./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.42.1, Package name: curl-7.42.1, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Package options: gssapi, inet6, libidn

Master sites: (Expand)

SHA1: f65708915875b8cb35edb51d8dd31440dc02fbd3
RMD160: 76d5b23fae60356342e2bac2e4c706ed544d4adf
Filesize: 3249.32 KB

Version history: (Expand)

CVS history: (Expand)

   2015-05-03 12:11:55 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 7.42.1:

Version 7.42.1 (28 Apr 2015)

Daniel Stenberg (28 Apr 2015)
- RELEASE-NOTES: 7.42.1 ready

- CURLOPT_HEADEROPT: default to separate

  Make the HTTP headers separated by default for improved security and
  reduced risk for information leakage.

  Bug: http://curl.haxx.se/docs/adv_20150429.html
  Reported-by: Yehezkel Horowitz, Oren Souroujon

- RELEASE-NOTES: synced with a6e0270e

- sws: init http2 state properly

  It would otherwise cause problems when running tests after 1801 etc.

- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION

  ... as it was previouly undocumented what the pointer was.

- openssl: fix serial number output

  The code extracting the cert serial number was broken and didn't display
  it properly.

  Bug: https://github.com/bagder/curl/issues/235
  Reported-by: dkjjr89

- [Alessandro Ghedini brought this change]

  curl.1: fix typo

- RELEASE-NOTES: toward 7.42.1, synced with 097460a

- [Kamil Dudka brought this change]

  curl -z: do not write empty file on unmet condition

  This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
  It also introduces a regression test 1424 based on tests 78 and 1423.

  Reported-by: Viktor Szakats
  Bug: https://github.com/bagder/curl/issues/237

- [Kamil Dudka brought this change]

  docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too

- connectionexists: follow-up to fd9d3a1ef1f

  PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not

  Mistake-caught-by: Kamil Dudka

- connectionexists: fix build without NTLM

  Do not access NTLM-specific struct fields when built without NTLM

  bug: http://curl.haxx.se/?i=231
  Reported-by: Patrick Rapin

- dist: include {src,lib}/checksrc.whitelist
   2015-04-22 16:35:21 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update to curl-7.42.0.

This release includes the following changes:

 o openssl: show the cipher selection to use in verbose text
 o gtls: implement CURLOPT_CERTINFO
 o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
 o curl: add --false-start option
 o curl: add --path-as-is option
 o curl: create output file on successful download of an empty file

This release includes the following bugfixes:

