5 \___|\___/|_| \_\_____|
9 Version 7.17.1 (29 October 2007)
11 Dan F (25 October 2007)
12 - Added the --static-libs option to curl-config
14 Daniel S (25 October 2007)
15 - Made libcurl built with NSS possible to ignore the peer verification.
16 Previously it would fail if the ca bundle wasn't present, even if the code
17 ignored the verification results.
19 Patrick M (25 October 2007)
20 - Fixed test server to allow null bytes in binary posts.
21 _ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
24 Daniel S (25 October 2007)
25 - Michal Marek fixed the test script to be able to use valgrind even when the
26 lib is built shared with libtool.
28 - Fixed a few memory leaks when the same easy handle is re-used to request
29 URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
30 Dan F's new test cases.
32 Dan F (24 October 2007)
33 - Fixed the test FTP and TFTP servers to support the >10000 test number
36 - Added test cases 2000 through 2003 which test multiple protocols using the
39 - Fixed the filecheck: make target to work outside the source tree
41 Daniel S (24 October 2007)
42 - Vladimir Lazarenko pointed out that we should do some 'mt' magic when
43 building with VC8 to get the "manifest" embedded to make fine stand-alone
44 binaries. The maketgz and the src/Makefile.vc6 files were adjusted
47 Daniel S (23 October 2007)
48 - Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
49 that libcurl tried to re-use connections a bit too much when using non-SSL
50 protocols tunneled over a HTTP proxy.
52 Daniel S (22 October 2007)
53 - Michal Marek forwarded the bug report
54 https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
55 FTP that caused memory havoc. His work together with my efforts created two
58 #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
59 at connection cleanup, at which time the struct HandleData could be
60 used by another connection.
61 Also, the unused char *urlpath member is removed from struct FTP.
63 #2 - provide a Curl_reset_reqproto() function that frees
64 data->reqdata.proto.* on connection setup if needed (that is if the
65 SessionHandle was used by a different connection).
67 A long-term goal is of course to somehow get rid of how the reqdata struct
68 is used, as it is too error-prone.
70 - Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
71 that specifying a proxy with a trailing slash didn't work (unless it also
72 contained a port number).
74 Patrick M (15 October 2007)
75 - Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
76 and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
78 Patrick M (12 October 2007)
79 - Added per-protocol callback static tables, replacing callback ptr storage
80 in the connectdata structure by a single handler table ptr.
82 Dan F (11 October 2007)
83 - Fixed the -l option of runtests.pl
85 - Added support for skipping tests based on key words.
87 Daniel S (9 October 2007)
88 - Michal Marek removed the no longer existing return codes from the curl.1
91 Daniel S (7 October 2007)
92 - Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
93 a response that was larger than 16KB is now improved slightly so that now
94 the restriction at 16KB is for the headers only and it should be a rare
95 situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
96 and the header limitation is now known as known bug #48.
98 Daniel S (5 October 2007)
99 - Michael Wallner made the CULROPT_COOKIELIST option support a new magic
100 string: "FLUSH". Using that will cause libcurl to flush its cookies to the
101 CURLOPT_COOKIEJAR file.
103 - The new file docs/libcurl/ABI describes how we view ABI breakages, soname
104 bumps and what the version number's significance to all that is.
106 Daniel S (4 October 2007)
107 - I enabled test 1009 and made the --local-port use a wide range to reduce the
110 - Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
111 This happened because the tftp code always uncondionally did a bind()
112 without caring if one already had been done and then it failed. I wrote a
113 test case (1009) to verify this, but it is a bit error-prone since it will
114 have to pick a fixed local port number and since the tests are run on so
115 many different hosts in different situations I'll add it in disabled state.
117 Yang Tse (3 October 2007)
118 - Fixed issue related with the use of ares_timeout() result.
120 Daniel S (3 October 2007)
121 - Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
122 CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
123 replace the socket() call used by libcurl. It basically allows the app to
124 change address, protocol or whatever of the socket.
126 - I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
127 CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
128 this return code get used by the previous SSH MD5 fingerprint check in case
131 - Based on a patch brought by Johnny Luong, libcurl now offers
132 CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
133 make the SCP or SFTP connection verify the remote host's md5 checksum of the
134 public key before doing a connect, to reduce the risk of a man-in-the-middle
137 Daniel S (2 October 2007)
138 - libcurl now handles chunked-encoded CONNECT responses
140 Daniel S (1 October 2007)
141 - Alex Fishman reported a curl_easy_escape() problem that was made the
142 function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
143 signed / unsigned mistake in the code. I fixed it and added test case 543 to
146 Daniel S (29 September 2007)
147 - Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
149 Daniel S (28 September 2007)
150 - Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
151 notifier callback(s).
153 Dan F (26 September 2007)
154 - Enabled a few more gcc warnings with --enable-debug. Renamed a few
155 variables to avoid shadowing global declarations.
157 Daniel S (26 September 2007)
158 - Philip Langdale provided the new CURLOPT_POST301 option for
159 curl_easy_setopt() that alters how libcurl functions when following
160 redirects. It makes libcurl obey the RFC2616 when a 301 response is received
161 after a non-GET request is made. Default libcurl behaviour is to change
162 method to GET in the subsequent request (like it does for response code 302
163 - because that's what many/most browsers do), but with this CURLOPT_POST301
164 option enabled it will do what the spec says and do the next request using
165 the same method again. I.e keep POST after 301.
167 The curl tool got this option as --post301
169 Test case 1011 and 1012 were added to verify.
171 - Max Katsev reported that when doing a libcurl FTP request with
172 CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
173 before it does SIZE which makes it less useful. I walked over the code and
174 made it do this properly, and added test case 542 to verify it.
176 Daniel S (24 September 2007)
177 - Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
178 URLs ending with a slash properly (it should list the contents of that
179 directory). Test case 351 brought back and also test 1010 was added.
