Newer
Older
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
Daniel (8 December 2004)
- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
libcurl always and unconditionally overwrote a stack-based array with 3 zero
bytes. This is not an exploitable buffer overflow. No need to get alarmed.
Daniel Stenberg
committed
Daniel (7 December 2004)
- Fixed so that the final error message is sent to the verbose info "stream"
even if no errorbuffer is set.
Daniel (6 December 2004)
- Dan Fandrich added the --disable-cookies option to configure to build
libcurl without cookie support. This is mainly useful if you want to build a
minimalistic libcurl with no cookies support at all. Like for embedded
systems or similar.
- Richard Atterer fixed libcurl's way of dealing with the EPSV
response. Previously, libcurl would re-resolve the host name with the new
port number and attempt to connect to that, while it should use the IP from
the control channel. This bug made it hard to EPSV from an FTP server with
multiple IP addresses!
Daniel Stenberg
committed
Daniel (3 December 2004)
- Bug report #1078066: when a chunked transfer was pre-maturely closed exactly
at a chunk boundary it was not considered an error and thus went unnoticed.
Daniel Stenberg
committed
Added test case 207 to verify.
Daniel (2 December 2004)
- Fixed the CONNECT loop to default timeout to 3600 seconds.
Added test case 206 that makes CONNECT with Digest.
Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user-
agent field.
Daniel (30 November 2004)
- Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream
- Dan also helped me with input data to create three more test cases for the
--compressed option.
Daniel (29 November 2004)
- I improved the test suite to enable binary contents in the tests (by proving
it base64 encoded), like for testing decompress etc. Added test 220 and 221
for this purpose. Tests can now also depend on libz to run.
- As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285
(http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an
IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables
the ability to transfer a file. Now, when connected to an FTP server with
IPv6, these FTP commands can't be disabled even if asked to with the
available libcurl options.
Daniel (26 November 2004)
- As reported in Mandrake's bug tracker bug 12289
(http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a
newline to "finish" the progress meter after each redirect and not only
after a completed transfer.
Daniel (25 November 2004)
- FTP improvements:
If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on
the same server again even if a following request is made using a persistent
connection.
If a second request is made to a server, requesting a file from the same
directory as the previous request operated on, libcurl will no longer make
that long series of CWD commands just to end up on the same spot. Note that
this is only for *exactly* the same dir. There is still room for improvements
to optimize the CWD-sending when the dirs are only slightly different.
Added test 210, 211 and 212 to verify these changes. Had to improve the
test script too and added a new primitive to the test file format.
Daniel (24 November 2004)
- Andrés García fixed the configure script to detect select properly when run
with Msys/Mingw on Windows.
Daniel (22 November 2004)
- Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass
auth negotiation (NTLM, Digest and Negotiate), but instead use the request
keyword "properly". Details in lib/README.httpauth. This also introduces
CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the
"any" auth alternative as then libcurl may need to send the PUT/POST data
more than once and thus may need to ask the app to "rewind" the read data
stream to start.
See also the new example using this: docs/examples/anyauthput.c
- David Phillips enhanced test 518. I made it depend on a "feature" so that
systems without getrlimit() won't attempt to test 518. configure now checks
for getrlimit() and setrlimit() for this test case.
Daniel (18 November 2004)
- David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE
file descriptors are in use. Test case 518 added to verify.
Daniel Stenberg
committed
Daniel (15 November 2004)
- To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and
num_redirects support to the -w writeout option for the command line tool.
- Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as
documented.
Daniel Stenberg
committed
Daniel (12 November 2004)
Daniel Stenberg
committed
- Gisle Vanem modigied the MSVC and Netware makefiles to build without
libcurl.def
- Dan Fandrich added the --disable-crypto-auth option to configure to allow
libcurl to build without Digest support. (I figure it should also explicitly
disable Negotiate and NTLM.)
- *** Modified Behaviour Alert ***
Daniel Stenberg
committed
Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET.
Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting
CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make
a zero byte POST. Added test case 515 to verify this.
Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516
to verify this.
CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know".
Setting it to zero simply says this is a zero byte POST.
When providing POST data with a read callback, setting the size up front
is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE.
Daniel (11 November 2004)
- Dan Fandrich added --disable-verbose to the configure script to allow builds
without verbose strings in the code, to save some 12KB space. Makes sense
only for systems with very little memory resources.
- Jeff Phillips found out that a date string with a year beyond 2038 could
crash the new date parser on systems with 32bit time_t. We now check for
this case and deal with it.
Daniel (10 November 2004)
- I installed Heimdal on my Debian box (using the debian package) and noticed
that configure --with-gssapi failed to create a nice build. Fixed now.