 o ConnectionExists: for NTLM re-use, require credentials to match
 o cookie: cookie parser out of boundary memory access
 o fix_hostname: zero length host name caused -1 index offset
 o http_done: close Negotiate connections when done
 o sws: timeout idle CONNECT connections
 o nss: improve error handling in Curl_nss_random()
 o nss: do not skip Curl_nss_seed() if data is NULL
 o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
 o http2: move lots of verbose output to be debug-only
 o dist: add extern-scan.pl to the tarball
 o http2: return recv error on unexpected EOF
 o build: Use default RandomizedBaseAddress directive in VC9+ project files
 o build: Removed DataExecutionPrevention directive from VC9+ project files
 o tool: Updated the warnf() function to use the GlobalConfig structure
 o http2: Return error if stream was closed with other than NO_ERROR
 o mprintf.h: remove #ifdef CURLDEBUG
 o libtest: fixed linker errors on msvc
 o curl.1: fix "The the" typo
 o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
 o openssl: remove all uses of USE_SSLEAY
 o multi: fix memory-leak on timeout (regression)
 o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
 o metalink: add some error checks
 o TLS: make it possible to enable ALPN/NPN without HTTP/2
 o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
 o conncontrol: only log changes to the connection bit
 o multi: fix *getsock() with CONNECT
 o symbols.pl: handle '-' in the deprecated field
 o MacOSX-Framework: use @rpath instead of @executable_path
 o GnuTLS: add support for CURLOPT_CAPATH
 o GnuTLS: print negotiated TLS version and full cipher suite name
 o GnuTLS: don't print double newline after certificate dates
 o memanalyze.pl: handle free(NULL)
 o proxy: re-use proxy connections (regression)
 o mk-ca-bundle: Don't report SHA1 numbers with "-q"
 o http: always send Host: header as first header
 o openssl: sort ciphers to use based on strength
 o openssl: use colons properly in the ciphers list
 o http2: detect premature close without data transfered
 o hostip: Fix signal race in Curl_resolv_timeout
 o closesocket: call multi socket cb on close even with custom close
 o mksymbolsmanpage.pl: use std header and generate better nroff header
 o connect: Fix happy eyeballs logic for IPv4-only builds
 o curl_easy_perform.3: remove superfluous close brace from example
 o HTTP: don't use Expect: headers when on HTTP/2
 o Curl_sh_entry: remove unused 'timestamp'
 o docs/libcurl: makefile portability fix
 o mkhelp: Remove trailing carriage return from every line of input
 o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
 o curl_easy_setopt.3: added a few missing options
 o metalink: fix resource leak in OOM
 o axtls: version 1.5.2 now requires that config.h be manually included
 o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
 o cyassl: detect the library as renamed wolfssl
 o openssl: try to avoid accessing OCSP structs when possible
 o test938: added missing closing tags
 o testcurl: Allow '=' in values given on command line
 o tests/certs: added make target to rebuild certificates
 o tests/certs: rebuild certificates with modified key usage bits
 o gtls: avoid uninitialized variable
 o gtls: dereferencing NULL pointer
 o gtls: add check of return code
 o test1513: eliminated race condition in test run
 o dict: rename byte to avoid compiler shadowed declaration warning
 o curl_easy_recv/send: make them work with the multi interface
 o vtls: fix compile with --disable-crypto-auth but with SSL
 o openssl: adapt to ASN1/X509 things gone opaque in 1.1
 o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
 o curl_memory: make curl_memory.h the second-last header file loaded
 o testcurl.pl: add the --notes option to supply more info about a build
 o cyassl: If wolfSSL then identify as such in version string
 o cyassl: Check for invalid length parameter in Curl_cyassl_random
 o cyassl: default to highest possible TLS version
 o Curl_ssl_md5sum: return CURLcode (fixes OOM)
 o polarssl: remove dead code
 o polarssl: called mbedTLS in 1.3.10 and later
 o globbing: fix step parsing for character globbing ranges
 o globbing: fix url number calculation when using range with step
 o multi: on a request completion, check all CONNECT_PEND transfers
 o build: link curl to openssl libraries when openssl support is enabled
 o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
 o vtls: Don't accept unknown CURLOPT_SSLVERSION values
 o build: Fix libcurl.sln erroneous mixed configurations
 o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
 o cyassl: add SSL context callback support for CyaSSL
 o tool: only set SSL options if SSL is enabled
 o multi: remove_handle: move pending connections
 o configure: Use KRB5CONFIG for krb5-config
 o axtls: add timeout within Curl_axtls_connect
 o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
 o cyassl: Fix library initialization return value
 o cookie: handle spaces after the name in Set-Cookie
 o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
 o cyassl: Fix certificate load check
 o build-openssl.bat: Fix mixed line endings
 o checksrc.bat: Check lib\vtls source
 o DNS: fix refreshing of obsolete dns cache entries
 o CURLOPT_RESOLVE: actually implement removals
 o checksrc.bat: quotes to support an SRC_DIR with spaces
 o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
 o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
 o lib/transfer.c: Remove factor of 8 from sleep time calculation
 o lib/makefile.m32: add missing libs to build libcurl.dll
 o build: Generate source prerequisites for Visual Studio in generate.bat
 o cyassl: Include the CyaSSL build config
 o firefox-db2pem: fix wildcard to find Firefox default profile
 o BUGS: refer to the github issue tracker now as primary
 o vtls_openssl: improve several certificate error messages
 o cyassl: Add support for TLS extension SNI
 o parsecfg: do not continue past a zero termination
 o configure --with-nss=PATH: query pkg-config if available
 o configure --with-nss: drop redundant if statement
 o cyassl: Fix include order
 o HTTP: fix PUT regression with Negotiate
 o curl_version_info.3: fixed the 'protocols' variable type
   2015-03-23 10:38:50 by Niclas Rosenvik | Files touched by this commit (1) | Package updated
Log message:
Revbump because of security/libssh2 update.
   2015-03-01 16:01:01 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 7.41.0:

Version 7.41.0 (25 Feb 2015)

Daniel Stenberg (25 Feb 2015)
- THANKS: added contributors from the 7.41.0 RELEASE-NOTES

- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)

Marc Hoersken (25 Feb 2015)
- Revert "telnet.c: fix handling of 0 being returned from custom read \ 

  This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.

- telnet.c: fix invalid use of custom read function if not being set

  obj_count can be 1 if the custom read function is set or the stdin
  handle is a reference to a pipe. Since the pipe should be handled
  using the PeekNamedPipe-check below, the custom read function should
  only be used if it is actually enabled.

- telnet.c: fix handling of 0 being returned from custom read function

  According to [1]: "Returning 0 will signal end-of-file to the library
  and cause it to stop the current transfer."
  This change makes the Windows telnet code handle this case accordingly.

   [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html

Daniel Stenberg (24 Feb 2015)
- sws: stop logging about TPC_NODELAY nonsense

- lib530: make it less timing sensible

  ... by making sure the first request is completed before doing the

Kamil Dudka (23 Feb 2015)
- connect: wait for IPv4 connection attempts

  ... even if the last IPv6 connection attempt has failed.

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4

- connect: avoid skipping an IPv4 address

  ... in case the protocol versions are mixed in a DNS response
  (IPv6 -> IPv4 -> IPv6).

