Newer
Older
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
Daniel Stenberg (9 Mar 2009)
- Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.
We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.
- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.
Daniel Stenberg
committed
Daniel Stenberg (8 Mar 2009)
Daniel Stenberg
committed
- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
Daniel Stenberg
committed
- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
Daniel Stenberg
committed
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
Yang Tse (5 Mar 2009)
- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
issue was noticed by Chris Deidun.
Daniel Fandrich (4 Mar 2009)
- Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
Daniel Stenberg
committed
Daniel Stenberg (3 Mar 2009)
- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
1. After cleaning up a dead connection, "continue" instead of
returning FALSE. This ensures that we clean up all dead connections,
rather than just cleaning up the first dead connection.
2. Move up the cleanup for dead connections so that it occurs for
all connections, rather than just the connections which have the same
preferences as our current new connection.
Version 7.19.4 (3 March 2009)
Daniel Stenberg (3 Mar 2009)
- David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
which previous libcurl versions (by design) can be tricked to access an
arbitrary local/different file instead of a remote one when
CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
together this the addition of two new setopt options for controlling this
new behavior:
o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
excludes the FILE and SCP protocols and thus you nee to explicitly allow
them in your app if you really want that behavior.
o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
using the primary URL option. This is useful if you want to allow a user or
other outsiders control what URL to pass to libcurl and yet not allow all
protocols libcurl may have been built to support.
Daniel Stenberg (27 Feb 2009)
- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
Markus Koetter provided the fix!
Daniel Stenberg (25 Feb 2009)
- As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 2007) moved the init to a later time
just to avoid it to fail very early when libgcrypt dislikes the situation,
but that move was bad and the fix should rather be in libgcrypt or
elsewhere.
Daniel Stenberg
committed
Daniel Stenberg (24 Feb 2009)
- Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
time for both proxy and server auth which of course was wrong.
Daniel Stenberg (23 Feb 2009)
- After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
-1 if the sizes aren't know. Previously these returned 0, make it impossible
to detect the difference between actually zero and unknown.
Yang Tse (23 Feb 2009)
- Daniel Johnson provided a shell script that will perform all the steps needed
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
Daniel Stenberg
committed
Daniel Stenberg (23 Feb 2009)
- I renamed everything in the windows builds files that used the name 'curllib'
to the proper 'libcurl' as clearly this caused confusion.
Yang Tse (20 Feb 2009)
- Do not halt compilation when using VS2008 to build a Windows 2000 target.
Daniel Stenberg
committed
Daniel Stenberg (20 Feb 2009)
- Linus Nielsen Feltzing reported and helped me repeat and fix a problem with
FTP with the multi interface: when a transfer fails, like when aborted by a
write callback, the control connection was wrongly closed and thus not
re-used properly.
This change is also an attempt to cleanup the code somewhat in this area, as
now the FTP code attempts to keep (better) track on pending responses
necessary to get read in ftp_done().
Daniel Stenberg
committed
Daniel Stenberg (19 Feb 2009)
- Patrik Thunstrom reported a problem and helped me repeat it. It turned out
libcurl did a superfluous 1000ms wait when doing SFTP downloads!
We read data with libssh2 while doing the "DO" operation for SFTP and then
when we were about to start getting data for the actual file part, the
"TRANSFER" part, we waited for socket action (in 1000ms) before doing a
libssh2-read. But in this case libssh2 had already read and buffered the
data so we ended up always just waiting 1000ms before we get working on the
data!
Patrick Monnerat (18 Feb 2009)
- FTP downloads (i.e.: RETR) ending with code 550 now return error
CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.
Daniel Stenberg
committed
Daniel Stenberg (17 Feb 2009)
- Kamil Dudka made NSS-powered builds compile and run again!
Daniel Stenberg
committed
- A second follow-up change by Andre Guibert de Bruet to fix a related memory
leak like that fixed on the 14th. When zlib returns failure, we need to
cleanup properly before returning error.
Daniel Stenberg
committed
- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for
plain FTP connections, and it will then allow MKD to fail once and retry the
CWD afterwards. This is especially useful if you're doing many simultanoes
connections against the same server and they all have this option enabled,
as then CWD may first fail but then another connection does MKD before this
connection and thus MKD fails but trying CWD works! The numbers can
(should?) now be set with the convenience enums now called
CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.
Tests has proven that if you're making an application that uploads a set of
files to an ftp server, you will get a noticable gain in speed if you're
using multiple connections and this option will be then be very useful.
Daniel Stenberg
committed
Daniel Stenberg (14 Feb 2009)
- Andre Guibert de Bruet found and fixed a memory leak in the content encoding
code, which could happen on libz errors.
Daniel Fandrich (12 Feb 2009)
- Added support for Digest and NTLM authentication using GnuTLS.
Daniel Stenberg
committed
Daniel Stenberg (11 Feb 2009)
- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if
the condition in the previous request was unmet. This is typically a time
condition set with CURLOPT_TIMECONDITION and was previously not possible to
reliably figure out. From bug report #2565128
(http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert.
Daniel Stenberg
committed
Dan Fandrich
committed
Daniel Fandrich (4 Feb 2009)
- Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS
(respectively) when --with-ssl=/usr is used (patch based on FreeBSD).
- Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
This couldn't ever overflow in curl, but might if the code were used
elsewhere or under different conditions.
Daniel Stenberg (3 Feb 2009)
- Hidemoto Nakada provided a small fix that makes it possible to get the
CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
CURLOPT_NOBODY set true.
Daniel Stenberg (2 Feb 2009)
- Patrick Scott found a rather large memory leak when using the multi
interface and setting CURLMOPT_MAXCONNECTS to something less than the number
Loading full blame...