compile any longer, see
https://sourceforge.net/p/curl/bugs/1469/
Changes:
Curl and libcurl 7.40.0
Public curl releases: 143
Command line options: 162
curl_easy_setopt() options: 208
Public functions in libcurl: 58
Contributors: 1219
This release includes the following changes:
o http_digest: Added support for Windows SSPI based authentication
o version info: Added Kerberos V5 to the supported features
o Makefile: Added VC targets for WinIDN
o config-win32: Introduce build targets for VS2012+
o SSL: Add PEM format support for public key pinning
o smtp: Added support for the conversion of Unix newlines during mail send [8]
o smb: Added initial support for the SMB/CIFS protocol
o Added support for HTTP over unix domain sockets, via
CURLOPT_UNIX_SOCKET_PATH and --unix-socket
o sasl: Added support for GSS-API based Kerberos V5 authentication
This release includes the following bugfixes:
o darwinssl: fix session ID keys to only reuse identical sessions [18]
o url-parsing: reject CRLFs within URLs [19]
o OS400: Adjust specific support to last release
o THANKS: Remove duplicate names
o url.c: Fixed compilation warning
o ssh: Fixed build on platforms where R_OK is not defined [1]
o tool_strdup.c: include the tool strdup.h
o build: Fixed Visual Studio project file generation of strdup.[c|h]
o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
o curl.1: show zone index use in a URL
o mk-ca-bundle.vbs: switch to new certdata.txt url
o Makefile.dist: Added some missing SSPI configurations
o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
o SSH: use the port number as well for known_known checks [3]
o libssh2: detect features based on version, not configure checks
o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
o multi: removed Curl_multi_set_easy_connection
o symbol-scan.pl: do not require autotools
o cmake: add ENABLE_THREADED_RESOLVER, rename ARES
o cmake: build libhostname for test suite
o cmake: fix HAVE_GETHOSTNAME definition
o tests: fix libhostname visibility
o tests: fix memleak in server/resolve.c
o vtls.h: Fixed compiler warning when compiled without SSL
o CMake: Restore order-dependent header checks
o CMake: Restore order-dependent library checks
o tool: Removed krb4 from the supported features
o http2: Don't send Upgrade headers when we already do HTTP/2
o examples: Don't call select() to sleep on windows [6]
o win32: Updated some legacy APIs to use the newer extended versions [5]
o easy.c: Fixed compilation warning when no verbose string support
o connect.c: Fixed compilation warning when no verbose string support
o build: in Makefile.m32 pass -F flag to windres
o build: in Makefile.m32 add -m32 flag for 32bit
o multi: when leaving for timeout, close accordingly
o CMake: Simplify if() conditions on check result variables
o build: in Makefile.m32 try to detect 64bit target
o multi: inform about closed sockets before they are closed
o multi-uv.c: close the file handle after download
o examples: Wait recommended 100ms when no file descriptors are ready
o ntlm: Split the SSPI based messaging code from the native messaging code
o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
o cmake: add Kerberos to the supported feature
o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
o http: Disable pipelining for HTTP/2 and upgraded connections
o ntlm: Fixed static'ness of local decode function
o sasl: Reduced the need for two sets of NTLM messaging functions
o multi.c: Fixed compilation warnings when no verbose string support
o select.c: fix compilation for VxWorks [7]
o multi-single.c: switch to use curl_multi_wait
o curl_multi_wait.3: clarify numfds being used if not NULL
o http.c: Fixed compilation warnings from features being disabled
