• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Changelog
8
9Version 7.73.0 (14 Oct 2020)
10
11Daniel Stenberg (14 Oct 2020)
12- RELEASE-NOTES: synced
13
14  for 7.73.0
15
16- THANKS: from 7.73.0 and .mailmap fixes
17
18- mailmap: fixups of some contributors
19
20- projects/build-wolfssl.bat: fix the copyright year range
21
22Marc Hoersken (14 Oct 2020)
23- [Sergei Nikulov brought this change]
24
25  CI/tests: fix invocation of tests for CMake builds
26
27  Update appveyor.yml to set env variable TFLAGS and run tests
28  Remove curly braces due to CMake error (${TFLAGS} -> $TFLAGS)
29  Move testdeps build to build step (per review comments)
30
31  Reviewed-by: Marc Hörsken
32
33  Closes #6066
34  Fixes #6052
35
36- tests/server/util.c: fix support for Windows Unicode builds
37
38  Detected via #6066
39  Closes #6070
40
41Daniel Stenberg (13 Oct 2020)
42- [Jay Satiro brought this change]
43
44  strerror: Revert to local codepage for Windows error string
45
46  - Change get_winapi_error() to return the error string in the local
47    codepage instead of UTF-8 encoding.
48
49  Two weeks ago bed5f84 fixed get_winapi_error() to work on xbox, but it
50  also changed the error string's encoding from local codepage to UTF-8.
51
52  We return the local codepage version of the error string because if it
53  is output to the user's terminal it will likely be with functions which
54  expect the local codepage (eg fprintf, failf, infof).
55
56  This is essentially a partial revert of bed5f84. The support for xbox
57  remains but the error string is reverted back to local codepage.
58
59  Ref: https://github.com/curl/curl/pull/6005
60
61  Reviewed-by: Marcel Raad
62  Closes #6065
63
64Marc Hoersken (13 Oct 2020)
65- CI/tests: use verification curl for test reporting APIs
66
67  Avoid using our own, potentially installed, curl for
68  the test reporting APIs in case it is broken.
69
70  Reviewed-by: Daniel Stenberg
71
72  Preparation for #6049
73  Closes #6063
74
75Viktor Szakats (12 Oct 2020)
76- windows: fix comparison of mismatched types warning
77
78  clang 10, mingw-w64:
79  ```
80  vtls/openssl.c:2917:33: warning: comparison of integers of different signs: 'DWORD' (aka 'unsigned long') and 'HRESULT' (aka 'long')
81        [-Wsign-compare]
82                if(GetLastError() != CRYPT_E_NOT_FOUND)
83                   ~~~~~~~~~~~~~~ ^  ~~~~~~~~~~~~~~~~~
84  ```
85
86  Approved-by: Daniel Stenberg
87  Closes #6062
88
89Daniel Stenberg (11 Oct 2020)
90- [Viktor Szakats brought this change]
91
92  src/Makefile.m32: fix undefined curlx_dyn_* errors
93
94  by linking `lib/dynbuf.c` when building a static curl binary.
95  Previously this source file was only included when building
96  a dynamic curl binary. This was likely possibly because no
97  functions from the `src/Makefile.inc` / `CURLX_CFILES` sources
98  were actually required for a curl tool build. This has
99  recently changed with the introduction of `curlx_dyn_*()`
100  memory functions and their use by the tool sources.
101
102  Closes #6060
103
104- HISTORY: curl verifies SSL certs by default since version 7.10
105
106Marc Hoersken (8 Oct 2020)
107- runtests.pl: use $LIBDIR variable instead of hardcoded path
108
109  Reviewed-by: Daniel Stenberg
110  Closes #6051
111
112Daniel Stenberg (7 Oct 2020)
113- checksrc: detect // comments on column 0
114
115  Spotted while working on #6045
116
117  Closes #6048
118
119- [Frederik Wedel-Heinen brought this change]
120
121  mbedtls: add missing header when defining MBEDTLS_DEBUG
122
123  Closes #6045
124
125- curl: make sure setopt CURLOPT_IPRESOLVE passes on a long
126
127  Previously, it would pass on a define (int) which could make libcurl
128  read junk as a value - which prevented the CURLOPT_IPRESOLVE option to
129  "take". This could then make test 2100 do two DoH requests instead of
130  one!
131
132  Fixes #6042
133  Closes #6043
134
135- RELEASE-NOTES: synced
136
137- scripts/release-notes.pl: don't "embed" $ in format string for printf()
138
139  ... since they might contain %-codes that mess up the output!
140
141Jay Satiro (5 Oct 2020)
142- [M.R.T brought this change]
143
144  build-wolfssl: fix build with Visual Studio 2019
145
146  Closes https://github.com/curl/curl/pull/6033
147
148Daniel Stenberg (4 Oct 2020)
149- runtests: add %repeat[]% for test files
150
151  ... and use this new keywords in all the test files larger than 50K to reduce
152  their sizes and make them a lot easier to read and understand.
153
154  Closes #6040
155
156- [Emil Engler brought this change]
157
158  --help: move two options from the misc category
159
160  The cmdline opts delegation and suppress-connect-headers
161  fit better into auth and proxy rather than misc.
162
163  Follow-up to aa8777f63febc
164  Closes #6038
165
166- [Samanta Navarro brought this change]
167
168  docs/opts: fix typos in two manual pages
169
170  Closes #6039
171
172- ldap: reduce the amount of #ifdefs needed
173
174  Closes #6035
175
176- runtests: provide curl's version string as %VERSION for tests
177
178  ... so that we can check HTTP requests for User-Agent: curl/%VERSION
179
180  Update 600+ test cases accordingly.
181
182  Closes #6037
183
184- checksrc: warn on space after exclamation mark
185
186  Closes #6034
187
188- test1465: verify --libcurl with binary POST data
189
190- runtests: allow generating a binary sequence from hex
191
192- tool_setopt: escape binary data to hex, not octal
193
194- curl: make --libcurl show binary posts correctly
195
196  Reported-by: Stephan Mühlstrasser
197  Fixes #6031
198  Closes #6032
199
200Jay Satiro (1 Oct 2020)
201- strerror: fix null deref on winapi out-of-memory
202
203  Follow-up to bed5f84 from several days ago.
204
205  Ref: https://github.com/curl/curl/pull/6005
206
207Daniel Stenberg (1 Oct 2020)
208- [Kamil Dudka brought this change]
209
210  vtls: deduplicate some DISABLE_PROXY ifdefs
211
212  ... in the code of gtls, nss, and openssl
213
214  Closes #5735
215
216- RELEASE-NOTES: synced
217
218- [Emil Engler brought this change]
219
220  TODO: Add OpenBSD libtool notice
221
222  See #5862
223  Closes #6030
224
225- tests/unit/README: convert to markdown
226
227  ... and add to dist!
228
229  Closes #6028
230
231- tests/README: convert to markdown
232
233  Closes #6028
234
235- include/README: convert to markdown
236
237  Closes #6028
238
239- examples/README: convert to markdown
240
241  Closes #6028
242
243- configure: don't say HTTPS-proxy is enabled when disabled!
244
245  Reported-by: Kamil Dudka
246  Reviewed-by: Kamil Dudka
247  Bug: https://github.com/curl/curl/pull/5735#issuecomment-701376388
248  Closes #6029
249
250Daniel Gustafsson (30 Sep 2020)
251- src: Consistently spell whitespace without whitespace
252
253  Whitespace is spelled without a space between white and space, so
254  make sure to consistently spell it that way across the codebase.
255
256  Closes #6023
257  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
258  Reviewed-by: Emil Engler <me@emilengler.com>
259
260- MANUAL: update examples to resolve without redirects
261
262  www.netscape.com is redirecting to a cookie consent form on Aol, and
263  cool.haxx.se isn't responding to FTP anymore. Replace with examples
264  that resolves in case users try out the commands when reading the
265  manual.
266
267  Closes #6024
268  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
269  Reviewed-by: Emil Engler <me@emilengler.com>
270
271Daniel Stenberg (30 Sep 2020)
272- HISTORY: add some 2020 events
273
274- sectransp: make it build with --disable-proxy
275
276  Follow-up from #5466 and f3d501dc678d80
277  Reported-by: Javier Navarro
278  Fixes #6025
279  Closes #6026
280
281- ECH: renamed from ESNI in docs and configure
282
283  Encrypted Client Hello (ECH) is the current name.
284
285  Closes #6022
286
287- configure: use "no" instead of "disabled" for the end summary
288
289  ... for consistency but also to make them more distinctly stand out next
290  to the "enabled" lines.
291
292- TODO: SSH over HTTPS proxy with more backends
293
294  ... as right now only the libssh2 backend supports it.
295
296- libssh2: handle the SSH protocols done over HTTPS proxy
297
298  Reported-by: Robin Douine
299  Fixes #4295
300  Closes #6021
301
302- [Emil Engler brought this change]
303
304  memdebug: remove 9 year old unused debug function
305
306  There used to be a way to have memdebug fill allocated memory. 9 years
307  later this has no value there (valgrind and ASAN etc are way better). If
308  people need to know about it they can have a look at VCS logs.
309
310  Closes #5973
311
312- sendf: move Curl_sendf to dict.c and make it static
313
314  ... as the only remaining user of that function. Also fix gopher.c to
315  instead use Curl_write()
316
317  Closes #6020
318
319- ROADMAP: updates and cleanups
320
321  Fix the HSTS PR
322
323  Remove DoT, thread-safe init and hard-coded localhost. I feel very
324  little interest for these with users so I downgrade them to plain "TODO"
325  entries again.
326
327- schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root
328
329  This matches what is returned in other TLS backends in the same
330  situation.
331
332  Reviewed-by: Jay Satiro
333  Reviewed-by: Emil Engler
334  Follow-up to 5a3efb1
335  Reported-by: iammrtau on github
336  Fixes #6003
337  Closes #6018
338
339- RELEASE-NOTES: synced
340
341- ftp: make a 552 response return CURLE_REMOTE_DISK_FULL
342
343  Added test 348 to verify. Added a 'STOR' command to the test FTP
344  server to enable test 348. Documented the command in FILEFORMAT.md
345
346  Reported-by: Duncan Wilcox
347  Fixes #6016
348  Closes #6017
349
350- pause: only trigger a reread if the unpause sticks
351
352  As an unpause might itself get paused again and then triggering another
353  reread doesn't help.
354
355  Follow-up from e040146f22608fd9 (shipped since 7.69.1)
356
357  Bug: https://curl.haxx.se/mail/lib-2020-09/0081.html
358  Patch-by: Kunal Chandarana
359  Fixes #5988
360  Closes #6013
361
362- test163[12]: require http to be built-in to run
363
364  ... as speaking over an HTTPS proxy implies http!
365
366  Closes #6014
367
368- ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define
369
370  Closes #6012
371
372- [Javier Blazquez brought this change]
373
374  strerror: honor Unicode API choice on Windows
375
376  Closes #6005
377
378- imap: make imap_send use dynbuf for the send buffer management
379
380  Reuses the buffer and thereby reduces number of mallocs over a transfer.
381
382  Closes #6010
383
384- Curl_send: return error when pre_receive_plain can't malloc
385
386  ... will probably trigger some false DEAD CODE positives on non-windows
387  code analyzers for the conditional code.
388
389  Closes #6011
390
391- ftp: separate FTPS from FTP over "HTTPS proxy"
392
393  When using HTTPS proxy, SSL is used but not in the view of the FTP
394  protocol handler itself so separate the connection's use of SSL from the
395  FTP control connection's sue.
396
397  Reported-by: Mingtao Yang
398  Fixes #5523
399  Closes #6006
400
401Dan Fandrich (23 Sep 2020)
402- tests/data: Fix some mismatched XML tags in test cases
403
404  This allows these test files to pass xmllint.
405
406Daniel Stenberg (23 Sep 2020)
407- pingpong: use a dynbuf for the *_pp_sendf() function
408
409  ... reuses the same dynamic buffer instead of doing repeated malloc/free
410  cycles.
411
412  Test case 100 (FTP dir list PASV) does 7 fewer memory allocation calls
413  after this change in my test setup (132 => 125), curl 7.72.0 needed 140
414  calls for this.
415
416  Test case 103 makes 9 less allocations now (130). Down from 149 in
417  7.72.0.
418
419  Closes #6004
420
421- dynbuf: add Curl_dyn_vaddf
422
423  Closes #6004
424
425- dynbuf: make *addf() not require extra mallocs
426
427  ... by introducing a printf() function that appends directly into a
428  dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so if
429  the buffer is already big enough it can just printf directly into it.
430
431  Since this less-malloc version requires tthe use of a library internal
432  printf function, we only provide this version when building libcurl and
433  not for the dynbuf code that is used when building the curl tool.
434
435  Closes #5998
436
437- KNOWN_BUGS: Unable to use PKCS12 certificate with Secure Transport
438
439  Closes #5403
440
441- pingpong: remove a malloc per Curl_pp_vsendf call
442
443  This typically makes 7-9 fewer mallocs per FTP transfer.
444
445  Closes #5997
446
447- symbian: drop support
448
449  The OS is deprecated. I see no traces of anyone having actually built
450  curl for Symbian after 2012.
451
452  The public headers are unmodified.
453
454  Closes #5989
455
456- RELEASE-NOTES: synced
457
458- curl_krb5.h: rename from krb5.h
459
460  Follow-up from f4873ebd0be32cf
461
462  Turns out some older openssl installations go bananas otherwise.
463  Reported-by: Tom van der Woerdt
464  Fixes #5995
465  Closes #5996
466
467- test1297: verify GOT_NOTHING with http proxy tunnel
468
469- http_proxy: do not count proxy headers in the header bytecount
470
471  ... as that counter is subsequently used to detect if nothing was
472  returned from the peer. This made curl return CURLE_OK when it should
473  have returned CURLE_GOT_NOTHING.
474
475  Fixes #5992
476  Reported-by: Tom van der Woerdt
477  Closes #5994
478
479- setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument
480
481  Fixed two return code mixups. CURLE_UNKNOWN_OPTION is saved for when the
482  option is, yeah, not known. Clarified this in the setopt man page too.
483
484  Closes #5993
485
486- krb5: merged security.c and krb specific FTP functions in here
487
488  These two files were always tightly connected and it was hard to
489  understand what went into which. This also allows us to make the
490  ftpsend() function static (moved from ftp.c).
491
492  Removed security.c
493  Renamed curl_sec.h to krb5.h
494
495  Closes #5987
496
497- Curl_handler: add 'family' to each protocol
498
499  Makes get_protocol_family() faster and it moves the knowledge about the
500  "families" to each protocol handler, where it belongs.
501
502  Closes #5986
503
504- parsedate: tune the date to epoch conversion
505
506  By avoiding an unnecessary error check and the temp use of the tm
507  struct, the time2epoch conversion function gets a little bit faster.
508  When repeating test 517, the updated version is perhaps 1% faster (on
509  one particular build on one particular architecture).
510
511  Closes #5985
512
513- cmake: remove scary warning
514
515  Remove the text saying
516
517  "the curl cmake build system is poorly maintained. Be aware"
518
519  ... not because anything changed just now, but to encourage users to use
520  it and subsequently improve it.
521
522  Closes #5984
523
524- docs/MQTT: remove outdated paaragraphs
525
526- docs/MQTT: not experimental anymore
527
528  Follow-up to e37e4468688d8f
529
530- docs/RESOURCES: remove
531
532  This document is not maintained and rather than trying to refresh it,
533  let's kill it. A more up-to-date document with relevant RFCs is this
534  page on the curl website: https://curl.haxx.se/rfc/
535
536  Closes #5980
537
538- docs/TheArtOfHttpScripting: convert to markdown
539
540  Makes it easier to browse on github etc. Offers (better) links.
541
542  It should be noted that this document is already mostly outdated and
543  "Everything curl" at https://ec.haxx.se/ is a better resource and
544  tutorial.
545
546  Closes #5981
547
548- BUGS: convert document to markdown
549
550  Closes #5979
551
552- --help: strdup the category
553
554  ... since it is converted and the original pointer is freed on Windows
555  unicode handling.
556
557  Follow-up to aa8777f63febc
558  Fixes #5977
559  Closes #5978
560  Reported-by: xwxbug on github
561
562- CHECKSRC: document two missing warnings
563
564- RELEASE-NOTES: synced
565
566- ftp: avoid risk of reading uninitialized integers
567
568  If the received PASV response doesn't match the expected pattern, we
569  could end up reading uninitialized integers for IP address and port
570  number.
571
572  Issue pointed out by muse.dev
573  Closes #5972
574
575- [Quentin Balland brought this change]
576
577  easy_reset: clear retry counter
578
579  Closes #5975
580  Fixes #5974
581
582- ftp: get rid of the PPSENDF macro
583
584  The use of such a macro hides some of what's actually going on to the
585  reader and is generally disapproved of in the project.
586
587  Closes #5971
588
589- man pages: switch to https://example.com URLs
590
591  Since HTTPS is "the new normal", this update changes a lot of man page
592  examples to use https://example.com instead of the previous "http://..."
593
594  Closes #5969
595
596- github: remove the duplicate "Security vulnerability" entry
597
598  ... since github adds an entry automatically by itself.
599
600  Closes #5970
601
602- [Emil Engler brought this change]
603
604  github: use new issue template feature
605
606  This helps us to avoid getting feature requests as well as security
607  bugs reported into the issue tracker.
608
609  Closes #5936
610
611- [Emil Engler brought this change]
612
613  urlapi: use more Curl_safefree
614
615  Closes #5968
616
617Marc Hoersken (17 Sep 2020)
618- multi: align WinSock mask variables in Curl_multi_wait
619
620  Also skip pre-checking sockets to set timeout_ms to 0
621  after the first socket has been detected to be ready.
622
623  Reviewed-by: rcombs on github
624  Reviewed-by: Daniel Stenberg
625
626  Follow up to #5886
627
628- multi: reuse WinSock events variable in Curl_multi_wait
629
630  Since the struct is quite large (1 long and 10 ints) we
631  declare it once at the beginning of the function instead
632  of multiple times inside loops to avoid stack movements.
633
634  Reviewed-by: Viktor Szakats
635  Reviewed-by: Daniel Stenberg
636
637  Closes #5886
638
639Daniel Stenberg (16 Sep 2020)
640- TODO: dynamically decide to use socketpair
641
642  Suggested-by: Anders Bakken
643
644  Closes #4829
645
646- TODO: add PR reference for native IDN support on macOS
647
648  As there was work started on this that never got completed.
649
650  Closes #5371
651
652- tool_help.h: update copyright year range
653
654  Follow-up from aa8777f63febca
655
656- CI/azure: disable test 571 in the msys2 builds
657
658  It's just too flaky there
659
660  Reviewed-by: Marc Hoersken
661  Closes #5954
662
663- tool_writeout: protect fputs() from NULL
664
665  When the code was changed to do fputs() instead of fprintf() it got
666  sensitive for NULL pointers; add checks for that.
667
668  Follow-up from 0c1e767e83ec66
669
670  Closes #5963
671
672- test3015: verify stdout "as text"
673
674  Follow-up from 0c1e767e83e to please win32 tests
675
676  Closes #5962
677
678- travis: use libressl v3.1.4 instead of master
679
680  ... as their git master seems too fragile to use (and 3.2.1 which is the
681  latest has a build failure).
682
683  Closes #5964
684
685- tests/FILEFORMAT: document type=shell for <command>
686
687- tests/FILEFORMAT: document nonewline support for <file>
688
689  The one in <client>, that creates files.
690
691  Follow-up from b83947c8df7
692
693- [anio brought this change]
694
695  tool_writeout: add new writeout variable, %{num_headers}
696
697  This variable gives the number of headers.
698
699  Closes #5947
700
701- tool_urlglob: fix compiler warning "unreachable code"
702
703  (On Windows builds.)
704
705  Follow-up to 70a3b003d9
706
707- [Gergely Nagy brought this change]
708
709  vtls: deduplicate client certificates in ssl_config_data
710
711  Closes #5629
712
713- ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND
714
715  This is primarily interesting for cases where CURLOPT_NOBODY is set as
716  previously curl would not return an error for this case.
717
718  MDTM getting 550 now also returns this error (it returned
719  CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for
720  missing files across protocols and specific FTP commands.
721
722  libcurl already returns error on a 550 as a MDTM response (when
723  CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would
724  happen subsequently anyway since the RETR command would fail.
725
726  Add test 1913 and 1914 to verify. Updated several tests accordingly due
727  to the updated SIZE behavior.
728
729  Reported-by: Tomas Berger
730  Fixes #5953
731  Closes #5957
732
733- curl: make checkpasswd use dynbuf
734
735  Closes #5952
736
737- curl: make glob_match_url use dynbuf
738
739  Closes #5952
740
741- curl: make file2memory use dynbuf
742
743  Closes #5952
744
745- curl: make file2string use dynbuf
746
747  Closes #5952
748
749- [Antarpreet Singh brought this change]
750
751  imap: set cselect_bits to CURL_CSELECT_IN initially
752
753  ... when continuing a transfer from a FETCH response.
754
755  When the size of the file was small enough that the entirety of the
756  transfer happens in a single go and schannel buffers holds the entire
757  data. However, it wasn't completely read in Curl_pp_readresp since a
758  line break was found before that could happen. So, by the time we are in
759  imap_state_fetch_resp - there's data in buffers that needs to be read
760  via Curl_read but nothing to read from the socket. After we setup a
761  transfer (Curl_setup_transfer), curl just waits on the socket state to
762  change - which doesn't happen since no new data ever comes.
763
764  Closes #5961
765
766- RELEASE-NOTES: synced
767
768- test434: test -K use in a single line without newline
769
770  Closes #5946
771
772- runtests: allow creating files without newlines
773
774  Closes #5946
775
776- curl: use curlx_dynbuf for realloc when loading config files
777
778  ... fixes an integer overflow at the same time.
779
780  Reported-by: ihsinme on github
781  Assisted-by: Jay Satiro
782
783  Closes #5946
784
785- dynbuf: provide curlx_ names for reuse by the curl tool
786
787  Closes #5946
788
789- dynbuf: make sure Curl_dyn_tail() zero terminates
790
791  Closes #5959
792
793- tests: add test1912 to the dist
794
795  Follow-up to 70984ce1be4cab6c
796
797- docs/LICENSE-MIXING: remove
798
799  This document is not maintained and I feel that it doesn't provide much
800  value to users anymore (if it ever did).
801
802  Closes #5955
803
804- [Laramie Leavitt brought this change]
805
806  http: consolidate nghttp2_session_mem_recv() call paths
807
808  Previously there were several locations that called
809  nghttp2_session_mem_recv and handled responses slightly differently.
810  Those have been converted to call the existing
811  h2_process_pending_input() function.
812
813  Moved the end-of-session check to h2_process_pending_input() since the
814  only place the end-of-session state can change is after nghttp2
815  processes additional input frames.
816
817  This will likely fix the fuzzing error. While I don't have a root cause
818  the out-of-bounds read seems like a use after free, so moving the
819  nghttp2_session_check_request_allowed() call to a location with a
820  guaranteed nghttp2 session seems reasonable.
821
822  Also updated a few nghttp2 callsites to include error messages and added
823  a few additional error checks.
824
825  Closes #5648
826
827- HISTORY: mention alt-svc added in 2019
828
829  ... and make 1996 the first year subtitle
830
831- base64: also build for pop3 and imap
832
833  Follow-up to the fix in 20417a13fb8f83
834
835  Reported-by: Michael Olbrich
836  Fixes #5937
837  Closes #5948
838
839- base64: enable in build with SMTP
840
841  The oauth2 support is used with SMTP and it uses base64 functions.
842
843  Reported-by: Michael Olbrich
844  Fixes #5937
845  Closes #5938
846
847- curl_mime_headers.3: fix the example's use of curl_slist_append
848
849  Reported-by: sofaboss on github
850  Fixes #5942
851  Closes #5943
852
853- lib583: fix enum mixup
854
855  grrr the previous follow-up to 17fcdf6a31 was wrong
856
857- libtest: fix build errors
858
859  Follow-up from 17fcdf6a310d4c8076
860
861- lib: fix -Wassign-enum warnings
862
863  configure --enable-debug now enables -Wassign-enum with clang,
864  identifying several enum "abuses" also fixed.
865
866  Reported-by: Gisle Vanem
867  Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553
868
869  Closes #5929
870
871- RELEASE-NOTES: synced
872
873- [Diven Qi brought this change]
874
875  url: use blank credentials when using proxy w/o username and password
876
877  Fixes proxy regression brought in commit ad829b21ae (7.71.0)
878
879  Fixed #5911
880  Closes #5914
881
882- travis: add a build using libressl (from git master)
883
884  The v3.2.1 tag (latest release atm) results in a broken build.
885
886  Closes #5932
887
888- configure: let --enable-debug set -Wenum-conversion with gcc >= 10
889
890  Unfortunately, this option is not detecting the same issues as clang's
891  -Wassign-enum flag, but should still be useful to detect future
892  mistakes.
893
894  Closes #5930
895
896- openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
897
898  If the error reason from the lib is
899  SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
900  CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.
901
902  This unifies the libcurl return code and makes libressl run test 313
903  (CRL testing) fine.
904
905  Closes #5934
906
907- FAQ: refreshed some very old language
908
909- cmake: make HTTP_ONLY also disable MQTT
910
911  ... and alphasort the order of disabling protocols to make it easier to
912  browse.
913
914  Closes #5931
915
916- libtest: remove lib1541 leftovers
917
918  Caused automake errors.
919
920  Follow-up to 8ca54a03ea08a
921
922- tests/libtests: remove test 1900 and 2033
923
924  We already remove the test files, now remove the libtest codes as well.
925
926  Follow-up to e50a877df74
927
928Marc Hoersken (7 Sep 2020)
929- CI/azure: add test number to title for display in analytics
930
931  To ease identification of tests the test number is added to
932  the test case title in order to have it on the Azure DevOps
933  Analytics pages and reports which currently do not show it.
934
935  Bump test case revision to make Azure DevOps update titles.
936
937  Closes #5927
938
939Daniel Stenberg (6 Sep 2020)
940- altsvc: clone setting in curl_easy_duphandle
941
942  The cache content is not duplicated, like other caches, but the setting
943  and specified file name are.
944
945  Test 1908 is extended to verify this somewhat. Since the duplicated
946  handle gets the same file name, the test unfortunately overwrites the
947  same file twice (with different contents) which makes it hard to check
948  automatically.
949
950  Closes #5923
951
952- test1541: remove since it is a known bug
953
954  A shared connection cache is not thread-safe is a known issue. Stop
955  testing this until we believe this issue is addressed. Reduces
956  occasional test failures we don't care about.
957
958  The test code in lib1541.c is left in git to allow us to restore it when
959  we get to fix this.
960
961  Closes #5922
962
963- tests: remove pipelining tests
964
965  Remove the tests 530, 584, 1900, 1901, 1902, 1903 and 2033. They were
966  previously disabled.
967
968  The Pipelining code was removed from curl in commit 2f44e94efb3df8e,
969  April 2019.
970
971  Closes #5921
972
973- curl: retry delays in parallel mode no longer sleeps blocking
974
975  The previous sleep for retries would block all other concurrent
976  transfers. Starting now, the retry will instead be properly marked to
977  not get restarted until after the delay time but other transfers can
978  still continue in the mean time.
979
980  Closes #5917
981
982- curl:parallel_transfers: make sure retry readds the transfer
983
984  Reported-by: htasta on github
985  Fixes #5905
986  Closes #5917
987
988- build: drop support for building with Watcom
989
990  These files are not maintained, they seem to have no users, Watcom
991  compilers look like not having users nor releases anymore.
992
993  Closes #5918
994
995- winbuild/rundebug.cmd: remove
996
997  Seems to have been added by mistake? Not included in dists.
998
999  Closes #5919
1000
1001- curl: in retry output don't call all problems "transient"
1002
1003  ... because when --retry-all-errors is used, the error isn't necessarily
1004  transient at all.
1005
1006  Closes #5916
1007
1008- easygetopt: pass a valid enum to avoid compiler warning
1009
1010  "integer constant not in range of enumerated type 'CURLoption'"
1011
1012  Reported-by: Gisle Vanem
1013  Bug: https://github.com/curl/curl/commit/6ebe63fac23f38df911edc348e8ccc72280f9434#commitcomment-42042843
1014
1015  Closes #5915
1016
1017- [Emil Engler brought this change]
1018
1019  tests: Add tests for new --help
1020
1021  This commit is a part of "--help me if you can"
1022
1023  Closes #5680
1024
1025- [Emil Engler brought this change]
1026
1027  tool: update --help with categories
1028
1029  This commit is a part of "--help me if you can"
1030
1031  Closes #5680
1032
1033- [Emil Engler brought this change]
1034
1035  docs: add categories to all cmdline opts
1036
1037  Adapted gen.pl with 'listcats'
1038
1039  This commit is a part of "--help me if you can"
1040
1041  Closes #5680
1042
1043- RELEASE-NOTES: synced
1044
1045- [ihsinme brought this change]
1046
1047  connect.c: remove superfluous 'else' in Curl_getconnectinfo
1048
1049  Closes #5912
1050
1051- [Samuel Marks brought this change]
1052
1053  CMake: remove explicit `CMAKE_ANSI_CFLAGS`
1054
1055  This variable was removed from cmake in commit
1056  https://gitlab.kitware.com/cmake/cmake/commit/5a834b0bb0bc288. A later
1057  CMake commit removes the variable from the tests, claiming that it was
1058  removed in CMake 2.6
1059
1060  Reviewed-By: Peter Wu
1061  Closes #5439
1062
1063- [cbe brought this change]
1064
1065  libssh2: pass on the error from ssh_force_knownhost_key_type
1066
1067  Closes #5909
1068
1069- scripts/delta: add diffstat summary
1070
1071  ... and make output more table-like
1072
1073- [Martin Bašti brought this change]
1074
1075  http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set
1076
1077  ... in case NO_PROXY takes an effect
1078
1079  Without this patch, the following command crashes:
1080
1081      $ GIT_CURL_VERBOSE=1 NO_PROXY=github.com HTTPS_PROXY=https://example.com \
1082          git clone https://github.com/curl/curl.git
1083
1084  Minimal libcurl-based reproducer:
1085
1086      #include <curl/curl.h>
1087
1088      int main() {
1089        CURL *curl = curl_easy_init();
1090        if(curl) {
1091          CURLcode ret;
1092          curl_easy_setopt(curl, CURLOPT_URL, "https://github.com/");
1093          curl_easy_setopt(curl, CURLOPT_PROXY, "example.com");
1094          /* set the proxy type */
1095          curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS);
1096          curl_easy_setopt(curl, CURLOPT_NOPROXY, "github.com");
1097          curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
1098          ret = curl_easy_perform(curl);
1099          curl_easy_cleanup(curl);
1100          return ret;
1101        }
1102        return -1;
1103      }
1104
1105  Assisted-by: Kamil Dudka
1106  Bug: https://bugzilla.redhat.com/1873327
1107  Closes #5902
1108
1109- travis: add a CI job with openssl3 (from git master)
1110
1111  Closes #5908
1112
1113- openssl: avoid error conditions when importing native CA
1114
1115  The code section that is OpenSSL 3+ specific now uses the same logic as
1116  is used in the version < 3 section. It caused a compiler error without
1117  it.
1118
1119  Closes #5907
1120
1121- setopt: avoid curl_ on local variable
1122
1123  Closes #5906
1124
1125- mqtt.c: avoid curl_ prefix on local variable
1126
1127  Closes #5906
1128
1129- wildcard: strip "curl_" prefix from private symbols
1130
1131  Closes #5906
1132
1133- vtls: make it 'struct Curl_ssl_session'
1134
1135  Use uppercase C for internal symbols.
1136
1137  Closes #5906
1138
1139- curl_threads: make it 'struct Curl_actual_call'
1140
1141  Internal names should not be prefixed "curl_"
1142
1143  Closes #5906
1144
1145- schannel: make it 'struct Curl_schannel*'
1146
1147  As internal global names should use captical C.
1148
1149  Closes #5906
1150
1151- hash: make it 'struct Curl_hash'
1152
1153  As internal global names should use captical C.
1154
1155  Closes #5906
1156
1157- llist: make it "struct Curl_llist"
1158
1159  As internal global names should use captical C.
1160
1161  Closes #5906
1162
1163Marc Hoersken (2 Sep 2020)
1164- telnet.c: depend on static requirement of WinSock version 2
1165
1166  Drop dynamic loading of ws2_32.dll and instead rely on the
1167  imported version which is now required to be at least 2.2.
1168
1169  Reviewed-by: Marcel Raad
1170  Reviewed-by: Jay Satiro
1171  Reviewed-by: Daniel Stenberg
1172  Reviewed-by: Viktor Szakats
1173
1174  Closes #5854
1175
1176- win32: drop support for WinSock version 1, require version 2
1177
1178  IPv6, telnet and now also the multi API require WinSock
1179  version 2 which is available starting with Windows 95.
1180
1181  Therefore we think it is time to drop support for version 1.
1182
1183  Reviewed-by: Marcel Raad
1184  Reviewed-by: Jay Satiro
1185  Reviewed-by: Daniel Stenberg
1186  Reviewed-by: Viktor Szakats
1187
1188  Follow up to #5634
1189  Closes #5854
1190
1191- select: align poll emulation to return all relevant events
1192
1193  The poll emulation via select already consumes POLLRDNORM,
1194  POLLWRNORM and POLLRDBAND as input events. Therefore it
1195  should also return them as output events if signaled.
1196
1197  Also fix indentation in input event handling block.
1198
1199  Assisted-by: Jay Satiro
1200  Reviewed-by: Daniel Stenberg
1201
1202  Replaces #5852
1203  Closes #5883
1204
1205- CI/azure: MQTT is now enabled by default
1206
1207  Reviewed-by: Daniel Stenberg
1208
1209  Follow up to #5858
1210  Closes #5903
1211
1212Daniel Stenberg (2 Sep 2020)
1213- copyright.pl: ignore buildconf
1214
1215- test971: show test mismatches "inline"
1216
1217- lib/Makefile.am: bump VERSIONINFO due to new functions
1218
1219  ... we're generally bad at this, but we are adding new functions for
1220  this release.
1221
1222  Closes #5899
1223
1224- optiontable: use DEBUGBUILD
1225
1226  Follow-up to commit 6e18568ba38 (#5877)
1227
1228- cmdline-opts/gen.pl: generate nicer "See Also" in curl.1
1229
1230  If there are more than two items in the list, use commas for all but the
1231  last separator which is set to 'and'. Reads better.
1232
1233  Closes #5898
1234
1235- curl.1: add see also no-progress-meter on two spots
1236
1237  Ref: #5894
1238
1239  Closes #5897
1240
1241- RELEASE-NOTES: synced
1242
1243- mqtt: enable by default
1244
1245  No longer considered experimental.
1246
1247  Closes #5858
1248
1249- [Michael Baentsch brought this change]
1250
1251  tls: add CURLOPT_SSL_EC_CURVES and --curves
1252
1253  Closes #5892
1254
1255- url: remove funny embedded comments in Curl_disonnect calls
1256
1257- [Chris Paulson-Ellis brought this change]
1258
1259  conn: check for connection being dead before reuse
1260
1261  Prevents incorrect reuse of an HTTP connection that has been prematurely
1262  shutdown() by the server.
1263
1264  Partial revert of 755083d00deb16
1265
1266  Fixes #5884
1267  Closes #5893
1268
1269Marc Hoersken (29 Aug 2020)
1270- buildconf: exec autoreconf to avoid additional process
1271
1272  Also make buildconf exit with the return code of autoreconf.
1273
1274  Reviewed-by: Daniel Stenberg
1275
1276  Follow up to #5853
1277  Closes #5890
1278
1279- CI/azure: no longer ignore results of test 1013
1280
1281  Follow up to #5771
1282  Closes #5889
1283
1284- docs: add description about CI platforms to CONTRIBUTE.md
1285
1286  Reviewed-by: Daniel Stenberg
1287  Reviewed-by: Marcel Raad
1288  Reviewed-by: Jay Satiro
1289
1290  Closes #5882
1291
1292Daniel Stenberg (29 Aug 2020)
1293- tests/getpart: use MIME::Base64 instead of home-cooked
1294
1295  Since we already use the base64 package since a while back, we can just
1296  as well switch to that here too.
1297
1298  It also happens to use the exact same function name, which otherwise
1299  causes a run-time warning.
1300
1301  Reported-by: Marc Hörsken
1302  Fixes #5885
1303  Closes #5887
1304
1305Marcel Raad (29 Aug 2020)
1306- ntlm: fix condition for curl_ntlm_core usage
1307
1308  `USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES
1309  backend is fine, but was excluded before.
1310
1311  This also fixes test 1013 as the condition for SMB support in
1312  configure.ac didn't match the condition in the source code. Now it
1313  does.
1314
1315  Fixes https://github.com/curl/curl/issues/1262
1316  Closes https://github.com/curl/curl/pull/5771
1317
1318- AppVeyor: switch 64-bit Schannel Debug CMake builds to Unicode
1319
1320  The Schannel builds are the most useful to verify as they make the most
1321  use of the Windows API. Classic MinGW doesn't support Unicode at all,
1322  only MinGW-w64 and MSVC do.
1323
1324  Closes https://github.com/curl/curl/pull/5843
1325
1326- CMake: add option to enable Unicode on Windows
1327
1328  As already existing for winbuild.
1329
1330  Closes https://github.com/curl/curl/pull/5843
1331
1332Marc Hoersken (29 Aug 2020)
1333- select: simplify return code handling for poll and select
1334
1335  poll and select already return -1 on error according to POSIX,
1336  so there is no need to perform a <0 to -1 conversion in code.
1337
1338  Also we can just use one check with <= 0 on the return code.
1339
1340  Assisted-by: Daniel Stenberg
1341  Reviewed-by: Jay Satiro
1342
1343  Replaces #5852
1344  Closes #5880
1345
1346Daniel Stenberg (28 Aug 2020)
1347- RELEASE-NOTES: synced
1348
1349- [Jeroen Ooms brought this change]
1350
1351  tests: add test1912 with typechecks
1352
1353  Validates that gcc-typecheck macros match the new option type API.
1354
1355  Closes #5873
1356
1357- easyoptions: provide debug function when DEBUGBUILD
1358
1359  ... not CURLDEBUG as they're not always set in conjunction.
1360
1361  Follow-up to 6ebe63fac23f38df
1362
1363  Fixes #5877
1364  Closes #5878
1365
1366Marc Hoersken (28 Aug 2020)
1367- sockfilt: handle FD_CLOSE winsock event on write socket
1368
1369  Learn from the way Cygwin handles and maps the WinSock events
1370  to simulate correct and complete poll and select behaviour
1371  according to Richard W. Stevens Network Programming book.
1372
1373  Follow up to #5867
1374  Closes #5879
1375
1376- multi: handle connection state winsock events
1377
1378  Learn from the way Cygwin handles and maps the WinSock events
1379  to simulate correct and complete poll and select behaviour
1380  according to Richard W. Stevens Network Programming book.
1381
1382  Reviewed-by: Jay Satiro
1383  Reviewed-by: Marcel Raad
1384
1385  Follow up to #5634
1386  Closes #5867
1387
1388Daniel Stenberg (28 Aug 2020)
1389- Curl_pgrsTime - return new time to avoid timeout integer overflow
1390
1391  Setting a timeout to INT_MAX could cause an immediate error to get
1392  returned as timeout because of an overflow when different values of
1393  'now' were used.
1394
1395  This is primarily fixed by having Curl_pgrsTime() return the "now" when
1396  TIMER_STARTSINGLE is set so that the parent function will continue using
1397  that time.
1398
1399  Reported-by: Ionuț-Francisc Oancea
1400  Fixes #5583
1401  Closes #5847
1402
1403- TLS: fix SRP detection by using the proper #ifdefs
1404
1405  USE_TLS_SRP will be true if *any* selected TLS backend can use SRP
1406
1407  HAVE_OPENSSL_SRP is defined when OpenSSL can use it
1408
1409  HAVE_GNUTLS_SRP is defined when GnuTLS can use it
1410
1411  Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is
1412  set if at least one of the supported backends offers SRP.
1413
1414  Reported-by: Stefan Strogin
1415  Fixes #5865
1416  Closes #5870
1417
1418- [Dan Kenigsberg brought this change]
1419
1420  docs: SSLCERTS: fix English syntax
1421
1422  Signed-off-by: Dan Kenigsberg <danken@redhat.com>
1423
1424  Closes #5876
1425
1426- [Alessandro Ghedini brought this change]
1427
1428  docs: non-existing macros in man pages
1429
1430  As reported by man(1) when invoked as:
1431
1432    man --warnings -E UTF-8 -l -Tutf8 -Z <file> >/dev/null
1433
1434  Closes #5846
1435
1436- [Alessandro Ghedini brought this change]
1437
1438  curl.1: fix typo invokved -> invoked
1439
1440  Closes #5846
1441
1442- buildconf: invoke 'autoreconf -fi' instead
1443
1444  The custom script isn't necessary anymore - but remains for simplicity
1445  and just invokes autoreconf.
1446
1447  Closes #5853
1448
1449- [Emil Engler brought this change]
1450
1451  lib: make Curl_gethostname accept a const pointer
1452
1453  The address of that variable never gets changed, only the data in it so
1454  why not make it a "char * const"?
1455
1456  Closes #5866
1457
1458- docs/libcurl: update "Added in" version for curl_easy_option*
1459
1460  Follow-up to 6ebe63fac23f38
1461
1462- scripts: improve the "get latest curl release tag" logic
1463
1464  ... by insiting on it matching "^curl-".
1465
1466- configure: added --disable-get-easy-options
1467
1468  To allow disabling of the curl_easy_option APIs in a build.
1469
1470  Closes #5365
1471
1472- options: API for meta-data about easy options
1473
1474   const struct curl_easyoption *curl_easy_option_by_name(const char *name);
1475
1476   const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);
1477
1478   const struct curl_easyoption *
1479   curl_easy_option_next(const struct curl_easyoption *prev);
1480
1481  The purpose is to provide detailed enough information to allow for
1482  example libcurl bindings to get option information at run-time about
1483  what easy options that exist and what arguments they expect.
1484
1485  Assisted-by: Jeroen Ooms
1486  Closes #5365
1487
1488- [Eric Curtin brought this change]
1489
1490  HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29
1491
1492  Closes #5871
1493
1494- RELEASE-NOTES: synced
1495
1496Jay Satiro (26 Aug 2020)
1497- openssl: Fix wincrypt symbols conflict with BoringSSL
1498
1499  OpenSSL undefines the conflicting symbols but BoringSSL does not so we
1500  must do it ourselves.
1501
1502  Reported-by: Samuel Tranchet
1503  Assisted-by: Javier Blazquez
1504
1505  Ref: https://bugs.chromium.org/p/boringssl/issues/detail?id=371
1506  Ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1g/include/openssl/ossl_typ.h#L66-L73
1507
1508  Fixes https://github.com/curl/curl/issues/5669
1509  Closes https://github.com/curl/curl/pull/5857
1510
1511Daniel Stenberg (26 Aug 2020)
1512- socketpair: allow CURL_DISABLE_SOCKETPAIR
1513
1514  ... to completely disable the use of socketpair
1515
1516  Closes #5850
1517
1518- curl_get_line: build only if cookies or alt-svc are enabled
1519
1520  Closes #5851
1521
1522- [fullincome brought this change]
1523
1524  schannel: fix memory leak when using get_cert_location
1525
1526  The get_cert_location function allocates memory only on success.
1527  Previously get_cert_location was able to allocate memory and return
1528  error. It wasn't obvious and in this case the memory wasn't
1529  released.
1530
1531  Fixes #5855
1532  Closes #5860
1533
1534- [Emil Engler brought this change]
1535
1536  git: ignore libtests in 3XXX area
1537
1538  Currently the file tests/libtest/lib3010 is not getting
1539  ignored by git. This fixes it by adding the 3XXX area to
1540  the according .gitignore file.
1541
1542  Closes #5859
1543
1544- [Emil Engler brought this change]
1545
1546  doh: add error message for DOH_DNS_NAME_TOO_LONG
1547
1548  When this error code was introduced in b6a53fff6c1d07e8a9, it was
1549  forgotten to be added in the errors array and doh_strerror function.
1550
1551  Closes #5863
1552
1553- ngtcp2: adapt to the new pkt_info arguments
1554
1555  Guidance-by: Tatsuhiro Tsujikawa
1556
1557  Closes #5864
1558
1559- winbuild/README.md: make <options> visible
1560
1561  Follow-up to be753add31c2d8c
1562
1563- winbuild: convert the instruction text to README.md
1564
1565  Closes #5861
1566
1567- lib1560: verify "redirect" to double-slash leading URL
1568
1569  Closes #5849
1570
1571Marc Hoersken (25 Aug 2020)
1572- multi: expand pre-check for socket readiness
1573
1574  Check readiness of all sockets before waiting on them
1575  to avoid locking in case the one-time event FD_WRITE
1576  was already consumed by a previous wait operation.
1577
1578  More information about WinSock network events:
1579  https://docs.microsoft.com/en-us/windows/win32/api/
1580     winsock2/nf-winsock2-wsaeventselect#return-value
1581
1582  Closes #5634
1583
1584- [rcombs brought this change]
1585
1586  multi: implement wait using winsock events
1587
1588  This avoids using a pair of TCP ports to provide wakeup functionality
1589  for every multi instance on Windows, where socketpair() is emulated
1590  using a TCP socket on loopback which could in turn lead to socket
1591  resource exhaustion.
1592
1593  A previous version of this patch failed to account for how in WinSock,
1594  FD_WRITE is set only once when writing becomes possible and not again
1595  until after a send has failed due to the buffer filling. This contrasts
1596  to how FD_READ and FD_OOB continue to be set until the conditions they
1597  refer to no longer apply. This meant that if a user wrote some data to
1598  a socket, but not enough data to completely fill its send buffer, then
1599  waited on that socket to become writable, we'd erroneously stall until
1600  their configured timeout rather than returning immediately.
1601
1602  This version of the patch addresses that issue by checking each socket
1603  we're waiting on to become writable with select() before the wait, and
1604  zeroing the timeout if it's already writable.
1605
1606  Assisted-by: Marc Hörsken
1607  Reviewed-by: Marcel Raad
1608  Reviewed-by: Daniel Stenberg
1609  Tested-by: Gergely Nagy
1610  Tested-by: Rasmus Melchior Jacobsen
1611  Tested-by: Tomas Berger
1612
1613  Replaces #5397
1614  Reverts #5632
1615  Closes #5634
1616
1617- select: reduce duplication of Curl_poll in Curl_socket_check
1618
1619  Change Curl_socket_check to use select-fallback in Curl_poll
1620  instead of implementing it in Curl_socket_check and Curl_poll.
1621
1622  Reviewed-by: Daniel Stenberg
1623  Reviewed-by: Jay Satiro
1624
1625  Replaces #5262 and #5492
1626  Closes #5707
1627
1628- select: fix poll-based check not detecting connect failure
1629
1630  This commit changes Curl_socket_check to use POLLPRI to
1631  check for connect failure on the write socket, because
1632  POLLPRI maps to fds_err. This is in line with select(2).
1633
1634  The select-based socket check correctly checks for connect
1635  failures by adding the write socket also to fds_err.
1636
1637  The poll-based implementation (which internally can itself
1638  fallback to select again) did not previously check for
1639  connect failure by using POLLPRI with the write socket.
1640
1641  See the follow up commit to this for more information.
1642
1643  This commit makes sure connect failures can be detected
1644  and handled if HAVE_POLL_FINE is defined, eg. on msys2-devel.
1645
1646  Reviewed-by: Daniel Stenberg
1647  Reviewed-by: Jay Satiro
1648
1649  Replaces #5509
1650  Prepares #5707
1651
1652- select.h: make socket validation macros test for INVALID_SOCKET
1653
1654  With Winsock the valid range is [0..INVALID_SOCKET-1] according to
1655  https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2
1656
1657  Reviewed-by: Jay Satiro
1658  Reviewed-by: Marcel Raad
1659  Reviewed-by: Daniel Stenberg
1660
1661  Closes #5760
1662
1663Daniel Stenberg (24 Aug 2020)
1664- docs: --output-dir is added in 7.73.0, nothing else
1665
1666  Follow-up to 5620d2cc78c0
1667
1668- curl: add --output-dir
1669
1670  Works with --create-dirs and with -J
1671
1672  Add test 3008, 3009, 3011, 3012 and 3013 to verify.
1673
1674  Closes #5637
1675
1676- configure: fix pkg-config detecting wolfssl
1677
1678  When amending the include path with "/wolfssl", this now properly strips
1679  off all whitespace from the path variable! Previously this would lead to
1680  pkg-config builds creating bad command lines.
1681
1682  Closes #5848
1683
1684- [Michael Musset brought this change]
1685
1686  sftp: add the option CURLKHSTAT_FINE_REPLACE
1687
1688  Replace the old fingerprint of the host with a new.
1689
1690  Closes #5685
1691
1692- RELEASE-NOTES: synced
1693
1694  The next release is now to become 7.73.0
1695
1696- checksrc: verify do-while and spaces between the braces
1697
1698  Updated mprintf.c to comply
1699
1700  Closes #5845
1701
1702- curl: support XDG_CONFIG_HOME to find .curlrc
1703
1704  Added test433 to verify. Updated documentation.
1705
1706  Reviewed-by: Jay Satiro
1707  Suggested-by: Eli Schwartz
1708  Fixes #5829
1709  Closes #5837
1710
1711- etag: save and use the full received contents
1712
1713  ... which makes it support weak tags and non-standard etags too!
1714
1715  Added test case 347 to verify blank incoming ETag:
1716
1717  Fixes #5610
1718  Closes #5833
1719
1720- setopt: if the buffer exists, refuse the new BUFFERSIZE
1721
1722  The buffer only exists during transfer and then we shouldn't change the
1723  size (the setopt is not documented to work then).
1724
1725  Reported-by: Harry Sintonen
1726  Closes #5842
1727
1728- [COFFEETALES brought this change]
1729
1730  sftp: add new quote commands 'atime' and 'mtime'
1731
1732  Closes #5810
1733
1734- CURLE_PROXY: new error code
1735
1736  Failures clearly returned from a (SOCKS) proxy now causes this return
1737  code. Previously the situation was not very clear as what would be
1738  returned and when.
1739
1740  In addition: when this error code is returned, an application can use
1741  CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then
1742  returns a value from the new 'CURLproxycode' enum.
1743
1744  Closes #5770
1745
1746- runtests: make cleardir() erase dot files too
1747
1748  Because test cases might use dot files.
1749
1750  Closes #5838
1751
1752- KNOWN_BUGS:  'no_proxy' string-matches IPv6 numerical addreses
1753
1754  Also: the current behavior is now documented in the curl.1 and
1755  CURLOPT_NOPROXY.3 man pages.
1756
1757  Reported-by: Andrew Barnes
1758  Closes #5745
1759  Closes #5841
1760
1761Viktor Szakats (22 Aug 2020)
1762- Makefile.m32: add ability to override zstd libs [ci skip]
1763
1764  Similarly to brotli, where this was already possible.
1765  E.g. it allows to link zstd statically to libcurl.dll.
1766
1767  Ref: https://github.com/curl/curl-for-win/issues/12
1768  Ref: https://github.com/curl/curl-for-win/commit/d9b266afd2e5d3f5604483010ef62340b5918c89
1769
1770  Closes https://github.com/curl/curl/pull/5840
1771
1772Daniel Stenberg (21 Aug 2020)
1773- runtests: avoid 'fail to start' repeated messages in attempt loops
1774
1775  Closes #5834
1776
1777- runtests: clear pid variables when failing to start a server
1778
1779  ... as otherwise the parent doesn't detect the failure and believe it
1780  actually worked to start.
1781
1782  Reported-by: Christian Weisgerber
1783  Bug: https://curl.haxx.se/mail/lib-2020-08/0018.html
1784  Closes #5834
1785
1786- TODO: Virtual external sockets
1787
1788  Closes #5835
1789
1790- [Don J Olmstead brought this change]
1791
1792  dist: add missing CMake Find modules to the distribution
1793
1794  Closes #5836
1795
1796- RELEASE-NOTES: synced
1797
1798  ... and version bumped to 7.72.1
1799
1800- tls: provide the CApath verbose log on its own line
1801
1802  ... not newline separated from the previous line. This makes it output
1803  asterisk prefixed properly like other verbose putput!
1804
1805  Reported-by: jmdavitt on github
1806  Fixes #5826
1807  Closes #5827
1808
1809Version 7.72.0 (19 Aug 2020)
1810
1811Daniel Stenberg (19 Aug 2020)
1812- RELEASE-NOTES: synced
1813
1814  The curl 7.72.0 release
1815
1816- THANKS: add names from curl 7.72.0 release
1817
1818Jay Satiro (18 Aug 2020)
1819- KNOWN_BUGS: Schannel TLS 1.2 handshake bug in old Windows versions
1820
1821  Reported-by: plujon@users.noreply.github.com
1822
1823  Closes https://github.com/curl/curl/issues/5488
1824
1825Daniel Stenberg (17 Aug 2020)
1826- Curl_easy: remember last connection by id, not by pointer
1827
1828  CVE-2020-8231
1829
1830  Bug: https://curl.haxx.se/docs/CVE-2020-8231.html
1831
1832  Reported-by: Marc Aldorasi
1833  Closes #5824
1834
1835- examples/rtsp.c: correct the copyright year
1836
1837- RELEASE-PROCEDURE.md: add more future release dates
1838
1839- [H3RSKO brought this change]
1840
1841  docs: change "web site" to "website"
1842
1843  According to wikipedia:
1844
1845   While "web site" was the original spelling, this variant has become
1846   rarely used, and "website" has become the standard spelling
1847
1848  Closes #5822
1849
1850- [Bevan Weiss brought this change]
1851
1852  CMake: don't complain about missing nroff
1853
1854  The curl_nroff_check() was always being called, and complaining if
1855  *NROFF wasn't found, even when not making the manual.
1856
1857  Only check for nroff (and complain) if actually making the manual
1858
1859  Closes #5817
1860
1861- [Brian Inglis brought this change]
1862
1863  libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
1864
1865  copy the LDFLAGS approach for adding same option with `libhostname` in
1866  `libtest/Makefile.am`:
1867
1868  - init `libstubgss_la_LDFLAGS_EXTRA` variable,
1869  - add option to variable inside conditional,
1870  - use variable in `libstubgss_la_LDFLAGS`
1871
1872  Fixes #5819
1873  Closes #5820
1874
1875- docs: clarify MAX_SEND/RECV_SPEED functionality
1876
1877  ... in particular what happens if the maximum speed limit is set to a
1878  value that's smaller than the transfer buffer size in use.
1879
1880  Reported-by: Tomas Berger
1881  Fixes #5788
1882  Closes #5813
1883
1884- test1140: compare stdout
1885
1886  To make problems more immediately obvious when tests fail.
1887
1888  Closes #5814
1889
1890- asyn-ares: correct some bad comments
1891
1892  Closes #5812
1893
1894- [Emil Engler brought this change]
1895
1896  docs: Add video link to docs/CONTRIBUTE.md
1897
1898  Closes #5811
1899
1900- curl-config: ignore REQUIRE_LIB_DEPS in --libs output
1901
1902  Fixes a curl-config issue on cygwin by making sure REQUIRE_LIB_DEPS is
1903  not considered for the --libs output.
1904
1905  Reported-by: ramsay-jones on github
1906  Assisted-by: Brian Inglis and Ken Brown
1907  Fixes #5793
1908  Closes #5808
1909
1910- copyright: update/correct the year range on a few files
1911
1912- scripts/copyright.pl: ignore .muse files
1913
1914- [Emil Engler brought this change]
1915
1916  multi: Remove 10-year old out-commented code
1917
1918  The code hasn't been touched since 2010-08-18
1919
1920  Closes #5805
1921
1922- KNOWN_BUGS: A shared connection cache is not thread-safe
1923
1924  Closes #4915
1925  Closes #5802
1926
1927- CONTRIBUTE: extend git commit message description
1928
1929  In particular how the first line works.
1930
1931  Closes #5803
1932
1933- RELEASE-NOTES: synced
1934
1935- [Stefan Yohansson brought this change]
1936
1937  transfer: move retrycount from connect struct to easy handle
1938
1939  This flag was applied to the connection struct that is released on
1940  retry.  These changes move the retry counter into Curl_easy struct that
1941  lives across retries and retains the new connection.
1942
1943  Reported-by: Cherish98 on github
1944  Fixes #5794
1945  Closes #5800
1946
1947- libssh2: s/ssherr/sftperr/
1948
1949  The debug output used ssherr instead of sftperr which not only outputs
1950  the wrong error code but also casues a warning on Windows.
1951
1952  Follow-up to 7370b4e39f1
1953
1954  Reported-by: Gisle Vanem
1955  Bug: https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
1956  Closes #5799
1957
1958- ftp: don't do ssl_shutdown instead of ssl_close
1959
1960  The shutdown function is for downgrading a connection from TLS to plain,
1961  and this is not requested here.
1962
1963  Have ssl_close reset the TLS connection state.
1964
1965  This partially reverts commit f002c850d98d
1966
1967  Reported-by: Rasmus Melchior Jacobsen
1968  Reported-by: Denis Goleshchikhin
1969  Fixes #5797
1970
1971Marc Hoersken (9 Aug 2020)
1972- CI/azure: fix test outcome values and use latest API version
1973
1974  This makes sure that tests ignored or skipped are not shown
1975  just in the category "Other", but with their correct state.
1976
1977  Closes #5796
1978
1979- CI/azure: show runtime stats to investigate slowness
1980
1981  Also avoid naming conflict of TFLAGS env and tflags variables.
1982
1983  Closes #5776
1984
1985Daniel Stenberg (8 Aug 2020)
1986- TLS naming: fix more Winssl and Darwinssl leftovers
1987
1988  The CMake option is now called CMAKE_USE_SCHANNEL
1989
1990  The winbuild flag is USE_SCHANNEL
1991
1992  The CI jobs and build scripts only use the new names and the new name
1993  options
1994
1995  Tests now require 'Schannel' (when necessary)
1996
1997  Closes #5795
1998
1999- smtp_parse_address: handle blank input string properly
2000
2001  Closes #5792
2002
2003- runtests: run the DICT server on a random port number
2004
2005  Removed support for -b (base port number)
2006
2007  Closes #5783
2008
2009- RELEASE-NOTES: synced
2010
2011- runtests: move the TELNET server to a dynamic port
2012
2013  Rename the port variable to TELNETPORT to better match the existing
2014  pattern.
