diff -Nru curl-7.38.0/acinclude.m4 curl-7.43.0/acinclude.m4 --- curl-7.38.0/acinclude.m4 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/acinclude.m4 2015-06-11 17:50:43.000000000 +0000 @@ -2452,23 +2452,6 @@ ]) -# This is only a temporary fix. This macro is here to replace the broken one -# delivered by the automake project (including the 1.9.6 release). As soon as -# they ship a working version we SHOULD remove this work-around. - -AC_DEFUN([AM_MISSING_HAS_RUN], -[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" -# Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " -else - am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) -fi -]) - - dnl CURL_VERIFY_RUNTIMELIBS dnl ------------------------------------------------- dnl Verify that the shared libs found so far can be used when running @@ -2607,15 +2590,16 @@ if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl both given - AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.]) + ca="$want_ca" + capath="$want_capath" elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then dnl --with-ca-bundle given ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given - if test "x$OPENSSL_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-path only works with openSSL]) + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) fi capath="$want_capath" ca="no" @@ -2669,11 +2653,13 @@ AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle]) AC_SUBST(CURL_CA_BUNDLE) AC_MSG_RESULT([$ca]) - elif test "x$capath" != "xno"; then + fi + if test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path]) AC_MSG_RESULT([$capath (capath)]) - else + fi + if test "x$ca" = "xno" && test "x$capath" = "xno"; then AC_MSG_RESULT([no]) fi ]) diff -Nru curl-7.38.0/aclocal.m4 curl-7.43.0/aclocal.m4 --- curl-7.38.0/aclocal.m4 2014-09-04 20:42:22.000000000 +0000 +++ curl-7.43.0/aclocal.m4 2015-06-15 21:31:46.000000000 +0000 @@ -103,10 +103,9 @@ # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- diff -Nru curl-7.38.0/buildconf curl-7.43.0/buildconf --- curl-7.38.0/buildconf 2014-08-25 21:45:11.000000000 +0000 +++ curl-7.43.0/buildconf 2015-06-11 17:50:43.000000000 +0000 @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -190,32 +190,32 @@ fi #-------------------------------------------------------------------------- -# GNU libtool preliminary check +# GNU libtoolize preliminary check # want_lt_major=1 want_lt_minor=4 want_lt_patch=2 want_lt_version=1.4.2 -# This approach that tries 'glibtool' first is intended for systems that -# have GNU libtool named as 'glibtool' and libtool not being GNU's. +# This approach that tries 'glibtoolize' first is intended for systems that +# have GNU libtool named as 'glibtoolize' and libtoolize not being GNU's. -libtool=`findtool glibtool 2>/dev/null` -if test ! -x "$libtool"; then - libtool=`findtool ${LIBTOOL:-libtool}` +libtoolize=`findtool glibtoolize 2>/dev/null` +if test ! -x "$libtoolize"; then + libtoolize=`findtool ${LIBTOOLIZE:-libtoolize}` fi -if test -z "$libtool"; then - echo "buildconf: libtool not found." - echo " You need GNU libtool $want_lt_version or newer installed." +if test -z "$libtoolize"; then + echo "buildconf: libtoolize not found." + echo " You need GNU libtoolize $want_lt_version or newer installed." exit 1 fi -lt_pver=`$libtool --version 2>/dev/null|head -n 1` +lt_pver=`$libtoolize --version 2>/dev/null|head -n 1` lt_qver=`echo $lt_pver|sed -e "s/([^)]*)//g" -e "s/^[^0-9]*//g"` lt_version=`echo $lt_qver|sed -e "s/[- ].*//" -e "s/\([a-z]*\)$//"` if test -z "$lt_version"; then - echo "buildconf: libtool not found." - echo " You need GNU libtool $want_lt_version or newer installed." + echo "buildconf: libtoolize not found." + echo " You need GNU libtoolize $want_lt_version or newer installed." exit 1 fi old_IFS=$IFS; IFS='.'; set $lt_version; IFS=$old_IFS @@ -245,27 +245,12 @@ lt_status="good" fi if test "$lt_status" != "good"; then - echo "buildconf: libtool version $lt_version found." - echo " You need GNU libtool $want_lt_version or newer installed." + echo "buildconf: libtoolize version $lt_version found." + echo " You need GNU libtoolize $want_lt_version or newer installed." exit 1 fi -echo "buildconf: libtool version $lt_version (ok)" - -#-------------------------------------------------------------------------- -# GNU libtoolize check -# -if test -z "$LIBTOOLIZE"; then - # use (g)libtoolize from same location as (g)libtool - libtoolize="${libtool}ize" -else - libtoolize=`findtool $LIBTOOLIZE` -fi -if test ! -f "$libtoolize"; then - echo "buildconf: libtoolize not found." - echo " You need GNU libtoolize $want_lt_version or newer installed." - exit 1 -fi +echo "buildconf: libtoolize version $lt_version (ok)" #-------------------------------------------------------------------------- # m4 check @@ -333,6 +318,8 @@ ltsugar.m4 \ ltversion.m4 \ lt~obsolete.m4 \ + missing \ + install-sh \ stamp-h1 \ stamp-h2 \ stamp-h3 ; do @@ -344,7 +331,7 @@ # echo "buildconf: running libtoolize" -${libtoolize} --copy --automake --force || die "libtoolize command failed" +${libtoolize} --copy --force || die "libtoolize command failed" # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4 # subdirectory and this local copy is patched to fix some warnings that diff -Nru curl-7.38.0/CHANGES curl-7.43.0/CHANGES --- curl-7.38.0/CHANGES 2014-09-10 06:20:20.000000000 +0000 +++ curl-7.43.0/CHANGES 2015-06-17 05:57:03.000000000 +0000 @@ -6,4882 +6,5212 @@ Changelog -Version 7.38.0 (10 Sep 2014) +Version 7.43.0 (17 Jun 2015) -Daniel Stenberg (10 Sep 2014) -- dist: two cmake files are no more - - CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b +Daniel Stenberg (17 Jun 2015) +- RELEASE-NOTES: 7.43.0 release + +- THANKS: updated with 7.43.0 names -- RELEASE-NOTES: final update for 7.38.0 +- [Kamil Dudka brought this change] -- cookies: reject incoming cookies set for TLDs + http: do not leak basic auth credentials on re-used connections - Test 61 was modified to verify this. + CVE-2015-3236 - CVE-2014-3620 + This partially reverts commit curl-7_39_0-237-g87c4abb - Reported-by: Tim Ruehsen - URL: http://curl.haxx.se/docs/adv_20140910B.html + Reported-by: Tomas Tomecek, Kamil Dudka + Bug: http://curl.haxx.se/docs/adv_20150617A.html + +- [Kamil Dudka brought this change] -- [Tim Ruehsen brought this change] + test2040: verify basic auth on re-used connections - cookies: only use full host matches for hosts used as IP address +- SMB: rangecheck values read off incoming packet - By not detecting and rejecting domain names for partial literal IP - addresses properly when parsing received HTTP cookies, libcurl can be - fooled to both send cookies to wrong sites and to allow arbitrary sites - to set cookies for others. + CVE-2015-3237 - CVE-2014-3613 + Detected by Coverity. CID 1299430. - Bug: http://curl.haxx.se/docs/adv_20140910A.html - -- HISTORY: fix the 1998 title position - -- HISTORY: extended and now markdown + Bug: http://curl.haxx.se/docs/adv_20150617B.html -- SSLCERTS: converted to markdown +Jay Satiro (17 Jun 2015) +- schannel: schannel_recv overhaul + + This commit is several drafts squashed together. The changes from each + draft are noted below. If any changes are similar and possibly + contradictory the change in the latest draft takes precedence. + + Bug: https://github.com/bagder/curl/issues/244 + Reported-by: Chris Araman + + %% + %% Draft 1 + %% + - return 0 if len == 0. that will have to be documented. + - continue on and process the caches regardless of raw recv + - if decrypted data will be returned then set the error code to CURLE_OK + and return its count + - if decrypted data will not be returned and the connection has closed + (eg nread == 0) then return 0 and CURLE_OK + - if decrypted data will not be returned and the connection *hasn't* + closed then set the error code to CURLE_AGAIN --only if an error code + isn't already set-- and return -1 + - narrow the Win2k workaround to only Win2k + + %% + %% Draft 2 + %% + - Trying out a change in flow to handle corner cases. + + %% + %% Draft 3 + %% + - Back out the lazier decryption change made in draft2. + + %% + %% Draft 4 + %% + - Some formatting and branching changes + - Decrypt all encrypted cached data when len == 0 + - Save connection closed state + - Change special Win2k check to use connection closed state + + %% + %% Draft 5 + %% + - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the + connection isn't closed. + + %% + %% Draft 6 + %% + - Save the last error only if it is an unrecoverable error. + + Prior to this I saved the last error state in all cases; unfortunately + the logic to cover that in all cases would lead to some muddle and I'm + concerned that could then lead to a bug in the future so I've replaced + it by only recording an unrecoverable error and that state will persist. + + - Do not recurse on renegotiation. + + Instead we'll continue on to process any trailing encrypted data + received during the renegotiation only. + + - Move the err checks in cleanup after the check for decrypted data. + + In either case decrypted data is always returned but I think it's easier + to understand when those err checks come after the decrypted data check. + + %% + %% Draft 7 + %% + - Regardless of len value go directly to cleanup if there is an + unrecoverable error or a close_notify was already received. Prior to + this change we only acknowledged those two states if len != 0. - Only minor edits to make it generate nice HTML output using markdown, as - this document serves both in source release tarballs as on the web site. + - Fix a bug in connection closed behavior: Set the error state in the + cleanup, because we don't know for sure it's an error until that time. - URL: http://curl.haxx.se/docs/sslcerts.html + - (Related to above) In the case the connection is closed go "greedy" + with the decryption to make sure all remaining encrypted data has been + decrypted even if it is not needed at that time by the caller. This is + necessary because we can only tell if the connection closed gracefully + (close_notify) once all encrypted data has been decrypted. + + - Do not renegotiate when an unrecoverable error is pending. + + %% + %% Draft 8 + %% + - Don't show 'server closed the connection' info message twice. + + - Show an info message if server closed abruptly (missing close_notify). -- ftp-wildcard.c: spell fix +Daniel Stenberg (16 Jun 2015) +- [Paul Oliver brought this change] + + Fix typo in docs - Reported-By: Frank Gevaerts + s/curret/current/ -- RELEASE-NOTES: synced with 921a0c22a6f +- [Viktor Szakats brought this change] -- THANKS: synced with RELEASE-NOTES for 921a0c22a6f + docs: update URLs -- polarassl: avoid memset() when clearing the first byte is enough +- RELEASE-NOTES: synced with f29f2cbd00dbe5f -- [Catalin Patulea brought this change] +- [Viktor Szakats brought this change] - polarssl: support CURLOPT_CAPATH / --capath - - Signed-off-by: Catalin Patulea + README: use secure protocol for Git repository -- SECURITY: eh, make more sense! +- [Viktor Szakats brought this change] -- SECURITY: how to join the curl-security list + HTTP2.md: use SSL/TLS IETF URLs -- RELEASE-NOTES: fix the required nghttp2 version typo +- [Viktor Szakats brought this change] -- [Brandon Casey brought this change] + LICENSE-MIXING: update URLs + + * use SSL/TLS where available + * follow permanent redirects + +- LICENSE-MIXING: refreshed + +- curl_easy_duphandle: see also *reset - Ensure progress.size_dl/progress.size_ul are always >= 0 +- rtsp_do: fix DEAD CODE - Historically the default "unknown" value for progress.size_dl and - progress.size_ul has been zero, since these values are initialized - implicitly by the calloc that allocates the curl handle that these - variables are a part of. Users of curl that install progress - callbacks may expect these values to always be >= 0. + "At condition p_request, the value of p_request cannot be NULL." - Currently it is possible for progress.size_dl and progress.size_ul - to by set to a value of -1, if Curl_pgrsSetDownloadSize() or - Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few - places currently do, and a following patch will add more). So - lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() - so they make sure that these variables always contain a value that - is >= 0. + Coverity CID 1306668. + +- security:choose_mech fix DEAD CODE warning - Updates test579 and test599. + ... by removing the "do {} while (0)" block. - Signed-off-by: Brandon Casey + Coverity CID 1306669 -Steve Holme (7 Sep 2014) -- tests: Added test1420 to the makefile +- curl.1: netrc is in man section 5 -- test1420: Removed unnecessary CURLOPT setting +- curl.1: small format fix + + use \fI-style instead of .BR for references -- tests: Added more "Clear Text" authentication keywords +- urldata: store POST size in state.infilesize too + + ... to simplify checking when PUT _or_ POST have completed. + + Reported-by: Frank Meier + Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html -- tests: Updated "based on" text due to email test renumbering +Dan Fandrich (14 Jun 2015) +- test1530: added http to required features -- tests: For consistency added --libcurl to test name +Jay Satiro (14 Jun 2015) +- [Drake Arconis brought this change] -- tests: Added --libcurl for IMAP test case + build: Fix typo from OpenSSL 1.0.2 version detection fix -- multi.c: Avoid invalid memory read after free() from commit 3c8c873252 - - As the current element in the list is free()d by Curl_llist_remove(), - when the associated connection is pending, reworked the loop to avoid - accessing the next element through e->next afterward. +- [Drake Arconis brought this change] -- multi.c: Fixed compilation warning from commit 3c8c873252 - - warning: implicit conversion from enumeration type 'CURLMcode' to - different enumeration type 'CURLcode' + build: Properly detect OpenSSL 1.0.2 when using configure -- url.c: Use CURLAUTH_NONE constant rather than 0 - - Small follow up to commit 898808fa8c to use auth constants rather than - hard code value when clearing picked authentication mechanism. +- curl_multi_info_read.3: fix example formatting -- RELEASE-NOTES: Synced with fd1ce3856a +Daniel Stenberg (13 Jun 2015) +- BINDINGS: there's a new R binding in town! -Nick Zitzmann (4 Sep 2014) -- [Vilmos Nebehaj brought this change] +- BINDINGS: added the Xojo binding - darwinssl: Use CopyCertSubject() to check CA cert. - - SecCertificateCopyPublicKey() is not available on iPhone. Use - CopyCertSubject() instead to see if the certificate returned by - SecCertificateCreateWithData() is valid. +Jay Satiro (11 Jun 2015) +- [Joel Depooter brought this change] + + schannel: Add support for optional client certificates - Reported-by: Toby Peterson + Some servers will request a client certificate, but not require one. + This change allows libcurl to connect to such servers when using + schannel as its ssl/tls backend. When a server requests a client + certificate, libcurl will now continue the handshake without one, + rather than terminating the handshake. The server can then decide + if that is acceptable or not. Prior to this change, libcurl would + terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS + error. -Steve Holme (4 Sep 2014) -- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI +Daniel Stenberg (11 Jun 2015) +- curl_easy_cleanup.3: provide more SEE ALSO -Daniel Stenberg (4 Sep 2014) -- MAIL-ETIQUETTE: "1.8 I posted, now what?" +- debug: remove http2 debug leftovers -- CURLOPT_CA*: better refering between *CAINFO and *CAPATH - - ... and a minor wording edit +- VERSIONS: now using markdown -- THANKS: added Dennis Clarke - - Dennis Clarke from Blastwave.org for ensuring that nightly builds run - smooth on Solaris! +- RELEASE-PROCEDURE: remove ascii logo at the top of file -- curl_multi_cleanup: remove superfluous NULL assigns - - ... as the struct is free()d in the end anyway. It was first pointed out - to me that one of the ->msglist assignments were supposed to have been - ->pending but was a copy and paste mistake when I realized none of the - clearing of pointers had to be there. +- INTERNALS: absorbed docs/LIBCURL-STRUCTS -- multi: convert CURLM_STATE_CONNECT_PEND handling to a list - - ... instead of scanning through all handles, stash only the actual - handles that are in that state in the new ->pending list and scan that - list only. It should be mostly empty or very short. And only used for - pipelining. +- INTERNALS: cat lib/README* >> INTERNALS - This avoids a rather hefty slow-down especially notable if you add many - handles to the same multi handle. Regression introduced in commit - 0f147887 (version 7.30.0). + and a conversion to markdown. Removed the lib/README.* files. The idea + being to move toward having INTERNALS as the one and only "book" of + internals documentation. - Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html - Reported-by: David Meyer + Added a TOC to top of the document. -- RELEASE-NOTES: synced with e608324f9f9 +Jay Satiro (8 Jun 2015) +- openssl: LibreSSL and BoringSSL do not use TLS_client_method + + Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of + TLS_client_method LibreSSL and BoringSSL didn't and still use + SSLv23_client_method. + + Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 + Reported-by: asavah@users.noreply.github.com -- [Andre Heinecke brought this change] +Daniel Stenberg (9 Jun 2015) +- RELEASE-NOTES: synced with 20ac3458068 - polarssl: implement CURLOPT_SSLVERSION +- CURLOPT_OPENSOCKETFUNCTION: return error at once - Forwards the setting as minimum ssl version (if set) to polarssl. If - the server does not support the requested version the SSL Handshake will - fail. + When CURL_SOCKET_BAD is returned in the callback, it should be treated + as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently + created when trying to connect to a server. - Bug: http://curl.haxx.se/bug/view.cgi?id=1419 + Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html -nickzman (1 Sep 2014) -- Merge pull request #115 from ldx/darwinsslfixpr - - darwinssl: now accepts cacert bundles in PEM format in addition to single certs +- fopen.c: fix a few compiler warnings -Vilmos Nebehaj (1 Sep 2014) -- Check CA certificate in curl_darwinssl.c. - - SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even - if the buffer holds an invalid or corrupt certificate. Call - SecCertificateCopyPublicKey() to make sure cacert is a valid - certificate. +- [Ville Skyttä brought this change] -Daniel Stenberg (31 Aug 2014) -- low-speed-limit: avoid timeout flood - - Introducing Curl_expire_latest(). To be used when we the code flow only - wants to get called at a later time that is "no later than X" so that - something can be checked (and another timeout be added). + docs: Spelling fixes + +- [Ville Skyttä brought this change] + + docs: man page indentation and syntax fixes + +Linus Nielsen (8 Jun 2015) +- help: Add --proxy-service-name and --service-name to the --help output + +Jay Satiro (7 Jun 2015) +- openssl: Fix verification of server-sent legacy intermediates - The low-speed logic for example could easily be made to set very many - expire timeouts if it would be called faster or sooner than what it had - set its own timer and this goes for a few other timers too that aren't - explictiy checked for timer expiration in the code. + - Try building a chain using issuers in the trusted store first to avoid + problems with server-sent legacy intermediates. - If there's no condition the code that says if(time-passed >= TIME), then - Curl_expire_latest() is preferred to Curl_expire(). + Prior to this change server-sent legacy intermediates with missing + legacy issuers would cause verification to fail even if the client's CA + bundle contained a valid replacement for the intermediate and an + alternate chain could be constructed that would verify successfully. - If there exists such a condition, it is on the other hand important that - Curl_expire() is used and not the other. + https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + +Daniel Stenberg (5 Jun 2015) +- BINDINGS: update several URLs - Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html - Reported-by: Florian Weimer + Stop linking to the curl.haxx.se anchor pages, they are usually only + themselves pointers to the real page so better point there directly + instead. -- [Michael Wallner brought this change] +- BINDINGS: the curl-rust binding - resolve: cache lookup for async resolvers +- curl.h: add CURL_HTTP_VERSION_2 - While waiting for a host resolve, check if the host cache may have - gotten the name already (by someone else), for when the same name is - resolved by several simultanoues requests. + The protocol is named "HTTP/2" after all. It is an alias for the + existing CURL_HTTP_VERSION_2_0 enum. + +- openssl: removed error string #ifdef - The resolver thread occasionally gets stuck in getaddrinfo() when the - DNS or anything else is crappy or slow, so when a host is found in the - DNS cache, leave the thread alone and let itself cleanup the mess. + ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore -Vilmos Nebehaj (30 Aug 2014) -- Fix CA certificate bundle handling in darwinssl. +- openssl: removed USERDATA_IN_PWD_CALLBACK kludge - If the --cacert option is used with a CA certificate bundle that - contains multiple CA certificates, iterate through it, adding each - certificate as a trusted root CA. + Code for OpenSSL 0.9.4 serves no purpose anymore! -Daniel Stenberg (29 Aug 2014) -- [Askar Safin brought this change] +- openssl: remove SSL_get_session()-using code + + It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or + later. - getinfo-times: Typo fixed +- openssl: remove dummy callback use from SSL_CTX_set_verify() + + The existing callback served no purpose. -- [Askar Safin brought this change] +- LIBCURL-STRUCTS: clarify for multiplexing - libcurl.3: Typo fixed +Jay Satiro (3 Jun 2015) +- cookie: Stop exporting any-domain cookies + + Prior to this change any-domain cookies (cookies without a domain that + are sent to any domain) were exported with domain name "unknown". + + Bug: https://github.com/bagder/curl/issues/292 -- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen +Daniel Stenberg (3 Jun 2015) +- RELEASE-PROCEDURE: refreshed 'coming dates' + +Jay Satiro (2 Jun 2015) +- curl_setup: Change fopen text macros to use 't' for MSDOS + + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 + Reported-by: Gisle Vanem -- curl.1: add an example for -H +Daniel Stenberg (2 Jun 2015) +- curl_multi_timeout.3: added example -- FAQ: mention -w in the 4.20 answer as well +- curl_multi_perform.3: added example -- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses +- curl_multi_info_read.3: added example -- CURLOPT_NOBODY.3: clarify this option is for downloads +- checksrc: detect fopen() for text without the FOPEN_* macros - When enabling CURLOPT_NOBODY, libcurl effectively switches off upload - mode and will do a download (without a body). This is now better - explained in this man page. + Follow-up to e8423f9ce150 with discussionis in + https://github.com/bagder/curl/pull/258 - Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html - Reported-by: John Coffey + This check scans for fopen() with a mode string without 'b' present, as + it may indicate that an FOPEN_* define should rather be used. -- INTERNALS: nghttp2 must be 0.6.0 or later +- curl_getdate.3: update RFC reference -- [Tatsuhiro Tsujikawa brought this change] - - Compile with latest nghttp2 +Jay Satiro (1 Jun 2015) +- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT + + - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" + - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" + + This change is to explicitly specify when we need to read/write text. + Unfortunately 't' is not part of POSIX fopen so we can't specify it + directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. + + Prior to this change we had an issue on Windows if an application that + uses libcurl overrides the default file mode to binary. The default file + mode in Windows is normally text mode (translation mode) and that's what + libcurl expects. + + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 + Reported-by: Orgad Shaneh -Dan Fandrich (26 Aug 2014) -- THANKS: removed a few more duplicates +Daniel Stenberg (1 Jun 2015) +- http2-upload.c: use PIPEWAIT for playing HTTP/2 better -Daniel Stenberg (26 Aug 2014) -- RELEASE-NOTES: synced with 007242257683a +- http2-download: check for CURLPIPE_MULTIPLEX properly - ... and bumped the contributor amount after recount + Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html + Reported-by: Rafayel Mkrtchyan -- THANKS: added 52 missing contributors - - I re-ran contributors.sh on all changes since 7.10 and I found these - contributors who are mentioned in the commits but never were added to - THANKS before! +- [Isaac Boukris brought this change] + + HTTP-NTLM: fail auth on connection close instead of looping - I also removed a couple of duplicates (mostly due to different - spellings). + Bug: https://github.com/bagder/curl/issues/256 -- contributors: grep and sort case insensitively +- 5.6 Refuse "downgrade" redirects -- [Michael Osipov brought this change] +- README.pingpong: removed - configure.ac: Add support for recent GSS-API implementations for HP-UX - - By default, configure script assumes that libcurl will use the - HP-supplied GSS-API implementation which does not have krb5-config. - If a dev needs a more recent version which has that config script, - the change will allow to pass an appropriate GSSAPI_ROOT. +- ROADMAP: remove HTTP/2 multiplexing - its here now -- CONNECT: close proxy connections that fail to CONNECT - - This is usually due to failed auth. There's no point in us keeping such - a connection alive since it shouldn't be re-used anyway. - - Bug: http://curl.haxx.se/bug/view.cgi?id=1381 - Reported-by: Marcel Raad +- HTTP2.md: formatted properly -- RELEASE-NOTES: added two missing HTTP/2 bug fixes - - And renamed all http2 references to HTTP/2 in this file +- HTTP2: moved docs into docs/ and make it markdown -- RELEASE-NOTES: synced with f646e9075f47 +- README.http2: refreshed and added multiplexing info -- [Jakub Zakrzewski brought this change] +- dist: add the http2 examples - Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows - - At this point I can build libcurl on windows. It provides at least the same - list of protocols as for linux build and works with our software. +- http2 examples: clean up some comments -- [Jakub Zakrzewski brought this change] +- examples: added two programs doing multiplexed HTTP/2 - Cmake: Removed repeated content from ending blocks - - They are unnecesary in modern CMake and removing them improves readability. +- scripts: moved contributors.sh and contrithanks.sh into subdir -- [Jakub Zakrzewski brought this change] +- RELEASE-NOTES: synced with c005790ff1c0a - Cmake: Removed some useless empty SET statements. - - Undefined variables resolve to empty strings and we do not ever test if - the variable is defined thus those SETs are superfluous. +- [Daniel Melani brought this change] -- [Jakub Zakrzewski brought this change] + openssl: typo in comment - Cmake: Removed useless comments from CMakeLists.txt +Jay Satiro (27 May 2015) +- openssl: Use TLS_client_method for OpenSSL 1.1.0+ + + SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The + equivalent is TLS_client_method. - They look like some relics after changes. + https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557 -- [Jakub Zakrzewski brought this change] +Daniel Stenberg (26 May 2015) +- FAQ: How do I port libcurl to my OS? - Cmake: Don't check for all headers each time +Jay Satiro (25 May 2015) +- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain - One header at a time is the right way. Apart from that the output on - windows goes from: - ... - -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h - -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h - - found - -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock2.h - -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock2.h - found - -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi - o.h - -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi - o.h - found - -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind - ows.h - -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind - ows.h - found - -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock.h - -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock.h - found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - filio.h - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - filio.h - not found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - ioctl.h - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - ioctl.h - not found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - resource.h - ... + Document that if Set-Cookie is used without a domain then the cookie is + sent for any domain and will not be modified. - To much nicer: - ... - -- Looking for ws2tcpip.h - -- Looking for ws2tcpip.h - found - -- Looking for winsock2.h - -- Looking for winsock2.h - found - -- Looking for stdio.h - -- Looking for stdio.h - found - -- Looking for windows.h - -- Looking for windows.h - found - -- Looking for winsock.h - -- Looking for winsock.h - found - -- Looking for sys/filio.h - -- Looking for sys/filio.h - not found - -- Looking for sys/ioctl.h - -- Looking for sys/ioctl.h - not found - -- Looking for sys/resource.h + Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html + Reported-by: Alexander Dyagilev -- [Jakub Zakrzewski brought this change] +Daniel Stenberg (25 May 2015) +- [Tatsuhiro Tsujikawa brought this change] - Cmake: Append OpenSSL include directory to search path + http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer - At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2. - Supported protocols are at least: - HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP - (those are the ones we have regression tests for - in our product's testsuite) + Previously, after seeing upgrade to HTTP/2, we feed data followed by + upgrade response headers directly to nghttp2_session_mem_recv() in + Curl_http2_switched(). But it turns out that passed buffer, mem, is + part of stream->mem, and callbacks called by + nghttp2_session_mem_recv() will write stream specific data into + stream->mem, overwriting input data. This will corrupt input, and + most likely frame length error is detected by nghttp2 library. The + fix is first copy the passed data to HTTP/2 connection buffer, + httpc->inbuf, and call nghttp2_session_mem_recv(). -- [Jakub Zakrzewski brought this change] +Jay Satiro (24 May 2015) +- CURLOPT_COOKIE.3: Explain that the cookies won't be modified + + The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the + outgoing request(s)." However there seems to be some user confusion + about cookie modification. Document that the cookies set by this option + are not modified by the cookie engine. + + Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html + Reported-by: Alexander Dyagilev - Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code. +- CURLOPT_COOKIELIST.3: Add example -- [Jakub Zakrzewski brought this change] +Dan Fandrich (24 May 2015) +- testcurl.pl: use rel2abs to make the source directory absolute + + This function makes a platform-specific absolute path which uses + backslashes on Windows. This form works when passing it on the + command-line, as well as if the source is on another drive. - Cmake: LibSSH2 detection and use. +- conncache: fixed memory leak on OOM (torture tests) -- [Jakub Zakrzewski brought this change] +Daniel Stenberg (24 May 2015) +- perl: remove subdir, not touched in 9 years - Cmake: Moved macros out of the main CMakeLists.txt +- log2changes.pl: moved to scripts/ -- [Jakub Zakrzewski brought this change] +- [Alessandro Ghedini brought this change] - Cmake: Added missing protocol-disable switches - - They already have their defines in config.h. This makes it possible to - disable the protocols from command line during configure step. + scripts: add zsh.pl for generating zsh completion -- [Jakub Zakrzewski brought this change] +Dan Fandrich (23 May 2015) +- test1510: another flaky test - Cmake: Made boolean defines be defined to "1" instead of "ON" +Daniel Stenberg (22 May 2015) +- security: fix "Unchecked return value" from sscanf() + + By (void) prefixing it and adding a comment. Did some minor related + cleanups. - It's by convention, for compatibility and because the comments say so. - Just mabe someone have written a test like "#if HAVE_XX==1" + Coverity CID 1299423. -- [Jakub Zakrzewski brought this change] +- security: simplify choose_mech + + Coverity CID 1299424 identified dead code because of checks that could + never equal true (if the mechanism's name was NULL). + + Simplified the function by removing a level of pointers and removing the + loop and array that weren't used. - Cmake: Require at least CMake 2.8. +- RTSP: catch attempted unsupported requests better + + Replace use of assert with code that properly catches bad input at + run-time even in non-debug builds. - CMake 2.6 is already a bit old. Many bugs have been fixed since - its release. We use 2.8 in our company and we have no intention - of polluting our environment with old software, so 2.6 would - not be tested. This shouldn't be a problem since all one need - to build CMake from source is C and C++ compiler. + This flaw was sort of detected by Coverity CID 1299425 which claimed the + "case RTSPREQ_NONE" was dead code. -- disconnect: don't touch easy-related state on disconnects +- share_init: fix OOM crash - This was done to make sure NTLM state that is bound to a connection - doesn't survive and gets used for the subsequent request - but - disconnects can also be done to for example make room in the connection - cache and thus that connection is not strictly related to the easy - handle's current operation. + A failed calloc() would lead to NULL pointer use. + + Coverity CID 1299427. + +- parse_proxy: switch off tunneling if non-HTTP proxy - The http authentication state is still kept in the easy handle since all - http auth _except_ NTLM is connection independent and thus survive over - multiple connections. + non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL - Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html - Reported-by: Paras S + Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html + Reported-by: Sean Boudreau -- curl.1: clarify --limit-rate's effect on both directions +- curl: fix potential NULL dereference - Bug: http://curl.haxx.se/bug/view.cgi?id=1414 - Reported-by: teo8976 + Coverity CID 1299428: Dereference after null check (FORWARD_NULL) -- curl.1: mention the --post30x options within the --location desc +- http2: on_frame_recv: return early on stream 0 + + Coverity CID 1299426 warned about possible NULL dereference otherwise, + but that would only ever happen if we get invalid HTTP/2 data with + frames for stream 0. Avoid this risk by returning early when stream 0 is + used. -Dan Fandrich (22 Aug 2014) -- sasl: Fixed a memory leak on OOM +- http: removed self assignment + + Follow-up fix from b0143a2a33f0 + + Detected by coverity. CID 1299429 -Daniel Stenberg (22 Aug 2014) -- [Frank Meier brought this change] +- [Tatsuhiro Tsujikawa brought this change] - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth + http2: Make HTTP Upgrade work - Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed - since NTLM requires multiple requests that re-use the same connection - for the authentication to work + This commit just add implicitly opened stream 1 to streams hash. + +Jay Satiro (22 May 2015) +- strerror: Change SEC_E_ILLEGAL_MESSAGE description - Solution: Ignore the forbid reuse flag in case the NTLM authentication - handshake is in progress, according to the NTLM state flag. + Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS + and language specific, and invariably translated to something not very + helpful like: "The message received was unexpected or badly formatted." - Fixed known bug #77. - -Steve Holme (22 Aug 2014) -- openssl.c: Fixed longer than 79 columns + Bug: https://github.com/bagder/curl/issues/267 + Reported-by: Michael Osipov -- openssl.c: Fixed compilation warning +- telnet: Fix read-callback change for Windows builds - warning: declaration of 'minor' shadows a global declaration + Refer to b0143a2 for more information on the read-callback change. -Daniel Stenberg (21 Aug 2014) -- [Haris Okanovic brought this change] +Daniel Stenberg (21 May 2015) +- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy! - win32: Fixed WinSock 2 #if - - A conditionally compiled block in connect.c references WinSock 2 - symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef - HAVE_WINSOCK2_H`. +Dan Fandrich (21 May 2015) +- testcurl.pl: allow source to be in an arbitrary directory - Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html + This way, the build directory can be located on an entirely different + filesystem from the source code (e.g. a tmpfs). -- Curl_disconnect: don't free the URL +Daniel Stenberg (20 May 2015) +- read_callback: move to SessionHandle from connectdata - The URL is not a property of the connection so it should not be freed in - the connection disconnect but in the Curl_close() that frees the easy - handle. - - Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html - Reported-by: Paras S + With many easy handles using the same connection for multiplexing, it is + important we store and keep the transfer-oriented stuff in the + SessionHandle so that callbacks and callback data work fine even when + many easy handles share the same physical connection. -- help output: minor whitespace edits +- http2: show stream IDs in decimal - Should've been amended in the previous commit but wasn't due to a - mistake. + It makes them easier to match output from the nghttpd test server. -- [Zearin brought this change] +- [Tatsuhiro Tsujikawa brought this change] - help output: use ≥2 spaces between option and description + http2: Faster http2 upload - ... and some other cleanups + Previously, when we send all given buffer in data_source_callback, we + return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream + temporarily for writing. This itself is good. If this is the sole + stream in the session, nghttp2_session_want_write() returns zero, + which means that libcurl does not check writeability of the underlying + socket. This leads to very slow upload, because it seems curl only + upload 16k something per 1 second. To fix this, if we still have data + to send, call nghttp2_session_resume_data after nghttp2_session_send. + This makes nghttp2_session_want_write() returns nonzero (if connection + window still opens), and as a result, socket writeability is checked, + and upload speed becomes normal. -- FAQ: some actually sometimes get paid... +- [Dmitry Eremin-Solenikov brought this change] -Steve Holme (17 Aug 2014) -- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge + gtls: don't fail on non-fatal alerts during handshake + + Stop curl from failing when non-fatal alert is received during + handshake. This e.g. fixes lots of problems when working with https + sites through proxies. -- sasl_sspi: Renamed GSSAPI mutual authentication parameter +- curl_easy_unescape.3: update RFC reference - ...From "mutual" to "mutual_auth" which better describes what it is. + Reported-by: bsammon + Bug: https://github.com/bagder/curl/issues/282 -- sasl_sspi: Corrected some of the GSSAPI security message error codes +Jay Satiro (20 May 2015) +- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape - Corrected a number of the error codes that can be returned from the - Curl_sasl_create_gssapi_security_message() function when things go - wrong. + .. also correct some variable naming in curl_easy_escape.3 - It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the - inbound security challenge can't be decoded correctly or doesn't - contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when - EncryptMessage() fails. Unfortunately the previous error code of - CURLE_RECV_ERROR was a copy and paste mistakes on my part and should - have been correct in commit 4b491c675f :( + Bug: https://github.com/bagder/curl/issues/281 + Reported-by: bsammon@users.noreply.github.com -- docs: Escaped single backslash +Daniel Stenberg (19 May 2015) +- [Brian Prodoehl brought this change] -- TODO: Updated following GSSAPI (Kerberos V5) additions + openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg - Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other - authentication mechanisms" following recent additions. + BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl + and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and + OpenSSL. - Added SASL 14.2 GSSAPI via GSS-API libraries. + re #275 -- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information - - This repeats what has already been documented in both the curl manpage - and CURLOPT_USERPWD documentation but is provided here for completeness - as someone may not especially read the latter when using libcurl. +Jay Satiro (19 May 2015) +- curl.1: fix missing space in section --data + +Daniel Stenberg (19 May 2015) +- transfer: remove erroneous and misleading comment -- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes +Kamil Dudka (19 May 2015) +- http: silence compile-time warnings without USE_NGHTTP2 - Added information about Kerberos V5 requiring the domain part in the - user name. + Error: CLANG_WARNING: + lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read - Mentioned that the user name can be specified in UPN format, and not - just in Down-Level Logon Name format, following the information - added in commit 7679cb3fa8 reworking the exisitng information in the - process. + Error: COMPILER_WARNING: + lib/http.c: scope_hint: In function ‘http_disconnect’ + lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable] -- docs: Added Kerberos V5 and NTLM domain information to --user - -- docs: Added Kerberos V5 to the --user SSPI current credentials usage +Jay Satiro (19 May 2015) +- transfer: Replace __func__ instances with function name + + .. also make __func__ replacement in multi. + + Prior to this change debug builds would fail to build if the compiler + was building pre-c99 and didn't support __func__. -- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer +Daniel Stenberg (19 May 2015) +- [Viktor Szakats brought this change] -- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI + build: bump version in default nghttp2 paths -- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI +- INTERNALS: we require nghttp2 1.0.0+ now -- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI +Jay Satiro (18 May 2015) +- http: Add some include guards for the new HTTP/2 stuff -- email: Added mutual authentication flag +Daniel Stenberg (18 May 2015) +- http2: store upload state per stream + + Use a curl_off_t for upload left -Daniel Stenberg (15 Aug 2014) -- RELEASE-NOTES: synced with 0187c9e11d079 +- http2: fix build when NOT h2-enabled -- http: fix the Content-Range: parser +- http2: switch to use Curl_hash_destroy() - ... to handle "*/[total]". Also, removed the strange hack that made - CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return - CURLE_OK. + as after 4883f7019d3, the *_clean() function only flushes the hash. + +- curlver: restore LIBCURL_VERSION_NUM defined as a full number - Reported-by: Dimitrios Siganos - Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html + As it breaks configure, curl-config and test 1023 if not. -Steve Holme (14 Aug 2014) -- email: Introduced the GSSAPI states +- [Anthony Avina brought this change] -- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f + hostip: fix unintended destruction of hash table - warning: unused variable 'resp' + .. and added unit1602 for hash.c + +- curlver: introducing new version number (checking) macros + +- runtests.pl: use 'h2c' now, no -14 anymore + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Ignore if we have stream ID not in hash in on_stream_close - warning: no previous prototype for 'Curl_sasl_gssapi_cleanup' + We could get stream ID not in the hash in on_stream_close. For + example, if we decided to reject stream (e.g., PUSH_PROMISE), then we + don't create stream and store it in hash with its stream ID. -- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064 +- [Tatsuhiro Tsujikawa brought this change] + + Require nghttp2 v1.0.0 - * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f + This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0, + and utilize recent version of nghttp2 to simplify the code, - warning: declaration of 'result' shadows a previous local - -- curl_sasl.h: Fixed compilation error from commit 4b491c675f + First we use nghttp2_option_set_no_recv_client_magic function to + detect nghttp2 v1.0.0. That function only exists since v1.0.0. - warning: 'struct kerberos5data' declared inside parameter list + Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and + validates received header field. If it found error, RST_STREAM with + PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize + this feature to simplify libcurl code. This commit does this. - Due to missing forward declaration. + Migration from 0.7 series are done based on nghttp2 migration + document. For libcurl, we removed the code sending first 24 bytes + client magic. It is now done by nghttp2 library. + on_invalid_frame_recv callback signature changed, and is updated + accordingly. + +- http2: infof length in on_frame_send() -- urldata.h: Fixed compilation warnings from commit 3ec253532e +- pipeline: switch some code over to functions - warning: extra tokens at end of #endif directive + ... to "compartmentalize" a bit and make it easier to change behavior + when multiplexing is used instead of good old pipelining. -- sasl_sspi: Added GSSAPI message functions +- symbols-in-versions: add CURLOPT_PIPEWAIT -- urldata: Introduced a GSSAPI (Kerberos V5) data structure +- CURLOPT_PIPEWAIT: added - Added a kerberos5data structure which is similar in nature to the - ntlmdata and negotiatedata structures. + By setting this option to 1 libcurl will wait for a connection to reveal + if it is possible to pipeline/multiplex on before it continues. -- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module - - In preparation for the upcoming SSPI implementation of GSSAPI - authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from - socks_sspi.c to curl_sspi.h allowing it to be shared amongst other - SSPI based code. +- Curl_http_readwrite_headers: minor code simplification -Daniel Stenberg (13 Aug 2014) -- mk-ca-bundle.pl: add missing $ +- IsPipeliningPossible: fixed for http2 -- mk-ca-bundle.pl: switched to using hg.mozilla.org - - ... as mxr.mozilla.org is due to be retired. - - The new host doesn't support If-Modified-Since nor ETags, meaning that - the script will now defer to download and do a post-transfer checksum - check to see if a new output is to be generated. The new output format - will hold the SHA1 checksum of the source file for that purpose. - - We call this version 1.22 +- http2: bump the h2 buffer size to 32K for speed + +- http2: remove the stream from the hash in stream_close callback - Reported-by: Ed Morley - Bug: http://curl.haxx.se/bug/view.cgi?id=1409 + ... and suddenly things work much better! -- [Jose Alf brought this change] +- http2: if there is paused data, do not clear the drain field - openssl: fix version report for the 0.9.8 branch - - Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8, - starting from openssl-0.9.8za. +- http2: rename s/data/pausedata -- [Frank Meier brought this change] +- http2: "stream %x" in all outputs to make it easier to search for - create_conn: prune dead connections +- http2: Curl_expire() all handles with incoming traffic - Bringing back the old functionality that was mistakenly removed when the - connection cache was remade. When creating a new connection, all the - existing ones are checked and those that are known to be dead get - disconnected for real and removed from the connection cache. It helps - the cache from holding on to very many stale connections and aids in - keeping down the number of system sockets in wait states. + ... so that they'll get handled next in the multi loop. + +- http2: don't signal settings change for same values + +- http2: set default concurrency, fix ConnectionExists for multiplex + +- bundles: store no/default/pipeline/multiplex - Help-by: Jonatan Vela + to allow code to act differently on the situation. - Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html + Also added some more info message for the connection re-use function to + make it clearer when connections are not re-used. -Kamil Dudka (11 Aug 2014) -- docs/SSLCERTS: update the section about NSS database +- http2: lazy init header_recvbuf - Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html - Reported-by: David Shaw + It makes us use less memory when not doing HTTP/2 and subsequently also + makes us not have to cleanup HTTP/2 related data when not using HTTP/2! -Daniel Stenberg (11 Aug 2014) -- [Peter Wang brought this change] +- http2: separate multiplex/pipelining + cleanup memory leaks - Curl_poll + Curl_wait_ms: fix timeout return value - - Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check - in commits b61e8b8 and c771968: - - When poll or select are interrupted and coincides with the timeout - elapsing, the functions return -1 indicating an error instead of 0 for - the timeout. +- CURLMOPT_PIPELINE: bit 1 is for multiplexing -Steve Holme (10 Aug 2014) -- config-tpf.h: Fixed up line lengths > 79 characters +- [Tatsuhiro Tsujikawa brought this change] -- config-symbian.h: Fixed up line lengths > 79 characters + http2: Fix bug that data to be drained are overwritten by pending "paused" data + +- [Tatsuhiro Tsujikawa brought this change] -- tool_hugehelp.c.cvs: Added copyright + http2: Don't call nghttp2_session_mem_recv while it is paused by a stream + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Read data left in connection buffer after pause - Added copyright due to warning from checksrc.pl. + Previously when we do pause because of out of buffer, we just throw + away unread data in connection buffer. This just broke protocol + framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this + issue by remembering how much data read, and in the next iteration, we + process remaining data. -- RELEASE-NOTES: Synced with cd6ecf6a89 +- [Tatsuhiro Tsujikawa brought this change] -- sasl_sspi: Fixed hard coded buffer for response generation + http2: Fix streams get stuck - Given the SSPI package info query indicates a token size of 4096 bytes, - updated to use a dynamic buffer for the response message generation - rather than a fixed buffer of 1024 bytes. + This commit fixes the bug that streams get stuck if stream gets some + DATA, and stream->closed becomes true at the same time. Previously, + in this condition, after we processed DATA, we are going to try to + read data from underlying transport, but there is no data, and gets + EAGAIN. There was no code path to evaludate stream->closed. -- sasl_sspi: Fixed missing free of challenge buffer on SPN failure +- http2: store incoming h2 SETTINGS -- http_negotiate_sspi: Tidy up to remove the get_gss_name() function +- pipeline: move function to pipeline.c and make static - Due to the reduction of code in commit 3b924b29 of get_gss_name() the - function isn't necessary anymore. + ... as it was only used from there. -- http_negotiate_sspi: Use a dynamic buffer for SPN generation +- IsPipeliningPossible: http2 can always "pipeline" (multiplex) + +- http2: remove debug logging from on_frame_recv + +- http2: remove the closed check in http2_recv - Updated to use a dynamic buffer for the SPN generation via the recently - introduced Curl_sasl_build_spn() function rather than a fixed buffer of - 1024 characters, which should have been more than enough, but by using - the new function removes the need for another variable sname to do the - wide character conversion in Unicode builds. + With the "drained" functionality we can get here slightly asynchronously + so the stream have have been closed but there is pending data left to + read. -- sasl: Tidy up to rename SPN variable from URI +- http2: bump the h2 buffer to 8K -- sasl: Use a dynamic buffer for SPN generation +- http2: Curl_read should not use the single buffer - Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer - for the SPN generation via the recently introduced Curl_sasl_build_spn() - function rather than a fixed buffer of 128 characters. + ... as it does for pipelining when we're multiplexing, as we need the + different buffers to store incoming data correctly for all streams. + +- http2: more debug outputs -- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds +- http2: leave WAITPERFORM when conn is multiplexed - Curl_sasl_create_digest_md5_message() would simply cast the SPN variable - to a TCHAR when calling InitializeSecurityContext(). This meant that, - under Unicode builds, it would not be valid wide character string. + No need to wait for our "spot" like for pipelining + +- http2: force "drainage" of streams - Updated to use the recently introduced Curl_sasl_build_spn() function - which performs the correct conversion for us. + ... which is necessary since the socket won't be readable but there is + data waiting in the buffer. + +- http2: move the mem+len pair to the stream struct -- sasl: Introduced Curl_sasl_build_spn() for building a SPN +- http2: more stream-oriented data, stream ID 0 is for connections + +- http2: move lots of state data to the 'stream' struct - Various parts of the libcurl source code build a SPN for inclusion in - authentication data. This information is either used by our own native - generation routines or passed to authentication functions in third-party - libraries such as SSPI. However, some of these instances use fixed - buffers rather than dynamically allocated ones and not all of those that - should, convert to wide character strings in Unicode builds. + ... from the connection struct. The stream one being the 'struct HTTP' + which is kept in the SessionHandle struct (easy handle). - Implemented a common function that generates a SPN and performs the - wide character conversion where necessary. + lookup streams for incoming frames in the stream hash, hashing is based + on the stream id and we get the SessionHandle for the incoming stream + that way. -- sasl_sspi: Fixed memory leak with not releasing Package Info struct - - Curl_sasl_create_digest_md5_message() wouldn't free the Package Info - structure after QuerySecurityPackageInfo() had allocated it. +- HTTP: partial start at fixing up hash-lookups on http2 frame receival -- [Michael Osipov brought this change] +- http: a stream hash for h2 multiplexing + +- http: a stream hash for h2 multiplexing + +- http2: debug log when receiving unexpected stream_id - docs: Update SPNEGO and GSS-API related doc sections +- http2: move stream_id to the HTTP struct (per-stream) + +- Curl_http2_setup: only do it once and enable multiplex on the server - Reflect recent changes in SPNEGO and GSS-API code in the docs. - Update them with appropriate namings and remove visible spots for - GSS-Negotiate. + Once we know we are HTTP/2 enabled we know the server can multiplex. -- sspi: Minor code tidy up to standardise coding style +- http: switch on "pipelining" (multiplexing) for HTTP/2 servers - Following the recent changes and in attempt to align the SSPI based - authentication code performed the following: + ... and do not blacklist any. + +- README.pipelining: removed - * Use NULL and SECBUFFVERSION rather than hard coded constants. - * Avoid comparison of zero in if statements. - * Standardised the buf and desc setup code. + All the details mentioned here are better documented in man pages -- schannel: Fixed compilation warning in vtls.c +Dan Fandrich (14 May 2015) +- build: removed bundles.c from make files - vtls.c:688:43: warning: unused parameter 'data' + This file was removed in commit fd137786 + +Daniel Stenberg (14 May 2015) +- Curl_conncache_add_conn: fix memory leak on OOM -- tool_getparam.c: Fixed compilation warning +- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number + +- conncache: keep bundles on host+port bases, not only host names - warning: `orig_opt' might be used uninitialized in this function + Previously we counted all connections to a specific host name and that + would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, + while servers on different port numbers are normally considered + different "origins" on the web and should thus be considered different + hosts. -- RELEASE-NOTES: Synced with 159c3aafd8 +- bundles: merged into conncache.c + + All the existing Curl_bundle* functions were only ever used from within + the conncache.c file, so I moved them over and made them static (and + removed the Curl_ prefix). -Daniel Stenberg (8 Aug 2014) -- curl_ntlm_msgs: make < 80 columns wide +- hostcache: made all host caches use structs, not pointers + + This avoids unnecessary dynamic allocs and as this also removed the last + users of *hash_alloc() and *hash_destroy(), those two functions are now + removed. -Steve Holme (8 Aug 2014) -- ntlm: Fixed hard coded buffer for SSPI based auth packet generation +- multi: converted socket hash into non-allocated struct - Given the SSPI package info query indicates a token size of 2888 bytes, - and as with the Winbind code and commit 9008f3d56, use a dynamic buffer - for the Type-1 and Type-3 message generation rather than a fixed buffer - of 1024 bytes. + avoids extra dynamic allocation -- ntlm: Added support for SSPI package info query +- connection cache: avoid Curl_hash_alloc() - Just as with the SSPI implementations of Digest and Negotiate added a - package info query so that libcurl can a) return a more appropriate - error code when the NTLM package is not supported and b) it can be of - use later to allocate a dynamic buffer for the Type-1 and Type-3 - output tokens rather than use a fixed buffer of 1024 bytes. + ... by using plain structs instead of pointers for the connection cache, + we can avoid several dynamic allocations that weren't necessary. -Daniel Stenberg (7 Aug 2014) -- http2: added some more logging for debugging stream problems +- proxy: add newline to info message -- [Tatsuhiro Tsujikawa brought this change] +Patrick Monnerat (8 May 2015) +- FTP: fix dangling conn->ip_addr dereference on verbose EPSV. - HTTP/2: Reset promised stream, not its associated stream. +- FTP: Make EPSV use the control IP address rather than the original host. + This ensures an alternate address is not used. + Does not apply to proxy tunnel. -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (8 May 2015) +- [Alessandro Ghedini brought this change] - HTTP/2: Move :authority before non-pseudo header fields + tool_help: fix formatting for --next option -- http2: show the received header for better debugging +- [Egon Eckert brought this change] -- openssl: replace call to OPENSSL_config + opts: improved the TCP keepalive examples + +Jay Satiro (8 May 2015) +- winbuild: Document the option used to statically link the CRT - OPENSSL_config() is "strongly recommended" to use but unfortunately that - function makes an exit() call on wrongly formatted config files which - makes it hard to use in some situations. OPENSSL_config() itself calls - CONF_modules_load_file() and we use that instead and we ignore its - return code! + - Document option RTLIBCFG (runtime library configuration). - Reported-by: Jan Ehrhardt - Bug: http://curl.haxx.se/bug/view.cgi?id=1401 + Bug: https://github.com/bagder/curl/issues/254 + Reported-by: Bert Huijben -Dan Fandrich (7 Aug 2014) -- [Fabian Keil brought this change] +- [Orgad Shaneh brought this change] - runtests.pl: Pad test case numbers with up to three zeroes + netrc: Read in text mode when cygwin + + Use text mode when cygwin to eliminate trailing carriage returns. - Test case numbers with four digits have been available for a - while now. + Bug: https://github.com/bagder/curl/pull/258 -Steve Holme (7 Aug 2014) -- docs: Added Negotiate to the SSPI current credentials usage description +Patrick Monnerat (5 May 2015) +- OS400: Add SPNEGO service name options to ILE/RPG binding. + +Daniel Stenberg (4 May 2015) +- curl_multi_info_read.3: fix typo + + Reported-by: Liviu Chircu -- TODO: HTTP Digest via Windows SSPI +- MANUAL: language fix + + Reported-by: Fred Stluka + Bug: https://github.com/bagder/curl/issues/255 -- TODO: FTP GSSAPI via Windows SSPI +- [Alessandro Ghedini brought this change] -- http_negotiate_sspi: Fixed specific username and password not working + gtls: properly retrieve certificate status - Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html - Reported-by: Leonardo Rosati + Also print the revocation reason if appropriate. -- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8 +- OpenSSL: conditional check for SSL3_RT_HEADER + + The symbol is fairly new. - If the server rejects our authentication attempt and curl hasn't - called CompleteAuthToken() then the status variable will be - SEC_I_CONTINUE_NEEDED and not SEC_E_OK. + Reported-by: Kamil Dudka + +- openssl: skip trace outputs for ssl_ver == 0 - As such the existing detection mechanism for determining whether or not - the authentication process has finished is not sufficient. + The OpenSSL trace callback is wonderfully undocumented but given a + journey in the source code, it seems the cases were ssl_ver is zero + doesn't follow the same pattern and thus turned out confusing and + misleading. For now, we skip doing any CURLINFO_TEXT logging on those + but keep sending them as CURLINFO_SSL_DATA_OUT/IN. - However, the WWW-Authenticate: Negotiate header line will not contain - any data when the server has exhausted the negotiation, so we can use - that coupled with the already allocated context pointer. + Also, I added direction to the text info and I edited some functions + slightly. + + Bug: https://github.com/bagder/curl/issues/219 + Reported-by: Jay Satiro, Ashish Shukla + +Marc Hoersken (2 May 2015) +- schannel.c: Small changes -Daniel Stenberg (5 Aug 2014) -- RELEASE-NOTES: synced with 5b37db44a3eb +- schannel.c: Improve code path and readability -Dan Fandrich (5 Aug 2014) -- parsedate.c: fix the return code for an overflow edge condition +- schannel.c: Improve error and return code handling upon aa99a63f03 -Daniel Stenberg (5 Aug 2014) -- [Toby Peterson brought this change] +- [Chris Araman brought this change] - darwinssl: don't use strtok() + schannel: fix regression in schannel_recv + + https://github.com/bagder/curl/issues/244 - The GetDarwinVersionNumber() function uses strtok, which is not - thread-safe. + Commit 145c263 changed the behavior when Curl_read_plain returns + CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED + correctly. -- Curl_ossl_version: adapted to detect BoringSSL +- Bug born in changes made several days ago 9a91e80. - This seems to be the way it should work. Right now we can't build with - BoringSSL and try this out properly due to a minor API breakage. + Commit: https://github.com/bagder/curl/commit/926cb9f + Reported-by: Ray Satiro + +Daniel Stenberg (30 Apr 2015) +- [Michael Osipov brought this change] -- Curl_ossl_version: detect and show libressl + configure: remove missing and make it autogenerate - LibreSSL is otherwise OpenSSL API compliant (so far) + The missing file has not been autogenerated because a temporary fix was + employed in acinclude.m4 which blocked update. Removed that fix and a recent + version of missing is copied to build root. -- [Tatsuhiro Tsujikawa brought this change] +- [Michael Osipov brought this change] - HTTP/2: Fix infinite loop in readwrite_data() + acinclude.m4: fix test for default CA cert bundle/path - To prevent infinite loop in readwrite_data() function when stream is - reset before any response body comes, reset closed flag to false once - it is evaluated to true. + test(1) on HP-UX requires a single equals sign and fails with two. + Let's use one and make every OS happy. -Dan Fandrich (3 Aug 2014) -- gtls: only define Curl_gtls_seed if Nettle is not being used +- CONTRIBUTING.md: remove the sourceforge mention + + Reported-By: Michael Osipov -- ssl: provide Curl_ssl_backend even if no SSL library is available +Dan Fandrich (30 Apr 2015) +- http_negotiate_sspi: added missing data variable -Daniel Stenberg (2 Aug 2014) -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (30 Apr 2015) +- [Michael Osipov brought this change] - HTTP2: Support expect: 100-continue + configure: remove --automake from libtoolize call - "Expect: 100-continue", which was once deprecated in HTTP/2, is now - resurrected in HTTP/2 draft 14. This change adds its support to - HTTP/2 code. This change also includes stricter header field - checking. - -- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it + That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4. + Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility". + + This option is redundant now. -- FEATURES: minor update +- [Viktor Szakats brought this change] -- openssl: make ossl_send return CURLE_OK better + build: update depedency versions, urls, example makefiles - Previously it only returned a CURLcode for errors, which is when it - returns a different size than what was passed in to it. + - update default versions of dependencies (except for rare/old platforms) + - update urls + - sync examples makefiles with main ones + - remove line ending space + +- [Michael Osipov brought this change] + + configure: remove autogenerated files by autoconf - The http2 code only checked the curlcode and thus failed. + * install-sh is always regenerated + * mkinstalldirs was already redudant years ago. Automake uses install for + that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html -- RELEASE-NOTES: synced with 7bb4c8cadb5d0 +- [Anders Bakken brought this change] -- [Michael Wallner brought this change] + curl_multi_add_handle: next is already NULL - CURLOPT_HEADEROPT.3: typo: do -> to +Jay Satiro (30 Apr 2015) +- schannel: Fix out of bounds array + + Bug born in changes made several days ago 9a91e80. + + Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html + Reported-by: Brian Chrisman -- [Marcel Raad brought this change] +- docs/libcurl: gitignore libcurl-symbols.3 + + Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html + Reported-by: Michael Osipov - schannel: use CryptGenRandom for random numbers +- [Viktor Szakats brought this change] + + lib/makefile.m32: add arch -m32/-m64 to LDFLAGS - This function is available for every Windows version since Windows 95/NT. + This fixes using a multi-target mingw distro to build curl .dll for the + non-default target. + (mirroring the same patch present in src/makefile.m32) + +Daniel Stenberg (29 Apr 2015) +- RELEASE-NOTES: synced with cd39b944afc - reference: - http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx + I've not mentioned the bug fixes that were shipped in 7.42.1 from the + 7_42 branch. + +- THANKS: merged from the 7.42.1 release -- curl_version_info.3: 'ssl_version_num' is always 0 +- CURLOPT_HEADEROPT: default to separate - ... and has been so since 2005 + Make the HTTP headers separated by default for improved security and + reduced risk for information leakage. + + Bug: http://curl.haxx.se/docs/adv_20150429.html + Reported-by: Yehezkel Horowitz, Oren Souroujon + +Linus Nielsen (28 Apr 2015) +- docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation -- ssl: generalize how the ssl backend identifier is set +Daniel Stenberg (28 Apr 2015) +- hash: simplify Curl_str_key_compare() + +- dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME + +- [Linus Nielsen brought this change] + + Negotiate: custom service names for SPNEGO. - Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS - one which was missing previously. + * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. + * Add new curl options, --proxy-service-name and --service-name. -Dan Fandrich (31 Jul 2014) -- axtls: define curlssl_random using axTLS's PRNG +- http2: unify http_conn variable names to 'c' -- cyassl: fix the test for ASN_NO_SIGNER_E +- ConnectionExists: call it multi-use instead of pipelining - It's an enum so a macro test won't work. The CyaSSL changelog doesn't - say exactly when this error code was introduced, but it's likely - to be 2.7.0. + So that it fits HTTP/2 as well -- cyassl: use RNG_GenerateBlock to generate a good random number +Kamil Dudka (27 Apr 2015) +- [Paul Howarth brought this change] -- opts: fixed some typos + nss: fix compilation failure with old versions of NSS + + Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html -- smtp: fixed a segfault during test 1320 torture test +Daniel Stenberg (27 Apr 2015) +- sws: init http2 state properly - Under these circumstances, the connection hasn't been fully established - and smtp_connect hasn't been called, yet smtp_done still calls the state - machine which dereferences the NULL conn pointer in struct pingpong. + It would otherwise cause problems when running tests after 1801 etc. -Daniel Stenberg (30 Jul 2014) -- vtls: repair build without TLS support +- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION - ... by defining Curl_ssl_random() properly + ... as it was previouly undocumented what the pointer was. -- polarssl: provide a (weak) random function +- runtests: use a DISABLED.local file too - This now provides a weak random function since PolarSSL doesn't have a - quick and easy way to provide a good one. It does however provide the - framework to make one so it _can_ and _should_ be done... + ... and have git ignore that. Allows for a dev to add tests to ignore in + local tests and yet don't obstruct a normal git work flow. -- [Michael Wallner brought this change] +Marc Hoersken (26 Apr 2015) +- schannel.c: Fix typo introduced with 3447c973d0 - curl_tlsinfo -> curl_tlssessioninfo +- schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error + + Reported-by: Brian Chrisman -- cyassl: use the default (weeker) random +Daniel Stenberg (26 Apr 2015) +- schannel: re-indented file to follow curl style better - I couldn't find any dedicated function in its API to get a "good" random - with. + white space changes only -- cyassl: made it compile with version 2.0.6 again +- Curl_ossl_init: load builtin modules + + To have engine modules work, we must tell openssl to load builtin + modules first. - ASN_NO_SIGNER_E didn't exist back then! + Bug: https://github.com/bagder/curl/pull/206 -- vtls: make the random function mandatory in the TLS backend +- configure: follow-up fix for krb5-config - To force each backend implementation to really attempt to provide proper - random. If a proper random function is missing, then we can explicitly - make use of the default one we use when TLS support is missing. + commit 5b66860652 was incomplete so here's a follow-up fix - This commit makes sure it works for darwinssl, gnutls, nss and openssl. + Reported-by: Dagobert Michelsen + Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 -- libcurl.m4: include the standard source header +- openssl: fix serial number output + + The code extracting the cert serial number was broken and didn't display + it properly. - ... with permission from David Shaw + Bug: https://github.com/bagder/curl/issues/235 + Reported-by: dkjjr89 -Kamil Dudka (28 Jul 2014) -- nss: do not check the version of NSS at run time +- [Grant Pannell brought this change] + + sasl_sspi: Populate domain from the realm in the challenge + + Without this, SSPI based digest auth was broken. - The minimal required version of NSS is 3.14.x so it does not make sense - to check for NSS 3.12.0+ at run time. + Bug: https://github.com/bagder/curl/pull/141.patch -Daniel Stenberg (28 Jul 2014) -- [Anthon Pang brought this change] +Jay Satiro (25 Apr 2015) +- [Anthony Avina brought this change] - curl.h: bring back CURLE_OBSOLETE16 + tool: New option --data-raw to HTTP POST data, '@' allowed. + + Add new option --data-raw which is almost the same as --data but does + not have a special interpretation of the @ character. - Removing defines, even obsolete ones that haven't been used for a very - long time, still break a lot of applications. + Prior to this change there was no (easy) way to pass the @ character as + the first character in POST data without it being interpreted as a + special character. - Bug: https://github.com/bagder/curl/pull/106 + Bug: https://github.com/bagder/curl/issues/198 + Reported-by: Jens Rantil -Dan Fandrich (26 Jul 2014) -- [Fabian Keil brought this change] +Dan Fandrich (25 Apr 2015) +- test2039: fixed line endings that caused a test failure - tests: Fix a couple of incomplete response lines +Daniel Stenberg (24 Apr 2015) +- [Viktor Szakats brought this change] -- [Fabian Keil brought this change] + netrc: add unit tests for 'default' support - runtests.pl: Remove filteroff() which hasn't been used since 2001 +- [Viktor Szakats brought this change] -- [Fabian Keil brought this change] + netrc: support 'default' token + + The 'default' token has no argument and means to match _any_ domain. + It must be placed last if there are 'machine ' tokens in the same file. + + See full description here: + https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html - runtests.pl: Don't expect $TESTDIR/DISABLED to exist +- ROADMAP.md: extended the HTTP/2 section, reformatted - If a non-standard $TESTDIR is used the file may not be necessary. + Elaborated on several of the remaining HTTP/2 parts and made document + use a format that ends up nicer on the web page: + http://curl.haxx.se/dev/roadmap.html + +Kamil Dudka (23 Apr 2015) +- curl -z: do not write empty file on unmet condition - Previously a "missing" file resulted in the warning: - readline() on closed filehandle D at ./runtests.pl line 4940. + This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. + It also introduces a regression test 1424 based on tests 78 and 1423. + + Reported-by: Viktor Szakats + Bug: https://github.com/bagder/curl/issues/237 -- [Fabian Keil brought this change] +Dan Fandrich (23 Apr 2015) +- tool: fixed a comment typo - getpart.pm: Fix a comment typo +- README: convert to UTF-8 -Daniel Stenberg (25 Jul 2014) -- c-ares: fix build without IPv6 support +Jay Satiro (22 Apr 2015) +- cyassl: Implement public key pinning - Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html - Reported-by: Spork Schivago + Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc. + +Dan Fandrich (22 Apr 2015) +- [Alessandro Ghedini brought this change] + + curl.1: fix typo + +Kamil Dudka (22 Apr 2015) +- docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too -- Curl_base64url_encode: unit-tested in 1302 +- tests/unit/.gitignore: hide unit1601 and above, too -- base64: added Curl_base64url_encode() +Daniel Stenberg (22 Apr 2015) +- connectionexists: follow-up to fd9d3a1ef1f - This is now used by the http2 code. It has two different symbols at the - end of the base64 table to make the output "url safe". + PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not + enabled. - Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62 + Mistake-caught-by: Kamil Dudka -- [Marcel Raad brought this change] - - SSPI Negotiate: Fix 3 memory leaks +- connectionexists: fix build without NTLM + + Do not access NTLM-specific struct fields when built without NTLM + enabled! - Curl_base64_decode allocates the output string by itself and two other - strings were not freed either. + bug: http://curl.haxx.se/?i=231 + Reported-by: Patrick Rapin -- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated +- bump: start working toward 7.43.0 -- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore +Kamil Dudka (22 Apr 2015) +- nss: implement public key pinning for NSS backend + + Bug: https://bugzilla.redhat.com/1195771 -- [Sergey Nikulov brought this change] +Daniel Stenberg (22 Apr 2015) +- dist: include {src,lib}/checksrc.whitelist - libtest: fixed duplicated line in Makefile - - Bug: https://github.com/bagder/curl/pull/105 +Version 7.42.0 (22 Apr 2015) -Patrick Monnerat (23 Jul 2014) -- GSSAPI: remove useless *_MECHANISM defines. +Daniel Stenberg (22 Apr 2015) +- RELEASE-NOTES: updated for 7.42.0 -Daniel Stenberg (23 Jul 2014) -- findprotocol: show unsupported protocol within quotes - - ... to aid when for example prefixed with a space or other weird - character. +- THANKS: added contributors from 7.42.0 release notes -Patrick Monnerat (23 Jul 2014) -- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date. +- THANKS-filter: a few more alterations to squash -Daniel Stenberg (23 Jul 2014) -- [Marcel Raad brought this change] +- contrithanks.sh: helper script for maintaining THANKS - conncache: fix compiler warning +- http_done: close Negotiate connections when done - warning C4267: '=' : conversion from 'size_t' to 'long', possible loss - of data + When doing HTTP requests Negotiate authenticated, the entire connnection + may become authenticated and not just the specific HTTP request which is + otherwise how HTTP works, as Negotiate can basically use NTLM under the + hood. curl was not adhering to this fact but would assume that such + requests would also be authenticated per request. - The member connection_id of struct connectdata is a long (always a - 32-bit signed integer on Visual C++) and the member next_connection_id - of struct conncache is a size_t, so one of them should be changed to - match the other. + CVE-2015-3148 - This patch the size_t in struct conncache to long (the less invasive - change as that variable is only ever used in a single code line). - - Bug: http://curl.haxx.se/bug/view.cgi?id=1399 + Bug: http://curl.haxx.se/docs/adv_20150422B.html + Reported-by: Isaac Boukris -- RELEASE-NOTES: synced with 81cd24adb8b +- fix_hostname: zero length host name caused -1 index offset + + If a URL is given with a zero-length host name, like in "http://:80" or + just ":80", `fix_hostname()` will index the host name pointer with a -1 + offset (as it blindly assumes a non-zero length) and both read and + assign that address. + + CVE-2015-3144 + + Bug: http://curl.haxx.se/docs/adv_20150422D.html + Reported-by: Hanno Böck -- http2: more and better error checking +- cookie: cookie parser out of boundary memory access + + The internal libcurl function called sanitize_cookie_path() that cleans + up the path element as given to it from a remote site or when read from + a file, did not properly validate the input. If given a path that + consisted of a single double-quote, libcurl would index a newly + allocated memory area with index -1 and assign a zero to it, thus + destroying heap memory it wasn't supposed to. - 1 - fixes the warnings when built without http2 support + CVE-2015-3145 - 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 - basically when they are about http2 specific things. + Bug: http://curl.haxx.se/docs/adv_20150422C.html + Reported-by: Hanno Böck -Dan Fandrich (23 Jul 2014) -- cyassl.c: return the correct error code on no CA cert +- ConnectionExists: for NTLM re-use, require credentials to match - CyaSSL 3.0.0 returns a unique error code if no CA cert is available, - so translate that into CURLE_SSL_CACERT_BADFILE when peer verification - is requested. + CVE-2015-3143 + + Bug: http://curl.haxx.se/docs/adv_20150422A.html + Reported-by: Paras Sethia + +Jay Satiro (21 Apr 2015) +- [byronhe brought this change] -Daniel Stenberg (23 Jul 2014) -- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 + openssl: add OPENSSL_NO_SSL3_METHOD check -- test1013.pl: remove SPNEGO/GSS-API tweaks +Daniel Stenberg (20 Apr 2015) +- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc - No longer necessary after Michael Osipov's rework + Bug: https://github.com/bagder/curl/issues/229 + Reported-by: bsammon -- http_negotiate: remove unused variable +Kamil Dudka (20 Apr 2015) +- [Mostyn Bramley-Moore brought this change] -- [Michael Osipov brought this change] + configure --with-nss: remove unneeded libs from the fallback - docs: Improve inline GSS-API naming in code documentation +Daniel Stenberg (20 Apr 2015) +- contributors.sh: fix help output, filter out (-prefix from names -- [Michael Osipov brought this change] +- RELEASE-NOTES: synced with cc0e7ebc3be0 - curl.h/features: Deprecate GSS-Negotiate macros due to bad naming - - - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - - CURL_VERSION_GSSNEGOTIATE is deprecated which - is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and - CURUL_VERSION_SPNEGO now. - - Remove display of feature 