From 6f7d0a7cbd0578dc20a22279269a14a143d7e8ee Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 2 May 2007 13:14:56 +0000 Subject: Merged _all_ old changelogs into the single CHANGES.0 file. Having a new one for every year is giving us too many files! I also split out the changes from 2006 from CHANGES to CHANGES.0 now. --- CHANGES | 1090 --------------------------------------------------------------- 1 file changed, 1090 deletions(-) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 54514b2df..72c0fad4a 100644 --- a/CHANGES +++ b/CHANGES @@ -533,1093 +533,3 @@ Daniel (2 January 2007) our attention by Nathanael Nerode who filed debian bug report #405226 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226). -Daniel (29 December 2006) -- Make curl_easy_duphandle() set the magic number in the new handle. - -Daniel (22 December 2006) -- Robert Foreman provided a prime example snippet showing how libcurl would - get confused and not acknowledge the 'no_proxy' variable properly once it - had used the proxy and you re-used the same easy handle. I made sure the - proxy name is properly stored in the connect struct rather than the - sessionhandle/easy struct. - -- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t - variable to point to when it should be a socklen_t. - -- When setting a proxy with environment variables and (for example) running - 'curl [URL]' with a URL without a protocol prefix, curl would not send a - correct request as it failed to add the protocol prefix. - -Daniel (21 December 2006) -- Robson Braga Araujo reported bug #1618359 - (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a - patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 - enters an infinite loop, while curl 7.16.1-20061218 does one additional - unnecessary request. - - Fix: During the "Major overhaul introducing http pipelining support and - shared connection cache within the multi handle." change, headerbytecount - was moved to live in the Curl_transfer_keeper structure. But that structure - is reset in the Transfer method, losing the information that we had about - the header size. This patch moves it back to the connectdata struct. - -Daniel (16 December 2006) -- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE - during certain conditions when GnuTLS is used. - -Daniel (11 December 2006) -- Alexey Simak found out that when doing FTP with the multi interface and - something went wrong like it got a bad response code back from the server, - libcurl would leak memory. Added test case 538 to verify the fix. - - I also noted that the connection would get cached in that case, which - doesn't make sense since it cannot be re-use when the authentication has - failed. I fixed that issue too at the same time, and also that the path - would be "remembered" in vain for cases where the connection was about to - get closed. - -Daniel (6 December 2006) -- Sebastien Willemijns reported bug #1603712 - (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections - getting cut off prematurely when --limit-rate is used. While I found no such - problems in my tests nor in my reading of the code, I found that the - --limit-rate code was severly flawed (since it was moved into the lib, since - 7.15.5) when used with the easy interface and it didn't work as documented - so I reworked it somewhat and now it works for my tests. - -Daniel (5 December 2006) -- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when - passing a curl_off_t argument to the Curl_read_rewind() function which takes - an size_t argument. Curl_read_rewind() also had debug code left in it and it - was put in a different source file with no good reason when only used from - one single spot. - -- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is - no code present in the library that receives the option. Since it was not - possible to use, we know that no current users exist and thus we simply - removed it from the docs and made the code always use the default path of - the code. - -- Jared Lundell filed bug report #1604956 - (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting - CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl - will always internally use no less than 1 entry in the connection cache. - -- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in - the 7.16.0 release. - -- Martin Skinner brought back bug report #1230118 to haunt us once again. - (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work - properly for all input dates on Windows. It was mostly seen on some TZ time - zones using DST. Luckily, Martin also provided a fix. - -- Alexey Simak filed bug report #1600447 - (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active - FTP connections don't work with the multi interface. The problem is here - that the multi interface state machine has a state during which it can wait - for the data connection to connect, but the active connection is not done in - the same step in the sequence as the passive one is so it doesn't quite work - for active. The active FTP code still use a blocking function to allow the - remote server to connect. - - The fix (work-around is a better word) for this problem is to set the - boolean prematurely that the data connection is completed, so that the "wait - for connect" phase ends at once. - - The proper fix, left for the future, is of course to make the active FTP - case to act in a non-blocking way too. - -- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a - HTTP upload was disconnected: - - "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is - setting *only* POLLHUP on poll() when the conditions in my previous mail - occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So - basically what was happening, is poll() was returning immediately (with - POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or - POLLOUT was set. This still caused Curl_readwrite() to be called, which - quickly returned. Then the transfer() loop kept continuing at full speed - forever." - -Daniel (1 December 2006) -- Toon Verwaest reported that there are servers that send the Content-Range: - header in a third, not suppported