Log message:
Curl and libcurl 7.55.1

This release includes the following bugfixes:
 o build: fix 'make install' with configure, install docs/libcurl/* too
 o make install: add 8 missing man pages to the installation
 o curl: do bounds check using a double comparison [1]
 o dist: Add dictserver.py/negtelnetserver.py to release [2]
 o digest_sspi: Don't reuse context if the user/passwd has changed [3]
 o gitignore: ignore top-level .vs folder [4]
 o build: check out *.sln files with Windows line endings [5]
 o travis: verify "make install" [6]
 o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7]
 o metalink: fix error: ‘*’ in boolean context, suggest \ 
‘&&’ instead
 o configure: use the threaded resolver backend by default if possible [8]
 o mkhelp.pl: allow executing this script directly [9]
 o maketgz: remove old *.dist files before making the tarball [10]
 o openssl: remove CONST_ASN1_BIT_STRING [11]
 o openssl: fix "error: this statement may fall through"
 o proxy: fix memory leak in case of invalid proxy server name [12]
 o curl/system.h: support more architectures (OpenRISC, ARC) [13]
 o docs: fix typos [14]
 o curl/system.h: add Oracle Solaris Studio [15]
 o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16]
 o docs: --connect-to clarified
 o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17]
 o travis: test cmake build on tarball too
 o redirect: make it handle absolute redirects to IDN names [18]
 o curl/system.h: fix for gcc on PowerPC [19]
 o curl --interface: fixed for IPV6 unique local addresses [20]
 o cmake: threads detection improvements [21]

Log message:
Updated curl to 7.55.0.

Curl and libcurl 7.55.0

 Public curl releases:         167
 Command line options:         210
 curl_easy_setopt() options:   247
 Public functions in libcurl:  61
 Contributors:                 1571

This release includes the following changes:

 o curl: allow --header and --proxy-header read from file [7]
 o getinfo: provide sizes as curl_off_t [6]
 o curl: prevent binary output spewed to terminal [16]
 o curl: added --request-target [22]
 o libcurl: added CURLOPT_REQUEST_TARGET [22]
 o curl: added --socks5-{basic,gssapi}: control socks5 auth [30]
 o libcurl: added CURLOPT_SOCKS5_AUTH [30]

This release includes the following bugfixes:

 o glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) [85]
 o tftp: reject file name lengths that don't fit (CVE-2017-1000100) [84]
 o file: output the correct buffer to the user (CVE-2017-1000099) [83]
 o includes: remove curl/curlbuild.h and curl/curlrules.h [1]
 o dist: make the hugehelp.c not get regenerated unnecessarily [2]
 o timers: store internal time stamps as time_t instead of doubles [3]
 o progress: let "current speed" be UL + DL speeds combined [4]
 o http-proxy: do the HTTP CONNECT process entirely non-blocking [5]
 o lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV [8]
 o fuzz: bring oss-fuzz initial code converted to C89 [10]
 o configure: disable nghttp2 too if HTTP has been disabled
 o mk-ca-bundle.pl: Check curl's exit code after certdata download [11]
 o test1148: verify the -# progressbar [12]
 o tests: stabilize test 2032 and 2033 [13]
 o HTTPS-Proxy: don't offer h2 for https proxy connections [14]
 o http-proxy: only attempt FTP over HTTP proxy [9]
 o curl-compilers.m4: enable vla warning for clang [15]
 o curl-compilers.m4: enable double-promotion warning [15]
 o curl-compilers.m4: enable missing-variable-declarations clang warning [15]
 o curl-compilers.m4: enable comma clang warning [15]
 o Makefile.m32: enable -W for MinGW32 build [15]
 o CURLOPT_PREQUOTE: not supported for SFTP [17]
 o http2: fix OOM crash
 o PIPELINING_SERVER_BL: cleanup the internal list use [18]
 o mkhelp.pl: fix script name in usage text
 o lib1521: add curl_easy_getinfo calls to the test set
 o travis: do the distcheck test build out-of-tree as well
 o if2ip: fix compiler warning in ISO C90 mode
 o lib: fix the djgpp build [19]
 o typecheck-gcc: add support for CURLINFO_OFF_T [20]
 o travis: enable typecheck-gcc warnings [21]
 o maketgz: switch to xz instead of lzma [23]
 o CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
 o curl-compilers.m4: fix unknown-warning-option on Apple clang [24]
 o winbuild: fix boringssl build [25]
 o curl/system.h: add check for XTENSA for 32bit gcc [26]
 o test1537: fixed memory leak on OOM
 o test1521: fix compiler warnings [27]
 o curl: fix memory leak on test 1147 OOM [28]
 o libtest/make: generate lib1521.c dynamically at build-time [29]
 o curl_strequal.3: fix typo in SYNOPSIS [31]
 o progress: prevent resetting t_starttransfer [32]
 o openssl: improve fallback seed of PRNG with a time based hash [33]
 o http2: improved PING frame handling [34]
 o test1450: add simple testing for DICT [35]
 o make: build the docs subdir only from within src [36]
 o cmake: Added compatibility options for older Windows versions [37]
 o gtls: fix build when sizeof(long) < sizeof(void *) [38]
 o url: make the original string get used on subsequent transfers [39]
 o timeval.c: Use long long constant type for timeval assignment [40]
 o tool_sleep: typecast to avoid macos compiler warning
 o travis.yml: use --enable-werror on debug builds [41]
 o test1451: add SMB support to the testbed [42]
 o configure: remove checks for 5 functions never used [43]
 o configure: try ldap/lber in reversed order first [44]
 o smb: fix build for djgpp/MSDOS [45]
 o travis: install nghttp2 on linux builds [46]
 o smb: add support for CURLOPT_FILETIME [47]
 o cmake: fix send/recv argument scanner for windows [48]
 o inet_pton: fix include on windows to get prototype [49]
 o select.h: avoid macro redefinition harder
 o cmake: if inet_pton is used, bump _WIN32_WINNT
 o asyn-thread.c: fix unused variable warnings on macOS
 o runtests: support "threaded-resolver" as a feature
 o test506: skip if threaded-resolver
 o cmake: remove spurious "-l" from linker flags [50]
 o cmake: add CURL_WERROR for enabling "warning as errors"
 o memdebug: don't setbuf() if the file open failed [51]
 o curl_easy_escape.3: mention the (lack of) encoding [52]
 o test1452: add telnet negotiation [53]
 o CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
 o cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC [54]
 o tests/valgrind.supp: supress OpenSSL false positive seen on travis [55]
 o curl_setup_once: Remove ERRNO/SET_ERRNO macros [56]
 o curl-compilers.m4: disable warning spam with Cygwin's clang [57]
 o ldap: fix MinGW compiler warning [58]
 o make: fix docs build on OpenBSD [59]
 o curl_setup: always define WIN32_LEAN_AND_MEAN on Windows [60]
 o system.h: include winsock2.h before windows.h
 o winbuild: build with warning level 4 [61]
 o rtspd: fix MSVC level 4 warning
 o sockfilt: suppress conversion warning with explicit cast
 o libtest: fix MSVC warning C4706
 o darwinssl: fix pinnedpubkey build error [62]
 o tests/server/resolve.c: fix deprecation warning [63]
 o nss: fix a possible use-after-free in SelectClientCert() [64]
 o checksrc: escape open brace in regex
 o multi: mention integer overflow risk if using > 500 million sockets [65]
 o darwinssl: fix --tlsv1.2 regression [66]
 o timeval: struct curltime is a struct timeval replacement [67]
 o curl_rtmp: fix a compiler warning [68]
 o include.d: clarify that it concerns the response headers [69]
 o cmake: support make uninstall [70]
 o include.d: clarify --include is only for response headers [71]
 o libcurl: Stop using error codes defined under CURL_NO_OLDIES [72]
 o http: fix response code parser to avoid integer overflow [73]
 o configure: fix the check for IdnToUnicode [74]
 o multi: fix request timer management [75]
 o curl_threads: fix MSVC compiler warning [76]
 o travis: build on osx with openssl
 o travis: build on osx with libressl
 o CURLOPT_NETRC.3: mention the file name on windows
 o cmake: set MSVC warning level to 4 [77]
 o netrc: skip lines starting with '#' [78]
 o darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
 o BUILD.WINDOWS: mention buildconf.bat for builds off git
 o darwinssl: silence compiler warnings [79]
 o travis: build on osx with darwinssl
 o FTP: skip unnecessary CWD when in nocwd mode [80]
 o gssapi: fix memory leak of output token in multi round context [81]
 o getparameter: avoid returning uninitialized 'usedarg' [82]
 o curl (debug build) easy_events: make event data static
 o curl: detect and bail out early on parameter integer overflows [86]
 o configure: fix recv/send/select detection on Android [87]

