| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.16.2 (11 April 2007) |
| |
| Yang Tse (10 April 2007) |
| - Ravi Pratap provided some fixes for HTTP pipelining |
| |
| - configure script will ignore --enable-sspi option for non-native Windows. |
| |
| Daniel S (9 April 2007) |
| - Nick Zitzmann did ssh.c cleanups |
| |
| Daniel S (3 April 2007) |
| - Rob Jones fixed better #ifdef'ing for a bunch of #include lines. |
| |
| Daniel S (2 April 2007) |
| - Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The |
| accepted commands are as follows: |
| |
| chgrp (gid) (path) |
| Changes the group ID of the file or directory at (path) to (gid). (gid) |
| must be a number. |
| |
| chmod (perms) (path) |
| Changes the permissions of the file or directory at (path) to |
| (perms). (perms) must be a number in the format used by the chmod Unix |
| command. |
| |
| chown (uid) (path) |
| Changes the user ID of the file or directory at (path) to (uid). (uid) |
| must be a number. |
| |
| ln (source) (dest) |
| Creates a symbolic link at (dest) that points to the file located at |
| (source). |
| |
| mkdir (path) |
| Creates a new directory at (path). |
| |
| rename (source) (dest) |
| Moves the file or directory at (source) to (dest). |
| |
| rm (path) |
| Deletes the file located at (path). |
| |
| rmdir (path) |
| Deletes the directory located at (path). This command will raise an error |
| if the directory is not empty. |
| |
| symlink (source) (dest) |
| Same as ln. |
| |
| Daniel S (1 April 2007) |
| - Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many |
| easy handles are added to a multi handle, by avoiding the looping over all |
| the handles to find which one to remove. |
| |
| - Matt Kraai provided a patch that makes curl build on QNX 6 fine again. |
| |
| Daniel S (31 March 2007) |
| - Fixed several minor issues detected by the coverity.com scanner. |
| |
| - "Pixel" fixed a problem that appeared when you used -f with user+password |
| embedded in the URL. |
| |
| Dan F (29 March 2007) |
| - Don't tear down the ftp connection if the maximum filesize was exceeded |
| and added tests 290 and 291 to check. |
| |
| - Added ftps upload and SSL required tests 401 and 402. |
| |
| - Send an EOF message before closing an SCP channel, as recommended by |
| RFC4254. Enable libssh2 tracing when ssh debugging is turned on. |
| |
| Yang Tse (27 March 2007) |
| - Internal function Curl_select() renamed to Curl_socket_ready() |
| |
| New Internal wrapper function Curl_select() around select (2), it |
| uses poll() when a fine poll() is available, so now libcurl can be |
| built without select() support at all if a fine poll() is available. |
| |
| Daniel S (25 March 2007) |
| - Daniel Johnson fixed multi code to traverse the easy handle list properly. |
| A left-over bug from the February 21 fix. |
| |
| Dan F (23 March 2007) |
| - Added --pubkey option to curl and made --key also work for SCP/SFTP, |
| plus made --pass work on an SSH private key as well. |
| |
| - Changed the test harness to attempt to gracefully shut down servers |
| before resorting to the kill -9 hammer. |
| |
| - Added test harness infrastructure to support scp/sftp tests, using |
| OpenSSH as the server. |
| |
| - Fixed a memory leak when specifying a proxy with a file: URL. |
| |
| Yang Tse (20 March 2007) |
| - Fixed: When a signal was caught awaiting for an event using Curl_select() |
| or Curl_poll() with a non-zero timeout both functions would restart the |
| specified timeout. This could even lead to the extreme case that if a |
| signal arrived with a frecuency lower to the specified timeout neither |
| function would ever exit. |
| |
| Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in |
| Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR |
| defined both functions will return as soon as a signal is caught. Use it |
| at your own risk, all calls to these functions in the library should be |
| revisited and checked before fully supporting this feature. |
| |
| Yang Tse (19 March 2007) |
| - Bryan Henderson fixed the progress function so that it can get called more |
| frequently allowing same calling frecuency for the client progress callback. |
| |
| Dan F (15 March 2007) |
| - Various memory leaks plugged and NULL pointer fixes made in the ssh code. |
| |
| Daniel (15 March 2007) |
| - Nick made the curl tool accept globbing ranges that only is one number, i.e |
| you can now use [1-1] without curl complaining. |
| |
| Daniel (10 March 2007) |
| - Eygene Ryabinkin: |
| |
| The problem is the following: when we're calling Curl_done and it decides to |
| keep the connection opened ('left intact'), then the caller is not notified |
| that the connection was done via the NULLifying of the pointer, so some easy |
| handle is keeping the pointer to this connection. |
| |
| Later ConnectionExists can select such connection for reuse even if we're |
| not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is |
| false and we can reuse this connection for another easy handle. But thus the |
| connection will be shared between two easy handles if the handle that wants |
| to take the ownership is not the same as was not notified of the connection |
| was done in Curl_done. And when some of these easy handles will get their |
| connection really freed the another one will still keep the pointer. |
| |
| My fix was rather trivial: I just added the NULLification to the 'else' |
| branch in the Curl_done. My tests with Git and ElectricFence showed no |
| problems both for HTTP pulling and cloning. Repository size is about 250 Mb, |
| so it was a considerable amount of Curl's work. |
| |
| Dan F (9 March 2007) |
| - Updated the test harness to add a new "crypto" feature check and updated the |
| appropriate test case to use it. For now, this is treated the same as the |
| "SSL" feature because curl doesn't list it separately. |
| |
| Daniel (9 March 2007) |
| - Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6. |
| |
| - Robert A. Monat improved the maketgz and VC6/8 generating to set the correct |
| machine type too. |
| |
| - Justin Fletcher fixed a file descriptor leak in the curl tool when trying to |
| upload a file it couldn't open. Bug #1676581 |
| (http://curl.haxx.se/bug/view.cgi?id=1676581) |
| |
| Dan F (9 March 2007) |
| - Updated the test harness to check for protocol support before running each |
| test, fixing KNOWN_BUGS #11. |
| |
| Dan F (7 March 2007) |
| - Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test |
| harness. It is very limited as it supports only ftps:// URLs with |
| --ftp-ssl-control specified, which implicitly encrypts the control |
| channel but not the data channels. That allows stunnel to be used with |
| an unmodified ftp server in exactly the same way that the test https |
| server is set up. |
| |
| Dan F (7 March 2007) |
| - Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and |
| unencrypted data connections. |
| |
| Dan F (6 March 2007) |
| - Fixed a couple of improper pointer uses detected by valgrind in test |
| cases 181 & 216. |
| |
| Daniel (2 March 2007) |
| - Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8 |
| makefiles that are included in the source release archives, generated from |
| the Makefile.vc6 files by the maketgz script. I also modified the root |
| Makefile to have a VC variable that defaults to vc6 but can be overridden to |
| allow it to be used for vc8 as well. Like this: |
| |
| nmake VC=vc8 vc |
| |
| Daniel (27 February 2007) |
| - Hang Kin Lau found and fixed: When I use libcurl to connect to an https |
| server through a proxy and have the remote https server port set using the |
| CURLOPT_PORT option, protocol gets reset to http from https after the first |
| request. |
| |
| User defined URL was modified internally by libcurl and subsequent reuse of |
| the easy handle may lead to connection using a different protocol (if not |
| originally http). |
| |
| I found that libcurl hardcoded the protocol to "http" when it tries to |
| regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as |
| follows and it's working fine so far |
| |
| Daniel (25 February 2007) |
| - Adam D. Moss made the HTTP CONNECT procedure less blocking when used from |
| the multi interface. Note that it still does a part of the connection in a |
| blocking manner. |
| |
| Daniel (23 February 2007) |
| - Added warning outputs if the command line uses more than one of the options |
| -v, --trace and --trace-ascii, since it could really confuse the user. |
| Clarified this fact in the man page. |
| |
| Daniel (21 February 2007) |
| - Ravi Pratap provided work on libcurl making pipelining more robust and |
| fixing some bugs: |
| o Don't mix GET and POST requests in a pipeline |
| o Fix the order in which requests are dispatched from the pipeline |
| o Fixed several curl bugs with pipelining when the server is returning |
| chunked encoding: |
| * Added states to chunked parsing for final CRLF |
| * Rewind buffer after parsing chunk with data remaining |
| * Moved chunked header initializing to a spot just before receiving |
| headers |
| |
| Daniel (20 February 2007) |
| - Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle |
| active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command |
| line option. |
| |
| Daniel (19 February 2007) |
| - Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl. |
| |
| - Shmulik Regev found a memory leak in re-used HTTPS connections, at least |
| when the multi interface was used. |
| |
| - Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and |
| 5). |
| |
| Daniel (18 February 2007) |
| - Jeff Pohlmeyer identified two problems: first a rather obscure problem with |
| the multi interface and connection re-use that could make a |
| curl_multi_remove_handle() ruin a pointer in another handle. |
| |
| The second problem was less of an actual problem but more of minor quirk: |
| the re-using of connections wasn't properly checking if the connection was |
| marked for closure. |
| |
| Daniel (16 February 2007) |
| - Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting |
| CURLOPT_RANGE back to no range on an easy handle when using FTP. |
| |
| Dan F (14 February 2007) |
| - Fixed curl-config --libs so it doesn't list unnecessary libraries (and |
| therefore introduce unnecessary dependencies) when it's not needed. |
| Also, don't bother adding a library path of /usr/lib |
| |
| Daniel (13 February 2007) |
| - The default password for anonymous FTP connections is now changed to be |
| "ftp@example.com". |
| |
| - Robert A. Monat made libcurl build fine with VC2005 - it doesn't have |
| gmtime_r() like the older VC versions. He also made use of some machine- |
| specific defines to differentiate the "OS" define. |
| |
| Daniel (12 February 2007) |
| - Rob Crittenden added support for NSS (Network Security Service) for the |
| SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/ |
| |
| This is the fourth supported library for TLS/SSL that libcurl supports! |
| |
| - Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent |
| to the debug callback. |
| |
| - Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and |
| CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's |
| internal decoding of content or transfer encoded content. This may be |
| preferable in cases where you use libcurl for proxy purposes or similar. The |
| command line tool got a --raw option to disable both at once. |
| |
| - release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP |
| define set to hold the exact date and time of when the tarball was built, as |
| a human readable string using the UTC time zone. |
| |
| - Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle |
| that has an easy handle present in the "closure" list pending closure. |
| |
| Daniel (6 February 2007) |
| - Regular file downloads wiht SFTP and SCP are now done using the non-blocking |
| API of libssh2, if the libssh2 headers seem to support them. This will make |
| SCP and SFTP much more responsive and better libcurl citizens when used with |
| the multi interface etc. |
| |
| Daniel (5 February 2007) |
| - Michael Wallner added support for CURLOPT_TIMEOUT_MS and |
| CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with |
| millisecond resolution. The only restriction to that is the alarm() |
| (sometimes) used to abort name resolves as that uses full seconds. I fixed |
| the FTP response timeout part of the patch. |
| |
| Internally we now count and keep the timeouts in milliseconds but it also |
| means we multiply set timeouts with 1000. The effect of this is that no |
| timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which |
| equals 24.86 days. We probably couldn't before either since the code did |
| *1000 on the timeout values on several places already. |
| |
| Daniel (3 February 2007) |
| - Yang Tse fixed the cookie expiry date in several test cases that started to |
| fail since they used "1 feb 2007"... |
| |
| - Manfred Schwarb reported that socks5 support was broken and help us pinpoint |
| the problem. The code now tries harder to use httproxy and proxy where |
| apppropriate, as not all proxies are HTTP... |
| |
| Version 7.16.1 (29 January 2007) |
| |
| Daniel (29 January 2007) |
| - Michael Wallner reported that when doing a CONNECT with a custom User-Agent |
| header, you got _two_ User-Agent headers in the CONNECT request...! Added |
| test case 287 to verify the fix. |
| |
| Daniel (28 January 2007) |
| - curl_easy_reset() now resets the CA bundle path correctly. |
| |
| - David McCreedy fixed the Curl command line tool for HTTP on non-ASCII |
| platforms. |
| |
| Daniel (25 January 2007) |
| - Added the --libcurl [file] option to curl. Append this option to any |
| ordinary curl command line, and you will get a libcurl-using source code |
| written to the file that does the equivalent operation of what your command |
| line operation does! |
| |
| Dan F (24 January 2007) |
| - Fixed a dangling pointer problem that prevented the http_proxy environment |
| variable from being properly used in many cases (and caused test case 63 |
| to fail). |
| |
| Daniel (23 January 2007) |
| - David McCreedy did NTLM changes mainly for non-ASCII platforms: |
| |
| #1 |
| There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT |
| defined. I noticed this while testing various configurations. Line 867 of |
| the current http_ntlm.c is a closing bracket for an if/else pair that only |
| gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket |
| wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was |
| defined. Lines 198 and 140 of my patch wraps that closing bracket in an |
| #ifdef USE_NTLM2SESSION. |
| |
| #2 |
| I noticed several picky compiler warnings when DEBUG_ME is defined. I've |
| fixed them with casting. By the way, DEBUG_ME was a huge help in |
| understanding this code. |
| |
| #3 |
| Hopefully the last non-ASCII conversion patch for libcurl in a while. I |
| changed the "NTLMSSP" literal to hex since this signature must always be in |
| ASCII. |
| |
| Conversion code was strategically added where necessary. And the |
| Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c |
| creates are NOT translated on non-ASCII platforms. |
| |
| Dan F (22 January 2007) |
| - Converted (most of) the test data files into genuine XML. A handful still |
| are not, due mainly to the lack of support for XML character entities |
| (e.g. & => & ). This will make it easier to validate test files using |
| tools like xmllint, as well as to edit and view them using XML tools. |
| |
| Daniel (16 January 2007) |
| - Armel Asselin improved libcurl to behave a lot better when an easy handle |
| doing an FTP transfer is removed from a multi handle before completion. The |
| fix also fixed the "alive counter" to be correct on "premature removal" for |
| all protocols. |
| |
| Dan F (16 January 2007) |
| - Fixed a small memory leak in tftp uploads discovered by curl's memory leak |
| detector. Also changed tftp downloads to URL-unescape the downloaded |
| file name. |
| |
| Daniel (14 January 2007) |
| - David McCreedy provided libcurl changes for doing HTTP communication on |
| non-ASCII platforms. It does add some complexity, most notably with more |
| #ifdefs, but I want to see this supported added and I can't see how we can |
| add it without the extra stuff added. |
| |
| - Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present, |
| libcurl would crash when trying to read a NULL pointer. |
| |
| Daniel (12 January 2007) |
| - Toby Peterson found a nasty bug that prevented (lib)curl from properly |
| downloading (most) things that were larger than 4GB on 32 bit systems. Matt |
| Witherspoon helped as narrow down the problem. |
| |
| Daniel (5 January 2007) |
| - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to |
| curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it |
| will make libcurl shutdown SSL/TLS after the authentication is done on a |
| FTP-SSL operation. |
| |
| Daniel (4 January 2007) |
| - David McCreedy made changes to allow base64 encoding/decoding to work on |
| non-ASCII platforms. |
| |
| Daniel (3 January 2007) |
| - Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store |
| downloaded data in two buffers, just to be able to deal with a special HTTP |
| pipelining case. That is now only activated for pipelined transfers. In |
| Matt's case, it showed as a considerable performance difference, |
| |
| Daniel (2 January 2007) |
| - Victor Snezhko helped us fix bug report #1603712 |
| (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate |
| (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken |
| on Windows (since 7.16.0, but that's when they were introduced as previous |
| to that the limiting logic was made in the application only and not in the |
| library). It was actually also broken on select()-based systems (as apposed |
| to poll()) but we haven't had any such reports. We now use select(), Sleep() |
| or delay() properly to sleep a while without waiting for anything input or |
| output when the rate limiting is activated with the easy interface. |
| |
| - Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs |
| to get built static. It has been mentioned before and was again brought to |
| our attention by Nathanael Nerode who filed debian bug report #405226 |
| (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226). |
| |
| Daniel (29 December 2006) |
| - Make curl_easy_duphandle() set the magic number in the new handle. |
| |
| Daniel (22 December 2006) |
| - Robert Foreman provided a prime example snippet showing how libcurl would |
| get confused and not acknowledge the 'no_proxy' variable properly once it |
| had used the proxy and you re-used the same easy handle. I made sure the |
| proxy name is properly stored in the connect struct rather than the |
| sessionhandle/easy struct. |
| |
| - David McCreedy fixed a bad call to getsockname() that wrongly used a size_t |
| variable to point to when it should be a socklen_t. |
| |
| - When setting a proxy with environment variables and (for example) running |
| 'curl [URL]' with a URL without a protocol prefix, curl would not send a |
| correct request as it failed to add the protocol prefix. |
| |
| Daniel (21 December 2006) |
| - Robson Braga Araujo reported bug #1618359 |
| (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a |
| patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 |
| enters an infinite loop, while curl 7.16.1-20061218 does one additional |
| unnecessary request. |
| |
| Fix: During the "Major overhaul introducing http pipelining support and |
| shared connection cache within the multi handle." change, headerbytecount |
| was moved to live in the Curl_transfer_keeper structure. But that structure |
| is reset in the Transfer method, losing the information that we had about |
| the header size. This patch moves it back to the connectdata struct. |
| |
| Daniel (16 December 2006) |
| - Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE |
| during certain conditions when GnuTLS is used. |
| |
| Daniel (11 December 2006) |
| - Alexey Simak found out that when doing FTP with the multi interface and |
| something went wrong like it got a bad response code back from the server, |
| libcurl would leak memory. Added test case 538 to verify the fix. |
| |
| I also noted that the connection would get cached in that case, which |
| doesn't make sense since it cannot be re-use when the authentication has |
| failed. I fixed that issue too at the same time, and also that the path |
| would be "remembered" in vain for cases where the connection was about to |
| get closed. |
| |
| Daniel (6 December 2006) |
| - Sebastien Willemijns reported bug #1603712 |
| (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections |
| getting cut off prematurely when --limit-rate is used. While I found no such |
| problems in my tests nor in my reading of the code, I found that the |
| --limit-rate code was severly flawed (since it was moved into the lib, since |
| 7.15.5) when used with the easy interface and it didn't work as documented |
| so I reworked it somewhat and now it works for my tests. |
| |
| Daniel (5 December 2006) |
| - Stefan Krause pointed out a compiler warning with a picky MSCV compiler when |
| passing a curl_off_t argument to the Curl_read_rewind() function which takes |
| an size_t argument. Curl_read_rewind() also had debug code left in it and it |
| was put in a different source file with no good reason when only used from |
| one single spot. |
| |
| - Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is |
| no code present in the library that receives the option. Since it was not |
| possible to use, we know that no current users exist and thus we simply |
| removed it from the docs and made the code always use the default path of |
| the code. |
| |
| - Jared Lundell filed bug report #1604956 |
| (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting |
| CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl |
| will always internally use no less than 1 entry in the connection cache. |
| |
| - Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in |
| the 7.16.0 release. |
| |
| - Martin Skinner brought back bug report #1230118 to haunt us once again. |
| (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work |
| properly for all input dates on Windows. It was mostly seen on some TZ time |
| zones using DST. Luckily, Martin also provided a fix. |
| |
| - Alexey Simak filed bug report #1600447 |
| (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active |
| FTP connections don't work with the multi interface. The problem is here |
| that the multi interface state machine has a state during which it can wait |
| for the data connection to connect, but the active connection is not done in |
| the same step in the sequence as the passive one is so it doesn't quite work |
| for active. The active FTP code still use a blocking function to allow the |
| remote server to connect. |
| |
| The fix (work-around is a better word) for this problem is to set the |
| boolean prematurely that the data connection is completed, so that the "wait |
| for connect" phase ends at once. |
| |
| The proper fix, left for the future, is of course to make the active FTP |
| case to act in a non-blocking way too. |
| |
| - Matt Witherspoon fixed a problem case when the CPU load went to 100% when a |
| HTTP upload was disconnected: |
| |
| "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is |
| setting *only* POLLHUP on poll() when the conditions in my previous mail |
| occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So |
| basically what was happening, is poll() was returning immediately (with |
| POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or |
| POLLOUT was set. This still caused Curl_readwrite() to be called, which |
| quickly returned. Then the transfer() loop kept continuing at full speed |
| forever." |
| |
| Daniel (1 December 2006) |
| - Toon Verwaest reported that there are servers that send the Content-Range: |
| header in a third, not suppported by libcurl, format and we agreed that we |
| could make the parser more forgiving to accept all the three found |
| variations. |
| |
| Daniel (25 November 2006) |
| - Venkat Akella found out that libcurl did not like HTTP responses that simply |
| responded with a single status line and no headers nor body. Starting now, a |
| HTTP response on a persistent connection (i.e not set to be closed after the |
| response has been taken care of) must have Content-Length or chunked |
| encoding set, or libcurl will simply assume that there is no body. |
| |
| To my horror I learned that we had no less than 57(!) test cases that did bad |
| HTTP responses like this, and even the test http server (sws) responded badly |
| when queried by the test system if it is the test system. So although the |
| actual fix for the problem was tiny, going through all the newly failing test |
| cases got really painful and boring. |
| |
| Daniel (24 November 2006) |
| - James Housley did lots of work and introduced SFTP downloads. |
| |
| Daniel (13 November 2006) |
| - Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed |
| out a stack overwrite (and the corresponding fix) on 64bit Windows when |
| dealing with HTTP chunked encoding. |
| |
| Daniel (9 November 2006) |
| - Nir Soffer updated libcurl.framework.make: |
| o fix symlinks, should link to Versions, not to ./Versions |
| o indentation improvments |
| |
| - Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov |
| 2006. It turned out we wrongly assumed that the connection cache was present |
| when tearing down a connection. |
| |
| - Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the |
| multi interface, but I could also repeat it doing multiple sequential ones |
| with the easy interface. Using Ciprian's test case, I could fix it. |
| |
| Daniel (8 November 2006) |
| - Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without |
| CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the |
| SSL handshake. This is now stopped. |
| |
| Daniel (7 November 2006) |
| - Olaf fixed a leftover problem with the CONNECT fix of his that would leave a |
| wrong error message in the error message buffer. |
| |
| Daniel (3 November 2006) |
| - Olaf Stueben provided a patch that I edited slightly. It fixes the notorious |
| KNOWN_BUGS #25, which happens when a proxy closes the connection when |
| libcurl has sent CONNECT, as part of an authentication negotiation. Starting |
| now, libcurl will re-connect accordingly and continue the authentication as |
| it should. |
| |
| Daniel (2 November 2006) |
| - James Housley brought support for SCP transfers, based on the libssh2 library |
| for the actual network protocol stuff. |
| |
| Added these new curl_easy_setopt() options: |
| |
| CURLOPT_SSH_AUTH_TYPES |
| CURLOPT_SSH_PUBLIC_KEYFILE |
| CURLOPT_SSH_PRIVATE_KEYFILE |
| |
| Version 7.16.0 (30 October 2006) |
| |
| Daniel (25 October 2006) |
| - Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the |
| case when 401 or 407 are returned, *IF* no auth credentials have been given. |
| The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 |
| and 407 cases when auth credentials is given, but we've now covered this |
| somewhat more. |
| |
| You might get some amounts of headers transferred before this situation is |
| detected, like for when a "100-continue" is received as a response to a |
| POST/PUT and a 401 or 407 is received immediately afterwards. |
| |
| Added test 281 to verify this change. |
| |
| Daniel (23 October 2006) |
| - Ravi Pratap provided a major update with pipelining fixes. We also no longer |
| re-use connections (for pipelining) before the name resolving is done. |
| |
| Daniel (21 October 2006) |
| - Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all |
| the single test applications' link and dependences, so that you easier can |
| override those from the command line when using make. |
| |
| - Armel Asselin separated CA cert verification problems from problems with |
| reading the (local) CA cert file to let users easier pinpoint the actual |
| problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. |
| |
| Daniel (18 October 2006) |
| - Removed the "protocol-guessing" for URLs with host names starting with FTPS |
| or TELNET since they are practically non-existant. This leaves us with only |
| three different prefixes that would assume the protocol is anything but |
| HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". |
| |
| Daniel (17 October 2006) |
| - Bug report #1579171 pointed out code flaws detected with "prefast", and they |
| were 1 - a too small memory clear with memset() in the threaded resolver and |
| 2 - a range of potentially bad uses of the ctype family of is*() functions |
| such as isdigit(), isalnum(), isprint() and more. The latter made me switch |
| to using our own set of these functions/macros using uppercase letters, and |
| with some extra set of crazy typecasts to avoid mistakingly passing in |
| negative numbers to the underlying is*() functions. |
| |
| - With Jeff Pohlmeyer's help, I fixed the expire timer when using |
| curl_multi_socket() during name resolves with c-ares and the LOW_SPEED |
| options now work fine with curl_multi_socket() as well. |
| |
| Daniel (16 October 2006) |
| - Added a check in configure that simply tries to run a program (not when |
| cross-compiling) in order to detect problems with run-time libraries that |
| otherwise would occur when the sizeof tests for curl_off_t would run and |
| thus be much more confusing to users. The check of course should run after |
| all lib-checks are done and before any other test is used that would run an |
| executable built for testing-purposes. |
| |
| Dan F (13 October 2006) |
| - The tagging of application/x-www-form-urlencoded POST body data sent |
| to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously |
| included as part of the header). A message was also added to the |
| command line tool to show when data is being sent, enabled when |
| --verbose is used. |
| |
| Daniel (12 October 2006) |
| - Starting now, adding an easy handle to a multi stack that was already added |
| to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. |
| |
| - Jeff Pohlmeyer has been working with the hiperfifo.c example source code, |
| and while doing so it became apparent that the current timeout system for |
| the socket API really was a bit awkward since it become quite some work to |
| be sure we have the correct timeout set. |
| |
| Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another |
| callback the app can set to get to know when the general timeout time |
| changes and thus for an application like hiperfifo.c it makes everything a |
| lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in |
| good old libcurl tradition. |
| |
| Jeff has also updated the hiperfifo.c example code to use this news. |
| |
| Daniel (9 October 2006) |
| - Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test |
| case 535 and it now runs fine. Again a problem with the pipelining code not |
| taking all possible (error) conditions into account. |
| |
| Daniel (6 October 2006) |
| - Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to |
| test case 533 and the test now runs fine. |
| |
| Daniel (4 October 2006) |
| - Dmitriy Sergeyev provided an example source code that crashed CVS libcurl |
| but that worked nicely in 7.15.5. I converted it into test case 532 and |
| fixed the problem. |
| |
| Daniel (29 September 2006) |
| - Removed a few other no-longer present options from the header file. |
| |
| - Support for FTP third party transfers was removed. Here's why: |
| |
| o The recent multi interface changes broke it and the design of the 3rd party |
| transfers made it very hard to fix the problems |
| o It was still blocking and thus nasty for the multi interface |
| o It was a lot of extra code for a very rarely used feature |
| o It didn't use the same code as for "plain" FTP transfers, so it didn't work |
| fine for IPv6 and it didn't properly re-use connections and more |
| o There's nobody around who's willing to work on and improve the existing |
| code |
| |
| This does not mean that third party transfers are banned forever, only that |
| they need to be done better if they are to be re-added in the future. |
| |
| The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* |
| options from the command line tool. For this reason, I also bumped the |
| version info for the lib. |
| |
| Daniel (28 September 2006) |
| - Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl |
| would crash if a bad function sequence was used when shutting down after |
| using the multi interface (i.e using easy_cleanup after multi_cleanup) so |
| precautions have been added to make sure it doesn't any more - test case 529 |
| was added to verify. |
| |
| Daniel (27 September 2006) |
| - The URL in the cookie jar file is now changed since it was giving a 404. |
| Reported by Timothy Stone. The new URL will take the visitor to a curl web |
| site mirror with the document. |
| |
| Daniel (24 September 2006) |
| - Bernard Leak fixed configure --with-gssapi-libs. |
| |
| - Cory Nelson made libcurl use the WSAPoll() function if built for Windows |
| Vista (_WIN32_WINNT >= 0x0600) |
| |
| Daniel (23 September 2006) |
| - Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only |
| encrypt the control connection and use the data connection "plain". |
| |
| - Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better |
| as it now will read the full data sent from servers. The SOCKS-related code |
| was also moved to the new lib/socks.c source file. |
| |
| Daniel (21 September 2006) |
| - Added test case 531 in an attempt to repeat bug report #1561470 |
| (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an |
| FTP upload fails with the multi interface. It did not, but I made a failed |
| upload still assume the control connection to be fine. |
| |
| Daniel (20 September 2006) |
| - Armel Asselin fixed problems when you gave a proxy URL with user name and |
| empty password or no password at all. Test case 278 and 279 were added to |
| verify. |
| |
| Daniel (12 September 2006) |
| - Added docs/examples/10-at-a-time.c by Michael Wallner |
| |
| - Added docs/examples/hiperfifo.c by Jeff Pohlmeyer |
| |
| Daniel (11 September 2006) |
| - Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a |
| handle that is part of a multi handle first removes the handle from the |
| stack. |
| |
| - Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL |
| session-ID re-use on demand since there obviously are broken servers out |
| there that misbehave with session-IDs used. |
| |
| - Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a |
| problem with it (SIGSEGV-style). It clearly showed that the existing |
| socket-state and state-difference function wasn't good enough so I rewrote |
| it and could then re-run Jeff's program without any crash. The previous |
| version clearly could miss to tell the application when a handle changed |
| from using one socket to using another. |
| |
| While I was at it (as I could use this as a means to track this problem |
| down), I've now added a 'magic' number to the easy handle struct that is |
| inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that |
| we can use internally to detect that an easy handle seems to be fine, or at |
| least not closed or freed (freeing in debug builds fill the area with 0x13 |
| bytes but in normal builds we can of course not assume any particular data |
| in the freed areas). |
| |
| Daniel (9 September 2006) |
| - Michele Bini fixed how the hostname is put in NTLM packages. As servers |
| don't expect fully qualified names we need to cut them off at the first dot. |
| |
| - Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some |
| of them can be completetly removed though... |
| |
| Daniel (6 September 2006) |
| - Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a |
| multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that |
| handle will be attempted to get pipelined instead of done in parallell as |
| they are performed otherwise. |
| |
| As a side-effect from this work, connections are now shared between all easy |
| handles within a multi handle, so if you use N easy handles for transfers, |
| each of them can pick up and re-use a connection that was previously used by |
| any of the handles, be it the same or one of the others. |
| |
| This separation of the tight relationship between connections and easy |
| handles is most noticable when you close easy handles that have been used in |
| a multi handle and check amount of used memory or watch the debug output, as |
| there are times when libcurl will keep the easy handle around for a while |
| longer to be able to close it properly. Like for sending QUIT to close down |
| an FTP connection. |
| |
| This is a major change. |
| |
| Daniel (4 September 2006) |
| - Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a |
| patch that while not fixing things very nicely, it does make the SOCKS5 |
| proxy connection slightly better as it now acknowledges the timeout for |
| connection and it no longer segfaults in the case when SOCKS requires |
| authentication and you did not specify username:password. |
| |
| Daniel (31 August 2006) |
| - Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch |
| name resolves. It could get stuck in the wrong state. |
| |
| Gisle (29 August 2006) |
| - Added support for other MS-DOS compilers (desides djgpp). All MS-DOS |
| compiler now uses the same config.dos file (renamed to config.h by |
| make). libcurl now builds fine using Watcom and Metaware's High-C |
| using the Watt-32 tcp/ip-stack. |
| |
| Daniel (29 August 2006) |
| - David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to |
| allow applications to set their own socket options. |
| |
| Daniel (25 August 2006) |
| - Armel Asselin reported that the 'running_handles' counter wasn't updated |
| properly if you removed a "live" handle from a multi handle with |
| curl_multi_remove_handle(). |
| |
| Daniel (22 August 2006) |
| - David McCreedy fixed a remaining mistake from the August 19 TYPE change. |
| |
| - Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP |
| code when doing pure ipv6 EPRT connections. |
| |
| Daniel (19 August 2006) |
| - Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE |
| command on subsequent requests on a re-used connection unless it has to. |
| |
| - Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and |
| files in the root directory. |
| |
| - Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't |
| send the whole request at once, even though the Expect: header was disabled |
| by the application. An effect of this change is also that small (< 1024 |
| bytes) POSTs are now always sent without Expect: header since we deem it |
| more costly to bother about that than the risk that we send the data in |
| vain. |
| |
| Daniel (9 August 2006) |
| - Armel Asselin made the CURLOPT_PREQUOTE option work fine even when |
| CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place |
| in the command sequence as it would have run if there would've been a |
| transfer. |
| |
| Daniel (8 August 2006) |
| - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs |
| on a persistent connection and allowed the first to use that header, you |
| could not disable it for the second request. |
| |
| Daniel (7 August 2006) |
| - Domenico Andreolfound a quick build error which happened because |
| src/config.h.in was not a proper duplcate of lib/config.h.in which it |
| should've been and this was due to the maketgz script not doing the cp |
| properly. |
| |
| Version 7.15.5 (7 August 2006) |
| |
| Daniel (2 August 2006) |
| - Mark Lentczner fixed how libcurl was not properly doing chunked encoding |
| if the header "Transfer-Encoding: chunked" was set by the application. |
| http://curl.haxx.se/bug/view.cgi?id=1531838 |
| |
| Daniel (1 August 2006) |
| - Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() |
| an unknown error number on glibc systems. |
| http://curl.haxx.se/bug/view.cgi?id=1532289 |
| |
| Daniel (31 July 2006) |
| - *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified |
| prototypes: they both now provide the number of running handles back to the |
| calling function. It makes the functions resemble the good old |
| curl_multi_perform() more and provides a nice way to know when the multi |
| handle goes empty. |
| |
| ALERT2: don't use the curl_multi_socket*() functionality in anything |
| production-like until I say it's somewhat settled, as I suspect there might |
| be some further API changes before I'm done... |
| |
| Daniel (28 July 2006) |
| - Yves Lejeune fixed so that replacing Content-Type: when doing multipart |
| formposts work exactly the way you want it (and the way you'd assume it |
| works). |
| |
| Daniel (27 July 2006) |
| - David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both |
| control and data connection, as the existing --ftp-ssl option only requests |
| it. |
| |
| - [Hiper-related work] Added a function called curl_multi_assign() that will |
| set a private pointer added to the internal libcurl hash table for the |
| particular socket passed in to this function: |
| |
| CURLMcode curl_multi_assign(CURLM *multi_handle, |
| curl_socket_t sockfd, |
| void *sockp); |
| |
| 'sockp' being a custom pointer set by the application to be associated with |
| this socket. The socket has to be already existing and in-use by libcurl, |
| like having already called the callback telling about its existance. |
| |
| The set hashp pointer will then be passed on to the callback in upcoming |
| calls when this same socket is used (in the brand new 'socketp' argument). |
| |
| Daniel (26 July 2006) |
| - Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl |
| tool option named --ftp-alternative-to-user. It provides a mean to send a |
| particular command if the normal USER/PASS approach fails. |
| |
| - Michael Jerris added magic that builds lib/curllib.vcproj automatically for |
| newer MSVC. |
| |
| Daniel (25 July 2006) |
| - Georg Horn made the transfer timeout error message include more details. |
| |
| Daniel (20 July 2006) |
| - David McCreedy fixed a build error when building libcurl with HTTP disabled, |
| problem added with the curl_formget() patch. |
| |
| Daniel (17 July 2006) |
| - Jari Sundell did some excellent research and bug tracking, figured out that |
| we did wrong and patched it: When nodes were removed from the splay tree, |
| and we didn't properly remove it from the splay tree when an easy handle was |
| removed from a multi stack and thus we could wrongly leave a node in the |
| splay tree pointing to (bad) memory. |
| |
| Daniel (14 July 2006) |
| - David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared |
| for FTP ASCII transfers. |
| |
| Daniel (8 July 2006) |
| - Ates Goral pointed out that libcurl's cookie parser did case insensitive |
| string comparisons on the path which is incorrect and provided a patch that |
| fixes this. I edited test case 8 to include details that test for this. |
| |
| - Ingmar Runge provided a source snippet that caused a crash. The reason for |
| the crash was that libcurl internally was a bit confused about who owned the |
| DNS cache at all times so if you created an easy handle that uses a shared |
| DNS cache and added that to a multi handle it would crash. Now we keep more |
| careful internal track of exactly what kind of DNS cache each easy handle |
| uses: None, Private (allocated for and used only by this single handle), |
| Shared (points to a cache held by a shared object), Global (points to the |
| global cache) or Multi (points to the cache within the multi handle that is |
| automatically shared between all easy handles that are added with private |
| caches). |
| |
| Daniel (4 July 2006) |
| - Toshiyuki Maezawa fixed a problem where you couldn't override the |
| Proxy-Connection: header when using a proxy and not doing CONNECT. |
| |
| Daniel (24 June 2006) |
| - Michael Wallner added curl_formget(), which allows an application to extract |
| (serialise) a previously built formpost (as with curl_formadd()). |
| |
| Daniel (23 June 2006) |
| - Arve Knudsen found a flaw in curl_multi_fdset() for systems where |
| curl_socket_t is unsigned (like Windows) that could cause it to wrongly |
| return a max fd of -1. |
| |
| Daniel (20 June 2006) |
| - Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and |
| CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed |
| to send or receive data. This kind of adds the the command line tool's |
| option --limit-rate to the library. |
| |
| The rate limiting logic in the curl app is now removed and is instead |
| provided by libcurl itself. Transfer rate limiting will now also work for -d |
| and -F, which it didn't before. |
| |
| Daniel (19 June 2006) |
| - Made -K on a file that couldn't be read cause a warning to be displayed. |
| |
| Daniel (13 June 2006) |
| - Dan Fandrich implemented --enable-hidden-symbols configure option to enable |
| -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl |
| binary and speeds up dynamic linking by hiding all the internal symbols from |
| the symbol table. |
| |
| Version 7.15.4 (12 June 2006) |
| |
| Daniel (8 June 2006) |
| - Brian Dessent fixed the code for cygwin in three distinct ways: |
| |
| The first modifies {lib,src}/setup.h to not include the winsock headers |
| under Cygwin. This fixes the reported build problem. Cygwin attempts as |
| much as possible to emulate a posix environment under Windows. This means |
| that WIN32 is *not* #defined and (to the extent possible) everything is done |
| as it would be on a *ix type system. Thus <sys/socket.h> is the proper |
| include, and even though winsock2.h is present, including it just introduces |
| a whole bunch of incompatible socket API stuff. |
| |
| The second is a patch I've included in the Cygwin binary packages for a |
| while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The |
| checks are innocuous and they do succeed, but they pollute LIBS with |
| unnecessary stuff which gets recorded as such in the libcurl.la file, which |
| brings them into the build of any libcurl-downstream. As far as I know |
| these libs are really only necessary for mingw, so alternatively they could |
| be designed to only run if $host matches *-*-mingw* but I took the safer |
| route of skipping them for *-*-cygwin*. |
| |
| The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ |
| with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>. |
| |
| Daniel (7 June 2006) |
| - Mikael Sennerholm provided a patch that added NTLM2 session response support |
| to libcurl. The 21 NTLM test cases were again modified to comply... |
| |
| Daniel (27 May 2006) |
| - Óscar Morales Vivó updated the libcurl.framework.make file. |
| |
| Daniel (26 May 2006) |
| - Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to |
| fail. When using the md5-sess, the result was not Md5 encoded and Base64 |
| transformed. |
| |
| Daniel (25 May 2006) |
| - Michael Wallner provided a patch that allows "SESS" to be set with |
| CURLOPT_COOKIELIST, which then makes all session cookies get cleared. |
| |
| Daniel (24 May 2006) |
| - Tor Arntsen made test 271 run fine again since the TFTP path fix. |
| |
| Daniel (23 May 2006) |
| - Martin Michlmayr filed debian bug report #367954, but the same error also |
| showed up in the autobuilds. It seems a rather long-since introduced shell |
| script flaw in the configure script suddenly was detected by the bash |
| version in Debian Unstable. It had previously passed undetected by all |
| shells used so far... |
| |
| - David McCreedy updated lib/config-tpf.h |
| |
| Daniel (11 May 2006) |
| - Fixed the configure's check for old-style SSLeay headers since I fell over a |
| case with a duplicate file name (a krb4 implementation with an err.h |
| file). I converted the check to manually make sure three of the headers are |
| present before considering them fine. |
| |
| - David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended |
| checks on the to-be-returned socket to make sure it truly seems to be alive |
| and well. For SSL connection it (only) uses OpenSSL functions. |
| |
| Daniel (10 May 2006) |
| - Fixed DICT in two aspects: |
| |
| 1 - allow properly URL-escaped words, like using %20 for spaces |
| |
| 2 - properly escape certain letters within a word to comply to the RFC2229 |
| |
| Daniel (9 May 2006) |
| - Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU |
| autotools project, which optionally (default=yes) uses libcurl on a system |
| without a (usable) libcurl installation, but not specifying |
| `--without-libcurl', configure determines correctly that no libcurl is |
| available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' |
| in the resulting Makefiles. |
| |
| David Shaw fixed the flaw. |
| |
| - Robson Braga Araujo fixed two problems in the recently added non-blocking SSL |
| connects. The state machine was not reset properly so that subsequent |
| connects using the same handle would fail, and there were two memory leaks. |
| |
| - Robson Braga Araujo fixed a memory leak when you added an easy handle to a |
| multi stack and that easy handle had already been used to do one or more |
| easy interface transfers, as then the code threw away the previously used |
| DNS cache without properly freeing it. |
| |
| Daniel (8 May 2006) |
| - Dan Fandrich went over the TFTP code and he pointed out and fixed numerous |
| problems: |
| |
| * The received file is corrupted when a packet is lost and retransmitted |
| (this is a serious problem!) |
| |
| * Transmitting a file aborts if a block is lost and retransmitted |
| |
| * Data is stored in the wrong location in the buffer for uploads, so uploads |
| always fail (I don't see how it could have ever worked, but it did on x86 |
| at least) |
| |
| * A number of calls are made to strerror instead of Curl_strerror, making |
| the code not thread safe |
| |
| * There are references to errno instead of Curl_sockerrno(), causing |
| incorrect error messages on Windows |
| |
| * The file name includes a leading / which violates RFC3617. Doing something |
| similar to ftp, where two slashes after the host name means an absolute |
| reference seems a reasonable extension to fix this. |
| |
| * Failures in EBCDIC conversion are not propagated up to the caller but are |
| silently ignored |
| |
| - Fixed known bug #28. The TFTP code no longer assumes a packed struct and |
| thus works reliably on more platforms. |
| |
| Daniel (5 May 2006) |
| - Roland Blom filed bug report #1481217 |
| (http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele |
| Bini and David Byron. libcurl previously wrongly used GetLastError() on |
| windows to get error details after socket-related function calls, when it |
| really should use WSAGetLastError() instead. |
| |
| When changing to this, the former function Curl_ourerrno() is now instead |
| called Curl_sockerrno() as it is necessary to only use it to get errno from |
| socket-related functions as otherwise it won't work as intended on Windows. |
| |
| Daniel (4 May 2006) |
| - Mark Eichin submitted bug report #1480821 |
| (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a |
| problem with how libcurl dealt with GnuTLS and a case where gnutls returned |
| GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected |
| return code, making Curl_ssl_send() confuse the upper layer - causing random |
| 28 bytes trash data to get inserted in the transfered stream. |
| |
| The proper fix was to make the Curl_gtls_send() function return the proper |
| return codes that the callers would expect. The Curl_ossl_send() function |
| already did this. |
| |
| Daniel (2 May 2006) |
| - Added a --checkfor option to curl-config to allow users to easier |
| write for example shell scripts that test for the presence of a |
| new-enough libcurl version. If --checkfor is given a version string |
| newer than what is currently installed, curl-config will return a |
| non-zero exit code and output a string about the unfulfilled |
| requirement. |
| |
| Daniel (26 April 2006) |
| - David McCreedy brought initial line end conversions when doing FTP ASCII |
| transfers. They are done on non-windows systems and translate CRLF to LF. |
| |
| I modified the 15 LIST-using test cases accordingly. The downside is that now |
| we'll have even more trouble to get the tests to run on Windows since they |
| should get CRLF newlines left intact which the *nix versions don't. I figure |
| the only sane thing to do is to add some kind of [newline] macro for the test |
| case files and have them expanded to the proper native line ending when the |
| test cases are run. This is however left to implement. |
| |
| Daniel (25 April 2006) |
| - Paul Querna fixed libcurl to better deal with deflate content encoding |
| when the stream (wrongly) lacks a proper zlib header. This seems to be the |
| case on too many actual server implementations. |
| |
| Daniel (21 April 2006) |
| - Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. |
| |
| Daniel (19 April 2006) |
| - Based on previous info from Tor Arntsen, I made configure detect the Intel |
| ICC compiler to add a compiler option for it, in order for configure to |
| properly be able to detect function prototypes. |
| |
| - Robson Braga Araujo provided a patch that makes libcurl less eager to close |
| the control connection when using FTP, for example when you remove an easy |
| handle from a multi stack. |
| |
| - Applied a patch by Ates Goral and Katie Wang that corrected my bad fix |
| attempt from April 10. |
| |
| Daniel (11 April 2006) |
| - #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad |
| typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) |
| since the struct timeval field tv_sec is an int while time_t is 64bit. |
| |
| Daniel (10 April 2006) |
| - Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and |
| CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL |
| connection time-out! |
| |
| - I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main |
| sources. See the lib/README.multi_socket for implementation story with |
| details. Don't expect it to work fully yet. I don't intend to blow any |
| whistles or ring any bells about it until I'm more convinced it works at |
| least somewhat reliably. |
| |
| Daniel (7 April 2006) |
| - David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() |
| options (callbacks) were added: |
| |
| CONV_FROM_NETWORK_FUNCTION |
| CONV_TO_NETWORK_FUNCTION |
| CONV_FROM_UTF8_FUNCTION |
| |
| Daniel (5 April 2006) |
| - Michele Bini modified the NTLM code to work for his "weird IIS case" |
| (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash |
| function in addition to the LM one and making some other adjustments in the |
| order the different parts of the data block are sent in the Type-2 reply. |
| Inspiration for this work was taken from the Firefox NTLM implementation. |
| |
| I edited the existing 21(!) NTLM test cases to run fine with these news. Due |
| to the fact that we now properly include the host name in the Type-2 message |
| the test cases now only compare parts of that chunk. |
| |
| Daniel (28 March 2006) |
| - #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that |
| occurred when asking libcurl to follow HTTP redirects and the original URL |
| had more than one question mark (?). Added test case 276 to verify. |
| |
| Daniel (27 March 2006) |
| - David Byron found a problem multiple -d options when libcurl was built with |
| --enable-debug, as then curl used free() on memory allocated both with |
| normal malloc() and with libcurl-provided functions, when the latter MUST be |
| freed with curl_free() in debug builds. |
| |
| Daniel (26 March 2006) |
| - Tor Arntsen figured out that TFTP was broken on a lot of systems since we |
| called bind() with a too big argument in the 3rd parameter and at least |
| Tru64, AIX and IRIX seem to be very picky about it. |
| |
| Daniel (21 March 2006) |
| - David McCreedy added CURLINFO_FTP_ENTRY_PATH. |
| |
| - Xavier Bouchoux made the SSL connection non-blocking for the multi interface |
| (when using OpenSSL). |
| |
| - Tor Arntsen fixed the AIX Toolbox RPM spec |
| |
| Daniel (20 March 2006) |
| - David McCreedy fixed libcurl to no longer ignore AUTH failures and now it |
| reacts properly according to the CURLOPT_FTP_SSL setting. |
| |
| - Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file |
| whose length was a multiple of 512 bytes could have random garbage |
| appended. Also, stop processing TFTP packets which are too short to be |
| legal. |
| |
| - Ilja van Sprundel reported a possible crash in the curl tool when using |
| "curl hostwithoutslash -d data -G" |
| |
| Version 7.15.3 (20 March 2006) |
| |
| Daniel (20 March 2006) |
| - VULNERABILITY reported to us by Ulf Harnhammar. |
| |
| libcurl uses the given file part of a TFTP URL in a manner that allows a |
| malicious user to overflow a heap-based memory buffer due to the lack of |
| boundary check. |
| |
| This overflow happens if you pass in a URL with a TFTP protocol prefix |
| ("tftp://"), using a valid host and a path part that is longer than 512 |
| bytes. |
| |
| The affected flaw can be triggered by a redirect, if curl/libcurl is told to |
| follow redirects and an HTTP server points the client to a tftp URL with the |
| characteristics described above. |
| |
| The Common Vulnerabilities and Exposures (CVE) project has assigned the name |
| CVE-2006-1061 to this issue. |
| |
| Daniel (16 March 2006) |
| - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included |
| in the release archive. |
| |
| Daniel (14 March 2006) |
| - David McCreedy fixed: |
| |
| a bad SSL error message when OpenSSL certificates are verified fine. |
| |
| a missing return code assignment in the FTP code |
| |
| Daniel (7 March 2006) |
| - Markus Koetter filed debian bug report #355715 which identified a problem |
| with the multi interface and multi-part formposts. The fix from February |
| 22nd could make the Curl_done() function get called twice on the same |
| connection and it was not designed for that and thus tried to call free() on |
| an already freed memory area! |
| |
| - Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL |
| is used properly. |
| |
| Daniel (6 March 2006) |
| - Lots of users on Windows have reported getting the "SSL: couldn't set |
| callback" error message so I've now made the setting of that callback not be |
| as critical as before. The function is only used for additional loggging/ |
| trace anyway so a failure just means slightly less data. It should still be |
| able to proceed and connect fine to the server. |
| |
| Daniel (4 March 2006) |
| - Thomas Klausner provided a patch written by Todd Vierling in bug report |
| #1442471 that fixes a build problem on Interix. |
| |
| Daniel (2 March 2006) |
| - FTP upload without a file name part in the URL now causes |
| curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the |
| upload but named the file "(nil)" (without the quotes). Test case 524 |
| verifies. |
| |
| - Added a check for getprotobyname in configure so that it'll be used, thanks |
| to Gisle Vanem's change the other day. |
| |
| Daniel (28 February 2006) |
| - Dan Fandrich prevented curl from getting stuck in an endless loop in case we |
| are out of file handles very early in curl's code where it makes sure that |
| 0, 1 and 2 aren't gonna be used by the lib for transfers. |
| |
| Daniel (27 February 2006) |
| - Marty Kuhrt pointed out that there were two VMS-specific files missing in |
| the release archive. |
| |
| Version 7.15.2 (27 February 2006) |
| |
| Daniel (22 February 2006) |
| - Lots of work and analysis by "xbx___" in bug #1431750 |
| (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two |
| different but related bugs: |
| |
| 1) Removing an easy handle from a multi handle before the transfer is done |
| could leave a connection in the connection cache for that handle that is |
| in a state that isn't suitable for re-use. A subsequent re-use could then |
| read from a NULL pointer and segfault. |
| |
| 2) When an easy handle was removed from the multi handle, there could be an |
| outstanding c-ares DNS name resolve request. When the response arrived, |
| it caused havoc since the connection struct it "belonged" to could've |
| been freed already. |
| |
| Now Curl_done() is called when an easy handle is removed from a multi handle |