2015
2016  Closes #5785
2017
2018- ngtcp2: adapt to error code rename
2019
2020  Closes #5786
2021
2022- runtests: move the smbserver to use a dynamic port number
2023
2024  Closes #5782
2025
2026- runtests: run the http2 tests on a random port number
2027
2028  Closes #5779
2029
2030- gtls: survive not being able to get name/issuer
2031
2032  Closes #5778
2033
2034- runtests: move the gnutls-serv tests to a dynamic port
2035
2036  Affects test 320, 321, 322 and 324.
2037
2038  Closes #5778
2039
2040- runtests: support dynamicly base64 encoded sections in tests
2041
2042  This allows us to make test cases to use base64 at run-time and still
2043  use and verify information determined at run-time, such as the IMAP test
2044  server's port number in test 842.
2045
2046  This change makes 12 tests run again that basically never ran since we
2047  moved to dynamic port numbers.
2048
2049  ftpserver.pl is adjusted to load test instructions and test number from
2050  the preprocessed test file.
2051
2052  FILEFORMAT.md now documents the new base64 encoding syntax.
2053
2054  Reported-by: Marcel Raad
2055  Fixes #5761
2056  Closes #5775
2057
2058- curl.1: add a few missing valid exit codes
2059
2060  93 - 96 can be returned as well.
2061
2062  Closes #5777
2063
2064- TODO: Use multiple parallel transfers for a single download
2065
2066  Closes #5774
2067
2068- TODO: Set the modification date on an uploaded file
2069
2070  Closes #5768
2071
2072- [Thomas M. DuBuisson brought this change]
2073
2074  CI: Add muse CI config
2075
2076  Closes #5772
2077
2078- [Thomas M. DuBuisson brought this change]
2079
2080  travis/script.sh: fix use of `-n' with unquoted envvar
2081
2082  Shellcheck tells us "-n doesn't work with unquoted arguments. quote or
2083  use [[ ]]."
2084
2085  And testing shows:
2086
2087  ```
2088  docker run --rm -it ubuntu bash
2089  root@fe85ce156856:/# [ -n $DOES_NOT_EXIST ] && echo "I ran"
2090  I ran
2091  root@fe85ce156856:/# [ -n "$DOES_NOT_EXIST" ] && echo "I ran"
2092  root@fe85ce156856:/#
2093  ```
2094
2095  Closes #5773
2096
2097- h2: repair trailer handling
2098
2099  The previous h2 trailer fix in 54a2b63 was wrong and caused a
2100  regression: it cannot deal with trailers immediately when read since
2101  they may be read off the connection by the wrong 'data' owner.
2102
2103  This change reverts the logic back to gathering all trailers into a
2104  single buffer, like before 54a2b63.
2105
2106  Reported-by: Tadej Vengust
2107  Fixes #5663
2108  Closes #5769
2109
2110Viktor Szakats (3 Aug 2020)
2111- windows: disable Unix Sockets for old mingw
2112
2113  Classic mingw and 10y+ old versions of mingw-w64 don't ship with
2114  Windows headers having the typedef necessary for Unix Sockets
2115  support, so try detecting these environments to disable this
2116  feature.
2117
2118  Ref: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/cf6afc57179a5910621215f8f4037d406892072c/
2119
2120  Reviewed-by: Daniel Stenberg
2121
2122  Fixes #5674
2123  Closes #5758
2124
2125Marcel Raad (3 Aug 2020)
2126- test1908: treat file as text
2127
2128  Fixes the line endings on Windows.
2129
2130  Closes https://github.com/curl/curl/pull/5767
2131
2132- TrackMemory tests: ignore realloc and free in getenv.c
2133
2134  These are only called for WIN32.
2135
2136  Closes https://github.com/curl/curl/pull/5767
2137
2138Daniel Stenberg (3 Aug 2020)
2139- tests/FILEFORMAT.md: mention %HTTP2PORT
2140
2141- RELEASE-NOTES: synced
2142
2143- tlsv1.3.d. only for TLS-using connections
2144
2145  ... and rephrase that "not all" TLS backends support it.
2146
2147  Closes #5764
2148
2149- tls-max.d: this option is only for TLS-using connections
2150
2151  Ref: #5763
2152  Closes #5764
2153
2154Marcel Raad (2 Aug 2020)
2155- [Cameron Cawley brought this change]
2156
2157  tool_doswin: Simplify Windows version detection
2158
2159  Closes https://github.com/curl/curl/pull/5754
2160
2161- [Cameron Cawley brought this change]
2162
2163  win32: Add Curl_verify_windows_version() to curlx
2164
2165  Closes https://github.com/curl/curl/pull/5754
2166
2167- runtests.pl: treat LibreSSL and BoringSSL as OpenSSL
2168
2169  This makes the tests that require the OpenSSL feature also run for
2170  those two compatible libraries.
2171
2172  Closes https://github.com/curl/curl/pull/5762
2173
2174Daniel Stenberg (1 Aug 2020)
2175- multi: Condition 'extrawait' is always true
2176
2177  Reported by Codacy.
2178
2179  Reviewed-by: Marcel Raad
2180  Closes #5759
2181
2182Marcel Raad (1 Aug 2020)
2183- openssl: fix build with LibreSSL < 2.9.1
2184
2185  `SSL_CTX_add0_chain_cert` and `SSL_CTX_clear_chain_certs` were
2186  introduced in LibreSSL 2.9.1 [0].
2187
2188  [0] https://github.com/libressl-portable/openbsd/commit/0db809ee178457c8170abfae3931d7bd13abf3ef
2189
2190  Closes https://github.com/curl/curl/pull/5757
2191
2192Daniel Stenberg (1 Aug 2020)
2193- [Marc Aldorasi brought this change]
2194
2195  multi_remove_handle: close unused connect-only connections
2196
2197  Previously any connect-only connections in a multi handle would be kept
2198  alive until the multi handle was closed.  Since these connections cannot
2199  be re-used, they can be marked for closure when the associated easy
2200  handle is removed from the multi handle.
2201
2202  Closes #5749
2203
2204- checksrc: invoke script with -D to find .checksrc proper
2205
2206  Without the -D command line option, checksrc.pl won't know which
2207  directory to load the ".checksrc" file from when building out of the
2208  source tree.
2209
2210  Reported-by: Marcel Raad
2211  Fixes #5715
2212  Closes #5755
2213
2214- [Carlo Marcelo Arenas Belón brought this change]
2215
2216  buildconf: retire ares buildconf invocation
2217
2218  no longer needed after 4259d2df7dd95637a4b1e3fb174fe5e5aef81069
2219
2220- [Carlo Marcelo Arenas Belón brought this change]
2221
2222  buildconf: excempt defunct reference to ACLOCAL_FLAGS
2223
2224  retired with 09f278121e815028adb24d228d8092fc6cb022aa but kept around as
2225  the name is generic enough that it might be in use and relied upon from
2226  the environment.
2227
2228- [Carlo Marcelo Arenas Belón brought this change]
2229
2230  buildconf: avoid array concatenation in die()
2231
2232  reported as error SC2145[1] by shellcheck, but not expected to cause
2233  any behavioural differences otherwise.
2234
2235  [1] https://github.com/koalaman/shellcheck/wiki/SC2145
2236
2237  Closes #5701
2238
2239- travis: add ppc64le and s390x builds
2240
2241  Closes #5752
2242
2243Marc Hoersken (31 Jul 2020)
2244- connect: remove redundant message about connect failure
2245
2246  Reviewed-by: Daniel Stenberg
2247
2248  Closes #5708
2249
2250- tests/sshserver.pl: fix compatibility with OpenSSH for Windows
2251
2252  Follow up to #5721
2253
2254- CI/azure: install libssh2 for use with msys2-based builds
2255
2256  This enables building and running the SFTP tests.
2257  Unfortunately OpenSSH for Windows does not support SCP (yet).
2258
2259  Reviewed-by: Daniel Stenberg
2260
2261  Closes #5721
2262
2263- CI/azure: increase Windows job timeout once again
2264
2265  Avoid aborted jobs due to performance issues on Azure DevOps.
2266
2267  Reviewed-by: Daniel Stenberg
2268  Reviewed-by: Jay Satiro
2269
2270  Closes #5738
2271
2272Jay Satiro (30 Jul 2020)
2273- TODO: Schannel: 'Add option to allow abrupt server closure'
2274
2275  We should offer an option to allow abrupt server closures (server closes
2276  SSL transfer without sending a known termination point such as length of
2277  transfer or close_notify alert). Abrupt server closures are usually
2278  because of misconfigured or very old servers.
2279
2280  Closes https://github.com/curl/curl/issues/4427
2281
2282- url: fix CURLU and location following
2283
2284  Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
2285  incorrectly used for the location follow, resulting in infinite requests
2286  to the original location.
2287
2288  Reported-by: sspiri@users.noreply.github.com
2289
2290  Fixes https://github.com/curl/curl/issues/5709
2291  Closes https://github.com/curl/curl/pull/5713
2292
2293Daniel Stenberg (30 Jul 2020)
2294- RELEASE-NOTES: synced
2295
2296- [divinity76 brought this change]
2297
2298  docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
2299
2300  it helps make it obvious that most developers don't have to care about
2301  the CURLM_CALL_MULTI_PERFORM value (last release using it is nearly 11
2302  years old, November 4 2009)
2303
2304  Closes #5744
2305
2306Jay Satiro (29 Jul 2020)
2307- tool_cb_wrt: fix outfile mode flags for Windows
2308
2309  - Use S_IREAD and S_IWRITE mode permission flags to create the file
2310    on Windows instead of S_IRUSR, S_IWUSR, etc.
2311
2312  Windows only accepts a combination of S_IREAD and S_IWRITE. It does not
2313  acknowledge other combinations, for which it may generate an assertion.
2314
2315  This is a follow-up to 81b4e99 from yesterday, which improved the
2316  existing file check with -J.
2317
2318  Ref: https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/open-wopen#remarks
2319  Ref: https://github.com/curl/curl/pull/5731
2320
2321  Closes https://github.com/curl/curl/pull/5742
2322
2323Daniel Stenberg (28 Jul 2020)
2324- checksrc: ban gmtime/localtime
2325
2326  They're not thread-safe so they should not be used in libcurl code.
2327
2328  Explictly enabled when deemed necessary and in examples and tests
2329
2330  Reviewed-by: Nicolas Sterchele
2331  Closes #5732
2332
2333- transfer: fix data_pending for builds with both h2 and h3 enabled
2334
2335  Closes #5734
2336
2337- curl_multi_setopt: fix compiler warning "result is always false"
2338
2339  On systems with 32 bit long the expression is always false. Avoid
2340  the warning.
2341
2342  Reported-by: Gisle Vanem
2343  Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
2344  Closes #5736
2345
2346- curl: improve the existing file check with -J
2347
2348  Previously a file that isn't user-readable but is user-writable would
2349  not be properly avoided and would get overwritten.
2350
2351  Reported-by: BrumBrum on hackerone
2352  Assisted-by: Jay Satiro
2353  Bug: https://hackerone.com/reports/926638
2354  Closes #5731
2355
2356- [Jonathan Nieder brought this change]
2357
2358  multi: update comment to say easyp list is linear
2359
2360  Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1,
2361  2013-08-02), the easy handle list is not circular but ends with
2362  ->next pointing to NULL.
2363
2364  Reported-by: Masaya Suzuki <masayasuzuki@google.com>
2365  Closes #5737
2366
2367- CURLOPT_NOBODY.3: fix the syntax for referring to options
2368
2369  As test 1140 fails otherwise!
2370
2371  Follow-up to e1bac81cc815
2372
2373- ngtcp2: store address in sockaddr_storage
2374
2375  Reported-by: Tatsuhiro Tsujikawa
2376  Closes #5733
2377
2378- CURLOPT_NOBODY.3: clarify what setting to 0 means
2379
2380  ... and mention that HTTP with other methods than HEAD might get a body and
2381  there's no option available to stop that.
2382
2383  Closes #5729
2384
2385- setopt: unset NOBODY switches to GET if still HEAD
2386
2387  Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented
2388  action but before 7.71.0 that used to switch back to GET and with this
2389  change (assuming the method is still set to HEAD) this behavior is
2390  brought back.
2391
2392  Reported-by: causal-agent on github
2393  Fixes #5725
2394  Closes #5728
2395
2396- [Ehren Bendler brought this change]
2397
2398  configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
2399
2400  Also choose a different wolfSSL function to test for NTLM support.
2401
2402  Fixes #5605
2403  Closes #5682
2404
2405- configure: show zstd "no" in summary when built without it
2406
2407  Reported-by: Marc Hörsken
2408  Fixes #5720
2409  Closes #5730
2410
2411- quiche: handle calling disconnect twice
2412
2413  Reported-by: lilongyan-huawei on github
2414  Fixes #5726
2415  Closes #5727
2416
2417- [Nicolas Sterchele brought this change]
2418
2419  getinfo: reset retry-after value in initinfo
2420
2421  - Avoid re-using retry_after value from preceding request
2422  - Add libtest 3010 to verify
2423
2424  Reported-by: joey-l-us on github
2425  Fixes #5661
2426  Closes #5672
2427
2428Marcel Raad (27 Jul 2020)
2429- WIN32: stop forcing narrow-character API
2430
2431  Except where the results are only used for character output.
2432  getenv is not touched because it's part of the public API, and having
2433  it return UTF-8 instead of ANSI would be a breaking change.
2434
2435  Fixes https://github.com/curl/curl/issues/5658
2436  Fixes https://github.com/curl/curl/issues/5712
2437  Closes https://github.com/curl/curl/pull/5718
2438
2439Jay Satiro (27 Jul 2020)
2440- [Tobias Stoeckmann brought this change]
2441
2442  mprintf: Fix stack overflows
2443
2444  Stack overflows can occur with precisions for integers and floats.
2445
2446  Proof of concepts:
2447  - curl_mprintf("%d, %.*1$d", 500, 1);
2448  - curl_mprintf("%d, %+0500.*1$f", 500, 1);
2449
2450  Ideally, compile with -fsanitize=address which makes this undefined
2451  behavior a bit more defined for debug purposes.
2452
2453  The format strings are valid. The overflows occur due to invalid
2454  arguments. If these arguments are variables with contents controlled
2455  by an attacker, the function's stack can be corrupted.
2456
2457  Also see CVE-2016-9586 which partially fixed the float aspect.
2458
2459  Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2460
2461  Closes https://github.com/curl/curl/pull/5722
2462
2463- [Tobias Stoeckmann brought this change]
2464
2465  mprintf: Fix dollar string handling
2466
2467  Verify that specified parameters are in range. If parameters are too
2468  large, fail early on and avoid out of boundary accesses.
2469
2470  Also do not read behind boundaries of illegal format strings.
2471
2472  These are defensive measures since it is expected that format strings
2473  are well-formed. Format strings should not be modifiable by user
2474  input due to possible generic format string attacks.
2475
2476  Closes https://github.com/curl/curl/pull/5722
2477
2478Daniel Stenberg (26 Jul 2020)
2479- ntlm: free target_info before (re-)malloc
2480
2481  OSS-Fuzz found a way this could get called again with the pointer still
2482  pointing to a malloc'ed memory, leading to a leak.
2483
2484  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
2485
2486  Closes #5724
2487
2488Marcel Raad (26 Jul 2020)
2489- CI/macos: set minimum macOS version
2490
2491  This enables some deprecation warnings.
2492  Previously, autotools defaulted to 10.8.
2493
2494  Closes https://github.com/curl/curl/pull/5723
2495
2496Daniel Stenberg (26 Jul 2020)
2497- RELEASE-NOTES: synced
2498
2499Marcel Raad (25 Jul 2020)
2500- CI/macos: enable warnings as errors for CMake builds
2501
2502  Closes https://github.com/curl/curl/pull/5716
2503
2504- CMake: fix test for warning suppressions
2505
2506  GCC doesn't warn for unknown `-Wno-` options, except if there are other
2507  warnings or errors [0]. This was problematic with `CURL_WERROR` as that
2508  warning-as-error cannot be suppressed. Notably, this always happened
2509  with `-Wno-pedantic-ms-format` when not targeting Windows. So test for
2510  the positive form of the warning instead, which should always result in
2511  a diagnostic if unknown.
2512
2513  [0] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
2514
2515  Closes https://github.com/curl/curl/pull/5714
2516
2517Jay Satiro (23 Jul 2020)
2518- curl.h: update CURLINFO_LASTONE
2519
2520  CURLINFO_LASTONE should have been updated when
2521  CURLINFO_EFFECTIVE_METHOD was added.
2522
2523  Reported-by: xwxbug@users.noreply.github.com
2524
2525  Fixes https://github.com/curl/curl/issues/5711
2526
2527Marc Hoersken (22 Jul 2020)
2528- CI/azure: unconditionally enable warnings-as-errors with autotools
2529
2530  Reviewed-by: Marcel Raad
2531
2532  Follow up to #5694
2533  Closes #5706
2534
2535Marcel Raad (21 Jul 2020)
2536- doh: remove redundant cast
2537
2538  Closes https://github.com/curl/curl/pull/5704
2539
2540- CI/macos: unconditionally enable warnings-as-errors with autotools
2541
2542  Previously, warnings were only visible in the output for most jobs.
2543
2544  Closes https://github.com/curl/curl/pull/5694
2545
2546- util: silence conversion warnings
2547
2548  timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
2549  be a 64-bit integer. This is the case when building for recent macOS
2550  versions, for example. Just treat tv_usec as an int, which should
2551  hopefully always be sufficient on systems with
2552  `HAVE_CLOCK_GETTIME_MONOTONIC`.
2553
2554  Closes https://github.com/curl/curl/pull/5695
2555
2556- md(4|5): don't use deprecated macOS functions
2557
2558  They are marked as deprecated for -mmacosx-version-min >= 10.15,
2559  which might result in warnings-as-errors.
2560
2561  Closes https://github.com/curl/curl/pull/5695
2562
2563Daniel Stenberg (18 Jul 2020)
2564- strdup: remove the odd strlen check
2565
2566  It confuses code analyzers with its use of -1 for unsigned value. Also,
2567  a check that's not normally used in strdup() code - and not necessary.
2568
2569  Closes #5697
2570
2571- [Alessandro Ghedini brought this change]
2572
2573  travis: update quiche builds for new boringssl layout
2574
2575  This is required after https://github.com/cloudflare/quiche/pull/593
2576  moved BoringSSL around slightly.
2577
2578  This also means that Go is not needed to build BoringSSL anymore (the
2579  one provided by quiche anyway).
2580
2581  Closes #5691
2582
2583Marcel Raad (17 Jul 2020)
2584- configure: allow disabling warnings
2585
2586  When using `--enable-warnings`, it was not possible to disable warnings
2587  via CFLAGS that got explicitly enabled. Now warnings are not enabled
2588  anymore if they are explicitly disabled (or enabled) in CFLAGS. This
2589  works for at least GCC, clang, and TCC as they have corresponding
2590  `-Wno-` options for every warning.
2591
2592  Closes https://github.com/curl/curl/pull/5689
2593
2594Daniel Stenberg (16 Jul 2020)
2595- ngtcp2: adjust to recent sockaddr updates
2596
2597  Closes #5690
2598
2599- page-header: provide protocol details in the curl.1 man page
2600
2601  Add protocol and version specific information about all protocols curl
2602  supports.
2603
2604  Fixes #5679
2605  Reported-by: tbugfinder on github
2606  Closes #5686
2607
2608Daniel Gustafsson (16 Jul 2020)
2609- docs: Update a few leftover mentions of DarwinSSL
2610
2611  Commit 76a9c3c4be10b3d4d379d5b23ca76806bbae536a renamed DarwinSSL to the
2612  more correct/common name Secure Transport, but a few mentions in the docs
2613  remained.
2614
2615  Closes #5688
2616  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2617
2618Daniel Stenberg (16 Jul 2020)
2619- file2memory: use a define instead of -1 unsigned value
2620
2621  ... to use the maximum value for 'size_t' when detecting integer overflow.
2622  Changed the limit to max/4 as already that seems unreasonably large.
2623
2624  Codacy didn't like the previous approach.
2625
2626  Closes #5683
2627
2628- CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
2629
2630  ... by adding support for a new dedicated return code.
2631
2632  Suggested-by: Jonathan Cardoso
2633  Assisted-by: Erik Johansson
2634  URL: https://curl.haxx.se/mail/lib-2020-06/0099.html
2635  Closes #5636
2636
2637- [Baruch Siach brought this change]
2638
2639  nss: fix build with disabled proxy support
2640
2641  Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
2642  defined.
2643
2644  Closes #5667
2645
2646- test1139: make it display the difference on test failures
2647
2648- test1119: verify stdout in the test
2649
2650  So that failures will be displayed in the terminal, as it makes test failures
2651  visually displayed easier and faster.
2652
2653  Closes #5644
2654
2655- curl: add %{method} to the -w variables
2656
2657  Gets the CURLINFO_EFFECTIVE_METHOD from libcurl.
2658
2659  Added test 1197 to verify.
2660
2661- CURLINFO_EFFECTIVE_METHOD: added
2662
2663  Provide the HTTP method that was used on the latest request, which might
2664  be relevant for users when there was one or more redirects involved.
2665
2666  Closes #5511
2667
2668Viktor Szakats (14 Jul 2020)
2669- windows: add unicode to feature list
2670
2671  Reviewed-by: Marcel Raad
2672  Reviewed-by: Marc Hörsken
2673
2674  Closes #5491
2675
2676Daniel Stenberg (14 Jul 2020)
2677- multi: remove two checks always true
2678
2679  Detected by Codacy
2680  Closes #5676
2681
2682Marc Hoersken (13 Jul 2020)
2683- workflows: limit what branches to run CodeQL on
2684
2685  Align CodeQL action with existing CI actions:
2686  - Update branch filter to avoid duplicate CI runs.
2687  - Shorten workflow name due to informative job name.
2688
2689  Reviewed-by: Daniel Stenberg
2690
2691  Closes #5660
2692
2693- appveyor: collect libcurl.dll variants with prefix or suffix
2694
2695  On some platforms libcurl is build with a platform-specific
2696  prefix and/or a version number suffix.
2697
2698  Assisted-by: Jay Satiro
2699
2700  Closes #5659
2701
2702Daniel Stenberg (12 Jul 2020)
2703- [ihsinme brought this change]
2704
2705  socks: use size_t for size variable
2706
2707  Use the unsigned type (size_t) in the arithmetic of pointers. In this
2708  context, the signed type (ssize_t) is used unnecessarily.
2709
2710  Authored-by: ihsinme on github
2711  Closes #5654
2712
2713- RELEASE-NOTES: synced
2714
2715  ... and bumped to 7.72.0 as the next release version number
2716
2717- [Gilles Vollant brought this change]
2718
2719  content_encoding: add zstd decoding support
2720
2721  include zstd curl patch for Makefile.m32 from vszakats
2722  and include Add CMake support for zstd from Peter Wu
2723
2724  Helped-by: Viktor Szakats
2725  Helped-by: Peter Wu
2726  Closes #5453
2727
2728- asyn.h: remove the Curl_resolver_getsock define
2729
2730   - not used
2731   - used the wrong number of arguments
2732   - confused the Codeacy code analyzer
2733
2734  Closes #5647
2735
2736- [Nicolas Sterchele brought this change]
2737
2738  configure.ac: Sort features name in summary
2739
2740  - Same as protocols
2741
2742  Closes #5656
2743
2744- [Matthias Naegler brought this change]
2745
2746  cmake: fix windows xp build
2747
2748  Reviewed-by: Marcel Raad
2749  Closes #5662
2750
2751- ngtcp2: update to modified qlog callback prototype
2752
2753  Closes #5675
2754
2755- transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
2756
2757  Added test case 674 to reproduce and verify the bug report.
2758
2759  Fixes #5665
2760  Reported-by: NobodyXu on github
2761  Closes #5673
2762
2763- [Baruch Siach brought this change]
2764
2765  bearssl: fix build with disabled proxy support
2766
2767  Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
2768  defined.
2769
2770  Reviewed-by: Nicolas Sterchele
2771  Closes #5666
2772
2773- RELEASE-NOTES: synced
2774
2775Jay Satiro (11 Jul 2020)
2776- [Carlo Marcelo Arenas Belón brought this change]
2777
2778  cirrus-ci: upgrade 11-STABLE to 11.4
2779
2780  Meant to be the last of the 11 series and so make sure that all
2781  other references reflect all 11 versions so they can be retired
2782  together later.
2783
2784  Closes https://github.com/curl/curl/pull/5668
2785
2786- [Filip Salomonsson brought this change]
2787
2788  CURLINFO_CERTINFO.3: fix typo
2789
2790  Closes https://github.com/curl/curl/pull/5655
2791
2792Daniel Stenberg (4 Jul 2020)
2793- http2: only do the *done() cleanups for HTTP
2794
2795  Follow-up to ef86daf4d3
2796
2797  Closes #5650
2798  Fixes #5646
2799
2800- [Alex Kiernan brought this change]
2801
2802  gnutls: repair the build with `CURL_DISABLE_PROXY`
2803
2804  `http_proxy`/`proxy_ssl`/`tunnel_proxy` will not be available in `conn`
2805  if `CURL_DISABLE_PROXY` is enabled.  Repair the build with that
2806  configuration.
2807
2808  Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2809  Closes #5645
2810
2811Alex Kiernan (3 Jul 2020)
2812- gnutls: Fetch backend when using proxy
2813
2814  Fixes: 89865c149 ("gnutls: remove the BACKEND define kludge")
2815  Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2816
2817Daniel Stenberg (3 Jul 2020)
2818- [Laramie Leavitt brought this change]
2819
2820  http2: close the http2 connection when no more requests may be sent
2821
2822  Well-behaving HTTP2 servers send two GOAWAY messages. The first
2823  message is a warning that indicates that the server is going to
2824  stop accepting streams. The second one actually closes the stream.
2825
2826  nghttp2 reports this state (and the other state of no more stream
2827  identifiers) via the call nghttp2_session_check_request_allowed().
2828  In this state the client should not create more streams on the
2829  session (tcp connection), and in curl this means that the server
2830  has requested that the connection is closed.
2831
2832  It would be also be possible to put the connclose() call into the
2833  on_http2_frame_recv() function that triggers on the GOAWAY message.
2834
2835  This fixes a bug seen when the client sees the following sequence of
2836  frames:
2837
2838  // advisory GOAWAY
2839  HTTP2 GOAWAY [stream-id = 0, promised-stream-id = -1]
2840  ... some additional frames
2841
2842  // final GOAWAY
2843  HTTP2 GOAWAY [stream-id = 0, promised-stream-id = N ]
2844
2845  Before this change, curl will attempt to reuse the connection even
2846  after the last stream, will encounter this error:
2847
2848  * Found bundle for host localhost: 0x5595f0a694e0 [can multiplex]
2849  * Re-using existing connection! (#0) with host localhost
2850  * Connected to localhost (::1) port 10443 (#0)
2851  * Using Stream ID: 9 (easy handle 0x5595f0a72e30)
2852  > GET /index.html?5 HTTP/2
2853  > Host: localhost:10443
2854  > user-agent: curl/7.68.0
2855  > accept: */*
2856  >
2857  * stopped the pause stream!
2858  * Connection #0 to host localhost left intact
2859  curl: (16) Error in the HTTP2 framing layer
2860
2861  This error may posion the connection cache, causing future requests
2862  which resolve to the same curl connection to go through the same error
2863  path.
2864
2865  Closes #5643
2866
2867- ftpserver: don't verify SMTP MAIL FROM names
2868
2869  Rely on tests asking the names to get refused instead - test servers
2870  should be as dumb as possible. Edited test 914, 955 and 959 accordingly.
2871
2872  Closes #5639
2873
2874- curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
2875
2876  This came up in #5640. It make sense to clarify this in the docs!
2877
2878  Reminded-by: Kamil Dudka
2879  Closes #5642
2880
2881Kamil Dudka (3 Jul 2020)
2882- tool_getparam: make --krb option work again
2883
2884  It was disabled by mistake in commit curl-7_37_1-23-ge38ba4301.
2885
2886  Bug: https://bugzilla.redhat.com/1833193
2887  Closes #5640
2888
2889Daniel Stenberg (2 Jul 2020)
2890- [Jeremy Maitin-Shepard brought this change]
2891
2892  http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
2893
2894  Confusingly, nghttp2 has two different error code enums:
2895
2896  - nghttp2_error, to be used with nghttp2_strerror
2897  - nghttp2_error_code, to be used with nghttp2_http2_strerror
2898
2899  Closes #5641
2900
2901Marcel Raad (2 Jul 2020)
2902- url: silence MSVC warning
2903
2904  Since commit f3d501dc678, if proxy support is disabled, MSVC warns:
2905  url.c : warning C4701: potentially uninitialized local variable
2906  'hostaddr' used
2907  url.c : error C4703: potentially uninitialized local pointer variable
2908  'hostaddr' used
2909
2910  That could actually only happen if both `conn->bits.proxy` and
2911  `CURL_DISABLE_PROXY` were enabled.
