| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Old Changelog |
| |
| Changes done to curl and libcurl from 1997 to 2006. The most recent changes are |
| always kept in the CHANGES file. |
| |
| Daniel (29 December 2006) |
| - Make curl_easy_duphandle() set the magic number in the new handle. |
| |
| Daniel (22 December 2006) |
| - Robert Foreman provided a prime example snippet showing how libcurl would |
| get confused and not acknowledge the 'no_proxy' variable properly once it |
| had used the proxy and you re-used the same easy handle. I made sure the |
| proxy name is properly stored in the connect struct rather than the |
| sessionhandle/easy struct. |
| |
| - David McCreedy fixed a bad call to getsockname() that wrongly used a size_t |
| variable to point to when it should be a socklen_t. |
| |
| - When setting a proxy with environment variables and (for example) running |
| 'curl [URL]' with a URL without a protocol prefix, curl would not send a |
| correct request as it failed to add the protocol prefix. |
| |
| Daniel (21 December 2006) |
| - Robson Braga Araujo reported bug #1618359 |
| (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a |
| patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 |
| enters an infinite loop, while curl 7.16.1-20061218 does one additional |
| unnecessary request. |
| |
| Fix: During the "Major overhaul introducing http pipelining support and |
| shared connection cache within the multi handle." change, headerbytecount |
| was moved to live in the Curl_transfer_keeper structure. But that structure |
| is reset in the Transfer method, losing the information that we had about |
| the header size. This patch moves it back to the connectdata struct. |
| |
| Daniel (16 December 2006) |
| - Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE |
| during certain conditions when GnuTLS is used. |
| |
| Daniel (11 December 2006) |
| - Alexey Simak found out that when doing FTP with the multi interface and |
| something went wrong like it got a bad response code back from the server, |
| libcurl would leak memory. Added test case 538 to verify the fix. |
| |
| I also noted that the connection would get cached in that case, which |
| doesn't make sense since it cannot be re-use when the authentication has |
| failed. I fixed that issue too at the same time, and also that the path |
| would be "remembered" in vain for cases where the connection was about to |
| get closed. |
| |
| Daniel (6 December 2006) |
| - Sebastien Willemijns reported bug #1603712 |
| (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections |
| getting cut off prematurely when --limit-rate is used. While I found no such |
| problems in my tests nor in my reading of the code, I found that the |
| --limit-rate code was severly flawed (since it was moved into the lib, since |
| 7.15.5) when used with the easy interface and it didn't work as documented |
| so I reworked it somewhat and now it works for my tests. |
| |
| Daniel (5 December 2006) |
| - Stefan Krause pointed out a compiler warning with a picky MSCV compiler when |
| passing a curl_off_t argument to the Curl_read_rewind() function which takes |
| an size_t argument. Curl_read_rewind() also had debug code left in it and it |
| was put in a different source file with no good reason when only used from |
| one single spot. |
| |
| - Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is |
| no code present in the library that receives the option. Since it was not |
| possible to use, we know that no current users exist and thus we simply |
| removed it from the docs and made the code always use the default path of |
| the code. |
| |
| - Jared Lundell filed bug report #1604956 |
| (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting |
| CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl |
| will always internally use no less than 1 entry in the connection cache. |
| |
| - Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in |
| the 7.16.0 release. |
| |
| - Martin Skinner brought back bug report #1230118 to haunt us once again. |
| (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work |
| properly for all input dates on Windows. It was mostly seen on some TZ time |
| zones using DST. Luckily, Martin also provided a fix. |
| |
| - Alexey Simak filed bug report #1600447 |
| (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active |
| FTP connections don't work with the multi interface. The problem is here |
| that the multi interface state machine has a state during which it can wait |
| for the data connection to connect, but the active connection is not done in |
| the same step in the sequence as the passive one is so it doesn't quite work |
| for active. The active FTP code still use a blocking function to allow the |
| remote server to connect. |
| |
| The fix (work-around is a better word) for this problem is to set the |
| boolean prematurely that the data connection is completed, so that the "wait |
| for connect" phase ends at once. |
| |
| The proper fix, left for the future, is of course to make the active FTP |
| case to act in a non-blocking way too. |
| |
| - Matt Witherspoon fixed a problem case when the CPU load went to 100% when a |
| HTTP upload was disconnected: |
| |
| "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is |
| setting *only* POLLHUP on poll() when the conditions in my previous mail |
| occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So |
| basically what was happening, is poll() was returning immediately (with |
| POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or |
| POLLOUT was set. This still caused Curl_readwrite() to be called, which |
| quickly returned. Then the transfer() loop kept continuing at full speed |
| forever." |
| |
| Daniel (1 December 2006) |
| - Toon Verwaest reported that there are servers that send the Content-Range: |
| header in a third, not suppported by libcurl, format and we agreed that we |
| could make the parser more forgiving to accept all the three found |
| variations. |
| |
| Daniel (25 November 2006) |
| - Venkat Akella found out that libcurl did not like HTTP responses that simply |
| responded with a single status line and no headers nor body. Starting now, a |
| HTTP response on a persistent connection (i.e not set to be closed after the |
| response has been taken care of) must have Content-Length or chunked |
| encoding set, or libcurl will simply assume that there is no body. |
| |
| To my horror I learned that we had no less than 57(!) test cases that did bad |
| HTTP responses like this, and even the test http server (sws) responded badly |
| when queried by the test system if it is the test system. So although the |
| actual fix for the problem was tiny, going through all the newly failing test |
| cases got really painful and boring. |
| |
| Daniel (24 November 2006) |
| - James Housley did lots of work and introduced SFTP downloads. |
| |
| Daniel (13 November 2006) |
| - Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed |
| out a stack overwrite (and the corresponding fix) on 64bit Windows when |
| dealing with HTTP chunked encoding. |
| |
| Daniel (9 November 2006) |
| - Nir Soffer updated libcurl.framework.make: |
| o fix symlinks, should link to Versions, not to ./Versions |
| o indentation improvments |
| |
| - Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov |
| 2006. It turned out we wrongly assumed that the connection cache was present |
| when tearing down a connection. |
| |
| - Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the |
| multi interface, but I could also repeat it doing multiple sequential ones |
| with the easy interface. Using Ciprian's test case, I could fix it. |
| |
| Daniel (8 November 2006) |
| - Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without |
| CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the |
| SSL handshake. This is now stopped. |
| |
| Daniel (7 November 2006) |
| - Olaf fixed a leftover problem with the CONNECT fix of his that would leave a |
| wrong error message in the error message buffer. |
| |
| Daniel (3 November 2006) |
| - Olaf Stueben provided a patch that I edited slightly. It fixes the notorious |
| KNOWN_BUGS #25, which happens when a proxy closes the connection when |
| libcurl has sent CONNECT, as part of an authentication negotiation. Starting |
| now, libcurl will re-connect accordingly and continue the authentication as |
| it should. |
| |
| Daniel (2 November 2006) |
| - James Housley brought support for SCP transfers, based on the libssh2 library |
| for the actual network protocol stuff. |
| |
| Added these new curl_easy_setopt() options: |
| |
| CURLOPT_SSH_AUTH_TYPES |
| CURLOPT_SSH_PUBLIC_KEYFILE |
| CURLOPT_SSH_PRIVATE_KEYFILE |
| |
| Version 7.16.0 (30 October 2006) |
| |
| Daniel (25 October 2006) |
| - Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the |
| case when 401 or 407 are returned, *IF* no auth credentials have been given. |
| The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 |
| and 407 cases when auth credentials is given, but we've now covered this |
| somewhat more. |
| |
| You might get some amounts of headers transferred before this situation is |
| detected, like for when a "100-continue" is received as a response to a |
| POST/PUT and a 401 or 407 is received immediately afterwards. |
| |
| Added test 281 to verify this change. |
| |
| Daniel (23 October 2006) |
| - Ravi Pratap provided a major update with pipelining fixes. We also no longer |
| re-use connections (for pipelining) before the name resolving is done. |
| |
| Daniel (21 October 2006) |
| - Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all |
| the single test applications' link and dependences, so that you easier can |
| override those from the command line when using make. |
| |
| - Armel Asselin separated CA cert verification problems from problems with |
| reading the (local) CA cert file to let users easier pinpoint the actual |
| problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. |
| |
| Daniel (18 October 2006) |
| - Removed the "protocol-guessing" for URLs with host names starting with FTPS |
| or TELNET since they are practically non-existant. This leaves us with only |
| three different prefixes that would assume the protocol is anything but |
| HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". |
| |
| Daniel (17 October 2006) |
| - Bug report #1579171 pointed out code flaws detected with "prefast", and they |
| were 1 - a too small memory clear with memset() in the threaded resolver and |
| 2 - a range of potentially bad uses of the ctype family of is*() functions |
| such as isdigit(), isalnum(), isprint() and more. The latter made me switch |
| to using our own set of these functions/macros using uppercase letters, and |
| with some extra set of crazy typecasts to avoid mistakingly passing in |
| negative numbers to the underlying is*() functions. |
| |
| - With Jeff Pohlmeyer's help, I fixed the expire timer when using |
| curl_multi_socket() during name resolves with c-ares and the LOW_SPEED |
| options now work fine with curl_multi_socket() as well. |
| |
| Daniel (16 October 2006) |
| - Added a check in configure that simply tries to run a program (not when |
| cross-compiling) in order to detect problems with run-time libraries that |
| otherwise would occur when the sizeof tests for curl_off_t would run and |
| thus be much more confusing to users. The check of course should run after |
| all lib-checks are done and before any other test is used that would run an |
| executable built for testing-purposes. |
| |
| Dan F (13 October 2006) |
| - The tagging of application/x-www-form-urlencoded POST body data sent |
| to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously |
| included as part of the header). A message was also added to the |
| command line tool to show when data is being sent, enabled when |
| --verbose is used. |
| |
| Daniel (12 October 2006) |
| - Starting now, adding an easy handle to a multi stack that was already added |
| to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. |
| |
| - Jeff Pohlmeyer has been working with the hiperfifo.c example source code, |
| and while doing so it became apparent that the current timeout system for |
| the socket API really was a bit awkward since it become quite some work to |
| be sure we have the correct timeout set. |
| |
| Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another |
| callback the app can set to get to know when the general timeout time |
| changes and thus for an application like hiperfifo.c it makes everything a |
| lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in |
| good old libcurl tradition. |
| |
| Jeff has also updated the hiperfifo.c example code to use this news. |
| |
| Daniel (9 October 2006) |
| - Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test |
| case 535 and it now runs fine. Again a problem with the pipelining code not |
| taking all possible (error) conditions into account. |
| |
| Daniel (6 October 2006) |
| - Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to |
| test case 533 and the test now runs fine. |
| |
| Daniel (4 October 2006) |
| - Dmitriy Sergeyev provided an example source code that crashed CVS libcurl |
| but that worked nicely in 7.15.5. I converted it into test case 532 and |
| fixed the problem. |
| |
| Daniel (29 September 2006) |
| - Removed a few other no-longer present options from the header file. |
| |
| - Support for FTP third party transfers was removed. Here's why: |
| |
| o The recent multi interface changes broke it and the design of the 3rd party |
| transfers made it very hard to fix the problems |
| o It was still blocking and thus nasty for the multi interface |
| o It was a lot of extra code for a very rarely used feature |
| o It didn't use the same code as for "plain" FTP transfers, so it didn't work |
| fine for IPv6 and it didn't properly re-use connections and more |
| o There's nobody around who's willing to work on and improve the existing |
| code |
| |
| This does not mean that third party transfers are banned forever, only that |
| they need to be done better if they are to be re-added in the future. |
| |
| The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* |
| options from the command line tool. For this reason, I also bumped the |
| version info for the lib. |
| |
| Daniel (28 September 2006) |
| - Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl |
| would crash if a bad function sequence was used when shutting down after |
| using the multi interface (i.e using easy_cleanup after multi_cleanup) so |
| precautions have been added to make sure it doesn't any more - test case 529 |
| was added to verify. |
| |
| Daniel (27 September 2006) |
| - The URL in the cookie jar file is now changed since it was giving a 404. |
| Reported by Timothy Stone. The new URL will take the visitor to a curl web |
| site mirror with the document. |
| |
| Daniel (24 September 2006) |
| - Bernard Leak fixed configure --with-gssapi-libs. |
| |
| - Cory Nelson made libcurl use the WSAPoll() function if built for Windows |
| Vista (_WIN32_WINNT >= 0x0600) |
| |
| Daniel (23 September 2006) |
| - Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only |
| encrypt the control connection and use the data connection "plain". |
| |
| - Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better |
| as it now will read the full data sent from servers. The SOCKS-related code |
| was also moved to the new lib/socks.c source file. |
| |
| Daniel (21 September 2006) |
| - Added test case 531 in an attempt to repeat bug report #1561470 |
| (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an |
| FTP upload fails with the multi interface. It did not, but I made a failed |
| upload still assume the control connection to be fine. |
| |
| Daniel (20 September 2006) |
| - Armel Asselin fixed problems when you gave a proxy URL with user name and |
| empty password or no password at all. Test case 278 and 279 were added to |
| verify. |
| |
| Daniel (12 September 2006) |
| - Added docs/examples/10-at-a-time.c by Michael Wallner |
| |
| - Added docs/examples/hiperfifo.c by Jeff Pohlmeyer |
| |
| Daniel (11 September 2006) |
| - Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a |
| handle that is part of a multi handle first removes the handle from the |
| stack. |
| |
| - Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL |
| session-ID re-use on demand since there obviously are broken servers out |
| there that misbehave with session-IDs used. |
| |
| - Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a |
| problem with it (SIGSEGV-style). It clearly showed that the existing |
| socket-state and state-difference function wasn't good enough so I rewrote |
| it and could then re-run Jeff's program without any crash. The previous |
| version clearly could miss to tell the application when a handle changed |
| from using one socket to using another. |
| |
| While I was at it (as I could use this as a means to track this problem |
| down), I've now added a 'magic' number to the easy handle struct that is |
| inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that |
| we can use internally to detect that an easy handle seems to be fine, or at |
| least not closed or freed (freeing in debug builds fill the area with 0x13 |
| bytes but in normal builds we can of course not assume any particular data |
| in the freed areas). |
| |
| Daniel (9 September 2006) |
| - Michele Bini fixed how the hostname is put in NTLM packages. As servers |
| don't expect fully qualified names we need to cut them off at the first dot. |
| |
| - Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some |
| of them can be completetly removed though... |
| |
| Daniel (6 September 2006) |
| - Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a |
| multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that |
| handle will be attempted to get pipelined instead of done in parallell as |
| they are performed otherwise. |
| |
| As a side-effect from this work, connections are now shared between all easy |
| handles within a multi handle, so if you use N easy handles for transfers, |
| each of them can pick up and re-use a connection that was previously used by |
| any of the handles, be it the same or one of the others. |
| |
| This separation of the tight relationship between connections and easy |
| handles is most noticable when you close easy handles that have been used in |
| a multi handle and check amount of used memory or watch the debug output, as |
| there are times when libcurl will keep the easy handle around for a while |
| longer to be able to close it properly. Like for sending QUIT to close down |
| an FTP connection. |
| |
| This is a major change. |
| |
| Daniel (4 September 2006) |
| - Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a |
| patch that while not fixing things very nicely, it does make the SOCKS5 |
| proxy connection slightly better as it now acknowledges the timeout for |
| connection and it no longer segfaults in the case when SOCKS requires |
| authentication and you did not specify username:password. |
| |
| Daniel (31 August 2006) |
| - Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch |
| name resolves. It could get stuck in the wrong state. |
| |
| Gisle (29 August 2006) |
| - Added support for other MS-DOS compilers (desides djgpp). All MS-DOS |
| compiler now uses the same config.dos file (renamed to config.h by |
| make). libcurl now builds fine using Watcom and Metaware's High-C |
| using the Watt-32 tcp/ip-stack. |
| |
| Daniel (29 August 2006) |
| - David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to |
| allow applications to set their own socket options. |
| |
| Daniel (25 August 2006) |
| - Armel Asselin reported that the 'running_handles' counter wasn't updated |
| properly if you removed a "live" handle from a multi handle with |
| curl_multi_remove_handle(). |
| |
| Daniel (22 August 2006) |
| - David McCreedy fixed a remaining mistake from the August 19 TYPE change. |
| |
| - Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP |
| code when doing pure ipv6 EPRT connections. |
| |
| Daniel (19 August 2006) |
| - Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE |
| command on subsequent requests on a re-used connection unless it has to. |
| |
| - Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and |
| files in the root directory. |
| |
| - Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't |
| send the whole request at once, even though the Expect: header was disabled |
| by the application. An effect of this change is also that small (< 1024 |
| bytes) POSTs are now always sent without Expect: header since we deem it |
| more costly to bother about that than the risk that we send the data in |
| vain. |
