Skip to content
  1. Apr 30, 2009
  2. Apr 29, 2009
    • Daniel Stenberg's avatar
      - Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219) · e2c6e005
      Daniel Stenberg authored
        I've now made TFTP "connections" not being kept for re-use within libcurl.
        TFTP is UDP-based so the benefit was really low (if even existing) to begin
        with so instead of tracking down to fix this problem we instead removed the
        re-use. I also enabled test case 1099 that I wrote a few days ago to verify
        that this change fixes the reported problem.
      e2c6e005
  3. Apr 28, 2009
  4. Apr 26, 2009
  5. Apr 24, 2009
  6. Apr 23, 2009
  7. Apr 21, 2009
  8. Apr 20, 2009
  9. Apr 17, 2009
    • Daniel Stenberg's avatar
      - Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP · 30f7a2ff
      Daniel Stenberg authored
        proxy. libcurl would then wrongly close the connection after each
        request. In his case it had the weird side-effect that it killed NTLM auth
        for the proxy causing an inifinite loop!
      
        I added test case 1098 to verify this fix. The test case does however not
        properly verify that the transfers are done persistently - as I couldn't
        think of a clever way to achieve it right now - but you need to read the
        stderr output after a test run to see that it truly did the right thing.
      30f7a2ff
  10. Apr 13, 2009
  11. Apr 11, 2009
  12. Apr 10, 2009
  13. Apr 08, 2009
  14. Apr 06, 2009
  15. Apr 02, 2009
    • Yang Tse's avatar
      Fix curl_off_t definition for builds done using Sun compilers and a · 168fb3a8
      Yang Tse authored
      non-configured libcurl. In this case curl_off_t data type was gated
      to the off_t data type which depends on the _FILE_OFFSET_BITS. This
      configuration is exactly the unwanted configuration for our curl_off_t
      data type which must not depend on such setting. This breaks ABI for
      libcurl libraries built with Sun compilers which were built without
      having run the configure script with _FILE_OFFSET_BITS different than
      64 and using the ILP32 data model.
      168fb3a8
  16. Apr 01, 2009
  17. Mar 31, 2009
  18. Mar 18, 2009
  19. Mar 13, 2009
  20. Mar 12, 2009
  21. Mar 11, 2009
  22. Mar 10, 2009
  23. Mar 09, 2009
    • Daniel Stenberg's avatar
      - Frank Hempel found out a bug and provided the fix: · bdec6f2b
      Daniel Stenberg authored
        curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
        option. It only enabled the cookie engine in the destination handle if
        data->cookies is not NULL (where data is the source handle). In case of a
        newly initialized handle which just had the cookie support enabled by a
        curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
        still NULL because the setopt-call only appends the value to
        data->change.cookielist, hence duplicating this handle would not have the
        cookie engine switched on.
      
        We also concluded that the slist-functionality would be suitable for being
        put in its own module rather than simply hanging out in lib/sendf.c so I
        created lib/slist.[ch] for them.
      bdec6f2b
    • Daniel Stenberg's avatar
      - Andreas Farber made the 'buildconf' script check for the presence of m4 · c86c294f
      Daniel Stenberg authored
        scripts to make it detect a bad checkout earlier. People with older
        checkouts who don't do cvs update with the -d option won't get the new dirs
        and then will get funny outputs that can be a bit hard to understand and
        fix.
      c86c294f
  24. Mar 08, 2009
  25. Mar 05, 2009
  26. Mar 04, 2009
  27. Mar 03, 2009
  28. Mar 02, 2009
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
      curl-7_19_4
      042cc1f6
  29. Feb 27, 2009
  30. Feb 25, 2009
    • Daniel Stenberg's avatar
      - As Daniel Fandrich figured out, we must do the GnuTLS initing in the · d207ea16
      Daniel Stenberg authored
        curl_global_init() function to properly maintain the performing functions
        thread-safe. We've previously (28 April 2007) moved the init to a later time
        just to avoid it to fail very early when libgcrypt dislikes the situation,
        but that move was bad and the fix should rather be in libgcrypt or
        elsewhere.
      d207ea16