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3

Daniel Stenberg (23 Feb 2015)
- RELEASE-NOTES: synced with 5e4395eab839d

- ROADMAP: curl_easy_setopt.3 has already been split up

  Remove cmake as marked for removal. It is in much better state now.

- ROADMAP: extend the HTTP/2 stuff, remove SPDY

- [Julian Ospald brought this change]

  configure: allow both --with-ca-bundle and --with-ca-path

  SSL_CTX_load_verify_locations by default (and if given non-Null
  parameters) searches the CAfile first and falls back to CApath.  This
  allows for CAfile to be a basis (e.g. installed by the package manager)
  and CApath to be a user configured directory.

  This wasn't reflected by the previous configure constraint which this
  patch fixes.

  Bug: https://github.com/bagder/curl/pull/139

- [Ben Boeckel brought this change]

  cmake: install the dll file to the correct directory

- [Alessandro Ghedini brought this change]

  nss: fix NPN/ALPN protocol negotiation

  Correctly check for memcmp() return value (it returns 0 if the strings match).

  This is not really important, since curl is going to use http/1.1 anyway, but
  it's still a bug I guess.

- [Alessandro Ghedini brought this change]

  polarssl: fix ALPN protocol negotiation

  Correctly check for strncmp() return value (it returns 0 if the strings

- [Sergei Nikulov brought this change]

  CMake: Fix generation of tool_hugehelp.c on windows

  Use "cmake -E echo" instead of "echo".

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Sergei Nikulov brought this change]

  CMake: fix winsock2 detection on windows

  Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
  the winsock2 API from windows.h.  Simplify the order of checks to
  avoid extra conditions.

  Use check_include_file instead of check_include_file_concat to look
  for OpenSSL headers.  They do not need to participate in a sequence
  of dependent system headers.  Also they may cause winsock.h to be
  included before ws2tcpip.h, causing the latter to not be detected
  in the sequence.

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Alessandro Ghedini brought this change]

  gtls: fix build with HTTP2

Steve Holme (16 Feb 2015)
- Makefile.vc6: Corrected typos in rename of darwinssl.obj

Nick Zitzmann (15 Feb 2015)
- By request, change the name of "curl_darwinssl.[ch]" to \ 

Steve Holme (14 Feb 2015)
- RELEASE-NOTES: Synced with 6f89f86c3d

- tests/README: Updated to reflect email test ranges

- [Alessandro Ghedini brought this change]

  curl.1: --cert-status is also supported by OpenSSL now

- build: Removed Visual Studio SuppressStartupBanner directive for VC8+

  Visual Studio 2005 and above defaults to disabling the startup banner
  for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
  is no need to explicitly set the SuppressStartupBanner directive, as
  this is a leftover from the VC7 and VC7.1 projects being upgraded to
  VC8 and above.

Kamil Dudka (12 Feb 2015)
- openssl: fix a compile-time warning

  lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive

Steve Holme (11 Feb 2015)
- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection

  For consistency with other conditionally compiled code in openssl.c,
  use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
  HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
  not included.

Patrick Monnerat (11 Feb 2015)
- ftp: accept all 2xx responses to the PORT command

Steve Holme (9 Feb 2015)
- openssl: Disable OCSP in old versions of OpenSSL

  Versions of OpenSSL prior to v0.9.8h do not support the necessary
  functions for OCSP stapling.

Daniel Stenberg (9 Feb 2015)
- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix bug that associated stream canceled on PUSH_PROMISE

  Previously we don't ignore PUSH_PROMISE header fields in on_header
  callback.  It makes header values mixed with following HEADERS,
  resulting protocol error.

- [Jay Satiro brought this change]

  polarssl: Fix exclusive SSL protocol version options

  Prior to this change the options for exclusive SSL protocol versions did
  not actually set the protocol exclusive.

  Reported-by: Dan Fandrich

- [Jay Satiro brought this change]

  gskit: Fix exclusive SSLv3 option

- curl.1: clarify that -X is used for all requests

  Reported-by: Jon Seymour

- curl.1: add warning when using -H and redirects

Steve Holme (7 Feb 2015)
- schannel: Removed curl_ prefix from source files

  Removed the curl_ prefix from the schannel source files as discussed
  with Marc and Daniel at FOSDEM.

Daniel Stenberg (6 Feb 2015)
- md5: use axTLS's own MD5 functions when available

- MD(4|5): make the MD4_* and MD5_* functions static

- axtls: fix conversion from size_t to int warning

Steve Holme (5 Feb 2015)
- ftp: Use 'CURLcode result' for curl result codes

Daniel Stenberg (5 Feb 2015)
- openssl: SSL_SESSION->ssl_version no longer exist

  The struct went private in 1.0.2 so we cannot read the version number
  from there anymore. Use SSL_version() instead!