by libcurl, format and we agreed that we - could make the parser more forgiving to accept all the three found - variations. - -Daniel (25 November 2006) -- Venkat Akella found out that libcurl did not like HTTP responses that simply - responded with a single status line and no headers nor body. Starting now, a - HTTP response on a persistent connection (i.e not set to be closed after the - response has been taken care of) must have Content-Length or chunked - encoding set, or libcurl will simply assume that there is no body. - - To my horror I learned that we had no less than 57(!) test cases that did bad - HTTP responses like this, and even the test http server (sws) responded badly - when queried by the test system if it is the test system. So although the - actual fix for the problem was tiny, going through all the newly failing test - cases got really painful and boring. - -Daniel (24 November 2006) -- James Housley did lots of work and introduced SFTP downloads. - -Daniel (13 November 2006) -- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed - out a stack overwrite (and the corresponding fix) on 64bit Windows when - dealing with HTTP chunked encoding. - -Daniel (9 November 2006) -- Nir Soffer updated libcurl.framework.make: - o fix symlinks, should link to Versions, not to ./Versions - o indentation improvments - -- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov - 2006. It turned out we wrongly assumed that the connection cache was present - when tearing down a connection. - -- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the - multi interface, but I could also repeat it doing multiple sequential ones - with the easy interface. Using Ciprian's test case, I could fix it. - -Daniel (8 November 2006) -- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without - CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the - SSL handshake. This is now stopped. - -Daniel (7 November 2006) -- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a - wrong error message in the error message buffer. - -Daniel (3 November 2006) -- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious - KNOWN_BUGS #25, which happens when a proxy closes the connection when - libcurl has sent CONNECT, as part of an authentication negotiation. Starting - now, libcurl will re-connect accordingly and continue the authentication as - it should. - -Daniel (2 November 2006) -- James Housley brought support for SCP transfers, based on the libssh2 library - for the actual network protocol stuff. - - Added these new curl_easy_setopt() options: - - CURLOPT_SSH_AUTH_TYPES - CURLOPT_SSH_PUBLIC_KEYFILE - CURLOPT_SSH_PRIVATE_KEYFILE - -Version 7.16.0 (30 October 2006) - -Daniel (25 October 2006) -- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the - case when 401 or 407 are returned, *IF* no auth credentials have been given. - The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 - and 407 cases when auth credentials is given, but we've now covered this - somewhat more. - - You might get some amounts of headers transferred before this situation is - detected, like for when a "100-continue" is received as a response to a - POST/PUT and a 401 or 407 is received immediately afterwards. - - Added test 281 to verify this change. - -Daniel (23 October 2006) -- Ravi Pratap provided a major update with pipelining fixes. We also no longer - re-use connections (for pipelining) before the name resolving is done. - -Daniel (21 October 2006) -- Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all - the single test applications' link and dependences, so that you easier can - override those from the command line when using make. - -- Armel Asselin separated CA cert verification problems from problems with - reading the (local) CA cert file to let users easier pinpoint the actual - problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. - -Daniel (18 October 2006) -- Removed the "protocol-guessing" for URLs with host names starting with FTPS - or TELNET since they are practically non-existant. This leaves us with only - three different prefixes that would assume the protocol is anything but - HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". - -Daniel (17 October 2006) -- Bug report #1579171 pointed out code flaws detected with "prefast", and they - were 1 - a too small memory clear with memset() in the threaded resolver and - 2 - a range of potentially bad uses of the ctype family of is*() functions - such as isdigit(), isalnum(), isprint() and more. The latter made me switch - to using our own set of these functions/macros using uppercase letters, and - with some extra set of crazy typecasts to avoid mistakingly passing in - negative numbers to the underlying is*() functions. - -- With Jeff Pohlmeyer's help, I fixed the expire timer when using - curl_multi_socket() during name resolves with c-ares and the LOW_SPEED - options now work fine with curl_multi_socket() as well. - -Daniel (16 October 2006) -- Added a check in configure that simply tries to run a program (not when - cross-compiling) in order to detect problems with run-time libraries that - otherwise would occur when the sizeof tests for curl_off_t would run and - thus be much more confusing to users. The check of course should run after - all lib-checks are done and before any other test is used that would run an - executable built for testing-purposes. - -Dan F (13 October 2006) -- The tagging of application/x-www-form-urlencoded POST body data sent - to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously - included as part of the header). A message was also added to the - command line tool to show when data is being sent, enabled when - --verbose is used. - -Daniel (12 October 2006) -- Starting now, adding an easy handle to a multi stack that was already added - to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. - -- Jeff Pohlmeyer has been working with the hiperfifo.c example source code, - and while doing so it became apparent that the current timeout system for - the socket API really was a bit awkward since it become quite some work to - be sure we have the correct