./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.42.1nb2, Package name: curl-7.42.1nb2, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Package options: gssapi, inet6, libidn

Master sites: (Expand)

SHA1: f65708915875b8cb35edb51d8dd31440dc02fbd3
RMD160: 76d5b23fae60356342e2bac2e4c706ed544d4adf
Filesize: 3249.32 KB

Version history: (Expand)

CVS history: (Expand)

   2015-07-01 01:00:21 by S.P.Zeidler | Files touched by this commit (7)
Log message:
rollback to previous version of curl. See
http://mail-index.netbsd.org/tech-pkg/2 … 15105.html
   2015-06-30 07:46:56 by S.P.Zeidler | Files touched by this commit (7) | Package updated
Log message:
update of curl to version 7.43.0. Upstream RELEASE_NOTES:

Curl and libcurl 7.43.0

 Public curl releases:         147
 Command line options:         176
 curl_easy_setopt() options:   219
 Public functions in libcurl:  58
 Contributors:                 1291

This release includes the following changes:

 o New curl option: --proxy-service-name[13]
 o Mew curl option: --service-name [14]
 o New curl option: --data-raw [5]
 o Added support for multiplexing transfers using HTTP/2, enable this
 o HTTP/2: requires nghttp2 1.0.0 or later
 o scripts: add zsh.pl for generating zsh completion
 o curl.h: add CURL_HTTP_VERSION_2

This release includes the following bugfixes:

 o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
 o CVE-2015-3237: SMB send off unrelated memory contents [31]
 o nss: fix compilation failure with old versions of NSS [1]
 o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
 o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
 o Curl_ossl_init: load builtin modules [2]
 o configure: follow-up fix for krb5-config [3]
 o sasl_sspi: Populate domain from the realm in the challenge [4]
 o netrc: support 'default' token
 o README: convert to UTF-8
 o cyassl: Implement public key pinning
 o nss: implement public key pinning for NSS backend
 o mingw build: add arch -m32/-m64 to LDFLAGS
 o schannel: Fix out of bounds array [6]
 o configure: remove autogenerated files by autoconf
 o configure: remove --automake from libtoolize call
 o acinclude.m4: fix shell test for default CA cert bundle/path
 o schannel: fix regression in schannel_recv [7]
 o openssl: skip trace outputs for ssl_ver == 0 [8]
 o gnutls: properly retrieve certificate status
 o netrc: Read in text mode when cygwin [9]
 o winbuild: Document the option used to statically link the CRT [10]
 o FTP: Make EPSV use the control IP address rather than the original host
 o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
 o conncache: keep bundles on host+port bases, not only host names
 o runtests.pl: use 'h2c' now, no -14 anymore
 o curlver: introducing new version number (checking) macros
 o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
 o CURLOPT_POSTFIELDS.3: correct variable names [18]
 o curl_easy_unescape.3: update RFC reference [19]
 o gnutls: don't fail on non-fatal alerts during handshake
 o testcurl.pl: allow source to be in an arbitrary directory
 o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
 o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
 o parse_proxy: switch off tunneling if non-HTTP proxy [21]
 o share_init: fix OOM crash
 o perl: remove subdir, not touched in 9 years
 o CURLOPT_COOKIELIST.3: Add example
 o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
 o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
 o FAQ: How do I port libcurl to my OS?
 o openssl: Use TLS_client_method for OpenSSL 1.1.0+
 o HTTP-NTLM: fail auth on connection close instead of looping [24]
 o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
 o curl_getdate.3: update RFC reference
 o curl_multi_info_read.3: added example
 o curl_multi_perform.3: added example
 o curl_multi_timeout.3: added example
 o cookie: Stop exporting any-domain cookies [26]
 o openssl: remove dummy callback use from SSL_CTX_set_verify()
 o openssl: remove SSL_get_session()-using code
 o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
 o openssl: removed error string #ifdef
 o openssl: Fix verification of server-sent legacy intermediates [27]
 o docs: man page indentation and syntax fixes
 o docs: Spelling fixes
 o fopen.c: fix a few compiler warnings
 o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
 o schannel: Add support for optional client certificates
 o build: Properly detect OpenSSL 1.0.2 when using configure
 o urldata: store POST size in state.infilesize too [29]
 o security:choose_mech remove dead code
 o rtsp_do: remove dead code
 o docs: many HTTP URIs changed to HTTPS
 o schannel: schannel_recv overhaul [32]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
  Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
  Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
  Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
  Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
  Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
  Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
  Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
  Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
  Ville Skyttä, Yehezkel Horowitz,
  (43 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
 [2] = https://github.com/bagder/curl/pull/206
 [3] = \ 
https://github.com/bagder/curl/commit/5 … t-10473445
 [4] = https://github.com/bagder/curl/pull/141
 [5] = https://github.com/bagder/curl/issues/198
 [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
 [7] = https://github.com/bagder/curl/issues/244
 [8] = https://github.com/bagder/curl/issues/219
 [9] = https://github.com/bagder/curl/pull/258
 [10] = https://github.com/bagder/curl/issues/254
 [11] = http://curl.haxx.se/libcurl/c/CURLOPT_P … _NAME.html
 [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
 [13] = http://curl.haxx.se/docs/manpage.html#- … rvice-name
 [14] = http://curl.haxx.se/docs/manpage.html#--service-name
 [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
 [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
 [17] = https://github.com/bagder/curl/issues/275
 [18] = https://github.com/bagder/curl/issues/281
 [19] = https://github.com/bagder/curl/issues/282
 [20] = https://github.com/bagder/curl/issues/267
 [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
 [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
 [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
 [24] = https://github.com/bagder/curl/issues/256
 [25] = https://github.com/bagder/curl/pull/258 … -107093055
 [26] = https://github.com/bagder/curl/issues/292
 [27] = \ 
https://rt.openssl.org/Ticket/Display.h … pass=guest
 [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
 [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
 [30] = http://curl.haxx.se/docs/adv_20150617A.html
 [31] = http://curl.haxx.se/docs/adv_20150617B.html
 [32] = https://github.com/bagder/curl/issues/244
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-03 14:00:06 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Add optional support for HTTP/2 via www/nghttp2. Patch nghttp2 support
until the curl interface is updated in 7.43. Bump PKGREVISION.
   2015-05-03 12:11:55 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 7.42.1:

