data race on ipv6_works #915

bprodoehl opened this Issue Jul 14, 2016 · 3 comments


None yet

3 participants


I did this

I ran a multi-threaded app that uses libcurl under Clang 3.9 ThreadSanitizer.

I expected the following

Clean operation.

curl/libcurl version


operating system

Ubuntu 14.04, x86_64.

I encountered a data race with two threads calling Curl_ipv6works() at the same time. I think perhaps the call to Curl_ipv6works() should be moved into curl_global_init() to avoid this.

bagder commented Jul 14, 2016

Sounds like an excellent suggestion to me. You up to providing such a change as a pull request?


Sure thing. I should be able to put that together and test it tonight.

@jay jay added a commit that referenced this issue Jul 18, 2016
@bprodoehl @jay bprodoehl + jay curl_global_init: Check if IPv6 works
- Curl_ipv6works() is not thread-safe until after the first call, so
call it once during global init to avoid a possible race condition.

Bug: #915
PR: #918
jay commented Jul 18, 2016

Thanks, landed in c509808.

@jay jay closed this Jul 18, 2016
@MSF-Jarvis MSF-Jarvis pushed a commit to CAF-Mirror/platform_external_curl that referenced this issue Jan 3, 2017
@deymo deymo Update libcurl from 7.49.1 to 7.50.1.
Bug: 31271247
Test: Build and run update_engine with the new version. mmma external/curl

Note: This patch includes the following squashed commits from upstream:

commit f2cb3a01192d36395d16acec6cdb93446ca6fd45
Author: Daniel Stenberg <>
Date:   Wed Aug 3 08:37:16 2016 +0200

    THANKS: 7 new contributors from the 7.50.1 release

commit 95addfe828999399f1a3458c547dbd159e9df81e
Author: Daniel Stenberg <>
Date:   Tue Aug 2 11:30:41 2016 +0200

    RELEASE-NOTES: 7.50.1

commit 11ec5ad4352bba384404c56e77c7fab9382fd22d
Author: Daniel Stenberg <>
Date:   Sun Jul 31 00:51:48 2016 +0200

    TLS: only reuse connections with the same client cert


commit 247d890da88f9ee817079e246c59f3d7d12fde5f
Author: Daniel Stenberg <>
Date:   Fri Jul 1 13:32:31 2016 +0200

    TLS: switch off SSL session id when client cert is used

    Reported-by: Bru Rom
    Contributions-by: Eric Rescorla and Ray Satiro

commit 75dc096e01ef1e21b6c57690d99371dedb2c0b80
Author: Daniel Stenberg <>
Date:   Sun Jul 31 01:09:04 2016 +0200

    curl_multi_cleanup: clear connection pointer for easy handles

    Reported-by: Marcelo Echeverria and Fernando Muñoz

commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554
Author: Daniel Stenberg <>
Date:   Wed Aug 3 00:24:08 2016 +0200

    KNOWN_BUGS: SOCKS proxy not working via IPv6

    Closes #835

commit ac09c422d36c0d1c946bed6d4d99b83cced9eaba
Author: Daniel Stenberg <>
Date:   Wed Aug 3 00:21:42 2016 +0200


    Closes #768

commit 80ab2b5ad9360fce3c313ed03050ce61631e2c78
Author: Daniel Stenberg <>
Date:   Wed Aug 3 00:19:53 2016 +0200

    KNOWN_BUGS: transfer-encoding: chunked in HTTP/2

    Closes #662

commit 52276b51e056ed7855884e1960ba80dde6e1b6dd
Author: Daniel Stenberg <>
Date:   Wed Aug 3 00:15:58 2016 +0200

    TODO: Provide cmake config-file

    Closes #885

commit a0c2ab93700069a03fad0115442bad9a3ca996fe
Author: Patrick Monnerat <>
Date:   Tue Aug 2 14:21:31 2016 +0200

    os400: define BUILDING_LIBCURL in make script.

commit 2136a6a8924000fb82e23b00c6365db4310574ee
Author: Daniel Stenberg <>
Date:   Mon Aug 1 23:40:27 2016 +0200

    RELEASE-NOTES: synced with aa9f536a18b

commit aa9f536a18b4c222961fbacd9347d06928eec458
Author: Thomas Glanzmann <>
Date:   Mon Aug 1 13:16:42 2016 -0400

    mbedtls: Fix debug function name

    This patch is necessary so that curl compiles if MBEDTLS_DEBUG is


commit 120fe1a22deecde49b9c46b125285d0cf846b159
Author: Sergei Nikulov <>
Date:   Mon Aug 1 15:42:15 2016 +0300

    travis: fix OSX build by re-installing libtool

    Apparently due to a broken homebrew install

    fixes #934
    Closes #939

commit 608b11a91f4e994d26f99baf4dd0a7dff03578ab
Author: Martin Vejnár <>
Date:   Mon Aug 1 10:18:55 2016 +0200

    win32: fix a potential memory leak in Curl_load_library

    If a call to GetSystemDirectory fails, the `path` pointer that was
    previously allocated would be leaked. This makes sure that `path` is
    always freed.

