5 \___|\___/|_| \_\_____|
9 Daniel (16 January 2006)
10 - Bryan Henderson turned the 'initialized' variable for curl_global_init()
11 into a counter, and thus you can now do multiple curl_global_init() and you
12 are then supposed to do the same amount of calls to curl_global_cleanup().
13 Bryan has also updated the docs accordingly.
15 Daniel (13 January 2006)
16 - Andrew Benham fixed a race condition in the test suite that could cause the
17 test script to kill all processes in the current process group!
19 Daniel (12 January 2006)
22 Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
25 Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
26 previously overwrite internal memory and cause unpredicted behaviour!
28 Daniel (11 January 2006)
29 - I decided to document the "secret option" here now, as I've received *NO*
30 feedback at all on my mailing list requests from November 2005:
32 I'm looking for feedback and comments. I added some experimental code the
33 other day, that allows a libcurl user to select what method libcurl should
34 use to reach a file on a FTP(S) server.
36 This functionality is available in CVS code and in recent daily snapshots.
40 The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
41 the command line tool) and you set it to a long (there are currenly no
42 defines for the argument values, just plain numericals). You can set three
43 different "methods" that do this:
45 1 multicwd - like today, curl will do a single CWD operation for each path
46 part in the given URL. For deep hierarchies this means very many
47 commands. This is how RFC1738 says it should be done. This is the
50 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
51 a full path to the server.
53 3 singlecwd - make one CWD with the full target directory and then operate
54 on the file "normally".
56 (With the command line tool you do --ftp-method [METHOD], where [METHOD] is
57 one of "multicwd", "nocwd" or "singlecwd".)
59 What feedback I'm interested in:
61 1 - Do they work at all? Do you find servers where one of these don't work?
63 2 - What would proper names for the option and its arguments be, if we
64 consider this feature good enough to get included and documented in
67 3 - Should we make libcurl able to "walk through" these options in case of
68 (path related) failures, or should it fail and let the user redo any
71 (This option is not documented in any man page just yet since I'm not sure
72 these names will be used or if the functionality will end up exactly like
73 this. And for the same reasons we have no test cases for these yet.)
75 Daniel (10 January 2006)
76 - When using a bad path over FTP, as in when libcurl couldn't CWD into all
77 given subdirs, libcurl would still "remember" the full path as if it is the
78 current directory libcurl is in so that the next curl_easy_perform() would
79 get really confused if it tried the same path again - as it would not issue
80 any CWD commands at all, assuming it is already in the "proper" dir.
82 Starting now, a failed CWD command sets a flag that prevents the path to be
83 "remembered" after returning.
85 Daniel (7 January 2006)
86 - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
87 proxy actually used a new connection and not sent the second request on the
90 Daniel (6 January 2006)
91 - Alexander Lazic made the buildconf run the buildconf in the ares dir if that
92 is present instead of trying to mimic that script in curl's buildconf
95 Daniel (3 January 2006)
96 - Andres Garcia made the TFTP test server build with mingw.
98 Daniel (16 December 2005)
99 - Jean Jacques Drouin pointed out that you could only have a user name or
100 password of 127 bytes or less embedded in a URL, where actually the code
101 uses a 255 byte buffer for it! Modified now to use the full buffer size.
103 Daniel (12 December 2005)
104 - Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
106 Version 7.15.1 (7 December 2005)
108 Daniel (6 December 2005)
109 - Full text here: http://curl.haxx.se/docs/adv_20051207.html Pointed out by
114 libcurl's URL parser function can overflow a malloced buffer in two ways, if
115 given a too long URL.
117 These overflows happen if you
119 1 - pass in a URL with no protocol (like "http://") prefix, using no slash
120 and the string is 256 bytes or longer. This leads to a single zero byte
121 overflow of the malloced buffer.
123 2 - pass in a URL with only a question mark as separator (no slash) between
124 the host and the query part of the URL. This leads to a single zero byte
125 overflow of the malloced buffer.
127 Both overflows can be made with the same input string, leading to two single
128 zero byte overwrites.
130 The affected flaw cannot be triggered by a redirect, but the long URL must
131 be passed in "directly" to libcurl. It makes this a "local" problem. Of
132 course, lots of programs may still pass in user-provided URLs to libcurl
133 without doing much syntax checking of their own, allowing a user to exploit
136 There is no known exploit at the time of this writing.
139 Daniel (2 December 2005)
140 - Jamie Newton pointed out that libcurl's file:// code would close() a zero
141 file descriptor if given a non-existing file.
143 Daniel (24 November 2005)
144 - Doug Kaufman provided a set of patches to make curl build fine on DJGPP
145 again using configure.
147 - Yang Tse provided a whole series of patches to clear up compiler warnings on
150 Daniel (17 November 2005)
151 - I extended a patch from David Shaw to make libcurl _always_ provide an error
152 string in the given error buffer to address the flaw mention on 21 sep 2005.
154 Daniel (16 November 2005)
155 - Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get
156 installed on 'make install' time.
158 Daniel (14 November 2005)
159 - Quagmire reported that he needed to raise a NTLM buffer for SSPI to work
160 properly for a case, and so we did. We raised it even for non-SSPI builds
161 but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715
163 - Jan Kunder's debian bug report
164 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird
165 error message for when you try to upload a file and the requested directory
166 doesn't exist on the target server.
168 - Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in
169 lib/memdebug.h that showed up in his msvc builds.
171 Daniel (13 November 2005)
172 - Debian bug report 338681 by Jan Kunder: make curl better detect and report
173 bad limit-rate units:
174 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return
175 error if a bad unit is used.
177 - Thanks to this nice summary of poll() implementations:
178 http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene
179 Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote
180 connectin closure so we check for that case (too) and re-enable poll for
183 Daniel (12 November 2005)
184 - Eugene Kotlyarov found out that cygwin's poll() function isn't doing things
185 right: http://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable
186 poll() and use select() on cygwin too (we already do the same choice on Mac
189 - Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
190 client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
192 Daniel (10 November 2005)
193 - David Lang fixed IPv6 support for TFTP!
