Skip to content
CHANGES 62.7 KiB
Newer Older
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
Daniel Stenberg's avatar
Daniel Stenberg committed
                             \___|\___/|_| \_\_____|

Daniel Stenberg's avatar
Daniel Stenberg committed
                                  Changelog

Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.

Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
  you can now use [1-1] without curl complaining.

Daniel (10 March 2007)
- Eygene Ryabinkin:

  The problem is the following: when we're calling Curl_done and it decides to
  keep the connection opened ('left intact'), then the caller is not notified
  that the connection was done via the NULLifying of the pointer, so some easy
  handle is keeping the pointer to this connection.

  Later ConnectionExists can select such connection for reuse even if we're
  not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
  false and we can reuse this connection for another easy handle. But thus the
  connection will be shared between two easy handles if the handle that wants
  to take the ownership is not the same as was not notified of the connection
  was done in Curl_done. And when some of these easy handles will get their
  connection really freed the another one will still keep the pointer.

  My fix was rather trivial: I just added the NULLification to the 'else'
  branch in the Curl_done. My tests with Git and ElectricFence showed no
  problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
  so it was a considerable amount of Curl's work.

Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
  appropriate test case to use it.  For now, this is treated the same as the
  "SSL" feature because curl doesn't list it separately.

- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.

- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
  machine type too.

- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
  upload a file it couldn't open. Bug #1676581
  (http://curl.haxx.se/bug/view.cgi?id=1676581)

Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
  test, fixing KNOWN_BUGS #11.

Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
  harness.  It is very limited as it supports only ftps:// URLs with
  --ftp-ssl-control specified, which implicitly encrypts the control
  channel but not the data channels.  That allows stunnel to be used with
  an unmodified ftp server in exactly the same way that the test https
  server is set up.

Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
  unencrypted data connections.

Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
  cases 181 & 216.

Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
  makefiles that are included in the source release archives, generated from
  the Makefile.vc6 files by the maketgz script. I also modified the root
  Makefile to have a VC variable that defaults to vc6 but can be overridden to
  allow it to be used for vc8 as well. Like this:

    nmake VC=vc8 vc

Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
  server through a proxy and have the remote https server port set using the
  CURLOPT_PORT option, protocol gets reset to http from https after the first
  request.
 
  User defined URL was modified internally by libcurl and subsequent reuse of
  the easy handle may lead to connection using a different protocol (if not
  originally http).
 
  I found that libcurl hardcoded the protocol to "http" when it tries to
  regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
  follows and it's working fine so far

Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
  the multi interface. Note that it still does a part of the connection in a
  blocking manner.

Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
  -v, --trace and --trace-ascii, since it could really confuse the user.
  Clarified this fact in the man page.

Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
  fixing some bugs:
  o Don't mix GET and POST requests in a pipeline
  o Fix the order in which requests are dispatched from the pipeline
  o Fixed several curl bugs with pipelining when the server is returning
    chunked encoding:
    * Added states to chunked parsing for final CRLF
    * Rewind buffer after parsing chunk with data remaining
    * Moved chunked header initializing to a spot just before receiving
      headers

Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
  active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
  line option.

- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.

- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
  when the multi interface was used.

- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
  5).

Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
  the multi interface and connection re-use that could make a
  curl_multi_remove_handle() ruin a pointer in another handle.

  The second problem was less of an actual problem but more of minor quirk:
  the re-using of connections wasn't properly checking if the connection was
  marked for closure.

Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
  CURLOPT_RANGE back to no range on an easy handle when using FTP.

Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
  therefore introduce unnecessary dependencies) when it's not needed.
  Also, don't bother adding a library path of /usr/lib

- The default password for anonymous FTP connections is now changed to be
  "ftp@example.com".

- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
  gmtime_r() like the older VC versions. He also made use of some machine-
  specific defines to differentiate the "OS" define.

- Rob Crittenden added support for NSS (Network Security Service) for the
  SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/

  This is the fourth supported library for TLS/SSL that libcurl supports!

- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
  to the debug callback.

- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
  CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
  internal decoding of content or transfer encoded content. This may be
  preferable in cases where you use libcurl for proxy purposes or similar. The
  command line tool got a --raw option to disable both at once.

- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
  define set to hold the exact date and time of when the tarball was built, as
  a human readable string using the UTC time zone.
- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
  that has an easy handle present in the "closure" list pending closure.

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
  API of libssh2, if the libssh2 headers seem to support them. This will make
  SCP and SFTP much more responsive and better libcurl citizens when used with
  the multi interface etc.

Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
  CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
  millisecond resolution. The only restriction to that is the alarm()
  (sometimes) used to abort name resolves as that uses full seconds. I fixed
  the FTP response timeout part of the patch.

  Internally we now count and keep the timeouts in milliseconds but it also
  means we multiply set timeouts with 1000. The effect of this is that no
  timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
  equals 24.86 days.  We probably couldn't before either since the code did
  *1000 on the timeout values on several places already.

Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
  fail since they used "1 feb 2007"...

- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
  the problem. The code now tries harder to use httproxy and proxy where
  apppropriate, as not all proxies are HTTP...

Daniel Stenberg's avatar
Daniel Stenberg committed
Version 7.16.1 (29 January 2007)

Daniel (29 January 2007)
- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
  header, you got _two_ User-Agent headers in the CONNECT request...! Added
  test case 287 to verify the fix.

- curl_easy_reset() now resets the CA bundle path correctly.

- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
  platforms.

Daniel (25 January 2007)
- Added the --libcurl [file] option to curl. Append this option to any
  ordinary curl command line, and you will get a libcurl-using source code
  written to the file that does the equivalent operation of what your command
  line operation does!

Dan F (24 January 2007)
- Fixed a dangling pointer problem that prevented the http_proxy environment
  variable from being properly used in many cases (and caused test case 63
  to fail).

Daniel (23 January 2007)
- David McCreedy did NTLM changes mainly for non-ASCII platforms:

  #1
  There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
  defined.  I noticed this while testing various configurations.  Line 867 of
  the current http_ntlm.c is a closing bracket for an if/else pair that only
  gets compiled in if USE_NTLM2SESSION is defined.  But this closing bracket
  wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
  defined.  Lines 198 and 140 of my patch wraps that closing bracket in an
  #ifdef USE_NTLM2SESSION.

  #2
  I noticed several picky compiler warnings when DEBUG_ME is defined.  I've
  fixed them with casting.  By the way, DEBUG_ME was a huge help in
  understanding this code.

  #3
  Hopefully the last non-ASCII conversion patch for libcurl in a while.  I
  changed the "NTLMSSP" literal to hex since this signature must always be in
  ASCII.

  Conversion code was strategically added where necessary.  And the
  Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
  creates are NOT translated on non-ASCII platforms.

Dan F (22 January 2007)
- Converted (most of) the test data files into genuine XML.  A handful still
  are not, due mainly to the lack of support for XML character entities
  (e.g. & => &amp; ).  This will make it easier to validate test files using
  tools like xmllint, as well as to edit and view them using XML tools.

Daniel (16 January 2007)
- Armel Asselin improved libcurl to behave a lot better when an easy handle
  doing an FTP transfer is removed from a multi handle before completion. The
  fix also fixed the "alive counter" to be correct on "premature removal" for
  all protocols.

Dan F (16 January 2007)
- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
  detector.  Also changed tftp downloads to URL-unescape the downloaded
  file name.

Daniel (14 January 2007)
- David McCreedy provided libcurl changes for doing HTTP communication on
  non-ASCII platforms. It does add some complexity, most notably with more
  #ifdefs, but I want to see this supported added and I can't see how we can
  add it without the extra stuff added.

- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
  libcurl would crash when trying to read a NULL pointer.

Daniel (12 January 2007)
- Toby Peterson found a nasty bug that prevented (lib)curl from properly
  downloading (most) things that were larger than 4GB on 32 bit systems.  Matt
  Witherspoon helped as narrow down the problem.

Daniel (5 January 2007)
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
  curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.

Daniel (4 January 2007)
- David McCreedy made changes to allow base64 encoding/decoding to work on
  non-ASCII platforms.

