This release includes the following bugfixes:
o build: fix 'make install' with configure, install docs/libcurl/* too
o make install: add 8 missing man pages to the installation
o curl: do bounds check using a double comparison [1]
o dist: Add dictserver.py/negtelnetserver.py to release [2]
o digest_sspi: Don't reuse context if the user/passwd has changed [3]
o gitignore: ignore top-level .vs folder [4]
o build: check out *.sln files with Windows line endings [5]
o travis: verify "make install" [6]
o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7]
o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
o configure: use the threaded resolver backend by default if possible [8]
o mkhelp.pl: allow executing this script directly [9]
o maketgz: remove old *.dist files before making the tarball [10]
o openssl: remove CONST_ASN1_BIT_STRING [11]
o openssl: fix "error: this statement may fall through"
o proxy: fix memory leak in case of invalid proxy server name [12]
o curl/system.h: support more architectures (OpenRISC, ARC) [13]
o docs: fix typos [14]
o curl/system.h: add Oracle Solaris Studio [15]
o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16]
o docs: --connect-to clarified
o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17]
o travis: test cmake build on tarball too
o redirect: make it handle absolute redirects to IDN names [18]
o curl/system.h: fix for gcc on PowerPC [19]
o curl --interface: fixed for IPV6 unique local addresses [20]
o cmake: threads detection improvements [21]
Curl and libcurl 7.55.0
Public curl releases: 167
Command line options: 210
curl_easy_setopt() options: 247
Public functions in libcurl: 61
Contributors: 1571
This release includes the following changes:
o curl: allow --header and --proxy-header read from file [7]
o getinfo: provide sizes as curl_off_t [6]
o curl: prevent binary output spewed to terminal [16]
o curl: added --request-target [22]
o libcurl: added CURLOPT_REQUEST_TARGET [22]
o curl: added --socks5-{basic,gssapi}: control socks5 auth [30]
o libcurl: added CURLOPT_SOCKS5_AUTH [30]
This release includes the following bugfixes:
o glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) [85]
o tftp: reject file name lengths that don't fit (CVE-2017-1000100) [84]
o file: output the correct buffer to the user (CVE-2017-1000099) [83]
o includes: remove curl/curlbuild.h and curl/curlrules.h [1]
o dist: make the hugehelp.c not get regenerated unnecessarily [2]
o timers: store internal time stamps as time_t instead of doubles [3]
o progress: let "current speed" be UL + DL speeds combined [4]
o http-proxy: do the HTTP CONNECT process entirely non-blocking [5]
o lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV [8]
o fuzz: bring oss-fuzz initial code converted to C89 [10]
o configure: disable nghttp2 too if HTTP has been disabled
o mk-ca-bundle.pl: Check curl's exit code after certdata download [11]
o test1148: verify the -# progressbar [12]
o tests: stabilize test 2032 and 2033 [13]
o HTTPS-Proxy: don't offer h2 for https proxy connections [14]
o http-proxy: only attempt FTP over HTTP proxy [9]
o curl-compilers.m4: enable vla warning for clang [15]
o curl-compilers.m4: enable double-promotion warning [15]
o curl-compilers.m4: enable missing-variable-declarations clang warning [15]
o curl-compilers.m4: enable comma clang warning [15]
o Makefile.m32: enable -W for MinGW32 build [15]
o CURLOPT_PREQUOTE: not supported for SFTP [17]
o http2: fix OOM crash
o PIPELINING_SERVER_BL: cleanup the internal list use [18]
o mkhelp.pl: fix script name in usage text
o lib1521: add curl_easy_getinfo calls to the test set
o travis: do the distcheck test build out-of-tree as well
o if2ip: fix compiler warning in ISO C90 mode
o lib: fix the djgpp build [19]
o typecheck-gcc: add support for CURLINFO_OFF_T [20]
o travis: enable typecheck-gcc warnings [21]
o maketgz: switch to xz instead of lzma [23]
o CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
o curl-compilers.m4: fix unknown-warning-option on Apple clang [24]
o winbuild: fix boringssl build [25]
o curl/system.h: add check for XTENSA for 32bit gcc [26]
o test1537: fixed memory leak on OOM
o test1521: fix compiler warnings [27]
o curl: fix memory leak on test 1147 OOM [28]
o libtest/make: generate lib1521.c dynamically at build-time [29]
o curl_strequal.3: fix typo in SYNOPSIS [31]
o progress: prevent resetting t_starttransfer [32]
o openssl: improve fallback seed of PRNG with a time based hash [33]
o http2: improved PING frame handling [34]
o test1450: add simple testing for DICT [35]
o make: build the docs subdir only from within src [36]
o cmake: Added compatibility options for older Windows versions [37]
o gtls: fix build when sizeof(long) < sizeof(void *) [38]
o url: make the original string get used on subsequent transfers [39]
o timeval.c: Use long long constant type for timeval assignment [40]
o tool_sleep: typecast to avoid macos compiler warning
o travis.yml: use --enable-werror on debug builds [41]
o test1451: add SMB support to the testbed [42]
o configure: remove checks for 5 functions never used [43]
o configure: try ldap/lber in reversed order first [44]
o smb: fix build for djgpp/MSDOS [45]
o travis: install nghttp2 on linux builds [46]
o smb: add support for CURLOPT_FILETIME [47]
o cmake: fix send/recv argument scanner for windows [48]
o inet_pton: fix include on windows to get prototype [49]
o select.h: avoid macro redefinition harder
o cmake: if inet_pton is used, bump _WIN32_WINNT
o asyn-thread.c: fix unused variable warnings on macOS
o runtests: support "threaded-resolver" as a feature
o test506: skip if threaded-resolver
o cmake: remove spurious "-l" from linker flags [50]
o cmake: add CURL_WERROR for enabling "warning as errors"
o memdebug: don't setbuf() if the file open failed [51]
o curl_easy_escape.3: mention the (lack of) encoding [52]
o test1452: add telnet negotiation [53]
o CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
o cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC [54]
o tests/valgrind.supp: supress OpenSSL false positive seen on travis [55]
o curl_setup_once: Remove ERRNO/SET_ERRNO macros [56]
o curl-compilers.m4: disable warning spam with Cygwin's clang [57]
o ldap: fix MinGW compiler warning [58]
o make: fix docs build on OpenBSD [59]
o curl_setup: always define WIN32_LEAN_AND_MEAN on Windows [60]
o system.h: include winsock2.h before windows.h
o winbuild: build with warning level 4 [61]
o rtspd: fix MSVC level 4 warning
o sockfilt: suppress conversion warning with explicit cast
o libtest: fix MSVC warning C4706
o darwinssl: fix pinnedpubkey build error [62]
o tests/server/resolve.c: fix deprecation warning [63]
o nss: fix a possible use-after-free in SelectClientCert() [64]
o checksrc: escape open brace in regex
o multi: mention integer overflow risk if using > 500 million sockets [65]
o darwinssl: fix --tlsv1.2 regression [66]
o timeval: struct curltime is a struct timeval replacement [67]
o curl_rtmp: fix a compiler warning [68]
o include.d: clarify that it concerns the response headers [69]
o cmake: support make uninstall [70]
o include.d: clarify --include is only for response headers [71]
o libcurl: Stop using error codes defined under CURL_NO_OLDIES [72]
o http: fix response code parser to avoid integer overflow [73]
o configure: fix the check for IdnToUnicode [74]
o multi: fix request timer management [75]
o curl_threads: fix MSVC compiler warning [76]
o travis: build on osx with openssl
o travis: build on osx with libressl
o CURLOPT_NETRC.3: mention the file name on windows
o cmake: set MSVC warning level to 4 [77]
o netrc: skip lines starting with '#' [78]
o darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
o BUILD.WINDOWS: mention buildconf.bat for builds off git
o darwinssl: silence compiler warnings [79]
o travis: build on osx with darwinssl
o FTP: skip unnecessary CWD when in nocwd mode [80]
o gssapi: fix memory leak of output token in multi round context [81]
o getparameter: avoid returning uninitialized 'usedarg' [82]
o curl (debug build) easy_events: make event data static
o curl: detect and bail out early on parameter integer overflows [86]
o configure: fix recv/send/select detection on Android [87]
curl: show the libcurl release date in --version output
Bugfixes:
CVE-2017-9502: default protocol drive letter buffer overflow
openssl: fix memory leak in servercert
tests: remove the html and PDF versions from the tarball
mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
typecheck-gcc: handle function pointers properly
llist: no longer uses malloc