| |
| Daniel (9 August 2006) |
| - Armel Asselin made the CURLOPT_PREQUOTE option work fine even when |
| CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place |
| in the command sequence as it would have run if there would've been a |
| transfer. |
| |
| Daniel (8 August 2006) |
| - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs |
| on a persistent connection and allowed the first to use that header, you |
| could not disable it for the second request. |
| |
| Daniel (7 August 2006) |
| - Domenico Andreolfound a quick build error which happened because |
| src/config.h.in was not a proper duplcate of lib/config.h.in which it |
| should've been and this was due to the maketgz script not doing the cp |
| properly. |
| |
| Version 7.15.5 (7 August 2006) |
| |
| Daniel (2 August 2006) |
| - Mark Lentczner fixed how libcurl was not properly doing chunked encoding |
| if the header "Transfer-Encoding: chunked" was set by the application. |
| http://curl.haxx.se/bug/view.cgi?id=1531838 |
| |
| Daniel (1 August 2006) |
| - Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() |
| an unknown error number on glibc systems. |
| http://curl.haxx.se/bug/view.cgi?id=1532289 |
| |
| Daniel (31 July 2006) |
| - *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified |
| prototypes: they both now provide the number of running handles back to the |
| calling function. It makes the functions resemble the good old |
| curl_multi_perform() more and provides a nice way to know when the multi |
| handle goes empty. |
| |
| ALERT2: don't use the curl_multi_socket*() functionality in anything |
| production-like until I say it's somewhat settled, as I suspect there might |
| be some further API changes before I'm done... |
| |
| Daniel (28 July 2006) |
| - Yves Lejeune fixed so that replacing Content-Type: when doing multipart |
| formposts work exactly the way you want it (and the way you'd assume it |
| works). |
| |
| Daniel (27 July 2006) |
| - David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both |
| control and data connection, as the existing --ftp-ssl option only requests |
| it. |
| |
| - [Hiper-related work] Added a function called curl_multi_assign() that will |
| set a private pointer added to the internal libcurl hash table for the |
| particular socket passed in to this function: |
| |
| CURLMcode curl_multi_assign(CURLM *multi_handle, |
| curl_socket_t sockfd, |
| void *sockp); |
| |
| 'sockp' being a custom pointer set by the application to be associated with |
| this socket. The socket has to be already existing and in-use by libcurl, |
| like having already called the callback telling about its existance. |
| |
| The set hashp pointer will then be passed on to the callback in upcoming |
| calls when this same socket is used (in the brand new 'socketp' argument). |
| |
| Daniel (26 July 2006) |
| - Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl |
| tool option named --ftp-alternative-to-user. It provides a mean to send a |
| particular command if the normal USER/PASS approach fails. |
| |
| - Michael Jerris added magic that builds lib/curllib.vcproj automatically for |
| newer MSVC. |
| |
| Daniel (25 July 2006) |
| - Georg Horn made the transfer timeout error message include more details. |
| |
| Daniel (20 July 2006) |
| - David McCreedy fixed a build error when building libcurl with HTTP disabled, |
| problem added with the curl_formget() patch. |
| |
| Daniel (17 July 2006) |
| - Jari Sundell did some excellent research and bug tracking, figured out that |
| we did wrong and patched it: When nodes were removed from the splay tree, |
| and we didn't properly remove it from the splay tree when an easy handle was |
| removed from a multi stack and thus we could wrongly leave a node in the |
| splay tree pointing to (bad) memory. |
| |
| Daniel (14 July 2006) |
| - David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared |
| for FTP ASCII transfers. |
| |
| Daniel (8 July 2006) |
| - Ates Goral pointed out that libcurl's cookie parser did case insensitive |
| string comparisons on the path which is incorrect and provided a patch that |
| fixes this. I edited test case 8 to include details that test for this. |
| |
| - Ingmar Runge provided a source snippet that caused a crash. The reason for |
| the crash was that libcurl internally was a bit confused about who owned the |
| DNS cache at all times so if you created an easy handle that uses a shared |
| DNS cache and added that to a multi handle it would crash. Now we keep more |
| careful internal track of exactly what kind of DNS cache each easy handle |
| uses: None, Private (allocated for and used only by this single handle), |
| Shared (points to a cache held by a shared object), Global (points to the |
| global cache) or Multi (points to the cache within the multi handle that is |
| automatically shared between all easy handles that are added with private |
| caches). |
| |
| Daniel (4 July 2006) |
| - Toshiyuki Maezawa fixed a problem where you couldn't override the |
| Proxy-Connection: header when using a proxy and not doing CONNECT. |
| |
| Daniel (24 June 2006) |
| - Michael Wallner added curl_formget(), which allows an application to extract |
| (serialise) a previously built formpost (as with curl_formadd()). |
| |
| Daniel (23 June 2006) |
| - Arve Knudsen found a flaw in curl_multi_fdset() for systems where |
| curl_socket_t is unsigned (like Windows) that could cause it to wrongly |
| return a max fd of -1. |
| |
| Daniel (20 June 2006) |
| - Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and |
| CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed |
| to send or receive data. This kind of adds the the command line tool's |
| option --limit-rate to the library. |
| |
| The rate limiting logic in the curl app is now removed and is instead |
| provided by libcurl itself. Transfer rate limiting will now also work for -d |
| and -F, which it didn't before. |
| |
| Daniel (19 June 2006) |
| - Made -K on a file that couldn't be read cause a warning to be displayed. |
| |
| Daniel (13 June 2006) |
| - Dan Fandrich implemented --enable-hidden-symbols configure option to enable |
| -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl |
| binary and speeds up dynamic linking by hiding all the internal symbols from |
| the symbol table. |
| |
| Version 7.15.4 (12 June 2006) |
| |
| Daniel (8 June 2006) |
| - Brian Dessent fixed the code for cygwin in three distinct ways: |
| |
| The first modifies {lib,src}/setup.h to not include the winsock headers |
| under Cygwin. This fixes the reported build problem. Cygwin attempts as |
| much as possible to emulate a posix environment under Windows. This means |
| that WIN32 is *not* #defined and (to the extent possible) everything is done |
| as it would be on a *ix type system. Thus <sys/socket.h> is the proper |
| include, and even though winsock2.h is present, including it just introduces |
| a whole bunch of incompatible socket API stuff. |
| |
| The second is a patch I've included in the Cygwin binary packages for a |
| while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The |
| checks are innocuous and they do succeed, but they pollute LIBS with |
| unnecessary stuff which gets recorded as such in the libcurl.la file, which |
| brings them into the build of any libcurl-downstream. As far as I know |
| these libs are really only necessary for mingw, so alternatively they could |
| be designed to only run if $host matches *-*-mingw* but I took the safer |
| route of skipping them for *-*-cygwin*. |
| |
| The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ |
| with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>. |
| |
| Daniel (7 June 2006) |
| - Mikael Sennerholm provided a patch that added NTLM2 session response support |
| to libcurl. The 21 NTLM test cases were again modified to comply... |
| |
| Daniel (27 May 2006) |
| - Óscar Morales Vivó updated the libcurl.framework.make file. |
| |
| Daniel (26 May 2006) |
| - Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to |
| fail. When using the md5-sess, the result was not Md5 encoded and Base64 |
| transformed. |
| |
| Daniel (25 May 2006) |
| - Michael Wallner provided a patch that allows "SESS" to be set with |
| CURLOPT_COOKIELIST, which then makes all session cookies get cleared. |
| |
| Daniel (24 May 2006) |
| - Tor Arntsen made test 271 run fine again since the TFTP path fix. |
| |
| Daniel (23 May 2006) |
| - Martin Michlmayr filed debian bug report #367954, but the same error also |
| showed up in the autobuilds. It seems a rather long-since introduced shell |
| script flaw in the configure script suddenly was detected by the bash |
| version in Debian Unstable. It had previously passed undetected by all |
| shells used so far... |
| |
| - David McCreedy updated lib/config-tpf.h |
| |
| Daniel (11 May 2006) |
| - Fixed the configure's check for old-style SSLeay headers since I fell over a |
| case with a duplicate file name (a krb4 implementation with an err.h |
| file). I converted the check to manually make sure three of the headers are |
| present before considering them fine. |
| |
| - David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended |
| checks on the to-be-returned socket to make sure it truly seems to be alive |
| and well. For SSL connection it (only) uses OpenSSL functions. |
| |
| Daniel (10 May 2006) |
| - Fixed DICT in two aspects: |
| |
| 1 - allow properly URL-escaped words, like using %20 for spaces |
| |
| 2 - properly escape certain letters within a word to comply to the RFC2229 |
| |
| Daniel (9 May 2006) |
| - Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU |
| autotools project, which optionally (default=yes) uses libcurl on a system |
| without a (usable) libcurl installation, but not specifying |
| `--without-libcurl', configure determines correctly that no libcurl is |
| available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' |
| in the resulting Makefiles. |
| |
| David Shaw fixed the flaw. |
| |
| - Robson Braga Araujo fixed two problems in the recently added non-blocking SSL |
| connects. The state machine was not reset properly so that subsequent |
| connects using the same handle would fail, and there were two memory leaks. |
| |
| - Robson Braga Araujo fixed a memory leak when you added an easy handle to a |
| multi stack and that easy handle had already been used to do one or more |
| easy interface transfers, as then the code threw away the previously used |
| DNS cache without properly freeing it. |
| |
| Daniel (8 May 2006) |
| - Dan Fandrich went over the TFTP code and he pointed out and fixed numerous |
| problems: |
| |
| * The received file is corrupted when a packet is lost and retransmitted |
| (this is a serious problem!) |
| |
| * Transmitting a file aborts if a block is lost and retransmitted |
| |
| * Data is stored in the wrong location in the buffer for uploads, so uploads |
| always fail (I don't see how it could have ever worked, but it did on x86 |
| at least) |
| |
| * A number of calls are made to strerror instead of Curl_strerror, making |
| the code not thread safe |
| |
| * There are references to errno instead of Curl_sockerrno(), causing |
| incorrect error messages on Windows |
| |
| * The file name includes a leading / which violates RFC3617. Doing something |
| similar to ftp, where two slashes after the host name means an absolute |
| reference seems a reasonable extension to fix this. |
| |
| * Failures in EBCDIC conversion are not propagated up to the caller but are |
| silently ignored |
| |
| - Fixed known bug #28. The TFTP code no longer assumes a packed struct and |
| thus works reliably on more platforms. |
| |
| Daniel (5 May 2006) |
| - Roland Blom filed bug report #1481217 |
| (http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele |
| Bini and David Byron. libcurl previously wrongly used GetLastError() on |
| windows to get error details after socket-related function calls, when it |
| really should use WSAGetLastError() instead. |
| |
| When changing to this, the former function Curl_ourerrno() is now instead |
| called Curl_sockerrno() as it is necessary to only use it to get errno from |
| socket-related functions as otherwise it won't work as intended on Windows. |
| |
| Daniel (4 May 2006) |
| - Mark Eichin submitted bug report #1480821 |
| (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a |
| problem with how libcurl dealt with GnuTLS and a case where gnutls returned |
| GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected |
| return code, making Curl_ssl_send() confuse the upper layer - causing random |
| 28 bytes trash data to get inserted in the transfered stream. |
| |
| The proper fix was to make the Curl_gtls_send() function return the proper |
| return codes that the callers would expect. The Curl_ossl_send() function |
| already did this. |
| |
| Daniel (2 May 2006) |
| - Added a --checkfor option to curl-config to allow users to easier |
| write for example shell scripts that test for the presence of a |
| new-enough libcurl version. If --checkfor is given a version string |
| newer than what is currently installed, curl-config will return a |
| non-zero exit code and output a string about the unfulfilled |
| requirement. |
| |
| Daniel (26 April 2006) |
| - David McCreedy brought initial line end conversions when doing FTP ASCII |
| transfers. They are done on non-windows systems and translate CRLF to LF. |
| |
| I modified the 15 LIST-using test cases accordingly. The downside is that now |
| we'll have even more trouble to get the tests to run on Windows since they |
| should get CRLF newlines left intact which the *nix versions don't. I figure |
| the only sane thing to do is to add some kind of [newline] macro for the test |
| case files and have them expanded to the proper native line ending when the |
| test cases are run. This is however left to implement. |
| |
| Daniel (25 April 2006) |
| - Paul Querna fixed libcurl to better deal with deflate content encoding |
| when the stream (wrongly) lacks a proper zlib header. This seems to be the |
| case on too many actual server implementations. |
| |
| Daniel (21 April 2006) |
| - Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. |
| |
| Daniel (19 April 2006) |
| - Based on previous info from Tor Arntsen, I made configure detect the Intel |
| ICC compiler to add a compiler option for it, in order for configure to |
| properly be able to detect function prototypes. |
| |
| - Robson Braga Araujo provided a patch that makes libcurl less eager to close |
| the control connection when using FTP, for example when you remove an easy |
| handle from a multi stack. |
| |
| - Applied a patch by Ates Goral and Katie Wang that corrected my bad fix |
| attempt from April 10. |
| |
| Daniel (11 April 2006) |
| - #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad |
| typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) |
| since the struct timeval field tv_sec is an int while time_t is 64bit. |
| |
| Daniel (10 April 2006) |
| - Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and |
| CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL |
| connection time-out! |
| |
| - I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main |
| sources. See the lib/README.multi_socket for implementation story with |
| details. Don't expect it to work fully yet. I don't intend to blow any |
| whistles or ring any bells about it until I'm more convinced it works at |
| least somewhat reliably. |
| |
| Daniel (7 April 2006) |
| - David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() |
| options (callbacks) were added: |
| |
| CONV_FROM_NETWORK_FUNCTION |
| CONV_TO_NETWORK_FUNCTION |
| CONV_FROM_UTF8_FUNCTION |
| |
| Daniel (5 April 2006) |
| - Michele Bini modified the NTLM code to work for his "weird IIS case" |
| (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash |
| function in addition to the LM one and making some other adjustments in the |
| order the different parts of the data block are sent in the Type-2 reply. |
| Inspiration for this work was taken from the Firefox NTLM implementation. |
| |
| I edited the existing 21(!) NTLM test cases to run fine with these news. Due |
| to the fact that we now properly include the host name in the Type-2 message |
| the test cases now only compare parts of that chunk. |
| |
| Daniel (28 March 2006) |
| - #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that |
| occurred when asking libcurl to follow HTTP redirects and the original URL |
| had more than one question mark (?). Added test case 276 to verify. |
| |
| Daniel (27 March 2006) |
| - David Byron found a problem multiple -d options when libcurl was built with |
| --enable-debug, as then curl used free() on memory allocated both with |
| normal malloc() and with libcurl-provided functions, when the latter MUST be |
| freed with curl_free() in debug builds. |
| |
| Daniel (26 March 2006) |
| - Tor Arntsen figured out that TFTP was broken on a lot of systems since we |
| called bind() with a too big argument in the 3rd parameter and at least |
| Tru64, AIX and IRIX seem to be very picky about it. |
| |
| Daniel (21 March 2006) |
| - David McCreedy added CURLINFO_FTP_ENTRY_PATH. |
| |
| - Xavier Bouchoux made the SSL connection non-blocking for the multi interface |
| (when using OpenSSL). |
| |
| - Tor Arntsen fixed the AIX Toolbox RPM spec |
| |
| Daniel (20 March 2006) |
| - David McCreedy fixed libcurl to no longer ignore AUTH failures and now it |
| reacts properly according to the CURLOPT_FTP_SSL setting. |
| |
| - Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file |
| whose length was a multiple of 512 bytes could have random garbage |
| appended. Also, stop processing TFTP packets which are too short to be |
| legal. |
| |
| - Ilja van Sprundel reported a possible crash in the curl tool when using |
| "curl hostwithoutslash -d data -G" |
| |
| Version 7.15.3 (20 March 2006) |
| |
| Daniel (20 March 2006) |
| - VULNERABILITY reported to us by Ulf Harnhammar. |
| |
| libcurl uses the given file part of a TFTP URL in a manner that allows a |
| malicious user to overflow a heap-based memory buffer due to the lack of |
| boundary check. |
| |
| This overflow happens if you pass in a URL with a TFTP protocol prefix |
| ("tftp://"), using a valid host and a path part that is longer than 512 |
| bytes. |
| |
| The affected flaw can be triggered by a redirect, if curl/libcurl is told to |
| follow redirects and an HTTP server points the client to a tftp URL with the |
| characteristics described above. |
| |
| The Common Vulnerabilities and Exposures (CVE) project has assigned the name |
| CVE-2006-1061 to this issue. |
| |
| Daniel (16 March 2006) |
| - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included |
| in the release archive. |
| |
| Daniel (14 March 2006) |
| - David McCreedy fixed: |
| |
| a bad SSL error message when OpenSSL certificates are verified fine. |
| |
| a missing return code assignment in the FTP code |
| |
| Daniel (7 March 2006) |
| - Markus Koetter filed debian bug report #355715 which identified a problem |
| with the multi interface and multi-part formposts. The fix from February |
| 22nd could make the Curl_done() function get called twice on the same |
| connection and it was not designed for that and thus tried to call free() on |
| an already freed memory area! |
| |
| - Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL |
| is used properly. |
| |
| Daniel (6 March 2006) |
| - Lots of users on Windows have reported getting the "SSL: couldn't set |
| callback" error message so I've now made the setting of that callback not be |
| as critical as before. The function is only used for additional loggging/ |
| trace anyway so a failure just means slightly less data. It should still be |
| able to proceed and connect fine to the server. |
| |
| Daniel (4 March 2006) |
| - Thomas Klausner provided a patch written by Todd Vierling in bug report |
| #1442471 that fixes a build problem on Interix. |
| |
| Daniel (2 March 2006) |
| - FTP upload without a file name part in the URL now causes |
| curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the |
| upload but named the file "(nil)" (without the quotes). Test case 524 |
| verifies. |
| |
| - Added a check for getprotobyname in configure so that it'll be used, thanks |
| to Gisle Vanem's change the other day. |
| |
| Daniel (28 February 2006) |
| - Dan Fandrich prevented curl from getting stuck in an endless loop in case we |
| are out of file handles very early in curl's code where it makes sure that |
| 0, 1 and 2 aren't gonna be used by the lib for transfers. |
| |
| Daniel (27 February 2006) |
| - Marty Kuhrt pointed out that there were two VMS-specific files missing in |
| the release archive. |
| |
