5 \___|\___/|_| \_\_____|
9 Daniel (18 January 2006)
10 - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
11 the configure script complained about a missing "missing" script if you ran
12 configure within a path whose name included one or more spaces. This is due
13 to a flaw in automake (1.9.6 and earlier). I've now worked around it by
14 including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
15 be used instead of the one automake ships with. This kludge needs to be
16 removed once we get an automake version with this problem corrected.
17 Possibly we'll then need to convert this into a kludge depending on what
18 automake version that is used and that is gonna be painful and I don't even
19 want to think about that now...!
21 Daniel (17 January 2006)
22 - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
23 the latest features and protocols that libcurl supports and has a minor fix
24 to better deal with the obscure case where someone has more than one libcurl
25 installed at the same time.
27 Daniel (16 January 2006)
28 - David Shaw finally removed all traces of Gopher and we are now officially
29 not supporting it. It hasn't been functioning for years anyway, so this is
30 just finally stating what already was true. And a cleanup at the same time.
32 - Bryan Henderson turned the 'initialized' variable for curl_global_init()
33 into a counter, and thus you can now do multiple curl_global_init() and you
34 are then supposed to do the same amount of calls to curl_global_cleanup().
35 Bryan has also updated the docs accordingly.
37 Daniel (13 January 2006)
38 - Andrew Benham fixed a race condition in the test suite that could cause the
39 test script to kill all processes in the current process group!
41 Daniel (12 January 2006)
44 Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
47 Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
48 previously overwrite internal memory and cause unpredicted behaviour!
50 Daniel (11 January 2006)
51 - I decided to document the "secret option" here now, as I've received *NO*
52 feedback at all on my mailing list requests from November 2005:
54 I'm looking for feedback and comments. I added some experimental code the
55 other day, that allows a libcurl user to select what method libcurl should
56 use to reach a file on a FTP(S) server.
58 This functionality is available in CVS code and in recent daily snapshots.
62 The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
63 the command line tool) and you set it to a long (there are currenly no
64 defines for the argument values, just plain numericals). You can set three
65 different "methods" that do this:
67 1 multicwd - like today, curl will do a single CWD operation for each path
68 part in the given URL. For deep hierarchies this means very many
69 commands. This is how RFC1738 says it should be done. This is the
72 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
73 a full path to the server.
75 3 singlecwd - make one CWD with the full target directory and then operate
76 on the file "normally".
78 (With the command line tool you do --ftp-method [METHOD], where [METHOD] is
79 one of "multicwd", "nocwd" or "singlecwd".)
81 What feedback I'm interested in:
83 1 - Do they work at all? Do you find servers where one of these don't work?
85 2 - What would proper names for the option and its arguments be, if we
86 consider this feature good enough to get included and documented in
89 3 - Should we make libcurl able to "walk through" these options in case of
90 (path related) failures, or should it fail and let the user redo any
93 (This option is not documented in any man page just yet since I'm not sure
94 these names will be used or if the functionality will end up exactly like
95 this. And for the same reasons we have no test cases for these yet.)
97 Daniel (10 January 2006)
98 - When using a bad path over FTP, as in when libcurl couldn't CWD into all
99 given subdirs, libcurl would still "remember" the full path as if it is the
100 current directory libcurl is in so that the next curl_easy_perform() would
101 get really confused if it tried the same path again - as it would not issue
102 any CWD commands at all, assuming it is already in the "proper" dir.
104 Starting now, a failed CWD command sets a flag that prevents the path to be
105 "remembered" after returning.
107 Daniel (7 January 2006)
108 - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
109 proxy actually used a new connection and not sent the second request on the
112 Daniel (6 January 2006)
113 - Alexander Lazic made the buildconf run the buildconf in the ares dir if that
114 is present instead of trying to mimic that script in curl's buildconf
117 Daniel (3 January 2006)
118 - Andres Garcia made the TFTP test server build with mingw.
120 Daniel (16 December 2005)
121 - Jean Jacques Drouin pointed out that you could only have a user name or
122 password of 127 bytes or less embedded in a URL, where actually the code
123 uses a 255 byte buffer for it! Modified now to use the full buffer size.
125 Daniel (12 December 2005)
126 - Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
128 Version 7.15.1 (7 December 2005)
130 Daniel (6 December 2005)
131 - Full text here: http://curl.haxx.se/docs/adv_20051207.html Pointed out by
136 libcurl's URL parser function can overflow a malloced buffer in two ways, if
137 given a too long URL.
139 These overflows happen if you
141 1 - pass in a URL with no protocol (like "http://") prefix, using no slash
142 and the string is 256 bytes or longer. This leads to a single zero byte
143 overflow of the malloced buffer.
145 2 - pass in a URL with only a question mark as separator (no slash) between
146 the host and the query part of the URL. This leads to a single zero byte
147 overflow of the malloced buffer.
149 Both overflows can be made with the same input string, leading to two single
150 zero byte overwrites.
152 The affected flaw cannot be triggered by a redirect, but the long URL must
153 be passed in "directly" to libcurl. It makes this a "local" problem. Of
154 course, lots of programs may still pass in user-provided URLs to libcurl
155 without doing much syntax checking of their own, allowing a user to exploit
158 There is no known exploit at the time of this writing.
161 Daniel (2 December 2005)
162 - Jamie Newton pointed out that libcurl's file:// code would close() a zero
163 file descriptor if given a non-existing file.
165 Daniel (24 November 2005)
166 - Doug Kaufman provided a set of patches to make curl build fine on DJGPP
167 again using configure.
169 - Yang Tse provided a whole series of patches to clear up compiler warnings on
172 Daniel (17 November 2005)
173 - I extended a patch from David Shaw to make libcurl _always_ provide an error
174 string in the given error buffer to address the flaw mention on 21 sep 2005.
176 Daniel (16 November 2005)
177 - Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get
178 installed on 'make install' time.
180 Daniel (14 November 2005)
181 - Quagmire reported that he needed to raise a NTLM buffer for SSPI to work
182 properly for a case, and so we did. We raised it even for non-SSPI builds
183 but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715
185 - Jan Kunder's debian bug report
186 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird
187 error message for when you try to upload a file and the requested directory
188 doesn't exist on the target server.