'GSS-Negotiate' +- [Michael Stapelberg brought this change] -- [Michael Osipov brought this change] + CURLMOPT_TIMERFUNCTION.3: Clarify, add an example - configure/features: Add feature and version info for GSS-API and SPNEGO +- [Viktor Szakáts brought this change] -- [Michael Osipov brought this change] + vtls/openssl: use https in URLs and a comment typo fixed - HTTP: Remove checkprefix("GSS-Negotiate") +- curl_version_info.3: fixed the 'protocols' variable type - That auth mech has never existed neither on MS nor on Unix side. - There is only Negotiate over SPNEGO. + Reported-by: John Marshall + Bug: https://github.com/bagder/curl/issues/225 -- [Michael Osipov brought this change] +Dan Fandrich (18 Apr 2015) +- test1423: added missing "file" to server section - curl_gssapi: Add macros for common mechs and pass them appropriately +Daniel Stenberg (17 Apr 2015) +- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods - Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from - HTTP, FTP and SOCKS on Unix + ... and some minor edits -- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design +- Revert "HTTP: don't abort connections with pending Negotiate authentication" - This reverts commit cb3e6dfa3511 and instead fixes the problem - differently. + This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. - The reverted commit addressed a test failure in test 1021 by simplifying - and generalizing the code flow in a way that damaged the - performance. Now we modify the flow so that Curl_proxyCONNECT() again - does as much as possible in one go, yet still do test 1021 with and - without valgrind. It failed due to mistakes in the multi state machine. + Bug: https://github.com/bagder/curl/issues/223 + Reported-by: Michael Osipov + +Jay Satiro (17 Apr 2015) +- cyassl: Fix include order + + Prior to this change CyaSSL's build options could redefine some generic + build symbols. - Bug: http://curl.haxx.se/bug/view.cgi?id=1397 - Reported-by: Paul Saab + http://curl.haxx.se/mail/lib-2015-04/0069.html -- [Marcel Raad brought this change] +Kamil Dudka (17 Apr 2015) +- configure --with-nss: drop redundant if statement - url.c: use the preferred symbol name: *READDATA +- configure --with-nss=PATH: query pkg-config if available - with CURL_NO_OLDIES defined, it doesn't compile because this deprecated - symbol (*INFILE) is used + Bug: https://github.com/bagder/curl/pull/171 + +Daniel Stenberg (17 Apr 2015) +- parsecfg: do not continue past a zero termination - Bug: http://curl.haxx.se/bug/view.cgi?id=1398 + When a config file line ends without newline, the parsing function could + continue reading beyond that point in memory. + + Reported-by: Hanno Böck -Dan Fandrich (19 Jul 2014) -- [Alessandro Ghedini brought this change] +Jay Satiro (16 Apr 2015) +- gitignore: Ignore Windows build output directories - CURLOPT_CHUNK_BGN_FUNCTION: fix typo +Daniel Stenberg (15 Apr 2015) +- RELEASE-NOTES: synced with 1ba6e4c88e0 -Kamil Dudka (18 Jul 2014) -- [Alessandro Ghedini brought this change] +- TODO: 17.9 Choose the name of file in braces for complex URLs - build: link curl to NSS libraries when NSS support is enabled - - This fixes a build failure on Debian caused by commit - 24c3cdce88f39731506c287cb276e8bf4a1ce393. - - Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html +- TODO: a little caution that maybe not all ideas are still good -Steve Holme (17 Jul 2014) -- build: Removed unnecessary XML Documentation file directive from VC8 to VC12 - - The curl tool project files for VC8 to VC12 would set this setting to - $(IntDir) which is the Visual Studio default value. To avoid confusion - when viewing settings from within Visual Studio and for consistency - with the libcurl project files removed this setting. - - Conflicts: - projects/Windows/VC10/src/curlsrc.tmpl - projects/Windows/VC11/src/curlsrc.tmpl - projects/Windows/VC12/src/curlsrc.tmpl - projects/Windows/VC8/src/curlsrc.tmpl - projects/Windows/VC9/src/curlsrc.tmpl - -- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12 - - The curl tool project files for VC7 to VC12 would set this settings to - $(IntDir)$(TargetName).pch which is the Visual Studio default value. To - avoid confusion when viewing settings from within Visual Studio and for - consistency with the libcurl project files removed this setting. - - Conflicts: - projects/Windows/VC10/src/curlsrc.tmpl - projects/Windows/VC11/src/curlsrc.tmpl - projects/Windows/VC12/src/curlsrc.tmpl - projects/Windows/VC8/src/curlsrc.tmpl - projects/Windows/VC9/src/curlsrc.tmpl - -- build: Removed unnecessary ASM and Object file directives in VC7 to VC12 - - The curl tool project files for VC7 to VC12 would set these settings to - $(IntDir) which is the Visual Studio default value. To avoid confusion - when viewing settings from within Visual Studio and for consistency - with the libcurl project files removed these two settings. +- TODO: 17.8 offer color-coded HTTP header output -Daniel Stenberg (17 Jul 2014) -- [Dave Reisner brought this change] +- TODO: 17.7 warning when sending binary output to terminal - src/Makefile.am: add .DELETE_ON_ERROR - - This prevents targets like tool_hugehelp.c from leaving around - half-constructed files if the rule fails with GNU make. - - Reported-by: Rafaël Carré +- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes + +Jay Satiro (14 Apr 2015) +- cyassl: Add support for TLS extension SNI + +Daniel Stenberg (13 Apr 2015) +- [Matthew Hall brought this change] + + gitignore: ignore test-driver file + +- [Matthew Hall brought this change] -- THANKS: added new contributors from 7.37.1 announcement + vtls_openssl: improve PKCS#12 load failure error message -Dan Fandrich (17 Jul 2014) -- testcurl.pl: log the value of --runtestopts in the test header +- [Matthew Hall brought this change] -Daniel Stenberg (16 Jul 2014) -- RELEASE-NOTES: cleared, working towards next release + vtls_openssl: fix minor typo in PKCS#12 load routine -- curl_gssapi.c: make line shorter than 80 columns +- [Matthew Hall brought this change] -- [David Woodhouse brought this change] + vtls_openssl: improve client certificate load failure error messages - Fix negotiate auth to proxies to track correct state +- [Matthew Hall brought this change] -- [David Woodhouse brought this change] + vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant - Don't abort Negotiate auth when the server has a response for us +- BUGS: refer to the github issue tracker now as primary + +- firefox-db2pem: fix wildcard to find Firefox default profile - It's wrong to assume that we can send a single SPNEGO packet which will - complete the authentication. It's a *negotiation* — the clue is in the - name. So make sure we handle responses from the server. + At some point, Firefox has changed and generates different directory + names for the default profile that made this script fail to find them. - Curl_input_negotiate() will already handle bailing out if it thinks the - state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps - talking to us, so we should avoid endless loops that way. + Bug: https://github.com/bagder/curl/issues/207 + Reported-by: sneakyimp -- [David Woodhouse brought this change] +Jay Satiro (11 Apr 2015) +- cyassl: Include the CyaSSL build config + + CyaSSL >= 2.6.0 may have an options.h that was generated during + its build by configure. - Don't clear GSSAPI state between each exchange in the negotiation +- build: Generate source prerequisites for Visual Studio in generate.bat - GSSAPI doesn't work very well if we forget everything ever time. + Prior to this change Visual Studio builds could fail due to missing + prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. - XX: Is Curl_http_done() the right place to do the final cleanup? + http://curl.haxx.se/mail/lib-2015-04/0034.html -- [David Woodhouse brought this change] +Daniel Stenberg (9 Apr 2015) +- [Viktor Szakats brought this change] - Use SPNEGO for HTTP Negotiate + lib/makefile.m32: add missing libs to build libcurl.dll - This is the correct way to do SPNEGO. Just ask for it - - Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket - isn't available. Of course, we bail out when the server responds with the - challenge packet, since we don't expect that. But I'll fix that bug next... + Add 'gdi32' and 'crypt32' Windows implibs to avoid failure + while building libcurl.dll using the mingw compiler. + The same logic is used in 'src/makefile.m32' when + building curl.exe. -- [David Woodhouse brought this change] +Kamil Dudka (8 Apr 2015) +- test142[23]: verify that an empty file is stored on success - Remove all traces of FBOpenSSL SPNEGO support +- src/tool_operate: create output file on successful download - This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which - allows client and server to negotiate the underlying mechanism which will - actually be used to authenticate. This is *often* Kerberos, and can also - be NTLM and other things. And to complicate matters, there are various - different OIDs which can be used to specify the Kerberos mechanism too. + ... of an empty file - A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, - and will exchange GSSAPI tokens which are appropriate for that mechanism. + Bug: https://github.com/bagder/curl/issues/183 + +- src/tool_cb_wrt: separate fnc for output file creation + +Daniel Stenberg (7 Apr 2015) +- [Da-Yoon Chung brought this change] + + lib/transfer.c: Remove factor of 8 from sleep time calculation - But this SPNEGO implementation just strips the incoming SPNEGO packet - and extracts the token, if any. And completely discards the information - about *which* mechanism is being used. Then we *assume* it was Kerberos, - and feed the token into gss_init_sec_context() with the default - mechanism (GSS_S_NO_OID for the mech_type argument). + The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and + rate_bps are both in bytes. When using the rate limiting option, curl + waits 8 times too long, and then transfers very quickly until the + average rate reaches the limit. The average rate follows the limit over + time, but the actual traffic is bursty. - Furthermore... broken as this code is, it was never even *used* for input - tokens anyway, because higher layers of curl would just bail out if the - server actually said anything *back* to us in the negotiation. We assume - that we send a single token to the server, and it accepts it. If the server - wants to continue the exchange (as is required for NTLM and for SPNEGO - to do anything useful), then curl was broken anyway. + Thanks-to: Benjamin Gilbert + +- [Jay Satiro brought this change] + + x509asn1: Silence x64 loss-of-data warning on RSA key length assignment - So the only bit which actually did anything was the bit in - Curl_output_negotiate(), which always generates an *initial* SPNEGO - token saying "Hey, I support only the Kerberos mechanism and this is its - token". + The key length in bits will always fit in an unsigned long so the + loss-of-data warning assigning the result of x64 pointer arithmetic to + an unsigned long is unnecessary. + +- [Jay Satiro brought this change] + + cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size - You could have done that by manually just prefixing the Kerberos token - with the appropriate bytes, if you weren't going to do any proper SPNEGO - handling. There's no need for the FBOpenSSL library at all. + Also fix it so that all ERR_error_string calls use an error buffer. + CyaSSL's implementation of ERR_error_string only writes the error when + an error buffer is passed. - The sane way to do SPNEGO is just to *ask* the GSSAPI library to do - SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() - is for. And then it should all Just Work™. + http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html + +- [Jay Satiro brought this change] + + cyassl: Remove 'Connecting to' message from cyassl_connect_step2 - That 'sane way' will be added in a subsequent patch, as will bug fixes - for our failure to handle any exchange other than a single outbound - token to the server which results in immediate success. + Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' + messages since cyassl_connect_step2 is called multiple times, typically. + The message is superfluous even once since libcurl already informs the + user elsewhere in code that it is connecting. -- [David Woodhouse brought this change] +- [Viktor Szakats brought this change] - ntlm_wb: Avoid invoking ntlm_auth helper with empty username + checksrc.bat: quotes to support an SRC_DIR with spaces + +- hostip: fix compiler warnings + + introduced in the previous mini-series of 3 commits -- [David Woodhouse brought this change] +- [Stefan Bühler brought this change] - ntlm_wb: Fix hard-coded limit on NTLM auth packet size + actually implement CURLOPT_RESOLVE removals - Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit - a hard limit once let's just make it cope by reallocating as necessary. + - also log when a CURLOPT_RESOLVE entry couldn't get parsed -Version 7.37.1 (16 Jul 2014) +- [Stefan Bühler brought this change] -Daniel Stenberg (16 Jul 2014) -- RELEASE-NOTES: synced with 4cb2521595 + move Curl_share_lock and ref counting into Curl_fetch_addr -- test506: verify aa6884845168 +- [Stefan Bühler brought this change] + + fix refreshing of obsolete dns cache entries - After the fixed cookie lock deadlock, this test now passes and it - detects double-locking and double-unlocking of mutexes. + - cache entries must be also refreshed when they are in use + - have the cache count as inuse reference too, freeing timestamp == 0 special + value + - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed + - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh) + - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special + reference anymore, and it would also release non CURLOPT_RESOLVE references + - fix locking in Curl_hostcache_clean + - fix unit1305.c: hash now keeps a reference, need to set inuse = 1 -- [Yousuke Kimoto brought this change] +- RELEASE-NOTES: synced with abf6bddc14a - cookie: avoid mutex deadlock - - ... by removing the extra mutex locks around th call to - Curl_flush_cookies() which takes care of the locking itself already. - - Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html +- [Jay Satiro brought this change] -- gnutls: fix compiler warning - - conversion to 'int' from 'long int' may alter its value + checksrc.bat: Check lib\vtls source -Dan Fandrich (15 Jul 2014) -- test320: strip off the actual negotiated cipher width - - It's irrelevant to the test, and will change depending on which SSL - library is being used by libcurl. +- [Jay Satiro brought this change] -- gnutls: detect lack of SRP support in GnuTLS at run-time and try without + cyassl: Set minimum protocol version before CTX callback - Reported-by: David Woodhouse + This change is to allow the user's CTX callback to change the minimum + protocol version in the CTX without us later overriding it, as we did + prior to this change. -Daniel Stenberg (14 Jul 2014) -- [Michał Górny brought this change] +- [Jay Satiro brought this change] - configure: respect host tool prefix for krb5-config + build-openssl.bat: Fix mixed line endings - Use ${host_alias}-krb5-config if available. This improves cross- - compilation support and fixes multilib on Gentoo (at least). + Use LF not CRLF, throughout. msysgit will only convert a file to CRLF + on checkout if it's not mixed. -- [David Woodhouse brought this change] +- [Jay Satiro brought this change] - gnutls: handle IP address in cert name check + cyassl: Fix certificate load check - Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function - didn't actually check IP addresses in SubjectAltName, even though it was - explicitly documented as doing so. So do it ourselves... + SSL_CTX_load_verify_locations can return negative values on fail, + therefore to check for failure we check if load is != 1 (success) + instead of if load is == 0 (failure), the latter being incorrect given + that behavior. -Dan Fandrich (14 Jul 2014) -- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r - -Daniel Stenberg (14 Jul 2014) -- RELEASE-NOTES: next one is called 7.37.1 +- [Tatsuhiro Tsujikawa brought this change] -Dan Fandrich (13 Jul 2014) -- gnutls: improved error message if setting cipher list fails + http2: Fix missing nghttp2_session_send call in Curl_http2_switched - Reported-by: David Woodhouse + Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to + parse incoming data which were already received while curl was handling + upgrade. But we didn't call nghttp2_session_send, and it led to make + curl not send any response to the received frames. Most likely, we + received SETTINGS from server at this point, so we missed opportunity to + send SETTINGS + ACK. This commit adds missing nghttp2_session_send call + in Curl_http2_switched to fix this issue. + + Bug: https://github.com/bagder/curl/issues/192 + Reported-by: Stefan Eissing -- netrc: fixed thread safety problem by using getpwuid_r if available +- cookie: handle spaces after the name in Set-Cookie + + "name =value" is fine and the space should just be skipped. - The old way using getpwuid could cause problems in programs that enable - reading from netrc files simultaneously in multiple threads. + Updated test 31 to also test for this. - Reported-by: David Woodhouse + Bug: https://github.com/bagder/curl/issues/195 + Reported-by: cromestant + Help-by: Frank Gevaerts -- RELEASE-NOTES: add the reporter of the previous bug fix +- [Jay Satiro brought this change] -- netrc: treat failure to find home dir same as missing netrc file + cyassl: Fix library initialization return value - This previously caused a fatal error (with a confusing error code, at - that). + (Curl_cyassl_init) + - Return 1 on success, 0 in failure. - Reported by: Glen A Johnson Jr. + Prior to this change the fail path returned an incorrect value and the + evaluation to determine whether CyaSSL_Init had succeeded was incorrect. + Ironically that combined with the way curl_global_init tests SSL library + initialization (!Curl_ssl_init()) meant that CyaSSL having been + successfully initialized would be seen as that even though the code path + and return value in Curl_cyassl_init were wrong. -Steve Holme (12 Jul 2014) -- RELEASE-NOTES: Synced with aaaf9e50ec +- [Thomas Ruecker brought this change] -- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions + CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" - Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html - Reported-by: David Woodhouse - -- build: Fixed overridden compiler PDB settings in VC7 to VC12 + Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200" + under certain conditions: - The curl tool project files for VC7 to VC12 would override the default - setting with the output filename being the same as the linker PDB file. - As such the compiler file would be overwritten with the linker file - for all debug builds. + client_wants_icy_headers (connection_t *con) + { + const char *val; - To avoid this overwrite and for consistency with the libcurl project - files, removed the setting to force the default filename to be used. - -Dan Fandrich (12 Jul 2014) -- tests: added globbing keyword to URL globbing tests + if (!con) + return 1; + + val = get_user_agent (con); + if (!val || !val[0] || strcmp (val, "(null)") == 0) + return 1; + + if (con->food.client->use_icy) + return 1; + if (strncasecmp (val, "winamp", 6) == 0) + return 1; + if (strncasecmp (val, "Shoutcast", 9) == 0) + return 1; + + return 0; + } + + So mainly if there is no 'user agent' or it is '(null)' or contains + 'winamp' or 'Shoutcast'. + + No mainstream distribution carries Icecast 1.3.x anymore, after all + it was released in 2002 and superseded by Icecast 2.x. -- Fixed some "statement not reached" warnings +Dan Fandrich (31 Mar 2015) +- axtls: add timeout within Curl_axtls_connect + + This allows test 405 to pass on axTLS. -- gnutls: fixed a couple of uninitialized variable references +Daniel Stenberg (30 Mar 2015) +- [Jay Satiro brought this change] -- gnutls: fixed compilation against versions < 2.12.0 + checksrc: Windows-specific input fixes - The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but - the code path in which they're referenced here is only ever used for - somewhat older GnuTLS versions. This caused undeclared identifier errors - when compiling against those. - -- gnutls: explicitly added SRP to the priority string + lib/config-win32ce.h + - Fix whitespace for checksrc compliance. + + lib/checksrc.pl + - Remove trailing carriage returns from input. - This seems to have become necessary for SRP support to work starting - with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS - before the function that takes this priority string, there should be no - issue with backward compatibility. + projects/checksrc.bat + - Ignore tool_hugehelp.c. -- tests: adjust for capitalization differences in newer gnutls-serv +- [Dagobert Michelsen brought this change] -- test320/1/2/4: fix the port number substitution variables + configure: Use KRB5CONFIG for krb5-config - These tests have been broken since commit 1958fe57 in Oct. 2011 + Allows the user to easier override its path. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1486 -- tests: document more test identifiers and variables +- multi: remove_handle: move pending connections + + If the handle removed from the multi handle happens to be the one + "owning" the pipeline other transfers will be waiting indefinitely. Now + we move such handles back to connect to have them race (again) for + getting the connection and thus avoid hanging. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak -- gnutls: ignore invalid certificate dates with VERIFYPEER disabled +- KNOWN_BUGS: 89 is bug #1411 - This makes the behaviour consistent with what happens if a date can - be extracted from the certificate but is expired. + Disabling pipelining on multi handle with in-progress pipelined requests + leads to heap corruption and crash -Steve Holme (10 Jul 2014) -- CURLOPT_UPLOAD: Corrected argument type +- [Jay Satiro brought this change] -Daniel Stenberg (9 Jul 2014) -- FAQ: expand the thread-safe section + cyassl: CTX callback cosmetic changes and doc fix - ... with a mention of *NOSIGNAL, based on talk in bug #1386 + - More descriptive fail message for NO_FILESYSTEM builds. + - Cosmetic changes. + - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific. -Dan Fandrich (9 Jul 2014) -- url.c: Fixed memory leak on OOM - - This showed itself on some systems with torture failures - in tests 1060 and 1061 +- RELEASE-NOTES: synced with d2feb71752f -- Update instances of some obsolete CURLOPTs to their new names +Dan Fandrich (28 Mar 2015) +- tool_operate: only set SSL options if SSL is enabled -Daniel Stenberg (5 Jul 2014) -- [Marcel Raad brought this change] +- runtests.pl: detect WolfSSL as yassl - compiler warnings: potentially uninitialized variables - - ... pointed out by MSVC2013 - - Bug: http://curl.haxx.se/bug/view.cgi?id=1391 +Daniel Stenberg (27 Mar 2015) +- [Kyle L. Huff brought this change] -Kamil Dudka (4 Jul 2014) -- nss: make the list of CRL items global + cyassl: add SSL context callback support for CyaSSL - Otherwise NSS could use an already freed item for another connection. + Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better + handles CyaSSL instances using NO_FILESYSTEM. -- nss: fix a memory leak when CURLOPT_CRLFILE is used +- [Kyle L. Huff brought this change] -- nss: make crl_der allocated on heap + cyassl: remove undefined reference to CyaSSL_no_filesystem_verify - ... and spell it as crl_der instead of crlDER + CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or + CyaSSL. This reference causes build errors when compiling with + NO_FILESYSTEM. -- nss: let nss_{cache,load}_crl return CURLcode +- [Jay Satiro brought this change] -- tool: oops, forgot to include + build: Fix libcurl.sln erroneous mixed configurations - ... that contains the declaration of PL_ArenaFinish() + Prior to this change some Release configurations had an active + configuration assignment to their Debug counterpart. + +- [Jay Satiro brought this change] + + vtls: Don't accept unknown CURLOPT_SSLVERSION values + +- [Jay Satiro brought this change] -- tool: call PL_ArenaFinish() on exit if NSPR is used + url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined + +- [Paul Howarth brought this change] + + build: link curl to openssl libraries when openssl support is enabled - This prevents valgrind from reporting still reachable memory allocated - by NSPR arenas (mainly the freelist). + This fixes a build failure where openssl and libmetalink are used + together and the system linker does not do implicit linking (e.g. + Fedora 13 and later releases). The MD5 functions required for + metalink support must be pulled in from the openssl crypto library. - Reported-by: Hubert Kario - -Daniel Stenberg (3 Jul 2014) -- [Dimitrios Siganos brought this change] + This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133, + which fixes the same sort of problem for NSS builds. - example: use correct type (long) for CURLOPT_FOLLOWLOCATION +- multi: on a request completion, check all CONNECT_PEND transfers + + ... even if they don't have an associated connection anymore. It could + leave the waiting transfers pending with no active one on the + connection. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak -- [Dimitrios Siganos brought this change] +- [Emil Lerner brought this change] - Document type of argument for CURLOPT_FOLLOWLOCATION. + globbing: fix url number calculation when using range with step + + In function glob_range, the number of urls was multiplied by (max - min + + 1), regardless of step. The correct formula is (max - min) / step + 1 -- [Dimitrios Siganos brought this change] +- README.http2: refreshed and added TODO items - Document type of argument for CURLOPT_ERRORBUFFER. +- [Emil Lerner brought this change] -- [Dimitrios Siganos brought this change] + globbing: fix step parsing for character globbing ranges + + The glob_range function used wrong offset (3 instead of 4) for parsing + integer step inside character range specification, which led to 'bad + range' error when using character ranges with explicitly specified step + (such as '[a-z:2]') - Document type of argument for CURLOPT_COPYPOSTFIELDS. +- polarssl: called mbedTLS in 1.3.10 and later -- [Dimitrios Siganos brought this change] +- polarssl: remove dead code + + and simplify code by changing if-elses to a switch() + + CID 1291706: Logically dead code. Execution cannot reach this statement - Document type of argument for CURLOPT_ADDRESS_SCOPE. +- polarssl: remove superfluous for(;;) loop + + "unreachable: Since the loop increment is unreachable, the loop body + will never execute more than once." + + Coverity CID 1291707 -- curl.1: minor language fix +- Curl_ssl_md5sum: return CURLcode + + ... since the funciton can fail on OOM. Check this return code. - Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html + Coverity CID 1291705. -- [Ray Satiro brought this change] +- [Jay Satiro brought this change] - progress callback: skip last callback update on errors + cyassl: default to highest possible TLS version - When an error has been detected, skip the final forced call to the - progress callback by making sure to pass the current return code - variable in the Curl_done() call in the CURLM_STATE_DONE state. + (cyassl_connect_step1) + - Use TLS 1.0-1.2 by default when available. - This avoids the "extra" callback that could occur even if you returned - error from the progress callback. + CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade + version. - Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html - Reported by: Jonathan Cardoso Machado + cyassl/cyassl@322f79f + +- [Jay Satiro brought this change] + + cyassl: Check for invalid length parameter in Curl_cyassl_random -Dan Fandrich (2 Jul 2014) -- opts: fixed some CURLOPT references so they get turned into links +- [Jay Satiro brought this change] -Kamil Dudka (2 Jul 2014) -- tool: call PR_Cleanup() on exit if NSPR is used + cyassl: If wolfSSL then identify as such in version string + +Dan Fandrich (24 Mar 2015) +- symbols-in-versions: added CURLOPT_PATH_AS_IS + +- testcurl.pl: add the --notes option to supply more info about a build - This prevents valgrind from reporting possibly lost memory that NSPR - uses for file descriptor cache and other globally allocated internal - data structures. + Support for notes has been in place for a while, but it required + being added to the setup file manually. -- nss: make the fallback to SSLv3 work again +- curl_memory: make curl_memory.h the second-last header file loaded - This feature was unintentionally disabled by commit ff92fcfb. + This header file must be included after all header files except + memdebug.h, as it does similar memory function redefinitions and can be + similarly affected by conflicting definitions in system or dependent + library headers. -- nss: do not abort on connection failure +Daniel Stenberg (24 Mar 2015) +- openssl: do the OCSP work-around for libressl too - ... due to calling SSL_VersionRangeGet() with NULL file descriptor + I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to + still require the work-around for stapling to work. + +- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a - reported-by: upstream tests 305 and 404 + URL: http://curl.haxx.se/mail/lib-2015-03/0205.html + Reported-by: Alessandro Ghedini + +- openssl: adapt to ASN1/X509 things gone opaque in 1.1 -Dan Fandrich (1 Jul 2014) -- opts: Document the socket callback function parameters +Dan Fandrich (24 Mar 2015) +- [Jay Satiro brought this change] -Steve Holme (28 Jun 2014) -- opts: Fixed some typos + curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description -Dan Fandrich (25 Jun 2014) -- curl_easy_setopt.3: fixed the error code for an unsupported option +- [Viktor Szakáts brought this change] -- opts: added some DEFAULT and RETURN VALUE sections + CURLOPT_HTTPHEADER.3: fix typo in recent commit -Daniel Stenberg (21 Jun 2014) -- libcurl docs: man page edits - - mainly to improve how the web versions render +- [Viktor Szakáts brought this change] -Dan Fandrich (21 Jun 2014) -- curl_easy_setopt.3: fixed some typos + CURLOPT_PATH_AS_IS.3: add type 'long' to prototype -Daniel Stenberg (21 Jun 2014) -- lib man pages: update easy setopt option references +- vtls: fix compile with --disable-crypto-auth but with SSL - ... by using the "\fIopt(3)\fP" syntax they will be linked properly when - the web version of the page is generated. + This is a strange combination of options, but is allowed. -- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default +Patrick Monnerat (24 Mar 2015) +- os400: define new options in ILE/RPG binding. -- [Colin Hogben brought this change] +Daniel Stenberg (24 Mar 2015) +- RELEASE-NOTES: synced with f6878609361 - lib: documentation updates in README.hostip - - c-ares now does support IPv6; - avoid implying threaded resolver is Windows-only; - two referenced source files were renamed in 7de2f92 +- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS -- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception +- CURLOPT_PATH_AS_IS: added - ... to the always-copy-char *-argument. + --path-as-is is the command line option - And fix some minor mistakes. - -- curl_easy_setopt.3: refer to the individual man pages + Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 - With all the new individual option man pages created, this now refers to - each separate one instead of duplicaing the info. Also makes this page - easier to overview. + Added test in test 1241 -Dan Fandrich (21 Jun 2014) -- opts: fixed mancheck for out-of-tree builds +- [Yamada Yasuharu brought this change] -Daniel Stenberg (21 Jun 2014) -- curl_easy_setopt.3: shorten + curl_easy_recv/send: make them work with the multi interface - shorten descriptions, mostly refer to the separate descriptions - -- CURLOPT_DNS_LOCAL_IP4.3: better short desc + By making sure Curl_getconnectinfo() uses the correct connection cache + to find the last connection. -Dan Fandrich (20 Jun 2014) -- opts: document CURLE_OUT_OF_MEMORY among other return values +- http2: move the init too for when its actually needed + + ... it would otherwise lead to memory leakage if we never actually do + the switch. -- opts: fixed some typos +Dan Fandrich (23 Mar 2015) +- dict: rename byte to avoid compiler shadowed declaration warning + + This conflicted with a WolfSSL typedef. -Daniel Stenberg (20 Jun 2014) -- opts: various corrections +- cyassl: include version.h to ensure the version macros are defined -- opts: add the rest of the options +- test1513: eliminated race condition in test run - ... and fixed mancheck to ignore obsolete options + It seems that some systems (e.g. fairly consistently in some recent + Solaris autobuilds) would manage to get to the connect phase before the + progress callback was called, resulting in a CURLE_COULDNT_CONNECT + error. Reworked the test to point at a test server that never returns a + full result so the progress callback always gets a chance to be called + before the transfer can complete in some other way. -- opts: the final bunch of options as man pages +Nick Zitzmann (21 Mar 2015) +- darwinsssl: add support for TLS False Start - Now all current options have their own man pages. - -- opts: 37 additional man pages - -- CURLOPT_URL: move up the text from "Notes" + TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later. -- ROADMAP: removed, now ROADMAP.md +Daniel Stenberg (21 Mar 2015) +- gtls: add check of return code + + Coverity CID 1291167 pointed out that 'rc' was received but never used when + gnutls_credentials_set() was used. Added return code check now. -- ROADMAP.md: make it markdown formatted +- gtls: dereferencing NULL pointer + + Coverity CID 1291165 pointed out 'chainp' could be dereferenced when + NULL if gnutls_certificate_get_peers() had previously failed. -- ROADMAP: initial commit of "curl the next few years" +- gtls: avoid uninitialized variable. - To be further discussed, debated and edited + Coverity CID 1291166 pointed out that we could read this variable + uninitialized. -- opts: more man pages +Dan Fandrich (21 Mar 2015) +- tests/certs: rebuild certificates with modified key usage bits + + The certificates were missing the digitalSignature and keyAgreement + usage types, of which at least digitalSignature was checked by CyaSSL. + This caused the test server in test 310 (among others) to fail the + startup verification and therefore run (see + http://curl.haxx.se/mail/lib-2014-07/0303.html). -- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' +- tests/certs: added make target to rebuild certificates + + The certificate generation scripts were also updated to better match the + format of the certificates currently checked in. -- opts: makefile now includes all current man pages +Daniel Stenberg (21 Mar 2015) +- x509asn1: add /* fallthrough */ in switch() case -- opts: 11 more man pages +- x509asn1: minor edit to unconfuse Coverity + + CID 1202732 warns on the previous use, although I cannot fine any + problems with it. I'm doing this change only to make the code use a more + familiar approach to accomplish the same thing. -Dan Fandrich (18 Jun 2014) -- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE +- [Dagobert Michelsen brought this change] -- opts: fixed a couple of typos + testcurl: Allow '=' in values given on command line -Patrick Monnerat (18 Jun 2014) -- OS400: make it compilable again. Make RPG binding up to date. +- nss: error: unused variable 'connssl' -- buildconf: do not search tools in current directory. +Dan Fandrich (21 Mar 2015) +- test938: added missing closing tags -Dan Fandrich (18 Jun 2014) -- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx - - This is consistent with the existing obsolete error code naming - convention. +- cyassl: use new library version macro when available -Daniel Stenberg (18 Jun 2014) -- opts: 16 more man pages +Kamil Dudka (20 Mar 2015) +- [Alessandro Ghedini brought this change] -- opts: more man pages + curl: add --false-start option -- CURLOPT_READFUNCTION.3: add short desc +- [Alessandro Ghedini brought this change] -- CURLOPT_LOW_SPEED_LIMIT.3: language + nss: add support for TLS False Start -- opts: 4 more man pages +- [Alessandro Ghedini brought this change] -- opts: add all existing man pages to the dist + url: add CURLOPT_SSL_FALSESTART option + + This option can be used to enable/disable TLS False Start defined in the RFC + draft-bmoeller-tls-falsestart. -- libcurl build: use correct dir when cd'ing to opts for pdf building +Patrick Monnerat (20 Mar 2015) +- [Alessandro Ghedini brought this change] -Dan Fandrich (18 Jun 2014) -- tests: Use CURLOPT_READDATA instead of the obsolete CURLOPT_INFILE + gtls: implement CURLOPT_CERTINFO -- opts: fixed a few typos +Daniel Stenberg (20 Mar 2015) +- [Alessandro Ghedini brought this change] -Daniel Stenberg (18 Jun 2014) -- opts: 29 more options as man pages + openssl: try to avoid accessing OCSP structs when possible -- curl.h: moved two really old deprecated symbols +- CURLOPT_URL.3: spelling! - ... from the CINIT() enum + Reported-by: Frank Gevaerts -- opts: 9 more options as separate man pages +- CURLOPT_URL.3: Added "SECURITY CONCERNS" -- opts: 3 more options as man pages +- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section -- opts: 7 more setopt options as individual man pages - -- opts template: provide a filled in error code phrase - -- CURLOPT_SOCKOPTFUNCTION.3: clarify return code +Dan Fandrich (19 Mar 2015) +- cyassl: detect the library as renamed wolfssl + + This change was made in CyaSSL/WolfSSL ver. 3.4.0 -- curl.h: reverse the enum/define setup for old symbols +Daniel Stenberg (19 Mar 2015) +- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 - We now provide the "real" names in the CINIT() macro setup for CURLOPT_* - symbols, and we provide backwards compatibility defines for the old - symbols as defines instead of vice versa. + We prematurely changed protocol handler to HTTP/2 which made things very + slow (and wrong). - This allows us to better use the CINIT() list to check for existing and - current option names. + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 -- CURLOPT_WRITEDATA.3: move version info to AVAILABILITY +Dan Fandrich (19 Mar 2015) +- axtls: version 1.5.2 now requires that config.h be manually included -- opts: 4 more options with stand-alone man pages +Daniel Stenberg (19 Mar 2015) +- metalink: fix resource leak in OOM + + Coverity CID 1288826 -- CURLOPT_READFUNCTION.3: see also the seekfunction +Dan Fandrich (18 Mar 2015) +- docs/libcurl: clean up libcurl-symbols.3 -- CURLOPT_IOCTLFUNCTION.3: fill in short desc +- docs/libcurl: check that all options with man pages are referenced + + If a man page exists in the opts/ directory, it must also be referenced + either in curl_easy_setopt.3 or curl_multi_setopt.3 -Dan Fandrich (17 Jun 2014) -- CURLOPT_READDATA.3: fixed typo +- curl_easy_setopt.3: added a few missing options -Daniel Stenberg (17 Jun 2014) -- [Michał Górny brought this change] +Kamil Dudka (18 Mar 2015) +- nss: explicitly tell NSS to disable NPN/ALPN + + ... if disabled at libcurl level. Otherwise, we would allow to + negotiate NPN despite curl was invoked with the --no-npn option. - tool_metalink: Support polarssl as digest provider +Daniel Stenberg (18 Mar 2015) +- [Jay Satiro brought this change] -- opts: initial makefile + mkhelp: Remove trailing carriage return from every line of input - with a bonus first rough 'mancheck' target to see which man pages that - are still missing + - Get rid of this flood of warnings in Windows mingw build: + warning: missing terminating " character + + The warning is due to the carriage return. When msysgit checks out files + from the repo by default it converts the line endings to CRLF. Prior to + this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF + format the trailing carriage returns caused unnecessary CR in the + output. -- CURLOPT_IOCTLFUNCTION.3: initial man page +- RELEASE-NOTES: synced with e539f01567 -- CURLOPT_WRITEFUNCTION: changed the order of some sentences - - First explain the data then describe what the callback should return. +- [Christian Weisgerber brought this change] -- CURLOPT_WRITEFUNCTION.3: improved language + docs/libcurl: make portability fix - Suggestions-by: Jeff Pohlmeyer + Using $< in a non-suffix rule context is a GNU make idiom. This bug was + introduced in 7.41.0. -- opts docs: 3 more options in their own man pages +Dan Fandrich (17 Mar 2015) +- checksrc: Fix whitelist on out-of-tree builds -- template: a template for adding new option man pages - - Inludes all the sections to consider. +Daniel Stenberg (17 Mar 2015) +- [Stefan Bühler brought this change] -- CURLOPT_WRITEFUNCTION: add RETURN VALUE and DEFAULT sections + Curl_sh_entry: remove unused 'timestamp' -- [MAN-AT-ARMS brought this change] +- HTTP: don't use Expect: headers when on HTTP/2 + + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 - curlbuild: fix GCC build on SPARC systems without configure script +- checksrc: detect and remove space before trailing semicolons -- CURLOPT_WRITEFUNCTION: initial man page +- checksrc: introduce a whitelisting concept -- CURLOPT_WILDCARDMATCH: initial man page +- checksrc: use space after comma -- CURLOPT_VERBOSE: initial man page +- checksrc: use space before paren in "return (expr);" -- CURLOPT_NOSIGNAL: initial man page +- CONTRIBUTE: refer to git log instead of deprecated CHANGES file -- CURLOPT_NOPROGRESS: initial man page +- CURLOPT_*.3: more examples and edits -- CURLOPT_HEADER: initial man page +- CURLOPT_*.3: added lots of small example sections -Dan Fandrich (15 Jun 2014) -- sasl: Added back qop argument mistakenly removed in e95ca7ce - - This caused segfaults on tests 823 869 907. +- CURLOPT_PRIVATE.3: provide an example -- test1398: Added test to Makefile.am +- CURLOPT_*TIMEOUT.3: provide examples -- https: Fix build when http2 is disabled +- CURLOPT_USERAGENT.3: added an example -Daniel Stenberg (14 Jun 2014) -- http2: better return code error checking +- CURLOPT_STDERR.3: added an example -- [Lindley French brought this change] +- curl_easy_perform.3: remove superfluous close brace from example - conncache: move the connection counter to the cache struct +- free: instead of Curl_safefree() - The static connection counter caused a race condition. Moving the - connection id counter into conncache solves it, as well as simplifying - the related logic. - -- http2: avoid segfault when usint the plain-text http2 + Since we just started make use of free(NULL) in order to simplify code, + this change takes it a step further and: - This regression was introduced when *init was split into *init and - *setup... - -Steve Holme (11 Jun 2014) -- RELEASE-NOTES: Synced with 3aa1329e0a - -Daniel Stenberg (11 Jun 2014) -- curl_sasl: revert the goto for error bailout + - converts lots of Curl_safefree() calls to good old free() + - makes Curl_safefree() not check the pointer before free() - They were added because of an older code path that used allocations and - should not have been left in the code. With this change the logic goes - back to how it was. + The (new) rule of thumb is: if you really want a function call that + frees a pointer and then assigns it to NULL, then use Curl_safefree(). + But we will prefer just using free() from now on. + +- [Markus Elfring brought this change] -- NTLM: set a fake entropy for debug builds with CURL_ENTROPY set + Bug #149: Deletion of unnecessary checks before a few calls of cURL functions - Curl_rand() will return a dummy and repatable random value for this - case. Makes it possible to write test cases that verify output. + The following functions return immediately if a null pointer was passed. + * Curl_cookie_cleanup + * curl_formfree - Also, fake timestamp with CURL_FORCETIME set. + It is therefore not needed that a function caller repeats a corresponding check. - Only when built debug enabled of course. + This issue was fixed by using the software Coccinelle 1.0.0-rc24. - Curl_ssl_random() was not used anymore so it has been - removed. Curl_rand() is enough. + Signed-off-by: Markus Elfring + +- [Markus Elfring brought this change] + + Bug #149: Deletion of unnecessary checks before calls of the function "free" - create_digest_md5_message: generate base64 instead of hex string + The function "free" is documented in the way that no action shall occur for + a passed null pointer. It is therefore not needed that a function caller + repeats a corresponding check. + http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first - curl_sasl: also fix memory leaks in some OOM situations - -Steve Holme (11 Jun 2014) -- tests: Disabled NTLM tests for non-debug builds + This issue was fixed by using the software Coccinelle 1.0.0-rc24. - Added required "debug" feature, missed in commit 1c9aaa0bac, as NTLMv2 - calls Curl_rand() which can only be fixed to a specific entropy in - debug builds. - -- Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set + Signed-off-by: Markus Elfring -Daniel Stenberg (10 Jun 2014) -- [Marcel Raad brought this change] +- [Jay Satiro brought this change] - getinfo: HTTP CONNECT code not reset between transfers + connect: Fix happy eyeballs logic for IPv4-only builds - httpproxycode is not reset in Curl_initinfo, so a 407 is not reset even - if curl_easy_reset is called between transfers. + Bug: https://github.com/bagder/curl/pull/168 - Bug: http://curl.haxx.se/bug/view.cgi?id=1380 - -- [Alessandro Ghedini brought this change] - - transfer: fix info messages when switching method on 301 and 302 + (trynextip) + - Don't try the "other" protocol family unless IPv6 is available. In an + IPv4-only build the other family can only be IPv6 which is unavailable. - The method change is forbidden by the obsolete RFC2616, but libcurl did - it anyway for compatibility reasons. The new RFC7231 allows this - behaviour so there's no need for the scary "Violate RFC 2616/10.3.x" - notice. Also update the comments accordingly. - -Steve Holme (6 Jun 2014) -- winbuild: Don't USE_WINSSL when WITH_SSL is being used + This change essentially stops IPv4-only builds from attempting the + "happy eyeballs" secondary parallel connection that is supposed to be + used by the "other" address family. - Regression of commit d39bbcfa8d when compiling against OpenSSL. - -- RELEASE-NOTES: Synced with 99303bcde5 + Prior to this change in IPv4-only builds that secondary parallel + connection attempt could be erroneously used by the same family (IPv4) + which caused a bug where every address after the first for a host could + be tried twice, often in parallel. This change fixes that bug. An + example of the bug is shown below. + + Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: + + * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) + * Rebuilt URL to: http://MTEST/ + * Added connection 0. The cache now contains 1 members + * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 + (connection #0) + * Trying 127.0.0.2... + * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 + (connection #0) + * Trying 127.0.0.3... + * connect to 127.0.0.2 port 80 failed: Connection refused + * Trying 127.0.0.3... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.4 port 80 failed: Connection refused + * connect to 127.0.0.4 port 80 failed: Connection refused + * Failed to connect to MTEST port 80: Connection refused + * Closing connection 0 + * The cache now contains 0 members + * Expire cleared + curl: (7) Failed to connect to MTEST port 80: Connection refused + + The bug was born in commit bagder/curl@2d435c7. -- build: Fixed Visual Studio static OpenSSL builds following commit c50ce85918 +- mksymbolsmanpage.pl: use std header and generate better nroff header -- winbuild: Fixed static OpenSSL builds following commit c50ce85918 +- [Frank Meier brought this change] -- config-win32.h: Updated for VC12 + closesocket: call multi socket cb on close even with custom close + + In function Curl_closesocket() in connect.c the call to + Curl_multi_closed() was wrongly omitted if a socket close function + (CURLOPT_CLOSESOCKETFUNCTION) is registered. - Bug: http://curl.haxx.se/bug/view.cgi?id=1378 - Reported and Patched-by: Marcel Raad + That would lead to not removing the socket from the internal hash table + and not calling the multi socket callback appropriately. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1493 -Daniel Stenberg (4 Jun 2014) -- KNOWN_BUGS: #83 was addressed with commit c50ce859187ca +- [Tobias Stoeckmann brought this change] -- Curl_ossl_init: call OPENSSL_config for initing engines + hostip: Fix signal race in Curl_resolv_timeout. - Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html - Reported-by: Дмитрий Фалько - -- random: use Curl_rand() for proper random data + A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is + configured to interrupt system calls and uses siglongjmp to return into + the function if alarm() goes off. - The SASL/Digest previously used the current time's seconds + - microseconds to add randomness but it is much better to instead get more - data from Curl_rand(). + The signal handler is installed before curl_jmpenv is initialized. + This means that an already installed alarm timer could trigger the + newly installed signal handler, leading to undefined behavior when it + accesses the uninitialized curl_jmpenv. - It will also allow us to easier "fake" that for debug builds on demand - in a future. - -Steve Holme (2 Jun 2014) -- curl_sasl: Fixed copy/paste error of now.tv_sec in commit eefeb73af4 - -Daniel Stenberg (2 Jun 2014) -- RELEASE-NOTES: synced with d603ed67535 - -- KNOWN_BUGS: #30 was fixed in 0bc4938eeccce, 7.37.0 - -Steve Holme (1 Jun 2014) -- curl_sasl: Fixed compilation warning under DEBUGBUILD - -- tests: Fixed up DIGEST-MD5 tests following commit eefeb73af4 + Even if there is no previously installed alarm available, the code in + Curl_resolv_timeout itself installs an alarm before the environment is + fully set up. If the process is sent into suspend right after that, the + signal handler could be called too early as in previous scenario. + + To fix this, the signal handler should only be installed and the alarm + timer only be set after sigsetjmp has been called. -- curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex string +- http2: detect prematures close without data transfered - Rather than use a short 8-byte hex string, extended the cnonce to be - 32-bytes long, like Windows SSPI does. + ... by using the regular Curl_http_done() method which checks for + that. This makes test 1801 fail consistently with error 56 (which seems + fine) to that test is also updated here. - Used a combination of random data as well as the current date and - time for the generation. + Reported-by: Ben Darnell + Bug: https://github.com/bagder/curl/issues/166 -- curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generation - -Dan Fandrich (29 May 2014) -- tests: Fix portability issue with the tftpd server and timeouts +Dan Fandrich (13 Mar 2015) +- test320: Expect the Host header to be the first header - gcc spit out warning: variable 'x' might be clobbered by 'longjmp' or - 'vfork' messages for a few variables. These automatic variables were - expected to be changed between a setjmp/longjmp and hold their values, - so are now marked volatile. + Required for the test to work after a5d994941c2b. -Steve Holme (28 May 2014) -- RELEASE-NOTES: Synced with 2a615a2b64 +Daniel Stenberg (12 Mar 2015) +- RELEASE-NOTES: synced with 186e46d88dd -- build: Use $(TargetDir) and $(TargetName) macros for VC .lib output files +- openssl: use colons properly in the ciphers list - As with commit 11397eb6dd, use $(TargetDir) and $(TargetName) for the - Import Library output rather than $(OutDir)\$(ProjectName)d.lib and - $(OutDir)\$(ProjectName).lib. - -- build: Use $(TargetDir) and $(TargetName) macros for VC .pdb output files + While the previous string worked, this is the documented format. - Like with the curl tool project files use $(TargetDir)$(TargetName).pdb - rather than $(OutDir)$(ProjectName)d.pdb for the Program Database File - output. + Reported-by: Richard Moore -Daniel Stenberg (28 May 2014) -- gnutls: allow building with nghttp2 but without ALPN support +- openssl: sort the ciphers on strength - It might not be the most useful combo, but... + This makes curl pick better (stronger) ciphers by default. The strongest + available ciphers are fine according to the HTTP/2 spec so an OpenSSL + built curl is no longer rejected by string HTTP/2 servers. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 -- [Alessandro Ghedini brought this change] +- [Fabian Keil brought this change] - gnutls: don't use deprecated type names anymore + test203[0-3]: Expect the Host header to be the first header + + Required for the tests to work after a5d994941c2b. -- [Brad Spencer brought this change] +- openssl: show the cipher selection to use - select: with winsock, avoid passing unsupported arguments to select() +- http: always send Host: header as first header - "Any two of the parameters, readfds, writefds, or exceptfds, can be - given as null. At least one must be non-null, and any non-null - descriptor set must contain at least one handle to a socket." + ...after the method line: - http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx + "Since the Host field-value is critical information for handling a + request, a user agent SHOULD generate Host as the first header field + following the request-line." / RFC 7230 section 5.4 - When using select(), cURL doesn't adhere to this (WinSock-specific) - rule, and can ask to monitor empty fd_sets, which leads to select() - returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious - ways as a result (at least when using the curl_multi_socket_action() - interface). + Additionally, this will also make libcurl ignore multiple specified + custom Host: headers and only use the first one. Test 1121 has been + updated accordingly - Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html + Bug: http://curl.haxx.se/bug/view.cgi?id=1491 + Reported-by: Rainer Canavan -- url-parser: only use if_nametoindex if detected by configure - - The previous #ifdef detection wasn't good enough. - - Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html - Reported-by: Chris Young +- [Alexander Pepper brought this change] -- curl_version_info.3: returns a pointer to a static struct + mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q". - And clarify that age 3 means 7.16.1 or later. + Also unified printing to STDERR by creating the helper method "report". -- [Fabian Frank brought this change] - - polarssl: add ALPN support - - PolarSSL added ALPN support in their 1.3.6 release. +- proxy: re-use proxy connections (regression) - See: - https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released - -- curl_easy_reset: reset the URL + When checking for a connection to re-use, a proxy-using request must + check for and use a proxy connection and not one based on the host + name! - Make sure that the URL is reset and cleared. + Added test 1421 to verify - Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html - Reported-by: Jonathan Cardoso Machado + Bug: http://curl.haxx.se/bug/view.cgi?id=1492 -- configure: fix the nghttp2 detection when not found +- [Jay Satiro brought this change] -- configure: detect nghttp2 by default + memanalyze.pl: handle free(NULL) -- [Tatsuhiro Tsujikawa brought this change] +- [Jay Satiro brought this change] - openssl: Fix uninitialized variable use in NPN callback + .travis.yml: Change CI make test to make test-full - OpenSSL passes out and outlen variable uninitialized to - select_next_proto_cb callback function. If the callback function - returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled - values in out and outlen and processes as such. Previously, if there - is no overlap in protocol lists, curl code does not fill any values in - these variables and returns SSL_TLSEXT_ERR_OK, which means we are - triggering undefined behavior. valgrind warns this. + - Change the continuous integration script to use 'make test-full' + instead of just 'make test' so that the diagnostic log output is + printed to stdout when a test fails. - This patch fixes this issue by fallback to HTTP/1.1 if there is no - overlap. - -- curl.1: clarify that -u can't specify a user with colon + - Change the continuous integration script to use + './configure --enable-debug' instead of just './configure' so that the + memory analyzer will work during testing. + + Prior to this change Travis used its default C test script: + ./configure && make && make test -Steve Holme (22 May 2014) -- README: Added Test Suite to the TODO list +- [Alessandro Ghedini brought this change] -- build: Use CURLX_* file lists for Visual Studio curl tool project generation + gtls: correctly align certificate status verification messages -- tool_getparam.c: Fixed compilation warnings - - There is an implicit conversion from "unsigned long" to "long" +- [Alessandro Ghedini brought this change] -- RELEASE-NOTES: Synced with f634355868 + gtls: don't print double newline after certificate dates -Dan Fandrich (22 May 2014) -- http: Fix a compiler warning when http2 support is disabled +- [Alessandro Ghedini brought this change] -Steve Holme (22 May 2014) -- build: Fixed incorrect reference to curl_setup.h in Visual Studio files + gtls: print negotiated TLS version and full cipher suite name - Fixed a copy / paste error from my 2011 project files. + Instead of priting cipher and MAC algorithms names separately, print the + whole cipher suite string which also includes the key exchange algorithm, + along with the negotiated TLS version. -Nick Zitzmann (21 May 2014) -- darwinssl: fix lint & build warnings in the previous commit +- gtls: fix compiler warnings -- [Vilmos Nebehaj brought this change] +- [Alessandro Ghedini brought this change] + + gtls: add support for CURLOPT_CAPATH - Add support for --cacert in DarwinSSL. +- [stopiccot brought this change] + + MacOSX-Framework: use @rpath instead of @executable_path - Security Framework on OS X makes it possible to supply extra anchor (CA) - certificates via the Certificate, Key, and Trust Services API. This - commit makes the '--cacert' option work using this API. + Bug: https://github.com/bagder/curl/pull/157 + +- RELEASE-NOTES: synced with c19349951 + +- multi: fix *getsock() with CONNECT - More information: + The code used some happy eyeballs logic even _after_ CONNECT has been + sent to a proxy, while the happy eyeball phase is already (should be) + over by then. - https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html + This is solved by splitting the multi state into two separate states + introducing the new SENDPROTOCONNECT state. - The HTTPS tests now pass on OS X except 314, which requires the '--crl' - option to work. + Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html + Reported-by: Peter Laser -Steve Holme (22 May 2014) -- http.c: Fixed compilation warning - - warning: suggest braces around empty body in an 'else' statement +- conncontrol: only log changes to the connection bit -- bits.close: Fixed compilation warning +- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* - warning: implicit declaration of function 'connclose' + Since they already exist and will make comparing easier -Daniel Stenberg (22 May 2014) -- bits.close: introduce connection close tracking - - Make all code use connclose() and connkeep() when changing the "close - state" for a connection. These two macros take a string argument with an - explanation, and debug builds of curl will include that in the debug - output. Helps tracking connection re-use/close issues. +- http2: make the info-message about receiving HTTP2 headers debug-only + +- [Alessandro Ghedini brought this change] -Steve Holme (21 May 2014) -- Makefile.inc: Added curlx headers to assist Visual Studio project generation + urldata: remove unused asked_for_h2 field -- build: Renamed CURLX_ONES file list definition to CURLX_CFILES - - Renamed the CURLX_ONES file list definition in order to a) try and be - consistent with other file lists and b) to allow for the addition of - the curlx header files, which will assist with Visual Studio project - files generation rather than hard coding those files. +- [Alessandro Ghedini brought this change] + + polarssl: make it possible to enable ALPN/NPN without HTTP2 + +- [Alessandro Ghedini brought this change] + + nss: make it possible to enable ALPN/NPN without HTTP2 + +- [Alessandro Ghedini brought this change] + + gtls: make it possible to enable ALPN/NPN without HTTP2 -- bump: Start working on the next release +- [Alessandro Ghedini brought this change] -Version 7.37.0 (20 May 2014) + openssl: make it possible to enable ALPN/NPN without HTTP2 -Daniel Stenberg (20 May 2014) -- THANKS: 18 new contributors for 7.37.0 +- metalink: add some error checks + + malloc() and strdup() calls without checking return codes. + + Reported-by: Markus Elfring + Bug: https://github.com/bagder/curl/issues/150 -- RELEASE-NOTES: synced with 85f4075bdbf3 +- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS - Possibly the final update before release... + Reported-by: Jonathan Cardoso + +- urldata: fix gnutls build -Steve Holme (20 May 2014) -- README: Added some outstanding tasks to the TODO list +Steve Holme (5 Mar 2015) +- openssl: Removed use of USE_SSLEAY from the Visual Studio project files - Added a couple of outstanding tasks to the TODO section that we didn't - get time to do before the release. + In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor + variable from the Visual Studio project files as it isn't required + anymore. -Daniel Stenberg (20 May 2014) -- http2: make connection re-use work +Daniel Stenberg (5 Mar 2015) +- multi: fix memory-leak on timeout (regression) - Http2 connections would wrongly get closed after each individual - request. + Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't + necesarily clear everything up, like formpost data. - Co-authored-by: Tatsuhiro Tsujikawa - Bug: http://curl.haxx.se/bug/view.cgi?id=1374 + Bug: https://github.com/bagder/curl/issues/147 + Reported-by: Michel Promonet + Patched-by: Michel Promonet -- [Fabian Frank brought this change] +- configure: follow-up fix from 709cf76f6 + + OpenSSL handling was a little broken. - ALPN: fix typo in http/1.1 identifier +- openssl: remove all uses of USE_SSLEAY - According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05 - it is "http/1.1" and not "http/1.0". + SSLeay was the name of the library that was subsequently turned into + OpenSSL many moons ago (1999). curl does not work with the old SSLeay + library since years. This is now reflected by only using USE_OPENSSL in + code that depends on OpenSSL. -Steve Holme (20 May 2014) -- build-openssl.bat: Added check for OpenSSL source directory +- [Sergei Nikulov brought this change] -- build-openssl.bat: Added default source directory when not specified + cmake: handle build definitions CURLDEBUG/DEBUGBUILD - Added a default source directory so the user doesn't have to specify - one - the same as that, which the Visual Studio project files expect - the OpenSSL dependencies to be in. + Acked-by: Brad King -- Makefile.am: Fixed missing / in VC10+ project file generation +- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? -- INSTALL: Updated MSVC 6 caveats +- symbols.pl: handle '-' in the deprecated field - To use an up to date download link as well as remove duplicate - information. + ... which otherwise made the script skip the _LAST define for some + symbols. + + Reported-by: Jeroen Ooms + Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html -- INSTALL: Updated for new Visual Studio project files +- curl.1: fix "The the" typo + + Reported-by: Jon Seymour -- build: Slight rename of new LIB_* makefile file variables +- vtls: use curl_printf.h all over - In order to try and be consistent between curl and libcurl renamed the - recently introduced LIB_* makefile file variables. + No need to use _MPRINTF_REPLACE internally. -- build: Removed old Visual Studio project files +- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE -Daniel Stenberg (18 May 2014) -- maketgz: two more CRLF - - grrr, missed them in my previous fix +- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used + +- [Sergei Nikulov brought this change] -- test1014: GSS-API is only in curl-config. not in curl + libtest: fixed linker errors on msvc - Follow-up to commit 121bcfee5d1. curl-config --features now lists - GSS-API but it is not a listed feature in curl -V. This should probably - be synchronized. + Bug: https://github.com/bagder/curl/pull/144 -- test1134: verify CREDSPERREQUEST for HTTP +- mprintf.h: remove #ifdef CURLDEBUG - Verifies that the change in 68f0166a92 works as intended and that - different HTTP auth credentials to the same host still re-uses the - connection properly. + ... and as a consequence, introduce curl_printf.h with that re-define + magic instead and make all libcurl code use that instead. -- maketgz: remove CRLF newlines +- tool_getpass: remove unused curl/mprintf.h include -Steve Holme (18 May 2014) -- Makefile.am: Corrected a couple of grammar errors +- CONTRIBUTING.md: file for advice on github -- Makefile.am: Added new Visual Studio project file generation for curl tool +- [Viktor Szakáts brought this change] -- Makefile.inc: Added resource file to assist Visual Studio project generation + BINDINGS: add link to Harbour bindings + + And UTF8-fix a few names -- [Daniel Stenberg brought this change] +- CURLOPT_HEADERFUNCTION.3: typo in error code name + + Reported-by: Jonathan Cardoso - maketgz: run make vc-ide before make dist +- BINDINGS: tclcurl moved - To get the VC project files generated before packaging! + Reporte-by: Steve Havelka -- Makefile.am: Added new Visual Studio project file generation for libcurl +- [Jay Satiro brought this change] -- Makefile.am: Removed old Visual Studio project file generation + opts: Fix pipelining examples -Daniel Stenberg (17 May 2014) -- RELEASE-NOTES: synced with 831f6dd1d986c9 +- [Jay Satiro brought this change] -Steve Holme (17 May 2014) -- build: Fixed another tabulation issue in the Visual Studio file generator + curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS -Dan Fandrich (17 May 2014) -- axtls: Fixed too long source line +- CONTRIBUTE: the new more github-friendly attitude! -Daniel Stenberg (17 May 2014) -- configure: add GSS-API to supported features - - Bug: http://curl.haxx.se/bug/view.cgi?id=1344 - Reported-by: Michael Osipov +Steve Holme (28 Feb 2015) +- RELEASE-NOTES: Synced with 921d195187 -- configure: add SPNEGO to supported features +Kamil Dudka (28 Feb 2015) +- tool: wrap lines longer than 79 columns - Bug: http://curl.haxx.se/bug/view.cgi?id=1343 - Reported-by: Michael Osipov + ... to avoid a build failure when configured with --enable-debug -Dan Fandrich (16 May 2014) -- axtls: Add a TODO to a potential blocking call with no timeout +Steve Holme (27 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] -Daniel Stenberg (16 May 2014) -- curl_easy_getinfo.3: clarify CURLINFO_SIZE_DOWNLOAD + http2: Return error if stream was closed with other than NO_ERROR - It counts "body" data only, no meta data, no headers. + Previously, we just ignored error code passed to + on_stream_close_callback and just return 0 (success) after stream + closure even if stream was reset with error. This patch records error + code in on_stream_close_callback, and return -1 and use CURLE_HTTP2 + error code on abnormal stream closure. -- curl_easy_setopt.3: prefer XFERINFOFUNCTION to PROGRESSFUNCTION - -- HTTP: CREDSPERREQUEST is for HTTP too +- tool: Updated the warnf() function to use the GlobalConfig structure - Commit 517b06d657ace (in 7.36.0) that brought the CREDSPERREQUEST flag - only set it for HTTPS, making HTTP less good at doing connection re-use - than it should be. Now set it for HTTP as well. + As the 'error' and 'mute' options are now part of the GlobalConfig, + rather than per Operation, updated the warnf() function to use this + structure rather than the OperationConfig. + +- build: Removed DataExecutionPrevention directive from VC9+ project files - Simple test case + Removed the DataExecutionPrevention directive from the project files for + Visual Studio 2008 and above. The XML value in the VC9 project files was + set to "0" (Default) whilst the VC10+ project files contained an empty + XML element. + +- build: Use default RandomizedBaseAddress directive in VC9+ project files - "curl -v -u foo:bar localhost --next -u bar:foo localhos" + Visual Studio 2008 introduced support for the address space layout + randomization (ASLR) feature of Windows Vista. However, upgrading the + VC8 project files to VC9 and above disabled this feature. - Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html - Reported-by: Kamil Dudka + Removed the RandomizedBaseAddress directive to enabled the default + setting (/DYNAMICBASE). Note: This doesn't appear to have any negative + impact when compiled and ran on Windows XP. -- RELEASE-NOTES: synced with 53a5b95c21586 +- build: Added support to Generate.bat for files in the upcoming vauth folder -- CURLINFO_SSL_VERIFYRESULT: assign at first connect call +Daniel Stenberg (25 Feb 2015) +- http2: return recv error on unexpected EOF - The variable wasn't assigned at all until step3 which would lead to a - failed connect never assigning the variable and thus returning a bad - value. + Pointed-out-by: Tatsuhiro Tsujikawa + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 + +Kamil Dudka (25 Feb 2015) +- dist: add symbol-scan.pl to the tarball - Reported-by: Larry Lin - Bug: http://curl.haxx.se/mail/lib-2014-04/0203.html + ... in order to make test1135 succeed + +Daniel Stenberg (25 Feb 2015) +- http2: move lots of verbose output to be debug-only -- timers: fix timer regression involving redirects / reconnects +Kamil Dudka (25 Feb 2015) +- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE - In commit 0b3750b5c23c25f (released in 7.36.0) we fixed a timeout issue - but instead broke the timings. + Otherwise it expands to: - To fix this, I introduce a new timestamp to use for the timeouts and - restored the previous timestamp and timestamp position so that the old - timer functionality is restored. + echo ""/etc/pki/tls/certs/ca-bundle.crt"" - In addition to that, that change also broke connection timeouts for when - more than one connect was used (as it would then count the total time - from the first connect and not for the most recent one). Now - Curl_timeleft() has been modified so that it checks against different - start times depending on which timeout it checks. + Detected by ShellCheck: - Test 1303 is updated accordingly. + curl-config:74:16: warning: The double quotes around this do + nothing. Remove or escape them. [SC2140] + +- nss: do not skip Curl_nss_seed() if data is NULL - Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html - Reported-by: Ryan Braud + In that case, we only skip writing the error message for failed NSS + initialization (while still returning the correct error code). -Steve Holme (15 May 2014) -- darwinssl: Updated copyright following recent changes +- nss: improve error handling in Curl_nss_random() + + The vtls layer now checks the return value, so it is no longer necessary + to abort if a random number cannot be provided by NSS. This also fixes + the following Coverity report: + + Error: FORWARD_NULL (CWE-476): + lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. + lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. + lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". -Nick Zitzmann (14 May 2014) -- darwinssl: fix potential crash when attempting to copy an identity - from a P12 file +Daniel Stenberg (25 Feb 2015) +- RELEASE-PROCEDURE: add some more future release dates - This could've happened if SecPKCS12Import() returned noErr _and_ no - identity. + ... and remove some old ones -Steve Holme (12 May 2014) -- RELEASE-NOTES: Synced with 52d16c84d2 +- sws: timeout idle CONNECT connections -Daniel Stenberg (12 May 2014) -- openssl: unbreak PKCS12 support - - Regression introduced in ce362e8eb9c (7.31.0) - - Bug: http://curl.haxx.se/bug/view.cgi?id=1371 - Reported-by: Dmitry +- bump: start working toward 7.42.0 -Steve Holme (11 May 2014) -- Makefile.inc: Added resource file to assist Visual Studio project generation +Version 7.41.0 (25 Feb 2015) -- build: Fixed some tabulation issues in the Visual Studio file generator +Daniel Stenberg (25 Feb 2015) +- THANKS: added contributors from the 7.41.0 RELEASE-NOTES -- tests: Fixed up DIGEST-MD5 tests following commit 8342b6e1dc +- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!) -- sasl: Fixed missing qop in the client's challenge-response message +Marc Hoersken (25 Feb 2015) +- Revert "telnet.c: fix handling of 0 being returned from custom read function" - Whilst the qop directive isn't required to be present in a client's - response, as servers should assume a qop of "auth" if it isn't - specified, some may return authentication failure if it is missing. + This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe. -- tool_operate.c: Fixed compilation warning +- telnet.c: fix invalid use of custom read function if not being set - An enumerated type is mixed with another type. + obj_count can be 1 if the custom read function is set or the stdin + handle is a reference to a pipe. Since the pipe should be handled + using the PeekNamedPipe-check below, the custom read function should + only be used if it is actually enabled. -- Makefile.inc: Separated the lib and lib/vtls source file variables +- telnet.c: fix handling of 0 being returned from custom read function + + According to [1]: "Returning 0 will signal end-of-file to the library + and cause it to stop the current transfer." + This change makes the Windows telnet code handle this case accordingly. - To cater for the automatic generation of the new Visual Studio project - files, moved the lib file list into a separated variable so that lib - and lib/vtls can be referenced independently. + [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html -- RELEASE-NOTES: Synced with 0ab2c444b5 +Daniel Stenberg (24 Feb 2015) +- sws: stop logging about TPC_NODELAY nonsense -- Makefile.b32: Fixed for vtls changes +- lib530: make it less timing sensible - Follow up fix to commits a47c142a88, 11e8066ef9 and 92b9ae5c5d. - - Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html - Reported and assisted by: Jon Torrey + ... by making sure the first request is completed before doing the + remainder. -Daniel Stenberg (9 May 2014) -- lib1506: make sure the transfers are not within the same ms +Kamil Dudka (23 Feb 2015) +- connect: wait for IPv4 connection attempts - Just to make sure the test is properly repeatable. + ... even if the last IPv6 connection attempt has failed. - Bug: http://curl.haxx.se/mail/lib-2014-05/0081.html - Reported-by: Henrik + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 -- libtests: add a wait_ms() function +- connect: avoid skipping an IPv4 address - This allows a libcurl test to portably sleep for a given number of - milliseconds. - -Steve Holme (9 May 2014) -- tool_operate.c: Fixed TAB is white space from commit 5b8ae0a985 - -- tool_urlglob.c: Fixed compilation warning + ... in case the protocol versions are mixed in a DNS response + (IPv6 -> IPv4 -> IPv6). - An enumerated type is mixed with another type. + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 -- tool_operate.c: Fixed compilation warnings - - An enumerated type is mixed with another type. +Daniel Stenberg (23 Feb 2015) +- RELEASE-NOTES: synced with 5e4395eab839d -- getinfo.c: Fixed compilation warning +- ROADMAP: curl_easy_setopt.3 has already been split up - The indicated statement is not reachable. + Remove cmake as marked for removal. It is in much better state now. -Daniel Stenberg (9 May 2014) -- CONTRIBUTE: mention our Bug/Reported-by commit style +- ROADMAP: extend the HTTP/2 stuff, remove SPDY -Kamil Dudka (9 May 2014) -- http: avoid auth failure on a duplicated header - - ... 