gnutls: removed some code when --disable-verbose is configured
lib: fix maybe-uninitialized warnings
multi: clarify condition in curl_multi_wait
schannel: Don't treat encrypted partial record as pending data
configure: fix the -ldl check for openssl, add -lpthread check
configure: accept -Og and -Ofast GCC flags
Makefile: avoid use of GNU-specific form of $<
if2ip: fix -Wcast-align warning
configure: stop prepending to LDFLAGS, CPPFLAGS
curl: set a 100K buffer size by default
typecheck-gcc: fix _curl_is_slist_info
nss: do not leak PKCS 11 slot while loading a key
nss: load libnssckbi.so if no other trust is specified
examples: ftpuploadfrommem.c
url: declare get_protocol_family() static
examples/cookie_interface.c: changed to example.com
test1443: test --remote-time
curl: use utimes instead of obsolescent utime when available
url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
curl_rtmp: fix missing-variable-declarations warnings
tests: fixed OOM handling of unit tests to abort test
curl_setup: Ensure no more than one IDN lib is enabled
tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
curl: non-boolean command line args reject --no- prefixes
telnet: Write full buffer instead of byte-by-byte
typecheck-gcc: add missing string options
typecheck-gcc: add support for CURLINFO_SOCKET
opt man pages: they all have examples now
curl_setup_once: use SEND_QUAL_ARG2 for swrite
test557: set a known good numeric locale
schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
tests/server: make string literals const
runtests: use -R for random order
unit1305: fix compiler warning
curl_slist_append.3: clarify a NULL input creates a new list
tests/server: run checksrc by default in debug-builds
tests: fix -Wcast-qual warnings
runtests.pl: simplify the datacheck read section
curl: remove --environment and tool_writeenv.c
buildconf: fix hang on IRIX
tftp: silence bad-function-cast warning
asyn-thread: fix unused macro warnings
tool_parsecfg: fix -Wcast-qual warning
sendrecv: fix MinGW-w64 warning
test537: use correct variable type
rand: treat fake entropy the same regardless of endianness
curl: generate the --help output
tests: removed redundant --trace-ascii arguments
multi: assign IDs to all timers and make each timer singleton
multi: use a fixed array of timers instead of malloc
mbedtls: Support server renegotiation request
pipeline: fix mistakenly trying to pipeline POSTs
lib510: don't write past the end of the buffer if it's too small
CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
SecureTransport/DarwinSSL: Implement public key pinning
curl.1: clarify --config
curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
darwinssl: Fix exception when processing a client-side certificate
curl.1: mention --oauth2-bearer's argument
mkhelp.pl: do not add current time into curl binary
asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input
ssh: fix memory leak in disconnect due to timeout
tests: stabilize test 1034
cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
assert: avoid, use DEBUGASSERT instead
LDAP: using ldap_bind_s on Windows with methods
redirect: store the "would redirect to" URL when max redirs is reached
winbuild: fix the nghttp2 build
examples: fix -Wimplicit-fallthrough warnings
time: fix type conversions and compiler warnings
mbedtls: fix variable shadow warning
test557: fix ubsan runtime error due to int left shift
transfer: init the infilesize from the postfields
docs: clarify NO_PROXY further
build-wolfssl: Sync config with wolfSSL 3.11
curl-compilers.m4: enable -Wshift-sign-overflow for clang
example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
lib574.c: use correct callback proto
lib583: fix compiler warning
curl-compilers.m4: fix compiler_num for clang
typecheck-gcc.h: separate getinfo slist checks from other pointers
typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
typecheck-gcc.h: check CURLINFO_CERTINFO
build: provide easy code coverage measuring
test1537: dedicated tests of the URL (un)escape API calls
curl_endian: remove unused functions
test1538: verify the libcurl strerror API calls
MD(4|5): silence cast-align clang warning
dedotdot: fixed output for ".." and "." only input
cyassl: define build macros before including ssl.h
updatemanpages.pl: error out on too old git version
curl_sasl: fix unused-variable warning
x509asn1: fix implicit-fallthrough warning with GCC 7
libtest: fix implicit-fallthrough warnings with GCC 7
BINDINGS: add Ring binding
curl_ntlm_core: pass unsigned char to toupper
test1262: verify ftp download with -z for "if older than this"
test1521: test all curl_easy_setopt options
typecheck-gcc: allow CURLOPT_STDERR to be NULL too
metalink: remove unused printf() argument
file: make speedcheck use current time for checks
configure: fix link with librtmp when specifying path
examples/multi-uv.c: fix deprecated symbol
cmake: Fix inconsistency regarding mbed TLS include directory
setopt: check CURLOPT_ADDRESS_SCOPE option range
gitignore: ignore all vim swap files
urlglob: fix division by zero
libressl: OCSP and intermediate certs workaround no longer needed
Curl and libcurl 7.54.0
Public curl releases: 165
Command line options: 207
curl_easy_setopt() options: 245
Public functions in libcurl: 61
Contributors: 1538
This release includes the following changes:
o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
o Add --max-tls [19]
o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
o Add --suppress-connect-headers [24]
This release includes the following bugfixes:
o CVE-2017-7468: switch off SSL session id when client cert is used [68]
o cmake: Replace invalid UTF-8 byte sequence [1]
o tests: use consistent environment variables for setting charset
o proxy: fixed a memory leak on OOM
o ftp: removed an erroneous free in an OOM path
o docs: de-duplicate file lists in the Makefiles [2]
o ftp: fixed a NULL pointer dereference on OOM
o gopher: fixed detection of an error condition from Curl_urldecode
o url: fix unix-socket support for proxy-disabled builds [3]
o test1139: allow for the possibility that the man page is not rebuilt
o cyassl: get library version string at runtime
o digest_sspi: fix compilation warning
o tests: enable HTTP/2 tests to run with non-default port numbers
o warnless: suppress compiler warning
o darwinssl: Warn that disabling host verify also disables SNI [4]
o configure: fix for --enable-pthreads [5]
o checksrc.bat: Ignore curl_config.h.in, curl_config.h
o no-keepalive.d: fix typo [6]
o configure: fix --with-zlib when a path is specified [7]
o build: fix gcc7 implicit fallthrough warnings [8]
o fix potential use of uninitialized variables [9]
o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
o CMake: Add DarwinSSL support [12]
o CMake: Add mbedTLS support [13]
o ares: return error at once if timed out before name resolve starts [14]
o BINDINGS: added C++, perl, go and Scilab bindings
o URL: return error on malformed URLs with junk after port number
o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
o http2: Fix assertion error on redirect with CL=0 [16]
o updatemanpages.pl: Update man pages to use current date and versions [17]
o --insecure: clarify that this option is for server connections [18]
o mkhelp: simplified the gzip code
o build: fixed making man page in out-of-tree tarball builds
o tests: disabled 1903 due to flakiness
o openssl: add two /* FALLTHROUGH */ to satisfy coverity
o cmdline-opts: fixed a few typos
o authneg: clear auth.multi flag at http_done [20]
o curl_easy_reset: Also reset the authentication state [21]
o proxy: skip SSL initialization for closed connections [22]
o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
o tool_writeout: fixed a buffer read overrun on --write-out
o make: regenerate docs/curl.1 by running make in docs [25]
o winbuild: add basic support for OpenSSL 1.1.x [26]
o build: removed redundant DEPENDENCIES from makefiles
o CURLINFO_LOCAL_PORT.3: added example
o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
o tests: strip more options from non-HTTP --libcurl tests
o tests: fixed the documented test server port numbers
o runtests.pl: fixed display of the Gopher IPv6 port number
o multi: fix streamclose() crash in debug mode [28]
o cmake: build manual pages [29]
o cmake: add support for building HTML and PDF docs [30]
o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
o make: introduce 'test-nonflaky' target
o CURLINFO_PRIMARY_IP.3: add example
o tests/README: mention nroff for --manual tests [32]
o mkhelp: disable compression if the perl gzip module is unavailable