    Closes #938

commit d6604524ad24daf4581efbe0020da058d2b3af84
Author: Daniel Stenberg <>
Date:   Sun Jul 31 11:48:44 2016 +0200

    include: revert 9adf3c4 and make public types void * again

    Many applications assume the actual contents of the public types and use
    that do for example forward declarations (saving them from including our
    public header) which then breaks when we switch from void * to a struct

    I'm not convinced we were wrong, but since this practise seems
    widespread enough I'm willing to (partly) step down.

    Now libcurl uses the struct itself when it is built and it allows
    applications to use the struct type if CURL_STRICTER is defined at the
    time of the #include.

    Reported-by: Peter Frühberger
    Fixes #926

commit 2bbed9c4f0d2c192cd3b3b61fd6a1c21911936c3
Author: Yonggang Luo <>
Date:   Fri Jul 15 02:16:18 2016 +0800

    cmake: Fix for schannel support

    The check_library_exists_concat do not check crypt32 library properly.
    So include it directly.

    Bug: curl/curl#917
    Reported-by: Yonggang Luo

    Bug: curl/curl#935
    Reported-by: Alain Danteny

commit cb9ba5cf8dfca61d8ce96086330ccde967c2d418
Author: Jay Satiro <>
Date:   Thu Jul 28 00:52:44 2016 -0400

    Revert "travis: Install libtool for OS X builds"

    Didn't work.

    This reverts commit 50723585ed380744358de054e2a55dccee65dfd7.

commit 50723585ed380744358de054e2a55dccee65dfd7
Author: Jay Satiro <>
Date:   Thu Jul 28 00:36:55 2016 -0400

    travis: Install libtool for OS X builds

    CI is failing due to missing libtoolize, so I'm trying this.

commit 17bf323221cf1852457eb29a861e589b5e5e7aa3
Author: Viktor Szakats <>
Date:   Tue Jul 26 16:36:29 2016 +0200

    TODO: minor typo in last commit

    merged #931

commit f3cad5bbf2fa2487061ce0f4a15dc2c334ba410e
Author: Daniel Stenberg <>
Date:   Tue Jul 26 16:01:50 2016 +0200

    TODO: Timeout idle connections from the pool

commit ea886941841610e15ae9fe4244434cd7a700b7a6
Author: Patrick Monnerat <>
Date:   Mon Jul 25 18:58:23 2016 +0200

    os400: minimum supported OS version: V6R1M0.
    Do not log compilation informational messages.

commit 6b130d6be6607dce07d1054af929b17b969f3bf5
Author: Jay Satiro <>
Date:   Sun Jul 24 02:49:47 2016 -0400

    tests: Fix for http/2 feature

    Reported-by: Paul Howarth

commit 1979008703cb50bab16111658202cfd05745f0d8
Author: Steve Holme <>
Date:   Sat Jul 23 21:34:46 2016 +0100

    README: Mention wolfSSL in the 'Dependencies' section

commit 3fc845914ad050fcb78ddb8ab947ddbe3928de2a
Author: Steve Holme <>
Date:   Fri Jul 22 20:42:20 2016 +0100

    vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO

    As SPNEGO is only defined when these pre-processor variables are defined
    there is no need to query them explicitly.

commit 25bf71ab0757694e691ad77c48fa6c438df9416e
Author: Steve Holme <>
Date:   Fri Jul 22 20:38:32 2016 +0100

    spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration

    Typo introduced in commit ad5e9bfd5d.

commit c7468e8ea2eeac748bb1f3d1410d2de55e9b5802
Author: Daniel Stenberg <>
Date:   Fri Jul 22 01:47:13 2016 +0200

