Newer
Older
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
Daniel (21 October 2005)
- Bradford Bruce made the windows resolver code properly return
CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving
errors (as documented).
Daniel Stenberg
committed
Daniel (20 October 2005)
- Dave Dribin made libcurl understand and handle cases when the server
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
never happen in a sane world, libcurl previously got into an infinite loop
when this occurred. Dave added test 273 to verify this.
Daniel Stenberg
committed
- Temprimus improved the MSVC makefile: "makes a build option available so if
you set rtlibcfg=static for the make, then it would build with /MT. The
default behaviour is /MD (the original)."
http://curl.haxx.se/bug/view.cgi?id=1326665
Daniel (14 October 2005)
- Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin
reported, the define is used by the configure script and is assumed to use
the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0
release version.
Version 7.15.0 (13 October 2005)
Daniel (12 October 2005)
- Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM
code that would overflow a buffer if given a too long user name or domain
name. This would happen if you enable NTLM authentication and either
A - pass in a user name and domain name to libcurl that together are longer
than 192 bytes
B - allow (lib)curl to follow HTTP "redirects" (Location: and the
appropriate HTTP 30x response code) and the new URL contains a URL with
a user name and domain name that together are longer than 192 bytes
See http://curl.haxx.se/docs/security.html for further details and updates
Daniel (5 October 2005)
- Darryl House reported a problem with using -z to download files from FTP.
It turned out that if the given time stamp was exact the same as the remote
time stamp, the file would still wrongly be downloaded. Added test case 272
to verify.
Daniel (4 October 2005)
- Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes
from the configure script.
- Michael Wallner reported that the date parser had wrong offset stored for
the MEST and CEST time zones.
Daniel Stenberg
committed
Daniel (27 September 2005)
- David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181)
that identified a silly problem with Content-Range: headers with the 'bytes'
keyword written in a different case than all lowercase! It would cause a
segfault!
Daniel Stenberg
committed
- TJ Saunders of the proftpd project identified and pointed out problems with
the modified FTPS negotiation change of August 19 2005. Thus, we revert the
change back to pre-7.14.1 status.
Daniel (21 September 2005)
- Fixed "cut off" sentence in the libcurl-tutorial man page:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305
- Clarified in the curl_easy_setopt man page what the default
CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311
- Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER
sometimes doesn't fill in the buffer even though it is supposed to:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313
- When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an
error string set.
Daniel (19 September 2005)
- Dmitry Bartsevich made the SSPI support work on Windows 9x as well.
Daniel (15 September 2005)
- Added a TFTP server to the test suite and made the test suite capable of
using it.
Daniel (7 September 2005)
- Ben Madsen's detailed reports that funnily enough only occurred with certain
glibc versions turned out to be curl using an already closed file handle
during certain conditions (like when saving FTP server "headers").
- Scott Davis helped me track down a problem in the test HTTP server that made
test case 56 wrongly fail at times. It turned out it was due to the server
finding the end of a chunked-encoded POST too early.
Daniel Stenberg
committed
Daniel (6 September 2005)
- Now curl warns if an unknown variable is used in the -w/--writeout argument.
Daniel (4 September 2005)
- I applied Nicolas François' man page patch he posted to the Debian bug
tracker. It corrected two lines that started with apostrophes, which isn't
legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511
- Added --ftp-skip-pasv-ip to the command line tool, that sets the new
CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control
connection's IP address when setting up the data connection instead of
extractting the IP address from the PASV response. It has turned out this
feature is frequently needed by people to circumvent silly servers and silly
firewalls, especially when FTPS is used and the PASV command-response is
sent encrtyped.
Sponsored by CU*Answers
Daniel (1 September 2005)
- John Kelly added TFTP support to libcurl. A bunch of new error codes was
added. TODO: add them to docs. add TFTP server to test suite. add TFTP to
list of protocols whereever those are mentioned.
- Kevin Lussier pointed out a problem with curllib.dsp and how to fix it.
Daniel Stenberg
committed
- Igor Polyakov fixed a rather nasty problem with the threaded name resolver
for Windows, that could lead to an Access Violation when the multi interface
was used due to an issue with how the resolver thread was and was not
terminated.
- Simon Josefsson brought a patch that allows curl to get built to use GNU GSS
instead of MIT/Heimdal for GSS capabilities.
Daniel (24 August 2005)
Daniel Stenberg
committed
- Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible
from the command line tool with --ignore-content-length. This will make it
easier to download files from Apache 1.x (and similar) servers that are
still having problems serving files larger than 2 or 4 GB. When this option
is enabled, curl will simply have to wait for the server to close the
connection to signal end of transfer. I wrote test case 269 that runs a
Daniel Stenberg
committed
simple test to verify that this works.
Daniel Stenberg
committed
Daniel Stenberg
committed
- (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed
the --logfile command line option to --log-file, and thus the test script
valgrind autodetection now has yet another version check to do and then it
alters the valgrind command line accordingly.
- Fixed CA cert verification using GnuTLS with the default bundle, which
Daniel Stenberg
committed
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
Ralph Mitchell reported.
Daniel (19 August 2005)
- Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the
SSL/TLS negotiation immediately after the TCP connect is done and not after
a few other commands have been sent like we did previously. I don't consider
this change necessary to obey the standards, I think this server is pickier
than what the specs allow it to be, but I can't see how this modified
libcurl code can add any problems to those who are interpreting the
standards more liberally.
Daniel Stenberg
committed
Daniel (17 August 2005)
- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
write the result to a given cookie jar and then never actually call
curl_easy_perform() - the given file(s) to read was never read but the
output file was written and thus it caused a "funny" result.
- While doing some tests for the bug above, I noticed that Firefox generates
large numbers (for the expire time) in the cookies.txt file and libcurl
didn't treat them properly. Now it does.
Daniel (15 August 2005)
- Added more verbose "warning" messages to the curl client for cases where it
fails to open/read files etc to help users diagnose why it doesn't do what
you'd expect it to. Converted lots of old messages to use the new generic
function I wrote for this purpose.
Daniel (13 August 2005)
- James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a
site responds with bad HTTP response that doesn't contain any header at all,
only a response body, and the write callback returns 0 to abort the
transfer, it didn't have any real effect but the write callback would be
called once more anyway.
Daniel (12 August 2005)
- Based on Richard Clayton's reports, I found out that using curl -d @filename
when 'filename' was not possible to access made curl use a GET request
instead.
- The time condition illegal syntax warning is now inhibited if -s is used.
Daniel (10 August 2005)
- Mario Schroeder found out that one of the debug callbacks calls that regards
SSL data with the CURLINFO_TEXT type claimed that the data was one byte
Loading full blame...