delta/curl.git, branch bagder/create-hostcache-on-stack github.com: bagder/curl.git hostip: make create_hostcache_id avoid alloc + free 2019-02-09T23:45:20+00:00 Daniel Stenberg daniel@haxx.se 2019-02-09T23:10:18+00:00 f7a3d042647dd6efa23441effd33d580e063705a 






url/idnconvert: remove scan for <= 32 ascii values
2019-02-09T22:39:58+00:00

Daniel Stenberg
daniel@haxx.se

2019-02-07T10:54:00+00:00

9cb126792ce225e7c7d6ab5d1bf74f58f1844a29

The check was added back in fa939220df before the URL parser would catch
these problems and therefore these will never trigger now.

Closes #3539





The check was added back in fa939220df before the URL parser would catch
these problems and therefore these will never trigger now.

Closes #3539







urlapi: reduce variable scope, remove unreachable 'break'
2019-02-09T22:33:36+00:00

Daniel Stenberg
daniel@haxx.se

2019-02-08T12:49:45+00:00

f260b9e9323015fd5790fc7a4c97214ceeac641b

Both nits pointed out by codacy.com

Closes #3540





Both nits pointed out by codacy.com

Closes #3540







zsh.pl: escape ':' character
2019-02-07T21:51:53+00:00

Alessandro Ghedini
alessandro@ghedini.me

2019-02-05T21:06:26+00:00

b3cc8017b7364f588365be2b2629c49c142efdb7

':' is interpreted as separator by zsh, so if used as part of the argument
or option's description it needs to be escaped.

The problem can be reproduced as follows:

 % curl --reso<TAB>
 % curl -E <TAB>

Bug: https://bugs.debian.org/921452





':' is interpreted as separator by zsh, so if used as part of the argument
or option's description it needs to be escaped.

The problem can be reproduced as follows:

 % curl --reso<TAB>
 % curl -E <TAB>

Bug: https://bugs.debian.org/921452







zsh.pl: update regex to better match curl -h output
2019-02-07T21:51:53+00:00

Alessandro Ghedini
alessandro@ghedini.me

2019-02-05T20:44:14+00:00

dbd32f3241b297b96ee11a51da1a661f528ca026

The current regex fails to match '<...>' arguments properly (e.g. those
with spaces in them), which causes an completion script with wrong
descriptions for some options.

Here's a diff of the generated completion script, comparing the previous
version to the one with this fix:

--- /usr/share/zsh/vendor-completions/_curl	2019-01-15 20:47:40.000000000 +0000
+++ _curl	2019-02-05 20:57:29.453349040 +0000
@@ -9,48 +9,48 @@