Version 7.42.1 (28 Apr 2015)

Daniel Stenberg (28 Apr 2015)
- RELEASE-NOTES: 7.42.1 ready

- CURLOPT_HEADEROPT: default to separate

  Make the HTTP headers separated by default for improved security and
  reduced risk for information leakage.

  Bug: http://curl.haxx.se/docs/adv_20150429.html
  Reported-by: Yehezkel Horowitz, Oren Souroujon

- RELEASE-NOTES: synced with a6e0270e

- sws: init http2 state properly

  It would otherwise cause problems when running tests after 1801 etc.

- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION

  ... as it was previouly undocumented what the pointer was.

- openssl: fix serial number output

  The code extracting the cert serial number was broken and didn't display
  it properly.

  Bug: https://github.com/bagder/curl/issues/235
  Reported-by: dkjjr89

- [Alessandro Ghedini brought this change]

  curl.1: fix typo

- RELEASE-NOTES: toward 7.42.1, synced with 097460a

- [Kamil Dudka brought this change]

  curl -z: do not write empty file on unmet condition

  This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
  It also introduces a regression test 1424 based on tests 78 and 1423.

  Reported-by: Viktor Szakats
  Bug: https://github.com/bagder/curl/issues/237

- [Kamil Dudka brought this change]

  docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too

- connectionexists: follow-up to fd9d3a1ef1f

  PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not

  Mistake-caught-by: Kamil Dudka

- connectionexists: fix build without NTLM

  Do not access NTLM-specific struct fields when built without NTLM

  bug: http://curl.haxx.se/?i=231
  Reported-by: Patrick Rapin

- dist: include {src,lib}/checksrc.whitelist
   2015-04-22 16:35:21 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update to curl-7.42.0.

