled for now. + +- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol + +Steve Holme (4 Jun 2012) +- sasl: Small code tidy up + + Reworked variable names in Curl_sasl_create_cram_md5_message() to match + those in Curl_sasl_create_digest_md5_message() as they are more + appropriate. + +- sasl: Moved digest-md5 authentication message creation from smtp.c + + Moved the digest-md5 message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- sasl: Small code tidy up before moving digest-md5 over + + Correction of comments and variable names. + +- RELEASE-NOTES: Added missing addition of sasl login support + +- pop3: Added support for sasl cram-md5 authentication + +Daniel Stenberg (3 Jun 2012) +- Curl_sasl_create_plain_message: remove TAB + +Steve Holme (3 Jun 2012) +- sasl: Small code tidy up + + Added some comments and removed an unreferenced variable. + +- pop3.c: Added conditional compilation for NTLM function calls + + Added USE_NTLM condition compilation around the NTLM functions called + from pop3_statemach_act() introduced in commit 69f7156ad96877. + +- sasl: Moved cram-md5 authentication message creation from smtp.c + + Moved the cram-md5 message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- pop3: Fixed an issue with changes introduced in commit c267c53017bc + + Because pop3_endofresp() is called for each line of data yet is not + passed the line and line length, so we have to use the data pointed to + by pp->linestart_resp which contains the whole packet, the mechanisms + were being detected in one call yet the function would be called for + each line of data. + + Using curl with verbose mode enabled would show that one line of data + would be received in response to the AUTH command, before the AUTH + command was sent to the server and then the next few lines + of the original AUTH command would be displayed before the response from + the AUTH command. This would then cause problems when + parsing the CRAM-MD5 challenge data as extra data was contained in the + buffer. + + Changed the parsing so that each line is checked for the mechanisms + and the function returns FALSE until the whole of the AUTH response has + been processed. + +Daniel Stenberg (3 Jun 2012) +- version: bump to 7.27.0 for next release + + Due to new features + +- RELEASE-NOTES: synced with c4e3578e4bf + + Also bumped the contributor number and next release is to become 7.27.0 + +- THANKS: 16 new contributors from the 7.26.0 release + +Steve Holme (3 Jun 2012) +- DOCS: Fixed list in Section 18.2 not displaying correctly on web site + +- DOCS: Corrected missed heading renumbering from commit 530675a1ad7 + +- DOCS: Added IMAP and LDAP sections + + Added new sections 11. IMAP and 12. LDAP to document adding SASL based + authentication. + + Renumbered current sections 11 to 17 as 13 to 19. + + Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option. + +- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8 + + Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup() + is just a nop. + +- pop3.c:Corrected typo in commit 69ba0da8272d + +- pop3: Fixed the issue of having to supply the user name for all requests + + Previously it wasn't possible to connect to POP3 and not specify the + user name as a CURLE_ACCESS_DENIED error would be returned. This error + occurred because USER would be sent to the server with a blank user name + if no mailbox user was specified as the server would reply with -ERR. + + This wasn't a problem prior to the 7.26.0 release but with the + introduction of custom commands the user and/or application developer + might want to issue a CAPA command without having to log in as a + specific mailbox user. + + Additionally this fix won't send the newly introduced AUTH command if no + user name is specified. + +- pop3.c: Small code tidy up + + Corrected lines exceeding 78 characters. + + Repositioned some comments and added extra clarity. + +- sasl: Corrected variable names in comments and parameters + +- pop3: Added support for sasl ntlm authentication + +- sasl: Small comment style tidy up following ntlm commit + +- sasl: Moved ntlm authentication message handling from smtp.c + + Moved the ntlm message creation and decoding from smtp.c into the sasl + module to allow for use by other modules such as pop3. + +- pop3: Added support for sasl login authentication + +Yang Tse (1 Jun 2012) +- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol + +- tests: support test definitions with up to 5 file checks in section + + This is done introducing tags to besides existing one, + as well as corresponding to ones, that can be used + in the section in the same way as the non-numbered ones. + +Steve Holme (31 May 2012) +- sasl: Moved login authentication message creation from smtp.c + + Moved the login message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp() + + Rather than encoding the password message itself the + smtp_state_authpasswd_resp() function now delegates the work to the same + function that smtp_state_authlogin_resp() and smtp_authenticate() use + when constructing the encoded user name. + +- smtp.c: Re-factored smtp_auth_login_user() for use with passwords + + In preparation for moving to the SASL module re-factored the + smtp_auth_login_user() function to smtp_auth_login() so that it can be + used for both user names and passwords as sending both of these under + the login authentication mechanism is the same. + +- pop3: Added support for sasl plain text authentication + +- curl_ntlm_msgs.c: Corrected small spelling mistake in comments + +- sasl: Moved plain text authentication message creation from smtp.c + + Moved the plain text message creation from smtp.c into the sasl module + to allow for use by other modules such as pop3. + +Yang Tse (30 May 2012) +- configure: fix LDAPS disabling related misplaced closing parenthesis + +- pop3 test server: allow pop3 test server verification to succeed again + + Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further + pop3 test server expansion for tests that require CAPA or AUTH support, + although this will need some extra work to make it fully functional. + +Steve Holme (28 May 2012) +- pop3: Introduced the continue response in pop3_endofresp() + +- pop3: Changed response code from O and E to + and - + + The POP3 protocol doesn't really have the concept of error codes and + uses +, +OK and -ERR in response to commands to indicate continue, + success and error. + + The AUTH command is one of those commands that requires multiple pieces + of data to be sent to the server where the server will respond with + as + part of the handshaking. This meant changing the values before + continuing with the next stage of adding authentication support. + +- pop3: Small code tidy up following authentication work so far + + Changed the order of the state machine to match the order of actual + events. + + Reworked some comments and function parameter positioning that I missed + the other day. + +Kamil Dudka (28 May 2012) +- nss: use human-readable error messages provided by NSS + + Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html + +Daniel Stenberg (27 May 2012) +- test1013.pl: filter out Metalink + + Since it isn't a feature supported by curl-config we can't compare that + with the --version output + +- pop3: remove variable-not-used warnings + +Steve Holme (27 May 2012) +- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH + + Additionally corrected another RFC link that I missed yesterday. + +- pop3: Added support for SASL based authentication mechanism detection + + Added support for detecting the supported SASL authentication mechanisms + via the AUTH command. There are two ways of detecting them, either by + using the AUTH command, that will return -ERR if not supported or by + using the CAPA command which will return SASL and the list of mechanisms + if supported, not include SASL if SASL authentication is not supported + or -ERR if the CAPA command is not supported. As such it seems simpler + to use the AUTH command and fallback to normal clear text authentication + if the the command is not supported. + + Additionally updated the test cases to return -ERR when the AUTH command + is encountered. Additional test cases will be added when support for the + individual authentication mechanisms is added. + +Daniel Stenberg (27 May 2012) +- pop3: remove trailing whitespace + +Steve Holme (27 May 2012) +- pop3: Code tidy up before the introduction of authentication code + + Moved EOB definition into header file. + + Switched the logic around in pop3_endofresp() to allow for the + introduction of auth-mechanism detection. + + Repositioned second and third function variables where they will fit + within the 78 character line limit. + + Tidied up some comments. + +Guenter Knauf (27 May 2012) +- Enabled OpenSSL static linkage. + +- Enabled OpenSSL static linkage. + +- Try to detect OpenSSL build type automatically. + +Daniel Stenberg (26 May 2012) +- metalink: fix build errors when disabled + +- [Tatsuhiro Tsujikawa brought this change] + + Reduced #ifdef HAVE_METALINK + +- [Tatsuhiro Tsujikawa brought this change] + + Disable hash check if neither OpenSSL nor GNUTLS is installed. + +- [Tatsuhiro Tsujikawa brought this change] + + Format GETOUT_METALINK nicely + +- [Tatsuhiro Tsujikawa brought this change] + + Minimize usage of structs from libmetalink + +- [Tatsuhiro Tsujikawa brought this change] + + Check checksum of downloaded file if checksum is available + + Metalink file contains several hash types of checksums, such as + md5, sha-1, sha-256, etc. To deal with these checksums, I created + abstraction layer based on lib/curl_md5.h and + lib/md5.c. Basically, they are almost the same but I changed the + code so that it is not hash type dependent. Currently, + GNUTLS(nettle or gcrypt) and OpenSSL functions are supported. + + Checksum checking is done by reopening download file. If there + is an I/O error, the current implementation just prints error + message and does not try next resource. + + In this patch, the supported hash types are: md5, sha-1 and sha-256. + +- [Tatsuhiro Tsujikawa brought this change] + + Always create directory hierarchy for Metalink. + + Filenames contained in Metalink file can include directory information. + Filenames are unique in Metalink file, taking into account the directory + information. So we need to create the directory hierarchy. + + Curl has --create-dirs option, but we create directory hierarchy for + Metalink downloads regardless of the option value. + + This patch also put metalink int variable outside of HAVE_LIBMETALINK + guard. This reduces the number of #ifdefs. + +- [Tatsuhiro Tsujikawa brought this change] + + Fixed segmentation fault when Metalink has no valid file or no resource. + +- [Tatsuhiro Tsujikawa brought this change] + + Support media-type parameter in Content-Type + +- [Tatsuhiro Tsujikawa brought this change] + + Print "Metalink" in Features if Metalink support is enabled. + +- [Tatsuhiro Tsujikawa brought this change] + + Removed trailing space + +- [ant brought this change] + + Add --metalink to --help + +- [ant brought this change] + + Add Metalink information and --metalink