| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes:
* curl -T: ignore file size of special files
* Added GOPHER protocol support
* Added mk-ca-bundle.vbs script
* c-ares build now requires c-ares >= 1.6.0
Bugfixes:
* --remote-header-name security vulnerability fixed
* multi: support the timeouts correctly, fixes known bug #62
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
* negotiation: Wrong proxy authorization
* multi: avoid sending multiple complete messages
* cmdline: make -F type= accept ;charset=
* RESUME_FROM: clarify what ftp uploads do
* http: handle trailer headers in all chunked responses
* Curl_is_connected: use correct errno
* Added SSPI build to Watcom makefile
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
* linking problem on Fedora 13
* Link curl and the test apps with -lrt explicitly when necessary
* chunky parser: only rewind stream internally if needed
* remote-header-name: don't output filename when NULL
* Curl_timeleft: avoid returning "no timeout" by mistake
* timeout: use the correct start value as offset
* FTP: fix wrong timeout trigger
* buildconf got better output on failures
* rtsp: avoid SIGSEGV on malformed header
* LDAP: Support for tunnelling queries through HTTP proxy
* configure's --enable-werror had a bashism
* test565: Don't hardcode IP:PORT
* configure: check for gcrypt if using GnuTLS
* configure: don't enable RTMP if the lib detect fails
* curl_easy_duphandle: clone the c-ares handle correctly
* MacOSX-Framework: updates for Snowleopard
* support URL containing colon without trailing port number
* parsedate: allow time specified without seconds
* curl_easy_escape: don't escape "unreserved" characters
* SFTP: avoid downloading negative sizes
* Lots of GSS/KRB FTP fixes
* TFTP: Work around tftpd-hpa upload bug
* libcurl.m4: several fixes
* HTTP: remove special case for 416
* examples: use example.com in example URLs
* globbing: fix crash on unballanced open brace
* cmake: build fixed
|
|
changes: bugfixes
|
|
changes:
added the --proto and -proto-redir options
new configure option --enable-threaded-resolver
improve TELNET ability with libcurl
added support for PolarSSL
added support for FTP wildcard matching and downloads
added support for RTMP
added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
|
|
Version 7.20.0 (9 February 2010)
Daniel Stenberg (9 Feb 2010)
- When downloading compressed content over HTTP and the app asked libcurl to
automatically uncompress it with the CURLOPT_ENCODING option, libcurl could
wrongly provide the callback with more data than the maximum documented
amount. An application could thus get tricked into badness if the maximum
limit was trusted to be enforced by libcurl itself (as it is documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
Daniel Fandrich (3 Feb 2010)
- Changed the Watcom makefiles to make them easier to keep in sync with
Makefile.inc since that can't be included directly.
Yang Tse (2 Feb 2010)
- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release,
symbol will not be available when building with CURL_NO_OLDIES defined. Use
of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0
Daniel Stenberg (1 Feb 2010)
- Using the multi_socket API, it turns out at times it seemed to "forget"
connections (which caused a hang). It turned out to be an existing (7.19.7)
bug in libcurl (that's been around for a long time) and it happened like
this:
The app calls curl_multi_add_handle() to add a new easy handle, libcurl will
then set it to timeout in 1 millisecond so libcurl will tell the app about
it.
The app's timeout fires off that there's a timeout, the app calls libcurl as
we so often document it:
do {
res = curl_multi_socket_action(... TIMEOUT ...);
} while(CURLM_CALL_MULTI_PERFORM == res);
And this is the problem number one:
When curl_multi_socket_action() is called with no specific handle, but only
a timeout-action, it will *only* perform actions within libcurl that are
marked to run at this time. In this case, the request would go from INIT to
CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl
again, there's no timer set for this handle so it remains in the CONNECT
state. The CONNECT state is a transitional state in libcurl so it reports no
sockets there, and thus libcurl never tells the app anything more about that
easy handle/connection.
libcurl _does_ set a 1ms timeout for the handle at the end of
multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop
is instant the new job is not ready to run at that point (and there's no
code that makes libcurl call the app to update the timout for this new
timeout). It will simply rely on that some other timeout will trigger later
on or that something else will update the timeout callback. This makes the
bug fairly hard to repeat.
The fix made to adress this issue:
We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
benefit that this goes in line with my long-term wishes to get rid of the
CURLM_CALL_MULTI_PERFORM all together from the public API.
The downside of this fix, is that the counter we return in 'running_handles'
in several of our public functions then gets a slightly new and possibly
confusing behavior during times:
If an app adds a handle that fails to connect (very quickly) it may just
as well never appear as a 'running_handle' with this fix. Previously it
would first bump the counter only to get it decreased again at next call.
Even I have used that change in handle counter to signal "end of a
transfer". The only *good* way to find the end of a individual transfer
is calling curl_multi_info_read() to see if it returns one.
Of course, if the app previously did the looping before it checked the
counter, it really shouldn't be any new effect.
Yang Tse (26 Jan 2010)
- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months
relative to the asynchronous DNS lookups, along with with some integration
adjustments I have done are finally committed to CVS.
Currently these enhancements will benefit builds done using c-ares on any
platform as well as Windows builds using the default threaded resolver.
This release does not make generally available POSIX threaded DNS lookups
yet. There is no configure option to enable this feature yet. It is possible
to experimantally try this feature running configure with compiler flags that
make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and
HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones
are required to link and properly use pthread_* functions on each platform.
Daniel Stenberg (26 Jan 2010)
- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
proxy that cannot be resolved when using c-ares. This matches the behaviour
when not using c-ares.
Bj
- Added a new flag: -J/--remote-header-name. This option tells the
-O/--remote-name option to use the server-specified Content-Disposition
filename instead of extracting a filename from the URL.
Daniel Stenberg (21 Jan 2010)
- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
libcurl options for controlling what to get and how to receive posssibly
interleaved RTP data.
Daniel Stenberg (20 Jan 2010)
- As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
where two cookies using the same name are set more than once using
(overlapping) paths. Realizing this, identically named cookies must be
sorted correctly. But detecting only identically named cookies and take care
of them individually is harder than just to blindly and unconditionally sort
all cookies based on their path lengths. All major browsers also already do
this, so this makes our behavior one step closer to them in the cookie area.
Test case 8 was the only one that broke due to this change and I updated it
accordingly.