o openssl: fall back on SSL_ERROR_* string when no error detail [33]
o asiohiper: make sure socket is open in event_cb [34]
o tests/README: make "Run" section foolproof [35]
o curl: check for end of input in writeout backslash handling
o .gitattributes: turn off CRLF for *.am [36]
o multi: fix MinGW-w64 compiler warnings
o schannel: fix variable shadowing warning
o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
o http: Fix proxy connection reuse with basic-auth [38]
o pause: handle mixed types of data when paused [39]
o http: do not treat FTPS over CONNECT as HTTPS
o conncache: make hashkey avoid malloc [40]
o make: use the variable MAKE for recursive calls [41]
o curl: fix callback argument inconsistency [42]
o NTLM: check for features with #ifdef instead of #if [43]
o cmake: add several missing files to the dist
o select: use correct SIZEOF_ constant [44]
o connect: fix unreferenced parameter warning
o schannel: fix unused variable warning
o gcc7: fix ‘*’ in boolean context [45]
o http2: silence unused parameter warnings
o ssh: fix narrowing conversion warning
o telnet: (win32) fix read callback return variable [46]
o docs: Explain --fail-early does not imply --fail [47]
o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
o tests/server/util: remove in6addr_any for recent MinGW [48]
o multi: make curl_multi_wait avoid malloc in the typical case [49]
o include: curl/system.h is a run-time version of curlbuild.h [50]
o easy: silence compiler warning
o llist: replace Curl_llist_alloc with Curl_llist_init [51]
o hash: move key into hash struct to reduce mallocs [52]
o url: don't free postponed data on connection reuse [53]
o curl_sasl: declare mechtable static
o curl: fix Windows Unicode build
o multi: fix queueing of pending easy handles [54]
o tool_operate: fix MinGW compiler warning [55]
o low_speed_limit: improved function for longer time periods [56]
o gtls: fix compiler warning
o sspi: print out InitializeSecurityContext() error message [57]
o schannel: fix compiler warnings [58]
o vtls: fix unreferenced variable warnings
o INSTALL.md: fix secure transport configure arguments
o CURLINFO_SCHEME.3: fix variable type
o libcurl-thread.3: also mention threaded-resolver [59]
o nss: load CA certificates even with --insecure [60]
o openssl: fix this statement may fall through [61]
o poll: prefer <poll.h> over <sys/poll.h> [62]
o polarssl: unbreak build with versions < 1.3.8 [63]
o Curl_expire_latest: ignore already expired timers [64]
o configure: turn implicit function declarations into errors [65]
o mbedtls: fix memory leak in error path [66]
o http2: fix handle leak in error path [67]
o .gitattributes: force shell scripts to LF [69]
o configure.ac: ignore CR after version numbers [70]
o extern-scan.pl: strip trailing CR [71]
o openssl: make SSL_ERROR_to_str more future-proof [72]
o openssl: fix thread-safety bugs in error-handling [73]
o openssl: don't try to print nonexistant peer private keys [74]
o nss: fix MinGW compiler warnings [75]
Bugfixes:
* cyassl: fix typo
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
Curl and libcurl 7.53.0
This release includes the following changes:
o unix_socket: added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET [25]
o CURLOPT_BUFFERSIZE: support enlarging receive buffer [29]
This release includes the following bugfixes:
o CVE-2017-2629: make SSL_VERIFYSTATUS work again [64]
o gnutls-random: check return code for failed random
o openssl-random: check return code when asking for random
o http: remove "Curl_http_done: called premature" message
o cyassl: use time_t instead of long for timeout
o build-wolfssl: Sync config with wolfSSL 3.10
o ftp-gss: check for init before use
o configure: accept --with-libidn2 instead [1]
o ftp: failure to resolve proxy should return that error code
o curl.1: add three more exit codes
o docs/ciphers: link to our own new page about ciphers
o vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl [2]
o darwinssl: fix iOS build [3]
o darwinssl: fix CFArrayRef leak [4]
o cmake: use crypt32.lib when building with OpenSSL on windows [5]
o curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked [6]
o digest_sspi: copy terminating NUL as well [7]
o curl: fix --remote-time incorrect times on Windows [8]
o curl.1: several updates and corrections [11]
o content_encoding: change return code on a failure
o curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
o docs: TCP_KEEPALIVE start and interval default to 60 [9]
o darwinssl: --insecure overrides --cacert if both settings are in use [10]
o TheArtOfHttpScripting: grammar
o CIPHERS.md: document GSKit ciphers
o wolfssl: support setting cipher list
o wolfssl: display negotiated SSL version and cipher
o lib506: fix build for Open Watcom [12]
o asiohiper: improved socket handling [13]
o examples: make the C++ examples follow our code style too
o tests/sws: retry send() on EWOULDBLOCK [14]
o cmake: Fix passing _WINSOCKAPI_ macro to compiler [15]
o smtp: Fix STARTTLS denied error message
o imap/pop3: don't print response character in STARTTLS denied messages [16]
o rand: make it work without TLS backing [17]
o url: fix parsing for when 'file' is the default protocol [18]
o url: allow file://X:/path URLs on windows again [19]
o gnutls: check for alpn and ocsp in configure [20]
o IDN: Use TR46 'non-transitional' for toASCII translations [21]
o url: Fix NO_PROXY env var to work properly with --proxy option [22]
o CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* [23]
o docs: Add note about libcurl copying strings to CURLOPT_* manpages [24]
o curl: reset the easy handle at --next
o --next docs: --trace and --trace-ascii are also global
o --write-out docs: 'time_total' is not always shown with ms precision
o http: print correct HTTP string in verbose output when using HTTP/2
o docs: improved language in README.md HISTORY.md CONTRIBUTE.md [26]
o http2: disable server push if not requested [27]
o nss: use the correct lock in nss_find_slot_by_name()
o usercertinmem.c: improve the short description
o CURLOPT_CONNECT_TO: Fix compile warnings
o docs: non-blocking SSL handshake is now supported with NSS
o *.rc: escape non-ASCII/non-UTF-8 character for clarity [28]
o mbedTLS: fix multi interface non-blocking handshake [30]
o PolarSSL: fix multi interface non-blocking handshake [31]
o VC: remove the makefile.vc6 build infra [32]
o telnet: fix windows compiler warnings [33]
o cookies: do not assume a valid domain has a dot
o polarssl: fix hangs
o gnutls: disable TLS session tickets [34]
o mbedtls: disable TLS session tickets [35]
o mbedtls: implement CTR-DRBG and HAVEGE random generators [36]
o openssl: Don't use certificate after transferring ownership [37]
o cmake: Support curl --xattr when built with cmake [38]
o OS400: Fix symbols [39]
o docs: Add more HTTPS proxy documentation [40]
o docs: use more HTTPS links [41]
o cmdline-opts: Fixed build and test in out of source tree builds
o CHANGES.0: removed
o schannel: Remove incorrect SNI disabled message [42]
o darwinssl: Avoid parsing certificates when not in verbose mode [43]
o test552: Fix typos [44]
o telnet: Fix typos [45]
o transfer: only retry nobody-requests for HTTP [46]
o http2: reset push header counter fixes crash [47]
o nss: make FTPS work with --proxytunnel [48]
o test1139: Added the --manual keyword since the manual is required
o polarssl, mbedtls: Fix detection of pending data [49]
o http_proxy: Fix tiny memory leak upon edge case connecting to proxy [50]
o URL: only accept ";options" in SMTP/POP3/IMAP URL schemes [51]
o curl.1: ftp.sunet.se is no longer an FTP mirror
o tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT [52]
o http2: fix memory-leak when denying push streams [53]
o configure: Allow disabling pthreads, fall back on Win32 threads [54]
o curl: fix typo in time condition warning message [55]
o axtls: adapt to API changes [56]
o tool_urlglob: Allow a glob range with the same start and stop [57]
o winbuild: add note on auto-detection of MACHINE in Makefile.vc [58]
o http: fix missing 'Content-Length: 0' while negotiating auth [59]
o proxy: fix hostname resolution and IDN conversion [60]
o docs: fix timeout handling in multi-uv example
o digest_sspi: Fix nonce-count generation in HTTP digest [61]
o sftp: improved checks for create dir failures [62]
o smb: use getpid replacement for windows UWP builds [63]
o digest_sspi: Handle 'stale=TRUE' directive in HTTP digest [65]
Fixed in 7.52.1
Bugfixes:
CVE-2016-9594: unititialized random
lib557: fix checksrc warnings
lib: fix MSVC compiler warnings
lib557.c: use a shorter MAXIMIZE representation