option to man page + +- [ant brought this change] + + Add Metalink information and --metalink option to man page + +- [ant brought this change] + + Adds Metalink information to INSTALL + +- [Tatsuhiro Tsujikawa brought this change] + + --metalink option is available regardless of Metalink support. + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: parse downloaded Metalink file + + Parse downloaded Metalink file and add downloads described there. Fixed + compile error without metalink support. + +- [Tatsuhiro Tsujikawa brought this change] + + Fixed HAVE_LIBMETALINK conditional is always true + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: minor metalinkfile fix + + Don't update config->metalinkfile_last in operate(). Use local variable + to point to the current metalinkfile. + +- [Tatsuhiro Tsujikawa brought this change] + + metalink: show help message even if disabled + + Print message if --metalink is used while metalink support is not + enabled. Migrated Metalink support in tool_operate.c and removed + operatemetalink(). + +- [Tatsuhiro Tsujikawa brought this change] + + Applied patches from Daniel + +- [Tatsuhiro Tsujikawa brought this change] + + Support Metalink. + + This change adds experimental Metalink support to curl. + To enable Metalink support, run configure with --with-libmetalink. + To feed Metalink file to curl, use --metalink option like this: + + $ curl -O --metalink foo.metalink + + We use libmetalink to parse Metalink files. + +Steve Holme (26 May 2012) +- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL + +- DOCS: Changed domain names in various examples to example.com + + Updated various references of real domain names to example.com as per + RFC-2606. + +- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR + + Setting bit 2 for this value was documented as having a constant value + defined as CURL_REDIR_POST_303 yet referenced a 302 request. + + Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three + bits and fixed problems with the bolding of keywords in this section. + +- DOCS: Standardised how RFCs are referenced. + + Standardised how RFCs are referenced so that the website may autolink to + the correct documentation on ietf.org. Additionally removed the one link + to RFC3986 on curl.haxx.se. + +Yang Tse (26 May 2012) +- Fix libcurl.pc and curl-config generation for static MingW* cross builds + +Daniel Stenberg (25 May 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Made -D option work with -O and -J. + + To achieve this, first new structure HeaderData is defined to hold + necessary data to perform header-related work. Then tool_header_cb now + receives HeaderData pointer as userdata. All header-related work + (currently, dumping header and Content-Disposition inspection) are done + in this callback function. HeaderData.outs->config is used to determine + whether each work is done. + + Unit tests were also updated because after this change, curl code always + sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA. + + Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine. + +Steve Holme (25 May 2012) +- sasl: Re-factored auth-mechanism constants to be more generic + +- smtp: Moved auth-mechanism constants into a separate header file + + Move the SMTP_AUTH constants into a separate header file in + preparation for adding SASL based authentication to POP3 as the two + protocols will need to share them. + +Kamil Dudka (25 May 2012) +- nss: avoid using explicit casts of code pointers + +Steve Holme (24 May 2012) +- DOCS: Added LDAP to the CURLOPT_URL section + +- TODO: Removed DIGEST-MD5 authentication from SMTP to do list + + Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as + the feature was added to SMTP in 7.26.0. + + Also corrected small spelling mistake. + +Daniel Stenberg (24 May 2012) +- bump to 7.26.1: start working towards next release + +Version 7.26.0 (24 May 2012) + +Daniel Stenberg (24 May 2012) +- RELEASE-NOTES: synced with ef60fdbd73 + + Just before 7.26.0 is about to ship + +Steve Holme (22 May 2012) +- smtp: Fixed an issue with the multi-interface always sending postdata + + Due to the result code being reset to CURLE_OK when smtp_dophase_done() + was called, postdata would incorrectly be sent to the server when the + MAIL FROM or RCPT command was rejected. + + As such, libcurl would return the wrong result code from performing the + operation and additionally set CURLINFO_RESPONSE_CODE to be that + returned by the postdata command. + + Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html + Reported by: Gokhan Sengun + +- DOCS: Updated version number for features added in the pending release + +Daniel Stenberg (22 May 2012) +- [Tatsuhiro Tsujikawa brought this change] + + Fixed compile error with GNUTLS+NETTLE + + In nettle/md5.h, md5_init and md5_update are defined as macros to + nettle_md5_init and nettle_md5_update respectively. This causes + error when using MD5_params.md5_init and md5_update. This patch + renames these members as md5_init_func and md5_update_func to + avoid name conflict. For completeness, MD5_params.md5_final was + also renamed as md5_final_func. + + The changes in curl_ntlm_core.c is conversion error and fixed by + casting to proper type. + +- TODO-RELEASE: mention the pending biggies for 7.27.0 + +- [Jan Ehrhardt brought this change] + + winbuild: fix IPv6 enabled build + + The existing check was wrong so IPv6 support would never be enabled + +- 7.26.0: will be the next release version + +- RELEASE-NOTES: synced with 8ae1e657e82a + + And mention that this will become 7.26.0 + +Guenter Knauf (22 May 2012) +- Updated dependency libary versions. + +Daniel Stenberg (20 May 2012) +- curl-config.1: fix curl-config usage in example + + The curl-config command must be used twice in the single command line to + work properly in some environments. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3528241 + Reported by: Julian Taylor + +Steve Holme (17 May 2012) +- smtp: Fixed non-escaping of dot character at beginning of line + + A dot character at the beginning of a line would not be escaped to a + double dot as required by RFC-2821, instead it would be deleted by the + mail server. Please see section 4.5.2 of the RFC for more information. + + Note: This fix also simplifies the detection of repeated CRLF.CRLF + combinations, such as CRLF.CRLF.CRLF, a little rather than having to + advance the eob counter to 2. + +Daniel Stenberg (16 May 2012) +- FAQ: updated 1.10 How many are using curl? + + Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/ + +- disable-versioned-symbols: removed superfluous 'fi' + + The commit e315927a1a left this in + +- MakefileBuild.vc: use the correct IDN variable + + The variable that control IDN enablement is called USE_IDN within these + Makefiles + +- [Pierre Chapuis brought this change] + + autoconf: improve handling of versioned symbols + + It checks whether versioned symbols should be enabled before checking + whether it is possible (i.e. the linker supports --version-script) or + not. This avoids a useless warning when building cURL on a platform that + does not use GNU ld. + + Moreover, it fixes broken indentation of this chunk of code. + +- curl.1: clarify -x usage + + 1 - fix the syntax in the .IP line + + 2 - Provided user names and passwords are URL decoded by libcurl + + Bug: http://curl.haxx.se/bug/view.cgi?id=3525935 + +- NTLM: is supported in GnuTLS builds too + + ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4 + +- TODO: happy eyeballs is now RFC6555 + +- my_useragent: shorten user-agent + + The built-in user-agent will now only say curl/[version] and nothing + else in an attempt to decrease overhead in HTTP requests. + +- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too + +Claes Jakobsson (3 May 2012) +- Add note about default timeout in CURLOPT_TIMEOUT + +Daniel Stenberg (2 May 2012) +- [Gokhan Sengun brought this change] + + MD5: OOM fix + + check whether md5 initialization succeeded before updating digest of + buffers onto it + +- REALEASE-NOTES: synced with 64f48e884e3c1 + +- [Jan Schaumann brought this change] + + add newly created manual page + +- [Jan Schaumann brought this change] + + add a manual page for mk-ca-bundle + +Guenter Knauf (26 Apr 2012) +- Updated dependency lib versions. + +Daniel Stenberg (23 Apr 2012) +- URL parse: reject numerical IPv6 addresses outside brackets + + Roman Mamedov spotted (in + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would + not complain when given a URL with an IPv6 numerical address without + brackets. It would simply cut off the last ":[hex]" part and thus not + work correctly. + + That's a URL using an illegal syntax and now libcurl will instead return + a clear error code and error message detailing the error. + + The above mentioned bug report claims this to be a regression but + libcurl does not guarantee functionality when given URLs that aren't + following the URL spec (RFC3986 mostly). I consider the fact that it + used to handle this differently a mere coincidence. + +- Curl_MD5_init: fix OOM memory leak + + Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html + Reported by: Michael Mueller + +- [Gokhan Sengun brought this change] + + OpenSSL cert: provide more details when cert check fails + + curl needs to be more chatty regarding certificate verification failure + during SSL handshake + +Yang Tse (23 Apr 2012) +- Revert "sspi: Added version information" + + This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a. + +- Revert "sspi - Small code tidy up" + + This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687. + +- Revert "Fixed 'extra tokens at end of #endif directive'." + + This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6. + +- Revert "Fixed 'Trailing whitespace' found by checksrc." + + This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523. + +- Revert "sspi: Code tidy up to remove unused variable." + + This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac. + +- Revert "Add -lversion if build with SSPI." + + This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85. + +Guenter Knauf (23 Apr 2012) +- Add -lversion if build with SSPI. + +Steve Holme (22 Apr 2012) +- sspi: Code tidy up to remove unused variable. + +Guenter Knauf (22 Apr 2012) +- Fixed 'Trailing whitespace' found by checksrc. + +- Fixed 'extra tokens at end of #endif directive'. + +Steve Holme (22 Apr 2012) +- sspi - Small code tidy up + +- sspi: Added version information + + Added version information for Windows SSPI to curl's main version + string and removed SSPI from the features string. + +Daniel Stenberg (20 Apr 2012) +- HTTP: empty chunked POST ended up in two zero size chunks + + When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the + size of the POST was zero length, it made libcurl first send a zero + chunk and then the terminating one. This could confuse a receiver and it + should rather just send the terminating chunk as it does with this fix. + + Test case 1333 is added to verify. + + Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html + Reported by: Arnaud Compan + +Guenter Knauf (20 Apr 2012) +- Updated dependency lib versions. + +Daniel