From d3ab22f875f1397ee4876b5691a5215454a9cbf7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 7 Feb 2017 08:20:10 +0100 Subject: [PATCH] CHANGES.0: removed This is the previously manually edited changelog, not touched since Aug 2015. Still present in git for those who wants it. --- CHANGES.0 | 18002 ---------------------------------------------------- GIT-INFO | 9 - 2 files changed, 18011 deletions(-) delete mode 100644 CHANGES.0 diff --git a/CHANGES.0 b/CHANGES.0 deleted file mode 100644 index a73130fc2..000000000 --- a/CHANGES.0 +++ /dev/null @@ -1,18002 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Old Changelog - -Changes done to curl and libcurl from 1997 to 2010, edited manually. The most -recent changes are always generated into the CHANGES file straight from git. - -Kamil Dudka (17 June 2010) -- Improve test575 in order to not fail with threaded DNS resolver. - -Version 7.21.0 (16 June 2010) - -Daniel Stenberg (5 June 2010) -- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using - libcurl and OpenSSL. "I tracked it down to uncleared error state on the - OpenSSL error stack - patch attached deals with that." - -Daniel Stenberg (5 June 2010) -- Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and - CURLINFO_LOCAL_PORT to curl_easy_getinfo(). - -Yang Tse (4 June 2010) -- Enabled OpenLDAP support for cygwin builds. This support was disabled back - in 2008 due to incompatibilities between OpenSSL and OpenLDAP headers. - cygwin's OpenSSL 0.9.8l and OpenLDAP 2.3.43 versions on cygwin 1.5.25 - allow building an OpenLDAP enabled libcurl supporting back to Windows 95. - - Removed the non-functional CURL_LDAP_HYBRID code and references. - -Daniel Stenberg (2 June 2010) -- Jason McDonald posted bug report #3006786 when he found that the SFTP code - didn't timeout properly in several places in the code even if a timeout was - set properly. - - Based on his suggested patch, I wrote a different implementation that I - think addressed the issue better and also uses the connect timeout for the - initial part of the SSH/SFTP done during the "protocol connect" phase. - - (https://curl.haxx.se/bug/view.cgi?id=3006786) - -Yang Tse (2 June 2010) -- Added missing new libcurl files to non-configure targets. Adjusted - libcurl standard internal header inclusions in new files. Fixed an - SPNEGO related memory leak. Fixed several LDAP related compilation - issues, and fixed some compiler warnings. - -Daniel Stenberg (1 June 2010) -- Igor Novoseltsev reported a problem with the multi socket API and using - timeouts and timers. It boiled down to a problem with libcurl's use of - GetTickCount() interally to figure out the current time, while Igor's own - application code used another function call. - - It made his app call the socket API timeout function a bit _before_ libcurl - would consider the timeout to trigger, and that could easily lead to - timeouts or stalls in the app. It seems GetTickCount() in general often has - no better resolution than 16ms and switching to the alternative function - QueryPerformanceCounter has its share of problems: - http://www.virtualdub.org/blog/pivot/entry.php?id=106 - - We address this problem by simply having libcurl treat timers that already - has occured or will occur within 40ms subject for treatment. I'm confident - that there are other implementations and operating systems with similarly in - accurate timer functions so it makes sense to have applied generically and I - don't believe we sacrifice much by adding a 40ms inaccuracy on these - timeouts. - -Kamil Dudka (27 May 2010) -- added a new test for CRL support (test313) - -- Tor Arntsen changed the alternative definition of bool to use enum instead - of unsigned char. - -Daniel Stenberg (25 May 2010) -- Julien Chaffraix fixed the warning seen when compiling lib/rtmp.c: one - unused variables, several unused arguments and some missing #include. - -- Julien Chaffraix fixed 2 OOM errors: a missing NULL-check in - lib/http_negociate.c and a potential NULL dereferencing in lib/splay.c - -- Howard Chu brought a patch that makes the LDAP code much cleaner, nicer and - in general being a better libcurl citizen. If a new enough OpenLDAP version - is detect, the new and shiny lib/openldap.c code is then used instead of the - old cruft. - -Daniel Stenberg (21 May 2010) -- Eric Mertens posted bug #3003705: when we made TFTP use the correct timeout - option when sent to the server (fixed May 18th 2010) it became obvious that - libcurl used invalid timeout values (300 by default while the RFC allows - nothing above 255). While of course it is obvious that as TFTP has worked - thus far without being able to set timeout at all, just removing the setting - wouldn't make any difference in behavior. I decided to still keep it (but - fix the problem) as it now actually allows for easier (future) customization - of the timeout. - - (https://curl.haxx.se/bug/view.cgi?id=3003705) - -- Douglas Kilpatrick filed bug report #3004787 and pointed out that the TFTP - code didn't handle block id wraps correctly. His suggested fix inspired the - fix I committed. - - (https://curl.haxx.se/bug/view.cgi?id=3004787) - -Daniel Stenberg (20 May 2010) -- Tanguy Fautre brought a fix to allow curl to build with Microsoft VC10. - -Daniel Stenberg (18 May 2010) -- Eric Mertens posted bug report #3003005 pointing out that the libcurl TFTP - code was not sending the timeout option properly to the server, and - suggested a fix. - - (https://curl.haxx.se/bug/view.cgi?id=3003005) - -Kamil Dudka (16 May 2010) -- Pavel Raiskup introduced a new option CURLOPT_FNMATCH_DATA in order to pass - a custom data pointer to the callback specified by CURLOPT_FNMATCH_FUNCTION. - -Daniel Stenberg (14 May 2010) -- John-Mark Bell filed bug #3000052 that identified a problem (with an - associated patch) with the OpenSSL handshake state machine when the multi - interface is used: - - Performing an https request using a curl multi handle and using select or - epoll to wait for events results in a hang. It appears that the cause is the - fix for bug #2958179, which makes ossl_connect_common unconditionally return - from the step 2 loop when fetching from a multi handle. - - When ossl_connect_step2 has completed, it updates connssl->connecting_state - to ssl_connect_3. ossl_connect_common will then return to the caller, as a - multi handle is in use. Eventually, the client code will call - curl_multi_fdset to obtain an updated fdset to select or epoll on. For https - requests, curl_multi_fdset will cause https_getsock to be called. - https_getsock will only return a socket handle if the connecting_state is - ssl_connect_2_reading or ssl_connect_2_writing. Therefore, the client will - never obtain a valid fdset, and thus not drive the multi handle, resulting - in a hang. - - (https://curl.haxx.se/bug/view.cgi?id=3000052) - -- Sebastian V reported bug #3000056 identifying a problem with redirect - following. It showed that when curl followed redirects it didn't properly - ignore the response body of the 30X response if that response was using - compressed Content-Encoding! - - (https://curl.haxx.se/bug/view.cgi?id=3000056) - -Daniel Stenberg (12 May 2010) -- Howard Chu brought support for RTMP. This is powered by the underlying - librtmp library. It supports a range of variations and "sub-protocols" - within the RTMP family. - -- Pavel Raiskup brought support for FTP directory wildcard matching to allow - selective downloading. To provide that, a set of new options were added: - - CURLOPT_WILDCARDMATCH - CURLOPT_CHUNK_BGN_FUNCTION - CURLOPT_CHUNK_END_FUNCTION - CURLOPT_CHUNK_DATA - CURLOPT_FNMATCH_FUNCTION - - There were also a set of new tests added (574 - 577) to verify this. - -Kamil Dudka (11 May 2010) -- CRL support in libcurl-NSS has been completely broken. Now it works. Original - bug report: https://bugzilla.redhat.com/581926 - -Daniel Stenberg (7 May 2010) -- Dirk Manske reported a regression. When connecting with the multi interface, - there were situations where libcurl wouldn't store connect time correctly as - it used to (and is documented to) do. - - Using his fine sample program we could repeat it, and I wrote up test case - 573 using that code. The problem does not easily show itself using the local - test suite though. - - The fix, also as suggested by Dirk, is a bit on the ugly side as it adds yet - another call to Curl_verboseconnect() and setting the TIMER_CONNECT time. - That situation is subject for some closer inspection in the future. - -- Howard Chu split the I/O handling functions into private handlers. - - Howard Chu brought the bulk work of this patch that properly moves out the - sending and recving of data to the parts of the code that are properly - responsible for the various ways of doing so. - - Daniel Stenberg assisted with polishing a few bits and fixed some minor - flaws in the original patch. - - Another upside of this patch is that we now abuse CURLcodes less with the - "magic" -1 return codes and instead use CURLE_AGAIN more consistently. - -Daniel Stenberg (5 May 2010) -- Hoi-Ho Chan introduced support for using the PolarSSL library. You control - this with the new configure option --with-polarssl. - -Daniel Stenberg (29 Apr 2010) -- Ben Greear made telnet a lot better/easier to use by an application: - - The main change is to allow input from user-specified methods, when they are - specified with CURLOPT_READFUNCTION. All