summaryrefslogtreecommitdiff
path: root/cross
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2005-03-05 14:23:00 +0000
committerwiz <wiz@pkgsrc.org>2005-03-05 14:23:00 +0000
commitca97fe250f60ba2b9d36d326ec64e95b280c92c1 (patch)
treeb827b91df46cb04da0672262a4db9a2645caada6 /cross
parent25bd9b102cb06d3d433fa8f5489c07a1e223b807 (diff)
downloadpkgsrc-ca97fe250f60ba2b9d36d326ec64e95b280c92c1.tar.gz
Update to 7.13.1:
Version 7.13.1 (4 March 2005) Daniel (4 March 2005) - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate the cookie "engine" without having to provide an empty or non-existing file. - Rene Rebe fixed a -# crash when more data than expected was retrieved. Daniel (22 February 2005) - NTLM and ftp-krb4 buffer overflow fixed, as reported here: http://www.securityfocus.com/archive/1/391042 and the CAN report here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 If these security guys were serious, we'd been notified in advance and we could've saved a few of you a little surprise, but now we weren't. Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem. Daniel (18 February 2005) - Mike Dobbs reported a mingw build failure due to the lack of BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by configure when mingw is used. Daniel (17 February 2005) - David in bug report #1124588 found and fixed a socket leak when libcurl didn't close the socket properly when returning error due to failing localbind Daniel (16 February 2005) - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send. Daniel (14 February 2005) - The configure script didn't check for ENGINE_load_builtin_engines() so it was never used. Daniel (11 February 2005) - Removed all uses of strftime() since it uses the localised version of the week day names and month names and servers don't like that. Daniel (10 February 2005) - Now the test script disables valgrind-testing when the test suite runs if libcurl is built shared. Otherwise valgrind only tests the shell that runs the wrapper-script named 'curl' that is a front-end to curl in this case. This should also fix the huge amount of reports of false positives when valgrind has identified leaks in (ba)sh and not in curl and people report that as curl bugs. Bug report #1116672 is one example. Also, the valgrind report parser has been adapted to check that at least one of the sources in a stack strace is one of (lib)curl's source files or otherwise it will not consider the problem to concern (lib)curl. - Marty Kuhrt streamlined the VMS build. Daniel (9 February 2005) - David Byron fixed his SSL problems, initially mentioned here: http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use SSL_pending() as we should. - Converted lots of FTP code to a statemachine, so that the multi interface doesn't block while communicating commands-responses with an FTP server. I've added a comment like BLOCKING in the code on all spots I could find where we still have blocking operations. When we change curl_easy_perform() to use the multi interface, we'll also be able to simplify the code since there will only be one "internal interface". While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the new CURLE_LOGIN_DENIED. The first one is now access denied to a function, like changing directory or retrieving a file, while the second means that we were denied login. The CVS tag 'before_ftp_statemachine' was set just before this went in, in case of future need. - Gisle made the DICT code send CRLF and not just LF as the spec says so. Daniel (8 February 2005) - Gisle fixed problems when libcurl runs out of memory, and worked on making sure the proper error code is returned for those occations. Daniel (7 February 2005) - Maruko pointed out a problem with inflate decompressing exactly 64K contents. Daniel (5 February 2005) - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing PORT on ipv6-enabled hosts. - David Byron pointed out we could use BUFSIZE to read data (in lib/transfer.c) instead of using BUFSIZE -1.
Diffstat (limited to 'cross')
0 files changed, 0 insertions, 0 deletions