| Version 7.15.2 (27 February 2006) |
| |
| Daniel (22 February 2006) |
| - Lots of work and analysis by "xbx___" in bug #1431750 |
| (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two |
| different but related bugs: |
| |
| 1) Removing an easy handle from a multi handle before the transfer is done |
| could leave a connection in the connection cache for that handle that is |
| in a state that isn't suitable for re-use. A subsequent re-use could then |
| read from a NULL pointer and segfault. |
| |
| 2) When an easy handle was removed from the multi handle, there could be an |
| outstanding c-ares DNS name resolve request. When the response arrived, |
| it caused havoc since the connection struct it "belonged" to could've |
| been freed already. |
| |
| Now Curl_done() is called when an easy handle is removed from a multi handle |
| pre-maturely (that is, before the transfer was complteted). Curl_done() also |
| makes sure to cancel all (if any) outstanding c-ares requests. |
| |
| Daniel (21 February 2006) |
| - Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy |
| type to the already provided type CURLPROXY_SOCKS4. |
| |
| I added a --socks4 option that works like the current --socks5 option but |
| instead use the socks4 protocol. |
| |
| Daniel (20 February 2006) |
| - Shmulik Regev fixed an issue with multi-pass authentication and compressed |
| content when libcurl didn't honor the internal ignorebody flag. |
| |
| Daniel (18 February 2006) |
| - Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate |
| code. It should however not be the cause of any troubles. He also fixed a |
| few similar problems in the HTTP test server code. |
| |
| Daniel (17 February 2006) |
| - Shmulik Regev provided a fix for the DNS cache when using short life times, |
| as previously it could be holding on to old cached entries longer than |
| requested. |
| |
| Daniel (11 February 2006) |
| - Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options |
| that an app can use to let libcurl only connect to a remote host and then |
| extract the socket from libcurl. libcurl will then not attempt to do any |
| transfer at all after the connect is done. |
| |
| - Kent Boortz improved the configure check for GnuTLS to properly set LIBS |
| instead of LDFLAGS. |
| |
| Daniel (8 February 2006) |
| - Philippe Vaucher provided a brilliant piece of test code that show a problem |
| with re-used FTP connections. If the second request on the same connection |
| was set not to fetch a "body", libcurl could get confused and consider it an |
| attempt to use a dead connection and would go acting mighty strange. |
| |
| Daniel (2 February 2006) |
| - Make --limit-rate [num] mean bytes. It used to be that but it broke in my |
| change done in November 2005. |
| |
| Daniel (30 January 2006) |
| - Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the |
| curl tool with --local-port. Plain and simply set the range of ports to bind |
| the local end of connections to. Implemented on to popular demand. |
| |
| - Based on an error report by Philippe Vaucher, we no longer count a retried |
| connection setup as a follow-redirect. It turns out 1) this fails when a FTP |
| connection is re-setup and 2) it does make the max-redirs counter behave |
| wrong. |
| |
| Daniel (24 January 2006) |
| - Michal Marek provided a patch for FTP that makes libcurl continue to try |
| PASV even after EPSV returned a positive response code, if libcurl failed to |
| connect to the port number the EPSV response said. Obviously some people are |
| going through protocol-sensitive firewalls (or similar) that don't |
| understand EPSV and then they don't allow the second connection unless PASV |
| was used. This also called for a minor fix of test case 238. |
| |
| Daniel (20 January 2006) |
| - Duane Cathey was one of our friends who reported that curl -P [IP] |
| (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a |
| "native" IP while it works fine for ipv6-disabled builds! |
| |
| In the process of fixing this, I removed the support for LPRT since I can't |
| think of many reasons to keep doing it and asking on the mailing list didn't |
| reveal anyone else that could either. The code that sends EPRT and PORT is |
| now also a lot simpler than before (IMHO). |
| |
| Daniel (19 January 2006) |
| - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl |
| (built ipv4-only) didn't work. |
| |
| Daniel (18 January 2006) |
| - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), |
| the configure script complained about a missing "missing" script if you ran |
| configure within a path whose name included one or more spaces. This is due |
| to a flaw in automake (1.9.6 and earlier). I've now worked around it by |
| including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll |
| be used instead of the one automake ships with. This kludge needs to be |
| removed once we get an automake version with this problem corrected. |
| Possibly we'll then need to convert this into a kludge depending on what |
| automake version that is used and that is gonna be painful and I don't even |
| want to think about that now...! |
| |
| Daniel (17 January 2006) |
| - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with |
| the latest features and protocols that libcurl supports and has a minor fix |
| to better deal with the obscure case where someone has more than one libcurl |
| installed at the same time. |
| |
| Daniel (16 January 2006) |
| - David Shaw finally removed all traces of Gopher and we are now officially |
| not supporting it. It hasn't been functioning for years anyway, so this is |
| just finally stating what already was true. And a cleanup at the same time. |
| |
| - Bryan Henderson turned the 'initialized' variable for curl_global_init() |
| into a counter, and thus you can now do multiple curl_global_init() and you |
| are then supposed to do the same amount of calls to curl_global_cleanup(). |
| Bryan has also updated the docs accordingly. |
| |
| Daniel (13 January 2006) |
| - Andrew Benham fixed a race condition in the test suite that could cause the |
| test script to kill all processes in the current process group! |
| |
| Daniel (12 January 2006) |
| - Michael Jahn: |
| |
| Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru |
| HTTP proxy. |
| |
| Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would |
| previously overwrite internal memory and cause unpredicted behaviour! |
| |
| Daniel (11 January 2006) |
| - I decided to document the "secret option" here now, as I've received *NO* |
| feedback at all on my mailing list requests from November 2005: |
| |
| I'm looking for feedback and comments. I added some experimental code the |
| other day, that allows a libcurl user to select what method libcurl should |
| use to reach a file on a FTP(S) server. |
| |
| This functionality is available in CVS code and in recent daily snapshots. |
| |
| Let me explain... |
| |
| The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for |
| the command line tool) and you set it to a long (there are currenly no |
| defines for the argument values, just plain numericals). You can set three |
| different "methods" that do this: |
| |
| 1 multicwd - like today, curl will do a single CWD operation for each path |
| part in the given URL. For deep hierarchies this means very many |
| commands. This is how RFC1738 says it should be done. This is the |
| default. |
| |
| 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give |
| a full path to the server. |
| |
| 3 singlecwd - make one CWD with the full target directory and then operate |
| on the file "normally". |
| |
| (With the command line tool you do --ftp-method [METHOD], where [METHOD] is |
| one of "multicwd", "nocwd" or "singlecwd".) |
| |
| What feedback I'm interested in: |
| |
| 1 - Do they work at all? Do you find servers where one of these don't work? |
| |
| 2 - What would proper names for the option and its arguments be, if we |
| consider this feature good enough to get included and documented in |
| upcoming releases? |
| |
| 3 - Should we make libcurl able to "walk through" these options in case of |
| (path related) failures, or should it fail and let the user redo any |
| possible retries? |
| |
| (This option is not documented in any man page just yet since I'm not sure |
| these names will be used or if the functionality will end up exactly like |
| this. And for the same reasons we have no test cases for these yet.) |
| |
| Daniel (10 January 2006) |
| - When using a bad path over FTP, as in when libcurl couldn't CWD into all |
| given subdirs, libcurl would still "remember" the full path as if it is the |
| current directory libcurl is in so that the next curl_easy_perform() would |
| get really confused if it tried the same path again - as it would not issue |
| any CWD commands at all, assuming it is already in the "proper" dir. |
| |
| Starting now, a failed CWD command sets a flag that prevents the path to be |
| "remembered" after returning. |
| |
| Daniel (7 January 2006) |
| - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP |
| proxy actually used a new connection and not sent the second request on the |
| first socket! |
| |
| Daniel (6 January 2006) |
| - Alexander Lazic made the buildconf run the buildconf in the ares dir if that |
| is present instead of trying to mimic that script in curl's buildconf |
| script. |
| |
| Daniel (3 January 2006) |
| - Andres Garcia made the TFTP test server build with mingw. |
| Daniel (16 December 2005) |
| - Jean Jacques Drouin pointed out that you could only have a user name or |
| password of 127 bytes or less embedded in a URL, where actually the code |
| uses a 255 byte buffer for it! Modified now to use the full buffer size. |
| |
| Daniel (12 December 2005) |
| - Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly |
| |
| Version 7.15.1 (7 December 2005) |
| |
| Daniel (6 December 2005) |
| - Full text here: http://curl.haxx.se/docs/adv_20051207.html Pointed out by |
| Stefan Esser. |
| |
| VULNERABILITY |
| |
| libcurl's URL parser function can overflow a malloced buffer in two ways, if |
| given a too long URL. |
| |
| These overflows happen if you |
| |
| 1 - pass in a URL with no protocol (like "http://") prefix, using no slash |
| and the string is 256 bytes or longer. This leads to a single zero byte |
| overflow of the malloced buffer. |
| |
| 2 - pass in a URL with only a question mark as separator (no slash) between |
| the host and the query part of the URL. This leads to a single zero byte |
| overflow of the malloced buffer. |
| |
| Both overflows can be made with the same input string, leading to two single |
| zero byte overwrites. |
| |
| The affected flaw cannot be triggered by a redirect, but the long URL must |
| be passed in "directly" to libcurl. It makes this a "local" problem. Of |
| course, lots of programs may still pass in user-provided URLs to libcurl |
| without doing much syntax checking of their own, allowing a user to exploit |
| this vulnerability. |
| |
| There is no known exploit at the time of this writing. |
| |
| |
| Daniel (2 December 2005) |
| - Jamie Newton pointed out that libcurl's file:// code would close() a zero |
| file descriptor if given a non-existing file. |
| |
| Daniel (24 November 2005) |
| - Doug Kaufman provided a set of patches to make curl build fine on DJGPP |
| again using configure. |
| |
| - Yang Tse provided a whole series of patches to clear up compiler warnings on |
| MSVC 6. |
| |
| Daniel (17 November 2005) |
| - I extended a patch from David Shaw to make libcurl _always_ provide an error |
| string in the given error buffer to address the flaw mention on 21 sep 2005. |
| |
| Daniel (16 November 2005) |
| - Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get |
| installed on 'make install' time. |
| |
| Daniel (14 November 2005) |
| - Quagmire reported that he needed to raise a NTLM buffer for SSPI to work |
| properly for a case, and so we did. We raised it even for non-SSPI builds |
| but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715 |
| |
| - Jan Kunder's debian bug report |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird |
| error message for when you try to upload a file and the requested directory |
| doesn't exist on the target server. |
| |
| - Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in |
| lib/memdebug.h that showed up in his msvc builds. |
| |
| Daniel (13 November 2005) |
| - Debian bug report 338681 by Jan Kunder: make curl better detect and report |
| bad limit-rate units: |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return |
| error if a bad unit is used. |
| |
| - Thanks to this nice summary of poll() implementations: |
| http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene |
| Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote |
| connectin closure so we check for that case (too) and re-enable poll for |
| cygwin builds. |
| |
| Daniel (12 November 2005) |
| - Eugene Kotlyarov found out that cygwin's poll() function isn't doing things |
| right: http://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable |
| poll() and use select() on cygwin too (we already do the same choice on Mac |
| OS X) |
| |
| - Dima Barsky patched problem #1348930: the GnuTLS code completely ignored |
| client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930). |
| |
| Daniel (10 November 2005) |
| - David Lang fixed IPv6 support for TFTP! |
| |
| - Introducing range stepping to the curl globbing support. Now you can specify |
| step counter by adding :[num] within the brackets when specifying a range: |
| |
| [1-100:10] |
| [a-z:2] |
| |
| If no step counter is set, it defaults to 1 as before: |
| |
| [1-100] |
| [d-h] |
| |
| Daniel (8 November 2005) |
| - Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since |
| we really have no use for reverse lookups of the address. |
| |
| I truly hope these are the last reverse lookups we had lingering in the |
| code! |
| |
| - Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled |
| version of libcurl with different Windows versions. Current version of |
| libcurl imports SSPI functions from secur32.dll. However, under Windows NT |
| 4.0 these functions are located in security.dll, under Windows 9x - in |
| secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll |
| just forwards calls to secur32.dll). |
| |
| Dmitry's patch loads proper library dynamically depending on Windows |
| version. Function InitSecurityInterface() is used to obtain pointers to all |
| of SSPI function in one structure. |
| |
| Daniel (31 October 2005) |
| - Vilmos Nebehaj improved libcurl's LDAP abilities: |
| |
| The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary |
| attributes in LDAP objects. So, I made a quick patch to address these |
| problems. |
| |
| The solution is simple: if we connect to an LDAP server, first try LDAPv3 |
| (which is the preferred protocol as of now) and then fall back to LDAPv2. |
| In case of binary attributes, we first convert them to base64, just like the |
| openldap client does. It uses ldap_get_values_len() instead of |
| ldap_get_values() to be able to retrieve binary attributes correctly. I |
| defined the necessary LDAP macros in lib/ldap.c to be able to compile |
| libcurl without the presence of libldap |
| |
| Daniel (27 October 2005) |
| - Nis Jorgensen filed bug report #1338648 |
| (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a |
| feature request, but anyway. It pointed out that --max-redirs did not allow |
| it to be set to 0, which then would return an error code on the first |
| Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS |
| set to 0, or -1 for infinity. Added test case 274 to verify. |
| |
| - tommink[at]post.pl reported in bug report #1337723 |
| (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload |
| binary data from stdin on Windows if the data contained control-Z (hex 1a) |
| since that is treated as end-of-file when read in text mode. Gisle Vanem |
| pointed out the fix, and I made both -T and --data-binary take advantage of |
| it. |
| |
| - Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described |
| in the man page, curl would send an invalid HTTP Range: header. The correct |
| way would be to use "-r [number]-" or even "-r -[number]". Starting now, |
| curl will warn if this is discovered, and automatically append a dash to the |
| range before passing it to libcurl. |
| |
| Daniel (25 October 2005) |
| - Amol Pattekar reported a bug with great detail and a fine example in bug |
| #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi |
| interface and connecting to a host with multiple IP addresses, and one of |
| the addresses fails to connect (the server must exist and respond, just not |
| accept connections) libcurl leaks a socket descriptor. Thanks to the fine |
| report, I could find and fix this. |
| |
| Daniel (22 October 2005) |
| - Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report |
| #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL |
| stream from a server and the server requests a "rehandshake", the current |
| code simply returns this as an error. I have no good way to test this, but |
| I've added a crude attempt of dealing with this situation slightly better - |
| it makes a blocking handshake if this happens. Done like this because fixing |
| this the "proper" way (that would handshake asynchronously) will require |
| quite some work and I really need a good way to test this to do such a |
| change. |
| |
| Daniel (21 October 2005) |
| - "Ofer" reported a problem when libcurl re-used a connection and failed to do |
| it, it could then accidentally actually crash. Presumably, this concerns FTP |
| connections. http://curl.haxx.se/bug/view.cgi?id=1330310 |
| |
| - Temprimus improved the MSVC makefile so that the static debug SSL libs are |
| linked to the executable and not to the libcurld.lib |
| http://curl.haxx.se/bug/view.cgi?id=1326676 |
| |
| - Bradford Bruce made the windows resolver code properly return |
| CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving |
| errors (as documented). |
| |
| Daniel (20 October 2005) |
| - Dave Dribin made libcurl understand and handle cases when the server |
| (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should |
| never happen in a sane world, libcurl previously got into an infinite loop |
| when this occurred. Dave added test 273 to verify this. |
| |
| - Temprimus improved the MSVC makefile: "makes a build option available so if |
| you set rtlibcfg=static for the make, then it would build with /MT. The |
| default behaviour is /MD (the original)." |
| http://curl.haxx.se/bug/view.cgi?id=1326665 |
| |
| Daniel (14 October 2005) |
| - Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin |
| reported, the define is used by the configure script and is assumed to use |
| the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0 |
| release version. |
| |
| Version 7.15.0 (13 October 2005) |
| |
| Daniel (12 October 2005) |
| - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM |
| code that would overflow a buffer if given a too long user name or domain |
| name. This would happen if you enable NTLM authentication and either |
| |
| A - pass in a user name and domain name to libcurl that together are longer |
| than 192 bytes |
| |
| B - allow (lib)curl to follow HTTP "redirects" (Location: and the |
| appropriate HTTP 30x response code) and the new URL contains a URL with |
| a user name and domain name that together are longer than 192 bytes |
| |
| See http://curl.haxx.se/docs/security.html for further details and updates |
| |
| Daniel (5 October 2005) |
| - Darryl House reported a problem with using -z to download files from FTP. |
| It turned out that if the given time stamp was exact the same as the remote |
| time stamp, the file would still wrongly be downloaded. Added test case 272 |
| to verify. |
| |
| Daniel (4 October 2005) |
| - Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes |
| from the configure script. |
| |
| - Michael Wallner reported that the date parser had wrong offset stored for |
| the MEST and CEST time zones. |
| |
| Daniel (27 September 2005) |
| - David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181) |
| that identified a silly problem with Content-Range: headers with the 'bytes' |
| keyword written in a different case than all lowercase! It would cause a |
| segfault! |
| |
| - TJ Saunders of the proftpd project identified and pointed out problems with |
| the modified FTPS negotiation change of August 19 2005. Thus, we revert the |
| change back to pre-7.14.1 status. |
| |
| Daniel (21 September 2005) |
| - Fixed "cut off" sentence in the libcurl-tutorial man page: |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305 |
| |
| - Clarified in the curl_easy_setopt man page what the default |
| CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean: |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311 |
| |
| - Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER |
| sometimes doesn't fill in the buffer even though it is supposed to: |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313 |
| |
| - When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an |
| error string set. |
| |
| Daniel (19 September 2005) |
| - Dmitry Bartsevich made the SSPI support work on Windows 9x as well. |
| |
| Daniel (15 September 2005) |
| - Added a TFTP server to the test suite and made the test suite capable of |
| using it. |
| |
| Daniel (7 September 2005) |
| - Ben Madsen's detailed reports that funnily enough only occurred with certain |
| glibc versions turned out to be curl using an already closed file handle |
| during certain conditions (like when saving FTP server "headers"). |
| |
| - Scott Davis helped me track down a problem in the test HTTP server that made |
| test case 56 wrongly fail at times. It turned out it was due to the server |
| finding the end of a chunked-encoded POST too early. |
| |
| Daniel (6 September 2005) |
| - Now curl warns if an unknown variable is used in the -w/--writeout argument. |
| |
| Daniel (4 September 2005) |
| - I applied Nicolas François' man page patch he posted to the Debian bug |
| tracker. It corrected two lines that started with apostrophes, which isn't |
| legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511 |
| |
| - Added --ftp-skip-pasv-ip to the command line tool, that sets the new |
| CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control |
| connection's IP address when setting up the data connection instead of |
| extractting the IP address from the PASV response. It has turned out this |
| feature is frequently needed by people to circumvent silly servers and silly |
| firewalls, especially when FTPS is used and the PASV command-response is |
| sent encrtyped. |
| |
| Sponsored by CU*Answers |
| |
| Daniel (1 September 2005) |
| - John Kelly added TFTP support to libcurl. A bunch of new error codes was |
| added. TODO: add them to docs. add TFTP server to test suite. add TFTP to |
| list of protocols whereever those are mentioned. |
| |
| Version 7.14.1 (1 September 2005) |
| |
| Daniel (29 August 2005) |
| - Kevin Lussier pointed out a problem with curllib.dsp and how to fix it. |
| |
| - Igor Polyakov fixed a rather nasty problem with the threaded name resolver |
| for Windows, that could lead to an Access Violation when the multi interface |
| was used due to an issue with how the resolver thread was and was not |
| terminated. |
| |
| - Simon Josefsson brought a patch that allows curl to get built to use GNU GSS |
| instead of MIT/Heimdal for GSS capabilities. |
| |
| Daniel (24 August 2005) |
| - Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible |
| from the command line tool with --ignore-content-length. This will make it |
| easier to download files from Apache 1.x (and similar) servers that are |
| still having problems serving files larger than 2 or 4 GB. When this option |
| is enabled, curl will simply have to wait for the server to close the |
| connection to signal end of transfer. I wrote test case 269 that runs a |
| simple test to verify that this works. |
| |
| - (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed |
| the --logfile command line option to --log-file, and thus the test script |
| valgrind autodetection now has yet another version check to do and then it |
| alters the valgrind command line accordingly. |
| |
| - Fixed CA cert verification using GnuTLS with the default bundle, which |
| previously failed due to GnuTLS not allowing x509 v1 CA certs by default. |
| Ralph Mitchell reported. |
| |
| Daniel (19 August 2005) |
| - Norbert Novotny had problems with FTPS and he helped me work out a patch |
| that made curl run fine in his end. The key was to make sure we do the |
| SSL/TLS negotiation immediately after the TCP connect is done and not after |
| a few other commands have been sent like we did previously. I don't consider |
| this change necessary to obey the standards, I think this server is pickier |
| than what the specs allow it to be, but I can't see how this modified |
| libcurl code can add any problems to those who are interpreting the |
| standards more liberally. |
| |
| Daniel (17 August 2005) |
| - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with |
| CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to |
| write the result to a given cookie jar and then never actually call |
| curl_easy_perform() - the given file(s) to read was never read but the |
| output file was written and thus it caused a "funny" result. |
| |
| - While doing some tests for the bug above, I noticed that Firefox generates |
| large numbers (for the expire time) in the cookies.txt file and libcurl |
| didn't treat them properly. Now it does. |
| |
| Daniel (15 August 2005) |
| - Added more verbose "warning" messages to the curl client for cases where it |
| fails to open/read files etc to help users diagnose why it doesn't do what |
| you'd expect it to. Converted lots of old messages to use the new generic |
| function I wrote for this purpose. |
| |
| Daniel (13 August 2005) |
| - James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a |
| site responds with bad HTTP response that doesn't contain any header at all, |
| only a response body, and the write callback returns 0 to abort the |
| transfer, it didn't have any real effect but the write callback would be |
| called once more anyway. |
| |
| Daniel (12 August 2005) |
| - Based on Richard Clayton's reports, I found out that using curl -d @filename |
| when 'filename' was not possible to access made curl use a GET request |
| instead. |
| |
| - The time condition illegal syntax warning is now inhibited if -s is used. |
| |
| Daniel (10 August 2005) |
| - Mario Schroeder found out that one of the debug callbacks calls that regards |
| SSL data with the CURLINFO_TEXT type claimed that the data was one byte |
| larger than it actually is, thus falsely telling the application that the |
| terminating zero was part of the data. |
| |
| Daniel (9 August 2005) |
| - Christopher R. Palmer fixed the offsets used for date parsings when the time |
| zone name of a daylight savings time was used. For example, PDT vs PDS. This |
| flaw was introduced with the new date parser (11 sep 2004 - 7.12.2). |
| Fortunately, no web server or cookie string etc should be using such time |
| zone names thus limiting the effect of this bug. |
| |
| Daniel (8 August 2005) |
| - Jon Grubbs filed bug report #1249962 |
| (http://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem |
| with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly |
| switches to pure HTTP internally when an HTTP proxy is used, even for FTP |
| URLs. The problem would also occur with other multi-pass auth methods. |
| |
| Daniel (7 August 2005) |
| - When curl is built with GnuTLS, curl-config didn't include "SSL" when |
| --features was used. |
| |
| Daniel (28 July 2005) |
| - If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is |
| set to 1, CURLOPT_NOBODY will now automatically be set to 0. |
| |
| Daniel (27 July 2005) |
| - Dan Fandrich changes over the last week: fixed numerous minor configure |
| option parsing flaws: --without-gnutls, --without-spnego --without-gssapi |
| and --without-krb4. Spellfixed several error messages. |
| |
| - Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a |
| simple interface to extracting and setting cookies in libcurl's internal |
| "cookie jar". See the new cookie_interface.c example code. |
| |
| Daniel (13 July 2005) |
| - Diego Casorran provided patches to make curl build fine on Amiga again. |
| |
| Daniel (12 July 2005) |
| - Adrian Schuur added trailer support in the chunked encoding stream. The |
| trailer is then sent to the normal header callback/stream. I wrote up test |
| case 266 to verify the basic functionality. Do note that test case 34 |
| contains a flawed chunked encoding stream that still works the same. |
| |
| Daniel (5 July 2005) |
| - Gisle Vanem came up with a nice little work-around for bug #1230118 |
| (http://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC) |
| libc time functions may return data one hour off if TZ is not set and |
| automatic DST adjustment is enabled. This made curl_getdate() return wrong |
| value, and it also concerned internal cookie expirations etc. |
| |
| Daniel (4 July 2005) |
| - Andrew Bushnell provided enough info for me to tell that we badly needed to |
| fix the CONNECT authentication code with multi-pass auth methods (such as |
| NTLM) as it didn't previously properly ignore response-bodies - in fact it |
| stopped reading after all response headers had been received. This could |
| lead to libcurl sending the next request and reading the body from the first |
| request as response to the second request. (I also renamed the function, |
| which wasn't strictly necessary but...) |
| |
| The best fix would to once and for all make the CONNECT code use the |
| ordinary request sending/receiving code, treating it as any ordinary request |
| instead of the special-purpose function we have now. It should make it |
| better for multi-interface too. And possibly lead to less code... |
| |
| Added test case 265 for this. It doesn't work as a _really_ good test case |
| since the test proxy is too stupid, but the test case helps when running the |
| debugger to verify. |
| |
| Daniel (30 June 2005) |
| - Dan Fandrich improved the configure script's ability to figure out what kind |
| of strerror_r() API that is used when cross-compiling. If __GLIB__ is |
| defined, it assumes the glibc API. If not, it issues a notice as before that |
| the user needs to manually edit lib/config.h for this. |
| |
| Daniel (23 June 2005) |
| - David Shaw's fix that unifies proxy string treatment so that a proxy given |
| with CURLOPT_PROXY can use a http:// prefix and user + password. The user |
| and password fields are now also URL decoded properly. Test case 264 added |
| to verify. |
| |
| Daniel (22 June 2005) |
| - David Shaw updated libcurl.m4 |
| |
| Daniel (14 June 2005) |
| - Gisle Vanem fixed a potential thread handle leak. Bug report #1216500 |
| (http://curl.haxx.se/bug/view.cgi?id=1216500). Comment in |
| http://curl.haxx.se/mail/lib-2005-06/0059.html |
| |
| Daniel (13 June 2005) |
| - Made buildconf run libtoolize in the ares dir too (inspired by Tupone's |
| reverted patch). |
| |
| Daniel (9 June 2005) |
| - Incorporated Tupone's findtool fix in buildconf (slightly edited) |
| |
| - Incorporated Tupone's head -n fix in buildconf. |
| |
| Daniel (8 June 2005) |
| - Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it |
| in pieces, one by one and see what we need to adjust to work all over. |
| |
| Daniel (6 June 2005) |
| - Tupone Alfredo fixed three problems in buildconf: |
| |
| 1) findtool does look per tool in PATH and think ./perl is the perl |
| executable, while is just a local directory (I have . in the PATH) |
| |
| 2) I got several warning for head -1 deprecated in favour of head -n 1 |
| |
| 3) ares directory is missing some file (missing is missing :-) ) because |
| automake and friends is not run. |
| |
| Daniel (3 June 2005) |
| - Added docs/libcurl/getinfo-times, based on feedback from 'Edi': |
| http://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes |
| |
| - Andres Garcia provided yet another text mode patch for several test cases so |
| that they do text comparisions better on Windows (newline-wise). |
| |
| Daniel (1 June 2005) |
| - The configure check for c-ares now adds the cares lib before the other libs, |
| to make it build fine with mingw. Inspired by Tupone Alfredo's bug report |
| and patch: http://curl.haxx.se/bug/view.cgi?id=1212940 |
| |
| Daniel (31 May 2005) |
| - Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6 |
| address was not possible to use. It is now, but requires it written |
| RFC2732-style, within brackets - which incidently is how you enter numerical |
| IPv6 addresses in URLs. Test case 263 added to verify. |
| |
| Daniel (30 May 2005) |
| - Eric Cooper reported about a problem with HTTP servers that responds with |
| binary zeroes within the headers. They confused libcurl to do wrong so the |
| downloaded headers become incomplete. The fix is now verified with test case |
| 262. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948 |
| |
| Daniel (25 May 2005) |
| - Fixed problems with the test suite, and in particular the FTP test cases |
| since it previously was failing every now and then in a nonsense manner. |
| |
| - --trace-time now outputs the full microsecond, all 6 digits. |
| |
| Daniel (24 May 2005) |
| - Andres Garcia provided a text mode patch for several test cases so that they |
| do text comparisions better on Windows (newline-wise). |
| |
| - Any 2xx response (and not just 200) is now considered a fine response to |
| TYPE, as some servers obviously sends a 226 there. Added test case 261 to |
| verify. Based on a question/report by Georg Wicherski. |
| |
| Daniel (20 May 2005) |
| - Improved runtests.pl to allow stdout tests to be mode=text as well, just |
| as file comparisons already supports. Added this info to the FILEFORMAT |
| docs. |
| |
| Daniel (18 May 2005) |
| - John McGowan identified a problem in bug report #1204435 |
| (http://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like |
| "http://somehost?data" as it added a slash too much in the request ("GET |
| /?data/"...). Added test case 260 to verify. |
| |
| - The configure check for strerror_r() failed to detect the proper API at |
| times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc |
| version if the posix define wasn't set (since it _had_ found a strerror_r). |
| |
| Daniel (16 May 2005) |
| - The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail |
| due to this. There's now a configure check that attempts to detect the bad |
| function and not use it on such systems. |
| |
| Version 7.14.0 (16 May 2005) |
| |
| Daniel (13 May 2005) |
| - Grigory Entin reported that curl's configure detects a fine poll() for Mac |
| OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable |
| doesn't work as good as if built without poll(). I've adjusted the configure |
| to always skip the fine-poll() test on Mac OS X (darwin). |
| |
| Daniel (12 May 2005) |
| - When doing a second request (after a disconnect) using the same easy handle, |
| over a proxy that uses NTLM authentication, libcurl failed to use NTLM again |
| properly (the auth method was accidentally reset to the same as had been set |
| for host auth, which defaults to Basic). Bug report #1200661 |
| (http://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and |
| the fix. |
| |
| - If -z/--time-cond is used with an invalid date syntax, this is no longer |
| silently discarded. Instead a proper warning message is diplayed that |
| informs about it. But it still continues without the condition. |
| |
| Version 7.14.0-pre2 (11 May 2005) |
| |
| Daniel (11 May 2005) |
| - Starting now, libcurl sends a little different set of headers in its default |
| HTTP requests: |
| |
| A) Normal non-proxy HTTP: |
| - no more "Pragma: no-cache" (this only makes sense to proxies) |
| |
| B) Non-CONNECT HTTP request over proxy: |
| - "Pragma: no-cache" is used (like before) |
| - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) |
| |
| C) CONNECT HTTP request over proxy: |
| - "Host: [name]:[port]" |
| - "Proxy-Connection: Keep-alive" |
| |
| The A) case is mostly to reduce the default header size and remove a |
| pointless header. |
| |
| The B) is to address (rare) problems with HTTP 1.0 proxies |
| |
| The C) headers are both to address (rare) problems with some proxies. The |
| code in libcurl that deals with CONNECT requests need a rewrite, but it |
| feels like a too big a job for me to do now. Details are added in the code |
| comments for now. |
| |
| Updated a large amount of test cases to reflect the news. |
| |
| Daniel (10 May 2005) |
| - Half-baked attempt to bail out if select() returns _only_ errorfds when the |
| transfer is in progress. An attempt to fix Allan's problem. See |
| http://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread |
| for details. |
| |
| I'm still not sure this is the right fix, but... |
| |
| Version 7.14.0-pre1 (9 May 2005) |
| |
| Daniel (2 May 2005) |
| - Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At |
| least it should no longer cause a compiler error. However, it does not have |
| AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it |
| (we use that for FTP PORT/EPRT)! So, I modified the configure check that |
| checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then |
| it'll fail on AIX 4.3 and it will automatically build with IPv6 support |
| disabled. |
| |
| - Added --trace-time that when used adds a time stamp to each trace line that |
| --trace, --trace-ascii and --verbose output. I also made the '>' display |
| separate each line on the linefeed so that HTTP requests etc look nicer in |
| the -v output. |
| |
| - Made curl recognize the environment variables Lynx (and others?) support for |
| pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If |
| CURL_CA_BUNDLE is not set, they are checked afterwards. |
| |
| Like before: on windows if none of these are set, it checks for the ca cert |
| file like this: |
| |
| 1. application's directory |
| 2. current working directory |
| 3. Windows System directory (e.g. C:\windows\system32) |
| 4. Windows Directory (e.g. C:\windows) |
| 5. all directories along %PATH% |
| |
| Daniel (1 May 2005) |
| - The runtests.pl script now starts test servers by doing fork() and exec() |
| instead of the previous approach. This is less complicated and should |
| hopefully lead to less "leaked" servers (servers that aren't stopped |
| properly when the tests are stopped). |
| |
| - Alexander Zhuravlev found a case when you did "curl -I [URL]" and it |
| complained on the chunked encoding, even though a HEAD should never return a |
| body and thus it cannot be a chunked-encoding problem! |
| |
| Daniel (30 April 2005) |
| - Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using |
| --interface on an address that can't be bound. |
| |
| Daniel (28 April 2005) |
| - Working on fixing up test cases to mark sections as 'mode=text' for things |
| that curl writes as text files, since then they can get different line |
| endings depending on OS. Andrés GarcÃa helps me work this out. |
| |
| Did lots of other minor tweaks on the test scripts to work better and more |
| reliably find test servers and also kill test servers. |
| |
| - Dan Fandrich pointed out how the runtests.pl script killed the HTTP server |
| instead of the HTTPS server when closing it down. |
| |
| Daniel (27 April 2005) |
| - Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two |
| more places. First, CURL_HOME is a new environment variable that is used |
| instead of HOME if it is set, to point out where the default config file |
| lives. If there's no config file in the dir pointed out by one of the |
| environment variables, the Windows version will instead check the same |
| directory the executable curl is located in. |
| |
| Daniel (26 April 2005) |
| - Cory Nelson's work on nuking compiler warnings when building on x64 with |
| VS2005. |
| |
| Daniel (25 April 2005) |
| - Fred New reported a bug where we used Basic auth and user name and password |
| in .netrc, and when following a Location: the subsequent requests didn't |
| properly use the auth as found in the netrc file. Added test case 257 to |
| verify my fix. |
| |
| - Based on feedback from Cory Nelson, I added some preprocessor magic in |
| */setup.h and */config-win32.h to build fine with VS2005 on x64. |
| |
| Daniel (23 April 2005) |
| - Alex Suykov made the curl tool now assume that uploads using HTTP:// or |
| HTTPS:// are the only ones that show output and thus motivates a switched |
| off progress meter if the output is sent to the terminal. This makes FTP |
| uploads without '>', -o or -O show the progress meter. |
| |
| Daniel (22 April 2005) |
| - Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static |
| library variants. |
| |
| - Andres Garcia fixed configure to set the proper define when building static |
| libcurl on windows. |
| |
| - --retry-delay didn't work. |
| |
| Daniel (18 April 2005) |
| - Olivier reported that even though he used CURLOPT_PORT, libcurl clearly |
| still used the default port. He was right. I fixed the problem and added the |
| test cases 521, 522 and 523 to verify the fix. |
| |
| - Toshiyuki Maezawa reported that when doing a POST with a read callback, |
