1 files changed, 90 insertions, 141 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 54029dbce..2973b75a8 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,95 +1,61 @@
-Curl and libcurl 7.48.0
+Curl and libcurl 7.50.2
 
- Public curl releases:         153
- Command line options:         179
- curl_easy_setopt() options:   221
+ Public curl releases:         158
+ Command line options:         185
+ curl_easy_setopt() options:   224
  Public functions in libcurl:  61
- Contributors:                 1364
-
-This release includes the following changes:
-
- o configure: --with-ca-fallback: use built-in TLS CA fallback [2]
- o TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS [22]
- o getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION [25]
- o added CODE_STYLE.md [47]
+ Contributors:                 1441
 
 This release includes the following bugfixes:
 
- o Proxy-Connection: stop sending this header by default [1]
- o os400: sync ILE/RPG definitions with latest public header files
- o cookies: allow spaces in cookie names, cut of trailing spaces [3]
- o tool_urlglob: Allow reserved dos device names (Windows) [4]
- o openssl: remove most BoringSSL #ifdefs [5]
- o tool_doswin: Support for literal path prefix \\?\
- o mbedtls: fix ALPN usage segfault [6]
- o mbedtls: fix memory leak when destroying SSL connection data [7]
- o nss: do not count enabled cipher-suites
- o examples/cookie_interface.c: add cleanup call
- o examples: adhere to curl code style
- o curlx_tvdiff: handle 32bit time_t overflows [8]
- o dist: ship buildconf.bat too
- o curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts [9]
- o generate.bat: Fix comment bug by removing old comments [10]
- o test1604: Add to Makefile.inc so it gets run
- o gtls: fix for builds lacking encrypted key file support [11]
- o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12]
- o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13]
- o cookie: do not refuse cookies to localhost [14]
- o openssl: avoid direct PKEY access with OpenSSL 1.1.0 [15]
- o http: Don't break the header into chunks if HTTP/2 [16]
- o http2: don't decompress gzip decoding automatically [17]
- o curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
- o curl.1: add a missing dash
- o curl.1: HTTP headers for --cookie must be Set-Cookie style [18]
- o CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style [18]
- o curl_sasl: Fix memory leak in digest parser [19]
- o src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support [20]
- o CURLOPT_DEBUGFUNCTION.3: Fix example
- o runtests: Fixed usage of %PWD on MinGW64 [21]
- o tests/sshserver.pl: use RSA instead of DSA for host auth [23]
- o multi_remove_handle: keep the timeout list until after disconnect [24]
- o Curl_read: check for activated HTTP/1 pipelining, not only requested
- o configure: warn on invalid ca bundle or path [26]
- o file: try reading from files with no size [27]
- o getinfo: Add support for mbedTLS TLS session info
- o formpost: fix memory leaks in AddFormData error branches [28]
- o makefile.m32: allow to pass .dll/.exe-specific LDFLAGS [29]
- o url: if Curl_done is premature then pipeline not in use [30]
- o cookie: remove redundant check [31]
- o cookie: Don't expire session cookies in remove_expired [32]
- o makefile.m32: fix to allow -ssh2-winssl combination [33]
- o checksrc.bat: Fixed cannot find perl if installed but not in path
- o build-openssl.bat: Fixed cannot find perl if installed but not in path
- o mbedtls: fix user-specified SSL protocol version
- o makefile.m32: add missing libs for static -winssl-ssh2 builds [34]
- o test46: change cookie expiry date [35]
- o pipeline: Sanity check pipeline pointer before accessing it [36]
- o openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
- o ftp_done: clear tunnel_state when secondary socket closes [37]
- o opt-docs: fix heading macros [38]
- o imap/pop3/smtp: Fixed connections upgraded with TLS are not reused [39]
- o curl_multi_wait: never return -1 in 'numfds' [40]
- o url.c: fix clang warning: no newline at end of file
- o krb5: improved type handling to avoid clang compiler warnings
- o cookies: first n/v pair in Set-Cookie: is the cookie, then parameters [41]
- o multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT [42]
- o multi hash: ensure modulo performed on curl_socket_t [43]
- o curl: glob_range: no need to check unsigned variable for negative
- o easy: add check to malloc() when running event-based
- o CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support [44]
- o version: thread safety
- o openssl: verbose: show matching SAN pattern
- o openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state()
- o formdata.c: Fixed compilation warning
- o configure: use cpp -P when needed [45]
- o imap.c: Fixed compilation warning with /Wall enabled
- o config-w32.h: Fixed compilation warning when /Wall enabled
- o ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
- o build: Added missing Visual Studio filter files for VC10 onwards
- o easy: Remove poll failure check in easy_transfer
- o mbedtls: fix compiler warning
- o build-wolfssl: Update VS properties for wolfSSL v3.9.0
- o Fixed various compilation warnings when verbose strings disabled
+ o mbedtls: Added support for NTLM
+ o SSH: fixed SFTP/SCP transfer problems [1]
+ o multi: make Curl_expire() work with 0 ms timeouts
+ o mk-ca-bundle.pl: -m keeps ca cert meta data in output [2]
+ o TFTP: Fix upload problem with piped input [3]
+ o CURLOPT_TCP_NODELAY: now enabled by default [4]
+ o mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined [5]
+ o http2: always wait for readable socket
+ o cmake: Enable win32 large file support by default
+ o cmake: Enable win32 threaded resolver by default
+ o winbuild: Avoid setting redundant CFLAGS to compile commands [6]
+ o curl.h: make CURL_NO_OLDIES define CURL_STRICTER
+ o docs: make more markdown files use .md extension
+ o docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
+ o winbuild: Allow changing C compiler via environment variable CC [7]
+ o rtsp: accept any RTSP session id [8]
+ o HTTP: retry failed HEAD requests on reused connections too
+ o configure: add zlib search with pkg-config [9]
+ o openssl: accept subjectAltName iPAddress if no dNSName match [10]
+ o MANUAL: Remove invalid link to LDAP documentation [11]
+ o socks: improved connection procedure [12]
+ o proxy: reject attempts to use unsupported proxy schemes
+ o proxy: bring back use of "Proxy-Connection:" [13]
+ o curl: allow "pkcs11:" prefix for client certificates [14]
+ o spnego_sspi: fix memory leak in case *outlen is zero [15]
+ o SOCKS: improve verbose output of SOCKS5 connection sequence
+ o SOCKS: display the hostname returned by the SOCKS5 proxy server
+ o http/sasl: Query authentication mechanism supported by SSPI before using
+ o sasl: Don't use GSSAPI authentication when domain name not specified [16]
+ o win: Basic support for Universal Windows Platform apps [17]
+ o nss: fix incorrect use of a previously loaded certificate from file
+ o nss: work around race condition in PK11_FindSlotByName() [18]
+ o ftp: fix wrong poll on the secondary socket [19]
+ o openssl: build warning-free with 1.1.0 (again)
+ o HTTP: stop parsing headers when switching to unknown protocols [20]
+ o test219: Add http as a required feature
+ o TLS: random file/egd doesn't have to match for conn reuse
+ o schannel: Disable ALPN for Wine since it is causing problems [21]
+ o http2: make sure stream errors don't needlessly close the connection [22]
+ o http2: return CURLE_HTTP2_STREAM for unexpected stream close [23]
+ o darwinssl: --cainfo is intended for backward compatibility only
+ o speed caps: not based on average speeds anymore [24]
+ o configure: make the cpp -P detection not clobber CPPFLAGS [25]
+ o http2: use named define instead of magic constant in read callback
+ o http2: skip the content-length parsing, detect unknown size
+ o http2: return EOF when done uploading without known size [26]
+ o darwinssl: test for errSecSuccess in PKCS12 import rather than noErr [27]
+ o openssl: fix CURLINFO_SSL_VERIFYRESULT [28]
 
 This release includes the following known bugs:
 
@@ -98,62 +64,45 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Anders Bakken, Brad Fitzpatrick, Clint Clayton, Dan Fandrich,
-  Daniel Stenberg, David Benjamin, David Byron, Emil Lerner, Eric S. Raymond,
-  Gisle Vanem, Jaime Fullaondo, Jeffrey Walton, Jesse Tan, Justin Ehlert,
-  Kamil Dudka, Kazuho Oku, Ludwig Nussel, Maksim Kuzevanov, Michael König,
-  Oliver Graute, Patrick Monnerat, Rafael Antonio, Ray Satiro, Seth Mos,
-  Shine Fan, Steve Holme, Tatsuhiro Tsujikawa, Timotej Lazar, Tim Rühsen,
-  Viktor Szakáts,
-  (30 contributors)
+  Ales Novak, Bill Nagel, Christian Fillion, Craig Davison, Dambaev Alexander,
+  Dan Donahue, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
+  David Kalnischkies, David Woodhouse, Erik Janssen, Gaurav Malhotra,
+  János Fekete, Kamil Dudka, Marcel Raad, Marc Hörsken, Marco Deckel,
+  Mark Hamilton, Mark Nottingham, Michael Kaufmann, Miroslav Franc,
+  Nick Zitzmann, Olivier Brunel, Peter Wang, Ray Satiro, Ronnie Mose,
+  Sergei Nikulov, Serj Kalichev, Simon Warta, Steve Holme, Tatsuhiro Tsujikawa,
+  Thomas Glanzmann, Tim Rühsen, wmsch on github,
+  (35 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/bug/?i=633
- [2] = https://curl.haxx.se/bug/?i=569
- [3] = https://curl.haxx.se/bug/?i=639
- [4] = https://github.com/curl/curl/commit/4520534#commitcomment-15954863
- [5] = https://curl.haxx.se/bug/?i=640
- [6] = https://curl.haxx.se/bug/?i=642
- [7] = https://curl.haxx.se/bug/?i=626
- [8] = https://curl.haxx.se/bug/?i=646
- [9] = https://bugzilla.redhat.com/1305970
- [10] = https://curl.haxx.se/bug/?i=649
- [11] = https://curl.haxx.se/bug/?i=651
- [12] = https://curl.haxx.se/bug/?i=451
- [13] = https://curl.haxx.se/bug/?i=653
- [14] = https://curl.haxx.se/bug/?i=658
- [15] = https://curl.haxx.se/bug/?i=650
- [16] = https://curl.haxx.se/bug/?i=659
- [17] = https://curl.haxx.se/bug/?i=661
- [18] = https://curl.haxx.se/bug/?i=666
- [19] = https://curl.haxx.se/bug/?i=667
- [20] = https://curl.haxx.se/bug/?i=670
- [21] = https://curl.haxx.se/bug/?i=672
- [22] = https://curl.haxx.se/bug/?i=481
- [23] = https://curl.haxx.se/bug/?i=676
- [24] = https://curl.haxx.se/mail/lib-2016-02/0097.html
- [25] = https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
- [26] = https://curl.haxx.se/bug/?i=404
- [27] = https://curl.haxx.se/bug/?i=681
- [28] = https://curl.haxx.se/bug/?i=688
- [29] = https://curl.haxx.se/bug/?i=689
- [30] = https://curl.haxx.se/bug/?i=690
- [31] = https://curl.haxx.se/bug/?i=695
- [32] = https://curl.haxx.se/bug/?i=697
- [33] = https://curl.haxx.se/bug/?i=692
- [34] = https://curl.haxx.se/bug/?i=693
- [35] = https://curl.haxx.se/bug/?i=697
- [36] = https://curl.haxx.se/bug/?i=704
- [37] = https://curl.haxx.se/bug/?i=701
- [38] = https://curl.haxx.se/bug/?i=705
- [39] = https://curl.haxx.se/bug/?i=422
- [40] = https://curl.haxx.se/bug/?i=707
- [41] = https://curl.haxx.se/bug/?i=709
- [42] = https://curl.haxx.se/bug/?i=703
- [43] = https://curl.haxx.se/bug/?i=712
- [44] = https://curl.haxx.se/mail/lib-2016-03/0150.html
- [45] = https://curl.haxx.se/bug/?i=719
- [47] = https://curl.haxx.se/dev/code-style.html
+ [1] = https://curl.haxx.se/mail/lib-2016-07/0057.html
+ [2] = https://curl.haxx.se/bug/?i=937
+ [3] = https://curl.haxx.se/bug/?i=857
+ [4] = https://curl.haxx.se/mail/lib-2016-06/0143.html
+ [5] = https://curl.haxx.se/mail/lib-2016-08/0017.html
+ [6] = https://curl.haxx.se/bug/?i=949
+ [7] = https://curl.haxx.se/bug/?i=952
+ [8] = https://curl.haxx.se/mail/lib-2016-08/0076.html
+ [9] = https://curl.haxx.se/bug/?i=956
+ [10] = https://curl.haxx.se/bug/?i=959
+ [11] = https://curl.haxx.se/bug/?i=962
+ [12] = https://curl.haxx.se/bug/?i=944
+ [13] = https://curl.haxx.se/bug/?i=954
+ [14] = https://curl.haxx.se/mail/lib-2016-08/0122.html
+ [15] = https://curl.haxx.se/bug/?i=970
+ [16] = https://curl.haxx.se/bug/?i=718
+ [17] = https://curl.haxx.se/bug/?i=820
+ [18] = https://bugzilla.mozilla.org/1297397
+ [19] = https://curl.haxx.se/bug/?i=978
+ [20] = https://curl.haxx.se/bug/?i=899
+ [21] = https://curl.haxx.se/bug/?i=983
+ [22] = https://curl.haxx.se/bug/?i=941
+ [23] = https://curl.haxx.se/bug/?i=986
+ [24] = https://curl.haxx.se/bug/?i=971
+ [25] = https://curl.haxx.se/bug/?i=958
+ [26] = https://curl.haxx.se/bug/?i=982
+ [27] = https://curl.haxx.se/bug/?i=993
+ [28] = https://curl.haxx.se/bug/?i=995