| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Old Changelog |
| |
| Changes done to curl and libcurl from 1997 to 2010, edited manually. The most |
| recent changes are always generated into the CHANGES file straight from git. |
| |
| Kamil Dudka (17 June 2010) |
| - Improve test575 in order to not fail with threaded DNS resolver. |
| |
| Version 7.21.0 (16 June 2010) |
| |
| Daniel Stenberg (5 June 2010) |
| - Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using |
| libcurl and OpenSSL. "I tracked it down to uncleared error state on the |
| OpenSSL error stack - patch attached deals with that." |
| |
| Daniel Stenberg (5 June 2010) |
| - Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and |
| CURLINFO_LOCAL_PORT to curl_easy_getinfo(). |
| |
| Yang Tse (4 June 2010) |
| - Enabled OpenLDAP support for cygwin builds. This support was disabled back |
| in 2008 due to incompatibilities between OpenSSL and OpenLDAP headers. |
| cygwin's OpenSSL 0.9.8l and OpenLDAP 2.3.43 versions on cygwin 1.5.25 |
| allow building an OpenLDAP enabled libcurl supporting back to Windows 95. |
| |
| Removed the non-functional CURL_LDAP_HYBRID code and references. |
| |
| Daniel Stenberg (2 June 2010) |
| - Jason McDonald posted bug report #3006786 when he found that the SFTP code |
| didn't timeout properly in several places in the code even if a timeout was |
| set properly. |
| |
| Based on his suggested patch, I wrote a different implementation that I |
| think addressed the issue better and also uses the connect timeout for the |
| initial part of the SSH/SFTP done during the "protocol connect" phase. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3006786) |
| |
| Yang Tse (2 June 2010) |
| - Added missing new libcurl files to non-configure targets. Adjusted |
| libcurl standard internal header inclusions in new files. Fixed an |
| SPNEGO related memory leak. Fixed several LDAP related compilation |
| issues, and fixed some compiler warnings. |
| |
| Daniel Stenberg (1 June 2010) |
| - Igor Novoseltsev reported a problem with the multi socket API and using |
| timeouts and timers. It boiled down to a problem with libcurl's use of |
| GetTickCount() interally to figure out the current time, while Igor's own |
| application code used another function call. |
| |
| It made his app call the socket API timeout function a bit _before_ libcurl |
| would consider the timeout to trigger, and that could easily lead to |
| timeouts or stalls in the app. It seems GetTickCount() in general often has |
| no better resolution than 16ms and switching to the alternative function |
| QueryPerformanceCounter has its share of problems: |
| http://www.virtualdub.org/blog/pivot/entry.php?id=106 |
| |
| We address this problem by simply having libcurl treat timers that already |
| has occured or will occur within 40ms subject for treatment. I'm confident |
| that there are other implementations and operating systems with similarly in |
| accurate timer functions so it makes sense to have applied generically and I |
| don't believe we sacrifice much by adding a 40ms inaccuracy on these |
| timeouts. |
| |
| Kamil Dudka (27 May 2010) |
| - added a new test for CRL support (test313) |
| |
| - Tor Arntsen changed the alternative definition of bool to use enum instead |
| of unsigned char. |
| |
| Daniel Stenberg (25 May 2010) |
| - Julien Chaffraix fixed the warning seen when compiling lib/rtmp.c: one |
| unused variables, several unused arguments and some missing #include. |
| |
| - Julien Chaffraix fixed 2 OOM errors: a missing NULL-check in |
| lib/http_negociate.c and a potential NULL dereferencing in lib/splay.c |
| |
| - Howard Chu brought a patch that makes the LDAP code much cleaner, nicer and |
| in general being a better libcurl citizen. If a new enough OpenLDAP version |
| is detect, the new and shiny lib/openldap.c code is then used instead of the |
| old cruft. |
| |
| Daniel Stenberg (21 May 2010) |
| - Eric Mertens posted bug #3003705: when we made TFTP use the correct timeout |
| option when sent to the server (fixed May 18th 2010) it became obvious that |
| libcurl used invalid timeout values (300 by default while the RFC allows |
| nothing above 255). While of course it is obvious that as TFTP has worked |
| thus far without being able to set timeout at all, just removing the setting |
| wouldn't make any difference in behavior. I decided to still keep it (but |
| fix the problem) as it now actually allows for easier (future) customization |
| of the timeout. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3003705) |
| |
| - Douglas Kilpatrick filed bug report #3004787 and pointed out that the TFTP |
| code didn't handle block id wraps correctly. His suggested fix inspired the |
| fix I committed. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3004787) |
| |
| Daniel Stenberg (20 May 2010) |
| - Tanguy Fautre brought a fix to allow curl to build with Microsoft VC10. |
| |
| Daniel Stenberg (18 May 2010) |
| - Eric Mertens posted bug report #3003005 pointing out that the libcurl TFTP |
| code was not sending the timeout option properly to the server, and |
| suggested a fix. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3003005) |
| |
| Kamil Dudka (16 May 2010) |
| - Pavel Raiskup introduced a new option CURLOPT_FNMATCH_DATA in order to pass |
| a custom data pointer to the callback specified by CURLOPT_FNMATCH_FUNCTION. |
| |
| Daniel Stenberg (14 May 2010) |
| - John-Mark Bell filed bug #3000052 that identified a problem (with an |
| associated patch) with the OpenSSL handshake state machine when the multi |
| interface is used: |
| |
| Performing an https request using a curl multi handle and using select or |
| epoll to wait for events results in a hang. It appears that the cause is the |
| fix for bug #2958179, which makes ossl_connect_common unconditionally return |
| from the step 2 loop when fetching from a multi handle. |
| |
| When ossl_connect_step2 has completed, it updates connssl->connecting_state |
| to ssl_connect_3. ossl_connect_common will then return to the caller, as a |
| multi handle is in use. Eventually, the client code will call |
| curl_multi_fdset to obtain an updated fdset to select or epoll on. For https |
| requests, curl_multi_fdset will cause https_getsock to be called. |
| https_getsock will only return a socket handle if the connecting_state is |
| ssl_connect_2_reading or ssl_connect_2_writing. Therefore, the client will |
| never obtain a valid fdset, and thus not drive the multi handle, resulting |
| in a hang. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3000052) |
| |
| - Sebastian V reported bug #3000056 identifying a problem with redirect |
| following. It showed that when curl followed redirects it didn't properly |
| ignore the response body of the 30X response if that response was using |
| compressed Content-Encoding! |
| |
| (https://curl.haxx.se/bug/view.cgi?id=3000056) |
| |
| Daniel Stenberg (12 May 2010) |
| - Howard Chu brought support for RTMP. This is powered by the underlying |
| librtmp library. It supports a range of variations and "sub-protocols" |
| within the RTMP family. |
| |
| - Pavel Raiskup brought support for FTP directory wildcard matching to allow |
| selective downloading. To provide that, a set of new options were added: |
| |
| CURLOPT_WILDCARDMATCH |
| CURLOPT_CHUNK_BGN_FUNCTION |
| CURLOPT_CHUNK_END_FUNCTION |
| CURLOPT_CHUNK_DATA |
| CURLOPT_FNMATCH_FUNCTION |
| |
| There were also a set of new tests added (574 - 577) to verify this. |
| |
| Kamil Dudka (11 May 2010) |
| - CRL support in libcurl-NSS has been completely broken. Now it works. Original |
| bug report: https://bugzilla.redhat.com/581926 |
| |
| Daniel Stenberg (7 May 2010) |
| - Dirk Manske reported a regression. When connecting with the multi interface, |
| there were situations where libcurl wouldn't store connect time correctly as |
| it used to (and is documented to) do. |
| |
| Using his fine sample program we could repeat it, and I wrote up test case |
| 573 using that code. The problem does not easily show itself using the local |
| test suite though. |
| |
| The fix, also as suggested by Dirk, is a bit on the ugly side as it adds yet |
| another call to Curl_verboseconnect() and setting the TIMER_CONNECT time. |
| That situation is subject for some closer inspection in the future. |
| |
| - Howard Chu split the I/O handling functions into private handlers. |
| |
| Howard Chu brought the bulk work of this patch that properly moves out the |
| sending and recving of data to the parts of the code that are properly |
| responsible for the various ways of doing so. |
| |
| Daniel Stenberg assisted with polishing a few bits and fixed some minor |
| flaws in the original patch. |
| |
| Another upside of this patch is that we now abuse CURLcodes less with the |
| "magic" -1 return codes and instead use CURLE_AGAIN more consistently. |
| |
| Daniel Stenberg (5 May 2010) |
| - Hoi-Ho Chan introduced support for using the PolarSSL library. You control |
| this with the new configure option --with-polarssl. |
| |
| Daniel Stenberg (29 Apr 2010) |
| - Ben Greear made telnet a lot better/easier to use by an application: |
| |
| The main change is to allow input from user-specified methods, when they are |
| specified with CURLOPT_READFUNCTION. All calls to fflush(stdout) in |
| telnet.c were removed, which makes using 'curl telnet://foo.com' painful |
| since prompts and other data are not always returned to the user promptly. |
| Use 'curl --no-buffer telnet://foo.com' instead. In general, the user |
| should have their CURLOPT_WRITEFUNCTION do a fflush for interactive use. |
| |
| Also fix assumption that reading from stdin never returns < 0. |
| Old code could crash in that case. |
| |
| Call progress functions in telnet main loop. |
| |
| Daniel Stenberg (26 Apr 2010) |
| - Make use of the libssh2_init/exit functions that libssh2 added in version |
| 1.2.5. Using them will improve how libcurl works in threaded situations when |
| SCP and SFTP are transfered. |
| |
| Daniel Stenberg (25 Apr 2010) |
| - Based on work by Kamil Dudka, I've introduced the new configure option |
| --enable-threaded-resolver. When used, the configure script will check for |
| pthreads and if around, it will build libcurl to use pthreads to do name |
| resolving in a threaded manner. Note that this is just a fix to offer an |
| option that can enable the code that already included. The threader resolver |
| code was mostly added on Jan 26 2010. |
| |
| Daniel Stenberg (24 Apr 2010) |
| - Alex Bligh introduced the --proto and -proto-redir options that limit what |
| protocols curl accepts for the requests and when following redirects. |
| |
| Kamil Dudka (24 Apr 2010) |
| - Fixed test536 in order to not fail with threaded DNS resolver and tweaked |
| comments in certain examples using curl_multi_fdset(). |
| |
| - Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405 |
| to hang on a slow machine. |
| |
| Daniel Stenberg (21 Apr 2010) |
| - The -O option caused curl to crash on windows and DOS due to the tool |
| writing out of boundary memory. |
| |
| Yang Tse (20 Apr 2010) |
| - Ruslan Gazizov detected that MSVC makefiles were using wsock32.lib instead |
| of ws2_32.lib, this generated linking issues on MSVC IPv6 enabled builds |
| that were done using those makefiles. |
| |
| Daniel Stenberg (19 Apr 2010) |
| - -J/--remote-header-name didn't strip trailing carriage returns or linefeeds |
| properly, so they could be used in the file name. |
| |
| Daniel Stenberg (16 Apr 2010) |
| - Jerome Vouillon made the GnuTLS SSL handshake phase non-blocking. |
| |
| - The recent overhaul of the SSL recv function made the GnuTLS specific code |
| treat a zero returned from gnutls_record_recv() as an error, and this caused |
| our HTTPS test cases to fail. We leave it to upper layer code to detect if |
| an EOF is a problem or not. |
| |
| - I reverted the resolver fix from yesterday and instead removed all uses of |
| AI_CANONNAME all over libcurl and made the only user of that info (krb5.c) |
| use the host name from the URL instead. No reverse resolving is a good |
| thing. |
| |
| - Paul Howarth made configure properly detect GSS "on ancient Linux distros" |
| by editing in which order we use headers to detect GSS. |
| |
| Daniel Stenberg (15 Apr 2010) |
| - Rainer Canavan filed bug report #2987196 that identified libcurl doing |
| unnecesary reverse name lookups in many cases when built to use IPv4 and |
| getaddrinfo(). The logic for IPv6 is now used for IPv4 too. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2963679) |
| |
| Version 7.20.1 (14 April 2010) |
| |
| Daniel Stenberg (9 Apr 2010) |
| - Prefixing the FTP quote commands with an asterisk really only worked for the |
| postquote actions. This is now fixed and test case 227 has been extended to |
| verify. |
| |
| Kamil Dudka (4 Apr 2010) |
| - Eliminated a race condition in Curl_resolv_timeout(). |
| |
| - Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). |
| |
| - libcurl-NSS now provides more accurate messages and error codes in case of |
| client certificate problem. Either during connection, or transfer phase. |
| |
| Daniel Stenberg (1 Apr 2010) |
| - Matt Wixson found and fixed a bug in the SCP/SFTP area where the code |
| treated a 0 return code from libssh2 to be the same as EAGAIN while in |
| reality it isn't. The problem caused a hang in SFTP transfers from a |
| MessageWay server. |
| |
| Daniel Stenberg (28 Mar 2010) |
| - Ben Greear: If you pass a URL to pop3 that does not contain a message ID as |
| part of the URL, it would previously ask for 'INBOX' which just causes the |
| pop3 server to return an error. |
| |
| Now libcurl treats en empty message ID as a request for LIST (list of pop3 |
| message IDs). User's code could then parse this and download individual |
| messages as desired. |
| |
| Daniel Stenberg (27 Mar 2010) |
| - Ben Greear brought a patch that from now on allows all protocols to specify |
| name and user within the URL, in the same manner HTTP and FTP have been |
| allowed to in the past - although far from all of the libcurl supported |
| protocls actually have that feature in their URL definition spec. |
| |
| Daniel Stenberg (26 Mar 2010) |
| - Ben Greear brought code that makes the rate limiting code for the easy |
| interface a bit smoother as it introduces sub-second sleeps during it and it |
| also takes the buffer sizes into account. |
| |
| Daniel Stenberg (24 Mar 2010) |
| - Bob Richmond: There's an annoying situation where libcurl will read new HTTP |
| response data from a socket, then check if it's a timeout if one is set. If |
| the last packet received constitutes the end of the response body, libcurl |
| still treats it as a timeout condition and reports a message like: |
| |
| "Operation timed out after 3000 milliseconds with 876 out of 876 bytes |
| received" |
| |
| It should only a timeout if the timer lapsed and we DIDN'T receive the end |
| of the response body yet. |
| |
| - Christopher Conroy fixed a problem with RTSP and GET_PARAMETER reported |
| to us by Massimo Callegari. There's a new test case 572 that verifies this |
| now. |
| |
| - The 'ares' subtree has been removed from the source repository. It was |
| always a separate project that sort of piggybacked on the curl project since |
| the dawn of times and now the time has come for it to go stand on its own |
| legs and continue living its own life. All details on c-ares and its new |
| source code repository is found at http://c-ares.haxx.se/ |
| |
| Daniel Stenberg (23 Mar 2010) |
| - Kenny To filed the bug report #2963679 with patch to fix a problem he |
| experienced with doing multi interface HTTP POST over a proxy using |
| PROXYTUNNEL. He found a case where it would connect fine but bits.tcpconnect |
| was not set correct so libcurl didn't work properly. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2963679) |
| |
| - Akos Pasztory filed debian bug report #572276 |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276 mentioning a problem |
| with a resource that returns chunked-encoded _and_ with a Content-Length |
| and libcurl failed to properly ignore the latter information. |
| |
| - Hauke Duden provided an example program that made the multi interface crash. |
| His example simply used the multi interface and did first one FTP transfer |
| and after completion it used a second easy handle and did another FTP |
| transfer on the same FTP server. |
| |
| This triggered a bug in the "delayed easy handle kill" system that curl |
| uses: when an FTP connection is left alive it must keep an easy handle |
| around internally - only for the purpose of having an easy handle when it |
| later disconnects it. The code assumed that when the easy handle was removed |
| and an internal reference was made, that version could be killed later on |
| when a new easy handle came using the same connection. This was wrong as |
| Hauke's example showed that the removed handle wasn't killed for real until |
| later. This caused a double close attempt => segfault. |
| |
| Daniel Stenberg (22 Mar 2010) |
| - Thomas Lopatic fixed the alarm()-based DNS timeout: |
| |
| Looking at the code of Curl_resolv_timeout() in hostip.c, I think that in |
| case of a timeout, the signal handler for SIGALRM never gets removed. I |
| think that in my case it gets executed at some point later on when execution |
| has long left Curl_resolv_timeout() or even the cURL library. |
| |
| The code that is jumped to with siglongjmp() simply sets the error message |
| to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess |
| that instead of simply returning without cleaning up, the code should have a |
| goto that jumps to the spot right after the call to Curl_resolv(). |
| |
| Kamil Dudka (22 Mar 2010) |
| - Douglas Steinwand contributed a patch fixing insufficient initialization in |
| Curl_clone_ssl_config() |
| |
| Daniel Stenberg (21 Mar 2010) |
| - Ben Greear improved TFTP: the error code returning and the treatment |
| of TSIZE == 0 when uploading. |
| |
| - We've switched from CVS to git. See https://curl.haxx.se/source.html |
| |
| Kamil Dudka (19 Mar 2010) |
| - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). |
| |
| Daniel Stenberg (15 Mar 2010) |
| - Constantine Sapuntzakis brought a patch: |
| |
| The problem mentioned on Dec 10 2009 |
| (https://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed. |
| Partially because an easy handle can be associated with many connections in |
| the cache (e.g. if there is a redirect during the lifetime of the easy |
| handle). The previous patch only cleaned up the first one. The new fix now |
| removes the easy handle from all connections, not just the first one. |
| |
| Daniel Stenberg (6 Mar 2010) |
| - Ben Greear brought a patch that fixed the rate limiting logic for TFTP when |
| the easy interface was used. |
| |
| Daniel Stenberg (5 Mar 2010) |
| - Daniel Johnson provided fixes for building curl with the clang compiler. |
| |
| Yang Tse (5 Mar 2010) |
| - Constantine Sapuntzakis detected and fixed a double free in builds done |
| with threaded resolver enabled (Windows default configuration) that would |
| get triggered when a curl handle is closed while doing DNS resolution. |
| |
| Daniel Stenberg (2 Mar 2010) |
| - [Daniel Johnson] I've been trying to build libcurl with clang on Darwin and |
| ran into some issues with the GSSAPI tests in configure.ac. The tests first |
| try to determine the include dirs and libs and set CPPFLAGS and LIBS |
| accordingly. It then checks for the headers and finally sets LIBS a second |
| time, causing the libs to be included twice. The first setting of LIBS seems |
| redundant and should be left out, since the first part is otherwise just |
| about finding headers. |
| |
| My second issue is that 'krb5-config --libs gssapi' on Darwin is less than |
| useless and returns junk that, while it happens to work with gcc, causes |
| clang to choke. For example, --libs returns $CFLAGS along with the libs, |
| which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5 |
| -lresolv"' on Darwin is sufficient. |
| |
| - Based on patch provided by Jacob Moshenko, the transfer logic now properly |
| makes sure that when using sub-second timeouts, there's no final bad 1000ms |
| wait. Previously, a sub-second timeout would often make the elapsed time end |
| up the time rounded up to the nearest second (e.g. 1s for 200ms timeout) |
| |
| - Andrei Benea filed bug report #2956698 and pointed out that the |
| CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function |
| call. He provided the patch to fix it too. |
| |
| https://curl.haxx.se/bug/view.cgi?id=2956698 |
| |
| - Markus Duft pointed out in bug #2961796 that even though Interix has a |
| poll() function it doesn't quite work the way we want it so we must disable |
| it, and he also provided a patch for it. |
| |
| https://curl.haxx.se/bug/view.cgi?id=2961796 |
| |
| - Made the pingpong timeout code properly deal with the response timeout AND |
| the global timeout if set. Also, as was reported in the bug report #2956437 |
| by Ryan Chan, the time stamp to use as basis for the per command timeout was |
| not set properly in the DONE phase for FTP (and not for SMTP) so I fixed |
| that just now. This was a regression compared to 7.19.7 due to the |
| conversion of FTP code over to the generic pingpong concepts. |
| |
| https://curl.haxx.se/bug/view.cgi?id=2956437 |
| |
| Daniel Stenberg (1 Mar 2010) |
| - Ben Greear provided an update for TFTP that fixes upload. |
| |
| - Wesley Miaw reported bug #2958179 which identified a case of looping during |
| OpenSSL based SSL handshaking even though the multi interface was used and |
| there was no good reason for it. |
| |
| https://curl.haxx.se/bug/view.cgi?id=2958179 |
| |
| Daniel Stenberg (26 Feb 2010) |
| - Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a |
| chunked-encoding trailer. |
| |
| https://curl.haxx.se/bug/view.cgi?id=2958474 |
| |
| Daniel Fandrich (25 Feb 2010) |
| - Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code. |
| |
| Yang Tse (25 Feb 2010) |
| - I fixed bug report #2958074 indicating |
| (https://curl.haxx.se/bug/view.cgi?id=2958074) that curl on Windows with |
| option --trace-time did not use local time when timestamping trace lines. |
| This could also happen on other systems depending on time souurce. |
| |
| Patrick Monnerat (22 Feb 2010) |
| - Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account. |
| - SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required). |
| - Use of true local host name (i.e.: via gethostname()) when available, as |
| default argument to SMTP HELO/EHLO. |
| - Test case 804 for HELO fallback. |
| |
| Daniel Stenberg (20 Feb 2010) |
| - Fixed the SMTP compliance by making sure RCPT TO addresses are specified |
| properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now |
| get angle bracket wrapping automatically by libcurl unless the recipient |
| starts with an angle bracket as then the app is assumed to deal with that |
| properly on its own. |
| |
| - I made the SMTP code expect a 250 response back from the server after the |
| full DATA has been sent, and I modified the test SMTP server to also send |
| that response. As usual, the DONE operation that is made after a completed |
| transfer is still not doable in a non-blocking way so this waiting for 250 |
| is unfortunately made blockingly. |
| |
| Yang Tse (14 Feb 2010) |
| - Overhauled test suite getpart() function. Fixing potential out of bounds |
| stack and memory overwrites triggered with huge test case definitions. |
| |
| Daniel Stenberg (13 Feb 2010) |
| - Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2951319) |
| |
| - Tom Donovan fixed the CURL_FORMAT_* defines when building with cmake. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2951269) |
| |
| Daniel Stenberg (12 Feb 2010) |
| - Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses |
| in the same RCPT TO line, when they should be sent in separate single |
| commands. I updated test case 802 to verify this. |
| |
| - I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl |
| tool which made it try to output it as string for the --libcurl feature |
| which could lead to crashes. |
| |
| Yang Tse (11 Feb 2010) |
| - Steven M. Schweda fixed VMS builder bad behavior when used in a batch job, |
| removed obsolete batch_compile.com and defines.com and updated VMS readme. |
| |
| Version 7.20.0 (9 February 2010) |
| |
| Daniel Stenberg (9 Feb 2010) |
| - When downloading compressed content over HTTP and the app asked libcurl to |
| automatically uncompress it with the CURLOPT_ENCODING option, libcurl could |
| wrongly provide the callback with more data than the maximum documented |