Daniel (9 November 2004)
- Gisle Vanem marked all external function calls with CURL_EXTERN so that now
the Windows, Netware and other builds no longer need libcurl.def or similar
files.
- Made the configure script check for tld.h if libidn was detected, since
libidn 0.3.X didn't have such a header and we don't work with anything
before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version
of libidn which makes the curl 7.12.2 build fail. Jean-Philippe
Barrette-LaPierre helped pointing this out.
- Ian Gulliver reported in debian bug report #278691: if curl is invoked in an
environment where stderr is closed the -v output will still be sent to file
descriptor 2 which then might be the network socket handle! Now we have a
weird hack instead that attempts to make sure that file descriptor 2 is
opened (with a call to pipe()) before libcurl is called to do the transfer.
configure now checks for pipe() and systems without pipe don't get the weird
hack done.
Daniel (5 November 2004)
- Tim Sneddon made libcurl send no more than 64K in a single first chunk when
doing a huge POST on VMS, as this is a system limitation. Default on general
systems is 100K.
Daniel (4 November 2004)
- Andres Garcia made it build on mingw againa, my --retry code broke the build.
Daniel (2 November 2004)
- Added --retry-max-time that allows a maximum time that may not have been
reached for a retry to be made. If not set there is no maximum time, only
the amount of retries set with --retry.
- Paul Nolan provided a patch to make libcurl build nicely on Windows CE.
Daniel (1 November 2004)
- When cross-compiling, the configure script no longer attempts to use
pkg-config on the build host in order to detect OpenSSL compiler options.
Daniel Stenberg
committed
Daniel (27 October 2004)
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
- Dan Fandrich:
An improvement to the gzip handling of libcurl. There were two problems with
the old version: it was possible for a malicious gzip file to cause libcurl
to leak memory, as a buffer was malloced to hold the header and never freed
if the header ended with no file contents. The second problem is that the
64 KiB decompression buffer was allocated on the stack, which caused
unexpectedly high stack usage and overflowed the stack on some systems
(someone complained about that in the mailing list about a year ago).
Both problems are fixed by this patch. The first one is fixed when a recent
(1.2) version of zlib is used, as it takes care of gzip header parsing
itself. A check for the version number is done at run-time and libcurl uses
that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that
can be commented out to save some code space if libcurl is guaranteed to be
using a 1.2 version of zlib.
The second problem is solved by dynamically allocating the memory buffer
instead of storing it on the stack. The allocation/free is done for every
incoming packet, which is suboptimal, but should be dwarfed by the actual
decompression computation.
I've also factored out some common code between deflate and gzip to reduce
the code footprint somewhat. I've tested the gzip code on a few test files
and I tried deflate using the freshmeat.net server, and it all looks OK. I
didn't try running it with valgrind, however.
Daniel Stenberg
committed
- Added a --retry option to curl that takes a numerical option for the number
of times the operation should be retried. It is retried if a transient error
is detected or if a timeout occurred. By default, it will first wait one
second between the retries and then double the delay time between each retry
until the delay time is ten minutes which then will be the delay time
between all forthcoming retries. You can set a static delay time with
"--retry-delay [num]" where [num] is the number of seconds to wait between
each retry.
Daniel (25 October 2004)
- Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a
file that was already completely downloaded caused an error, while it
doesn't if you don't use --fail! I added test case 194 to verify the fix.
Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in
libcurl v8 due to all the kludges needed to support it.
- Mohun Biswas found out that formposting a zero-byte file didn't work very
good. I fixed.
Daniel Stenberg
committed
- Alexander Krasnostavsky made it possible to make FTP 3rd party transfers
with both source and destination being the same host. It can be useful if
you want to move a file on a server or similar.
- Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure
out how many new connects a previous transfer required.
I added %{num_connects} to the curl tool and added test case 192 and 193
to verify the new code.
Daniel (18 October 2004)
- Peter Wullinger pointed out that curl should call setlocale() properly to
initiate the specific language operations, to make the IDN stuff work
better.
Daniel (16 October 2004)
Daniel Stenberg
committed
- Alexander Krasnostavsky made the CURLOPT_FTP_CREATE_MISSING_DIRS option work
fine even for third party transfers.
- runekl at opoint.com found out (and provided a fix) that libcurl leaked
memory for cookies with the "max-age" field set.
Gisle (16 October 2004)
- Issue 50 in TODO-RELEASE; Added Traian Nicolescu's patches for threaded
resolver on Windows. Plugged some potential handle and memory leaks.
Daniel Stenberg
committed
Daniel (14 October 2004)
- Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user
name and password fields properly in URLs, like
ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix.
Daniel (11 October 2004)
- libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or
later is one) to inhibit the SIGPIPE signal when writing to a socket while
the peer dies. The same effect is provide by the MSG_NOSIGNAL parameter to
send() on other systems. Alan Pinstein verified the fix.