| libcurl didn't properly send an Expect: 100-continue header. It does now. |
| |
| - I committed by mig change in the test suite's FTP server that moves out all |
| socket/TCP code to a separate C program named sockfilt. And added 4 new |
| test cases for FTP over IPv6. |
| |
| Daniel (8 April 2005) |
| - Cory Nelson reported a problem with a HTTP server that responded with a 304 |
| response containing an "illegal" Content-Length: header, which was not |
| properly ignored by libcurl. Now it is. Test case 249 verifies. |
| |
| Daniel (7 April 2005) |
| - Added ability to build and run with GnuTLS as an alternative to OpenSSL for |
| the secure layer. configure --with-gnutls enables with. Note that the |
| previous OpenSSL check still has preference and if it first detects OpenSSL, |
| it will not check for GnuTLS. You may need to explictly diable OpenSSL with |
| --without-ssl. |
| |
| This work has been sponsored by The Written Word. |
| |
| Daniel (5 April 2005) |
| - Christophe Legry fixed the post-upload check for FTP to not complain if the |
| upload was skipped due to a time-condition as set with |
| CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify. |
| |
| Version 7.13.2 (5 April 2005) |
| |
| Daniel (4 April 2005) |
| - Marcelo Juchem fixed the MSVC makefile for libcurl |
| |
| - Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle |
| was killed before the threading resolver (windows only) still hadn't |
| completed. |
| |
| - Hardeep Singh reported a problem doing HTTP POST with Digest. (It was |
| actually also affecting NTLM and Negotiate.) It turned out that if the |
| server responded with 100 Continue before the initial 401 response, libcurl |
| didn't take care of the response properly. Test case 245 and 246 added to |
| verify this. |
| |
| Daniel (30 March 2005) |
| - Andres Garcia modified the configure script to check for libgdi32 before |
| libcrypto, to make the SSL check work fine on msys/mingw. |
| |
| Daniel (29 March 2005) |
| - Tom Moers identified a flaw when you sent a POST with Digest authentication, |
| as in the first request when curl sends a POST with Content-Length: 0, it |
| still forcibly closed the connection before doing the next step in the auth |
| negotiation. |
| |
| - Jesper Jensen found out that FTP-SSL didn't work since my FTP |
| rewrite. Fixing that was easy, but it also revealed a much worse problem: |
| the FTP server response reader function didn't properly deal with reading |
| responses in multiple tiny chunks properly! I modified the FTP server to |
| allow it to produce such split-up responses to make sure curl deals with |
| them as it should. |
| |
| - Based on Augustus Saunders' comments and findings, the HTTP output auth |
| function was fixed to use the proper proxy authentication when multiple ones |
| are accepted. test 239 and test 243 were added to repeat the problems and |
| verify the fixes. |
| |
| --proxy-anyauth was added to the curl tool |
| |
| Daniel (16 March 2005) |
| - Tru64 and some IRIX boxes seem to not like test 237 as it is. Their |
| inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted |
| address which makes a different failure... Now I've modified the ipv4 |
| resolve code to use inet_pton() instead in an attempt to make these systems |
| better detect this as a bad IP address rather than creating a toally bogus |
| address that is then passed on and used. |
| |
| Daniel (15 March 2005) |
| - Dan Fandrich made the code properly use the uClibc's version of |
| inet_ntoa_r() when built with it. |
| |
| - Added test 237 and 238: test EPSV and PASV response handling when they get |
| well- formated data back but using illegal values. In 237 PASV gets an IP |
| address that is way bad. In 238 EPSV gets a port that is way out of range. |
| |
| Daniel (14 March 2005) |
| - Added a few missing features to the curl-config --features list |
| |
| - Modified testcurl.pl to now offer |
| 1 - command line options for all info it previously only read from |
| file: --name, --email, --desc and --configure |
| 2 - --nocvsup makes it not attempt to do cvs update |
| 3 - --crosscompile informs it and makes it not attempt things it can't do |
| |
| - Fixed numerous win32 compiler warnings. |
| |
| - Removed the lib/security.h file since it shadowed the mingw/win32 header |
| with the same name which is needed for SSPI builds. The contents of the |
| former security.h is now i krb4.h |
| |
| - configure --enable-sspi now enables SSPI in the build. It only works for |
| windows builds (including cross-compiles for windows). |
| |
| Daniel (12 March 2005) |
| - David Houlder added --form-string that adds that string to a multipart |
| formpost part, without special characters having special meanings etc like |
| --form features. |
| |
| Daniel (11 March 2005) |
| - curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was |
| built with SSPI support. |
| |
| - Christopher R. Palmer made it possible to build libcurl with the |
| USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the |
| native way to do NTLM. SSPI also allows libcurl to pass on the current user |
| and its password in the request. |
| |
| Daniel (9 March 2005) |
| - Dan F improved the SSL lib setup in configure. |
| |
| - Nodak Sodak reported a crash when using a SOCKS4 proxy. |
| |
| - Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the |
| multi interface code. |
| |
| - Adjusted the man page for the curl_getdate() return value for dates after |
| year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it |
| returns either the correct value or even -1 on some systems that still seem |
| to not deal with this properly. Tor Arntsen found a 64bit AIX system for us |
| that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on |
| this problem in the first place. |
| |
| Daniel (8 March 2005) |
| - Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP |
| file got a Last-Modified: header written to the data stream, corrupting the |
| actual data. This was because some conditions from the previous FTP code was |
| not properly brought into the new FTP code. I fixed and I added test case |
| 520 to verify. (This bug was introduced in 7.13.1) |
| |
| - Dan Fandrich fixed the configure --with-zlib option to always consider the |
| given path before any standard paths. |
| |
| Daniel (6 March 2005) |
| - Randy McMurchy was the first to report that valgrind.pm was missing from the |
| release archive and thus 'make test' fails. |
| |
| Daniel (5 March 2005) |
| - Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files. |
| |
| - Added test case 235 that makes a resumed upload of a file that isn't present |
| on the remote side. This then converts the operation to an ordinary STOR |
| upload. This was requested/pointed out by Ignacio Vazquez-Abrams. |
| |
| It also proved (and I fixed) a bug in the newly rewritten ftp code (and |
| present in the 7.13.1 release) when trying to resume an upload and the |
| servers returns an error to the SIZE command. libcurl then loops and sends |
| SIZE commands infinitely. |
| |
| - Dan Fandrich fixed a SSL problem introduced on February 9th that made |
| libcurl attempt to load the whole random file to seed the PRNG. This is |
| really bad since this turns out to be using /dev/urandom at times... |
| |
| Version 7.13.1 (4 March 2005) |
| |
| Daniel (4 March 2005) |
| - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate |
| the cookie "engine" without having to provide an empty or non-existing file. |
| |
| - Rene Rebe fixed a -# crash when more data than expected was retrieved. |
| |
| Daniel (22 February 2005) |
| - NTLM and ftp-krb4 buffer overflow fixed, as reported here: |
| http://www.securityfocus.com/archive/1/391042 and the CAN report here: |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 |
| |
| If these security guys were serious, we'd been notified in advance and we |
| could've saved a few of you a little surprise, but now we weren't. |
| |
| Daniel (19 February 2005) |
| - Ralph Mitchell reported a flaw when you used a proxy with auth, and you |
| requested data from a host and then followed a redirect to another |
| host. libcurl then didn't use the proxy-auth properly in the second request, |
| due to the host-only check for original host name wrongly being extended to |
| the proxy auth as well. Added test case 233 to verify the flaw and that the |
| fix removed the problem. |
| |
| Daniel (18 February 2005) |
| - Mike Dobbs reported a mingw build failure due to the lack of |
| BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by |
| configure when mingw is used. |
| |
| Daniel (17 February 2005) |
| - David in bug report #1124588 found and fixed a socket leak when libcurl |
| didn't close the socket properly when returning error due to failing |
| localbind |
| |
| Daniel (16 February 2005) |
| - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" |
| that picks NTLM. Thanks to David Byron letting me test NTLM against his |
| servers, I could quickly repeat and fix the problem. It turned out to be: |
| |
| When libcurl POSTs without knowing/using an authentication and it gets back |
| a list of types from which it picks NTLM, it needs to either continue |
| sending its data if it keeps the connection alive, or not send the data but |
| close the connection. Then do the first step in the NTLM auth. libcurl |
| didn't send the data nor close the connection but simply read the |
| response-body and then sent the first negotiation step. Which then failed |
| miserably of course. The fixed version forces a connection if there is more |
| than 2000 bytes left to send. |
| |
| Daniel (14 February 2005) |
| - The configure script didn't check for ENGINE_load_builtin_engines() so it |
| was never used. |
| |
| Daniel (11 February 2005) |
| - Removed all uses of strftime() since it uses the localised version of the |
| week day names and month names and servers don't like that. |
| |
| Daniel (10 February 2005) |
| - Now the test script disables valgrind-testing when the test suite runs if |
| libcurl is built shared. Otherwise valgrind only tests the shell that runs |
| the wrapper-script named 'curl' that is a front-end to curl in this case. |
| This should also fix the huge amount of reports of false positives when |
| valgrind has identified leaks in (ba)sh and not in curl and people report |
| that as curl bugs. Bug report #1116672 is one example. |
| |
| Also, the valgrind report parser has been adapted to check that at least one |
| of the sources in a stack strace is one of (lib)curl's source files or |
| otherwise it will not consider the problem to concern (lib)curl. |
| |
| - Marty Kuhrt streamlined the VMS build. |
| |
| Daniel (9 February 2005) |
| - David Byron fixed his SSL problems, initially mentioned here: |
| http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use |
| SSL_pending() as we should. |
| |
| - Converted lots of FTP code to a statemachine, so that the multi interface |
| doesn't block while communicating commands-responses with an FTP server. |
| |
| I've added a comment like BLOCKING in the code on all spots I could find |
| where we still have blocking operations. When we change curl_easy_perform() |
| to use the multi interface, we'll also be able to simplify the code since |
| there will only be one "internal interface". |
| |
| While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the |
| new CURLE_LOGIN_DENIED. The first one is now access denied to a function, |
| like changing directory or retrieving a file, while the second means that we |
| were denied login. |
| |
| The CVS tag 'before_ftp_statemachine' was set just before this went in, in |
| case of future need. |
| |
| - Gisle made the DICT code send CRLF and not just LF as the spec says so. |
| |
| Daniel (8 February 2005) |
| - Gisle fixed problems when libcurl runs out of memory, and worked on making |
| sure the proper error code is returned for those occations. |
| |
| Daniel (7 February 2005) |
| - Maruko pointed out a problem with inflate decompressing exactly 64K |
| contents. |
| |
| Daniel (5 February 2005) |
| - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing |
| PORT on ipv6-enabled hosts. |
| |
| - David Byron pointed out we could use BUFSIZE to read data (in |
| lib/transfer.c) instead of using BUFSIZE -1. |
| |
| Version 7.13.0 (1 February 2005) |
| |
| Daniel (31 January 2005) |
| - Added Lars Nilsson's htmltitle.cc example |
| |
| Daniel (30 January 2005) |
| - Fixed a memory leak when using the multi interface and the DO operation |
| failed (as in test case 205). |
| |
| - Fixed a valgrind warning for file:// operations. |
| |
| - Fixed a valgrind report in the url globbing code for the curl command line |
| tool. |
| |
| - Bugfixed the parser that scans the valgrind report outputs (in runtests.pl). |
| I noticed that it previously didn't detect and report the "Conditional jump |
| or move depends on uninitialised value(s)" error. When I fixed this, I |
| caught a few curl bugs with it. And then I had to spend time to make the |
| test suite IGNORE these errors when OpenSSL is used since it produce massive |
| amounts of valgrind warnings (but only of the "Conditional..." kind it |
| seems). So, if a test that requires SSL is run, it ignores the |
| "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead |
| of "valgrind OK". |
| |
| Daniel (29 January 2005) |
| - Using the multi interface, and doing a requsted a re-used connection that |
| gets closed just after the request has been sent failed and did not re-issue |
| a request on a fresh reconnect like the easy interface did. Now it does! |
| |
| - Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use |
| my new curl_easy_perform() that uses the multi interface to run the |
| request. It is a great testbed for the multi interface and I believe we |
| shall do it this way for real in the future when we have a successor to |
| curl_multi_fdset(). I've used this approach to detect and fix several of the |
| recent multi-interfaces issues. |
| |
| - Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some |
| bad assumptions. |
| |
| - multi interface: when a request is denied due to "Maximum redirects |
| followed" libcurl leaked the last Location: URL. |
| |
| - Connect failures with the multi interface was often returned as "connect() |
| timed out" even though the reason was different. |
| |
| Daniel (28 January 2005) |
| - KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two |
| curl_easy_perform() invokes. It was previously unlocked at disconnect, which |
| could mean that it remained locked between multiple transfers. The DNS cache |
| may not live as long as the connection cache does, as they are separate. |
| |
| To deal with the lack of DNS (host address) data availability in re-used |
| connections, libcurl now keeps a copy of the IP adress as a string, to be |
| able to show it even on subsequent requests on the same connection. |
| |
| The problem could be made to appear with this stunt: |
| |
| 1. create a multi handle |
| 2. add an easy handle |
| 3. fetch a URL that is persistent (leaves the connection alive) |
| 4. remove the easy handle from the multi |
| 5. kill the multi handle |
| 6. create a multi handle |
| 7. add the same easy handle to the new multi handle |
| 8. fetch a URL from the same server as before (re-using the connection) |
| |
| - Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work |
| when built ipv6-enabled. I've now made a fix for it. Writing test cases for |
| custom port hosts turned too tricky so unfortunately there's none. |
| |
| Daniel (25 January 2005) |
| - Ian Ford asked about support for the FTP command ACCT, and I discovered it |
| is present in RFC959... so now (lib)curl supports it as well. --ftp-account |
| and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an |
| account string after PASS have been sent away. The client responds |
| with "ACCT [account string]".) Added test case 228 and 229 to verify the |
| functionality. Updated the test FTP server to support ACCT somewhat. |
| |
| - David Shaw contributed a fairly complete and detailed autoconf test you can |
| use to detect libcurl and setup variables for the protocols the installed |
| libcurl supports: docs/libcurl/libcurl.m4 |
| |
| Daniel (21 January 2005) |
| - Major FTP third party transfer overhaul. |
| |
| These four options are now obsolete: CURLOPT_SOURCE_HOST, |
| CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before) |
| and CURLOPT_PASV_HOST. |
| |
| These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE. |
| |
| The target-side didn't use the proper path with RETR, and thus this only |
| worked correctly in the login path (i.e without doing any CWD). The source- |
| side still uses a wrong path, but the fix for this will need to wait. Verify |
| the flaw by using a source URL with included %XX-codes. |
| |
| Made CURLOPT_FTPPORT control weather the target operation should use PORT |
| (or not). The other side thus uses passive (PASV) mode. |
| |
| Updated the ftp3rdparty.c example source to use the updated options. |
| |
| Added support for a second FTP server in the test suite. Named... ftp2. |
| Added test cases 230, 231 and 232 as a few first basic tests of very simple |
| 3rd party transfers. |
| |
| Changed the debug output to include 'target' and 'source' when a 3rd party |
| is being made, to make it clearer what commands/responses came on what |
| connection. |
| |
| Added three new command line options: --3p-url, --3p-user and --3p-quote. |
| |
| Documented the command line options and the curl_easy_setopt options related |
| to third party transfers. |
| |
| (Temporarily) disabled the ability to re-use an existing connection for the |
| source connection. This is because it needs to force a new in case the |
| source and target is the same host, and the host name check is trickier now |
| when the source is identified with a full URL instead of a plain host name |
| like before. |
| |
| TODO (short-term) for 3rd party transfers: quote support. The options are |
| there, we need to add test cases to verify their functionality. |
| |
| TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc) |
| and SSL/TSL support. |
| |
| Daniel (20 January 2005) |
| - Philippe Hameau found out that -Q "+[command]" didn't work, although some |
| code was written for it. I fixed and added test case 227 to verify it. |
| The curl.1 man page didn't mention the '+' so I added it. |
| |
| Daniel (19 January 2005) |
| - Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL |
| contains %0a or %0d in the user, password or CWD parts. (A future fix would |
| include doing it for %00 as well - see KNOWN_BUGS for details.) Test case |
| 225 and 226 were added to verify this |
| |
| - Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled: |
| |
| 1) the proxy environment variables are still read and used to set HTTP proxy |
| |
| 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was |
| disabled). This is important since apps may want to disable HTTP proxy |
| without actually knowing if libcurl was built to disable HTTP or not. |
| |
| Based on Stephan's patch, both these issues should now be fixed. |
| |
| Daniel (18 January 2005) |
| - Cody Jones' enhanced version of Samuel DÃaz GarcÃa's MSVC makefile patch was |
| applied. |
| |
| Daniel (16 January 2005) |
| - Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl |
| assumed this used the DICT protocol. While guessing protocols will remain |
| fuzzy, I've now made sure that the host names must start with "[protocol]." |
| for them to be a valid guessable name. I also removed "https" as a prefix |
| that indicates HTTPS, since we hardly ever see any host names using that. |
| |
| Daniel (13 January 2005) |
| - Inspired by Martijn Koster's patch and example source at |
| http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the |
| select() and poll() calls properly loop if they return -1 and errno is |
| EINTR. glibc docs for this is found here: |
| http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html |
| |
| This last link says BSD doesn't have this "effect". Will there be a problem |
| if we do this unconditionally? |
| |
| Daniel (11 January 2005) |
| - Dan Torop cleaned up a few no longer used variables from David Phillips' |
| select() overhaul fix. |
| |
| - Cyrill Osterwalder posted a detailed analysis about a bug that occurs when |
| using a custom Host: header and curl fails to send a request on a re-used |
| persistent connection and thus creates a new connection and resends it. It |
| then sent two Host: headers. Cyrill's analysis was posted here: |
| http://curl.haxx.se/mail/archive-2005-01/0022.html |
| |
| - Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5 |
| problem with the version byte and the check for bad versions. Bruce has lots |