181 Daniel S (21 September 2007)
182 - Mark Davies fixed Negotiate authentication over proxy, and also introduced
183 the --proxy-negotiate command line option to allow a user to explicitly
186 Daniel S (19 September 2007)
187 - Rob Crittenden provided an NSS update with the following highlights:
189 o It looks for the NSS database first in the environment variable SSL_DIR,
190 then in /etc/pki/nssdb, then it initializes with no database if neither of
193 o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
194 loaded, including the ca-bundle. If it is not available then only
195 certificates already in the NSS database are used.
197 o Tries to detect whether a file or nickname is being passed in so the right
200 o Added a bit of code to make the output more like the OpenSSL module,
201 including displaying the certificate information when connecting in
204 o Improved handling of certificate errors (expired, untrusted, etc)
206 The libnsspem.so PKCS#11 module is currently only available in Fedora
207 8/rawhide. Work will be done soon to upstream it. The NSS module will work
208 with or without it, all that changes is the source of the certificates and
211 Daniel S (18 September 2007)
212 - Immanuel Gregoire pointed out that public key SSH auth failed if no
213 public/private key was specified and there was no HOME environment variable,
214 and then it didn't continue to try the other auth methods. Now it will
215 instead try to get the files id_dsa.pub and id_dsa from the current
216 directory if none of the two conditions were met.
218 Dan F (17 September 2007)
219 - Added hooks to the test suite to make it possible to test a curl running
222 - Changed some FTP tests to validate the format of the PORT and EPRT commands
223 sent by curl, if not the addresses themselves.
225 Daniel S (15 September 2007)
226 - Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
227 proxies for FTP urls.
229 - Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
232 Dan F (13 September 2007)
233 - Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
234 fixed some AC_SUBST configure entries.
236 Version 7.17.0 (13 September 2007)
238 Daniel S (12 September 2007)
239 - Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed
240 out a problem with doing an empty upload over FTP on a re-used connection.
241 I added test case 541 to reproduce it and to verify the fix.
243 - I noticed while writing test 541 that the FTP code wrongly did a CWD on the
244 second transfer as it didn't store and remember the "" path from the
245 previous transfer so it would instead CWD to the entry path as stored. This
246 worked, but did a superfluous command. Thus, test case 541 now also verifies
249 Dan F (5 September 2007)
250 - Added test case 1007 to test permission problem when uploading with TFTP
251 (to validate bug #1790403).
253 - TFTP now reports the "not defined" TFTP error code 0 as an error,
256 Daniel S (5 September 2007)
257 - Continued the work on a fix for #1779054
258 (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August
259 24 was not complete (either) but could accidentally "forget" parts of a
260 server response which led to faulty server response time-out errors.
262 Dan F (5 September 2007)
263 - Minix doesn't support getsockopt on UDP sockets or send/recv on TCP
266 Dan F (31 August 2007)
267 - Made some of the error strings returned by the *strerror functions more
268 generic, and more consistent with each other.
270 - Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants,
271 creating macros for backward compatibility:
273 CURLFTPSSL_NONE => CURLUSESSL_NONE
274 CURLFTPSSL_TRY => CURLUSESSL_TRY
275 CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL
276 CURLFTPSSL_ALL => CURLUSESSL_ALL
277 CURLFTPSSL_LAST => CURLUSESSL_LAST
279 Dan F (30 August 2007)
280 - Renamed several libcurl error codes and options to make them more general
281 and allow reuse by multiple protocols. Several unused error codes were
282 removed. In all cases, macros were added to preserve source (and binary)
283 compatibility with the old names. These macros are subject to removal at
284 a future date, but probably not before 2009. An application can be
285 tested to see if it is using any obsolete code by compiling it with the
286 CURL_NO_OLDIES macro defined.
288 The following unused error codes were removed:
290 CURLE_BAD_CALLING_ORDER
291 CURLE_BAD_PASSWORD_ENTERED
292 CURLE_FTP_CANT_RECONNECT
293 CURLE_FTP_COULDNT_GET_SIZE
294 CURLE_FTP_COULDNT_SET_ASCII
295 CURLE_FTP_USER_PASSWORD_INCORRECT
296 CURLE_FTP_WEIRD_USER_REPLY
297 CURLE_FTP_WRITE_ERROR
298 CURLE_LIBRARY_NOT_FOUND
302 CURLE_URL_MALFORMAT_USER
304 The following error codes were renamed:
306 CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED
307 CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE
308 CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED
309 CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR
310 CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL
311 CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS
312 CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR
314 The following options were renamed:
316 CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD
317 CURLOPT_FTPAPPEND => CURLOPT_APPEND
318 CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY
319 CURLOPT_FTP_SSL => CURLOPT_USE_SSL
321 A few more changes will take place with the next SONAME bump of the
322 library. These are documented in docs/TODO
324 - Documented some newer error codes in libcurl-error(3)
326 - Added more accurate error code returns from SFTP operations. Added test
327 case 615 to test an SFTP upload failure.
329 Dan F (28 August 2007)
330 - Some minor internal type and const changes based on a splint scan.
332 Daniel S (24 August 2007)
333 - Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
334 out that libcurl didn't deal with large responses from server commands, when
335 the single response was consisting of multiple lines but of a total size of
336 16KB or more. Dan Fandrich improved the ftp test script and provided test
337 case 1006 to repeat the problem, and I fixed the code to make sure this new
340 Patrick M (23 August 2007)
341 - OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*.
342 See packages/OS400/README.OS400.
344 Daniel S (23 August 2007)
345 - Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed
346 out that doing first a file:// upload and then an FTP upload crashed libcurl
347 or at best caused furious valgrind complaints. Fixed now!
349 Daniel S (22 August 2007)
350 - Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
351 out that libcurl didn't deal with very long (>16K) FTP server response lines
352 properly. Starting now, libcurl will chop them off (thus the client app will
353 not get the full line) but survive and deal with them fine otherwise. Test
354 case 1003 was added to verify this.