timeout set. - - Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another - callback the app can set to get to know when the general timeout time - changes and thus for an application like hiperfifo.c it makes everything a - lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in - good old libcurl tradition. - - Jeff has also updated the hiperfifo.c example code to use this news. - -Daniel (9 October 2006) -- Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test - case 535 and it now runs fine. Again a problem with the pipelining code not - taking all possible (error) conditions into account. - -Daniel (6 October 2006) -- Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to - test case 533 and the test now runs fine. - -Daniel (4 October 2006) -- Dmitriy Sergeyev provided an example source code that crashed CVS libcurl - but that worked nicely in 7.15.5. I converted it into test case 532 and - fixed the problem. - -Daniel (29 September 2006) -- Removed a few other no-longer present options from the header file. - -- Support for FTP third party transfers was removed. Here's why: - - o The recent multi interface changes broke it and the design of the 3rd party - transfers made it very hard to fix the problems - o It was still blocking and thus nasty for the multi interface - o It was a lot of extra code for a very rarely used feature - o It didn't use the same code as for "plain" FTP transfers, so it didn't work - fine for IPv6 and it didn't properly re-use connections and more - o There's nobody around who's willing to work on and improve the existing - code - - This does not mean that third party transfers are banned forever, only that - they need to be done better if they are to be re-added in the future. - - The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* - options from the command line tool. For this reason, I also bumped the - version info for the lib. - -Daniel (28 September 2006) -- Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl - would crash if a bad function sequence was used when shutting down after - using the multi interface (i.e using easy_cleanup after multi_cleanup) so - precautions have been added to make sure it doesn't any more - test case 529 - was added to verify. - -Daniel (27 September 2006) -- The URL in the cookie jar file is now changed since it was giving a 404. - Reported by Timothy Stone. The new URL will take the visitor to a curl web - site mirror with the document. - -Daniel (24 September 2006) -- Bernard Leak fixed configure --with-gssapi-libs. - -- Cory Nelson made libcurl use the WSAPoll() function if built for Windows - Vista (_WIN32_WINNT >= 0x0600) - -Daniel (23 September 2006) -- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only - encrypt the control connection and use the data connection "plain". - -- Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better - as it now will read the full data sent from servers. The SOCKS-related code - was also moved to the new lib/socks.c source file. - -Daniel (21 September 2006) -- Added test case 531 in an attempt to repeat bug report #1561470 - (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an - FTP upload fails with the multi interface. It did not, but I made a failed - upload still assume the control connection to be fine. - -Daniel (20 September 2006) -- Armel Asselin fixed problems when you gave a proxy URL with user name and - empty password or no password at all. Test case 278 and 279 were added to - verify. - -Daniel (12 September 2006) -- Added docs/examples/10-at-a-time.c by Michael Wallner - -- Added docs/examples/hiperfifo.c by Jeff Pohlmeyer - -Daniel (11 September 2006) -- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a - handle that is part of a multi handle first removes the handle from the - stack. - -- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL - session-ID re-use on demand since there obviously are broken servers out - there that misbehave with session-IDs used. - -- Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a - problem with it (SIGSEGV-style). It clearly showed that the existing - socket-state and state-difference function wasn't good enough so I rewrote - it and could then re-run Jeff's program without any crash. The previous - version clearly could miss to tell the application when a handle changed - from using one socket to using another. - - While I was at it (as I could use this as a means to track this problem - down), I've now added a 'magic' number to the easy handle struct that is - inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that - we can use internally to detect that an easy handle seems to be fine, or at - least not closed or freed (freeing in debug builds fill the area with 0x13 - bytes but in normal builds we can of course not assume any particular data - in the freed areas). - -Daniel (9 September 2006) -- Michele Bini fixed how the hostname is put in NTLM packages. As servers - don't expect fully qualified names we need to cut them off at the first dot. - -- Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some - of them can be completetly removed though... - -Daniel (6 September 2006) -- Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a - multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that - handle will be attempted to get pipelined instead of done in parallell as - they are performed otherwise. - - As a side-effect from this work, connections are now shared between all easy - handles within a multi handle, so if you use N easy handles for transfers, - each of them can pick up and re-use a connection that was previously used by - any of the handles, be it the same or one of the others. - - This separation of the tight relationship between connections and easy - handles is most noticable when you close easy handles that have been used in - a multi handle and check amount of used memory or watch the debug output, as - there are times when libcurl will keep the easy handle around for a while - longer to be able to close it properly. Like for sending QUIT to close down - an FTP connection. - - This is a major change. - -Daniel (4 