tests: run checksrc on debug builds
Version 7.52.0 (20 Dec 2016)
Changes:
nss: map CURL_SSLVERSION_DEFAULT to NSS default
vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
curl: introduce the --tlsv1.3 option to force TLS 1.3
curl: Add --retry-connrefused
proxy: Support HTTPS proxy and SOCKS+HTTP(s)
add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
curl: add --fail-early
Bugfixes:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
msvc: removed a straggling reference to strequal.c
winbuild: remove strcase.obj from curl build
examples: bugfixed multi-uv.c
configure: verify that compiler groks -Werror=partial-availability
mbedtls: fix build with mbedtls versions < 2.4.0
dist: add unit test CMakeLists.txt to the tarball
curl -w: added more decimal digits to timing counters
easy: Initialize info variables on easy init and duphandle
cmake: disable poll for macOS
http2: Don't send header fields prohibited by HTTP/2 spec
ssh: check md5 fingerprints case insensitively (regression)
openssl: initial TLS 1.3 adaptions
curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
printf: fix ".*f" handling
examples/fileupload.c: fclose the file as well
SPNEGO: Fix memory leak when authentication fails
realloc: use Curl_saferealloc to avoid common mistakes
openssl: make sure to fail in the unlikely event that PRNG seeding fails
URL-parser: for file://[host]/ URLs, the [host] must be localhost
timeval: prefer time_t to hold seconds instead of long
Curl_rand: fixed and moved to rand.c
glob: fix [a-c] globbing regression
darwinssl: fix SSL client certificate not found on MacOS Sierra
curl.1: Clarify --dump-header only writes received headers
http2: Fix address sanitizer memcpy warning
http2: Use huge HTTP/2 windows
connects: Don't mix unix domain sockets with regular ones
url: Fix conn reuse for local ports and interfaces
x509: Limit ASN.1 structure sizes to 256K
checksrc: add more checks
winbuild: add config option ENABLE_NGHTTP2
http2: check nghttp2_session_set_local_window_size exists
http2: Fix crashes when parent stream gets aborted
CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
URL parser: reject non-numerical port numbers
CONNECT: reject TE or CL in 2xx responses
CONNECT: read responses one byte at a time
curl: support zero-length argument strings in config files
openssl: don't use OpenSSL's ERR_PACK
curl.1: generated with the new man page system
curl_easy_recv: Improve documentation and example program
Curl_getconnectinfo: avoid checking if the connection is closed
CIPHERS.md: attempt to document TLS cipher names
Curl and libcurl 7.51.0
Public curl releases: 160
Command line options: 185
curl_easy_setopt() options: 225
Public functions in libcurl: 61
Contributors: 1467
This release includes the following changes:
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
This release includes the following bugfixes:
o CVE-2016-8615: cookie injection for other servers [28]
o CVE-2016-8616: case insensitive password comparison [29]
o CVE-2016-8617: OOB write via unchecked multiplication [30]
o CVE-2016-8618: double-free in curl_maprintf [31]
o CVE-2016-8619: double-free in krb5 code [32]
o CVE-2016-8620: glob parser write/read out of bounds [33]
o CVE-2016-8621: curl_getdate read out of bounds [34]
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
o CVE-2016-8623: Use-after-free via shared cookies [36]
o CVE-2016-8624: invalid URL parsing with '#' [37]
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
o examples/imap-append: Set size of data to be uploaded [4]
o test2048: fix url
o darwinssl: disable RC4 cipher-suite support
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
o libressl: fix version output [6]
o easy: Reset all statistical session info in curl_easy_reset [7]
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
o dist: add CurlSymbolHiding.cmake to the tarball
o docs: Remove that --proto is just used for initial retrieval [9]
o configure: Fixed builds with libssh2 in a custom location
o curl.1: --trace supports % for sending to stderr!
o cookies: same domain handling changed to match browser behavior [11]
o formpost: trying to attach a directory no longer crashes [12]
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
o formpost: avoid silent snprintf() truncation
o ftp: fix Curl_ftpsendf
o mprintf: return error on too many arguments
o smb: properly check incoming packet boundaries [14]
o GIT-INFO: remove the Mac 10.1-specific details [15]
o resolve: add error message when resolving using SIGALRM [16]
o cmake: add nghttp2 support [17]
o dist: remove PDF and HTML converted docs from the releases [18]
o configure: disable poll() in macOS builds [19]
o vtls: only re-use session-ids using the same scheme
o pipelining: skip to-be-closed connections when pipelining [20]
o win: fix Universal Windows Platform build [21]
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
o maketgz: make it support "only" generating version info
o Curl_socket_check: add extra check to avoid integer overflow
o gopher: properly return error for poll failures
o curl: set INTERLEAVEDATA too
o polarssl: clear thread array at init
o polarssl: fix unaligned SSL session-id lock
o polarssl: reduce #ifdef madness with a macro
o curl_multi_add_handle: set timeouts in closure handles [23]
o configure: set min version flags for builds on mac [24]
o INSTALL: converted to markdown => INSTALL.md
o curl_multi_remove_handle: fix a double-free [25]
o multi: fix inifinte loop in curl_multi_cleanup() [26]
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
o mbedtls: stop using deprecated include file [40]
o docs: fix req->data in multi-uv example [41]
o configure: Fix test syntax for monotonic clock_gettime
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
Valentin David,
(40 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=964
[2] = https://curl.haxx.se/bug/?i=1013
[3] = https://curl.haxx.se/bug/?i=1019
[4] = https://curl.haxx.se/bug/?i=1011
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
[6] = https://curl.haxx.se/bug/?i=1029
[7] = https://curl.haxx.se/bug/?i=1017
[8] = https://curl.haxx.se/bug/?i=997
[9] = https://curl.haxx.se/bug/?i=1031
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
[11] = https://curl.haxx.se/bug/?i=1050
[12] = https://curl.haxx.se/bug/?i=1053
[13] = https://curl.haxx.se/bug/?i=1056
[14] = https://curl.haxx.se/bug/?i=1052
[15] = https://curl.haxx.se/bug/?i=1049
[16] = https://curl.haxx.se/bug/?i=1066
[17] = https://curl.haxx.se/bug/?i=922
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
[19] = https://curl.haxx.se/bug/?i=1057
[20] = https://curl.haxx.se/bug/?i=1075
[21] = https://curl.haxx.se/bug/?i=1048
[22] = https://curl.haxx.se/bug/?i=1042
[23] = https://curl.haxx.se/bug/?i=739
[24] = https://curl.haxx.se/bug/?i=1069
[25] = https://curl.haxx.se/bug/?i=1083
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
[27] = https://bugzilla.redhat.com/1388162
[28] = https://curl.haxx.se/docs/adv_20161102A.html
[29] = https://curl.haxx.se/docs/adv_20161102B.html
[30] = https://curl.haxx.se/docs/adv_20161102C.html
[31] = https://curl.haxx.se/docs/adv_20161102D.html
[32] = https://curl.haxx.se/docs/adv_20161102E.html
[33] = https://curl.haxx.se/docs/adv_20161102F.html
[34] = https://curl.haxx.se/docs/adv_20161102G.html
[35] = https://curl.haxx.se/docs/adv_20161102H.html
[36] = https://curl.haxx.se/docs/adv_20161102I.html
[37] = https://curl.haxx.se/docs/adv_20161102J.html
[38] = https://curl.haxx.se/docs/adv_20161102K.html
[39] = https://curl.haxx.se/bug/?i=1012
[40] = https://curl.haxx.se/bug/?i=1087
[41] = https://curl.haxx.se/bug/?i=1088
[42] = https://curl.haxx.se/bug/?i=1059
Curl and libcurl 7.50.3
This release includes the following bugfixes:
o CVE-2016-7167: escape and unescape integer overflows [8]
o mk-ca-bundle.pl: use SHA256 instead of SHA1
o checksrc: detect strtok() use
o errors: new alias CURLE_WEIRD_SERVER_REPLY [1]
o http2: support > 64bit sized uploads [2]
o openssl: fix bad memory free (regression) [3]
o CMake: hide private library symbols [4]
o http: refuse to pass on response body with NO_NODY was set [5]
o cmake: fix curl-config --static-libs [6]
o mbedtls: switch off NTLM in build if md4 isn't available [7]
o curl: --create-dirs on windows groks both forward and backward slashes [9]
Bugfixes:
---------
mbedtls: Added support for NTLM
SSH: fixed SFTP/SCP transfer problems
multi: make Curl_expire() work with 0 ms timeouts
mk-ca-bundle.pl: -m keeps ca cert meta data in output
TFTP: Fix upload problem with piped input
CURLOPT_TCP_NODELAY: now enabled by default
mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
http2: always wait for readable socket
cmake: Enable win32 large file support by default
cmake: Enable win32 threaded resolver by default
winbuild: Avoid setting redundant CFLAGS to compile commands
curl.h: make CURL_NO_OLDIES define CURL_STRICTER
docs: make more markdown files use .md extension
docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
winbuild: Allow changing C compiler via environment variable CC
rtsp: accept any RTSP session id
HTTP: retry failed HEAD requests on reused connections too
configure: add zlib search with pkg-config
openssl: accept subjectAltName iPAddress if no dNSName match
MANUAL: Remove invalid link to LDAP documentation
socks: improved connection procedure
proxy: reject attempts to use unsupported proxy schemes
proxy: bring back use of "Proxy-Connection:"
curl: allow "pkcs11:" prefix for client certificates
spnego_sspi: fix memory leak in case *outlen is zero
SOCKS: improve verbose output of SOCKS5 connection sequence
SOCKS: display the hostname returned by the SOCKS5 proxy server
http/sasl: Query authentication mechanism supported by SSPI before using
sasl: Don't use GSSAPI authentication when domain name not specified
win: Basic support for Universal Windows Platform apps
nss: fix incorrect use of a previously loaded certificate from file
nss: work around race condition in PK11_FindSlotByName()
ftp: fix wrong poll on the secondary socket
openssl: build warning-free with 1.1.0 (again)
HTTP: stop parsing headers when switching to unknown protocols
test219: Add http as a required feature
TLS: random file/egd doesn't have to match for conn reuse
schannel: Disable ALPN for Wine since it is causing problems
http2: make sure stream errors don't needlessly close the connection
http2: return CURLE_HTTP2_STREAM for unexpected stream close
darwinssl: --cainfo is intended for backward compatibility only
speed caps: not based on average speeds anymore
configure: make the cpp -P detection not clobber CPPFLAGS
http2: use named define instead of magic constant in read callback
http2: skip the content-length parsing, detect unknown size
http2: return EOF when done uploading without known size
darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
openssl: fix CURLINFO_SSL_VERIFYRESULT
Bugfixes:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
include the CURLINFO_HTTP_VERSION man page into the release tarball
include the http2-server.pl script in the release tarball
test558: fix test by stripping file paths from FD lines
spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
tests: Fix for http/2 feature
cmake: Fix for schannel support
curl.h: make public types void * again
win32: fix a potential memory leak in Curl_load_library
travis: fix OSX build by re-installing libtool
mbedtls: Fix debug function name
Fixed in 7.50.0 - July 21 2016
Changes:
http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
openssl: fix build with OPENSSL_NO_COMP
mbedtls: removed unused variables
cmake: Added missing mbedTLS support
URL parser: allow URLs to use one, two or three slashes
curl: fix -q [regression]
openssl: Use correct buffer sizes for error messages
curl: fix SIGSEGV while parsing URL with too many globs
schannel: add CURLOPT_CERTINFO support
vtls: fix ssl session cache race condition
http: Fix HTTP/2 connection reuse [regression]
checksrc: Add LoadLibrary to the banned functions list
schannel: Disable ALPN on Windows < 8.1
configure: occasional ignorance of --enable-symbol-hiding with GCC
http2: test17xx are the first real HTTP/2 tests
resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
curl_multi_socket_action.3: rewording
CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
cmake: Fix build with winldap
openssl: fix cert check with non-DNS name fields present
curl.1: mention the units for the progress meter
openssl: use more 'const' to fix build warnings with 1.1.0 branch
cmake: now using BUILD_TESTING=ON/OFF
vtls: Only call add/getsession if session id is enabled
headers: forward declare CURL, CURLM and CURLSH as structs
configure: improve detection of CA bundle path on FreeBSD
SFTP: set a generic error when no SFTP one exists
curl_global_init.3: expand on the SSL and WIN32 bits purpose
conn: don't free easy handle data in handler->disconnect
cookie.c: Fix misleading indentation
library: Fix memory leaks found during static analysis
CURLMOPT_SOCKETFUNCTION.3: fix typo
curl_global_init: moved the "IPv6 works" check here
connect: disable TFO on Linux when using SSL
vauth: Fixed memory leak due to function returning without free
winbuild: fix embedded manifest option
Bugfixes:
Windows: prevent DLL hijacking, CVE-2016-4802
dist: include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md
schannel: fix compile break with MSVC XP toolset
curlbuild.h.dist: check __LP64__ as well to fix MIPS build
dist: include curl_multi_socket_all.3
http2: use HTTP/2 in the HTTP/1.1-alike response
openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
CURLOPT_CONNECT_TO.3: user must not free the list prematurely
libcurl.m4: Avoid obsolete warning
winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
curl_multibyte: fix compiler error
openssl: cleanup must free compression methods (memory leak)
mbedtls: fix includes so snprintf() works
checksrc.pl: Added variants of strcat() & strncat() to banned function list
contributors.sh: better grep pattern and show GitHub username
ssh: fix build for libssh2 before 1.2.6
curl_share_setopt.3: Add min ver needed for ssl session lock
Fixed in 7.49.0 - May 18 2016
Changes:
schannel: Add ALPN support
SSH: support CURLINFO_FILETIME
SSH: new CURLOPT_QUOTE command "statvfs"
wolfssl: Add ALPN support
http2: added --http2-prior-knowledge
http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
libcurl: added CURLOPT_CONNECT_TO
curl: added --connect-to
libcurl: added CURLOPT_TCP_FASTOPEN
curl: added --tcp-fastopen
curl: remove support for --ftpport, -http-request and --socks
Bugfixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
checksrc.bat: Updated the help to be consistent with generate.bat
checksrc.bat: Added support for scanning the tests and examples
openssl: fix ERR_remove_thread_state() for boringssl/libressl
openssl: boringssl provides the same numbering as openssl
multi: fix "Operation timed out after" timer
url: don't use bad offset in tld_check_name to show error
sshserver.pl: use quotes for given options
Makefile.am: skip the scripts dir
curl: warn for --capath use if not supported by libcurl
http2: fix connection reuse
GSS: make Curl_gss_log_error more verbose
build-wolfssl: Allow a broader range of ciphers (Visual Studio)
wolfssl: Use ECC supported curves extension
openssl: Fix compilation warnings
Curl_add_buffer_send: avoid possible NULL dereference
SOCKS5_gssapi_negotiate: don't assume little-endian ints
strerror: don't bit shift a signed integer
url: Corrected get protocol family for FTP and LDAP
curl/mprintf.h: remove support for _MPRINTF_REPLACE
upload: missing rewind call could make libcurl hang
IMAP: check pointer before dereferencing it
build: Changed the Visual Studio projects warning level from 3 to 4
checksrc: now stricter, wider checks, code cleaned up
checksrc: added docs/CHECKSRC.md
curl_sasl: Fixed potential null pointer utilisation
krb5: Fixed missing client response when mutual authentication enabled
krb5: Only process challenge when present
krb5: Only generate a SPN when its not known
formdata: use appropriate fopen() macros
curl.1: -w filename_effective was introduced in 7.26.0
http2: make use of the nghttp2 error callback
http2: fix connection reuse when PING comes after last DATA
curl.1: change example for -F
HTTP2: Add a space character after the status code
curl.1: use example.com more
mbedtls.c: changed private prefix to mbed_
mbedtls: implement and provide *_data_pending() to avoid hang
mbedtls: fix MBEDTLS_DEBUG builds
ftp/imap/pop3/smtp: Allow the service name to be overridden
CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
build: include scripts/ in the dist
http2: Add handling stream level error
http2: Improve header parsing
makefile.vc6: use d suffix on debug object
configure: remove check for libresolve
scripts/make: use $(EXEEXT) for executables
checksrc: got rid of the whitelist files
sendf: added ability to call recv() before send() as workaround
NTLM: check for NULL pointer before dereferencing
openssl: builds with OpenSSL 1.1.0-pre5
configure: ac_cv_ -> curl_cv_ for all cached vars
winbuild: add mbedtls support
curl: make --ftp-create-dirs retry on failure
