Skip to content
CHANGES 104 KiB
Newer Older
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
Daniel Stenberg's avatar
Daniel Stenberg committed
                             \___|\___/|_| \_\_____|

Daniel Stenberg's avatar
Daniel Stenberg committed
                                  Changelog

Daniel (16 March 2005)
- Tru64 and some IRIX boxes seem to not like test 237 as it is. Their
  inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted
  address which makes a different failure... Now I've modified the ipv4
  resolve code to use inet_pton() instead in an attempt to make these systems
  better detect this as a bad IP address rather than creating a toally bogus
  address that is then passed on and used.

Daniel (15 March 2005)
- Added test 237 and 238: test EPSV and PASV response handling when they get
  well- formated data back but using illegal values. In 237 PASV gets an IP
  address that is way bad. In 238 EPSV gets a port that is way out of range.

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (14 March 2005)
- Added a few missing features to the curl-config --features list

- Modified testcurl.pl to now offer
  1 - command line options for all info it previously only read from
      file: --name, --email, --desc and --configure
  2 - --nocvsup makes it not attempt to do cvs update
  3 - --crosscompile informs it and makes it not attempt things it can't do

- Fixed numerous win32 compiler warnings.

Daniel Stenberg's avatar
Daniel Stenberg committed
- Removed the lib/security.h file since it shadowed the mingw/win32 header
  with the same name which is needed for SSPI builds. The contents of the
  former security.h is now i krb4.h

- configure --enable-sspi now enables SSPI in the build. It only works for
  windows builds (including cross-compiles for windows).

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (12 March 2005)
- David Houlder added --form-string that adds that string to a multipart
  formpost part, without special characters having special meanings etc like
  --form features.

- curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was
  built with SSPI support.

- Christopher R. Palmer made it possible to build libcurl with the
  USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the
  native way to do NTLM. SSPI also allows libcurl to pass on the current user
  and its password in the request.

Daniel (9 March 2005)
- Dan F improved the SSL lib setup in configure.

- Nodak Sodak reported a crash when using a SOCKS4 proxy.

- Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the
  multi interface code.

- Adjusted the man page for the curl_getdate() return value for dates after
  year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it
  returns either the correct value or even -1 on some systems that still seem
  to not deal with this properly. Tor Arntsen found a 64bit AIX system for us
Daniel Stenberg's avatar
Daniel Stenberg committed
  that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on
  this problem in the first place.
Daniel (8 March 2005)
- Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP
  file got a Last-Modified: header written to the data stream, corrupting the
  actual data. This was because some conditions from the previous FTP code was
  not properly brought into the new FTP code. I fixed and I added test case
  520 to verify. (This bug was introduced in 7.13.1)

- Dan Fandrich fixed the configure --with-zlib option to always consider the
  given path before any standard paths.

Daniel Stenberg's avatar
Daniel Stenberg committed
Daniel (6 March 2005)
- Randy McMurchy was the first to report that valgrind.pm was missing from the
  release archive and thus 'make test' fails.

Daniel Stenberg's avatar
Daniel Stenberg committed
- Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files.

- Added test case 235 that makes a resumed upload of a file that isn't present
  on the remote side. This then converts the operation to an ordinary STOR
  upload. This was requested/pointed out by Ignacio Vazquez-Abrams.

  It also proved (and I fixed) a bug in the newly rewritten ftp code (and
  present in the 7.13.1 release) when trying to resume an upload and the
  servers returns an error to the SIZE command. libcurl then loops and sends
  SIZE commands infinitely.

- Dan Fandrich fixed a SSL problem introduced on February 9th that made
  libcurl attempt to load the whole random file to seed the PRNG. This is
  really bad since this turns out to be using /dev/urandom at times...

Version 7.13.1 (4 March 2005)

- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
  the cookie "engine" without having to provide an empty or non-existing file.

- Rene Rebe fixed a -# crash when more data than expected was retrieved.

Daniel (22 February 2005)
- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
  http://www.securityfocus.com/archive/1/391042 and the CAN report here:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490

  If these security guys were serious, we'd been notified in advance and we
  could've saved a few of you a little surprise, but now we weren't.

Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
  requested data from a host and then followed a redirect to another
  host. libcurl then didn't use the proxy-auth properly in the second request,
  due to the host-only check for original host name wrongly being extended to
  the proxy auth as well. Added test case 233 to verify the flaw and that the
  fix removed the problem.

Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
  BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
  configure when mingw is used.

Daniel (17 February 2005)
- David in bug report #1124588 found and fixed a socket leak when libcurl
  didn't close the socket properly when returning error due to failing
  localbind

Daniel (16 February 2005)
- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
  that picks NTLM. Thanks to David Byron letting me test NTLM against his
  servers, I could quickly repeat and fix the problem. It turned out to be:

  When libcurl POSTs without knowing/using an authentication and it gets back
  a list of types from which it picks NTLM, it needs to either continue
  sending its data if it keeps the connection alive, or not send the data but
  close the connection. Then do the first step in the NTLM auth. libcurl
  didn't send the data nor close the connection but simply read the
  response-body and then sent the first negotiation step. Which then failed
  miserably of course. The fixed version forces a connection if there is more
  than 2000 bytes left to send.

Daniel (14 February 2005)
- The configure script didn't check for ENGINE_load_builtin_engines() so it
  was never used.

Daniel (11 February 2005)
- Removed all uses of strftime() since it uses the localised version of the
  week day names and month names and servers don't like that.

Daniel (10 February 2005)
- Now the test script disables valgrind-testing when the test suite runs if
  libcurl is built shared. Otherwise valgrind only tests the shell that runs
  the wrapper-script named 'curl' that is a front-end to curl in this case.
  This should also fix the huge amount of reports of false positives when
  valgrind has identified leaks in (ba)sh and not in curl and people report
  that as curl bugs. Bug report #1116672 is one example.

  Also, the valgrind report parser has been adapted to check that at least one
  of the sources in a stack strace is one of (lib)curl's source files or
  otherwise it will not consider the problem to concern (lib)curl.

- Marty Kuhrt streamlined the VMS build.

Daniel (9 February 2005)
- David Byron fixed his SSL problems, initially mentioned here:
  http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
  SSL_pending() as we should.

- Converted lots of FTP code to a statemachine, so that the multi interface
  doesn't block while communicating commands-responses with an FTP server.

  I've added a comment like BLOCKING in the code on all spots I could find
  where we still have blocking operations. When we change curl_easy_perform()
  to use the multi interface, we'll also be able to simplify the code since
  there will only be one "internal interface".

  While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
  new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
  like changing directory or retrieving a file, while the second means that we
  were denied login.

  The CVS tag 'before_ftp_statemachine' was set just before this went in, in
  case of future need.

- Gisle made the DICT code send CRLF and not just LF as the spec says so.

Daniel (8 February 2005)
- Gisle fixed problems when libcurl runs out of memory, and worked on making
  sure the proper error code is returned for those occations.

Daniel (7 February 2005)
- Maruko pointed out a problem with inflate decompressing exactly 64K
  contents.

Loading full blame...