From 8ad2fdd71eef0e2cc761c04ea7283258cb717bd0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 6 Jun 2008 22:11:24 +0000 Subject: Moved all changes from 2007 from CHANGES to CHANGES.0 --- CHANGES.0 | 1603 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1603 insertions(+) (limited to 'CHANGES.0') diff --git a/CHANGES.0 b/CHANGES.0 index b73d239fd..e2b769714 100644 --- a/CHANGES.0 +++ b/CHANGES.0 @@ -9,6 +9,1609 @@ Changes done to curl and libcurl from 1997 to 2006. The most recent changes are always kept in the CHANGES file. +Daniel S (27 Dec 2007) +- Dmitry Kurochkin mentioned a flaw + (http://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which + failed to set the bits.proxy variable properly when an environment variable + told libcurl to use a http proxy. + +Daniel S (26 Dec 2007) +- In an attempt to repeat the problem in bug report #1850730 + (http://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The + test is doing a 70K POST with a read callback and an ioctl callback over a + proxy requiring Digest auth. The test case code is more or less identical to + the test recipe code provided by Spacen Jasset (who submitted the bug + report). + +Daniel S (25 Dec 2007) +- Gary Maxwell filed bug report #1856628 + (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the + (small) memory leak in the SSL session ID caching code. It happened when a + previous entry in the cache was re-used. + +Daniel Fandrich (19 Dec 2007) +- Ensure that nroff doesn't put anything but ASCII characters into the + --manual text. + +Yang Tse (18 Dec 2007) +- MSVC 9.0 (VS2008) does not support Windows build targets prior to WinXP, + and makes wrong asumptions of build target when it isn't specified. So, + if no build target has been defined we will target WinXP when building + curl/libcurl with MSVC 9.0 (VS2008). + +- (http://curl.haxx.se/mail/archive-2007-12/0039.html) reported and fixed + a file truncation problem on Windows build targets triggered when retrying + a download with curl. + +Daniel S (17 Dec 2007) +- Mateusz Loskot pointed out that MSVC 9.0 (VS2008) has the pollfd struct and + defines in winsock2.h somehow differently than previous versions and that + curl 7.17.1 would fail to compile out of the box. + +Daniel S (13 Dec 2007) +- David Wright filed bug report #1849764 + (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He + identified a problem for re-used connections that previously had sent + Expect: 100-continue and in some situations the subsequent POST (that didn't + use Expect:) still had the internal flag set for its use. David's fix (that + makes the setting of the flag in every single request unconditionally) is + fine and is now used! + +Daniel S (12 Dec 2007) +- Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and + added the --no-keep-alive option that can disable that on demand. + +Daniel S (9 Dec 2007) +- Andrew Moise filed bug report #1847501 + (http://curl.haxx.se/bug/view.cgi?id=1847501) and pointed out a memcpy() + that should be memmove() in the convert_lineends() function. + +Daniel S (8 Dec 2007) +- Renamed all internal static functions that had Curl_ prefixes to no longer + have them. The Curl_ prefix is exclusively used for library internal global + symbols. Static functions can be named anything, except for using Curl_ or + curl_ prefixes. This is for consistency and for easier maintainance and + overview. + +- Cleaned up and reformatted the TODO document to look like the FAQ and + CONTRIBUTE, which makes nicer web pages + +- Added test cases 549 and 550 that test CURLOPT_PROXY_TRANSFER_MODE. + +- Added keywords on a bunch of test cases + +- Fixed an OOM problem in the curl code that would lead to fclose on a bad + handle and crash + +Daniel S (5 Dec 2007) +- Spacen Jasset reported a problem with doing POST (with data read with a + callback) over a proxy when NTLM is used as auth with the proxy. The bug + also concerned Digest and was limited to using callback only. Spacen worked + with us to provide a useful patch. I added the test case 547 and 548 to + verify two variations of POST over proxy with NTLM. + +Daniel S (3 Dec 2007) +- Ray Pekowski filed bug report #1842029 + (http://curl.haxx.se/bug/view.cgi?id=1842029) in which he identified a + problem with SSL session caching that prevent it from working, and provided + the associated fix! + +- Now libcurl (built with OpenSSL) doesn't return error anymore if the remote + SSL-based server doesn't present a certificate when the request is told to + ignore certificate verification anyway. + +- Michal Marek introduced CURLOPT_PROXY_TRANSFER_MODE which is used to control + the appending of the "type=" thing on FTP URLs when they are passed to a + HTTP proxy. Some proxies just don't like that appending (which is done + unconditionally in 7.17.1), and some proxies treat binary/ascii transfers + better with the appending done! + +Daniel S (29 Nov 2007) +- A bug report on the curl-library list showed a HTTP Digest session going on + with a 700+ letter nonce. Previously libcurl only support 127 letter ones + and now I bumped it to 1023. + +- Fixed the resumed FTP upload loop to not require that the read callback + returns a full buffer on each invoke. + +Daniel S (25 Nov 2007) +- Added test case 1015 that tests --data-urlencode in multiple ways + +- Fixed --data-urlencode for when no @ or = are used + +- Extended the user-agent buffer curl uses, since we can hit the 128 byte + border with plenty development libraries used. Like my current set: "curl + 7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g + zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-CVS" + +Daniel S (24 Nov 2007) +- Internal rearrangements, so that the previous struct HandleData is no more. + It is now known as SingleRequest and the Curl_transfer_keeper struct within + that was remove entirely. This has the upside that there are less duplicate + struct members that made it hard to see and remember what struct that was + used to store what data. The transfer_keeper thing was once stored on a + per-connection basis and then it made sense to have the duplicate info but + since it was moved to the SessionHandle (in 7.16.0) it just added weirdness. + The SingleRequest struct is used by data that only is valid for this single + request. + +Yang Tse (22 Nov 2007) +- Provide a socklen_t definition in curl.h for Win32 API build targets + which don't have one. + +Daniel S (22 Nov 2007) +- Alessandro Vesely helped me improve the --data-urlencode's syntax, parser + and documentation. + +Daniel S (21 Nov 2007) +- While inspecting the Negotiate code, I noticed how the proxy auth was using + the same state struct as the host auth, so both could never be used at the + same time! I fixed it (without being able to check) to use two separate + structs to allow authentication using Negotiate on host and proxy + simultaneously. + +Daniel S (20 Nov 2007) +- Emil Romanus pointed out a bug that made an easy handle get the cookie + engine activated when set to use a share (even if the share doesn't share + cookies). I fixed it. + +- Fixed a very long-lasting mprintf() bug that occurred when we did "%.*s%s", + since the second %s would then wrongly used the numerical precision argument + instead and crash. + +- Introduced --data-urlencode to the curl tool for easier url encoding of the + data sent in a post. + +Daniel S (18 Nov 2007) +- Rob Crittenden fixed SSL connections with NSS done with the multi-interface + +Daniel S (17 Nov 2007) +- Michal Marek made the test suite remember what test servers that fail to + start so that subsequent tries are simply skipped. + +- Andres Garcia made the examples build fine on Windows (mingw + msys) when + the lib was built staticly. + +Daniel S (16 Nov 2007) +- Ates Goral identified a problem in http.c:add_buffer_send() when a debug + callback was used, as it could wrongly pass on a bad size for the outgoing + HTTP header. The bad size would be a very large value as it was a wrapped + size_t content. This happened when the whole HTTP request failed to get sent + in one single send. http://curl.haxx.se/mail/lib-2007-11/0165.html + +Daniel S (15 Nov 2007) +- Fixed yet another remaining problem with doing SFTP directory listings on a + re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing + list. + +- Michal Marek fixed the test suite to better deal with the case when the HTTP + ipv6 server can't run. + +Yang Tse (14 Nov 2007) +- Fix a variable potential wrapping in add_buffer() when using absolutely + huge send buffer sizes. + +Daniel S (13 Nov 2007) +- Fixed a remaining problem with doing SFTP directory listings on a re-used + persistent connection. Mentioned by Immanuel Gregoire on the mailing list. + +Daniel S (12 Nov 2007) +- Bug report #1830637 (http://curl.haxx.se/bug/view.cgi?id=1830637), which was + forwarded from the Gentoo bug tracker by Daniel Black and was originally + submitted by Robin Johnson, pointed out that libcurl would do bad memory + references when it failed and bailed out before the handler thing was + setup. My fix is not done like the provided patch does it, but instead I + make sure that there's never any chance for a NULL pointer in that struct + member. + +Yang Tse (10 Nov 2007) +- Vikram Saxena (http://curl.haxx.se/mail/lib-2007-11/0096.html) pointed out + that the pollfd struct was being multi defined when using VS2008. This is + now fixed in /curl/lib/select.h + +Daniel S (8 Nov 2007) +- Bug report #1823487 (http://curl.haxx.se/bug/view.cgi?id=1823487) pointed + out that SFTP requests didn't use persistent connections. Neither did SCP + ones. I gave the SSH code a good beating and now both SCP and SFTP should + use persistent connections fine. I also did a bunch of indent changes as + well as a bug fix for the "keyboard interactive" auth. + +Dan F (6 Nov 2007) +- Improved telnet support by drastically reducing the number of write + callbacks needed to pass a buffer to the user. Instead one per byte it + is now as little as one per segment. + +Yang Tse (6 Nov 2007) +- Bug report #1824894 (http://curl.haxx.se/bug/view.cgi?id=1824894) pointed + out a problem in curl.h when building C++ apps with MSVC. To fix it, the + inclusion of header files in curl.h is moved outside of the C++ extern "C" + linkage block. + +Daniel S (1 Nov 2007) +- Toby Peterson patched a memory problem in the command line tool that + happened when a user had a home dir as an empty string. curl would then do + free() on a wrong area. + +Dan F (1 Nov 2007) +- Fixed curl-config --features to not display libz when it wasn't used + due to a missing header file. + +Dan F (31 October 2007) +- Fixed the output of curl-config --protocols which showed SCP and SFTP + always, except when --without-libssh2 was given + +- Added test cases 1013 and 1014 to check that curl-config --protocols and + curl-config --features matches the output of curl --version + +Dan F (30 October 2007) +- Fixed an OOM problem with file: URLs + +- Moved Curl_file_connect into the protocol handler struct + +Dan F (29 October 2007) +- Added test case 546 to check that subsequent FTP transfers work after a + failed one using the multi interface + +Daniel S (29 October 2007) +- Based on one of those bug reports that are intercepted by a distro's bug + tracker (https://bugzilla.redhat.com/show_bug.cgi?id=316191), I now made + curl-config --features and --protocols show the correct output when built + with NSS. + +Version 7.17.1 (29 October 2007) + +Dan F (25 October 2007) +- Added the --static-libs option to curl-config + +Daniel S (25 October 2007) +- Made libcurl built with NSS possible to ignore the peer verification. + Previously it would fail if the ca bundle wasn't present, even if the code + ignored the verification results. + +Patrick M (25 October 2007) +- Fixed test server to allow null bytes in binary posts. +_ Added tests 35, 544 & 545 to check binary data posts, both static (in place) + and dynamic (copied). + +Daniel S (25 October 2007) +- Michal Marek fixed the test script to be able to use valgrind even when the + lib is built shared with libtool. + +- Fixed a few memory leaks when the same easy handle is re-used to request + URLs with different protocols. FTP and TFTP related leaks. Caught thanks to + Dan F's new test cases. + +Dan F (24 October 2007) +- Fixed the test FTP and TFTP servers to support the >10000 test number + notation + +- Added test cases 2000 through 2003 which test multiple protocols using the + same easy handle + +- Fixed the filecheck: make target to work outside the source tree + +Daniel S (24 October 2007) +- Vladimir Lazarenko pointed out that we should do some 'mt' magic when + building with VC8 to get the "manifest" embedded to make fine stand-alone + binaries. The maketgz and the src/Makefile.vc6 files were adjusted + accordingly. + +Daniel S (23 October 2007) +- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out + that libcurl tried to re-use connections a bit too much when using non-SSL + protocols tunneled over a HTTP proxy. + +Daniel S (22 October 2007) +- Michal Marek forwarded the bug report + https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to + FTP that caused memory havoc. His work together with my efforts created two + fixes: + + #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with + at connection cleanup, at which time the struct HandleData could be + used by another connection. + Also, the unused char *urlpath member is removed from struct FTP. + + #2 - provide a Curl_reset_reqproto() function that frees + data->reqdata.proto.* on connection setup if needed (that is if the + SessionHandle was used by a different connection). + + A long-term goal is of course to somehow get rid of how the reqdata struct + is used, as it is too error-prone. + +- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out + that specifying a proxy with a trailing slash didn't work (unless it also + contained a port number). + +Patrick M (15 October 2007) +- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again + and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode. + +Patrick M (12 October 2007) +- Added per-protocol callback static tables, replacing callback ptr storage + in the connectdata structure by a single handler table ptr. + +Dan F (11 October 2007) +- Fixed the -l option of runtests.pl + +- Added support for skipping tests based on key words. + +Daniel S (9 October 2007) +- Michal Marek removed the no longer existing return codes from the curl.1 + man page. + +Daniel S (7 October 2007) +- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with + a response that was larger than 16KB is now improved slightly so that now + the restriction at 16KB is for the headers only and it should be a rare + situation where the response-headers exceed 16KB. Thus, I consider #47 fixed + and the header limitation is now known as known bug #48. + +Daniel S (5 October 2007) +- Michael Wallner made the CULROPT_COOKIELIST option support a new magic + string: "FLUSH". Using that will cause libcurl to flush its cookies to the + CURLOPT_COOKIEJAR file. + +- The new file docs/libcurl/ABI describes how we view ABI breakages, soname + bumps and what the version number's significance to all that is. + +Daniel S (4 October 2007) +- I enabled test 1009 and made the --local-port use a wide range to reduce the + risk of failures. + +- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers. + This happened because the tftp code always uncondionally did a bind() + without caring if one already had been done and then it failed. I wrote a + test case (1009) to verify this, but it is a bit error-prone since it will + have to pick a fixed local port number and since the tests are run on so + many different hosts in different situations I'll add it in disabled state. + +Yang Tse (3 October 2007) +- Fixed issue related with the use of ares_timeout() result. + +Daniel S (3 October 2007) +- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and + CURLOPT_OPENSOCKETDATA to set a callback that allows an application to + replace the socket() call used by libcurl. It basically allows the app to + change address, protocol or whatever of the socket. + +- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to + CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made + this return code get used by the previous SSH MD5 fingerprint check in case + it fails. + +- Based on a patch brought by Johnny Luong, libcurl now offers + CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both + make the SCP or SFTP connection verify the remote host's md5 checksum of the + public key before doing a connect, to reduce the risk of a man-in-the-middle + attack. + +Daniel S (2 October 2007) +- libcurl now handles chunked-encoded CONNECT responses + +Daniel S (1 October 2007) +- Alex Fishman reported a curl_easy_escape() problem that was made the + function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a + signed / unsigned mistake in the code. I fixed it and added test case 543 to + verify. + +Daniel