_ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | | (__| |_| | _ <| |___ \___|\___/|_| \_\_____| Changelog Version 7.28.1 (20 Nov 2012) Daniel Stenberg (20 Nov 2012) - RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1 Kamil Dudka (20 Nov 2012) - [Anthony Bryan brought this change] RELEASE-NOTES: NSS can be used for metalink hashing - [Fabian Keil brought this change] Get test 2032 working when using valgrind If curl_multi_fdset() sets maxfd to -1, the socket detection loop is skipped and thus !found_new_socket is no cause for alarm. - test2032: spurious failure caused by premature termination Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html Daniel Stenberg (19 Nov 2012) - [Fabian Keil brought this change] Fix comment typos in test 517 - [Fabian Keil brought this change] Test 92 and 194: normalize spaces in the Server headers It makes no difference from curl's point of view but makes it more convenient to use the tests with a lws-normalizing proxy between curl and the test server. - [Fabian Keil brought this change] Add a HOSTIP precheck for tests 31 and 1105 They currently only work for 127.0.0.1 which is hardcoded and can't be easily changed. - [Fabian Keil brought this change] Let test 8 work as long as %HOSTIP ends with ".0.0.1" .. and add a precheck to skip the test otherwise. - [Fabian Keil brought this change] Add --resolve to the keywords and name of test 1318 This makes it easier to skip it automatically when the test suite is used with external proxies. - [Fabian Keil brought this change] Add FTP keywords for a couple of currently keyword-less FTP tests - [Fabian Keil brought this change] Add keywords for a couple of currently keyword-less HTTP tests - [Fabian Keil brought this change] Use carriage returns in all headers in test 31 Trailing spaces were left unmodifed, assuming they were intentional. - [Fabian Keil brought this change] Do not mix CRLF and LF header endings in a couple of HTTP tests Consistently use CRLF instead. The mixed endings weren't documented so I assume they were unintentional. This change doesn't matter for curl itself but makes using the tests with a proxy between curl and the test server more convenient. Tests that consistently use no carriage returns were left unmodified as one can easily work around this. - fixed memory leak: CURLOPT_RESOLVE with multi interface DNS cache entries populated with CURLOPT_RESOLVE were not properly freed again when done using the multi interface. Test case 1502 added to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=3575448 Reported by: Alex Gruz - RELEASE-NOTES: synced with ee588fe08807778 4 more bug fixes and 4 more contributors - mem-include-scan: verify memory #includes If we use memory functions (malloc, free, strdup etc) in C sources in libcurl and we fail to include curl_memory.h or memdebug.h we either fail to properly support user-provided memory callbacks or the memory leak system of the test suite fails. After Ajit's report of a failure in the first category in http_proxy.c, I spotted a few in the second category as well. These problems are now tested for by test 1132 which runs a perl program that scans for and attempts to check that we use the correct include files if a memory related function is used in the source code. Reported by: Ajit Dhumale Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html - tftp_rx: code style cleanup Fixed checksrc warnings - [Fabian Keil brought this change] Fix the libauthretry changes from 7c0cbcf2f61 They broke the NTLM tests from 2023 to 2031. - [Christian Vogt brought this change] tftp_rx: handle resends Re-send ACK for block X in case we receive block X data again while waiting for block X+1. Based on an earlier patch by Marcin Adamski. - autoconf: don't force-disable compiler debug option When nothing is told to configure, we should not enforce switching off debug options with -g0 (or similar). We instead don't use -g at all in that situaion and therefore allow the user's CFLAGS settings possibly dictate what to do. - [Mark Snelling brought this change] winbuild: Fix PDB file output And fix some newlines to be proper CRLF Bug: http://curl.haxx.se/bug/view.cgi?id=3586741 - RELEASE-NOTES: synced with fa1ae0abcde - [Cristian RodrÃguez brought this change] OpenSSL: Disable SSL/TLS compression It either causes increased memory usage or exposes users to the "CRIME attack" (CVE-2012-4929) - [Sebastian Rasmussen brought this change] FILE: Make upload-writes unbuffered by not using FILE streams Kamil Dudka (13 Nov 2012) - tool_metalink: fix error detection of hash alg initialization The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly without any wrappers and they return 1 for success, 0 otherwise. Hence, we have to use the same approach in all the wrapper functions that are used for the other crypto libraries. This commit fixes a regression introduced in commit dca8ae5f. Daniel Stenberg (13 Nov 2012) - RELEASE-NOTES: synced with 7c0cbcf2f617b - [Sergei Nikulov brought this change] fixed Visual Studio 2010 compilation - [Anton Malov brought this change] ftp: EPSV-disable fix over SOCKS Bug: http://curl.haxx.se/bug/view.cgi?id=3586338 Patrick Monnerat (12 Nov 2012) - Merge branch 'master' of github.com:bagder/curl - OS400: upgrade wrappers for the 7.28.1 release. Daniel Stenberg (12 Nov 2012) - runtests: limit execessive logging/output - [Gabriel Sjoberg brought this change] Digst: Add microseconds into nounce calculation When using only 1 second precision, curl doesn't create new cnonce values quickly enough for all uses. For example, issuing the following command multiple times to a recent Tomcat causes authentication failures: curl --digest -utest:test http://tomcat.test.com:8080/manager/list This is because curl uses the same cnonce for several seconds, but doesn't increment the nonce counter.  Tomcat correctly interprets this as a replay attack and rejects the request. When microsecond-precision is available, this commit causes curl to change cnonce values much more frequently. With microsecond resolution, increasing the nounce length used in the headers to 32 was made to further reduce the risk of duplication. - SCP/SFTP: improve error code used for send failures Instead of relying on the generic CURLE error for SCP or SFTP send failures, try passing back a more suitable error if possible. - Curl_write: remove unneeded typecast Kamil Dudka (9 Nov 2012) - tool_metalink: allow to use hash algorithms provided by NSS Fixes bug #3578163: http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976 - tool_metalink: allow to handle failure of hash alg initialization - tool_metalink: introduce metalink_cleanup() in the internal API ... to release resources allocated at global scope Daniel Stenberg (8 Nov 2012) - hostcheck: only build for the actual users and make local function static - [Oscar Koeroo brought this change] SSL: Several SSL-backend related fixes axTLS: This will make the axTLS backend perform the RFC2818 checks, honoring the VERIFYHOST setting similar to the OpenSSL backend. Generic for OpenSSL and axTLS: Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c files to make them genericly available for both the OpenSSL, axTLS and other SSL backends. They are now in the new lib/hostcheck.c file. CyaSSL: CyaSSL now also has the RFC2818 checks enabled by default. There is a limitation that the verifyhost can not be enabled exclusively on the Subject CN field comparison. This SSL backend will thus behave like the NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: setting verifyhost to 0 or 1 will disable the Subject Alt Names checks too. Schannel: Updated the schannel information messages: Split the IP address usage message from the verifyhost setting and changed the message about disabling SNI (Server Name Indication, used in HTTP virtual hosting) into a message stating that the Subject Alternative Names checks are being disabled when verifyhost is set to 0 or 1. As a side effect of switching off the RFC2818 related servername checks with SCH_CRED_NO_SERVERNAME_CHECK (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature is being disabled. This effect is not documented in MSDN, but Wireshark output clearly shows the effect (details on the libcurl maillist). PolarSSL: Fix the prototype change in PolarSSL of ssl_set_session() and the move of the peer_cert from the ssl_context to the ssl_session. Found this change in the PolarSSL SVN between r1316 and r1317 where the POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu PolarSSL version 1.1.4 the check is to discriminate between lower then PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN trunk jumped from version 1.1.1 to 1.2.0. Generic: All the SSL backends are fixed and checked to work with the ssl.verifyhost as a boolean, which is an internal API change. - libcurl: VERSIONINFO update Since we added the curl_multi_wait function, the VERSIONINFO needed updating. Reported by: Patrick Monnerat Guenter Knauf (8 Nov 2012) - Added .def file to output. Requested by Johnny Luong on the libcurl list. - Added deps for static metalink-aware MinGW builds. Daniel Stenberg (8 Nov 2012) - [Fabian Keil brought this change] Fix compilation of lib1501 - Curl_readwrite: remove debug output The text "additional stuff not fine" text was added for debug purposes a while ago, but it isn't really helping anyone and for some reason some Linux distributions provide their libcurls built with debug info still present and thus (far too many) users get to read this info. - RELEASE-NOTES: synced with 487538e87a3d5e 6 new bugfixes and 3 more contributors... - http_perhapsrewind: consider NTLM over proxy too The logic previously checked for a started NTLM negotiation only for host and not also with proxy, leading to problems doing POSTs over a proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the check. Bug: http://curl.haxx.se/bug/view.cgi?id=3582321 Reported by: John Suprock - [Lars Buitinck brought this change] Curl_connecthost: friendlier "couldn't connect" message - test1413: verify redirects to URLs with fragments The bug report claimed it didn't work. This problem was probably fixed in 473003fbdf. Bug: http://curl.haxx.se/bug/view.cgi?id=3581898 - URL parser: cut off '#' fragments from URLs (better) The existing logic only cut off the fragment from the separate 'path' buffer which is used when sending HTTP to hosts. The buffer that held the full URL used for proxies were not dealt with. It is now. Test case 5 was updated to use a fragment on a URL over a proxy. Bug: http://curl.haxx.se/bug/view.cgi?id=3579813 - OpenSSL/servercert: use correct buffer size, not size of pointer Bug: http://curl.haxx.se/bug/view.cgi?id=3579286 - curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable - test 2027/2030: take duplicate Digest requests into account With the reversion of ce8311c7e49eca and the new clear logic, this flaw is present and we allow it. - Curl_pretransfer: clear out unwanted auth methods As a handle can be re-used after having done HTTP auth in a previous request, it must make sure to clear out the HTTP types that aren't wanted in this new request. - test1412: verify Digest with repeated URLs This test case verifies that bug 3582718 is fixed. Bug: http://curl.haxx.se/bug/view.cgi?id=3582718 Reported by: Nick Zitzmann (originally) - Revert "Zero out auth structs before transfer" This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97. The commit made test 2024 work but caused a regression with repeated Digest authentication. We need to fix this differently. - CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/ - gnutls: fix compiler warnings - [Alessandro Ghedini brought this change] gnutls: print alerts during handshake - [Alessandro Ghedini brought this change] gnutls: fix the error_is_fatal logic - RELEASE-NOTES: synced with fa6d78829fd30ad - httpcustomheader.c: free the headers after use - [Dave Reisner brought this change] uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES Since automake 1.12.4, the warnings are issued on running automake: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') Avoid INCLUDES and roll these flags into AM_CPPFLAGS. Compile tested on: Ubuntu 10.04 (automake 1:1.11.1-1) Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2) Arch Linux (automake 1.12.4) - libauthretry.c: shorten lines to fit within 80 cols - ftp_readresp: fix build without krb4 support Oops, my previous commit broke builds with krb support. - test/README: mention the 1500 test number range - FTP: prevent the multi interface from blocking As pointed out in Bug report #3579064, curl_multi_perform() would wrongly use a blocking mechanism internally for some commands which could lead to for example a very long block if the LIST response never showed. The solution was to make sure to properly continue to use the multi interface non-blocking state machine. The new test 1501 verifies the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3579064 Reported by: Guido Berhoerster Marc Hoersken (1 Nov 2012) - winbuild: Use machine type of development environment This patch restores the original behavior instead of always falling back to x86 if no MACHINE-type was specified. - winbuild: Additional clean up - [Sapien2 brought this change] Even more winbuild refactoring - [Sapien2 brought this change] Minor winbuild refactoring - [Sapien2 brought this change] Architecture selection for winbuild and minor makefiles refactoring Daniel Stenberg (1 Nov 2012) - BUGS: fix the bug tracker URL The URL we used before is the one that goes directly to 'add' a bug report, but since you can only do that after first having logged in to sourceforge, the link often doesn't work for visitors. Bug: http://curl.haxx.se/bug/view.cgi?id=3582408 Reported by: Oscar Norlander - evhiperfifo: fix the pointer passed to WRITEDATA Bug: http://curl.haxx.se/bug/view.cgi?id=3582407 Reported by: Oscar Norlander Guenter Knauf (1 Nov 2012) - Fixed MSVC libssh2 static build. Since libssh2 supports now agent stuff it also depends on user32.lib. Posted to the list by Jan Ehrhardt. Daniel Stenberg (23 Oct 2012) - tlsauthtype: deal with the string case insensitively When given a string as 'srp' it didn't work, but required 'SRP'. Starting now, the check disregards casing. Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 Reported by: Jeff Connelly - asyn-ares: restore working with c-ares < 1.6.1 Back in those days the public ares.h header didn't include the ares_version.h header so it needs to be included here. Bug: http://curl.haxx.se/bug/view.cgi?id=3577710 - [Nick Zitzmann brought this change] metalink/md5: Use CommonCrypto on Apple operating systems Previously the Metalink code used Apple's CommonCrypto library only if curl was built using the --with-darwinssl option. Now we use CommonCrypto on all Apple operating systems including Tiger or later, or iOS 5 or later, so you don't need to build --with-darwinssl anymore. Also rolled out this change to libcurl's md5 code. - href_extractor.c: fix the URL - [MichaÅ Kowalczyk brought this change] href_extractor: example code extracting href elements It does so in a streaming manner using the "Streaming HTML parser". - [Nick Zitzmann brought this change] darwinssl: un-broke iOS build, fix error on server disconnect The iOS build was broken by a reference to a function that only existed under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the server disconnected before libcurl got the chance to hang up first and SecureTransport was in use, then we'd raise an error instead of failing gracefully. - [Alessandro Ghedini brought this change] gnutls: put reset code into else block Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551 Guenter Knauf (13 Oct 2012) - Fix now broken libmetalink-aware OpenSSL build. - Revert c44e674; add OpenSSL includes/defines. The makefile is designed to build against a libmetalink devel package; therefore is does not matter what will change inside libmetalink. Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds. Daniel Stenberg (10 Oct 2012) - version-bump: towards 7.28.1! - THANKS: 14 new contributors from 7.28.0 Version 7.28.0 (10 Oct 2012) Daniel Stenberg (10 Oct 2012) - RELEASE-NOTES: synced with 8373ca3641 One bug, one contributor. Getting ready for release. - curl_multi_wait: no wait if no descriptors to wait for This is a minor change in behavior after having been pointed out by Mark Tully and discussed on the list. Initially this case would internally call poll() with no sockets and a timeout which would equal a sleep for that specified time. Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html Reported by: Mark Tully - TODO-RELEASE: cleanup for 7.28.0 one issue is now KNOWN_BUG #79 the other we just skip since nobody is working on it or is planning to start working on it anytime soon - curl_multi_wait.3: style formatting mistake Marc Hoersken (8 Oct 2012) - ssluse.c: md5.h is required for Curl_ossl_md5sum Daniel Stenberg (8 Oct 2012) - curl_multi_wait.3: fix the name of the man page - curl_multi_wait.3: renamed the last argument variable for clarity Marc Hoersken (6 Oct 2012) - curl_schannel.c: Fixed caching more data than required Do not fill the decrypted data buffer with more data unless required in order to return the requested amount of data. - curl_schannel: Removed buffer limit and optimized buffer strategy Since there are servers that seem to return very big encrypted data packages, we need to be able to handle those without having an internal size limit. To avoid the buffer growing to fast to early the initial size was decreased and the minimum free space in the buffer was decreased as well. - lib/socks.c: Merged two size variables into one - lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems. - lib/curl_schannel.c: Hide size_t conversion warning - krb5/curl_rtmp.c: Hide size_t to int type conversion warning - security.c: Aligned internal type to return type Use ssize_t instead of int to avoid conversion problems on 64-bit systems. Also added curlx_sztosi where necessary. - lib/curl_schannel: Increased maximum buffer size to factor 128 - winbuild/MakefileBuild.vc: Follow up on 0c8ccf7 Daniel Stenberg (2 Oct 2012) - RELEASE-NOTES: synced with 971f5bcedd418 9 new bug fixes, 5 changes, 6 more contributors - multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation During the periods of rate limitation, the speedcheck function wasn't called and thus the values weren't updated accordingly and it would then easily trigger wrongly once data got transferred again. Also, the progress callback's return code was not acknowledged in this state so it could make an "abort" return code to get ignored and not have the documented effect of aborting an ongoing transfer. Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html Reported by: Jie He - [Tatsuhiro Tsujikawa brought this change] tool_metalink.c: Filtered resource URLs by type In Metalink v3, the type attribute of url element indicates the type of the resource the URL points to. It can include URL to the meta data, such as BitTorrent metainfo file. In Curl, we are not interested in these meta data URLs. Instead, we are only interested in the HTTP and FTP URLs. This change filters out non-HTTP and FTP URLs. If we don't filter out them, it will be downloaded by curl and hash check will fail if hash is provided and next URL will be tried. This change will cut this useless network transfer. Kamil Dudka (1 Oct 2012) - https.c example: remember to call curl_global_init() ... in order not to leak memory on initializing an SSL library. Reported by: Tomas Mlcoch Daniel Stenberg (28 Sep 2012) - FAQ: remove the date from the topmost line - FAQ: 5.16 I want a different time-out! - Curl_reconnect_request: clear pointer on failure The Curl_reconnect_request() function could end up returning a pointer to a free()d struct when Curl_done() failed inside. Clearing the pointer unconditionally after Curl_done() avoids this risk. Reported by: Ho-chi Chen Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html - CURLOPT_CONNECTTIMEOUT: works without signals or posix too! Marc Hoersken (24 Sep 2012) - Makefile.vc6: Follow up on 0c8ccf7 - Makefile.vc6: Added missing default library advapi32.lib Daniel Stenberg (19 Sep 2012) - HTTP_ONLY: disable more protocols - test2006: Updated expected output to include hash name Output changed in commit a34197ef77cb - [Sergei Nikulov brought this change] cmake: use standard findxxx modules for cmake v2.8+ - [Sergei Nikulov brought this change] setup.h: fixed for MS VC10 build Bug: http://curl.haxx.se/bug/view.cgi?id=3568327 - TODO-RELEASE: push new features to 7.29 Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be working on them I have little hope... Marc Hoersken (17 Sep 2012) - metalink tests: Updated expected output to include hash name Daniel Stenberg (16 Sep 2012) - [Sara Golemon brought this change] curl_multi_wait: Add parameter to return number of active sockets Minor change to recently introduced function. BC breaking, but since curl_multi_wait() doesn't exist in any releases that should be fine. Marc Hoersken (14 Sep 2012) - socks.c: Fixed warning: conversion to 'int' from 'long unsigned int' - http_negotiate.c: Fxied warning: unused variable 'rc' - ssh.c: Fixed warning: implicit conversion from enumeration type - socks.c: Check that IPv6 is enabled before using it's features - checksrc: Fixed line length and comment indentation - socks.c: Updated error messages to handle hostname and IPv6 - socks.c: Added support for IPv6 connections through SOCKSv5 proxy Daniel Stenberg (13 Sep 2012) - parse_proxy: treat "socks://x" as a socks4 proxy Selected socks proxy in Google's Chrome browser. Resulting in the following environment variables: NO_PROXY=localhost,127.0.0.0/8 ALL_PROXY=socks://localhost:1080/ all_proxy=socks://localhost:1080/ no_proxy=localhost,127.0.0.0/8 ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP proxy. Reported by: Scott Bailey Bug: http://curl.haxx.se/bug/view.cgi?id=3566860 Kamil Dudka (12 Sep 2012) - ssh: do not crash if MD5 fingerprint is not provided by libssh2 The MD5 fingerprint cannot be computed when running in FIPS mode. - ssh: move the fingerprint checking code to a separate fnc Marc Hoersken (12 Sep 2012) - tool_metalink.c: Added name of validation hash to messages This makes it easier to debug broken hashes or hash functions. - wincrypt: Fixed cross-compilation issues caused by include name For some reason WinCrypt.h is named wincrypt.h under MinGW. - md5.c: Added support for Microsoft Windows CryptoAPI - Makefile.m32: Updated to build against libmetalink 0.1.2 The include and library path were moved within libmetalink, this patch adjusts the defaults provided within the curl MinGW makefile. - tool_metalink.c: Added support for Microsoft Windows CryptoAPI Since Metalink support requires a crypto library for hash functions and Windows comes with the builtin CryptoAPI, this patch adds that API as a fallback to the supported crypto libraries. It is automatically used on Windows if no other library is provided. - libntlmconnect.c: Fixed typo and conversion - libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer Fixed tests/libtest/libntlmconnect.c:52: warning: call to '_curl_easy_getinfo_err_long' declared with attribute warning: curl_easy_getinfo expects a pointer to long for this info - sws.c: Fixed warning: 'err' may be used uninitialized in this function - libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer Windows does not use -1 to represent invalid sockets and the SOCKET type is unsigned. - nss.c: Fixed warning: 'err' may be used uninitialized in this function - tool_metalink.c: Fixed error: 'O_BINARY' undeclared Check for O_BINARY which is not available on every system. - tool_metalink.c: Fixed validation of binary files containing EOF Since Windows/MinGW threat 0x1A as the EOF character, reading binary files which contain that byte does not work using text mode. The read function will only read until the first 0x1A byte. This means that the hash is not computed from the whole file and the final validation check using hash comparision fails. - winbuild: Added support for building with SPNEGO enabled Since Simple and Protected GSSAPI Negotiation Mechanism is already implemented in curl and supported by the MinGW builds, this change adds build support to winbuild makefiles. - winbuild: Adjusted order of options to generated config name Cleaned up order of handled build options by ordering them nearly alphabetically by using the order of the generated config name. Preparation for future/more build options. Daniel Stenberg (9 Sep 2012) - [Anthony Bryan brought this change] MANUAL: clarified user+password in HTTP URLs - RELEASE-NOTES: synced with 6c6f1f64c2 6 bug fixes to mention, 5 contributors - TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin -324 - curl_multi_select() vs curl_multi_fdvec() etc Marc Hoersken (9 Sep 2012) - curl_schannel.c: Reference count the credential/session handle Reference counting the credential handle should avoid that such a handle is freed while it is still required for connection shutdown Daniel Stenberg (8 Sep 2012) - [Nick Zitzmann brought this change] darwinssl: fixed for older Mac OS X versions SSL didn't work on older cats if built on a newer cat with weak-linking turned on to support the older cat - [David Blaikie brought this change] tool_easysrc.c: Test pointers against NULL While validating a new Clang diagnostic (-Wnon-literal-null-conversion - yes, the name isn't quite correct in this case, but it suffices) I found a few violations of it in Curl. - SOCKS: truly disable it if CURL_DISABLE_PROXY is defined Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 Patch by: Marcel Raad - mk-ca-bundle: detect start of trust section better Each certificate section of the input certdata.txt file has a trust section following it with details. This script failed to detect the start of the trust for at least one cert[*], which made the script continue pass that section into the next one where it found an 'untrusted' marker and as a result that certficate was not included in the output. [*] = "Hellenic Academic and Research Institutions RootCA 2011" Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html - [Alessandro Ghedini brought this change] gnutls: do not fail on non-fatal handshake errors Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402 - FILEFORMAT: the FTP commands work for more protocols - test1411: verify SMTP without SIZE support - [FrantiÅ¡ek KuÄera brought this change] SMTP: only send SIZE if supported SMTP client will send SIZE parameter in MAIL FROM command only if server supports it. Without this patch server might say "504 Command parameter not implemented" and reject the message. Bug: http://curl.haxx.se/bug/view.cgi?id=3564114 - ftpserver: respond with a 250 to SMTP EHLO ... and specify that SIZE is supported. 250 is the "correct" response code according to RFC 2821 - RELEASE-NOTES: synced with abb0da919300e Dan Fandrich (3 Sep 2012) - Updated Symbian build files This is untested, but at least Symbian still has a chance of still working now. - Updated build docs w.r.t. Android and binary sizes Daniel Stenberg (1 Sep 2012) - symbols-in-versions: new CURL_WAIT_* symbols - [Sara Golemon brought this change] Unit test for curl_multi_wait() - [Sara Golemon brought this change] Manpage for curl_multi_wait(). - [Sara Golemon brought this change] multi: add curl_multi_wait() /* * Name: curl_multi_wait() * * Desc: Poll on all fds within a CURLM set as well as any * additional fds passed to the function. * * Returns: CURLMcode type, general multi error code. */ CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, struct curl_waitfd extra_fds[], unsigned int extra_nfds, int timeout_ms); - [Nick Zitzmann brought this change] darwinssl: Bugfix for previous commit for older cats I accidentally broke functionality for versions of OS X prior to Mountain Lion in the previous commit. This commit fixes the problems. - [Joe Mason brought this change] Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice - test2032: bail out after last transfer The test would hang and get aborted with a "ABORTING TEST, since it seems that it would have run forever." until I prevented that from happening. I also fixed the data file which got broken CRLF line endings when I sucked down the path from Joe's repo == my fault. Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly this. - [Joe Mason brought this change] NTLM: re-use existing connection better If we need an NTLM connection and one already exists, always choose that one. - [Joe Mason brought this change] NTLM: verify multiple connections work Add test2032 to test that NTLM does not switch connections in the middle of the handshake - curl.1: list the -w variables sorted alphabetically - libcurl-share.3: remove wrong info of what can be shared "Currently you can only share DNS and/or COOKIE data" is incorrect since also SSL sessions can be shared. Bug: http://curl.haxx.se/bug/view.cgi?id=3562261 Reported by: Joe Mason - [Dave Reisner brought this change] examples: use do/while loop for multi examples It's conceivable that after the first time curl_multi_perform returns, the outvalue still_running will be 0, but work will have been done. This is shown by a workload of small, purely file:// based URLs. Ensure that we always read pending messages off the multi handle by forcing the while loop to run at least once. - curl.h: fix comment to refer to current names CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern libcurl versions. - ftpsget: simple example showing a FTPS fetch - sftpget: SFTP is not "SSH FTP" - [Armel Asselin brought this change] sftpget: example showing a simple SFTP download ... using SSH-agent - curl_multi_perform.3: extended/clarified - INSTALL.cmake: clarify some flaws/limits in the cmake build - https.c example: spell check used define Bug: http://curl.haxx.se/bug/view.cgi?id=3559845 Reported by: Olivier Berger - configure: update the copyright years for the output - [Nick Zitzmann brought this change] darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number of SecureTransport functions, some of which we were using. We now check to see if the replacement functions are present, and if so, we use them instead. The old functions are still present for users of older cats. Also fixed a build warning that started to appear under Mountain Lion - curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION - [Gokhan Sengun brought this change] ftp: active conn, place calling sockopt callback at the end of function Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket - [Gokhan Sengun brought this change] ftp: active conn, allow application to set sockopt after accept() call For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types. - configure: remove the --enable/disable-nonblocking options Removing this option as it currently only functions to lure people into wrongly using it and falsely believing that libcurl will work fine without using nonblocking sockets internally - which leads to hard to track or understand errors. - [Ant Bryan brought this change] MANUAL review - curl.1: shorten lines, avoid referring to libcurl instead of curl - [Ant Bryan brought this change] curl.1: fix more consistent wording "If this option is used several times, the last one will be used." uniformity - ssh: use the libssh2 agent API conditionally Commit e351972bc89aa4c brought in the ssh agent support but some uses of the libssh2 agent API was done unconditionally which wasn't good enough since that API hasn't always been present. - white space fix: shorten long line ... to please checksrc.pl Kamil Dudka (9 Aug 2012) - docs: update the links to cipher-suites supported by NSS ... and make the list of cipher-suites in nss.c readable by humans. Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html - nss: do not print misleading NSS error codes Daniel Stenberg (8 Aug 2012) - RELEASE-NOTES: synced with 0774386b23 5 more bug fixes, one change, 6 contributors - [Armel Asselin brought this change] docs: mention CURLSSH_AUTH_AGENT - [Armel Asselin brought this change] SSH: added agent based authentication CURLSSH_AUTH_AGENT is a new auth type for SSH - bump version to 7.28.0 I am about to merge the first patch that adds changes into the pending release, and thus we bump the minor number. - RELEASE-NOTES: added missing link - curl_version: fixed Value stored to 'len' is never read Fixed this (harmless) clang-analyzer warning. Also fixed the source indentation level. - TODO-RELEASE: the (nil) bug is fixed - add_next_timeout: minor restructure of code By reading the ->head pointer and using that instead of the ->size number to figure out if there's a list remaining we avoid the (false positive) clang-analyzer warning that we might dereference of a null pointer. - verbose messages: fixed output of hostnames in re-used connections I suspect this is a regression introduced in commit 207cf150, included since 7.24.0. Avoid showing '(nil)' as hostname in verbose output by making sure the hostname fixup function is called early enough to set the pointers that are used for this. The name data is set again for each request even for re-used connections to handle multiple hostnames over the same connection (like with proxy) or that the casing etc of the host name is changed between requests (which has proven to be important at least once in the past). Test1011 was modified to use a redirect with a re-used a connection since it then showed the bug and now lo longer does. There's currently no easy way to have the test suite detect 'nil' texts in verbose ouputs so no tests will detect if this problem gets reintroduced. Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html Reported by: Gisle Vanem - [Nick Zitzmann brought this change] metalink: Un-broke the build when building --with-darwinssl Guenter Knauf (8 Aug 2012) - Fix some compiler warnings. Daniel Stenberg (8 Aug 2012) - TODO-RELEASE: two bugs fixed These are now addressed: 323 - patch - select.c / Curl_socket_check() interrupted 325 - Avoid leak of local device string when reusing connection - curl.1: minor format fix for --data-ascii ... and removal of trailing whitespace on a single line - [Ant Bryan brought this change] curl man page cleanup - [Mike Crowe brought this change] Avoid leak of local device string when reusing connection Ensure that the copy of the CURLOPT_INTERFACE string is freed if we decide we can reuse an existing connection. - Curl_socket_check: fix timeout return value for select users This is the same fix applied for the conditional code that uses select() that was already done for the poll specific code in commit b61e8b81f5038. - [Maxime Larocque brought this change] Curl_socket_check: fix return code for timeout We found a problem with ftp transfer using libcurl (7.23 and 7.25) inside an application which is receiving unix signals (SIGUSR1, SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE defined). Curl_socket_check() uses poll() to wait for the socket, and retries it when a signal is received (EINTR). However, if a signal is received and it also happens that the timeout has been reached, Curl_socket_check() returns -1 instead of 0 (indicating an error instead of a timeout). In our case, the result is an aborted connection even before the ftp banner is received from the server, and a return value of CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(), in pingpong.c, actually returns OOM if Curl_socket_check() fails :-) Funny to debug on a system on which OOM is a possible cause). Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html - RELEASE-NOTES: synced with b4a558041fdf65c0 - TODO-RELEASE: fixed another bug bug #3544688 "crash during retry with libcurl and SFTP" - WSAPoll: disabled on all windows builds Due to WSAPoll bugs, libcurl does not work as intended. When the cURL library is used to setup a connection to an incorrect port, normally the result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll, the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */. On August 1, Jan Koen Annot opened a case for this to Microsoft Premier Online (https://premier.microsoft.com/). The support engineer handling the case wrote that the case description is quite clear. He will try to reproduce the issue and then proceed with troubleshooting it. Reported by: Jan Koen Annot Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html - retry request: only access the HTTP data if in fact HTTP When figuring out if the data stream needs to be rewound when the request is to be resent, we must not access the HTTP struct unless the protocol used is indeed HTTP... Bug: http://curl.haxx.se/bug/view.cgi?id=3544688 - TODO: support DANE, we already support gnutls without gcrypt - curl-config: parentheses fix Braces, not parentheses, should be used for shell variable names. Bug: http://curl.haxx.se/bug/view.cgi?id=3551460 Reported by: Edward Sheldrake - VC build: add define for openssl This fixes a build failure of lib/ssluse.c. Bug: http://curl.haxx.se/bug/view.cgi?id=3552997 - TODO-RELEASE: two bugs fixed! - globbing: fix segfault when >9 globs were used Stupid lack of range checks caused the code to overwrite local variables after glob number nine. Added checks now. Bug: http://curl.haxx.se/bug/view.cgi?id=3546353 - [Joe Mason brought this change] sws: close sockets properly Fix a bug where closed sockets (fd -1) were left in the all_sockets list, because of missing parens in a pointer arithmetic expression Reenable the tests that were locking up due to this bug. - [Joe Mason brought this change] Remove debug logs that were accidentally checked in - [Joe Mason brought this change] Use select in sws, which has better cross-platform support than poll - [Joe Mason brought this change] Use cross-platform curlx_nonblock instead of fcntl in sws - operate: fix clang-analyzer warnings for never read variables Two separate "Value stored to 'XXX' is never read" warnings - operate: fix clang-analyzer warning Value stored to 'separator' is never read - metalink: change code order to build with gnutls-nettle Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 Reported by: Anthony G. Basile - gtls: fix build failure by including nettle-specific headers Bug: http://curl.haxx.se/bug/view.cgi?id=3554668 Reported by: Anthony G. Basile Guenter Knauf (6 Aug 2012) - Fixed compiler warning - argument is type long. Daniel Stenberg (6 Aug 2012) - DISABLED: disable the new tests that do NTLM The tests 2025, 2028 and 2031 don't work for me so I'll have them disabled for now until we solve the problem. Joe Mason (3 Aug 2012) - Add tests of auth retries - Cleanup handshake after clean NTLM failure - Zero out auth structs before transfer - Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they won't continue reading until after poll is called again. - Change return values of get_request, accept_connection and service_connection to add a return code for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0 means there is no data available now so need to wait for poll (new return value) - Hoist the loop out of get_request, and make sure that it can be reentered when a request is half-finished. Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we initialize it from the caller we must be careful not to overwrite the pipeline data. Also we now need to handle the case where the buffer is already full when get_request is called - previously this never happened as it was always called with an empty buffer and looped until done. Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll signals it is readable. - Move blocks of code from the sws main loop into their own functions for easier refactoring later. The next step will be to call the correct function after a poll, rather than looping unconditionally - Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should be redundant once we poll Kamil Dudka (30 Jul 2012) - file: use fdopen() for uploaded files if available It eliminates noisy events when using inotify and fixes a TOCTOU issue. Bug: https://bugzilla.redhat.com/844385 Guenter Knauf (29 Jul 2012) - Added DWANT_IDN_PROTOTYPES define for MSVC too. Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html - Added Win32 problems. - Added hint to read docs/INSTALL too. - Added new file to distro. Steve Holme (28 Jul 2012) - TODO: Updated after 7.27.0 release Removed APOP and SASL authentication from the POP3 section and metalink support from the client section as these features were implemented in this release. Moved adding gssapi to SASL into it's own section rather than repeat it for each protocol. Daniel Stenberg (28 Jul 2012) - TODO-RELEASE: updated after 7.27.0 release - THANKS: 12 new contributors from the 7.27.0 release - version bump: start towards next release Let's call it 7.27.1 for now, but it it probably going to become 7.28.0 when released. Version 7.27.0 (27 Jul 2012) Guenter Knauf (27 Jul 2012) - Fixed compiler warning 'unused parameter'. - Added prototypes to kill compiler warning. - Added --with-winidn to configure. This needs another look from the configure experts. I tested that it works so far with MinGW64 cross-compiler; libcurl builds and links fine, but curl not yet ... Daniel Stenberg (27 Jul 2012) - [Ant Bryan brought this change] Update man page info on --metalink and typo. - RELEASE-NOTES: remove mentioned of bug never in a release The --silent bug came with 7561a0fc834c435 which was never in a release. Pointed out by Kamil Dudka - RELEASE-NOTES: synced with 33b815e894fb 4 more bugfixes, 3 more contributors Guenter Knauf (26 Jul 2012) - Changed Windows IDN text to 'WinIDN'. Synced the output to the same short form as we now use for Windows SSL (WinSSL). Daniel Stenberg (25 Jul 2012) - [Nick Zitzmann brought this change] darwinssl: fixed freeze involving the multi interface Previously the curl_multi interface would freeze if darwinssl was enabled and at least one of the handles tried to connect to a Web site using HTTPS. Removed the "wouldblock" state darwinssl was using because I figured out a solution for our "would block but in which direction?" dilemma. Guenter Knauf (25 Jul 2012) - Added support for tls-srp to MinGW builds. Daniel Stenberg (24 Jul 2012) - curl_easy_setopt: fix typo Reported by: Santhana Todatry - keepalive: multiply value for OS-specific units DragonFly uses milliseconds, while our API and Linux use full seconds. Reported by: John Marino Bug: http://curl.haxx.se/bug/view.cgi?id=3546257 Kamil Dudka (22 Jul 2012) - http: print reason phrase from HTTP status line on error Bug: https://bugzilla.redhat.com/676596 - tool_operate: fix misplaced initialization of orig_noprogress ... and orig_isatty which caused --silent to be entirely ignored in case the standard output was redirected to a file! Daniel Stenberg (21 Jul 2012) - [Anton Yabchinskiy brought this change] Client's "qop" value should not be quoted (RFC2617, section 3.2.2). Guenter Knauf (21 Jul 2012) - Fixed typo. Daniel Stenberg (20 Jul 2012) - make: make distclean work again The clean-local hook needed some polish to make sure make distclean works. Added comment describing why. - test Makefile: only feature 'unit' once in the list of dirs Dan Fandrich (20 Jul 2012) - Fixed some typos in documentation Guenter Knauf (20 Jul 2012) - Fixed CR issue with Win32 version on MSYS. Previous fix didnt work on Linux ... - Fixed CR issue with Win32 version on MSYS. - Fixed MSYS <-> Windows path convertion. Replaced the Windows real path from mount hack with a more reliable and simpler hack: the MSYS shell has a builtin pwd which understands a -W option which does convertion to Windows paths. Tested and confirmed that this works on all MSYS versions I have back to a 3 year old one. - Follow-up fix to detect SSL libs with MinGW. 1) the check for winssl needs to come before nss check 2) the SSL checks must begin with a new if or else we will never find any SSL lib with MinGW. - Tell git to not convert configure-related files. - Trial to teach runtests.pl about WinSSL. - Fixed warning 'uninitialized value in numeric gt'. This is a MSYS/MinGW-only warning; full warning text is: Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227. Daniel Stenberg (15 Jul 2012) - RELEASE-NOTES: synced with 9d11716933616 Fixed 6 bugs, added 3 contributors - multi_runsingle: added precaution against easy_conn NULL pointer In many states the easy_conn pointer is referenced and just assumed to be working. This is an added extra check since analyzing indicates there's a risk we can end up in these states with a NULL pointer there. - getparam: fix the GetStr() macro It should return PARAM_NO_MEM if the strdup fails. Spotted by clang-analyzer Guenter Knauf (15 Jul 2012) - Tell git to not convert configure-related files. Daniel Stenberg (13 Jul 2012) - parse_proxy: remove dead assignment Spotted by clang-analyzer - ftp_do_more: add missing check of return code Spotted by clang-analyzer. The return code was never checked, just stored. - getinfo: use va_end and cut off Curl_ from static funcs va_end() needs to be used after va_start() and we don't normally use Curl_ prefixes for purely static functions. - [Philip Craig brought this change] Split up Curl_getinfo This avoids false positives from clang's scan-build. Guenter Knauf (12 Jul 2012) - Added error checking for curl_global_init(). - Added curl_global_* functions. - Minor fixes to MinGW makefiles. Daniel Stenberg (12 Jul 2012) - docs: mention CURL_GLOBAL_DEFAULT Guenter Knauf (12 Jul 2012) - Added curl_global_* functions. Daniel Stenberg (12 Jul 2012) - tests: verify the stricter numeric option parser Test 1409 and 1410 verifies the stricter numeric option parser introduced the other day in commit f2b6ebed7b. - SWS: use of uninitialized memory fix I made "connmon" not get initialized properly before use, and I use the big hammer and make sure we always clear the entire struct to avoid any problem like this in the future. - test48: verify that HEAD doesn't close extra Two commits ago, we fixed a bug where the connction would be closed prematurely after a HEAD. Now I added connection-monitor to test 48 and added a second HEAD and make sure that both are sent over the same connection. This triggered a failure before the bug fix and now works. Will help us avoid a future regression of this kind. - connection-monitor: always log disconnect when enabled This makes verifying easier and makes us more sure curl closes the connection only at the correct point in time. Adjusted test 206 and 1008 accordingly and updated the docs for it. - HEAD: don't force-close after response-headers A HEAD response has no body length and gets the headers like the corresponding GET would so it should not get closed after the response based on the same rules. This mistake caused connections that did HEAD to get closed too often without a valid reason. Bug: http://curl.haxx.se/bug/view.cgi?id=3542731 Reported by: Eelco Dolstra Guenter Knauf (12 Jul 2012) - Removed trailing empty strings from awk script. - Cleaned up version awk script. - Added project copyright header. - Removed libcurl.imp from Makefile.am. Updated .gitignore for NetWare created files. - Added missing dependency to export list. - Fixed export list path. - Changed NetWare build to generate export list. - Added pointer to FAQ for linkage errors. - Small NetWare makefile tweak. - Changed MinGW makefiles to use WINSSL now. Daniel Stenberg (10 Jul 2012) - test231: fix wrong -C use! - cmdline: parse numerical options stricter 1 - str2offset() no longer accepts negative numbers since offsets are by nature positive. 2 - introduced str2unum() for the command line parser that accepts numericals which are not supposed to be negative, so that it will properly complain on apparent bad uses and mistakes. Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html - docs: switch to proper UTF-8 for text file encoding Yang Tse (9 Jul 2012) - Make Curl_schannel_version() return "WinSSL" Modification based on voting result: http://curl.haxx.se/mail/lib-2012-07/0104.html Daniel Stenberg (9 Jul 2012) - test 46: use different path lengths to get reliable sort order Since the order of the cookies is sorted by the length of the paths, having them on the same path length will make the test depend on what order the qsort() implementation will put them. As seen in the windows/msys output posted by Guenter in this posting: http://curl.haxx.se/mail/lib-2012-07/0105.html - cookie: fixed typo in comment - [Christian Hägele brought this change] https_getsock: provided for schannel backend as well The function https_getsock was only implemented properly when USE_SSLEAY or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL. The problem occurs when Curl_read_plain or Curl_write_plain returns CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an the used socket is set to state CURL_POLL_REMOVE and the easy-state is set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's where https_getsock is called and doesn't return any sockets. - RELEASE-NOTES: added a URL reference to cookie docs Guenter Knauf (8 Jul 2012) - Removed obsolete include path to project root. Daniel Stenberg (8 Jul 2012) - TODO-RELEASE: issue 316 NTLM over proxy is fixed - [Nick Zitzmann brought this change] darwinssl: don't use arc4random_buf Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the function is not available prior to iOS 4.3 and OS X 10.7. - KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format - KNOWN_BUGS: #79 - any RCPT TO failure makes and error Marc Hoersken (8 Jul 2012) - winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help - winbuild: Make USE_WINSSL depend on USE_SSPI Since WinSSL cannot be build without SSPI being enabled, USE_WINSSL now defaults to the value of USE_SSPI. The makefile does now raise an error if WinSSL is enabled while SSPI is disabled. - winbuild: Aligned USE_SSPI with other USE_x defines Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no. Backwards compatible change: USE_SSPI can still be passed as external parameter with yes/no value as long as ENABLE_SSPI is not given. USE_x defines are passed around with true/false values internally, USE_SSPI is now aligned to this approach, but still accepts external values yes/no being passed, just like the other defines. - winbuild: Clean up formatting and variable naming - Changed space usage to line up with the whole file - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be consistent with the other CFLAGS_x variables - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS) instead of appending directly to CFLAGS Daniel Stenberg (7 Jul 2012) - [Nick Zitzmann brought this change] darwinssl: output cipher with text, remove SNI warning The code was printing a warning when SNI was set up successfully. Oops. Printing the cipher number in verbose mode was something only TLS/SSL programmers might understand, so I had it print the name of the cipher, just like in the OpenSSL code. That'll be at least a little bit easier to understand. The SecureTransport API doesn't have a method of getting a string from a cipher like OpenSSL does, so I had to generate the strings manually. - RELEASE-NOTES: synced with 5a99bce07d - KNOWN_BUGS: NTLM with unicode works with schannel/winssl! Bug #75 updated with additional info, still remains for builds with other backends. - code police: narrow source to < 80 columns Yang Tse (5 Jul 2012) - unicode NTLM SSPI: cleanup follow-up - unicode NTLM SSPI: cleanup Reduce the number of #ifdef UNICODE directives used in source files. Daniel Stenberg (5 Jul 2012) - tests: use connection-monitor and verify results Test 1008 and 206 don't show the disconnect since it happens when SWS awaits a new request, but 503 does and so the verify section needs that string added. - http-proxy: keep CONNECT connections alive (for NTLM) When doing CONNECT requests, libcurl must make sure the connection is alive as much as possible. NTLM requires it and it is generally good for other cases as well. NTLM over CONNECT requests has been broken since this regression I introduced in my CONNECT cleanup commits that started with 41b02378342, included since 7.25.0. Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 Reported by: Marcel Raad - sws: support <servercmd> for CONNECT requests I moved out the servercmd parsing into a its own function called parse_servercmd() and made sure it gets used also when the test number is extracted from CONNECT requests. It turned out sws didn't do that previously! - FILEFORMAT: provided a full description of connection-monitor - lib503: enable verbose to ease debugging this - sws: add 'connection-monitor' command support Using this, the server will output in the protocol log when the connection gets disconnected and thus we will verify correctly in the test cases that the connection doesn't get closed prematurely. This is important for example NTLM to work. Documentation added to FILEFORMAT, test 503 updated to use this. Guenter Knauf (4 Jul 2012) - Removed non-used variable. - Added error checking for samples. - Renamed vars to avoid shadow global declaration. Daniel Stenberg (3 Jul 2012) - docs: clarify how to start with curl_multi_socket_action Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical application. Guenter Knauf (3 Jul 2012) - Moved some patterns to subfolder's .gitignore. - Merge branch 'master' of ssh://github.com/bagder/curl - MinGW makefile tweaks for running from sh. Added function macros to make path converting easier. Added CROSSPREFIX to all compile tools. Yang Tse (3 Jul 2012) - [Marc Hoersken brought this change] curl_ntlm_msgs.c: Removed unused variable passwd Guenter Knauf (3 Jul 2012) - Added files generated by mingw32, eclipse and VC. Posted by Marc Hoersken. Daniel Stenberg (3 Jul 2012) - cookies: change the URL in the cookie jar file header - HTTP-COOKIES: clarified and modified layout - HTTP-COOKIES: use the FAQ document layout - HTTP-COOKIES: added cookie documentation Yang Tse (3 Jul 2012) - curl_ntlm_msgs.c: include <tchar.h> for prototypes - [Neil Bowers brought this change] testcurl.pl: fix missing semicolon Daniel Stenberg (2 Jul 2012) - [Christian Hägele brought this change] unicode NTLM SSPI: heap corruption fixed When compiling libcurl with UNICODE defined and using unicode characters in username. Yang Tse (2 Jul 2012) - testcurl.pl: allow non in-tree c-ares enabled autobuild - configure.ac: verify that libmetalink is new enough Enabling test2017 to test2022. - [Tatsuhiro Tsujikawa brought this change] curl: Added runtime version check for libmetalink - [Tatsuhiro Tsujikawa brought this change] Include metalink/metalink.h for libmetalink functions Daniel Stenberg (2 Jul 2012) - errors: CURLM_CALL_MULTI_PERFORM is not returned anymore - release: cleaned up plans for this and coming release Yang Tse (29 Jun 2012) - curl-compilers.m4: remove -Wstrict-aliasing=3 from clang Currently it is unknown if there is any version of clang that actually supports -Wstrict-aliasing. What is known is that there are several that don't support it. - test2017 to test2022: more metalink tests With this commit, checks done in previous test2017 are now done in test2018. Whole range test2017 to test2022 DISABLED until configure is capable of requiring a new-enough metalink library. Don't try these without mentioned check in place! - test2005 to test2016: improve failure detection - lib582.c: fix conversion warning - nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes - [Marc Hoersken brought this change] nss.c: Fixed size_t conversion warnings - sslgen.c: cleanup temporary compile-time SSL-backend check Daniel Stenberg (28 Jun 2012) - schannel: provide two additional (dummy) API defines Yang Tse (28 Jun 2012) - [Tatsuhiro Tsujikawa brought this change] Metalink: message updates Print "parsing (...) OK" only when no warnings are generated. If no file is found in Metalink, treat it FAILED. If no digest is provided, print WARNING in parse_metalink(). Also print validating FAILED after download. These changes make tests 2012 to 2016 pass. Daniel Stenberg (27 Jun 2012) - sslgen: avoid compiler error in SSPI builds Yang Tse (27 Jun 2012) - ssluse.c: fix compiler warning: conversion to 'int' from 'size_t' Reported by Tatsuhiro Tsujikawa http://curl.haxx.se/mail/lib-2012-06/0371.html - sslgen.c: add compile-time check for SSL-backend completeness - build: add our standard includes to curl_darwinssl.c and curl_multibyte.c - build: add curl_schannel and curl_darwinssl files to other build systems - tests: add five more Metalink test cases - tests: update Metalink message format - [Tatsuhiro Tsujikawa brought this change] Metalink: updated message format - [Nick Zitzmann brought this change] DarwinSSL: allow using NTLM authentication Allow NTLM authentication when building using SecureTransport (Darwin) for SSL. This uses CommonCrypto, a cryptography library that ships with all versions of iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few less-common cyphers and doesn't have a big number data structure. - curl_darwinssl.h: add newline at end of file Daniel Stenberg (26 Jun 2012) - ossl_seed: remove leftover RAND_screen check Before commit 2dded8fedba (dec 2010) there was logic that used RAND_screen() at times and now I remove the leftover #ifdef check for it. The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious to keep since it hardly increases randomness but I fear I'll break something if I remove it now... Yang Tse (26 Jun 2012) - [Nick Zitzmann brought this change] DarwinSSL: several adjustments - Renamed st_ function prefix to darwinssl_ - Renamed Curl_st_ function prefix to Curl_darwinssl_ - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h - Fixed a teensy little bug that made non-blocking connection attempts block - Made it so that it builds cleanly against the iOS 5.1 SDK - curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds - [Marc Hoersken brought this change] sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing Fixed warning: dereferencing pointer does break strict-aliasing rules by using a union inside the struct Curl_sockaddr_storage declaration. Daniel Stenberg (26 Jun 2012) - SSL cleanup: use crypto functions through the sslgen layer curl_ntlm_msgs.c would previously use an #ifdef maze and direct SSL-library calls instead of using the SSL layer we have for this purpose. - [Nick Zitzmann brought this change] darwinssl: add support for native Mac OS X/iOS SSL - RELEASE-NOTES: link to more metalink info - RELEASE-NOTES: synced with d025af9bb576 Yang Tse (25 Jun 2012) - curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() - [Marc Hoersken brought this change] curl_schannel.c: Replace free() with Curl_safefree() - [Tatsuhiro Tsujikawa brought this change] curl.1: Updated Metalink description in man page Documented that --include will be ignored if both --metalink and --include are specified. Also documented that a Metalink file in the local file system cannot be used if FILE protocol is disabled. Steve Holme (24 Jun 2012) - DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html Reported by: Nagai H - smtp: Corrected result code for MAIL, RCPT and DATA commands Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html Reported by: Dan Daniel Stenberg (24 Jun 2012) - [Ghennadi Procopciuc brought this change] test: Added test HTTP receive cookies over IPv6 Yang Tse (22 Jun 2012) - tests: add another Metalink test case - [Tatsuhiro Tsujikawa brought this change] tests: Enable test2010 and fixed hash value - [Tatsuhiro Tsujikawa brought this change] Metalink: ignore --include if --metalink is used. Including headers in response body will break Metalink XML parser. If it is included in the file described in Metalink XML, hash check will fail. Therefore, --include should be ignored if --metalink is used. - tests: add six Metalink test cases - test 2005: add verification of hash checking outcome - getpart.pm: remove misleading comment - [Tatsuhiro Tsujikawa brought this change] curl: Prefixed all Metalink related messages with "Metalink: " - [Tatsuhiro Tsujikawa brought this change] tests: Added Metalink test case # 2005 - [Tatsuhiro Tsujikawa brought this change] curl: Restore noprogress and isatty config values. The noprogress and isatty in Configurable are global, in a sense that they persist in one curl invocation. Currently once one download writes its response data to tty, they are set to FALSE and they are not restored on successive downloads. This change first backups the current noprogress and isatty, and restores them when download does not write its data to tty. - [Tatsuhiro Tsujikawa brought this change] curl: Made --metalink option toggle Metalink functionality In this change, --metalink option no longer takes argument. If it is specified, given URIs are processed as Metalink XML file. If given URIs are remote (e.g., http URI), curl downloads it first. Regardless URI is local file (e.g., file URI scheme) or remote, Metalink XML file is not written to local file system and the received data is fed into Metalink XML parser directly. This means with --metalink option, filename related options like -O and -o are ignored. Usage examples: $ curl --metalink http://example.org/foo.metalink This will download foo.metalink and parse it and then download the URI described there. $ curl --metalink file://foo.metalink This will parse local file foo.metalink and then download the URI described there. - [Tatsuhiro Tsujikawa brought this change] curl: Refactored metalink_checksum When creating metalink_checksum from metalink_checksum_t, first check hex digest is valid for the given hash function. We do this check in the order of digest_aliases so that first good match will be chosen (strongest hash function available). As a result, the metalinkfile now only contains at most one metalink_checksum because other entries are just redundant. - [Gisle Vanem brought this change] tool_doswin.c: fix djgpp function _use_lfn() used without a prototype http://curl.haxx.se/mail/archive-2012-06/0028.html - build: fix RESOURCE bug in lib/Makefile.vc* Removed two, not intended to exist, RESOURCE declarations. Bug: http://curl.haxx.se/bug/view.cgi?id=3535977 And sorted configuration hunks to reflect same internal order as the one shown in the usage message. Daniel Stenberg (20 Jun 2012) - [Marc Hoersken brought this change] schannel: Implement new buffer size strategy Increase decrypted and encrypted cache buffers using limitted doubling strategy. More information on the mailinglist: http://curl.haxx.se/mail/lib-2012-06/0255.html It updates the two remaining reallocations that have already been there and fixes the other one to use the same "do we need to increase the buffer"-condition as the other two. CURL_SCHANNEL_BUFFER_STEP_SIZE was renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it is now. Since we don't know how much more data we are going to read during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the minimum free space required in the buffer for the next operation. CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since we don't have a step size now, the define was renamed. Yang Tse (20 Jun 2012) - schannel SSL: fix compiler warning - [Mark Salisbury brought this change] schannel SSL: fix for renegotiate problem In schannel_connect_step2() doread should be initialized based on connssl->connecting_state. - [Tatsuhiro Tsujikawa brought this change] runtests.pl: make it support metalink feature - getpart.pm: make test definition section/part parser more robust Test definition section parts which needed to include xml-lingo as contents of that part required that the xml-blurb was written as a single line. Now the xml-data inside the part can be written multiline making it more readable. Tested with <client><file> part which is written to disk before <command> runs. Daniel Stenberg (20 Jun 2012) - schannel_connect_step2: checksrc whitespace fix Yang Tse (20 Jun 2012) - [Mark Salisbury brought this change] schannel SSL: changes in schannel_connect_step2 Process extra data buffer before returning from schannel_connect_step2. Without this change I've seen WinCE hang when schannel_connect_step2 returns and calls Curl_socket_ready. If the encrypted handshake does not fit in the intial buffer (seen with large certificate chain), increasing the encrypted data buffer is necessary. Fixed warning in curl_schannel.c line 1215. - [Mark Salisbury brought this change] config-win32ce.h: WinCE config adjustment process.h is not present on WinCE - [Mark Salisbury brought this change] schannel SSL: Made send method handle unexpected cases better Implemented timeout loop in schannel_send while sending data. This is as close as I think we can get to write buffering; I put a big comment in to explain my thinking. With some committer adjustments Daniel Stenberg (19 Jun 2012) - [Marc Hoersken brought this change] curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size Yang Tse (19 Jun 2012) - [Mark Salisbury brought this change] schannel SSL: Use standard Curl read/write methods Replaced calls to swrite with Curl_write_plain and calls to sread with Curl_read_plain. With some committer adjustments - schannel SSL: make wording of some trace messages better reflect reality Daniel Stenberg (19 Jun 2012) - [Marc Hoersken brought this change] curl_schannel.h: Use BUFSIZE as the initial buffer size if available Make the Schannel implementation use libcurl's default buffer size for the initial received encrypted and decrypted data cache buffers. The implementation still needs to handle more data since more data might have already been received or decrypted during the handshake or a read operation which needs to be cached for the next read. Guenter Knauf (19 Jun 2012) - Fixed NetWare makefile broken from last commit. Yang Tse (19 Jun 2012) - [Mark Salisbury brought this change] schannel SSL: Implemented SSL shutdown curl_schannel.c - implemented graceful SSL shutdown. If we fail to shutdown the connection gracefully, I've seen schannel try to use a session ID for future connects and the server aborts the connection during the handshake. - [Mark Salisbury brought this change] schannel SSL: certificate validation on WinCE curl_schannel.c - auto certificate validation doesn't seem to work right on CE. I added a method to perform the certificate validation which uses CertGetCertificateChain and manually handles the result. - [Mark Salisbury brought this change] schannel SSL: Added helper methods to simplify code Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it easier to set up SecBuffer & SecBufferDesc structs. Guenter Knauf (18 Jun 2012) - Some more NetWare makefile tweaks for metalink. Yang Tse (18 Jun 2012) - tool_cb_see.c: WinCE build adjustment - [Mark Salisbury brought this change] setup.h: WinCE build adjustment - [Mark Salisbury brought this change] ftplistparser.c: do not compile if FTP protocol is not enabled - Win32: downplay MS bazillion type synonyms game Avoid usage of some MS type synonyms to allow compilation with compiler headers that don't define these, using simpler synonyms. Daniel Stenberg (15 Jun 2012) - Curl_rtsp_parseheader: avoid useless malloc/free Coverity actually pointed out flawed logic in the previous call to Curl_strntoupper() where the code used sizeof() of a pointer to pass in a size argument. That code still worked since it only needed to uppercase 4 letters. Still, the entire malloc/uppercase/free sequence was pointless since the code has already matched the string once in the condition that starts the block of code. - curl_share_setopt: use va_end() As spotted by Coverity, va_end() was not used previously. To make it used I took away a bunch of return statements and made them into assignments instead. Yang Tse (15 Jun 2012) - SSPI related code: Unicode support for WinCE - kill compiler warnings - [Mark Salisbury brought this change] SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up - build: add curl_multibyte files to build systems - [Mark Salisbury brought this change] SSPI related code: Unicode support for WinCE SSPI related code now compiles with ANSI and WCHAR versions of security methods (WinCE requires WCHAR versions of methods). Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file. curl_sasl.c - include curl_memory.h to use correct memory functions. getenv.c and telnet.c - WinCE compatibility fix With some committer adjustments Guenter Knauf (15 Jun 2012) - Fixed typo. Yang Tse (14 Jun 2012) - winbuild/MakefileBuild.vc: convert line endings to DOS style As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html - [Marc Hoersken brought this change] winbuild: Allow SSPI build with or without Schannel The changes introduced in commit 2bfa57bc32 are not enough to make it actually possible to use the USE_WINSSL option. Makefile.vc was not updated and the configuration name which is used in the build path did not match between both build files. This patch fixes those issues and introduces the following changes: - Replaced the -schannel name with -winssl in order to be consistent with the other options - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes) - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if USE_SSL is false and USE_WINSSL was not specified as a parameter - Separated WINSSL handling from SSPI handling to be consistent with the other options and their corresponding code path - curl.1: 7.27.0 seems next release - schannel: fix printf-style format strings - Fix bad failf() and info() usage Calls to failf() are not supposed to provide trailing newline. Calls to infof() must provide trailing newline. Fixed 30 or so strings. - schannel: fix unused parameter warnings - schannel: fix comparisons between signed and unsigned - schannel: fix discarding qualifier from pointer type - schannel: fix shadowing of global declarations - schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations - [Gisle Vanem brought this change] urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included via <winldap.h> in ldap.c. http://curl.haxx.se/mail/lib-2012-06/0196.html - MakefileBuild.vc: Allow building without SSL In order to use Windows native SSL support define 'USE_WINSSL' - configure: new option --with-winssl This option may be used to build curl/libcurl using SSL/TLS support provided by MS windows system libraries. Option is mutually exclusive with any other SSL library. Default value is --without-winssl. --with-winssl option implies --with-sspi option. Option meaningful only for Windows builds. Guenter Knauf (13 Jun 2012) - Changed Schannel string to SSL-Windows-native. This is more descriptive for the user who might not even know what schannnel is at all. Yang Tse (13 Jun 2012) - schannel: remove version number and identify its use with 'schannel' literal Version number is removed in order to make this info consistent with how we do it with other MS and Linux system libraries for which we don't provide this info. Identifier changed from 'WinSSPI' to 'schannel' given that this is the actual provider of the SSL/TLS support. libcurl can still be built with SSPI and without SCHANNEL support. Daniel Stenberg (12 Jun 2012) - singlesocket: remove dead code No need to check if 'entry' is non-NULL in a spot where it is already checked and guaranteed to be non-NULL. (Spotted by a Coverity scan) - netrc: remove dead code Remove two states from the enum and the corresponding code for them as these states were never reached or used. (Spotted by a Coverity scan) Yang Tse (12 Jun 2012) - Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing" This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e. It didn't server its purpose, so lets go back to long-time working code. - socks_sspi.c: further cleanup - [Marc Hoersken brought this change] socks_sspi.c: Clean up and removal of obsolete minor status Removed obsolete minor status variable and parameter of status function which was never used or set at all. Also Curl_sspi_strerror does support only one status and there is no need for a second sub status. Guenter Knauf (12 Jun 2012) - Removed trailing whitespaces. Yang Tse (12 Jun 2012) - strerror.c: make Curl_sspi_strerror() always return code for errors - curl_sspi.h: provide sspi status definitions missing in old headers - sspi: make Curl_sspi_strerror() libcurl's sspi status code string function - sspi: make Curl_sspi_strerror() libcurl's sspi status code string function Daniel Stenberg (11 Jun 2012) - Revert: 634f7cfee40d4658 partially Make sure CURL_VERSION_SSPI is present and works as in previous releases for ABI and API compatibility reasons. - checksrc: shorten a few lines to comply - cleanup: remove trailing whitespace - [Marc Hoersken brought this change] winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI Removed specific WITH_SSL=schannel paramter that did not fit the general schema and complicated the parameters. For now Schannel will be enabled if SSPI is enabled and OpenSSL is disabled. - [Steve Holme brought this change] Makefile.vc6: Added version.lib if built with SSPI - [Marc Hoersken brought this change] winbuild: Updated winbuild scripts to add schannel - [Marc Hoersken brought this change] mingw32: Fixed warning of USE_SSL being redefined - [Marc Hoersken brought this change] sspi: Fixed incompatible parameter pointer type in Curl_sspi_version - [Marc Hoersken brought this change] sspi: Updated RELEASE-NOTES, FEATURES and THANKS - [Marc Hoersken brought this change] setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined - [Marc Hoersken brought this change] version: Replaced SSPI feature information with version string details Added Windows SSPI version information to the curl version string when SCHANNEL SSL is not enabled, as the version of the library should also be included when SSPI is used to generate security contexts. Removed SSPI from the feature list as the features are GSS-Negotiate, NTLM and SSL depending on the usage of the SSPI library. - [Steve Holme brought this change] sspi.c: Post Curl_sspi_version() rework code tidy up Removed duplicate blank lines. Removed spaces between the not and test in various if statements. Removed explicit test of NULL in an if statement. Placed function returns on same line as function declarations. Replaced the use of curl_maprintf() with aprintf() as it is the preprocessor job to do this substitution if ENABLE_CURLX_PRINTF is set. - [Steve Holme brought this change] sspi: Reworked Curl_sspi_version() to return version components Reworked the version function to return four version components rather than a string that has to be freed by the caller. - [Guenter Knauf brought this change] configure.ac: Added -lversion if built with SSPI - [Marc Hoersken brought this change] schannel: Code cleanup and bug fixes curl_sspi.c: Fixed mingw32-gcc compiler warnings curl_sspi.c: Fixed length of error code hex output The hex value was printed as signed 64-bit value on 64-bit systems: SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322) It is now correctly printed as the following: SEC_E_WRONG_PRINCIPAL (0x80090322) curl_sspi.c: Fallback to security function table version number Instead of reporting an unknown version, the interface version is used. curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version curl_schannel: Replaced static buffer sizes with defined names curl_schannel.c: First brace when declaring functions on column 0 curl_schannel.c: Put the pointer sign directly at variable name curl_schannel.c: Use structs directly instead of typedef'ed structs curl_schannel.c: Removed space before opening brace curl_schannel.c: Fixed lines being longer than 80 chars - [Marc Hoersken brought this change] curl_sspi: Added Curl_sspi_version function Added new function to get SSPI version as string. Added required library version.lib to makefiles. Changed curl_schannel.c to use Curl_sspi_version. - [Guenter Knauf brought this change] schannel: Updated mingw32 makefiles - [Marc Hoersken brought this change] schannel: Replace ASCII specific code with general defines - [Marc Hoersken brought this change] schannel: Added definitions which are missing in mingw32 - [Marc Hoersken brought this change] schannel: Moved interal struct types to urldata.h Moved type definitions in order to avoid inclusion loop - [Marc Hoersken brought this change] schannel: Fixed compiler warnings about pointer type assignments - [Marc Hoersken brought this change] schannel: Fixed critical typo in conditions and added buffer length checks - [Marc Hoersken brought this change] sspi: Refactored socks_sspi and schannel to use same error message functions Moved the error constant switch to curl_sspi.c and added two new helper functions to curl_sspi.[ch] which either return the constant or a fully translated message representing the SSPI security status. Updated socks_sspi.c and curl_schannel.c to use the new functions. - [Marc Hoersken brought this change] schannel: Added special shutdown check for Windows 2000 Professional Windows 2000 Professional: Schannel returns SEC_E_OK instead of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer is zero and the first byte of the encrypted packet is 0x15, the application can safely assume that the message was a close_notify message and change the return value to SEC_I_CONTEXT_EXPIRED. Connection shutdown does not mean that there is no data to read Correctly handle incomplete message and ask curl to re-read Fixed buffer for decrypted being to small Re-structured read condition to be more effective Removed obsolete verbose messages Changed memory reduction method to keep a minimum buffer of size 4096 - [Marc Hoersken brought this change] schannel: Implemented SSL/TLS renegotiation Updated TODO information and added related MSDN articles - [Marc Hoersken brought this change] schannel: Save session credential handles in session cache - [Marc Hoersken brought this change] schannel: Code cleanup - [Marc Hoersken brought this change] schannel: Check for required context attributes - [Marc Hoersken brought this change] schannel: Allow certificate and revocation checks being deactivated - [Marc Hoersken brought this change] schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI - [Marc Hoersken brought this change] http: Replaced specific SSL libraries list in https_getsock fallback - [Marc Hoersken brought this change] connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing Fixed warning: dereferencing pointer does break strict-aliasing rules by using a union instead of separate pointer variables. Internal union sockaddr_u could probably be moved to generic header. Thanks to Paul Howarth for the hint about using unions for this. Important for winbuild: Separate declaration of sockaddr_u pointer. The pointer variable *sock cannot be declared and initialized right after the union declaration. Therefore it has to be a separate statement. - [Marc Hoersken brought this change] curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated Yang Tse (11 Jun 2012) - tests: fix test definitions # 1355, 1363, 1385 and 1393 -i without HTTP protocol shall not include headers in the output Daniel Stenberg (10 Jun 2012) - Curl_pgrsDone: return int and acknowledge return code Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an abort instruction or similar we need to return that info back and subsequently properly handle return codes from Curl_pgrsDone() where used. (Spotted by a Coverity scan) Steve Holme (10 Jun 2012) - [Marc Hoersken brought this change] winbuild: Fixed environment variables being lost Fixed USE_IPV6 and USE_IDN not being passed from Makefile.vc to MakefileBuild.vc Fixed whitespace and formatting issues Fixed typo and format in help message Guenter Knauf (9 Jun 2012) - Added metalink support to NetWare builds. Steve Holme (9 Jun 2012) - smtp.c: Removed unused variable - smtp: Post apop feature code tidy up - pop3: Post apop feature code tidy up - pop3: Added support for apop authentication - pop3: Enhanced the extended authentication mechanism detection Enhanced the authentication type / mechanism detection in preparation for the introduction of APOP support. - pop3.c: Fixed length of SASL check Yang Tse (9 Jun 2012) - Fixes allowing 26 more test cases in 1334 to 1393 range to succeed - tests: fix test definitions # 1370 and 1371 -J without -O shall not honor C-D filename Daniel Stenberg (9 Jun 2012) - OpenSSL: support longer certificate subject names Previously it would use a 256 byte buffer and thus cut off very long subject names. The limit is now upped to the receive buffer size, 16K. Bug: http://curl.haxx.se/bug/view.cgi?id=3533045 Reported by: Anthony G. Basile Kamil Dudka (8 Jun 2012) - ssl: fix duplicated SSL handshake with multi interface and proxy Bug: https://bugzilla.redhat.com/788526 Reported by: Enrico Scholz Daniel Stenberg (8 Jun 2012) - tool_getparam.h: fix compiler error forward declare the Configurable struct - metalink: restore some includes Commit eeeba1496cbca removed them and thus broke my Linux build - openldap: OOM fixes when calloc fails, return error! (Detected by Fortify) Reported by: Robert B. Harris Steve Holme (8 Jun 2012) - sasl: Re-factored mechanism constants in preparation for APOP work Yang Tse (8 Jun 2012) - metalink: build fixes and adjustments II Additionally, make hash checking ability mandatory in order to allow metalink support in curl. A command line option could be introduced to skip hash checking at runtime, but the ability to check hashes should always be built-in when providing metalink support. Guenter Knauf (8 Jun 2012) - Added metalink support to MinGW builds. Daniel Stenberg (7 Jun 2012) - log2changes.pl: fix the Version output Previously it could easily wrongly get repeated Yang Tse (7 Jun 2012) - metalink: build fixes and adjustments I Daniel Stenberg (7 Jun 2012) - lib554.c: use curl_formadd() properly The length/size options take longs so make sure to pass on such types. Reported by: Neil Bowers Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html Steve Holme (7 Jun 2012) - smtp.c: Re-factored the smtp_state_*_resp() functions Re-factored the smtp_state_*_resp() functions to 1) Match the constants that were refactored in commit 00fddba6727c, 2) To be more readable and 3) To match their counterparties in pop3.c. Yang Tse (7 Jun 2012) - Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed - tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP - tests 1348 to 1363: test definition polishing Verify that the "Saved to filename 'blabla'" message is only displayed when the 'blabla' filename being used _actually_ has been specified by the server in the Content-Disposition header. Use relative path for unintended file creation postcheck. Steve Holme (6 Jun 2012) - smtp: Re-factored the SMTP_AUTH* state machine constants Re-factored the SMTP_AUTH* constants, that are used by the state machine, to be clearer to read. Guenter Knauf (6 Jun 2012) - Added hint for pkg-config wrapper script. - Updated Android section with recent NDK. The r7b had some bugs, and shouldnt be used. Yang Tse (6 Jun 2012) - Disable non-HTTP header related tests These now detect incompleate header data and fail - tests 1348 to 1363: compleate header data part of test definition - tests 1334 to 1363 revisited. Add a postcheck section to verify unintended file creation. Remove needless <file> checks in verify section. Renumbering where appropriate. - tests: adjust file part behavior in test verify section. When a <file> part is now specified with no contents at all, this will actually verify that the specified file has no contents at all. Previously file contents would be ignored. Steve Holme (5 Jun 2012) - smtp.c: Removed whitespace - pop3: Another small code tidy up Missed some comments that we identified during the SMTP tidy up earlier. - smtp: Post authentication code tidy up Corrected lines longer than 78 characters. Removed unnecessary braces in smtp_state_helo_resp(). Introduced some comments in data sending functions. Tidied up comments to match changes made in pop3.c. Yang Tse (5 Jun 2012) - tests 1348 to 1363: add a comma in test description Steve Holme (5 Jun 2012) - email: Removed duplicated header file - sasl: Renamed Curl_sasl_decode_ntlm_type2_message() For consistency with other SASL based functions renamed this function to Curl_sasl_create_ntlm_type3_message() which better describes its usage. - pop3: Post authentication code tidy up Corrected lines longer than 78 characters. Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the AUTH command is no longer sent on its own. Introduced some comments in data sending functions. Another attempt at trying to rational code and comment style. - pop3: Added support for sasl digest-md5 authentication Yang Tse (4 Jun 2012) - sasl: add reference for curl_sasl - Makefile.inc: tab adjustment Daniel Stenberg (4 Jun 2012) - pop3 tests: CAPA instead of AUTH After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check for CAPA instead of AUTH. Steve Holme (4 Jun 2012) - sasl: Added service parameter to Curl_sasl_create_digest_md5_message() Added a service type parameter to Curl_sasl_create_digest_md5_message() to allow the function to be used by different services rather than being hard coded to "smtp". Yang Tse (4 Jun 2012) - tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN. Currently 1363 fails, so disabled for now. Steve Holme (4 Jun 2012) - tests: Updated pop3 tests for change in auth mechanism detection - pop3: Changed the sasl mechanism detection from auth to capa Not all SASL enabled POP3 servers support the AUTH command on its own when trying to detect the supported mechanisms. As such changed the mechanism detection to use the CAPA command instead. Daniel Stenberg (4 Jun 2012) - curl_easy_setopt.3: proto updates + cleanups - For all *FUNCTION options, they now all show the complete prototype in the description. Previously some of them would just refer to a typedef'ed function pointer in the curl.h header. - I made the phrasing of that "Pass a pointer to a function that matches the following prototype" the same for all *FUNCTION option descriptions. - I removed some uses of 'should'. I think I sometimes over-use this word as in many places I actually mean MUST or otherwise more specific and not-so-optional synonyms. Yang Tse (4 Jun 2012) - tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN. Currently 1355 fails, so disabled for now. - tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol Steve Holme (4 Jun 2012) - sasl: Small code tidy up Reworked variable names in Curl_sasl_create_cram_md5_message() to match those in Curl_sasl_create_digest_md5_message() as they are more appropriate. - sasl: Moved digest-md5 authentication message creation from smtp.c Moved the digest-md5 message creation from smtp.c into the sasl module to allow for use by other modules such as pop3. - sasl: Small code tidy up before moving digest-md5 over Correction of comments and variable names. - RELEASE-NOTES: Added missing addition of sasl login support - pop3: Added support for sasl cram-md5 authentication Daniel Stenberg (3 Jun 2012) - Curl_sasl_create_plain_message: remove TAB Steve Holme (3 Jun 2012) - sasl: Small code tidy up Added some comments and removed an unreferenced variable. - pop3.c: Added conditional compilation for NTLM function calls Added USE_NTLM condition compilation around the NTLM functions called from pop3_statemach_act() introduced in commit 69f7156ad96877. - sasl: Moved cram-md5 authentication message creation from smtp.c Moved the cram-md5 message creation from smtp.c into the sasl module to allow for use by other modules such as pop3. - pop3: Fixed an issue with changes introduced in commit c267c53017bc Because pop3_endofresp() is called for each line of data yet is not passed the line and line length, so we have to use the data pointed to by pp->linestart_resp which contains the whole packet, the mechanisms were being detected in one call yet the function would be called for each line of data. Using curl with verbose mode enabled would show that one line of data would be received in response to the AUTH command, before the AUTH <mechanism> command was sent to the server and then the next few lines of the original AUTH command would be displayed before the response from the AUTH <mechanism> command. This would then cause problems when parsing the CRAM-MD5 challenge data as extra data was contained in the buffer. Changed the parsing so that each line is checked for the mechanisms and the function returns FALSE until the whole of the AUTH response has been processed. Daniel Stenberg (3 Jun 2012) - version: bump to 7.27.0 for next release Due to new features - RELEASE-NOTES: synced with c4e3578e4bf Also bumped the contributor number and next release is to become 7.27.0 - THANKS: 16 new contributors from the 7.26.0 release Steve Holme (3 Jun 2012) - DOCS: Fixed list in Section 18.2 not displaying correctly on web site - DOCS: Corrected missed heading renumbering from commit 530675a1ad7 - DOCS: Added IMAP and LDAP sections Added new sections 11. IMAP and 12. LDAP to document adding SASL based authentication. Renumbered current sections 11 to 17 as 13 to 19. Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option. - sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8 Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup() is just a nop. - pop3.c:Corrected typo in commit 69ba0da8272d - pop3: Fixed the issue of having to supply the user name for all requests Previously it wasn't possible to connect to POP3 and not specify the user name as a CURLE_ACCESS_DENIED error would be returned. This error occurred because USER would be sent to the server with a blank user name if no mailbox user was specified as the server would reply with -ERR. This wasn't a problem prior to the 7.26.0 release but with the introduction of custom commands the user and/or application developer might want to issue a CAPA command without having to log in as a specific mailbox user. Additionally this fix won't send the newly introduced AUTH command if no user name is specified. - pop3.c: Small code tidy up Corrected lines exceeding 78 characters. Repositioned some comments and added extra clarity. - sasl: Corrected variable names in comments and parameters - pop3: Added support for sasl ntlm authentication - sasl: Small comment style tidy up following ntlm commit - sasl: Moved ntlm authentication message handling from smtp.c Moved the ntlm message creation and decoding from smtp.c into the sasl module to allow for use by other modules such as pop3. - pop3: Added support for sasl login authentication Yang Tse (1 Jun 2012) - tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol - tests: support test definitions with up to 5 file checks in <verify> section This is done introducing tags <file1> to <file4> besides existing <file> one, as well as corresponding <stripfile1> to <stripfile4> ones, that can be used in the <verify> section in the same way as the non-numbered ones. Steve Holme (31 May 2012) - sasl: Moved login authentication message creation from smtp.c Moved the login message creation from smtp.c into the sasl module to allow for use by other modules such as pop3. - smtp.c: Reworked message encoding in smtp_state_authpasswd_resp() Rather than encoding the password message itself the smtp_state_authpasswd_resp() function now delegates the work to the same function that smtp_state_authlogin_resp() and smtp_authenticate() use when constructing the encoded user name. - smtp.c: Re-factored smtp_auth_login_user() for use with passwords In preparation for moving to the SASL module re-factored the smtp_auth_login_user() function to smtp_auth_login() so that it can be used for both user names and passwords as sending both of these under the login authentication mechanism is the same. - pop3: Added support for sasl plain text authentication - curl_ntlm_msgs.c: Corrected small spelling mistake in comments - sasl: Moved plain text authentication message creation from smtp.c Moved the plain text message creation from smtp.c into the sasl module to allow for use by other modules such as pop3. Yang Tse (30 May 2012) - configure: fix LDAPS disabling related misplaced closing parenthesis - pop3 test server: allow pop3 test server verification to succeed again Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further pop3 test server expansion for tests that require CAPA or AUTH support, although this will need some extra work to make it fully functional. Steve Holme (28 May 2012) - pop3: Introduced the continue response in pop3_endofresp() - pop3: Changed response code from O and E to + and - The POP3 protocol doesn't really have the concept of error codes and uses +, +OK and -ERR in response to commands to indicate continue, success and error. The AUTH command is one of those commands that requires multiple pieces of data to be sent to the server where the server will respond with + as part of the handshaking. This meant changing the values before continuing with the next stage of adding authentication support. - pop3: Small code tidy up following authentication work so far Changed the order of the state machine to match the order of actual events. Reworked some comments and function parameter positioning that I missed the other day. Kamil Dudka (28 May 2012) - nss: use human-readable error messages provided by NSS Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html Daniel Stenberg (27 May 2012) - test1013.pl: filter out Metalink Since it isn't a feature supported by curl-config we can't compare that with the --version output - pop3: remove variable-not-used warnings Steve Holme (27 May 2012) - DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH Additionally corrected another RFC link that I missed yesterday. - pop3: Added support for SASL based authentication mechanism detection Added support for detecting the supported SASL authentication mechanisms via the AUTH command. There are two ways of detecting them, either by using the AUTH command, that will return -ERR if not supported or by using the CAPA command which will return SASL and the list of mechanisms if supported, not include SASL if SASL authentication is not supported or -ERR if the CAPA command is not supported. As such it seems simpler to use the AUTH command and fallback to normal clear text authentication if the the command is not supported. Additionally updated the test cases to return -ERR when the AUTH command is encountered. Additional test cases will be added when support for the individual authentication mechanisms is added. Daniel Stenberg (27 May 2012) - pop3: remove trailing whitespace Steve Holme (27 May 2012) - pop3: Code tidy up before the introduction of authentication code Moved EOB definition into header file. Switched the logic around in pop3_endofresp() to allow for the introduction of auth-mechanism detection. Repositioned second and third function variables where they will fit within the 78 character line limit. Tidied up some comments. Guenter Knauf (27 May 2012) - Enabled OpenSSL static linkage. - Enabled OpenSSL static linkage. - Try to detect OpenSSL build type automatically. Daniel Stenberg (26 May 2012) - metalink: fix build errors when disabled - [Tatsuhiro Tsujikawa brought this change] Reduced #ifdef HAVE_METALINK - [Tatsuhiro Tsujikawa brought this change] Disable hash check if neither OpenSSL nor GNUTLS is installed. - [Tatsuhiro Tsujikawa brought this change] Format GETOUT_METALINK nicely - [Tatsuhiro Tsujikawa brought this change] Minimize usage of structs from libmetalink - [Tatsuhiro Tsujikawa brought this change] Check checksum of downloaded file if checksum is available Metalink file contains several hash types of checksums, such as md5, sha-1, sha-256, etc. To deal with these checksums, I created abstraction layer based on lib/curl_md5.h and lib/md5.c. Basically, they are almost the same but I changed the code so that it is not hash type dependent. Currently, GNUTLS(nettle or gcrypt) and OpenSSL functions are supported. Checksum checking is done by reopening download file. If there is an I/O error, the current implementation just prints error message and does not try next resource. In this patch, the supported hash types are: md5, sha-1 and sha-256. - [Tatsuhiro Tsujikawa brought this change] Always create directory hierarchy for Metalink. Filenames contained in Metalink file can include directory information. Filenames are unique in Metalink file, taking into account the directory information. So we need to create the directory hierarchy. Curl has --create-dirs option, but we create directory hierarchy for Metalink downloads regardless of the option value. This patch also put metalink int variable outside of HAVE_LIBMETALINK guard. This reduces the number of #ifdefs. - [Tatsuhiro Tsujikawa brought this change] Fixed segmentation fault when Metalink has no valid file or no resource. - [Tatsuhiro Tsujikawa brought this change] Support media-type parameter in Content-Type - [Tatsuhiro Tsujikawa brought this change] Print "Metalink" in Features if Metalink support is enabled. - [Tatsuhiro Tsujikawa brought this change] Removed trailing space - [ant brought this change] Add --metalink to --help - [ant brought this change] Add Metalink information and --metalink option to man page - [ant brought this change] Add Metalink information and --metalink option to man page - [ant brought this change] Adds Metalink information to INSTALL - [Tatsuhiro Tsujikawa brought this change] --metalink option is available regardless of Metalink support. - [Tatsuhiro Tsujikawa brought this change] metalink: parse downloaded Metalink file Parse downloaded Metalink file and add downloads described there. Fixed compile error without metalink support. - [Tatsuhiro Tsujikawa brought this change] Fixed HAVE_LIBMETALINK conditional is always true - [Tatsuhiro Tsujikawa brought this change] metalink: minor metalinkfile fix Don't update config->metalinkfile_last in operate(). Use local variable to point to the current metalinkfile. - [Tatsuhiro Tsujikawa brought this change] metalink: show help message even if disabled Print message if --metalink is used while metalink support is not enabled. Migrated Metalink support in tool_operate.c and removed operatemetalink(). - [Tatsuhiro Tsujikawa brought this change] Applied patches from Daniel - [Tatsuhiro Tsujikawa brought this change] Support Metalink. This change adds experimental Metalink support to curl. To enable Metalink support, run configure with --with-libmetalink. To feed Metalink file to curl, use --metalink option like this: $ curl -O --metalink foo.metalink We use libmetalink to parse Metalink files. Steve Holme (26 May 2012) - DOCS: Fixed line spacing of authentication examples in CURLOPT_URL - DOCS: Changed domain names in various examples to example.com Updated various references of real domain names to example.com as per RFC-2606. - DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR Setting bit 2 for this value was documented as having a constant value defined as CURL_REDIR_POST_303 yet referenced a 302 request. Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three bits and fixed problems with the bolding of keywords in this section. - DOCS: Standardised how RFCs are referenced. Standardised how RFCs are referenced so that the website may autolink to the correct documentation on ietf.org. Additionally removed the one link to RFC3986 on curl.haxx.se. Yang Tse (26 May 2012) - Fix libcurl.pc and curl-config generation for static MingW* cross builds Daniel Stenberg (25 May 2012) - [Tatsuhiro Tsujikawa brought this change] Made -D option work with -O and -J. To achieve this, first new structure HeaderData is defined to hold necessary data to perform header-related work. Then tool_header_cb now receives HeaderData pointer as userdata. All header-related work (currently, dumping header and Content-Disposition inspection) are done in this callback function. HeaderData.outs->config is used to determine whether each work is done. Unit tests were also updated because after this change, curl code always sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA. Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine. Steve Holme (25 May 2012) - sasl: Re-factored auth-mechanism constants to be more generic - smtp: Moved auth-mechanism constants into a separate header file Move the SMTP_AUTH constants into a separate header file in preparation for adding SASL based authentication to POP3 as the two protocols will need to share them. Kamil Dudka (25 May 2012) - nss: avoid using explicit casts of code pointers Steve Holme (24 May 2012) - DOCS: Added LDAP to the CURLOPT_URL section - TODO: Removed DIGEST-MD5 authentication from SMTP to do list Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as the feature was added to SMTP in 7.26.0. Also corrected small spelling mistake. Daniel Stenberg (24 May 2012) - bump to 7.26.1: start working towards next release Version 7.26.0 (24 May 2012) Daniel Stenberg (24 May 2012) - RELEASE-NOTES: synced with ef60fdbd73 Just before 7.26.0 is about to ship Steve Holme (22 May 2012) - smtp: Fixed an issue with the multi-interface always sending postdata Due to the result code being reset to CURLE_OK when smtp_dophase_done() was called, postdata would incorrectly be sent to the server when the MAIL FROM or RCPT command was rejected. As such, libcurl would return the wrong result code from performing the operation and additionally set CURLINFO_RESPONSE_CODE to be that returned by the postdata command. Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html Reported by: Gokhan Sengun - DOCS: Updated version number for features added in the pending release Daniel Stenberg (22 May 2012) - [Tatsuhiro Tsujikawa brought this change] Fixed compile error with GNUTLS+NETTLE In nettle/md5.h, md5_init and md5_update are defined as macros to nettle_md5_init and nettle_md5_update respectively. This causes error when using MD5_params.md5_init and md5_update. This patch renames these members as md5_init_func and md5_update_func to avoid name conflict. For completeness, MD5_params.md5_final was also renamed as md5_final_func. The changes in curl_ntlm_core.c is conversion error and fixed by casting to proper type. - TODO-RELEASE: mention the pending biggies for 7.27.0 - [Jan Ehrhardt brought this change] winbuild: fix IPv6 enabled build The existing check was wrong so IPv6 support would never be enabled - 7.26.0: will be the next release version - RELEASE-NOTES: synced with 8ae1e657e82a And mention that this will become 7.26.0 Guenter Knauf (22 May 2012) - Updated dependency libary versions. Daniel Stenberg (20 May 2012) - curl-config.1: fix curl-config usage in example The curl-config command must be used twice in the single command line to work properly in some environments. Bug: http://curl.haxx.se/bug/view.cgi?id=3528241 Reported by: Julian Taylor Steve Holme (17 May 2012) - smtp: Fixed non-escaping of dot character at beginning of line A dot character at the beginning of a line would not be escaped to a double dot as required by RFC-2821, instead it would be deleted by the mail server. Please see section 4.5.2 of the RFC for more information. Note: This fix also simplifies the detection of repeated CRLF.CRLF combinations, such as CRLF.CRLF.CRLF, a little rather than having to advance the eob counter to 2. Daniel Stenberg (16 May 2012) - FAQ: updated 1.10 How many are using curl? Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/ - disable-versioned-symbols: removed superfluous 'fi' The commit e315927a1a left this in - MakefileBuild.vc: use the correct IDN variable The variable that control IDN enablement is called USE_IDN within these Makefiles - [Pierre Chapuis brought this change] autoconf: improve handling of versioned symbols It checks whether versioned symbols should be enabled before checking whether it is possible (i.e. the linker supports --version-script) or not. This avoids a useless warning when building cURL on a platform that does not use GNU ld. Moreover, it fixes broken indentation of this chunk of code. - curl.1: clarify -x usage 1 - fix the syntax in the .IP line 2 - Provided user names and passwords are URL decoded by libcurl Bug: http://curl.haxx.se/bug/view.cgi?id=3525935 - NTLM: is supported in GnuTLS builds too ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4 - TODO: happy eyeballs is now RFC6555 - my_useragent: shorten user-agent The built-in user-agent will now only say curl/[version] and nothing else in an attempt to decrease overhead in HTTP requests. - CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too Claes Jakobsson (3 May 2012) - Add note about default timeout in CURLOPT_TIMEOUT Daniel Stenberg (2 May 2012) - [Gokhan Sengun brought this change] MD5: OOM fix check whether md5 initialization succeeded before updating digest of buffers onto it - REALEASE-NOTES: synced with 64f48e884e3c1 - [Jan Schaumann brought this change] add newly created manual page - [Jan Schaumann brought this change] add a manual page for mk-ca-bundle Guenter Knauf (26 Apr 2012) - Updated dependency lib versions. Daniel Stenberg (23 Apr 2012) - URL parse: reject numerical IPv6 addresses outside brackets Roman Mamedov spotted (in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would not complain when given a URL with an IPv6 numerical address without brackets. It would simply cut off the last ":[hex]" part and thus not work correctly. That's a URL using an illegal syntax and now libcurl will instead return a clear error code and error message detailing the error. The above mentioned bug report claims this to be a regression but libcurl does not guarantee functionality when given URLs that aren't following the URL spec (RFC3986 mostly). I consider the fact that it used to handle this differently a mere coincidence. - Curl_MD5_init: fix OOM memory leak Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html Reported by: Michael Mueller - [Gokhan Sengun brought this change] OpenSSL cert: provide more details when cert check fails curl needs to be more chatty regarding certificate verification failure during SSL handshake Yang Tse (23 Apr 2012) - Revert "sspi: Added version information" This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a. - Revert "sspi - Small code tidy up" This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687. - Revert "Fixed 'extra tokens at end of #endif directive'." This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6. - Revert "Fixed 'Trailing whitespace' found by checksrc." This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523. - Revert "sspi: Code tidy up to remove unused variable." This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac. - Revert "Add -lversion if build with SSPI." This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85. Guenter Knauf (23 Apr 2012) - Add -lversion if build with SSPI. Steve Holme (22 Apr 2012) - sspi: Code tidy up to remove unused variable. Guenter Knauf (22 Apr 2012) - Fixed 'Trailing whitespace' found by checksrc. - Fixed 'extra tokens at end of #endif directive'. Steve Holme (22 Apr 2012) - sspi - Small code tidy up - sspi: Added version information Added version information for Windows SSPI to curl's main version string and removed SSPI from the features string. Daniel Stenberg (20 Apr 2012) - HTTP: empty chunked POST ended up in two zero size chunks When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the size of the POST was zero length, it made libcurl first send a zero chunk and then the terminating one. This could confuse a receiver and it should rather just send the terminating chunk as it does with this fix. Test case 1333 is added to verify. Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html Reported by: Arnaud Compan Guenter Knauf (20 Apr 2012) - Updated dependency lib versions. Daniel Stenberg (19 Apr 2012) - singleipconnect: return OK even when Curl_socket() fails Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0). The singleipconnect() function must not return an error if Curl_socket() returns an error. It should then simply return OK and pass a SOCKET_BAD back simply because that is how the user of this function expects it to work and something else is not fine. Reported by: Blaise Potard Bug: http://curl.haxx.se/bug/view.cgi?id=3516508 Yang Tse (19 Apr 2012) - Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up MIPSPro compiler detected curl_easy_getinfo() related missing adjustments. SunPro compiler detected curl tool --libcurl option related missing adjustments. - url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported. Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE. - Take in account that CURLAUTH_* bitmasks are now 'unsigned long' Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to 'unsigned long' for proper handling and operating. - curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed Info: http://curl.haxx.se/mail/lib-2012-04/0170.html - Some explicit conversion to 'long' of curl_easy_setopt() third argument Explicit conversion to 'long' of curl_easy_setopt() third argument for options CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are docummented to be used. - build adjustments: commit 9e24b9c7 follow-up Daniel Stenberg (17 Apr 2012) - -# progress meter: avoid superfluous updates and duplicate lines By comparing if a different "progress point" is reached or not since the previous update, the progress function callback for this now avoids many superfluous screen updates. This has the nice side-effect that it fixes a problem that causes a second progress meter line. The second line output happened because when we use the -# progress meter, we force a newline output after the transfer in the main loop in curl, but when libcurl calls the progress callback from curl_easy_cleanup() it would then output the progress display again. Possibly the naive newline output is wrong but this optimization was suitable anyway... Reported by: Daniel Theron Bug: http://curl.haxx.se/bug/view.cgi?id=3517418 Yang Tse (16 Apr 2012) - nss.c: fix compiler warning - curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds When building a Windows target with gcc 4.5 or newer and strict compiler warnings enabled use -Wno-pedantic-ms-format in addition to other flags. Kamil Dudka (16 Apr 2012) - tests/valgrind.pm: suppress memleaks of NSS_InitContext() Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224 Yang Tse (14 Apr 2012) - setup_once.h: tighten requirements for stdbool.h header inclusion Include stdbool.h only when it is available and configure is capable of detecting a proper 'bool' data type when the header is included. Compilation fix for old or unpatched versions of XL C compiler. Report: http://curl.haxx.se/mail/archive-2012-04/0022.html - headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage Usage in other code paths already protected and requiring even newer versions. - [Jonathan Nieder brought this change] headers: surround GCC attribute names with double underscores This protects from attribute names being defined by third party's code. Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html Guenter Knauf (13 Apr 2012) - Updated copyright year. Yang Tse (13 Apr 2012) - testcurl.pl: build example programs for Android cross-compiles - nss.c: fix compiler warning - examples: fix compiler warnings Kamil Dudka (13 Apr 2012) - nss: provide human-readable names for NSS errors - nss: use NSS_InitContext() to initialize NSS if available NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent collisions on NSS initialization/shutdown with other libraries. Bug: https://bugzilla.redhat.com/738456 - nss: unconditionally require PK11_CreateGenericObject() This bumps the minimal supported version of NSS to 3.12.x. Guenter Knauf (13 Apr 2012) - Set batch mode to 755 to make Cygwin git pulls work. - Added section for Android configure cross-compile. - Added NetWare export. Yang Tse (12 Apr 2012) - testcurl.pl: build example programs for MinGW cross-compiles - tool_operate.c: fix compiler warning - url.c: fix compiler warning Guenter Knauf (12 Apr 2012) - Updated dependency lib versions (2nd try). - Updated dependency lib versions. Yang Tse (12 Apr 2012) - tool_formparse.c: rename a couple of vars to avoid declaration shadowing - OS400/initscript.sh: fix db2_name() module name generation Allow repeatable file name length reduction on file names with underscore or dash characters. This is done in order to better support libcurl's existing source file names and allow OS/400 package to build out of the box again. - testcurl.pl: log more environment vars that modify configure and build behavior - configure: NATIVE_WINDOWS no longer defined in config files - build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files configure script now provides conditional definitions for Makefile.am that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles when appropriate. Additionally, configure script option for symbol hiding control is now named --enable-symbol-hiding --disable-symbol-hiding. While still valid, old option name --enable-hidden-symbols --disable-hidden-symbols will be deprecated in some future release. - build adjustments: functionally revert commits 4d3fb91f and bbfe1182 Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix. - test servers: build adjustment Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might leak from lib/setup.h into source files where this should not be defined. - libtests: build adjustment Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might leak from lib/setup.h into source files where this should not be defined. - curl tool: make setup.h first header included in tool_setup.h again - curl tool: use configuration files from lib directory - follow-up II lib/config-win32.h no longer copied to src/config-win32.h - configure: Windows cross-compilation fixes BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h, configure will generate appropriate conditionals so that mentioned symbols get defined and used in Makefiles at compilation time - curl tool: make curl.h first header included in tool_setup.h - curl tool: use configuration files from lib directory - follow-up I amigaos.[ch] now integrates nicely with any libcurl build - curl tool: use configuration files from lib directory Configuration files such as curl_config.h and all config-*.h no longer exist nor are generated/copied into 'src' directory, now these only exist in 'lib' directory from where curl tool sources uses them. Additionally old src/setup.h has been refactored into src/tool_setup.h which now pulls lib/setup.h The possibility of a makefile needing an include path adjustment exists. Daniel Stenberg (6 Apr 2012) - PolarSSL: correct return code for CRL matches When a server certificate matches one in the given CRL file, the code now returns CURLE_SSL_CACERT as test case 313 expects and verifies. - PolarSSL: include version number in version string Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the same style other libs and components do. - test: added test 1332 that tests --post303 - curl: add --post303 to set the CURL_REDIR_POST_303 option - [Andrei Cipu brought this change] CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL As it turns out, some people do want that after all. - test1331: cookies on a 407 response Verify that cookies are sent back even after a 407 response has been received - [Dag Ekengren brought this change] PolarSSL: add support for asynchronous connect - [Tim Heckman brought this change] Revert "access the CA source file using HTTPS" This reverts commit f7e2ab6. This change caused fetching of the certificates to become unreliable. Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html Reported by: Tim Heckman - [Andrei Cipu brought this change] IPv6 cookie domain: get rid of the first bracket before the second. Commit 97b66ebe was copying a smaller buffer, thus duplicating the last character. - MAIL-ETIQUETTE: Added "How to unsubscribe" ... as it seems to hard for some people Yang Tse (4 Apr 2012) - ftp.c: ftplistparser related OOM handling fix - smtp.c: fix compiler warnings - lib599.c: fix compiler warning Daniel Stenberg (4 Apr 2012) - runtests: yassl and polarssl are not openssl Don't set the "has_openssl" variable if yassl or polarssl is found as they will simply not work as 100% drop-in replacements for some of the stuff the "OpenSSL" feature is used for. I spotted this problem when doing test runs with PolarSSL builds. - [Lijo Antony brought this change] connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT conveys incorrect information to the user. Steve Holme (2 Apr 2012) - pop3: Reworked the command sending and handling Reworked the command sending from two specific LIST and RETR command functions into a single command based function as well as the two associated response handlers into a generic command handler. Daniel Stenberg (1 Apr 2012) - [Dave Reisner brought this change] curl tool: add filename_effective token for --write-out By modifying the parameter list for ourWriteOut() and passing the OutStruct that collects data in tool_operate, we get access to the remote name that we're writing to. Shell scripters should find this useful when used in conjuntion with the --remote-header-name option. Steve Holme (1 Apr 2012) - smtp.c: Code policing and tidy up Daniel Stenberg (1 Apr 2012) - [Armel Asselin brought this change] SSH: public key can now be an empty string If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will pass no public key to libssh2 which then tries to compute it from the private key. This is known to work when libssh2 1.4.0+ is linked against OpenSSL. - [Tatsuhiro Tsujikawa brought this change] OpenSSL: Made cert hostname check conform to RFC 6125 This change replaces RFC 2818 based hostname check in OpenSSL build with RFC 6125 [1] based one. The hostname check in RFC 2818 is ambiguous and each project implements it in the their own way and they are slightly different. I check curl, gnutls, Firefox and Chrome and they are all different. I don't think there is a bug in current implementation of hostname check. But it is not as strict as the modern browsers do. Currently, curl allows multiple wildcard character '*' and it matches '.'. (as described in the comment in ssluse.c). Firefox implementation is also based on RFC 2818 but it only allows at most one wildcard character and it must be in the left-most label in the pattern and the wildcard must not be followed by any character in the label.[2] Chromium implementation is based on RFC 6125 as my patch does. Firefox and Chromium both require wildcard in the left-most label in the presented identifier. This patch is more strict than the current implementation, so there may be some cases where old curl works but new one does not. But at the same time I think it is good practice to follow the modern browsers do and follow the newer RFC. [1] http://tools.ietf.org/html/rfc6125#section-6.4.3 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483 - HTTP: reset expected DL/UL sizes on redirects With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the download size was known (like with a Content-Length header), but the subsequent URL (transfered after the 3xx page) was chunked encoded, then the previous "known download size" would linger and cause the progress meter to get incorrect information, ie the former value would remain being sent in. This could easily result in downloads that were WAY larger than "expected" and would cause >100% outputs with the curl command line tool. Test case 599 was created and it was used to repeat the bug and then verify the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3510057 Reported by: Michael Wallner Steve Holme (31 Mar 2012) - [Gökhan Åengün brought this change] smtp: Add support for DIGEST-MD5 authentication - [Gökhan Åengün brought this change] smtp: Cody tidy up of md5 digest length Replaced the hard coded md5 digest length (16) with a preprocessor constant - [Gökhan Åengün brought this change] md5: Add support for calculating the md5 sum of buffers incrementally It is now possible to calculate the md5 sum as the stream of buffers becomes known where as previously it was only possible to calculate the md5 sum of a pre-prepared buffer. Daniel Stenberg (31 Mar 2012) - Revert "mk-ca-bundle.pl: use LWP::UserAgent for https" This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770. It turned out that "improvement" instead made the fetching of the certificates unreliable Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html Reported by: Tim Heckman Steve Holme (31 Mar 2012) - DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST - pop3: Added support for additional pop3 commands This feature allows the user to specify and use additional POP3 commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or curl's -X command line option. Yang Tse (30 Mar 2012) - [tetetest tetetest brought this change] CMakeLists.txt: fix Windows LDAP/LDAPS option handling bug: http://curl.haxx.se/mail/lib-2012-03/0278.html - [tetetest tetetest brought this change] CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix bug: http://curl.haxx.se/mail/lib-2012-03/0255.html Steve Holme (28 Mar 2012) - TODO: Corrected POP3 section heading Yang Tse (28 Mar 2012) - curl-functions.m4: update detection logic of getaddrinfo() thread-safeness Take in account that h_errno might be a modifiable lvalue not defined as a C preprocessor macro Steve Holme (27 Mar 2012) - TODO: Added SMTP and POP3 specific features Yang Tse (27 Mar 2012) - [Olaf Flebbe brought this change] tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0 curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0 bug: http://curl.haxx.se/bug/view.cgi?id=3511794 - test #1405: support HTTP disabled builds Steve Holme (26 Mar 2012) - test #809: Updated error code to match recent pop3 changes Yang Tse (25 Mar 2012) - ssh.c: code cleanup, Curl_safefree() already nullifies pointer - fix some compiler warnings Steve Holme (25 Mar 2012) - pop3.c: Corrected problem with state() introduced in 01690ed2bce5 - pop.c: Small code tidy up - pop3: Removed the need for the single message LIST command handler Simplified the code to remove the need for a separate "LIST <msg id>" command handler and state machine and instead use the LIST command handler for both operations. - pop3.c: Code policing and tidy up Corrected character and line spacing and re-ordered list and retr functions based on the order of their state machines. - email: Moved server greeting responses into separate functions Moved the server greeting response handling code from the statemach_act functions to separate response functions. This makes the code simpler to follow and provides consistency with the other responses that are handled here. - pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified Body data would be forwarded to the client application in both the RETR and LIST commands even if CURLOPT_NOBODY was specified. Daniel Stenberg (23 Mar 2012) - [Rodrigo Silva (MestreLion) brought this change] docs: clarify -z/--time-cond with filename (mention mtime) Original wording could lead users in thinking it tries to somehow parse the filename for a date expression (like news_2012_03_05.html). It never mentions that it actually reads the mtime of the file in filesystem. Yang Tse (23 Mar 2012) - tests #1316 #1319 #1320 #1321: add missing keywords - test #598: add missing keywords - version: start working on 7.25.1-DEV Daniel Stenberg (22 Mar 2012) - [Benjamin Johnson brought this change] configure: check for gethostbyname in the watt lib This allows building of libcurl on DOS using DJGPP 2.04 and Watt-32 sockets. I know there's already Makefile.djgpp, but I find this more convenient since I'm used to using the ./configure script from other platforms - THANKS: 8 new contributors from 7.25.0 Version 7.25.0 (22 Mar 2012) Daniel Stenberg (22 Mar 2012) - RELEASE-NOTES: synced with b8b2cf612b2 Yang Tse (22 Mar 2012) - tests #1400 #1401: add missing keywords - http_proxy.h: fix builds with proxy or http disabled - parsedate.c: fix a numeric overflow Daniel Stenberg (22 Mar 2012) - [Andrei Cipu brought this change] cookies: strip the numerical ipv6 host properly The commit e650dbde86d4 that stripped off [brackets] from ipv6-only host headers for the sake of cookie parsing wrongly incremented the host pointer which would cause a bad free() call later on. Yang Tse (22 Mar 2012) - test #598: add to Makefile.am - test #598: OOM handling fixes - fix several compiler warnings Daniel Stenberg (22 Mar 2012) - CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html - SWS: refuse to serve CONNECT unless running as proxy Yang Tse (21 Mar 2012) - curl-functions.m4: update detection logic of getaddrinfo() thread-safeness Take in account that POSIX standard Issue 7 drops h_errno support. Now, we also consider getaddrinfo() to be thread-safe when (_POSIX_C_SOURCE >= 200809L) or (_XOPEN_SOURCE >= 700) independently of whether h_errno exists or not. - fix several compiler warnings - tests 140X: fix --libcurl generated source file reading mode for MSYS builds - tool_easysrc.c: fix --libcurl option output file text translation mode Use fopen() with "w" mode instead of "wt" to fix cygwin builds. - build: remove tool_cb_skt.[ch] references Daniel Stenberg (18 Mar 2012) - RELEASE-NOTES: synced with ad77420ac761b 3 more bugs, 1 more contributor - lwip: basic checks and macros for compatiblity Yang Tse (17 Mar 2012) - tool_setopt.c: more OOM handling fixes Daniel Stenberg (16 Mar 2012) - cmake: list_spaces_append_once fails with spaces in filename Windows standard libraries are located in C:/Program Files/Microsoft SDKs/[...]