calls to fflush(stdout) in - telnet.c were removed, which makes using 'curl telnet://foo.com' painful - since prompts and other data are not always returned to the user promptly. - Use 'curl --no-buffer telnet://foo.com' instead. In general, the user - should have their CURLOPT_WRITEFUNCTION do a fflush for interactive use. - - Also fix assumption that reading from stdin never returns < 0. - Old code could crash in that case. - - Call progress functions in telnet main loop. - -Daniel Stenberg (26 Apr 2010) -- Make use of the libssh2_init/exit functions that libssh2 added in version - 1.2.5. Using them will improve how libcurl works in threaded situations when - SCP and SFTP are transfered. - -Daniel Stenberg (25 Apr 2010) -- Based on work by Kamil Dudka, I've introduced the new configure option - --enable-threaded-resolver. When used, the configure script will check for - pthreads and if around, it will build libcurl to use pthreads to do name - resolving in a threaded manner. Note that this is just a fix to offer an - option that can enable the code that already included. The threader resolver - code was mostly added on Jan 26 2010. - -Daniel Stenberg (24 Apr 2010) -- Alex Bligh introduced the --proto and -proto-redir options that limit what - protocols curl accepts for the requests and when following redirects. - -Kamil Dudka (24 Apr 2010) -- Fixed test536 in order to not fail with threaded DNS resolver and tweaked - comments in certain examples using curl_multi_fdset(). - -- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405 - to hang on a slow machine. - -Daniel Stenberg (21 Apr 2010) -- The -O option caused curl to crash on windows and DOS due to the tool - writing out of boundary memory. - -Yang Tse (20 Apr 2010) -- Ruslan Gazizov detected that MSVC makefiles were using wsock32.lib instead - of ws2_32.lib, this generated linking issues on MSVC IPv6 enabled builds - that were done using those makefiles. - -Daniel Stenberg (19 Apr 2010) -- -J/--remote-header-name didn't strip trailing carriage returns or linefeeds - properly, so they could be used in the file name. - -Daniel Stenberg (16 Apr 2010) -- Jerome Vouillon made the GnuTLS SSL handshake phase non-blocking. - -- The recent overhaul of the SSL recv function made the GnuTLS specific code - treat a zero returned from gnutls_record_recv() as an error, and this caused - our HTTPS test cases to fail. We leave it to upper layer code to detect if - an EOF is a problem or not. - -- I reverted the resolver fix from yesterday and instead removed all uses of - AI_CANONNAME all over libcurl and made the only user of that info (krb5.c) - use the host name from the URL instead. No reverse resolving is a good - thing. - -- Paul Howarth made configure properly detect GSS "on ancient Linux distros" - by editing in which order we use headers to detect GSS. - -Daniel Stenberg (15 Apr 2010) -- Rainer Canavan filed bug report #2987196 that identified libcurl doing - unnecesary reverse name lookups in many cases when built to use IPv4 and - getaddrinfo(). The logic for IPv6 is now used for IPv4 too. - - (https://curl.haxx.se/bug/view.cgi?id=2963679) - -Version 7.20.1 (14 April 2010) - -Daniel Stenberg (9 Apr 2010) -- Prefixing the FTP quote commands with an asterisk really only worked for the - postquote actions. This is now fixed and test case 227 has been extended to - verify. - -Kamil Dudka (4 Apr 2010) -- Eliminated a race condition in Curl_resolv_timeout(). - -- Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). - -- libcurl-NSS now provides more accurate messages and error codes in case of - client certificate problem. Either during connection, or transfer phase. - -Daniel Stenberg (1 Apr 2010) -- Matt Wixson found and fixed a bug in the SCP/SFTP area where the code - treated a 0 return code from libssh2 to be the same as EAGAIN while in - reality it isn't. The problem caused a hang in SFTP transfers from a - MessageWay server. - -Daniel Stenberg (28 Mar 2010) -- Ben Greear: If you pass a URL to pop3 that does not contain a message ID as - part of the URL, it would previously ask for 'INBOX' which just causes the - pop3 server to return an error. - - Now libcurl treats en empty message ID as a request for LIST (list of pop3 - message IDs). User's code could then parse this and download individual - messages as desired. - -Daniel Stenberg (27 Mar 2010) -- Ben Greear brought a patch that from now on allows all protocols to specify - name and user within the URL, in the same manner HTTP and FTP have been - allowed to in the past - although far from all of the libcurl supported - protocls actually have that feature in their URL definition spec. - -Daniel Stenberg (26 Mar 2010) -- Ben Greear brought code that makes the rate limiting code for the easy - interface a bit smoother as it introduces sub-second sleeps during it and it - also takes the buffer sizes into account. - -Daniel Stenberg (24 Mar 2010) -- Bob Richmond: There's an annoying situation where libcurl will read new HTTP - response data from a socket, then check if it's a timeout if one is set. If - the last packet received constitutes the end of the response body, libcurl - still treats it as a timeout condition and reports a message like: - - "Operation timed out after 3000 milliseconds with 876 out of 876 bytes - received" - - It should only a timeout if the timer lapsed and we DIDN'T receive the end - of the response body yet. - -- Christopher Conroy fixed a problem with RTSP and GET_PARAMETER reported - to us by Massimo Callegari. There's a new test case 572 that verifies this - now. - -- The 'ares' subtree has been removed from the source repository. It was - always a separate project that sort of piggybacked on the curl project since - the dawn of times and now the time has come for it to go stand on its own - legs and continue living its own life. All details on c-ares and its new - source code repository is found at http://c-ares.haxx.se/ - -Daniel Stenberg (23 Mar 2010) -- Kenny To filed the bug report #2963679 with patch to fix a problem he - experienced with doing multi interface HTTP POST over a proxy using - PROXYTUNNEL. He found a case where it would connect fine but bits.tcpconnect - was not set correct so libcurl didn't work properly. - - (https://curl.haxx.se/bug/view.cgi?id=2963679) - -- Akos Pasztory filed debian bug report #572276 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276 mentioning a problem - with a resource that returns chunked-encoded _and_ with a Content-Length - and libcurl failed to properly ignore the latter information. - -- Hauke Duden provided an example program that made the multi interface crash. - His example simply used the multi interface and did first one FTP transfer - and after completion it used a second easy handle and did another FTP - transfer on the same FTP server. - - This triggered a bug in the "delayed easy handle kill" system that curl - uses: when an FTP connection is left alive it must keep an easy handle - around internally - only for the purpose of having an easy handle when it - later disconnects it. The code assumed that when the easy handle was removed - and an internal reference was made, that version could be killed later on - when a new easy handle came using the same connection. This was wrong as - Hauke's example showed that the removed handle wasn't killed for real until - later. This caused a double close attempt => segfault. - -Daniel Stenberg (22 Mar 2010) -- Thomas Lopatic fixed the alarm()-based DNS timeout: - - Looking at the code of Curl_resolv_timeout() in hostip.c, I think that in - case of a timeout, the signal handler for SIGALRM never gets removed. I - think that in my case it gets executed at some point later on when execution - has long left Curl_resolv_timeout() or even the cURL library. - - The code that is jumped to with siglongjmp() simply sets the error message - to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess - that instead of simply returning without cleaning up, the code should have a - goto that jumps to the spot right after the call to Curl_resolv(). - -Kamil Dudka (22 Mar 2010) -- Douglas Steinwand contributed a patch fixing insufficient initialization in - Curl_clone_ssl_config() - -Daniel Stenberg (21 Mar 2010) -- Ben Greear improved TFTP: the error code returning and the treatment - of TSIZE == 0 when uploading. - -- We've switched from CVS to git. See https://curl.haxx.se/source.html - -Kamil Dudka (19 Mar 2010) -- Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). - -Daniel Stenberg (15 Mar 2010) -- Constantine Sapuntzakis brought a patch: - - The problem mentioned on Dec 10 2009 - (https://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed. - Partially because an easy handle can be associated with many connections in - the cache (e.g. if there is a redirect during the lifetime of the easy - handle). The previous patch only cleaned up the first one. The new fix now - removes the easy handle from all connections, not just the first one. - -Daniel Stenberg (6 Mar 2010) -- Ben Greear brought a patch that fixed the rate limiting logic for TFTP when - the easy interface was used. - -Daniel Stenberg (5 Mar 2010) -- Daniel Johnson provided fixes for building curl with the clang compiler. - -Yang Tse (5 Mar 2010) -- Constantine Sapuntzakis detected and fixed a double free in builds done - with threaded resolver enabled (Windows default