| amount. An application could thus get tricked into badness if the maximum |
| limit was trusted to be enforced by libcurl itself (as it is documented). |
| |
| This is further detailed and explained in the libcurl security advisory |
| 20100209 at |
| |
| https://curl.haxx.se/docs/adv_20100209.html |
| |
| Daniel Fandrich (3 Feb 2010) |
| - Changed the Watcom makefiles to make them easier to keep in sync with |
| Makefile.inc since that can't be included directly. |
| |
| Yang Tse (2 Feb 2010) |
| - Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release, |
| symbol will not be available when building with CURL_NO_OLDIES defined. Use |
| of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0 |
| |
| Daniel Stenberg (1 Feb 2010) |
| - Using the multi_socket API, it turns out at times it seemed to "forget" |
| connections (which caused a hang). It turned out to be an existing (7.19.7) |
| bug in libcurl (that's been around for a long time) and it happened like |
| this: |
| |
| The app calls curl_multi_add_handle() to add a new easy handle, libcurl will |
| then set it to timeout in 1 millisecond so libcurl will tell the app about |
| it. |
| |
| The app's timeout fires off that there's a timeout, the app calls libcurl as |
| we so often document it: |
| |
| do { |
| res = curl_multi_socket_action(... TIMEOUT ...); |
| } while(CURLM_CALL_MULTI_PERFORM == res); |
| |
| And this is the problem number one: |
| |
| When curl_multi_socket_action() is called with no specific handle, but only |
| a timeout-action, it will *only* perform actions within libcurl that are |
| marked to run at this time. In this case, the request would go from INIT to |
| CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl |
| again, there's no timer set for this handle so it remains in the CONNECT |
| state. The CONNECT state is a transitional state in libcurl so it reports no |
| sockets there, and thus libcurl never tells the app anything more about that |
| easy handle/connection. |
| |
| libcurl _does_ set a 1ms timeout for the handle at the end of |
| multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop |
| is instant the new job is not ready to run at that point (and there's no |
| code that makes libcurl call the app to update the timout for this new |
| timeout). It will simply rely on that some other timeout will trigger later |
| on or that something else will update the timeout callback. This makes the |
| bug fairly hard to repeat. |
| |
| The fix made to adress this issue: |
| |
| We introduce a loop in lib/multi.c around all calls to multi_runsingle() and |
| simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added |
| benefit that this goes in line with my long-term wishes to get rid of the |
| CURLM_CALL_MULTI_PERFORM all together from the public API. |
| |
| The downside of this fix, is that the counter we return in 'running_handles' |
| in several of our public functions then gets a slightly new and possibly |
| confusing behavior during times: |
| |
| If an app adds a handle that fails to connect (very quickly) it may just |
| as well never appear as a 'running_handle' with this fix. Previously it |
| would first bump the counter only to get it decreased again at next call. |
| Even I have used that change in handle counter to signal "end of a |
| transfer". The only *good* way to find the end of a individual transfer |
| is calling curl_multi_info_read() to see if it returns one. |
| |
| Of course, if the app previously did the looping before it checked the |
| counter, it really shouldn't be any new effect. |
| |
| Yang Tse (26 Jan 2010) |
| - Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months |
| relative to the asynchronous DNS lookups, along with with some integration |
| adjustments I have done are finally committed to CVS. |
| |
| Currently these enhancements will benefit builds done using c-ares on any |
| platform as well as Windows builds using the default threaded resolver. |
| |
| This release does not make generally available POSIX threaded DNS lookups |
| yet. There is no configure option to enable this feature yet. It is possible |
| to experimantally try this feature running configure with compiler flags that |
| make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and |
| HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones |
| are required to link and properly use pthread_* functions on each platform. |
| |
| Daniel Stenberg (26 Jan 2010) |
| - Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the |
| proxy that cannot be resolved when using c-ares. This matches the behaviour |
| when not using c-ares. |
| |
| Björn Stenberg (23 Jan 2010) |
| - Added a new flag: -J/--remote-header-name. This option tells the |
| -O/--remote-name option to use the server-specified Content-Disposition |
| filename instead of extracting a filename from the URL. |
| |
| Daniel Stenberg (21 Jan 2010) |
| - Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new |
| libcurl options for controlling what to get and how to receive posssibly |
| interleaved RTP data. |
| |
| Daniel Stenberg (20 Jan 2010) |
| - As was pointed out on the http-state mailing list, the order of cookies in a |
| HTTP Cookie: header _needs_ to be sorted on the path length in the cases |
| where two cookies using the same name are set more than once using |
| (overlapping) paths. Realizing this, identically named cookies must be |
| sorted correctly. But detecting only identically named cookies and take care |
| of them individually is harder than just to blindly and unconditionally sort |
| all cookies based on their path lengths. All major browsers also already do |
| this, so this makes our behavior one step closer to them in the cookie area. |
| |
| Test case 8 was the only one that broke due to this change and I updated it |
| accordingly. |
| |
| Daniel Stenberg (19 Jan 2010) |
| - David McCreedy brought a fix and a new test case (129) to make libcurl work |
| again when downloading files over FTP using ASCII and it turns out that the |
| final size of the file is not the same as the initial size the server |
| reported. This is very common since servers don't take the newline |
| conversions into account. |
| |
| Kamil Dudka (14 Jan 2010) |
| - Suppressed side effect of OpenSSL configure checks, which prevented NSS from |
| being properly detected under certain circumstances. It had been caused by |
| strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config |
| distinguishes among empty and non-existent environment variable in that case. |
| |
| Daniel Stenberg (12 Jan 2010) |
| - Gil Weber reported a peculiar flaw with the multi interface when doing SFTP |
| transfers: curl_multi_fdset() would return -1 and not set and file |
| descriptors several times during a transfer of a single file. It turned out |
| to be due to two different flaws now fixed. Gil's excellent recipe helped me |
| nail this. |
| |
| Daniel Stenberg (11 Jan 2010) |
| - Made sure that the progress callback is repeatedly called at a regular |
| interval even during very slow connects. |
| |
| - The tests/runtests.pl script now checks to see if the test case that runs is |
| present in the tests/data/Makefile.am and outputs a notice message on the |
| screen if not. Each test file has to be included in that Makefile.am to get |
| included in release archives and forgetting to add files there is a common |
| mistake. This is an attempt to make it harder to forget. |
| |
| Daniel Stenberg (9 Jan 2010) |
| - Johan van Selst found and fixed a OpenSSL session ref count leak: |
| |
| ossl_connect_step3() increments an SSL session handle reference counter on |
| each call. When sessions are re-used this reference counter may be |
| incremented many times, but it will be decremented only once when done (by |
| Curl_ossl_session_free()); and the internal OpenSSL data will not be freed |
| if this reference count remains positive. When a session is re-used the |
| reference counter should be corrected by explicitly calling |
| SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid |
| introducing a memory leak. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2926284) |
| |
| Daniel Stenberg (7 Jan 2010) |
| - Make sure the progress callback is called repeatedly even during very slow |
| name resolves when c-ares is used for resolving. |
| |
| Claes Jakobsson (6 Jan 2010) |
| - Julien Chaffraix fixed so that the fragment part in an URL is not sent |
| to the server anymore. |
| |
| Kamil Dudka (3 Jan 2010) |
| - Julien Chaffraix eliminated a duplicated initialization in singlesocket(). |
| |
| Daniel Stenberg (2 Jan 2010) |
| - Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific |
| versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to |
| control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old |
| option names are still working but the new ones are the ones listed and |
| documented. |
| |
| Daniel Stenberg (1 Jan 2010) |
| - Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This |
| command is a special "hack" used by the drftpd server, but even though it is |
| a custom extension I've deemed it fine to add to libcurl since this server |
| seems to survive and people keep using it and want libcurl to support |
| it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also |
| usable from the curl tool with --ftp-pret. Using this option on a server |
| that doesn't support this command will make libcurl fail. |
| |
| I added test cases 1107 and 1108 to verify the functionality. |
| |
| The PRET command is documented at |
| http://www.drftpd.org/index.php/Distributed_PASV |
| |
| Yang Tse (30 Dec 2009) |
| - Steven M. Schweda improved VMS build system, and Craig A. Berry helped |
| with the patch and testing. |
| |
| Daniel Stenberg (26 Dec 2009) |
| - Renato Botelho and Peter Pentchev brought a patch that makes the libcurl |
| headers work correctly even on FreeBSD systems before v8. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2916915) |
| |
| Daniel Stenberg (17 Dec 2009) |
| - David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when |
| available. |
| |
| - Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I |
| was a bit too quick and broke test case 1101 with that change. The order of |
| some of the setups is sensitive. I now changed it slightly again to make |
| sure we do them in this order: |
| |
| 1 - parse URL and figure out what protocol is used in the URL |
| 2 - prepend protocol:// to URL if missing |
| 3 - parse name+password off URL, which needs to know what protocol is used |
| (since only some allows for name+password in the URL) |
| 4 - figure out if a proxy should be used set by an option |
| 5 - if no proxy option, check proxy environment variables |
| 6 - run the protocol-specific setup function, which needs to have the proxy |
| already set |
| |
| Daniel Stenberg (15 Dec 2009) |
| - Jon Nelson found a regression that turned out to be a flaw in how libcurl |
| detects and uses proxies based on the environment variables. If the proxy |
| was given as an explicit option it worked, but due to the setup order |
| mistake proxies would not be used fine for a few protocols when picked up |
| from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added |
| test case 1106 that verifies this functionality. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2913886) |
| |
| Daniel Stenberg (12 Dec 2009) |
| - IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S |
| and SMTPS) are now supported. The current state may not yet be solid, but |
| the foundation is in place and the test suite has some initial support for |
| these protocols. Work will now persue to make them nice libcurl citizens |
| until release. |
| |
| The work with supporting these new protocols was sponsored by |
| networking4all.com - thanks! |
| |
| Daniel Stenberg (10 Dec 2009) |
| - Siegfried Gyuricsko found out that the curl manual said --retry would retry |
| on FTP errors in the transient 5xx range. Transient FTP errors are in the |
| 4xx range. The code itself only tried on 5xx errors that occured _at login_. |
| Now the retry code retries on all FTP transfer failures that ended with a |
| 4xx response. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2911279) |
| |
| - Constantine Sapuntzakis figured out a case which would lead to libcurl |
| accessing alredy freed memory and thus crash when using HTTPS (with |
| OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order |
| of cleaning things up. I fixed it. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2905220) |
| |
| Daniel Stenberg (7 Dec 2009) |
| - Martin Storsjo made libcurl use the Expect: 100-continue header for posts |
| with unknown size. Previously it was only used for posts with a known size |
| larger than 1024 bytes. |
| |
| Daniel Stenberg (1 Dec 2009) |
| - If the Expect: 100-continue header has been set by the application through |
| curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set |
| data->state.expect100header accordingly - the current code (in 7.19.7 at |
| least) doesn't handle this properly. Martin Storsjo provided the fix! |
| |
| Yang Tse (28 Nov 2009) |
| - Added Diffie-Hellman parameters to several test harness certificate files in |
| PEM format. Required by several stunnel versions used by our test harness. |
| |
| Daniel Stenberg (28 Nov 2009) |
| - Markus Koetter provided a polished and updated version of Chad Monroe's TFTP |
| rework patch that now integrates TFTP properly into libcurl so that it can |
| be used non-blocking with the multi interface and more. BLKSIZE also works. |
| |
| The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from |
| the command line. |
| |
| Daniel Stenberg (26 Nov 2009) |
| - Extended and fixed the change I did on Dec 11 for the the progress |
| meter/callback during FTP command/response sequences. It turned out it was |
| really lame before and now the progress meter SHOULD get called at least |
| once per second. |
| |
| Daniel Stenberg (23 Nov 2009) |
| - Bjorn Augustsson reported a bug which made curl not report any problems even |
| though it failed to write a very small download to disk (done in a single |
| fwrite call). It turned out to be because fwrite() returned success, but |
| there was insufficient error-checking for the fclose() call which tricked |
| curl to believe things were fine. |
| |
| Yang Tse (23 Nov 2009) |
| - David Byron modified Makefile.dist vc8 and vc9 targets in order to allow |
| finer granularity control when generating src and lib makefiles. |
| |
| Yang Tse (22 Nov 2009) |
| - I modified configure to force removal of the curlbuild.h file included in |
| distribution tarballs for use by non-configure systems. As intended, this |
| would get overwriten when doing in-tree builds. But VPATH builds would end |
| having two curlbuild.h files, one in the source tree and another in the |
| build tree. With the modification I introduced 5 Nov 2009 this could become |
| an issue when running libcurl's test suite. |
| |
| Daniel Stenberg (20 Nov 2009) |
| - Constantine Sapuntzakis identified a write after close, as the sockets were |
| closed by libcurl before the SSL lib were shutdown and they may write to its |
| socket. Detected to at least happen with OpenSSL builds. |
| |
| - Jad Chamcham pointed out a bug with connection re-use. If a connection had |
| CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the |
| same proxy with the tunnel option disabled would still wrongly re-use that |
| previous connection and the outcome would only be badness. |
| |
| Yang Tse (18 Nov 2009) |
| - I modified the memory tracking system to make it intolerant with zero sized |
| malloc(), calloc() and realloc() function calls. |
| |
| Daniel Stenberg (17 Nov 2009) |
| - Constantine Sapuntzakis provided another fix for the DNS cache that could |
| end up with entries that wouldn't time-out: |
| |
| 1. Set up a first web server that redirects (307) to a http://server:port |
| that's down |
| 2. Have curl connect to the first web server using curl multi |
| |
| After the curl_easy_cleanup call, there will be curl dns entries hanging |
| around with in_use != 0. |
| |
| (https://curl.haxx.se/bug/view.cgi?id=2891591) |
| |
| - Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into |
| its pkg-config file. So -Wl stuff ended up in the .pc file, which is really |
| bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in |
| PTXdist). bug #2893592 (https://curl.haxx.se/bug/view.cgi?id=2893592) |
| |
| Kamil Dudka (15 Nov 2009) |
| - David Byron improved the configure script to use pkg-config to find OpenSSL |
| (and in particular the list of required libraries) even if a path is given |
| as argument to --with-ssl |
| |
| Yang Tse (15 Nov 2009) |
| - I removed enable-thread / disable-thread configure option. These were only |
| placebo options. The library is always built as thread safe as possible on |
| every system. |
| |
| Claes Jakobsson (14 Nov 2009) |
| - curl-config now accepts '--configure' to see what arguments was |
| passed to the configure script when building curl. |
| |
| Daniel Stenberg (14 Nov 2009) |
| - Claes Jakobsson restored the configure functionality to detect NSS when |
| --with-nss is set but not "yes". |
| |
| I think we can still improve that to check for pkg-config in that path etc, |
| but at least this patch brings back the same functionality we had before. |
| |
| - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for |
| the client certificate. It also disable the key name test as some engines |
| can select a private key/cert automatically (When there is only one key |
| and/or certificate on the hardware device used by the engine) |
| |
| Yang Tse (14 Nov 2009) |
| - Constantine Sapuntzakis provided the fix that ensures that an SSL connection |
| won't be reused unless protection level for peer and host verification match. |
| |
| I refactored how preprocessor symbol _THREAD_SAFE definition is done. |
| |
| Kamil Dudka (12 Nov 2009) |
| - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly |
| closed NSPR descriptor. The issue was hard to find, reported several times |
| before and always closed unresolved. More info at the RH bug: |
| https://bugzilla.redhat.com/534176 |
| |
| - libcurl-NSS now tries to reconnect with TLS disabled in case it detects |
| a broken TLS server. However it does not happen if SSL version is selected |
| manually. The approach was originally taken from PSM. Kaspar Brand helped me |
| to complete the patch. Original bug reports: |
| https://bugzilla.redhat.com/525496 |
| https://bugzilla.redhat.com/527771 |
| |
| Yang Tse (12 Nov 2009) |
| - I modified configure script to make the getaddrinfo function check also |
| verify if the function is thread safe. |
| |
| Yang Tse (11 Nov 2009) |
| - Marco Maggi reported that compilation failed when configured --with-gssapi |
| and GNU GSS installed due to a missing mutual exclusion of header files in |
| the Kerberos 5 code path. He also verified that my patch worked for him. |
| |
| Daniel Stenberg (11 Nov 2009) |
| - Constantine Sapuntzakis posted bug #2891595 |
| (https://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry |
| in the DNS cache would linger too long if the request that added it was in |
| use that long. He also provided the patch that now makes libcurl capable of |
| still doing a request while the DNS hash entry may get timed out. |
| |
| - Christian Schmitz noticed that the progress meter/callback was not properly |
| used during the FTP connection phase (after the actual TCP connect), while |
| it of course should be. I also made the speed check get called correctly so |
| that really slow servers will trigger that properly too. |
| |
| Kamil Dudka (5 Nov 2009) |
| - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works |
| in non-blocking mode. |
| |
| Yang Tse (5 Nov 2009) |
| - I removed leading 'curl' path on the 'curlbuild.h' include statement in |
| curl.h, adjusting auto-makefiles include path, to enhance portability to |
| OS's without an orthogonal directory tree structure such as OS/400. |
| |
| Daniel Stenberg (4 Nov 2009) |
| - I fixed several problems with the transfer progress meter. It showed the |
| wrong percentage for small files, most notable for <1000 bytes and could |
| easily end up showing more than 100% at the end. It also didn't show any |
| percentage, transfer size or estimated transfer times when transferring |
| less than 100 bytes. |
| |
| Version 7.19.7 (4 November 2009) |
| |
| Daniel Stenberg (2 Nov 2009) |
| - As reported independent by both Stan van de Burgt and Didier Brisebourg, |
| CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when |
| getting data from ldap! |
| |
| Daniel Stenberg (31 Oct 2009) |
| - Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the |
| download was 0 bytes, as libcurl would then return the size as unknown (-1) |
| and not 0. I wrote a fix and test case 566 to verify it. |
| |
| Daniel Stenberg (30 Oct 2009) |
| - Liza Alenchery mentioned a problem with re-used SCP connection when a bad |
| auth is used, as it caused a crash. I failed to repeat the issue, but still |
| made a change that now forces the TCP connection used for a freed SCP |
| session to get closed and not be re-used. |
| |
| - "Tom" posted a bug report that mentioned how libcurl did wrong when doing a |
| POST using a read callback, with Digest authentication and |
| "Transfer-Encoding: chunked" enforced. I would then cause the first request |
| to be wrongly sent and then basically hang until the server closed the |
| connection. I fixed the problem and added test case 565 to verify it. |
| |
| Daniel Stenberg (25 Oct 2009) |
| - Dima Barsky made the curl cookie parser accept cookies even with blank or |
| unparsable expiry dates and then treat them as session cookies - previously |
| libcurl would reject cookies with a date format it couldn't parse. Research |
| shows that the major browser treat such cookies as session cookies. I |
| modified test 8 and 31 to verify this. |
| |
| Daniel Stenberg (21 Oct 2009) |
| - Attempt to use pkg-config for finding out libssh2 installation details |
| during configure. |
| |
| - A patch in bug report #2883177 (https://curl.haxx.se/bug/view.cgi?id=2883177) |
| by Johan van Selst introduced the --crlfile option to curl, which makes curl |
| tell libcurl about a file with CRL (certificate revocation list) data to |
| read. |
| |
| Daniel Stenberg (18 Oct 2009) |
| - Ray Dassen provided a patch in Debian's bug tracker (bug number #551461) |
| that now makes curl_getdate(3) actually handles RFC 822 formatted dates that |
| use the "single letter military timezones". |
| http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details. |
| |
| - Fixed memory leak in the SCP/SFTP code as it never freed the knownhosts |
| data! |
| |
| - John Dennis filed bug report #2873666 |
| (https://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem |
| which made libcurl loop infinitely when given incorrect credentials when |
| using HTTP GSS negotiate authentication. He also provided a small and simple |
| patch for it. |
| |
| - Kevin Baughman found a double close() problem with libcurl-NSS, as when |
| libcurl called NSS to close the SSL "session" it also closed the actual |
| socket. |
| |
| Yang Tse (17 Oct 2009) |
| - Bug report #2866724 indicated |
| (https://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed |
| when writing files whose file names originally contained characters which |
| are not valid for file names on Windows. Dan Fandrich provided an initial |
| patch and another revised one to fix this issue. |
| |
| Daniel Stenberg (1 Oct 2009) |
| - Tom Mueller correctly reported in bug report #2870221 |
| (https://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an |
| incorrect return code from the internal trynextip() function which caused |
| him grief. This is a regression that was introduced in 7.19.1 and I find it |
| strange it hasn't hit us harder, but I won't persue into figuring out |
| exactly why. |
| |
| - Constantine Sapuntzakis: The current implementation will always set |
| SO_SNDBUF to CURL_WRITE_SIZE even if the SO_SNDBUF starts out larger. The |
| patch doesn't do a setsockopt if SO_SNDBUF is already greater than |
| CURL_WRITE_SIZE. This should help folks who have set up their computer with |
| large send buffers. |
| |
| Daniel Stenberg (27 Sep 2009) |
| - I introduced a maximum limit for received HTTP headers. It is controlled by |
| the define CURL_MAX_HTTP_HEADER which is even exposed in the public header |
| file to allow for users to fairly easy rebuild libcurl with a modified |
| limit. The rationale for a fixed limit is that libcurl is realloc()ing a |
| buffer to be able to put a full header into it, so that it can call the |