2912  Initialize it to NULL to silence the warning.
2913
2914  Closes https://github.com/curl/curl/pull/5638
2915
2916Daniel Stenberg (1 Jul 2020)
2917- RELEASE-NOTES: synced
2918
2919Version 7.71.1 (30 Jun 2020)
2920
2921Daniel Stenberg (30 Jun 2020)
2922- RELEASE-NOTES: curl 7.71.1
2923
2924- THANKS: add contributors to 7.71.1
2925
2926- scripts/copyright.pl: skip .dcignore
2927
2928- Revert "multi: implement wait using winsock events"
2929
2930  This reverts commit 8bc25c590e530de87595d1bb3577f699eb1309b9.
2931
2932  That commit (from #5397) introduced a regression in 7.71.0.
2933
2934  Reported-by: tmkk on github
2935  Fixes #5631
2936  Closes #5632
2937
2938- TODO: Add flag to specify download directory
2939
2940- TODO: return code to CURLMOPT_PUSHFUNCTION to fail connection
2941
2942- cirrus-ci: disable FreeBSD 13 (again)
2943
2944  It has been failing for a good while again. This time we better leave it
2945  disabled until we have more reason to believe it behaves.
2946
2947  Closes #5628
2948
2949- ngtcp2: sync with current master
2950
2951  ngtcp2 added two new callbacks
2952
2953  Reported-by: Lucien Zürcher
2954  Fixes #5624
2955  Closes #5627
2956
2957- examples/multithread.c: call curl_global_cleanup()
2958
2959  Reported-by: qiandu2006 on github
2960  Fixes #5622
2961  Closes #5623
2962
2963- vtls: compare cert blob when finding a connection to reuse
2964
2965  Reported-by: Gergely Nagy
2966  Fixes #5617
2967  Closes #5619
2968
2969- RELEASE-NOTES: synced
2970
2971- terminology: call them null-terminated strings
2972
2973  Updated terminology in docs, comments and phrases to refer to C strings
2974  as "null-terminated". Done to unify with how most other C oriented docs
2975  refer of them and what users in general seem to prefer (based on a
2976  single highly unscientific poll on twitter).
2977
2978  Reported-by: coinhubs on github
2979  Fixes #5598
2980  Closes #5608
2981
2982- http: fix proxy auth with blank password
2983
2984  Regression in 7.71.0
2985
2986  Added test case 346 to verify.
2987
2988  Reported-by: Kristoffer Gleditsch
2989  Fixes #5613
2990  Closes #5616
2991
2992- .dcignore: ignore tests and docs directories
2993
2994  This is a config file for deepcode.ai, a static code analyzer.
2995
2996Jay Satiro (26 Jun 2020)
2997- tool_cb_hdr: Fix etag warning output and return code
2998
2999  - Return 'failure' on failure, to follow the existing style.
3000
3001  - Put Warning: and the warning message on the same line.
3002
3003  Ref: https://github.com/curl/curl/issues/5610
3004
3005  Closes https://github.com/curl/curl/pull/5612
3006
3007Daniel Stenberg (26 Jun 2020)
3008- CURLOPT_READFUNCTION.3: provide the upload data size up front
3009
3010  Assisted-by: Jay Satiro
3011  Closes #5607
3012
3013- test1539: do a HTTP 1.0 POST without a set size (fails)
3014
3015  Attempt to reproduce #5593. Test case 1514 is very similar but uses
3016  HTTP/1.1 and thus switches to chunked.
3017
3018  Closes #5595
3019
3020- [Baruch Siach brought this change]
3021
3022  mbedtls: fix build with disabled proxy support
3023
3024  Don't reference fields that do not exist. Fixes build failure:
3025
3026  vtls/mbedtls.c: In function 'mbed_connect_step1':
3027  vtls/mbedtls.c:249:54: error: 'struct connectdata' has no member named 'http_proxy'
3028
3029  Closes #5615
3030
3031- codeql-analysis.yml: fix the 'languages' setting
3032
3033  It needs a 'with:' in front of it.
3034
3035GitHub (26 Jun 2020)
3036- [Daniel Stenberg brought this change]
3037
3038  gtihub: codeql-analysis.yml
3039
3040  enables code security scanning with github actions
3041
3042Daniel Stenberg (25 Jun 2020)
3043- tests: verify newline in username and password for HTTP
3044
3045  test 1296 is a simply command line test
3046
3047  test 1910 is a libcurl test including a redirect
3048
3049- url: allow user + password to contain "control codes" for HTTP(S)
3050
3051  Reported-by: Jon Johnson Jr
3052  Fixes #5582
3053  Closes #5592
3054
3055- escape: make the URL decode able to reject only %00 bytes
3056
3057  ... or all "control codes" or nothing.
3058
3059  Assisted-by: Nicolas Sterchele
3060
3061- http2: set the correct URL in pushed transfers
3062
3063  ...previously CURLINFO_EFFECTIVE_URL would report the URL of the
3064  original "mother transfer", not the actually pushed resource.
3065
3066  Reported-by: Jonathan Cardoso Machado
3067  Fixes #5589
3068  Closes #5591
3069
3070Jay Satiro (25 Jun 2020)
3071- [Javier Blazquez brought this change]
3072
3073  openssl: Fix compilation on Windows when ngtcp2 is enabled
3074
3075  - Include wincrypt before OpenSSL includes so that the latter can
3076    properly handle any conflicts between the two.
3077
3078  Closes https://github.com/curl/curl/pull/5606
3079
3080Daniel Stenberg (25 Jun 2020)
3081- test543: extended to verify zero length input
3082
3083  As was reported in #5601
3084
3085- escape: zero length input should return a zero length output
3086
3087  Regression added in 7.71.0.
3088
3089  Fixes #5601
3090  Reported-by: Kristoffer Gleditsch
3091  Closes #5602
3092
3093- Curl_inet_ntop: always check the return code
3094
3095  Reported-by: Siva Sivaraman
3096  Fixes #5412
3097  Closes #5597
3098
3099- sendf: improve the message on client write errors
3100
3101  Replace "Failed writing body (X != Y)" with
3102  "Failure writing output to destination". Possibly slightly less cryptic.
3103
3104  Reported-by: coinhubs on github
3105  Fixes #5594
3106  Closes #5596
3107
3108- RELEASE-NOTES: synced
3109
3110- curlver: start working on 7.71.1
3111
3112- [Denis Baručić brought this change]
3113
3114  DYNBUF.md: fix a typo: trail => tail
3115
3116  Closes #5599
3117
3118Version 7.71.0 (23 Jun 2020)
3119
3120Daniel Stenberg (23 Jun 2020)
3121- RELEASE-NOTES: curl 7.71.0 release
3122
3123- THANKS: curl 7.71.0 additions
3124
3125- url: make sure pushed streams get an allocated download buffer
3126
3127  Follow-up to c4e6968127e876b0
3128
3129  When a new transfer is created, as a resuly of an acknowledged push,
3130  that transfer needs a download buffer allocated.
3131
3132  Closes #5590
3133
3134Jay Satiro (22 Jun 2020)
3135- openssl: Don't ignore CA paths when using Windows CA store
3136
3137  This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
3138  not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
3139  locations. Instead the CA store can now be used at the same time.
3140
3141  The change is due to the impending release. The issue is still being
3142  discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
3143  is now documented as experimental.
3144
3145  Ref: bc052cc (parent commit)
3146  Ref: https://github.com/curl/curl/issues/5585
3147
3148- tool_operate: Don't use Windows CA store as a fallback
3149
3150  Background:
3151
3152  148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
3153  store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
3154  CURLOPT_CAINFO if both are set. The curl tool will fall back to
3155  CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
3156  via CURLOPT_CAINFO.
3157
3158  Problem:
3159
3160  libcurl may be built with hardcoded paths to a certificate bundle or
3161  directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
3162  ignored.
3163
3164  Solution:
3165
3166  A solution is still being discussed but since there's an impending
3167  release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.
3168
3169  Ref: https://github.com/curl/curl/issues/5585
3170
3171- openssl: Fix CA fallback logic for OpenSSL 3.0 build
3172
3173  Prior to this change I assume a build error would occur when
3174  CURL_CA_FALLBACK was used.
3175
3176  Closes https://github.com/curl/curl/pull/5587
3177
3178Daniel Stenberg (22 Jun 2020)
3179- copyright: update mismatched copyright years
3180
3181- test1460: verify that -Ji is not ok
3182
3183- tool_getparam: -i is not OK if -J is used
3184
3185  Reported-by: sn on hackerone
3186  Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
3187
3188- [Peter Wu brought this change]
3189
3190  CMake: ignore INTERFACE_LIBRARY targets for pkg-config file
3191
3192  Reviewed-by: Marcel Raad
3193  Fixes #5512
3194  Closes #5517
3195
3196- [Valentyn Korniienko brought this change]
3197
3198  multibyte: Fixed access-> waccess to file for Windows Plarform
3199
3200  Reviewed-by: Marcel Raad
3201  Closes #5580
3202
3203- altsvc: bump to h3-29
3204
3205  Closes #5584
3206
3207- urlglob: treat literal IPv6 addresses with zone IDs as a host name
3208
3209  ... and not as a "glob". Now done by passing the supposed host to the
3210  URL parser which supposedly will do a better job at identifying "real"
3211  numerical IPv6 addresses.
3212
3213  Reported-by: puckipedia on github
3214  Fixes #5576
3215  Closes #5579
3216
3217- test1179: verify error message for non-existing cmdline option
3218
3219- tool_getparam: repair the error message for unknown flag
3220
3221  Follow-up to 9e5669f3880674
3222  Detected by Coverity CID 1464582 ("Logically dead code")
3223
3224  Closes #5577
3225
3226- FILEFORMAT: describe verify/stderr
3227
3228- connect: improve happy eyeballs handling
3229
3230  For QUIC but also for regular TCP when the second family runs out of IPs
3231  with a failure while the first family is still trying to connect.
3232
3233  Separated the timeout handling for IPv4 and IPv6 connections when they
3234  both have a number of addresses to iterate over.
3235
3236- ngtcp2: never call fprintf() in lib code in release version
3237
3238- ngtcp2: fix happy eyeballs quic connect crash
3239
3240  Reported-by: Peter Wu
3241  Fixes #5565
3242  Closes #5568
3243
3244- select: remove the unused ELAPSED_MS() macro
3245
3246  Closes #5573
3247
3248Marc Hoersken (17 Jun 2020)
3249- [rcombs brought this change]
3250
3251  multi: implement wait using winsock events
3252
3253  This avoids using a pair of TCP ports to provide wakeup functionality
3254  for every multi instance on Windows, where socketpair() is emulated
3255  using a TCP socket on loopback which could in turn lead to socket
3256  resource exhaustion.
3257
3258  Reviewed-by: Gergely Nagy
3259  Reviewed-by: Marc Hörsken
3260
3261  Closes #5397
3262
3263Daniel Stenberg (17 Jun 2020)
3264- manpage: add three missing environment variables
3265
3266  CURL_SSL_BACKEND, QLOGDIR and SSLKEYLOGFILE
3267
3268  Closes #5571
3269
3270- RELEASE-NOTES: synced
3271
3272- configure: for wolfSSL, check for the DES func needed for NTLM
3273
3274  Also adds pkg-config support for the wolfSSL detection.
3275
3276- [Ruurd Beerstra brought this change]
3277
3278  ntlm: enable NTLM support with wolfSSL
3279
3280  When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
3281  functions that OpenSSL has. This change take advantage of that.
3282
3283  Co-authored-by: Daniel Stenberg
3284  Closes #5556
3285  Fixes #5548
3286
3287- http: move header storage to Curl_easy from connectdata
3288
3289  Since the connection can be used by many independent requests (using
3290  HTTP/2 or HTTP/3), things like user-agent and other transfer-specific
3291  data MUST NOT be kept connection oriented as it could lead to requests
3292  getting the wrong string for their requests. This struct data was
3293  lingering like this due to old HTTP1 legacy thinking where it didn't
3294  mattered..
3295
3296  Fixes #5566
3297  Closes #5567
3298
3299- CODE_REVIEW.md: how to do code reviews in curl
3300
3301  Assisted-by: Daniel Gustafsson
3302  Assisted-by: Rich Salz
3303  Assisted-by: Hugo van Kemenade
3304  Assisted-by: James Fuller
3305  Assisted-by: Marc Hörsken
3306  Assisted-by: Jay Satiro
3307
3308  Closes #5555
3309
3310- altsvc: remove the num field from the altsvc struct
3311
3312  It was superfluous since we have the list.size alredy
3313
3314  Reported-by: Jay Satiro
3315  Fixes #5553
3316  Closes #5563
3317
3318- version.d: expanded and alpha-sorted
3319
3320  Added a few missing features not previously mentioned. Ordered them
3321  alphabetically.
3322
3323  Closes #5558
3324
3325- ABI.md: rename to .md and polish the markdown
3326
3327  Closes #5562
3328
3329- HELP-US: add a section for "smaller tasks"
3330
3331  The point of this section is to meet the CII Best Practices gold level
3332  critera:
3333
3334   "The project MUST clearly identify small tasks that can be performed by
3335    new or casual contributors"
3336
3337  Closes #5560
3338
3339- TODO: retry on the redirected-to URL
3340
3341  Closes #5462
3342
3343- mailmap: Nicolas Sterchele
3344
3345- [Nicolas Sterchele brought this change]
3346
3347  TODO: remove 19.3 section title
3348
3349  Follow-up to ad6416986755e417c66e2c6, which caused wrong formatting on
3350  curl documentation website
3351
3352  Closes #5561
3353
3354- [Martin V brought this change]
3355
3356  test1560: avoid possibly negative association in wording
3357
3358  Closes #5549
3359
3360- share: don't set the share flag it something fails
3361
3362  When asking for a specific feature to be shared in the share object,
3363  that bit was previously set unconditionally even if the shared feature
3364  failed or otherwise wouldn't work.
3365
3366  Closes #5554
3367
3368- buildconf: remove -print from the find command that removes files
3369
3370  It's just too annoying and unnecessary to get a long list of files shown
3371
3372- RELEASE-NOTES: synced
3373
3374- wording: avoid blacklist/whitelist stereotypes
3375
3376  Instead of discussing if there's value or meaning (implied or not) in
3377  the colors, let's use words without the same possibly negative
3378  associations.
3379
3380  Closes #5546
3381
3382Jay Satiro (9 Jun 2020)
3383- tool_getparam: fix memory leak in parse_args
3384
3385  Prior to this change in Windows Unicode builds most parsed options would
3386  not be freed.
3387
3388  Found using _CrtDumpMemoryLeaks().
3389
3390  Ref: https://github.com/curl/curl/issues/5545
3391
3392Daniel Stenberg (8 Jun 2020)
3393- socks: detect connection close during handshake
3394
3395  The SOCKS4/5 state machines weren't properly terminated when the proxy
3396  connection got closed, leading to a busy-loop.
3397
3398  Reported-By: zloi-user on github
3399  Fixes #5532
3400  Closes #5542
3401
3402- [James Fuller brought this change]
3403
3404  multi: add defensive check on data->multi->num_alive
3405
3406  Closes #5540
3407
3408- Curl_addrinfo: use one malloc instead of three
3409
3410  To reduce the amount of allocations needed for creating a Curl_addrinfo
3411  struct, make a single larger malloc instead of three separate smaller
3412  ones.
3413
3414  Closes #5533
3415
3416- [Alessandro Ghedini brought this change]
3417
3418  quiche: update SSLKEYLOGFILE support
3419
3420  quiche now requires the application to explicitly set the keylog path
3421  for each connection, rather than reading the environment variable
3422  itself.
3423
3424  Closes #5541
3425
3426- tests: add two simple tests for --login-options
3427
3428  Test 895 and 896 - as a follow-up to a3e972313b
3429
3430  Closes #5539
3431
3432- ngtcp2: update with recent API changes
3433
3434  Syncs with ngtcp2 commit 7e9a917d386d98 merged June 7 2020.
3435
3436  Assisted-by: Tatsuhiro Tsujikawa
3437  Closes #5538
3438
3439- [James Fuller brought this change]
3440
3441  socks: remove unreachable breaks in socks.c and mime.c
3442
3443  Closes #5537
3444
3445- tool_cfgable: free login_options at exit
3446
3447  Memory leak
3448  Reported-by: Geeknik Labs
3449  Fixes #5535
3450  Closes #5536
3451
3452- libssh2: keep sftp errors as 'unsigned long'
3453
3454  Remove weird work-around for storing the SFTP errors as int instead of
3455  the "unsigned long" that libssh2 actually returns for SFTP errors.
3456
3457  Closes #5534
3458
3459Marc Hoersken (6 Jun 2020)
3460- timeouts: move ms timeouts to timediff_t from int and long
3461
3462  Now that all functions in select.[ch] take timediff_t instead
3463  of the limited int or long, we can remove type conversions
3464  and related preprocessor checks to silence compiler warnings.
3465
3466  Avoiding conversions from time_t was already done in 842f73de.
3467
3468  Based upon #5262
3469  Supersedes #5214, #5220 and #5221
3470  Follow up to #5343 and #5479
3471  Closes #5490
3472
3473Daniel Stenberg (6 Jun 2020)
3474- [François Rigault brought this change]
3475
3476  openssl: set FLAG_TRUSTED_FIRST unconditionally
3477
3478  On some systems, openssl 1.0.x is still the default, but it has been
3479  patched to contain all the recent security fixes. As a result of this
3480  patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be
3481  defined, while the previous behavior of openssl to not look at trusted
3482  chains first, remains.
3483
3484  Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to
3485  probe for the behavior of openssl based on the existence ofmacros.
3486
3487  Closes #5530
3488
3489- server/util: fix logmsg format using curl_off_t argument
3490
3491  ... this caused segfaults on armv7.
3492
3493  Regression added in dd0365d560aea5a (7.70.0)
3494
3495  Reviewed-by: Jay Satiro
3496  Closes #5529
3497
3498- RELEASE-NOTES: synced
3499
3500- [Cherish98 brought this change]
3501
3502  socks: fix expected length of SOCKS5 reply
3503
3504  Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the
3505  reply ATYP is X'01'. This resulted in erroneously expecting more bytes
3506  when the request length is greater than the reply length (e.g., when
3507  remotely resolving the hostname).
3508
3509  Closes #5527
3510
3511Marc Hoersken (5 Jun 2020)
3512- .gitignore: add directory containing the stats repo
3513
3514  Since the new curl/stats repository is designed to be
3515  checked out into the curl repository working tree as stats/
3516  it should be on the ignore list to aid in commit staging.
3517
3518Daniel Stenberg (5 Jun 2020)
3519- [Adnan Khan brought this change]
3520
3521  HTTP3.md: clarify cargo build directory
3522
3523  Cargo needs to be called from within the 'quiche' directory.
3524
3525  Closes #5522
3526
3527- user-agent.d: spell out what happens given a blank argument
3528
3529  Closes #5525
3530
3531- trailers: switch h1-trailer logic to use dynbuf
3532
3533  In the continued effort to remove "manual" realloc schemes.
3534
3535  Closes #5524
3536
3537- CURLINFO_ACTIVESOCKET.3: clarify the description
3538
3539  Reported-by: Jay Satiro
3540  Fixes #5299
3541  Closes #5520
3542
3543- mailmap: Don J Olmstead
3544
3545- configure: only strip first -L from LDFLAGS
3546
3547  In the logic that works out if a given OpenSSL path works, it stripped
3548  off a possibly leading -L flag using an incorrect sed pattern which
3549  would remove all instances of -L in the string, including if the path
3550  itself contained that two-letter sequence!
3551
3552  The same pattern was used and is now updated in multiple places. Now it
3553  only removes -L if it starts the strings.
3554
3555  Reported-by: Mohamed Osama
3556  Fixes #5519
3557  Closes #5521
3558
3559Peter Wu (4 Jun 2020)
3560- quiche: advertise draft 28 support
3561
3562  Fix the verbose message while at it, quiche currently supports draft
3563  27 and draft 28 simultaneously.
3564
3565  Closes #5518
3566
3567Daniel Stenberg (4 Jun 2020)
3568- KNOWN_BUGS: RTSP authentication breaks without redirect support
3569
3570  Closes #4750
3571
3572Jay Satiro (4 Jun 2020)
3573- projects: Add crypt32.lib to dependencies for all OpenSSL configs
3574
3575  Windows project configurations that use OpenSSL with USE_WIN32_CRYPTO
3576  need crypt32.
3577
3578  Follow-up to 148534d which added CURLSSLOPT_NATIVE_CA for 7.71.0.
3579
3580  The changes that are in this commit were made by script.
3581
3582  Ref: https://gist.github.com/jay/a1861b50ecce2b32931237180f856e28
3583
3584  Closes https://github.com/curl/curl/pull/5516
3585
3586Marc Hoersken (3 Jun 2020)
3587- CI/macos: fix 'is already installed' errors by using bundle
3588
3589  Avoid failing CI builds due to nghttp2 being already installed.
3590
3591  Closes #5513
3592
3593Daniel Stenberg (3 Jun 2020)
3594- altsvc: fix 'dsthost' may be used uninitialized in this function
3595
3596- RELEASE-NOTES: synced
3597
3598- urldata: let the HTTP method be in the set.* struct
3599
3600  When the method is updated inside libcurl we must still not change the
3601  method as set by the user as then repeated transfers with that same
3602  handle might not execute the same operation anymore!
3603
3604  This fixes the libcurl part of #5462
3605
3606  Test 1633 added to verify.
3607
3608  Closes #5499
3609
3610- hostip: fix the memory-leak introduced in 67d2802
3611
3612  Fixes #5503
3613  Closes #5504
3614
3615- test970: make it require proxy support
3616
3617  This test verifies the -w %json output and the test case includes a full
3618  generated "blob". If there's no proxy support built into libcurl, it
3619  will return an error for proxy related info variables and they will not
3620  be included in the json, thus causing a mismatch and this test fails.
3621
3622  Reported-by: Marc Hörsken
3623  Fixes #5501
3624  Closes #5502
3625
3626- [Radoslav Georgiev brought this change]
3627
3628  examples/http2-down/upload: add error checks
3629
3630  If `index.html` does not exist in the directory from which the example
3631  is invoked, the fopen(upload, "rb") invocation in `setup` would fail,
3632  returning NULL.  This value is subsequently passed as the FILE* argument
3633  of the `fread` invocation in the `read_callback` function, which is the
3634  actual cause of the crash (apparently `fread` assumes that argument to
3635  be non-null).
3636
3637  In addition, mitigate some possible crashes of similar origin.
3638
3639  Closes #5463
3640
3641- [kotoriのねこ brought this change]
3642
3643  examples/ephiperfifo: turn off interval when setting timerfd
3644
3645  Reported-by: therealhirudo on github
3646  Fixes #5485
3647  Closes #5497
3648
3649- [Saleem Abdulrasool brought this change]
3650
3651  vtls: repair the build with `CURL_DISABLE_PROXY`
3652
3653  `http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY`
3654  is enabled.  Repair the build with that configuration.
3655
3656  Follow-up to f3d501dc67
3657
3658  Closes #5498
3659
3660- transfer: remove k->str NULL check
3661
3662  "Null-checking k->str suggests that it may be null, but it has already
3663  been dereferenced on all paths leading to the check" - and it can't
3664  legally be NULL at this point. Remove check.
3665
3666  Detected by Coverity CID 1463884
3667
3668  Closes #5495
3669
3670Marc Hoersken (1 Jun 2020)
3671- select: always use Sleep in Curl_wait_ms on Win32
3672
3673  Since Win32 almost always will also have USE_WINSOCK,
3674  we can reduce complexity and always use Sleep there.
3675
3676  Assisted-by: Jay Satiro
3677  Reviewed-by: Daniel Stenberg
3678
3679  Follow up to #5343
3680  Closes #5489
3681
3682Daniel Stenberg (31 May 2020)
3683- conncache: download buffer needs +1 size for trailing zero
3684
3685  Follow-up to c4e6968127e
3686  Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
3687
3688Marc Hoersken (31 May 2020)
3689- azure: use matrix strategy to avoid configuration redundancy
3690
3691  This also includes the following changes:
3692
3693  - Use the same timeout for all jobs on Linux (60 minutes)
3694    and Windows (90 minutes)
3695  - Use CLI stable apt-get install -y instead of apt install
3696    which warns about that and run apt-get update first
3697  - Enable MQTT for Windows msys2 builds instead of
3698    legacy msys1 builds
3699  - Add ./configure --prefix parameter to the msys2 builds
3700  - The MSYSTEM environment variable is now preset inside
3701    the container images for the msys2 builds
3702
3703  Note: on Azure Pipelines the matrix strategy is basically
3704  just a simple list of job copies and not really a matrix.
3705
3706  Closes #5468
3707
3708Daniel Stenberg (30 May 2020)
3709- build: disable more code/data when built without proxy support
3710
3711  Added build to travis to verify
3712
3713  Closes #5466
3714
3715- url: alloc the download buffer at transfer start
3716
3717  ... and free it as soon as the transfer is done. It removes the extra
3718  alloc when a new size is set with setopt() and reduces memory for unused
3719  easy handles.
3720
3721  In addition: the closure_handle now doesn't use an allocated buffer at
3722  all but the smallest supported size as a stack based one.
3723
3724  Closes #5472
3725
3726- timeouts: change millisecond timeouts to timediff_t from time_t
3727
3728  For millisecond timers we like timediff_t better. Also, time_t can be
3729  unsigned so returning a negative value doesn't work then.
3730
3731  Closes #5479
3732
3733Marc Hoersken (30 May 2020)
3734- select: add overflow checks for timeval conversions
3735
3736  Using time_t and suseconds_t if suseconds_t is available,
3737  long on Windows (maybe others in the future) and int elsewhere.
3738
3739  Also handle case of ULONG_MAX being greater or equal to INFINITE.
3740
3741  Assisted-by: Jay Satiro
3742  Reviewed-by: Daniel Stenberg
3743
3744  Part of #5343
3745
3746- select: use timediff_t instead of time_t and int for timeout_ms
3747
3748  Make all functions in select.[ch] take timeout_ms as timediff_t
3749  which should always be large enough and signed on all platforms
3750  to take all possible timeout values and avoid type conversions.
3751
3752  Reviewed-by: Jay Satiro
3753  Reviewed-by: Daniel Stenberg
3754
3755  Replaces #5107 and partially #5262
3756  Related to #5240 and #5286
3757  Closes #5343
3758
3759- unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
3760
3761  GCC 10 warns about this with warning: implicit conversion
3762    from 'SANITIZEcode' to 'CURLcode' [-Wenum-conversion]
3763
3764  Since 'expected_result' is not really of type 'CURLcode' and
3765  it is not exposed in any way, we can just use 'SANITIZEcode'.
3766
3767  Reviewed-by: Daniel Stenberg
3768  Reviewed-by: Marcel Raad
3769
3770  Closes #5476
3771
3772- tests/libtest: fix undefined reference to 'curlx_win32_fopen'
3773
3774  Since curl_setup.h now makes use of curlx_win32_fopen for Win32
3775  builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
3776  we need to include the relevant files for tests using fopen,
3777  because the libtest sources are also including curl_setup.h
3778
3779  Reviewed-by: Marcel Raad
3780  Reviewed-by: Daniel Stenberg
3781
3782  Follow up to #3784 (ffdddb45d9)
3783  Closes #5475
3784
3785- appveyor: add non-debug plain autotools-based build
3786
3787  This should enable us to catch linking issues with the
3788  testsuite early, like the one described/fixed in #5475.
3789
3790  Reviewed-by: Daniel Stenberg
3791  Reviewed-by: Marcel Raad
3792
3793  Closes #5477
3794
3795Daniel Stenberg (29 May 2020)
3796- RELEASE-NOTES: synced
3797
3798- Revert "buildconf: use find -execdir"
3799
3800  This partially reverts commit c712009838f44211958854de431315586995bc61.
3801
3802  Keep the ares_ files removed but bring back the older way to run find,
3803  to make it work with busybox's find, as apparently that's being used.
3804
3805  Reported-by: Max Peal
3806  Fixes #5483
3807  Closes #5484
3808
3809- server/sws: fix asan warning on use of uninitialized variable
3810
3811- libssh2: improved error output for wrong quote syntax
3812
3813  Reported-by: Werner Stolz
3814
3815  Closes #5474
3816
3817- mk-lib1521: generate code for testing BLOB options as well
3818
3819  Follow-up to cac5374298b3
3820
3821  Closes #5478
3822
3823- configure: repair the check if argv can be written to
3824
3825  Due to bad escaping of the test code, the test wouldn't build and thus
3826  result in a negative test result, which would lead to the unconditional
3827  assumption that overwriting the arguments doesn't work and thus curl
3828  would never hide credentials given in the command line, even when it
3829  would otherwise be possible.
3830
3831  Regression from commit 2d4c2152c (7.60.0)
3832
3833  Reported-by: huzunhao on github
3834  Fixes #5470
3835  Closes #5471
3836
3837Peter Wu (28 May 2020)
3838- CMake: rebuild Makefile.inc.cmake when Makefile.inc changes
3839
3840  Otherwise the build might fail due to missing source files, as
3841  demonstrated by the recent keylog.c addition on an existing build dir.
3842
3843  Closes #5469
3844
3845Daniel Stenberg (28 May 2020)
3846- urldata: fix comments: Curl_done() is called multi_done() now
3847
3848  ... since 575e885db
3849
3850Peter Wu (27 May 2020)
3851- ngtcp2: use common key log routine for better thread-safety
3852
3853  Tested with ngtcp2 built against the OpenSSL library. Additionally
3854  tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC).
3855
3856  The TLS backend (independent of QUIC) may or may not already have opened
3857  the keylog file before. Therefore Curl_tls_keylog_open is always called
3858  to ensure the file is open.
3859
3860- wolfssl: add SSLKEYLOGFILE support
3861
3862  Tested following the same curl and tshark commands as in commit
3863  "vtls: Extract and simplify key log file handling from OpenSSL" using
3864  WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with
3865  `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`.