Daniel Stenberg (19 Jan 2010)
- David McCreedy brought a fix and a new test case (129) to make libcurl work
again when downloading files over FTP using ASCII and it turns out that the
final size of the file is not the same as the initial size the server
reported. This is very common since servers don't take the newline
conversions into account.
Kamil Dudka (14 Jan 2010)
- Suppressed side effect of OpenSSL configure checks, which prevented NSS from
being properly detected under certain circumstances. It had been caused by
strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config
distinguishes among empty and non-existent environment variable in that case.
Daniel Stenberg (12 Jan 2010)
- Gil Weber reported a peculiar flaw with the multi interface when doing SFTP
transfers: curl_multi_fdset() would return -1 and not set and file
descriptors several times during a transfer of a single file. It turned out
to be due to two different flaws now fixed. Gil's excellent recipe helped me
nail this.
Daniel Stenberg (11 Jan 2010)
- Made sure that the progress callback is repeatedly called at a regular
interval even during very slow connects.
- The tests/runtests.pl script now checks to see if the test case that runs is
present in the tests/data/Makefile.am and outputs a notice message on the
screen if not. Each test file has to be included in that Makefile.am to get
included in release archives and forgetting to add files there is a common
mistake. This is an attempt to make it harder to forget.
Daniel Stenberg (9 Jan 2010)
- Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
each call. When sessions are re-used this reference counter may be
incremented many times, but it will be decremented only once when done (by
Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
if this reference count remains positive. When a session is re-used the
reference counter should be corrected by explicitly calling
SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
introducing a memory leak.
(http://curl.haxx.se/bug/view.cgi?id=2926284)
Daniel Stenberg (7 Jan 2010)
- Make sure the progress callback is called repeatedly even during very slow
name resolves when c-ares is used for resolving.
Claes Jakobsson (6 Jan 2010)
- Julien Chaffraix fixed so that the fragment part in an URL is not sent
to the server anymore.
Kamil Dudka (3 Jan 2010)
- Julien Chaffraix eliminated a duplicated initialization in singlesocket().
Daniel Stenberg (2 Jan 2010)
- Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific
versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to
control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old
option names are still working but the new ones are the ones listed and
documented.
Daniel Stenberg (1 Jan 2010)
- Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This
command is a special "hack" used by the drftpd server, but even though it is
a custom extension I've deemed it fine to add to libcurl since this server
seems to survive and people keep using it and want libcurl to support
it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also
usable from the curl tool with --ftp-pret. Using this option on a server
that doesn't support this command will make libcurl fail.
I added test cases 1107 and 1108 to verify the functionality.
The PRET command is documented at
http://www.drftpd.org/index.php/Distributed_PASV
Yang Tse (30 Dec 2009)
- Steven M. Schweda improved VMS build system, and Craig A. Berry helped
with the patch and testing.
Daniel Stenberg (26 Dec 2009)
- Renato Botelho and Peter Pentchev brought a patch that makes the libcurl
headers work correctly even on FreeBSD systems before v8.
(http://curl.haxx.se/bug/view.cgi?id=2916915)
Daniel Stenberg (17 Dec 2009)
- David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
- Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I
was a bit too quick and broke test case 1101 with that change. The order of
some of the setups is sensitive. I now changed it slightly again to make
sure we do them in this order:
1 - parse URL and figure out what protocol is used in the URL
2 - prepend protocol:// to URL if missing
3 - parse name+password off URL, which needs to know what protocol is used
(since only some allows for name+password in the URL)
4 - figure out if a proxy should be used set by an option
5 - if no proxy option, check proxy environment variables
6 - run the protocol-specific setup function, which needs to have the proxy
already set
Daniel Stenberg (15 Dec 2009)
- Jon Nelson found a regression that turned out to be a flaw in how libcurl
detects and uses proxies based on the environment variables. If the proxy
was given as an explicit option it worked, but due to the setup order
mistake proxies would not be used fine for a few protocols when picked up
from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added
test case 1106 that verifies this functionality.
(http://curl.haxx.se/bug/view.cgi?id=2913886)
Daniel Stenberg (12 Dec 2009)
- IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S
and SMTPS) are now supported. The current state may not yet be solid, but
the foundation is in place and the test suite has some initial support for
these protocols. Work will now persue to make them nice libcurl citizens
until release.
The work with supporting these new protocols was sponsored by
networking4all.com - thanks!
Daniel Stenberg (10 Dec 2009)
- Siegfried Gyuricsko found out that the curl manual said --retry would retry
on FTP errors in the transient 5xx range. Transient FTP errors are in the
4xx range. The code itself only tried on 5xx errors that occured _at login_.
Now the retry code retries on all FTP transfer failures that ended with a
4xx response.
(http://curl.haxx.se/bug/view.cgi?id=2911279)
- Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
of cleaning things up. I fixed it.
(http://curl.haxx.se/bug/view.cgi?id=2905220)
Daniel Stenberg (7 Dec 2009)
- Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
larger than 1024 bytes.
Daniel Stenberg (1 Dec 2009)
- If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
data->state.expect100header accordingly - the current code (in 7.19.7 at
least) doesn't handle this properly. Martin Storsjo provided the fix!
Yang Tse (28 Nov 2009)
- Added Diffie-Hellman parameters to several test harness certificate files in
PEM format. Required by several stunnel versions used by our test harness.
Daniel Stenberg (28 Nov 2009)
- Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
be used non-blocking with the multi interface and more. BLKSIZE also works.
The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
the command line.
Daniel Stenberg (26 Nov 2009)
- Extended and fixed the change I did on Dec 11 for the the progress
meter/callback during FTP command/response sequences. It turned out it was
really lame before and now the progress meter SHOULD get called at least
once per second.
Daniel Stenberg (23 Nov 2009)
- Bjorn Augustsson reported a bug which made curl not report any problems even
though it failed to write a very small download to disk (done in a single
fwrite call). It turned out to be because fwrite() returned success, but
there was insufficient error-checking for the fclose() call which tricked
curl to believe things were fine.
Yang Tse (23 Nov 2009)
- David Byron modified Makefile.dist vc8 and vc9 targets in order to allow
finer granularity control when generating src and lib makefiles.
Yang Tse (22 Nov 2009)
- I modified configure to force removal of the curlbuild.h file included in
distribution tarballs for use by non-configure systems. As intended, this
would get overwriten when doing in-tree builds. But VPATH builds would end
having two curlbuild.h files, one in the source tree and another in the
build tree. With the modification I introduced 5 Nov 2009 this could become
an issue when running libcurl's test suite.