356 Daniel S (20 August 2007)
357 - Based on a patch by Christian Vogt, the FTP code now sets the upcoming
358 download transfer size much earlier to be possible to get read with
359 CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a
360 similar spirit to the HTTP size change from August 11 2007.
362 Daniel S (18 August 2007)
363 - Robson Braga Araujo filed bug report #1776232
364 (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling
365 Curl_client_write(), passing on a const string that the caller may not
366 modify and yet it does (on some platforms).
368 - Robson Braga Araujo filed bug report #1776235
369 (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY
370 on a directory would do a "SIZE (null)" request. This is now fixed and test
371 case 1000 was added to verify.
373 Daniel S (17 August 2007)
374 - Song Ma provided a patch that cures a problem libcurl has when doing resume
375 HTTP PUT using Digest authentication. Test case 5320 and 5322 were also
376 added to verify the functionality.
378 Daniel S (14 August 2007)
379 - Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
380 NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
381 UNICODE encode the strings it packs into the NTLM authenticate packet.
383 Daniel S (11 August 2007)
384 - Allen Pulsifer provided a patch that makes libcurl set the expected download
385 size earlier when doing HTTP downloads, so that applications and the
386 progress meter etc know get the info earlier in the flow than before.
388 - Patrick Monnerat modified the LDAP code and approach in curl. Starting now,
389 the configure script checks for openldap and friends and we link with those
390 libs just like we link all other third party libraries, and we no longer
391 dlopen() those libraries. Our private header file lib/ldap.h was renamed to
392 lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix)
393 just before this commit, just in case.
395 Dan F (8 August 2007)
396 - Song Ma noted a zlib memory leak in the illegal compressed header
397 countermeasures code path.
399 Daniel S (4 August 2007)
400 - Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
403 Daniel S (3 August 2007)
404 - I cut out support for libssh2 versions older than 0.16 to make our code a
405 lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
406 that 1) didn't work properly since it was >32 bits and 2) is removed in
409 Daniel S (2 August 2007)
410 - Scott Cantor filed bug report #1766320
411 (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
412 code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
413 CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
414 passed in as longs, and that makes a difference on 64 bit architectures.
416 - Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
417 after 7.16.2. This is much due to the different treatment file:// gets
418 internally, but now I added test 231 to make it less likely to happen again
421 Daniel S (1 August 2007)
422 - Patrick Monnerat and I modified libcurl so that now it *copies* all strings
423 passed to it with curl_easy_setopt()! Previously it has always just refered
424 to the data, forcing the user to keep the data around until libcurl is done
425 with it. That is now history and libcurl will instead clone the given
426 strings and keep private copies. This is also part of Patrick Monnerat's
429 Due to this being a somewhat interesting change API wise, I've decided to
430 bump the version of the upcoming release to 7.17.0. Older applications will
431 of course not notice this change nor do they have to care, but new
432 applications can be written to take advantage of this.
434 - Greg Morse reported a problem with POSTing using ANYAUTH to a server
435 requiring NTLM, and he provided test code and a test server and we worked
436 out a bug fix. We failed to count sent body data at times, which then caused
437 internal confusions when libcurl tried to send the rest of the data in order
438 to maintain the same connection alive.
440 Daniel S (31 July 2007)
441 - Peter O'Gorman pointed out (and fixed) that the non-blocking check in
442 configure made libcurl use blocking sockets on AIX 4 and 5, while that
443 wasn't the intention.
445 Daniel S (29 July 2007)
446 - Jayesh A Shah filed bug report #1759542
447 (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
448 problem with FTPS: libcurl closed the data connection socket and then later
449 in the flow it would call the SSL layer to do SSL shutdown which then would
450 use a socket that had already been closed - so if the application had opened
451 a new one in the mean time, libcurl could send gibberish that way! I worked
452 with Greg Zavertnik to properly diagnose and fix this. The fix affects code
453 for all SSL libraries we support, but it has only been truly verified to
454 work fine for the OpenSSL version. The others have only been code reviewed.
456 Daniel S (23 July 2007)
457 - Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
458 support for the OS/400 Secure Sockets Layer library.
461 - Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
462 some few internal identifiers to avoid conflicts, which could be useful on
465 Daniel S (22 July 2007)
466 - HTTP Digest bug fix by Chris Flerackers:
470 - Perfoming a POST request with body
471 - With authentication (only Digest)
472 - Re-using a connection
474 libcurl would send a HTTP POST with an Authorization header but without
475 body. Our server would return 400 Bad Request in that case (because
476 authentication passed, but the body was empty).
480 1) http_digest.c -> Curl_output_digest
481 - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
482 filled in (and no errors)
483 - authp->done = TRUE if d->nonce is filled in
484 2) http.c -> Curl_http
485 - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
486 3) http.c -> Curl_http, Curl_http_output_auth
488 So what happens is that Curl_output_digest cannot yet update the
489 Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
490 authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not
491 added. *However*, allocptr.userpwd is still used when building the request
493 - Added test case 354 that makes a simple FTP retrieval without password, which
494 verifies the bug fix in #1757328.
496 Daniel S (21 July 2007)
497 - To allow more flexibility in FTP test cases, I've removed the enforced states
498 from the test server code as they served no real purpose. The test server
499 is here to serve for the test cases, not to attempt to function as a real
500 server! While at it, I modified test case 141 to better test and verify
501 curl -I on a single FTP file.
503 Daniel S (20 July 2007)
504 - James Housley fixed the SFTP PWD command to work.
506 - Ralf S. Engelschall filed bug report #1757328
507 (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
508 turns out we broke login to FTP servers that don't require (nor understand)
509 PASS after the USER command. The breakage was done as part of the krb5
510 commit so a krb-using person needs to verify that the current version now
511 works or if we need to fix it (in a different way of course).