190 - Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in
191 lib/memdebug.h that showed up in his msvc builds.
193 Daniel (13 November 2005)
194 - Debian bug report 338681 by Jan Kunder: make curl better detect and report
195 bad limit-rate units:
196 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return
197 error if a bad unit is used.
199 - Thanks to this nice summary of poll() implementations:
200 http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene
201 Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote
202 connectin closure so we check for that case (too) and re-enable poll for
205 Daniel (12 November 2005)
206 - Eugene Kotlyarov found out that cygwin's poll() function isn't doing things
207 right: http://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable
208 poll() and use select() on cygwin too (we already do the same choice on Mac
211 - Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
212 client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
214 Daniel (10 November 2005)
215 - David Lang fixed IPv6 support for TFTP!
217 - Introducing range stepping to the curl globbing support. Now you can specify
218 step counter by adding :[num] within the brackets when specifying a range:
223 If no step counter is set, it defaults to 1 as before:
228 Daniel (8 November 2005)
229 - Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since
230 we really have no use for reverse lookups of the address.
232 I truly hope these are the last reverse lookups we had lingering in the
235 - Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
236 version of libcurl with different Windows versions. Current version of
237 libcurl imports SSPI functions from secur32.dll. However, under Windows NT
238 4.0 these functions are located in security.dll, under Windows 9x - in
239 secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
240 just forwards calls to secur32.dll).
242 Dmitry's patch loads proper library dynamically depending on Windows
243 version. Function InitSecurityInterface() is used to obtain pointers to all
244 of SSPI function in one structure.
246 Daniel (31 October 2005)
247 - Vilmos Nebehaj improved libcurl's LDAP abilities:
249 The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary
250 attributes in LDAP objects. So, I made a quick patch to address these
253 The solution is simple: if we connect to an LDAP server, first try LDAPv3
254 (which is the preferred protocol as of now) and then fall back to LDAPv2.
255 In case of binary attributes, we first convert them to base64, just like the
256 openldap client does. It uses ldap_get_values_len() instead of
257 ldap_get_values() to be able to retrieve binary attributes correctly. I
258 defined the necessary LDAP macros in lib/ldap.c to be able to compile
259 libcurl without the presence of libldap
261 Daniel (27 October 2005)
262 - Nis Jorgensen filed bug report #1338648
263 (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a
264 feature request, but anyway. It pointed out that --max-redirs did not allow
265 it to be set to 0, which then would return an error code on the first
266 Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS
267 set to 0, or -1 for infinity. Added test case 274 to verify.
269 - tommink[at]post.pl reported in bug report #1337723
270 (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload
271 binary data from stdin on Windows if the data contained control-Z (hex 1a)
272 since that is treated as end-of-file when read in text mode. Gisle Vanem
273 pointed out the fix, and I made both -T and --data-binary take advantage of
276 - Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described
277 in the man page, curl would send an invalid HTTP Range: header. The correct
278 way would be to use "-r [number]-" or even "-r -[number]". Starting now,
279 curl will warn if this is discovered, and automatically append a dash to the
280 range before passing it to libcurl.
282 Daniel (25 October 2005)
283 - Amol Pattekar reported a bug with great detail and a fine example in bug
284 #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi
285 interface and connecting to a host with multiple IP addresses, and one of
286 the addresses fails to connect (the server must exist and respond, just not
287 accept connections) libcurl leaks a socket descriptor. Thanks to the fine
288 report, I could find and fix this.
290 Daniel (22 October 2005)
291 - Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report
292 #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL
293 stream from a server and the server requests a "rehandshake", the current
294 code simply returns this as an error. I have no good way to test this, but
295 I've added a crude attempt of dealing with this situation slightly better -
296 it makes a blocking handshake if this happens. Done like this because fixing
297 this the "proper" way (that would handshake asynchronously) will require
298 quite some work and I really need a good way to test this to do such a
301 Daniel (21 October 2005)
302 - "Ofer" reported a problem when libcurl re-used a connection and failed to do
303 it, it could then accidentally actually crash. Presumably, this concerns FTP
304 connections. http://curl.haxx.se/bug/view.cgi?id=1330310
306 - Temprimus improved the MSVC makefile so that the static debug SSL libs are
307 linked to the executable and not to the libcurld.lib
308 http://curl.haxx.se/bug/view.cgi?id=1326676
310 - Bradford Bruce made the windows resolver code properly return
311 CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving
312 errors (as documented).
314 Daniel (20 October 2005)
315 - Dave Dribin made libcurl understand and handle cases when the server
316 (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
317 never happen in a sane world, libcurl previously got into an infinite loop
318 when this occurred. Dave added test 273 to verify this.
320 - Temprimus improved the MSVC makefile: "makes a build option available so if
321 you set rtlibcfg=static for the make, then it would build with /MT. The
322 default behaviour is /MD (the original)."
323 http://curl.haxx.se/bug/view.cgi?id=1326665
325 Daniel (14 October 2005)
326 - Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin
327 reported, the define is used by the configure script and is assumed to use
328 the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0
331 Version 7.15.0 (13 October 2005)
333 Daniel (12 October 2005)
334 - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM
335 code that would overflow a buffer if given a too long user name or domain
336 name. This would happen if you enable NTLM authentication and either
338 A - pass in a user name and domain name to libcurl that together are longer
341 B - allow (lib)curl to follow HTTP "redirects" (Location: and the
342 appropriate HTTP 30x response code) and the new URL contains a URL with
343 a user name and domain name that together are longer than 192 bytes
345 See http://curl.haxx.se/docs/security.html for further details and updates
347 Daniel (5 October 2005)
348 - Darryl House reported a problem with using -z to download files from FTP.
349 It turned out that if the given time stamp was exact the same as the remote
350 time stamp, the file would still wrongly be downloaded. Added test case 272
353 Daniel (4 October 2005)
354 - Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes
355 from the configure script.