| of clues on this, and based on his suggestion I've now removed the check of |
| that byte since it seems to be able to contain 1 or 5. |
| |
| Daniel (10 January 2005) |
| - Pavel Orehov reported memory problems with the multi interface in bug report |
| #1098843. In short, a shared DNS cache was setup for a multi handle and when |
| the shared cache was deleted before the individual easy handles, the latter |
| cleanups caused read/writes to already freed memory. |
| |
| - Hzhijun reported a memory leak in the SSL certificate code, that leaked the |
| remote certificate name when it didn't match the used host name. |
| |
| Gisle (8 January 2005) |
| - Added Makefile.Watcom files (src/lib). Updated Makefile.dist. |
| |
| Daniel (7 January 2005) |
| - Improved the test script's valgrind log parser to actually work! Also added |
| the ability to disable the log scanner for specific test cases. Test case |
| 509 results in numerous problems and leaks in OpenSSL and has to get it |
| disabled. |
| |
| Daniel (6 January 2005) |
| - Fixed a single-byte read out of bounds in test case 39 in the curl tool code |
| (i.e not in the library). |
| |
| - Bug report #1097019 identified a problem when doing -d "data" with -G and |
| sending it to two URLs with {}. Added test 199 to verify the fix. |
| |
| Daniel (4 January 2005) |
| - Marty Kuhrt adjusted a VMS build script slightly |
| |
| - Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on |
| Win2000. |
| |
| Daniel (2 January 2005) |
| - Alex Neblett updated the MSVC makefiles slightly. |
| Daniel (25 December 2004) |
| - Removed src/config.h.in from CVS, it is now copied from the (generated) |
| lib/config.h.in instead, as they can very well be the same. This removes a |
| "manual hassle". You may want to re-run buildconf now. |
| |
| - Werner Koch filed Debian bug report #286794, mentioning that curl contained |
| non-free (by Debian's view) source code. This was Angus Mackay's |
| src/getpass.c source code. I tried to contact him about it to quickly solve |
| this issue, but his email addresses bounce and I got some time "over" and |
| reimplemented the functionality once brought by Angus. We no longer use any |
| of Angus' original code and the new function is much simpler (IMO). Issue |
| solved. |
| |
| Daniel (24 December 2004) |
| - David Shaw added --protocols to curl-config, so that it now lists all |
| protocols libcurl was built to support. --feature no longer lists disabled |
| protocols. |
| |
| Daniel (23 December 2004) |
| - David Shaw fixed the configure --disable-[protocol] variables so that |
| curl-config --feature now works correctly! |
| |
| Daniel (22 December 2004) |
| - Rune Kleveland fixed a minor memory leak for received cookies with the |
| (rare) version attribute set. |
| |
| - Marcin Konicki provided two configure fixes and a source fix to make curl |
| build out-of-the-box on BeOS. |
| |
| Daniel (21 December 2004) |
| - Added test case 217 that verified CURLINFO_HTTP_CONNECTCODE, and I made the |
| -w option support 'http_connect' to make it easier to verify! |
| |
| - Fixed lib/select.c include order to build fine on FreeBSD |
| |
| - Fixed failf()'s reuse of the va_list variable that crashed on FreeBSD. |
| Pointed out by Peter Pentchev. |
| |
| Version 7.12.3 (20 December 2004) |
| |
| Daniel (19 December 2004) |
| - I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e, |
| and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef |
| named 'free_func' and the OpenSSL headers have a prototype that uses |
| 'free_func' in one of its arguments. This is why the compile errors out. |
| |
| In other words, we need to include the openssl/pkcs12.h header before the |
| zlib.h header and it builds fine. The configure script now checks for this |
| file and it then gets included early in lib/urldata.h. |
| |
| Daniel (18 December 2004) |
| - Samuel Listopad added support for PKCS12 formatted certificates. |
| |
| - Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well. |
| |
| Daniel (16 December 2004) |
| - Gisle found and fixed a problem in the directory re-use for FTP. |
| |
| I added test case 215 and 216 to better verify the functionality. |
| |
| - Dinar in bug report #1086121, found a file handle leak when a multipart |
| formpost (including a file upload part) was aborted before the whole file |
| was sent. |
| |
| Daniel (15 December 2004) |
| - Tom Lee found out that globbing of strings with backslashes didn't work as |
| you'd expect. Backslashes are such a central part of windows file names that |
| forcing backslashes to have to be escaped with backslashes is a bit too |
| awkward to users. Starting now, you only need to escape globbing characters |
| such as the five letters: "[]{},". Added test case 214 to verify this. |
| |
| Daniel (14 December 2004) |
| - Harshal Pradhan patched a HTTP persistent connection flaw: if the user name |
| and/or password were modified between two requests on a persistent |
| connection, the second request were still made with the first setup! |
| |
| I added test case 519 to verify the fix. |
| |
| Daniel (13 December 2004) |
| - Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app |
| to list all available crypto ENGINES. |
| |
| - Gisle fixed bug report #1083542, which pointed out a problem with resuming |
| large file (>4GB) file:// transfers on windows. |
| |
| Daniel (11 December 2004) |
| - Made the test suite HTTP server (sws) capable of using IPv6, and then |
| extended the test environment to support that and also added three test |
| cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that |
| didn't work before the 10 dec fix by Kai Sommerfeld. |
| |
| - Made a failed file:// resume output an error message |
| |
| - Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c |
| |
| - Dan Fandrich: |
| |
| simplified and consolidated the SSL checks in configure and the usage of the |
| defines in lib/setup.h |
| |
| provided a first libcurl.pc.in file for pkg-config (but the result is not |
| installed anywhere at this point) |
| |
| extended the cross compile section in the docs/INSTALL file |
| |
| Daniel (10 December 2004) |
| - When providing user name in the URL and a IPv6-style IP-address (like in |
| "ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted |
| properly. Reported and fixed by Kai Sommerfeld. |
| |
| Daniel (9 December 2004) |
| - Ton Voon provided a configure fix that should fix the notorious (mostly |
| reported on Solaris) problem where the size_t check fails due to the SSL |
| libs being found in a dir not searched through by the run-time linker. |
| patch-tracker entry #1081707. |
| |
| - Bryan Henderson pointed out in bug report #1081788 that the curl-config |
| --vernum output wasn't zero prefixed properly (as claimed in documentation). |
| This is fixed in maketgz now. |
| |
| Daniel (8 December 2004) |
| - Matt Veenstra updated the mach-O framework files for Mac OS X. |
| |
| - Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where |
| libcurl always and unconditionally overwrote a stack-based array with 3 zero |
| bytes. This is not an exploitable buffer overflow. No need to get alarmed. |
| |
| Daniel (7 December 2004) |
| - Fixed so that the final error message is sent to the verbose info "stream" |
| even if no errorbuffer is set. |
| |
| Daniel (6 December 2004) |
| - Dan Fandrich added the --disable-cookies option to configure to build |
| libcurl without cookie support. This is mainly useful if you want to build a |
| minimalistic libcurl with no cookies support at all. Like for embedded |
| systems or similar. |
| |
| - Richard Atterer fixed libcurl's way of dealing with the EPSV |
| response. Previously, libcurl would re-resolve the host name with the new |
| port number and attempt to connect to that, while it should use the IP from |
| the control channel. This bug made it hard to EPSV from an FTP server with |
| multiple IP addresses! |
| |
| Daniel (3 December 2004) |
| - Bug report #1078066: when a chunked transfer was pre-maturely closed exactly |
| at a chunk boundary it was not considered an error and thus went unnoticed. |
| Fixed by Maurice Barnum. |
| |
| Added test case 207 to verify. |
| |
| Daniel (2 December 2004) |
| - Fixed the CONNECT loop to default timeout to 3600 seconds. |
| |
| Added test case 206 that makes CONNECT with Digest. |
| |
| Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user- |
| agent field. |
| |
| Daniel (30 November 2004) |
| - Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream |
| |
| - Dan also helped me with input data to create three more test cases for the |
| --compressed option. |
| |
| Daniel (29 November 2004) |
| - I improved the test suite to enable binary contents in the tests (by proving |
| it base64 encoded), like for testing decompress etc. Added test 220 and 221 |
| for this purpose. Tests can now also depend on libz to run. |
| |
| - As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285 |
| (http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an |
| IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables |
| the ability to transfer a file. Now, when connected to an FTP server with |
| IPv6, these FTP commands can't be disabled even if asked to with the |
| available libcurl options. |
| |
| Daniel (26 November 2004) |
| - As reported in Mandrake's bug tracker bug 12289 |
| (http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a |
| newline to "finish" the progress meter after each redirect and not only |
| after a completed transfer. |
| |
| Daniel (25 November 2004) |
| - FTP improvements: |
| |
| If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on |
| the same server again even if a following request is made using a persistent |
| connection. |
| |
| If a second request is made to a server, requesting a file from the same |
| directory as the previous request operated on, libcurl will no longer make |
| that long series of CWD commands just to end up on the same spot. Note that |
| this is only for *exactly* the same dir. There is still room for improvements |
| to optimize the CWD-sending when the dirs are only slightly different. |
| |
| Added test 210, 211 and 212 to verify these changes. Had to improve the |
| test script too and added a new primitive to the test file format. |
| |
| Daniel (24 November 2004) |
| - Andrés GarcÃa fixed the configure script to detect select properly when run |
| with Msys/Mingw on Windows. |
| |
| Daniel (22 November 2004) |
| - Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass |
| auth negotiation (NTLM, Digest and Negotiate), but instead use the request |
| keyword "properly". Details in lib/README.httpauth. This also introduces |
| CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the |
| "any" auth alternative as then libcurl may need to send the PUT/POST data |
| more than once and thus may need to ask the app to "rewind" the read data |
| stream to start. |
| |
| See also the new example using this: docs/examples/anyauthput.c |
| |
| - David Phillips enhanced test 518. I made it depend on a "feature" so that |
| systems without getrlimit() won't attempt to test 518. configure now checks |
| for getrlimit() and setrlimit() for this test case. |
| |
| Daniel (18 November 2004) |
| - David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE |
| file descriptors are in use. Test case 518 added to verify. |
| |
| Daniel (15 November 2004) |
| - To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and |
| num_redirects support to the -w writeout option for the command line tool. |
| |
| - Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as |
| documented. |
| |
| Daniel (12 November 2004) |
| - Gisle Vanem modigied the MSVC and Netware makefiles to build without |
| libcurl.def |
| |
| - Dan Fandrich added the --disable-crypto-auth option to configure to allow |
| libcurl to build without Digest support. (I figure it should also explicitly |
| disable Negotiate and NTLM.) |
| |
| - *** Modified Behaviour Alert *** |
| |
| Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET. |
| |
| Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting |
| CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make |
| a zero byte POST. Added test case 515 to verify this. |
| |
| Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516 |
| to verify this. |
| |
| CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know". |
| Setting it to zero simply says this is a zero byte POST. |
| |
| When providing POST data with a read callback, setting the size up front |
| is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE. |
| |
| Daniel (11 November 2004) |
| - Dan Fandrich added --disable-verbose to the configure script to allow builds |
| without verbose strings in the code, to save some 12KB space. Makes sense |
| only for systems with very little memory resources. |
| |
| - Jeff Phillips found out that a date string with a year beyond 2038 could |
| crash the new date parser on systems with 32bit time_t. We now check for |
| this case and deal with it. |
| |
| Daniel (10 November 2004) |
| - I installed Heimdal on my Debian box (using the debian package) and noticed |
| that configure --with-gssapi failed to create a nice build. Fixed now. |
| |
| Daniel (9 November 2004) |
| - Gisle Vanem marked all external function calls with CURL_EXTERN so that now |
| the Windows, Netware and other builds no longer need libcurl.def or similar |
| files. |
| |
| Daniel (8 November 2004) |
| - Made the configure script check for tld.h if libidn was detected, since |
| libidn 0.3.X didn't have such a header and we don't work with anything |
| before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version |
| of libidn which makes the curl 7.12.2 build fail. Jean-Philippe |
| Barrette-LaPierre helped pointing this out. |
| |
| - Ian Gulliver reported in debian bug report #278691: if curl is invoked in an |
| environment where stderr is closed the -v output will still be sent to file |
| descriptor 2 which then might be the network socket handle! Now we have a |
| weird hack instead that attempts to make sure that file descriptor 2 is |
| opened (with a call to pipe()) before libcurl is called to do the transfer. |
| configure now checks for pipe() and systems without pipe don't get the weird |
| hack done. |
| |
| Daniel (5 November 2004) |
| - Tim Sneddon made libcurl send no more than 64K in a single first chunk when |
| doing a huge POST on VMS, as this is a system limitation. Default on general |
| systems is 100K. |
| |
| Daniel (4 November 2004) |
| - Andres Garcia made it build on mingw againa, my --retry code broke the build. |
| |
| Daniel (2 November 2004) |
| - Added --retry-max-time that allows a maximum time that may not have been |
| reached for a retry to be made. If not set there is no maximum time, only |
| the amount of retries set with --retry. |
| |
| - Paul Nolan provided a patch to make libcurl build nicely on Windows CE. |
| |
| Daniel (1 November 2004) |
| - When cross-compiling, the configure script no longer attempts to use |
| pkg-config on the build host in order to detect OpenSSL compiler options. |
| |
| Daniel (27 October 2004) |
| - Dan Fandrich: |
| |
| An improvement to the gzip handling of libcurl. There were two problems with |
| the old version: it was possible for a malicious gzip file to cause libcurl |
| to leak memory, as a buffer was malloced to hold the header and never freed |
| if the header ended with no file contents. The second problem is that the |
| 64 KiB decompression buffer was allocated on the stack, which caused |
| unexpectedly high stack usage and overflowed the stack on some systems |
| (someone complained about that in the mailing list about a year ago). |
| |
| Both problems are fixed by this patch. The first one is fixed when a recent |
| (1.2) version of zlib is used, as it takes care of gzip header parsing |
| itself. A check for the version number is done at run-time and libcurl uses |
| that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that |
| can be commented out to save some code space if libcurl is guaranteed to be |
| using a 1.2 version of zlib. |
| |
| The second problem is solved by dynamically allocating the memory buffer |
| instead of storing it on the stack. The allocation/free is done for every |
| incoming packet, which is suboptimal, but should be dwarfed by the actual |
| decompression computation. |
| |
| I've also factored out some common code between deflate and gzip to reduce |
| the code footprint somewhat. I've tested the gzip code on a few test files |
| and I tried deflate using the freshmeat.net server, and it all looks OK. I |
| didn't try running it with valgrind, however. |
| |
| - Added a --retry option to curl that takes a numerical option for the number |
| of times the operation should be retried. It is retried if a transient error |
| is detected or if a timeout occurred. By default, it will first wait one |
| second between the retries and then double the delay time between each retry |
| until the delay time is ten minutes which then will be the delay time |
| between all forthcoming retries. You can set a static delay time with |
| "--retry-delay [num]" where [num] is the number of seconds to wait between |
| each retry. |
| |
| Daniel (25 October 2004) |
| - Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a |
| file that was already completely downloaded caused an error, while it |
| doesn't if you don't use --fail! I added test case 194 to verify the fix. |
| Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in |
| libcurl v8 due to all the kludges needed to support it. |
| |
| - Mohun Biswas found out that formposting a zero-byte file didn't work very |
| good. I fixed. |
| |
| Daniel (19 October 2004) |
| - Alexander Krasnostavsky made it possible to make FTP 3rd party transfers |
| with both source and destination being the same host. It can be useful if |
| you want to move a file on a server or similar. |
| |
| - Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure |
| out how many new connects a previous transfer required. |
| |
| I added %{num_connects} to the curl tool and added test case 192 and 193 |
| to verify the new code. |
| |
| Daniel (18 October 2004) |
| - Peter Wullinger pointed out that curl should call setlocale() properly to |
| initiate the specific language operations, to make the IDN stuff work |
| better. |
| |
| Version 7.12.2 (18 October 2004) |
| |
| Daniel (16 October 2004) |
| - Alexander Krasnostavsky made the CURLOPT_FTP_CREATE_MISSING_DIRS option work |
| fine even for third party transfers. |
| |
| - runekl at opoint.com found out (and provided a fix) that libcurl leaked |
| memory for cookies with the "max-age" field set. |
| |
| Gisle (16 October 2004) |
| - Issue 50 in TODO-RELEASE; Added Traian Nicolescu's patches for threaded |
| resolver on Windows. Plugged some potential handle and memory leaks. |
| |
| Daniel (14 October 2004) |
| - Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user |
| name and password fields properly in URLs, like |
| ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. |
| |
| Daniel (11 October 2004) |
| - libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or |
| later is one) to inhibit the SIGPIPE signal when writing to a socket while |
| the peer dies. The same effect is provide by the MSG_NOSIGNAL parameter to |
| send() on other systems. Alan Pinstein verified the fix. |
| |
| Daniel (10 October 2004) |
| - Systems with 64bit longs no longer use strtoll() or our strtoll- replacement |
| to parse 64 bit numbers. strtol() works fine. Added a configure check to |
| detect if [constant]LL works and if so, use that in the strtoll replacement |
| code to work around compiler warnings reported by Andy Cedilnik. |
| |
| Gisle (6 October 2004) |
| - For USE_LIBIDN builds: Added Top-Level-Domain (TLD) check of host-name |
| used in fix_hostname(). Checks if characters in 'host->name' (indirectly |
| via 'ace_hostname') are legal according to the TLD tables in libidn. |
| |
| Daniel (6 October 2004) |
| - Chih-Chung Chang reported that if you use CURLOPT_RESUME_FROM and enabled |
| CURLOPT_FOLLOWLOCATION, libcurl reported error if a redirect happened even |
| if the new URL would provide the resumed file. Test case 188 added to verify |
| the fix (together with existing test 99). |
| |
| - Dan Fandrich fixed a configure flaw for systems that need both nsl and socket |
| libs to use gethostbyname(). |
| |
| - Removed tabs and trailing whitespace from lots of source files. |
| |
| Daniel (5 October 2004) |
| - Made configure --with-libidn=PATH try the given PATH before the default |
| paths to make it possible to override. |
| |
| - If idna_strerror() is present in libidn, we can use that instead of our |
