| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.20.1 (14 April 2010) |
| |
| Daniel Stenberg (9 Apr 2010) |
| - Prefixing the FTP quote commands with an asterisk really only worked for the |
| postquote actions. This is now fixed and test case 227 has been extended to |
| verify. |
| |
| Kamil Dudka (4 Apr 2010) |
| - Eliminated a race condition in Curl_resolv_timeout(). |
| |
| - Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). |
| |
| - libcurl-NSS now provides more accurate messages and error codes in case of |
| client certificate problem. Either during connection, or transfer phase. |
| |
| Daniel Stenberg (1 Apr 2010) |
| - Matt Wixson found and fixed a bug in the SCP/SFTP area where the code |
| treated a 0 return code from libssh2 to be the same as EAGAIN while in |
| reality it isn't. The problem caused a hang in SFTP transfers from a |
| MessageWay server. |
| |
| Daniel Stenberg (28 Mar 2010) |
| - Ben Greear: If you pass a URL to pop3 that does not contain a message ID as |
| part of the URL, it would previously ask for 'INBOX' which just causes the |
| pop3 server to return an error. |
| |
| Now libcurl treats en empty message ID as a request for LIST (list of pop3 |
| message IDs). User's code could then parse this and download individual |
| messages as desired. |
| |
| Daniel Stenberg (27 Mar 2010) |
| - Ben Greear brought a patch that from now on allows all protocols to specify |
| name and user within the URL, in the same manner HTTP and FTP have been |
| allowed to in the past - although far from all of the libcurl supported |
| protocls actually have that feature in their URL definition spec. |
| |
| Daniel Stenberg (26 Mar 2010) |
| - Ben Greear brought code that makes the rate limiting code for the easy |
| interface a bit smoother as it introduces sub-second sleeps during it and it |
| also takes the buffer sizes into account. |
| |
| Daniel Stenberg (24 Mar 2010) |
| - Bob Richmond: There's an annoying situation where libcurl will read new HTTP |
| response data from a socket, then check if it's a timeout if one is set. If |
| the last packet received constitutes the end of the response body, libcurl |
| still treats it as a timeout condition and reports a message like: |
| |
| "Operation timed out after 3000 milliseconds with 876 out of 876 bytes |
| received" |
| |
| It should only a timeout if the timer lapsed and we DIDN'T receive the end |
| of the response body yet. |
| |
| - Christopher Conroy fixed a problem with RTSP and GET_PARAMETER reported |
| to us by Massimo Callegari. There's a new test case 572 that verifies this |
| now. |
| |
| - The 'ares' subtree has been removed from the source repository. It was |
| always a separate project that sort of piggybacked on the curl project since |
| the dawn of times and now the time has come for it to go stand on its own |
| legs and continue living its own life. All details on c-ares and its new |
| source code repository is found at http://c-ares.haxx.se/ |
| |
| Daniel Stenberg (23 Mar 2010) |
| - Kenny To filed the bug report #2963679 with patch to fix a problem he |
| experienced with doing multi interface HTTP POST over a proxy using |
| PROXYTUNNEL. He found a case where it would connect fine but bits.tcpconnect |
| was not set correct so libcurl didn't work properly. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2963679) |
| |
| - Akos Pasztory filed debian bug report #572276 |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276 mentioning a problem |
| with a resource that returns chunked-encoded _and_ with a Content-Length |
| and libcurl failed to properly ignore the latter information. |
| |
| - Hauke Duden provided an example program that made the multi interface crash. |
| His example simply used the multi interface and did first one FTP transfer |
| and after completion it used a second easy handle and did another FTP |
| transfer on the same FTP server. |
| |
| This triggered a bug in the "delayed easy handle kill" system that curl |
| uses: when an FTP connection is left alive it must keep an easy handle |
| around internally - only for the purpose of having an easy handle when it |
| later disconnects it. The code assumed that when the easy handle was removed |
| and an internal reference was made, that version could be killed later on |
| when a new easy handle came using the same connection. This was wrong as |
| Hauke's example showed that the removed handle wasn't killed for real until |
| later. This caused a double close attempt => segfault. |
| |
| Daniel Stenberg (22 Mar 2010) |
| - Thomas Lopatic fixed the alarm()-based DNS timeout: |
| |
| Looking at the code of Curl_resolv_timeout() in hostip.c, I think that in |
| case of a timeout, the signal handler for SIGALRM never gets removed. I |
| think that in my case it gets executed at some point later on when execution |
| has long left Curl_resolv_timeout() or even the cURL library. |
| |
| The code that is jumped to with siglongjmp() simply sets the error message |
| to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess |
| that instead of simply returning without cleaning up, the code should have a |
| goto that jumps to the spot right after the call to Curl_resolv(). |
| |
| Kamil Dudka (22 Mar 2010) |
| - Douglas Steinwand contributed a patch fixing insufficient initialization in |
| Curl_clone_ssl_config() |
| |
| Daniel Stenberg (21 Mar 2010) |
| - Ben Greear improved TFTP: the error code returning and the treatment |
| of TSIZE == 0 when uploading. |
| |
| - We've switched from CVS to git. See http://curl.haxx.se/source.html |
| |
| Kamil Dudka (19 Mar 2010) |
| - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). |
| |
| Daniel Stenberg (15 Mar 2010) |
| - Constantine Sapuntzakis brought a patch: |
| |
| The problem mentioned on Dec 10 2009 |
| (http://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed. |
| Partially because an easy handle can be associated with many connections in |
| the cache (e.g. if there is a redirect during the lifetime of the easy |
| handle). The previous patch only cleaned up the first one. The new fix now |
| removes the easy handle from all connections, not just the first one. |
| |
| Daniel Stenberg (6 Mar 2010) |
| - Ben Greear brought a patch that fixed the rate limiting logic for TFTP when |
| the easy interface was used. |
| |
| Daniel Stenberg (5 Mar 2010) |
| - Daniel Johnson provided fixes for building curl with the clang compiler. |
| |
| Yang Tse (5 Mar 2010) |
| - Constantine Sapuntzakis detected and fixed a double free in builds done |
| with threaded resolver enabled (Windows default configuration) that would |
| get triggered when a curl handle is closed while doing DNS resolution. |
| |
| Daniel Stenberg (2 Mar 2010) |
| - [Daniel Johnson] I've been trying to build libcurl with clang on Darwin and |
| ran into some issues with the GSSAPI tests in configure.ac. The tests first |
| try to determine the include dirs and libs and set CPPFLAGS and LIBS |
| accordingly. It then checks for the headers and finally sets LIBS a second |
| time, causing the libs to be included twice. The first setting of LIBS seems |
| redundant and should be left out, since the first part is otherwise just |
| about finding headers. |
| |
| My second issue is that 'krb5-config --libs gssapi' on Darwin is less than |
| useless and returns junk that, while it happens to work with gcc, causes |
| clang to choke. For example, --libs returns $CFLAGS along with the libs, |
| which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5 |
| -lresolv"' on Darwin is sufficient. |
| |
| - Based on patch provided by Jacob Moshenko, the transfer logic now properly |
| makes sure that when using sub-second timeouts, there's no final bad 1000ms |
| wait. Previously, a sub-second timeout would often make the elapsed time end |
| up the time rounded up to the nearest second (e.g. 1s for 200ms timeout) |
| |
| - Andrei Benea filed bug report #2956698 and pointed out that the |
| CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function |
| call. He provided the patch to fix it too. |
| |
| http://curl.haxx.se/bug/view.cgi?id=2956698 |
| |
| - Markus Duft pointed out in bug #2961796 that even though Interix has a |
| poll() function it doesn't quite work the way we want it so we must disable |
| it, and he also provided a patch for it. |
| |
| http://curl.haxx.se/bug/view.cgi?id=2961796 |
| |
| - Made the pingpong timeout code properly deal with the response timeout AND |
| the global timeout if set. Also, as was reported in the bug report #2956437 |
| by Ryan Chan, the time stamp to use as basis for the per command timeout was |
| not set properly in the DONE phase for FTP (and not for SMTP) so I fixed |
| that just now. This was a regression compared to 7.19.7 due to the |
| conversion of FTP code over to the generic pingpong concepts. |
| |
| http://curl.haxx.se/bug/view.cgi?id=2956437 |
| |
| Daniel Stenberg (1 Mar 2010) |
| - Ben Greear provided an update for TFTP that fixes upload. |
| |
| - Wesley Miaw reported bug #2958179 which identified a case of looping during |
| OpenSSL based SSL handshaking even though the multi interface was used and |
| there was no good reason for it. |
| |
| http://curl.haxx.se/bug/view.cgi?id=2958179 |
| |
| Daniel Stenberg (26 Feb 2010) |
| - Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a |
| chunked-encoding trailer. |
| |
| http://curl.haxx.se/bug/view.cgi?id=2958474 |
| |
| Daniel Fandrich (25 Feb 2010) |
| - Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code. |
| |
| Yang Tse (25 Feb 2010) |
| - I fixed bug report #2958074 indicating |
| (http://curl.haxx.se/bug/view.cgi?id=2958074) that curl on Windows with |
| option --trace-time did not use local time when timestamping trace lines. |
| This could also happen on other systems depending on time souurce. |
| |
| Patrick Monnerat (22 Feb 2010) |
| - Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account. |
| - SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required). |
| - Use of true local host name (i.e.: via gethostname()) when available, as |
| default argument to SMTP HELO/EHLO. |
| - Test case 804 for HELO fallback. |
| |
| Daniel Stenberg (20 Feb 2010) |
| - Fixed the SMTP compliance by making sure RCPT TO addresses are specified |
| properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now |
| get angle bracket wrapping automatically by libcurl unless the recipient |
| starts with an angle bracket as then the app is assumed to deal with that |
| properly on its own. |
| |
| - I made the SMTP code expect a 250 response back from the server after the |
| full DATA has been sent, and I modified the test SMTP server to also send |
| that response. As usual, the DONE operation that is made after a completed |
| transfer is still not doable in a non-blocking way so this waiting for 250 |
| is unfortunately made blockingly. |
| |
| Yang Tse (14 Feb 2010) |
| - Overhauled test suite getpart() function. Fixing potential out of bounds |
| stack and memory overwrites triggered with huge test case definitions. |
| |
| Daniel Stenberg (13 Feb 2010) |
| - Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2951319) |
| |
| - Tom Donovan fixed the CURL_FORMAT_* defines when building with cmake. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2951269) |
| |
| Daniel Stenberg (12 Feb 2010) |
| - Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses |
| in the same RCPT TO line, when they should be sent in separate single |
| commands. I updated test case 802 to verify this. |
| |
| - I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl |
| tool which made it try to output it as string for the --libcurl feature |
| which could lead to crashes. |
| |
| Yang Tse (11 Feb 2010) |
| - Steven M. Schweda fixed VMS builder bad behavior when used in a batch job, |
| removed obsolete batch_compile.com and defines.com and updated VMS readme. |
| |
| Version 7.20.0 (9 February 2010) |
| |
| Daniel Stenberg (9 Feb 2010) |
| - When downloading compressed content over HTTP and the app asked libcurl to |
| automatically uncompress it with the CURLOPT_ENCODING option, libcurl could |
| wrongly provide the callback with more data than the maximum documented |
| amount. An application could thus get tricked into badness if the maximum |
| limit was trusted to be enforced by libcurl itself (as it is documented). |
| |
| This is further detailed and explained in the libcurl security advisory |
| 20100209 at |
| |
| http://curl.haxx.se/docs/adv_20100209.html |
| |
| Daniel Fandrich (3 Feb 2010) |
| - Changed the Watcom makefiles to make them easier to keep in sync with |
| Makefile.inc since that can't be included directly. |
| |
| Yang Tse (2 Feb 2010) |
| - Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release, |
| symbol will not be available when building with CURL_NO_OLDIES defined. Use |
| of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0 |
| |
| Daniel Stenberg (1 Feb 2010) |
| - Using the multi_socket API, it turns out at times it seemed to "forget" |
| connections (which caused a hang). It turned out to be an existing (7.19.7) |
| bug in libcurl (that's been around for a long time) and it happened like |
| this: |
| |
| The app calls curl_multi_add_handle() to add a new easy handle, libcurl will |
| then set it to timeout in 1 millisecond so libcurl will tell the app about |
| it. |
| |
| The app's timeout fires off that there's a timeout, the app calls libcurl as |
| we so often document it: |
| |
| do { |
| res = curl_multi_socket_action(... TIMEOUT ...); |
| } while(CURLM_CALL_MULTI_PERFORM == res); |
| |
| And this is the problem number one: |
| |
| When curl_multi_socket_action() is called with no specific handle, but only |
| a timeout-action, it will *only* perform actions within libcurl that are |
| marked to run at this time. In this case, the request would go from INIT to |
| CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl |
| again, there's no timer set for this handle so it remains in the CONNECT |
| state. The CONNECT state is a transitional state in libcurl so it reports no |
| sockets there, and thus libcurl never tells the app anything more about that |
| easy handle/connection. |
| |
| libcurl _does_ set a 1ms timeout for the handle at the end of |
| multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop |
| is instant the new job is not ready to run at that point (and there's no |
| code that makes libcurl call the app to update the timout for this new |
| timeout). It will simply rely on that some other timeout will trigger later |
| on or that something else will update the timeout callback. This makes the |
| bug fairly hard to repeat. |
| |
| The fix made to adress this issue: |
| |
| We introduce a loop in lib/multi.c around all calls to multi_runsingle() and |
| simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added |
| benefit that this goes in line with my long-term wishes to get rid of the |
| CURLM_CALL_MULTI_PERFORM all together from the public API. |
| |
| The downside of this fix, is that the counter we return in 'running_handles' |
| in several of our public functions then gets a slightly new and possibly |
| confusing behavior during times: |
| |
| If an app adds a handle that fails to connect (very quickly) it may just |
| as well never appear as a 'running_handle' with this fix. Previously it |
| would first bump the counter only to get it decreased again at next call. |
| Even I have used that change in handle counter to signal "end of a |
| transfer". The only *good* way to find the end of a individual transfer |
| is calling curl_multi_info_read() to see if it returns one. |
| |
| Of course, if the app previously did the looping before it checked the |
| counter, it really shouldn't be any new effect. |
| |
| Yang Tse (26 Jan 2010) |
| - Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months |
| relative to the asynchronous DNS lookups, along with with some integration |
| adjustments I have done are finally committed to CVS. |
| |
| Currently these enhancements will benefit builds done using c-ares on any |
| platform as well as Windows builds using the default threaded resolver. |
| |
| This release does not make generally available POSIX threaded DNS lookups |
| yet. There is no configure option to enable this feature yet. It is possible |
| to experimantally try this feature running configure with compiler flags that |
| make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and |
| HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones |
| are required to link and properly use pthread_* functions on each platform. |
| |
| Daniel Stenberg (26 Jan 2010) |
| - Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the |
| proxy that cannot be resolved when using c-ares. This matches the behaviour |
| when not using c-ares. |
| |
| Björn Stenberg (23 Jan 2010) |
| - Added a new flag: -J/--remote-header-name. This option tells the |
| -O/--remote-name option to use the server-specified Content-Disposition |
| filename instead of extracting a filename from the URL. |
| |
| Daniel Stenberg (21 Jan 2010) |
| - Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new |
| libcurl options for controlling what to get and how to receive posssibly |
| interleaved RTP data. |
| |
| Daniel Stenberg (20 Jan 2010) |
| - As was pointed out on the http-state mailing list, the order of cookies in a |
| HTTP Cookie: header _needs_ to be sorted on the path length in the cases |
| where two cookies using the same name are set more than once using |
| (overlapping) paths. Realizing this, identically named cookies must be |
| sorted correctly. But detecting only identically named cookies and take care |
| of them individually is harder than just to blindly and unconditionally sort |
| all cookies based on their path lengths. All major browsers also already do |
| this, so this makes our behavior one step closer to them in the cookie area. |
| |
| Test case 8 was the only one that broke due to this change and I updated it |
| accordingly. |
| |
| Daniel Stenberg (19 Jan 2010) |
| - David McCreedy brought a fix and a new test case (129) to make libcurl work |
| again when downloading files over FTP using ASCII and it turns out that the |
| final size of the file is not the same as the initial size the server |
| reported. This is very common since servers don't take the newline |
| conversions into account. |
| |
| Kamil Dudka (14 Jan 2010) |
| - Suppressed side effect of OpenSSL configure checks, which prevented NSS from |
| being properly detected under certain circumstances. It had been caused by |
| strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config |
| distinguishes among empty and non-existent environment variable in that case. |
| |
| Daniel Stenberg (12 Jan 2010) |
| - Gil Weber reported a peculiar flaw with the multi interface when doing SFTP |
| transfers: curl_multi_fdset() would return -1 and not set and file |
| descriptors several times during a transfer of a single file. It turned out |
| to be due to two different flaws now fixed. Gil's excellent recipe helped me |
| nail this. |
| |
| Daniel Stenberg (11 Jan 2010) |
| - Made sure that the progress callback is repeatedly called at a regular |
| interval even during very slow connects. |
| |
| - The tests/runtests.pl script now checks to see if the test case that runs is |
| present in the tests/data/Makefile.am and outputs a notice message on the |
| screen if not. Each test file has to be included in that Makefile.am to get |
| included in release archives and forgetting to add files there is a common |
| mistake. This is an attempt to make it harder to forget. |
| |
| Daniel Stenberg (9 Jan 2010) |
| - Johan van Selst found and fixed a OpenSSL session ref count leak: |
| |
| ossl_connect_step3() increments an SSL session handle reference counter on |
| each call. When sessions are re-used this reference counter may be |
| incremented many times, but it will be decremented only once when done (by |
| Curl_ossl_session_free()); and the internal OpenSSL data will not be freed |
| if this reference count remains positive. When a session is re-used the |
| reference counter should be corrected by explicitly calling |
| SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid |
| introducing a memory leak. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2926284) |
| |
| Daniel Stenberg (7 Jan 2010) |
| - Make sure the progress callback is called repeatedly even during very slow |
| name resolves when c-ares is used for resolving. |
| |
| Claes Jakobsson (6 Jan 2010) |
| - Julien Chaffraix fixed so that the fragment part in an URL is not sent |
| to the server anymore. |
| |
| Kamil Dudka (3 Jan 2010) |
| - Julien Chaffraix eliminated a duplicated initialization in singlesocket(). |
| |
| Daniel Stenberg (2 Jan 2010) |
| - Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific |
| versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to |
| control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old |
| option names are still working but the new ones are the ones listed and |
| documented. |
| |
| Daniel Stenberg (1 Jan 2010) |
| - Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This |
| command is a special "hack" used by the drftpd server, but even though it is |
| a custom extension I've deemed it fine to add to libcurl since this server |
| seems to survive and people keep using it and want libcurl to support |
| it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also |
| usable from the curl tool with --ftp-pret. Using this option on a server |
| that doesn't support this command will make libcurl fail. |
| |
| I added test cases 1107 and 1108 to verify the functionality. |
| |
| The PRET command is documented at |
| http://www.drftpd.org/index.php/Distributed_PASV |
| |
| Yang Tse (30 Dec 2009) |
| - Steven M. Schweda improved VMS build system, and Craig A. Berry helped |
| with the patch and testing. |
| |
| Daniel Stenberg (26 Dec 2009) |
| - Renato Botelho and Peter Pentchev brought a patch that makes the libcurl |
| headers work correctly even on FreeBSD systems before v8. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2916915) |
| |
| Daniel Stenberg (17 Dec 2009) |
| - David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when |
| available. |
| |
| - Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I |
| was a bit too quick and broke test case 1101 with that change. The order of |
| some of the setups is sensitive. I now changed it slightly again to make |
| sure we do them in this order: |
| |
| 1 - parse URL and figure out what protocol is used in the URL |
| 2 - prepend protocol:// to URL if missing |
| 3 - parse name+password off URL, which needs to know what protocol is used |
| (since only some allows for name+password in the URL) |
| 4 - figure out if a proxy should be used set by an option |
| 5 - if no proxy option, check proxy environment variables |
| 6 - run the protocol-specific setup function, which needs to have the proxy |
| already set |
| |
| Daniel Stenberg (15 Dec 2009) |
| - Jon Nelson found a regression that turned out to be a flaw in how libcurl |
| detects and uses proxies based on the environment variables. If the proxy |
| was given as an explicit option it worked, but due to the setup order |
| mistake proxies would not be used fine for a few protocols when picked up |
| from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added |
| test case 1106 that verifies this functionality. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2913886) |
| |
| Daniel Stenberg (12 Dec 2009) |
| - IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S |
| and SMTPS) are now supported. The current state may not yet be solid, but |
| the foundation is in place and the test suite has some initial support for |
| these protocols. Work will now persue to make them nice libcurl citizens |
| until release. |
| |
| The work with supporting these new protocols was sponsored by |
| networking4all.com - thanks! |
| |
| Daniel Stenberg (10 Dec 2009) |
| - Siegfried Gyuricsko found out that the curl manual said --retry would retry |
| on FTP errors in the transient 5xx range. Transient FTP errors are in the |
| 4xx range. The code itself only tried on 5xx errors that occured _at login_. |
| Now the retry code retries on all FTP transfer failures that ended with a |
| 4xx response. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2911279) |
| |
| - Constantine Sapuntzakis figured out a case which would lead to libcurl |
| accessing alredy freed memory and thus crash when using HTTPS (with |
| OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order |
| of cleaning things up. I fixed it. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2905220) |
| |
| Daniel Stenberg (7 Dec 2009) |
| - Martin Storsjo made libcurl use the Expect: 100-continue header for posts |
| with unknown size. Previously it was only used for posts with a known size |
| larger than 1024 bytes. |
| |
| Daniel Stenberg (1 Dec 2009) |
| - If the Expect: 100-continue header has been set by the application through |
| curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set |
| data->state.expect100header accordingly - the current code (in 7.19.7 at |
| least) doesn't handle this properly. Martin Storsjo provided the fix! |
| |
| Yang Tse (28 Nov 2009) |
| - Added Diffie-Hellman parameters to several test harness certificate files in |
| PEM format. Required by several stunnel versions used by our test harness. |
| |
| Daniel Stenberg (28 Nov 2009) |
| - Markus Koetter provided a polished and updated version of Chad Monroe's TFTP |
| rework patch that now integrates TFTP properly into libcurl so that it can |
| be used non-blocking with the multi interface and more. BLKSIZE also works. |
| |
| The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from |
| the command line. |
| |
| Daniel Stenberg (26 Nov 2009) |
| - Extended and fixed the change I did on Dec 11 for the the progress |
| meter/callback during FTP command/response sequences. It turned out it was |
| really lame before and now the progress meter SHOULD get called at least |
| once per second. |
| |
| Daniel Stenberg (23 Nov 2009) |
| - Bjorn Augustsson reported a bug which made curl not report any problems even |
| though it failed to write a very small download to disk (done in a single |
| fwrite call). It turned out to be because fwrite() returned success, but |
| there was insufficient error-checking for the fclose() call which tricked |
| curl to believe things were fine. |
| |
| Yang Tse (23 Nov 2009) |
| - David Byron modified Makefile.dist vc8 and vc9 targets in order to allow |
| finer granularity control when generating src and lib makefiles. |
| |
| Yang Tse (22 Nov 2009) |
| - I modified configure to force removal of the curlbuild.h file included in |
| distribution tarballs for use by non-configure systems. As intended, this |
| would get overwriten when doing in-tree builds. But VPATH builds would end |
| having two curlbuild.h files, one in the source tree and another in the |
| build tree. With the modification I introduced 5 Nov 2009 this could become |
| an issue when running libcurl's test suite. |
| |
| Daniel Stenberg (20 Nov 2009) |
| - Constantine Sapuntzakis identified a write after close, as the sockets were |
| closed by libcurl before the SSL lib were shutdown and they may write to its |
| socket. Detected to at least happen with OpenSSL builds. |
| |
| - Jad Chamcham pointed out a bug with connection re-use. If a connection had |
| CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the |
| same proxy with the tunnel option disabled would still wrongly re-use that |
| previous connection and the outcome would only be badness. |
| |
| Yang Tse (18 Nov 2009) |
| - I modified the memory tracking system to make it intolerant with zero sized |
| malloc(), calloc() and realloc() function calls. |
| |
| Daniel Stenberg (17 Nov 2009) |
| - Constantine Sapuntzakis provided another fix for the DNS cache that could |
| end up with entries that wouldn't time-out: |
| |
| 1. Set up a first web server that redirects (307) to a http://server:port |
| that's down |
| 2. Have curl connect to the first web server using curl multi |
| |
| After the curl_easy_cleanup call, there will be curl dns entries hanging |
| around with in_use != 0. |
| |
| (http://curl.haxx.se/bug/view.cgi?id=2891591) |
| |
| - Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into |
| its pkg-config file. So -Wl stuff ended up in the .pc file, which is really |
| bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in |
| PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592) |
| |
| Kamil Dudka (15 Nov 2009) |
| - David Byron improved the configure script to use pkg-config to find OpenSSL |
| (and in particular the list of required libraries) even if a path is given |
| as argument to --with-ssl |
| |
| Yang Tse (15 Nov 2009) |
| - I removed enable-thread / disable-thread configure option. These were only |
| placebo options. The library is always built as thread safe as possible on |
| every system. |
| |
| Claes Jakobsson (14 Nov 2009) |
| - curl-config now accepts '--configure' to see what arguments was |
| passed to the configure script when building curl. |
| |
| Daniel Stenberg (14 Nov 2009) |
| - Claes Jakobsson restored the configure functionality to detect NSS when |
| --with-nss is set but not "yes". |
| |
| I think we can still improve that to check for pkg-config in that path etc, |
| but at least this patch brings back the same functionality we had before. |
| |
| - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for |
| the client certificate. It also disable the key name test as some engines |
| can select a private key/cert automatically (When there is only one key |
| and/or certificate on the hardware device used by the engine) |
| |
| Yang Tse (14 Nov 2009) |
| - Constantine Sapuntzakis provided the fix that ensures that an SSL connection |
| won't be reused unless protection level for peer and host verification match. |
| |
| I refactored how preprocessor symbol _THREAD_SAFE definition is done. |
| |
| Kamil Dudka (12 Nov 2009) |
| - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly |
| closed NSPR descriptor. The issue was hard to find, reported several times |
| before and always closed unresolved. More info at the RH bug: |
| https://bugzilla.redhat.com/534176 |
| |
| - libcurl-NSS now tries to reconnect with TLS disabled in case it detects |
| a broken TLS server. However it does not happen if SSL version is selected |
| manually. The approach was originally taken from PSM. Kaspar Brand helped me |
| to complete the patch. Original bug reports: |
| https://bugzilla.redhat.com/525496 |
| https://bugzilla.redhat.com/527771 |
| |
| Yang Tse (12 Nov 2009) |
| - I modified configure script to make the getaddrinfo function check also |
| verify if the function is thread safe. |
| |
| Yang Tse (11 Nov 2009) |
| - Marco Maggi reported that compilation failed when configured --with-gssapi |
| and GNU GSS installed due to a missing mutual exclusion of header files in |
| the Kerberos 5 code path. He also verified that my patch worked for him. |
| |
| Daniel Stenberg (11 Nov 2009) |
| - Constantine Sapuntzakis posted bug #2891595 |
| (http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry |
| in the DNS cache would linger too long if the request that added it was in |
| use that long. He also provided the patch that now makes libcurl capable of |
| still doing a request while the DNS hash entry may get timed out. |
| |
| - Christian Schmitz noticed that the progress meter/callback was not properly |
| used during the FTP connection phase (after the actual TCP connect), while |
| it of course should be. I also made the speed check get called correctly so |
| that really slow servers will trigger that properly too. |
| |
| Kamil Dudka (5 Nov 2009) |
| - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works |
| in non-blocking mode. |
| |
| Yang Tse (5 Nov 2009) |
| - I removed leading 'curl' path on the 'curlbuild.h' include statement in |
| curl.h, adjusting auto-makefiles include path, to enhance portability to |
| OS's without an orthogonal directory tree structure such as OS/400. |
| |
| Daniel Stenberg (4 Nov 2009) |
| - I fixed several problems with the transfer progress meter. It showed the |
| wrong percentage for small files, most notable for <1000 bytes and could |
| easily end up showing more than 100% at the end. It also didn't show any |
| percentage, transfer size or estimated transfer times when transferring |
| less than 100 bytes. |
| |
| Version 7.19.7 (4 November 2009) |
| |
| Daniel Stenberg (2 Nov 2009) |
| - As reported independent by both Stan van de Burgt and Didier Brisebourg, |
| CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when |
| getting data from ldap! |
| |
| Daniel Stenberg (31 Oct 2009) |
| - Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the |
| download was 0 bytes, as libcurl would then return the size as unknown (-1) |
| and not 0. I wrote a fix and test case 566 to verify it. |
| |
| Daniel Stenberg (30 Oct 2009) |
| - Liza Alenchery mentioned a problem with re-used SCP connection when a bad |
| auth is used, as it caused a crash. I failed to repeat the issue, but still |
| made a change that now forces the TCP connection used for a freed SCP |
| session to get closed and not be re-used. |
| |
| - "Tom" posted a bug report that mentioned how libcurl did wrong when doing a |
| POST using a read callback, with Digest authentication and |
| "Transfer-Encoding: chunked" enforced. I would then cause the first request |
| to be wrongly sent and then basically hang until the server closed the |
| connection. I fixed the problem and added test case 565 to verify it. |
| |
| Daniel Stenberg (25 Oct 2009) |
| - Dima Barsky made the curl cookie parser accept cookies even with blank or |
| unparsable expiry dates and then treat them as session cookies - previously |
| libcurl would reject cookies with a date format it couldn't parse. Research |
| shows that the major browser treat such cookies as session cookies. I |
| modified test 8 and 31 to verify this. |
| |
| Daniel Stenberg (21 Oct 2009) |
| - Attempt to use pkg-config for finding out libssh2 installation details |
| during configure. |
| |
| - A patch in bug report #2883177 (http://curl.haxx.se/bug/view.cgi?id=2883177) |
| by Johan van Selst introduced the --crlfile option to curl, which makes curl |
| tell libcurl about a file with CRL (certificate revocation list) data to |
| read. |
| |
| Daniel Stenberg (18 Oct 2009) |
| - Ray Dassen provided a patch in Debian's bug tracker (bug number #551461) |
| that now makes curl_getdate(3) actually handles RFC 822 formatted dates that |
| use the "single letter military timezones". |
| http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details. |
| |
| - Fixed memory leak in the SCP/SFTP code as it never freed the knownhosts |
| data! |
| |
| - John Dennis filed bug report #2873666 |
| (http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem |
| which made libcurl loop infinitely when given incorrect credentials when |
| using HTTP GSS negotiate authentication. He also provided a small and simple |
| patch for it. |
| |
| - Kevin Baughman found a double close() problem with libcurl-NSS, as when |
| libcurl called NSS to close the SSL "session" it also closed the actual |
| socket. |
| |
| Yang Tse (17 Oct 2009) |
| - Bug report #2866724 indicated |
| (http://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed |
| when writing files whose file names originally contained characters which |
| are not valid for file names on Windows. Dan Fandrich provided an initial |
| patch and another revised one to fix this issue. |
| |
| Daniel Stenberg (1 Oct 2009) |
| - Tom Mueller correctly reported in bug report #2870221 |
| (http://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an |
| incorrect return code from the internal trynextip() function which caused |
| him grief. This is a regression that was introduced in 7.19.1 and I find it |
| strange it hasn't hit us harder, but I won't persue into figuring out |
| exactly why. |
| |
| - Constantine Sapuntzakis: The current implementation will always set |
| SO_SNDBUF to CURL_WRITE_SIZE even if the SO_SNDBUF starts out larger. The |
| patch doesn't do a setsockopt if SO_SNDBUF is already greater than |
| CURL_WRITE_SIZE. This should help folks who have set up their computer with |
| large send buffers. |
| |
| Daniel Stenberg (27 Sep 2009) |
| - I introduced a maximum limit for received HTTP headers. It is controlled by |
| the define CURL_MAX_HTTP_HEADER which is even exposed in the public header |
| file to allow for users to fairly easy rebuild libcurl with a modified |
| limit. The rationale for a fixed limit is that libcurl is realloc()ing a |
| buffer to be able to put a full header into it, so that it can call the |
| header callback with the entire header, but that also risk getting it into |
| trouble if a server by mistake or willingly sends a header that is more or |
| less without an end. The limit is set to 100K. |
| |
| Daniel Stenberg (26 Sep 2009) |
| - John P. McCaskey posted a bug report that showed how libcurl did wrong when |
| saving received cookies with no given path, if the path in the request had a |
| query part. That is means a question mark (?) and characters on the right |
| side of that. I wrote test case 1105 and fixed this problem. |
| |
| Kamil Dudka (26 Sep 2009) |
| - Implemented a protocol independent way to specify blocking direction, used by |
| transfer.c for blocking. It is currently used only by SCP and SFTP protocols. |
| This enhancement resolves an issue with 100% CPU usage during SFTP upload, |
| reported by Vourhey. |
| |
| Daniel Stenberg (25 Sep 2009) |
| - Chris Mumford filed bug report #2861587 |
| (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used |
| the OpenSSL function X509_load_crl_file() wrongly and failed if it would |
| load a CRL file with more than one certificate within. This is now fixed. |
| |
| Daniel Stenberg (16 Sep 2009) |
| - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- |
| powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name |
| field in the certficate it had to match and so even if non-DNS and non-IP |
| entry was present it caused the verification to fail. |
| |
| Daniel Fandrich (15 Sep 2009) |
| - Moved the libssh2 checks after the SSL library checks. This helps when |
| statically linking since libssh2 needs the SSL library link flags to be |
| set up already to satisfy its dependencies. This wouldn't be necessary if |
| the libssh2 configure check was changed to use pkg-config since the |
| --static flag would add the dependencies automatically. |
| |
| Yang Tse (14 Sep 2009) |
| - Revert Joshua Kwan's patch committed 11 Sep 2009. |
| |
| Some systems poll function sets POLLHUP in revents without setting |
| POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some |
| libcurl code execution paths this could trigger busy wait loops with |
| high CPU usage until a timeout condition aborted the loop. |
| |
| The reverted patch addressed the above issue for a very specific case, |
| when awaiting c-ares to resolve. A libcurl-wide fix for Curl_poll now |
| superceeds this one. |
| |
| Guenter Knauf (11 Sep 2009) |
| - Joshua Kwan provided a patch to pass POLLERR / POLLHUP back to c-ares. |
| This fixes a loop problem with high CPU usage. |
| |
| Daniel Stenberg (10 Sep 2009) |
| - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch |
| start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 |
| which internally then is treated as a session cookie. That particular date |
| is now made to get the value of 1. |
| |
| Daniel Stenberg (2 Sep 2009) |
| - Daniel Johnson found a flaw in the code converting sftp-errors to libcurl |
| errors. |
| |
| Daniel Stenberg (1 Sep 2009) |
| - Peter Sylvester made a debug feature for Curl_resolv() that now will force |
| libcurl to resolve 'localhost' whatever name you use in the URL *if* you set |
| the --interface option to (exactly) "LocalHost". This will enable us to |
| write tests for custom hosts names but still use a local host server. |
| |
| - configure now tries to use pkg-config for a number of sub-dependencies even |
| when cross-compiling. The key to success is then you properly setup |
| PKG_CONFIG_PATH before invoking configure. |
| |
| I also improved how NSS is detected by trying nss-config if pkg-config isn't |
| present, and as a last resort just use the lib name and force the user to |
| setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would |
| add a range of various libs that would almost never be quite correct. |
| |
| Daniel Stenberg (31 Aug 2009) |
| - When using the multi interface with FTP and you asked for NOBODY, you did no |
| QUOTE commands and the request used the same path as the connection had |
| already changed to, it would decide that no commands would be necessary for |
| the "DO" action and that was not handled properly but libcurl would instead |
| hang. |
| |
| Kamil Dudka (28 Aug 2009) |
| - Improved error message for not matching certificate subject name in |
| libcurl-NSS. Originally reported at: |
| https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9 |
| |
| Patrick Monnerat (24 Aug 2009) |
| - Introduced a SYST-based test to properly set-up name format when dealing |
| with the OS/400 FTP server. |
| |
| - Fixed an ftp_readresp() bug preventing detection of failing control socket |
| and causing FTP client to loop forever. |
| |
| Daniel Stenberg (24 Aug 2009) |
| - Marc de Bruin pointed out that configure --with-gnutls=PATH didn't work |
| properly and provided a fix. http://curl.haxx.se/bug/view.cgi?id=2843008 |
| |
| - Eric Wong introduced support for the new option -T. (dot) that makes curl |
| read stdin in a non-blocking fashion. This also brings back -T- (minus) to |
| the previous blocking behavior since it could break stuff for people at |
| times. |
| |
| Michal Marek (21 Aug 2009) |
| - With CURLOPT_PROXY_TRANSFER_MODE, avoid sending invalid URLs like |
| ftp://example.com;type=i if the user specified ftp://example.com without the |
| slash. |
| |
| Daniel Stenberg (21 Aug 2009) |
| - Andre Guibert de Bruet pointed out a missing return code check for a |
| strdup() that could lead to segfault if it returned NULL. I extended his |
| suggest patch to now have Curl_retry_request() return a regular return code |
| and better check that. |
| |
| - Lots of good work by Krister Johansen, mostly related to pipelining: |
| |
| Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks |
| Fix data corruption issue with re-connected transfers |
| Fix use after free if we're completed but easy_conn not NULL |
| |
| Kamil Dudka (13 Aug 2009) |
| - Changed NSS code to not ignore the value of ssl.verifyhost and produce more |
| verbose error messages. Originally reported at: |
| https://bugzilla.redhat.com/show_bug.cgi?id=516056 |
| |
| Daniel Stenberg (12 Aug 2009) |
| - Karl Moerder fixed the Makefile.vc* makefiles to include the new file |
| nonblock.c so that they work fine again |
| |
| - I expanded test 517 with a bunch of more dates that originate from the |
| Chrome browser test suite. It turns out most of them get parsed the same |
| way. |
| |
| Version 7.19.6 (12 August 2009) |
| |
| Daniel Stenberg (12 Aug 2009) |
| - Carsten Lange reported a bug and provided a patch for TFTP upload and the |
| sending of the TSIZE option. I don't like fixing bugs just hours before |
| a release, but since it was broken and the patch fixes this for him I decided |
| to get it in anyway. |
| |
| Daniel Stenberg (11 Aug 2009) |
| - Peter Sylvester made the HTTPS test server use specific certificates for |
| each test, so that the test suite can now be used to actually test the |
| verification of cert names etc. This made an error show up in the OpenSSL- |
| specific code where it would attempt to match the CN field even if a |
| subjectAltName exists that doesn't match. This is now fixed and verified |
| in test 311. |
| |
| - Benbuck Nason posted the bug report #2835196 |
| (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler |
| warnings when mixing ints and bools. |
| |
| Daniel Fandrich (10 Aug 2009) |
| - Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. |
| |
| Daniel Fandrich (9 Aug 2009) |
| - Fixed some memory leaks in the command-line tool that caused most of the |
| torture tests to fail. |
| |
| Daniel Stenberg (2 Aug 2009) |
| - Curt Bogmine reported a problem with SNI enabled on a particular server. We |
| should introduce an option to disable SNI, but as we're in feature freeze |
| now I've addressed the obvious bug here (pointed out by Peter Sylvester): we |
| shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. |
| Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular |
| option for SNI, or are we simply not using it? |
| |
| Daniel Stenberg (1 Aug 2009) |
| - Scott Cantor posted the bug report #2829955 |
| (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert |
| verification flaw found and exploited by Moxie Marlinspike. The presentation |
| he did at Black Hat is available here: |
| https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike |
| |
| Apparently at least one CA allowed a subjectAltName or CN that contain a |
| zero byte, and thus clients that assumed they would never have zero bytes |
| were exploited to OK a certificate that didn't actually match the site. Like |
| if the name in the cert was "example.com\0theatualsite.com", libcurl would |
| happily verify that cert for example.com. |
| |
| libcurl now better uses the length of the extracted name, not using the zero |
| termination for getting the string length. |
| |
| This fixing only made and needed in OpenSSL interfacing code. |
| |
| - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present |
| only in some OpenSSL installs - like on Windows) isn't thread-safe and we |
| agreed that moving it to the global_init() function is a decent way to deal |
| with this situation. |
| |
| - Alexander Beedie provided the patch for a noproxy problem: If I have set |
| CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually |
| could still end up using a proxy if a proxy environment variable was set. |
| |
| Daniel Stenberg (27 Jul 2009) |
| - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and |
| CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to |
| send when using FTP, as a sign that libcurl shall simply ignore the response |
| from the server instead of treating it as an error. Not treating a 400+ FTP |
| response code as an error means that failed commands will not abort the |
| chain of commands, nor will they cause the connection to get disconnected. |
| |
| Daniel Stenberg (26 Jul 2009) |
| - Johan van Selst posted bug report #2825989 |
| (http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that |
| OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and |
| provided the solution too: to use OpenSSL_add_all_algorithms() in addition |
| to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in |
| OpenSSL 0.9.5 |
| |
| Daniel Stenberg (23 Jul 2009) |
| - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. |
| They introduce known_host support for SSH keys to libcurl. See docs for |
| details. Note that this feature depends on a new enough libssh2 version, to |
| be supported in libssh2 1.2 and later (or current git repo at this time). |
| |
| Michal Marek (22 Jul 2009) |
| - David Binderman found a memory and fd leak in lib/gtls.c:load_file() |
| (https://bugzilla.novell.com/523919). When looking at the code, I found that |
| also the ptr pointer can leak. |
| |
| Kamil Dudka (20 Jul 2009) |
| - Claes Jakobsson improved the support for client certificates handling in |
| NSS-powered libcurl. Now the client certificates can be selected |
| automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 |
| slots is no more performed. It used to cause problems with HW tokens. |
| |
| - Fixed reference counting for NSS client certificates. Now the PEM reader |
| module should be always properly unloaded on Curl_nss_cleanup(). If the |
| unload fails though, libcurl will try to reuse the already loaded instance. |
| |
| Daniel Fandrich (15 Jul 2009) |
| - Added nonblock.c to the non-automake makefiles (note that the dependencies |
| in the Watcom makefiles aren't quite correct). |
| |
| Michal Marek (15 Jul 2009) |
| - Changed the description of CURLINFO_OS_ERRNO to make it clear that the |
| errno is not reset on success. |
| |
| Guenter Knauf (14 Jul 2009) |
| - renamed generated config.h to curl_config.h to avoid any future clashes |
| with config.h from other projects. |
| |
| Daniel Stenberg (9 Jul 2009) |
| - Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for |
| setting a file descriptor non-blocking. Used by the functionality Eric |
| himself brough on June 15th. |
| |
| Daniel Stenberg (8 Jul 2009) |
| - Constantine Sapuntzakis posted bug report #2813123 |
| (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the |
| problem: |
| |
| Url A is accessed using auth. Url A redirects to Url B (on a different |
| server0. Url B reuses a persistent connection. Url B has auth, even though |
| it's on a different server. |
| |
| Note: if Url B does not reuse a persistent connection, auth is not sent. |
| |
| reason: |
| |
| data->state.first_host is not initialized becuase Curl_http_connect is not |
| called when a connection is reused. |
| |
| Solution: |
| |
| move initialization of data->state.first_host to Curl_http. No code before |
| Curl_http uses data->state.first_host anyway. |
| |
| Guenter Knauf (4 Jul 2009) |
| - Markus Koetter provided a patch to avoid getnameinfo() usage which broke a |
| couple of both IPv4 and IPv6 autobuilds. |
| |
| Daniel Stenberg (29 Jun 2009) |
| - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port |
| range if given colon-separated after the host name/address part. Like |
| "192.168.0.1:2000-10000" |
| |
| - Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I |
| don't know how they got wrong in the first place, but using this output |
| format makes it possible to quite easily separate the string into an array |
| of multiple items. |
| |
| Daniel Fandrich (16 June 2009) |
| - Added a few more compiler warning options for gcc. |
| |
| Daniel Stenberg (16 Jun 2009) |
| - Reuven Wachtfogel made curl -o - properly produce a binary output on windows |
| (no newline translations). Use -B/--use-ascii if you rather get the ascii |
| approach. |
| |
| Michal Marek (16 Jun 2009) |
| - When doing non-anonymous ftp via http proxies and the password is not |
| provided in the url, add it there (squid needs this). |
| |
| Daniel Stenberg (15 Jun 2009) |
| - Eric Wong's patch: |
| |
| This allows curl(1) to be used as a client-side tunnel for arbitrary stream |
| protocols by abusing chunked transfer encoding in both the HTTP request and |
| HTTP response. This requires server support for sending a response while a |
| request is still being read, of course. |
| |
| If attempting to read from stdin returns EAGAIN, then we pause our sender. |
| This leaves curl to attempt to read from the socket while reading from stdin |
| (and thus sending) is paused. |
| |
| This change was needed to allow successfully tunneling the git protocol over |
| HTTP (--no-buffer is needed, as well). |
| |
| Patrick Monnerat (15 Jun 2009) |
| - Replaced use of standard C library rand()/srand() by our own pseudo-random |
| number generator. |
| |
| Yang Tse (11 Jun 2009) |
| - I adapted testcurl script to allow building test harness programs when |
| cross-compiling for a *-*-mingw* host. |
| |
| Daniel Stenberg (10 Jun 2009) |
| - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and |
| contributed a range of patches to fix them. |
| |
| Yang Tse (10 Jun 2009) |
| - I introduced configure script option --enable-curldebug which now allows |
| the decoupled enabling or disabling of the curl debug memory tracking |
| feature from the --enable-debug option which no longer controls this. |
| |
| curl --version will list 'Debug' feature for debug enabled builds, and |
| will list 'TrackMemory' feature for curl debug memory tracking capable |
| builds. These features are independent and can be controlled when running |
| the configure script. When --enable-debug is given both features will be |
| enabled, unless some restriction prevents memory tracking from being used. |
| |
| Internally, definition of preprocessor symbol DEBUGBUILD restricts code |
| which is only compiled for debug enabled builds. And symbol CURLDEBUG is |
| used to differentiate code which is _only_ used for memory tracking. |
| |
| Yang Tse (9 Jun 2009) |
| - Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not |
| initializing the fread callback pointer and this triggered a compiler |
| warning, also provided a friendly suggestion on how to fix it. |
| |
| Daniel Stenberg (8 Jun 2009) |
| - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount |
| issue with client certs that caused issues like segfaults. |
| http://curl.haxx.se/mail/lib-2009-05/0316.html |
| |
| - Triggered by bug report #2798852 and the patch in there, I fixed configure |
| to detect gnutls build options with pkg-config only and not libgnutls-config |
| anymore since GnuTLS has stopped distributing that tool. If an explicit path |
| is given to configure, we will instead guess on how to link and use that |
| lib. I did not use the patch from the bug report. |
| |
| Yang Tse (8 Jun 2009) |
| - Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers |
| included from Makefile.inc, and provided docs\INSTALL VxWorks section. |
| |
| - I removed buildconf.bat from release and daily snapshot archives. This |
| file is only for CVS tree checkout builds. |
| |
| Daniel Stenberg (8 Jun 2009) |
| - Eric Wong fixed --no-buffer to actually switch off output buffering. Been |
| broken since 7.19.0 |
| |
| Bill Hoffman (6 Jun 2009) |
| - Added some cmake docs and fixed socklen_t in the build. |
| |
| Yang Tse (5 Jun 2009) |
| - John E. Malmberg provided VMS specific patch: "This fixes an existing bug |
| in urlglob.c where it was not converting the Curl Unix exit code to a VMS |
| DCL compatible exit code. This fix required the enhancement described next. |
| This also adds an enhancement to main.c so that when curl is run under a |
| Unix shell like Bash on VMS, it will return the standard Unix exit codes |
| and messages." And another patch for docs/examples. |
| |
| I introduced os-specific.c and os-specific.h for use in curl tool code |
| and adjusted John E. Malmberg's patch placement to use these new files |
| as an effort to prevent main.c from growing ad infinitum. Code already |
| existing in main.c which is OS specific should be moved into these files. |
| |
| Daniel Stenberg (4 June 2009) |
| - Setting the Content-Length: header from your app when you do a POST or PUT |
| is almost always a VERY BAD IDEA. Yet there are still apps out there doing |
| this, and now recently it triggered a bug/side-effect in libcurl as when |
| libcurl sends a POST or PUT with NTLM, it sends an empty post first when it |
| knows it will just get a 401/407 back. If the app then replaced the |
| Content-Length header, it caused the server to wait for input that libcurl |
| wouldn't send. Aaron Oneal reported this problem in bug report #2799008 |
| (http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. |
| |
| Yang Tse (4 Jun 2009) |
| - Igor Novoseltsev provided patches and information, that after some |
| adjustments to better fit curl's way of doing things, have resulted |
| in the posibility of building libcurl for VxWorks. |
| |
| Daniel Fandrich (2 June 2009) |
| - Checked in a Google Android make file. To use it, you must first |
| create a config.h file by running configure in the Android environment, |
| which doesn't seem to be easy to do. If no easy way can be found, a |
| static config-android.h may need to be created and checked in to the |
| libcurl source tree. |
| |
| Daniel Stenberg (1 June 2009) |
| - Claes Jakobsson fixed the configure script to better find and use NSS |
| without pkg-config. |
| |
| Yang Tse (1 Jun 2009) |
| - John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed |
| out that the configure script was failing to detect the timeval struct on |
| VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition |
| taking place in socket.h instead of time.h. I have adjusted configure |
| script to also include this header when checking struct timeval. |
| |
| Daniel Stenberg (27 May 2009) |
| - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile |
| fine with Nokia 5th edition 1.0 SDK for Symbian. |
| |
| - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check |
| for a failure properly. |
| |
| - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear |
| the auth credentials back in 7.19.0 and earlier while now you have to set "" |
| to get the same effect. His patch brings back the ability to use NULL. |
| |
| - Claes Jakobsson fixed libcurl-NSS to build fine even without the |
| PK11_CreateGenericObject() function. |
| |
| Daniel Stenberg (25 May 2009) |
| - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed |
| out that the cookie parser would leak memory when it parses cookies that are |
| received with domain, path etc set multiple times in the same header. While |
| such a cookie is questionable, they occur in the wild and libcurl no longer |
| leaks memory for them. I added such a header to test case 8. |
| |
| Daniel Fandrich (22 May 2009) |
| - Removed some obsolete digest code that caused a valgrind error in test 551. |
| |
| Daniel Fandrich (20 May 2009) |
| - Added "non-existing host" test keywords to make it easy to skip those |
| tests on machines that have broken DNS configurations (such as |
| those configured to use OpenDNS). |
| |
| Daniel Stenberg (19 May 2009) |
| - Kamil Dudka brought the patch from the Redhat bug entry |
| https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing |
| a bad file descriptor when closing down the FTP data connection. Caolan |
| McNamara seems to be the original author of it. |
| |
| Version 7.19.5 (18 May 2009) |
| |
| Daniel Stenberg (17 May 2009) |
| - James Bursa posted a patch to the mailing list that fixed a problem with |
| no_proxy which made it not skip the proxy if the URL entered contained a |
| user name. I added test case 1101 to verify. |
| |
| Daniel Stenberg (11 May 2009) |
| - Balint Szilakszi reported a memory leak when libcurl did gzip decompression |
| of streams that had some parts (legitimately) missing. We now provide and use |
| a proper cleanup function for the content encoding submodule. |
| http://curl.haxx.se/mail/lib-2009-05/0092.html |
| |
| - Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth |
| at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12 |
| |
| If an incorrect password is given while loading a private key, libcurl ends |
| up in an infinite loop consuming memory. The bug is critical. |
| |
| - I fixed the problem with doing NTLM, POST and then following a 302 redirect, |
| as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on |
| curl-library). The transfer was mistakenly marked to get more data to send |
| but since it didn't actually have that, it just hung there... |
| |
| Daniel Stenberg (10 May 2009) |
| - Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted |
| byte in the digest code. |
| |
| Yang Tse (9 May 2009) |
| - Removed DOS and TPF package's subdirectory Makefile.am, it was only used |
| to include some files in the distribution tarball serving no other purpose. |
| Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST |
| of the Makefile in the parent subdirectory. |
| |
| Yang Tse (8 May 2009) |
| - Changed host name literal in several tests to one under the haxx.se domain. |
| |
| - Renamed vc6 workspace and project files to avoid filename clash when used |
| for conversion to later VS versions. |
| |
| Daniel Stenberg (8 May 2009) |
| - Constantine Sapuntzakis fixed bug report #2784055 |
| (http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to |
| connect to SOCKS proxies when using the multi interface. It turned out to |
| almost not work at all previously. We need to wait for the TCP connect to |
| be properly verified before doing the SOCKS magic. |
| |
| There's still a flaw in the FTP code for this. |
| |
| Daniel Stenberg (7 May 2009) |
| - Made the SO_SNDBUF setting for the data connection socket for ftp uploads as |
| well. See change 28 Apr 2009. |
| |
| Yang Tse (7 May 2009) |
| - Fixed an issue affecting FTP transfers, introduced with the transfer.c |
| patch committed May 4. |
| |
| Daniel Stenberg (7 May 2009) |
| - Man page *roff problems fixed thanks to input from Colin Watson. Problems |
| reported in the Debian package. |
| |
| - Vijay G filed bug report #2723236 |
| (http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with |
| libcurl's TFTP code and its lack of dealing with the OACK packet. |
| |
| Yang Tse (5 May 2009) |
| - Fixed the --ftp-port address of test #251 to the CLIENTIP address, and |
| reverted the change affecting test suite harness committed 4 May. |
| |
| Daniel Stenberg (5 May 2009) |
| - Inspired by Michael Smith's session id fix for OpenSSL, I did the |
| corresponding fix in the GnuTLS code: make sure to store the new session id |
| in case the previous re-used one is rejected. |
| |
| Daniel Stenberg (4 May 2009) |
| - Michael Smith posted bug report #2786255 |
| (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how |
| libcurl did not deal with SSL session ids properly if the server rejected a |
| re-use of one. Starting now, it will forget the rejected one and remember |
| the new. This change was for OpenSSL only, it is likely that other SSL lib |
| code needs similar fixes. |
| |
| Yang Tse (4 May 2009) |
| - Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and |
| non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems: |
| 1) On non-ASCII platforms not all of the protocol portions of the PUT are |
| being translated to ASCII. 2) On all platforms the line endings of part of |
| the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or |
| data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV). |
| |
| - Applied David McCreedy's patch to fix test suite harness to allow test FTP |
| server and client on different machines, providing FTP client address when |
| running the FTP test server. |
| |
| Daniel Fandrich (3 May 2009) |
| - Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug |
| report failed to mention that a proxy must be used to reproduce it. |
| |
| Yang Tse (2 May 2009) |
| - Use a build-time configured curl_socklen_t data type instead of socklen_t. |
| |
| Yang Tse (1 May 2009) |
| - Applied David McCreedy's patches "TPF-platform specific changes to various |
| files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the |
| former with minor edits. |
| |
| Daniel Stenberg (30 Apr 2009) |
| - I was going to fix issue #59 in KNOWN_BUGS |
| |
| If the CURLOPT_PORT option is used on an FTP URL like |
| "ftp://example.com/file;type=A" the ";type=A" is stripped off. |
| |
| I added test case 562 to verify, only to find out that I couldn't repeat |
| this bug so I hereby consider it not a bug anymore! |
| |
| Daniel Stenberg (29 Apr 2009) |
| - Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219) |
| I've now made TFTP "connections" not being kept for re-use within libcurl. |
| TFTP is UDP-based so the benefit was really low (if even existing) to begin |
| with so instead of tracking down to fix this problem we instead removed the |
| re-use. I also enabled test case 1099 that I wrote a few days ago to verify |
| that this change fixes the reported problem. |
| |
| Daniel Stenberg (28 Apr 2009) |
| - Constantine Sapuntzakis filed bug report #2783090 |
| (http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows |
| we need to grow the SO_SNDBUF buffer somewhat to get really good upload |
| speeds. http://support.microsoft.com/kb/823764 has the details. Friends |
| confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough. |
| |
| - Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim |
| Chen pointed out how curl couldn't upload with resume when reading from a |
| pipe. |
| |
| This ended up with the introduction of a new return code for the |
| CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but |
| that libcurl may try to resolve the situation anyway. In our case this means |
| libcurl will attempt to instead read that much data from the stream instead |
| of seeking and that way curl can now upload with resume when data is read |
| from a stream! |
| |
| Daniel Stenberg (26 Apr 2009) |
| - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven |
| Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi |
| interface and provided a patch that fixed the problem! |
| |
| Daniel Stenberg (24 Apr 2009) |
| - Kamil Dudka fixed another NSS-related leak when client certs were used. |
| |
| - Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer |
| Koenig pointed out that the man page didn't tell that the *_proxy |
| environment variables can be specified lower case or UPPER CASE and the |
| lower case takes precedence, |
| |
| Daniel Fandrich (21 Apr 2009) |
| - Added new libcurl source files to Amiga, RiscOS and VC6 build files. |
| |
| Yang Tse (21 Apr 2009) |
| - Moved potential inclusion of system's malloc.h and memory.h header files to |
| setup_once.h. Inclusion of each header file is based on the definition of |
| NEED_MALLOC_H and NEED_MEMORY_H respectively. |
| |
| Renamed libcurl's memory.h to curl_memory.h |
| |
| Daniel Stenberg (20 Apr 2009) |
| - Leanic Lefever reported a crash and did some detailed research on why and |
| how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The |
| conclusion was that if an error is detected and Curl_done() is called for |
| the connection, ftp_done() could at times return another error code that |
| then would take precedence and that new code confused existing logic that |
| works for the first error code (CURLE_SEND_ERROR) only. |
| |
| - Gisle Vanem noticed that --libtool would produce bogus strings at times for |
| OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - |
| within the app for setting plain string options to avoid the risk of this |
| mistake happening. |
| |
| Daniel Stenberg (17 Apr 2009) |
| - Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP |
| proxy. libcurl would then wrongly close the connection after each |
| request. In his case it had the weird side-effect that it killed NTLM auth |
| for the proxy causing an inifinite loop! |
| |
| I added test case 1098 to verify this fix. The test case does however not |
| properly verify that the transfers are done persistently - as I couldn't |
| think of a clever way to achieve it right now - but you need to read the |
| stderr output after a test run to see that it truly did the right thing. |
| |
| Daniel Stenberg (13 Apr 2009) |
| - bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin |
| Storsjö pointed out how setting CURLOPT_NOBODY to 0 could be downright |
| confusing as it set the method to either GET or HEAD. The example he showed |
| looked like: |
| |
| curl_easy_setopt(curl, CURLOPT_PUT, 1); |
| curl_easy_setopt(curl, CURLOPT_NOBODY, 0); |
| |
| The new way doesn't alter the method until the request is about to start. If |
| CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is |
| 0 and the request happens to have been set to HEAD, it will then instead be |
| set to GET. I believe this will be less surprising to users, and hopefully |
| not hit any existing users badly. |
| |
| - Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned |
| out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue |
| is found in Redhat's bug tracker: |
| https://bugzilla.redhat.com/show_bug.cgi?id=453612 |
| |
| There are still memory leaks present, but they seem to have other reasons. |
| |
| Daniel Fandrich (11 Apr 2009) |
| - Added new libcurl source files to Symbian OS build files. |
| - Improved Symbian support for SSL. |
| |
| Yang Tse (10 Apr 2009) |
| - Daniel Johnson improved the MacOSX-Framework shell script to now perform all |
| the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 |
| libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later. |
| |
| Yang Tse (8 Apr 2009) |
| - Removed Sun compilers preprocessor block from curlbuild.h.dist, this also |
| removes it from the curlbuild.h file originally distributed by the cURL |
| project as this file is intended for systems not capable of running the |
| configure script. For those who have been building curl out of the source |
| code curl distribution tarball provided by curl.haxx.se the change implies |
| nothing. Previous change in this area committed 2 Apr becomes irrelevant. |
| |
| Daniel Stenberg (6 Apr 2009) |
| - I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success |
| and 1 on fatal errors. Previously it only mentioned non-zero on fatal |
| errors. This is a slight change in meaning, but it follows what we've done |
| elsewhere before and it opens up for LOTS of more useful return codes |
| whenever we can think of them... |
| |
| Yang Tse (2 Apr 2009) |
| - Fix curl_off_t definition for builds done using Sun compilers and a |
| non-configured libcurl. In this case curl_off_t data type was gated |
| to the off_t data type which depends on the _FILE_OFFSET_BITS. This |
| configuration is exactly the unwanted configuration for our curl_off_t |
| data type which must not depend on such setting. This breaks ABI for |
| libcurl libraries built with Sun compilers which were built without |
| having run the configure script with _FILE_OFFSET_BITS different than |
| 64 and using the ILP32 data model. |
| |
| Daniel Stenberg (1 Apr 2009) |
| - Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a |
| strdup() call failed. |
| |
| Daniel Fandrich (31 Mar 2009) |
| - Properly return an error code in curl_easy_recv (reported by Jim Freeman). |
| |
| Daniel Stenberg (18 Mar 2009) |
| - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when |
| NSS is used. These ciphers were added in NSS 3.4 and require to be enabled |
| explicitly. |
| |
| Daniel Stenberg (13 Mar 2009) |
| - Use libssh2_version() to present the libssh2 version in case the libssh2 |
| library is found to support it. |
| |
| Yang Tse (12 Mar 2009) |
| - Added missing Curl_read() return code checking in TELNET transfers. |
| |
| - Pierre Brico found and fixed TELNET transfers not being aborted upon |
| a write callback failure. |
| |
| Daniel Stenberg (11 Mar 2009) |
| - Kamil Dudka made the curl tool properly call curl_global_init() before any |
| other libcurl function. |
| |
| Yang Tse (11 Mar 2009) |
| - Added missing TELNET timeout support for Windows builds. This issue was |
| reported by Pierre Brico. |
| |
| Daniel Stenberg (9 Mar 2009) |
| - Frank Hempel found out a bug and provided the fix: |
| |
| curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE |
| option. It only enabled the cookie engine in the destination handle if |
| data->cookies is not NULL (where data is the source handle). In case of a |
| newly initialized handle which just had the cookie support enabled by a |
| curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was |
| still NULL because the setopt-call only appends the value to |
| data->change.cookielist, hence duplicating this handle would not have the |
| cookie engine switched on. |
| |
| We also concluded that the slist-functionality would be suitable for being |
| put in its own module rather than simply hanging out in lib/sendf.c so I |
| created lib/slist.[ch] for them. |
| |
| - Andreas Farber made the 'buildconf' script check for the presence of m4 |
| scripts to make it detect a bad checkout earlier. People with older |
| checkouts who don't do cvs update with the -d option won't get the new dirs |
| and then will get funny outputs that can be a bit hard to understand and |
| fix. |
| |
| Daniel Stenberg (8 Mar 2009) |
| - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the |
| allocation of the memory BIO was not being properly checked. |
| |
| - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places |
| in the gnutls code where we were checking for negative values for errors, |
| when the man pages state that GNUTLS_E_SUCCESS is returned on success and |
| other values indicate error conditions. |
| |
| - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that |
| curl didn't use sprintf() in a way that is documented to work in POSIX but |
| since we use our own printf() code (from libcurl) that shouldn't be a |
| problem. Nonetheless I modified the code to not rely on such particular |
| features and to not cause further raised eyebrowse with no good reason. |
| |
| Daniel Fandrich (5 Mar 2009) |
| - Expanded the security section of the libcurl-tutorial man page to cover |
| more issues for authors to consider when writing robust libcurl-using |
| applications. |
| |
| Yang Tse (5 Mar 2009) |
| - Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This |
| issue was noticed by Chris Deidun. |
| |
| Daniel Fandrich (4 Mar 2009) |
| - Fixed a problem with m4 quoting in the OpenSSL configure check reported |
| by Daniel Johnson. |
| |
| Daniel Stenberg (3 Mar 2009) |
| - David James brought a patch that make libcurl close (all) dead connections |
| whenever you attempt to open a new connection. |
| |
| 1. After cleaning up a dead connection, "continue" instead of |
| returning FALSE. This ensures that we clean up all dead connections, |
| rather than just cleaning up the first dead connection. |
| 2. Move up the cleanup for dead connections so that it occurs for |
| all connections, rather than just the connections which have the same |
| preferences as our current new connection. |
| |
| Version 7.19.4 (3 March 2009) |
| |
| Daniel Stenberg (3 Mar 2009) |
| - David Kierznowski notified us about a security flaw |
| (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in |
| which previous libcurl versions (by design) can be tricked to access an |
| arbitrary local/different file instead of a remote one when |
| CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release |
| together this the addition of two new setopt options for controlling this |
| new behavior: |
| |
| o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to |
| follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option |
| excludes the FILE and SCP protocols and thus you nee to explicitly allow |
| them in your app if you really want that behavior. |
| |
| o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch |
| using the primary URL option. This is useful if you want to allow a user or |
| other outsiders control what URL to pass to libcurl and yet not allow all |
| protocols libcurl may have been built to support. |
| |
| Daniel Stenberg (27 Feb 2009) |
| - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and |
| CURLOPT_LOCALPORT were used together (the local port bind failed), and |
| Markus Koetter provided the fix! |
| |
| Daniel Stenberg (25 Feb 2009) |
| - As Daniel Fandrich figured out, we must do the GnuTLS initing in the |
| curl_global_init() function to properly maintain the performing functions |
| thread-safe. We've previously (28 April 2007) moved the init to a later time |
| just to avoid it to fail very early when libgcrypt dislikes the situation, |
| but that move was bad and the fix should rather be in libgcrypt or |
| elsewhere. |
| |
| Daniel Stenberg (24 Feb 2009) |
| - Brian J. Murrell found out that Negotiate proxy authentication didn't work. |
| It happened because the code used the struct for server-based auth all the |
| time for both proxy and server auth which of course was wrong. |
| |
| Daniel Stenberg (23 Feb 2009) |
| - After a bug reported by James Cheng I've made curl_easy_getinfo() for |
| CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return |
| -1 if the sizes aren't know. Previously these returned 0, make it impossible |
| to detect the difference between actually zero and unknown. |
| |
| Yang Tse (23 Feb 2009) |
| - Daniel Johnson provided a shell script that will perform all the steps needed |
| to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework |
| |
| Daniel Stenberg (23 Feb 2009) |
| - I renamed everything in the windows builds files that used the name 'curllib' |
| to the proper 'libcurl' as clearly this caused confusion. |
| |
| Yang Tse (20 Feb 2009) |
| - Do not halt compilation when using VS2008 to build a Windows 2000 target. |
| |
| Daniel Stenberg (20 Feb 2009) |
| - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with |
| FTP with the multi interface: when a transfer fails, like when aborted by a |
| write callback, the control connection was wrongly closed and thus not |
| re-used properly. |
| |
| This change is also an attempt to cleanup the code somewhat in this area, as |
| now the FTP code attempts to keep (better) track on pending responses |
| necessary to get read in ftp_done(). |
| |
| Daniel Stenberg (19 Feb 2009) |
| - Patrik Thunstrom reported a problem and helped me repeat it. It turned out |
| libcurl did a superfluous 1000ms wait when doing SFTP downloads! |
| |
| We read data with libssh2 while doing the "DO" operation for SFTP and then |
| when we were about to start getting data for the actual file part, the |
| "TRANSFER" part, we waited for socket action (in 1000ms) before doing a |
| libssh2-read. But in this case libssh2 had already read and buffered the |
| data so we ended up always just waiting 1000ms before we get working on the |
| data! |
| |
| Patrick Monnerat (18 Feb 2009) |
| - FTP downloads (i.e.: RETR) ending with code 550 now return error |
| CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. |
| |
| Daniel Stenberg (17 Feb 2009) |
| - Kamil Dudka made NSS-powered builds compile and run again! |
| |
| - A second follow-up change by Andre Guibert de Bruet to fix a related memory |
| leak like that fixed on the 14th. When zlib returns failure, we need to |
| cleanup properly before returning error. |
| |
| - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for |
| plain FTP connections, and it will then allow MKD to fail once and retry the |
| CWD afterwards. This is especially useful if you're doing many simultanoes |
| connections against the same server and they all have this option enabled, |
| as then CWD may first fail but then another connection does MKD before this |
| connection and thus MKD fails but trying CWD works! The numbers can |
| (should?) now be set with the convenience enums now called |
| CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. |
| |
| Tests has proven that if you're making an application that uploads a set of |
| files to an ftp server, you will get a noticable gain in speed if you're |
| using multiple connections and this option will be then be very useful. |
| |
| Daniel Stenberg (14 Feb 2009) |
| - Andre Guibert de Bruet found and fixed a memory leak in the content encoding |
| code, which could happen on libz errors. |
| |
| Daniel Fandrich (12 Feb 2009) |
| - Added support for Digest and NTLM authentication using GnuTLS. |
| |
| Daniel Stenberg (11 Feb 2009) |
| - CURLINFO_CONDITION_UNMET was added to allow an application to get to know if |
| the condition in the previous request was unmet. This is typically a time |
| condition set with CURLOPT_TIMECONDITION and was previously not possible to |
| reliably figure out. From bug report #2565128 |
| (http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert. |
| |
| Daniel Fandrich (4 Feb 2009) |
| - Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS |
| (respectively) when --with-ssl=/usr is used (patch based on FreeBSD). |
| |
| - Added an explicit buffer limit check in msdosify() (patch based on FreeBSD). |
| This couldn't ever overflow in curl, but might if the code were used |
| elsewhere or under different conditions. |
| |
| Daniel Stenberg (3 Feb 2009) |
| - Hidemoto Nakada provided a small fix that makes it possible to get the |
| CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with |
| CURLOPT_NOBODY set true. |
| |
| Daniel Stenberg (2 Feb 2009) |
| - Patrick Scott found a rather large memory leak when using the multi |
| interface and setting CURLMOPT_MAXCONNECTS to something less than the number |
| of handles you add to the multi handle. All the connections that didn't fit |
| in the cache would not be properly disconnected nor freed! |
| |
| - Craig A West brought us: libcurl now defaults to do CONNECT with HTTP |
| version 1.1 instead of 1.0 like before. This change also introduces the new |
| proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to |
| switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 |
| option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. |
| |
| I updated all test cases cases that use CONNECT and I tried to do some using |
| --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run. |
| |
| Daniel Stenberg (31 Jan 2009) |
| - When building with c-ares 1.6.1 (not yet released) or later and IPv6 support |
| enabled, we can now take advantage of its brand new AF_UNSPEC support in |
| ares_gethostbyname(). This makes test case 241 finally run fine for me with |
| this setup since it now parses the "::1 ip6-localhost" line fine in my |
| /etc/hosts file! |
| |
| Daniel Stenberg (30 Jan 2009) |
| - Scott Cantor filed bug report #2550061 |
| (http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to |
| properly make sure that the VC9 makefiles got included in the latest |
| release. I've now fixed the release script and verified it so next release |
| will hopefully include them properly! |
| |
| Daniel Fandrich (30 Jan 2009) |
| - Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for |
| reporting. |
| |
| Yang Tse (29 Jan 2009) |
| - Introduced curl_sspi.c and curl_sspi.h for the implementation of functions |
| Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were |
| named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c |
| Also adjusted socks_sspi.c to remove the link-time dependency on the Windows |
| SSPI library using it now in the same way as it was done in http_ntlm.c. |
| |
| Daniel Stenberg (28 Jan 2009) |
| - Markus Moeller introduced two new options to libcurl: |
| CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl |
| to do GSS-style authentication with SOCKS5 proxies. The curl tool got the |
| options called --socks5-gssapi-service and --socks5-gssapi-nec to enable |
| these. |
| |
| Daniel Stenberg (26 Jan 2009) |
| - Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app |
| to set desired block size to use for TFTP transfers instead of the default |
| 512 bytes. |
| |
| - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to |
| disable "rfc4507bis session ticket support". rfc4507bis was later turned |
| into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077 |
| |
| The enabled extension concerns the session management. I wonder how often |
| libcurl stops a connection and then resumes a TLS session. also, sending the |
| session data is some overhead. .I suggest that you just use your proposed |
| patch (which explicitly disables TICKET). |
| |
| If someone writes an application with libcurl and openssl who wants to |
| enable the feature, one can do this in the SSL callback. |
| |
| Sharad Gupta brought this to my attention. Peter Sylvester helped me decide |
| on the proper action. |
| |
| - Alexey Borzov filed bug report #2535504 |
| (http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with |
| quoted quotation marks in HTTP Digest headers didn't work. I've now added |
| test case 1095 that verifies my fix. |
| |
| - Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option. |
| They basically offer the same thing the NO_PROXY environment variable only |
| offered previously: list a set of host names that shall not use the proxy |
| even if one is specified. |
| |
| Daniel Fandrich (20 Jan 2009) |
| - Call setlocale() for libtest tests to test the effects of locale-induced |
| libc changes on libcurl. |
| |
| - Fixed a couple more locale-dependent toupper conversions, mainly for |
| clarity. This does fix one problem that causes ;type=i FTP URLs |
| to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is |
| used (test case 561) |
| |
| - Added tests 561 and 1091 through 1094 to test various combinations |
| of ;type= and ;mode= URLs that could potentially fail in the Turkish |
| locale. |
| |
| Daniel Stenberg (20 Jan 2009) |
| - Lisa Xu pointed out that the ssh.obj file was missing from the |
| lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too). |
| |
| Version 7.19.3 (19 January 2009) |
| |
| Daniel Stenberg (16 Jan 2009) |
| - Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both |
| 32 bit and 64 bit. |
| |
| Daniel Stenberg (15 Jan 2009) |
| - Tim Ansell fixed a compiler warning in lib/cookie.c |
| |
| Daniel Stenberg (14 Jan 2009) |
| - Grant Erickson fixed timeouts for TFTP such that specifying a |
| connect-timeout, a max-time or both options work correctly and as expected |
| by passing the correct boolean value to Curl_timeleft via the |
| 'duringconnect' parameter. |
| |
| With this small change, curl TFTP now behaves as expected (and likely as |
| originally-designed): |
| |
| 1) For non-existent or unreachable dotted IP addresses: |
| |
| a) With no options, follows the default curl 300s timeout... |
| b) With --connect-timeout only, follows that value... |
| c) With --max-time only, follows that value... |
| d) With both --connect-timeout and --max-time, follows the smaller value... |
| |
| and times out with a "curl: (7) Couldn't connect to server" error. |
| |
| 2) For transfers to/from a valid host: |
| |
| a) With no options, follows default curl 300s timeout for the |
| first XRQ/DATA/ACK transaction and the default TFTP 3600s |
| timeout for the remainder of the transfer... |
| |
| b) With --connect-time only, follows that value for the |
| first XRQ/DATA/ACK transaction and the default TFTP 3600s |
| timeout for the remainder of the transfer... |
| |
| c) With --max-time only, follows that value for the first |
| XRQ/DATA/ACK transaction and for the remainder of the |
| transfer... |
| |
| d) With both --connect-timeout and --max-time, follows the former |
| for the first XRQ/DATA/ACK transaction and the latter for the |
| remainder of the transfer... |
| |
| and times out with a "curl: (28) Timeout was reached" error as |
| appropriate. |
| |
| Daniel Stenberg (13 Jan 2009) |
| - Michael Wallner fixed a NULL pointer deref when calling |
| curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no |
| cookies data. |
| |
| - Stefan Teleman brought a patch to fix the default curlbuild.h file for the |
| SunPro compilers. |
| |
| Daniel Stenberg (12 Jan 2009) |
| - Based on bug report #2498665 (http://curl.haxx.se/bug/view.cgi?id=2498665) |
| by Daniel Black, I've now added magic to the configure script that makes it |
| use pkg-config to detect gnutls details as well if the existing method |
| (using libgnutls-config) fails. While doing this, I cleaned up and unified |
| the pkg-config usage when detecting openssl and nss as well. |
| |
| Daniel Stenberg (11 Jan 2009) |
| - Karl Moerder brought the patch that creates vc9 Makefiles, and I made |
| 'maketgz' now use the actual makefile targets to do the VC8 and VC9 |
| makefiles. |
| |
| Daniel Stenberg (10 Jan 2009) |
| - Emil Romanus fixed: |
| |
| When using the multi interface over HTTP and the server returns a Location |
| header, the running easy handle will get stuck in the CURLM_STATE_PERFORM |
| state, leaving the external event loop stuck waiting for data from the |
| ingoing socket (when using the curl_multi_socket_action stuff). While this |
| bug was pretty hard to find, it seems to require only a one-line fix. The |
| break statement on line 1374 in multi.c caused the function to skip the call |
| to multistate(). |
| |
| How to reproduce this bug? Well, that's another question. evhiperfifo.c in |
| the examples directory chokes on this bug only _sometimes_, probably |
| depending on how fast the URLs are added. One way of testing the bug out is |
| writing to hiper.fifo from more than one source at the same time. |
| |
| Daniel Fandrich (7 Jan 2009) |
| - Unified much of the SessionHandle initialization done in Curl_open() and |
| curl_easy_reset() by creating Curl_init_userdefined(). This had the side |
| effect of fixing curl_easy_reset() so it now also resets |
| CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE |
| |
| Daniel Stenberg (7 Jan 2009) |
| - Rob Crittenden did once again provide an NSS update: |
| |
| I have to jump through a few hoops now with the NSS library initialization |
| since another part of an application may have already initialized NSS by the |
| time Curl gets invoked. This patch is more careful to only shutdown the NSS |
| library if Curl did the initialization. |
| |
| It also adds in a bit of code to set the default ciphers if the app that |
| call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific |
| ciphers. One might argue that this lets other application developers get |
| lazy and/or they aren't using the NSS API correctly, and you'd be right. |
| But still, this will avoid terribly difficult-to-trace crashes and is |
| generally helpful. |
| |
| Daniel Stenberg (1 Jan 2009) |
| - 'reconf' is removed since we rather have users use 'buildconf' |
| |
| Daniel Stenberg (31 Dec 2008) |
| - Bas Mevissen reported http://curl.haxx.se/bug/view.cgi?id=2479030 pointing |
| out that 'reconf' didn't properly point out the m4 subdirectory when running |
| aclocal. |
| |
| Daniel Stenberg (29 Dec 2008) |
| - Phil Lisiecki filed bug report #2413067 |
| (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that |
| would cause libcurl to mark a DNS cache entry "in use" eternally if the |
| subsequence TCP connect failed. It would thus never get pruned and refreshed |
| as it should've been. |
| |
| Phil provided his own patch to this problem that while it seemed to work |
| wasn't complete and thus I wrote my own fix to the problem. |
| |
| Daniel Stenberg (28 Dec 2008) |
| - Peter Korsgaard fixed building libcurl with "configure --with-ssl |
| --disable-verbose". |
| |
| - Anthony Bryan fixed more language and spelling flaws in man pages. |
| |
| Daniel Stenberg (22 Dec 2008) |
| - Given a recent enough libssh2, libcurl can now seek/resume with SFTP even |
| on file indexes beyond 2 or 4GB. |
| |
| - Anthony Bryan provided a set of patches that cleaned up manual language, |
| corrected spellings and more. |
| |
| Daniel Stenberg (20 Dec 2008) |
| - Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing |
| pipelining, as libcurl could then easily get confused and A) work on the |
| handle that was not "first in queue" on a pipeline, or even B) tell the app |
| to REMOVE a socket while it was in use by a second handle in a pipeline. Both |
| errors caused hanging or stalling applications. |
| |
| Daniel Stenberg (19 Dec 2008) |
| - curl_multi_timeout() could return a timeout value of 0 even though nothing |
| was actually ready to get done, as the internal time resolution is higher |
| than the returned millisecond timer. Therefore it could cause applications |
| running on fast processors to do short bursts of busy-loops. |
| curl_multi_timeout() will now only return 0 if the timeout is actually |
| alreay triggered. |
| |
| - Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl |
| now has an improved ability to do right when the multi interface (both |
| "regular" and multi_socket) is used for SCP and SFTP transfers. This should |
| result in (much) less busy-loop situations and thus less CPU usage with no |
| speed loss. |
| |
| Daniel Stenberg (17 Dec 2008) |
| - SCP and SFTP with the multi interface had the same flaw: the 'DONE' |
| operation didn't complete properly if the EAGAIN equivalent was returned but |
| libcurl would simply continue with a half-completed close operation |
| performed. This ruined persistent connection re-use and cause some |
| SSH-protocol errors in general. The correction is unfortunately adding a |
| blocking function - doing it entirely non-blocking should be considered for |
| a better fix. |
| |
| Gisle Vanem (16 Dec 2008) |
| - Added the possibility to use the Watt-32 tcp/ip stack under Windows. |
| The change simply involved adding a USE_WATT32 section in the |
| config-win32.h files (under ./lib and ./src). This section disables |
| the use of any Winsock headers. |
| |
| Daniel Stenberg (16 Dec 2008) |
| - libssh2_sftp_last_error() was wrongly used at some places in libcurl which |
| made libcurl sometimes not properly abort problematic SFTP transfers. |
| |
| Daniel Stenberg (12 Dec 2008) |
| - More work with Igor Novoseltsev to first fix the remaining stuff for |
| removing easy handles from multi handles when the easy handle is/was within |
| a HTTP pipeline. His bug report #2351653 |
| (http://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was |
| eventually fixed by a patch by Igor himself. |
| |
| Yang Tse (12 Dec 2008) |
| - Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting |
| OS/400 compilations with IPv6 enabled. |
| |
| Daniel Stenberg (12 Dec 2008) |
| - Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists |
| when using duphandle+curl_mutli" |
| (http://curl.haxx.se/bug/view.cgi?id=2416182) which showed that |
| curl_easy_duphandle() wrongly also copied the pointer to the connection |
| cache, which was plain wrong and caused a segfault if the handle would be |
| used in a different multi handle than the handle it was duplicated from. |
| |
| Daniel Stenberg (11 Dec 2008) |
| - Keshav Krity found out that libcurl failed to deal with dotted IPv6 |
| addresses if they were very long (>39 letters) due to a too strict address |
| validity parser. It now accepts addresses up to 45 bytes long. |
| |
| Daniel Stenberg (11 Dec 2008) |
| - Internet Explorer had a broken HTTP digest authentication before v7 and |
| there are servers "out there" that relies on the client doing this broken |
| Digest authentication. Apache even comes with an option to work with such |
| broken clients. |
| |
| The difference is only for URLs that contain a query-part (a '?'-letter and |
| text to the right of it). |
| |
| libcurl now supports this quirk, and you enable it by setting the |
| CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or |
| CURLOPT_PROXYAUTH options. They are thus individually controlled to server |
| and proxy. |
| |
| (note that there's no way to activate this with the curl tool yet) |
| |
| Daniel Fandrich (9 Dec 2008) |
| - Added test cases 1089 and 1090 to test --write-out after a redirect to |
| test a report that the size didn't work, but these test cases pass. |
| |
| - Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs. |
| |
| Daniel Stenberg (9 Dec 2008) |
| - Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any |
| particular state for the control connection like it did before for implicit |
| FTPS (libcurl assumed such control connections to be encrypted while some |
| FTPS servers such as FileZilla assumes such connections to be clear |
| mode). Use the CURLOPT_USE_SSL option to set your desired level. |
| |
| Daniel Stenberg (8 Dec 2008) |
| - Fred Machado posted about a weird FTP problem on the curl-users list and when |
| researching it, it turned out he got a 550 response back from a SIZE command |
| and then I fell over the text in RFC3659 that says: |
| |
| The presence of the 550 error response to a SIZE command MUST NOT be taken |
| by the client as an indication that the file cannot be transferred in the |
| current MODE and TYPE. |
| |
| In other words: the change I did on September 30th 2008 and that has been |
| included in the last two releases were a regression and a bad idea. We MUST |
| NOT take a 550 response from SIZE as a hint that the file doesn't exist. |
| |
| - Christian Krause filed bug #2221237 |
| (http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite |
| loop during GSS authentication given some specific conditions. With his |
| patience and great feedback I managed to narrow down the problem and |
| eventually fix it although I can't test any of this myself! |
| |
| Daniel Fandrich (3 Dec 2008) |
| - Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6 |
| support (e.g. Minix) |
| |
| Daniel Stenberg (3 Dec 2008) |
| - Igor Novoseltsev filed bug #2351645 |
| (http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with |
| the multi interface that occured if you removed an easy handle while in |
| progress and the handle was used in a HTTP pipeline. |
| |
| - Pawel Kierski pointed out a mistake in the cookie code that could lead to a |
| bad fclose() after a fatal error had occured. |
| (http://curl.haxx.se/bug/view.cgi?id=2382219) |
| |
| Daniel Fandrich (25 Nov 2008) |
| - If a HTTP request is Basic and num is already >=1000, the HTTP test |
| server adds 1 to num to get the data section to return. This allows |
| testing authentication negotiations using the Basic authentication |
| method. |
| |
| - Added tests 1087 and 1088 to test Basic authentication on a redirect |
| with and without --location-trusted |
| |
| Daniel Stenberg (24 Nov 2008) |
| - Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19 |
| function when built to support SCP and SFTP that helps the library to know |
| in which direction a particular libssh2 operation would return EAGAIN so |
| that libcurl knows what socket conditions to wait for before trying the |
| function call again. Previously (and still when using libssh2 0.18 or |
| earlier), libcurl will busy-loop in this situation when the easy interface |
| is used! |
| |
| Daniel Fandrich (20 Nov 2008) |
| - Automatically detect OpenBSD's CA cert bundle. |
| |
| Daniel Stenberg (19 Nov 2008) |
| - I removed the default use of "Pragma: no-cache" from libcurl when a proxy is |
| used. It has been used since forever but it was never a good idea to use |
| unless explicitly asked for. |
| |
| - Josef Wolf's extension that allows a $TESTDIR/gdbinit$testnum file that when |
| you use runtests.pl -g, will be sourced by gdb to allow additional fancy or |
| whatever you see fit |
| |
| - Christian Krause reported and fixed a memory leak that would occur with HTTP |
| GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386) |
| |
| - Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got |
| when uploading files to a single FTP server using multiple easy handle |
| handles with the multi interface. Occasionally a handle would stall in |
| mysterious ways. |
| |
| The problem turned out to be a side-effect of the ConnectionExists() |
| function's eagerness to re-use a handle for HTTP pipelining so it would |
| select it even if already being in use, due to an inadequate check for its |
| chances of being used for pipelnining. |
| |
| Daniel Fandrich (17 Nov 2008) |
| - Added more compiler warning options for gcc 4.3 |
| |
| Yang Tse (17 Nov 2008) |
| - Fix a remaining problem in the inet_pton() runtime configure check. And |
| fix internal Curl_inet_pton() failures to reject certain malformed literals. |
| |
| - Make configure script check if ioctl with the SIOCGIFADDR command can be |
| used, and define HAVE_IOCTL_SIOCGIFADDR if appropriate. |
| |
| Daniel Stenberg (16 Nov 2008) |
| - Christian Krause fixed a build failure when building with gss support |
| enabled and FTP disabled. |
| |
| - Added check for NULL returns from strdup() in src/main.c and lib/formdata.c |
| - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do |
| for example -O on a url with a file name part longer than PATH_MAX letters |
| |
| - lib/nss.c fixes based on the report by Jim Meyering: I went over and added |
| checks for return codes for all calls to malloc and strdup that were |
| missing. I also changed a few malloc(13) to use arrays on the stack and a |
| few malloc(PATH_MAX) to instead use aprintf() to lower memory use. |
| |
| - I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is |
| in use. |
| |
| Daniel Fandrich (14 Nov 2008) |
| - Added .xml as one of the few common file extensions known by the multipart |
| form generator. |
| |
| - Added some #ifdefs around header files and change the EAGAIN test to |
| fix compilation on Cell (reported by Jeff Curley). |
| |
| Yang Tse (14 Nov 2008) |
| - Fixed several configure script issues affecting checks for inet_ntoa_r(), |
| inet_ntop(), inet_pton(), getifaddrs(), fcntl() and getaddrinfo(). |
| |
| Yang Tse (13 Nov 2008) |
| - Refactored configure script detection of functions used to set sockets into |
| non-blocking mode, and decouple function detection from function capability. |
| |