configuration) that would - get triggered when a curl handle is closed while doing DNS resolution. - -Daniel Stenberg (2 Mar 2010) -- [Daniel Johnson] I've been trying to build libcurl with clang on Darwin and - ran into some issues with the GSSAPI tests in configure.ac. The tests first - try to determine the include dirs and libs and set CPPFLAGS and LIBS - accordingly. It then checks for the headers and finally sets LIBS a second - time, causing the libs to be included twice. The first setting of LIBS seems - redundant and should be left out, since the first part is otherwise just - about finding headers. - - My second issue is that 'krb5-config --libs gssapi' on Darwin is less than - useless and returns junk that, while it happens to work with gcc, causes - clang to choke. For example, --libs returns $CFLAGS along with the libs, - which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5 - -lresolv"' on Darwin is sufficient. - -- Based on patch provided by Jacob Moshenko, the transfer logic now properly - makes sure that when using sub-second timeouts, there's no final bad 1000ms - wait. Previously, a sub-second timeout would often make the elapsed time end - up the time rounded up to the nearest second (e.g. 1s for 200ms timeout) - -- Andrei Benea filed bug report #2956698 and pointed out that the - CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function - call. He provided the patch to fix it too. - - https://curl.haxx.se/bug/view.cgi?id=2956698 - -- Markus Duft pointed out in bug #2961796 that even though Interix has a - poll() function it doesn't quite work the way we want it so we must disable - it, and he also provided a patch for it. - - https://curl.haxx.se/bug/view.cgi?id=2961796 - -- Made the pingpong timeout code properly deal with the response timeout AND - the global timeout if set. Also, as was reported in the bug report #2956437 - by Ryan Chan, the time stamp to use as basis for the per command timeout was - not set properly in the DONE phase for FTP (and not for SMTP) so I fixed - that just now. This was a regression compared to 7.19.7 due to the - conversion of FTP code over to the generic pingpong concepts. - - https://curl.haxx.se/bug/view.cgi?id=2956437 - -Daniel Stenberg (1 Mar 2010) -- Ben Greear provided an update for TFTP that fixes upload. - -- Wesley Miaw reported bug #2958179 which identified a case of looping during - OpenSSL based SSL handshaking even though the multi interface was used and - there was no good reason for it. - - https://curl.haxx.se/bug/view.cgi?id=2958179 - -Daniel Stenberg (26 Feb 2010) -- Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a - chunked-encoding trailer. - - https://curl.haxx.se/bug/view.cgi?id=2958474 - -Daniel Fandrich (25 Feb 2010) -- Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code. - -Yang Tse (25 Feb 2010) -- I fixed bug report #2958074 indicating - (https://curl.haxx.se/bug/view.cgi?id=2958074) that curl on Windows with - option --trace-time did not use local time when timestamping trace lines. - This could also happen on other systems depending on time souurce. - -Patrick Monnerat (22 Feb 2010) -- Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account. -- SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required). -- Use of true local host name (i.e.: via gethostname()) when available, as - default argument to SMTP HELO/EHLO. -- Test case 804 for HELO fallback. - -Daniel Stenberg (20 Feb 2010) -- Fixed the SMTP compliance by making sure RCPT TO addresses are specified - properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now - get angle bracket wrapping automatically by libcurl unless the recipient - starts with an angle bracket as then the app is assumed to deal with that - properly on its own. - -- I made the SMTP code expect a 250 response back from the server after the - full DATA has been sent, and I modified the test SMTP server to also send - that response. As usual, the DONE operation that is made after a completed - transfer is still not doable in a non-blocking way so this waiting for 250 - is unfortunately made blockingly. - -Yang Tse (14 Feb 2010) -- Overhauled test suite getpart() function. Fixing potential out of bounds - stack and memory overwrites triggered with huge test case definitions. - -Daniel Stenberg (13 Feb 2010) -- Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 - - (https://curl.haxx.se/bug/view.cgi?id=2951319) - -- Tom Donovan fixed the CURL_FORMAT_* defines when building with cmake. - - (https://curl.haxx.se/bug/view.cgi?id=2951269) - -Daniel Stenberg (12 Feb 2010) -- Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses - in the same RCPT TO line, when they should be sent in separate single - commands. I updated test case 802 to verify this. - -- I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl - tool which made it try to output it as string for the --libcurl feature - which could lead to crashes. - -Yang Tse (11 Feb 2010) -- Steven M. Schweda fixed VMS builder bad behavior when used in a batch job, - removed obsolete batch_compile.com and defines.com and updated VMS readme. - -Version 7.20.0 (9 February 2010) - -Daniel Stenberg (9 Feb 2010) -- When downloading compressed content over HTTP and the app asked libcurl to - automatically uncompress it with the CURLOPT_ENCODING option, libcurl could - wrongly provide the callback with more data than the maximum documented - amount. An application could thus get tricked into badness if the maximum - limit was trusted to be enforced by libcurl itself (as it is documented). - - This is further detailed and explained in the libcurl security advisory - 20100209 at - - https://curl.haxx.se/docs/adv_20100209.html - -Daniel Fandrich (3 Feb 2010) -- Changed the Watcom makefiles to make them easier to keep in sync with - Makefile.inc since that can't be included directly. - -Yang Tse (2 Feb 2010) -- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release, - symbol will not be available when building with CURL_NO_OLDIES defined. Use - of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0 - -Daniel Stenberg (1 Feb 2010) -- Using the multi_socket API, it turns out at times it seemed to "forget" - connections (which caused a hang). It turned out to be an existing (7.19.7) - bug in libcurl (that's been around for a long time) and it happened like - this: - - The app calls curl_multi_add_handle() to add a new easy handle, libcurl will - then set it to timeout in 1 millisecond so libcurl will tell the app about - it. - - The app's timeout fires off that there's a timeout, the app calls libcurl as - we so often document it: - - do { - res = curl_multi_socket_action(... TIMEOUT ...); - } while(CURLM_CALL_MULTI_PERFORM == res); - - And this is the problem number one: - - When curl_multi_socket_action() is called with no specific handle, but only - a timeout-action, it will *only* perform actions within libcurl that are - marked to run at this time. In this case, the request would go from INIT to - CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl - again, there's no timer set for this handle so it remains in the CONNECT - state. The CONNECT state is a transitional state in libcurl so it reports no - sockets there, and thus libcurl never tells the app anything more about that - easy handle/connection. - - libcurl _does_ set a 1ms timeout for the handle at the end of - multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop - is instant the new job is not ready to run at that point (and there's no - code that makes libcurl call the app to update the timout for this new - timeout). It will simply rely on that some other timeout will trigger later - on or that something else will update the timeout callback. This makes the - bug fairly hard to repeat. - - The fix made to adress this issue: - - We introduce a loop in lib/multi.c around all calls to multi_runsingle() and - simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added - benefit that this goes in line with my long-term wishes to get rid of the - CURLM_CALL_MULTI_PERFORM all together from the public API. - - The downside of this fix, is that the counter we return in 'running_handles' - in several of our public functions then gets a slightly new and possibly - confusing behavior during times: - - If an app adds a handle that fails to connect (very quickly) it may just - as well never appear as a 'running_handle' with this fix. Previously it - would first bump the counter only to get it decreased again at next call. - Even I have used that change in handle counter to signal "end of a - transfer". The only *good* way to find the end of a individual transfer - is calling curl_multi_info_read() to see if it returns one. - - Of course, if the app previously did the looping before it checked the - counter, it really shouldn't be any new effect. - -Yang Tse (26 Jan 2010) -- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months - relative to the asynchronous DNS lookups, along with with some integration - adjustments I have done are finally committed to CVS. - - Currently these enhancements will benefit builds done using c-ares on any - platform as well as Windows builds using the default threaded resolver. - - This release does not make generally available POSIX threaded DNS lookups - yet. There is no configure option to enable this feature yet. It is possible - to experimantally try this feature running configure with compiler