S (29 September 2007) +- Immanuel Gregoire fixed a problem with persistent transfers over SFTP. + +Daniel S (28 September 2007) +- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the + notifier callback(s). + +Dan F (26 September 2007) +- Enabled a few more gcc warnings with --enable-debug. Renamed a few + variables to avoid shadowing global declarations. + +Daniel S (26 September 2007) +- Philip Langdale provided the new CURLOPT_POST301 option for + curl_easy_setopt() that alters how libcurl functions when following + redirects. It makes libcurl obey the RFC2616 when a 301 response is received + after a non-GET request is made. Default libcurl behaviour is to change + method to GET in the subsequent request (like it does for response code 302 + - because that's what many/most browsers do), but with this CURLOPT_POST301 + option enabled it will do what the spec says and do the next request using + the same method again. I.e keep POST after 301. + + The curl tool got this option as --post301 + + Test case 1011 and 1012 were added to verify. + +- Max Katsev reported that when doing a libcurl FTP request with + CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE + before it does SIZE which makes it less useful. I walked over the code and + made it do this properly, and added test case 542 to verify it. + +Daniel S (24 September 2007) +- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle + URLs ending with a slash properly (it should list the contents of that + directory). Test case 351 brought back and also test 1010 was added. + +Daniel S (21 September 2007) +- Mark Davies fixed Negotiate authentication over proxy, and also introduced + the --proxy-negotiate command line option to allow a user to explicitly + select it. + +Daniel S (19 September 2007) +- Rob Crittenden provided an NSS update with the following highlights: + + o It looks for the NSS database first in the environment variable SSL_DIR, + then in /etc/pki/nssdb, then it initializes with no database if neither of + those exist. + + o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be + loaded, including the ca-bundle. If it is not available then only + certificates already in the NSS database are used. + + o Tries to detect whether a file or nickname is being passed in so the right + thing is done + + o Added a bit of code to make the output more like the OpenSSL module, + including displaying the certificate information when connecting in + verbose mode + + o Improved handling of certificate errors (expired, untrusted, etc) + + The libnsspem.so PKCS#11 module is currently only available in Fedora + 8/rawhide. Work will be done soon to upstream it. The NSS module will work + with or without it, all that changes is the source of the certificates and + keys. + +Daniel S (18 September 2007) +- Immanuel Gregoire pointed out that public key SSH auth failed if no + public/private key was specified and there was no HOME environment variable, + and then it didn't continue to try the other auth methods. Now it will + instead try to get the files id_dsa.pub and id_dsa from the current + directory if none of the two conditions were met. + +Dan F (17 September 2007) +- Added hooks to the test suite to make it possible to test a curl running + on a remote host. + +- Changed some FTP tests to validate the format of the PORT and EPRT commands + sent by curl, if not the addresses themselves. + +Daniel S (15 September 2007) +- Michal Marek made libcurl automatically append ";type=" when using HTTP + proxies for FTP urls. + +- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3 + support on Windows. + +Dan F (13 September 2007) +- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and + fixed some AC_SUBST configure entries. + +Version 7.17.0 (13 September 2007) + +Daniel S (12 September 2007) +- Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed + out a problem with doing an empty upload over FTP on a re-used connection. + I added test case 541 to reproduce it and to verify the fix. + +- I noticed while writing test 541 that the FTP code wrongly did a CWD on the + second transfer as it didn't store and remember the "" path from the + previous transfer so it would instead CWD to the entry path as stored. This + worked, but did a superfluous command. Thus, test case 541 now also verifies + this fix. + +Dan F (5 September 2007) +- Added test case 1007 to test permission problem when uploading with TFTP + (to validate bug #1790403). + +- TFTP now reports the "not defined" TFTP error code 0 as an error, + not success. + +Daniel S (5 September 2007) +- Continued the work on a fix for #1779054 + (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August + 24 was not complete (either) but could accidentally "forget" parts of a + server response which led to faulty server response time-out errors. + +Dan F (5 September 2007) +- Minix doesn't support getsockopt on UDP sockets or send/recv on TCP + sockets. + +Dan F (31 August 2007) +- Made some of the error strings returned by the *strerror functions more + generic, and more consistent with each other. + +- Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants, + creating macros for backward compatibility: + + CURLFTPSSL_NONE => CURLUSESSL_NONE + CURLFTPSSL_TRY => CURLUSESSL_TRY + CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL + CURLFTPSSL_ALL => CURLUSESSL_ALL + CURLFTPSSL_LAST => CURLUSESSL_LAST + +Dan F (30 August 2007) +- Renamed several libcurl error codes and options to make them more general + and allow reuse by multiple protocols. Several unused error codes were + removed. In all cases, macros were added to preserve source (and binary) + compatibility with the old names. These macros are subject to removal at + a future date, but probably not before 2009. An application can be + tested to see if it is using any obsolete code by compiling it with the + CURL_NO_OLDIES macro defined. + + The following unused error codes were removed: + + CURLE_BAD_CALLING_ORDER + CURLE_BAD_PASSWORD_ENTERED + CURLE_FTP_CANT_RECONNECT + CURLE_FTP_COULDNT_GET_SIZE + CURLE_FTP_COULDNT_SET_ASCII + CURLE_FTP_USER_PASSWORD_INCORRECT + CURLE_FTP_WEIRD_USER_REPLY + CURLE_FTP_WRITE_ERROR + CURLE_LIBRARY_NOT_FOUND + CURLE_MALFORMAT_USER + CURLE_OBSOLETE + CURLE_SHARE_IN_USE + CURLE_URL_MALFORMAT_USER + + The following error codes were renamed: + + CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED + CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE + CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED + CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR + CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL + CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS + CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR + + The following options were renamed: + + CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD + CURLOPT_FTPAPPEND => CURLOPT_APPEND + CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY + CURLOPT_FTP_SSL => CURLOPT_USE_SSL + + A few more changes will take place with the next SONAME bump of the + library. These are documented in docs/TODO + +- Documented some newer error codes in libcurl-error(3) + +- Added more accurate error code returns from SFTP operations. Added test + case 615 to test an SFTP upload failure. + +Dan F (28 August 2007) +- Some minor internal type and const changes based on a splint scan. + +Daniel S (24 August 2007) +- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed + out that libcurl didn't deal with large responses from server commands, when + the single response was consisting of multiple lines but of a total size of + 16KB or more. Dan Fandrich improved the ftp test script and provided test + case 1006 to repeat the problem, and I fixed the code to make sure this new + test case runs fine. + +Patrick M (23 August 2007) +- OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*. + See packages/OS400/README.OS400. + +Daniel S (23 August 2007) +- Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed + out that doing first a file:// upload and then an FTP upload crashed libcurl + or at best caused furious valgrind complaints. Fixed now! + +Daniel S (22 August 2007) +- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed + out that libcurl didn't deal with very long (>16K) FTP server response lines + properly. Starting now, libcurl will chop them off (thus the client app will + not get the full line) but survive and deal with them fine otherwise. Test + case 1003 was added to verify