3866
3867  Full support for this feature requires certain wolfSSL build options,
3868  see "Availability note" in lib/vtls/wolfssl.c for details.
3869
3870  Closes #5327
3871
3872- vtls: Extract and simplify key log file handling from OpenSSL
3873
3874  Create a set of routines for TLS key log file handling to enable reuse
3875  with other TLS backends. Simplify the OpenSSL backend as follows:
3876
3877   - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
3878   - Do not perform dynamic memory allocation when preparing a log entry.
3879     Unless the TLS specifications change we can suffice with a reasonable
3880     fixed-size buffer.
3881   - Simplify state tracking when SSL_CTX_set_keylog_callback is
3882     unavailable. My original sslkeylog.c code included this tracking in
3883     order to handle multiple calls to SSL_connect and detect new keys
3884     after renegotiation (via SSL_read/SSL_write). For curl however we can
3885     be sure that a single master secret eventually becomes available
3886     after SSL_connect, so a simple flag is sufficient. An alternative to
3887     the flag is examining SSL_state(), but this seems more complex and is
3888     not pursued. Capturing keys after server renegotiation was already
3889     unsupported in curl and remains unsupported.
3890
3891  Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
3892  (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
3893  against an OpenSSL 1.1.1f server configured with:
3894
3895      # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
3896      openssl s_server -www -tls1
3897      # Likewise, but fail the server handshake.
3898      openssl s_server -www -tls1 -Verify 2
3899      # TLS 1.3 test. No need to test the failing server handshake.
3900      openssl s_server -www -tls1_3
3901
3902  Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
3903  written using Wireshark. For the first and third case, expect four
3904  matches per connection (decrypted Server Finished, Client Finished, HTTP
3905  Request, HTTP Response). For the second case where the handshake fails,
3906  expect a decrypted Server Finished only.
3907
3908      tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
3909          -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
3910          -dtls.port==4433,http -ohttp.desegment_body:FALSE \
3911          -Y 'tls.handshake.verify_data or http'
3912
3913  A single connection can easily be identified via the `tcp.stream` field.
3914
3915Daniel Stenberg (27 May 2020)
3916- FILEFORMAT: add more features that tests can depend on
3917
3918- [Michael Kaufmann brought this change]
3919
3920  transfer: close connection after excess data has been read
3921
3922  For HTTP 1.x, it's a protocol error when the server sends more bytes
3923  than announced. If this happens, don't reuse the connection, because the
3924  start position of the next response is undefined.
3925
3926  Closes #5440
3927
3928- [Estanislau Augé-Pujadas brought this change]
3929
3930  Revert "ssh: ignore timeouts during disconnect"
3931
3932  This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in
3933  curl 7.54.1.
3934
3935  Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html
3936  Closes #5465
3937
3938- urldata: connect related booleans live in struct ConnectBits
3939
3940  And remove a few unused booleans!
3941
3942  Closes #5461
3943
3944- hostip: on macOS avoid DoH when given a numerical IP address
3945
3946  When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that
3947  numerical IP addresses still need to get "resolved" - but not with DoH.
3948
3949  Reported-by: Viktor Szakats
3950  Fixes #5454
3951  Closes #5459
3952
3953- ngtcp2: cleanup memory when failing to connect
3954
3955  Reported-by: Peter Wu
3956  Fixes #5447 (the ngtcp2 side of it)
3957  Closes #5451
3958
3959- quiche: clean up memory properly when failing to connect
3960
3961  Addresses the quiche side of #5447
3962  Reported-by: Peter Wu
3963  Closes #5450
3964
3965- cleanup: use a single space after equals sign in assignments
3966
3967- url: accept "any length" credentials for proxy auth
3968
3969  They're only limited to the maximum string input restrictions, not to
3970  256 bytes.
3971
3972  Added test 1178 to verify
3973
3974  Reported-by: Will Roberts
3975  Fixes #5448
3976  Closes #5449
3977
3978- [Maksim Stsepanenka brought this change]
3979
3980  test1167: fixes in badsymbols.pl
3981
3982  Closes #5442
3983
3984- altsvc: fix parser for lines ending with CRLF
3985
3986  Fixed the alt-svc parser to treat a newline as end of line.
3987
3988  The unit tests in test 1654 were done without CRLF and thus didn't quite
3989  match the real world. Now they use CRLF as well.
3990
3991  Reported-by: Peter Wu
3992  Assisted-by: Peter Wu
3993  Assisted-by: Jay Satiro
3994  Fixes #5445
3995  Closes #5446
3996
3997Viktor Szakats (25 May 2020)
3998- all: fix codespell errors
3999
4000  Reviewed-by: Jay Satiro
4001  Reviewed-by: Daniel Stenberg
4002  Closes https://github.com/curl/curl/pull/5452
4003
4004Peter Wu (25 May 2020)
4005- ngtcp2: fix build with current ngtcp2 master implementing draft 28
4006
4007  Based on client.cc changes from ngtcp2. Tested with current git master,
4008  ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380.
4009
4010  Fixes #5444
4011  Closes #5443
4012
4013Daniel Stenberg (25 May 2020)
4014- RELEASE-NOTES: synced
4015
4016  moved the new setopts up to a "change"
4017
4018- RELEASE-NOTES: synced
4019
4020- copyright: updated year ranges out of sync
4021
4022  ... and whitelisted a few more files in the the copyright.pl script.
4023
4024- [Gilles Vollant brought this change]
4025
4026  setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
4027
4028  Closes #5431
4029
4030- curl: remove -J "informational" written on stdout
4031
4032  curl would previously show "curl: Saved to filename 'name from header'"
4033  if -J was used and a name was picked from the Content-Disposition
4034  header. That output could interfer with other stdout output, such as -w.
4035
4036  This commit removes that output line.
4037  Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html
4038  Reported-by: Коваленко Анатолий Викторович
4039  Closes #5435
4040
4041Peter Wu (22 May 2020)
4042- travis: simplify quiche build instructions wrt boringssl
4043
4044  quiche builds boringssl as static library, reuse that instead of
4045  building another shared library.
4046
4047  Closes #5438
4048
4049- configure: fix pthread check with static boringssl
4050
4051  A shared boringssl/OpenSSL library requires -lcrypto only for linking.
4052  A static build additionally requires `-ldl -lpthread`. In the latter
4053  case `-lpthread` is added to LIBS which prevented `-pthread` from being
4054  added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
4055
4056Daniel Stenberg (22 May 2020)
4057- Revert "sendf: make failf() use the mvsnprintf() return code"
4058
4059  This reverts commit 74623551f306990e70c7c5515b88972005604a74.
4060
4061  Instead mark the function call with (void). Getting the return code and
4062  using it instead triggered Coverity warning CID 1463596 because
4063  snprintf() can return a negative value...
4064
4065  Closes #5441
4066
4067- typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
4068
4069  Reported-by: Billyzou0741326 on github
4070  Fixes #5432
4071  Closes #5436
4072
4073- tests/server/util.h: add extern to silence compiler warning
4074
4075  Follow-up from a3b0699d5c1
4076
4077- typecheck-gcc.h: fix the OFF_T check
4078
4079  The option number also needs to be less than CURLOPTTYPE_BLOB.
4080
4081  Follow-up to cac5374298
4082  Reported-by: Jeroen Ooms
4083  Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114
4084
4085- TODO: --dry-run
4086
4087  Closes #5426
4088
4089- TODO: Ratelimit or wait between serial requests
4090
4091  Closes #5406
4092
4093- tool_paramhlp: fixup C89 mistake
4094
4095  Follow-up to c5f0a9db22.
4096
4097- [Siva Sivaraman brought this change]
4098
4099  tool_paramhlp: fixed potentially uninitialized strtol() variable
4100
4101  Seems highly unlikely to actually be possible, but better safe than
4102  sorry.
4103
4104  Closes #5417
4105
4106- [Siva Sivaraman brought this change]
4107
4108  tool_operate: fixed potentially uninitialized variables
4109
4110  ... in curl_easy_getinfo() calls. They're harmless but clearing the
4111  variables makes the code safer and comforts the reader.
4112
4113  Closes #5416
4114
4115- sha256: move assign to the declaration line
4116
4117  Follow-up to fae30656. Should've been squashed with that commit...
4118
4119- [Siva Sivaraman brought this change]
4120
4121  sha256: fixed potentially uninitialized variable
4122
4123  Closes #5414
4124
4125- sendf: make failf() use the mvsnprintf() return code
4126
4127  ... and avoid a strlen() call. Fixes a MonocleAI warning.
4128
4129  Reported-by: MonocleAI
4130  Fixes #5413
4131  Closes #5420
4132
4133- hostip: make Curl_printable_address not return anything
4134
4135  It was not used much anyway and instead we let it store a blank buffer
4136  in case of failure.
4137
4138  Reported-by: MonocleAI
4139  Fixes #5411
4140  Closes #5418
4141
4142- ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
4143
4144  They're done on purpose, make that visible in the code.
4145  Reported-by: MonocleAI
4146  Fixes #5412
4147  Closes #549
4148
4149- TODO: forbid TLS post-handshake auth and do TLS record padding
4150
4151  Closes #5396
4152  Closes #5398
4153
4154- RELEASE-NOTES: synced
4155
4156- dynbuf: return NULL when there's no buffer length
4157
4158  ... as returning a "" is not a good idea as the string is supposed to be
4159  allocated and returning a const string will cause issues.
4160
4161  Reported-by: Brian Carpenter
4162  Follow-up to ed35d6590e72c
4163  Closes #5405
4164
4165Peter Wu (16 May 2020)
4166- travis: upgrade to bionic, clang-9, improve readability
4167
4168  Changes, partially to reduce build failures from external dependencies:
4169   - Upgrade Ubuntu and drop unnecessary third-party repos.
4170   - Properly clone apt config to ensure retries.
4171   - Upgrade to clang-9 from the standard repos.
4172   - Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey
4173     fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use
4174     focal everywhere yet since Travis CI has not documented this option.
4175     In focal, python-impacket (Py2.7) has been removed, leaving only
4176     python3-impacket. Since it is only needed for SMB tests and not SSH,
4177     skip it for the libssh job since it might need more work.
4178   - apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8.
4179
4180  Non-functional cleanups:
4181   - Simplify test matrix, drop redundant os and compiler keys.
4182   - Deprecation fixes: remove sudo, rename matrix -> jobs.
4183   - Every job has an 'env' key, put this key first in a list item.
4184
4185  Closes #5370
4186
4187- travis: whitespace-only changes for consistency
4188
4189  Automatically apply a consistent indentation with:
4190
4191      python3 -c 'from ruamel.yaml import YAML;y=YAML();d=y.load(open(".travis.yml"));y.width=500;y.dump(d,open(".travis.yml.new","w"))'
4192
4193  followed by manually re-indenting three comments.
4194
4195  Closes #5370
4196
4197- CMake: add libssh build support
4198
4199  Closes #5372
4200
4201Daniel Stenberg (15 May 2020)
4202- KNOWN_BUGS: wolfssh: publickey auth doesn't work
4203
4204  Closes #4820
4205
4206- KNOWN_BUGS: OS400 port requires deprecated IBM library
4207
4208  Closes #5176
4209
4210- [Vyron Tsingaras brought this change]
4211
4212  http2: keep trying to send pending frames after req.upload_done
4213
4214  Fixes #1410
4215  Closes #5401
4216
4217- [Gilles Vollant brought this change]
4218
4219  setopt: support certificate options in memory with struct curl_blob
4220
4221  This change introduces a generic way to provide binary data in setopt
4222  options, called BLOBs.
4223
4224  This change introduces these new setopts:
4225
4226  CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
4227  CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.
4228
4229  Reviewed-by: Daniel Stenberg
4230  Closes #5357
4231
4232- source cleanup: remove all custom typedef structs
4233
4234   - Stick to a single unified way to use structs
4235   - Make checksrc complain on 'typedef struct {'
4236   - Allow them in tests, public headers and examples
4237
4238   - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
4239     typedef different types/structs depending on build conditions.
4240
4241  Closes #5338
4242
4243- travis: remove the .checksrc fiddling
4244
4245- ftp: make domore_getsock() return the secondary socket properly
4246
4247  Previously, after PASV and immediately after the data connection has
4248  connected, the function would only return the control socket to wait for
4249  which then made the data connection simply timeout and not get polled
4250  correctly. This become obvious when running test 1631 and 1632 event-
4251  based.
4252
4253- test1632: verify FTP through HTTPS-proxy with connection re-use
4254
4255- test1631: verify FTP download through HTTPS-proxy
4256
4257- sws: as last resort, get test number from server cmd file
4258
4259  If it can't be found in the request. Also support --cmdfile to set it to
4260  a custom file name.
4261
4262  runtests.pl always writes this file with the test number in it since a
4263  while back.
4264
4265- ftp: shut down the secondary connection properly when SSL is used
4266
4267  Reported-by: Neal Poole
4268  Fixes #5340
4269  Closes #5385
4270
4271Marcel Raad (14 May 2020)
4272- KNOWN_BUGS: adapt 5.5 to recent changes
4273
4274  It only applies to non-Unicode builds now.
4275  Also merge 5.10 into it as it's effectively a duplicate.
4276
4277  Closes https://github.com/curl/curl/pull/3784
4278
4279- curl_setup: support Unicode functions to open files on Windows
4280
4281  Use them only if `_UNICODE` is defined, in which case command-line
4282  arguments have been converted to UTF-8.
4283
4284  Closes https://github.com/curl/curl/pull/3784
4285
4286- tool: support UTF-16 command line on Windows
4287
4288  - use `wmain` instead of `main` when `_UNICODE` is defined [0]
4289  - define `argv_item_t` as `wchar_t *` in this case
4290  - use the curl_multibyte gear to convert the command-line arguments to
4291    UTF-8
4292
4293  This makes it possible to pass parameters with characters outside of
4294  the current locale on Windows, which is required for some tests, e.g.
4295  the IDN tests. Out of the box, this currently only works with the
4296  Visual Studio project files, which default to Unicode, and winbuild
4297  with the `ENABLE_UNICODE` option.
4298
4299  [0] https://devblogs.microsoft.com/oldnewthing/?p=40643
4300
4301  Ref: https://github.com/curl/curl/issues/3747
4302  Closes https://github.com/curl/curl/pull/3784
4303
4304- curl_multibyte: add to curlx
4305
4306  This will also be needed in the tool and tests.
4307
4308  Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512
4309  Closes https://github.com/curl/curl/pull/3784
4310
4311Daniel Stenberg (14 May 2020)
4312- url: make the updated credentials URL-encoded in the URL
4313
4314  Found-by: Gregory Jefferis
4315  Reported-by: Jeroen Ooms
4316  Added test 1168 to verify. Bug spotted when doing a redirect.
4317  Bug: https://github.com/jeroen/curl/issues/224
4318  Closes #5400
4319
4320- tests: add https-proxy support to the test suite
4321
4322  Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like
4323  HTTP proxy but with a full TLS connection to the proxy.
4324
4325  Closes #5399
4326
4327- mailmap: James Fuller
4328
4329- [Major_Tom brought this change]
4330
4331  vauth/cleartext: fix theoretical integer overflow
4332
4333  Fix theoretical integer overflow in Curl_auth_create_plain_message.
4334
4335  The security impact of the overflow was discussed on hackerone. We
4336  agreed this is more of a theoretical vulnerability, as the integer
4337  overflow would only be triggerable on systems using 32-bits size_t with
4338  over 4GB of available memory space for the process.
4339
4340  Closes #5391
4341
4342Jay Satiro (13 May 2020)
4343- curl.1: Quote globbed URLs
4344
4345  - Quote the globbing example URLs that contain characters [] {} since
4346    otherwise they may be interpreted as shell metacharacters.
4347
4348  Bug: https://github.com/curl/curl/issues/5388
4349  Reported-by: John Simpson
4350
4351  Closes https://github.com/curl/curl/pull/5394
4352
4353Daniel Stenberg (14 May 2020)
4354- checksrc: enhance the ASTERISKSPACE and update code accordingly
4355
4356  Fine: "struct hello *world"
4357
4358  Not fine: "struct hello* world" (and variations)
4359
4360  Closes #5386
4361
4362- docs/options-in-versions: which version added each cmdline option
4363
4364  Added test 971 to verify that the list is in sync with the files in
4365  cmdline-opts. The check also verifies that .d-files that uses Added:
4366  specify the same version number as the options-in-versions file does.
4367
4368  Closes #5381
4369
4370- docs: unify protocol lists
4371
4372  We boast support for 25 transfer protocols. Make sure the lists are
4373  consistent
4374
4375  Closes #5384
4376
4377- OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
4378
4379  ... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.
4380
4381  Reported-by: Michael Kaufmann
4382  Fixes #5374
4383  Closes #5376
4384
4385- tls13-ciphers.d: shorten the Arg
4386
4387- sasl-authzid.d: add Arg: and shorten the desc
4388
4389- cert-type.d: mention the available types in the desc
4390
4391- tool: shorten 3 --help descriptions
4392
4393  --happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort
4394
4395  gen.pl already warned about these lines but we didn't listen
4396
4397  Closes #5379
4398
4399- configure: the wolfssh backend does not provide SCP
4400
4401  Closes #5387
4402
4403- RELEASE-NOTES: synced
4404
4405- url: reject too long input when parsing credentials
4406
4407  Since input passed to libcurl with CURLOPT_USERPWD and
4408  CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
4409  in Curl_setstropt(), the input length limit is enforced in
4410  Curl_parse_login_details too, separately.
4411
4412  Reported-by: Thomas Bouzerar
4413  Closes #5383
4414
4415- list-only.d: this option existed already in 4.0
4416
4417Jay Satiro (12 May 2020)
4418- retry-all-errors.d: Shorten the summary line
4419
4420  Follow-up to b995bb5 from a few moments ago.
4421
4422  Reported-by: Daniel Stenberg
4423
4424  Ref: https://github.com/curl/curl/commit/b995bb5#r39108929
4425
4426- [denzor brought this change]
4427
4428  easy: fix dangling pointer on easy_perform fail
4429
4430  Closes https://github.com/curl/curl/pull/5363
4431
4432- tool: Add option --retry-all-errors to retry on any error
4433
4434  The "sledgehammer" of retrying.
4435
4436  Closes https://github.com/curl/curl/pull/5185
4437
4438Daniel Stenberg (12 May 2020)
4439- [James Le Cuirot brought this change]
4440
4441  libcurl.pc: Merge Libs.private into Libs for static-only builds
4442
4443  A project being built entirely statically will call pkg-config with
4444  --static, which utilises the Libs.private field. Conversely it will
4445  not use --static when not being built entirely statically, even if
4446  there is only a static build of libcurl available. This will most
4447  likely cause the build to fail due to underlinking unless we merge the
4448  Libs fields.
4449
4450  Consider that this is what the Meson build system does when it
4451  generates pkg-config files.
4452
4453  I have also reflected this in the --libs argument of curl-config even
4454  though REQUIRE_LIB_DEPS always seems to be "yes" anyway.
4455
4456  Closes #5373
4457
4458- [Peter Wu brought this change]
4459
4460  CMake: fix runtests.pl with CMake, add new test targets
4461
4462    * runtests.pl:
4463      - Fix out-of-tree build under CMake when srcdir is not set. Default
4464        srcdir to the location of runtests.pl.
4465      - Add a hack to allow CMake to use the TFLAGS option as documented
4466        in tests/README and used in scripts/travis/script.sh.
4467    * Bump CMake version to 3.2 for USES_TERMINAL, dropping Debian Jessie
4468      support (no one should care, it is already EOL.).
4469    * Remove CTest since it defines its own 'test' target with no tests
4470      since all unittests are already broken and not built by default.
4471    * Add new test targets based on the options from Makefile.am. Since
4472      new test targets are rarely added, I opted for duplicating the
4473      runtests.pl options as opposed to creating a new Makefile.inc file.
4474      Use top-level target names (test-x) instead of x-test since that is
4475      used by CI and others.
4476
4477  Closes #5358
4478
4479- [Peter Wu brought this change]
4480
4481  CMake: do not build test programs by default
4482
4483  The default target should only build libcurl and curl. Add a dedicated
4484  'testdeps' target which will be used later when running tests. Note that
4485  unittests are currently broken in CMake and already excluded.
4486
4487  Closes #5368
4488
4489- FILEFORMAT: moved up the variables section and further polished
4490
4491- runtests: remove ftp2 support, not used
4492
4493  We once supported two separate ftp instances in the test suite. Has not
4494  been used the last decade.
4495
4496  Closes #5375
4497
4498- url: sort the protocol schemes in rough popularity order
4499
4500  When looking for a protocol match among supported schemes, check the
4501  most "popular" schemes first. It has zero functionality difference and
4502  for all practical purposes a speed difference will not be measureable
4503  but it still think it makes sense to put the least likely matches last.
4504
4505  "Popularity" based on the 2019 user survey.
4506
4507  Closes #5377
4508
4509Marc Hoersken (11 May 2020)
4510- test1238: avoid tftpd being busy for tests shortly following
4511
4512  The tftpd server may still be busy if the total timeout of
4513  25 seconds has not been reached or no sread error was received
4514  during or after the execution of the timeout test 1238.
4515
4516  Once the next TFTP test comes around (eg. 1242 or 1243),
4517  those will fail because the tftpd server is still waiting
4518  on data from curl due to the UDP protocol being stateless
4519  and having no connection close. On Linux this error may not
4520  happen, because ICMP errors generated due to a swrite error
4521  can also be returned async on the next sread call instead.
4522
4523  Therefore we will now just kill the tftpd server after test
4524  1238 to make sure that the following tests are not affected.
4525
4526  This enables us to no longer ignore tests 1242, 1243, 2002
4527  and 2003 on the CI platforms CirrusCI and AppVeyor.
4528
4529  Assisted-by: Peter Wu
4530  Closes #5364
4531
4532Daniel Stenberg (11 May 2020)
4533- write-out.d: added "response_code"
4534
4535- KNOWN_BUGS: Build with staticly built dependency
4536
4537  I rewrote the item 5.4 to be more generic about static dependencies.
4538
4539- ROADMAP: remove old entries
4540
4541  MQTT - the start has already landed
4542
4543  tiny-curl - also mostly landed and is a continuous work
4544
4545  make menuconfig - basically no interest from users, not pushing there
4546
4547- [Peter Wu brought this change]
4548
4549  travis: Add ngtcp2 and quiche tests for CMake
4550
4551  To avoid an explosion of jobs, extend the existing CMake tests with
4552  ngtcp2 and quiche support. macOS was previously moved to GitHub actions,
4553  so the non-Linux case can be dropped.
4554
4555- [Peter Wu brought this change]
4556
4557  CMake: add ENABLE_ALT_SVC option
4558
4559  Tested alt-svc with quiche. While at it, add missing MultiSSL reporting
4560  (not tested).
4561
4562- [Peter Wu brought this change]
4563
4564  CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
4565
4566  Add three new CMake Find modules (using the curl license, but I grant
4567  others the right to apply the CMake BSD license instead).
4568
4569  This CMake config is simpler than the autotools one because it assumes
4570  ngtcp2 and nghttp3 to be used together. Another difference is that this
4571  CMake config checks whether QUIC is actually supported by the TLS
4572  library (patched OpenSSL or boringssl) since this can be a common
4573  configuration mistake that could result in build errors later.
4574
4575  Unlike autotools, CMake does not warn you that the features are
4576  experimental. The user is supposed to already know that and read the
4577  documentation. It requires a very special build environment anyway.
4578
4579  Tested with ngtcp2+OpenSSL+nghttp3 and quiche+boringssl, both built from
4580  current git master. Use `LD_DEBUG=files src/curl |& grep need` to figure
4581  out which features (libldap-2.4, libssh2) to disable due to conflicts
4582  with boringssl.
4583
4584  Closes #5359
4585
4586Marc Hoersken (10 May 2020)
4587- tests/server/tftpd.c: fix include and enhance debug logging
4588
4589  setjmp.h should only be included if HAVE_SETJMP_H is defined.
4590
4591  Add additional log statements to see wether reads and writes
4592  are blocking or finishing before an alarm signal is received.
4593
4594  Assisted-by: Peter Wu
4595  Part of #5364
4596
4597Daniel Stenberg (10 May 2020)
4598- tool_operate: only set CURLOPT_SSL_OPTIONS if SSL support is present
4599
4600  Reported-by: Marcel Raad
4601  Follow-up to 148534db5
4602  Fixes #5367
4603  Closes #5369
4604
4605Marc Hoersken (9 May 2020)
4606- appveyor: update comments to be clear about toolchain
4607
4608  - CMake-based MSYS builds use mingw-w64 to cross-compile.
4609  - autotools-based builds are compiled using msys2-devel.
4610
4611  The difference is that the later ones are not cross-compiled
4612  to Windows and instead require the msys2 runtime to be present.
4613
4614  At the moment only the Azure Pipelines CI builds actually
4615  run autotools-based cross-compilation builds for Windows.
4616
4617- TODO: update regarding missing Schannel features
4618
4619  Some aspects have already been implemented over the years.
4620
4621  15.1 Client certificates are now supported:
4622
4623  - System stores via e35b0256eb34f1fe562e3e2a2615beb50a391c52
4624  - PKCS#12 files via 0fdf96512613574591f501d63fe49495ba40e1d5
4625
4626  15.2 Ciphers can now be specified through:
4627
4628  - Algorithms via 9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28
4629
4630  Reviewed-by: Daniel Stenberg and Marcel Raad
4631  Closes #5358
4632
4633Daniel Stenberg (8 May 2020)
4634- checksrc: close the .checksrc file handle when done reading
4635
4636- RELEASE-NOTES: synced
4637
4638  And bumped next version to 7.71.0
4639
4640- [Gilles Vollant brought this change]
4641
4642  CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
4643
4644  Closes #4346
4645
4646- TODO: native IDN support on macOS
4647
4648- urlapi: accept :: as a valid IPv6 address
4649
4650  Text 1560 is extended to verify.
4651
4652  Reported-by: Pavel Volgarev
4653  Fixes #5344
4654  Closes #5351
4655
4656- THANKS-filter: Peter Wang
4657
4658- [Peter Wang brought this change]
4659
4660  *_sspi: fix bad uses of CURLE_NOT_BUILT_IN
4661
4662  Return CURLE_AUTH_ERROR instead of CURLE_NOT_BUILT_IN for other
4663  instances of QuerySecurityPackageInfo failing, as in
4664  commit 2a81439553286f12cd04a4bdcdf66d8e026d8201.
4665
4666  Closes #5355
4667
4668- docs/HTTP3: add qlog to the quiche build instruction
4669
4670- ngtcp2: introduce qlog support
4671
4672  If the QLOGDIR environment variable is set, enable qlogging.
4673
4674  ... and create Curl_qlogdir() in the new generic vquic/vquic.c file for
4675  QUIC functions that are backend independent.
4676
4677  Closes #5353
4678
4679- ntlm_sspi: fix bad use of CURLE_NOT_BUILT_IN
4680
4681  That return code is reserved for build-time conditional code not being
4682  present while this was a regular run-time error from a Windows API.
4683
4684  Reported-by: wangp on github
4685  Fixes #5349
4686  Closes #5350
4687
4688- runtests: show elapsed test time with higher precision (ms)
4689
4690- RELEASE-NOTES: synced
4691
4692- http2: simplify and clean up trailer handling
4693
4694  Triggered by a crash detected by OSS-Fuzz after the dynbuf introduction in
4695  ed35d6590e72. This should make the trailer handling more straight forward and
4696  hopefully less error-prone.
4697
4698  Deliver the trailer header to the callback already at receive-time. No
4699  longer caches the trailers to get delivered at end of stream.
4700
4701  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030
4702  Closes #5348
4703
4704Marc Hoersken (7 May 2020)
4705- appveyor: disable test 1139 instead of ignoring it
4706
4707  Spending time on manpage checking makes no sense
4708  for these builds due to lacking manpage support.
4709
4710- appveyor: disable flaky test 1501 and ignore broken 1056
4711
4712  Test 1501 is flaky on Windows CI due to being time sensitive
4713  and the testsuite relying on taskkill.exe to check for the
4714  existance of processes which can take to much time itself.
4715
4716  Test 1056 is broken in autotools-based Windows builds due
4717  to scope ID support missing in these builds at the moment.
4718
4719- test613.pl: make tests 613 and 614 work with OpenSSH for Windows
4720
4721  OpenSSH for Windows shows group and other/world permissions as *,
4722  because those concepts do not exist on Windows. It also does not
4723  show the current or parent directory, so we just ignore those.
4724
4725  Reviewed-by: Daniel Stenberg
4726  Closes #5328
4727
4728Daniel Stenberg (6 May 2020)
4729- runtests: set +x mode again
4730
4731- libssh2: convert over to use dynbuf
4732
4733  In my very basic test that lists sftp://127.0.0.1/tmp/, this patched
4734  code makes 161 allocations compared to 194 in git master. A 17%
4735  reduction.
4736
4737  Closes #5336
4738
4739- travis: add "qlog" as feature in the quiche build
4740
4741- quiche: enable qlog output
4742
4743  quiche has the potential to log qlog files. To enable this, you must
4744  build quiche with the qlog feature enabled `cargo build --features
4745  qlog`. curl then passes a file descriptor to quiche, which takes
4746  ownership of the file. The FD transfer only works on UNIX.
4747
4748  The convention is to enable logging when the QLOGDIR environment is
4749  set. This should be a path to a folder where files are written with the
4750  naming template <SCID>.qlog.