This release includes the following changes:

 o openssl: show the cipher selection to use in verbose text
 o gtls: implement CURLOPT_CERTINFO
 o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
 o curl: add --false-start option
 o curl: add --path-as-is option
 o curl: create output file on successful download of an empty file

This release includes the following bugfixes:

 o ConnectionExists: for NTLM re-use, require credentials to match
 o cookie: cookie parser out of boundary memory access
 o fix_hostname: zero length host name caused -1 index offset
 o http_done: close Negotiate connections when done
 o sws: timeout idle CONNECT connections
 o nss: improve error handling in Curl_nss_random()
 o nss: do not skip Curl_nss_seed() if data is NULL
 o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
 o http2: move lots of verbose output to be debug-only
 o dist: add extern-scan.pl to the tarball
 o http2: return recv error on unexpected EOF
 o build: Use default RandomizedBaseAddress directive in VC9+ project files
 o build: Removed DataExecutionPrevention directive from VC9+ project files
 o tool: Updated the warnf() function to use the GlobalConfig structure
 o http2: Return error if stream was closed with other than NO_ERROR
 o mprintf.h: remove #ifdef CURLDEBUG
 o libtest: fixed linker errors on msvc
 o curl.1: fix "The the" typo
 o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
 o openssl: remove all uses of USE_SSLEAY
 o multi: fix memory-leak on timeout (regression)
 o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
 o metalink: add some error checks
 o TLS: make it possible to enable ALPN/NPN without HTTP/2
 o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
 o conncontrol: only log changes to the connection bit
 o multi: fix *getsock() with CONNECT
 o symbols.pl: handle '-' in the deprecated field
 o MacOSX-Framework: use @rpath instead of @executable_path
 o GnuTLS: add support for CURLOPT_CAPATH
 o GnuTLS: print negotiated TLS version and full cipher suite name
 o GnuTLS: don't print double newline after certificate dates
 o memanalyze.pl: handle free(NULL)
 o proxy: re-use proxy connections (regression)
 o mk-ca-bundle: Don't report SHA1 numbers with "-q"
 o http: always send Host: header as first header
 o openssl: sort ciphers to use based on strength
 o openssl: use colons properly in the ciphers list
 o http2: detect premature close without data transfered
 o hostip: Fix signal race in Curl_resolv_timeout
 o closesocket: call multi socket cb on close even with custom close
 o mksymbolsmanpage.pl: use std header and generate better nroff header
 o connect: Fix happy eyeballs logic for IPv4-only builds
 o curl_easy_perform.3: remove superfluous close brace from example
 o HTTP: don't use Expect: headers when on HTTP/2
 o Curl_sh_entry: remove unused 'timestamp'
 o docs/libcurl: makefile portability fix
 o mkhelp: Remove trailing carriage return from every line of input
 o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
 o curl_easy_setopt.3: added a few missing options
 o metalink: fix resource leak in OOM
 o axtls: version 1.5.2 now requires that config.h be manually included
 o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
 o cyassl: detect the library as renamed wolfssl
 o openssl: try to avoid accessing OCSP structs when possible
 o test938: added missing closing tags
 o testcurl: Allow '=' in values given on command line
 o tests/certs: added make target to rebuild certificates
 o tests/certs: rebuild certificates with modified key usage bits
 o gtls: avoid uninitialized variable
 o gtls: dereferencing NULL pointer
 o gtls: add check of return code
 o test1513: eliminated race condition in test run
 o dict: rename byte to avoid compiler shadowed declaration warning
 o curl_easy_recv/send: make them work with the multi interface
 o vtls: fix compile with --disable-crypto-auth but with SSL
 o openssl: adapt to ASN1/X509 things gone opaque in 1.1
 o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
 o curl_memory: make curl_memory.h the second-last header file loaded
 o testcurl.pl: add the --notes option to supply more info about a build
 o cyassl: If wolfSSL then identify as such in version string
 o cyassl: Check for invalid length parameter in Curl_cyassl_random
 o cyassl: default to highest possible TLS version
 o Curl_ssl_md5sum: return CURLcode (fixes OOM)
 o polarssl: remove dead code
 o polarssl: called mbedTLS in 1.3.10 and later
 o globbing: fix step parsing for character globbing ranges
 o globbing: fix url number calculation when using range with step
 o multi: on a request completion, check all CONNECT_PEND transfers
 o build: link curl to openssl libraries when openssl support is enabled
 o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
 o vtls: Don't accept unknown CURLOPT_SSLVERSION values
 o build: Fix libcurl.sln erroneous mixed configurations
 o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
 o cyassl: add SSL context callback support for CyaSSL
 o tool: only set SSL options if SSL is enabled
 o multi: remove_handle: move pending connections
 o configure: Use KRB5CONFIG for krb5-config
 o axtls: add timeout within Curl_axtls_connect
 o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
 o cyassl: Fix library initialization return value
 o cookie: handle spaces after the name in Set-Cookie
 o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
 o cyassl: Fix certificate load check
 o build-openssl.bat: Fix mixed line endings
 o checksrc.bat: Check lib\vtls source
 o DNS: fix refreshing of obsolete dns cache entries
 o CURLOPT_RESOLVE: actually implement removals
 o checksrc.bat: quotes to support an SRC_DIR with spaces
 o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
 o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
 o lib/transfer.c: Remove factor of 8 from sleep time calculation
 o lib/makefile.m32: add missing libs to build libcurl.dll
 o build: Generate source prerequisites for Visual Studio in generate.bat
 o cyassl: Include the CyaSSL build config
 o firefox-db2pem: fix wildcard to find Firefox default profile
 o BUGS: refer to the github issue tracker now as primary
 o vtls_openssl: improve several certificate error messages
 o cyassl: Add support for TLS extension SNI
 o parsecfg: do not continue past a zero termination
 o configure --with-nss=PATH: query pkg-config if available
 o configure --with-nss: drop redundant if statement
 o cyassl: Fix include order
 o HTTP: fix PUT regression with Negotiate
 o curl_version_info.3: fixed the 'protocols' variable type
   2015-03-23 10:38:50 by Niclas Rosenvik | Files touched by this commit (1) | Package updated
Log message:
Revbump because of security/libssh2 update.
   2015-03-01 16:01:01 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 7.41.0:

