aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-04-01- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if aDaniel Stenberg
strdup() call failed.
2009-03-31Properly return an error code in curl_easy_recv (reported by Jim Freeman).Dan Fandrich
2009-03-29some minor Makefile tweaks.Gunter Knauf
2009-03-20Gary Maxwell helped us clarify that CURLOPT_SHARE specificly needs the lockingDaniel Stenberg
functions if the easy handles are used in multiple threads
2009-03-20removed useless commentDaniel Stenberg
2009-03-18Add a link to "Potential Errors Passing CRT Objects Across DLL Boundaries"Yang Tse
2009-03-18- Kamil Dudka brought a patch that enables 6 additional crypto algorithms whenDaniel Stenberg
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled explicitly.
2009-03-18minor fixDaniel Stenberg
2009-03-15If CURL_DISABLE_PROXY is defined, we must allow socks_sspi.c to callGisle Vanem
Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.
2009-03-13we use libssh2_version() now if availableDaniel Stenberg
2009-03-13- Use libssh2_version() to present the libssh2 version in case the libssh2Daniel Stenberg
library is found to support it.
2009-03-12Fix TELNET transfers not being aborted upon write callback failuresYang Tse
2009-03-12Add Curl_read() return code checkingYang Tse
2009-03-11Oops, make the memory magic debug stuff done before global init too just toDaniel Stenberg
catch them all. The memory debug stuff is not in the public API anyway.
2009-03-11- Kamil Dudka made the curl tool properly call curl_global_init() before anyDaniel Stenberg
other libcurl function.
2009-03-11update the embedded copyright yearDaniel Stenberg
2009-03-11s/u_long/unsigned long/Yang Tse
2009-03-11fix previous commit misplaced break statementYang Tse
2009-03-11Added TELNET timeout support for Windows buildsYang Tse
2009-03-10Moved 7.19.2 and older entries from CHANGES to CHANGES.0 (the latter is notDaniel Stenberg
shipped in release archives but is only in CVS)
2009-03-09- Frank Hempel found out a bug and provided the fix:Daniel Stenberg
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE option. It only enabled the cookie engine in the destination handle if data->cookies is not NULL (where data is the source handle). In case of a newly initialized handle which just had the cookie support enabled by a curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was still NULL because the setopt-call only appends the value to data->change.cookielist, hence duplicating this handle would not have the cookie engine switched on. We also concluded that the slist-functionality would be suitable for being put in its own module rather than simply hanging out in lib/sendf.c so I created lib/slist.[ch] for them.
2009-03-09- Andreas Farber made the 'buildconf' script check for the presence of m4Daniel Stenberg
scripts to make it detect a bad checkout earlier. People with older checkouts who don't do cvs update with the -d option won't get the new dirs and then will get funny outputs that can be a bit hard to understand and fix.
2009-03-09Avoid a compile warning in --disable-proxy caseDan Fandrich
2009-03-08- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where theDaniel Stenberg
allocation of the memory BIO was not being properly checked.
2009-03-08- Andre Guibert de Bruet fixed the gnutls-using code: There are a few placesDaniel Stenberg
in the gnutls code where we were checking for negative values for errors, when the man pages state that GNUTLS_E_SUCCESS is returned on success and other values indicate error conditions.
2009-03-08Andre Guibert de Bruet fixed a typo in the error messageDaniel Stenberg
2009-03-08- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) thatDaniel Stenberg
curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a problem. Nonetheless I modified the code to not rely on such particular features and to not cause further raised eyebrowse with no good reason.
2009-03-05Expanded the security section of the libcurl-tutorial man page to coverDan Fandrich
more issues for authors to consider when writing robust libcurl-using applications.
2009-03-05Fix NTLM authentication memory leak on SSPI enabled Windows buildsYang Tse
2009-03-04Fixed a problem with m4 quoting in the OpenSSL configure check reportedDan Fandrich
by Daniel Johnson.
2009-03-03Added test 1097 to verify the bug Axel Kuhn epidox posted on March 3 2009Daniel Stenberg
on curl-users, it is also added to DISABLED since I don't have time to work on it further right now.
2009-03-03- David James brought a patch that make libcurl close (all) dead connectionsDaniel Stenberg
whenever you attempt to open a new connection.
2009-03-0315 additional contributor from the 7.19.4 RELEASE-NOTESDaniel Stenberg
2009-03-03Gah! We can't have 'curl' added here since even though it removes the curlDaniel Stenberg
binary it also removes the include/curl subdir!
2009-03-03Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated ↵Patrick Monnerat
definitions added to RPG binding
2009-03-02start over on the journey towards 7.19.5Daniel Stenberg
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-03-027.19.4 won't get anything elseDaniel Stenberg
2009-03-02the Eiffel bindingDaniel Stenberg
2009-03-01nothing more left for 7.19.4, the issue #216 is moved to 7.19.5 since we'reDaniel Stenberg
too close to release now
2009-02-28for portability reasons: s/inet_pton/Curl_inet_pton/Yang Tse
2009-02-28fix compiler warningYang Tse
2009-02-27mention the '-o -' trickDaniel Stenberg
2009-02-27217 - Dan Fandrich's "GnuTLS initialization thread safety"Daniel Stenberg
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by Markus Koetter Both are now committed
2009-02-27- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE andDaniel Stenberg
CURLOPT_LOCALPORT were used together (the local port bind failed), and Markus Koetter provided the fix!
2009-02-27Indentation fixes, untabify and related whitespace-cleanup. No code changed.Daniel Stenberg
2009-02-25corrected and clarified the top commentDaniel Stenberg
2009-02-25- As Daniel Fandrich figured out, we must do the GnuTLS initing in theDaniel Stenberg
curl_global_init() function to properly maintain the performing functions thread-safe. We've previously (28 April 2007) moved the init to a later time just to avoid it to fail very early when libgcrypt dislikes the situation, but that move was bad and the fix should rather be in libgcrypt or elsewhere.
2009-02-24improvedDaniel Stenberg
2009-02-24A handy little helper file for doing recursive diffs on curl source/build treesDaniel Stenberg
without involving CVS: diff -X diff-exclude -ru curl-old curl-patched