flags that - make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and - HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones - are required to link and properly use pthread_* functions on each platform. - -Daniel Stenberg (26 Jan 2010) -- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the - proxy that cannot be resolved when using c-ares. This matches the behaviour - when not using c-ares. - -Björn Stenberg (23 Jan 2010) -- Added a new flag: -J/--remote-header-name. This option tells the - -O/--remote-name option to use the server-specified Content-Disposition - filename instead of extracting a filename from the URL. - -Daniel Stenberg (21 Jan 2010) -- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new - libcurl options for controlling what to get and how to receive posssibly - interleaved RTP data. - -Daniel Stenberg (20 Jan 2010) -- As was pointed out on the http-state mailing list, the order of cookies in a - HTTP Cookie: header _needs_ to be sorted on the path length in the cases - where two cookies using the same name are set more than once using - (overlapping) paths. Realizing this, identically named cookies must be - sorted correctly. But detecting only identically named cookies and take care - of them individually is harder than just to blindly and unconditionally sort - all cookies based on their path lengths. All major browsers also already do - this, so this makes our behavior one step closer to them in the cookie area. - - Test case 8 was the only one that broke due to this change and I updated it - accordingly. - -Daniel Stenberg (19 Jan 2010) -- David McCreedy brought a fix and a new test case (129) to make libcurl work - again when downloading files over FTP using ASCII and it turns out that the - final size of the file is not the same as the initial size the server - reported. This is very common since servers don't take the newline - conversions into account. - -Kamil Dudka (14 Jan 2010) -- Suppressed side effect of OpenSSL configure checks, which prevented NSS from - being properly detected under certain circumstances. It had been caused by - strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config - distinguishes among empty and non-existent environment variable in that case. - -Daniel Stenberg (12 Jan 2010) -- Gil Weber reported a peculiar flaw with the multi interface when doing SFTP - transfers: curl_multi_fdset() would return -1 and not set and file - descriptors several times during a transfer of a single file. It turned out - to be due to two different flaws now fixed. Gil's excellent recipe helped me - nail this. - -Daniel Stenberg (11 Jan 2010) -- Made sure that the progress callback is repeatedly called at a regular - interval even during very slow connects. - -- The tests/runtests.pl script now checks to see if the test case that runs is - present in the tests/data/Makefile.am and outputs a notice message on the - screen if not. Each test file has to be included in that Makefile.am to get - included in release archives and forgetting to add files there is a common - mistake. This is an attempt to make it harder to forget. - -Daniel Stenberg (9 Jan 2010) -- Johan van Selst found and fixed a OpenSSL session ref count leak: - - ossl_connect_step3() increments an SSL session handle reference counter on - each call. When sessions are re-used this reference counter may be - incremented many times, but it will be decremented only once when done (by - Curl_ossl_session_free()); and the internal OpenSSL data will not be freed - if this reference count remains positive. When a session is re-used the - reference counter should be corrected by explicitly calling - SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid - introducing a memory leak. - - (https://curl.haxx.se/bug/view.cgi?id=2926284) - -Daniel Stenberg (7 Jan 2010) -- Make sure the progress callback is called repeatedly even during very slow - name resolves when c-ares is used for resolving. - -Claes Jakobsson (6 Jan 2010) -- Julien Chaffraix fixed so that the fragment part in an URL is not sent - to the server anymore. - -Kamil Dudka (3 Jan 2010) -- Julien Chaffraix eliminated a duplicated initialization in singlesocket(). - -Daniel Stenberg (2 Jan 2010) -- Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific - versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to - control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old - option names are still working but the new ones are the ones listed and - documented. - -Daniel Stenberg (1 Jan 2010) -- Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This - command is a special "hack" used by the drftpd server, but even though it is - a custom extension I've deemed it fine to add to libcurl since this server - seems to survive and people keep using it and want libcurl to support - it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also - usable from the curl tool with --ftp-pret. Using this option on a server - that doesn't support this command will make libcurl fail. - - I added test cases 1107 and 1108 to verify the functionality. - - The PRET command is documented at - http://www.drftpd.org/index.php/Distributed_PASV - -Yang Tse (30 Dec 2009) -- Steven M. Schweda improved VMS build system, and Craig A. Berry helped - with the patch and testing. - -Daniel Stenberg (26 Dec 2009) -- Renato Botelho and Peter Pentchev brought a patch that makes the libcurl - headers work correctly even on FreeBSD systems before v8. - - (https://curl.haxx.se/bug/view.cgi?id=2916915) - -Daniel Stenberg (17 Dec 2009) -- David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when - available. - -- Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I - was a bit too quick and broke test case 1101 with that change. The order of - some of the setups is sensitive. I now changed it slightly again to make - sure we do them in this order: - - 1 - parse URL and figure out what protocol is used in the URL - 2 - prepend protocol:// to URL if missing - 3 - parse name+password off URL, which needs to know what protocol is used - (since only some allows for name+password in the URL) - 4 - figure out if a proxy should be used set by an option - 5 - if no proxy option, check proxy environment variables - 6 - run the protocol-specific setup function, which needs to have the proxy - already set - -Daniel Stenberg (15 Dec 2009) -- Jon Nelson found a regression that turned out to be a flaw in how libcurl - detects and uses proxies based on the environment variables. If the proxy - was given as an explicit option it worked, but due to the setup order - mistake proxies would not be used fine for a few protocols when picked up - from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added - test case 1106 that verifies this functionality. - - (https://curl.haxx.se/bug/view.cgi?id=2913886) - -Daniel Stenberg (12 Dec 2009) -- IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S - and SMTPS) are now supported. The current state may not yet be solid, but - the foundation is in place and the test suite has some initial support for - these protocols. Work will now persue to make them nice libcurl citizens - until release. - - The work with supporting these new protocols was sponsored by - networking4all.com - thanks! - -Daniel Stenberg (10 Dec 2009) -- Siegfried Gyuricsko found out that the curl manual said --retry would retry - on FTP errors in the transient 5xx range. Transient FTP errors are in the - 4xx range. The code itself only tried on 5xx errors that occured _at login_. - Now the retry code retries on all FTP transfer failures that ended with a - 4xx response. - - (https://curl.haxx.se/bug/view.cgi?id=2911279) - -- Constantine Sapuntzakis figured out a case which would lead to libcurl - accessing alredy freed memory and thus crash when using HTTPS (with - OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order - of cleaning things up. I fixed it. - - (https://curl.haxx.se/bug/view.cgi?id=2905220) - -Daniel Stenberg (7 Dec 2009) -- Martin Storsjo made libcurl use the Expect: 100-continue header for posts - with unknown size. Previously it was only used for posts with a known size - larger than 1024 bytes. - -Daniel Stenberg (1 Dec 2009) -- If the Expect: 100-continue header has been set by the application through - curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set - data->state.expect100header accordingly - the current code (in 7.19.7 at - least) doesn't handle this properly. Martin Storsjo provided the fix! - -Yang Tse (28 Nov 2009) -- Added Diffie-Hellman parameters to several test harness certificate files in - PEM format. Required by several stunnel versions used by our test harness. - -Daniel Stenberg (28 Nov 2009) -- Markus Koetter provided a polished and updated version of Chad Monroe's TFTP - rework patch that now integrates TFTP properly into libcurl so that it can - be used non-blocking with the multi interface and more. BLKSIZE also works. - - The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from - the command line. - -Daniel Stenberg (26 Nov 2009) -- Extended and fixed the change I did on Dec 11 for the the progress - meter/callback during FTP command/response sequences. It turned out it was - really lame before and now the progress meter SHOULD get called at least - once per second. - -Daniel Stenberg (23 Nov 2009) -- Bjorn Augustsson reported a bug which made curl not report any problems even - though it failed to write a very small download to disk (done in a single - fwrite call). It turned out to be because fwrite() returned success, but - there was insufficient error-checking for the fclose() call which tricked - curl to believe things were fine. - -Yang Tse (23 Nov 2009) -- David Byron modified Makefile.dist vc8 and vc9 targets in order to allow - finer granularity control when generating src and lib makefiles. - -Yang Tse (22 Nov 2009) -- I modified configure to force removal of the curlbuild.h file included in - distribution tarballs for use by non-configure systems. As intended, this - would get overwriten when doing in-tree builds. But VPATH builds would end - having two curlbuild.h files, one in the source tree and another in the - build tree. With the modification I introduced 5 Nov 2009 this could become - an issue when running libcurl's test suite. - -Daniel Stenberg (20 Nov 2009) -- Constantine Sapuntzakis identified a write after close, as the sockets were - closed by libcurl before the SSL lib were shutdown and they may write to its - socket. Detected to at least happen with OpenSSL builds. - -- Jad Chamcham pointed out a bug with connection re-use. If a connection had - CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the - same proxy with the tunnel option disabled would still wrongly re-use that - previous connection and the outcome would only be badness. - -Yang Tse (18 Nov 2009) -- I modified the memory tracking system to make it intolerant with zero sized - malloc(), calloc() and realloc() function calls. - -Daniel Stenberg (17 Nov 2009) -- Constantine Sapuntzakis provided another fix for the DNS cache that could - end up with entries that wouldn't time-out: - - 1. Set up a first web server that redirects (307) to a http://server:port - that's down - 2. Have curl connect to the first web server using curl multi - - After the curl_easy_cleanup call, there will be curl dns entries hanging - around with in_use != 0. - - (https://curl.haxx.se/bug/view.cgi?id=2891591) - -- Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into - its pkg-config file. So -Wl stuff ended up in the .pc file, which is really - bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in - PTXdist). bug #2893592 (https://curl.haxx.se/bug/view.cgi?id=2893592) - -Kamil Dudka (15 Nov 2009) -- David Byron improved the configure script to use pkg-config to find OpenSSL - (and in particular the list of required libraries) even if a path is given - as argument to --with-ssl - -Yang Tse (15 Nov 2009) -- I removed enable-thread / disable-thread configure option. These were only - placebo options. The library is always built as thread safe as possible on - every system. - -Claes Jakobsson (14 Nov 2009) -- curl-config now accepts '--configure' to see what arguments was - passed to the configure script when building curl. - -Daniel Stenberg (14 Nov 2009) -- Claes Jakobsson restored the configure functionality to detect NSS when - --with-nss is set but not "yes". - - I think we can still improve that to check for pkg-config in that path etc, - but at least this patch brings back the same functionality we had before. - -- Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for - the client certificate. It also disable the key name test as some engines - can select a private key/cert automatically (When there is only one key - and/or certificate on the hardware device used by the engine) - -Yang Tse (14 Nov 2009) -- Constantine Sapuntzakis provided the fix that ensures that an SSL connection - won't be reused unless protection level for peer and host verification match. - - I refactored how preprocessor symbol _THREAD_SAFE definition is done. - -Kamil Dudka (12 Nov 2009) -- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly - closed NSPR descriptor. The issue was hard to find, reported several times - before and always closed unresolved. More info at the RH bug: - https://bugzilla.redhat.com/534176 - -- libcurl-NSS now tries to reconnect with TLS disabled in case it detects - a broken TLS server. However it does not happen if SSL version is selected - manually. The approach was originally taken from PSM. Kaspar Brand helped me - to complete the patch. Original bug reports: - https://bugzilla.redhat.com/525496 - https://bugzilla.redhat.com/527771 - -Yang Tse (12 Nov 2009) -- I modified configure script to make the getaddrinfo function check also - verify if the function is thread safe. - -Yang Tse (11 Nov 2009) -- Marco Maggi reported that compilation failed when configured --with-gssapi - and GNU GSS installed due to a missing mutual exclusion of header files in - the Kerberos 5 code path. He also verified that my patch worked for him. - -Daniel Stenberg (11 Nov 2009) -- Constantine Sapuntzakis posted bug #2891595 - (https://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry - in the DNS cache would linger too long if the request that added it was in - use that long. He also provided the patch that now makes libcurl capable of - still doing a request while the DNS hash entry may get timed out. - -- Christian Schmitz noticed that the progress meter/callback was not properly - used during the FTP connection phase (after the actual TCP connect), while - it of course should be. I also made the speed check get called correctly so - that really slow servers will trigger that properly too. - -Kamil Dudka (5 Nov 2009) -- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works - in non-blocking mode. - -Yang Tse (5 Nov 2009) -- I removed leading 'curl' path on the 'curlbuild.h' include statement in - curl.h, adjusting auto-makefiles include path, to enhance portability to - OS's without an orthogonal directory tree structure such as OS/400. - -Daniel Stenberg (4 Nov 2009) -- I fixed several problems with the transfer progress meter. It showed the - wrong percentage for small files, most notable for <1000 bytes and could - easily end up showing more than 100% at the end. It also didn't show any - percentage, transfer size or estimated transfer times when transferring - less than 100 bytes. - -Version 7.19.7 (4 November 2009) - -Daniel Stenberg (2 Nov 2009) -- As reported independent by both Stan van de Burgt and Didier Brisebourg, - CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when - getting data from ldap! - -Daniel Stenberg (31 Oct 2009) -- Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the - download was 0 bytes, as libcurl would then return the size as unknown (-1) - and not 0. I wrote a fix and test case 566 to verify it. - -Daniel Stenberg (30 Oct 2009) -- Liza Alenchery mentioned a problem with re-used SCP connection when a bad - auth is used, as it caused a crash. I failed to repeat the issue, but still - made a change that now forces the TCP connection used for a freed SCP - session to get closed and not be re-used. - -- "Tom" posted a bug report that mentioned how libcurl did wrong when doing a - POST using a read callback, with Digest authentication and - "Transfer-Encoding: chunked" enforced. I would then cause the first request - to be wrongly sent and then basically hang until the server closed the - connection. I fixed the problem and added test case 565 to verify it. - -Daniel Stenberg (25 Oct 2009) -- Dima Barsky made the curl cookie parser accept cookies even with blank or - unparsable expiry dates and then treat them as session cookies - previously - libcurl would reject cookies with a date format it couldn't parse. Research - shows that the major browser treat such cookies as session cookies. I - modified test 8 and 31 to verify this. - -Daniel Stenberg (21 Oct 2009) -- Attempt to use pkg-config for finding out libssh2 installation details - during configure. - -- A patch in bug report #2883177 (https://curl.haxx.se/bug/view.cgi?id=2883177) - by Johan van Selst introduced the --crlfile option to curl, which makes curl - tell libcurl about a file with CRL (certificate revocation list) data to - read. - -Daniel Stenberg (18 Oct 2009) -- Ray Dassen provided a patch in Debian's bug tracker (bug number #551461) - that now makes curl_getdate(3) actually handles RFC 822 formatted dates that - use the "single letter military timezones". - http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details. - -- Fixed memory leak in the SCP/SFTP code as it never freed the knownhosts - data! - -- John Dennis filed bug report #2873666 - (https://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem - which made libcurl loop infinitely when given incorrect credentials when - using HTTP GSS negotiate authentication. He also provided a small and simple - patch for it. - -- Kevin Baughman found a double close() problem with libcurl-NSS, as when - libcurl called NSS to close the SSL "session" it also closed the actual - socket. - -Yang Tse (17 Oct 2009) -- Bug report #2866724 indicated - (https://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed - when writing files whose file names originally contained characters which - are not valid for file names on Windows. Dan Fandrich provided an initial - patch and another revised one to fix this issue. - -Daniel Stenberg (1 Oct 2009) -- Tom Mueller correctly reported in bug report #2870221 - (https://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an - incorrect return code from the internal trynextip() function which caused - him grief. This is a regression that was introduced in 7.19.1 and I find it - strange it hasn't hit