Daniel (3 January 2007)
- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
  downloaded data in two buffers, just to be able to deal with a special HTTP
  pipelining case. That is now only activated for pipelined transfers. In
  Matt's case, it showed as a considerable performance difference,

- Victor Snezhko helped us fix bug report #1603712
  (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
  (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
  on Windows (since 7.16.0, but that's when they were introduced as previous
  to that the limiting logic was made in the application only and not in the
  library). It was actually also broken on select()-based systems (as apposed
  to poll()) but we haven't had any such reports. We now use select(), Sleep()
  or delay() properly to sleep a while without waiting for anything input or
  output when the rate limiting is activated with the easy interface.

- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
  to get built static. It has been mentioned before and was again brought to
  our attention by Nathanael Nerode who filed debian bug report #405226
  (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).

Daniel (29 December 2006)
- Make curl_easy_duphandle() set the magic number in the new handle.

- Robert Foreman provided a prime example snippet showing how libcurl would
  get confused and not acknowledge the 'no_proxy' variable properly once it
  had used the proxy and you re-used the same easy handle. I made sure the
  proxy name is properly stored in the connect struct rather than the
  sessionhandle/easy struct.

- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t
  variable to point to when it should be a socklen_t.

- When setting a proxy with environment variables and (for example) running
  'curl [URL]' with a URL without a protocol prefix, curl would not send a
  correct request as it failed to add the protocol prefix.

Daniel (21 December 2006)
- Robson Braga Araujo reported bug #1618359
  (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a
  patch for it: when downloading 2 zero byte files in a row, curl 7.16.0
  enters an infinite loop, while curl 7.16.1-20061218 does one additional
  unnecessary request.

  Fix: During the "Major overhaul introducing http pipelining support and
  shared connection cache within the multi handle." change, headerbytecount
  was moved to live in the Curl_transfer_keeper structure. But that structure
  is reset in the Transfer method, losing the information that we had about
  the header size. This patch moves it back to the connectdata struct.

Daniel (16 December 2006)
- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE
  during certain conditions when GnuTLS is used.

Daniel (11 December 2006)
- Alexey Simak found out that when doing FTP with the multi interface and
  something went wrong like it got a bad response code back from the server,
  libcurl would leak memory. Added test case 538 to verify the fix.

  I also noted that the connection would get cached in that case, which
  doesn't make sense since it cannot be re-use when the authentication has
  failed. I fixed that issue too at the same time, and also that the path
  would be "remembered" in vain for cases where the connection was about to
  get closed.

Daniel (6 December 2006)
- Sebastien Willemijns reported bug #1603712
  (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections
  getting cut off prematurely when --limit-rate is used. While I found no such
  problems in my tests nor in my reading of the code, I found that the
  --limit-rate code was severly flawed (since it was moved into the lib, since
  7.15.5) when used with the easy interface and it didn't work as documented
  so I reworked it somewhat and now it works for my tests.

- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when
  passing a curl_off_t argument to the Curl_read_rewind() function which takes
  an size_t argument. Curl_read_rewind() also had debug code left in it and it
  was put in a different source file with no good reason when only used from
  one single spot.

- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is
  no code present in the library that receives the option. Since it was not
  possible to use, we know that no current users exist and thus we simply
  removed it from the docs and made the code always use the default path of
  the code.

- Jared Lundell filed bug report #1604956
  (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting
  CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl
  will always internally use no less than 1 entry in the connection cache.

- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in
  the 7.16.0 release.

- Martin Skinner brought back bug report #1230118 to haunt us once again.
  (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work
  properly for all input dates on Windows. It was mostly seen on some TZ time
  zones using DST. Luckily, Martin also provided a fix.

- Alexey Simak filed bug report #1600447
  (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active
  FTP connections don't work with the multi interface. The problem is here
  that the multi interface state machine has a state during which it can wait
  for the data connection to connect, but the active connection is not done in
  the same step in the sequence as the passive one is so it doesn't quite work
  for active. The active FTP code still use a blocking function to allow the
  remote server to connect.

  The fix (work-around is a better word) for this problem is to set the
  boolean prematurely that the data connection is completed, so that the "wait
  for connect" phase ends at once.