| header callback with the entire header, but that also risk getting it into |
| trouble if a server by mistake or willingly sends a header that is more or |
| less without an end. The limit is set to 100K. |
| |
| Daniel Stenberg (26 Sep 2009) |
| - John P. McCaskey posted a bug report that showed how libcurl did wrong when |
| saving received cookies with no given path, if the path in the request had a |
| query part. That is means a question mark (?) and characters on the right |
| side of that. I wrote test case 1105 and fixed this problem. |
| |
| Kamil Dudka (26 Sep 2009) |
| - Implemented a protocol independent way to specify blocking direction, used by |
| transfer.c for blocking. It is currently used only by SCP and SFTP protocols. |
| This enhancement resolves an issue with 100% CPU usage during SFTP upload, |
| reported by Vourhey. |
| |
| Daniel Stenberg (25 Sep 2009) |
| - Chris Mumford filed bug report #2861587 |
| (https://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used |
| the OpenSSL function X509_load_crl_file() wrongly and failed if it would |
| load a CRL file with more than one certificate within. This is now fixed. |
| |
| Daniel Stenberg (16 Sep 2009) |
| - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- |
| powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name |
| field in the certficate it had to match and so even if non-DNS and non-IP |
| entry was present it caused the verification to fail. |
| |
| Daniel Fandrich (15 Sep 2009) |
| - Moved the libssh2 checks after the SSL library checks. This helps when |
| statically linking since libssh2 needs the SSL library link flags to be |
| set up already to satisfy its dependencies. This wouldn't be necessary if |
| the libssh2 configure check was changed to use pkg-config since the |
| --static flag would add the dependencies automatically. |
| |
| Yang Tse (14 Sep 2009) |
| - Revert Joshua Kwan's patch committed 11 Sep 2009. |
| |
| Some systems poll function sets POLLHUP in revents without setting |
| POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some |
| libcurl code execution paths this could trigger busy wait loops with |
| high CPU usage until a timeout condition aborted the loop. |
| |
| The reverted patch addressed the above issue for a very specific case, |
| when awaiting c-ares to resolve. A libcurl-wide fix for Curl_poll now |
| superceeds this one. |
| |
| Guenter Knauf (11 Sep 2009) |
| - Joshua Kwan provided a patch to pass POLLERR / POLLHUP back to c-ares. |
| This fixes a loop problem with high CPU usage. |
| |
| Daniel Stenberg (10 Sep 2009) |
| - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch |
| start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 |
| which internally then is treated as a session cookie. That particular date |
| is now made to get the value of 1. |
| |
| Daniel Stenberg (2 Sep 2009) |
| - Daniel Johnson found a flaw in the code converting sftp-errors to libcurl |
| errors. |
| |
| Daniel Stenberg (1 Sep 2009) |
| - Peter Sylvester made a debug feature for Curl_resolv() that now will force |
| libcurl to resolve 'localhost' whatever name you use in the URL *if* you set |
| the --interface option to (exactly) "LocalHost". This will enable us to |
| write tests for custom hosts names but still use a local host server. |
| |
| - configure now tries to use pkg-config for a number of sub-dependencies even |
| when cross-compiling. The key to success is then you properly setup |
| PKG_CONFIG_PATH before invoking configure. |
| |
| I also improved how NSS is detected by trying nss-config if pkg-config isn't |
| present, and as a last resort just use the lib name and force the user to |
| setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would |
| add a range of various libs that would almost never be quite correct. |
| |
| Daniel Stenberg (31 Aug 2009) |
| - When using the multi interface with FTP and you asked for NOBODY, you did no |
| QUOTE commands and the request used the same path as the connection had |
| already changed to, it would decide that no commands would be necessary for |
| the "DO" action and that was not handled properly but libcurl would instead |
| hang. |
| |
| Kamil Dudka (28 Aug 2009) |
| - Improved error message for not matching certificate subject name in |
| libcurl-NSS. Originally reported at: |
| https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9 |
| |
| Patrick Monnerat (24 Aug 2009) |
| - Introduced a SYST-based test to properly set-up name format when dealing |
| with the OS/400 FTP server. |
| |
| - Fixed an ftp_readresp() bug preventing detection of failing control socket |
| and causing FTP client to loop forever. |
| |
| Daniel Stenberg (24 Aug 2009) |
| - Marc de Bruin pointed out that configure --with-gnutls=PATH didn't work |
| properly and provided a fix. https://curl.haxx.se/bug/view.cgi?id=2843008 |
| |
| - Eric Wong introduced support for the new option -T. (dot) that makes curl |
| read stdin in a non-blocking fashion. This also brings back -T- (minus) to |
| the previous blocking behavior since it could break stuff for people at |
| times. |
| |
| Michal Marek (21 Aug 2009) |
| - With CURLOPT_PROXY_TRANSFER_MODE, avoid sending invalid URLs like |
| ftp://example.com;type=i if the user specified ftp://example.com without the |
| slash. |
| |
| Daniel Stenberg (21 Aug 2009) |
| - Andre Guibert de Bruet pointed out a missing return code check for a |
| strdup() that could lead to segfault if it returned NULL. I extended his |
| suggest patch to now have Curl_retry_request() return a regular return code |
| and better check that. |
| |
| - Lots of good work by Krister Johansen, mostly related to pipelining: |
| |
| Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks |
| Fix data corruption issue with re-connected transfers |
| Fix use after free if we're completed but easy_conn not NULL |
| |
| Kamil Dudka (13 Aug 2009) |
| - Changed NSS code to not ignore the value of ssl.verifyhost and produce more |
| verbose error messages. Originally reported at: |
| https://bugzilla.redhat.com/show_bug.cgi?id=516056 |
| |
| Daniel Stenberg (12 Aug 2009) |
| - Karl Moerder fixed the Makefile.vc* makefiles to include the new file |
| nonblock.c so that they work fine again |
| |
| - I expanded test 517 with a bunch of more dates that originate from the |
| Chrome browser test suite. It turns out most of them get parsed the same |
| way. |
| |
| Version 7.19.6 (12 August 2009) |
| |
| Daniel Stenberg (12 Aug 2009) |
| - Carsten Lange reported a bug and provided a patch for TFTP upload and the |
| sending of the TSIZE option. I don't like fixing bugs just hours before |
| a release, but since it was broken and the patch fixes this for him I decided |
| to get it in anyway. |
| |
| Daniel Stenberg (11 Aug 2009) |
| - Peter Sylvester made the HTTPS test server use specific certificates for |
| each test, so that the test suite can now be used to actually test the |
| verification of cert names etc. This made an error show up in the OpenSSL- |
| specific code where it would attempt to match the CN field even if a |
| subjectAltName exists that doesn't match. This is now fixed and verified |
| in test 311. |
| |
| - Benbuck Nason posted the bug report #2835196 |
| (https://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler |
| warnings when mixing ints and bools. |
| |
| Daniel Fandrich (10 Aug 2009) |
| - Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. |
| |
| Daniel Fandrich (9 Aug 2009) |
| - Fixed some memory leaks in the command-line tool that caused most of the |
| torture tests to fail. |
| |
| Daniel Stenberg (2 Aug 2009) |
| - Curt Bogmine reported a problem with SNI enabled on a particular server. We |
| should introduce an option to disable SNI, but as we're in feature freeze |
| now I've addressed the obvious bug here (pointed out by Peter Sylvester): we |
| shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. |
| Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular |
| option for SNI, or are we simply not using it? |
| |
| Daniel Stenberg (1 Aug 2009) |
| - Scott Cantor posted the bug report #2829955 |
| (https://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert |
| verification flaw found and exploited by Moxie Marlinspike. The presentation |
| he did at Black Hat is available here: |
| https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike |
| |
| Apparently at least one CA allowed a subjectAltName or CN that contain a |
| zero byte, and thus clients that assumed they would never have zero bytes |
| were exploited to OK a certificate that didn't actually match the site. Like |
| if the name in the cert was "example.com\0theatualsite.com", libcurl would |
| happily verify that cert for example.com. |
| |
| libcurl now better uses the length of the extracted name, not using the zero |
| termination for getting the string length. |
| |
| This fixing only made and needed in OpenSSL interfacing code. |
| |
| - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present |
| only in some OpenSSL installs - like on Windows) isn't thread-safe and we |
| agreed that moving it to the global_init() function is a decent way to deal |
| with this situation. |
| |
| - Alexander Beedie provided the patch for a noproxy problem: If I have set |
| CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually |
| could still end up using a proxy if a proxy environment variable was set. |
| |
| Daniel Stenberg (27 Jul 2009) |
| - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and |
| CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to |
| send when using FTP, as a sign that libcurl shall simply ignore the response |
| from the server instead of treating it as an error. Not treating a 400+ FTP |
| response code as an error means that failed commands will not abort the |
| chain of commands, nor will they cause the connection to get disconnected. |
| |
| Daniel Stenberg (26 Jul 2009) |
| - Johan van Selst posted bug report #2825989 |
| (https://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that |
| OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and |
| provided the solution too: to use OpenSSL_add_all_algorithms() in addition |
| to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in |
| OpenSSL 0.9.5 |
| |
| Daniel Stenberg (23 Jul 2009) |
| - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. |
| They introduce known_host support for SSH keys to libcurl. See docs for |
| details. Note that this feature depends on a new enough libssh2 version, to |
| be supported in libssh2 1.2 and later (or current git repo at this time). |
| |
| Michal Marek (22 Jul 2009) |
| - David Binderman found a memory and fd leak in lib/gtls.c:load_file() |
| (https://bugzilla.novell.com/523919). When looking at the code, I found that |
| also the ptr pointer can leak. |
| |
| Kamil Dudka (20 Jul 2009) |
| - Claes Jakobsson improved the support for client certificates handling in |
| NSS-powered libcurl. Now the client certificates can be selected |
| automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 |
| slots is no more performed. It used to cause problems with HW tokens. |
| |
| - Fixed reference counting for NSS client certificates. Now the PEM reader |
| module should be always properly unloaded on Curl_nss_cleanup(). If the |
| unload fails though, libcurl will try to reuse the already loaded instance. |
| |
| Daniel Fandrich (15 Jul 2009) |
| - Added nonblock.c to the non-automake makefiles (note that the dependencies |
| in the Watcom makefiles aren't quite correct). |
| |
| Michal Marek (15 Jul 2009) |
| - Changed the description of CURLINFO_OS_ERRNO to make it clear that the |
| errno is not reset on success. |
| |
| Guenter Knauf (14 Jul 2009) |
| - renamed generated config.h to curl_config.h to avoid any future clashes |
| with config.h from other projects. |
| |
| Daniel Stenberg (9 Jul 2009) |
| - Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for |
| setting a file descriptor non-blocking. Used by the functionality Eric |
| himself brough on June 15th. |
| |
| Daniel Stenberg (8 Jul 2009) |
| - Constantine Sapuntzakis posted bug report #2813123 |
| (https://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the |
| problem: |
| |
| Url A is accessed using auth. Url A redirects to Url B (on a different |
| server0. Url B reuses a persistent connection. Url B has auth, even though |
| it's on a different server. |
| |
| Note: if Url B does not reuse a persistent connection, auth is not sent. |
| |
| reason: |
| |
| data->state.first_host is not initialized becuase Curl_http_connect is not |
| called when a connection is reused. |
| |
| Solution: |
| |
| move initialization of data->state.first_host to Curl_http. No code before |
| Curl_http uses data->state.first_host anyway. |
| |
| Guenter Knauf (4 Jul 2009) |
| - Markus Koetter provided a patch to avoid getnameinfo() usage which broke a |
| couple of both IPv4 and IPv6 autobuilds. |
| |
| Daniel Stenberg (29 Jun 2009) |
| - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port |
| range if given colon-separated after the host name/address part. Like |
| "192.168.0.1:2000-10000" |
| |
| - Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I |
| don't know how they got wrong in the first place, but using this output |
| format makes it possible to quite easily separate the string into an array |
| of multiple items. |
| |
| Daniel Fandrich (16 June 2009) |
| - Added a few more compiler warning options for gcc. |
| |
| Daniel Stenberg (16 Jun 2009) |
| - Reuven Wachtfogel made curl -o - properly produce a binary output on windows |
| (no newline translations). Use -B/--use-ascii if you rather get the ascii |
| approach. |
| |
| Michal Marek (16 Jun 2009) |
| - When doing non-anonymous ftp via http proxies and the password is not |
| provided in the url, add it there (squid needs this). |
| |
| Daniel Stenberg (15 Jun 2009) |
| - Eric Wong's patch: |
| |
| This allows curl(1) to be used as a client-side tunnel for arbitrary stream |
| protocols by abusing chunked transfer encoding in both the HTTP request and |
| HTTP response. This requires server support for sending a response while a |
| request is still being read, of course. |
| |
| If attempting to read from stdin returns EAGAIN, then we pause our sender. |
| This leaves curl to attempt to read from the socket while reading from stdin |
| (and thus sending) is paused. |
| |
| This change was needed to allow successfully tunneling the git protocol over |
| HTTP (--no-buffer is needed, as well). |
| |
| Patrick Monnerat (15 Jun 2009) |
| - Replaced use of standard C library rand()/srand() by our own pseudo-random |
| number generator. |
| |
| Yang Tse (11 Jun 2009) |
| - I adapted testcurl script to allow building test harness programs when |
| cross-compiling for a *-*-mingw* host. |
| |
| Daniel Stenberg (10 Jun 2009) |
| - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and |
| contributed a range of patches to fix them. |
| |
| Yang Tse (10 Jun 2009) |
| - I introduced configure script option --enable-curldebug which now allows |
| the decoupled enabling or disabling of the curl debug memory tracking |
| feature from the --enable-debug option which no longer controls this. |
| |
| curl --version will list 'Debug' feature for debug enabled builds, and |
| will list 'TrackMemory' feature for curl debug memory tracking capable |
| builds. These features are independent and can be controlled when running |
| the configure script. When --enable-debug is given both features will be |
| enabled, unless some restriction prevents memory tracking from being used. |
| |
| Internally, definition of preprocessor symbol DEBUGBUILD restricts code |
| which is only compiled for debug enabled builds. And symbol CURLDEBUG is |
| used to differentiate code which is _only_ used for memory tracking. |
| |
| Yang Tse (9 Jun 2009) |
| - Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not |
| initializing the fread callback pointer and this triggered a compiler |
| warning, also provided a friendly suggestion on how to fix it. |
| |
| Daniel Stenberg (8 Jun 2009) |
| - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount |
| issue with client certs that caused issues like segfaults. |
| https://curl.haxx.se/mail/lib-2009-05/0316.html |
| |
| - Triggered by bug report #2798852 and the patch in there, I fixed configure |
| to detect gnutls build options with pkg-config only and not libgnutls-config |
| anymore since GnuTLS has stopped distributing that tool. If an explicit path |
| is given to configure, we will instead guess on how to link and use that |
| lib. I did not use the patch from the bug report. |
| |
| Yang Tse (8 Jun 2009) |
| - Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers |
| included from Makefile.inc, and provided docs\INSTALL VxWorks section. |
| |
| - I removed buildconf.bat from release and daily snapshot archives. This |
| file is only for CVS tree checkout builds. |
| |
| Daniel Stenberg (8 Jun 2009) |
| - Eric Wong fixed --no-buffer to actually switch off output buffering. Been |
| broken since 7.19.0 |
| |
| Bill Hoffman (6 Jun 2009) |
| - Added some cmake docs and fixed socklen_t in the build. |
| |
| Yang Tse (5 Jun 2009) |
| - John E. Malmberg provided VMS specific patch: "This fixes an existing bug |
| in urlglob.c where it was not converting the Curl Unix exit code to a VMS |
| DCL compatible exit code. This fix required the enhancement described next. |
| This also adds an enhancement to main.c so that when curl is run under a |
| Unix shell like Bash on VMS, it will return the standard Unix exit codes |
| and messages." And another patch for docs/examples. |
| |
| I introduced os-specific.c and os-specific.h for use in curl tool code |
| and adjusted John E. Malmberg's patch placement to use these new files |
| as an effort to prevent main.c from growing ad infinitum. Code already |
| existing in main.c which is OS specific should be moved into these files. |
| |
| Daniel Stenberg (4 June 2009) |
| - Setting the Content-Length: header from your app when you do a POST or PUT |
| is almost always a VERY BAD IDEA. Yet there are still apps out there doing |
| this, and now recently it triggered a bug/side-effect in libcurl as when |
| libcurl sends a POST or PUT with NTLM, it sends an empty post first when it |
| knows it will just get a 401/407 back. If the app then replaced the |
| Content-Length header, it caused the server to wait for input that libcurl |
| wouldn't send. Aaron Oneal reported this problem in bug report #2799008 |
| (https://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. |
| |
| Yang Tse (4 Jun 2009) |
| - Igor Novoseltsev provided patches and information, that after some |
| adjustments to better fit curl's way of doing things, have resulted |
| in the posibility of building libcurl for VxWorks. |
| |
| Daniel Fandrich (2 June 2009) |
| - Checked in a Google Android make file. To use it, you must first |
| create a config.h file by running configure in the Android environment, |
| which doesn't seem to be easy to do. If no easy way can be found, a |
| static config-android.h may need to be created and checked in to the |
| libcurl source tree. |
| |
| Daniel Stenberg (1 June 2009) |
| - Claes Jakobsson fixed the configure script to better find and use NSS |
| without pkg-config. |
| |
| Yang Tse (1 Jun 2009) |
| - John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed |
| out that the configure script was failing to detect the timeval struct on |
| VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition |
| taking place in socket.h instead of time.h. I have adjusted configure |
| script to also include this header when checking struct timeval. |
| |
| Daniel Stenberg (27 May 2009) |
| - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile |
| fine with Nokia 5th edition 1.0 SDK for Symbian. |
| |
| - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check |
| for a failure properly. |
| |
| - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear |
| the auth credentials back in 7.19.0 and earlier while now you have to set "" |
| to get the same effect. His patch brings back the ability to use NULL. |
| |
| - Claes Jakobsson fixed libcurl-NSS to build fine even without the |
| PK11_CreateGenericObject() function. |
| |
| Daniel Stenberg (25 May 2009) |
| - bug report #2796358 (https://curl.haxx.se/bug/view.cgi?id=2796358) pointed |
| out that the cookie parser would leak memory when it parses cookies that are |
| received with domain, path etc set multiple times in the same header. While |
| such a cookie is questionable, they occur in the wild and libcurl no longer |
| leaks memory for them. I added such a header to test case 8. |
| |
| Daniel Fandrich (22 May 2009) |
| - Removed some obsolete digest code that caused a valgrind error in test 551. |
| |
| Daniel Fandrich (20 May 2009) |
| - Added "non-existing host" test keywords to make it easy to skip those |
| tests on machines that have broken DNS configurations (such as |
| those configured to use OpenDNS). |
| |
| Daniel Stenberg (19 May 2009) |
| - Kamil Dudka brought the patch from the Redhat bug entry |
| https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing |
| a bad file descriptor when closing down the FTP data connection. Caolan |
| McNamara seems to be the original author of it. |
| |
| Version 7.19.5 (18 May 2009) |
| |
| Daniel Stenberg (17 May 2009) |
| - James Bursa posted a patch to the mailing list that fixed a problem with |
| no_proxy which made it not skip the proxy if the URL entered contained a |
| user name. I added test case 1101 to verify. |
| |
| Daniel Stenberg (11 May 2009) |
| - Balint Szilakszi reported a memory leak when libcurl did gzip decompression |
| of streams that had some parts (legitimately) missing. We now provide and use |
| a proper cleanup function for the content encoding submodule. |
| https://curl.haxx.se/mail/lib-2009-05/0092.html |
| |
| - Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth |
| at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12 |
| |
| If an incorrect password is given while loading a private key, libcurl ends |
| up in an infinite loop consuming memory. The bug is critical. |
| |
| - I fixed the problem with doing NTLM, POST and then following a 302 redirect, |
| as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on |
| curl-library). The transfer was mistakenly marked to get more data to send |
| but since it didn't actually have that, it just hung there... |
| |
| Daniel Stenberg (10 May 2009) |
| - Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted |
| byte in the digest code. |
| |
| Yang Tse (9 May 2009) |
| - Removed DOS and TPF package's subdirectory Makefile.am, it was only used |
| to include some files in the distribution tarball serving no other purpose. |
| Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST |
| of the Makefile in the parent subdirectory. |
| |
| Yang Tse (8 May 2009) |
| - Changed host name literal in several tests to one under the haxx.se domain. |
| |
| - Renamed vc6 workspace and project files to avoid filename clash when used |
| for conversion to later VS versions. |
| |
| Daniel Stenberg (8 May 2009) |
| - Constantine Sapuntzakis fixed bug report #2784055 |
| (https://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to |
| connect to SOCKS proxies when using the multi interface. It turned out to |
| almost not work at all previously. We need to wait for the TCP connect to |
| be properly verified before doing the SOCKS magic. |
| |
| There's still a flaw in the FTP code for this. |
| |
| Daniel Stenberg (7 May 2009) |
| - Made the SO_SNDBUF setting for the data connection socket for ftp uploads as |
| well. See change 28 Apr 2009. |
| |
| Yang Tse (7 May 2009) |
| - Fixed an issue affecting FTP transfers, introduced with the transfer.c |
| patch committed May 4. |
| |
| Daniel Stenberg (7 May 2009) |
| - Man page *roff problems fixed thanks to input from Colin Watson. Problems |
| reported in the Debian package. |
| |
| - Vijay G filed bug report #2723236 |
| (https://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with |
| libcurl's TFTP code and its lack of dealing with the OACK packet. |
| |
| Yang Tse (5 May 2009) |
| - Fixed the --ftp-port address of test #251 to the CLIENTIP address, and |
| reverted the change affecting test suite harness committed 4 May. |
| |
| Daniel Stenberg (5 May 2009) |
| - Inspired by Michael Smith's session id fix for OpenSSL, I did the |
| corresponding fix in the GnuTLS code: make sure to store the new session id |
| in case the previous re-used one is rejected. |
| |
| Daniel Stenberg (4 May 2009) |
| - Michael Smith posted bug report #2786255 |
| (https://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how |