September 2006) -- Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a - patch that while not fixing things very nicely, it does make the SOCKS5 - proxy connection slightly better as it now acknowledges the timeout for - connection and it no longer segfaults in the case when SOCKS requires - authentication and you did not specify username:password. - -Daniel (31 August 2006) -- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch - name resolves. It could get stuck in the wrong state. - -Gisle (29 August 2006) -- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS - compiler now uses the same config.dos file (renamed to config.h by - make). libcurl now builds fine using Watcom and Metaware's High-C - using the Watt-32 tcp/ip-stack. - -Daniel (29 August 2006) -- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to - allow applications to set their own socket options. - -Daniel (25 August 2006) -- Armel Asselin reported that the 'running_handles' counter wasn't updated - properly if you removed a "live" handle from a multi handle with - curl_multi_remove_handle(). - -Daniel (22 August 2006) -- David McCreedy fixed a remaining mistake from the August 19 TYPE change. - -- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP - code when doing pure ipv6 EPRT connections. - -Daniel (19 August 2006) -- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE - command on subsequent requests on a re-used connection unless it has to. - -- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and - files in the root directory. - -- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't - send the whole request at once, even though the Expect: header was disabled - by the application. An effect of this change is also that small (< 1024 - bytes) POSTs are now always sent without Expect: header since we deem it - more costly to bother about that than the risk that we send the data in - vain. - -Daniel (9 August 2006) -- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when - CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place - in the command sequence as it would have run if there would've been a - transfer. - -Daniel (8 August 2006) -- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs - on a persistent connection and allowed the first to use that header, you - could not disable it for the second request. - -Daniel (7 August 2006) -- Domenico Andreolfound a quick build error which happened because - src/config.h.in was not a proper duplcate of lib/config.h.in which it - should've been and this was due to the maketgz script not doing the cp - properly. - -Version 7.15.5 (7 August 2006) - -Daniel (2 August 2006) -- Mark Lentczner fixed how libcurl was not properly doing chunked encoding - if the header "Transfer-Encoding: chunked" was set by the application. - http://curl.haxx.se/bug/view.cgi?id=1531838 - -Daniel (1 August 2006) -- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() - an unknown error number on glibc systems. - http://curl.haxx.se/bug/view.cgi?id=1532289 - -Daniel (31 July 2006) -- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified - prototypes: they both now provide the number of running handles back to the - calling function. It makes the functions resemble the good old - curl_multi_perform() more and provides a nice way to know when the multi - handle goes empty. - - ALERT2: don't use the curl_multi_socket*() functionality in anything - production-like until I say it's somewhat settled, as I suspect there might - be some further API changes before I'm done... - -Daniel (28 July 2006) -- Yves Lejeune fixed so that replacing Content-Type: when doing multipart - formposts work exactly the way you want it (and the way you'd assume it - works). - -Daniel (27 July 2006) -- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both - control and data connection, as the existing --ftp-ssl option only requests - it. - -- [Hiper-related work] Added a function called curl_multi_assign() that will - set a private pointer added to the internal libcurl hash table for the - particular socket passed in to this function: - - CURLMcode curl_multi_assign(CURLM *multi_handle, - curl_socket_t sockfd, - void *sockp); - - 'sockp' being a custom pointer set by the application to be associated with - this socket. The socket has to be already existing and in-use by libcurl, - like having already called the callback telling about its existance. - - The set hashp pointer will then be passed on to the callback in upcoming - calls when this same socket is used (in the brand new 'socketp' argument). - -Daniel (26 July 2006) -- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl - tool option named --ftp-alternative-to-user. It provides a mean to send a - particular command if the normal USER/PASS approach fails. - -- Michael Jerris added magic that builds lib/curllib.vcproj automatically for - newer MSVC. - -Daniel (25 July 2006) -- Georg Horn made the transfer timeout error message include more details. - -Daniel (20 July 2006) -- David McCreedy fixed a build error when building libcurl with HTTP disabled, - problem added with the curl_formget() patch. - -Daniel (17 July 2006) -- Jari Sundell did some excellent research and bug tracking, figured out that - we did wrong and patched it: When nodes were removed from the splay tree, - and we didn't properly remove it from the splay tree when an easy handle was - removed from a multi stack and thus we could wrongly leave a node in the - splay tree pointing to (bad) memory. - -Daniel (14 July 2006) -- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared - for FTP ASCII transfers. - -Daniel (8 July 2006) -- Ates Goral pointed out that libcurl's cookie parser did case insensitive - string comparisons on the path which is incorrect and provided a patch that - fixes this. I edited test case 8 to include details that test for this. - -- Ingmar Runge provided a source snippet that caused a crash. The reason for - the crash was that libcurl internally was a bit confused about who owned the - DNS cache at all times so if you created an easy handle that uses a shared - DNS cache and added that