    SECURITY: mention how to get windows-specific CVEs

    ... and make the distros link a proper link

commit 47fa8f0dae69ffe1e7a6ad1e7a6075d8cbe804a4
Author: Dan Fandrich <>
Date:   Thu Jul 21 17:06:04 2016 +0200

    test558: fix test by stripping file paths from FD lines

commit 5e26d9ceeaca8a6730bf405e6512bfe542698c26
Author: Kamil Dudka <>
Date:   Thu Jul 21 13:03:16 2016 +0200

    tests: distribute the script, too

commit 8b9ba132f0aad9ba1ada8879ab2a9bb03eba57f6
Author: Kamil Dudka <>
Date:   Thu Jul 21 12:49:43 2016 +0200

    docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too

commit 001f8d06fef3c5f1e3b2ab45a2f46de39b70bd9e
Author: Daniel Stenberg <>
Date:   Thu Jul 21 11:16:08 2016 +0200

    bump: start working on 7.50.1

commit 79e63a53bb9598af863b0afe49ad662795faeef4
Author: Daniel Stenberg <>
Date:   Thu Jul 21 01:53:01 2016 +0200

    RELEASE-NOTES: version 7.50.0 ready

commit d78cf1f03a30d9c19eb6eaefce367ea5278361b9
Author: Daniel Stenberg <>
Date:   Thu Jul 21 00:34:01 2016 +0200

    THANKS: 13 new contributors from the 7.50.0 release

commit af8eb69cb29d4cc05eea9578514fe16572443b72
Author: Jay Satiro <>
Date:   Thu Jul 21 01:37:29 2016 -0400

    winbuild: fix embedded manifest option

    Embedded manifest option didn't work due to typo.

    Reported-by: Stefan Kanthak

commit c5cffce56e4c6f6c26e82438a61abf85e39cac4a
Author: Jay Satiro <>
Date:   Wed Jul 20 22:00:45 2016 -0400

    vauth: Fix memleak by freeing credentials if out of memory

    This is a follow up to the parent commit dcdd4be which fixes one leak
    but creates another by failing to free the credentials handle if out of
    memory. Also there's a second location a few lines down where we fail to
    do same. This commit fixes both of those issues.

commit dcdd4be35213d4ba36e41ad92fe2ae4ddab1205d
Author: Saurav Babu <>
Date:   Wed Jul 20 11:08:02 2016 +0200

    vauth: Fixed memory leak due to function returning without free

    This patch allocates memory to "output_token" only when it is required
    so that memory is not leaked if function returns.

commit c6d3fa11e687808ea9f0047d591a39135a4b9f4e
Author: Daniel Stenberg <>
Date:   Wed Jul 20 23:04:06 2016 +0200

    test558: updated after ipv6-check move

    Follow-up commit to c50980807c5 to make this test pass.

commit 4ee203542d042e9ba4f137ab252637742998de42
Author: Jay Satiro <>
Date:   Wed Jul 20 02:49:19 2016 -0400

    connect: disable TFO on Linux when using SSL

    - Linux TFO + TLS is not implemented yet.

    Bug: curl/curl#907

commit 57ac61a46907edc068fbd0f221751b48082fdfce
Author: Daniel Stenberg <>
Date:   Tue Jul 19 23:10:39 2016 +0200

    ROADMAP: QUIC and TLS 1.3

commit 545562f13e27da87275e421a3b54d063cf2e494e
Author: Daniel Stenberg <>
Date:   Tue Jul 19 23:04:26 2016 +0200

    RELEASE-NOTES: synced with c50980807c5

commit c50980807c55f91c2fb2d09f3b6dc0ae69f4cf45
Author: Brian Prodoehl <>
Date:   Fri Jul 15 11:53:13 2016 -0400

    curl_global_init: Check if IPv6 works

    - Curl_ipv6works() is not thread-safe until after the first call, so
    call it once during global init to avoid a possible race condition.

    Bug: curl/curl#915
    PR: curl/curl#918

commit 16fe3f6b0a73fa4e3e1c2298143e11f4fb4d5f6a
Author: Timothy Polich <>
Date:   Wed Jul 13 18:45:32 2016 -0700


    Closes curl/curl#914

commit bf430ecdef3d7c49cf01a57e3289ff7aaa1e0278
Author: Miroslav Franc <>
Date:   Wed Jul 13 18:43:18 2016 +0200

    library: Fix memory leaks found during static analysis

    Closes curl/curl#913

commit bcc8f485e5e364deb6b5ad8502635b4358aaa277
Author: Viktor Szakats <>
Date:   Tue Jul 12 22:44:31 2016 +0200

    cookie.c: Fix misleading indentation

    Closes curl/curl#911

commit f9eed596a3115e583a124ccf7f929573ee5a7da4
Author: Jay Satiro <>
Date:   Sat Jul 9 03:05:55 2016 -0400

    FAQ: Update FTP directory listing section for MLSD command

    Explain how some FTP servers support the machine readable listing
    format MLSD from RFC 3659 and compare it to LIST.