| libcurl did not deal with SSL session ids properly if the server rejected a |
| re-use of one. Starting now, it will forget the rejected one and remember |
| the new. This change was for OpenSSL only, it is likely that other SSL lib |
| code needs similar fixes. |
| |
| Yang Tse (4 May 2009) |
| - Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and |
| non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems: |
| 1) On non-ASCII platforms not all of the protocol portions of the PUT are |
| being translated to ASCII. 2) On all platforms the line endings of part of |
| the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or |
| data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV). |
| |
| - Applied David McCreedy's patch to fix test suite harness to allow test FTP |
| server and client on different machines, providing FTP client address when |
| running the FTP test server. |
| |
| Daniel Fandrich (3 May 2009) |
| - Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug |
| report failed to mention that a proxy must be used to reproduce it. |
| |
| Yang Tse (2 May 2009) |
| - Use a build-time configured curl_socklen_t data type instead of socklen_t. |
| |
| Yang Tse (1 May 2009) |
| - Applied David McCreedy's patches "TPF-platform specific changes to various |
| files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the |
| former with minor edits. |
| |
| Daniel Stenberg (30 Apr 2009) |
| - I was going to fix issue #59 in KNOWN_BUGS |
| |
| If the CURLOPT_PORT option is used on an FTP URL like |
| "ftp://example.com/file;type=A" the ";type=A" is stripped off. |
| |
| I added test case 562 to verify, only to find out that I couldn't repeat |
| this bug so I hereby consider it not a bug anymore! |
| |
| Daniel Stenberg (29 Apr 2009) |
| - Based on bug report #2723219 (https://curl.haxx.se/bug/view.cgi?id=2723219) |
| I've now made TFTP "connections" not being kept for re-use within libcurl. |
| TFTP is UDP-based so the benefit was really low (if even existing) to begin |
| with so instead of tracking down to fix this problem we instead removed the |
| re-use. I also enabled test case 1099 that I wrote a few days ago to verify |
| that this change fixes the reported problem. |
| |
| Daniel Stenberg (28 Apr 2009) |
| - Constantine Sapuntzakis filed bug report #2783090 |
| (https://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows |
| we need to grow the SO_SNDBUF buffer somewhat to get really good upload |
| speeds. https://support.microsoft.com/kb/823764 has the details. Friends |
| confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough. |
| |
| - Bug report #2709004 (https://curl.haxx.se/bug/view.cgi?id=2709004) by Tim |
| Chen pointed out how curl couldn't upload with resume when reading from a |
| pipe. |
| |
| This ended up with the introduction of a new return code for the |
| CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but |
| that libcurl may try to resolve the situation anyway. In our case this means |
| libcurl will attempt to instead read that much data from the stream instead |
| of seeking and that way curl can now upload with resume when data is read |
| from a stream! |
| |
| Daniel Stenberg (26 Apr 2009) |
| - Bug report #2779733 (https://curl.haxx.se/bug/view.cgi?id=2779733) by Sven |
| Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi |
| interface and provided a patch that fixed the problem! |
| |
| Daniel Stenberg (24 Apr 2009) |
| - Kamil Dudka fixed another NSS-related leak when client certs were used. |
| |
| - Bug report #2779245 (https://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer |
| Koenig pointed out that the man page didn't tell that the *_proxy |
| environment variables can be specified lower case or UPPER CASE and the |
| lower case takes precedence, |
| |
| Daniel Fandrich (21 Apr 2009) |
| - Added new libcurl source files to Amiga, RiscOS and VC6 build files. |
| |
| Yang Tse (21 Apr 2009) |
| - Moved potential inclusion of system's malloc.h and memory.h header files to |
| setup_once.h. Inclusion of each header file is based on the definition of |
| NEED_MALLOC_H and NEED_MEMORY_H respectively. |
| |
| Renamed libcurl's memory.h to curl_memory.h |
| |
| Daniel Stenberg (20 Apr 2009) |
| - Leanic Lefever reported a crash and did some detailed research on why and |
| how it occurs (https://curl.haxx.se/mail/lib-2009-04/0289.html). The |
| conclusion was that if an error is detected and Curl_done() is called for |
| the connection, ftp_done() could at times return another error code that |
| then would take precedence and that new code confused existing logic that |
| works for the first error code (CURLE_SEND_ERROR) only. |
| |
| - Gisle Vanem noticed that --libtool would produce bogus strings at times for |
| OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - |
| within the app for setting plain string options to avoid the risk of this |
| mistake happening. |
| |
| Daniel Stenberg (17 Apr 2009) |
| - Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP |
| proxy. libcurl would then wrongly close the connection after each |
| request. In his case it had the weird side-effect that it killed NTLM auth |
| for the proxy causing an inifinite loop! |
| |
| I added test case 1098 to verify this fix. The test case does however not |
| properly verify that the transfers are done persistently - as I couldn't |
| think of a clever way to achieve it right now - but you need to read the |
| stderr output after a test run to see that it truly did the right thing. |
| |
| Daniel Stenberg (13 Apr 2009) |
| - bug report #2727981 (https://curl.haxx.se/bug/view.cgi?id=2727981) by Martin |
| Storsjö pointed out how setting CURLOPT_NOBODY to 0 could be downright |
| confusing as it set the method to either GET or HEAD. The example he showed |
| looked like: |
| |
| curl_easy_setopt(curl, CURLOPT_PUT, 1); |
| curl_easy_setopt(curl, CURLOPT_NOBODY, 0); |
| |
| The new way doesn't alter the method until the request is about to start. If |
| CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is |
| 0 and the request happens to have been set to HEAD, it will then instead be |
| set to GET. I believe this will be less surprising to users, and hopefully |
| not hit any existing users badly. |
| |
| - Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned |
| out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue |
| is found in Redhat's bug tracker: |
| https://bugzilla.redhat.com/show_bug.cgi?id=453612 |
| |
| There are still memory leaks present, but they seem to have other reasons. |
| |
| Daniel Fandrich (11 Apr 2009) |
| - Added new libcurl source files to Symbian OS build files. |
| - Improved Symbian support for SSL. |
| |
| Yang Tse (10 Apr 2009) |
| - Daniel Johnson improved the MacOSX-Framework shell script to now perform all |
| the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 |
| libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later. |
| |
| Yang Tse (8 Apr 2009) |
| - Removed Sun compilers preprocessor block from curlbuild.h.dist, this also |
| removes it from the curlbuild.h file originally distributed by the cURL |
| project as this file is intended for systems not capable of running the |
| configure script. For those who have been building curl out of the source |
| code curl distribution tarball provided by curl.haxx.se the change implies |
| nothing. Previous change in this area committed 2 Apr becomes irrelevant. |
| |
| Daniel Stenberg (6 Apr 2009) |
| - I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success |
| and 1 on fatal errors. Previously it only mentioned non-zero on fatal |
| errors. This is a slight change in meaning, but it follows what we've done |
| elsewhere before and it opens up for LOTS of more useful return codes |
| whenever we can think of them... |
| |
| Yang Tse (2 Apr 2009) |
| - Fix curl_off_t definition for builds done using Sun compilers and a |
| non-configured libcurl. In this case curl_off_t data type was gated |
| to the off_t data type which depends on the _FILE_OFFSET_BITS. This |
| configuration is exactly the unwanted configuration for our curl_off_t |
| data type which must not depend on such setting. This breaks ABI for |
| libcurl libraries built with Sun compilers which were built without |
| having run the configure script with _FILE_OFFSET_BITS different than |
| 64 and using the ILP32 data model. |
| |
| Daniel Stenberg (1 Apr 2009) |
| - Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a |
| strdup() call failed. |
| |
| Daniel Fandrich (31 Mar 2009) |
| - Properly return an error code in curl_easy_recv (reported by Jim Freeman). |
| |
| Daniel Stenberg (18 Mar 2009) |
| - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when |
| NSS is used. These ciphers were added in NSS 3.4 and require to be enabled |
| explicitly. |
| |
| Daniel Stenberg (13 Mar 2009) |
| - Use libssh2_version() to present the libssh2 version in case the libssh2 |
| library is found to support it. |
| |
| Yang Tse (12 Mar 2009) |
| - Added missing Curl_read() return code checking in TELNET transfers. |
| |
| - Pierre Brico found and fixed TELNET transfers not being aborted upon |
| a write callback failure. |
| |
| Daniel Stenberg (11 Mar 2009) |
| - Kamil Dudka made the curl tool properly call curl_global_init() before any |
| other libcurl function. |
| |
| Yang Tse (11 Mar 2009) |
| - Added missing TELNET timeout support for Windows builds. This issue was |
| reported by Pierre Brico. |
| |
| Daniel Stenberg (9 Mar 2009) |
| - Frank Hempel found out a bug and provided the fix: |
| |
| curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE |
| option. It only enabled the cookie engine in the destination handle if |
| data->cookies is not NULL (where data is the source handle). In case of a |
| newly initialized handle which just had the cookie support enabled by a |
| curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was |
| still NULL because the setopt-call only appends the value to |
| data->change.cookielist, hence duplicating this handle would not have the |
| cookie engine switched on. |
| |
| We also concluded that the slist-functionality would be suitable for being |
| put in its own module rather than simply hanging out in lib/sendf.c so I |
| created lib/slist.[ch] for them. |
| |
| - Andreas Farber made the 'buildconf' script check for the presence of m4 |
| scripts to make it detect a bad checkout earlier. People with older |
| checkouts who don't do cvs update with the -d option won't get the new dirs |
| and then will get funny outputs that can be a bit hard to understand and |
| fix. |
| |
| Daniel Stenberg (8 Mar 2009) |
| - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the |
| allocation of the memory BIO was not being properly checked. |
| |
| - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places |
| in the gnutls code where we were checking for negative values for errors, |
| when the man pages state that GNUTLS_E_SUCCESS is returned on success and |
| other values indicate error conditions. |
| |
| - Bill Egert pointed out (https://curl.haxx.se/bug/view.cgi?id=2671602) that |
| curl didn't use sprintf() in a way that is documented to work in POSIX but |
| since we use our own printf() code (from libcurl) that shouldn't be a |
| problem. Nonetheless I modified the code to not rely on such particular |
| features and to not cause further raised eyebrowse with no good reason. |
| |
| Daniel Fandrich (5 Mar 2009) |
| - Expanded the security section of the libcurl-tutorial man page to cover |
| more issues for authors to consider when writing robust libcurl-using |
| applications. |
| |
| Yang Tse (5 Mar 2009) |
| - Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This |
| issue was noticed by Chris Deidun. |
| |
| Daniel Fandrich (4 Mar 2009) |
| - Fixed a problem with m4 quoting in the OpenSSL configure check reported |
| by Daniel Johnson. |
| |
| Daniel Stenberg (3 Mar 2009) |
| - David James brought a patch that make libcurl close (all) dead connections |
| whenever you attempt to open a new connection. |
| |
| 1. After cleaning up a dead connection, "continue" instead of |
| returning FALSE. This ensures that we clean up all dead connections, |
| rather than just cleaning up the first dead connection. |
| 2. Move up the cleanup for dead connections so that it occurs for |
| all connections, rather than just the connections which have the same |
| preferences as our current new connection. |
| |
| Version 7.19.4 (3 March 2009) |
| |
| Daniel Stenberg (3 Mar 2009) |
| - David Kierznowski notified us about a security flaw |
| (https://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in |
| which previous libcurl versions (by design) can be tricked to access an |
| arbitrary local/different file instead of a remote one when |
| CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release |
| together this the addition of two new setopt options for controlling this |
| new behavior: |
| |
| o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to |
| follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option |
| excludes the FILE and SCP protocols and thus you nee to explicitly allow |
| them in your app if you really want that behavior. |
| |
| o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch |
| using the primary URL option. This is useful if you want to allow a user or |
| other outsiders control what URL to pass to libcurl and yet not allow all |
| protocols libcurl may have been built to support. |
| |
| Daniel Stenberg (27 Feb 2009) |
| - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and |
| CURLOPT_LOCALPORT were used together (the local port bind failed), and |
| Markus Koetter provided the fix! |
| |
| Daniel Stenberg (25 Feb 2009) |
| - As Daniel Fandrich figured out, we must do the GnuTLS initing in the |
| curl_global_init() function to properly maintain the performing functions |
| thread-safe. We've previously (28 April 2007) moved the init to a later time |
| just to avoid it to fail very early when libgcrypt dislikes the situation, |
| but that move was bad and the fix should rather be in libgcrypt or |
| elsewhere. |
| |
| Daniel Stenberg (24 Feb 2009) |
| - Brian J. Murrell found out that Negotiate proxy authentication didn't work. |
| It happened because the code used the struct for server-based auth all the |
| time for both proxy and server auth which of course was wrong. |
| |
| Daniel Stenberg (23 Feb 2009) |
| - After a bug reported by James Cheng I've made curl_easy_getinfo() for |
| CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return |
| -1 if the sizes aren't know. Previously these returned 0, make it impossible |
| to detect the difference between actually zero and unknown. |
| |
| Yang Tse (23 Feb 2009) |
| - Daniel Johnson provided a shell script that will perform all the steps needed |
| to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework |
| |
| Daniel Stenberg (23 Feb 2009) |
| - I renamed everything in the windows builds files that used the name 'curllib' |
| to the proper 'libcurl' as clearly this caused confusion. |
| |
| Yang Tse (20 Feb 2009) |
| - Do not halt compilation when using VS2008 to build a Windows 2000 target. |
| |
| Daniel Stenberg (20 Feb 2009) |
| - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with |
| FTP with the multi interface: when a transfer fails, like when aborted by a |
| write callback, the control connection was wrongly closed and thus not |
| re-used properly. |
| |
| This change is also an attempt to cleanup the code somewhat in this area, as |
| now the FTP code attempts to keep (better) track on pending responses |
| necessary to get read in ftp_done(). |
| |
| Daniel Stenberg (19 Feb 2009) |
| - Patrik Thunstrom reported a problem and helped me repeat it. It turned out |
| libcurl did a superfluous 1000ms wait when doing SFTP downloads! |
| |
| We read data with libssh2 while doing the "DO" operation for SFTP and then |
| when we were about to start getting data for the actual file part, the |
| "TRANSFER" part, we waited for socket action (in 1000ms) before doing a |
| libssh2-read. But in this case libssh2 had already read and buffered the |
| data so we ended up always just waiting 1000ms before we get working on the |
| data! |
| |
| Patrick Monnerat (18 Feb 2009) |
| - FTP downloads (i.e.: RETR) ending with code 550 now return error |
| CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. |
| |
| Daniel Stenberg (17 Feb 2009) |
| - Kamil Dudka made NSS-powered builds compile and run again! |
| |
| - A second follow-up change by Andre Guibert de Bruet to fix a related memory |
| leak like that fixed on the 14th. When zlib returns failure, we need to |
| cleanup properly before returning error. |
| |
| - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for |
| plain FTP connections, and it will then allow MKD to fail once and retry the |
| CWD afterwards. This is especially useful if you're doing many simultanoes |
| connections against the same server and they all have this option enabled, |
| as then CWD may first fail but then another connection does MKD before this |
| connection and thus MKD fails but trying CWD works! The numbers can |
| (should?) now be set with the convenience enums now called |
| CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. |
| |
| Tests has proven that if you're making an application that uploads a set of |
| files to an ftp server, you will get a noticable gain in speed if you're |
| using multiple connections and this option will be then be very useful. |
| |
| Daniel Stenberg (14 Feb 2009) |
| - Andre Guibert de Bruet found and fixed a memory leak in the content encoding |
| code, which could happen on libz errors. |
| |
| Daniel Fandrich (12 Feb 2009) |
| - Added support for Digest and NTLM authentication using GnuTLS. |
| |
| Daniel Stenberg (11 Feb 2009) |
| - CURLINFO_CONDITION_UNMET was added to allow an application to get to know if |
| the condition in the previous request was unmet. This is typically a time |
| condition set with CURLOPT_TIMECONDITION and was previously not possible to |
| reliably figure out. From bug report #2565128 |
| (https://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert. |
| |
| Daniel Fandrich (4 Feb 2009) |
| - Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS |
| (respectively) when --with-ssl=/usr is used (patch based on FreeBSD). |
| |
| - Added an explicit buffer limit check in msdosify() (patch based on FreeBSD). |
| This couldn't ever overflow in curl, but might if the code were used |
| elsewhere or under different conditions. |
| |
| Daniel Stenberg (3 Feb 2009) |
| - Hidemoto Nakada provided a small fix that makes it possible to get the |
| CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with |
| CURLOPT_NOBODY set true. |
| |
| Daniel Stenberg (2 Feb 2009) |
| - Patrick Scott found a rather large memory leak when using the multi |
| interface and setting CURLMOPT_MAXCONNECTS to something less than the number |
| of handles you add to the multi handle. All the connections that didn't fit |
| in the cache would not be properly disconnected nor freed! |
| |
| - Craig A West brought us: libcurl now defaults to do CONNECT with HTTP |
| version 1.1 instead of 1.0 like before. This change also introduces the new |
| proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to |
| switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 |
| option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. |
| |
| I updated all test cases cases that use CONNECT and I tried to do some using |
| --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run. |
| |
| Daniel Stenberg (31 Jan 2009) |
| - When building with c-ares 1.6.1 (not yet released) or later and IPv6 support |
| enabled, we can now take advantage of its brand new AF_UNSPEC support in |
| ares_gethostbyname(). This makes test case 241 finally run fine for me with |
| this setup since it now parses the "::1 ip6-localhost" line fine in my |
| /etc/hosts file! |
| |
| Daniel Stenberg (30 Jan 2009) |
| - Scott Cantor filed bug report #2550061 |
| (https://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to |
| properly make sure that the VC9 makefiles got included in the latest |
| release. I've now fixed the release script and verified it so next release |
| will hopefully include them properly! |
| |
| Daniel Fandrich (30 Jan 2009) |
| - Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for |
| reporting. |
| |
| Yang Tse (29 Jan 2009) |
| - Introduced curl_sspi.c and curl_sspi.h for the implementation of functions |
| Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were |
| named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c |
| Also adjusted socks_sspi.c to remove the link-time dependency on the Windows |
| SSPI library using it now in the same way as it was done in http_ntlm.c. |
| |
| Daniel Stenberg (28 Jan 2009) |
| - Markus Moeller introduced two new options to libcurl: |
| CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl |
| to do GSS-style authentication with SOCKS5 proxies. The curl tool got the |
| options called --socks5-gssapi-service and --socks5-gssapi-nec to enable |
| these. |
| |
| Daniel Stenberg (26 Jan 2009) |
| - Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app |
| to set desired block size to use for TFTP transfers instead of the default |
| 512 bytes. |
| |
| - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to |
| disable "rfc4507bis session ticket support". rfc4507bis was later turned |
| into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077 |
| |
| The enabled extension concerns the session management. I wonder how often |
| libcurl stops a connection and then resumes a TLS session. also, sending the |
| session data is some overhead. .I suggest that you just use your proposed |
| patch (which explicitly disables TICKET). |
| |
| If someone writes an application with libcurl and openssl who wants to |
| enable the feature, one can do this in the SSL callback. |
| |
| Sharad Gupta brought this to my attention. Peter Sylvester helped me decide |
| on the proper action. |
| |
| - Alexey Borzov filed bug report #2535504 |
| (https://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with |
| quoted quotation marks in HTTP Digest headers didn't work. I've now added |
| test case 1095 that verifies my fix. |
| |
| - Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option. |
| They basically offer the same thing the NO_PROXY environment variable only |
| offered previously: list a set of host names that shall not use the proxy |
| even if one is specified. |
| |
| Daniel Fandrich (20 Jan 2009) |
| - Call setlocale() for libtest tests to test the effects of locale-induced |
| libc changes on libcurl. |
| |
| - Fixed a couple more locale-dependent toupper conversions, mainly for |
| clarity. This does fix one problem that causes ;type=i FTP URLs |
| to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is |
| used (test case 561) |
| |
| - Added tests 561 and 1091 through 1094 to test various combinations |
| of ;type= and ;mode= URLs that could potentially fail in the Turkish |
| locale. |
| |
| Daniel Stenberg (20 Jan 2009) |
| - Lisa Xu pointed out that the ssh.obj file was missing from the |
| lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too). |
| |
| Version 7.19.3 (19 January 2009) |
| |
| Daniel Stenberg (16 Jan 2009) |
| - Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both |
| 32 bit and 64 bit. |
| |
| Daniel Stenberg (15 Jan 2009) |
| - Tim Ansell fixed a compiler warning in lib/cookie.c |
| |
| Daniel Stenberg (14 Jan 2009) |
| - Grant Erickson fixed timeouts for TFTP such that specifying a |
| connect-timeout, a max-time or both options work correctly and as expected |
| by passing the correct boolean value to Curl_timeleft via the |
| 'duringconnect' parameter. |
| |
| With this small change, curl TFTP now behaves as expected (and likely as |
| originally-designed): |
| |
| 1) For non-existent or unreachable dotted IP addresses: |
| |
| a) With no options, follows the default curl 300s timeout... |
| b) With --connect-timeout only, follows that value... |
| c) With --max-time only, follows that value... |
| d) With both --connect-timeout and --max-time, follows the smaller value... |
| |
| and times out with a "curl: (7) Couldn't connect to server" error. |
| |
| 2) For transfers to/from a valid host: |
| |
| a) With no options, follows default curl 300s timeout for the |
| first XRQ/DATA/ACK transaction and the default TFTP 3600s |
| timeout for the remainder of the transfer... |
| |
| b) With --connect-time only, follows that value for the |
| first XRQ/DATA/ACK transaction and the default TFTP 3600s |
| timeout for the remainder of the transfer... |
| |
| c) With --max-time only, follows that value for the first |
