Skip to content
  1. Mar 15, 2009
    • Gisle Vanem's avatar
      · 0ac8e1d8
      Gisle Vanem authored
      If CURL_DISABLE_PROXY is defined, we must allow socks_sspi.c to call
      Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.
      0ac8e1d8
  2. Mar 13, 2009
  3. Mar 12, 2009
  4. Mar 11, 2009
  5. Mar 10, 2009
  6. Mar 09, 2009
    • Daniel Stenberg's avatar
      - Frank Hempel found out a bug and provided the fix: · bdec6f2b
      Daniel Stenberg authored
        curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
        option. It only enabled the cookie engine in the destination handle if
        data->cookies is not NULL (where data is the source handle). In case of a
        newly initialized handle which just had the cookie support enabled by a
        curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
        still NULL because the setopt-call only appends the value to
        data->change.cookielist, hence duplicating this handle would not have the
        cookie engine switched on.
      
        We also concluded that the slist-functionality would be suitable for being
        put in its own module rather than simply hanging out in lib/sendf.c so I
        created lib/slist.[ch] for them.
      bdec6f2b
    • Daniel Stenberg's avatar
      - Andreas Farber made the 'buildconf' script check for the presence of m4 · c86c294f
      Daniel Stenberg authored
        scripts to make it detect a bad checkout earlier. People with older
        checkouts who don't do cvs update with the -d option won't get the new dirs
        and then will get funny outputs that can be a bit hard to understand and
        fix.
      c86c294f
    • Dan Fandrich's avatar
      a9a03b97
  7. Mar 08, 2009
  8. Mar 05, 2009
  9. Mar 04, 2009
  10. Mar 03, 2009
  11. Mar 02, 2009
    • Daniel Stenberg's avatar
      start over on the journey towards 7.19.5 · a1f45555
      Daniel Stenberg authored
      a1f45555
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
      curl-7_19_4
      042cc1f6
    • Daniel Stenberg's avatar
      7.19.4 won't get anything else · 90b804d3
      Daniel Stenberg authored
      90b804d3
    • Daniel Stenberg's avatar
      the Eiffel binding · 4bc603a0
      Daniel Stenberg authored
      4bc603a0
  12. Mar 01, 2009
  13. Feb 28, 2009
  14. Feb 27, 2009
  15. Feb 25, 2009