357 - Michael Wallner reported that the date parser had wrong offset stored for
358 the MEST and CEST time zones.
360 Daniel (27 September 2005)
361 - David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181)
362 that identified a silly problem with Content-Range: headers with the 'bytes'
363 keyword written in a different case than all lowercase! It would cause a
366 - TJ Saunders of the proftpd project identified and pointed out problems with
367 the modified FTPS negotiation change of August 19 2005. Thus, we revert the
368 change back to pre-7.14.1 status.
370 Daniel (21 September 2005)
371 - Fixed "cut off" sentence in the libcurl-tutorial man page:
372 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305
374 - Clarified in the curl_easy_setopt man page what the default
375 CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean:
376 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311
378 - Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER
379 sometimes doesn't fill in the buffer even though it is supposed to:
380 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313
382 - When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an
385 Daniel (19 September 2005)
386 - Dmitry Bartsevich made the SSPI support work on Windows 9x as well.
388 Daniel (15 September 2005)
389 - Added a TFTP server to the test suite and made the test suite capable of
392 Daniel (7 September 2005)
393 - Ben Madsen's detailed reports that funnily enough only occurred with certain
394 glibc versions turned out to be curl using an already closed file handle
395 during certain conditions (like when saving FTP server "headers").
397 - Scott Davis helped me track down a problem in the test HTTP server that made
398 test case 56 wrongly fail at times. It turned out it was due to the server
399 finding the end of a chunked-encoded POST too early.
401 Daniel (6 September 2005)
402 - Now curl warns if an unknown variable is used in the -w/--writeout argument.
404 Daniel (4 September 2005)
405 - I applied Nicolas François' man page patch he posted to the Debian bug
406 tracker. It corrected two lines that started with apostrophes, which isn't
407 legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511
409 - Added --ftp-skip-pasv-ip to the command line tool, that sets the new
410 CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control
411 connection's IP address when setting up the data connection instead of
412 extractting the IP address from the PASV response. It has turned out this
413 feature is frequently needed by people to circumvent silly servers and silly
414 firewalls, especially when FTPS is used and the PASV command-response is
417 Sponsored by CU*Answers
419 Daniel (1 September 2005)
420 - John Kelly added TFTP support to libcurl. A bunch of new error codes was
421 added. TODO: add them to docs. add TFTP server to test suite. add TFTP to
422 list of protocols whereever those are mentioned.
424 Version 7.14.1 (1 September 2005)
426 Daniel (29 August 2005)
427 - Kevin Lussier pointed out a problem with curllib.dsp and how to fix it.
429 - Igor Polyakov fixed a rather nasty problem with the threaded name resolver
430 for Windows, that could lead to an Access Violation when the multi interface
431 was used due to an issue with how the resolver thread was and was not
434 - Simon Josefsson brought a patch that allows curl to get built to use GNU GSS
435 instead of MIT/Heimdal for GSS capabilities.
437 Daniel (24 August 2005)
438 - Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible
439 from the command line tool with --ignore-content-length. This will make it
440 easier to download files from Apache 1.x (and similar) servers that are
441 still having problems serving files larger than 2 or 4 GB. When this option
442 is enabled, curl will simply have to wait for the server to close the
443 connection to signal end of transfer. I wrote test case 269 that runs a
444 simple test to verify that this works.
446 - (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed
447 the --logfile command line option to --log-file, and thus the test script
448 valgrind autodetection now has yet another version check to do and then it
449 alters the valgrind command line accordingly.
451 - Fixed CA cert verification using GnuTLS with the default bundle, which
452 previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
453 Ralph Mitchell reported.
455 Daniel (19 August 2005)
456 - Norbert Novotny had problems with FTPS and he helped me work out a patch
457 that made curl run fine in his end. The key was to make sure we do the
458 SSL/TLS negotiation immediately after the TCP connect is done and not after
459 a few other commands have been sent like we did previously. I don't consider
460 this change necessary to obey the standards, I think this server is pickier
461 than what the specs allow it to be, but I can't see how this modified
462 libcurl code can add any problems to those who are interpreting the
463 standards more liberally.
465 Daniel (17 August 2005)
466 - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
467 CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
468 write the result to a given cookie jar and then never actually call
469 curl_easy_perform() - the given file(s) to read was never read but the
470 output file was written and thus it caused a "funny" result.
472 - While doing some tests for the bug above, I noticed that Firefox generates
473 large numbers (for the expire time) in the cookies.txt file and libcurl
474 didn't treat them properly. Now it does.
476 Daniel (15 August 2005)
477 - Added more verbose "warning" messages to the curl client for cases where it
478 fails to open/read files etc to help users diagnose why it doesn't do what
479 you'd expect it to. Converted lots of old messages to use the new generic
480 function I wrote for this purpose.
482 Daniel (13 August 2005)
483 - James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a
484 site responds with bad HTTP response that doesn't contain any header at all,
485 only a response body, and the write callback returns 0 to abort the
486 transfer, it didn't have any real effect but the write callback would be
487 called once more anyway.
489 Daniel (12 August 2005)
490 - Based on Richard Clayton's reports, I found out that using curl -d @filename
491 when 'filename' was not possible to access made curl use a GET request
494 - The time condition illegal syntax warning is now inhibited if -s is used.
496 Daniel (10 August 2005)
497 - Mario Schroeder found out that one of the debug callbacks calls that regards
498 SSL data with the CURLINFO_TEXT type claimed that the data was one byte
499 larger than it actually is, thus falsely telling the application that the
500 terminating zero was part of the data.
502 Daniel (9 August 2005)
503 - Christopher R. Palmer fixed the offsets used for date parsings when the time
504 zone name of a daylight savings time was used. For example, PDT vs PDS. This
505 flaw was introduced with the new date parser (11 sep 2004 - 7.12.2).
506 Fortunately, no web server or cookie string etc should be using such time
507 zone names thus limiting the effect of this bug.
509 Daniel (8 August 2005)
510 - Jon Grubbs filed bug report #1249962
511 (http://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem
512 with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly
513 switches to pure HTTP internally when an HTTP proxy is used, even for FTP
514 URLs. The problem would also occur with other multi-pass auth methods.
516 Daniel (7 August 2005)
517 - When curl is built with GnuTLS, curl-config didn't include "SSL" when
520 Daniel (28 July 2005)
521 - If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is
522 set to 1, CURLOPT_NOBODY will now automatically be set to 0.
524 Daniel (27 July 2005)
525 - Dan Fandrich changes over the last week: fixed numerous minor configure
526 option parsing flaws: --without-gnutls, --without-spnego --without-gssapi
527 and --without-krb4. Spellfixed several error messages.
529 - Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a
530 simple interface to extracting and setting cookies in libcurl's internal
531 "cookie jar". See the new cookie_interface.c example code.
533 Daniel (13 July 2005)
534 - Diego Casorran provided patches to make curl build fine on Amiga again.
536 Daniel (12 July 2005)
537 - Adrian Schuur added trailer support in the chunked encoding stream. The
538 trailer is then sent to the normal header callback/stream. I wrote up test
539 case 266 to verify the basic functionality. Do note that test case 34
540 contains a flawed chunked encoding stream that still works the same.
543 - Gisle Vanem came up with a nice little work-around for bug #1230118
544 (http://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC)
545 libc time functions may return data one hour off if TZ is not set and
546 automatic DST adjustment is enabled. This made curl_getdate() return wrong
547 value, and it also concerned internal cookie expirations etc.
550 - Andrew Bushnell provided enough info for me to tell that we badly needed to
551 fix the CONNECT authentication code with multi-pass auth methods (such as
552 NTLM) as it didn't previously properly ignore response-bodies - in fact it
553 stopped reading after all response headers had been received. This could
554 lead to libcurl sending the next request and reading the body from the first
555 request as response to the second request. (I also renamed the function,
556 which wasn't strictly necessary but...)
558 The best fix would to once and for all make the CONNECT code use the
559 ordinary request sending/receiving code, treating it as any ordinary request
560 instead of the special-purpose function we have now. It should make it
561 better for multi-interface too. And possibly lead to less code...
563 Added test case 265 for this. It doesn't work as a _really_ good test case
564 since the test proxy is too stupid, but the test case helps when running the
567 Daniel (30 June 2005)
568 - Dan Fandrich improved the configure script's ability to figure out what kind
569 of strerror_r() API that is used when cross-compiling. If __GLIB__ is
570 defined, it assumes the glibc API. If not, it issues a notice as before that
571 the user needs to manually edit lib/config.h for this.
573 Daniel (23 June 2005)
574 - David Shaw's fix that unifies proxy string treatment so that a proxy given
575 with CURLOPT_PROXY can use a http:// prefix and user + password. The user
576 and password fields are now also URL decoded properly. Test case 264 added
579 Daniel (22 June 2005)
580 - David Shaw updated libcurl.m4
582 Daniel (14 June 2005)
583 - Gisle Vanem fixed a potential thread handle leak. Bug report #1216500
584 (http://curl.haxx.se/bug/view.cgi?id=1216500). Comment in
585 http://curl.haxx.se/mail/lib-2005-06/0059.html
587 Daniel (13 June 2005)
588 - Made buildconf run libtoolize in the ares dir too (inspired by Tupone's
592 - Incorporated Tupone's findtool fix in buildconf (slightly edited)
594 - Incorporated Tupone's head -n fix in buildconf.
597 - Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it
598 in pieces, one by one and see what we need to adjust to work all over.
601 - Tupone Alfredo fixed three problems in buildconf:
603 1) findtool does look per tool in PATH and think ./perl is the perl
604 executable, while is just a local directory (I have . in the PATH)
606 2) I got several warning for head -1 deprecated in favour of head -n 1
608 3) ares directory is missing some file (missing is missing :-) ) because
609 automake and friends is not run.
612 - Added docs/libcurl/getinfo-times, based on feedback from 'Edi':
613 http://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes
615 - Andres Garcia provided yet another text mode patch for several test cases so
616 that they do text comparisions better on Windows (newline-wise).
619 - The configure check for c-ares now adds the cares lib before the other libs,
620 to make it build fine with mingw. Inspired by Tupone Alfredo's bug report
621 and patch: http://curl.haxx.se/bug/view.cgi?id=1212940
624 - Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6
625 address was not possible to use. It is now, but requires it written
626 RFC2732-style, within brackets - which incidently is how you enter numerical
627 IPv6 addresses in URLs. Test case 263 added to verify.
630 - Eric Cooper reported about a problem with HTTP servers that responds with
631 binary zeroes within the headers. They confused libcurl to do wrong so the
632 downloaded headers become incomplete. The fix is now verified with test case
633 262. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948
636 - Fixed problems with the test suite, and in particular the FTP test cases
637 since it previously was failing every now and then in a nonsense manner.
639 - --trace-time now outputs the full microsecond, all 6 digits.
642 - Andres Garcia provided a text mode patch for several test cases so that they
643 do text comparisions better on Windows (newline-wise).
645 - Any 2xx response (and not just 200) is now considered a fine response to
646 TYPE, as some servers obviously sends a 226 there. Added test case 261 to
647 verify. Based on a question/report by Georg Wicherski.
650 - Improved runtests.pl to allow stdout tests to be mode=text as well, just
651 as file comparisons already supports. Added this info to the FILEFORMAT
655 - John McGowan identified a problem in bug report #1204435
656 (http://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like
657 "http://somehost?data" as it added a slash too much in the request ("GET
658 /?data/"...). Added test case 260 to verify.
660 - The configure check for strerror_r() failed to detect the proper API at
661 times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc
662 version if the posix define wasn't set (since it _had_ found a strerror_r).
665 - The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail
666 due to this. There's now a configure check that attempts to detect the bad
667 function and not use it on such systems.
669 Version 7.14.0 (16 May 2005)
672 - Grigory Entin reported that curl's configure detects a fine poll() for Mac
673 OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable
674 doesn't work as good as if built without poll(). I've adjusted the configure
675 to always skip the fine-poll() test on Mac OS X (darwin).
678 - When doing a second request (after a disconnect) using the same easy handle,
679 over a proxy that uses NTLM authentication, libcurl failed to use NTLM again
680 properly (the auth method was accidentally reset to the same as had been set
681 for host auth, which defaults to Basic). Bug report #1200661
682 (http://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and
685 - If -z/--time-cond is used with an invalid date syntax, this is no longer
686 silently discarded. Instead a proper warning message is diplayed that
687 informs about it. But it still continues without the condition.
689 Version 7.14.0-pre2 (11 May 2005)
692 - Starting now, libcurl sends a little different set of headers in its default
695 A) Normal non-proxy HTTP:
696 - no more "Pragma: no-cache" (this only makes sense to proxies)
698 B) Non-CONNECT HTTP request over proxy:
699 - "Pragma: no-cache" is used (like before)
700 - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies)
702 C) CONNECT HTTP request over proxy:
703 - "Host: [name]:[port]"
704 - "Proxy-Connection: Keep-alive"
706 The A) case is mostly to reduce the default header size and remove a
709 The B) is to address (rare) problems with HTTP 1.0 proxies
711 The C) headers are both to address (rare) problems with some proxies. The
712 code in libcurl that deals with CONNECT requests need a rewrite, but it
713 feels like a too big a job for me to do now. Details are added in the code
716 Updated a large amount of test cases to reflect the news.
719 - Half-baked attempt to bail out if select() returns _only_ errorfds when the
720 transfer is in progress. An attempt to fix Allan's problem. See
721 http://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread
724 I'm still not sure this is the right fix, but...
726 Version 7.14.0-pre1 (9 May 2005)
729 - Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At
730 least it should no longer cause a compiler error. However, it does not have
731 AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it
732 (we use that for FTP PORT/EPRT)! So, I modified the configure check that
733 checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then
734 it'll fail on AIX 4.3 and it will automatically build with IPv6 support
737 - Added --trace-time that when used adds a time stamp to each trace line that
738 --trace, --trace-ascii and --verbose output. I also made the '>' display
739 separate each line on the linefeed so that HTTP requests etc look nicer in
742 - Made curl recognize the environment variables Lynx (and others?) support for
743 pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If
744 CURL_CA_BUNDLE is not set, they are checked afterwards.
746 Like before: on windows if none of these are set, it checks for the ca cert
749 1. application's directory
750 2. current working directory
751 3. Windows System directory (e.g. C:\windows\system32)
752 4. Windows Directory (e.g. C:\windows)
753 5. all directories along %PATH%
756 - The runtests.pl script now starts test servers by doing fork() and exec()
757 instead of the previous approach. This is less complicated and should
758 hopefully lead to less "leaked" servers (servers that aren't stopped
759 properly when the tests are stopped).
761 - Alexander Zhuravlev found a case when you did "curl -I [URL]" and it
762 complained on the chunked encoding, even though a HEAD should never return a
763 body and thus it cannot be a chunked-encoding problem!
765 Daniel (30 April 2005)
766 - Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using
767 --interface on an address that can't be bound.
769 Daniel (28 April 2005)
770 - Working on fixing up test cases to mark sections as 'mode=text' for things
771 that curl writes as text files, since then they can get different line
772 endings depending on OS. Andrés García helps me work this out.
774 Did lots of other minor tweaks on the test scripts to work better and more
775 reliably find test servers and also kill test servers.
777 - Dan Fandrich pointed out how the runtests.pl script killed the HTTP server
778 instead of the HTTPS server when closing it down.
780 Daniel (27 April 2005)
781 - Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two
782 more places. First, CURL_HOME is a new environment variable that is used
783 instead of HOME if it is set, to point out where the default config file
784 lives. If there's no config file in the dir pointed out by one of the
785 environment variables, the Windows version will instead check the same
786 directory the executable curl is located in.
788 Daniel (26 April 2005)
789 - Cory Nelson's work on nuking compiler warnings when building on x64 with
792 Daniel (25 April 2005)
793 - Fred New reported a bug where we used Basic auth and user name and password
794 in .netrc, and when following a Location: the subsequent requests didn't
795 properly use the auth as found in the netrc file. Added test case 257 to
798 - Based on feedback from Cory Nelson, I added some preprocessor magic in
799 */setup.h and */config-win32.h to build fine with VS2005 on x64.
801 Daniel (23 April 2005)
802 - Alex Suykov made the curl tool now assume that uploads using HTTP:// or
803 HTTPS:// are the only ones that show output and thus motivates a switched
804 off progress meter if the output is sent to the terminal. This makes FTP
805 uploads without '>', -o or -O show the progress meter.
807 Daniel (22 April 2005)
808 - Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static
811 - Andres Garcia fixed configure to set the proper define when building static
814 - --retry-delay didn't work.
816 Daniel (18 April 2005)
817 - Olivier reported that even though he used CURLOPT_PORT, libcurl clearly
818 still used the default port. He was right. I fixed the problem and added the
819 test cases 521, 522 and 523 to verify the fix.
821 - Toshiyuki Maezawa reported that when doing a POST with a read callback,
822 libcurl didn't properly send an Expect: 100-continue header. It does now.
824 - I committed by mig change in the test suite's FTP server that moves out all
825 socket/TCP code to a separate C program named sockfilt. And added 4 new
826 test cases for FTP over IPv6.
828 Daniel (8 April 2005)
829 - Cory Nelson reported a problem with a HTTP server that responded with a 304
830 response containing an "illegal" Content-Length: header, which was not
831 properly ignored by libcurl. Now it is. Test case 249 verifies.
833 Daniel (7 April 2005)
834 - Added ability to build and run with GnuTLS as an alternative to OpenSSL for
835 the secure layer. configure --with-gnutls enables with. Note that the
836 previous OpenSSL check still has preference and if it first detects OpenSSL,
837 it will not check for GnuTLS. You may need to explictly diable OpenSSL with
840 This work has been sponsored by The Written Word.
842 Daniel (5 April 2005)
843 - Christophe Legry fixed the post-upload check for FTP to not complain if the
844 upload was skipped due to a time-condition as set with
845 CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify.
847 Version 7.13.2 (5 April 2005)
849 Daniel (4 April 2005)
850 - Marcelo Juchem fixed the MSVC makefile for libcurl
852 - Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle
853 was killed before the threading resolver (windows only) still hadn't
856 - Hardeep Singh reported a problem doing HTTP POST with Digest. (It was
857 actually also affecting NTLM and Negotiate.) It turned out that if the
858 server responded with 100 Continue before the initial 401 response, libcurl
859 didn't take care of the response properly. Test case 245 and 246 added to
862 Daniel (30 March 2005)
863 - Andres Garcia modified the configure script to check for libgdi32 before
864 libcrypto, to make the SSL check work fine on msys/mingw.
866 Daniel (29 March 2005)
867 - Tom Moers identified a flaw when you sent a POST with Digest authentication,
868 as in the first request when curl sends a POST with Content-Length: 0, it
869 still forcibly closed the connection before doing the next step in the auth
872 - Jesper Jensen found out that FTP-SSL didn't work since my FTP
873 rewrite. Fixing that was easy, but it also revealed a much worse problem:
874 the FTP server response reader function didn't properly deal with reading
875 responses in multiple tiny chunks properly! I modified the FTP server to
876 allow it to produce such split-up responses to make sure curl deals with
879 - Based on Augustus Saunders' comments and findings, the HTTP output auth
880 function was fixed to use the proper proxy authentication when multiple ones
881 are accepted. test 239 and test 243 were added to repeat the problems and
884 --proxy-anyauth was added to the curl tool
886 Daniel (16 March 2005)
887 - Tru64 and some IRIX boxes seem to not like test 237 as it is. Their
888 inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted
889 address which makes a different failure... Now I've modified the ipv4
890 resolve code to use inet_pton() instead in an attempt to make these systems
891 better detect this as a bad IP address rather than creating a toally bogus
892 address that is then passed on and used.
894 Daniel (15 March 2005)
895 - Dan Fandrich made the code properly use the uClibc's version of
896 inet_ntoa_r() when built with it.
898 - Added test 237 and 238: test EPSV and PASV response handling when they get
899 well- formated data back but using illegal values. In 237 PASV gets an IP
900 address that is way bad. In 238 EPSV gets a port that is way out of range.
902 Daniel (14 March 2005)
903 - Added a few missing features to the curl-config --features list
905 - Modified testcurl.pl to now offer
906 1 - command line options for all info it previously only read from
907 file: --name, --email, --desc and --configure
908 2 - --nocvsup makes it not attempt to do cvs update
909 3 - --crosscompile informs it and makes it not attempt things it can't do
911 - Fixed numerous win32 compiler warnings.
913 - Removed the lib/security.h file since it shadowed the mingw/win32 header
914 with the same name which is needed for SSPI builds. The contents of the
915 former security.h is now i krb4.h
917 - configure --enable-sspi now enables SSPI in the build. It only works for
918 windows builds (including cross-compiles for windows).
920 Daniel (12 March 2005)
921 - David Houlder added --form-string that adds that string to a multipart
922 formpost part, without special characters having special meanings etc like
925 Daniel (11 March 2005)
926 - curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was
927 built with SSPI support.
929 - Christopher R. Palmer made it possible to build libcurl with the
930 USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the
931 native way to do NTLM. SSPI also allows libcurl to pass on the current user
932 and its password in the request.
934 Daniel (9 March 2005)
935 - Dan F improved the SSL lib setup in configure.
937 - Nodak Sodak reported a crash when using a SOCKS4 proxy.
939 - Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the
940 multi interface code.
942 - Adjusted the man page for the curl_getdate() return value for dates after
943 year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it
944 returns either the correct value or even -1 on some systems that still seem
945 to not deal with this properly. Tor Arntsen found a 64bit AIX system for us
946 that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on
947 this problem in the first place.
949 Daniel (8 March 2005)
950 - Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP
951 file got a Last-Modified: header written to the data stream, corrupting the
952 actual data. This was because some conditions from the previous FTP code was
953 not properly brought into the new FTP code. I fixed and I added test case
954 520 to verify. (This bug was introduced in 7.13.1)
956 - Dan Fandrich fixed the configure --with-zlib option to always consider the
957 given path before any standard paths.
959 Daniel (6 March 2005)
960 - Randy McMurchy was the first to report that valgrind.pm was missing from the
961 release archive and thus 'make test' fails.
963 Daniel (5 March 2005)
964 - Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files.
966 - Added test case 235 that makes a resumed upload of a file that isn't present
967 on the remote side. This then converts the operation to an ordinary STOR
968 upload. This was requested/pointed out by Ignacio Vazquez-Abrams.
970 It also proved (and I fixed) a bug in the newly rewritten ftp code (and
971 present in the 7.13.1 release) when trying to resume an upload and the
972 servers returns an error to the SIZE command. libcurl then loops and sends
973 SIZE commands infinitely.
975 - Dan Fandrich fixed a SSL problem introduced on February 9th that made
976 libcurl attempt to load the whole random file to seed the PRNG. This is
977 really bad since this turns out to be using /dev/urandom at times...
979 Version 7.13.1 (4 March 2005)
981 Daniel (4 March 2005)
982 - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
983 the cookie "engine" without having to provide an empty or non-existing file.
985 - Rene Rebe fixed a -# crash when more data than expected was retrieved.
987 Daniel (22 February 2005)
988 - NTLM and ftp-krb4 buffer overflow fixed, as reported here:
989 http://www.securityfocus.com/archive/1/391042 and the CAN report here:
990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
992 If these security guys were serious, we'd been notified in advance and we
993 could've saved a few of you a little surprise, but now we weren't.
995 Daniel (19 February 2005)
996 - Ralph Mitchell reported a flaw when you used a proxy with auth, and you
997 requested data from a host and then followed a redirect to another
998 host. libcurl then didn't use the proxy-auth properly in the second request,
999 due to the host-only check for original host name wrongly being extended to
1000 the proxy auth as well. Added test case 233 to verify the flaw and that the
1001 fix removed the problem.
1003 Daniel (18 February 2005)
1004 - Mike Dobbs reported a mingw build failure due to the lack of
1005 BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
1006 configure when mingw is used.
1008 Daniel (17 February 2005)
1009 - David in bug report #1124588 found and fixed a socket leak when libcurl
1010 didn't close the socket properly when returning error due to failing
1013 Daniel (16 February 2005)
1014 - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"
1015 that picks NTLM. Thanks to David Byron letting me test NTLM against his
1016 servers, I could quickly repeat and fix the problem. It turned out to be:
1018 When libcurl POSTs without knowing/using an authentication and it gets back
1019 a list of types from which it picks NTLM, it needs to either continue
1020 sending its data if it keeps the connection alive, or not send the data but
1021 close the connection. Then do the first step in the NTLM auth. libcurl
1022 didn't send the data nor close the connection but simply read the
1023 response-body and then sent the first negotiation step. Which then failed
1024 miserably of course. The fixed version forces a connection if there is more
1025 than 2000 bytes left to send.
1027 Daniel (14 February 2005)
1028 - The configure script didn't check for ENGINE_load_builtin_engines() so it
1031 Daniel (11 February 2005)
1032 - Removed all uses of strftime() since it uses the localised version of the
1033 week day names and month names and servers don't like that.
1035 Daniel (10 February 2005)
1036 - Now the test script disables valgrind-testing when the test suite runs if
1037 libcurl is built shared. Otherwise valgrind only tests the shell that runs
1038 the wrapper-script named 'curl' that is a front-end to curl in this case.
1039 This should also fix the huge amount of reports of false positives when
1040 valgrind has identified leaks in (ba)sh and not in curl and people report
1041 that as curl bugs. Bug report #1116672 is one example.
1043 Also, the valgrind report parser has been adapted to check that at least one
1044 of the sources in a stack strace is one of (lib)curl's source files or
1045 otherwise it will not consider the problem to concern (lib)curl.
1047 - Marty Kuhrt streamlined the VMS build.
1049 Daniel (9 February 2005)
1050 - David Byron fixed his SSL problems, initially mentioned here:
1051 http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use
1052 SSL_pending() as we should.
1054 - Converted lots of FTP code to a statemachine, so that the multi interface
1055 doesn't block while communicating commands-responses with an FTP server.
1057 I've added a comment like BLOCKING in the code on all spots I could find
1058 where we still have blocking operations. When we change curl_easy_perform()
1059 to use the multi interface, we'll also be able to simplify the code since
1060 there will only be one "internal interface".
1062 While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the
1063 new CURLE_LOGIN_DENIED. The first one is now access denied to a function,
1064 like changing directory or retrieving a file, while the second means that we
1067 The CVS tag 'before_ftp_statemachine' was set just before this went in, in
1068 case of future need.
1070 - Gisle made the DICT code send CRLF and not just LF as the spec says so.
1072 Daniel (8 February 2005)
1073 - Gisle fixed problems when libcurl runs out of memory, and worked on making
1074 sure the proper error code is returned for those occations.
1076 Daniel (7 February 2005)
1077 - Maruko pointed out a problem with inflate decompressing exactly 64K
1080 Daniel (5 February 2005)
1081 - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
1082 PORT on ipv6-enabled hosts.
1084 - David Byron pointed out we could use BUFSIZE to read data (in
1085 lib/transfer.c) instead of using BUFSIZE -1.
1087 Version 7.13.0 (1 February 2005)
1089 Daniel (31 January 2005)
1090 - Added Lars Nilsson's htmltitle.cc example
1092 Daniel (30 January 2005)
1093 - Fixed a memory leak when using the multi interface and the DO operation
1094 failed (as in test case 205).
1096 - Fixed a valgrind warning for file:// operations.
1098 - Fixed a valgrind report in the url globbing code for the curl command line
1101 - Bugfixed the parser that scans the valgrind report outputs (in runtests.pl).
1102 I noticed that it previously didn't detect and report the "Conditional jump
1103 or move depends on uninitialised value(s)" error. When I fixed this, I
1104 caught a few curl bugs with it. And then I had to spend time to make the
1105 test suite IGNORE these errors when OpenSSL is used since it produce massive
1106 amounts of valgrind warnings (but only of the "Conditional..." kind it
1107 seems). So, if a test that requires SSL is run, it ignores the
1108 "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead
1111 Daniel (29 January 2005)
1112 - Using the multi interface, and doing a requsted a re-used connection that
1113 gets closed just after the request has been sent failed and did not re-issue
1114 a request on a fresh reconnect like the easy interface did. Now it does!
1116 - Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use
1117 my new curl_easy_perform() that uses the multi interface to run the
1118 request. It is a great testbed for the multi interface and I believe we
1119 shall do it this way for real in the future when we have a successor to
1120 curl_multi_fdset(). I've used this approach to detect and fix several of the
1121 recent multi-interfaces issues.
1123 - Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some
1126 - multi interface: when a request is denied due to "Maximum redirects
1127 followed" libcurl leaked the last Location: URL.
1129 - Connect failures with the multi interface was often returned as "connect()
1130 timed out" even though the reason was different.
1132 Daniel (28 January 2005)
1133 - KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
1134 curl_easy_perform() invokes. It was previously unlocked at disconnect, which
1135 could mean that it remained locked between multiple transfers. The DNS cache
1136 may not live as long as the connection cache does, as they are separate.
1138 To deal with the lack of DNS (host address) data availability in re-used
1139 connections, libcurl now keeps a copy of the IP adress as a string, to be
1140 able to show it even on subsequent requests on the same connection.
1142 The problem could be made to appear with this stunt:
1144 1. create a multi handle
1145 2. add an easy handle
1146 3. fetch a URL that is persistent (leaves the connection alive)
1147 4. remove the easy handle from the multi
1148 5. kill the multi handle
1149 6. create a multi handle
1150 7. add the same easy handle to the new multi handle
1151 8. fetch a URL from the same server as before (re-using the connection)
1153 - Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
1154 when built ipv6-enabled. I've now made a fix for it. Writing test cases for
1155 custom port hosts turned too tricky so unfortunately there's none.
1157 Daniel (25 January 2005)
1158 - Ian Ford asked about support for the FTP command ACCT, and I discovered it
1159 is present in RFC959... so now (lib)curl supports it as well. --ftp-account
1160 and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an
1161 account string after PASS have been sent away. The client responds
1162 with "ACCT [account string]".) Added test case 228 and 229 to verify the
1163 functionality. Updated the test FTP server to support ACCT somewhat.
1165 - David Shaw contributed a fairly complete and detailed autoconf test you can
1166 use to detect libcurl and setup variables for the protocols the installed
1167 libcurl supports: docs/libcurl/libcurl.m4
1169 Daniel (21 January 2005)
1170 - Major FTP third party transfer overhaul.
1172 These four options are now obsolete: CURLOPT_SOURCE_HOST,
1173 CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before)
1174 and CURLOPT_PASV_HOST.
1176 These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE.
1178 The target-side didn't use the proper path with RETR, and thus this only
1179 worked correctly in the login path (i.e without doing any CWD). The source-
1180 side still uses a wrong path, but the fix for this will need to wait. Verify
1181 the flaw by using a source URL with included %XX-codes.
1183 Made CURLOPT_FTPPORT control weather the target operation should use PORT
1184 (or not). The other side thus uses passive (PASV) mode.
1186 Updated the ftp3rdparty.c example source to use the updated options.
1188 Added support for a second FTP server in the test suite. Named... ftp2.
1189 Added test cases 230, 231 and 232 as a few first basic tests of very simple
1190 3rd party transfers.
1192 Changed the debug output to include 'target' and 'source' when a 3rd party
1193 is being made, to make it clearer what commands/responses came on what
1196 Added three new command line options: --3p-url, --3p-user and --3p-quote.
1198 Documented the command line options and the curl_easy_setopt options related
1199 to third party transfers.
1201 (Temporarily) disabled the ability to re-use an existing connection for the
1202 source connection. This is because it needs to force a new in case the
1203 source and target is the same host, and the host name check is trickier now
1204 when the source is identified with a full URL instead of a plain host name
1207 TODO (short-term) for 3rd party transfers: quote support. The options are
1208 there, we need to add test cases to verify their functionality.
1210 TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc)
1211 and SSL/TSL support.
1213 Daniel (20 January 2005)
1214 - Philippe Hameau found out that -Q "+[command]" didn't work, although some
1215 code was written for it. I fixed and added test case 227 to verify it.
1216 The curl.1 man page didn't mention the '+' so I added it.
1218 Daniel (19 January 2005)
1219 - Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
1220 contains %0a or %0d in the user, password or CWD parts. (A future fix would
1221 include doing it for %00 as well - see KNOWN_BUGS for details.) Test case
1222 225 and 226 were added to verify this
1224 - Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:
1226 1) the proxy environment variables are still read and used to set HTTP proxy
1228 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
1229 disabled). This is important since apps may want to disable HTTP proxy
1230 without actually knowing if libcurl was built to disable HTTP or not.
1232 Based on Stephan's patch, both these issues should now be fixed.
1234 Daniel (18 January 2005)
1235 - Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was
1238 Daniel (16 January 2005)
1239 - Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl
1240 assumed this used the DICT protocol. While guessing protocols will remain
1241 fuzzy, I've now made sure that the host names must start with "[protocol]."
1242 for them to be a valid guessable name. I also removed "https" as a prefix
1243 that indicates HTTPS, since we hardly ever see any host names using that.
1245 Daniel (13 January 2005)
1246 - Inspired by Martijn Koster's patch and example source at
1247 http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the
1248 select() and poll() calls properly loop if they return -1 and errno is
1249 EINTR. glibc docs for this is found here:
1250 http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html
1252 This last link says BSD doesn't have this "effect". Will there be a problem
1253 if we do this unconditionally?
1255 Daniel (11 January 2005)
1256 - Dan Torop cleaned up a few no longer used variables from David Phillips'
1257 select() overhaul fix.
1259 - Cyrill Osterwalder posted a detailed analysis about a bug that occurs when
1260 using a custom Host: header and curl fails to send a request on a re-used
1261 persistent connection and thus creates a new connection and resends it. It
1262 then sent two Host: headers. Cyrill's analysis was posted here:
1263 http://curl.haxx.se/mail/archive-2005-01/0022.html
1265 - Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5
1266 problem with the version byte and the check for bad versions. Bruce has lots
1267 of clues on this, and based on his suggestion I've now removed the check of
1268 that byte since it seems to be able to contain 1 or 5.
1270 Daniel (10 January 2005)
1271 - Pavel Orehov reported memory problems with the multi interface in bug report
1272 #1098843. In short, a shared DNS cache was setup for a multi handle and when
1273 the shared cache was deleted before the individual easy handles, the latter
1274 cleanups caused read/writes to already freed memory.
1276 - Hzhijun reported a memory leak in the SSL certificate code, that leaked the
1277 remote certificate name when it didn't match the used host name.
1279 Gisle (8 January 2005)
1280 - Added Makefile.Watcom files (src/lib). Updated Makefile.dist.
1282 Daniel (7 January 2005)
1283 - Improved the test script's valgrind log parser to actually work! Also added
1284 the ability to disable the log scanner for specific test cases. Test case
1285 509 results in numerous problems and leaks in OpenSSL and has to get it
1288 Daniel (6 January 2005)
1289 - Fixed a single-byte read out of bounds in test case 39 in the curl tool code
1290 (i.e not in the library).
1292 - Bug report #1097019 identified a problem when doing -d "data" with -G and
1293 sending it to two URLs with {}. Added test 199 to verify the fix.
1295 Daniel (4 January 2005)
1296 - Marty Kuhrt adjusted a VMS build script slightly
1298 - Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on
1301 Daniel (2 January 2005)
1302 - Alex Neblett updated the MSVC makefiles slightly.