    Ref: curl/curl#906

commit 7c9cfd6c5145217e9678310ac0677494a59da36e
Author: Sergei Nikulov <>
Date:   Wed Jun 22 15:42:10 2016 +0300

    Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING

    Closes #892

commit c4f108ece8be881bf70edbd5d22334d1143be88c
Author: Daniel Stenberg <>
Date:   Thu Jun 30 23:45:49 2016 +0200

    TODO: 17.4 also brings more HTTP/2 support

commit a194e6c9ae40ffe3ab5e281f1096358cdd369d3e
Author: Daniel Stenberg <>
Date:   Thu Jun 30 23:42:06 2016 +0200

    TODO: try next proxy if one doesn't work

    Closes #896

commit 6655e3069120cd069be9b7e2ff268342513c93bf
Author: Daniel Stenberg <>
Date:   Wed Jun 29 23:11:43 2016 +0200

    conn: don't free easy handle data in handler->disconnect

    Reported-by: Gou Lingfeng

commit e89489d8f4ceb869ae4e080b34053d4ecba22955
Author: Daniel Stenberg <>
Date:   Wed Jun 29 23:06:32 2016 +0200

    test1244: test different proxy ports same URL

commit 306192ba55637864e6bf20991cc209c17ff21e55
Author: Daniel Stenberg <>
Date:   Wed Jun 29 16:00:46 2016 +0200

    curl_global_init.3: improved formatting of the flags

commit bbd99a277bf05bd8c1f6fa682e20646f29ac1de4
Author: Daniel Stenberg <>
Date:   Wed Jun 29 15:57:44 2016 +0200

    curl_global_init.3: expand on the SSL and WIN32 bits purpose

    Reported-by: Richard Gray

commit 38685f86c8709c0670e81812b98f8181814212bf
Author: Michael Kaufmann <>
Date:   Tue Jun 21 22:43:58 2016 +0200

    cleanup: minor code cleanup in Curl_http_readwrite_headers()

    - the expression of an 'if' was always true
    - a 'while' contained a condition that was always true
    - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
    - fixed a typo

    Closes #889

commit b6ddc0ac075ecb7e86b25a26ba2faf7e7880ce13
Author: Daniel Stenberg <>
Date:   Tue Jun 28 15:28:04 2016 +0200

    SFTP: set a generic error when no SFTP one exists...

    ... as otherwise we could get a 0 which would count as no error and we'd
    wrongly continue and could end up segfaulting.

    Reported-by: 暖和的和暖

commit 614b5034233b95f7a3bbbbe9b0539180fabd7527
Author: Daniel Stenberg <>
Date:   Tue Jun 28 15:02:46 2016 +0200

    ROADMAP: http2 tests are merged, mention http2 perf

commit c8b2010c5f225ea0c3922ca198dfe1ed9502d591
Author: Daniel Stenberg <>
Date:   Tue Jun 28 14:09:08 2016 +0200

    docs/ to render nicer pages on github

    ... as previously the README.cmake would be picked and put at the bottom
    of the docs page there and it wasn't very representative!

commit bf3222e053d03d044f70af59426db2f278201f2d
Author: Daniel Stenberg <>
Date:   Tue Jun 28 13:58:07 2016 +0200 change host name for the svg logo asks to use the domain for production

    See #900

commit 9305b1cf072990efd259d5fe71581473436afbf1
Author: Viktor Szakats <>
Date:   Tue Jun 28 13:00:05 2016 +0200 use the SVG logo

commit f4955a05537b9f772f0f32aba54326e72f111875
Author: Daniel Stenberg <>
Date:   Tue Jun 28 10:41:22 2016 +0200 logo on top!

commit a69f27ae91b791360f4a77b7b82e2e88ec097b08
Author: Daniel Stenberg <>
Date:   Tue Jun 28 08:24:16 2016 +0200

    KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some

    Closes #740

commit 91792d83b7ca401372854c58d32e0df2f4eb91a0
Author: Daniel Stenberg <>
Date:   Mon Jun 27 17:06:52 2016 +0200

    RELEASE-NOTES: synced with d61c80515aa8

commit d61c80515aa8e4086863fcc0a9693d50d309fc50
Author: Michael Osipov <>
Date:   Fri Jun 24 15:17:53 2016 +0200

    acinclude.m4: improve autodetection of CA bundle on FreeBSD

    The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle
    to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the
    discovery process.

