Skip to content
CHANGES 47.8 KiB
Newer Older
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
Daniel Stenberg's avatar
Daniel Stenberg committed
                             \___|\___/|_| \_\_____|

Daniel Stenberg's avatar
Daniel Stenberg committed
                                  Changelog

Daniel Stenberg's avatar
Daniel Stenberg committed

Daniel (8 November 2005)
- Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
  version of libcurl with different Windows versions. Current version of
  libcurl imports SSPI functions from secur32.dll. However, under Windows NT
  4.0 these functions are located in security.dll, under Windows 9x - in
  secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
  just forwards calls to secur32.dll).

  Dmitry's patch loads proper library dynamically depending on Windows
  version. Function InitSecurityInterface() is used to obtain pointers to all
  of SSPI function in one structure.

Daniel (31 October 2005)
- Vilmos Nebehaj improved libcurl's LDAP abilities:

  The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary
  attributes in LDAP objects. So, I made a quick patch to address these
  problems.

  The solution is simple: if we connect to an LDAP server, first try LDAPv3
  (which is the preferred protocol as of now) and then fall back to LDAPv2.
  In case of binary attributes, we first convert them to base64, just like the
  openldap client does. It uses ldap_get_values_len() instead of
  ldap_get_values() to be able to retrieve binary attributes correctly. I
  defined the necessary LDAP macros in lib/ldap.c to be able to compile
  libcurl without the presence of libldap

- Nis Jorgensen filed bug report #1338648
  (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a
  feature request, but anyway. It pointed out that --max-redirs did not allow
  it to be set to 0, which then would return an error code on the first
  Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS
  set to 0, or -1 for infinity. Added test case 274 to verify.

- tommink[at]post.pl reported in bug report #1337723
  (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload
  binary data from stdin on Windows if the data contained control-Z (hex 1a)
  since that is treated as end-of-file when read in text mode. Gisle Vanem
  pointed out the fix, and I made both -T and --data-binary take advantage of
  it.

- Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described
  in the man page, curl would send an invalid HTTP Range: header. The correct
  way would be to use "-r [number]-" or even "-r -[number]". Starting now,
  curl will warn if this is discovered, and automatically append a dash to the
  range before passing it to libcurl.

Daniel (25 October 2005)
- Amol Pattekar reported a bug with great detail and a fine example in bug
  #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi
  interface and connecting to a host with multiple IP addresses, and one of
  the addresses fails to connect (the server must exist and respond, just not
  accept connections) libcurl leaks a socket descriptor. Thanks to the fine
  report, I could find and fix this.

Daniel (22 October 2005)
- Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report
  #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL
  stream from a server and the server requests a "rehandshake", the current
  code simply returns this as an error. I have no good way to test this, but
  I've added a crude attempt of dealing with this situation slightly better -
  it makes a blocking handshake if this happens. Done like this because fixing
  this the "proper" way (that would handshake asynchronously) will require
  quite some work and I really need a good way to test this to do such a
  change.

- "Ofer" reported a problem when libcurl re-used a connection and failed to do
  it, it could then accidentally actually crash. Presumably, this concerns FTP
  connections.  http://curl.haxx.se/bug/view.cgi?id=1330310

- Temprimus improved the MSVC makefile so that the static debug SSL libs are
  linked to the executable and not to the libcurld.lib
  http://curl.haxx.se/bug/view.cgi?id=1326676

- Bradford Bruce made the windows resolver code properly return
  CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving
  errors (as documented).

- Dave Dribin made libcurl understand and handle cases when the server
  (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
  never happen in a sane world, libcurl previously got into an infinite loop
  when this occurred. Dave added test 273 to verify this.

- Temprimus improved the MSVC makefile: "makes a build option available so if
  you set rtlibcfg=static for the make, then it would build with /MT. The
  default behaviour is /MD (the original)."
  http://curl.haxx.se/bug/view.cgi?id=1326665

Daniel (14 October 2005)
- Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin
  reported, the define is used by the configure script and is assumed to use
  the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0
  release version.

Daniel Stenberg's avatar
Daniel Stenberg committed
Version 7.15.0 (13 October 2005)

Daniel (12 October 2005)
- Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM
  code that would overflow a buffer if given a too long user name or domain
  name. This would happen if you enable NTLM authentication and either

  A - pass in a user name and domain name to libcurl that together are longer
      than 192 bytes

  B - allow (lib)curl to follow HTTP "redirects" (Location: and the
      appropriate HTTP 30x response code) and the new URL contains a URL with
      a user name and domain name that together are longer than 192 bytes

  See http://curl.haxx.se/docs/security.html for further details and updates

Daniel (5 October 2005)
- Darryl House reported a problem with using -z to download files from FTP.
  It turned out that if the given time stamp was exact the same as the remote
  time stamp, the file would still wrongly be downloaded. Added test case 272
  to verify.

- Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes
  from the configure script.

- Michael Wallner reported that the date parser had wrong offset stored for
  the MEST and CEST time zones.

- David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181)
  that identified a silly problem with Content-Range: headers with the 'bytes'
  keyword written in a different case than all lowercase! It would cause a
  segfault!
- TJ Saunders of the proftpd project identified and pointed out problems with
  the modified FTPS negotiation change of August 19 2005. Thus, we revert the
  change back to pre-7.14.1 status.

Daniel (21 September 2005)
- Fixed "cut off" sentence in the libcurl-tutorial man page:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305

- Clarified in the curl_easy_setopt man page what the default
  CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311

- Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER
  sometimes doesn't fill in the buffer even though it is supposed to:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313

- When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an
  error string set.

Daniel (19 September 2005)
- Dmitry Bartsevich made the SSPI support work on Windows 9x as well.

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (15 September 2005)
- Added a TFTP server to the test suite and made the test suite capable of
  using it.

Daniel (7 September 2005)
- Ben Madsen's detailed reports that funnily enough only occurred with certain
  glibc versions turned out to be curl using an already closed file handle
  during certain conditions (like when saving FTP server "headers").

- Scott Davis helped me track down a problem in the test HTTP server that made
  test case 56 wrongly fail at times. It turned out it was due to the server
  finding the end of a chunked-encoded POST too early.

Daniel (6 September 2005)
- Now curl warns if an unknown variable is used in the -w/--writeout argument.

Daniel (4 September 2005)
- I applied Nicolas François' man page patch he posted to the Debian bug
  tracker. It corrected two lines that started with apostrophes, which isn't
  legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511

- Added --ftp-skip-pasv-ip to the command line tool, that sets the new
  CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control
  connection's IP address when setting up the data connection instead of
  extractting the IP address from the PASV response. It has turned out this
  feature is frequently needed by people to circumvent silly servers and silly
  firewalls, especially when FTPS is used and the PASV command-response is
  sent encrtyped.

  Sponsored by CU*Answers

Daniel (1 September 2005)
- John Kelly added TFTP support to libcurl. A bunch of new error codes was
  added. TODO: add them to docs. add TFTP server to test suite. add TFTP to
  list of protocols whereever those are mentioned.

Loading full blame...