Changelog:
Changes:
7.67.0
------
This release includes the following changes:
o curl: added --no-progress-meter
o setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new
o urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
This release includes the following bugfixes:
o BINDINGS: five new bindings addded
o CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
o CURLOPT_TIMEOUT.3: remove the mention of "minutes"
o ESNI: initial build/setup support
o FTP: FTPFILE_NOCWD: avoid redundant CWDs
o FTP: allow "rubbish" prepended to the SIZE response
o FTP: remove trailing slash from path for LIST/MLSD
o FTP: skip CWD to entry dir when target is absolute
o FTP: url-decode path before evaluation
o HTTP3.md: move -p for mkdir, remove -j for make
o HTTP3: fix invalid use of sendto for connected UDP socket
o HTTP3: fix ngtcp2 Windows build
o HTTP3: fix prefix parameter for ngtcp2 build
o HTTP3: fix typo somehere1 > somewhere1
o HTTP3: show an --alt-svc using example too
o INSTALL: add missing space for configure commands
o INSTALL: add vcpkg installation instructions
o README: minor grammar fix
o altsvc: accept quoted ma and persist values
o altsvc: both backends run h3-23 now
o appveyor: Add MSVC ARM64 build
o appveyor: Use two parallel compilation on appveyor with CMake
o appveyor: add --disable-proxy autotools build
o appveyor: add 32-bit MinGW-w64 build
o appveyor: add a winbuild
o appveyor: add a winbuild that uses VS2017
o appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017
o appveyor: publish artifacts on appveyor
o appveyor: upgrade VS2017 to VS2019
o asyn-thread: make use of Curl_socketpair() where available
o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
o build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
o checksrc: fix uninitialized variable warning
o chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
o cirrus: Increase the git clone depth
o cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
o cirrus: switch off blackhole status on the freebsd CI machines
o cleanups: 21 various PVS-Studio warnings
o configure: only say ipv6 enabled when the variable is set
o configure: remove all cyassl references
o conn-reuse: requests wanting NTLM can reuse non-NTLM connections
o connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
o connect: silence sign-compare warning
o cookie: avoid harmless use after free
o cookie: pass in the correct cookie amount to qsort()
o cookies: change argument type for Curl_flush_cookies
o cookies: using a share with cookies shouldn't enable the cookie engine
o copyrights: update copyright notices to 2019
o curl: create easy handles on-demand and not ahead of time
o curl: ensure HTTP 429 triggers --retry
o curl: exit the create_transfers loop on errors
o curl: fix memory leaked by parse_metalink()
o curl: load large files with -d @ much faster
o docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
o docs: added multi-event.c example
o docs: disambiguate CURLUPART_HOST is for host name (ie no port)
o docs: note on failed handles not being counted by curl_multi_perform
o doh: allow only http and https in debug mode
o doh: avoid truncating DNS QTYPE to lower octet
o doh: clean up dangling DOH memory on easy close
o doh: fix (harmless) buffer overrun
o doh: fix undefined behaviour and open up for gcc and clang optimization
o doh: return early if there is no time left
o examples/sslbackend: fix -Wchar-subscripts warning
o examples: remove the "this exact code has not been verified"
o git: add tests/server/disabled to .gitignore
o gnutls: make gnutls_bye() not wait for response on shutdown
o http2: expire a timeout at end of stream
o http2: prevent dup'ed handles to send dummy PRIORITY frames
o http2: relax verification of :authority in push promise requests
o http2_recv: a closed stream trumps pause state
o http: lowercase headernames for HTTP/2 and HTTP/3
o ldap: Stop using wide char version of ldapp_err2string
o ldap: fix OOM error on missing query string
o mbedtls: add error message for cert validity starting in the future
o mime: when disabled, avoid C99 macro
o ngtcp2: adapt to API change
o ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
o ngtcp2: remove fprintf() calls
o openssl: close_notify on the FTP data connection doesn't mean closure
o openssl: fix compiler warning with LibreSSL
o openssl: use strerror on SSL_ERROR_SYSCALL
o os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
o parsedate: fix date parsing disabled builds
o quiche: don't close connection at end of stream
o quiche: persist connection details (fixes -I with --http3)
o quiche: set 'drain' when returning without having drained the queues
o quiche: update HTTP/3 config creation to new API
o redirect: handle redirects to absolute URLs containing spaces
o runtests: get textaware info from curl instead of perl
o schannel: reverse the order of certinfo insertions
o schannel_verify: Fix concurrent openings of CA file
o security: silence conversion warning
o setopt: handle ALTSVC set to NULL
o setopt: make it easier to add new enum values
o setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
o smb: check for full size message before reading message details
o smbserver: fix Python 3 compatibility
o socks: Fix destination host shown on SOCKS5 error
o test1162: disable MSYS2's POSIX path conversion
o test1591: fix spelling of http feature
o tests: add `connect to non-listen` keywords
o tests: fix narrowing conversion warnings
o tests: fix the test 3001 cert failures
o tests: makes tests succeed when using --disable-proxy
o tests: use %FILE_PWD for file:// URLs
o tests: use port 2 instead of 60000 for a safer non-listening port
o tool_operate: Fix retry sleep time shown to user when Retry-After
o travis: Add an ARM64 build
o url: Curl_free_request_state() should also free doh handles
o url: don't set appconnect time for non-ssl/non-ssh connections
o url: fix the NULL hostname compiler warning
o url: normalize CURLINFO_EFFECTIVE_URL
o url: only reuse TLS connections with matching pinning
o urlapi: avoid index underflow for short ipv6 hostnames
o urlapi: fix URL encoding when setting a full URL
o urlapi: fix unused variable warning
o urlapi: question mark within fragment is still fragment
o urldata: use 'bool' for the bit type on MSVC compilers
o vtls: Fix comment typo about macosx-version-min compiler flag
o vtls: fix narrowing conversion warnings
o winbuild/MakefileBuild.vc: Add vssh
o winbuild/MakefileBuild.vc: Fix line endings
o winbuild: Add manifest to curl.exe for proper OS version detection
o winbuild: add ENABLE_UNICODE option
Changelog:
CHANGELOG
---------
Changes, gnurl specific:
* Almost none, mostly a merge as usual. After a chat
with bfix on IRC, the gnurl homepage has been extended
to explain how to build it.
