diff options
author | B Stack <bgstack15@gmail.com> | 2019-09-18 12:37:11 +0000 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2019-09-18 12:37:11 +0000 |
commit | bab4e46df0ab08070ac03aa057bd63ee7d744a90 (patch) | |
tree | 8abbed509506c4ca87de844ff57ffcd3988bdf55 | |
parent | Merge branch 'plymouth-bump' into 'master' (diff) | |
parent | add curl (diff) | |
download | stackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.tar.gz stackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.tar.bz2 stackrpms-bab4e46df0ab08070ac03aa057bd63ee7d744a90.zip |
Merge branch 'libssh2-bump' into 'master'
Add freefilesync build/run dependencies
See merge request bgstack15/stackrpms!88
-rw-r--r-- | curl/0001-curl-7.66.0-metalink-memleak.patch | 71 | ||||
-rw-r--r-- | curl/0101-curl-7.58.0-multilib.patch | 88 | ||||
-rw-r--r-- | curl/0102-curl-7.54.1-debug.patch | 48 | ||||
-rw-r--r-- | curl/0103-curl-7.62.0-python3.patch | 57 | ||||
-rw-r--r-- | curl/0104-curl-7.64.1-localhost6.patch | 47 | ||||
-rw-r--r-- | curl/0105-curl-7.65.0-lib1560-valgrind.patch | 39 | ||||
-rw-r--r-- | curl/0302-curl-7.47.1-pkgconfig.patch | 17 | ||||
-rw-r--r-- | curl/README.md | 5 | ||||
-rw-r--r-- | curl/curl-7.64.1-zsh-cpl.patch | 37 | ||||
-rw-r--r-- | curl/curl.spec | 6326 | ||||
-rw-r--r-- | libssh2/README.md | 5 | ||||
-rw-r--r-- | libssh2/libssh2-1.7.0-pkgconfig.patch | 13 | ||||
-rw-r--r-- | libssh2/libssh2.spec | 802 |
13 files changed, 7555 insertions, 0 deletions
diff --git a/curl/0001-curl-7.66.0-metalink-memleak.patch b/curl/0001-curl-7.66.0-metalink-memleak.patch new file mode 100644 index 0000000..16c8ae2 --- /dev/null +++ b/curl/0001-curl-7.66.0-metalink-memleak.patch @@ -0,0 +1,71 @@ +From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Wed, 11 Sep 2019 16:32:11 +0200 +Subject: [PATCH] curl: fix memory leaked by parse_metalink() + +This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. +Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind +and libmetalink enabled. + +Closes #4326 + +Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732 +Signed-off-by: Kamil Dudka <kdudka@redhat.com> +--- + src/tool_metalink.c | 2 +- + src/tool_metalink.h | 3 +++ + src/tool_operate.c | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/tool_metalink.c b/src/tool_metalink.c +index 0740407f9..cd5a7d650 100644 +--- a/src/tool_metalink.c ++++ b/src/tool_metalink.c +@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res) + Curl_safefree(res); + } + +-static void delete_metalinkfile(metalinkfile *mlfile) ++void delete_metalinkfile(metalinkfile *mlfile) + { + metalink_resource *res; + if(mlfile == NULL) { +diff --git a/src/tool_metalink.h b/src/tool_metalink.h +index 1e367033c..f5ec306f7 100644 +--- a/src/tool_metalink.h ++++ b/src/tool_metalink.h +@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1]; + * Counts the resource in the metalinkfile. + */ + int count_next_metalink_resource(metalinkfile *mlfile); ++ ++void delete_metalinkfile(metalinkfile *mlfile); + void clean_metalink(struct OperationConfig *config); + + /* +@@ -158,6 +160,7 @@ void metalink_cleanup(void); + #else /* USE_METALINK */ + + #define count_next_metalink_resource(x) 0 ++#define delete_metalinkfile(x) (void)x + #define clean_metalink(x) (void)x + + /* metalink_cleanup() takes no arguments */ +diff --git a/src/tool_operate.c b/src/tool_operate.c +index d2ad9642d..09dfc0c84 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global, + result = post_transfer(global, share, per, result, &retry); + if(retry) + continue; ++ ++ /* Release metalink related resources here */ ++ delete_metalinkfile(per->mlfile); ++ + per = del_transfer(per); + + /* Bail out upon critical errors or --fail-early */ +-- +2.20.1 + diff --git a/curl/0101-curl-7.58.0-multilib.patch b/curl/0101-curl-7.58.0-multilib.patch new file mode 100644 index 0000000..38340e1 --- /dev/null +++ b/curl/0101-curl-7.58.0-multilib.patch @@ -0,0 +1,88 @@ +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Fri, 12 Apr 2013 12:04:05 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script + +--- + curl-config.in | 21 +++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 7 insertions(+), 19 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 150004d..95d0759 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -76,7 +76,7 @@ while test $# -gt 0; do + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -143,32 +143,19 @@ while test $# -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; + + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi ++ echo "curl was built with static libraries disabled" >&2 ++ exit 1 + ;; + + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -70,7 +70,9 @@ no, one or several names. If more than o + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl ++packages do not provide any static libraries, thus cannot be linked statically. ++(Added in 7.17.1) + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 2ba9c39..f8f8b00 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -29,6 +29,7 @@ libdir=@libdir@ + includedir=@includedir@ + supported_protocols="@SUPPORT_PROTOCOLS@" + supported_features="@SUPPORT_FEATURES@" ++configure_options=@CONFIGURE_OPTIONS@ + + Name: libcurl + URL: https://curl.haxx.se/ diff --git a/curl/0102-curl-7.54.1-debug.patch b/curl/0102-curl-7.54.1-debug.patch new file mode 100644 index 0000000..1495e17 --- /dev/null +++ b/curl/0102-curl-7.54.1-debug.patch @@ -0,0 +1,48 @@ +--- a/configure ++++ b/configure +@@ -17044,18 +17044,11 @@ $as_echo "yes" >&6; } + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + + OLDCPPFLAGS=$CPPFLAGS +--- a/m4/curl-compilers.m4 ++++ b/m4/curl-compilers.m4 +@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else diff --git a/curl/0103-curl-7.62.0-python3.patch b/curl/0103-curl-7.62.0-python3.patch new file mode 100644 index 0000000..56485fe --- /dev/null +++ b/curl/0103-curl-7.62.0-python3.patch @@ -0,0 +1,57 @@ +From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Thu, 15 Mar 2018 14:49:56 +0100 +Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3 + +Unfortunately, smbserver.py does not work with Python 3 because +there is no 'impacket' module available for Python 3: + +https://github.com/CoreSecurity/impacket/issues/61 +--- + tests/negtelnetserver.py | 4 ++-- + tests/smbserver.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py +index 8cfd409..72ee771 100755 +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + response_data = response.encode('ascii') + else: + log.debug("Received normal request - echoing back") +- response_data = data.strip() ++ response_data = data.decode('utf8').strip() + + if response_data: + log.debug("Sending %r", response_data) +- self.request.sendall(response_data) ++ self.request.sendall(response_data.encode('utf8')) + + except IOError: + log.exception("IOError hit during request") +diff --git a/tests/smbserver.py b/tests/smbserver.py +index 195ae39..b09cd44 100755 +--- a/tests/smbserver.py ++++ b/tests/smbserver.py +@@ -24,7 +24,7 @@ + from __future__ import (absolute_import, division, print_function) + # unicode_literals) + import argparse +-import ConfigParser ++import configparser + import os + import sys + import logging +@@ -58,7 +58,7 @@ def smbserver(options): + f.write("{0}".format(pid)) + + # Here we write a mini config for the server +- smb_config = ConfigParser.ConfigParser() ++ smb_config = configparser.ConfigParser() + smb_config.add_section("global") + smb_config.set("global", "server_name", "SERVICE") + smb_config.set("global", "server_os", "UNIX") +-- +2.14.3 + diff --git a/curl/0104-curl-7.64.1-localhost6.patch b/curl/0104-curl-7.64.1-localhost6.patch new file mode 100644 index 0000000..ec1fc47 --- /dev/null +++ b/curl/0104-curl-7.64.1-localhost6.patch @@ -0,0 +1,47 @@ +--- a/tests/data/test1083 ++++ b/tests/data/test1083 +@@ -33,13 +33,13 @@ ipv6 + http-ipv6 + </server> + <name> +-HTTP-IPv6 GET with ip6-localhost --interface ++HTTP-IPv6 GET with localhost6 --interface + </name> + <command> +--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost ++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 + </command> + <precheck> +-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" ++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" + </precheck> + </client> + +--- a/tests/data/test241 ++++ b/tests/data/test241 +@@ -30,13 +30,13 @@ ipv6 + http-ipv6 + </server> + <name> +-HTTP-IPv6 GET (using ip6-localhost) ++HTTP-IPv6 GET (using localhost6) + </name> + <command> +--g "http://ip6-localhost:%HTTP6PORT/241" ++-g "http://localhost6:%HTTP6PORT/241" + </command> + <precheck> +-./server/resolve --ipv6 ip6-localhost ++./server/resolve --ipv6 localhost6 + </precheck> + </client> + +@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost) + </strip> + <protocol> + GET /241 HTTP/1.1
+-Host: ip6-localhost:%HTTP6PORT
++Host: localhost6:%HTTP6PORT
+ Accept: */*
+
+ </protocol> diff --git a/curl/0105-curl-7.65.0-lib1560-valgrind.patch b/curl/0105-curl-7.65.0-lib1560-valgrind.patch new file mode 100644 index 0000000..92089c2 --- /dev/null +++ b/curl/0105-curl-7.65.0-lib1560-valgrind.patch @@ -0,0 +1,39 @@ +From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 4 Feb 2019 17:32:56 +0100 +Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp + +... to prevent valgrind from reporting false positives on x86_64: + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCAA: part2id (lib1560.c:489) + by 0x10BCAA: updateurl (lib1560.c:521) + by 0x10BCAA: set_parts (lib1560.c:630) + by 0x10BCAA: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCC3: part2id (lib1560.c:491) + by 0x10BCC3: updateurl (lib1560.c:521) + by 0x10BCC3: set_parts (lib1560.c:630) + by 0x10BCC3: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) +--- + tests/libtest/Makefile.inc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index 080421b..ea3b806 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -528,6 +528,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFIL + lib1559_LDADD = $(TESTUTIL_LIBS) + + lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp + lib1560_LDADD = $(TESTUTIL_LIBS) + + lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +-- +2.17.2 + diff --git a/curl/0302-curl-7.47.1-pkgconfig.patch b/curl/0302-curl-7.47.1-pkgconfig.patch new file mode 100644 index 0000000..3dce68b --- /dev/null +++ b/curl/0302-curl-7.47.1-pkgconfig.patch @@ -0,0 +1,17 @@ +This patch cleans up libcurl.pc to remove redundant compiler/linker +flags that refer to standard directories, i.e. + +-L/usr/lib(64)? +-I/usr/include + +--- libcurl.pc.in ++++ libcurl.pc.in +@@ -35,6 +35,6 @@ Name: libcurl + URL: https://curl.haxx.se/ + Description: Library to transfer files with ftp, http, etc. + Version: @CURLVERSION@ +-Libs: -L${libdir} -lcurl ++Libs: -lcurl + Libs.private: @LIBCURL_LIBS@ +-Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@ ++Cflags: @CPPFLAG_CURL_STATICLIB@ diff --git a/curl/README.md b/curl/README.md new file mode 100644 index 0000000..3ba10a5 --- /dev/null +++ b/curl/README.md @@ -0,0 +1,5 @@ +curl upstream: +http://mirror.city-fan.org/ftp/contrib/yum-repo/development/source/curl-7.66.0-1.1.cf.fc32.src.rpm + +reason for being in stackrpms: +needed to build FreeFileSync diff --git a/curl/curl-7.64.1-zsh-cpl.patch b/curl/curl-7.64.1-zsh-cpl.patch new file mode 100644 index 0000000..070e508 --- /dev/null +++ b/curl/curl-7.64.1-zsh-cpl.patch @@ -0,0 +1,37 @@ +--- scripts/Makefile.am ++++ scripts/Makefile.am +@@ -35,7 +35,7 @@ if CROSSCOMPILING + @echo "NOTICE: we can't generate zsh completion when cross-compiling!" + else # if not cross-compiling: + @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ ++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ + endif + + $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl +@@ -43,7 +43,7 @@ if CROSSCOMPILING + @echo "NOTICE: we can't generate fish completion when cross-compiling!" + else # if not cross-compiling: + @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ ++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ + endif + + install-data-local: +--- scripts/Makefile.in ++++ scripts/Makefile.in +@@ -563,12 +563,12 @@ all-local: $(ZSH_COMPLETION_FUNCTION_FIL + $(ZSH_COMPLETION_FUNCTION_FILENAME): completion.pl + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate zsh completion when cross-compiling!" + @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ ++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ + + $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate fish completion when cross-compiling!" + @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ ++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ + + install-data-local: + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't install zsh completion when cross-compiling!" diff --git a/curl/curl.spec b/curl/curl.spec new file mode 100644 index 0000000..88181f9 --- /dev/null +++ b/curl/curl.spec @@ -0,0 +1,6326 @@ +# Detect the distribution in use +%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' +%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' +%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) +%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) +%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) +# Identify CentOS Linux and Scientific Linux as rhel +%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" +%global __distinit rhel +%endif +# Dist tag for Fedora is still "fc" +%if "%{__distinit}" == "f" +%global __distinit fc +%endif + +# Set to 0 for regular curl package, 1 for libcurl compatibility package +%global compat 0 + +# Use rpmbuild --without nss to build with OpenSSL rather than nss +%{!?_without_nss: %{!?_with_nss: %global _with_nss --with-nss}} +%{?_with_nss: %global disable_nss 0} +%{?_without_nss: %global disable_nss 1} + +# Build with nss rather than OpenSSL for Fedora 16-26 and RHEL-7 unless OpenSSL is requested +# (older distributions don't have recent enough nss versions) +%global nss_ok %([ '(' 0%{?fedora} -gt 15 -a 0%{?fedora} -lt 27 ')' -o 0%{?rhel} -eq 7 ] && echo 1 || echo 0) +%if %{nss_ok} && !%{disable_nss} +%global ssl_provider nss +%global ssl_versionreq >= 3.14.0 +%global use_nss 1 +%global have_openssl_libs 0 +%else +%global ssl_provider openssl +%global ssl_versionreq %{nil} +%global use_nss 0 +# Have openssl-libs (with Epoch of 1) from Fedora 18, RHEL-7 onwards +%global have_openssl_libs %([ 0%{?fedora} -gt 17 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0) +%endif + +# Build with Posix threaded DNS lookups rather than using c-ares from Fedora 16, RHEL-7 +%global use_threads_posix %([ 0%{?fedora} -gt 15 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0) + +# Use libidn2 from Fedora 25 onwards +%global use_libidn2 %([ 0%{?fedora} -gt 24 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) + +# Also build (lib)curl-minimal from Fedora 27 onwards +%global build_minimal %([ 0%{?fedora} -gt 26 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) + +# Use libssh backend rather than libssh2 from Fedora 28 onwards +%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) +%global libssh libssh +%global libssh_minimum_version 0.7.5 +%else +%global libssh libssh2 +%global libssh_minimum_version 1.2 +%endif + +# Run the test suite using Python 3 from Fedora 28 onwards +%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) +%global test_python python3-devel +%else +%global test_python python2 +%endif + +Version: 7.66.0 +Release: 1.1.cf.%{__distinit}%{__distvers} +%if %{compat} +Summary: Curl library for compatibility with old applications +Name: libcurl%(echo %{version} | tr -d .) +Obsoletes: compat-libcurl < %{version}-%{release} +Provides: compat-libcurl = %{version}-%{release} +%else +Summary: Utility for getting files from remote servers (FTP, HTTP, and others) +Name: curl +Provides: webclient +%endif +License: MIT +Source0: https://curl.haxx.se/download/curl-%{version}.tar.xz + +# Fix memory leaked by parse_metalink() +# (https://github.com/curl/curl/pull/4326) +Patch1: 0001-curl-7.66.0-metalink-memleak.patch + +# Patch making libcurl multilib ready +Patch101: 0101-curl-7.58.0-multilib.patch + +# Prevent configure script from discarding -g in CFLAGS (#496778) +Patch102: 0102-curl-7.54.1-debug.patch + +# Migrate tests/http_pipe.py to Python 3 +Patch103: 0103-curl-7.62.0-python3.patch + +# Use localhost6 instead of ip6-localhost in the curl test-suite +Patch104: 0104-curl-7.64.1-localhost6.patch + +# Prevent valgrind from reporting false positives on x86_64 +Patch105: 0105-curl-7.65.0-lib1560-valgrind.patch + +# Fix FTBFS when building curl dynamically with no libcurl.so.4 in system +Patch300: curl-7.64.1-zsh-cpl.patch + +# Remove redundant compiler/linker flags from libcurl.pc +# Assumes %%{_libdir} = /usr/lib or /usr/lib64 and %%{_includedir} = /usr/include +Patch302: 0302-curl-7.47.1-pkgconfig.patch + +URL: https://curl.haxx.se/ +%if 0%{?fedora} > 28 || 0%{?rhel} > 7 +BuildRequires: brotli-devel +%endif +%if ! %{use_threads_posix} +BuildRequires: c-ares-devel >= 1.6.0 +%endif +BuildRequires: coreutils +BuildRequires: gcc +BuildRequires: krb5-devel +%if %{use_libidn2} +BuildRequires: libidn2-devel +%endif +BuildRequires: openldap-devel +BuildRequires: pkgconfig +BuildRequires: groff +BuildRequires: libmetalink-devel +%if 0%{?fedora} > 22 || 0%{?rhel:1} +BuildRequires: libnghttp2-devel +# nghttpx (an HTTP/2 proxy) is used by the upstream test-suite +BuildRequires: nghttp2 +%endif +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +BuildRequires: libpsl-devel +%endif +BuildRequires: %{libssh}-devel >= %{libssh_minimum_version} +BuildRequires: make +BuildRequires: perl-interpreter +BuildRequires: sed +BuildRequires: %{ssl_provider}-devel %{ssl_versionreq} +BuildRequires: zlib-devel +# Needed to compress content of tool_hugehelp.c after changing curl.1 man page +BuildRequires: perl(IO::Compress::Gzip) +# Needed for generation of shell completions +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(Pod::Usage) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) +# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION +Requires: libcurl%{?_isa} >= %{version}-%{release} +%if ! %{use_nss} +Requires: %{_sysconfdir}/pki/tls/certs/ca-bundle.crt +%endif +# Test suite requirements +BuildRequires: gnutls-utils +BuildRequires: openssh-clients +BuildRequires: openssh-server +BuildRequires: perl(Cwd) +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Exporter) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Spec) +BuildRequires: perl(IPC::Open2) +BuildRequires: perl(MIME::Base64) +BuildRequires: perl(Time::Local) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(vars) +BuildRequires: stunnel +# python used for http-pipe tests (190x) +# requires python ≥ 2.7 but fails safely +BuildRequires: %{test_python} + +# require at least the version of libpsl that we were built against, +# to ensure that we have the necessary symbols available (#1631804) +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) +%endif + +# require at least the version of libssh/libssh2 that we were built against, +# to ensure that we have the necessary symbols available (#525002, #642796) +%global libssh_version %(pkg-config --modversion %{libssh} 2>/dev/null || echo 0) + +# require at least the version of openssl-libs that we were built against, +# to ensure that we have the necessary symbols available (#1462184, #1462211) +%if %{have_openssl_libs} +%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) +%endif + +# same issue with c-ares +%global cares_version %(pkg-config --modversion libcares 2>/dev/null || echo 0) + +%if ! %{compat} +%description +curl is a command line tool for transferring data with URL syntax, supporting +FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, +SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP +uploading, HTTP form based upload, proxies, cookies, user+password +authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer +resume, proxy tunneling and a busload of other useful tricks. + +%package -n libcurl +Summary: A library for getting files from web servers +# c-ares adds symbols that curl uses if available, so we need to enforce +# version dependency +%if ! %{use_threads_posix} +Requires: c-ares%{?_isa} >= %{cares_version} +%endif +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +Requires: libpsl%{?_isa} >= %{libpsl_version} +%endif +# libssh/libssh2 adds symbols that curl uses if available, so we need to enforce +# version dependency +Requires: %{libssh}%{?_isa} >= %{libssh_version} +# same issue with openssl +%if %{have_openssl_libs} +Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} +%endif +# libnsspem.so is no longer included in the nss package from F-23 onwards (#1347336) +%if 0%{?fedora} > 22 || 0%{?rhel} > 7 +%if %{use_nss} +%if 0%{?fedora} > 24 || 0%{?rhel} > 7 +BuildRequires: nss-pem%{?_isa} +Requires: nss-pem%{?_isa} +%else +BuildRequires: nss-pem +Requires: nss-pem +%endif +%endif +%endif + +%description -n libcurl +libcurl is a free and easy-to-use client-side URL transfer library, supporting +FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, +SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, +FTP uploading, HTTP form based upload, proxies, cookies, user+password +authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer +resume, HTTP proxy tunneling and more. + +%package -n libcurl-devel +Requires: libcurl%{?_isa} = %{version}-%{release} +Requires: %{ssl_provider}-devel %{ssl_versionreq} +Requires: %{libssh}-devel +Summary: Files needed for building applications with libcurl +Provides: curl-devel = %{version}-%{release} +Provides: curl-devel%{?_isa} = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} +# From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package +%if 0%{?fedora} < 14 +Requires: %{_datadir}/aclocal +%endif + +%description -n libcurl-devel +The libcurl-devel package includes header files and libraries necessary for +developing programs that use the libcurl library. It contains the API +documentation of the library, too. + +%if %{build_minimal} +%package -n curl-minimal +Summary: Conservatively configured build of curl for minimal installations +Provides: curl = %{version}-%{release} +Conflicts: curl +# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION +Requires: libcurl%{?_isa} >= %{version}-%{release} +RemovePathPostfixes: .minimal +# Needed for RemovePathPostfixes to work with shared libraries +%undefine __brp_ldconfig + +%description -n curl-minimal +This is a replacement of the 'curl' package for minimal installations. It +comes with a limited set of features compared to the 'curl' package. On the +other hand, the package is smaller and requires fewer run-time dependencies to +be installed. + +%package -n libcurl-minimal +Summary: Conservatively configured build of libcurl for minimal installations +Provides: libcurl = %{version}-%{release} +Provides: libcurl%{?_isa} = %{version}-%{release} +Conflicts: libcurl +RemovePathPostfixes: .minimal +%if %{have_openssl_libs} +Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} +%endif + +%description -n libcurl-minimal +This is a replacement of the 'libcurl' package for minimal installations. It +comes with a limited set of features compared to the 'libcurl' package. On the +other hand, the package is smaller and requires fewer run-time dependencies to +be installed. +%endif +%else +%description +This package provides an old version of cURL's libcurl library, necessary +for some old applications that have not been rebuilt against an up to date +version of cURL. +%endif + +%prep +%setup -q -n curl-%{version} + +# Upstream patches +%patch1 -p1 + +# Fedora Patches +%patch101 -p1 +%patch102 -p1 +%patch104 -p1 +%patch105 -p1 + +# Local Patches +%patch300 +%patch302 + +# Make tests/*.py use Python 3 from Fedora 28 onwards +%if "%{test_python}" == "python3-devel" +%patch103 -p1 +sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py +%endif + +# ssh-related tests 582, 600-642, 656, 1446, 2004 fail for as-yet unknown reasons on F-12 to F-15 +# Does not seem to be related to SELinux or use of POSIX threaded DNS resolver +%if 0%{?fedora} > 11 && 0%{?fedora} < 16 +for test in 582 \ + 600 601 602 603 604 605 606 607 608 609 \ + 610 611 612 613 614 615 616 617 618 619 \ + 620 621 622 623 624 625 626 627 628 629 \ + 630 631 633 634 635 636 637 638 639 \ + 640 641 642 \ + 656 \ + 1446 1456 2004; do + echo $test +done >> tests/data/DISABLED +%endif + +# Adapt test 323 for updated OpenSSL +sed -i -e 's/^35$/35,52/' tests/data/test323 + +%build +%if ! %{use_nss} +export CPPFLAGS="$(pkg-config --cflags openssl)" +%endif +[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos" +mkdir build-{full,minimal} +%global _configure ../configure +export common_configure_opts=" \ + --cache-file=../config.cache \ + --disable-static \ + --enable-symbol-hiding \ + --enable-ipv6 \ +%if %{use_threads_posix} + --enable-threaded-resolver \ +%else + --enable-ares \ +%endif + --with-gssapi${KRB5_PREFIX} \ +%if 0%{?fedora} > 22 || 0%{?rhel:1} + --with-nghttp2 \ +%endif +%if %{use_nss} + --with-nss \ + --without-ssl \ + --without-ca-bundle \ +%else + --with-ssl \ + --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ +%endif + " + +# configure minimal build +%if %{build_minimal} +( + cd build-minimal + %configure $common_configure_opts \ + --disable-ldap \ + --disable-ldaps \ + --disable-manual \ + --without-brotli \ + --without-libidn2 \ + --without-libmetalink \ + --without-libpsl \ + --without-%{libssh} +) +%endif + +# configure full build +( + cd build-full + %configure $common_configure_opts \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ +%if 0%{?fedora} > 28 || 0%{?rhel} > 7 + --with-brotli \ +%else + --without-brotli \ +%endif +%if %{use_libidn2} + --with-libidn2 \ +%endif + --with-libmetalink \ +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 + --with-libpsl \ +%endif + --with-%{libssh} +) + +# Remove bogus rpath +sed -i \ + -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ + -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \ +%if %{build_minimal} + build-{full,minimal}/libtool +%else + build-full/libtool +%endif + +%if %{build_minimal} +make %{_smp_mflags} V=1 -C build-minimal +%endif +make %{_smp_mflags} V=1 -C build-full + +%install +%if %{build_minimal} +# Install and rename the library that will be packaged as libcurl-minimal +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/lib +rm -f %{buildroot}%{_libdir}/libcurl.{la,so} +for i in %{buildroot}%{_libdir}/*; do + mv -v $i $i.minimal +done + +# Install and rename the executable that will be packaged as curl-minimal +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/src +mv -v %{buildroot}%{_bindir}/curl{,.minimal} +%endif + +# Install the executable and library that will be packaged as curl and libcurl +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-full + +# Install zsh completion for curl +# (we have to override LD_LIBRARY_PATH because we eliminated rpath) +LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" \ + make DESTDIR=%{buildroot} INSTALL="install -p" \ + install -C build-full/scripts + +# --disable-static not always honoured +rm -f %{buildroot}%{_libdir}/libcurl.a +install -d %{buildroot}%{_datadir}/aclocal +install -m 644 -p docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal + +%check +# Skip the (lengthy) checks on EOL Fedora releases (over ~400 days old) +# Also run on Fedora 13, have seen test failures on F12..F15 +if [ -z "$(find /etc/fedora-release -mtime +400)" %{?rhel:-o rhel} -o "%{?fedora}" = "13" ]; then + export LD_LIBRARY_PATH=%{buildroot}%{_libdir} + cd build-full/tests + make %{?_smp_mflags} V=1 + + # Relax crypto policy for the test-suite to make it pass again (#1610888) + export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX + export OPENSSL_CONF= + + # Run the upstream test-suite + srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' + cd - +fi + +%if %([ 0%{?fedora} -lt 28 -a 0%{?rhel} -lt 8 ] && echo 1 || echo 0) +%if ! %{compat} +%post -n libcurl -p /sbin/ldconfig +%postun -n libcurl -p /sbin/ldconfig +%if %{build_minimal} +%post -n libcurl-minimal -p /sbin/ldconfig +%postun -n libcurl-minimal -p /sbin/ldconfig +%endif +%else +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%endif +%endif + +%files +%doc CHANGES README* +%doc docs/BUGS docs/DEPRECATE.md docs/FAQ docs/FEATURES docs/SECURITY-PROCESS.md +%doc docs/TODO docs/RESOURCES docs/TheArtOfHttpScripting +%if ! %{compat} +%{_bindir}/curl +%{_datadir}/fish/ +%{_datadir}/zsh/ +%{_mandir}/man1/curl.1* +%else +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%exclude %{_bindir}/curl +%exclude %{_datadir}/zsh/site-functions/_curl +%exclude %{_mandir}/man1/curl.1* +%{_libdir}/libcurl.so.* +%endif + +%if ! %{compat} +%files -n libcurl +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%{_libdir}/libcurl.so.4 +%{_libdir}/libcurl.so.4.[0-9].[0-9] + +%files -n libcurl-devel +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md +%doc docs/CHECKSRC.md docs/CONTRIBUTE.md docs/libcurl/ABI docs/CODE_STYLE.md +%doc docs/GOVERNANCE.md +%{_bindir}/curl-config +%{_includedir}/curl/ +%{_libdir}/*.so +%{_libdir}/pkgconfig/libcurl.pc +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* +%{_datadir}/aclocal/libcurl.m4 + +%if %{build_minimal} +%files -n curl-minimal +%{_bindir}/curl.minimal +%{_mandir}/man1/curl.1* + +%files -n libcurl-minimal +%license COPYING +%{_libdir}/libcurl.so.4.minimal +%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal +%endif +%else +%exclude %{_bindir}/curl-config +%exclude %{_includedir}/curl/ +%exclude %{_libdir}/*.so +%exclude %{_libdir}/pkgconfig/libcurl.pc +%exclude %{_mandir}/man1/curl-config.1* +%exclude %{_mandir}/man3/* +%exclude %{_datadir}/aclocal/libcurl.m4 +%endif +%exclude %{_libdir}/libcurl.la + +%changelog +* Fri Sep 13 2019 Paul Howarth <paul@city-fan.org> - 7.66.0-1.1.cf +- curl: Fix memory leaked by parse_metalink() + (https://github.com/curl/curl/pull/4326) + +* Wed Sep 11 2019 Paul Howarth <paul@city-fan.org> - 7.66.0-1.0.cf +- Update to 7.66.0 + - CVE-2019-5481: FTP-KRB double-free + - CVE-2019-5482: TFTP small blocksize heap buffer overflow + - CURLINFO_RETRY_AFTER: Parse the Retry-After header value + - HTTP3: Initial (experimental still not working) support + - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool + - curl: Support parallel transfers with -Z + - curl_multi_poll: A sister to curl_multi_wait() that waits more + - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID + - CI: Remove duplicate configure flag for LGTM.com + - CMake: Remove needless newlines at end of gss variables + - CMake: Use platform dependent name for dlopen() library + - CURLINFO docs: Mention that in redirects times are added + - CURLOPT_ALTSVC.3: Use a "" file name to not load from a file + - CURLOPT_ALTSVC_CTRL.3: Remove CURLALTSVC_ALTUSED + - CURLOPT_HEADERFUNCTION.3: Clarify + - CURLOPT_HTTP_VERSION: Setting this to 3 forces HTTP/3 use directly + - CURLOPT_READFUNCTION.3: Provide inline example + - CURLOPT_SSL_VERIFYHOST: Treat the value 1 as 2 + - Curl_addr2string: Take an addrlen argument too + - Curl_fillreadbuffer: Avoid double-free trailer buf on error + - HTTP: Use chunked Transfer-Encoding for HTTP_POST if size unknown + - alt-svc: Add protocol version selection masking + - alt-svc: Fix removal of expired cache entry + - alt-svc: Make it use h3-22 with ngtcp2 as well + - alt-svc: More liberal ALPN name parsing + - alt-svc: Send Alt-Used: in redirected requests + - alt-svc: With quiche, use the quiche h3 alpn string + - appveyor: Pass on -k to make + - asyn-thread: Create a socketpair to wait on + - build-openssl: Fix build with Visual Studio 2019 + - cleanup: Move functions out of url.c and make them static + - cleanup: Remove the 'numsocks' argument used in many places + - configure: Avoid undefined check_for_ca_bundle + - curl.h: Add CURL_HTTP_VERSION_3 to the version enum + - curl.h: Fix outdated comment + - curl: Cap the maximum allowed values for retry time arguments + - curl: Handle a libcurl build without netrc support + - curl: Make use of CURLINFO_RETRY_AFTER when retrying + - curl: Remove outdated comment + - curl: Use .curlrc (with a dot) on Windows + - curl: Use CURLINFO_PROTOCOL to check for HTTP(s) + - curl_global_init_mem.3: Mention it was added in 7.12.0 + - curl_version: Bump string buffer size to 250 + - curl_version_info.3: Mentioned ALTSVC and HTTP3 + - curl_version_info: Offer quic (and h3) library info + - curl_version_info: Provide nghttp2 details + - defines: Avoid underscore-prefixed defines + - docs/ALTSVC: Remove what works and the experimental explanation + - docs/EXPERIMENTAL: Explain what it means and what's experimental now + - docs/MANUAL.md: Converted to markdown from plain text + - docs/examples/curlx: Fix errors + - docs: s/curl_debug/curl_dbg_debug in comments and docs + - easy: Resize receive buffer on easy handle reset + - examples: Avoid reserved names in hiperfifo examples + - examples: Add http3.c, altsvc.c and http3-present.c + - getenv: Support up to 4K environment variable contents on Windows + - http09: Disable HTTP/0.9 by default in both tool and library + - http2: When marked for closure and wanted to close == OK + - http2_recv: Trigger another read when the last data is returned + - http: Fix use of credentials from URL when using HTTP proxy + - http_negotiate: Improve handling of gss_init_sec_context() failures + - md4: Use our own MD4 when no crypto libraries are available + - multi: Call detach_connection before Curl_disconnect + - netrc: Make the code try ".netrc" on Windows + - nss: Use TLSv1.3 as default if supported + - openssl: Build warning free with boringssl + - openssl: Use SSL_CTX_set_<min|max>_proto_version() when available + - plan9: Add support for running on Plan 9 + - progress: Reset download/uploaded counter between transfers + - readwrite_data: Repair setting the TIMER_STARTTRANSFER stamp + - scp: Fix directory name length used in memcpy + - smb: Initialize *msg to NULL in smb_send_and_recv() + - smtp: Check for and bail out on too short EHLO response + - source: Remove names from source comments + - spnego_sspi: Add typecast to fix build warning + - src/makefile: Fix uncompressed hugehelp.c generation + - ssh-libssh: Do not specify O_APPEND when not in append mode + - ssh: Move code into vssh for SSH backends + - sspi: Fix memory leaks + - tests: Replace outdated test case numbering documentation + - tftp: Return error when packet is too small for options + - timediff: Make it 64 bit (if possible) even with 32 bit time_t + - travis: Reduce number of torture tests in 'coverage' + - url: Make use of new HTTP version if alt-svc has one + - urlapi: Verify the IPv6 numerical address + - urldata: Avoid 'generic', use dedicated pointers + - vauth: Use CURLE_AUTH_ERROR for auth function errors + +* Tue Aug 27 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-4.0.cf +- Avoid reporting spurious error in the HTTP2 framing layer (#1690971) + +* Thu Aug 1 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-3.0.cf +- Improve handling of gss_init_sec_context() failures + +* Thu Jul 25 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jul 19 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1.0.cf +- Update to 7.65.3 + - progress: Make the progress meter appear again + +* Wed Jul 17 2019 Paul Howarth <paul@city-fan.org> - 7.65.2-1.0.cf +- Update to 7.65.2 + - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH + - CMake: Convert errant elseif() to else() + - CMake: Fix finding Brotli on case-sensitive file systems + - CURLMOPT_SOCKETFUNCTION.3: Clarified + - CURLMOPT_SOCKETFUNCTION.3: Fix typo + - CURLOPT_CAINFO.3: Polished wording + - CURLOPT_HEADEROPT.3: Fix example + - CURLOPT_RANGE.3: Caution against using it for HTTP PUT + - CURLOPT_SEEKDATA.3: Fix variable name + - DEPRECATE: Fixup versions and spelling + - bindlocal: Detect and avoid IP version mismatches in bind() + - build: Fix Codacy warnings + - buildconf.bat: Fix header filename + - c-ares: Honour port numbers in CURLOPT_DNS_SERVERS + - config-os400: Add getpeername and getsockname defines + - configure: --disable-progress-meter + - configure: Fix --disable-code-coverage + - configure: Fix typo '--disable-http-uath' + - configure: More --disable switches to toggle off individual features + - configure: Remove CURL_DISABLE_TLS_SRP + - conn_maxage: Move the check to prune_dead_connections() + - curl: Skip CURLOPT_PROXY_CAPATH for disabled-proxy builds + - curl_multi_wait.3: Escape backslash in example + - docs: Explain behaviour change in --tlsv1. options since 7.54 + - docs: Fix links to OpenSSL docs + - docs: Fix string suggesting HTTP/2 is not the default + - examples/fopen: Fix comparison + - examples/htmltitle: Use C++ casts between pointer types + - headers: Remove no longer exported functions + - http2: Call done_sending on end of upload + - http2: Don't call stream-close on already closed streams + - http2: Remove CURL_DISABLE_TYPECHECK define + - http: Allow overriding timecond with custom header + - http: Clarify header buffer size calculation + - krb5: Fix compiler warning + - lib: Use UTF-8 encoding in comments + - libcurl-tutorial.3: Fix small typo (mutipart → multipart) + - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS + - multi: Enable multiplexing by default (again) + - multi: Fix the transfer hashes in the socket hash entries + - multi: Make sure 'data' can present in several sockhash entries + - netrc: Return the correct error code when out of memory + - nss: Don't set unused parameter + - nss: Inspect return value of token check + - nss: Only cache valid CRL entries + - nss: Support using libnss on macOS + - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number + - openssl: Disable engine if OPENSSL_NO_UI_CONSOLE is defined + - openssl: Fix pubkey/signature algorithm detection in certinfo + - openssl: Remove outdated comment + - os400: Make vsetopt() non-static as Curl_vsetopt() for os400 support + - quote.d: Asterisk prefix works for SFTP as well + - runtests: Keep logfiles around by default + - runtests: Report single test time + total duration + - smb: Use the correct error code for access denied on file open + - sws: Remove unused variables + - system_win32: Fix clang warning + - system_win32: Fix typo + - test1165: Verify that CURL_DISABLE_ symbols are in sync + - test1521: Adapt to SLISTPOINT + - test1523: Test CURLOPT_LOW_SPEED_LIMIT + - test153: Fix content-length to avoid occasional hang + - test188/189: Fix Content-Length + - tests: Have runtests figure out disabled features + - tests: Support non-localhost HOSTIP for dict/smb servers + - tests: Update fixed IP for hostip/clientip split + - tool_cb_prg: Fix integer overflow in progress bar + - travis: Disable threaded resolver for coverage build + - travis: Enable alt-svc for coverage build + - travis: Enable brotli for all xenial jobs + - travis: Enable libssh2 for coverage build + - travis: Enable warnings-as-errors for coverage build + - travis: Update scan-build job to xenial + - typecheck: CURLOPT_CONNECT_TO takes an slist too + - typecheck: Add 3 missing strings and a callback data pointer + - unit1654: Cleanup on memory failure + - unpause: Trigger a timeout for event-based transfers + - url: Fix CURLOPT_MAXAGE_CONN time comparison + - win32: Make DLL loading a no-op for UWP + - winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG + - winbuild: Use WITH_PREFIX if given + - wolfssl: Refer to it as wolfSSL only + +* Wed Jun 5 2019 Paul Howarth <paul@city-fan.org> - 7.65.1-1.0.cf +- Update to 7.65.1 + - CURLOPT_LOW_SPEED_* repaired + - NTLM: Reset proxy "multipass" state when CONNECT request is done + - PolarSSL: Deprecate support step 1 - removed from configure + - appveyor: Add Visual Studio solution build + - cmake: Check for if_nametoindex() + - cmake: Support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables + - config-win32: Add support for if_nametoindex and getsockname + - conncache: Remove the DEBUGASSERT on length check + - conncache: Make "bundles" per host name when doing proxy tunnels + - curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version + - curl_share_setopt.3: Improve wording + - dump-header.d: Spell out that no headers == empty file + - example/http2-download: Fix format specifier + - examples: Clean-ups and compiler warning fixes + - http2: Stop drain from being permanently set + - http: Don't parse body-related headers in bodyless responses + - md4: Build correctly with openssl without MD4 + - md4: include the mbedtls config.h to get the MD4 info + - multi: Track users of a socket better + - nss: Allow to specify TLS 1.3 ciphers if supported by NSS + - parse_proxy: Make sure portptr is initialized + - parse_proxy: Use the IPv6 zone id if given + - sectransp: Handle errSSLPeerAuthCompleted from SSLRead() + - singlesocket: Use separate variable for inner loop + - ssl: Update outdated "openssl-only" comments for supported backends + - tests: Add HAProxy keywords + - tests: Add support to test against OpenSSH for Windows + - tests: Make test 1420 and 1406 work with rtsp-disabled libcurl + - tls13-docs: Mention it is only for OpenSSL ≥ 1.1.1 + - tool_parse_cfg: Avoid 2 fopen() for WIN32 + - tool_setopt: For builds with disabled-proxy, skip all proxy setopts() + - url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows + - url: Fix bad feature-disable #ifdef + - url: Use correct port in ConnectionExists() + - winbuild: Use two space indentation + +* Thu May 30 2019 Paul Howarth <paul@city-fan.org> - 7.65.0-2.0.cf +- Fix spurious timeout events with speed-limit (#1714893) + +* Wed May 22 2019 Paul Howarth <paul@city-fan.org> - 7.65.0-1.0.cf +- Update to 7.65.0 + - CURLOPT_DNS_USE_GLOBAL_CACHE: removed + - CURLOPT_MAXAGE_CONN: Set the maximum allowed age for conn reuse + - pipelining: Removed + - CVE-2019-5435: Integer overflows in curl_url_set + - CVE-2019-5436: tftp: Use the current blksize for recvfrom() + - --config: Clarify that initial : and = might need quoting + - AppVeyor: Enable testing for WinSSL build + - CURLMOPT_TIMERFUNCTION.3: Warn about the recursive risk + - CURLOPT_ADDRESS_SCOPE: Fix range check and more + - CURLOPT_CAINFO.3: With Schannel, you want Windows 8 or later + - CURLOPT_CHUNK_BGN_FUNCTION.3: Document the struct and time value + - CURLOPT_READFUNCTION.3: See also CURLOPT_UPLOAD_BUFFERSIZE + - CURL_MAX_INPUT_LENGTH: Largest acceptable string input size + - Curl_disconnect: Treat all CONNECT_ONLY connections as "dead" + - INTERNALS: Add code highlighting + - OS400/ccsidcurl: Replace use of Curl_vsetopt + - OpenSSL: Report -fips in version if OpenSSL is built with FIPS + - README.md: Fix no-consecutive-blank-lines Codacy warning + - VC15 project: Remove MinimalRebuild + - VS projects: Use Unicode for VC10+ + - WRITEFUNCTION: Add missing set_in_callback around callback + - altsvc: Fix building with cookies disabled + - auth: Rename the various authentication clean up functions + - base64: Build conditionally if there are users + - build-openssl.bat: Fixed support for OpenSSL v1.1.0+ + - build: Fix "clarify calculation precedence" warnings + - checksrc.bat: Ignore snprintf warnings in docs/examples + - cirrus: Customize the disabled tests per FreeBSD version + - cleanup: Remove FIXME and TODO comments + - cmake: Avoid linking executable for some tests with cmake 3.6+ + - cmake: Clear CMAKE_REQUIRED_LIBRARIES after each use + - cmake: Rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP + - cmake: Set SSL_BACKENDS + - configure: Avoid unportable '==' test(1) operator + - configure: Error out if OpenSSL wasn't detected when asked for + - configure: Fix default location for fish completions + - cookie: Guard against possible NULL ptr deref + - curl: Make code work with protocol-disabled libcurl + - curl: Report error for "--no-" on non-boolean options + - curl_easy_getinfo.3: Fix minor formatting mistake + - curlver.h: Use parenthesis in CURL_VERSION_BITS macro + - docs/BUG-BOUNTY: Bug bounty time + - docs/INSTALL: Fix broken link + - docs/RELEASE-PROCEDURE: Link to live iCalendar + - documentation: Fix several typos + - doh: Acknowledge CURL_DISABLE_DOH + - doh: Disable DOH for the cases it doesn't work + - examples: Remove unused variables + - ftplistparser: Fix LGTM alert "Empty block without comment" + - hostip: Acknowledge CURL_DISABLE_SHUFFLE_DNS + - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies + - http: Acknowledge CURL_DISABLE_HTTP_AUTH + - http: Mark bundle as not for multiuse on < HTTP/2 response + - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled + - http_negotiate: Do not treat failure of gss_init_sec_context() as fatal + - http_ntlm: Corrected the name of the include guard + - http_ntlm_wb: Handle auth for only a single request + - http_ntlm_wb: Return the correct error on receiving an empty auth message + - lib509: Add missing include for strdup + - lib557: Initialize variables + - makedebug: Fix ERRORLEVEL detection after running where.exe + - mbedtls: Enable use of EC keys + - mime: Acknowledge CURL_DISABLE_MIME + - multi: Improved HTTP_1_1_REQUIRED handling + - netrc: Acknowledge CURL_DISABLE_NETRC + - nss: Allow fifos and character devices for certificates + - nss: Provide more specific error messages on failed init + - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup + - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 + - openssl: Mark connection for close on TLS close_notify + - openvms: Remove pre-processor for SecureTransport + - openvms: Remove pre-processors for Windows + - parse_proxy: Use the URL parser API + - parsedate: Disabled on CURL_DISABLE_PARSEDATE + - pingpong: Disable more when no pingpong protocols are enabled + - polarssl_threadlock: Remove conditionally unused code + - progress: Acknowledge CURL_DISABLE_PROGRESS_METER + - proxy: Acknowledge DISABLE_PROXY more + - resolve: Apply Happy Eyeballs philosophy to parallel c-ares queries + - revert "multi: Support verbose conncache closure handle" + - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 + - sasl: Only enable if there's a protocol enabled using it + - scripts: Fix typos + - singleipconnect: Show port in the verbose "Trying ..." message + - smtp: Fix compiler warning + - socks5: User name and passwords must be shorter than 256 + - socks: Fix error message + - socksd: New SOCKS 4+5 server for tests + - spnego_gssapi: Fix return code on gss_init_sec_context() failure + - ssh-libssh: Remove unused variable + - ssh: Define USE_SSH if SSH is enabled (any backend) + - ssh: Move variable declaration to where it's used + - test1002: Correct the name + - test2100: Fix typos in test description + - tests/server/util: Fix Windows Unicode build + - tests: Run global cleanup at end of tests + - tests: Make Impacket (SMB server) Python 3 compatible + - tool_cb_wrt: Fix bad-function-cast warning + - tool_formparse: Remove redundant assignment + - tool_help: Warn if curl and libcurl versions do not match + - tool_help: include <strings.h> for strcasecmp + - transfer: Fix LGTM alert "Comparison is always true" + - travis: Add an osx http-only build + - travis: Allow builds on branches named "ci" + - travis: Install dependencies only when needed + - travis: Update some builds do Xenial + - travis: Updated mesalink builds + - url: Always clone the CUROPT_CURLU handle + - url: Convert the zone id from a IPv6 URL to correct scope id + - urlapi: Add CURLUPART_ZONEID to set and get + - urlapi: Increase supported scheme length to 40 bytes + - urlapi: Require a non-zero host name length when parsing URL + - urlapi: Stricter CURLUPART_PORT parsing + - urlapi: Strip off zone id from numerical IPv6 addresses + - urlapi: urlencode characters above 0x7f correctly + - vauth/cleartext: Update the PLAIN login to match RFC 4616 + - vauth/oauth2: Fix OAUTHBEARER token generation + - vauth: Fix incorrect function description for Curl_auth_user_contains_domain + - vtls: Fix potential ssl_buffer stack overflow + - wildcard: Disable from build when FTP isn't present + - winbuild: Support MultiSSL builds + - xattr: Skip unittest on unsupported platforms +- Re-enable fish completions as they shouldn't conflict with fish any more + +* Thu May 09 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-2.0.cf +- Do not treat failure of gss_init_sec_context() with --negotiate as fatal + +* Thu Apr 4 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-1.1.cf +- Rebuild without fish completion support, which conflicts with fish itself + +* Wed Mar 27 2019 Paul Howarth <paul@city-fan.org> - 7.64.1-1.0.cf +- Update to 7.64.1 + - alt-svc: Experimental support added + - configure: Add --with-amissl + - AppVeyor: Add MinGW-w64 and classic Mingw builds + - AppVeyor: Switch VS 2015 builds to VS 2017 image + - CURLU: Fix NULL dereference when used over proxy + - Curl_easy: Remove req.maxfd - never used! + - Curl_now: Figure out windows version in win32_init + - Curl_resolv: Fix a gcc -Werror=maybe-uninitialized warning + - DoH: Inherit some SSL options from user's easy handle + - Secure Transport: No more "darwinssl" + - Secure Transport: tvOS 11 is required for ALPN support + - cirrus: Added FreeBSD builds using Cirrus CI + - cleanup: Make local functions static + - cli tool: Do not use mime.h private structures + - cmdline-opts/proxytunnel.d: The option tunnels all protocols + - configure: Add additional libraries to check for LDAP support + - configure: Remove the unused fdopen macro + - configure: Show features as well in the final summary + - conncache: Use conn->data to know if a transfer owns it + - connection: Never reuse CONNECT_ONLY connections + - connection_check: Restore original conn->data after the check + - connection_check: Set ->data to the transfer doing the check + - cookie: Add support for cookie prefixes + - cookies: Dotless names can set cookies again + - cookies: Fix NULL dereference if flushing cookies with no CookieInfo set + - curl.1: --user and --proxy-user are hidden from ps output + - curl.1: Mark the argument to --cookie as <data|filename> + - curl.h: Use __has_declspec_attribute for shared builds + - curl: Display --version features sorted alphabetically + - curl: Fix FreeBSD compiler warning in the --xattr code + - curl: Remove MANUAL from -M output + - curl_easy_duphandle.3: Clarify that a duped handle has no shares + - curl_multi_remove_handle.3: Use at any time, just not from within callbacks + - curl_url.3: This API is not experimental any more + - dns: Release sharelock as soon as possible + - docs: Update max-redirs.d phrasing + - easy: Fix win32 init to work without CURL_GLOBAL_WIN32 + - examples/10-at-a-time.c: Improve readability and simplify + - examples/cacertinmem.c: Use multiple certificates for loading CA-chain + - examples/crawler: Fix the Accept-Encoding setting + - examples/ephiperfifo.c: Various fixes + - examples/externalsocket: Add missing close socket calls + - examples/http2-download: Cleaned up + - examples/http2-serverpush: Add some sensible error checks + - examples/http2-upload: Cleaned up + - examples/httpcustomheader: Value stored to 'res' is never read + - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' + - examples/sftpuploadresume: Value stored to 'result' is never read + - examples: Only include <curl/curl.h> + - examples: Remove recursive calls to curl_multi_socket_action + - examples: Remove superfluous null-pointer checks + - file: Fix "Checking if unsigned variable 'readcount' is less than zero" + - fnmatch: Disable if FTP is disabled + - gnutls: Remove call to deprecated gnutls_compression_get_name + - gopher: Remove check for path == NULL + - gssapi: Fix deprecated header warnings + - hostip: Make create_hostcache_id avoid alloc + free + - http2: multi_connchanged() moved from multi.c, only used for h2 + - http2: Verify :authority in push promise requests + - http: Make adding a blank header thread-safe + - http: Send payload when (proxy) authentication is done + - http: Set state.infilesize when sending multipart formposts + - makefile: Make checksrc and hugefile commands "silent" + - mbedtls: Make it build even if MBEDTLS_VERSION_C isn't set + - mbedtls: Release sessionid resources on error + - memdebug: Log pointer before freeing its data + - memdebug: Make debug-specific functions use curl_dbg_ prefix + - mime: Put the boundary buffer into the curl_mime struct + - multi: Call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME + - multi: Remove verbose "Expire in" ... messages + - multi: Removed unused code for request retries + - multi: Support verbose conncache closure handle + - negotiate: Fix for HTTP POST with Negotiate + - openssl: Add support for TLS ASYNC state + - openssl: If cert type is ENG and no key specified, key is ENG too + - pretransfer: Don't strlen() POSTFIELDS set for GET requests + - rand: Fix a mismatch between comments in source and header + - runtests: Detect "schannel" as an alias for "winssl" + - schannel: Be quiet - remove verbose output + - schannel: Close TLS before removing conn from cache + - schannel: Support CALG_ECDH_EPHEM algorithm + - scripts/completion.pl: Also generate fish completion file + - singlesocket: Fix the 'sincebefore' placement + - source: Fix two 'nread' may be used uninitialized warnings + - ssh: Fix Condition '!status' is always true + - ssh: Loop the state machine if not done and not blocking + - strerror: Make the strerror function use local buffers + - system_win32: Move win32_init here from easy.c + - test578: Make it read data from the correct test + - tests: Fixed XML validation errors in some test files + - tests: Add stderr comparison to the test suite + - tests: Fix multiple may be used uninitialized warnings + - threaded-resolver: Shutdown the resolver thread without error message + - tool_cb_wrt: Fix writing to Windows null device NUL + - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr + - tool_operate: Build on AmigaOS + - tool_operate: Fix typecheck warning + - transfer.c: Do not compute length of undefined hex buffer + - travis: Add build using gnutls + - travis: Add scan-build + - travis: Bump the used wolfSSL version to 4.0.0 + - travis: Enable valgrind for the iconv tests + - travis: Use updated compiler versions: clang 7 and gcc 8 + - unit1307: Require FTP support + - unit1651: Survive curl_easy_init() fails + - url/idnconvert: Remove scan for ≤ 32 ascii values + - url: Change conn shutdown order to ensure SOCKETFUNCTION callbacks + - urlapi: Reduce variable scope, remove unreachable 'break' + - urldata: Convert bools to bitfields and move to end + - urldata: Simplify bytecounters + - urlglob: Argument with 'nonnull' attribute passed null + - version.c: Silent scan-build even when librtmp is not enabled + - vtls: Rename some of the SSL functions + - wolfssl: Stop custom-adding curves + - x509asn1: "Dereference of null pointer" + - x509asn1: Cleanup and unify code layout + - zsh.pl: Escape ':' character + - zsh.pl: Update regex to better match curl -h output + +* Mon Mar 25 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-6.0.cf +- Remove verbose "Expire in" ... messages (#1690971) + +* Thu Mar 21 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-5.0.cf +- Avoid spurious "Could not resolve host: [host name]" error messages + +* Thu Feb 28 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-4.0.cf +- Fix NULL dereference if flushing cookies with no CookieInfo set (#1683676) + +* Mon Feb 25 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-3.0.cf +- Prevent NetworkManager from leaking file descriptors (#1680198) + +* Mon Feb 11 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-2.0.cf +- Make zsh completion work again + +* Wed Feb 6 2019 Paul Howarth <paul@city-fan.org> - 7.64.0-1.0.cf +- Update to 7.64.0 + - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read + - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow + - CVE-2019-3823: SMTP end-of-response out-of-bounds read + - cookies: Leave secure cookies alone + - hostip: Support wildcard hosts + - http: Implement trailing headers for chunked transfers + - http: Added options for allowing HTTP/0.9 responses + - timeval: Use high resolution timestamps on Windows + - FAQ: Remove mention of sourceforge for github + - OS400: Handle memory error in list conversion + - OS400: Upgrade ILE/RPG binding + - README: Add codacy code quality badge + - Revert http_negotiate: do not close connection + - THANKS: Added several missing names from year ≤ 2000 + - build: Make 'tidy' target work for metalink builds + - cmake: Added checks for variadic macros + - cmake: Updated check for HAVE_POLL_FINE to match autotools + - cmake: Use lowercase for function name like the rest of the code + - configure: Detect xlclang separately from clang + - configure: Fix recv/send/select detection on Android + - configure: Rewrite --enable-code-coverage + - conncache_unlock: Avoid indirection by changing input argument type + - cookie: Fix comment typo + - cookies: Allow secure override when done over HTTPS + - cookies: Extend domain checks to non psl builds + - cookies: Skip custom cookies when redirecting cross-site + - curl --xattr: Strip credentials from any URL that is stored + - curl -J: Refuse to append to the destination file + - curl/urlapi.h: include "curl.h" first + - curl_multi_remove_handle() don't block terminating c-ares requests + - darwinssl: Accept setting max-tls with default min-tls + - disconnect: Separate connections and easy handles better + - disconnect: Set conn->data for protocol disconnect + - docs/version.d: Mention MultiSSL + - docs: Fix the --tls-max description + - docs: Use $(INSTALL_DATA) to install man page + - docs: Use meaningless port number in CURLOPT_LOCALPORT example + - gopher: Always include the entire gopher-path in request + - http2: Clear pause stream id if it gets closed + - if2ip: Remove unused function Curl_if_is_interface_name + - libssh: Do not let libssh create socket + - libssh: Enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh + - libssh: free sftp_canonicalize_path() data correctly + - libtest/stub_gssapi: Use "real" snprintf + - mbedtls: Use VERIFYHOST + - multi: Multiplexing improvements + - multi: Set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time + - ntlm: Fix NTMLv2 compliance + - ntlm_sspi: Add support for channel binding + - openssl: Adapt to 3.0.0, OpenSSL_version_num() is deprecated + - openssl: Fix the SSL_get_tlsext_status_ocsp_resp call + - openvms: Fix OpenSSL discovery on VAX + - openvms: Fix typos in documentation + - os400: Add a missing closing bracket + - os400: Fix extra parameter syntax error + - pingpong: Change default response timeout to 120 seconds + - pingpong: Ignore regular timeout in disconnect phase + - printf: Fix format specifiers + - runtests.pl: Fix perl call to include srcdir + - schannel: Fix compiler warning + - schannel: Preserve original certificate path parameter + - schannel: Stop calling it "winssl" + - sigpipe: If mbedTLS is used, ignore SIGPIPE + - smb: Fix incorrect path in request if connection reused + - ssh: Log the libssh2 error message when ssh session startup fails + - test1558: Verify CURLINFO_PROTOCOL on file:// transfer + - test1561: Improve test name + - test1653: Make it survive torture tests + - tests: Allow tests to pass by 2037-02-12 + - tests: Move objnames-* from lib into tests + - timediff: Fix math for unsigned time_t + - timeval: Disable MSVC Analyzer GetTickCount warning + - tool_cb_prg: Avoid integer overflow + - travis: Added cmake build for osx + - urlapi: Fix port parsing of eol colon + - urlapi: Distinguish possibly empty query + - urlapi: Fix parsing ipv6 with zone index + - urldata: Rename easy_conn to just conn + - winbuild: Conditionally use /DZLIB_WINAPI + - wolfssl: Fix memory-leak in threaded use + - spnego_sspi: Add support for channel binding + +* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-7.0.cf +- Prevent valgrind from reporting false positives on x86_64 + +* Fri Feb 1 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-6.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-5.0.cf +- xattr: Strip credentials from any URL that is stored (CVE-2018-20483) + +* Fri Jan 4 2019 Paul Howarth <paul@city-fan.org> - 7.63.0-4.0.cf +- Replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch + +* Wed Dec 19 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-3.0.cf +- curl -J: Do not append to the destination file (#1658574) + +* Fri Dec 14 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-2.0.cf +- Revert an upstream commit that broke 'fedpkg new-sources' (#1659329) + +* Wed Dec 12 2018 Paul Howarth <paul@city-fan.org> - 7.63.0-1.0.cf +- Update to 7.63.0 + - curl: Add %%{stderr} and %%{stdout} for --write-out + - curl: Add undocumented option --dump-module-paths for win32 + - setopt: Add CURLOPT_CURLU + - (lib)curl.rc: Fixup for minor bugs + - CURLINFO_REDIRECT_URL: Extract the Location: header field unvalidated + - CURLOPT_HEADERFUNCTION.3: Match 'nitems' name in synopsis and description + - CURLOPT_WRITEFUNCTION.3: Spell out that it gets called many times + - Curl_follow: Accept non-supported schemes for "fake" redirects + - KNOWN_BUGS: Add --proxy-any connection issue + - NTLM: Remove redundant ifdef USE_OPENSSL + - NTLM: Force the connection to HTTP/1.1 + - OS400: Add URL API ccsid wrappers and sync ILE/RPG bindings + - SECURITY-PROCESS: bountygraph shuts down again + - TODO: Have the URL API offer IDN decoding + - ares: Remove fd from multi fd set when ares is about to close the fd + - axtls: Removed + - checksrc: Add COPYRIGHTYEAR check + - cmake: Fix MIT/Heimdal Kerberos detection + - configure: Include all libraries in ssl-libs fetch + - configure: Show CFLAGS, LDFLAGS etc. in summary + - connect: Fix building for recent versions of Minix + - cookies: Create the cookiejar even if no cookies to save + - cookies: Expire "Max-Age=0" immediately + - curl: --local-port range was not "including" + - curl: Fix --local-port integer overflow + - curl: Fix memory leak reading --writeout from file + - curl: Fixed UTF-8 in current console code page (Windows) + - curl_easy_perform: Fix timeout handling + - curl_global_sslset(): id == -1 is not necessarily an error + - curl_multibyte: Fix a malloc overcalculation + - curle: Move deprecated error code to ifndef block + - docs: curl_formadd field and file names are now escaped + - docs: Escape "\n" codes + - doh: Fix memory leak in OOM situation + - doh: Make it work for h2-disabled builds too + - examples/ephiperfifo: Report error when epoll_ctl fails + - ftp: Avoid two unsigned int overflows in FTP listing parser + - host names: Allow trailing dot in name resolve, then strip it + - http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 + - http: Don't set CURLINFO_CONDITION_UNMET for http status code 204 + - http: Fix HTTP Digest auth to include query in URI + - http_negotiate: Do not close connection until negotiation is completed + - impacket: Add LICENSE + - infof: Clearly indicate truncation + - ldap: Fix LDAP URL parsing regressions + - libcurl: Stop reading from paused transfers + - mprintf: Avoid unsigned integer overflow warning + - netrc: Don't ignore the login name specified with "--user" + - nss: Fall back to latest supported SSL version + - nss: Fix compatibility with nss versions 3.14 to 3.15 + - nss: Fix fallthrough comment to fix picky compiler warning + - nss: Remove version selecting dead code + - nss: Set default max-tls to 1.3/1.2 + - openssl: Remove SSLEAY leftovers + - openssl: Do not log excess "TLS app data" lines for TLS 1.3 + - openssl: Do not use file BIOs if not requested + - openssl: Fix unused variable compiler warning with old openssl + - openssl: Support session resume with TLS 1.3 + - openvms: Fix example name + - os400: Add curl_easy_conn_upkeep() to ILE/RPG binding + - os400: Add CURLOPT_CURLU to ILE/RPG binding + - os400: Fix return type of curl_easy_pause() in ILE/RPG binding + - packages: Remove old leftover files and dirs + - pop3: Only do APOP with a valid timestamp + - runtests: Use the local curl for verifying + - schannel: Be consistent in Schannel capitalization + - schannel: Better CURLOPT_CERTINFO support + - schannel: Use Curl_ prefix for global private symbols + - snprintf: Renamed and we now only use msnprintf() + - ssl: Fix compilation with OpenSSL 0.9.7 + - ssl: Replace all internal uses of CURLE_SSL_CACERT + - symbols-in-versions: Add missing CURLU_ symbols + - test328: Verify Content-Encoding: none + - tests: Disable SO_EXCLUSIVEADDRUSE for stunnel on Windows + - tests: Drop http_pipe.py script, no longer used + - tool_cb_wrt: Silence function cast compiler warning + - tool_doswin: Fix uninitialized field warning + - travis: Build with clang sanitizers + - travis: Remove curl before a normal build + - url: A short host name + port is not a scheme + - url: Fix IPv6 numeral address parser + - urlapi: Only skip encoding the first '=' with APPENDQUERY set +- Add workaround to avoid symbol lookup error in libstubgss.so (libtest) + +* Tue Dec 4 2018 Paul Howarth <paul@city-fan.org> - 7.62.0-1.7.cf +- Work around TLS 1.3 being disabled in NSS in EL-7 + - https://github.com/curl/curl/issues/3261 + - https://github.com/curl/curl/pull/3337 +- Only supported IDN library is libidn2, so don't bother trying to use + libidn + +* Wed Oct 31 2018 Paul Howarth <paul@city-fan.org> - 7.62.0-1.0.cf +- Update to 7.62.0 + - multiplex: Enable by default + - url: Default to CURL_HTTP_VERSION_2TLS if built h2-enabled + - setopt: Add CURLOPT_DOH_URL + - curl: --doh-url added + - setopt: Add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size + - imap: Change from "FETCH" to "UID FETCH" + - configure: Add option to disable automatic OpenSSL config loading + - upkeep: Add a connection upkeep API: curl_easy_upkeep() + - URL-API: Added five new functions + - vtls: MesaLink is a new TLS backend + - Fix SASL password overflow via integer overflow (CVE-2018-16839) + - Fix use-after-free in handle close (CVE-2018-16840) + - Fix warning message out-of-buffer read (CVE-2018-16842) + - CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated + - Curl_dedotdotify(): Always nul terminate returned string + - Curl_follow: Always free the passed new URL + - Curl_http2_done: Fix memleak in error path + - Curl_retry_request: Fix memory leak + - Curl_saferealloc: Fixed typo in docblock + - FILE: Fix CURLOPT_NOBODY and CURLOPT_HEADER output + - GnutTLS: TLS 1.3 support + - SECURITY-PROCESS: Mention the bountygraph program + - VS projects: Add USE_IPV6: + - Windows: Fixes for MinGW targeting Windows Vista + - anyauthput: Fix compiler warning on 64-bit Windows + - appveyor: Add WinSSL builds + - appveyor: Run test suite (on Windows!) + - certs: Generate tests certs with sha256 digest algorithm + - checksrc: Enable strict mode and warnings + - checksrc: Handle zero scoped ignore commands + - cmake: Backport to work with CMake 3.0 again + - cmake: Improve config installation + - cmake: Add support for transitive ZLIB target + - cmake: Disable -Wpedantic-ms-format + - cmake: Don't require OpenSSL if USE_OPENSSL=OFF + - cmake: Fixed path used in generation of docs/tests + - cmake: Remove unused *SOCKLEN_T variables + - cmake: Suppress MSVC warning C4127 for libtest + - cmake: Test and set missed defines during configuration + - comment: Fix multiple typos in function parameters + - config: Remove unused SIZEOF_VOIDP + - config_win32: Enable LDAPS + - configure: Force-use -lpthreads on HPUX + - configure: Remove CURL_CONFIGURE_CURL_SOCKLEN_T + - configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE/ + - cookies: Remove redundant expired check + - cookies: Fix leak when writing cookies to file + - curl-config.in: Remove dependency on bc + - curl.1: --ipv6 mutexes ipv4 (fixed typo) + - curl: Enabled Windows VT Support and UTF-8 output + - curl: Update the documentation of --tlsv1.0 + - curl_multi_wait: Call getsock before figuring out timeout + - curl_ntlm_wb: Check aprintf() return codes + - curl_threads: Fix classic MinGW compile break + - darwinssl: Fix realloc memleak + - darwinssl: More specific and unified error codes + - data-binary.d: Clarify default content-type is x-www-form-urlencoded + - docs/BUG-BOUNTY: Explain the bounty program + - docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers + - docs/CIPHERS: Fix the TLS 1.3 cipher names + - docs/CIPHERS: Mention the colon separation for OpenSSL + - docs/examples: URL updates + - docs: Add "see also" links for SSL options + - example/asiohiper: Insert warning comment about its status + - example/htmltidy: Fix include paths of tidy libraries + - examples/Makefile.m32: Sync with core + - examples/http2-pushinmemory: Receive HTTP/2 pushed files in memory + - examples/parseurl.c: Show off the URL API + - examples: Fix memory leaks from realloc errors + - examples: Do not wait when no transfers are running + - ftp: Include command in Curl_ftpsend sendbuffer + - gskit: Make sure to terminate version string + - gtls: Values stored to but never read + - hostip: Fix check on Curl_shuffle_addr return value + - http2: Fix memory leaks on error-path + - http: Fix memleak in rewind error path + - krb5: Fix memory leak in krb_auth + - ldap: Show precise LDAP call in error message on Windows + - lib: Fix gcc8 warning on Windows + - memory: Add missing curl_printf header + - memory: Ensure to check allocation results + - multi: Fix error handling in the SENDPROTOCONNECT state + - multi: Fix memory leak in content encoding related error path + - multi: Make the closure handle "inherit" CURLOPT_NOSIGNAL + - netrc: Free temporary strings if memory allocation fails + - nss: Fix nssckbi module loading on Windows + - nss: Try to connect even if libnssckbi.so fails to load + - ntlm_wb: Fix memory leaks in ntlm_wb_response + - ntlm_wb: Bail out if the response gets overly large + - openssl: Assume engine support in 0.9.8 or later + - openssl: Enable TLS 1.3 post-handshake auth + - openssl: Fix gcc8 warning + - openssl: Load built-in engines too + - openssl: Make 'done' a proper boolean + - openssl: Output the correct cipher list on TLS 1.3 error + - openssl: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer + - openssl: Show "proper" version number for libressl builds + - pipelining: Deprecated + - rand: Add comment to skip a clang-tidy false positive + - rtmp: Fix for compiling with lwIP + - runtests: Ignore disabled even when ranges are given + - runtests: Skip ld_preload tests on macOS + - runtests: Use Windows paths for Windows curl + - schannel: Unified error code handling + - sendf: Fix whitespace in infof/failf concatenation + - ssh: free the session on init failures + - ssl: Deprecate CURLE_SSL_CACERT in favour of a unified error code + - system.h: Use proper setting with Sun C++ as well + - test1299: Use single quotes around asterisk + - test1452: Mark as flaky + - test1651: Unit test Curl_extract_certinfo() + - test320: Strip out more HTML when comparing + - tests/negtelnetserver.py: Fix Python2-ism in neg TELNET server + - tests: Add unit tests for url.c + - timeval: Fix use of weak symbol clock_gettime() on Apple platforms + - tool_cb_hdr: Handle failure of rename() + - travis: Add a "make tidy" build that runs clang-tidy + - travis: Add build for "configure --disable-verbose" + - travis: Bump the Secure Transport build to use xcode + - travis: Make distcheck scan for BOM markers + - unit1300: Fix stack-use-after-scope AddressSanitizer warning + - urldata: Fix "connecting" comment + - urlglob: Improve error message on bad globs + - vtls: Fix ssl version "or later" behaviour change for many backends + - x509asn1: Fix SAN IP address verification + - x509asn1: Always check return code from getASN1Element() + - x509asn1: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert + - x509asn1: Suppress left shift on signed value +- Test 656 segfaults on Fedora 13 to 15 inclusive, so disable it there + +* Fri Oct 12 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-3.0.cf +- Enable TLS 1.3 post-handshake auth in OpenSSL +- Update the documentation of --tlsv1.0 in curl(1) man page + +* Fri Oct 5 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-2.0.cf +- Enforce versioned libpsl dependency for libcurl (#1631804) +- test320: Update expected output for gnutls-3.6.4 +- Drop 0105-curl-7.61.0-tests-ssh-keygen.patch, no longer needed (#1622594) +- test1456: Seems to be flaky so disable it + +* Wed Sep 5 2018 Paul Howarth <paul@city-fan.org> - 7.61.1-1.0.cf +- Update to 7.61.1 + - Fix NTLM password overflow via integer overflow (CVE-2018-14618) + - CURLINFO_SIZE_UPLOAD: Fix missing counter update + - CURLOPT_ACCEPT_ENCODING.3: List them comma-separated + - CURLOPT_SSL_CTX_FUNCTION.3: Might cause accidental connection reuse + - Curl_getoff_all_pipelines: Improved for multiplexed + - DEPRECATE: Remove release date from 7.62.0 + - HTTP: Don't attempt to needlessly decompress redirect body + - INTERNALS: Require GnuTLS ≥ 2.11.3 + - README.md: Add LGTM.com code quality grade for C/C++ + - SSLCERTS: Improve the openssl command line + - Silence GCC 8 cast-function-type warnings + - ares: Check for NULL in completed-callback + - asyn-thread: Remove unused macro + - auth: Only pick CURLAUTH_BEARER if we *have* a Bearer token + - auth: Pick Bearer authentication whenever a token is available + - cmake: CMake config files are defining CURL_STATICLIB for static builds + - cmake: Respect BUILD_SHARED_LIBS + - cmake: Update scripts to use consistent style + - cmake: Bumped minimum version to 3.4 + - cmake: Link curl to the OpenSSL targets instead of lib absolute paths + - configure: Conditionally enable pedantic-errors + - configure: Fix for -lpthread detection with OpenSSL and pkg-config + - conn: Remove the boolean 'inuse' field + - content_encoding: Accept up to 4 unknown trailer bytes after raw deflate data + - cookie tests: Treat files as text + - cookies: Support creation-time attribute for cookies + - curl: Fix segfault when -H @headerfile is empty + - curl: Add http code 408 to transient list for --retry + - curl: Fix time-of-check, time-of-use race in dir creation + - curl: Use Content-Disposition before the "URL end" for -OJ + - curl: Warn the user if a given file name looks like an option + - curl_threads: Silence bad-function-cast warning + - darwinssl: Add support for ALPN negotiation + - docs/CURLOPT_URL: Fix indentation + - docs/CURLOPT_WRITEFUNCTION: Size is always 1 + - docs/SECURITY-PROCESS: Mention bounty, drop pre-notify + - docs/examples: Add hiperfifo example using linux epoll/timerfd + - docs: Add disallow-username-in-url.d and haproxy-protocol.d to dist + - docs: Clarify NO_PROXY env variable functionality + - docs: Improved the manual pages of some callbacks + - docs: Mention NULL is fine input to several functions + - formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT + - gopher: Do not translate '?' to '%%09' + - header output: Switch off all styles, not just unbold + - hostip: Fix unused variable warning + - http2: Use correct format identifier for stream_id + - http2: Abort the send_callback if not setup yet + - http2: Avoid set_stream_user_data() before stream is assigned + - http2: Check nghttp2_session_set_stream_user_data return code + - http2: Clear the drain counter in Curl_http2_done + - http2: Make sure to send after RST_STREAM + - http2: Separate easy handle from connections better + - http: Fix for tiny "HTTP/0.9" response + - http_proxy: Remove unused macro SELECT_TIMEOUT + - lib/Makefile: Only do symbol hiding if told to + - lib1502: Fix memory leak in torture test + - lib1522: Fix curl_easy_setopt argument type + - libcurl-thread.3: Expand somewhat on the NO_SIGNAL motivation + - mime: Check Curl_rand_hex's return code + - multi: Always do the COMPLETED procedure/state + - openssl: Assume engine support in 1.0.0 or later + - openssl: Fix debug messages + - projects: Improve Windows perl detection in batch scripts + - retry: Return error if rewind was necessary but didn't happen + - reuse_conn(): Memory leak - free old_conn->options + - schannel: Client certificate store opening fix + - schannel: Enable CALG_TLS1PRF for w32api ≥ 5.1 + - schannel: Fix MinGW compile break + - sftp: Don't send post-quote sequence when retrying a connection + - smb: Fix memory leak on early failure + - smb: Fix memory-leak in URL parse error path + - smb_getsock: Always wait for write socket too + - ssh-libssh: Fix infinite connect loop on invalid private key + - ssh-libssh: Reduce excessive verbose output about pubkey auth + - ssh-libssh: Use FALLTHROUGH to silence gcc8 + - ssl: Set engine implicitly when a PKCS#11 URI is provided + - sws: Handle EINTR when calling select() + - system_win32: Fix version checking + - telnet: Remove unused macros TELOPTS and TELCMDS + - test1143: Disable MSYS2's POSIX path conversion + - test1148: Disable if decimal separator is not point + - test1307: (fnmatch testing) disabled + - test1422: Add required file feature + - test1531: Add timeout + - test1540: Remove unused macro TEST_HANG_TIMEOUT + - test214: Disable MSYS2's POSIX path conversion for URL + - test320: Treat curl320.out file as binary + - tests/http_pipe.py: Use /usr/bin/env to find python + - tests: Don't use Windows path %%PWD for SSH tests + - tests: Fixes for Windows line endings + - tool_operate: Fix setting proxy TLS 1.3 ciphers + - travis: Build darwinssl on macos 10.12 to fix linker errors + - travis: Execute "set -eo pipefail" for coverage build + - travis: Run a 'make checksrc' too + - travis: Update to GCC-8 + - travis: Verify that man pages can be regenerated + - upload: Allocate upload buffer on-demand + - upload: Change default UPLOAD_BUFSIZE to 64KB + - urldata: Remove unused pipe_broke struct field + - vtls: Re-instantiate engine on duplicated handles + - windows: Implement send buffer tuning + - wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random + +* Tue Sep 4 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-8.0.cf +- Make the --tls13-ciphers option work + +* Tue Aug 28 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-7.0.cf +- tests: Make ssh-keygen always produce PEM format (#1622594) + +* Wed Aug 15 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-6.0.cf +- scp/sftp: Fix infinite connect loop on invalid private key (#1595135) + +* Mon Aug 13 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-5.0.cf +- ssl: Set engine implicitly when a PKCS#11 URI is provided (#1219544) +- Relax crypto policy for the test-suite to make it pass again (#1610888) + +* Tue Jul 31 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-3.0.cf +- Adapt test 323 for updated OpenSSL + +* Fri Jul 13 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 11 2018 Paul Howarth <paul@city-fan.org> - 7.61.0-1.0.cf +- Update to 7.61.0 + - CVE-2018-0500: smtp: Fix SMTP send buffer overflow + - getinfo: Add microsecond precise timers for seven intervals + - curl: Show headers in bold, switch off with --no-styled-output + - httpauth: Add support for Bearer tokens + - Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS + - curl: --tls13-ciphers and --proxy-tls13-ciphers + - Add CURLOPT_DISALLOW_USERNAME_IN_URL + - curl: --disallow-username-in-url + - schannel: Disable client cert option if APIs not available + - schannel: Disable manual verify if APIs not available + - tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + - openssl: Acknowledge --tls-max for default version too + - stub_gssapi: Fix 'unused parameter' warnings + - examples/progressfunc: Make it build on both new and old libcurls + - docs: Mention it is HA Proxy protocol "version 1" + - curl_fnmatch: Only allow two asterisks for matching + - docs: Clarify CURLOPT_HTTPGET + - configure: Replace a AC_TRY_RUN with CURL_RUN_IFELSE + - configure: Do compile-time SIZEOF checks instead of run-time + - checksrc: Make sure sizeof() is used *with* parentheses + - CURLOPT_ACCEPT_ENCODING.3: Add brotli and clarify a bit + - schannel: Make CAinfo parsing resilient to CR/LF + - tftp: Make sure error is zero terminated before printfing it + - http resume: Skip body if http code 416 (range error) is ignored + - configure: Add basic test of --with-ssl prefix + - cmake: Set -d postfix for debug builds + - multi: Provide a socket to wait for in Curl_protocol_getsock + - content_encoding: Handle zlib versions too old for Z_BLOCK + - winbuild: Only delete OUTFILE if it exists + - winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + - schannel: Add failf calls for client certificate failures + - cmake: Fix the test for fsetxattr and strerror_r + - curl.1: Fix cmdline-opts reference errors + - cmdline-opts/gen.pl: Warn if mutexes: or see-also: list non-existing options + - cmake: Check for getpwuid_r + - configure: Fix ssh2 linking when built with a static mbedtls + - psl: Use latest psl and refresh it periodically + - fnmatch: Insist on escaped bracket to match + - KNOWN_BUGS: Restore text regarding #2101 + - INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + - configure: Override AR_FLAGS to silence warning + - os400: Implement mime api EBCDIC wrappers + - curl.rc: Embed manifest for correct Windows version detection + - strictness: Correct {infof, failf} format specifiers + - tests: Update .gitignore for libtests + - configure: Check for declaration of getpwuid_r + - fnmatch: Use the system one if available + - CURLOPT_RESOLVE: Always purge old entry first + - multi: Remove a potentially bad DEBUGF() + - curl_addrinfo: Use same #ifdef conditions in source as header + - build: Remove the Borland specific makefiles + - axTLS: Not considered fit for use + - cmdline-opts/cert-type.d: Mention "p12" as a recognized type + - system.h: Add support for IBM xlc C compiler + - tests/libtest: Add lib1521 to nodist_SOURCES + - mk-ca-bundle.pl: Leave certificate name untouched + - boringssl + schannel: undef X509_NAME in lib/schannel.h + - openssl: Assume engine support in 1.0.1 or later + - cppcheck: Fix warnings + - test 46: Make test pass after year 2025 + - schannel: Support selecting ciphers + - Curl_debug: Remove dead printhost code + - test 1455: Unflakified + - Curl_init_do: Handle NULL connection pointer passed in + - progress: Remove a set of unused defines + - mk-ca-bundle.pl: Make -u delete certdata.txt if found not changed + - GOVERNANCE.md: Explains how this project is run + - configure: Use pkg-config for c-ares detection + - configure: Enhance ability to build with static openssl + - maketgz: Fix sed issues on OSX + - multi: Fix memory leak when stopped during name resolve + - CURLOPT_INTERFACE.3: Interface names not supported on Windows + - url: Fix dangling conn->data pointer + - cmake: Allow multiple SSL backends + - system.h: Fix for gcc on 32 bit OpenServer + - ConnectionExists: Make sure conn->data is set when "taking" a connection + - multi: Fix crash due to dangling entry in connect-pending list + - CURLOPT_SSL_VERIFYPEER.3: Add performance note + - netrc: Use a larger buffer to support longer passwords + - url: Check Curl_conncache_add_conn return code + - configure: Add dependent libraries after crypto + - easy_perform: Faster local name resolves by using *multi_timeout() + - getnameinfo: Not used, removed all configure checks + - travis: Add a build using the synchronous name resolver + - CURLINFO_TLS_SSL_PTR.3: Improve the example + - openssl: Allow TLS 1.3 by default + - openssl: Make the requested TLS version the *minimum* wanted + - openssl: Remove some dead code + - telnet: Fix clang warnings + - DEPRECATE: New doc describing planned item removals + - example/crawler.c: Simple crawler based on libxml2 + - libssh: Goto DISCONNECT state on error, not SESSION_FREE + - CMake: Remove unused functions + - darwinssl: Allow High Sierra users to build the code using GCC + - scripts: Include _curl as part of CLEANFILES + - examples: Fix -Wformat warnings + - curl_setup: Include <winerror.h> before <windows.h> + - schannel: Make more cipher options conditional + - CMake: Remove redundant and old end-of-block syntax + - post303.d: Clarify that this is an RFC violation +- Add patch to fix builds with openssl < 1.0.1 + +* Tue Jul 10 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-3.0.cf +- Disable flaky test 1455 +- Enable support for brotli compression in libcurl-full from F-29 onwards + +* Wed Jul 4 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-2.0.cf +- Do not hard-wire path of the Python 3 interpreter + +* Wed May 16 2018 Paul Howarth <paul@city-fan.org> - 7.60.0-1.0.cf +- Update to 7.60.0 + - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol + - Add --haproxy-protocol for the command line tool + - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses + - FTP: Shutdown response buffer overflow CVE-2018-1000300 + - RTSP: Bad headers buffer over-read CVE-2018-1000301 + - FTP: Fix typo in recursive callback detection for seeking + - test1208: Marked flaky + - HTTP: Make header-less responses still count correct body size + - user-agent.d: Mention --proxy-header as well + - http2: fixes typo + - cleanup: Misc typos in strings and comments + - rate-limit: Use three second window to better handle high speeds + - examples/hiperfifo.c: Improved + - pause: When changing pause state, update socket state + - multi: Improved pending transfers handling ⇒ improved performance + - curl_version_info.3: Fix ssl_version description + - add_handle/easy_perform: Clear errorbuffer on start if set + - darwinssl: Fix iOS build + - cmake: Add support for brotli + - parsedate: Support UT timezone + - vauth/ntlm.h: Fix the #ifdef header guard + - lib/curl_path.h: Added #ifdef header guard + - vauth/cleartext: Fix integer overflow check + - CURLINFO_COOKIELIST.3: Made the example not leak memory + - cookie.d: Mention that "-" as filename means stdin + - CURLINFO_SSL_VERIFYRESULT.3: Fixed the example + - http2: Read pending frames (including GOAWAY) in connection-check + - timeval: Remove compilation warning by casting + - cmake: Avoid warn-as-error during config checks + - travis-ci: Enable -Werror for CMake builds + - openldap: Fix for NULL return from ldap_get_attribute_ber() + - threaded resolver: Track resolver time and set suitable timeout values + - cmake: Add advapi32 as explicit link library for win32 + - docs: Fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T + - test1148: Set a fixed locale for the test + - cookies: When reading from a file, only remove_expired once + - cookie: Store cookies per top-level-domain-specific hash table + - openssl: Fix build with LibreSSL 2.7 + - tls: Fix mbedTLS 2.7.0 build + handle sha256 failures + - openssl: RESTORED verify locations when verifypeer==0 + - file: Restore old behaviour for file:////foo/bar URLs + - FTP: Allow PASV on IPv6 connections when a proxy is being used + - build-openssl.bat: Allow custom paths for VS and perl + - winbuild: Make the clean target work without build-type + - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 + - curl: Retry on FTP 4xx, ignore other protocols + - configure: Detect (and use) sa_family_t + - examples/sftpuploadresume: Fix Windows large file seek + - build: Clean up to fix clang warnings/errors + - winbuild: Updated the documentation + - lib: Silence null-dereference warnings + - travis: Bump to clang 6 and gcc 7 + - travis: Build libpsl and make builds use it + - proxy: Show getenv proxy use in verbose output + - duphandle: Make sure CURLOPT_RESOLVE is duplicated + - all: Refactor malloc+memset to use calloc + - checksrc: Fix typo + - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection + - vauth: Fix typo + - ssh: Show libSSH2 error code when closing fails + - test1148: Tolerate progress updates better + - urldata: Make service names unconditional + - configure: Keep LD_LIBRARY_PATH changes local + - ntlm_sspi: Fix authentication using Credential Manager + - schannel: Add client certificate authentication + - winbuild: Support custom devel paths for each dependency + - schannel: Add support for CURLOPT_CAINFO + - http2: Handle on_begin_headers() called more than once + - openssl: Support OpenSSL 1.1.1 verbose-mode trace messages + - openssl: Fix subjectAltName check on non-ASCII platforms + - http2: Avoid strstr() on data not zero terminated + - http2: Clear the "drain counter" when a stream is closed + - http2: Handle GOAWAY properly + - tool_help: Clarify --max-time unit of time is seconds + - curl.1: Clarify that options and URLs can be mixed + - http2: Convert an assert to run-time check + - curl_global_sslset: Always provide available backends + - ftplistparser: Keep state between invokes + - Curl_memchr: Zero length input can't match + - examples/sftpuploadresume: typecast fseek argument to long + - examples/http2-upload: Expand buffer to avoid silly warning + - ctype: Restore character classification for non-ASCII platforms + - mime: Avoid NULL pointer dereference risk + - cookies: Ensure that we have cookies before writing jar + - os400.c: Fix checksrc warnings + - configure: Provide --with-wolfssl as an alias for --with-cyassl + - cyassl: Adapt to libraries without TLS 1.0 support built-in + - http2: Get rid of another strstr + - checksrc: Force indentation of lines after an else + - cookies: Remove unused macro + - CURLINFO_PROTOCOL.3: Mention the existing defined names + - tests: Provide 'manual' as a feature to optionally require + - travis: Enable libssh2 on both macos and Linux + - CURLOPT_URL.3: Added ENCODING section + - wolfssl: Fix non-blocking connect + - vtls: Don't define MD5_DIGEST_LENGTH for wolfssl + - docs: Remove extraneous commas in man pages + - URL: Fix ASCII dependency in strcpy_url and strlen_url + - ssh-libssh.c: Fix left shift compiler warning + - configure: Only check for CA bundle for file-using SSL backends + - travis: Add an mbedtls build + - http: Don't set the "rewind" flag when not uploading anything + - configure: Put CURLDEBUG and DEBUGBUILD in lib/curl_config.h + - transfer: Don't unset writesockfd on setup of multiplexed conns + - vtls: Use unified "supports" bitfield member in backends + - URLs: Fix one more http url + - travis: Add a build using WolfSSL + - openssl: Change FILE ops to BIO ops + - travis: Add build using NSS + - smb: Reject negative file sizes + - cookies: Accept parameter names as cookie name + - http2: getsock fix for uploads + - All over: Fixed format specifiers + - http2: Use the correct function pointer typedef + +* Thu Mar 15 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-3.0.cf +- Run the test suite using Python 3 from Fedora 28 onwards + +* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-2.0.cf +- ftp: Fix typo in recursive callback detection for seeking + +* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 7.59.0-1.0.cf +- Update to 7.59.0 + - curl: Add --proxy-pinnedpubkey + - Added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T + - CURLOPT_RESOLVE: Add support for multiple IP addresses per entry + - Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS + - Add new tool option --happy-eyeballs-timeout-ms + - Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA + - openldap: Check ldap_get_attribute_ber() results for NULL before using + (fixes CVE-2018-1000121) + - FTP: Reject path components with control codes (fixes CVE-2018-1000120) + - readwrite: Make sure excess reads don't go beyond buffer end (fixes + CVE-2018-1000122) + - lib555: Drop text conversion and encode data as ASCII codes + - lib517: Make variable static to avoid compiler warning + - lib544: Sync ASCII code data with textual data + - GSKit: Restore pinnedpubkey functionality + - darwinssl: Don't import client certificates into Keychain on macOS + - parsedate: Fix date parsing for systems with 32 bit long + - openssl: Fix pinned public key build error in FIPS mode + - SChannel/WinSSL: Implement public key pinning + - cookies: Remove verbose "cookie size:" output + - progress-bar: Don't use stderr explicitly, use bar->out + - Fixes for MSDOS + - build: Open VC15 projects with VS 2017 + - curl_ctype: Private is*() type macros and functions + - configure: Set PATH_SEPARATOR to colon for PATH w/o separator + - winbuild: Make linker generate proper PDB + - curl_easy_reset: Clear digest auth state + - curl/curl.h: Fix comment typo for CURLOPT_DNS_LOCAL_IP6 + - range: Commonize FTP and FILE range handling + - progress-bar docs: Update to match implementation + - fnmatch: Do not match the empty string with a character set + - fnmatch: Accept an alphanum to be followed by a non-alphanum in char set + - build: Fix termios issue on android cross-compile + - getdate: Return -1 for out of range + - formdata: Use the mime-content type function + - time-cond: Fix reading the file modification time on Windows + - build-openssl.bat: Extend VC15 support to include Enterprise and Professional + - build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional + - openssl: Don't add verify locations when verifypeer==0 + - fnmatch: Optimize processing of consecutive *s and ?s pattern characters + - schannel: Fix compiler warnings + - content_encoding: Add "none" alias to "identity" + - get_posix_time: Only check for overflows if they can happen + - http_chunks: Don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING + - README: Language fix + - sha256: Build with OpenSSL < 0.9.8 + - smtp: Fix processing of initial dot in data + - --tlsauthtype: Works only if libcurl is built with TLS-SRP support + - tests: New tests for http raw mode + - libcurl-security.3: man page discussion security concerns when using libcurl + - curl_gssapi: Make sure this file too uses our *printf() + - BINDINGS: Fix curb link (and remove ruby-curl-multi) + - nss: Use PK11_CreateManagedGenericObject() if available + - travis: Add build with iconv enabled + - ssh: Add two missing state names + - CURLOPT_HEADERFUNCTION.3: Mention folded headers + - http: Fix the max header length detection logic + - header callback: Don't chop headers into smaller pieces + - CURLOPT_HEADER.3: Clarify problems with different data sizes + - curl --version: Show PSL if the run-time lib has it enabled + - examples/sftpuploadresume: Resume upload via CURLOPT_APPEND + - Return error if called recursively from within callbacks + - sasl: Prefer PLAIN mechanism over LOGIN + - winbuild: Use CALL to run batch scripts + - curl_share_setopt.3: Connection cache is shared within multi handles + - winbuild: Use macros for the names of some build utilities + - projects/README: Remove reference to dead IDN link/package + - lib655: Silence compiler warning + - configure: Fix version check for OpenSSL 1.1.1 + - docs/MANUAL: formfind.pl is not accessible on the site anymore + - unit1309: Fix warning on Windows x64 + - unit1307: Proper cleanup on OOM to fix torture tests + - curl_ctype: Fix macro redefinition warnings + - build: Get CFLAGS (including -werror) used for examples and tests + - NO_PROXY: Fix for IPv6 numericals in the URL + - krb5: Use nondeprecated functions + - winbuild: Prefer documented zlib library names + - http2: Mark the connection for close on GOAWAY + - limit-rate: Kick in even before "limit" data has been received + - HTTP: Allow "header;" to replace an internal header with a blank one + - http2: Verbose output new MAX_CONCURRENT_STREAMS values + - SECURITY: Distros' max embargo time is 14 days + - curl tool: Accept --compressed also if Brotli is enabled and zlib is not + - WolfSSL: Adding TLSv1.3 + - checksrc.pl: Add -i and -m options + - CURLOPT_COOKIEFILE.3: "-" as file name means stdin + +* Mon Mar 12 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-8.0.cf +- http2: mark the connection for close on GOAWAY + +* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-7.0.cf +- Add explicitly-used build requirements +- Fix libcurl soname version number in %%files list to avoid accidental soname + bumps + +* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-6.0.cf +- Drop ldconfig scriptlets from Fedora 28 onwards + +* Tue Feb 13 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-5.0.cf +- Drop temporary work around for ICE on x86_64 (#1540549) + +* Fri Feb 9 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 31 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-3.0.cf +- Temporarily work around internal compiler error on x86_64 (#1540549) +- Disable brp-ldconfig to make RemovePathPostfixes work with shared libs again + +* Thu Jan 25 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-2.0.cf +- Use libssh (instead of libssh2) to implement SCP/SFTP in libcurl from + Fedora 28 onwards (#1531483) + +* Wed Jan 24 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-1.0.cf +- Update to 7.58.0 + - New libssh-powered SSH SCP/SFTP back-end + - curl-config: Add --ssl-backends + - http2: Fix incorrect trailer buffer size (CVE-2018-1000005) + - http: Prevent custom Authorization headers in redirects (CVE-2018-1000007) + - travis: Add boringssl build + - examples/xmlstream.c: Don't switch off CURL_GLOBAL_SSL + - SSL: Avoid magic allocation of SSL backend specific data + - lib: Don't export all symbols, just everything curl_* + - libssh2: Send the correct CURLE error code on scp file not found + - libssh2: Return CURLE_UPLOAD_FAILED on failure to upload + - openssl: Enable pkcs12 in boringssl builds + - libssh2: Remove dead code from SSH_SFTP_QUOTE + - sasl_getmessage: Make sure we have a long enough string to pass + - conncache: Fix several lock issues + - threaded-shared-conn.c: New example + - conncache: Only allow multiplexing within same multi handle + - configure: Check for netinet/in6.h + - URL: Tolerate backslash after drive letter for FILE: + - openldap: Add commented out debug possibilities + - include: Get netinet/in.h before linux/tcp.h + - CONNECT: Keep close connection flag in http_connect_state struct + - BINDINGS: Another PostgreSQL client + - curl: Limit -# update frequency for unknown total size + - configure: Add AX_CODE_COVERAGE only if using gcc + - curl.h: Remove incorrect comment about ERRORBUFFER + - openssl: Improve data-pending check for https proxy + - curl: Remove __EMX__ #ifdefs + - CURLOPT_PRIVATE.3: Fix grammar + - sftp: Allow quoted commands to use relative paths + - CURLOPT_DNS_CACHE_TIMEOUT.3: See also CURLOPT_RESOLVE + - RESOLVE: Output verbose text when trying to set a duplicate name + - openssl: Disable file buffering for Win32 SSLKEYLOGFILE + - multi_done: Prune DNS cache + - tests: Update .gitignore for libtests + - tests: Mark data files as non-executable in git + - CURLOPT_DNS_LOCAL_IP4.3: Fixed the "SEE ALSO" to not self-reference + - curl.1: Documented two missing valid exit codes + - curl.1: Mention http:// and https:// as valid proxy prefixes + - vtls: Replaced getenv() with curl_getenv() + - setopt: Less *or equal* than INT_MAX/1000 should be fine + - examples/smtp-mail.c: Use separate defines for options and mail + - curl: Support >256 bytes warning messages + - conncache: Fix a return code + - krb5: Fix a potential access of uninitialized memory + - rand: Add a clang-analyzer work-around + - CURLOPT_READFUNCTION.3: Refer to argument with correct name + - brotli: Allow compiling with version 0.6.0 + - content_encoding: Rework zlib_inflate + - curl_easy_reset: Release mime-related data + - examples/rtsp: Fix error handling macros + - build-openssl.bat: Added support for VC15 + - build-wolfssl.bat: Added support for VC15 + - build: Added Visual Studio 2017 project files + - winbuild: Added support for VC15 + - curl: Support size modifiers for --max-filesize + - examples/cacertinmem: Ignore cert-already-exists error + - brotli: Data at the end of content can be lost + - curl_version_info.3: Call the argument 'age' + - openssl: Fix memory leak of SSLKEYLOGFILE filename + - build: Remove HAVE_LIMITS_H check + - --mail-rcpt: Fix short-text description + - scripts: Allow all perl scripts to be run directly + - progress: Calculate transfer speed on milliseconds if possible + - system.h: Check __LONG_MAX__ for defining curl_off_t + - easy: Fix connection ownership in curl_easy_pause + - setopt: Reintroduce non-static Curl_vsetopt() for OS400 support + - setopt: Fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values + - configure.ac: Append extra linker flags instead of prepending them + - HTTP: Bail out on negative Content-Length: values + - docs: Comment about CURLE_READ_ERROR returned by curl_mime_filedata + - mime: Clone mime tree upon easy handle duplication + - openssl: Enable SSLKEYLOGFILE support by default + - smtp/pop3/imap_get_message: Decrease the data length too... + - CURLOPT_TCP_NODELAY.3: Fix typo + - SMB: Fix numeric constant suffix and variable types + - ftp-wildcard: Fix matching an empty string with "*[^a]" + - curl_fnmatch: only allow 5 '*' sections in a single pattern + - openssl: Fix potential memory leak in SSLKEYLOGFILE logic + - SSH: Fix state machine for ssh-agent authentication + - examples/url2file.c: Add missing curl_global_cleanup() call + - http2: Don't close connection when single transfer is stopped + - libcurl-env.3: First version + - curl: Progress bar refresh, get width using ioctl() + - CONNECT_TO: Fail attempt to set an IPv6 numerical without IPv6 support + +* Wed Nov 29 2017 Paul Howarth <paul@city-fan.org> - 7.57.0-1.0.cf +- Update to 7.57.0 + - auth: Add support for RFC7616 - HTTP Digest access authentication + - share: Add support for sharing the connection cache + - HTTP: Implement Brotli content encoding + - Fix CVE-2017-8816: NTLM buffer overflow via integer overflow + - Fix CVE-2017-8817: FTP wildcard out of bounds read + - Fix CVE-2017-8818: SSL out of buffer access + - curl_mime_filedata.3: Fix typos + - libtest: Add required test libraries for lib1552 and lib1553 + - Fix time diffs for systems using unsigned time_t + - ftplistparser: Memory leak fix: always free temporary memory + - multi: Allow table handle sizes to be overridden + - wildcards: Don't use with non-supported protocols + - curl_fnmatch: Return error on illegal wildcard pattern + - transfer: Fix chunked-encoding upload too early exit + - curl_setup: Improve detection of CURL_WINDOWS_APP + - resolvers: Only include anything if needed + - setopt: Fix CURLOPT_SSH_AUTH_TYPES option read + - appveyor: Add a win32 build + - Curl_timeleft: Change return type to timediff_t + - cmake: Export libcurl and curl targets to use by other cmake projects + - curl: In -F option arg, comma is a delimiter for files only + - curl: Improved ";type=" handling in -F option arguments + - timeval: Use mach_absolute_time() on MacOS + - curlx: The timeval functions are no longer provided as curlx_* + - mkhelp.pl: Do not generate comment with current date + - memdebug: Use send/recv signature for curl_dosend/curl_dorecv + - cookie: Avoid NULL dereference + - url: Fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 + - include: Remove conncache.h inclusion from where it's not needed + - CURLOPT_MAXREDIRS: Allow -1 as a value + - tests: Fixed torture tests on tests 556 and 650 + - http2: Fixed OOM handling in upgrade request + - url: Fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 + - CURLOPT_INFILESIZE: Accept -1 + - curl: Pass through [] in URLs instead of calling globbing error + - curl: Speed up handling of many URLs + - ntlm: Avoid malloc(0) for zero length passwords + - url: Remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES + - HTTP: Support multiple Content-Encodings + - travis: Add a job with brotli enabled + - url: Remove unnecessary NULL-check + - fnmatch: Remove dead code + - connect: Store IPv6 connection status after valid connection + - imap: Deal with commands case insensitively + - --interface: Add support for Linux VRF + - content_encoding: Fix inflate_stream for no bytes available + - cmake: Correctly include curl.rc in Windows builds + - cmake: Add missing setmode check + - connect.c: Remove executable bit on file + - SMB: Fix uninitialized local variable + - zlib/brotli: Only include header files in modules needing them + - URL: Return error on malformed URLs with junk after IPv6 bracket + - openssl: Fix too broad use of HAVE_OPAQUE_EVP_PKEY + - macOS: Fix missing connectx function with Xcode version older than 9.0 + - --resolve: Allow IP address within [] brackets + - examples/curlx: Fix code style + - ntlm: Remove unnecessary NULL-check to please scan-build + - Curl_llist_remove: Fix potential NULL pointer deref + - mime: Fix "Value stored to 'sz' is never read" scan-build error + - openssl: Fix "Value stored to 'rc' is never read" scan-build error + - http2: Fix "Value stored to 'hdbuf' is never read" scan-build error + - http2: Fix "Value stored to 'end' is never read" scan-build error + - Curl_open: Fix OOM return error correctly + - url: Reject ASCII control characters and space in host names + - examples/rtsp: Clear RANGE again after use + - connect: Improve the bind error message + - make: Fix "make distclean" + - connect: Add support for new TCP Fast Open API on Linux + - metalink: Fix memory leak and NULL pointer dereference + - URL: Update "file:" URL handling + - ssh: Remove check for a NULL pointer + - global_init: Ignore CURL_GLOBAL_SSL's absence + +* Mon Oct 23 2017 Paul Howarth <paul@city-fan.org> - 7.56.1-1.0.cf +- Update to 7.56.1 + - imap: If a FETCH response has no size, don't call write callback + (CVE-2017-1000257) + - ftp: UBsan fixup 'pointer index expression overflowed + - failf: Skip the sprintf() if there are no consumers + - fuzzer: Move to using external curl-fuzzer + - lib/Makefile.m32: Allow customizing dll suffixes + - docs: Fix typo in curl_mime_data_cb man page + - darwinssl: Add support for TLSv1.3 + - build: Fix --disable-crypto-auth + - lib/config-win32.h: Let SMB/SMBS be enabled with OpenSSL/NSS + - openssl: Fix build without HAVE_OPAQUE_EVP_PKEY + - strtoofft: Remove extraneous null check + - multi_cleanup: Call DONE on handles that never got that + - tests: Added flaky keyword to tests 587 and 644 + - pingpong: Return error when trying to send without connection + - remove_handle: Call multi_done() first, then clear dns cache pointer + - mime: Be tolerant about setting twice the same header list in a part + - mime: Improve unbinding top multipart from easy handle. + - mime: Avoid resetting a part's encoder when part's contents change + - mime: Refuse to add subparts to one of their own descendants + - RTSP: Avoid integer overflow on funny RTSP responses + - curl: Don't pass semicolons when parsing Content-Disposition + - openssl: Enable PKCS12 support for !BoringSSL + - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION + - CURLOPT_NOPROGRESS.3: Also refer to xferinfofunction + - CURLOPT_XFERINFODATA.3: Fix duplicate see also + - test298: Verify --ftp-method nowcwd with URL encoded path + - FTP: URL decode path for dir listing in nocwd mode + - smtp_done: Fix memory leak on send failure + - ftpserver: Support case insensitive commands + - test950: Verify SMTP with custom request + - openssl: Don't use old BORINGSSL_YYYYMM macros + - setopt: Update current connection SSL verify params + - winbuild/BUILD.WINDOWS.txt: Mention WITH_NGHTTP2 + - curl: Reimplement stdin buffering in -F option + - mime: Keep "text/plain" content type if user-specified + - mime: Fix the content reader to handle >16K data properly + - configure: Remove the C++ compiler check + - memdebug: Trace send, recv and socket + - runtests: Use valgrind for torture as well + - ldap: Silence clang warning + - makefile.m32: Allow to override gcc, ar and ranlib + - setopt: Avoid integer overflows when setting millsecond values + - setopt: Range check most long options + - ftp: Reject illegal IP/port in PASV 227 response + - mime: Do not reuse previously computed multipart size + - vtls: Change struct Curl_ssl 'close' field name to 'close_one' + - os400: Add missing symbols in config file + - mime: Limit bas64-encoded lines length to 76 characters + - mk-ca-bundle: Remove URL for aurora + - mk-ca-bundle: Fix URL for NSS + +* Wed Oct 4 2017 Paul Howarth <paul@city-fan.org> - 7.56.0-1.0.cf +- Update to 7.56.0 + - curl: Enable compression for SCP/SFTP with --compressed-ssh + - libcurl: Enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION + - vtls: Added dynamic changing SSL backend with curl_global_sslset() + - New MIME API, curl_mime_init() and friends + - openssl: Initial SSLKEYLOGFILE implementation + - FTP: zero terminate the entry path even on bad input (CVE-2017-1000254) + - examples/ftpuploadresume.c: Use portable code + - runtests: Match keywords case insensitively + - travis: Build the examples too + - strtoofft: Reduce integer overflow risks globally + - zsh.pl: Produce a working completion script again + - cmake: Remove dead code for CURL_DISABLE_RTMP + - progress: Track total times following redirects + - configure: Fix --disable-threaded-resolver + - cmake: Remove dead code for DISABLED_THREADSAFE + - configure: Fix clang version detection + - darwinssl: Fix error: variable length array used + - travis: Add metalink to some osx builds + - configure: Check for __builtin_available() availability + - http_proxy: Fix build error for CURL_DOES_CONVERSIONS + - examples/ftpuploadresume: checksrc compliance + - ftp: Fix CWD when doing multicwd then nocwd on same connection + - system.h: Remove all CURL_SIZEOF_* defines + - http: Don't wait on CONNECT when there is no proxy + - system.h: Check for __ppc__ as well + - http2_recv: Return error better on fatal h2 errors + - scripts/contri*sh: Use "git log --use-mailmap" + - tftp: Fix memory leak on too long filename + - system.h: Fix build for hppa + - cmake: Enable picky compiler options with clang and gcc + - makefile.m32: Add support for libidn2 + - curl: Turn off MinGW CRT's globbing + - request-target.d: Mention added in 7.55.0 + - curl: Shorten and clean up CA cert verification error message + - imap: Support PREAUTH + - CURLOPT_USERPWD.3: See also CURLOPT_PROXYUSERPWD + - examples/threaded-ssl: Mention that this is for openssl before 1.1 + - winbuild: Fix embedded manifest option + - tests: Make sure libtests and unittests call curl_global_cleanup() + - system.h: include sys/poll.h for AIX + - darwinssl: Handle long strings in TLS certs + - strtooff: Fix build for systems with long long but no strtoll + - asyn-thread: Improved cleanup after OOM situations + - HELP-US.md: "How to get started helping out in the curl project" + - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value + - unit1301: Fix error message on first test + - ossfuzz: Moving towards the ideal integration + - http: Fix a memory leakage in checkrtspprefix() + - examples/post-callback: Stop returning one byte at a time + - schannel: return CURLE_SSL_CACERT on failed verification + - MAIL-ETIQUETTE: Added "1.9 Your emails are public" + - http-proxy: Treat all 2xx as CONNECT success + - openssl: Use OpenSSL's default ciphers by default + - runtests.pl: Support attribute "nonewline" in part verify/upload + - configure: Remove --enable-soname-bump and SONAME_BUMP + - travis: Add c-ares enabled builds linux + osx + - vtls: Fix WolfSSL 3.12 build problems + - http-proxy: When not doing CONNECT, that phase is done immediately + - configure: Fix curl_off_t check's include order + - configure: Use -Wno-varargs on clang 3.9[.X] debug builds + - rtsp: Do not call fwrite() with NULL pointer FILE * + - mbedtls: Enable CA path processing + - travis: Add build without HTTP/SMTP/IMAP + - checksrc: Verify more code style rules + - HTTP proxy: On connection re-use, still use the new remote port + - tests: Add initial gssapi test using stub implementation + - rtsp: Segfault when using WRITEDATA + - docs: Clarify the CURLOPT_INTERLEAVE* options behavior + - non-ascii: Use iconv() with 'char **' argument + - server/getpart: Provide dummy function to build conversion enabled + - conversions: Fix several compiler warnings + - openssl: Add missing includes + - schannel: Support partial send for when data is too large + - socks: Fix incorrect port number in SOCKS4 error message + - curl: Fix integer overflow in timeout options +- Re-enable temporarily disabled IDN2 test-cases + +* Tue Aug 29 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-5.0.cf +- Fix NetworkManager connectivity check not working (#1485702) + +* Wed Aug 23 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-3.0.cf +- Utilize system wide crypto policies for TLS (#1483972) + +* Tue Aug 15 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-2.0.cf +- Make zsh completion work again + +* Mon Aug 14 2017 Paul Howarth <paul@city-fan.org> - 7.55.1-1.0.cf +- Update to 7.55.1 + - build: Fix 'make install' with configure, install docs/libcurl/* too + - make install: Add 8 missing man pages to the installation + - curl: Do bounds check using a double comparison + - dist: Add dictserver.py/negtelnetserver.py to release + - digest_sspi: Don't reuse context if the user/passwd has changed + - gitignore: Ignore top-level .vs folder + - build: Check out *.sln files with Windows line endings + - travis: Verify "make install" + - dist: Fix the cmake build by shipping cmake_uninstall.cmake.in too + - metalink: Fix error: ‘*’ in boolean context, suggest ‘&&’ instead + - configure: Use the threaded resolver backend by default if possible + - mkhelp.pl: Allow executing this script directly + - maketgz: Remove old *.dist files before making the tarball + - openssl: Remove CONST_ASN1_BIT_STRING + - openssl: Fix "error: this statement may fall through" + - proxy: Fix memory leak in case of invalid proxy server name + - curl/system.h: Support more architectures (OpenRISC, ARC) + - docs: Fix typos + - curl/system.h: Add Oracle Solaris Studio + - CURLINFO_TOTAL_TIME: Could wrongly return 4200 seconds + - docs: --connect-to clarified + - cmake: Allow user to override CMAKE_DEBUG_POSTFIX + - travis: Test cmake build on tarball too + - redirect: Make it handle absolute redirects to IDN names + - curl/system.h: Fix for gcc on PowerPC + - curl --interface: Fixed for IPV6 unique local addresses + - cmake: threads detection improvements + +* Wed Aug 9 2017 Paul Howarth <paul@city-fan.org> - 7.55.0-1.1.cf +- Address some test suite issues + +* Wed Aug 9 2017 Paul Howarth <paul@city-fan.org> - 7.55.0-1.0.cf +- Update to 7.55.0 + New Features: + - curl: Allow --header and --proxy-header read from file + - getinfo: Provide sizes as curl_off_t + - curl: Prevent binary output spewed to terminal + - curl: Added --request-target + - libcurl: Added CURLOPT_REQUEST_TARGET + - curl: Added --socks5-{basic,gssapi}: control socks5 auth + - libcurl: Added CURLOPT_SOCKS5_AUTH + Bug Fixes: + - glob: Do not parse after a strtoul() overflow range (CVE-2017-1000101) + - tftp: Reject file name lengths that don't fit (CVE-2017-1000100) + - file: Output the correct buffer to the user (CVE-2017-1000099) + - includes: Remove curl/curlbuild.h and curl/curlrules.h + - dist: Make the hugehelp.c not get regenerated unnecessarily + - timers: Store internal time stamps as time_t instead of doubles + - progress: Let "current speed" be UL + DL speeds combined + - http-proxy: Do the HTTP CONNECT process entirely non-blocking + - lib/curl_setup.h: Remove CURL_WANTS_CA_BUNDLE_ENV + - fuzz: Bring oss-fuzz initial code converted to C89 + - configure: Disable nghttp2 too if HTTP has been disabled + - mk-ca-bundle.pl: Check curl's exit code after certdata download + - test1148: Verify the -# progressbar + - tests: Stabilize test 2032 and 2033 + - HTTPS-Proxy: Don't offer h2 for https proxy connections + - http-proxy: Only attempt FTP over HTTP proxy + - curl-compilers.m4: Enable vla warning for clang + - curl-compilers.m4: Enable double-promotion warning + - curl-compilers.m4: Enable missing-variable-declarations clang warning + - curl-compilers.m4: Enable comma clang warning + - Makefile.m32: Enable -W for MinGW32 build + - CURLOPT_PREQUOTE: Not supported for SFTP + - http2: Fix OOM crash + - PIPELINING_SERVER_BL: Clean up the internal list use + - mkhelp.pl: Fix script name in usage text + - lib1521: Add curl_easy_getinfo calls to the test set + - travis: Do the distcheck test build out-of-tree as well + - if2ip: Fix compiler warning in ISO C90 mode + - lib: Fix the djgpp build + - typecheck-gcc: Add support for CURLINFO_OFF_T + - travis: Enable typecheck-gcc warnings + - maketgz: Switch to xz instead of lzma + - CURLINFO_REDIRECT_URL.3: Mention the CURLOPT_MAXREDIRS case + - curl-compilers.m4: Fix unknown-warning-option on Apple clang + - winbuild: Fix boringssl build + - curl/system.h: Add check for XTENSA for 32bit gcc + - test1537: Fixed memory leak on OOM + - test1521: Fix compiler warnings + - curl: Fix memory leak on test 1147 OOM + - libtest/make: Generate lib1521.c dynamically at build-time + - curl_strequal.3: Fix typo in SYNOPSIS + - progress: Prevent resetting t_starttransfer + - openssl: Improve fallback seed of PRNG with a time based hash + - http2: Improved PING frame handling + - test1450: Add simple testing for DICT + - make: Build the docs subdir only from within src + - cmake: Added compatibility options for older Windows versions + - gtls: Fix build when sizeof(long) < sizeof(void *) + - url: Make the original string get used on subsequent transfers + - timeval.c: Use long long constant type for timeval assignment + - tool_sleep: Typecast to avoid macos compiler warning + - travis.yml: Use --enable-werror on debug builds + - test1451: Add SMB support to the testbed + - configure: Remove checks for 5 functions never used + - configure: Try ldap/lber in reversed order first + - smb: Fix build for djgpp/MSDOS + - travis: Install nghttp2 on linux builds + - smb: Add support for CURLOPT_FILETIME + - cmake: Fix send/recv argument scanner for windows + - inet_pton: Fix include on windows to get prototype + - select.h: Avoid macro redefinition harder + - cmake: If inet_pton is used, bump _WIN32_WINNT + - asyn-thread.c: Fix unused variable warnings on macOS + - runtests: Support "threaded-resolver" as a feature + - test506: Skip if threaded-resolver + - cmake: Remove spurious "-l" from linker flags + - cmake: Add CURL_WERROR for enabling "warning as errors" + - memdebug: Don't setbuf() if the file open failed + - curl_easy_escape.3: Mention the (lack of) encoding + - test1452: Add telnet negotiation + - CURLOPT_POSTFIELDS.3: Explain the 100-continue magic better + - cmake: Offer CMAKE_DEBUG_POSTFIX when building with MSVC + - tests/valgrind.supp: Suppress OpenSSL false positive seen on travis + - curl_setup_once: Remove ERRNO/SET_ERRNO macros + - curl-compilers.m4: Disable warning spam with Cygwin's clang + - ldap: Fix MinGW compiler warning + - make: Fix docs build on OpenBSD + - curl_setup: Always define WIN32_LEAN_AND_MEAN on Windows + - system.h: include winsock2.h before windows.h + - winbuild: Build with warning level 4 + - rtspd: Fix MSVC level 4 warning + - sockfilt: Suppress conversion warning with explicit cast + - libtest: Fix MSVC warning C4706 + - darwinssl: Fix pinnedpubkey build error + - tests/server/resolve.c: Fix deprecation warning + - nss: Fix a possible use-after-free in SelectClientCert() + - checksrc: Escape open brace in regex + - multi: Mention integer overflow risk if using > 500 million sockets + - darwinssl: Fix --tlsv1.2 regression + - timeval: struct curltime is a struct timeval replacement + - curl_rtmp: Fix a compiler warning + - include.d: Clarify that it concerns the response headers + - cmake: Support make uninstall + - include.d: Clarify --include is only for response headers + - libcurl: Stop using error codes defined under CURL_NO_OLDIES + - http: Fix response code parser to avoid integer overflow + - configure: Fix the check for IdnToUnicode + - multi: Fix request timer management + - curl_threads: Fix MSVC compiler warning + - travis: Build on osx with openssl + - travis: Build on osx with libressl + - CURLOPT_NETRC.3: Mention the file name on Windows + - cmake: Set MSVC warning level to 4 + - netrc: Skip lines starting with '#' + - darwinssl: Fix curlssl_sha256sum() compiler warnings on first argument + - BUILD.WINDOWS: Mention buildconf.bat for builds off git + - darwinssl: Silence compiler warnings + - travis: Build on osx with darwinssl + - FTP: Skip unnecessary CWD when in nocwd mode + - gssapi: Fix memory leak of output token in multi round context + - getparameter: Avoid returning uninitialized 'usedarg' + - curl (debug build) easy_events: Make event data static + - curl: Detect and bail out early on parameter integer overflows + - configure: Fix recv/send/select detection on Android +- Drop curlbuild.h multilib hacks +- Re-enable now-stabilized test 2033 +- Disable test 1427 on i686 (failing just-added test) +- Manually install the libcurl manpages since upstream has accidentally stopped + doing so + +* Thu Aug 3 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-8.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-7.0.cf +- Enable separate debuginfo back + +* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-5.0.cf +- Avoid build failure caused by broken RPM code that produces debuginfo + packages (https://github.com/rpm-software-management/rpm/issues/280) + +* Wed Jul 26 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-3.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 19 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-2.0.cf +- Enforce versioned openssl-libs dependency for libcurl (#1462184) + +* Wed Jun 14 2017 Paul Howarth <paul@city-fan.org> - 7.54.1-1.0.cf +- Update to 7.54.1 + - CVE-2017-9502: file: URL buffer overflow + - curl: Show the libcurl release date in --version output + - openssl: Fix memory leak in servercert + - tests: Remove the html and PDF versions from the tarball + - mbedtls: Enable NTLM (and SMB) even if MD4 support is unavailable + - typecheck-gcc: Handle function pointers properly + - llist: No longer uses malloc + - gnutls: Removed some code when --disable-verbose is configured + - lib: Fix maybe-uninitialized warnings + - multi: Clarify condition in curl_multi_wait + - schannel: Don't treat encrypted partial record as pending data + - configure: Fix the -ldl check for openssl, add -lpthread check + - configure: Accept -Og and -Ofast GCC flags + - Makefile: Avoid use of GNU-specific form of $< + - if2ip: Fix -Wcast-align warning + - configure: Stop prepending to LDFLAGS, CPPFLAGS + - curl: Set a 100K buffer size by default + - typecheck-gcc: Fix _curl_is_slist_info + - nss: Do not leak PKCS #11 slot while loading a key + - nss: Load libnssckbi.so if no other trust is specified + - examples: ftpuploadfrommem.c + - url: Declare get_protocol_family() static + - examples/cookie_interface.c: Changed to example.com + - test1443: Test --remote-time + - curl: Use utimes instead of obsolescent utime when available + - url: Fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE + - curl_rtmp: Fix missing-variable-declarations warnings + - tests: Fixed OOM handling of unit tests to abort test + - curl_setup: Ensure no more than one IDN lib is enabled + - tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS + - CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size + - curl: Non-boolean command line args reject --no- prefixes + - telnet: Write full buffer instead of byte-by-byte + - typecheck-gcc: Add missing string options + - typecheck-gcc: Add support for CURLINFO_SOCKET + - opt man pages: They all have examples now + - curl_setup_once: Use SEND_QUAL_ARG2 for swrite + - test557: Set a known good numeric locale + - schannel: Return a more specific error code for SEC_E_UNTRUSTED_ROOT + - tests/server: Make string literals const + - runtests: Use -R for random order + - unit1305: Fix compiler warning + - curl_slist_append.3: Clarify a NULL input creates a new list + - tests/server: Run checksrc by default in debug-builds + - tests: Fix -Wcast-qual warnings + - runtests.pl: Simplify the datacheck read section + - curl: Remove --environment and tool_writeenv.c + - buildconf: Fix hang on IRIX + - tftp: Silence bad-function-cast warning + - asyn-thread: Fix unused macro warnings + - tool_parsecfg: Fix -Wcast-qual warning + - sendrecv: Fix MinGW-w64 warning + - test537: Use correct variable type + - rand: Treat fake entropy the same regardless of endianness + - curl: Generate the --help output + - tests: Removed redundant --trace-ascii arguments + - multi: Assign IDs to all timers and make each timer singleton + - multi: Use a fixed array of timers instead of malloc + - mbedtls: Support server renegotiation request + - pipeline: Fix mistakenly trying to pipeline POSTs + - lib510: Don't write past the end of the buffer if it's too small + - CURLOPT_HTTPPROXYTUNNEL.3: Clarify, add example + - SecureTransport/DarwinSSL: Implement public key pinning + - curl.1: Clarify --config + - curl_sasl: Fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM + - darwinssl: Fix exception when processing a client-side certificate + - curl.1: Mention --oauth2-bearer's <token> argument + - mkhelp.pl: Do not add current time into curl binary + - asiohiper.cpp / evhiperfifo.c: Deal with negative timerfunction input + - ssh: Fix memory leak in disconnect due to timeout + - tests: Stabilize test 1034 + - cmake: Auto detection of CURL_CA_BUNDLE/CURL_CA_PATH + - assert: Avoid, use DEBUGASSERT instead + - LDAP: Using ldap_bind_s on Windows with methods + - redirect: Store the "would redirect to" URL when max redirs is reached + - winbuild: Fix the nghttp2 build + - examples: Fix -Wimplicit-fallthrough warnings + - time: Fix type conversions and compiler warnings + - mbedtls: Fix variable shadow warning + - test557: Fix ubsan runtime error due to int left shift + - transfer: Init the infilesize from the postfields + - docs: Clarify NO_PROXY further + - build-wolfssl: Sync config with wolfSSL 3.11 + - curl-compilers.m4: Enable -Wshift-sign-overflow for clang + - example/externalsocket.c: Make it use CLOSESOCKETFUNCTION too + - lib574.c: Use correct callback proto + - lib583: Fix compiler warning + - curl-compilers.m4: Fix compiler_num for clang + - typecheck-gcc.h: Separate getinfo slist checks from other pointers + - typecheck-gcc.h: Check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION + - typecheck-gcc.h: Check CURLINFO_CERTINFO + - build: Provide easy code coverage measuring + - test1537: Dedicated tests of the URL (un)escape API calls + - curl_endian: Remove unused functions + - test1538: Verify the libcurl strerror API calls + - MD(4|5): Silence cast-align clang warning + - dedotdot: Fixed output for ".." and "." only input + - cyassl: Define build macros before including ssl.h + - updatemanpages.pl: Error out on too old git version + - curl_sasl: Fix unused-variable warning + - x509asn1: Fix implicit-fallthrough warning with GCC 7 + - libtest: Fix implicit-fallthrough warnings with GCC 7 + - BINDINGS: Add Ring binding + - curl_ntlm_core: Pass unsigned char to toupper + - test1262: Verify ftp download with -z for "if older than this" + - test1521: Test all curl_easy_setopt options + - typecheck-gcc: Allow CURLOPT_STDERR to be NULL too + - metalink: Remove unused printf() argument + - file: Make speedcheck use current time for checks + - configure: Fix link with librtmp when specifying path + - examples/multi-uv.c: Fix deprecated symbol + - cmake: Fix inconsistency regarding mbed TLS include directory + - setopt: Check CURLOPT_ADDRESS_SCOPE option range + - gitignore: Ignore all vim swap files + - urlglob: Fix division by zero + - libressl: OCSP and intermediate certs workaround no longer needed +- New test 1446 segfaulting on builds for older distributions, so disable for + now +- Update patches as needed + +* Thu May 4 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-4.0.cf +- Make curl-minimal require a new enough version of libcurl + +* Sat Apr 29 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-3.1.cf +- Don't require nss-pem for OpenSSL builds + +* Thu Apr 27 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-3.0.cf +- Switch the TLS backend back to OpenSSL for Fedora 27 onwards (#1445153) + +* Tue Apr 25 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-2.0.cf +- nss: use libnssckbi.so as the default source of trust +- nss: do not leak PKCS #11 slot while loading a key (#1444860) + +* Wed Apr 19 2017 Paul Howarth <paul@city-fan.org> - 7.54.0-1.0.cf +- Update to 7.54.0 + - Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION + - Add --max-tls + - Add CURLOPT_SUPPRESS_CONNECT_HEADERS + - Add --suppress-connect-headers + - CVE-2017-7468: switch off SSL session id when client cert is used + - cmake: Replace invalid UTF-8 byte sequence + - tests: Use consistent environment variables for setting charset + - proxy: Fixed a memory leak on OOM + - ftp: Removed an erroneous free in an OOM path + - docs: De-duplicate file lists in the Makefiles + - ftp: Fixed a NULL pointer dereference on OOM + - gopher: Fixed detection of an error condition from Curl_urldecode + - url: Fix unix-socket support for proxy-disabled builds + - test1139: Allow for the possibility that the man page is not rebuilt + - cyassl: Get library version string at runtime + - digest_sspi: Fix compilation warning + - tests: Enable HTTP/2 tests to run with non-default port numbers + - warnless: Suppress compiler warning + - darwinssl: Warn that disabling host verify also disables SNI + - configure: Fix for --enable-pthreads + - checksrc.bat: Ignore curl_config.h.in, curl_config.h + - no-keepalive.d: Fix typo + - configure: Fix --with-zlib when a path is specified + - build: Fix gcc7 implicit fallthrough warnings + - Fix potential use of uninitialized variables + - CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors + - CMake: Reorganize SSL support, separate WinSSL and SSPI + - CMake: Add DarwinSSL support + - CMake: Add mbedTLS support + - ares: Return error at once if timed out before name resolve starts + - BINDINGS: Added C++, perl, go and Scilab bindings + - URL: Return error on malformed URLs with junk after port number + - KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password + - http2: Fix assertion error on redirect with CL=0 + - updatemanpages.pl: Update man pages to use current date and versions + - --insecure: Clarify that this option is for server connections + - mkhelp: Simplified the gzip code + - build: Fixed making man page in out-of-tree tarball builds + - tests: Disabled 1903 due to flakiness + - openssl: Add two /* FALLTHROUGH */ to satisfy coverity + - cmdline-opts: Fixed a few typos + - authneg: Clear auth.multi flag at http_done + - curl_easy_reset: Also reset the authentication state + - proxy: Skip SSL initialization for closed connections + - http_proxy: Ignore TE and CL in CONNECT 2xx responses + - tool_writeout: Fixed a buffer read overrun on --write-out + - make: Regenerate docs/curl.1 by running make in docs + - winbuild: Add basic support for OpenSSL 1.1.x + - build: Removed redundant DEPENDENCIES from makefiles + - CURLINFO_LOCAL_PORT.3: Added example + - curl: Show HTTPS-Proxy options on CURLE_SSL_CACERT + - tests: Strip more options from non-HTTP --libcurl tests + - tests: Fixed the documented test server port numbers + - runtests.pl: Fixed display of the Gopher IPv6 port number + - multi: Fix streamclose() crash in debug mode + - cmake: Build manual pages + - cmake: Add support for building HTML and PDF docs + - mbedtls: Add support for CURLOPT_SSL_CTX_FUNCTION + - make: Introduce 'test-nonflaky' target + - CURLINFO_PRIMARY_IP.3: Add example + - tests/README: Mention nroff for --manual tests + - mkhelp: Disable compression if the perl gzip module is unavailable + - openssl: Fall back on SSL_ERROR_* string when no error detail + - asiohiper: Make sure socket is open in event_cb + - tests/README: Make "Run" section foolproof + - curl: Check for end of input in writeout backslash handling + - .gitattributes: Turn off CRLF for *.am + - multi: Fix MinGW-w64 compiler warnings + - schannel: Fix variable shadowing warning + - openssl: Exclude DSA code when OPENSSL_NO_DSA is defined + - http: Fix proxy connection reuse with basic-auth + - pause: Handle mixed types of data when paused + - http: Do not treat FTPS over CONNECT as HTTPS + - conncache: Make hashkey avoid malloc + - make: Use the variable MAKE for recursive calls + - curl: Fix callback argument inconsistency + - NTLM: Check for features with #ifdef instead of #if + - cmake: Add several missing files to the dist + - select: Use correct SIZEOF_ constant + - connect: Fix unreferenced parameter warning + - schannel: Fix unused variable warning + - gcc7: Fix ‘*’ in boolean context + - http2: Silence unused parameter warnings + - ssh: Fix narrowing conversion warning + - telnet: (win32) Fix read callback return variable + - docs: Explain --fail-early does not imply --fail + - docs: Added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 + - tests/server/util: Remove in6addr_any for recent MinGW + - multi: Make curl_multi_wait avoid malloc in the typical case + - include: curl/system.h is a run-time version of curlbuild.h + - easy: Silence compiler warning + - llist: Replace Curl_llist_alloc with Curl_llist_init + - hash: Move key into hash struct to reduce mallocs + - url: Don't free postponed data on connection reuse + - curl_sasl: Declare mechtable static + - curl: Fix Windows Unicode build + - multi: Fix queueing of pending easy handles + - tool_operate: Fix MinGW compiler warning + - low_speed_limit: Improved function for longer time periods + - gtls: Fix compiler warning + - sspi: Print out InitializeSecurityContext() error message + - schannel: Fix compiler warnings + - vtls: fix unreferenced variable warnings + - INSTALL.md: Fix secure transport configure arguments + - CURLINFO_SCHEME.3: Fix variable type + - libcurl-thread.3: Also mention threaded-resolver + - nss: Load CA certificates even with --insecure + - openssl: Fix this statement may fall through + - poll: Prefer <poll.h> over <sys/poll.h> + - polarssl: Unbreak build with versions < 1.3.8 + - Curl_expire_latest: Ignore already expired timers + - configure: Turn implicit function declarations into errors + - mbedtls: Fix memory leak in error path + - http2: Fix handle leak in error path + - .gitattributes: Force shell scripts to LF + - configure.ac: Ignore CR after version numbers + - extern-scan.pl: Strip trailing CR + - openssl: Make SSL_ERROR_to_str more future-proof + - openssl: Fix thread-safety bugs in error-handling + - openssl: Don't try to print nonexistant peer private keys + - nss: Fix MinGW compiler warnings +- Switch to lzma-compressed upstream tarball + +* Thu Apr 13 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-7.0.cf +- Provide (lib)curl-minimal subpackages with lightweight build of (lib)curl + (Fedora 27 onwards) + +* Mon Apr 10 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-5.0.cf +- Disable upstream test 2033 (flaky test for HTTP/1 pipelining) + +* Fri Apr 7 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-4.0.cf +- Fix out of bounds read in curl --write-out (CVE-2017-7407) +- Make the dependency on nss-pem arch-specific from F-25 onwards (#1428550) +- Drop support for EOL distributions prior to F-13 + - Drop BuildRoot: and Group: tags + - Drop buildroot cleaning in %%install + - Drop explicit %%clean section + - Drop explicit dependency on pkgconfig + +* Thu Mar 2 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-2.0.cf +- Rebuild to sync with Rawhide + +* Fri Feb 24 2017 Paul Howarth <paul@city-fan.org> - 7.53.1-1.0.cf +- Update to 7.53.1 + - cyassl: Fix typo + - url: Improve CURLOPT_PROXY_CAPATH error handling + - urldata: Include curl_sspi.h when Windows SSPI is enabled + - formdata: check for EOF when reading from stdin + - tests: Set CHARSET and LANG to UTF-8 in 1035, 2046 and 2047 + - url: Default the proxy CA bundle location to CURL_CA_BUNDLE + - rand: Added missing #ifdef HAVE_FCNTL_H around fcntl.h header + +* Wed Feb 22 2017 Paul Howarth <paul@city-fan.org> - 7.53.0-1.0.cf +- Update to 7.53.0 + - CVE-2017-2629: Make SSL_VERIFYSTATUS work again + - unix_socket: Added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET + - CURLOPT_BUFFERSIZE: Support enlarging receive buffer + - gnutls-random: Check return code for failed random + - openssl-random: Check return code when asking for random + - http: Remove "Curl_http_done: called premature" message + - cyassl: Use time_t instead of long for timeout + - build-wolfssl: Sync config with wolfSSL 3.10 + - ftp-gss: Check for init before use + - configure: Accept --with-libidn2 instead + - ftp: Failure to resolve proxy should return that error code + - curl.1: Add three more exit codes + - docs/ciphers: Link to our own new page about ciphers + - vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl + - darwinssl: Fix iOS build + - darwinssl: Fix CFArrayRef leak + - cmake: Use crypt32.lib when building with OpenSSL on windows + - curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked + - digest_sspi: Copy terminating NUL as well + - curl: Fix --remote-time incorrect times on Windows + - curl.1: Several updates and corrections + - content_encoding: Change return code on a failure + - curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use + - docs: TCP_KEEPALIVE start and interval default to 60 + - darwinssl: --insecure overrides --cacert if both settings are in use + - TheArtOfHttpScripting: Grammar + - CIPHERS.md: Document GSKit ciphers + - wolfssl: Support setting cipher list + - wolfssl: Display negotiated SSL version and cipher + - lib506: Fix build for Open Watcom + - asiohiper: Improved socket handling + - examples: Make the C++ examples follow our code style too + - tests/sws: Retry send() on EWOULDBLOCK + - cmake: Fix passing _WINSOCKAPI_ macro to compiler + - smtp: Fix STARTTLS denied error message + - imap/pop3: Don't print response character in STARTTLS denied messages + - rand: Make it work without TLS backing + - url: Fix parsing for when 'file' is the default protocol + - url: Allow file://X:/path URLs on windows again + - gnutls: Check for alpn and ocsp in configure + - IDN: Use TR46 'non-transitional' for toASCII translations + - url: Fix NO_PROXY env var to work properly with --proxy option + - CURLOPT_PREQUOTE.3: Takes a struct curl_slist*, not a char* + - docs: Add note about libcurl copying strings to CURLOPT_* manpages + - curl: Reset the easy handle at --next + - --next docs: --trace and --trace-ascii are also global + - --write-out docs: 'time_total' is not always shown with ms precision + - http: Print correct HTTP string in verbose output when using HTTP/2 + - docs: Improved language in README.md HISTORY.md CONTRIBUTE.md + - http2: Disable server push if not requested + - nss: Use the correct lock in nss_find_slot_by_name() + - usercertinmem.c: Improve the short description + - CURLOPT_CONNECT_TO: Fix compile warnings + - docs: Non-blocking SSL handshake is now supported with NSS + - *.rc: Escape non-ASCII/non-UTF-8 character for clarity + - mbedTLS: Fix multi interface non-blocking handshake + - PolarSSL: Fix multi interface non-blocking handshake + - VC: Remove the makefile.vc6 build infra + - telnet: Fix windows compiler warnings + - cookies: Do not assume a valid domain has a dot + - polarssl: Fix hangs + - gnutls: Disable TLS session tickets + - mbedtls: Disable TLS session tickets + - mbedtls: Implement CTR-DRBG and HAVEGE random generators + - openssl: Don't use certificate after transferring ownership + - cmake: Support curl --xattr when built with cmake + - OS400: Fix symbols + - docs: Add more HTTPS proxy documentation + - docs: Use more HTTPS links + - cmdline-opts: Fixed build and test in out of source tree builds + - CHANGES.0: Removed + - schannel: Remove incorrect SNI disabled message + - darwinssl: Avoid parsing certificates when not in verbose mode + - test552: Fix typos + - telnet: Fix typos + - transfer: Only retry nobody-requests for HTTP + - http2: Reset push header counter fixes crash + - nss: Make FTPS work with --proxytunnel + - test1139: Added the --manual keyword since the manual is required + - polarssl, mbedtls: Fix detection of pending data + - http_proxy: Fix tiny memory leak upon edge case connecting to proxy + - URL: Only accept ";options" in SMTP/POP3/IMAP URL schemes + - curl.1: ftp.sunet.se is no longer an FTP mirror + - tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT + - http2: Fix memory-leak when denying push streams + - configure: Allow disabling pthreads, fall back on Win32 threads + - curl: Fix typo in time condition warning message + - axtls: Adapt to API changes + - tool_urlglob: Allow a glob range with the same start and stop + - winbuild: Add note on auto-detection of MACHINE in Makefile.vc + - http: Fix missing 'Content-Length: 0' while negotiating auth + - proxy: Fix hostname resolution and IDN conversion + - docs: Fix timeout handling in multi-uv example + - digest_sspi: Fix nonce-count generation in HTTP digest + - sftp: Improved checks for create dir failures + - smb: Use getpid replacement for windows UWP builds + - digest_sspi: Handle 'stale=TRUE' directive in HTTP digest + +* Fri Feb 10 2017 Paul Howarth <paul@city-fan.org> - 7.52.1-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Dec 23 2016 Paul Howarth <paul@city-fan.org> - 7.52.1-1.0.cf +- Update to 7.52.1 + - CVE-2016-9594: Uninitialized random + - lib557: Fix checksrc warnings + - lib: Fix MSVC compiler warnings + - lib557.c: Use a shorter MAXIMIZE representation + - tests: Run checksrc on debug builds + +* Wed Dec 21 2016 Paul Howarth <paul@city-fan.org> - 7.52.0-1.0.cf +- Update to 7.52.0 + - nss: Map CURL_SSLVERSION_DEFAULT to NSS default + - vtls: Support TLS 1.3 via CURL_SSLVERSION_TLSv1_3 + - curl: Introduce the --tlsv1.3 option to force TLS 1.3 + - curl: Add --retry-connrefused + - proxy: Support HTTPS proxy and SOCKS+HTTP(s) + - Add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %%{scheme} + - curl: Add --fail-early + - CVE-2016-9586: printf floating point buffer overflow + - CVE-2016-9952: Win CE schannel cert wildcard matches too much + - CVE-2016-9953: Win CE schannel cert name out of buffer read + - msvc: Removed a straggling reference to strequal.c + - winbuild: Remove strcase.obj from curl build + - examples: Bugfixed multi-uv.c + - configure: Verify that compiler groks -Werror=partial-availability + - mbedtls: Fix build with mbedtls versions < 2.4.0 + - dist: Add unit test CMakeLists.txt to the tarball + - curl -w: Added more decimal digits to timing counters + - easy: Initialize info variables on easy init and duphandle + - cmake: Disable poll for macOS + - http2: Don't send header fields prohibited by HTTP/2 spec + - ssh: Check md5 fingerprints case insensitively (regression) + - openssl: Initial TLS 1.3 adaptions + - curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept + - printf: Fix ".*f" handling + - examples/fileupload.c: fclose the file as well + - SPNEGO: Fix memory leak when authentication fails + - realloc: Use Curl_saferealloc to avoid common mistakes + - openssl: Make sure to fail in the unlikely event that PRNG seeding fails + - URL-parser: For file://[host]/ URLs, the [host] must be localhost + - timeval: Prefer time_t to hold seconds instead of long + - Curl_rand: Fixed and moved to rand.c + - glob: Fix [a-c] globbing regression + - darwinssl: Fix SSL client certificate not found on MacOS Sierra + - curl.1: Clarify --dump-header only writes received headers + - http2: Fix address sanitizer memcpy warning + - http2: Use huge HTTP/2 windows + - connects: Don't mix unix domain sockets with regular ones + - url: Fix conn reuse for local ports and interfaces + - x509: Limit ASN.1 structure sizes to 256K + - checksrc: Add more checks + - winbuild: Add config option ENABLE_NGHTTP2 + - http2: Check nghttp2_session_set_local_window_size exists + - http2: Fix crashes when parent stream gets aborted + - CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries + - URL parser: Reject non-numerical port numbers + - CONNECT: Reject TE or CL in 2xx responses + - CONNECT: Read responses one byte at a time + - curl: Support zero-length argument strings in config files + - openssl: Don't use OpenSSL's ERR_PACK + - curl.1: Generated with the new man page system + - curl_easy_recv: Improve documentation and example program + - Curl_getconnectinfo: Avoid checking if the connection is closed + - CIPHERS.md: Attempt to document TLS cipher names + +* Mon Nov 21 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-3.0.cf +- Map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 + (#1396719) + +* Tue Nov 15 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-2.0.cf +- Stricter host name checking for file:// URLs +- ssh: Check md5 fingerprints case insensitively + +* Wed Nov 2 2016 Paul Howarth <paul@city-fan.org> - 7.51.0-1.0.cf +- Update to 7.51.0 + - nss: Additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST + - New option: CURLOPT_KEEP_SENDING_ON_ERROR + - CVE-2016-8615: Cookie injection for other servers + - CVE-2016-8616: Case insensitive password comparison + - CVE-2016-8617: OOB write via unchecked multiplication + - CVE-2016-8618: Double-free in curl_maprintf + - CVE-2016-8619: Double-free in krb5 code + - CVE-2016-8620: glob parser write/read out of bounds + - CVE-2016-8621: curl_getdate read out of bounds + - CVE-2016-8622: URL unescape heap overflow via integer truncation + - CVE-2016-8623: Use-after-free via shared cookies + - CVE-2016-8624: Invalid URL parsing with '#' + - CVE-2016-8625: IDNA 2003 makes curl use wrong host + - openssl: Fix per-thread memory leak using 1.0.1 or 1.0.2 + - http: Accept "Transfer-Encoding: chunked" for HTTP/2 as well + - LICENSE-MIXING.md: Update with mbedTLS dual licensing + - examples/imap-append: Set size of data to be uploaded + - test2048: Fix url + - darwinssl: Disable RC4 cipher-suite support + - CURLOPT_PINNEDPUBLICKEY.3: Fix the AVAILABILITY formatting + - openssl: Don’t call CRYTPO_cleanup_all_ex_data + - libressl: Fix version output + - easy: Reset all statistical session info in curl_easy_reset + - curl_global_cleanup.3: Don't unload the lib with sub threads running + - dist: Add CurlSymbolHiding.cmake to the tarball + - docs: Remove that --proto is just used for initial retrieval + - configure: Fixed builds with libssh2 in a custom location + - curl.1: --trace supports %% for sending to stderr! + - cookies: Same domain handling changed to match browser behaviour + - formpost: Trying to attach a directory no longer crashes + - CURLOPT_DEBUGFUNCTION.3: Fixed unused argument warning + - formpost: Avoid silent snprintf() truncation + - ftp: Fix Curl_ftpsendf + - mprintf: Return error on too many arguments + - smb: Properly check incoming packet boundaries + - GIT-INFO: Remove the Mac 10.1-specific details + - resolve: Add error message when resolving using SIGALRM + - cmake: Add nghttp2 support + - dist: Remove PDF and HTML converted docs from the releases + - configure: Disable poll() in macOS builds + - vtls: Only re-use session-ids using the same scheme + - pipelining: Skip to-be-closed connections when pipelining + - win: Fix Universal Windows Platform build + - curl: Do not set CURLOPT_SSLENGINE to DEFAULT automatically + - maketgz: Make it support "only" generating version info + - Curl_socket_check: Add extra check to avoid integer overflow + - gopher: Properly return error for poll failures + - curl: Set INTERLEAVEDATA too + - polarssl: Clear thread array at init + - polarssl: Fix unaligned SSL session-id lock + - polarssl: Reduce #ifdef madness with a macro + - curl_multi_add_handle: Set timeouts in closure handles + - configure: Set min version flags for builds on mac + - INSTALL: Converted to markdown => INSTALL.md + - curl_multi_remove_handle: Fix a double-free + - multi: Fix infinite loop in curl_multi_cleanup() + - nss: Fix tight loop in non-blocking TLS handshake over proxy + - mk-ca-bundle: Change URL retrieval to HTTPS-only by default + - mbedtls: Stop using deprecated include file + - docs: Fix req->data in multi-uv example + - configure: Fix test syntax for monotonic clock_gettime + - CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 +- Use libidn2 from Fedora 25 onwards + +* Fri Oct 7 2016 Paul Howarth <paul@city-fan.org> - 7.50.3-2.0.cf +- Use the just-built version of libcurl while generating zsh completion + +* Wed Sep 14 2016 Paul Howarth <paul@city-fan.org> - 7.50.3-1.0.cf +- Update to 7.50.3 + - CVE-2016-7167: Escape and unescape integer overflows + - mk-ca-bundle.pl: Use SHA256 instead of SHA1 + - checksrc: Detect strtok() use + - errors: New alias CURLE_WEIRD_SERVER_REPLY + - http2: Support > 64bit sized uploads + - openssl: Fix bad memory free (regression) + - CMake: Hide private library symbols + - http: Refuse to pass on response body when NO_NODY was set + - cmake: Fix curl-config --static-libs + - mbedtls: Switch off NTLM in build if md4 isn't available + - curl: --create-dirs on Windows groks both forward and backward slashes + +* Wed Sep 7 2016 Paul Howarth <paul@city-fan.org> - 7.50.2-1.0.cf +- Update to 7.50.2 + - nss: Fix incorrect use of a previously loaded certificate from file + (CVE-2016-7141) + - nss: Work around race condition in PK11_FindSlotByName() + - mbedtls: Added support for NTLM + - SSH: Fixed SFTP/SCP transfer problems + - multi: Make Curl_expire() work with 0 ms timeouts + - mk-ca-bundle.pl: -m keeps ca cert meta data in output + - TFTP: Fix upload problem with piped input + - CURLOPT_TCP_NODELAY: now enabled by default + - mbedtls: Set verbose TLS debug when MBEDTLS_DEBUG is defined + - http2: Always wait for readable socket + - cmake: Enable win32 large file support by default + - cmake: Enable win32 threaded resolver by default + - winbuild: Avoid setting redundant CFLAGS to compile commands + - curl.h: Make CURL_NO_OLDIES define CURL_STRICTER + - docs: Make more markdown files use .md extension + - docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown + - winbuild: Allow changing C compiler via environment variable CC + - rtsp: Accept any RTSP session id + - HTTP: Retry failed HEAD requests on reused connections too + - configure: Add zlib search with pkg-config + - openssl: Accept subjectAltName iPAddress if no dNSName match + - MANUAL: Remove invalid link to LDAP documentation + - socks: Improved connection procedure + - proxy: Reject attempts to use unsupported proxy schemes + - proxy: Bring back use of "Proxy-Connection:" + - curl: Allow "pkcs11:" prefix for client certificates + - spnego_sspi: Fix memory leak in case *outlen is zero + - SOCKS: Improve verbose output of SOCKS5 connection sequence + - SOCKS: Display the hostname returned by the SOCKS5 proxy server + - http/sasl: Query authentication mechanism supported by SSPI before using + - sasl: Don't use GSSAPI authentication when domain name not specified + - win: Basic support for Universal Windows Platform apps + - ftp: Fix wrong poll on the secondary socket + - openssl: Build warning-free with 1.1.0 (again) + - HTTP: Stop parsing headers when switching to unknown protocols + - test219: Add http as a required feature + - TLS: random file/egd doesn't have to match for conn reuse + - schannel: Disable ALPN for Wine since it is causing problems + - http2: Make sure stream errors don't needlessly close the connection + - http2: Return CURLE_HTTP2_STREAM for unexpected stream close + - darwinssl: --cainfo is intended for backward compatibility only + - Speed caps: Not based on average speeds anymore + - configure: Make the cpp -P detection not clobber CPPFLAGS + - http2: Use named define instead of magic constant in read callback + - http2: Skip the content-length parsing, detect unknown size + - http2: Return EOF when done uploading without known size + - darwinssl: Test for errSecSuccess in PKCS12 import rather than noErr + - openssl: Fix CURLINFO_SSL_VERIFYRESULT +- Disable various ssh tests for F12..F15, which are failing for reasons unknown +- Build with c-ares rather than POSIX threaded DNS resolver for F12..F15, + which resolves some other test failures, and allows dropping of workaround + patch for old applications on F12 and F13 +- Update patches as needed + +* Fri Aug 26 2016 Paul Howarth <paul@city-fan.org> - 7.50.1-2.0.cf +- Work around race condition in PK11_FindSlotByName() +- Fix incorrect use of a previously loaded certificate from file + (related to CVE-2016-5420) + +* Wed Aug 3 2016 Paul Howarth <paul@city-fan.org> - 7.50.1-1.0.cf +- Update to 7.50.1 + - TLS: Switch off SSL session id when client cert is used (CVE-2016-5419) + - TLS: Only reuse connections with the same client cert (CVE-2016-5420) + - curl_multi_cleanup: Clear connection pointer for easy handles + (CVE-2016-5421) + - Include the CURLINFO_HTTP_VERSION(3) man page into the release tarball + - Include the http2-server.pl script in the release tarball + - test558: Fix test by stripping file paths from FD lines + - spnego: Corrected misplaced * in Curl_auth_spnego_cleanup() declaration + - tests: Fix for http/2 feature + - cmake: Fix for schannel support + - curl.h: Make public types void * again + - win32: Fix a potential memory leak in Curl_load_library + - travis: Fix OSX build by re-installing libtool + - mbedtls: Fix debug function name + +* Wed Jul 27 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-2.0.cf +- Use upstream fix for HTTP2 test confusion + +* Fri Jul 22 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-1.1.cf +- Fix confusion in test suite about whether or not HTTP2 support is available +- Use the default ports for the test suite; it's not robust enough to support + running under different ports + +* Thu Jul 21 2016 Paul Howarth <paul@city-fan.org> - 7.50.0-1.0.cf +- Update to 7.50.0 + - http: Add CURLINFO_HTTP_VERSION and %%{http_version} + - memdebug: Fix MSVC crash with -DMEMDEBUG_LOG_SYNC + - openssl: Fix build with OPENSSL_NO_COMP + - mbedtls: Removed unused variables + - cmake: Added missing mbedTLS support + - URL parser: Allow URLs to use one, two or three slashes + - curl: Fix -q [regression] + - openssl: Use correct buffer sizes for error messages + - curl: Fix SIGSEGV while parsing URL with too many globs + - schannel: Add CURLOPT_CERTINFO support + - vtls: Fix ssl session cache race condition + - http: Fix HTTP/2 connection reuse [regression] + - checksrc: Add LoadLibrary to the banned functions list + - schannel: Disable ALPN on Windows < 8.1 + - configure: Occasional ignorance of --enable-symbol-hiding with GCC + - http2: test17xx are the first real HTTP/2 tests + - resolve: Add support for IPv6 DNS64/NAT64 Networks on OS X + iOS + - curl_multi_socket_action.3: Rewording + - CURLOPT_POSTFIELDS.3: Clarify what happens when set empty + - cmake: Fix build with winldap + - openssl: Fix cert check with non-DNS name fields present + - curl.1: Mention the units for the progress meter + - openssl: Use more 'const' to fix build warnings with 1.1.0 branch + - cmake: Now using BUILD_TESTING=ON/OFF + - vtls: Only call add/getsession if session id is enabled + - headers: Forward declare CURL, CURLM and CURLSH as structs + - configure: Improve detection of CA bundle path on FreeBSD + - SFTP: Set a generic error when no SFTP one exists + - curl_global_init.3: Expand on the SSL and WIN32 bits purpose + - conn: Don't free easy handle data in handler->disconnect + - cookie.c: Fix misleading indentation + - library: Fix memory leaks found during static analysis + - CURLMOPT_SOCKETFUNCTION.3: Fix typo + - curl_global_init: Moved the "IPv6 works" check here + - connect: Disable TFO on Linux when using SSL + - vauth: Fixed memory leak due to function returning without free + - winbuild: Fix embedded manifest option +- Fix HTTPS and FTPS tests (work around stunnel bug #1358810) +- Require nss-pem because it is no longer included in the nss package + (#1347336) + +* Wed Jun 22 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-3.1.cf +- Add HTTP/2 protocol support for EL-6 and EL-7 builds too + +* Sun Jun 19 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-3.0.cf +- Use multilib-rpm-config to install arch-dependent header files + +* Fri Jun 3 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-2.0.cf +- Fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757) + +* Mon May 30 2016 Paul Howarth <paul@city-fan.org> - 7.49.1-1.0.cf +- Update to 7.49.1 + - Windows: prevent DLL hijacking, CVE-2016-4802 + - dist: Include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md + - schannel: Fix compile break with MSVC XP toolset + - curlbuild.h.dist: Check __LP64__ as well to fix MIPS build + - dist: Include curl_multi_socket_all.3 + - http2: Use HTTP/2 in the HTTP/1.1-alike response + - openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 + - CURLOPT_CONNECT_TO.3: User must not free the list prematurely + - libcurl.m4: Avoid obsolete warning + - winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity + - curl_multibyte: Fix compiler error + - openssl: Cleanup must free compression methods (memory leak) + - mbedtls: Fix includes so snprintf() works + - checksrc.pl: Added variants of strcat()/strncat() to banned function list + - contributors.sh: Better grep pattern and show GitHub username + - ssh: Fix build for libssh2 before 1.2.6 + - curl_share_setopt.3: Add min ver needed for ssl session lock + +* Fri May 20 2016 Paul Howarth <paul@city-fan.org> - 7.49.0-1.1.cf +- Manually install (and package) zsh completion +- Bundle upstream files needed so we can run tests 1139 and 1140 + +* Wed May 18 2016 Paul Howarth <paul@city-fan.org> - 7.49.0-1.0.cf +- Update to 7.49.0 + - schannel: Add ALPN support + - SSH: Support CURLINFO_FILETIME + - SSH: New CURLOPT_QUOTE command "statvfs" + - wolfssl: Add ALPN support + - http2: Added --http2-prior-knowledge + - http2: Added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE + - libcurl: Added CURLOPT_CONNECT_TO + - curl: Added --connect-to + - libcurl: Added CURLOPT_TCP_FASTOPEN + - curl: Added --tcp-fastopen + - curl: Remove support for --ftpport, -http-request and --socks + (deprecated versions since around 10 years) + - CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL + - checksrc.bat: Updated the help to be consistent with generate.bat + - checksrc.bat: Added support for scanning the tests and examples + - openssl: Fix ERR_remove_thread_state() for boringssl/libressl + - openssl: boringssl provides the same numbering as openssl + - multi: Fix "Operation timed out after" timer + - url: Don't use bad offset in tld_check_name to show error + - sshserver.pl: Use quotes for given options + - Makefile.am: Skip the scripts dir + - curl: Warn for --capath use if not supported by libcurl + - http2: Fix connection reuse + - GSS: Make Curl_gss_log_error more verbose + - build-wolfssl: Allow a broader range of ciphers (Visual Studio) + - wolfssl: Use ECC supported curves extension + - openssl: Fix compilation warnings + - Curl_add_buffer_send: Avoid possible NULL dereference + - SOCKS5_gssapi_negotiate: Don't assume little-endian ints + - strerror: Don't bit shift a signed integer + - url: Corrected get protocol family for FTP and LDAP + - curl/mprintf.h: Remove support for _MPRINTF_REPLACE + - upload: Missing rewind call could make libcurl hang + - IMAP: Check pointer before dereferencing it + - build: Changed the Visual Studio projects warning level from 3 to 4 + - checksrc: Now stricter, wider checks, code cleaned up + - checksrc: Added docs/CHECKSRC.md + - curl_sasl: Fixed potential null pointer utilisation + - krb5: Fixed missing client response when mutual authentication enabled + - krb5: Only process challenge when present + - krb5: Only generate a SPN when its not known + - formdata: Use appropriate fopen() macros + - curl.1: -w filename_effective was introduced in 7.26.0 + - http2: Make use of the nghttp2 error callback + - http2: Fix connection reuse when PING comes after last DATA + - curl.1: Change example for -F + - HTTP2: Add a space character after the status code + - curl.1: Use example.com more + - mbedtls.c: Changed private prefix to mbed_ + - mbedtls: Implement and provide *_data_pending() to avoid hang + - mbedtls: Fix MBEDTLS_DEBUG builds + - ftp/imap/pop3/smtp: Allow the service name to be overridden + - CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME + - build: Include scripts/ in the dist + - http2: Add handling stream level error + - http2: Improve header parsing + - makefile.vc6: Use d suffix on debug object + - configure: Remove check for libresolve + - scripts/make: Use $(EXEEXT) for executables + - checksrc: Got rid of the whitelist files + - sendf: Added ability to call recv() before send() as workaround + - NTLM: Check for NULL pointer before dereferencing + - openssl: Builds with OpenSSL 1.1.0-pre5 + - configure: ac_cv_ -> curl_cv_ for all cached vars + - winbuild: Add mbedtls support + - curl: Make --ftp-create-dirs retry on failure + - PolarSSL: Implement public key pinning + - multi: Accidentally used resolved host name instead of proxy + - CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0 + - CONNECT_ONLY: Don't close connection on GSS 401/407 reponses + - opts: Fix some syntax errors in example code fragments + - mbedtls: Fix session resume + - test1139: Verifies libcurl option man page presence + - CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability + - curl: Make --disable work as long form of -q + - curl: Use --telnet-option as documented + - curl.1: Document --ftp-ssl-reqd, --krb4 and --ntlm-wb + - curl: -h output lacked --proxy-header and --ntlm-wb + - curl -J: Make it work even without http:// scheme on URL + - lib: Include curl_printf.h as one of the last headers + - tests: Handle path properly on Msys/Cygwin + - curl.1: --mail-rcpt can be used multiple times + - CURLOPT_ACCEPT_ENCODING.3: Clarified + - docs: Fixed lots of broken man page references + - tls: Make setting pinnedkey option fail if not supported + - test1140: Run nroff-scan to verify man pages + - http: Make sure a blank header overrides accept_decoding + - connections: Do not reuse non-HTTP proxies on different ports + - connect: Fix invalid "Network is unreachable" errors + - TLS: Move the ALPN/NPN enable bits to the connection + - TLS: SSL_peek is not a const operation + - http2: Add space between colon and header value + - darwinssl: Fix certificate verification disable on OS X 10.8 + - mprintf: Fix processing of width and prec args + - ftp wildcard: segfault due to init only in multi_perform +- Update zsh completion patch +- Disable tests 1139 and 1140, which fail due to files missing from tarball +- Upstream not building/installing zsh completion script any longer + +* Wed Mar 23 2016 Paul Howarth <paul@city-fan.org> - 7.48.0-1.0.cf +- Update to 7.48.0 + - configure: --with-ca-fallback: Use built-in TLS CA fallback + - TFTP: Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS + - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION + - Added CODE_STYLE.md + - Proxy-Connection: Stop sending this header by default + - os400: Sync ILE/RPG definitions with latest public header files + - cookies: Allow spaces in cookie names, cut off trailing spaces + - tool_urlglob: Allow reserved dos device names (Windows) + - openssl: Remove most BoringSSL #ifdefs + - tool_doswin: Support for literal path prefix \\?\ + - mbedtls: Fix ALPN usage segfault + - mbedtls: Fix memory leak when destroying SSL connection data + - nss: Do not count enabled cipher-suites + - examples/cookie_interface.c: Add cleanup call + - examples: Adhere to curl code style + - curlx_tvdiff: Handle 32bit time_t overflows + - dist: Ship buildconf.bat too + - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts + - generate.bat: Fix comment bug by removing old comments + - test1604: Add to Makefile.inc so it gets run + - gtls: Fix for builds lacking encrypted key file support + - SCP: Use libssh2_scp_recv2 to support > 2GB files on windows + - CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option + - cookie: Do not refuse cookies to localhost + - openssl: Avoid direct PKEY access with OpenSSL 1.1.0 + - http: Don't break the header into chunks if HTTP/2 + - http2: Don't decompress gzip decoding automatically + - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function + - curl.1: Add a missing dash + - curl.1: HTTP headers for --cookie must be Set-Cookie style + - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style + - curl_sasl: Fix memory leak in digest parser + - src/Makefile.m32: Add CURL_{LD,C}FLAGS_EXTRAS support + - CURLOPT_DEBUGFUNCTION.3: Fix example + - runtests: Fixed usage of %%PWD on MinGW64 + - tests/sshserver.pl: Use RSA instead of DSA for host auth + - multi_remove_handle: Keep the timeout list until after disconnect + - Curl_read: Check for activated HTTP/1 pipelining, not only requested + - configure: Warn on invalid ca bundle or path + - file: Try reading from files with no size + - getinfo: Add support for mbedTLS TLS session info + - formpost: Fix memory leaks in AddFormData error branches + - makefile.m32: Allow to pass .dll/.exe-specific LDFLAGS + - url: If Curl_done is premature then pipeline not in use + - cookie: Remove redundant check + - cookie: Don't expire session cookies in remove_expired + - makefile.m32: Fix to allow -ssh2-winssl combination + - checksrc.bat: Fixed cannot find perl if installed but not in path + - build-openssl.bat: Fixed cannot find perl if installed but not in path + - mbedtls: Fix user-specified SSL protocol version + - makefile.m32: Add missing libs for static -winssl-ssh2 builds + - test46: Change cookie expiry date + - pipeline: Sanity check pipeline pointer before accessing it + - openssl: Use the correct OpenSSL/BoringSSL/LibreSSL in messages + - ftp_done: Clear tunnel_state when secondary socket closes + - opt-docs: Fix heading macros + - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused + - curl_multi_wait: Never return -1 in 'numfds' + - url.c: Fix clang warning: no newline at end of file + - krb5: Improved type handling to avoid clang compiler warnings + - cookies: First n/v pair in Set-Cookie: is the cookie, then parameters + - multi: Avoid blocking during CURLM_STATE_WAITPROXYCONNECT + - multi hash: Ensure modulo performed on curl_socket_t + - curl: glob_range: No need to check unsigned variable for negative + - easy: Add check to malloc() when running event-based + - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support + - version: Thread safety + - openssl: verbose: Show matching SAN pattern + - openssl: Adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state() + - formdata.c: Fixed compilation warning + - configure: Use cpp -P when needed + - imap.c: Fixed compilation warning with /Wall enabled + - config-w32.h: Fixed compilation warning when /Wall enabled + - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled + - build: Added missing Visual Studio filter files for VC10 onwards + - easy: Remove poll failure check in easy_transfer + - mbedtls: Fix compiler warning + - build-wolfssl: Update VS properties for wolfSSL v3.9.0 + - Fixed various compilation warnings when verbose strings disabled +- Update patches as needed + +* Thu Mar 3 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-4.0.cf +- Do not refuse cookies for localhost (#1308791) + +* Wed Feb 17 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-3.0.cf +- Make SCP and SFTP test-cases work with recent OpenSSH versions that don't + support DSA keys + +* Thu Feb 11 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-2.0.cf +- Enable support for Public Suffix List where possible (#1305701) + +* Mon Feb 8 2016 Paul Howarth <paul@city-fan.org> - 7.47.1-1.0.cf +- Update to 7.47.1 + - getredirect.c: Fix variable name + - tool_doswin: Silence unused function warning + - cmake: Fixed when OpenSSL enabled on Windows and schannel detected + - curl.1: Explain remote-name behavior if file already exists + - tool_operate: Don't sanitize --output path (Windows) + - URLs: Change all http:// URLs to https:// in documentation & comments + - sasl_sspi: Fix memory leak in domain populate + - COPYING: Clarify that Daniel is not the sole author + - examples/htmltitle: Use _stricmp on Windows + - examples/asiohiper: Avoid function name collision on Windows + - idn_win32: Better error checking + - openssl: Fix signed/unsigned mismatch warning in X509V3_ext + - curl save files: Check for backslashes on cygwin +- Update patches as needed + +* Thu Feb 4 2016 Paul Howarth <paul@city-fan.org> - 7.47.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Paul Howarth <paul@city-fan.org> - 7.47.0-1.0.cf +- Update to 7.47.0 + - version: Add flag CURL_VERSION_PSL for libpsl + - http: Added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only + - curl: Use 2TLS by default + - curl --expect100-timeout: added + - Add .dir-locals and set c-basic-offset to 2 (for emacs) + - curl: Avoid local drive traversal when saving file on Windows + (CVE-2016-0754) + - NTLM: Do not resuse proxy connections without diff proxy credentials + (CVE-2016-0755) + - tests: Disable the OAUTHBEARER tests when using a non-default port number + - curl: Remove keepalive #ifdef checks done on libcurl's behalf + - formdata: Check if length is too large for memory + - lwip: Fix compatibility issues with later versions + - openssl: BoringSSL doesn't have CONF_modules_free + - config-win32: Fix warning HAVE_WINSOCK2_H undefined + - build: Fix compilation error with CURL_DISABLE_VERBOSE_STRINGS + - http2: Fix hanging paused stream + - scripts/Makefile: Fix GNUism and survive no perl + - openssl: Adapt to 1.1.0+ name changes + - openssl: Adapt to openssl ≥ 1.1.0 X509 opaque structs + - HTTP2.md: Spell fix and remove TODO now implemented + - setstropt: const-correctness + - cyassl: Fix compiler warning on type conversion + - gskit: Fix host subject altname verification + - http2: Support trailer fields + - wolfssl: Handle builds without SSLv3 support + - cyassl: Deal with lack of *get_peer_certificate + - sockfilt: Do not wait on unreliable file or pipe handle + - make: Build zsh script even in an out-of-tree build + - test 1326: Fix getting stuck on Windows + - test 87: Fix file check on Windows + - configure: Allow static builds on mingw + - configure: Detect IPv6 support on Windows + - ConnectionExists: With *PIPEWAIT, wait for connections + - Makefile.inc: s/curl_SOURCES/CURL_FILES + - test 16: Fixed for Windows + - test 252-255: Use datacheck mode text for ASCII-mode LISTings + - tftpd server: Add Windows support by writing files in binary mode + - ftplistparser: Fix handling of file LISTings using Windows EOL + - tests first.c: Fix calculation of sleep timeout on Windows + - tests (several): Use datacheck mode text for ASCII-mode LISTings + - CURLOPT_RANGE.3: For HTTP servers, range support is optional + - test 1515: Add MSYS support by passing a relative path + - curl_global_init.3: Add Windows-specific info for init via DLL + - http2: Fix client write for trailers on stream close + - mbedtls: Fix ALPN support + - connection reuse: IDN host names fixed + - http2: Fix PUSH_PROMISE headers being treated as trailers + - http2: Handle the received SETTINGS frame + - http2: Ensure that http2_handle_stream_close is called + - mbedtls: Implement CURLOPT_PINNEDPUBLICKEY + - runtests: Add mbedTLS to the SSL backends + - IDN host names: Remove the port number before converting to ACE + - zsh.pl: Fail if no curl is found + - scripts: Fix zsh completion generation + - scripts: Don't generate and install zsh completion when cross-compiling + - lib: Prefix URLs with lower-case protocol names/schemes + - ConnectionExists: Only do pipelining/multiplexing when asked + - configure: Assume IPv6 works when cross-compiled + - openssl: For 1.1.0+ they now provide a SSLeay() macro of their own + - openssl: Improved error detection/reporting + - ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again + - mbedtls: Fix pinned key return value on fail + - maketgz: Generate date stamp with LC_TIME=C +- Re-enable previously-disabled tests +- Fix FTBFS when building curl dynamically with no libcurl.so.4 in system + +* Fri Dec 4 2015 Paul Howarth <paul@city-fan.org> - 7.46.0-2.0.cf +- Rebuild for #1288529 + +* Wed Dec 2 2015 Paul Howarth <paul@city-fan.org> - 7.46.0-1.0.cf +- Update to 7.46.0 + - configure: build silently by default + - cookies: Add support for Public Suffix List with libpsl + - vtls: Added support for mbedTLS + - Added CURLOPT_STREAM_DEPENDS + - Added CURLOPT_STREAM_DEPENDS_E + - Added CURLOPT_STREAM_WEIGHT + - Added CURLFORM_CONTENTLEN + - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP + - des: Fix header conditional for Curl_des_set_odd_parity + - ntlm: Get rid of unconditional use of long long + - CURLOPT_CERTINFO.3: Fix reference to CURLINFO_CERTINFO + - docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET + - http2: Fix http2_recv to return -1 if recv returned -1 + - curl_global_init_mem: Set function pointers before doing init + - ntlm: Error out without 64bit support as the code needs it + - openssl: Fix set up of pkcs12 certificate verification chain + - acinclude: Remove PKGCONFIG override + - test1531: case the size to fix the test on non-largefile builds + - fread_func: Move callback pointer from set to state struct + - test1601: Fix compilation with --enable-debug and --disable-crypto-auth + - http2: Don't pass uninitialized name+len pairs to nghttp2_submit_request + - curlbuild.h: Fix non-configure compiling to mips and sh4 targets + - tool: Generate easysrc with last cache linked-list + - cmake: Fix for add_subdirectory(curl) use-case + - vtls: Fix compiler warning for TLS backends without sha256 + - build: Fix for MSDOS/djgpp + - checksrc: Add crude // detection + - http2: on_frame_recv: Trust the conn/data input + - ftp: Allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size + - polarssl/mbedtls: Fix name space pollution + - build: Fix mingw ssl gdi32 order + - build: Fix support for PKG_CONFIG + - MacOSX-Framework: sdk regex fix for sdk 10.10 and later + - socks: Fix incorrect port numbers in failed connect messages + - curl.1: -E: s/private certificate/client certificate/ + - curl.h: s/HTTPPOST_/CURL_HTTPOST_/ + - curl_formadd: Support >2GB files on windows + - http redirects: %%-encode bytes outside of ascii range + - rawstr: Speed up Curl_raw_toupper by 40%% + - curl_ntlm_core: Fix 2 curl_off_t constant overflows + - getinfo: CURLINFO_ACTIVESOCKET: Fix bad socket value + - tftp tests: Verify sent options too + - imap: Don't call imap_atom() when no mailbox specified in LIST command + - imap: Fixed double quote in LIST command when mailbox contains spaces + - imap: Don't check for continuation when executing a CUSTOMREQUEST + - acinclude: Remove check for 16-bit curl_off_t + - BoringSSL: Work with stricter BIO_get_mem_data() + - cmake: Add missing feature macros in config header + - sasl_sspi: Fixed unicode build for digest authentication + - sasl_sspi: Fix identity memory leak in digest authentication + - unit1602: Fixed failure in torture test + - unit1603: Added unit tests for hash functions + - vtls/openssl: Remove unused traces of yassl ifdefs + - openssl: Remove #ifdefs for < 0.9.7 support + - typecheck-gcc.h: Add some missing options + - curl: Mark two more options strings for --libcurl output + - openssl: Free modules on cleanup + - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header + - getconnectinfo: Don't call recv(2) if socket == -1 + - http2: http_done: Don't free already-freed push headers + - zsh completion: Preserve single quotes in output + - os400: Provide options for libssh2 use in compile scripts + - build: Fix theoretical infinite loops + - pop3: Differentiate between success and continuation responses + - examples: Fixed compilation warnings + - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available + - CURLOPT_HEADERFUNCTION.3: fix typo + - curl: Expanded the -XHEAD warning text + - done: Make sure the final progress update is made + - build: Install zsh completion + - RTSP: Do not add if-modified-since without timecondition + - curl: Fixed display of URL index in password prompt for --next + - nonblock: Fix setting non-blocking mode for Amiga + - http2 push: Add missing inits of new stream + - http2: Convert some verbose output into debug-only output + - Curl_read_plain: clean up ifdefs that break statements +- Explicitly turn off silent building so we can see the compiler flags used +- Disable