514 - Fixed test cases 613 and 614 by improving the log postprocessor to handle
515 a new directory listing format that newer libssh2's can provide. This
516 is probably NOT sufficient to handle all directory listing formats that
517 server's can provide, and should be revisited.
519 Daniel S (17 July 2007)
520 - Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
523 - Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
524 a control connection that was deemed "dead" to yet be re-used in a following
527 Daniel S (13 July 2007)
528 - Colin Hogben filed bug report #1750274
529 (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
530 case where libcurl did a connect attempt to a non-listening port and didn't
531 provide a human readable error string back.
533 - Daniel Cater fixes:
534 1 - made 'make vc8' work on windows.
535 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
536 define the symbols for backwards source compatibility)
537 3 - updated libcurl-errors.3
538 4 - added CURL_DISABLE_TFTP to docs/INSTALL
540 Daniel S (12 July 2007)
541 - Made the krb5 code build with Heimdal's GSSAPI lib.
544 - Compile most of the example apps in docs/examples when doing a 'make check'.
545 Fixed some compile warnings and errors in those examples.
547 - Removed the example program ftp3rdparty.c since libcurl doesn't support
548 3rd party FTP transfers any longer.
550 Daniel S (12 July 2007)
551 - Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
552 could in fact get stuck in an endless loop.
554 - Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
555 fail to connect if there is no Common Name field found in the remote cert.
556 We should deprecate the support for this set to 1 anyway soon, since the
557 feature is pointless and most likely never really used by anyone.
559 Daniel S (11 July 2007)
560 - Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
561 error pages for proxy authentication.
563 - Giancarlo Formicuccia reported and fixed a problem with a closed connection
564 to a proxy during CONNECT auth negotiation.
567 - Fixed a curl memory leak reported by Song Ma with a modified version
568 of the patch he suggested. Added his test case as test289 to verify.
570 - Force the time zone to GMT in the cookie tests in case the user is
571 using one of the so-called 'right' time zones that take into account
572 leap seconds, which causes the tests to fail (as reported by
573 Daniel Black in bug report #1745964).
575 Version 7.16.4 (10 July 2007)
577 Daniel S (10 July 2007)
578 - Kees Cook notified us about a security flaw
579 (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
580 properly reject some outdated or not yet valid server certificates when
581 built with GnuTLS. Kees also provided the patch.
583 James H (5 July 2007)
584 - Gavrie Philipson provided a patch that will use a more specific error
585 message for an scp:// upload failure. If libssh2 has his matching
586 patch, then the error message return by the server will be used instead
587 of a more generic error.
589 Daniel S (1 July 2007)
590 - Thomas J. Moore provided a patch that introduces Kerberos5 support in
591 libcurl. This also makes the options change name to --krb (from --krb4) and
592 CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still
594 - Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
597 Daniel S (27 June 2007)
598 - James Housley: Add two new options for the SFTP/SCP/FILE protocols:
599 CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
600 premissions for files and directories created on the remote
601 server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
602 CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
604 - I corrected the 10-at-a-time.c example and applied a patch for it by James
607 Daniel S (26 June 2007)
608 - Robert Iakobashvili re-arranged the internal hash code to work with a custom
609 hash function for different hashes, and also expanded the default size for
610 the socket hash table used in multi handles to greatly enhance speed when
611 very many connections are added and the socket API is used.
613 - James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
616 Daniel S (25 June 2007)
617 - Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
618 chunked encoding (that also lacks "Connection: close"). It now simply
619 assumes that the connection WILL be closed to signal the end, as that is how
620 RFC2616 section 4.4 point #5 says we should behave.
622 Version 7.16.3 (25 June 2007)
624 Daniel S (23 June 2007)
625 - As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and
626 http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do
627 no-body requests on FTP files on re-used connections properly, or at least
628 it didn't provide the info back in the header callback properly in the
631 Daniel S (21 June 2007)
632 - Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker
633 tool reports and it was indeed a legitimate one and it is one fixed. It was
634 a use of a share without doing the proper locking first.
636 Daniel S (20 June 2007)
637 - Adam Piggott filed bug report #1740263
638 (http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when
639 getting a large amount of URLs with curl, they were fetched slower and
640 slower... which turned out to be because the --libcurl data collecting which
641 wrongly always was enabled, but no longer is...
643 Daniel S (18 June 2007)
644 - Robson Braga Araujo filed bug report #1739100
645 (http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl
646 could not actually list the contents of the root directory of a given FTP
647 server if the login directory isn't root. I fixed the problem and added
648 three test cases (one is disabled for now since I identified KNOWN_BUGS #44,
649 we cannot use --ftp-method nocwd and list ftp directories).
651 Daniel S (14 June 2007)
654 I've encountered (and hopefully fixed) a problem involving proxy CONNECT
655 requests and easy handles state management. The problem isn't simple to
656 reproduce since it depends on socket state. It only manifests itself when
657 working with non-blocking sockets.
659 Here is the scenario:
661 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and
662 calls Curl_protocol_connect
664 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function
665 returns and conn->bits.tunnel_connecting is TRUE
667 3. when the call to Curl_protocol_connect returns the protocol_connect flag
668 is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which
669 isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT
672 I discovered this while performing an HTTPS request through a proxy (squid)
673 on my local network. The problem caused openssl to fail as it read the proxy
674 response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL
675 handshake (the exact openssl error was 'wrong ssl version' but this isn't
678 - Dave Vasilevsky filed bug report #1736875
679 (http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan
680 Fandrich mentioned a related build problem on the libcurl mailing list:
681 http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same
682 reason: the definitions of the POLL* defines and the pollfd struct in the
683 libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H.
685 Daniel S (13 June 2007)
686 - Tom Regner provided a patch and worked together with James Housley, so now
687 CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP
690 - Rich Rauenzahn filed bug report #1733119
691 (http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the
692 fix. The problem is that for 64bit HPUX builds, several socket-related
693 functions would still assume int (32 bit) arguments and not socklen_t (64
696 Daniel S (12 June 2007)
697 - James Housley brought his revamped SSH code that is state-machine driven to
698 really take advantage of the now totally non-blocking libssh2 (in CVS).
