Update libcurl from 7.49.1 to 7.50.1.

Bug: 31271247 Test: Build and run update_engine with the new version. mmma external/curl Note: This patch includes the following squashed commits from upstream: commit f2cb3a01192d36395d16acec6cdb93446ca6fd45 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Aug 3 08:37:16 2016 +0200 THANKS: 7 new contributors from the 7.50.1 release commit 95addfe828999399f1a3458c547dbd159e9df81e Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Aug 2 11:30:41 2016 +0200 RELEASE-NOTES: 7.50.1 commit 11ec5ad4352bba384404c56e77c7fab9382fd22d Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jul 31 00:51:48 2016 +0200 TLS: only reuse connections with the same client cert CVE-2016-5420 Bug: https://curl.haxx.se/docs/adv_20160803B.html commit 247d890da88f9ee817079e246c59f3d7d12fde5f Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jul 1 13:32:31 2016 +0200 TLS: switch off SSL session id when client cert is used CVE-2016-5419 Bug: https://curl.haxx.se/docs/adv_20160803A.html Reported-by: Bru Rom Contributions-by: Eric Rescorla and Ray Satiro commit 75dc096e01ef1e21b6c57690d99371dedb2c0b80 Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jul 31 01:09:04 2016 +0200 curl_multi_cleanup: clear connection pointer for easy handles CVE-2016-5421 Bug: https://curl.haxx.se/docs/adv_20160803C.html Reported-by: Marcelo Echeverria and Fernando Muñoz commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Aug 3 00:24:08 2016 +0200 KNOWN_BUGS: SOCKS proxy not working via IPv6 Closes #835 commit ac09c422d36c0d1c946bed6d4d99b83cced9eaba Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Aug 3 00:21:42 2016 +0200 KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM Closes #768 commit 80ab2b5ad9360fce3c313ed03050ce61631e2c78 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Aug 3 00:19:53 2016 +0200 KNOWN_BUGS: transfer-encoding: chunked in HTTP/2 Closes #662 commit 52276b51e056ed7855884e1960ba80dde6e1b6dd Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Aug 3 00:15:58 2016 +0200 TODO: Provide cmake config-file Closes #885 commit a0c2ab93700069a03fad0115442bad9a3ca996fe Author: Patrick Monnerat <patrick.monnerat@dh.com> Date: Tue Aug 2 14:21:31 2016 +0200 os400: define BUILDING_LIBCURL in make script. commit 2136a6a8924000fb82e23b00c6365db4310574ee Author: Daniel Stenberg <daniel@haxx.se> Date: Mon Aug 1 23:40:27 2016 +0200 RELEASE-NOTES: synced with aa9f536a18b commit aa9f536a18b4c222961fbacd9347d06928eec458 Author: Thomas Glanzmann <thomas@glanzmann.de> Date: Mon Aug 1 13:16:42 2016 -0400 mbedtls: Fix debug function name This patch is necessary so that curl compiles if MBEDTLS_DEBUG is defined. Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html commit 120fe1a22deecde49b9c46b125285d0cf846b159 Author: Sergei Nikulov <sergey.nikulov@gmail.com> Date: Mon Aug 1 15:42:15 2016 +0300 travis: fix OSX build by re-installing libtool Apparently due to a broken homebrew install fixes #934 Closes #939 commit 608b11a91f4e994d26f99baf4dd0a7dff03578ab Author: Martin Vejnár <martin.vejnar@avg.com> Date: Mon Aug 1 10:18:55 2016 +0200 win32: fix a potential memory leak in Curl_load_library If a call to GetSystemDirectory fails, the `path` pointer that was previously allocated would be leaked. This makes sure that `path` is always freed. Closes #938 commit d6604524ad24daf4581efbe0020da058d2b3af84 Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jul 31 11:48:44 2016 +0200 include: revert 9adf3c4 and make public types void * again Many applications assume the actual contents of the public types and use that do for example forward declarations (saving them from including our public header) which then breaks when we switch from void * to a struct *. I'm not convinced we were wrong, but since this practise seems widespread enough I'm willing to (partly) step down. Now libcurl uses the struct itself when it is built and it allows applications to use the struct type if CURL_STRICTER is defined at the time of the #include. Reported-by: Peter Frühberger Fixes #926 commit 2bbed9c4f0d2c192cd3b3b61fd6a1c21911936c3 Author: Yonggang Luo <luoyonggang@gmail.com> Date: Fri Jul 15 02:16:18 2016 +0800 cmake: Fix for schannel support The check_library_exists_concat do not check crypt32 library properly. So include it directly. Bug: https://github.com/curl/curl/pull/917 Reported-by: Yonggang Luo Bug: https://github.com/curl/curl/issues/935 Reported-by: Alain Danteny commit cb9ba5cf8dfca61d8ce96086330ccde967c2d418 Author: Jay Satiro <raysatiro@yahoo.com> Date: Thu Jul 28 00:52:44 2016 -0400 Revert "travis: Install libtool for OS X builds" Didn't work. This reverts commit 50723585ed380744358de054e2a55dccee65dfd7. commit 50723585ed380744358de054e2a55dccee65dfd7 Author: Jay Satiro <raysatiro@yahoo.com> Date: Thu Jul 28 00:36:55 2016 -0400 travis: Install libtool for OS X builds CI is failing due to missing libtoolize, so I'm trying this. commit 17bf323221cf1852457eb29a861e589b5e5e7aa3 Author: Viktor Szakats <vszakats@users.noreply.github.com> Date: Tue Jul 26 16:36:29 2016 +0200 TODO: minor typo in last commit merged #931 commit f3cad5bbf2fa2487061ce0f4a15dc2c334ba410e Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jul 26 16:01:50 2016 +0200 TODO: Timeout idle connections from the pool commit ea886941841610e15ae9fe4244434cd7a700b7a6 Author: Patrick Monnerat <patrick.monnerat@dh.com> Date: Mon Jul 25 18:58:23 2016 +0200 os400: minimum supported OS version: V6R1M0. Do not log compilation informational messages. commit 6b130d6be6607dce07d1054af929b17b969f3bf5 Author: Jay Satiro <raysatiro@yahoo.com> Date: Sun Jul 24 02:49:47 2016 -0400 tests: Fix for http/2 feature Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html Reported-by: Paul Howarth commit 1979008703cb50bab16111658202cfd05745f0d8 Author: Steve Holme <steve_holme@hotmail.com> Date: Sat Jul 23 21:34:46 2016 +0100 README: Mention wolfSSL in the 'Dependencies' section commit 3fc845914ad050fcb78ddb8ab947ddbe3928de2a Author: Steve Holme <steve_holme@hotmail.com> Date: Fri Jul 22 20:42:20 2016 +0100 vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO As SPNEGO is only defined when these pre-processor variables are defined there is no need to query them explicitly. commit 25bf71ab0757694e691ad77c48fa6c438df9416e Author: Steve Holme <steve_holme@hotmail.com> Date: Fri Jul 22 20:38:32 2016 +0100 spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration Typo introduced in commit ad5e9bfd5d. commit c7468e8ea2eeac748bb1f3d1410d2de55e9b5802 Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jul 22 01:47:13 2016 +0200 SECURITY: mention how to get windows-specific CVEs ... and make the distros link a proper link commit 47fa8f0dae69ffe1e7a6ad1e7a6075d8cbe804a4 Author: Dan Fandrich <dan@coneharvesters.com> Date: Thu Jul 21 17:06:04 2016 +0200 test558: fix test by stripping file paths from FD lines commit 5e26d9ceeaca8a6730bf405e6512bfe542698c26 Author: Kamil Dudka <kdudka@redhat.com> Date: Thu Jul 21 13:03:16 2016 +0200 tests: distribute the http2-server.pl script, too commit 8b9ba132f0aad9ba1ada8879ab2a9bb03eba57f6 Author: Kamil Dudka <kdudka@redhat.com> Date: Thu Jul 21 12:49:43 2016 +0200 docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too commit 001f8d06fef3c5f1e3b2ab45a2f46de39b70bd9e Author: Daniel Stenberg <daniel@haxx.se> Date: Thu Jul 21 11:16:08 2016 +0200 bump: start working on 7.50.1 commit 79e63a53bb9598af863b0afe49ad662795faeef4 Author: Daniel Stenberg <daniel@haxx.se> Date: Thu Jul 21 01:53:01 2016 +0200 RELEASE-NOTES: version 7.50.0 ready commit d78cf1f03a30d9c19eb6eaefce367ea5278361b9 Author: Daniel Stenberg <daniel@haxx.se> Date: Thu Jul 21 00:34:01 2016 +0200 THANKS: 13 new contributors from the 7.50.0 release commit af8eb69cb29d4cc05eea9578514fe16572443b72 Author: Jay Satiro <raysatiro@yahoo.com> Date: Thu Jul 21 01:37:29 2016 -0400 winbuild: fix embedded manifest option Embedded manifest option didn't work due to typo. Reported-by: Stefan Kanthak commit c5cffce56e4c6f6c26e82438a61abf85e39cac4a Author: Jay Satiro <raysatiro@yahoo.com> Date: Wed Jul 20 22:00:45 2016 -0400 vauth: Fix memleak by freeing credentials if out of memory This is a follow up to the parent commit dcdd4be which fixes one leak but creates another by failing to free the credentials handle if out of memory. Also there's a second location a few lines down where we fail to do same. This commit fixes both of those issues. commit dcdd4be35213d4ba36e41ad92fe2ae4ddab1205d Author: Saurav Babu <saurav.babu@samsung.com> Date: Wed Jul 20 11:08:02 2016 +0200 vauth: Fixed memory leak due to function returning without free This patch allocates memory to "output_token" only when it is required so that memory is not leaked if function returns. commit c6d3fa11e687808ea9f0047d591a39135a4b9f4e Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jul 20 23:04:06 2016 +0200 test558: updated after ipv6-check move Follow-up commit to c50980807c5 to make this test pass. commit 4ee203542d042e9ba4f137ab252637742998de42 