4751
4752  Co-authored-by: Lucas Pardue
4753  Replaces #5337
4754  Closes #5341
4755
4756- urldata.h: remove #define HEADERSIZE, not used anymore
4757
4758  Follow-up to ed35d6590e72c
4759
4760- ngtcp2: convert to dynbuf
4761
4762  Closes #5335
4763
4764- connect: make happy eyeballs work for QUIC (again)
4765
4766  Follow-up from dbd16c3e256c6c (regression in 7.70.0)
4767
4768  Closes #5334
4769
4770- connect: add two asserts to clue code analyzers in a little
4771
4772- http_proxy: ported to use dynbuf instead of a static size buffer
4773
4774  Removes a 16K static buffer from the easy handle. Simplifies the code.
4775
4776- dynbuf: introduce internal generic dynamic buffer functions
4777
4778  A common set of functions instead of many separate implementations for
4779  creating buffers that can grow when appending data to them. Existing
4780  functionality has been ported over.
4781
4782  In my early basic testing, the total number of allocations seem at
4783  roughly the same amount as before, possibly a few less.
4784
4785  See docs/DYNBUF.md for a description of the API.
4786
4787  Closes #5300
4788
4789- runtests: remove sleep calls
4790
4791  Remove many one second sleeps that were done *after* each newly started
4792  test server already has been verified. They should not have any purpose
4793  there.
4794
4795  Closes #5323
4796
4797- asyn-*: remove support for never-used NULL entry pointers
4798
4799  ... and instead convert those to asserts to make sure they are truly
4800  never NULL.
4801
4802  Closes #5324
4803
4804- [Emil Engler brought this change]
4805
4806  doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax
4807
4808  Closes #5325
4809
4810Jay Satiro (2 May 2020)
4811- asyn-thread: fix cppcheck warning
4812
4813  - Check for NULL entry parameter before attempting to deref entry in
4814    Curl_resolver_is_resolved, like is already done in asyn-ares.
4815
4816  This is to silence cppcheck which does not seem to understand that
4817  asyn-ares and asyn-thread have separate Curl_resolver_is_resolved
4818  and those units are mutually exclusive. Prior to this change it warned
4819  of a scenario where asyn-thread's Curl_resolver_is_resolved is called
4820  with a NULL entry from asyn-ares, but that couldn't happen.
4821
4822  Reported-by: rl1987@users.noreply.github.com
4823
4824  Fixes https://github.com/curl/curl/issues/5326
4825
4826- select: fix overflow protection in Curl_socket_check
4827
4828  Follow-up to a96c752 which changed the timeout_ms type from time_t to
4829  timediff_t.
4830
4831  Ref: https://github.com/curl/curl/pull/5240
4832
4833  Closes https://github.com/curl/curl/pull/5286
4834
4835Marc Hoersken (2 May 2020)
4836- sockfilt: make select_ws stop waiting on exit signal event
4837
4838  This makes sure that select_ws behaves similar to real select
4839  which stops waiting on a signal handler being triggered.
4840
4841  This makes it possible to gracefully stop sockfilt.exe on
4842  Windows with taskkill /IM sockfilt.exe (without /F force flag).
4843
4844  Reviewed-by: Jay Satiro
4845  Part of #5260
4846
4847- tests/server/util.[ch]: add exit event to stop waiting on Windows
4848
4849  This commit adds a global exit event to the test servers that
4850  Windows-specific wait routines can use to get triggered if the
4851  program was signaled to be terminated, eg. select_ws in sockfilt.c
4852
4853  The exit event will be managed by the signal handling code and is
4854  set to not reset automatically to support multiple wait routines.
4855
4856  Reviewed-by: Jay Satiro
4857  Closes #5260
4858
4859- tests/server/util.c: fix thread handle not being closed
4860
4861  Reviewed-by: Jay Satiro
4862  Part of #5260
4863
4864- tests/server/util.c: use raise instead of calling signal handler
4865
4866  Use raise to trigger signal handler instead of calling it
4867  directly and causing potential unexpected control flow.
4868
4869  Reviewed-by: Jay Satiro
4870  Part of #5260
4871
4872- tests: add support for SSH server variant specific transfer paths
4873
4874  OpenSSH for Windows requires paths in the format of /C:/
4875  instead of the pseudo-POSIX paths /cygdrive/c/ or just /c/
4876
4877  Reviewed-by: Daniel Stenberg
4878  Closes #5298
4879
4880Daniel Stenberg (2 May 2020)
4881- RELEASE-NOTES: synced
4882
4883- libssh2: set the expected total size in SCP upload init
4884
4885  ... as otherwise the progress callback gets called without that
4886  information, making the progress meter have less info.
4887
4888  Reported-by: Murugan Balraj
4889  Bug: https://curl.haxx.se/mail/archive-2020-05/0000.html
4890  Closes #5317
4891
4892- runtests: make the logmsg from the ssh server only show in verbose
4893
4894- tests: make test 1248 + 1249 use %NOLISTENPORT
4895
4896  ... instead of a port of a non-running server so that it works
4897  stand-alone.
4898
4899  Closes #5318
4900
4901- examples: remove asiohiper.cpp
4902
4903  This example has repeatedly been reported to contain bugs, and as users
4904  copy and paste code from this into production, I now deem it better to
4905  not provide the example at all.
4906
4907  Closes #5090
4908  Closes #5322
4909
4910- [Emil Engler brought this change]
4911
4912  doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3
4913
4914  Closes #5320
4915
4916- [Emil Engler brought this change]
4917
4918  KNOWN_BUGS: Remove "curl --upload-file . hang if delay in STDIN"
4919
4920  It was fixed in 9a2cbf3
4921
4922  Closes #5319
4923
4924- cirrus: disable SFTP and SCP tests
4925
4926  ... as we can't seem to start the sshd server on it. Those problems
4927  existed before d1239b50bececd (running the SSH server on a random port),
4928  but they're more noticable now since there are more failed attempts in
4929  the logs.
4930
4931  Closes #5315
4932
4933- [Emil Engler brought this change]
4934
4935  runtests: fix typo in the existence of disabled tests checker
4936
4937  Closes #5316
4938
4939Dan Fandrich (30 Apr 2020)
4940- test75: Remove precheck test
4941
4942  This has not been needed since commit 9fa42bed and often prevents it
4943  from running at all with dynamic test ports.
4944
4945- tests: Stop referring to server ports when they're not used
4946
4947  Several tests referred to specific server ports even when the test
4948  didn't actually use that server or specify that it's needed. In such
4949  cases, the test harness substitutes the text "[not running]" as the port
4950  number which causes many such tests to fail due to the inability to
4951  parse the URL.  These tests are changed to use %NOLISTENPORT which will
4952  always be substituted correctly.
4953
4954Daniel Stenberg (30 Apr 2020)
4955- [Emil Engler brought this change]
4956
4957  GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
4958
4959  Closes #5287
4960
4961- conncache: various concept cleanups
4962
4963  More connection cache accesses are protected by locks.
4964
4965  CONNCACHE_* is a beter prefix for the connection cache lock macros.
4966
4967  Curl_attach_connnection: now called as soon as there's a connection
4968  struct available and before the connection is added to the connection
4969  cache.
4970
4971  Curl_disconnect: now assumes that the connection is already removed from
4972  the connection cache.
4973
4974  Ref: #4915
4975  Closes #5009
4976
4977- tests: tests: run stunnel for HTTPS and FTPS on dynamic ports
4978
4979  As stunnel is an external tool and it has no specific option to export
4980  the actually used port number when asked to listen to 0, runtests
4981  instead iterates over ten randomly picked high number ports and sticks
4982  to the first one stunnel can listen to.
4983
4984  Closes #5267
4985
4986- tests: pick a random port number for SSH
4987
4988  Since sshd doesn't have such an option by itself, we iterate over a
4989  series of random ports until one works.
4990
4991  Closes #5273
4992
4993- [Rikard Falkeborn brought this change]
4994
4995  libtest/cmake: Remove commented code
4996
4997  These were commented out in e9dd0998706a when Makefile.inc was included
4998  instead. 11 years have passed since then and the commented code is of
4999  course very outdated. Remove it to avoid confusion.
5000
5001  Closes #5311
5002
5003- schannel: source code reindent
5004
5005  White space edits only. Conform better to standard curl source code
5006  indenting style.
5007
5008  Closes #5305
5009
5010Kamil Dudka (29 Apr 2020)
5011- test1177: look for curl.h in source directory
5012
5013  If we use a separate build directory, there is no copy of the header.
5014
5015  Closes #5310
5016
5017- tests: look for preprocessed tests in build directory
5018
5019  ... which is not always the same directory as source directory
5020
5021  Closes #5310
5022
5023Daniel Stenberg (29 Apr 2020)
5024- RELEASE-NOTES: synced
5025
5026  ... and bumped curlver.h to 7.70.1
5027
5028Version 7.70.0 (29 Apr 2020)
5029
5030Daniel Stenberg (29 Apr 2020)
5031- RELEASE-NOTES: 7.70.0
5032
5033- THANKS: synced with the 7.70.0 release
5034
5035- headers: copyright range fix
5036
5037- [Rikard Falkeborn brought this change]
5038
5039  doh: Constify some input pointers
5040
5041  Closes #5306
5042
5043- nss: check for PK11_CreateDigestContext() returning NULL
5044
5045  ... to avoid crashes!
5046
5047  Reported-by: Hao Wu
5048  Fixes #5302
5049  Closes #5303
5050
5051- travis: bump the wolfssl CI build to use 4.4.0
5052
5053  Closes #5301
5054
5055- copyright updates: adjust year ranges
5056
5057Marc Hoersken (26 Apr 2020)
5058- CI: do not include */ci branches in PR builds
5059
5060  Align Azure Pipelines with GitHub Actions.
5061
5062Daniel Stenberg (25 Apr 2020)
5063- runtests: check for the disabled tests relative srcdir
5064
5065  To make it work correctly for out-of-tree builds.
5066
5067  Follow-up to 75e8feb6fb08b
5068
5069  Bug: https://github.com/curl/curl/pull/5288#issuecomment-619346389
5070  Reported-by: Marcel Raad
5071  Closes #5297
5072
5073- runtests: revert commenting out a line I did for debugging
5074
5075  Follow-up to 11091cd4d. It was not meant to be pushed!
5076
5077- smtp: set auth correctly
5078
5079  Regression since 7.69.0 and 68fb25fa3fcff.
5080
5081  The code wrongly assigned 'from' instead of 'auth' which probably was a
5082  copy and paste mistake from other code, leading to that auth could
5083  remain NULL and later cause an error to be returned.
5084
5085  Assisted-by: Eric Sauvageau
5086  Fixes #5294
5087  Closes #5295
5088
5089Marcel Raad (25 Apr 2020)
5090- lib: clean up whitespace
5091
5092  This fixes CodeFactor warnings.
5093
5094Daniel Stenberg (25 Apr 2020)
5095- [Anderson Toshiyuki Sasaki brought this change]
5096
5097  libssh: avoid options override by configuration files
5098
5099  Previously, options set explicitly through command line options could be
5100  overridden by the configuration files parsed automatically when
5101  ssh_connect() was called.
5102
5103  By calling ssh_options_parse_config() explicitly, the configuration
5104  files are parsed before setting the options, avoiding the options
5105  override.  Once the configuration files are parsed, the automatic
5106  configuration parsing is not executed.
5107
5108  Fixes #4972
5109  Closes #5283
5110  Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
5111
5112- runtests: when <killserver> mentions http, kill http/2 too
5113
5114  Since the http2 test server is a mere proxy that needs to know about the
5115  dynamic port the HTTP server is using, it too needs to get restarted
5116  when the http server is killed.
5117
5118  A regression caused by 80d6515.
5119
5120  Fixes #5289
5121  Closes #5291
5122
5123- [Yuri Slobodyanyuk brought this change]
5124
5125  docs: fix two typos
5126
5127  Closes #5292
5128
5129- [Emil Engler brought this change]
5130
5131  tests/git: ignore mqttd and port files
5132
5133  Closes #5290
5134
5135- tests: make runtests check that disabled tests exists
5136
5137  ... and error out if so. Removed '536' from DISABLED as there is no such
5138  test file.
5139
5140  Closes #5288
5141
5142- test1154: set a proper name
5143
5144- select: make Curl_socket_check take timediff_t timeout
5145
5146  Coverity found CID 1461718:
5147
5148  Integer handling issues (CONSTANT_EXPRESSION_RESULT) "timeout_ms >
5149  9223372036854775807L" is always false regardless of the values of its
5150  operands. This occurs as the logical second operand of "||".
5151
5152  Closes #5240
5153
5154- [i-ky brought this change]
5155
5156  libcurl-multi.3: added missing full stop
5157
5158  Closes #5285
5159
5160Jay Satiro (22 Apr 2020)
5161- transfer: Switch PUT to GET/HEAD on 303 redirect
5162
5163  Prior to this change if there was a 303 reply to a PUT request then
5164  the subsequent request to respond to that redirect would also be a PUT.
5165  It was determined that was most likely incorrect based on the language
5166  of the RFCs. Basically 303 means "see other" resource, which implies it
5167  is most likely not the same resource, therefore we should not try to PUT
5168  to that different resource.
5169
5170  Refer to the discussions in #5237 and #5248 for more information.
5171
5172  Fixes https://github.com/curl/curl/issues/5237
5173  Closes https://github.com/curl/curl/pull/5248
5174
5175Daniel Stenberg (22 Apr 2020)
5176- lib/mk-ca-bundle: skip empty certs
5177
5178  Reviewed-by: Emil Engler
5179  Reported-by: Ashwin Metpalli
5180  Fixes #5278
5181  Closes #5280
5182
5183- version: skip idn2_check_version() check and add precaution
5184
5185  A gcc-10's -fanalyze complaint made me spot and do these improvements.
5186
5187  Closes #5281
5188
5189- RELEASE-NOTES: synced
5190
5191- [Brian Bergeron brought this change]
5192
5193  curl.h: update comment typo
5194
5195  "routines with be invoked" -> "routines will be invoked"
5196
5197  Closes #5279
5198
5199- [Emil Engler brought this change]
5200
5201  GnuTLS: Don't skip really long certificate fields
5202
5203  Closes #5271
5204
5205- gnutls: bump lowest supported version to 3.1.10
5206
5207  GnuTLS 3.1.10 added new functions we want to use. That version was
5208  released on Mar 22, 2013. Removing support for older versions also
5209  greatly simplifies the code.
5210
5211  Ref: #5271
5212  Closes #5276
5213
5214- mqtt: make NOSTATE get within the debug name array
5215
5216- tests: run the RTSP test server on a dynamic port number
5217
5218  To avoid port collisions.
5219
5220  Closes #5272
5221
5222- tests: add %NOLISTENPORT and use it
5223
5224  The purpose with this variable is to provide a port number that is
5225  reasonably likely to not have a listener on the local host so that tests
5226  can try connect failures against it. It uses port 47 - "reserved"
5227  according to IANA.
5228
5229  Updated six tests to use it instead of the previous different ports.
5230
5231  Assisted-by: Emil Engler
5232  Closes #5270
5233
5234- mqtt: remove code with no purpose
5235
5236  Detected by Coverity. CID 1462319.
5237
5238  "The same code is executed when the condition result is true or false,
5239  because the code in the if-then branch and after the if statement is
5240  identical."
5241
5242  Closes #5275
5243
5244- mqtt: fix Curl_read()  error handling while reading remaining length
5245
5246  Detected by Coverity. CID 1462320.
5247
5248  Closes #5274
5249
5250- server/tftpd: fix compiler warning
5251
5252  Follow-up from 369ce38ac1d
5253  Reported-by: Marc Hörsken
5254
5255- http: free memory when Alt-Used header creation fails due to OOM
5256
5257  Reported-by: James Fuller
5258  Fixes #5268
5259  Closes #5269
5260
5261Daniel Gustafsson (20 Apr 2020)
5262- lib: fix typos in comments and errormessages
5263
5264  This fixes a few randomly spotted typos in recently merged code, most
5265  notably one in a userfacing errormessage the schannel code.
5266
5267Daniel Stenberg (20 Apr 2020)
5268- tests: run the SOCKS test server on a dynamic port number
5269
5270  Closes #5266
5271
5272- [Johannes Schindelin brought this change]
5273
5274  multi-ssl: reset the SSL backend on `Curl_global_cleanup()`
5275
5276  When cURL is compiled with support for multiple SSL backends, it is
5277  possible to configure an SSL backend via `curl_global_sslset()`, but
5278  only *before* `curl_global_init()` was called.
5279
5280  If another SSL backend should be used after that, a user might be
5281  tempted to call `curl_global_cleanup()` to start over. However, we did
5282  not foresee that use case and forgot to reset the SSL backend in that
5283  cleanup.
5284
5285  Let's allow that use case.
5286
5287  Fixes #5255
5288  Closes #5257
5289  Reported-by: davidedec on github
5290  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
5291
5292- tests: run the TFTP test server on a dynamic port number
5293
5294  Picking a dynamic unused port is better than a fixed to avoid the
5295  collision risk.
5296
5297  Closes #5265
5298
5299- mqtt: improve the state machine
5300
5301  To handle PUBLISH before SUBACK and more.
5302
5303  Updated the existing tests and added three new ones.
5304
5305  Reported-by: Christoph Krey
5306  Bug: https://curl.haxx.se/mail/lib-2020-04/0021.html
5307  Closes #5246
5308
5309- runtests: always put test number in servercmd file
5310
5311- RELEASE-NOTES: synced
5312
5313- release-notes.pl: fix parsing typo
5314
5315James Fuller (20 Apr 2020)
5316- ensure all references to ports are replaced by vars
5317
5318- add more alt-svc test coverage
5319
5320Daniel Stenberg (20 Apr 2020)
5321- test1247: use http server to get the port number set
5322
5323  Follow-up to 0f5db7b263f
5324
5325- runtests: use a unix domain socket path with the pid in the name
5326
5327  To make it impossible for test cases to access the file name without
5328  using the proper variable for the purpose.
5329
5330  Closes #5264
5331
5332Daniel Gustafsson (19 Apr 2020)
5333- [Mipsters on github brought this change]
5334
5335  src: Remove C99 constructs to ensure C89 compliance
5336
5337  This fixes the error: 'for' loop initial declaration used outside C99
5338  mode by declaring the loop increment variable in the beginning of the
5339  block instead of inside the for loop.
5340
5341  Fixes #5254
5342  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
5343
5344Daniel Stenberg (19 Apr 2020)
5345- runtests: dummy init the ports variables to avoid warnings
5346
5347  ... and generate something that can help debug test cases.
5348
5349- [Patrick Monnerat brought this change]
5350
5351  mime: properly check Content-Type even if it has parameters
5352
5353  New test 669 checks this fix is effective.
5354
5355  Fixes #5256
5356  Closes #5258
5357  Reported-by: thanhchungbtc on github
5358
5359- tests/FILEFORMAT: converted to markdown and extended
5360
5361  Closes #5261
5362
5363- test1245: make it work with dynamic FTP server port
5364
5365- test1055: make it work with dynamic FTP port
5366
5367- test1028: make it run on dynamic FTP server port
5368
5369- tests: move pingpong server to dynamic listening port
5370
5371  FTP, IMAP, POP3, SMTP and their IPv6 versions are now all on dynamic
5372  ports
5373
5374  Test 842-845 are unfortunately a bit hard to move over to this concept
5375  right now and require "default port" still...
5376
5377- test1056: work with dynamic HTTP ipv6 port
5378
5379- test1448: work with dynamic HTTP server port
5380
5381- tests: introduce preprocessed test cases
5382
5383  The runtests script now always performs variable replacement on the
5384  entire test source file before the test gets executed, and saves the
5385  updated version in a temporary file (log/test[num]) so that all test
5386  case readers/servers can use that version (if present) and thus enjoy
5387  the powers of test case variable substitution.
5388
5389  This is necessary to allow complete port number freedom.
5390
5391  Test 309 is updated to work with a non-fixed port number thanks to this.
5392
5393- tests: make 2006-2010 handle different port number lengths
5394
5395- tests: run the sws server on "any port"
5396
5397  Makes the test servers for HTTP and Gopher pop up on a currently unused
5398  port and runtests adapts to that!
5399
5400  Closes #5247
5401
5402Marc Hoersken (18 Apr 2020)
5403- sockfilt: tidy variable naming and data structure in select_ws
5404
5405  This commit does not introduce any logical changes to the code.
5406
5407  Reviewed-by: Jay Satiro and Marcel Raad
5408  Closes #5238
5409
5410Daniel Stenberg (17 Apr 2020)
5411- [Anderson Toshiyuki Sasaki brought this change]
5412
5413  libssh: Use new ECDSA key types to check known hosts
5414
5415  From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA
5416  keys depending on the curve.
5417
5418  Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
5419  Fixes #5252
5420  Closes #5253
5421
5422Marcel Raad (17 Apr 2020)
5423- appveyor: add Unicode winbuild jobs
5424
5425  These are cheap as they don't build tests.
5426
5427  Closes https://github.com/curl/curl/pull/5063
5428
5429Daniel Stenberg (16 Apr 2020)
5430- mqttd: s/errno/SOCKERRNO
5431
5432  To behave proper on Windows
5433  Reported-by: Gisle Vanem
5434  Bug: https://github.com/curl/curl/commit/5e855bbd18f84a02c951be7cac6188276818cdac#r38507132
5435  Closes #5241
5436
5437- buildconf: use find -execdir instead, remove -print and the ares files
5438
5439  Follow-up to 1e41bec96a6e
5440
5441  Suggested-by: Marc Hörsken
5442
5443- [Alexander V. Tikhonov brought this change]
5444
5445  buildconf: avoid using tempfile when removing files
5446
5447  Closes #5213
5448
5449- copyright: bump the copyright year range
5450
5451- scripts/release-notes.pl: accept colon after the Fixes/Closes keywords
5452
5453- [JP Mens brought this change]
5454
5455  docs/MQTT: replace confusing 80 by 75
5456
5457  I was a bit surprised by the `80`: first thought: what's HTTP doing
5458  here? ;)
5459
5460  Closes #5236
5461
5462- [Brad King brought this change]
5463
5464  cmake: Avoid MSVC C4273 warnings in send/recv checks
5465
5466  We use `check_c_source_compiles` to check possible send/recv signatures
5467  by reproducing the forward declarations from system headers.  On Windows
5468  the `winsock2.h` header adds dll linkage settings to its forward
5469  declaration.  If ours does not match the compiler warns:
5470
5471      warning C4273: 'recv': inconsistent dll linkage
5472
5473  Add `WINSOCK_API_LINKAGE` to our test signatures when it is defined so
5474  that our linkage is consistent with that from `winsock2.h`.
5475
5476  Fixes #4764
5477  Closes #5232
5478
5479Jay Satiro (14 Apr 2020)
5480- KNOWN_BUGS: Add entry 'Blocking socket operations'
5481
5482  - Add threaded resolver cleanup and GSSAPI for FTP to the TODO list of
5483    known blocking operations.
5484
5485  - New known bugs entry 'Blocking socket operations in non-blocking API'
5486    that directs to the TODO's list of known blocking operations.
5487
5488  Ref: https://github.com/curl/curl/pull/5214#issuecomment-612488021
5489
5490  Reported-by: Marc Hoersken
5491
5492  Closes https://github.com/curl/curl/pull/5216
5493
5494Marc Hoersken (14 Apr 2020)
5495- test2043: use revoked.badssl.com instead of revoked.grc.com
5496
5497  The certificate of revoked.grc.com has expired on 2020-04-13.
5498
5499  Reviewed-by: Jay Satiro
5500
5501  Closes #5233
5502
5503- sockfilt: fix broken pipe on Windows to be ready in select_ws
5504
5505  Closes #5228
5506
5507Daniel Stenberg (14 Apr 2020)
5508- RELEASE-NOTES: synced
5509
5510- scripts/release-notes: fix duplicate output header
5511
5512- github/workflow: enable MQTT in the macOS debug build
5513
5514- azure: add mqtt support to one of the Windows builds
5515
5516- travis: add mqtt job on Linux
5517
5518- tests: add four MQTT tests 1190 - 1193
5519
5520- tests: add the mqtt test server mqttd
5521
5522- tests: support hex encoded data and mqtt server
5523
5524  The mqtt server is started using a "random" port.
5525
5526- [Björn Stenberg brought this change]
5527
5528  mqtt: add new experimental protocol
5529
5530  Closes #5173
5531
5532- TODO: Consider convenience options for JSON and XML?
5533
5534  Closes #5203
5535
5536- tool: do not declare functions with Curl_ prefix
5537
5538  To avoid collision risks with private libcurl symbols when linked with
5539  static versions (or just versions not hiding internal symbols).
5540
5541  Reported-by: hydra3333 on github
5542  Fixes #5219
5543  Closes #5234
5544
5545- [Nathaniel R. Lewis brought this change]
5546
5547  cmake: add aliases so exported target names are available in tree
5548
5549  Reviewed-by: Brad King
5550  Closes #5206
5551
5552- version: increase buffer space for ssl version output
5553
5554  To avoid it getting truncated, especially when several SSL backends are
5555  built-in.
5556
5557  Reported-by: Gisle Vanem
5558  Fixes #5222
5559  Closes #5226
5560
5561Marc Hoersken (13 Apr 2020)
5562- cirrus: no longer ignore test 504 which is working again
5563
5564  The test is working again, because TCP blackholing is disabled.
5565
5566- appveyor: completely disable tests that fail to timeout early
5567
5568  The tests changed from ignored to disabled are tests that are
5569  about connecting to non-listening socket. On AppVeyor these
5570  tests are not reliable, because for some unknown reason the
5571  connect is not timing out before the test time limit is reached.
5572
5573Daniel Stenberg (13 Apr 2020)
5574- test1908: avoid using fixed port number in test data
5575
5576  Closes #5225
5577
5578Jay Satiro (12 Apr 2020)
5579- [Andrew Kurushin brought this change]
5580
5581  schannel: Fix blocking timeout logic
5582
5583  - Fix schannel_send for the case when no timeout was set.
5584
5585  Prior to this change schannel would error if the socket was not ready
5586  to send data and no timeout was set.
5587
5588  This commit is similar to parent commit 89dc6e0 which recently made the
5589  same change for SOCKS, for the same reason. Basically it was not well
5590  understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms
5591  but actually means no timeout.
5592
5593  Fixes https://github.com/curl/curl/issues/5177
5594  Closes https://github.com/curl/curl/pull/5221
5595
5596- socks: Fix blocking timeout logic
5597
5598  - Document in Curl_timeleft's comment block that returning 0 signals no
5599    timeout (ie there's infinite time left).
5600
5601  - Fix SOCKS' Curl_blockread_all for the case when no timeout was set.
5602
5603  Prior to this change if the timeout had a value of 0 and that was passed
5604  to SOCKET_READABLE it would return right away instead of blocking. That
5605  was likely because it was not well understood that when Curl_timeleft
5606  returns 0 it is not a timeout of 0 ms but actually means no timeout.
5607
5608  Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360
5609
5610  Closes https://github.com/curl/curl/pull/5220
5611
5612- [Marc Hoersken brought this change]
5613
5614  gopher: check remaining time left during write busy loop
5615
5616  Prior to this change gopher's blocking code would block forever,
5617  ignoring any set timeout value.
5618
5619  Assisted-by: Jay Satiro
5620  Reviewed-by: Daniel Stenberg
5621
5622  Similar to #5220 and #5221
5623  Closes #5214
5624
5625Daniel Stenberg (13 Apr 2020)
5626- [Dirkjan Bussink brought this change]
5627
5628  gnutls: ensure TLS 1.3 when SRP isn't requested
5629
5630  When SRP is requested in the priority string, GnuTLS will disable
5631  support for TLS 1.3. Before this change, curl would always add +SRP to
5632  the priority list, effectively always disabling TLS 1.3 support.
5633
5634  With this change, +SRP is only added to the priority list when SRP
5635  authentication is also requested. This also allows updating the error
5636  handling here to not have to retry without SRP. This is because SRP is
5637  only added when requested and in that case a retry is not needed.
5638
5639  Closes #5223
5640
5641Marc Hoersken (12 Apr 2020)
5642- tests/server: add hidden window to gracefully handle WM_CLOSE
5643
5644  Forward Window events as signals to existing signal event handler.
5645
5646- tests/server: add CTRL event handler for Win32 consoles
5647
5648  Forward CTRL events as signals to existing signal event handler.
5649
5650- tests/server: move all signal handling routines to util.[ch]
5651
5652  Avoid code duplication to prepare for portability enhancements.
5653
5654Daniel Stenberg (12 Apr 2020)
5655- compressed.d: stress that the headers are not modified
5656
5657  Suggested-by: Michael Osipov
5658  Assisted-by: Jay Satiro
5659  Bug: https://github.com/curl/curl/issues/5182#issuecomment-611638008
5660  Closes #5217
5661
5662Marc Hoersken (11 Apr 2020)
5663- tests/server/util.c: use curl_off_t instead of long for pid
5664
5665  Avoid potential overflow of huge PIDs on Windows.
5666
5667  Related to #5188
5668  Assisted-by: Marcel Raad
5669
5670- tests: use Cygwin/msys PIDs for stunnel and sshd on Windows
5671
5672  Since the Windows versions of both programs would write Windows
5673  PIDs to their pidfiles which we cannot handle, we need to use
5674  our known perl.exe Cygwin/msys PID together with exec() in order
5675  to tie the spawned processes to the existance of our perl.exe
5676
5677  The perl.exe that is executing secureserver.pl and sshserver.pl
5678  has a Cygwin/msys PID, because it is started inside Cygwin/msys.
