aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2005-03-03fix the distribution filesDaniel Stenberg
2005-02-28Fix for a base64 decode heap buffer overflow vulnerability.Dan Fandrich
2005-02-24Fixed some compiler warnings. Fixed a low incidence memory leak in the test ↵Dan Fandrich
server.
2005-02-22Updated as suggested by Samuel Díaz GarcíaDaniel Stenberg
2005-02-22krb4 fixedDaniel Stenberg
2005-02-22Curl_base64_decode() now returns an allocated bufferDaniel Stenberg
2005-02-22Thanks for the notification iDEFENCE. We are the "initial vendor" and we sureDaniel Stenberg
got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042
2005-02-19added test case 234 which is like 233 but uses --location-trusted instead soDaniel Stenberg
thus the second request to the new host will use authentication fine
2005-02-18Ralph Mitchell reported a flaw when you used a proxy with auth, and youDaniel Stenberg
requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
2005-02-18socket leak, mingw buildDaniel Stenberg
2005-02-18Based on Mike Dobbs' report, BUILDING_LIBCURL is now defined in here if itDaniel Stenberg
runs to build with mingw.
2005-02-17close the socket properly when returning error due to failing localbindDaniel Stenberg
Bug report #1124588 by David
2005-02-17mention filename= for the -FDaniel Stenberg
2005-02-16Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"Daniel Stenberg
that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send.
2005-02-14check for ENGINE_load_builtin_engines() as well if engine is aroundDaniel Stenberg
2005-02-14changed config-vms infoMarty Kuhrt
2005-02-14changed curlmsg.* entries to see if CVS would ignore it nowMarty Kuhrt
2005-02-14Rename Curl_pretransfersec() to *_second_connect() since it does not justDaniel Stenberg
do pretransfer stuff like Curl_pretransfer().
2005-02-11Fixed bad krb4 code. It always tried to use krb4 if built enabled.Daniel Stenberg
2005-02-11rename amigaos.c and nwlib.c if they exist before buildingMarty Kuhrt
2005-02-11Removed per Marty's request: The .h_* files aren't needed anymore, IDaniel Stenberg
consolidated them into one file called config-vms.h. The curlmsg.h and .sdl files are generated from the curlmsg.msg file and, thus, shouldn't be in the dist.
2005-02-11re-sync'd with curlmsg.msgMarty Kuhrt
2005-02-11ignore curlmsg.h and .sdl as they are generated by curlmsg.msgMarty Kuhrt
2005-02-11sync'd error codes with include/curl.hMarty Kuhrt
2005-02-11Added $Id$ and pre-exisiting logical checkMarty Kuhrt
2005-02-11remove the check for strftime(), we don't need itDaniel Stenberg
2005-02-11Removed all uses of strftime() since it uses the localised version of theDaniel Stenberg
week day names and month names and servers don't like that.
2005-02-10valgrind stuff for test suite, vms build and moreDaniel Stenberg
2005-02-10Moved out the valgrind report parser to valgrind.pm, to make it easier toDaniel Stenberg
test it outside the test suite. Now we also disable valgrind usage if libcurl was built shared, as then valgrind is only testing the wrapper-script running shell which is pointless.
2005-02-10typecast assign to ftpport from int to prevent warningsDaniel Stenberg
2005-02-10init fix for non-SSL buildsDaniel Stenberg
2005-02-10Reduced the two config-vms.h_* files into this one.Marty Kuhrt
2005-02-09David Byron fixed his SSL problems, initially mentioned here:Daniel Stenberg
http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use SSL_pending() as we should. This was TODO-RELEASE issue #59.
2005-02-09David Byron identified the lack of SSL_pending() use, and this is my takeDaniel Stenberg
at fixing this issue.
2005-02-09better error checking and SSL init by David ByronDaniel Stenberg
2005-02-09prevent a compiler warningDaniel Stenberg
2005-02-09Some functions are static here, but extern in libxml'sGisle Vanem
SAX.h. gcc doesn't like that. Rename.
2005-02-09the new ftp code and Gisle's DICT fixDaniel Stenberg
2005-02-09issue #54 doneDaniel Stenberg
2005-02-09Set 'bits.close' in case of malloc fail.Gisle Vanem
Don't free 'lud_dn' twice in case curl_unescape() fails.
2005-02-09add missing error codesDaniel Stenberg
2005-02-09Use CURL_SOCKET_BAD.Gisle Vanem
2005-02-09Handle CURLE_LOGIN_DENIED in strerror.c.Gisle Vanem
For ftp only?
2005-02-09FD_SET can be big macro, use bracesDaniel Stenberg
2005-02-09FTP code turned into state machine. Not completely yet, but a good start.Daniel Stenberg
The tag 'before_ftp_statemachine' was set just before this commit in case of future need.
2005-02-09Replace LF with CRLF. Ref RFC-2229, sec 2.3:Gisle Vanem
"Each command line must be terminated by a CRLF".
2005-02-08-O clarificationDaniel Stenberg
2005-02-08inflate and out of memory fixesDaniel Stenberg
2005-02-08ares_gethostbyname wants a 'ares_host_callback' in the 4th argumentDaniel Stenberg
2005-02-08Curl_addrinfo?_callback() and addrinfo_callback() now returnsGisle Vanem
CURLE_OK or CURLE_OUT_OF_MEMORY. Add typecast in hostares.c.