OAUTHBEARER tests since they don't work with custom test ports + +* Wed Oct 7 2015 Paul Howarth <paul@city-fan.org> - 7.45.0-1.0.cf +- Update to 7.45.0 + - Added CURLOPT_DEFAULT_PROTOCOL + - Added new tool option --proto-default + - getinfo: Added CURLINFO_ACTIVESOCKET + - Turned CURLINFO_* option docs as stand-alone man pages + - curl: Point out unnecessary uses of -X in verbose mode + - curl_global_init_mem.3: Stronger thread safety warning + - buildconf.bat: Fixed issues when ran in directories with special chars + - cmake: Fix CurlTests check for gethostbyname_r with 5 arguments + - generate.bat: Fixed issues when ran in directories with special chars + - generate.bat: Only call buildconf.bat if it exists + - generate.bat: Added support for generating only the prerequisite files + - curl.1: Document weaknesses in SSLv2 and SSLv3 + - CURLOPT_HTTP_VERSION.3: Connection re-use goes before version + - docs: Update the redirect protocols disabled by default + - inet_pton.c: Fix MSVC run-time check failure + - CURLMOPT_PUSHFUNCTION.3: Fix argument types + - rtsp: Support basic/digest authentication + - rtsp: Stop reading empty DESCRIBE responses + - travis: Upgrading to container based build + - travis.yml: Add OS X testbot + - FTP: Make state machine not get stuck in state + - openssl: Handle lack of server cert when strict checking disabled + - configure: Change functions to detect openssl (clones) + - configure: Detect latest boringssl + - runtests: Allow for spaces in server-verify curl custom path + - http2: on_frame_recv: Get a proper 'conn' for the debug logging + - ntlm: Mark deliberate switch case fall-through + - http2: Remove dead code + - curl_easy_{escape,unescape}.3: "char *" vs. "const char *" + - curl: Point out the conflicting HTTP methods if used + - cmake: Added Windows SSL support + - curl_easy_{escape,setopt}.3: Fix example + - curl_easy_escape.3: Escape '\n' + - libcurl.m4: Put braces around empty if body + - buildconf.bat: Fixed double blank line in 'curl manual' warning output + - sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled + - inet_pton.c: Fix MSVC run-time check failure + - CURLOPT_FOLLOWLOCATION.3: Mention methods for redirects + - http2: Don't pass on Connection: headers + - nss: Do not directly access SSL_ImplementedCiphers + - docs: Numerous cleanups and spelling fixes + - FTP: do_more: Add check for wait_data_conn in upload case + - parse_proxy: Reject illegal port numbers + - cmake: IPv6 : Disable Unix header check on Windows platform + - winbuild: Run buildconf.bat if necessary + - buildconf.bat: Fix syntax error + - curl_sspi: Fix possibly undefined CRYPT_E_REVOKED + - nss: Prevent NSS from incorrectly re-using a session + - libcurl-errors.3: Add two missing error codes + - openssl: Fix build with < 0.9.8 + - openssl: Refactor certificate parsing to use OpenSSL memory BIO + - openldap: Only part of LDAP query results received + - ssl: Add server cert's "sha256//" hash to verbose + - NTLM: Reset auth-done when using a fresh connection + - curl: Generate easysrc only on --libcurl + - tests: Disable 1801 until fixed + - CURLINFO_TLS_SESSION: Always return backend info + - gnutls: Support CURLOPT_KEYPASSWD + - gnutls: Report actual GnuTLS error message for certificate errors + - tests: Disable 1510 due to CI-problems on github + - cmake: Put "winsock2.h" before "windows.h" during configure checks + - cmake: Ensure discovered include dirs are considered + - configure: Add missing ')' for CURL_CHECK_OPTION_RT + - build: Fix failures with -Wcast-align and -Werror + - FTP: Fix uploading ASCII with unknown size + - readwrite_data: Set a max number of loops + - http2: Avoid superfluous Curl_expire() calls + - http2: Set TCP_NODELAY unconditionally + - docs: Fix unescaped '\n' in man pages + - openssl: Fix algorithm init to make (gost) engines work + - win32: Make recent Borland compilers use long long + - runtests: Fix pid check in checkdied + - gopher: Don't send NUL byte + - tool_setopt: Fix c_escape truncated octal + - hiperfifo: Fix the pointer passed to WRITEDATA + - getinfo: Fix return code for unknown CURLINFO options + +* Fri Sep 18 2015 Paul Howarth <paul@city-fan.org> - 7.44.0-2.0.cf +- Prevent NSS from incorrectly re-using a session (#1104597) + +* Wed Aug 12 2015 Paul Howarth <paul@city-fan.org> - 7.44.0-1.0.cf +- Update to 7.44.0 + - http2: Added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA + - examples: Added http2-serverpush.c + - http2: Added curl_pushheader_byname() and curl_pushheader_bynum() + - docs: Added CODE_OF_CONDUCT.md + - curl: Add --ssl-no-revoke to disable certificate revocation checks + - libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS + - makefile: Added support for VC14 + - build: Added Visual Studio 2015 (VC14) project files + - build: Added wolfSSL configurations to VC10+ project files + - FTP: Fix HTTP CONNECT logic regression + - openssl: Fix build with openssl < ~ 0.9.8f + - openssl: Fix build with BoringSSL + - curl_easy_setopt.3: Option order doesn't matter + - openssl: Fix use of uninitialized buffer + - RTSP: Removed dead code + - Makefile.m32: Add support for CURL_LDFLAG_EXTRAS + - curl: Always provide negotiate/kerberos options + - cookie: Fix bug in export if any-domain cookie is present + - curl_easy_setopt.3: Mention CURLOPT_PIPEWAIT + - INSTALL: Advise use of non-native SSL for Windows <= XP + - tool_help: Fix --tlsv1 help text to use >= for TLSv1 + - HTTP: POSTFIELDSIZE set after added to multi handle + - SSL-PROBLEMS: Mention WinSSL problems in WinXP + - setup-vms.h: Symbol case fixups + - SSL: Pinned public key hash support + - libtest: Call PR_Cleanup() on exit if NSPR is used + - ntlm_wb: Fix theoretical memory leak + - runtests: Allow for spaces in curl custom path + - http2: Add stream != NULL checks for reliability + - schannel: Replace deprecated GetVersion with VerifyVersionInfo + - http2: Verify success of strchr() in http2_send() + - configure: Add --disable-rt option + - openssl: Work around MSVC warning + - HTTP: Ignore "Content-Encoding: compress" + - configure: Check if OpenSSL linking wants -ldl + - build-openssl.bat: Show syntax if required args are missing + - test1902: Attempt to make the test more reliable + - libcurl-thread.3: Consolidate thread safety info + - maketgz: Fixed some VC makefiles missing from the release tarball + - libcurl-multi.3: Mention curl_multi_wait + - ABI doc: Use secure URL + - http: Move HTTP/2 cleanup code off http_disconnect() + - libcurl-thread.3: Warn memory functions must be thread safe + - curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs + - docs: formpost needs the full size at start of upload + - curl_gssapi: Remove 'const' to fix compiler warnings + - SSH: Three state machine fixups + - libcurl.3: Fix a single typo + - generate.bat: Only clean prerequisite files when in ALL mode + - curl_slist_append.3: Add error checking to the example + - buildconf.bat: Added support for file clean-up via -clean + - generate.bat: Use buildconf.bat for prerequisite file clean-up + - NTLM: Handle auth for only a single request + - curl_multi_remove_handle.3: Fix formatting + - checksrc.bat: Fixed error when [directory] isn't a curl source directory + - checksrc.bat: Fixed error when missing *.c and *.h files + - CURLOPT_RESOLVE.3: Note removal support was added in 7.42 + - test46: Update cookie expire time + - SFTP: Fix range request off-by-one in size check + - CMake: Fix GSSAPI builds + - build: Refer to fixed libidn versions + - http2: Discard frames with no SessionHandle + - curl_easy_recv.3: Fix formatting + - libcurl-tutorial.3: Fix formatting + - curl_formget.3: Correct return code + +* Thu Jul 30 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-3.0.cf +- Prevent dnf from crashing when using both FTP and HTTP (#1248389) +- Add HTTP/2 protocol support for Fedora 23 too + +* Sat Jul 18 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-2.0.cf +- Build support for the HTTP/2 protocol (Fedora 24 onwards) + +* Wed Jun 17 2015 Paul Howarth <paul@city-fan.org> - 7.43.0-1.0.cf +- Update to 7.43.0 + - CVE-2015-3236: Lingering HTTP credentials in connection re-use + - CVE-2015-3237: SMB send off unrelated memory contents + - Added CURLOPT_PROXY_SERVICE_NAME + - Added CURLOPT_SERVICE_NAME + - New curl option: --proxy-service-name + - New curl option: --service-name + - New curl option: --data-raw + - Added CURLOPT_PIPEWAIT + - Added support for multiplexing transfers using HTTP/2, enable this + with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING + - HTTP/2: Requires nghttp2 1.0.0 or later + - scripts: Add zsh.pl for generating zsh completion + - curl.h: Add CURL_HTTP_VERSION_2 + - nss: Fix compilation failure with old versions of NSS + - curl_easy_getinfo.3: Document 'internals' in CURLINFO_TLS_SESSION + - schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error + - Curl_ossl_init: Load built-in modules + - configure: Follow-up fix for krb5-config + - sasl_sspi: Populate domain from the realm in the challenge + - netrc: Support 'default' token + - README: Convert to UTF-8 + - cyassl: Implement public key pinning + - nss: Implement public key pinning for NSS backend + - mingw build: Add arch -m32/-m64 to LDFLAGS + - schannel: Fix out of bounds array + - configure: Remove autogenerated files by autoconf + - configure: Remove --automake from libtoolize call + - acinclude.m4: Fix shell test for default CA cert bundle/path + - schannel: Fix regression in schannel_recv + - openssl: Skip trace outputs for ssl_ver == 0 + - gnutls: Properly retrieve certificate status + - netrc: Read in text mode when cygwin + - winbuild: Document the option used to statically link the CRT + - FTP: Make EPSV use the control IP address rather than the original host + - FTP: fIx dangling conn->ip_addr dereference on verbose EPSV + - conncache: Keep bundles on host+port bases, not only host names + - runtests.pl: Use 'h2c' now, no -14 anymore + - curlver: Introducing new version number (checking) macros + - openssl: boringssl build breakage, use SSL_CTX_set_msg_callback + - CURLOPT_POSTFIELDS.3: Correct variable names + - curl_easy_unescape.3: Update RFC reference + - gnutls: Don't fail on non-fatal alerts during handshake + - testcurl.pl: Allow source to be in an arbitrary directory + - CURLOPT_HTTPPROXYTUNNEL.3: Only works with a HTTP proxy + - SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description + - parse_proxy: Switch off tunneling if non-HTTP proxy + - share_init: Fix OOM crash + - perl: Remove subdir, not touched in 9 years + - CURLOPT_COOKIELIST.3: Add example + - CURLOPT_COOKIE.3: Explain that the cookies won't be modified + - CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain + - FAQ: How do I port libcurl to my OS? + - openssl: Use TLS_client_method for OpenSSL 1.1.0+ + - HTTP-NTLM: Fail auth on connection close instead of looping + - curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT + - curl_getdate.3: Update RFC reference + - curl_multi_info_read.3: Added example + - curl_multi_perform.3: Added example + - curl_multi_timeout.3: Added example + - cookie: Stop exporting any-domain cookies + - openssl: Remove dummy callback use from SSL_CTX_set_verify() + - openssl: Remove SSL_get_session()-using code + - openssl: Removed USERDATA_IN_PWD_CALLBACK kludge + - openssl: Removed error string #ifdef + - openssl: Fix verification of server-sent legacy intermediates + - docs: man page indentation and syntax fixes + - docs: Spelling fixes + - fopen.c: Fix a few compiler warnings + - CURLOPT_OPENSOCKETFUNCTION: Return error at once + - schannel: Add support for optional client certificates + - build: Properly detect OpenSSL 1.0.2 when using configure + - urldata: Store POST size in state.infilesize too + - security: choose_mech: Remove dead code + - rtsp_do: Remove dead code + - docs: Many HTTP URIs changed to HTTPS + - schannel: schannel_recv overhaul +- Fix build for old openssl versions without SSL3_MT_NEWSESSION_TICKET + +* Sat Jun 6 2015 Paul Howarth <paul@city-fan.org> - 7.42.1-2.0.cf +- curl-config --libs now works on x86_64 without libcurl-devel.x86_64 + (#1228363) + +* Wed Apr 29 2015 Paul Howarth <paul@city-fan.org> - 7.42.1-1.0.cf +- Update to 7.42.1 + - CURLOPT_HEADEROPT: default to separate (CVE-2015-3153) + - dist: include {src,lib}/checksrc.whitelist + - connectionexists: fix build without NTLM + - docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too + - curl -z: do not write empty file on unmet condition + - openssl: fix serial number output + - curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION + - sws: init http2 state properly + - curl.1: fix typo + +* Wed Apr 22 2015 Paul Howarth <paul@city-fan.org> - 7.42.0-1.1.cf +- Implement public key pinning for NSS backend (#1195771) +- Do not run flaky test-cases in %%check + +* Wed Apr 22 2015 Paul Howarth <paul@city-fan.org> - 7.42.0-1.0.cf +- Update to 7.42.0 + - openssl: Show the cipher selection to use in verbose text + - gtls: Implement CURLOPT_CERTINFO + - Add CURLOPT_SSL_FALSESTART option (darwinssl and NSS) + - curl: Add --false-start option + - Add CURLOPT_PATH_AS_IS + - curl: Add --path-as-is option + - curl: Create output file on successful download of an empty file + - ConnectionExists: For NTLM re-use, require credentials to match + (CVE-2015-3143) + - Cookie: Cookie parser out of boundary memory access (CVE-2015-3145) + - fix_hostname: Zero length host name caused -1 index offset (CVE-2015-3144) + - http_done: Close Negotiate connections when done (CVE-2015-3148) + - sws: Timeout idle CONNECT connections + - nss: Improve error handling in Curl_nss_random() + - nss: Do not skip Curl_nss_seed() if data is NULL + - curl-config.in: Eliminate double quotes around CURL_CA_BUNDLE + - http2: Move lots of verbose output to be debug-only + - dist: Add extern-scan.pl to the tarball + - http2: Return recv error on unexpected EOF + - build: Use default RandomizedBaseAddress directive in VC9+ project files + - build: Removed DataExecutionPrevention directive from VC9+ project files + - tool: Updated the warnf() function to use the GlobalConfig structure + - http2: Return error if stream was closed with other than NO_ERROR + - mprintf.h: Remove #ifdef CURLDEBUG + - libtest: Fixed linker errors on msvc + - tool: Use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE + - curl.1: Fix "The the" typo + - cmake: Handle build definitions CURLDEBUG/DEBUGBUILD + - openssl: Remove all uses of USE_SSLEAY + - multi: Fix memory-leak on timeout (regression) + - curl_easy_setopt.3: Added CURLOPT_SSL_VERIFYSTATUS + - metalink: Add some error checks + - TLS: Make it possible to enable ALPN/NPN without HTTP/2 + - http2: Use CURL_HTTP_VERSION_* symbols instead of NPN_* + - conncontrol: Only log changes to the connection bit + - multi: Fix *getsock() with CONNECT + - symbols.pl: Handle '-' in the deprecated field + - MacOSX-Framework: Use @rpath instead of @executable_path + - GnuTLS: Add support for CURLOPT_CAPATH + - GnuTLS: Print negotiated TLS version and full cipher suite name + - GnuTLS: Don't print double newline after certificate dates + - memanalyze.pl: Handle free(NULL) + - proxy: Re-use proxy connections (regression) + - mk-ca-bundle: Don't report SHA1 numbers with "-q" + - http: Always send Host: header as first header + - openssl: Sort ciphers to use based on strength + - openssl: Use colons properly in the ciphers list + - http2: Detect premature close without data transferred + - hostip: Fix signal race in Curl_resolv_timeout + - closesocket: Call multi socket cb on close even with custom close + - mksymbolsmanpage.pl: Use std header and generate better nroff header + - connect: Fix happy eyeballs logic for IPv4-only builds + - curl_easy_perform.3: Remove superfluous close brace from example + - HTTP: Don't use Expect: headers when on HTTP/2 + - Curl_sh_entry: Remove unused 'timestamp' + - docs/libcurl: Makefile portability fix + - mkhelp: Remove trailing carriage return from every line of input + - nss: Explicitly tell NSS to disable NPN/ALPN when libcurl disables it + - curl_easy_setopt.3: Added a few missing options + - metalink: Fix resource leak in OOM + - axtls: Version 1.5.2 now requires that config.h be manually included + - HTTP: Don't switch to HTTP/2 from 1.1 until we get the 101 + - cyassl: Detect the library as renamed wolfssl + - CURLOPT_HTTPHEADER.3: Add a "SECURITY CONCERNS" section + - CURLOPT_URL.3: Added "SECURITY CONCERNS" + - openssl: Try to avoid accessing OCSP structs when possible + - test938: Added missing closing tags + - testcurl: Allow '=' in values given on command line + - tests/certs: Added make target to rebuild certificates + - tests/certs: Rebuild certificates with modified key usage bits + - gtls: Avoid uninitialized variable + - gtls: Dereferencing NULL pointer + - gtls: Add check of return code + - test1513: Eliminated race condition in test run + - dict: Rename byte to avoid compiler shadowed declaration warning + - curl_easy_recv/send: Make them work with the multi interface + - vtls: Fix compile with --disable-crypto-auth but with SSL + - openssl: Adapt to ASN1/X509 things gone opaque in 1.1 + - openssl: verifystatus: Only use the OCSP work-around <= 1.0.2a + - curl_memory: Make curl_memory.h the second-last header file loaded + - testcurl.pl: Add the --notes option to supply more info about a build + - cyassl: If wolfSSL then identify as such in version string + - cyassl: Check for invalid length parameter in Curl_cyassl_random + - cyassl: Default to highest possible TLS version + - Curl_ssl_md5sum: Return CURLcode (fixes OOM) + - polarssl: Remove dead code + - polarssl: Called mbedTLS in 1.3.10 and later + - globbing: Fix step parsing for character globbing ranges + - globbing: Fix url number calculation when using range with step + - multi: On a request completion, check all CONNECT_PEND transfers + - build: Link curl to openssl libraries when openssl support is enabled + - url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined + - vtls: Don't accept unknown CURLOPT_SSLVERSION values + - build: Fix libcurl.sln erroneous mixed configurations + - cyassl: Remove undefined reference to CyaSSL_no_filesystem_verify + - cyassl: Add SSL context callback support for CyaSSL + - tool: Only set SSL options if SSL is enabled + - multi: Remove_handle: move pending connections + - configure: Use KRB5CONFIG for krb5-config + - axtls: Add timeout within Curl_axtls_connect + - CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" + - cyassl: Fix library initialization return value + - cookie: Handle spaces after the name in Set-Cookie + - http2: Fix missing nghttp2_session_send call in Curl_http2_switched + - cyassl: Fix certificate load check + - build-openssl.bat: Fix mixed line endings + - checksrc.bat: Check lib\vtls source + - DNS: Fix refreshing of obsolete dns cache entries + - CURLOPT_RESOLVE: Actually implement removals + - checksrc.bat: Quotes to support an SRC_DIR with spaces + - cyassl: Remove 'Connecting to' message from cyassl_connect_step2 + - cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size + - lib/transfer.c: Remove factor of 8 from sleep time calculation + - lib/makefile.m32: Add missing libs to build libcurl.dll + - build: Generate source prerequisites for Visual Studio in generate.bat + - cyassl: Include the CyaSSL build config + - firefox-db2pem: Fix wildcard to find Firefox default profile + - BUGS: Refer to the github issue tracker now as primary + - vtls_openssl: Improve several certificate error messages + - cyassl: Add support for TLS extension SNI + - parsecfg: Do not continue past a zero termination + - configure --with-nss=PATH: Query pkg-config if available + - configure --with-nss: Drop redundant if statement + - cyassl: Fix include order + - HTTP: Fix PUT regression with Negotiate + - curl_version_info.3: Fixed the 'protocols' variable type +- Add patch to disabled unsupported TLS False Start support in NSS builds + with NSS < 3.15.4 + +* Wed Feb 25 2015 Paul Howarth <paul@city-fan.org> - 7.41.0-1.0.cf +- Update to 7.41.0 + - NetWare build: added TLS-SRP enabled build + - winbuild: Added option to build with c-ares + - Added --cert-status + - Added CURLOPT_SSL_VERIFYSTATUS + - sasl: Implement EXTERNAL authentication mechanism + - sasl_gssapi: Fixed build on NetBSD with built-in GSS-API + - FTP: Fix IPv6 host using link-local address + - FTP: If EPSV fails on IPV6 connections, bail out + - gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions + - NSS: Fix compiler error when built http2-enabled + - mingw build: allow to pass custom CFLAGS + - Add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS + - curl_schannel.c: Mark session as removed from cache if not freed + - Curl_pretransfer: Reset expected transfer sizes + - curl.h: Remove extra space + - curl_endian: Fixed build when 64-bit integers are not supported + - checksrc.bat: Better detection of Perl installation + - build-openssl.bat: Added check for Perl installation + - http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int + - http_negotiate: Added empty decoded challenge message info text + - vtls: Removed unimplemented overrides of curlssl_close_all() + - sasl_gssapi: Fixed memory leak with local SPN variable + - http_negotiate: Use dynamic buffer for SPN generation + - ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP + - openssl: Do public key pinning check independently + - timeval: Typecast for better type (on Amiga) + - ipv6: Enclose AF_INET6 uses with proper #ifdefs for ipv6 + - SASL: Common URL option and auth capabilities decoders for all protocols + - BoringSSL: Fix build + - BoringSSL: Detected by configure, switches off NTLM + - openvms: Handle openssl/0.8.9zb version parsing + - configure: Detect libresssl + - configure: Remove detection of the old yassl emulation API + - curl_setup: Disable SMB/CIFS support when HTTP only + - imap: Remove automatic password setting: it breaks external sasl authentication + - sasl: Remove XOAUTH2 from default enabled authentication mechanism + - runtests: Identify BoringSSL and libressl + - Security: Avoid compiler warning + - ldap: Build with BoringSSL + - des: Added Curl_des_set_odd_parity() + - CURLOPT_SEEKFUNCTION.3: also when server closes a connection + - CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 + - build: Removed unused Visual Studio bscmake settings + - build: Enabled DEBUGBUILD in Visual Studio debug builds + - build: Renamed top level Visual Studio solution files + - build: Removed Visual Studio SuppressStartupBanner directive for VC8+ + - libcurl-symbols: First basic shot for autogenerated docs + - Makefile.am: fix 'make distcheck' + . getpass_r: Read from stdin, not stdout! + - getpass: Protect include with proper #ifdef + - opts: CURLOPT_CAINFO availability depends on SSL engine + - More cleanup of 'CURLcode result' return code + - MD4: Replace implementation + - MD5: Replace implementation + - openssl: SSL_SESSION->ssl_version no longer exist + - md5: use axTLS's own MD5 functions when available + - schannel: Removed curl_ prefix from source files + - curl.1: Add warning when using -H and redirects + - curl.1: Clarify that -X is used for all requests + - gskit: Fix exclusive SSLv3 option + - polarssl: Fix exclusive SSL protocol version options + - http2: Fix bug that associated stream canceled on PUSH_PROMISE + - ftp: Accept all 2xx responses to the PORT command + - configure: Allow both --with-ca-bundle and --with-ca-path + - cmake: Install the dll file to the correct directory + - nss: Fix NPN/ALPN protocol negotiation + - polarssl: Fix ALPN protocol negotiation + - cmake: Fix generation of tool_hugehelp.c on windows + - cmake: Fix winsock2 detection on windows + - gnutls: Fix build with HTTP2 + - connect: Fix a spurious connect failure on dual-stacked hosts + - test: Test 530 is now less timing dependent + - telnet: Invalid use of custom read function if not set +- Include extern-scan.pl to make test1135 succeed (upstream commit 1514b718) + +* Mon Feb 23 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-3.0.cf +- Fix a spurious connect failure on dual-stacked hosts (#1187531) + +* Sun Feb 22 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-2.0.cf +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Thu Jan 8 2015 Paul Howarth <paul@city-fan.org> - 7.40.0-1.0.cf +- Update to 7.40.0 (addresses CVE-2014-8150 and CVE-2014-8151) + - http_digest: added support for Windows SSPI based authentication + - version info: added Kerberos V5 to the supported features + - Makefile: added VC targets for WinIDN + - config-win32: introduce build targets for VS2012+ + - SSL: add PEM format support for public key pinning + - smtp: added support for the conversion of Unix newlines during mail send + - smb: added initial support for the SMB/CIFS protocol + - added support for HTTP over unix domain sockets, via + CURLOPT_UNIX_SOCKET_PATH and --unix-socket + - sasl: added support for GSS-API based Kerberos V5 authentication + - darwinssl: fix session ID keys to only reuse identical sessions + - url-parsing: reject CRLFs within URLs + - OS400: adjust specific support to last release + - THANKS: remove duplicate names + - url.c: fixed compilation warning + - ssh: fixed build on platforms where R_OK is not defined + - tool_strdup.c: include the tool strdup.h + - build: fixed Visual Studio project file generation of strdup.[c|h] + - curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY + - curl.1: show zone index use in a URL + - mk-ca-bundle.vbs: switch to new certdata.txt url + - Makefile.dist: added some missing SSPI configurations + - build: fixed no NTLM support for email when CURL_DISABLE_HTTP is defined + - SSH: use the port number as well for known_known checks + - libssh2: detect features based on version, not configure checks + - http2: deal with HTTP/2 data inside Upgrade response header buffer + - multi: removed Curl_multi_set_easy_connection + - symbol-scan.pl: do not require autotools + - cmake: add ENABLE_THREADED_RESOLVER, rename ARES + - cmake: build libhostname for test suite + - cmake: fix HAVE_GETHOSTNAME definition + - tests: fix libhostname visibility + - tests: fix memleak in server/resolve.c + - vtls.h: fixed compiler warning when compiled without SSL + - CMake: restore order-dependent header checks + - CMake: restore order-dependent library checks + - tool: removed krb4 from the supported features + - http2: don't send Upgrade headers when we already do HTTP/2 + - examples: don't call select() to sleep on windows + - win32: updated some legacy APIs to use the newer extended versions + - easy.c: fixed compilation warning when no verbose string support + - connect.c: fixed compilation warning when no verbose string support + - build: in Makefile.m32 pass -F flag to windres + - build: in Makefile.m32 add -m32 flag for 32bit + - multi: when leaving for timeout, close accordingly + - CMake: simplify if() conditions on check result variables + - build: in Makefile.m32 try to detect 64bit target + - multi: inform about closed sockets before they are closed + - multi-uv.c: close the file handle after download + - examples: wait recommended 100ms when no file descriptors are ready + - ntlm: split the SSPI based messaging code from the native messaging code + - cmake: fix NTLM detection when CURL_DISABLE_HTTP defined + - cmake: add Kerberos to the supported feature + - CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option + - http: disable pipelining for HTTP/2 and upgraded connections + - ntlm: fixed static'ness of local decode function + - sasl: reduced the need for two sets of NTLM messaging functions + - multi.c: fixed compilation warnings when no verbose string support + - select.c: fix compilation for VxWorks + - multi-single.c: switch to use curl_multi_wait + - curl_multi_wait.3: clarify numfds being used if not NULL + - http.c: fixed compilation warnings from features being disabled + - NSS: enable the CAPATH option + - docs: fix FAILONERROR typos + - HTTP: don't abort connections with pending Negotiate authentication + - HTTP: free (proxy)userpwd for NTLM/Negotiate after sending a request + - http_perhapsrewind: don't abort CONNECT requests + - build: updated dependencies in makefiles + - multi.c: fixed compilation warning + - ftp.c: fixed compilation warnings when proxy support disabled + - get_url_file_name: fixed crash on OOM on debug build + - cookie.c: refactored cleanup code to simplify + - OS400: enable NTLM authentication + - ntlm: use Windows Crypt API + - http2: avoid logging neg "failure" if h2 was not requested + - schannel_recv: return the correct code + - VC build: added sspi define for winssl-zlib builds + - Curl_client_write(): chop long data, convert data only once + - openldap: do not ignore Curl_client_write() return code + - ldap: check Curl_client_write() return codes + - parsedate.c: fixed compilation warning + - url.c: fixed compilation warning when USE_NTLM is not defined + - ntlm_wb_response: fix "statement not reached" + - telnet: fix "cast increases required alignment of target type" + - smtp: fixed dot stuffing when EOL characters at end of input buffers + - ntlm: allow NTLM2Session messages when USE_NTRESPONSES manually defined + - ntlm: disable NTLM v2 when 64-bit integers are not supported + - ntlm: use short integer when decoding 16-bit values + - ftp.c: fixed compilation warning when no verbose string support + - synctime.c: fixed timeserver URLs + - mk-ca-bundle.pl: restored forced run again + - ntlm: fixed return code for bad type-2 Target Info + - curl_schannel.c: data may be available before connection shutdown + - curl_schannel: improvements to memory re-allocation strategy + - darwinssl: aprintf() to allocate the session key + - tool_util.c: use GetTickCount64 if it is available + - lib: fixed multiple code analysis warnings if SAL are available + - tool_binmode.c: explicitly ignore the return code of setmode + - tool_urlglob.c: silence warning C6293: Ill-defined for-loop + - opts: warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS + - SFTP: work-around servers that return zero size on STAT + - connect: singleipconnect(): properly try other address families after failure + - IPV6: address scope != scope id + - parseurlandfillconn(): fix improper non-numeric scope_id stripping + - secureserver.pl: make OpenSSL CApath and cert absolute path values + - secureserver.pl: update Windows detection and fix path conversion + - secureserver.pl: clean up formatting of config and fix verbose output + - tests: added Windows support using Cygwin-based OpenSSH + - sockfilt.c: use non-Ex functions that are available before WinXP + - VMS: updates for 0740-0D1220 + - openssl: warn for SRP set if SSLv3 is used, not for TLS version + - openssl: make it compile against openssl 1.1.0-DEV master branch + - openssl: fix SSL/TLS versions in verbose output + - curl: show size of inhibited data when using -v + - build: removed WIN32 definition from the Visual Studio projects + - build: removed WIN64 definition from the libcurl Visual Studio projects + - vtls: use bool for Curl_ssl_getsessionid() return type + - sockfilt.c: replace 100ms sleep with thread throttle + - sockfilt.c: reduce the number of individual memory allocations + - vtls: don't set cert info count until memory allocation is successful + - nss: don't ignore Curl_ssl_init_certinfo() OOM failure + - nss: don't ignore Curl_extract_certinfo() OOM failure + - vtls: fixed compilation warning and an ignored return code + - sockfilt.c: fixed compilation warnings + - darwinssl: fixed compilation warning + - vtls: use '(void) arg' for unused parameters + - sepheaders.c: fixed resource leak on failure + - lib1900.c: fixed cppcheck error + - ldap: fixed Unicode connection details in Win32 initialsation / bind calls + - ldap: fixed Unicode DN, attributes and filter in Win32 search calls +- re-enable test 2034 (https with certificate pinning) as it seems to be + working again on EL +- update patches as needed +- replace metalink patch with an openssl-specific version, since nss is fixed + upstream +- BR: python for http-pipe testing + +* Wed Nov 5 2014 Paul Howarth <paul@city-fan.org> - 7.39.0-1.0.cf +- update to 7.39.0 (addresses CVE-2014-3707) + - SSLv3 is disabled by default + - CURLOPT_COOKIELIST: added "RELOAD" command + - build: added WinIDN build configuration options to Visual Studio projects + - ssh: improve key file search + - SSL: public key pinning - use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey + - vtls: remove QsoSSL support, use gskit! + - mk-ca-bundle: added SHA-384 signature algorithm + - docs: added many examples for libcurl opts and other doc improvements + - build: added VC ssh2 target to main Makefile + - MinGW: added support to build with nghttp2 + - NetWare: added support to build with nghttp2 + - build: added Watcom support to build with WinSSL + - build: added optional specific version generation of VC project files + - curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds + - openssl: build fix for versions < 0.9.8e + - newlines: fix mixed newlines to LF-only + - ntlm: fixed HTTP proxy authentication when using Windows SSPI + - sasl_sspi: fixed Unicode build + - file: reject paths using embedded %%00 + - threaded-resolver: revert Curl_expire_latest() switch + - configure: allow --with-ca-path with PolarSSL too + - HTTP/2: fix busy loop when EOF is encountered + - CURLOPT_CAPATH: return failure if set without backend support + - nss: do not fail if a CRL is already cached + - smtp: fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error + - fixed 20+ nits/memory leaks identified by Coverity scans + - curl_schannel.c: fixed possible memory or handle leak + - multi-uv.c: call curl_multi_info_read() better + - Cmake: check for OpenSSL before OpenLDAP + - Cmake: fix library list provided to cURL tests + - Cmake: avoid cycle directory dependencies + - Cmake: build with GSS-API libraries (MIT or Heimdal) + - vtls: provide backend defines for internal source code + - nss: fix a connection failure when FTPS handle is reused + - tests/http_pipe.py: Python 3 support + - cmake: build tool_hugehelp (ENABLE_MANUAL) + - cmake: enable IPv6 by default if available + - tests: move TESTCASES to Makefile.inc, add show for cmake + - ntlm: avoid unnecessary buffer allocation for SSPI based type-2 token + - ntlm: fixed empty/bad base-64 decoded buffer return codes + - ntlm: fixed empty type-2 decoded message info text + - cmake: add CMake/Macros.cmake to the release tarball + - cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS + - cmake: use LIBCURL_VERSION from curlver.h + - cmake: generate pkg-config and curl-config + - fixed several superfluous variable assignements identified by cppcheck + - cleanup of 'CURLcode result' return code + - pipelining: only output "is not blacklisted" in debug builds + - SSL: remove SSLv3 from SSL default due to POODLE attack + - gskit.c: remove SSLv3 from SSL default + - darwinssl: detect possible future removal of SSLv3 from the framework + - ntlm: only define ntlm data structure when USE_NTLM is defined + - ntlm: return CURLcode from Curl_ntlm_core_mk_lm_hash() + - ntlm: return all errors from Curl_ntlm_core_mk_nt_hash() + - sspi: only call CompleteAuthToken() when complete is needed + - http_negotiate: fixed missing check for USE_SPNEGO + - HTTP: return larger than 3 digit response codes too + - openssl: check for NPN / ALPN via OpenSSL version number + - openssl: enable NPN separately from ALPN + - sasl_sspi: allow DIGEST-MD5 to use current windows credentials + - sspi: return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure + - resume: consider a resume from [content-length] to be OK + - sasl: fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used + - build-openssl.bat: fix x64 release build + - cmake: drop _BSD_SOURCE macro usage + - cmake: fix gethostby{addr,name}_r in CurlTests + - cmake: clean OtherTests, fixing -Werror + - cmake: fix struct sockaddr_storage check + - Curl_single_getsock: fix hold/pause sock handling + - SSL: PolarSSL default min SSL version TLS 1.0 + - cmake: fix ZLIB_INCLUDE_DIRS use + - buildconf: stop checking for libtool +- disable test 2034 (https with certificate pinning) on EL-5/6 until such time + as we can figure out why it breaks + (http://curl.haxx.se/mail/lib-2014-11/0040.html) + +* Tue Oct 21 2014 Paul Howarth <paul@city-fan.org> - 7.38.0-2.0.cf +- fix a connection failure when FTPS handle is reused + +* Wed Sep 10 2014 Paul Howarth <paul@city-fan.org> - 7.38.0-1.0.cf +- update to 7.38.0 + - CVE-2014-3613: cookie leak with IP address as domain + - CVE-2014-3620: cookie leak for TLDs + - CURLE_HTTP2 is a new error code + - CURLAUTH_NEGOTIATE is a new auth define + - CURL_VERSION_GSSAPI is a new capability bit + - no longer use fbopenssl for anything + - schannel: use CryptGenRandom for random numbers + - axtls: define curlssl_random using axTLS's PRNG + - cyassl: use RNG_GenerateBlock to generate a good random number + - findprotocol: show unsupported protocol within quotes + - version: detect and show LibreSSL + - version: detect and show BoringSSL + - imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI + - http2: requires nghttp2 0.6.0 or later + - fix a build failure on Debian when NSS support is enabled + - HTTP/2: fixed compiler warnings when built disabled + - cyassl: return the correct error code on no CA cert + - http: deprecate GSS-Negotiate macros due to bad naming + - http: fixed Negotiate: authentication + - multi: improve proxy CONNECT performance (regression) + - ntlm_wb: avoid invoking ntlm_auth helper with empty username + - ntlm_wb: fix hard-coded limit on NTLM auth packet size + - url.c: use the preferred symbol name: *READDATA + - smtp: fixed a segfault during test 1320 torture test + - cyassl: made it compile with version 2.0.6 again + - nss: do not check the version of NSS at run time + - c-ares: fix build without IPv6 support + - HTTP/2: use base64url encoding + - SSPI Negotiate: fix 3 memory leaks + - libtest: fixed duplicated line in Makefile + - conncache: fix compiler warning + - openssl: make ossl_send return CURLE_OK better + - HTTP/2: support expect: 100-continue + - HTTP/2: fix infinite loop in readwrite_data() + - parsedate: fix the return code for an overflow edge condition + - darwinssl: don't use strtok() + - http_negotiate_sspi: fixed specific username and password not working + - openssl: replace call to OPENSSL_config + - http2: show the received header for better debugging + - HTTP/2: move :authority before non-pseudo header fields + - HTTP/2: reset promised stream, not its associated stream + - HTTP/2: added some more logging for debugging stream problems + - ntlm: added support for SSPI package info query + - ntlm: fixed hard coded buffer for SSPI based auth packet generation + - sasl_sspi: fixed memory leak with not releasing Package Info struct + - sasl_sspi: fixed SPN not being converted to wchar under Unicode builds + - sasl: use a dynamic buffer for DIGEST-MD5 SPN generation + - http_negotiate_sspi: use a dynamic buffer for SPN generation + - sasl_sspi: fixed missing free of challenge buffer on SPN failure + - sasl_sspi: fixed hard coded buffer for response generation + - Curl_poll + Curl_wait_ms: fix timeout return value + - docs/SSLCERTS: update the section about NSS database + - create_conn: prune dead connections + - openssl: fix version report for the 0.9.8 branch + - mk-ca-bundle.pl: switched to using hg.mozilla.org + - http: fix the Content-Range: parser + - Curl_disconnect: don't free the URL + - win32: fixed WinSock 2 #if + - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth + - curl.1: clarify --limit-rate's effect on both directions + - disconnect: don't touch easy-related state on disconnects + - Cmake: big cleanup and numerous fixes + - HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers + - configure.ac: add support for recent GSS-API implementations for HP-UX + - CONNECT: close proxy connections that fail + - CURLOPT_NOBODY.3: clarify this option is for downloads + - darwinssl: fix CA certificate checking using PEM format + - resolve: cache lookup for async resolvers + - low-speed-limit: avoid timeout flood + - polarssl: implement CURLOPT_SSLVERSION + - multi: convert CURLM_STATE_CONNECT_PEND handling to a list + - curl_multi_cleanup: remove superfluous NULL assigns + - polarssl: support CURLOPT_CAPATH / --capath + - progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly +- add workaround for build with openssl < 0.9.8e + +* Sun Aug 17 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-3.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-2.0.cf +- tighten dependencies + +* Thu Jul 17 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-1.1.cf +- use POSIX threads and NSS for EL-7 build + +* Wed Jul 16 2014 Paul Howarth <paul@city-fan.org> - 7.37.1-1.0.cf +- update to 7.37.1 + - bits.close: introduce connection close tracking + - darwinssl: add support for --cacert + - polarssl: add ALPN support + - docs: added new option man pages + - build: fixed incorrect reference to curl_setup.h in Visual Studio files + - build: use $(TargetDir) and $(TargetName) macros for .pdb and .lib output + - curl.1: clarify that -u can't specify a user with colon + - openssl: fix uninitialized variable use in NPN callback + - curl_easy_reset: reset the URL + - curl_version_info.3: returns a pointer to a static struct + - url-parser: only use if_nametoindex if detected by configure + - select: with winsock, avoid passing unsupported arguments to select() + - gnutls: don't use deprecated type names any more + - gnutls: allow building with nghttp2 but without ALPN support + - tests: fix portability issue with the tftpd server + - curl_sasl_sspi: fixed corrupt hostname in DIGEST-MD5 SPN + - curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string + - random: use Curl_rand() for proper random data + - Curl_ossl_init: call OPENSSL_config for initing engines + - config-win32.h: updated for VC12 + - winbuild: don't USE_WINSSL when WITH_SSL is being used + - getinfo: HTTP CONNECT code not reset between transfers + - Curl_rand: use a fake entropy for debug builds when CURL_ENTROPY set + - http2: avoid segfault when using the plain-text http2 + - conncache: move the connection counter to the cache struct + - http2: better return code error checking + - curlbuild: fix GCC build on SPARC systems without configure script + - tool_metalink: support polarssl as digest provider + - curl.h: reverse the enum/define setup for old symbols + - curl.h: moved two really old deprecated symbols + - curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx + - buildconf: do not search tools in current directory + - OS400: make it compilable again; make RPG binding up to date + - nss: do not abort on connection failure (failing tests 305 and 404) + - nss: make the fallback to SSLv3 work again + - tool: prevent valgrind from reporting possibly lost memory (nss only) + - progress callback: skip last callback update on errors + - nss: fix a memory leak when CURLOPT_CRLFILE is used + - compiler warnings: potentially uninitialized variables + - url.c: fixed memory leak on OOM + - gnutls: ignore invalid certificate dates with VERIFYPEER disabled + - gnutls: fix SRP support with versions of GnuTLS from 2.99.0 + - gnutls: fixed a couple of uninitialized variable references + - gnutls: fixed compilation against versions < 2.12.0 + - build: fixed overridden compiler PDB settings in VC7 to VC12 + - ntlm_wb: fixed buffer size not being large enough for NTLMv2 sessions + - netrc: don't abort if home dir cannot be found + - netrc: fixed thread safety problem by using getpwuid_r if available + - cookie: avoid mutex deadlock + - configure: respect host tool prefix for krb5-config + - gnutls: handle IP address in cert name check +- fix endless loop with GSSAPI proxy auth (#1118751) + +* Mon Jul 14 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-4.0.cf +- use %%license in %%files list where possible + +* Fri Jul 4 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-3.0.cf +- various SSL-related fixes (mainly crash on connection failure) + +* Sat Jun 7 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-2.