 _arguments -C -S \
   --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
+  --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
   {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
   {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
   {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
   --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
-  --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
+  --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
   {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
   --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
   --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
-  --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
   --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
   --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
-  --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
-  --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
+  --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
   --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
   --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
+  --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
   --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
+  --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
   {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
   --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
   --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
-  --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
+  --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
   --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
   --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
-  --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
   {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
   --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
   --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
   {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
-  --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
-  --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
-  {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
-  --location-trusted'[--location, and send auth to other hosts]':'Like' \
+  --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
   --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
   {-O,--remote-name}'[Write output to a file named as the remote file]' \
+  --retry-connrefused'[Retry on connection refused (use with --retry)]' \
+  --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
   --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
   --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
   --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
   {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
+  {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
   {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
   --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
   --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
-  --ignore-content-length'[the size of the remote resource]':'Ignore' \
   {-k,--insecure}'[Allow insecure server connections when using SSL]' \
+  --location-trusted'[Like --location, and send auth to other hosts]' \
   --mail-auth'[Originator address of the original email]':'<address>' \
   --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
   --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
@@ -62,18 +62,19 @@
   --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
   --cacert'[CA certificate to verify peer against]':'<file>':_files \
   {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
+  --ignore-content-length'[Ignore the size of the remote resource]' \
   {-i,--include}'[Include protocol response headers in the output]' \
   --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
   --unix-socket'[Connect through this Unix domain socket]':'<path>' \
   {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
-  --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
   {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
-  {-J,--remote-header-name}'[the header-provided filename]':'Use' \
+  --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
   --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
   {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
   {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
   --capath'[CA directory to verify peer against]':'<dir>':_files \
   {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
+  --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
   --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
   {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
   --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
@@ -81,52 +82,49 @@
   {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
   --egd-file'[EGD socket path for random data]':'<file>':_files \
   --fail-early'[Fail on first transfer error, do not continue]' \
-  --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
-  --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
+  {-J,--remote-header-name}'[Use the header-provided filename]' \
   --retry-max-time'[Retry only within this period]':'<seconds>' \
   --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
   --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
-  --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
-  --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
   --cert-status'[Verify the status of the server certificate]' \
-  --ftp-create-dirs'[the remote dirs if not present]':'Create' \
   {-:,--next}'[Make next URL use its separate set of options]' \
   --proxy-key-type'[Private key file type for proxy]':'<type>' \
-  --remote-name-all'[the remote file name for all URLs]':'Use' \
   {-X,--request}'[Specify request command to use]':'<command>' \
   --retry'[Retry request if transient problems occur]':'<num>' \
-  --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
   --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
   --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
   --create-dirs'[Create necessary local directory hierarchy]' \
+  --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
   --max-redirs'[Maximum number of redirects allowed]':'<num>' \
   {-n,--netrc}'[Must read .netrc for user name and password]' \
+  {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
   --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
   --sasl-ir'[Enable initial response in SASL authentication]' \
-  --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
+  --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
+  --ssl-allow-beast'[Allow security flaw to improve interop]' \
+  --ftp-create-dirs'[Create the remote dirs if not present]' \
   --interface'[Use network INTERFACE (or address)]':'<name>' \
   --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
   --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
   {-N,--no-buffer}'[Disable buffering of the output stream]' \
   --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
-  --styled-output'[styled output for HTTP headers]':'Enable' \
+  --remote-name-all'[Use the remote file name for all URLs]' \
+  --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
   --max-filesize'[Maximum file size to download]':'<bytes>' \
   --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
   --no-keepalive'[Disable TCP keepalive on the connection]' \
   {-#,--progress-bar}'[Display transfer progress as a bar]' \
-  {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
-  --proxy-anyauth'[any proxy authentication method]':'Pick' \
   {-Q,--quote}'[Send command(s) to server before transfer]' \
-  --request-target'[the target for this request]':'Specify' \
+  --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
   {-u,--user}'[Server user and password]':'<user:password>' \
   {-K,--config}'[Read config from a file]':'<file>':_files \
   {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
   --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
-  --disallow-username-in-url'[username in url]':'Disallow' \
   --krb'[Enable Kerberos with security <level>]':'<level>' \
   --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
   --proxy-digest'[Use Digest authentication on the proxy]' \
   --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
+  --styled-output'[Enable styled output for HTTP headers]' \
   {-b,--cookie}'[Send cookies from string/file]':'<data>' \
   --data-urlencode'[HTTP POST data url encoded]':'<data>' \
   --delegation'[GSS-API delegation permission]':'<LEVEL>' \
@@ -134,7 +132,10 @@
   --post301'[Do not switch to GET after following a 301]' \
   --post302'[Do not switch to GET after following a 302]' \
   --post303'[Do not switch to GET after following a 303]' \
+  --proxy-anyauth'[Pick any proxy authentication method]' \
+  --request-target'[Specify the target for this request]' \
   --trace-time'[Add time stamps to trace/verbose output]' \
+  --disallow-username-in-url'[Disallow username in url]' \
   --dns-servers'[DNS server addrs to use]':'<addresses>' \
   {-G,--get}'[Put the post data in the URL and use GET]' \
   --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
@@ -148,21 +149,21 @@
   --metalink'[Process given URLs as metalink XML file]' \
   --tr-encoding'[Request compressed transfer encoding]' \
   --xattr'[Store metadata in extended file attributes]' \
-  --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
   --pass'[Pass phrase for the private key]':'<phrase>' \
   --proxy-ntlm'[Use NTLM authentication on the proxy]' \
   {-S,--show-error}'[Show error even when -s is used]' \
-  --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
+  --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
   --form-string'[Specify multipart MIME data]':'<name=string>' \
   --login-options'[Server login options]':'<options>' \
   --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
-  --tftp-no-options'[not send any TFTP options]':'Do' \
   {-v,--verbose}'[Make the operation more talkative]' \
+  --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
   --proxy-key'[Private key for HTTPS proxy]':'<key>' \
   {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
   --mail-from'[Mail from this address]':'<address>' \
   --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
   --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
+  --tftp-no-options'[Do not send any TFTP options]' \
   --tlsauthtype'[TLS authentication type]':'<type>' \
   --doh-url'[Resolve host names over DOH]':'<URL>' \
   --no-sessionid'[Disable SSL session-ID reusing]' \
@@ -173,14 +174,13 @@
   --ftp-ssl-ccc'[Send CCC after authenticating]' \
   {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
   {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
-  --netrc-optional'[either .netrc or URL]':'Use' \
   --service-name'[SPNEGO service name]':'<name>' \
   {-V,--version}'[Show version number and quit]' \
   --data-ascii'[HTTP POST ASCII data]':'<data>' \
   --ftp-account'[Account data string]':'<data>' \
-  --compressed-ssh'[SSH compression]':'Enable' \
   --disable-eprt'[Inhibit using EPRT or LPRT]' \
   --ftp-method'[Control CWD usage]':'<method>' \
+  --netrc-optional'[Use either .netrc or URL]' \
   --pubkey'[SSH Public key file name]':'<key>' \
   --raw'[Do HTTP "raw"; no transfer decoding]' \
   --anyauth'[Pick any authentication method]' \
@@ -189,6 +189,7 @@
   --no-alpn'[Disable the ALPN TLS extension]' \
   --tcp-nodelay'[Use the TCP_NODELAY option]' \
   {-B,--use-ascii}'[Use ASCII/text transfer]' \
+  --compressed-ssh'[Enable SSH compression]' \
   --digest'[Use HTTP Digest Authentication]' \
   --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
   --engine'[Crypto engine to use]':'<name>' \