us harder, but I won't persue into figuring out - exactly why. - -- Constantine Sapuntzakis: The current implementation will always set - SO_SNDBUF to CURL_WRITE_SIZE even if the SO_SNDBUF starts out larger. The - patch doesn't do a setsockopt if SO_SNDBUF is already greater than - CURL_WRITE_SIZE. This should help folks who have set up their computer with - large send buffers. - -Daniel Stenberg (27 Sep 2009) -- I introduced a maximum limit for received HTTP headers. It is controlled by - the define CURL_MAX_HTTP_HEADER which is even exposed in the public header - file to allow for users to fairly easy rebuild libcurl with a modified - limit. The rationale for a fixed limit is that libcurl is realloc()ing a - buffer to be able to put a full header into it, so that it can call the - header callback with the entire header, but that also risk getting it into - trouble if a server by mistake or willingly sends a header that is more or - less without an end. The limit is set to 100K. - -Daniel Stenberg (26 Sep 2009) -- John P. McCaskey posted a bug report that showed how libcurl did wrong when - saving received cookies with no given path, if the path in the request had a - query part. That is means a question mark (?) and characters on the right - side of that. I wrote test case 1105 and fixed this problem. - -Kamil Dudka (26 Sep 2009) -- Implemented a protocol independent way to specify blocking direction, used by - transfer.c for blocking. It is currently used only by SCP and SFTP protocols. - This enhancement resolves an issue with 100% CPU usage during SFTP upload, - reported by Vourhey. - -Daniel Stenberg (25 Sep 2009) -- Chris Mumford filed bug report #2861587 - (https://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used - the OpenSSL function X509_load_crl_file() wrongly and failed if it would - load a CRL file with more than one certificate within. This is now fixed. - -Daniel Stenberg (16 Sep 2009) -- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- - powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name - field in the certficate it had to match and so even if non-DNS and non-IP - entry was present it caused the verification to fail. - -Daniel Fandrich (15 Sep 2009) -- Moved the libssh2 checks after the SSL library checks. This helps when - statically linking since libssh2 needs the SSL library link flags to be - set up already to satisfy its dependencies. This wouldn't be necessary if - the libssh2 configure check was changed to use pkg-config since the - --static flag would add the dependencies automatically. - -Yang Tse (14 Sep 2009) -- Revert Joshua Kwan's patch committed 11 Sep 2009. - - Some systems poll function sets POLLHUP in revents without setting - POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some - libcurl code execution paths this could trigger busy wait loops with - high CPU usage until a timeout condition aborted the loop. - - The reverted patch addressed the above issue for a very specific case, - when awaiting c-ares to resolve. A libcurl-wide fix for Curl_poll now - superceeds this one. - -Guenter Knauf (11 Sep 2009) -- Joshua Kwan provided a patch to pass POLLERR / POLLHUP back to c-ares. - This fixes a loop problem with high CPU usage. - -Daniel Stenberg (10 Sep 2009) -- Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch - start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 - which internally then is treated as a session cookie. That particular date - is now made to get the value of 1. - -Daniel Stenberg (2 Sep 2009) -- Daniel Johnson found a flaw in the code converting sftp-errors to libcurl - errors. - -Daniel Stenberg (1 Sep 2009) -- Peter Sylvester made a debug feature for Curl_resolv() that now will force - libcurl to resolve 'localhost' whatever name you use in the URL *if* you set - the --interface option to (exactly) "LocalHost". This will enable us to - write tests for custom hosts names but still use a local host server. - -- configure now tries to use pkg-config for a number of sub-dependencies even - when cross-compiling. The key to success is then you properly setup - PKG_CONFIG_PATH before invoking configure. - - I also improved how NSS is detected by trying nss-config if pkg-config isn't - present, and as a last resort just use the lib name and force the user to - setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would - add a range of various libs that would almost never be quite correct. - -Daniel Stenberg (31 Aug 2009) -- When using the multi interface with FTP and you asked for NOBODY, you did no - QUOTE commands and the request used the same path as the connection had - already changed to, it would decide that no commands would be necessary for - the "DO" action and that was not handled properly but libcurl would instead - hang. - -Kamil Dudka (28 Aug 2009) -- Improved error message for not matching certificate subject name in - libcurl-NSS. Originally reported at: - https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9 - -Patrick Monnerat (24 Aug 2009) -- Introduced a SYST-based test to properly set-up name format when dealing - with the OS/400 FTP server. - -- Fixed an ftp_readresp() bug preventing detection of failing control socket - and causing FTP client to loop forever. - -Daniel Stenberg (24 Aug 2009) -- Marc de Bruin pointed out that configure --with-gnutls=PATH didn't work - properly and provided a fix. https://curl.haxx.se/bug/view.cgi?id=2843008 - -- Eric Wong introduced support for the new option -T. (dot) that makes curl - read stdin in a non-blocking fashion. This also brings back -T- (minus) to - the previous blocking behavior since it could break stuff for people at - times. - -Michal Marek (21 Aug 2009) -- With CURLOPT_PROXY_TRANSFER_MODE, avoid sending invalid URLs like - ftp://example.com;type=i if the user specified ftp://example.com without the - slash. - -Daniel Stenberg (21 Aug 2009) -- Andre Guibert de Bruet pointed out a missing return code check for a - strdup() that could lead to segfault if it returned NULL. I extended his - suggest patch to now have Curl_retry_request() return a regular return code - and better check that. - -- Lots of good work by Krister Johansen, mostly related to pipelining: - - Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks - Fix data corruption issue with re-connected transfers - Fix use after free if we're completed but easy_conn not NULL - -Kamil Dudka (13 Aug 2009) -- Changed NSS code to not ignore the value of ssl.verifyhost and produce more - verbose error messages. Originally reported at: - https://bugzilla.redhat.com/show_bug.cgi?id=516056 - -Daniel Stenberg (12 Aug 2009) -- Karl Moerder fixed the Makefile.vc* makefiles to include the new file - nonblock.c so that they work fine again - -- I expanded test 517 with a bunch of more dates that originate from the - Chrome browser test suite. It turns out most of them get parsed the same - way. - -Version 7.19.6 (12 August 2009) - -Daniel Stenberg (12 Aug 2009) -- Carsten Lange reported a bug and provided a patch for TFTP upload and the - sending of the TSIZE option. I don't like fixing bugs just hours before - a release, but since it was broken and the patch fixes this for him I decided - to get it in anyway. - -Daniel Stenberg (11 Aug 2009) -- Peter Sylvester made the HTTPS test server use specific certificates for - each test, so that the test suite can now be used to actually test the - verification of cert names etc. This made an error show up in the OpenSSL- - specific code where it would attempt to match the CN field even if a - subjectAltName exists that doesn't match. This is now fixed and verified - in test 311. - -- Benbuck Nason posted the bug report #2835196 - (https://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler - warnings when mixing ints and bools. - -Daniel Fandrich (10 Aug 2009) -- Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. - -Daniel Fandrich (9 Aug 2009) -- Fixed some memory leaks in the command-line tool that caused most of the - torture tests to fail. - -Daniel Stenberg (2 Aug 2009) -- Curt Bogmine reported a problem with SNI enabled on a particular server. We - should introduce an option to disable SNI, but as we're in feature freeze - now I've addressed the obvious bug here (pointed out by Peter Sylvester): we - shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. - Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular - option for SNI, or are we simply not using it? - -Daniel Stenberg (1 Aug 2009) -- Scott Cantor posted the bug report #2829955 - (https://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert - verification flaw found and exploited by Moxie Marlinspike. The presentation - he did at Black Hat is available here: - https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike - - Apparently at least one CA allowed a subjectAltName or CN that contain a - zero byte, and thus clients that assumed they would never have zero bytes - were exploited to OK a certificate that didn't actually match the site. Like - if the name in the cert was "example.com\0theatualsite.com", libcurl would - happily verify that cert for example.com. - - libcurl now better uses the length of the extracted name, not using the zero - termination for getting the string length. - - This fixing only made and needed in OpenSSL interfacing code. - -- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present - only in some OpenSSL