Author: Jay Satiro <raysatiro@yahoo.com> Date: Wed Jul 20 02:49:19 2016 -0400 connect: disable TFO on Linux when using SSL - Linux TFO + TLS is not implemented yet. Bug: https://github.com/curl/curl/issues/907 commit 57ac61a46907edc068fbd0f221751b48082fdfce Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jul 19 23:10:39 2016 +0200 ROADMAP: QUIC and TLS 1.3 commit 545562f13e27da87275e421a3b54d063cf2e494e Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jul 19 23:04:26 2016 +0200 RELEASE-NOTES: synced with c50980807c5 commit c50980807c55f91c2fb2d09f3b6dc0ae69f4cf45 Author: Brian Prodoehl <bprodoehl@connectify.me> Date: Fri Jul 15 11:53:13 2016 -0400 curl_global_init: Check if IPv6 works - Curl_ipv6works() is not thread-safe until after the first call, so call it once during global init to avoid a possible race condition. Bug: https://github.com/curl/curl/issues/915 PR: https://github.com/curl/curl/pull/918 commit 16fe3f6b0a73fa4e3e1c2298143e11f4fb4d5f6a Author: Timothy Polich <tpolich@users.noreply.github.com> Date: Wed Jul 13 18:45:32 2016 -0700 CURLMOPT_SOCKETFUNCTION.3: fix typo Closes https://github.com/curl/curl/pull/914 commit bf430ecdef3d7c49cf01a57e3289ff7aaa1e0278 Author: Miroslav Franc <mfranc@gmx.com> Date: Wed Jul 13 18:43:18 2016 +0200 library: Fix memory leaks found during static analysis Closes https://github.com/curl/curl/pull/913 commit bcc8f485e5e364deb6b5ad8502635b4358aaa277 Author: Viktor Szakats <vszakats@users.noreply.github.com> Date: Tue Jul 12 22:44:31 2016 +0200 cookie.c: Fix misleading indentation Closes https://github.com/curl/curl/pull/911 commit f9eed596a3115e583a124ccf7f929573ee5a7da4 Author: Jay Satiro <raysatiro@yahoo.com> Date: Sat Jul 9 03:05:55 2016 -0400 FAQ: Update FTP directory listing section for MLSD command Explain how some FTP servers support the machine readable listing format MLSD from RFC 3659 and compare it to LIST. Ref: https://github.com/curl/curl/issues/906 commit 7c9cfd6c5145217e9678310ac0677494a59da36e Author: Sergei Nikulov <sergey.nikulov@gmail.com> Date: Wed Jun 22 15:42:10 2016 +0300 Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING Closes #892 commit c4f108ece8be881bf70edbd5d22334d1143be88c Author: Daniel Stenberg <daniel@haxx.se> Date: Thu Jun 30 23:45:49 2016 +0200 TODO: 17.4 also brings more HTTP/2 support commit a194e6c9ae40ffe3ab5e281f1096358cdd369d3e Author: Daniel Stenberg <daniel@haxx.se> Date: Thu Jun 30 23:42:06 2016 +0200 TODO: try next proxy if one doesn't work Closes #896 commit 6655e3069120cd069be9b7e2ff268342513c93bf Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 29 23:11:43 2016 +0200 conn: don't free easy handle data in handler->disconnect Reported-by: Gou Lingfeng Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html commit e89489d8f4ceb869ae4e080b34053d4ecba22955 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 29 23:06:32 2016 +0200 test1244: test different proxy ports same URL commit 306192ba55637864e6bf20991cc209c17ff21e55 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 29 16:00:46 2016 +0200 curl_global_init.3: improved formatting of the flags commit bbd99a277bf05bd8c1f6fa682e20646f29ac1de4 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 29 15:57:44 2016 +0200 curl_global_init.3: expand on the SSL and WIN32 bits purpose Reported-by: Richard Gray Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html commit 38685f86c8709c0670e81812b98f8181814212bf Author: Michael Kaufmann <mail@michael-kaufmann.ch> Date: Tue Jun 21 22:43:58 2016 +0200 cleanup: minor code cleanup in Curl_http_readwrite_headers() - the expression of an 'if' was always true - a 'while' contained a condition that was always true - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)' - fixed a typo Closes #889 commit b6ddc0ac075ecb7e86b25a26ba2faf7e7880ce13 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 15:28:04 2016 +0200 SFTP: set a generic error when no SFTP one exists... ... as otherwise we could get a 0 which would count as no error and we'd wrongly continue and could end up segfaulting. Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html Reported-by: 暖和的和暖 commit 614b5034233b95f7a3bbbbe9b0539180fabd7527 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 15:02:46 2016 +0200 ROADMAP: http2 tests are merged, mention http2 perf commit c8b2010c5f225ea0c3922ca198dfe1ed9502d591 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 14:09:08 2016 +0200 docs/README.md: to render nicer pages on github ... as previously the README.cmake would be picked and put at the bottom of the docs page there and it wasn't very representative! commit bf3222e053d03d044f70af59426db2f278201f2d Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 13:58:07 2016 +0200 README.md: change host name for the svg logo rawgit.com asks to use the domain cdn.rawgit.com for production See #900 commit 9305b1cf072990efd259d5fe71581473436afbf1 Author: Viktor Szakats <vszakats@users.noreply.github.com> Date: Tue Jun 28 13:00:05 2016 +0200 README.md: use the SVG logo commit f4955a05537b9f772f0f32aba54326e72f111875 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 10:41:22 2016 +0200 README.md: logo on top! commit a69f27ae91b791360f4a77b7b82e2e88ec097b08 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 28 08:24:16 2016 +0200 KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some Closes #740 commit 91792d83b7ca401372854c58d32e0df2f4eb91a0 Author: Daniel Stenberg <daniel@haxx.se> Date: Mon Jun 27 17:06:52 2016 +0200 RELEASE-NOTES: synced with d61c80515aa8 commit d61c80515aa8e4086863fcc0a9693d50d309fc50 Author: Michael Osipov <1983-01-06@gmx.net> Date: Fri Jun 24 15:17:53 2016 +0200 acinclude.m4: improve autodetection of CA bundle on FreeBSD The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the discovery process. This change also removes the former FreeBSD path that has been obsolete for 8 years since this FreeBSD ports commit: https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953 Closes #894 commit 91697d22a83e274378b957ed878e62467634ff98 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 14:23:46 2016 +0200 configure: don't specify .lib for libs on windows Another follow up for crypt32.lib linking with winssl commit 5c24fc7768d758b3803ccdb2ec54c910badea7ad Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 13:50:56 2016 +0200 configure: fix winssl LIBS change typo follow-up from 120bf29e commit b5d1b498fc4f62e8c63480aaf79c32f24223becf Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 12:06:47 2016 +0200 TODO: "TCP Fast Open" is done, add monitor pool connections commit 120bf29ef2c9dcc56414656d77040c24187b01bc Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 11:57:25 2016 +0200 configure: add crypt32.lib for winssl builds Necessary since 6cabd78531f commit 7530ef5c15f6d90e8a3d043cf59a46225e8ccdd7 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 11:07:05 2016 +0200 Makefile.vc: link with crypt32.lib for winssl builds Necessary since 6cabd78531f Fixes #853 commit 66c447e51e7c066f2ef425e912cee5157c363d55 Author: Joel Depooter <joel.depooter@safe.com> Date: Wed Jun 1 16:29:32 2016 -0700 VC: Add crypt32.lib to Visual Sudio project template files Closes #854 commit 05a69ce32c318109815bbaa9a57700c4594aa267 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 10:53:28 2016 +0200 vc: fix the build for schannel certinfo support Broken since 6cabd785, which adds use of the Curl_extract_certinfo function from the x509asn1.c file. commit 80388edefca58f8199cdfde077efb7f6d91e60fa Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 21 19:31:24 2016 +0200 typedefs: use the full structs in internal code... ... and save the typedef'ed names for headers and external APIs. commit 434f8d0389f2969b393ff81ead713b7600502f27 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 21 15:47:12 2016 +0200 internals: rename the SessionHandle struct to Curl_easy commit 9adf3c473a01b289c781aab111f9ad2fc541ed4e Author: Daniel Stenberg <daniel@haxx.se> Date: Tue Jun 21 14:39:33 2016 +0200 headers: forward declare CURL, CURLM and CURLSH as structs Instead of typedef'ing to void, typedef to their corresponding actual struct names to allow compilers to type-check. Assisted-by: Reinhard Max commit 04b4ee5498b14d320e3b375c64d0162cc2b53c99 Author: Jay Satiro <raysatiro@yahoo.com> Date: Sun Jun 12 23:47:12 2016 -0400 vtls: Only call add/getsession if session id is enabled Prior to this change we called Curl_ssl_getsessionid and Curl_ssl_addsessionid regardless of whether session ID reusing was enabled. According to comments that is in case session ID reuse was disabled but then later enabled. The old way was not intuitive and probably not something users expected. When a user disables session ID caching I'd guess they don't expect the session ID to be cached anyway in case the caching is later enabled. commit 046c2c85c4c365d4ae8a621d7886caf96f51e0e7 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 22 00:37:36 2016 +0200 curl.1: the used progress meter suffix