5679
5680  Related to #5188
5681
5682- tests: add Windows compatible pidwait like pidkill and pidterm
5683
5684  Related to #5188
5685
5686- tests: fix conflict between Cygwin/msys and Windows PIDs
5687
5688  Add 65536 to Windows PIDs to allow Windows specific treatment
5689  by having disjunct ranges for Cygwin/msys and Windows PIDs.
5690
5691  See also:
5692  - https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;5693    h=b5e1003722cb14235c4f166be72c09acdffc62ea
5694  - https://cygwin.com/git/?p=newlib-cygwin.git;a=commit;5695    h=448cf5aa4b429d5a9cebf92a0da4ab4b5b6d23fe
5696
5697  Replaces #5178
5698  Closes #5188
5699
5700Daniel Stenberg (11 Apr 2020)
5701- RELEASE-NOTES: synced
5702
5703- release-notes.pl: detect the start of the references in cleanup mode
5704
5705- Revert "file: on Windows, refuse paths that start with \\"
5706
5707  This reverts commit 1b71bc532bde8621fd3260843f8197182a467ff2.
5708
5709  Reminded-by: Chris Roberts
5710  Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html
5711
5712  Closes #5215
5713
5714Jay Satiro (11 Apr 2020)
5715- lib: fix conversion warnings for SOCKET_WRITABLE/READABLE
5716
5717  - If loss of data may occur converting a timediff_t to time_t and
5718    the time value is > TIME_T_MAX then treat it as TIME_T_MAX.
5719
5720  This is a follow-up to 8843678 which removed the (time_t) typecast
5721  from the macros so that conversion warnings could be identified.
5722
5723  Closes https://github.com/curl/curl/pull/5199
5724
5725- test1148: tolerate progress updates better (again)
5726
5727  - Ignore intermediate progress updates.
5728
5729  - Support locales that use a character other than period as decimal
5730    separator (eg 100,0%).
5731
5732  test1148 checks that the progress finishes at 100% and has the right
5733  bar width. Prior to this change the test assumed that the only progress
5734  reported for such a quick transfer was 100%, however in rare instances
5735  (like in the CI where transfer time can slow considerably) there may be
5736  intermediate updates. For example, below is stderrlog1148 from a failed
5737  CI run with explicit \r and \n added (it is one line; broken up so that
5738  it's easier to understand).
5739
5740  \r
5741  \r##################################                                        48.3%
5742  \r######################################################################## 100.0%
5743  \n
5744
5745  Closes https://github.com/curl/curl/pull/5194
5746
5747Marc Hoersken (10 Apr 2020)
5748- sshserver.pl: use cached Win32 environment check variable
5749
5750- appveyor: partially revert 3413a110 to keep build without proxy
5751
5752  Ref: #5211 and #4526
5753  Reported-by: Marcel Raad
5754
5755- appveyor: ignore failing 'connect to non-listening proxy' tests
5756
5757  Closes #5211
5758
5759- CI/macos: convert CRLF to LF and align indentation
5760
5761Daniel Stenberg (9 Apr 2020)
5762- url: allow non-HTTPS altsvc-matching for debug builds
5763
5764  This is already partly supported but this part was missing.
5765  Reported-by: James Fuller
5766
5767  Closes #5205
5768
5769- server/resolve: remove AI_CANONNAME to make macos tell the truth
5770
5771  With this bit set, my mac successfully resolves "ip6-localhost" when in
5772  fact there is no such host known to my machine! That in turn made test
5773  241 wrongly execute and fail.
5774
5775  Closes #5202
5776
5777- runtests: fix warning about using an undefined variable
5778
5779  Follow-up from 4d939ef6ceb2db1
5780
5781- release-notes: fix the initial reference list output
5782
5783- github actions: run when pushed to master or */ci + PRs
5784
5785  Avoid double-builds when using "local" branches for PRs. For both macos
5786  and fuzz jobs.
5787
5788  Closes #5201
5789
5790- runtests: provide nicer errormsg when protocol "dump" file is empty
5791
5792- [Gilles Vollant brought this change]
5793
5794  schannel: support .P12 or .PFX client certificates
5795
5796  Used with curl command line option like this: --cert
5797  <filename>:<password> --cert-type p12
5798
5799  Closes #5193
5800
5801- tests: verify split initial HTTP requests with CURL_SMALLREQSEND
5802
5803  test1294: "split request" being when the entire request isn't sent in
5804  the first go, and the remainder is sent in the PERFORM state. A GET
5805  request is otherwise not sending anything during PERFORM.
5806
5807  test1295: same kind of split but with POST
5808
5809  Closes #5197
5810
5811- http: don't consider upload done if the request isn't completely sent off
5812
5813  Fixes #4919
5814  Closes #5197
5815
5816- http: allow Curl_add_buffer_send() to do a short first send by force
5817
5818  In a debug build, settting the environment variable "CURL_SMALLREQSEND"
5819  will make the first HTTP request send not send more bytes than the set
5820  amount, thus ending up verifying that the logic for handling a split
5821  HTTP request send works correctly.
5822
5823- connect: store connection info for QUIC connections
5824
5825  Restores the --head functionality to the curl utility which extracts
5826  'protocol' that is stored that way.
5827
5828  Reported-by: James Fuller
5829  Fixes #5196
5830  Closes #5198
5831
5832- tests/README: update the port numbers list
5833
5834  Since the pipelining server is long gone.
5835  Reported-by: James Fuller
5836
5837- select: remove typecast from SOCKET_WRITABLE/READABLE macros
5838
5839  So that they don't hide conversions-by-mistake
5840
5841  Reviewed-by: Jay Satiro
5842  Closes #5190
5843
5844- CURLOPT_WRITEFUNCTION.3: add inline example and new see-also
5845
5846  Closes #5192
5847
5848- release-notes: output trailing references sorted numerically
5849
5850- cleanup: correct copyright year range on a few files
5851
5852- configure: remove use of -vec-report0 from CFLAGS with icc
5853
5854  ... as it apparently isn't (always) supported.
5855  Reported-by: Alain Miniussi
5856  Fixes #5096
5857  Closes #5191
5858
5859- warnless: remove code block for icc that didn't work
5860
5861  Reported-by: Alain Miniussi
5862  Fixes #5096
5863
5864Marc Hoersken (6 Apr 2020)
5865- dist: add missing setup-win32.h
5866
5867  Follow up to d820224b8b
5868
5869Daniel Stenberg (6 Apr 2020)
5870- RELEASE-NOTES: synced
5871
5872- scripts/release-notes.pl: add helper script for RELEASE-NOTES maintenance
5873
5874  This script helps putting entries in the RELEASE-NOTES using a coherent
5875  style and sorting with a minimal human editing effort - as long as the
5876  first line in the commit message is good enough! There's a short howto
5877  at the top of the file.
5878
5879- [Dennis Felsing brought this change]
5880
5881  configure: don't check for Security.framework when cross-compiling
5882
5883  Since it checks for the local file, not the cross-compiled one.
5884
5885  Closes #5189
5886
5887- TODO: Option to make -Z merge lined based outputs on stdout
5888
5889  Closes #5175
5890
5891- lib: never define CURL_CA_BUNDLE with a getenv
5892
5893  - it breaks the build (since 6de756c9b1de34b7a1)
5894  - it's not documented and not consistent across platforms
5895  - the curl tool does that getenv magic
5896
5897  Bug: https://github.com/curl/curl/commit/6de756c#r38127030
5898  Reported-by: Gisle Vanem
5899
5900  Closes #5187
5901
5902Marc Hoersken (5 Apr 2020)
5903- lib670: use the same Win32 API check as all other lib tests
5904
5905- appveyor: use random test server ports based upon APPVEYOR_API_URL
5906
5907  Avoid conflicts of test server ports with AppVeyor API on localhost.
5908
5909  Closes #5034
5910
5911- appveyor: sort builds by type and add two new variants
5912
5913  Related to #5034 and #5063
5914
5915- appveyor: show failed tests in log even if test is ignored
5916
5917  And print API response with newline only if there is one
5918
5919- appveyor: turn disabled tests into ignored result tests
5920
5921Daniel Stenberg (5 Apr 2020)
5922- KNOWN_BUGS: fixed "USE_UNIX_SOCKETS on Windows"
5923
5924  Fixed with #5170 (commit 23a870f2fd041278)
5925
5926- test1566: verify --etag-compare that gets a 304 back
5927
5928  Verifies the fix in #5183
5929
5930  Closes #5186
5931
5932- [Kwon-Young Choi brought this change]
5933
5934  CURLINFO_CONDITION_UNMET: return true for 304 http status code
5935
5936  In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
5937  output file if the server did not transfered a file based on time
5938  condition. In the same manner, getting a 304 HTTP response back from the
5939  server, for example after passing a custom If-Match-* header, also
5940  fulfill this condition.
5941
5942  Fixes #5181
5943  Closes #5183
5944
5945- [Kwon-Young Choi brought this change]
5946
5947  curl: allow both --etag-compare and --etag-save with same file name
5948
5949  This change inverse the order of processing for the --etag-compare and
5950  --etag-save option to process first --etag-compare. This in turn allows
5951  to use the same file name to compare and save an etag.
5952
5953  The original behavior of not failing if the etag file does not exists is
5954  conserved.
5955
5956  Fixes #5179
5957  Closes #5180
5958
5959Viktor Szakats (4 Apr 2020)
5960- windows: enable UnixSockets with all build toolchains
5961
5962  Extend existing unix socket support in Windows builds to be
5963  enabled for all toolchain vendors or versions. (Previously
5964  it was only supported with certain MSVC versions + more recent
5965  Windows 10 SDKs)
5966
5967  Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
5968  Ref: https://github.com/curl/curl/issues/5162
5969  Closes: https://github.com/curl/curl/pull/5170
5970
5971Daniel Stenberg (4 Apr 2020)
5972- KNOWN_BUGS: Store TLS context per transfer instead of per connection
5973
5974  Closes #5102
5975
5976Marc Hoersken (3 Apr 2020)
5977- sockfilt: remove redundancy in timeout handling
5978
5979  And update other logmsg output in select_ws on Windows.
5980
5981- sockfilt: fix handling of ready closed sockets on Windows
5982
5983  Replace the incomplete workaround regarding FD_CLOSE
5984  only signalling once by instead doing a pre-check with
5985  standard select and storing the result for later use.
5986
5987  select keeps triggering on closed sockets on Windows while
5988  WSAEventSelect fires only once with data still available.
5989  By doing the pre-check we do not run in a deadlock
5990  due to waiting forever for another FD_CLOSE event.
5991
5992- sockfilt: fix race-condition of waiting threads and event handling
5993
5994  Fix race-condition of waiting threads finishing while events are
5995  already being processed which lead to invalid or skipped events.
5996
5997  Use mutex to check for one event at a time or do post-processing.
5998  In addition to mutex-based locking use specific event as signal.
5999
6000  Closes #5156
6001
6002Daniel Stenberg (2 Apr 2020)
6003- [Leo Neat brought this change]
6004
6005  CI-fuzz: increase fuzz time to 40 minutes
6006
6007  Closes #5174
6008
6009Marc Hoersken (2 Apr 2020)
6010- CI: increase Azure Pipelines timeouts due to performance issues
6011
6012  The current demand on Azure negatively impacts the CI performance.
6013
6014- runtests.pl: log host OS as detected by Perl environment
6015
6016- ftpserver.pl: log before and after data connection is closed
6017
6018Daniel Stenberg (1 Apr 2020)
6019- RELEASE-NOTES: synced
6020
6021- RELEASE-PROCEDURE.md: run the copyright.pl script!
6022
6023- vquic/ngtcp2.h: update copyright year range
6024
6025  Follow-up to 0736ee73d346a52
6026
6027- [Daiki Ueno brought this change]
6028
6029  CI: add build with ngtcp2 + gnutls on Travis CI
6030
6031- [Daiki Ueno brought this change]
6032
6033  vquic: add support for GnuTLS backend of ngtcp2
6034
6035  Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
6036  time. Therefore OpenSSL support needs to be explicitly disabled.
6037
6038  Signed-off-by: Daiki Ueno <dueno@redhat.com>
6039  Closes #5148
6040
6041- [Gisle Vanem brought this change]
6042
6043  examples/sessioninfo.c: add include to fix compiler warning
6044
6045  Fixes #5171
6046
6047- misc: copyright year updates
6048
6049  Follow-up to 7a71965e9
6050
6051- [Harry Sintonen brought this change]
6052
6053  build: fixed build for systems with select() in unistd.h
6054
6055  Closes #5169
6056
6057- memdebug: don't log free(NULL)
6058
6059  ... it serves no purpose and fills up the log.
6060
6061- cleanup: insert newline after if() conditions
6062
6063  Our code style mandates we put the conditional block on a separate
6064  line. These mistakes are now detected by the updated checksrc.
6065
6066- checksrc: warn on obvious conditional blocks on the same line as if()
6067
6068  Closes #5164
6069
6070- [Roger Orr brought this change]
6071
6072  cmake: add CMAKE_MSVC_RUNTIME_LIBRARY
6073
6074  Fixes #5165
6075  Closes #5167
6076
6077- [Daiki Ueno brought this change]
6078
6079  ngtcp2: update to git master for the key installation API change
6080
6081  This updates the ngtcp2 OpenSSL backend to follow the API change in
6082  commit 32e703164 of ngtcp2.
6083
6084  Notable changes are:
6085  - ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace
6086    ngtcp2_crypto_derive_and_install_key
6087  - the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key
6088    has been removed
6089
6090  Fixes #5166
6091  Closes #5168
6092
6093- [Cyrus brought this change]
6094
6095  SECURITY.md: minor rephrase
6096
6097  Closes #5158
6098
6099- output.d: quote the URL when globbing
6100
6101  Some shells do globbing of their own unless the URL is quoted, so maybe
6102  encourage this.
6103
6104  Co-authored-by: Jay Satiro
6105  Closes #5160
6106
6107- dist: add tests/version-scan.pl to tarball
6108
6109  ... used in test 1177.
6110
6111  Follow-up to a97d826f6de3
6112
6113- test1177: verify that all the CURL_VERSION_ bits are documented
6114
6115- curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
6116
6117  Considered experimental and therefore we can do this.
6118
6119  Closes #5157
6120
6121- KNOWN_BUGS: DoH doesn't inherit all transfer options
6122
6123  Closes #4578
6124  Closes #4579
6125
6126- KNOWN_BUGS: DoH leaks memory after followlocation
6127
6128  Closes #4592
6129
6130- KNOWN_BUGS: "FTPS needs session reuse"
6131
6132  Closes #4654
6133
6134- KNOWN_BUGS: "stick to same family over SOCKS pro" is presumed fixed
6135
6136- TODO: Set custom client ip when using haproxy protocol
6137
6138  Closes #5125
6139
6140Michael Kaufmann (27 Mar 2020)
6141- writeout_json: Fix data type issues
6142
6143  Load long values correctly (e.g. for http_code).
6144
6145  Use curl_off_t (not long) for:
6146  - size_download (CURLINFO_SIZE_DOWNLOAD_T)
6147  - size_upload (CURLINFO_SIZE_UPLOAD_T)
6148
6149  The unit for these values is bytes/second, not microseconds:
6150  - speed_download (CURLINFO_SPEED_DOWNLOAD_T)
6151  - speed_upload (CURLINFO_SPEED_UPLOAD_T)
6152
6153  Fixes #5131
6154  Closes #5152
6155
6156Daniel Stenberg (27 Mar 2020)
6157- mailmap: fixup a few author names/fields
6158
6159  Douglas Steinwand, Gökhan Şengün, Jessa Chandler, Julian Z and
6160  Svyatoslav Mishyn
6161
6162- version: add 'cainfo' and 'capath' to version info struct
6163
6164  Suggested-by: Timothe Litt
6165  URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
6166  Reviewed-by: Jay Satiro
6167
6168  Closes #5150
6169
6170- RELEASE-NOTES: synced
6171
6172Jay Satiro (26 Mar 2020)
6173- SSLCERTS.md: Fix example code for setting CA cert file
6174
6175  Prior to this change the documentation erroneously said use
6176  CURLOPT_CAPATH to set a CA cert file.
6177
6178  Bug: https://curl.haxx.se/mail/lib-2020-03/0121.html
6179  Reported-by: Timothe Litt
6180
6181  Closes https://github.com/curl/curl/pull/5151
6182
6183Marc Hoersken (26 Mar 2020)
6184- sockfilt: add logmsg output to select_ws_wait_thread on Windows
6185
6186  Assisted-by: Jay Satiro
6187  Reviewed-by: Daniel Stenberg
6188
6189  Closes #5086
6190
6191Daniel Stenberg (26 Mar 2020)
6192- docs/make: generate curl.1 from listed files only
6193
6194  Previously it rendered the page from files matching "*.d" in the correct
6195  directory, which worked fine in git builds when the files were added but
6196  made it easy to forget adding the files to the dist.
6197
6198  Now, only man page sections listed in DPAGES in Makefile.inc will be
6199  used, thus "forcing" us to update this to get the man page right and get
6200  it included in the dist at the same time.
6201
6202  Ref: #5146
6203  Closes #5149
6204
6205- openssl: adapt to functions marked as deprecated since version 3
6206
6207  OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
6208  functions we use.
6209
6210  Fix the MD4 and SSL_CTX_load_verify_locations warnings.
6211
6212  In configure, detect OpenSSL v3 and if so, inhibit the deprecation
6213  warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
6214  until we rewrite the code to use non-deprecated functions we better
6215  ignore these warnings as they don't help us.
6216
6217  Closes #5139
6218
6219- dist: add mail-rcpt-allowfails.d to the tarball
6220
6221  Reported-by: Maksim Stsepanenka
6222  Reviewed-by: Jat Satiro
6223
6224  Closes #5146
6225
6226- travis: update the ngtcp2 build to use the latest OpenSSL patch
6227
6228  ... which also makes it OpenSSL 1.1.1d based and not v3.
6229
6230Marc Hoersken (24 Mar 2020)
6231- CI: remove default Ubuntu build from GitHub Actions
6232
6233  We are already running a very similar Ubuntu build on Travis CI.
6234  The macOS variant of this default build is kept on Github Actions.
6235
6236- CI: bring GitHub Actions fuzzing job in line with macOS jobs
6237
6238  Update YAML formatting, job naming and triggers.
6239
6240- CI: migrate macOS jobs from Azure and Travis CI to GitHub Actions
6241
6242  Reduce workload on Azure Pipelines and Travis CI while
6243  consolidating macOS jobs onto less utilized GitHub Actions.
6244
6245  Reviewed-by: Daniel Stenberg
6246
6247  Closes #5124
6248
6249Daniel Stenberg (24 Mar 2020)
6250- config: remove all defines of HAVE_DES_H
6251
6252  As there's no code using it.
6253
6254  Closes #5144
6255
6256- copyright: fix out-of-date copyright ranges and missing headers
6257
6258  Reported by the new script 'scripts/copyright.pl'. The script has a
6259  regex whitelist for the files that don't need copyright headers.
6260
6261  Removed three (mostly usesless) README files from docs/
6262
6263  Closes #5141
6264
6265- packages: add OS400/chkstrings.c to the dist
6266
6267  Reported-by: Jon Rumsey
6268  Fixes #5142
6269  Closes #5143
6270
6271- [Clément Notin brought this change]
6272
6273  nghttp2: 1.12.0 required
6274
6275  since nghttp2_session_set_local_window_size is needed
6276
6277  Closes #5140
6278
6279- RELEASE-NOTES: synced
6280
6281- [Calvin Buckley brought this change]
6282
6283  OS400: Update strings for ccsid-ifier
6284
6285  Fixes build.
6286
6287  Closes #5132
6288
6289- cirrus: make freebsd ignore the tests instead of skipping
6290
6291  To allow us to see in the CI logs how they actually behave
6292
6293  Closes #5091
6294
6295- cirrus: move the sanitizer build from freebsd 13 to freebsd 12
6296
6297- Revert "cirrus-ci: disable the FreeBSD 13 builds"
6298
6299  This reverts commit 691b71be930f0e285c8f7a76efd56bbe0576cda6.
6300
6301- getinfo: provide CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE override
6302
6303  To let debug-builds return fake values, like in test 970.
6304
6305  Ref: #5131
6306  Closes #5136
6307
6308- test970: improve the test
6309
6310  - send more data to make problems more obvious
6311  - don't start the data with minus, it makes diffs harder to read
6312  - skip the headers in the stdout comparison
6313  - save to a file name to also verify 'filename_effective'
6314
6315  Ref: #5131
6316
6317- CURLINFO_NUM_CONNECTS: improve accuracy
6318
6319  The counter was not bumped in all cases correctly.
6320
6321  Reported-by: Marcel Raad
6322  Ref: #5131
6323  Closes #5135
6324
6325- TODO: Use "random" ports for the test servers
6326
6327- lib/curl_setup: adjust the copyright year range
6328
6329  Follow-up from d820224b8
6330
6331Jay Satiro (21 Mar 2020)
6332- curl_setup: define _WIN32_WINNT_[OS] symbols
6333
6334  .. because not all Windows build systems have those symbols, and even
6335  those that do may be missing newer symbols (eg the Windows 7 SDK does
6336  not define _WIN32_WINNT_WIN10).
6337
6338  Those symbols are used in build-time logic to decide which API to use
6339  and prior to this change if the symbols were missing it would have
6340  resulted in deprecated API being used when more recent functions were
6341  available (eg GetVersionEx used instead of VerifyVersionInfo).
6342
6343  Reported-by: FuccDucc@users.noreply.github.com
6344
6345  Probably fixes https://github.com/curl/curl/issues/4995
6346  Closes https://github.com/curl/curl/pull/5057
6347
6348- [Ross Burton brought this change]
6349
6350  curl-functions.m4: remove inappropriate AC_REQUIRE
6351
6352  AC_REQUIRE means "if this macro hasn't been executed already, execute
6353  it".  So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE)
6354  isn't correct at that will execute AC_RUN_IFELSE without any arguments.
6355
6356  With autoconf 2.69 this is basically a no-op, but with autoconf 2.70,
6357  AC_RUN_IFELSE without a default value when cross-compiling is fatal.
6358  The result is that curl with autoconf 2.70 cannot cross-compile.
6359
6360  Fixes https://github.com/curl/curl/issues/5126
6361  Closes https://github.com/curl/curl/pull/5130
6362
6363Marc Hoersken (20 Mar 2020)
6364- ci/tests: fix Azure Pipelines not running Windows containers
6365
6366  Workaround posted here: microsoft/azure-pipelines-agent#2864
6367
6368  Assisted-by: Simon Chalifoux
6369  Assisted-by: Tommy Petty
6370
6371  Fixes #5117
6372  Closes #5129
6373
6374Daniel Stenberg (20 Mar 2020)
6375- tests: add test 430, 431 and 432 to verify the --config fix
6376
6377  Verify the fixes in 4e0b4fee4
6378
6379- [Rici Lake brought this change]
6380
6381  cmdline: fix handling of OperationConfig linked list (--next)
6382
6383  Ensures that -K/--config inserts new items at the end of the list
6384  instead of overwriting the second item, and that after a -K/--config
6385  option has been parsed, the option parser's view of the current config
6386  is update.
6387
6388  Fixes #5120
6389  Closes #5123
6390
6391Marc Hoersken (20 Mar 2020)
6392- test2100: fix static port instead of dynamic value being used
6393
6394- test970: fix static ip:port instead of dynamic values being used
6395
6396Daniel Stenberg (19 Mar 2020)
6397- secure transport: remove the BACKEND define kludge
6398
6399  Closes #5122
6400
6401- mbedtls: remove the BACKEND define kludge
6402
6403- bearssl: remove the BACKEND define kludge
6404
6405- wolfssl: remove the BACKEND define kludge
6406
6407- nss: remove the BACKEND define kludge
6408
6409- gnutls: remove the BACKEND define kludge
6410
6411- openssl: remove the BACKEND define kludge
6412
6413  Use a proper variable instead to make it easier to use a debugger and
6414  read the code.
6415
6416Marc Hoersken (19 Mar 2020)
6417- tests: make Python-based servers compatible with Python 2 and 3
6418
6419  Update smbserver.py and negtelnetserver.py to be compatible with
6420  Python 3 while staying backwards-compatible to support Python 2.
6421
6422  Fix string encoding and handling of echoed and transferred data.
6423
6424  Tested with both Python 2.7.17 and Python 3.7.7
6425
6426  Reported-by: Daniel Stenberg
6427  Assisted-by: Kamil Dudka
6428  Reviewed-by: Marcel Raad
6429
6430  Fixes #5104
6431  Closes #5110
6432
6433Daniel Stenberg (18 Mar 2020)
6434- writeout_json: use curl_off_t printf() option for the time output
6435
6436  Follow-up to: 04c03416e68fd635a15
6437
6438  Closes #5115
6439
6440- RELEASE-NOTES: synced
6441
6442  Uh, I missed this in 1a46b218db
6443
6444- RELEASE-NOTES: synced
6445
6446  ... and bumped curlver.h to 7.70.0
6447
6448Jay Satiro (18 Mar 2020)
6449- http2: Fix erroneous debug message that h2 connection closed
6450
6451  Prior to this change in libcurl debug builds http2 stream closure was
6452  erroneously referred to as connection closure.
6453
6454  Before:
6455  * nread <= 0, server closed connection, bailing
6456
6457  After:
6458  * nread == 0, stream closed, bailing
6459
6460  Closes https://github.com/curl/curl/pull/5118
6461
6462Daniel Stenberg (18 Mar 2020)
6463- tool_setopt: correct the copyright year range
6464
6465  Follow-up to 5450428491
6466
6467Jay Satiro (18 Mar 2020)
6468- [Johannes Schindelin brought this change]
6469
6470  schannel: add "best effort" revocation check option
6471
6472  - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
6473    --ssl-revoke-best-effort to allow a "best effort" revocation check.
6474
6475  A best effort revocation check ignores errors that the revocation check
6476  was unable to take place. The reasoning is described in detail below and
6477  discussed further in the PR.
6478
6479  ---
6480
6481  When running e.g. with Fiddler, the schannel backend fails with an
6482  unhelpful error message:
6483
6484          Unknown error (0x80092012) - The revocation function was unable
6485          to check revocation for the certificate.
6486
6487  Sadly, many enterprise users who are stuck behind MITM proxies suffer
6488  the very same problem.
6489
6490  This has been discussed in plenty of issues:
6491  https://github.com/curl/curl/issues/3727,
6492  https://github.com/curl/curl/issues/264, for example.
6493
6494  In the latter, a Microsoft Edge developer even made the case that the
6495  common behavior is to ignore issues when a certificate has no recorded
6496  distribution point for revocation lists, or when the server is offline.
6497  This is also known as "best effort" strategy and addresses the Fiddler
6498  issue.
6499
6500  Unfortunately, this strategy was not chosen as the default for schannel
6501  (and is therefore a backend-specific behavior: OpenSSL seems to happily
6502  ignore the offline servers and missing distribution points).
6503
6504  To maintain backward-compatibility, we therefore add a new flag
6505  (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
6506  (`--ssl-revoke-best-effort`) to select the new behavior.
6507
6508  Due to the many related issues Git for Windows and GitHub Desktop, the
6509  plan is to make this behavior the default in these software packages.
6510
6511  The test 2070 was added to verify this behavior, adapted from 310.
6512
6513  Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
6514  Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
6515  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
6516
6517  Closes https://github.com/curl/curl/pull/4981
6518
6519- multi: Improve parameter check for curl_multi_remove_handle
6520
6521  - If an easy handle is owned by a multi different from the one specified
6522    then return CURLM_BAD_EASY_HANDLE.
6523
6524  Prior to this change I assume user error could cause corruption.
6525
6526  Closes https://github.com/curl/curl/pull/5116
6527
6528Viktor Szakats (17 Mar 2020)
6529- windows: suppress UI in all CryptAcquireContext() calls
6530
6531  Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
6532  Reviewed-by: Marc Hörsken
6533  Closes https://github.com/curl/curl/pull/5088
6534
6535Daniel Stenberg (17 Mar 2020)
6536- writeout_json: add missing comma to fix the HTTP version
6537
6538  Follow-up to 04c03416e68fd635a15
6539
6540- test 970: verify --write-out '%{json}'
6541
6542  Makes curl_easy_getinfo() of "variable" numerical content instead return
6543  the number set in the env variable `CURL_TIME`.
6544
6545  Makes curl_version() of "variable" textual content. This guarantees a
6546  stable version string which can be tested against. Environment variable
6547  `CURL_VERSION` defines the content.
6548
6549  Assisted-by: Mathias Gumz
6550
6551- [Mathias Gumz brought this change]
6552
6553  writeout: support to generate JSON output
6554
6555  This commit adds support to generate JSON via the writeout feature:
6556
6557      -w "%{json}"
6558
6559  It leverages the existing infrastructure as much as possible. Thus,
6560  generating the JSON on STDERR is possible by:
6561
6562      -w "%{stderr}%{json}"
6563
6564  This implements a variant of
6565  https://github.com/curl/curl/wiki/JSON#--write-out-json.
6566
6567  Closes #4870
6568
6569- CI: stop ignoring 323, it is disabled
6570
6571- DISABLED: disable test 323
6572
6573  The test uses SRP to "a server not supporting it" but modern stunnel
6574  versions will silently accept it and remain happy. The test is therefore
6575  faulty.