Version 7.41.0 (25 Feb 2015)

Daniel Stenberg (25 Feb 2015)
- THANKS: added contributors from the 7.41.0 RELEASE-NOTES

- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)

Marc Hoersken (25 Feb 2015)
- Revert "telnet.c: fix handling of 0 being returned from custom read \ 

  This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.

- telnet.c: fix invalid use of custom read function if not being set

  obj_count can be 1 if the custom read function is set or the stdin
  handle is a reference to a pipe. Since the pipe should be handled
  using the PeekNamedPipe-check below, the custom read function should
  only be used if it is actually enabled.

- telnet.c: fix handling of 0 being returned from custom read function

  According to [1]: "Returning 0 will signal end-of-file to the library
  and cause it to stop the current transfer."
  This change makes the Windows telnet code handle this case accordingly.

   [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html

Daniel Stenberg (24 Feb 2015)
- sws: stop logging about TPC_NODELAY nonsense

- lib530: make it less timing sensible

  ... by making sure the first request is completed before doing the

Kamil Dudka (23 Feb 2015)
- connect: wait for IPv4 connection attempts

  ... even if the last IPv6 connection attempt has failed.

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4

- connect: avoid skipping an IPv4 address

  ... in case the protocol versions are mixed in a DNS response
  (IPv6 -> IPv4 -> IPv6).

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3

Daniel Stenberg (23 Feb 2015)
- RELEASE-NOTES: synced with 5e4395eab839d

- ROADMAP: curl_easy_setopt.3 has already been split up

  Remove cmake as marked for removal. It is in much better state now.

- ROADMAP: extend the HTTP/2 stuff, remove SPDY

- [Julian Ospald brought this change]

  configure: allow both --with-ca-bundle and --with-ca-path

  SSL_CTX_load_verify_locations by default (and if given non-Null
  parameters) searches the CAfile first and falls back to CApath.  This
  allows for CAfile to be a basis (e.g. installed by the package manager)
  and CApath to be a user configured directory.

  This wasn't reflected by the previous configure constraint which this
  patch fixes.

  Bug: https://github.com/bagder/curl/pull/139

- [Ben Boeckel brought this change]

  cmake: install the dll file to the correct directory

- [Alessandro Ghedini brought this change]

  nss: fix NPN/ALPN protocol negotiation

  Correctly check for memcmp() return value (it returns 0 if the strings match).

  This is not really important, since curl is going to use http/1.1 anyway, but
  it's still a bug I guess.

- [Alessandro Ghedini brought this change]

  polarssl: fix ALPN protocol negotiation

  Correctly check for strncmp() return value (it returns 0 if the strings

- [Sergei Nikulov brought this change]

  CMake: Fix generation of tool_hugehelp.c on windows

  Use "cmake -E echo" instead of "echo".

