- Mar 08, 2009
-
-
http://curl.haxx.se/bug/view.cgi?id=2671602Daniel Stenberg authored
curl didn't use sprintf() in a way that is documented to work in POSIX but since we use our own printf() code (from libcurl) that shouldn't be a problem. Nonetheless I modified the code to not rely on such particular features and to not cause further raised eyebrowse with no good reason.
-
- Mar 05, 2009
-
-
Dan Fandrich authored
more issues for authors to consider when writing robust libcurl-using applications.
-
Yang Tse authored
-
- Mar 04, 2009
-
-
Dan Fandrich authored
by Daniel Johnson.
-
- Mar 03, 2009
-
-
Daniel Stenberg authored
on curl-users, it is also added to DISABLED since I don't have time to work on it further right now.
-
Daniel Stenberg authored
whenever you attempt to open a new connection.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
binary it also removes the include/curl subdir!
-
Patrick Monnerat authored
Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated definitions added to RPG binding
-
- Mar 02, 2009
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Mar 01, 2009
-
-
Daniel Stenberg authored
too close to release now
-
- Feb 28, 2009
- Feb 27, 2009
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by Markus Koetter Both are now committed
-
Daniel Stenberg authored
CURLOPT_LOCALPORT were used together (the local port bind failed), and Markus Koetter provided the fix!
-
Daniel Stenberg authored
-
- Feb 25, 2009
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
curl_global_init() function to properly maintain the performing functions thread-safe. We've previously (28 April 2007) moved the init to a later time just to avoid it to fail very early when libgcrypt dislikes the situation, but that move was bad and the fix should rather be in libgcrypt or elsewhere.
-
- Feb 24, 2009
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
without involving CVS: diff -X diff-exclude -ru curl-old curl-patched
-
Daniel Stenberg authored
It happened because the code used the struct for server-based auth all the time for both proxy and server auth which of course was wrong.
-
- Feb 23, 2009
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return -1 if the sizes aren't know. Previously these returned 0, make it impossible to detect the difference between actually zero and unknown.
-
Daniel Stenberg authored
220 - Take advantage of libssh2_version() that's been added for the upcoming 1.1, to extract the run-time version number properly.
-
Yang Tse authored
-
Yang Tse authored
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
-
Daniel Stenberg authored
-
Daniel Stenberg authored
to the proper 'libcurl' as clearly this caused confusion.
-
Daniel Stenberg authored
files
-
Yang Tse authored
-
- Feb 20, 2009
-
-
Daniel Stenberg authored
-
Yang Tse authored
-
Yang Tse authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
FTP with the multi interface: when a transfer fails, like when aborted by a write callback, the control connection was wrongly closed and thus not re-used properly. This change is also an attempt to cleanup the code somewhat in this area, as now the FTP code attempts to keep (better) track on pending responses necessary to get read in ftp_done().
-