aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES1607
-rw-r--r--CHANGES.01603
2 files changed, 1605 insertions, 1605 deletions
diff --git a/CHANGES b/CHANGES
index 5efd5df90..b6ec8ae4b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -463,7 +463,7 @@ Yang Tse (10 Feb 2008)
description message for error CURLE_COULDNT_RESOLVE_HOST for Windows threaded
name resolver builds. Fixed now.
-Daniel Fandrich (8 Feb 2007)
+Daniel Fandrich (8 Feb 2008)
- Added key words to all SSL-using tests so they can be skipped if necessary.
Removed a few unnecessary requires SSL statements.
@@ -484,7 +484,7 @@ Daniel S (8 Feb 2008)
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
recommended way to run it is to use 'make ca-bundle' in the build tree root.
-Daniel Fandrich (7 Feb 2007)
+Daniel Fandrich (7 Feb 2008)
- Added tests 1022 and 1023 to validate output of curl-config --version and
--vernum
@@ -707,1606 +707,3 @@ Daniel S (1 Jan 2008)
function but without a return statement. While fixing that, I also took care
about adding some better comments for the generated code.
-Daniel S (27 Dec 2007)
-- Dmitry Kurochkin mentioned a flaw
- (http://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which
- failed to set the bits.proxy variable properly when an environment variable
- told libcurl to use a http proxy.
-
-Daniel S (26 Dec 2007)
-- In an attempt to repeat the problem in bug report #1850730
- (http://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The
- test is doing a 70K POST with a read callback and an ioctl callback over a
- proxy requiring Digest auth. The test case code is more or less identical to
- the test recipe code provided by Spacen Jasset (who submitted the bug
- report).
-
-Daniel S (25 Dec 2007)
-- Gary Maxwell filed bug report #1856628
- (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
- (small) memory leak in the SSL session ID caching code. It happened when a
- previous entry in the cache was re-used.
-
-Daniel Fandrich (19 Dec 2007)
-- Ensure that nroff doesn't put anything but ASCII characters into the
- --manual text.
-
-Yang Tse (18 Dec 2007)
-- MSVC 9.0 (VS2008) does not support Windows build targets prior to WinXP,
- and makes wrong asumptions of build target when it isn't specified. So,
- if no build target has been defined we will target WinXP when building
- curl/libcurl with MSVC 9.0 (VS2008).
-
-- (http://curl.haxx.se/mail/archive-2007-12/0039.html) reported and fixed
- a file truncation problem on Windows build targets triggered when retrying
- a download with curl.
-
-Daniel S (17 Dec 2007)
-- Mateusz Loskot pointed out that MSVC 9.0 (VS2008) has the pollfd struct and
- defines in winsock2.h somehow differently than previous versions and that
- curl 7.17.1 would fail to compile out of the box.
-
-Daniel S (13 Dec 2007)
-- David Wright filed bug report #1849764
- (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He
- identified a problem for re-used connections that previously had sent
- Expect: 100-continue and in some situations the subsequent POST (that didn't
- use Expect:) still had the internal flag set for its use. David's fix (that
- makes the setting of the flag in every single request unconditionally) is
- fine and is now used!
-
-Daniel S (12 Dec 2007)
-- Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and
- added the --no-keep-alive option that can disable that on demand.
-
-Daniel S (9 Dec 2007)
-- Andrew Moise filed bug report #1847501
- (http://curl.haxx.se/bug/view.cgi?id=1847501) and pointed out a memcpy()
- that should be memmove() in the convert_lineends() function.
-
-Daniel S (8 Dec 2007)
-- Renamed all internal static functions that had Curl_ prefixes to no longer
- have them. The Curl_ prefix is exclusively used for library internal global
- symbols. Static functions can be named anything, except for using Curl_ or
- curl_ prefixes. This is for consistency and for easier maintainance and
- overview.
-
-- Cleaned up and reformatted the TODO document to look like the FAQ and
- CONTRIBUTE, which makes nicer web pages
-
-- Added test cases 549 and 550 that test CURLOPT_PROXY_TRANSFER_MODE.
-
-- Added keywords on a bunch of test cases
-
-- Fixed an OOM problem in the curl code that would lead to fclose on a bad
- handle and crash
-
-Daniel S (5 Dec 2007)
-- Spacen Jasset reported a problem with doing POST (with data read with a
- callback) over a proxy when NTLM is used as auth with the proxy. The bug
- also concerned Digest and was limited to using callback only. Spacen worked
- with us to provide a useful patch. I added the test case 547 and 548 to
- verify two variations of POST over proxy with NTLM.
-
-Daniel S (3 Dec 2007)
-- Ray Pekowski filed bug report #1842029
- (http://curl.haxx.se/bug/view.cgi?id=1842029) in which he identified a
- problem with SSL session caching that prevent it from working, and provided
- the associated fix!
-
-- Now libcurl (built with OpenSSL) doesn't return error anymore if the remote
- SSL-based server doesn't present a certificate when the request is told to
- ignore certificate verification anyway.
-
-- Michal Marek introduced CURLOPT_PROXY_TRANSFER_MODE which is used to control
- the appending of the "type=" thing on FTP URLs when they are passed to a
- HTTP proxy. Some proxies just don't like that appending (which is done
- unconditionally in 7.17.1), and some proxies treat binary/ascii transfers
- better with the appending done!
-
-Daniel S (29 Nov 2007)
-- A bug report on the curl-library list showed a HTTP Digest session going on
- with a 700+ letter nonce. Previously libcurl only support 127 letter ones
- and now I bumped it to 1023.
-
-- Fixed the resumed FTP upload loop to not require that the read callback
- returns a full buffer on each invoke.
-
-Daniel S (25 Nov 2007)
-- Added test case 1015 that tests --data-urlencode in multiple ways
-
-- Fixed --data-urlencode for when no @ or = are used
-
-- Extended the user-agent buffer curl uses, since we can hit the 128 byte
- border with plenty development libraries used. Like my current set: "curl
- 7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g
- zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-CVS"
-
-Daniel S (24 Nov 2007)
-- Internal rearrangements, so that the previous struct HandleData is no more.
- It is now known as SingleRequest and the Curl_transfer_keeper struct within
- that was remove entirely. This has the upside that there are less duplicate
- struct members that made it hard to see and remember what struct that was
- used to store what data. The transfer_keeper thing was once stored on a
- per-connection basis and then it made sense to have the duplicate info but
- since it was moved to the SessionHandle (in 7.16.0) it just added weirdness.
- The SingleRequest struct is used by data that only is valid for this single
- request.
-
-Yang Tse (22 Nov 2007)
-- Provide a socklen_t definition in curl.h for Win32 API build targets
- which don't have one.
-
-Daniel S (22 Nov 2007)
-- Alessandro Vesely helped me improve the --data-urlencode's syntax, parser
- and documentation.
-
-Daniel S (21 Nov 2007)
-- While inspecting the Negotiate code, I noticed how the proxy auth was using
- the same state struct as the host auth, so both could never be used at the
- same time! I fixed it (without being able to check) to use two separate
- structs to allow authentication using Negotiate on host and proxy
- simultaneously.
-
-Daniel S (20 Nov 2007)
-- Emil Romanus pointed out a bug that made an easy handle get the cookie
- engine activated when set to use a share (even if the share doesn't share
- cookies). I fixed it.
-
-- Fixed a very long-lasting mprintf() bug that occurred when we did "%.*s%s",
- since the second %s would then wrongly used the numerical precision argument
- instead and crash.
-
-- Introduced --data-urlencode to the curl tool for easier url encoding of the
- data sent in a post.
-
-Daniel S (18 Nov 2007)
-- Rob Crittenden fixed SSL connections with NSS done with the multi-interface
-
-Daniel S (17 Nov 2007)
-- Michal Marek made the test suite remember what test servers that fail to
- start so that subsequent tries are simply skipped.
-
-- Andres Garcia made the examples build fine on Windows (mingw + msys) when
- the lib was built staticly.
-
-Daniel S (16 Nov 2007)
-- Ates Goral identified a problem in http.c:add_buffer_send() when a debug
- callback was used, as it could wrongly pass on a bad size for the outgoing
- HTTP header. The bad size would be a very large value as it was a wrapped
- size_t content. This happened when the whole HTTP request failed to get sent
- in one single send. http://curl.haxx.se/mail/lib-2007-11/0165.html
-
-Daniel S (15 Nov 2007)
-- Fixed yet another remaining problem with doing SFTP directory listings on a
- re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing
- list.
-
-- Michal Marek fixed the test suite to better deal with the case when the HTTP
- ipv6 server can't run.
-
-Yang Tse (14 Nov 2007)
-- Fix a variable potential wrapping in add_buffer() when using absolutely
- huge send buffer sizes.
-
-Daniel S (13 Nov 2007)
-- Fixed a remaining problem with doing SFTP directory listings on a re-used
- persistent connection. Mentioned by Immanuel Gregoire on the mailing list.
-
-Daniel S (12 Nov 2007)
-- Bug report #1830637 (http://curl.haxx.se/bug/view.cgi?id=1830637), which was
- forwarded from the Gentoo bug tracker by Daniel Black and was originally
- submitted by Robin Johnson, pointed out that libcurl would do bad memory
- references when it failed and bailed out before the handler thing was
- setup. My fix is not done like the provided patch does it, but instead I
- make sure that there's never any chance for a NULL pointer in that struct
- member.
-
-Yang Tse (10 Nov 2007)
-- Vikram Saxena (http://curl.haxx.se/mail/lib-2007-11/0096.html) pointed out
- that the pollfd struct was being multi defined when using VS2008. This is
- now fixed in /curl/lib/select.h
-
-Daniel S (8 Nov 2007)
-- Bug report #1823487 (http://curl.haxx.se/bug/view.cgi?id=1823487) pointed
- out that SFTP requests didn't use persistent connections. Neither did SCP
- ones. I gave the SSH code a good beating and now both SCP and SFTP should
- use persistent connections fine. I also did a bunch of indent changes as
- well as a bug fix for the "keyboard interactive" auth.
-
-Dan F (6 Nov 2007)
-- Improved telnet support by drastically reducing the number of write
- callbacks needed to pass a buffer to the user. Instead one per byte it
- is now as little as one per segment.
-
-Yang Tse (6 Nov 2007)
-- Bug report #1824894 (http://curl.haxx.se/bug/view.cgi?id=1824894) pointed
- out a problem in curl.h when building C++ apps with MSVC. To fix it, the
- inclusion of header files in curl.h is moved outside of the C++ extern "C"
- linkage block.
-
-Daniel S (1 Nov 2007)
-- Toby Peterson patched a memory problem in the command line tool that
- happened when a user had a home dir as an empty string. curl would then do
- free() on a wrong area.
-
-Dan F (1 Nov 2007)
-- Fixed curl-config --features to not display libz when it wasn't used
- due to a missing header file.
-
-Dan F (31 October 2007)
-- Fixed the output of curl-config --protocols which showed SCP and SFTP
- always, except when --without-libssh2 was given
-
-- Added test cases 1013 and 1014 to check that curl-config --protocols and
- curl-config --features matches the output of curl --version
-
-Dan F (30 October 2007)
-- Fixed an OOM problem with file: URLs
-
-- Moved Curl_file_connect into the protocol handler struct
-
-Dan F (29 October 2007)
-- Added test case 546 to check that subsequent FTP transfers work after a
- failed one using the multi interface
-
-Daniel S (29 October 2007)
-- Based on one of those bug reports that are intercepted by a distro's bug
- tracker (https://bugzilla.redhat.com/show_bug.cgi?id=316191), I now made
- curl-config --features and --protocols show the correct output when built
- with NSS.
-
-Version 7.17.1 (29 October 2007)
-
-Dan F (25 October 2007)
-- Added the --static-libs option to curl-config
-
-Daniel S (25 October 2007)
-- Made libcurl built with NSS possible to ignore the peer verification.
- Previously it would fail if the ca bundle wasn't present, even if the code
- ignored the verification results.
-
-Patrick M (25 October 2007)
-- Fixed test server to allow null bytes in binary posts.
-_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
- and dynamic (copied).
-
-Daniel S (25 October 2007)
-- Michal Marek fixed the test script to be able to use valgrind even when the
- lib is built shared with libtool.
-
-- Fixed a few memory leaks when the same easy handle is re-used to request
- URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
- Dan F's new test cases.
-
-Dan F (24 October 2007)
-- Fixed the test FTP and TFTP servers to support the >10000 test number
- notation
-
-- Added test cases 2000 through 2003 which test multiple protocols using the
- same easy handle
-
-- Fixed the filecheck: make target to work outside the source tree
-
-Daniel S (24 October 2007)
-- Vladimir Lazarenko pointed out that we should do some 'mt' magic when
- building with VC8 to get the "manifest" embedded to make fine stand-alone
- binaries. The maketgz and the src/Makefile.vc6 files were adjusted
- accordingly.
-
-Daniel S (23 October 2007)
-- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
- that libcurl tried to re-use connections a bit too much when using non-SSL
- protocols tunneled over a HTTP proxy.
-
-Daniel S (22 October 2007)
-- Michal Marek forwarded the bug report
- https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
- FTP that caused memory havoc. His work together with my efforts created two
- fixes:
-
- #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
- at connection cleanup, at which time the struct HandleData could be
- used by another connection.
- Also, the unused char *urlpath member is removed from struct FTP.
-
- #2 - provide a Curl_reset_reqproto() function that frees
- data->reqdata.proto.* on connection setup if needed (that is if the
- SessionHandle was used by a different connection).
-
- A long-term goal is of course to somehow get rid of how the reqdata struct
- is used, as it is too error-prone.
-
-- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
- that specifying a proxy with a trailing slash didn't work (unless it also
- contained a port number).
-
-Patrick M (15 October 2007)
-- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
- and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
-
-Patrick M (12 October 2007)
-- Added per-protocol callback static tables, replacing callback ptr storage
- in the connectdata structure by a single handler table ptr.
-
-Dan F (11 October 2007)
-- Fixed the -l option of runtests.pl
-
-- Added support for skipping tests based on key words.
-
-Daniel S (9 October 2007)
-- Michal Marek removed the no longer existing return codes from the curl.1
- man page.
-
-Daniel S (7 October 2007)
-- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
- a response that was larger than 16KB is now improved slightly so that now
- the restriction at 16KB is for the headers only and it should be a rare
- situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
- and the header limitation is now known as known bug #48.
-
-Daniel S (5 October 2007)
-- Michael Wallner made the CULROPT_COOKIELIST option support a new magic
- string: "FLUSH". Using that will cause libcurl to flush its cookies to the
- CURLOPT_COOKIEJAR file.
-
-- The new file docs/libcurl/ABI describes how we view ABI breakages, soname
- bumps and what the version number's significance to all that is.
-
-Daniel S (4 October 2007)
-- I enabled test 1009 and made the --local-port use a wide range to reduce the
- risk of failures.
-
-- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
- This happened because the tftp code always uncondionally did a bind()
- without caring if one already had been done and then it failed. I wrote a
- test case (1009) to verify this, but it is a bit error-prone since it will
- have to pick a fixed local port number and since the tests are run on so
- many different hosts in different situations I'll add it in disabled state.
-
-Yang Tse (3 October 2007)
-- Fixed issue related with the use of ares_timeout() result.
-
-Daniel S (3 October 2007)
-- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
- CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
- replace the socket() call used by libcurl. It basically allows the app to
- change address, protocol or whatever of the socket.
-
-- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
- CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
- this return code get used by the previous SSH MD5 fingerprint check in case
- it fails.
-
-- Based on a patch brought by Johnny Luong, libcurl now offers
- CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
- make the SCP or SFTP connection verify the remote host's md5 checksum of the
- public key before doing a connect, to reduce the risk of a man-in-the-middle
- attack.
-
-Daniel S (2 October 2007)
-- libcurl now handles chunked-encoded CONNECT responses
-
-Daniel S (1 October 2007)
-- Alex Fishman reported a curl_easy_escape() problem that was made the
- function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
- signed / unsigned mistake in the code. I fixed it and added test case 543 to
- verify.
-
-Daniel S (29 September 2007)
-- Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
-
-Daniel S (28 September 2007)
-- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
- notifier callback(s).
-
-Dan F (26 September 2007)
-- Enabled a few more gcc warnings with --enable-debug. Renamed a few
- variables to avoid shadowing global declarations.
-
-Daniel S (26 September 2007)
-- Philip Langdale provided the new CURLOPT_POST301 option for
- curl_easy_setopt() that alters how libcurl functions when following
- redirects. It makes libcurl obey the RFC2616 when a 301 response is received
- after a non-GET request is made. Default libcurl behaviour is to change
- method to GET in the subsequent request (like it does for response code 302
- - because that's what many/most browsers do), but with this CURLOPT_POST301
- option enabled it will do what the spec says and do the next request using
- the same method again. I.e keep POST after 301.
-
- The curl tool got this option as --post301
-
- Test case 1011 and 1012 were added to verify.
-
-- Max Katsev reported that when doing a libcurl FTP request with
- CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
- before it does SIZE which makes it less useful. I walked over the code and
- made it do this properly, and added test case 542 to verify it.
-
-Daniel S (24 September 2007)
-- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
- URLs ending with a slash properly (it should list the contents of that
- directory). Test case 351 brought back and also test 1010 was added.
-
-Daniel S (21 September 2007)
-- Mark Davies fixed Negotiate authentication over proxy, and also introduced
- the --proxy-negotiate command line option to allow a user to explicitly
- select it.
-
-Daniel S (19 September 2007)
-- Rob Crittenden provided an NSS update with the following highlights:
-
- o It looks for the NSS database first in the environment variable SSL_DIR,
- then in /etc/pki/nssdb, then it initializes with no database if neither of
- those exist.
-
- o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
- loaded, including the ca-bundle. If it is not available then only
- certificates already in the NSS database are used.
-
- o Tries to detect whether a file or nickname is being passed in so the right
- thing is done
-
- o Added a bit of code to make the output more like the OpenSSL module,
- including displaying the certificate information when connecting in
- verbose mode
-
- o Improved handling of certificate errors (expired, untrusted, etc)
-
- The libnsspem.so PKCS#11 module is currently only available in Fedora
- 8/rawhide. Work will be done soon to upstream it. The NSS module will work
- with or without it, all that changes is the source of the certificates and
- keys.
-
-Daniel S (18 September 2007)
-- Immanuel Gregoire pointed out that public key SSH auth failed if no
- public/private key was specified and there was no HOME environment variable,
- and then it didn't continue to try the other auth methods. Now it will
- instead try to get the files id_dsa.pub and id_dsa from the current
- directory if none of the two conditions were met.
-
-Dan F (17 September 2007)
-- Added hooks to the test suite to make it possible to test a curl running
- on a remote host.
-
-- Changed some FTP tests to validate the format of the PORT and EPRT commands
- sent by curl, if not the addresses themselves.
-
-Daniel S (15 September 2007)
-- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
- proxies for FTP urls.
-
-- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
- support on Windows.
-
-Dan F (13 September 2007)
-- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
- fixed some AC_SUBST configure entries.
-
-Version 7.17.0 (13 September 2007)
-
-Daniel S (12 September 2007)
-- Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed
- out a problem with doing an empty upload over FTP on a re-used connection.
- I added test case 541 to reproduce it and to verify the fix.
-
-- I noticed while writing test 541 that the FTP code wrongly did a CWD on the
- second transfer as it didn't store and remember the "" path from the
- previous transfer so it would instead CWD to the entry path as stored. This
- worked, but did a superfluous command. Thus, test case 541 now also verifies
- this fix.
-
-Dan F (5 September 2007)
-- Added test case 1007 to test permission problem when uploading with TFTP
- (to validate bug #1790403).
-
-- TFTP now reports the "not defined" TFTP error code 0 as an error,
- not success.
-
-Daniel S (5 September 2007)
-- Continued the work on a fix for #1779054
- (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August
- 24 was not complete (either) but could accidentally "forget" parts of a
- server response which led to faulty server response time-out errors.
-
-Dan F (5 September 2007)
-- Minix doesn't support getsockopt on UDP sockets or send/recv on TCP
- sockets.
-
-Dan F (31 August 2007)
-- Made some of the error strings returned by the *strerror functions more
- generic, and more consistent with each other.
-
-- Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants,
- creating macros for backward compatibility:
-
- CURLFTPSSL_NONE => CURLUSESSL_NONE
- CURLFTPSSL_TRY => CURLUSESSL_TRY
- CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL
- CURLFTPSSL_ALL => CURLUSESSL_ALL
- CURLFTPSSL_LAST => CURLUSESSL_LAST
-
-Dan F (30 August 2007)
-- Renamed several libcurl error codes and options to make them more general
- and allow reuse by multiple protocols. Several unused error codes were
- removed. In all cases, macros were added to preserve source (and binary)
- compatibility with the old names. These macros are subject to removal at
- a future date, but probably not before 2009. An application can be
- tested to see if it is using any obsolete code by compiling it with the
- CURL_NO_OLDIES macro defined.
-
- The following unused error codes were removed:
-
- CURLE_BAD_CALLING_ORDER
- CURLE_BAD_PASSWORD_ENTERED
- CURLE_FTP_CANT_RECONNECT
- CURLE_FTP_COULDNT_GET_SIZE
- CURLE_FTP_COULDNT_SET_ASCII
- CURLE_FTP_USER_PASSWORD_INCORRECT
- CURLE_FTP_WEIRD_USER_REPLY
- CURLE_FTP_WRITE_ERROR
- CURLE_LIBRARY_NOT_FOUND
- CURLE_MALFORMAT_USER
- CURLE_OBSOLETE
- CURLE_SHARE_IN_USE
- CURLE_URL_MALFORMAT_USER
-
- The following error codes were renamed:
-
- CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED
- CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE
- CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED
- CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR
- CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL
- CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS
- CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR
-
- The following options were renamed:
-
- CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD
- CURLOPT_FTPAPPEND => CURLOPT_APPEND
- CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY
- CURLOPT_FTP_SSL => CURLOPT_USE_SSL
-
- A few more changes will take place with the next SONAME bump of the
- library. These are documented in docs/TODO
-
-- Documented some newer error codes in libcurl-error(3)
-
-- Added more accurate error code returns from SFTP operations. Added test
- case 615 to test an SFTP upload failure.
-
-Dan F (28 August 2007)
-- Some minor internal type and const changes based on a splint scan.
-
-Daniel S (24 August 2007)
-- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
- out that libcurl didn't deal with large responses from server commands, when
- the single response was consisting of multiple lines but of a total size of
- 16KB or more. Dan Fandrich improved the ftp test script and provided test
- case 1006 to repeat the problem, and I fixed the code to make sure this new
- test case runs fine.
-
-Patrick M (23 August 2007)
-- OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*.
- See packages/OS400/README.OS400.
-
-Daniel S (23 August 2007)
-- Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed
- out that doing first a file:// upload and then an FTP upload crashed libcurl
- or at best caused furious valgrind complaints. Fixed now!
-
-Daniel S (22 August 2007)
-- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
- out that libcurl didn't deal with very long (>16K) FTP server response lines
- properly. Starting now, libcurl will chop them off (thus the client app will
- not get the full line) but survive and deal with them fine otherwise. Test
- case 1003 was added to verify this.
-
-Daniel S (20 August 2007)
-- Based on a patch by Christian Vogt, the FTP code now sets the upcoming
- download transfer size much earlier to be possible to get read with
- CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a
- similar spirit to the HTTP size change from August 11 2007.
-
-Daniel S (18 August 2007)
-- Robson Braga Araujo filed bug report #1776232
- (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling
- Curl_client_write(), passing on a const string that the caller may not
- modify and yet it does (on some platforms).
-
-- Robson Braga Araujo filed bug report #1776235
- (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY
- on a directory would do a "SIZE (null)" request. This is now fixed and test
- case 1000 was added to verify.
-
-Daniel S (17 August 2007)
-- Song Ma provided a patch that cures a problem libcurl has when doing resume
- HTTP PUT using Digest authentication. Test case 5320 and 5322 were also
- added to verify the functionality.
-
-Daniel S (14 August 2007)
-- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
- NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
- UNICODE encode the strings it packs into the NTLM authenticate packet.
-
-Daniel S (11 August 2007)
-- Allen Pulsifer provided a patch that makes libcurl set the expected download
- size earlier when doing HTTP downloads, so that applications and the
- progress meter etc know get the info earlier in the flow than before.
-
-- Patrick Monnerat modified the LDAP code and approach in curl. Starting now,
- the configure script checks for openldap and friends and we link with those
- libs just like we link all other third party libraries, and we no longer
- dlopen() those libraries. Our private header file lib/ldap.h was renamed to
- lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix)
- just before this commit, just in case.
-
-Dan F (8 August 2007)
-- Song Ma noted a zlib memory leak in the illegal compressed header
- countermeasures code path.
-
-Daniel S (4 August 2007)
-- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
- non-ASCII systems.
-
-Daniel S (3 August 2007)
-- I cut out support for libssh2 versions older than 0.16 to make our code a
- lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
- that 1) didn't work properly since it was >32 bits and 2) is removed in
- libssh2 0.16...
-
-Daniel S (2 August 2007)
-- Scott Cantor filed bug report #1766320
- (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
- code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
- CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
- passed in as longs, and that makes a difference on 64 bit architectures.
-
-- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
- after 7.16.2. This is much due to the different treatment file:// gets
- internally, but now I added test 231 to make it less likely to happen again
- without us noticing!
-
-Daniel S (1 August 2007)
-- Patrick Monnerat and I modified libcurl so that now it *copies* all strings
- passed to it with curl_easy_setopt()! Previously it has always just refered
- to the data, forcing the user to keep the data around until libcurl is done
- with it. That is now history and libcurl will instead clone the given
- strings and keep private copies. This is also part of Patrick Monnerat's
- OS/400 port.
-
- Due to this being a somewhat interesting change API wise, I've decided to
- bump the version of the upcoming release to 7.17.0. Older applications will
- of course not notice this change nor do they have to care, but new
- applications can be written to take advantage of this.
-
-- Greg Morse reported a problem with POSTing using ANYAUTH to a server
- requiring NTLM, and he provided test code and a test server and we worked
- out a bug fix. We failed to count sent body data at times, which then caused
- internal confusions when libcurl tried to send the rest of the data in order
- to maintain the same connection alive.
-
-Daniel S (31 July 2007)
-- Peter O'Gorman pointed out (and fixed) that the non-blocking check in
- configure made libcurl use blocking sockets on AIX 4 and 5, while that
- wasn't the intention.
-
-Daniel S (29 July 2007)
-- Jayesh A Shah filed bug report #1759542
- (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
- problem with FTPS: libcurl closed the data connection socket and then later
- in the flow it would call the SSL layer to do SSL shutdown which then would
- use a socket that had already been closed - so if the application had opened
- a new one in the mean time, libcurl could send gibberish that way! I worked
- with Greg Zavertnik to properly diagnose and fix this. The fix affects code
- for all SSL libraries we support, but it has only been truly verified to
- work fine for the OpenSSL version. The others have only been code reviewed.
-
-Daniel S (23 July 2007)
-- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
- support for the OS/400 Secure Sockets Layer library.
-
-Dan F (23 July 2007)
-- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
- some few internal identifiers to avoid conflicts, which could be useful on
- other platforms.
-
-Daniel S (22 July 2007)
-- HTTP Digest bug fix by Chris Flerackers:
-
- Scenario
-
- - Perfoming a POST request with body
- - With authentication (only Digest)
- - Re-using a connection
-
- libcurl would send a HTTP POST with an Authorization header but without
- body. Our server would return 400 Bad Request in that case (because
- authentication passed, but the body was empty).
-
- Cause
-
- 1) http_digest.c -> Curl_output_digest
- - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
- filled in (and no errors)
- - authp->done = TRUE if d->nonce is filled in
- 2) http.c -> Curl_http
- - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
- 3) http.c -> Curl_http, Curl_http_output_auth
-
- So what happens is that Curl_output_digest cannot yet update the
- Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
- authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not
- added. *However*, allocptr.userpwd is still used when building the request
-
-- Added test case 354 that makes a simple FTP retrieval without password, which
- verifies the bug fix in #1757328.
-
-Daniel S (21 July 2007)
-- To allow more flexibility in FTP test cases, I've removed the enforced states
- from the test server code as they served no real purpose. The test server
- is here to serve for the test cases, not to attempt to function as a real
- server! While at it, I modified test case 141 to better test and verify
- curl -I on a single FTP file.
-
-Daniel S (20 July 2007)
-- James Housley fixed the SFTP PWD command to work.
-
-- Ralf S. Engelschall filed bug report #1757328
- (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
- turns out we broke login to FTP servers that don't require (nor understand)
- PASS after the USER command. The breakage was done as part of the krb5
- commit so a krb-using person needs to verify that the current version now
- works or if we need to fix it (in a different way of course).
-
-Dan F (17 July 2007)
-- Fixed test cases 613 and 614 by improving the log postprocessor to handle
- a new directory listing format that newer libssh2's can provide. This
- is probably NOT sufficient to handle all directory listing formats that
- server's can provide, and should be revisited.
-
-Daniel S (17 July 2007)
-- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
- two places.
-
-- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
- a control connection that was deemed "dead" to yet be re-used in a following
- request.
-
-Daniel S (13 July 2007)
-- Colin Hogben filed bug report #1750274
- (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
- case where libcurl did a connect attempt to a non-listening port and didn't
- provide a human readable error string back.
-
-- Daniel Cater fixes:
- 1 - made 'make vc8' work on windows.
- 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
- define the symbols for backwards source compatibility)
- 3 - updated libcurl-errors.3
- 4 - added CURL_DISABLE_TFTP to docs/INSTALL
-
-Daniel S (12 July 2007)
-- Made the krb5 code build with Heimdal's GSSAPI lib.
-
-Dan F (12 July 2007)
-- Compile most of the example apps in docs/examples when doing a 'make check'.
- Fixed some compile warnings and errors in those examples.
-
-- Removed the example program ftp3rdparty.c since libcurl doesn't support
- 3rd party FTP transfers any longer.
-
-Daniel S (12 July 2007)
-- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
- could in fact get stuck in an endless loop.
-
-- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
- fail to connect if there is no Common Name field found in the remote cert.
- We should deprecate the support for this set to 1 anyway soon, since the
- feature is pointless and most likely never really used by anyone.
-
-Daniel S (11 July 2007)
-- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
- error pages for proxy authentication.
-
-- Giancarlo Formicuccia reported and fixed a problem with a closed connection
- to a proxy during CONNECT auth negotiation.
-
-Dan F (10 July 2007)
-- Fixed a curl memory leak reported by Song Ma with a modified version
- of the patch he suggested. Added his test case as test289 to verify.
-
-- Force the time zone to GMT in the cookie tests in case the user is
- using one of the so-called 'right' time zones that take into account
- leap seconds, which causes the tests to fail (as reported by
- Daniel Black in bug report #1745964).
-
-Version 7.16.4 (10 July 2007)
-
-Daniel S (10 July 2007)
-- Kees Cook notified us about a security flaw
- (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
- properly reject some outdated or not yet valid server certificates when
- built with GnuTLS. Kees also provided the patch.
-
-James H (5 July 2007)
-- Gavrie Philipson provided a patch that will use a more specific error
- message for an scp:// upload failure. If libssh2 has his matching
- patch, then the error message return by the server will be used instead
- of a more generic error.
-
-Daniel S (1 July 2007)
-- Thomas J. Moore provided a patch that introduces Kerberos5 support in
- libcurl. This also makes the options change name to --krb (from --krb4) and
- CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still
-
-- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
- proxy.
-
-Daniel S (27 June 2007)
-- James Housley: Add two new options for the SFTP/SCP/FILE protocols:
- CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
- premissions for files and directories created on the remote
- server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
- CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
-
-- I corrected the 10-at-a-time.c example and applied a patch for it by James
- Bursa.
-
-Daniel S (26 June 2007)
-- Robert Iakobashvili re-arranged the internal hash code to work with a custom
- hash function for different hashes, and also expanded the default size for
- the socket hash table used in multi handles to greatly enhance speed when
- very many connections are added and the socket API is used.
-
-- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
- listings as well
-
-Daniel S (25 June 2007)
-- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
- chunked encoding (that also lacks "Connection: close"). It now simply
- assumes that the connection WILL be closed to signal the end, as that is how
- RFC2616 section 4.4 point #5 says we should behave.
-
-Version 7.16.3 (25 June 2007)
-
-Daniel S (23 June 2007)
-- As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and
- http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do
- no-body requests on FTP files on re-used connections properly, or at least
- it didn't provide the info back in the header callback properly in the
- subsequent requests.
-
-Daniel S (21 June 2007)
-- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker
- tool reports and it was indeed a legitimate one and it is one fixed. It was
- a use of a share without doing the proper locking first.
-
-Daniel S (20 June 2007)
-- Adam Piggott filed bug report #1740263
- (http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when
- getting a large amount of URLs with curl, they were fetched slower and
- slower... which turned out to be because the --libcurl data collecting which
- wrongly always was enabled, but no longer is...
-
-Daniel S (18 June 2007)
-- Robson Braga Araujo filed bug report #1739100
- (http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl
- could not actually list the contents of the root directory of a given FTP
- server if the login directory isn't root. I fixed the problem and added
- three test cases (one is disabled for now since I identified KNOWN_BUGS #44,
- we cannot use --ftp-method nocwd and list ftp directories).
-
-Daniel S (14 June 2007)
-- Shmulik Regev:
-
- I've encountered (and hopefully fixed) a problem involving proxy CONNECT
- requests and easy handles state management. The problem isn't simple to
- reproduce since it depends on socket state. It only manifests itself when
- working with non-blocking sockets.
-
- Here is the scenario:
-
- 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and
- calls Curl_protocol_connect
-
- 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function
- returns and conn->bits.tunnel_connecting is TRUE
-
- 3. when the call to Curl_protocol_connect returns the protocol_connect flag
- is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which
- isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT
- should be used.
-
- I discovered this while performing an HTTPS request through a proxy (squid)
- on my local network. The problem caused openssl to fail as it read the proxy
- response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL
- handshake (the exact openssl error was 'wrong ssl version' but this isn't
- very important)
-
-- Dave Vasilevsky filed bug report #1736875
- (http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan
- Fandrich mentioned a related build problem on the libcurl mailing list:
- http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same
- reason: the definitions of the POLL* defines and the pollfd struct in the
- libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H.
-
-Daniel S (13 June 2007)
-- Tom Regner provided a patch and worked together with James Housley, so now
- CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP
- ones.
-
-- Rich Rauenzahn filed bug report #1733119
- (http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the
- fix. The problem is that for 64bit HPUX builds, several socket-related
- functions would still assume int (32 bit) arguments and not socklen_t (64
- bit) ones.
-
-Daniel S (12 June 2007)
-- James Housley brought his revamped SSH code that is state-machine driven to
- really take advantage of the now totally non-blocking libssh2 (in CVS).
-
-Dan F (8 June 2007)
-- Incorporated Daniel Black's test706 and test707 SOCKS test cases.
-
-- Fixed a few problems when starting the SOCKS server.
-
-- Reverted some recent changes to runtests.pl that weren't compatible with
- perl 5.0.
-
-- Fixed the test harness so that it actually kills the ssh being used as
- the SOCKS server.
-
-Daniel S (6 June 2007)
-- -s/--silent can now be used to toggle off the silence again if used a second
- time.
-
-Daniel S (5 June 2007)
-- Added Daniel Black's work that adds the first few SOCKS test cases. I also
- fixed two minor SOCKS problems to make the test cases run fine.
-
-Daniel S (31 May 2007)
-- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs.
-
-Daniel S (30 May 2007)
-- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel
- with a c-ares enabled build only to find that it crashed miserably, and this
- was due to some select()isms left in the code. This was due to API
- restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no
- longer the case so now libcurl runs much better with c-ares and the multi
- interface with > 1024 file descriptors in use.
-
- Extra note: starting now we require c-ares 1.4.0 for asynchronous name
- resolves.
-
-- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting
- the maximum size of the connection cache maximum size of the multi handle.
-
-Daniel S (27 May 2007)
-- When working with a problem Stefan Becker had, I found an off-by-one buffer
- overwrite in Curl_select(). While fixing it, I also improved its performance
- somewhat by changing calloc to malloc and breaking out of a loop earlier
- (when possible).
-
-Daniel S (25 May 2007)
-- Rob Crittenden fixed bug #1705802
- (http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
- Black identifying several FTP-SSL test cases fail when we build libcurl with
- NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
-
-Daniel S (24 May 2007)
-- Song Ma filed bug report #1724016
- (http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading
- glob-ranges for TFTP was broken in CVS. Fixed now.
-
-- 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194)
- pointed out that the warnf() function in the curl tool didn't properly deal
- with the cases when excessively long words were used in the string to chop
- up.
-
-Daniel S (22 May 2007)
-- Andre Guibert de Bruet fixed a memory leak in the function that verifies the
- peer's name in the SSL certificate when built for OpenSSL. The leak happens
- for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
- name from UTF8. He also fixed a leak when PKCS #12 parsing failed.
-
-Daniel S (18 May 2007)
-- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
- #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
- transfer-related info "variables" were indeed overwritten with zeroes
- wrongly and have now been adjusted. The upload size still isn't accurate.
-
-Daniel S (17 May 2007)
-- Feng Tu pointed out a division by zero error in the TFTP connect timeout
- code for timeouts less than five seconds, and also provided a fix for it.
- Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392)
-
-Dan F (16 May 2007)
-- Added support for compiling under Minix 3.1.3 using ACK.
-
-Dan F (14 May 2007)
-- Added SFTP directory listing test case 613.
-
-- Added support for quote commands before a transfer using SFTP and test
- case 614.
-
-- Changed the post-quote commands to occur after the transferred file is
- closed.
-
-- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0.
-
-Dan F (9 May 2007)
-- Kristian Gunstone fixed a problem where overwriting an uploaded file with
- sftp didn't truncate it first, which would corrupt the file if the new
- file was shorter than the old.
-
-Dan F (8 May 2007)
-- Added FTPS test cases 406 and 407
-
-Daniel S (8 May 2007)
-- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is
- because I just made SCP uploads return this value if the file size of
- the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to
- reflect this news, and a define for the old name was added to the public
- header file.
-
-Daniel S (7 May 2007)
-- James Bursa fixed a bug in the multi handle code that made the connection
- cache grow a bit too much, beyond the normal 4 * easy_handles.
-
-Daniel S (2 May 2007)
-- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0
- when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is
- not very nice if the client wants to be able to use _either_ a HTTP 1.1
- server or one within the aliases list... so starting now, libcurl will
- simply consider 200-alias matches the to be HTTP 1.0 compliant.
-
-- Tobias Rundström reported a problem they experienced with xmms2 and recent
- libcurls, which turned out to be the 25-nov-2006 change which treats HTTP
- responses without Content-Length or chunked encoding as without bodies. We
- now added the conditional that the above mentioned response is only without
- body if the response is HTTP 1.1.
-
-- Jeff Pohlmeyer improved the hiperfifo.c example to use the
- CURLMOPT_TIMERFUNCTION callback option.
-
-- Set the timeout for easy handles to expire really soon after addition or
- when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform,
- to make applications using only curl_multi_socket() to properly function
- when adding easy handles "on the fly". Bug report and test app provided by
- Michael Wallner.
-
-Dan F (30 April 2007)
-- Improved the test harness to allow running test servers on other than
- the default port numbers, allowing more than one test suite to run
- simultaneously on the same host.
-
-Daniel S (28 April 2007)
-- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
- since it then inits libgcrypt and libgcrypt is being evil and EXITS the
- application if it fails to get a fine random seed. That's really not a nice
- thing to do by a library.
-
-- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
- been removed from a multi handle, and then fixed another flaw that prevented
- curl_easy_duphandle() to work even after the first fix - the handle was
- still marked as using the multi interface.
-
-Daniel S (26 April 2007)
-- Peter O'Gorman found a problem with SCP downloads when the downloaded file
- was 16385 bytes (16K+1) and it turned out we didn't properly always "suck
- out" all data from libssh2. The effect being that libcurl would hang on the
- socket waiting for data when libssh2 had in fact already read it all...
-
-Dan F (25 April 2007)
-- Added support in runtests.pl for "!n" test numbers to disable individual
- tests. Changed -t to only keep log files around when -k is specified,
- to have the same behaviour as without -t.
-
-Daniel S (25 April 2007)
-- Sonia Subramanian brought our attention to a problem that happens if you set
- the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection
- in the connection cache is closed to make room for the new one when you call
- curl_easy_perform(). It would then wrongly free range-related data in the
- connection close funtion.
-
-Yang Tse (25 April 2007)
-- Steve Little fixed compilation on VMS 64-bit mode
-
-Daniel S (24 April 2007)
-- Robert Iakobashvili made the 'master_buffer' get allocated first once it is
- can/will be used as it then makes the common cases save 16KB of data for each
- easy handle that isn't used for pipelining.
-
-Dan F (23 April 2007)
-- Added <postcheck> support to the test harness.
-
-- Added tests 610-612 to test more SFTP post-quote commands.
-
-Daniel S (22 April 2007)
-- Song Ma's warning if -r/--range is given with a "bad" range, also noted in
- the man page now.
-
-- Daniel Black filed bug #1705177
- (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
- --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
- was found and used.
-
-Daniel S (21 April 2007)
-- Daniel Black filed bug #1704675
- (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
- problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on
- closedown after a failure and a bad #ifdef for NSS when closing down SSL.
-
-Yang Tse (20 April 2007)
-- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of
- Curl_socket_ready(), Curl_poll() and Curl_select() when these are called
- with a zero timeout or a timeout value indicating a blocking call should
- be performed.
-
-Daniel S (18 April 2007)
-- James Housley made SFTP uploads use libssh2's non-blocking API
-
-- Prevent the internal progress meter from updating more frequently than once
- per second.
-
-Dan F (17 April 2007)
-- Added test cases 296, 297 and 298 to test --ftp-method handling
-
-Daniel S (16 April 2007)
-- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a
- function that deprecates the curl_multi_socket() function. Using the new
- function the application tell libcurl what action that was found in the
- socket that it passes in. This gives a significant performance boost as it
- allows libcurl to avoid a call to poll()/select() for every call to
- curl_multi_socket*().
-
- I added a define in the public curl/multi.h header file that will make your
- existing application automatically use curl_multi_socket_action() instead of
- curl_multi_socket() when you recompile. But of course you'll get better
- performance if you adjust your code manually and actually pass in the
- correct action bitmask to this function.
-
-Daniel S (14 April 2007)
-- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test
- suite to make stunnel run better in some (most?) environments.
-
-Dan F (13 April 2007)
-- Added test cases 294 and 295 to test --ftp-account handling
-
-- Improved handling of out of memory in ftp.
-
-Yang Tse (13 April 2007)
-- Fix test case 534 which started to fail 2007-04-13 due to the existance
- of a new host on the net with the same silly domain the test was using
- for a host which was supposed not to exist.
-
-Daniel S (12 April 2007)
-- Song Ma found a memory leak in the if2ip code if you pass in an interface
- name longer than the name field of the ifreq struct (typically 6 bytes), as
- then it wouldn't close the used dummy socket. Bug #1698974
- (http://curl.haxx.se/bug/view.cgi?id=1698974)
-
-Version 7.16.2 (11 April 2007)
-
-Yang Tse (10 April 2007)
-- Ravi Pratap provided some fixes for HTTP pipelining
-
-- configure script will ignore --enable-sspi option for non-native Windows.
-
-Daniel S (9 April 2007)
-- Nick Zitzmann did ssh.c cleanups
-
-Daniel S (3 April 2007)
-- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
-
-Daniel S (2 April 2007)
-- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
- accepted commands are as follows:
-
- chgrp (gid) (path)
- Changes the group ID of the file or directory at (path) to (gid). (gid)
- must be a number.
-
- chmod (perms) (path)
- Changes the permissions of the file or directory at (path) to
- (perms). (perms) must be a number in the format used by the chmod Unix
- command.
-
- chown (uid) (path)
- Changes the user ID of the file or directory at (path) to (uid). (uid)
- must be a number.
-
- ln (source) (dest)
- Creates a symbolic link at (dest) that points to the file located at
- (source).
-
- mkdir (path)
- Creates a new directory at (path).
-
- rename (source) (dest)
- Moves the file or directory at (source) to (dest).
-
- rm (path)
- Deletes the file located at (path).
-
- rmdir (path)
- Deletes the directory located at (path). This command will raise an error
- if the directory is not empty.
-
- symlink (source) (dest)
- Same as ln.
-
-Daniel S (1 April 2007)
-- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
- easy handles are added to a multi handle, by avoiding the looping over all
- the handles to find which one to remove.
-
-- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
-
-Daniel S (31 March 2007)
-- Fixed several minor issues detected by the coverity.com scanner.
-
-- "Pixel" fixed a problem that appeared when you used -f with user+password
- embedded in the URL.
-
-Dan F (29 March 2007)
-- Don't tear down the ftp connection if the maximum filesize was exceeded
- and added tests 290 and 291 to check.
-
-- Added ftps upload and SSL required tests 401 and 402.
-
-- Send an EOF message before closing an SCP channel, as recommended by
- RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
-
-Yang Tse (27 March 2007)
-- Internal function Curl_select() renamed to Curl_socket_ready()
-
- New Internal wrapper function Curl_select() around select (2), it
- uses poll() when a fine poll() is available, so now libcurl can be
- built without select() support at all if a fine poll() is available.
-
-Daniel S (25 March 2007)
-- Daniel Johnson fixed multi code to traverse the easy handle list properly.
- A left-over bug from the February 21 fix.
-
-Dan F (23 March 2007)
-- Added --pubkey option to curl and made --key also work for SCP/SFTP,
- plus made --pass work on an SSH private key as well.
-
-- Changed the test harness to attempt to gracefully shut down servers
- before resorting to the kill -9 hammer.
-
-- Added test harness infrastructure to support scp/sftp tests, using
- OpenSSH as the server.
-
-- Fixed a memory leak when specifying a proxy with a file: URL.
-
-Yang Tse (20 March 2007)
-- Fixed: When a signal was caught awaiting for an event using Curl_select()
- or Curl_poll() with a non-zero timeout both functions would restart the
- specified timeout. This could even lead to the extreme case that if a
- signal arrived with a frecuency lower to the specified timeout neither
- function would ever exit.
-
- Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
- Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
- defined both functions will return as soon as a signal is caught. Use it
- at your own risk, all calls to these functions in the library should be
- revisited and checked before fully supporting this feature.
-
-Yang Tse (19 March 2007)
-- Bryan Henderson fixed the progress function so that it can get called more
- frequently allowing same calling frecuency for the client progress callback.
-
-Dan F (15 March 2007)
-- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
-
-Daniel (15 March 2007)
-- Nick made the curl tool accept globbing ranges that only is one number, i.e
- you can now use [1-1] without curl complaining.
-
-Daniel (10 March 2007)
-- Eygene Ryabinkin:
-
- The problem is the following: when we're calling Curl_done and it decides to
- keep the connection opened ('left intact'), then the caller is not notified
- that the connection was done via the NULLifying of the pointer, so some easy
- handle is keeping the pointer to this connection.
-
- Later ConnectionExists can select such connection for reuse even if we're
- not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
- false and we can reuse this connection for another easy handle. But thus the
- connection will be shared between two easy handles if the handle that wants
- to take the ownership is not the same as was not notified of the connection
- was done in Curl_done. And when some of these easy handles will get their
- connection really freed the another one will still keep the pointer.
-
- My fix was rather trivial: I just added the NULLification to the 'else'
- branch in the Curl_done. My tests with Git and ElectricFence showed no
- problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
- so it was a considerable amount of Curl's work.
-
-Dan F (9 March 2007)
-- Updated the test harness to add a new "crypto" feature check and updated the
- appropriate test case to use it. For now, this is treated the same as the
- "SSL" feature because curl doesn't list it separately.
-
-Daniel (9 March 2007)
-- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
-
-- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
- machine type too.
-
-- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
- upload a file it couldn't open. Bug #1676581
- (http://curl.haxx.se/bug/view.cgi?id=1676581)
-
-Dan F (9 March 2007)
-- Updated the test harness to check for protocol support before running each
- test, fixing KNOWN_BUGS #11.
-
-Dan F (7 March 2007)
-- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
- harness. It is very limited as it supports only ftps:// URLs with
- --ftp-ssl-control specified, which implicitly encrypts the control
- channel but not the data channels. That allows stunnel to be used with
- an unmodified ftp server in exactly the same way that the test https
- server is set up.
-
-Dan F (7 March 2007)
-- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
- unencrypted data connections.
-
-Dan F (6 March 2007)
-- Fixed a couple of improper pointer uses detected by valgrind in test
- cases 181 & 216.
-
-Daniel (2 March 2007)
-- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
- makefiles that are included in the source release archives, generated from
- the Makefile.vc6 files by the maketgz script. I also modified the root
- Makefile to have a VC variable that defaults to vc6 but can be overridden to
- allow it to be used for vc8 as well. Like this:
-
- nmake VC=vc8 vc
-
-Daniel (27 February 2007)
-- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
- server through a proxy and have the remote https server port set using the
- CURLOPT_PORT option, protocol gets reset to http from https after the first
- request.
-
- User defined URL was modified internally by libcurl and subsequent reuse of
- the easy handle may lead to connection using a different protocol (if not
- originally http).
-
- I found that libcurl hardcoded the protocol to "http" when it tries to
- regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
- follows and it's working fine so far
-
-Daniel (25 February 2007)
-- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
- the multi interface. Note that it still does a part of the connection in a
- blocking manner.
-
-Daniel (23 February 2007)
-- Added warning outputs if the command line uses more than one of the options
- -v, --trace and --trace-ascii, since it could really confuse the user.
- Clarified this fact in the man page.
-
-Daniel (21 February 2007)
-- Ravi Pratap provided work on libcurl making pipelining more robust and
- fixing some bugs:
- o Don't mix GET and POST requests in a pipeline
- o Fix the order in which requests are dispatched from the pipeline
- o Fixed several curl bugs with pipelining when the server is returning
- chunked encoding:
- * Added states to chunked parsing for final CRLF
- * Rewind buffer after parsing chunk with data remaining
- * Moved chunked header initializing to a spot just before receiving
- headers
-
-Daniel (20 February 2007)
-- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
- active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
- line option.
-
-Daniel (19 February 2007)
-- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
-
-- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
- when the multi interface was used.
-
-- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
- 5).
-
-Daniel (18 February 2007)
-- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
- the multi interface and connection re-use that could make a
- curl_multi_remove_handle() ruin a pointer in another handle.
-
- The second problem was less of an actual problem but more of minor quirk:
- the re-using of connections wasn't properly checking if the connection was
- marked for closure.
-
-Daniel (16 February 2007)
-- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
- CURLOPT_RANGE back to no range on an easy handle when using FTP.
-
-Dan F (14 February 2007)
-- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
- therefore introduce unnecessary dependencies) when it's not needed.
- Also, don't bother adding a library path of /usr/lib
-
-Daniel (13 February 2007)
-- The default password for anonymous FTP connections is now changed to be
- "ftp@example.com".
-
-- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
- gmtime_r() like the older VC versions. He also made use of some machine-
- specific defines to differentiate the "OS" define.
-
-Daniel (12 February 2007)
-- Rob Crittenden added support for NSS (Network Security Service) for the
- SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
-
- This is the fourth supported library for TLS/SSL that libcurl supports!
-
-- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
- to the debug callback.
-
-- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
- CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
- internal decoding of content or transfer encoded content. This may be
- preferable in cases where you use libcurl for proxy purposes or similar. The
- command line tool got a --raw option to disable both at once.
-
-- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
- define set to hold the exact date and time of when the tarball was built, as
- a human readable string using the UTC time zone.
-
-- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
- that has an easy handle present in the "closure" list pending closure.
-
-Daniel (6 February 2007)
-- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
- API of libssh2, if the libssh2 headers seem to support them. This will make
- SCP and SFTP much more responsive and better libcurl citizens when used with
- the multi interface etc.
-
-Daniel (5 February 2007)
-- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
- CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
- millisecond resolution. The only restriction to that is the alarm()
- (sometimes) used to abort name resolves as that uses full seconds. I fixed
- the FTP response timeout part of the patch.
-
- Internally we now count and keep the timeouts in milliseconds but it also
- means we multiply set timeouts with 1000. The effect of this is that no
- timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
- equals 24.86 days. We probably couldn't before either since the code did
- *1000 on the timeout values on several places already.
-
-Daniel (3 February 2007)
-- Yang Tse fixed the cookie expiry date in several test cases that started to
- fail since they used "1 feb 2007"...
-
-- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
- the problem. The code now tries harder to use httproxy and proxy where
- apppropriate, as not all proxies are HTTP...
-
-Version 7.16.1 (29 January 2007)
-
-Daniel (29 January 2007)
-- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
- header, you got _two_ User-Agent headers in the CONNECT request...! Added
- test case 287 to verify the fix.
-
-Daniel (28 January 2007)
-- curl_easy_reset() now resets the CA bundle path correctly.
-
-- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
- platforms.
-
-Daniel (25 January 2007)
-- Added the --libcurl [file] option to curl. Append this option to any
- ordinary curl command line, and you will get a libcurl-using source code
- written to the file that does the equivalent operation of what your command
- line operation does!
-
-Dan F (24 January 2007)
-- Fixed a dangling pointer problem that prevented the http_proxy environment
- variable from being properly used in many cases (and caused test case 63
- to fail).
-
-Daniel (23 January 2007)
-- David McCreedy did NTLM changes mainly for non-ASCII platforms:
-
- #1
- There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
- defined. I noticed this while testing various configurations. Line 867 of
- the current http_ntlm.c is a closing bracket for an if/else pair that only
- gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
- wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
- defined. Lines 198 and 140 of my patch wraps that closing bracket in an
- #ifdef USE_NTLM2SESSION.
-
- #2
- I noticed several picky compiler warnings when DEBUG_ME is defined. I've
- fixed them with casting. By the way, DEBUG_ME was a huge help in
- understanding this code.
-
- #3
- Hopefully the last non-ASCII conversion patch for libcurl in a while. I
- changed the "NTLMSSP" literal to hex since this signature must always be in
- ASCII.
-
- Conversion code was strategically added where necessary. And the
- Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
- creates are NOT translated on non-ASCII platforms.
-
-Dan F (22 January 2007)
-- Converted (most of) the test data files into genuine XML. A handful still
- are not, due mainly to the lack of support for XML character entities
- (e.g. & => &amp; ). This will make it easier to validate test files using
- tools like xmllint, as well as to edit and view them using XML tools.
-
-Daniel (16 January 2007)
-- Armel Asselin improved libcurl to behave a lot better when an easy handle
- doing an FTP transfer is removed from a multi handle before completion. The
- fix also fixed the "alive counter" to be correct on "premature removal" for
- all protocols.
-
-Dan F (16 January 2007)
-- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
- detector. Also changed tftp downloads to URL-unescape the downloaded
- file name.
-
-Daniel (14 January 2007)
-- David McCreedy provided libcurl changes for doing HTTP communication on
- non-ASCII platforms. It does add some complexity, most notably with more
- #ifdefs, but I want to see this supported added and I can't see how we can
- add it without the extra stuff added.
-
-- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
- libcurl would crash when trying to read a NULL pointer.
-
-Daniel (12 January 2007)
-- Toby Peterson found a nasty bug that prevented (lib)curl from properly
- downloading (most) things that were larger than 4GB on 32 bit systems. Matt
- Witherspoon helped as narrow down the problem.
-
-Daniel (5 January 2007)
-- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
- curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
- will make libcurl shutdown SSL/TLS after the authentication is done on a
- FTP-SSL operation.
-
-Daniel (4 January 2007)
-- David McCreedy made changes to allow base64 encoding/decoding to work on
- non-ASCII platforms.
-
-Daniel (3 January 2007)
-- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
- downloaded data in two buffers, just to be able to deal with a special HTTP
- pipelining case. That is now only activated for pipelined transfers. In
- Matt's case, it showed as a considerable performance difference,
-
-Daniel (2 January 2007)
-- Victor Snezhko helped us fix bug report #1603712
- (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
- (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
- on Windows (since 7.16.0, but that's when they were introduced as previous
- to that the limiting logic was made in the application only and not in the
- library). It was actually also broken on select()-based systems (as apposed
- to poll()) but we haven't had any such reports. We now use select(), Sleep()
- or delay() properly to sleep a while without waiting for anything input or
- output when the rate limiting is activated with the easy interface.
-
-- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
- to get built static. It has been mentioned before and was again brought to
- our attention by Nathanael Nerode who filed debian bug report #405226
- (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).
-
diff --git a/CHANGES.0 b/CHANGES.0
index b73d239fd..e2b769714 100644
--- a/CHANGES.0
+++ b/CHANGES.0
@@ -9,6 +9,1609 @@
Changes done to curl and libcurl from 1997 to 2006. The most recent changes are
always kept in the CHANGES file.
+Daniel S (27 Dec 2007)
+- Dmitry Kurochkin mentioned a flaw
+ (http://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which
+ failed to set the bits.proxy variable properly when an environment variable
+ told libcurl to use a http proxy.
+
+Daniel S (26 Dec 2007)
+- In an attempt to repeat the problem in bug report #1850730
+ (http://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The
+ test is doing a 70K POST with a read callback and an ioctl callback over a
+ proxy requiring Digest auth. The test case code is more or less identical to
+ the test recipe code provided by Spacen Jasset (who submitted the bug
+ report).
+
+Daniel S (25 Dec 2007)
+- Gary Maxwell filed bug report #1856628
+ (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
+ (small) memory leak in the SSL session ID caching code. It happened when a
+ previous entry in the cache was re-used.
+
+Daniel Fandrich (19 Dec 2007)
+- Ensure that nroff doesn't put anything but ASCII characters into the
+ --manual text.
+
+Yang Tse (18 Dec 2007)
+- MSVC 9.0 (VS2008) does not support Windows build targets prior to WinXP,
+ and makes wrong asumptions of build target when it isn't specified. So,
+ if no build target has been defined we will target WinXP when building
+ curl/libcurl with MSVC 9.0 (VS2008).
+
+- (http://curl.haxx.se/mail/archive-2007-12/0039.html) reported and fixed
+ a file truncation problem on Windows build targets triggered when retrying
+ a download with curl.
+
+Daniel S (17 Dec 2007)
+- Mateusz Loskot pointed out that MSVC 9.0 (VS2008) has the pollfd struct and
+ defines in winsock2.h somehow differently than previous versions and that
+ curl 7.17.1 would fail to compile out of the box.
+
+Daniel S (13 Dec 2007)
+- David Wright filed bug report #1849764
+ (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He
+ identified a problem for re-used connections that previously had sent
+ Expect: 100-continue and in some situations the subsequent POST (that didn't
+ use Expect:) still had the internal flag set for its use. David's fix (that
+ makes the setting of the flag in every single request unconditionally) is
+ fine and is now used!
+
+Daniel S (12 Dec 2007)
+- Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and
+ added the --no-keep-alive option that can disable that on demand.
+
+Daniel S (9 Dec 2007)
+- Andrew Moise filed bug report #1847501
+ (http://curl.haxx.se/bug/view.cgi?id=1847501) and pointed out a memcpy()
+ that should be memmove() in the convert_lineends() function.
+
+Daniel S (8 Dec 2007)
+- Renamed all internal static functions that had Curl_ prefixes to no longer
+ have them. The Curl_ prefix is exclusively used for library internal global
+ symbols. Static functions can be named anything, except for using Curl_ or
+ curl_ prefixes. This is for consistency and for easier maintainance and
+ overview.
+
+- Cleaned up and reformatted the TODO document to look like the FAQ and
+ CONTRIBUTE, which makes nicer web pages
+
+- Added test cases 549 and 550 that test CURLOPT_PROXY_TRANSFER_MODE.
+
+- Added keywords on a bunch of test cases
+
+- Fixed an OOM problem in the curl code that would lead to fclose on a bad
+ handle and crash
+
+Daniel S (5 Dec 2007)
+- Spacen Jasset reported a problem with doing POST (with data read with a
+ callback) over a proxy when NTLM is used as auth with the proxy. The bug
+ also concerned Digest and was limited to using callback only. Spacen worked
+ with us to provide a useful patch. I added the test case 547 and 548 to
+ verify two variations of POST over proxy with NTLM.
+
+Daniel S (3 Dec 2007)
+- Ray Pekowski filed bug report #1842029
+ (http://curl.haxx.se/bug/view.cgi?id=1842029) in which he identified a
+ problem with SSL session caching that prevent it from working, and provided
+ the associated fix!
+
+- Now libcurl (built with OpenSSL) doesn't return error anymore if the remote
+ SSL-based server doesn't present a certificate when the request is told to
+ ignore certificate verification anyway.
+
+- Michal Marek introduced CURLOPT_PROXY_TRANSFER_MODE which is used to control
+ the appending of the "type=" thing on FTP URLs when they are passed to a
+ HTTP proxy. Some proxies just don't like that appending (which is done
+ unconditionally in 7.17.1), and some proxies treat binary/ascii transfers
+ better with the appending done!
+
+Daniel S (29 Nov 2007)
+- A bug report on the curl-library list showed a HTTP Digest session going on
+ with a 700+ letter nonce. Previously libcurl only support 127 letter ones
+ and now I bumped it to 1023.
+
+- Fixed the resumed FTP upload loop to not require that the read callback
+ returns a full buffer on each invoke.
+
+Daniel S (25 Nov 2007)
+- Added test case 1015 that tests --data-urlencode in multiple ways
+
+- Fixed --data-urlencode for when no @ or = are used
+
+- Extended the user-agent buffer curl uses, since we can hit the 128 byte
+ border with plenty development libraries used. Like my current set: "curl
+ 7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g
+ zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-CVS"
+
+Daniel S (24 Nov 2007)
+- Internal rearrangements, so that the previous struct HandleData is no more.
+ It is now known as SingleRequest and the Curl_transfer_keeper struct within
+ that was remove entirely. This has the upside that there are less duplicate
+ struct members that made it hard to see and remember what struct that was
+ used to store what data. The transfer_keeper thing was once stored on a
+ per-connection basis and then it made sense to have the duplicate info but
+ since it was moved to the SessionHandle (in 7.16.0) it just added weirdness.
+ The SingleRequest struct is used by data that only is valid for this single
+ request.
+
+Yang Tse (22 Nov 2007)
+- Provide a socklen_t definition in curl.h for Win32 API build targets
+ which don't have one.
+
+Daniel S (22 Nov 2007)
+- Alessandro Vesely helped me improve the --data-urlencode's syntax, parser
+ and documentation.
+
+Daniel S (21 Nov 2007)
+- While inspecting the Negotiate code, I noticed how the proxy auth was using
+ the same state struct as the host auth, so both could never be used at the
+ same time! I fixed it (without being able to check) to use two separate
+ structs to allow authentication using Negotiate on host and proxy
+ simultaneously.
+
+Daniel S (20 Nov 2007)
+- Emil Romanus pointed out a bug that made an easy handle get the cookie
+ engine activated when set to use a share (even if the share doesn't share
+ cookies). I fixed it.
+
+- Fixed a very long-lasting mprintf() bug that occurred when we did "%.*s%s",
+ since the second %s would then wrongly used the numerical precision argument
+ instead and crash.
+
+- Introduced --data-urlencode to the curl tool for easier url encoding of the
+ data sent in a post.
+
+Daniel S (18 Nov 2007)
+- Rob Crittenden fixed SSL connections with NSS done with the multi-interface
+
+Daniel S (17 Nov 2007)
+- Michal Marek made the test suite remember what test servers that fail to
+ start so that subsequent tries are simply skipped.
+
+- Andres Garcia made the examples build fine on Windows (mingw + msys) when
+ the lib was built staticly.
+
+Daniel S (16 Nov 2007)
+- Ates Goral identified a problem in http.c:add_buffer_send() when a debug
+ callback was used, as it could wrongly pass on a bad size for the outgoing
+ HTTP header. The bad size would be a very large value as it was a wrapped
+ size_t content. This happened when the whole HTTP request failed to get sent
+ in one single send. http://curl.haxx.se/mail/lib-2007-11/0165.html
+
+Daniel S (15 Nov 2007)
+- Fixed yet another remaining problem with doing SFTP directory listings on a
+ re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing
+ list.
+
+- Michal Marek fixed the test suite to better deal with the case when the HTTP
+ ipv6 server can't run.
+
+Yang Tse (14 Nov 2007)
+- Fix a variable potential wrapping in add_buffer() when using absolutely
+ huge send buffer sizes.
+
+Daniel S (13 Nov 2007)
+- Fixed a remaining problem with doing SFTP directory listings on a re-used
+ persistent connection. Mentioned by Immanuel Gregoire on the mailing list.
+
+Daniel S (12 Nov 2007)
+- Bug report #1830637 (http://curl.haxx.se/bug/view.cgi?id=1830637), which was
+ forwarded from the Gentoo bug tracker by Daniel Black and was originally
+ submitted by Robin Johnson, pointed out that libcurl would do bad memory
+ references when it failed and bailed out before the handler thing was
+ setup. My fix is not done like the provided patch does it, but instead I
+ make sure that there's never any chance for a NULL pointer in that struct
+ member.
+
+Yang Tse (10 Nov 2007)
+- Vikram Saxena (http://curl.haxx.se/mail/lib-2007-11/0096.html) pointed out
+ that the pollfd struct was being multi defined when using VS2008. This is
+ now fixed in /curl/lib/select.h
+
+Daniel S (8 Nov 2007)
+- Bug report #1823487 (http://curl.haxx.se/bug/view.cgi?id=1823487) pointed
+ out that SFTP requests didn't use persistent connections. Neither did SCP
+ ones. I gave the SSH code a good beating and now both SCP and SFTP should
+ use persistent connections fine. I also did a bunch of indent changes as
+ well as a bug fix for the "keyboard interactive" auth.
+
+Dan F (6 Nov 2007)
+- Improved telnet support by drastically reducing the number of write
+ callbacks needed to pass a buffer to the user. Instead one per byte it
+ is now as little as one per segment.
+
+Yang Tse (6 Nov 2007)
+- Bug report #1824894 (http://curl.haxx.se/bug/view.cgi?id=1824894) pointed
+ out a problem in curl.h when building C++ apps with MSVC. To fix it, the
+ inclusion of header files in curl.h is moved outside of the C++ extern "C"
+ linkage block.
+
+Daniel S (1 Nov 2007)
+- Toby Peterson patched a memory problem in the command line tool that
+ happened when a user had a home dir as an empty string. curl would then do
+ free() on a wrong area.
+
+Dan F (1 Nov 2007)
+- Fixed curl-config --features to not display libz when it wasn't used
+ due to a missing header file.
+
+Dan F (31 October 2007)
+- Fixed the output of curl-config --protocols which showed SCP and SFTP
+ always, except when --without-libssh2 was given
+
+- Added test cases 1013 and 1014 to check that curl-config --protocols and
+ curl-config --features matches the output of curl --version
+
+Dan F (30 October 2007)
+- Fixed an OOM problem with file: URLs
+
+- Moved Curl_file_connect into the protocol handler struct
+
+Dan F (29 October 2007)
+- Added test case 546 to check that subsequent FTP transfers work after a
+ failed one using the multi interface
+
+Daniel S (29 October 2007)
+- Based on one of those bug reports that are intercepted by a distro's bug
+ tracker (https://bugzilla.redhat.com/show_bug.cgi?id=316191), I now made
+ curl-config --features and --protocols show the correct output when built
+ with NSS.
+
+Version 7.17.1 (29 October 2007)
+
+Dan F (25 October 2007)
+- Added the --static-libs option to curl-config
+
+Daniel S (25 October 2007)
+- Made libcurl built with NSS possible to ignore the peer verification.
+ Previously it would fail if the ca bundle wasn't present, even if the code
+ ignored the verification results.
+
+Patrick M (25 October 2007)
+- Fixed test server to allow null bytes in binary posts.
+_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
+ and dynamic (copied).
+
+Daniel S (25 October 2007)
+- Michal Marek fixed the test script to be able to use valgrind even when the
+ lib is built shared with libtool.
+
+- Fixed a few memory leaks when the same easy handle is re-used to request
+ URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
+ Dan F's new test cases.
+
+Dan F (24 October 2007)
+- Fixed the test FTP and TFTP servers to support the >10000 test number
+ notation
+
+- Added test cases 2000 through 2003 which test multiple protocols using the
+ same easy handle
+
+- Fixed the filecheck: make target to work outside the source tree
+
+Daniel S (24 October 2007)
+- Vladimir Lazarenko pointed out that we should do some 'mt' magic when
+ building with VC8 to get the "manifest" embedded to make fine stand-alone
+ binaries. The maketgz and the src/Makefile.vc6 files were adjusted
+ accordingly.
+
+Daniel S (23 October 2007)
+- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
+ that libcurl tried to re-use connections a bit too much when using non-SSL
+ protocols tunneled over a HTTP proxy.
+
+Daniel S (22 October 2007)
+- Michal Marek forwarded the bug report
+ https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
+ FTP that caused memory havoc. His work together with my efforts created two
+ fixes:
+
+ #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
+ at connection cleanup, at which time the struct HandleData could be
+ used by another connection.
+ Also, the unused char *urlpath member is removed from struct FTP.
+
+ #2 - provide a Curl_reset_reqproto() function that frees
+ data->reqdata.proto.* on connection setup if needed (that is if the
+ SessionHandle was used by a different connection).
+
+ A long-term goal is of course to somehow get rid of how the reqdata struct
+ is used, as it is too error-prone.
+
+- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
+ that specifying a proxy with a trailing slash didn't work (unless it also
+ contained a port number).
+
+Patrick M (15 October 2007)
+- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
+ and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
+
+Patrick M (12 October 2007)
+- Added per-protocol callback static tables, replacing callback ptr storage
+ in the connectdata structure by a single handler table ptr.
+
+Dan F (11 October 2007)
+- Fixed the -l option of runtests.pl
+
+- Added support for skipping tests based on key words.
+
+Daniel S (9 October 2007)
+- Michal Marek removed the no longer existing return codes from the curl.1
+ man page.
+
+Daniel S (7 October 2007)
+- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
+ a response that was larger than 16KB is now improved slightly so that now
+ the restriction at 16KB is for the headers only and it should be a rare
+ situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
+ and the header limitation is now known as known bug #48.
+
+Daniel S (5 October 2007)
+- Michael Wallner made the CULROPT_COOKIELIST option support a new magic
+ string: "FLUSH". Using that will cause libcurl to flush its cookies to the
+ CURLOPT_COOKIEJAR file.
+
+- The new file docs/libcurl/ABI describes how we view ABI breakages, soname
+ bumps and what the version number's significance to all that is.
+
+Daniel S (4 October 2007)
+- I enabled test 1009 and made the --local-port use a wide range to reduce the
+ risk of failures.
+
+- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
+ This happened because the tftp code always uncondionally did a bind()
+ without caring if one already had been done and then it failed. I wrote a
+ test case (1009) to verify this, but it is a bit error-prone since it will
+ have to pick a fixed local port number and since the tests are run on so
+ many different hosts in different situations I'll add it in disabled state.
+
+Yang Tse (3 October 2007)
+- Fixed issue related with the use of ares_timeout() result.
+
+Daniel S (3 October 2007)
+- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
+ CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
+ replace the socket() call used by libcurl. It basically allows the app to
+ change address, protocol or whatever of the socket.
+
+- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
+ CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
+ this return code get used by the previous SSH MD5 fingerprint check in case
+ it fails.
+
+- Based on a patch brought by Johnny Luong, libcurl now offers
+ CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
+ make the SCP or SFTP connection verify the remote host's md5 checksum of the
+ public key before doing a connect, to reduce the risk of a man-in-the-middle
+ attack.
+
+Daniel S (2 October 2007)
+- libcurl now handles chunked-encoded CONNECT responses
+
+Daniel S (1 October 2007)
+- Alex Fishman reported a curl_easy_escape() problem that was made the
+ function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
+ signed / unsigned mistake in the code. I fixed it and added test case 543 to
+ verify.
+
+Daniel S (29 September 2007)
+- Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
+
+Daniel S (28 September 2007)
+- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
+ notifier callback(s).
+
+Dan F (26 September 2007)
+- Enabled a few more gcc warnings with --enable-debug. Renamed a few
+ variables to avoid shadowing global declarations.
+
+Daniel S (26 September 2007)
+- Philip Langdale provided the new CURLOPT_POST301 option for
+ curl_easy_setopt() that alters how libcurl functions when following
+ redirects. It makes libcurl obey the RFC2616 when a 301 response is received
+ after a non-GET request is made. Default libcurl behaviour is to change
+ method to GET in the subsequent request (like it does for response code 302
+ - because that's what many/most browsers do), but with this CURLOPT_POST301
+ option enabled it will do what the spec says and do the next request using
+ the same method again. I.e keep POST after 301.
+
+ The curl tool got this option as --post301
+
+ Test case 1011 and 1012 were added to verify.
+
+- Max Katsev reported that when doing a libcurl FTP request with
+ CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
+ before it does SIZE which makes it less useful. I walked over the code and
+ made it do this properly, and added test case 542 to verify it.
+
+Daniel S (24 September 2007)
+- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
+ URLs ending with a slash properly (it should list the contents of that
+ directory). Test case 351 brought back and also test 1010 was added.
+
+Daniel S (21 September 2007)
+- Mark Davies fixed Negotiate authentication over proxy, and also introduced
+ the --proxy-negotiate command line option to allow a user to explicitly
+ select it.
+
+Daniel S (19 September 2007)
+- Rob Crittenden provided an NSS update with the following highlights:
+
+ o It looks for the NSS database first in the environment variable SSL_DIR,
+ then in /etc/pki/nssdb, then it initializes with no database if neither of
+ those exist.
+
+ o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
+ loaded, including the ca-bundle. If it is not available then only
+ certificates already in the NSS database are used.
+
+ o Tries to detect whether a file or nickname is being passed in so the right
+ thing is done
+
+ o Added a bit of code to make the output more like the OpenSSL module,
+ including displaying the certificate information when connecting in
+ verbose mode
+
+ o Improved handling of certificate errors (expired, untrusted, etc)
+
+ The libnsspem.so PKCS#11 module is currently only available in Fedora
+ 8/rawhide. Work will be done soon to upstream it. The NSS module will work
+ with or without it, all that changes is the source of the certificates and
+ keys.
+
+Daniel S (18 September 2007)
+- Immanuel Gregoire pointed out that public key SSH auth failed if no
+ public/private key was specified and there was no HOME environment variable,
+ and then it didn't continue to try the other auth methods. Now it will
+ instead try to get the files id_dsa.pub and id_dsa from the current
+ directory if none of the two conditions were met.
+
+Dan F (17 September 2007)
+- Added hooks to the test suite to make it possible to test a curl running
+ on a remote host.
+
+- Changed some FTP tests to validate the format of the PORT and EPRT commands
+ sent by curl, if not the addresses themselves.
+
+Daniel S (15 September 2007)
+- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
+ proxies for FTP urls.
+
+- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
+ support on Windows.
+
+Dan F (13 September 2007)
+- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
+ fixed some AC_SUBST configure entries.
+
+Version 7.17.0 (13 September 2007)
+
+Daniel S (12 September 2007)
+- Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed
+ out a problem with doing an empty upload over FTP on a re-used connection.
+ I added test case 541 to reproduce it and to verify the fix.
+
+- I noticed while writing test 541 that the FTP code wrongly did a CWD on the
+ second transfer as it didn't store and remember the "" path from the
+ previous transfer so it would instead CWD to the entry path as stored. This
+ worked, but did a superfluous command. Thus, test case 541 now also verifies
+ this fix.
+
+Dan F (5 September 2007)
+- Added test case 1007 to test permission problem when uploading with TFTP
+ (to validate bug #1790403).
+
+- TFTP now reports the "not defined" TFTP error code 0 as an error,
+ not success.
+
+Daniel S (5 September 2007)
+- Continued the work on a fix for #1779054
+ (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August
+ 24 was not complete (either) but could accidentally "forget" parts of a
+ server response which led to faulty server response time-out errors.
+
+Dan F (5 September 2007)
+- Minix doesn't support getsockopt on UDP sockets or send/recv on TCP
+ sockets.
+
+Dan F (31 August 2007)
+- Made some of the error strings returned by the *strerror functions more
+ generic, and more consistent with each other.
+
+- Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants,
+ creating macros for backward compatibility:
+
+ CURLFTPSSL_NONE => CURLUSESSL_NONE
+ CURLFTPSSL_TRY => CURLUSESSL_TRY
+ CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL
+ CURLFTPSSL_ALL => CURLUSESSL_ALL
+ CURLFTPSSL_LAST => CURLUSESSL_LAST
+
+Dan F (30 August 2007)
+- Renamed several libcurl error codes and options to make them more general
+ and allow reuse by multiple protocols. Several unused error codes were
+ removed. In all cases, macros were added to preserve source (and binary)
+ compatibility with the old names. These macros are subject to removal at
+ a future date, but probably not before 2009. An application can be
+ tested to see if it is using any obsolete code by compiling it with the
+ CURL_NO_OLDIES macro defined.
+
+ The following unused error codes were removed:
+
+ CURLE_BAD_CALLING_ORDER
+ CURLE_BAD_PASSWORD_ENTERED
+ CURLE_FTP_CANT_RECONNECT
+ CURLE_FTP_COULDNT_GET_SIZE
+ CURLE_FTP_COULDNT_SET_ASCII
+ CURLE_FTP_USER_PASSWORD_INCORRECT
+ CURLE_FTP_WEIRD_USER_REPLY
+ CURLE_FTP_WRITE_ERROR
+ CURLE_LIBRARY_NOT_FOUND
+ CURLE_MALFORMAT_USER
+ CURLE_OBSOLETE
+ CURLE_SHARE_IN_USE
+ CURLE_URL_MALFORMAT_USER
+
+ The following error codes were renamed:
+
+ CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED
+ CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE
+ CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED
+ CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR
+ CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL
+ CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS
+ CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR
+
+ The following options were renamed:
+
+ CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD
+ CURLOPT_FTPAPPEND => CURLOPT_APPEND
+ CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY
+ CURLOPT_FTP_SSL => CURLOPT_USE_SSL
+
+ A few more changes will take place with the next SONAME bump of the
+ library. These are documented in docs/TODO
+
+- Documented some newer error codes in libcurl-error(3)
+
+- Added more accurate error code returns from SFTP operations. Added test
+ case 615 to test an SFTP upload failure.
+
+Dan F (28 August 2007)
+- Some minor internal type and const changes based on a splint scan.
+
+Daniel S (24 August 2007)
+- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
+ out that libcurl didn't deal with large responses from server commands, when
+ the single response was consisting of multiple lines but of a total size of
+ 16KB or more. Dan Fandrich improved the ftp test script and provided test
+ case 1006 to repeat the problem, and I fixed the code to make sure this new
+ test case runs fine.
+
+Patrick M (23 August 2007)
+- OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*.
+ See packages/OS400/README.OS400.
+
+Daniel S (23 August 2007)
+- Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed
+ out that doing first a file:// upload and then an FTP upload crashed libcurl
+ or at best caused furious valgrind complaints. Fixed now!
+
+Daniel S (22 August 2007)
+- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
+ out that libcurl didn't deal with very long (>16K) FTP server response lines
+ properly. Starting now, libcurl will chop them off (thus the client app will
+ not get the full line) but survive and deal with them fine otherwise. Test
+ case 1003 was added to verify this.
+
+Daniel S (20 August 2007)
+- Based on a patch by Christian Vogt, the FTP code now sets the upcoming
+ download transfer size much earlier to be possible to get read with
+ CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a
+ similar spirit to the HTTP size change from August 11 2007.
+
+Daniel S (18 August 2007)
+- Robson Braga Araujo filed bug report #1776232
+ (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling
+ Curl_client_write(), passing on a const string that the caller may not
+ modify and yet it does (on some platforms).
+
+- Robson Braga Araujo filed bug report #1776235
+ (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY
+ on a directory would do a "SIZE (null)" request. This is now fixed and test
+ case 1000 was added to verify.
+
+Daniel S (17 August 2007)
+- Song Ma provided a patch that cures a problem libcurl has when doing resume
+ HTTP PUT using Digest authentication. Test case 5320 and 5322 were also
+ added to verify the functionality.
+
+Daniel S (14 August 2007)
+- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
+ NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
+ UNICODE encode the strings it packs into the NTLM authenticate packet.
+
+Daniel S (11 August 2007)
+- Allen Pulsifer provided a patch that makes libcurl set the expected download
+ size earlier when doing HTTP downloads, so that applications and the
+ progress meter etc know get the info earlier in the flow than before.
+
+- Patrick Monnerat modified the LDAP code and approach in curl. Starting now,
+ the configure script checks for openldap and friends and we link with those
+ libs just like we link all other third party libraries, and we no longer
+ dlopen() those libraries. Our private header file lib/ldap.h was renamed to
+ lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix)
+ just before this commit, just in case.
+
+Dan F (8 August 2007)
+- Song Ma noted a zlib memory leak in the illegal compressed header
+ countermeasures code path.
+
+Daniel S (4 August 2007)
+- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
+ non-ASCII systems.
+
+Daniel S (3 August 2007)
+- I cut out support for libssh2 versions older than 0.16 to make our code a
+ lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
+ that 1) didn't work properly since it was >32 bits and 2) is removed in
+ libssh2 0.16...
+
+Daniel S (2 August 2007)
+- Scott Cantor filed bug report #1766320
+ (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
+ code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
+ CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
+ passed in as longs, and that makes a difference on 64 bit architectures.
+
+- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
+ after 7.16.2. This is much due to the different treatment file:// gets
+ internally, but now I added test 231 to make it less likely to happen again
+ without us noticing!
+
+Daniel S (1 August 2007)
+- Patrick Monnerat and I modified libcurl so that now it *copies* all strings
+ passed to it with curl_easy_setopt()! Previously it has always just refered
+ to the data, forcing the user to keep the data around until libcurl is done
+ with it. That is now history and libcurl will instead clone the given
+ strings and keep private copies. This is also part of Patrick Monnerat's
+ OS/400 port.
+
+ Due to this being a somewhat interesting change API wise, I've decided to
+ bump the version of the upcoming release to 7.17.0. Older applications will
+ of course not notice this change nor do they have to care, but new
+ applications can be written to take advantage of this.
+
+- Greg Morse reported a problem with POSTing using ANYAUTH to a server
+ requiring NTLM, and he provided test code and a test server and we worked
+ out a bug fix. We failed to count sent body data at times, which then caused
+ internal confusions when libcurl tried to send the rest of the data in order
+ to maintain the same connection alive.
+
+Daniel S (31 July 2007)
+- Peter O'Gorman pointed out (and fixed) that the non-blocking check in
+ configure made libcurl use blocking sockets on AIX 4 and 5, while that
+ wasn't the intention.
+
+Daniel S (29 July 2007)
+- Jayesh A Shah filed bug report #1759542
+ (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
+ problem with FTPS: libcurl closed the data connection socket and then later
+ in the flow it would call the SSL layer to do SSL shutdown which then would
+ use a socket that had already been closed - so if the application had opened
+ a new one in the mean time, libcurl could send gibberish that way! I worked
+ with Greg Zavertnik to properly diagnose and fix this. The fix affects code
+ for all SSL libraries we support, but it has only been truly verified to
+ work fine for the OpenSSL version. The others have only been code reviewed.
+
+Daniel S (23 July 2007)
+- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
+ support for the OS/400 Secure Sockets Layer library.
+
+Dan F (23 July 2007)
+- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
+ some few internal identifiers to avoid conflicts, which could be useful on
+ other platforms.
+
+Daniel S (22 July 2007)
+- HTTP Digest bug fix by Chris Flerackers:
+
+ Scenario
+
+ - Perfoming a POST request with body
+ - With authentication (only Digest)
+ - Re-using a connection
+
+ libcurl would send a HTTP POST with an Authorization header but without
+ body. Our server would return 400 Bad Request in that case (because
+ authentication passed, but the body was empty).
+
+ Cause
+
+ 1) http_digest.c -> Curl_output_digest
+ - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
+ filled in (and no errors)
+ - authp->done = TRUE if d->nonce is filled in
+ 2) http.c -> Curl_http
+ - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
+ 3) http.c -> Curl_http, Curl_http_output_auth
+
+ So what happens is that Curl_output_digest cannot yet update the
+ Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
+ authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not
+ added. *However*, allocptr.userpwd is still used when building the request
+
+- Added test case 354 that makes a simple FTP retrieval without password, which
+ verifies the bug fix in #1757328.
+
+Daniel S (21 July 2007)
+- To allow more flexibility in FTP test cases, I've removed the enforced states
+ from the test server code as they served no real purpose. The test server
+ is here to serve for the test cases, not to attempt to function as a real
+ server! While at it, I modified test case 141 to better test and verify
+ curl -I on a single FTP file.
+
+Daniel S (20 July 2007)
+- James Housley fixed the SFTP PWD command to work.
+
+- Ralf S. Engelschall filed bug report #1757328
+ (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
+ turns out we broke login to FTP servers that don't require (nor understand)
+ PASS after the USER command. The breakage was done as part of the krb5
+ commit so a krb-using person needs to verify that the current version now
+ works or if we need to fix it (in a different way of course).
+
+Dan F (17 July 2007)
+- Fixed test cases 613 and 614 by improving the log postprocessor to handle
+ a new directory listing format that newer libssh2's can provide. This
+ is probably NOT sufficient to handle all directory listing formats that
+ server's can provide, and should be revisited.
+
+Daniel S (17 July 2007)
+- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
+ two places.
+
+- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
+ a control connection that was deemed "dead" to yet be re-used in a following
+ request.
+
+Daniel S (13 July 2007)
+- Colin Hogben filed bug report #1750274
+ (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
+ case where libcurl did a connect attempt to a non-listening port and didn't
+ provide a human readable error string back.
+
+- Daniel Cater fixes:
+ 1 - made 'make vc8' work on windows.
+ 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
+ define the symbols for backwards source compatibility)
+ 3 - updated libcurl-errors.3
+ 4 - added CURL_DISABLE_TFTP to docs/INSTALL
+
+Daniel S (12 July 2007)
+- Made the krb5 code build with Heimdal's GSSAPI lib.
+
+Dan F (12 July 2007)
+- Compile most of the example apps in docs/examples when doing a 'make check'.
+ Fixed some compile warnings and errors in those examples.
+
+- Removed the example program ftp3rdparty.c since libcurl doesn't support
+ 3rd party FTP transfers any longer.
+
+Daniel S (12 July 2007)
+- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
+ could in fact get stuck in an endless loop.
+
+- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
+ fail to connect if there is no Common Name field found in the remote cert.
+ We should deprecate the support for this set to 1 anyway soon, since the
+ feature is pointless and most likely never really used by anyone.
+
+Daniel S (11 July 2007)
+- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
+ error pages for proxy authentication.
+
+- Giancarlo Formicuccia reported and fixed a problem with a closed connection
+ to a proxy during CONNECT auth negotiation.
+
+Dan F (10 July 2007)
+- Fixed a curl memory leak reported by Song Ma with a modified version
+ of the patch he suggested. Added his test case as test289 to verify.
+
+- Force the time zone to GMT in the cookie tests in case the user is
+ using one of the so-called 'right' time zones that take into account
+ leap seconds, which causes the tests to fail (as reported by
+ Daniel Black in bug report #1745964).
+
+Version 7.16.4 (10 July 2007)
+
+Daniel S (10 July 2007)
+- Kees Cook notified us about a security flaw
+ (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
+ properly reject some outdated or not yet valid server certificates when
+ built with GnuTLS. Kees also provided the patch.
+
+James H (5 July 2007)
+- Gavrie Philipson provided a patch that will use a more specific error
+ message for an scp:// upload failure. If libssh2 has his matching
+ patch, then the error message return by the server will be used instead
+ of a more generic error.
+
+Daniel S (1 July 2007)
+- Thomas J. Moore provided a patch that introduces Kerberos5 support in
+ libcurl. This also makes the options change name to --krb (from --krb4) and
+ CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still
+
+- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
+ proxy.
+
+Daniel S (27 June 2007)
+- James Housley: Add two new options for the SFTP/SCP/FILE protocols:
+ CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
+ premissions for files and directories created on the remote
+ server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
+ CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
+
+- I corrected the 10-at-a-time.c example and applied a patch for it by James
+ Bursa.
+
+Daniel S (26 June 2007)
+- Robert Iakobashvili re-arranged the internal hash code to work with a custom
+ hash function for different hashes, and also expanded the default size for
+ the socket hash table used in multi handles to greatly enhance speed when
+ very many connections are added and the socket API is used.
+
+- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
+ listings as well
+
+Daniel S (25 June 2007)
+- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
+ chunked encoding (that also lacks "Connection: close"). It now simply
+ assumes that the connection WILL be closed to signal the end, as that is how
+ RFC2616 section 4.4 point #5 says we should behave.
+
+Version 7.16.3 (25 June 2007)
+
+Daniel S (23 June 2007)
+- As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and
+ http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do
+ no-body requests on FTP files on re-used connections properly, or at least
+ it didn't provide the info back in the header callback properly in the
+ subsequent requests.
+
+Daniel S (21 June 2007)
+- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker
+ tool reports and it was indeed a legitimate one and it is one fixed. It was
+ a use of a share without doing the proper locking first.
+
+Daniel S (20 June 2007)
+- Adam Piggott filed bug report #1740263
+ (http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when
+ getting a large amount of URLs with curl, they were fetched slower and
+ slower... which turned out to be because the --libcurl data collecting which
+ wrongly always was enabled, but no longer is...
+
+Daniel S (18 June 2007)
+- Robson Braga Araujo filed bug report #1739100
+ (http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl
+ could not actually list the contents of the root directory of a given FTP
+ server if the login directory isn't root. I fixed the problem and added
+ three test cases (one is disabled for now since I identified KNOWN_BUGS #44,
+ we cannot use --ftp-method nocwd and list ftp directories).
+
+Daniel S (14 June 2007)
+- Shmulik Regev:
+
+ I've encountered (and hopefully fixed) a problem involving proxy CONNECT
+ requests and easy handles state management. The problem isn't simple to
+ reproduce since it depends on socket state. It only manifests itself when
+ working with non-blocking sockets.
+
+ Here is the scenario:
+
+ 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and
+ calls Curl_protocol_connect
+
+ 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function
+ returns and conn->bits.tunnel_connecting is TRUE
+
+ 3. when the call to Curl_protocol_connect returns the protocol_connect flag
+ is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which
+ isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT
+ should be used.
+
+ I discovered this while performing an HTTPS request through a proxy (squid)
+ on my local network. The problem caused openssl to fail as it read the proxy
+ response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL
+ handshake (the exact openssl error was 'wrong ssl version' but this isn't
+ very important)
+
+- Dave Vasilevsky filed bug report #1736875
+ (http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan
+ Fandrich mentioned a related build problem on the libcurl mailing list:
+ http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same
+ reason: the definitions of the POLL* defines and the pollfd struct in the
+ libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H.
+
+Daniel S (13 June 2007)
+- Tom Regner provided a patch and worked together with James Housley, so now
+ CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP
+ ones.
+
+- Rich Rauenzahn filed bug report #1733119
+ (http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the
+ fix. The problem is that for 64bit HPUX builds, several socket-related
+ functions would still assume int (32 bit) arguments and not socklen_t (64
+ bit) ones.
+
+Daniel S (12 June 2007)
+- James Housley brought his revamped SSH code that is state-machine driven to
+ really take advantage of the now totally non-blocking libssh2 (in CVS).
+
+Dan F (8 June 2007)
+- Incorporated Daniel Black's test706 and test707 SOCKS test cases.
+
+- Fixed a few problems when starting the SOCKS server.
+
+- Reverted some recent changes to runtests.pl that weren't compatible with
+ perl 5.0.
+
+- Fixed the test harness so that it actually kills the ssh being used as
+ the SOCKS server.
+
+Daniel S (6 June 2007)
+- -s/--silent can now be used to toggle off the silence again if used a second
+ time.
+
+Daniel S (5 June 2007)
+- Added Daniel Black's work that adds the first few SOCKS test cases. I also
+ fixed two minor SOCKS problems to make the test cases run fine.
+
+Daniel S (31 May 2007)
+- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs.
+
+Daniel S (30 May 2007)
+- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel
+ with a c-ares enabled build only to find that it crashed miserably, and this
+ was due to some select()isms left in the code. This was due to API
+ restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no
+ longer the case so now libcurl runs much better with c-ares and the multi
+ interface with > 1024 file descriptors in use.
+
+ Extra note: starting now we require c-ares 1.4.0 for asynchronous name
+ resolves.
+
+- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting
+ the maximum size of the connection cache maximum size of the multi handle.
+
+Daniel S (27 May 2007)
+- When working with a problem Stefan Becker had, I found an off-by-one buffer
+ overwrite in Curl_select(). While fixing it, I also improved its performance
+ somewhat by changing calloc to malloc and breaking out of a loop earlier
+ (when possible).
+
+Daniel S (25 May 2007)
+- Rob Crittenden fixed bug #1705802
+ (http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
+ Black identifying several FTP-SSL test cases fail when we build libcurl with
+ NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
+
+Daniel S (24 May 2007)
+- Song Ma filed bug report #1724016
+ (http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading
+ glob-ranges for TFTP was broken in CVS. Fixed now.
+
+- 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194)
+ pointed out that the warnf() function in the curl tool didn't properly deal
+ with the cases when excessively long words were used in the string to chop
+ up.
+
+Daniel S (22 May 2007)
+- Andre Guibert de Bruet fixed a memory leak in the function that verifies the
+ peer's name in the SSL certificate when built for OpenSSL. The leak happens
+ for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
+ name from UTF8. He also fixed a leak when PKCS #12 parsing failed.
+
+Daniel S (18 May 2007)
+- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
+ #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
+ transfer-related info "variables" were indeed overwritten with zeroes
+ wrongly and have now been adjusted. The upload size still isn't accurate.
+
+Daniel S (17 May 2007)
+- Feng Tu pointed out a division by zero error in the TFTP connect timeout
+ code for timeouts less than five seconds, and also provided a fix for it.
+ Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392)
+
+Dan F (16 May 2007)
+- Added support for compiling under Minix 3.1.3 using ACK.
+
+Dan F (14 May 2007)
+- Added SFTP directory listing test case 613.
+
+- Added support for quote commands before a transfer using SFTP and test
+ case 614.
+
+- Changed the post-quote commands to occur after the transferred file is
+ closed.
+
+- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0.
+
+Dan F (9 May 2007)
+- Kristian Gunstone fixed a problem where overwriting an uploaded file with
+ sftp didn't truncate it first, which would corrupt the file if the new
+ file was shorter than the old.
+
+Dan F (8 May 2007)
+- Added FTPS test cases 406 and 407
+
+Daniel S (8 May 2007)
+- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is
+ because I just made SCP uploads return this value if the file size of
+ the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to
+ reflect this news, and a define for the old name was added to the public
+ header file.
+
+Daniel S (7 May 2007)
+- James Bursa fixed a bug in the multi handle code that made the connection
+ cache grow a bit too much, beyond the normal 4 * easy_handles.
+
+Daniel S (2 May 2007)
+- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0
+ when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is
+ not very nice if the client wants to be able to use _either_ a HTTP 1.1
+ server or one within the aliases list... so starting now, libcurl will
+ simply consider 200-alias matches the to be HTTP 1.0 compliant.
+
+- Tobias Rundström reported a problem they experienced with xmms2 and recent
+ libcurls, which turned out to be the 25-nov-2006 change which treats HTTP
+ responses without Content-Length or chunked encoding as without bodies. We
+ now added the conditional that the above mentioned response is only without
+ body if the response is HTTP 1.1.
+
+- Jeff Pohlmeyer improved the hiperfifo.c example to use the
+ CURLMOPT_TIMERFUNCTION callback option.
+
+- Set the timeout for easy handles to expire really soon after addition or
+ when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform,
+ to make applications using only curl_multi_socket() to properly function
+ when adding easy handles "on the fly". Bug report and test app provided by
+ Michael Wallner.
+
+Dan F (30 April 2007)
+- Improved the test harness to allow running test servers on other than
+ the default port numbers, allowing more than one test suite to run
+ simultaneously on the same host.
+
+Daniel S (28 April 2007)
+- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
+ since it then inits libgcrypt and libgcrypt is being evil and EXITS the
+ application if it fails to get a fine random seed. That's really not a nice
+ thing to do by a library.
+
+- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
+ been removed from a multi handle, and then fixed another flaw that prevented
+ curl_easy_duphandle() to work even after the first fix - the handle was
+ still marked as using the multi interface.
+
+Daniel S (26 April 2007)
+- Peter O'Gorman found a problem with SCP downloads when the downloaded file
+ was 16385 bytes (16K+1) and it turned out we didn't properly always "suck
+ out" all data from libssh2. The effect being that libcurl would hang on the
+ socket waiting for data when libssh2 had in fact already read it all...
+
+Dan F (25 April 2007)
+- Added support in runtests.pl for "!n" test numbers to disable individual
+ tests. Changed -t to only keep log files around when -k is specified,
+ to have the same behaviour as without -t.
+
+Daniel S (25 April 2007)
+- Sonia Subramanian brought our attention to a problem that happens if you set
+ the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection
+ in the connection cache is closed to make room for the new one when you call
+ curl_easy_perform(). It would then wrongly free range-related data in the
+ connection close funtion.
+
+Yang Tse (25 April 2007)
+- Steve Little fixed compilation on VMS 64-bit mode
+
+Daniel S (24 April 2007)
+- Robert Iakobashvili made the 'master_buffer' get allocated first once it is
+ can/will be used as it then makes the common cases save 16KB of data for each
+ easy handle that isn't used for pipelining.
+
+Dan F (23 April 2007)
+- Added <postcheck> support to the test harness.
+
+- Added tests 610-612 to test more SFTP post-quote commands.
+
+Daniel S (22 April 2007)
+- Song Ma's warning if -r/--range is given with a "bad" range, also noted in
+ the man page now.
+
+- Daniel Black filed bug #1705177
+ (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
+ --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
+ was found and used.
+
+Daniel S (21 April 2007)
+- Daniel Black filed bug #1704675
+ (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
+ problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on
+ closedown after a failure and a bad #ifdef for NSS when closing down SSL.
+
+Yang Tse (20 April 2007)
+- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of
+ Curl_socket_ready(), Curl_poll() and Curl_select() when these are called
+ with a zero timeout or a timeout value indicating a blocking call should
+ be performed.
+
+Daniel S (18 April 2007)
+- James Housley made SFTP uploads use libssh2's non-blocking API
+
+- Prevent the internal progress meter from updating more frequently than once
+ per second.
+
+Dan F (17 April 2007)
+- Added test cases 296, 297 and 298 to test --ftp-method handling
+
+Daniel S (16 April 2007)
+- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a
+ function that deprecates the curl_multi_socket() function. Using the new
+ function the application tell libcurl what action that was found in the
+ socket that it passes in. This gives a significant performance boost as it
+ allows libcurl to avoid a call to poll()/select() for every call to
+ curl_multi_socket*().
+
+ I added a define in the public curl/multi.h header file that will make your
+ existing application automatically use curl_multi_socket_action() instead of
+ curl_multi_socket() when you recompile. But of course you'll get better
+ performance if you adjust your code manually and actually pass in the
+ correct action bitmask to this function.
+
+Daniel S (14 April 2007)
+- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test
+ suite to make stunnel run better in some (most?) environments.
+
+Dan F (13 April 2007)
+- Added test cases 294 and 295 to test --ftp-account handling
+
+- Improved handling of out of memory in ftp.
+
+Yang Tse (13 April 2007)
+- Fix test case 534 which started to fail 2007-04-13 due to the existance
+ of a new host on the net with the same silly domain the test was using
+ for a host which was supposed not to exist.
+
+Daniel S (12 April 2007)
+- Song Ma found a memory leak in the if2ip code if you pass in an interface
+ name longer than the name field of the ifreq struct (typically 6 bytes), as
+ then it wouldn't close the used dummy socket. Bug #1698974
+ (http://curl.haxx.se/bug/view.cgi?id=1698974)
+
+Version 7.16.2 (11 April 2007)
+
+Yang Tse (10 April 2007)
+- Ravi Pratap provided some fixes for HTTP pipelining
+
+- configure script will ignore --enable-sspi option for non-native Windows.
+
+Daniel S (9 April 2007)
+- Nick Zitzmann did ssh.c cleanups
+
+Daniel S (3 April 2007)
+- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
+
+Daniel S (2 April 2007)
+- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
+ accepted commands are as follows:
+
+ chgrp (gid) (path)
+ Changes the group ID of the file or directory at (path) to (gid). (gid)
+ must be a number.
+
+ chmod (perms) (path)
+ Changes the permissions of the file or directory at (path) to
+ (perms). (perms) must be a number in the format used by the chmod Unix
+ command.
+
+ chown (uid) (path)
+ Changes the user ID of the file or directory at (path) to (uid). (uid)
+ must be a number.
+
+ ln (source) (dest)
+ Creates a symbolic link at (dest) that points to the file located at
+ (source).
+
+ mkdir (path)
+ Creates a new directory at (path).
+
+ rename (source) (dest)
+ Moves the file or directory at (source) to (dest).
+
+ rm (path)
+ Deletes the file located at (path).
+
+ rmdir (path)
+ Deletes the directory located at (path). This command will raise an error
+ if the directory is not empty.
+
+ symlink (source) (dest)
+ Same as ln.
+
+Daniel S (1 April 2007)
+- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
+ easy handles are added to a multi handle, by avoiding the looping over all
+ the handles to find which one to remove.
+
+- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
+
+Daniel S (31 March 2007)
+- Fixed several minor issues detected by the coverity.com scanner.
+
+- "Pixel" fixed a problem that appeared when you used -f with user+password
+ embedded in the URL.
+
+Dan F (29 March 2007)
+- Don't tear down the ftp connection if the maximum filesize was exceeded
+ and added tests 290 and 291 to check.
+
+- Added ftps upload and SSL required tests 401 and 402.
+
+- Send an EOF message before closing an SCP channel, as recommended by
+ RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
+
+Yang Tse (27 March 2007)
+- Internal function Curl_select() renamed to Curl_socket_ready()
+
+ New Internal wrapper function Curl_select() around select (2), it
+ uses poll() when a fine poll() is available, so now libcurl can be
+ built without select() support at all if a fine poll() is available.
+
+Daniel S (25 March 2007)
+- Daniel Johnson fixed multi code to traverse the easy handle list properly.
+ A left-over bug from the February 21 fix.
+
+Dan F (23 March 2007)
+- Added --pubkey option to curl and made --key also work for SCP/SFTP,
+ plus made --pass work on an SSH private key as well.
+
+- Changed the test harness to attempt to gracefully shut down servers
+ before resorting to the kill -9 hammer.
+
+- Added test harness infrastructure to support scp/sftp tests, using
+ OpenSSH as the server.
+
+- Fixed a memory leak when specifying a proxy with a file: URL.
+
+Yang Tse (20 March 2007)
+- Fixed: When a signal was caught awaiting for an event using Curl_select()
+ or Curl_poll() with a non-zero timeout both functions would restart the
+ specified timeout. This could even lead to the extreme case that if a
+ signal arrived with a frecuency lower to the specified timeout neither
+ function would ever exit.
+
+ Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
+ Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
+ defined both functions will return as soon as a signal is caught. Use it
+ at your own risk, all calls to these functions in the library should be
+ revisited and checked before fully supporting this feature.
+
+Yang Tse (19 March 2007)
+- Bryan Henderson fixed the progress function so that it can get called more
+ frequently allowing same calling frecuency for the client progress callback.
+
+Dan F (15 March 2007)
+- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
+
+Daniel (15 March 2007)
+- Nick made the curl tool accept globbing ranges that only is one number, i.e
+ you can now use [1-1] without curl complaining.
+
+Daniel (10 March 2007)
+- Eygene Ryabinkin:
+
+ The problem is the following: when we're calling Curl_done and it decides to
+ keep the connection opened ('left intact'), then the caller is not notified
+ that the connection was done via the NULLifying of the pointer, so some easy
+ handle is keeping the pointer to this connection.
+
+ Later ConnectionExists can select such connection for reuse even if we're
+ not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
+ false and we can reuse this connection for another easy handle. But thus the
+ connection will be shared between two easy handles if the handle that wants
+ to take the ownership is not the same as was not notified of the connection
+ was done in Curl_done. And when some of these easy handles will get their
+ connection really freed the another one will still keep the pointer.
+
+ My fix was rather trivial: I just added the NULLification to the 'else'
+ branch in the Curl_done. My tests with Git and ElectricFence showed no
+ problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
+ so it was a considerable amount of Curl's work.
+
+Dan F (9 March 2007)
+- Updated the test harness to add a new "crypto" feature check and updated the
+ appropriate test case to use it. For now, this is treated the same as the
+ "SSL" feature because curl doesn't list it separately.
+
+Daniel (9 March 2007)
+- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
+
+- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
+ machine type too.
+
+- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
+ upload a file it couldn't open. Bug #1676581
+ (http://curl.haxx.se/bug/view.cgi?id=1676581)
+
+Dan F (9 March 2007)
+- Updated the test harness to check for protocol support before running each
+ test, fixing KNOWN_BUGS #11.
+
+Dan F (7 March 2007)
+- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
+ harness. It is very limited as it supports only ftps:// URLs with
+ --ftp-ssl-control specified, which implicitly encrypts the control
+ channel but not the data channels. That allows stunnel to be used with
+ an unmodified ftp server in exactly the same way that the test https
+ server is set up.
+
+Dan F (7 March 2007)
+- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
+ unencrypted data connections.
+
+Dan F (6 March 2007)
+- Fixed a couple of improper pointer uses detected by valgrind in test
+ cases 181 & 216.
+
+Daniel (2 March 2007)
+- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
+ makefiles that are included in the source release archives, generated from
+ the Makefile.vc6 files by the maketgz script. I also modified the root
+ Makefile to have a VC variable that defaults to vc6 but can be overridden to
+ allow it to be used for vc8 as well. Like this:
+
+ nmake VC=vc8 vc
+
+Daniel (27 February 2007)
+- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
+ server through a proxy and have the remote https server port set using the
+ CURLOPT_PORT option, protocol gets reset to http from https after the first
+ request.
+
+ User defined URL was modified internally by libcurl and subsequent reuse of
+ the easy handle may lead to connection using a different protocol (if not
+ originally http).
+
+ I found that libcurl hardcoded the protocol to "http" when it tries to
+ regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
+ follows and it's working fine so far
+
+Daniel (25 February 2007)
+- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
+ the multi interface. Note that it still does a part of the connection in a
+ blocking manner.
+
+Daniel (23 February 2007)
+- Added warning outputs if the command line uses more than one of the options
+ -v, --trace and --trace-ascii, since it could really confuse the user.
+ Clarified this fact in the man page.
+
+Daniel (21 February 2007)
+- Ravi Pratap provided work on libcurl making pipelining more robust and
+ fixing some bugs:
+ o Don't mix GET and POST requests in a pipeline
+ o Fix the order in which requests are dispatched from the pipeline
+ o Fixed several curl bugs with pipelining when the server is returning
+ chunked encoding:
+ * Added states to chunked parsing for final CRLF
+ * Rewind buffer after parsing chunk with data remaining
+ * Moved chunked header initializing to a spot just before receiving
+ headers
+
+Daniel (20 February 2007)
+- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
+ active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
+ line option.
+
+Daniel (19 February 2007)
+- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
+
+- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
+ when the multi interface was used.
+
+- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
+ 5).
+
+Daniel (18 February 2007)
+- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
+ the multi interface and connection re-use that could make a
+ curl_multi_remove_handle() ruin a pointer in another handle.
+
+ The second problem was less of an actual problem but more of minor quirk:
+ the re-using of connections wasn't properly checking if the connection was
+ marked for closure.
+
+Daniel (16 February 2007)
+- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
+ CURLOPT_RANGE back to no range on an easy handle when using FTP.
+
+Dan F (14 February 2007)
+- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
+ therefore introduce unnecessary dependencies) when it's not needed.
+ Also, don't bother adding a library path of /usr/lib
+
+Daniel (13 February 2007)
+- The default password for anonymous FTP connections is now changed to be
+ "ftp@example.com".
+
+- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
+ gmtime_r() like the older VC versions. He also made use of some machine-
+ specific defines to differentiate the "OS" define.
+
+Daniel (12 February 2007)
+- Rob Crittenden added support for NSS (Network Security Service) for the
+ SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
+
+ This is the fourth supported library for TLS/SSL that libcurl supports!
+
+- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
+ to the debug callback.
+
+- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
+ CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
+ internal decoding of content or transfer encoded content. This may be
+ preferable in cases where you use libcurl for proxy purposes or similar. The
+ command line tool got a --raw option to disable both at once.
+
+- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
+ define set to hold the exact date and time of when the tarball was built, as
+ a human readable string using the UTC time zone.
+
+- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
+ that has an easy handle present in the "closure" list pending closure.
+
+Daniel (6 February 2007)
+- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
+ API of libssh2, if the libssh2 headers seem to support them. This will make
+ SCP and SFTP much more responsive and better libcurl citizens when used with
+ the multi interface etc.
+
+Daniel (5 February 2007)
+- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
+ CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
+ millisecond resolution. The only restriction to that is the alarm()
+ (sometimes) used to abort name resolves as that uses full seconds. I fixed
+ the FTP response timeout part of the patch.
+
+ Internally we now count and keep the timeouts in milliseconds but it also
+ means we multiply set timeouts with 1000. The effect of this is that no
+ timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
+ equals 24.86 days. We probably couldn't before either since the code did
+ *1000 on the timeout values on several places already.
+
+Daniel (3 February 2007)
+- Yang Tse fixed the cookie expiry date in several test cases that started to
+ fail since they used "1 feb 2007"...
+
+- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
+ the problem. The code now tries harder to use httproxy and proxy where
+ apppropriate, as not all proxies are HTTP...
+
+Version 7.16.1 (29 January 2007)
+
+Daniel (29 January 2007)
+- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
+ header, you got _two_ User-Agent headers in the CONNECT request...! Added
+ test case 287 to verify the fix.
+
+Daniel (28 January 2007)
+- curl_easy_reset() now resets the CA bundle path correctly.
+
+- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
+ platforms.
+
+Daniel (25 January 2007)
+- Added the --libcurl [file] option to curl. Append this option to any
+ ordinary curl command line, and you will get a libcurl-using source code
+ written to the file that does the equivalent operation of what your command
+ line operation does!
+
+Dan F (24 January 2007)
+- Fixed a dangling pointer problem that prevented the http_proxy environment
+ variable from being properly used in many cases (and caused test case 63
+ to fail).
+
+Daniel (23 January 2007)
+- David McCreedy did NTLM changes mainly for non-ASCII platforms:
+
+ #1
+ There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
+ defined. I noticed this while testing various configurations. Line 867 of
+ the current http_ntlm.c is a closing bracket for an if/else pair that only
+ gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
+ wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
+ defined. Lines 198 and 140 of my patch wraps that closing bracket in an
+ #ifdef USE_NTLM2SESSION.
+
+ #2
+ I noticed several picky compiler warnings when DEBUG_ME is defined. I've
+ fixed them with casting. By the way, DEBUG_ME was a huge help in
+ understanding this code.
+
+ #3
+ Hopefully the last non-ASCII conversion patch for libcurl in a while. I
+ changed the "NTLMSSP" literal to hex since this signature must always be in
+ ASCII.
+
+ Conversion code was strategically added where necessary. And the
+ Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
+ creates are NOT translated on non-ASCII platforms.
+
+Dan F (22 January 2007)
+- Converted (most of) the test data files into genuine XML. A handful still
+ are not, due mainly to the lack of support for XML character entities
+ (e.g. & => &amp; ). This will make it easier to validate test files using
+ tools like xmllint, as well as to edit and view them using XML tools.
+
+Daniel (16 January 2007)
+- Armel Asselin improved libcurl to behave a lot better when an easy handle
+ doing an FTP transfer is removed from a multi handle before completion. The
+ fix also fixed the "alive counter" to be correct on "premature removal" for
+ all protocols.
+
+Dan F (16 January 2007)
+- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
+ detector. Also changed tftp downloads to URL-unescape the downloaded
+ file name.
+
+Daniel (14 January 2007)
+- David McCreedy provided libcurl changes for doing HTTP communication on
+ non-ASCII platforms. It does add some complexity, most notably with more
+ #ifdefs, but I want to see this supported added and I can't see how we can
+ add it without the extra stuff added.
+
+- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
+ libcurl would crash when trying to read a NULL pointer.
+
+Daniel (12 January 2007)
+- Toby Peterson found a nasty bug that prevented (lib)curl from properly
+ downloading (most) things that were larger than 4GB on 32 bit systems. Matt
+ Witherspoon helped as narrow down the problem.
+
+Daniel (5 January 2007)
+- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
+ curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
+ will make libcurl shutdown SSL/TLS after the authentication is done on a
+ FTP-SSL operation.
+
+Daniel (4 January 2007)
+- David McCreedy made changes to allow base64 encoding/decoding to work on
+ non-ASCII platforms.
+
+Daniel (3 January 2007)
+- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
+ downloaded data in two buffers, just to be able to deal with a special HTTP
+ pipelining case. That is now only activated for pipelined transfers. In
+ Matt's case, it showed as a considerable performance difference,
+
+Daniel (2 January 2007)
+- Victor Snezhko helped us fix bug report #1603712
+ (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
+ (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
+ on Windows (since 7.16.0, but that's when they were introduced as previous
+ to that the limiting logic was made in the application only and not in the
+ library). It was actually also broken on select()-based systems (as apposed
+ to poll()) but we haven't had any such reports. We now use select(), Sleep()
+ or delay() properly to sleep a while without waiting for anything input or
+ output when the rate limiting is activated with the easy interface.
+
+- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
+ to get built static. It has been mentioned before and was again brought to
+ our attention by Nathanael Nerode who filed debian bug report #405226
+ (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).
+
Daniel (29 December 2006)
- Make curl_easy_duphandle() set the magic number in the new handle.