The current regex fails to match '<...>' arguments properly (e.g. those
with spaces in them), which causes an completion script with wrong
descriptions for some options.

Here's a diff of the generated completion script, comparing the previous
version to the one with this fix:

--- /usr/share/zsh/vendor-completions/_curl	2019-01-15 20:47:40.000000000 +0000
+++ _curl	2019-02-05 20:57:29.453349040 +0000
@@ -9,48 +9,48 @@

 _arguments -C -S \
   --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
+  --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
   {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
   {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
   {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
   --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
-  --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
+  --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
   {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
   --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
   --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
-  --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
   --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
   --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
-  --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
-  --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
+  --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
   --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
   --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
+  --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
   --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
+  --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
   {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
   --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
   --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
-  --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
+  --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
   --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
   --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
-  --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
   {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
   --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
   --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
   {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
-  --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
-  --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
-  {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
-  --location-trusted'[--location, and send auth to other hosts]':'Like' \
+  --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
   --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
   {-O,--remote-name}'[Write output to a file named as the remote file]' \
+  --retry-connrefused'[Retry on connection refused (use with --retry)]' \
+  --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
   --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
   --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
   --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
   {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
+  {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
   {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
   --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
   --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
-  --ignore-content-length'[the size of the remote resource]':'Ignore' \
   {-k,--insecure}'[Allow insecure server connections when using SSL]' \
+  --location-trusted'[Like --location, and send auth to other hosts]' \
   --mail-auth'[Originator address of the original email]':'<address>' \
   --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
   --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
@@ -62,18 +62,19 @@
   --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
   --cacert'[CA certificate to verify peer against]':'<file>':_files \
   {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
+  --ignore-content-length'[Ignore the size of the remote resource]' \
   {-i,--include}'[Include protocol response headers in the output]' \
   --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
   --unix-socket'[Connect through this Unix domain socket]':'<path>' \
   {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
-  --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
   {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
-  {-J,--remote-header-name}'[the header-provided filename]':'Use' \
+  --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
   --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
   {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
   {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
   --capath'[CA directory to verify peer against]':'<dir>':_files \
   {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
+  --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
   --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
   {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
   --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
@@ -81,52 +82,49 @@
   {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
   --egd-file'[EGD socket path for random data]':'<file>':_files \
   --fail-early'[Fail on first transfer error, do not continue]' \
-  --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
-  --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
+  {-J,--remote-header-name}'[Use the header-provided filename]' \
   --retry-max-time'[Retry only within this period]':'<seconds>' \
   --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
   --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
-  --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
-  --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
   --cert-status'[Verify the status of the server certificate]' \
-  --ftp-create-dirs'[the remote dirs if not present]':'Create' \
   {-:,--next}'[Make next URL use its separate set of options]' \