  The proper fix, left for the future, is of course to make the active FTP
  case to act in a non-blocking way too.

- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a
  HTTP upload was disconnected:

  "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is
  setting *only* POLLHUP on poll() when the conditions in my previous mail
  occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So
  basically what was happening, is poll() was returning immediately (with
  POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or
  POLLOUT was set. This still caused Curl_readwrite() to be called, which
  quickly returned. Then the transfer() loop kept continuing at full speed
  forever."

Daniel (1 December 2006)
- Toon Verwaest reported that there are servers that send the Content-Range:
  header in a third, not suppported by libcurl, format and we agreed that we
  could make the parser more forgiving to accept all the three found
  variations.

Daniel (25 November 2006)
- Venkat Akella found out that libcurl did not like HTTP responses that simply
  responded with a single status line and no headers nor body. Starting now, a
  HTTP response on a persistent connection (i.e not set to be closed after the
  response has been taken care of) must have Content-Length or chunked
  encoding set, or libcurl will simply assume that there is no body.

  To my horror I learned that we had no less than 57(!) test cases that did bad
  HTTP responses like this, and even the test http server (sws) responded badly
  when queried by the test system if it is the test system. So although the
  actual fix for the problem was tiny, going through all the newly failing test
  cases got really painful and boring.

Daniel (24 November 2006)
- James Housley did lots of work and introduced SFTP downloads.

Daniel (13 November 2006)
- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed
  out a stack overwrite (and the corresponding fix) on 64bit Windows when
  dealing with HTTP chunked encoding.

- Nir Soffer updated libcurl.framework.make:
  o fix symlinks, should link to Versions, not to ./Versions
  o indentation improvments

- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov
  2006. It turned out we wrongly assumed that the connection cache was present
  when tearing down a connection.

- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the
  multi interface, but I could also repeat it doing multiple sequential ones
  with the easy interface. Using Ciprian's test case, I could fix it.

Daniel (8 November 2006)
- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
  CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
  SSL handshake. This is now stopped.

Daniel (7 November 2006)
- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a
  wrong error message in the error message buffer.

Daniel (3 November 2006)
- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious
  KNOWN_BUGS #25, which happens when a proxy closes the connection when
  libcurl has sent CONNECT, as part of an authentication negotiation. Starting
  now, libcurl will re-connect accordingly and continue the authentication as
  it should.

Daniel (2 November 2006)
- James Housley brought support for SCP transfers, based on the libssh2 library
  for the actual network protocol stuff.

Daniel Stenberg's avatar
Daniel Stenberg committed
  Added these new curl_easy_setopt() options:

    CURLOPT_SSH_AUTH_TYPES
    CURLOPT_SSH_PUBLIC_KEYFILE
    CURLOPT_SSH_PRIVATE_KEYFILE

Daniel Stenberg's avatar
Daniel Stenberg committed
Version 7.16.0 (30 October 2006)

Daniel (25 October 2006)
- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the
  case when 401 or 407 are returned, *IF* no auth credentials have been given.
  The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
  and 407 cases when auth credentials is given, but we've now covered this
  somewhat more.

  You might get some amounts of headers transferred before this situation is
  detected, like for when a "100-continue" is received as a response to a
  POST/PUT and a 401 or 407 is received immediately afterwards.

  Added test 281 to verify this change.

Daniel (23 October 2006)
- Ravi Pratap provided a major update with pipelining fixes. We also no longer
  re-use connections (for pipelining) before the name resolving is done.

- Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all
  the single test applications' link and dependences, so that you easier can
  override those from the command line when using make.

- Armel Asselin separated CA cert verification problems from problems with
  reading the (local) CA cert file to let users easier pinpoint the actual
  problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.

Daniel (18 October 2006)
- Removed the "protocol-guessing" for URLs with host names starting with FTPS
  or TELNET since they are practically non-existant. This leaves us with only
  three different prefixes that would assume the protocol is anything but
  HTTP, and they are host names starting with "ftp.", "dict." or "ldap.".

