Race condition in the schannel SSL sessionid cache #815

Closed
w23 opened this Issue May 18, 2016 · 12 comments

Projects

None yet

4 participants

@w23
Contributor
w23 commented May 18, 2016

Core issue

Windows SSPI engine (https://github.com/curl/curl/blob/master/lib/vtls/schannel.c) has trouble managing curl_schannel_cred lifetime properly:

  1. refcount is modified not atomically and outside of CURL_LOCK_DATA_SSL_SESSION scope
  2. refcount is modified inconsistently: Curl_ssl_{get,add}sessionid() in https://github.com/curl/curl/blob/master/lib/vtls/vtls.c don't lead to refcount being immediately incremented, as it should be semantically.

This leads to sporadic memory-related crashes (accessing freed memory, double free, etc) when downloading https:// URLs concurrently in separate threads.

I also believe that the same set of issues is present for OpenSSL engine in https://github.com/curl/curl/blob/master/lib/vtls/openssl.c, but the race gap is way more narrow there and I couldn't crash it in a reasonable amount of time.

And there are also a couple of somewhat related notes on schannel.c:

How to reproduce

To have a chance at reproducing this one needs to start several threads and use them to fetch several https:// URLs concurrently.
Unfortunately, I don't have a clean standalone utility for this purpose, and there is ideally a server part that is completely out of scope.

However, I at least can give you more details about my setup:

  • There are many (>8, as per max_ssl_sessions*) HTTPS servers/virtual hosts that can stand several random requests per second for hours without anyone complaining or throttling. I use trivial python http server for generating several kilobytes of random payload, and nginx as an ssl-wrapping reverse proxy to it. I use valid CA-signed SSL certificates, but I think that it could also be reproduced using self-signed certs (allowing libcurl to accept them, of course)
  • libcurl 7.43.0 on Windows with SSPI SSL engine is used. The offending code hasn't changed since that rather old version, so I believe the issue is still present.
  • CURLSH handle is created and set with proper locking functions. This handle is used for all requests.
  • Several threads are created. Each thread generates a stream of random https:// URLs to random servers.
  • curl_easy API is used to perform each request.

After a few minutes and a few thousands requests a crash is usually observed.

(*interestingly, this variable seems to be intended to be set by user, but there is no API for it, only a hardcoded value of 8)

Ways to fix

I could come up with two feasibly-looking options. I ask maintainers for their opinion, as I'm not familiar with curl codebase.

General ideas of these options are:

  • A. Along with Curl_ssl_kill_session() make a Curl_ssl_retain_session() that is called by Curl_ssl_{get,add}sessionid() on appropriate occasions. Amend schannel.c accordingly. Note that if this issue is indeed present for OpenSSL engine, then this gets a bit trickier. OpenSSL has no separate increment-refcount function for SSL_SESSION, and I see no clean way to fake it.
  • B. Increase CURL_LOCK_DATA_SSL_SESSION scope, e.g. by making it taken explicitly by a user of Curl_ssl_*sessionid() API, rather than implicitly by these functions themselves. Although this is less clean in terms of who manages what lifetime, and looks somewhat ugly for multiple-returns, it is a very straightforward change. I have already implemented it for SSPI and OpenSSL engines locally to discover that I'm not getting crashes anymore.

Note that I haven't looked at other SSL engines, and have no idea what's going on there. And, unfortunately, it is likely I won't have resources to do that. I'd appreciate any feedback from informed people on this.

Thanks!

@bagder bagder added the SSL/TLS label May 19, 2016
@bagder
Member
bagder commented May 19, 2016

just want to make sure @mback2k sees this...

@mback2k
Member
mback2k commented May 19, 2016

Thanks Daniel, I will try to take a look at it this weekend.

@bagder bagder changed the title from Race condition in SSL sessionid cache in libcurl to Race condition in the schannel SSL sessionid cache May 20, 2016
@mback2k
Member
mback2k commented May 22, 2016 edited

@w23 In the meantime, please take a look at the following thread to understand the reasoning for the cached-flag and the need to free sessions in two places: http://thread.gmane.org/gmane.comp.web.curl.library/44652

@mback2k
Member
mback2k commented May 22, 2016 edited

It seems like OpenSSL does not have the same issues, because the OpenSSL library itself does the reference counting of session IDs. There the refcount is increased by each call to SSL_get1_session and decremented by calls to SSL_SESSION_free until it reaches zero and the session is finally freed.

The OpenSSL backend in libcurl only calls SSL_get1_session and SSL_SESSION_free (in order to keep the refcount of an already cached session at 1) during the initial SSL handshake. Since it never decrements the refcount on connection shutdown, to me it seems like one last SSL session per host is never freed until the backend itself is freed. The OpenSSL backend basically just makes sure that there is just one cached session with refcount = 1 per host.

The SChannel backend actually does the refcounting itself, because Windows does not provide such a mechanism. And the SChannel backend also tries to decrement the refcount and free stale sessions during connection shutdown. Also the session (actually the Windows credential handle) must be kept alive during the whole SSL connection. This means that instead of freeing "stale" sessions while creating a new connection, we are only allowed to replace the session in the cache (remove it from the cache and if refcount is zero instead of freeing it set cached to FALSE). Then in order to free SSL sessions that are no longer cached, the SSL connection shutdown code needs to take care of it.

@w23
Contributor
w23 commented May 23, 2016 edited

Thanks @bagder, @mback2k for a quick feedback!

There are several things I'd like to elaborate.

Race condition in OpenSSL

I have looked at OpenSSL codepath more closely, and I still believe that the race does exist.
(I will use curl-7_49_0 tag to demonstrate this as it is less volatile than master)

Let's examine three lines at https://github.com/curl/curl/blob/curl-7_49_0/lib/vtls/openssl.c#L2075:

:2075  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
:2076    /* we got a session id, use it! */
:2077    if(!SSL_set_session(connssl->handle, ssl_sessionid)) {

The problem here is that the Curl_ssl_getsessionid() function, while itself being effectively atomic due to internal CURL_LOCK_DATA_SSL_SESSION lock, does not give ownership of the sessionid object that it returns. ssl_sessionid internal refcount is incremented only on line 2077. So, between lines 2075 and 2077 (this gap is of course a bit wider than that, but that detail is irrelevant here) there's an opportunity for another thread to interfere and actually destroy this sessionid object, leaving its reference invalid.

The question is, can this gap be actually exploited by some other session-handling code.
Turns out, it can. I looked through the code further and I can devise a history where this does happen.

Let me put the relevant excerpt as a quick reference here (https://github.com/curl/curl/blob/curl-7_49_0/lib/vtls/openssl.c#L2811)

:2805  our_ssl_sessionid = SSL_get1_session(connssl->handle);
:2806
:2807  /* SSL_get1_session() will increment the reference count and the session
:2808     will stay in memory until explicitly freed with SSL_SESSION_free(3),
:2809     regardless of its state. */
:2810
:2811  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
:2812  if(incache) {
:2813    if(old_ssl_sessionid != our_ssl_sessionid) {
:2814      infof(data, "old SSL session ID is stale, removing\n");
:2815      Curl_ssl_delsessionid(conn, old_ssl_sessionid);
:2816      incache = FALSE;
:2817    }
:2818  }
:2819
:2820  if(!incache) {
:2821    result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
:2822                                   0 /* unknown size */);

The timeline:
0. Curl has been just initialized, the cache is empty.

  1. Thread_1 creates Connection_1 to a host Host_1. It goes through ossl_connect_step1() function, Curl_ssl_getsessionid() on line 2075 returns nothing, so it proceeds with its own implicit Session_1(refcount==1). This thread is preempted just before it calls the ossl_connect_step3() function.
  2. Thread_2 creates Connection_2 to a host Host_1. It also sees the empty cache, so it proceeds with its own Session_2(refcount==1). And it is also preempted just before it can get to the ossl_connect_step3() function.
  3. Thread_1 enters the ossl_connect_step3(), increments its Session_1 refcount on line 2805. There is no cached session for this host yet (line 2811), so it puts its own session into cache (line 2821). Cache now contains a Session_1(refcount==2) for Host_1. At this point this thread can go through with its job and complete downloading using its connection. Connection_1 dies, and its session refcount is decremented by OpenSSL internally. Session_1(refcount==1) is now in cache for Host_1.
  4. Thread_3 creates Connection_3 to a host Host_1. It enters ossl_connect_step1() and gets Session_1(refcount==1) on line 2075, but is preempted before it can get to line 2077.
  5. Thread_2 gets to continue. It retrieves Session_1(refcount==1) on line 2811, notices that it is not equal to Session_2 on line 2813, and goes through to line 2815 to delete Session_1. This eventually results in SSL_SESSION_free() called on Session_1(refcount==1), decrementing the refcount to 0 and destroying the Session_1 object. Whether this thread continues further is irrelevant.
  6. Thread_3 calls SSL_set_session(), passing it a pointer to freed memory of Session_1.
  7. 💥

This is not the only scenario. Sessionid can also be indirectly destroyed by being pushed it out if limited cache space due to old age. Imagine some thread getting a valid sessionid at line 2075, then getting interrupted before line 2077, and then >=8 connections to >=8 different hosts slipping through in the mean time before the first thread gets to continue with long-dead sessionid. However unlikely, this unfortunate scheduling pattern could happen in practice, given there's enough aggregate time.

SChannel and cached flag

I've read your reference, but I still don't understand why it is necessary to maintain a separate flag.
Let's assume the following use of refcounts (this differs from how they're used currently):

  • when a session is created, its refcount is set to 1.
  • when a session is put into cache, its refcount is incremented (instead of setting cached flag).
  • when a session is removed from cache, its refcount is decremented.
  • when a session is retrieved from cache, its refcount is incremented (immediately!).
  • when session's refcount reaches zero, the session is destroyed (by calling appropriate SSPI calls, etc.)

I believe this would produce exactly the desired lifetime:

  • If an SSL connection that is being destroyed is the last owner of a session, the session is destroyed.
  • If a session is removed from cache (e.g. by either explicit delsessionid, old-age, or curl deinit) and the session is not used by anyone else, it is destroyed.

What am I missing here?

How to proceed with a fix

Would you be willing to look at and review a push request of a fix B I proposed in an original message? I could go through other SSL engines and blindly change the affected lines, without actually compiling and checking everything myself for every engine there is.

Thank you!

@bagder
Member
bagder commented May 23, 2016

between lines 2075 and 2077 (this gap is of course a bit wider than that, but that detail is irrelevant here) there's an opportunity for another thread to interfere

Really? The easy handles are not shareable between threads so I don't understand that scenario. Each handle is used single-threaded so there shouldn't be any risk for another thread there, not using the same handle/data.

@w23
Contributor
w23 commented May 23, 2016

Easy handles themselves are not shareable, indeed. But the session cache part is shared, if you do curl_easy_setopt(... CURLOPT_SHARE ...) and curl_share_setopt(... CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION), see https://curl.haxx.se/libcurl/c/curl_share_setopt.html. (I probably should've stated the exact setup explicitly in original message)
This is not transparent from reading the vtls code, because the session cache is accessed by (struct connectdata*)conn->data->state.session, which seems to be handle-specific. However, the session pointer is actually set to point to shared conn->data->share->sslsession, see https://github.com/curl/curl/blob/curl-7_49_0/lib/url.c#L2207

@w23
Contributor
w23 commented May 26, 2016

I've been able to trigger this race in OpenSSL engine. To do so in a reasonable amount of time, I had to make a couple of adjustments to libcurl sources (note that these don't change any logic):

  1. Widen the gap by putting a usleep(rand()) there.
  2. Lower the number of cached sessions to just one.

These changes and the tool used to reproduce the issue can be found here: w23@2f33977.

However, to detect this corruption with a confidence, an instrumentation is needed. I used clang -fsanitize=address. Without that the issue manifests in an undefined way. On my machine I saw curl_easy_perform() returning CURLE_SSL_CONNECT_ERROR due to SSL_set_session() failing to find some methods for session. It is not trivial to explain this in terms of the memory corruption.
With clang ASAN I get nice reports like this:

==28218==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300031abc0 at pc 0x0000008f231c bp 0x7f2c81ffb980 sp 0x7f2c81ffb978
READ of size 4 at 0x61300031abc0 thread T2
    #0 0x8f231b in SSL_set_session (/home/w23/src/curl/session_race+0x8f231b)
    #1 0x7d3b4d in ossl_connect_step1 /home/w23/src/curl/lib/vtls/openssl.c:2087:9
    #2 0x7cad4f in ossl_connect_common /home/w23/src/curl/lib/vtls/openssl.c:2898:14
    #3 0x7ca233 in Curl_ossl_connect_nonblocking /home/w23/src/curl/lib/vtls/openssl.c:2985:10
    #4 0x576c21 in Curl_ssl_connect_nonblocking /home/w23/src/curl/lib/vtls/vtls.c:322:12
    #5 0x5c2118 in https_connecting /home/w23/src/curl/lib/http.c:1385:12
    #6 0x5c1870 in Curl_http_connect /home/w23/src/curl/lib/http.c:1355:14
    #7 0x630344 in Curl_protocol_connect /home/w23/src/curl/lib/url.c:3727:16
    #8 0x5366d9 in multi_runsingle /home/w23/src/curl/lib/multi.c:1573:16
    #9 0x530ad3 in curl_multi_perform /home/w23/src/curl/lib/multi.c:2122:14
    #10 0x4fae16 in easy_transfer /home/w23/src/curl/lib/easy.c:726:15
    #11 0x4f471b in easy_perform /home/w23/src/curl/lib/easy.c:813:42
    #12 0x4f3b30 in curl_easy_perform /home/w23/src/curl/lib/easy.c:832:10
    #13 0x4f1075 in fetchThread /home/w23/src/curl/session_race.c:83:12
    #14 0x7f2c852ed42b in start_thread (/lib64/libpthread.so.0+0x742b)
    #15 0x7f2c84714b8c in clone (/lib64/libc.so.6+0xe6b8c)

0x61300031abc0 is located 0 bytes inside of 352-byte region [0x61300031abc0,0x61300031ad20)
freed by thread T1 here:
    #0 0x4d27bb in __interceptor_free (/home/w23/src/curl/session_race+0x4d27bb)
    #1 0x91cf1f in CRYPTO_free (/home/w23/src/curl/session_race+0x91cf1f)
    #2 0x578f41 in Curl_ssl_kill_session /home/w23/src/curl/lib/vtls/vtls.c:414:5
    #3 0x57962b in Curl_ssl_delsessionid /home/w23/src/curl/lib/vtls/vtls.c:438:7
    #4 0x7d63f5 in ossl_connect_step3 /home/w23/src/curl/lib/vtls/openssl.c:2828:7
    #5 0x7cc14c in ossl_connect_common /home/w23/src/curl/lib/vtls/openssl.c:2961:14
    #6 0x7ca233 in Curl_ossl_connect_nonblocking /home/w23/src/curl/lib/vtls/openssl.c:2985:10
    #7 0x576c21 in Curl_ssl_connect_nonblocking /home/w23/src/curl/lib/vtls/vtls.c:322:12
    #8 0x5c2118 in https_connecting /home/w23/src/curl/lib/http.c:1385:12
    #9 0x62f15d in Curl_protocol_connecting /home/w23/src/curl/lib/url.c:3659:14
    #10 0x536b8f in multi_runsingle /home/w23/src/curl/lib/multi.c:1593:16
    #11 0x530ad3 in curl_multi_perform /home/w23/src/curl/lib/multi.c:2122:14
    #12 0x4fae16 in easy_transfer /home/w23/src/curl/lib/easy.c:726:15
    #13 0x4f471b in easy_perform /home/w23/src/curl/lib/easy.c:813:42
    #14 0x4f3b30 in curl_easy_perform /home/w23/src/curl/lib/easy.c:832:10
    #15 0x4f1075 in fetchThread /home/w23/src/curl/session_race.c:83:12
    #16 0x7f2c852ed42b in start_thread (/lib64/libpthread.so.0+0x742b)

Which exactly confirms the scenario I described a few comments above.

To get these you'll need to compile both openssl and curl with ASAN.
Here's a short transcrips of commands I used:

# for freshly unpacked openssl do:
./Configure -fsanitize=address --prefix=/tmp/openssl-sanitized linux-x86_64-clang && make depend && make && make install

# for curl do:
CC=clang CFLAGS=-fsanitize=address ./configure --enable-debug --disable-shared --enable-static --with-ssl=/tmp/openssl-sanitized && make

# to compile the test do:
clang -pthreads -fsanitize=address -g -O0 -I. session_race.c ./lib/.libs/libcurl.a /tmp/openssl-sanitized/lib/libssl.a /tmp/openssl-sanitized/lib/libcrypto.a -lz -lrtmp -lidn -o session_race

# to run the test pass a few https urls to it
./session_race https://facebook.com/ https://twitter.com/

Two URLs are enough. I usually get corruption just after 10-20 seconds.

@w23
Contributor
w23 commented May 26, 2016

And the fix that I'm proposing looks like this: w23@c89969b.

I've also looked at a couple of other engines (axtls, cyassl, darwinssl), although briefly, and I couldn't find any reference counting at all. I am confused as to how they manage sessions lifetimes.

@nickzman
Collaborator

The Secure Transport (darwinssl) engine simply creates a session ID string and shares it with the Security framework. The framework handles the rest internally.

@mback2k
Member
mback2k commented May 27, 2016 edited

@w23 Thanks for your in-depth investigation. To me your proposed fix looks good and very straightforward, but since this is a change that affects all TLS backends, Daniel should probably have the final word. Please take a look at the comments I made on w23@c89969b.

@w23 w23 added a commit to w23/curl that referenced this issue May 31, 2016
@w23 w23 vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: curl#815
275d5f4
@w23
Contributor
w23 commented May 31, 2016

@mback2k Thanks for the review! I've addressed your comments, added locking to other engines and created a pull request with these changes: #847
I'd appreciate if you (or anyone else; @bagder maybe?) could take a look.
Thanks!

@bagder bagder added a commit that referenced this issue Jun 1, 2016
@w23 @bagder w23 + bagder vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: #815
Fixes #815
Closes #847
31c521b
@bagder bagder added a commit that closed this issue Jun 1, 2016
@w23 @bagder w23 + bagder vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: #815
Fixes #815
Closes #847
31c521b
@bagder bagder closed this in 31c521b Jun 1, 2016
@MSF-Jarvis MSF-Jarvis pushed a commit to CAF-Mirror/platform_external_curl that referenced this issue Jan 3, 2017
@deymo deymo Update libcurl from 7.49.1 to 7.50.1.
Bug: 31271247
Test: Build and run update_engine with the new version. mmma external/curl

Note: This patch includes the following squashed commits from upstream:

commit f2cb3a01192d36395d16acec6cdb93446ca6fd45
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Aug 3 08:37:16 2016 +0200

    THANKS: 7 new contributors from the 7.50.1 release

commit 95addfe828999399f1a3458c547dbd159e9df81e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Aug 2 11:30:41 2016 +0200

    RELEASE-NOTES: 7.50.1

commit 11ec5ad4352bba384404c56e77c7fab9382fd22d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jul 31 00:51:48 2016 +0200

    TLS: only reuse connections with the same client cert

    CVE-2016-5420
    Bug: https://curl.haxx.se/docs/adv_20160803B.html

commit 247d890da88f9ee817079e246c59f3d7d12fde5f
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jul 1 13:32:31 2016 +0200

    TLS: switch off SSL session id when client cert is used

    CVE-2016-5419
    Bug: https://curl.haxx.se/docs/adv_20160803A.html
    Reported-by: Bru Rom
    Contributions-by: Eric Rescorla and Ray Satiro

commit 75dc096e01ef1e21b6c57690d99371dedb2c0b80
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jul 31 01:09:04 2016 +0200

    curl_multi_cleanup: clear connection pointer for easy handles

    CVE-2016-5421
    Bug: https://curl.haxx.se/docs/adv_20160803C.html
    Reported-by: Marcelo Echeverria and Fernando Muñoz

commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Aug 3 00:24:08 2016 +0200

    KNOWN_BUGS: SOCKS proxy not working via IPv6

    Closes #835

commit ac09c422d36c0d1c946bed6d4d99b83cced9eaba
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Aug 3 00:21:42 2016 +0200

    KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM

    Closes #768

commit 80ab2b5ad9360fce3c313ed03050ce61631e2c78
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Aug 3 00:19:53 2016 +0200

    KNOWN_BUGS: transfer-encoding: chunked in HTTP/2

    Closes #662

commit 52276b51e056ed7855884e1960ba80dde6e1b6dd
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Aug 3 00:15:58 2016 +0200

    TODO: Provide cmake config-file

    Closes #885

commit a0c2ab93700069a03fad0115442bad9a3ca996fe
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Tue Aug 2 14:21:31 2016 +0200

    os400: define BUILDING_LIBCURL in make script.

commit 2136a6a8924000fb82e23b00c6365db4310574ee
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Aug 1 23:40:27 2016 +0200

    RELEASE-NOTES: synced with aa9f536a18b

commit aa9f536a18b4c222961fbacd9347d06928eec458
Author: Thomas Glanzmann <thomas@glanzmann.de>
Date:   Mon Aug 1 13:16:42 2016 -0400

    mbedtls: Fix debug function name

    This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
    defined.

    Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html

commit 120fe1a22deecde49b9c46b125285d0cf846b159
Author: Sergei Nikulov <sergey.nikulov@gmail.com>
Date:   Mon Aug 1 15:42:15 2016 +0300

    travis: fix OSX build by re-installing libtool

    Apparently due to a broken homebrew install

    fixes #934
    Closes #939

commit 608b11a91f4e994d26f99baf4dd0a7dff03578ab
Author: Martin Vejnár <martin.vejnar@avg.com>
Date:   Mon Aug 1 10:18:55 2016 +0200

    win32: fix a potential memory leak in Curl_load_library

    If a call to GetSystemDirectory fails, the `path` pointer that was
    previously allocated would be leaked. This makes sure that `path` is
    always freed.

    Closes #938

commit d6604524ad24daf4581efbe0020da058d2b3af84
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jul 31 11:48:44 2016 +0200

    include: revert 9adf3c4 and make public types void * again

    Many applications assume the actual contents of the public types and use
    that do for example forward declarations (saving them from including our
    public header) which then breaks when we switch from void * to a struct
    *.

    I'm not convinced we were wrong, but since this practise seems
    widespread enough I'm willing to (partly) step down.

    Now libcurl uses the struct itself when it is built and it allows
    applications to use the struct type if CURL_STRICTER is defined at the
    time of the #include.

    Reported-by: Peter Frühberger
    Fixes #926

commit 2bbed9c4f0d2c192cd3b3b61fd6a1c21911936c3
Author: Yonggang Luo <luoyonggang@gmail.com>
Date:   Fri Jul 15 02:16:18 2016 +0800

    cmake: Fix for schannel support

    The check_library_exists_concat do not check crypt32 library properly.
    So include it directly.

    Bug: curl/curl#917
    Reported-by: Yonggang Luo

    Bug: curl/curl#935
    Reported-by: Alain Danteny

commit cb9ba5cf8dfca61d8ce96086330ccde967c2d418
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Jul 28 00:52:44 2016 -0400

    Revert "travis: Install libtool for OS X builds"

    Didn't work.

    This reverts commit 50723585ed380744358de054e2a55dccee65dfd7.

commit 50723585ed380744358de054e2a55dccee65dfd7
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Jul 28 00:36:55 2016 -0400

    travis: Install libtool for OS X builds

    CI is failing due to missing libtoolize, so I'm trying this.

commit 17bf323221cf1852457eb29a861e589b5e5e7aa3
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Tue Jul 26 16:36:29 2016 +0200

    TODO: minor typo in last commit

    merged #931

commit f3cad5bbf2fa2487061ce0f4a15dc2c334ba410e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jul 26 16:01:50 2016 +0200

    TODO: Timeout idle connections from the pool

commit ea886941841610e15ae9fe4244434cd7a700b7a6
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Mon Jul 25 18:58:23 2016 +0200

    os400: minimum supported OS version: V6R1M0.
    Do not log compilation informational messages.

commit 6b130d6be6607dce07d1054af929b17b969f3bf5
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun Jul 24 02:49:47 2016 -0400

    tests: Fix for http/2 feature

    Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
    Reported-by: Paul Howarth

commit 1979008703cb50bab16111658202cfd05745f0d8
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Jul 23 21:34:46 2016 +0100

    README: Mention wolfSSL in the 'Dependencies' section

commit 3fc845914ad050fcb78ddb8ab947ddbe3928de2a
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Jul 22 20:42:20 2016 +0100

    vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO

    As SPNEGO is only defined when these pre-processor variables are defined
    there is no need to query them explicitly.

commit 25bf71ab0757694e691ad77c48fa6c438df9416e
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Fri Jul 22 20:38:32 2016 +0100

    spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration

    Typo introduced in commit ad5e9bfd5d.

commit c7468e8ea2eeac748bb1f3d1410d2de55e9b5802
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jul 22 01:47:13 2016 +0200

    SECURITY: mention how to get windows-specific CVEs

    ... and make the distros link a proper link

commit 47fa8f0dae69ffe1e7a6ad1e7a6075d8cbe804a4
Author: Dan Fandrich <dan@coneharvesters.com>
Date:   Thu Jul 21 17:06:04 2016 +0200

    test558: fix test by stripping file paths from FD lines

commit 5e26d9ceeaca8a6730bf405e6512bfe542698c26
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Thu Jul 21 13:03:16 2016 +0200

    tests: distribute the http2-server.pl script, too

commit 8b9ba132f0aad9ba1ada8879ab2a9bb03eba57f6
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Thu Jul 21 12:49:43 2016 +0200

    docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too

commit 001f8d06fef3c5f1e3b2ab45a2f46de39b70bd9e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Jul 21 11:16:08 2016 +0200

    bump: start working on 7.50.1

commit 79e63a53bb9598af863b0afe49ad662795faeef4
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Jul 21 01:53:01 2016 +0200

    RELEASE-NOTES: version 7.50.0 ready

commit d78cf1f03a30d9c19eb6eaefce367ea5278361b9
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Jul 21 00:34:01 2016 +0200

    THANKS: 13 new contributors from the 7.50.0 release

commit af8eb69cb29d4cc05eea9578514fe16572443b72
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Thu Jul 21 01:37:29 2016 -0400

    winbuild: fix embedded manifest option

    Embedded manifest option didn't work due to typo.

    Reported-by: Stefan Kanthak

commit c5cffce56e4c6f6c26e82438a61abf85e39cac4a
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Wed Jul 20 22:00:45 2016 -0400

    vauth: Fix memleak by freeing credentials if out of memory

    This is a follow up to the parent commit dcdd4be which fixes one leak
    but creates another by failing to free the credentials handle if out of
    memory. Also there's a second location a few lines down where we fail to
    do same. This commit fixes both of those issues.

commit dcdd4be35213d4ba36e41ad92fe2ae4ddab1205d
Author: Saurav Babu <saurav.babu@samsung.com>
Date:   Wed Jul 20 11:08:02 2016 +0200

    vauth: Fixed memory leak due to function returning without free

    This patch allocates memory to "output_token" only when it is required
    so that memory is not leaked if function returns.

commit c6d3fa11e687808ea9f0047d591a39135a4b9f4e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jul 20 23:04:06 2016 +0200

    test558: updated after ipv6-check move

    Follow-up commit to c50980807c5 to make this test pass.

commit 4ee203542d042e9ba4f137ab252637742998de42
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Wed Jul 20 02:49:19 2016 -0400

    connect: disable TFO on Linux when using SSL

    - Linux TFO + TLS is not implemented yet.

    Bug: curl/curl#907

commit 57ac61a46907edc068fbd0f221751b48082fdfce
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jul 19 23:10:39 2016 +0200

    ROADMAP: QUIC and TLS 1.3

commit 545562f13e27da87275e421a3b54d063cf2e494e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jul 19 23:04:26 2016 +0200

    RELEASE-NOTES: synced with c50980807c5

commit c50980807c55f91c2fb2d09f3b6dc0ae69f4cf45
Author: Brian Prodoehl <bprodoehl@connectify.me>
Date:   Fri Jul 15 11:53:13 2016 -0400

    curl_global_init: Check if IPv6 works

    - Curl_ipv6works() is not thread-safe until after the first call, so
    call it once during global init to avoid a possible race condition.

    Bug: curl/curl#915
    PR: curl/curl#918

commit 16fe3f6b0a73fa4e3e1c2298143e11f4fb4d5f6a
Author: Timothy Polich <tpolich@users.noreply.github.com>
Date:   Wed Jul 13 18:45:32 2016 -0700

    CURLMOPT_SOCKETFUNCTION.3: fix typo

    Closes curl/curl#914

commit bf430ecdef3d7c49cf01a57e3289ff7aaa1e0278
Author: Miroslav Franc <mfranc@gmx.com>
Date:   Wed Jul 13 18:43:18 2016 +0200

    library: Fix memory leaks found during static analysis

    Closes curl/curl#913

commit bcc8f485e5e364deb6b5ad8502635b4358aaa277
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Tue Jul 12 22:44:31 2016 +0200

    cookie.c: Fix misleading indentation

    Closes curl/curl#911

commit f9eed596a3115e583a124ccf7f929573ee5a7da4
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sat Jul 9 03:05:55 2016 -0400

    FAQ: Update FTP directory listing section for MLSD command

    Explain how some FTP servers support the machine readable listing
    format MLSD from RFC 3659 and compare it to LIST.

    Ref: curl/curl#906

commit 7c9cfd6c5145217e9678310ac0677494a59da36e
Author: Sergei Nikulov <sergey.nikulov@gmail.com>
Date:   Wed Jun 22 15:42:10 2016 +0300

    Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING

    Closes #892

commit c4f108ece8be881bf70edbd5d22334d1143be88c
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Jun 30 23:45:49 2016 +0200

    TODO: 17.4 also brings more HTTP/2 support

commit a194e6c9ae40ffe3ab5e281f1096358cdd369d3e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Thu Jun 30 23:42:06 2016 +0200

    TODO: try next proxy if one doesn't work

    Closes #896

commit 6655e3069120cd069be9b7e2ff268342513c93bf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 29 23:11:43 2016 +0200

    conn: don't free easy handle data in handler->disconnect

    Reported-by: Gou Lingfeng
    Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html

commit e89489d8f4ceb869ae4e080b34053d4ecba22955
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 29 23:06:32 2016 +0200

    test1244: test different proxy ports same URL

commit 306192ba55637864e6bf20991cc209c17ff21e55
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 29 16:00:46 2016 +0200

    curl_global_init.3: improved formatting of the flags

commit bbd99a277bf05bd8c1f6fa682e20646f29ac1de4
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 29 15:57:44 2016 +0200

    curl_global_init.3: expand on the SSL and WIN32 bits purpose

    Reported-by: Richard Gray
    Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html

commit 38685f86c8709c0670e81812b98f8181814212bf
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Tue Jun 21 22:43:58 2016 +0200

    cleanup: minor code cleanup in Curl_http_readwrite_headers()

    - the expression of an 'if' was always true
    - a 'while' contained a condition that was always true
    - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
    - fixed a typo

    Closes #889

commit b6ddc0ac075ecb7e86b25a26ba2faf7e7880ce13
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 15:28:04 2016 +0200

    SFTP: set a generic error when no SFTP one exists...

    ... as otherwise we could get a 0 which would count as no error and we'd
    wrongly continue and could end up segfaulting.

    Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html
    Reported-by: 暖和的和暖

commit 614b5034233b95f7a3bbbbe9b0539180fabd7527
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 15:02:46 2016 +0200

    ROADMAP: http2 tests are merged, mention http2 perf

commit c8b2010c5f225ea0c3922ca198dfe1ed9502d591
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 14:09:08 2016 +0200

    docs/README.md: to render nicer pages on github

    ... as previously the README.cmake would be picked and put at the bottom
    of the docs page there and it wasn't very representative!

commit bf3222e053d03d044f70af59426db2f278201f2d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 13:58:07 2016 +0200

    README.md: change host name for the svg logo

    rawgit.com asks to use the domain cdn.rawgit.com for production

    See #900

commit 9305b1cf072990efd259d5fe71581473436afbf1
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Tue Jun 28 13:00:05 2016 +0200

    README.md: use the SVG logo

commit f4955a05537b9f772f0f32aba54326e72f111875
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 10:41:22 2016 +0200

    README.md: logo on top!

commit a69f27ae91b791360f4a77b7b82e2e88ec097b08
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 28 08:24:16 2016 +0200

    KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some

    Closes #740

commit 91792d83b7ca401372854c58d32e0df2f4eb91a0
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Jun 27 17:06:52 2016 +0200

    RELEASE-NOTES: synced with d61c80515aa8

commit d61c80515aa8e4086863fcc0a9693d50d309fc50
Author: Michael Osipov <1983-01-06@gmx.net>
Date:   Fri Jun 24 15:17:53 2016 +0200

    acinclude.m4: improve autodetection of CA bundle on FreeBSD

    The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
    to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
    discovery process.

    This change also removes the former FreeBSD path that has been obsolete
    for 8 years since this FreeBSD ports commit:
    https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953

    Closes #894

commit 91697d22a83e274378b957ed878e62467634ff98
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 14:23:46 2016 +0200

    configure: don't specify .lib for libs on windows

    Another follow up for crypt32.lib linking with winssl

commit 5c24fc7768d758b3803ccdb2ec54c910badea7ad
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 13:50:56 2016 +0200

    configure: fix winssl LIBS change typo

    follow-up from 120bf29e

commit b5d1b498fc4f62e8c63480aaf79c32f24223becf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 12:06:47 2016 +0200

    TODO: "TCP Fast Open" is done, add monitor pool connections

commit 120bf29ef2c9dcc56414656d77040c24187b01bc
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 11:57:25 2016 +0200

    configure: add crypt32.lib for winssl builds

    Necessary since 6cabd78531f

commit 7530ef5c15f6d90e8a3d043cf59a46225e8ccdd7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 11:07:05 2016 +0200

    Makefile.vc: link with crypt32.lib for winssl builds

    Necessary since 6cabd78531f

    Fixes #853

commit 66c447e51e7c066f2ef425e912cee5157c363d55
Author: Joel Depooter <joel.depooter@safe.com>
Date:   Wed Jun 1 16:29:32 2016 -0700

    VC: Add crypt32.lib to Visual Sudio project template files

    Closes #854

commit 05a69ce32c318109815bbaa9a57700c4594aa267
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 10:53:28 2016 +0200

    vc: fix the build for schannel certinfo support

    Broken since 6cabd785, which adds use of the Curl_extract_certinfo
    function from the x509asn1.c file.

commit 80388edefca58f8199cdfde077efb7f6d91e60fa
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 21 19:31:24 2016 +0200

    typedefs: use the full structs in internal code...

    ... and save the typedef'ed names for headers and external APIs.

commit 434f8d0389f2969b393ff81ead713b7600502f27
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 21 15:47:12 2016 +0200

    internals: rename the SessionHandle struct to Curl_easy

commit 9adf3c473a01b289c781aab111f9ad2fc541ed4e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue Jun 21 14:39:33 2016 +0200

    headers: forward declare CURL, CURLM and CURLSH as structs

    Instead of typedef'ing to void, typedef to their corresponding actual
    struct names to allow compilers to type-check.

    Assisted-by: Reinhard Max

commit 04b4ee5498b14d320e3b375c64d0162cc2b53c99
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun Jun 12 23:47:12 2016 -0400

    vtls: Only call add/getsession if session id is enabled

    Prior to this change we called Curl_ssl_getsessionid and
    Curl_ssl_addsessionid regardless of whether session ID reusing was
    enabled. According to comments that is in case session ID reuse was
    disabled but then later enabled.

    The old way was not intuitive and probably not something users expected.
    When a user disables session ID caching I'd guess they don't expect the
    session ID to be cached anyway in case the caching is later enabled.

commit 046c2c85c4c365d4ae8a621d7886caf96f51e0e7
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 22 00:37:36 2016 +0200

    curl.1: the used progress meter suffix is k in lower case

    Closes #883

commit 12e21fab26bd83dfa75f009a24380d144ea51857
Author: Sergei Nikulov <sergey.nikulov@gmail.com>
Date:   Thu Jun 16 13:53:50 2016 +0300

    cmake: now using BUILD_TESTING=ON/OFF

    CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build
    tests and enabling CTest integration. Options BUILD_CURL_TESTS and
    BUILD_DASHBOARD_REPORTS was removed.

    Closes #882

    Reviewed-by: Brad King

commit 0bdec5e01d9914d97bb9ed1301b1590162fe2945
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Tue Jun 21 09:47:34 2016 +0200

    cleanup: fix method names in code comments

    Closes #887

commit b2dcf0347f1ee5041cccd64632bb8dd7ccbbae91
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Tue Jun 21 12:40:26 2016 +0200

    curl-compilers.m4: improve detection of GCC's -fvisibility= flag

    Some builds of GCC produce output on both stdout and stderr when --help
    --verbose is used.  The 2>&1 redirection caused them to be arbitrarily
    interleaved with each other because of stream buffering.  Consequently,
    grep failed to match the fvisibility= string in the mixed output, even
    though the string was present in GCC's standard output.

    This led to silently disabling symbol hiding in some builds of curl.

commit 5f2e3b886759e0822ff31c36ef10ca8df59fcf59
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jun 19 23:52:01 2016 +0200

    tests: fix the HTTP/2 tests

    The HTTP/2 tests brought with commit bf05606ef1f were using the internal
    name 'http2' for the HTTP/2 server, while in fact that name was already
    used for the second instance of the HTTP server. This made tests using
    the second instance (like test 2050) fail after a HTTP/2 test had run.

    The server is now known as HTTP/2 internally and within the <server>
    section in test cases. 1700, 1701 and 1702 were updated accordingly.

commit bb4e7921e70637a43bb01952888fcb0870fb915f
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jun 19 23:21:54 2016 +0200

    openssl: use more 'const' to fix build warnings with 1.1.0 branch

commit 2668d8df9a61eadbb7de44903f05963984507d3d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jun 17 10:40:20 2016 +0200

    curl.1: missed 'T' in the progress unit suffixes

commit c9a6ab6d921a02a198a543d5b0650fb0c94fd94d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jun 17 00:32:34 2016 +0200

    curl.1: mention the unix for the progress meter

commit 13d633d27492ccd86a3424b34952b0ef8026306e
Author: Patrick Monnerat <patrick.monnerat@dh.com>
Date:   Thu Jun 16 19:05:42 2016 +0200

    os400: add new definitions to ILE/RPG binding.

commit d4643d6e799b088e0a7e9b768facc0d1e1e86257
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Wed Jun 15 15:36:40 2016 +0200

    openssl: fix cert check with non-DNS name fields present

    Regression introduced in 5f5b62635 (released in 7.48.0)

    Reported-by: Fabian Ruff
    Fixes #875

commit b1839f6ed8bc8d9324c1fcf334955ddabf47b936
Author: Dan Fandrich <dan@coneharvesters.com>
Date:   Thu Jun 16 08:44:08 2016 +0200

    axtls: Use Curl_wait_ms instead of the less-portable usleep

commit 52c5e9488c0bebc002d114d747fee697d422d02d
Author: Dan Fandrich <dan@coneharvesters.com>
Date:   Thu Jun 16 08:29:10 2016 +0200

    axtls: Fixed compile after compile 31c521b0

commit 67176e2b840486c58a107ab1178d19cfa65faf0f
Author: Dan Fandrich <dan@coneharvesters.com>
Date:   Wed Jun 15 23:04:48 2016 +0200

    tests: Added HTTP proxy keywords to tests 1141 & 1142

commit b70ca5281d93b621dee700c74740b2621d1e30b4
Author: Sergei Nikulov <sergey.nikulov@gmail.com>
Date:   Tue Jun 14 17:11:48 2016 +0300

    cmake: Fix build with winldap

    Bug: curl/curl#874
    Reported-by: Sergei Nikulov

commit f77dfbc5fbb7a20f8d3ef918df35b68c0b60f1e9
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sat Jun 11 17:33:16 2016 -0400

    CURLOPT_POSTFIELDS.3: Clarify what happens when set empty

    When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
    zero-byte POST. Prior to this change it was documented as sending data
    from the read callback.

    This also changes the wording of what happens when empty or NULL so that
    it's hopefully easier to understand for people whose primary language
    isn't English.

    Bug: curl/curl#862
    Reported-by: Askar Safin

commit 929520582cdd3708f845af637757837b1d2a7d16
Author: Michael Wallner <mike@php.net>
Date:   Tue Jun 7 07:51:34 2016 +0200

    curl_multi_socket_action.3: Fix rewording

    - Remove some erroneous text.

    Closes curl/curl#865

commit 608d161b605e4ac0ebdab6c89c64e14423a0457a
Author: Luo Jinghua <sunmoon1997@gmail.com>
Date:   Wed Jun 8 07:23:54 2016 +0800

    resolve: enable protocol family logic for synthesized IPv6

    - Enable protocol family logic for IPv6 resolves even when support
    for synthesized addresses is enabled.

    This is a follow up to the parent commit that added support for
    synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
    logic needed for IPv6 was inadvertently excluded if support for
    synthesized addresses was enabled.

    Bug: curl/curl#863
    Ref: curl/curl#866
    Ref: curl/curl#867

commit 01a49a7626ee4a226cd0b50d70591ab147d60ee0
Author: Luo Jinghua <sunmoon1997@gmail.com>
Date:   Tue Jun 7 18:11:37 2016 +0800

    resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS

    Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
    If the current network interface doesn’t support IPv4, but supports
    IPv6, NAT64, and DNS64.

    Closes #866
    Fixes #863

commit 9b6d3a662ea81ec3bbb12002ca79fd27d750671e
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jun 5 11:28:31 2016 +0200

    tests: two more HTTP/2 tests

    1701 and 1702

commit 320905a34589a987a5afe29c84316b1bfbcb8290
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun Jun 5 11:17:29 2016 +0200

    runtests: don't display logs when http2 server fails to start

commit d3b5c153af6998e2fd64bfc2b3033b2b5526a8cf
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jun 3 23:54:06 2016 +0200

    runtests: make stripfile work on stdout as well

    ... and have test 1700 use that to strip out the nghttpx server: headers

commit bf05606ef1f7a982c821396c3ef9fddeb4a1b011
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Fri Jun 3 23:36:10 2016 +0200

    http2-tests: test1700 is the first real HTTP/2 test

    It requires that 'nghttpx' is in the PATH, and it will run the tests
    using nghttpx as a front-end proxy in front of the standard HTTP/1 test
    server. This uses HTTP/2 over plain TCP.

    If you like me have nghttpx installed in a custom path, you can run test 1700
    like this:

    $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700

commit c53d8a0b41a661251fc08ef696040a77842e2049
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon Jun 6 23:23:44 2016 +0200

    RELEASE-NOTES: synced with 34855feeb4c299

commit 34855feeb4c2991f7a158064abef16829bd4425f
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Mon Jun 6 20:53:30 2016 +0100

    schannel: Disable ALPN on Windows < 8.1

    Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
    fails on Windows < 8.1 so we need to disable ALPN on these OS versions.

    Inspiration provide by: Daniel Seither

    Closes #848
    Fixes #840

commit 84a48e5732d9dd0c98fda3597352e4b16f35a7ad
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun Jun 5 21:07:03 2016 -0400

    checksrc: Add LoadLibrary to the banned functions list

    LoadLibrary was supplanted by Curl_load_library for security
    reasons in 6df916d.

commit 1aa899ff38548a5d1c196f5c9ad7047f0fae3f5a
Author: Jay Satiro <raysatiro@yahoo.com>
Date:   Sun Jun 5 03:13:32 2016 -0400

    http: Fix HTTP/2 connection reuse

    - Change the parser to not require a minor version for HTTP/2.

    HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
    in 8243a95 because the parser still expected a minor version.

    Bug: curl/curl#855
    Reported-by: Andrew Robbins, Frank Gevaerts

commit 61c92c7850cb83c572827dc348247b8b9b57c25a
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Jun 4 21:52:08 2016 +0100

    connect.c: Fixed compilation warning from commit 332e8d6164

    connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'

commit 332e8d6164bfb33dfae19704ef8c3e851a71b2d3
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Jun 4 20:58:39 2016 +0100

    win32: Used centralised verify windows version function

    Closes #845

commit dde5e430e21605e94b24262deef4800e04fb6ba5
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Jun 4 20:51:32 2016 +0100

    win32: Added verify windows version functionality

commit 6020ce5fa70212f105e74456037a2f5cc66c4e09
Author: Steve Holme <steve_holme@hotmail.com>
Date:   Sat Jun 4 20:06:56 2016 +0100

    win32: Introduced centralised verify windows version function

commit 584d0121c353ed855115c39f6cbc009854018029
Author: Kamil Dudka <kdudka@redhat.com>
Date:   Fri Jun 3 11:26:20 2016 +0200

    tool_urlglob: fix off-by-one error in glob_parse()

    ... causing SIGSEGV while parsing URL with too many globs.
    Minimal example:

    $ curl $(for i in $(seq 101); do printf '{a}'; done)

    Reported-by: Romain Coltel
    Bug: https://bugzilla.redhat.com/1340757

commit 873b4346bafdec388fa4bd61ebdee0161da661a0
Author: Benjamin Kircher <kircher@otris.de>
Date:   Wed Jun 1 19:02:18 2016 +0200

    libcurl-multi.3: fix small typo

    Closes #850

commit 55ab64ed1a0472f70a466d5b53c317992c0640c0
Author: Viktor Szakats <vszakats@users.noreply.github.com>
Date:   Wed Jun 1 10:35:38 2016 +0200

    makefile.m32: add crypt32 for winssl builds

    Dependency added by 6cabd78

    Closes #849

commit 31c521b0470e57125ffcd0f1b0c6edf3b9af96c1
Author: Ivan Avdeev <me@w23.ru>
Date:   Wed Jun 1 09:30:03 2016 +0200

    vtls: fix ssl session cache race condition

    Sessionid cache management is inseparable from managing individual
    session lifetimes. E.g. for reference-counted sessions (like those in
    SChannel and OpenSSL engines) every session addition and removal
    should be accompanied with refcount increment and decrement
    respectively. Failing to do so synchronously leads to a race condition
    that causes symptoms like use-after-free and memory corruption.
    This commit:
     - makes existing session cache locking explicit, thus allowing
       individual engines to manage lock's scope.
     - fixes OpenSSL and SChannel engines by putting refcount management
       inside this lock's scope in relevant places.
     - adds these explicit locking calls to other engines that use
       sessionid cache to accommodate for this change. Note, however,
       that it is unknown whether any of these engines could also have
       this race.

    Bug: curl/curl#815
    Fixes #815
    Closes #847

commit 6cabd78531f80d5c6cd942ed1aa97eaa5ec080df
Author: Andrew Kurushin <ajax16384@gmail.com>
Date:   Wed Jun 1 08:48:30 2016 +0200

    schannel: add CURLOPT_CERTINFO support

    Closes #822

commit c444ace5568cdbd7c4f85fecb3f05680aaa5b96d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 31 23:33:48 2016 +0200

    RELEASE-NOTES: synced with 142ee9fa15002315

commit 142ee9fa1500231557333a70691049166e79854a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 31 19:54:35 2016 +0200

    openssl: rename the private SSL_strerror

    ... to make it not look like an OpenSSL function

commit 7108e53fb58a194df54149e3a52c7df006f24ae7
Author: Michael Kaufmann <mail@michael-kaufmann.ch>
Date:   Tue May 31 16:25:56 2016 +0200

    openssl: Use correct buffer sizes for error messages

    Closes #844

commit 6dbc23cfd86bbf8c1616759068a5909ced3dcc99
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Tue May 31 14:13:33 2016 +0200

    curl: fix -q [regression]

    This broke in 7.49.0 with commit e200034425a7625

    Fixes #842

commit 5409e1d793de755c7433336b80b0c8370a359d45
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Sun May 8 15:11:10 2016 +0200

    URL parser: allow URLs to use one, two or three slashes

    Mostly in order to support broken web sites that redirect to broken URLs
    that are accepted by browsers.

    Browsers are typically even more leniant than this as the WHATWG URL
    spec they should allow an _infinite_ amount. I tested 8000 slashes with
    Firefox and it just worked.

    Added test case 1141, 1142 and 1143 to verify the new parser.

    Closes #791

commit ed8b8f2456fc485fa81fb3d3eaef684121bb1aef
Author: Renaud Lehoux <renaud.lehoux@ercom.fr>
Date:   Mon May 30 17:26:10 2016 +0200

    cmake: Added missing mbedTLS support

    Closes #837

commit 2072b4ae4f337a46283bfcc98a6f42c063d43bdf
Author: Renaud Lehoux <renaud.lehoux@ercom.fr>
Date:   Mon May 30 18:10:23 2016 +0200

    mbedtls: removed unused variables

    Closes #838

commit 071c56139463137a4e32a8d841a70c16f3682bb7
Author: Frank Gevaerts <frank@gevaerts.be>
Date:   Wed May 11 14:23:37 2016 +0200

    http: add CURLINFO_HTTP_VERSION and %{http_version}

    Adds access to the effectively used http version to both libcurl and
    curl.

    Closes #799

commit 4bffaad85f7ba9ba12272a06ce4e4a81a9a3178a
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 30 22:55:54 2016 +0200

    bump: start the journey toward 7.50.0

commit c9b4e6e85907f1581c8d6e1ab52c7f8b9282f266
Author: Marcel Raad <raad@teamviewer.com>
Date:   Mon May 30 13:26:20 2016 +0200

    openssl: fix build with OPENSSL_NO_COMP

    With OPENSSL_NO_COMP defined, there is no function
    SSL_COMP_free_compression_methods

    Closes #836

commit 9a1593501cb30e36ea7109680cab368f9425000d
Author: Gisle Vanem <gvanem@yahoo.no>
Date:   Mon May 30 11:43:04 2016 +0200

    memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC

    Fixes #828

commit 27c86c887194088551577832d284237678e837b4
Author: Jonathan <vanillajonathan@users.noreply.github.com>
Date:   Mon May 30 10:46:35 2016 +0200

    README.md: polish

    Closes #834

commit 602a6bdf6f378b5f44ba7f5f9c9cf87d52c507bd
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 30 08:21:16 2016 +0200

    RELEASE-NOTES: fix vuln link

Change-Id: I794e042ee8550487e0d42a4df72c73f2b4f89500
e3149cc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment