Daniel Stenberg [Sun, 8 Mar 2009 22:45:59 +0000 (22:45 +0000)]
Andre Guibert de Bruet fixed a typo in the error message
Daniel Stenberg [Sun, 8 Mar 2009 22:42:50 +0000 (22:42 +0000)]
- Bill Egert pointed out (curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Dan Fandrich [Thu, 5 Mar 2009 06:44:18 +0000 (06:44 +0000)]
Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
Yang Tse [Thu, 5 Mar 2009 01:23:14 +0000 (01:23 +0000)]
Fix NTLM authentication memory leak on SSPI enabled Windows builds
Dan Fandrich [Wed, 4 Mar 2009 08:09:39 +0000 (08:09 +0000)]
Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
Daniel Stenberg [Tue, 3 Mar 2009 13:25:19 +0000 (13:25 +0000)]
Added test 1097 to verify the bug Axel Kuhn epidox posted on March 3 2009
on curl-users, it is also added to DISABLED since I don't have time to work
on it further right now.
Daniel Stenberg [Tue, 3 Mar 2009 11:01:24 +0000 (11:01 +0000)]
- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
Daniel Stenberg [Tue, 3 Mar 2009 10:41:11 +0000 (10:41 +0000)]
15 additional contributor from the 7.19.4 RELEASE-NOTES
Daniel Stenberg [Tue, 3 Mar 2009 10:02:26 +0000 (10:02 +0000)]
Gah! We can't have 'curl' added here since even though it removes the curl
binary it also removes the include/curl subdir!
Patrick Monnerat [Tue, 3 Mar 2009 09:57:21 +0000 (09:57 +0000)]
Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated definitions added to RPG binding
Daniel Stenberg [Mon, 2 Mar 2009 23:44:42 +0000 (23:44 +0000)]
start over on the journey towards 7.19.5
Daniel Stenberg [Mon, 2 Mar 2009 23:05:31 +0000 (23:05 +0000)]
- David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
which previous libcurl versions (by design) can be tricked to access an
arbitrary local/different file instead of a remote one when
CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
together this the addition of two new setopt options for controlling this
new behavior:
o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
excludes the FILE and SCP protocols and thus you nee to explicitly allow
them in your app if you really want that behavior.
o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
using the primary URL option. This is useful if you want to allow a user or
other outsiders control what URL to pass to libcurl and yet not allow all
protocols libcurl may have been built to support.
Daniel Stenberg [Mon, 2 Mar 2009 10:43:46 +0000 (10:43 +0000)]
7.19.4 won't get anything else
Daniel Stenberg [Mon, 2 Mar 2009 09:03:11 +0000 (09:03 +0000)]
the Eiffel binding
Daniel Stenberg [Sun, 1 Mar 2009 14:20:26 +0000 (14:20 +0000)]
nothing more left for 7.19.4, the issue #216 is moved to 7.19.5 since we're
too close to release now
Yang Tse [Sat, 28 Feb 2009 01:35:53 +0000 (01:35 +0000)]
for portability reasons: s/inet_pton/Curl_inet_pton/
Yang Tse [Sat, 28 Feb 2009 01:11:57 +0000 (01:11 +0000)]
fix compiler warning
Daniel Stenberg [Fri, 27 Feb 2009 13:52:05 +0000 (13:52 +0000)]
mention the '-o -' trick
Daniel Stenberg [Fri, 27 Feb 2009 12:11:08 +0000 (12:11 +0000)]
217 - Dan Fandrich's "GnuTLS initialization thread safety"
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by
Markus Koetter
Both are now committed
Daniel Stenberg [Fri, 27 Feb 2009 12:07:14 +0000 (12:07 +0000)]
- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
Markus Koetter provided the fix!
Daniel Stenberg [Fri, 27 Feb 2009 08:53:10 +0000 (08:53 +0000)]
Indentation fixes, untabify and related whitespace-cleanup. No code changed.
Daniel Stenberg [Wed, 25 Feb 2009 12:51:39 +0000 (12:51 +0000)]
corrected and clarified the top comment
Daniel Stenberg [Wed, 25 Feb 2009 12:51:17 +0000 (12:51 +0000)]
- As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 2007) moved the init to a later time
just to avoid it to fail very early when libgcrypt dislikes the situation,
but that move was bad and the fix should rather be in libgcrypt or
elsewhere.
Daniel Stenberg [Tue, 24 Feb 2009 09:42:39 +0000 (09:42 +0000)]
improved
Daniel Stenberg [Tue, 24 Feb 2009 09:35:55 +0000 (09:35 +0000)]
A handy little helper file for doing recursive diffs on curl source/build trees
without involving CVS:
diff -X diff-exclude -ru curl-old curl-patched
Daniel Stenberg [Tue, 24 Feb 2009 08:30:09 +0000 (08:30 +0000)]
- Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
time for both proxy and server auth which of course was wrong.
Daniel Stenberg [Mon, 23 Feb 2009 21:21:00 +0000 (21:21 +0000)]
4.17 Non-functional connect timeouts
Daniel Stenberg [Mon, 23 Feb 2009 18:45:00 +0000 (18:45 +0000)]
- After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
-1 if the sizes aren't know. Previously these returned 0, make it impossible
to detect the difference between actually zero and unknown.
Daniel Stenberg [Mon, 23 Feb 2009 16:28:51 +0000 (16:28 +0000)]
For 7.19.5 (due to feature freeze)
220 - Take advantage of libssh2_version() that's been added for the upcoming
1.1, to extract the run-time version number properly.
Yang Tse [Mon, 23 Feb 2009 14:34:40 +0000 (14:34 +0000)]
adjustment for new Mac OS X framework build script
Yang Tse [Mon, 23 Feb 2009 12:39:06 +0000 (12:39 +0000)]
Daniel Johnson provided a shell script that will perform all the steps needed
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
Daniel Stenberg [Mon, 23 Feb 2009 10:40:36 +0000 (10:40 +0000)]
mention default port number
Daniel Stenberg [Mon, 23 Feb 2009 09:36:54 +0000 (09:36 +0000)]
- I renamed everything in the windows builds files that used the name 'curllib'
to the proper 'libcurl' as clearly this caused confusion.
Daniel Stenberg [Mon, 23 Feb 2009 09:36:08 +0000 (09:36 +0000)]
lzma compressed tarballs too for some testing, it does produce MUCH smaller
files
Yang Tse [Mon, 23 Feb 2009 01:04:18 +0000 (01:04 +0000)]
use the internal snprintf() function
Daniel Stenberg [Fri, 20 Feb 2009 22:56:55 +0000 (22:56 +0000)]
mention 4 pending fixes/patches
Yang Tse [Fri, 20 Feb 2009 12:10:23 +0000 (12:10 +0000)]
Mark Incley noticed VS2008 compilation halting when building for Windows 2000
Yang Tse [Fri, 20 Feb 2009 11:30:11 +0000 (11:30 +0000)]
Do not halt compilation when using VS2008 to build a Windows 2000 target
Daniel Stenberg [Fri, 20 Feb 2009 09:14:25 +0000 (09:14 +0000)]
clarified the FTP passive/active mode options somewhat
Daniel Stenberg [Fri, 20 Feb 2009 08:19:19 +0000 (08:19 +0000)]
the FTP multi interface bug
Daniel Stenberg [Fri, 20 Feb 2009 08:16:03 +0000 (08:16 +0000)]
- Linus Nielsen Feltzing reported and helped me repeat and fix a problem with
FTP with the multi interface: when a transfer fails, like when aborted by a
write callback, the control connection was wrongly closed and thus not
re-used properly.
This change is also an attempt to cleanup the code somewhat in this area, as
now the FTP code attempts to keep (better) track on pending responses
necessary to get read in ftp_done().
Daniel Stenberg [Thu, 19 Feb 2009 18:49:03 +0000 (18:49 +0000)]
The C++ binding home was changed
Daniel Stenberg [Thu, 19 Feb 2009 13:47:06 +0000 (13:47 +0000)]
verify that a 550-response for a RETR returns 78 but also that the control
connection is kept alive afterwards
Daniel Stenberg [Thu, 19 Feb 2009 10:36:20 +0000 (10:36 +0000)]
- Patrik Thunstrom reported a problem and helped me repeat it. It turned out
libcurl did a superfluous 1000ms wait when doing SFTP downloads!
We read data with libssh2 while doing the "DO" operation for SFTP and then
when we were about to start getting data for the actual file part, the
"TRANSFER" part, we waited for socket action (in 1000ms) before doing a
libssh2-read. But in this case libssh2 had already read and buffered the
data so we ended up always just waiting 1000ms before we get working on the
data!
Daniel Stenberg [Wed, 18 Feb 2009 19:31:55 +0000 (19:31 +0000)]
spell-fixed comments and other minor non-code edits
Patrick Monnerat [Wed, 18 Feb 2009 11:40:16 +0000 (11:40 +0000)]
FTP downloads (i.e.: RETR) ending with code 550 now return error CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.
Patrick Monnerat [Tue, 17 Feb 2009 16:16:07 +0000 (16:16 +0000)]
Continue sync work on OS400 specific code and RPG binding.
Daniel Stenberg [Tue, 17 Feb 2009 12:18:34 +0000 (12:18 +0000)]
- Kamil Dudka made NSS-powered builds compile and run again!
Daniel Stenberg [Tue, 17 Feb 2009 12:14:41 +0000 (12:14 +0000)]
- A second follow-up change by Andre Guibert de Bruet to fix a related memory
leak like that fixed on the 14th. When zlib returns failure, we need to
cleanup properly before returning error.
Daniel Stenberg [Tue, 17 Feb 2009 09:43:27 +0000 (09:43 +0000)]
three new CURLFTP_CREATE_DIR* symbols
Daniel Stenberg [Tue, 17 Feb 2009 09:07:25 +0000 (09:07 +0000)]
- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for
plain FTP connections, and it will then allow MKD to fail once and retry the
CWD afterwards. This is especially useful if you're doing many simultanoes
connections against the same server and they all have this option enabled,
as then CWD may first fail but then another connection does MKD before this
connection and thus MKD fails but trying CWD works! The numbers can
(should?) now be set with the convenience enums now called
CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.
Tests has proven that if you're making an application that uploads a set of
files to an ftp server, you will get a noticable gain in speed if you're
using multiple connections and this option will be then be very useful.
Patrick Monnerat [Mon, 16 Feb 2009 15:33:17 +0000 (15:33 +0000)]
Preparation of imminent release: synchronizing OS400 wrappers + RPG binding to current state.
Gisle Vanem [Sat, 14 Feb 2009 13:43:18 +0000 (13:43 +0000)]
In MSVC9 'time_t' is a 64-bit quantity. This causes a truncation warning
when an 'int' is assigned to a 'time_t' variable. Hence redefine 'retry_time'
and 'retry_max' to 'time_t'.
Daniel Stenberg [Sat, 14 Feb 2009 09:12:55 +0000 (09:12 +0000)]
nah, use the simpler year - year range syntax only, no matter what emacs'
copyright-update script thinks
Daniel Stenberg [Sat, 14 Feb 2009 09:09:09 +0000 (09:09 +0000)]
- Andre Guibert de Bruet found and fixed a memory leak in the content encoding
code, which could happen on libz errors.
Daniel Stenberg [Fri, 13 Feb 2009 14:34:07 +0000 (14:34 +0000)]
there is nothing left planned for next release, metalink experiments are post-
poned
Daniel Stenberg [Fri, 13 Feb 2009 09:12:52 +0000 (09:12 +0000)]
Anthony Bryan's letter=>symbol fixes
Yang Tse [Fri, 13 Feb 2009 06:34:44 +0000 (06:34 +0000)]
ignore
Yang Tse [Fri, 13 Feb 2009 06:25:35 +0000 (06:25 +0000)]
Remove following files generated on previous buildconf run:
ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4
Yang Tse [Fri, 13 Feb 2009 05:49:58 +0000 (05:49 +0000)]
check for poll() as it is done for other functions
Dan Fandrich [Thu, 12 Feb 2009 23:57:17 +0000 (23:57 +0000)]
Fixed NTLM on curl-config --features with GnuTLS
Dan Fandrich [Thu, 12 Feb 2009 20:48:40 +0000 (20:48 +0000)]
Added support for Digest and NTLM authentication using GnuTLS.
Daniel Stenberg [Thu, 12 Feb 2009 08:05:23 +0000 (08:05 +0000)]
credit Jocelyn Jaubert for his bug report and associated work
Daniel Stenberg [Wed, 11 Feb 2009 21:47:14 +0000 (21:47 +0000)]
- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if
the condition in the previous request was unmet. This is typically a time
condition set with CURLOPT_TIMECONDITION and was previously not possible to
reliably figure out. From bug report #2565128
(http://curl.haxx.se/bug/view.cgi?id=2565128)
Daniel Stenberg [Tue, 10 Feb 2009 13:06:25 +0000 (13:06 +0000)]
Added docs/libcurl/symbols-in-versions
Daniel Stenberg [Tue, 10 Feb 2009 12:52:09 +0000 (12:52 +0000)]
completed the CURLPROXY_ collection
Daniel Stenberg [Tue, 10 Feb 2009 12:39:26 +0000 (12:39 +0000)]
include the symbols-in-versions file in the release archive
Daniel Stenberg [Tue, 10 Feb 2009 12:34:41 +0000 (12:34 +0000)]
remove a trailing name from a comment
Daniel Stenberg [Tue, 10 Feb 2009 12:33:10 +0000 (12:33 +0000)]
introducing the symbols-in-versions file, in an effort to help app authors
to better know and track symbols in earlier libcurl versions
Daniel Stenberg [Tue, 10 Feb 2009 12:32:12 +0000 (12:32 +0000)]
mention when CURLOPT_ADDRESS_SCOPE was added
Daniel Stenberg [Mon, 9 Feb 2009 16:09:45 +0000 (16:09 +0000)]
#45. libcurl built to support ipv6 uses getaddrinfo() to resolve host names.
getaddrinfo() sorts the response list
This isn't a libcurl bug since this is how getaddrinfo() is *supposed* to work!
Apparently you deal with this using the /etc/gai.conf file.
Daniel Stenberg [Mon, 9 Feb 2009 16:08:08 +0000 (16:08 +0000)]
#53. SFTP busy-loop problem. should be fixed in 7.19.3 with libssh2 1.0 (or
later)
Daniel Stenberg [Sat, 7 Feb 2009 22:53:37 +0000 (22:53 +0000)]
Moved Curl_strntoupper() to the rawstr.c file where the other raw string
functions are.
Daniel Stenberg [Sat, 7 Feb 2009 22:47:07 +0000 (22:47 +0000)]
214 - progress bar prefix, second try (for the curl tool)
patch declined
Dan Fandrich [Fri, 6 Feb 2009 19:25:32 +0000 (19:25 +0000)]
Mention the first release of CURLOPT_FTP_FILEMETHOD
Dan Fandrich [Thu, 5 Feb 2009 00:13:40 +0000 (00:13 +0000)]
Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
This couldn't ever overflow in curl, but might if the code were used
elsewhere or under different conditions.
Dan Fandrich [Wed, 4 Feb 2009 23:40:57 +0000 (23:40 +0000)]
Fixed a typo (spotted in the FreeBSD ports).
Dan Fandrich [Wed, 4 Feb 2009 23:33:34 +0000 (23:33 +0000)]
Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS
(respectively) when --with-ssl=/usr is used (patch based on FreeBSD).
Daniel Stenberg [Wed, 4 Feb 2009 21:22:13 +0000 (21:22 +0000)]
206 - A. Craig West's CURLOPT_HTTP_VERSION change for CONNECT
applied!
Daniel Stenberg [Tue, 3 Feb 2009 22:28:41 +0000 (22:28 +0000)]
- Hidemoto Nakada provided a small fix that makes it possible to get the
CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
CURLOPT_NOBODY set true.
Phil Blundell [Tue, 3 Feb 2009 14:38:09 +0000 (14:38 +0000)]
* February 3 2009 (Phil Blundell)
- If the server returns garbage or nothing at all in response to an AAAA query,
go on and ask for A records anyway.
Daniel Stenberg [Mon, 2 Feb 2009 21:36:47 +0000 (21:36 +0000)]
- Patrick Scott found a rather large memory leak when using the multi
interface and setting CURLMOPT_MAXCONNECTS to something less than the number
of handles you add to the multi handle. All the connections that didn't fit
in the cache would not be properly disconnected nor freed!
Daniel Stenberg [Mon, 2 Feb 2009 21:20:59 +0000 (21:20 +0000)]
minor comment fix
Daniel Stenberg [Mon, 2 Feb 2009 16:19:23 +0000 (16:19 +0000)]
- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP
version 1.1 instead of 1.0 like before. This change also introduces the new
proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to
switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0
option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0.
I updated all test cases cases that use CONNECT and I tried to do some using
--proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.
Daniel Stenberg [Sat, 31 Jan 2009 20:25:55 +0000 (20:25 +0000)]
- When building with c-ares 1.6.1 (not yet released) or later and IPv6 support
enabled, we can now take advantage of its brand new AF_UNSPEC support in
ares_gethostbyname(). This makes test case 241 finally run fine for me wtih
this setup since it now parses the "::1 ip6-localhost" line fine in my
/etc/hosts file!
Daniel Stenberg [Sat, 31 Jan 2009 20:17:41 +0000 (20:17 +0000)]
- ares_gethostbyname() now accepts 'AF_UNSPEC' as a family for resolving
either AF_INET6 or AF_INET. It works by accepting any of the looksups in the
hosts file, and it resolves the AAAA field with a fallback to A.
Daniel Stenberg [Sat, 31 Jan 2009 18:38:41 +0000 (18:38 +0000)]
- Scott Cantor filed bug report #2550061
(http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to
properly make sure that the VC9 makefiles got included in the latest
release. I've now fixed the release script and verified it so next release
will hopefully include them properly!
Daniel Stenberg [Fri, 30 Jan 2009 22:32:13 +0000 (22:32 +0000)]
Truly make sure that the vc8 and vc9 makefiles that are generated get included
in the release archive - by using our .dist suffix trick.
Dan Fandrich [Fri, 30 Jan 2009 19:29:25 +0000 (19:29 +0000)]
Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for reporting
the problem.
Dan Fandrich [Fri, 30 Jan 2009 18:28:29 +0000 (18:28 +0000)]
Mentioned some other characters that may need escaping on the curl command
line and fixed a few typos.
Yang Tse [Fri, 30 Jan 2009 02:35:40 +0000 (02:35 +0000)]
ensure that we use the ANSI version functions
Yang Tse [Fri, 30 Jan 2009 01:54:22 +0000 (01:54 +0000)]
fix typo in comment
Yang Tse [Fri, 30 Jan 2009 01:37:37 +0000 (01:37 +0000)]
Provide another definition missing in MinGW's headers
Yang Tse [Thu, 29 Jan 2009 21:44:36 +0000 (21:44 +0000)]
Provide some definitions missing in MinGW's headers
Yang Tse [Thu, 29 Jan 2009 20:32:27 +0000 (20:32 +0000)]
Introduced curl_sspi.c and curl_sspi.h for the implementation of functions
Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were
named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c
Also adjusted socks_sspi.c to remove the link-time dependency on the Windows
SSPI library using it now in the same way as it was done in http_ntlm.c.
Yang Tse [Thu, 29 Jan 2009 15:25:23 +0000 (15:25 +0000)]
added some more messages to SSPI error function
Yang Tse [Thu, 29 Jan 2009 14:00:18 +0000 (14:00 +0000)]
Avoid inclusion of ntsecapi.h and directly provide the KERB_WRAP_NO_ENCRYPT
definition to avoid a 'STRING' duplicate definition from OpenSSL's safestack.h
Yang Tse [Thu, 29 Jan 2009 03:39:10 +0000 (03:39 +0000)]
fix compiler warnings
Daniel Stenberg [Wed, 28 Jan 2009 21:33:58 +0000 (21:33 +0000)]
- Markus Moeller introduced two new options to libcurl:
CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl
to do GSS-style authentication with SOCKS5 proxies. The curl tool got the
options called --socks5-gssapi-service and --socks5-gssapi-nec to enable
these.
Yang Tse [Wed, 28 Jan 2009 17:43:11 +0000 (17:43 +0000)]
fix compiler warning: conversion from 'int' to 'bool', possible loss of data