Daniel (17 October 2006)
- Bug report #1579171 pointed out code flaws detected with "prefast", and they
  were 1 - a too small memory clear with memset() in the threaded resolver and
  2 - a range of potentially bad uses of the ctype family of is*() functions
  such as isdigit(), isalnum(), isprint() and more. The latter made me switch
  to using our own set of these functions/macros using uppercase letters, and
  with some extra set of crazy typecasts to avoid mistakingly passing in
  negative numbers to the underlying is*() functions.

- With Jeff Pohlmeyer's help, I fixed the expire timer when using
  curl_multi_socket() during name resolves with c-ares and the LOW_SPEED
  options now work fine with curl_multi_socket() as well.

Daniel (16 October 2006)
- Added a check in configure that simply tries to run a program (not when
  cross-compiling) in order to detect problems with run-time libraries that
  otherwise would occur when the sizeof tests for curl_off_t would run and
  thus be much more confusing to users. The check of course should run after
  all lib-checks are done and before any other test is used that would run an
  executable built for testing-purposes.

Dan F (13 October 2006)
- The tagging of application/x-www-form-urlencoded POST body data sent
  to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously
  included as part of the header).  A message was also added to the
  command line tool to show when data is being sent, enabled when
  --verbose is used.

- Starting now, adding an easy handle to a multi stack that was already added
  to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned.

- Jeff Pohlmeyer has been working with the hiperfifo.c example source code,
  and while doing so it became apparent that the current timeout system for
  the socket API really was a bit awkward since it become quite some work to
  be sure we have the correct timeout set.

  Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another
  callback the app can set to get to know when the general timeout time
  changes and thus for an application like hiperfifo.c it makes everything a
  lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in
  good old libcurl tradition.

  Jeff has also updated the hiperfifo.c example code to use this news.

Daniel (9 October 2006)
- Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test
  case 535 and it now runs fine. Again a problem with the pipelining code not
  taking all possible (error) conditions into account.

- Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to
  test case 533 and the test now runs fine.
Daniel (4 October 2006)
- Dmitriy Sergeyev provided an example source code that crashed CVS libcurl
  but that worked nicely in 7.15.5. I converted it into test case 532 and
  fixed the problem.

Daniel (29 September 2006)
- Removed a few other no-longer present options from the header file.

- Support for FTP third party transfers was removed. Here's why:

  o The recent multi interface changes broke it and the design of the 3rd party
    transfers made it very hard to fix the problems
  o It was still blocking and thus nasty for the multi interface
  o It was a lot of extra code for a very rarely used feature
  o It didn't use the same code as for "plain" FTP transfers, so it didn't work
    fine for IPv6 and it didn't properly re-use connections and more
  o There's nobody around who's willing to work on and improve the existing
    code

  This does not mean that third party transfers are banned forever, only that
  they need to be done better if they are to be re-added in the future.

  The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p*
  options from the command line tool. For this reason, I also bumped the
  version info for the lib.

Daniel (28 September 2006)
- Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl
  would crash if a bad function sequence was used when shutting down after
  using the multi interface (i.e using easy_cleanup after multi_cleanup) so
  precautions have been added to make sure it doesn't any more - test case 529
  was added to verify.

Daniel (27 September 2006)
- The URL in the cookie jar file is now changed since it was giving a 404.
  Reported by Timothy Stone. The new URL will take the visitor to a curl web
  site mirror with the document.

- Bernard Leak fixed configure --with-gssapi-libs.

- Cory Nelson made libcurl use the WSAPoll() function if built for Windows
  Vista (_WIN32_WINNT >= 0x0600)

- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only
  encrypt the control connection and use the data connection "plain".

- Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better
  as it now will read the full data sent from servers. The SOCKS-related code
  was also moved to the new lib/socks.c source file.

Daniel (21 September 2006)
- Added test case 531 in an attempt to repeat bug report #1561470
  (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an
  FTP upload fails with the multi interface. It did not, but I made a failed
  upload still assume the control connection to be fine.

Daniel (20 September 2006)
- Armel Asselin fixed problems when you gave a proxy URL with user name and
  empty password or no password at all. Test case 278 and 279 were added to
  verify.

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (12 September 2006)
- Added docs/examples/10-at-a-time.c by Michael Wallner

- Added docs/examples/hiperfifo.c by Jeff Pohlmeyer

Daniel (11 September 2006)
- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a
  handle that is part of a multi handle first removes the handle from the
  stack.

- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL
  session-ID re-use on demand since there obviously are broken servers out
  there that misbehave with session-IDs used.

- Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a
  problem with it (SIGSEGV-style). It clearly showed that the existing
  socket-state and state-difference function wasn't good enough so I rewrote
  it and could then re-run Jeff's program without any crash. The previous
  version clearly could miss to tell the application when a handle changed
  from using one socket to using another.

  While I was at it (as I could use this as a means to track this problem
  down), I've now added a 'magic' number to the easy handle struct that is
  inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that
  we can use internally to detect that an easy handle seems to be fine, or at
  least not closed or freed (freeing in debug builds fill the area with 0x13
  bytes but in normal builds we can of course not assume any particular data
  in the freed areas).

- Michele Bini fixed how the hostname is put in NTLM packages. As servers
  don't expect fully qualified names we need to cut them off at the first dot.

- Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some
  of them can be completetly removed though...

Daniel (6 September 2006)
- Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a
  multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that
  handle will be attempted to get pipelined instead of done in parallell as
  they are performed otherwise.
  As a side-effect from this work, connections are now shared between all easy
  handles within a multi handle, so if you use N easy handles for transfers,
  each of them can pick up and re-use a connection that was previously used by
  any of the handles, be it the same or one of the others.

  This separation of the tight relationship between connections and easy
  handles is most noticable when you close easy handles that have been used in
  a multi handle and check amount of used memory or watch the debug output, as
  there are times when libcurl will keep the easy handle around for a while
  longer to be able to close it properly. Like for sending QUIT to close down
  an FTP connection.

  This is a major change.
  
Daniel Stenberg's avatar
Daniel Stenberg committed
- Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a
  patch that while not fixing things very nicely, it does make the SOCKS5
  proxy connection slightly better as it now acknowledges the timeout for
  connection and it no longer segfaults in the case when SOCKS requires
  authentication and you did not specify username:password.
Daniel (31 August 2006)
- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch
  name resolves. It could get stuck in the wrong state.

Gisle (29 August 2006)
- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS
  compiler now uses the same config.dos file (renamed to config.h by
  make). libcurl now builds fine using Watcom and Metaware's High-C
  using the Watt-32 tcp/ip-stack.

Daniel (29 August 2006)
- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to
  allow applications to set their own socket options.

Daniel (25 August 2006)
- Armel Asselin reported that the 'running_handles' counter wasn't updated
  properly if you removed a "live" handle from a multi handle with
  curl_multi_remove_handle().

- David McCreedy fixed a remaining mistake from the August 19 TYPE change.

- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP
  code when doing pure ipv6 EPRT connections.

- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE
  command on subsequent requests on a re-used connection unless it has to.

- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and
  files in the root directory.

- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
  send the whole request at once, even though the Expect: header was disabled
  by the application. An effect of this change is also that small (< 1024
  bytes) POSTs are now always sent without Expect: header since we deem it
  more costly to bother about that than the risk that we send the data in
  vain.

Daniel (9 August 2006)
- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
  CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
  in the command sequence as it would have run if there would've been a
  transfer.

- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
  on a persistent connection and allowed the first to use that header, you
  could not disable it for the second request.

Daniel (7 August 2006)
- Domenico Andreolfound a quick build error which happened because
  src/config.h.in was not a proper duplcate of lib/config.h.in which it
  should've been and this was due to the maketgz script not doing the cp
  properly.

Daniel Stenberg's avatar
Daniel Stenberg committed
Version 7.15.5 (7 August 2006)

Daniel (2 August 2006)
- Mark Lentczner fixed how libcurl was not properly doing chunked encoding
  if the header "Transfer-Encoding: chunked" was set by the application.
  http://curl.haxx.se/bug/view.cgi?id=1531838

Daniel (1 August 2006)
- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror()
  an unknown error number on glibc systems.
  http://curl.haxx.se/bug/view.cgi?id=1532289

- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified
  prototypes: they both now provide the number of running handles back to the
  calling function. It makes the functions resemble the good old
  curl_multi_perform() more and provides a nice way to know when the multi
  handle goes empty.

  ALERT2: don't use the curl_multi_socket*() functionality in anything
  production-like until I say it's somewhat settled, as I suspect there might
  be some further API changes before I'm done...

Daniel (28 July 2006)
- Yves Lejeune fixed so that replacing Content-Type: when doing multipart
  formposts work exactly the way you want it (and the way you'd assume it
  works).

- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
  control and data connection, as the existing --ftp-ssl option only requests
  it.

- [Hiper-related work] Added a function called curl_multi_assign() that will
  set a private pointer added to the internal libcurl hash table for the
  particular socket passed in to this function:

  CURLMcode curl_multi_assign(CURLM *multi_handle,
                              curl_socket_t sockfd,
                              void *sockp);

  'sockp' being a custom pointer set by the application to be associated with
  this socket. The socket has to be already existing and in-use by libcurl,
  like having already called the callback telling about its existance.

  The set hashp pointer will then be passed on to the callback in upcoming
  calls when this same socket is used (in the brand new 'socketp' argument).

- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl
  tool option named --ftp-alternative-to-user. It provides a mean to send a
  particular command if the normal USER/PASS approach fails.

- Michael Jerris added magic that builds lib/curllib.vcproj automatically for
  newer MSVC.

Daniel (25 July 2006)
- Georg Horn made the transfer timeout error message include more details.

Daniel (20 July 2006)
- David McCreedy fixed a build error when building libcurl with HTTP disabled,
  problem added with the curl_formget() patch.

Daniel (17 July 2006)
- Jari Sundell did some excellent research and bug tracking, figured out that
  we did wrong and patched it: When nodes were removed from the splay tree,
  and we didn't properly remove it from the splay tree when an easy handle was
  removed from a multi stack and thus we could wrongly leave a node in the
  splay tree pointing to (bad) memory.

Daniel (14 July 2006)
- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared
  for FTP ASCII transfers.

- Ates Goral pointed out that libcurl's cookie parser did case insensitive
  string comparisons on the path which is incorrect and provided a patch that
  fixes this. I edited test case 8 to include details that test for this.

- Ingmar Runge provided a source snippet that caused a crash. The reason for
  the crash was that libcurl internally was a bit confused about who owned the
  DNS cache at all times so if you created an easy handle that uses a shared
  DNS cache and added that to a multi handle it would crash. Now we keep more
  careful internal track of exactly what kind of DNS cache each easy handle
  uses: None, Private (allocated for and used only by this single handle),
  Shared (points to a cache held by a shared object), Global (points to the
  global cache) or Multi (points to the cache within the multi handle that is
  automatically shared between all easy handles that are added with private
  caches).

Daniel (4 July 2006)
- Toshiyuki Maezawa fixed a problem where you couldn't override the
  Proxy-Connection: header when using a proxy and not doing CONNECT.
Daniel (24 June 2006)
- Michael Wallner added curl_formget(), which allows an application to extract
  (serialise) a previously built formpost (as with curl_formadd()).

Daniel (23 June 2006)
- Arve Knudsen found a flaw in curl_multi_fdset() for systems where
  curl_socket_t is unsigned (like Windows) that could cause it to wrongly
  return a max fd of -1.

Daniel (20 June 2006)
- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and
  CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed
  to send or receive data. This kind of adds the the command line tool's
  option --limit-rate to the library.

  The rate limiting logic in the curl app is now removed and is instead
  provided by libcurl itself. Transfer rate limiting will now also work for -d
  and -F, which it didn't before.

Daniel (19 June 2006)
- Made -K on a file that couldn't be read cause a warning to be displayed.

Daniel (13 June 2006)
- Dan Fandrich implemented --enable-hidden-symbols configure option to enable
  -fvisibility=hidden on gcc >= 4.0.  This reduces the size of the libcurl
  binary and speeds up dynamic linking by hiding all the internal symbols from
  the symbol table.

Daniel Stenberg's avatar
Daniel Stenberg committed
Version 7.15.4 (12 June 2006)

Daniel (8 June 2006)
- Brian Dessent fixed the code for cygwin in three distinct ways:

  The first modifies {lib,src}/setup.h to not include the winsock headers
  under Cygwin.  This fixes the reported build problem.  Cygwin attempts as
  much as possible to emulate a posix environment under Windows.  This means
  that WIN32 is *not* #defined and (to the extent possible) everything is done
  as it would be on a *ix type system.  Thus <sys/socket.h> is the proper
  include, and even though winsock2.h is present, including it just introduces
  a whole bunch of incompatible socket API stuff.

  The second is a patch I've included in the Cygwin binary packages for a
  while.  It skips two unnecessary library checks (-lwinmm and -lgdi32).  The
  checks are innocuous and they do succeed, but they pollute LIBS with
  unnecessary stuff which gets recorded as such in the libcurl.la file, which
  brings them into the build of any libcurl-downstream.  As far as I know
  these libs are really only necessary for mingw, so alternatively they could
  be designed to only run if $host matches *-*-mingw* but I took the safer
  route of skipping them for *-*-cygwin*.

  The third patch replaces all uses of the ancient and obsolete __CYGWIN32__
  with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>.

Daniel (7 June 2006)
- Mikael Sennerholm provided a patch that added NTLM2 session response support
  to libcurl. The 21 NTLM test cases were again modified to comply...

Daniel (27 May 2006)
- Óscar Morales Vivó updated the libcurl.framework.make file.

Daniel (26 May 2006)
- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to
  fail. When using the md5-sess, the result was not Md5 encoded and Base64
  transformed.

Daniel (25 May 2006)
- Michael Wallner provided a patch that allows "SESS" to be set with
  CURLOPT_COOKIELIST, which then makes all session cookies get cleared.

Daniel (24 May 2006)
- Tor Arntsen made test 271 run fine again since the TFTP path fix.

Daniel (23 May 2006)
- Martin Michlmayr filed debian bug report #367954, but the same error also
  showed up in the autobuilds. It seems a rather long-since introduced shell
  script flaw in the configure script suddenly was detected by the bash
  version in Debian Unstable. It had previously passed undetected by all
  shells used so far...

- David McCreedy updated lib/config-tpf.h

- Fixed the configure's check for old-style SSLeay headers since I fell over a
  case with a duplicate file name (a krb4 implementation with an err.h
  file). I converted the check to manually make sure three of the headers are
  present before considering them fine.

- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
  checks on the to-be-returned socket to make sure it truly seems to be alive
  and well. For SSL connection it (only) uses OpenSSL functions.

Daniel (10 May 2006)
- Fixed DICT in two aspects:

  1 - allow properly URL-escaped words, like using %20 for spaces

  2 - properly escape certain letters within a word to comply to the RFC2229

- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU
  autotools project, which optionally (default=yes) uses libcurl on a system
  without a (usable) libcurl installation, but not specifying
  `--without-libcurl', configure determines correctly that no libcurl is
  available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl'
  in the resulting Makefiles.

  David Shaw fixed the flaw.

- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
  connects. The state machine was not reset properly so that subsequent
  connects using the same handle would fail, and there were two memory leaks.

- Robson Braga Araujo fixed a memory leak when you added an easy handle to a
  multi stack and that easy handle had already been used to do one or more
  easy interface transfers, as then the code threw away the previously used
  DNS cache without properly freeing it.

- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous
  problems:

  * The received file is corrupted when a packet is lost and retransmitted
    (this is a serious problem!)

  * Transmitting a file aborts if a block is lost and retransmitted

  * Data is stored in the wrong location in the buffer for uploads, so uploads
    always fail (I don't see how it could have ever worked, but it did on x86
    at least)

  * A number of calls are made to strerror instead of Curl_strerror, making
    the code not thread safe

  * There are references to errno instead of Curl_sockerrno(), causing
    incorrect error messages on Windows

  * The file name includes a leading / which violates RFC3617. Doing something
    similar to ftp, where two slashes after the host name means an absolute
    reference seems a reasonable extension to fix this.

  * Failures in EBCDIC conversion are not propagated up to the caller but are
    silently ignored

- Fixed known bug #28. The TFTP code no longer assumes a packed struct and