    This change also removes the former FreeBSD path that has been obsolete
    for 8 years since this FreeBSD ports commit:

    Closes #894

commit 91697d22a83e274378b957ed878e62467634ff98
Author: Daniel Stenberg <>
Date:   Wed Jun 22 14:23:46 2016 +0200

    configure: don't specify .lib for libs on windows

    Another follow up for crypt32.lib linking with winssl

commit 5c24fc7768d758b3803ccdb2ec54c910badea7ad
Author: Daniel Stenberg <>
Date:   Wed Jun 22 13:50:56 2016 +0200

    configure: fix winssl LIBS change typo

    follow-up from 120bf29e

commit b5d1b498fc4f62e8c63480aaf79c32f24223becf
Author: Daniel Stenberg <>
Date:   Wed Jun 22 12:06:47 2016 +0200

    TODO: "TCP Fast Open" is done, add monitor pool connections

commit 120bf29ef2c9dcc56414656d77040c24187b01bc
Author: Daniel Stenberg <>
Date:   Wed Jun 22 11:57:25 2016 +0200

    configure: add crypt32.lib for winssl builds

    Necessary since 6cabd78531f

commit 7530ef5c15f6d90e8a3d043cf59a46225e8ccdd7
Author: Daniel Stenberg <>
Date:   Wed Jun 22 11:07:05 2016 +0200 link with crypt32.lib for winssl builds

    Necessary since 6cabd78531f

    Fixes #853

commit 66c447e51e7c066f2ef425e912cee5157c363d55
Author: Joel Depooter <>
Date:   Wed Jun 1 16:29:32 2016 -0700

    VC: Add crypt32.lib to Visual Sudio project template files

    Closes #854

commit 05a69ce32c318109815bbaa9a57700c4594aa267
Author: Daniel Stenberg <>
Date:   Wed Jun 22 10:53:28 2016 +0200

    vc: fix the build for schannel certinfo support

    Broken since 6cabd785, which adds use of the Curl_extract_certinfo
    function from the x509asn1.c file.

commit 80388edefca58f8199cdfde077efb7f6d91e60fa
Author: Daniel Stenberg <>
Date:   Tue Jun 21 19:31:24 2016 +0200

    typedefs: use the full structs in internal code...

    ... and save the typedef'ed names for headers and external APIs.

commit 434f8d0389f2969b393ff81ead713b7600502f27
Author: Daniel Stenberg <>
Date:   Tue Jun 21 15:47:12 2016 +0200

    internals: rename the SessionHandle struct to Curl_easy

commit 9adf3c473a01b289c781aab111f9ad2fc541ed4e
Author: Daniel Stenberg <>
Date:   Tue Jun 21 14:39:33 2016 +0200

    headers: forward declare CURL, CURLM and CURLSH as structs

    Instead of typedef'ing to void, typedef to their corresponding actual
    struct names to allow compilers to type-check.

    Assisted-by: Reinhard Max

commit 04b4ee5498b14d320e3b375c64d0162cc2b53c99
Author: Jay Satiro <>
Date:   Sun Jun 12 23:47:12 2016 -0400

    vtls: Only call add/getsession if session id is enabled

    Prior to this change we called Curl_ssl_getsessionid and
    Curl_ssl_addsessionid regardless of whether session ID reusing was
    enabled. According to comments that is in case session ID reuse was
    disabled but then later enabled.

    The old way was not intuitive and probably not something users expected.
    When a user disables session ID caching I'd guess they don't expect the
    session ID to be cached anyway in case the caching is later enabled.

commit 046c2c85c4c365d4ae8a621d7886caf96f51e0e7
Author: Daniel Stenberg <>
Date:   Wed Jun 22 00:37:36 2016 +0200

    curl.1: the used progress meter suffix is k in lower case

    Closes #883

commit 12e21fab26bd83dfa75f009a24380d144ea51857
Author: Sergei Nikulov <>
Date:   Thu Jun 16 13:53:50 2016 +0300

    cmake: now using BUILD_TESTING=ON/OFF

    CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build
    tests and enabling CTest integration. Options BUILD_CURL_TESTS and

    Closes #882

    Reviewed-by: Brad King

commit 0bdec5e01d9914d97bb9ed1301b1590162fe2945
Author: Michael Kaufmann <>
Date:   Tue Jun 21 09:47:34 2016 +0200

    cleanup: fix method names in code comments

    Closes #887

commit b2dcf0347f1ee5041cccd64632bb8dd7ccbbae91
Author: Kamil Dudka <>
Date:   Tue Jun 21 12:40:26 2016 +0200

    curl-compilers.m4: improve detection of GCC's -fvisibility= flag

    Some builds of GCC produce output on both stdout and stderr when --help
    --verbose is used.  The 2>&1 redirection caused them to be arbitrarily
    interleaved with each other because of stream buffering.  Consequently,
    grep failed to match the fvisibility= string in the mixed output, even
    though the string was present in GCC's standard output.