Stenberg (19 Apr 2012) +- singleipconnect: return OK even when Curl_socket() fails + + Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0). + + The singleipconnect() function must not return an error if Curl_socket() + returns an error. It should then simply return OK and pass a SOCKET_BAD + back simply because that is how the user of this function expects it to + work and something else is not fine. + + Reported by: Blaise Potard + Bug: http://curl.haxx.se/bug/view.cgi?id=3516508 + +Yang Tse (19 Apr 2012) +- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up + + MIPSPro compiler detected curl_easy_getinfo() related missing adjustments. + SunPro compiler detected curl tool --libcurl option related missing adjustments. + +- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes + + Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported. + + Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE. + +- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' + + Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to + 'unsigned long' for proper handling and operating. + +- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed + + Info: http://curl.haxx.se/mail/lib-2012-04/0170.html + +- Some explicit conversion to 'long' of curl_easy_setopt() third argument + + Explicit conversion to 'long' of curl_easy_setopt() third argument for options + CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are + docummented to be used. + +- build adjustments: commit 9e24b9c7 follow-up + +Daniel Stenberg (17 Apr 2012) +- -# progress meter: avoid superfluous updates and duplicate lines + + By comparing if a different "progress point" is reached or not since the + previous update, the progress function callback for this now avoids many + superfluous screen updates. This has the nice side-effect that it fixes + a problem that causes a second progress meter line. + + The second line output happened because when we use the -# progress + meter, we force a newline output after the transfer in the main loop in + curl, but when libcurl calls the progress callback from + curl_easy_cleanup() it would then output the progress display + again. Possibly the naive newline output is wrong but this optimization + was suitable anyway... + + Reported by: Daniel Theron + Bug: http://curl.haxx.se/bug/view.cgi?id=3517418 + +Yang Tse (16 Apr 2012) +- nss.c: fix compiler warning + +- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds + + When building a Windows target with gcc 4.5 or newer and strict compiler + warnings enabled use -Wno-pedantic-ms-format in addition to other flags. + +Kamil Dudka (16 Apr 2012) +- tests/valgrind.pm: suppress memleaks of NSS_InitContext() + + Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224 + +Yang Tse (14 Apr 2012) +- setup_once.h: tighten requirements for stdbool.h header inclusion + + Include stdbool.h only when it is available and configure is capable of + detecting a proper 'bool' data type when the header is included. + + Compilation fix for old or unpatched versions of XL C compiler. + + Report: http://curl.haxx.se/mail/archive-2012-04/0022.html + +- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage + + Usage in other code paths already protected and requiring even newer versions. + +- [Jonathan Nieder brought this change] + + headers: surround GCC attribute names with double underscores + + This protects from attribute names being defined by third party's code. + + Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html + +Guenter Knauf (13 Apr 2012) +- Updated copyright year. + +Yang Tse (13 Apr 2012) +- testcurl.pl: build example programs for Android cross-compiles + +- nss.c: fix compiler warning + +- examples: fix compiler warnings + +Kamil Dudka (13 Apr 2012) +- nss: provide human-readable names for NSS errors + +- nss: use NSS_InitContext() to initialize NSS if available + + NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent + collisions on NSS initialization/shutdown with other libraries. + + Bug: https://bugzilla.redhat.com/738456 + +- nss: unconditionally require PK11_CreateGenericObject() + + This bumps the minimal supported version of NSS to 3.12.x. + +Guenter Knauf (13 Apr 2012) +- Set batch mode to 755 to make Cygwin git pulls work. + +- Added section for Android configure cross-compile. + +- Added NetWare export. + +Yang Tse (12 Apr 2012) +- testcurl.pl: build example programs for MinGW cross-compiles + +- tool_operate.c: fix compiler warning + +- url.c: fix compiler warning + +Guenter Knauf (12 Apr 2012) +- Updated dependency lib versions (2nd try). + +- Updated dependency lib versions. + +Yang Tse (12 Apr 2012) +- tool_formparse.c: rename a couple of vars to avoid declaration shadowing + +- OS400/initscript.sh: fix db2_name() module name generation + + Allow repeatable file name length reduction on file names with underscore or + dash characters. This is done in order to better support libcurl's existing + source file names and allow OS/400 package to build out of the box again. + +- testcurl.pl: log more environment vars that modify configure and build behavior + +- configure: NATIVE_WINDOWS no longer defined in config files + +- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files + + configure script now provides conditional definitions for Makefile.am + that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles + when appropriate. + + Additionally, configure script option for symbol hiding control is now + named --enable-symbol-hiding --disable-symbol-hiding. While still valid, + old option name --enable-hidden-symbols --disable-hidden-symbols will + be deprecated in some future release. + +- build adjustments: functionally revert commits 4d3fb91f and bbfe1182 + + Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix. + +- test servers: build adjustment + + Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might + leak from lib/setup.h into source files where this should not be defined. + +- libtests: build adjustment + + Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might + leak from lib/setup.h into source files where this should not be defined. + +- curl tool: make setup.h first header included in tool_setup.h again + +- curl tool: use configuration files from lib directory - follow-up II + + lib/config-win32.h no longer copied to src/config-win32.h + +- configure: Windows cross-compilation fixes + + BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h, + configure will generate appropriate conditionals so that mentioned symbols + get defined and used in Makefiles at compilation time + +- curl tool: make curl.h first header included in tool_setup.h + +- curl tool: use configuration files from lib directory - follow-up I + + amigaos.[ch] now integrates nicely with any libcurl build + +- curl tool: use configuration files from lib directory + + Configuration files such as curl_config.h and all config-*.h no longer exist + nor are generated/copied into 'src' directory, now these only exist in 'lib' + directory from where curl tool sources uses them. + + Additionally old src/setup.h has been refactored into src/tool_setup.h which + now pulls lib/setup.h + + The possibility of a makefile needing an include path adjustment exists. + +Daniel Stenberg (6 Apr 2012) +- PolarSSL: correct return code for CRL matches + + When a server certificate matches one in the given CRL file, the code + now returns CURLE_SSL_CACERT as test case 313 expects and verifies. + +- PolarSSL: include version number in version string + + Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the + same style other libs and components do. + +- test: added test 1332 that tests --post303 + +- curl: add --post303 to set the CURL_REDIR_POST_303 option + +- [Andrei Cipu brought this change] + + CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL + + As it turns out, some people do want that after all. + +- test1331: cookies on a 407 response + + Verify that cookies are sent back even after a 407 response has been + received + +- [Dag Ekengren brought this change] + + PolarSSL: add support for asynchronous connect + +- [Tim Heckman brought this change] + + Revert "access the CA source file using HTTPS" + + This reverts commit f7e2ab6. + + This change caused fetching of the certificates to become unreliable. + + Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html + Reported by: Tim Heckman + +- [Andrei Cipu brought this change] + + IPv6 cookie domain: get rid of the first bracket before the second. + + Commit 97b66ebe was copying a smaller buffer, thus duplicating the last + character. + +- MAIL-ETIQUETTE: Added "How to unsubscribe" + + ... as it seems to hard for some people + +Yang Tse (4 Apr 2012) +- ftp.c: ftplistparser related OOM handling fix + +- smtp.c: fix compiler warnings + +- lib599.c: fix compiler warning + +Daniel Stenberg (4 Apr 2012) +- runtests: yassl and polarssl are not openssl + + Don't set the "has_openssl" variable if yassl or polarssl is found as + they will simply not work as 100% drop-in replacements for some of the + stuff the "OpenSSL" feature is used for. + + I spotted this problem when doing test runs with PolarSSL builds. + +- [Lijo Antony brought this change] + + connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails + + Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback + returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT + conveys incorrect information to the user. + +Steve Holme (2 Apr 2012) +- pop3: Reworked the command sending and handling + + Reworked the command sending from two specific LIST and RETR command + functions into a single command based function as well as the two + associated response handlers into a generic command handler. + +Daniel Stenberg (1 Apr 2012) +- [Dave Reisner brought this change] + + curl tool: add filename_effective token for --write-out + + By modifying the parameter list for ourWriteOut() and passing the + OutStruct that collects data in tool_operate, we get access to the + remote name that we're writing to. Shell scripters should find this + useful when used in conjuntion with the --remote-header-name option. + +Steve Holme (1 Apr 2012) +- smtp.c: Code policing and tidy up + +Daniel Stenberg (1 Apr 2012) +- [Armel Asselin brought this change] + + SSH: public key can now be an empty string + + If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will + pass no public key to libssh2 which then tries to compute it from the + private key. This is known to work when libssh2 1.4.0+ is linked against + OpenSSL. + +- [Tatsuhiro Tsujikawa brought this change] + + OpenSSL: Made cert hostname check conform to RFC 6125 + + This change replaces RFC 2818 based hostname check in OpenSSL build with + RFC 6125 [1] based one. + + The hostname check in RFC 2818 is ambiguous and each project implements + it in the their own way and they are slightly different. I check curl, + gnutls, Firefox and Chrome and they are all different. + + I don't think there is a bug in current implementation of hostname + check. But it is not as strict as the modern browsers do. Currently, + curl allows multiple wildcard character '*' and it matches '.'. (as + described in the comment in ssluse.c). + + Firefox implementation is also based on RFC 2818 but it only allows at + most one wildcard character and it must be in the left-most label in the + pattern and the wildcard must not be followed by any character in the + label.[2] Chromium implementation is based on RFC 6125 as my patch does. + Firefox and Chromium both require wildcard in the left-most label in the + presented identifier. + + This patch is more strict than the current implementation, so there may + be some cases where old curl works but new one does not. But at the same + time I think it is good practice to follow the modern browsers do and + follow the newer RFC. + + [1] http://tools.ietf.org/html/rfc6125#section-6.4.3 + [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483 + +- HTTP: reset expected DL/UL sizes on redirects + + With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the + download size was known (like with a Content-Length header), but the + subsequent URL (transfered after the 3xx page) was chunked encoded, then + the previous "known download size" would linger and cause the progress + meter to get incorrect information, ie the former value would remain + being sent in. This could easily result in downloads that were WAY + larger than "expected" and would cause >100% outputs with the curl + command line tool. + + Test case 599 was created and it was used to repeat the bug and then + verify the fix. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3510057 + Reported by: Michael Wallner + +Steve Holme (31 Mar 2012) +- [Gökhan Şengün brought this change] + + smtp: Add support for DIGEST-MD5 authentication + +- [Gökhan Şengün brought this change] + + smtp: Cody tidy up of md5 digest length + + Replaced the hard coded md5 digest length (16) with a preprocessor + constant + +- [Gökhan Şengün brought this change] + + md5: Add support for calculating the md5 sum of buffers incrementally + + It is now possible to calculate the md5 sum as the stream of buffers + becomes known where as previously it was only possible to calculate the + md5 sum of a pre-prepared buffer. + +Daniel Stenberg (31 Mar 2012) +- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https" + + This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770. + + It turned out that "improvement" instead made the fetching of the + certificates unreliable + + Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html + Reported by: Tim Heckman + +Steve Holme (31 Mar 2012) +- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST + +- pop3: Added support for additional pop3 commands + + This feature allows the user to specify and use additional POP3 + commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or + curl's -X command line option. + +Yang Tse (30 Mar 2012) +- [tetetest tetetest brought this change] + + CMakeLists.txt: fix Windows LDAP/LDAPS option handling + + bug: http://curl.haxx.se/mail/lib-2012-03/0278.html + +- [tetetest tetetest brought this change] + + CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix + + bug: http://curl.haxx.se/mail/lib-2012-03/0255.html + +Steve Holme (28 Mar 2012) +- TODO: Corrected POP3 section heading + +Yang Tse (28 Mar 2012) +- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness + + Take in account that h_errno might be a modifiable lvalue not defined as + a C preprocessor macro + +Steve Holme (27 Mar 2012) +- TODO: Added SMTP and POP3 specific features + +Yang Tse (27 Mar 2012) +- [Olaf Flebbe brought this change] + + tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0 + + curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0 + + bug: http://curl.haxx.se/bug/view.cgi?id=3511794 + +- test #1405: support HTTP disabled builds + +Steve Holme (26 Mar 2012) +- test #809: Updated error code to match recent pop3 changes + +Yang Tse (25 Mar 2012) +- ssh.c: code cleanup, Curl_safefree() already nullifies pointer + +- fix some compiler warnings + +Steve Holme (25 Mar 2012) +- pop3.c: Corrected problem with state() introduced in 01690ed2bce5 + +- pop.c: Small code tidy up + +- pop3: Removed the need for the single message LIST command handler + + Simplified the code to remove the need for a separate "LIST " + command handler and state machine and instead use the LIST command + handler for both operations. + +- pop3.c: Code policing and tidy up + + Corrected character and line spacing and re-ordered list and retr + functions based on the order of their state machines. + +- email: Moved server greeting responses into separate functions + + Moved the server greeting response handling code from the statemach_act + functions to separate response functions. This makes the code simpler + to follow and provides consistency with the other responses that are + handled here. + +- pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified + + Body data would be forwarded to the client application in both the RETR + and LIST commands even if CURLOPT_NOBODY was specified. + +Daniel Stenberg (23 Mar 2012) +- [Rodrigo Silva (MestreLion) brought this change] + + docs: clarify -z/--time-cond with filename (mention mtime) + + Original wording could lead users in thinking it tries to + somehow parse the filename for a date expression (like + news_2012_03_05.html). It never mentions that it actually + reads the mtime of the file in filesystem. + +Yang Tse (23 Mar 2012) +- tests #1316 #1319 #1320 #1321: add missing keywords + +- test #598: add missing keywords + +- version: start working on 7.25.1-DEV + +Daniel Stenberg (22 Mar 2012) +- [Benjamin Johnson brought this change] + + configure: check for gethostbyname in the watt lib + + This allows building of libcurl on DOS using DJGPP 2.04 and Watt-32 + sockets. I know there's already Makefile.djgpp, but I find this more + convenient since I'm used to using the ./configure script from other + platforms + +- THANKS: 8 new contributors from 7.25.0 + +Version 7.25.0 (22 Mar 2012) + +Daniel Stenberg (22 Mar 2012) +- RELEASE-NOTES: synced with b8b2cf612b2 + +Yang Tse (22 Mar 2012) +- tests #1400 #1401: add missing keywords + +- http_proxy.h: fix builds with proxy or http disabled + +- parsedate.c: fix a numeric overflow + +Daniel Stenberg (22 Mar 2012) +- [Andrei Cipu brought this change] + + cookies: strip the numerical ipv6 host properly + + The commit e650dbde86d4 that stripped off [brackets] from ipv6-only host + headers for the sake of cookie parsing wrongly incremented the host + pointer which would cause a bad free() call later on. + +Yang Tse (22 Mar 2012) +- test #598: add to Makefile.am + +- test #598: OOM handling fixes + +- fix several compiler warnings + +Daniel Stenberg (22 Mar 2012) +- CONNECT: fix multi interface regression + + The refactoring of HTTP CONNECT handling in commit 41b0237834232 that + made it protocol independent broke it for the multi interface. This fix + now introduce a better state handling and moved some logic to the + http_proxy.c source file. + + Reported by: Yang Tse + Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html + +- SWS: refuse to serve CONNECT unless running as proxy + +Yang Tse (21 Mar 2012) +- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness + + Take in account that POSIX standard Issue 7 drops h_errno support. Now, we also + consider getaddrinfo() to be thread-safe when (_POSIX_C_SOURCE >= 200809L) or + (_XOPEN_SOURCE >= 700) independently of whether h_errno exists or not. + +- fix several compiler warnings + +- tests 140X: fix --libcurl generated source file reading mode for MSYS builds + +- tool_easysrc.c: fix --libcurl option output file text translation mode + + Use fopen() with "w" mode instead of "wt" to fix cygwin builds. + +- build: remove tool_cb_skt.[ch] references + +Daniel Stenberg (18 Mar 2012) +- RELEASE-NOTES: synced with ad77420ac761b + + 3 more bugs, 1 more contributor + +- lwip: basic checks and macros for compatiblity + +Yang Tse (17 Mar 2012) +- tool_setopt.c: more OOM handling fixes + +Daniel Stenberg (16 Mar 2012) +- cmake: list_spaces_append_once fails with spaces in filename + + Windows standard libraries are located in C:/Program Files/Microsoft + SDKs/[...]. They are already included in the default MSVC + LIBPATH. Hence, find_library(WSOCK32_LIBRARY wsock32) and + find_library(WS2_32_LIBRARY ws2_32) are not needed. They return the full + path to the libraries including spaces. Of course, + list_spaces_append_once will mangle the result and the build fails. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3494968 + +Yang Tse (16 Mar 2012) +- http_proxy.c: fix OOM handling + +- tool_setopt.c: fix OOM handling + +- fix several compiler warnings + +- fix some compiler warnings + +Daniel Stenberg (13 Mar 2012) +- [Maxim Prohorov brought this change] + + resolve with c-ares: don't resolve IPv6 when not working + + If the Curl_ipv6works() function says no, there is no reason to try AAAA + names even if libcurl was built with IPv6 support enabled. + + Bug: http://curl.haxx.se/mail/lib-2012-03/0045.html + +unknown (10 Mar 2012) +- [Steve Holme brought this change] + + smtp.c: Changed the curl error code for EHLO and HELO responses + + Changed the returned curl error codes for EHLO and HELO responses from + CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response + from these commands represents no service as opposed to a login error. + +Daniel Stenberg (10 Mar 2012) +- RELEASE-NOTES: synced with e650dbde86 + + New: 12 bugs, 3 changes, 6 contributors and updated counters at the top + +- [Andrei Cipu brought this change] + + Curl_http: strip off [brackets] from ipv6-only host headers + + Since the host name is passed in to the cookie engine it will not work + correctly if the brackets are left in the name. + + Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html + +- [Armel Asselin brought this change] + + CURLSSH_OPT_AUTH: documented it has no effect + +- [John Joseph Bachir brought this change] + + mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior. + + An alternative would be: + + 1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE + 2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being + used + + This question and answer explain: + http://stackoverflow.com/questions/74358/ + +- [John Joseph Bachir brought this change] + + access the CA source file using HTTPS + +- includes: remove inclusion of unused file http_proxy.h + +- CONNECT: made generically not per-protocol + + Curl_protocol_connect() now does the tunneling through the HTTP proxy if + requested instead of letting each protocol specific connection function + do it. + +- ssh_connect: tunnel through HTTP proxy if requested + +- LWIP: don't consider HAVE_ERRNO_H to be winsock + + The check for Winsock definition was a bit too broad + + Bug: http://curl.haxx.se/mail/lib-2012-03/0046.html + +- [Dave Reisner brought this change] + + curl-config: only provide libraries with --libs + + In line with the manpage, curl-config --libs should only provide the necessary + library flags for the linker in order to compile software with libcurl. Also + with this change, we match what the pkg-config file provides. + +- CONTRIB: Please don't send pull requests + +- libcurl docs: version corrections + + Correct some inconsistencies in which version some things were added. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3494091 + Reported by: "curlybugs" + +- CONNECT: fix ipv6 address in the Request-Line + + Commit 466150bc64d fixed the Host: header with CONNECT, but I then + forgot the preceeding request-line. Now this too uses [brackets] + properly if a ipv6 numerical address was given. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 + Reported by: "Blacat" + +- [Steve Holme brought this change] + + SMTP: Added support for returning SMTP response codes + + Set the conn->data->info.httpcode variable in smtp_statemach_act() to + allow Curl_getinfo() to return the SMTP response code via the + CURLINFO_RESPONSE_CODE action. + +- curl.1: updated --libcurl + + With Colin Hogben's recent work, --libcurl now also works with -F and + more. Remove the previous caveat. + +- test: --libcurl fixes + + The line endings broke when I saved the three recent patches (my fault, + not Colin's) to 'git am' them. + + Adjusted the stripping of the test program for comparing to also exclude + the SSH key file name as that will differ and use a local path name. + +- [Colin Hogben brought this change] + + Add helper script convsrctest.pl to manipulate --libcurl tests. + + The intention is to take the output of curl's --libcurl option, + as exercised in test 14xx, and generate a corresponding test15xx + in which the generated code is compiled and run. This will verify + that the generated code behaves equivalently to the original + invocation of the curl command. + + The script is not yet integrated into the configure / makefile + machinery. + +- [Colin Hogben brought this change] + + Add tests for curl's --libcurl output. + + These tests check the output of the --libcurl option of curl, + including the improved option handling added in a related patch. + +- [Colin Hogben brought this change] + + Generate lists and use symbols in --libcurl code output. + + This patch improves the output of curl's --libcurl option by + generating code which builds curl_httppost and curl_slist lists, and + uses symbolic names for enum and flag values. Variants of the + my_setopt macro in tool_setopt.h are added in order to pass extra type + information to the code-generation step in tool_setopt.c. + + If curl is configured with --disable-libcurl-option then the macros + call curl_easy_setopt directly. + +- [Steve Holme brought this change] + + smtp.c: Fixed an issue with writing postdata + + Fixed a problem in smtp_done() when writing out the postdata as + Curl_write() would periodically return zero bytes written. + +- CURLOPT_MAIL_AUTH: added in 7.25.0 + + Brought in commit 0cf0ab6f300 + +- pop3 test server: send terminating ".CRLF" only + + With commit 035ef06bda7 applied, the test pop3 server needs to send + ".\r\n" as the body terminating sequence and there needs to be a final + CRLF in the actual body in the test data file. + +- [Steve Holme brought this change] + + pop3.c: Fixed drop of final CRLF in EOB checking + + Curl_pop3_write() would drop the final CRLF of a message as it was + considered part of the EOB as opposed to part of the message. Whilst + the EOB sequence needs to be searched for by the function only the + final 3 characters should be removed as per RFC-1939 section 3. + + Reported by: Rich Gray + Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html + +- [Steve Holme brought this change] + + smtp.c: Fixed an issue with the EOB checking + + Curl_smtp_escape_eob() would leave off final CRLFs from emails ending + in multiple blank lines additionally leaving the smtpc->eob variable + with the character count in, which would cause problems for additional + emails when sent through multiple calls to curl_easy_perform() after a + CURLOPT_CONNECT_ONLY. + +- CURLE_FTP_PRET_FAILED: listed twice + + Make sure it is mentioned once and with the correct description + +- --mail-auth documented + +- [Steve Holme brought this change] + + SMTP: Code policing and tidy up + +- [Steve Holme brought this change] + + curl: Added support for --mail-auth + + Added an extra command-line argument to support the optional AUTH + parameter in SMTPs MAIL FROM command. + +Kamil Dudka (16 Feb 2012) +- docs: mention that NTLM works with NSS, too + +Daniel Stenberg (15 Feb 2012) +- [Steve Holme brought this change] + + DOCS: Added information for CURLOPT_MAIL_AUTH. + + Added information relating to the new CURLOPT_MAIL_AUTH parameter and + reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer. + + Fixed inconsistencies of "vocalisation of the abbreviation" versus + "vocalisation of the first word" for all abbreviations. + + Corrected a typo in CURLOPT_NOPROXY. + +- [Steve Holme brought this change] + + smtp.c: Fixed use of angled brackets in AUTH parameter. + + Fixed the use of angled brackets "<>" in the optional AUTH parameter as + per RFC-2554 section 5. The address should not include them but an + empty address should be replaced by them. + +- [Steve Holme brought this change] + + smtp_mail: Added support to MAIL FROM for the optional AUTH parameter + + Added a new CURLOPT_MAIL_AUTH option that allows the calling program to + set the optional AUTH parameter in the MAIL FROM command. + + When this option is specified and an authentication mechanism is used + to communicate with the mail server then the AUTH parameter will be + included in the MAIL FROM command. This is particularly useful when the + calling program is acting as a relay in a trusted environment and + performing server to server communication, as it allows the relaying + server to specify the address of the mailbox that was used to + authenticate and send the original email. + +- [toddouska brought this change] + + cyassl: update to CyaSSL 2.0.x API + + Modify configure.ac to test for new CyaSSL Init function and remove + default install path to system. Change to CyaSSL OpenSSL header and + proper Init in code as well. + + Note that this no longer detects or works with CyaSSL before v2 + +- LIBCURL_VERSION_NUM: 0x071900 + + I accidentally left the lowest bits 01 before + +- [Steve Holme brought this change] + + SMTP: Fixed error when using CURLOPT_CONNECT_ONLY + + Fixed incorrect behavior in smtp_done() which would cause the end of + block data to be sent to the SMTP server if libcurl was operating in + connect only mode. This would cause the server to return an error as + data would not be expected which in turn caused libcurl to return + CURLE_RECV_ERROR. + +- s/7.24.1/7.25.0 + + We will go straight to 7.25.0 due to the new additions + +- curlver.h: bumped to 7.25.0 + + and updated the end year in the generic copyright string + +- RELEASE-NOTES: synced with 2b26eb985 + + 9 bug fixes, 4 changes and numerous contributors + + Bumped release version and option counters + +- [Colin Hogben brought this change] + + configure: add option disable --libcurl output + +- [Alessandro Ghedini brought this change] + + curl tool: allow negative numbers as option values + + Fix the str2num() function to not check if the input string starts with a + digit, since strtol() supports numbers prepended with '-' (and '+') too. + This makes the --max-redirs option work as documented. + +- parse_proxy: simply memory handling + + ... by making sure that the string is always freed after the invoke as + parse_proxy will always copy the data and this way there's a single + free() instead of multiple ones. + +- parse_proxy: bail out on zero-length proxy names! + + The proxy parser function strips off trailing slashes off the proxy name + which could lead to a mistaken zero length proxy name which would be + treated as no proxy at all by subsequent functions! + + This is now detected and an error is returned. Verified by the new test + 1329. + + Reported by: Chandrakant Bagul + Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html + +Kamil Dudka (9 Feb 2012) +- nss: add support for the CURLSSLOPT_ALLOW_BEAST option + + ... and fix some typos from the 62d15f1 commit. + +Daniel Stenberg (9 Feb 2012) +- [Rob Ward brought this change] + + configure: don't modify LD_LIBRARY_PATH for cross compiles + +- --ssl-allow-beast added + + This new option tells curl to not work around a security flaw in the + SSL3 and TLS1.0 protocols. It uses the new libcurl option + CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set. + +- CURLOPT_SSL_OPTIONS: added + + Allow an appliction to set libcurl specific SSL options. The first and + only options supported right now is CURLSSLOPT_ALLOW_BEAST. + + It will make libcurl to disable any work-arounds the underlying SSL + library may have to address a known security flaw in the SSL3 and TLS1.0 + protocol versions. + + This is a reaction to us unconditionally removing that behavior after + this security advisory: + + http://curl.haxx.se/docs/adv_20120124B.html + + ... it did however cause a lot of programs to fail because of old + servers not liking this work-around. Now programs can opt to decrease + the security in order to interoperate with old servers better. + +- [Dave Reisner brought this change] + + curl: use new library-side TCP_KEEPALIVE options + + Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via + the sockopt callback. If --keepalive-time is used, apply the value to + CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL. + +- [Dave Reisner brought this change] + + add library support for tuning TCP_KEEPALIVE + + This adds three new options to control the behavior of TCP keepalives: + + - CURLOPT_TCP_KEEPALIVE: enable/disable probes + - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe + - CURLOPT_TCP_KEEPINTVL: delay between successive probes + + While not all operating systems support the TCP_KEEPIDLE and + TCP_KEEPINTVL knobs, the library will still allow these options to be + set by clients, silently ignoring the values. + +- curl_easy_reset: reset the referer string + + When CURLOPT_REFERER has been used, curl_easy_reset() did not properly + clear it. + + Verified with the new test 598 + + Bug: http://curl.haxx.se/bug/view.cgi?id=3481551 + Reported by: Michael Day + +Yang Tse (7 Feb 2012) +- curl tool: allow glob-loops to abort again upon critical errors + + This prevents clobbering of non recoverable error return codes while + retaining intended functionality of commit 65103efe + +Daniel Stenberg (6 Feb 2012) +- curl tool: don't abort glob-loop due to failures + + We want to continue to the next URL to try even on failures returned + from libcurl. This makes -f with ranges still get subsequent URLs even + if occasional ones return error. This was a regression as it used to + work and broke in the 7.23.0 release. + + Added test case 1328 to verify the fix. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3481223 + Reported by: Juan Barreto + +- CONNECT: send correct Host: with IPv6 numerical address + + When the target host was given as a IPv6 numerical address, it was not + properly put within square brackets for the Host: header in the CONNECT + request. The "normal" request did fine. + + Reported by: "zooloo" + Bug: http://curl.haxx.se/bug/view.cgi?id=3482093 + +- [Martin Storsjo brought this change] + + Explicitly link to the nettle/gcrypt libraries + + When support for nettle was added in 64f328c787ab, I overlooked + the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS + if the check succeeded, if a custom success code block was present. + (The previous version of the check had an empty block for + successful checks, adding the lib to LIBS implicitly.) + + Therefore, explicitly add either nettle or gcrypt to LIBS, after + deciding which one to use. Even if they can be linked in + transitively, it is safer to actually link explicitly to them. + + This fixes building with gnutls with linkers that don't allow + linking transitively, such as for windows. + +- [Pierre Ynard brought this change] + + more resilient connection times among IP addresses + + When connecting to a domain with multiple IP addresses, allow different, + decreasing connection timeout values. This should guarantee some + connections attempts with sufficiently long timeouts, while still + providing fallback. + +- [Pierre Ynard brought this change] + + remove write-only variable + +Pierre Joye (26 Jan 2012) +- Merge branch 'master' of github.com:bagder/curl + +- - fix IPV6 and IDN options + +Yang Tse (25 Jan 2012) +- TODO-RELEASE: added item #308 + +Daniel Stenberg (25 Jan 2012) +- THANKS: imported contributors from 7.24.0 RELEASE-NOTES + +Yang Tse (25 Jan 2012) +- test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit + +- version: start working on 7.24.1-DEV + +Dan Fandrich (24 Jan 2012) +- curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions + +Version 7.24.0 (24 Jan 2012) + +Daniel Stenberg (24 Jan 2012) +- RELEASE-NOTES: synced with 70f71bb99f7ed9 + + Synced and prepared for 7.24.0 release. Two security problems, one bug fix, + two more contributors. + +- gnutls: enforced use of SSLv3 + + With advice from Nikos Mavrogiannopoulos, changed the priority string to + add "actual priorities" and favour ARCFOUR. This makes libcurl work + better when enforcing SSLv3 with GnuTLS. Both in the sense that the + libmicrohttpd test is now working again but also that it mitigates a + weakness in the older SSL/TLS protocols. + + Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html + Reported by: Christian Grothoff + +- tests: test CRLF in URLs + + Related to the security vulnerability: CVE-2012-0036 + + Bug: http://curl.haxx.se/docs/adv_20120124.html + +- URL sanitize: reject URLs containing bad data + + Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a + decoded manner now use the new Curl_urldecode() function to reject URLs + with embedded control codes (anything that is or decodes to a byte value + less than 32). + + URLs containing such codes could easily otherwise be used to do harm and + allow users to do unintended actions with otherwise innocent tools and + applications. Like for example using a URL like + pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get + a mail and instead this would delete one. + + This flaw is considered a security vulnerability: CVE-2012-0036 + + Security advisory at: http://curl.haxx.se/docs/adv_20120124.html + + Reported by: Dan Fandrich + +- OpenSSL: don't disable security work-around + + OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability + (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit + to SSL_OP_ALL that _disables_ that work-around despite the fact that + SSL_OP_ALL is documented to do "rather harmless" workarounds. + + The libcurl code uses the SSL_OP_ALL define and thus logically always + disables the OpenSSL fix. + + In order to keep the secure work-around workding, the + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change + makes sure of this. + + Reported by: product-security at Apple + +- RELEASE-NOTES: synced with 6e2fd2c9ea + + 3 more bugfixes, 3 more contributors + +- CURLOPT_ACCEPTTIMEOUT_MS: spellfix + +Dan Fandrich (20 Jan 2012) +- examples: updated README with two new example programs + +Daniel Stenberg (20 Jan 2012) +- URL parse: user name with ipv6 numerical address + + Using a URL with embedded user name and password didn't work if the host + was given as a numerical IPv6 string, like ftp://user:password@[::1]/ + + Reported by: Brandon Wang + Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html + +Yang Tse (20 Jan 2012) +- telnet.c: fix OOM triggered segfault + +- testtrace.c: fix compiler warning + +- OpenSSL: follow-up for commit a20daf90e3 + + avoid checking preprocessor definition official value + +Pierre Joye (19 Jan 2012) +- - s, use, enable, for options name, avoiding conflicts with the names used in the makefile + +Daniel Stenberg (19 Jan 2012) +- curl.1: improve --stderr wording + + As is pointed out in this bug report, there can indeed be situation + where --stderr has a point even when the "real" stderr can be + redirected. Remove the superfluous and wrong comment. + + bug: http://curl.haxx.se/bug/view.cgi?id=3476020 + +- KNOWN_BUGS: can't receive zero bytes file properly + + http://curl.haxx.se/bug/view.cgi?id=3438362 + +Yang Tse (18 Jan 2012) +- ssl session caching: fix compiler warnings + +Daniel Stenberg (18 Jan 2012) +- polarssl: show cipher suite name correctly with 1.1.0 + + Apparently ssl_get_ciphersuite() is needed to get the name of the used + cipher suite. + +- polarssl: show error code correctly + + The value was turned negative when it shouldn't have been + +- polarssl: havege_rand is not present in version 1.1.0 + + ... it is now named havege_random! + + Reported by: Robert Schumann + Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html + +- RELEASE-NOTES: synced with 5d70a61b94604 + + 5 more bug fixes, 1 more contributor + +- [Colin Hogben brought this change] + + Add two tests for telnet: URLs + + Add simple telnet tests which (ab)use the http server. + The second test checks for an input file handling bug. + +- [Colin Hogben brought this change] + + Remove bogus optimisation of telnet upload. + + Remove wrongly implemented optimisation of telnet upload, apparently + intended to allow the library to avoid manually polling for input. + +- [Colin Hogben brought this change] + + Use correct file descriptor for telnet upload. + + Fix a bug where input was read from stdin even when a different FILE * + had been configured via CURLOPT_READDATA + +Yang Tse (18 Jan 2012) +- OpenLDAP: fix LDAP connection phase memory leak + + bug: http://curl.haxx.se/bug/view.cgi?id=3474308 + +- [Johannes Bauer brought this change] + + OpenSSL: fix PKCS#12 certificate parsing related memory leak + + Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12 + and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file. + +- OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled + + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull + interoperability with web server Netscape Enterprise Server 2.0.1 released + back in 1996 more than 15 years ago. + + Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has + become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate + CVE-2010-4180 when using previous OpenSSL versions we no longer enable + this option regardless of OpenSSL version and SSL_OP_ALL definition. + +- tests: enable time tracing on tests 500, 573 and 585 + +- tests: testtrace.[ch] provides debug callback for libtest usage + + Allows tests from the libtest subdir to generate log traces + similar to those of curl with --tracetime and --trace-ascii + options but with output going to stderr. + +- sws.c: fix proxy mode secondary connection monitoring condition + +- add LF termination to infof() trace string + +- sws.c: improve proxy mode torture testing support - followup to 18c6c8a5 + +Daniel Stenberg (16 Jan 2012) +- url2file: new simple example + + Just showing how to download the contents of a given URL into a local + file. + + Based on a suggestion and example code by Georg Potthast + +- imap.c: a dead simple imap example + + Just to show that IMAP is used just like other protocols + +Yang Tse (16 Jan 2012) +- sws.c: improve proxy mode torture testing support - followup to c731fc58 + +- sws.c: improve proxy mode torture testing support - followup to d4bf87dc + +- Curl_proxyCONNECT() trace known bug #39 + +Daniel Stenberg (14 Jan 2012) +- test: verify HTTP response code 308 + + This newly speced HTTP status code already works as intended in the new + spec: + http://greenbytes.de/tech/webdav/draft-reschke-http-status-308-02.html + + Test 1325 is added to verify that the method is kept after the redirect + +Yang Tse (13 Jan 2012) +- http_negotiate_sspi.c: fix compiler warning + +- ssh.c: fix compiler warning + +- sws.c: improve proxy mode torture testing support + +Daniel Stenberg (12 Jan 2012) +- RELEASE-NOTES: synced with 9f20379fe4 + + 5 bug fixes, 3 more contributors + +- hostip: avoid getaddrinfo when c-ares is used + + Some functions using getaddrinfo and gethostbyname were still + mistakingly being used/linked even if c-ares was selected as resolver + backend. + + Reported by: Arthur Murray + Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html + +Yang Tse (9 Jan 2012) +- sws.c: replace sleep() usage with wait_ms() + +Daniel Stenberg (9 Jan 2012) +- [gsengun brought this change] + + FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed + + Test 161 updated accordingly + +Yang Tse (8 Jan 2012) +- sws.c: some compiler warning fixes + +- lib/setup.h: portable symbolic names for Winsock shutdown() mode flags + +- sws.c: 812fa73057 follow-up + +- sws.c: some IPv6 proxy mode peparatory adjustments + +Daniel Stenberg (5 Jan 2012) +- curl.h: provide backwards compatible symbols + + In commit c834213ad52 we re-used some obsolete error codes, and here are + two defines that makes sure existing source codes that happen to use any + of these deprecated ones will still compile. + + As usual, define CURL_NO_OLDIES to avoid getting these "precaution + defines". + +- win32-threaded-resolver: stop using a dummy socket + + Previously the code would create a dummy socket while resolving just to + have curl_multi_fdset() return something but the non-win32 version + doesn't do it this way and the creation and use of a socket that isn't + made with the common create-socket callback can be confusing to apps + using the multi_socket API etc. + + This change removes the dummy socket and thus will cause + curl_multi_fdset() to return with maxfd == -1 more often. + +- [Peter Sylvester brought this change] + + OpenSSL: remove reference to openssl internal struct + + With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN + cflag. This flag might become the default in some distant future. + +Yang Tse (4 Jan 2012) +- test1320 test1321: avoid User-Agent comparison + +- httpserver.pl: reorder sws command line options + + make 'pidfile' and 'logfile' options appear first on command line in order + to ensure that processing of other options which write to logfile do this + to intended file and not the default one. + +- sws.c: fix proxy mode segfault + +- tool_formparse.c: fix compiler warning: enumerated type mixed with another type + +- krb5.c: fix compiler warning: variable set but not used + +Daniel Stenberg (4 Jan 2012) +- KNOWN_BUGS: #77 CURLOPT_FORBID_REUSE kills NTLM + +- [Steve Holme brought this change] + + Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections. + + Fixed a problem in POP3 and IMAP where a connection would fail when + CURLUSESSL_TRY was specified for a server that didn't support + SSL/TLS connections rather than continuing. + +- [Steve Holme brought this change] + + Fixed incorrect error code being returned in STARTTLS + + The STARTTLS response code in SMTP, POP3 and IMAP would return + CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS + was not available on the server. + + Reported by: Gokhan Sengun + Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html + +- curl_easy_setopt: refer to the most recent URI RFC + +- RELEASE-NOTES: synced with 2f4a487a68 + + Two bugfixes, two more contributors + +- tests: test IMAP, POP3 and SMTP over HTTP proxy tunnel + +- test proxy supports CONNECT + + There's a new 'http-proxy' server for tests that runs on a separate port + and lets clients do HTTP CONNECT to other ports on the same host to + allow us to test HTTP "tunneling" properly. + + Test cases now have a section in to check that the + proxy protocol part matches correctly. + + Test case 80, 83, 95, 275, 503 and 1078 have been converted. Test 1316 + was added. + +- curl_easy_strerror.3: minor synopsis edit of the look + +Yang Tse (2 Jan 2012) +- hostip.c: fix potential write past the end of string buffer + +- hostip.c: fix Curl_loadhostpairs() OOM handling + +- runtests.pl: on test failure, don't show trace log files of other tests + +Daniel Stenberg (1 Jan 2012) +- Curl_input_negotiate: use the correct buffer for input + + Unfortunately we have no test cases for this and I have no SSPI build or + server to verify this with. The change seems simple enough though. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3466497 + Reported by: Patrice Guerin + +- runtests: put trace outputs in log/trace[num] for all tests + +- just a stupid typo + +- SFTP dir: increase buffer size counter + + When the buffer gets realloced to hold the file name in the + SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly. + + Reported by: Armel Asselin + Patch by: Armel Asselin + Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html + +- RELEASE-NOTES: synced with 81ebdd9e287 + + 6 more bugfixes, 3 more contributors + +- create_hostcache_id: use the key lower cased + + ... to make sure the DNS cache is properly case insensitive + +- changed case: use new host name for subsequent HTTP requests + + When a HTTP connection is re-used for a subsequent request without + proxy, it would always re-use the Host: header of the first request. As + host names are case insensitive it would make curl send another host + name case that what the particular request used. + + Now it will instead always use the most recent host name to always use + the desired casing. + + Added test case 1318 to verify. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html + Reported by: Alex Vinnik + +- CURLOPT_RESOLVE: avoid adding already present host names + + The load host names to DNS cache function was moved to hostip.c and it + now makes sure to not add host names that already are present in the + cache. It would previously lead to memory leaks when for example using + the --resolve and multiple URLs on the command line. + +Dan Fandrich (31 Dec 2011) +- runtests.pl: Use logmsg more consistently + +Daniel Stenberg (30 Dec 2011) +- [Alessandro Ghedini brought this change] + + examples: update README, Makefile.inc and gitignore with pop3s examples + +- [Alessandro Ghedini brought this change] + + examples: add a couple of simple pop3s examples + + These examples show how to fetch a single message (RETR command) and how to + list all the messages in a given mailbox (LIST command), with authentication + via SSL. + + They were both based on the https.c example. + +Yang Tse (30 Dec 2011) +- removed execute file permission + +- removed trailing whitespace + +- ftpserver.pl: arbitrary application data splitting among TCP packets [II] + + Take in account that 'pingpong' server commands may arrive splitted among + several sockfilt 'DATA' PDU's. + +- ftpserver.pl: arbitrary application data splitting among TCP packets [I] + + Initial step in order to allow our pingpong server to better support arbitrary + application data splitting among TCP packets. This first commit only addresses + reasembly of data that sockfilter processes reads from soockets and pingpong + server later reads from sockfilters stdout. + +- testcurl.pl: 82c344a3 follow-up + +- testcurl.pl: log ACLOCAL_FLAGS + +- testcurl.pl: third party m4 warnings filtering adjustment + + Make testcurl.pl ignore messages pertaining to third party m4 files we don't + care nor use on a file basis policy while retaining all other warnings. + + This closes temporary commit e71e226f + +Kamil Dudka (25 Dec 2011) +- transfer: avoid unnecessary timeout event when waiting for 100-continue + + The commit 9dd85bc unintentionally changed the way we compute the time + spent waiting for 100-continue. In particular, when using a SSL client + certificate, the time spent by SSL handshake was included and could + cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up. + + Bug: https://bugzilla.redhat.com/767490 + Reported by: Mamoru Tasaka + +Yang Tse (25 Dec 2011) +- transfer.c: move a logging statement placement + +- hash.c: fix OOM triggered segfault + +Daniel Stenberg (24 Dec 2011) +- ftp_do_more: don't return success until all is done + + ftp_do_more() returns after accepting the server connect however it + needs to fall through and set "*complete" to TRUE before exit from the + function. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html + Reported by: Gokhan Sengun + +- Curl_do_more: fix typo logic + + In the recent do_more fix the new logic was mistakenly checking the + pointer instead of what it points to. + + Reported by: Gokhan Sengun + Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html + +- SFTP mkdir: use correct permission + + When sending quote command to a SFTP server and 'mkdir' was used, it + would send fixed permissions and not use the CURLOPT_NEW_DIRECTORY_PERMS + as it should. + + Reported by: Armel + Patch by: Armel + Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html + +Yang Tse (23 Dec 2011) +- buildconf: minor tweaks commit 430527a1 follow-up + +Daniel Stenberg (23 Dec 2011) +- [Colin Hogben brought this change] + + Require a less ancient version of perl + + The INTERNALS document suggested that compatibility should be + maintained with perl version 4, but this was untrue - scripts such as + chksource.pl and runtests.pl use perl5-isms. + +- resolve: don't leak pre-populated dns entries + + CURLOPT_RESOLVE populates the DNS cache with entries that are marked as + eternally in use. Those entries need to be taken care of when the cache + is killed off. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3463121 + Reported by: "tw84452852" + +- new test: verify --resolve + + Test 1317 verifies --resolve (leaked memory) + + Bug: http://curl.haxx.se/bug/view.cgi?id=3463121 + Reported by: "tw84452852" + +Yang Tse (23 Dec 2011) +- testcurl.pl: temporary change + + Allow autobuilds to run a couple of days without filtering out aclocal + underquoted definition warnings. + +Daniel Stenberg (21 Dec 2011) +- operate: removed a single trailing space + +Dan Fandrich (21 Dec 2011) +- --retry: Retry transfers on timeout and DNS errors + +Yang Tse (21 Dec 2011) +- buildconf: minor tweaks + +- formdata.c: OOM handling fixes + +Daniel Stenberg (21 Dec 2011) +- TODO: 1.7 Happy Eyeball dual stack connect + +Dan Fandrich (20 Dec 2011) +- runtests.pl: Fixed perl warning when using the -l option + +Daniel Stenberg (20 Dec 2011) +- RELEASE-NOTES: added two references + +- Curl_socket_check: enlarge poll struct array to 3 + + This function was introduced in commit 5527417afae0 and as pointed out + by Gokhan Sengun, the array with poll structs must large enough to hold + 3 sockets since that is what the function can accept. It could be noted + that he had this fixed in his patch as posted in + http://curl.haxx.se/mail/lib-2011-12/0179.html + + Bug: http://curl.haxx.se/mail/lib-2011-12/0228.html + Reported by: Gokhan Sengun + +- RELEASE-NOTES: synced with 380bade777 + + 5 new bugfixes, 2 new changes and 4 new contributors + +- TODO: remove active FTP from section 2.1 + + It is no longer done blocking in the multi interface + +- libcurl docs: add the new FTP accept option + errors + +- timeleft_accept: ack global timeout, moved to ftp.c + + First off the timeout for accepting a server connect back must of course + respect a global timeout. Then the timeleft function is only used by ftp + code so it was moved to ftp.c and made static. + +- libcurl-tutorial.3: curl doesn't sent pragma no-cache + + It did a long time ago + +- libcurl-multi.3: active FTP is no longer blocking! + +- FTP: move FTP-specific struct field to ftpc_conn + + "wait_data_conn" was added to the connectionbits in commit c834213ad5 for + handling active FTP connections but as it is purely FTP specific and now + only ever accessed by ftp.c I moved it into the FTP connection struct. + +- non-blocking active FTP: cleanup multi state usage + + Backpedaled out the funny double-change of state in the multi state + machine by adding a new argument to the do_more() function to signal + completion. This way it can remain in the DO_MORE state properly until + done. Long term, the entire DO_MORE logic should be moved into the FTP + code and be hidden from the multi code as the logic is only used for + FTP. + +- [Gokhan Sengun brought this change] + + FTP: perform active connections non-blocking + + 1- Two new error codes are introduced. + + CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of + FTP server connected. + + CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts. + + Neither of these errors are considered fatal and control connection + remains OK because it could just be a firewall blocking server to + connect to the client. + + 2- One new setopt option was introduced. + + CURLOPT_ACCEPTTIMEOUT_MS + + It sets the maximum amount of time FTP client is going to wait for a + server to connect. Internal default accept timeout is 60 seconds. + +- sockets: new Curl_socket_check() can wait for 3 sockets + + This offers an alternative to the existing Curl_socket_ready() API which + only checks one socket for read and one for write. + +- [Cédric Deltheil brought this change] + + curl.h: add __ANDROID__ macro check + + When working with the Android Standalone Toolchain the compiler defines + this macro: + + /path/to/arm-linux-androideabi-gcc -E -dM - < /dev/null \ + | grep -i android + #define __ANDROID__ 1 + + We really need to check both ANDROID and __ANDROID__ since I've observed + that: + + * if you use Android.mk file(s) and the 'ndk-build' script (aka vanilla + way), ANDROID is predefined (see -DANDROID extra C flag), + + * if you use the Android Standalone Toolchain, then __ANDROID__ is + predefined as stated by the compiler + +- lib500: verify timers relative each other + + As commit ce896875f8 fixed a timer that accidentally had been moved in + code and then returned a bad timer, the lib500.c code (used in test 500 + and some others) now verifies 5 timers