'WWW-Authenticate: Negotiate' received from server - - Reported by: David Woodhouse - Bug: https://bugzilla.redhat.com/1093348 +- [Julian Ospald brought this change] -Daniel Stenberg (9 May 2014) -- cacertinmem: fix memory leak + configure: allow both --with-ca-bundle and --with-ca-path - While "just" an example it still isn't nice to leak memory. + SSL_CTX_load_verify_locations by default (and if given non-Null + parameters) searches the CAfile first and falls back to CApath. This + allows for CAfile to be a basis (e.g. installed by the package manager) + and CApath to be a user configured directory. - Bug: http://curl.haxx.se/bug/view.cgi?id=1368 - Fixed-by: Marko - -- TODO: firefox will soon support SSL (HTTPS) to proxy - -Dan Fandrich (9 May 2014) -- test87: Get rid of extraneous square brackets in tag - -Daniel Stenberg (8 May 2014) -- [Patrick Watson brought this change] - - mk-ca-bundle: added -p + This wasn't reflected by the previous configure constraint which this + patch fixes. - -p takes a list of Mozilla trust purposes and levels for certificates to - include in output. Takes the form of a comma separated list of - purposes, a colon, and a comma separated list of levels. + Bug: https://github.com/bagder/curl/pull/139 -- FAQ: Added 5.18 Does libcurl use threads? +- [Ben Boeckel brought this change] -Dan Fandrich (7 May 2014) -- RELEASE-NOTES: Added contributor + cmake: install the dll file to the correct directory -- [Aaro Koskinen brought this change] +- [Alessandro Ghedini brought this change] - configure: Don't set LD_LIBRARY_PATH when cross-compiling + nss: fix NPN/ALPN protocol negotiation - Most of LD_LIBRARY_PATH adjustments are already guarded, but not all. + Correctly check for memcmp() return value (it returns 0 if the strings match). - The patch fixes cross-compilation failure when libidn is present. - -Steve Holme (7 May 2014) -- [Tatsuhiro Tsujikawa brought this change] + This is not really important, since curl is going to use http/1.1 anyway, but + it's still a bug I guess. - http2: Compile with latest nghttp2 - - Now nghttp2_submit_request returns assigned stream ID, we don't have - to check stream ID using before_stream_send_callback. The - adjust_priority_callback was removed. +- [Alessandro Ghedini brought this change] -- curl.1: Added missing --login-options option + polarssl: fix ALPN protocol negotiation - ...and removed ;OPTIONS from --user as that functionality was removed - in 7.34.0. + Correctly check for strncmp() return value (it returns 0 if the strings + match). -- tool_help: Fixed missing --login-options option - - ...and removed ;OPTIONS from --user as that functionality was removed - in 7.34.0. +- [Sergei Nikulov brought this change] -- url.c: Fixed compilation warning/error + CMake: Fix generation of tool_hugehelp.c on windows - Depending on compiler line 3505 could generate the following warning or - error: + Use "cmake -E echo" instead of "echo". - * warning: ISO C90 forbids mixed declarations and code - * A declaration cannot appear after an executable statement in a block - * error C2275: 'size_t' : illegal use of this type as an expression + Reviewed-by: Brad King -- TODO: Fixed some spelling mistakes +- [Sergei Nikulov brought this change] -- TODO: Add support for concurrent connections in ftpserver.pl - -- build: Fixed file format version number in VC12 solution files - - Unlike previous versions of Visual Studio the VC12 solution file format - does not increment the format version number, but instead, only changes - the version comment text. + CMake: fix winsock2 detection on windows - This incorrectly set version number would cause problems for any third - party piece of software that would read the solution file expecting the - version number to be 12.00 and found it to be 13.00, such as some build - accelerators. + Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get + the winsock2 API from windows.h. Simplify the order of checks to + avoid extra conditions. - Verified against a freshly created solution file which was generated - with VC12. - -- [Ivo Bellin Salarin brought this change] - - build-openssl.bat: Corrected use of angled brackets in help output + Use check_include_file instead of check_include_file_concat to look + for OpenSSL headers. They do not need to participate in a sequence + of dependent system headers. Also they may cause winsock.h to be + included before ws2tcpip.h, causing the latter to not be detected + in the sequence. - Angled brackets were used in the help output to indicate that the - compiler and platform arguments are mandatory. Unfortunately this - caused a "< was unexpected at this time" error as the characters are - interpreted as re-direction characters when not escaped. - -Dan Fandrich (6 May 2014) -- RELEASE-NOTES: changed encoding to UTF-8 - -Daniel Stenberg (6 May 2014) -- RELEASE-NOTES: synced with 5de8d84098db1bd2 + Reviewed-by: Brad King -- fix_hostname: strip off a single trailing dot from host name - - Primarily for SNI, we need the host name without a trailing dot. - "https://www.example.com." resolves fine but fails on SNI unless the dot - is removed. - - Reported-by: Leon Winter - Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html +- [Alessandro Ghedini brought this change] -- curl: bail on cookie use when built with disabled cookies + gtls: fix build with HTTP2 -- [Daniel Johnson brought this change] +Steve Holme (16 Feb 2015) +- Makefile.vc6: Corrected typos in rename of darwinssl.obj - Enable poll on darwin13 - - Poll has long been broken on Mac OS X. Starting with 10.9 (darwin13) it - now works correctly so this patch enables it there. +Nick Zitzmann (15 Feb 2015) +- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" -- curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS +Steve Holme (14 Feb 2015) +- RELEASE-NOTES: Synced with 6f89f86c3d -Dan Fandrich (5 May 2014) -- tests: Use standard libtest return codes when relevant +- tests/README: Updated to reflect email test ranges -- test1513: Don't return an uninitialized variable on init failure +- [Alessandro Ghedini brought this change] -Daniel Stenberg (5 May 2014) -- [Jeff King brought this change] + curl.1: --cert-status is also supported by OpenSSL now - curl_multi_cleanup: ignore SIGPIPE better - - When looping and closing each individual connection left open, the - SIGPIPE ignoring was not done and could thus lead to death by signal 13. +- build: Removed Visual Studio SuppressStartupBanner directive for VC8+ - Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242 + Visual Studio 2005 and above defaults to disabling the startup banner + for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there + is no need to explicitly set the SuppressStartupBanner directive, as + this is a leftover from the VC7 and VC7.1 projects being upgraded to + VC8 and above. -- TODO: the FTP HOST command is now in RFC 7151 - -- TODO: Update date and version in man pages +Kamil Dudka (12 Feb 2015) +- openssl: fix a compile-time warning - Mentioned in bug #1342 + lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive -- schannel: don't use the connect-timeout during send - - As there's a default connection timeout and this wrongly used the - connection timeout during a transfer after the connection is completed, - this function would trigger timeouts during transfers erroneously. +Steve Holme (11 Feb 2015) +- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection - Bug: http://curl.haxx.se/bug/view.cgi?id=1352 - Figured-out-by: Radu Simionescu + For consistency with other conditionally compiled code in openssl.c, + use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use + HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are + not included. -- mprintf: allow %.s with data not being zero terminated - - If the precision is indeed shorter than the string, don't strlen() to - find the end because that's not how the precision operator works. - - I also added a unit test for curl_msnprintf to make sure this works and - that the fix doesn't a few other basic use cases. I found a POSIX - compliance problem that I marked TODO in the unit test, and I figure we - need to add more tests in the future. +Patrick Monnerat (11 Feb 2015) +- ftp: accept all 2xx responses to the PORT command + +Steve Holme (9 Feb 2015) +- openssl: Disable OCSP in old versions of OpenSSL - Reported-by: Török Edwin + Versions of OpenSSL prior to v0.9.8h do not support the necessary + functions for OCSP stapling. -Steve Holme (4 May 2014) -- RELEASE-NOTES: Synced with 4febbedc5a +Daniel Stenberg (9 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] -- curl_ntlm_core: Fixed use of long long for VC6 and VC7 + http2: Fix bug that associated stream canceled on PUSH_PROMISE - Commit 07b66cbfa4 unfortunately broke native NTLM message support in - compilers, such as VC6, VC7 and others, that don't support long long - type declarations. This commit fixes VC6 and VC7 as they support the - __int64 extension, however, we should consider an additional fix for - other compilers that don't support this. + Previously we don't ignore PUSH_PROMISE header fields in on_header + callback. It makes header values mixed with following HEADERS, + resulting protocol error. -- config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up - - Fixed the HAVE_LONGLONG declaration as long long is supported in Visual - Studio .NET 2003 (VC7.1) onwards. +- [Jay Satiro brought this change] -Daniel Stenberg (4 May 2014) -- openssl: biomem->data is not zero terminated + polarssl: Fix exclusive SSL protocol version options - So printf(%s) on it or reading before bounds checking is wrong, fixing - it. Could previously lead to reading out of boundary. + Prior to this change the options for exclusive SSL protocol versions did + not actually set the protocol exclusive. - Reported-by: Török Edwin + http://curl.haxx.se/mail/lib-2015-01/0002.html + Reported-by: Dan Fandrich -- BUILD.WINDOWS: update URL for windows prereqs +- [Jay Satiro brought this change] -- easy_perform: spelling mistake in error message + gskit: Fix exclusive SSLv3 option -Steve Holme (1 May 2014) -- Makefile.am: Added build-openssl.bat as README file references it +- curl.1: clarify that -X is used for all requests - Missed in commit dce748d3f1. + Reported-by: Jon Seymour -- build: Fixed Visual Studio project file generator missing some files +- curl.1: add warning when using -H and redirects + +Steve Holme (7 Feb 2015) +- schannel: Removed curl_ prefix from source files - As of commit 6cdd88f22c the Visual Studio project file generator would - skip the first and last file from each group of files. + Removed the curl_ prefix from the schannel source files as discussed + with Marc and Daniel at FOSDEM. -- build: Added OpenSSL VC build helper for side-by-side compilations +Daniel Stenberg (6 Feb 2015) +- md5: use axTLS's own MD5 functions when available -- build: Added Visual Studio 2003 .NET (VC7.1) project files - - Carrying on from commit 11025613b9 added VC7.1 project files which are - capable of supporting side-by-side compilation, as well as support for - some of the third-party libraries curl uses. +- MD(4|5): make the MD4_* and MD5_* functions static -Dan Fandrich (1 May 2014) -- test585: Fixed NULL pointer dereference in fopen +- axtls: fix conversion from size_t to int warning -Steve Holme (30 Apr 2014) -- build: Fixed generation when source file names contain spaces +Steve Holme (5 Feb 2015) +- ftp: Use 'CURLcode result' for curl result codes + +Daniel Stenberg (5 Feb 2015) +- openssl: SSL_SESSION->ssl_version no longer exist - This shouldn't happen with the source files in the repository, but - fixed the output when there are spurious files lying around that - contain spaces. For example "pop3 - Copy.c" + The struct went private in 1.0.2 so we cannot read the version number + from there anymore. Use SSL_version() instead! - By including the offending source file in the project files the user - can then see the file and remove it if necessary. + Reported-by: Gisle Vanem + Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html -- build: Added VC7 and VC7.1 support to the project file generator - - Note: VC7.1 templates are currently not available. +Dan Fandrich (4 Feb 2015) +- unit1600: Fix compilation when NTLM is disabled -- build: Added VC6 and VC12 support to the project file generator +Daniel Stenberg (4 Feb 2015) +- MD5: fix compiler warnings and code style nits -- build: Added VC11 support to the project file generator +- MD5: replace implementation + + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md5.c and md5.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + + Code-by: Alexander Peslyak -- build: Added VC9 and VC10 support to the project file generator +- MD4: fix compiler warnings and code style nits -- build: Added Visual Studio project file generator +- MD4: replace implementation - Added a batch file for generating the Visual Studio project files from - the new template files. + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md4.c and md4.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 + + Code-by: Alexander Peslyak -- copyright: Updated following recent edits +Steve Holme (4 Feb 2015) +- telnet: Prefer 'CURLcode result' for curl result codes -Dan Fandrich (29 Apr 2014) -- runtests.pl: Improved the check for a crash during torture tests +- hostasyn: Prefer 'CURLcode result' for curl result codes -- Added a few more const where possible +- schannel: Prefer 'CURLcode result' for curl result codes -- unit1395: Fixed null pointer dereference on torture test +Daniel Stenberg (3 Feb 2015) +- unit1601: MD5 unit tests -Daniel Stenberg (27 Apr 2014) -- [Tatsuhiro Tsujikawa brought this change] +- unit1600: unit test for Curl_ntlm_core_mk_nt_hash - http2: Compile with latest nghttp2 - - commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required +- unit1600: NTLM unit test -Steve Holme (27 Apr 2014) -- build: Added other VC6 output files to the .gitignore list +- tests/README: add a new range, clean up some language -- build: Corrected libcurl PDB file name for x64 builds in VC8 through VC12 +- [Jay Satiro brought this change] -- build: Added Visual Studio .NET (VC7) project files - - Carrying on from commit 11025613b9 added VC7 project files which are - capable of supporting side-by-side compilation, as well as support for - some of the third-party libraries curl uses. + opts: CURLOPT_CAINFO availability depends on SSL engine -- build: Added Visual Studio 6.0 (VC6) project files +- getpass: protect include with proper #ifdef - Carrying on from commit 11025613b9 added a more thorough version of - the VC6 project files which are capable of supporting side-by-side - compilation, as well as support for some of the third-party libraries - curl uses. + Reported-by: Tamir -Daniel Stenberg (26 Apr 2014) -- INFILESIZE: fields in UserDefined must not be changed run-time +- getpass_r: read from stdin, not stdout! - set.infilesize in this case was modified in several places, which could - lead to repeated requests using the same handle to get unintendent/wrong - consequences based on what the previous request did! - -Kamil Dudka (25 Apr 2014) -- nss: propagate blocking direction from NSPR I/O + The file number used was wrong. This bug was introduced over 10 years + ago, proving this function isn't used much... - ... during the non-blocking SSL handshake + Bug: http://curl.haxx.se/bug/view.cgi?id=1476 + Reported-by: Tamir -Daniel Stenberg (23 Apr 2014) -- test325: verify --proto-redir https=>http +- test1135: verify the CURL_EXTERN order in header files -- handler: make 'protocol' always specified as a single bit - - This makes the findprotocol() function work as intended so that libcurl - can properly be restricted to not support HTTP while still supporting - HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS - bits in the protocol field. +- Makefile.am: fix 'make distcheck' - This fixes --proto and --proto-redir for most SSL protocols. + ... by removing generated files from the *_DIST variable [*] and instead + generate them with a .dist suffix, since that is then handled and put + into the release archive by our generic dist-hook. - This is done by adding a few new convenience defines that groups HTTP - and HTTPS, FTP and FTPS etc that should then be used when the code wants - to check for both protocols at once. PROTO_FAMILY_[protocol] style. - - Bug: https://github.com/bagder/curl/pull/97 - Reported-by: drizzt + [*] = 'make distcheck' fails with non-existing files listed there -Steve Holme (23 Apr 2014) -- build: Added Visual Studio 2013 (VC12) project files +Steve Holme (2 Feb 2015) +- curl_sasl.c: More code policing - Carrying on from commit 11025613b9 added VC12 project files which are - capable of supporting side-by-side compilation, 32-bit and 64-bit - builds as well as support for some of the third-party libraries curl - uses. + Better use of 80 character line limit, comment corrections and line + spacing preferences. -Dan Fandrich (23 Apr 2014) -- cyassl: Use error-ssl.h when available - - Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use - whichever one is available. +Daniel Stenberg (2 Feb 2015) +- libcurl-symbols: first basic shot for autogenerated docs -Steve Holme (22 Apr 2014) -- RELEASE-NOTES: Synced with 386ed2d590 +- FAQ: minor edit of 3.22 -Daniel Stenberg (22 Apr 2014) -- gtls: fix NULL pointer dereference +Steve Holme (2 Feb 2015) +- build: Added removal of Visual Studio project files - gnutls_x509_crt_import() must not be called with a NULL certificate - - Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html - Reported-by: Damian Dixon + Added the removal of the locally generated project files so one + may revert to a clean repository. -- curl_global_init_mem: bump initialized even if already initialized +- build: Renamed top level Visual Studio solution files - As this makes curl_global_init_mem() behave the same way as - curl_global_init() already does in that aspect - the same number of - curl_global_cleanup() calls is then required to again decrease the - counter and then eventually do the cleanup. + In preparation for adding the test suite and examples projects renamed + the top level "all" solution files to better describe what they are. - Bug: http://curl.haxx.se/bug/view.cgi?id=1362 - Reported-by: Tristan - -Kamil Dudka (22 Apr 2014) -- nss: implement non-blocking SSL handshake - -- nss: split Curl_nss_connect() into 4 functions - -Dan Fandrich (22 Apr 2014) -- tests: Fixed torture test for tests 1526 & 1527 + This will also enable us to use "curl" rather than "curlsrc" for the + command line tool solution and project files, which will simplify some + of the configuration. -Marc Hoersken (22 Apr 2014) -- sockfilt.c: clean up threaded approach and add documentation - -- sockfilt.c: zero initialize variable - -- sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe - -Daniel Stenberg (22 Apr 2014) -- configure: use the nghttp2 path correctly with pkg-config +- build: Enabled DEBUGBUILD in Visual Studio debug builds - When --with-nghttp2 was used (without a given path), the - PKG_CONFIG_LIBDIR varialbe could get clobbered and ruin a proper - detection of the library. + Defined the DEBUGBUILD pre-processor variable to allow extra logging, + which is particularly useful in debug builds, as we use this and Visual + Studio typically uses _DEBUG. - Reported-by: Dilyan Palauzov - Bug: http://curl.haxx.se/mail/lib-2014-04/0159.html + We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is + defined but that would also affect the makefile based builds which we + probably don't want to do. -- [Dilyan Palauzov brought this change] +- build: Removed unused Visual Studio bscmake settings - configure: fix wrong comment +Daniel Stenberg (2 Feb 2015) +- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 - copy and paste error - -Steve Holme (21 Apr 2014) -- build: Fixed output name for Release builds in VC10 and VC11 - -Marc Hoersken (20 Apr 2014) -- sockfilt.c: properly handle disk files, pipes and character input - -- sockfilt.c: ignore non-key-events and continue waiting for input - -- sockfilt.c: free memory in case of memory allocation errors - -- multi.c: fix possible invalid memory access in case nfds overflows + And modify the text to refer to HTTP 2 as it isn't called "2.0". - ufds might not be allocated in case nfds overflows to zero while - extra_nfds is still non-zero. udfs is then accessed within the - extra_nfds-based for loop. + Reported-By: Michael Wallner -- netrc.c: fix multiple possible dereferences of null pointers +Marc Hoersken (31 Jan 2015) +- TODO: moved WinSSL/SChannel todo items into docs -- parsedate.c: check sscanf result before passing it to strlen +Daniel Stenberg (29 Jan 2015) +- [Michael Kaufmann brought this change] -- telnet.c: check sscanf results before passing them to snprintf + CURLOPT_SEEKFUNCTION.3: also when server closes a connection -- telnet.c: fix possible use of uninitialized variable - -- telnet.c: fix possible use of non-null-terminated strings +Steve Holme (29 Jan 2015) +- curl_sasl.c: Fixed compilation warning when cryptography is disabled + + curl_sasl.c:1506: warning: unused variable 'chlg' -- url.c: fix possible use of non-null-terminated string with strlen +- curl_sasl.c: Fixed compilation warning when verbose debug output disabled - Follow up on b0e742544be22ede33206a597b22682e51e0c676 + curl_sasl.c:1317: warning: unused parameter 'conn' -- tool_writeout.c: initialize string pointer variable +- ntlm_core: Use own odd parity function when crypto engine doesn't have one -- tool_formparse.c: fix possible use of non-null-terminated strings +- ntlm_core: Prefer sizeof(key) rather than hard coded sizes -- url.c: fix possible use of non-null-terminated string with strlen +- ntlm_core: Added consistent comments to DES functions -- connect.c: fix multiple possible dereferences of null pointers +- des: Added Curl_des_set_odd_parity() - In case the first address in the tempaddr array is NULL, - the code would previously dereference an unchecked null pointer. + Added Curl_des_set_odd_parity() for use when cryptography engines + don't include this functionality. -- tftp.c: fix possible dereference of null pointer +- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests -- tool_urlglob.c: added some comments to clarify for loop conditions - - I was tempted to change those to >= 0 until I saw that this is - actually a for loop that terminates once i underflows. +- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests -- socks_sspi.c: added pointer guards to FreeContextBuffer calls - - The FreeContextBuffer SAL declaration does not declare the pointer - as optional, therefore it must not be NULL. +- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests -- md5.c: fix use of uninitialized variable +- sasl: Minor code policing and grammar corrections -- curl_schannel.c: added explicit cast of structure pointers +Daniel Stenberg (28 Jan 2015) +- [Gisle Vanem brought this change] -- curl_schannel.c: fix possible dereference of null pointer + ldap: build with BoringSSL -Steve Holme (18 Apr 2014) -- RELEASE-NOTES: Synced with 33e0cba8f1 +- security: avoid compiler warning + + Possible access to uninitialised memory '&nread' at line 140 of + lib/security.c in function 'ftp_send_command'. + + Reported-by: Rich Burridge -- curl_easy_setopt: Updated CURLOPT_URL to include IMAP PARTIAL FETCH example +- runtests: identify BoringSSL and libressl -- imap: Extended FETCH support to include PARTIAL URL specifier +Patrick Monnerat (27 Jan 2015) +- docs: cite SASL external authentication. -- url.c: Fixed typo in comment +- sasl: remove XOAUTH2 from default enabled authentication mechanism. -- curl_easy_setopt: Updated CURLOPT_URL to include IMAP query string examples +- test: add test cases for sasl external authentication (imap/pop3/smtp). -- test810: Updated to use new IMAP URL query string functionality +- imap: remove automatic password setting: it breaks external sasl authentication -- imap: Expanded mailbox SEARCH support to use URL query strings +- sasl: implement EXTERNAL authentication mechanism. + Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and + by not setting the password. -- imap: Added support for parsing URL query strings +Steve Holme (27 Jan 2015) +- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE - Added support for parsing query strings from the URL as defined by - RFC-5092. - -- imap: Introduced the SEARCH state + Modified the Curl_ossl_cert_status_request() function to return FALSE + when built with BoringSSL or when OpenSSL is missing the necessary TLS + extensions. -- imap: Fixed untagged response detection when no data after command +- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' - Should a command return untagged responses that contained no data then - the imap_matchresp() function would not detect them as valid responses, - as it wasn't taking the CRLF characters into account at the end of each - line. - -- build: Added Visual Studio 2012 (VC11) project files + Fixed the build of openssl.c when OpenSSL is built without the necessary + TLS extensions for OCSP stapling. - Carrying on from commit 11025613b9 added VC11 project files which are - capable of supporting side-by-side compilation, 32-bit and 64-bit - builds as well as support for some of the third-party libraries curl - uses. + Reported-by: John E. Malmberg -- build: Corrected Visual Studio solutions for DLL Release x64 +- [Brad Spencer brought this change] -Daniel Stenberg (17 Apr 2014) -- README.http2: mention some alt-svc thoughts + curl_setup: Disable SMB/CIFS support when HTTP only -Steve Holme (16 Apr 2014) -- Makefile.am: Missed separator in commit fbaa2f8660 +- RELEASE-NOTES: Synced with 37824498a3 -- build: Added Visual Studio 2010 (VC10) project files +Daniel Stenberg (22 Jan 2015) +- configure: remove detection of the old yassl emulation API - Carrying on from commit 11025613b9 added VC10 project files which are - capable of supporting side-by-side compilation, 32-bit and 64-bit - builds as well as support for some of the third-party libraries curl - uses. + ... as that is ancient history and not used. -Dan Fandrich (14 Apr 2014) -- url: only use if_nametoindex() if IFNAMSIZ is available +- OCSP stapling: disabled when build with BoringSSL -- symbian: fixed typo in comment +- [Alessandro Ghedini brought this change] -Steve Holme (9 Apr 2014) -- build: Added Visual Studio 2008 (VC9) project files + openssl: add support for the Certificate Status Request TLS extension - Carrying on from commit 11025613b9, added VC9 project files which are - capable of supporting side-by-side compilation, 32-bit and 64-bit - builds as well as support for some of the third-party libraries curl - uses. - -- sas: Added DIGEST-MD5 qop-option validation in native challange handling + Also known as "status_request" or OCSP stapling, defined in RFC6066 + section 8. - Given that we presently support "auth" and not "auth-int" or "auth-conf" - for native challenge-response messages, added client side validation of - the quality-of-protection options from the server's challenge message. + Thanks-to: Joe Mason + - for the work-around for the OpenSSL bug. -Daniel Stenberg (8 Apr 2014) -- dist: include the projects/ files in releases +- BoringSSL: fix build for non-configure builds - ... the recent MSVC project files added by Steve Holme + HAVE_BORINGSSL gets defined now by configure and should be defined by + other build systems in case a BoringSSL build is desired. -- strerror: fix comment about vxworks' strerror_r buffer size - - Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html - Reported-by: Jeroen Koekkoek +- configure: fix BoringSSL detection and detect libresssl -Steve Holme (6 Apr 2014) -- sasl: Added forward declaration of structures following recent changes +Steve Holme (22 Jan 2015) +- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions - To avoid urldata.h being included from the header file or that the - source file has the correct include order as highlighted by one of - the auto builds recently. + Commit 7a8b2885e2 made some functions static and removed the public + Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which + is the naming convention we use in this source file. -- RELEASE-NOTES: Synced with 5cdb61abb2 +- curl_sasl: Minor code policing following recent commits -- tests: Disabled DIGEST-MD5 tests when running with SSPI enabled +Daniel Stenberg (22 Jan 2015) +- [John Malmberg brought this change] -- sasl: Fixed compilation warning + openvms: Handle openssl/0.8.9zb version parsing - warning: no previous prototype for 'Curl_sasl_create_digest_md5_message' + packages/vms/gnv_link_curl.com was assuming only a single letter suffix + in the openssl version. That assumption has been fixed for 7.40. -- sasl: Added curl_memory.h include as per test 1132 +- BoringSSL: detected by configure, switches off NTLM -- sasl: Fixed compilation warning in SSPI builds - - warning: 'sasl_digest_get_key_value' defined but not used +- BoringSSL: no PKCS12 support nor ERR_remove_state -- sasl: Corrected missing free of decoded challenge message from 607883f13c +- [Leith Bade brought this change] -- sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 + BoringSSL: fix build -- sasl: Post DIGEST-MD5 SSPI code tidy up - - * Added comments to SSPI NTLM message generation - * Added comments to native DIGEST-MD5 code - * Removed redundant identity pointer +Steve Holme (20 Jan 2015) +- curl_sasl.c: chlglen is not used when cryptography is disabled -- sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code +- curl_sasl.c: Fixed compilation warning when cyptography is disabled - When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not - be included, regardless of whether USE__WINDOWS_SSPI is defined or not. - This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM - in curl_setup.h. - -- sasl: Added support for DIGEST-MD5 via Windows SSPI + curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local + variable -- http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined - -- Makefile.vc6: Added curl_sasl_sspi.c - -- Makefile.vc6: Follow up fix to commit 45d3f00803 - -- ntlm: Moved the identity generation into shared SSPI code +- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined + + curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier + + This error could also happen for non-SSPI builds when cryptography is + disabled (CURL_DISABLE_CRYPTO_AUTH is defined). -- sasl: Renamed SSPI module following short name clash +Patrick Monnerat (20 Jan 2015) +- SASL: make some procedures local-scoped -- sasl: Added initial stub functions for SSPI DIGEST-MD support +- SASL: common state engine for imap/pop3/smtp -- sasl: Combined DIGEST-MD5 message decoding and generation +- SASL: common URL option and auth capabilities decoders for all protocols -Marc Hoersken (5 Apr 2014) -- Makefile.vc6: added warnless.c to fix build +- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. -Steve Holme (5 Apr 2014) -- winbuild: Updated the VC++ make instructions following commit 11025613b9 +Daniel Stenberg (20 Jan 2015) +- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 - * Added information regarding the February 2003 Platform SDK for VC6 - * Updated the introduction to be similar to the IDE projects README + Reported-by: Chris Young -Daniel Stenberg (5 Apr 2014) -- [Tatsuhiro Tsujikawa brought this change] +- [Chris Young brought this change] - http2: Compile with current nghttp2, which supports h2-11 + timeval: typecast for better type (on Amiga) + + There is an issue with conflicting "struct timeval" definitions with + certain AmigaOS releases and C libraries, depending on what gets + included when. It's a minor difference - the OS one is unsigned, + whereas the common structure has signed elements. If the OS one ends up + getting defined, this causes a timing calculation error in curl. + + It's easy enough to resolve this at the curl end, by casting the + potentially errorneous calculation to a signed long. -Steve Holme (5 Apr 2014) -- winbuild: Added Visual Studio 2005 (VC8) project files +- openssl: do public key pinning check independently + + ... of the other cert verification checks so that you can set verifyhost + and verifypeer to FALSE and still check the public key. - Added a more thorough version of the VC8 project files that exist in - the "vs" folder with the intention to add support for other versions of - Visual Studio. These files support side-by-side compilation, 32-bit and - 64-bit builds as well as support for some of the third-party libraries - curl uses. + Bug: http://curl.haxx.se/bug/view.cgi?id=1471 + Reported-by: Kyle J. McKay -Daniel Stenberg (4 Apr 2014) -- curl_easy_setopt: fix wrong version number references +Patrick Monnerat (19 Jan 2015) +- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. -- docs: this is for 7.37.0 +Steve Holme (18 Jan 2015) +- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP - And clarify for curl that --proxy-header now must be used for headers - that are meant for a proxy, and they will not be included if the request - is not for a proxy. + For consistency with other USE_WIN32_ defines as well as the + USE_OPENLDAP define. -- PROXYHEADER: send these headers in "normal" proxy requests too +- http_negotiate: Use dynamic buffer for SPN generation - Updated the docs to clarify and the code accordingly, with test 1528 to - verify: - - When CURLHEADER_SEPARATE is set and libcurl is asked to send a request - to a proxy but it isn't CONNECT, then _both_ header lists - (CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the - single request is then made for both the proxy and the server. + Use a dynamicly allocated buffer for the temporary SPN variable similar + to how the SASL GSS-API code does, rather than using a fixed buffer of + 2048 characters. -- test1428: verify --proxy-header +- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public -- curl.1: documented --proxy-header +- sasl_gssapi: Fixed memory leak with local SPN variable -- [Maciej Puzio brought this change] +Daniel Stenberg (17 Jan 2015) +- http_negotiate.c: unused variable 'ret' - curl: add --proxy-header +Steve Holme (17 Jan 2015) +- gskit.h: Code policing of function pointer arguments -- symbols-in-versions: Added CURLHEADER_* +- vtls: Removed unimplemented overrides of curlssl_close_all() - ... and sorted the list - -- CURLOPT_HEADEROPT: added + Carrying on from commit 037cd0d991, removed the following unimplemented + instances of curlssl_close_all(): - Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER - is actually used or not. + Curl_axtls_close_all() + Curl_darwinssl_close_all() + Curl_cyassl_close_all() + Curl_gskit_close_all() + Curl_gtls_close_all() + Curl_nss_close_all() + Curl_polarssl_close_all() -- CURLOPT_PROXYHEADER: set headers for proxy-only +- vtls: Separate the SSL backend definition from the API setup - Includes docs and new test cases: 1525, 1526 and 1527 - - Co-written-by: Vijay Panghal + Slight code cleanup as the SSL backend #define is mixed up with the API + function setup. -- HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue - - Without request body there's no point in asking for 100-continue. +- vtls: Fixed compilation errors when SSL not used - Bug: http://curl.haxx.se/bug/view.cgi?id=1349 - Reported-by: JimS - -- ftp: in passive data connect wait for happy eyeballs sockets + Fixed the following warning and error from commit 3af90a6e19 when SSL + is not being used: - When doing passive FTP, the multi state function needs to extract and - use the happy eyeballs sockets to wait for to check for completion! + url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; + assuming extern returning int - Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined) - Reported-by: Alan - -- http2+openssl: fix compiler warnings in ALPN using code + error LNK2019: unresolved external symbol Curl_ssl_cert_status_request + referenced in function Curl_setopt -Dan Fandrich (3 Apr 2014) -- tests: unified use of some keywords +- http_negotiate: Added empty decoded challenge message info text -- tests: added some missing closing tags +- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int -Daniel Stenberg (3 Apr 2014) -- runtests: insist on a section +- http_negotiate_sspi: Prefer use of 'attrs' for context attributes - Since all present tests now have listed, this script will now - refuse to run a given test case if no such section is provided. - Hopefully this will help us make sure new test cases get keywords added - at start. + Use the same variable name as other areas of SSPI code. -- tests: add keywords to the last 7 tests lacking them - -Steve Holme (1 Apr 2014) -- smtp: Fixed login denied with a RFC-821 based server +- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() - In addition to commit fe260b75e7 fixed the same issue for RFC-821 based - SMTP servers and allow the credientials to be given to curl even though - they are not used with the server. + Use the SECURITY_STATUS typedef rather than a unsigned long for the + QuerySecurityPackageInfo() return and rename the variable as per other + areas of SSPI code. -- tests: Added SMTP with credientials test when not supported by server +- http_negotiate_sspi: Use 'CURLcode result' for CURL result code -Daniel Stenberg (1 Apr 2014) -- urldata: spellfix comment +- curl_endian: Fixed build when 64-bit integers are not supported (Part 2) - Reported-by: Melissa + Missed Curl_read64_be() in commit bb12d44471 :( -Steve Holme (31 Mar 2014) -- RELEASE-NOTES: Synced with dd07e79023 +Daniel Stenberg (16 Jan 2015) +- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 -- tests: Added SMTP with credentials test for RFC-821 based server - - Added SMTP (RFC-821 only) based test case as a reference for the fix - provided by commit fe260b75e7. +- curlver.h: next release is 7.41.0 due to the changes -Daniel Stenberg (31 Mar 2014) -- ipv6: strip off zone identifiers in redirects too - - Follow up to 9317eced984 makes test 1056 work again. +- RELEASE-NOTES: mention the new OCSP stapling options, bump version -Dan Fandrich (31 Mar 2014) -- docs: Removed mention of -g hack when using IPv6 literals - - This limitation was removed in commit 0bc4938e +- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile -Daniel Stenberg (31 Mar 2014) -- http2: let openssl mention the exact protocol negotiated - - Remove a superfluous "negotiated http2" info line +- help: add --cert-status to --help output -- http2: remove _DRAFT09 from the NPN_HTTP2 enum - - We're progressing throught drafts so there's no point in having a fixed - one in a symbol that'll survive. +- copyright years: after OCSP stapling changes -- [Till Maas brought this change] +- [Alessandro Ghedini brought this change] - URL parser: IPv6 zone identifiers are now supported + curl: add --cert-status option + + This enables the CURLOPT_SSL_VERIFYSTATUS functionality. -- [Paul Marks brought this change] +- [Alessandro Ghedini brought this change] - curl: stop interpreting IPv6 literals as glob patterns. - - This makes it possible to fetch from an IPv6 literal without specifying - the -g option. Globbing remains available elsehwere in the URL. - - For example: - curl http://[::1]/file[1-3].txt - - This creates no ambiguity, because there is no overlap between the - syntax of valid globs and valid IPv6 literals. Globs contain hyphens - and at most 1 colon, while IPv6 literals have no hyphens, and at least 2 - colons. + nss: add support for the Certificate Status Request TLS extension - The peek_ipv6() parser simply whitelists a set of characters and counts - colons, because the real validation happens later on. The character set - includes A-Z, in case someone decides to implement support for scopes - like [fe80::1%25eth0] in the future. + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. - Signed-off-by: Paul Marks + This requires NSS 3.15 or higher. -Steve Holme (30 Mar 2014) -- test938: Updated to use file input for upload - - As the second URL won't be passed input from stdin. +- [Alessandro Ghedini brought this change] -- test836: Fixed incorrect username in expected output + gtls: add support for the Certificate Status Request TLS extension + + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. + + This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use + at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP + response verfication to fail even on valid responses. -Daniel Stenberg (30 Mar 2014) -- DISABLED: 836, 882 and 938 hang +- [Alessandro Ghedini brought this change] -- runtests: check protocol before data + url: add CURLOPT_SSL_VERIFYSTATUS option - When the protocol part fails, the data usually does too but the protocol - part is often more fundamental and often provide the clues you need to - fix the test case. - -Steve Holme (30 Mar 2014) -- ftpserver.pl: Extended the full text reply regular expression + This option can be used to enable/disable certificate status verification using + the "Certificate Status Request" TLS extension defined in RFC6066 section 8. - Extended the regex to include other valid characters such as those used - in the reply text of Test 836. + This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the + certificate status verification fails, and the Curl_ssl_cert_status_request() + function, used to check whether the SSL backend supports the status_request + extension. -Daniel Stenberg (30 Mar 2014) -- keywords: sort case insensitive +- TheArtOfHttpScripting: skip the date at the top, we have git -- tests: remove trailing CRs from keywords +- TheArtOfHttpScripting: phrase it TLS lib agnostic -- keywords: sort keywords alphabetically +Steve Holme (16 Jan 2015) +- TODO: Added some SMB ideas -- keywords: don't use STDERR for good info +- RELEASE-NOTES: Synced with 5f09947d28 -Steve Holme (30 Mar 2014) -- tests: Added email unit tests to verify login credential connection re-use +- build-openssl.bat: Added check for Perl installation -- tests: Corrected "APOP" authentication keyword +- checksrc.bat: Better detection of Perl installation -- tests: Replaced email authentication keywords with SASL based keywords +- curl_endian: Fixed build when 64-bit integers are not supported - As the email protocols implement SASL authentication rather than IMAP, - POP3 and SMTP specific authentication, updated the authentication - keywords to reflect this. + Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html + Reported-by: John E. Malmberg -- tests: Added "Clear Text" authentication keyword +Daniel Stenberg (15 Jan 2015) +- [Yun SangHo brought this change] -- tests: Added "SASL" authentication keyword + curl.h: remove extra space -- imap-append.c: Fixed compilation errors on some platforms +- Curl_pretransfer: reset expected transfer sizes - In the initializer for len, there is no prototype for "strlen". - In this statement, there is no prototype for "memcpy". - -- ftpserver.pl: Removed some unused variables - -- ftpserver.pl: Reworked some variable names to be more meaningful + Reported-by: Mohammad AlSaleh + Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html -- ftpserver.pl: Corrected some indentation in senddata() +Marc Hoersken (12 Jan 2015) +- curl_schannel.c: mark session as removed from cache if not freed + + If the session is still used by active SSL/TLS connections, it + cannot be closed yet. Thus we mark the session as not being cached + any longer so that the reference counting mechanism in + Curl_schannel_shutdown is used to close and free the session. + + Reported-by: Jean-Francois Durand -Daniel Stenberg (29 Mar 2014) -- lib1513: fix callback proto to silence warning +Steve Holme (9 Jan 2015) +- RELEASE-NOTES: Synced with d21b66835f -Steve Holme (29 Mar 2014) -- ftpserver.pl: Added fallback to support when using multiple URLs +Guenter Knauf (9 Jan 2015) +- Merge pull request #134 from vszakats/mingw-m64 - Added support for falling back to when , , etc... - don't exist in the section of a unit test. + add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS -- ftpserver.pl: Updated email based get reply data code to use new method +- Merge pull request #136 from vszakats/mingw-allow-custom-cflags + + mingw build: allow to pass custom CFLAGS -- ftpserver.pl: Fixed syntax error from commit 3a29ee41 +Daniel Stenberg (9 Jan 2015) +- NSS: fix compiler error when built http2-enabled -- ftpserver.pl: Updated argument code in STATUS_imap() to be more meaningful +Steve Holme (9 Jan 2015) +- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions + + Better code reuse and consistency in calls to gss_import_name(). -- ftpserver.pl: Introduced common method for getting a test's reply data +Viktor Szakats (9 Jan 2015) +- mingw build: allow to pass custom CFLAGS -- smtp: Fixed login denied when server doesn't support AUTH capability +Daniel Stenberg (8 Jan 2015) +- FTP: if EPSV fails on IPV6 connections, bail out - Specifying user credentials when the SMTP server doesn't support - authentication would cause curl to display "No known authentication - mechanisms supported!" and return CURLE_LOGIN_DENIED. + ... instead of trying PASV, since PASV can't work with IPv6. - Reported-by: Tom Sparrow - Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html + Reported-by: Vojtěch Král -Daniel Stenberg (28 Mar 2014) -- [Cody Mack brought this change] - - winbuild: added warnless.c to fix build +- FTP: fix IPv6 host using link-local address + + ... and make sure we can connect the data connection to a host name that + is longer than 48 bytes. + + Also simplifies the code somewhat by re-using the original host name + more, as it is likely still in the DNS cache. + + Original-Patch-by: Vojtěch Král + Bug: http://curl.haxx.se/bug/view.cgi?id=1468 -Dan Fandrich (26 Mar 2014) -- hostcheck: added a system include to define struct in_addr +Steve Holme (8 Jan 2015) +- [Sam Schanken brought this change] -- test1397: Fixed compilation with some SSL backends + winbuild: Added option to build with c-ares - The test is only valid when one of four SSL backends is in use, - and must otherwise return success. + Added support for a WITH_CARES option to be used when invoking nmake + via Makefile.vc. This option enables linking against both the DLL and + static versions of the c-ares libraries, as well as the debug and + release varients, depending on the value of DEBUG. The USE_ARES + preprocessor symbol is also defined. -- test815/816: Use authentication for both URLs - - The improved connection reuse logic would otherwise create a new - connection for each one, which isn't supported by the test - server, nor expected by the test. +Guenter Knauf (8 Jan 2015) +- NetWare build: added TLS-SRP enabled build. -Daniel Stenberg (26 Mar 2014) -- mkhelp: generate code for --disable-manual as well - - This allows configure --disable-manual to run and build without having - to regenerate the src/tool_hugehelp.c file which otherwise is necessary - since we ship tarballs with that file present. +Steve Holme (8 Jan 2015) +- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API - Reported-by: Remi Gacogne - Bug: http://curl.haxx.se/bug/view.cgi?id=1350 + Bug: http://curl.haxx.se/bug/view.cgi?id=1469 + Reported-by: Thomas Klausner -- bump: start the 7.37.0 race +Viktor Szakats (8 Jan 2015) +- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS -Version 7.36.0 (26 Mar 2014) +Daniel Stenberg (8 Jan 2015) +- bump: start working towards 7.40.1 -Daniel Stenberg (26 Mar 2014) -- RELEASE-NOTES: 7.36.0 +- THANKS: 14 new contributors from the 7.40.0 release notes -- [Richard J. Moore brought this change] +Version 7.40.0 (7 Jan 2015) - test1397: unit test for certificate name wildcard handling +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: version 7.40.0 -- Curl_cert_hostcheck: strip trailing dots in host name and wildcard +- darwinssl: fix session ID keys to only reuse identical sessions - Reported-by: Richard Moore + ...to avoid a session ID getting cached without certificate checking and + then after a subsequent _enabling_ of the check libcurl could still + re-use the session done without cert checks. + + Bug: http://curl.haxx.se/docs/adv_20150108A.html + Reported-by: Marc Hesse -- Curl_cert_hostcheck: reject IP address wildcard matches +- tests: make sure CRLFs can't be used in URLs passed to proxy - There are server certificates used with IP address in the CN field, but - we MUST not allow wild cart certs for hostnames given as IP addresses - only. Therefore we must make Curl_cert_hostcheck() fail such attempts. + Bug: http://curl.haxx.se/docs/adv_20150108B.html + +- url-parsing: reject CRLFs within URLs - Bug: http://curl.haxx.se/docs/adv_20140326B.html - Reported-by: Richard Moore + Bug: http://curl.haxx.se/docs/adv_20150108B.html + Reported-by: Andrey Labunets -- [Steve Holme brought this change] +Steve Holme (7 Jan 2015) +- ldap: Convert attribute output to UTF-8 when Unicode - url: Fixed connection re-use when using different log-in credentials +- ldap: Convert DN output to UTF-8 when Unicode + +Daniel Stenberg (7 Jan 2015) +- hostip: remove 'stale' argument from Curl_fetch_addr proto - In addition to FTP, other connection based protocols such as IMAP, POP3, - SMTP, SCP, SFTP and LDAP require a new connection when different log-in - credentials are specified. Fixed the detection logic to include these - other protocols. + Also, remove the log output of the resolved name is NOT in the cache in + the spirit of only telling when something is actually happening. + +Steve Holme (7 Jan 2015) +- ldap/imap: Fixed spelling mistake in comments and variable names - Bug: http://curl.haxx.se/docs/adv_20140326A.html + Reported-by: Michael Osipov -- THANKS: 14 new friends from the 7.36.0 announcement +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: updated with ./contributors.sh output -- RELEASE-NOTES: synced with 3ebfaf6a0399b6a +Dan Fandrich (5 Jan 2015) +- curl_multibyte.h: Eliminated some trailing whitespace -Steve Holme (23 Mar 2014) -- tool_operate: Fixed uninitialised variable under some error situations - - For example when a URL is not specified or the headers file fails to - open. +Steve Holme (4 Jan 2015) +- RELEASE-NOTES: Synced with ea93252ef1 -- tool_parsecfg: Reworked error handling from commit fc59a9e1 +- ldap: Fixed Unicode usage for all Win32 builds + + Otherwise, the fixes in the previous commits would only be applicable + to IDN and SSPI based builds and not others such as OpenSSL with LDAP + enabled. -- tool_getparam: Removed "dead assignment" code introduced in commit 1a9b58fc +- ldap: Fixed memory leak from commit efb64fdf80 -Daniel Stenberg (22 Mar 2014) -- [Gisle Vanem brought this change] +- ldap: Fix memory leak from commit 3a805c5cc1 - polarssl: avoid extra newlines in debug messages +- ldap: Fixed attribute variable warnings when Unicode is enabled - The debug messages printed inside PolarSSL always seems to end with a - newline. So 'infof()' should not add one. Besides the trace 'line' - should be 'const'. + Use 'TCHAR *' for local attribute variable rather than 'char *'. -- rtsp: parse "Session:" header properly +- ldap: Fixed DN variable warnings when Unicode is enabled - The parser skipped the initial letter, which presumably often is - whitespace but doesn't have to be. + Use 'TCHAR *' for local DN variable rather than 'char *'. + +- ldap: Remove the unescape_elements() function - Reported-by: Mike Hasselberg - Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html + Due to the recent modifications this function is no longer used. -- runtests.pl: verify specified test cases +- ldap.c: Fixed compilation warning - To better allow arguments like "1 to 9999" without flooding the terminal - with error messages, the given test cases range is now checked and only - test numbers with existing files are actually run. + ldap.c:98: warning: extra tokens at end of #endif directive -Dan Fandrich (19 Mar 2014) -- RELEASE-NOTES: fixed typo +- ldap: Fixed support for Unicode filter in Win32 search call -Daniel Stenberg (19 Mar 2014) -- trynextip: don't store 'ai' on failed connects... - - It leads to the "next family" tries starting from the wrong point and thus - fails! +- ldap.c: Fixed compilation warning - Bug: http://curl.haxx.se/bug/view.cgi?id=1337 - Reported-by: ricker + ldap.c:802: warning: comparison between signed and unsigned integer + expressions -- RELEASE-NOTES: synced with 47f8e99e78c +- ldap: Fixed support for Unicode attributes in Win32 search call -- [Gaël PORTAY brought this change] +- ldap: Fixed memory leak from commit efb64fdf80 + + The unescapped DN was not freed after a successful character conversion. - polarssl: fix possible handshake timeout issue in multi. +- ldap.c: Fixed compilation error - Because of the socket is unblocking, PolarSSL does need call to getsock to - get the action to perform in multi environment. + ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes + just 1 + +- ldap.c: Fixed compilation warning - In some cases, it might happen we have not received yet all data to perform - the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state - is updated but because of the getsock has not the proper #define macro to, - the library never prevents to select socket for input thus the socket will - never be awaken when last data is available. Thus it leads to timeout. + ldap.c:89: warning: extra tokens at end of #endif directive -- [Gaël PORTAY brought this change] +- ldap: Fixed support for Unicode DN in Win32 search call - polarssl: break compatibility with version older than 1.3. - - Remove all #ifdef/else/endif macros that ensure compatibility with polarssl - version previous than 1.3. +- ldap: Fixed Unicode user and password in Win32 bind calls -- [Gaël PORTAY brought this change] +- ldap: Fixed Unicode host name in Win32 initialisation calls - polarssl: drop use of 1.2 compatibility header. - - API has changed since version 1.3. A compatibility header has been created - to ensure forward compatibility for code using old API: - * x509 certificate structure has been renamed to from x509_cert to - x509_crt - * new dedicated setter for RSA certificates ssl_set_own_cert_rsa, - ssl_set_own_cert is for generic keys - * ssl_default_ciphersuites has been replaced by function - ssl_list_ciphersuites() +- ldap: Use host.dispname for infof() connection failure messages - This patch drops the use of the compatibly header. + As host.name may be encoded use dispname for infof() failure messages. -- polarssl: added missing end-of-comment from previous commit +- ldap: Prefer 'CURLcode result' for curl result codes -- polarssl: now require 1.3.0+ +- ldap: Pass write length in all Curl_client_write() calls - Also fixed a function name change in the version requirement bump + As we get the length for the DN and attribute variables, and we know + the length for the line terminator, pass the length values rather than + zero as this will save Curl_client_write() from having to perform an + additional strlen() call. -- [hasufell brought this change] - - polarssl: fix compilation +- ldap: Fixed attribute memory leaks on failed client write - Rename x509_cert to x509_crt and add "compat-1.2.h" - include. - This would still need some more thorough conversion - in order to drop "compat-1.2.h" include. + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -Kamil Dudka (15 Mar 2014) -- nss: allow to enable/disable new AES GCM cipher-suites +- ldap: Fixed DN memory leaks on failed client write - ... if built against a new enough version of NSS + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -- nss: allow to enable/disable new HMAC-SHA256 cipher-suites +- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d - ... if built against a new enough version of NSS + curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char + [8]') to parameter of type 'char *' converts + between pointers to integer types with different + sign -- nss: do not enable AES cipher-suites by default +- ntlm: Use extend_key_56_to_64() for all cryptography engines - ... but allow them to be enabled/disabled explicitly. The default - policy should be maintained at the NSS level. + Rather than duplicate the code in setup_des_key() for OpenSSL and in + extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is + the same, use extend_key_56_to_64() for all engines. -Dan Fandrich (15 Mar 2014) -- tests: made the SASL modes separate keywords +- RELEASE-NOTES: Synced with 34f0bd110f -- tests: added missing HTTP NTLM auth keywords +- curl_ntlm_core.c: Fixed compilation warning - Also, removed an unneeded strippart - -- tests: disable valgrind on the remaining scp/sftp tests + curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined + but not used -- valgrind.supp: added another test 165 suppression +- endian: Fixed bit-shift in 64-bit integer read functions - This one seems to come and go as the optimizer decides how best - to inline some functions. + From commit 43792592ca and 4bb5a351b2. + + Reported-by: Michael Osipov -- ssh: prevent a logic error that could result in an infinite loop +- smb: Use endian functions for reading NBT and message size values -- docs: fixed a bunch of typos +- endian: Added big endian read functions -- test640/1: add tests for --head with sftp and scp - - This option is currently rather useless with these protocols - when no quote command is given, but it is valid. +- endian: Added 64-bit integer read function -- ssh: removed a redundant close state transition +- COPYING: Bumped copyright year to 2015 -- ssh: abort immediately on a header callback error +- version: Bump copyright year to 2015 -Daniel Stenberg (14 Mar 2014) -- chunked-encoding: provide a readable error string for chunked errors +- smb.c: Fixed compilation warnings + + smb.c:780: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:781: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:804: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign -- TODO: remove http2, we now have it +- smb: Use endian functions for reading length and offset values -- [Tatsuhiro Tsujikawa brought this change] +- endian: Added 16-bit integer write function - http2: free resources on disconnect +- endian: Fixed Linux compilation issues - ... and use Curl_safefree() instead of free() + Having files named endian.[c|h] seemed to cause issues under Linux so + renamed them both to have the curl_ prefix in the filenames. + +- [Julien Nabet brought this change] -- openssl: info massage with SSL version used + lib1900.c: Fixed cppcheck error - Patch-by: byte_bucket + lib1900.c:182: (style) Array index 'handlenum' is used before limits + check + + Bug: https://github.com/bagder/curl/pull/133 -Steve Holme (9 Mar 2014) -- RELEASE-NOTES: Synced with 8ddda0e999 +- endian: Added standard function descriptions -Daniel Stenberg (9 Mar 2014) -- README.http2: clarify the build prerequisites +- endian: Renamed functions for curl API naming convention -- SSL-PROBLEMS: add "missing intermediate certificates" piece +- endian: Moved write functions to new module -- SSL-PROBLEMS: describes common curl+SSL problems +- endian: Moved read functions to new module -Nick Zitzmann (8 Mar 2014) -- docs: remove documentation on setting up krb4 support +- endian: Introduced endian module - The information about building with Kerberos4 support was half a year out - of date. We dropped support for that. - -Daniel Stenberg (6 Mar 2014) -- ssh: fix compiler warning converting ssize_t to int + To allow the little endian functions, currently used in two of the NTLM + source files, to be used by other modules such as the SMB module. -Dan Fandrich (6 Mar 2014) -- ssh: Fixed a style warning - - Also, combined a couple of #ifdef sections +- sepheaders.c: Applied curl oding standards -- ssh: Pass errors from libssh2_sftp_read up the stack +- [Julien Nabet brought this change] -Daniel Stenberg (6 Mar 2014) -- parse_remote_port: error out on illegal port numbers better + sepheaders.c: Fixed resource leak on failure -- remote_port: allow connect to port 0 +- vtls: Use '(void) arg' for unused parameters - Port number zero is perfectly allowed to connect to. I moved to storing - the remote port number in an int so that -1 means undefined and 0-65535 - can be used for legitimate port numbers. + Prefer void for unused parameters, rather than assigning an argument to + itself as a) unintelligent compilers won't optimize it out, b) it can't + be used for const parameters, c) it will cause compilation warnings for + clang with -Wself-assign and d) is inconsistent with other areas of the + curl source code. -- multi_runsingle: move timestamp into INIT - - Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the - drawback that for actions that go back to the CONNECT state, the time - stamp is reset and for the multi_socket API there's no corresponding - Curl_expire() then so the timeout logic gets wrong! +- smb.c: Fixed compilation warning - Reported-by: Brad Spencer - Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html + smb.c:586: warning: conversion to 'short unsigned int' from 'int' may + alter its value -- hostcheck: update comment after previous change +- [Bill Nagel brought this change] -- hostcheck: Curl_cert_hostcheck is not used by NSS builds + smb: Use the connection's upload buffer + + Use the connection's upload buffer instead of allocating our own send + buffer. -- [Michael Osipov brought this change] +- RELEASE-NOTES: Synced with 1933f9d33c - configure: call it GSS-API +- schannel: Moved the ISC return flag definitions to the SSPI module - ... since that’s how the RFC calls it. + Moved our Initialize Security Context return attribute definitions to + the SSPI module, as a) these can be used by other SSPI based providers + and b) the ISC required attributes are defined there. -- x509asn: moved out Curl_verifyhost from NSS builds - - ... as it isn't used then! +- [Bill Nagel brought this change] -- NSS: avoid compiler warnings when built without http2 support + smb: Close the connection after a failed client write -- [Jiri Malak brought this change] +- darwinssl: Fixed compilation warning + + vtls.c:683:43: warning: unused parameter 'data' - Rework Open Watcom make files to use standard Wmake features +- sockfilt.c: Fixed compilation warnings - Remove slash/backslash problem, now only slashes are used, - Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it. - Enable spaces in path. - Use internal rm command for all host platforms - Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported + sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter + its value -- [Jiri Malak brought this change] +- test1509: Fixed compilation warning + + lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may + alter its value - parsedate: Fixed compilation warning +- test556: Fixed compilation warning - Remove compilation message for platforms where size of long type - is equal size of int type. + lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may + alter its value -Steve Holme (2 Mar 2014) -- RELEASE-NOTES: Synced with 7fef4016de +- sasl_gssapi: Fixed use of dummy username with real username -- tool: Do not output libcurl source for the information only parameters - - Ensure a source file isn't generated for the following informational - command line parameters when --libcurl is specified: +- vtls: Fixed compilation warning and an ignored return code - --help, --manual, --version and --engine list + curl_schannel.h:123: warning: right-hand operand of comma expression + has no effect - As the output would only include a fairly empty looking main() function - and a call to curl_easy_init() and curl_easy_cleanup() when performed - with --engine list. - -- tool: Fixed libcurl source output for multiple operations - - Correctly output libcurl source code that includes multiply operations - as specified by --next. Note that each operation evaluates to a single - curl_easy_perform() in source code form. + Some instances of the curlssl_close_all() function were declared with a + void return type whilst others as int. The schannel version returned + CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the + return code was ignored by the calling function Curl_ssl_close_all(). - Also note that the output could be optimised a little so global config - options are only output once rather than per operation as is presently - the case. - -- tool_metalink.h: Fixed compilation warning + For the time being and to keep the internal API consistent, changed all + declarations to use a void return type. - warning: declaration of 'struct GlobalConfig' will not be visible - outside of this function + To reduce code we might want to consider removing the unimplemented + versions and use a void #define like schannel does. -- tool: Moved internal variable isatty to the global config +Daniel Stenberg (28 Dec 2014) +- TODO: 2.3 Better support for same name resolves -- tool_operate.c: Fixed compilation error +Steve Holme (28 Dec 2014) +- test1520: Fixed initial teething problems - incompatible types - from 'OperationConfig *' to 'GlobalConfig *' - -- tool: Moved --libcurl to the global config + * Missing initialisation of upload status caused a seg fault + * Missing data termination caused corrupt data to be uploaded + * Data verification should be performed in element + * Added missing recipient list cleanup -- tool: Moved --progress-bar to the global config +- test1520: Fixed compilation errors -- tool: Moved --stderr to the global config +- tests: Added test for bug #1456 -- transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5e +- checksrc.bat: Fixed a problem opening files with spaces in the filename -Daniel Stenberg (28 Feb 2014) -- [Tatsuhiro Tsujikawa brought this change] +- openldap: Prefer use of 'CURLcode result' - Fix bug that HTTP/2 hangs if whole response body is read with headers +- openldap: Use 'LDAPMessage *msg' for messages - For HTTP/2, we may read up everything including responde body with - header fields in Curl_http_readwrite_headers. If no content-length is - provided, curl waits for the connection close, which we emulate it - using conn->proto.httpc.closed = TRUE. The thing is if we read - everything, then http2_recv won't be called and we cannot signal the - HTTP/2 stream has closed. As a workaround, we return nonzero from - data_pending to call http2_recv. + This frees up the 'result' variable for CURLcode based result codes. -- http2: build with current nghttp2 version - - nghttp2 has yet again extended its callback struct and this is an - attempt to make curl compile with nghttp2 from current git +- nss: Don't ignore Curl_extract_certinfo() OOM failure -Dan Fandrich (28 Feb 2014) -- tool_main: Fixed a memory leak on main_init error +- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure -Steve Holme (28 Feb 2014) -- test96: Updated accordly for recent changes +- nss: Use 'CURLcode result' for curl result codes + + ...and don't use CURLE_OK in failure/success comparisons. -- tool_cfgable: Code policing of structure pointers +- getinfo: Code style policing -- tool: Moved --trace and --verbose to the global config +- getinfo: Use 'CURLcode result' for curl result codes -- tool_main: Forgot to initialise the first operation's global pointer +- darwinssl: Use 'CURLcode result' for curl result codes -- tool: Moved --silient to the global config - - Other global options such as --libcurl, --trace and --verbose to - follow. +- polarssl: Use 'CURLcode result' for curl result codes -- tool_cfgable: Added GlobalConfig pointer to OperationConfig +- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries - In order to ease the moving of global options such as the error stream, - updated the OperationConfig structure to point to the GlobalConfig. + As this feature has been implemented for 7.40.0. -- tool: Added support to .curlrc for URL specific options +- asiohiper.cpp: No need to initialise members of ConnInfo - In addition to adding support for URL specific options via the command - line with --next it is now possible to specify "next" in .curlrc. + ...as calloc() automatically clears the area of memory with zeros. -- tool: Reworked argument parsing to use --next/-: +- asiohiper.cpp: Updated for curl coding standards - Follow up to commit 1a9b58fcb2 to replace the : command line option - with --next and -:. + ...with the exception of the start of block statement curly brackets. -- tool_getparam: Added initial support for --next/-: +- code/docs: Use correct case for IPv4 and IPv6 - Added initial support for --next/-: which will be used to replace the - rather confusing : command line operation what was used for the URL - specific options prototype. + For consistency, as we seem to have a bit of a mixed bag, changed all + instances of ipv4 and ipv6 in comments and documentations to use the + correct case. -Dan Fandrich (26 Feb 2014) -- valgrind.supp: tweaked a test 165 suppression +- runtests: Fixed detection of Unix Sockets feature - A recent change seems to have slightly changed the call stack - produced by the gcc optimizer. + ...following change in curl --version output. -nickzman (25 Feb 2014) -- Merge pull request #93 from d235j/darwinssl_ip_address_fix +- code/docs: Use Unix rather than UNIX to avoid use of the trademark - darwinssl: don't omit CN verification when an IP address is used + Use Unix when generically writing about Unix based systems as UNIX is + the trademark and should only be used in a particular product's name. -Daniel Stenberg (25 Feb 2014) -- parse_args: fix a too long source code line - -- [naota brought this change] - - configure: Tiny fix to honor POSIX +- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported - Change "==" to "=" to honor POSIX test construction. - -Steve Holme (25 Feb 2014) -- tool_help: Moved --no-alpn and --no-npn to be listed alphabetically + if2ip.c:119: warning: unused parameter 'remote_scope_id' - ...and added the HTTP suffix as these options are only used for HTTP2 - based connections. + ...and some minor code style policing in the same function. -- tool: Moved --showerror to the global config +- vtls: Don't set cert info count until memory allocation is successful - Other global options such as --libcurl, --trace and --verbose to - follow. + Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs + member variable to the requested count, which could then be used + incorrectly as libcurl closes down. -- tool_getparam: Added global config to getparameter() +- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type - In preparation for parsing global options added the GlobalConfig - structure to the getparameter() function. - -- tool_getparam.h: Fixed compilation warning + The return type for this function was 0 on success and 1 on error. This + was then examined by the calling functions and, in most cases, used to + return CURLE_OUT_OF_MEMORY. - warning: declaration of 'struct GlobalConfig' will not be visible - outside of this function + Instead use CURLcode for the return type and return the out of memory + error directly, propagating it up the call stack. -Marc Hoersken (24 Feb 2014) -- RELEASE-NOTES: Updated for 63fc8ee7 - -Steve Holme (24 Feb 2014) -- tool_cfgable: Added support for knowing the current operation - -Marc Hoersken (24 Feb 2014) -- curl_schannel.c: Updated copyright years +- configure: Use camel case for UNIX sockets feature output + + To match the curl --version output. -- [David Ryskalczyk brought this change] +Marc Hoersken (26 Dec 2014) +- sockfilt.c: Reduce the number of individual memory allocations + + Merge multiple internal arrays into one, even if some variables + will not not be used. They are all created with the number of + file descriptors as their size. + + Also fix possible thread handle leak in CloseHandle-loop. - winssl: Enable hostname verification of IP address using SAN or CN +- sockfilt.c: Replace 100ms sleep with thread throttle - Original commit message was: - Don't omit CN verification in SChannel when an IP address is used. + Improves performance of test cases 574 and 575 by 50%. - Side-effect of this change: - SChannel and CryptoAPI do not support the iPAddress subjectAltName - according to RFC 2818. If present, SChannel will first compare the - IP address to the dNSName subjectAltNames and then fallback to the - most specific Common Name in the Subject field of the certificate. + A value of zero causes the thread to relinquish the remainder + of its time slice to any other thread of equal priority that is + ready to run. If there are no other threads of equal priority + ready to run, the function returns immediately, and the thread + continues execution. - This means that after this change curl will not connect to SSL/TLS - hosts as long as the IP address is not specified in the SAN or CN - of the server certificate or the verifyhost option is disabled. + http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx -Steve Holme (24 Feb 2014) -- tool_operate: Moved easy handle cleanup into tool_main +Steve Holme (25 Dec 2014) +- tool_help: Use camel case for UNIX sockets feature output + + In line with the other features listed in the --version output, + capitalise the UNIX socket feature. -Marc Hoersken (24 Feb 2014) -- tool_hugehelp: partially reverted 24e22e10 +- vtls: Use bool for Curl_ssl_getsessionid() return type - Compilation was not possible if manuel is disabled due this error: - error: macro "hugehelp" passed 1 arguments, but takes just 0 - void hugehelp(void) {} + The return type of this function is a boolean value, and even uses a + bool internally, so use bool in the function declaration as well as + the variables that store the return value, to avoid any confusion. -Steve Holme (24 Feb 2014) -- tool_main: Moved easy handle into global config structure +- schannel: Minor code style policing for casts -David Ryskalczyk (23 Feb 2014) -- Don't omit CN verification in DarwinSSL when an IP address is used. +- schannel: Prefer 'CURLcode result' for curl result codes -Steve Holme (23 Feb 2014) -- tool: Fixed line longer than 79 characters from commit 705a4cb549 +- cyassl: Prefer 'CURLcode result' for curl result codes -- tool_main: Corrected typo from commit d6b9f054e9 in Symbian code +- tool_xattr: Use 'CURLcode result' for curl result codes -- tool_main: Moved OperateConfig cleanup into main_free() +- curl_ntlm_core.c: Fixed compilation warnings + + curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of + 'CryptImportKey' differ in signedness + curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from + incompatible pointer type + curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' + from incompatible pointer type -- tool_main: Moved initial OperateConfig creation into main_init() +- RELEASE-NOTES: Synced with 8830df8b66 -- tool_cfgable: Added global config structure +- gtls: Use preferred 'CURLcode result' -- tool_cfgable: Renamed Configurable structure to OperationConfig +- openldap: Use standard naming for setup connection function - To allow for the addition of a global config structure and prevent - confusion between the two. - -- tool: Fixed incorrect return code with --version from commit c10bf9bb36 + Renamed ldap_setup() to ldap_setup_connection() to follow more widely + used function naming. -- RELEASE-NOTES: Synced with 8c80840d01 +- rtmp: Use standard naming for setup connection function + + Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely + used function naming. -- tool_getparam: Moved tool_help() call into operate() +- smb: Use standard naming for setup connection function + + Renamed smb_setup() to smb_setup_connection() to follow more widely + used function naming. -- tool_getparam: Moved hugehelp() call into operate() +- config-win32.h: Fixed line length > 79 columns -- tool_getparam: Moved tool_version_info() call into operate() +- openssl: Prefer we don't use NULL in comparisons -- tool_cfgable: Removed list_engine flag from config structure +- build: Removed WIN32 definition from the Visual Studio projects - In preparation for separating the global config options from the per - operation config options, reworked the list engines code to not use a - member variable in the Configurable structure. + As this pre-processor definition is defined in curl_setup.h there is no + need to include it in the Visual Studio project files. -- tool_operate: Start to use CURLcode rather than int for return codes +- build: Removed WIN64 definition from the libcurl Visual Studio projects - To help assist with the detection of incorrect return codes, as per - commits ee23d13a79, 33b8960dc8 and aba98991a5, updated the operate - based functions to return CURLcode error codes. - -- tool: Fixed incorrect return code when setting HTTP request fails + Removed the WIN64 pre-processor definition from the libcurl project + files as: + + * WIN64 is not used in our source code + * The curl projects files don't define it + * It isn't required by or used in the platform SDK + * For backwards compatability curl_setup.h defines WIN32 + * The compiler automatically defines _WIN64 for x64 builds - During initialisation SetHTTPrequest() may fail and cURL would return - PARAM_BAD_USE, which is equivalent to CURLE_NOT_BUILT_IN in cURL error - terms. + Historically Visual Studio projects have defined WIN32, in addition to + the compiler defined _WIN32 definition, and I had incorrectly changed + that to WIN64 for the x64 libcurl builds but not in the curl projects. - Instead, return CURLE_FAILED_INIT as we do for other functions that may - fail during initialisation. + As such, it is questionable whether this should be defined or not. For + more information see the following cache of a discussion that took + place on the microsoft.public.vc.mfc newsgroup: + + http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html + +- openssl.c Fix for compilation errors with older versions of OpenSSL + + openssl.c:1408: error: 'TLS1_1_VERSION' undeclared + openssl.c:1411: error: 'TLS1_2_VERSION' undeclared + +Daniel Stenberg (22 Dec 2014) +- [John Malmberg brought this change] -- tool_getparam: Moved version information into separate function in tool_help + Fix comment edit in vms/backup_gnv_curl_src.com + + packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. -- tool_operhlp.h: Fixed compilation warning +- curl: show size of inhibited data when using -v - warning: 'struct Configurable' declared inside parameter list + To offer some more info and yet it doesn't use more lines. -- tool_operhlp: Consolidated engine output code into tool_help +- openssl: fix SSL/TLS versions in verbose output -- tool_operate: Moved list engines into separate function in tool_help +- openssl: make it compile against openssl 1.1.0-DEV master branch -Marc Hoersken (22 Feb 2014) -- RELEASE-NOTES: added note about impact of changes to WinSSL defaults +Marc Hoersken (22 Dec 2014) +- sshserver.pl: clarify and streamline variable names -- stunnel: regenerated self-signed test certificate with SHA1 hash +Daniel Stenberg (21 Dec 2014) +- openssl: warn for SRP set if SSLv3 is used, not for TLS version - The previous test certificate contained a MD5 hash which is not - supported using TLSv1.2 with Schannel on Windows 7 or newer. + ... as it requires TLS and it was was left to warn on the default from + when default was SSL... + +- smb: use memcpy() instead of strncpy() - See the update to this blog post on IEInternals / MSDN: - http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/ - misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx + ... as it never copies the trailing zero anyway and always just the four + bytes so let's not mislead anyone into thinking it is actually treated + as a string. - "Update: If the server negotiates a TLS1.2 connection with a - Windows 7 or 8 schannel.dll-using client application, and it - provides a certificate chain which uses the (weak) MD5 hash - algorithm, the client will abort the connection (TCP/IP FIN) - upon receipt of the certificate." + Coverity CID: 1260214 -Dan Fandrich (22 Feb 2014) -- easy: Fixed a memory leak on OOM condition +- [John E. Malmberg brought this change] -Steve Holme (20 Feb 2014) -- tool_paramhlp: Fixed compilation warnings + VMS: Updates for 0740-0D1220 + + lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. + More defines to set symbols to uppercase. + + src/tool_main.c : Fix parameter to vms_special_exit() call. + + packages/vms/ : + backup_gnv_curl_src.com : Fix the error message to have the correct package. + + build_curl-config_script.com : Rewrite to be more accurate. + + build_libcurl_pc.com : Use tool_version.h now. + + build_vms.com : Fix to handle lib/vtls directory. - declaration of 'index' shadows a global declaration + curl_gnv_build_steps.txt : Updated build procedure documentation. + + generate_config_vms_h_curl.com : + * VAX does not support 64 bit ints, so no NTLM support for now. + * VAX HP SSL port is ancient, needs some help. + * Disable NGHTTP2 for now, not ported to VMS. + * Disable UNIX_SOCKETS, not available on VMS yet. + * HP GSSAPI port does not have gss_nt_service_name. + + gnv_link_curl.com : Update for new curl structure. + + pcsi_product_gnv_curl.com : Set up to optionally do a complete build. -- lib1515.c: Fixed #include path in commit 647f83e809 +Marc Hoersken (21 Dec 2014) +- sockfilt.c: use non-Ex functions that are available before WinXP + + It was initially reported by Guenter that GetFileSizeEx + requires (_WIN32_WINNT >= 0x0500) to be true. -Daniel Stenberg (19 Feb 2014) -- [Maks Naumov brought this change] +- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files + + Second patch to enable Windows support using Cygwin-based OpenSSH. + + Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. - test1515: fix compilation with msvc +- tests: support spaces in paths to SSH, SSHD and SFTP binaries - ... or any other systems lacking a native snprintf + First patch to enable Windows support using Cygwin-based OpenSSH. -- SFTP: skip reading the dir when NOBODY=1 +Steve Holme (20 Dec 2014) +- non-ascii: Reduce variable usage - When asking for an SFTP directory with NOBODY set, no directory contents - should be retrieved. + Removed 'next' variable in Curl_convert_form(). Rather than setting it + from 'form->next' and using that to set 'form' after the conversion + just use 'form = form->next' instead. + +- non-ascii: Prefer while loop rather than a do loop - Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html + This also removes the need to check that the 'form' argument is valid. -Dan Fandrich (18 Feb 2014) -- axtls: comment the call ssl_read repeatedly loop +- non-ascii: Reduce variable scope + + As 'result' isn't used out side the conversion callback code and + previously caused variable shadowing in the libiconv based code. -Kamil Dudka (18 Feb 2014) -- curl.1: update the description of --tlsv1 +- non-ascii: We prefer 'CURLcode result' - ... and mention the --tlsv1.