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Sergei Nikulov brought this change]

  CMake: fix winsock2 detection on windows

  Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
  the winsock2 API from windows.h.  Simplify the order of checks to
  avoid extra conditions.

  Use check_include_file instead of check_include_file_concat to look
  for OpenSSL headers.  They do not need to participate in a sequence
  of dependent system headers.  Also they may cause winsock.h to be
  included before ws2tcpip.h, causing the latter to not be detected
  in the sequence.

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Alessandro Ghedini brought this change]

  gtls: fix build with HTTP2

Steve Holme (16 Feb 2015)
- Makefile.vc6: Corrected typos in rename of darwinssl.obj

Nick Zitzmann (15 Feb 2015)
- By request, change the name of "curl_darwinssl.[ch]" to \ 

Steve Holme (14 Feb 2015)
- RELEASE-NOTES: Synced with 6f89f86c3d

- tests/README: Updated to reflect email test ranges

- [Alessandro Ghedini brought this change]

  curl.1: --cert-status is also supported by OpenSSL now

- build: Removed Visual Studio SuppressStartupBanner directive for VC8+

  Visual Studio 2005 and above defaults to disabling the startup banner
  for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
  is no need to explicitly set the SuppressStartupBanner directive, as
  this is a leftover from the VC7 and VC7.1 projects being upgraded to
  VC8 and above.

Kamil Dudka (12 Feb 2015)
- openssl: fix a compile-time warning

  lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive

Steve Holme (11 Feb 2015)
- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection

  For consistency with other conditionally compiled code in openssl.c,
  use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
  HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
  not included.

Patrick Monnerat (11 Feb 2015)
- ftp: accept all 2xx responses to the PORT command

Steve Holme (9 Feb 2015)
- openssl: Disable OCSP in old versions of OpenSSL

  Versions of OpenSSL prior to v0.9.8h do not support the necessary
  functions for OCSP stapling.

Daniel Stenberg (9 Feb 2015)
- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix bug that associated stream canceled on PUSH_PROMISE

  Previously we don't ignore PUSH_PROMISE header fields in on_header
  callback.  It makes header values mixed with following HEADERS,
  resulting protocol error.

- [Jay Satiro brought this change]

  polarssl: Fix exclusive SSL protocol version options

  Prior to this change the options for exclusive SSL protocol versions did
  not actually set the protocol exclusive.

  Reported-by: Dan Fandrich

- [Jay Satiro brought this change]

  gskit: Fix exclusive SSLv3 option

- curl.1: clarify that -X is used for all requests

  Reported-by: Jon Seymour

- curl.1: add warning when using -H and redirects

Steve Holme (7 Feb 2015)
- schannel: Removed curl_ prefix from source files

  Removed the curl_ prefix from the schannel source files as discussed
  with Marc and Daniel at FOSDEM.

Daniel Stenberg (6 Feb 2015)
- md5: use axTLS's own MD5 functions when available

- MD(4|5): make the MD4_* and MD5_* functions static

- axtls: fix conversion from size_t to int warning

Steve Holme (5 Feb 2015)
- ftp: Use 'CURLcode result' for curl result codes

Daniel Stenberg (5 Feb 2015)
- openssl: SSL_SESSION->ssl_version no longer exist

  The struct went private in 1.0.2 so we cannot read the version number
  from there anymore. Use SSL_version() instead!

  Reported-by: Gisle Vanem
  Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html

Dan Fandrich (4 Feb 2015)
- unit1600: Fix compilation when NTLM is disabled

Daniel Stenberg (4 Feb 2015)
- MD5: fix compiler warnings and code style nits

- MD5: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md5.c and md5.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md5

  Code-by: Alexander Peslyak

- MD4: fix compiler warnings and code style nits

- MD4: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md4.c and md4.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md4

  Code-by: Alexander Peslyak

Steve Holme (4 Feb 2015)
- telnet: Prefer 'CURLcode result' for curl result codes

- hostasyn: Prefer 'CURLcode result' for curl result codes

- schannel: Prefer 'CURLcode result' for curl result codes

Daniel Stenberg (3 Feb 2015)
- unit1601: MD5 unit tests

- unit1600: unit test for Curl_ntlm_core_mk_nt_hash

- unit1600: NTLM unit test

- tests/README: add a new range, clean up some language

- [Jay Satiro brought this change]

  opts: CURLOPT_CAINFO availability depends on SSL engine

- getpass: protect include with proper #ifdef

  Reported-by: Tamir

- getpass_r: read from stdin, not stdout!