against each other to verify that + they have the correct relative values. We cannot compare against + absolute values as the timings will vary a lot. + +- Curl_pgrsTime: store now in an auto variable + + It makes it easier to introduce debug outputs in this function, and + everything in the function is using the value anyway so it might even be + more efficient. + +- timer: restore PRETRANSFER timing + + Regression introduced in 7.23.0 with commit 9dd85bce. The function in + which the PRETRANSFER time stamp was recorded was moved in time causing + it be stored very quickly after the start timestamp. On most systems + shorter than 1 millisecond and thus it wouldn't even show with -w + "%{time_pretransfer}" using the command line tool. + + Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html + Reported by: Toni Moreno + +- [Bernhard Reutner-Fischer brought this change] + + libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM + + Parameters were underquoted, resulting in + warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body + + Signed-off-by: Bernhard Reutner-Fischer + +- gitignore: ignore the symbol versioning file + +- tutorial: remove CURLM_CALL_MULTI_PERFORM add sharing + + The CURLM_CALL_MULTI_PERFORM reference is an old leftover I had to + remove. + + I also added some blurb to the previously blank "sharing" section. + +- [Alessandro Ghedini brought this change] + + configure: add symbols versioning option + + Allow, at configure time, the production of versioned symbols. The + symbols will look like "CURL__ ", where + represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...), + is the major SONAME version and is the actual symbol + name. If no SSL library is enabled the symbols will be just + "CURL_ ". + +- [Sven Wegener brought this change] + + Use Curl_ssl_connect for non-blocking connect fallback + + This gets the appconnect time right for ssl backends, which don't + support non-blocking connects. + + Signed-off-by: Sven Wegener + +- RELEASE-NOTES: synced with af9bc1604c1 + + One new feature, one bug fix. Introduced references in this file for + mentioned issues after this discussion: + http://curl.haxx.se/mail/lib-2011-12/0187.html + + The plan is to let the references get moved over to the changes.html + file at release-time + +- curl.1: minor white space cleanup + +- [Alessandro Ghedini brought this change] + + docs: improve description of the --capath option + + Document the possibility of providing multiple values using the ":" + separator, and the fact that the default value will be ignored if the + option is used. + +- [Steve Holme brought this change] + + DOCS: Added SMTP information to CURLOPT_INFILESIZE + +- Curl_proxyCONNECT: use newlines in debug output + +- curl -F: fix multiple file upload with custom type + + Test case 1315 was added to verify this functionality. When passing in + multiple files to a single -F, the parser would get all confused if one + of the specified files had a custom type= assigned. + + Reported by: Colin Hogben + +- [Colin Hogben brought this change] + + New test for multiple file upload + + test 1315 checks correct behaviour when uploading multiple files. + Buggy behaviour has been seen where only two attachments are sent. + +Yang Tse (15 Dec 2011) +- configure: libtool 1.5 tweaks + +Daniel Stenberg (15 Dec 2011) +- [Colin Hogben brought this change] + + Correct substitution var names + + Two variable names were wrong in the documentation. + +- [Colin Hogben brought this change] + + Correct default upload mimetype in manual + + The default content-type for file uploads is application/octet-stream, + not text/plain as stated in the MANUAL. + +- [Alessandro Ghedini brought this change] + + docs: fix typo in curl_easy_setopt manpage + +Yang Tse (13 Dec 2011) +- if2ip.[ch]: fix compilation with MinGW + + Avoid 'interface' literal that some MinGW versions define as a macro + +- connect.c: fix compiler warning 'enumerated type is mixed with another type' + +- if2ip.c: fix compiler warning 'unused parameter' + +- pop3.c: fix compiler warning variable may be used uninitialized + +- if2ip.c: fix compiler warning 'enumerated type is mixed with another type' + +Daniel Stenberg (12 Dec 2011) +- [Jason Glasgow brought this change] + + CURLOPT_INTERFACE: avoid resolving interfaces names + + Do not try to resolve interfaces names via DNS by recognizing interface + names in a few ways. If the interface option argument has a prefix of + "if!" then treat the argument as only an interface. Similarly, if the + interface argument is the name of an interface (even if it does not have + an IP address assigned), treat it as an interface name. Finally, if the + interface argument is prefixed by "host!" treat it as a hostname that + must be resolved by /etc/hosts or DNS. + + These changes allow a client using the multi interfaces to avoid + blocking on name resolution if the interface loses its IP address or + disappears. + +- RELEASE-NOTES: synced with 1259ccf7474 + + 5 more bugfixes, 5 more contributors + +- [Steve Holme brought this change] + + ConnectionExists: Fix reuse for TLS upgraded connections + + Fixed the connection reuse detection in ConnectionExists() when + comparing a new connection that is non-SSL based against that of a SSL + based connection that has become so by being upgraded via TLS. + +- create_conn: don't switch to HTTP protocol if tunneling is enabled + + This is a regression since who knows when. When spotting that a HTTP + proxy is used we must not uncondititionally enable the HTTP protocol + since if we do tunneling through the proxy we're still using the target + protocol. + + Reported by: Naveen Chandran + +- FAQ: add --resolve details to question 3.19 + +- [Gokhan Sengun brought this change] + + Curl_closesocket: clear sock_accepted on close + + As a follow-up from commit d5b5f64bce3a8, clear the sock_accepted status + when such a socket is closed to avoid a re-used connection to retain the + state wrongly. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0079.html + +- static SSL windows builds: add more libs to the link + + Starting with some recent OpenSSL versions (1.0.0e was mentioned) + linking with a static openssl requires a set of more libs to be linked + on Windows. + + Thanks also to Steve Holme and Martin Storsj for additional feedback. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html + Reported by: Ward Willats + +- [Gokhan Sengun brought this change] + + multi interface: fix block when CONNECT_ONLY option is used + +Dan Fandrich (6 Dec 2011) +- Added some include files in a couple of example programs + + This improves portability of the examples. This patch was + submitted to the OpenBSD ports collection by naddy. + +Daniel Stenberg (6 Dec 2011) +- MakefileBuild: fix the static build + + This is a left-over fix from commit b7e242de0e that Tom Wright + suggested. + + Reported by: Ward Willats + +- OpenSSL: check for the SSLv2 function in configure + + If no SSLv2 was detected in OpenSSL by configure, then we enforce the + OPENSSL_NO_SSL2 define as it seems some people report it not being + defined properly in the OpenSSL headers. + +- CURLOPT_CONNECTTIMEOUT: default is 300 seconds + + If the option is set to 0, the default timeout will be used - which in + modern libcurl versions equals 300 seconds (== 5 minutes). + + Bug: http://curl.haxx.se/mail/lib-2011-12/0051.html + Reported by: Vladimir Grishchenko + +- [Rob Ward brought this change] + + progress function example: include timed interval + + Adds a timer based off of CURLINFO_TOTAL_TIME that is used to perform + certain actions after a minimum amount of time has passed using the + progress function. As a consequence the curl handle is now also passed + into the progress function. Progress example now also includes an + example of how to retreive the TOTAL_TIME and print it out. + +- RELEASE-NOTES: synced with 347f951c390 + + 8 more bugs, 5 more contributors + +- SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 + + When a 32 digit hex key is given as a hostkey md5 checksum, the code + would still run it against the knownhost check and not properly + acknowledge that the md5 should then be the sole guide for. + + The verbose output now includes the evaluated MD5 hostkey checksum. + + Some related source code comments were also updated. + + Bug: http://curl.haxx.se/bug/view.cgi?id=3451592 + Reported by: Reza Arbab + +- Curl_resolver_is_resolved: differentiate between host/proxy errors + + As there are different return codes for host vs proxy errors, this function + now properly returns the code properly depending on what was attempted to get + resolved. + + Bug: http://curl.haxx.se/mail/archive-2011-12/0010.html + Reported by: Jason Liu + +- c-ares: return proxy failure for all proxy types + + When making a distinction which return code to return, the code previously + only regarded HTTP proxies to be proxies and thus return host-related errors + for failures on other proxy types than HTTP. Now all proxy types will be + considered proxies... + +- FTP: close callback fix + + Keep track of which sockets that are the result of accept() calls and + refuse to call the closesocket callback for those sockets. Test case 596 + now verifies that the open socket callback is called the same number of + times as the closed socket callback for active FTP connections. + + Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html + Reported by: Gokhan Sengun + +- FTP: call opensocket callback properly + + When the new socket is created for an active connection, it is now done + using the open socket callback. + + Test case 596 was modified to run fine, although it hides the fact that + the close callback is still called too many times, as it also gets + called for closing sockets that were created with accept(). + +- Curl_socket: internal replacement for socket() + + Moved out into a separate function to work as a "generic" socket() + replacement. + +- test: verify the opensocket callback for FTP + + test 595: for passive FTP + test 596: for active FTP + +- [Jason Glasgow brought this change] + + CURLOPT_DNS_SERVERS: set name servers if possible (fix) + + Ensure that CURLE_OK is returned if setting the name servers is successfull. + +- multi interface: only use non-NULL function pointer! + + If the socket callback function pointer hasn't been set, we must not + attempt to use it. Commit adc88ca20 made it more likely to occur. + +- [Jason Glasgow brought this change] + + multi: handle timeouts on DNS servers by checking for new sockets + + If the first name server is not available, the multi interface does + not invoke the socket_cb when the DNS request to the first name server + timesout. Ensure that the list of sockets are always updated after + calling Curl_resolver_is_resolved. + + This bug can be reproduced if Curl is complied with --enable_ares and + your code uses the multi socket interfaces and the + CURLMOPT_SOCKETFUNCTION option. To test try: + iptables -I INPUT \ + -s $(sed -n -e '/name/{s/.* //p;q}' /etc/resolv.conf)/32 \ + -j REJECT + and then run a program which uses the multi-interface. + +- test 815: verify POP3 dot-first-on-line unescaping