701 - Incorporated Daniel Black's test706 and test707 SOCKS test cases.
703 - Fixed a few problems when starting the SOCKS server.
705 - Reverted some recent changes to runtests.pl that weren't compatible with
708 - Fixed the test harness so that it actually kills the ssh being used as
711 Daniel S (6 June 2007)
712 - -s/--silent can now be used to toggle off the silence again if used a second
715 Daniel S (5 June 2007)
716 - Added Daniel Black's work that adds the first few SOCKS test cases. I also
717 fixed two minor SOCKS problems to make the test cases run fine.
719 Daniel S (31 May 2007)
720 - Feng Tu made (lib)curl support "upload" resuming work for file:// URLs.
722 Daniel S (30 May 2007)
723 - I modified the 10-at-a-time.c example to transfer 500 downloads in parallel
724 with a c-ares enabled build only to find that it crashed miserably, and this
725 was due to some select()isms left in the code. This was due to API
726 restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no
727 longer the case so now libcurl runs much better with c-ares and the multi
728 interface with > 1024 file descriptors in use.
730 Extra note: starting now we require c-ares 1.4.0 for asynchronous name
733 - Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting
734 the maximum size of the connection cache maximum size of the multi handle.
736 Daniel S (27 May 2007)
737 - When working with a problem Stefan Becker had, I found an off-by-one buffer
738 overwrite in Curl_select(). While fixing it, I also improved its performance
739 somewhat by changing calloc to malloc and breaking out of a loop earlier
742 Daniel S (25 May 2007)
743 - Rob Crittenden fixed bug #1705802
744 (http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
745 Black identifying several FTP-SSL test cases fail when we build libcurl with
746 NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
748 Daniel S (24 May 2007)
749 - Song Ma filed bug report #1724016
750 (http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading
751 glob-ranges for TFTP was broken in CVS. Fixed now.
753 - 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194)
754 pointed out that the warnf() function in the curl tool didn't properly deal
755 with the cases when excessively long words were used in the string to chop
758 Daniel S (22 May 2007)
759 - Andre Guibert de Bruet fixed a memory leak in the function that verifies the
760 peer's name in the SSL certificate when built for OpenSSL. The leak happens
761 for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
762 name from UTF8. He also fixed a leak when PKCS #12 parsing failed.
764 Daniel S (18 May 2007)
765 - Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
766 #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
767 transfer-related info "variables" were indeed overwritten with zeroes
768 wrongly and have now been adjusted. The upload size still isn't accurate.
770 Daniel S (17 May 2007)
771 - Feng Tu pointed out a division by zero error in the TFTP connect timeout
772 code for timeouts less than five seconds, and also provided a fix for it.
773 Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392)
776 - Added support for compiling under Minix 3.1.3 using ACK.
779 - Added SFTP directory listing test case 613.
781 - Added support for quote commands before a transfer using SFTP and test
784 - Changed the post-quote commands to occur after the transferred file is
787 - Allow SFTP quote commands chmod, chown, chgrp to set a value of 0.
790 - Kristian Gunstone fixed a problem where overwriting an uploaded file with
791 sftp didn't truncate it first, which would corrupt the file if the new
792 file was shorter than the old.
795 - Added FTPS test cases 406 and 407
797 Daniel S (8 May 2007)
798 - CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is
799 because I just made SCP uploads return this value if the file size of
800 the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to
801 reflect this news, and a define for the old name was added to the public
804 Daniel S (7 May 2007)
805 - James Bursa fixed a bug in the multi handle code that made the connection
806 cache grow a bit too much, beyond the normal 4 * easy_handles.
808 Daniel S (2 May 2007)
809 - Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0
810 when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is
811 not very nice if the client wants to be able to use _either_ a HTTP 1.1
812 server or one within the aliases list... so starting now, libcurl will
813 simply consider 200-alias matches the to be HTTP 1.0 compliant.
815 - Tobias Rundström reported a problem they experienced with xmms2 and recent
816 libcurls, which turned out to be the 25-nov-2006 change which treats HTTP
817 responses without Content-Length or chunked encoding as without bodies. We
818 now added the conditional that the above mentioned response is only without
819 body if the response is HTTP 1.1.
821 - Jeff Pohlmeyer improved the hiperfifo.c example to use the
822 CURLMOPT_TIMERFUNCTION callback option.
824 - Set the timeout for easy handles to expire really soon after addition or
825 when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform,
826 to make applications using only curl_multi_socket() to properly function
827 when adding easy handles "on the fly". Bug report and test app provided by
830 Dan F (30 April 2007)
831 - Improved the test harness to allow running test servers on other than
832 the default port numbers, allowing more than one test suite to run
833 simultaneously on the same host.
835 Daniel S (28 April 2007)
836 - Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
837 since it then inits libgcrypt and libgcrypt is being evil and EXITS the
838 application if it fails to get a fine random seed. That's really not a nice
839 thing to do by a library.
841 - Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
842 been removed from a multi handle, and then fixed another flaw that prevented
843 curl_easy_duphandle() to work even after the first fix - the handle was
844 still marked as using the multi interface.
846 Daniel S (26 April 2007)
847 - Peter O'Gorman found a problem with SCP downloads when the downloaded file
848 was 16385 bytes (16K+1) and it turned out we didn't properly always "suck
849 out" all data from libssh2. The effect being that libcurl would hang on the
850 socket waiting for data when libssh2 had in fact already read it all...
852 Dan F (25 April 2007)
853 - Added support in runtests.pl for "!n" test numbers to disable individual
854 tests. Changed -t to only keep log files around when -k is specified,
855 to have the same behaviour as without -t.
857 Daniel S (25 April 2007)
858 - Sonia Subramanian brought our attention to a problem that happens if you set
859 the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection
860 in the connection cache is closed to make room for the new one when you call
861 curl_easy_perform(). It would then wrongly free range-related data in the
862 connection close funtion.