- Systems with 64bit longs no longer use strtoll() or our strtoll- replacement
to parse 64 bit numbers. strtol() works fine. Added a configure check to
detect if [constant]LL works and if so, use that in the strtoll replacement
code to work around compiler warnings reported by Andy Cedilnik.
Gisle (6 October 2004)
- For USE_LIBIDN builds: Added Top-Level-Domain (TLD) check of host-name
used in fix_hostname(). Checks if characters in 'host->name' (indirectly
via 'ace_hostname') are legal according to the TLD tables in libidn.
- Chih-Chung Chang reported that if you use CURLOPT_RESUME_FROM and enabled
CURLOPT_FOLLOWLOCATION, libcurl reported error if a redirect happened even
if the new URL would provide the resumed file. Test case 188 added to verify
the fix (together with existing test 99).
- Dan Fandrich fixed a configure flaw for systems that need both nsl and socket
libs to use gethostbyname().
- Removed tabs and trailing whitespace from lots of source files.
Daniel (5 October 2004)
- Made configure --with-libidn=PATH try the given PATH before the default
paths to make it possible to override.
- If idna_strerror() is present in libidn, we can use that instead of our
internal replacement. This function was added by Simon in libidn 0.5.6 and
is detected by configure.
- It seems basename() on IRIX is in the libgen library and since we don't use
that, configure finds libgen.h but not basename and then we get a compiler
error because our basename() replacement doesn't match the proto in
libgen.h. Starting now, we don't include the file if basename wasn't found
as well.
Daniel (4 October 2004)
- Chris found a race condition resulting in CURLE_COULDNT_RESOLVE_HOST and
potential crash, in the windows threaded name resolver code.
Daniel (3 October 2004)
- Replaced the use of isspace() in cookie.c with our own version instead since
we have most data as 'char *' and that makes us pass in negative values if
there is 8bit data in the string. Changing to unsigned causes too much
warnings or too many required typecasts to the normal string functions.
Harshal Pradhan identified this problem.
Daniel (2 October 2004)
- Bertrand Demiddelaer found a case where libcurl could read already freed
data when CURLOPT_VERBOSE is used and a (very) persistent connection. It
happened when the dns cache entry for the connection was pruned while the
connection was still alive and then again re-used. We worked together on
this fix.
- Gisle Vanem provided code that displays an error message when the (libidn
based) IDN conversion fails. This is really due to a missing suitable
function in the libidn API that I hope we can remove once libidn gets a
function like this.
Daniel Stenberg
committed
Daniel (1 October 2004)
- Aleksandar Milivojevic reported a problem in the Redhat bugzilla (see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134133) and not to
anyone involved in the curl project! This happens when you try to curl a
file from a proftpd site using SSL. It seems proftpd sends a somewhat
unorthodox response code (232 instead of 230). I relaxed the response code
check to deal with this and similar cases.
Daniel Stenberg
committed
- Based on Fedor Karpelevitch's formpost path basename patch, file parts in
formposts no longer include the path part. If you _really_ want them, you
must provide your preferred full file name with CURLFORM_FILENAME.
Added detection for libgen.h and basename() to configure. My custom
basename() replacement function for systems without it, might be a bit too
naive...
Updated 6 test cases to make them work with the stripped paths.
Daniel (30 September 2004)
Daniel Stenberg
committed
- Larry Campbell added CURLINFO_OS_ERRNO to curl_easy_getinfo() that allows an
app to retrieve the errno variable after a (connect) failure. It will make
sense to provide this for more failures in a more generic way, but let's
start like this.
Daniel Stenberg
committed
- Günter Knauf and Casey O'Donnell worked out an extra #if condition for the
curl/multi.h header to work better in winsock-using apps.
- Jean-Philippe Barrette-LaPierre made buildconf run better on Mac OS X by
properly using glibtoolize instead of plain libtoolize. (This is made if
glibtool was found and used instead of plain libtool.)
Daniel Stenberg
committed
Daniel (29 September 2004)
- Bertrand Demiddelaer fixed curl_easy_reset() so that it doesn't mistakingly
enable the progress meter.
Daniel (28 September 2004)
- "Mekonikum" found out that if you built curl without SSL support, although
your current SSL installation supports Engine, the compile fails.
Daniel (27 September 2004)
- When --with-ssl=PATH is used to the configure script, it no longer uses
pkg-config to figure out extra details. That is now only done if no PATH is
included or if SSL is checked for by default without the --with-ssl option.
Daniel (25 September 2004)
- Peter Sylvester pointed out that CURLOPT_SSLENGINE couldn't even be set to
NULL when no engine was supported. It can now.