[0-2] options in the --tslv1 entry + This also fixes a variable shadowing issue when HAVE_ICONV is defined + as rc was declared for the result code of libiconv based functions. + +Marc Hoersken (19 Dec 2014) +- secureserver.pl: clean up formatting of config and fix verbose output - Reported-by: Hubert Kario + Verbose output was not matching the actual configuration file, + because FIPS and Windows conditions were ignored. -Daniel Stenberg (18 Feb 2014) -- curl_version.3: recommend using curl_version_info() instead +- secureserver.pl: update Windows detection and fix path conversion -- curl_version_info.3: added *HTTP2 +- secureserver.pl: make OpenSSL CApath and cert absolute path values - ... and edited language slightly + Recent stunnel versions (5.08) seem to have trouble with relative + paths on Windows. This turns the relative paths into absolute ones. -- curl_multi_assign.3: updated language +Patrick Monnerat (18 Dec 2014) +- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. -- libcurl.3: edited slightly to improve readability +- [Kyle J. McKay brought this change] -- curl_easy_perform.3: extended and clarified + parseurlandfillconn(): fix improper non-numeric scope_id stripping. + Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ -- curl_multi_add_handle.3: clarify multi vs easy use +- IPV6: address scope != scope id + There was a confusion between these: this commit tries to disambiguate them. + - Scope can be computed from the address itself. + - Scope id is scope dependent: it is currently defined as 1-based local + interface index for link-local scoped addresses, and as a site index(?) for + (obsolete) site-local addresses. Linux only supports it for link-local + addresses. + The URL parser properly parses a scope id as an interface index, but stores it + in a field named "scope": confusion. The field has been renamed into "scope_id". + Curl_if2ip() used the scope id as it was a scope. This caused failures + to bind to an interface. + Scope is now computed from the addresses and Curl_if2ip() matches them. + If redundantly specified in the URL, scope id is check for mismatch with + the interface index. - it is only WHILE added to a multi handle that it can't be used with the - easy interface + This commit should fix SF bug #1451. -- [Tatsuhiro Tsujikawa brought this change] +- connect: singleipconnect(): properly try other address families after failure - http2: Support HTTP POST/PUT +Daniel Stenberg (16 Dec 2014) +- SFTP: work-around servers that return zero size on STAT - This patch enables HTTP POST/PUT in HTTP2. - We disabled Expect header field and chunked transfer encoding - since HTTP2 forbids them. - In HTTP1, Curl sends small upload data with request headers, but - HTTP2 requires upload data must be in DATA frame separately. - So we added some conditionals to achieve this. + Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html + Pathed-by: Marc Renault -- RELEASE-NOTES: synced with 854aca5420f - -- multi: ignore sigpipe internally +- glob_next_url: make the loop count upwards - When the multi API is used we must also ignore SIGPIPE signals when - caused by things we do, like they can easily be generated by OpenSSL. + As the former contruct apparently caused a compiler warning, mentioned + in d8efde07e556c. + +- tool_operate: we prefer 'CURLcode result' -Dan Fandrich (17 Feb 2014) -- tests: Made the crypto test feature usable +- tool_urlglob: unify return codes to use CURLcode - This feature specifies the availability of cryptographic - authentication, which can be disabled at compile-time + There was a mix of GlobCode, CURLcode and ints and they were mostly + passing around CURLcode errors. This change makes the functions use only + CURLcode and removes the GlobCode type completely. -- configure: Fix the --disable-crypto-auth option +- tool_urlglob.c: partly reverse dc19789444 - It now disables NTLM and GSS authentication methods, and produces - compilable code when SSL is enabled. + The loop in glob_next_url() needs to be done backwards to maintain the + logic. dc19789444 caused test 1235 to fail. -Daniel Stenberg (17 Feb 2014) -- curl_multi_setopt.3: clarify CURLMOPT_MAXCONNECTS +- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME -- [Shao Shuchao brought this change] +- [Jay Satiro brought this change] - ConnectionDone: default maxconnects to 4 x number of easy handles + opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS - ... as documented! + Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and + CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one + that will be used. + + Prior to this change that behavior was only noted in the + CURLOPT_TIMEOUT_MS doc. -- examples: remove all use of CURLM_CALL_MULTI_PERFORM +Nick Zitzmann (15 Dec 2014) +- darwinssl: fix incorrect usage of aprintf() - ... since it is never returned since a long while back. + Commit b13923f changed an snprintf() to use aprintf(), but the API usage + wasn't correct, and was causing a crash to occur. This fixes it. -- [Colin Hogben brought this change] +Steve Holme (14 Dec 2014) +- copyright: Updated the copyright year following recent updates - curl_easy_setopt.3: Add another non-matching hostname +Daniel Stenberg (14 Dec 2014) +- tool_urlglob.c: reverse two loops - For the avoidance of doubt, show a domain which contains the no-proxy - pattern but not at the top level. + By counting from 0 and up instead of backwards like before, we remove + the need for the "funny" check of the unsigned variable when decreased + passed zero. Easier to read and less risk for compiler warnings. -- axtls: bump copyright year +Marc Hoersken (14 Dec 2014) +- tool_urlglob.c: Added braces to clarify the conditions -- [Fabian Frank brought this change] +- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop + + The >= 0 is actually not required, since i underflows and + the for-loop is stopped using the < condition, but this + makes the VS2012 compiler and code analysis happy. - axtls: call ssl_read repeatedly +- tool_binmode.c: Explicitly ignore the return code of setmode - Perform more work in between sleeps. This is work around the - fact that axtls does not expose any knowledge about when work needs - to be performed. Depending on connection and how often perform is - being called this can save ~25% of time on SSL handshakes (measured - on 20ms latency connection calling perform roughly every 10ms). + Fixes code analysis warning C6031: + return value ignored: could return unexpected value -- [Yehezkel Horowitz brought this change] +- lib: Fixed multiple code analysis warnings if SAL are available + + warning C28252: Inconsistent annotation for function: + parameter has another annotation on this instance - url_easy_setopt.3: Add undocumented values of curl_infotype +Steve Holme (14 Dec 2014) +- smb.c: Fixed code analysis warning - ... for debug function + smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, + then cast to 64-bit value. Result may not be an expected + value + +Marc Hoersken (14 Dec 2014) +- tool_util.c: Use GetTickCount64 if it is available -- ConnectionExists: re-use connections better +Steve Holme (14 Dec 2014) +- smb: Use HAVE_PROCESS_H for process.h inclusion - When allowing NTLM, the re-use connection logic was too focused on - finding an existing NTLM connection to use and didn't properly allow - re-use of other ones. This made the logic not re-use perfectly re-usable - connections. + Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H + pre-processor define when including process.h. + +Daniel Stenberg (14 Dec 2014) +- darwinssl: aprintf() to allocate the session key - Added test case 1418 and 1419 to verify. + ... to avoid using a fixed memory size that risks being too large or too + small. + +Marc Hoersken (14 Dec 2014) +- curl_schannel: Improvements to memory re-allocation strategy - Regression brought in 8ae35102c (curl 7.35.0) + - do not grow memory by doubling its size + - do not leak previously allocated memory if reallocation fails + - replace while-loop with a single check to make sure + that the requested amount of data fits into the buffer - Reported-by: Jeff King - Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213 + Bug: http://curl.haxx.se/bug/view.cgi?id=1450 + Reported-by: Warren Menzer -Steve Holme (16 Feb 2014) -- tool_paramhlp: Added URL index to password prompt for multiple operations +Steve Holme (14 Dec 2014) +- asyn-ares: We prefer use of 'CURLcode result' -Marc Hoersken (16 Feb 2014) -- sockfilt.c: add undefs which are required after 6239146e +Marc Hoersken (14 Dec 2014) +- curl_schannel.c: Data may be available before connection shutdown -Steve Holme (16 Feb 2014) -- warnless: Updated copyright year for recent changes +Steve Holme (14 Dec 2014) +- http2: Use 'CURLcode result' for curl result codes -Marc Hoersken (16 Feb 2014) -- warnless: add wrapper function for read and write on Windows +- asyn-thread: We prefer 'CURLcode result' -Steve Holme (16 Feb 2014) -- examples: Added IMAP LSUB example - -- tool_operate: Changed the required argument check/get to be upfront +- smb: Fixed unnecessary initialisation of struct member variables - Rather than check for required arguments, and prompt for any host and - proxy passwords, as each operation is performed, changed the code so - all configurations are checked before any operations are performed. + There is no need to set the 'state' and 'result' member variables to + SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() + as calloc() initialises the contents to zero. + +- ntlm: Fixed return code for bad type-2 Target Info - This allows the user to input all the required passwords, for example, - upfront rather than wait for each operation. + Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security + buffers just like we do for bad decodes. -- tool_operate: Moved required argument getting into separate function +- ntlm: Remove unnecessary casts in readshort_le() + + I don't think both of my fix ups from yesterday were needed to fix the + compilation warning, so remove the one that I think is unnecessary and + let the next Android autobuild prove/disprove it. -Dan Fandrich (15 Feb 2014) -- valgrind: added another test 165 suppression +- curl_ntlm_msgs.c: Another attempt to fix compilation warning - This one is needed with the gcc options -fstack-protector-all -O2 - That brings the number of suppressions for test 165 to four, and I - suspect I could find another two missing without trying very hard. I'm - beginning to think suppressions isn't the best way to handle these - kinds of cases. + curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from + 'int' may alter its value -Marc Hoersken (15 Feb 2014) -- testsuite: more Windows line-endings fixes +Guenter Knauf (13 Dec 2014) +- synctime.c: added own user-agent string. -- test1114: fix line-endings checks on Windows after 75f00de +Steve Holme (13 Dec 2014) +- smb.c: Fixed line longer than 79 columns -- test1113: fix line-endings checks on Windows after 75f00de5 +- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 + + curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from + 'int' may alter its value -- lib1515.c: Added support for Windows using the Sleep function +Guenter Knauf (13 Dec 2014) +- mk-ca-bundle.pl: restored forced run again. -- HTTP tests: use CRLF as header seperator according to RFC 2616 +- synctime.c: removed another timeserver URL. - Updates the test suite to handle binary-mode header output. + worldtimeserver.com seems also no longer available. -- curl: output protocol headers using binary mode +- synctime.c: fixed timeserver URLs. - Since protocol headers contain explicit line-endings there should - be no automatic conversion to ASCII text or CRLF line-endings. - - This might break third party tools that already depend on this - behaviour. We might need to introduce an option to make this optional. + For getting the date header its not necessary to access special + pages or even CGI scripts - all pages including the main index + reply with the date header, therefore shortened URLs to domain. + Removed worldtime.com; added pool.ntp.org. -- HTTP tests: use CRLF as header seperator according to RFC 2616 +Steve Holme (13 Dec 2014) +- ftp.c: Fixed compilation warning when no verbose string support - Changes LF to CRLF and disables automatic output conversion. + ftp.c:819: warning: unused parameter 'lineno' -- testsuite: use binary output mode for custom curl test tools - - Do not try to convert line-endings to CRLF on Windows by setting stdout - to binary mode, just like the curl tool does if --ascii is not specified. +- smb: Added state change functions to assist with debugging - This should prevent corrupted stdout line-ending output like CRCRLF. - - In order to make the previously naive text-aware tests work with - binary mode on Windows, text-mode is disabled for them if it is not - actually part of the test case and line-endings are corrected. + For debugging purposes, and as per other protocols within curl, added + state change functions rather than changing the states directly. + +- ntlm: Use short integer when decoding 16-bit values -- testsuite: changed HTTP and RTSP header line-endings to CRLF +- RELEASE-NOTES: Synced with 6291a16b20 + +- smtp.c: Fixed compilation warnings - According to RFC 2616 and RFC 2326 individual protocol elements, like - headers and except the actual content, are terminated by using CRLF. + smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string - Therefore the test data files for these protocols need to contain - mixed line-endings if the actual protocol elements use CRLF while - the file uses LF. - -Daniel Stenberg (14 Feb 2014) -- [Colin Hogben brought this change] + Used array index notation instead. - curl_easy_setopt.3: Fix word order of CURLOPT_PROXY section +- smb: Disable SMB when 64-bit integers are not supported - The word CURLOPT_PROXYPORT became detached from its sentence when the - note about the default was added. + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64. -Patrick Monnerat (14 Feb 2014) -- OS400: Add new options to RPG binding. +- ntlm: Disable NTLM v2 when 64-bit integers are not supported + + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64 which was introduced in commit + 07b66cbfa4. -Dan Fandrich (14 Feb 2014) -- valgrind: added suppression on optimized code +- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined - gcc 4.7.2 with -O2 will optimize Curl_connect by inlining some - functions two levels deep, which makes the valgrind suppression - fail to match. The underlying reason for these idna suppressions is - a gcc strlen optimization when compiling libidn; compiling it with - -fno-builtin-strlen makes this suppression unnecessary. + Previously USE_NTLM2SESSION would only be defined automatically when + USE_NTRESPONSES wasn't already defined. Separated the two definitions + so that the user can manually set USE_NTRESPONSES themselves but + USE_NTLM2SESSION is defined automatically if they don't define it. -Daniel Stenberg (14 Feb 2014) -- [Arvid Norberg brought this change] +- smtp.c: Fixed line longer than 79 columns - dict: fix memory leak in OOM exit path +- config-win32.h: Don't enable Windows Crypt API if using OpenSSL - Bug: https://github.com/bagder/curl/pull/90 + As the OpenSSL and NSS Crypto engines are prefered by the core NTLM + routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT + automatically when either OpenSSL or NSS are in use - doing so would + disable NTLM2Session responses in NTLM type-3 messages. -- Curl_urldecode: don't allow NULL as receiver +- smtp: Fixed inappropriate free of the scratch buffer + + If the scratch buffer was allocated in a previous call to + Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent + call and no action taken by that call, then an attempt would be made to + try and free the buffer which, by now, would be part of the data->state + structure. - For a function that returns a decoded version of a string, it seems - really strange to allow a NULL pointer to get passed in which then - prevents the decoded data from being returned! + This bug was introduced in commit 4bd860a001. + +- smtp: Fixed dot stuffing when EOL characters were at end of input buffers - This functionality was not documented anywhere either. + Fixed a problem with the CRLF. detection when multiple buffers were + used to upload an email to libcurl and the line ending character(s) + appeared at the end of each buffer. This meant any lines which started + with . would not be escaped into .. and could be interpreted as the end + of transmission string instead. - If anyone would use it that way, that memory would've been leaked. + This only affected libcurl based applications that used a read function + and wasn't reproducible with the curl command-line tool. - Bug: https://github.com/bagder/curl/pull/90 - Reported-by: Arvid Norberg + Bug: http://curl.haxx.se/bug/view.cgi?id=1456 + Assisted-by: Patrick Monnerat -- RELEASE-NOTES: synced with 378af08c992 +Daniel Stenberg (11 Dec 2014) +- telnet: fix "cast increases required alignment of target type" -- ConnectionExists: reusing possible HTTP+NTLM connections better - - Make sure that the special NTLM magic we do is for HTTP+NTLM only since - that's where the authenticated connection is a weird non-standard - paradigm. +- ntlm_wb_response: fix "statement not reached" - Regression brought in 8ae35102c (curl 7.35.0) + ... and I could use a break instead of a goto to end the loop. - Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html - Reported-by: Dan Fandrich + Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html + Reported-by: Tor Arntsen -- [Tiit Pikma brought this change] +Steve Holme (10 Dec 2014) +- RELEASE-NOTES: Synced with 1cc5194337 + + Added some bug fixes that I had missed in previous synchronisations. - transfer: make Expect: 100-continue timeout configurable. +Daniel Stenberg (10 Dec 2014) +- Curl_unix2addr: avoid using the variable name 'sun' - Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the - CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable. + I suspect this causes compile failures on Solaris: + + Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html -- [Thomas Braun brought this change] +Steve Holme (10 Dec 2014) +- url.c: Fixed compilation warning when USE_NTLM is not defined + + url.c:3078: warning: variable 'credentialsMatch' set but not used - Fix compilation with make mingw32 +- parsedate.c: Fixed compilation warning - The source files from lib/vtls where generated in lib instead of lib/vtls. + parsedate.c:548: warning: 'parsed' may be used uninitialized in this + function - Verified-by: Thomas Braun + As curl_getdate() returns -1 when parsedate() fails we can initialise + parsed to -1. -- chunked decoder: track overflows correctly +Daniel Stenberg (10 Dec 2014) +- TODO: Cache negative name resolves - The code didn't properly check the return codes to detect overflows so - it could trigger incorrectly. Like on mingw32. - - Regression introduced in 345891edba (curl 7.35.0) + Worth exploring + +- ldap: check Curl_client_write() return codes - Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html - Reported-by: LM + There might be one or two memory leaks left in the error paths. -- [Fabian Frank brought this change] +- ldap: rename variables to comply to curl standards - curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0 +Dan Fandrich (10 Dec 2014) +- sws.c: Fixed 'rc' may be used uninitialized warning -- [Fabian Frank brought this change] +- cookies: Improved OOM handling in cookies + + This fixes the test 506 torture test. The internal cookie API really + ought to be improved to separate cookie parsing errors (which may be + ignored) with OOM errors (which should be fatal). - openssl: honor --[no-]alpn|npn command line switch +Guenter Knauf (9 Dec 2014) +- synctime.c: fixed user-agent setting. - Disable ALPN or NPN if requested by the user. + Some websites meanwhile refuse to reply to requests from ancient + browsers like IE6, therefore I've comment out this setting, but + also fixed the string to now fake IE8 if someone enables it. -- [Fabian Frank brought this change] +Daniel Stenberg (9 Dec 2014) +- smb: fix unused return code warning - gtls: honor --[no-]alpn command line switch - - Disable ALPN if requested by the user. +Patrick Monnerat (9 Dec 2014) +- Curl_client_write() & al.: chop long data, convert data only once. -Dan Fandrich (11 Feb 2014) -- tests: Disabled broken test 1316 +Guenter Knauf (9 Dec 2014) +- VC build: added sspi define for winssl-zlib builds. + +Daniel Stenberg (9 Dec 2014) +- schannel_recv: return the correct code - See http://curl.haxx.se/mail/lib-2014-02/0004.html for a - discussion on the problem. + Bug: http://curl.haxx.se/bug/view.cgi?id=1462 + Reported-by: Tae Hyoung Ahn + +- http2: avoid logging neg "failure" if h2 was not requested -Daniel Stenberg (11 Feb 2014) -- version: next release will become 7.36.0 +- openldap: do not ignore Curl_client_write() return codes -- curl_easy_setopt.3: add CURLOPT_SSL_ENABLE_ALPN/NPN +- compile: warn on unused return code from Curl_client_write() -Steve Holme (10 Feb 2014) -- tool_cfgable: Moved easy handle cleanup to fix pingpong logout issues +Patrick Monnerat (8 Dec 2014) +- SMB: Fix a data size mismatch that broke SMB on big-endian platforms + +Steve Holme (7 Dec 2014) +- smb: Fixed Windows autoconf builds following commit eb88d778e7 + + As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO + either explicitly through --enable-win32-cypto or automatically on + _WIN32 based platforms, subsequent builds broke with the following + error message: - Commmit c5f8e2f5f4 removed the easy handle clean-up from tool_operate, - letting the code that was already present in free_config_fields() - perform the task. Unfortunately, this wasn't the correct place to do - this as it broke protocols, that would perform a logout, as the main - clean-up in tool_main had already been called. + "Can't compile NTLM support without a crypto library." -Dan Fandrich (10 Feb 2014) -- secureserver: Only set stunnel FIPS option when available +- RELEASE-NOTES: Synced with 526603ff05 + +- [Bill Nagel brought this change] + + smb: Build with SSPI enabled - It seems the fips config option causes an error if FIPS mode was - not enabled at stunnel compile-time. FIPS support was disabled - by default in stunnel 5.00, so this is probably really only needed - on versions between 4.32 and 5.00. + Build SMB/CIFS protocol support when SSPI is enabled. -Daniel Stenberg (10 Feb 2014) -- [Fabian Frank brought this change] +- [Bill Nagel brought this change] - NPN/ALPN: allow disabling via command line + ntlm: Use Windows Crypt API - when using --http2 one can now selectively disable NPN or ALPN with - --no-alpn and --no-npn. for now honored with NSS only. + Allow the use of the Windows Crypt API for NTLMv1 functions. + +Dan Fandrich (7 Dec 2014) +- cookie.c: Refactored cleanup code to simplify - TODO: honor this option with GnuTLS and OpenSSL + Also, fixed the outdated comments on the cookie API. -- [Fabian Frank brought this change] +- get_url_file_name: Fixed crash on OOM on debug build + + This caused a null-pointer dereference which caused a few dozen + torture tests to fail. - nss: use correct preprocessor macro +Steve Holme (6 Dec 2014) +- sws.c: Fixed compilation warning - SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection, - but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a - preprocessor macro. + sws.c:2191 warning: 'rc' may be used uninitialized in this function -Steve Holme (9 Feb 2014) -- tests: Added test for IMAP LSUB command +- ftp.c: Fixed compilation warnings when proxy support disabled + + ftp.c:1827 warning: unused parameter 'newhost' + ftp.c:1827 warning: unused parameter 'newport' -- tests: Removed test 807 as it has been superseded by tests 815 and 816 +- smb: Fixed a problem with large file transfers + + Fixed an issue with the message size calculation where the raw bytes + from the buffer were interpreted as signed values rather than unsigned + values. + + Reported-by: Gisle Vanem + Assisted-by: Bill Nagel -- tests: Updated the titles of tests 815 and 816 +- smb: Moved the URL decoding into a separate function -Daniel Stenberg (9 Feb 2014) -- tool_metalink: fix compiler warning when built without metalink +- smb: Fixed URL encoded URLs not working -Steve Holme (9 Feb 2014) -- tool_operate: Move the trace and error file closure to tool_cfgable +- Makefile.inc: Added our standard header and updated file formatting -- TODO: Removed url-specific options +- Makefile.inc: Updated file formatting + + Aligned continuation character and used space as the separator + character as per other makefile files. -- tests: Re-enabled IMAP tests that require URL specific option support +- curl_md4.h: Updated copyright year following recent edit + + ...and minor layout adjustment. -- RELEASE-NOTES: Synced with 8e62f7a6503a +Patrick Monnerat (5 Dec 2014) +- SMB: Fix big endian problems. Make it OS/400 aware. -Marc Hoersken (9 Feb 2014) -- secureserver: FIPS option is only supported since stunnel 5.00 +- OS400: enable NTLM authentication -Steve Holme (9 Feb 2014) -- tool_operate: Added support for performing URL specific operations +Steve Holme (5 Dec 2014) +- multi.c: Fixed compilation warning + + multi.c:2695: warning: declaration of `exp' shadows a global declaration -- tool_operate: Let curl handle cleanup take place in config_free() +Guenter Knauf (5 Dec 2014) +- build: updated dependencies in makefiles. -Dan Fandrich (9 Feb 2014) -- formdata: Must use Curl_safefree instead of free +Steve Holme (5 Dec 2014) +- sasl: Corrected formatting of function descriptions -Daniel Stenberg (8 Feb 2014) -- test96: updated according to recent changes +- sasl_gssapi: Added missing function description -- runtests: allow to remove lines +- RELEASE-NOTES: Provided better descriptions - For verify file, if the strippart condition removes the line completely - it is now removed from the array. + As it is often difficult to choose the best description for a single + feature when it spans many commits, updated the descriptions for the + recent SMB/CIFS protocol and GSS-API additions. -Steve Holme (8 Feb 2014) -- tool_getparam: Added support for parsing of specific URL options +- sasl_sspi: Corrected some typos -Dan Fandrich (8 Feb 2014) -- secureserver: Disable FIPS mode for stunnel +- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data - It's unnecessary for curl testing, and it can otherwise cause - stunnel to fail to start if OpenSSL doesn't support FIPS mode. + Don't use a hard coded size of 4 for the security layer and buffer size + in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as + we have done in the sasl_gssapi module. -- formdata: Fixed memory leak on OOM condition - -- runtests: Disable valgrind when debugging +- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it - This was already mostly being done, except that analysis after the - test still assumed that the valgrind log files would be available. An - alternative way to handle the valgrind + gdb combination could be to - enable one of the valgrind debugger hooks. + Reduced the amount of free's required for the decoded challenge message + in Curl_sasl_create_gssapi_security_message() as a result of coding it + differently in the sasl_gssapi module. -Steve Holme (7 Feb 2014) -- tool_cfgable: For consistency renamed init_config() to config_init() +- gssapi: Corrected typo in comments -- tool_cfgable: Introduced config_free() function +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() -Daniel Stenberg (7 Feb 2014) -- --help: add missing --tlsv1.x options +Daniel Stenberg (4 Dec 2014) +- [Stefan Bühler brought this change] -Steve Holme (7 Feb 2014) -- lib1515.c: Fixed various compilation warnings + http_perhapsrewind: don't abort CONNECT requests - lib1515.c:38:26 warning: unused parameter 'curl' - lib1515.c:38:81 warning: unused parameter 'ptr' - lib1515.c:38:5 warning: no previous prototype for 'debug_callback' - lib1515.c:46:5 warning: no previous prototype for 'do_one_request' - lib1515.c:120:3 warning: ISO C90 forbids mixed declarations and code + ...they never have a body + +- [Stefan Bühler brought this change] + + HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request - As well as some code policing such as white space and braces. + Sending NTLM/Negotiate header again after successful authentication + breaks the connection with certain Proxies and request types (POST to MS + Forefront). + +- [Stefan Bühler brought this change] -Daniel Stenberg (7 Feb 2014) -- http2: updated README after NSS addition + HTTP: don't abort connections with pending Negotiate authentication - Changed the support to a little matrix and added brief explanation of - what ALPN and NPN are for. + ... similarly to how NTLM works as Negotiate is in fact often NTLM with + another name. -- nss: support pre-ALPN versions +- [Stefan Bühler brought this change] -- [Fabian Frank brought this change] + fix gdb libtool invocation path - nss: ALPN and NPN support - - Add ALPN and NPN support for NSS. This allows cURL to negotiate - HTTP/2.0 connections when built with NSS. +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing include from commit d3cca934ee -- formpost: use semicolon in multipart/mixed - - Not comma, which is an inconsistency and a mistake probably inherited - from the examples section of RFC1867. - - This bug has been present since the day curl started to support - multipart formposts, back in the 90s. +Daniel Stenberg (4 Dec 2014) +- [Jay Satiro brought this change] + + examples: remove sony.com from 10-at-a-time - Reported-by: Rob Davies - Bug: http://curl.haxx.se/bug/view.cgi?id=1333 + Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR + for the sony website because it ends the connection when the request is + missing a user agent. -Dan Fandrich (6 Feb 2014) -- tests: Document use of the MEMDEBUG_LOG_SYNC macro +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing decoding debug failure message -- ssh: Fixed a NULL pointer dereference on OOM condition +- sasl_gssapi: Fixed honouring of no mutual authentication -Steve Holme (6 Feb 2014) -- nss: Updated copyright year for recent edits +- sasl_sspi: Added more Kerberos V5 decoding debug failure messages -Daniel Stenberg (6 Feb 2014) -- [Remi Gacogne brought this change] +Daniel Stenberg (4 Dec 2014) +- [Anthon Pang brought this change] - 100-continue: fix timeout condition + docs: Fix FAILONERROR typos - When using the multi socket interface, libcurl calls the - curl_multi_timer_callback asking to be woken up after - CURL_TIMEOUT_EXPECT_100 milliseconds. + It returns error for >= 400 HTTP responses. - After the timeout has expired, calling curl_multi_socket_action with - CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired - timeouts. When handling the 100-continue one, the following check in - Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds - passed since the timeout has been set! + Bug: https://github.com/bagder/curl/pull/129 + +- [Peter Wu brought this change] + + tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output - It seems logical to consider that having waited for exactly - CURL_TIMEOUT_EXPECT_100 ms is enough. + Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as + option in the file generated by --libcurl. - Bug: http://curl.haxx.se/bug/view.cgi?id=1334 + Signed-off-by: Peter Wu -- [Fabian Frank brought this change] +- [Peter Wu brought this change] - nss: prefer highest available TLS version + opts: fix CURLOPT_UNIX_SOCKET_PATH formatting + + Add .nf and .fi such that the code gets wrapped in a pre on the web. + Fixed grammar, fixed formatting of the "See also" items. - Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 - if --tlsv1[.N] was not specified on the command line. + Signed-off-by: Peter Wu -- [Romulo A. Ceccon brought this change] +Patrick Monnerat (4 Dec 2014) +- OS400: enable Unix sockets. - tests: add test for bug #1327 (dns cache timeout) - - Fix for bug #1303 (030a2b8cb) was not complete. - libcurl still pruned DNS entries added manually - after detecting a dead connection. This test - checks such behavior. +Daniel Stenberg (3 Dec 2014) +- RELEASE-NOTES: synced with b216427e73b5e9 -- [Romulo A. Ceccon brought this change] +- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am - tests: add test for bug #1303 (dns cache timeout) +- updateconninfo: clear destination struct before getsockname() - Test-case 1515 reproduces bug #1303, where libcurl - would incorrectly prune DNS entries added via - CURLOPT_RESOLVE after the DNS_CACHE_TIMEOUT had - expired. + Otherwise we may read uninitialized bytes later in the unix-domain + sockets case. -- http2: spell fixed README and added version requirement +- curl.1: added --unix-socket -Steve Holme (6 Feb 2014) -- tool_operate: Removed unused argument parameters from operate_do() +- [Peter Wu brought this change] -- tool_operate: Moved list SSL engines code into operate() + tool: add --unix-socket option + + Signed-off-by: Peter Wu -- tool_operate: Moved argument parsing into operate() +- [Peter Wu brought this change] -Daniel Stenberg (5 Feb 2014) -- runtests: add suppression generator help + libcurl: add UNIX domain sockets support - Leave the valgrind --gen-suppressions option in there, commented, to - make it easier for next update. - -- valgrind: updated suppressions file + The ability to do HTTP requests over a UNIX domain socket has been + requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a + discussion happened, no patch seems to get through. I decided to give it + a go since I need to test a nginx HTTP server which listens on a UNIX + domain socket. - The call stack was modified in 2dc7ad23 so the supressions didn't work - anymore. + One patch [3] seems to make it possible to use the + CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. + Another person wrote a Go program which can do HTTP over a UNIX socket + for Docker[4] which uses a special URL scheme (though the name contains + cURL, it has no relation to the cURL library). + + This patch considers support for UNIX domain sockets at the same level + as HTTP proxies / IPv6, it acts as an intermediate socket provider and + not as a separate protocol. Since this feature affects network + operations, a new feature flag was added ("unix-sockets") with a + corresponding CURL_VERSION_UNIX_SOCKETS macro. + + A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This + option enables UNIX domain sockets support for all requests on the + handle (replacing IP sockets and skipping proxies). + + A new configure option (--enable-unix-sockets) and CMake option + (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I + deliberately did not mark this feature as advanced, this is a + feature/component that should easily be available. + + [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html + [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ + [2]: http://sourceforge.net/p/curl/feature-requests/53/ + [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html + [4]: https://github.com/Soulou/curl-unix-socket + + Signed-off-by: Peter Wu + +- [Peter Wu brought this change] -- runtests: detect 'ares' better + tests: add two HTTP over UNIX socket tests - ... caused false detections of the threaded resolver otherwise + test1435: a simple test that checks whether a HTTP request can be + performed over the UNIX socket. The hostname/port are interpreted + by sws and should be ignored by cURL. + + test1436: test for the ability to do two requests to the same host, + interleaved with one to a different hostname. + + Signed-off-by: Peter Wu -Steve Holme (5 Feb 2014) -- tool_operate: Moved .curlrc parsing code into operate() +- [Peter Wu brought this change] + + tests: add HTTP UNIX socket server testing support + + The variable `$ipvnum` can now contain "unix" besides the integers 4 + and 6 since the variable. Functions which receive this parameter + have their `$port` parameter renamed to `$port_or_path` to support a + path to the UNIX domain socket (as a "port" is only meaningful for TCP). + + Signed-off-by: Peter Wu -- tool_operate: Moved locale setup code into operate_init() +- [Peter Wu brought this change] -Daniel Stenberg (5 Feb 2014) -- http2: minor update of the README + sws: try to remove socket and retry bind + + If sws is killed it might leave a stale socket file on the filesystem + which would cause an EADDRINUSE error. After this patch, it is checked + whether the socket is really stale and if so, the socket file gets + removed and another bind is executed. + + Signed-off-by: Peter Wu -- [Fabian Frank brought this change] +- [Peter Wu brought this change] - http2: rely on content-encoding header + sws: add UNIX domain socket support + + This extends sws with a --unix-socket option which causes the port to + be ignored (as the server now listens on the path specified by + --unix-socket). This feature will be available in the following patch + that enables checking for UNIX domain socket support. - A server might respond with a content-encoding header and a response - that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the - client did not send an accept-encoding header earlier. The server might - not send a content-encoding header if the identity encoding was used to - encode the response. + Proxy support (CONNECT) is not considered nor tested. It does not make + sense anyway, first connecting through a TCP proxy, then let that TCP + proxy connect to a UNIX socket. - See: - http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3 + Signed-off-by: Peter Wu -Dan Fandrich (4 Feb 2014) -- tool_operate: shortened too-long source line +- [Peter Wu brought this change] -Steve Holme (4 Feb 2014) -- tool_operate: Introduced operate_free() function + sws: restrict TCP_NODELAY to IP sockets + + TCP_NODELAY does not make sense for Unix sockets, so enable it only if + the socket is using IP. + + Signed-off-by: Peter Wu -- tool_operate: Introduced operate_init() function +Dan Fandrich (3 Dec 2014) +- [Dave Reisner brought this change] -- tool_operate: Introduced new operate() function + curl.1: fix trivial typo -Daniel Stenberg (4 Feb 2014) -- http2: enforce gzip auto-decompress - - As this is mandated by the http2 spec draft-09 +Steve Holme (3 Dec 2014) +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() -- [Tatsuhiro Tsujikawa brought this change] +- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() - http2: handle incoming data larger than remaining buffer +- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function + + Added helper function for returning a GSS-API compatible SPN. -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (3 Dec 2014) +- NSS: enable the CAPATH option + + Bug: http://curl.haxx.se/bug/view.cgi?id=1457 + Patch-by: Tomasz Kojm - http2: Check stream ID we are interested in +Steve Holme (3 Dec 2014) +- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds -- [Tatsuhiro Tsujikawa brought this change] +- sasl_gssapi: Added GSS-API based Kerberos V5 variables - http2: store response header in temporary buffer +- sws.c: Fixed compilation warning when IPv6 is disabled + + sws.c:69: warning: comma at end of enumerator list -- [Tatsuhiro Tsujikawa brought this change] +- sasl_gssapi: Made log_gss_error() a common GSS-API function + + Made log_gss_error() a common function so that it can be used in both + the http_negotiate code as well as the curl_sasl_gssapi code. - HTTP2: add layer between existing http and socket(TLS) layer +- sasl_gssapi: Introduced GSS-API based SASL module - This patch chooses different approach to integrate HTTP2 into HTTP curl - stack. The idea is that we insert HTTP2 layer between HTTP code and - socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade), - we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the - original callbacks in http_conn struct. When sending serialized data by - nghttp2, we use original Curl_send callback. Likewise, when reading data - from network, we use original Curl_recv callback. In this way we can - treat both TLS and non-TLS connections. + Added the initial version of curl_sasl_gssapi.c and updated the project + files in preparation for adding GSS-API based Kerberos V5 support. + +- smb: Don't try to connect with empty credentials - With this patch, one can transfer contents from https://twitter.com and - from nghttp2 test server in plain HTTP as well. + On some platforms curl would crash if no credentials were used. As such + added detection of such a use case to prevent this from happening. - The code still has rough edges. The notable one is I could not figure - out how to call nghttp2_session_send() when underlying socket is - writable. + Reported-by: Gisle Vanem + +- smb.c: Coding policing of pointer usage + +- configure: Fixed inclusion of SMB when no crypto engines available + +Guenter Knauf (1 Dec 2014) +- build: in Makefile.m32 simplified autodetection. -- [Fabian Frank brought this change] +Daniel Stenberg (30 Nov 2014) +- [Peter Wu brought this change] - gtls: add ALPN support + sws: move away from IPv4/IPv4-only assumption - Add ALPN support when using GnuTLS >= 3.2.0. This allows - libcurl to negotiate HTTP/2.0 for https connections when - built with GnuTLS. + Instead of depending the socket domain type on use_ipv6, specify the + domain type (AF_INET / AF_INET6) as variable. An enum is used here with + switch to avoid compiler warnings in connect_to, complaining that rc + is possibly undefined (which is not possible as socket_domain is + always set). - See: - http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029 - http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 - -Steve Holme (3 Feb 2014) -- tool_operate: Moved libcurl information gathering to tool_main + Besides abstracting the socket type, make the debugging messages be + independent on IP (introduce location_str which points to "port XXXXX"). + Rename "ipv_inuse" to "socket_type" and tighten the scope (main). + + Signed-off-by: Peter Wu -Daniel Stenberg (3 Feb 2014) -- [Fabian Frank brought this change] +- [Peter Wu brought this change] - openssl: add ALPN support + lib/connect: restrict IP/TCP options to said sockets - Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the - server, who can respond with either one or none of the two. OpenSSL >= - 1.0.2 is required, which means as of today obtaining a snapshot from - ftp://ftp.openssl.org/snapshot/. + This patch prepares for adding UNIX domain sockets support. - See: - http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 - https://github.com/openssl/openssl/blob/ba168244a14bbd056e502d7daa04cae4aabe9d0d/ssl/ssl_lib.c#L1787 + TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not + apply these to other socket types. bindlocal only works for IP sockets + (independent of TCP/UDP), so filter that out too for other types. + + Signed-off-by: Peter Wu -Steve Holme (3 Feb 2014) -- tool_operate: Moved command line argument parsing into separate function +- smb.c: use size_t as input argument types for msg sizes + + This fixes warnings about conversions to int -- tool_operate: Simplified parse .curlrc decision logic +Steve Holme (30 Nov 2014) +- version: The next release will become 7.40.0 -- tool_operate: Moved main initialisation and cleanup code into tool_main +- [Bill Nagel brought this change] -- tool_main: Fixed compilation warning from commit 0104678c79 + docs: Updated for the SMB protocol - no previous prototype for function 'memory_tracking_init' + This patch updates the documentation for the SMB/CIFS protocol. -- tool_main: Changed stack based config struct to be heap based +- curl tool: Exclude SMB from the protocol redirect + + As local files could be accessed through \\localhost\c$. -Dan Fandrich (3 Feb 2014) -- tests: Moved some comments so the test data files parse as XML +- [Bill Nagel brought this change] -Steve Holme (2 Feb 2014) -- tool_operate: Moved memory tracking initialisation into tool_main + curl tool: Enable support for the SMB protocol + + This patch enables SMB/CIFS support in the curl command-line tool. -- tests: Fixed test172 cookie expiry +- smb.c: Fixed compilation warnings - The test contains a cookie jar file where one of the cookies has an - expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has - now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test - 179. + smb.c:398: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' + smb.c:443: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' + +- libcurl: Exclude SMB from the protocol redirect - Reported-by: Adam Sampson - Bug: http://curl.haxx.se/bug/view.cgi?id=1330 + As local files could be accessed through \\localhost\c$. -- tool_operate: Moved initial config setup into new init_config() function +- [Bill Nagel brought this change] -- tool_main: Moved config struct initialisation into a separate function + libcurl: Enable support for the SMB protocol - In preparation for adding URL specific options moved the initialisation - of the Configurable structure into a separate function in tool_cfgable. + This patch enables SMB/CIFS support in libcurl. -Marc Hoersken (1 Feb 2014) -- test 500: workaround low timer resolution on Windows +- smb.c: Fixed compilation warnings - Since the timer resolution is lower, there are actually cases that - the compared values are equal. Therefore we check for previous - timestamps being greater than the current one instead. + smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:482: warning: conversion to 'short unsigned int' from 'int' may + alter its value + smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:550: warning: conversion to 'short unsigned int' from 'int' may + alter its value -- test suite: stop conversion of valid output to CRLF on Windows +- smb.c: Renamed SMB command message variables to avoid compiler warnings - Since the output isn't actually being written in text-mode and it - was rather used as a workaround, disable text-mode for these tests. + smb.c:489: warning: declaration of 'close' shadows a global declaration + smb.c:511: warning: declaration of 'read' shadows a global declaration + smb.c:528: warning: declaration of 'write' shadows a global declaration -- HTTP tests: use CRLF as header seperator according to RFC 2616 +- smb.c: Fixed compilation warnings + + smb.c:212: warning: unused parameter 'done' + smb.c:380: warning: ISO C does not allow extra ';' outside of a function + smb.c:812: warning: unused parameter 'premature' + smb.c:822: warning: unused parameter 'dead' -- FTP tests: enable text-mode for more datacheck sections +- smb.c: Fixed compilation warnings + + smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short', + possible loss of data + smb.c:425: warning: conversion from '__int64' to 'unsigned short', + possible loss of data + smb.c:452: warning: conversion from '__int64' to 'unsigned short', + possible loss of data -- FTP tests: enable text-mode for data and datacheck sections +- smb.c: Fixed compilation warnings + + smb.c:162: error: comma at end of enumerator list + smb.c:469: warning: conversion from 'size_t' to 'unsigned short', + possible loss of data + smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data + smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data -- runtests.pl: added support for text-mode within datacheck section +- [Bill Nagel brought this change] -- ftpserver.pl: directory LISTings use [CR][LF] for ASCII transfer + smb: Added initial SMB functionality - According to section 2.2 of RFC959 the End-of-Line is defined as: - The end-of-line sequence defines the separation of printing - lines. The sequence is Carriage Return, followed by Line Feed. + Initial implementation of the SMB/CIFS protocol. + +- [Bill Nagel brought this change] + + smb: Added SMB handler interfaces - Verified by sniffing traffic between a Windows FTP client (FileZilla) - and Unix-hosted FTP server (ProFTPD). + Added the SMB and SMBS handler interface structures and associated + functions required for SMB/CIFS operation. -- runtests.pl: reverse line-ending conversion on Windows +- transfer: Code style policing - It makes more sense to convert the expected output to [CR][LF] on - Windows than to force the actual, probably correct, output to [LF]. + Prefer ! rather than NULL in if statements, added comments and updated + function spacing, argument spacing and line spacing to be more readble. + +- transfer: Fixed existing scratch buffer being checked for NULL twice - This way it is actually possible to see if curl outputs the correct - line-ending excepted by a text-aware test case. + If the scratch buffer already existed when the CRLF conversion was + performed then the buffer pointer would be checked twice for NULL. This + second check is only necessary if the call to malloc() was performed by + the first check. -- winssl: improved default SSL/TLS protocol selection +- smtp: Fixed dot stuffing being performed when no new data read - For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 - if it is not explicitly enabled within grbitEnabledProtocols. + Whilst I had moved the dot stuffing code from being performed before + CRLF conversion takes place to after it, in commit 4bd860a001, I had + moved it outside the 'when something read' block of code when meant + it could perform the dot stuffing twice on partial send if nread + happened to contain the right values. It also meant the function could + potentially read past the end of buffer. This was highlighted by the + following warning: - More information can be found on MSDN: - http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx - -Steve Holme (31 Jan 2014) -- INSTALL: Corrected mentioned version number as release 7.34.1 became 7.35.0 + warning: `nread' might be used uninitialized in this function -- RELEASE-NOTES: Synced with 0f213fdca1 - -Dan Fandrich (31 Jan 2014) -- pipeline: Fixed a NULL pointer dereference on OOM +Daniel Stenberg (29 Nov 2014) +- smb.h: fixed picky compiler warning + + smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic] -- tests: make the authorization retry tests pass the torture tests +Steve Holme (29 Nov 2014) +- tests: Disable test 1013 until SMB is fully added -- ftp: fixed a memory leak on wildcard error path +- [Bill Nagel brought this change] -- netrc: Fixed a memory leak in an OOM condition + smb: Added SMB protocol and port definitions + + Added the necessary protocol and port definitions in order to support + SMB/CIFS. -Steve Holme (30 Jan 2014) -- ntlm: Fixed a memory leak when using NTLM with a proxy server +- [Bill Nagel brought this change] -- tests: Missed updating a type-3 message in commit 1c9aaa0bac + smb: Added internal SMB definitions and structures + + Added the internal definitions and structures necessary for SMB/CIFS + support. -Daniel Stenberg (30 Jan 2014) -- http2: fix size check in on_data_chunk_recv +- [Bill Nagel brought this change] -- http2: add CRLF when first data arrives + smb: Added SMB connection structure + + Added the connection structure that will be required in urldata.h for + SMB/CIFS based connections. -Steve Holme (30 Jan 2014) -- tests: Updated NTLM tests for NTLMv2 type-3 message +- [Bill Nagel brought this change] -Daniel Stenberg (30 Jan 2014) -- [Tatsuhiro Tsujikawa brought this change] + smb: Added initial source files for SMB + + Added the initial source files and updated the relevant project files in + order to support SMB/CIFS. - http2_recv: Return written length on CURLE_AGAIN +- [Bill Nagel brought this change] -- [Tatsuhiro Tsujikawa brought this change] + smb: Added configuration options for SMB + + Added --enable-smb and --disable-smb configuration options for the + upcoming SMB/CIFS protocol support. - http2: Use nghttp2_session_mem_recv and nghttp2_session_upgrade +Daniel Stenberg (28 Nov 2014) +- [Peter Wu brought this change] -- http2: call it "HTTP 2" and not 2.0 + runtests.pl: fix startup of IPv6 servers + + Commit curl-7_23_1-143-g8218064 changed the parameter of + responsive_http_server to accept types other than IPv6 (converting + from a boolean to a string), but only considered the lower-case "ipv6" + and not the "IPv6" variant. This caused all servers to start in IPv4 + mode instead. - The minor version will be dropped for HTTP 2 so it will make sense to - avoid using it in option names etc. + This patch converts the remaining cases to "ipv6". While not strictly + necessary for the run*server variants, these got also converted for + consistency and to prevent future errors. + + Signed-off-by: Peter Wu -- http2: basic version of receiving DATA +- [Peter Wu brought this change] -- http2: convert HEADER frames to HTTP1-like headers + runtests.pl: fix warning message, remove duplicate value - ... and then go through the "normal" HTTP engine. - -- http2: fix EWOULDBLOCK in recv_callback() + Signed-off-by: Peter Wu -- http2: do the POST Upgrade dance properly +Steve Holme (27 Nov 2014) +- http.c: Fixed compilation warnings from features being disabled + + warning: unused variable 'data' + warning: variable 'addcookies' set but not used + + ...and some very minor coding style policing. -Steve Holme (30 Jan 2014) -- ntlm: Use static client nonce for the test suite +- RELEASE-NOTES: Synced with c5399c827d -Daniel Stenberg (30 Jan 2014) -- http2.h: provide empty macros for non-http2 builds +- tests: Added SMTP with --crlf test case -- [Fabian Frank brought this change] +- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion - http2: switch into http2 mode if NPN indicates +- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob() - Check the NPN result before preparing an HTTP request and switch into - HTTP/2.0 mode if necessary. This is a work in progress, the actual code - to prepare and send the request using nghttp2 is still missing from - Curl_http2_send_request(). + ...and some comment typos! -- http2: s/Curl_http2_request/Curl_http2_request_upgrade +- smtp: Added support for the conversion of Unix newlines during mail send - To better reflect its purpose - -- http2-openssl: verify that NPN functionality is present + Added support for the automatic conversion of Unix newlines to CRLF + during mail uploads. + + Feature: http://curl.haxx.se/bug/view.cgi?id=1456 -- [Fabian Frank brought this change] +- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols - openssl: set up hooks with to perform NPN +Daniel Stenberg (25 Nov 2014) +- curl*3: added small examples - NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0 - connections. It is expected to be replaced by ALPN in the future. If - HTTP/2.0 is negotiated, this is indicated for the entire connection and - http.c is expected to initialize itself for HTTP/2.0 instead of - HTTP/1.1. - - see: - http://technotes.googlecode.com/git/nextprotoneg.html - http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 + and some minor edits -- http2: added stubs for all nghttp2 callbacks +- libcurl.3: fix formatting - This makes it easier to trace what's happening. + refer to functions with the man page section properly -- http2: use FIRSTSOCKET instead of 0 to index the sockets array +- man pages: SEE ALSO curl_multi_wait -- http2: receive and log the received header frames +- curl_multi_wait.3: clarify numfds being used if not NULL -- http2_recv: log nghttp2 return codes for debugging purposes +- multi-single.c: switch to use curl_multi_wait + + Makes the example much easier and straight-forward! -- HTTP2: reject nghttp2 versions before 0.3.0 +- testcurl: bump the version of this script! -- [Gisle Vanem brought this change] +- testcurl: skip reading the setup file if given enough cmdline info + + This makes it much easier to run multiple tests in the same directory, + just altering the command lines used. - http2: adjusted to newer nghttp2_session_callbacks struct +- select.c: fix compilation for VxWorks - the number of elements in the 'nghttp2_session_callbacks' structure is - now reduced by 2 in version 0.3.0 (I'm not sure when the change - happened, but checking for ver 0.3.0 work for me). + Reported-by: Brian + Bug: http://curl.haxx.se/bug/view.cgi?id=1455 -- [Gisle Vanem brought this change] +Patrick Monnerat (24 Nov 2014) +- [moparisthebest brought this change] + + SSL: Add PEM format support for public key pinning - HTTP2: Wrong NgHTTP2 user-data +Kamil Dudka (24 Nov 2014) +- Revert "repository: ignore patch files generated by git" - Something is wrong in 'userp' for the HTTP2 recv_callback(). The - session is created using bogus user-data; '&conn' and not 'conn'. + This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61. - I noticed this since the socket-value in Curl_read_plain() was set to a - impossible high value. + Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738 -- NTLM: error: conversion to 'int' from 'long int' may alter its value +Steve Holme (23 Nov 2014) +- multi.c: Fixed compilation warnings when no verbose string support - Fixed two compiler nits + warning: variable 'connection_id' set but not used + warning: unused parameter 'lineno' -Steve Holme (29 Jan 2014) -- ntlm: Coding style policing dating back to 2011 +- RELEASE-NOTES: Synced with 1450712e76 -- ntlm: Use a timestamp of 01/01/1970 for the test suite +- sasl: Tidied up some parameter comments -- ntlm: Updated Curl_ntlm_core_mk_ntlmv2_resp() to use local variables - - ...until the function is successful when it returns them in the out - parameters. +- sasl: Reduced the need for two sets of NTLM functions + +- ntlm: Moved NSS initialisation to base decode function -- ntlm: Added cross platform support for writing NTLMv2 timestamp in buffer +- http_ntlm: Fixed additional NSS initialisation call when decoding type-2 - Added conversion functions write32_le() and write64_le() to ensure the - NTLMv2 timestamp is always written in little-endian. + After commit 48d19acb7c the HTTP code would call Curl_nss_force_init() + twice when decoding a NTLM type-2 message, once directly and the other + through the call to Curl_sasl_decode_ntlm_type2_message(). -- [Prash Dush brought this change] +- ntlm: Fixed static'ness of local decode function - ntlm: Added support for NTLMv2 +- ntlm: Corrected some parameter names and comments -Kamil Dudka (29 Jan 2014) -- nss: do not use the NSS_ENABLE_ECC define +- runtests.pl: Re-aligned feature support comments + +- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature - It is not provided by NSS public headers. + In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto + feature. - Bug: https://bugzilla.redhat.com/1058776 + ...and converted tab characters, from commit 4b4e8a5853, to spaces. -- nss: do not fail if NSS does not implement a cipher - - ... that the user does not ask for +- runtests.pl: Added support for SPNEGO -Daniel Stenberg (29 Jan 2014) -- http2: switch recv/send functions to http2 ones after 101 +- runtests.pl: Added Kerberos detection + +- runtests.pl: Added GSS-API detection + +- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list + +- FILEFORMAT: Added test requires feature not present information + + Such as !SSPI as we do for the NTLM and Digest tests. -- http2: handle 101 responses and switch to HTTP2 +Daniel Stenberg (20 Nov 2014) +- http.c: log if it notices HTTP 1.1 after a upgrade to http2 -- examples: gitignore more binaries +- test1801: first real http2 test case -- bump: start working on 7.35.1 +- sws: initial tiny steps toward http2 support -- THANKS: 19 new contributors from the 7.35.0 release notes +- FILEFORMAT: mention the new upgrade support -Version 7.35.0 (29 Jan 2014) +- test1800: first plain-text http2 test case + + Verifies the upgrade request, but gets a plain 1.1 response -Daniel Stenberg (29 Jan 2014) -- RELEASE-NOTES: done for 7.35.0 +- [Tatsuhiro Tsujikawa brought this change] -Dan Fandrich (29 Jan 2014) -- tests: make a few lib15?? tests pass the OOM torture tests + http: Disable pipelining for HTTP/2 and upgraded connections + + This commit disables pipelining for HTTP/2 or upgraded connections. For + HTTP/2, we do not support multiplexing. In general, requests cannot be + pipelined in an upgraded connection, since it is now different protocol. -- lib1900: make the test pass the OOM torture tests +- [Brad Harder brought this change] -- oauth2: Fixed a memory leak in an OOM condition + CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option -- unit1304: make the test pass the OOM torture tests +Steve Holme (19 Nov 2014) +- multi-uv.c: Updated for curl coding standards -- unit1396: make the test pass the OOM torture tests +- conncache: Fixed specifiers in infof() for long and size_t variables -Daniel Stenberg (28 Jan 2014) -- [Romulo A. Ceccon brought this change] +- [Peter Wu brought this change] - hostip: don't remove DNS entries that are in use + cmake: add Kerberos to the supported features - hostcache_timestamp_remove() should remove old *unused* entries from the - host cache, but it never checked whether the entry was actually in - use. This complements commit 030a2b8cb. + Updated following commit eda919f and a4b7f71. - Bug: http://curl.haxx.se/bug/view.cgi?id=1327 + Acked-by: Brad King + Signed-off-by: Peter Wu -Dan Fandrich (28 Jan 2014) -- RELEASE-NOTES: changed encoding to UTF-8 like previous releases +- [Peter Wu brought this change] -Daniel Stenberg (28 Jan 2014) -- TFTP: fix crash on time-out + cmake: fix NTLM detection when CURL_DISABLE_HTTP defined - tftp_done() can get called with its TFTP state pointer still being NULL - on an early time-out, which caused a segfault when dereferenced. + Updated following changes in commit f0d860d. - Reported-by: Glenn Sheridan - Bug: http://curl.haxx.se/mail/lib-2014-01/0246.html + Acked-by: Brad King + Signed-off-by: Peter Wu -Steve Holme (28 Jan 2014) -- RELEASE-NOTES: Synced with 5a47062cada9 +Daniel Stenberg (19 Nov 2014) +- RELEASE-NOTES: synced with cb13fad733e -Daniel Stenberg (28 Jan 2014) -- [Maks Naumov brought this change] +- [Jay Satiro brought this change] - getpass: fix password parsing from console - - Incorrect password if use backspace while entered the password. + examples: Wait recommended 100ms when no file descriptors are ready - Regression from f7bfdbabf2d5398f4c266eabb0992a04af661f22 + Prior to this change when no file descriptors were ready on platforms + other than Windows the multi examples would sleep whatever was in + timeout, which may or may not have been less than the minimum + recommended value [1] of 100ms. - The '?:' operator has lower priority than the '-' operator + [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html -Dan Fandrich (26 Jan 2014) -- docs/INSTALL: Updated example minimal binary sizes +- [Waldek Kozba brought this change] -Marc Hoersken (26 Jan 2014) -- testsuite: visualize line-endings in output comparison diffs + multi-uv.c: close the file handle after download -- sockfilt.c: follow up cleanup commit on 49b63cf3 +- [Jon Spencer brought this change] -- http-pipe tests: use text as output data mode to support Windows - -- sockfilt.c: fixed and simplified Windows select function - - Since the previous complex select function with initial support for - non-socket file descriptors, did not actually work correctly for - Console handles, this change simplifies the whole procedure by using - an internal waiting thread for the stdin console handle. - - The previous implementation made it continuously trigger for the stdin - handle if it was being redirected to a parent process instead of - an actual Console input window. - - This approach supports actual Console input handles as well as - anonymous Pipe handles which are used during input redirection. + multi: inform about closed sockets before they are closed - It depends on the fact that ReadFile supports trying to read zero bytes - which makes it wait for the handle to become ready for reading. + When the connection code decides to close a socket it informs the multi + system via the Curl_multi_closed function. The multi system may, in + turn, invoke the CURLMOPT_SOCKETFUNCTION function with + CURL_POLL_REMOVE. This happens after the socket has already been + closed. Reorder the code so that CURL_POLL_REMOVE is called before the + socket is closed. -- http_pipe.py: replaced epoll with select to support Windows +Guenter Knauf (19 Nov 2014) +- build: in Makefile.m32 moved target autodetection. - Removed Unix-specific functionality in order to support Windows: - - select.epoll replaced with select.select - - SocketServer.ForkingMixIn replaced with SocketServer.ForkingMixIn - - socket.MSG_DONTWAIT replaced with socket.setblocking(False) - - Even though epoll has a better performance and improved socket handling - than select, this change should not affect the actual test case. - -Dan Fandrich (25 Jan 2014) -- tests: Added missing HTTP proxy keywords + Moved target autodetection block after defining CC macro. -- tests: added missing http to a number of tests +- build: in Makefile.m32 simplify platform flags. -- tests: Added a keyword for tests depending on internal info logs +- build: in Makefile.m32 try to detect 64bit target. -- runtests: Don't log command every torture iteration in verbose +Daniel Stenberg (19 Nov 2014) +- [Brad King brought this change] -- tests: Added missing http feature to tests 509 & 1513 - -- netrc: Fixed a memory and file descriptor leak on OOM + CMake: Simplify if() conditions on check result variables + + Remove use of an old hack that takes advantage of the auto-dereference + behavior of the if() command to detect if a variable is defined. The + hack has the form: + + if("${VAR} MATCHES "^${VAR}$") + + where "${VAR}" is a macro argument reference. Use if(DEFINED) instead. + This also avoids warnings for CMake Policy CMP0054 in CMake 3.1. -- test1514: Used the macros for host and port number +- TODO-RELEASE: removed -- multi: Fixed a memory leak on OOM condition +- [Carlo Wood brought this change] -Daniel Stenberg (23 Jan 2014) -- curl_easy_setopt.3: remove what auth types that work for CURLOPT_PROXYAUTH + debug: added new connection cache output, plus fixups - The list was out of date and the paragraph already refers to the - CURLOPT_HTTPAUTH explanation. All the auth bits are explained properly - there. + Debug output 'typo' fix. - It also removes the ambiguity for what the "added" phrase refers to. + Don't print an extra "0x" in + * Pipe broke: handle 0x0x2546d88, url = / - This change based on pull request #85 on github + Add debug output. + Print the number of connections in the connection cache when + adding one, and not only when one is removed. - URL: https://github.com/bagder/curl/pull/85 - Reported-by: gnawhleinad + Fix typos in comments. -Dan Fandrich (22 Jan 2014) -- test1514: Got rid of a non-const initializer C99ism +- multi: move the ending condition into the loop as well + + ... as it was before I changed the loop in commit e04ccbd50. It caused + test 2030 and 2032 to fail. -Steve Holme (21 Jan 2014) -- RELEASE-NOTES: added another missing bug ref +Steve Holme (18 Nov 2014) +- multi: Prefer we don't use CURLE_OK and NULL in comparisons -Daniel Stenberg (21 Jan 2014) -- RELEASE-NOTES: added missing bug ref +Daniel Stenberg (18 Nov 2014) +- multi_runsingle: use 'result' for local CURLcode storage + + ... and assign data->result only at the end. Makes the code more compact + (easier to read) and more similar to other code. -- [Fabian Frank brought this change] +- multi_runsingle: rename result to rc + + save 'result' for CURLcode types - axtls: fix compiler warning on conversion ssize_t => int +- multi: make multi_runsingle loop internally + + simplifies the use of this function at little cost. -- [Fabian Frank brought this change] +- [Carlo Wood brought this change] - SFTP: stat remote file also when CURLOPT_NOBODY is 1 + multi: when leaving for timeout, close accordingly - Make it possible to call - curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize) - and related functions on remote sftp:// files, without downloading them. - - Reported-by: Yingwei Liu - Bug: http://curl.haxx.se/mail/lib-2014-01/0139.html + Fixes the problem when a transfer in a pipeline times out. -- RELEASE-NOTES: synced with 12ecd56da77 +Guenter Knauf (18 Nov 2014) +- build: in Makefile.m32 add -m32 flag for 32bit. -- contributors.sh: output list RELEASE-NOTES formatted +- mk-ca-bundle.vbs: update copyright year. -- [Cédric Deltheil brought this change] +- build: in Makefile.m32 pass -F flag to windres. - test1514: added - no more negative Content-Length (HTTP POST) +Steve Holme (17 Nov 2014) +- config-win32: Fixed build targets for the VS2012+ Windows XP toolset - This covers changes from commit afd288b2. + Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had + forgotten to include the relevant pre-processor definitions. -- [Cédric Deltheil brought this change] +- sasl_sspi: Removed note about the NTLM functions being a wrapper - HTTP POST: omit Content-Length if data size is unknown - - This prevents sending a `Content-Length: -1` header, e.g this ocurred - with the following combination: +- connect.c: Fixed compilation warning when no verbose string support - * standard HTTP POST (no chunked encoding), - * user-defined read function set, - * `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set. - - With this fix it now behaves like HTTP PUT. - -- [Fabian Frank brought this change] + warning: unused parameter 'reason' - disable GnuTLS insecure ciphers +- easy.c: Fixed compilation warning when no verbose string support - Make GnuTLS old and new consistent, specify the desired protocol, cipher - and certificate type in always in both modes. Disable insecure ciphers - as reported by howsmyssl.com. Honor not only --sslv3, but also the - --tlsv1[.N] switches. - - Related Bug: http://curl.haxx.se/bug/view.cgi?id=1323 - -- curl_getdate.3: edited, removed references to pre 7.12.2 functionality + warning: unused parameter 'easy' -- gtls: fix compiler warnings on conversions size_t => unsigned int - -Steve Holme (19 Jan 2014) -- tool: Fixed incorrect return code if password prompting runs out of memory +- win32: Updated some legacy APIs to use the newer extended versions - Due to the changes in commit 3c929ff9f6ea and lack of subsequent - updates, curl could return a CURLE_FTP_ACCEPT_FAILED error if - checkpasswd() ran out of memory in versions 7.33.0 and 7.34.0. + Updated the usage of some legacy APIs, that are preventing curl from + compiling for Windows Store and Windows Phone build targets. - Updated the function declaration and return code to return - CURLE_OUT_OF_MEMORY and CURLE_OK where appropriate. - -- RELEASE-NOTES: Synced with 2cac75c4e400 + Suggested-by: Stefan Neis + Feature: http://sourceforge.net/p/curl/feature-requests/82/ -- http_chunks.c: Fixed compilation warnings under some 32-bit systems +- config-win32: Introduce build targets for VS2012+ - conversion from 'curl_off_t' to 'size_t', possible loss of data - - Where curl_off_t is a 64-bit word and size_t is 32-bit - for example - with 32-bit Windows builds. + Visual Studio 2012 introduced support for Windows Store apps as well as + supporting Windows Phone 8. Introduced build targets that allow more + modern APIs to be used as certain legacy ones are not available on these + new platforms. -- tool: Fixed incorrect return code if command line parser runs out of memory - - In the rare instance where getparameter() may return PARAM_NO_MEM whilst - parsing a URL, cURL would return this error code, which is equivalent to - CURLE_FTP_ACCEPT_FAILED in cURL error codes terms. +- sasl_sspi: Fixed compilation warnings when no verbose string support + +- sasl_sspi: Added base64 decoding debug failure messages - Instead, return CURLE_FAILED_INIT and output the failure reason as per - the other usage of getparameter(). + Just like in the NTLM code, added infof() failure messages for + DIGEST-MD5 and GSSAPI authentication when base64 decoding fails. -Daniel Stenberg (18 Jan 2014) -- [Tobias Markus brought this change] +- ntlm: Moved the SSPI based Type-3 message generation into the SASL module - Subject: progress bar: increase update frequency to 10Hz - - Increasing the update frequency of the progress bar to 10Hz greatly - improves the visual appearance of the progress bar (at least in my - impression). - - Signed-off-by: Tobias Markus +- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module -- [Tobias Markus brought this change] +- ntlm: Moved the SSPI based Type-1 message generation into the SASL module - progress bar: always update when at 100% - - Currently, the progress bar is updated at 5Hz. Because it is often not - updated to 100% when the download is finished and curl exits, the bar - is often "stuck" at 90-something, thus irritating the user. - - This patch fixes this by always updating the progress bar (instead of - waiting for 200ms to have elapsed) while the download is finished but - curl has not yet exited. This should not greatly affect performance - because that moment is rather short. - - Signed-off-by: Tobias Markus +- [Michael Osipov brought this change] -Steve Holme (18 Jan 2014) -- win32: Added additional preprocessor check for Version Helper API + kerberos: Use symbol qualified with _KERBEROS5 - A follow up patch to commit d2671340a613 as _WIN32_WINNT_WIN2K and - _WIN32_WINNT_WIN2K may not be defined on all systems. + For consistency renamed USE_KRB5 to USE_KERBEROS5. -- win32: Corrected the preprocessor check for Version Helper API - - Following some auto build failures after commit c7a76bb056f31e changed - the preprocessor check to use _WIN32_WINNT. +Daniel Stenberg (15 Nov 2014) +- [Jay Satiro brought this change] -Daniel Stenberg (17 Jan 2014) -- cookie: max-age fixes + examples: Don't call select() to sleep on windows - 1 - allow >31 bit max-age values + Windows does not support using select() for sleeping without a dummy + socket. Instead use Windows' Sleep() and sleep for 100ms which is the + minimum suggested value in the curl_multi_fdset() doc. - 2 - don't overflow on extremely large max-age values when we add the - value to the current time + Prior to this change the multi examples would exit prematurely since + select() would error instead of sleeping when called without an fd. - 3 - make sure max-age takes precedence over expires as dictated by - RFC6265 - - Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html - Reported-by: Chen Prog - -- test1417: verify chunked-encoding transfer without CR - - As was introduced in 8f6b4be8af04 + Reported-by: Johan Lantz + Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html -- chunked parsing: relax the CR strictness - - Allow for chunked-encoding data to get parsed with only LF line endings. - This is allowed by browsers. +- [Tatsuhiro Tsujikawa brought this change] -- test1416: verify the chunked size overflow detection + http2: Don't send Upgrade headers when we already do HTTP/2 -- chunked-parser: abort on overflows, allow 64 bit chunks +Steve Holme (15 Nov 2014) +- sasl: Corrected Curl_sasl_build_spn() function description + + There was a mismatch in function parameter names. -Dan Fandrich (17 Jan 2014) -- Fixed some XML syntax issues in the test data +- tool: Removed krb4 from the supported features - Also, make the ftp server return a canned response that doesn't - cause XML verification problems. Although the test file format - isn't technically XML, it's still handy to be able to use XML - tools to verify and manipulate them. + Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, + so would not be output with --version, removed krb4 from the supported + features output. -Daniel Stenberg (16 Jan 2014) - [Michael Osipov brought this change] - configure: fix gssapi linking on HP-UX - - The issue is with HP-UX that is comes with HP flavor of MIT - Kerberos. This means that there is no krb5-config and the lib is called - libgss.so - - Bug: http://curl.haxx.se/bug/view.cgi?id=1321 + tool: Use Kerberos for supported features -- Curl_cookie_add: remove 'now' from curl_getdate() call +- urldata: Don't define sec_complete when no GSS-API support present - The now argument is unused by curl_getdate() + This variable is only used with HAVE_GSSAPI is defined by the FTP code + so let's place the definition with the other GSS-API based variables. -Steve Holme (15 Jan 2014) -- pop3-dele.c: Added missing CURLOPT_NOBODY following feedback +- [Michael Osipov brought this change] -Daniel Stenberg (16 Jan 2014) -- connect.c:942:84: warning: Longer than 79 columns + docs: Use consistent naming for Kerberos -Steve Holme (15 Jan 2014) -- connect.c: Corrected version compare in commit c7a76bb056f31e +- TODO: Lets support QOP options in GSSAPI authentication -- RELEASE-NOTES: Synced with c7a76bb056f31e +- sasl_sspi: Corrected a couple of comment typos -- win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 +- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file - Starting with Visual Studio 2013 (VC12) and Windows 8.1 the - GetVersionInfoEx() function has been marked as deprecated and it's - return value atered. Updated connect.c and curl_sspi.c to use - VerifyVersionInfo() where possible, which has been available since - Windows 2000. - -Daniel Stenberg (14 Jan 2014) -- curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* - -- TODO: Allow SSL (HTTPS) to proxy + Rather than define the function as extern in the source files that use + it, moved the function declaration into the SASL header file just like + the Digest and NTLM clean-up functions. + + Additionally, added a function description comment block. -- TODO: remove FTP proxy and more SSL libraries +- sasl_sspi: Added missing RFC reference for HTTP Digest authentication -- TODO: Detect when called from witin callbacks +- ntlm: Clean-up and standardisation of base64 decoding diff -Nru curl-7.38.0/CMake/CurlCheckCSourceCompiles.cmake curl-7.43.0/CMake/CurlCheckCSourceCompiles.cmake --- curl-7.38.0/CMake/CurlCheckCSourceCompiles.cmake 2014-09-04 11:21:53.000000000 +0000 +++ curl-7.43.0/CMake/CurlCheckCSourceCompiles.cmake 1970-01-01 00:00:00.000000000 +0000 @@ -1,71 +0,0 @@ -# - Check if the source code provided in the SOURCE argument compiles. -# CURL_CHECK_C_SOURCE_COMPILES(SOURCE VAR) -# - macro which checks if the source code compiles -# SOURCE - source code to try to compile -# VAR - variable to store whether the source code compiled -# -# The following variables may be set before calling this macro to -# modify the way the check is run: -# -# CMAKE_REQUIRED_FLAGS = string of compile command line flags -# CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar) -# CMAKE_REQUIRED_INCLUDES = list of include directories -# CMAKE_REQUIRED_LIBRARIES = list of libraries to link - -macro(CURL_CHECK_C_SOURCE_COMPILES SOURCE VAR) - if("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN") - set(message "${VAR}") - # If the number of arguments is greater than 2 (SOURCE VAR) - if(${ARGC} GREATER 2) - # then add the third argument as a message - set(message "${ARGV2} (${VAR})") - endif() - set(MACRO_CHECK_FUNCTION_DEFINITIONS - "-D${VAR} ${CMAKE_REQUIRED_FLAGS}") - if(CMAKE_REQUIRED_LIBRARIES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES - "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") - endif() - if(CMAKE_REQUIRED_INCLUDES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES - "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}") - endif() - set(src "") - foreach(def ${EXTRA_DEFINES}) - set(src "${src}#define ${def} 1\n") - endforeach(def) - foreach(inc ${HEADER_INCLUDES}) - set(src "${src}#include <${inc}>\n") - endforeach(inc) - - set(src "${src}\nint main() { ${SOURCE} ; return 0; }") - set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}") - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in - "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c" - IMMEDIATE) - message(STATUS "Performing Test ${message}") - try_compile(${VAR} - ${CMAKE_BINARY_DIR} - ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c - COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS} - CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} - "${CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES}" - "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}" - OUTPUT_VARIABLE OUTPUT) - if(${VAR}) - set(${VAR} 1 CACHE INTERNAL "Test ${message}") - message(STATUS "Performing Test ${message} - Success") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log - "Performing C SOURCE FILE Test ${message} succeded with the following output:\n" - "${OUTPUT}\n" - "Source file was:\n${src}\n") - else() - message(STATUS "Performing Test ${message} - Failed") - set(${VAR} "" CACHE INTERNAL "Test ${message}") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log - "Performing C SOURCE FILE Test ${message} failed with the following output:\n" - "${OUTPUT}\n" - "Source file was:\n${src}\n") - endif() - endif() -endmacro() diff -Nru curl-7.38.0/CMake/CurlCheckCSourceRuns.cmake curl-7.43.0/CMake/CurlCheckCSourceRuns.cmake --- curl-7.38.0/CMake/CurlCheckCSourceRuns.cmake 2014-08-13 23:06:26.000000000 +0000 +++ curl-7.43.0/CMake/CurlCheckCSourceRuns.cmake 1970-01-01 00:00:00.000000000 +0000 @@ -1,83 +0,0 @@ -# - Check if the source code provided in the SOURCE argument compiles and runs. -# CURL_CHECK_C_SOURCE_RUNS(SOURCE VAR) -# - macro which checks if the source code runs -# SOURCE - source code to try to compile -# VAR - variable to store size if the type exists. -# -# The following variables may be set before calling this macro to -# modify the way the check is run: -# -# CMAKE_REQUIRED_FLAGS = string of compile command line flags -# CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar) -# CMAKE_REQUIRED_INCLUDES = list of include directories -# CMAKE_REQUIRED_LIBRARIES = list of libraries to link - -macro(CURL_CHECK_C_SOURCE_RUNS SOURCE VAR) - if("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN") - set(message "${VAR}") - # If the number of arguments is greater than 2 (SOURCE VAR) - if(${ARGC} GREATER 2) - # then add the third argument as a message - set(message "${ARGV2} (${VAR})") - endif(${ARGC} GREATER 2) - set(MACRO_CHECK_FUNCTION_DEFINITIONS - "-D${VAR} ${CMAKE_REQUIRED_FLAGS}") - if(CMAKE_REQUIRED_LIBRARIES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES - "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") - else(CMAKE_REQUIRED_LIBRARIES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES) - endif(CMAKE_REQUIRED_LIBRARIES) - if(CMAKE_REQUIRED_INCLUDES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES - "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}") - else(CMAKE_REQUIRED_INCLUDES) - set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES) - endif(CMAKE_REQUIRED_INCLUDES) - set(src "") - foreach(def ${EXTRA_DEFINES}) - set(src "${src}#define ${def} 1\n") - endforeach(def) - foreach(inc ${HEADER_INCLUDES}) - set(src "${src}#include <${inc}>\n") - endforeach(inc) - - set(src "${src}\nint main() { ${SOURCE} ; return 0; }") - set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}") - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in - "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c" - IMMEDIATE) - message(STATUS "Performing Test ${message}") - try_run(${VAR} ${VAR}_COMPILED - ${CMAKE_BINARY_DIR} - ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c - COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS} - CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} - "${CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES}" - "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}" - OUTPUT_VARIABLE OUTPUT) - # if it did not compile make the return value fail code of 1 - if(NOT ${VAR}_COMPILED) - set(${VAR} 1) - endif(NOT ${VAR}_COMPILED) - # if the return value was 0 then it worked - set(result_var ${${VAR}}) - if("${result_var}" EQUAL 0) - set(${VAR} 1 CACHE INTERNAL "Test ${message}") - message(STATUS "Performing Test ${message} - Success") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log - "Performing C SOURCE FILE Test ${message} succeded with the following output:\n" - "${OUTPUT}\n" - "Return value: ${${VAR}}\n" - "Source file was:\n${src}\n") - else("${result_var}" EQUAL 0) - message(STATUS "Performing Test ${message} - Failed") - set(${VAR} "" CACHE INTERNAL "Test ${message}") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log - "Performing C SOURCE FILE Test ${message} failed with the following output:\n" - "${OUTPUT}\n" - "Return value: ${result_var}\n" - "Source file was:\n${src}\n") - endif("${result_var}" EQUAL 0) - endif("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN") -endmacro(CURL_CHECK_C_SOURCE_RUNS) diff -Nru curl-7.38.0/CMake/CurlTests.c curl-7.43.0/CMake/CurlTests.c --- curl-7.38.0/CMake/CurlTests.c 2014-08-13 23:06:26.000000000 +0000 +++ curl-7.43.0/CMake/CurlTests.c 2015-06-03 07:38:20.000000000 +0000 @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,264 +71,88 @@ } #endif -#ifdef HAVE_GETHOSTBYADDR_R_5 -#include -#include -int -main () -{ - -char * address; -int length; -int type; -struct hostent h; -struct hostent_data hdata; -int rc; -#ifndef gethostbyaddr_r - (void)gethostbyaddr_r; -#endif -rc = gethostbyaddr_r(address, length, type, &h, &hdata); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYADDR_R_5_REENTRANT -#define _REENTRANT -#include -#include -int -main () -{ - -char * address; -int length;q -int type; -struct hostent h; -struct hostent_data hdata; -int rc; -#ifndef gethostbyaddr_r - (void)gethostbyaddr_r; -#endif -rc = gethostbyaddr_r(address, length, type, &h, &hdata); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYADDR_R_7 -#include -#include -int -main () -{ - -char * address; -int length; -int type; -struct hostent h; -char buffer[8192]; -int h_errnop; -struct hostent * hp; - -#ifndef gethostbyaddr_r - (void)gethostbyaddr_r; -#endif -hp = gethostbyaddr_r(address, length, type, &h, - buffer, 8192, &h_errnop); - ; - return 0; -} +/* tests for gethostbyaddr_r or gethostbyname_r */ +#if defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) +# define _REENTRANT + /* no idea whether _REENTRANT is always set, just invent a new flag */ +# define TEST_GETHOSTBYFOO_REENTRANT +#endif +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(TEST_GETHOSTBYFOO_REENTRANT) +#include +#include +int main(void) +{ + char *address = "example.com"; + int length = 0; + int type = 0; + struct hostent h; + int rc = 0; +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \ + \ + defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) + struct hostent_data hdata; +#elif defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \ + \ + defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) + char buffer[8192]; + int h_errnop; + struct hostent *hp; #endif -#ifdef HAVE_GETHOSTBYADDR_R_7_REENTRANT -#define _REENTRANT -#include -#include -int -main () -{ - -char * address; -int length; -int type; -struct hostent h; -char buffer[8192]; -int h_errnop; -struct hostent * hp; #ifndef gethostbyaddr_r (void)gethostbyaddr_r; #endif -hp = gethostbyaddr_r(address, length, type, &h, - buffer, 8192, &h_errnop); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYADDR_R_8 -#include -#include -int -main () -{ -char * address; -int length; -int type; -struct hostent h; -char buffer[8192]; -int h_errnop; -struct hostent * hp; -int rc; - -#ifndef gethostbyaddr_r - (void)gethostbyaddr_r; -#endif -rc = gethostbyaddr_r(address, length, type, &h, - buffer, 8192, &hp, &h_errnop); - ; +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) + rc = gethostbyaddr_r(address, length, type, &h, &hdata); +#elif defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) + hp = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &h_errnop); + (void)hp; +#elif defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) + rc = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &hp, &h_errnop); +#endif + +#if defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) + rc = gethostbyname_r(address, &h, &hdata); +#elif defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) + rc = gethostbyname_r(address, &h, buffer, 8192, 0, &h_errnop); + (void)hp; /* not used for test */ +#elif defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) + rc = gethostbyname_r(address, &h, buffer, 8192, &hp, &h_errnop); +#endif + + (void)length; + (void)type; + (void)rc; return 0; } #endif -#ifdef HAVE_GETHOSTBYADDR_R_8_REENTRANT -#define _REENTRANT -#include -#include -int -main () -{ - -char * address; -int length; -int type; -struct hostent h; -char buffer[8192]; -int h_errnop; -struct hostent * hp; -int rc; -#ifndef gethostbyaddr_r - (void)gethostbyaddr_r; -#endif -rc = gethostbyaddr_r(address, length, type, &h, - buffer, 8192, &hp, &h_errnop); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_3 -#include -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ - -struct hostent_data data; -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_3_REENTRANT -#define _REENTRANT -#include -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ - -struct hostent_data data; -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_5 -#include -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL, 0, NULL); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_5_REENTRANT -#define _REENTRANT -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ - -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL, 0, NULL); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_6 -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ - -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL); - ; - return 0; -} -#endif -#ifdef HAVE_GETHOSTBYNAME_R_6_REENTRANT -#define _REENTRANT -#include -#include -#undef NULL -#define NULL (void *)0 - -int -main () -{ - -#ifndef gethostbyname_r - (void)gethostbyname_r; -#endif -gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL); - ; - return 0; -} -#endif #ifdef HAVE_SOCKLEN_T #ifdef _WIN32 #include diff -Nru curl-7.38.0/CMake/FindGSS.cmake curl-7.43.0/CMake/FindGSS.cmake --- curl-7.38.0/CMake/FindGSS.cmake 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/CMake/FindGSS.cmake 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,289 @@ +# - Try to find the GSS Kerberos library +# Once done this will define +# +# GSS_ROOT_DIR - Set this variable to the root installation of GSS +# +# Read-Only variables: +# GSS_FOUND - system has the Heimdal library +# GSS_FLAVOUR - "MIT" or "Heimdal" if anything found. +# GSS_INCLUDE_DIR - the Heimdal include directory +# GSS_LIBRARIES - The libraries needed to use GSS +# GSS_LINK_DIRECTORIES - Directories to add to linker search path +# GSS_LINKER_FLAGS - Additional linker flags +# GSS_COMPILER_FLAGS - Additional compiler flags +# GSS_VERSION - This is set to version advertised by pkg-config or read from manifest. +# In case the library is found but no version info availabe it'll be set to "unknown" + +set(_MIT_MODNAME mit-krb5-gssapi) +set(_HEIMDAL_MODNAME heimdal-gssapi) + +include(CheckIncludeFile) +include(CheckIncludeFiles) +include(CheckTypeSize) + +set(_GSS_ROOT_HINTS + "${GSS_ROOT_DIR}" + "$ENV{GSS_ROOT_DIR}" +) + +# try to find library using system pkg-config if user didn't specify root dir +if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}") + if(UNIX) + find_package(PkgConfig QUIET) + pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME}) + list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}") + elseif(WIN32) + list(APPEND _GSS_ROOT_HINTS "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]") + endif() +endif() + +if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approach. + find_file(_GSS_CONFIGURE_SCRIPT + NAMES + "krb5-config" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + bin + NO_CMAKE_PATH + NO_CMAKE_ENVIRONMENT_PATH + ) + + # if not found in user-supplied directories, maybe system knows better + find_file(_GSS_CONFIGURE_SCRIPT + NAMES + "krb5-config" + PATH_SUFFIXES + bin + ) + + if(_GSS_CONFIGURE_SCRIPT) + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi" + OUTPUT_VARIABLE _GSS_CFLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + ) +message(STATUS "CFLAGS: ${_GSS_CFLAGS}") + if(NOT _GSS_CONFIGURE_FAILED) # 0 means success + # should also work in an odd case when multiple directories are given + string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS) + string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}") + string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1"_GSS_CFLAGS "${_GSS_CFLAGS}") + + foreach(_flag ${_GSS_CFLAGS}) + if(_flag MATCHES "^-I.