195 - Introducing range stepping to the curl globbing support. Now you can specify
196 step counter by adding :[num] within the brackets when specifying a range:
201 If no step counter is set, it defaults to 1 as before:
206 Daniel (8 November 2005)
207 - Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since
208 we really have no use for reverse lookups of the address.
210 I truly hope these are the last reverse lookups we had lingering in the
213 - Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
214 version of libcurl with different Windows versions. Current version of
215 libcurl imports SSPI functions from secur32.dll. However, under Windows NT
216 4.0 these functions are located in security.dll, under Windows 9x - in
217 secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
218 just forwards calls to secur32.dll).
220 Dmitry's patch loads proper library dynamically depending on Windows
221 version. Function InitSecurityInterface() is used to obtain pointers to all
222 of SSPI function in one structure.
224 Daniel (31 October 2005)
225 - Vilmos Nebehaj improved libcurl's LDAP abilities:
227 The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary
228 attributes in LDAP objects. So, I made a quick patch to address these
231 The solution is simple: if we connect to an LDAP server, first try LDAPv3
232 (which is the preferred protocol as of now) and then fall back to LDAPv2.
233 In case of binary attributes, we first convert them to base64, just like the
234 openldap client does. It uses ldap_get_values_len() instead of
235 ldap_get_values() to be able to retrieve binary attributes correctly. I
236 defined the necessary LDAP macros in lib/ldap.c to be able to compile
237 libcurl without the presence of libldap
239 Daniel (27 October 2005)
240 - Nis Jorgensen filed bug report #1338648
241 (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a
242 feature request, but anyway. It pointed out that --max-redirs did not allow
243 it to be set to 0, which then would return an error code on the first
244 Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS
245 set to 0, or -1 for infinity. Added test case 274 to verify.
247 - tommink[at]post.pl reported in bug report #1337723
248 (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload
249 binary data from stdin on Windows if the data contained control-Z (hex 1a)
250 since that is treated as end-of-file when read in text mode. Gisle Vanem
251 pointed out the fix, and I made both -T and --data-binary take advantage of
254 - Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described
255 in the man page, curl would send an invalid HTTP Range: header. The correct
256 way would be to use "-r [number]-" or even "-r -[number]". Starting now,
257 curl will warn if this is discovered, and automatically append a dash to the
258 range before passing it to libcurl.
260 Daniel (25 October 2005)
261 - Amol Pattekar reported a bug with great detail and a fine example in bug
262 #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi
263 interface and connecting to a host with multiple IP addresses, and one of
264 the addresses fails to connect (the server must exist and respond, just not
265 accept connections) libcurl leaks a socket descriptor. Thanks to the fine
266 report, I could find and fix this.
268 Daniel (22 October 2005)
269 - Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report
270 #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL
271 stream from a server and the server requests a "rehandshake", the current
272 code simply returns this as an error. I have no good way to test this, but
273 I've added a crude attempt of dealing with this situation slightly better -
274 it makes a blocking handshake if this happens. Done like this because fixing
275 this the "proper" way (that would handshake asynchronously) will require
276 quite some work and I really need a good way to test this to do such a
279 Daniel (21 October 2005)
280 - "Ofer" reported a problem when libcurl re-used a connection and failed to do
281 it, it could then accidentally actually crash. Presumably, this concerns FTP
282 connections. http://curl.haxx.se/bug/view.cgi?id=1330310
284 - Temprimus improved the MSVC makefile so that the static debug SSL libs are
285 linked to the executable and not to the libcurld.lib
286 http://curl.haxx.se/bug/view.cgi?id=1326676
288 - Bradford Bruce made the windows resolver code properly return
289 CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving
290 errors (as documented).
292 Daniel (20 October 2005)
293 - Dave Dribin made libcurl understand and handle cases when the server
294 (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
295 never happen in a sane world, libcurl previously got into an infinite loop
296 when this occurred. Dave added test 273 to verify this.
298 - Temprimus improved the MSVC makefile: "makes a build option available so if
299 you set rtlibcfg=static for the make, then it would build with /MT. The
300 default behaviour is /MD (the original)."
301 http://curl.haxx.se/bug/view.cgi?id=1326665
303 Daniel (14 October 2005)
304 - Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin
305 reported, the define is used by the configure script and is assumed to use
306 the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0
309 Version 7.15.0 (13 October 2005)
311 Daniel (12 October 2005)
312 - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM
313 code that would overflow a buffer if given a too long user name or domain
314 name. This would happen if you enable NTLM authentication and either
316 A - pass in a user name and domain name to libcurl that together are longer
319 B - allow (lib)curl to follow HTTP "redirects" (Location: and the
320 appropriate HTTP 30x response code) and the new URL contains a URL with
321 a user name and domain name that together are longer than 192 bytes
323 See http://curl.haxx.se/docs/security.html for further details and updates
325 Daniel (5 October 2005)
326 - Darryl House reported a problem with using -z to download files from FTP.
327 It turned out that if the given time stamp was exact the same as the remote
328 time stamp, the file would still wrongly be downloaded. Added test case 272
331 Daniel (4 October 2005)
332 - Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes
333 from the configure script.
335 - Michael Wallner reported that the date parser had wrong offset stored for
336 the MEST and CEST time zones.
338 Daniel (27 September 2005)
339 - David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181)
340 that identified a silly problem with Content-Range: headers with the 'bytes'
341 keyword written in a different case than all lowercase! It would cause a
344 - TJ Saunders of the proftpd project identified and pointed out problems with
345 the modified FTPS negotiation change of August 19 2005. Thus, we revert the
346 change back to pre-7.14.1 status.