  Reported-by: Gisle Vanem
  Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html

Dan Fandrich (4 Feb 2015)
- unit1600: Fix compilation when NTLM is disabled

Daniel Stenberg (4 Feb 2015)
- MD5: fix compiler warnings and code style nits

- MD5: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md5.c and md5.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md5

  Code-by: Alexander Peslyak

- MD4: fix compiler warnings and code style nits

- MD4: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md4.c and md4.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md4

  Code-by: Alexander Peslyak

Steve Holme (4 Feb 2015)
- telnet: Prefer 'CURLcode result' for curl result codes

- hostasyn: Prefer 'CURLcode result' for curl result codes

- schannel: Prefer 'CURLcode result' for curl result codes

Daniel Stenberg (3 Feb 2015)
- unit1601: MD5 unit tests

- unit1600: unit test for Curl_ntlm_core_mk_nt_hash

- unit1600: NTLM unit test

- tests/README: add a new range, clean up some language

- [Jay Satiro brought this change]

  opts: CURLOPT_CAINFO availability depends on SSL engine

- getpass: protect include with proper #ifdef

  Reported-by: Tamir

- getpass_r: read from stdin, not stdout!

  The file number used was wrong. This bug was introduced over 10 years
  ago, proving this function isn't used much...

  Bug: http://curl.haxx.se/bug/view.cgi?id=1476
  Reported-by: Tamir

- test1135: verify the CURL_EXTERN order in header files

- Makefile.am: fix 'make distcheck'

  ... by removing generated files from the *_DIST variable [*] and instead
  generate them with a .dist suffix, since that is then handled and put
  into the release archive by our generic dist-hook.

  [*] = 'make distcheck' fails with non-existing files listed there

Steve Holme (2 Feb 2015)
- curl_sasl.c: More code policing

  Better use of 80 character line limit, comment corrections and line
  spacing preferences.

Daniel Stenberg (2 Feb 2015)
- libcurl-symbols: first basic shot for autogenerated docs

- FAQ: minor edit of 3.22

Steve Holme (2 Feb 2015)
- build: Added removal of Visual Studio project files

  Added the removal of the locally generated project files so one
  may revert to a clean repository.

- build: Renamed top level Visual Studio solution files

  In preparation for adding the test suite and examples projects renamed
  the top level "all" solution files to better describe what they are.

  This will also enable us to use "curl" rather than \ 
"curlsrc" for the
  command line tool solution and project files, which will simplify some
  of the configuration.

- build: Enabled DEBUGBUILD in Visual Studio debug builds

  Defined the DEBUGBUILD pre-processor variable to allow extra logging,
  which is particularly useful in debug builds, as we use this and Visual
  Studio typically uses _DEBUG.

  We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
  defined but that would also affect the makefile based builds which we
  probably don't want to do.

- build: Removed unused Visual Studio bscmake settings

Daniel Stenberg (2 Feb 2015)

  And modify the text to refer to HTTP 2 as it isn't called "2.0".

  Reported-By: Michael Wallner

Marc Hoersken (31 Jan 2015)
- TODO: moved WinSSL/SChannel todo items into docs

Daniel Stenberg (29 Jan 2015)
- [Michael Kaufmann brought this change]

  CURLOPT_SEEKFUNCTION.3: also when server closes a connection

Steve Holme (29 Jan 2015)
- curl_sasl.c: Fixed compilation warning when cryptography is disabled

  curl_sasl.c:1506: warning: unused variable 'chlg'

- curl_sasl.c: Fixed compilation warning when verbose debug output disabled

  curl_sasl.c:1317: warning: unused parameter 'conn'

- ntlm_core: Use own odd parity function when crypto engine doesn't have one

- ntlm_core: Prefer sizeof(key) rather than hard coded sizes

- ntlm_core: Added consistent comments to DES functions

- des: Added Curl_des_set_odd_parity()

  Added Curl_des_set_odd_parity() for use when cryptography engines
  don't include this functionality.

- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests

- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests

- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests

- sasl: Minor code policing and grammar corrections

Daniel Stenberg (28 Jan 2015)
- [Gisle Vanem brought this change]

  ldap: build with BoringSSL

- security: avoid compiler warning

  Possible access to uninitialised memory '&nread' at line 140 of
  lib/security.c in function 'ftp_send_command'.

  Reported-by: Rich Burridge

- runtests: identify BoringSSL and libressl

Patrick Monnerat (27 Jan 2015)
- docs: cite SASL external authentication.

- sasl: remove XOAUTH2 from default enabled authentication mechanism.

- test: add test cases for sasl external authentication (imap/pop3/smtp).

- imap: remove automatic password setting: it breaks external sasl authentication

- sasl: implement EXTERNAL authentication mechanism.
    Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
  by not setting the password.

Steve Holme (27 Jan 2015)
- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE

  Modified the Curl_ossl_cert_status_request() function to return FALSE
  when built with BoringSSL or when OpenSSL is missing the necessary TLS

- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'

  Fixed the build of openssl.c when OpenSSL is built without the necessary
  TLS extensions for OCSP stapling.