*") + string(REGEX REPLACE "^-I" "" _val "${_flag}") + list(APPEND _GSS_INCLUDE_DIR "${_val}") + else() + list(APPEND _GSS_COMPILER_FLAGS "${_flag}") + endif() + endforeach() + endif() + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi" + OUTPUT_VARIABLE _GSS_LIB_FLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + ) +message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") + if(NOT _GSS_CONFIGURE_FAILED) # 0 means success + # this script gives us libraries and link directories. Blah. We have to deal with it. + string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS) + string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") + string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1"_GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") + + foreach(_flag ${_GSS_LIB_FLAGS}) + if(_flag MATCHES "^-l.*") + string(REGEX REPLACE "^-l" "" _val "${_flag}") + list(APPEND _GSS_LIBRARIES "${_val}") + elseif(_flag MATCHES "^-L.*") + string(REGEX REPLACE "^-L" "" _val "${_flag}") + list(APPEND _GSS_LINK_DIRECTORIES "${_val}") + else() + list(APPEND _GSS_LINKER_FLAGS "${_flag}") + endif() + endforeach() + endif() + + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version" + OUTPUT_VARIABLE _GSS_VERSION + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + ) + + # older versions may not have the "--version" parameter. In this case we just don't care. + if(_GSS_CONFIGURE_FAILED) + set(_GSS_VERSION 0) + endif() + + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor" + OUTPUT_VARIABLE _GSS_VENDOR + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + ) + + # older versions may not have the "--vendor" parameter. In this case we just don't care. + if(_GSS_CONFIGURE_FAILED) + set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter + else() + if(_GSS_VENDOR MATCHES ".*H|heimdal.*") + set(GSS_FLAVOUR "Heimdal") + else() + set(GSS_FLAVOUR "MIT") + endif() + endif() + + else() # either there is no config script or we are on platform that doesn't provide one (Windows?) + + find_path(_GSS_INCLUDE_DIR + NAMES + "gssapi/gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc + ) + + if(_GSS_INCLUDE_DIR) #jay, we've found something + set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}") + check_include_files( "gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _GSS_HAVE_MIT_HEADERS) + + if(_GSS_HAVE_MIT_HEADERS) + set(GSS_FLAVOUR "MIT") + else() + # prevent compiling the header - just check if we can include it + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") + check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) + + check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) + if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H) + set(GSS_FLAVOUR "Heimdal") + endif() + set(CMAKE_REQUIRED_DEFINITIONS "") + endif() + else() + # I'm not convienced if this is the right way but this is what autotools do at the moment + find_path(_GSS_INCLUDE_DIR + NAMES + "gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc + ) + + if(_GSS_INCLUDE_DIR) + set(GSS_FLAVOUR "Heimdal") + endif() + endif() + + # if we have headers, check if we can link libraries + if(GSS_FLAVOUR) + set(_GSS_LIBDIR_SUFFIXES "") + set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS}) + get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT "${_GSS_INCLUDE_DIR}" PATH) + list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT}) + + if(WIN32) + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64") + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi64") + else() + set(_GSS_LIBNAME "libgssapi") + endif() + else() + list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386") + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi32") + else() + set(_GSS_LIBNAME "libgssapi") + endif() + endif() + else() + list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes are not checked for HINTS + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi_krb5") + else() + set(_GSS_LIBNAME "gssapi") + endif() + endif() + + find_library(_GSS_LIBRARIES + NAMES + ${_GSS_LIBNAME} + HINTS + ${_GSS_LIBDIR_HINTS} + PATH_SUFFIXES + ${_GSS_LIBDIR_SUFFIXES} + ) + + endif() + + endif() +else() + if(_GSS_PKG_${_MIT_MODNAME}_VERSION) + set(GSS_FLAVOUR "MIT") + set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION) + else() + set(GSS_FLAVOUR "Heimdal") + set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION) + endif() +endif() + +set(GSS_INCLUDE_DIR ${_GSS_INCLUDE_DIR}) +set(GSS_LIBRARIES ${_GSS_LIBRARIES}) +set(GSS_LINK_DIRECTORIES ${_GSS_LINK_DIRECTORIES}) +set(GSS_LINKER_FLAGS ${_GSS_LINKER_FLAGS}) +set(GSS_COMPILER_FLAGS ${_GSS_COMPILER_FLAGS}) +set(GSS_VERSION ${_GSS_VERSION}) + +if(GSS_FLAVOUR) + + if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal") + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest") + else() + set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest") + endif() + + if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}") + file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" heimdal_version_str + REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$") + + string(REGEX MATCH "[0-9]\\.[^\"]+" + GSS_VERSION "${heimdal_version_str}") + endif() + + if(NOT GSS_VERSION) + set(GSS_VERSION "Heimdal Unknown") + endif() + elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT") + get_filename_component(_MIT_VERSION "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]" NAME CACHE) + if(WIN32 AND _MIT_VERSION) + set(GSS_VERSION "${_MIT_VERSION}") + else() + set(GSS_VERSION "MIT Unknown") + endif() + endif() +endif() + + +include(FindPackageHandleStandardArgs) + +set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR) + +find_package_handle_standard_args(GSS + REQUIRED_VARS + ${_GSS_REQUIRED_VARS} + VERSION_VAR + GSS_VERSION + FAIL_MESSAGE + "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR" +) + +mark_as_advanced(GSS_INCLUDE_DIR GSS_LIBRARIES) diff -Nru curl-7.38.0/CMake/Macros.cmake curl-7.43.0/CMake/Macros.cmake --- curl-7.38.0/CMake/Macros.cmake 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/CMake/Macros.cmake 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,95 @@ +#File defines convenience macros for available feature testing + +# This macro checks if the symbol exists in the library and if it +# does, it prepends library to the list. It is intended to be called +# multiple times with a sequence of possibly dependent libraries in +# order of least-to-most-dependent. Some libraries depend on others +# to link correctly. +macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE) + check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}" + ${VARIABLE}) + if(${VARIABLE}) + set(CURL_LIBS ${LIBRARY} ${CURL_LIBS}) + endif(${VARIABLE}) +endmacro(CHECK_LIBRARY_EXISTS_CONCAT) + +# Check if header file exists and add it to the list. +# This macro is intended to be called multiple times with a sequence of +# possibly dependent header files. Some headers depend on others to be +# compiled correctly. +macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE) + check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE}) + if(${VARIABLE}) + set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE}) + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}") + endif(${VARIABLE}) +endmacro(CHECK_INCLUDE_FILE_CONCAT) + +# For other curl specific tests, use this macro. +macro(CURL_INTERNAL_TEST CURL_TEST) + if(NOT DEFINED "${CURL_TEST}") + set(MACRO_CHECK_FUNCTION_DEFINITIONS + "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}") + if(CMAKE_REQUIRED_LIBRARIES) + set(CURL_TEST_ADD_LIBRARIES + "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") + endif(CMAKE_REQUIRED_LIBRARIES) + + message(STATUS "Performing Curl Test ${CURL_TEST}") + try_compile(${CURL_TEST} + ${CMAKE_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c + CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} + "${CURL_TEST_ADD_LIBRARIES}" + OUTPUT_VARIABLE OUTPUT) + if(${CURL_TEST}) + set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") + message(STATUS "Performing Curl Test ${CURL_TEST} - Success") + file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log + "Performing Curl Test ${CURL_TEST} passed with the following output:\n" + "${OUTPUT}\n") + else(${CURL_TEST}) + message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") + set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") + file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log + "Performing Curl Test ${CURL_TEST} failed with the following output:\n" + "${OUTPUT}\n") + endif(${CURL_TEST}) + endif() +endmacro(CURL_INTERNAL_TEST) + +macro(CURL_INTERNAL_TEST_RUN CURL_TEST) + if(NOT DEFINED "${CURL_TEST}_COMPILE") + set(MACRO_CHECK_FUNCTION_DEFINITIONS + "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}") + if(CMAKE_REQUIRED_LIBRARIES) + set(CURL_TEST_ADD_LIBRARIES + "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") + endif(CMAKE_REQUIRED_LIBRARIES) + + message(STATUS "Performing Curl Test ${CURL_TEST}") + try_run(${CURL_TEST} ${CURL_TEST}_COMPILE + ${CMAKE_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c + CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} + "${CURL_TEST_ADD_LIBRARIES}" + OUTPUT_VARIABLE OUTPUT) + if(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST}) + set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") + message(STATUS "Performing Curl Test ${CURL_TEST} - Success") + else(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST}) + message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") + set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") + file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log" + "Performing Curl Test ${CURL_TEST} failed with the following output:\n" + "${OUTPUT}") + if(${CURL_TEST}_COMPILE) + file(APPEND + "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log" + "There was a problem running this test\n") + endif(${CURL_TEST}_COMPILE) + file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log" + "\n\n") + endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST}) + endif() +endmacro(CURL_INTERNAL_TEST_RUN) diff -Nru curl-7.38.0/CMake/OtherTests.cmake curl-7.43.0/CMake/OtherTests.cmake --- curl-7.38.0/CMake/OtherTests.cmake 2014-09-04 11:21:53.000000000 +0000 +++ curl-7.43.0/CMake/OtherTests.cmake 2015-06-03 07:38:20.000000000 +0000 @@ -1,15 +1,10 @@ -include(CurlCheckCSourceCompiles) -set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2") -set(HEADER_INCLUDES) -set(headers_hack) +include(CheckCSourceCompiles) +# The begin of the sources (macros and includes) +set(_source_epilogue "#undef inline") macro(add_header_include check header) if(${check}) - set(headers_hack - "${headers_hack}\n#include <${header}>") - #SET(HEADER_INCLUDES - # ${HEADER_INCLUDES} - # "${header}") + set(_source_epilogue "${_source_epilogue}\n#include <${header}>") endif(${check}) endmacro(add_header_include) @@ -18,8 +13,8 @@ add_header_include(HAVE_WINDOWS_H "windows.h") add_header_include(HAVE_WINSOCK2_H "winsock2.h") add_header_include(HAVE_WINSOCK_H "winsock.h") - set(EXTRA_DEFINES ${EXTRA_DEFINES} - "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3") + set(_source_epilogue + "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif") set(signature_call_conv "PASCAL") if(HAVE_LIBWS2_32) set(CMAKE_REQUIRED_LIBRARIES ws2_32) @@ -29,14 +24,12 @@ add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") endif(HAVE_WINDOWS_H) -set(EXTRA_DEFINES_BACKUP "${EXTRA_DEFINES}") -set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5") -curl_check_c_source_compiles("recv(0, 0, 0, 0)" curl_cv_recv) +check_c_source_compiles("${_source_epilogue} +int main(void) { + recv(0, 0, 0, 0); + return 0; +}" curl_cv_recv) if(curl_cv_recv) - # AC_CACHE_CHECK([types of arguments and return type for recv], - #[curl_cv_func_recv_args], [ - #SET(curl_cv_func_recv_args "unknown") - #for recv_retv in 'int' 'ssize_t'; do if(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown") foreach(recv_retv "int" "ssize_t" ) foreach(recv_arg1 "int" "ssize_t" "SOCKET") @@ -44,17 +37,23 @@ foreach(recv_arg3 "size_t" "int" "socklen_t" "unsigned int") foreach(recv_arg4 "int" "unsigned int") if(NOT curl_cv_func_recv_done) - set(curl_cv_func_recv_test "UNKNOWN") - set(extern_line "extern ${recv_retv} ${signature_call_conv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})\;") - set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5") - curl_check_c_source_compiles(" + unset(curl_cv_func_recv_test CACHE) + check_c_source_compiles(" + ${_source_epilogue} + extern ${recv_retv} ${signature_call_conv} + recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4}); + int main(void) { ${recv_arg1} s=0; ${recv_arg2} buf=0; ${recv_arg3} len=0; ${recv_arg4} flags=0; - ${recv_retv} res = recv(s, buf, len, flags)" - curl_cv_func_recv_test - "${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})") + ${recv_retv} res = recv(s, buf, len, flags); + (void) res; + return 0; + }" + curl_cv_func_recv_test) + message(STATUS + "Tested: ${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})") if(curl_cv_func_recv_test) set(curl_cv_func_recv_args "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}") @@ -72,18 +71,13 @@ endforeach(recv_arg2) endforeach(recv_arg1) endforeach(recv_retv) - else(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown") + else() string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}") string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}") string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}") string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}") string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}") - #MESSAGE("RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}") - #MESSAGE("RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}") - #MESSAGE("RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}") - #MESSAGE("RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}") - #MESSAGE("RECV_TYPE_RETV ${RECV_TYPE_RETV}") - endif(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown") + endif() if("${curl_cv_func_recv_args}" STREQUAL "unknown") message(FATAL_ERROR "Cannot find proper types to use for recv args") @@ -94,12 +88,12 @@ set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv") set(HAVE_RECV 1) -curl_check_c_source_compiles("send(0, 0, 0, 0)" curl_cv_send) +check_c_source_compiles("${_source_epilogue} +int main(void) { + send(0, 0, 0, 0); + return 0; +}" curl_cv_send) if(curl_cv_send) - # AC_CACHE_CHECK([types of arguments and return type for send], - #[curl_cv_func_send_args], [ - #SET(curl_cv_func_send_args "unknown") - #for send_retv in 'int' 'ssize_t'; do if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") foreach(send_retv "int" "ssize_t" ) foreach(send_arg1 "int" "ssize_t" "SOCKET") @@ -107,19 +101,24 @@ foreach(send_arg3 "size_t" "int" "socklen_t" "unsigned int") foreach(send_arg4 "int" "unsigned int") if(NOT curl_cv_func_send_done) - set(curl_cv_func_send_test "UNKNOWN") - set(extern_line "extern ${send_retv} ${signature_call_conv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})\;") - set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5") - curl_check_c_source_compiles(" + unset(curl_cv_func_send_test CACHE) + check_c_source_compiles(" + ${_source_epilogue} + extern ${send_retv} ${signature_call_conv} + send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4}); + int main(void) { ${send_arg1} s=0; ${send_arg2} buf=0; ${send_arg3} len=0; ${send_arg4} flags=0; - ${send_retv} res = send(s, buf, len, flags)" - curl_cv_func_send_test - "${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})") + ${send_retv} res = send(s, buf, len, flags); + (void) res; + return 0; + }" + curl_cv_func_send_test) + message(STATUS + "Tested: ${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})") if(curl_cv_func_send_test) - #MESSAGE("Found arguments: ${curl_cv_func_send_test}") string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}") string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}") set(curl_cv_func_send_args @@ -138,20 +137,14 @@ endforeach(send_arg2) endforeach(send_arg1) endforeach(send_retv) - else(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") + else() string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}") string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}") string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}") string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}") string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}") string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}") - #MESSAGE("SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}") - #MESSAGE("SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}") - #MESSAGE("SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}") - #MESSAGE("SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}") - #MESSAGE("SEND_TYPE_RETV ${SEND_TYPE_RETV}") - #MESSAGE("SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}") - endif(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") + endif() if("${curl_cv_func_send_args}" STREQUAL "unknown") message(FATAL_ERROR "Cannot find proper types to use for send args") @@ -163,88 +156,71 @@ set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send") set(HAVE_SEND 1) -set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5") -curl_check_c_source_compiles("int flag = MSG_NOSIGNAL" HAVE_MSG_NOSIGNAL) - -set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2") -set(HEADER_INCLUDES) -set(headers_hack) - -macro(add_header_include check header) - if(${check}) - set(headers_hack - "${headers_hack}\n#include <${header}>") - #SET(HEADER_INCLUDES - # ${HEADER_INCLUDES} - # "${header}") - endif(${check}) -endmacro(add_header_include header) +check_c_source_compiles("${_source_epilogue} + int main(void) { + int flag = MSG_NOSIGNAL; + (void)flag; + return 0; + }" HAVE_MSG_NOSIGNAL) -if(HAVE_WINDOWS_H) - set(EXTRA_DEFINES ${EXTRA_DEFINES} - "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3") - add_header_include(HAVE_WINDOWS_H "windows.h") - add_header_include(HAVE_WINSOCK2_H "winsock2.h") - add_header_include(HAVE_WINSOCK_H "winsock.h") -else(HAVE_WINDOWS_H) - add_header_include(HAVE_SYS_TYPES_H "sys/types.h") +if(NOT HAVE_WINDOWS_H) add_header_include(HAVE_SYS_TIME_H "sys/time.h") add_header_include(TIME_WITH_SYS_TIME "time.h") add_header_include(HAVE_TIME_H "time.h") -endif(HAVE_WINDOWS_H) -set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5") -curl_check_c_source_compiles("struct timeval ts;\nts.tv_sec = 0;\nts.tv_usec = 0" HAVE_STRUCT_TIMEVAL) +endif() +check_c_source_compiles("${_source_epilogue} +int main(void) { + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; + return 0; +}" HAVE_STRUCT_TIMEVAL) -include(CurlCheckCSourceRuns) -set(EXTRA_DEFINES) -set(HEADER_INCLUDES) +include(CheckCSourceRuns) +set(CMAKE_REQUIRED_FLAGS) if(HAVE_SYS_POLL_H) - set(HEADER_INCLUDES "sys/poll.h") + set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H") endif(HAVE_SYS_POLL_H) -curl_check_c_source_runs("return poll((void *)0, 0, 10 /*ms*/)" HAVE_POLL_FINE) +check_c_source_runs(" + #ifdef HAVE_SYS_POLL_H + # include + #endif + int main(void) { + return poll((void *)0, 0, 10 /*ms*/); + }" HAVE_POLL_FINE) set(HAVE_SIG_ATOMIC_T 1) -set(EXTRA_DEFINES) -set(HEADER_INCLUDES) +set(CMAKE_REQUIRED_FLAGS) if(HAVE_SIGNAL_H) - set(HEADER_INCLUDES "signal.h") + set(CMAKE_REQUIRED_FLAGS "-DHAVE_SIGNAL_H") set(CMAKE_EXTRA_INCLUDE_FILES "signal.h") endif(HAVE_SIGNAL_H) check_type_size("sig_atomic_t" SIZEOF_SIG_ATOMIC_T) if(HAVE_SIZEOF_SIG_ATOMIC_T) - curl_check_c_source_compiles("static volatile sig_atomic_t dummy = 0" HAVE_SIG_ATOMIC_T_NOT_VOLATILE) + check_c_source_compiles(" + #ifdef HAVE_SIGNAL_H + # include + #endif + int main(void) { + static volatile sig_atomic_t dummy = 0; + (void)dummy; + return 0; + }" HAVE_SIG_ATOMIC_T_NOT_VOLATILE) if(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE) set(HAVE_SIG_ATOMIC_T_VOLATILE 1) endif(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE) endif(HAVE_SIZEOF_SIG_ATOMIC_T) -set(CHECK_TYPE_SIZE_PREINCLUDE - "#undef inline") - if(HAVE_WINDOWS_H) - set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE} - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include ") - if(HAVE_WINSOCK2_H) - set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}\n#include ") - endif(HAVE_WINSOCK2_H) -else(HAVE_WINDOWS_H) + set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h) +else() + set(CMAKE_EXTRA_INCLUDE_FILES) if(HAVE_SYS_SOCKET_H) - set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES} - "sys/socket.h") + set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) endif(HAVE_SYS_SOCKET_H) - if(HAVE_NETINET_IN_H) - set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES} - "netinet/in.h") - endif(HAVE_NETINET_IN_H) - if(HAVE_ARPA_INET_H) - set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES} - "arpa/inet.h") - endif(HAVE_ARPA_INET_H) -endif(HAVE_WINDOWS_H) +endif() check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE) diff -Nru curl-7.38.0/CMake/Platforms/WindowsCache.cmake curl-7.43.0/CMake/Platforms/WindowsCache.cmake --- curl-7.38.0/CMake/Platforms/WindowsCache.cmake 2014-08-13 23:06:26.000000000 +0000 +++ curl-7.43.0/CMake/Platforms/WindowsCache.cmake 2015-06-03 07:38:20.000000000 +0000 @@ -5,6 +5,7 @@ set(HAVE_LIBSOCKET 0) set(NOT_NEED_LIBNSL 0) set(HAVE_LIBNSL 0) + set(HAVE_GETHOSTNAME 1) set(HAVE_LIBZ 0) set(HAVE_LIBCRYPTO 0) @@ -14,7 +15,6 @@ set(HAVE_ARPA_INET_H 0) set(HAVE_DLFCN_H 0) set(HAVE_FCNTL_H 1) - set(HAVE_FEATURES_H 0) set(HAVE_INTTYPES_H 0) set(HAVE_IO_H 1) set(HAVE_MALLOC_H 1) diff -Nru curl-7.38.0/CMakeLists.txt curl-7.43.0/CMakeLists.txt --- curl-7.38.0/CMakeLists.txt 2014-09-04 11:21:53.000000000 +0000 +++ curl-7.43.0/CMakeLists.txt 2015-06-03 07:38:20.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -48,27 +48,17 @@ message(WARNING "the curl cmake build system is poorly maintained. Be aware") file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS) -string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)" - LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS}) -string (REGEX MATCH "([0-9]+)" - LIBCURL_VERSION_MJ ${LIBCURL_VERSION_MJ}) -string (REGEX MATCH - "LIBCURL_VERSION_MINOR[ \t]+([0-9]+)" - LIBCURL_VERSION_MI ${CURL_VERSION_H_CONTENTS}) -string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_MI ${LIBCURL_VERSION_MI}) -string (REGEX MATCH - "LIBCURL_VERSION_PATCH[ \t]+([0-9]+)" - LIBCURL_VERSION_PT ${CURL_VERSION_H_CONTENTS}) -string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_PT ${LIBCURL_VERSION_PT}) -set (CURL_MAJOR_VERSION ${LIBCURL_VERSION_MJ}) -set (CURL_MINOR_VERSION ${LIBCURL_VERSION_MI}) -set (CURL_PATCH_VERSION ${LIBCURL_VERSION_PT}) +string (REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*" + CURL_VERSION ${CURL_VERSION_H_CONTENTS}) +string (REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION}) +string (REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+" + CURL_VERSION_NUM ${CURL_VERSION_H_CONTENTS}) +string (REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM}) include_regular_expression("^.*$") # Sukender: Is it necessary? # Setup package meta-data # SET(PACKAGE "curl") -set(CURL_VERSION ${CURL_MAJOR_VERSION}.${CURL_MINOR_VERSION}.${CURL_PATCH_VERSION}) message(STATUS "curl version=[${CURL_VERSION}]") # SET(PACKAGE_TARNAME "curl") # SET(PACKAGE_NAME "curl") @@ -84,12 +74,35 @@ option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON) option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON) option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF) -option(CURL_USE_ARES "Set to ON to enable c-ares support" OFF) +option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) +option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF) + +option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) +option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) + +if (ENABLE_DEBUG) + # DEBUGBUILD will be defined only for Debug builds + if(NOT CMAKE_VERSION VERSION_LESS 3.0) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) + else() + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD) + endif() + set(ENABLE_CURLDEBUG ON) +endif() + +if (ENABLE_CURLDEBUG) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG) +endif() + # initialize CURL_LIBS set(CURL_LIBS "") -if(CURL_USE_ARES) - set(USE_ARES ${CURL_USE_ARES}) +if(ENABLE_THREADED_RESOLVER AND ENABLE_ARES) + message(FATAL_ERROR "Options ENABLE_THREADED_RESOLVER and ENABLE_ARES are mutually exclusive") +endif() + +if(ENABLE_ARES) + set(USE_ARES 1) find_package(CARES REQUIRED) list(APPEND CURL_LIBS ${CARES_LIBRARY} ) set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY}) @@ -171,9 +184,52 @@ mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS) option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use thread-safe functions" OFF) mark_as_advanced(DISABLED_THREADSAFE) -option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF) +option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON) mark_as_advanced(ENABLE_IPV6) +if(ENABLE_IPV6) + include(CheckStructHasMember) + check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h" + HAVE_SOCKADDR_IN6_SIN6_ADDR) + check_struct_has_member("struct sockaddr_in6" sin6_scope_id "netinet/in.h" + HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) + if(NOT HAVE_SOCKADDR_IN6_SIN6_ADDR) + message(WARNING "struct sockaddr_in6 not available, disabling IPv6 support") + # Force the feature off as this name is used as guard macro... + set(ENABLE_IPV6 OFF + CACHE BOOL "Define if you want to enable IPv6 support" FORCE) + endif() +endif() +option(ENABLE_MANUAL "to provide the built-in manual" ON) +unset(USE_MANUAL CACHE) # TODO: cache NROFF/NROFF_MANOPT/USE_MANUAL vars? +if(ENABLE_MANUAL) + find_program(NROFF NAMES gnroff nroff) + if(NROFF) + # Need a way to write to stdin, this will do + file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") + # Tests for a valid nroff option to generate a manpage + foreach(_MANOPT "-man" "-mandoc") + execute_process(COMMAND "${NROFF}" ${_MANOPT} + OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT + INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" + ERROR_QUIET) + # Save the option if it was valid + if(NROFF_MANOPT_OUTPUT) + message("Found *nroff option: -- ${_MANOPT}") + set(NROFF_MANOPT ${_MANOPT}) + set(USE_MANUAL 1) + break() + endif() + endforeach() + # No need for the temporary file + file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") + if(NOT USE_MANUAL) + message(WARNING "Found no *nroff option to get plaintext from man pages") + endif() + else() + message(WARNING "Found no *nroff program") + endif() +endif() # We need ansi c-flags, especially on HP set(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}") @@ -200,9 +256,22 @@ # On windows preload settings if(WIN32) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_") include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) endif(WIN32) +if(ENABLE_THREADED_RESOLVER) + check_include_file_concat("pthread.h" HAVE_PTHREAD_H) + if(HAVE_PTHREAD_H) + set(CMAKE_THREAD_PREFER_PTHREAD 1) + find_package(Threads) + if(CMAKE_USE_PTHREADS_INIT) + set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) + set(USE_THREADS_POSIX 1) + endif() + endif() +endif() + # Check for all needed libraries check_library_exists_concat("dl" dlopen HAVE_LIBDL) check_library_exists_concat("socket" connect HAVE_LIBSOCKET) @@ -219,19 +288,49 @@ check_library_exists_concat("nsl" gethostbyname HAVE_LIBNSL) endif(NOT NOT_NEED_LIBNSL) +check_function_exists(gethostname HAVE_GETHOSTNAME) + if(WIN32) check_library_exists_concat("ws2_32" getch HAVE_LIBWS2_32) check_library_exists_concat("winmm" getch HAVE_LIBWINMM) endif() +option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON) +mark_as_advanced(CMAKE_USE_OPENSSL) + +set(USE_OPENSSL OFF) +set(HAVE_LIBCRYPTO OFF) +set(HAVE_LIBSSL OFF) + +if(CMAKE_USE_OPENSSL) + find_package(OpenSSL) + if(OPENSSL_FOUND) + list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) + set(USE_OPENSSL ON) + set(HAVE_LIBCRYPTO ON) + set(HAVE_LIBSSL ON) + include_directories(${OPENSSL_INCLUDE_DIR}) + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) + check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) + check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) + check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) + check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) + check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) + check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) + check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) + check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) + endif() +endif() + if(NOT CURL_DISABLE_LDAP) if(WIN32) - option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON) - if(CURL_LDAP_WIN) + option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) + if(USE_WIN32_LDAP) check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32) if(NOT HAVE_WLDAP32) - set(CURL_LDAP_WIN OFF) + set(USE_WIN32_LDAP OFF) endif() endif() endif() @@ -241,13 +340,14 @@ set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") - if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN) - message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time") + if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) + message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") endif() # Now that we know, we're not using windows LDAP... - if(NOT CURL_LDAP_WIN) + if(NOT USE_WIN32_LDAP) # Check for LDAP + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) else() @@ -301,8 +401,8 @@ return 0; }" ) - set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN") - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) if(HAVE_LIBLBER) list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) endif() @@ -336,9 +436,6 @@ # Check for symbol dlopen (same as HAVE_LIBDL) check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) -# For other tests to use the same libraries -set(CMAKE_REQUIRED_LIBRARIES ${CURL_LIBS}) - option(CURL_ZLIB "Set to ON to enable building cURL with zlib support." ON) set(HAVE_LIBZ OFF) set(HAVE_ZLIB_H OFF) @@ -350,39 +447,10 @@ set(HAVE_ZLIB ON) set(HAVE_LIBZ ON) list(APPEND CURL_LIBS ${ZLIB_LIBRARIES}) + include_directories(${ZLIB_INCLUDE_DIRS}) endif() endif() -option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON) -mark_as_advanced(CMAKE_USE_OPENSSL) - -set(USE_SSLEAY OFF) -set(USE_OPENSSL OFF) -set(HAVE_LIBCRYPTO OFF) -set(HAVE_LIBSSL OFF) - -if(CMAKE_USE_OPENSSL) - find_package(OpenSSL) - if(OPENSSL_FOUND) - list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) - set(USE_SSLEAY ON) - set(USE_OPENSSL ON) - set(HAVE_LIBCRYPTO ON) - set(HAVE_LIBSSL ON) - include_directories(${OPENSSL_INCLUDE_DIR}) - set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) - check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) - check_include_file_concat("openssl/err.h" HAVE_OPENSSL_ERR_H) - check_include_file_concat("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) - check_include_file_concat("openssl/rsa.h" HAVE_OPENSSL_RSA_H) - check_include_file_concat("openssl/ssl.h" HAVE_OPENSSL_SSL_H) - check_include_file_concat("openssl/x509.h" HAVE_OPENSSL_X509_H) - check_include_file_concat("openssl/rand.h" HAVE_OPENSSL_RAND_H) - endif(OPENSSL_FOUND) -endif(CMAKE_USE_OPENSSL) - #libSSH2 option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON) mark_as_advanced(CMAKE_USE_LIBSSH2) @@ -396,6 +464,7 @@ list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY}) set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY}) set(CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}") + include_directories("${LIBSSH2_INCLUDE_DIR}") set(HAVE_LIBSSH2 ON) set(USE_LIBSSH2 ON) @@ -416,20 +485,82 @@ endif(LIBSSH2_FOUND) endif(CMAKE_USE_LIBSSH2) -# If we have features.h, then do the _BSD_SOURCE magic -check_include_file("features.h" HAVE_FEATURES_H) +option(CMAKE_USE_GSSAPI "Use GSSAPI implementation (right now only Heimdal is supported with CMake build)" OFF) +mark_as_advanced(CMAKE_USE_GSSAPI) + +if(CMAKE_USE_GSSAPI) + find_package(GSS) + + set(HAVE_GSS_API ${GSS_FOUND}) + if(GSS_FOUND) + + message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"") + + set(CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR}) + check_include_file_concat("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H) + check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) + check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) + + if(GSS_FLAVOUR STREQUAL "Heimdal") + set(HAVE_GSSHEIMDAL ON) + else() # MIT + set(HAVE_GSSMIT ON) + set(_INCLUDE_LIST "") + if(HAVE_GSSAPI_GSSAPI_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi.h") + endif() + if(HAVE_GSSAPI_GSSAPI_GENERIC_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi_generic.h") + endif() + if(HAVE_GSSAPI_GSSAPI_KRB5_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi_krb5.h") + endif() + + string(REPLACE ";" " " _COMPILER_FLAGS_STR "${GSS_COMPILER_FLAGS}") + string(REPLACE ";" " " _LINKER_FLAGS_STR "${GSS_LINKER_FLAGS}") + + foreach(_dir ${GSS_LINK_DIRECTORIES}) + set(_LINKER_FLAGS_STR "${_LINKER_FLAGS_STR} -L\"${_dir}\"") + endforeach() + + set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}") + set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES}) + check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE) + if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE) + set(HAVE_OLD_GSSMIT ON) + endif() + + endif() + + include_directories(${GSS_INCLUDE_DIR}) + link_directories(${GSS_LINK_DIRECTORIES}) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") + list(APPEND CURL_LIBS ${GSS_LIBRARIES}) + + else() + message(WARNING "GSSAPI support has been requested but no supporting libraries found. Skipping.") + endif() +endif() + +option(ENABLE_UNIX_SOCKETS "Define if you want Unix domain sockets support" ON) +if(ENABLE_UNIX_SOCKETS) + include(CheckStructHasMember) + check_struct_has_member("struct sockaddr_un" sun_path "sys/un.h" USE_UNIX_SOCKETS) +else() + unset(USE_UNIX_SOCKETS CACHE) +endif() # Check for header files if(NOT UNIX) - check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) - check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) -endif(NOT UNIX) -check_include_file_concat("stdio.h" HAVE_STDIO_H) -if(NOT UNIX) check_include_file_concat("windows.h" HAVE_WINDOWS_H) check_include_file_concat("winsock.h" HAVE_WINSOCK_H) + check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) + check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) endif(NOT UNIX) +check_include_file_concat("stdio.h" HAVE_STDIO_H) check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) @@ -454,9 +585,6 @@ check_include_file_concat("err.h" HAVE_ERR_H) check_include_file_concat("errno.h" HAVE_ERRNO_H) check_include_file_concat("fcntl.h" HAVE_FCNTL_H) -check_include_file_concat("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H) -check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) -check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H) check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) check_include_file_concat("io.h" HAVE_IO_H) @@ -576,6 +704,12 @@ mark_as_advanced(RANDOM_FILE) # Check for some functions that are used +if(HAVE_LIBWS2_32) + set(CMAKE_REQUIRED_LIBRARIES ws2_32) +elseif(HAVE_LIBSOCKET) + set(CMAKE_REQUIRED_LIBRARIES socket) +endif() + check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) check_symbol_exists(poll "${CURL_INCLUDES}" HAVE_POLL) @@ -618,7 +752,6 @@ HAVE_CRYPTO_CLEANUP_ALL_EX_DATA) if(HAVE_LIBCRYPTO AND HAVE_LIBSSL) set(USE_OPENSSL 1) - set(USE_SSLEAY 1) endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL) endif(CMAKE_USE_OPENSSL) check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) @@ -639,6 +772,7 @@ check_symbol_exists(siginterrupt "${CURL_INCLUDES}" HAVE_SIGINTERRUPT) check_symbol_exists(perror "${CURL_INCLUDES}" HAVE_PERROR) check_symbol_exists(fork "${CURL_INCLUDES}" HAVE_FORK) +check_symbol_exists(getaddrinfo "${CURL_INCLUDES}" HAVE_GETADDRINFO) check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO) check_symbol_exists(freeifaddrs "${CURL_INCLUDES}" HAVE_FREEIFADDRS) check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) @@ -677,12 +811,7 @@ set(HAVE_LDAP_URL_PARSE 1) endif(NOT HAVE_STRICMP) - - # Do curl specific tests -if(HAVE_LIBWS2_32) - set(CMAKE_REQUIRED_LIBRARIES ws2_32) -endif() foreach(CURL_TEST HAVE_FCNTL_O_NONBLOCK HAVE_IOCTLSOCKET @@ -869,24 +998,6 @@ add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) endif(MSVC) -# Sets up the dependencies (zlib, OpenSSL, etc.) of a cURL subproject according to options. -# TODO This is far to be complete! -function(SETUP_CURL_DEPENDENCIES TARGET_NAME) - if(CURL_ZLIB AND ZLIB_FOUND) - include_directories(${ZLIB_INCLUDE_DIR}) - endif() - - if(CMAKE_USE_OPENSSL AND OPENSSL_FOUND) - include_directories(${OPENSSL_INCLUDE_DIR}) - endif() - - if(CMAKE_USE_LIBSSH2 AND LIBSSH2_FOUND) - include_directories(${LIBSSH2_INCLUDE_DIR}) - endif() - - target_link_libraries(${TARGET_NAME} ${CURL_LIBS}) -endfunction() - # Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it). function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE) file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT) @@ -911,6 +1022,133 @@ add_subdirectory(tests) endif() +# TODO support GNUTLS, NSS, POLARSSL, AXTLS, CYASSL, WINSSL, DARWINSSL +if(USE_OPENSSL) + set(SSL_ENABLED 1) +endif() + +# Helper to populate a list (_items) with a label when conditions (the remaining +# args) are satisfied +function(_add_if label) + # TODO need to disable policy CMP0054 (CMake 3.1) to allow this indirection + if(${ARGN}) + set(_items ${_items} "${label}" PARENT_SCOPE) + endif() +endfunction() + +# Clear list and try to detect available features +set(_items) +_add_if("SSL" SSL_ENABLED) +_add_if("IPv6" ENABLE_IPV6) +_add_if("unix-sockets" USE_UNIX_SOCKETS) +_add_if("libz" HAVE_LIBZ) +_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) +_add_if("IDN" HAVE_LIBIDN) +# TODO SSP1 (WinSSL) check is missing +_add_if("SSPI" USE_WINDOWS_SSPI) +_add_if("GSS-API" HAVE_GSS_API) +# TODO SSP1 missing for SPNEGO +_add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND + (HAVE_GSS_API OR USE_WINDOWS_SSPI)) +_add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND + (HAVE_GSS_API OR USE_WINDOWS_SSPI)) +# NTLM support requires crypto function adaptions from various SSL libs +# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL +if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR + USE_WINDOWS_SSPI OR GNUTLS_ENABLED OR NSS_ENABLED OR DARWINSSL_ENABLED)) + _add_if("NTLM" 1) + # TODO missing option (autoconf: --enable-ntlm-wb) + _add_if("NTLM_WB" NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) +endif() +# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP +_add_if("TLS-SRP" USE_TLS_SRP) +# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header +_add_if("HTTP2" USE_NGHTTP2) +string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") +message(STATUS "Enabled features: ${SUPPORT_FEATURES}") + +# Clear list and try to detect available protocols +set(_items) +_add_if("HTTP" NOT CURL_DISABLE_HTTP) +_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) +_add_if("FTP" NOT CURL_DISABLE_FTP) +_add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) +_add_if("FILE" NOT CURL_DISABLE_FILE) +_add_if("TELNET" NOT CURL_DISABLE_TELNET) +_add_if("LDAP" NOT CURL_DISABLE_LDAP) +# CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS +# TODO check HAVE_LDAP_SSL (in autoconf this is enabled with --enable-ldaps) +_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND + ((USE_OPENLDAP AND SSL_ENABLED) OR + (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) +_add_if("DICT" NOT CURL_DISABLE_DICT) +_add_if("TFTP" NOT CURL_DISABLE_TFTP) +_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) +_add_if("POP3" NOT CURL_DISABLE_POP3) +_add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) +_add_if("IMAP" NOT CURL_DISABLE_IMAP) +_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) +_add_if("SMTP" NOT CURL_DISABLE_SMTP) +_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) +_add_if("SCP" USE_LIBSSH2) +_add_if("SFTP" USE_LIBSSH2) +_add_if("RTSP" NOT CURL_DISABLE_RTSP) +_add_if("RTMP" USE_LIBRTMP) +list(SORT _items) +string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") +message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") + +# curl-config needs the following options to be set. +set(CC "${CMAKE_C_COMPILER}") +# TODO probably put a -D... options here? +set(CONFIGURE_OPTIONS "") +# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB? +set(CPPFLAG_CURL_STATICLIB "") +# TODO need to set this (see CURL_CHECK_CA_BUNDLE in acinclude.m4) +set(CURL_CA_BUNDLE "") +set(CURLVERSION "${CURL_VERSION}") +set(ENABLE_SHARED "yes") +if(CURL_STATICLIB) + # Broken: LIBCURL_LIBS below; .a lib is not built + message(WARNING "Static linking is broken!") + set(ENABLE_STATIC "no") +else() + set(ENABLE_STATIC "no") +endif() +set(exec_prefix "\${prefix}") +set(includedir "\${prefix}/include") +set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") +set(LIBCURL_LIBS "") +set(libdir "${CMAKE_INSTALL_PREFIX}/lib") +# TODO CURL_LIBS also contains absolute paths which don't work with static -l... +foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) + set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") +endforeach() +# "a" (Linux) or "lib" (Windows) +string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") +set(prefix "${CMAKE_INSTALL_PREFIX}") +# Set this to "yes" to append all libraries on which -lcurl is dependent +set(REQUIRE_LIB_DEPS "no") +# SUPPORT_FEATURES +# SUPPORT_PROTOCOLS +set(VERSIONNUM "${CURL_VERSION_NUM}") + +# Finally generate a "curl-config" matching this config +configure_file("${CURL_SOURCE_DIR}/curl-config.in" + "${CURL_BINARY_DIR}/curl-config" @ONLY) +install(FILES "${CMAKE_BINARY_DIR}/curl-config" + DESTINATION bin + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + +# Finally generate a pkg-config file matching this config +configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" + "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) +install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc" + DESTINATION lib/pkgconfig) + # This needs to be run very last so other parts of the scripts can take advantage of this. if(NOT CURL_CONFIG_HAS_BEEN_RUN_BEFORE) set(CURL_CONFIG_HAS_BEEN_RUN_BEFORE 1 CACHE INTERNAL "Flag to track whether this is the first time running CMake or if CMake has been configured before") diff -Nru curl-7.38.0/config.sub curl-7.43.0/config.sub --- curl-7.38.0/config.sub 2014-06-16 22:19:21.000000000 +0000 +++ curl-7.43.0/config.sub 2015-06-11 17:51:46.000000000 +0000 @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2014-05-01' +timestamp='2014-09-11' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -302,6 +302,7 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -828,6 +829,10 @@ basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1373,7 +1378,7 @@ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ diff -Nru curl-7.38.0/configure curl-7.43.0/configure --- curl-7.38.0/configure 2014-09-04 20:42:23.000000000 +0000 +++ curl-7.43.0/configure 2015-06-15 21:31:47.000000000 +0000 @@ -890,6 +890,7 @@ CFLAG_CURL_SYMBOL_HIDING DOING_CURL_SYMBOL_HIDING_FALSE DOING_CURL_SYMBOL_HIDING_TRUE +USE_UNIX_SOCKETS BUILD_LIBHOSTNAME_FALSE BUILD_LIBHOSTNAME_TRUE USE_EMBEDDED_ARES_FALSE @@ -922,9 +923,9 @@ HAVE_GNUTLS_SRP USE_GNUTLS_NETTLE USE_GNUTLS -HAVE_SSLEAY_SRP +HAVE_OPENSSL_SRP RANDOM_FILE -USE_SSLEAY +SSL_LIBS PKGCONFIG USE_DARWINSSL USE_WINDOWS_SSPI @@ -936,6 +937,7 @@ HAVE_LIBZ CURL_DISABLE_GOPHER CURL_DISABLE_SMTP +CURL_DISABLE_SMB CURL_DISABLE_IMAP CURL_DISABLE_POP3 CURL_DISABLE_TFTP @@ -1125,6 +1127,7 @@ enable_tftp enable_pop3 enable_imap +enable_smb enable_smtp enable_gopher enable_manual @@ -1162,6 +1165,7 @@ enable_crypto_auth enable_ntlm_wb enable_tls_srp +enable_unix_sockets enable_cookies enable_soname_bump ' @@ -1848,6 +1852,8 @@ --disable-pop3 Disable POP3 support --enable-imap Enable IMAP support --disable-imap Disable IMAP support + --enable-smb Enable SMB/CIFS support + --disable-smb Disable SMB/CIFS support --enable-smtp Enable SMTP support --disable-smtp Disable SMTP support --enable-gopher Enable Gopher support @@ -1858,8 +1864,8 @@ --disable-libcurl-option Disable --libcurl C code generation support --enable-libgcc use libgcc when linking - --enable-ipv6 Enable ipv6 (with ipv4) support - --disable-ipv6 Disable ipv6 support + --enable-ipv6 Enable IPv6 (with IPv4) support + --disable-ipv6 Disable IPv6 support --enable-versioned-symbols Enable versioned symbols in shared library --disable-versioned-symbols @@ -1881,6 +1887,8 @@ helper --enable-tls-srp Enable TLS-SRP authentication --disable-tls-srp Disable TLS-SRP authentication + --enable-unix-sockets Enable Unix domain sockets + --disable-unix-sockets Disable Unix domain sockets --enable-cookies Enable cookies support --disable-cookies Disable cookies support --enable-soname-bump Enable enforced SONAME bump @@ -2612,6 +2620,61 @@ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int main (void) +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int main (void) +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. @@ -3804,8 +3867,8 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4874,14 +4937,21 @@ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then @@ -5495,6 +5565,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)" curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" curl_ipv6_msg="no (--enable-ipv6)" +curl_unix_sockets_msg="no (--enable-unix-sockets)" curl_idn_msg="no (--with-{libidn,winidn})" curl_manual_msg="no (--enable-manual)" curl_libcurl_msg="enabled (--disable-libcurl-option)" @@ -18891,6 +18962,31 @@ +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to support smb" >&5 +$as_echo_n "checking whether to support smb... " >&6; } +# Check whether --enable-smb was given. +if test "${enable_smb+set}" = set; then : + enableval=$enable_smb; case "$enableval" in + no) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define CURL_DISABLE_SMB 1" >>confdefs.h + + CURL_DISABLE_SMB=1 + + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + esac +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to support smtp" >&5 $as_echo_n "checking whether to support smtp... " >&6; } # Check whether --enable-smtp was given. @@ -20832,7 +20928,7 @@ if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" -$as_echo "#define CURL_LDAP_WIN 1" >>confdefs.h +$as_echo "#define USE_WIN32_LDAP 1" >>confdefs.h else curl_ldap_msg="enabled (OpenLDAP)" @@ -20851,8 +20947,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable ipv6" >&5 -$as_echo_n "checking whether to enable ipv6... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable IPv6" >&5 +$as_echo_n "checking whether to enable IPv6... " >&6; } # Check whether --enable-ipv6 was given. if test "${enable_ipv6+set}" = set; then : enableval=$enable_ipv6; case "$enableval" in @@ -21028,6 +21124,8 @@ fi +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + save_CPPFLAGS="$CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if GSS-API support is requested" >&5 $as_echo_n "checking if GSS-API support is requested... " >&6; } @@ -21038,8 +21136,8 @@ if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -21183,8 +21281,8 @@ if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` + elif test -f "$KRB5CONFIG"; then + gss_libs=`$KRB5CONFIG --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -21490,6 +21588,7 @@ fi $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&5 $as_echo "$as_me: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LDFLAGS: \"$SSL_LDFLAGS\"" >&5 @@ -21776,10 +21875,6 @@ fi if test X"$OPENSSL_ENABLED" = X"1"; then - -$as_echo "#define USE_SSLEAY 1" >>confdefs.h - - for ac_header in openssl/pkcs12.h do : ac_fn_c_check_header_mongrel "$LINENO" "openssl/pkcs12.h" "ac_cv_header_openssl_pkcs12_h" "$ac_includes_default" @@ -21795,8 +21890,6 @@ else LIBS="$CLEANLIBS" fi - USE_SSLEAY="$OPENSSL_ENABLED" - if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -21844,9 +21937,7 @@ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ SSLv2_client_method \ - SSL_CTX_set_next_proto_select_cb \ - SSL_CTX_set_alpn_protos \ - SSL_CTX_set_alpn_select_cb + DES_set_odd_parity do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -21859,23 +21950,33 @@ done + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BoringSSL" >&5 +$as_echo_n "checking for BoringSSL... " >&6; } + if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then + curl_ssl_msg="enabled (BoringSSL)" + +cat >>confdefs.h <<_ACEOF +#define HAVE_BORINGSSL 1 +_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yaSSL using OpenSSL compatibility mode" >&5 -$as_echo_n "checking for yaSSL using OpenSSL compatibility mode... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libressl" >&5 +$as_echo_n "checking for libressl... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include int main (void) { -#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) - int dummy = SSL_ERROR_NONE; -#else - Not the yaSSL OpenSSL compatibility header. -#endif + int dummy = LIBRESSL_VERSION_NUMBER; ; return 0; @@ -21888,10 +21989,10 @@ $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF -#define USE_YASSLEMUL 1 +#define HAVE_LIBRESSL 1 _ACEOF - curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" + curl_ssl_msg="enabled (libressl)" else @@ -21986,6 +22087,7 @@ esac case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22095,6 +22197,42 @@ /* end confdefs.h. */ +#define SSL_CONF_CTX_new innocuous_SSL_CONF_CTX_new +#ifdef __STDC__ +# include +#else +# include +#endif +#undef SSL_CONF_CTX_new +#ifdef __cplusplus +extern "C" +#endif +char SSL_CONF_CTX_new (); +#if defined __stub_SSL_CONF_CTX_new || defined __stub___SSL_CONF_CTX_new +choke me +#endif + +int main (void) +{ +return SSL_CONF_CTX_new (); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + tst_api="0x102" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$tst_api" = "unknown"; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define SSL_renegotiate_abbreviated innocuous_SSL_renegotiate_abbreviated #ifdef __STDC__ # include @@ -22452,6 +22590,7 @@ fi case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22594,9 +22733,9 @@ if test "x$ac_cv_lib_crypto_SRP_Calc_client_key" = xyes; then : -$as_echo "#define HAVE_SSLEAY_SRP 1" >>confdefs.h +$as_echo "#define HAVE_OPENSSL_SRP 1" >>confdefs.h - HAVE_SSLEAY_SRP=1 + HAVE_OPENSSL_SRP=1 fi @@ -23266,6 +23405,9 @@ OPT_CYASSL="" fi + + cyassllibname=cyassl + if test -z "$OPT_CYASSL" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lcyassl" >&5 @@ -23379,11 +23521,79 @@ CPPFLAGS=$_cppflags LDFLAGS=$_ldflags + cyassllib="" fi fi + addld="" + addlib="" + addcflags="" + + if test "x$USE_CYASSL" != "xyes"; then + addld=-L$OPT_CYASSL/lib$libsuff + addcflags=-I$OPT_CYASSL/include + cyassllib=$OPT_CYASSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + cyassllibname=wolfssl + my_ac_save_LIBS="$LIBS" + LIBS="-l$cyassllibname -lm $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lwolfssl" >&5 +$as_echo_n "checking for CyaSSL_Init in -lwolfssl... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include + +int main (void) +{ + + return CyaSSL_Init(); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define USE_CYASSL 1" >>confdefs.h + + USE_CYASSL=1 + + CYASSL_ENABLED=1 + USE_CYASSL="yes" + curl_ssl_msg="enabled (CyaSSL)" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + cyassllib="" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$my_ac_save_LIBS" + fi + if test "x$USE_CYASSL" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: detected CyaSSL" >&5 $as_echo "$as_me: detected CyaSSL" >&6;} @@ -23422,6 +23632,19 @@ + for ac_header in cyassl/options.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "cyassl/options.h" "ac_cv_header_cyassl_options_h" "$ac_includes_default" +if test "x$ac_cv_header_cyassl_options_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CYASSL_OPTIONS_H 1 +_ACEOF + +fi + +done + + for ac_header in cyassl/error-ssl.h do : ac_fn_c_check_header_mongrel "$LINENO" "cyassl/error-ssl.h" "ac_cv_header_cyassl_error_ssl_h" "$ac_includes_default" @@ -23435,7 +23658,7 @@ done - LIBS="-lcyassl -lm $LIBS" + LIBS="-l$cyassllibname -lm $LIBS" if test -n "$cyassllib"; then if test "x$cross_compiling" != "xyes"; then @@ -23619,24 +23842,190 @@ fi fi else - # Without pkg-config, we'll kludge in some defaults - addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS - fi + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then - if test -n "$addlib"; then - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" + PKGCONFIG="no" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +$as_echo "$PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + + if test x$PKGCONFIG != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss options with pkg-config" >&5 +$as_echo_n "checking for nss options with pkg-config... " >&6; } + itexists=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --exists nss >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + PKGCONFIG="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 +$as_echo "found" >&6; } + fi + fi + + if test "$PKGCONFIG" != "no" ; then + addld=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --libs-only-L nss` + addlib=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --libs-only-l nss` + addcflags=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --cflags nss` + version=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --modversion nss` + nssprefix=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --variable=prefix nss` + fi fi + fi + + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 +$as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi + + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" + + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 $as_echo_n "checking for SSL_VersionRangeSet in -lnss3... " >&6; } if ${ac_cv_lib_nss3_SSL_VersionRangeSet+:} false; then : $as_echo_n "(cached) " >&6 @@ -23674,37 +24063,36 @@ $as_echo "#define USE_NSS 1" >>confdefs.h - USE_NSS=1 + USE_NSS=1 - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" else - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" fi - if test "x$USE_NSS" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 + if test "x$USE_NSS" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 $as_echo "$as_me: detected NSS version $version" >&6;} - NSS_LIBS=$addlib + NSS_LIBS=$addlib - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 $as_echo "$as_me: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&6;} - fi fi fi - fi fi OPT_AXTLS=off @@ -23849,13 +24237,14 @@ if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - as_fn_error $? "Can't specify both --with-ca-bundle and --with-ca-path." "$LINENO" 5 + ca="$want_ca" + capath="$want_capath" elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - if test "x$OPENSSL_ENABLED" != "x1"; then - as_fn_error $? "--with-ca-path only works with openSSL" "$LINENO" 5 + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5 fi capath="$want_capath" ca="no" @@ -23907,7 +24296,8 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ca" >&5 $as_echo "$ca" >&6; } - elif test "x$capath" != "xno"; then + fi + if test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" cat >>confdefs.h <<_ACEOF @@ -23916,7 +24306,8 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $capath (capath)" >&5 $as_echo "$capath (capath)" >&6; } - else + fi + if test "x$ca" = "xno" && test "x$capath" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -24533,19 +24924,6 @@ if test "$LIBSSH2_ENABLED" = "1"; then if test -n "$DIR_SSH2"; then - for ac_func in libssh2_version libssh2_init libssh2_exit \ - libssh2_scp_send64 libssh2_session_handshake -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - if test "x$cross_compiling" != "xyes"; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2" export LD_LIBRARY_PATH @@ -25671,9 +26049,11 @@ CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2" >&5 -$as_echo_n "checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2... " >&6; } -if ${ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback+:} false; then : + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2" >&5 +$as_echo_n "checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2... " >&6; } +if ${ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS @@ -25685,26 +26065,26 @@ #ifdef __cplusplus extern "C" #endif -char nghttp2_session_callbacks_set_send_callback (); +char nghttp2_option_set_no_recv_client_magic (); int main (void) { -return nghttp2_session_callbacks_set_send_callback (); +return nghttp2_option_set_no_recv_client_magic (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=yes + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=yes else - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=no + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&5 -$as_echo "$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&6; } -if test "x$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&5 +$as_echo "$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&6; } +if test "x$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" = xyes; then : for ac_header in nghttp2/nghttp2.h do : @@ -38925,7 +39305,7 @@ fi -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then $as_echo "#define USE_TLS_SRP 1" >>confdefs.h @@ -38933,6 +39313,53 @@ curl_tls_srp_msg="enabled" fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Unix domain sockets" >&5 +$as_echo_n "checking whether to enable Unix domain sockets... " >&6; } +# Check whether --enable-unix-sockets was given. +if test "${enable_unix_sockets+set}" = set; then : + enableval=$enable_unix_sockets; case "$enableval" in + no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + want_unix_sockets=no + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + want_unix_sockets=yes + ;; + esac +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: auto" >&5 +$as_echo "auto" >&6; } + want_unix_sockets=auto + + +fi + +if test "x$want_unix_sockets" != "xno"; then + ac_fn_c_check_member "$LINENO" "struct sockaddr_un" "sun_path" "ac_cv_member_struct_sockaddr_un_sun_path" " + #include + +" +if test "x$ac_cv_member_struct_sockaddr_un_sun_path" = xyes; then : + + +$as_echo "#define USE_UNIX_SOCKETS 1" >>confdefs.h + + USE_UNIX_SOCKETS=1 + + curl_unix_sockets_msg="enabled" + +else + + if test "x$want_unix_sockets" = "xyes"; then + as_fn_error $? "--enable-unix-sockets is not available on this platform!" "$LINENO" 5 + fi + +fi + +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable support for cookies" >&5 $as_echo_n "checking whether to enable support for cookies... " >&6; } # Check whether --enable-cookies was given. @@ -39044,7 +39471,7 @@ -if test "x$USE_SSLEAY" = "x1"; then +if test "x$OPENSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -39052,6 +39479,9 @@ if test "x$IPV6_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6" fi +if test "x$USE_UNIX_SOCKETS" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES UnixSockets" +fi if test "x$HAVE_LIBZ" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES libz" fi @@ -39074,17 +39504,24 @@ SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO" fi -if test "x$CURL_DISABLE_HTTP" != "x1" -a \ - "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ + \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then + SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos" +fi + +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then + if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" - if test "x$NTLM_WB_ENABLED" = "x1"; then + + if test "x$CURL_DISABLE_HTTP" != "x1" -a \ + "x$NTLM_WB_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" fi fi fi + if test "x$USE_TLS_SRP" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi @@ -39143,6 +39580,16 @@ SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS" fi fi +if test "x$CURL_DISABLE_SMB" != "x1" \ + -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ + -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ + -o "x$DARWINSSL_ENABLED" = "x1" \); then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" + fi +fi if test "x$CURL_DISABLE_SMTP" != "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP" if test "x$SSL_ENABLED" = "x1"; then @@ -42108,7 +42555,8 @@ GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} - ipv6 support: ${curl_ipv6_msg} + IPv6 support: ${curl_ipv6_msg} + Unix sockets support: ${curl_unix_sockets_msg} IDN support: ${curl_idn_msg} Build libcurl: Shared=${enable_shared}, Static=${enable_static} Built-in manual: ${curl_manual_msg} @@ -42137,7 +42585,8 @@ GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} - ipv6 support: ${curl_ipv6_msg} + IPv6 support: ${curl_ipv6_msg} + Unix sockets support: ${curl_unix_sockets_msg} IDN support: ${curl_idn_msg} Build libcurl: Shared=${enable_shared}, Static=${enable_static} Built-in manual: ${curl_manual_msg} diff -Nru curl-7.38.0/configure.ac curl-7.43.0/configure.ac --- curl-7.38.0/configure.ac 2014-09-04 11:21:53.000000000 +0000 +++ curl-7.43.0/configure.ac 2015-06-11 17:50:43.000000000 +0000 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -154,6 +154,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)" curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" curl_ipv6_msg="no (--enable-ipv6)" +curl_unix_sockets_msg="no (--enable-unix-sockets)" curl_idn_msg="no (--with-{libidn,winidn})" curl_manual_msg="no (--enable-manual)" curl_libcurl_msg="enabled (--disable-libcurl-option)" @@ -574,6 +575,22 @@ ) +AC_MSG_CHECKING([whether to support smb]) +AC_ARG_ENABLE(smb, +AC_HELP_STRING([--enable-smb],[Enable SMB/CIFS support]) +AC_HELP_STRING([--disable-smb],[Disable SMB/CIFS support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS]) + AC_SUBST(CURL_DISABLE_SMB, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + AC_MSG_CHECKING([whether to support smtp]) AC_ARG_ENABLE(smtp, AC_HELP_STRING([--enable-smtp],[Enable SMTP support]) @@ -1029,7 +1046,7 @@ if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" - AC_DEFINE(CURL_LDAP_WIN, 1, [Use Windows LDAP implementation]) + AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) else curl_ldap_msg="enabled (OpenLDAP)" if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then @@ -1047,10 +1064,10 @@ dnl Checks for IPv6 dnl ********************************************************************** -AC_MSG_CHECKING([whether to enable ipv6]) +AC_MSG_CHECKING([whether to enable IPv6]) AC_ARG_ENABLE(ipv6, -AC_HELP_STRING([--enable-ipv6],[Enable ipv6 (with ipv4) support]) -AC_HELP_STRING([--disable-ipv6],[Disable ipv6 support]), +AC_HELP_STRING([--enable-ipv6],[Enable IPv6 (with IPv4) support]) +AC_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), [ case "$enableval" in no) AC_MSG_RESULT(no) @@ -1167,6 +1184,8 @@ fi ]) +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + save_CPPFLAGS="$CPPFLAGS" AC_MSG_CHECKING([if GSS-API support is requested]) if test x"$want_gss" = xyes; then @@ -1175,8 +1194,8 @@ if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -1266,10 +1285,10 @@ dnl into LIBS gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then + elif test -f "$KRB5CONFIG"; then dnl krb5-config doesn't have --libs-only-L or similar, put everything dnl into LIBS - gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` + gss_libs=`$KRB5CONFIG --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -1434,6 +1453,7 @@ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + AC_SUBST(SSL_LIBS) AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) @@ -1510,7 +1530,7 @@ else - dnl Have the libraries--check for SSLeay/OpenSSL headers + dnl Have the libraries--check for OpenSSL headers AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ openssl/pem.h openssl/ssl.h openssl/err.h, curl_ssl_msg="enabled (OpenSSL)" @@ -1534,17 +1554,11 @@ fi if test X"$OPENSSL_ENABLED" = X"1"; then - AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled]) - dnl is there a pkcs12.h header present? AC_CHECK_HEADERS(openssl/pkcs12.h) else LIBS="$CLEANLIBS" fi - dnl USE_SSLEAY is the historical name for what configure calls - dnl OPENSSL_ENABLED; the names should really be unified - USE_SSLEAY="$OPENSSL_ENABLED" - AC_SUBST(USE_SSLEAY) if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -1561,8 +1575,11 @@ AC_CHECK_FUNCS( ENGINE_load_builtin_engines ) ]) - dnl these can only exist if openssl exists - dnl yassl doesn't have SSL_get_shutdown + dnl These can only exist if OpenSSL exists + dnl Older versions of Cyassl (some time before 2.9.4) don't have + dnl SSL_get_shutdown (but this check won't actually detect it there + dnl as it's a macro that needs the header files be included) + dnl BoringSSL doesn't have DES_set_odd_parity AC_CHECK_FUNCS( RAND_status \ RAND_screen \ @@ -1571,30 +1588,29 @@ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ SSLv2_client_method \ - SSL_CTX_set_next_proto_select_cb \ - SSL_CTX_set_alpn_protos \ - SSL_CTX_set_alpn_select_cb ) - - dnl Make an attempt to detect if this is actually yassl's headers and - dnl OpenSSL emulation layer. We still leave everything else believing - dnl and acting like OpenSSL. + DES_set_odd_parity ) - AC_MSG_CHECKING([for yaSSL using OpenSSL compatibility mode]) + AC_MSG_CHECKING([for BoringSSL]) + if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then + curl_ssl_msg="enabled (BoringSSL)" + AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, + [Define to 1 if using BoringSSL.]) + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + AC_MSG_CHECKING([for libressl]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include +#include ]],[[ -#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) - int dummy = SSL_ERROR_NONE; -#else - Not the yaSSL OpenSSL compatibility header. -#endif + int dummy = LIBRESSL_VERSION_NUMBER; ]]) ],[ AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(USE_YASSLEMUL, 1, - [Define to 1 if using yaSSL in OpenSSL compatibility mode.]) - curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" + AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, + [Define to 1 if using libressl.]) + curl_ssl_msg="enabled (libressl)" ],[ AC_MSG_RESULT([no]) ]) @@ -1658,8 +1674,8 @@ if test "$OPENSSL_ENABLED" = "1"; then AC_CHECK_LIB(crypto, SRP_Calc_client_key, [ - AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key]) - AC_SUBST(HAVE_SSLEAY_SRP, [1]) + AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) + AC_SUBST(HAVE_OPENSSL_SRP, [1]) ]) fi @@ -1929,6 +1945,10 @@ OPT_CYASSL="" fi + dnl This should be reworked to use pkg-config instead + + cyassllibname=cyassl + if test -z "$OPT_CYASSL" ; then dnl check for lib in system default first @@ -1970,7 +1990,55 @@ [ CPPFLAGS=$_cppflags LDFLAGS=$_ldflags + cyassllib="" + ]) + fi + + addld="" + addlib="" + addcflags="" + + if test "x$USE_CYASSL" != "xyes"; then + dnl libcyassl renamed to libwolfssl as of 3.4.0 + addld=-L$OPT_CYASSL/lib$libsuff + addcflags=-I$OPT_CYASSL/include + cyassllib=$OPT_CYASSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + cyassllibname=wolfssl + my_ac_save_LIBS="$LIBS" + LIBS="-l$cyassllibname -lm $LIBS" + + AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include + ]],[[ + return CyaSSL_Init(); + ]]) + ],[ + AC_MSG_RESULT(yes) + AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) + AC_SUBST(USE_CYASSL, [1]) + CYASSL_ENABLED=1 + USE_CYASSL="yes" + curl_ssl_msg="enabled (CyaSSL)" + ], + [ + AC_MSG_RESULT(no) + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + cyassllib="" ]) + LIBS="$my_ac_save_LIBS" fi if test "x$USE_CYASSL" = "xyes"; then @@ -1979,10 +2047,13 @@ dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! AC_CHECK_SIZEOF(long long) + dnl Versions since at least 2.6.0 may have options.h + AC_CHECK_HEADERS(cyassl/options.h) + dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h AC_CHECK_HEADERS(cyassl/error-ssl.h) - LIBS="-lcyassl -lm $LIBS" + LIBS="-l$cyassllibname -lm $LIBS" if test -n "$cyassllib"; then dnl when shared libs were found in a path that the run-time @@ -2049,56 +2120,72 @@ fi fi else - # Without pkg-config, we'll kludge in some defaults - addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then + CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) + if test "$PKGCONFIG" != "no" ; then + addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` + addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` + addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` + version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` + nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` + fi + fi fi - if test -n "$addlib"; then - - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" - - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi - dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 - AC_CHECK_LIB(nss3, SSL_VersionRangeSet, - [ - AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) - AC_SUBST(USE_NSS, [1]) - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" - ], - [ - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" - ]) + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" - if test "x$USE_NSS" = "xyes"; then - AC_MSG_NOTICE([detected NSS version $version]) + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 + AC_CHECK_LIB(nss3, SSL_VersionRangeSet, + [ + AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) + AC_SUBST(USE_NSS, [1]) + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" + ], + [ + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) - dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS - NSS_LIBS=$addlib - AC_SUBST([NSS_LIBS]) + if test "x$USE_NSS" = "xyes"; then + AC_MSG_NOTICE([detected NSS version $version]) - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl LD_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) - fi + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS + NSS_LIBS=$addlib + AC_SUBST([NSS_LIBS]) + + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) fi - fi + fi dnl NSS found fi dnl NSS not disabled @@ -2335,12 +2422,6 @@ dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH dnl to prevent further configure tests to fail due to this - dnl libssh2_version is a post 1.0 addition - dnl libssh2_init and libssh2_exit were added in 1.2.5 - dnl libssh2_scp_send64 was added in 1.2.6 - dnl libssh2_session_handshake was added in 1.2.8 - AC_CHECK_FUNCS( libssh2_version libssh2_init libssh2_exit \ - libssh2_scp_send64 libssh2_session_handshake) if test "x$cross_compiling" != "xyes"; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2" export LD_LIBRARY_PATH @@ -2760,7 +2841,9 @@ CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback, + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic, [ AC_CHECK_HEADERS(nghttp2/nghttp2.h, curl_h2_msg="enabled (nghttp2)" @@ -3260,13 +3343,46 @@ want_tls_srp=yes ) -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) USE_TLS_SRP=1 curl_tls_srp_msg="enabled" fi dnl ************************************************************ +dnl disable Unix domain sockets support +dnl +AC_MSG_CHECKING([whether to enable Unix domain sockets]) +AC_ARG_ENABLE(unix-sockets, +AC_HELP_STRING([--enable-unix-sockets],[Enable Unix domain sockets]) +AC_HELP_STRING([--disable-unix-sockets],[Disable Unix domain sockets]), +[ case "$enableval" in + no) AC_MSG_RESULT(no) + want_unix_sockets=no + ;; + *) AC_MSG_RESULT(yes) + want_unix_sockets=yes + ;; + esac ], [ + AC_MSG_RESULT(auto) + want_unix_sockets=auto + ] +) +if test "x$want_unix_sockets" != "xno"; then + AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ + AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) + AC_SUBST(USE_UNIX_SOCKETS, [1]) + curl_unix_sockets_msg="enabled" + ], [ + if test "x$want_unix_sockets" = "xyes"; then + AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) + fi + ], [ + #include + ]) +fi + +dnl ************************************************************ dnl disable cookies support dnl AC_MSG_CHECKING([whether to enable support for cookies]) @@ -3341,7 +3457,7 @@ dnl since it is more cross-compile friendly than curl-config dnl -if test "x$USE_SSLEAY" = "x1"; then +if test "x$OPENSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -3349,6 +3465,9 @@ if test "x$IPV6_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6" fi +if test "x$USE_UNIX_SOCKETS" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES UnixSockets" +fi if test "x$HAVE_LIBZ" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES libz" fi @@ -3371,17 +3490,24 @@ SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO" fi -if test "x$CURL_DISABLE_HTTP" != "x1" -a \ - "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ + \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then + SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos" +fi + +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then + if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" - if test "x$NTLM_WB_ENABLED" = "x1"; then + + if test "x$CURL_DISABLE_HTTP" != "x1" -a \ + "x$NTLM_WB_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" fi fi fi + if test "x$USE_TLS_SRP" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi @@ -3441,6 +3567,16 @@ SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS" fi fi +if test "x$CURL_DISABLE_SMB" != "x1" \ + -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ + -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ + -o "x$DARWINSSL_ENABLED" = "x1" \); then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" + fi +fi if test "x$CURL_DISABLE_SMTP" != "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP" if test "x$SSL_ENABLED" = "x1"; then @@ -3539,7 +3675,8 @@ GSS-API support: ${curl_gss_msg} TLS-SRP support: ${curl_tls_srp_msg} resolver: ${curl_res_msg} - ipv6 support: ${curl_ipv6_msg} + IPv6 support: ${curl_ipv6_msg} + Unix sockets support: ${curl_unix_sockets_msg} IDN support: ${curl_idn_msg} Build libcurl: Shared=${enable_shared}, Static=${enable_static} Built-in manual: ${curl_manual_msg} diff -Nru curl-7.38.0/COPYING curl-7.43.0/COPYING --- curl-7.38.0/COPYING 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/COPYING 2015-06-03 07:38:20.000000000 +0000 @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2014, Daniel Stenberg, . +Copyright (c) 1996 - 2015, Daniel Stenberg, . All rights reserved. diff -Nru curl-7.38.0/curl-config.in curl-7.43.0/curl-config.in --- curl-7.38.0/curl-config.in 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/curl-config.in 2015-06-03 07:38:20.000000000 +0000 @@ -71,7 +71,7 @@ ;; --ca) - echo "@CURL_CA_BUNDLE@" + echo @CURL_CA_BUNDLE@ ;; --cc) diff -Nru curl-7.38.0/debian/changelog curl-7.43.0/debian/changelog --- curl-7.38.0/debian/changelog 2015-05-05 18:18:02.000000000 +0000 +++ curl-7.43.0/debian/changelog 2015-06-18 11:40:36.000000000 +0000 @@ -1,3 +1,101 @@ +curl (7.43.0-1ubuntu1) wily; urgency=medium + + * Merge from Debian. Remaining changes: + - Drop dependencies not in main: + + Build-Depends: Drop stunnel4 and libssh2-1-dev. + + Drop libssh2-1-dev from binary package Depends. + + -- Marc Deslauriers Thu, 18 Jun 2015 07:39:39 -0400 + +curl (7.43.0-1) unstable; urgency=medium + + * New upstream release + - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236 + http://curl.haxx.se/docs/adv_20150617A.html + - Fix SMB send off unrelated memory contents as per CVE-2015-3237 + http://curl.haxx.se/docs/adv_20150617B.html + * Refresh patches + * Fix spelling-error-in-description + + -- Alessandro Ghedini Wed, 17 Jun 2015 10:21:34 +0200 + +curl (7.42.1-3ubuntu1) wily; urgency=low + + * Merge from Debian (LP: #1459685). Remaining changes: + - Drop dependencies not in main: + + Build-Depends: Drop stunnel4 and libssh2-1-dev. + + Drop libssh2-1-dev from binary package Depends. + * Dropped patches: + - debian/patches/CVE-2015-3143.patch: upstream + - debian/patches/CVE-2015-3148.patch: upstream + - debian/patches/CVE-2015-3144.patch: upstream + - debian/patches/CVE-2015-3153.patch: upstream + - debian/patches/CVE-2014-8150.patch: upstream + - debian/patches/CVE-2015-3145.patch: upstream + * Dropped changes: + - Add new libcurl3-udeb package. + - Add new curl-udeb package. + they seems to be broken since pre-trusty + + -- Gianfranco Costamagna Mon, 08 Jun 2015 10:35:57 +0200 + +curl (7.42.1-3) unstable; urgency=medium + + * Update copyright + * Set both CA bundle and CA path default values for OpenSSL and GnuTLS + backends + * Bump versioned depends on libgnutls to workaround lack of nettle versioned + symbols (Closes: #787960) + + -- Alessandro Ghedini Sun, 07 Jun 2015 18:15:15 +0200 + +curl (7.42.1-2) unstable; urgency=medium + + * Switch curl binary to libcurl3-gnutls (Closes: #342719) + This is the first step of a possible migration to a GnuTLS-only + libcurl for Debian. Let's see how it goes. + + -- Alessandro Ghedini Sun, 03 May 2015 13:13:15 +0200 + +curl (7.42.1-1) unstable; urgency=high + + * New upstream release + - Don't send sensitive HTTP server headers to proxies as per + CVE-2015-3153 + http://curl.haxx.se/docs/adv_20150429.html + * Drop 08_fix-spelling.patch (merged upstream) + * Refresh patches + + -- Alessandro Ghedini Wed, 29 Apr 2015 10:43:43 +0200 + +curl (7.42.0-1) unstable; urgency=medium + + * New upstream release + - Fix re-using authenticated connection when unauthenticated + as per CVE-2015-3143 + http://curl.haxx.se/docs/adv_20150422A.html + - Fix host name out of boundary memory access as per CVE-2015-3144 + http://curl.haxx.se/docs/adv_20150422D.html + - Fix cookie parser out of boundary memory access as per CVE-2015-3145 + http://curl.haxx.se/docs/adv_20150422C.html + - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 + http://curl.haxx.se/docs/adv_20150422B.html + - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is + defined (Closes: #768562) + * Drop patches merged upstream + * Refresh patches + * Bump Standards-Version to 3.9.6 (no changes needed) + + -- Alessandro Ghedini Wed, 22 Apr 2015 11:07:32 +0200 + +curl (7.38.0-4) unstable; urgency=high + + * Fix URL request injection vulnerability as per CVE-2014-8150 + http://curl.haxx.se/docs/adv_20150108B.html + * Set urgency=high accordingly + + -- Alessandro Ghedini Thu, 08 Jan 2015 10:47:24 +0100 + curl (7.38.0-3ubuntu3) wily; urgency=medium * SECURITY UPDATE: NTLM connection reuse when unauthenticated @@ -2187,4 +2285,3 @@ * Initial Release. -- Leon Breedt Sun, 9 May 1999 18:55:48 +0200 - diff -Nru curl-7.38.0/debian/control curl-7.43.0/debian/control --- curl-7.38.0/debian/control 2014-11-10 13:48:39.000000000 +0000 +++ curl-7.43.0/debian/control 2015-06-18 11:39:56.000000000 +0000 @@ -22,14 +22,14 @@ quilt, zlib1g-dev Build-Conflicts: autoconf2.13, automake1.4 -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/curl.git Vcs-Git: git://anonscm.debian.org/collab-maint/curl.git Homepage: http://curl.haxx.se Package: curl Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libcurl3 (= ${binary:Version}) +Depends: ${shlibs:Depends}, ${misc:Depends}, libcurl3-gnutls (= ${binary:Version}) Multi-Arch: foreign Description: command line tool for transferring data with URL syntax curl is a command line tool for transferring data with URL syntax, supporting @@ -41,21 +41,6 @@ NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -Package: curl-udeb -XC-Package-Type: udeb -Section: debian-installer -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libcurl3-udeb, libcrypto1.0.0-udeb -Description: Get a file from an HTTP, HTTPS or FTP server - curl is a client to get files from servers using any of the supported - protocols. The command is designed to work without user interaction - or any kind of interactivity. - . - curl offers a busload of useful tricks like proxy support, user - authentication, FTP upload, HTTP post, file transfer resume and more. - . - This package contains the curl binary for the Debian Installer (udeb) - Package: libcurl3 Architecture: any Section: libs @@ -79,24 +64,12 @@ . SSL support is provided by OpenSSL. -Package: libcurl3-udeb -Section: debian-installer -XC-Package-Type: udeb -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Description: Multi-protocol file transfer library (OpenSSL) - libcurl is designed to be a solid, usable, reliable and portable - multi-protocol file transfer library. - . - SSL support is provided by OpenSSL. - . - This package contains the minimal runtime libraries for the Debian Installer - (udeb). - Package: libcurl3-gnutls Architecture: any Section: libs -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, +# temporary fix for #787960 + libgnutls-deb0-28 (>= 3.3.15-5) Recommends: ca-certificates Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same @@ -173,7 +146,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by OpenSSL. @@ -210,7 +183,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by GnuTLS. @@ -247,7 +220,7 @@ successful companies and numerous applications. . This package provides the development files (ie. includes, static library, - manual pages) that allow to build software which uses libcurl. + manual pages) that allow one to build software which uses libcurl. . SSL support is provided by NSS. diff -Nru curl-7.38.0/debian/copyright curl-7.43.0/debian/copyright --- curl-7.38.0/debian/copyright 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/copyright 2015-06-17 08:21:41.000000000 +0000 @@ -3,27 +3,27 @@ Source: http://curl.haxx.se Files: * -Copyright: 1996-2014, Daniel Stenberg +Copyright: 1996-2015, Daniel Stenberg License: curl Files: lib/vtls/axtls.