864 Yang Tse (25 April 2007)
865 - Steve Little fixed compilation on VMS 64-bit mode
867 Daniel S (24 April 2007)
868 - Robert Iakobashvili made the 'master_buffer' get allocated first once it is
869 can/will be used as it then makes the common cases save 16KB of data for each
870 easy handle that isn't used for pipelining.
872 Dan F (23 April 2007)
873 - Added <postcheck> support to the test harness.
875 - Added tests 610-612 to test more SFTP post-quote commands.
877 Daniel S (22 April 2007)
878 - Song Ma's warning if -r/--range is given with a "bad" range, also noted in
881 - Daniel Black filed bug #1705177
882 (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
883 --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
886 Daniel S (21 April 2007)
887 - Daniel Black filed bug #1704675
888 (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
889 problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on
890 closedown after a failure and a bad #ifdef for NSS when closing down SSL.
892 Yang Tse (20 April 2007)
893 - Save one call to curlx_tvnow(), which calls gettimeofday(), in each of
894 Curl_socket_ready(), Curl_poll() and Curl_select() when these are called
895 with a zero timeout or a timeout value indicating a blocking call should
898 Daniel S (18 April 2007)
899 - James Housley made SFTP uploads use libssh2's non-blocking API
901 - Prevent the internal progress meter from updating more frequently than once
904 Dan F (17 April 2007)
905 - Added test cases 296, 297 and 298 to test --ftp-method handling
907 Daniel S (16 April 2007)
908 - Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a
909 function that deprecates the curl_multi_socket() function. Using the new
910 function the application tell libcurl what action that was found in the
911 socket that it passes in. This gives a significant performance boost as it
912 allows libcurl to avoid a call to poll()/select() for every call to
913 curl_multi_socket*().
915 I added a define in the public curl/multi.h header file that will make your
916 existing application automatically use curl_multi_socket_action() instead of
917 curl_multi_socket() when you recompile. But of course you'll get better
918 performance if you adjust your code manually and actually pass in the
919 correct action bitmask to this function.
921 Daniel S (14 April 2007)
922 - Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test
923 suite to make stunnel run better in some (most?) environments.
925 Dan F (13 April 2007)
926 - Added test cases 294 and 295 to test --ftp-account handling
928 - Improved handling of out of memory in ftp.
930 Yang Tse (13 April 2007)
931 - Fix test case 534 which started to fail 2007-04-13 due to the existance
932 of a new host on the net with the same silly domain the test was using
933 for a host which was supposed not to exist.
935 Daniel S (12 April 2007)
936 - Song Ma found a memory leak in the if2ip code if you pass in an interface
937 name longer than the name field of the ifreq struct (typically 6 bytes), as
938 then it wouldn't close the used dummy socket. Bug #1698974
939 (http://curl.haxx.se/bug/view.cgi?id=1698974)
941 Version 7.16.2 (11 April 2007)
943 Yang Tse (10 April 2007)
944 - Ravi Pratap provided some fixes for HTTP pipelining
946 - configure script will ignore --enable-sspi option for non-native Windows.
948 Daniel S (9 April 2007)
949 - Nick Zitzmann did ssh.c cleanups
951 Daniel S (3 April 2007)
952 - Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
954 Daniel S (2 April 2007)
955 - Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
956 accepted commands are as follows:
959 Changes the group ID of the file or directory at (path) to (gid). (gid)
963 Changes the permissions of the file or directory at (path) to
964 (perms). (perms) must be a number in the format used by the chmod Unix
968 Changes the user ID of the file or directory at (path) to (uid). (uid)
972 Creates a symbolic link at (dest) that points to the file located at
976 Creates a new directory at (path).
978 rename (source) (dest)
979 Moves the file or directory at (source) to (dest).
982 Deletes the file located at (path).
985 Deletes the directory located at (path). This command will raise an error
986 if the directory is not empty.
988 symlink (source) (dest)
991 Daniel S (1 April 2007)
992 - Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
993 easy handles are added to a multi handle, by avoiding the looping over all
994 the handles to find which one to remove.
996 - Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
998 Daniel S (31 March 2007)
999 - Fixed several minor issues detected by the coverity.com scanner.
1001 - "Pixel" fixed a problem that appeared when you used -f with user+password
1002 embedded in the URL.
1004 Dan F (29 March 2007)
1005 - Don't tear down the ftp connection if the maximum filesize was exceeded
1006 and added tests 290 and 291 to check.
1008 - Added ftps upload and SSL required tests 401 and 402.
1010 - Send an EOF message before closing an SCP channel, as recommended by
1011 RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
1013 Yang Tse (27 March 2007)
1014 - Internal function Curl_select() renamed to Curl_socket_ready()
1016 New Internal wrapper function Curl_select() around select (2), it
1017 uses poll() when a fine poll() is available, so now libcurl can be
1018 built without select() support at all if a fine poll() is available.
1020 Daniel S (25 March 2007)
1021 - Daniel Johnson fixed multi code to traverse the easy handle list properly.
1022 A left-over bug from the February 21 fix.
1024 Dan F (23 March 2007)
1025 - Added --pubkey option to curl and made --key also work for SCP/SFTP,
1026 plus made --pass work on an SSH private key as well.
1028 - Changed the test harness to attempt to gracefully shut down servers
1029 before resorting to the kill -9 hammer.
1031 - Added test harness infrastructure to support scp/sftp tests, using
1032 OpenSSH as the server.
1034 - Fixed a memory leak when specifying a proxy with a file: URL.
1036 Yang Tse (20 March 2007)
1037 - Fixed: When a signal was caught awaiting for an event using Curl_select()
1038 or Curl_poll() with a non-zero timeout both functions would restart the
1039 specified timeout. This could even lead to the extreme case that if a
1040 signal arrived with a frecuency lower to the specified timeout neither
1041 function would ever exit.