| XRQ/DATA/ACK transaction and for the remainder of the |
| transfer... |
| |
| d) With both --connect-timeout and --max-time, follows the former |
| for the first XRQ/DATA/ACK transaction and the latter for the |
| remainder of the transfer... |
| |
| and times out with a "curl: (28) Timeout was reached" error as |
| appropriate. |
| |
| Daniel Stenberg (13 Jan 2009) |
| - Michael Wallner fixed a NULL pointer deref when calling |
| curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no |
| cookies data. |
| |
| - Stefan Teleman brought a patch to fix the default curlbuild.h file for the |
| SunPro compilers. |
| |
| Daniel Stenberg (12 Jan 2009) |
| - Based on bug report #2498665 (https://curl.haxx.se/bug/view.cgi?id=2498665) |
| by Daniel Black, I've now added magic to the configure script that makes it |
| use pkg-config to detect gnutls details as well if the existing method |
| (using libgnutls-config) fails. While doing this, I cleaned up and unified |
| the pkg-config usage when detecting openssl and nss as well. |
| |
| Daniel Stenberg (11 Jan 2009) |
| - Karl Moerder brought the patch that creates vc9 Makefiles, and I made |
| 'maketgz' now use the actual makefile targets to do the VC8 and VC9 |
| makefiles. |
| |
| Daniel Stenberg (10 Jan 2009) |
| - Emil Romanus fixed: |
| |
| When using the multi interface over HTTP and the server returns a Location |
| header, the running easy handle will get stuck in the CURLM_STATE_PERFORM |
| state, leaving the external event loop stuck waiting for data from the |
| ingoing socket (when using the curl_multi_socket_action stuff). While this |
| bug was pretty hard to find, it seems to require only a one-line fix. The |
| break statement on line 1374 in multi.c caused the function to skip the call |
| to multistate(). |
| |
| How to reproduce this bug? Well, that's another question. evhiperfifo.c in |
| the examples directory chokes on this bug only _sometimes_, probably |
| depending on how fast the URLs are added. One way of testing the bug out is |
| writing to hiper.fifo from more than one source at the same time. |
| |
| Daniel Fandrich (7 Jan 2009) |
| - Unified much of the SessionHandle initialization done in Curl_open() and |
| curl_easy_reset() by creating Curl_init_userdefined(). This had the side |
| effect of fixing curl_easy_reset() so it now also resets |
| CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE |
| |
| Daniel Stenberg (7 Jan 2009) |
| - Rob Crittenden did once again provide an NSS update: |
| |
| I have to jump through a few hoops now with the NSS library initialization |
| since another part of an application may have already initialized NSS by the |
| time Curl gets invoked. This patch is more careful to only shutdown the NSS |
| library if Curl did the initialization. |
| |
| It also adds in a bit of code to set the default ciphers if the app that |
| call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific |
| ciphers. One might argue that this lets other application developers get |
| lazy and/or they aren't using the NSS API correctly, and you'd be right. |
| But still, this will avoid terribly difficult-to-trace crashes and is |
| generally helpful. |
| |
| Daniel Stenberg (1 Jan 2009) |
| - 'reconf' is removed since we rather have users use 'buildconf' |
| |
| Daniel Stenberg (31 Dec 2008) |
| - Bas Mevissen reported https://curl.haxx.se/bug/view.cgi?id=2479030 pointing |
| out that 'reconf' didn't properly point out the m4 subdirectory when running |
| aclocal. |
| |
| Daniel Stenberg (29 Dec 2008) |
| - Phil Lisiecki filed bug report #2413067 |
| (https://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that |
| would cause libcurl to mark a DNS cache entry "in use" eternally if the |
| subsequence TCP connect failed. It would thus never get pruned and refreshed |
| as it should've been. |
| |
| Phil provided his own patch to this problem that while it seemed to work |
| wasn't complete and thus I wrote my own fix to the problem. |
| |
| Daniel Stenberg (28 Dec 2008) |
| - Peter Korsgaard fixed building libcurl with "configure --with-ssl |
| --disable-verbose". |
| |
| - Anthony Bryan fixed more language and spelling flaws in man pages. |
| |
| Daniel Stenberg (22 Dec 2008) |
| - Given a recent enough libssh2, libcurl can now seek/resume with SFTP even |
| on file indexes beyond 2 or 4GB. |
| |
| - Anthony Bryan provided a set of patches that cleaned up manual language, |
| corrected spellings and more. |
| |
| Daniel Stenberg (20 Dec 2008) |
| - Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing |
| pipelining, as libcurl could then easily get confused and A) work on the |
| handle that was not "first in queue" on a pipeline, or even B) tell the app |
| to REMOVE a socket while it was in use by a second handle in a pipeline. Both |
| errors caused hanging or stalling applications. |
| |
| Daniel Stenberg (19 Dec 2008) |
| - curl_multi_timeout() could return a timeout value of 0 even though nothing |
| was actually ready to get done, as the internal time resolution is higher |
| than the returned millisecond timer. Therefore it could cause applications |
| running on fast processors to do short bursts of busy-loops. |
| curl_multi_timeout() will now only return 0 if the timeout is actually |
| alreay triggered. |
| |
| - Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl |
| now has an improved ability to do right when the multi interface (both |
| "regular" and multi_socket) is used for SCP and SFTP transfers. This should |
| result in (much) less busy-loop situations and thus less CPU usage with no |
| speed loss. |
| |
| Daniel Stenberg (17 Dec 2008) |
| - SCP and SFTP with the multi interface had the same flaw: the 'DONE' |
| operation didn't complete properly if the EAGAIN equivalent was returned but |
| libcurl would simply continue with a half-completed close operation |
| performed. This ruined persistent connection re-use and cause some |
| SSH-protocol errors in general. The correction is unfortunately adding a |
| blocking function - doing it entirely non-blocking should be considered for |
| a better fix. |
| |
| Gisle Vanem (16 Dec 2008) |
| - Added the possibility to use the Watt-32 tcp/ip stack under Windows. |
| The change simply involved adding a USE_WATT32 section in the |
| config-win32.h files (under ./lib and ./src). This section disables |
| the use of any Winsock headers. |
| |
| Daniel Stenberg (16 Dec 2008) |
| - libssh2_sftp_last_error() was wrongly used at some places in libcurl which |
| made libcurl sometimes not properly abort problematic SFTP transfers. |
| |
| Daniel Stenberg (12 Dec 2008) |
| - More work with Igor Novoseltsev to first fix the remaining stuff for |
| removing easy handles from multi handles when the easy handle is/was within |
| a HTTP pipeline. His bug report #2351653 |
| (https://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was |
| eventually fixed by a patch by Igor himself. |
| |
| Yang Tse (12 Dec 2008) |
| - Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting |
| OS/400 compilations with IPv6 enabled. |
| |
| Daniel Stenberg (12 Dec 2008) |
| - Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists |
| when using duphandle+curl_mutli" |
| (https://curl.haxx.se/bug/view.cgi?id=2416182) which showed that |
| curl_easy_duphandle() wrongly also copied the pointer to the connection |
| cache, which was plain wrong and caused a segfault if the handle would be |
| used in a different multi handle than the handle it was duplicated from. |
| |
| Daniel Stenberg (11 Dec 2008) |
| - Keshav Krity found out that libcurl failed to deal with dotted IPv6 |
| addresses if they were very long (>39 letters) due to a too strict address |
| validity parser. It now accepts addresses up to 45 bytes long. |
| |
| Daniel Stenberg (11 Dec 2008) |
| - Internet Explorer had a broken HTTP digest authentication before v7 and |
| there are servers "out there" that relies on the client doing this broken |
| Digest authentication. Apache even comes with an option to work with such |
| broken clients. |
| |
| The difference is only for URLs that contain a query-part (a '?'-letter and |
| text to the right of it). |
| |
| libcurl now supports this quirk, and you enable it by setting the |
| CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or |
| CURLOPT_PROXYAUTH options. They are thus individually controlled to server |
| and proxy. |
| |
| (note that there's no way to activate this with the curl tool yet) |
| |
| Daniel Fandrich (9 Dec 2008) |
| - Added test cases 1089 and 1090 to test --write-out after a redirect to |
| test a report that the size didn't work, but these test cases pass. |
| |
| - Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs. |
| |
| Daniel Stenberg (9 Dec 2008) |
| - Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any |
| particular state for the control connection like it did before for implicit |
| FTPS (libcurl assumed such control connections to be encrypted while some |
| FTPS servers such as FileZilla assumes such connections to be clear |
| mode). Use the CURLOPT_USE_SSL option to set your desired level. |
| |
| Daniel Stenberg (8 Dec 2008) |
| - Fred Machado posted about a weird FTP problem on the curl-users list and when |
| researching it, it turned out he got a 550 response back from a SIZE command |
| and then I fell over the text in RFC3659 that says: |
| |
| The presence of the 550 error response to a SIZE command MUST NOT be taken |
| by the client as an indication that the file cannot be transferred in the |
| current MODE and TYPE. |
| |
| In other words: the change I did on September 30th 2008 and that has been |
| included in the last two releases were a regression and a bad idea. We MUST |
| NOT take a 550 response from SIZE as a hint that the file doesn't exist. |
| |
| - Christian Krause filed bug #2221237 |
| (https://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite |
| loop during GSS authentication given some specific conditions. With his |
| patience and great feedback I managed to narrow down the problem and |
| eventually fix it although I can't test any of this myself! |
| |
| Daniel Fandrich (3 Dec 2008) |
| - Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6 |
| support (e.g. Minix) |
| |
| Daniel Stenberg (3 Dec 2008) |
| - Igor Novoseltsev filed bug #2351645 |
| (https://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with |
| the multi interface that occured if you removed an easy handle while in |
| progress and the handle was used in a HTTP pipeline. |
| |
| - Pawel Kierski pointed out a mistake in the cookie code that could lead to a |
| bad fclose() after a fatal error had occured. |
| (https://curl.haxx.se/bug/view.cgi?id=2382219) |
| |
| Daniel Fandrich (25 Nov 2008) |
| - If a HTTP request is Basic and num is already >=1000, the HTTP test |
| server adds 1 to num to get the data section to return. This allows |
| testing authentication negotiations using the Basic authentication |
| method. |
| |
| - Added tests 1087 and 1088 to test Basic authentication on a redirect |
| with and without --location-trusted |
| |
| Daniel Stenberg (24 Nov 2008) |
| - Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19 |
| function when built to support SCP and SFTP that helps the library to know |
| in which direction a particular libssh2 operation would return EAGAIN so |
| that libcurl knows what socket conditions to wait for before trying the |
| function call again. Previously (and still when using libssh2 0.18 or |
| earlier), libcurl will busy-loop in this situation when the easy interface |
| is used! |
| |
| Daniel Fandrich (20 Nov 2008) |
| - Automatically detect OpenBSD's CA cert bundle. |
| |
| Daniel Stenberg (19 Nov 2008) |
| - I removed the default use of "Pragma: no-cache" from libcurl when a proxy is |
| used. It has been used since forever but it was never a good idea to use |
| unless explicitly asked for. |
| |
| - Josef Wolf's extension that allows a $TESTDIR/gdbinit$testnum file that when |
| you use runtests.pl -g, will be sourced by gdb to allow additional fancy or |
| whatever you see fit |
| |
| - Christian Krause reported and fixed a memory leak that would occur with HTTP |
| GSS/kerberos authentication (https://curl.haxx.se/bug/view.cgi?id=2284386) |
| |
| - Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got |
| when uploading files to a single FTP server using multiple easy handle |
| handles with the multi interface. Occasionally a handle would stall in |
| mysterious ways. |
| |
| The problem turned out to be a side-effect of the ConnectionExists() |
| function's eagerness to re-use a handle for HTTP pipelining so it would |
| select it even if already being in use, due to an inadequate check for its |
| chances of being used for pipelnining. |
| |
| Daniel Fandrich (17 Nov 2008) |
| - Added more compiler warning options for gcc 4.3 |
| |
| Yang Tse (17 Nov 2008) |
| - Fix a remaining problem in the inet_pton() runtime configure check. And |
| fix internal Curl_inet_pton() failures to reject certain malformed literals. |
| |
| - Make configure script check if ioctl with the SIOCGIFADDR command can be |
| used, and define HAVE_IOCTL_SIOCGIFADDR if appropriate. |
| |
| Daniel Stenberg (16 Nov 2008) |
| - Christian Krause fixed a build failure when building with gss support |
| enabled and FTP disabled. |
| |
| - Added check for NULL returns from strdup() in src/main.c and lib/formdata.c |
| - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do |
| for example -O on a url with a file name part longer than PATH_MAX letters |
| |
| - lib/nss.c fixes based on the report by Jim Meyering: I went over and added |
| checks for return codes for all calls to malloc and strdup that were |
| missing. I also changed a few malloc(13) to use arrays on the stack and a |
| few malloc(PATH_MAX) to instead use aprintf() to lower memory use. |
| |
| - I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is |
| in use. |
| |
| Daniel Fandrich (14 Nov 2008) |
| - Added .xml as one of the few common file extensions known by the multipart |
| form generator. |
| |
| - Added some #ifdefs around header files and change the EAGAIN test to |
| fix compilation on Cell (reported by Jeff Curley). |
| |
| Yang Tse (14 Nov 2008) |
| - Fixed several configure script issues affecting checks for inet_ntoa_r(), |
| inet_ntop(), inet_pton(), getifaddrs(), fcntl() and getaddrinfo(). |
| |
| Yang Tse (13 Nov 2008) |
| - Refactored configure script detection of functions used to set sockets into |
| non-blocking mode, and decouple function detection from function capability. |
| |
| Version 7.19.2 (13 November 2008) |
| |
| Michal Marek (13 Nov 2008) |
| - Fixed a potential data loss in Curl_client_write() when the transfer is |
| paused. |
| |
| Daniel Stenberg (11 Nov 2008) |
| - Rainer Canavan filed bug #2255627 |
| (https://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a |
| program using libcurl's multi interface to download a HTTPS page with a |
| libcurl built powered by OpenSSL, would easily get silly and instead hand |
| over SSL details as data instead of the actual HTTP headers and body. This |
| happened because libcurl would consider the connection handshake done too |
| early. This problem was introduced at September 22nd 2008 with my fix of the |
| bug #2107377 |
| |
| The correct fix is now instead done within the GnuTLS-handling code, as both |
| the OpenSSL and the NSS code already deal with this situation in similar |
| fashion. I added test case 560 in an attempt to verify this fix, but |
| unfortunately it didn't trigger it even before this fix! |
| |
| Yang Tse (11 Nov 2008) |
| - Related with bug #2230535 (https://curl.haxx.se/bug/view.cgi?id=2230535) |
| Daniel Fandrich noticed that curl_addrinfo was also missing in the build |
| process of other four non-configure platforms. Added now. |
| |
| Daniel Fandrich (7 Nov 2008) |
| - The getifaddrs() version of Curl_if2ip() crashed when used on a Linux |
| system with a TEQL load-balancing device configured, which doesn't |
| have an address. Thanks to Adam Sampson for spotting this (bug #2234923). |
| |
| Yang Tse (6 Nov 2008) |
| - Merged existing IPv4 and IPv6 Curl_ip2addr functions into a single one |
| which now also takes a protocol address family argument. |
| |
| - Bug #2230535 (https://curl.haxx.se/bug/view.cgi?id=2230535) pointed out a |
| problem with MSVC 6 makefile that caused a build failure. It was noted that |
| the curl_addrinfo.obj reference was missing. I took the opportunity to sort |
| the list in which this was missing. Issue submitted by John Wilkinson. |
| |
| Version 7.19.1 (5 November 2008) |
| |
| Daniel Stenberg (4 Nov 2008) |
| - CURLINFO_FILETIME now works for file:// transfers as well |
| |
| Daniel Stenberg (3 Nov 2008) |
| - Bug #2218480 (https://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a |
| problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL |
| pointer read. I also took the opportunity to clean up this logic (storing of |
| the connection's IP address) somewhat as we had it stored in two different |
| places and ways previously and they are now unified. |
| |
| Yang Tse (3 Nov 2008) |
| - Fix undersized IPv6 address internal buffer. IPv6 address strings longer |
| than 35 characters would be truncated. |
| |
| Daniel Stenberg (2 Nov 2008) |
| - Daniel Johnson reported and fixed: |
| |
| When c-ares isn't enabled, libcurl by default calls getaddrinfo with family |
| set to PF_UNSPEC which causes getaddrinfo to return all available addresses, |
| both IPv4 and IPv6. Libcurl then tries each one until it can connect. If the |
| net connection doesn't support IPv6, libcurl can still fall back to IPv4. |
| |
| However, since c-ares doesn't support PF_UNSPEC, when it's used it defaults |
| to using family=PF_INET6 and therefore only returns IPv6 addresses when AAAA |
| records are available, even if IPv4 addresses are also available. The effect |
| is that since my ISP doesn't do IPv6, libcurl can't connect at all to a site |
| that has AAAA records. It will work if I explicitly use CURL_IPRESOLVE_V4 or |
| --ipv4 with the curl tool. I discovered this when curl would fail to connect |
| to seemingly random sites. It turns out they weren't random, they were sites |
| with AAAA records. |
| |
| So now libcurl defaults to PF_INET... until c-ares has been tought to offer |
| both. |
| |
| Yang Tse (31 Oct 2008) |
| - Tests 558 and 559 are stabilized. These two tests were initially introduced |
| to aid in the location of a seg-fault which was only triggered on non-debug |
| builds done with the icc 9.1 Intel compiler. Test 558 does not trigger the |
| problem, but test 559 does trigger it. As of today, it isn't yet absolutely |
| clear if it is a compiler optimizer issue or a memory corruption one. |
| |
| Yang Tse (30 Oct 2008) |
| - Use our Curl_addrinfo structure definition to handle address info data even |
| when a system addrinfo struct is available. Provide and use a wrapper around |
| systems getaddrinfo function, Curl_getaddrinfo_ex which returns a pointer to |
| a list of dynamically allocated Curl_addrinfo structs. |
| |
| Configure will check freeaddrinfo and getaddrinfo functions and define |
| preprocessor symbols HAVE_FREEADDRINFO and HAVE_GETADDRINFO when appropriate. |
| |
| Daniel Fandrich (29 Oct 2008) |
| - Fixed a bug that caused a few bytes of garbage to be sent after a |
| curl_easy_pause() during a chunky upload. Reported by Steve Roskowski. |
| |
| Daniel Fandrich (28 Oct 2008) |
| - Changed the "resolve" test precheck program to verify that an IPv6 socket |
| can be created before resolving the IPv6 name. In the context of running |
| a test, it doesn't make sense to run an IPv6 test when a host is resolvable |
| but IPv6 isn't usable. This should fix failures of test 1085 on hosts with |
| library and DNS support for IPv6 but where actual use of IPv6 has been |
| administratively disabled. |
| |
| Daniel Fandrich (24 Oct 2008) |
| - Added experimental support for zlib and OpenSSL on Symbian OS. |
| |
| Daniel Fandrich (21 Oct 2008) |
| - Fixed some problems with SFTP range support to fix test cases 634 through |
| 637. |
| |
| Daniel Fandrich (17 Oct 2008) |
| - Fixed a compile error reported by Albert Chin on AIX and IRIX when using |
| GTLS. |
| |
| Daniel Stenberg (16 Oct 2008) |
| - Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then |
| make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding |
| these new options is that they have no problems with the colon separator |
| that the CURLOPT_PROXYUSERPWD option does. |
| |
| Daniel Stenberg (15 Oct 2008) |
| - Pascal Terjan filed bug #2154627 |
| (https://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl |
| uses strcasecmp() in multiple places where it causes failures when the |
| Turkish locale is used. This is because 'i' and 'I' isn't the same letter so |
| strcasecmp() on those letters are different in Turkish than in English (or |
| just about all other languages). I thus introduced a totally new internal |
| function in libcurl (called Curl_raw_equal) for doing case insentive |
| comparisons for english-(ascii?) style strings that thus will make "file" |
| and "FILE" match even if the Turkish locale is selected. |
| |
| Daniel Fandrich (15 Oct 2008) |
| - A <precheck> command is considered to have failed if it returns a non-zero |
| return code. This way, if the precheck command can't be run at all for |
| whatever reason, it's treated as a precheck failure which causes the |
| test to be skipped. |
| |
| Daniel Stenberg (15 Oct 2008) |
| - John Wilkinson filed bug #2155496 |
| (https://curl.haxx.se/bug/view.cgi?id=2155496) pointing out an error case |
| without a proper human-readable error message. When a read callback returns |
| a too large value (like when trying to return a negative number) it would |
| trigger and the generic error message then makes the proplem slightly |
| different to track down. I've added an error message for this now. |
| |
| Daniel Fandrich (9 Oct 2008) |
| - Fixed the --interface option to work with IPv6 connections on glibc |
| systems supporting getifaddrs(). Also fixed a problem where an IPv6 |
| address could be chosen instead of an IPv4 one for --interface when it |
| involved a name lookup. |
| |
| Daniel Fandrich (8 Oct 2008) |
| - Added tests 1082 through 1085 to test symbolic --interface parameters |
| |
| - Added tests 633 through 637 to test the new file range support for SFTP. |
| All but the first test cause an infinite loop or other failure and so |
| are added to DISABLED. |
| |
| Daniel Stenberg (8 Oct 2008) |
| - John Wilkinson filed bug #2152270 |
| (https://curl.haxx.se/bug/view.cgi?id=2152270) which identified and fixed a |
| CURLINFO_REDIRECT_URL memory leak and an additional wrong-doing: |
| |
| Any subsequent transfer with a redirect leaks memory, eventually crashing |
| the process potentially. |
| |
| Any subsequent transfer WITHOUT a redirect causes the most recent redirect |
| that DID occur on some previous transfer to still be reported. |
| |
| - Igor Novoseltsev filed bug #2111613 |
| (https://curl.haxx.se/bug/view.cgi?id=2111613) that eventually identified a |
| flaw in how the multi_socket interface in some cases missed to call the |
| timeout callback when easy interfaces are removed and added within the same |
| millisecond. |
| |
| - Igor Novoseltsev brought a patch that introduced two new options to |
| curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of |
| deprecates the good old CURLOPT_USERPWD since they allow applications to set |
| the user name and password independently and perhaps more importantly allow |
| both to contain colon(s) which CURLOPT_USERPWD doesn't fully support. |
| |
| Daniel Fandrich (7 Oct 2008) |
| - Changed the handling of read/write errors in Curl_perform() to allow a |
| a fresh connection to be made in such cases and the request retransmitted. |
| This should fix test case 160. Added test case 1079 in an attempt to |
| test a similar connection dropping scenario, but as a race condition, it's |
| hard to test reliably. |
| |
| - Created test cases 1080 and 1081 to reproduce a problem of |
| CURLINFO_REDIRECT_URL leaking memory and returning incorrect results when |
| two URLs are requested. Reported by vmpdemo in bug #2152270 |
| |
| Daniel Stenberg (7 Oct 2008) |
| - Fixed CURLINFO_PRIMARY_IP: When libcurl created a connection to host A then |
| the app re-used the handle to do a connection to host B and then again |
| re-used the handle to host A, it would not update the info with host A's IP |
| address (due to the connection being re-used) but it would instead report |
| the info from host B. |
| |
| Yang Tse (7 Oct 2008) |
| - Added --enable-optimize configure option to enable and disable compiler |