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Paul Howarth <paul@city-fan.org> - 7.37.0-1.0.cf +- update to 7.37.0 + this release includes the following changes: + - URL parser: IPv6 zone identifiers are now supported + - CURLOPT_PROXYHEADER: set headers for proxy-only + - CURLOPT_HEADEROPT: added + - curl: add --proxy-header + - sasl: added support for DIGEST-MD5 via Windows SSPI + - sasl: added DIGEST-MD5 qop-option validation in native challange handling + - imap: expanded mailbox SEARCH support to use URL query strings + - imap: extended FETCH support to include PARTIAL URL specifier + - nss: implement non-blocking SSL handshake + - build: reworked Visual Studio project files + - poll: enable poll on darwin13 + - mk-ca-bundle: added -p + - libtests: add a wait_ms() function + this release includes the following bugfixes: + - mkhelp: generate code for --disable-manual as well + - hostcheck: added a system include to define struct in_addr + - winbuild: added warnless.c to fix build + - Makefile.vc6: added warnless.c to fix build + - smtp: fixed login denied when server doesn't support AUTH capability + - smtp: fixed login denied with a RFC-821 based server + - curl: stop interpreting IPv6 literals as glob patterns + - http2: remove _DRAFT09 from the NPN_HTTP2 enum + - http2: let openssl mention the exact protocol negotiated + - http2+openssl: fix compiler warnings in ALPN using code + - ftp: in passive data connect wait for happy eyeballs sockets + - HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue + - http2: compile with current nghttp2, which supports h2-11 + - http_negotiate_sspi: fixed compilation when USE_HTTP_NEGOTIATE not defined + - strerror: fix comment about vxworks' strerror_r buffer size + - url: only use if_nametoindex() if IFNAMSIZ is available + - imap: fixed untagged response detection when no data after command + - various: fix possible dereference of null pointer + - various: fix use of uninitialized variable + - various: fix use of non-null terminated strings + - telnet.c: check sscanf results before passing them to snprintf + - parsedate.c: check sscanf result before passing it to strlen + - sockfilt.c: free memory in case of memory allocation errors + - sockfilt.c: ignore non-key-events and continue waiting for input + - sockfilt.c: properly handle disk files, pipes and character input + - sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe + - sockfilt.c: clean up threaded approach and add documentation + - configure: use the nghttp2 path correctly with pkg-config + - curl_global_init_mem: bump initialized even if already initialized + - gtls: fix NULL pointer dereference + - cyassl: use error-ssl.h when available + - handler: make 'protocol' always specified as a single bit + - INFILESIZE: fields in UserDefined must not be changed run-time + - openssl: biomem->data is not zero terminated + - config-win32.h: fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up + - curl_ntlm_core: fixed use of long long for VC6 and VC7 + - SNI: strip off a single trailing dot from host name + - curl: bail on cookie use when built with disabled cookies + - curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS + - curl_multi_cleanup: ignore SIGPIPE better + - schannel: don't use the connect-timeout during send + - mprintf: allow %%.s with data not being zero terminated + - tool_help: fixed missing --login-options option + - configure: don't set LD_LIBRARY_PATH when cross-compiling + - http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header + - cacertinmem: fix memory leak + - lib1506: make sure the transfers are not within the same ms + - Makefile.b32: fixed for vtls changes + - sasl: fixed missing qop in the client's challenge-response message + - openssl: unbreak PKCS12 support + - darwinssl: fix potential crash with a P12 file + - timers: fix timer regression involving redirects / reconnects + - CURLINFO_SSL_VERIFYRESULT: made more reliable + - HTTP: fixed connection re-use + - configure: add SPNEGO to supported features + - configure: add GSS-API to supported features + - ALPN: fix typo in http/1.1 identifier + - http2: make connection re-use work + +* Sat May 10 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-4.0.cf +- fix auth failure on duplicated 'WWW-Authenticate: Negotiate' header + (#1093348) + +* Fri Apr 25 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-3.0.cf +- nss: implement non-blocking SSL handshake + +* Thu Mar 27 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-2.0.cf +- extend URL parser to support IPv6 zone identifiers (#680996) + +* Thu Mar 27 2014 Paul Howarth <paul@city-fan.org> - 7.36.0-1.1.cf +- adapt tests 815 and 816 such that they work with the fix for CVE-2014-0138 + +* Wed Mar 26 2014 Paul Howarth <paul@city-fan.org> 7.36.0-1.0.cf +- update to 7.36.0 + this release includes the following security advisories: + - wrong re-use of connections (CVE-2014-0138) + - IP address wildcard certificate validation (CVE-2014-0139) + - not verifying certs for TLS to IP address / Darwinssl (CVE-2014-1263) + - not verifying certs for TLS to IP address / Winssl (CVE-2014-2522) + this release includes the following changes: + - ntlm: added support for NTLMv2 + - tool: added support for URL specific options + - openssl: add ALPN support + - gtls: add ALPN support + - nss: add ALPN and NPN support + - added CURLOPT_EXPECT_100_TIMEOUT_MS + - tool: add --no-alpn and --no-npn + - added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN + - winssl: enable TLSv1.1 and TLSv1.2 by default + - winssl: TLSv1.2 disables certificate signatures using MD5 hash + - winssl: enable hostname verification of IP address using SAN or CN + - darwinssl: don't omit CN verification when an IP address is used + - http2: build with current nghttp2 version + - polarssl: dropped support for PolarSSL < 1.3.0 + - openssl: info message with SSL version used + this release includes the following bugfixes: + - nss: allow to use ECC ciphers if NSS implements them + - netrc: fixed a memory leak in an OOM condition + - ftp: fixed a memory leak on wildcard error path + - pipeline: fixed a NULL pointer dereference on OOM + - nss: prefer highest available TLS version + - 100-continue: fix timeout condition + - ssh: fixed a NULL pointer dereference on OOM condition + - formpost: use semicolon in multipart/mixed + - --help: add missing --tlsv1.x options + - formdata: fixed memory leak on OOM condition + - ConnectionExists: reusing possible HTTP+NTLM connections better + - mingw32: fix compilation + - chunked decoder: track overflows correctly + - curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0 + - dict: fix memory leak in OOM exit path + - valgrind: added suppression on optimized code + - curl: output protocol headers using binary mode + - tool: added URL index to password prompt for multiple operations + - ConnectionExists: re-use non-NTLM connections better + - axtls: call ssl_read repeatedly + - multi: make MAXCONNECTS default 4 x number of easy handles function + - configure: fix the --disable-crypto-auth option + - multi: ignore SIGPIPE internally + - curl.1: update the description of --tlsv1 + - SFTP: skip reading the dir when NOBODY=1 + - easy: fixed a memory leak on OOM condition + - tool: fixed incorrect return code when setting HTTP request fails + - configure: tiny fix to honor POSIX + - tool: do not output libcurl source for the information only parameters + - Rework Open Watcom make files to use standard Wmake features + - x509asn: moved out Curl_verifyhost from NSS builds + - configure: call it GSS-API + - hostcheck: Curl_cert_hostcheck is not used by NSS builds + - multi_runsingle: move timestamp into INIT + - remote_port: allow connect to port 0 + - parse_remote_port: error out on illegal port numbers better + - ssh: pass errors from libssh2_sftp_read up the stack + - docs: remove documentation on setting up krb4 support + - polarssl: build fixes to work with PolarSSL 1.3.x + - polarssl: fix possible handshake timeout issue in multi + - nss: allow to enable/disable cipher-suites better + - ssh: prevent a logic error that could result in an infinite loop + - http2: free resources on disconnect + - polarssl: avoid extra newlines in debug messages + - rtsp: parse "Session:" header properly + - trynextip: don't store 'ai' on failed connects + - Curl_cert_hostcheck: strip trailing dots in host name and wildcard +- update patches as needed +- drop support for old distributions prior to FC-5 + - drop %%defattr, redundant since rpm 4.4 + - unconditionally build with metalink support + - certs always live under /etc/pki +- skip IMAP tests 815 and 816 for now, which are failing in this release + +* Mon Mar 17 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-5.0.cf +- add perl build requirements for the test suite + +* Wed Mar 5 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-3.0.cf +- avoid spurious failure of test1086 on s390(x) koji builders (#1072273) + +* Tue Feb 25 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-2.0.cf +- refresh expired cookie in test172 from upstream test-suite (#1068967) + +* Wed Jan 29 2014 Paul Howarth <paul@city-fan.org> - 7.35.0-1.0.cf +- update to 7.35.0: + - imap/pop3/smtp: added support for SASL authentication downgrades + - imap/pop3/smtp: extended the login options to support multiple auth mechs + - TheArtOfHttpScripting: major update, converted layout and more + - mprintf: added support for I, I32 and I64 size specifiers + - makefile: added support for VC7, VC11 and VC12 + - SECURITY ADVISORY: re-use of wrong HTTP NTLM connection (CVE-2014-0015) + - curl_easy_setopt: fixed OAuth 2.0 Bearer option name + - pop3: fixed APOP being determined by CAPA response rather than by timestamp + - Curl_pp_readresp: zero terminate line + - FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE + - docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE:// + - pop3: fixed auth preference not being honored when CAPA not supported + - imap: fixed auth preference not being honored when CAPABILITY not supported + - threaded resolver: use pthread_t * for curl_thread_t + - FILE: we don't support paused transfers using this protocol + - connect: try all addresses in first connection attempt + - curl_easy_setopt.3: added SMTP information to CURLOPT_INFILESIZE_LARGE + - OpenSSL: fix forcing SSLv3 connections + - openssl: allow explicit sslv2 selection + - FTP parselist: fix "total" parser + - conncache: fix possible dereference of null pointer + - multi.c: fix possible dereference of null pointer + - mk-ca-bundle: introduces -d and warns about using this script + - ConnectionExists: fix NTLM check for new connection + - trynextip: fix build for non-IPV6 capable systems + - Curl_updateconninfo: don't do anything for UDP "connections" + - darwinssl: un-break Leopard build after PKCS#12 change + - threaded-resolver: never use NULL hints with getaddrinf + - multi_socket: remind app if timeout didn't run + - OpenSSL: deselect weak ciphers by default + - error message: sensible message on timeout when transfer size unknown + - curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* + - win32: fixed use of deprecated function 'GetVersionInfoEx' for VC12 + - configure: fix gssapi linking on HP-UX + - chunked-parser: abort on overflows, allow 64 bit chunks + - chunked parsing: relax the CR strictness + - cookie: max-age fixes + - progress bar: always update when at 100%% + - progress bar: increase update frequency to 10Hz + - tool: fixed incorrect return code if command line parser runs out of memory + - tool: fixed incorrect return code if password prompting runs out of memory + - HTTP POST: omit Content-Length if data size is unknown + - GnuTLS: disable insecure ciphers + - GnuTLS: honor --slv2 and the --tlsv1[.N] switches + - multi: fixed a memory leak on OOM condition + - netrc: fixed a memory and file descriptor leak on OOM + - getpass: fix password parsing from console + - TFTP: fix crash on time-out + - hostip: don't remove DNS entries that are in use + - tests: lots of tests fixed to pass the OOM torture tests + +* Tue Jan 21 2014 Paul Howarth <paul@city-fan.org> - 7.34.0-1.1.cf +- add a couple of fixes from upstream for forced SSLv2 and SSLv3 support + +* Tue Dec 17 2013 Paul Howarth <paul@city-fan.org> - 7.34.0-1.0.cf +- update to 7.34.0: + - gtls: respect *VERIFYHOST independently of *VERIFYPEER (CVE-2013-6422) + - SSL: protocol version can be specified more precisely + - imap/pop3/smtp: added graceful cancellation of SASL authentication + - add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts + - base64: added validation of base64 input strings when decoding + - curl_easy_setopt: added the ability to set the login options separately + - smtp: added support for additional SMTP commands + - curl_easy_getinfo: added CURLINFO_TLS_SESSION for accessing TLS internals + - nss: allow to use TLS > 1.0 if built against recent NSS + - SECURITY: added this document to describe our security processes + - parseconfig: warn if unquoted white spaces are detected + - darwinssl: un-break iOS build after PKCS#12 feature added + - tool: use XFERFUNCTION to save some casts + - usercertinmem: fix memory leaks + - ssh: handle successful SSH_USERAUTH_NONE + - NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option + - test906: fixed failing test on some platforms + - sasl: initialize NSS before using NTLM crypto + - sasl: fixed memory leak in OAUTH2 message creation + - imap/pop3/smtp: fixed QUIT / LOGOUT being sent when SSL connect fails + - cmake: unbreak for non-Windows platforms + - ssh: initialize per-handle data in ssh_connect() + - glob: fix broken URLs + - configure: check for long long when building with cyassl + - CURLOPT_RESOLVE: mention they don't time-out + - docs/examples/httpput.c: fix build for MSVC + - FTP: make the data connection work when going through proxy + - NSS: support for CERTINFO feature + - curl_multi_wait: accept 0 from multi_timeout() as valid timeout + - glob_range: pass the closing bracket for a-z ranges + - tool_help: updated --list-only description to include POP3 + - Curl_ssl_push_certinfo_len: don't %%.*s non-zero-terminated string + - cmake: fix Windows build with IPv6 support + - ares: fixed compilation under Visual Studio 2012 + - curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation + - curl.1: mention that -O does no URL decoding + - darwinssl: PKCS#12 import feature now requires Lion or later + - darwinssl: check for SSLSetSessionOption() presence when toggling BEAST + - configure: fix test with -Werror=implicit-function-declaration + - sigpipe: factor out sigpipe_reset from easy.c + - curl_multi_cleanup: ignore SIGPIPE + - globbing: curl glob counter mismatch with {} list use + - parseconfig: dash options can't specified with colon or equals + - digest: fix CURLAUTH_DIGEST_IE + - curl.h: <sys/select.h> for OpenBSD + - darwinssl: Fix #if 10.6.0 for SecKeychainSearch + - TFTP: fix return codes for connect timeout + - login options: remove the ;[options] support from CURLOPT_USERPWD + - imap: fixed incorrect fallback to clear text authentication + - parsedate: avoid integer overflow + - curl.1: document -J doesn't %%-decode + - multi: add timer inaccuracy margin to timeout/connecttimeout +- switch to openssl backend for Fedora 10 to 15 as NSS 3.14 is now required + (http://curl.haxx.se/mail/lib-2013-12/0000.html) + +* Mon Dec 2 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-2.0.cf +- allow to use TLS > 1.0 if built against recent NSS + +* Wed Oct 30 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.3.cf +- run tests with -n to explicitly disable valgrind, which can be problematic + on old distributions + +* Tue Oct 22 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.2.cf +- fix missing initialization in SSH code causing test 619 to fail + +* Fri Oct 18 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.1.cf +- fix missing initialization in NTLM code causing test 906 to fail + +* Tue Oct 15 2013 Paul Howarth <paul@city-fan.org> - 7.33.0-1.0.cf +- update to 7.33.0: + - test code for testing the event based API + - CURLM_ADDED_ALREADY: new error code + - test TFTP server: support "writedelay" within <servercmd> + - krb4 support has been removed + - imap/pop3/smtp: added basic SASL XOAUTH2 support + - darwinssl: add support for PKCS#12 files for client authentication + - darwinssl: enable BEAST workaround on iOS 7 and later + - pass password to OpenSSL engine by user interface + - c-ares: add support for various DNS binding options + - cookies: add expiration + - curl: added --oauth2-bearer option + - nss: make sure that NSS is initialized + - curl: make --no-[option] work properly for several options + - FTP: with socket_action send better socket updates in active mode + - curl: fix the --sasl-ir in the --help output + - tests 2032, 2033: don't hardcode port in expected output + - urlglob: better detect unclosed braces, empty lists and overflows + - urlglob: error out on range overflow + - imap: fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands + - handle arbitrary-length username and password + - TFTP: make the CURLOPT_LOW_SPEED* options work + - curl.h: name space pollution by "enum type" + - multi: move on from STATE_DONE faster + - FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback + - multi_socket: improved 100-continue timeout handling + - curl_multi_remove_handle: allow multiple removes + - FTP: fix getsock during DO_MORE state + - -x: rephrased the --proxy section somewhat + - acinclude: fix --without-ca-path when cross-compiling + - LDAP: fix bad free() when URL parsing failed + - --data: mention CRLF treatment when reading from file + - curl_easy_pause: suggest one way to unpause + - imap: fixed calculation of transfer when partial FETCH received + - pingpong: check SSL library buffers for already read data + - imap/pop3/smtp: speed up SSL connection initialization + - libcurl.3: for multi interface connections are held in the multi handle + - curl_easy_setopt.3: mention RTMP URL quirks + - curl.1: detail how short/long options work + - curl.1: added information about optional login options to --user option + - curl: added clarification to the --mail options in the --help output + - curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value + - openssl: use correct port number in error message + - darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher + - OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER + - xattr: add support for FreeBSD xattr API + - win32: fix Visual Studio 2010 build with WINVER >= 0x600 + - configure: use icc options without space + - test1112: Increase the timeout from 7s to 16s + - SCP: upload speed on a fast connection limited to 16384 B/s + - curl_setup_once: fix errno access for lwip on Windows + - HTTP: output http response 304 when modified time is too old +- adjust multilib, debug and threaded DNS patches +- add new patch for failing test 906 + +* Fri Oct 11 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-3.0.cf +- do not limit the speed of SCP upload on a fast connection + (http://thread.gmane.org/gmane.comp.web.curl.library/40551/focus=40561) + +* Mon Sep 9 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-2.0.cf +- avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686) + +* Mon Aug 12 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-1.1.cf +- make sure that NSS is initialized prior to calling PK11_GenerateRandom() + +* Mon Aug 12 2013 Paul Howarth <paul@city-fan.org> - 7.32.0-1.0.cf +- update to 7.32.0: + - curl: allow timeouts to accept decimal values + - OS400: add slist and certinfo EBCDIC support + - OS400: new SSL backend GSKit + - CURLOPT_XFERINFOFUNCTION: introducing a new progress callback + - LIBCURL-STRUCTS: new document + - dotdot: introducing dot file path cleanup + - docs: fix typo in curl_easy_getinfo manpage + - test1230: avoid using hard-wired port number + - test1396: invoke the correct test tool + - SIGPIPE: ignored while inside the library + - darwinssl: fix crash that started happening in Lion + - OpenSSL: check for read errors, don't assume + - c-ares: improve error message on failed resolve + - printf: make sure %%x are treated unsigned + - formpost: better random boundaries + - url: restore the functionality of 'curl -u :' + - curl.1: fix typo in --xattr description + - digest: improve nonce generation + - configure: automake 1.14 compatibility tweak + - curl.1: document the --post303 option in the man page + - curl.1: document the --sasl-ir option in the man page + - setup-vms.h: sk_pop symbol tweak + - tool_paramhlp: try harder to catch negatives + - cmake: fix for MSVC2010 project generation + - asyn-ares: don't blank ares servers if none configured + - curl_multi_wait: set revents for extra fds + - reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() + - ftp_do_more: consider DO_MORE complete when server connects back + - curl_easy_perform: gradually increase the delay time + - curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output + - curl: fix upload of a zip file in OpenVMS + - build: fix linking on Solaris 10 + - curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos + - curl_formadd: fix file upload on VMS + - curl_easy_pause: on unpause, trigger mulit-socket handling + - md5 and metalink: use better build macros on Apple operating systems + - darwinssl: fix build error in crypto authentication under Snow Leopard + - curl: make --progress-bar update the line less frequently + - configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc.) + - mk-ca-bundle: skip more untrusted certificates + - formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used + - FTP: when EPSV gets a 229 but fails to connect, retry with PASV + - mk-ca-bundle.1: don't install on make install + - VMS: lots of updates and fixes of the build procedure + - global dns cache: didn't work (regression) + - global dns cache: fix memory leak +- adjust multilib and UTF8 patches +- drop upstreamed patches + +* Sat Aug 3 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-5.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 9 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-4.0.cf +- mention all options listed in 'curl --help' in curl.1 man page + +* Mon Jul 1 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-3.0.cf +- restore the functionality of 'curl -u :' + +* Wed Jun 26 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-2.0.cf +- build the curl tool with metalink support + +* Mon Jun 24 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-1.1.cf + - test1230: avoid using hard-wired port number + +* Sat Jun 22 2013 Paul Howarth <paul@city-fan.org> - 7.31.0-1.0.cf +- update to 7.31.0: + - SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end + of the input buffer (CVE-2013-2174) + - darwinssl: add TLS session resumption + - darwinssl: add TLS crypto authentication + - imap/pop3/smtp: added support for ;auth=<mech> in the URL + - imap/pop3/smtp: added support for ;auth=<mech> to CURLOPT_USERPWD + - usercertinmem.c: add example showing user cert in memory + - url: added smtp and pop3 hostnames to the protocol detection list + - imap/pop3/smtp: added support for enabling the SASL initial response + - curl -E: allow to use ':' in certificate nicknames + - FTP: access files in root dir correctly + - configure: try pthread_create without -lpthread + - FTP: handle a 230 welcome response + - curl-config: don't output static libs when they are disabled + - CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling + - Various documentation updates + - getinfo.c: reset timecond when clearing session-info variables + - FILE: prevent an artificial timeout event due to stale speed-check data + - ftp_state_pasv_resp: connect through proxy also when set by env + - sshserver: disable StrictHostKeyChecking + - ftpserver: fixed imap logout confirmation data + - curl_easy_init: use less mallocs + - smtp: fixed unknown percentage complete in progress bar + - smtp: fixed sending of double CRLF caused by first in EOB + - bindlocal: move brace out of #ifdef + - winssl: fixed invalid memory access during SSL shutdown + - OS X framework: fix invalid symbolic link + - OpenSSL: allow empty server certificate subject + - axtls: prevent memleaks on SSL handshake failures + - cookies: only consider full path matches + - revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup() + - Curl_cookie_add: handle IPv6 hosts + - ossl_send: SSL_write() returning 0 is an error too + - ossl_recv: SSL_read() returning 0 is an error too + - digest auth: escape user names with \ or " in them + - curl_formadd.3: fixed wrong "end-marker" syntax + - libcurl-tutorial.3: fix incorrect backslash + - curl_multi_wait: reduce timeout if the multi handle wants to + - tests/Makefile: typo in the perlcheck target + - axtls: honor disabled VERIFYHOST + - OpenSSL: avoid double free in the PKCS12 certificate code + - multi_socket: reduce timeout inaccuracy margin + - digest: support auth-int for empty entity body + - axtls: now done non-blocking + - lib1900: use tutil_tvnow instead of gettimeofday + - curl_easy_perform: avoid busy-looping + - CURLOPT_COOKIELIST: take cookie share lock + - multi_socket: react on socket close immediately +- adjust multilib patch +- drop upstreamed patches + +* Fri Apr 26 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-2.0.cf +- limit the excessive use of sed in %%prep +- prevent an artificial timeout event due to stale speed-check data (#906031) + +* Sat Apr 13 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-1.1.cf +- reinstate test port adjustment fixes + +* Fri Apr 12 2013 Paul Howarth <paul@city-fan.org> - 7.30.0-1.0.cf +- update to 7.30.0: + - SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage + (CVE-2013-1944) + - imap: Changed response tag generation to be completely unique + - imap: Added support for SASL-IR extension + - imap: Added support for the list command + - imap: Added support for the append command + - imap: Added custom request parsing + - imap: Added support to the fetch command for UID and SECTION properties + - imap: Added parsing and verification of the UIDVALIDITY mailbox attribute + - darwinssl: Make certificate errors less techy + - imap/pop3/smtp: Added support for the STARTTLS capability + - checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets + - curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag + - Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for + new multi interface connection handling + - Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, + CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and + CURLMOPT_PIPELINING_SERVER_BL for new pipelining control + - darwinssl: Fix build under Leopard + - DONE: consider callback-aborted transfers premature + - ntlm: Fixed memory leaks + - smtp: Fixed an issue when processing EHLO failure responses + - pop3: Fixed incorrect return value from pop3_endofresp() + - pop3: Fixed SASL authentication capability detection + - pop3: Fixed blocking SSL connect when connecting via POP3S + - imap: Fixed memory leak when performing multiple selects + - nss: fix misplaced code enabling non-blocking socket mode + - AddFormData: prevent only directories from being posted + - darwinssl: fix infinite loop if server disconnected abruptly + - metalink: fix improbable crash parsing metalink filename + - show proper host name on failed resolve + - MacOSX-Framework: Make script work in Xcode 4.0 and later + - strlcat: remove function + - darwinssl: Fix send glitchiness with data > 32 or so KB + - polarssl: better 1.1.x and 1.2.x support + - various documentation improvements + - multi: NULL pointer reference when closing an unused multi handle + - SOCKS: fix socks proxy when noproxy matched + - install-sh: updated to support multiple source files as arguments + - PolarSSL: added human readable error strings + - resolver_error: remove wrong error message output + - docs: updates HTML index and general improvements + - curlbuild.h.dist: enhance non-configure GCC ABI detection logic + - sasl: Fixed null pointer reference when decoding empty digest challenge + - easy: do not ignore poll() failures other than EINTR + - darwinssl: disable ECC ciphers under Mountain Lion by default + - CONNECT: count received headers + - build: fixes for VMS + - CONNECT: clear 'rewindaftersend' on success + - HTTP proxy: insert slash in URL if missing + - hiperfifo: updated to use current libevent API + - getinmemory.c: abort the transfer nicely if not enough memory + - improved win32 memorytracking + - corrected proxy header response headers count + - FTP quote operations on re-used connection + - tcpkeepalive on win32 + - tcpkeepalive on Mac OS X + - easy: acknowledge the CURLOPT_MAXCONNECTS option properly + - easy interface: restore default MAXCONNECTS to 5 + - win32: don't set SO_SNDBUF for windows vista or later versions + - HTTP: made cookie sort function more deterministic + - winssl: Fixed memory leak if connection was not successful + - FTP: wait on both connections during active STOR state + - connect: treat a failed local bind of an interface as a non-fatal error + - darwinssl: disable insecure ciphers by default + - FTP: handle "rubbish" in front of directory name in 257 responses + - mk-ca-bundle: Fixed lost OpenSSL output with "-t" +- remove upstreamed patches +- temporarily drop the switching of ports for tests as it causes test suite + failures +- add patch to fix linking of tests 1900 and 2033 + +* Tue Mar 12 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-4.0.cf +- do not ignore poll() failures other than EINTR (#919127) +- curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag (#919127) + +* Wed Mar 6 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-3.0.cf +- switch SSL socket into non-blocking mode after handshake +- drop the hide_selinux.c hack no longer needed in %%check + +* Fri Feb 22 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-2.0.cf +- fix a SIGSEGV when closing an unused multi handle (#914411) + +* Wed Feb 6 2013 Paul Howarth <paul@city-fan.org> - 7.29.0-1.0.cf +- update to 7.29.0: + - fix POP3/IMAP/SMTP SASL buffer overflow vulnerability (CVE-2013-0249) + - test: offer "automake" output and check for perl better + - always-multi: always use non-blocking internals + - imap: added support for sasl digest-md5 authentication + - imap: added support for sasl cram-md5 authentication + - imap: added support for sasl ntlm authentication + - imap: added support for sasl login authentication + - imap: added support for sasl plain text authentication + - imap: added support for login disabled server capability + - mk-ca-bundle: add -f, support passing to stdout and more + - writeout: -w now supports remote_ip/port and local_ip/port + - nss: prevent NSS from crashing on client auth hook failure + - darwinssl: fixed inability to disable peer verification on Snow Leopard and + Lion + - curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE + - SCP: relative path didn't work as documented + - setup_once.h: HP-UX <sys/socket.h> issue workaround + - configure: fix cross pkg-config detection + - runtests: do not add undefined values to @INC + - build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag + - multi: fix re-sending request on early connection close + - HTTP: remove stray CRLF in chunk-encoded content-free request bodies + - build: fix AIX compilation and usage of events/revents + - VC Makefiles: add missing hostcheck + - nss: clear session cache if a client certificate from file is used + - nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + - fix HTTP CONNECT tunnel establishment upon delayed response + - --libcurl: fix for non-zero default options + - FTP: reject illegal port numbers in EPSV 229 responses + - build: use per-target '_CPPFLAGS' for those currently using default + - configure: fix automake 1.13 compatibility + - curl: ignore SIGPIPE + - pop3: added support for non-blocking SSL upgrade + - pop3: fixed default authentication detection + - imap: fixed usernames and passwords that contain escape characters + - packages/DOS/common.dj: remove COFF debug info generation + - imap/pop3/smtp: fixed failure detection during TLS upgrade + - pop3: fixed no known authentication mechanism when fallback is required + - formadd: reject trying to read a directory where a file is expected + - formpost: support quotes, commas and semicolon in file names + - docs: update the comments about loading CA certs with NSS + - docs: fix typos in man pages + - darwinssl: fix bug where packets were sometimes transmitted twice + - winbuild: include version info for .dll .exe + - schannel: Removed extended error connection setup flag + - VMS: fix and generate the VMS build config +- drop upstreamed patches and update others as needed + +* Tue Jan 15 2013 Paul Howarth <paul@city-fan.org> - 7.28.1-3.0.cf +- prevent NSS from crashing on client auth hook failure +- clear session cache if a client cert from file is used +- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + +* Tue Nov 20 2012 Paul Howarth <paul@city-fan.org> - 7.28.1-1.0.cf +- update to 7.28.1: + - metalink/md5: use CommonCrypto on Apple operating systems + - href_extractor: new example code extracting href elements + - NSS can be used for metalink hashing + - fix broken libmetalink-aware OpenSSL build + - gnutls: fix the error is fatal logic + - darwinssl: un-broke iOS build, fix error on server disconnect + - asyn-ares: restore functionality with c-ares < 1.6.1 + - tlsauthtype: deal with the string case insensitively + - fixed MSVC libssh2 static build + - evhiperfifo: fix the pointer passed to WRITEDATA + - BUGS: fix the bug tracker URL + - winbuild: use machine type of development environment + - FTP: prevent the multi interface from blocking + - uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES + - httpcustomheader.c: free the headers after use + - fix >2000 bytes POST over NTLM-using proxy + - redirects to URLs with fragments + - don't send '#' fragments when using proxy + - OpenSSL: show full issuer string + - fix HTTP auth regression + - CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value + - ftp: EPSV-disable fix over SOCKS + - Digest: Add microseconds into nounce calculation + - SCP/SFTP: improve error code used for send failures + - SSL: several SSL-backend related fixes + - removed the notorious "additional stuff not fine" debug output + - OpenSSL: disable SSL/TLS compression - avoid the "CRIME" attack + - FILE: make upload-writes unbuffered + - custom memory callbacks failure with HTTP proxy (and more) + - TFTP: handle resends + - autoconf: don't force-disable compiler debug option + - winbuild: fix PDB file output + - test2032: spurious failure caused by premature termination + - memory leak: CURLOPT_RESOLVE with multi interface +- re-enable test2032 +- update UTF8 and debug patches +- fix bogus dates in spec changelog + +* Wed Oct 31 2012 Paul Howarth <paul@city-fan.org> - 7.28.0-1.0.cf +- update to 7.28.0: + - SSH: added agent based authentication + - ftp: active conn, allow application to set sockopt after accept() call + with CURLSOCKTYPE_ACCEPT + - multi: add curl_multi_wait() + - metalink: added support for Microsoft Windows CryptoAPI + - md5: added support for Microsoft Windows CryptoAPI + - parse_proxy: treat "socks://x" as a socks4 proxy + - socks: added support for IPv6 connections through SOCKSv5 proxy + - WSAPoll disabled on Windows builds due to its bugs + - fix segfault on request retries + - curl-config: parentheses fix + - VC build: add define for openssl + - globbing: fix segfault when >9 globs were used + - fixed a few clang-analyzer warnings + - metalink: change code order to build with gnutls-nettle + - gtls: fix build failure by including nettle-specific headers + - change preferred HTTP auth on a handle previously used for another auth + - file: use fdopen() to avoid race condition + - added DWANT_IDN_PROTOTYPES define for MSVC too + - verbose: fixed (nil) output of hostnames in re-used connections + - metalink: un-broke the build when building --with-darwinssl + - curl man page cleanup + - avoid leak of local device string when reusing connection + - Curl_socket_check: fix return code for timeout + - nss: do not print misleading NSS error codes + - configure: remove the --enable/disable-nonblocking options + - darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions + - NTLM: re-use existing connection better + - schannel crash on multi and easy handle cleanup + - SOCKS: truly disable it if CURL_DISABLE_PROXY is defined + - mk-ca-bundle: detect start of trust section better + - gnutls: do not fail on non-fatal handshake errors + - SMTP: only send SIZE if supported + - ftpserver: respond with a 250 to SMTP EHLO + - ssh: do not crash if MD5 fingerprint is not provided by libssh2 + - winbuild: added support for building with SPNEGO enabled + - metalink: fixed validation of binary files containing EOF + - setup.h: fixed for MS VC10 build + - cmake: use standard findxxx modules for cmake v2.8+ + - HTTP_ONLY: disable more protocols + - Curl_reconnect_request: clear pointer on failure + - https.c example: remember to call curl_global_init() + - metalink: Filter resource URLs by type + - multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation + - curl_schannel: Removed buffer limit and optimized buffer strategy +- drop patches now included in upstream release +- update UTF8 and debug patches +- disable tests 1112 and 2032 for now + +* Mon Oct 1 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-3.1.cf +- do not crash if MD5 fingerprint is not provided by libssh2 + +* Mon Aug 6 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-3.0.cf +- use the upstream facility to disable problematic tests + +* Wed Aug 1 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-2.0.cf +- eliminate unnecessary inotify events on upload via file protocol (#844385) + +* Sat Jul 28 2012 Paul Howarth <paul@city-fan.org> - 7.27.0-1.0.cf +- update to 7.27.0: + - nss: use human-readable error messages provided by NSS + - added --metalink for metalink download support + - pop3: added support for sasl plain text authentication + - pop3: added support for sasl login authentication + - pop3: added support for sasl ntlm authentication + - pop3: added support for sasl cram-md5 authentication + - pop3: added support for sasl digest-md5 authentication + - pop3: added support for apop authentication + - added support for Schannel (Native Windows) SSL/TLS encryption + - added support for Darwin SSL (Native Mac OS X and iOS) + - http: print reason phrase from HTTP status line on error + - pop3: fixed the issue of having to supply the user name for all requests + - configure: fix LDAPS disabling related misplaced closing parenthesis + - cmdline: made -D option work with -O and -J + - configure: fix libcurl.pc and curl-config generation for static MingW* + cross builds + - ssl: fix duplicated SSL handshake with multi interface and proxy + - winbuild: fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags + - OpenSSL: support longer certificate subject names + - openldap: OOM fixes + - log2changes.pl: fix the Version output + - lib554.c: use curl_formadd() properly + - urldata.h: fix cyassl build clash with wincrypt.h + - cookies: changed the URL in the cookiejar headers + - http-proxy: keep CONNECT connections alive (for NTLM) + - NTLM SSPI: fixed to work with unicode user names and passwords + - OOM fix in the curl tool when cloning cmdline options + - fixed some examples to use curl_global_init() properly + - cmdline: stricter numerical option parser + - HTTP HEAD: don't force-close after response-headers + - test231: fix wrong -C use + - docs: switch to proper UTF-8 for text file encoding + - keepalive: DragonFly uses milliseconds + - HTTP Digest: Client's "qop" value should not be quoted + - make distclean works again +- update patches as necessary + +* Mon Jul 23 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-6.0.cf +- print reason phrase from HTTP status line on error (#676596) + +* Wed Jul 18 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-5.