The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.
curl Changelog:
Changes:
CURLINFO_RETRY_AFTER: parse the Retry-After header value
HTTP3: initial (experimental still not working) support
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
curl: support parallel transfers with -Z
curl_multi_poll: a sister to curl_multi_wait() that waits more
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Bugfixes:
CVE-2019-5481: FTP-KRB double-free
CVE-2019-5482: TFTP small blocksize heap buffer overflow
CI: remove duplicate configure flag for LGTM.com
CMake: remove needless newlines at end of gss variables
CMake: use platform dependent name for dlopen() library
CURLINFO docs: mention that in redirects times are added
CURLOPT_ALTSVC.3: use a "" file name to not load from a file
CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
CURLOPT_HEADERFUNCTION.3: clarify
CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
CURLOPT_READFUNCTION.3: provide inline example
CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
Curl_addr2string: take an addrlen argument too
Curl_fillreadbuffer: avoid double-free trailer buf on error
HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
alt-svc: add protocol version selection masking
alt-svc: fix removal of expired cache entry
alt-svc: make it use h3-22 with ngtcp2 as well
alt-svc: more liberal ALPN name parsing
alt-svc: send Alt-Used: in redirected requests
alt-svc: with quiche, use the quiche h3 alpn string
appveyor: pass on -k to make
asyn-thread: create a socketpair to wait on
build-openssl: fix build with Visual Studio 2019
cleanup: move functions out of url.c and make them static
cleanup: remove the 'numsocks' argument used in many places
configure: avoid undefined check_for_ca_bundle
curl.h: add CURL_HTTP_VERSION_3 to the version enum
curl.h: fix outdated comment
curl: cap the maximum allowed values for retry time arguments
curl: handle a libcurl build without netrc support
curl: make use of CURLINFO_RETRY_AFTER when retrying
curl: remove outdated comment
curl: use .curlrc (with a dot) on Windows
curl: use CURLINFO_PROTOCOL to check for HTTP(s)
curl_global_init_mem.3: mention it was added in 7.12.0
curl_version: bump string buffer size to 250
curl_version_info.3: mentioned ALTSVC and HTTP3
curl_version_info: offer quic (and h3) library info
curl_version_info: provide nghttp2 details
defines: avoid underscore-prefixed defines
docs/ALTSVC: remove what works and the experimental explanation
docs/EXPERIMENTAL: explain what it means and what's experimental now
docs/MANUAL.md: converted to markdown from plain text
docs/examples/curlx: fix errors
docs: s/curl_debug/curl_dbg_debug in comments and docs
easy: resize receive buffer on easy handle reset
examples: Avoid reserved names in hiperfifo examples
examples: add http3.c, altsvc.c and http3-present.c
getenv: support up to 4K environment variable contents on windows
http09: disable HTTP/0.9 by default in both tool and library
http2: when marked for closure and wanted to close == OK
http2_recv: trigger another read when the last data is returned
http: fix use of credentials from URL when using HTTP proxy
http_negotiate: improve handling of gss_init_sec_context() failures
md4: Use our own MD4 when no crypto libraries are available
multi: call detach_connection before Curl_disconnect
netrc: make the code try ".netrc" on Windows
nss: use TLSv1.3 as default if supported
openssl: build warning free with boringssl
openssl: use SSL_CTX_set__proto_version() when available
plan9: add support for running on Plan 9
progress: reset download/uploaded counter between transfers
readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
scp: fix directory name length used in memcpy
smb: init *msg to NULL in smb_send_and_recv()
smtp: check for and bail out on too short EHLO response
source: remove names from source comments
spnego_sspi: add typecast to fix build warning
src/makefile: fix uncompressed hugehelp.c generation
ssh-libssh: do not specify O_APPEND when not in append mode
ssh: move code into vssh for SSH backends
sspi: fix memory leaks
tests: Replace outdated test case numbering documentation
tftp: return error when packet is too small for options
timediff: make it 64 bit (if possible) even with 32 bit time_t
travis: reduce number of torture tests in 'coverage'
url: make use of new HTTP version if alt-svc has one
urlapi: verify the IPv6 numerical address
urldata: avoid 'generic', use dedicated pointers
vauth: Use CURLE_AUTH_ERROR for auth function errors
Changelog:
* make the warning in buildconf more clear, month
after noting that the hardfailure was not necessary.
* comment nroff parts of configure script, build +
check + release without groff tested succesfully on NetBSD 9.99.4
* Dependencies: python-3 is now supported (should be in curl
as well) for the tests. If python is required at all for
the tests needs to be looked at more closely. groff/nroff dropped.
The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.
* upstream (curl) ChangeLog:
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
libgnurl is a fork of libcurl. The goal for libgnurl is to support
only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend
(GnuTLS) to ensure a small footprint and uniform experience for
developers regardless of how libcurl was compiled.
This software is mainly used by GNUnet. The modifications to curl
are kept to the bare minimum, intended to track upstream closely.
gnurl is not a replacement for curl, so different paths are used.