Log message:
On Darwin, do not add special compiler flags; fixes building on High Sierra

Log message:
Changes 7.54.1:
curl: show the libcurl release date in --version output

Bugfixes:
CVE-2017-9502: default protocol drive letter buffer overflow
openssl: fix memory leak in servercert
tests: remove the html and PDF versions from the tarball
mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
typecheck-gcc: handle function pointers properly
llist: no longer uses malloc
gnutls: removed some code when --disable-verbose is configured
lib: fix maybe-uninitialized warnings
multi: clarify condition in curl_multi_wait
schannel: Don't treat encrypted partial record as pending data
configure: fix the -ldl check for openssl, add -lpthread check
configure: accept -Og and -Ofast GCC flags
Makefile: avoid use of GNU-specific form of $<
if2ip: fix -Wcast-align warning
configure: stop prepending to LDFLAGS, CPPFLAGS
curl: set a 100K buffer size by default
typecheck-gcc: fix _curl_is_slist_info
nss: do not leak PKCS 11 slot while loading a key
nss: load libnssckbi.so if no other trust is specified
examples: ftpuploadfrommem.c
url: declare get_protocol_family() static
examples/cookie_interface.c: changed to example.com
test1443: test --remote-time
curl: use utimes instead of obsolescent utime when available
url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
curl_rtmp: fix missing-variable-declarations warnings
tests: fixed OOM handling of unit tests to abort test
curl_setup: Ensure no more than one IDN lib is enabled
tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
curl: non-boolean command line args reject --no- prefixes
telnet: Write full buffer instead of byte-by-byte
typecheck-gcc: add missing string options
typecheck-gcc: add support for CURLINFO_SOCKET
opt man pages: they all have examples now
curl_setup_once: use SEND_QUAL_ARG2 for swrite
test557: set a known good numeric locale
schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
tests/server: make string literals const
runtests: use -R for random order
unit1305: fix compiler warning
curl_slist_append.3: clarify a NULL input creates a new list
tests/server: run checksrc by default in debug-builds
tests: fix -Wcast-qual warnings
runtests.pl: simplify the datacheck read section
curl: remove --environment and tool_writeenv.c
buildconf: fix hang on IRIX
tftp: silence bad-function-cast warning
asyn-thread: fix unused macro warnings
tool_parsecfg: fix -Wcast-qual warning
sendrecv: fix MinGW-w64 warning
test537: use correct variable type
rand: treat fake entropy the same regardless of endianness
curl: generate the --help output
tests: removed redundant --trace-ascii arguments
multi: assign IDs to all timers and make each timer singleton
multi: use a fixed array of timers instead of malloc
mbedtls: Support server renegotiation request
pipeline: fix mistakenly trying to pipeline POSTs
lib510: don't write past the end of the buffer if it's too small
CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
SecureTransport/DarwinSSL: Implement public key pinning
curl.1: clarify --config
curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
darwinssl: Fix exception when processing a client-side certificate
curl.1: mention --oauth2-bearer's argument
mkhelp.pl: do not add current time into curl binary
asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input
ssh: fix memory leak in disconnect due to timeout
tests: stabilize test 1034
cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
assert: avoid, use DEBUGASSERT instead
LDAP: using ldap_bind_s on Windows with methods
redirect: store the "would redirect to" URL when max redirs is reached
winbuild: fix the nghttp2 build
examples: fix -Wimplicit-fallthrough warnings
time: fix type conversions and compiler warnings
mbedtls: fix variable shadow warning
test557: fix ubsan runtime error due to int left shift
transfer: init the infilesize from the postfields
docs: clarify NO_PROXY further
build-wolfssl: Sync config with wolfSSL 3.11
curl-compilers.m4: enable -Wshift-sign-overflow for clang
example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
lib574.c: use correct callback proto
lib583: fix compiler warning
curl-compilers.m4: fix compiler_num for clang
typecheck-gcc.h: separate getinfo slist checks from other pointers
typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
typecheck-gcc.h: check CURLINFO_CERTINFO
build: provide easy code coverage measuring
test1537: dedicated tests of the URL (un)escape API calls
curl_endian: remove unused functions
test1538: verify the libcurl strerror API calls
MD(4|5): silence cast-align clang warning
dedotdot: fixed output for ".." and "." only input
cyassl: define build macros before including ssl.h
updatemanpages.pl: error out on too old git version
curl_sasl: fix unused-variable warning
x509asn1: fix implicit-fallthrough warning with GCC 7
libtest: fix implicit-fallthrough warnings with GCC 7
BINDINGS: add Ring binding
curl_ntlm_core: pass unsigned char to toupper
test1262: verify ftp download with -z for "if older than this"
test1521: test all curl_easy_setopt options
typecheck-gcc: allow CURLOPT_STDERR to be NULL too
metalink: remove unused printf() argument
file: make speedcheck use current time for checks
configure: fix link with librtmp when specifying path
examples/multi-uv.c: fix deprecated symbol
cmake: Fix inconsistency regarding mbed TLS include directory
setopt: check CURLOPT_ADDRESS_SCOPE option range
gitignore: ignore all vim swap files
urlglob: fix division by zero
libressl: OCSP and intermediate certs workaround no longer needed