this. + +Daniel S (20 August 2007) +- Based on a patch by Christian Vogt, the FTP code now sets the upcoming + download transfer size much earlier to be possible to get read with + CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a + similar spirit to the HTTP size change from August 11 2007. + +Daniel S (18 August 2007) +- Robson Braga Araujo filed bug report #1776232 + (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling + Curl_client_write(), passing on a const string that the caller may not + modify and yet it does (on some platforms). + +- Robson Braga Araujo filed bug report #1776235 + (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY + on a directory would do a "SIZE (null)" request. This is now fixed and test + case 1000 was added to verify. + +Daniel S (17 August 2007) +- Song Ma provided a patch that cures a problem libcurl has when doing resume + HTTP PUT using Digest authentication. Test case 5320 and 5322 were also + added to verify the functionality. + +Daniel S (14 August 2007) +- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag + NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't + UNICODE encode the strings it packs into the NTLM authenticate packet. + +Daniel S (11 August 2007) +- Allen Pulsifer provided a patch that makes libcurl set the expected download + size earlier when doing HTTP downloads, so that applications and the + progress meter etc know get the info earlier in the flow than before. + +- Patrick Monnerat modified the LDAP code and approach in curl. Starting now, + the configure script checks for openldap and friends and we link with those + libs just like we link all other third party libraries, and we no longer + dlopen() those libraries. Our private header file lib/ldap.h was renamed to + lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix) + just before this commit, just in case. + +Dan F (8 August 2007) +- Song Ma noted a zlib memory leak in the illegal compressed header + countermeasures code path. + +Daniel S (4 August 2007) +- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on + non-ASCII systems. + +Daniel S (3 August 2007) +- I cut out support for libssh2 versions older than 0.16 to make our code a + lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define + that 1) didn't work properly since it was >32 bits and 2) is removed in + libssh2 0.16... + +Daniel S (2 August 2007) +- Scott Cantor filed bug report #1766320 + (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl + code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and + CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be + passed in as longs, and that makes a difference on 64 bit architectures. + +- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke + after 7.16.2. This is much due to the different treatment file:// gets + internally, but now I added test 231 to make it less likely to happen again + without us noticing! + +Daniel S (1 August 2007) +- Patrick Monnerat and I modified libcurl so that now it *copies* all strings + passed to it with curl_easy_setopt()! Previously it has always just refered + to the data, forcing the user to keep the data around until libcurl is done + with it. That is now history and libcurl will instead clone the given + strings and keep private copies. This is also part of Patrick Monnerat's + OS/400 port. + + Due to this being a somewhat interesting change API wise, I've decided to + bump the version of the upcoming release to 7.17.0. Older applications will + of course not notice this change nor do they have to care, but new + applications can be written to take advantage of this. + +- Greg Morse reported a problem with POSTing using ANYAUTH to a server + requiring NTLM, and he provided test code and a test server and we worked + out a bug fix. We failed to count sent body data at times, which then caused + internal confusions when libcurl tried to send the rest of the data in order + to maintain the same connection alive. + +Daniel S (31 July 2007) +- Peter O'Gorman pointed out (and fixed) that the non-blocking check in + configure made libcurl use blocking sockets on AIX 4 and 5, while that + wasn't the intention. + +Daniel S (29 July 2007) +- Jayesh A Shah filed bug report #1759542 + (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious + problem with FTPS: libcurl closed the data connection socket and then later + in the flow it would call the SSL layer to do SSL shutdown which then would + use a socket that had already been closed - so if the application had opened + a new one in the mean time, libcurl could send gibberish that way! I worked + with Greg Zavertnik to properly diagnose and fix this. The fix affects code + for all SSL libraries we support, but it has only been truly verified to + work fine for the OpenSSL version. The others have only been code reviewed. + +Daniel S (23 July 2007) +- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces + support for the OS/400 Secure Sockets Layer library. + +Dan F (23 July 2007) +- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed + some few internal identifiers to avoid conflicts, which could be useful on + other platforms. + +Daniel S (22 July 2007) +- HTTP Digest bug fix by Chris Flerackers: + + Scenario + + - Perfoming a POST request with body + - With authentication (only Digest) + - Re-using a connection + + libcurl would send a HTTP POST with an Authorization header but without + body. Our server would return 400 Bad Request in that case (because + authentication passed, but the body was empty). + + Cause + + 1) http_digest.c -> Curl_output_digest + - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is + filled in (and no errors) + - authp->done = TRUE if d->nonce is filled in + 2) http.c -> Curl_http + - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL + 3) http.c -> Curl_http, Curl_http_output_auth + + So what happens is that Curl_output_digest cannot yet update the + Authorization header (allocptr.userpwd) which results in authhost->done=0 -> + authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not + added. *However*, allocptr.userpwd is still used when building the request + +- Added test case 354 that makes a simple FTP retrieval without password, which + verifies the bug fix in #1757328. + +Daniel S (21 July 2007) +- To allow more flexibility in FTP test cases, I've removed the enforced states + from the test server code as they served no real purpose. The test server + is here to serve for the test cases, not to attempt to function as a real + server! While at it, I modified test case 141 to better test and verify + curl -I on a single FTP file. + +Daniel S (20 July 2007) +- James Housley fixed the SFTP PWD command to work. + +- Ralf S. Engelschall filed bug report #1757328 + (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It + turns out we broke login to FTP servers that don't require (nor understand) + PASS after the USER command. The breakage was done as part of the krb5 + commit so a krb-using person needs to verify that the current version now + works or if we need to fix it (in a different way of course). + +Dan F (17 July 2007) +- Fixed test cases 613 and 614 by improving the log postprocessor to handle + a new directory listing format that newer libssh2's can provide. This + is probably NOT sufficient to handle all directory listing formats that + server's can provide, and should be revisited. + +Daniel S (17 July 2007) +- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in + two places. + +- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made + a control connection that was deemed "dead" to yet be re-used in a following + request. + +Daniel S (13 July 2007) +- Colin Hogben filed bug report #1750274 + (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the + case where libcurl did a connect attempt to a non-listening port and didn't + provide a human readable error string back. + +- Daniel Cater fixes: + 1 - made 'make vc8' work on windows. + 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't + define the symbols for backwards source compatibility) + 3 - updated libcurl-errors.3 + 4 - added CURL_DISABLE_TFTP to docs/INSTALL + +Daniel S (12 July 2007) +- Made the krb5 code build with Heimdal's GSSAPI lib. + +Dan F (12 July 2007) +- Compile most of the example apps in docs/examples when doing a 'make check'. + Fixed some compile warnings and errors in those examples. + +- Removed the example program ftp3rdparty.c since libcurl doesn't support + 3rd party FTP transfers