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jun 9 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-4.0.cf +- fix duplicated SSL handshake with multi interface and proxy (#788526) + +* Wed May 30 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-3.0.cf +- disable test 1319 on ppc64; server times out + +* Mon May 28 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-2.0.cf +- use human-readable error messages provided by NSS (upstream commit 72f4b534) + +* Thu May 24 2012 Paul Howarth <paul@city-fan.org> - 7.26.0-1.0.cf +- update to 7.26.0: + - nss: the minimal supported version of NSS bumped to 3.12.x + - nss: human-readable names are now provided for NSS errors if available + - add a manual page for mk-ca-bundle + - added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR + - smtp: add support for DIGEST-MD5 authentication + - pop3: added support for additional pop3 commands + - nss: libcurl now uses NSS_InitContext() to prevent collisions if available + - URL parse: reject numerical IPv6 addresses outside brackets + - MD5: fix OOM memory leak + - OpenSSL cert: provide more details when cert check fails + - HTTP: empty chunked POST ended up in two zero size chunks + - fixed a regression when curl resolved to multiple addresses and the first + isn't supported + - -# progress meter: avoid superfluous updates and duplicate lines + - headers: surround GCC attribute names with double underscores + - PolarSSL: correct return code for CRL matches + - PolarSSL: include version number in version string + - PolarSSL: add support for asynchronous connect + - mk-ca-bundle: revert the LWP usage + - IPv6 cookie domain: get rid of the first bracket before the second + - connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails + - OpenSSL: made cert hostname check conform to RFC 6125 + - HTTP: reset expected DL/UL sizes on redirects + - CMake: fix Windows LDAP/LDAPS option handling + - CMake: fix MS Visual Studio x64 unsigned long long literal suffix + - configure: update detection logic of getaddrinfo() thread-safeness + - configure: check for gethostbyname in the watt lib + - curl-config.1: fix curl-config usage in example + - smtp: Fixed non-escaping of dot character at beginning of line + - MakefileBuild.vc: use the correct IDN variable + - autoconf: improve handling of versioned symbols + - curl.1: clarify -x usage + - curl: shorten user-agent + - smtp: issue with the multi-interface always sending postdata + - compile error with GnuTLS+Nettle fixed + - winbuild: fix IPv6 enabled build +- drop upstream patches +- re-diff other patches as necessary + +* Wed Apr 25 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-3.0.cf +- resync with Rawhide + +* Fri Apr 13 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-2.0.cf +- use NSS_InitContext() to initialize NSS if available (#738456) +- provide human-readable names for NSS errors (upstream commit a60edcc6) + +* Fri Mar 23 2012 Paul Howarth <paul@city-fan.org> - 7.25.0-1.0.cf +- update to 7.25.0: + - configure: add option disable --libcurl output + - --ssl-allow-beast and CURLOPT_SSL_OPTIONS added + - added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL + - curl: use new library-side TCP_KEEPALIVE options + - added a new CURLOPT_MAIL_AUTH option + - added support for --mail-auth + - --libcurl now also works with -F and more! + - --max-redirs: allow negative numbers as option value + - parse_proxy: bail out on zero-length proxy names + - configure: don't modify LD_LIBRARY_PATH for cross compiles + - curl_easy_reset: reset the referer string + - curl tool: don't abort glob-loop due to failures + - CONNECT: send correct Host: with IPv6 numerical address + - explicitly link to the nettle/gcrypt libraries + - more resilient connection times among IP addresses + - winbuild: fix IPV6 and IDN options + - SMTP: fixed error when using CURLOPT_CONNECT_ONLY + - cyassl: update to CyaSSL 2.0.x API + - smtp: fixed an issue with the EOB checking + - pop3: fixed drop of final CRLF in EOB checking + - smtp: fixed an issue with writing postdata + - smtp: added support for returning SMTP response codes + - CONNECT: fix ipv6 address in the Request-Line + - curl-config: only provide libraries with --libs + - LWIP: don't consider HAVE_ERRNO_H to be winsock + - ssh: tunnel through HTTP proxy if requested + - cookies: strip off [brackets] from numerical ipv6 host names + - libcurl docs: version corrections + - cmake: list_spaces_append_once failure + - resolve with c-ares: don't resolve IPv6 when not working + - smtp: changed error code for EHLO and HELO responses + - parsedate: fix a numeric overflow +- update debug, multilib and UTF8 patches +- drop support for distributions prior to FC-3: + - don't need to handle pkgconfig ≤ 0.15 with no URL support + - don't need workaround for RHL-9's LD_PRELOAD issues + +* Tue Jan 24 2012 Paul Howarth <paul@city-fan.org> - 7.24.0-1.0.cf +- update to 7.24.0: + - curl was vulnerable to a data injection attack for certain protocols + (CVE-2012-0036, http://curl.haxx.se/docs/adv_20120124.html) + - curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL + (CVE-2011-3389, http://curl.haxx.se/docs/adv_20120124B.html) + - CURLOPT_QUOTE: SFTP supports the '*'-prefix now + - CURLOPT_DNS_SERVERS: set name servers if possible + - add support for using nettle instead of gcrypt as gnutls backend + - CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes + - added CURLOPT_ACCEPTTIMEOUT_MS + - configure: add symbols versioning option --enable-versioned-symbols + - SSL session share: move the age counter to the share object + - -J -O: use -O name if no Content-Disposition header comes! + - protocol_connect: show verbose connect and set connect time + - query-part: ignore the URI part for given protocols + - gnutls: only translate winsock errors for old versions + - POP3: fix end of body detection + - POP3: detect when LIST returns no mails + - TELNET: improved treatment of options + - configure: add support for pkg-config detection of libidn + - CyaSSL 2.0+ library initialization adjustment + - multi interface: only use non-NULL socker function pointer + - call opensocket callback properly for active FTP + - don't call close socket callback for sockets created with accept() + - differentiate better between host/proxy errors + - SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 + - multi: handle timeouts on DNS servers by checking for new sockets + - CURLOPT_DNS_SERVERS: fix return code + - POP3: fixed escaped dot not being stripped out + - OpenSSL: check for the SSLv2 function in configure + - MakefileBuild: fix the static build + - create_conn: don't switch to HTTP protocol if tunneling is enabled + - multi interface: fix block when CONNECT_ONLY option is used + - fix connection reuse for TLS upgraded connections + - multiple file upload with -F and custom type + - multi interface: active FTP connections are no longer blocking + - Android build fix + - timer: restore PRETRANSFER timing + - libcurl.m4: fix quoting arguments of AC_LANG_PROGRAM + - appconnect time fixed for non-blocking connect ssl backends + - do not include SSL handshake into time spent waiting for 100-continue + - handle dns cache case insensitive + - use new host name casing for subsequent HTTP requests + - CURLOPT_RESOLVE: avoid adding already present host names + - SFTP mkdir: use correct permission + - resolve: don't leak pre-populated dns entries + - --retry: retry transfers on timeout and DNS errors + - negotiate with SSPI backend: use the correct buffer for input + - SFTP dir: increase buffer size counter to avoid cut off file names + - TFTP: fix resending (again) + - c-ares: don't include getaddrinfo-using code + - FTP: CURLE_PARTIAL_FILE will not close the control channel + - win32-threaded-resolver: stop using a dummy socket + - OpenSSL: remove reference to openssl internal struct + - OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled + - OpenSSL: fix PKCS#12 certificate parsing related memory leak + - OpenLDAP: fix LDAP connection phase memory leak + - Telnet: use correct file descriptor for telnet upload + - Telnet: Remove bogus optimisation of telnet upload + - URL parse: user name with ipv6 numerical address + - polarssl: show cipher suite name correctly with 1.1.0 + - polarssl: havege_rand is not present in version 1.1.0 (WARNING: we still + use the old API which is said to be insecure - see: + http://polarssl.org/trac/wiki/SecurityAdvisory201102) + - gnutls: enforced use of SSLv3 +- drop patches from upstream now included in release tarball +- don't include fix for broken applications with curl multi from Fedora 14 + onwards (#599340) +- update debug and UTF8 patches + +* Mon Jan 2 2012 Paul Howarth <paul@city-fan.org> - 7.23.1-5.0.cf +- add upstream patch that allows FTPS tests to run with nss-3.13 (#760060) + +* Tue Dec 27 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-4.0.cf +- allow to run FTPS tests with nss-3.13 (#760060) + +* Mon Dec 26 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-3.0.cf +- avoid unnecessary timeout event when waiting for 100-continue (#767490) + +* Mon Nov 21 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-2.0.cf +- curl -JO now uses -O name if no C-D header comes (upstream commit c532604) + +* Fri Nov 18 2011 Paul Howarth <paul@city-fan.org> - 7.23.1-1.0.cf +- update to 7.23.1: + - Windows: curl would fail if it found no CA cert, unless -k was used - even + if a non-SSL protocol URL was used + +* Wed Nov 16 2011 Paul Howarth <paul@city-fan.org> - 7.23.0-1.0.cf +- update to 7.23.0: + - empty headers can be sent in HTTP requests by terminating with a semicolon + - SSL session sharing support added to curl_share_setopt() + - added support to MAIL FROM for the optional SIZE parameter + - smtp: added support for NTLM authentication + - curl tool: code split into tool_*.[ch] files + - handle HTTP redirects to "//hostname/path" + - SMTP without --mail-from caused segfault + - prevent extra progress meter headers between multiple files + - allow Content-Length to be replaced when sending HTTP requests + - curl now always sets postfieldsize to allow --data-binary and --data + to be mixed in the same command line + - curl_multi_fdset: avoid FD_SET out of bounds + - lots of MinGW build tweaks + - Curl_gethostname: return un-qualified machine name + - fixed the openssl version number configure check + - nss: certificates from files are no longer looked up by file base names + - returning abort from the progress function when using the multi interface + would not properly cancel the transfer and close the connection + - fix libcurl.m4 to not fail with modern gcc versions + - ftp: improved the failed PORT host name resolved error message + - TFTP timeout and unexpected block adjustments + - HTTP and GOPHER test server-side connection closing adjustments + - fix endless loop upon transport connection timeout + - don't clobber errno on failed connect + - typecheck: allow NULL to unset CURLOPT_ERRORBUFFER + - formdata: ack read callback abort + - make --show-error properly position independent + - set the ipv6-connection boolean correctly on connect + - SMTP: fix end-of-body string escaping + - gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0 + - HTTP: handle multiple auths in a single WWW-Authenticate line + - curl_multi_fdset: correct fdset with FTP PORT use + - windbuild: fix the static build + - fix builds with GnuTLS version 3 + - fix calling of OpenSSL's ERR_remove_state(0) + - HTTP auth: fix proxy Negotiate bug when Negotiate not requested + - ftp PORT: don't hang if bind() fails + - -# would crash on terminals wider than 256 columns +- drop upstreamed patch for nss +- update patch for broken applications using curl multi (#599340) +- update UTF8 patch + +* Mon Sep 19 2011 Paul Howarth <paul@city-fan.org> - 7.22.0-2.0.cf +- nss: select client certificates by DER (#733657) + +* Tue Sep 13 2011 Paul Howarth <paul@city-fan.org> - 7.22.0-1.0.cf +- update to 7.22.0: + - added CURLOPT_GSSAPI_DELEGATION + - added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth + - display notes from setup file in testcurl.pl + - BSD-style lwIP TCP/IP stack experimental support on Windows + - OpenSSL: use SSL_MODE_RELEASE_BUFFERS if available + - --delegation was added to set CURLOPT_GSSAPI_DELEGATION + - nss: start with no database if the selected database is broken + - telnet: allow programatic use on Windows + - curl_getdate: detect some illegal dates better + - when sending a request and an error is received before the (entire) request + body is sent, stop sending the request and close the connection after + having received the entire response; this is equally true if an Expect: + 100-continue header was used + - when using both -J and a single -O with multiple URLs, a missing init + could cause a segfault + - -J fixed for escaped quotes + - -J fixed for file names with semicolons + - progress: reset flags at transfer start to avoid wrong + CURLINFO_CONTENT_LENGTH_DOWNLOAD + - curl_gssapi: guard files with HAVE_GSSAPI and rename private header + - silence picky compilers: mark unused parameters + - help output: more gnu-like output + - libtests: stop checking for CURLM_CALL_MULTI_PERFORM + - setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY + / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do + proxy-like HTTP requests + - CURLFORM_BUFFER: insert filename as documented (regression) + - SOCKS: fix the connect timeout + - ftp_doing: bail out on error properly while multi interfacing + - improved Content-Encoded decoding error message + - asyn-thread: check for dotted addresses before thread starts + - cmake: find winsock when building on windows + - Curl_retry_request: check return code + - cookies: handle 'secure=' as if it was 'secure' + - tests: break busy loops in tests 502, 555, and 573 + - FTP: fix proxy connect race condition with multi interface and SOCKS proxy + - RTSP: GET_PARAMETER requests have a body + - fixed several memory leaks in OOM situations + - bad expire(0) caused multi_socket API to hang + - avoid ftruncate() static define with mingw64 + - mk-ca-bundle.pl: ignore untrusted certs + - builds with PolarSSL 1.0.0 +- curl-config now provides dummy --static-libs option (#733956) +- update UTF8 patch + +* Sun Aug 21 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-4.1.cf +- actually fix SIGSEGV of curl -O -J given more than one URL (#723075) + +* Tue Aug 16 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-4.0.cf +- fix SIGSEGV of curl -O -J given more than one URL (#723075) +- introduce the --delegation option of curl (#730444) +- initialize NSS with no database if the selected database is broken (#728562) + +* Wed Aug 3 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-3.0.cf +- add a new option CURLOPT_GSSAPI_DELEGATION (#719939) + +* Wed Jul 13 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-2.0.cf +- for builds using c-ares, have libcurl require at least the version of c-ares + that it was built against to ensure that all required symbols are available + (similar issue to that with libssh2 fixed in 7.21.2-2.0.cf) +- upstream release no longer has spurious exec permissions for source files +- use a patch rather than a scripted iconv to re-code docs as UTF-8 +- fix dist tag for CentOS 6 and Scientific Linux + +* Thu Jun 23 2011 Paul Howarth <paul@city-fan.org> - 7.21.7-1.0.cf +- update to 7.21.7: + - SECURITY ADVISORY: inappropriate GSSAPI delegation (CVE-2011-2192); full + details at http://curl.haxx.se/docs/adv_20110623.html + - recognize the [protocol]:// prefix in proxy hosts where the protocol is one + of socks4, socks4a, socks5 or socks5h + - added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA + - NTLM: work with unicode + - fix connect with SOCKS proxy when using the multi interface + - anyauthput.c: stdint.h must not be included unconditionally + - CMake: improved build + - SCP/SFTP enable non-blocking earlier + - GnuTLS handshake: fix timeout + - cyassl: build without filesystem + - HTTPS over HTTP proxy using the multi interface + - speedcheck: invalid timeout event on a reused handle + - force connection close for HTTP 200 OK when time condition matched + - curl_formget: fix FILE * leak + - configure: improved OpenSSL detection + - android build: support gingerbread + - CURLFORM_STREAM: acknowledge CURLFORM_FILENAME + - windows build: use correct MS CRT + - pop3: remove extra space in LIST command +- drop upstream patches + +* Wed Jun 8 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-3.0.cf +- avoid an invalid timeout event on a reused handle (#679709) + +* Wed May 25 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-2.0.cf +- further fix for https via http proxy + (http://curl.haxx.se/mail/lib-2011-05/0214.html) + +* Sat Apr 23 2011 Paul Howarth <paul@city-fan.org> - 7.21.6-1.0.cf +- update to 7.21.6: + - added --tr-encoding and CURLOPT_TRANSFER_ENCODING + - curl-config: fix --version + - curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification + - use HTTPS properly after CONNECT + - SFTP: close file before post quote operations +- drop upstreamed patches + +* Thu Apr 21 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-3.0.cf +- fix problem with https via http proxy falling back to http + (http://curl.haxx.se/mail/lib-2011-04/0134.html) + +* Mon Apr 18 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-2.0.cf +- fix the output of curl-config --version (upstream commit 82ecc85) + +* Mon Apr 18 2011 Paul Howarth <paul@city-fan.org> - 7.21.5-1.0.cf +- update to 7.21.5: + - SOCKOPTFUNCTION: callback can say already-connected + - added --netrc-file + - added (new) support for cyassl + - TLS-SRP: enabled with OpenSSL + - added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION + - nss: avoid memory leak on SSL connection failure + - nss: do not ignore failure of SSL handshake + - multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP + - runtests.pl: fix pid number concatenation that prevented it from killing + the correct process at times + - PolarSSL: return 0 on receiving TLS CLOSE_NOTIFY alert + - curl_easy_setopt.3: removed wrong reference to CURLOPT_USERPASSWORD + - multi: close connection on timeout + - IMAP in multi mode does SSL connections non-blocking + - honours the --disable-ldaps configure option + - force setopt constants written by --libcurl to be long + - ssh_connect: treat libssh2 return code better + - SFTP upload could stall the state machine when the multi_socket API was used + - SFTP and SCP could leak memory when used with the multi interface and + the connection was closed + - added missing file to repair the MSVC makefiles + - fixed detection of recvfrom arguments on Android/bionic + - GSS: handle reuse fix + - transfer: avoid insane conversion of time_t + - nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases + - SMTP-multi: non-blocking connect + - SFTP-multi: set cselect for sftp and scp to fix "stall" risk + - configure: removed wrongly claimed default paths + - pop3: fixed torture tests to succeed + - symbols-in-versions: many corrections + - if a HTTP request gets retried because the connection was dead, rewind if + any data was sent as part of it + - only probe for working ipv6 once and then re-use that info for further + requests + - requests that are asked to bind to a local interface/port will no longer + wrongly re-use connections that aren't bound to that interface/port + - libcurl.m4: add missing quotes in AC_LINK_IFELSE + - progress output: don't print the last update on a separate line + - POP3: the command to send is STLS, not STARTTLS + - POP3: PASS command was not sent after upgrade to TLS + - configure: fix libtool warning + - nss: allow to use multiple client certificates for a single host + - HTTP pipelining: fix handling of zero-length responses + - don't list NTLM in curl-config when HTTP is disabled + - curl_easy_setopt.3: CURLOPT_RESOLVE typo version + - OpenSSL: build fine with no-sslv2 versions + - checkconnection: don't call with NULL pointer with RTSP and multi interface + - Borland makefile updates + - configure: libssh2 link fix without pkg-config + - certinfo crash + - CCC crash +- drop upstreamed patches +- update debug and pkgconfig patches +- nobody else likes macros for commands + +* Sat Mar 5 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-5.0.cf +- work around valgrind bug (#678518) + +* Tue Feb 22 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-2.0.cf +- do not ignore failure of SSL handshake (upstream commit 7aa2d10) + +* Thu Feb 17 2011 Paul Howarth <paul@city-fan.org> - 7.21.4-1.0.cf +- update to 7.21.4: + - CURLINFO_FTP_ENTRY_PATH now supports SFTP + - introduced new framework for unit-testing + - ares: ask for both IPv4 and IPv6 addresses + - SMTP: add brackets for MAIL FROM + - multi: connect fail => use next IP address + - use the timeout when using multiple IP addresses similar to how the easy + interface does it + - cookies: tricked dotcounter fixed + - pubkey_show: allocate buffer to fit any-size result + - Curl_nss_connect: avoid PATH_MAX + - Curl_do: avoid using stale conn pointer + - tftpd test server: avoid buffer overflow report from glibc + - nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash + - nss: fix a bug in handling of CURLOPT_CAPATH + - OpenSSL get_cert_chain: support larger data sets + - SCP/SFTP transfers: acknowledge speedcheck + - connect problem: use UDP correctly + - OpenSSL: improved error message on SSL_CTX_new failures + - HTTP: memory leak on multiple Location: + - ares_query_completed_cb: don't touch invalid data + - ares: memory leak fix + - mk-ca-bundle: use new cacert url + - Curl_gmtime: added a portable gmtime and check for NULL + - curl.1: typo in -v description + - CURLOPT_SOCKOPTFUNCTION: return proper error code + - --keepalive-time: warn if not supported properly + - file: add support for CURLOPT_TIMECONDITION + - nss: avoid memory leaks and failure of NSS shutdown + - multi: fix CURLM_STATE_TOOFAST for multi_socket +- update debug patch +- avoid memory leak on SSL connection failure (upstream commit a40f58d) +- drop upstreamed patches +- drop ares-ipv6 patch + +* Tue Feb 8 2011 Paul Howarth <paul@city-fan.org> - 7.21.3-3.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Paul Howarth <paul@city-fan.org> - 7.21.3-2.0.cf +- build libcurl with --enable-hidden-symbols + +* Thu Dec 16 2010 Paul Howarth <paul@city-fan.org> - 7.21.3-1.0.cf +- update to 7.21.3: + - added --noconfigure switch to testcurl.pl + - added --xattr option + - added CURLOPT_RESOLVE and --resolve + - added CURLAUTH_ONLY + - added version-check.pl to the examples dir + - check for libcurl features for some command line options + - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support + - http_chunks: remove debug output + - URL-parsing: consider ? a divider + - SSH: avoid using the libssh2_ prefix + - SSH: use libssh2_session_handshake() to work on win64 + - ftp: prevent server from hanging on closed data connection when stopping + a transfer before the end of the full transfer (ranges) + - LDAP: detect non-binary attributes properly + - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT + - gnutls->handshake: improved timeout handling + - security: pass the right parameter to init + - krb5: use GSS_ERROR to check for error + - TFTP: resend the correct data + - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected + - GnuTLS: now detects socket errors on Windows + - symbols-in-versions: updated en masse + - added a couple of examples that were missing from the tarball + - Curl_send/recv_plain: return errno on failure + - Curl_wait_for_resolv (for c-ares): correct timeout + - ossl_connect_common: detect connection re-use + - configure: prevent link errors with --librtmp + - openldap: use remote port in URL passed to ldap_init_fd() + - url: provide dead_connection flag in Curl_handler::disconnect + - lots of compiler warning fixes + - ssh: fix a download resume point calculation + - fix getinfo CURLINFO_LOCAL* for reused connections + - multi: the returned running handles counter could turn negative + - multi: only ever consider pipelining for connections doing HTTP(S) +- drop upstream patches now in tarball +- update bz650255 and ares-ipv6 patches to apply against new codebase +- add workaround for false-positive glibc-detected buffer overflow in tftpd + test server with FORTIFY_SOURCE (similar to #515361) + +* Sat Nov 13 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-5.0.cf +- do not send QUIT to a dead FTP control connection (#650255) +- pull back glibc's implementation of str[n]casecmp(); #626470 appears fixed + +* Tue Nov 9 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-4.0.cf +- prevent FTP client from hanging on unrecognized ABOR response (#649347) +- return more appropriate error code in case FTP server session idle + timeout has been exceeded (#650255) + +* Fri Oct 29 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-3.0.cf +- prevent FTP server from hanging on closed data connection (#643656) + +* Thu Oct 14 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-2.0.cf +- enforce versioned libssh2 dependency for libcurl (#642796) + +* Wed Oct 13 2010 Paul Howarth <paul@city-fan.org> - 7.21.2-1.0.cf +- update to 7.21.2: + - curl -T: ignore file size of special files + - added GOPHER protocol support + - c-ares build now requires c-ares >= 1.6.0 + - --remote-header-name security vulnerability fixed: + http://curl.haxx.se/docs/adv_20101013.html + - multi: support the timeouts correctly, fixes known bug #62 + - multi: use timeouts properly for MAX_RECV/SEND_SPEED + - negotiation: Wrong proxy authorization + - multi: avoid sending multiple complete messages + - cmdline: make -F type= accept ;charset= + - RESUME_FROM: clarify what ftp uploads do + - http: handle trailer headers in all chunked responses + - Curl_is_connected: use correct errno + - progress: callback for POSTs less than MAX_INITIAL_POST_SIZE + - link curl and the test apps with -lrt explicitly when necessary + - chunky parser: only rewind stream internally if needed + - remote-header-name: don't output filename when NULL + - Curl_timeleft: avoid returning "no timeout" by mistake + - timeout: use the correct start value as offset + - FTP: fix wrong timeout trigger + - buildconf got better output on failures + - rtsp: avoid SIGSEGV on malformed header + - LDAP: support for tunnelling queries through HTTP proxy + - configure's --enable-werror had a bashism + - test565: don't hardcode IP:PORT + - configure: check for gcrypt if using GnuTLS + - configure: don't enable RTMP if the lib detect fails + - curl_easy_duphandle: clone the c-ares handle correctly + - support URL containing colon without trailing port number + - parsedate: allow time specified without seconds + - curl_easy_escape: don't escape "unreserved" characters + - SFTP: avoid downloading negative sizes + - lots of GSS/KRB FTP fixes + - TFTP: work around tftpd-hpa upload bug + - libcurl.m4: several fixes + - HTTP: remove special case for 416 + - examples: use example.com in example URLs + - globbing: fix crash on unbalanced open brace + - cmake: build fixed +- drop upstream patches +- make 0102-curl-7.21.2-debug.patch less intrusive +- update workaround for broken applications using curl multi +- use LD_PRELOAD hack to get sshd running in test suite with SELinux enforcing +- drop SELinux buildreqs, no longer needed + +* Thu Sep 30 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-6.0.cf +- rebuild for gcc bug (#634757) + +* Sat Sep 11 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-5.0.cf +- make it possible to run SCP/SFTP tests on x86_64 (#632914) + +* Wed Sep 8 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-4.0.cf +- work around glibc/valgrind problem on x86_64 (#631449) + +* Tue Aug 24 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-3.0.cf +- sync patches with Rawhide +- drop dependency on automake for devel package from F-14, where + %%{_datadir}/aclocal is included in the filesystem package +- drop dependency on pkgconfig for devel package from F-11, where + pkgconfig dependencies are auto-generated + +* Mon Aug 23 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-2.1.cf +- fix kerberos proxy authentication for https (#625676) +- work around glibc/valgrind problem on x86_64 (#626470) + +* Thu Aug 19 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-2.0.cf +- modify system headers to work around gcc bug (#617757) +- curl -T now ignores file size of special files (#622520) + +* Thu Aug 12 2010 Paul Howarth <paul@city-fan.org> - 7.21.1-1.0.cf +- update to 7.21.1: + - added support for NTLM authentication when compiled with NSS + - curl-config: --built-shared returns shared info + - multi: call the progress callback in all states + - multi: unmark handle as used when no longer head of pipeline + - sendrecv: treat all negative values from send/recv as errors + - ftp-wildcard: avoid tight loop when used without any pattern + - multi_socket: re-use of same socket without notifying app + - ftp wildcard: FTP LIST parser FIX + - urlglobbing backslash escaping bug + - multi: CURLINFO_LASTSOCKET doesn't work after remove_handle + - --libcurl: use *_LARGE options with typecasted constants + - --libcurl: hide setopt() calls setting default options + - curl: avoid setting libcurl options to its default + - --libcurl: list the tricky options instead of using [REMARK] + - http: don't enable chunked during authentication negotiations + - upload: warn users trying to upload from stdin with anyauth + - threaded resolver: fix timeout issue + - multi: fix condition that remove timers before trigger + - examples: add curl_multi_timeout + - --retry: access violation with URL part sets continued + - remote-header-name: chop filename at next semicolon + - ftp: response timeout bug in "quote" sending + - CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled + - NTLM tests: boost coverage by forcing the hostname + - multi: fix FTPS connecting the data connection with OpenSSL + - retry: consider retrying even if -f is used + - fix SOCKS problem when using multi interface + - typecheck-gcc: add checks for recently added options + - SCP: send large files properly with new enough libssh2 + - multi_socket: set timeout for 100-continue + - ";type=" URL suffix over HTTP proxy + - acknowledge progress callback error returns during connect +- drop upstreamed NTLM-with-NSS patch +- rediff other patches where necessary +- use LD_PRELOAD with absolute directory on RHL-9 to avoid test failures + +* Mon Jun 28 2010 Paul Howarth <paul@city-fan.org> - 7.21.0-2.0.cf +- add support for NTLM authentication (#603783) + +* Fri Jun 18 2010 Paul Howarth <paul@city-fan.org> - 7.21.0-1.0.cf +- update to 7.21.0 + new features: + - added the --proto and -proto-redir options + - new configure option --enable-threaded-resolver + - improve TELNET ability with libcurl + - added support for PolarSSL + - added support for FTP wildcard matching and downloads + - added support for RTMP + - introducing new LDAP code for new enough OpenLDAP + - OpenLDAP support enabled for cygwin builds + - added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT + bugfixes: + - prevent needless reverse name lookups + - detect GSS on ancient Linux distros + - GnuTLS: EOF caused error when it wasn't + - GnuTLS: SSL handshake phase is non-blocking + - -J/--remote-header-name strips CRLF + - MSVC makefiles now use ws2_32.lib instead of wsock32.lib + - -O crash on windows + - SSL handshake timeout underflow in libcurl-NSS + - multi interface missed storing connection time + - broken CRL support in libcurl-NSS + - ignore response-body on redirect even if compressed + - OpenSSL handshake state-machine for multi interface + - TFTP timeout option sent correctly + - TFTP block id wrap + - curl_multi_socket_action() timeout handles inaccuracy in timers better + - SCP/SFTP failure to respect the timeout + - spurious SSL connection aborts with OpenSSL +- rename patches as per Fedora package +- drop applied patches +- update %%description + +* Fri Jun 4 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-8.0.cf +- workaround for broken applications using curl multi (#599340) +- enable threaded DNS lookup instead of using c-ares for F-12 and F-13 builds + +* Tue May 25 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-7.0.cf +- fix -J/--remote-header-name to strip CR-LF (upstream patch) + +* Wed May 12 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-6.0.cf +- CRL support now works again (#581926) +- fix dist tag for RHEL-6 Beta + +* Thu Apr 29 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-5.0.cf +- fix the test suite so that the SSH server can start in an SELinux enforcing + environment (#521087) + +* Sun Apr 25 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-4.0.cf +- upstream patch preventing failure of test536 with threaded DNS resolver +- upstream patch preventing SSL handshake timeout underflow + +* Tue Apr 20 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-2.1.cf +- experimentally enable threaded DNS lookup instead of using c-ares + (Rawhide [F-14] builds only) +- fix multilib confict in curl-config --configure (#584107) +- tighten up dependency on libcurl from libcurl-devel to use %%{?_isa} +- replace Rawhide s390-sleep patch with a more targeted patch adding a + delay after tests 513 and 514 rather than after all tests +- add patch disabling valgrind in test623 as it identifies a memory leak in + libssh2 and breaks the build + +* Tue Apr 20 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-1.1.cf +- sync patches with Rawhide +- remove redundant compiler/linker flags from libcurl.pc + +* Thu Apr 15 2010 Paul Howarth <paul@city-fan.org> - 7.20.1-1.0.cf +- update to 7.20.1 (see RELEASE-NOTES for details) +- drop upstreamed patches +- add patch to fix GSSAPI support for ancient distros like RHEL-3 + +* Wed Mar 24 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-4.0.cf +- add missing quote in libcurl.m4 (#576252) +- resync cc-err patch with Fedora + +* Sun Mar 21 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-3.0.cf +- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972) +- handle move of kerberos installation prefix in krb5 >= 1.8 +- drop libidn-devel dependency for libcurl-devel; no longer needed + +* Tue Feb 23 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-2.0.cf +- merge patches with Fedora: s390-sleep, debug, multilib, ares-ipv6 +- drop privlibs patch, no longer useful +- add patch forcing -lrt when linking the curl tool and test-cases + +* Tue Feb 9 2010 Paul Howarth <paul@city-fan.org> - 7.20.0-1.0.cf +- update to 7.20.0 (added support for IMAP(S), POP3(S), SMTP(S) and RTSP) +- drop upstream patches +- update multilib, privlibs and s390-sleep patches + +* Sun Jan 31 2010 Paul Howarth <paul@city-fan.org> - 7.19.7-11.0.cf +- upstream patch adding a new option -J/--remote-header-name +- dropped temporary workaround for #545779 + +* Tue Dec 22 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-9.0.cf +- re-enable c-ares support, with temporary workaround for IPv4/IPv6 issue + (ticket:2, #548269) - c-ares support is needed to resolve #539809 + +* Thu Dec 10 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-8.0.cf +- use different ports in the test suites for different builds so we can run + the builds in parallel +- temporary workaround for NSS_VersionCheck issues (#545779) +- skip the (lengthy) test suite on EOL Fedora releases (over ~400 days old); + the tests are still run for all RHEL releases, which should provide + sufficient back-compatibility coverage + +* Mon Dec 7 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-5.0.cf +- avoid use of uninitialized value in lib/nss.c +- attempt to fix failures for tests 513, 514, and 1097 +- no longer leave debug data for test suite around +- disable c-ares support (causes problems reaching hosts that have both IPv4 + and IPv6 addresses - http://curl.haxx.se/mail/lib-2009-12/0057.html) + +* Tue Dec 1 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-4.0.cf +- dist tag for Rawhide no longer needs special-casing + +* Thu Nov 12 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-3.0.cf +- fix crash on doubly closed NSPR descriptor (#534176) +- new version of patch for broken TLS servers (#525496, #527771) +- run test suite to completion and leave debug data around + +* Wed Nov 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.7-2.0.cf +- new upstream release, dropped applied patches +- workaround for broken TLS servers (#525496, #527771) +- build libcurl with c-ares support (#514771) +- update multilib and privlibs patches to match Fedora versions +- update debug patch to apply against 7.19.7 +- bump NSS version requirement to 3.12.3 (test suite now fails w/NSS on + Fedora 8 and 9 so revert to OpenSSL for those releases) + +* Sun Sep 27 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-10.0.cf +- explicitly buildreq/req libssh2 >= 1.2 due to its ABI change (#525002) +- note: unlike the Fedora package I'm not running the test suite with valgrind + as it takes long enough already and valgrind isn't available on some of the + ancient distros I'm supporting + +* Wed Sep 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-8.0.cf +- rebuild for libssh2 1.2 + +* Fri Sep 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-7.0.cf +- make curl test-suite more verbose + +* Fri Sep 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-6.0.cf +- update polling patch to the latest upstream version + +* Fri Sep 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-5.0.cf +- buildreq openssh server and clients for ssh coverage in test suite + +* Fri Sep 4 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-4.0.cf +- use pkg-config to find nss and libssh2 if possible +- better patch (not only) for SCP/SFTP polling +- improve error message for not matching common name (#516056) + +* Sun Aug 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-3.0.cf +- avoid tight loop during a sftp upload + (see http://permalink.gmane.org/gmane.comp.web.curl.library/24744) + +* Tue Aug 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-2.0.cf +- let curl package depend on the same version of libcurl +- change NSS code to not ignore the value of ssl.verifyhost and produce more + verbose error messages (#516056) +- renumber patches as per Fedora version +- avoid tests 513, 514, and 1097, which regularly fail on the buildsystem + +* Thu Aug 13 2009 Paul Howarth <paul@city-fan.org> - 7.19.6-1.0.cf +- update to 7.19.6 +- drop FTP socket and NSS cert patches; issues now fixed upstream + +* Fri Jul 10 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-7.0.cf +- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson + +* Mon Jul 6 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-6.0.cf +- resync with Fedora + +* Sun Jul 5 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-5.0.cf +- run test suite after build (add buildreq stunnel) +- enable built-in manual (requires buildreq groff) + +* Wed Jun 24 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-4.0.cf +- Fedora version now fixes header multilib issue in much the same way as this + version (#504857) + +* Mon Jun 15 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-2.0.cf +- renumber patches as per Fedora version + +* Mon May 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.5-1.0.cf +- update to 7.19.5 +- remove upstreamed memory leak and infinite loop patches +- update debug patch (upstream moved from autoconf 2.61 to 2.63) + +* Tue May 12 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-11.0.cf +- fix infinite loop while loading a private key, thanks to Michael Cronenworth + (#453612) +- fix curl/nss memory leaks while using client certificate (#453612, accepted + by upstream) + +* Thu Apr 23 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-9.0.cf +- fix debuginfo creation (#496778), but unlike Fedora, without running the + autotools during the build process + +* Wed Apr 15 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-6.0.cf +- upstream patch fixing memory leak in lib/nss.c (#453612) + +* Wed Mar 18 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-5.0.cf +- enable 6 additional crypto algorithms by default (#436781, + accepted by upstream) + +* Mon Mar 16 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-4.0.cf +- fix memory leak in src/main.c (accepted by upstream) +- make libcurl-devel multilib-clean (#488922) + +* Mon Mar 9 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-2.0.cf +- drop .easy-leak patch, causes problems in pycurl (#488791) +- add libssh-devel dependency in libcurl-devel (#488895) + +* Thu Mar 5 2009 Paul Howarth <paul@city-fan.org> - 7.19.4-1.0.cf +- update to 7.19.4 (fixes CVE-2009-0037, #485271) +- fix leak in curl_easy* functions, thanks to Kamil Dudka +- drop nss-fix patch, applied upstream + +* Tue Feb 17 2009 Paul Howarth <paul@city-fan.org> - 7.19.3-1.1.cf +- add updated badsocket patch from Fedora, renamed to reflect curl version it + applies to +- add nss-fix patch from Fedora +- build using NSS rather than OpenSSL where supported again + +* Tue Jan 20 2009 Paul Howarth <paul@city-fan.org> - 7.19.3-1.0.cf +- update to 7.19.3 + +* Fri Nov 14 2008 Paul Howarth <paul@city-fan.org> - 7.19.2-1.0.cf +- update to 7.19.2 + +* Thu Nov 6 2008 Paul Howarth <paul@city-fan.org> - 7.19.1-1.0.cf +- update to 7.19.1 +- NSS thread safety issues addressed upstream, patch removed + +* Fri Sep 19 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.2.cf +- NSS support is broken again, always build with OpenSSL + +* Thu Sep 4 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.1.cf +- add thread safety to libcurl NSS cleanup() functions (#459297) + +* Tue Sep 2 2008 Paul Howarth <paul@city-fan.org> - 7.19.0-1.0.cf +- update to 7.19.0 +- drop badsocket patch, issue now addressed upstream +- drop nssproxy patch, now applied upstream + +* Fri Aug 22 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-5.0.cf +- remove note about libcurl.so.3 now that it's gone in Fedora too + +* Fri Aug 22 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-4.0.cf +- add note in %%description about not providing libcurl.so.3 + +* Fri Jul 4 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-3.0.cf +- enable support for libssh2 (#453958) +- tweak dist tag macros to work on current Rawhide with three-part releasenum + +* Wed Jun 18 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-2.0.cf +- fix curl_multi_perform() over a proxy (#450140), thanks to Rob Crittenden + +* Thu Jun 5 2008 Paul Howarth <paul@city-fan.org> - 7.18.2-1.0.cf +- update to 7.18.2 + +* Wed May 7 2008 Paul Howarth <paul@city-fan.org> - 7.18.1-2.0.cf +- use a different libtool hack to avoid bogus rpaths; no longer need to + buildreq libtool on x86_64 +- add ABI docs for libcurl + +* Mon Mar 31 2008 Paul Howarth <paul@city-fan.org> - 7.18.1-1.0.cf +- update to 7.18.1 (fixes #397911) +- no longer need _GNU_SOURCE +- ca_bundle.crt no longer included upstream + +* Tue Feb 19 2008 Paul Howarth <paul@city-fan.org> - 7.18.0-2.0.cf +- define _GNU_SOURCE so that NI_MAXHOST gets defined from glibc + +* Tue Jan 29 2008 Paul Howarth <paul@city-fan.org> - 7.18.0-1.0.cf +- update to 7.18.0 +- update multilib patch (--static-libs option removed as we don't ship + static libs) +- drop curl-config patch, obsoleted by @SSL_ENABLED@ autoconf + substitution (#432667) +- sslgen patch now included upstream and no longer needed + +* Tue Jan 22 2008 Paul Howarth <paul@city-fan.org> - 7.17.1-6.1.cf +- fix curl-devel obsoletes so that we don't break F8->F9 upgrade + path (#429612) + +* Fri Jan 11 2008 Paul Howarth <paul@city-fan.org> - 7.17.1-5.1.cf +- do not attempt to close a bad socket (#427966), thanks to Caolan McNamara + +* Fri Dec 7 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-4.1.cf +- rebuild for new openldap in Rawhide + +* Fri Nov 30 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-3.1.cf +- add LDAP/LDAPS to %%description +- simplify compiler flag setup + +* Thu Nov 29 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-2.2.cf +- add -DHAVE_PK11_CREATEGENERICOBJECT to CPPFLAGS when building with NSS to + maintain compatibility with openssl-based builds +- explictly buildreq krb5-devel, needed for GSSAPI support +- rework pkgconfig version check to avoid SRPM build problems + +* Thu Nov 22 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-2.1.cf +- update description to contain complete supported servers list (#393861) + +* Mon Nov 19 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.3.cf +- include patch to enable SSL usage in NSS when a socket is opened + nonblocking, thanks to Rob Crittenden (rcritten@redhat.com) + +* Tue Nov 6 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.2.cf +- strip URL variable from pkgconfig file on older distributions + that have broken curl-config scripts in its presence + +* Thu Nov 1 2007 Paul Howarth <paul@city-fan.org> - 7.17.1-1.1.cf +- update to 7.17.1 +- switch to NSS by default again for distributions that support it, but + support building using --without nss for traditional OpenSSL builds +- provide webclient (#225671) +- list features correctly when curl is compiled against NSS (#316191) +- create libcurl and libcurl-devel subpackages (#130251) + +* Fri Sep 14 2007 Paul Howarth <paul@city-fan.org> - 7.17.0-1.1.cf +- update to 7.17.0 +- remove anonymous ftp login patch, now upstream +- remove LDAP version detection in spec since LDAP libraries are now linked + directly rather than using dlopen() +- enable LDAPS support +- make sure docs have UTF-8 encoding + +* Wed Sep 5 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-4.1.cf +- revert back to using OpenSSL by default (#266021), but support --with nss + as a build option for those distributions that support it + +* Mon Aug 27 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-3.2.cf +- use nss rather than openssl for Fedora 5, RHEL 5 onwards + +* Fri Aug 24 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-3.1.cf +- rebuild for BuildID inclusion + (http://fedoraproject.org/wiki/Releases/FeatureBuildId) + +* Fri Aug 10 2007 Jindrich Novy <jnovy@redhat.com> - 7.16.4-2 +- fix anonymous ftp login (#251570), thanks to David Cantrell + +* Wed Jul 11 2007 Paul Howarth <paul@city-fan.org> - 7.16.4-1.1.cf +- update to 7.16.4 + +* Mon Jun 25 2007 Paul Howarth <paul@city-fan.org> - 7.16.3-1.1.cf +- update to 7.16.3 +- remove print like crazy patch, no longer needed + +* Fri Jun 22 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-6.cf +- move docs/CONTRIBUTE to devel package + +* Mon Jun 18 2007 Jindrich Novy <jnovy@redhat.com> - 7.16.2-5 +- don't print like crazy (#236981), backported from upstream CVS + +* Fri Jun 1 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-2.cf +- package libcurl.m4 in curl-devel (#239664), thanks to Quy Tonthat + +* Thu Apr 12 2007 Paul Howarth <paul@city-fan.org> - 7.16.2-1.cf +- update to 7.16.2 +- update multilib and privlibs patches +- try to avoid spurious linker options for looking in standard libraries +- don't create/ship static libraries (#225671) +- honour %%{_smp_mflags} +- try to preserve timestamps where possible by using install -p + +* Thu Mar 22 2007 Paul Howarth <paul@city-fan.org> - 7.16.1-2.cf +- use versioned obsolete for compat-libcurl +- buildreq libidn-devel + +* Tue Jan 30 2007 Paul Howarth <paul@city-fan.org> - 7.16.1-1.cf +- update to 7.16.1 +- don't package generated makefiles for docs/examples to avoid + multilib conflicts +- update privlibs patch, not fully incorporated upstream +- remove redundant buildreq automake +- use system libtool to avoid bogus rpaths on x86_64 +- fix dist tag for Fedora 7 + +* Wed Nov 22 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-3.cf +- prevent curl from dlopen()ing missing ldap libraries so that ldap:// + requests work without needing openldap-devel at runtime (#215928) + +* Wed Nov 1 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-2.cf +- add Requires: pkgconfig for curl-devel +- move LDFLAGS and LIBS to Libs.private in libcurl.pc.in (#213278) +- fix multilib problem using pkg-config + +* Mon Oct 30 2006 Paul Howarth <paul@city-fan.org> - 7.16.0-1.cf +- update to 7.16.0 +- further dist tag tweaks for rawhide +- convert spec file to UTF8 + +* Thu Sep 14 2006 Paul Howarth <paul@city-fan.org> - 7.15.5-2.cf +- fix dist tag for development releases +- add buildreq zlib-devel + +* Mon Aug 7 2006 Paul Howarth <paul@city-fan.org> - 7.15.5-1.cf +- update to 7.15.5 +- define %%{__id_u} in a more portable way + +* Mon Jun 12 2006 Paul Howarth <paul@city-fan.org> - 7.15.4-1.cf +- update to 7.15.4 + +* Tue Mar 21 2006 Paul Howarth <paul@city-fan.org> - 7.15.3-2.cf +- fix multilib problem - #181290 - + curl-devel.i386 not installable together with curl-devel.x86-64 + +* Mon Mar 20 2006 Paul Howarth <paul@city-fan.org> - 7.15.3-1.cf +- update to 7.15.3 + +* Tue Feb 28 2006 Paul Howarth <paul@city-fan.org> - 7.15.2-1.cf +- update to 7.15.2 +- support building on CentOS + +* Wed Dec 7 2005 Paul Howarth <paul@city-fan.org> - 7.15.1-1.cf +- update to 7.15.1 +- remove buildroot unconditionally in %%clean and %%install +- simplify distribution detection +- include pkgconfig file in devel subpackage + +* Fri Oct 14 2005 Paul Howarth <paul@city-fan.org> - 7.15.0-1.cf +- compat package renamed to libcurlVERSION for forward compatibility when a new + soname is used in upstream curl, so that multiple versions of the libcurl + library can be installed in parallel +- don't use %%{_bindir} in command paths, use /usr/bin explicitly +- spec file cleanup + +* Mon Sep 5 2005 Paul Howarth <paul@city-fan.org> - 7.14.1-2.cf +- build fully distro-specific packages to avoid dependency issues + +* Fri Sep 2 2005 Paul Howarth <paul@city-fan.org> - 7.14.1-1.cf +- update to 7.14.1 + +* Wed Jul 27 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-3.cf +- different summary, group, and description in compat mode +- use the correct cert bundle location for FC4 +- use exclude in the file lists rather than deleting files from + the buildroot +- add explicit requirement for the CA bundle file +- license is MIT, not MPL + +* Thu Jun 30 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-2.cf +- enable building with dist tag if required: + e.g. $ rpmbuild --define "dist .fc4" ... + +* Tue May 17 2005 Paul Howarth <paul@city-fan.org> - 7.14.0-1.cf +- update to 7.14.0 + +* Wed Apr 6 2005 Paul Howarth <paul@city-fan.org> - 7.13.2-1.cf +- update to 7.13.2 +- remove SSL patch, included upstream + +* Sat Mar 5 2005 Paul Howarth <paul@city-fan.org> - 7.13.1-1.cf +- update to 7.13.1 +- add patch to fix SSL breakage +- modify install process to avoid need for path patch + +* Fri Feb 25 2005 Paul Howarth <paul@city-fan.org> - 7.13.0-2.cf +- fix for CAN-2005-0490 + +* Wed Feb 2 2005 Paul Howarth <paul@city-fan.org> - 7.13.0-1.cf +- update to 7.13.0 + +* Mon Jan 31 2005 Paul Howarth <paul@city-fan.org> - 7.12.3-2.cf +- add .cf repo tag +- remove INSTALL from docs +- enable GSSAPI auth (#129353) + +* Tue Dec 21 2004 Paul Howarth <paul@city-fan.org> - 7.12.3-1 +- update to 7.12.3 + +* Fri Nov 26 2004 Paul Howarth <paul@city-fan.org> - 7.12.2-2 +- add libidn-devel dependency to curl-devel + (http://www.redhat.com/archives/fedora-list/2004-November/msg07551.html) + +* Tue Oct 19 2004 Paul Howarth <paul@city-fan.org> - 7.12.2-1 +- update to 7.12.2 + +* Wed Oct 6 2004 Paul Howarth <paul@city-fan.org> - 7.12.1-2 +- include facility to build compat-libcurl package containing + only the library +- remove certaltname patch completely +- include COPYING +- general tidy-up of spec file + +* Wed Aug 11 2004 Paul Howarth <paul@city-fan.org> - 7.12.1-1 +- update to 7.12.1 + +* Thu Jun 03 2004 Paul Howarth <paul@city-fan.org> - 7.12.0-1 +- update to 7.12.0 + +* Tue Apr 27 2004 Paul Howarth <paul@city-fan.org> - 7.11.2-1 +- update to 7.11.2 +- remove parts of curl-7.10.6-certaltname.patch that fix + no-longer-applicable cosmetic issues and rename to + curl-7.11.2-certaltname.patch + +* Mon Mar 22 2004 Paul Howarth <paul@city-fan.org> - 7.11.1-1 +- update to 7.11.1 +- remove no-longer-applicable curl-7.10.4-nousr.patch + +* Fri Jan 23 2004 Paul Howarth <paul@city-fan.org> - 7.11.0-1 +- update to 7.11.0 + +* Wed Oct 15 2003 Adrian Havill <havill@redhat.com> - 7.10.6-7 +- aclocal before libtoolize +- move OpenLDAP license so it's present as a doc file, present in + both the source and binary as per conditions + +* Mon Oct 13 2003 Adrian Havill <havill@redhat.com> - 7.10.6-6 +- add OpenLDAP copyright notice for usage of code, add OpenLDAP + license for this code + +* Tue Oct 07 2003 Adrian Havill <havill@redhat.com> - 7.10.6-5 +- match serverAltName certs with SSL (#106168) + +* Tue Sep 16 2003 Adrian Havill <havill@redhat.com> - 7.10.6-4.1 +- bump n-v-r for RHEL + +* Tue Sep 16 2003 Adrian Havill <havill@redhat.com> - 7.10.6-4 +- restore ca cert bundle (#104400) +- require openssl, we want to use its ca-cert bundle + +* Sun Sep 7 2003 Joe Orton <jorton@redhat.com> - 7.10.6-3 +- rebuild + +* Fri Sep 5 2003 Joe Orton <jorton@redhat.com> - 7.10.6-2.2 +- fix to include libcurl.so + +* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> - 7.10.6-2.1 +- bump n-v-r for RHEL + +* Mon Aug 25 2003 Adrian Havill <havill@redhat.com> - 7.10.6-2 +- devel subpkg needs openssl-devel as a Require (#102963) + +* Mon Jul 28 2003 Adrian Havill <havill@redhat.com> - 7.10.6-1 +- bumped version + +* Tue Jul 01 2003 Adrian Havill <havill@redhat.com> - 7.10.5-1 +- bumped version + +* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> +- rebuilt + +* Sat Apr 12 2003 Florian La Roche <Florian.LaRoche@redhat.de> +- update to 7.10.4 +- adapt nousr patch + +* Wed Jan 22 2003 Tim Powers <timp@redhat.com> +- rebuilt + +* Tue Jan 21 2003 Joe Orton <jorton@redhat.com> - 7.9.8-4 +- don't add -L/usr/lib to 'curl-config --libs' output + +* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> - 7.9.8-3 +- rebuild + +* Wed Nov 6 2002 Joe Orton <jorton@redhat.com> - 7.9.8-2 +- fix `curl-config --libs` output for libdir!