  Reported-by: John E. Malmberg

- [Brad Spencer brought this change]

  curl_setup: Disable SMB/CIFS support when HTTP only

- RELEASE-NOTES: Synced with 37824498a3

Daniel Stenberg (22 Jan 2015)
- configure: remove detection of the old yassl emulation API

  ... as that is ancient history and not used.

- OCSP stapling: disabled when build with BoringSSL

- [Alessandro Ghedini brought this change]

  openssl: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066
  section 8.

  Thanks-to: Joe Mason
  - for the work-around for the OpenSSL bug.

- BoringSSL: fix build for non-configure builds

  HAVE_BORINGSSL gets defined now by configure and should be defined by
  other build systems in case a BoringSSL build is desired.

- configure: fix BoringSSL detection and detect libresssl

Steve Holme (22 Jan 2015)
- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions

  Commit 7a8b2885e2 made some functions static and removed the public
  Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
  is the naming convention we use in this source file.

- curl_sasl: Minor code policing following recent commits

Daniel Stenberg (22 Jan 2015)
- [John Malmberg brought this change]

  openvms: Handle openssl/0.8.9zb version parsing

  packages/vms/gnv_link_curl.com was assuming only a single letter suffix
  in the openssl version.  That assumption has been fixed for 7.40.

- BoringSSL: detected by configure, switches off NTLM

- BoringSSL: no PKCS12 support nor ERR_remove_state

- [Leith Bade brought this change]

  BoringSSL: fix build

Steve Holme (20 Jan 2015)
- curl_sasl.c: chlglen is not used when cryptography is disabled

- curl_sasl.c: Fixed compilation warning when cyptography is disabled

  curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local

- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined

  curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

  This error could also happen for non-SSPI builds when cryptography is
  disabled (CURL_DISABLE_CRYPTO_AUTH is defined).

Patrick Monnerat (20 Jan 2015)
- SASL: make some procedures local-scoped

- SASL: common state engine for imap/pop3/smtp

- SASL: common URL option and auth capabilities decoders for all protocols

- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.

Daniel Stenberg (20 Jan 2015)
- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6

  Reported-by: Chris Young

- [Chris Young brought this change]

  timeval: typecast for better type (on Amiga)

  There is an issue with conflicting "struct timeval" definitions with
  certain AmigaOS releases and C libraries, depending on what gets
  included when.  It's a minor difference - the OS one is unsigned,
  whereas the common structure has signed elements.  If the OS one ends up
  getting defined, this causes a timing calculation error in curl.

  It's easy enough to resolve this at the curl end, by casting the
  potentially errorneous calculation to a signed long.

- openssl: do public key pinning check independently

  ... of the other cert verification checks so that you can set verifyhost
  and verifypeer to FALSE and still check the public key.

  Bug: http://curl.haxx.se/bug/view.cgi?id=1471
  Reported-by: Kyle J. McKay

Patrick Monnerat (19 Jan 2015)

Steve Holme (18 Jan 2015)
- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP

  For consistency with other USE_WIN32_ defines as well as the
  USE_OPENLDAP define.

- http_negotiate: Use dynamic buffer for SPN generation

  Use a dynamicly allocated buffer for the temporary SPN variable similar
  to how the SASL GSS-API code does, rather than using a fixed buffer of
  2048 characters.

- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public

- sasl_gssapi: Fixed memory leak with local SPN variable

Daniel Stenberg (17 Jan 2015)
- http_negotiate.c: unused variable 'ret'

Steve Holme (17 Jan 2015)
- gskit.h: Code policing of function pointer arguments

- vtls: Removed unimplemented overrides of curlssl_close_all()

  Carrying on from commit 037cd0d991, removed the following unimplemented
  instances of curlssl_close_all():


- vtls: Separate the SSL backend definition from the API setup

  Slight code cleanup as the SSL backend #define is mixed up with the API
  function setup.

- vtls: Fixed compilation errors when SSL not used

  Fixed the following warning and error from commit 3af90a6e19 when SSL
  is not being used:

  url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
              assuming extern returning int

  error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
                 referenced in function Curl_setopt

- http_negotiate: Added empty decoded challenge message info text

- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int

- http_negotiate_sspi: Prefer use of 'attrs' for context attributes

  Use the same variable name as other areas of SSPI code.

- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()

  Use the SECURITY_STATUS typedef rather than a unsigned long for the
  QuerySecurityPackageInfo() return and rename the variable as per other
  areas of SSPI code.

- http_negotiate_sspi: Use 'CURLcode result' for CURL result code

- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)

  Missed Curl_read64_be() in commit bb12d44471 :(

Daniel Stenberg (16 Jan 2015)
- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0

- curlver.h: next release is 7.41.0 due to the changes

- RELEASE-NOTES: mention the new OCSP stapling options, bump version

- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile

- help: add --cert-status to --help output

- copyright years: after OCSP stapling changes

- [Alessandro Ghedini brought this change]

  curl: add --cert-status option

  This enables the CURLOPT_SSL_VERIFYSTATUS functionality.

