Changes:
* Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
* Add --max-tls
* Add CURLOPT_SUPPRESS_CONNECT_HEADERS
* Add --suppress-connect-headers
Bugfixes:
* CVE-2017-7468: switch off SSL session id when client cert is used
* tests: use consistent environment variables for setting charset
* proxy: fixed a memory leak on OOM
* ftp: removed an erroneous free in an OOM path
* ftp: fixed a NULL pointer dereference on OOM
* gopher: fixed detection of an error condition from Curl_urldecode
* url: fix unix-socket support for proxy-disabled builds
* fix potential use of uninitialized variables
* ares: return error at once if timed out before name resolve starts
* URL: return error on malformed URLs with junk after port number
* http2: Fix assertion error on redirect with CL=0
* --insecure: clarify that this option is for server connections
* authneg: clear auth.multi flag at http_done
* curl_easy_reset: Also reset the authentication state
* proxy: skip SSL initialization for closed connections
* http_proxy: ignore TE and CL in CONNECT 2xx responses
* multi: fix streamclose() crash in debug mode
* openssl: fall back on SSL_ERROR_* string when no error detail
* asiohiper: make sure socket is open in event_cb
* curl: check for end of input in writeout backslash handling
* openssl: exclude DSA code when OPENSSL_NO_DSA is defined
* http: Fix proxy connection reuse with basic-auth
* pause: handle mixed types of data when paused
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=188
- Update to 7.53.1
Bugfixes:
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
- Update to 7.53.0
Changes:
* unix_socket: added --abstract-unix-socket and
CURLOPT_ABSTRACT_UNIX_SOCKET
* CURLOPT_BUFFERSIZE: support enlarging receive buffer
Bugfixes:
* CVE-2017-2629: make SSL_VERIFYSTATUS work again
* gnutls-random: check return code for failed random
* openssl-random: check return code when asking for random
* http: remove "Curl_http_done: called premature" message
* cyassl: use time_t instead of long for timeout
* build-wolfssl: Sync config with wolfSSL 3.10
* ftp-gss: check for init before use
* configure: accept --with-libidn2 instead
* ftp: failure to resolve proxy should return that error code
* curl.1: add three more exit codes
* docs/ciphers: link to our own new page about ciphers
* vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
* darwinssl: fix iOS build
* darwinssl: fix CFArrayRef leak
* cmake: use crypt32.lib when building with OpenSSL on windows
OBS-URL: https://build.opensuse.org/request/show/460180
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=122
Bugfixes:
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=186
Changes:
* unix_socket: added --abstract-unix-socket and
CURLOPT_ABSTRACT_UNIX_SOCKET
* CURLOPT_BUFFERSIZE: support enlarging receive buffer
Bugfixes:
* CVE-2017-2629: make SSL_VERIFYSTATUS work again
* gnutls-random: check return code for failed random
* openssl-random: check return code when asking for random
* http: remove "Curl_http_done: called premature" message
* cyassl: use time_t instead of long for timeout
* build-wolfssl: Sync config with wolfSSL 3.10
* ftp-gss: check for init before use
* configure: accept --with-libidn2 instead
* ftp: failure to resolve proxy should return that error code
* curl.1: add three more exit codes
* docs/ciphers: link to our own new page about ciphers
* vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
* darwinssl: fix iOS build
* darwinssl: fix CFArrayRef leak
* cmake: use crypt32.lib when building with OpenSSL on windows
* curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
* digest_sspi: copy terminating NUL as well
* curl: fix --remote-time incorrect times on Windows
* curl.1: several updates and corrections
* content_encoding: change return code on a failure
* curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
* docs: TCP_KEEPALIVE start and interval default to 60
* darwinssl: --insecure overrides --cacert if both settings are in use
* TheArtOfHttpScripting: grammar
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=184
- Update to 7.52.1
Bugfixes:
* CVE-2016-9594: unititialized random bsc#1016738
- Update to 7.52.0
Changes:
* nss: map CURL_SSLVERSION_DEFAULT to NSS default
* vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
* curl: introduce the --tlsv1.3 option to force TLS 1.3
* curl: Add --retry-connrefused
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
* curl: add --fail-early
Bugfixes:
* CVE-2016-9586: printf floating point buffer overflow
* curl -w: added more decimal digits to timing counters
* easy: Initialize info variables on easy init and duphandle
* http2: Don't send header fields prohibited by HTTP/2 spec
* ssh: check md5 fingerprints case insensitively (regression)
* openssl: initial TLS 1.3 adaptions
* SPNEGO: Fix memory leak when authentication fails
* realloc: use Curl_saferealloc to avoid common mistakes
* openssl: make sure to fail in the unlikely event that PRNG
seeding fails
* URL-parser: for file://[host]/ URLs, the [host] must be localhost
* timeval: prefer time_t to hold seconds instead of long
* glob: fix [a-c] globbing regression
* curl.1: Clarify --dump-header only writes received headers
* http2: Fix address sanitizer memcpy warning