  The file number used was wrong. This bug was introduced over 10 years
  ago, proving this function isn't used much...

  Bug: http://curl.haxx.se/bug/view.cgi?id=1476
  Reported-by: Tamir

- test1135: verify the CURL_EXTERN order in header files

- Makefile.am: fix 'make distcheck'

  ... by removing generated files from the *_DIST variable [*] and instead
  generate them with a .dist suffix, since that is then handled and put
  into the release archive by our generic dist-hook.

  [*] = 'make distcheck' fails with non-existing files listed there

Steve Holme (2 Feb 2015)
- curl_sasl.c: More code policing

  Better use of 80 character line limit, comment corrections and line
  spacing preferences.

Daniel Stenberg (2 Feb 2015)
- libcurl-symbols: first basic shot for autogenerated docs

- FAQ: minor edit of 3.22

Steve Holme (2 Feb 2015)
- build: Added removal of Visual Studio project files

  Added the removal of the locally generated project files so one
  may revert to a clean repository.

- build: Renamed top level Visual Studio solution files

  In preparation for adding the test suite and examples projects renamed
  the top level "all" solution files to better describe what they are.

  This will also enable us to use "curl" rather than \ 
"curlsrc" for the
  command line tool solution and project files, which will simplify some
  of the configuration.

- build: Enabled DEBUGBUILD in Visual Studio debug builds

  Defined the DEBUGBUILD pre-processor variable to allow extra logging,
  which is particularly useful in debug builds, as we use this and Visual
  Studio typically uses _DEBUG.

  We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
  defined but that would also affect the makefile based builds which we
  probably don't want to do.

- build: Removed unused Visual Studio bscmake settings

Daniel Stenberg (2 Feb 2015)

  And modify the text to refer to HTTP 2 as it isn't called "2.0".

  Reported-By: Michael Wallner

Marc Hoersken (31 Jan 2015)
- TODO: moved WinSSL/SChannel todo items into docs

Daniel Stenberg (29 Jan 2015)
- [Michael Kaufmann brought this change]

  CURLOPT_SEEKFUNCTION.3: also when server closes a connection

Steve Holme (29 Jan 2015)
- curl_sasl.c: Fixed compilation warning when cryptography is disabled

  curl_sasl.c:1506: warning: unused variable 'chlg'

- curl_sasl.c: Fixed compilation warning when verbose debug output disabled

  curl_sasl.c:1317: warning: unused parameter 'conn'

- ntlm_core: Use own odd parity function when crypto engine doesn't have one

- ntlm_core: Prefer sizeof(key) rather than hard coded sizes

- ntlm_core: Added consistent comments to DES functions

- des: Added Curl_des_set_odd_parity()

  Added Curl_des_set_odd_parity() for use when cryptography engines
  don't include this functionality.

- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests

- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests

- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests

- sasl: Minor code policing and grammar corrections

Daniel Stenberg (28 Jan 2015)
- [Gisle Vanem brought this change]

  ldap: build with BoringSSL

- security: avoid compiler warning

  Possible access to uninitialised memory '&nread' at line 140 of
  lib/security.c in function 'ftp_send_command'.

  Reported-by: Rich Burridge

- runtests: identify BoringSSL and libressl

Patrick Monnerat (27 Jan 2015)
- docs: cite SASL external authentication.

- sasl: remove XOAUTH2 from default enabled authentication mechanism.

- test: add test cases for sasl external authentication (imap/pop3/smtp).

- imap: remove automatic password setting: it breaks external sasl authentication

- sasl: implement EXTERNAL authentication mechanism.
    Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
  by not setting the password.

Steve Holme (27 Jan 2015)
- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE

  Modified the Curl_ossl_cert_status_request() function to return FALSE
  when built with BoringSSL or when OpenSSL is missing the necessary TLS

- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'

  Fixed the build of openssl.c when OpenSSL is built without the necessary
  TLS extensions for OCSP stapling.

  Reported-by: John E. Malmberg

- [Brad Spencer brought this change]

  curl_setup: Disable SMB/CIFS support when HTTP only

- RELEASE-NOTES: Synced with 37824498a3

Daniel Stenberg (22 Jan 2015)
- configure: remove detection of the old yassl emulation API

  ... as that is ancient history and not used.