- Dan Fandrich fixed three test cases to no longer use "localhost" but instead
use "127.0.0.1" to avoid requiring that localhost resolves nicely.
- Jean-Claude Chauve fixed an LDAP crash when more than one record was
retrieved.
Daniel (19 September 2004)
- Andreas Rieke pointed out that when attempting to connect to a host without
a service on the specified port, curl_easy_perform() didn't properly provide
an error message in the CURLOPT_ERRORBUFFER buffer.
Daniel Stenberg
committed
Daniel (16 September 2004)
- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from
http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl
when "AUTH SSL" is issued (although the server responds fine and everything)
but requires that curl issues "AUTH TLS" instead. See
http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes
Introducing CURLOPT_FTPSSLAUTH that allows the application to select which
of the AUTH strings to attempt first.
Daniel Stenberg
committed
- Anonymous filed bug report #1029478 which identified a bug when you 1) used
a URL without properly seperating the host name and the parameters with a
slash. 2) the URL had parameters to the right of a ? that contains a slash
3) curl was told to follow Location:s 4) the request got a response that
contained a Location: to redirect to "/dir". curl then appended the new path
on the wrong position of the original URL.
Test case 187 was added to verify that this was fixed properly.
- Added parsedate.c that contains a rewrite of the date parser currently
provided by getdate.y. The new one is MUCH smaller and will allow us to run
away from the yacc/bison jungle. It is also slightly lacking in features
Daniel Stenberg
committed
compared to the old one, but it supports parsing of all date formats HTTP
involves (and a fair bunch of others).
Daniel Stenberg
committed
Daniel (10 September 2004)
- As found out by Jonas Forsman, curl didn't allow -F to set Content-Type on
text-parts. Starting now, we can do -F "name=daniel;type=text/extra". Added
test case 186 to verify.
Daniel Stenberg
committed
- Bug report #1025986. When following a Location: with a custom Host: header
replacement, curl only replaced the Host: header on the initial request
and didn't replace it on the following ones. This resulted in requests with
two Host: headers.
Now, curl checks if the location is on the same host as the initial request
and then continues to replace the Host: header. And when it moves to another
host, it doesn't replace the Host: header but it also doesn't make the
second Host: header get used in the request.
This change is verified by the two new test cases 184 and 185.
Daniel (8 September 2004)
- Modified the test suite to be able to use and run with customized port
numbers. This was always intended but never before possible. Now a simple
change in the runtests.pl script can make all tests use different ports.
The default ports in use from now on are 8990 to 8993.
Daniel (2 September 2004)
- Minor modification of an SSL-related error message.
Daniel (31 August 2004)
- David Tarendash found out that curl_multi_add_handle() returned
CURLM_CALL_MULTI_PERFORM instead of CURLM_OK.
Daniel (30 August 2004)
- Make "Proxy-Connection: close" close the current proxy connection, as Roman
Koifman found out.
Daniel (24 August 2004)
- Fixed a getdate problem by post-replacing the getdate.c file after the
bison/yacc process to add the fix Harshal Pradhan suggested. The problem
caused a crash on Windows when parsing some dates.
Daniel Stenberg
committed
Daniel (23 August 2004)
- Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs
even when told to use HTTP 1.0, which is not correct. Test case 180 and
181 verify this.
- Added test case 182 to verify that zero byte transfers call the callback
properly.
Daniel Stenberg
committed
Daniel Stenberg
committed
Daniel (20 August 2004)
- Alexander Krasnostavsky made the write callback get called even when a zero
byte file is downloaded.
Daniel Stenberg
committed
Daniel (18 August 2004)
- Ling Thio pointed out that when libcurl is built ipv6-enabled, it still did
reverse DNS lookups when fed with a numerical IP-address (like
http://127.0.0.1/), although it doesn't when built ipv6-disabled. libcurl
should never do reverse lookups.
Daniel (17 August 2004)
- Kjetil Jacobsen noticed that when transferring a file:// URL pointing to an
empty file, libcurl would return with the file still open.
- Alexander Krasnostavsky pointed out that the configure script needs to define
_THREAD_SAFE for AIX systems to make libcurl built really thread-safe.
Also added a check for the xlc compiler on AIX, and if that is detect we use
the -qthreaded compiler option
- libcurl now allows a custom "Accept-Encoding:" header override the
internally set one that gets set with CURLOPT_ENCODING. Pointed out by Alex.
- Roland Krikava found and fixed a cookie problem when using a proxy (the
path matching was wrong). I added test case 179 to verify that we now do
right.
Daniel (15 August 2004)
- Casey O'Donnell fixed some MSVC makefile targets to link properly.
Daniel (11 August 2004)
- configure now defines _XOPEN_SOURCE to 500 on systems that need it to build
warning-free (the only known one so far is non-gcc builds on 64bit SGI
IRIX). (Reverted this change later as it caused compiler errors.)
- the FTP code now includes the server response in the error message when the
server gives back a 530 after the password is provided, as it isn't
necessary because of a bad user name or password.
Version 7.12.1 (10 August 2004)
Daniel (10 August 2004)
- In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is
already UTF-8 encoded. This made the certificate verification fail if the
remote server used a certificate with the name UTF-8 encoded.
Work-around brought by Alexis S. L. Carvalho.
Daniel (9 August 2004)
- I fixed the configure script for krb4 to use -lcom_err as well, as I started
to get link problems with it unless I did that on my Solaris 2.7 box. I
don't understand why I started to get problems with this now!
Daniel (5 August 2004)
- Enrico Scholz fixed the HTTP-Negotiate service name to be uppercase as
reported in bug report #1004105
Daniel (4 August 2004)
- Gisle Vanem provided a fix for the multi interface and connecting to a host
using multiple IP (bad) addresses.
- Dylan Salisbury made libcurl no longer accept cookies set to a TLD only (it
previously allowed that on the seven three-letter domains).
Daniel (31 July 2004)
- Joel Chen reported that the digest code assumed quotes around the contents a
bit too much.
Daniel (28 July 2004)
- Bertrand Demiddelaer fixed the host name to get setup properly even when a
connection is re-used, when a proxy is in use. Previously the wrong Host:
header could get sent when re-using a proxy connection to a different target
host.
- Fixed Brian Akins' reported problems with duplicate Host: headers on re-used
connections. If you attempted to replace the Host: header in the second
request, you got two such headers!
- src/Makefile.am now includes the Makefile.inc file to get info about files
Daniel (26 July 2004)
- Made "curl [URL] -o name#2" work as expected. If there's no globbing for the
#-number, it will simply be used as #2 in the file name.
- Bertrand Demiddelaer fixed testing with valgrind 2.1.x and added two missing
newlines in the cookie informationals.
Daniel (24 July 2004)
- I fixed the autobuilds with ares, since they now need to have buildconf run
in the ares dir before the configure script is run.
- Added Casey O'Donnell's curl_easy_reset() function. It has a proto in
curl/curl.h but we have no man page yet.
Daniel (20 July 2004)
- Added buildconf and buildconf.bat to the release archives, since they are
handy for rebuilding curl when using a daily snapshot (and not a pure CVS
checkout).
Daniel (16 July 2004)
- As suggested by Toby Peterson, libcurl now ignores Content-Length data if the
given size is a negative number. Test case 178 verifies this.
Daniel (14 July 2004)
- Günter Knauf has made the Netware builds do without the config-netware.h
files, so they are now removed from the dist packages.
- Günter Knauf made curl and libcurl build with Borland again.
- Andres Garcia fixed the common test 505 failures on windows.
Daniel (6 July 2004)
- Andrés García found out why the windows tests failed on file:// "uploads".
Daniel (2 July 2004)
- Andrés García reported a curl_share_cleanup() crash that occurs when no
lock/unlock callbacks have been set and the share is cleaned up.
Daniel (1 July 2004)
- When using curl --trace or --trace-ascii, no trace messages that were sent
by curl_easy_cleanup() were included in the trace file. This made the
message "Closing connection #0" never appear in trace dumps.
Daniel (30 June 2004)
- Niels van Tongeren found that setting CURLOPT_NOBODY to TRUE doesn't disable
a previously set POST request, making a very odd request get sent (unless
you disabled the POST) a HEAD request with a POST request-body. I've now
made CURLOPT_NOBODY enforce a proper HEAD. Added test case 514 for this.
- Günter Knauf made the testcurl.pl script capable of using a custom setup
file to easier run multiple autobuilds on the same source tree.
- Gisle fixed the djgpp build and fixed a memory problem in some of the
reorged name resolved code.
- Fixed code to allow connects done using the multi interface to attempt the
next IP when connecting to a host that resolves to multiple IPs and a
connect attempt fails.
Daniel (27 June 2004)
- Based on Rob Stanzel's bug report #979480, I wrote a configure check that
checks if poll() can be used to wait on NULL as otherwise select() should be
used to do it. The select() usage was also fixed according to his report.
Mac OS X 10.3 says "poll() functionality for Mac OS X is implemented via an
emulation layer on top of select(), not in the kernel directly. It is
recommended that programs running under OS X 10.3 prefer select() over
poll(). Configure scripts should look for the _POLL_EMUL_H_ define (instead
of _POLL_H_ or _SYS_POLL_H_) and avoid implementations where poll is not
implemented in the kernel."
Yes, we can probably use select() on most platforms but today I prefered to
leave the code unaltered.
- The standard curl_version() string now only includes version info about
involved libraries and not about particular features. Thus it will no longer
include info about ipv6 nor GSS. That info is of course still available in
the feature bitmask curl_version_info() offers.
- Replaced all occurances of sprintf() with snprintf(). This is mostly because
it is "A Good Thing" rather than actually fixing any known problem. This
will help preventing future possible mistakes to cause buffer overflows.
- Major reorganization in the host resolve code (again). This time, I've
modified the code to now always use a linked list of Curl_addrinfo structs
to return resolved info in, no matter what resolver method or support that
is available on the platform. It makes it a lot easier to write code that
uses or depends on resolved data.
Internally, this means amongst other things that we can stop doing the weird
"increase buffer size until it works" trick when resolving hosts on
ipv4-only with gethostbyname_r(), we support socks even on libcurls built
with ipv6 enabled (but only to socks servers that resolve to an ipv4
address) and we no longer deep-copy or relocate hostent structs (we create
Curl_addrinfo chains instead).
The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai()
and is slightly naive and simple, yet I believe it is functional enough to
work for libcurl.
Daniel (22 June 2004)
- David Cohen pointed out that RFC2109 says clients should allow cookies to
contain least 4096 bytes while libcurl only allowed 2047. I raised the limit
to 4999 now and made the used buffer get malloc()ed instead of simply
allocated on stack as before. Extended test case 46 to include a cookie with
very huge content to verify the fix.
- Günter Knauf fixed getdate.y to remove a few warnings. I removed the
ifdef'ed test we never ever use anyway.
- Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter
anywhere in the wildcard string, support multiple '*'-letters in the
wildcard and to allow the '*'-letter to match a string that includes a dot.
- testcurl.sh is now removed completely, tests/testcurl.pl is the script to
use when autobuilding curl!
- Kjetil Jacobsen brought my attention to the fact that you cannot properly
abort an upload with the readfunction callback, since returning 0 or -1 only
stops the upload and libcurl will continue waiting for downloaded data and
the server often waits for the rest of the upload data to arrive.
Thus, I've now added the ability for read callbacks to return
CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop
the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code.
Test case 513 was added to verify that it works. I had to improve the test
HTTP server too to dump the request to a file even when the client
disconnects prematurely.
Daniel (19 June 2004)
- Luca Alteas provided a test case with a failing curl operation: when we POST
to a site with --digest (or similar) set, and the server responded with a 302
Location: to the "authprobe" request, it was not treated correctly. We still
will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not
in the mood to dive into this right now and will leave it as-is for now.
Verified my fix with test case 177.
Daniel Stenberg
committed
Daniel (18 June 2004)
- Gisle Vanem's patch that provides more details from the SSL layers (if you
use an OpenSSL version that supports it). It also introduces two new types
of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and
CURLINFO_SSL_DATA_OUT.
- With David Byron's test server I could repeat his problem and make sure that
POSTing over HTTPS:// with NTLM works fine now. There was a general problem
with multi-pass authentication with non-GET operations with CONNECT.
Daniel (16 June 2004)
- Modified to keep the upload byte counter in an curl_off_t, not an int as
before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire
reported that makes 2GB FTP uploads to report error ("unaligned file sizes")
when completed.
Daniel (15 June 2004)
- Luca Alteas reported a problem that I fixed: if you did a POST with
CURLAUTH_DIGEST set but the server didn't require any authentication,
libcurl would repeatedly send HEAD lots of times until it gives up. This was
actually the case for all multi-pass authentications. Added test case 174,
175 and 176 to verify this.
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
Daniel (14 June 2004)
- Multipart formposts uploading files no longer inserts the files themselves
into the huge prebuilt chunk. This enables libcurl to formpost files that is
larger than the amount of system memory. When the file given is passed on
stdin, libcurl still uses the old method of reading the full fill before the
upload takes place. This approach was selected in order to not alter the
behavior for existing applications, as when using stdin libcurl can't know
the size of the upload and chunked transfer-encoding can only be used on
HTTP 1.1 servers.
Daniel (13 June 2004)
- Gisle found out that we did wildcard cert name checks wrong, so that parts
of the check wrongly was case sensitive.
Daniel (11 June 2004)
- Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS
machine. He also had some interesting libcurl patches... they might be able
to do in a slightly nicer way. Discussions are in progress.
Daniel (10 June 2004)
- Gisle Vanem brought code cleanupsm better verbose output and better connect
timeout handling when attempting to connect to a host that resolves to
multiple IP addresses.
- Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the
path after a file:// transfer.
Daniel (9 June 2004)
- Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl
without HTTP support. I added a new return code for curl_formadd() in case
libcurl is built with HTTP disable: CURL_FORMADD_DISABLED.
- Alexander Krasnostavsky pointed out a missing file in the generated
curllib.dsp file, and now people building with this should get a libcurl.lib
file generated as it used to do before we generated this file.
Daniel (8 June 2004)
- Marty Kuhrt fixed a minor build problem for VMS.
Daniel (7 June 2004)
- Reverted the configure check from the 4th since it obviously didn't work.
Remade it in a different manner that hopefully works better.
- Günter Knauf brought patches to make curl build fine on NetWare again.
- Made the configure checks for strerror_r() not exit the configure script
when built for cross-compiling.
Daniel (3 June 2004)
- Chris Gaukroger pointed out that 'make test' attempts to run the tests even
if curl is built cross-compiled. I've now made it output a short message
instead, saying it isn't possible to do.
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
- Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl.
You can now use libcurl to transfer files between two remote hosts using
FTP. There are a bunch of new options to control this with:
CURLOPT_SOURCE_HOST
CURLOPT_SOURCE_USERPWD
CURLOPT_SOURCE_PATH
CURLOPT_SOURCE_PORT
CURLOPT_PASV_HOST
CURLOPT_SOURCE_PREQUOTE
CURLOPT_SOURCE_POSTQUOTE
(They still remain to be documented properly in the curl_easy_setopt man
page.)
When using this, the ordinary CURLOPT_URL specifies the target URL, and you
specify the source data with these additional options. ftp3rdparty.c is a
new example source code showing how to use this.
- Vincent Bronner fixed the HTTP Digest code to use the proxy user name and
password when doing proxy authentication, it previously always used the host
user name and password!
Daniel (2 June 2004)
- CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which
fixes some old confusions on when which of these should be used and what the
differences are.
- Applied Gisle's fixes to make curl build fine with lcc-win32
Daniel (1 June 2004)
- I clarified the --create-dirs option somewhat in the curl man page.
- Renaud Duhaut corrected the curl_unescape man page.
- David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile
changes to now again use the mm lib by default.
Daniel (26 May 2004)
- Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl
Makefile
- David Byron reported a problem with proxy authentication when doing CONNECT,
like when accessing HTTPS sites wiht a proxy. This probably broke when I
rewrote the auth stuff recently.
- I added fileupload.c in the examples directory, showing how an upload to a
file:// URL is made.
Daniel (25 May 2004)
- Massimiliano Ziccardi updated the MSVC makefiles.
Daniel (24 May 2004)
- libcurl now supports "uploading" to file:// URLs. Test 204 and 205 were
added to verify.
Daniel Stenberg
committed
- Simon Josefsson added a idn_free() function in libidn 0.4.5 as a reaction to
Gisle's previous mail. We now use this function, and thus we require libidn
0.4.5 or later. No earlier version will do.
Daniel Stenberg
committed
- Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE could
not be used both in one request. Fixed it and added test case 172 to verify.
Daniel Stenberg
committed
Daniel (21 May 2004)
- While talking to host a.b.c, libcurl did wrongly not accept cookies that
were set to the domain .a.b.c (that is with a dot prefix). This is now fixed
and test case 171 verifies it.
Daniel (20 May 2004)
- Jesse Noller reported that the upload speed info reported by libcurl was
wrong. The same was true for the download speed. Fixed now.
- David Byron added test case 170 - this used to crash the previous version of
- Peter Sylvester's patch that addresses two flaws in the peer certificate
name verification:
o when multiple common names are used (as in the curl tests), the last name
needs to be selected.
o allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings.
- All 191 test cases run through the torture test OK! 'make test-torture' is
now available in the root makefile (on configure-based environments).
Daniel (14 May 2004)
- With a slightly modified ftpserver.pl I've now run almost all tests through
with runtests.pl -t. This is goodness!
- Since I have been unable to contact the CVS admins for several months, I've
decided that the current CVS hosting was not good enough. I've now moved the
CVS repo once again, see README for updated cvs checkout instructions.
Daniel (13 May 2004)
- runtests.pl -t now runs fine all the way to test 100. I believe test case
100 fails because of an FTP server problem.
Daniel (12 May 2004)
- General cleanups all over to make libcurl survive and do well when a memory
function returns NULL. runtests.pl -t now works fine for the first 26 test
cases.
- Seshubabu Pasam provided a patch that introduces curl_global_init_mem() -
like normal curl_global_init() but allows the app to replace all memory
functions with its own set. I modified it slightly.
- Based on Luca Alteas' comments, I modified the curllib.dsp generation code.
Daniel (10 May 2004)
- Gisle mailed Simon Josefsson (of libidn fame) about the benefits of a
separate free()-function by that lib to make sure the memory is freed by the
same memory subsystem that allocated it. He responded positively and this
will likely cause us to require a newer version of libidn as soon as Simon
releases one with such a libidn_free() function.
- James Bursa made runtests.pl's -t option work for any given test case, and I
edited to allow -g too. Not even test case 1 worked...
- Luca Altea made the nc= field not use quotes in outgoing HTTP Digest headers.
- Andrés García fixed a problem in the test script that made it fail to
recognize our own running HTTP server.
Daniel (7 May 2004)
- James Bursa fixed the memanalyze.pl script to conder malloc(0) areas OK to
free() and he made two failed-resolve error messages use the new display-
name instead of the internally-used name.
- Gisle Vanem tried curl with
www.etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com
which caused problems, and I fixed the single zero byte buffer overwrite
that occurred (due to a stupid protocol buffer size and parser).
- Made the lib/curllib.dsp file get generated automaticly when a distribution
package is made, with the msvcproj.* files as templates and all
win32-sources added. I think this can be made to work better than the always
lagging-behind previous approach. I'm not sure this builds a working project
file right now though!
Daniel (6 May 2004)
- Michael Benedict brought a fix that fills in the errorbuffer properly when
ares fails to resolve a name for a case not previously dealt with like this.
Daniel (5 May 2004)
- Joe Halpin fixed the annoying typecast warning in lib/ldap.c
- Gisle Vanem fixes:
o memdebug to not access NULL on several places
o libcurl.def; curl_formparse is gone.
o progress.c; fixed the percent values being trunced to 0.
o if2ip.*; constified the 'interface' argument.
- Tor Arntsen reported that many of his autobuilds froze and I found and fixed
a problem introduced with the HTTP auth overhaul that could lead to a
never-ending internal request-loop due to un-initialized variables!
- Removed several compiler warnings on various compilers/platforms.
Daniel (4 May 2004)
- curl_formparse() has been removed from the library. It has been marked and
mentioned as deprecated for several years.
Daniel (3 May 2004)
- Rewritten HTTP authentication code. The previous code could not properly
deal with the added test cases 167, 168 and 169. I've now rewritten the code
to better separate host and proxy authentication and not re-use the same
variables as much as before as it proved non working in the more involved
cases. All the current tests run OK now, and so do the new ones. The curl
tool got a new option named --proxy-digest to enable HTTP Digest
authentication with the proxy. I also made the library support it.
- Gisle Vanem made the LDAP code work with wldap32.dll as supplied with
Win-98/ME/2000/XP, so no extra .dlls are required when curl/libcurl is used
on these Windows versions.
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
Daniel (30 April 2004)
- runtests.pl now scans the valgrind log for valgrind-detected memory leaks
after each test case if valgrind was found and used.
- I modified the app-code in curl to include the new lib/curlx.h and only
access those functions using the curlx_-prefix in preparation for the future
removal of several curl_-functions from the public libcurl API.
- Introduced lib/curlx.h as a single header to provide the curlx_-functions
to apps.
- Added notices in the man pages for curl_getenv, curl_mprintf, curl_strequal
and curl_strnequal that they are subject for removal in a future release.
STOP USING THESE FUNCTIONS.
- Mihai Ionescu noticed he couldn't do formposts with whitespace in the file
names and yes, I broke that on April 23. Sigh. I fixed it now and added
test case 166 to verify it.
- Luca Altea pointed out a mistake left from the Digest patch of yesterday.
Daniel (29 April 2004)
- Made IDN domains work when sending requsts over HTTP proxy as well. Added
test case 165 to verify the functionality.
- Fixed a bug in the new internal host name setup when re-using connections.
- James Bursa found out that curl_easy_duphandle() with ares-built libcurl
created a bad handle that would crash in the first name resolve attempt. This
is now fixed and test case 512 was added to verify it.
- Luca Altea provided a major HTTP Digest code fix and cleanup. We now follow
the Digest RFC a lot better.
- Gisle Vanem made the SSL code use ERR_error_string_n() where applicable.
Daniel (27 April 2004)
- I remodeled Gisle's IDN code slightly and now we convert both the host name
and proxy name to the ACE encoded version to use internally for resolves and
cookies etc. They are now using one 'struct hostname' each that keep both
the original name and the possibly encoded name. IDN resolves work for me
now using ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to
do right. I got some failures at first when CHARSET wasn't set at all which
confused libidn completely and it decided by encoding of choice was
'ANSI_X3.4-1968'...
- made 'configure --without-libidn' work
- Fixed the src/hugehelp.c file to include "setup.h" instead of "config.h" to
make the problems with USE_MANUAL on windows go away.