. They are already included in the default MSVC LIBPATH. Hence, find_library(WSOCK32_LIBRARY wsock32) and find_library(WS2_32_LIBRARY ws2_32) are not needed. They return the full path to the libraries including spaces. Of course, list_spaces_append_once will mangle the result and the build fails. Bug: http://curl.haxx.se/bug/view.cgi?id=3494968 Yang Tse (16 Mar 2012) - http_proxy.c: fix OOM handling - tool_setopt.c: fix OOM handling - fix several compiler warnings - fix some compiler warnings Daniel Stenberg (13 Mar 2012) - [Maxim Prohorov brought this change] resolve with c-ares: don't resolve IPv6 when not working If the Curl_ipv6works() function says no, there is no reason to try AAAA names even if libcurl was built with IPv6 support enabled. Bug: http://curl.haxx.se/mail/lib-2012-03/0045.html unknown (10 Mar 2012) - [Steve Holme brought this change] smtp.c: Changed the curl error code for EHLO and HELO responses Changed the returned curl error codes for EHLO and HELO responses from CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response from these commands represents no service as opposed to a login error. Daniel Stenberg (10 Mar 2012) - RELEASE-NOTES: synced with e650dbde86 New: 12 bugs, 3 changes, 6 contributors and updated counters at the top - [Andrei Cipu brought this change] Curl_http: strip off [brackets] from ipv6-only host headers Since the host name is passed in to the cookie engine it will not work correctly if the brackets are left in the name. Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html - [Armel Asselin brought this change] CURLSSH_OPT_AUTH: documented it has no effect - [John Joseph Bachir brought this change] mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior. An alternative would be: 1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE 2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being used This question and answer explain: http://stackoverflow.com/questions/74358/ - [John Joseph Bachir brought this change] access the CA source file using HTTPS - includes: remove inclusion of unused file http_proxy.h - CONNECT: made generically not per-protocol Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it. - ssh_connect: tunnel through HTTP proxy if requested - LWIP: don't consider HAVE_ERRNO_H to be winsock The check for Winsock definition was a bit too broad Bug: http://curl.haxx.se/mail/lib-2012-03/0046.html - [Dave Reisner brought this change] curl-config: only provide libraries with --libs In line with the manpage, curl-config --libs should only provide the necessary library flags for the linker in order to compile software with libcurl. Also with this change, we match what the pkg-config file provides. - CONTRIB: Please don't send pull requests - libcurl docs: version corrections Correct some inconsistencies in which version some things were added. Bug: http://curl.haxx.se/bug/view.cgi?id=3494091 Reported by: "curlybugs" - CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat" - [Steve Holme brought this change] SMTP: Added support for returning SMTP response codes Set the conn->data->info.httpcode variable in smtp_statemach_act() to allow Curl_getinfo() to return the SMTP response code via the CURLINFO_RESPONSE_CODE action. - curl.1: updated --libcurl With Colin Hogben's recent work, --libcurl now also works with -F and more. Remove the previous caveat. - test: --libcurl fixes The line endings broke when I saved the three recent patches (my fault, not Colin's) to 'git am' them. Adjusted the stripping of the test program for comparing to also exclude the SSH key file name as that will differ and use a local path name. - [Colin Hogben brought this change] Add helper script convsrctest.pl to manipulate --libcurl tests. The intention is to take the output of curl's --libcurl option, as exercised in test 14xx, and generate a corresponding test15xx in which the generated code is compiled and run. This will verify that the generated code behaves equivalently to the original invocation of the curl command. The script is not yet integrated into the configure / makefile machinery. - [Colin Hogben brought this change] Add tests for curl's --libcurl output. These tests check the output of the --libcurl option of curl, including the improved option handling added in a related patch. - [Colin Hogben brought this change] Generate lists and use symbols in --libcurl code output. This patch improves the output of curl's --libcurl option by generating code which builds curl_httppost and curl_slist lists, and uses symbolic names for enum and flag values. Variants of the my_setopt macro in tool_setopt.h are added in order to pass extra type information to the code-generation step in tool_setopt.c. If curl is configured with --disable-libcurl-option then the macros call curl_easy_setopt directly. - [Steve Holme brought this change] smtp.c: Fixed an issue with writing postdata Fixed a problem in smtp_done() when writing out the postdata as Curl_write() would periodically return zero bytes written. - CURLOPT_MAIL_AUTH: added in 7.25.0 Brought in commit 0cf0ab6f300 - pop3 test server: send terminating ".CRLF" only With commit 035ef06bda7 applied, the test pop3 server needs to send ".\r\n" as the body terminating sequence and there needs to be a final CRLF in the actual body in the test data file. - [Steve Holme brought this change] pop3.c: Fixed drop of final CRLF in EOB checking Curl_pop3_write() would drop the final CRLF of a message as it was considered part of the EOB as opposed to part of the message. Whilst the EOB sequence needs to be searched for by the function only the final 3 characters should be removed as per RFC-1939 section 3. Reported by: Rich Gray Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html - [Steve Holme brought this change] smtp.c: Fixed an issue with the EOB checking Curl_smtp_escape_eob() would leave off final CRLFs from emails ending in multiple blank lines additionally leaving the smtpc->eob variable with the character count in, which would cause problems for additional emails when sent through multiple calls to curl_easy_perform() after a CURLOPT_CONNECT_ONLY. - CURLE_FTP_PRET_FAILED: listed twice Make sure it is mentioned once and with the correct description - --mail-auth documented - [Steve Holme brought this change] SMTP: Code policing and tidy up - [Steve Holme brought this change] curl: Added support for --mail-auth Added an extra command-line argument to support the optional AUTH parameter in SMTPs MAIL FROM command. Kamil Dudka (16 Feb 2012) - docs: mention that NTLM works with NSS, too Daniel Stenberg (15 Feb 2012) - [Steve Holme brought this change] DOCS: Added information for CURLOPT_MAIL_AUTH. Added information relating to the new CURLOPT_MAIL_AUTH parameter and reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer. Fixed inconsistencies of "vocalisation of the abbreviation" versus "vocalisation of the first word" for all abbreviations. Corrected a typo in CURLOPT_NOPROXY. - [Steve Holme brought this change] smtp.c: Fixed use of angled brackets in AUTH parameter. Fixed the use of angled brackets "<>" in the optional AUTH parameter as per RFC-2554 section 5. The address should not include them but an empty address should be replaced by them. - [Steve Holme brought this change] smtp_mail: Added support to MAIL FROM for the optional AUTH parameter Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email. - [toddouska brought this change] cyassl: update to CyaSSL 2.0.x API Modify configure.ac to test for new CyaSSL Init function and remove default install path to system. Change to CyaSSL OpenSSL header and proper Init in code as well. Note that this no longer detects or works with CyaSSL before v2 - LIBCURL_VERSION_NUM: 0x071900 I accidentally left the lowest bits 01 before - [Steve Holme brought this change] SMTP: Fixed error when using CURLOPT_CONNECT_ONLY Fixed incorrect behavior in smtp_done() which would cause the end of block data to be sent to the SMTP server if libcurl was operating in connect only mode. This would cause the server to return an error as data would not be expected which in turn caused libcurl to return CURLE_RECV_ERROR. - s/7.24.1/7.25.0 We will go straight to 7.25.0 due to the new additions - curlver.h: bumped to 7.25.0 and updated the end year in the generic copyright string - RELEASE-NOTES: synced with 2b26eb985 9 bug fixes, 4 changes and numerous contributors Bumped release version and option counters - [Colin Hogben brought this change] configure: add option disable --libcurl output - [Alessandro Ghedini brought this change] curl tool: allow negative numbers as option values Fix the str2num() function to not check if the input string starts with a digit, since strtol() supports numbers prepended with '-' (and '+') too. This makes the --max-redirs option work as documented. - parse_proxy: simply memory handling ... by making sure that the string is always freed after the invoke as parse_proxy will always copy the data and this way there's a single free() instead of multiple ones. - parse_proxy: bail out on zero-length proxy names! The proxy parser function strips off trailing slashes off the proxy name which could lead to a mistaken zero length proxy name which would be treated as no proxy at all by subsequent functions! This is now detected and an error is returned. Verified by the new test 1329. Reported by: Chandrakant Bagul Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html Kamil Dudka (9 Feb 2012) - nss: add support for the CURLSSLOPT_ALLOW_BEAST option ... and fix some typos from the 62d15f1 commit. Daniel Stenberg (9 Feb 2012) - [Rob Ward brought this change] configure: don't modify LD_LIBRARY_PATH for cross compiles - --ssl-allow-beast added This new option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols. It uses the new libcurl option CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set. - CURLOPT_SSL_OPTIONS: added Allow an appliction to set libcurl specific SSL options. The first and only options supported right now is CURLSSLOPT_ALLOW_BEAST. It will make libcurl to disable any work-arounds the underlying SSL library may have to address a known security flaw in the SSL3 and TLS1.0 protocol versions. This is a reaction to us unconditionally removing that behavior after this security advisory: http://curl.haxx.se/docs/adv_20120124B.html ... it did however cause a lot of programs to fail because of old servers not liking this work-around. Now programs can opt to decrease the security in order to interoperate with old servers better. - [Dave Reisner brought this change] curl: use new library-side TCP_KEEPALIVE options Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via the sockopt callback. If --keepalive-time is used, apply the value to CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL. - [Dave Reisner brought this change] add library support for tuning TCP_KEEPALIVE This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values. - curl_easy_reset: reset the referer string When CURLOPT_REFERER has been used, curl_easy_reset() did not properly clear it. Verified with the new test 598 Bug: http://curl.haxx.se/bug/view.cgi?id=3481551 Reported by: Michael Day Yang Tse (7 Feb 2012) - curl tool: allow glob-loops to abort again upon critical errors This prevents clobbering of non recoverable error return codes while retaining intended functionality of commit 65103efe Daniel Stenberg (6 Feb 2012) - curl tool: don't abort glob-loop due to failures We want to continue to the next URL to try even on failures returned from libcurl. This makes -f with ranges still get subsequent URLs even if occasional ones return error. This was a regression as it used to work and broke in the 7.23.0 release. Added test case 1328 to verify the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3481223 Reported by: Juan Barreto - CONNECT: send correct Host: with IPv6 numerical address When the target host was given as a IPv6 numerical address, it was not properly put within square brackets for the Host: header in the CONNECT request. The "normal" request did fine. Reported by: "zooloo" Bug: http://curl.haxx.se/bug/view.cgi?id=3482093 - [Martin Storsjo brought this change] Explicitly link to the nettle/gcrypt libraries When support for nettle was added in 64f328c787ab, I overlooked the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS if the check succeeded, if a custom success code block was present. (The previous version of the check had an empty block for successful checks, adding the lib to LIBS implicitly.) Therefore, explicitly add either nettle or gcrypt to LIBS, after deciding which one to use. Even if they can be linked in transitively, it is safer to actually link explicitly to them. This fixes building with gnutls with linkers that don't allow linking transitively, such as for windows. - [Pierre Ynard brought this change] more resilient connection times among IP addresses When connecting to a domain with multiple IP addresses, allow different, decreasing connection timeout values. This should guarantee some connections attempts with sufficiently long timeouts, while still providing fallback. - [Pierre Ynard brought this change] remove write-only variable Pierre Joye (26 Jan 2012) - Merge branch 'master' of github.com:bagder/curl - - fix IPV6 and IDN options Yang Tse (25 Jan 2012) - TODO-RELEASE: added item #308 Daniel Stenberg (25 Jan 2012) - THANKS: imported contributors from 7.24.0 RELEASE-NOTES Yang Tse (25 Jan 2012) - test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit - version: start working on 7.24.1-DEV Dan Fandrich (24 Jan 2012) - curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions Version 7.24.0 (24 Jan 2012) Daniel Stenberg (24 Jan 2012) - RELEASE-NOTES: synced with 70f71bb99f7ed9 Synced and prepared for 7.24.0 release. Two security problems, one bug fix, two more contributors. - gnutls: enforced use of SSLv3 With advice from Nikos Mavrogiannopoulos, changed the priority string to add "actual priorities" and favour ARCFOUR. This makes libcurl work better when enforcing SSLv3 with GnuTLS. Both in the sense that the libmicrohttpd test is now working again but also that it mitigates a weakness in the older SSL/TLS protocols. Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html Reported by: Christian Grothoff - tests: test CRLF in URLs Related to the security vulnerability: CVE-2012-0036 Bug: http://curl.haxx.se/docs/adv_20120124.html - URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich - OpenSSL: don't disable security work-around OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around despite the fact that SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always disables the OpenSSL fix. In order to keep the secure work-around workding, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change makes sure of this. Reported by: product-security at Apple - RELEASE-NOTES: synced with 6e2fd2c9ea 3 more bugfixes, 3 more contributors - CURLOPT_ACCEPTTIMEOUT_MS: spellfix Dan Fandrich (20 Jan 2012) - examples: updated README with two new example programs Daniel Stenberg (20 Jan 2012) - URL parse: user name with ipv6 numerical address Using a URL with embedded user name and password didn't work if the host was given as a numerical IPv6 string, like ftp://user:password@[::1]/ Reported by: Brandon Wang Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html Yang Tse (20 Jan 2012) - telnet.c: fix OOM triggered segfault - testtrace.c: fix compiler warning - OpenSSL: follow-up for commit a20daf90e3 avoid checking preprocessor definition official value Pierre Joye (19 Jan 2012) - - s, use, enable, for options name, avoiding conflicts with the names used in the makefile Daniel Stenberg (19 Jan 2012) - curl.1: improve --stderr wording As is pointed out in this bug report, there can indeed be situation where --stderr has a point even when the "real" stderr can be redirected. Remove the superfluous and wrong comment. bug: http://curl.haxx.se/bug/view.cgi?id=3476020 - KNOWN_BUGS: can't receive zero bytes file properly http://curl.haxx.se/bug/view.cgi?id=3438362 Yang Tse (18 Jan 2012) - ssl session caching: fix compiler warnings Daniel Stenberg (18 Jan 2012) - polarssl: show cipher suite name correctly with 1.1.0 Apparently ssl_get_ciphersuite() is needed to get the name of the used cipher suite. - polarssl: show error code correctly The value was turned negative when it shouldn't have been - polarssl: havege_rand is not present in version 1.1.0 ... it is now named havege_random! Reported by: Robert Schumann Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html - RELEASE-NOTES: synced with 5d70a61b94604 5 more bug fixes, 1 more contributor - [Colin Hogben brought this change] Add two tests for telnet: URLs Add simple telnet tests which (ab)use the http server. The second test checks for an input file handling bug. - [Colin Hogben brought this change] Remove bogus optimisation of telnet upload. Remove wrongly implemented optimisation of telnet upload, apparently intended to allow the library to avoid manually polling for input. - [Colin Hogben brought this change] Use correct file descriptor for telnet upload. Fix a bug where input was read from stdin even when a different FILE * had been configured via CURLOPT_READDATA Yang Tse (18 Jan 2012) - OpenLDAP: fix LDAP connection phase memory leak bug: http://curl.haxx.se/bug/view.cgi?id=3474308 - [Johannes Bauer brought this change] OpenSSL: fix PKCS#12 certificate parsing related memory leak Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12 and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file. - OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull interoperability with web server Netscape Enterprise Server 2.0.1 released back in 1996 more than 15 years ago. Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate CVE-2010-4180 when using previous OpenSSL versions we no longer enable this option regardless of OpenSSL version and SSL_OP_ALL definition. - tests: enable time tracing on tests 500, 573 and 585 - tests: testtrace.[ch] provides debug callback for libtest usage Allows tests from the libtest subdir to generate log traces similar to those of curl with --tracetime and --trace-ascii options but with output going to stderr. - sws.c: fix proxy mode secondary connection monitoring condition - add LF termination to infof() trace string - sws.c: improve proxy mode torture testing support - followup to 18c6c8a5 Daniel Stenberg (16 Jan 2012) - url2file: new simple example Just showing how to download the contents of a given URL into a local file. Based on a suggestion and example code by Georg Potthast - imap.c: a dead simple imap example Just to show that IMAP is used just like other protocols Yang Tse (16 Jan 2012) - sws.c: improve proxy mode torture testing support - followup to c731fc58 - sws.c: improve proxy mode torture testing support - followup to d4bf87dc - Curl_proxyCONNECT() trace known bug #39 Daniel Stenberg (14 Jan 2012) - test: verify HTTP response code 308 This newly speced HTTP status code already works as intended in the new spec: http://greenbytes.de/tech/webdav/draft-reschke-http-status-308-02.html Test 1325 is added to verify that the method is kept after the redirect Yang Tse (13 Jan 2012) - http_negotiate_sspi.c: fix compiler warning - ssh.c: fix compiler warning - sws.c: improve proxy mode torture testing support Daniel Stenberg (12 Jan 2012) - RELEASE-NOTES: synced with 9f20379fe4 5 bug fixes, 3 more contributors - hostip: avoid getaddrinfo when c-ares is used Some functions using getaddrinfo and gethostbyname were still mistakingly being used/linked even if c-ares was selected as resolver backend. Reported by: Arthur Murray Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html Yang Tse (9 Jan 2012) - sws.c: replace sleep() usage with wait_ms() Daniel Stenberg (9 Jan 2012) - [gsengun brought this change] FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed Test 161 updated accordingly Yang Tse (8 Jan 2012) - sws.c: some compiler warning fixes - lib/setup.h: portable symbolic names for Winsock shutdown() mode flags - sws.c: 812fa73057 follow-up - sws.c: some IPv6 proxy mode peparatory adjustments Daniel Stenberg (5 Jan 2012) - curl.h: provide backwards compatible symbols In commit c834213ad52 we re-used some obsolete error codes, and here are two defines that makes sure existing source codes that happen to use any of these deprecated ones will still compile. As usual, define CURL_NO_OLDIES to avoid getting these "precaution defines". - win32-threaded-resolver: stop using a dummy socket Previously the code would create a dummy socket while resolving just to have curl_multi_fdset() return something but the non-win32 version doesn't do it this way and the creation and use of a socket that isn't made with the common create-socket callback can be confusing to apps using the multi_socket API etc. This change removes the dummy socket and thus will cause curl_multi_fdset() to return with maxfd == -1 more often. - [Peter Sylvester brought this change] OpenSSL: remove reference to openssl internal struct With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN cflag. This flag might become the default in some distant future. Yang Tse (4 Jan 2012) - test1320 test1321: avoid User-Agent comparison - httpserver.pl: reorder sws command line options make 'pidfile' and 'logfile' options appear first on command line in order to ensure that processing of other options which write to logfile do this to intended file and not the default one. - sws.c: fix proxy mode segfault - tool_formparse.c: fix compiler warning: enumerated type mixed with another type - krb5.c: fix compiler warning: variable set but not used Daniel Stenberg (4 Jan 2012) - KNOWN_BUGS: #77 CURLOPT_FORBID_REUSE kills NTLM - [Steve Holme brought this change] Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections. Fixed a problem in POP3 and IMAP where a connection would fail when CURLUSESSL_TRY was specified for a server that didn't support SSL/TLS connections rather than continuing. - [Steve Holme brought this change] Fixed incorrect error code being returned in STARTTLS The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html - curl_easy_setopt: refer to the most recent URI RFC - RELEASE-NOTES: synced with 2f4a487a68 Two bugfixes, two more contributors - tests: test IMAP, POP3 and SMTP over HTTP proxy tunnel - test proxy supports CONNECT There's a new 'http-proxy' server for tests that runs on a separate port and lets clients do HTTP CONNECT to other ports on the same host to allow us to test HTTP "tunneling" properly. Test cases now have a <proxy> section in <verify> to check that the proxy protocol part matches correctly. Test case 80, 83, 95, 275, 503 and 1078 have been converted. Test 1316 was added. - curl_easy_strerror.3: minor synopsis edit of the look Yang Tse (2 Jan 2012) - hostip.c: fix potential write past the end of string buffer - hostip.c: fix Curl_loadhostpairs() OOM handling - runtests.pl: on test failure, don't show trace log files of other tests Daniel Stenberg (1 Jan 2012) - Curl_input_negotiate: use the correct buffer for input Unfortunately we have no test cases for this and I have no SSPI build or server to verify this with. The change seems simple enough though. Bug: http://curl.haxx.se/bug/view.cgi?id=3466497 Reported by: Patrice Guerin - runtests: put trace outputs in log/trace[num] for all tests - just a stupid typo - SFTP dir: increase buffer size counter When the buffer gets realloced to hold the file name in the SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly. Reported by: Armel Asselin Patch by: Armel Asselin Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html - RELEASE-NOTES: synced with 81ebdd9e287 6 more bugfixes, 3 more contributors - create_hostcache_id: use the key lower cased ... to make sure the DNS cache is properly case insensitive - changed case: use new host name for subsequent HTTP requests When a HTTP connection is re-used for a subsequent request without proxy, it would always re-use the Host: header of the first request. As host names are case insensitive it would make curl send another host name case that what the particular request used. Now it will instead always use the most recent host name to always use the desired casing. Added test case 1318 to verify. Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html Reported by: Alex Vinnik - CURLOPT_RESOLVE: avoid adding already present host names The load host names to DNS cache function was moved to hostip.c and it now makes sure to not add host names that already are present in the cache. It would previously lead to memory leaks when for example using the --resolve and multiple URLs on the command line. Dan Fandrich (31 Dec 2011) - runtests.pl: Use logmsg more consistently Daniel Stenberg (30 Dec 2011) - [Alessandro Ghedini brought this change] examples: update README, Makefile.inc and gitignore with pop3s examples - [Alessandro Ghedini brought this change] examples: add a couple of simple pop3s examples These examples show how to fetch a single message (RETR command) and how to list all the messages in a given mailbox (LIST command), with authentication via SSL. They were both based on the https.c example. Yang Tse (30 Dec 2011) - removed execute file permission - removed trailing whitespace - ftpserver.pl: arbitrary application data splitting among TCP packets [II] Take in account that 'pingpong' server commands may arrive splitted among several sockfilt 'DATA' PDU's. - ftpserver.pl: arbitrary application data splitting among TCP packets [I] Initial step in order to allow our pingpong server to better support arbitrary application data splitting among TCP packets. This first commit only addresses reasembly of data that sockfilter processes reads from soockets and pingpong server later reads from sockfilters stdout. - testcurl.pl: 82c344a3 follow-up - testcurl.pl: log ACLOCAL_FLAGS - testcurl.pl: third party m4 warnings filtering adjustment Make testcurl.pl ignore messages pertaining to third party m4 files we don't care nor use on a file basis policy while retaining all other warnings. This closes temporary commit e71e226f Kamil Dudka (25 Dec 2011) - transfer: avoid unnecessary timeout event when waiting for 100-continue The commit 9dd85bc unintentionally changed the way we compute the time spent waiting for 100-continue. In particular, when using a SSL client certificate, the time spent by SSL handshake was included and could cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up. Bug: https://bugzilla.redhat.com/767490 Reported by: Mamoru Tasaka Yang Tse (25 Dec 2011) - transfer.c: move a logging statement placement - hash.c: fix OOM triggered segfault Daniel Stenberg (24 Dec 2011) - ftp_do_more: don't return success until all is done ftp_do_more() returns after accepting the server connect however it needs to fall through and set "*complete" to TRUE before exit from the function. Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html Reported by: Gokhan Sengun - Curl_do_more: fix typo logic In the recent do_more fix the new logic was mistakenly checking the pointer instead of what it points to. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html - SFTP mkdir: use correct permission When sending quote command to a SFTP server and 'mkdir' was used, it would send fixed permissions and not use the CURLOPT_NEW_DIRECTORY_PERMS as it should. Reported by: Armel Patch by: Armel Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html Yang Tse (23 Dec 2011) - buildconf: minor tweaks commit 430527a1 follow-up Daniel Stenberg (23 Dec 2011) - [Colin Hogben brought this change] Require a less ancient version of perl The INTERNALS document suggested that compatibility should be maintained with perl version 4, but this was untrue - scripts such as chksource.pl and runtests.pl use perl5-isms. - resolve: don't leak pre-populated dns entries CURLOPT_RESOLVE populates the DNS cache with entries that are marked as eternally in use. Those entries need to be taken care of when the cache is killed off. Bug: http://curl.haxx.se/bug/view.cgi?id=3463121 Reported by: "tw84452852" - new test: verify --resolve Test 1317 verifies --resolve (leaked memory) Bug: http://curl.haxx.se/bug/view.cgi?id=3463121 Reported by: "tw84452852" Yang Tse (23 Dec 2011) - testcurl.pl: temporary change Allow autobuilds to run a couple of days without filtering out aclocal underquoted definition warnings. Daniel Stenberg (21 Dec 2011) - operate: removed a single trailing space Dan Fandrich (21 Dec 2011) - --retry: Retry transfers on timeout and DNS errors Yang Tse (21 Dec 2011) - buildconf: minor tweaks - formdata.c: OOM handling fixes Daniel Stenberg (21 Dec 2011) - TODO: 1.7 Happy Eyeball dual stack connect Dan Fandrich (20 Dec 2011) - runtests.pl: Fixed perl warning when using the -l option Daniel Stenberg (20 Dec 2011) - RELEASE-NOTES: added two references - Curl_socket_check: enlarge poll struct array to 3 This function was introduced in commit 5527417afae0 and as pointed out by Gokhan Sengun, the array with poll structs must large enough to hold 3 sockets since that is what the function can accept. It could be noted that he had this fixed in his patch as posted in http://curl.haxx.se/mail/lib-2011-12/0179.html Bug: http://curl.haxx.se/mail/lib-2011-12/0228.html Reported by: Gokhan Sengun - RELEASE-NOTES: synced with 380bade777 5 new bugfixes, 2 new changes and 4 new contributors - TODO: remove active FTP from section 2.1 It is no longer done blocking in the multi interface - libcurl docs: add the new FTP accept option + errors - timeleft_accept: ack global timeout, moved to ftp.c First off the timeout for accepting a server connect back must of course respect a global timeout. Then the timeleft function is only used by ftp code so it was moved to ftp.c and made static. - libcurl-tutorial.3: curl doesn't sent pragma no-cache It did a long time ago - libcurl-multi.3: active FTP is no longer blocking! - FTP: move FTP-specific struct field to ftpc_conn "wait_data_conn" was added to the connectionbits in commit c834213ad5 for handling active FTP connections but as it is purely FTP specific and now only ever accessed by ftp.c I moved it into the FTP connection struct. - non-blocking active FTP: cleanup multi state usage Backpedaled out the funny double-change of state in the multi state machine by adding a new argument to the do_more() function to signal completion. This way it can remain in the DO_MORE state properly until done. Long term, the entire DO_MORE logic should be moved into the FTP code and be hidden from the multi code as the logic is only used for FTP. - [Gokhan Sengun brought this change] FTP: perform active connections non-blocking 1- Two new error codes are introduced. CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of FTP server connected. CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts. Neither of these errors are considered fatal and control connection remains OK because it could just be a firewall blocking server to connect to the client. 2- One new setopt option was introduced. CURLOPT_ACCEPTTIMEOUT_MS It sets the maximum amount of time FTP client is going to wait for a server to connect. Internal default accept timeout is 60 seconds. - sockets: new Curl_socket_check() can wait for 3 sockets This offers an alternative to the existing Curl_socket_ready() API which only checks one socket for read and one for write. - [CeÌdric Deltheil brought this change] curl.h: add __ANDROID__ macro check When working with the Android Standalone Toolchain the compiler defines this macro: /path/to/arm-linux-androideabi-gcc -E -dM - < /dev/null \ | grep -i android #define __ANDROID__ 1 We really need to check both ANDROID and __ANDROID__ since I've observed that: * if you use Android.mk file(s) and the 'ndk-build' script (aka vanilla way), ANDROID is predefined (see -DANDROID extra C flag), * if you use the Android Standalone Toolchain, then __ANDROID__ is predefined as stated by the compiler - lib500: verify timers relative each other As commit ce896875f8 fixed a timer that accidentally had been moved in code and then returned a bad timer, the lib500.c code (used in test 500 and some others) now verifies 5 timers against each other to verify that they have the correct relative values. We cannot compare against absolute values as the timings will vary a lot. - Curl_pgrsTime: store now in an auto variable It makes it easier to introduce debug outputs in this function, and everything in the function is using the value anyway so it might even be more efficient. - timer: restore PRETRANSFER timing Regression introduced in 7.23.0 with commit 9dd85bce. The function in which the PRETRANSFER time stamp was recorded was moved in time causing it be stored very quickly after the start timestamp. On most systems shorter than 1 millisecond and thus it wouldn't even show with -w "%{time_pretransfer}" using the command line tool. Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html Reported by: Toni Moreno - [Bernhard Reutner-Fischer brought this change] libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM Parameters were underquoted, resulting in warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> - gitignore: ignore the symbol versioning file - tutorial: remove CURLM_CALL_MULTI_PERFORM add sharing The CURLM_CALL_MULTI_PERFORM reference is an old leftover I had to remove. I also added some blurb to the previously blank "sharing" section. - [Alessandro Ghedini brought this change] configure: add symbols versioning option Allow, at configure time, the production of versioned symbols. The symbols will look like "CURL_<FLAVOUR>_<VERSION> <SYMBOL>", where <FLAVOUR> represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...), <VERSION> is the major SONAME version and <SYMBOL> is the actual symbol name. If no SSL library is enabled the symbols will be just "CURL_<VERSION> <SYMBOL>". - [Sven Wegener brought this change] Use Curl_ssl_connect for non-blocking connect fallback This gets the appconnect time right for ssl backends, which don't support non-blocking connects. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> - RELEASE-NOTES: synced with af9bc1604c1 One new feature, one bug fix. Introduced references in this file for mentioned issues after this discussion: http://curl.haxx.se/mail/lib-2011-12/0187.html The plan is to let the references get moved over to the changes.html file at release-time - curl.1: minor white space cleanup - [Alessandro Ghedini brought this change] docs: improve description of the --capath option Document the possibility of providing multiple values using the ":" separator, and the fact that the default value will be ignored if the option is used. - [Steve Holme brought this change] DOCS: Added SMTP information to CURLOPT_INFILESIZE - Curl_proxyCONNECT: use newlines in debug output - curl -F: fix multiple file upload with custom type Test case 1315 was added to verify this functionality. When passing in multiple files to a single -F, the parser would get all confused if one of the specified files had a custom type= assigned. Reported by: Colin Hogben - [Colin Hogben brought this change] New test for multiple file upload test 1315 checks correct behaviour when uploading multiple files. Buggy behaviour has been seen where only two attachments are sent. Yang Tse (15 Dec 2011) - configure: libtool 1.5 tweaks Daniel Stenberg (15 Dec 2011) - [Colin Hogben brought this change] Correct substitution var names Two variable names were wrong in the documentation. - [Colin Hogben brought this change] Correct default upload mimetype in manual The default content-type for file uploads is application/octet-stream, not text/plain as stated in the MANUAL. - [Alessandro Ghedini brought this change] docs: fix typo in curl_easy_setopt manpage Yang Tse (13 Dec 2011) - if2ip.[ch]: fix compilation with MinGW Avoid 'interface' literal that some MinGW versions define as a macro - connect.c: fix compiler warning 'enumerated type is mixed with another type' - if2ip.c: fix compiler warning 'unused parameter' - pop3.c: fix compiler warning variable may be used uninitialized - if2ip.c: fix compiler warning 'enumerated type is mixed with another type' Daniel Stenberg (12 Dec 2011) - [Jason Glasgow brought this change] CURLOPT_INTERFACE: avoid resolving interfaces names Do not try to resolve interfaces names via DNS by recognizing interface names in a few ways. If the interface option argument has a prefix of "if!" then treat the argument as only an interface. Similarly, if the interface argument is the name of an interface (even if it does not have an IP address assigned), treat it as an interface name. Finally, if the interface argument is prefixed by "host!" treat it as a hostname that must be resolved by /etc/hosts or DNS. These changes allow a client using the multi interfaces to avoid blocking on name resolution if the interface loses its IP address or disappears. - RELEASE-NOTES: synced with 1259ccf7474 5 more bugfixes, 5 more contributors - [Steve Holme brought this change] ConnectionExists: Fix reuse for TLS upgraded connections Fixed the connection reuse detection in ConnectionExists() when comparing a new connection that is non-SSL based against that of a SSL based connection that has become so by being upgraded via TLS. - create_conn: don't switch to HTTP protocol if tunneling is enabled This is a regression since who knows when. When spotting that a HTTP proxy is used we must not uncondititionally enable the HTTP protocol since if we do tunneling through the proxy we're still using the target protocol. Reported by: Naveen Chandran - FAQ: add --resolve details to question 3.19 - [Gokhan Sengun brought this change] Curl_closesocket: clear sock_accepted on close As a follow-up from commit d5b5f64bce3a8, clear the sock_accepted status when such a socket is closed to avoid a re-used connection to retain the state wrongly. Bug: http://curl.haxx.se/mail/lib-2011-12/0079.html - static SSL windows builds: add more libs to the link Starting with some recent OpenSSL versions (1.0.0e was mentioned) linking with a static openssl requires a set of more libs to be linked on Windows. Thanks also to Steve Holme and Martin Storsjö for additional feedback. Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html Reported by: Ward Willats - [Gokhan Sengun brought this change] multi interface: fix block when CONNECT_ONLY option is used Dan Fandrich (6 Dec 2011) - Added some include files in a couple of example programs This improves portability of the examples. This patch was submitted to the OpenBSD ports collection by naddy. Daniel Stenberg (6 Dec 2011) - MakefileBuild: fix the static build This is a left-over fix from commit b7e242de0e that Tom Wright suggested. Reported by: Ward Willats - OpenSSL: check for the SSLv2 function in configure If no SSLv2 was detected in OpenSSL by configure, then we enforce the OPENSSL_NO_SSL2 define as it seems some people report it not being defined properly in the OpenSSL headers. - CURLOPT_CONNECTTIMEOUT: default is 300 seconds If the option is set to 0, the default timeout will be used - which in modern libcurl versions equals 300 seconds (== 5 minutes). Bug: http://curl.haxx.se/mail/lib-2011-12/0051.html Reported by: Vladimir Grishchenko - [Rob Ward brought this change] progress function example: include timed interval Adds a timer based off of CURLINFO_TOTAL_TIME that is used to perform certain actions after a minimum amount of time has passed using the progress function. As a consequence the curl handle is now also passed into the progress function. Progress example now also includes an example of how to retreive the TOTAL_TIME and print it out. - RELEASE-NOTES: synced with 347f951c390 8 more bugs, 5 more contributors - SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 When a 32 digit hex key is given as a hostkey md5 checksum, the code would still run it against the knownhost check and not properly acknowledge that the md5 should then be the sole guide for. The verbose output now includes the evaluated MD5 hostkey checksum. Some related source code comments were also updated. Bug: http://curl.haxx.se/bug/view.cgi?id=3451592 Reported by: Reza Arbab - Curl_resolver_is_resolved: differentiate between host/proxy errors As there are different return codes for host vs proxy errors, this function now properly returns the code properly depending on what was attempted to get resolved. Bug: http://curl.haxx.se/mail/archive-2011-12/0010.html Reported by: Jason Liu - c-ares: return proxy failure for all proxy types When making a distinction which return code to return, the code previously only regarded HTTP proxies to be proxies and thus return host-related errors for failures on other proxy types than HTTP. Now all proxy types will be considered proxies... - FTP: close callback fix Keep track of which sockets that are the result of accept() calls and refuse to call the closesocket callback for those sockets. Test case 596 now verifies that the open socket callback is called the same number of times as the closed socket callback for active FTP connections. Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html Reported by: Gokhan Sengun - FTP: call opensocket callback properly When the new socket is created for an active connection, it is now done using the open socket callback. Test case 596 was modified to run fine, although it hides the fact that the close callback is still called too many times, as it also gets called for closing sockets that were created with accept(). - Curl_socket: internal replacement for socket() Moved out into a separate function to work as a "generic" socket() replacement. - test: verify the opensocket callback for FTP test 595: for passive FTP test 596: for active FTP - [Jason Glasgow brought this change] CURLOPT_DNS_SERVERS: set name servers if possible (fix) Ensure that CURLE_OK is returned if setting the name servers is successfull. - multi interface: only use non-NULL function pointer! If the socket callback function pointer hasn't been set, we must not attempt to use it. Commit adc88ca20 made it more likely to occur. - [Jason Glasgow brought this change] multi: handle timeouts on DNS servers by checking for new sockets If the first name server is not available, the multi interface does not invoke the socket_cb when the DNS request to the first name server timesout. Ensure that the list of sockets are always updated after calling Curl_resolver_is_resolved. This bug can be reproduced if Curl is complied with --enable_ares and your code uses the multi socket interfaces and the CURLMOPT_SOCKETFUNCTION option. To test try: iptables -I INPUT \ -s $(sed -n -e '/name/{s/.* //p;q}' /etc/resolv.conf)/32 \ -j REJECT and then run a program which uses the multi-interface. - test 815: verify POP3 dot-first-on-line unescaping