aboutsummaryrefslogtreecommitdiff
path: root/CHANGES
AgeCommit message (Collapse)Author
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-04-21Moved potential inclusion of system's malloc.h and memory.h header files toYang Tse
setup_once.h. Inclusion of each header file is based on the definition of NEED_MALLOC_H and NEED_MEMORY_H respectively.
2009-04-20- Leanic Lefever reported a crash and did some detailed research on why andDaniel Stenberg
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The conclusion was that if an error is detected and Curl_done() is called for the connection, ftp_done() could at times return another error code that then would take precedence and that new code confused existing logic that works for the first error code (CURLE_SEND_ERROR) only.
2009-04-20- Gisle Vanem noticed that --libtool would produce bogus strings at times forDaniel Stenberg
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - within the app for setting plain string options to avoid the risk of this mistake happening.
2009-04-17- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTPDaniel Stenberg
proxy. libcurl would then wrongly close the connection after each request. In his case it had the weird side-effect that it killed NTLM auth for the proxy causing an inifinite loop! I added test case 1098 to verify this fix. The test case does however not properly verify that the transfers are done persistently - as I couldn't think of a clever way to achieve it right now - but you need to read the stderr output after a test run to see that it truly did the right thing.
2009-04-13- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by MartinDaniel Stenberg
Storsjo pointed out how setting CURLOPT_NOBODY to 0 could be downright confusing as it set the method to either GET or HEAD. The example he showed looked like: curl_easy_setopt(curl, CURLOPT_PUT, 1); curl_easy_setopt(curl, CURLOPT_NOBODY, 0); The new way doesn't alter the method until the request is about to start. If CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is 0 and the request happens to have been set to HEAD, it will then instead be set to GET. I believe this will be less surprising to users, and hopefully not hit any existing users badly.
2009-04-13- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turnedDaniel Stenberg
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue is found in Redhat's bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=453612 There are still memory leaks present, but they seem to have other reasons.
2009-04-11Added new libcurl source files to Symbian OS build files.Dan Fandrich
Improved Symbian support for SSL.
2009-04-10Daniel Johnson improved the MacOSX-Framework shell script to now perform allYang Tse
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
2009-04-08Sun compilers specific preprocessor block removed from curlbuild.h.distYang Tse
2009-04-06- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on successDaniel Stenberg
and 1 on fatal errors. Previously it only mentioned non-zero on fatal errors. This is a slight change in meaning, but it follows what we've done elsewhere before and it opens up for LOTS of more useful return codes whenever we can think of them...
2009-04-02Fix curl_off_t definition for builds done using Sun compilers and aYang Tse
non-configured libcurl. In this case curl_off_t data type was gated to the off_t data type which depends on the _FILE_OFFSET_BITS. This configuration is exactly the unwanted configuration for our curl_off_t data type which must not depend on such setting. This breaks ABI for libcurl libraries built with Sun compilers which were built without having run the configure script with _FILE_OFFSET_BITS different than 64 and using the ILP32 data model.
2009-04-01- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if aDaniel Stenberg
strdup() call failed.
2009-03-31Properly return an error code in curl_easy_recv (reported by Jim Freeman).Dan Fandrich
2009-03-18- Kamil Dudka brought a patch that enables 6 additional crypto algorithms whenDaniel Stenberg
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled explicitly.
2009-03-13- Use libssh2_version() to present the libssh2 version in case the libssh2Daniel Stenberg
library is found to support it.
2009-03-12Fix TELNET transfers not being aborted upon write callback failuresYang Tse
2009-03-11- Kamil Dudka made the curl tool properly call curl_global_init() before anyDaniel Stenberg
other libcurl function.
2009-03-11Added TELNET timeout support for Windows buildsYang Tse
2009-03-10Moved 7.19.2 and older entries from CHANGES to CHANGES.0 (the latter is notDaniel Stenberg
shipped in release archives but is only in CVS)
2009-03-09- Frank Hempel found out a bug and provided the fix:Daniel Stenberg
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE option. It only enabled the cookie engine in the destination handle if data->cookies is not NULL (where data is the source handle). In case of a newly initialized handle which just had the cookie support enabled by a curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was still NULL because the setopt-call only appends the value to data->change.cookielist, hence duplicating this handle would not have the cookie engine switched on. We also concluded that the slist-functionality would be suitable for being put in its own module rather than simply hanging out in lib/sendf.c so I created lib/slist.[ch] for them.
2009-03-09- Andreas Farber made the 'buildconf' script check for the presence of m4Daniel Stenberg
scripts to make it detect a bad checkout earlier. People with older checkouts who don't do cvs update with the -d option won't get the new dirs and then will get funny outputs that can be a bit hard to understand and fix.
2009-03-08- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where theDaniel Stenberg
allocation of the memory BIO was not being properly checked.
2009-03-08- Andre Guibert de Bruet fixed the gnutls-using code: There are a few placesDaniel Stenberg
in the gnutls code where we were checking for negative values for errors, when the man pages state that GNUTLS_E_SUCCESS is returned on success and other values indicate error conditions.
2009-03-08- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) thatDaniel Stenberg
curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a problem. Nonetheless I modified the code to not rely on such particular features and to not cause further raised eyebrowse with no good reason.
2009-03-05Expanded the security section of the libcurl-tutorial man page to coverDan Fandrich
more issues for authors to consider when writing robust libcurl-using applications.
2009-03-05Fix NTLM authentication memory leak on SSPI enabled Windows buildsYang Tse
2009-03-04Fixed a problem with m4 quoting in the OpenSSL configure check reportedDan Fandrich
by Daniel Johnson.
2009-03-03- David James brought a patch that make libcurl close (all) dead connectionsDaniel Stenberg
whenever you attempt to open a new connection.
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-02-27- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE andDaniel Stenberg
CURLOPT_LOCALPORT were used together (the local port bind failed), and Markus Koetter provided the fix!
2009-02-25- As Daniel Fandrich figured out, we must do the GnuTLS initing in theDaniel Stenberg
curl_global_init() function to properly maintain the performing functions thread-safe. We've previously (28 April 2007) moved the init to a later time just to avoid it to fail very early when libgcrypt dislikes the situation, but that move was bad and the fix should rather be in libgcrypt or elsewhere.
2009-02-24- Brian J. Murrell found out that Negotiate proxy authentication didn't work.Daniel Stenberg
It happened because the code used the struct for server-based auth all the time for both proxy and server auth which of course was wrong.
2009-02-23- After a bug reported by James Cheng I've made curl_easy_getinfo() forDaniel Stenberg
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return -1 if the sizes aren't know. Previously these returned 0, make it impossible to detect the difference between actually zero and unknown.
2009-02-23Daniel Johnson provided a shell script that will perform all the steps neededYang Tse
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
2009-02-23- I renamed everything in the windows builds files that used the name 'curllib'Daniel Stenberg
to the proper 'libcurl' as clearly this caused confusion.
2009-02-20Do not halt compilation when using VS2008 to build a Windows 2000 targetYang Tse
2009-02-20- Linus Nielsen Feltzing reported and helped me repeat and fix a problem withDaniel Stenberg
FTP with the multi interface: when a transfer fails, like when aborted by a write callback, the control connection was wrongly closed and thus not re-used properly. This change is also an attempt to cleanup the code somewhat in this area, as now the FTP code attempts to keep (better) track on pending responses necessary to get read in ftp_done().
2009-02-19- Patrik Thunstrom reported a problem and helped me repeat it. It turned outDaniel Stenberg
libcurl did a superfluous 1000ms wait when doing SFTP downloads! We read data with libssh2 while doing the "DO" operation for SFTP and then when we were about to start getting data for the actual file part, the "TRANSFER" part, we waited for socket action (in 1000ms) before doing a libssh2-read. But in this case libssh2 had already read and buffered the data so we ended up always just waiting 1000ms before we get working on the data!
2009-02-18FTP downloads (i.e.: RETR) ending with code 550 now return error ↵Patrick Monnerat
CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.
2009-02-17- Kamil Dudka made NSS-powered builds compile and run again!Daniel Stenberg
2009-02-17- A second follow-up change by Andre Guibert de Bruet to fix a related memoryDaniel Stenberg
leak like that fixed on the 14th. When zlib returns failure, we need to cleanup properly before returning error.
2009-02-17- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 forDaniel Stenberg
plain FTP connections, and it will then allow MKD to fail once and retry the CWD afterwards. This is especially useful if you're doing many simultanoes connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works! The numbers can (should?) now be set with the convenience enums now called CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. Tests has proven that if you're making an application that uploads a set of files to an ftp server, you will get a noticable gain in speed if you're using multiple connections and this option will be then be very useful.
2009-02-14- Andre Guibert de Bruet found and fixed a memory leak in the content encodingDaniel Stenberg
code, which could happen on libz errors.
2009-02-12Added support for Digest and NTLM authentication using GnuTLS.Dan Fandrich
2009-02-12credit Jocelyn Jaubert for his bug report and associated workDaniel Stenberg
2009-02-11- CURLINFO_CONDITION_UNMET was added to allow an application to get to know ifDaniel Stenberg
the condition in the previous request was unmet. This is typically a time condition set with CURLOPT_TIMECONDITION and was previously not possible to reliably figure out. From bug report #2565128 (http://curl.haxx.se/bug/view.cgi?id=2565128)
2009-02-05Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).Dan Fandrich
This couldn't ever overflow in curl, but might if the code were used elsewhere or under different conditions.
2009-02-04Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGSDan Fandrich
(respectively) when --with-ssl=/usr is used (patch based on FreeBSD).
2009-02-03- Hidemoto Nakada provided a small fix that makes it possible to get theDaniel Stenberg
CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with CURLOPT_NOBODY set true.