* http2: Use huge HTTP/2 windows
OBS-URL: https://build.opensuse.org/request/show/447465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=120
Changes:
* nss: map CURL_SSLVERSION_DEFAULT to NSS default
* vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
* curl: introduce the --tlsv1.3 option to force TLS 1.3
* curl: Add --retry-connrefused
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
* curl: add --fail-early
Bugfixes:
* CVE-2016-9586: printf floating point buffer overflow
* curl -w: added more decimal digits to timing counters
* easy: Initialize info variables on easy init and duphandle
* http2: Don't send header fields prohibited by HTTP/2 spec
* ssh: check md5 fingerprints case insensitively (regression)
* openssl: initial TLS 1.3 adaptions
* SPNEGO: Fix memory leak when authentication fails
* realloc: use Curl_saferealloc to avoid common mistakes
* openssl: make sure to fail in the unlikely event that PRNG
seeding fails
* URL-parser: for file://[host]/ URLs, the [host] must be localhost
* timeval: prefer time_t to hold seconds instead of long
* glob: fix [a-c] globbing regression
* curl.1: Clarify --dump-header only writes received headers
* http2: Fix address sanitizer memcpy warning
* http2: Use huge HTTP/2 windows
* connects: Don't mix unix domain sockets with regular ones
* url: Fix conn reuse for local ports and interfaces
* x509: Limit ASN.1 structure sizes to 256K
* http2: check nghttp2_session_set_local_window_size exists
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=178
- Update to 7.51.0
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: don’t call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
OBS-URL: https://build.opensuse.org/request/show/438231
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=119
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: don’t call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=176
- update to 7.50.3
Bugfixes:
* CVE-2016-7167: escape and unescape integer overflows
* mk-ca-bundle.pl: use SHA256 instead of SHA1
* checksrc: detect strtok() use
* errors: new alias CURLE_WEIRD_SERVER_REPLY
* http2: support > 64bit sized uploads
* openssl: fix bad memory free (regression)
* CMake: hide private library symbols
* http: refuse to pass on response body when NO_NODY is set
* cmake: fix curl-config --static-libs
* mbedtls: switch off NTLM in build if md4 isn't available
* curl: --create-dirs on windows groks both forward and
backward slashes
OBS-URL: https://build.opensuse.org/request/show/427465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=118
Bugfixes:
* CVE-2016-7167: escape and unescape integer overflows
* mk-ca-bundle.pl: use SHA256 instead of SHA1
* checksrc: detect strtok() use
* errors: new alias CURLE_WEIRD_SERVER_REPLY
* http2: support > 64bit sized uploads
* openssl: fix bad memory free (regression)
* CMake: hide private library symbols
* http: refuse to pass on response body when NO_NODY is set
* cmake: fix curl-config --static-libs
* mbedtls: switch off NTLM in build if md4 isn't available
* curl: --create-dirs on windows groks both forward and
backward slashes
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=174
- update to 7.50.2
Bugfixes:
* mbedtls: Added support for NTLM
* SSH: fixed SFTP/SCP transfer problems
* multi: make Curl_expire() work with 0 ms timeouts
* mk-ca-bundle.pl: -m keeps ca cert meta data in output
* TFTP: Fix upload problem with piped input
* CURLOPT_TCP_NODELAY: now enabled by default
* mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
* http2: always wait for readable socket
* cmake: Enable win32 large file support by default
* cmake: Enable win32 threaded resolver by default
* winbuild: Avoid setting redundant CFLAGS to compile commands
* curl.h: make CURL_NO_OLDIES define CURL_STRICTER
* docs: make more markdown files use .md extension
* docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
* winbuild: Allow changing C compiler via environment variable CC
* rtsp: accept any RTSP session id
* HTTP: retry failed HEAD requests on reused connections too
* configure: add zlib search with pkg-config
* openssl: accept subjectAltName iPAddress if no dNSName match
* MANUAL: Remove invalid link to LDAP documentation
* socks: improved connection procedure
* proxy: reject attempts to use unsupported proxy schemes
* proxy: bring back use of "Proxy-Connection:"
* curl: allow "pkcs11:" prefix for client certificates
* spnego_sspi: fix memory leak in case *outlen is zero
* SOCKS: improve verbose output of SOCKS5 connection sequence
* SOCKS: display the hostname returned by the SOCKS5 proxy server
* http/sasl: Query authentication mechanism supported by SSPI before using
OBS-URL: https://build.opensuse.org/request/show/425624
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=117
Bugfixes:
* mbedtls: Added support for NTLM
* SSH: fixed SFTP/SCP transfer problems
* multi: make Curl_expire() work with 0 ms timeouts
* mk-ca-bundle.pl: -m keeps ca cert meta data in output
* TFTP: Fix upload problem with piped input
* CURLOPT_TCP_NODELAY: now enabled by default
* mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
* http2: always wait for readable socket
* cmake: Enable win32 large file support by default
* cmake: Enable win32 threaded resolver by default
