Skip to content
  1. May 18, 2009
  2. May 11, 2009
  3. May 08, 2009
  4. May 07, 2009
  5. May 04, 2009
  6. May 03, 2009
  7. May 01, 2009
  8. Apr 30, 2009
  9. Apr 29, 2009
  10. Apr 28, 2009
    • Daniel Stenberg's avatar
      - Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim · e01b7c1e
      Daniel Stenberg authored
        Chen pointed out how curl couldn't upload with resume when reading from a
        pipe.
      
        This ended up with the introduction of a new return code for the
        CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
        that libcurl may try to resolve the situation anyway. In our case this means
        libcurl will attempt to instead read that much data from the stream instead
        of seeking and that way curl can now upload with resume when data is read
        from a stream!
      e01b7c1e
  11. Apr 27, 2009
  12. Apr 23, 2009
  13. Apr 18, 2009
  14. Apr 17, 2009
  15. Apr 07, 2009
  16. Apr 06, 2009
  17. Mar 20, 2009
  18. Mar 18, 2009
  19. Mar 05, 2009
  20. Mar 03, 2009
  21. Mar 02, 2009
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
      curl-7_19_4
      042cc1f6
    • Daniel Stenberg's avatar
      the Eiffel binding · 4bc603a0
      Daniel Stenberg authored
      4bc603a0
  22. Feb 27, 2009
  23. Feb 23, 2009
  24. Feb 20, 2009