| pre-maturely (that is, before the transfer was complteted). Curl_done() also |
| makes sure to cancel all (if any) outstanding c-ares requests. |
| |
| Daniel (21 February 2006) |
| - Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy |
| type to the already provided type CURLPROXY_SOCKS4. |
| |
| I added a --socks4 option that works like the current --socks5 option but |
| instead use the socks4 protocol. |
| |
| Daniel (20 February 2006) |
| - Shmulik Regev fixed an issue with multi-pass authentication and compressed |
| content when libcurl didn't honor the internal ignorebody flag. |
| |
| Daniel (18 February 2006) |
| - Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate |
| code. It should however not be the cause of any troubles. He also fixed a |
| few similar problems in the HTTP test server code. |
| |
| Daniel (17 February 2006) |
| - Shmulik Regev provided a fix for the DNS cache when using short life times, |
| as previously it could be holding on to old cached entries longer than |
| requested. |
| |
| Daniel (11 February 2006) |
| - Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options |
| that an app can use to let libcurl only connect to a remote host and then |
| extract the socket from libcurl. libcurl will then not attempt to do any |
| transfer at all after the connect is done. |
| |
| - Kent Boortz improved the configure check for GnuTLS to properly set LIBS |
| instead of LDFLAGS. |
| |
| Daniel (8 February 2006) |
| - Philippe Vaucher provided a brilliant piece of test code that show a problem |
| with re-used FTP connections. If the second request on the same connection |
| was set not to fetch a "body", libcurl could get confused and consider it an |
| attempt to use a dead connection and would go acting mighty strange. |
| |
| Daniel (2 February 2006) |
| - Make --limit-rate [num] mean bytes. It used to be that but it broke in my |
| change done in November 2005. |
| |
| Daniel (30 January 2006) |
| - Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the |
| curl tool with --local-port. Plain and simply set the range of ports to bind |
| the local end of connections to. Implemented on to popular demand. |
| |
| - Based on an error report by Philippe Vaucher, we no longer count a retried |
| connection setup as a follow-redirect. It turns out 1) this fails when a FTP |
| connection is re-setup and 2) it does make the max-redirs counter behave |
| wrong. |
| |
| Daniel (24 January 2006) |
| - Michal Marek provided a patch for FTP that makes libcurl continue to try |
| PASV even after EPSV returned a positive response code, if libcurl failed to |
| connect to the port number the EPSV response said. Obviously some people are |
| going through protocol-sensitive firewalls (or similar) that don't |
| understand EPSV and then they don't allow the second connection unless PASV |
| was used. This also called for a minor fix of test case 238. |
| |
| Daniel (20 January 2006) |
| - Duane Cathey was one of our friends who reported that curl -P [IP] |
| (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a |
| "native" IP while it works fine for ipv6-disabled builds! |
| |
| In the process of fixing this, I removed the support for LPRT since I can't |
| think of many reasons to keep doing it and asking on the mailing list didn't |
| reveal anyone else that could either. The code that sends EPRT and PORT is |
| now also a lot simpler than before (IMHO). |
| |
| Daniel (19 January 2006) |
| - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl |
| (built ipv4-only) didn't work. |
| |
| Daniel (18 January 2006) |
| - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), |
| the configure script complained about a missing "missing" script if you ran |
| configure within a path whose name included one or more spaces. This is due |
| to a flaw in automake (1.9.6 and earlier). I've now worked around it by |
| including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll |
| be used instead of the one automake ships with. This kludge needs to be |
| removed once we get an automake version with this problem corrected. |
| Possibly we'll then need to convert this into a kludge depending on what |
| automake version that is used and that is gonna be painful and I don't even |
| want to think about that now...! |
| |
| Daniel (17 January 2006) |
| - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with |
| the latest features and protocols that libcurl supports and has a minor fix |
| to better deal with the obscure case where someone has more than one libcurl |
| installed at the same time. |
| |
| Daniel (16 January 2006) |
| - David Shaw finally removed all traces of Gopher and we are now officially |
| not supporting it. It hasn't been functioning for years anyway, so this is |
| just finally stating what already was true. And a cleanup at the same time. |
| |
| - Bryan Henderson turned the 'initialized' variable for curl_global_init() |
| into a counter, and thus you can now do multiple curl_global_init() and you |
| are then supposed to do the same amount of calls to curl_global_cleanup(). |
| Bryan has also updated the docs accordingly. |
| |
| Daniel (13 January 2006) |
| - Andrew Benham fixed a race condition in the test suite that could cause the |
| test script to kill all processes in the current process group! |
| |
| Daniel (12 January 2006) |
| - Michael Jahn: |
| |
| Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru |
| HTTP proxy. |
| |
| Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would |
| previously overwrite internal memory and cause unpredicted behaviour! |
| |
| Daniel (11 January 2006) |
| - I decided to document the "secret option" here now, as I've received *NO* |
| feedback at all on my mailing list requests from November 2005: |
| |
| I'm looking for feedback and comments. I added some experimental code the |
| other day, that allows a libcurl user to select what method libcurl should |
| use to reach a file on a FTP(S) server. |
| |
| This functionality is available in CVS code and in recent daily snapshots. |
| |
| Let me explain... |
| |
| The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for |
| the command line tool) and you set it to a long (there are currenly no |
| defines for the argument values, just plain numericals). You can set three |
| different "methods" that do this: |
| |
| 1 multicwd - like today, curl will do a single CWD operation for each path |
| part in the given URL. For deep hierarchies this means very many |
| commands. This is how RFC1738 says it should be done. This is the |
| default. |
| |
| 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give |
| a full path to the server. |
| |
| 3 singlecwd - make one CWD with the full target directory and then operate |
| on the file "normally". |
| |
| (With the command line tool you do --ftp-method [METHOD], where [METHOD] is |
| one of "multicwd", "nocwd" or "singlecwd".) |
| |
| What feedback I'm interested in: |
| |
| 1 - Do they work at all? Do you find servers where one of these don't work? |
| |
| 2 - What would proper names for the option and its arguments be, if we |
| consider this feature good enough to get included and documented in |
| upcoming releases? |
| |
| 3 - Should we make libcurl able to "walk through" these options in case of |
| (path related) failures, or should it fail and let the user redo any |
| possible retries? |
| |
| (This option is not documented in any man page just yet since I'm not sure |
| these names will be used or if the functionality will end up exactly like |
| this. And for the same reasons we have no test cases for these yet.) |
| |
| Daniel (10 January 2006) |
| - When using a bad path over FTP, as in when libcurl couldn't CWD into all |
| given subdirs, libcurl would still "remember" the full path as if it is the |
| current directory libcurl is in so that the next curl_easy_perform() would |
| get really confused if it tried the same path again - as it would not issue |
| any CWD commands at all, assuming it is already in the "proper" dir. |
| |
| Starting now, a failed CWD command sets a flag that prevents the path to be |
| "remembered" after returning. |
| |
| Daniel (7 January 2006) |
| - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP |
| proxy actually used a new connection and not sent the second request on the |
| first socket! |
| |
| Daniel (6 January 2006) |
| - Alexander Lazic made the buildconf run the buildconf in the ares dir if that |
| is present instead of trying to mimic that script in curl's buildconf |
| script. |
| |
| Daniel (3 January 2006) |
| - Andres Garcia made the TFTP test server build with mingw. |