to a multi handle it would crash. Now we keep more - careful internal track of exactly what kind of DNS cache each easy handle - uses: None, Private (allocated for and used only by this single handle), - Shared (points to a cache held by a shared object), Global (points to the - global cache) or Multi (points to the cache within the multi handle that is - automatically shared between all easy handles that are added with private - caches). - -Daniel (4 July 2006) -- Toshiyuki Maezawa fixed a problem where you couldn't override the - Proxy-Connection: header when using a proxy and not doing CONNECT. - -Daniel (24 June 2006) -- Michael Wallner added curl_formget(), which allows an application to extract - (serialise) a previously built formpost (as with curl_formadd()). - -Daniel (23 June 2006) -- Arve Knudsen found a flaw in curl_multi_fdset() for systems where - curl_socket_t is unsigned (like Windows) that could cause it to wrongly - return a max fd of -1. - -Daniel (20 June 2006) -- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and - CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed - to send or receive data. This kind of adds the the command line tool's - option --limit-rate to the library. - - The rate limiting logic in the curl app is now removed and is instead - provided by libcurl itself. Transfer rate limiting will now also work for -d - and -F, which it didn't before. - -Daniel (19 June 2006) -- Made -K on a file that couldn't be read cause a warning to be displayed. - -Daniel (13 June 2006) -- Dan Fandrich implemented --enable-hidden-symbols configure option to enable - -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl - binary and speeds up dynamic linking by hiding all the internal symbols from - the symbol table. - -Version 7.15.4 (12 June 2006) - -Daniel (8 June 2006) -- Brian Dessent fixed the code for cygwin in three distinct ways: - - The first modifies {lib,src}/setup.h to not include the winsock headers - under Cygwin. This fixes the reported build problem. Cygwin attempts as - much as possible to emulate a posix environment under Windows. This means - that WIN32 is *not* #defined and (to the extent possible) everything is done - as it would be on a *ix type system. Thus is the proper - include, and even though winsock2.h is present, including it just introduces - a whole bunch of incompatible socket API stuff. - - The second is a patch I've included in the Cygwin binary packages for a - while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The - checks are innocuous and they do succeed, but they pollute LIBS with - unnecessary stuff which gets recorded as such in the libcurl.la file, which - brings them into the build of any libcurl-downstream. As far as I know - these libs are really only necessary for mingw, so alternatively they could - be designed to only run if $host matches *-*-mingw* but I took the safer - route of skipping them for *-*-cygwin*. - - The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ - with __CYGWIN__. Ref: . - -Daniel (7 June 2006) -- Mikael Sennerholm provided a patch that added NTLM2 session response support - to libcurl. The 21 NTLM test cases were again modified to comply... - -Daniel (27 May 2006) -- Óscar Morales Vivó updated the libcurl.framework.make file. - -Daniel (26 May 2006) -- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to - fail. When using the md5-sess, the result was not Md5 encoded and Base64 - transformed. - -Daniel (25 May 2006) -- Michael Wallner provided a patch that allows "SESS" to be set with - CURLOPT_COOKIELIST, which then makes all session cookies get cleared. - -Daniel (24 May 2006) -- Tor Arntsen made test 271 run fine again since the TFTP path fix. - -Daniel (23 May 2006) -- Martin Michlmayr filed debian bug report #367954, but the same error also - showed up in the autobuilds. It seems a rather long-since introduced shell - script flaw in the configure script suddenly was detected by the bash - version in Debian Unstable. It had previously passed undetected by all - shells used so far... - -- David McCreedy updated lib/config-tpf.h - -Daniel (11 May 2006) -- Fixed the configure's check for old-style SSLeay headers since I fell over a - case with a duplicate file name (a krb4 implementation with an err.h - file). I converted the check to manually make sure three of the headers are - present before considering them fine. - -- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended - checks on the to-be-returned socket to make sure it truly seems to be alive - and well. For SSL connection it (only) uses OpenSSL functions. - -Daniel (10 May 2006) -- Fixed DICT in two aspects: - - 1 - allow properly URL-escaped words, like using %20 for spaces - - 2 - properly escape certain letters within a word to comply to the RFC2229 - -Daniel (9 May 2006) -- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU - autotools project, which optionally (default=yes) uses libcurl on a system - without a (usable) libcurl installation, but not specifying - `--without-libcurl', configure determines correctly that no libcurl is - available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' - in the resulting Makefiles. - - David Shaw fixed the flaw. - -- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL - connects. The state machine was not reset properly so that subsequent - connects using the same handle would fail, and there were two memory leaks. - -- Robson Braga Araujo fixed a memory leak when you added an easy handle to a - multi stack and that easy handle had already been used to do one or more - easy interface transfers, as then the code threw away the previously used - DNS cache without properly freeing it. - -Daniel (8 May 2006) -- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous - problems: - - * The received file is corrupted when a packet is lost and retransmitted - (this is a serious problem!) - - * Transmitting a file aborts if a block is lost and retransmitted - - * Data is stored in the wrong location in the buffer for uploads, so uploads - always fail (I don't see how it could have ever worked, but it did on x86 - at