    This led to silently disabling symbol hiding in some builds of curl.

commit 5f2e3b886759e0822ff31c36ef10ca8df59fcf59
Author: Daniel Stenberg <>
Date:   Sun Jun 19 23:52:01 2016 +0200

    tests: fix the HTTP/2 tests

    The HTTP/2 tests brought with commit bf05606ef1f were using the internal
    name 'http2' for the HTTP/2 server, while in fact that name was already
    used for the second instance of the HTTP server. This made tests using
    the second instance (like test 2050) fail after a HTTP/2 test had run.

    The server is now known as HTTP/2 internally and within the <server>
    section in test cases. 1700, 1701 and 1702 were updated accordingly.

commit bb4e7921e70637a43bb01952888fcb0870fb915f
Author: Daniel Stenberg <>
Date:   Sun Jun 19 23:21:54 2016 +0200

    openssl: use more 'const' to fix build warnings with 1.1.0 branch

commit 2668d8df9a61eadbb7de44903f05963984507d3d
Author: Daniel Stenberg <>
Date:   Fri Jun 17 10:40:20 2016 +0200

    curl.1: missed 'T' in the progress unit suffixes

commit c9a6ab6d921a02a198a543d5b0650fb0c94fd94d
Author: Daniel Stenberg <>
Date:   Fri Jun 17 00:32:34 2016 +0200

    curl.1: mention the unix for the progress meter

commit 13d633d27492ccd86a3424b34952b0ef8026306e
Author: Patrick Monnerat <>
Date:   Thu Jun 16 19:05:42 2016 +0200

    os400: add new definitions to ILE/RPG binding.

commit d4643d6e799b088e0a7e9b768facc0d1e1e86257
Author: Daniel Stenberg <>
Date:   Wed Jun 15 15:36:40 2016 +0200

    openssl: fix cert check with non-DNS name fields present

    Regression introduced in 5f5b62635 (released in 7.48.0)

    Reported-by: Fabian Ruff
    Fixes #875

commit b1839f6ed8bc8d9324c1fcf334955ddabf47b936
Author: Dan Fandrich <>
Date:   Thu Jun 16 08:44:08 2016 +0200

    axtls: Use Curl_wait_ms instead of the less-portable usleep

commit 52c5e9488c0bebc002d114d747fee697d422d02d
Author: Dan Fandrich <>
Date:   Thu Jun 16 08:29:10 2016 +0200

    axtls: Fixed compile after compile 31c521b0

commit 67176e2b840486c58a107ab1178d19cfa65faf0f
Author: Dan Fandrich <>
Date:   Wed Jun 15 23:04:48 2016 +0200

    tests: Added HTTP proxy keywords to tests 1141 & 1142

commit b70ca5281d93b621dee700c74740b2621d1e30b4
Author: Sergei Nikulov <>
Date:   Tue Jun 14 17:11:48 2016 +0300

    cmake: Fix build with winldap

    Bug: curl/curl#874
    Reported-by: Sergei Nikulov

commit f77dfbc5fbb7a20f8d3ef918df35b68c0b60f1e9
Author: Jay Satiro <>
Date:   Sat Jun 11 17:33:16 2016 -0400

    CURLOPT_POSTFIELDS.3: Clarify what happens when set empty

    When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
    zero-byte POST. Prior to this change it was documented as sending data
    from the read callback.

    This also changes the wording of what happens when empty or NULL so that
    it's hopefully easier to understand for people whose primary language
    isn't English.

    Bug: curl/curl#862
    Reported-by: Askar Safin

commit 929520582cdd3708f845af637757837b1d2a7d16
Author: Michael Wallner <>
Date:   Tue Jun 7 07:51:34 2016 +0200

    curl_multi_socket_action.3: Fix rewording

    - Remove some erroneous text.

    Closes curl/curl#865

commit 608d161b605e4ac0ebdab6c89c64e14423a0457a
Author: Luo Jinghua <>
Date:   Wed Jun 8 07:23:54 2016 +0800

    resolve: enable protocol family logic for synthesized IPv6

    - Enable protocol family logic for IPv6 resolves even when support
    for synthesized addresses is enabled.

    This is a follow up to the parent commit that added support for
    synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
    logic needed for IPv6 was inadvertently excluded if support for
    synthesized addresses was enabled.

    Bug: curl/curl#863
    Ref: curl/curl#866
    Ref: curl/curl#867

commit 01a49a7626ee4a226cd0b50d70591ab147d60ee0
Author: Luo Jinghua <>
Date:   Tue Jun 7 18:11:37 2016 +0800

    resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS

    Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
    If the current network interface doesn’t support IPv4, but supports
    IPv6, NAT64, and DNS64.

    Closes #866
    Fixes #863

commit 9b6d3a662ea81ec3bbb12002ca79fd27d750671e
Author: Daniel Stenberg <>
Date:   Sun Jun 5 11:28:31 2016 +0200

    tests: two more HTTP/2 tests

    1701 and 1702

commit 320905a34589a987a5afe29c84316b1bfbcb8290
Author: Daniel Stenberg <>
Date:   Sun Jun 5 11:17:29 2016 +0200

    runtests: don't display logs when http2 server fails to start

commit d3b5c153af6998e2fd64bfc2b3033b2b5526a8cf
Author: Daniel Stenberg <>
Date:   Fri Jun 3 23:54:06 2016 +0200

    runtests: make stripfile work on stdout as well

    ... and have test 1700 use that to strip out the nghttpx server: headers

commit bf05606ef1f7a982c821396c3ef9fddeb4a1b011
Author: Daniel Stenberg <>
Date:   Fri Jun 3 23:36:10 2016 +0200

    http2-tests: test1700 is the first real HTTP/2 test

    It requires that 'nghttpx' is in the PATH, and it will run the tests
    using nghttpx as a front-end proxy in front of the standard HTTP/1 test
    server. This uses HTTP/2 over plain TCP.

    If you like me have nghttpx installed in a custom path, you can run test 1700
    like this:

    $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./ 1700

commit c53d8a0b41a661251fc08ef696040a77842e2049
Author: Daniel Stenberg <>
Date:   Mon Jun 6 23:23:44 2016 +0200

    RELEASE-NOTES: synced with 34855feeb4c299

commit 34855feeb4c2991f7a158064abef16829bd4425f
Author: Steve Holme <>
Date:   Mon Jun 6 20:53:30 2016 +0100

    schannel: Disable ALPN on Windows < 8.1

    Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
    fails on Windows < 8.1 so we need to disable ALPN on these OS versions.

    Inspiration provide by: Daniel Seither

    Closes #848
    Fixes #840

commit 84a48e5732d9dd0c98fda3597352e4b16f35a7ad
Author: Jay Satiro <>
Date:   Sun Jun 5 21:07:03 2016 -0400

    checksrc: Add LoadLibrary to the banned functions list

    LoadLibrary was supplanted by Curl_load_library for security
    reasons in 6df916d.

commit 1aa899ff38548a5d1c196f5c9ad7047f0fae3f5a
Author: Jay Satiro <>
Date:   Sun Jun 5 03:13:32 2016 -0400

    http: Fix HTTP/2 connection reuse

    - Change the parser to not require a minor version for HTTP/2.

    HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
    in 8243a95 because the parser still expected a minor version.

    Bug: curl/curl#855
    Reported-by: Andrew Robbins, Frank Gevaerts

commit 61c92c7850cb83c572827dc348247b8b9b57c25a
Author: Steve Holme <>
Date:   Sat Jun 4 21:52:08 2016 +0100

    connect.c: Fixed compilation warning from commit 332e8d6164

    connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'

commit 332e8d6164bfb33dfae19704ef8c3e851a71b2d3
Author: Steve Holme <>
Date:   Sat Jun 4 20:58:39 2016 +0100

    win32: Used centralised verify windows version function

    Closes #845

commit dde5e430e21605e94b24262deef4800e04fb6ba5
Author: Steve Holme <>
Date:   Sat Jun 4 20:51:32 2016 +0100

    win32: Added verify windows version functionality

commit 6020ce5fa70212f105e74456037a2f5cc66c4e09
Author: Steve Holme <>
Date:   Sat Jun 4 20:06:56 2016 +0100

    win32: Introduced centralised verify windows version function

commit 584d0121c353ed855115c39f6cbc009854018029
Author: Kamil Dudka <>
Date:   Fri Jun 3 11:26:20 2016 +0200

    tool_urlglob: fix off-by-one error in glob_parse()

    ... causing SIGSEGV while parsing URL with too many globs.
    Minimal example:

    $ curl $(for i in $(seq 101); do printf '{a}'; done)

    Reported-by: Romain Coltel

commit 873b4346bafdec388fa4bd61ebdee0161da661a0
Author: Benjamin Kircher <>
Date:   Wed Jun 1 19:02:18 2016 +0200

    libcurl-multi.3: fix small typo

    Closes #850

commit 55ab64ed1a0472f70a466d5b53c317992c0640c0
Author: Viktor Szakats <>
Date:   Wed Jun 1 10:35:38 2016 +0200

    makefile.m32: add crypt32 for winssl builds

    Dependency added by 6cabd78

    Closes #849

commit 31c521b0470e57125ffcd0f1b0c6edf3b9af96c1
Author: Ivan Avdeev <>
Date:   Wed Jun 1 09:30:03 2016 +0200

