Changelog:
CHANGELOG
---------
Changes, gnurl specific:
* Almost none, mostly a merge as usual. After a chat
with bfix on IRC, the gnurl homepage has been extended
to explain how to build it.
The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.
curl Changelog:
Changes:
CURLINFO_RETRY_AFTER: parse the Retry-After header value
HTTP3: initial (experimental still not working) support
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
curl: support parallel transfers with -Z
curl_multi_poll: a sister to curl_multi_wait() that waits more
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Bugfixes:
CVE-2019-5481: FTP-KRB double-free
CVE-2019-5482: TFTP small blocksize heap buffer overflow
CI: remove duplicate configure flag for LGTM.com
CMake: remove needless newlines at end of gss variables
CMake: use platform dependent name for dlopen() library
CURLINFO docs: mention that in redirects times are added
CURLOPT_ALTSVC.3: use a "" file name to not load from a file
CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
CURLOPT_HEADERFUNCTION.3: clarify
CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
CURLOPT_READFUNCTION.3: provide inline example
CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
Curl_addr2string: take an addrlen argument too
Curl_fillreadbuffer: avoid double-free trailer buf on error
HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
alt-svc: add protocol version selection masking
alt-svc: fix removal of expired cache entry
alt-svc: make it use h3-22 with ngtcp2 as well
alt-svc: more liberal ALPN name parsing
alt-svc: send Alt-Used: in redirected requests
alt-svc: with quiche, use the quiche h3 alpn string
appveyor: pass on -k to make
asyn-thread: create a socketpair to wait on
build-openssl: fix build with Visual Studio 2019
cleanup: move functions out of url.c and make them static
cleanup: remove the 'numsocks' argument used in many places
configure: avoid undefined check_for_ca_bundle
curl.h: add CURL_HTTP_VERSION_3 to the version enum
curl.h: fix outdated comment
curl: cap the maximum allowed values for retry time arguments
curl: handle a libcurl build without netrc support
curl: make use of CURLINFO_RETRY_AFTER when retrying
curl: remove outdated comment
curl: use .curlrc (with a dot) on Windows
curl: use CURLINFO_PROTOCOL to check for HTTP(s)
curl_global_init_mem.3: mention it was added in 7.12.0
curl_version: bump string buffer size to 250
curl_version_info.3: mentioned ALTSVC and HTTP3
curl_version_info: offer quic (and h3) library info
curl_version_info: provide nghttp2 details
defines: avoid underscore-prefixed defines
docs/ALTSVC: remove what works and the experimental explanation
docs/EXPERIMENTAL: explain what it means and what's experimental now
docs/MANUAL.md: converted to markdown from plain text
docs/examples/curlx: fix errors
docs: s/curl_debug/curl_dbg_debug in comments and docs
easy: resize receive buffer on easy handle reset
examples: Avoid reserved names in hiperfifo examples
examples: add http3.c, altsvc.c and http3-present.c
getenv: support up to 4K environment variable contents on windows
http09: disable HTTP/0.9 by default in both tool and library
http2: when marked for closure and wanted to close == OK
http2_recv: trigger another read when the last data is returned
http: fix use of credentials from URL when using HTTP proxy
http_negotiate: improve handling of gss_init_sec_context() failures
md4: Use our own MD4 when no crypto libraries are available
multi: call detach_connection before Curl_disconnect
netrc: make the code try ".netrc" on Windows
nss: use TLSv1.3 as default if supported
openssl: build warning free with boringssl
openssl: use SSL_CTX_set__proto_version() when available
plan9: add support for running on Plan 9
progress: reset download/uploaded counter between transfers
readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
scp: fix directory name length used in memcpy
smb: init *msg to NULL in smb_send_and_recv()
smtp: check for and bail out on too short EHLO response
source: remove names from source comments
spnego_sspi: add typecast to fix build warning
src/makefile: fix uncompressed hugehelp.c generation
ssh-libssh: do not specify O_APPEND when not in append mode
ssh: move code into vssh for SSH backends
sspi: fix memory leaks
tests: Replace outdated test case numbering documentation
tftp: return error when packet is too small for options
timediff: make it 64 bit (if possible) even with 32 bit time_t
travis: reduce number of torture tests in 'coverage'
url: make use of new HTTP version if alt-svc has one
urlapi: verify the IPv6 numerical address
urldata: avoid 'generic', use dedicated pointers
vauth: Use CURLE_AUTH_ERROR for auth function errors
Changelog:
* make the warning in buildconf more clear, month
after noting that the hardfailure was not necessary.
* comment nroff parts of configure script, build +
check + release without groff tested succesfully on NetBSD 9.99.4
* Dependencies: python-3 is now supported (should be in curl
as well) for the tests. If python is required at all for
the tests needs to be looked at more closely. groff/nroff dropped.
The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.
* upstream (curl) ChangeLog:
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
libgnurl is a fork of libcurl. The goal for libgnurl is to support
only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend
(GnuTLS) to ensure a small footprint and uniform experience for
developers regardless of how libcurl was compiled.
This software is mainly used by GNUnet. The modifications to curl
are kept to the bare minimum, intended to track upstream closely.
gnurl is not a replacement for curl, so different paths are used.