6576
6577  I haven't figured out how to make stunnel explicitly reject SRP-using
6578  connects.
6579
6580  Reported-by: Marc Hörsken
6581  Fixes #5105
6582  Closes #5113
6583
6584Marc Hoersken (17 Mar 2020)
6585- ci/tests: increase timeouts for torture builds on Azure Pipelines
6586
6587  For some reason the torture builds have slowed down recently.
6588
6589  Reported-by: Daniel Stenberg
6590
6591Daniel Stenberg (16 Mar 2020)
6592- cmake: add support for building with wolfSSL
6593
6594  My working build cmdline:
6595
6596  $ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON .
6597
6598  Assisted-by: Brad King
6599  Closes #5095
6600
6601- tool_operate: fix add_parallel_transfers when more are in queue
6602
6603  Trying to return early from the function if no new transfers were added
6604  would break the "morep" argument and cause issues. This could lead to
6605  zero content "transfers" (within quotes since they would never be
6606  started) when parallel-max was reduced.
6607
6608  Reported-by: Gavin Wong
6609  Analyzed-by: Jay Satiro
6610  Fixes #4937
6611  Closes #5112
6612
6613- vtls: free ssl_config leftovers on out-of-memory
6614
6615  Torture testing 2034 and 2037 found this.
6616
6617  Reported-by: Marc Hörsken
6618  Fixes #5108
6619  Closes #5109
6620
6621Marc Hoersken (16 Mar 2020)
6622- ci/tests: fix Azure Pipelines not running for pull requests
6623
6624  Closes #5111
6625
6626Daniel Stenberg (15 Mar 2020)
6627- gskit: update the copyright year range
6628
6629  Follow-up from 083603c63a3
6630
6631Marc Hoersken (15 Mar 2020)
6632- gskit: use our internal select wrapper for portability
6633
6634  Follow up to c52b342
6635  Closes #5106
6636
6637- tests: fix verification of stdout in test 1452 due to newline
6638
6639  Fixes test1452:41:1: error: missing </stdout> tag before </verify>
6640
6641- ci/tests: install impacket for SMB tests on FreeBSD using CirrusCI
6642
6643  Also force the package index/cache to be updated before installing.
6644
6645  Closes #5103
6646
6647- tests/README: add note about manually installing python-impacket
6648
6649  Follow up to 4be2560
6650
6651Daniel Stenberg (15 Mar 2020)
6652- transfer: cap retries of "dead connections" to 5
6653
6654  When libcurl retries a connection due to it being "seemingly dead" or by
6655  REFUSED_STREAM, it will now only do it up five times before giving up,
6656  to avoid never-ending loops.
6657
6658  Reported-by: Dima Tisnek
6659  Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html
6660  Closes #5074
6661
6662- TODO: TLS-PSK with OpenSSL
6663
6664  Closes #5081
6665
6666Marc Hoersken (15 Mar 2020)
6667- select: add 'timeout_ms' wrap-around precaution to Curl_select
6668
6669- select: fix 'pending_ms' is assigned a value that is never used
6670
6671  Detected by Codacy
6672
6673- select: move duplicate select preparation code into Curl_select
6674
6675  Reviewed by Daniel Stenberg
6676  Reviewed by Marcel Raad
6677  Closes #5078
6678
6679Daniel Stenberg (15 Mar 2020)
6680- connect: happy eyeballs cleanup
6681
6682  Make sure each separate index in connn->tempaddr[] is used for a fixed
6683  family (and only that family) during the connection process.
6684
6685  If family one takes a long time and family two fails immediately, the
6686  previous logic could misbehave and retry the same family two address
6687  repeatedly.
6688
6689  Reported-by: Paul Vixie
6690  Reported-by: Jay Satiro
6691  Fixes #5083
6692  Fixes #4954
6693  Closes #5089
6694
6695Marc Hoersken (15 Mar 2020)
6696- ci/tests: fix and align setting TFLAGS for make test-nonflaky
6697
6698- ci/tests: install test suite dependencies stunnel and impacket
6699
6700- tests: remove python_dependencies for smbserver from our tree
6701
6702  Users of the SMB tests will have to install impacket manually.
6703
6704  Reasoning: our in-tree version of impacket was quite outdated
6705  and only compatible with Python 2 which is already end-of-life.
6706  Upgrading to Python 3 and a compatible impacket version would
6707  require to import additional Python-only and CPython-extension
6708  dependencies. This would have hindered portability enormously.
6709
6710  Closes #5094
6711
6712Jay Satiro (14 Mar 2020)
6713- Makefile.m32: Improve windres parameter compatibility
6714
6715  - s/COFF/coff/
6716
6717  Some versions of windres do not recognize uppercase COFF as a valid
6718  way to specify the COFF output format.
6719
6720  Reported-by: Steven Penny
6721
6722  Fixes https://github.com/curl/curl/issues/5099
6723  Closes https://github.com/curl/curl/pull/5101
6724
6725- easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-ares
6726
6727  - Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in
6728    curl_easy_duphandle.
6729
6730  Prior to this change if c-ares was used as the resolver backend and
6731  either it was too old or libcurl was built without IPv6 support then
6732  some of our resolver functions could return CURLE_NOT_BUILT_IN to
6733  curl_easy_duphandle causing it to fail.
6734
6735  Caused by c8f086b which shipped in 7.69.1.
6736
6737  Reported-by: Karl Chen
6738
6739  Fixes https://github.com/curl/curl/issues/5097
6740  Closes https://github.com/curl/curl/pull/5100
6741
6742Daniel Stenberg (13 Mar 2020)
6743- docs: add warnings about FILE: URLs on Windows
6744
6745   - --url man page section
6746   - libcurl-security.3 gets the full text
6747   - CURLOPT_URL.3
6748
6749  Reported-by: Tim Sedlmeyer
6750
6751- server/getpart: make the "XML-parser" stricter
6752
6753  When extracting a <section> <part> and there's no </part> before
6754  </section>, this now outputs an error and returns a wrong string to
6755  make users spot the mistake.
6756
6757  Ref: #5070
6758  Closes #5071
6759
6760Marc Hoersken (13 Mar 2020)
6761- impacket: some more Python 3 code compatibility updates
6762
6763  This makes smbserver load on Python 3, but still not work completely.
6764
6765- smbserver: pin Python version to 2 since we are not yet 3 compatible
6766
6767  Even though the existing code can be fixed to run on Python 3, the
6768  tests will fail due to the Unicode transition the protocol is invalid.
6769
6770  Follow up to ee63837
6771  Closes #5085
6772
6773Daniel Stenberg (12 Mar 2020)
6774- [Viktor Szakats brought this change]
6775
6776  cleanup: fix some text/comment typos
6777
6778  Closes #5087
6779
6780Marc Hoersken (12 Mar 2020)
6781- smbserver: fix Python version specific ConfigParser import
6782
6783  Follow up to ee63837 and 8c7c4a6
6784  Fixes #5077
6785
6786Daniel Stenberg (11 Mar 2020)
6787- RELEASE-NOTES: synced
6788
6789  bumped to 7.69.2
6790
6791Dan Fandrich (11 Mar 2020)
6792- tests/data: Fix some XML formatting issues in test cases
6793
6794  This allows these test files to pass xmllint.
6795
6796Daniel Stenberg (11 Mar 2020)
6797- [Muhammad Herdiansyah brought this change]
6798
6799  Makefile: run the cd commands in a subshell
6800
6801  In bmake, if the directory is changed (with cd or anything else), bmake
6802  won't return to the "root directory" on the next command (in the same
6803  Makefile rule). This commit runs the cd command in a subshell so it
6804  would work in bmake.
6805
6806  Closes #5073
6807
6808- configure: convert -I to -isystem as a last step
6809
6810  As all the -I uses in CFLAGS at that point are for system headers and
6811  third party libraries this helps us remove/ignore warnings on those!
6812
6813  Closes #5060
6814
6815- configure: fix -pedantic-errors for GCC 5 and later
6816
6817  If --enable-werror is used.
6818
6819  Follow-up to d5c0351055d5709da which added it too early in the configure
6820  script before $compiler_num was set correctly and thus this option was
6821  never used.
6822
6823  Reported-by: Stepan Efremov
6824  Fixes #5067
6825  Closes #5068
6826
6827- configure: document 'compiler_num' for gcc
6828
6829  The CURL_CHECK_COMPILER_GNU_C function sets the number to MAJOR*100 +
6830  MINOR and ignores the patch version, and since gcc version 7 it only
6831  sets it to MAJOR*100.
6832
6833  Reported-by: Stepan Efremov
6834  Ref: #5067
6835  Closes #5069
6836
6837Version 7.69.1 (11 Mar 2020)
6838
6839Daniel Stenberg (11 Mar 2020)
6840- RELEASE-NOTES: 7.69.1
6841
6842- THANKS: from the 7.69.1 release
6843
6844- [Marc Hoersken brought this change]
6845
6846  test1129: fix invalid case of closing XML-tag and Content-Length
6847
6848  Fixes #5070
6849  Closes #5072
6850
6851Marc Hoersken (10 Mar 2020)
6852- tests/data: fix static ip instead of dynamic value being used
6853
6854  Follow up to 94ced8e
6855
6856- tests/data: fix static ip:port instead of dynamic values being used
6857
6858  Closes #5065
6859
6860- tests/server: fix missing use of exe_ext helper function
6861
6862  Follow up to 9819984 and 3dce984
6863  Reviewed-By: Daniel Stenberg
6864  Closes #5064
6865
6866- runtests: log minimal and maximal used port numbers
6867
6868Daniel Stenberg (9 Mar 2020)
6869- [James Fuller brought this change]
6870
6871  sftp: fix segfault regression introduced by #4747
6872
6873  This fix adds a defensive check for the case where the char *name in
6874  struct libssh2_knownhost is NULL
6875
6876  Fixes #5041
6877  Closes #5062
6878
6879- RELEASE-NOTES: synced
6880
6881- socks4: fix host resolve regression
6882
6883  1. The socks4 state machine was broken in the host resolving phase
6884
6885  2. The code now insists on IPv4-only when using SOCKS4 as the protocol
6886  only supports that.
6887
6888  Regression from #4907 and 4a4b63d, shipped in 7.69.0
6889
6890  Reported-by: amishmm on github
6891  Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594
6892  Closes #5061
6893
6894- [Patrick Monnerat brought this change]
6895
6896  silly web server: silent a compilation warning
6897
6898  Recent gcc warns when byte count of strncpy() equals the destination
6899  buffer size. Since the destination buffer is previously cleared and
6900  the source string is always shorter, reducing the byte count by one
6901  silents the warning without affecting the result.
6902
6903  Closes #5059
6904
6905- [Patrick Monnerat brought this change]
6906
6907  cookie: get_top_domain() sets zero length for null domains
6908
6909  This silents a compilation warning with gcc -O3.
6910
6911- [Patrick Monnerat brought this change]
6912
6913  test 1560: avoid valgrind false positives
6914
6915  When using maximum code optimization level (-O3), valgrind wrongly
6916  detects uses of uninitialized values in strcmp().
6917
6918  Preset buffers with all zeroes to avoid that.
6919
6920Steve Holme (8 Mar 2020)
6921- sha256: Added WinCrypt implementation
6922
6923  Closed #5030
6924
6925- sha256: Added SecureTransport implementation
6926
6927Daniel Stenberg (7 Mar 2020)
6928- lib1564: reduce number of mid-wait wakeup calls
6929
6930  This test does A LOT of *wakeup() calls and then calls curl_multi_poll()
6931  twice. The first *poll() is then expected to return early and the second
6932  not - as the first is supposed to drain the socketpair pipe.
6933
6934  It turns out however that when given "excessive" amounts of writes to
6935  the pipe, some operating systems (the Solaris based are known) will
6936  return EAGAIN before the pipe is drained, which in our test case causes
6937  the second *poll() call to also abort early.
6938
6939  This change attempts to avoid the OS-specific behaviors in the test by
6940  reducing the amount of wakeup calls from 1234567 to 10.
6941
6942  Reported-by: Andy Fiddaman
6943  Fixes #5037
6944  Closes #5058
6945
6946- [Patrick Monnerat brought this change]
6947
6948  mime: fix the binary encoder to handle large data properly
6949
6950  New test 666 checks this is effective.
6951  As upload buffer size is significant in this kind of tests, shorten it
6952  in similar test 652.
6953
6954  Fixes #4860
6955  Closes #4833
6956  Reported-by: RuurdBeerstra on github
6957
6958- [Patrick Monnerat brought this change]
6959
6960  mime: do not perform more than one read in a row
6961
6962  Input buffer filling may delay the data sending if data reads are slow.
6963  To overcome this problem, file and callback data reads do not accumulate
6964  in buffer anymore. All other data (memory data and mime framing) are
6965  considered as fast and still concatenated in buffer.
6966  As this may highly impact performance in terms of data overhead, an early
6967  end of part data check is added to spare a read call.
6968  When encoding a part's data, an encoder may require more bytes than made
6969  available by a single read. In this case, the above rule does not apply
6970  and reads are performed until the encoder is able to deliver some data.
6971
6972  Tests 643, 644, 645, 650 and 654 have been adapted to the output data
6973  changes, with test data size reduced to avoid the boredom of long lists of
6974  1-byte chunks in verification data.
6975  New test 667 checks mimepost using single-byte read callback with encoder.
6976  New test 668 checks the end of part data early detection.
6977
6978  Fixes #4826
6979  Reported-by: MrdUkk on github
6980
6981- [Patrick Monnerat brought this change]
6982
6983  mime: latch last read callback status.
6984
6985  In case a read callback returns a status (pause, abort, eof,
6986  error) instead of a byte count, drain the bytes read so far but
6987  remember this status for further processing.
6988  Takes care of not losing data when pausing, and properly resume a
6989  paused mime structure when requested.
6990  New tests 670-673 check unpausing cases, with easy or multi
6991  interface and mime or form api.
6992
6993  Fixes #4813
6994  Reported-by: MrdUkk on github
6995
6996Marc Hoersken (7 Mar 2020)
6997- runtests: fix missing use of exe_ext helper function
6998
6999Daniel Stenberg (7 Mar 2020)
7000- [Ernst Sjöstrand brought this change]
7001
7002  ares: store dns parameters for duphandle
7003
7004  With c-ares the dns parameters lives in ares_channel. Store them in the
7005  curl handle and set them again in easy_duphandle.
7006
7007  Regression introduced in #3228 (6765e6d), shipped in curl 7.63.0.
7008
7009  Fixes #4893
7010  Closes #5020
7011  Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
7012
7013- version: make curl_version* thread-safe without using global context
7014
7015  Closes #5010
7016
7017- RELEASE-NOTES: synced
7018
7019Marc Hoersken (7 Mar 2020)
7020- tests: use native Sleep function as fallback on Windows
7021
7022  Reviewed-By: Daniel Stenberg
7023  Closes #5054
7024
7025- perl: align order and completeness of Windows OS checks
7026
7027Daniel Stenberg (7 Mar 2020)
7028- tool_cb_see: set correct copyright year range
7029
7030  Follow-up to a39e5bfb9
7031
7032Marc Hoersken (7 Mar 2020)
7033- seek: fix fallback for missing ftruncate on Windows
7034
7035  This fixes test 198 on versions of MinGW-w64 without ftruncate
7036
7037  Reviewed-By: Daniel Stenberg
7038  Reviewed-By: Marcel Raad
7039  Closes #5055
7040
7041- config-win32: Windows does not have ftruncate
7042
7043Daniel Stenberg (7 Mar 2020)
7044- pause: force a connection (re-)check after unpausing
7045
7046  There might be data available that was already read off the socket, for
7047  example in the TLS layer.
7048
7049  Reported-by: Anders Berg
7050  Fixes #4966
7051  Closes #5049
7052
7053- socks5: switch state properly when the resolve is done
7054
7055  Regression from 4a4b63d (and #4907)
7056  Reported-by: vitaha85 on github
7057  Fixes #5053
7058  Closes #5056
7059
7060Jay Satiro (7 Mar 2020)
7061- libssh: Fix matching user-specified MD5 hex key
7062
7063  Prior to this change a match would never be successful because it
7064  was mistakenly coded to compare binary data from libssh to a
7065  user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5).
7066
7067  Reported-by: fds242@users.noreply.github.com
7068
7069  Fixes https://github.com/curl/curl/issues/4971
7070  Closes https://github.com/curl/curl/pull/4974
7071
7072Daniel Stenberg (6 Mar 2020)
7073- pause: bail out on bad input
7074
7075  A NULL easy handle or an easy handle without an associated connection
7076  cannot be paused or unpaused.
7077
7078  Closes #5050
7079
7080Steve Holme (6 Mar 2020)
7081- unit1612: fixed the inclusion and compilation of the HMAC unit test
7082
7083  Follow up to 3f74e5e6 to fix:
7084
7085  - A typo in Makefile.inc where unit1611 was used instead
7086  - Some compilation issues in unit1612.c
7087
7088  Closes #5024
7089
7090Daniel Stenberg (6 Mar 2020)
7091- pause: return early for calls that don't change pause state
7092
7093  Reviewed-by: Patrick Monnerat
7094  Ref: #4833
7095  Closes #5026
7096
7097Jay Satiro (6 Mar 2020)
7098- curl_share_setopt.3: Note sharing cookies doesn't enable the engine
7099
7100  Follow-up to d0a7ee3 which fixed a bug in 7.66.0 that caused
7101  CURL_LOCK_DATA_COOKIE to enable the easy handle's cookie engine.
7102
7103  Bug: https://curl.haxx.se/mail/lib-2020-03/0019.html
7104  Reported-by: Felipe Gasper
7105
7106  Closes https://github.com/curl/curl/pull/5048
7107
7108- multi: skip EINTR check on wakeup socket if it was closed
7109
7110  - Don't check errno on wakeup socket if sread returned 0 since sread
7111    doesn't set errno in that case.
7112
7113  This is a follow-up to cf7760a from several days ago which fixed
7114  Curl_multi_wait to stop busy looping sread on the non-blocking wakeup
7115  socket if it was closed (ie sread returns 0). Due to a logic error it
7116  was still possible to busy loop in that case if errno == EINTR.
7117
7118  Closes https://github.com/curl/curl/pull/5047
7119
7120Daniel Stenberg (6 Mar 2020)
7121- transfer: set correct copyright year range
7122
7123- urldata: remove the 'stream_was_rewound' connectdata struct member
7124
7125  ... as it is never set anywhere.
7126
7127  Follow-up to 2f44e94ef
7128  Closes #5046
7129
7130- Revert "pause: force-drain the transfer on unpause"
7131
7132  This reverts commit fa0216b294af4c7113a9040ca65eefc7fc18ac1c (from #5000)
7133
7134  Clearly that didn't solve the problem correctly.
7135
7136  Reported-by: Christopher Reid
7137  Reopens #4966
7138  Fixes #5044
7139
7140- RELEASE-NOTES: synced
7141
7142  and bumped curlver.h
7143
7144- MANUAL: update a dict-using command line
7145
7146  The 'web1913' database is now invalid, use 'gcide' instead.
7147
7148- KNOWN_BUGS: configure --with-gssapi with Heimdal is ignored on macOS
7149
7150  Closes #3841
7151
7152- polarssl: remove more references and mentions
7153
7154  Assisted-by: Jay Satiro
7155  Follow-up to 6357a19ff29dac04
7156  Closes #5036
7157
7158Marc Hoersken (4 Mar 2020)
7159- tests: wrap ignored test failures in braces
7160
7161- tests: align some Windows sleep defines with each other
7162
7163- tests: try to make sleeping portable by avoiding select
7164
7165  select does not support just waiting on Windows:
7166  https://perldoc.perl.org/perlport.html#select
7167
7168  Reviewed-By: Daniel Stenberg
7169  Closes #5035
7170
7171Daniel Stenberg (4 Mar 2020)
7172- runtests.1: rephrase how to specify what tests to run
7173
7174  Also mention the new tilde-prefixed way to ignore test results.
7175
7176  Reviewed-By: Marc Hoersken
7177  Closes #5033
7178
7179- cirrus-ci: disable the FreeBSD 13 builds
7180
7181  FreeBSD 13.0 is apparently close to a year away from a stable release
7182  and has proven to cause intermittent builds failures recently.
7183
7184  Assisted-by: Dan Fandrich
7185  Assisted-by: Fedor Korotkov
7186  Fixes #5028
7187  Closes #5029
7188
7189Version 7.69.0 (4 Mar 2020)
7190
7191Daniel Stenberg (4 Mar 2020)
7192- RELEASE-NOTES: 7.69.0
7193
7194- THANKS: from 7.69.0
7195
7196  Now sorted case insensitive
7197
7198Marc Hoersken (3 Mar 2020)
7199- ci/tests: fix escaping of testnames and disable proxy for CI APIs
7200
7201  Follow up to ada581f and c0d8b96
7202  Closes #5031
7203
7204Jay Satiro (3 Mar 2020)
7205- cmake: Show HTTPS-proxy in the features output
7206
7207  - Show HTTPS-proxy in the features output for those backends that
7208    support it: OpenSSL, GnuTLS and NSS.
7209
7210  Prior to this change HTTPS-proxy was missing from the cmake features
7211  output even if curl was built with it. Only cmake output was affected.
7212  Both the library and tool correctly reported the feature.
7213
7214  Bug: https://curl.haxx.se/mail/lib-2020-03/0008.html
7215  Reported-by: David Lopes
7216
7217  Closes https://github.com/curl/curl/pull/5025
7218
7219Marc Hoersken (3 Mar 2020)
7220- ci/tests: Make it possible to still run but ignore failing tests
7221
7222  This enables the development of a solution for the failing tests by
7223  running them on CI while ignoring their result for the overall status.
7224
7225  Closes #4994
7226
7227- README.md: add Azure DevOps Pipelines build status badge
7228
7229- ci/tests: Move CI test result creation above environment setup
7230
7231  This avoids using our test servers as proxy to the AppVeyor API.
7232
7233  Closes #5022
7234
7235- ci/tests: Send test results to AppVeyor for status overview
7236
7237  Closes #5021
7238
7239Daniel Stenberg (3 Mar 2020)
7240- Revert "sha256: Added SecureTransport implementation"
7241
7242  This reverts commit 4feb38deed33fed14ff7c370a6a9153c661dbb9c (from #4956)
7243
7244  That commit broke test 1610 on macos builds without TLS.
7245
7246  Closes #5027
7247
7248- dist: include tests/azure.pm in the tarball
7249
7250  Bug: https://github.com/curl/curl/commit/ada581f2cc32f48c1629b729707ac19208435b27#commitcomment-37601589
7251  Reported-by: Marcel Raad
7252
7253Steve Holme (3 Mar 2020)
7254- configure.ac: Disable metalink if mbedTLS is specified
7255
7256  Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as
7257  being one of the backends that metalink needs to be disabled for, I
7258  seem to have included it in the list of allowed SSL/TLS backends in
7259  comnfigure.ac :(
7260
7261  Closes #5013
7262
7263- sha256: Tidy up following recent changes
7264
7265  Reviewed-by: Daniel Stenberg
7266  Closes #4956
7267
7268- sha256: Added WinCrypt implementation
7269
7270- sha256: Added SecureTransport implementation
7271
7272- sha256: Added mbedtls implementation
7273
7274- sha256: Added GNU TLS gcrypt implementation
7275
7276- sha256: Added GNU TLS Nettle implementation
7277
7278Jay Satiro (2 Mar 2020)
7279- curl_escape.3: Add a link to curl_free
7280
7281  Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582
7282
7283- curl_getenv.3: Fix the memory handling description
7284
7285  - Tell the user to call curl_free() to free the pointer returned by
7286    curl_getenv().
7287
7288  Prior to this change the user was directed to call free(), but that
7289  would not work in cases where the library and application use separate C
7290  runtimes and therefore have separate heap memory management.
7291
7292  Closes https://github.com/curl/curl/pull/5016
7293
7294Daniel Stenberg (2 Mar 2020)
7295- [Nick Zitzmann brought this change]
7296
7297  md4: use init/update/final functions in Secure Transport
7298
7299  We can use CC_MD4_Init/Update/Final without having to allocate memory
7300  directly.
7301
7302  Closes #4979
7303
7304Marc Hoersken (2 Mar 2020)
7305- ci/tests: some MacOS builds randomly take longer than 20min
7306
7307Daniel Stenberg (2 Mar 2020)
7308- multi_wait: stop loop when sread() returns zero
7309
7310  It's unclear why it would ever return zero here, but this change fixes
7311  Robert's problem and it shouldn't loop forever...
7312
7313  Reported-by: Robert Dunaj
7314  Bug: https://curl.haxx.se/mail/archive-2020-02/0011.html
7315  Closes #5019
7316
7317- http: mark POSTs with no body as "upload done" from the start
7318
7319  As we have logic that checks if we get a >= 400 reponse code back before
7320  the upload is done, which then got confused since it wasn't "done" but
7321  yet there was no data to send!
7322
7323  Reported-by: IvanoG on github
7324  Fixes #4996
7325  Closes #5002
7326
7327- tests: disable 962, 963 and 964 on Windows
7328
7329  These tests are also doing UTF-8 SMTP.
7330
7331  Follow-up to df207d2dd93b9e73
7332
7333Marc Hoersken (2 Mar 2020)
7334- ci/tests: fine-tune Azure Pipeline timeouts with a small puffer
7335
7336Daniel Stenberg (2 Mar 2020)
7337- configure: bump the AC_COPYRIGHT year range
7338
7339- [Steve Holme brought this change]
7340
7341  tests: disable SMTP UTF-8 tests on Windows
7342
7343  Fixes #4988
7344  Closes #4992
7345
7346- formdata/mime: copyright year range update
7347
7348  Due to the merge/revert cycle
7349
7350- Revert "mime: latch last read callback status."
7351
7352  This reverts commit 87869e38d7afdec3ef1bb4965711458b088e254f.
7353
7354  Fixes #5014
7355  Closes #5015
7356  Reopens #4833
7357
7358- Revert "mime: do not perform more than one read in a row"
7359
7360  This reverts commit ed0f357f7d25566110d4302f33759f4ffb5a6f83.
7361
7362- Revert "mime: fix the binary encoder to handle large data properly"
7363
7364  This reverts commit b2caaa0681f329eed317ffb6ae6927f4a539f0c1.
7365
7366- altsvc: both h3 backends now speak h3-27
7367
7368  ... also updated the HTTP3 build description for ngtcp2 accordingly.
7369
7370- [Patrick Monnerat brought this change]
7371
7372  mime: fix the binary encoder to handle large data properly
7373
7374  New test 666 checks this is effective.
7375  As upload buffer size is significant in this kind of tests, shorten it
7376  in similar test 652.
7377
7378  Fixes #4860
7379  Reported-by: RuurdBeerstra on github
7380
7381- [Patrick Monnerat brought this change]
7382
7383  mime: do not perform more than one read in a row
7384
7385  Input buffer filling may delay the data sending if data reads are slow.
7386  To overcome this problem, file and callback data reads do not accumulate
7387  in buffer anymore. All other data (memory data and mime framing) are
7388  considered as fast and still concatenated in buffer.
7389  As this may highly impact performance in terms of data overhead, an early
7390  end of part data check is added to spare a read call.
7391  When encoding a part's data, an encoder may require more bytes than made
7392  available by a single read. In this case, the above rule does not apply
7393  and reads are performed until the encoder is able to deliver some data.
7394
7395  Tests 643, 644, 645, 650 and 654 have been adapted to the output data
7396  changes, with test data size reduced to avoid the boredom of long lists of
7397  1-byte chunks in verification data.
7398  New test 664 checks mimepost using single-byte read callback with encoder.
7399  New test 665 checks the end of part data early detection.
7400
7401  Fixes #4826
7402  Reported-by: MrdUkk on github
7403
7404- [Patrick Monnerat brought this change]
7405
7406  mime: latch last read callback status.
7407
7408  In case a read callback returns a status (pause, abort, eof,
7409  error) instead of a byte count, drain the bytes read so far but
7410  remember this status for further processing.
7411  Takes care of not losing data when pausing, and properly resume a
7412  paused mime structure when requested.
7413  New tests 670-673 check unpausing cases, with easy or multi
7414  interface and mime or form api.
7415
7416  Fixes #4813
7417  Reported-by: MrdUkk on github
7418  Closes #4833
7419
7420Steve Holme (1 Mar 2020)
7421- unit1651: Fixed conversion compilation warning
7422
7423  371:17: warning: conversion to 'unsigned char' from 'int' may alter its
7424          value [-Wconversion]
7425
7426  Closes #5008
7427
7428- configure.ac: Disable metalink support if an incompatible SSL/TLS specified
7429
7430  tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS,
7431  The Win32 Crypto library and Apple's Common Crypto library.
7432
7433  If an TLS backend such as mbedTLS or WolfSSL is specified then the
7434  following error is given during compilation along, with a load of
7435  unresolved extern errors:
7436
7437  Can't compile METALINK support without a crypto library.
7438
7439  Reviewed-by: Daniel Stenberg
7440  Closes #5006
7441
7442Marc Hoersken (1 Mar 2020)
7443- ci/tests: Update Azure DevOps pipeline job display names
7444
7445  Make the configure step more descriptive and align others.
7446
7447- ci/tests: Fix typo in previous commit 597cf2
7448
7449- ci/tests: Make sure that the AZURE_ACCESS_TOKEN is available
7450
7451  For security reasons the access token is not available to PR builds.
7452  Therefore we should not try to use the DevOps API with an empty token.
7453