348 Daniel (21 September 2005)
349 - Fixed "cut off" sentence in the libcurl-tutorial man page:
350 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305
352 - Clarified in the curl_easy_setopt man page what the default
353 CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean:
354 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311
356 - Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER
357 sometimes doesn't fill in the buffer even though it is supposed to:
358 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313
360 - When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an
363 Daniel (19 September 2005)
364 - Dmitry Bartsevich made the SSPI support work on Windows 9x as well.
366 Daniel (15 September 2005)
367 - Added a TFTP server to the test suite and made the test suite capable of
370 Daniel (7 September 2005)
371 - Ben Madsen's detailed reports that funnily enough only occurred with certain
372 glibc versions turned out to be curl using an already closed file handle
373 during certain conditions (like when saving FTP server "headers").
375 - Scott Davis helped me track down a problem in the test HTTP server that made
376 test case 56 wrongly fail at times. It turned out it was due to the server
377 finding the end of a chunked-encoded POST too early.
379 Daniel (6 September 2005)
380 - Now curl warns if an unknown variable is used in the -w/--writeout argument.
382 Daniel (4 September 2005)
383 - I applied Nicolas François' man page patch he posted to the Debian bug
384 tracker. It corrected two lines that started with apostrophes, which isn't
385 legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511
387 - Added --ftp-skip-pasv-ip to the command line tool, that sets the new
388 CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control
389 connection's IP address when setting up the data connection instead of
390 extractting the IP address from the PASV response. It has turned out this
391 feature is frequently needed by people to circumvent silly servers and silly
392 firewalls, especially when FTPS is used and the PASV command-response is
395 Sponsored by CU*Answers
397 Daniel (1 September 2005)
398 - John Kelly added TFTP support to libcurl. A bunch of new error codes was
399 added. TODO: add them to docs. add TFTP server to test suite. add TFTP to
400 list of protocols whereever those are mentioned.
402 Version 7.14.1 (1 September 2005)
404 Daniel (29 August 2005)
405 - Kevin Lussier pointed out a problem with curllib.dsp and how to fix it.
407 - Igor Polyakov fixed a rather nasty problem with the threaded name resolver
408 for Windows, that could lead to an Access Violation when the multi interface
409 was used due to an issue with how the resolver thread was and was not
412 - Simon Josefsson brought a patch that allows curl to get built to use GNU GSS
413 instead of MIT/Heimdal for GSS capabilities.
415 Daniel (24 August 2005)
416 - Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible
417 from the command line tool with --ignore-content-length. This will make it
418 easier to download files from Apache 1.x (and similar) servers that are
419 still having problems serving files larger than 2 or 4 GB. When this option
420 is enabled, curl will simply have to wait for the server to close the
421 connection to signal end of transfer. I wrote test case 269 that runs a
422 simple test to verify that this works.
424 - (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed
425 the --logfile command line option to --log-file, and thus the test script
426 valgrind autodetection now has yet another version check to do and then it
427 alters the valgrind command line accordingly.
429 - Fixed CA cert verification using GnuTLS with the default bundle, which
430 previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
431 Ralph Mitchell reported.
433 Daniel (19 August 2005)
434 - Norbert Novotny had problems with FTPS and he helped me work out a patch
435 that made curl run fine in his end. The key was to make sure we do the
436 SSL/TLS negotiation immediately after the TCP connect is done and not after
437 a few other commands have been sent like we did previously. I don't consider
438 this change necessary to obey the standards, I think this server is pickier
439 than what the specs allow it to be, but I can't see how this modified
440 libcurl code can add any problems to those who are interpreting the
441 standards more liberally.
443 Daniel (17 August 2005)
444 - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
445 CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
446 write the result to a given cookie jar and then never actually call
447 curl_easy_perform() - the given file(s) to read was never read but the
448 output file was written and thus it caused a "funny" result.
450 - While doing some tests for the bug above, I noticed that Firefox generates
451 large numbers (for the expire time) in the cookies.txt file and libcurl
452 didn't treat them properly. Now it does.
454 Daniel (15 August 2005)
455 - Added more verbose "warning" messages to the curl client for cases where it
456 fails to open/read files etc to help users diagnose why it doesn't do what
457 you'd expect it to. Converted lots of old messages to use the new generic
458 function I wrote for this purpose.
460 Daniel (13 August 2005)
461 - James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a
462 site responds with bad HTTP response that doesn't contain any header at all,
463 only a response body, and the write callback returns 0 to abort the
464 transfer, it didn't have any real effect but the write callback would be
465 called once more anyway.
467 Daniel (12 August 2005)
468 - Based on Richard Clayton's reports, I found out that using curl -d @filename
469 when 'filename' was not possible to access made curl use a GET request
472 - The time condition illegal syntax warning is now inhibited if -s is used.
474 Daniel (10 August 2005)
475 - Mario Schroeder found out that one of the debug callbacks calls that regards
476 SSL data with the CURLINFO_TEXT type claimed that the data was one byte
477 larger than it actually is, thus falsely telling the application that the
478 terminating zero was part of the data.
480 Daniel (9 August 2005)
481 - Christopher R. Palmer fixed the offsets used for date parsings when the time
482 zone name of a daylight savings time was used. For example, PDT vs PDS. This
483 flaw was introduced with the new date parser (11 sep 2004 - 7.12.2).
484 Fortunately, no web server or cookie string etc should be using such time
485 zone names thus limiting the effect of this bug.
487 Daniel (8 August 2005)
488 - Jon Grubbs filed bug report #1249962
489 (http://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem
490 with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly
491 switches to pure HTTP internally when an HTTP proxy is used, even for FTP
492 URLs. The problem would also occur with other multi-pass auth methods.
494 Daniel (7 August 2005)
495 - When curl is built with GnuTLS, curl-config didn't include "SSL" when
498 Daniel (28 July 2005)
499 - If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is
500 set to 1, CURLOPT_NOBODY will now automatically be set to 0.
502 Daniel (27 July 2005)
503 - Dan Fandrich changes over the last week: fixed numerous minor configure
504 option parsing flaws: --without-gnutls, --without-spnego --without-gssapi
505 and --without-krb4. Spellfixed several error messages.
507 - Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a
508 simple interface to extracting and setting cookies in libcurl's internal
509 "cookie jar". See the new cookie_interface.c example code.
511 Daniel (13 July 2005)
512 - Diego Casorran provided patches to make curl build fine on Amiga again.
514 Daniel (12 July 2005)
515 - Adrian Schuur added trailer support in the chunked encoding stream. The
516 trailer is then sent to the normal header callback/stream. I wrote up test
517 case 266 to verify the basic functionality. Do note that test case 34
518 contains a flawed chunked encoding stream that still works the same.
521 - Gisle Vanem came up with a nice little work-around for bug #1230118
522 (http://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC)
523 libc time functions may return data one hour off if TZ is not set and
524 automatic DST adjustment is enabled. This made curl_getdate() return wrong
525 value, and it also concerned internal cookie expirations etc.
528 - Andrew Bushnell provided enough info for me to tell that we badly needed to
529 fix the CONNECT authentication code with multi-pass auth methods (such as
530 NTLM) as it didn't previously properly ignore response-bodies - in fact it
531 stopped reading after all response headers had been received. This could
532 lead to libcurl sending the next request and reading the body from the first
533 request as response to the second request. (I also renamed the function,
534 which wasn't strictly necessary but...)
536 The best fix would to once and for all make the CONNECT code use the
537 ordinary request sending/receiving code, treating it as any ordinary request
538 instead of the special-purpose function we have now. It should make it
539 better for multi-interface too. And possibly lead to less code...
541 Added test case 265 for this. It doesn't work as a _really_ good test case
542 since the test proxy is too stupid, but the test case helps when running the
545 Daniel (30 June 2005)
546 - Dan Fandrich improved the configure script's ability to figure out what kind
547 of strerror_r() API that is used when cross-compiling. If __GLIB__ is
548 defined, it assumes the glibc API. If not, it issues a notice as before that
549 the user needs to manually edit lib/config.h for this.
551 Daniel (23 June 2005)
552 - David Shaw's fix that unifies proxy string treatment so that a proxy given
553 with CURLOPT_PROXY can use a http:// prefix and user + password. The user
554 and password fields are now also URL decoded properly. Test case 264 added
557 Daniel (22 June 2005)
558 - David Shaw updated libcurl.m4
560 Daniel (14 June 2005)
561 - Gisle Vanem fixed a potential thread handle leak. Bug report #1216500
562 (http://curl.haxx.se/bug/view.cgi?id=1216500). Comment in
563 http://curl.haxx.se/mail/lib-2005-06/0059.html
565 Daniel (13 June 2005)
566 - Made buildconf run libtoolize in the ares dir too (inspired by Tupone's
570 - Incorporated Tupone's findtool fix in buildconf (slightly edited)
572 - Incorporated Tupone's head -n fix in buildconf.
575 - Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it
576 in pieces, one by one and see what we need to adjust to work all over.
579 - Tupone Alfredo fixed three problems in buildconf:
581 1) findtool does look per tool in PATH and think ./perl is the perl
582 executable, while is just a local directory (I have . in the PATH)
584 2) I got several warning for head -1 deprecated in favour of head -n 1
586 3) ares directory is missing some file (missing is missing :-) ) because
587 automake and friends is not run.
590 - Added docs/libcurl/getinfo-times, based on feedback from 'Edi':
591 http://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes
593 - Andres Garcia provided yet another text mode patch for several test cases so
594 that they do text comparisions better on Windows (newline-wise).
597 - The configure check for c-ares now adds the cares lib before the other libs,
598 to make it build fine with mingw. Inspired by Tupone Alfredo's bug report
599 and patch: http://curl.haxx.se/bug/view.cgi?id=1212940
602 - Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6
603 address was not possible to use. It is now, but requires it written
604 RFC2732-style, within brackets - which incidently is how you enter numerical
605 IPv6 addresses in URLs. Test case 263 added to verify.
608 - Eric Cooper reported about a problem with HTTP servers that responds with
609 binary zeroes within the headers. They confused libcurl to do wrong so the
610 downloaded headers become incomplete. The fix is now verified with test case
611 262. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948
614 - Fixed problems with the test suite, and in particular the FTP test cases
615 since it previously was failing every now and then in a nonsense manner.
617 - --trace-time now outputs the full microsecond, all 6 digits.
620 - Andres Garcia provided a text mode patch for several test cases so that they
621 do text comparisions better on Windows (newline-wise).
623 - Any 2xx response (and not just 200) is now considered a fine response to
624 TYPE, as some servers obviously sends a 226 there. Added test case 261 to
625 verify. Based on a question/report by Georg Wicherski.
628 - Improved runtests.pl to allow stdout tests to be mode=text as well, just
629 as file comparisons already supports. Added this info to the FILEFORMAT
633 - John McGowan identified a problem in bug report #1204435
634 (http://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like
635 "http://somehost?data" as it added a slash too much in the request ("GET
636 /?data/"...). Added test case 260 to verify.
638 - The configure check for strerror_r() failed to detect the proper API at
639 times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc
640 version if the posix define wasn't set (since it _had_ found a strerror_r).
643 - The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail
644 due to this. There's now a configure check that attempts to detect the bad
645 function and not use it on such systems.
647 Version 7.14.0 (16 May 2005)
650 - Grigory Entin reported that curl's configure detects a fine poll() for Mac
651 OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable
652 doesn't work as good as if built without poll(). I've adjusted the configure
653 to always skip the fine-poll() test on Mac OS X (darwin).
656 - When doing a second request (after a disconnect) using the same easy handle,
657 over a proxy that uses NTLM authentication, libcurl failed to use NTLM again
658 properly (the auth method was accidentally reset to the same as had been set
659 for host auth, which defaults to Basic). Bug report #1200661
660 (http://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and
663 - If -z/--time-cond is used with an invalid date syntax, this is no longer
664 silently discarded. Instead a proper warning message is diplayed that
665 informs about it. But it still continues without the condition.
667 Version 7.14.0-pre2 (11 May 2005)
670 - Starting now, libcurl sends a little different set of headers in its default
673 A) Normal non-proxy HTTP:
674 - no more "Pragma: no-cache" (this only makes sense to proxies)
676 B) Non-CONNECT HTTP request over proxy:
677 - "Pragma: no-cache" is used (like before)
678 - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies)
680 C) CONNECT HTTP request over proxy:
681 - "Host: [name]:[port]"
682 - "Proxy-Connection: Keep-alive"
684 The A) case is mostly to reduce the default header size and remove a
687 The B) is to address (rare) problems with HTTP 1.0 proxies
689 The C) headers are both to address (rare) problems with some proxies. The
690 code in libcurl that deals with CONNECT requests need a rewrite, but it
691 feels like a too big a job for me to do now. Details are added in the code
694 Updated a large amount of test cases to reflect the news.
697 - Half-baked attempt to bail out if select() returns _only_ errorfds when the
698 transfer is in progress. An attempt to fix Allan's problem. See
699 http://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread
702 I'm still not sure this is the right fix, but...
704 Version 7.14.0-pre1 (9 May 2005)
707 - Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At
708 least it should no longer cause a compiler error. However, it does not have
709 AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it
710 (we use that for FTP PORT/EPRT)! So, I modified the configure check that
711 checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then
712 it'll fail on AIX 4.3 and it will automatically build with IPv6 support
715 - Added --trace-time that when used adds a time stamp to each trace line that
716 --trace, --trace-ascii and --verbose output. I also made the '>' display
717 separate each line on the linefeed so that HTTP requests etc look nicer in
720 - Made curl recognize the environment variables Lynx (and others?) support for
721 pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If
722 CURL_CA_BUNDLE is not set, they are checked afterwards.
724 Like before: on windows if none of these are set, it checks for the ca cert
727 1. application's directory
728 2. current working directory
729 3. Windows System directory (e.g. C:\windows\system32)
730 4. Windows Directory (e.g. C:\windows)
731 5. all directories along %PATH%
734 - The runtests.pl script now starts test servers by doing fork() and exec()
735 instead of the previous approach. This is less complicated and should
736 hopefully lead to less "leaked" servers (servers that aren't stopped
737 properly when the tests are stopped).
739 - Alexander Zhuravlev found a case when you did "curl -I [URL]" and it
740 complained on the chunked encoding, even though a HEAD should never return a
741 body and thus it cannot be a chunked-encoding problem!
743 Daniel (30 April 2005)
744 - Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using
745 --interface on an address that can't be bound.
747 Daniel (28 April 2005)
748 - Working on fixing up test cases to mark sections as 'mode=text' for things
749 that curl writes as text files, since then they can get different line
750 endings depending on OS. Andrés García helps me work this out.
752 Did lots of other minor tweaks on the test scripts to work better and more
753 reliably find test servers and also kill test servers.
755 - Dan Fandrich pointed out how the runtests.pl script killed the HTTP server
756 instead of the HTTPS server when closing it down.
758 Daniel (27 April 2005)
759 - Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two
760 more places. First, CURL_HOME is a new environment variable that is used
761 instead of HOME if it is set, to point out where the default config file
762 lives. If there's no config file in the dir pointed out by one of the
763 environment variables, the Windows version will instead check the same
764 directory the executable curl is located in.
766 Daniel (26 April 2005)
767 - Cory Nelson's work on nuking compiler warnings when building on x64 with
770 Daniel (25 April 2005)
771 - Fred New reported a bug where we used Basic auth and user name and password
772 in .netrc, and when following a Location: the subsequent requests didn't
773 properly use the auth as found in the netrc file. Added test case 257 to
776 - Based on feedback from Cory Nelson, I added some preprocessor magic in
777 */setup.h and */config-win32.h to build fine with VS2005 on x64.
779 Daniel (23 April 2005)
780 - Alex Suykov made the curl tool now assume that uploads using HTTP:// or
781 HTTPS:// are the only ones that show output and thus motivates a switched
782 off progress meter if the output is sent to the terminal. This makes FTP
783 uploads without '>', -o or -O show the progress meter.
785 Daniel (22 April 2005)
786 - Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static
789 - Andres Garcia fixed configure to set the proper define when building static
792 - --retry-delay didn't work.
794 Daniel (18 April 2005)
795 - Olivier reported that even though he used CURLOPT_PORT, libcurl clearly
796 still used the default port. He was right. I fixed the problem and added the
797 test cases 521, 522 and 523 to verify the fix.
799 - Toshiyuki Maezawa reported that when doing a POST with a read callback,
800 libcurl didn't properly send an Expect: 100-continue header. It does now.
802 - I committed by mig change in the test suite's FTP server that moves out all
803 socket/TCP code to a separate C program named sockfilt. And added 4 new
804 test cases for FTP over IPv6.
806 Daniel (8 April 2005)
807 - Cory Nelson reported a problem with a HTTP server that responded with a 304
808 response containing an "illegal" Content-Length: header, which was not
809 properly ignored by libcurl. Now it is. Test case 249 verifies.
811 Daniel (7 April 2005)
812 - Added ability to build and run with GnuTLS as an alternative to OpenSSL for
813 the secure layer. configure --with-gnutls enables with. Note that the
814 previous OpenSSL check still has preference and if it first detects OpenSSL,
815 it will not check for GnuTLS. You may need to explictly diable OpenSSL with
818 This work has been sponsored by The Written Word.
820 Daniel (5 April 2005)
821 - Christophe Legry fixed the post-upload check for FTP to not complain if the
822 upload was skipped due to a time-condition as set with
823 CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify.
825 Version 7.13.2 (5 April 2005)
827 Daniel (4 April 2005)
828 - Marcelo Juchem fixed the MSVC makefile for libcurl
830 - Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle
831 was killed before the threading resolver (windows only) still hadn't
834 - Hardeep Singh reported a problem doing HTTP POST with Digest. (It was
835 actually also affecting NTLM and Negotiate.) It turned out that if the
836 server responded with 100 Continue before the initial 401 response, libcurl
837 didn't take care of the response properly. Test case 245 and 246 added to
840 Daniel (30 March 2005)
841 - Andres Garcia modified the configure script to check for libgdi32 before
842 libcrypto, to make the SSL check work fine on msys/mingw.
844 Daniel (29 March 2005)
845 - Tom Moers identified a flaw when you sent a POST with Digest authentication,
846 as in the first request when curl sends a POST with Content-Length: 0, it
847 still forcibly closed the connection before doing the next step in the auth
850 - Jesper Jensen found out that FTP-SSL didn't work since my FTP
851 rewrite. Fixing that was easy, but it also revealed a much worse problem:
852 the FTP server response reader function didn't properly deal with reading
853 responses in multiple tiny chunks properly! I modified the FTP server to
854 allow it to produce such split-up responses to make sure curl deals with
857 - Based on Augustus Saunders' comments and findings, the HTTP output auth
858 function was fixed to use the proper proxy authentication when multiple ones
859 are accepted. test 239 and test 243 were added to repeat the problems and
862 --proxy-anyauth was added to the curl tool
864 Daniel (16 March 2005)
865 - Tru64 and some IRIX boxes seem to not like test 237 as it is. Their
866 inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted
867 address which makes a different failure... Now I've modified the ipv4
868 resolve code to use inet_pton() instead in an attempt to make these systems
869 better detect this as a bad IP address rather than creating a toally bogus
870 address that is then passed on and used.
872 Daniel (15 March 2005)
873 - Dan Fandrich made the code properly use the uClibc's version of
874 inet_ntoa_r() when built with it.
876 - Added test 237 and 238: test EPSV and PASV response handling when they get
877 well- formated data back but using illegal values. In 237 PASV gets an IP
878 address that is way bad. In 238 EPSV gets a port that is way out of range.
880 Daniel (14 March 2005)
881 - Added a few missing features to the curl-config --features list
883 - Modified testcurl.pl to now offer
884 1 - command line options for all info it previously only read from
885 file: --name, --email, --desc and --configure
886 2 - --nocvsup makes it not attempt to do cvs update
887 3 - --crosscompile informs it and makes it not attempt things it can't do
889 - Fixed numerous win32 compiler warnings.
891 - Removed the lib/security.h file since it shadowed the mingw/win32 header
892 with the same name which is needed for SSPI builds. The contents of the
893 former security.h is now i krb4.h
895 - configure --enable-sspi now enables SSPI in the build. It only works for
896 windows builds (including cross-compiles for windows).
898 Daniel (12 March 2005)
899 - David Houlder added --form-string that adds that string to a multipart
900 formpost part, without special characters having special meanings etc like
903 Daniel (11 March 2005)
904 - curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was
905 built with SSPI support.
907 - Christopher R. Palmer made it possible to build libcurl with the
908 USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the
909 native way to do NTLM. SSPI also allows libcurl to pass on the current user
910 and its password in the request.
912 Daniel (9 March 2005)
913 - Dan F improved the SSL lib setup in configure.
915 - Nodak Sodak reported a crash when using a SOCKS4 proxy.
917 - Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the
918 multi interface code.
920 - Adjusted the man page for the curl_getdate() return value for dates after
921 year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it
922 returns either the correct value or even -1 on some systems that still seem
923 to not deal with this properly. Tor Arntsen found a 64bit AIX system for us
924 that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on
925 this problem in the first place.
927 Daniel (8 March 2005)
928 - Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP
929 file got a Last-Modified: header written to the data stream, corrupting the
930 actual data. This was because some conditions from the previous FTP code was
931 not properly brought into the new FTP code. I fixed and I added test case
932 520 to verify. (This bug was introduced in 7.13.1)
934 - Dan Fandrich fixed the configure --with-zlib option to always consider the
935 given path before any standard paths.
937 Daniel (6 March 2005)
938 - Randy McMurchy was the first to report that valgrind.pm was missing from the
939 release archive and thus 'make test' fails.
941 Daniel (5 March 2005)
942 - Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files.
944 - Added test case 235 that makes a resumed upload of a file that isn't present
945 on the remote side. This then converts the operation to an ordinary STOR
946 upload. This was requested/pointed out by Ignacio Vazquez-Abrams.
948 It also proved (and I fixed) a bug in the newly rewritten ftp code (and
949 present in the 7.13.1 release) when trying to resume an upload and the
950 servers returns an error to the SIZE command. libcurl then loops and sends
951 SIZE commands infinitely.
953 - Dan Fandrich fixed a SSL problem introduced on February 9th that made
954 libcurl attempt to load the whole random file to seed the PRNG. This is
955 really bad since this turns out to be using /dev/urandom at times...
957 Version 7.13.1 (4 March 2005)
959 Daniel (4 March 2005)
960 - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
961 the cookie "engine" without having to provide an empty or non-existing file.
963 - Rene Rebe fixed a -# crash when more data than expected was retrieved.
965 Daniel (22 February 2005)
966 - NTLM and ftp-krb4 buffer overflow fixed, as reported here:
967 http://www.securityfocus.com/archive/1/391042 and the CAN report here:
968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
970 If these security guys were serious, we'd been notified in advance and we
971 could've saved a few of you a little surprise, but now we weren't.
973 Daniel (19 February 2005)
974 - Ralph Mitchell reported a flaw when you used a proxy with auth, and you
975 requested data from a host and then followed a redirect to another
976 host. libcurl then didn't use the proxy-auth properly in the second request,
977 due to the host-only check for original host name wrongly being extended to
978 the proxy auth as well. Added test case 233 to verify the flaw and that the
979 fix removed the problem.
981 Daniel (18 February 2005)
982 - Mike Dobbs reported a mingw build failure due to the lack of
983 BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
984 configure when mingw is used.
986 Daniel (17 February 2005)
987 - David in bug report #1124588 found and fixed a socket leak when libcurl
988 didn't close the socket properly when returning error due to failing
991 Daniel (16 February 2005)
992 - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
993 that picks NTLM. Thanks to David Byron letting me test NTLM against his
994 servers, I could quickly repeat and fix the problem. It turned out to be:
996 When libcurl POSTs without knowing/using an authentication and it gets back
997 a list of types from which it picks NTLM, it needs to either continue
998 sending its data if it keeps the connection alive, or not send the data but
999 close the connection. Then do the first step in the NTLM auth. libcurl
1000 didn't send the data nor close the connection but simply read the
1001 response-body and then sent the first negotiation step. Which then failed
1002 miserably of course. The fixed version forces a connection if there is more
1003 than 2000 bytes left to send.
1005 Daniel (14 February 2005)
1006 - The configure script didn't check for ENGINE_load_builtin_engines() so it
1009 Daniel (11 February 2005)
1010 - Removed all uses of strftime() since it uses the localised version of the
1011 week day names and month names and servers don't like that.
1013 Daniel (10 February 2005)
1014 - Now the test script disables valgrind-testing when the test suite runs if
1015 libcurl is built shared. Otherwise valgrind only tests the shell that runs
1016 the wrapper-script named 'curl' that is a front-end to curl in this case.
1017 This should also fix the huge amount of reports of false positives when
1018 valgrind has identified leaks in (ba)sh and not in curl and people report
1019 that as curl bugs. Bug report #1116672 is one example.
1021 Also, the valgrind report parser has been adapted to check that at least one
1022 of the sources in a stack strace is one of (lib)curl's source files or
1023 otherwise it will not consider the problem to concern (lib)curl.
1025 - Marty Kuhrt streamlined the VMS build.
1027 Daniel (9 February 2005)
1028 - David Byron fixed his SSL problems, initially mentioned here:
1029 http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
1030 SSL_pending() as we should.
1032 - Converted lots of FTP code to a statemachine, so that the multi interface
1033 doesn't block while communicating commands-responses with an FTP server.
1035 I've added a comment like BLOCKING in the code on all spots I could find
1036 where we still have blocking operations. When we change curl_easy_perform()
1037 to use the multi interface, we'll also be able to simplify the code since
1038 there will only be one "internal interface".
1040 While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
1041 new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
1042 like changing directory or retrieving a file, while the second means that we
1045 The CVS tag 'before_ftp_statemachine' was set just before this went in, in
1046 case of future need.
1048 - Gisle made the DICT code send CRLF and not just LF as the spec says so.
1050 Daniel (8 February 2005)
1051 - Gisle fixed problems when libcurl runs out of memory, and worked on making
1052 sure the proper error code is returned for those occations.
1054 Daniel (7 February 2005)
1055 - Maruko pointed out a problem with inflate decompressing exactly 64K
1058 Daniel (5 February 2005)
1059 - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
1060 PORT on ipv6-enabled hosts.
1062 - David Byron pointed out we could use BUFSIZE to read data (in
1063 lib/transfer.c) instead of using BUFSIZE -1.
1065 Version 7.13.0 (1 February 2005)
1067 Daniel (31 January 2005)
1068 - Added Lars Nilsson's htmltitle.cc example
1070 Daniel (30 January 2005)
1071 - Fixed a memory leak when using the multi interface and the DO operation
1072 failed (as in test case 205).
1074 - Fixed a valgrind warning for file:// operations.
1076 - Fixed a valgrind report in the url globbing code for the curl command line
1079 - Bugfixed the parser that scans the valgrind report outputs (in runtests.pl).
1080 I noticed that it previously didn't detect and report the "Conditional jump
1081 or move depends on uninitialised value(s)" error. When I fixed this, I
1082 caught a few curl bugs with it. And then I had to spend time to make the
1083 test suite IGNORE these errors when OpenSSL is used since it produce massive
1084 amounts of valgrind warnings (but only of the "Conditional..." kind it
1085 seems). So, if a test that requires SSL is run, it ignores the
1086 "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead
1089 Daniel (29 January 2005)
1090 - Using the multi interface, and doing a requsted a re-used connection that
1091 gets closed just after the request has been sent failed and did not re-issue
1092 a request on a fresh reconnect like the easy interface did. Now it does!
1094 - Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use
1095 my new curl_easy_perform() that uses the multi interface to run the
1096 request. It is a great testbed for the multi interface and I believe we
1097 shall do it this way for real in the future when we have a successor to
1098 curl_multi_fdset(). I've used this approach to detect and fix several of the
1099 recent multi-interfaces issues.
1101 - Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some
1104 - multi interface: when a request is denied due to "Maximum redirects
1105 followed" libcurl leaked the last Location: URL.
1107 - Connect failures with the multi interface was often returned as "connect()
1108 timed out" even though the reason was different.
1110 Daniel (28 January 2005)
1111 - KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
1112 curl_easy_perform() invokes. It was previously unlocked at disconnect, which
1113 could mean that it remained locked between multiple transfers. The DNS cache
1114 may not live as long as the connection cache does, as they are separate.
1116 To deal with the lack of DNS (host address) data availability in re-used
1117 connections, libcurl now keeps a copy of the IP adress as a string, to be
1118 able to show it even on subsequent requests on the same connection.
1120 The problem could be made to appear with this stunt:
1122 1. create a multi handle
1123 2. add an easy handle
1124 3. fetch a URL that is persistent (leaves the connection alive)
1125 4. remove the easy handle from the multi
1126 5. kill the multi handle
1127 6. create a multi handle
1128 7. add the same easy handle to the new multi handle
1129 8. fetch a URL from the same server as before (re-using the connection)
1131 - Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
1132 when built ipv6-enabled. I've now made a fix for it. Writing test cases for
1133 custom port hosts turned too tricky so unfortunately there's none.
1135 Daniel (25 January 2005)
1136 - Ian Ford asked about support for the FTP command ACCT, and I discovered it
1137 is present in RFC959... so now (lib)curl supports it as well. --ftp-account
1138 and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an
1139 account string after PASS have been sent away. The client responds
1140 with "ACCT [account string]".) Added test case 228 and 229 to verify the
1141 functionality. Updated the test FTP server to support ACCT somewhat.
1143 - David Shaw contributed a fairly complete and detailed autoconf test you can
1144 use to detect libcurl and setup variables for the protocols the installed
1145 libcurl supports: docs/libcurl/libcurl.m4
1147 Daniel (21 January 2005)
1148 - Major FTP third party transfer overhaul.
1150 These four options are now obsolete: CURLOPT_SOURCE_HOST,
1151 CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before)
1152 and CURLOPT_PASV_HOST.
1154 These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE.
1156 The target-side didn't use the proper path with RETR, and thus this only
1157 worked correctly in the login path (i.e without doing any CWD). The source-
1158 side still uses a wrong path, but the fix for this will need to wait. Verify
1159 the flaw by using a source URL with included %XX-codes.
1161 Made CURLOPT_FTPPORT control weather the target operation should use PORT
1162 (or not). The other side thus uses passive (PASV) mode.
1164 Updated the ftp3rdparty.c example source to use the updated options.
1166 Added support for a second FTP server in the test suite. Named... ftp2.
1167 Added test cases 230, 231 and 232 as a few first basic tests of very simple
1168 3rd party transfers.
1170 Changed the debug output to include 'target' and 'source' when a 3rd party
1171 is being made, to make it clearer what commands/responses came on what
1174 Added three new command line options: --3p-url, --3p-user and --3p-quote.
1176 Documented the command line options and the curl_easy_setopt options related
1177 to third party transfers.
1179 (Temporarily) disabled the ability to re-use an existing connection for the
1180 source connection. This is because it needs to force a new in case the
1181 source and target is the same host, and the host name check is trickier now
1182 when the source is identified with a full URL instead of a plain host name
1185 TODO (short-term) for 3rd party transfers: quote support. The options are
1186 there, we need to add test cases to verify their functionality.
1188 TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc)
1189 and SSL/TSL support.
1191 Daniel (20 January 2005)
1192 - Philippe Hameau found out that -Q "+[command]" didn't work, although some
1193 code was written for it. I fixed and added test case 227 to verify it.
1194 The curl.1 man page didn't mention the '+' so I added it.
1196 Daniel (19 January 2005)
1197 - Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
1198 contains %0a or %0d in the user, password or CWD parts. (A future fix would
1199 include doing it for %00 as well - see KNOWN_BUGS for details.) Test case
1200 225 and 226 were added to verify this
1202 - Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:
1204 1) the proxy environment variables are still read and used to set HTTP proxy
1206 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
1207 disabled). This is important since apps may want to disable HTTP proxy
1208 without actually knowing if libcurl was built to disable HTTP or not.
1210 Based on Stephan's patch, both these issues should now be fixed.
1212 Daniel (18 January 2005)
1213 - Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was
1216 Daniel (16 January 2005)
1217 - Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl
1218 assumed this used the DICT protocol. While guessing protocols will remain
1219 fuzzy, I've now made sure that the host names must start with "[protocol]."
1220 for them to be a valid guessable name. I also removed "https" as a prefix
1221 that indicates HTTPS, since we hardly ever see any host names using that.
1223 Daniel (13 January 2005)
1224 - Inspired by Martijn Koster's patch and example source at
1225 http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the
1226 select() and poll() calls properly loop if they return -1 and errno is
1227 EINTR. glibc docs for this is found here:
1228 http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html
1230 This last link says BSD doesn't have this "effect". Will there be a problem
1231 if we do this unconditionally?
1233 Daniel (11 January 2005)
1234 - Dan Torop cleaned up a few no longer used variables from David Phillips'
1235 select() overhaul fix.
1237 - Cyrill Osterwalder posted a detailed analysis about a bug that occurs when
1238 using a custom Host: header and curl fails to send a request on a re-used
1239 persistent connection and thus creates a new connection and resends it. It
1240 then sent two Host: headers. Cyrill's analysis was posted here:
1241 http://curl.haxx.se/mail/archive-2005-01/0022.html
1243 - Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5
1244 problem with the version byte and the check for bad versions. Bruce has lots
1245 of clues on this, and based on his suggestion I've now removed the check of
1246 that byte since it seems to be able to contain 1 or 5.
1248 Daniel (10 January 2005)
1249 - Pavel Orehov reported memory problems with the multi interface in bug report
1250 #1098843. In short, a shared DNS cache was setup for a multi handle and when
1251 the shared cache was deleted before the individual easy handles, the latter
1252 cleanups caused read/writes to already freed memory.
1254 - Hzhijun reported a memory leak in the SSL certificate code, that leaked the
1255 remote certificate name when it didn't match the used host name.
1257 Gisle (8 January 2005)
1258 - Added Makefile.Watcom files (src/lib). Updated Makefile.dist.
1260 Daniel (7 January 2005)
1261 - Improved the test script's valgrind log parser to actually work! Also added
1262 the ability to disable the log scanner for specific test cases. Test case
1263 509 results in numerous problems and leaks in OpenSSL and has to get it
1266 Daniel (6 January 2005)
1267 - Fixed a single-byte read out of bounds in test case 39 in the curl tool code
1268 (i.e not in the library).
1270 - Bug report #1097019 identified a problem when doing -d "data" with -G and
1271 sending it to two URLs with {}. Added test 199 to verify the fix.
1273 Daniel (4 January 2005)
1274 - Marty Kuhrt adjusted a VMS build script slightly
1276 - Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on
1279 Daniel (2 January 2005)
1280 - Alex Neblett updated the MSVC makefiles slightly.