   --proxy-key-type'[Private key file type for proxy]':'<type>' \
-  --remote-name-all'[the remote file name for all URLs]':'Use' \
   {-X,--request}'[Specify request command to use]':'<command>' \
   --retry'[Retry request if transient problems occur]':'<num>' \
-  --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
   --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
   --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
   --create-dirs'[Create necessary local directory hierarchy]' \
+  --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
   --max-redirs'[Maximum number of redirects allowed]':'<num>' \
   {-n,--netrc}'[Must read .netrc for user name and password]' \
+  {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
   --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
   --sasl-ir'[Enable initial response in SASL authentication]' \
-  --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
+  --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
+  --ssl-allow-beast'[Allow security flaw to improve interop]' \
+  --ftp-create-dirs'[Create the remote dirs if not present]' \
   --interface'[Use network INTERFACE (or address)]':'<name>' \
   --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
   --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
   {-N,--no-buffer}'[Disable buffering of the output stream]' \
   --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
-  --styled-output'[styled output for HTTP headers]':'Enable' \
+  --remote-name-all'[Use the remote file name for all URLs]' \
+  --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
   --max-filesize'[Maximum file size to download]':'<bytes>' \
   --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
   --no-keepalive'[Disable TCP keepalive on the connection]' \
   {-#,--progress-bar}'[Display transfer progress as a bar]' \
-  {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
-  --proxy-anyauth'[any proxy authentication method]':'Pick' \
   {-Q,--quote}'[Send command(s) to server before transfer]' \
-  --request-target'[the target for this request]':'Specify' \
+  --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
   {-u,--user}'[Server user and password]':'<user:password>' \
   {-K,--config}'[Read config from a file]':'<file>':_files \
   {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
   --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
-  --disallow-username-in-url'[username in url]':'Disallow' \
   --krb'[Enable Kerberos with security <level>]':'<level>' \
   --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
   --proxy-digest'[Use Digest authentication on the proxy]' \
   --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
+  --styled-output'[Enable styled output for HTTP headers]' \
   {-b,--cookie}'[Send cookies from string/file]':'<data>' \
   --data-urlencode'[HTTP POST data url encoded]':'<data>' \
   --delegation'[GSS-API delegation permission]':'<LEVEL>' \
@@ -134,7 +132,10 @@
   --post301'[Do not switch to GET after following a 301]' \
   --post302'[Do not switch to GET after following a 302]' \
   --post303'[Do not switch to GET after following a 303]' \
+  --proxy-anyauth'[Pick any proxy authentication method]' \
+  --request-target'[Specify the target for this request]' \
   --trace-time'[Add time stamps to trace/verbose output]' \
+  --disallow-username-in-url'[Disallow username in url]' \
   --dns-servers'[DNS server addrs to use]':'<addresses>' \
   {-G,--get}'[Put the post data in the URL and use GET]' \
   --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
@@ -148,21 +149,21 @@
   --metalink'[Process given URLs as metalink XML file]' \
   --tr-encoding'[Request compressed transfer encoding]' \
   --xattr'[Store metadata in extended file attributes]' \
-  --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
   --pass'[Pass phrase for the private key]':'<phrase>' \
   --proxy-ntlm'[Use NTLM authentication on the proxy]' \
   {-S,--show-error}'[Show error even when -s is used]' \
-  --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
+  --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
   --form-string'[Specify multipart MIME data]':'<name=string>' \
   --login-options'[Server login options]':'<options>' \
   --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
-  --tftp-no-options'[not send any TFTP options]':'Do' \
   {-v,--verbose}'[Make the operation more talkative]' \
+  --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
   --proxy-key'[Private key for HTTPS proxy]':'<key>' \
   {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
   --mail-from'[Mail from this address]':'<address>' \
   --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
   --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
+  --tftp-no-options'[Do not send any TFTP options]' \
   --tlsauthtype'[TLS authentication type]':'<type>' \
   --doh-url'[Resolve host names over DOH]':'<URL>' \
   --no-sessionid'[Disable SSL session-ID reusing]' \
@@ -173,14 +174,13 @@
   --ftp-ssl-ccc'[Send CCC after authenticating]' \
   {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
   {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
-  --netrc-optional'[either .netrc or URL]':'Use' \
   --service-name'[SPNEGO service name]':'<name>' \
   {-V,--version}'[Show version number and quit]' \
   --data-ascii'[HTTP POST ASCII data]':'<data>' \
   --ftp-account'[Account data string]':'<data>' \
-  --compressed-ssh'[SSH compression]':'Enable' \
   --disable-eprt'[Inhibit using EPRT or LPRT]' \
   --ftp-method'[Control CWD usage]':'<method>' \
+  --netrc-optional'[Use either .netrc or URL]' \
   --pubkey'[SSH Public key file name]':'<key>' \
   --raw'[Do HTTP "raw"; no transfer decoding]' \
   --anyauth'[Pick any authentication method]' \
@@ -189,6 +189,7 @@
   --no-alpn'[Disable the ALPN TLS extension]' \
   --tcp-nodelay'[Use the TCP_NODELAY option]' \
   {-B,--use-ascii}'[Use ASCII/text transfer]' \
+  --compressed-ssh'[Enable SSH compression]' \
   --digest'[Use HTTP Digest Authentication]' \
   --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
   --engine'[Crypto engine to use]':'<name>' \







