aboutsummaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
AgeCommit message (Collapse)Author
2009-06-05- Setting the Content-Length: header from your app when you do a POST or PUTDaniel Stenberg
is almost always a VERY BAD IDEA. Yet there are still apps out there doing this, and now recently it triggered a bug/side-effect in libcurl as when libcurl sends a POST or PUT with NTLM, it sends an empty post first when it knows it will just get a 401/407 back. If the app then replaced the Content-Length header, it caused the server to wait for input that libcurl wouldn't send. Aaron Oneal reported this problem in bug report #2799008 http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
2009-06-04allow building libcurl for VxWorksYang Tse
2009-06-01- Claes Jakobsson fixed the configure script to better find and use NSSDaniel Stenberg
without pkg-config.
2009-06-01credit John E. MalmbergYang Tse
2009-05-27- Claes Jakobsson fixed libcurl-NSS to build fine even without theDaniel Stenberg
PK11_CreateGenericObject() function.
2009-05-27- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clearDaniel Stenberg
the auth credentials back in 7.19.0 and earlier while now you have to set "" to get the same effect. His patch brings back the ability to use NULL.
2009-05-27- Andre Guibert de Bruet found a call to a OpenSSL function that didn't checkDaniel Stenberg
for a failure properly.
2009-05-27- Frank McGeough provided a small OpenSSL #include fix to make libcurl compileDaniel Stenberg
fine with Nokia 5th edition 1.0 SDK for Symbian.
2009-05-25- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointedDaniel Stenberg
out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8.
2009-05-19- Kamil Dudka brought the patch from the Redhat bug entryDaniel Stenberg
https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing a bad file descriptor when closing down the FTP data connection. Caolan McNamara seems to be the original author of it.
2009-05-18start climbing to 7.19.6Daniel Stenberg
2009-05-17- James Bursa posted a patch to the mailing list that fixed a problem withDaniel Stenberg
no_proxy which made it not skip the proxy if the URL entered contained a user name. I added test case 1101 to verify.
2009-05-11- Balint Szilakszi reported a memory leak when libcurl did gzip decompressionDaniel Stenberg
of streams that had some parts (legitimately) missing. We now provide and use a proper cleanup function for the content encoding submodule. http://curl.haxx.se/mail/lib-2009-05/0092.html
2009-05-11- Kamil Dudka provided a fix for libcurl-NSS reported by Michael CronenworthDaniel Stenberg
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12 If an incorrect password is given while loading a private key, libcurl ends up in an infinite loop consuming memory. The bug is critical.
2009-05-11- I fixed the problem with doing NTLM, POST and then following a 302 redirect,Daniel Stenberg
as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on curl-library). The transfer was mistakenly marked to get more data to send but since it didn't actually have that, it just hung there...
2009-05-08Ah, this was committed by mistake as part of my previous commit but it seemsDaniel Stenberg
to work so I'll let it remain and here's the comment about it! From Lenaic's mail posted to curl-library Date: Fri, 1 May 2009 22:46:14 +0200.
2009-05-08- Constantine Sapuntzakis fixed bug report #2784055Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to connect to SOCKS proxies when using the multi interface. It turned out to almost not work at all previously. We need to wait for the TCP connect to be properly verified before doing the SOCKS magic. There's still a flaw in the FTP code for this.
2009-05-07- Man page *roff problems fixed thanks to input from Colin Watson. ProblemsDaniel Stenberg
reported in the Debian package.
2009-05-07- Vijay G filed bug report #2723236Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with libcurl's TFTP code and its lack of dealing with the OACK packet.
2009-05-04- Inspired by Michael Smith's session id fix for OpenSSL, I did theDaniel Stenberg
corresponding fix in the GnuTLS code: make sure to store the new session id in case the re-used one is rejected.
2009-05-04- Michael Smith posted bug report #2786255Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes.
2009-05-04David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and non-ASCII ↵Yang Tse
platform HTTP requests" patch
2009-05-02Use build-time configured curl_socklen_t instead of socklen_tYang Tse
2009-05-01Mention David McCreedy's patches applied todayYang Tse
2009-04-29- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)Daniel Stenberg
I've now made TFTP "connections" not being kept for re-use within libcurl. TFTP is UDP-based so the benefit was really low (if even existing) to begin with so instead of tracking down to fix this problem we instead removed the re-use. I also enabled test case 1099 that I wrote a few days ago to verify that this change fixes the reported problem.
2009-04-28- Constantine Sapuntzakis filed bug report #2783090Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows we need to grow the SO_SNDBUF buffer somewhat to get really good upload speeds. http://support.microsoft.com/kb/823764 has the details. Friends confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
2009-04-28- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by TimDaniel Stenberg
Chen pointed out how curl couldn't upload with resume when reading from a pipe. This ended up with the introduction of a new return code for the CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but that libcurl may try to resolve the situation anyway. In our case this means libcurl will attempt to instead read that much data from the stream instead of seeking and that way curl can now upload with resume when data is read from a stream!
2009-04-26- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by SvenDaniel Stenberg
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi interface and provided a patch that fixed the problem!
2009-04-24- Kamil Dudka fixed another NSS-related leak when client certs were used.Daniel Stenberg
2009-04-23for is docs remarksDaniel Stenberg
2009-04-20- Leanic Lefever reported a crash and did some detailed research on why andDaniel Stenberg
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The conclusion was that if an error is detected and Curl_done() is called for the connection, ftp_done() could at times return another error code that then would take precedence and that new code confused existing logic that works for the first error code (CURLE_SEND_ERROR) only.
2009-04-20- Gisle Vanem noticed that --libtool would produce bogus strings at times forDaniel Stenberg
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - within the app for setting plain string options to avoid the risk of this mistake happening.
2009-04-17mention Pramod Sharma and "persistent connections when doing FTP over a HTTP ↵Daniel Stenberg
proxy"
2009-04-13- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by MartinDaniel Stenberg
Storsjo pointed out how setting CURLOPT_NOBODY to 0 could be downright confusing as it set the method to either GET or HEAD. The example he showed looked like: curl_easy_setopt(curl, CURLOPT_PUT, 1); curl_easy_setopt(curl, CURLOPT_NOBODY, 0); The new way doesn't alter the method until the request is about to start. If CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is 0 and the request happens to have been set to HEAD, it will then instead be set to GET. I believe this will be less surprising to users, and hopefully not hit any existing users badly.
2009-04-13- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turnedDaniel Stenberg
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue is found in Redhat's bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=453612 There are still memory leaks present, but they seem to have other reasons.
2009-04-10Daniel Johnson improved the MacOSX-Framework shell script to now perform allYang Tse
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
2009-04-08Sun compilers specific preprocessor block removed from curlbuild.h.distYang Tse
2009-04-02Fix curl_off_t definition for builds done using Sun compilers and aYang Tse
non-configured libcurl. In this case curl_off_t data type was gated to the off_t data type which depends on the _FILE_OFFSET_BITS. This configuration is exactly the unwanted configuration for our curl_off_t data type which must not depend on such setting. This breaks ABI for libcurl libraries built with Sun compilers which were built without having run the configure script with _FILE_OFFSET_BITS different than 64 and using the ILP32 data model.
2009-04-02Added the curl_easy_recv return code fixDan Fandrich
2009-03-18- Kamil Dudka brought a patch that enables 6 additional crypto algorithms whenDaniel Stenberg
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled explicitly.
2009-03-13- Use libssh2_version() to present the libssh2 version in case the libssh2Daniel Stenberg
library is found to support it.
2009-03-12Fix TELNET transfers not being aborted upon write callback failuresYang Tse
2009-03-11Added TELNET timeout support for Windows buildsYang Tse
2009-03-09- Frank Hempel found out a bug and provided the fix:Daniel Stenberg
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE option. It only enabled the cookie engine in the destination handle if data->cookies is not NULL (where data is the source handle). In case of a newly initialized handle which just had the cookie support enabled by a curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was still NULL because the setopt-call only appends the value to data->change.cookielist, hence duplicating this handle would not have the cookie engine switched on. We also concluded that the slist-functionality would be suitable for being put in its own module rather than simply hanging out in lib/sendf.c so I created lib/slist.[ch] for them.
2009-03-09- Andreas Farber made the 'buildconf' script check for the presence of m4Daniel Stenberg
scripts to make it detect a bad checkout earlier. People with older checkouts who don't do cvs update with the -d option won't get the new dirs and then will get funny outputs that can be a bit hard to understand and fix.
2009-03-08- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where theDaniel Stenberg
allocation of the memory BIO was not being properly checked.
2009-03-08- Andre Guibert de Bruet fixed the gnutls-using code: There are a few placesDaniel Stenberg
in the gnutls code where we were checking for negative values for errors, when the man pages state that GNUTLS_E_SUCCESS is returned on success and other values indicate error conditions.
2009-03-08- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) thatDaniel Stenberg
curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a problem. Nonetheless I modified the code to not rely on such particular features and to not cause further raised eyebrowse with no good reason.
2009-03-05Fix NTLM authentication memory leak on SSPI enabled Windows buildsYang Tse
2009-03-03- David James brought a patch that make libcurl close (all) dead connectionsDaniel Stenberg
whenever you attempt to open a new connection.