| optimizations to allow decoupled setting from --enable-debug. |
| |
| Yang Tse (2 Oct 2008) |
| - Added --enable-warnings configure option to enable and disable strict |
| compiler warnings to allow decoupled setting from --enable-debug. |
| |
| runtests.pl will now run with picky compiler warnings enabled unless |
| explicitly disabled. |
| |
| Daniel Fandrich (1 Oct 2008) |
| - "make clean" now cleans out the docs and tests directories, too. |
| |
| Daniel Stenberg (30 Sep 2008) |
| - The libcurl FTP code now returns CURLE_REMOTE_FILE_NOT_FOUND error when SIZE |
| gets a 550 response back for the cases where a download (or NOBODY) is |
| wanted. It still allows a 550 as response if the SIZE is used as part of an |
| upload process (like if resuming an upload is requested and the file isn't |
| there before the upload). I also modified the FTP test server and a few test |
| cases accordingly to match this modified behavior. |
| |
| Daniel Stenberg (29 Sep 2008) |
| - Daniel Egger provided a patch that allows you to disable proxy support in |
| libcurl to somewhat reduce the size of the binary. Run configure |
| --disable-proxy. |
| |
| Daniel Fandrich (29 Sep 2008) |
| - Moved all signal-based name resolution timeout handling into a single new |
| Curl_resolv_timeout function to reduce coupling. |
| |
| Daniel Stenberg (29 Sep 2008) |
| - Ian Lynagh provided a patch that now makes CURLOPT_RANGE work fine for SFTP |
| downloads! |
| |
| - Maxim Ivanov filed bug report #2107803 |
| (https://curl.haxx.se/bug/view.cgi?id=2107803) "no CURLINFO_REDIRECT_URL in |
| multi mode" together with a patch that fixed the problem. |
| |
| Daniel Stenberg (25 Sep 2008) |
| - Emanuele Bovisio submitted bug report #2126435. We fixed the HTTP Digest |
| auth code to not behave badly when getting a blank realm with |
| realm="". https://curl.haxx.se/bug/view.cgi?id=2126435 |
| |
| Daniel Fandrich (23 Sep 2008) |
| - Make sure not to dereference the wrong UrlState proto union member when |
| switching from one protocol to another in a single request (e.g. |
| redirecting from HTTP to FTP as in test 1055) by resetting |
| state.expect100header before every request. |
| |
| Daniel Stenberg (23 Sep 2008) |
| - Introducing Jamie Lokier's function for date to epoch conversion used in the |
| date parser function. This makes our function less dependent on system- |
| provided functions and instead we do all the magic ourselves. We also no |
| longer depend on the TZ environment variable. Switching to our own converter |
| has some side-effect and they are noted here for future reference (taken |
| from a mail by mr Lokier): |
| |
| time_t is not measured in seconds in the ANSI C standard - or even counted |
| uniformly - weird platforms can use other numeric representations of dates |
| in time_t - hence the difftime() function. |
| |
| On POSIX time_t is measured in UTC seconds, which means not including leap |
| seconds. But it's mentioned in a few places that some old POSIX-ish |
| environments include leap seconds in their time_t counts... |
| |
| I'm pretty sure [the new implementation is] correct on anything truly POSIX. |
| And it's obviously a lot less dependent on platform quirks and corner cases |
| in many ways than the mktime() version. |
| |
| - Rob Crittenden brought a patch to "add some locking for thread-safety to NSS |
| implementation". |
| |
| Daniel Stenberg (22 Sep 2008) |
| - Made the SOCKS code use the new Curl_read_plain() function to fix the bug |
| Markus Moeller reported: https://curl.haxx.se/mail/archive-2008-09/0016.html |
| |
| - recv() errors other than those equal to EAGAIN now cause proper |
| CURLE_RECV_ERROR to get returned. This made test case 160 fail so I've now |
| disabled it until we can figure out another way to exercise that logic. |
| |
| - Michael Goffioul filed bug report #2107377 "Problem with multi + GnuTLS + |
| proxy" (https://curl.haxx.se/bug/view.cgi?id=2107377) that showed how a multi |
| interface using program didn't work when built with GnuTLS and a CONNECT |
| request was done over a proxy (basically test 502 over a proxy to a HTTPS |
| site). It turned out the ssl connect function would get called twice which |
| caused the second call to fail. |
| |
| Daniel Fandrich (22 Sep 2008) |
| - Fixed test 539 to handle an out of memory condition that shows up now |
| that memdebug.h is included in the test programs. |
| |
| Yang Tse (20 Sep 2008) |
| - Fix regression in configure script which affected OpenSSL builds on MSYS. |
| |
| Yang Tse (19 Sep 2008) |
| - configure script now checks availability of the alarm() function. |
| |
| Daniel Fandrich (18 Sep 2008) |
| - Don't bother to install a SIGALRM handler unless alarm() is available. |
| Also, leave the existing SIGALRM handler alone if the timeout is too small |
| to handle. |
| |
| Daniel Fandrich (17 Sep 2008) |
| - Removed reference to curl-ca-bundle.crt in the host verification failure |
| error message. |
| |
| Yang Tse (17 Sep 2008) |
| - Improve configure detection of gethostname(), localtime_r(), strstr(), |
| getservbyport_r(), gethostbyaddr_r() and gethostbyname_r(). |
| |
| Yang Tse (14 Sep 2008) |
| - Improve configure detection of strcasecmp(), strcasestr(), strcmpi(), |
| stricmp(), strlcat(), strncasecmp(), strncmpi() and strnicmp(). |
| |
| Yang Tse (13 Sep 2008) |
| - Disable tracking of fdopen() calls in the low-level memory leak tracking |
| code when fdopen() is not available, to avoid compiler error. |
| |
| Yang Tse (12 Sep 2008) |
| - Further adjust detection of strerror_r() in the configure process, and |
| ensure that errno is not modified inside Curl_strerror(). |
| |
| Yang Tse (10 Sep 2008) |
| - Improve detection of gmtime_r(), strtoll(), sigaction(), strtok_r(), |
| strdup() and ftruncate() in the configure process. |
| |
| Daniel Fandrich (9 Sep 2008) |
| - Mike Revi discovered some swapped speed switches documented in the curl man |
| page. |
| |
| - Checked in some documentation and code improvements and fixes that I |
| discovered in the FreeBSD ports system. |
| |
| Daniel Stenberg (8 Sep 2008) |
| - Dmitry Kurochkin patched a problem: I have found bug in pipelining through |
| proxy. I have a transparent proxy. When running with http_proxy environment |
| variable not set my test completes fine (it goes through transparent |
| proxy). When I set http_proxy variable my test hangs after the first |
| downloaded is complete. Looks like the second handle never gets out from |
| WAITDO state. |
| |
| The fix: It makes checkPendPipeline move 1 handler from pend pipe to send |
| pipe if pipelining is not supported by server but there are no handles in |
| send and recv pipes. |
| |
| - Stefan Krause pointed out that libcurl would wrongly send away cookies to |
| sites in cases where the cookie clearly has a very old expiry date. The |
| condition was simply that libcurl's date parser would fail to convert the |
| date and it would then count as a (timed-based) match. Starting now, a |
| missed date due to an unsupported date format or date range will now cause |
| the cookie to not match. |
| |
| Daniel Fandrich (5 Sep 2008) |
| - Improved the logic that decides whether to use HTTP 1.1 features or not in a |
| request. Setting a specific version with CURLOPT_HTTP_VERSION overrides |
| all other checks, but otherwise, a 1.0 request will be made if the server |
| is known to support only 1.0 because it previously responded so and the |
| connection was kept alive, or a response to a previous request on this handle |
| came back as 1.0. The latter could take place in cases like redirection or |
| authentication where several requests have to be made before the operation |
| is complete. If any one of the servers in a redirection chain supports only |
| 1.0, then remaining requests will be sent in 1.0 mode. |
| |
| - Detect cases where an upload must be sent chunked and the server supports |
| only HTTP 1.0 and return CURLE_UPLOAD_FAILED. |
| |
| Daniel Stenberg (5 Sep 2008) |
| - Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames |
| CURLOPT_POST301 (but adds a define for backwards compatibility for you who |
| don't define CURL_NO_OLDIES). This option allows you to now also change the |
| libcurl behavior for a HTTP response 302 after a POST to not use GET in the |
| subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the |
| patch somewhat before commit. The curl tool got a matching --post302 |
| option. Test case 1076 was added to verify this. |
| |
| - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By |
| enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS |
| or FTPS), libcurl will gather lots of server certificate info and that info |
| can then get extracted by a client after the request has completed with |
| curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing |
| helped me test and smoothen out this feature. |
| |
| Unfortunately, this feature currently only works with libcurl built to use |
| OpenSSL. |
| |
| This feature was sponsored by networking4all.com - thanks! |
| |
| - Dmitriy Sergeyev pointed out that curl_easy_pause() didn't unpause properly |
| during certain conditions. I also changed this code to use realloc() based |
| on Daniel Fandrich's suggestion. |
| |
| Guenter Knauf (4 Sep 2008) |
| - MingW32 non-configure builds are now largefile feature enabled by default. |
| NetWare LIBC builds are also now largefile feature enabled by default. |
| |
| Yang Tse (4 Sep 2008) |
| - Several fixes related with print formatting string directives. |
| |
| Daniel Fandrich (3 Sep 2008) |
| - Search for the FreeBSD CA cert file /usr/local/share/certs/ca-root.crt |
| |
| Daniel Fandrich (2 Sep 2008) |
| - Fixed an out of memory problem that caused torture test failures in tests |
| 706 and 707. |
| |
| Daniel Stenberg (2 Sep 2008) |
| - Keith Mok added supported_protocols and supported_features to the pkg-config |
| file for libcurl, and while doing that fix he unified with curl-config.in |
| how the supported protocols and features are extracted and used, so both those |
| tools should now always be synced. |
| |
| Version 7.19.0 (1 September 2008) |
| |
| Daniel Fandrich (29 Aug 2008) |
| - Added tests 1071 through 1074 to test automatic downgrading from HTTP 1.1 |
| to HTTP 1.0 upon receiving a response from the HTTP server. Tests 1072 |
| and 1073 are similar to test 1069 in that they involve the impossible |
| scenario of sending chunked data to a HTTP 1.0 server. All these fail |
| and are added to DISABLED. |
| |
| - Added test 1075 to test --anyauth with Basic authentication. |
| |
| Daniel Stenberg (29 Aug 2008) |
| - When libcurl was doing a HTTP POST and the server would respond with |
| "Connection: close" and actually close the connection after the |
| response-body, libcurl could still have outstanding data to send and it |
| would not properly notice this and stop sending. This caused weirdness and |
| sad faces. https://curl.haxx.se/bug/view.cgi?id=2080222 |
| |
| Note that there are still reasons to consider libcurl's behavior when |
| getting a >= 400 response code while sending data, as Craig Perras' note |
| "http upload: how to stop on error" specifies: |
| https://curl.haxx.se/mail/archive-2008-08/0138.html |
| |
| Daniel Stenberg (28 Aug 2008) |
| - Dengminwen reported that libcurl would lock a (cookie) share twice (without |
| an unlock in between) for a certain case and that in fact works when using |
| regular windows mutexes but not with pthreads'! Locks should of course not |
| get locked again so this is now fixed. |
| https://curl.haxx.se/mail/lib-2008-08/0422.html |
| |
| - I'm abandoning the system with the web site mirrors (but keeping download |
| files bing mirrored) and thus I've changed the URL in the cookiejar header |
| to no longer use curlm.haxx.se but instead use the main site curl.haxx.se |
| |
| Daniel Fandrich (27 Aug 2008) |
| - Fixed test case 1065 by changing the handling of CURLOPT_UPLOAD to set |
| the HTTP method to GET (or HEAD) when given a value of 0. |
| |
| - Added test cases 1068 and 1069 to test a simple HTTP PUT from stdin. Test |
| case 1069 fails in a similar manner to test 1065 so is added to DISABLED. |
| |
| Yang Tse (27 Aug 2008) |
| - Fix generation of MS VC6 .dsp file to make it support compilation of either |
| dynamic (DLL) or static (LIB) libcurl libraries in debug and release modes. |
| |
| Daniel Fandrich (26 Aug 2008) |
| - Fixed out of memory problems that caused torture test failures in tests |
| 1021 and 1067. |
| |
| Yang Tse (26 Aug 2008) |
| - Added check and symbol definition for WIN32 file API usage in configure, |
| supporting configure's --disable-largefile option for WIN32 targets also. |
| |
| - Non-configure systems which do not use config-win32.h configuration file, |
| and want to use the WIN32 file API, must define USE_WIN32_LARGE_FILES or |
| USE_WIN32_SMALL_FILES as appropriate in their own configuration files. |
| |
| Daniel Stenberg (23 Aug 2008) |
| - Running 'make ca-firefox' in the root build dir will now run the new |
| firefox-db2pem.sh conversion script that converts a local Firefox db of ca |
| certs into PEM format, suitable for use with a OpenSSL or GnuTLS built |
| libcurl. |
| |
| - Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi |
| interface, and the proxy would send Connection: close during the |
| authentication phase. https://curl.haxx.se/bug/view.cgi?id=2069047 |
| |
| Daniel Fandrich (22 Aug 2008) |
| - Fixed a problem when --dump-header - was given with more than one URL, |
| which caused an error when the second header was dumped due to stdout |
| being closed. Added test case 1066 to verify. Also fixed a potential |
| problem where a closed file descriptor might be used for an upload |
| when more than one URL is given. |
| |
| Yang Tse (22 Aug 2008) |
| - Improved libcurl's internal curl_m*printf() functions integral data type |
| size and signedness handling. |
| |
| - Internal adjustments to better select/differentiate when large/small file |
| support is provided using WIN32 functions directly. |
| |
| Daniel Fandrich (20 Aug 2008) |
| - Added an edited version of Vincent Le Normand's documentation of SFTP quote |
| commands to the man pages. |
| |
| Daniel Stenberg (20 Aug 2008) |
| - Phil Pellouchoud pointed out that the windows version of libcurl had a |
| memory leak because it never called the OpenSSL function |
| CRYPTO_cleanup_all_ex_data() as it was supposed to. This was because of a |
| missing define in config-win32.h! |
| |
| Gisle Vanem (18 Aug 2008) |
| - Updated lib/Makefile.Watcom with the option to use c-ares (USE_ARES=1). |
| |
| Yang Tse (18 Aug 2008) |
| - Added test case 557 to verify libcurl's internal curl_m*printf() functions |
| formatting functionality when handling signed and unsigned longs, as well as |
| our curl_off_t data type. |
| |
| Yang Tse (17 Aug 2008) |
| - OpenSSl enabled NetWare builds are changed to use the 'openssl' subdirectory |
| when including the OpenSSL header files. This is the recommended setting, this |
| prevents the undesired inclusion of header files with the same name as those |
| of OpenSSL but which do not belong to the OpenSSL package. The visible change |
| from previously released libcurl versions is that now OpenSSl enabled NetWare |
| builds also define USE_OPENSSL in config files, and that OpenSSL header files |
| must be located in a subdirectory named 'openssl'. |
| |
| Yang Tse (16 Aug 2008) |
| - Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU |
| remain in use as internal curl_off_t print formatting strings for the internal |
| *printf functions which still cannot handle print formatting string directives |
| such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and |
| other DOS/Windows compilers. |
| |
| Daniel Fandrich (15 Aug 2008) |
| - Added test case 1063 to test invalid long file ranges with file: URLs and |
| 1064 to test multiple http PUTs. |
| |
| - Added test case 1065 to test a PUT with a single file but two URLs. This |
| was discovered to be problematic while investigating an incident reported by |
| Von back in May. curl in this case doesn't include a Content-Length: or |
| Transfer-Encoding: chunked header which is illegal. This test case is |
| added to DISABLED until a solution is found. |
| |
| Yang Tse (15 Aug 2008) |
| - C preprocessor macros used internally and equally available externally which |
| aid in the use of the curl_off_t data type are named: CURL_FORMAT_CURL_OFF_T, |
| CURL_FORMAT_CURL_OFF_TU, CURL_SIZEOF_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_T, |
| CURL_SUFFIX_CURL_OFF_TU, CURL_OFF_T_C and CURL_OFF_TU_C. |
| |
| Yang Tse (13 Aug 2008) |
| - The size of long is a build time characteristic and as such it is now recorded |
| in curlbuild.h as CURL_SIZEOF_LONG. Definition now done from configure process |
| and in CVS curlbuild.h.dist for non-configure systems. |
| |
| Daniel Fandrich (12 Aug 2008) |
| - Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur |
| when a server responded with long headers and data. Luckily, the buffer |
| overflowed into another unused buffer, so no actual harm was done. |
| Added test cases 1060 and 1061 to verify. |
| |
| Daniel Stenberg (12 Aug 2008) |
| - Andy Tsouladze fixed runtests.pl to not attempt to execute the stunnel |
| _directory_ if that happened to appear in the path! |
| |
| Yang Tse (12 Aug 2008) |
| - Added macros for minimum-width signed and unsigned curl_off_t integer |
| constants CURL_OFF_T_C and CURL_OFF_TU_C. The clever double helper macro |
| used internally to provide its functionality is thanks to Lars Nilsson. |
| |
| Daniel Fandrich (11 Aug 2008) |
| - Fixed a boundary condition error in ftp_readresp() whereby a non-terminal |
| line of a multiline FTP response whose last byte landed exactly at the end |
| of the BUFSIZE-length buffer would be treated as the terminal response |
| line. The following response code read in would then actually be the |
| end of the previous response line, and all responses from then on would |
| correspond to the wrong command. Test case 1062 verifies this. |
| |
| - Stop closing a never-opened ftp socket. |
| |
| Daniel Stenberg (11 Aug 2008) |
| - Constantine Sapuntzakis filed bug report #2042430 |
| (https://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows |
| SSPI code is not thread safe". This was due to libcurl using static |
| variables to tell wether to load the necessary SSPI DLL, but now the loading |
| has been moved to the more suitable curl_global_init() call. |
| |
| - Constantine Sapuntzakis filed bug report #2042440 |
| (https://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a |
| problem when using NTLM over a proxy but the end-point does Basic, and then |
| libcurl would do wrong when the host sent "Connection: close" as the proxy's |
| NTLM state was erroneously cleared. |
| |
| Yang Tse (11 Aug 2008) |
| - Added missing signed and unsigned curl_off_t integer constant suffixes for |
| internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU. |
| |
| Daniel Fandrich (7 Aug 2008) |
| - Fixed an uninitialized variable in multi_runsingle() that could cause a |
| request to prematurely end. |
| |
| - Added test1059 to test the FTP proxy tunnel problem fixed July 11. |
| |
| Yang Tse (7 Aug 2008) |
| - Added curlbuild.h and curlrules.h header files to libcurl's public headers. |
| File curlbuild.h is a generated file on configure-capable systems. This is |
| a first step towards configure-based info in public headers. Currently only |
| used to provide support for a curl_off_t data type which is not gated to |
| off_t. Further details are documented inside these mentioned header files. |
| |
| - Fix CURL_CHECK_DEF so that when the expansion of the preprocessor symbol |
| results in a set of double-quoted strings, this macro will now return an |
| expansion which consists of a single double-quoted string as the result of |
| concatenating all of them. |
| |
| - Skip data type check in DO_CURL_OFF_T_CHECK macro when argument is empty. |
| |
| - Adjusted testcurl.pl to copy checked out curlbuild.h.dist as curlbuild.h |
| for non-configure targets when the host system doesn't run buildconf.bat. |
| |
| - Prevent buildconf from removing 'Makefile' and 'missing' files. This would |
| blow away our CVS checked files 'missing' and 'hiper/Makefile'. |
| |
| - Remove adjustment done to testcurl.pl to verify if change introduced by |
| Guenter Knauf in lib/Makefile.netware is enough to get the netware autobuilds |
| going again. |
| |
| Yang Tse (5 Aug 2008) |
| - Changes done to buildconf script. Validate that autom4te and autoconf, as |
| well as aclocal and automake, versions match. Improve removal of previous |
| run generated files. Remove verbose debug logging of aclocal on Solaris. |
| |
| Daniel Stenberg (5 Aug 2008) |
| - Yehoshua Hershberg found a problem that would make libcurl re-use a |
| connection with the multi interface even if a previous use of it caused a |
| CURLE_PEER_FAILED_VERIFICATION to get returned. I now make sure that failed |
| SSL connections properly close the connections. |
| |
| Daniel Stenberg (4 Aug 2008) |
| - Test cases 1051, 1052 and 1055 were added by Daniel Fandrich on July 30 and |
| proved how PUT and POST with a redirect could lead to a "hang" due to the |
| data stream not being rewound properly when it had to in order to get sent |
| properly (again) to the subsequent URL. This is now fixed and these test |
| cases are no longer disabled. |
| |
| Yang Tse (4 Aug 2008) |
| - Autoconf 2.62 has changed the behaviour of the AC_AIX macro which we use. |
| Prior versions of autoconf defined _ALL_SOURCE if _AIX was defined. 2.62 |
| version of AC_AIX defines _ALL_SOURCE and other four preprocessor symbols |
| no matter if the system is AIX or not. To keep the traditional behaviour, |
| and an uniform one across autoconf versions AC_AIX is replaced with our |
| own internal macro CURL_CHECK_AIX_ALL_SOURCE. |
| |
| Daniel Stenberg (4 Aug 2008) |
| - Test case 1041 (added by Daniel Fandrich July 14th) proved a bug where PUT |
| with -C - sent garbage in the Content-Range: header. I fixed this problem by |
| making sure libcurl always sets the size of the _entire_ upload if an app |
| attemps to do resumed uploads since libcurl simply cannot know the size of |
| what is currently at the server end. Test 1041 is no longer disabled. |
| |
| Yang Tse (2 Aug 2008) |
| - No longer test availability of the gdi32 library, nor use it for linking, even |
| when we have been doing this since revision 1.47 of configure.ac 4 years and |
| 5 months ago when cross-compiling a Windows target. We actually don't use any |
| function from the Windows GDI (Graphics Device Interface) related with drawing |
| or graphics-related operations. |
| |
| Daniel Fandrich (1 Aug 2008) |
| - Added support for --append on SFTP uploads. Unfortunately, OpenSSH doesn't |
| support this so it goes untested. |
| |
| Yang Tse (1 Aug 2008) |
| - Configure process now checks if the preprocessor _REENTRANT symbol is already |
| defined. If it isn't currently defined a set of checks are performed to test |
| if its definition is required to make visible to the compiler a set of *_r |
| functions. Finally, if _REENTRANT is already defined or needed it takes care |
| of making adjustments necessary to ensure that it is defined equally for the |
| configure process tests and generated config file. |
| |
| - Removed definition of CURL_CHECK_WORKING_RESOLVER from acinclude.m4 it has |
| not been in use since revision 1.81 of configure.in 6 years, 9 months ago. |
| |
| Daniel Fandrich (31 Jul 2008) |
| - Fixed parsing of an IPv6 proxy address to support a scope identifier, |
| as well as IPv4 addresses in IPv6 format. Also, better handle the case |
| of a malformatted IPv6 address (avoid empty and NULL strings). |
| |
| - Fixed a problem with any FTP URL or any URLs containing an IPv6 address |
| being mangled when passed to proxies when CURLOPT_PORT is also set |
| (reported by Pramod Sharma). |
| |
| - User names embedded in proxy URLs without a password were parsed |
| incorrectly--the host name is treated as part of the user name and the |
| port number becomes the password. This can be observed in test 279 |
| (was KNOWN_ISSUE #54). |
| |
| Daniel Stenberg (30 Jul 2008) |
| - Phil Blundell added the CURLOPT_ADDRESS_SCOPE option, as well as adjusted |
| the URL parser to allow numerical IPv6-addresses to be specified with the |
| scope given, as per RFC4007 - with a percent letter that itself needs to be |
| URL escaped. For example, for an address of fe80::1234%1 the HTTP URL is: |
| "http://[fe80::1234%251]/" |
| |
| - PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a |
| true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or |
| less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that |
| would set it to something non-zero would return before the assign in almost |
| all error cases. The internal variable is now set to non-zero from the start |
| of the function only to get cleared later on if things work out fine. |
| |
| - Made the curl tool's -w option support the %{ssl_verify_result} variable |
| |
| Daniel Fandrich (30 Jul 2008) |
| - Added test cases 1052 through 1055 to test uploading data from files |
| during redirects. Test cases 1052 and 1055 show problems (maybe the same |
| root cause as 1051) and are disabled. |
| |
| - Fixed a couple of buffer overflows in the MS-DOS port of the curl tool. |
| |
| Daniel Fandrich (29 Jul 2008) |
| - Fixed --use-ascii to properly convert text files on Symbian OS, MS-DOS |
| and OS/2. |
| |
| - Added test case 1051 to test Location: following with PUT, as reported |
| by Ben Sutcliffe. The test when run manually shows a problem in curl |
| so it's disabled. |
| |
| Daniel Fandrich (28 Jul 2008) |
| - Fixed display of the interface bind address in the trace output when it's |
| an IPv6 address. |
| |
| - Added test cases 1045 through 1049 as simple tests of --interface using the |
| localhost interface. |
| |
| - Added test case 1050 to test --ftp-port with an IPv6 address |
| |
| Daniel Stenberg (26 Jul 2008) |
| - David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer |
| overrun" (https://curl.haxx.se/bug/view.cgi?id=2026240) identifying two |
| problems, and providing the fix for them: |
| |
| - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is |
| designed for but paused _receiving_ of data! |
| |
| - libcurl didn't internally set the read counter to zero when this return |
| code was detected, which would potentially lead to junk getting sent to |
| the server. |
| |
| Daniel Fandrich (26 Jul 2008) |
| - Added test 1044 to test large file support in ftp with -I. |
| |
| - Eliminate a unnecessary socket creation in Curl_getaddrinfo for an IPv4 |
| address in an IPv6 capable libcurl. |
| |
| - Added feature in runtests.pl to select tests based on key word. |
| |
| Daniel Fandrich (23 Jul 2008) |
| - Changed the long logfile elision code in runtests.pl to properly handle |
| lines ending in \r. |
| |
| - Changed references to TRUE and FALSE in the curl_easy_setopt man page to |
| 1 and zero, respectively, since TRUE and FALSE aren't part of the |
| libcurl API. |
| |
| Daniel Stenberg (23 Jul 2008) |
| - I went over the curl_easy_setopt man page and replaced most references to |
| non-zero with the fixed value of 1. We should strive at making options |
| support '1' for enabling them mentioned explicitly, as that then will allow |
| us for to extend them in the future without breaking older programs. |
| |
| Possibly we should even introduce a fancy define to use instead of '1' all |
| over... |
| |
| Yang Tse (21 Jul 2008) |
| - Use the sreadfrom() wrapper to replace recvfrom() in our code. |
| |
| Yang Tse (20 Jul 2008) |
| - when recvfrom prototype uses a void pointer for arguments 2, 5 or 6 this will |
| now cause the definition, as appropriate, of RECVFROM_TYPE_ARG2_IS_VOID, |
| RECVFROM_TYPE_ARG5_IS_VOID or RECVFROM_TYPE_ARG6_IS_VOID. |
| |
| Yang Tse (17 Jul 2008) |
| - RECVFROM_TYPE_ARG2, RECVFROM_TYPE_ARG5 and RECVFROM_TYPE_ARG6 are now defined |
| to the data type pointed by its respective argument and not the pointer type. |
| |
| Yang Tse (16 Jul 2008) |
| - Configure process now checks availability of recvfrom() socket function and |
| finds out its return type and the types of its arguments. Added definitions |
| for non-configure systems config files, and introduced macro sreadfrom which |
| will be used on udp sockets as a recvfrom() wrapper. |
| |
| Yang Tse (15 Jul 2008) |
| - Added description/comment to include paths used in several Makefile.am files. |
| Added automake option nostdinc to test servers makefile and modified libcurl |
| external headers include path for libtest programs. |
| |
| Daniel Fandrich (14 Jul 2008) |
| - Added test1040 through test1043 to test -C - on HTTP. Test 1041 failed so |
| it's added to DISABLED. |
| |
| Yang Tse (14 Jul 2008) |
| - HTTP_ONLY definition check in lib/setup.h is now done once that configuration |
| file has been included. In this way if symbol is defined in the config file |
| it will no longer be ignored. Removed inclusion of remaining system header |
| files from configuration files. Moved _REENTRANT definition up/earlier in |
| lib/setup.h |
| |
| Yang Tse (11 Jul 2008) |
| - Added missing multiple header inclusion prevention definition for header |
| file content_encoding.h |
| |
| Daniel Fandrich (11 Jul 2008) |
| - Fixed test 553 to pass the torture test. |
| |
| Daniel Stenberg (11 Jul 2008) |
| - Daniel Fandrich found out we didn't pass on the user-agent properly when |
| doing "proxy-tunnels" with non-HTTP prototols and that was simply because |
| the code assumed the user-agent was only needed for HTTP. |
| |
| Daniel Fandrich (10 Jul 2008) |
| - Changed slightly the SFTP quote commands chmod, chown and chgrp to only |
| set the attribute that has changed instead of all possible ones. Hopefully, |
| this will solve the "Permission denied" problem that Nagarajan Sreenivasan |
| reported when setting some modes, but regardless, it saves a protocol |
| round trip in the chmod case. |
| |
| - Added test cases 1038 and 1039 to test Adrian Kreher's report that ftp |
| uploads with -C - didn't resume properly, but the tests pass. |
| |
| Yang Tse (10 Jul 2008) |
| - Peter Lamberg filed bug report #2015126: "poll gives WSAEINVAL when POLLPRI |
| is set in fdset.events" (https://curl.haxx.se/bug/view.cgi?id=2015126) which |
| exactly pinpointed the problem only triggered on Windows Vista, provided |
| reference to docs and also a fix. There is much work behind Peter Lamberg's |
| excellent bug report. Thank You! |
| |
| Daniel Fandrich (9 Jul 2008) |
| - Added tests 1036 and 1037 to verify resumed ftp downloads with -C - |
| |
| Daniel Stenberg (9 Jul 2008) |
| - Andreas Schuldei improved Phil Blundell's patch for IPv6 using c-ares, and I |
| edited it slightly. Now you should be able to use IPv6 addresses fine even |
| with libcurl built to use c-ares. |
| |
| Daniel Fandrich (9 Jul 2008) |
| - Fixed an OOM handling problem that cause test 11 to fail the torture test. |
| |
| Daniel Fandrich (8 Jul 2008) |
| - Fixed test 554 to pass the torture test. |
| |
| Daniel Fandrich (7 Jul 2008) |
| - Added test cases 1034 & 1035 to test IDN name conversion failures. |
| |
| Daniel Stenberg (7 Jul 2008) |
| - Scott Barrett provided a test case for a segfault in the FTP code and the |
| fix for it. It occured when you did a FTP transfer using |
| CURLFTPMETHOD_SINGLECWD and then did another one on the same easy handle but |
| switched to CURLFTPMETHOD_NOCWD. Due to the "dir depth" variable not being |
| cleared properly. Scott's test case is now known as test 539 and it |
| verifies the fix. |
| |
| Daniel Stenberg (3 Jul 2008) |
| - Phil Blundell provided a fix for libcurl's treatment of unexpected 1xx |
| response codes. Previously libcurl would hang on such occurances. I added |
| test case 1033 to verify. |
| |
| - Introcuding a new timestamp for curl_easy_getinfo(): |
| CURLINFO_APPCONNECT_TIME. This is set with the "application layer" |
| handshake/connection is completed. Which typically is SSL, TLS or SSH and by |
| using this you can figure out the application layer's own connect time. You |
| can extract the time stamp using curl's -w option and the new variable named |
| 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar. |
| |
| Daniel Fandrich (2 Jul 2008) |
| - Support Open Watcom C on Linux (as well as Windows). |
| |
| Yang Tse (2 Jul 2008) |
| - The previously committed fix for bug report #1999181 prevented using the |
| monotonic clock on any system without an always supported POSIX compliant |
| implementation. Now the POSIX compliant configuration check is removed and |
| will fallback to gettimeofday when the monotonic clock is unavailable at |
| run-time. |
| |
| - The configure process will now halt when sed, grep, egrep or ar programs |
| can not be found among the directories in PATH variable. |
| |
| Daniel Stenberg (1 Jul 2008) |
| - Rolland Dudemaine provided fixes to get libcurl to build for the INTEGRITY |
| operating system. |
| |
| Daniel Stenberg (30 Jun 2008) |
| - Made the internal printf() support %llu properly to print unsigned long longs. |
| |
| - Stephen Collyer and Tor Arntsen helped identify a flaw in the range code |
| which output the range using a signed variable where it should rather use |
| unsigned. |
| |
| Yang Tse (29 Jun 2008) |
| - John Lightsey filed bug report #1999181: "CLOCK_MONOTONIC always fails on |
| some systems" (https://curl.haxx.se/bug/view.cgi?id=1999181). The problem was |
| that the configure script did not use the _POSIX_MONOTONIC_CLOCK feature test |
| macro when checking monotonic clock availability. This is now fixed and the |
| monotonic clock will not be used unless the feature test macro is defined |
| with a value greater than zero indicating always supported. |
| |
| Daniel Fandrich (25 Jun 2008) |
| - Honour --stderr with the -v option. |
| |
| - Fixed a file handle leak in the command line client if more than one |
| --stderr option was given. |
| |
| Daniel Stenberg (22 Jun 2008) |
| - Eduard Bloch filed the debian bug report #487567 |
| (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487567) pointing out that |
| libcurl used Content-Range: instead of Range when doing a range request with |
| --head (CURLOPT_NOBODY). This is now fixed and test case 1032 was added to |
| verify. |
| |
| Daniel Fandrich (21 Jun 2008) |
| - Stopped using ranges in scanf character sequences (e.g. %[a-z]) since that |
| is not ANSI C, just a common extension. This caused problems on |
| at least Open Watcom C. |
| |
| Yang Tse (20 Jun 2008) |
| - Modified configuration script to actually verify if the compiler is good |
| enough at detecting compilation errors or at least it has been properly |
| configured to do so. Configuration heavily depends on this capability, so |
| if this compiler sanity check fails the configuration process will now fail. |
| |
| Daniel Stenberg (20 Jun 2008) |
| - Phil Pellouchoud found a case where libcurl built with NSS failed to |
| handshake with a SSLv2 server, and it turned out to be because it didn't |
| recognize the cipher named "rc4-md5". In our list that cipher was named |
| plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported |
| that it made things work for him again. |
| |
| - Hans-Jurgen May pointed out that trying SCP or SFTP over a SOCKS proxy |
| crashed libcurl. This is now addressed by making sure we use "plain send" |
| internally when doing the socks handshake instead of the Curl_write() |
| function which is designed to use the "target" protocol. That's then SCP or |
| SFTP in this case. I also took the opportunity and cleaned up some ssh- |
| related #ifdefs in the code for readability. |
| |
| Daniel Stenberg (19 Jun 2008) |
| - Christopher Palow fixed a curl_multi_socket() issue which previously caused |
| libcurl to not tell the app properly when a socket was closed (when the name |
| resolve done by c-ares is completed) and then immediately re-created and put |
| to use again (for the actual connection). Since the closure will make the |
| "watch status" get lost in several event-based systems libcurl will need to |
| tell the app about this close/re-create case. |
| |
| - Dengminwen found a bug in the connection re-use function when using the |
| multi interface with pipelining enabled as it would wrongly check for, |
| detect and close "dead connections" even though that connection was already |
| in use! |
| |
| Daniel Fandrich (18 Jun 2008) |
| - Added SSH failure test cases 628-632 |
| |
| - Fixed a memory leak in the command-line tool that caused a valgrind error. |
| |
| Daniel Stenberg (18 Jun 2008) |
| - Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer |
| always fire up a new connection rather than using the existing one when the |
| multi interface is used. Original bug report: |
| https://bugzilla.redhat.com/show_bug.cgi?id=450140 |
| |
| Yang Tse (18 Jun 2008) |
| - Internal configure script improvement. No longer break out of shell "for" |
| statements from inside AC_FOO_IFELSE macros, otherwise temporary macro files |
| are not properly removed. |
| |
| Daniel Fandrich (12 Jun 2008) |
| - Fixed curl-config --ca which wasn't being exported by configure. |
| |
| Daniel Stenberg (11 Jun 2008) |
| - I did a cleanup of the internal generic SSL layer and how the various SSL |
| libraries are supported. Starting now, each underlying SSL library support |
| code does a set of defines for the 16 functions the generic layer (sslgen.c) |
| uses (all these new function defines use the prefix "curlssl_"). This |
| greatly simplified the generic layer in readability by involving much less |
| #ifdefs and other preprocessor stuff and should make it easier for people to |
| make libcurl work with new SSL libraries. |
| |
| Hopefully I can later on document these 16 functions somewhat as well. |
| |
| I also made most of the internal SSL-dependent functions (using Curl_ssl_ |
| prefix) #defined to nothing when no SSL support is requested - previously |
| they would unnecessarily call mostly empty functions. |
| |
| I've built libcurl with OpenSSL and GnuTLS and without SSL to test this and |
| I've also tried building with NSS but the NSS support is a mystery to me and |
| I failed to build libcurl with the NSS libraries I have installed. We really |
| should A) improve our configure script to detect unsuitable NSS versions |
| already at configure time and B) document our requirements better for the |
| SSL libraries. |
| |
| Daniel Stenberg (10 Jun 2008) |
| - I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE |
| functionality killed it due to its unconditional use of |
| X509_STORE_set_flags... |
| |
| Daniel Stenberg (8 Jun 2008) |
| - Due to the three new libcurl changes and the massive command line option |
| change I decided we'll mark it by bumping the next release number to 7.19.0! |
| |
| - curl the tool now deals with its command line options somewhat differently! |
| All boolean options (such as -O, -I, -v etc), both short and long versions, |
| now always switch on/enable the option named. Using the same option multiple |
| times thus make no difference. To switch off one of those options, you need |
| to use the long version of the option and type --no-OPTION. Like to disable |
| verbose mode you use --no-verbose! |
| |
| - Added --remote-name-all to curl, which if used changes the default for all |
| given URLs to be dealt with as if -O is used. So if you want to disable that |
| for a specific URL after --remote-name-all has been used, you muse use -o - |
| or --no-remote-name. |
| |
| Daniel Stenberg (6 Jun 2008) |
| - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for |
| OpenSSL, NSS and GnuTLS-built libcurls. |
| |
| - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for |
| OpenSSL, NSS and GnuTLS-built libcurls. |
| |
| - Added CURLINFO_PRIMARY_IP as a new information retrievable with |
| curl_easy_getinfo. It returns a pointer to a string with the most recently |
| used IP address. Modified test case 500 to also verify this feature. The |
| implementing of this feature was sponsored by Lenny Rachitsky at NeuStar. |
| |
| Version 7.18.2 (4 June 2008) |
| |
| Daniel Fandrich (3 Jun 2008) |
| - Fixed a problem where telnet data would be lost if an EWOULDBLOCK |
| condition were encountered. |
| |
| Marty Kuhrt (1 Jun 2008) |
| - Updated main.c to return CURLE_OK if PARAM_HELP_REQUESTED was returned |
| from getparameter instead of CURLE_FAILED_INIT. No point in returning |
| an error if --help or --version were requested. |
| |
| Daniel Stenberg (28 May 2008) |
| - Emil Romanus found a problem and helped me repeat it. It occured when using |
| the curl_multi_socket() API with HTTP pipelining enabled and could lead to |
| the pipeline basically stalling for a very long period of time until it took |
| off again. |
| |
| - Jeff Weber reported memory leaks with aborted SCP and SFTP transfers and |
| provided excellent repeat recipes. I fixed the cases I managed to reproduce |
| but Jeff still got some (SCP) problems even after these fixes: |
| https://curl.haxx.se/mail/lib-2008-05/0342.html |
| |
| Daniel Stenberg (26 May 2008) |
| - Bug report #1973352 (https://curl.haxx.se/bug/view.cgi?id=1973352) identified |
| how the HTTP redirect following code didn't properly follow to a new URL if |
| the new url was but a query string such as "Location: ?moo=foo". Test case |
| 1031 was added to verify this fix. |
| |
| - Andreas Faerber and Scott McCreary made (lib)curl build for the Haiku OS. |
| |
| Yang Tse (26 May 2008) |
| - David Rosenstrauch reported that header files spnegohelp.h and |
| openssl/objects.h were needed to compile SPNEGO support. |
| |
| Daniel Fandrich (22 May 2008) |
| - Made sure to pass longs in to curl_easy_setopt where necessary in the |
| example programs and libtest code. |
| |
| Daniel Stenberg (19 May 2008) |
| - When trying to repeat a multi interface problem I fell over a few multi |
| interface problems: |
| |
| o with pipelining disabled, the state should never be set to WAITDO but |
| rather go straight to DO |
| |
| o we had multiple states for which the internal function returned no socket |
| at all to wait for, with the effect that libcurl calls the socket callback |
| (when curl_multi_socket() is used) with REMOVE prematurely (as it would be |
| added again within very shortly) |
| |
| o when in DO and DOING states, the HTTP and HTTPS protocol handler functions |
| didn't return that the socket should be waited for writing, but instead it |
| was treated as if no socket was needing monitoring so again REMOVE was |
| called prematurely. |
| |
| Daniel Stenberg (13 May 2008) |
| - Added test case 556 that uses curl_easy_send() and curl_easy_recv() |
| |
| Daniel Stenberg (9 May 2008) |
| - Introducing curl_easy_send() and curl_easy_recv(). They can be used to send |
| and receive data over a connection previously setup with curl_easy_perform() |
| and its CURLOPT_CONNECT_ONLY option. The sendrecv.c example was added to |
| show how they can be used. |
| |
| Yang Tse (9 May 2008) |
| - Internal time differences now use monotonic time source if available. |
| This also implies the removal of the winmm.lib dependency for WIN32. |
| |
| Daniel Stenberg (9 May 2008) |
| - Stefan Krause reported a busy-looping case when using the multi interface |
| and doing CONNECT to a proxy. The app would then busy-loop until the proxy |
| completed its response. |
| |
| Michal Marek (9 May 2008) |
| - Make Curl_write and it's callees accept a const pointer, in preparation |
| of tetetest's patch for curl_easy_send() |
| |
| Daniel Stenberg (7 May 2008) |
| - Liam Healy filed the debian bug report #480044 |
| (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480044) identifying a |
| segfault when using krb5 ftp, but the krb4 code had the same problem. |
| |
| Yang Tse (7 May 2008) |
| - Christopher Palow provided the patch (edited by me) that introduces the |
| use of microsecond resolution keys for internal splay trees. |
| |
| Daniel Stenberg (4 May 2008) |
| - Yuriy Sosov pointed out a configure fix for detecting c-ares when that is |
| built debug-enabled. |
| |
| Daniel Stenberg (3 May 2008) |
| - Ben Van Hof filed bug report #1945240: "libcurl sometimes sends body twice |
| when using CURL_AUTH_ANY" (https://curl.haxx.se/bug/view.cgi?id=1945240). |
| The problem was that when libcurl rewound a stream meant for upload when it |
| would prepare for a second request, it could accidentally continue the |
| sending of the rewound data on the first request instead of on the second. |
| Ben also provided test case 1030 that verifies this fix. |
| |
| Daniel Stenberg (3 May 2008) |
| - Jean-Francois Bertrand reported a libcurl crash with CURLOPT_TCP_NODELAY |
| since libcurl used getprotobyname() and that isn't thread-safe. We now |
| switched to use IPPROTO_TCP unconditionally, but perhaps the proper fix is |
| to detect the thread-safe version of the function and use that. |
| https://curl.haxx.se/mail/lib-2008-05/0011.html |
| |
| Daniel Stenberg (1 May 2008) |
| - Bart Whiteley provided a patch that made libcurl work properly when an app |
| uses the CURLOPT_OPENSOCKETFUNCTION callback to create a unix domain socket |
| to a http server. |
| |
| Daniel Stenberg (29 Apr 2008) |
| - To make it easier for applications that want lots of magic stuff done on |
| redirections and thus cannot use CURLOPT_FOLLOWLOCATION easily, we now |
| introduce the new CURLINFO_REDIRECT_URL option that lets applications |
| extract the URL libcurl would've redirected to if it had been told to. This |
| then enables the application to continue to that URL as it thinks is |
| suitable, without having to re-implement the magic of creating the new URL |
| from the Location: header etc. Test 1029 verifies it. |
| |
| Yang Tse (29 Apr 2008) |
| - Improved easy interface resolving timeout handling in c-ares enabled builds |
| |
| Daniel Fandrich (28 Apr 2008) |
| - Added test 1028 to test an HTTP redirect to a FTP URL. |
| |
| Daniel Stenberg (28 Apr 2008) |
| - Norbert Frese filed bug report #1951588: "Problem with curlftpfs and |
| libcurl" (https://curl.haxx.se/bug/view.cgi?id=1951588) which seems to be an |
| identical report to what Denis Golovan reported in |
| https://curl.haxx.se/mail/lib-2008-02/0108.html The FTP code didn't reset the |
| user/password pointers properly even though there might've been a new |
| struct/cconnection getting used. |
| |
| Daniel Stenberg (26 Apr 2008) |
| - Reverted back to use automake 1.9.6 in the next release (from automake |
| 1.10.1) since it *still* suffers from Solaris-related bugs. Our previous |
| automake 1.10 problem was reported in bug #1701360 |
| (https://curl.haxx.se/bug/view.cgi?id=1701360) and this recent problem was |
| bug #1944825 (https://curl.haxx.se/bug/view.cgi?id=1944825). I have not |
| personally approached the automake team about either one of these but I |
| figure we need a Solaris 10 guy to do it! |
| |
| Yang Tse (25 Apr 2008) |
| - Added 'timeout' and 'delay' attributes support for the test harness |
| <command> subsection. |
| |
| Daniel Fandrich (24 Apr 2008) |
| - Made --stderr able to redirect all stderr messages. |
| |
| Yang Tse (23 Apr 2008) |
| - Improve synchronization between test harness runtests.pl script |
| and test harness servers to minimize risk of false test failures. |
| |
| Daniel Fandrich (22 Apr 2008) |
| - Added support for running on Symbian OS. |
| |
| Daniel Fandrich (18 Apr 2008) |
| - Added test cases 1026 and 1027 to do some rudimentary tests on the --manual |
| and --help options. |
| |
| Michal Marek (14 Apr 2008) |
| - allow disabling the typechecker by defining CURL_DISABLE_TYPECHECK, as |
| discussed in https://curl.haxx.se/mail/lib-2008-04/0291.html |
| |
| Daniel Stenberg (14 Apr 2008) |
| - Stefan Krause reported a case where the OpenSSL handshake phase wasn't |
| properly acknowledging the timeout values, like if you pulled the network |
| plug in the midst of it. |
| |
| - Andre Guibert de Bruet fixed a second case of not checking the malloc() |
| return code in the Negotiate code. |
| |
| - Sandor Feldi reported bug #1942022 |
| (https://curl.haxx.se/bug/view.cgi?id=1942022) pointing out a mistake in the |
| lib/Makefile.vc[68] makefiles' release-ssl-dll target. |
| |
| - Brock Noland reported that curl behaved differently depending on which order |
| you used -i and -I. |
| |
| Daniel Stenberg (12 Apr 2008) |
| - Andre Guibert de Bruet found and fixed a case where malloc() was called but |
| was not checked for a NULL return, in the Negotiate code. |
| |
| Daniel Fandrich (9 Apr 2008) |
| - Added test cases 1024 & 1025 to test a scenario similar to the one reported |
| by Ben Combee where libcurl would send the wrong cookie to a redirected |
| server. libcurl was doing the right thing in these test cases. |
| |
| Michal Marek (7 Apr 2008) |
| - Fix the MIT / Heimdal check for good: |
| Define HAVE_GSSMIT if <gssapi/{gssapi.h,gssapi_generic.h,gssapi_krb5.h}> are |
| available, otherwise define HAVE_GSSHEIMDAL if <gssapi.h> is available. |
| |
| Only define GSS_C_NT_HOSTBASED_SERVICE to gss_nt_service_name if |
| GSS_C_NT_HOSTBASED_SERVICE isn't declared by the gssapi headers. This should |
| avoid breakage in case we wrongly recognize Heimdal as MIT again. |
| |
| Daniel Stenberg (5 Apr 2008) |
| - Alexey Simak fixed curl_easy_reset() to reset the max redirect limit properly |
| |
| - Based on the Debian bug report #474224 that complained about the FTP error |