* winbuild: Avoid setting redundant CFLAGS to compile commands
* curl.h: make CURL_NO_OLDIES define CURL_STRICTER
* docs: make more markdown files use .md extension
* docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
* winbuild: Allow changing C compiler via environment variable CC
* rtsp: accept any RTSP session id
* HTTP: retry failed HEAD requests on reused connections too
* configure: add zlib search with pkg-config
* openssl: accept subjectAltName iPAddress if no dNSName match
* MANUAL: Remove invalid link to LDAP documentation
* socks: improved connection procedure
* proxy: reject attempts to use unsupported proxy schemes
* proxy: bring back use of "Proxy-Connection:"
* curl: allow "pkcs11:" prefix for client certificates
* spnego_sspi: fix memory leak in case *outlen is zero
* SOCKS: improve verbose output of SOCKS5 connection sequence
* SOCKS: display the hostname returned by the SOCKS5 proxy server
* http/sasl: Query authentication mechanism supported by SSPI before using
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=171
- update to 7.50.1
Bugfixes:
* TLS: switch off SSL session id when client cert is used
* TLS: only reuse connections with the same client cert
* curl_multi_cleanup: clear connection pointer for easy handles
* include the CURLINFO_HTTP_VERSION man page into the release tarball
* include the http2-server.pl script in the release tarball
* test558: fix test by stripping file paths from FD lines
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
* tests: Fix for http/2 feature
* cmake: Fix for schannel support
* curl.h: make public types void * again
* win32: fix a potential memory leak in Curl_load_library
* travis: fix OSX build by re-installing libtool
* mbedtls: Fix debug function name
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch
- update to 7.50.0
Changes:
* http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
* openssl: fix build with OPENSSL_NO_COMP
* cmake: Added missing mbedTLS support
* URL parser: allow URLs to use one, two or three slashes
* curl: fix -q [regression]
* openssl: Use correct buffer sizes for error messages
* curl: fix SIGSEGV while parsing URL with too many globs
* vtls: fix ssl session cache race condition
* http: Fix HTTP/2 connection reuse [regression]
* checksrc: Add LoadLibrary to the banned functions list
OBS-URL: https://build.opensuse.org/request/show/417094
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=116
Bugfixes:
* TLS: switch off SSL session id when client cert is used
* TLS: only reuse connections with the same client cert
* curl_multi_cleanup: clear connection pointer for easy handles
* include the CURLINFO_HTTP_VERSION man page into the release tarball
* include the http2-server.pl script in the release tarball
* test558: fix test by stripping file paths from FD lines
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
* tests: Fix for http/2 feature
* cmake: Fix for schannel support
* curl.h: make public types void * again
* win32: fix a potential memory leak in Curl_load_library
* travis: fix OSX build by re-installing libtool
* mbedtls: Fix debug function name
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=169
- update to 7.50.0
Changes:
* http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
* openssl: fix build with OPENSSL_NO_COMP
* cmake: Added missing mbedTLS support
* URL parser: allow URLs to use one, two or three slashes
* curl: fix -q [regression]
* openssl: Use correct buffer sizes for error messages
* curl: fix SIGSEGV while parsing URL with too many globs
* vtls: fix ssl session cache race condition
* http: Fix HTTP/2 connection reuse [regression]
* checksrc: Add LoadLibrary to the banned functions list
* configure: occasional ignorance of --enable-symbol-hiding with GCC
* http2: test17xx are the first real HTTP/2 tests
* resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
* curl_multi_socket_action.3: rewording
* CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
* cmake: Fix build with winldap
* openssl: fix cert check with non-DNS name fields present
* curl.1: mention the units for the progress meter
* openssl: use more 'const' to fix build warnings with 1.1.0 branch
* cmake: now using BUILD_TESTING=ON/OFF
* vtls: Only call add/getsession if session id is enabled
* headers: forward declare CURL, CURLM and CURLSH as structs
* configure: improve detection of CA bundle path on FreeBSD
* SFTP: set a generic error when no SFTP one exists
* curl_global_init.3: expand on the SSL and WIN32 bits purpose
* conn: don't free easy handle data in handler->disconnect
* cookie.c: Fix misleading indentation
OBS-URL: https://build.opensuse.org/request/show/412565
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=168
- update to 7.47.0
* fixes CVE-2016-0755 (bsc#962983)
(NTLM credentials not-checked for proxy connection re-use)
* drop curl-fix-zsh-completion.patch (upstream)
Changes:
* version: Add flag CURL_VERSION_PSL for libpsl
* http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
* curl: use 2TLS by default
* curl --expect100-timeout: added
* Add .dir-locals and set c-basic-offset to 2 (for emacs)
OBS-URL: https://build.opensuse.org/request/show/356290
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=154