any longer. + +Daniel S (12 July 2007) +- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation + could in fact get stuck in an endless loop. + +- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: + fail to connect if there is no Common Name field found in the remote cert. + We should deprecate the support for this set to 1 anyway soon, since the + feature is pointless and most likely never really used by anyone. + +Daniel S (11 July 2007) +- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407 + error pages for proxy authentication. + +- Giancarlo Formicuccia reported and fixed a problem with a closed connection + to a proxy during CONNECT auth negotiation. + +Dan F (10 July 2007) +- Fixed a curl memory leak reported by Song Ma with a modified version + of the patch he suggested. Added his test case as test289 to verify. + +- Force the time zone to GMT in the cookie tests in case the user is + using one of the so-called 'right' time zones that take into account + leap seconds, which causes the tests to fail (as reported by + Daniel Black in bug report #1745964). + +Version 7.16.4 (10 July 2007) + +Daniel S (10 July 2007) +- Kees Cook notified us about a security flaw + (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to + properly reject some outdated or not yet valid server certificates when + built with GnuTLS. Kees also provided the patch. + +James H (5 July 2007) +- Gavrie Philipson provided a patch that will use a more specific error + message for an scp:// upload failure. If libssh2 has his matching + patch, then the error message return by the server will be used instead + of a more generic error. + +Daniel S (1 July 2007) +- Thomas J. Moore provided a patch that introduces Kerberos5 support in + libcurl. This also makes the options change name to --krb (from --krb4) and + CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still + +- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5 + proxy. + +Daniel S (27 June 2007) +- James Housley: Add two new options for the SFTP/SCP/FILE protocols: + CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the + premissions for files and directories created on the remote + server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and + CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755 + +- I corrected the 10-at-a-time.c example and applied a patch for it by James + Bursa. + +Daniel S (26 June 2007) +- Robert Iakobashvili re-arranged the internal hash code to work with a custom + hash function for different hashes, and also expanded the default size for + the socket hash table used in multi handles to greatly enhance speed when + very many connections are added and the socket API is used. + +- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory + listings as well + +Daniel S (25 June 2007) +- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or + chunked encoding (that also lacks "Connection: close"). It now simply + assumes that the connection WILL be closed to signal the end, as that is how + RFC2616 section 4.4 point #5 says we should behave. + +Version 7.16.3 (25 June 2007) + +Daniel S (23 June 2007) +- As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and + http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do + no-body requests on FTP files on re-used connections properly, or at least + it didn't provide the info back in the header callback properly in the + subsequent requests. + +Daniel S (21 June 2007) +- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker + tool reports and it was indeed a legitimate one and it is one fixed. It was + a use of a share without doing the proper locking first. + +Daniel S (20 June 2007) +- Adam Piggott filed bug report #1740263 + (http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when + getting a large amount of URLs with curl, they were fetched slower and + slower... which turned out to be because the --libcurl data collecting which + wrongly always was enabled, but no longer is... + +Daniel S (18 June 2007) +- Robson Braga Araujo filed bug report #1739100 + (http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl + could not actually list the contents of the root directory of a given FTP + server if the login directory isn't root. I fixed the problem and added + three test cases (one is disabled for now since I identified KNOWN_BUGS #44, + we cannot use --ftp-method nocwd and list ftp directories). + +Daniel S (14 June 2007) +- Shmulik Regev: + + I've encountered (and hopefully fixed) a problem involving proxy CONNECT + requests and easy handles state management. The problem isn't simple to + reproduce since it depends on socket state. It only manifests itself when + working with non-blocking sockets. + + Here is the scenario: + + 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and + calls Curl_protocol_connect + + 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function + returns and conn->bits.tunnel_connecting is TRUE + + 3. when the call to Curl_protocol_connect returns the protocol_connect flag + is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which + isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT + should be used. + + I discovered this while performing an HTTPS request through a proxy (squid) + on my local network. The problem caused openssl to fail as it read the proxy + response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL + handshake (the exact openssl error was 'wrong ssl version' but this isn't + very important) + +- Dave Vasilevsky filed bug report #1736875 + (http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan + Fandrich mentioned a related build problem on the libcurl mailing list: + http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same + reason: the definitions of the POLL* defines and the pollfd struct in the + libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H. + +Daniel S (13 June 2007) +- Tom Regner provided a patch and worked together with James Housley, so now + CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP + ones. + +- Rich Rauenzahn filed bug report #1733119 + (http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the + fix. The problem is that for 64bit HPUX builds, several socket-related + functions would still assume int (32 bit) arguments and not socklen_t (64 + bit) ones. + +Daniel S (12 June 2007) +- James Housley brought his revamped SSH code that is state-machine driven to + really take advantage of the now totally non-blocking libssh2 (in CVS). + +Dan F (8 June 2007) +- Incorporated Daniel Black's test706 and test707 SOCKS test cases. + +- Fixed a few problems when starting the SOCKS server. + +- Reverted some recent changes to runtests.pl that weren't compatible with + perl 5.0. + +- Fixed the test harness so that it actually kills the ssh being used as + the SOCKS server. + +Daniel S (6 June 2007) +- -s/--silent can now be used to toggle off the silence again if used a second + time. + +Daniel S (5 June 2007) +- Added Daniel Black's work that adds the first few SOCKS test cases. I also + fixed two minor SOCKS problems to make the test cases run fine. + +Daniel S (31 May 2007) +- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs. + +Daniel S (30 May 2007) +- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel + with a c-ares enabled build only to find that it crashed miserably, and this + was due to some select()isms left in the code. This was due to API + restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no + longer the case so now libcurl runs much better with c-ares and the multi + interface with > 1024 file descriptors in use. + + Extra note: starting now we require c-ares 1.4.0 for asynchronous name + resolves. + +- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting + the maximum size of the connection cache maximum size of the multi handle. + +Daniel S (27 May 2007) +- When working with a problem Stefan Becker had, I found an off-by-one buffer + overwrite in Curl_select(). While fixing it, I also improved its performance + somewhat by changing calloc to malloc and breaking out of a loop earlier + (when possible). + +Daniel S (25 May 2007) +- Rob Crittenden fixed bug #1705802 + (http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel + Black identifying several FTP-SSL test cases fail when we build libcurl with + NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS. + +Daniel S (24 May 2007) +- Song Ma filed bug report #1724016 + (http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading + glob-ranges for TFTP was broken in CVS. Fixed now. + +- 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194) + pointed out that the warnf() function in the curl tool didn't properly deal + with the cases when excessively long words were used in the string to chop + up. + +Daniel S (22 May 2007) +- Andre Guibert de Bruet fixed a memory leak in the function that verifies the + peer's name in the SSL certificate when built for OpenSSL. The leak happens + for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN + name from UTF8. He also fixed a leak when PKCS #12 parsing failed. + +Daniel S (18 May 2007) +- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report + #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the + transfer-related info "variables" were indeed overwritten with zeroes + wrongly and have now been adjusted. The upload size still isn't accurate. + +Daniel S (17 May 2007) +- Feng Tu pointed out a division by zero error in the TFTP connect timeout + code for timeouts less than five seconds, and also provided a fix for it. + Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392) + +Dan F (16 May 2007) +- Added support for compiling under Minix 3.1.3 using ACK. + +Dan F (14 May 2007) +- Added SFTP directory listing test case 613. + +- Added support for quote commands before a transfer using SFTP and test + case 614. + +- Changed the post-quote commands to occur after the transferred file is + closed. + +- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0. + +Dan F (9 May 2007) +- Kristian Gunstone fixed a problem where overwriting an uploaded file with + sftp didn't truncate it first, which would corrupt the file if the new + file was shorter than the old. + +Dan F (8 May 2007) +- Added FTPS test cases 406 and 407 + +Daniel S (8 May 2007) +- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is + because I just made SCP uploads return this value if the file size of + the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to + reflect this news, and a define for the old name was added to the public + header file. + +Daniel S (7 May 2007) +- James Bursa fixed a bug in the multi handle code that made the connection + cache grow a bit too much, beyond the normal 4 * easy_handles. + +Daniel S (2 May 2007) +- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0 + when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is + not very nice if the client wants to be able to use _either_ a HTTP 1.1 + server or one within the aliases list... so starting now, libcurl will + simply consider 200-alias matches the to be HTTP 1.0 compliant. + +- Tobias Rundström reported a problem they experienced with xmms2 and recent + libcurls, which turned out to be the 25-nov-2006 change which treats HTTP + responses without Content-Length or chunked encoding as without bodies. We + now added the conditional that the above mentioned response is only without + body if the response is HTTP 1.1. + +- Jeff Pohlmeyer improved the hiperfifo.c example to use the + CURLMOPT_TIMERFUNCTION callback option. + +- Set the timeout for easy handles to expire really soon after addition or + when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform, + to make applications using only curl_multi_socket() to properly function + when adding easy handles "on the fly". Bug report and test app provided by + Michael Wallner. + +Dan F (30 April 2007) +- Improved the test harness to allow running test servers on other than + the default port numbers, allowing more than one test suite to run + simultaneously on the same host. + +Daniel S (28 April 2007) +- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before, + since it then inits libgcrypt and libgcrypt is being evil and EXITS the + application if it fails to get a fine random seed. That's really not a nice + thing to do by a library. + +- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had + been removed from a multi handle, and then fixed another flaw that prevented + curl_easy_duphandle() to work even after the first fix - the handle was + still marked as using the multi interface. + +Daniel S (26 April 2007) +- Peter O'Gorman found a problem with SCP downloads when the downloaded file + was 16385 bytes (16K+1) and it turned out we didn't properly always "suck + out" all data from libssh2. The effect being that libcurl would hang on the + socket waiting for data when libssh2 had in fact already read it all... + +Dan F (25 April 2007) +- Added support in runtests.pl for "!n" test numbers to disable individual + tests. Changed -t to only keep log files around when -k is specified, + to have the same behaviour as without -t. + +Daniel S (25 April 2007) +- Sonia Subramanian brought our attention to a problem that happens if you set + the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection + in the connection cache is closed to make room for the new one when you call + curl_easy_perform(). It would then wrongly free range-related data in the + connection close funtion. + +Yang Tse (25 April 2007) +- Steve Little fixed compilation on VMS 64-bit mode + +Daniel S (24 April 2007) +- Robert Iakobashvili made the 'master_buffer' get allocated first once it is + can/will be used as it then makes the common cases save 16KB of data for each + easy handle that isn't used for pipelining. + +Dan F (23 April 2007) +- Added support to the test harness. + +- Added tests 610-612 to test more SFTP post-quote commands. + +Daniel S (22 April 2007) +- Song Ma's warning if -r/--range is given with a "bad" range, also noted in + the man page now. + +- Daniel Black filed bug #1705177 + (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl + --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS + was found and used. + +Daniel S (21 April 2007) +- Daniel Black filed bug #1704675 + (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free + problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on + closedown after a failure and a bad #ifdef for NSS when closing down SSL. + +Yang Tse (20 April 2007) +- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of + Curl_socket_ready(), Curl_poll() and Curl_select() when these are called + with a zero timeout or a timeout value indicating a blocking call should + be performed. + +Daniel S (18 April 2007) +- James Housley made SFTP uploads use libssh2's non-blocking API + +- Prevent the internal progress meter from updating more frequently than once + per second. + +Dan F (17 April 2007) +- Added test cases 296, 297 and 298 to test --ftp-method handling + +Daniel S (16 April 2007) +- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a + function that deprecates the curl_multi_socket() function. Using the new + function the application tell libcurl what action that was found in the + socket that it passes in. This gives a significant performance boost as it + allows libcurl to avoid a call to poll()/select() for every call to + curl_multi_socket*(). + + I added a define in the public curl/multi.h header file that will make your + existing application automatically use curl_multi_socket_action() instead of + curl_multi_socket() when you recompile. But of course you'll get better + performance if you adjust your code manually and actually pass in the + correct action bitmask to this function. + +Daniel S (14 April 2007) +- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test + suite to make stunnel run better in some (most?) environments. + +Dan F (13 April 2007) +- Added test cases 294 and 295 to test --ftp-account handling + +- Improved handling of out of memory in ftp. + +Yang Tse (13 April 2007) +- Fix test case 534 which started to fail 2007-04-13 due to the existance + of a new host on the net with the same silly domain the test was using + for a host which was supposed not to exist. + +Daniel S (12 April 2007) +- Song Ma found a memory leak in the if2ip code if you pass in an interface + name longer than the name field of the ifreq struct (typically 6 bytes), as + then it wouldn't close the used dummy socket. Bug #1698974 + (http://curl.haxx.se/bug/view.cgi?id=1698974) + +Version 7.16.2 (11 April 2007) + +Yang Tse (10 April 2007) +- Ravi Pratap provided some fixes for HTTP pipelining + +- configure script will ignore --enable-sspi option for non-native Windows. + +Daniel S (9 April 2007) +- Nick Zitzmann did ssh.c cleanups + +Daniel S (3 April 2007) +- Rob Jones fixed better #ifdef'ing for a bunch of #include lines. + +Daniel S (2 April 2007) +- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The + accepted commands are as follows: + + chgrp (gid) (path) + Changes the group ID of the file or directory at (path) to (gid). (gid) + must be a number. + + chmod (perms) (path) + Changes the permissions of the file or directory at (path) to + (perms). (perms) must be a number in the format used by the chmod Unix + command. + + chown (uid) (path) + Changes the user ID of the file or directory at (path) to (uid). (uid) + must be a number. + + ln (source) (dest) + Creates a symbolic link at (dest) that points to the file located at + (source). + + mkdir (path) + Creates a new directory at (path). + + rename (source) (dest) + Moves the file or directory at (source) to (dest). + + rm (path) + Deletes the file located at (path). + + rmdir (path) + Deletes the directory located at (path). This command will raise an error + if the directory is not empty. + + symlink (source) (dest) + Same as ln. + +Daniel S (1 April 2007) +- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many + easy handles are added to a multi handle, by avoiding the looping over all + the handles to find which one to remove. + +- Matt Kraai provided a patch that makes curl build on QNX 6 fine again. + +Daniel S (31 March 2007) +- Fixed several minor issues detected by the coverity.com scanner. + +- "Pixel" fixed a problem that appeared when you used -f with user+password + embedded in the URL. + +Dan F (29 March 2007) +- Don't tear down the ftp connection if the maximum filesize was exceeded + and added tests 290 and 291 to check. + +- Added ftps upload and SSL required tests 401 and 402. + +- Send an EOF message before closing an SCP channel, as recommended by + RFC4254. Enable libssh2 tracing when ssh debugging is turned on. + +Yang Tse (27 March 2007) +- Internal function Curl_select() renamed to Curl_socket_ready() + + New Internal wrapper function Curl_select() around select (2), it + uses poll() when a fine poll() is available, so now libcurl can be + built without select() support at all if a fine poll() is available. + +Daniel S (25 March 2007) +- Daniel Johnson fixed multi code to traverse the easy handle list properly. + A left-over bug from the February 21 fix. + +Dan F (23 March 2007) +- Added --pubkey option to curl and made --key also work for SCP/SFTP, + plus made --pass work on an SSH private key as well. + +- Changed the test harness to attempt to gracefully shut down servers + before resorting to the kill -9 hammer. + +- Added test harness infrastructure to support scp/sftp tests, using + OpenSSH as the server. + +- Fixed a memory leak when specifying a proxy with a file: URL. + +Yang Tse (20 March 2007) +- Fixed: When a signal was caught awaiting for an event using Curl_select() + or Curl_poll() with a non-zero timeout both functions would restart the + specified timeout. This could even lead to the extreme case that if a + signal arrived with a frecuency lower to the specified timeout neither + function would ever exit. + + Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in + Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR + defined both functions will return as soon as a signal is caught. Use it + at your own risk, all calls to these functions in the library should be + revisited and checked before fully supporting this feature. + +Yang Tse (19 March 2007) +- Bryan Henderson fixed the progress function so that it can get called more + frequently allowing same calling frecuency for the client progress callback. + +Dan F (15 March 2007) +- Various memory leaks plugged and NULL pointer fixes made in the ssh code. + +Daniel (15 March 2007) +- Nick made the curl tool accept globbing ranges that only is one number, i.e + you can now use [1-1] without curl complaining. + +Daniel (10 March 2007) +- Eygene Ryabinkin: + + The problem is the following: when we're calling Curl_done and it decides to + keep the connection opened ('left intact'), then the caller is not notified + that the connection was done via the NULLifying of the pointer, so some easy + handle is keeping the pointer to this connection. + + Later ConnectionExists can select such connection for reuse even if we're + not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is + false and we can reuse this connection for another easy handle. But thus the + connection will be shared between two easy handles if the handle that wants + to take the ownership is not the same as was not notified of the connection + was done in Curl_done. And when some of these easy handles will get their + connection really freed the another one will still keep the pointer. + + My fix was rather trivial: I just added the NULLification to the 'else' + branch in the Curl_done. My tests with Git and ElectricFence showed no + problems both for HTTP pulling and cloning. Repository size is about 250 Mb, + so it was a considerable amount of Curl's work. + +Dan F (9 March 2007) +- Updated the test harness to add a new "crypto" feature check and updated the + appropriate test case to use it. For now, this is treated the same as the + "SSL" feature because curl doesn't list it separately. + +Daniel (9 March 2007) +- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6. + +- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct + machine type too. + +- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to + upload a file it couldn't open. Bug #1676581 + (http://curl.haxx.se/bug/view.cgi?id=1676581) + +Dan F (9 March 2007) +- Updated the test harness to check for protocol support before running each + test, fixing KNOWN_BUGS #11. + +Dan F (7 March 2007) +- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test + harness. It is very limited as it supports only ftps:// URLs with + --ftp-ssl-control specified, which implicitly encrypts the control + channel but not the data channels. That allows stunnel to be used with + an unmodified ftp server in exactly the same way that the test https + server is set up. + +Dan F (7 March 2007) +- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and + unencrypted data connections. + +Dan F (6 March 2007) +- Fixed a couple of improper pointer uses detected by valgrind in test + cases 181 & 216. + +Daniel (2 March 2007) +- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8 + makefiles that are included in the source release archives, generated from + the Makefile.vc6 files by the maketgz script. I also modified the root + Makefile to have a VC variable that defaults to vc6 but can be overridden to + allow it to be used for vc8 as well. Like this: + + nmake VC=vc8 vc + +Daniel (27 February 2007) +- Hang Kin Lau found and fixed: When I use libcurl to connect to an https + server through a proxy and have the remote https server port set using the + CURLOPT_PORT option, protocol gets reset to http from https after the first + request. + + User defined URL was modified internally by libcurl and subsequent reuse of + the easy handle may lead to connection using a different protocol (if not + originally http). + + I found that libcurl hardcoded the protocol to "http" when it tries to + regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as + follows and it's working fine so far + +Daniel (25 February 2007) +- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from + the multi interface. Note that it still does a part of the connection in a + blocking manner. + +Daniel (23 February 2007) +- Added warning outputs if the command line uses more than one of the options + -v, --trace and --trace-ascii, since it could really confuse the user. + Clarified this fact in the man page. + +Daniel (21 February 2007) +- Ravi Pratap provided work on libcurl making pipelining more robust and + fixing some bugs: + o Don't mix GET and POST requests in a pipeline + o Fix the order in which requests are dispatched from the pipeline + o Fixed several curl bugs with pipelining when the server is returning + chunked encoding: + * Added states to chunked parsing for final CRLF + * Rewind buffer after parsing chunk with data remaining + * Moved chunked header initializing to a spot just before receiving + headers + +Daniel (20 February 2007) +- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle + active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command + line option. + +Daniel (19 February 2007) +- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl. + +- Shmulik Regev found a memory leak in re-used HTTPS connections, at least + when the multi interface was used. + +- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and + 5). + +Daniel (18 February 2007) +- Jeff Pohlmeyer identified two problems: first a rather obscure problem with + the multi interface and connection re-use that could make a + curl_multi_remove_handle() ruin a pointer in another handle. + + The second problem was less of an actual problem but more of minor quirk: + the re-using of connections wasn't properly checking if the connection was + marked for closure. + +Daniel (16 February 2007) +- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting + CURLOPT_RANGE back to no range on an easy handle when using FTP. + +Dan F (14 February 2007) +- Fixed curl-config --libs so it doesn't list unnecessary libraries (and + therefore introduce unnecessary dependencies) when it's not needed. + Also, don't bother adding a library path of /usr/lib + +Daniel (13 February 2007) +- The default password for anonymous FTP connections is now changed to be + "ftp@example.com". + +- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have + gmtime_r() like the older VC versions. He also made use of some machine- + specific defines to differentiate the "OS" define. + +Daniel (12 February 2007) +- Rob Crittenden added support for NSS (Network Security Service) for the + SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/ + + This is the fourth supported library for TLS/SSL that libcurl supports! + +- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent + to the debug callback. + +- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and + CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's + internal decoding of content or transfer encoded content. This may be + preferable in cases where you use libcurl for proxy purposes or similar. The + command line tool got a --raw option to disable both at once. + +- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP + define set to hold the exact date and time of when the tarball was built, as + a human readable string using the UTC time zone. + +- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle + that has an easy handle present in the "closure" list pending closure. + +Daniel (6 February 2007) +- Regular file downloads wiht SFTP and SCP are now done using the non-blocking + API of libssh2, if the libssh2 headers seem to support them. This will make + SCP and SFTP much more responsive and better libcurl citizens when used with + the multi interface etc. + +Daniel (5 February 2007) +- Michael Wallner added support for CURLOPT_TIMEOUT_MS and + CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with + millisecond resolution. The only restriction to that is the alarm() + (sometimes) used to abort name resolves as that uses full seconds. I fixed + the FTP response timeout part of the patch. + + Internally we now count and keep the timeouts in milliseconds but it also + means we multiply set timeouts with 1000. The effect of this is that no + timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which + equals 24.86 days. We probably couldn't before either since the code did + *1000 on the timeout values on several places already. + +Daniel (3 February 2007) +- Yang Tse fixed the cookie expiry date in several test cases that started to + fail since they used "1 feb 2007"... + +- Manfred Schwarb reported that socks5 support was broken and help us pinpoint + the problem. The code now tries harder to use httproxy and proxy where + apppropriate, as not all proxies are HTTP... + +Version 7.16.1 (29 January 2007) + +Daniel (29 January 2007) +- Michael Wallner reported that when doing a CONNECT with a custom User-Agent + header, you got _two_ User-Agent headers in the CONNECT request...! Added + test case 287 to verify the fix. + +Daniel (28 January 2007) +- curl_easy_reset() now resets the CA bundle path correctly. + +- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII + platforms. + +Daniel (25 January 2007) +- Added the --libcurl [file] option to curl. Append this option to any + ordinary curl command line, and you will get a libcurl-using source code + written to the file that does the equivalent operation of what your command + line operation does! + +Dan F (24 January 2007) +- Fixed a dangling pointer problem that prevented the http_proxy environment + variable from being properly used in many cases (and caused test case 63 + to fail). + +Daniel (23 January 2007) +- David McCreedy did NTLM changes mainly for non-ASCII platforms: + + #1 + There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT + defined. I noticed this while testing various configurations. Line 867 of + the current http_ntlm.c is a closing bracket for an if/else pair that only + gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket + wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was + defined. Lines 198 and 140 of my patch wraps that closing bracket in an + #ifdef USE_NTLM2SESSION. + + #2 + I noticed several picky compiler warnings when DEBUG_ME is defined. I've + fixed them with casting. By the way, DEBUG_ME was a huge help in + understanding this code. + + #3 + Hopefully the last non-ASCII conversion patch for libcurl in a while. I + changed the "NTLMSSP" literal to hex since this signature must always be in + ASCII. + + Conversion code was strategically added where necessary. And the + Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c + creates are NOT translated on non-ASCII platforms. + +Dan F (22 January 2007) +- Converted (most of) the test data files into genuine XML. A handful still + are not, due mainly to the lack of support for XML character entities + (e.g. & => & ). This will make it easier to validate test files using + tools like xmllint, as well as to edit and view them using XML tools. + +Daniel (16 January 2007) +- Armel Asselin improved libcurl to behave a lot better when an easy handle + doing an FTP transfer is removed from a multi handle before completion. The + fix also fixed the "alive counter" to be correct on "premature removal" for + all protocols. + +Dan F (16 January 2007) +- Fixed a small memory leak in tftp uploads discovered by curl's memory leak + detector. Also changed tftp downloads to URL-unescape the downloaded + file name. + +Daniel (14 January 2007) +- David McCreedy provided libcurl changes for doing HTTP communication on + non-ASCII platforms. It does add some complexity, most notably with more + #ifdefs, but I want to see this supported added and I can't see how we can + add it without the extra stuff added. + +- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present, + libcurl would crash when trying to read a NULL pointer. + +Daniel (12 January 2007) +- Toby Peterson found a nasty bug that prevented (lib)curl from properly + downloading (most) things that were larger than 4GB on 32 bit systems. Matt + Witherspoon helped as narrow down the problem. + +Daniel (5 January 2007) +- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to + curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it + will make libcurl shutdown SSL/TLS after the authentication is done on a + FTP-SSL operation. + +Daniel (4 January 2007) +- David McCreedy made changes to allow base64 encoding/decoding to work on + non-ASCII platforms. + +Daniel (3 January 2007) +- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store + downloaded data in two buffers, just to be able to deal with a special HTTP + pipelining case. That is now only activated for pipelined transfers. In + Matt's case, it showed as a considerable performance difference, + +Daniel (2 January 2007) +- Victor Snezhko helped us fix bug report #1603712 + (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate + (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken + on Windows (since 7.16.0, but that's when they were introduced as previous + to that the limiting logic was made in the application only and not in the + library). It was actually also broken on select()-based systems (as apposed + to poll()) but we haven't had any such reports. We now use select(), Sleep() + or delay() properly to sleep a while without waiting for anything input or + output when the rate limiting is activated with the easy interface. + +- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs + to get built static. It has been mentioned before and was again brought to + our attention by Nathanael Nerode who filed debian bug report #405226 + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226). + Daniel (29 December 2006) - Make curl_easy_duphandle() set the magic number in the new handle. -- cgit v1.2.3