| message when libcurl doesn't get a 220 back immediately on connect, I now |
| changed it to be more specific on what the problem is. Also worth noticing: |
| while the bug report contains an example where the response is: |
| |
| 421 There are too many connected users, please try again later |
| |
| we cannot assume that the error message will always be this readable nor |
| that it fits within a particular boundary etc. |
| |
| Daniel Fandrich (3 Apr 2008) |
| - Added test627 to test SFTP with CURLOPT_NOBODY |
| |
| Daniel Stenberg (3 Apr 2008) |
| - Setting CURLOPT_NOBODY to FALSE will now switch the HTTP request method to |
| GET simply because previously when you set CURLOPT_NOBODY to TRUE first and |
| then FALSE you'd end up in a broken state where a HTTP request would do a |
| HEAD by still act a lot like for a GET and hang waiting for the content etc. |
| |
| - Scott Barrett added support for CURLOPT_NOBODY over SFTP |
| |
| Daniel Fandrich (3 Apr 2008) |
| - Made sure that curl_global_init is called in all the multithreaded |
| example programs. |
| |
| Michal Marek (31 Mar 2008) |
| - Removed the generated ca-bundle.h file. The verbatim value of $ca and |
| $capath is known to configure, so it can be defined in config.h instead. |
| |
| Daniel Stenberg (31 Mar 2008) |
| - Added CURLFORM_STREAM as a supported option to curl_formadd() to allow an |
| application to provide data for a multipart with the read callback. Note |
| that the size needs to be provided with CURLFORM_CONTENTSLENGTH when the |
| stream option is used. This feature is verified by the new test case |
| 554. This feature was sponsored by Xponaut. |
| |
| Daniel Fandrich (30 Mar 2008) |
| - Changed the makefile so the doc/examples/ programs are never built in a |
| normal build/install (only with the 'make check' target), so that a |
| build failure in the examples isn't fatal. |
| |
| Version 7.18.1 (30 March 2008) |
| |
| Daniel Stenberg (28 Mar 2008) |
| - Stephen Collyer pointed out that configure --with-libssh2 without a given |
| path didn't work properly. |
| |
| Daniel Stenberg (27 Mar 2008) |
| - As found out and reported by Dan Petitt, libcurl didn't show progress/call |
| the progress callback for the first (potentially huge) piece of body data |
| sent together with the POST request headers in the initial send(). |
| |
| Daniel Stenberg (25 Mar 2008) |
| - Made setting the CURLOPT_SSL_CTX_FUNCTION option return a failure in case |
| libcurl wasn't built to use OpenSSL as that is a prerequisite for this |
| option to function! |
| |
| Daniel Stenberg (22 Mar 2008) |
| - Fixed the problem with doing a zero byte SCP transfer, verified with test |
| case 617 (which was added by Daniel Fandrich 5 Mar 2008). |
| |
| Daniel Fandrich (20 Mar 2008) |
| - Fixed a problem where curl-config --protocols could erroneously show LDAPS |
| support when curl didn't even have regular LDAP support. It looks like |
| this could happen when the --enable-ldaps configure switch is given but |
| configure couldn't find the LDAP headers or libraries. |
| |
| Michal Marek (20 Mar 2008) |
| - Added --with-ca-path=DIRECTORY configure option to use an openSSL CApath by |
| default instead of a ca bundle. The configure script will also look for a |
| ca path if no ca bundle is found and no option given. |
| |
| - Fixed detection of previously installed curl-ca-bundle.crt |
| |
| Daniel Fandrich (18 Mar 2008) |
| - Added test 626 to reproduce an infinite loop when given an invalid |
| SFTP quote command reported by Vincent Le Normand, and fixed it. |
| |
| Michal Marek (18 Mar 2008) |
| - Added curl_easy_getinfo typechecker. |
| |
| - Added macros for curl_share_setopt and curl_multi_setopt to check at least |
| the correct number of arguments. |
| |
| Daniel Fandrich (13 Mar 2008) |
| - Added tests 622-625 to test SFTP/SCP uploads. Test 625 was an attempt to |
| reproduce the --ftp-create-dirs problem reported by Brian Ulm, but that |
| seems to need a call curl_easy_reset() which this test case doesn't do. |
| |
| Daniel Stenberg (13 Mar 2008) |
| - Brian Ulm figured out that if you did an SFTP upload with |
| CURLOPT_FTP_CREATE_MISSING_DIRS to create a directory, and then re-used the |
| handle and uploaded another file to another directory that needed to be |
| created, the second upload would fail. Another case of a state variable that |
| wasn't properly reset between requests. |
| |
| - I rewrote the 100-continue code to use a single state variable instead of |
| the previous two ones. I think it made the logic somewhat clearer. |
| |
| Daniel Stenberg (11 Mar 2008) |
| - Dmitry Popov filed bug report #1911069 |
| (https://curl.haxx.se/bug/view.cgi?id=1911069) that identified a race |
| condition in the name resolver code when the DNS cache is shared between |
| multiple easy handles, each running in simultaneous threads that could cause |
| crashes. |
| |
| - Added a macro for curl_easy_setopt() that accepts three arguments and simply |
| does nothing with them, just to make sure libcurl users always use three |
| arguments to this function. Due to its use of ... for the third argument, it |
| is otherwise hard to detect abuse. |
| |
| Michal Marek (11 Mar 2008) |
| - Added a type checking macro for curl_easy_setopt(), needs gcc-4.3 and only |
| works in C mode atm (https://curl.haxx.se/mail/lib-2008-02/0267.html , |
| https://curl.haxx.se/mail/lib-2008-02/0292.html ) |
| |
| Daniel Fandrich (10 Mar 2008) |
| - Added tests 618-621 to test SFTP/SCP transfers of more than one file |
| (test 620 tests the just-fixed problem reported by Brian Ulm). |
| |
| Daniel Stenberg (9 Mar 2008) |
| - Brian Ulm reported a crash when doing a second SFTP transfer on a re-used |
| easy handle if curl_easy_reset() was used between them. I fixed it and Brian |
| verified that it cured his problem. |
| |
| - Brian Ulm reported that if you first tried to download a non-existing SFTP |
| file and then fetched an existing one and re-used the handle, libcurl would |
| still report the second one as non-existing as well! I fixed it and Brian |
| verified that it cured his problem. |
| |
| Michal Marek (6 Mar 2008) |
| - Fix the gssapi configure check to detect newer MIT Kerberos (patch by |
| Michael Calmer) |
| |
| Yang Tse (6 Mar 2008) |
| - Fix regression on Curl_socket_ready() and Curl_poll() so that these will |
| again fail on select/poll errors different than EINTR. |
| |
| Daniel Fandrich (5 Mar 2008) |
| - Fixed the test harness so it will write out zero-length data files. |
| |
| - Added tests 616 and 617 to see how SFTP and SCP cope with zero-length |
| files, as questioned by Mike Protts. SFTP does for me but SCP doesn't |
| so test 617 is disabled for now. |
| |
| Daniel S (4 Mar 2008) |
| - Mike Protts brought a patch that makes resumed transfers work with SFTP. |
| |
| Daniel S (1 Mar 2008) |
| - Anatoli Tubman found and fixed a crash with Negotiate authentication used on |
| a re-used connection where both requests used Negotiate. |
| |
| Guenter Knauf (26 Feb 2008) |
| - Kaspar Brand provided a patch to support server name indication (RFC 4366). |
| |
| Daniel S (25 Feb 2008) |
| - Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that |
| forces it to prefer SSLv3. |
| |
| Daniel S (23 Feb 2008) |
| - Sam Listopad provided a patch in feature-request #1900014 |
| https://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to |
| use OpenSSL) support a full chain of certificates in a given PKCS12 |
| certificate. |
| |
| Daniel S (22 Feb 2008) |
| - Georg Lippitsch made the src/Makefile.vc6 makefile use the same memory model |
| options as the lib/Makefile.vc6 already did. |
| |
| Daniel S (21 Feb 2008) |
| - Zmey Petroff found a crash when libcurl accessed a NULL pointer, which |
| happened if you set the connection cache size to 1 and for example failed to |
| login to an FTP site. Bug report #1896698 |
| (https://curl.haxx.se/bug/view.cgi?id=1896698) |
| |
| Daniel S (20 Feb 2008) |
| - Fixed test case 405 to not fail when libcurl is built with GnuTLS |
| |
| - Based on initial work done by Gautam Kachroo to address a bug, we now keep |
| better control at the exact state of the connection's SSL status so that we |
| know exactly when it has completed the SSL negotiation or not so that there |
| won't be accidental re-uses of connections that are wrongly believed to be |
| in SSL-completed-negotiate state. |
| |
| - We no longer support setting the CURLOPT_URL option from inside a callback |
| such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location: |
| following. The patch that introduced this feature was done for 7.11.0, but |
| this code and functionality has been broken since about 7.15.4 (March 2006) |
| with the introduction of non-blocking OpenSSL "connects". |
| |
| It was a hack to begin with and since it doesn't work and hasn't worked |
| correctly for a long time and nobody has even noticed, I consider it a very |
| suitable subject for plain removal. And so it was done. |
| |
| Guenter Knauf (19 Feb 2008) |
| - We do no longer support SSLv2 by default since it has known flaws. |
| Kaspar Brand provided a patch for all supported SSL toolkits. |
| |
| Daniel Fandrich (19 Feb 2008) |
| - Added test309 to test HTTP redirect to HTTPS URL |
| |
| Daniel S (18 Feb 2008) |
| - We're no longer providing a very old ca-bundle in the curl tarball. You can |
| get a fresh one downloaded and created with 'make ca-bundle' or you can get |
| one from here => https://curl.haxx.se/docs/caextract.html if you want a fresh |
| new one extracted from Mozilla's recent list of ca certs. |
| |
| The configure option --with-ca-bundle now lets you specify what file to use |
| as default ca bundle for your build. If not specified, the configure script |
| will check a few known standard places for a global ca cert to use. |
| |
| Daniel S (17 Feb 2008) |
| - Jerome Muffat-Meridol helped me fix Curl_done() to close the current |
| connection by force when it was called before the entire request is |
| completed, simply because we can't know if the connection really can be |
| re-used safely at that point. |
| |
| - Based on the same debugging logic, I've also made Curl_http_done() not |
| return CURLE_GOT_NOTHING if called "prematurely". This should have no real |
| effect to anything but the code makes more sense like this. |
| |
| Daniel S (15 Feb 2008) |
| - Made the gnutls code path not even try to get the server cert if no peer |
| verification is requested. Previously it would even return failure if gnutls |
| failed to get the server cert even though no verification was asked for. |
| Public server showing the problem: https://www.net222.caisse-epargne.fr |
| |
| - Fix my Curl_timeleft() leftover mistake in the gnutls code |
| |
| - Pooyan McSporran found and fixed a flaw where you first would do a normal |
| http request and then you'd reuse the handle and replace the Accept: header, |
| as then libcurl would send two Accept: headers! |
| |
| Daniel S (11 Feb 2008) |
| - Yang Tse pointed out a few remaining quirks from my timeout refactoring from |
| Feb 7 that didn't abort properly on timeouts. These are actually old |
| problems but now they should be fixed. |
| |
| Yang Tse (10 Feb 2008) |
| - Bug report #1888932 (https://curl.haxx.se/bug/view.cgi?id=1888932) points out |
| and provides test program that demonstrates that libcurl might not set error |
| description message for error CURLE_COULDNT_RESOLVE_HOST for Windows threaded |
| name resolver builds. Fixed now. |
| |
| Daniel Fandrich (8 Feb 2008) |
| - Added key words to all SSL-using tests so they can be skipped if necessary. |
| Removed a few unnecessary requires SSL statements. |
| |
| Daniel S (8 Feb 2008) |
| - Mike Hommey filed and fixed bug report #1889856 |
| (https://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl |
| layer, cleaning-up and reinitializing curl ends up with https requests |
| failing with "ASN1 parser: Element was not found" errors. Obviously a |
| regression added in 7.16.3. |
| |
| Yang Tse (8 Feb 2008) |
| - Improved test harness SCP/SFTP start up server verification, doing a real |
| connection to the sftp server, authenticating and running a simple sftp |
| pwd command using the test harness generated configuration and key files. |
| |
| Daniel S (8 Feb 2008) |
| - Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and |
| creates a suitable ca-bundle.crt file in PEM format for use with curl. The |
| recommended way to run it is to use 'make ca-bundle' in the build tree root. |
| |
| Daniel Fandrich (7 Feb 2008) |
| - Added tests 1022 and 1023 to validate output of curl-config --version and |
| --vernum |
| |
| Daniel S (7 Feb 2008) |
| - Refactored a lot of timeout code into a few functions in an attempt to make |
| them all use the same (hopefully correct) logic to make it less error-prone |
| and easier to introduce library-wide where it should be used. |
| |
| Yang Tse (6 Feb 2008) |
| - Fix an issue in strdup replacement function when dealing with absolutely |
| huge strings. Only systems without a standard strdup would be affected. |
| |
| Daniel S (3 Feb 2008) |
| - Dmitry Kurochkin cleaned up the pipelining code and removed the need for and |
| use of the "is_in_pipeline" struct field. |
| |
| - I wrote up and added the threaded-ssl.c example source code that shows how |
| to do multi-threaded downloads of HTTPS files with a libcurl that is built |
| with OpenSSL. It uses pthreads for the threading. |
| |
| Daniel S (31 Jan 2008) |
| - Niklas Angebrand made the cookie support in libcurl properly deal with the |
| "HttpOnly" feature introduced by Microsoft and apparently also supported by |
| Firefox: https://msdn.microsoft.com/en-us/library/ms533046.aspx . HttpOnly |
| is now supported when received from servers in HTTP headers, when written to |
| cookie jars and when read from existing cookie jars. |
| |
| I modified test case 31 and 46 to also do some basic HttpOnly testing. |
| |
| - Dmitry Kurochkin moved several struct fields from the connectdata struct to |
| the SingleRequest one to make pipelining better. It is a bit tricky to keep |
| them in the right place, to keep things related to the actual request or to |
| the actual connection in the right place. |
| |
| Daniel S (29 Jan 2008) |
| - Dmitry Kurochkin fixed Curl_done() for pipelining, as it could previously |
| crash! |
| |
| - Michal Marek fixed minor mistake in test case 553 that prevented it from |
| working on other IP-addresses or port numbers. |
| |
| Version 7.18.0 (28 January 2008) |
| |
| Daniel S (27 Jan 2008) |
| - Dmitry Kurochkin: In "real world" testing I found more bugs in |
| pipelining. Broken connection is not restored and we get into infinite |
| loop. It happens because of wrong is_in_pipeline values. |
| |
| Daniel S (26 Jan 2008) |
| - Kevin Reed filed bug report #1879375 |
| (https://curl.haxx.se/bug/view.cgi?id=1879375) which describes how libcurl |
| got lost in this scenario: proxy tunnel (or HTTPS over proxy), ask to do any |
| proxy authentication and the proxy replies with an auth (like NTLM) and then |
| closes the connection after that initial informational response. |
| |
| libcurl would not properly re-initialize the connection to the proxy and |
| continue the auth negotiation like supposed. It does now however, as it will |
| now detect if one or more authentication methods were available and asked |
| for, and will thus retry the connection and continue from there. |
| |
| - I made the progress callback get called properly during proxy CONNECT. |
| |
| Daniel S (23 Jan 2008) |
| - Igor Franchuk pointed out that CURLOPT_COOKIELIST set to "ALL" leaked |
| memory, and so did "SESS". Fixed now. |
| |
| Yang Tse (22 Jan 2008) |
| - Check poll.h at configuration time, and use it when sys/poll.h unavailable |
| |
| Daniel S (22 Jan 2008) |
| - Dmitry Kurochkin removed the cancelled state for pipelining, as we agreed |
| that it is bad anyway. Starting now, removing a handle that is in used in a |
| pipeline will break the pipeline - it'll be set back up again but still... |
| |
| Yang Tse (21 Jan 2008) |
| - Disable ldap support for cygwin builds, since it breaks whole build process. |
| Fixing it will affect other platforms, so it is postponed for another release. |
| |
| Daniel S (18 Jan 2008) |
| - Lau Hang Kin found and fixed a problem with the multi interface when doing |
| CONNECT over a proxy. curl_multi_fdset() didn't report back the socket |
| properly during that state, due to a missing case in the switch in the |
| multi_getsock() function. |
| |
| Yang Tse (17 Jan 2008) |
| - Don't abort tests 518 and 537 when unable to raise the open-file soft limit. |
| |
| Daniel S (16 Jan 2008) |
| - Nathan Coulter's patch that makes runtests.pl respect the PATH when figuring |
| out what valgrind to run. |
| |
| Yang Tse (16 Jan 2008) |
| - Improved handling of out of memory in the command line tool that afected |
| data url encoded HTTP POSTs when reading it from a file. |
| |
| Daniel S (16 Jan 2008) |
| - Dmitry Kurochkin worked a lot on improving the HTTP Pipelining support that |
| previously had a number of flaws, perhaps most notably when an application |
| fired up N transfers at once as then they wouldn't pipeline at all that |
| nicely as anyone would think... Test case 530 was also updated to take the |
| improved functionality into account. |
| |
| - Calls to Curl_failf() are not supposed to provide a trailing newline as the |
| function itself adds that. Fixed on 50 or something strings! |
| |
| Daniel S (15 Jan 2008) |
| - I made the torture test on test 530 go through. This was actually due to |
| silly code left from when we switched to let the multi handle "hold" the dns |
| cache when using the multi interface... Of course this only triggered when a |
| certain function call returned error at the correct moment. |
| |
| Daniel S (14 Jan 2008) |
| - Joe Malicki filed bug report #1871269 |
| (https://curl.haxx.se/bug/view.cgi?id=1871269) and we could fix his hang- |
| problem that occurred when doing a large HTTP POST request with the |
| response-body read from a callback. |
| |
| Daniel S (12 Jan 2008) |
| - I re-arranged the curl --help output. All the options are now sorted on |
| their long option names and all descriptions are one-liners. |
| |
| - Eric Landes provided the patch (edited by me) that introduces the |
| --keepalive-time to curl to set the keepalive probe interval. I also took |
| the opportunity to rename the recently added no-keep-alive option to |
| no-keepalive to keep a consistent naming and to avoid getting two dashes in |
| these option names. Eric also provided an update to the man page for the new |
| option. |
| |
| Daniel S (11 Jan 2008) |
| - Daniel Egger made CURLOPT_RANGE work on file:// URLs the very same way it |
| already worked for FTP:// URLs. |
| |
| - I made the curl tool switch from using CURLOPT_IOCTLFUNCTION to now use the |
| spanking new CURLOPT_SEEKFUNCTION simply to take advantage of the improved |
| performance for the upload resume cases where you want to upload the last |
| few bytes of a very large file. To implement this decently, I had to switch |
| the client code for uploading from fopen()/fread() to plain open()/read() so |
| that we can use lseek() to do >32bit seeks (as fseek() doesn't allow that) |
| on systems that offer support for that. |
| |
| Daniel S (10 Jan 2008) |
| - Michal Marek made curl-config --libs not include /usr/lib64 in the output |
| (it already before skipped /usr/lib). /usr/lib64 is the default library |
| directory on many 64bit systems and it's unlikely that anyone would use the |
| path privately on systems where it's not. |
| |
| - Georg Lippitsch brought CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA to allow |
| libcurl to seek in a given input stream. This is particularly important when |
| doing upload resumes when there's already a huge part of the file present |
| remotely. Before, and still if this callback isn't used, libcurl will read |
| and through away the entire file up to the point to where the resuming |
| begins (which of course can be a slow opereration depending on file size, |
| I/O bandwidth and more). This new function will also be preferred to get |
| used instead of the CURLOPT_IOCTLFUNCTION for seeking back in a stream when |
| doing multi-stage HTTP auth with POST/PUT. |
| |
| - Nikitinskit Dmitriy filed bug report #1868255 |
| (https://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies |
| and fixes a problem with parsing WWW-Authenticate: headers with additional |
| spaces in the line that the parser wasn't written to deal with. |
| |
| Daniel S (8 Jan 2008) |
| - Introducing curl_easy_pause() and new magic return codes for both the read |
| and the write callbacks that now can make a connection's reading and/or |
| writing get paused. |
| |
| Daniel S (6 Jan 2008) |
| - Jeff Johnson filed bug report #1863171 |
| (https://curl.haxx.se/bug/view.cgi?id=1863171) where he pointed out that |
| libcurl's date parser didn't accept a +1300 time zone which actually is used |
| fairly often (like New Zealand's Dailight Savings Time), so I modified the |
| parser to now accept up to and including -1400 to +1400. |
| |
| Daniel S (5 Jan 2008) |
| - Based on further discussion on curl-library, I reverted yesterday's SOCKS5 |
| code to instead introduce support for a new proxy type called |
| CURLPROXY_SOCKS5_HOSTNAME that is used to send the host name to the proxy |
| instead of IP address and there's thus no longer any need for a new |
| curl_easy_setopt() option. |
| |
| The default SOCKS5 proxy is again back to sending the IP address to the |
| proxy. The new curl command line option for enabling sending host name to a |
| SOCKS5 proxy is now --socks5-hostname. |
| |
| Daniel S (4 Jan 2008) |
| - Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the |
| proxy do the host name resolving and only if --socks5ip (or |
| CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and |
| pass on the IP address only to the proxy. |
| |
| Yang Tse (3 Jan 2008) |
| - Modified test harness to allow SCP, SFTP and SOCKS4 tests to run with |
| OpenSSH 2.9.9, SunSSH 1.0 or later versions. SOCKS5 tests need OpenSSH |
| 3.7, SunSSH 1.0 or later. |
| |
| Daniel S (2 Jan 2008) |
| - I fixed two cases of missing return code checks when handling chunked |
| decoding where a write error (or abort return from a callback) didn't stop |
| libcurl's processing. |
| |
| - I removed the socklen_t use from the public curl/curl.h header and instead |
| made it an unsigned int. The type was only used in the curl_sockaddr struct |
| definition (only used by the curl_opensocket_callback). On all platforms I |
| could find information about, socklen_t is 32 unsigned bits large so I don't |
| think this will break the API or ABI. The main reason for this change is of |
| course for all the platforms that don't have a socklen_t definition in their |
| headers to build fine again. Providing our own configure magic and custom |
| definition of socklen_t on those systems proved to work but was a lot of |
| cruft, code and extra magic needed - when this very small change of type |
| seems harmless and still solves the missing socklen_t problem. |
| |
| - Richard Atterer brought a patch that added support for SOCKS4a proxies, |
| which is an inofficial PROXY4 variant that sends the hostname to the proxy |
| instead of the resolved address (which is already supported by SOCKS5). |
| --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can |
| now be set to CURLPROXY_SOCKS4A as well. |
| |
| Daniel S (1 Jan 2008) |
| - Mohun Biswas pointed out that --libcurl generated a source code with an int |
| function but without a return statement. While fixing that, I also took care |
| about adding some better comments for the generated code. |
| |
| Daniel S (27 Dec 2007) |
| - Dmitry Kurochkin mentioned a flaw |
| (https://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which |
| failed to set the bits.proxy variable properly when an environment variable |
| told libcurl to use a http proxy. |
| |
| Daniel S (26 Dec 2007) |
| - In an attempt to repeat the problem in bug report #1850730 |
| (https://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The |
| test is doing a 70K POST with a read callback and an ioctl callback over a |
| proxy requiring Digest auth. The test case code is more or less identical to |
| the test recipe code provided by Spacen Jasset (who submitted the bug |
| report). |
| |
| Daniel S (25 Dec 2007) |
| - Gary Maxwell filed bug report #1856628 |
| (https://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the |
| (small) memory leak in the SSL session ID caching code. It happened when a |
| previous entry in the cache was re-used. |
| |
| |