#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 22nd April 2015 === ==== Local Packages ==== * Updated `curl` to 7.42.0: * `openssl`: Show the cipher selection to use in verbose text * `gtls`: Implement `CURLOPT_CERTINFO` * Add `CURLOPT_SSL_FALSESTART` option (`darwinssl` and NSS) * `curl`: Add `--false-start` option * Add `CURLOPT_PATH_AS_IS` * `curl`: Add `--path-as-is` option * `curl`: Create output file on successful download of an empty file * `ConnectionExists`: For NTLM re-use, require credentials to match ([[CVE:2015-3143|CVE-2015-3143]]) * Cookie: Cookie parser out of boundary memory access ([[CVE:2015-3145|CVE-2015-3145]]) * `fix_hostname`: Zero length host name caused -1 index offset ([[CVE:2015-3144|CVE-2015-3144]]) * `http_done`: Close `Negotiate` connections when done ([[CVE:2015-3148|CVE-2015-3148]]) * `sws`: Timeout idle `CONNECT` connections * `nss`: Improve error handling in `Curl_nss_random()` * `nss`: Do not skip `Curl_nss_seed()` if data is `NULL` * `curl-config.in`: Eliminate double quotes around `CURL_CA_BUNDLE` * `http2`: Move lots of verbose output to be debug-only * `dist`: Add `extern-scan.pl` to the tarball * `http2`: Return `recv` error on unexpected EOF * Build: Use default `RandomizedBaseAddress` directive in VC9+ project files * Build: Removed `DataExecutionPrevention` directive from VC9+ project files * Tool: Updated the `warnf()` function to use the `GlobalConfig` structure * `http2`: Return error if stream was closed with other than `NO_ERROR` * `mprintf.h`: Remove `#ifdef CURLDEBUG` * `libtest`: Fixed linker errors on msvc * Tool: Use `ENABLE_CURLX_PRINTF` instead of `_MPRINTF_REPLACE` * `curl.1`: Fix "The the" typo * `cmake`: Handle build definitions `CURLDEBUG`/`DEBUGBUILD` * `openssl`: Remove all uses of `USE_SSLEAY` * `multi`: Fix memory-leak on timeout (regression) * `curl_easy_setopt.3`: Added `CURLOPT_SSL_VERIFYSTATUS` * `metalink`: Add some error checks * TLS: Make it possible to enable `ALPN`/`NPN` without `HTTP/2` * `http2`: Use `CURL_HTTP_VERSION_*` symbols instead of `NPN_*` * `conncontrol`: Only log changes to the connection bit * `multi`: Fix `*getsock()` with `CONNECT` * `symbols.pl`: Handle '`-`' in the deprecated field * MacOSX-Framework: Use `@rpath` instead of `@executable_path` * GnuTLS: Add support for `CURLOPT_CAPATH` * GnuTLS: Print negotiated TLS version and full cipher suite name * GnuTLS: Don't print double newline after certificate dates * `memanalyze.pl`: Handle `free(NULL)` * proxy: Re-use proxy connections (regression) * `mk-ca-bundle`: Don't report SHA1 numbers with "`-q`" * `http`: Always send `Host:` header as first header * `openssl`: Sort ciphers to use based on strength * `openssl`: Use colons properly in the ciphers list * `http2`: Detect premature close without data transferred * `hostip`: Fix signal race in `Curl_resolv_timeout` * `closesocket`: Call `multi` socket callback on `close` even with custom `close` * `mksymbolsmanpage.pl`: Use `std` header and generate better `nroff` header * `connect`: Fix happy eyeballs logic for IPv4-only builds * `curl_easy_perform.3`: Remove superfluous close brace from example * `HTTP`: Don't use `Expect:` headers when on `HTTP/2` * `Curl_sh_entry`: Remove unused '`timestamp`' * `docs/libcurl`: Makefile portability fix * `mkhelp`: Remove trailing carriage return from every line of input * `nss`: Explicitly tell NSS to disable `NPN`/`ALPN` when `libcurl` disables it * `curl_easy_setopt.3`: Added a few missing options * `metalink`: Fix resource leak in OOM * `axtls`: Version 1.5.2 now requires that `config.h` be manually included * `HTTP`: Don't switch to `HTTP/2` from 1.1 until we get the `101` * `cyassl`: Detect the library as renamed `wolfssl` * `CURLOPT_HTTPHEADER.3`: Add a "`SECURITY CONCERNS`" section * `CURLOPT_URL.3`: Added "`SECURITY CONCERNS`" * `openssl`: Try to avoid accessing OCSP structs when possible * `test938`: Added missing closing tags * `testcurl`: Allow '`=`' in values given on command line * `tests/certs`: Added `make` target to rebuild certificates * `tests/certs`: Rebuild certificates with modified key usage bits * `gtls`: Avoid uninitialized variable * `gtls`: Dereferencing `NULL` pointer * `gtls`: Add check of return code * `test1513`: Eliminated race condition in test run * `dict`: Rename byte to avoid compiler shadowed declaration warning * `curl_easy_recv`/`send`: Make them work with the `multi` interface * `vtls`: Fix compile with `--disable-crypto-auth` but with SSL * `openssl`: Adapt to `ASN1`/`X509` things gone opaque in 1.1 * `openssl`: `verifystatus`: Only use the OCSP work-around ≤ 1.0.2a * `curl_memory`: Make `curl_memory.h` the second-last header file loaded * `testcurl.pl`: Add the `--notes` option to supply more info about a build * `cyassl`: If `wolfSSL` then identify as such in version string * `cyassl`: Check for invalid length parameter in `Curl_cyassl_random` * `cyassl`: Default to highest possible TLS version * `Curl_ssl_md5sum`: Return `CURLcode` (fixes OOM) * `polarssl`: Remove dead code * `polarssl`: Called `mbedTLS` in 1.3.10 and later * Globbing: Fix step parsing for character globbing ranges * Globbing: Fix URL number calculation when using range with step * `multi`: On a request completion, check all `CONNECT_PEND` transfers * Build: Link `curl` to `openssl` libraries when `openssl` support is enabled * `url`: Don't accept `CURLOPT_SSLVERSION` unless `USE_SSL` is defined * `vtls`: Don't accept unknown `CURLOPT_SSLVERSION` values * Build: Fix `libcurl.sln` erroneous mixed configurations * `cyassl`: Remove undefined reference to `CyaSSL_no_filesystem_verify` * `cyassl`: Add SSL context callback support for `CyaSSL` * Tool: Only set SSL options if SSL is enabled * `multi`: `Remove_handle`: move pending connections * `configure`: Use `KRB5CONFIG` for `krb5-config` * `axtls`: Add timeout within `Curl_axtls_connect` * `CURLOPT_HTTP200ALIASES.3`: Mainly `SHOUTcast` servers use "`ICY 200`" * `cyassl`: Fix library initialization return value * Cookie: Handle spaces after the name in `Set-Cookie` * `http2`: Fix missing `nghttp2_session_send` call in `Curl_http2_switched` * `cyassl`: Fix certificate load check * `build-openssl.bat`: Fix mixed line endings * `checksrc.bat`: Check `lib\vtls` source * DNS: Fix refreshing of obsolete dns cache entries * `CURLOPT_RESOLVE`: Actually implement removals * `checksrc.bat`: Quotes to support a `SRC_DIR` with spaces * `cyassl`: Remove '`Connecting to`' message from `cyassl_connect_step2` * `cyassl`: Use `CYASSL_MAX_ERROR_SZ` for error buffer size * `lib/transfer.c`: Remove factor of 8 from `sleep` time calculation * `lib/makefile.m32`: Add missing libs to build `libcurl.dll` * Build: Generate source prerequisites for Visual Studio in `generate.bat` * `cyassl`: Include the CyaSSL build config * `firefox-db2pem`: Fix wildcard to find Firefox default profile * `BUGS`: Refer to the github issue tracker now as primary * `vtls_openssl`: Improve several certificate error messages * `cyassl`: Add support for TLS extension `SNI` * `parsecfg`: Do not continue past a zero termination * `configure --with-nss=PATH`: Query `pkg-config` if available * `configure --with-nss`: Drop redundant `if` statement * `cyassl`: Fix include order * HTTP: Fix `PUT` regression with `Negotiate` * `curl_version_info.3`: Fixed the '`protocols`' variable type * Updated `perl-File-ShareDir-ProjectDistDir` to 1.000007: * Add a deterrent notice ----