* Copyright: 2010, DirecTV - 2010-2014, Daniel Stenberg + 2010-2015, Daniel Stenberg License: curl -Files: lib/vtls/curl_darwinssl.* -Copyright: 2012, Nick Zitzmann - 2012-2014, Daniel Stenberg +Files: lib/vtls/darwinssl.* +Copyright: 2012-2014, Nick Zitzmann + 2012-2015, Daniel Stenberg License: curl Files: lib/curl_rtmp.* Copyright: 2010, Howard Chu License: curl -Files: lib/vtls/curl_schannel.* -Copyright: 2012, Marc Hoersken +Files: lib/vtls/schannel.* +Copyright: 2012-2014, Marc Hoersken 2012, Mark Salisbury - 2012-2014, Daniel Stenberg + 2012-2015, Daniel Stenberg License: curl Files: lib/inet_pton.c @@ -33,45 +33,28 @@ Files: lib/krb5.c lib/security.c -Copyright: 2004-2011 Daniel Stenberg +Copyright: 2004-2015 Daniel Stenberg 1995-1999 Kungliga Tekniska Högskolan License: BSD-3-Clause Files: lib/md4.c -Copyright: 1990-1992, RSA Data Security, Inc -License: - License to copy and use this software is granted provided that it - is identified as the "RSA Data Security, Inc. MD4 Message-Digest - Algorithm" in all material mentioning or referencing this software - or this function. - . - License is also granted to make and use derivative works provided - that such works are identified as "derived from the RSA Data - Security, Inc. MD4 Message-Digest Algorithm" in all material - mentioning or referencing the derived work. - . - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - . - These notices must be retained in any copies of any part of this - documentation and/or software. +Copyright: 2001, Solar Designer +License: public-domain Files: lib/openldap.* -Copyright: 2011-2012, Daniel Stenberg +Copyright: 2011-2015, Daniel Stenberg 2010, Howard Chu License: curl Files: lib/vtls/polarssl.* Copyright: 2010-2011, Hoi-Ho Chan - 2012, Daniel Stenberg + 2012-2015, Daniel Stenberg License: curl Files: lib/socks_gssapi.c lib/socks_sspi.* Copyright: 2009, 2011, Markus Moeller, - 2012, Daniel Stenberg, + 2012-2015, Daniel Stenberg, License: curl Files: tests/certs/scripts/genroot.sh @@ -84,8 +67,8 @@ License: BSD-4-Clause Files: tests/server/fake_ntlm.c -Copyright: 1998-2010, Mandy Wu - 2011-2012, Daniel Stenberg +Copyright: 2010, Mandy Wu + 2011-2013, Daniel Stenberg License: curl Files: docs/examples/fopen.c @@ -102,7 +85,7 @@ Files: docs/examples/curlx.c Copyright: 2003, The OpenEvidence Project -License: +License: other Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -161,7 +144,7 @@ Files: src/macos/src/macos_main.cpp Copyright: 2001, Eric Lavigne -License: +License: other Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely, subject to the following restrictions: - The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from defects in it. - The origin of this software must not be misrepresented, either by explicit claim or by omission. - You are allowed to distributed modified copies of the software, in source and binary form, provided they are marked plainly as altered versions, and are not misrepresented as being the original software. Files: debian/* diff -Nru curl-7.38.0/debian/patches/01_runtests_gdb.patch curl-7.43.0/debian/patches/01_runtests_gdb.patch --- curl-7.38.0/debian/patches/01_runtests_gdb.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/01_runtests_gdb.patch 2015-06-17 08:21:41.000000000 +0000 @@ -7,7 +7,7 @@ --- a/tests/runtests.pl +++ b/tests/runtests.pl -@@ -3404,11 +3404,11 @@ +@@ -3548,11 +3548,11 @@ # run the command line we built if ($torture) { $cmdres = torture($CMDLINE, @@ -21,7 +21,7 @@ $cmdres=0; # makes it always continue after a debugged run } else { -@@ -3442,7 +3442,7 @@ +@@ -3586,7 +3586,7 @@ open(GDBCMD, ">$LOGDIR/gdbcmd2"); print GDBCMD "bt\n"; close(GDBCMD); diff -Nru curl-7.38.0/debian/patches/08_fix-spelling.patch curl-7.43.0/debian/patches/08_fix-spelling.patch --- curl-7.38.0/debian/patches/08_fix-spelling.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/08_fix-spelling.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -Description: Fix spelling error in manpage -Origin: vendor -Forwarded: no -Author: Alessandro Ghedini -Last-Update: 2014-09-10 - ---- a/docs/curl.1 -+++ b/docs/curl.1 -@@ -1637,7 +1637,7 @@ - still. - - When using Kerberos V5 with a Windows based server you should include the --Windows domain name in the user name, in order for the server to succesfully -+Windows domain name in the user name, in order for the server to successfully - obtain a Kerberos Ticket. If you don't then the initial authentication - handshake may fail. - diff -Nru curl-7.38.0/debian/patches/09_libtoolize_check.patch curl-7.43.0/debian/patches/09_libtoolize_check.patch --- curl-7.38.0/debian/patches/09_libtoolize_check.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/09_libtoolize_check.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,77 +0,0 @@ -From: Helmut Grohne -Subject: check for libtoolize rather than libtool -Last-Modified: 2014-09-19 - -libtool is now in package libtool-bin, but curl really only uses libtoolize. - ---- a/buildconf -+++ b/buildconf -@@ -190,31 +190,35 @@ - fi - - #-------------------------------------------------------------------------- --# GNU libtool preliminary check -+# GNU libtoolize check - # - want_lt_major=1 - want_lt_minor=4 - want_lt_patch=2 - want_lt_version=1.4.2 - --# This approach that tries 'glibtool' first is intended for systems that --# have GNU libtool named as 'glibtool' and libtool not being GNU's. -+# This approach that tries 'glibtoolize' first is intended for systems that -+# have GNU libtool named as 'glibtoolize' and libtoolize not being GNU's. - --libtool=`findtool glibtool 2>/dev/null` --if test ! -x "$libtool"; then -- libtool=`findtool ${LIBTOOL:-libtool}` -+if test -z "$LIBTOOLIZE"; then -+ libtoolize=`findtool glibtoolize 2>/dev/null` -+ if test ! -x "$libtoolize"; then -+ libtoolize=`findtool libtoolize 2>/dev/null` -+ fi -+else -+ libtoolize=`findtool $LIBTOOLIZE` - fi --if test -z "$libtool"; then -- echo "buildconf: libtool not found." -- echo " You need GNU libtool $want_lt_version or newer installed." -+if test ! -f "$libtoolize"; then -+ echo "buildconf: libtoolize not found." -+ echo " You need GNU libtoolize $want_lt_version or newer installed." - exit 1 - fi - --lt_pver=`$libtool --version 2>/dev/null|head -n 1` -+lt_pver=`$libtoolize --version 2>/dev/null|head -n 1` - lt_qver=`echo $lt_pver|sed -e "s/([^)]*)//g" -e "s/^[^0-9]*//g"` - lt_version=`echo $lt_qver|sed -e "s/[- ].*//" -e "s/\([a-z]*\)$//"` - if test -z "$lt_version"; then -- echo "buildconf: libtool not found." -+ echo "buildconf: libtoolize not found." - echo " You need GNU libtool $want_lt_version or newer installed." - exit 1 - fi -@@ -253,21 +257,6 @@ - echo "buildconf: libtool version $lt_version (ok)" - - #-------------------------------------------------------------------------- --# GNU libtoolize check --# --if test -z "$LIBTOOLIZE"; then -- # use (g)libtoolize from same location as (g)libtool -- libtoolize="${libtool}ize" --else -- libtoolize=`findtool $LIBTOOLIZE` --fi --if test ! -f "$libtoolize"; then -- echo "buildconf: libtoolize not found." -- echo " You need GNU libtoolize $want_lt_version or newer installed." -- exit 1 --fi -- --#-------------------------------------------------------------------------- - # m4 check - # - m4=`(${M4:-m4} --version || ${M4:-gm4} --version) 2>/dev/null | head -n 1`; diff -Nru curl-7.38.0/debian/patches/10_fix-resolver.patch curl-7.43.0/debian/patches/10_fix-resolver.patch --- curl-7.38.0/debian/patches/10_fix-resolver.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/10_fix-resolver.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -From d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 23 Sep 2014 11:44:03 +0200 -Subject: [PATCH] threaded-resolver: revert Curl_expire_latest() switch - -The switch to using Curl_expire_latest() in commit cacdc27f52b was a -mistake and was against the advice even mentioned in that commit. The -comparison in asyn-thread.c:Curl_resolver_is_resolved() makes -Curl_expire() the suitable function to use. - -Bug: http://curl.haxx.se/bug/view.cgi?id=1426 -Reported-By: graysky ---- - lib/asyn-thread.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c -index e4ad32b..6cdc9ad 100644 ---- a/lib/asyn-thread.c -+++ b/lib/asyn-thread.c -@@ -541,7 +541,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn, - td->poll_interval = 250; - - td->interval_end = elapsed + td->poll_interval; -- Curl_expire_latest(conn->data, td->poll_interval); -+ Curl_expire(conn->data, td->poll_interval); - } - - return CURLE_OK; diff -Nru curl-7.38.0/debian/patches/11_CVE-2014-3707.patch curl-7.43.0/debian/patches/11_CVE-2014-3707.patch --- curl-7.38.0/debian/patches/11_CVE-2014-3707.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/11_CVE-2014-3707.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,400 +0,0 @@ -From 3696fc1ba79d9b34660c44150be5e93ecf87dd9e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 17 Oct 2014 12:59:32 +0200 -Subject: [PATCH] curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of - bounds - -When duplicating a handle, the data to post was duplicated using -strdup() when it could be binary and contain zeroes and it was not even -zero terminated! This caused read out of bounds crashes/segfaults. - -Since the lib/strdup.c file no longer is easily shared with the curl -tool with this change, it now uses its own version instead. - -Bug: http://curl.haxx.se/docs/adv_20141105.html -CVE: CVE-2014-3707 -Reported-By: Symeon Paraschoudis ---- - lib/formdata.c | 52 +++++++++------------------------------------------- - lib/strdup.c | 32 +++++++++++++++++++++++++++----- - lib/strdup.h | 3 ++- - lib/url.c | 22 +++++++++++++++++----- - lib/urldata.h | 11 +++++++++-- - src/Makefile.inc | 4 ++-- - src/tool_setup.h | 5 ++--- - src/tool_strdup.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ - src/tool_strdup.h | 30 ++++++++++++++++++++++++++++++ - 9 files changed, 145 insertions(+), 61 deletions(-) - create mode 100644 src/tool_strdup.c - create mode 100644 src/tool_strdup.h - ---- a/lib/formdata.c -+++ b/lib/formdata.c -@@ -36,6 +36,7 @@ - #include "strequal.h" - #include "curl_memory.h" - #include "sendf.h" -+#include "strdup.h" - - #define _MPRINTF_REPLACE /* use our functions only */ - #include -@@ -214,46 +215,6 @@ - - /*************************************************************************** - * -- * memdup() -- * -- * Copies the 'source' data to a newly allocated buffer buffer (that is -- * returned). Uses buffer_length if not null, else uses strlen to determine -- * the length of the buffer to be copied -- * -- * Returns the new pointer or NULL on failure. -- * -- ***************************************************************************/ --static char *memdup(const char *src, size_t buffer_length) --{ -- size_t length; -- bool add = FALSE; -- char *buffer; -- -- if(buffer_length) -- length = buffer_length; -- else if(src) { -- length = strlen(src); -- add = TRUE; -- } -- else -- /* no length and a NULL src pointer! */ -- return strdup(""); -- -- buffer = malloc(length+add); -- if(!buffer) -- return NULL; /* fail */ -- -- memcpy(buffer, src, length); -- -- /* if length unknown do null termination */ -- if(add) -- buffer[length] = '\0'; -- -- return buffer; --} -- --/*************************************************************************** -- * - * FormAdd() - * - * Stores a formpost parameter and builds the appropriate linked list. -@@ -682,9 +643,12 @@ - (form == first_form) ) { - /* Note that there's small risk that form->name is NULL here if the - app passed in a bad combo, so we better check for that first. */ -- if(form->name) -+ if(form->name) { - /* copy name (without strdup; possibly contains null characters) */ -- form->name = memdup(form->name, form->namelength); -+ form->name = Curl_memdup(form->name, form->namelength? -+ form->namelength: -+ strlen(form->name)+1); -+ } - if(!form->name) { - return_value = CURL_FORMADD_MEMORY; - break; -@@ -695,7 +659,9 @@ - HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER | - HTTPPOST_CALLBACK)) ) { - /* copy value (without strdup; possibly contains null characters) */ -- form->value = memdup(form->value, form->contentslength); -+ form->value = Curl_memdup(form->value, form->contentslength? -+ form->contentslength: -+ strlen(form->value)+1); - if(!form->value) { - return_value = CURL_FORMADD_MEMORY; - break; ---- a/lib/strdup.c -+++ b/lib/strdup.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -19,12 +19,12 @@ - * KIND, either express or implied. - * - ***************************************************************************/ --/* -- * This file is 'mem-include-scan' clean. See test 1132. -- */ - #include "curl_setup.h" -- - #include "strdup.h" -+#include "curl_memory.h" -+ -+/* The last #include file should be: */ -+#include "memdebug.h" - - #ifndef HAVE_STRDUP - char *curlx_strdup(const char *str) -@@ -50,3 +50,25 @@ - - } - #endif -+ -+/*************************************************************************** -+ * -+ * Curl_memdup(source, length) -+ * -+ * Copies the 'source' data to a newly allocated buffer (that is -+ * returned). Copies 'length' bytes. -+ * -+ * Returns the new pointer or NULL on failure. -+ * -+ ***************************************************************************/ -+char *Curl_memdup(const char *src, size_t length) -+{ -+ char *buffer = malloc(length); -+ if(!buffer) -+ return NULL; /* fail */ -+ -+ memcpy(buffer, src, length); -+ -+ /* if length unknown do null termination */ -+ return buffer; -+} ---- a/lib/strdup.h -+++ b/lib/strdup.h -@@ -7,7 +7,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -26,5 +26,6 @@ - #ifndef HAVE_STRDUP - extern char *curlx_strdup(const char *str); - #endif -+char *Curl_memdup(const char *src, size_t buffer_length); - - #endif /* HEADER_CURL_STRDUP_H */ ---- a/lib/url.c -+++ b/lib/url.c -@@ -125,6 +125,7 @@ - #include "multihandle.h" - #include "pipeline.h" - #include "dotdot.h" -+#include "strdup.h" - - #define _MPRINTF_REPLACE /* use our functions only */ - #include -@@ -270,8 +271,9 @@ - { - /* Free all dynamic strings stored in the data->set substructure. */ - enum dupstring i; -- for(i=(enum dupstring)0; i < STRING_LAST; i++) -+ for(i=(enum dupstring)0; i < STRING_LAST; i++) { - Curl_safefree(data->set.str[i]); -+ } - - if(data->change.referer_alloc) { - Curl_safefree(data->change.referer); -@@ -356,14 +358,24 @@ - memset(dst->set.str, 0, STRING_LAST * sizeof(char *)); - - /* duplicate all strings */ -- for(i=(enum dupstring)0; i< STRING_LAST; i++) { -+ for(i=(enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) { - r = setstropt(&dst->set.str[i], src->set.str[i]); - if(r != CURLE_OK) -- break; -+ return r; - } - -- /* If a failure occurred, freeing has to be performed externally. */ -- return r; -+ /* duplicate memory areas pointed to */ -+ i = STRING_COPYPOSTFIELDS; -+ if(src->set.postfieldsize && src->set.str[i]) { -+ /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */ -+ dst->set.str[i] = Curl_memdup(src->set.str[i], src->set.postfieldsize); -+ if(!dst->set.str[i]) -+ return CURLE_OUT_OF_MEMORY; -+ /* point to the new copy */ -+ dst->set.postfields = dst->set.str[i]; -+ } -+ -+ return CURLE_OK; - } - - /* ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -1378,7 +1378,6 @@ - STRING_KRB_LEVEL, /* krb security level */ - STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find - $HOME/.netrc */ -- STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */ - STRING_PROXY, /* proxy to use */ - STRING_SET_RANGE, /* range, if used */ - STRING_SET_REFERER, /* custom string for the HTTP referer field */ -@@ -1420,7 +1419,15 @@ - - STRING_BEARER, /* , if used */ - -- /* -- end of strings -- */ -+ /* -- end of zero-terminated strings -- */ -+ -+ STRING_LASTZEROTERMINATED, -+ -+ /* -- below this are pointers to binary data that cannot be strdup'ed. -+ Each such pointer must be added manually to Curl_dupset() --- */ -+ -+ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */ -+ - STRING_LAST /* not used, just an end-of-list marker */ - }; - ---- a/src/Makefile.inc -+++ b/src/Makefile.inc -@@ -11,7 +11,6 @@ - # the official API, but we re-use the code here to avoid duplication. - CURLX_CFILES = \ - ../lib/strtoofft.c \ -- ../lib/strdup.c \ - ../lib/rawstr.c \ - ../lib/nonblock.c \ - ../lib/warnless.c -@@ -19,7 +18,6 @@ - CURLX_HFILES = \ - ../lib/curl_setup.h \ - ../lib/strtoofft.h \ -- ../lib/strdup.h \ - ../lib/rawstr.h \ - ../lib/nonblock.h \ - ../lib/warnless.h -@@ -55,6 +53,7 @@ - tool_panykey.c \ - tool_paramhlp.c \ - tool_parsecfg.c \ -+ tool_strdup.c \ - tool_setopt.c \ - tool_sleep.c \ - tool_urlglob.c \ -@@ -99,6 +98,7 @@ - tool_setopt.h \ - tool_setup.h \ - tool_sleep.h \ -+ tool_strdup.h \ - tool_urlglob.h \ - tool_util.h \ - tool_version.h \ ---- a/src/tool_setup.h -+++ b/src/tool_setup.h -@@ -7,7 +7,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -67,8 +67,7 @@ - #endif - - #ifndef HAVE_STRDUP --# include "strdup.h" --# define strdup(ptr) curlx_strdup(ptr) -+# include "tool_strdup.h" - #endif - - #endif /* HEADER_CURL_TOOL_SETUP_H */ ---- /dev/null -+++ b/src/tool_strdup.c -@@ -0,0 +1,47 @@ -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at http://curl.haxx.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ ***************************************************************************/ -+#include "strdup.h" -+ -+#ifndef HAVE_STRDUP -+char *strdup(const char *str) -+{ -+ size_t len; -+ char *newstr; -+ -+ if(!str) -+ return (char *)NULL; -+ -+ len = strlen(str); -+ -+ if(len >= ((size_t)-1) / sizeof(char)) -+ return (char *)NULL; -+ -+ newstr = malloc((len+1)*sizeof(char)); -+ if(!newstr) -+ return (char *)NULL; -+ -+ memcpy(newstr,str,(len+1)*sizeof(char)); -+ -+ return newstr; -+ -+} -+#endif ---- /dev/null -+++ b/src/tool_strdup.h -@@ -0,0 +1,30 @@ -+#ifndef HEADER_TOOL_STRDUP_H -+#define HEADER_TOOL_STRDUP_H -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at http://curl.haxx.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ ***************************************************************************/ -+#include "tool_setup.h" -+ -+#ifndef HAVE_STRDUP -+extern char *strdup(const char *str); -+#endif -+ -+#endif /* HEADER_TOOL_STRDUP_H */ diff -Nru curl-7.38.0/debian/patches/90_gnutls.patch curl-7.43.0/debian/patches/90_gnutls.patch --- curl-7.38.0/debian/patches/90_gnutls.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/90_gnutls.patch 2015-06-17 08:21:41.000000000 +0000 @@ -21,16 +21,16 @@ # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines --- a/lib/Makefile.am +++ b/lib/Makefile.am -@@ -36,7 +36,7 @@ +@@ -32,7 +32,7 @@ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - objnames-test08.sh objnames-test10.sh objnames.inc + objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist -lib_LTLIBRARIES = libcurl.la +lib_LTLIBRARIES = libcurl-gnutls.la if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -106,38 +106,38 @@ +@@ -102,38 +102,38 @@ AM_LDFLAGS = AM_CFLAGS = @@ -82,7 +82,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -146,7 +146,7 @@ +@@ -142,7 +142,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc @@ -100,8 +100,8 @@ -curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@ +curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@ else --curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ -+curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ +-curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @SSL_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ ++curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @SSL_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ endif curl_LDFLAGS = @LIBMETALINK_LDFLAGS@ diff -Nru curl-7.38.0/debian/patches/99_nss.patch curl-7.43.0/debian/patches/99_nss.patch --- curl-7.38.0/debian/patches/99_nss.patch 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/patches/99_nss.patch 2015-06-17 08:21:41.000000000 +0000 @@ -21,16 +21,16 @@ # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines --- a/lib/Makefile.am +++ b/lib/Makefile.am -@@ -36,7 +36,7 @@ +@@ -32,7 +32,7 @@ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - objnames-test08.sh objnames-test10.sh objnames.inc + objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist -lib_LTLIBRARIES = libcurl-gnutls.la +lib_LTLIBRARIES = libcurl-nss.la if BUILD_UNITTESTS noinst_LTLIBRARIES = libcurlu.la -@@ -106,38 +106,38 @@ +@@ -102,38 +102,38 @@ AM_LDFLAGS = AM_CFLAGS = @@ -82,7 +82,7 @@ libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) -@@ -146,7 +146,7 @@ +@@ -142,7 +142,7 @@ # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc @@ -100,8 +100,8 @@ -curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@ +curl_LDADD = $(top_builddir)/lib/libcurl-nss.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@ else --curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ -+curl_LDADD = $(top_builddir)/lib/libcurl-nss.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ +-curl_LDADD = $(top_builddir)/lib/libcurl-gnutls.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @SSL_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ ++curl_LDADD = $(top_builddir)/lib/libcurl-nss.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @SSL_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ endif curl_LDFLAGS = @LIBMETALINK_LDFLAGS@ diff -Nru curl-7.38.0/debian/patches/CVE-2014-8150.patch curl-7.43.0/debian/patches/CVE-2014-8150.patch --- curl-7.38.0/debian/patches/CVE-2014-8150.patch 2015-01-14 13:46:57.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2014-8150.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,171 +0,0 @@ -Description: fix URL request injection -Origin: backport, https://github.com/bagder/curl/commit/178bd7db34f77e020fb8562890c5625ccbd67093 -Origin: backport, https://github.com/bagder/curl/commit/3df8e78860d3a3d3cf95252bd2b4ad5fd53360cd - -Index: curl-7.38.0/lib/url.c -=================================================================== ---- curl-7.38.0.orig/lib/url.c 2015-01-14 07:56:34.260011636 -0500 -+++ curl-7.38.0/lib/url.c 2015-01-14 07:56:34.260011636 -0500 -@@ -3784,6 +3784,13 @@ - - *prot_missing = FALSE; - -+ /* We might pass the entire URL into the request so we need to make sure -+ * there are no bad characters in there.*/ -+ if(strpbrk(data->change.url, "\r\n")) { -+ failf(data, "Illegal characters found in URL"); -+ return CURLE_URL_MALFORMAT; -+ } -+ - /************************************************************* - * Parse the URL. - * -Index: curl-7.38.0/tests/data/Makefile.am -=================================================================== ---- curl-7.38.0.orig/tests/data/Makefile.am 2015-01-14 07:56:34.260011636 -0500 -+++ curl-7.38.0/tests/data/Makefile.am 2015-01-14 07:56:34.260011636 -0500 -@@ -130,7 +130,7 @@ - test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ - test1516 \ - \ --test1525 test1526 test1527 test1528 \ -+test1525 test1526 test1527 test1528 test1529 \ - \ - test1900 test1901 test1902 test1903 \ - \ -Index: curl-7.38.0/tests/data/test1529 -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ curl-7.38.0/tests/data/test1529 2015-01-14 07:56:34.260011636 -0500 -@@ -0,0 +1,43 @@ -+ -+ -+ -+HTTP -+HTTP GET -+HTTP proxy -+ -+ -+ -+# Server-side -+ -+ -+HTTP/1.1 200 OK -+We-are: good -+ -+ -+ -+ -+# Client-side -+ -+ -+http -+http-proxy -+ -+ -+lib1529 -+ -+ -+HTTP request-injection in URL sent over proxy -+ -+ -+ "http://the.old.moo:%HTTPPORT/1529" %HOSTIP:%PROXYPORT -+ -+ -+ -+# it should be detected and an error should be reported -+ -+# 3 == CURLE_URL_MALFORMAT -+ -+3 -+ -+ -+ -Index: curl-7.38.0/tests/libtest/Makefile.inc -=================================================================== ---- curl-7.38.0.orig/tests/libtest/Makefile.inc 2015-01-14 07:56:34.260011636 -0500 -+++ curl-7.38.0/tests/libtest/Makefile.inc 2015-01-14 07:56:34.260011636 -0500 -@@ -22,7 +22,7 @@ - lib583 lib585 lib586 lib587 lib590 lib591 lib597 lib598 lib599 \ - lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ - lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 \ -- lib1525 lib1526 lib1527 lib1528 \ -+ lib1525 lib1526 lib1527 lib1528 lib1529 \ - lib1900 \ - lib2033 - -@@ -372,6 +372,10 @@ - lib1528_LDADD = $(TESTUTIL_LIBS) - lib1528_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1528 - -+lib1529_SOURCES = lib1529.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) -+lib1529_LDADD = $(TESTUTIL_LIBS) -+lib1529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1529 -+ - lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) - lib1900_LDADD = $(TESTUTIL_LIBS) - lib1900_CPPFLAGS = $(AM_CPPFLAGS) -Index: curl-7.38.0/tests/libtest/lib1529.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ curl-7.38.0/tests/libtest/lib1529.c 2015-01-14 07:56:34.260011636 -0500 -@@ -0,0 +1,59 @@ -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at http://curl.haxx.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ ***************************************************************************/ -+ -+#include "test.h" -+ -+#include "memdebug.h" -+ -+int test(char *URL) -+{ -+ CURL *curl = NULL; -+ CURLcode res = CURLE_FAILED_INIT; -+ char bURL[512]; -+ snprintf(bURL, sizeof(bURL), "%s HTTP/1.1\r\nGET http://1529.com/1529", URL); -+ -+ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { -+ fprintf(stderr, "curl_global_init() failed\n"); -+ return TEST_ERR_MAJOR_BAD; -+ } -+ -+ if((curl = curl_easy_init()) == NULL) { -+ fprintf(stderr, "curl_easy_init() failed\n"); -+ curl_global_cleanup(); -+ return TEST_ERR_MAJOR_BAD; -+ } -+ -+ test_setopt(curl, CURLOPT_URL, bURL); -+ test_setopt(curl, CURLOPT_PROXY, libtest_arg2); -+ test_setopt(curl, CURLOPT_VERBOSE, 1L); -+ test_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); -+ test_setopt(curl, CURLOPT_HEADER, 1L); -+ -+ res = curl_easy_perform(curl); -+ -+test_cleanup: -+ -+ curl_easy_cleanup(curl); -+ curl_global_cleanup(); -+ -+ return (int)res; -+} diff -Nru curl-7.38.0/debian/patches/CVE-2015-3143.patch curl-7.43.0/debian/patches/CVE-2015-3143.patch --- curl-7.38.0/debian/patches/CVE-2015-3143.patch 2015-04-22 11:53:58.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2015-3143.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 16 Apr 2015 13:26:46 +0200 -Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to - match - -CVE-2015-3143 - -Bug: http://curl.haxx.se/docs/adv_20150422A.html -Reported-by: Paras Sethia ---- - lib/url.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: curl-7.38.0/lib/url.c -=================================================================== ---- curl-7.38.0.orig/lib/url.c 2015-04-22 07:53:56.071302729 -0400 -+++ curl-7.38.0/lib/url.c 2015-04-22 07:53:56.067302697 -0400 -@@ -3131,7 +3131,7 @@ - } - - if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) || -- wantNTLMhttp) { -+ (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) { - /* This protocol requires credentials per connection or is HTTP+NTLM, - so verify that we're using the same name and password as well */ - if(!strequal(needle->user, check->user) || diff -Nru curl-7.38.0/debian/patches/CVE-2015-3144.patch curl-7.43.0/debian/patches/CVE-2015-3144.patch --- curl-7.38.0/debian/patches/CVE-2015-3144.patch 2015-04-22 11:54:05.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2015-3144.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 16 Apr 2015 23:52:04 +0200 -Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If a URL is given with a zero-length host name, like in "http://:80" or -just ":80", `fix_hostname()` will index the host name pointer with a -1 -offset (as it blindly assumes a non-zero length) and both read and -assign that address. - -CVE-2015-3144 - -Bug: http://curl.haxx.se/docs/adv_20150422D.html -Reported-by: Hanno Böck ---- - lib/url.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: curl-7.38.0/lib/url.c -=================================================================== ---- curl-7.38.0.orig/lib/url.c 2015-04-22 07:54:03.055357366 -0400 -+++ curl-7.38.0/lib/url.c 2015-04-22 07:54:03.055357366 -0400 -@@ -3545,7 +3545,7 @@ - host->dispname = host->name; - - len = strlen(host->name); -- if(host->name[len-1] == '.') -+ if(len && (host->name[len-1] == '.')) - /* strip off a single trailing dot if present, primarily for SNI but - there's no use for it */ - host->name[len-1]=0; diff -Nru curl-7.38.0/debian/patches/CVE-2015-3145.patch curl-7.43.0/debian/patches/CVE-2015-3145.patch --- curl-7.38.0/debian/patches/CVE-2015-3145.patch 2015-04-22 11:54:13.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2015-3145.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ -From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 16 Apr 2015 16:37:40 +0200 -Subject: [PATCH] cookie: cookie parser out of boundary memory access -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The internal libcurl function called sanitize_cookie_path() that cleans -up the path element as given to it from a remote site or when read from -a file, did not properly validate the input. If given a path that -consisted of a single double-quote, libcurl would index a newly -allocated memory area with index -1 and assign a zero to it, thus -destroying heap memory it wasn't supposed to. - -CVE-2015-3145 - -Bug: http://curl.haxx.se/docs/adv_20150422C.html -Reported-by: Hanno Böck ---- - lib/cookie.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -Index: curl-7.38.0/lib/cookie.c -=================================================================== ---- curl-7.38.0.orig/lib/cookie.c 2015-04-22 07:54:11.375422455 -0400 -+++ curl-7.38.0/lib/cookie.c 2015-04-22 07:54:11.371422423 -0400 -@@ -233,11 +233,14 @@ - return NULL; - - /* some stupid site sends path attribute with '"'. */ -+ len = strlen(new_path); - if(new_path[0] == '\"') { -- memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path)); -+ memmove((void *)new_path, (const void *)(new_path + 1), len); -+ len--; - } -- if(new_path[strlen(new_path) - 1] == '\"') { -- new_path[strlen(new_path) - 1] = 0x0; -+ if(len && (new_path[len - 1] == '\"')) { -+ new_path[len - 1] = 0x0; -+ len--; - } - - /* RFC6265 5.2.4 The Path Attribute */ -@@ -249,8 +252,7 @@ - } - - /* convert /hoge/ to /hoge */ -- len = strlen(new_path); -- if(1 < len && new_path[len - 1] == '/') { -+ if(len && new_path[len - 1] == '/') { - new_path[len - 1] = 0x0; - } - diff -Nru curl-7.38.0/debian/patches/CVE-2015-3148.patch curl-7.43.0/debian/patches/CVE-2015-3148.patch --- curl-7.38.0/debian/patches/CVE-2015-3148.patch 2015-04-22 11:54:20.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2015-3148.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -From 6abfb512ed22c2de891a4398616d81a2a0690b5a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 18 Apr 2015 23:50:16 +0200 -Subject: [PATCH] http_done: close Negotiate connections when done - -When doing HTTP requests Negotiate authenticated, the entire connnection -may become authenticated and not just the specific HTTP request which is -otherwise how HTTP works, as Negotiate can basically use NTLM under the -hood. curl was not adhering to this fact but would assume that such -requests would also be authenticated per request. - -CVE-2015-3148 - -Bug: http://curl.haxx.se/docs/adv_20150422B.html -Reported-by: Isaac Boukris ---- - lib/http.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -Index: curl-7.38.0/lib/http.c -=================================================================== ---- curl-7.38.0.orig/lib/http.c 2015-04-22 07:54:18.355477058 -0400 -+++ curl-7.38.0/lib/http.c 2015-04-22 07:54:18.355477058 -0400 -@@ -1434,8 +1434,14 @@ - - #ifdef USE_SPNEGO - if(data->state.proxyneg.state == GSS_AUTHSENT || -- data->state.negotiate.state == GSS_AUTHSENT) -+ data->state.negotiate.state == GSS_AUTHSENT) { -+ /* add forbid re-use if http-code != 401 as a WA -+ * only needed for 401 that failed handling -+ * otherwie state will be RECV with current code */ -+ if((data->req.httpcode != 401) && (data->req.httpcode != 407)) -+ connclose(conn, "Negotiate transfer completed"); - Curl_cleanup_negotiate(data); -+ } - #endif - - /* set the proper values (possibly modified on POST) */ diff -Nru curl-7.38.0/debian/patches/CVE-2015-3153.patch curl-7.43.0/debian/patches/CVE-2015-3153.patch --- curl-7.38.0/debian/patches/CVE-2015-3153.patch 2015-04-29 13:09:10.000000000 +0000 +++ curl-7.43.0/debian/patches/CVE-2015-3153.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,96 +0,0 @@ -From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 23 Apr 2015 15:58:21 +0200 -Subject: [PATCH] CURLOPT_HEADEROPT: default to separate - -Make the HTTP headers separated by default for improved security and -reduced risk for information leakage. - -Bug: http://curl.haxx.se/docs/adv_20150429.html -Reported-by: Yehezkel Horowitz, Oren Souroujon ---- - docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------ - lib/url.c | 1 + - tests/data/test1527 | 2 +- - tests/data/test287 | 2 +- - tests/libtest/lib1527.c | 1 + - 5 files changed, 10 insertions(+), 8 deletions(-) - -Index: curl-7.38.0/docs/libcurl/opts/CURLOPT_HEADEROPT.3 -=================================================================== ---- curl-7.38.0.orig/docs/libcurl/opts/CURLOPT_HEADEROPT.3 2015-04-29 09:08:13.789230068 -0400 -+++ curl-7.38.0/docs/libcurl/opts/CURLOPT_HEADEROPT.3 2015-04-29 09:08:13.781229996 -0400 -@@ -31,10 +31,10 @@ - Pass a long that is a bitmask of options of how to deal with headers. The two - mutually exclusive options are: - --\fBCURLHEADER_UNIFIED\fP - keep working as before. This means --\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers --and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not --have any effect. -+\fBCURLHEADER_UNIFIED\fP - the headers specified in -+\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and -+proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have -+any effect. - - \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get - sent to a server and not to a proxy. Proxy headers must be set with -@@ -44,7 +44,7 @@ - headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to - the server. - .SH DEFAULT --CURLHEADER_UNIFIED -+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then) - .SH PROTOCOLS - HTTP - .SH EXAMPLE -Index: curl-7.38.0/lib/url.c -=================================================================== ---- curl-7.38.0.orig/lib/url.c 2015-04-29 09:08:13.789230068 -0400 -+++ curl-7.38.0/lib/url.c 2015-04-29 09:09:02.325666373 -0400 -@@ -590,6 +590,7 @@ - set->ssl_enable_alpn = TRUE; - - set->expect_100_timeout = 1000L; /* Wait for a second by default. */ -+ set->sep_headers = TRUE; /* separated header lists by default */ - return res; - } - -Index: curl-7.38.0/tests/data/test1527 -=================================================================== ---- curl-7.38.0.orig/tests/data/test1527 2015-04-29 09:08:13.789230068 -0400 -+++ curl-7.38.0/tests/data/test1527 2015-04-29 09:08:13.781229996 -0400 -@@ -45,7 +45,7 @@ - lib1527 - - --Check same headers are generated without CURLOPT_PROXYHEADER -+Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED - - - http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT -Index: curl-7.38.0/tests/data/test287 -=================================================================== ---- curl-7.38.0.orig/tests/data/test287 2015-04-29 09:08:13.789230068 -0400 -+++ curl-7.38.0/tests/data/test287 2015-04-29 09:08:13.781229996 -0400 -@@ -28,7 +28,7 @@ - HTTP proxy CONNECT with custom User-Agent header - - --http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel -+http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007" - - - -Index: curl-7.38.0/tests/libtest/lib1527.c -=================================================================== ---- curl-7.38.0.orig/tests/libtest/lib1527.c 2015-04-29 09:08:13.789230068 -0400 -+++ curl-7.38.0/tests/libtest/lib1527.c 2015-04-29 09:08:13.781229996 -0400 -@@ -83,6 +83,7 @@ - test_setopt(curl, CURLOPT_READFUNCTION, read_callback); - test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); - test_setopt(curl, CURLOPT_INFILESIZE, strlen(data)); -+ test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED); - - res = curl_easy_perform(curl); - diff -Nru curl-7.38.0/debian/patches/series curl-7.43.0/debian/patches/series --- curl-7.38.0/debian/patches/series 2015-04-29 13:38:06.000000000 +0000 +++ curl-7.43.0/debian/patches/series 2015-06-17 08:21:41.000000000 +0000 @@ -4,18 +4,7 @@ 04_workaround_as_needed_bug.patch 06_always-disable-valgrind.patch 07_do-not-disable-debug-symbols.patch -08_fix-spelling.patch -09_libtoolize_check.patch -10_fix-resolver.patch -11_CVE-2014-3707.patch -CVE-2014-8150.patch -CVE-2015-3143.patch -CVE-2015-3144.patch -CVE-2015-3145.patch -CVE-2015-3148.patch -CVE-2015-3153.patch -# the following two patches are reverted during build -# any new patches must be added before them +# do not add patches below 90_gnutls.patch 99_nss.patch diff -Nru curl-7.38.0/debian/rules curl-7.43.0/debian/rules --- curl-7.38.0/debian/rules 2014-11-06 10:40:27.000000000 +0000 +++ curl-7.43.0/debian/rules 2015-06-17 08:21:41.000000000 +0000 @@ -40,8 +40,10 @@ (cd debian/$$flavour && ./buildconf && cp ../../ltmain.sh .) \ done cd debian/build && dh_auto_configure ${CONFIGURE_ARGS} \ - --with-ca-path=/etc/ssl/certs + --with-ca-path=/etc/ssl/certs \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt cd debian/build-gnutls && dh_auto_configure ${CONFIGURE_ARGS} \ + --with-ca-path=/etc/ssl/certs \ --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ --without-ssl --with-gnutls cd debian/build-nss && dh_auto_configure ${CONFIGURE_ARGS} \ @@ -65,11 +67,12 @@ DESTDIR=$(shell pwd)/debian/tmp-gnutls install ${MAKE} -C debian/build-nss \ DESTDIR=$(shell pwd)/debian/tmp-nss install - dh_install -plibcurl3-gnutls -plibcurl4-gnutls-dev \ + dh_install -pcurl -plibcurl4-doc \ + -plibcurl3-gnutls -plibcurl4-gnutls-dev \ --sourcedir=debian/tmp-gnutls dh_install -plibcurl3-nss -plibcurl4-nss-dev \ --sourcedir=debian/tmp-nss - dh_install -pcurl -plibcurl3 -plibcurl4-openssl-dev -plibcurl4-doc \ + dh_install -plibcurl3 -plibcurl4-openssl-dev \ --sourcedir=debian/tmp sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` diff -Nru curl-7.38.0/docs/BINDINGS curl-7.43.0/docs/BINDINGS --- curl-7.38.0/docs/BINDINGS 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/docs/BINDINGS 2015-06-16 07:13:02.000000000 +0000 @@ -50,7 +50,7 @@ D Written by Kenneth Bogert - http://curl.haxx.se/libcurl/d/ + http://dlang.org/library/std/net/curl.html Dylan @@ -60,7 +60,7 @@ Eiffel Written by Eiffel Software - http://curl.haxx.se/libcurl/eiffel/ + https://room.eiffel.com/library/curl Euphoria @@ -78,7 +78,7 @@ Gambas - http://gambas.sourceforge.net + http://gambas.sourceforge.net/ glib/GTK+ @@ -90,6 +90,11 @@ Written by Michael L. Gran http://www.lonelycactus.com/guile-curl.html +Harbour + + Written by Viktor Szakáts + https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl + Haskell Written by Galois, Inc @@ -97,8 +102,7 @@ Java - Maintained by [blank] - http://curl.haxx.se/libcurl/java/ + https://github.com/pjlegato/curl-java Julia @@ -115,7 +119,7 @@ luacurl by Alexander Marinov http://luacurl.luaforge.net/ - Lua-cURL by Jrgen Htzel + Lua-cURL by Jürgen Hötzel http://luaforge.net/projects/lua-curl/ Mono @@ -126,7 +130,12 @@ .NET libcurl-net by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-net/ + https://sourceforge.net/projects/libcurl-net/ + +node.js + + node-libcurl by Jonathan Cardoso Machado + https://github.com/JCMais/node-libcurl Object-Pascal @@ -136,7 +145,7 @@ O'Caml Written by Lars Nilsson - http://sourceforge.net/projects/ocurl/ + https://sourceforge.net/projects/ocurl/ Pascal @@ -145,13 +154,13 @@ Perl - Maintained by Cris Bailiff - http://curl.haxx.se/libcurl/perl/ + Maintained by Cris Bailiff and Bálint Szilakszi + https://github.com/szbalint/WWW--Curl PHP Written by Sterling Hughes - http://curl.haxx.se/libcurl/php/ + https://php.net/curl PostgreSQL @@ -165,8 +174,7 @@ R - RCurl by Duncan Temple Lang - http://www.omegahat.org/RCurl/ + http://cran.r-project.org/package=curl Rexx @@ -187,10 +195,15 @@ ruby-curl-multi - written by Kristjan Petursson and Keith Rarick http://curl-multi.rubyforge.org/ +Rust + + curl-rust - by Carl Lerche + https://github.com/carllerche/curl-rust + Scheme Bigloo binding by Kirill Lisovsky - http://curl.haxx.se/libcurl/scheme/ + http://www.metapaper.net/lisovsky/web/curl/ S-Lang @@ -214,13 +227,13 @@ Tcl - Tclcurl by Andrs Garca - http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html + Tclcurl by Andrés García + http://mirror.yellow5.com/tclcurl/ Visual Basic libcurl-vb by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-vb/ + https://sourceforge.net/projects/libcurl-vb/ Visual Foxpro @@ -240,3 +253,8 @@ Written by David Szafranski http://perso.wanadoo.fr/xblite/libraries.html + +Xojo + + Written by Andrew Lambert + https://github.com/charonn0/RB-libcURL diff -Nru curl-7.38.0/docs/BUGS curl-7.43.0/docs/BUGS --- curl-7.38.0/docs/BUGS 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/docs/BUGS 2015-06-03 07:38:20.000000000 +0000 @@ -35,11 +35,9 @@ have a go at a solution. You can optionally also post your bug/problem at curl's bug tracking system over at - https://sourceforge.net/p/curl/bugs/ + https://github.com/bagder/curl/issues - Please read the rest of this document below first before doing that! Also, - you need to login to your sourceforge account before being able to submit a - bug report (necessary evil done to avoid spam). + Please read the rest of this document below first before doing that! If you feel you need to ask around first, find a suitable mailing list and post there. The lists are available on http://curl.haxx.se/mail/ diff -Nru curl-7.38.0/docs/CONTRIBUTE curl-7.43.0/docs/CONTRIBUTE --- curl-7.38.0/docs/CONTRIBUTE 2014-06-11 17:52:29.000000000 +0000 +++ curl-7.43.0/docs/CONTRIBUTE 2015-06-16 07:13:02.000000000 +0000 @@ -34,7 +34,7 @@ 3.3 How To Make a Patch without git 3.4 How to get your changes into the main sources 3.5 Write good commit messages - 3.6 Please don't send pull requests + 3.6 About pull requests ============================================================================== @@ -52,6 +52,10 @@ We also hang out on IRC in #curl on irc.freenode.net + If you're at all interested in the code side of things, consider clicking + 'watch' on the curl repo at github to get notified on pull requests and new + issues posted there. + 1.2. License When contributing with code, you agree to put your changes and new code under @@ -78,10 +82,10 @@ 1.3 What To Read - Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the - most recent CHANGES. Just lurking on the curl-library mailing list is gonna - give you a lot of insights on what's going on right now. Asking there is a - good idea too. + Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the + most recent changes in the git log. Just lurking on the curl-library mailing + list is gonna give you a lot of insights on what's going on right now. Asking + there is a good idea too. 2. cURL Coding Standards @@ -199,7 +203,7 @@ You need to first checkout the repository: - git clone git://github.com/bagder/curl.git + git clone https://github.com/bagder/curl.git You then proceed and edit all the files you like and you commit them to your local repository: @@ -241,8 +245,8 @@ For unix-like operating systems: - http://www.gnu.org/software/patch/patch.html - http://www.gnu.org/directory/diffutils.html + https://savannah.gnu.org/projects/patch/ + https://www.gnu.org/software/diffutils/ For Windows: @@ -288,27 +292,15 @@ and make sure that you have your own user and email setup correctly in git before you commit -3.6 Please don't send pull requests +3.6 About pull requests With git (and especially github) it is easy and tempting to send a pull - request to one or more people in the curl project to have changes merged this - way instead of mailing patches to the curl-library mailing list. - - We don't like that. We want them mailed for these reasons: - - - Peer review. Anyone and everyone on the list can review, comment and - improve on the patch. Pull requests limit this ability. - - - Anyone can merge the patch into their own trees for testing and those who - have push rights can push it to the main repo. It doesn't have to be anyone - the patch author knows beforehand. - - - Commit messages can be tweaked and changed if merged locally instead of - using github. Merges directly on github requires the changes to be perfect - already, which they seldom are. + request to the curl project to have changes merged this way instead of + mailing patches to the curl-library mailing list. - - Merges on github prevents rebases and even enforces --no-ff which is a git - style we don't otherwise use in the project + We used to dislike this but we're trying to change that and accept that this + is a frictionless way for people to contribute to the project. We now welcome + pull requests! - However: once patches have been reviewed and deemed fine on list they are - perfectly OK to be pulled from a published git tree. + We will continue to avoid using github's merge tools to make the history + linear and to make sure commits follow our style guidelines. diff -Nru curl-7.38.0/docs/curl.1 curl-7.43.0/docs/curl.1 --- curl-7.38.0/docs/curl.1 2014-09-07 21:15:44.000000000 +0000 +++ curl-7.43.0/docs/curl.1 2015-06-16 07:13:02.000000000 +0000 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH curl 1 "2 Aug 2014" "Curl 7.38.0" "Curl Manual" +.TH curl 1 "30 Nov 2014" "Curl 7.40.0" "Curl Manual" .SH NAME curl \- transfer a URL .SH SYNOPSIS @@ -30,8 +30,8 @@ .B curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, -LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP). The -command is designed to work without user interaction. +LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET +and TFTP). The command is designed to work without user interaction. curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer @@ -39,8 +39,7 @@ make your head spin! curl is powered by libcurl for all transfer-related features. See -.BR libcurl (3) -for details. +\fIlibcurl(3)\fP for details. .SH URL The URL syntax is protocol-dependent. You'll find a detailed description in RFC 3986. @@ -48,18 +47,20 @@ You can specify multiple URLs or parts of URLs by writing part sets within braces as in: - http://site.{one,two,three}.com + http://site.{one,two,three}.com or you can get sequences of alphanumeric series by using [] as in: - ftp://ftp.numericals.com/file[1-100].txt - ftp://ftp.numericals.com/file[001-100].txt (with leading zeros) - ftp://ftp.letters.com/file[a-z].txt + ftp://ftp.numericals.com/file[1-100].txt + + ftp://ftp.numericals.com/file[001-100].txt (with leading zeros) + + ftp://ftp.letters.com/file[a-z].txt Nested sequences are not supported, but you can use several ones next to each other: - http://any.org/archive[1996-1999]/vol[1-4]/part{a,b,c}.html + http://any.org/archive[1996-1999]/vol[1-4]/part{a,b,c}.html You can specify any amount of URLs on the command line. They will be fetched in a sequential manner in the specified order. @@ -67,8 +68,19 @@ You can specify a step counter for the ranges to get every Nth number or letter: - http://www.numericals.com/file[1-100:10].txt - http://www.letters.com/file[a-z:2].txt + http://www.numericals.com/file[1-100:10].txt + + http://www.letters.com/file[a-z:2].txt + +When using [] or {} sequences when invoked from a command line prompt, you +probably have to put the full URL within double quotes to avoid the shell from +interfering with it. This also goes for other characters treated special, like +for example '&', '?' and '*'. + +Provide the IPv6 zone index in the URL with an escaped percentage sign and the +interface name. Like in + + http://[fe80::3%25eth0]/ If you specify URL without protocol:// prefix, curl will attempt to guess what protocol you might want. It will then default to HTTP but try other protocols @@ -157,23 +169,23 @@ control the TLS version more precisely (if the SSL backend in use supports such a level of control). .IP "-2, --sslv2" -(SSL) -Forces curl to use SSL version 2 when negotiating with a remote SSL server. +(SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL +server. Sometimes curl is built without SSLv2 support. SSLv2 is widely +considered insecure. .IP "-3, --sslv3" -(SSL) -Forces curl to use SSL version 3 when negotiating with a remote SSL server. +(SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL +server. Sometimes curl is built without SSLv3 support. .IP "-4, --ipv4" -If curl is capable of resolving an address to multiple IP versions (which it -is if it is IPv6-capable), this option tells curl to resolve names to IPv4 -addresses only. +This option tells curl to resolve names to IPv4 addresses only, and not for +example try IPv6. .IP "-6, --ipv6" -If curl is capable of resolving an address to multiple IP versions (which it -is if it is IPv6-capable), this option tells curl to resolve names to IPv6 -addresses only. +This option tells curl to resolve names to IPv6 addresses only, and not for +example try IPv4. .IP "-a, --append" -(FTP/SFTP) When used in an upload, this will tell curl to append to the target -file instead of overwriting it. If the file doesn't exist, it will be created. -Note that this flag is ignored by some SSH servers (including OpenSSH). +(FTP/SFTP) When used in an upload, this makes curl append to the target file +instead of overwriting it. If the remote file doesn't exist, it will be +created. Note that this flag is ignored by some SFTP servers (including +OpenSSH). .IP "-A, --user-agent " (HTTP) Specify the User-Agent string to send to the HTTP server. Some badly done CGIs fail if this field isn't set to "Mozilla/4.0". To encode blanks in @@ -194,10 +206,9 @@ rewind. If the need should arise when uploading from stdin, the upload operation will fail. .IP "-b, --cookie " -(HTTP) -Pass the data to the HTTP server as a cookie. It is supposedly the -data previously received from the server in a "Set-Cookie:" line. -The data should be in the format "NAME1=VALUE1; NAME2=VALUE2". +(HTTP) Pass the data to the HTTP server as a cookie. It is supposedly the data +previously received from the server in a "Set-Cookie:" line. The data should +be in the format "NAME1=VALUE1; NAME2=VALUE2". If no '=' symbol is used in the line, it is treated as a filename to use to read previously stored cookie lines from, which should be used in this session @@ -207,26 +218,29 @@ file to read cookies from should be plain HTTP headers or the Netscape/Mozilla cookie file format. -\fBNOTE\fP that the file specified with \fI-b, --cookie\fP is only used as -input. No cookies will be stored in the file. To store cookies, use the -\fI-c, --cookie-jar\fP option or you could even save the HTTP headers to a file -using \fI-D, --dump-header\fP! +The file specified with \fI-b, --cookie\fP is only used as input. No cookies +will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP +option. If this option is used several times, the last one will be used. .IP "-B, --use-ascii" -(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be -enforced by using an URL that ends with ";type=A". This option causes data -sent to stdout to be in text mode for win32 systems. +(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using +an URL that ends with ";type=A". This option causes data sent to stdout to be +in text mode for win32 systems. .IP "--basic" -(HTTP) Tells curl to use HTTP Basic authentication. This is the default and -this option is usually pointless, unless you use it to override a previously -set option that sets a different authentication method (such as \fI--ntlm\fP, -\fI--digest\fP, or \fI--negotiate\fP). +(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This +is the default and this option is usually pointless, unless you use it to +override a previously set option that sets a different authentication method +(such as \fI--ntlm\fP, \fI--digest\fP, or \fI--negotiate\fP). + +Used together with \fI-u, --user\fP and \fI-x, --proxy\fP. + +See also \fI--proxy-basic\fP. .IP "-c, --cookie-jar " (HTTP) Specify to which file you want curl to write all cookies after a completed operation. Curl writes all cookies previously read from a specified file as well as all cookies received from remote server(s). If no cookies are -known, no file will be written. The file will be written using the Netscape +known, no data will be written. The file will be written using the Netscape cookie file format. If you set the file name to a single dash, "-", the cookies will be written to stdout. @@ -254,11 +268,11 @@ .IP "--ciphers " (SSL) Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL: -\fIhttp://www.openssl.org/docs/apps/ciphers.html\fP +\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS ciphers is in the NSSCipherSuite entry at this URL: -\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP +\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP If this option is used several times, the last one will be used. .IP "--compressed" @@ -266,11 +280,12 @@ supports, and save the uncompressed document. If this option is used and the server sends an unsupported encoding, curl will report an error. .IP "--connect-timeout " -Maximum time in seconds that you allow the connection to the server to take. -This only limits the connection phase, once curl has connected this option is -of no more use. Since 7.32.0, this option accepts decimal values, but the -actual timeout will decrease in accuracy as the specified timeout increases in -decimal precision. See also the \fI-m, --max-time\fP option. +Maximum time in seconds that you allow curl's connection to take. This only +limits the connection phase, so if curl connects within the given period it +will continue - if not it will exit. Since version 7.32.0, this option +accepts decimal values. + +See also the \fI-m, --max-time\fP option. If this option is used several times, the last one will be used. .IP "--create-dirs" @@ -282,7 +297,9 @@ To create remote directories when using FTP or SFTP, try \fI--ftp-create-dirs\fP. .IP "--crlf" -(FTP) Convert LF to CRLF in upload. Useful for MVS (OS/390). +Convert LF to CRLF in upload. Useful for MVS (OS/390). + +(SMTP added in 7.40.0) .IP "--crlfile " (HTTPS/FTPS) Provide a file using PEM format with a Certificate Revocation List that may specify peer certificates that are to be considered revoked. @@ -297,9 +314,10 @@ using the content-type application/x-www-form-urlencoded. Compare to \fI-F, --form\fP. -\fI-d, --data\fP is the same as \fI--data-ascii\fP. To post data purely binary, -you should instead use the \fI--data-binary\fP option. To URL-encode the value -of a form field you may use \fI--data-urlencode\fP. +\fI-d, --data\fP is the same as \fI--data-ascii\fP. \fI--data-raw\fP is almost +the same but does not have a special interpretation of the @ character. To +post data purely binary, you should instead use the \fI--data-binary\fP option. +To URL-encode the value of a form field you may use \fI--data-urlencode\fP. If any of these options is used more than once on the same command line, the data pieces specified will be merged together with a separating @@ -311,20 +329,20 @@ stdin. Multiple files can also be specified. Posting data from a file named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is told to read from a file like that, carriage returns and newlines will be -stripped out. +stripped out. If you don't want the @ character to have a special +interpretation use \fI--data-raw\fP instead. .IP "-D, --dump-header " Write the protocol headers to the specified file. This option is handy to use when you want to store the headers that an HTTP site sends to you. Cookies from the headers could then be read in a second curl invocation by using the \fI-b, --cookie\fP option! The -\fI-c, --cookie-jar\fP option is however a better way to store cookies. +\fI-c, --cookie-jar\fP option is a better way to store cookies. When used in FTP, the FTP server response lines are considered being "headers" and thus are saved there. If this option is used several times, the last one will be used. - .IP "--data-ascii " See \fI-d, --data\fP. .IP "--data-binary " @@ -337,6 +355,10 @@ If this option is used several times, the ones following the first will append data as described in \fI-d, --data\fP. +.IP "--data-raw " +(HTTP) This posts data similarly to \fI--data\fP but without the special +interpretation of the @ character. See \fI-d, --data\fP. +(Added in 7.43.0) .IP "--data-urlencode " (HTTP) This posts data, similar to the other --data options with the exception that this performs URL-encoding. (Added in 7.18.0) @@ -522,12 +544,45 @@ If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used. +.IP "--pinnedpubkey " +(SSL) Tells curl to use the specified public key file to verify the peer. The +file must contain a single public key in PEM or DER format. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. + +Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and +wolfSSL/CyaSSL. Other SSL backends not supported. + +If this option is used several times, the last one will be used. +.IP "--cert-status" +(SSL) Tells curl to verify the status of the server certificate by using the +Certificate Status Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been revoked, +or no response at all is received, the verification fails. + +This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. +(Added in 7.41.0) +.IP "--false-start" + +(SSL) Tells curl to use false start during the TLS handshake. False start is a +mode where a TLS client will start sending application data before verifying +the server's Finished message, thus saving a round trip when performing a full +handshake. + +This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 +or later, or OS X 10.9 or later) backends. +(Added in 7.42.0) .IP "-f, --fail" (HTTP) Fail silently (no output at all) on server errors. This is mostly done -to better enable scripts etc to better deal with failed attempts. In -normal cases when an HTTP server fails to deliver a document, it returns an -HTML document stating so (which often also describes why and more). This flag -will prevent curl from outputting that and return error 22. +to better enable scripts etc to better deal with failed attempts. In normal +cases when an HTTP server fails to deliver a document, it returns an HTML +document stating so (which often also describes why and more). This flag will +prevent curl from outputting that and return error 22. This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved @@ -536,11 +591,11 @@ (HTTP) This lets curl emulate a filled-in form in which a user has pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data according to RFC 2388. This enables uploading of binary -files etc. To force the 'content' part to be a file, prefix the file name -with an @ sign. To just get the content part from a file, prefix the file name -with the symbol <. The difference between @ and < is then that @ makes a file -get attached in the post as a file upload, while the < makes a text field and -just get the contents for that text field from a file. +files etc. To force the 'content' part to be a file, prefix the file name with +an @ sign. To just get the content part from a file, prefix the file name with +the symbol <. The difference between @ and < is then that @ makes a file get +attached in the post as a file upload, while the < makes a text field and just +get the contents for that text field from a file. Example, to send your password file to the server, where \&'password' is the name of the form-field to which /etc/passwd will be the @@ -611,6 +666,7 @@ \&"normally" (like in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the full penalty of 'multicwd'. .RE +.IP (Added in 7.15.1) .IP "--ftp-pasv" (FTP) Use passive mode for the data connection. Passive is the internal default @@ -703,6 +759,12 @@ \&# curl -H "X-First-Name: Joe" http://192.168.0.1/ +\fBWARNING\fP: headers set with this option will be set in all requests - even +after redirects are followed, like when told with \fB-L, --location\fP. This +can lead to the header being sent to other hosts than the original host, so +sensitive headers should be used with caution combined with following +redirects. + This option can be used multiple times to add/replace/remove multiple headers. .IP "--hostpubmd5 " (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should @@ -783,12 +845,12 @@ 1) curl tries to find the "home dir": It first checks for the CURL_HOME and then the HOME environment variables. Failing that, it uses getpwuid() on -UNIX-like systems (which returns the home dir given the current user in your +Unix-like systems (which returns the home dir given the current user in your system). On Windows, it then checks for the APPDATA variable, or as a last resort the '%USERPROFILE%\\Application Data'. 2) On windows, if there is no _curlrc file in the home dir, it checks for one -in the same dir the curl executable is placed. On UNIX-like systems, it will +in the same dir the curl executable is placed. On Unix-like systems, it will simply try to load .curlrc from the determined home dir. .nf @@ -817,7 +879,8 @@ unspecified, the option defaults to 60 seconds. .IP "--key " (SSL/SSH) Private key file name. Allows you to provide your private key in this -separate file. +separate file. For SSH, if not specified, curl tries the following candidates +in order: '~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. If this option is used several times, the last one will be used. .IP "--key-type " @@ -995,14 +1058,11 @@ .IP "-n, --netrc" Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's home directory for login name and password. This is typically used for FTP on -UNIX. If used with HTTP, curl will enable user authentication. See -.BR netrc(4) -or -.BR ftp(1) -for details on the file format. Curl will not complain if that file -doesn't have the right permissions (it should not be either world- or -group-readable). The environment variable "HOME" is used to find the home -directory. +Unix. If used with HTTP, curl will enable user authentication. See +\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not +complain if that file doesn't have the right permissions (it should not be +either world- or group-readable). The environment variable "HOME" is used to +find the home directory. A quick and very simple example of how to setup a \fI.netrc\fP to allow curl to FTP to the machine host.domain.com with user name \&'myself' and password @@ -1164,7 +1224,7 @@ make curl pick the same IP address that is already used for the control connection .RE - +.IP If this option is used several times, the last one will be used. Disable the use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++. @@ -1178,6 +1238,12 @@ (SSL/SSH) Passphrase for the private key If this option is used several times, the last one will be used. +.IP "--path-as-is" +Tell curl to not handle sequences of /../ or /./ in the given URL +path. Normally curl will squash or merge them according to standards but with +this option set you tell it not to do that. + +(Added in 7.42.0) .IP "--post301" (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET requests when following a 301 redirection. The non-RFC behaviour is @@ -1263,6 +1329,11 @@ .IP "--proxy-ntlm" Tells curl to use HTTP NTLM authentication when communicating with the given proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host. +.IP "--proxy-service-name " +This option allows you to change the service name for proxy negotiation. + +Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use +sockd/proxy-name. (Added in 7.43.0). .IP "--proxy1.0 " Use the specified HTTP 1.0 proxy. If the port number is not specified, it is assumed at port 1080. @@ -1275,6 +1346,11 @@ separate file. If this option is used several times, the last one will be used. + +(As of 7.39.0, curl attempts to automatically extract the public key from the +private key file, so passing this option is generally not required. Note that +this public key extraction requires libcurl to be linked against a copy of +libssh2 1.2.8 or higher that is itself linked against OpenSSL.) .IP "-q" If used as the first parameter on the command line, the \fIcurlrc\fP config file will not be read and used. See the \fI-K, --config\fP for details on the @@ -1355,7 +1431,7 @@ .B 100-199,500-599 specifies two separate 100-byte ranges(*)(H) .RE - +.IP (*) = NOTE that this will cause the server to reply with a multipart response! @@ -1439,6 +1515,11 @@ .IP "--sasl-ir" Enable initial response in SASL authentication. (Added in 7.31.0) +.IP "--service-name " +This option allows you to change the service name for SPNEGO. + +Examples: --negotiate \fI--service-name\fP sockd would use +sockd/server-name. (Added in 7.43.0). .IP "-S, --show-error" When used with \fI-s\fP it makes curl show an error message if it fails. .IP "--ssl" @@ -1626,6 +1707,9 @@ .IP "--trace-time" Prepends a time stamp to each trace or verbose line that curl displays. (Added in 7.14.0) +.IP "--unix-socket " +(HTTP) Connect through this Unix domain socket, instead of using the +network. (Added in 7.40.0) .IP "-u, --user " Specify the user name and password to use for server authentication. Overrides \fI-n, --netrc\fP and \fI--netrc-optional\fP. @@ -1637,7 +1721,7 @@ still. When using Kerberos V5 with a Windows based server you should include the -Windows domain name in the user name, in order for the server to succesfully +Windows domain name in the user name, in order for the server to successfully obtain a Kerberos Ticket. If you don't then the initial authentication handshake may fail. @@ -1650,9 +1734,9 @@ respectively. If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, -Negotiate or NTLM authentication then you can tell curl to select the user -name and password from your environment by specifying a single colon with this -option: "-u :". +Negotiate, NTLM or Digest authentication then you can tell curl to select +the user name and password from your environment by specifying a single colon +with this option: "-u :". If this option is used several times, the last one will be used. .IP "-U, --proxy-user " @@ -1670,10 +1754,11 @@ This option may be used any number of times. To control where this URL is written, use the \fI-o, --output\fP or the \fI-O, --remote-name\fP options. .IP "-v, --verbose" -Makes the fetching more verbose/talkative. Mostly useful for debugging. A line -starting with '>' means "header data" sent by curl, '<' means "header data" -received by curl that is hidden in normal cases, and a line starting with '*' -means additional info provided by curl. +Be more verbose/talkative during the operation. Useful for debugging and +seeing what's going on "under the hood". A line starting with '>' means +"header data" sent by curl, '<' means "header data" received by curl that is +hidden in normal cases, and a line starting with '*' means additional info +provided by curl. Note that if you only want HTTP headers in the output, \fI-i, --include\fP might be the option you're looking for. @@ -1685,10 +1770,10 @@ Use \fI-s, --silent\fP to make curl quiet. .IP "-w, --write-out " -Defines what to display on stdout after a completed and successful -operation. The format is a string that may contain plain text mixed with any -number of variables. The string can be specified as "string", to get read from -a particular file you specify it "@filename" and to tell curl to read the +Make curl display information on stdout after a completed transfer. The format +is a string that may contain plain text mixed with any number of +variables. The format can be specified as a literal "string", or you can have +curl read the format from a file with "@filename" and to tell curl to read the format from stdin you write "@-". The variables present in the output format will be substituted by the value or @@ -1810,7 +1895,7 @@ The URL that was fetched last. This is most meaningful if you've told curl to follow location: headers. .RE - +.IP If this option is used several times, the last one will be used. .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>" Use the specified proxy. @@ -1844,7 +1929,7 @@ If this option is used several times, the last one will be used. .IP "-X, --request " (HTTP) Specifies a custom request method to use when communicating with the -HTTP server. The specified request will be used instead of the method +HTTP server. The specified request method will be used instead of the method otherwise used (which defaults to GET). Read the HTTP 1.1 specification for details and explanations. Common additional HTTP requests include PUT and DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and @@ -1858,6 +1943,11 @@ request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP option. +The method string you set with -X will be used for all requests, which if you +for example use \fB-L, --location\fP may cause unintended side-effects when +curl doesn't change request method according to the HTTP 30x response codes - +and similar. + (FTP) Specifies a custom FTP command to use instead of LIST when doing file lists with FTP. @@ -1909,7 +1999,8 @@ If this option is used several times, the last one will be used. .IP "-h, --help" -Usage help. +Usage help. This lists all current command line options with a short +description. .IP "-M, --manual" Manual. Display the huge help text. .IP "-V, --version" @@ -1929,7 +2020,8 @@ .IP "krb4" Krb4 for FTP is supported. .IP "SSL" -HTTPS and FTPS are supported. +SSL versions of various protocols are supported, such as HTTPS, FTPS, POP3S +and so on. .IP "libz" Automatic decompression of compressed files over HTTP is supported. .IP "NTLM" @@ -1938,7 +2030,8 @@ This curl uses a libcurl built with Debug. This enables more error-tracking and memory debugging etc. For curl-developers only! .IP "AsynchDNS" -This curl uses asynchronous name resolves. +This curl uses asynchronous name resolves. Asynchronous name resolves can be +done using either the c-ares or the threaded resolver backends. .IP "SPNEGO" SPNEGO authentication is supported. .IP "Largefile" @@ -1951,6 +2044,8 @@ SSPI is supported. .IP "TLS-SRP" SRP (Secure Remote Password) authentication is supported for TLS. +.IP "HTTP2" +HTTP/2 support has been built-in. .IP "Metalink" This curl supports Metalink (both version 3 and 4 (RFC 5854)), which describes mirrors and hashes. curl will use mirrors for failover if @@ -2166,6 +2261,8 @@ FTP chunk callback reported error .IP 89 No connection available, the session will be queued +.IP 90 +SSL public key does not matched pinned public key .IP XX More error codes will appear here in future releases. The existing ones are meant to never change. diff -Nru curl-7.38.0/docs/curl-config.html curl-7.43.0/docs/curl-config.html --- curl-7.38.0/docs/curl-config.html 2014-09-10 06:03:43.000000000 +0000 +++ curl-7.43.0/docs/curl-config.html 2015-06-17 05:56:24.000000000 +0000 @@ -4,15 +4,20 @@ curl-config man page + + +

NAME

+

libcurl-symbols - libcurl symbol version information

libcurl symbols

+

This man page details version information for public symbols provided in the libcurl header files. This lists the first version in which the symbol was introduced and for some symbols two additional information pieces: +

The first version in which the symbol is marked "deprecated" - meaning that since that version no new code should be written to use the symbol as it is marked for getting removed in a future. +

The last version that featured the specific symbol. Using the symbol in source code will make it no longer compile error-free after that specified version. +

This man page is automatically generated from the symbols-in-versions file. +

CURLAUTH_ANY +

Introduced in 7.10.6 +

CURLAUTH_ANYSAFE +

Introduced in 7.10.6 +

CURLAUTH_BASIC +

Introduced in 7.10.6 +

CURLAUTH_DIGEST +

Introduced in 7.10.6 +

CURLAUTH_DIGEST_IE +

Introduced in 7.19.3 +

CURLAUTH_GSSNEGOTIATE +

Introduced in 7.10.6 Deprecated since 7.38.0 +

CURLAUTH_NEGOTIATE +

Introduced in 7.38.0 +

CURLAUTH_NONE +

Introduced in 7.10.6 +

CURLAUTH_NTLM +

Introduced in 7.10.6 +

CURLAUTH_NTLM_WB +

Introduced in 7.22.0 +

CURLAUTH_ONLY +

Introduced in 7.21.3 +

CURLCLOSEPOLICY_CALLBACK +

Introduced in 7.7 +

CURLCLOSEPOLICY_LEAST_RECENTLY_USED +

Introduced in 7.7 +

CURLCLOSEPOLICY_LEAST_TRAFFIC +

Introduced in 7.7 +

CURLCLOSEPOLICY_NONE +

Introduced in 7.7 +

CURLCLOSEPOLICY_OLDEST +

Introduced in 7.7 +

CURLCLOSEPOLICY_SLOWEST +

Introduced in 7.7 +

CURLE_ABORTED_BY_CALLBACK +

Introduced in 7.1 +

CURLE_AGAIN +

Introduced in 7.18.2 +

CURLE_ALREADY_COMPLETE +

Introduced in 7.7.2 +

CURLE_BAD_CALLING_ORDER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_BAD_CONTENT_ENCODING +

Introduced in 7.10 +

CURLE_BAD_DOWNLOAD_RESUME +

Introduced in 7.10 +

CURLE_BAD_FUNCTION_ARGUMENT +

Introduced in 7.1 +

CURLE_BAD_PASSWORD_ENTERED +

Introduced in 7.4.2 Deprecated since 7.17.0 +

CURLE_CHUNK_FAILED +

Introduced in 7.21.0 +

CURLE_CONV_FAILED +

Introduced in 7.15.4 +

CURLE_CONV_REQD +

Introduced in 7.15.4 +

CURLE_COULDNT_CONNECT +

Introduced in 7.1 +

CURLE_COULDNT_RESOLVE_HOST +

Introduced in 7.1 +

CURLE_COULDNT_RESOLVE_PROXY +

Introduced in 7.1 +

CURLE_FAILED_INIT +

Introduced in 7.1 +

CURLE_FILESIZE_EXCEEDED +

Introduced in 7.10.8 +

CURLE_FILE_COULDNT_READ_FILE +

Introduced in 7.1 +

CURLE_FTP_ACCEPT_FAILED +

Introduced in 7.24.0 +

CURLE_FTP_ACCEPT_TIMEOUT +

Introduced in 7.24.0 +

CURLE_FTP_ACCESS_DENIED +

Introduced in 7.1 +

CURLE_FTP_BAD_DOWNLOAD_RESUME +

Introduced in 7.1 Deprecated since 7.1 +

CURLE_FTP_BAD_FILE_LIST +

Introduced in 7.21.0 +

CURLE_FTP_CANT_GET_HOST +

Introduced in 7.1 +

CURLE_FTP_CANT_RECONNECT +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_GET_SIZE +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_RETR_FILE +

Introduced in 7.1 +

CURLE_FTP_COULDNT_SET_ASCII +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_SET_BINARY +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_SET_TYPE +

Introduced in 7.17.0 +

CURLE_FTP_COULDNT_STOR_FILE +

Introduced in 7.1 +

CURLE_FTP_COULDNT_USE_REST +

Introduced in 7.1 +

CURLE_FTP_PARTIAL_FILE +

Introduced in 7.1 Deprecated since 7.1 +

CURLE_FTP_PORT_FAILED +

Introduced in 7.1 +

CURLE_FTP_PRET_FAILED +

Introduced in 7.20.0 +

CURLE_FTP_QUOTE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_SSL_FAILED +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLE_FTP_USER_PASSWORD_INCORRECT +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_WEIRD_227_FORMAT +

Introduced in 7.1 +

CURLE_FTP_WEIRD_PASS_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_PASV_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_SERVER_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_USER_REPLY +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_WRITE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FUNCTION_NOT_FOUND +

Introduced in 7.1 +

CURLE_GOT_NOTHING +

Introduced in 7.9.1 +

CURLE_HTTP2 +

Introduced in 7.38.0 +

CURLE_HTTP_NOT_FOUND +

Introduced in 7.1 +

CURLE_HTTP_PORT_FAILED +

Introduced in 7.3 Deprecated since 7.12.0 +

CURLE_HTTP_POST_ERROR +

Introduced in 7.1 +

CURLE_HTTP_RANGE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_HTTP_RETURNED_ERROR +

Introduced in 7.10.3 +

CURLE_INTERFACE_FAILED +

Introduced in 7.12.0 +

CURLE_LDAP_CANNOT_BIND +

Introduced in 7.1 +

CURLE_LDAP_INVALID_URL +

Introduced in 7.10.8 +

CURLE_LDAP_SEARCH_FAILED +

Introduced in 7.1 +

CURLE_LIBRARY_NOT_FOUND +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_LOGIN_DENIED +

Introduced in 7.13.1 +

CURLE_MALFORMAT_USER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_NOT_BUILT_IN +

Introduced in 7.21.5 +

CURLE_NO_CONNECTION_AVAILABLE +

Introduced in 7.30.0 +

CURLE_OK +

Introduced in 7.1 +

CURLE_OPERATION_TIMEDOUT +

Introduced in 7.10.2 +

CURLE_OPERATION_TIMEOUTED +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_OUT_OF_MEMORY +

Introduced in 7.1 +

CURLE_PARTIAL_FILE +

Introduced in 7.1 +

CURLE_PEER_FAILED_VERIFICATION +

Introduced in 7.17.1 +

CURLE_QUOTE_ERROR +

Introduced in 7.17.0 +

CURLE_RANGE_ERROR +

Introduced in 7.17.0 +

CURLE_READ_ERROR +

Introduced in 7.1 +

CURLE_RECV_ERROR +

Introduced in 7.10 +

CURLE_REMOTE_ACCESS_DENIED +

Introduced in 7.17.0 +

CURLE_REMOTE_DISK_FULL +

Introduced in 7.17.0 +

CURLE_REMOTE_FILE_EXISTS +

Introduced in 7.17.0 +

CURLE_REMOTE_FILE_NOT_FOUND +

Introduced in 7.16.1 +

CURLE_RTSP_CSEQ_ERROR +

Introduced in 7.20.0 +

CURLE_RTSP_SESSION_ERROR +

Introduced in 7.20.0 +

CURLE_SEND_ERROR +

Introduced in 7.10 +

CURLE_SEND_FAIL_REWIND +

Introduced in 7.12.3 +

CURLE_SHARE_IN_USE +

Introduced in 7.9.6 Deprecated since 7.17.0 +

CURLE_SSH +

Introduced in 7.16.1 +

CURLE_SSL_CACERT +

Introduced in 7.10 +

CURLE_SSL_CACERT_BADFILE +

Introduced in 7.16.0 +

CURLE_SSL_CERTPROBLEM +

Introduced in 7.10 +

CURLE_SSL_CIPHER +

Introduced in 7.10 +

CURLE_SSL_CONNECT_ERROR +

Introduced in 7.1 +

CURLE_SSL_CRL_BADFILE +

Introduced in 7.19.0 +

CURLE_SSL_ENGINE_INITFAILED +

Introduced in 7.12.3 +

CURLE_SSL_ENGINE_NOTFOUND +

Introduced in 7.9.3 +

CURLE_SSL_ENGINE_SETFAILED +

Introduced in 7.9.3 +

CURLE_SSL_INVALIDCERTSTATUS +

Introduced in 7.41.0 +

CURLE_SSL_ISSUER_ERROR +

Introduced in 7.19.0 +

CURLE_SSL_PEER_CERTIFICATE +

Introduced in 7.8 Deprecated since 7.17.1 +

CURLE_SSL_PINNEDPUBKEYNOTMATCH +

Introduced in 7.39.0 +

CURLE_SSL_SHUTDOWN_FAILED +

Introduced in 7.16.1 +

CURLE_TELNET_OPTION_SYNTAX +

Introduced in 7.7 +

CURLE_TFTP_DISKFULL +

Introduced in 7.15.0 Deprecated since 7.17.0 +

CURLE_TFTP_EXISTS +

Introduced in 7.15.0 Deprecated since 7.17.0 +

CURLE_TFTP_ILLEGAL +

Introduced in 7.15.0 +

CURLE_TFTP_NOSUCHUSER +

Introduced in 7.15.0 +

CURLE_TFTP_NOTFOUND +

Introduced in 7.15.0 +

CURLE_TFTP_PERM +

Introduced in 7.15.0 +

CURLE_TFTP_UNKNOWNID +

Introduced in 7.15.0 +

CURLE_TOO_MANY_REDIRECTS +

Introduced in 7.5 +

CURLE_UNKNOWN_OPTION +

Introduced in 7.21.5 +

CURLE_UNKNOWN_TELNET_OPTION +

Introduced in 7.7 +

CURLE_UNSUPPORTED_PROTOCOL +

Introduced in 7.1 +

CURLE_UPLOAD_FAILED +

Introduced in 7.16.3 +

CURLE_URL_MALFORMAT +

Introduced in 7.1 +

CURLE_URL_MALFORMAT_USER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_USE_SSL_FAILED +

Introduced in 7.17.0 +

CURLE_WRITE_ERROR +

Introduced in 7.1 +

CURLFILETYPE_DEVICE_BLOCK +

Introduced in 7.21.0 +

CURLFILETYPE_DEVICE_CHAR +

Introduced in 7.21.0 +

CURLFILETYPE_DIRECTORY +

Introduced in 7.21.0 +

CURLFILETYPE_DOOR +

Introduced in 7.21.0 +

CURLFILETYPE_FILE +

Introduced in 7.21.0 +

CURLFILETYPE_NAMEDPIPE +

Introduced in 7.21.0 +

CURLFILETYPE_SOCKET +

Introduced in 7.21.0 +

CURLFILETYPE_SYMLINK +

Introduced in 7.21.0 +

CURLFILETYPE_UNKNOWN +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_FILENAME +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_FILETYPE +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_GID +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_HLINKCOUNT +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_PERM +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_SIZE +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_TIME +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_UID +

Introduced in 7.21.0 +

CURLFORM_ARRAY +

Introduced in 7.9.1 +

CURLFORM_ARRAY_END +

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 +

CURLFORM_ARRAY_START +

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 +

CURLFORM_BUFFER +

Introduced in 7.9.8 +

CURLFORM_BUFFERLENGTH +

Introduced in 7.9.8 +

CURLFORM_BUFFERPTR +

Introduced in 7.9.8 +

CURLFORM_CONTENTHEADER +

Introduced in 7.9.3 +

CURLFORM_CONTENTSLENGTH +

Introduced in 7.9 +

CURLFORM_CONTENTTYPE +

Introduced in 7.9 +

CURLFORM_COPYCONTENTS +

Introduced in 7.9 +

CURLFORM_COPYNAME +

Introduced in 7.9 +

CURLFORM_END +

Introduced in 7.9 +

CURLFORM_FILE +

Introduced in 7.9 +

CURLFORM_FILECONTENT +

Introduced in 7.9.1 +

CURLFORM_FILENAME +

Introduced in 7.9.6 +

CURLFORM_NAMELENGTH +

Introduced in 7.9 +

CURLFORM_NOTHING +

Introduced in 7.9 +

CURLFORM_PTRCONTENTS +

Introduced in 7.9 +

CURLFORM_PTRNAME +

Introduced in 7.9 +

CURLFORM_STREAM +

Introduced in 7.18.2 +

CURLFTPAUTH_DEFAULT +

Introduced in 7.12.2 +

CURLFTPAUTH_SSL +

Introduced in 7.12.2 +

CURLFTPAUTH_TLS +

Introduced in 7.12.2 +

CURLFTPMETHOD_DEFAULT +

Introduced in 7.15.3 +

CURLFTPMETHOD_MULTICWD +

Introduced in 7.15.3 +

CURLFTPMETHOD_NOCWD +

Introduced in 7.15.3 +

CURLFTPMETHOD_SINGLECWD +

Introduced in 7.15.3 +

CURLFTPSSL_ALL +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_CCC_ACTIVE +

Introduced in 7.16.2 +

CURLFTPSSL_CCC_NONE +

Introduced in 7.16.2 +

CURLFTPSSL_CCC_PASSIVE +

Introduced in 7.16.1 +

CURLFTPSSL_CONTROL +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_NONE +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_TRY +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTP_CREATE_DIR +

Introduced in 7.19.4 +

CURLFTP_CREATE_DIR_NONE +

Introduced in 7.19.4 +

CURLFTP_CREATE_DIR_RETRY +

Introduced in 7.19.4 +

CURLGSSAPI_DELEGATION_FLAG +

Introduced in 7.22.0 +

CURLGSSAPI_DELEGATION_NONE +

Introduced in 7.22.0 +

CURLGSSAPI_DELEGATION_POLICY_FLAG +

Introduced in 7.22.0 +

CURLHEADER_SEPARATE +

Introduced in 7.37.0 +

CURLHEADER_UNIFIED +

Introduced in 7.37.0 +

CURLINFO_APPCONNECT_TIME +

Introduced in 7.19.0 +

CURLINFO_CERTINFO +

Introduced in 7.19.1 +

CURLINFO_CONDITION_UNMET +

Introduced in 7.19.4 +

CURLINFO_CONNECT_TIME +

Introduced in 7.4.1 +

CURLINFO_CONTENT_LENGTH_DOWNLOAD +

Introduced in 7.6.1 +

CURLINFO_CONTENT_LENGTH_UPLOAD +

Introduced in 7.6.1 +

CURLINFO_CONTENT_TYPE +

Introduced in 7.9.4 +

CURLINFO_COOKIELIST +

Introduced in 7.14.1 +

CURLINFO_DATA_IN +

Introduced in 7.9.6 +

CURLINFO_DATA_OUT +

Introduced in 7.9.6 +

CURLINFO_DOUBLE +

Introduced in 7.4.1 +

CURLINFO_EFFECTIVE_URL +

Introduced in 7.4 +

CURLINFO_END +

Introduced in 7.9.6 +

CURLINFO_FILETIME +

Introduced in 7.5 +

CURLINFO_FTP_ENTRY_PATH +

Introduced in 7.15.4 +

CURLINFO_HEADER_IN +

Introduced in 7.9.6 +

CURLINFO_HEADER_OUT +

Introduced in 7.9.6 +

CURLINFO_HEADER_SIZE +

Introduced in 7.4.1 +

CURLINFO_HTTPAUTH_AVAIL +

Introduced in 7.10.8 +

CURLINFO_HTTP_CODE +

Introduced in 7.4.1 Deprecated since 7.10.8 +

CURLINFO_HTTP_CONNECTCODE +

Introduced in 7.10.7 +

CURLINFO_LASTONE +

Introduced in 7.4.1 +

CURLINFO_LASTSOCKET +

Introduced in 7.15.2 +

CURLINFO_LOCAL_IP +

Introduced in 7.21.0 +

CURLINFO_LOCAL_PORT +

Introduced in 7.21.0 +

CURLINFO_LONG +

Introduced in 7.4.1 +

CURLINFO_MASK +

Introduced in 7.4.1 +

CURLINFO_NAMELOOKUP_TIME +

Introduced in 7.4.1 +

CURLINFO_NONE +

Introduced in 7.4.1 +

CURLINFO_NUM_CONNECTS +

Introduced in 7.12.3 +

CURLINFO_OS_ERRNO +

Introduced in 7.12.2 +

CURLINFO_PRETRANSFER_TIME +

Introduced in 7.4.1 +

CURLINFO_PRIMARY_IP +

Introduced in 7.19.0 +

CURLINFO_PRIMARY_PORT +

Introduced in 7.21.0 +

CURLINFO_PRIVATE +

Introduced in 7.10.3 +

CURLINFO_PROXYAUTH_AVAIL +

Introduced in 7.10.8 +

CURLINFO_REDIRECT_COUNT +

Introduced in 7.9.7 +

CURLINFO_REDIRECT_TIME +

Introduced in 7.9.7 +

CURLINFO_REDIRECT_URL +

Introduced in 7.18.2 +

CURLINFO_REQUEST_SIZE +

Introduced in 7.4.1 +

CURLINFO_RESPONSE_CODE +

Introduced in 7.10.8 +

CURLINFO_RTSP_CLIENT_CSEQ +

Introduced in 7.20.0 +

CURLINFO_RTSP_CSEQ_RECV +

Introduced in 7.20.0 +

CURLINFO_RTSP_SERVER_CSEQ +

Introduced in 7.20.0 +

CURLINFO_RTSP_SESSION_ID +

Introduced in 7.20.0 +

CURLINFO_SIZE_DOWNLOAD +

Introduced in 7.4.1 +

CURLINFO_SIZE_UPLOAD +

Introduced in 7.4.1 +

CURLINFO_SLIST +

Introduced in 7.12.3 +

CURLINFO_SPEED_DOWNLOAD +

Introduced in 7.4.1 +

CURLINFO_SPEED_UPLOAD +

Introduced in 7.4.1 +

CURLINFO_SSL_DATA_IN +

Introduced in 7.12.1 +

CURLINFO_SSL_DATA_OUT +

Introduced in 7.12.1 +

CURLINFO_SSL_ENGINES +

Introduced in 7.12.3 +

CURLINFO_SSL_VERIFYRESULT +

Introduced in 7.5 +

CURLINFO_STARTTRANSFER_TIME +

Introduced in 7.9.2 +

CURLINFO_STRING +

Introduced in 7.4.1 +

CURLINFO_TEXT +

Introduced in 7.9.6 +

CURLINFO_TLS_SESSION +

Introduced in 7.34.0 +

CURLINFO_TOTAL_TIME +

Introduced in 7.4.1 +

CURLINFO_TYPEMASK +

Introduced in 7.4.1 +

CURLIOCMD_NOP +

Introduced in 7.12.3 +

CURLIOCMD_RESTARTREAD +

Introduced in 7.12.3 +

CURLIOE_FAILRESTART +

Introduced in 7.12.3 +

CURLIOE_OK +

Introduced in 7.12.3 +

CURLIOE_UNKNOWNCMD +

Introduced in 7.12.3 +

CURLKHMATCH_MISMATCH +

Introduced in 7.19.6 +

CURLKHMATCH_MISSING +

Introduced in 7.19.6 +

CURLKHMATCH_OK +

Introduced in 7.19.6 +

CURLKHSTAT_DEFER +

Introduced in 7.19.6 +

CURLKHSTAT_FINE +

Introduced in 7.19.6 +

CURLKHSTAT_FINE_ADD_TO_FILE +

Introduced in 7.19.6 +

CURLKHSTAT_REJECT +

Introduced in 7.19.6 +

CURLKHTYPE_DSS +

Introduced in 7.19.6 +

CURLKHTYPE_RSA +

Introduced in 7.19.6 +

CURLKHTYPE_RSA1 +

Introduced in 7.19.6 +

CURLKHTYPE_UNKNOWN +

Introduced in 7.19.6 +

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE +

Introduced in 7.30.0 +

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE +

Introduced in 7.30.0 +

CURLMOPT_MAXCONNECTS +

Introduced in 7.16.3 +

CURLMOPT_MAX_HOST_CONNECTIONS +

Introduced in 7.30.0 +

CURLMOPT_MAX_PIPELINE_LENGTH +

Introduced in 7.30.0 +

CURLMOPT_MAX_TOTAL_CONNECTIONS +

Introduced in 7.30.0 +

CURLMOPT_PIPELINING +

Introduced in 7.16.0 +

CURLMOPT_PIPELINING_SERVER_BL +

Introduced in 7.30.0 +

CURLMOPT_PIPELINING_SITE_BL +

Introduced in 7.30.0 +

CURLMOPT_SOCKETDATA +

Introduced in 7.15.4 +

CURLMOPT_SOCKETFUNCTION +

Introduced in 7.15.4 +

CURLMOPT_TIMERDATA +

Introduced in 7.16.0 +

CURLMOPT_TIMERFUNCTION +

Introduced in 7.16.0 +

CURLMSG_DONE +

Introduced in 7.9.6 +

CURLMSG_NONE +

Introduced in 7.9.6 +

CURLM_ADDED_ALREADY +

Introduced in 7.32.1 +

CURLM_BAD_EASY_HANDLE +

Introduced in 7.9.6 +

CURLM_BAD_HANDLE +

Introduced in 7.9.6 +

CURLM_BAD_SOCKET +

Introduced in 7.15.4 +

CURLM_CALL_MULTI_PERFORM +

Introduced in 7.9.6 +

CURLM_CALL_MULTI_SOCKET +

Introduced in 7.15.5 +

CURLM_INTERNAL_ERROR +

Introduced in 7.9.6 +

CURLM_OK +

Introduced in 7.9.6 +

CURLM_OUT_OF_MEMORY +

Introduced in 7.9.6 +

CURLM_UNKNOWN_OPTION +

Introduced in 7.15.4 +

CURLOPTTYPE_FUNCTIONPOINT +

Introduced in 7.1 +

CURLOPTTYPE_LONG +

Introduced in 7.1 +

CURLOPTTYPE_OBJECTPOINT +

Introduced in 7.1 +

CURLOPTTYPE_OFF_T +

Introduced in 7.11.0 +

CURLOPT_ACCEPTTIMEOUT_MS +

Introduced in 7.24.0 +

CURLOPT_ACCEPT_ENCODING +

Introduced in 7.21.6 +

CURLOPT_ADDRESS_SCOPE +

Introduced in 7.19.0 +

CURLOPT_APPEND +

Introduced in 7.17.0 +

CURLOPT_AUTOREFERER +

Introduced in 7.1 +

CURLOPT_BUFFERSIZE +

Introduced in 7.10 +

CURLOPT_CAINFO +

Introduced in 7.4.2 +

CURLOPT_CAPATH +

Introduced in 7.9.8 +

CURLOPT_CERTINFO +

Introduced in 7.19.1 +

CURLOPT_CHUNK_BGN_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_CHUNK_DATA +

Introduced in 7.21.0 +

CURLOPT_CHUNK_END_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_CLOSEFUNCTION +

Introduced in 7.7 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_CLOSEPOLICY +

Introduced in 7.7 Deprecated since 7.16.1 +

CURLOPT_CLOSESOCKETDATA +

Introduced in 7.21.7 +

CURLOPT_CLOSESOCKETFUNCTION +

Introduced in 7.21.7 +

CURLOPT_CONNECTTIMEOUT +

Introduced in 7.7 +

CURLOPT_CONNECTTIMEOUT_MS +

Introduced in 7.16.2 +

CURLOPT_CONNECT_ONLY +

Introduced in 7.15.2 +

CURLOPT_CONV_FROM_NETWORK_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_CONV_FROM_UTF8_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_CONV_TO_NETWORK_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_COOKIE +

Introduced in 7.1 +

CURLOPT_COOKIEFILE +

Introduced in 7.1 +

CURLOPT_COOKIEJAR +

Introduced in 7.9 +

CURLOPT_COOKIELIST +

Introduced in 7.14.1 +

CURLOPT_COOKIESESSION +

Introduced in 7.9.7 +

CURLOPT_COPYPOSTFIELDS +

Introduced in 7.17.1 +

CURLOPT_CRLF +

Introduced in 7.1 +

CURLOPT_CRLFILE +

Introduced in 7.19.0 +

CURLOPT_CUSTOMREQUEST +

Introduced in 7.1 +

CURLOPT_DEBUGDATA +

Introduced in 7.9.6 +

CURLOPT_DEBUGFUNCTION +

Introduced in 7.9.6 +

CURLOPT_DIRLISTONLY +

Introduced in 7.17.0 +

CURLOPT_DNS_CACHE_TIMEOUT +

Introduced in 7.9.3 +

CURLOPT_DNS_INTERFACE +

Introduced in 7.33.0 +

CURLOPT_DNS_LOCAL_IP4 +

Introduced in 7.33.0 +

CURLOPT_DNS_LOCAL_IP6 +

Introduced in 7.33.0 +

CURLOPT_DNS_SERVERS +

Introduced in 7.24.0 +

CURLOPT_DNS_USE_GLOBAL_CACHE +

Introduced in 7.9.3 Deprecated since 7.11.1 +

CURLOPT_EGDSOCKET +

Introduced in 7.7 +

CURLOPT_ENCODING +

Introduced in 7.10 +

CURLOPT_ERRORBUFFER +

Introduced in 7.1 +

CURLOPT_EXPECT_100_TIMEOUT_MS +

Introduced in 7.36.0 +

CURLOPT_FAILONERROR +

Introduced in 7.1 +

CURLOPT_FILE +

Introduced in 7.1 Deprecated since 7.9.7 +

CURLOPT_FILETIME +

Introduced in 7.5 +

CURLOPT_FNMATCH_DATA +

Introduced in 7.21.0 +

CURLOPT_FNMATCH_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_FOLLOWLOCATION +

Introduced in 7.1 +

CURLOPT_FORBID_REUSE +

Introduced in 7.7 +

CURLOPT_FRESH_CONNECT +

Introduced in 7.7 +

CURLOPT_FTPAPPEND +

Introduced in 7.1 Deprecated since 7.16.4 +

CURLOPT_FTPASCII +

Introduced in 7.1 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_FTPLISTONLY +

Introduced in 7.1 Deprecated since 7.16.4 +

CURLOPT_FTPPORT +

Introduced in 7.1 +

CURLOPT_FTPSSLAUTH +

Introduced in 7.12.2 +

CURLOPT_FTP_ACCOUNT +

Introduced in 7.13.0 +

CURLOPT_FTP_ALTERNATIVE_TO_USER +

Introduced in 7.15.5 +

CURLOPT_FTP_CREATE_MISSING_DIRS +

Introduced in 7.10.7 +

CURLOPT_FTP_FILEMETHOD +

Introduced in 7.15.1 +

CURLOPT_FTP_RESPONSE_TIMEOUT +

Introduced in 7.10.8 +

CURLOPT_FTP_SKIP_PASV_IP +

Introduced in 7.15.0 +

CURLOPT_FTP_SSL +

Introduced in 7.11.0 Deprecated since 7.16.4 +

CURLOPT_FTP_SSL_CCC +

Introduced in 7.16.1 +

CURLOPT_FTP_USE_EPRT +

Introduced in 7.10.5 +

CURLOPT_FTP_USE_EPSV +

Introduced in 7.9.2 +

CURLOPT_FTP_USE_PRET +

Introduced in 7.20.0 +

CURLOPT_GSSAPI_DELEGATION +

Introduced in 7.22.0 +

CURLOPT_HEADER +

Introduced in 7.1 +

CURLOPT_HEADERDATA +

Introduced in 7.10 +

CURLOPT_HEADERFUNCTION +

Introduced in 7.7.2 +

CURLOPT_HEADEROPT +

Introduced in 7.37.0 +

CURLOPT_HTTP200ALIASES +

Introduced in 7.10.3 +

CURLOPT_HTTPAUTH +

Introduced in 7.10.6 +

CURLOPT_HTTPGET +

Introduced in 7.8.1 +

CURLOPT_HTTPHEADER +

Introduced in 7.1 +

CURLOPT_HTTPPOST +

Introduced in 7.1 +

CURLOPT_HTTPPROXYTUNNEL +

Introduced in 7.3 +

CURLOPT_HTTPREQUEST +

Introduced in 7.1 +

CURLOPT_HTTP_CONTENT_DECODING +

Introduced in 7.16.2 +

CURLOPT_HTTP_TRANSFER_DECODING +

Introduced in 7.16.2 +

CURLOPT_HTTP_VERSION +

Introduced in 7.9.1 +

CURLOPT_IGNORE_CONTENT_LENGTH +

Introduced in 7.14.1 +

CURLOPT_INFILE +

Introduced in 7.1 Deprecated since 7.9.7 +

CURLOPT_INFILESIZE +

Introduced in 7.1 +

CURLOPT_INFILESIZE_LARGE +

Introduced in 7.11.0 +

CURLOPT_INTERFACE +

Introduced in 7.3 +

CURLOPT_INTERLEAVEDATA +

Introduced in 7.20.0 +

CURLOPT_INTERLEAVEFUNCTION +

Introduced in 7.20.0 +

CURLOPT_IOCTLDATA +

Introduced in 7.12.3 +

CURLOPT_IOCTLFUNCTION +

Introduced in 7.12.3 +

CURLOPT_IPRESOLVE +

Introduced in 7.10.8 +

CURLOPT_ISSUERCERT +

Introduced in 7.19.0 +

CURLOPT_KEYPASSWD +

Introduced in 7.17.0 +

CURLOPT_KRB4LEVEL +

Introduced in 7.3 Deprecated since 7.17.0 +

CURLOPT_KRBLEVEL +

Introduced in 7.16.4 +

CURLOPT_LOCALPORT +

Introduced in 7.15.2 +

CURLOPT_LOCALPORTRANGE +

Introduced in 7.15.2 +

CURLOPT_LOGIN_OPTIONS +

Introduced in 7.34.0 +

CURLOPT_LOW_SPEED_LIMIT +

Introduced in 7.1 +

CURLOPT_LOW_SPEED_TIME +

Introduced in 7.1 +

CURLOPT_MAIL_AUTH +

Introduced in 7.25.0 +

CURLOPT_MAIL_FROM +

Introduced in 7.20.0 +

CURLOPT_MAIL_RCPT +

Introduced in 7.20.0 +

CURLOPT_MAXCONNECTS +

Introduced in 7.7 +

CURLOPT_MAXFILESIZE +

Introduced in 7.10.8 +

CURLOPT_MAXFILESIZE_LARGE +

Introduced in 7.11.0 +

CURLOPT_MAXREDIRS +

Introduced in 7.5 +

CURLOPT_MAX_RECV_SPEED_LARGE +

Introduced in 7.15.5 +

CURLOPT_MAX_SEND_SPEED_LARGE +

Introduced in 7.15.5 +

CURLOPT_MUTE +

Introduced in 7.1 Deprecated since 7.8 Last used in 7.8 +

CURLOPT_NETRC +

Introduced in 7.1 +

CURLOPT_NETRC_FILE +

Introduced in 7.11.0 +

CURLOPT_NEW_DIRECTORY_PERMS +

Introduced in 7.16.4 +

CURLOPT_NEW_FILE_PERMS +

Introduced in 7.16.4 +

CURLOPT_NOBODY +

Introduced in 7.1 +

CURLOPT_NOPROGRESS +

Introduced in 7.1 +

CURLOPT_NOPROXY +

Introduced in 7.19.4 +

CURLOPT_NOSIGNAL +

Introduced in 7.10 +

CURLOPT_NOTHING +

Introduced in 7.1.1 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_OPENSOCKETDATA +

Introduced in 7.17.1 +

CURLOPT_OPENSOCKETFUNCTION +

Introduced in 7.17.1 +

CURLOPT_PASSWDDATA +

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_PASSWDFUNCTION +

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_PASSWORD +

Introduced in 7.19.1 +

CURLOPT_PASV_HOST +

Introduced in 7.12.1 Deprecated since 7.16.0 Last used in 7.16.0 +

CURLOPT_PATH_AS_IS +

Introduced in 7.42.0 +

CURLOPT_PINNEDPUBLICKEY +

Introduced in 7.39.0 +

CURLOPT_PIPEWAIT +

Introduced in 7.43.0 +

CURLOPT_PORT +

Introduced in 7.1 +

CURLOPT_POST +

Introduced in 7.1 +

CURLOPT_POST301 +

Introduced in 7.17.1 Deprecated since 7.19.1 +

CURLOPT_POSTFIELDS +

Introduced in 7.1 +

CURLOPT_POSTFIELDSIZE +

Introduced in 7.2 +

CURLOPT_POSTFIELDSIZE_LARGE +

Introduced in 7.11.1 +

CURLOPT_POSTQUOTE +

Introduced in 7.1 +

CURLOPT_POSTREDIR +

Introduced in 7.19.1 +

CURLOPT_PREQUOTE +

Introduced in 7.9.5 +

CURLOPT_PRIVATE +

Introduced in 7.10.3 +

CURLOPT_PROGRESSDATA +

Introduced in 7.1 +

CURLOPT_PROGRESSFUNCTION +

Introduced in 7.1 Deprecated since 7.32.0 +

CURLOPT_PROTOCOLS +

Introduced in 7.19.4 +

CURLOPT_PROXY +

Introduced in 7.1 +

CURLOPT_PROXYAUTH +

Introduced in 7.10.7 +

CURLOPT_PROXYHEADER +

Introduced in 7.37.0 +

CURLOPT_PROXYPASSWORD +

Introduced in 7.19.1 +

CURLOPT_PROXYPORT +

Introduced in 7.1 +

CURLOPT_PROXYTYPE +

Introduced in 7.10 +

CURLOPT_PROXYUSERNAME +

Introduced in 7.19.1 +

CURLOPT_PROXYUSERPWD +

Introduced in 7.1 +

CURLOPT_PROXY_SERVICE_NAME +

Introduced in 7.43.0 +

CURLOPT_PROXY_TRANSFER_MODE +

Introduced in 7.18.0 +

CURLOPT_PUT +

Introduced in 7.1 +

CURLOPT_QUOTE +

Introduced in 7.1 +

CURLOPT_RANDOM_FILE +

Introduced in 7.7 +

CURLOPT_RANGE +

Introduced in 7.1 +

CURLOPT_READDATA +

Introduced in 7.9.7 +

CURLOPT_READFUNCTION +

Introduced in 7.1 +

CURLOPT_REDIR_PROTOCOLS +

Introduced in 7.19.4 +

CURLOPT_REFERER +

Introduced in 7.1 +

CURLOPT_RESOLVE +

Introduced in 7.21.3 +

CURLOPT_RESUME_FROM +

Introduced in 7.1 +

CURLOPT_RESUME_FROM_LARGE +

Introduced in 7.11.0 +

CURLOPT_RTSPHEADER +

Introduced in 7.20.0 +

CURLOPT_RTSP_CLIENT_CSEQ +

Introduced in 7.20.0 +

CURLOPT_RTSP_REQUEST +

Introduced in 7.20.0 +

CURLOPT_RTSP_SERVER_CSEQ +

Introduced in 7.20.0 +

CURLOPT_RTSP_SESSION_ID +

Introduced in 7.20.0 +

CURLOPT_RTSP_STREAM_URI +

Introduced in 7.20.0 +

CURLOPT_RTSP_TRANSPORT +

Introduced in 7.20.0 +

CURLOPT_SASL_IR +

Introduced in 7.31.0 +

CURLOPT_SEEKDATA +

Introduced in 7.18.0 +

CURLOPT_SEEKFUNCTION +

Introduced in 7.18.0 +

CURLOPT_SERVER_RESPONSE_TIMEOUT +

Introduced in 7.20.0 +

CURLOPT_SERVICE_NAME +

Introduced in 7.43.0 +

CURLOPT_SHARE +

Introduced in 7.10 +

CURLOPT_SOCKOPTDATA +

Introduced in 7.16.0 +

CURLOPT_SOCKOPTFUNCTION +

Introduced in 7.16.0 +

CURLOPT_SOCKS5_GSSAPI_NEC +

Introduced in 7.19.4 +

CURLOPT_SOCKS5_GSSAPI_SERVICE +

Introduced in 7.19.4 +

CURLOPT_SOURCE_HOST +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PATH +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PORT +

Introduced in 7.12.1 +

CURLOPT_SOURCE_POSTQUOTE +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PREQUOTE +