Log message:
Recursive revbump from boost update

Log message:
Add upstream bug report URL.

Log message:
Do not use GNU make syntax. Fix build with bmake

Log message:
Updated curl to 7.54.0.

Curl and libcurl 7.54.0

 Public curl releases:         165
 Command line options:         207
 curl_easy_setopt() options:   245
 Public functions in libcurl:  61
 Contributors:                 1538

This release includes the following changes:
 o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
 o Add --max-tls [19]
 o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
 o Add --suppress-connect-headers [24]

This release includes the following bugfixes:

 o CVE-2017-7468: switch off SSL session id when client cert is used [68]
 o cmake: Replace invalid UTF-8 byte sequence [1]
 o tests: use consistent environment variables for setting charset
 o proxy: fixed a memory leak on OOM
 o ftp: removed an erroneous free in an OOM path
 o docs: de-duplicate file lists in the Makefiles [2]
 o ftp: fixed a NULL pointer dereference on OOM
 o gopher: fixed detection of an error condition from Curl_urldecode
 o url: fix unix-socket support for proxy-disabled builds [3]
 o test1139: allow for the possibility that the man page is not rebuilt
 o cyassl: get library version string at runtime
 o digest_sspi: fix compilation warning
 o tests: enable HTTP/2 tests to run with non-default port numbers
 o warnless: suppress compiler warning
 o darwinssl: Warn that disabling host verify also disables SNI [4]
 o configure: fix for --enable-pthreads [5]
 o checksrc.bat: Ignore curl_config.h.in, curl_config.h
 o no-keepalive.d: fix typo [6]
 o configure: fix --with-zlib when a path is specified [7]
 o build: fix gcc7 implicit fallthrough warnings [8]
 o fix potential use of uninitialized variables [9]
 o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
 o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
 o CMake: Add DarwinSSL support [12]
 o CMake: Add mbedTLS support [13]
 o ares: return error at once if timed out before name resolve starts [14]
 o BINDINGS: added C++, perl, go and Scilab bindings
 o URL: return error on malformed URLs with junk after port number
 o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
 o http2: Fix assertion error on redirect with CL=0 [16]
 o updatemanpages.pl: Update man pages to use current date and versions [17]
 o --insecure: clarify that this option is for server connections [18]
 o mkhelp: simplified the gzip code
 o build: fixed making man page in out-of-tree tarball builds
 o tests: disabled 1903 due to flakiness
 o openssl: add two /* FALLTHROUGH */ to satisfy coverity
 o cmdline-opts: fixed a few typos
 o authneg: clear auth.multi flag at http_done [20]
 o curl_easy_reset: Also reset the authentication state [21]
 o proxy: skip SSL initialization for closed connections [22]
 o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
 o tool_writeout: fixed a buffer read overrun on --write-out
 o make: regenerate docs/curl.1 by running make in docs [25]
 o winbuild: add basic support for OpenSSL 1.1.x [26]
 o build: removed redundant DEPENDENCIES from makefiles
 o CURLINFO_LOCAL_PORT.3: added example
 o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
 o tests: strip more options from non-HTTP --libcurl tests
 o tests: fixed the documented test server port numbers
 o runtests.pl: fixed display of the Gopher IPv6 port number
 o multi: fix streamclose() crash in debug mode [28]
 o cmake: build manual pages [29]
 o cmake: add support for building HTML and PDF docs [30]