=/usr/lib +- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la +- libtoolize and reconf + +* Mon Jul 22 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.8-1 +- 7.9.8 (# 69473) + +* Fri Jun 21 2002 Tim Powers <timp@redhat.com> +- automated rebuild + +* Sun May 26 2002 Tim Powers <timp@redhat.com> +- automated rebuild + +* Thu May 16 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.7-1 +- 7.9.7 + +* Wed Apr 24 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.6-1 +- 7.9.6 + +* Thu Mar 21 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.5-2 +- Stop the curl-config script from printing -I/usr/include + and -L/usr/lib (#59497) + +* Fri Mar 8 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.5-1 +- 7.9.5 + +* Tue Feb 26 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.3-2 +- Rebuild + +* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> - 7.9.3-1 +- update to 7.9.3 + +* Wed Jan 09 2002 Tim Powers <timp@redhat.com> - 7.9.2-2 +- automated rebuild + +* Wed Jan 9 2002 Trond Eivind Glomsrød <teg@redhat.com> - 7.9.2-1 +- 7.9.2 + +* Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com> +- include curl-config in curl-devel +- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl + +* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com> +- added openssl-devel build req + +* Mon May 21 2001 Tim Powers <timp@redhat.com> +- built for the distro + +* Tue Apr 24 2001 Jeff Johnson <jbj@redhat.com> +- upgrade to curl-7.7.2. +- enable IPv6. + +* Fri Mar 2 2001 Tim Powers <timp@redhat.com> +- rebuilt against openssl-0.9.6-1 + +* Thu Jan 4 2001 Tim Powers <timp@redhat.com> +- fixed mising ldconfigs +- updated to 7.5.2, bug fixes + +* Mon Dec 11 2000 Tim Powers <timp@redhat.com> +- updated to 7.5.1 + +* Mon Nov 6 2000 Tim Powers <timp@redhat.com> +- update to 7.4.1 to fix bug #20337, problems with curl -c +- not using patch anymore, it's included in the new source. Keeping + for reference + +* Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix bogus req in -devel package + +* Fri Oct 20 2000 Tim Powers <timp@redhat.com> +- devel package needed defattr so that root owns the files + +* Mon Oct 16 2000 Nalin Dahyabhai <nalin@redhat.com> +- update to 7.3 +- apply vsprintf/vsnprintf patch from Colin Phipps via Debian + +* Mon Aug 21 2000 Nalin Dahyabhai <nalin@redhat.com> +- enable SSL support +- fix packager tag +- move buildroot to %%{_tmppath} + +* Tue Aug 1 2000 Tim Powers <timp@redhat.com> +- fixed vendor tag for bug #15028 + +* Mon Jul 24 2000 Prospector <prospector@redhat.com> +- rebuilt + +* Tue Jul 11 2000 Tim Powers <timp@redhat.com> +- workaround alpha build problems with optimizations + +* Mon Jul 10 2000 Tim Powers <timp@redhat.com> +- rebuilt + +* Mon Jun 5 2000 Tim Powers <timp@redhat.com> +- put man pages in correct place +- use %%makeinstall + +* Mon Apr 24 2000 Tim Powers <timp@redhat.com> +- updated to 6.5.2 + +* Wed Nov 3 1999 Tim Powers <timp@redhat.com> +- updated sources to 6.2 +- gzip man page + +* Mon Aug 30 1999 Tim Powers <timp@redhat.com> +- changed group + +* Thu Aug 26 1999 Tim Powers <timp@redhat.com> +- changelog started +- general cleanups, changed prefix to /usr, added manpage to files section +- including in Powertools diff --git a/libssh2/README.md b/libssh2/README.md new file mode 100644 index 0000000..1b842d1 --- /dev/null +++ b/libssh2/README.md @@ -0,0 +1,5 @@ +libssh2 upstream: +http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel7/source/libssh2-1.9.0-2.0.cf.rhel7.src.rpm + +reason for being in stackrpms: +needed to build FreeFileSync on EL derivatives because libcurl in distro is not as up-to-date as FreeFileSync upstream diff --git a/libssh2/libssh2-1.7.0-pkgconfig.patch b/libssh2/libssh2-1.7.0-pkgconfig.patch new file mode 100644 index 0000000..838c234 --- /dev/null +++ b/libssh2/libssh2-1.7.0-pkgconfig.patch @@ -0,0 +1,13 @@ +Remove libdir from pkg-config --libs output, as it's a standard place +on Fedora + +--- libssh2.pc.in ++++ libssh2.pc.in +@@ -12,6 +12,6 @@ URL: http://www.libssh2.org/ + Description: Library for SSH-based communication + Version: @LIBSSH2VER@ + Requires.private: @LIBSREQUIRED@ +-Libs: -L${libdir} -lssh2 @LIBS@ ++Libs: -lssh2 @LIBS@ + Libs.private: @LIBS@ + Cflags: -I${includedir} diff --git a/libssh2/libssh2.spec b/libssh2/libssh2.spec new file mode 100644 index 0000000..c983613 --- /dev/null +++ b/libssh2/libssh2.spec @@ -0,0 +1,802 @@ +# Detect the distribution in use +%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' +%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' +%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) +%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) +%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) +# Identify CentOS Linux and Scientific Linux as rhel +%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" +%global __distinit rhel +%endif +# Dist tag for Fedora is still "fc" +%if "%{__distinit}" == "f" +%global __distinit fc +%endif + +# Define %%{__isa_bits} for old releases +%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + +Name: libssh2 +Version: 1.9.0 +Release: 2.0.stack.%{__distinit}%{__distvers} +Summary: A library implementing the SSH2 protocol +License: BSD +URL: http://www.libssh2.org/ +# stackrpms: use https for copr build +Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz +Patch0: libssh2-1.7.0-pkgconfig.patch +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: openssl-devel > 1:1.0.1 +BuildRequires: pkgconfig +BuildRequires: sed +BuildRequires: zlib-devel +BuildRequires: /usr/bin/man +%if 0%{?fedora} > 20 || 0%{?rhel} > 7 +BuildRequires: hostname +%else +BuildRequires: /bin/hostname +%endif +# OpenSSH server used in test suite +BuildRequires: openssh-server +# Need a valid locale to run the mansyntax check +%if 0%{?fedora} > 23 || 0%{?rhel} > 7 +BuildRequires: glibc-langpack-en +%endif +# We use matchpathcon from libselinux-utils to get the correct SELinux context +# for the ssh server initialization script so that it can transition correctly +# in an SELinux environment +BuildRequires: libselinux-utils +BuildRequires: selinux-policy-targeted + +%description +libssh2 is a library implementing the SSH2 protocol as defined by +Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), +SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, +SECSH-DHGEX(04), and SECSH-NUMBERS(10). + +%package devel +Summary: Development files for libssh2 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The libssh2-devel package contains libraries and header files for +developing applications that use libssh2. + +%package docs +Summary: Documentation for libssh2 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description docs +The libssh2-docs package contains man pages and examples for +developing applications that use libssh2. + +%prep +%setup -q + +# Replace hard wired port number in the test suite to avoid collisions +# between 32-bit and 64-bit builds running on a single build-host +sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} + +# Fix pkg-config --libs output (#1279966) +%patch0 + +# Make sshd transition appropriately if building in an SELinux environment +chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : +chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : +chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || : + +%build +export CPPFLAGS="$(pkg-config --cflags openssl)" +%configure --disable-silent-rules --disable-static --enable-shared +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -delete + +# clean things up a bit for packaging +make -C example clean +rm -rf example/.deps +find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete + +# avoid multilib conflict on libssh2-devel +mv -v example example.%{_arch} + +%check +echo "Running tests for %{_arch}" +# The SSH test will fail if we don't have /dev/tty, as is the case in some +# versions of mock (#672713) +if [ ! -c /dev/tty ]; then + echo Skipping SSH test due to missing /dev/tty + echo "exit 0" > tests/ssh2.sh +fi +# Apparently it fails in the sparc and arm buildsystems too +%ifarch %{sparc} %{arm} +echo Skipping SSH test on sparc/arm +echo "exit 0" > tests/ssh2.sh +%endif +# mansyntax check fails on PPC* and aarch64 with some strange locale error +%ifarch ppc %{power64} aarch64 +echo "Skipping mansyntax test on PPC* and aarch64" +echo "exit 0" > tests/mansyntax.sh +%endif +# stackrpms: disable tests for copr build +#LC_ALL=en_US.UTF-8 make -C tests check + +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 27) +# ldconfig replaced by RPM File Triggers from Fedora 28 +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%endif + +%files +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%doc docs/AUTHORS ChangeLog README RELEASE-NOTES +%{_libdir}/libssh2.so.1 +%{_libdir}/libssh2.so.1.* + +%files docs +%doc docs/BINDINGS docs/HACKING docs/TODO NEWS +%{_mandir}/man3/libssh2_*.3* + +%files devel +%doc example.%{_arch}/ +%{_includedir}/libssh2.h +%{_includedir}/libssh2_publickey.h +%{_includedir}/libssh2_sftp.h +%{_libdir}/libssh2.so +%{_libdir}/pkgconfig/libssh2.pc + +%changelog +* Tue Sep 17 2019 Ben Stack <bgstack15@gmail.com> - 1.9.0-2.0.stack +- Disable tests so it will build in copr + +* Fri Jul 26 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1.0.cf +- Update to 1.9.0 + - Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115) + - Adds ECDSA keys and host key support when using OpenSSL + - Adds ED25519 key and host key support when using OpenSSL 1.1.1 + - Adds OpenSSH style key file reading + - Adds AES CTR mode support when using WinCNG + - Adds PEM passphrase protected file support for libgcrypt and WinCNG + - Adds SHA256 hostkey fingerprint + - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() + - Adds explicit zeroing of sensitive data in memory + - Adds additional bounds checks to network buffer reads + - Adds the ability to use the server default permissions when creating sftp directories + - Adds support for building with OpenSSL no engine flag + - Adds support for building with LibreSSL + - Increased sftp packet size to 256k + - Fixed oversized packet handling in sftp + - Fixed building with OpenSSL 1.1 + - Fixed a possible crash if sftp stat gets an unexpected response + - Fixed incorrect parsing of the KEX preference string value + - Fixed conditional RSA and AES-CTR support + - Fixed a small memory leak during the key exchange process + - Fixed a possible memory leak of the ssh banner string + - Fixed various small memory leaks in the backends + - Fixed possible out of bounds read when parsing public keys from the server + - Fixed possible out of bounds read when parsing invalid PEM files + - No longer null terminates the scp remote exec command + - Now handle errors when Diffie Hellman key pair generation fails + - Fixed compiling on Windows with the flag STDCALL=ON + - Improved building instructions + - Improved unit tests +- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed + +* Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1.0.cf +- Update to 1.8.2 + - Fixed the misapplied userauth patch that broke 1.8.1 + - Moved the MAX size declarations from the public header + +* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1.0.cf +- Update to 1.8.1 + - Fixed possible integer overflow when reading a specially crafted packet + (CVE-2019-3855) + - Fixed possible integer overflow in userauth_keyboard_interactive with a + number of extremely long prompt strings (CVE-2019-3863) + - Fixed possible integer overflow if the server sent an extremely large + number of keyboard prompts (CVE-2019-3856) + - Fixed possible out of bounds read when processing a specially crafted + packet (CVE-2019-3861) + - Fixed possible integer overflow when receiving a specially crafted exit + signal message channel packet (CVE-2019-3857) + - Fixed possible out of bounds read when receiving a specially crafted exit + status message channel packet (CVE-2019-3862) + - Fixed possible zero byte allocation when reading a specially crafted SFTP + packet (CVE-2019-3858) + - Fixed possible out of bounds reads when processing specially crafted SFTP + packets (CVE-2019-3860) + - Fixed possible out of bounds reads in _libssh2_packet_require(v) + (CVE-2019-3859) +- Fix mis-applied patch in the fix of CVE-2019-3859 + - https://github.com/libssh2/libssh2/issues/325 + - https://github.com/libssh2/libssh2/pull/327 + +* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10.0.cf +- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky + locale settings in mock builders + +* Fri Jul 13 2018 Paul Howarth <paul@city-fan.org> - 1.8.0-8.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 14 2018 Paul Howarth <paul@city-fan.org> - 1.8.0-7.0.cf +- ldconfig replaced by RPM File Triggers from Fedora 28 + +* Tue Sep 12 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-5.0.cf +- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) +- Make devel package dependency on main package arch-specific + +* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-3.0.cf +- Drop support for EOL distributions prior to F-13 + - Drop BuildRoot: and Group: tags + - Drop explicit buildroot cleaning in %%install section + - Drop explicit %%clean section + - noarch sub-packages always available now + - libselinux-utils always available now + +* Sat Feb 11 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1.0.cf +- Update to 1.8.0 + - Added a basic dockerised test suite + - crypto: Add support for the mbedTLS backend + - libgcrypt: Fixed a NULL pointer dereference on OOM + - VMS: Can't use %%zd for off_t format + - VMS: Update vms/libssh2_config.h + - Windows: Link with crypt32.lib + - libssh2_channel_open: Speeling error fixed in channel error message + - msvc: Fixed 14 compilation warnings + - tests: HAVE_NETINET_IN_H was not defined correctly + - openssl: Add OpenSSL 1.1.0 compatibility + - cmake: Add CLEAR_MEMORY option, analogously to that for autoconf + - configure: Make the --with-* options override the OpenSSL default + - libssh2_wait_socket: Set err_msg on errors + - libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds + +* Thu Oct 20 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-7.0.cf +- Make curl test suite work again with valgrind enabled + +* Wed Oct 12 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-6.0.cf +- Include upstream fix for OpenSSL 1.1.0 compatibility + +* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5.0.cf +- Move large NEWS file to docs package +- Use -delete with find + +* Wed Feb 24 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-3.0.cf +- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) +- Drop UTF-8 patch, which breaks things rather than fixes them + +* Tue Feb 23 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-1.0.cf +- Update to 1.7.0 + - diffie_hellman_sha256: convert bytes to bits (CVE-2016-0787); see + http://www.libssh2.org/adv_20160223.html + - libssh2_session_set_last_error: Add function + - mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 + - WinCNG: support for SHA256/512 HMAC + - kex: Added diffie-hellman-group-exchange-sha256 support + - OS/400 crypto library QC3 support + - SFTP: Increase speed and datasize in SFTP read + - openssl: Make libssh2_sha1 return error code + - openssl: Fix memleak in _libssh2_dsa_sha1_verify() + - cmake: Include CMake files in the release tarballs + - Fix builds with Visual Studio 2015 + - hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined + - GNUmakefile: Add support for LIBSSH2_LDFLAG_EXTRAS + - GNUmakefile: Add -m64 CFLAGS when targeting mingw64 + - kex: free server host key before allocating it (again) + - SCP: Add libssh2_scp_recv2 to support large (> 2GB) files on windows + - channel: Detect bad usage of libssh2_channel_process_startup + - userauth: Fix off by one error when reading public key file + - kex: Removed dupe entry from libssh2_kex_methods + - _libssh2_error: Support allocating the error message + - hostkey: Fix invalid memory access if libssh2_dsa_new fails + - hostkey: Align code path of ssh_rsa_init to ssh_dss_init + - libssh2.pc.in: Fix the output of pkg-config --libs + - wincng: Fixed possible memory leak in _libssh2_wincng_hash + - wincng: Fixed _libssh2_wincng_hash_final return value + - Add OpenSSL 1.1.0-pre2 compatibility + - agent_disconnect_unix: Unset the agent fd after closing it + - sftp: Stop reading when buffer is full + - sftp: Send at least one read request before reading + - sftp: Don't return EAGAIN if data was written to buffer + - sftp: Check read packet file offset + - configure: build "silent" if possible + - openssl: Add OpenSSL 1.1.0-pre3-dev compatibility + - GNUmakefile: List system libs after user libs +- Update pkgconfig patch + +* Thu Feb 4 2016 Paul Howarth <paul@city-fan.org> - 1.6.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-3.0.cf +- Fix pkg-config --libs output (#1279966) + +* Thu Jun 18 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Jun 14 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-1.0.cf +- Update to 1.6.0 + - Added CMake build system + - Added libssh2_userauth_publickey_frommemory() + - wait_socket: Wrong use of difftime() + - userauth: Fixed prompt text no longer being copied to the prompt's struct + - mingw build: Allow to pass custom CFLAGS + - Let mansyntax.sh work regardless of where it is called from + - Init HMAC_CTX before using it + - direct_tcpip: Fixed channel write + - WinCNG: Fixed backend breakage + - OpenSSL: Fix bug caused by introducing libssh2_hmac_ctx_init + - userauth.c: Fix possible dereferences of a null pointer + - wincng: Added explicit clear memory feature to WinCNG backend + - openssl.c: Fix possible segfault in case EVP_DigestInit fails + - wincng: Fix return code of libssh2_md5_init() + - kex: Do not ignore failure of libssh2_sha1_init() + - scp: Fix that scp_send may transmit uninitialized memory + - scp.c: Improved command length calculation + - nonblocking examples: Fix warning about unused tvdiff on Mac OS X + - configure: Make clear-memory default but WARN if backend unsupported + - OpenSSL: Enable use of OpenSSL that doesn't have DSA + - OpenSSL: Use correct no-blowfish #define + - kex: Fix libgcrypt memory leaks of bignum + - libssh2_channel_open: More detailed error message + - wincng: Fixed memleak in (block) cipher destructor + +* Wed Mar 11 2015 Paul Howarth <paul@city-fan.org> - 1.5.0-1.0.cf +- Update to 1.5.0 + - Added Windows Cryptography API: Next Generation based backend + - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded + - Missing _libssh2_error in _libssh2_channel_write + - knownhost: Fix DSS keys being detected as unknown + - knownhost: Restore behaviour of 'libssh2_knownhost_writeline' with short + buffer + - libssh2.h: On Windows, a socket is of type SOCKET, not int + - libssh2_priv.h: A 1 bit bit-field should be unsigned + - Windows build: Do not export externals from static library + - Fixed two potential use-after-frees of the payload buffer + - Fixed a few memory leaks in error paths + - userauth: Fixed an attempt to free from stack on error + - agent_list_identities: Fixed memory leak on OOM + - knownhosts: Abort if the hosts buffer is too small + - sftp_close_handle: Ensure the handle is always closed + - channel_close: Close the channel even in the case of errors + - Docs: Added missing libssh2_session_handshake.3 file + - Docs: Fixed a bunch of typos + - userauth_password: Pass on the underlying error code + - _libssh2_channel_forward_cancel: Accessed struct after free + - _libssh2_packet_add: Avoid using uninitialized memory + - _libssh2_channel_forward_cancel: Avoid memory leaks on error + - _libssh2_channel_write: Client spins on write when window full + - Windows build: Fix build errors + - publickey_packet_receive: Avoid junk in returned pointers + - channel_receive_window_adjust: Store windows size always + - userauth_hostbased_fromfile: Zero assign to avoid uninitialized use + - configure: Change LIBS not LDFLAGS when checking for libs + - agent_connect_unix: Make sure there's a trailing zero + - MinGW build: Fixed redefine warnings + - sftpdir.c: Added authentication method detection + - Watcom build: Added support for WinCNG build + - configure.ac: Replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + - sftp_statvfs: Fix for servers not supporting statfvs extension + - knownhost.c: Use LIBSSH2_FREE macro instead of free + - Fixed compilation using mingw-w64 + - knownhost.c: Fixed that 'key_type_len' may be used uninitialized + - configure: Display individual crypto backends on separate lines + - Examples on Windows: Check for WSAStartup return code + - Examples on Windows: Check for socket return code + - agent.c: Check return code of MapViewOfFile + - kex.c: Fix possible NULL pointer de-reference with session->kex + - packet.c: Fix possible NULL pointer de-reference within listen_state + - Tests on Windows: Check for WSAStartup return code + - userauth.c: Improve readability and clarity of for-loops + - Examples on Windows: Use native SOCKET-type instead of int + - packet.c: i < 256 was always true and i would overflow to 0 + - kex.c: Make sure mlist is not set to NULL + - session.c: Check return value of session_nonblock in debug mode + - session.c: Check return value of session_nonblock during startup + - userauth.c: Make sure that sp_len is positive and avoid overflows + - knownhost.c: Fix use of uninitialized argument variable wrote + - openssl: Initialise the digest context before calling EVP_DigestInit() + - libssh2_agent_init: Init ->fd to LIBSSH2_INVALID_SOCKET + - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib + - configure.ac: Rework crypto library detection + - configure.ac: Reorder --with-* options in --help output + - configure.ac: Call zlib zlib and not libz in text but keep option names + - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro + - sftp: seek: Don't flush buffers on same offset + - sftp: statvfs: Along error path, reset the correct 'state' variable + - sftp: Add support for fsync (OpenSSH extension) + - _libssh2_channel_read: Fix data drop when out of window + - comp_method_zlib_decomp: Improve buffer growing algorithm + - _libssh2_channel_read: Honour window_size_initial + - window_size: Redid window handling for flow control reasons + - knownhosts: Handle unknown key types + +* Fri Oct 10 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-16.0.cf +- Prevent a not-connected agent from closing STDIN (#1147717) + +* Sun Aug 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-15.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jul 19 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-14.0.cf +- Use %%license where possible + +* Sun Jun 8 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-13.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 30 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-12.0.cf +- Fix curl's excessive memory consumption during scp download +- BR: hostname package rather than /bin/hostname from F-21 as the latter is no + longer provided in rawhide +- Drop %%defattr, redundant since rpm 4.4 + +* Mon Feb 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-11.0.cf +- Skip the manpage syntax check on ppc* and aarch64 as there are wierd locale + issues in their buildroots + +* Wed Aug 14 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-8.0.cf +- Fix very slow sftp upload to localhost +- Fix a use after free in channel.c + +* Sat Aug 3 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-7.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 9 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-6.0.cf +- Add three patches from upstream git required for qemu ssh block driver + +* Wed Apr 3 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-4.0.cf +- Avoid polluting libssh2.pc with linker options (#947813) + +* Tue Mar 26 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-3.0.cf +- Avoid collisions between 32-bit and 64-bit builds running on a single + build-host + +* Thu Feb 14 2013 Paul Howarth <paul@city-fan.org> - 1.4.3-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 28 2012 Paul Howarth <paul@city-fan.org> - 1.4.3-1.0.cf +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + +* Wed Nov 7 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-4.0.cf +- examples: use stderr for messages, stdout for data (upstream commit b31e35ab) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) + +* Mon Oct 1 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-3.0.cf +- Fix basic functionality of libssh2 in FIPS mode + +* Thu Jul 19 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun May 20 2012 Paul Howarth <paul@city-fan.org> - 1.4.2-1.0.cf +- Update to 1.4.2 + - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + - userauth.c: fread() from public key file to correctly detect any errors + - configure.ac: add option to disable build of the example applications + - added 'Requires.private:' line to libssh2.pc + - SFTP: filter off incoming "zombie" responses + - gettimeofday: no need for a replacement under cygwin + - SSH_MSG_CHANNEL_REQUEST: default to want_reply + - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB + +* Fri Apr 27 2012 Paul Howarth <paul@city-fan.org> - 1.4.1-2.0.cf +- Fix multi-arch conflict again (#816969) + +* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> - 1.4.1-1.0.cf +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + +* Mon Mar 19 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-4.0.cf +- Don't ignore transport errors when writing to channel (#804150) + +* Sun Mar 18 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-3.0.cf +- Don't try to use openssl's AES-CTR functions + (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) + +* Fri Mar 16 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-2.0.cf +- Fix libssh2 failing key re-exchange when write channel is saturated (#804156) +- Drop support for distributions prior to FC-3: + - BR: openssh-server unconditionally + +* Wed Feb 1 2012 Paul Howarth <paul@city-fan.org> - 1.4.0-1.0.cf +- Update to 1.4.0 + - Added libssh2_session_supported_algs() + - Added libssh2_session_banner_get() + - Added libssh2_sftp_get_channel() + - libssh2.h: bump the default window size to 256K + - sftp-seek: clear EOF flag + - userauth: provide more informations if ssh pub key extraction fails + - ssh2_exec: skip error outputs for EAGAIN + - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 + - knownhost_check(): don't dereference ext if NULL is passed + - knownhost_add: avoid dereferencing uninitialized memory on error path + - OpenSSL EVP: fix threaded use of structs + - _libssh2_channel_read: react on errors from receive_window_adjust + - sftp_read: cap the read ahead maximum amount + - _libssh2_channel_read: fix non-blocking window adjusting +- Add upstream patch fixing undefined function reference in libgcrypt backend +- BR: /usr/bin/man for test suite + +* Mon Jan 16 2012 Paul Howarth <paul@city-fan.org> - 1.3.0-4.0.cf +- Skip the ssh test on sparc and arm buildsystems, where it tends to fail + +* Fri Jan 13 2012 Paul Howarth <paul@city-fan.org> - 1.3.0-3.0.cf +- Example includes arch-specific bits, so move to devel package + +* Wed Sep 7 2011 Paul Howarth <paul@city-fan.org> - 1.3.0-1.0.cf +- Update to 1.3.0 + - Added custom callbacks for performing low level socket I/O + - sftp_read: advance offset correctly for buffered copies + - libssh2_sftp_seek64: flush packetlist and buffered data + - _libssh2_packet_add: adjust window size when truncating + - sftp_read: a short read is not end of file + +* Tue Aug 16 2011 Paul Howarth <paul@city-fan.org> - 1.2.9-1.0.cf +- Update to 1.2.9 + - Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to + make blocking calls get a timeout + - configure and pkg-config: fix $VERSION + - s/\.NF/.nf/ to fix wrong macro name caught by man --warnings + - keepalive: add first basic man pages + - sftp_write: flush the packetlist on error + - sftp_write: clean offsets on error + - msvcproj: added libs and debug stuff + - SCP: fix incorrect error code + - session_startup: init state properly + - sftp_write_sliding: send the complete file + - userauth_keyboard_interactive: skip code on zero length auth + - _libssh2_wait_socket: fix timeouts for poll() uses + - agent_list_identities: fix out of scope access + - _libssh2_recv(): handle ENOENT error as EAGAIN + - userauth_keyboard_interactive: fix buffer overflow + - removed man pages for non-existing functions! + - gettimeofday: fix name space pollution + - _libssh2_channel_write: handle window_size == 0 better +- Drop upstreamed version patch +- Use patch rather than scripted iconv to fix character encoding +- Fix dist tag for CentOS 6 and Scientific Linux + +* Wed Apr 6 2011 Paul Howarth <paul@city-fan.org> - 1.2.8-1.0.cf +- Update to 1.2.8 + - Added libssh2_free, libssh2_channel_get_exit_signal and + libssh2_session_handshake + - SFTP read/write remade and now MUCH faster, especially on high latency + connections + - Added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c + - userauth: derive publickey from private + - Support unlimited number of host names in a single line of the + known_hosts file + - Fix memory leak in userauth_keyboard_interactive() + - Fix memory leaks (two times cipher_data) for each sftp session + - session_startup: manage server data before server identification + - SCP: allow file names with bytes > 126 + - scp_recv: improved treatment of channel_read() returning zero + - libssh2_userauth_authenticated: make it work as documented + - variable size cleanup: match internal variable sizes better with the sizes + of the fields used on the wire + - channel_request_pty_size: fix reqPTY_state + - sftp_symlink: return error if receive buffer too small + - sftp_readdir: return error if buffer is too small + - libssh2_knownhost_readfile.3: clarify return value + - configure: stop using the deprecated AM_INIT_AUTOMAKE syntax + - Fixed Win32 makefile which was now broken at resource build + - kex_agree_hostkey: fix NULL pointer derefence + - _libssh2_ntohu64: fix conversion from network bytes to uint64 + - ssize_t: proper typedef with MSVC compilers + - zlib: Add debug tracing of zlib errors + - decomp: increase decompression buffer sizes +- Skip the SSH test if we don't have /dev/tty (#672713) +- Nobody else likes macros for commands + +* Wed Oct 13 2010 Paul Howarth <paul@city-fan.org> - 1.2.7-1.1.cf +- Improve support for running tests with SELinux in enforcing mode +- Avoid multilib conflict on libssh2-docs + +* Wed Aug 18 2010 Paul Howarth <paul@city-fan.org> - 1.2.7-1.0.cf +- Update to 1.2.7 + - Better handling of invalid key files + - inputchecks: make lots of API functions check for NULL pointers + - libssh2_session_callback_set: extended the man page + - SFTP: limit write() to not produce overly large packets + - agent: make libssh2_agent_userauth() work blocking properly + - _libssh2_userauth_publickey: reject method names longer than the data + - channel_free: ignore problems with channel_close() + - typedef: make ssize_t get typedef without LIBSSH2_WIN32 + - _libssh2_wait_socket: poll needs milliseconds + - libssh2_wait_socket: reset error code to "leak" EAGAIN less + - Added include for sys/select.h to get fd.set on some platforms + - session_free: free more data to avoid memory leaks + - openssl: make use of the EVP interface + - Make libssh2_debug() create a correctly terminated string + - userauth_hostbased_fromfile: packet length too short + - handshake: Compression enabled at the wrong time + - Don't overflow MD5 server hostkey + +* Thu Jun 10 2010 Paul Howarth <paul@city-fan.org> - 1.2.6-1.0.cf +- Update to 1.2.6 + - Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() + - Added libssh2_knownhost_checkp() + - Added libssh2_scp_send64() + - wait_socket made c89 compliant and use two fd_sets for select() + - OpenSSL AES-128-CTR detection fixed + - Proper keyboard-interactive user dialog in the sftp.c example + - Fixed Build procedure for VMS + - Fixed libssh2.dsw to use the generated libssh2.dsp + - Several Windows-related build fixes + - Fixed fail to init SFTP if session isn't already authenticated + - Many tiny fixes that address clang-analyzer warnings + - sftp_open: deal with short channel_write calls + - libssh2_publickey_init: fixed to work better non-blocking + - sftp_close_handle: add precation to not access NULL pointer + - sftp_readdir: simplified and bugfixed + - channel_write: if data has been sent, don't return EAGAIN +- Drop upstreamed AES-CTR detection patch + +* Tue Jun 8 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-3.1.cf +- RHEL-6 has noarch subpackages, so use one for docs + +* Tue May 25 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-3.0.cf +- Fix dist tag for RHEL-6 Beta + +* Wed Apr 28 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-2.0.cf +- Add buildreq openssh-server to enable additional test coverage +- Make sshd transition appropriately if building in an SELinux environment + (a mock buildroot is not such an environment) +- Add buildreq /usr/sbin/matchpathcon to get appropriate SELinux context + +* Wed Apr 14 2010 Paul Howarth <paul@city-fan.org> - 1.2.5-1.0.cf +- Update to 1.2.5 + - Add keep-alive support: libssh2_keepalive_config()/libssh2_keepalive_send() + - Add libssh2_knownhost_addc(), libssh2_init() and libssh2_exit() + - Add LIBSSH2_SFTP_S_IS***() macros + - Fix memory leak in libssh2_session_startup() + - Add missing error codes - shown as hangs in blocking mode + - Fix memory leak in userauth_keyboard_interactive() + - libssh2_knownhost_del: fix write to freed memory + - Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE + - Use AES-CTR from OpenSSL when available + - Fixed gettimeofday to compile with Visual C++ 6 + - NULL dereference when window adjusting a non-existing channel + - Avoid using poll on interix and mac os x systems + - Fix scp memory leak + - Correctly clear blocking flag after sending multipart packet + - Reduce used window sizes by factor 10 + - libssh2_userauth_publickey_fromfile_ex() handles a NULL password + - sftp_init() deal with _libssh2_channel_write() short returns +- Add patch to fix AES-CTR detection +- Add buildreq /bin/hostname for build host detection + +* Mon Feb 15 2010 Paul Howarth <paul@city-fan.org> - 1.2.4-1.0.cf +- Update to 1.2.4 + - Resolve compile issues on Solaris x64 and UltraSPARC + - Allow compiling with OpenSSL when AES isn't available + - Fix Tru64 socklen_t compile issue with example/direct_tcpip.c + +* Wed Feb 3 2010 Paul Howarth <paul@city-fan.org> - 1.2.3-1.0.cf +- Update to 1.2.3 + - Add libssh2_trace_sethandler() + - Add the direct_tcpip.c example + - Fix memory leak in userauth_publickey + - Add support for authentication via SSH-Agent + - Fix OpenSSH server keepalive (see NEWS) +- Drop padding patch + +* Fri Jan 22 2010 Paul Howarth <paul@city-fan.org> - 1.2.2-5.0.cf +- Rename padding patch as per Fedora package +- sshd tests intentionally avoided (by not having openssh-server buildreq) + because they appear to hang in the buildsystem + +* Thu Dec 24 2009 Paul Howarth <paul@city-fan.org> - 1.2.2-2.0.cf +- Fix padding in ssh-dss signature blob encoding (#539444) + +* Tue Nov 17 2009 Paul Howarth <paul@city-fan.org> - 1.2.2-1.0.cf +- Update to 1.2.2 + - fix crash when server sends an invalid SSH_MSG_IGNORE message + - support for aes128-ctr, aes192-ctr, aes256-ctr ciphers as per RFC 4344 + - support for arcfour128 cipher as per RFC 4345 +- Dist tag for Rawhide no longer needs special-casing +- Make docs package noarch where possible + +* Wed Sep 30 2009 Paul Howarth <paul@city-fan.org> - 1.2.1-1.0.cf +- Update to 1.2.1 (many bugfixes - see NEWS) +- Drop upstreamed transport layer patch +- Devel package now includes a pkgconfig file (and requires pkgconfig) +- Don't redundantly include COPYING in docs and devel packages + +* Wed Sep 23 2009 Paul Howarth <paul@city-fan.org> - 1.2-2.0.cf +- Update to 1.2 (see RELEASE-NOTES for details) +- Upstream source moved to libssh2.org +- Add upstream patch to fix transport layer bug causing invalid -39 + (LIBSSH2_ERROR_BAD_USE) errors + +* Thu Apr 2 2009 Paul Howarth <paul@city-fan.org> - 1.1-1.0.cf +- Update to 1.1 (fixes memory leak and boosts sftp performance) + +* Mon Jan 26 2009 Paul Howarth <paul@city-fan.org> - 1.0-1.0.cf +- Update to 1.0 +- Help the configure script find openssl by setting CPPFLAGS + +* Fri Aug 1 2008 Paul Howarth <paul@city-fan.org> - 0.18-9.0.cf +- Tweak dist tag macros to work on current Rawhide with three-part releasenum + +* Fri Jul 4 2008 Paul Howarth <paul@city-fan.org> - 0.18-7.0.cf +- Import from Fedora +- Fix find syntax +- Add buildreq pkgconfig, missing dep from openssl-devel in older distributions + +* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.18-7 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-6 +- rebuild for new openssl... + +* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-5 +- bump + +* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-4 +- add INSTALL arg to make install vs env. var + +* Mon Nov 26 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-3 +- run tests; don't package test + +* Sun Nov 18 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-2 +- split docs into -docs (they seemed... large.) + +* Tue Nov 13 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-1 +- update to 0.18 + +* Sun Oct 14 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.17-1 +- update to 0.17 +- many spec file changes + +* Wed May 23 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.2.20070506 +- Fix release tag +- Move manpages to -devel package +- Add Examples dir to -devel package + +* Sun May 06 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.20070506.1 +- Initial build |