PolarSSL: implement public key pinning
multi: accidentally used resolved host name instead of proxy
CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
CONNECT_ONLY: don't close connection on GSS 401/407 reponses
opts: Fix some syntax errors in example code fragments
mbedtls: Fix session resume
test1139: verifies libcurl option man page presence
CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
curl: make --disable work as long form of -q
curl: use --telnet-option as documented
curl.1: document --ftp-ssl-reqd, --krb4 and --ntlm-wb
curl: -h output lacked --proxy-header and --ntlm-wb
curl -J: make it work even without http:// scheme on URL
lib: include curl_printf.h as one of the last headers
tests: handle path properly on Msys/Cygwin
curl.1: --mail-rcpt can be used multiple times
CURLOPT_ACCEPT_ENCODING.3: clarified
docs: fixed lots of broken man page references
tls: make setting pinnedkey option fail if not supported
test1140: run nroff-scan to verify man pages
http: make sure a blank header overrides accept_decoding
connections: do not reuse non-HTTP proxies on different ports
connect: fix invalid "Network is unreachable" errors
TLS: move the ALPN/NPN enable bits to the connection
TLS: SSL_peek is not a const operation
http2: Add space between colon and header value
darwinssl: fix certificate verification disable on OS X 10.8
mprintf: Fix processing of width and prec args
ftp wildcard: segfault due to init only in multi_perform
- CURLINFO_TLS_SSL_PTR.3: Warn about limitations
- Revert "sshserver: remove use of AuthorizedKeysFile2"
It seems we may have some autobuild problems after this commit went
in. Trying to see if a revert helps to get them back.
- maketgz: add -j to make dist
... makes it a lot faster
- libcurl-thread.3: minor nroff format fix
- CURLINFO_TLS_SSL_PTR.3: minor nroff format fix
- CODE_STYLE: indend example code
... to make it look nicer in markdown outputa
Bugfixes:
* getredirect.c: fix variable name
* tool_doswin: silence unused function warning
* cmake: fixed when OpenSSL enabled on Windows and schannel detected
* curl.1: Explain remote-name behavior if file already exists
* tool_operate: Don't sanitize --output path (Windows)
* URLs: change all http:// URLs to https:// in documentation & comments
* sasl_sspi: Fix memory leak in domain populate
* COPYING: clarify that Daniel is not the sole author
* examples/htmltitle: Use _stricmp on Windows
* examples/asiohiper: Avoid function name collision on Windows
* idn_win32: Better error checking
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
* curl save files: check for backslashes on cygwin
-----------------------
Curl and libcurl 7.47.0
Public curl releases: 151
Command line options: 179
curl_easy_setopt() options: 221
Public functions in libcurl: 61
Contributors: 1340
This release includes the following changes:
o version: Add flag CURL_VERSION_PSL for libpsl
o http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only [8]
o curl: use 2TLS by default
o curl --expect100-timeout: added [10]
o Add .dir-locals and set c-basic-offset to 2 (for emacs) [16]
This release includes the following bugfixes:
o curl: avoid local drive traversal when saving file on Windows [33]
o NTLM: do not resuse proxy connections without diff proxy credentials [34]
o tests: Disable the OAUTHBEARER tests when using a non-default port number [1]
o curl: remove keepalive #ifdef checks done on libcurl's behalf
o formdata: Check if length is too large for memory [2]
o lwip: Fix compatibility issues with later versions [3]
o openssl: BoringSSL doesn't have CONF_modules_free
o config-win32: Fix warning HAVE_WINSOCK2_H undefined
o build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS [4]
o http2: Fix hanging paused stream [5]
o scripts/Makefile: fix GNUism and survive no perl [6]
o openssl: adapt to 1.1.0+ name changes
o openssl: adapt to openssl >= 1.1.0 X509 opaque structs [7]
o HTTP2.md: spell fix and remove TODO now implemented
o setstropt: const-correctness [9]
o cyassl: fix compiler warning on type conversion
o gskit: Fix host subject altname verification [11]
o http2: Support trailer fields [12]
o wolfssl: handle builds without SSLv3 support
o cyassl: deal with lack of *get_peer_certificate [13]
o sockfilt: do not wait on unreliable file or pipe handle
o make: build zsh script even in an out-of-tree build
o test 1326: fix getting stuck on Windows
o test 87: fix file check on Windows
o configure: allow static builds on mingw [14]
o configure: detect IPv6 support on Windows [15]
o ConnectionExists: with *PIPEWAIT, wait for connections [17]
o Makefile.inc: s/curl_SOURCES/CURL_FILES [18]
o test 16: fixed for Windows
o test 252-255: use datacheck mode text for ASCII-mode LISTings
o tftpd server: add Windows support by writing files in binary mode
o ftplistparser: fix handling of file LISTings using Windows EOL
o tests first.c: fix calculation of sleep timeout on Windows
o tests (several): use datacheck mode text for ASCII-mode LISTings
o CURLOPT_RANGE.3: for HTTP servers, range support is optional
o test 1515: add MSYS support by passing a relative path
o curl_global_init.3: Add Windows-specific info for init via DLL [19]
o http2: Fix client write for trailers on stream close [20]
o mbedtls: Fix ALPN support
o connection reuse: IDN host names fixed [21]
o http2: Fix PUSH_PROMISE headers being treated as trailers [22]
o http2: handle the received SETTINGS frame [23]
o http2: Ensure that http2_handle_stream_close is called [24]
o mbedtls: implement CURLOPT_PINNEDPUBLICKEY
o runtests: Add mbedTLS to the SSL backends
o IDN host names: Remove the port number before converting to ACE [25]
o zsh.pl: fail if no curl is found
o scripts: fix zsh completion generation
o scripts: don't generate and install zsh completion when cross-compiling [26]
o lib: Prefix URLs with lower-case protocol names/schemes [27]
o ConnectionExists: only do pipelining/multiplexing when asked [28]
o configure: assume IPv6 works when cross-compiled [29]
o openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
o openssl: improved error detection/reporting
o ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again [30]
o mbedtls: Fix pinned key return value on fail [31]
o maketgz: generate date stamp with LC_TIME=C [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Anders Bakken, Christian Stewart, Dan Fandrich,
Daniel Schauenberg, Daniel Stenberg, Francisco Moraes, Gisle Vanem,
Isaac Boukris, Johannes Schindelin, John Kohl, Kamil Dudka, Marc Hoersken,
Michael Kaufmann, Mohammad AlSaleh, Patrick Monnerat, Ray Satiro, Steve Holme,
Tatsuhiro Tsujikawa, Thomas Glanzmann, Thomas Klausner,
(21 contributors)
Thanks! (and sorry if I forgot to mention someone)
Changes:
configure: build silently by default
cookies: Add support for Publix Suffix List with libpsl
vtls: added support for mbedTLS
Added CURLOPT_STREAM_DEPENDS
Added CURLOPT_STREAM_DEPENDS_E
Added CURLOPT_STREAM_WEIGHT
Added CURLFORM_CONTENTLEN
oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
Bugfixes:
des: Fix header conditional for Curl_des_set_odd_parity
ntlm: get rid of unconditional use of long long
CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
http2: Fix http2_recv to return -1 if recv returned -1
curl_global_init_mem: set function pointers before doing init
ntlm: error out without 64bit support as the code needs it
openssl: Fix set up of pkcs12 certificate verification chain
acinclude: remove PKGCONFIG override
test1531: case the size to fix the test on non-largefile builds
fread_func: move callback pointer from set to state struct
test1601: fix compilation with --enable-debug and --disable-crypto-auth
http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
curlbuild.h: Fix non-configure compiling to mips and sh4 targets
tool: Generate easysrc with last cache linked-list
cmake: Fix for add_subdirectory(curl) use-case
vtls: fix compiler warning for TLS backends without sha256
build: fix for MSDOS/djgpp
checksrc: add crude // detection
http2: on_frame_recv: trust the conn/data input
ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
polarssl/mbedtls: fix name space pollution
build: Fix mingw ssl gdi32 order
build: Fix support for PKG_CONFIG
MacOSX-Framework: sdk regex fix for sdk 10.10 and later
socks: Fix incorrect port numbers in failed connect messages
curl.1: -E: s/private certificate/client certificate
curl.h: s/HTTPPOST_/CURL_HTTPOST_
curl_formadd: support >2GB files on windows
http redirects: %-encode bytes outside of ascii range
rawstr: Speed up Curl_raw_toupper by 40%
curl_ntlm_core: fix 2 curl_off_t constant overflows.
getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
tftp tests: verify sent options too
imap: Don't call imap_atom() when no mailbox specified in LIST command
imap: Fixed double quote in LIST command when mailbox contains spaces
imap: Don't check for continuation when executing a CUSTOMREQUEST
acinclude: Remove check for 16-bit curl_off_t
BoringSSL: Work with stricter BIO_get_mem_data()
cmake: Add missing feature macros in config header
sasl_sspi: fixed unicode build for digest authentication
sasl_sspi: fix identity memory leak in digest authentication
unit1602: Fixed failure in torture test
unit1603: Added unit tests for hash functions
vtls/openssl: remove unused traces of yassl ifdefs
openssl: remove #ifdefs for < 0.9.7 support
typecheck-gcc.h: add some missing options
curl: mark two more options strings for --libcurl output
openssl: Free modules on cleanup
CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
getconnectinfo: Don't call recv(2) if socket == -1
http2: http_done: don't free already-freed push headers
zsh completion: Preserve single quotes in output
os400: Provide options for libssh2 use in compile scripts.
build: Fix theoretical infinite loops
pop3: Differentiate between success and continuation responses
examples: Fixed compilation warnings
schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
CURLOPT_HEADERFUNCTION.3: fix typo
curl: expanded the -XHEAD warning text
done: make sure the final progress update is made
build: Install zsh completion
RTSP: do not add if-modified-since without timecondition
curl: Fixed display of URL index in password prompt for --next
nonblock: fix setting non-blocking mode for Amiga
http2 push: add missing inits of new stream
http2: convert some verbose output into debug-only output
Curl_read_plain: clean up ifdefs that break statements
Fixed in 7.45.0 - October 7 2015
Changes:
added CURLOPT_DEFAULT_PROTOCOL
added new tool option --proto-default
getinfo: added CURLINFO_ACTIVESOCKET
turned CURLINFO_* option docs as stand-alone man pages
curl: point out unnecessary uses of -X in verbose mode
Bugfixes:
curl_global_init_mem.3: Stronger thread safety warning
buildconf.bat: Fixed issues when ran in directories with special chars
cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
generate.bat: Fixed issues when ran in directories with special chars
generate.bat: Only call buildconf.bat if it exists
generate.bat: Added support for generating only the prerequisite files
curl.1: Document weaknesses in SSLv2 and SSLv3
CURLOPT_HTTP_VERSION.3: connection re-use goes before version
docs: Update the redirect protocols disabled by default
inet_pton.c: Fix MSVC run-time check failure
CURLMOPT_PUSHFUNCTION.3: fix argument types
rtsp: support basic/digest authentication
rtsp: stop reading empty DESCRIBE responses
travis: Upgrading to container based build
travis.yml: Add OS X testbot
FTP: make state machine not get stuck in state
openssl: handle lack of server cert when strict checking disabled
configure: change functions to detect openssl (clones)
configure: detect latest boringssl
runtests: Allow for spaces in server-verify curl custom path
http2: on_frame_recv: get a proper 'conn' for the debug logging
ntlm: mark deliberate switch case fall-through
http2: remove dead code
curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
curl: point out the conflicting HTTP methods if used
cmake: added Windows SSL support
curl_easy_{escape,setopt}.3: fix example
curl_easy_escape.3: escape '\n'
libcurl.m4: Put braces around empty if body
buildconf.bat: Fixed double blank line in 'curl manual' warning output
sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
inet_pton.c: Fix MSVC run-time check failure
CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
http2: don't pass on Connection: headers
nss: do not directly access SSL_ImplementedCiphers
docs: numerous cleanups and spelling fixes
FTP: do_more: add check for wait_data_conn in upload case
parse_proxy: reject illegal port numbers
cmake: IPv6 : disable Unix header check on Windows platform
winbuild: run buildconf.bat if necessary
buildconf.bat: fix syntax error
curl_sspi: fix possibly undefined CRYPT_E_REVOKED
nss: prevent NSS from incorrectly re-using a session
libcurl-errors.3: add two missing error codes
openssl: fix build with < 0.9.8
openssl: refactor certificate parsing to use OpenSSL memory BIO
openldap: only part of LDAP query results received
ssl: add server cert's "sha256//" hash to verbose
NTLM: Reset auth-done when using a fresh connection
curl: generate easysrc only on --libcurl
tests: disable 1801 until fixed
CURLINFO_TLS_SESSION: always return backend info
gnutls: Support CURLOPT_KEYPASSWD
gnutls: Report actual GnuTLS error message for certificate errors
tests: disable 1510 due to CI-problems on github
cmake: Put "winsock2.h" before "windows.h" during configure checks
cmake: Ensure discovered include dirs are considered
configure: Add missing ')' for CURL_CHECK_OPTION_RT
build: fix failures with -Wcast-align and -Werror
FTP: fix uploading ASCII with unknown size
readwrite_data: set a max number of loops
http2: avoid superfluous Curl_expire() calls
http2: set TCP_NODELAY unconditionally
docs: fix unescaped '\n' in man pages
openssl: Fix algorithm init to make (gost) engines work
win32: make recent Borland compilers use long long
runtests: Fix pid check in checkdied
gopher: don't send NUL byte
tool_setopt: fix c_escape truncated octal
hiperfifo: fix the pointer passed to WRITEDATA
getinfo: Fix return code for unknown CURLINFO options
Curl and libcurl 7.44.0
Public curl releases: 148
Command line options: 176
curl_easy_setopt() options: 219
Public functions in libcurl: 58
Contributors: 1291
This release includes the following changes:
o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6]
o examples: added http2-serverpush.c [7]
o http2: added curl_pushheader_byname() and curl_pushheader_bynum()
o docs: added CODE_OF_CONDUCT.md [8]
o curl: Add --ssl-no-revoke to disable certificate revocation checks [5]
o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9]
o makefile: Added support for VC14
o build: Added Visual Studio 2015 (VC14) project files
o build: Added wolfSSL configurations to VC10+ project files [18]
This release includes the following bugfixes:
o FTP: fix HTTP CONNECT logic regression [1]
o openssl: Fix build with openssl < ~ 0.9.8f
o openssl: fix build with BoringSSL
o curl_easy_setopt.3: option order doesn't matter
o openssl: fix use of uninitialized buffer [2]
o RTSP: removed dead code
o Makefile.m32: add support for CURL_LDFLAG_EXTRAS
o curl: always provide negotiate/kerberos options
o cookie: Fix bug in export if any-domain cookie is present
o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
o INSTALL: Advise use of non-native SSL for Windows <= XP
o tool_help: fix --tlsv1 help text to use >= for TLSv1
o HTTP: POSTFIELDSIZE set after added to multi handle [3]
o SSL-PROBLEMS: mention WinSSL problems in WinXP
o setup-vms.h: Symbol case fixups
o SSL: Pinned public key hash support
o libtest: call PR_Cleanup() on exit if NSPR is used
o ntlm_wb: Fix theoretical memory leak
o runtests: Allow for spaces in curl custom path
o http2: add stream != NULL checks for reliability
o schannel: Replace deprecated GetVersion with VerifyVersionInfo