- [Alessandro Ghedini brought this change]

  nss: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires NSS 3.15 or higher.

- [Alessandro Ghedini brought this change]

  gtls: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
  at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
  response verfication to fail even on valid responses.

- [Alessandro Ghedini brought this change]


  This option can be used to enable/disable certificate status verification using
  the "Certificate Status Request" TLS extension defined in RFC6066 \ 
section 8.

  This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
  certificate status verification fails, and the Curl_ssl_cert_status_request()
  function, used to check whether the SSL backend supports the status_request

- TheArtOfHttpScripting: skip the date at the top, we have git

- TheArtOfHttpScripting: phrase it TLS lib agnostic

Steve Holme (16 Jan 2015)
- TODO: Added some SMB ideas

- RELEASE-NOTES: Synced with 5f09947d28

- build-openssl.bat: Added check for Perl installation

- checksrc.bat: Better detection of Perl installation

- curl_endian: Fixed build when 64-bit integers are not supported

  Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
  Reported-by: John E. Malmberg

Daniel Stenberg (15 Jan 2015)
- [Yun SangHo brought this change]

  curl.h: remove extra space

- Curl_pretransfer: reset expected transfer sizes

  Reported-by: Mohammad AlSaleh
  Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html

Marc Hoersken (12 Jan 2015)
- curl_schannel.c: mark session as removed from cache if not freed

  If the session is still used by active SSL/TLS connections, it
  cannot be closed yet. Thus we mark the session as not being cached
  any longer so that the reference counting mechanism in
  Curl_schannel_shutdown is used to close and free the session.

  Reported-by: Jean-Francois Durand

Steve Holme (9 Jan 2015)
- RELEASE-NOTES: Synced with d21b66835f

Guenter Knauf (9 Jan 2015)
- Merge pull request #134 from vszakats/mingw-m64

  add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS

- Merge pull request #136 from vszakats/mingw-allow-custom-cflags

  mingw build: allow to pass custom CFLAGS

Daniel Stenberg (9 Jan 2015)
- NSS: fix compiler error when built http2-enabled

Steve Holme (9 Jan 2015)
- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions

  Better code reuse and consistency in calls to gss_import_name().

Viktor Szakats (9 Jan 2015)
- mingw build: allow to pass custom CFLAGS

Daniel Stenberg (8 Jan 2015)
- FTP: if EPSV fails on IPV6 connections, bail out

  ... instead of trying PASV, since PASV can't work with IPv6.

  Reported-by: Vojtěch Král

- FTP: fix IPv6 host using link-local address

  ... and make sure we can connect the data connection to a host name that
  is longer than 48 bytes.

  Also simplifies the code somewhat by re-using the original host name
  more, as it is likely still in the DNS cache.

  Original-Patch-by: Vojtěch Král
  Bug: http://curl.haxx.se/bug/view.cgi?id=1468

Steve Holme (8 Jan 2015)
- [Sam Schanken brought this change]

  winbuild: Added option to build with c-ares

  Added support for a WITH_CARES option to be used when invoking nmake
  via Makefile.vc. This option enables linking against both the DLL and
  static versions of the c-ares libraries, as well as the debug and
  release varients, depending on the value of DEBUG. The USE_ARES
  preprocessor symbol is also defined.

Guenter Knauf (8 Jan 2015)
- NetWare build: added TLS-SRP enabled build.

Steve Holme (8 Jan 2015)
- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API

  Bug: http://curl.haxx.se/bug/view.cgi?id=1469
  Reported-by: Thomas Klausner

Viktor Szakats (8 Jan 2015)
- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS

Daniel Stenberg (8 Jan 2015)
- bump: start working towards 7.40.1

- THANKS: 14 new contributors from the 7.40.0 release notes
   2015-01-08 20:23:53 by Thomas Klausner | Files touched by this commit (3)
Log message:
Fix build with GSSAPI on NetBSD. Enable gssapi again.
   2015-01-08 18:23:07 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Update to 7.40.0. Disable gssapi by default on NetBSD, since it doesn't
compile any longer, see


Curl and libcurl 7.40.0

 Public curl releases:         143
 Command line options:         162
 curl_easy_setopt() options:   208
 Public functions in libcurl:  58
 Contributors:                 1219

This release includes the following changes:

 o http_digest: Added support for Windows SSPI based authentication
 o version info: Added Kerberos V5 to the supported features
 o Makefile: Added VC targets for WinIDN
 o config-win32: Introduce build targets for VS2012+
 o SSL: Add PEM format support for public key pinning
 o smtp: Added support for the conversion of Unix newlines during mail send [8]
 o smb: Added initial support for the SMB/CIFS protocol
 o Added support for HTTP over unix domain sockets, via
   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
 o sasl: Added support for GSS-API based Kerberos V5 authentication