installs - like on Windows) isn't thread-safe and we - agreed that moving it to the global_init() function is a decent way to deal - with this situation. - -- Alexander Beedie provided the patch for a noproxy problem: If I have set - CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually - could still end up using a proxy if a proxy environment variable was set. - -Daniel Stenberg (27 Jul 2009) -- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and - CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to - send when using FTP, as a sign that libcurl shall simply ignore the response - from the server instead of treating it as an error. Not treating a 400+ FTP - response code as an error means that failed commands will not abort the - chain of commands, nor will they cause the connection to get disconnected. - -Daniel Stenberg (26 Jul 2009) -- Johan van Selst posted bug report #2825989 - (https://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that - OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and - provided the solution too: to use OpenSSL_add_all_algorithms() in addition - to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in - OpenSSL 0.9.5 - -Daniel Stenberg (23 Jul 2009) -- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. - They introduce known_host support for SSH keys to libcurl. See docs for - details. Note that this feature depends on a new enough libssh2 version, to - be supported in libssh2 1.2 and later (or current git repo at this time). - -Michal Marek (22 Jul 2009) -- David Binderman found a memory and fd leak in lib/gtls.c:load_file() - (https://bugzilla.novell.com/523919). When looking at the code, I found that - also the ptr pointer can leak. - -Kamil Dudka (20 Jul 2009) -- Claes Jakobsson improved the support for client certificates handling in - NSS-powered libcurl. Now the client certificates can be selected - automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 - slots is no more performed. It used to cause problems with HW tokens. - -- Fixed reference counting for NSS client certificates. Now the PEM reader - module should be always properly unloaded on Curl_nss_cleanup(). If the - unload fails though, libcurl will try to reuse the already loaded instance. - -Daniel Fandrich (15 Jul 2009) -- Added nonblock.c to the non-automake makefiles (note that the dependencies - in the Watcom makefiles aren't quite correct). - -Michal Marek (15 Jul 2009) -- Changed the description of CURLINFO_OS_ERRNO to make it clear that the - errno is not reset on success. - -Guenter Knauf (14 Jul 2009) -- renamed generated config.h to curl_config.h to avoid any future clashes - with config.h from other projects. - -Daniel Stenberg (9 Jul 2009) -- Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for - setting a file descriptor non-blocking. Used by the functionality Eric - himself brough on June 15th. - -Daniel Stenberg (8 Jul 2009) -- Constantine Sapuntzakis posted bug report #2813123 - (https://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the - problem: - - Url A is accessed using auth. Url A redirects to Url B (on a different - server0. Url B reuses a persistent connection. Url B has auth, even though - it's on a different server. - - Note: if Url B does not reuse a persistent connection, auth is not sent. - - reason: - - data->state.first_host is not initialized becuase Curl_http_connect is not - called when a connection is reused. - - Solution: - - move initialization of data->state.first_host to Curl_http. No code before - Curl_http uses data->state.first_host anyway. - -Guenter Knauf (4 Jul 2009) -- Markus Koetter provided a patch to avoid getnameinfo() usage which broke a - couple of both IPv4 and IPv6 autobuilds. - -Daniel Stenberg (29 Jun 2009) -- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port - range if given colon-separated after the host name/address part. Like - "192.168.0.1:2000-10000" - -- Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I - don't know how they got wrong in the first place, but using this output - format makes it possible to quite easily separate the string into an array - of multiple items. - -Daniel Fandrich (16 June 2009) -- Added a few more compiler warning options for gcc. - -Daniel Stenberg (16 Jun 2009) -- Reuven Wachtfogel made curl -o - properly produce a binary output on windows - (no newline translations). Use -B/--use-ascii if you rather get the ascii - approach. - -Michal Marek (16 Jun 2009) -- When doing non-anonymous ftp via http proxies and the password is not - provided in the url, add it there (squid needs this). - -Daniel Stenberg (15 Jun 2009) -- Eric Wong's patch: - - This allows curl(1) to be used as a client-side tunnel for arbitrary stream - protocols by abusing chunked transfer encoding in both the HTTP request and - HTTP response. This requires server support for sending a response while a - request is still being read, of course. - - If attempting to read from stdin returns EAGAIN, then we pause our sender. - This leaves curl to attempt to read from the socket while reading from stdin - (and thus sending) is paused. - - This change was needed to allow successfully tunneling the git protocol over - HTTP (--no-buffer is needed, as well). - -Patrick Monnerat (15 Jun 2009) -- Replaced use of standard C library rand()/srand() by our own pseudo-random - number generator. - -Yang Tse (11 Jun 2009) -- I adapted testcurl script to allow building test harness programs when - cross-compiling for a *-*-mingw* host. - -Daniel Stenberg (10 Jun 2009) -- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and - contributed a range of patches to fix them. - -Yang Tse (10 Jun 2009) -- I introduced configure script option --enable-curldebug which now allows - the decoupled enabling or disabling of the curl debug memory tracking - feature from the --enable-debug option which no longer controls this. - - curl --version will list 'Debug' feature for debug enabled builds, and - will list 'TrackMemory' feature for curl debug memory tracking capable - builds. These features are independent and can be controlled when running - the configure script. When --enable-debug is given both features will be - enabled, unless some restriction prevents memory tracking from being used. - - Internally, definition of preprocessor symbol DEBUGBUILD restricts code - which is only compiled for debug enabled builds. And symbol CURLDEBUG is - used to differentiate code which is _only_ used for memory tracking. - -Yang Tse (9 Jun 2009) -- Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not - initializing the fread callback pointer and this triggered a compiler - warning, also provided a friendly suggestion on how to fix it. - -Daniel Stenberg (8 Jun 2009) -- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount - issue with client certs that caused issues like segfaults. - https://curl.haxx.se/mail/lib-2009-05/0316.html - -- Triggered by bug report #2798852 and the patch in there, I fixed configure - to detect gnutls build options with pkg-config only and not libgnutls-config - anymore since GnuTLS has stopped distributing that tool. If an explicit path - is given to configure, we will instead guess on how to link and use that - lib. I did not use the patch from the bug report. - -Yang Tse (8 Jun 2009) -- Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers - included from Makefile.inc, and provided docs\INSTALL VxWorks section. - -- I removed buildconf.bat from release and daily snapshot archives. This - file is only for CVS tree checkout builds. - -Daniel Stenberg (8 Jun 2009) -- Eric Wong fixed --no-buffer to actually switch off output buffering. Been - broken since 7.19.0 - -Bill Hoffman (6 Jun 2009) -- Added some cmake docs and fixed socklen_t in the build. - -Yang Tse (5 Jun 2009) -- John E. Malmberg provided VMS specific patch: "This fixes an existing bug - in urlglob.c where it was not converting the Curl Unix exit code to a VMS - DCL compatible exit code. This fix required the enhancement described next. - This also adds an enhancement to main.c so that when curl is run under a - Unix shell like Bash on VMS, it will return the standard Unix exit codes - and messages." And another patch for docs/examples. - - I introduced os-specific.c and os-specific.h for use in curl tool code - and adjusted John E. Malmberg's patch placement to use these new files - as an effort to prevent main.c from growing ad infinitum. Code already - existing in main.c which is OS specific should be moved into these files. - -Daniel Stenberg (4 June 2009) -- Setting the Content-Length: header from your app when you do a POST or PUT - is almost always a VERY BAD IDEA. Yet there are still apps out there doing - this, and now recently it triggered a bug/side-effect in libcurl as when - libcurl sends a POST or PUT with NTLM, it sends an empty post first when it - knows it will just get a 401/407 back. If the app then replaced the - Content-Length header, it caused the server to wait for input that libcurl - wouldn't send. Aaron Oneal reported this problem in bug report #2799008 - (https://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. - -Yang Tse (4 Jun 2009) -- Igor Novoseltsev provided patches and information, that after some - adjustments to better fit curl's way of doing things, have resulted - in the posibility of building libcurl for VxWorks. - -Daniel Fandrich (2 June 2009) -- Checked in a Google Android