Skip to content
  1. Apr 02, 2009
  2. Apr 01, 2009
  3. Mar 31, 2009
  4. Mar 29, 2009
  5. Mar 20, 2009
  6. Mar 18, 2009
  7. Mar 15, 2009
    • Gisle Vanem's avatar
      · 0ac8e1d8
      Gisle Vanem authored
      If CURL_DISABLE_PROXY is defined, we must allow socks_sspi.c to call
      Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.
      0ac8e1d8
  8. Mar 13, 2009
  9. Mar 12, 2009
  10. Mar 11, 2009
  11. Mar 10, 2009
  12. Mar 09, 2009
    • Daniel Stenberg's avatar
      - Frank Hempel found out a bug and provided the fix: · bdec6f2b
      Daniel Stenberg authored
        curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
        option. It only enabled the cookie engine in the destination handle if
        data->cookies is not NULL (where data is the source handle). In case of a
        newly initialized handle which just had the cookie support enabled by a
        curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
        still NULL because the setopt-call only appends the value to
        data->change.cookielist, hence duplicating this handle would not have the
        cookie engine switched on.
      
        We also concluded that the slist-functionality would be suitable for being
        put in its own module rather than simply hanging out in lib/sendf.c so I
        created lib/slist.[ch] for them.
      bdec6f2b
    • Daniel Stenberg's avatar
      - Andreas Farber made the 'buildconf' script check for the presence of m4 · c86c294f
      Daniel Stenberg authored
        scripts to make it detect a bad checkout earlier. People with older
        checkouts who don't do cvs update with the -d option won't get the new dirs
        and then will get funny outputs that can be a bit hard to understand and
        fix.
      c86c294f
    • Dan Fandrich's avatar
      a9a03b97
  13. Mar 08, 2009
  14. Mar 05, 2009
  15. Mar 04, 2009
  16. Mar 03, 2009
  17. Mar 02, 2009
    • Daniel Stenberg's avatar
      start over on the journey towards 7.19.5 · a1f45555
      Daniel Stenberg authored
      a1f45555
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
      curl-7_19_4
      042cc1f6
    • Daniel Stenberg's avatar
      7.19.4 won't get anything else · 90b804d3
      Daniel Stenberg authored
      90b804d3