least) - - * A number of calls are made to strerror instead of Curl_strerror, making - the code not thread safe - - * There are references to errno instead of Curl_sockerrno(), causing - incorrect error messages on Windows - - * The file name includes a leading / which violates RFC3617. Doing something - similar to ftp, where two slashes after the host name means an absolute - reference seems a reasonable extension to fix this. - - * Failures in EBCDIC conversion are not propagated up to the caller but are - silently ignored - -- Fixed known bug #28. The TFTP code no longer assumes a packed struct and - thus works reliably on more platforms. - -Daniel (5 May 2006) -- Roland Blom filed bug report #1481217 - (http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele - Bini and David Byron. libcurl previously wrongly used GetLastError() on - windows to get error details after socket-related function calls, when it - really should use WSAGetLastError() instead. - - When changing to this, the former function Curl_ourerrno() is now instead - called Curl_sockerrno() as it is necessary to only use it to get errno from - socket-related functions as otherwise it won't work as intended on Windows. - -Daniel (4 May 2006) -- Mark Eichin submitted bug report #1480821 - (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a - problem with how libcurl dealt with GnuTLS and a case where gnutls returned - GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected - return code, making Curl_ssl_send() confuse the upper layer - causing random - 28 bytes trash data to get inserted in the transfered stream. - - The proper fix was to make the Curl_gtls_send() function return the proper - return codes that the callers would expect. The Curl_ossl_send() function - already did this. - -Daniel (2 May 2006) -- Added a --checkfor option to curl-config to allow users to easier - write for example shell scripts that test for the presence of a - new-enough libcurl version. If --checkfor is given a version string - newer than what is currently installed, curl-config will return a - non-zero exit code and output a string about the unfulfilled - requirement. - -Daniel (26 April 2006) -- David McCreedy brought initial line end conversions when doing FTP ASCII - transfers. They are done on non-windows systems and translate CRLF to LF. - - I modified the 15 LIST-using test cases accordingly. The downside is that now - we'll have even more trouble to get the tests to run on Windows since they - should get CRLF newlines left intact which the *nix versions don't. I figure - the only sane thing to do is to add some kind of [newline] macro for the test - case files and have them expanded to the proper native line ending when the - test cases are run. This is however left to implement. - -Daniel (25 April 2006) -- Paul Querna fixed libcurl to better deal with deflate content encoding - when the stream (wrongly) lacks a proper zlib header. This seems to be the - case on too many actual server implementations. - -Daniel (21 April 2006) -- Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. - -Daniel (19 April 2006) -- Based on previous info from Tor Arntsen, I made configure detect the Intel - ICC compiler to add a compiler option for it, in order for configure to - properly be able to detect function prototypes. - -- Robson Braga Araujo provided a patch that makes libcurl less eager to close - the control connection when using FTP, for example when you remove an easy - handle from a multi stack. - -- Applied a patch by Ates Goral and Katie Wang that corrected my bad fix - attempt from April 10. - -Daniel (11 April 2006) -- #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad - typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) - since the struct timeval field tv_sec is an int while time_t is 64bit. - -Daniel (10 April 2006) -- Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and - CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL - connection time-out! - -- I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main - sources. See the lib/README.multi_socket for implementation story with - details. Don't expect it to work fully yet. I don't intend to blow any - whistles or ring any bells about it until I'm more convinced it works at - least somewhat reliably. - -Daniel (7 April 2006) -- David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() - options (callbacks) were added: - - CONV_FROM_NETWORK_FUNCTION - CONV_TO_NETWORK_FUNCTION - CONV_FROM_UTF8_FUNCTION - -Daniel (5 April 2006) -- Michele Bini modified the NTLM code to work for his "weird IIS case" - (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash - function in addition to the LM one and making some other adjustments in the - order the different parts of the data block are sent in the Type-2 reply. - Inspiration for this work was taken from the Firefox NTLM implementation. - - I edited the existing 21(!) NTLM test cases to run fine with these news. Due - to the fact that we now properly include the host name in the Type-2 message - the test cases now only compare parts of that chunk. - -Daniel (28 March 2006) -- #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that - occurred when asking libcurl to follow HTTP redirects and the original URL - had more than one question mark (?). Added test case 276 to verify. - -Daniel (27 March 2006) -- David Byron found a problem multiple -d options when libcurl was built with - --enable-debug, as then curl used free() on memory allocated both with - normal malloc() and with libcurl-provided functions, when the latter MUST be - freed with curl_free() in debug builds. - -Daniel (26 March 2006) -- Tor Arntsen figured out that TFTP was broken on a lot of systems since we - called bind() with a too big argument in the 3rd parameter and at least - Tru64, AIX and IRIX seem to be very picky about it. - -Daniel (21 March 2006) -- David McCreedy added CURLINFO_FTP_ENTRY_PATH. - -- Xavier Bouchoux made the SSL connection non-blocking for the multi interface - (when using OpenSSL). - -- Tor Arntsen fixed the AIX Toolbox RPM spec - -Daniel (20 March 2006) -- David McCreedy fixed libcurl to no longer ignore AUTH failures and now it - reacts properly according to the CURLOPT_FTP_SSL setting. - -- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file - whose length was a multiple of 512 bytes could have random garbage - appended. Also, stop processing TFTP packets which are too short to be - legal. - -- Ilja van Sprundel reported a possible crash in the curl tool when using - "curl hostwithoutslash -d data -G" - -Version 7.15.3 (20 March 2006) - -Daniel (20 March 2006) -- VULNERABILITY reported to us by Ulf Harnhammar. - - libcurl uses the given file part of a TFTP URL in a manner that allows a - malicious user to overflow a heap-based memory buffer due to the lack of - boundary check. - - This overflow happens if you pass in a URL with a TFTP protocol prefix - ("tftp://"), using a valid host and a path part that is longer than 512 - bytes. - - The affected flaw can be triggered by a redirect, if curl/libcurl is told to - follow redirects and an HTTP server points the client to a tftp URL with the - characteristics described above. - - The Common Vulnerabilities and Exposures (CVE) project has assigned the name - CVE-2006-1061 to this issue. - -Daniel (16 March 2006) -- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included - in the release archive. - -Daniel (14 March 2006) -- David McCreedy fixed: - - a bad SSL error message when OpenSSL certificates are verified fine. - - a missing return code assignment in the FTP code - -Daniel (7 March 2006) -- Markus Koetter filed debian bug report #355715 which identified a problem - with the multi interface and multi-part formposts. The fix from February - 22nd could make the Curl_done() function get called twice on the same - connection and it was not designed for that and thus tried to call free() on - an already freed memory area! - -- Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL - is used properly. - -Daniel (6 March 2006) -- Lots of users on Windows have reported getting the "SSL: couldn't set - callback" error message so I've now made the setting of that callback not be - as critical as before. The function is only used for additional loggging/ - trace anyway so a failure just means slightly less data. It should still be - able to proceed and connect fine to the server. - -Daniel (4 March 2006) -- Thomas Klausner provided a patch written by Todd Vierling in bug report - #1442471 that fixes a build problem on Interix. - -Daniel (2 March 2006) -- FTP upload without a file name part in the URL now causes - curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the - upload but named the file "(nil)" (without the quotes). Test case 524 - verifies. - -- Added a check for getprotobyname in configure so that it'll be used, thanks - to Gisle Vanem's change the other day. - -Daniel (28 February 2006) -- Dan Fandrich prevented curl from getting stuck in an endless loop in case we - are out of file handles very early in curl's code where it makes sure that - 0, 1 and 2 aren't gonna be used by the lib for transfers. - -Daniel (27 February 2006) -- Marty Kuhrt pointed out that there were two VMS-specific files missing in - the release archive. - -Version 7.15.2 (27 February 2006) - -Daniel (22 February 2006) -- Lots of work and analysis by "xbx___" in bug #1431750 - (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two - different but related bugs: - - 1) Removing an easy handle from a multi handle before the transfer is done - could leave a connection in the connection cache for that handle that is - in a state that isn't suitable for re-use. A subsequent re-use could then - read from a NULL pointer and segfault. - - 2) When an easy handle was removed from the multi handle, there could be an - outstanding c-ares DNS name resolve request. When the response arrived, - it caused havoc since the connection struct it "belonged" to could've - been freed already. - - Now Curl_done() is called when an easy handle is removed from a multi handle - pre-maturely (that is, before the transfer was complteted). Curl_done() also - makes sure to cancel all (if any) outstanding c-ares requests. - -Daniel (21 February 2006) -- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy - type to the already provided type CURLPROXY_SOCKS4. - - I added a --socks4 option that works like the current --socks5 option but - instead use the socks4 protocol. - -Daniel (20 February 2006) -- Shmulik Regev fixed an issue with multi-pass authentication and compressed - content when libcurl didn't honor the internal ignorebody flag. - -Daniel (18 February 2006) -- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate - code. It should however not be the cause of any troubles. He also fixed a - few similar problems in the HTTP test server code. - -Daniel (17 February 2006) -- Shmulik Regev provided a fix for the DNS cache when using short life times, - as previously it could be holding on to old cached entries longer than - requested. - -Daniel (11 February 2006) -- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options - that an app can use to let libcurl only connect to a remote host and then - extract the socket from libcurl. libcurl will then not attempt to do any - transfer at all after the connect is done. - -- Kent Boortz improved the configure check for GnuTLS to properly set LIBS - instead of LDFLAGS. - -Daniel (8 February 2006) -- Philippe Vaucher provided a brilliant piece of test code that show a problem - with re-used FTP connections. If the second request on the same connection - was set not to fetch a "body", libcurl could get confused and consider it an - attempt to use a dead connection and would go acting mighty strange. - -Daniel (2 February 2006) -- Make --limit-rate [num] mean bytes. It used to be that but it broke in my - change done in November 2005. - -Daniel (30 January 2006) -- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the - curl tool with --local-port. Plain and simply set the range of ports to bind - the local end of connections to. Implemented on to popular demand. - -- Based on an error report by Philippe Vaucher, we no longer count