1043 Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
1044 Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
1045 defined both functions will return as soon as a signal is caught. Use it
1046 at your own risk, all calls to these functions in the library should be
1047 revisited and checked before fully supporting this feature.
1049 Yang Tse (19 March 2007)
1050 - Bryan Henderson fixed the progress function so that it can get called more
1051 frequently allowing same calling frecuency for the client progress callback.
1053 Dan F (15 March 2007)
1054 - Various memory leaks plugged and NULL pointer fixes made in the ssh code.
1056 Daniel (15 March 2007)
1057 - Nick made the curl tool accept globbing ranges that only is one number, i.e
1058 you can now use [1-1] without curl complaining.
1060 Daniel (10 March 2007)
1063 The problem is the following: when we're calling Curl_done and it decides to
1064 keep the connection opened ('left intact'), then the caller is not notified
1065 that the connection was done via the NULLifying of the pointer, so some easy
1066 handle is keeping the pointer to this connection.
1068 Later ConnectionExists can select such connection for reuse even if we're
1069 not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
1070 false and we can reuse this connection for another easy handle. But thus the
1071 connection will be shared between two easy handles if the handle that wants
1072 to take the ownership is not the same as was not notified of the connection
1073 was done in Curl_done. And when some of these easy handles will get their
1074 connection really freed the another one will still keep the pointer.
1076 My fix was rather trivial: I just added the NULLification to the 'else'
1077 branch in the Curl_done. My tests with Git and ElectricFence showed no
1078 problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
1079 so it was a considerable amount of Curl's work.
1081 Dan F (9 March 2007)
1082 - Updated the test harness to add a new "crypto" feature check and updated the
1083 appropriate test case to use it. For now, this is treated the same as the
1084 "SSL" feature because curl doesn't list it separately.
1086 Daniel (9 March 2007)
1087 - Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
1089 - Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
1092 - Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
1093 upload a file it couldn't open. Bug #1676581
1094 (http://curl.haxx.se/bug/view.cgi?id=1676581)
1096 Dan F (9 March 2007)
1097 - Updated the test harness to check for protocol support before running each
1098 test, fixing KNOWN_BUGS #11.
1100 Dan F (7 March 2007)
1101 - Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
1102 harness. It is very limited as it supports only ftps:// URLs with
1103 --ftp-ssl-control specified, which implicitly encrypts the control
1104 channel but not the data channels. That allows stunnel to be used with
1105 an unmodified ftp server in exactly the same way that the test https
1108 Dan F (7 March 2007)
1109 - Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
1110 unencrypted data connections.
1112 Dan F (6 March 2007)
1113 - Fixed a couple of improper pointer uses detected by valgrind in test
1116 Daniel (2 March 2007)
1117 - Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
1118 makefiles that are included in the source release archives, generated from
1119 the Makefile.vc6 files by the maketgz script. I also modified the root
1120 Makefile to have a VC variable that defaults to vc6 but can be overridden to
1121 allow it to be used for vc8 as well. Like this:
1125 Daniel (27 February 2007)
1126 - Hang Kin Lau found and fixed: When I use libcurl to connect to an https
1127 server through a proxy and have the remote https server port set using the
1128 CURLOPT_PORT option, protocol gets reset to http from https after the first
1131 User defined URL was modified internally by libcurl and subsequent reuse of
1132 the easy handle may lead to connection using a different protocol (if not
1135 I found that libcurl hardcoded the protocol to "http" when it tries to
1136 regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
1137 follows and it's working fine so far
1139 Daniel (25 February 2007)
1140 - Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
1141 the multi interface. Note that it still does a part of the connection in a
1144 Daniel (23 February 2007)
1145 - Added warning outputs if the command line uses more than one of the options
1146 -v, --trace and --trace-ascii, since it could really confuse the user.
1147 Clarified this fact in the man page.
1149 Daniel (21 February 2007)
1150 - Ravi Pratap provided work on libcurl making pipelining more robust and
1152 o Don't mix GET and POST requests in a pipeline
1153 o Fix the order in which requests are dispatched from the pipeline
1154 o Fixed several curl bugs with pipelining when the server is returning
1156 * Added states to chunked parsing for final CRLF
1157 * Rewind buffer after parsing chunk with data remaining
1158 * Moved chunked header initializing to a spot just before receiving
1161 Daniel (20 February 2007)
1162 - Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
1163 active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
1166 Daniel (19 February 2007)
1167 - Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
1169 - Shmulik Regev found a memory leak in re-used HTTPS connections, at least
1170 when the multi interface was used.
1172 - Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
1175 Daniel (18 February 2007)
1176 - Jeff Pohlmeyer identified two problems: first a rather obscure problem with
1177 the multi interface and connection re-use that could make a
1178 curl_multi_remove_handle() ruin a pointer in another handle.
1180 The second problem was less of an actual problem but more of minor quirk:
1181 the re-using of connections wasn't properly checking if the connection was
1184 Daniel (16 February 2007)
1185 - Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
1186 CURLOPT_RANGE back to no range on an easy handle when using FTP.
1188 Dan F (14 February 2007)
1189 - Fixed curl-config --libs so it doesn't list unnecessary libraries (and
1190 therefore introduce unnecessary dependencies) when it's not needed.
1191 Also, don't bother adding a library path of /usr/lib
1193 Daniel (13 February 2007)
1194 - The default password for anonymous FTP connections is now changed to be
1197 - Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
1198 gmtime_r() like the older VC versions. He also made use of some machine-
1199 specific defines to differentiate the "OS" define.
1201 Daniel (12 February 2007)
1202 - Rob Crittenden added support for NSS (Network Security Service) for the
1203 SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
1205 This is the fourth supported library for TLS/SSL that libcurl supports!
1207 - Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
1208 to the debug callback.
1210 - Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
1211 CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
1212 internal decoding of content or transfer encoded content. This may be
1213 preferable in cases where you use libcurl for proxy purposes or similar. The
1214 command line tool got a --raw option to disable both at once.
1216 - release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
1217 define set to hold the exact date and time of when the tarball was built, as
1218 a human readable string using the UTC time zone.
1220 - Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
1221 that has an easy handle present in the "closure" list pending closure.
1223 Daniel (6 February 2007)
1224 - Regular file downloads wiht SFTP and SCP are now done using the non-blocking
1225 API of libssh2, if the libssh2 headers seem to support them. This will make
1226 SCP and SFTP much more responsive and better libcurl citizens when used with
1227 the multi interface etc.
1229 Daniel (5 February 2007)
1230 - Michael Wallner added support for CURLOPT_TIMEOUT_MS and
1231 CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
1232 millisecond resolution. The only restriction to that is the alarm()
1233 (sometimes) used to abort name resolves as that uses full seconds. I fixed
1234 the FTP response timeout part of the patch.
1236 Internally we now count and keep the timeouts in milliseconds but it also
1237 means we multiply set timeouts with 1000. The effect of this is that no
1238 timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
1239 equals 24.86 days. We probably couldn't before either since the code did
1240 *1000 on the timeout values on several places already.
1242 Daniel (3 February 2007)
1243 - Yang Tse fixed the cookie expiry date in several test cases that started to
1244 fail since they used "1 feb 2007"...
1246 - Manfred Schwarb reported that socks5 support was broken and help us pinpoint
1247 the problem. The code now tries harder to use httproxy and proxy where
1248 apppropriate, as not all proxies are HTTP...
1250 Version 7.16.1 (29 January 2007)
1252 Daniel (29 January 2007)
1253 - Michael Wallner reported that when doing a CONNECT with a custom User-Agent
1254 header, you got _two_ User-Agent headers in the CONNECT request...! Added
1255 test case 287 to verify the fix.
1257 Daniel (28 January 2007)
1258 - curl_easy_reset() now resets the CA bundle path correctly.
1260 - David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
1263 Daniel (25 January 2007)
1264 - Added the --libcurl [file] option to curl. Append this option to any
1265 ordinary curl command line, and you will get a libcurl-using source code
1266 written to the file that does the equivalent operation of what your command
1267 line operation does!
1269 Dan F (24 January 2007)
1270 - Fixed a dangling pointer problem that prevented the http_proxy environment
1271 variable from being properly used in many cases (and caused test case 63
1274 Daniel (23 January 2007)
1275 - David McCreedy did NTLM changes mainly for non-ASCII platforms:
1278 There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
1279 defined. I noticed this while testing various configurations. Line 867 of
1280 the current http_ntlm.c is a closing bracket for an if/else pair that only
1281 gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
1282 wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
1283 defined. Lines 198 and 140 of my patch wraps that closing bracket in an
1284 #ifdef USE_NTLM2SESSION.
1287 I noticed several picky compiler warnings when DEBUG_ME is defined. I've
1288 fixed them with casting. By the way, DEBUG_ME was a huge help in
1289 understanding this code.
1292 Hopefully the last non-ASCII conversion patch for libcurl in a while. I
1293 changed the "NTLMSSP" literal to hex since this signature must always be in
1296 Conversion code was strategically added where necessary. And the
1297 Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
1298 creates are NOT translated on non-ASCII platforms.
1300 Dan F (22 January 2007)
1301 - Converted (most of) the test data files into genuine XML. A handful still
1302 are not, due mainly to the lack of support for XML character entities
1303 (e.g. & => & ). This will make it easier to validate test files using
1304 tools like xmllint, as well as to edit and view them using XML tools.
1306 Daniel (16 January 2007)
1307 - Armel Asselin improved libcurl to behave a lot better when an easy handle
1308 doing an FTP transfer is removed from a multi handle before completion. The
1309 fix also fixed the "alive counter" to be correct on "premature removal" for
1312 Dan F (16 January 2007)
1313 - Fixed a small memory leak in tftp uploads discovered by curl's memory leak
1314 detector. Also changed tftp downloads to URL-unescape the downloaded
1317 Daniel (14 January 2007)
1318 - David McCreedy provided libcurl changes for doing HTTP communication on
1319 non-ASCII platforms. It does add some complexity, most notably with more
1320 #ifdefs, but I want to see this supported added and I can't see how we can
1321 add it without the extra stuff added.
1323 - Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
1324 libcurl would crash when trying to read a NULL pointer.
1326 Daniel (12 January 2007)
1327 - Toby Peterson found a nasty bug that prevented (lib)curl from properly
1328 downloading (most) things that were larger than 4GB on 32 bit systems. Matt
1329 Witherspoon helped as narrow down the problem.
1331 Daniel (5 January 2007)
1332 - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
1333 curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
1334 will make libcurl shutdown SSL/TLS after the authentication is done on a
1337 Daniel (4 January 2007)
1338 - David McCreedy made changes to allow base64 encoding/decoding to work on
1339 non-ASCII platforms.
1341 Daniel (3 January 2007)
1342 - Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
1343 downloaded data in two buffers, just to be able to deal with a special HTTP
1344 pipelining case. That is now only activated for pipelined transfers. In
1345 Matt's case, it showed as a considerable performance difference,
1347 Daniel (2 January 2007)
1348 - Victor Snezhko helped us fix bug report #1603712
1349 (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
1350 (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
1351 on Windows (since 7.16.0, but that's when they were introduced as previous
1352 to that the limiting logic was made in the application only and not in the
1353 library). It was actually also broken on select()-based systems (as apposed
1354 to poll()) but we haven't had any such reports. We now use select(), Sleep()
1355 or delay() properly to sleep a while without waiting for anything input or
1356 output when the rate limiting is activated with the easy interface.
1358 - Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
1359 to get built static. It has been mentioned before and was again brought to
1360 our attention by Nathanael Nerode who filed debian bug report #405226
1361 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).