This release includes the following bugfixes:

 o darwinssl: fix session ID keys to only reuse identical sessions [18]
 o url-parsing: reject CRLFs within URLs [19]
 o OS400: Adjust specific support to last release
 o THANKS: Remove duplicate names
 o url.c: Fixed compilation warning
 o ssh: Fixed build on platforms where R_OK is not defined [1]
 o tool_strdup.c: include the tool strdup.h
 o build: Fixed Visual Studio project file generation of strdup.[c|h]
 o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
 o curl.1: show zone index use in a URL
 o mk-ca-bundle.vbs: switch to new certdata.txt url
 o Makefile.dist: Added some missing SSPI configurations
 o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
 o SSH: use the port number as well for known_known checks [3]
 o libssh2: detect features based on version, not configure checks
 o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
 o multi: removed Curl_multi_set_easy_connection
 o symbol-scan.pl: do not require autotools
 o cmake: build libhostname for test suite
 o cmake: fix HAVE_GETHOSTNAME definition
 o tests: fix libhostname visibility
 o tests: fix memleak in server/resolve.c
 o vtls.h: Fixed compiler warning when compiled without SSL
 o CMake: Restore order-dependent header checks
 o CMake: Restore order-dependent library checks
 o tool: Removed krb4 from the supported features
 o http2: Don't send Upgrade headers when we already do HTTP/2
 o examples: Don't call select() to sleep on windows [6]
 o win32: Updated some legacy APIs to use the newer extended versions [5]
 o easy.c: Fixed compilation warning when no verbose string support
 o connect.c: Fixed compilation warning when no verbose string support
 o build: in Makefile.m32 pass -F flag to windres
 o build: in Makefile.m32 add -m32 flag for 32bit
 o multi: when leaving for timeout, close accordingly
 o CMake: Simplify if() conditions on check result variables
 o build: in Makefile.m32 try to detect 64bit target
 o multi: inform about closed sockets before they are closed
 o multi-uv.c: close the file handle after download
 o examples: Wait recommended 100ms when no file descriptors are ready
 o ntlm: Split the SSPI based messaging code from the native messaging code
 o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
 o cmake: add Kerberos to the supported feature
 o http: Disable pipelining for HTTP/2 and upgraded connections
 o ntlm: Fixed static'ness of local decode function
 o sasl: Reduced the need for two sets of NTLM messaging functions
 o multi.c: Fixed compilation warnings when no verbose string support
 o select.c: fix compilation for VxWorks [7]
 o multi-single.c: switch to use curl_multi_wait
 o curl_multi_wait.3: clarify numfds being used if not NULL
 o http.c: Fixed compilation warnings from features being disabled
 o NSS: enable the CAPATH option [9]
 o docs: Fix FAILONERROR typos
 o HTTP: don't abort connections with pending Negotiate authentication
 o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
 o http_perhapsrewind: don't abort CONNECT requests
 o build: updated dependencies in makefiles
 o multi.c: Fixed compilation warning
 o ftp.c: Fixed compilation warnings when proxy support disabled
 o get_url_file_name: Fixed crash on OOM on debug build
 o cookie.c: Refactored cleanup code to simplify
 o OS400: enable NTLM authentication
 o ntlm: Use Windows Crypt API
 o http2: avoid logging neg "failure" if h2 was not requested
 o schannel_recv: return the correct code [10]
 o VC build: added sspi define for winssl-zlib builds
 o Curl_client_write(): chop long data, convert data only once
 o openldap: do not ignore Curl_client_write() return code
 o ldap: check Curl_client_write() return codes
 o parsedate.c: Fixed compilation warning
 o url.c: Fixed compilation warning when USE_NTLM is not defined
 o ntlm_wb_response: fix "statement not reached" [11]
 o telnet: fix "cast increases required alignment of target type"
 o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
 o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
 o ntlm: Disable NTLM v2 when 64-bit integers are not supported
 o ntlm: Use short integer when decoding 16-bit values
 o ftp.c: Fixed compilation warning when no verbose string support
 o synctime.c: fixed timeserver URLs
 o mk-ca-bundle.pl: restored forced run again
 o ntlm: Fixed return code for bad type-2 Target Info
 o curl_schannel.c: Data may be available before connection shutdown
 o curl_schannel: Improvements to memory re-allocation strategy [13]
 o darwinssl: aprintf() to allocate the session key
 o tool_util.c: Use GetTickCount64 if it is available
 o lib: Fixed multiple code analysis warnings if SAL are available
 o tool_binmode.c: Explicitly ignore the return code of setmode
 o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
 o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
 o SFTP: work-around servers that return zero size on STAT [14]
 o connect: singleipconnect(): properly try other address families after failure
 o IPV6: address scope != scope id [15]
 o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
 o secureserver.pl: make OpenSSL CApath and cert absolute path values
 o secureserver.pl: update Windows detection and fix path conversion
 o secureserver.pl: clean up formatting of config and fix verbose output
 o tests: Added Windows support using Cygwin-based OpenSSH
 o sockfilt.c: use non-Ex functions that are available before WinXP
 o VMS: Updates for 0740-0D1220
 o openssl: warn for SRP set if SSLv3 is used, not for TLS version
 o openssl: make it compile against openssl 1.1.0-DEV master branch
 o openssl: fix SSL/TLS versions in verbose output
 o curl: show size of inhibited data when using -v
 o build: Removed WIN32 definition from the Visual Studio projects
 o build: Removed WIN64 definition from the libcurl Visual Studio projects
 o vtls: Use bool for Curl_ssl_getsessionid() return type
 o sockfilt.c: Replace 100ms sleep with thread throttle
 o sockfilt.c: Reduce the number of individual memory allocations
 o vtls: Don't set cert info count until memory allocation is successful
 o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
 o nss: Don't ignore Curl_extract_certinfo() OOM failure
 o vtls: Fixed compilation warning and an ignored return code
 o sockfilt.c: Fixed compilation warnings
 o darwinssl: Fixed compilation warning
 o vtls: Use '(void) arg' for unused parameters
 o sepheaders.c: Fixed resource leak on failure
 o lib1900.c: Fixed cppcheck error [17]
 o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
 o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
   2014-11-07 15:10:16 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 7.39.0:
* SSLv3 is disabled by default
* CURLOPT_COOKIELIST: Added "RELOAD" command [5]
* build: Added WinIDN build configuration options to Visual Studio projects
* ssh: improve key file search
* SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
* vtls: remove QsoSSL support, use gskit!
* mk-ca-bundle: added SHA-384 signature algorithm
* docs: added many examples for libcurl opts and other doc improvements
* build: Added VC ssh2 target to main Makefile
* MinGW: Added support to build with nghttp2
* NetWare: Added support to build with nghttp2
* build: added Watcom support to build with WinSSL
* build: Added optional specific version generation of VC project files

* curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
* openssl: build fix for versions < 0.9.8e [1]
* newlines: fix mixed newlines to LF-only [2]
* ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
* sasl_sspi: Fixed Unicode build [4]
* file: reject paths using embedded %00
* threaded-resolver: revert Curl_expire_latest() switch [6]
* configure: allow --with-ca-path with PolarSSL too
* HTTP/2: Fix busy loop when EOF is encountered
* CURLOPT_CAPATH: return failure if set without backend support
* nss: do not fail if a CRL is already cached
* smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
* fixed 20+ nits/memory leaks identified by Coverity scans
* curl_schannel.c: Fixed possible memory or handle leak
* multi-uv.c: call curl_multi_info_read() better
* Cmake: Check for OpenSSL before OpenLDAP
* Cmake: Fix library list provided to cURL tests
* Cmake: Avoid cycle directory dependencies
* Cmake: Build with GSS-API libraries (MIT or Heimdal)
* vtls: provide backend defines for internal source code
* nss: fix a connection failure when FTPS handle is reused
* tests/http_pipe.py: Python 3 support
* cmake: build tool_hugehelp (ENABLE_MANUAL)
* cmake: enable IPv6 by default if available
* tests: move TESTCASES to Makefile.inc, add show for cmake
* ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
* ntlm: Fixed empty/bad base-64 decoded buffer return codes
* ntlm: Fixed empty type-2 decoded message info text
* cmake: add CMake/Macros.cmake to the release tarball
* cmake: use LIBCURL_VERSION from curlver.h
* cmake: generate pkg-config and curl-config
* fixed several superfluous variable assignements identified by cppcheck
* cleanup of 'CURLcode result' return code
* pipelining: only output "is not blacklisted" in debug builds
* SSL: Remove SSLv3 from SSL default due to POODLE attack
* gskit.c: remove SSLv3 from SSL default
* darwinssl: detect possible future removal of SSLv3 from the framework
* ntlm: Only define ntlm data structure when USE_NTLM is defined
* ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
* ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
* sspi: Only call CompleteAuthToken() when complete is needed
* http_negotiate: Fixed missing check for USE_SPNEGO
* HTTP: return larger than 3 digit response codes too [7]
* openssl: Check for NPN / ALPN via OpenSSL version number
* openssl: enable NPN separately from ALPN
* sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
* sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
* resume: consider a resume from [content-length] to be OK [8]
* sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
* build-openssl.bat: Fix x64 release build
* cmake: drop _BSD_SOURCE macro usage
* cmake: fix gethostby{addr,name}_r in CurlTests
* cmake: clean OtherTests, fixing -Werror
* cmake: fix struct sockaddr_storage check
* Curl_single_getsock: fix hold/pause sock handling
* SSL: PolarSSL default min SSL version TLS 1.0
* cmake: fix ZLIB_INCLUDE_DIRS use [10]
* buildconf: stop checking for libtool
   2014-10-09 16:07:17 by Thomas Klausner | Files touched by this commit (1163)
Log message:
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.