o NSS: enable the CAPATH option [9]
o docs: Fix FAILONERROR typos
o HTTP: don't abort connections with pending Negotiate authentication
o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
o http_perhapsrewind: don't abort CONNECT requests
o build: updated dependencies in makefiles
o multi.c: Fixed compilation warning
o ftp.c: Fixed compilation warnings when proxy support disabled
o get_url_file_name: Fixed crash on OOM on debug build
o cookie.c: Refactored cleanup code to simplify
o OS400: enable NTLM authentication
o ntlm: Use Windows Crypt API
o http2: avoid logging neg "failure" if h2 was not requested
o schannel_recv: return the correct code [10]
o VC build: added sspi define for winssl-zlib builds
o Curl_client_write(): chop long data, convert data only once
o openldap: do not ignore Curl_client_write() return code
o ldap: check Curl_client_write() return codes
o parsedate.c: Fixed compilation warning
o url.c: Fixed compilation warning when USE_NTLM is not defined
o ntlm_wb_response: fix "statement not reached" [11]
o telnet: fix "cast increases required alignment of target type"
o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
o ntlm: Disable NTLM v2 when 64-bit integers are not supported
o ntlm: Use short integer when decoding 16-bit values
o ftp.c: Fixed compilation warning when no verbose string support
o synctime.c: fixed timeserver URLs
o mk-ca-bundle.pl: restored forced run again
o ntlm: Fixed return code for bad type-2 Target Info
o curl_schannel.c: Data may be available before connection shutdown
o curl_schannel: Improvements to memory re-allocation strategy [13]
o darwinssl: aprintf() to allocate the session key
o tool_util.c: Use GetTickCount64 if it is available
o lib: Fixed multiple code analysis warnings if SAL are available
o tool_binmode.c: Explicitly ignore the return code of setmode
o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
o SFTP: work-around servers that return zero size on STAT [14]
o connect: singleipconnect(): properly try other address families after failure
o IPV6: address scope != scope id [15]
o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
o secureserver.pl: make OpenSSL CApath and cert absolute path values
o secureserver.pl: update Windows detection and fix path conversion
o secureserver.pl: clean up formatting of config and fix verbose output
o tests: Added Windows support using Cygwin-based OpenSSH
o sockfilt.c: use non-Ex functions that are available before WinXP
o VMS: Updates for 0740-0D1220
o openssl: warn for SRP set if SSLv3 is used, not for TLS version
o openssl: make it compile against openssl 1.1.0-DEV master branch
o openssl: fix SSL/TLS versions in verbose output
o curl: show size of inhibited data when using -v
o build: Removed WIN32 definition from the Visual Studio projects
o build: Removed WIN64 definition from the libcurl Visual Studio projects
o vtls: Use bool for Curl_ssl_getsessionid() return type
o sockfilt.c: Replace 100ms sleep with thread throttle
o sockfilt.c: Reduce the number of individual memory allocations
o vtls: Don't set cert info count until memory allocation is successful
o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
o nss: Don't ignore Curl_extract_certinfo() OOM failure
o vtls: Fixed compilation warning and an ignored return code
o sockfilt.c: Fixed compilation warnings
o darwinssl: Fixed compilation warning
o vtls: Use '(void) arg' for unused parameters
o sepheaders.c: Fixed resource leak on failure
o lib1900.c: Fixed cppcheck error [17]
o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
turned off in www/curl.
Modify the curl package to be aware of the libidn option. Ensure default
is on.
No functional change, so no version number bump.
SSH: added agent based authentication
ftp: active conn, allow application to set sockopt after accept() call with CURLSOCKTYPE_ACCEPT
multi: add curl_multi_wait()
metalink: Added support for Microsoft Windows CryptoAPI
md5: Added support for Microsoft Windows CryptoAPI
parse_proxy: treat "socks://x" as a socks4 proxy
socks: Added support for IPv6 connections through SOCKSv5 proxy
Bugfixes:
WSAPoll disabled on Windows builds due to its bugs
segfault on request retries
curl-config: parentheses fix
VC build: add define for openssl
globbing: fix segfault when >9 globs were used
fixed a few clang-analyzer warnings
metalink: change code order to build with gnutls-nettle
gtls: fix build failure by including nettle-specific headers
change preferred HTTP auth on a handle previously used for another auth
file: use fdopen() to avoid race condition
Added DWANT_IDN_PROTOTYPES define for MSVC too
verbose: fixed (nil) output of hostnames in re-used connections
metalink: Un-broke the build when building --with-darwinssl
curl man page cleanup
Avoid leak of local device string when reusing connection
Curl_socket_check: fix return code for timeout
nss: do not print misleading NSS error codes
configure: remove the --enable/disable-nonblocking options
darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
NTLM: re-use existing connection better
schannel crash on multi and easy handle cleanup
SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
mk-ca-bundle: detect start of trust section better
gnutls: do not fail on non-fatal handshake errors
SMTP: only send SIZE if supported
ftpserver: respond with a 250 to SMTP EHLO
ssh: do not crash if MD5 fingerprint is not provided by libssh2
winbuild: Added support for building with SPNEGO enabled
metalink: Fixed validation of binary files containing EOF
setup.h: fixed for MS VC10 build
cmake: use standard findxxx modules for cmake v2.8+
HTTP_ONLY: disable more protocols
Curl_reconnect_request: clear pointer on failure
https.c example: remember to call curl_global_init()
metalink: Filter resource URLs by type
multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation
curl_schannel: Removed buffer limit and optimized buffer strategy
security/libssh2 package.
Changes:
o --data-urlencode
o CURLOPT_PROXY_TRANSFER_MODE
o --no-keepalive - now curl does connections with keep-alive enabled by
default
o --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
o --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
o curl_easy_pause()
o CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
o --keepalive-time
o curl --help output was re-ordered
This release includes the following bugfixes:
o curl-config --features and --protocols show the correct output when built
with NSS, and also when SCP, SFTP and libz are not available
o free problem in the curl tool for users with empty home dir
o curl.h version 7.17.1 problem when building C++ apps with MSVC
o SFTP and SCP use persistent connections
o segfault on bad URL
o variable wrapping when using absolutely huge send buffer sizes
o variable wrapping when using debug callback and the HTTP request wasn't sent
in one go
o SSL connections with NSS done with the multi-interface
o setting a share no longer activates cookies
o Negotiate now works on auth and proxy simultanouesly
o support HTTP Digest nonces up to 1023 letters
o resumed ftp upload no longer requires the read callback to return full
buffers
o no longer default-appends ;type= on FTP URLs thru proxies
o SSL session id caching
o POST with callback over proxy requiring NTLM or Digest
o Expect: 100-continue flaw on re-used connection with POSTs
o build fix for MSVC 9.0 (VS2008)
o Windows curl builds failed file truncation when retry downloading
o SSL session ID cache memory leak
o bad connection re-use check with environment variable-activated proxy use
o --libcurl now generates a return statement as well
o socklen_t is no longer used in the public includes
o time zone offsets from -1400 to +1400 are now accepted by the date parser
o allows more spaces in WWW/Proxy-Authenticate: headers
o curl-config --libs skips /usr/lib64
o range support for file:// transfers
o libcurl hang with huge POST request and request-body read from callback
o removed extra newlines from many error messages
o improved pipelining
o improved OOM handling for data url encoded HTTP POSTs when read from a file
o test suite could pick wrong tool(s) if more than one existed in the PATH
o curl_multi_fdset() failed to return socket while doing CONNECT over proxy
o curl_multi_remove_handle() on a handle that is in used for a pipeline now
break that pipeline
o CURLOPT_COOKIELIST memory leaks
o progress meter/callback during http proxy CONNECT requests
o auth for http proxy when the proxy closes connection after first response
Version 7.15.5 (7 August 2006)
Daniel (2 August 2006)
- Mark Lentczner fixed how libcurl was not properly doing chunked encoding
if the header "Transfer-Encoding: chunked" was set by the application.
http://curl.haxx.se/bug/view.cgi?id=1531838
Daniel (1 August 2006)
- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror()
an unknown error number on glibc systems.
http://curl.haxx.se/bug/view.cgi?id=1532289
Daniel (31 July 2006)
- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified
prototypes: they both now provide the number of running handles back to the
calling function. It makes the functions resemble the good old
curl_multi_perform() more and provides a nice way to know when the multi
handle goes empty.