tool_operate: fix typecheck warning
2019-02-07T17:36:53+00:00

Marcel Raad
Marcel.Raad@teamviewer.com

2019-02-06T13:59:15+00:00

91e397b24297055fdc49916b5ce901d63745dd5e

Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9: error: call to
'_curl_easy_setopt_err_long' declared with attribute warning:
curl_easy_setopt expects a long argument for this option [-Werror]

Closes https://github.com/curl/curl/pull/3534





Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9: error: call to
'_curl_easy_setopt_err_long' declared with attribute warning:
curl_easy_setopt expects a long argument for this option [-Werror]

Closes https://github.com/curl/curl/pull/3534







url: close TLS before removing conn from cache
2019-02-06T18:33:21+00:00

Chris Araman
chris.araman@fuze.com

2019-02-06T05:56:36+00:00

927a5bd1b4f95fe2331c9d9923c620ba8e274d6c

- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531





- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531







INTERNALS.md: fix subsection depth and link
2019-02-06T09:29:14+00:00

Daniel Gustafsson
daniel@yesql.se

2019-02-06T09:29:14+00:00

fef38a0898322f285401c5ff2f5e7c90dbf3be63

The Kerberos subsection was mistakenly a subsubsection under FTP, and
the curlx subsection was missing an anchor for the TOC link.

Closes #3529
Reviewed-by: Daniel Stenberg <daniel@haxx.se>





The Kerberos subsection was mistakenly a subsubsection under FTP, and
the curlx subsection was missing an anchor for the TOC link.

Closes #3529
Reviewed-by: Daniel Stenberg <daniel@haxx.se>







RELEASE-NOTES: 7.64.0
2019-02-06T06:57:13+00:00

Daniel Stenberg
daniel@haxx.se

2019-02-05T14:11:51+00:00

f3294d9d86e6a7915a967efff2842089b8b0d071












RELEASE-PROCEDURE: update the release calendar
2019-02-06T06:57:13+00:00

Daniel Stenberg
daniel@haxx.se

2019-02-05T14:30:45+00:00

1c986c068df733ef05a86f80b1ec375e508adfd3