    vtls: fix ssl session cache race condition

    Sessionid cache management is inseparable from managing individual
    session lifetimes. E.g. for reference-counted sessions (like those in
    SChannel and OpenSSL engines) every session addition and removal
    should be accompanied with refcount increment and decrement
    respectively. Failing to do so synchronously leads to a race condition
    that causes symptoms like use-after-free and memory corruption.
    This commit:
     - makes existing session cache locking explicit, thus allowing
       individual engines to manage lock's scope.
     - fixes OpenSSL and SChannel engines by putting refcount management
       inside this lock's scope in relevant places.
     - adds these explicit locking calls to other engines that use
       sessionid cache to accommodate for this change. Note, however,
       that it is unknown whether any of these engines could also have
       this race.

    Bug: curl/curl#815
    Fixes #815
    Closes #847

commit 6cabd78531f80d5c6cd942ed1aa97eaa5ec080df
Author: Andrew Kurushin <>
Date:   Wed Jun 1 08:48:30 2016 +0200

    schannel: add CURLOPT_CERTINFO support

    Closes #822

commit c444ace5568cdbd7c4f85fecb3f05680aaa5b96d
Author: Daniel Stenberg <>
Date:   Tue May 31 23:33:48 2016 +0200

    RELEASE-NOTES: synced with 142ee9fa15002315

commit 142ee9fa1500231557333a70691049166e79854a
Author: Daniel Stenberg <>
Date:   Tue May 31 19:54:35 2016 +0200

    openssl: rename the private SSL_strerror

    ... to make it not look like an OpenSSL function

commit 7108e53fb58a194df54149e3a52c7df006f24ae7
Author: Michael Kaufmann <>
Date:   Tue May 31 16:25:56 2016 +0200

    openssl: Use correct buffer sizes for error messages

    Closes #844

commit 6dbc23cfd86bbf8c1616759068a5909ced3dcc99
Author: Daniel Stenberg <>
Date:   Tue May 31 14:13:33 2016 +0200

    curl: fix -q [regression]

    This broke in 7.49.0 with commit e200034425a7625

    Fixes #842

commit 5409e1d793de755c7433336b80b0c8370a359d45
Author: Daniel Stenberg <>
Date:   Sun May 8 15:11:10 2016 +0200

    URL parser: allow URLs to use one, two or three slashes

    Mostly in order to support broken web sites that redirect to broken URLs
    that are accepted by browsers.

    Browsers are typically even more leniant than this as the WHATWG URL
    spec they should allow an _infinite_ amount. I tested 8000 slashes with
    Firefox and it just worked.

    Added test case 1141, 1142 and 1143 to verify the new parser.

    Closes #791

commit ed8b8f2456fc485fa81fb3d3eaef684121bb1aef
Author: Renaud Lehoux <>
Date:   Mon May 30 17:26:10 2016 +0200

    cmake: Added missing mbedTLS support

    Closes #837

commit 2072b4ae4f337a46283bfcc98a6f42c063d43bdf
Author: Renaud Lehoux <>
Date:   Mon May 30 18:10:23 2016 +0200

    mbedtls: removed unused variables

    Closes #838

commit 071c56139463137a4e32a8d841a70c16f3682bb7
Author: Frank Gevaerts <>
Date:   Wed May 11 14:23:37 2016 +0200

    http: add CURLINFO_HTTP_VERSION and %{http_version}

    Adds access to the effectively used http version to both libcurl and

    Closes #799

commit 4bffaad85f7ba9ba12272a06ce4e4a81a9a3178a
Author: Daniel Stenberg <>
Date:   Mon May 30 22:55:54 2016 +0200

    bump: start the journey toward 7.50.0

commit c9b4e6e85907f1581c8d6e1ab52c7f8b9282f266
Author: Marcel Raad <>
Date:   Mon May 30 13:26:20 2016 +0200

    openssl: fix build with OPENSSL_NO_COMP

    With OPENSSL_NO_COMP defined, there is no function

    Closes #836

commit 9a1593501cb30e36ea7109680cab368f9425000d
Author: Gisle Vanem <>
Date:   Mon May 30 11:43:04 2016 +0200

    memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC

    Fixes #828

commit 27c86c887194088551577832d284237678e837b4
Author: Jonathan <>
Date:   Mon May 30 10:46:35 2016 +0200 polish

    Closes #834

commit 602a6bdf6f378b5f44ba7f5f9c9cf87d52c507bd
Author: Daniel Stenberg <>
Date:   Mon May 30 08:21:16 2016 +0200

    RELEASE-NOTES: fix vuln link

Change-Id: I794e042ee8550487e0d42a4df72c73f2b4f89500
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment