aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-02-17- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 forDaniel Stenberg
plain FTP connections, and it will then allow MKD to fail once and retry the CWD afterwards. This is especially useful if you're doing many simultanoes connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works! The numbers can (should?) now be set with the convenience enums now called CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. Tests has proven that if you're making an application that uploads a set of files to an ftp server, you will get a noticable gain in speed if you're using multiple connections and this option will be then be very useful.
2009-02-11- CURLINFO_CONDITION_UNMET was added to allow an application to get to know ifDaniel Stenberg
the condition in the previous request was unmet. This is typically a time condition set with CURLOPT_TIMECONDITION and was previously not possible to reliably figure out. From bug report #2565128 (http://curl.haxx.se/bug/view.cgi?id=2565128)
2009-02-10remove a trailing name from a commentDaniel Stenberg
2009-02-02- Craig A West brought us: libcurl now defaults to do CONNECT with HTTPDaniel Stenberg
version 1.1 instead of 1.0 like before. This change also introduces the new proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. I updated all test cases cases that use CONNECT and I tried to do some using --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.
2009-01-28- Markus Moeller introduced two new options to libcurl:Daniel Stenberg
CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-26- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an appDaniel Stenberg
to set desired block size to use for TFTP transfers instead of the default 512 bytes.
2009-01-25- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.Daniel Stenberg
They basically offer the same thing the NO_PROXY environment variable only offered previously: list a set of host names that shall not use the proxy even if one is specified.
2009-01-19start over on our journey towards 7.19.4...Daniel Stenberg
2009-01-17fixed global copyright.Gunter Knauf
2009-01-16- Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, bothDaniel Stenberg
32 bit and 64 bit.
2009-01-13- Stefan Teleman brought a patch to fix the default curlbuild.h file for theDaniel Stenberg
SunPro compilers.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-11-13and we are now on the 7.19.3 roadDaniel Stenberg
2008-11-05and we're back on square one working on the next release...Daniel Stenberg
2008-10-17remove some spurious line-endingsYang Tse
2008-10-16- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that thenDaniel Stenberg
make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding these new options is that they have no problems with the colon separator that the CURLOPT_PROXYUSERPWD option does.
2008-10-09fix compiler warning: zero used for undefined preprocessing identifierYang Tse
2008-10-08- Igor Novoseltsev brought a patch that introduced two new options toDaniel Stenberg
curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of deprecates the good old CURLOPT_USERPWD since they allow applications to set the user name and password independently and perhaps more importantly allow both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.
2008-09-05- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renamesDaniel Stenberg
CURLOPT_POST301 (but adds a define for backwards compatibility for you who don't define CURL_NO_OLDIES). This option allows you to now also change the libcurl behavior for a HTTP response 302 after a POST to not use GET in the subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the patch somewhat before commit. The curl tool got a matching --post302 option. Test case 1076 was added to verify this.
2008-09-05- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
2008-09-02hex version number for 7.19.1 is 0x071301Yang Tse
2008-09-01clear the way for 7.19.1 work!Daniel Stenberg
2008-08-28Adjust curl_off_t definitions for DJGPP.Yang Tse
Ancient versions of DJGPP do not have a 64-bit data type.
2008-08-28ignore curlver.h.distYang Tse
2008-08-26Treat all ARM compilers (RVCT, GCC) equally on Symbian OS. They are bothDan Fandrich
compatible, and otherwise the dependency generation phase of the build would throw warnings since the actual compiler isn't known at that time.
2008-08-25Add missing preprocessor symbol definition checksYang Tse
2008-08-25For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros,Yang Tse
the name of the curl_off_t data type used now becomes CURL_TYPEOF_CURL_OFF_T CURL_OFF_T -> CURL_TYPEOF_CURL_OFF_T
2008-08-21MSVC's __int64 data type is only available when _INTEGRAL_MAX_BITS >= 64Yang Tse
2008-08-17Replace 'HttpPost' with 'curl_httppost'.Gisle Vanem
2008-08-15For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros,Yang Tse
the names of the curl_off_t formatting string directives now become CURL_FORMAT_CURL_OFF_T and CURL_FORMAT_CURL_OFF_TU. CURL_FMT_OFF_T -> CURL_FORMAT_CURL_OFF_T CURL_FMT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU Remove the use of an internal name for the curl_off_t formatting string directives and use the common one available from the inside and outside of the library. FORMAT_OFF_T -> CURL_FORMAT_CURL_OFF_T FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-13Adjust IBM C compiler CURL_SIZEOF_LONGYang Tse
2008-08-13The size of long is a build time characteristic and as such it is now recordedYang Tse
in curlbuild.h as CURL_SIZEOF_LONG. Definition now done from configure process and in CVS curlbuild.h.dist for non-configure systems.
2008-08-13Watcom doesn't have <sys/time.h>.Gisle Vanem
2008-08-13MingW uses gcc. Hence the suffixes for 64-bit are 'LL' and 'ULL'.Gisle Vanem
2008-08-12Added macros for minimum-width signed and unsigned curl_off_t integerYang Tse
constants CURL_OFF_T_C and CURL_OFF_TU_C. The clever double helper macro used internally to provide its functionality is thanks to Lars Nilsson.
2008-08-11OoopsYang Tse
2008-08-11Added missing signed and unsigned curl_off_t integer constant suffixes forYang Tse
internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU.
2008-08-09Remove some redundancyYang Tse
2008-08-08Add metroworks and generic gccYang Tse
2008-08-07Initial support of curlbuild.h and curlrules.h which allowsYang Tse
to have a curl_off_t data type no longer gated to off_t.
2008-07-30- Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URLDaniel Stenberg
parser to allow numerical IPv6-addresses to be specified with the scope given, as per RFC4007 - with a percent letter that itself needs to be URL escaped. For example, for an address of fe80::1234%1 the HTTP URL is: "http://[fe80::1234%251]/"
2008-07-03Introcuding a new timestamp for curl_easy_getinfo():Daniel Stenberg
CURLINFO_APPCONNECT_TIME. This is set with the "application layer" handshake/connection is completed (typically SSL, TLS or SSH). By using this you can figure out the application layer's own connect time. You can extract the time stamp using curl's -w option and the new variable named 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
2008-07-02Support Open Watcom C on Linux (as well as Windows).Dan Fandrich
2008-07-01- Rolland Dudemaine provided fixes to get libcurl to build for the INTEGRITYDaniel Stenberg
operating system.
2008-06-09CURLOPT_CRLFILE and CURLOPT_ISSUERCERT are new string optionsMichal Marek
2008-06-08the next release is now called 7.19.0Daniel Stenberg
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06- Added CURLINFO_PRIMARY_IP as a new information retrievable withDaniel Stenberg
curl_easy_getinfo. It returns a pointer to a string with the most recently used IP address. Modified test case 500 to also verify this feature. The implementing of this feature was sponsored by Lenny Rachitsky at NeuStar.