is k in lower case Closes #883 commit 12e21fab26bd83dfa75f009a24380d144ea51857 Author: Sergei Nikulov <sergey.nikulov@gmail.com> Date: Thu Jun 16 13:53:50 2016 +0300 cmake: now using BUILD_TESTING=ON/OFF CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build tests and enabling CTest integration. Options BUILD_CURL_TESTS and BUILD_DASHBOARD_REPORTS was removed. Closes #882 Reviewed-by: Brad King commit 0bdec5e01d9914d97bb9ed1301b1590162fe2945 Author: Michael Kaufmann <mail@michael-kaufmann.ch> Date: Tue Jun 21 09:47:34 2016 +0200 cleanup: fix method names in code comments Closes #887 commit b2dcf0347f1ee5041cccd64632bb8dd7ccbbae91 Author: Kamil Dudka <kdudka@redhat.com> Date: Tue Jun 21 12:40:26 2016 +0200 curl-compilers.m4: improve detection of GCC's -fvisibility= flag Some builds of GCC produce output on both stdout and stderr when --help --verbose is used. The 2>&1 redirection caused them to be arbitrarily interleaved with each other because of stream buffering. Consequently, grep failed to match the fvisibility= string in the mixed output, even though the string was present in GCC's standard output. This led to silently disabling symbol hiding in some builds of curl. commit 5f2e3b886759e0822ff31c36ef10ca8df59fcf59 Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jun 19 23:52:01 2016 +0200 tests: fix the HTTP/2 tests The HTTP/2 tests brought with commit bf05606ef1f were using the internal name 'http2' for the HTTP/2 server, while in fact that name was already used for the second instance of the HTTP server. This made tests using the second instance (like test 2050) fail after a HTTP/2 test had run. The server is now known as HTTP/2 internally and within the <server> section in test cases. 1700, 1701 and 1702 were updated accordingly. commit bb4e7921e70637a43bb01952888fcb0870fb915f Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jun 19 23:21:54 2016 +0200 openssl: use more 'const' to fix build warnings with 1.1.0 branch commit 2668d8df9a61eadbb7de44903f05963984507d3d Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jun 17 10:40:20 2016 +0200 curl.1: missed 'T' in the progress unit suffixes commit c9a6ab6d921a02a198a543d5b0650fb0c94fd94d Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jun 17 00:32:34 2016 +0200 curl.1: mention the unix for the progress meter commit 13d633d27492ccd86a3424b34952b0ef8026306e Author: Patrick Monnerat <patrick.monnerat@dh.com> Date: Thu Jun 16 19:05:42 2016 +0200 os400: add new definitions to ILE/RPG binding. commit d4643d6e799b088e0a7e9b768facc0d1e1e86257 Author: Daniel Stenberg <daniel@haxx.se> Date: Wed Jun 15 15:36:40 2016 +0200 openssl: fix cert check with non-DNS name fields present Regression introduced in 5f5b62635 (released in 7.48.0) Reported-by: Fabian Ruff Fixes #875 commit b1839f6ed8bc8d9324c1fcf334955ddabf47b936 Author: Dan Fandrich <dan@coneharvesters.com> Date: Thu Jun 16 08:44:08 2016 +0200 axtls: Use Curl_wait_ms instead of the less-portable usleep commit 52c5e9488c0bebc002d114d747fee697d422d02d Author: Dan Fandrich <dan@coneharvesters.com> Date: Thu Jun 16 08:29:10 2016 +0200 axtls: Fixed compile after compile 31c521b0 commit 67176e2b840486c58a107ab1178d19cfa65faf0f Author: Dan Fandrich <dan@coneharvesters.com> Date: Wed Jun 15 23:04:48 2016 +0200 tests: Added HTTP proxy keywords to tests 1141 & 1142 commit b70ca5281d93b621dee700c74740b2621d1e30b4 Author: Sergei Nikulov <sergey.nikulov@gmail.com> Date: Tue Jun 14 17:11:48 2016 +0300 cmake: Fix build with winldap Bug: https://github.com/curl/curl/pull/874 Reported-by: Sergei Nikulov commit f77dfbc5fbb7a20f8d3ef918df35b68c0b60f1e9 Author: Jay Satiro <raysatiro@yahoo.com> Date: Sat Jun 11 17:33:16 2016 -0400 CURLOPT_POSTFIELDS.3: Clarify what happens when set empty When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a zero-byte POST. Prior to this change it was documented as sending data from the read callback. This also changes the wording of what happens when empty or NULL so that it's hopefully easier to understand for people whose primary language isn't English. Bug: https://github.com/curl/curl/issues/862 Reported-by: Askar Safin commit 929520582cdd3708f845af637757837b1d2a7d16 Author: Michael Wallner <mike@php.net> Date: Tue Jun 7 07:51:34 2016 +0200 curl_multi_socket_action.3: Fix rewording - Remove some erroneous text. Closes https://github.com/curl/curl/pull/865 commit 608d161b605e4ac0ebdab6c89c64e14423a0457a Author: Luo Jinghua <sunmoon1997@gmail.com> Date: Wed Jun 8 07:23:54 2016 +0800 