a retried - connection setup as a follow-redirect. It turns out 1) this fails when a FTP - connection is re-setup and 2) it does make the max-redirs counter behave - wrong. - -Daniel (24 January 2006) -- Michal Marek provided a patch for FTP that makes libcurl continue to try - PASV even after EPSV returned a positive response code, if libcurl failed to - connect to the port number the EPSV response said. Obviously some people are - going through protocol-sensitive firewalls (or similar) that don't - understand EPSV and then they don't allow the second connection unless PASV - was used. This also called for a minor fix of test case 238. - -Daniel (20 January 2006) -- Duane Cathey was one of our friends who reported that curl -P [IP] - (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a - "native" IP while it works fine for ipv6-disabled builds! - - In the process of fixing this, I removed the support for LPRT since I can't - think of many reasons to keep doing it and asking on the mailing list didn't - reveal anyone else that could either. The code that sends EPRT and PORT is - now also a lot simpler than before (IMHO). - -Daniel (19 January 2006) -- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl - (built ipv4-only) didn't work. - -Daniel (18 January 2006) -- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), - the configure script complained about a missing "missing" script if you ran - configure within a path whose name included one or more spaces. This is due - to a flaw in automake (1.9.6 and earlier). I've now worked around it by - including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll - be used instead of the one automake ships with. This kludge needs to be - removed once we get an automake version with this problem corrected. - Possibly we'll then need to convert this into a kludge depending on what - automake version that is used and that is gonna be painful and I don't even - want to think about that now...! - -Daniel (17 January 2006) -- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with - the latest features and protocols that libcurl supports and has a minor fix - to better deal with the obscure case where someone has more than one libcurl - installed at the same time. - -Daniel (16 January 2006) -- David Shaw finally removed all traces of Gopher and we are now officially - not supporting it. It hasn't been functioning for years anyway, so this is - just finally stating what already was true. And a cleanup at the same time. - -- Bryan Henderson turned the 'initialized' variable for curl_global_init() - into a counter, and thus you can now do multiple curl_global_init() and you - are then supposed to do the same amount of calls to curl_global_cleanup(). - Bryan has also updated the docs accordingly. - -Daniel (13 January 2006) -- Andrew Benham fixed a race condition in the test suite that could cause the - test script to kill all processes in the current process group! - -Daniel (12 January 2006) -- Michael Jahn: - - Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru - HTTP proxy. - - Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would - previously overwrite internal memory and cause unpredicted behaviour! - -Daniel (11 January 2006) -- I decided to document the "secret option" here now, as I've received *NO* - feedback at all on my mailing list requests from November 2005: - - I'm looking for feedback and comments. I added some experimental code the - other day, that allows a libcurl user to select what method libcurl should - use to reach a file on a FTP(S) server. - - This functionality is available in CVS code and in recent daily snapshots. - - Let me explain... - - The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for - the command line tool) and you set it to a long (there are currenly no - defines for the argument values, just plain numericals). You can set three - different "methods" that do this: - - 1 multicwd - like today, curl will do a single CWD operation for each path - part in the given URL. For deep hierarchies this means very many - commands. This is how RFC1738 says it should be done. This is the - default. - - 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give - a full path to the server. - - 3 singlecwd - make one CWD with the full target directory and then operate - on the file "normally". - - (With the command line tool you do --ftp-method [METHOD], where [METHOD] is - one of "multicwd", "nocwd" or "singlecwd".) - - What feedback I'm interested in: - - 1 - Do they work at all? Do you find servers where one of these don't work? - - 2 - What would proper names for the option and its arguments be, if we - consider this feature good enough to get included and documented in - upcoming releases? - - 3 - Should we make libcurl able to "walk through" these options in case of - (path related) failures, or should it fail and let the user redo any - possible retries? - - (This option is not documented in any man page just yet since I'm not sure - these names will be used or if the functionality will end up exactly like - this. And for the same reasons we have no test cases for these yet.) - -Daniel (10 January 2006) -- When using a bad path over FTP, as in when libcurl couldn't CWD into all - given subdirs, libcurl would still "remember" the full path as if it is the - current directory libcurl is in so that the next curl_easy_perform() would - get really confused if it tried the same path again - as it would not issue - any CWD commands at all, assuming it is already in the "proper" dir. - - Starting now, a failed CWD command sets a flag that prevents the path to be - "remembered" after returning. - -Daniel (7 January 2006) -- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP - proxy actually used a new connection and not sent the second request on the - first socket! - -Daniel (6 January 2006) -- Alexander Lazic made the buildconf run the buildconf in the ares dir if that - is present instead of trying to mimic that script in curl's buildconf - script. - -Daniel (3 January 2006) -- Andres Garcia made the TFTP test server build with mingw. -- cgit v1.2.3