- OCSP stapling: disabled when build with BoringSSL

- [Alessandro Ghedini brought this change]

  openssl: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066
  section 8.

  Thanks-to: Joe Mason
  - for the work-around for the OpenSSL bug.

- BoringSSL: fix build for non-configure builds

  HAVE_BORINGSSL gets defined now by configure and should be defined by
  other build systems in case a BoringSSL build is desired.

- configure: fix BoringSSL detection and detect libresssl

Steve Holme (22 Jan 2015)
- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions

  Commit 7a8b2885e2 made some functions static and removed the public
  Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
  is the naming convention we use in this source file.

- curl_sasl: Minor code policing following recent commits

Daniel Stenberg (22 Jan 2015)
- [John Malmberg brought this change]

  openvms: Handle openssl/0.8.9zb version parsing

  packages/vms/gnv_link_curl.com was assuming only a single letter suffix
  in the openssl version.  That assumption has been fixed for 7.40.

- BoringSSL: detected by configure, switches off NTLM

- BoringSSL: no PKCS12 support nor ERR_remove_state

- [Leith Bade brought this change]

  BoringSSL: fix build

Steve Holme (20 Jan 2015)
- curl_sasl.c: chlglen is not used when cryptography is disabled

- curl_sasl.c: Fixed compilation warning when cyptography is disabled

  curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local

- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined

  curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

  This error could also happen for non-SSPI builds when cryptography is
  disabled (CURL_DISABLE_CRYPTO_AUTH is defined).

Patrick Monnerat (20 Jan 2015)
- SASL: make some procedures local-scoped

- SASL: common state engine for imap/pop3/smtp

- SASL: common URL option and auth capabilities decoders for all protocols

- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.

Daniel Stenberg (20 Jan 2015)
- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6

  Reported-by: Chris Young

- [Chris Young brought this change]

  timeval: typecast for better type (on Amiga)

  There is an issue with conflicting "struct timeval" definitions with
  certain AmigaOS releases and C libraries, depending on what gets
  included when.  It's a minor difference - the OS one is unsigned,
  whereas the common structure has signed elements.  If the OS one ends up
  getting defined, this causes a timing calculation error in curl.

  It's easy enough to resolve this at the curl end, by casting the
  potentially errorneous calculation to a signed long.

- openssl: do public key pinning check independently

  ... of the other cert verification checks so that you can set verifyhost
  and verifypeer to FALSE and still check the public key.

  Bug: http://curl.haxx.se/bug/view.cgi?id=1471
  Reported-by: Kyle J. McKay

Patrick Monnerat (19 Jan 2015)

Steve Holme (18 Jan 2015)
- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP

  For consistency with other USE_WIN32_ defines as well as the
  USE_OPENLDAP define.

- http_negotiate: Use dynamic buffer for SPN generation

  Use a dynamicly allocated buffer for the temporary SPN variable similar
  to how the SASL GSS-API code does, rather than using a fixed buffer of
  2048 characters.

- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public

- sasl_gssapi: Fixed memory leak with local SPN variable

Daniel Stenberg (17 Jan 2015)
- http_negotiate.c: unused variable 'ret'

Steve Holme (17 Jan 2015)
- gskit.h: Code policing of function pointer arguments

- vtls: Removed unimplemented overrides of curlssl_close_all()

  Carrying on from commit 037cd0d991, removed the following unimplemented
  instances of curlssl_close_all():


- vtls: Separate the SSL backend definition from the API setup

  Slight code cleanup as the SSL backend #define is mixed up with the API
  function setup.

- vtls: Fixed compilation errors when SSL not used

  Fixed the following warning and error from commit 3af90a6e19 when SSL
  is not being used:

  url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
              assuming extern returning int

  error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
                 referenced in function Curl_setopt

- http_negotiate: Added empty decoded challenge message info text

- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int

- http_negotiate_sspi: Prefer use of 'attrs' for context attributes

  Use the same variable name as other areas of SSPI code.

- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()

  Use the SECURITY_STATUS typedef rather than a unsigned long for the
  QuerySecurityPackageInfo() return and rename the variable as per other
  areas of SSPI code.