ALERT2: don't use the curl_multi_socket*() functionality in anything
production-like until I say it's somewhat settled, as I suspect there might
be some further API changes before I'm done...
Daniel (28 July 2006)
- Yves Lejeune fixed so that replacing Content-Type: when doing multipart
formposts work exactly the way you want it (and the way you'd assume it
works).
Daniel (27 July 2006)
- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
control and data connection, as the existing --ftp-ssl option only requests
it.
- [Hiper-related work] Added a function called curl_multi_assign() that will
set a private pointer added to the internal libcurl hash table for the
particular socket passed in to this function:
CURLMcode curl_multi_assign(CURLM *multi_handle,
curl_socket_t sockfd,
void *sockp);
'sockp' being a custom pointer set by the application to be associated with
this socket. The socket has to be already existing and in-use by libcurl,
like having already called the callback telling about its existance.
The set hashp pointer will then be passed on to the callback in upcoming
calls when this same socket is used (in the brand new 'socketp' argument).
Daniel (26 July 2006)
- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl
tool option named --ftp-alternative-to-user. It provides a mean to send a
particular command if the normal USER/PASS approach fails.
- Michael Jerris added magic that builds lib/curllib.vcproj automatically for
newer MSVC.
Daniel (25 July 2006)
- Georg Horn made the transfer timeout error message include more details.
Daniel (20 July 2006)
- David McCreedy fixed a build error when building libcurl with HTTP disabled,
problem added with the curl_formget() patch.
Daniel (17 July 2006)
- Jari Sundell did some excellent research and bug tracking, figured out that
we did wrong and patched it: When nodes were removed from the splay tree,
and we didn't properly remove it from the splay tree when an easy handle was
removed from a multi stack and thus we could wrongly leave a node in the
splay tree pointing to (bad) memory.
Daniel (14 July 2006)
- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared
for FTP ASCII transfers.
Daniel (8 July 2006)
- Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.
- Ingmar Runge provided a source snippet that caused a crash. The reason for
the crash was that libcurl internally was a bit confused about who owned the
DNS cache at all times so if you created an easy handle that uses a shared
DNS cache and added that to a multi handle it would crash. Now we keep more
careful internal track of exactly what kind of DNS cache each easy handle
uses: None, Private (allocated for and used only by this single handle),
Shared (points to a cache held by a shared object), Global (points to the
global cache) or Multi (points to the cache within the multi handle that is
automatically shared between all easy handles that are added with private
caches).
Daniel (4 July 2006)
- Toshiyuki Maezawa fixed a problem where you couldn't override the
Proxy-Connection: header when using a proxy and not doing CONNECT.
Daniel (24 June 2006)
- Michael Wallner added curl_formget(), which allows an application to extract
(serialise) a previously built formpost (as with curl_formadd()).
Daniel (23 June 2006)
- Arve Knudsen found a flaw in curl_multi_fdset() for systems where
curl_socket_t is unsigned (like Windows) that could cause it to wrongly
return a max fd of -1.
Daniel (20 June 2006)
- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and
CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed
to send or receive data. This kind of adds the the command line tool's
option --limit-rate to the library.
The rate limiting logic in the curl app is now removed and is instead
provided by libcurl itself. Transfer rate limiting will now also work for -d
and -F, which it didn't before.
Daniel (19 June 2006)
- Made -K on a file that couldn't be read cause a warning to be displayed.
Daniel (13 June 2006)
- Dan Fandrich implemented --enable-hidden-symbols configure option to enable
-fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl
binary and speeds up dynamic linking by hiding all the internal symbols from
the symbol table.