Daniel Stenberg (20 Nov 2009)
- Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
socket. Detected to at least happen with OpenSSL builds.
- Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
same proxy with the tunnel option disabled would still wrongly re-use that
previous connection and the outcome would only be badness.
Yang Tse (18 Nov 2009)
- I modified the memory tracking system to make it intolerant with zero sized
malloc(), calloc() and realloc() function calls.
Daniel Stenberg (17 Nov 2009)
- Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:
1. Set up a first web server that redirects (307) to a http://server:port
that's down
2. Have curl connect to the first web server using curl multi
After the curl_easy_cleanup call, there will be curl dns entries hanging
around with in_use != 0.
(http://curl.haxx.se/bug/view.cgi?id=2891591)
- Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into
its pkg-config file. So -Wl stuff ended up in the .pc file, which is really
bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in
PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592)
Kamil Dudka (15 Nov 2009)
- David Byron improved the configure script to use pkg-config to find OpenSSL
(and in particular the list of required libraries) even if a path is given
as argument to --with-ssl
Yang Tse (15 Nov 2009)
- I removed enable-thread / disable-thread configure option. These were only
placebo options. The library is always built as thread safe as possible on
every system.
Claes Jakobsson (14 Nov 2009)
- curl-config now accepts '--configure' to see what arguments was
passed to the configure script when building curl.
Daniel Stenberg (14 Nov 2009)
- Claes Jakobsson restored the configure functionality to detect NSS when
--with-nss is set but not "yes".
I think we can still improve that to check for pkg-config in that path etc,
but at least this patch brings back the same functionality we had before.
- Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
can select a private key/cert automatically (When there is only one key
and/or certificate on the hardware device used by the engine)
Yang Tse (14 Nov 2009)
- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
I refactored how preprocessor symbol _THREAD_SAFE definition is done.
Kamil Dudka (12 Nov 2009)
- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
before and always closed unresolved. More info at the RH bug:
https://bugzilla.redhat.com/534176
- libcurl-NSS now tries to reconnect with TLS disabled in case it detects
a broken TLS server. However it does not happen if SSL version is selected
manually. The approach was originally taken from PSM. Kaspar Brand helped me
to complete the patch. Original bug reports:
https://bugzilla.redhat.com/525496
https://bugzilla.redhat.com/527771
Yang Tse (12 Nov 2009)
- I modified configure script to make the getaddrinfo function check also
verify if the function is thread safe.
Yang Tse (11 Nov 2009)
- Marco Maggi reported that compilation failed when configured --with-gssapi
and GNU GSS installed due to a missing mutual exclusion of header files in
the Kerberos 5 code path. He also verified that my patch worked for him.
Daniel Stenberg (11 Nov 2009)
- Constantine Sapuntzakis posted bug #2891595
(http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
in the DNS cache would linger too long if the request that added it was in
use that long. He also provided the patch that now makes libcurl capable of
still doing a request while the DNS hash entry may get timed out.
- Christian Schmitz noticed that the progress meter/callback was not properly
used during the FTP connection phase (after the actual TCP connect), while
it of course should be. I also made the speed check get called correctly so
that really slow servers will trigger that properly too.
Kamil Dudka (5 Nov 2009)
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
Yang Tse (5 Nov 2009)
- I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.
Daniel Stenberg (4 Nov 2009)
- I fixed several problems with the transfer progress meter. It showed the
wrong percentage for small files, most notable for <1000 bytes and could
easily end up showing more than 100% at the end. It also didn't show any
percentage, transfer size or estimated transfer times when transferring
less than 100 bytes.
|
|
which is security critical
|
|
(this prevented pkgsrc wrappers from doing their work)
|
|
7.19.2
Three added regressions in 7.19.1 have been fixed: a build failure
when using the MSVC 6 makefile, a crash when using --interface name
on Linux, and multi interface downloading HTTPS pages with libcurl
built powered by OpenSSL.
7.19.1
CURLOPT_CERTINFO, CURLINFO_CERTINFO, CURLOPT_POSTREDIR, CURLOPT_USERNAME,
CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, and CURLOPT_PROXYPASSWORD
were added. 24 bugs were fixed.
7.19.0
Some new libcurl options, new Boolean options handling in the curl
tool, and around 40 bugfixes.
7.18.2
This release adds CURLFORM_STREAM, CURLINFO_REDIRECT_URL, and the
two new functions curl_easy_send() and curl_easy_recv(). libcurl
now supports CURLOPT_NOBODY over SFTP, and curl now runs on Symbian
OS. At least 21 described bugfixes were made.
7.18.1
This release adds support for HttpOnly cookies. It no longer
distributes or installs a CA cert bundle. SSLv2 is now disabled by
default. Resumed transfers work with SFTP. At least 23 described
bugfixes were made.
|
|
on NetBSD 3.x. PR pkg/38331. PKGREVISION++.
Ok: joerg
|
|
Fixes a TFTP packet buffer overflow vulnerability.
See http://curl.haxx.se/docs/adv_20060320.html for details.
Changes:
- added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
Bugfixes:
- TFTP Packet Buffer Overflow Vulnerability
- properly detecting problems with sending the FTP command USER
- wrong error message shown when certificate verification failed
- multi-part formpost with multi interface crash
- the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
- "SSL: couldn't set callback" is now treated as a less serious problem
- Interix build fix
- fixed curl "hang" when out of file handles at start
- prevent FTP uploads to URLs with trailing slash
|
|
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to do the same amount of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
test script to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxy.
Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've received *NO*
feedback at all on my mailing list requests from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reach a file on a FTP(S) server.
This functionality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) and you set it to a long (there are currenly no
defines for the argument values, just plain numericals). You can set three
different "methods" that do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
default.
2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:
1 - Do they work at all? Do you find servers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
upcoming releases?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(This option is not documented in any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, as in when libcurl couldn't CWD into all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if it tried the same path again - as it would not issue
any CWD commands at all, assuming it is already in the "proper" dir.
Starting now, a failed CWD command sets a flag that prevents the path to be
"remembered" after returning.
Daniel (7 January 2006)
- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
proxy actually used a new connection and not sent the second request on the
first socket!
Daniel (6 January 2006)
- Alexander Lazic made the buildconf run the buildconf in the ares dir if that
is present instead of trying to mimic that script in curl's buildconf
script.
Daniel (3 January 2006)
- Andres Garcia made the TFTP test server build with mingw.
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
|
|
Changes:
- the libcurl.pc pkgconfig file now gets installed on make install
- URL globbing now offers "range steps": [1-100:10]
- LDAPv3 is now the preferred LDAP protocol version
- --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
- improved MSVC makefile
Bugfixes:
- URL buffer overflow problem (CVE-2005-4077)
- using file:// on non-existing files are properly handled
- builds fine on DJGPP
- CURLOPT_ERRORBUFFER is now always filled in on errors
- curl outputs error on bad --limit-rate units
- fixed libcurl's use of poll() on cygwin
- the GnuTLS code didn't support client certificates
- TFTP over IPv6 works
- no reverse lookups on IP addresses when ipv6-enabled
- SSPI compatibility fix: using the proper DLLs
- binary LDAP properties are now shown base64 encoded
- Windows uploads from stdin using curl can now contain ctrl-Z bytes
- -r [num] would produce an invalid HTTP Range: header
- multi interface with multi IP hosts could leak socket descriptors
- the GnuTLS code didn't handle rehandshakes
- re-use of a dead FTP connection
- name resolve error codes fixed for Windows builds
- double WWW-Authenticate Digest headers are now handled
- curl-config --vernum fixed
|
|
present __INTERIX block only).
|
|
Bump PKGREVISION.
|
|
using it (such as the new drivel-2.0.0). Bump PKGREVISION to 1.
The problem is that this header file requires the fd_set definitions, but
it only pulls in <sys/select.h> on AIX and NETWARE systems. Instead, change
the inclusion to only happen if configure script detected it during build
time.
|
|
Version 7.13.1 (4 March 2005)
Daniel (4 March 2005)
- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
- Rene Rebe fixed a -# crash when more data than expected was retrieved.
Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
http://www.securityfocus.com/archive/1/391042 and the CAN report here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
If these security guys were serious, we'd been notified in advance and we
could've saved a few of you a little surprise, but now we weren't.
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
configure when mingw is used.
Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
didn't close the socket properly when returning error due to failing
localbind
Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
that picks NTLM. Thanks to David Byron letting me test NTLM against his
servers, I could quickly repeat and fix the problem. It turned out to be:
When libcurl POSTs without knowing/using an authentication and it gets back
a list of types from which it picks NTLM, it needs to either continue
sending its data if it keeps the connection alive, or not send the data but
close the connection. Then do the first step in the NTLM auth. libcurl
didn't send the data nor close the connection but simply read the
response-body and then sent the first negotiation step. Which then failed
miserably of course. The fixed version forces a connection if there is more
than 2000 bytes left to send.
Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
was never used.
Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
week day names and month names and servers don't like that.
Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
libcurl is built shared. Otherwise valgrind only tests the shell that runs
the wrapper-script named 'curl' that is a front-end to curl in this case.
This should also fix the huge amount of reports of false positives when
valgrind has identified leaks in (ba)sh and not in curl and people report
that as curl bugs. Bug report #1116672 is one example.
Also, the valgrind report parser has been adapted to check that at least one
of the sources in a stack strace is one of (lib)curl's source files or
otherwise it will not consider the problem to concern (lib)curl.
- Marty Kuhrt streamlined the VMS build.
Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
SSL_pending() as we should.
- Converted lots of FTP code to a statemachine, so that the multi interface
doesn't block while communicating commands-responses with an FTP server.
I've added a comment like BLOCKING in the code on all spots I could find
where we still have blocking operations. When we change curl_easy_perform()
to use the multi interface, we'll also be able to simplify the code since
there will only be one "internal interface".
While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
like changing directory or retrieving a file, while the second means that we
were denied login.
The CVS tag 'before_ftp_statemachine' was set just before this went in, in
case of future need.
- Gisle made the DICT code send CRLF and not just LF as the spec says so.
Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
sure the proper error code is returned for those occations.
Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
contents.
Daniel (5 February 2005)
- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
PORT on ipv6-enabled hosts.
- David Byron pointed out we could use BUFSIZE to read data (in
lib/transfer.c) instead of using BUFSIZE -1.
|
|
Bump PKGREVISION.
|
|
This release includes the following changes:
o added --ftp-account and CURLOPT_FTP_ACCOUNT
o added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE
o obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT
and CURLOPT_PASV_HOST
o added --3p-url, --3p-user and --3p-quote
o -Q "+[command]" was added
o src/getpass.c license issue sorted (code was rewritten)
o curl -w now supports 'http_connect' for the proxy's response to CONNECT
o introducing "curl-config --protocols"
This release includes the following bugfixes:
o re-sending a request when retrying on a fresh connection with multi
interface
o improved valgrind report parser in the test suite
o several valgrind reports
o CURLOPT_FTPPORT and -P work when built ipv6-enabled
o FTP third party transfers was much improved
o proxy environment variables are now ignored when built HTTP-disabled
o CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled
o "curl dictionary.com" no longer assumes DICT protocol
o re-invoke some system calls on EINTR
o duplicate Host: when failed connection re-use
o SOCKS5 version check
o memory problem with cleaning up multi interface
o SSL certificate name memory leak
o -d with -G to multiple URLs crashed
o double va_list access crash fixed
o minor memory leak when "version" is set in a cookie header
o builds fine on BeOS and NetBSD
o builds and runs fine on FreeBSD
|
|
errors on NetBSD 1.6.
PKGREVISION++.
PR#28859 by Gilles Gravier.
|
|
This release includes the following changes:
o CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB
o CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature
large file support
o libcurl only requires winsock 1.1 on windows now
o when doing FTP, curl now sends QUIT before disconnecting
o name resolves can now timeout on windows too
o $HOME is now recognized better when looking for .netrc files
o now re-uses the ares handle when re-using curl handles
o SO_BINDTODEVICE is used for network interface binding
o configure --disable-manual disables the built-in huge manual from the
command line tool
o the default Accept: header used in HTTP requests changed
o asynch dns lookups now require the c-ares library
o curl --socks can be used to set a SOCKS5 proxy to use
o response-headers received after a (proxy) CONNECT request are now passed
to the header callback just like other headers
This release includes the following bugfixes:
o builds and runs on Novell NetWare
o Windows builds now report OS as "i386-pc-win32"
o received signals during SSL connect is handled better
o improved PUT/POST with NTLM/Digest authentication
o following redirects and doing NTLM/Digest (where the first connection gets
closed) with the multi interface work better now
o file: progress meter and getinfo variables work now
o CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together
o share interface usage without (un)lock functions segfaulted
o --limit-rate no longer cripples the --speed-limit feature
o fixed verbose output problem with ipv6-enabled re-used connections
o fixed the socks5 code to check version in the socks response properly
o dns cache bug - fixed the 'inuse' counter
o large file fix for Content-Length
o better docs for the share interface
o several configure fixes for mingw/msys
o setting a Host: header is no longer affecting the Host: header used when
libcurl follows a Location:
o fixed numerous compiler warnings on several operating systems and compilers
o PUTing from stdin couldn't disable chunked transfer-encoding
o corrected the mingw makefiles
o improved the configure libz detection
o fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts
o *nroff commands that only support -mandoc and not -man are now supported
(for the built-in manual text in the command line tool)
o fixed the unconditional #include of config.h in hugehelp.c
o builds fine on MPE/iX
o upload using chunked transfer-encoding now sends the last chunk properly
teriminated with an extra CRLF
o Fixed the progress meter display for files >2GB
o persistant connections over a proxy messed up the proxy name/password
o the socks5 code segfaulted if no username/password was set
o the *_LARGE options now take curl_off_t types as parameters and this will
make it possible to handle large files on windows too
o builds with large file support even on systems without strtoll()
|
|
Fixed in 7.11.0
Changes:
- allows the URL to be set by a callback when using the multi interface
- large file support was added. Use one of the new options:
INFILESIZE_LARGE, RESUME_FROM_LARGE and MAXFILESIZE_LARGE
- the new --ftp-pasv overrides a previous --ftpport
- CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way"
(the curl tool now features the --ftp-ssl option)
- The Windows DLLs are built with an added "resource file"
- New LIBCURL_VERSION_* defines for easier checking version number
- Included Mac OS X 'framework' makefile in the release archive
- Removed the TRUE and FALSE #defines from the public curl header file
- Added CURLOPT_NETRC_FILE
For a complete list see the Changelog at http://curl.haxx.se/changes.html
|
|
7.10.8
SPNEGO support, Negotiate support, multiple -T flags work, IPv6
support on Windows, and more were added. More than 40 bugs were
fixed.
7.10.7
This release supports NTLM for proxies, --ftp-create-dirs, and
optional support for asynchronous name-resolving calls. It fixes
an information leak, minor memory leaks, a 64bit problem, two
cookie-related problems, URL globbing output using -o #[num], and
more.
|
|
Changes:
* CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
* multiple patches lets curl build and run on DOS
* libcurl now deals with spaces in Location: redirects and URLifies them
* curl --version shows more detailed info
* curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
* curl_version() includes "GSS" in the string if built with GSSAPI available
* Pick-best-authentication option added (--anyauth, using the CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
* NTLM authentication support (--ntlm and CURLAUTH_NTLM)
* GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
* Digest authentication support added (--digest and CURLAUTH_DIGEST)
* Allow curl to switch (back to) to Basic authentication (--basic)
* libcurl supports name and password in proxy environment variables
Bugs:
* double slash after the host name on a FTP URL again points out the root dir
* obscure and rare DNS cache problem was fixed
* multiple FTP connections to the same host with different user names didn't work properly
* no more CWD commands without arguments for ftp connections
* curl no longer uses setvbuf() due to portability problems
* VMS build fixes
* the curl tool has the -M manual compressed internally if built with libz
* url globbing syntax error could cause segfault
* Huge (>40-60KB) GET requests over HTTPS failed.
* Content-Length now overrides socket-closed as a means of knowing when the response body is
complete.
* --progress-bar takes the initial size into account when doing resumed downloads
* work around SSL bugs better
* libcurl typically issues POST requests with less send() calls
* better main makefile
* external headers improved portability
* Listing FTP directories without contents could leak a socket
* Getting HTTP contents in one line without headers failed
* bugfixed the socks5-proxy usage (twice)
* h_aliases name-lookup rare crash fixed
* improved curl -M output
* curl_unescape() now only unescapes valid %HH codes
|
|
Extract of changes:
- Changed the order for the in_addr_t testing, as 'unsigned long' seems to be
a very common type inet_addr() returns.
- George Comninos provided a fix that calls the progress meter when waiting
for FTP command responses take >1 second. It'll make applications more
"responsive" even when dealing with very slow ftp servers.
- George Comninos pointed out that libcurl uploads had two quirks:
o when using FTP PORT command, it used blocking sockets!
o it could loop a long time without doing progress meter updates
Both items are fixed now.
- Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if
set to "". This frees the application from having to know which encodings
the library supports.
- Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the
given name is a network interface gave a real performance penalty on Linux,
so now we more appropriately first check if it is an IP number and if so
we don't check for a network interface with that name.
- CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts
to use EPRT and LPRT before the traditional PORT command. The command line
tool sets this option with '--disable-eprt'.
- Added test case 62 and fixed some more on the cookie sending with a custom
Host: header set.
- Made the "SSL read error: 5" error message more verbose, by adding code that
queries the OpenSSL library to fill in the error buffer.
- Added sys/select.h include in the curl/multi.h file, after having been
reminded about this by Rich Gray.
- I made each test set its own server requirements, thus abandoning the
previous system where the test number implied what server(s) to use for a
specific test.
- David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so
that libcurl now uses one CWD command for each path part. A bunch of test
cases were fixed to work accordingly.
- Cookie fixes.
- Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine
when using the multi interface (too).
- Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly)
return CURLE_OK no matter what happens.
- Dan Fandrich fixed some gzip decompression bugs and flaws.
- Formposting a file using a .html suffix is now properly set to Content-Type: text/html.
- Fixed the SSL error handling to return proper SSL error messages again, they
broke in 7.10.4. I also attempt to track down CA cert problems and then
return the CURLE_SSL_CACERT error code.
- The curl tool now intercepts the CURLE_SSL_CACERT error code and displays
a fairly big and explanatory error message. Kevin Roth helped me out with
the wording.
- Nic Hines provided a second patch for gzip decompression, and fixed a bug
when deflate or gzip contents were downloaded using chunked encoding.
- Dan Fandrich made libcurl support automatic decompression of gzip contents
(as an addition to the previous deflate support).
- I made the CWD command during FTP session consider all 2xy codes to be OK
responses.
- Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash
after the host name, but still had "?" and parameters appended, as in
"http://hostname.com?foobar=moo", were not properly parsed by libcurl.
- Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as
for HTTP. This then made -z work for ftp transfers too. Added test case 139
and 140 for verifying this.
- Getting the file date of an ftp file used the wrong time zone when
displayed. It is supposedly always GMT. Added test case 141 for this.
- Made the test suite's FTP server support MDTM.
- The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs
CURLINFO_HEADER_IN data as well. The most notable effect from this is that
using curl -v, you get to see the incoming "headers" as well. This is
perhaps most useful when doing ftp.
- James Bursa fixed a flaw in the Content-Type extraction code, which missed
the first letter if no space followed the colon.
- Martijn Broenland found another cases where a server application didn't
like the boundary string used by curl when foing a multi-part/formpost. We
modified the boundary string to look like the one IE uses, as this is
probably gonna make curl work with more applications.
|
|
Patches by Adrian Portelli <adrianp@stindustries.net> (PR#20142)
Changes :
- Steve Oliphant pointed out that test case 105 did not work anymore
and this was due to a missing fix for the password prompting.
- Bryan Kemp pointed out that curl -u could not provide a blank password
without prompting the user. It can now. -u username: makes the password
empty, while -u username makes curl prompt the user for a password.
- Kjetil Jacobsen found a remaining connect problem in the multi interface
on ipv4 systems (Linux only?), that I fixed and Kjetil verified that it
fixed his problems.
- memanalyze.pl now reads a file name from the command line, and no longer
takes the data on stdin as before.
- Fixed tests/memanalyze.pl to work with file names that contain colons
(as on Windows).
- Kjetil Jacobsen quickly pointed out that lib/share.h was missing...
* For more, see CHANGES.
|
|
Changes :
- Jeff Lawson fixed a few problems with connection re-use that remained when
you set CURLOPT_PROXY to "".
- Craig Davison found a terrible flaw and Cris Bailiff helped out in the
search. Getting HTTP data from servers when the headers are split up in
multiple reads, could cause junk data to get inserted among the saved
headers. This only concerns HTTP(S) headers.
- Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER
is set internally, the error text is sent to the debug function as well.
- Fixed the telnet code to timeout properly as the option tells it to. On
non-windows platforms.
- John Crow pointed out that libcurl-the-guide wasn't included in the release
tarball!
- Kevin Roth pointed out that make install didn't do right if build outside
the source tree (ca-bundle wise).
- FOLLOW_LOCATION bugfix for the multi interface
[trim], more see CHANGES.
|
|
have been converted to USE_BUILDLINK2.
|
|
|
|
|
|
include <sys/types.h> before <sys/select.h>
|
|
- fmt on DESCR
- Regen PLIST
- Remove patch since it was applied
Changes since curl-7.9.5
(Lots of change, here is the recently changes, see CHANGE for more)
- Dirk Manske brought a fix that makes libcurl strip off white
spaces from the beginning of cookie contents.
- Had to patch include/curl/curl.h since MSVC doesn't set the
__STDC__ define. Moonesamy pointed out the problem, Bjorn Reese
the solution.
- Fixed the TIMER_CONNECT to be more accurate for FTP transfers.
Previously FTP transfers got the "connect done" time set after
the initial FTP commands and not directly after the TCP/IP connect
as it should.
- Jean-Philippe Barrette-LaPierre provided his patch that introduces
CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program
to a set a callback to receive debug/information data. That
includes headers and data that is received and sent. CURLOPT_VERBOSE
still controls it.
By default, there is an internal debugfunction that will make
things look and work as before if not changed.
- Sebastien Willemijns found out that -x didn't use the default
port number as is documented. It does now.
- libcurl-errors.3 is a new man page attempting to document all
libcurl error codes
|
|
|
|
---
Version 7.9.5
Daniel (7 March 2002)
- Added docs/KNOWN_BUGS to the release archive.
Daniel (6 March 2002)
- Kevin Roth corrected a flaw in the curl client globbing code that made it
mess up backslashes. This was most notable on windows (cygwin) machines when
using file://.
- Brad provided another fix for building outside the source-tree.
- Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c
Daniel (5 March 2002)
- I noticed that the typedef in curl.h for the progress callback prototype was
wrong and thus applications that used it would not get the proper input
data. It used size_t where the implementation actually uses doubles!
I wish I could blame someone else, but this was my fault. Again.
Version 7.9.5-pre6
Daniel (4 March 2002)
- Cut off the changes done during 2001 from this changelog file and put them
in a separate file (CHANGES.2001), available from CVS of course.
- I removed the multi directory. The example sources were moved to the
docs/examples directory where they belong.
- Wrote 7 new man pages for the current functions in the new multi interface.
They're all still pretty basic, but we can use them as a start and add more
contents to them when we figure out what to write. The large amount of man
pages for libcurl now present made me decide to put them in a new separate
subdirectory in the docs directory. Named libcurl.
- Giuseppe Corbelli provided a template file for the EPM package manager, it
gets generated nicely by the configure script now.
Version 7.9.5-pre5
Daniel (1 March 2002)
- Moved the memanalyze.pl script into the tests/ dir and added it to the
release archives. It was previously only present in the CVS tree.
- Modified the February 17th Host: fix, as bug report #523718 pointed out that
it caused crashes!
- Nico Baggus added more error codes to the VMS stuff.
- Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE
option. It is just another FTP quote option that allows the user to specify
a list of FTP commands to issue *just before* the transfer command (RETR or
STOR etc). It has turned up a few systems that really need this.
The curl command line tool can also take advantage of this by prefixing the
quote commands with a plus (+) in similar style that post transfer quote
commands are specified.
This is not yet documented. There is no test case for this yet.
Daniel (28 February 2002)
- Ralph Mitchell made some serious efforts and put a lot of sweat in setting
up scripts and things for me to be able to repeat his problems, and I
finally could. I found a problem with the header byte counter that wasn't
increased properly and thus we could return CURLE_GOT_NOTHING when we in
fact had received data.
Daniel (27 February 2002)
- I had to revert the non-space parsing cookie fix I posted to the mailing
list. Expire dates do have spaces and still need to get parsed properly!
Instead we just ignore trailing white space and it seems to work...
Daniel (26 February 2002)
- Made the cookie property 'Max-Age' work, just since we already tried to
support it, it is better to do it right. No one uses this anyway.
- The cookie parser could crash if a really weird (illegal) cookie line was
received. I also made it better discard really oddly formatted lines better.
Made the cookie jar store the second field from the left using the syntax
that Netscape and Mozilla probably like. Curl itself ignores it.
Added test case 31 for these cases.
Clay Loveless' email regarding some cookie issues started my cleanup.
- Kevin Roth pointed out that my automake fiddles broke the ability to build
outside the source-tree and I posted a patch to the mailing list that brings
this ability back.
Version 7.9.5-pre4
Daniel (25 February 2002)
- Fiddled with the automake files to make all source files in the lib
directory not have ../src in the include path, and the src sources shouldn't
have ../lib!
- All 79 test cases ran OK under Linux and Solaris using the new HTTP server
in the test suite. The new HTTP server was first donated by Georg Horn and
subsequently modified to work with the test suite. It is currently still not
portable enough to run on "all over" but this is a start and I can run all
curl tests on my machines. This is an important requirement for the upcoming
public release.
- Using -d and -I on the same command line now reports an error, as it implies
two different HTTP requests that can't be mixed.
- Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option
support %{content_type} to get the content type of the recent download.
- Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin,
and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure
out if we could include winsock.h which turns out not to be a wise choice to
do on cygwin since it has the file but can't include it!
Daniel (22 February 2002)
- Added src/config-vms.h to the release archive.
- Fixed the connection timeout value again, the change from February 18 wasn't
complete.
Version 7.9.5-pre3
Daniel (21 February 2002)
- Kevin Roth and Andrés García both found out that lib/config.h.in was missing
in the pre-release archive and thus the configure script failed.
Version 7.9.5-pre2
Daniel (20 February 2002)
- Andrés García provided a solution to bug report #515228. the total time
counter was not set correctly when -I was used during some conditions (all
headers were read in one single read).
- Nico Baggus provided a huge patch with minor tweaks all over to make curl
compile nicely on VMS.
Daniel (19 February 2002)
- Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the
getaddrinfo() calls, he could speed up some name resolving calls with an
order of magnitudes on his Redhat Linux 7.2.
- Philip Gladstone found a second INADDR_NONE problem where we used long
intead of in_addr_t which caused 64bit problemos. We really shouldn't define
that on two different places.
Daniel (18 February 2002)
- Philip Gladstone found a problem in how HTTP requests were sent if the
request couldn't be sent all at once.
- Emil found and corrected a bad connection timeout comparison that made curl
use the longest of connect-timeout and timout as a timeout value, instead of
the shortest as it was supposed to!
- Aron Roberts provided updated information about LDAP URL syntax to go into
the manual as a replacement for the old references.
Daniel (17 February 2002)
- Philip Gladstone pointed out two missing include files that made curl core
dump on 64bit architectures. We need to pay more attention on these details.
It is *lethal* to for example forget the malloc() prototype, as 'int' is
32bit and malloc() must return a 64bit pointer on these platforms.
- Giaslas Georgios fixed a problem with Host: headers on repeated requests on
the same handle using a proxy.
Daniel (8 February 2002)
- Hanno L. Kranzhoff accurately found out that disabling the Expect: header
when doing multipart formposts didn't work very well. It disabled other
parts of the request header too, resulting in a broken header. When I fixed
this, I also noticed that the Content-Type wasn't possible to disable. It is
now, even though it probably is really stupid to try to do this (because of
the boundary string that is included in the internally generated header,
used as form part separator.)
Daniel (7 February 2002)
- I moved the config*.h files from the root directory to the lib/ directory.
- I've added the new test suite HTTP server to the CVS repository, It seems to
work pretty good now, but we must make it get used by the test scripts
properly and then we need to make sure that it compiles, builds and runs on
most operating systems.
Version 7.9.5-pre1
Daniel (6 February 2002)
- Miklos Nemeth provided updated windows makefiles and INSTALL docs.
- Mr Larry Fahnoe found a problem with formposts and I managed to track down
and patch this bug. This was actually two bugs, as the posted size was also
said to be two bytes too large.
- Brent Beardsley found out and brought a correction for the
CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I
accidentaly broke Giaslas Georgios' patch.
Daniel (5 February 2002)
- Kevin Roth found yet another SSL download problem.
Version 7.9.4
- no changes since pre-release
Version 7.9.4-pre2
Daniel (3 February 2002)
- Eric Melville provided a few spelling corrections in the curl man page.
Daniel (1 February 2002)
- Andreas Damm corrected the unconditional use of gmtime() in getdate, it now
uses gmtime_r() on all hosts that have it.
Daniel (31 January 2002)
- An anonymous bug report identified a problem in the DNS caching which made it
sometimes allocate one byte too little to store the cache entry in. This
happened when the port number started with 1!
- Albert Chin provided a patch that improves the gethostbyname_r() configure
check on HP-UX 11.00.
Version 7.9.4-pre1
Daniel (30 January 2002)
- Georg Horn found another way the SSL reading failed due to the non-blocking
state of the sockets! I fixed.
Daniel (29 January 2002)
- Multipart formposts now send the full request properly, including the CRLF.
They were previously treated as part of the post data.
- The upload byte counter bugged.
- T. Bharath pointed out that we seed SSL on every connect, which is a time-
consuming operation that should only be needed to do once. We patched
libcurl to now only seed on the first connect when unseeded. The seeded
status is global so it'll now only happen once during a program's life time.
If the random_file or egdsocket is set, the seed will be re-made though.
- Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets
curl_easy_getinfo() read the content-type from the previous request.
Daniel (28 January 2002)
- Kjetil Jacobsen found a way to crash curl and after much debugging, it
turned out it was a IPv4-linux only problem introduced in 7.9.3 related to
name resolving.
- Andreas Damm posted a huge patch that made the curl_getdate() function fully
reentrant!
- Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with
CURLOPT_POSTFIELDS. You can now!
Daniel (25 January 2002)
- Krishnendu Majumdar pointed out that the header length counter was not reset
between multiple requests on the same handle.
- Pedro Neves rightfully questioned why curl always append \r\n to the data
that is sent in HTTP POST requests. Unfortunately, this broke the test suite
as the test HTTP server is lame enough not to deal with this... :-O
- Following Location: headers when the connection didn't close didn't work as
libcurl didn't properly stop reading. This problem was added in 7.9.3 due to
the restructured internals. 'Frank' posted a bug report about this.
Daniel (24 January 2002)
- Kevin Roth very quickly spotted that we wrongly installed the example
programs that were built in the multi directory, when 'make install' was
used. :-/
Version 7.9.3
Daniel (23 January 2002)
- Andrés García found a persistancy problem when doing HTTP HEAD, that made
curl "hang" until the connection was closed by the server. This problem has
been introduced in 7.9.3 due to internal rewrites, this was not present in
7.9.2.
Version 7.9.3-pre4
Daniel (19 January 2002)
- Antonio filed bug report #505514 and provided a fix! When doing multipart
formposts, libcurl would include an error text in the actual post if a
specified file wasn't found. This is not libcurl's job. Instead we add an
empty part.
Daniel (18 January 2002)
- Played around with stricter compiler warnings for gcc (when ./configure
--enable-debug is used) and changed some minor things to stop the warnings.
- Commented out the 'long long' and 'long double' checks in configure.in, as
we don't currently use them anyway and the code in lib/mprintf.c that use
them causes warnings.
- Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how
to correct them. Two compiler warnings were removed as well.
- Andrés García fixed two minor mingw32 building problems.
Version 7.9.3-pre3
Daniel (17 January 2002)
- docs/libcurl-the-guide is a new tutorial for our libcurl programming
friends.
- Richard Archer brought back the ability to compile and build with OpenSSL
versions before 0.9.5.
[http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976]
- The DNS cache code didn't take the port number into account, which made it
work rather bad on IPv6-enabled hosts (especially when doing passive
FTP). Sterling fixed it.
Daniel (16 January 2002)
- Georg Horn could make a transfer time-out without error text. I found it and
corrected it.
- SSL writes didn't work, they return an uninitialized value that caused
havoc all over. Georg Horn experienced this.
- Kevin Roth patched the curl_version() function to use the proper OpenSSL
function for version information. This way, curl will report the version of
the SSL library actually running right now, not the one that had its headers
installed when libcurl was built. Mainly intersting when running with shared
OpenSSL libraries.
Version 7.9.3-pre2
Daniel (16 January 2002)
- Mofied the main transfer loop and related stuff to deal with non-blocking
sockets in the upload section. While doing this, I've now separated the
connection oriented buffers to have one for downloads and one for uploads
(as two can happen simultaneously). I also shrunk the buffers to 20K
each. As we have a scratch buffer twice the size of the upload buffer, we
arrived at 80K for buffers compared with the previous 150K.
- Added the --cc option to curl-config command as it enables so very cool
one-liners. Have a go a this one, building the simple.c example:
$ `curl-config --cc --cflags --libs` -o example simple.c
Daniel (14 January 2002)
- I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we
only need to address all writes (send) too and then I'm ready for another
pre-release...
- Stoned Elipot patched the in_addr_t configure test to make it work better on
more platforms.
Daniel (9 January 2002)
- Cris Bailiff found out that filling up curl's SSL session cache caused a
crash!
- Posted the curl questionnaire on the web site. If you haven't posted your
opinions there yet, go there and do it now while it is still there:
http://curl.haxx.se/q/
- Georg Horn quickly found out that the SSL reading no longer worked as
supposed since the switch to non-blocking sockets. I've made a quick patch
(for reading only) but we should improve it even further.
Version 7.9.3-pre1
Daniel (7 January 2002)
- I made the 'bool' typedef use an "unsigned char". It makes it the same on
all platforms, no matter what the platform thinks the default format for
char is. This was noticed since we made a silly comparison involving such a
bool variable, and only one compiler/platform combination (on Debian Linux)
complained about it (that happened to have its char unsigned by default).
- Bug report #495290 identified a cookie parsing problem that was corrected.
When a Set-Cookie: line is received without a trailing semicolon, libcurl
didn't read the last "name=value" pair of the line, leading to confusions...
- Sterling committed his updated DNS cache code.
- I worked with Georg Horn and comments from Götz Babin-Ebell and switched
curl's socket operations completely over to non-blocking for the entire
operation (previously we used non-blocking only for the connection phase).
We had to do this to make the SSL connection phase timeout properly without
the use of signals. A little extra code to deal with this was added.
- T. Bharath pointed out a slightly obscure cookie engine flaw.
- Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should.
204-replies never provides a response-body. This resulted in bad persistant
behavior when 204 was received.
Daniel (5 January 2002)
- SM updated the VC++ library Makefiles for the new source files.
Daniel (4 January 2002)
- I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in
two places in the source code). One happened with VERBOSE set on connects,
and the other when VERBOSE was on and krb4 over nat was used... I honestly
don't think anyone has suffered from these mistakes.
- I replaced a lot of silly occurances of printf() to instead use the more
appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were
affected.
- Philip Gladstone found a few more problems with 64-bit archs (the 64-bit
sparc on solaris 8).
- After discussions on the libcurl list with Raoul Cridlig, I just made FTP
response lines get passed to the header callback if such a one is
registered. It'll make it possible for any application to get all the
responses an FTP server sends to libcurl.
Daniel (3 January 2002)
- Sterling Hughes brought a few buckets of code. Now, libcurl will
automatically cache DNS lookups and re-use the previous results first if any
such is available. It greatly improves speed when doing many repeated
operations to the same host.
- As the test case uses --include and then --head, I had to modify src/main.c
to deal with this situation slightly better than previously. When done, we
have 100% good tests again in the main branch.
Daniel (2 January 2002)
- Made test case 25 run again in the multi-dev branch. But it seems that the
changes done on dec-20 made test case 104 cease to work (in both branches).
- Philip Gladstone pointed out a few portability problems in the source code
that didn't compile on 64-bit sparcs using Sun's native
|
|
Trivial patch on configure which fixes compilation on NetBSD/!i386 added.
Fixed in 7.9.2
- compiles and builds on the good old Mac OS (in addition to Mac OS X)
- bugfixed persistant connections over proxy with multiple protocols
- --disable-epsv is a new option to the curl command line tool
- bugfixed verbose ftp output on Tru64 unix
- added CURLOPT_FTP_USE_EPSV
- passive ftp download works with IPv6
- always return proper error code on failed connects
- bugfixed FTP response reader
- bugfixed verbose telnet
- added CURLINFO_STARTTRANSFER_TIME
- bugfixed conditional HTTP fetches based on time
- multiple calls to curl_global_init() is now treated better
- bugfixed multiple ftp requests
- made -p/--proxytunnel work for plain HTTP as well
- "current speed" progress meter bugfix
- improved the name resolver configure check
- libcurl now restores signal handlers and timeouts properly
- improved SSL over HTTP-proxy when using weird proxies(!)
- added the -1/--TLSv1 option
- bugfixed LDAP transfers
|
