Age | Commit message (Collapse) | Author |
|
|
|
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
|
|
|
|
Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.
|
|
|
|
library is found to support it.
|
|
|
|
|
|
catch them all. The memory debug stuff is not in the public API anyway.
|
|
other libcurl function.
|
|
|
|
|
|
|
|
|
|
shipped in release archives but is only in CVS)
|
|
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.
We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.
|
|
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.
|
|
|
|
allocation of the memory BIO was not being properly checked.
|
|
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
|
|
|
|
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
|
|
more issues for authors to consider when writing robust libcurl-using
applications.
|
|
|
|
by Daniel Johnson.
|
|
on curl-users, it is also added to DISABLED since I don't have time to work
on it further right now.
|
|
whenever you attempt to open a new connection.
|
|
|
|
binary it also removes the include/curl subdir!
|
|
definitions added to RPG binding
|
|
|
|
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
which previous libcurl versions (by design) can be tricked to access an
arbitrary local/different file instead of a remote one when
CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
together this the addition of two new setopt options for controlling this
new behavior:
o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
excludes the FILE and SCP protocols and thus you nee to explicitly allow
them in your app if you really want that behavior.
o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
using the primary URL option. This is useful if you want to allow a user or
other outsiders control what URL to pass to libcurl and yet not allow all
protocols libcurl may have been built to support.
|
|
|
|
|
|
too close to release now
|
|
|
|
|
|
|
|
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by
Markus Koetter
Both are now committed
|
|
CURLOPT_LOCALPORT were used together (the local port bind failed), and
Markus Koetter provided the fix!
|
|
|
|
|
|
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 2007) moved the init to a later time
just to avoid it to fail very early when libgcrypt dislikes the situation,
but that move was bad and the fix should rather be in libgcrypt or
elsewhere.
|
|
|
|
without involving CVS:
diff -X diff-exclude -ru curl-old curl-patched
|
|
It happened because the code used the struct for server-based auth all the
time for both proxy and server auth which of course was wrong.
|
|
|
|
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
-1 if the sizes aren't know. Previously these returned 0, make it impossible
to detect the difference between actually zero and unknown.
|
|
220 - Take advantage of libssh2_version() that's been added for the upcoming
1.1, to extract the run-time version number properly.
|
|
|