Age | Commit message (Collapse) | Author | |
---|---|---|---|
2009-03-08 | Andre Guibert de Bruet fixed a typo in the error message | Daniel Stenberg | |
2009-03-08 | - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that | Daniel Stenberg | |
curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a problem. Nonetheless I modified the code to not rely on such particular features and to not cause further raised eyebrowse with no good reason. | |||
2009-03-05 | Expanded the security section of the libcurl-tutorial man page to cover | Dan Fandrich | |
more issues for authors to consider when writing robust libcurl-using applications. | |||
2009-03-05 | Fix NTLM authentication memory leak on SSPI enabled Windows builds | Yang Tse | |
2009-03-04 | Fixed a problem with m4 quoting in the OpenSSL configure check reported | Dan Fandrich | |
by Daniel Johnson. | |||
2009-03-03 | Added test 1097 to verify the bug Axel Kuhn epidox posted on March 3 2009 | Daniel Stenberg | |
on curl-users, it is also added to DISABLED since I don't have time to work on it further right now. | |||
2009-03-03 | - David James brought a patch that make libcurl close (all) dead connections | Daniel Stenberg | |
whenever you attempt to open a new connection. | |||
2009-03-03 | 15 additional contributor from the 7.19.4 RELEASE-NOTES | Daniel Stenberg | |
2009-03-03 | Gah! We can't have 'curl' added here since even though it removes the curl | Daniel Stenberg | |
binary it also removes the include/curl subdir! | |||
2009-03-03 | Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated ↵ | Patrick Monnerat | |
definitions added to RPG binding | |||
2009-03-02 | start over on the journey towards 7.19.5 | Daniel Stenberg | |
2009-03-02 | - David Kierznowski notified us about a security flaw | Daniel Stenberg | |
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support. | |||
2009-03-02 | 7.19.4 won't get anything else | Daniel Stenberg | |
2009-03-02 | the Eiffel binding | Daniel Stenberg | |
2009-03-01 | nothing more left for 7.19.4, the issue #216 is moved to 7.19.5 since we're | Daniel Stenberg | |
too close to release now | |||
2009-02-28 | for portability reasons: s/inet_pton/Curl_inet_pton/ | Yang Tse | |
2009-02-28 | fix compiler warning | Yang Tse | |
2009-02-27 | mention the '-o -' trick | Daniel Stenberg | |
2009-02-27 | 217 - Dan Fandrich's "GnuTLS initialization thread safety" | Daniel Stenberg | |
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by Markus Koetter Both are now committed | |||
2009-02-27 | - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and | Daniel Stenberg | |
CURLOPT_LOCALPORT were used together (the local port bind failed), and Markus Koetter provided the fix! | |||
2009-02-27 | Indentation fixes, untabify and related whitespace-cleanup. No code changed. | Daniel Stenberg | |
2009-02-25 | corrected and clarified the top comment | Daniel Stenberg | |
2009-02-25 | - As Daniel Fandrich figured out, we must do the GnuTLS initing in the | Daniel Stenberg | |
curl_global_init() function to properly maintain the performing functions thread-safe. We've previously (28 April 2007) moved the init to a later time just to avoid it to fail very early when libgcrypt dislikes the situation, but that move was bad and the fix should rather be in libgcrypt or elsewhere. | |||
2009-02-24 | improved | Daniel Stenberg | |
2009-02-24 | A handy little helper file for doing recursive diffs on curl source/build trees | Daniel Stenberg | |
without involving CVS: diff -X diff-exclude -ru curl-old curl-patched | |||
2009-02-24 | - Brian J. Murrell found out that Negotiate proxy authentication didn't work. | Daniel Stenberg | |
It happened because the code used the struct for server-based auth all the time for both proxy and server auth which of course was wrong. | |||
2009-02-23 | 4.17 Non-functional connect timeouts | Daniel Stenberg | |
2009-02-23 | - After a bug reported by James Cheng I've made curl_easy_getinfo() for | Daniel Stenberg | |
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return -1 if the sizes aren't know. Previously these returned 0, make it impossible to detect the difference between actually zero and unknown. | |||
2009-02-23 | For 7.19.5 (due to feature freeze) | Daniel Stenberg | |
220 - Take advantage of libssh2_version() that's been added for the upcoming 1.1, to extract the run-time version number properly. | |||
2009-02-23 | adjustment for new Mac OS X framework build script | Yang Tse | |
2009-02-23 | Daniel Johnson provided a shell script that will perform all the steps needed | Yang Tse | |
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework | |||
2009-02-23 | mention default port number | Daniel Stenberg | |
2009-02-23 | - I renamed everything in the windows builds files that used the name 'curllib' | Daniel Stenberg | |
to the proper 'libcurl' as clearly this caused confusion. | |||
2009-02-23 | lzma compressed tarballs too for some testing, it does produce MUCH smaller | Daniel Stenberg | |
files | |||
2009-02-23 | use the internal snprintf() function | Yang Tse | |
2009-02-20 | mention 4 pending fixes/patches | Daniel Stenberg | |
2009-02-20 | Mark Incley noticed VS2008 compilation halting when building for Windows 2000 | Yang Tse | |
2009-02-20 | Do not halt compilation when using VS2008 to build a Windows 2000 target | Yang Tse | |
2009-02-20 | clarified the FTP passive/active mode options somewhat | Daniel Stenberg | |
2009-02-20 | the FTP multi interface bug | Daniel Stenberg | |
2009-02-20 | - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with | Daniel Stenberg | |
FTP with the multi interface: when a transfer fails, like when aborted by a write callback, the control connection was wrongly closed and thus not re-used properly. This change is also an attempt to cleanup the code somewhat in this area, as now the FTP code attempts to keep (better) track on pending responses necessary to get read in ftp_done(). | |||
2009-02-19 | The C++ binding home was changed | Daniel Stenberg | |
2009-02-19 | verify that a 550-response for a RETR returns 78 but also that the control | Daniel Stenberg | |
connection is kept alive afterwards | |||
2009-02-19 | - Patrik Thunstrom reported a problem and helped me repeat it. It turned out | Daniel Stenberg | |
libcurl did a superfluous 1000ms wait when doing SFTP downloads! We read data with libssh2 while doing the "DO" operation for SFTP and then when we were about to start getting data for the actual file part, the "TRANSFER" part, we waited for socket action (in 1000ms) before doing a libssh2-read. But in this case libssh2 had already read and buffered the data so we ended up always just waiting 1000ms before we get working on the data! | |||
2009-02-18 | spell-fixed comments and other minor non-code edits | Daniel Stenberg | |
2009-02-18 | FTP downloads (i.e.: RETR) ending with code 550 now return error ↵ | Patrick Monnerat | |
CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. | |||
2009-02-17 | Continue sync work on OS400 specific code and RPG binding. | Patrick Monnerat | |
2009-02-17 | - Kamil Dudka made NSS-powered builds compile and run again! | Daniel Stenberg | |
2009-02-17 | - A second follow-up change by Andre Guibert de Bruet to fix a related memory | Daniel Stenberg | |
leak like that fixed on the 14th. When zlib returns failure, we need to cleanup properly before returning error. | |||
2009-02-17 | three new CURLFTP_CREATE_DIR* symbols | Daniel Stenberg | |