 o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
 o make: introduce 'test-nonflaky' target
 o CURLINFO_PRIMARY_IP.3: add example
 o tests/README: mention nroff for --manual tests [32]
 o mkhelp: disable compression if the perl gzip module is unavailable
 o openssl: fall back on SSL_ERROR_* string when no error detail [33]
 o asiohiper: make sure socket is open in event_cb [34]
 o tests/README: make "Run" section foolproof [35]
 o curl: check for end of input in writeout backslash handling
 o .gitattributes: turn off CRLF for *.am [36]
 o multi: fix MinGW-w64 compiler warnings
 o schannel: fix variable shadowing warning
 o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
 o http: Fix proxy connection reuse with basic-auth [38]
 o pause: handle mixed types of data when paused [39]
 o http: do not treat FTPS over CONNECT as HTTPS
 o conncache: make hashkey avoid malloc [40]
 o make: use the variable MAKE for recursive calls [41]
 o curl: fix callback argument inconsistency [42]
 o NTLM: check for features with #ifdef instead of #if [43]
 o cmake: add several missing files to the dist
 o select: use correct SIZEOF_ constant [44]
 o connect: fix unreferenced parameter warning
 o schannel: fix unused variable warning
 o gcc7: fix ‘*’ in boolean context [45]
 o http2: silence unused parameter warnings
 o ssh: fix narrowing conversion warning
 o telnet: (win32) fix read callback return variable [46]
 o docs: Explain --fail-early does not imply --fail [47]
 o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
 o tests/server/util: remove in6addr_any for recent MinGW [48]
 o multi: make curl_multi_wait avoid malloc in the typical case [49]
 o include: curl/system.h is a run-time version of curlbuild.h [50]
 o easy: silence compiler warning
 o llist: replace Curl_llist_alloc with Curl_llist_init [51]
 o hash: move key into hash struct to reduce mallocs [52]
 o url: don't free postponed data on connection reuse [53]
 o curl_sasl: declare mechtable static
 o curl: fix Windows Unicode build
 o multi: fix queueing of pending easy handles [54]
 o tool_operate: fix MinGW compiler warning [55]
 o low_speed_limit: improved function for longer time periods [56]
 o gtls: fix compiler warning
 o sspi: print out InitializeSecurityContext() error message [57]
 o schannel: fix compiler warnings [58]
 o vtls: fix unreferenced variable warnings
 o INSTALL.md: fix secure transport configure arguments
 o CURLINFO_SCHEME.3: fix variable type
 o libcurl-thread.3: also mention threaded-resolver [59]
 o nss: load CA certificates even with --insecure [60]
 o openssl: fix this statement may fall through [61]
 o poll: prefer <poll.h> over <sys/poll.h> [62]
 o polarssl: unbreak build with versions < 1.3.8 [63]
 o Curl_expire_latest: ignore already expired timers [64]
 o configure: turn implicit function declarations into errors [65]
 o mbedtls: fix memory leak in error path [66]
 o http2: fix handle leak in error path [67]
 o .gitattributes: force shell scripts to LF [69]
 o configure.ac: ignore CR after version numbers [70]
 o extern-scan.pl: strip trailing CR [71]
 o openssl: make SSL_ERROR_to_str more future-proof [72]
 o openssl: fix thread-safety bugs in error-handling [73]
 o openssl: don't try to print nonexistant peer private keys [74]
 o nss: fix MinGW compiler warnings [75]

Log message:
Updated curl to 7.53.1nb1.

Add upstream patch fixing CVE-2017-7407.

Log message:
Changes 7.53.1:
Bugfixes:
* cyassl: fix typo
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header