Introduced in 7.12.1 +

CURLOPT_SOURCE_QUOTE +

Introduced in 7.13.0 +

CURLOPT_SOURCE_URL +

Introduced in 7.13.0 +

CURLOPT_SOURCE_USERPWD +

Introduced in 7.12.1 +

CURLOPT_SSH_AUTH_TYPES +

Introduced in 7.16.1 +

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 +

Introduced in 7.17.1 +

CURLOPT_SSH_KEYDATA +

Introduced in 7.19.6 +

CURLOPT_SSH_KEYFUNCTION +

Introduced in 7.19.6 +

CURLOPT_SSH_KNOWNHOSTS +

Introduced in 7.19.6 +

CURLOPT_SSH_PRIVATE_KEYFILE +

Introduced in 7.16.1 +

CURLOPT_SSH_PUBLIC_KEYFILE +

Introduced in 7.16.1 +

CURLOPT_SSLCERT +

Introduced in 7.1 +

CURLOPT_SSLCERTPASSWD +

Introduced in 7.1.1 Deprecated since 7.17.0 +

CURLOPT_SSLCERTTYPE +

Introduced in 7.9.3 +

CURLOPT_SSLENGINE +

Introduced in 7.9.3 +

CURLOPT_SSLENGINE_DEFAULT +

Introduced in 7.9.3 +

CURLOPT_SSLKEY +

Introduced in 7.9.3 +

CURLOPT_SSLKEYPASSWD +

Introduced in 7.9.3 Deprecated since 7.17.0 +

CURLOPT_SSLKEYTYPE +

Introduced in 7.9.3 +

CURLOPT_SSLVERSION +

Introduced in 7.1 +

CURLOPT_SSL_CIPHER_LIST +

Introduced in 7.9 +

CURLOPT_SSL_CTX_DATA +

Introduced in 7.10.6 +

CURLOPT_SSL_CTX_FUNCTION +

Introduced in 7.10.6 +

CURLOPT_SSL_ENABLE_ALPN +

Introduced in 7.36.0 +

CURLOPT_SSL_ENABLE_NPN +

Introduced in 7.36.0 +

CURLOPT_SSL_FALSESTART +

Introduced in 7.42.0 +

CURLOPT_SSL_OPTIONS +

Introduced in 7.25.0 +

CURLOPT_SSL_SESSIONID_CACHE +

Introduced in 7.16.0 +

CURLOPT_SSL_VERIFYHOST +

Introduced in 7.8.1 +

CURLOPT_SSL_VERIFYPEER +

Introduced in 7.4.2 +

CURLOPT_SSL_VERIFYSTATUS +

Introduced in 7.41.0 +

CURLOPT_STDERR +

Introduced in 7.1 +

CURLOPT_TCP_KEEPALIVE +

Introduced in 7.25.0 +

CURLOPT_TCP_KEEPIDLE +

Introduced in 7.25.0 +

CURLOPT_TCP_KEEPINTVL +

Introduced in 7.25.0 +

CURLOPT_TCP_NODELAY +

Introduced in 7.11.2 +

CURLOPT_TELNETOPTIONS +

Introduced in 7.7 +

CURLOPT_TFTP_BLKSIZE +

Introduced in 7.19.4 +

CURLOPT_TIMECONDITION +

Introduced in 7.1 +

CURLOPT_TIMEOUT +

Introduced in 7.1 +

CURLOPT_TIMEOUT_MS +

Introduced in 7.16.2 +

CURLOPT_TIMEVALUE +

Introduced in 7.1 +

CURLOPT_TLSAUTH_PASSWORD +

Introduced in 7.21.4 +

CURLOPT_TLSAUTH_TYPE +

Introduced in 7.21.4 +

CURLOPT_TLSAUTH_USERNAME +

Introduced in 7.21.4 +

CURLOPT_TRANSFERTEXT +

Introduced in 7.1.1 +

CURLOPT_TRANSFER_ENCODING +

Introduced in 7.21.6 +

CURLOPT_UNIX_SOCKET_PATH +

Introduced in 7.40.0 +

CURLOPT_UNRESTRICTED_AUTH +

Introduced in 7.10.4 +

CURLOPT_UPLOAD +

Introduced in 7.1 +

CURLOPT_URL +

Introduced in 7.1 +

CURLOPT_USERAGENT +

Introduced in 7.1 +

CURLOPT_USERNAME +

Introduced in 7.19.1 +

CURLOPT_USERPWD +

Introduced in 7.1 +

CURLOPT_USE_SSL +

Introduced in 7.17.0 +

CURLOPT_VERBOSE +

Introduced in 7.1 +

CURLOPT_WILDCARDMATCH +

Introduced in 7.21.0 +

CURLOPT_WRITEDATA +

Introduced in 7.9.7 +

CURLOPT_WRITEFUNCTION +

Introduced in 7.1 +

CURLOPT_WRITEHEADER +

Introduced in 7.1 +

CURLOPT_WRITEINFO +

Introduced in 7.1 +

CURLOPT_XFERINFODATA +

Introduced in 7.32.0 +

CURLOPT_XFERINFOFUNCTION +

Introduced in 7.32.0 +

CURLOPT_XOAUTH2_BEARER +

Introduced in 7.33.0 +

CURLPAUSE_ALL +

Introduced in 7.18.0 +

CURLPAUSE_CONT +

Introduced in 7.18.0 +

CURLPAUSE_RECV +

Introduced in 7.18.0 +

CURLPAUSE_RECV_CONT +

Introduced in 7.18.0 +

CURLPAUSE_SEND +

Introduced in 7.18.0 +

CURLPAUSE_SEND_CONT +

Introduced in 7.18.0 +

CURLPIPE_HTTP1 +

Introduced in 7.43.0 +

CURLPIPE_MULTIPLEX +

Introduced in 7.43.0 +

CURLPIPE_NOTHING +

Introduced in 7.43.0 +

CURLPROTO_ALL +

Introduced in 7.19.4 +

CURLPROTO_DICT +

Introduced in 7.19.4 +

CURLPROTO_FILE +

Introduced in 7.19.4 +

CURLPROTO_FTP +

Introduced in 7.19.4 +

CURLPROTO_FTPS +

Introduced in 7.19.4 +

CURLPROTO_GOPHER +

Introduced in 7.21.2 +

CURLPROTO_HTTP +

Introduced in 7.19.4 +

CURLPROTO_HTTPS +

Introduced in 7.19.4 +

CURLPROTO_IMAP +

Introduced in 7.20.0 +

CURLPROTO_IMAPS +

Introduced in 7.20.0 +

CURLPROTO_LDAP +

Introduced in 7.19.4 +

CURLPROTO_LDAPS +

Introduced in 7.19.4 +

CURLPROTO_POP3 +

Introduced in 7.20.0 +

CURLPROTO_POP3S +

Introduced in 7.20.0 +

CURLPROTO_RTMP +

Introduced in 7.21.0 +

CURLPROTO_RTMPE +

Introduced in 7.21.0 +

CURLPROTO_RTMPS +

Introduced in 7.21.0 +

CURLPROTO_RTMPT +

Introduced in 7.21.0 +

CURLPROTO_RTMPTE +

Introduced in 7.21.0 +

CURLPROTO_RTMPTS +

Introduced in 7.21.0 +

CURLPROTO_RTSP +

Introduced in 7.20.0 +

CURLPROTO_SCP +

Introduced in 7.19.4 +

CURLPROTO_SFTP +

Introduced in 7.19.4 +

CURLPROTO_SMB +

Introduced in 7.40.0 +

CURLPROTO_SMBS +

Introduced in 7.40.0 +

CURLPROTO_SMTP +

Introduced in 7.20.0 +

CURLPROTO_SMTPS +

Introduced in 7.20.0 +

CURLPROTO_TELNET +

Introduced in 7.19.4 +

CURLPROTO_TFTP +

Introduced in 7.19.4 +

CURLPROXY_HTTP +

Introduced in 7.10 +

CURLPROXY_HTTP_1_0 +

Introduced in 7.19.4 +

CURLPROXY_SOCKS4 +

Introduced in 7.10 +

CURLPROXY_SOCKS4A +

Introduced in 7.18.0 +

CURLPROXY_SOCKS5 +

Introduced in 7.10 +

CURLPROXY_SOCKS5_HOSTNAME +

Introduced in 7.18.0 +

CURLSHE_BAD_OPTION +

Introduced in 7.10.3 +

CURLSHE_INVALID +

Introduced in 7.10.3 +

CURLSHE_IN_USE +

Introduced in 7.10.3 +

CURLSHE_NOMEM +

Introduced in 7.12.0 +

CURLSHE_NOT_BUILT_IN +

Introduced in 7.23.0 +

CURLSHE_OK +

Introduced in 7.10.3 +

CURLSHOPT_LOCKFUNC +

Introduced in 7.10.3 +

CURLSHOPT_NONE +

Introduced in 7.10.3 +

CURLSHOPT_SHARE +

Introduced in 7.10.3 +

CURLSHOPT_UNLOCKFUNC +

Introduced in 7.10.3 +

CURLSHOPT_UNSHARE +

Introduced in 7.10.3 +

CURLSHOPT_USERDATA +

Introduced in 7.10.3 +

CURLSOCKTYPE_ACCEPT +

Introduced in 7.28.0 +

CURLSOCKTYPE_IPCXN +

Introduced in 7.16.0 +

CURLSSH_AUTH_AGENT +

Introduced in 7.28.0 +

CURLSSH_AUTH_ANY +

Introduced in 7.16.1 +

CURLSSH_AUTH_DEFAULT +

Introduced in 7.16.1 +

CURLSSH_AUTH_HOST +

Introduced in 7.16.1 +

CURLSSH_AUTH_KEYBOARD +

Introduced in 7.16.1 +

CURLSSH_AUTH_NONE +

Introduced in 7.16.1 +

CURLSSH_AUTH_PASSWORD +

Introduced in 7.16.1 +

CURLSSH_AUTH_PUBLICKEY +

Introduced in 7.16.1 +

CURLSSLBACKEND_AXTLS +

Introduced in 7.38.0 +

CURLSSLBACKEND_CYASSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_DARWINSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_GNUTLS +

Introduced in 7.34.0 +

CURLSSLBACKEND_GSKIT +

Introduced in 7.34.0 +

CURLSSLBACKEND_NONE +

Introduced in 7.34.0 +

CURLSSLBACKEND_NSS +

Introduced in 7.34.0 +

CURLSSLBACKEND_OPENSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_POLARSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_QSOSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_SCHANNEL +

Introduced in 7.34.0 +

CURLSSLOPT_ALLOW_BEAST +

Introduced in 7.25.0 +

CURLUSESSL_ALL +

Introduced in 7.17.0 +

CURLUSESSL_CONTROL +

Introduced in 7.17.0 +

CURLUSESSL_NONE +

Introduced in 7.17.0 +

CURLUSESSL_TRY +

Introduced in 7.17.0 +

CURLVERSION_FIRST +

Introduced in 7.10 +

CURLVERSION_FOURTH +

Introduced in 7.16.1 +

CURLVERSION_NOW +

Introduced in 7.10 +

CURLVERSION_SECOND +

Introduced in 7.11.1 +

CURLVERSION_THIRD +

Introduced in 7.12.0 +

CURL_CHUNK_BGN_FUNC_FAIL +

Introduced in 7.21.0 +

CURL_CHUNK_BGN_FUNC_OK +

Introduced in 7.21.0 +

CURL_CHUNK_BGN_FUNC_SKIP +

Introduced in 7.21.0 +

CURL_CHUNK_END_FUNC_FAIL +

Introduced in 7.21.0 +

CURL_CHUNK_END_FUNC_OK +

Introduced in 7.21.0 +

CURL_CSELECT_ERR +

Introduced in 7.16.3 +

CURL_CSELECT_IN +

Introduced in 7.16.3 +

CURL_CSELECT_OUT +

Introduced in 7.16.3 +

CURL_EASY_NONE +

Introduced in 7.14.0 +

CURL_EASY_TIMEOUT +

Introduced in 7.14.0 +

CURL_ERROR_SIZE +

Introduced in 7.1 +

CURL_FNMATCHFUNC_FAIL +

Introduced in 7.21.0 +

CURL_FNMATCHFUNC_MATCH +

Introduced in 7.21.0 +

CURL_FNMATCHFUNC_NOMATCH +

Introduced in 7.21.0 +

CURL_FORMADD_DISABLED +

Introduced in 7.12.1 +

CURL_FORMADD_ILLEGAL_ARRAY +

Introduced in 7.9.8 +

CURL_FORMADD_INCOMPLETE +

Introduced in 7.9.8 +

CURL_FORMADD_MEMORY +

Introduced in 7.9.8 +

CURL_FORMADD_NULL +

Introduced in 7.9.8 +

CURL_FORMADD_OK +

Introduced in 7.9.8 +

CURL_FORMADD_OPTION_TWICE +

Introduced in 7.9.8 +

CURL_FORMADD_UNKNOWN_OPTION +

Introduced in 7.9.8 +

CURL_GLOBAL_ACK_EINTR +

Introduced in 7.30.0 +

CURL_GLOBAL_ALL +

Introduced in 7.8 +

CURL_GLOBAL_DEFAULT +

Introduced in 7.8 +

CURL_GLOBAL_NOTHING +

Introduced in 7.8 +

CURL_GLOBAL_SSL +

Introduced in 7.8 +

CURL_GLOBAL_WIN32 +

Introduced in 7.8.1 +

CURL_HTTP_VERSION_1_0 +

Introduced in 7.9.1 +

CURL_HTTP_VERSION_1_1 +

Introduced in 7.9.1 +

CURL_HTTP_VERSION_2_0 +

Introduced in 7.33.0 +

CURL_HTTP_VERSION_2 +

Introduced in 7.43.0 +

CURL_HTTP_VERSION_NONE +

Introduced in 7.9.1 +

CURL_IPRESOLVE_V4 +

Introduced in 7.10.8 +

CURL_IPRESOLVE_V6 +

Introduced in 7.10.8 +

CURL_IPRESOLVE_WHATEVER +

Introduced in 7.10.8 +

CURL_LOCK_ACCESS_NONE +

Introduced in 7.10.3 +

CURL_LOCK_ACCESS_SHARED +

Introduced in 7.10.3 +

CURL_LOCK_ACCESS_SINGLE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_CONNECT +

Introduced in 7.10.3 +

CURL_LOCK_DATA_COOKIE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_DNS +

Introduced in 7.10.3 +

CURL_LOCK_DATA_NONE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_SHARE +

Introduced in 7.10.4 +

CURL_LOCK_DATA_SSL_SESSION +

Introduced in 7.10.3 +

CURL_LOCK_TYPE_CONNECT +

Introduced in 7.10 +

CURL_LOCK_TYPE_COOKIE +

Introduced in 7.10 +

CURL_LOCK_TYPE_DNS +

Introduced in 7.10 +

CURL_LOCK_TYPE_NONE +

Introduced in 7.10 +

CURL_LOCK_TYPE_SSL_SESSION +

Introduced in 7.10 +

CURL_MAX_HTTP_HEADER +

Introduced in 7.19.7 +

CURL_MAX_WRITE_SIZE +

Introduced in 7.9.7 +

CURL_NETRC_IGNORED +

Introduced in 7.9.8 +

CURL_NETRC_OPTIONAL +

Introduced in 7.9.8 +

CURL_NETRC_REQUIRED +

Introduced in 7.9.8 +

CURL_POLL_IN +

Introduced in 7.14.0 +

CURL_POLL_INOUT +

Introduced in 7.14.0 +

CURL_POLL_NONE +

Introduced in 7.14.0 +

CURL_POLL_OUT +

Introduced in 7.14.0 +

CURL_POLL_REMOVE +

Introduced in 7.14.0 +

CURL_PROGRESS_BAR +

Introduced in 7.1.1 +

CURL_PROGRESS_STATS +

Introduced in 7.1.1 +

CURL_READFUNC_ABORT +

Introduced in 7.12.1 +

CURL_READFUNC_PAUSE +

Introduced in 7.18.0 +

CURL_REDIR_GET_ALL +

Introduced in 7.19.1 +

CURL_REDIR_POST_301 +

Introduced in 7.19.1 +

CURL_REDIR_POST_302 +

Introduced in 7.19.1 +

CURL_REDIR_POST_303 +

Introduced in 7.25.1 +

CURL_REDIR_POST_ALL +

Introduced in 7.19.1 +

CURL_RTSPREQ_ANNOUNCE +

Introduced in 7.20.0 +

CURL_RTSPREQ_DESCRIBE +

Introduced in 7.20.0 +

CURL_RTSPREQ_GET_PARAMETER +

Introduced in 7.20.0 +

CURL_RTSPREQ_NONE +

Introduced in 7.20.0 +

CURL_RTSPREQ_OPTIONS +

Introduced in 7.20.0 +

CURL_RTSPREQ_PAUSE +

Introduced in 7.20.0 +

CURL_RTSPREQ_PLAY +

Introduced in 7.20.0 +

CURL_RTSPREQ_RECEIVE +

Introduced in 7.20.0 +

CURL_RTSPREQ_RECORD +

Introduced in 7.20.0 +

CURL_RTSPREQ_SETUP +

Introduced in 7.20.0 +

CURL_RTSPREQ_SET_PARAMETER +

Introduced in 7.20.0 +

CURL_RTSPREQ_TEARDOWN +

Introduced in 7.20.0 +

CURL_SEEKFUNC_CANTSEEK +

Introduced in 7.19.5 +

CURL_SEEKFUNC_FAIL +

Introduced in 7.19.5 +

CURL_SEEKFUNC_OK +

Introduced in 7.19.5 +

CURL_SOCKET_BAD +

Introduced in 7.14.0 +

CURL_SOCKET_TIMEOUT +

Introduced in 7.14.0 +

CURL_SOCKOPT_ALREADY_CONNECTED +

Introduced in 7.21.5 +

CURL_SOCKOPT_ERROR +

Introduced in 7.21.5 +

CURL_SOCKOPT_OK +

Introduced in 7.21.5 +

CURL_SSLVERSION_DEFAULT +

Introduced in 7.9.2 +

CURL_SSLVERSION_SSL +

Introduced in +

CURL_SSLVERSION_SSL +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_TIMECOND_IFMODSINCE +

Introduced in 7.9.7 +

CURL_TIMECOND_IFUNMODSINCE +

Introduced in 7.9.7 +

CURL_TIMECOND_LASTMOD +

Introduced in 7.9.7 +

CURL_TIMECOND_NONE +

Introduced in 7.9.7 +

CURL_TLSAUTH_NONE +

Introduced in 7.21.4 +

CURL_TLSAUTH_SRP +

Introduced in 7.21.4 +

CURL_VERSION_ASYNCHDNS +

Introduced in 7.10.7 +

CURL_VERSION_CONV +

Introduced in 7.15.4 +

CURL_VERSION_CURLDEBUG +

Introduced in 7.19.6 +

CURL_VERSION_DEBUG +

Introduced in 7.10.6 +

CURL_VERSION_GSSAPI +

Introduced in 7.38.0 +

CURL_VERSION_GSSNEGOTIATE +

Introduced in 7.10.6 Deprecated since 7.38.0 +

CURL_VERSION_HTTP2 +

Introduced in 7.33.0 +

CURL_VERSION_IDN +

Introduced in 7.12.0 +

CURL_VERSION_IPV6 +

Introduced in 7.10 +

CURL_VERSION_KERBEROS4 +

Introduced in 7.10 Deprecated since 7.33.0 +

CURL_VERSION_KERBEROS5 +

Introduced in 7.40.0 +

CURL_VERSION_LARGEFILE +

Introduced in 7.11.1 +

CURL_VERSION_LIBZ +

Introduced in 7.10 +

CURL_VERSION_NTLM +

Introduced in 7.10.6 +

CURL_VERSION_NTLM_WB +

Introduced in 7.22.0 +

CURL_VERSION_SPNEGO +

Introduced in 7.10.8 +

CURL_VERSION_SSL +

Introduced in 7.10 +

CURL_VERSION_SSPI +

Introduced in 7.13.2 +

CURL_VERSION_TLSAUTH_SRP +

Introduced in 7.21.4 +

CURL_VERSION_UNIX_SOCKETS +

Introduced in 7.40.0 +

CURL_WAIT_POLLIN +

Introduced in 7.28.0 +

CURL_WAIT_POLLOUT +

Introduced in 7.28.0 +

CURL_WAIT_POLLPRI +

Introduced in 7.28.0 +

CURL_WRITEFUNC_PAUSE +

Introduced in 7.18.0

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/libcurl-symbols.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/libcurl-symbols.pdf differ diff -Nru curl-7.38.0/docs/libcurl/libcurl-tutorial.3 curl-7.43.0/docs/libcurl/libcurl-tutorial.3 --- curl-7.38.0/docs/libcurl/libcurl-tutorial.3 2014-09-03 13:22:36.000000000 +0000 +++ curl-7.43.0/docs/libcurl/libcurl-tutorial.3 2015-06-10 22:30:45.000000000 +0000 @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH libcurl-tutorial 3 "2 Aug 2014" "libcurl" "libcurl programming" +.TH libcurl-tutorial 3 "19 Sep 2014" "libcurl" "libcurl programming" .SH NAME libcurl-tutorial \- libcurl programming tutorial .SH "Objective" @@ -40,7 +40,7 @@ .SH "Building" There are many different ways to build C programs. This chapter will assume a -UNIX-style build process. If you use a different build system, you can still +Unix style build process. If you use a different build system, you can still read this to get general information that may apply to your environment as well. .IP "Compiling the Program" @@ -137,15 +137,17 @@ struct, your program can figure out exactly what the currently running libcurl supports. -.SH "Handle the Easy libcurl" +.SH "Two Interfaces" libcurl first introduced the so called easy interface. All operations in the -easy interface are prefixed with 'curl_easy'. - -Recent libcurl versions also offer the multi interface. More about that -interface, what it is targeted for and how to use it is detailed in a separate -chapter further down. You still need to understand the easy interface first, -so please continue reading for better understanding. +easy interface are prefixed with 'curl_easy'. The easy interface lets you do +single transfers with a synchronous and blocking function call. +libcurl also offers another interface that allows multiple simultaneous +transfers in a single thread, the so called multi interface. More about that +interface is detailed in a separate chapter further down. You still need to +understand the easy interface first, so please continue reading for better +understanding. +.SH "Handle the Easy libcurl" To use the easy interface, you must first create yourself an easy handle. You need one handle for each easy session you want to perform. Basically, you should use one handle for every thread you plan to use for transferring. You @@ -162,13 +164,18 @@ You set properties and options for this handle using \fIcurl_easy_setopt(3)\fP. They control how the subsequent transfer or transfers will be made. Options remain set in the handle until set again to -something different. Alas, multiple requests using the same handle will use -the same options. +something different. They are sticky. Multiple requests using the same handle +will use the same options. + +If you at any point would like to blank all previously set options for a +single easy handle, you can call \fIcurl_easy_reset(3)\fP and you can also +make a clone of an easy handle (with all its set options) using +\fIcurl_easy_duphandle(3)\fP. Many of the options you set in libcurl are "strings", pointers to data terminated with a zero byte. When you set strings with -\fIcurl_easy_setopt(3)\fP, libcurl makes its own copy so that they don't -need to be kept around in your application after being set[4]. +\fIcurl_easy_setopt(3)\fP, libcurl makes its own copy so that they don't need +to be kept around in your application after being set[4]. One of the most basic properties to set in the handle is the URL. You set your preferred URL to transfer with \fICURLOPT_URL(3)\fP in a manner similar to: @@ -257,7 +264,7 @@ libcurl is completely thread safe, except for two issues: signals and SSL/TLS handlers. Signals are used for timing out name resolves (during DNS lookup) - -when built without c-ares support and not on Windows. +when built without using either the c-ares or threaded resolver backends. If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are then of course using the underlying SSL library multi-threaded and those libs @@ -271,7 +278,7 @@ GnuTLS - http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html + http://gnutls.org/manual/html_node/Thread-safety.html NSS @@ -405,7 +412,7 @@ curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD, "myname:thesecret"); -There's a long time UNIX "standard" way of storing ftp user names and +There's a long time Unix "standard" way of storing FTP user names and passwords, namely in the $HOME/.netrc file. The file should be made private so that only the user may read it (see also the "Security Considerations" chapter), as it might contain the password in plain text. libcurl has the @@ -1122,9 +1129,9 @@ Basic uses base64 encoded passwords fool you. They may not look readable at a first glance, but they very easily "deciphered" by anyone within seconds. -To avoid this problem, use HTTP authentication methods or other protocols that -don't let snoopers see your password: HTTP with Digest, NTLM or GSS -authentication, HTTPS, FTPS, SCP, SFTP and FTP-Kerberos are a few examples. +To avoid this problem, use an authentication mechanism or other protocol that +doesn't let snoopers see your password: Digest, CRAM-MD5, Kerberos, SPNEGO or +NTLM authentication, HTTPS, FTPS, SCP and SFTP are a few examples. .IP "Redirects" The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP @@ -1295,39 +1302,44 @@ can just edit out the sensitive data or just search/replace your true information with faked data. -.SH "Multiple Transfers Using the multi Interface" - +.SH "The multi Interface" The easy interface as described in detail in this document is a synchronous interface that transfers one file at a time and doesn't return until it is done. The multi interface, on the other hand, allows your program to transfer -multiple files in both directions at the same time, without forcing you -to use multiple threads. The name might make it seem that the multi -interface is for multi-threaded programs, but the truth is almost the -reverse. The multi interface can allow a single-threaded application -to perform the same kinds of multiple, simultaneous transfers that -multi-threaded programs can perform. It allows many of the benefits -of multi-threaded transfers without the complexity of managing and -synchronizing many threads. +multiple files in both directions at the same time, without forcing you to use +multiple threads. The name might make it seem that the multi interface is for +multi-threaded programs, but the truth is almost the reverse. The multi +interface allows a single-threaded application to perform the same kinds of +multiple, simultaneous transfers that multi-threaded programs can perform. It +allows many of the benefits of multi-threaded transfers without the complexity +of managing and synchronizing many threads. + +To complicate matters somewhat more, there are even two versions of the multi +interface. The event based one, also called multi_socket and the "normal one" +designed for using with select(). See the libcurl-multi.3 man page for details +on the multi_socket event based API, this description here is for the select() +oriented one. To use this interface, you are better off if you first understand the basics of how to use the easy interface. The multi interface is simply a way to make multiple transfers at the same time by adding up multiple easy handles into a "multi stack". -You create the easy handles you want and you set all the options just like you -have been told above, and then you create a multi handle with -\fIcurl_multi_init(3)\fP and add all those easy handles to that multi handle -with \fIcurl_multi_add_handle(3)\fP. +You create the easy handles you want, one for each concurrent transfer, and +you set all the options just like you learned above, and then you create a +multi handle with \fIcurl_multi_init(3)\fP and add all those easy handles to +that multi handle with \fIcurl_multi_add_handle(3)\fP. When you've added the handles you have for the moment (you can still add new ones at any time), you start the transfers by calling \fIcurl_multi_perform(3)\fP. -\fIcurl_multi_perform(3)\fP is asynchronous. It will only execute as little as -possible and then return back control to your program. It is designed to never -block. +\fIcurl_multi_perform(3)\fP is asynchronous. It will only perform what can be +done now and then return back control to your program. It is designed to never +block. You need to keep calling the function until all transfers are +completed. The best usage of this interface is when you do a select() on all possible file descriptors or sockets to know when to call libcurl again. This also @@ -1340,11 +1352,12 @@ action and you then call \fIcurl_multi_perform(3)\fP to allow libcurl to do what it wants to do. Take note that libcurl does also feature some time-out code so we advise you to never use very long timeouts on select() before you -call \fIcurl_multi_perform(3)\fP, which thus should be called unconditionally -every now and then even if none of its file descriptors have signaled -ready. Another precaution you should use: always call -\fIcurl_multi_fdset(3)\fP immediately before the select() call since the -current set of file descriptors may change when calling a curl function. +call \fIcurl_multi_perform(3)\fP again. \fIcurl_multi_timeout(3)\fP is +provided to help you get a suitable timeout period. + +Another precaution you should use: always call \fIcurl_multi_fdset(3)\fP +immediately before the select() call since the current set of file descriptors +may change in any curl function invoke. If you want to stop the transfer of one of the easy handles in the stack, you can use \fIcurl_multi_remove_handle(3)\fP to remove individual easy @@ -1389,9 +1402,11 @@ DLL. However, you can still do this on Windows if you link with a static library. .IP "[3]" -The curl-config tool is generated at build-time (on UNIX-like systems) and +The curl-config tool is generated at build-time (on Unix-like systems) and should be installed with the 'make install' or similar instruction that installs the library, header files, man pages etc. .IP "[4]" This behavior was different in versions before 7.17.0, where strings had to remain valid past the end of the \fIcurl_easy_setopt(3)\fP call. +.SH "SEE ALSO" +.BR libcurl-errors "(3), " libcurl-multi "(3), " libcurl-easy "(3) " diff -Nru curl-7.38.0/docs/libcurl/libcurl-tutorial.html curl-7.43.0/docs/libcurl/libcurl-tutorial.html --- curl-7.38.0/docs/libcurl/libcurl-tutorial.html 2014-09-10 06:03:43.000000000 +0000 +++ curl-7.43.0/docs/libcurl/libcurl-tutorial.html 2015-06-17 05:56:24.000000000 +0000 @@ -4,15 +4,20 @@ libcurl-tutorial man page + + +

NAME

+

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - chunk length threshold for pipelining

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, long size);

DESCRIPTION

+

Pass a long with a size in bytes. If a pipelined connection is currently processing a chunked (Transfer-encoding: chunked) request with a current chunk length larger than CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, that pipeline will not be considered for additional requests, even if it is shorter than CURLMOPT_MAX_PIPELINE_LENGTH.

DEFAULT

+

The default value is 0, which means that the penalization is inactive.

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PIPELINING, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_MAX_PIPELINE_LENGTH,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,47 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 3 "4 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE \- size threshold for pipelining penalty +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, long size); +.SH DESCRIPTION +Pass a long with a \fBsize\fP in bytes. If a pipelined connection is currently +processing a request with a Content-Length larger than this +\fICURLMOPT_CONTENT_LENGTH_PENALTY_SIZE(3)\fP, that pipeline will then not be +considered for additional requests, even if it is shorter than +\fICURLMOPT_MAX_PIPELINE_LENGTH(3)\fP. +.SH DEFAULT +The default value is 0, which means that the size penalization is inactive. +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,65 @@ + + +CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE man page + + + + +

NAME

+

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - size threshold for pipelining penalty

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, long size);

DESCRIPTION

+

Pass a long with a size in bytes. If a pipelined connection is currently processing a request with a Content-Length larger than this CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, that pipeline will then not be considered for additional requests, even if it is shorter than CURLMOPT_MAX_PIPELINE_LENGTH.

DEFAULT

+

The default value is 0, which means that the size penalization is inactive.

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PIPELINING, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,62 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_MAXCONNECTS 3 "17 Jun 2014" "libcurl 7.37.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_MAXCONNECTS \- set size of connection cache +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAXCONNECTS, long max); +.SH DESCRIPTION +Pass a long indicating the \fBmax\fP. The set number will be used as the +maximum amount of simultaneously open connections that libcurl may keep in its +connection cache after completed use. By default libcurl will enlarge the size +for each added easy handle to make it fit 4 times the number of added easy +handles. + +By setting this option, you can prevent the cache size from growing beyond the +limit set by you. + +When the cache is full, curl closes the oldest one in the cache to prevent the +number of open connections from increasing. + +This option is for the multi handle's use only, when using the easy interface +you should instead use the \fICURLOPT_MAXCONNECTS(3)\fP option. + +See \fICURLMOPT_MAX_TOTAL_CONNECTIONS(3)\fP for limiting the number of active +connections. + +.SH DEFAULT +See DESCRIPTION +.SH PROTOCOLS +All +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.16.3 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_MAX_HOST_CONNECTIONS "(3), " +.BR CURLOPT_MAXCONNECTS "(3), " + diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,71 @@ + + +CURLMOPT_MAXCONNECTS man page + + + + +

NAME

+

CURLMOPT_MAXCONNECTS - set size of connection cache

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAXCONNECTS, long max);

DESCRIPTION

+

Pass a long indicating the max. The set number will be used as the maximum amount of simultaneously open connections that libcurl may keep in its connection cache after completed use. By default libcurl will enlarge the size for each added easy handle to make it fit 4 times the number of added easy handles. +

By setting this option, you can prevent the cache size from growing beyond the limit set by you. +

When the cache is full, curl closes the oldest one in the cache to prevent the number of open connections from increasing. +

This option is for the multi handle's use only, when using the easy interface you should instead use the CURLOPT_MAXCONNECTS option. +

See CURLMOPT_MAX_TOTAL_CONNECTIONS for limiting the number of active connections. +

DEFAULT

+

See DESCRIPTION

PROTOCOLS

+

All

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.16.3

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_MAX_HOST_CONNECTIONS, CURLOPT_MAXCONNECTS, +

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,58 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_MAX_HOST_CONNECTIONS 3 "17 Jun 2014" "libcurl 7.37.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_MAX_HOST_CONNECTIONS \- set max number of connections to a single host +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_HOST_CONNECTIONS, long max); +.SH DESCRIPTION +Pass a long to indicate \fBmax\fP. The set number will be used as the maximum +amount of simultaneously open connections to a single host (a host being the +same as a host name + port number pair). For each new session to a host, +libcurl will open a new connection up to the limit set by +\fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP. When the limit is reached, the +sessions will be pending until a connection becomes available. If +\fICURLMOPT_PIPELINING(3)\fP is enabled, libcurl will try to pipeline if the +host is capable of it. + +The default \fBmax\fP value is 0, unlimited. However, for backwards +compatibility, setting it to 0 when \fICURLMOPT_PIPELINING(3)\fP is 1 will not +be treated as unlimited. Instead it will open only 1 connection and try to +pipeline on it. + +This set limit is also used for proxy connections, and then the proxy is +considered to be the host for which this limit counts. +.SH DEFAULT +0 +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_MAXCONNECTS "(3), " CURLMOPT_MAX_TOTAL_CONNECTIONS "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,67 @@ + + +CURLMOPT_MAX_HOST_CONNECTIONS man page + + + + +

NAME

+

CURLMOPT_MAX_HOST_CONNECTIONS - set max number of connections to a single host

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_HOST_CONNECTIONS, long max);

DESCRIPTION

+

Pass a long to indicate max. The set number will be used as the maximum amount of simultaneously open connections to a single host (a host being the same as a host name + port number pair). For each new session to a host, libcurl will open a new connection up to the limit set by CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will be pending until a connection becomes available. If CURLMOPT_PIPELINING is enabled, libcurl will try to pipeline if the host is capable of it. +

The default max value is 0, unlimited. However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING is 1 will not be treated as unlimited. Instead it will open only 1 connection and try to pipeline on it. +

This set limit is also used for proxy connections, and then the proxy is considered to be the host for which this limit counts.

DEFAULT

+

0

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_MAXCONNECTS, CURLMOPT_MAX_TOTAL_CONNECTIONS,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,51 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_MAX_PIPELINE_LENGTH 3 "4 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_MAX_PIPELINE_LENGTH \- maximum number of requests in a pipeline +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_PIPELINE_LENGTH, long max); +.SH DESCRIPTION +Pass a long. The set \fBmax\fP number will be used as the maximum amount of +outstanding requests in a pipelined connection. Only used if pipelining is +enabled. + +When this limit is reached, libcurl will use another connection to the same +host (see \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP), or queue the request until +one of the pipelines to the host is ready to accept a request. Thus, the +total number of requests in-flight is \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP * +\fICURLMOPT_MAX_PIPELINE_LENGTH(3)\fP. +.SH DEFAULT +5 +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,66 @@ + + +CURLMOPT_MAX_PIPELINE_LENGTH man page + + + + +

NAME

+

CURLMOPT_MAX_PIPELINE_LENGTH - maximum number of requests in a pipeline

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_PIPELINE_LENGTH, long max);

DESCRIPTION

+

Pass a long. The set max number will be used as the maximum amount of outstanding requests in a pipelined connection. Only used if pipelining is enabled. +

When this limit is reached, libcurl will use another connection to the same host (see CURLMOPT_MAX_HOST_CONNECTIONS), or queue the request until one of the pipelines to the host is ready to accept a request. Thus, the total number of requests in-flight is CURLMOPT_MAX_HOST_CONNECTIONS * CURLMOPT_MAX_PIPELINE_LENGTH.

DEFAULT

+

5

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PIPELINING, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.pdf 2015-06-17 05:56:57.000000000 +0000 @@ -0,0 +1,111 @@ +%PDF-1.4 +%쏢 +5 0 obj +<> +stream +xVnF}W ЇRhQ@qX M Bł[$#).V`3g9G?gVj.7{Qc7 xN0p p}x>$U,Y]O>fYN`ѻjȦ׳n[ʮhUE8ן{mLz|G|[3HBM&%8@}f?,1~xvO>#BMӛ $|Ϙ1b?hND3kŷ(C5 WɕuWBkyɱ#dKħJJ5duULOga|{ǒ={ٞd-_D f:}s86S/nNLiDk;dSKLJ^ GqL'M 7s-c> +/Contents 5 0 R +>> +endobj +3 0 obj +<< /Type /Pages /Kids [ +4 0 R +] /Count 1 +>> +endobj +1 0 obj +<> +endobj +7 0 obj +<>endobj +11 0 obj +<> +endobj +12 0 obj +<> +endobj +10 0 obj +<> +endobj +9 0 obj +<> +endobj +8 0 obj +<> +endobj +13 0 obj +<> +endobj +14 0 obj +<>stream + + + + + +2015-06-17T07:56:57+02:00 +2015-06-17T07:56:57+02:00 +groff version 1.22.3 + +Untitled + + + + + +endstream +endobj +2 0 obj +<>endobj +xref +0 15 +0000000000 65535 f +0000001425 00000 n +0000003315 00000 n +0000001366 00000 n +0000001206 00000 n +0000000015 00000 n +0000001186 00000 n +0000001490 00000 n +0000001744 00000 n +0000001679 00000 n +0000001611 00000 n +0000001531 00000 n +0000001561 00000 n +0000001826 00000 n +0000001892 00000 n +trailer +<< /Size 15 /Root 1 0 R /Info 2 0 R +/ID [] +>> +startxref +3469 +%%EOF diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,50 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_MAX_TOTAL_CONNECTIONS 3 "4 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_MAX_TOTAL_CONNECTIONS \- max simultaneously open connections +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_TOTAL_CONNECTIONS, long amount); +.SH DESCRIPTION +Pass a long for the \fBamount\fP. The set number will be used as the maximum +number of simultaneously open connections in total using this multi +handle. For each new session, libcurl will open a new connection up to the +limit set by \fICURLMOPT_MAX_TOTAL_CONNECTIONS(3)\fP. When the limit is +reached, the sessions will be pending until there are available +connections. If \fICURLMOPT_PIPELINING(3)\fP is enabled, libcurl will try to +pipeline if the host is capable of it. +.SH DEFAULT +The default value is 0, which means that there is no limit. It is then simply +controlled by the number of easy handles added. +.SH PROTOCOLS +All +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_MAXCONNECTS "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,65 @@ + + +CURLMOPT_MAX_TOTAL_CONNECTIONS man page + + + + +

NAME

+

CURLMOPT_MAX_TOTAL_CONNECTIONS - max simultaneously open connections

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_TOTAL_CONNECTIONS, long amount);

DESCRIPTION

+

Pass a long for the amount. The set number will be used as the maximum number of simultaneously open connections in total using this multi handle. For each new session, libcurl will open a new connection up to the limit set by CURLMOPT_MAX_TOTAL_CONNECTIONS. When the limit is reached, the sessions will be pending until there are available connections. If CURLMOPT_PIPELINING is enabled, libcurl will try to pipeline if the host is capable of it.

DEFAULT

+

The default value is 0, which means that there is no limit. It is then simply controlled by the number of easy handles added.

PROTOCOLS

+

All

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_MAXCONNECTS, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,68 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_PIPELINING 3 "17 Jun 2014" "libcurl 7.37.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_PIPELINING \- enable/disable HTTP pipelining +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, long bits); +.SH DESCRIPTION +Set the \fBbits\fP parameter to 1 to make libcurl use HTTP pipelining for +HTTP/1.1 transfers done using this multi handle, as far as possible. This +means that if you add a second request that can use an already existing +connection, the second request will be \&"piped" on the same connection rather +than being executed in parallel. + +When using pipelining, there are also several other related options that are +interesting to tweak and adjust to alter how libcurl spreads out requests on +different connections or not etc. + +Starting in 7.43.0, the \fBbits\fP parameter's bit 1 also has a meaning and +libcurl is now offering symbol names for the bits: +.IP CURLPIPE_NOTHING (0) +Default, which means doing no attempts at pipelining or multiplexing. +.IP CURLPIPE_HTTP1 (1) +If this bit is set, libcurl will try to pipeline HTTP/1.1 requests on +connections that are already established and in use to hosts. +.IP CURLPIPE_MULTIPLEX (2) +If this bit is set, libcurl will try to multiplex the new transfer over an +existing connection if possible. This requires HTTP/2. +.SH DEFAULT +0 (off) +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.16.0. Multiplex support bit added in 7.43.0. +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_MAX_PIPELINE_LENGTH "(3), " +.BR CURLMOPT_PIPELINING_SITE_BL "(3), " +.BR CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE "(3), " +.BR CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE "(3), " +.BR CURLMOPT_MAX_HOST_CONNECTIONS "(3), " +.BR CURLMOPT_MAXCONNECTS "(3), " +.BR CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,73 @@ + + +CURLMOPT_PIPELINING man page + + + + +

NAME

+

CURLMOPT_PIPELINING - enable/disable HTTP pipelining

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, long bits);

DESCRIPTION

+

Set the bits parameter to 1 to make libcurl use HTTP pipelining for HTTP/1.1 transfers done using this multi handle, as far as possible. This means that if you add a second request that can use an already existing connection, the second request will be "piped" on the same connection rather than being executed in parallel. +

When using pipelining, there are also several other related options that are interesting to tweak and adjust to alter how libcurl spreads out requests on different connections or not etc. +

Starting in 7.43.0, the bits parameter's bit 1 also has a meaning and libcurl is now offering symbol names for the bits: +

CURLPIPE_NOTHING (0) +

Default, which means doing no attempts at pipelining or multiplexing. +

CURLPIPE_HTTP1 (1) +

If this bit is set, libcurl will try to pipeline HTTP/1.1 requests on connections that are already established and in use to hosts. +

CURLPIPE_MULTIPLEX (2) +

If this bit is set, libcurl will try to multiplex the new transfer over an existing connection if possible. This requires HTTP/2.

DEFAULT

+

0 (off)

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.16.0. Multiplex support bit added in 7.43.0.

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_PIPELINING_SITE_BL, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAXCONNECTS, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,60 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_PIPELINING_SERVER_BL 3 "4 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_PIPELINING_SERVER_BL \- pipelining server blacklist +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SERVER_BL, char **servers); +.SH DESCRIPTION +Pass a \fBservers\fP array of char *, ending with a NULL entry. This is a list +of server types prefixes (in the Server: HTTP header) that are blacklisted +from pipelining, i.e server types that are known to not support HTTP +pipelining. The array is copied by libcurl. + +Note that the comparison matches if the Server: header begins with the string +in the blacklist, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can +both be blacklisted by having "Ninja" in the backlist. + +Pass a NULL pointer to clear the blacklist. +.SH DEFAULT +The default value is NULL, which means that there is no blacklist. +.SH PROTOCOLS +.SH EXAMPLE +.nf + server_blacklist[] = + { + "Microsoft-IIS/6.0", + "nginx/0.8.54", + NULL + }; + + curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_blacklist); +.fi +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_PIPELINING_SITE_BL "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,78 @@ + + +CURLMOPT_PIPELINING_SERVER_BL man page + + + + +

NAME

+

CURLMOPT_PIPELINING_SERVER_BL - pipelining server blacklist

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SERVER_BL, char **servers);

DESCRIPTION

+

Pass a servers array of char *, ending with a NULL entry. This is a list of server types prefixes (in the Server: HTTP header) that are blacklisted from pipelining, i.e server types that are known to not support HTTP pipelining. The array is copied by libcurl. +

Note that the comparison matches if the Server: header begins with the string in the blacklist, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can both be blacklisted by having "Ninja" in the backlist. +

Pass a NULL pointer to clear the blacklist.

DEFAULT

+

The default value is NULL, which means that there is no blacklist.

PROTOCOLS

+

EXAMPLE

+

+  server_blacklist[] =
+  {
+    "Microsoft-IIS/6.0",
+    "nginx/0.8.54",
+    NULL
+  };
+ 
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_blacklist);
+
+ +

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PIPELINING, CURLMOPT_PIPELINING_SITE_BL,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,56 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_PIPELINING_SITE_BL 3 "4 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_PIPELINING_SITE_BL \- pipelining host blacklist +.SH SYNOPSIS +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SITE_BL, char **hosts); +.SH DESCRIPTION +Pass a \fBhosts\fP array of char *, ending with a NULL entry. This is a list +of sites that are blacklisted from pipelining, i.e sites that are known to not +support HTTP pipelining. The array is copied by libcurl. + +Pass a NULL pointer to clear the blacklist. +.SH DEFAULT +The default value is NULL, which means that there is no blacklist. +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +.nf + site_blacklist[] = + { + "www.haxx.se", + "www.example.com:1234", + NULL + }; + + curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_blacklist); +.fi +.SH AVAILABILITY +Added in 7.30.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_PIPELINING_SERVER_BL "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,77 @@ + + +CURLMOPT_PIPELINING_SITE_BL man page + + + + +

NAME

+

CURLMOPT_PIPELINING_SITE_BL - pipelining host blacklist

SYNOPSIS

+

#include <curl/curl.h> +

CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SITE_BL, char **hosts);

DESCRIPTION

+

Pass a hosts array of char *, ending with a NULL entry. This is a list of sites that are blacklisted from pipelining, i.e sites that are known to not support HTTP pipelining. The array is copied by libcurl. +

Pass a NULL pointer to clear the blacklist.

DEFAULT

+

The default value is NULL, which means that there is no blacklist.

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

+  site_blacklist[] =
+  {
+    "www.haxx.se",
+    "www.example.com:1234",
+    NULL
+  };
+ 
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_blacklist);
+
+ +

AVAILABILITY

+

Added in 7.30.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PIPELINING, CURLMOPT_PIPELINING_SERVER_BL,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,49 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_SOCKETDATA 3 "3 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_SOCKETDATA \- custom pointer passed to the socket callback +.SH SYNOPSIS +.nf +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETDATA, void *pointer); +.SH DESCRIPTION +A data \fIpointer\fP to pass to the socket callback set with the +\fICURLMOPT_SOCKETFUNCTION(3)\fP option. + +This pointer will not be touched by libcurl but will only be passed in to the +socket callbacks's \fBuserp\fP argument. +.SH DEFAULT +NULL +.SH PROTOCOLS +All +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.15.4 +.SH RETURN VALUE +Returns CURLM_OK. +.SH "SEE ALSO" +.BR CURLMOPT_SOCKETFUNCTION "(3), " curl_multi_socket_action "(3), " +.BR CURLMOPT_TIMERFUNCTION "(3) " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,70 @@ + + +CURLMOPT_SOCKETDATA man page + + + + +

NAME

+

CURLMOPT_SOCKETDATA - custom pointer passed to the socket callback

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETDATA, void *pointer);
+
+

DESCRIPTION

+

A data pointer to pass to the socket callback set with the CURLMOPT_SOCKETFUNCTION option. +

This pointer will not be touched by libcurl but will only be passed in to the socket callbacks's userp argument.

DEFAULT

+

NULL

PROTOCOLS

+

All

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.15.4

RETURN VALUE

+

Returns CURLM_OK.

SEE ALSO

+

CURLMOPT_SOCKETFUNCTION, curl_multi_socket_action (3) CURLMOPT_TIMERFUNCTION,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETDATA.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,62 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_SOCKETFUNCTION 3 "3 Nov 2014" "libcurl 7.39.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_SOCKETFUNCTION \- callback informed about what to wait for +.SH SYNOPSIS +.nf +#include + +int socket_callback(CURL *easy, /* easy handle */ + curl_socket_t s, /* socket */ + int what, /* see above */ + void *userp, /* private callback pointer */ + void *socketp); /* private socket pointer */ + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callback); +.SH DESCRIPTION +Pass a pointer to your callback function, which should match the prototype +shown above. + +When the \fIcurl_multi_socket_action(3)\fP function runs, it informs the +application about updates in the socket (file descriptor) status by doing +none, one, or multiple calls to the \fBsocket_callback\fP. The callback gets +status updates with changes since the previous time the callback was called. +If the given callback pointer is NULL, no callback will be called. Set the +callback's \fBuserp\fP argument with \fICURLMOPT_SOCKETDATA(3)\fP. See +\fIcurl_multi_socket_action(3)\fP for more details on how the callback is used +and should work. +.SH DEFAULT +NULL (no callback) +.SH PROTOCOLS +All +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.15.4 +.SH RETURN VALUE +Returns CURLM_OK. +.SH "SEE ALSO" +.BR CURLMOPT_SOCKETDATA "(3), " curl_multi_socket_action "(3), " +.BR CURLMOPT_TIMERFUNCTION "(3) " + diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,77 @@ + + +CURLMOPT_SOCKETFUNCTION man page + + + + +

NAME

+

CURLMOPT_SOCKETFUNCTION - callback informed about what to wait for

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+int socket_callback(CURL *easy,      /* easy handle */
+                    curl_socket_t s, /* socket */
+                    int what,        /* see above */
+                    void *userp,     /* private callback pointer */
+                    void *socketp);  /* private socket pointer */
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callback);
+
+

DESCRIPTION

+

Pass a pointer to your callback function, which should match the prototype shown above. +

When the curl_multi_socket_action(3) function runs, it informs the application about updates in the socket (file descriptor) status by doing none, one, or multiple calls to the socket_callback. The callback gets status updates with changes since the previous time the callback was called. If the given callback pointer is NULL, no callback will be called. Set the callback's userp argument with CURLMOPT_SOCKETDATA. See curl_multi_socket_action(3) for more details on how the callback is used and should work.

DEFAULT

+

NULL (no callback)

PROTOCOLS

+

All

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.15.4

RETURN VALUE

+

Returns CURLM_OK.

SEE ALSO

+

CURLMOPT_SOCKETDATA, curl_multi_socket_action (3) CURLMOPT_TIMERFUNCTION, +

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,48 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_TIMERDATA 3 "17 Jun 2014" "libcurl 7.37.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_TIMERDATA \- custom pointer to pass to timer callback +.SH SYNOPSIS +.nf +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERDATA, void *pointer); +.SH DESCRIPTION +A data \fBpointer\fP to pass to the timer callback set with the +\fICURLMOPT_TIMERFUNCTION(3)\fP option. + +This pointer will not be touched by libcurl but will only be passed in to the +timer callbacks's \fBuserp\fP argument. +.SH DEFAULT +NULL +.SH PROTOCOLS +All +.SH EXAMPLE +TODO +.SH AVAILABILITY +Added in 7.16.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_TIMERFUNCTION "(3), " CURLMOPT_SOCKETFUNCTION "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,70 @@ + + +CURLMOPT_TIMERDATA man page + + + + +

NAME

+

CURLMOPT_TIMERDATA - custom pointer to pass to timer callback

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERDATA, void *pointer);
+
+

DESCRIPTION

+

A data pointer to pass to the timer callback set with the CURLMOPT_TIMERFUNCTION option. +

This pointer will not be touched by libcurl but will only be passed in to the timer callbacks's userp argument.

DEFAULT

+

NULL

PROTOCOLS

+

All

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.16.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_TIMERFUNCTION, CURLMOPT_SOCKETFUNCTION,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERDATA.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 2015-06-03 07:38:20.000000000 +0000 @@ -0,0 +1,101 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_TIMERFUNCTION 3 "17 Jun 2014" "libcurl 7.37.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_TIMERFUNCTION \- set callback to receive timeout values +.SH SYNOPSIS +.nf +#include + +int timer_callback(CURLM *multi, /* multi handle */ + long timeout_ms, /* see above */ + void *userp); /* private callback pointer */ + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callback); +.SH DESCRIPTION +Pass a pointer to your callback function, which should match the prototype +shown above. + +Certain features, such as timeouts and retries, require you to call libcurl +even when there is no activity on the file descriptors. + +Your callback function \fBtimer_callback\fP should install a non-repeating +timer with an interval of \fBtimeout_ms\fP. Each time that timer fires, call +either \fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP, +depending on which interface you use. + +A \fBtimeout_ms\fP value of -1 means you should delete your timer. + +A \fBtimeout_ms\fP value of 0 means you should call +\fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP (once) as soon +as possible. + +\fBtimer_callback\fP will only be called when the \fBtimeout_ms\fP changes. + +The \fBuserp\fP pointer is set with \fICURLMOPT_TIMERDATA(3)\fP. + +The timer callback should return 0 on success, and -1 on error. This callback +can be used instead of, or in addition to, \fIcurl_multi_timeout(3)\fP. +.SH DEFAULT +NULL +.SH PROTOCOLS +All +.SH EXAMPLE +.nf +static gboolean timeout_cb(gpointer user_data) { + if (user_data) { + g_free(user_data); + curl_multi_setopt(curl_handle, CURLMOPT_TIMERDATA, NULL); + } + int running; + curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0, &running); + return G_SOURCE_REMOVE; +} + +static int timerfunc(CURLM *multi, long timeout_ms, void *userp) { + guint *id = userp; + + if (id) + g_source_remove(*id); + + // -1 means we should just delete our timer. + if (timeout_ms == -1) { + g_free(id); + id = NULL; + } else { + if (!id) + id = g_new(guint, 1); + *id = g_timeout_add(timeout_ms, timeout_cb, id); + } + curl_multi_setopt(multi, CURLMOPT_TIMERDATA, id); + return 0; +} + +curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc); +.fi +.SH AVAILABILITY +Added in 7.16.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_TIMERDATA "(3), " CURLMOPT_SOCKETFUNCTION "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html --- curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,113 @@ + + +CURLMOPT_TIMERFUNCTION man page + + + + +

NAME

+

CURLMOPT_TIMERFUNCTION - set callback to receive timeout values

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+int timer_callback(CURLM *multi,    /* multi handle */
+                   long timeout_ms, /* see above */
+                   void *userp);    /* private callback pointer */
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callback);
+
+

DESCRIPTION

+

Pass a pointer to your callback function, which should match the prototype shown above. +

Certain features, such as timeouts and retries, require you to call libcurl even when there is no activity on the file descriptors. +

Your callback function timer_callback should install a non-repeating timer with an interval of timeout_ms. Each time that timer fires, call either curl_multi_socket_action(3) or curl_multi_perform(3), depending on which interface you use. +

A timeout_ms value of -1 means you should delete your timer. +

A timeout_ms value of 0 means you should call curl_multi_socket_action(3) or curl_multi_perform(3) (once) as soon as possible. +

timer_callback will only be called when the timeout_ms changes. +

The userp pointer is set with CURLMOPT_TIMERDATA. +

The timer callback should return 0 on success, and -1 on error. This callback can be used instead of, or in addition to, curl_multi_timeout(3).

DEFAULT

+

NULL

PROTOCOLS

+

All

EXAMPLE

+

+static gboolean timeout_cb(gpointer user_data) {
+    if (user_data) {
+        g_free(user_data);
+        curl_multi_setopt(curl_handle, CURLMOPT_TIMERDATA, NULL);
+    }
+    int running;
+    curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0, &running);
+    return G_SOURCE_REMOVE;
+}
+ 
+static int timerfunc(CURLM *multi, long timeout_ms, void *userp) {
+    guint *id = userp;
+ 
+    if (id)
+        g_source_remove(*id);
+ 
+    // -1 means we should just delete our timer.
+    if (timeout_ms == -1) {
+        g_free(id);
+        id = NULL;
+    } else {
+        if (!id)
+            id = g_new(guint, 1);
+        *id = g_timeout_add(timeout_ms, timeout_cb, id);
+    }
+    curl_multi_setopt(multi, CURLMOPT_TIMERDATA, id);
+    return 0;
+}
+ 
+curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc);
+
+ +

AVAILABILITY

+

Added in 7.16.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_TIMERDATA, CURLMOPT_SOCKETFUNCTION,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 --- curl-7.38.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 2014-08-25 21:45:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 2015-06-03 07:38:20.000000000 +0000 @@ -60,3 +60,4 @@ CURLE_OUT_OF_MEMORY if there was insufficient heap space. .SH "SEE ALSO" .BR CURLOPT_TRANSFER_ENCODING "(3), " CURLOPT_HTTPHEADER "(3), " +.BR CURLOPT_HTTP_CONTENT_DECODING "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.html curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.html 2014-09-10 06:03:43.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.html 2015-06-17 05:56:24.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_ACCEPT_ENCODING man page + + +

NAME

+

CURLOPT_PATH_AS_IS - do not handle dot dot sequences

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);

DESCRIPTION

+

By setting the long leavit to 1, to explicitly tell libcurl to not alter the given path before passing it on to the server. +

This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist in the URL's path part and that is supposed to be removed according to RFC 3986 section 5.2.4. +

Some server implementations are known to (erroneously) require the dot dot sequences to remain in the path and some clients want to pass these on in order to try out server implementations. +

By default libcurl will merge such sequences before using the path.

DEFAULT

+

0

PROTOCOLS

+

All

EXAMPLE

+

+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password");
+ 
+  curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L);
+ 
+  curl_easy_perform(curl);
+}
+
+ +

AVAILABILITY

+

Aded in 7.42.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_STDERR, CURLOPT_DEBUGFUNCTION,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,76 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PINNEDPUBLICKEY \- set pinned public key +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey); +.SH DESCRIPTION +Pass a pointer to a zero terminated string as parameter. The string should be +the file name of your pinned public key. The format expected is "PEM" or "DER". + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. +.SH DEFAULT +NULL +.SH PROTOCOLS +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. +.SH EXAMPLE +.nf +CURL *curl = curl_easy_init(); +if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der"); + + /* Perform the request */ + curl_easy_perform(curl); +} +.fi +.SH PUBLIC KEY EXTRACTION +If you do not have the server's public key file you can extract it from the +server's certificate. +.nf +openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem +.fi +The public key is output in PEM format and contains a header, base64 data and a +footer: +.nf +-----BEGIN PUBLIC KEY----- +[BASE 64 DATA] +-----END PUBLIC KEY----- +.fi +.SH AVAILABILITY +Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for +NSS and wolfSSL/CyaSSL. Other SSL backends not supported. +.SH RETURN VALUE +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. +.SH "SEE ALSO" +.BR CURLOPT_SSL_VERIFYPEER "(3), " +.BR CURLOPT_SSL_VERIFYHOST "(3), " +.BR CURLOPT_CAINFO "(3), " +.BR CURLOPT_CAPATH "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html 2015-06-17 05:56:25.000000000 +0000 @@ -0,0 +1,88 @@ + + +CURLOPT_PINNEDPUBLICKEY man page + + + + +

NAME

+

CURLOPT_PINNEDPUBLICKEY - set pinned public key

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);

DESCRIPTION

+

Pass a pointer to a zero terminated string as parameter. The string should be the file name of your pinned public key. The format expected is "PEM" or "DER". +

When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data.

DEFAULT

+

NULL

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+  curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
+ 
+  /* Perform the request */
+  curl_easy_perform(curl);
+}
+
+ +

PUBLIC KEY EXTRACTION

+

If you do not have the server's public key file you can extract it from the server's certificate. 

+openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
+
+ +

The public key is output in PEM format and contains a header, base64 data and a footer: 

+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+
+ +

AVAILABILITY

+

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. Other SSL backends not supported.

RETURN VALUE

+

Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST, CURLOPT_CAINFO, CURLOPT_CAPATH,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 2015-06-11 17:50:43.000000000 +0000 @@ -0,0 +1,63 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PIPEWAIT 3 "12 May 2015" "libcurl 7.43.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PIPEWAIT \- wait for pipelining/multiplexing +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait); +.SH DESCRIPTION +Set \fIwait\fP to 1L to tell libcurl to prefer to wait for a connection to +confirm or deny that it can do pipelining or multiplexing before continuing. + +When about to perform a new transfer that allows pipelining or multiplexing, +libcurl will check for existing connections to re-use and pipeline on. If no +such connection exists it will immediately continue and create a fresh new +connection to use. + +By setting this option to 1 - and having \fICURLMOPT_PIPELINE\fP enabled for +the multi handle this transfer is associated with - libcurl will instead wait +for the connection to reveal if it is possible to pipeline/multiplex on before +it continues. This enables libcurl to much better keep the number of +connections to a minimum when using pipelining or multiplexing protocols. + +The effect thus becomes that with this option set, libcurl prefers to wait and +re-use an existing connection for pipelining rather than the opposite: prefer +to open a new connection rather than waiting. + +The waiting time is as long as it takes for the connection to get up and for +libcurl to get the necessary response back that informs it about its protocol +and support level. +.SH DEFAULT +0 (off) +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +.SH AVAILABILITY +Added in 7.43.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLOPT_FORBID_REUSE "(3), " CURLOPT_FRESH_CONNECT "(3), " +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.html 2015-06-17 05:56:26.000000000 +0000 @@ -0,0 +1,69 @@ + + +CURLOPT_PIPEWAIT man page + + + + +

NAME

+

CURLOPT_PIPEWAIT - wait for pipelining/multiplexing

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait);

DESCRIPTION

+

Set wait to 1L to tell libcurl to prefer to wait for a connection to confirm or deny that it can do pipelining or multiplexing before continuing. +

When about to perform a new transfer that allows pipelining or multiplexing, libcurl will check for existing connections to re-use and pipeline on. If no such connection exists it will immediately continue and create a fresh new connection to use. +

By setting this option to 1 - and having CURLMOPT_PIPELINE enabled for the multi handle this transfer is associated with - libcurl will instead wait for the connection to reveal if it is possible to pipeline/multiplex on before it continues. This enables libcurl to much better keep the number of connections to a minimum when using pipelining or multiplexing protocols. +

The effect thus becomes that with this option set, libcurl prefers to wait and re-use an existing connection for pipelining rather than the opposite: prefer to open a new connection rather than waiting. +

The waiting time is as long as it takes for the connection to get up and for libcurl to get the necessary response back that informs it about its protocol and support level.

DEFAULT

+

0 (off)

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_FORBID_REUSE, CURLOPT_FRESH_CONNECT, CURLMOPT_PIPELINING, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PORT.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PORT.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PORT.html 2014-09-10 06:03:44.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PORT.html 2015-06-17 05:56:25.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_PORT man page + + +

NAME

+

CURLOPT_PROXY_SERVICE_NAME - proxy service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html 2014-09-10 06:03:44.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html 2015-06-17 05:56:25.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_PROXY_TRANSFER_MODE man page + + +

NAME

+

CURLOPT_SERVICE_NAME - SPNEGO service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_SHARE.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SHARE.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_SHARE.html 2014-09-10 06:03:44.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SHARE.html 2015-06-17 05:56:25.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_SHARE man page + + +

NAME

+

CURLOPT_SSL_FALSESTART - enable TLS false start

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);

DESCRIPTION

+

Pass a long as parameter set to 1 to enable or 0 to disable. +

This option determines whether libcurl should use false start during the TLS handshake. False start is a mode where a TLS client will start sending application data before verifying the server's Finished message, thus saving a round trip when performing a full handshake.

DEFAULT

+

0

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.42.0. This option is currently only supported by the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.

RETURN VALUE

+

Returns CURLE_OK if false start is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLKEY.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLKEY.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLKEY.html 2014-09-10 06:03:45.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLKEY.html 2015-06-17 05:56:26.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_SSLKEY man page + + +

NAME

+

CURLOPT_SSL_VERIFYSTATUS - verify the certificate's status

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYSTATUS, long verify);

DESCRIPTION

+

Pass a long as parameter set to 1 to enable or 0 to disable. +

This option determines whether libcurl verifies the status of the server cert using the "Certificate Status Request" TLS extension (aka. OCSP stapling). +

Note that if this option is enabled but the server does not support the TLS extension, the verification will fail.

DEFAULT

+

0

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.41.0. This option is currently only supported by the OpenSSL, GnuTLS and NSS TLS backends.

RETURN VALUE

+

Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

SEE ALSO

+

CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_VERIFYPEER, CURLOPT_CAINFO,

+ This HTML page was made with roffit. + diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf --- curl-7.38.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf 1970-01-01 00:00:00.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf 2015-06-17 05:56:53.000000000 +0000 @@ -0,0 +1,111 @@ +%PDF-1.4 +%쏢 +5 0 obj +<> +stream +xVnF8X2Vt:5$jT' U=sIVJ%0̹|;,B?}_>6 n*AVp@Ho ?d$!GgiԖVV_߲|f:yÊmuD&ayh6XT/YmT`M@K.f<$"<]?خ9, +y .v *0VnxY+r]e~߃,Xw@x[CufWß$L 3O>dN& +uOH~I@L5잷 + /̮ UGq7HҒ)[(a y 0x;dȯ)D_qJ# ՍzŘ%OxNR M)vTdS`h.Ö7;}|Gۿ[^6"+#kS!X$RƬBo]B. +5\ +7miúBʪfTڤ"r 3CHnP" P$Doj[5nzj0H͎ eG柋&47SDW˓1_Ny+"}*fXb/t!`?ٞ1mbdLBsh3[^Gv`!c\.YuU[>;D^'cqs6oWo๗Ft>vieUDZ 7FF(v>C?>zK;Lt^CEdNA +z%A~ίyOPxd FE%~-eT\%F|q׼\7uۀvg)C1EZb__M~Tv[-EɁU + UDrO8a)*#> Zt(r=)]xq6COqrɌ56^a$Qi\|Ac> I7h> +/Contents 5 0 R +>> +endobj +3 0 obj +<< /Type /Pages /Kids [ +4 0 R +] /Count 1 +>> +endobj +1 0 obj +<> +endobj +7 0 obj +<>endobj +10 0 obj +<> +endobj +11 0 obj +<> +endobj +9 0 obj +<> +endobj +8 0 obj +<> +endobj +12 0 obj +<> +endobj +13 0 obj +<>stream + + + + + +2015-06-17T07:56:53+02:00 +2015-06-17T07:56:53+02:00 +groff version 1.22.3 + +Untitled + + + + + +endstream +endobj +2 0 obj +<>endobj +xref +0 14 +0000000000 65535 f +0000001554 00000 n +0000003365 00000 n +0000001495 00000 n +0000001335 00000 n +0000000015 00000 n +0000001315 00000 n +0000001619 00000 n +0000001794 00000 n +0000001729 00000 n +0000001660 00000 n +0000001690 00000 n +0000001876 00000 n +0000001942 00000 n +trailer +<< /Size 14 /Root 1 0 R /Info 2 0 R +/ID [<19FDECD7795296B5264D49FC0FD23625><19FDECD7795296B5264D49FC0FD23625>] +>> +startxref +3519 +%%EOF diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 --- curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 2014-08-25 21:45:11.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.3 2015-06-03 07:38:20.000000000 +0000 @@ -35,7 +35,7 @@ .RS .IP CURL_SSLVERSION_DEFAULT The default action. This will attempt to figure out the remote SSL protocol -version, i.e. either SSLv3 or TLSv1 +version. .IP CURL_SSLVERSION_TLSv1 TLSv1.x .IP CURL_SSLVERSION_SSLv2 @@ -54,10 +54,25 @@ .SH PROTOCOLS All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. .SH EXAMPLE -TODO +.nf +CURL *curl = curl_easy_init(); +if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* ask libcurl to use TLS version 1.0 or later */ + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + + /* Perform the request */ + curl_easy_perform(curl); +} +.fi .SH AVAILABILITY -SSLv2 is disabled by default since 7.18.1 +SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may +vary depending on which backend libcurl has been built to use. + +SSLv3 is disabled by default since 7.39.0. .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" .BR CURLOPT_USE_SSL "(3), " CURLOPT_HTTP_VERSION "(3), " +.BR CURLOPT_IPRESOLVE "(3) " diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html 2014-09-10 06:03:45.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_SSLVERSION.html 2015-06-17 05:56:26.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_SSLVERSION man page + + +

NAME

+

CURLOPT_UNIX_SOCKET_PATH - set Unix domain socket

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNIX_SOCKET_PATH, char *path);

DESCRIPTION

+

Enables the use of Unix domain sockets as connection endpoint and sets the path to path. If path is NULL, then Unix domain sockets are disabled. An empty string will result in an error at some point, it will not disable use of Unix domain sockets. +

When enabled, cURL will connect to the Unix domain socket instead of establishing a TCP connection to a host. Since no TCP connection is created, cURL does not need to resolve the DNS hostname in the URL. +

The maximum path length on Cygwin, Linux and Solaris is 107. On other platforms it might be even less. +

Proxy and TCP options such as CURLOPT_TCP_NODELAY, are not supported. Proxy options such as CURLOPT_PROXY, have no effect either as these are TCP-oriented, and asking a proxy server to connect to a certain Unix domain socket is not possible.

DEFAULT

+

Default is NULL, meaning that no Unix domain sockets are used.

PROTOCOLS

+

All protocols except for file:// and FTP are supported in theory. HTTP, IMAP, POP3 and SMTP should in particular work (including their SSL/TLS variants).

EXAMPLE

+

Given that you have an nginx server running, listening on /tmp/nginx.sock, you can request a HTTP resource with: +

+    curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, "/tmp/nginx.sock");
+    curl_easy_setopt(curl_handle, CURLOPT_URL, "http://localhost/");
+
+ +

+

If you are on Linux and somehow have a need for paths larger than 107 bytes, you could use the proc filesystem to bypass the limitation: +

+    int dirfd = open(long_directory_path_to_socket, O_DIRECTORY | O_RDONLY);
+    char path[108];
+    snprintf(path, sizeof(path), "/proc/self/fd/%d/nginx.sock", dirfd);
+    curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, path);
+    /* Be sure to keep dirfd valid until you discard the handle */
+
+ +

AVAILABILITY

+

Since 7.40.0.

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_OPENSOCKETFUNCTION, unix (7)

+ This HTML page was made with roffit. + Binary files /tmp/wWlDh7WHub/curl-7.38.0/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.pdf and /tmp/GjjWp38BhF/curl-7.43.0/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.pdf differ diff -Nru curl-7.38.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html curl-7.43.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html --- curl-7.38.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html 2014-09-10 06:03:45.000000000 +0000 +++ curl-7.43.0/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.html 2015-06-17 05:56:26.000000000 +0000 @@ -4,15 +4,20 @@ CURLOPT_UNRESTRICTED_AUTH man page