| internal replacement. This function was added by Simon in libidn 0.5.6 and |
| is detected by configure. |
| |
| - It seems basename() on IRIX is in the libgen library and since we don't use |
| that, configure finds libgen.h but not basename and then we get a compiler |
| error because our basename() replacement doesn't match the proto in |
| libgen.h. Starting now, we don't include the file if basename wasn't found |
| as well. |
| |
| Daniel (4 October 2004) |
| - Chris found a race condition resulting in CURLE_COULDNT_RESOLVE_HOST and |
| potential crash, in the windows threaded name resolver code. |
| |
| Daniel (3 October 2004) |
| - Replaced the use of isspace() in cookie.c with our own version instead since |
| we have most data as 'char *' and that makes us pass in negative values if |
| there is 8bit data in the string. Changing to unsigned causes too much |
| warnings or too many required typecasts to the normal string functions. |
| Harshal Pradhan identified this problem. |
| |
| Daniel (2 October 2004) |
| - Bertrand Demiddelaer found a case where libcurl could read already freed |
| data when CURLOPT_VERBOSE is used and a (very) persistent connection. It |
| happened when the dns cache entry for the connection was pruned while the |
| connection was still alive and then again re-used. We worked together on |
| this fix. |
| |
| - Gisle Vanem provided code that displays an error message when the (libidn |
| based) IDN conversion fails. This is really due to a missing suitable |
| function in the libidn API that I hope we can remove once libidn gets a |
| function like this. |
| |
| Daniel (1 October 2004) |
| - Aleksandar Milivojevic reported a problem in the Redhat bugzilla (see |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134133) and not to |
| anyone involved in the curl project! This happens when you try to curl a |
| file from a proftpd site using SSL. It seems proftpd sends a somewhat |
| unorthodox response code (232 instead of 230). I relaxed the response code |
| check to deal with this and similar cases. |
| |
| - Based on Fedor Karpelevitch's formpost path basename patch, file parts in |
| formposts no longer include the path part. If you _really_ want them, you |
| must provide your preferred full file name with CURLFORM_FILENAME. |
| |
| Added detection for libgen.h and basename() to configure. My custom |
| basename() replacement function for systems without it, might be a bit too |
| naive... |
| |
| Updated 6 test cases to make them work with the stripped paths. |
| |
| Daniel (30 September 2004) |
| - Larry Campbell added CURLINFO_OS_ERRNO to curl_easy_getinfo() that allows an |
| app to retrieve the errno variable after a (connect) failure. It will make |
| sense to provide this for more failures in a more generic way, but let's |
| start like this. |
| |
| - Günter Knauf and Casey O'Donnell worked out an extra #if condition for the |
| curl/multi.h header to work better in winsock-using apps. |
| |
| - Jean-Philippe Barrette-LaPierre made buildconf run better on Mac OS X by |
| properly using glibtoolize instead of plain libtoolize. (This is made if |
| glibtool was found and used instead of plain libtool.) |
| |
| Daniel (29 September 2004) |
| - Bertrand Demiddelaer fixed curl_easy_reset() so that it doesn't mistakingly |
| enable the progress meter. |
| |
| Daniel (28 September 2004) |
| - "Mekonikum" found out that if you built curl without SSL support, although |
| your current SSL installation supports Engine, the compile fails. |
| |
| Daniel (27 September 2004) |
| - When --with-ssl=PATH is used to the configure script, it no longer uses |
| pkg-config to figure out extra details. That is now only done if no PATH is |
| included or if SSL is checked for by default without the --with-ssl option. |
| |
| Daniel (25 September 2004) |
| - Peter Sylvester pointed out that CURLOPT_SSLENGINE couldn't even be set to |
| NULL when no engine was supported. It can now. |
| |
| Daniel (22 September 2004) |
| - Dan Fandrich fixed three test cases to no longer use "localhost" but instead |
| use "127.0.0.1" to avoid requiring that localhost resolves nicely. |
| |
| - Jean-Claude Chauve fixed an LDAP crash when more than one record was |
| retrieved. |
| |
| Daniel (19 September 2004) |
| - Andreas Rieke pointed out that when attempting to connect to a host without |
| a service on the specified port, curl_easy_perform() didn't properly provide |
| an error message in the CURLOPT_ERRORBUFFER buffer. |
| |
| Daniel (16 September 2004) |
| - Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from |
| http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl |
| when "AUTH SSL" is issued (although the server responds fine and everything) |
| but requires that curl issues "AUTH TLS" instead. See |
| http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes |
| |
| Introducing CURLOPT_FTPSSLAUTH that allows the application to select which |
| of the AUTH strings to attempt first. |
| |
| - Anonymous filed bug report #1029478 which identified a bug when you 1) used |
| a URL without properly seperating the host name and the parameters with a |
| slash. 2) the URL had parameters to the right of a ? that contains a slash |
| 3) curl was told to follow Location:s 4) the request got a response that |
| contained a Location: to redirect to "/dir". curl then appended the new path |
| on the wrong position of the original URL. |
| |
| Test case 187 was added to verify that this was fixed properly. |
| |
| Daniel (11 September 2004) |
| - Added parsedate.c that contains a rewrite of the date parser currently |
| provided by getdate.y. The new one is MUCH smaller and will allow us to run |
| away from the yacc/bison jungle. It is also slightly lacking in features |
| compared to the old one, but it supports parsing of all date formats HTTP |
| involves (and a fair bunch of others). |
| |
| Daniel (10 September 2004) |
| - As found out by Jonas Forsman, curl didn't allow -F to set Content-Type on |
| text-parts. Starting now, we can do -F "name=daniel;type=text/extra". Added |
| test case 186 to verify. |
| |
| - Bug report #1025986. When following a Location: with a custom Host: header |
| replacement, curl only replaced the Host: header on the initial request |
| and didn't replace it on the following ones. This resulted in requests with |
| two Host: headers. |
| |
| Now, curl checks if the location is on the same host as the initial request |
| and then continues to replace the Host: header. And when it moves to another |
| host, it doesn't replace the Host: header but it also doesn't make the |
| second Host: header get used in the request. |
| |
| This change is verified by the two new test cases 184 and 185. |
| |
| Daniel (8 September 2004) |
| - Modified the test suite to be able to use and run with customized port |
| numbers. This was always intended but never before possible. Now a simple |
| change in the runtests.pl script can make all tests use different ports. |
| The default ports in use from now on are 8990 to 8993. |
| |
| Daniel (2 September 2004) |
| - Minor modification of an SSL-related error message. |
| |
| Daniel (31 August 2004) |
| - David Tarendash found out that curl_multi_add_handle() returned |
| CURLM_CALL_MULTI_PERFORM instead of CURLM_OK. |
| |
| Daniel (30 August 2004) |
| - Make "Proxy-Connection: close" close the current proxy connection, as Roman |
| Koifman found out. |
| |
| Daniel (24 August 2004) |
| - Fixed a getdate problem by post-replacing the getdate.c file after the |
| bison/yacc process to add the fix Harshal Pradhan suggested. The problem |
| caused a crash on Windows when parsing some dates. |
| |
| Daniel (23 August 2004) |
| - Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs |
| even when told to use HTTP 1.0, which is not correct. Test case 180 and |
| 181 verify this. |
| |
| - Added test case 182 to verify that zero byte transfers call the callback |
| properly. |
| |
| Daniel (20 August 2004) |
| - Alexander Krasnostavsky made the write callback get called even when a zero |
| byte file is downloaded. |
| |
| Daniel (18 August 2004) |
| - Ling Thio pointed out that when libcurl is built ipv6-enabled, it still did |
| reverse DNS lookups when fed with a numerical IP-address (like |
| http://127.0.0.1/), although it doesn't when built ipv6-disabled. libcurl |
| should never do reverse lookups. |
| |
| Daniel (17 August 2004) |
| - Kjetil Jacobsen noticed that when transferring a file:// URL pointing to an |
| empty file, libcurl would return with the file still open. |
| |
| - Alexander Krasnostavsky pointed out that the configure script needs to define |
| _THREAD_SAFE for AIX systems to make libcurl built really thread-safe. |
| |
| Also added a check for the xlc compiler on AIX, and if that is detect we use |
| the -qthreaded compiler option |
| |
| Daniel (16 August 2004) |
| - libcurl now allows a custom "Accept-Encoding:" header override the |
| internally set one that gets set with CURLOPT_ENCODING. Pointed out by Alex. |
| |
| - Roland Krikava found and fixed a cookie problem when using a proxy (the |
| path matching was wrong). I added test case 179 to verify that we now do |
| right. |
| |
| Daniel (15 August 2004) |
| - Casey O'Donnell fixed some MSVC makefile targets to link properly. |
| |
| Daniel (11 August 2004) |
| - configure now defines _XOPEN_SOURCE to 500 on systems that need it to build |
| warning-free (the only known one so far is non-gcc builds on 64bit SGI |
| IRIX). (Reverted this change later as it caused compiler errors.) |
| |
| - the FTP code now includes the server response in the error message when the |
| server gives back a 530 after the password is provided, as it isn't |
| necessary because of a bad user name or password. |
| |
| Version 7.12.1 (10 August 2004) |
| |
| Daniel (10 August 2004) |
| - In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is |
| already UTF-8 encoded. This made the certificate verification fail if the |
| remote server used a certificate with the name UTF-8 encoded. |
| |
| Work-around brought by Alexis S. L. Carvalho. |
| |
| Daniel (9 August 2004) |
| - I fixed the configure script for krb4 to use -lcom_err as well, as I started |
| to get link problems with it unless I did that on my Solaris 2.7 box. I |
| don't understand why I started to get problems with this now! |
| |
| Daniel (5 August 2004) |
| - Enrico Scholz fixed the HTTP-Negotiate service name to be uppercase as |
| reported in bug report #1004105 |
| |
| Daniel (4 August 2004) |
| - Gisle Vanem provided a fix for the multi interface and connecting to a host |
| using multiple IP (bad) addresses. |
| |
| - Dylan Salisbury made libcurl no longer accept cookies set to a TLD only (it |
| previously allowed that on the seven three-letter domains). |
| |
| Daniel (31 July 2004) |
| - Joel Chen reported that the digest code assumed quotes around the contents a |
| bit too much. |
| |
| Daniel (28 July 2004) |
| - Bertrand Demiddelaer fixed the host name to get setup properly even when a |
| connection is re-used, when a proxy is in use. Previously the wrong Host: |
| header could get sent when re-using a proxy connection to a different target |
| host. |
| |
| - Fixed Brian Akins' reported problems with duplicate Host: headers on re-used |
| connections. If you attempted to replace the Host: header in the second |
| request, you got two such headers! |
| |
| - src/Makefile.am now includes the Makefile.inc file to get info about files |
| |
| Daniel (26 July 2004) |
| - Made "curl [URL] -o name#2" work as expected. If there's no globbing for the |
| #-number, it will simply be used as #2 in the file name. |
| |
| - Bertrand Demiddelaer fixed testing with valgrind 2.1.x and added two missing |
| newlines in the cookie informationals. |
| |
| Daniel (24 July 2004) |
| - I fixed the autobuilds with ares, since they now need to have buildconf run |
| in the ares dir before the configure script is run. |
| |
| - Added Casey O'Donnell's curl_easy_reset() function. It has a proto in |
| curl/curl.h but we have no man page yet. |
| |
| Daniel (20 July 2004) |
| - Added buildconf and buildconf.bat to the release archives, since they are |
| handy for rebuilding curl when using a daily snapshot (and not a pure CVS |
| checkout). |
| |
| Daniel (16 July 2004) |
| - As suggested by Toby Peterson, libcurl now ignores Content-Length data if the |
| given size is a negative number. Test case 178 verifies this. |
| |
| Daniel (14 July 2004) |
| - Günter Knauf has made the Netware builds do without the config-netware.h |
| files, so they are now removed from the dist packages. |
| |
| - Günter Knauf made curl and libcurl build with Borland again. |
| |
| - Andres Garcia fixed the common test 505 failures on windows. |
| |
| Daniel (6 July 2004) |
| - Andrés GarcÃa found out why the windows tests failed on file:// "uploads". |
| |
| Daniel (2 July 2004) |
| - Andrés GarcÃa reported a curl_share_cleanup() crash that occurs when no |
| lock/unlock callbacks have been set and the share is cleaned up. |
| |
| Daniel (1 July 2004) |
| - When using curl --trace or --trace-ascii, no trace messages that were sent |
| by curl_easy_cleanup() were included in the trace file. This made the |
| message "Closing connection #0" never appear in trace dumps. |
| |
| Daniel (30 June 2004) |
| - Niels van Tongeren found that setting CURLOPT_NOBODY to TRUE doesn't disable |
| a previously set POST request, making a very odd request get sent (unless |
| you disabled the POST) a HEAD request with a POST request-body. I've now |
| made CURLOPT_NOBODY enforce a proper HEAD. Added test case 514 for this. |
| |
| Daniel (29 June 2004) |
| - Günter Knauf made the testcurl.pl script capable of using a custom setup |
| file to easier run multiple autobuilds on the same source tree. |
| |
| - Gisle fixed the djgpp build and fixed a memory problem in some of the |
| reorged name resolved code. |
| |
| - Fixed code to allow connects done using the multi interface to attempt the |
| next IP when connecting to a host that resolves to multiple IPs and a |
| connect attempt fails. |
| |
| Daniel (27 June 2004) |
| - Based on Rob Stanzel's bug report #979480, I wrote a configure check that |
| checks if poll() can be used to wait on NULL as otherwise select() should be |
| used to do it. The select() usage was also fixed according to his report. |
| |
| Mac OS X 10.3 says "poll() functionality for Mac OS X is implemented via an |
| emulation layer on top of select(), not in the kernel directly. It is |
| recommended that programs running under OS X 10.3 prefer select() over |
| poll(). Configure scripts should look for the _POLL_EMUL_H_ define (instead |
| of _POLL_H_ or _SYS_POLL_H_) and avoid implementations where poll is not |
| implemented in the kernel." |
| |
| Yes, we can probably use select() on most platforms but today I prefered to |
| leave the code unaltered. |
| |
| Daniel (24 June 2004) |
| - The standard curl_version() string now only includes version info about |
| involved libraries and not about particular features. Thus it will no longer |
| include info about ipv6 nor GSS. That info is of course still available in |
| the feature bitmask curl_version_info() offers. |
| |
| - Replaced all occurances of sprintf() with snprintf(). This is mostly because |
| it is "A Good Thing" rather than actually fixing any known problem. This |
| will help preventing future possible mistakes to cause buffer overflows. |
| |
| - Major reorganization in the host resolve code (again). This time, I've |
| modified the code to now always use a linked list of Curl_addrinfo structs |
| to return resolved info in, no matter what resolver method or support that |
| is available on the platform. It makes it a lot easier to write code that |
| uses or depends on resolved data. |
| |
| Internally, this means amongst other things that we can stop doing the weird |
| "increase buffer size until it works" trick when resolving hosts on |
| ipv4-only with gethostbyname_r(), we support socks even on libcurls built |
| with ipv6 enabled (but only to socks servers that resolve to an ipv4 |
| address) and we no longer deep-copy or relocate hostent structs (we create |
| Curl_addrinfo chains instead). |
| |
| The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai() |
| and is slightly naive and simple, yet I believe it is functional enough to |
| work for libcurl. |
| |
| Daniel (22 June 2004) |
| - David Cohen pointed out that RFC2109 says clients should allow cookies to |
| contain least 4096 bytes while libcurl only allowed 2047. I raised the limit |
| to 4999 now and made the used buffer get malloc()ed instead of simply |
| allocated on stack as before. Extended test case 46 to include a cookie with |
| very huge content to verify the fix. |
| |
| - Günter Knauf fixed getdate.y to remove a few warnings. I removed the |
| ifdef'ed test we never ever use anyway. |
| |
| - Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter |
| anywhere in the wildcard string, support multiple '*'-letters in the |
| wildcard and to allow the '*'-letter to match a string that includes a dot. |
| |
| Daniel (21 June 2004) |
| - testcurl.sh is now removed completely, tests/testcurl.pl is the script to |
| use when autobuilding curl! |
| |
| - Kjetil Jacobsen brought my attention to the fact that you cannot properly |
| abort an upload with the readfunction callback, since returning 0 or -1 only |
| stops the upload and libcurl will continue waiting for downloaded data and |
| the server often waits for the rest of the upload data to arrive. |
| |
| Thus, I've now added the ability for read callbacks to return |
| CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop |
| the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code. |
| |
| Test case 513 was added to verify that it works. I had to improve the test |
| HTTP server too to dump the request to a file even when the client |
| disconnects prematurely. |
| |
| Daniel (19 June 2004) |
| - Luca Alteas provided a test case with a failing curl operation: when we POST |
| to a site with --digest (or similar) set, and the server responded with a 302 |
| Location: to the "authprobe" request, it was not treated correctly. We still |
| will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not |
| in the mood to dive into this right now and will leave it as-is for now. |
| Verified my fix with test case 177. |
| |
| Daniel (18 June 2004) |
| - Gisle Vanem's patch that provides more details from the SSL layers (if you |
| use an OpenSSL version that supports it). It also introduces two new types |
| of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and |
| CURLINFO_SSL_DATA_OUT. |
| |
| - With David Byron's test server I could repeat his problem and make sure that |
| POSTing over HTTPS:// with NTLM works fine now. There was a general problem |
| with multi-pass authentication with non-GET operations with CONNECT. |
| |
| Daniel (16 June 2004) |
| - Modified to keep the upload byte counter in an curl_off_t, not an int as |
| before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire |
| reported that makes 2GB FTP uploads to report error ("unaligned file sizes") |
| when completed. |
| |
| Daniel (15 June 2004) |
| - Luca Alteas reported a problem that I fixed: if you did a POST with |
| CURLAUTH_DIGEST set but the server didn't require any authentication, |
| libcurl would repeatedly send HEAD lots of times until it gives up. This was |
| actually the case for all multi-pass authentications. Added test case 174, |
| 175 and 176 to verify this. |
| |
| Daniel (14 June 2004) |
| - Multipart formposts uploading files no longer inserts the files themselves |
| into the huge prebuilt chunk. This enables libcurl to formpost files that is |
| larger than the amount of system memory. When the file given is passed on |
| stdin, libcurl still uses the old method of reading the full fill before the |
| upload takes place. This approach was selected in order to not alter the |
| behavior for existing applications, as when using stdin libcurl can't know |
| the size of the upload and chunked transfer-encoding can only be used on |
| HTTP 1.1 servers. |
| |
| Daniel (13 June 2004) |
| - Gisle found out that we did wildcard cert name checks wrong, so that parts |
| of the check wrongly was case sensitive. |
| |
| Daniel (11 June 2004) |
| - Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS |
| machine. He also had some interesting libcurl patches... they might be able |
| to do in a slightly nicer way. Discussions are in progress. |
| |
| Daniel (10 June 2004) |
| - Gisle Vanem brought code cleanupsm better verbose output and better connect |
| timeout handling when attempting to connect to a host that resolves to |
| multiple IP addresses. |
| |
| - Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the |
| path after a file:// transfer. |
| |
| Daniel (9 June 2004) |
| - Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl |
| without HTTP support. I added a new return code for curl_formadd() in case |
| libcurl is built with HTTP disable: CURL_FORMADD_DISABLED. |
| |
| - Alexander Krasnostavsky pointed out a missing file in the generated |
| curllib.dsp file, and now people building with this should get a libcurl.lib |
| file generated as it used to do before we generated this file. |
| |
| Daniel (8 June 2004) |
| - Marty Kuhrt fixed a minor build problem for VMS. |
| |
| Daniel (7 June 2004) |
| - Reverted the configure check from the 4th since it obviously didn't work. |
| Remade it in a different manner that hopefully works better. |
| |
| Daniel (4 June 2004) |
| - Günter Knauf brought patches to make curl build fine on NetWare again. |
| |
| - Made the configure checks for strerror_r() not exit the configure script |
| when built for cross-compiling. |
| |
| Daniel (3 June 2004) |
| - Chris Gaukroger pointed out that 'make test' attempts to run the tests even |
| if curl is built cross-compiled. I've now made it output a short message |
| instead, saying it isn't possible to do. |
| |
| - Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl. |
| You can now use libcurl to transfer files between two remote hosts using |
| FTP. There are a bunch of new options to control this with: |
| CURLOPT_SOURCE_HOST |
| CURLOPT_SOURCE_USERPWD |
| CURLOPT_SOURCE_PATH |
| CURLOPT_SOURCE_PORT |
| CURLOPT_PASV_HOST |
| CURLOPT_SOURCE_PREQUOTE |
| CURLOPT_SOURCE_POSTQUOTE |
| |
| (They still remain to be documented properly in the curl_easy_setopt man |
| page.) |
| |
| When using this, the ordinary CURLOPT_URL specifies the target URL, and you |
| specify the source data with these additional options. ftp3rdparty.c is a |
| new example source code showing how to use this. |
| |
| - Vincent Bronner fixed the HTTP Digest code to use the proxy user name and |
| password when doing proxy authentication, it previously always used the host |
| user name and password! |
| |
| Daniel (2 June 2004) |
| - CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which |
| fixes some old confusions on when which of these should be used and what the |
| differences are. |
| |
| - Applied Gisle's fixes to make curl build fine with lcc-win32 |
| |
| Version 7.12.0 (2 June 2004) |
| |
| Daniel (1 June 2004) |
| - I clarified the --create-dirs option somewhat in the curl man page. |
| |
| - Renaud Duhaut corrected the curl_unescape man page. |
| |
| - David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile |
| changes to now again use the mm lib by default. |
| |
| Daniel (26 May 2004) |
| - Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl |
| Makefile |
| |
| - David Byron reported a problem with proxy authentication when doing CONNECT, |
| like when accessing HTTPS sites wiht a proxy. This probably broke when I |
| rewrote the auth stuff recently. |
| |
| - I added fileupload.c in the examples directory, showing how an upload to a |
| file:// URL is made. |
| |
| Daniel (25 May 2004) |
| - Massimiliano Ziccardi updated the MSVC makefiles. |
| |
| Daniel (24 May 2004) |
| - libcurl now supports "uploading" to file:// URLs. Test 204 and 205 were |
| added to verify. |
| |
| - Simon Josefsson added a idn_free() function in libidn 0.4.5 as a reaction to |
| Gisle's previous mail. We now use this function, and thus we require libidn |
| 0.4.5 or later. No earlier version will do. |
| |
| - Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE could |
| not be used both in one request. Fixed it and added test case 172 to verify. |
| |
| Daniel (21 May 2004) |
| - While talking to host a.b.c, libcurl did wrongly not accept cookies that |
| were set to the domain .a.b.c (that is with a dot prefix). This is now fixed |
| and test case 171 verifies it. |
| |
| Daniel (20 May 2004) |
| - Jesse Noller reported that the upload speed info reported by libcurl was |
| wrong. The same was true for the download speed. Fixed now. |
| |
| Daniel (19 May 2004) |
| - David Byron added test case 170 - this used to crash the previous version of |
| curl. |
| |
| Daniel (17 May 2004) |
| - Peter Sylvester's patch that addresses two flaws in the peer certificate |
| name verification: |
| o when multiple common names are used (as in the curl tests), the last name |
| needs to be selected. |
| o allow comparing with encoded values, at least with BMP and ISO latin1 |
| encoded T61strings. |
| |
| - All 191 test cases run through the torture test OK! 'make test-torture' is |
| now available in the root makefile (on configure-based environments). |
| |
| Daniel (14 May 2004) |
| - With a slightly modified ftpserver.pl I've now run almost all tests through |
| with runtests.pl -t. This is goodness! |
| |
| - Since I have been unable to contact the CVS admins for several months, I've |
| decided that the current CVS hosting was not good enough. I've now moved the |
| CVS repo once again, see README for updated cvs checkout instructions. |
| |
| Daniel (13 May 2004) |
| - runtests.pl -t now runs fine all the way to test 100. I believe test case |
| 100 fails because of an FTP server problem. |
| |
| Daniel (12 May 2004) |
| - General cleanups all over to make libcurl survive and do well when a memory |
| function returns NULL. runtests.pl -t now works fine for the first 26 test |
| cases. |
| |
| Daniel (11 May 2004) |
| - Seshubabu Pasam provided a patch that introduces curl_global_init_mem() - |
| like normal curl_global_init() but allows the app to replace all memory |
| functions with its own set. I modified it slightly. |
| |
| - Based on Luca Alteas' comments, I modified the curllib.dsp generation code. |
| |
| Daniel (10 May 2004) |
| - Gisle mailed Simon Josefsson (of libidn fame) about the benefits of a |
| separate free()-function by that lib to make sure the memory is freed by the |
| same memory subsystem that allocated it. He responded positively and this |
| will likely cause us to require a newer version of libidn as soon as Simon |
| releases one with such a libidn_free() function. |
| |
| - James Bursa made runtests.pl's -t option work for any given test case, and I |
| edited to allow -g too. Not even test case 1 worked... |
| |
| - Luca Altea made the nc= field not use quotes in outgoing HTTP Digest headers. |
| |
| - Andrés GarcÃa fixed a problem in the test script that made it fail to |
| recognize our own running HTTP server. |
| |
| Daniel (7 May 2004) |
| - James Bursa fixed the memanalyze.pl script to conder malloc(0) areas OK to |
| free() and he made two failed-resolve error messages use the new display- |
| name instead of the internally-used name. |
| |
| - Gisle Vanem tried curl with |
| www.etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com |
| which caused problems, and I fixed the single zero byte buffer overwrite |
| that occurred (due to a stupid protocol buffer size and parser). |
| |
| - Made the lib/curllib.dsp file get generated automaticly when a distribution |
| package is made, with the msvcproj.* files as templates and all |
| win32-sources added. I think this can be made to work better than the always |
| lagging-behind previous approach. I'm not sure this builds a working project |
| file right now though! |
| |
| Daniel (6 May 2004) |
| - Michael Benedict brought a fix that fills in the errorbuffer properly when |
| ares fails to resolve a name for a case not previously dealt with like this. |
| |
| Daniel (5 May 2004) |
| - Joe Halpin fixed the annoying typecast warning in lib/ldap.c |
| |
| - Gisle Vanem fixes: |
| o memdebug to not access NULL on several places |
| o libcurl.def; curl_formparse is gone. |
| o progress.c; fixed the percent values being trunced to 0. |
| o if2ip.*; constified the 'interface' argument. |
| |
| - Tor Arntsen reported that many of his autobuilds froze and I found and fixed |
| a problem introduced with the HTTP auth overhaul that could lead to a |
| never-ending internal request-loop due to un-initialized variables! |
| |
| - Removed several compiler warnings on various compilers/platforms. |
| |
| Daniel (4 May 2004) |
| - curl_formparse() has been removed from the library. It has been marked and |
| mentioned as deprecated for several years. |
| |
| Daniel (3 May 2004) |
| - Rewritten HTTP authentication code. The previous code could not properly |
| deal with the added test cases 167, 168 and 169. I've now rewritten the code |
| to better separate host and proxy authentication and not re-use the same |
| variables as much as before as it proved non working in the more involved |
| cases. All the current tests run OK now, and so do the new ones. The curl |
| tool got a new option named --proxy-digest to enable HTTP Digest |
| authentication with the proxy. I also made the library support it. |
| |
| - Gisle Vanem made the LDAP code work with wldap32.dll as supplied with |
| Win-98/ME/2000/XP, so no extra .dlls are required when curl/libcurl is used |
| on these Windows versions. |
| |
| Daniel (30 April 2004) |
| - runtests.pl now scans the valgrind log for valgrind-detected memory leaks |
| after each test case if valgrind was found and used. |
| |
| - I modified the app-code in curl to include the new lib/curlx.h and only |
| access those functions using the curlx_-prefix in preparation for the future |
| removal of several curl_-functions from the public libcurl API. |
| |
| - Introduced lib/curlx.h as a single header to provide the curlx_-functions |
| to apps. |
| |
| - Added notices in the man pages for curl_getenv, curl_mprintf, curl_strequal |
| and curl_strnequal that they are subject for removal in a future release. |
| STOP USING THESE FUNCTIONS. |
| |
| - Mihai Ionescu noticed he couldn't do formposts with whitespace in the file |
| names and yes, I broke that on April 23. Sigh. I fixed it now and added |
| test case 166 to verify it. |
| |
| - Luca Altea pointed out a mistake left from the Digest patch of yesterday. |
| |
| Daniel (29 April 2004) |
| - Made IDN domains work when sending requsts over HTTP proxy as well. Added |
| test case 165 to verify the functionality. |
| |
| - Fixed a bug in the new internal host name setup when re-using connections. |
| |
| - James Bursa found out that curl_easy_duphandle() with ares-built libcurl |
| created a bad handle that would crash in the first name resolve attempt. This |
| is now fixed and test case 512 was added to verify it. |
| |
| - Luca Altea provided a major HTTP Digest code fix and cleanup. We now follow |
| the Digest RFC a lot better. |
| |
| - Gisle Vanem made the SSL code use ERR_error_string_n() where applicable. |
| |
| Daniel (27 April 2004) |
| - I remodeled Gisle's IDN code slightly and now we convert both the host name |
| and proxy name to the ACE encoded version to use internally for resolves and |
| cookies etc. They are now using one 'struct hostname' each that keep both |
| the original name and the possibly encoded name. IDN resolves work for me |
| now using ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to |
| do right. I got some failures at first when CHARSET wasn't set at all which |
| confused libidn completely and it decided by encoding of choice was |
| 'ANSI_X3.4-1968'... |
| |
| - made 'configure --without-libidn' work |
| |
| Daniel (25 April 2004) |
| - Fixed the src/hugehelp.c file to include "setup.h" instead of "config.h" to |
| make the problems with USE_MANUAL on windows go away. |
| |
| - configure --without-ssl could still wrongly include some OpenSSL info in the |
| Makefiles if pkg-config had info about OpenSSL. Bug #941762 reported by |
| Martin. |
| |
| - Since we can now build and use quite a large set of 3rd party libraries, I |
| decided I would make configure produce a summary at the end showing what |
| libraries it uses and if not, what option to use to make it use that. I also |
| added some other random info that is nice in a "configure summary" output. |
| |
| - Applied TommyTam's patch that now make curl work with telnet and stdin |
| properly on Windows. |
| |
| - The changes for today below were made by me and Gisle Vanem. |
| |
| The file previously known as hostip.c has now undergone a huge cleanup and |
| split: |
| |
| hostip.c explained |
| ================== |
| |
| The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c |
| source file are these: |
| |
| CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use |
| that. The host may not be able to resolve IPv6, but we don't really have to |
| take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 |
| defined. |
| |
| CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous |
| name resolves. It cannot have ENABLE_IPV6 defined at the same time, as |
| c-ares has no ipv6 support. This can be Windows or *nix. |
| |
| CURLRES_THREADED - is defined if libcurl is built to run under (native) |
| Windows, and then the name resolve will be done in a new thread, and the |
| supported asynch API will be the same as for ares-builds. |
| |
| If any of the two previous are defined, CURLRES_ASYNCH is defined too. If |
| libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is |
| defined. |
| |
| The host*.c sources files are split up like this: |
| |
| hostip.c - method-independent resolver functions and utility functions |
| hostasyn.c - functions for asynchronous name resolves |
| hostsyn.c - functions for synchronous name resolves |
| hostares.c - functions for ares-using name resolves |
| hostthre.c - functions for threaded name resolves |
| hostip4.c - ipv4-specific functions |
| hostip6.c - ipv6-specific functions |
| |
| The hostip.h is the single united header file for all this. It defines the |
| CURLRES_* defines based on the config*.h and setup.h defines. |
| |
| - Added function header comments to many functions in an attempt to better |
| explain the purpose of them all. |
| |
| - configure --with-libidn is now supported. It makes the configure script |
| check for libidn libs and include files in the prefix path given. If you |
| say --with-libidn=/usr/local, it will check for the lib in /usr/local/lib |
| and the includes in /usr/local/include etc. |
| |
| - curl_version_info() now returns a struct aged CURLVERSION_THIRD including |
| libidn version info. The string curl_version() returns also includes libidn |
| version info, if available. |
| |
| Version 7.11.2 (26 April 2004) |
| |
| Daniel (25 April 2004) |
| - Erwin Authried pointed out that configure --disable-manual didn't do right |
| if you already had a src/hugehelp.c source file present (which most people |
| do I guess). It now uses the USE_MANUAL define properly. |
| |
| Daniel (23 April 2004) |
| - Gisle Vanem found and fixed a memory leak when doing (failing) Windows |
| threaded name resolves. |
| |
| - I also added test case 163 just to make sure -F "var=<file" works fine and |
| can pass on characters such as newlines, carriage-return and tabs. |
| |
| - When we added test case 162 without adding the necessary requirement field |
| in the test meta data we could see that curl didn't complain if you used |
| --proxy-ntlm even if the underlying libcurl it uses has no NTLM support! I |
| now made it check this first, and it now exists with a "the installed |
| libcurl version doesn't support this" message if it happens again. |
| |
| Daniel (22 April 2004) |
| - David Byron found and fixed a small bug with the --fail and authentication |
| stuff added a few weeks ago. Turns out that if you specify --proxy-ntlm and |
| communicate with a proxy that requires basic authentication, the proxy |
| properly returns a 407, but the failure detection code doesn't realize it |
| should give up, so curl returns with exit code 0. Test case 162 added to |
| verify the functionality. |
| |
| - allow newlines in the contents when doing -F "var=[contents]" |
| Robert Marlow reported. |
| |
| - If a transfer is found out to be only partial, libcurl will now treat that |
| as a problem serious enough to skip the final QUIT command before closing |
| the control connection. To avoid the risk that it will "hang" waiting for |
| the QUIT response. Added test case 161 to verify this. |
| |
| Daniel (21 April 2004) |
| - Modified the heuristics for dealing with the test 160 scenario. When a |
| connection is re-used and nothing at all is received from it (because the |
| server closes the connection), we will now retry the request on a fresh new |
| connection. The previous ECONNRESET stuff from January 30 was removed again |
| as it didn't detect the situation good enough. |
| |
| Daniel (20 April 2004) |
| - Added test case 160 to verify that curl works correctly when it gets a |
| connection reset when trying to re-use a connection. It should then simply |
| create a new connection and resend the request. |
| |
| Daniel (19 April 2004) |
| - No more 512 byte limit for host name (inclusing name + password) in libcurl. |
| An added bonus is that we use less memory for the typical (shorter URL) |
| case. |
| |
| - Cleaned up the sources to better use the terms 'hostname' and 'path' |
| internally when referring to that data. The buffers used for keep that info |
| is called 'namebuffer' and 'pathbuffer'. Much easier to read and understand |
| than the previous mess. |
| |
| Daniel (15 April 2004) |
| - Modified runtests.pl again to remove all log files in the log/ dir between |
| each test, and then made -p display all non-zero byte files in the log dir. |
| It should make that data more usable and contain less rubbish. |
| |
| - ftpserver.pl now produces log files more similar to how the sws ones look |
| and they now also contains a bit more details to help debugging ftp |
| problems. |
| |
| - Removed the fixed maximum amount of dir levels the FTP code supported. |
| Previously we had a fixed array for 100 levels, now we save space in each |
| handle by allocating only for a few level by default and then enlarging that |
| in case of need (with no maximum depth). Adjusted test case 142 to verify |
| that 150 dir levels work fine. An added bonus is that we use less memory |
| for the typical (not very deep) case. |
| |
| Daniel (14 April 2004) |
| - Asking for CURL_IPRESOLVE_V6 when ipv6 addresses can't be resolved will |
| now cause the resolve function to return NULL immediately. This flaw was |
| pointed out by Gisle Vanem. |
| |
| - Gisle Vanem made curl -4/-6 actually set the desired option to libcurl. |
| |
| - runtests.pl now has a new option (-p) that will display "interesting" log |
| files to stdout in case of a test failure. This is primarily intended to be |
| used in the 'full-test' make target that is used by the autobuild tests, as |
| we then get a much better chance to understand (remote) test failures based |
| on autobuild logs alone. |
| |
| Daniel (13 April 2004) |
| - Gisle Vanem made the multi interface work again on Windows even when built |
| without ares. Before this, select() would return -1 during the name resolve |
| phase since curl_multi_fdset() didn't return any fd_set at all which wasn't |
| appreciated! |
| |
| - curl_easy_duphandle() now duplicates the tcp_nodelay info as well. |
| |
| Daniel (11 April 2004) |
| - Applied David Byron's patch for the MSVC libcurl makefile for builds with |
| zlib. |
| |
| Daniel (9 April 2004) |
| - Dirk Manske improved the timer resolution for CURLINFO_*_TIME, it can now |
| be down to usec if the system sypports it. |
| |
| Daniel (7 April 2004) |
| - A request that sends "Expect: 100-continue" and gets nothing but a single |
| 100 response back will now return a CURLE_GOT_NOTHING. Test 158 verifies. |
| |
| - The strtoofft() macro is now named curlx_strtoofft() to use the curlx_* |
| approach fully. |
| |
| Daniel (6 April 2004) |
| - Gisle Vanem's fixed bug #927979 reported by Nathan O'Sullivan. The problem |
| made libcurl on Windows leak a small amount of memory in each name resolve |
| when not used as a DLL. |
| |
| - New authentication code added, particularly noticable when doing POST or PUT |
| with Digest or NTLM. libcurl will now use HEAD to negotiate the |
| authentication and when done perform the requested POST. Previously libcurl |
| sent POST immediately and expected the server to reply a final status code |
| with an error and then libcurl would not send the request-body but instead |
| send then next request in the sequence. |
| |
| The reason for this change is due to IIS6 barfing on libcurl when we attempt |
| to POST with NTLM authentication. The reason for the problems is found in |
| RFC2616 section 8.2.3 regarding how servers should deal with the 100 |
| continue request-header: |
| |
| If it responds with a final status code, it MAY close the transport |
| connection or it MAY continue to read and discard the rest of the |
| request. |
| |
| |