- http_negotiate_sspi: Use 'CURLcode result' for CURL result code

- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)

  Missed Curl_read64_be() in commit bb12d44471 :(

Daniel Stenberg (16 Jan 2015)
- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0

- curlver.h: next release is 7.41.0 due to the changes

- RELEASE-NOTES: mention the new OCSP stapling options, bump version

- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile

- help: add --cert-status to --help output

- copyright years: after OCSP stapling changes

- [Alessandro Ghedini brought this change]

  curl: add --cert-status option

  This enables the CURLOPT_SSL_VERIFYSTATUS functionality.

- [Alessandro Ghedini brought this change]

  nss: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires NSS 3.15 or higher.

- [Alessandro Ghedini brought this change]

  gtls: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
  at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
  response verfication to fail even on valid responses.

- [Alessandro Ghedini brought this change]


  This option can be used to enable/disable certificate status verification using
  the "Certificate Status Request" TLS extension defined in RFC6066 \ 
section 8.

  This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
  certificate status verification fails, and the Curl_ssl_cert_status_request()
  function, used to check whether the SSL backend supports the status_request

- TheArtOfHttpScripting: skip the date at the top, we have git

- TheArtOfHttpScripting: phrase it TLS lib agnostic

Steve Holme (16 Jan 2015)
- TODO: Added some SMB ideas

- RELEASE-NOTES: Synced with 5f09947d28

- build-openssl.bat: Added check for Perl installation

- checksrc.bat: Better detection of Perl installation

- curl_endian: Fixed build when 64-bit integers are not supported

  Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
  Reported-by: John E. Malmberg

Daniel Stenberg (15 Jan 2015)
- [Yun SangHo brought this change]

  curl.h: remove extra space

- Curl_pretransfer: reset expected transfer sizes

  Reported-by: Mohammad AlSaleh
  Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html

Marc Hoersken (12 Jan 2015)
- curl_schannel.c: mark session as removed from cache if not freed

  If the session is still used by active SSL/TLS connections, it
  cannot be closed yet. Thus we mark the session as not being cached
  any longer so that the reference counting mechanism in
  Curl_schannel_shutdown is used to close and free the session.

  Reported-by: Jean-Francois Durand

Steve Holme (9 Jan 2015)
- RELEASE-NOTES: Synced with d21b66835f

Guenter Knauf (9 Jan 2015)
- Merge pull request #134 from vszakats/mingw-m64

  add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS

- Merge pull request #136 from vszakats/mingw-allow-custom-cflags

  mingw build: allow to pass custom CFLAGS

Daniel Stenberg (9 Jan 2015)
- NSS: fix compiler error when built http2-enabled

Steve Holme (9 Jan 2015)
- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions

  Better code reuse and consistency in calls to gss_import_name().

Viktor Szakats (9 Jan 2015)
- mingw build: allow to pass custom CFLAGS

Daniel Stenberg (8 Jan 2015)
- FTP: if EPSV fails on IPV6 connections, bail out

  ... instead of trying PASV, since PASV can't work with IPv6.

  Reported-by: Vojtěch Král

- FTP: fix IPv6 host using link-local address

  ... and make sure we can connect the data connection to a host name that
  is longer than 48 bytes.

  Also simplifies the code somewhat by re-using the original host name
  more, as it is likely still in the DNS cache.

  Original-Patch-by: Vojtěch Král
  Bug: http://curl.haxx.se/bug/view.cgi?id=1468

Steve Holme (8 Jan 2015)
- [Sam Schanken brought this change]

  winbuild: Added option to build with c-ares

  Added support for a WITH_CARES option to be used when invoking nmake
  via Makefile.vc. This option enables linking against both the DLL and
  static versions of the c-ares libraries, as well as the debug and
  release varients, depending on the value of DEBUG. The USE_ARES
  preprocessor symbol is also defined.

Guenter Knauf (8 Jan 2015)
- NetWare build: added TLS-SRP enabled build.

Steve Holme (8 Jan 2015)
- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API

  Bug: http://curl.haxx.se/bug/view.cgi?id=1469
  Reported-by: Thomas Klausner

Viktor Szakats (8 Jan 2015)
- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS

Daniel Stenberg (8 Jan 2015)
- bump: start working towards 7.40.1

- THANKS: 14 new contributors from the 7.40.0 release notes