resolve: enable protocol family logic for synthesized IPv6 - Enable protocol family logic for IPv6 resolves even when support for synthesized addresses is enabled. This is a follow up to the parent commit that added support for synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family logic needed for IPv6 was inadvertently excluded if support for synthesized addresses was enabled. Bug: https://github.com/curl/curl/issues/863 Ref: https://github.com/curl/curl/pull/866 Ref: https://github.com/curl/curl/pull/867 commit 01a49a7626ee4a226cd0b50d70591ab147d60ee0 Author: Luo Jinghua <sunmoon1997@gmail.com> Date: Tue Jun 7 18:11:37 2016 +0800 resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X. If the current network interface doesn’t support IPv4, but supports IPv6, NAT64, and DNS64. Closes #866 Fixes #863 commit 9b6d3a662ea81ec3bbb12002ca79fd27d750671e Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jun 5 11:28:31 2016 +0200 tests: two more HTTP/2 tests 1701 and 1702 commit 320905a34589a987a5afe29c84316b1bfbcb8290 Author: Daniel Stenberg <daniel@haxx.se> Date: Sun Jun 5 11:17:29 2016 +0200 runtests: don't display logs when http2 server fails to start commit d3b5c153af6998e2fd64bfc2b3033b2b5526a8cf Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jun 3 23:54:06 2016 +0200 runtests: make stripfile work on stdout as well ... and have test 1700 use that to strip out the nghttpx server: headers commit bf05606ef1f7a982c821396c3ef9fddeb4a1b011 Author: Daniel Stenberg <daniel@haxx.se> Date: Fri Jun 3 23:36:10 2016 +0200 http2-tests: test1700 is the first real HTTP/2 test It requires that 'nghttpx' is in the PATH, and it will run the tests using nghttpx as a front-end proxy in front of the standard HTTP/1 test server. This uses HTTP/2 over plain TCP. If you like me have nghttpx installed in a custom path, you can run test 1700 like this: $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700 commit c53d8a0b41a661251fc08ef696040a77842e2049 Author: Daniel Stenberg <daniel@haxx.se> Date: Mon Jun 6 23:23:44 2016 +0200 RELEASE-NOTES: synced with 34855feeb4c299 commit 34855feeb4c2991f7a158064abef16829bd4425f Author: Steve Holme <steve_holme@hotmail.com> Date: Mon Jun 6 20:53:30 2016 +0100 schannel: Disable ALPN on Windows < 8.1 Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL fails on Windows < 8.1 so we need to disable ALPN on these OS versions. Inspiration provide by: Daniel Seither Closes #848 Fixes #840 commit 84a48e5732d9dd0c98fda3597352e4b16f35a7ad Author: Jay Satiro <raysatiro@yahoo.com> Date: Sun Jun 5 21:07:03 2016 -0400 checksrc: Add LoadLibrary to the banned functions list LoadLibrary was supplanted by Curl_load_library for security reasons in 6df916d. commit 1aa899ff38548a5d1c196f5c9ad7047f0fae3f5a Author: Jay Satiro <raysatiro@yahoo.com> Date: Sun Jun 5 03:13:32 2016 -0400 http: Fix HTTP/2 connection reuse - Change the parser to not require a minor version for HTTP/2. HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2 in 8243a95 because the parser still expected a minor version. Bug: https://github.com/curl/curl/issues/855 Reported-by: Andrew Robbins, Frank Gevaerts commit 61c92c7850cb83c572827dc348247b8b9b57c25a Author: Steve Holme <steve_holme@hotmail.com> Date: Sat Jun 4 21:52:08 2016 +0100 connect.c: Fixed compilation warning from commit 332e8d6164 connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else' commit 332e8d6164bfb33dfae19704ef8c3e851a71b2d3 Author: Steve Holme <steve_holme@hotmail.com> Date: Sat Jun 4 20:58:39 2016 +0100 win32: Used centralised verify windows version function Closes #845 commit dde5e430e21605e94b24262deef4800e04fb6ba5 Author: Steve Holme <steve_holme@hotmail.com> Date: Sat Jun 4 20:51:32 2016 +0100 win32: Added verify windows version functionality commit 6020ce5fa70212f105e74456037a2f5cc66c4e09 Author: Steve Holme <steve_holme@hotmail.com> Date: Sat Jun 4 20:06:56 2016 +0100 win32: Introduced centralised verify windows version function commit 584d0121c353ed855115c39f6cbc009854018029 Author: Kamil Dudka <kdudka@redhat.com> Date: Fri Jun 3 11:26:20 2016 +0200 tool_urlglob: fix off-by-one error in glob_parse() ... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757 commit 873b4346bafdec388fa4bd61ebdee0161da661a0 Author: Benjamin Kircher <kircher@otris.de> Date: Wed Jun 1 19:02:18 2016 +0200 libcurl-multi.3: fix small typo Closes #850 commit 55ab64ed1a0472f70a466d5b53c317992c0640c0 Author: Viktor Szakats <vszakats@users.noreply.github.com> Date: Wed Jun 1 10:35:38 2016 +0200 makefile.m32: add crypt32 for winssl builds Dependency added by 6cabd78 Closes #849 commit 31c521b0470e57125ffcd0f1b0c6edf3b9af96c1 Author: Ivan Avdeev <me@w23.ru> Date: Wed Jun 1 09:30:03 2016 +0200 vtls: fix ssl session cache race condition Sessionid cache management is inseparable from managing individual session lifetimes. E.g. for reference-counted sessions (like those in SChannel and OpenSSL engines) every session addition and removal should be accompanied with refcount increment and decrement respectively. Failing to do so synchronously leads to a race condition that causes symptoms like use-after-free and memory corruption. This commit: - makes existing session cache locking explicit, thus allowing individual engines to manage lock's scope. - fixes OpenSSL and SChannel engines by putting refcount management inside this lock's scope in relevant places. - adds these explicit locking calls to other engines that use sessionid cache to accommodate for this change. Note, however, that it is unknown whether any of these engines could also have this race. Bug: https://github.com/curl/curl/issues/815 Fixes #815 Closes #847 commit 6cabd78531f80d5c6cd942ed1aa97eaa5ec080df Author: Andrew Kurushin <ajax16384@gmail.com> Date: Wed Jun 1 08:48:30 2016 +0200 schannel: add CURLOPT_CERTINFO support Closes #822 commit c444ace5568cdbd7c4f85fecb3f05680aaa5b96d Author: Daniel Stenberg <daniel@haxx.se> Date: Tue May 31 23:33:48 2016 +0200 RELEASE-NOTES: synced with 142ee9fa15002315 commit 142ee9fa1500231557333a70691049166e79854a Author: Daniel Stenberg <daniel@haxx.se> Date: Tue May 31 19:54:35 2016 +0200 openssl: rename the private SSL_strerror ... to make it not look like an OpenSSL function commit 7108e53fb58a194df54149e3a52c7df006f24ae7 Author: Michael Kaufmann <mail@michael-kaufmann.ch> Date: Tue May 31 16:25:56 2016 +0200 openssl: Use correct buffer sizes for error messages Closes #844 commit 6dbc23cfd86bbf8c1616759068a5909ced3dcc99 Author: Daniel Stenberg <daniel@haxx.se> Date: Tue May 31 14:13:33 2016 +0200 curl: fix -q [regression] This broke in 7.49.0 with commit e200034425a7625 Fixes #842 commit 5409e1d793de755c7433336b80b0c8370a359d45 Author: Daniel Stenberg <daniel@haxx.se> Date: Sun May 8 15:11:10 2016 +0200 URL parser: allow URLs to use one, two or three slashes Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791 commit ed8b8f2456fc485fa81fb3d3eaef684121bb1aef Author: Renaud Lehoux <renaud.lehoux@ercom.fr> Date: Mon May 30 17:26:10 2016 +0200 cmake: Added missing mbedTLS support Closes #837 commit 2072b4ae4f337a46283bfcc98a6f42c063d43bdf Author: Renaud Lehoux <renaud.lehoux@ercom.fr> Date: Mon May 30 18:10:23 2016 +0200 mbedtls: removed unused variables Closes #838 commit 071c56139463137a4e32a8d841a70c16f3682bb7 Author: Frank Gevaerts <frank@gevaerts.be> Date: Wed May 11 14:23:37 2016 +0200 http: add CURLINFO_HTTP_VERSION and %{http_version} Adds access to the effectively used http version to both libcurl and curl. Closes #799 commit 4bffaad85f7ba9ba12272a06ce4e4a81a9a3178a Author: Daniel Stenberg <daniel@haxx.se> Date: Mon May 30 22:55:54 2016 +0200 bump: start the journey toward 7.50.0 commit c9b4e6e85907f1581c8d6e1ab52c7f8b9282f266 Author: Marcel Raad <raad@teamviewer.com> Date: Mon May 30 13:26:20 2016 +0200 openssl: fix build with OPENSSL_NO_COMP With OPENSSL_NO_COMP defined, there is no function SSL_COMP_free_compression_methods Closes #836 commit 9a1593501cb30e36ea7109680cab368f9425000d Author: Gisle Vanem <gvanem@yahoo.no> Date: Mon May 30 11:43:04 2016 +0200 memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC Fixes #828 commit 27c86c887194088551577832d284237678e837b4 Author: Jonathan <vanillajonathan@users.noreply.github.com> Date: Mon May 30 10:46:35 2016 +0200 README.md: polish Closes #834 commit 602a6bdf6f378b5f44ba7f5f9c9cf87d52c507bd Author: Daniel Stenberg <daniel@haxx.se> Date: Mon May 30 08:21:16 2016 +0200 RELEASE-NOTES: fix vuln link Change-Id: I794e042ee8550487e0d42a4df72c73f2b4f89500
author: Alex Deymo <deymo@google.com> 2016-10-05 11:18:42 -0700
committer: Alex Deymo <deymo@google.com> 2016-10-05 13:53:36 -0700
commit: e3149cc1cf501b46caba8d47652ac90b95c78eac (patch)
tree: 5dd15c327ae0fcd275b402e26e60c72d2931fec0 /RELEASE-NOTES
parent: b21079712b7eabed7441ec11661f5be02505c1cd (diff)
download: external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.tar.gz
external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.tar.bz2
external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.zip