o http2: verify success of strchr() in http2_send()
o configure: add --disable-rt option
o openssl: work around MSVC warning
o HTTP: ignore "Content-Encoding: compress"
o configure: check if OpenSSL linking wants -ldl
o build-openssl.bat: Show syntax if required args are missing
o test1902: attempt to make the test more reliable
o libcurl-thread.3: Consolidate thread safety info
o maketgz: Fixed some VC makefiles missing from the release tarball
o libcurl-multi.3: mention curl_multi_wait [10]
o ABI doc: use secure URL
o http: move HTTP/2 cleanup code off http_disconnect() [11]
o libcurl-thread.3: Warn memory functions must be thread safe [12]
o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13]
o docs: formpost needs the full size at start of upload [14]
o curl_gssapi: remove 'const' to fix compiler warnings
o SSH: three state machine fixups [15]
o libcurl.3: fix a single typo [16]
o generate.bat: Only clean prerequisite files when in ALL mode
o curl_slist_append.3: add error checking to the example
o buildconf.bat: Added support for file clean-up via -clean
o generate.bat: Use buildconf.bat for prerequisite file clean-up
o NTLM: handle auth for only a single request [17]
o curl_multi_remove_handle.3: fix formatting [19]
o checksrc.bat: Fixed error when [directory] isn't a curl source directory
o checksrc.bat: Fixed error when missing *.c and *.h files
o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20]
o test46: update cookie expire time
o SFTP: fix range request off-by-one in size check [21]
o CMake: fix GSSAPI builds [22]
o build: refer to fixed libidn versions [4]
o http2: discard frames with no SessionHandle [23]
o curl_easy_recv.3: fix formatting
o libcurl-tutorial.3: fix formatting [24]
o curl_formget.3: correct return code [25]
Curl and libcurl 7.43.0
Public curl releases: 147
Command line options: 176
curl_easy_setopt() options: 219
Public functions in libcurl: 58
Contributors: 1291
This release includes the following changes:
o Added CURLOPT_PROXY_SERVICE_NAME[11]
o Added CURLOPT_SERVICE_NAME[12]
o New curl option: --proxy-service-name[13]
o Mew curl option: --service-name [14]
o New curl option: --data-raw [5]
o Added CURLOPT_PIPEWAIT [15]
o Added support for multiplexing transfers using HTTP/2, enable this
with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
o HTTP/2: requires nghttp2 1.0.0 or later
o scripts: add zsh.pl for generating zsh completion
o curl.h: add CURL_HTTP_VERSION_2
This release includes the following bugfixes:
o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
o CVE-2015-3237: SMB send off unrelated memory contents [31]
o nss: fix compilation failure with old versions of NSS [1]
o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
o Curl_ossl_init: load builtin modules [2]
o configure: follow-up fix for krb5-config [3]
o sasl_sspi: Populate domain from the realm in the challenge [4]
o netrc: support 'default' token
o README: convert to UTF-8
o cyassl: Implement public key pinning
o nss: implement public key pinning for NSS backend
o mingw build: add arch -m32/-m64 to LDFLAGS
o schannel: Fix out of bounds array [6]
o configure: remove autogenerated files by autoconf
o configure: remove --automake from libtoolize call
o acinclude.m4: fix shell test for default CA cert bundle/path
o schannel: fix regression in schannel_recv [7]
o openssl: skip trace outputs for ssl_ver == 0 [8]
o gnutls: properly retrieve certificate status
o netrc: Read in text mode when cygwin [9]
o winbuild: Document the option used to statically link the CRT [10]
o FTP: Make EPSV use the control IP address rather than the original host
o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
o conncache: keep bundles on host+port bases, not only host names
o runtests.pl: use 'h2c' now, no -14 anymore
o curlver: introducing new version number (checking) macros
o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
o CURLOPT_POSTFIELDS.3: correct variable names [18]
o curl_easy_unescape.3: update RFC reference [19]
o gnutls: don't fail on non-fatal alerts during handshake
o testcurl.pl: allow source to be in an arbitrary directory
o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
o parse_proxy: switch off tunneling if non-HTTP proxy [21]
o share_init: fix OOM crash
o perl: remove subdir, not touched in 9 years
o CURLOPT_COOKIELIST.3: Add example
o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
o FAQ: How do I port libcurl to my OS?
o openssl: Use TLS_client_method for OpenSSL 1.1.0+
o HTTP-NTLM: fail auth on connection close instead of looping [24]
o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
o curl_getdate.3: update RFC reference
o curl_multi_info_read.3: added example
o curl_multi_perform.3: added example
o curl_multi_timeout.3: added example
o cookie: Stop exporting any-domain cookies [26]
o openssl: remove dummy callback use from SSL_CTX_set_verify()
o openssl: remove SSL_get_session()-using code
o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
o openssl: removed error string #ifdef
o openssl: Fix verification of server-sent legacy intermediates [27]
o docs: man page indentation and syntax fixes
o docs: Spelling fixes
o fopen.c: fix a few compiler warnings
o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
o schannel: Add support for optional client certificates
o build: Properly detect OpenSSL 1.0.2 when using configure
o urldata: store POST size in state.infilesize too [29]
o security:choose_mech remove dead code
o rtsp_do: remove dead code
o docs: many HTTP URIs changed to HTTPS
o schannel: schannel_recv overhaul [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
Ville Skyttä, Yehezkel Horowitz,
(43 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
[2] = https://github.com/bagder/curl/pull/206
[3] = 5b66860652 (commitcomment-10473445)
[4] = https://github.com/bagder/curl/pull/141
[5] = https://github.com/bagder/curl/issues/198
[6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
[7] = https://github.com/bagder/curl/issues/244
[8] = https://github.com/bagder/curl/issues/219
[9] = https://github.com/bagder/curl/pull/258
[10] = https://github.com/bagder/curl/issues/254
[11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
[12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
[13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
[14] = http://curl.haxx.se/docs/manpage.html#--service-name
[15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
[16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
[17] = https://github.com/bagder/curl/issues/275
[18] = https://github.com/bagder/curl/issues/281
[19] = https://github.com/bagder/curl/issues/282
[20] = https://github.com/bagder/curl/issues/267
[21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
[22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
[23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
[24] = https://github.com/bagder/curl/issues/256
[25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
[26] = https://github.com/bagder/curl/issues/292
[27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
[28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
[29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
[30] = http://curl.haxx.se/docs/adv_20150617A.html
[31] = http://curl.haxx.se/docs/adv_20150617B.html
[32] = https://github.com/bagder/curl/issues/244