1 files changed, 30 insertions, 37 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ca3142c0..163ceb1a 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,30 +1,26 @@
-Curl and libcurl 7.49.1
+Curl and libcurl 7.50.1
 
- Public curl releases:         155
+ Public curl releases:         157
  Command line options:         185
  curl_easy_setopt() options:   224
  Public functions in libcurl:  61
- Contributors:                 1404
+ Contributors:                 1418
 
 This release includes the following bugfixes:
 
- o Windows: prevent DLL hijacking, CVE-2016-4802 [11]
- o dist: include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md [1]
- o schannel: fix compile break with MSVC XP toolset [2]
- o curlbuild.h.dist: check __LP64__ as well to fix MIPS build [3]
- o dist: include curl_multi_socket_all.3 [4]
- o http2: use HTTP/2 in the HTTP/1.1-alike response
- o openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
- o CURLOPT_CONNECT_TO.3: user must not free the list prematurely [5]
- o libcurl.m4: Avoid obsolete warning [6]
- o winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity [7]
- o curl_multibyte: fix compiler error
- o openssl: cleanup must free compression methods (memory leak) [8]
- o mbedtls: fix includes so snprintf() works [9]
- o checksrc.pl: Added variants of strcat() & strncat() to banned function list
- o contributors.sh: better grep pattern and show GitHub username [10]
- o ssh: fix build for libssh2 before 1.2.6 [12]
- o curl_share_setopt.3: Add min ver needed for ssl session lock [13]
+ o TLS: switch off SSL session id when client cert is used [7]
+ o TLS: only reuse connections with the same client cert [8]
+ o curl_multi_cleanup: clear connection pointer for easy handles [9]
+ o include the CURLINFO_HTTP_VERSION(3) man page into the release tarball
+ o include the http2-server.pl script in the release tarball
+ o test558: fix test by stripping file paths from FD lines
+ o spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
+ o tests: Fix for http/2 feature [1]
+ o cmake: Fix for schannel support [2]
+ o curl.h: make public types void * again [3]
+ o win32: fix a potential memory leak in Curl_load_library [4]
+ o travis: fix OSX build by re-installing libtool [5]
+ o mbedtls: Fix debug function name [6]
 
 This release includes the following known bugs:
 
@@ -33,25 +29,22 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alexander Traud, Daniel Stenberg, Gisle Vanem, Jan Ehrhardt,
-  jveazey on github, Marcel Raad, Michael Kaufmann, Michael Wallner,
-  Moti Avrahami, Paul Howarth, Ray Satiro, Steve Holme, Tomas Jakobsson,
-  (13 contributors)
+  Alain Danteny, Bru Rom, Dan Fandrich, Daniel Stenberg, Eric Rescorla,
+  Fernando Muñoz, Kamil Dudka, Marcelo Echeverria, Martin Vejnár,
+  Patrick Monnerat, Paul Howarth, Peter Frühberger, Ray Satiro, Sergei Nikulov,
+  Steve Holme, Thomas Glanzmann, Viktor Szakáts, Yonggang Luo,
+  (18 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/mail/lib-2016-05/0113.html
- [2] = https://curl.haxx.se/bug/?i=812
- [3] = https://curl.haxx.se/bug/?i=813
- [4] = https://curl.haxx.se/bug/?i=816
- [5] = https://curl.haxx.se/bug/?i=819
- [6] = https://curl.haxx.se/bug/?i=821
- [7] = https://curl.haxx.se/bug/?i=818
- [8] = https://curl.haxx.se/bug/?i=817
- [9] = https://curl.haxx.se/mail/lib-2016-05/0196.html
- [10] = https://curl.haxx.se/bug/?i=824
- [11] = https://curl.haxx.se/docs/adv_20160527.html
- [12] = https://curl.haxx.se/bug/?i=831
- [13] = https://github.com/curl/curl/issues/826
+ [1] = https://curl.haxx.se/mail/lib-2016-07/0070.html
+ [2] = https://curl.haxx.se/bug/?i=917
+ [3] = https://curl.haxx.se/bug/?i=926
+ [4] = https://curl.haxx.se/bug/?i=938
+ [5] = https://curl.haxx.se/bug/?i=939
+ [6] = https://curl.haxx.se/mail/lib-2016-08/0001.html
+ [7] = https://curl.haxx.se/docs/adv_20160803A.html
+ [8] = https://curl.haxx.se/docs/adv_20160803B.html
+ [9] = https://curl.haxx.se/docs/adv_20160803C.html
author	Alex Deymo <deymo@google.com>	2016-10-05 11:18:42 -0700
committer	Alex Deymo <deymo@google.com>	2016-10-05 13:53:36 -0700
commit	e3149cc1cf501b46caba8d47652ac90b95c78eac (patch)
tree	5dd15c327ae0fcd275b402e26e60c72d2931fec0 /RELEASE-NOTES
parent	b21079712b7eabed7441ec11661f5be02505c1cd (diff)
download	external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.tar.gz external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.tar.bz2 external_curl-e3149cc1cf501b46caba8d47652ac90b95c78eac.zip