make file. To use it, you must first - create a config.h file by running configure in the Android environment, - which doesn't seem to be easy to do. If no easy way can be found, a - static config-android.h may need to be created and checked in to the - libcurl source tree. - -Daniel Stenberg (1 June 2009) -- Claes Jakobsson fixed the configure script to better find and use NSS - without pkg-config. - -Yang Tse (1 Jun 2009) -- John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed - out that the configure script was failing to detect the timeval struct on - VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition - taking place in socket.h instead of time.h. I have adjusted configure - script to also include this header when checking struct timeval. - -Daniel Stenberg (27 May 2009) -- Frank McGeough provided a small OpenSSL #include fix to make libcurl compile - fine with Nokia 5th edition 1.0 SDK for Symbian. - -- Andre Guibert de Bruet found a call to a OpenSSL function that didn't check - for a failure properly. - -- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear - the auth credentials back in 7.19.0 and earlier while now you have to set "" - to get the same effect. His patch brings back the ability to use NULL. - -- Claes Jakobsson fixed libcurl-NSS to build fine even without the - PK11_CreateGenericObject() function. - -Daniel Stenberg (25 May 2009) -- bug report #2796358 (https://curl.haxx.se/bug/view.cgi?id=2796358) pointed - out that the cookie parser would leak memory when it parses cookies that are - received with domain, path etc set multiple times in the same header. While - such a cookie is questionable, they occur in the wild and libcurl no longer - leaks memory for them. I added such a header to test case 8. - -Daniel Fandrich (22 May 2009) -- Removed some obsolete digest code that caused a valgrind error in test 551. - -Daniel Fandrich (20 May 2009) -- Added "non-existing host" test keywords to make it easy to skip those - tests on machines that have broken DNS configurations (such as - those configured to use OpenDNS). - -Daniel Stenberg (19 May 2009) -- Kamil Dudka brought the patch from the Redhat bug entry - https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing - a bad file descriptor when closing down the FTP data connection. Caolan - McNamara seems to be the original author of it. - -Version 7.19.5 (18 May 2009) - -Daniel Stenberg (17 May 2009) -- James Bursa posted a patch to the mailing list that fixed a problem with - no_proxy which made it not skip the proxy if the URL entered contained a - user name. I added test case 1101 to verify. - -Daniel Stenberg (11 May 2009) -- Balint Szilakszi reported a memory leak when libcurl did gzip decompression - of streams that had some parts (legitimately) missing. We now provide and use - a proper cleanup function for the content encoding submodule. - https://curl.haxx.se/mail/lib-2009-05/0092.html - -- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth - at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12 - - If an incorrect password is given while loading a private key, libcurl ends - up in an infinite loop consuming memory. The bug is critical. - -- I fixed the problem with doing NTLM, POST and then following a 302 redirect, - as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on - curl-library). The transfer was mistakenly marked to get more data to send - but since it didn't actually have that, it just hung there... - -Daniel Stenberg (10 May 2009) -- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted - byte in the digest code. - -Yang Tse (9 May 2009) -- Removed DOS and TPF package's subdirectory Makefile.am, it was only used - to include some files in the distribution tarball serving no other purpose. - Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST - of the Makefile in the parent subdirectory. - -Yang Tse (8 May 2009) -- Changed host name literal in several tests to one under the haxx.se domain. - -- Renamed vc6 workspace and project files to avoid filename clash when used - for conversion to later VS versions. - -Daniel Stenberg (8 May 2009) -- Constantine Sapuntzakis fixed bug report #2784055 - (https://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to - connect to SOCKS proxies when using the multi interface. It turned out to - almost not work at all previously. We need to wait for the TCP connect to - be properly verified before doing the SOCKS magic. - - There's still a flaw in the FTP code for this. - -Daniel Stenberg (7 May 2009) -- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as - well. See change 28 Apr 2009. - -Yang Tse (7 May 2009) -- Fixed an issue affecting FTP transfers, introduced with the transfer.c - patch committed May 4. - -Daniel Stenberg (7 May 2009) -- Man page *roff problems fixed thanks to input from Colin Watson. Problems - reported in the Debian package. - -- Vijay G filed bug report #2723236 - (https://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with - libcurl's TFTP code and its lack of dealing with the OACK packet. - -Yang Tse (5 May 2009) -- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and - reverted the change affecting test suite harness committed 4 May. - -Daniel Stenberg (5 May 2009) -- Inspired by Michael Smith's session id fix for OpenSSL, I did the - corresponding fix in the GnuTLS code: make sure to store the new session id - in case the previous re-used one is rejected. - -Daniel Stenberg (4 May 2009) -- Michael Smith posted bug report #2786255 - (https://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how - libcurl did not deal with SSL session ids properly if the server rejected a - re-use of one. Starting now, it will forget the rejected one and remember - the new. This change was for OpenSSL only, it is likely that other SSL lib - code needs similar fixes. - -Yang Tse (4 May 2009) -- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and - non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems: - 1) On non-ASCII platforms not all of the protocol portions of the PUT are - being translated to ASCII. 2) On all platforms the line endings of part of - the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or - data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV). - -- Applied David McCreedy's patch to fix test suite harness to allow test FTP - server and client on different machines, providing FTP client address when - running the FTP test server. - -Daniel Fandrich (3 May 2009) -- Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug - report failed to mention that a proxy must be used to reproduce it. - -Yang Tse (2 May 2009) -- Use a build-time configured curl_socklen_t data type instead of socklen_t. - -Yang Tse (1 May 2009) -- Applied David McCreedy's patches "TPF-platform specific changes to various - files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the - former with minor edits. - -Daniel Stenberg (30 Apr 2009) -- I was going to fix issue #59 in KNOWN_BUGS - - If the CURLOPT_PORT option is used on an FTP URL like - "ftp://example.com/file;type=A" the ";type=A" is stripped off. - - I added test case 562 to verify, only to find out that I couldn't repeat - this bug so I hereby consider it not a bug anymore! - -Daniel Stenberg (29 Apr 2009) -- Based on bug report #2723219 (https://curl.haxx.se/bug/view.cgi?id=2723219) - I've now made TFTP "connections" not being kept for re-use within libcurl. - TFTP is UDP-based so the benefit was really low (if even existing) to begin - with so instead of tracking down to fix this problem we instead removed the - re-use. I also enabled test case 1099 that I wrote a few days ago to verify - that this change fixes the reported problem. - -Daniel Stenberg (28 Apr 2009) -- Constantine Sapuntzakis filed bug report #2783090 - (https://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows - we need to grow the SO_SNDBUF buffer somewhat to get really good upload - speeds. https://support.microsoft.com/kb/823764 has the details. Friends - confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough. - -- Bug report #2709004 (https://curl.haxx.se/bug/view.cgi?id=2709004) by Tim - Chen pointed out how curl couldn't upload with resume when reading from a - pipe. - - This ended up with the introduction of a new return code for the - CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but - that libcurl may try to resolve the situation anyway. In our case this means - libcurl will attempt to instead read that much data from the stream instead - of seeking and that way curl can now upload with resume when data is read - from a stream! - -Daniel Stenberg (26 Apr 2009) -- Bug report #2779733 (https://curl.haxx.se/bug/view.cgi?id=2779733) by Sven - Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi - interface and provided a patch that fixed the problem! - -Daniel Stenberg (24 Apr 2009) -- Kamil Dudka fixed another NSS-related leak when client certs were used. - -- Bug report #2779245 (https://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer - Koenig pointed out that the man page didn't tell that the *_proxy - environment variables can be specified lower case or UPPER CASE and the - lower case takes precedence, - -Daniel Fandrich (21 Apr 2009) -- Added new libcurl source files to Amiga, RiscOS and VC6 build files. - -Yang Tse (21 Apr 2009) -- Moved potential inclusion of system's malloc.h and memory.h header files to - setup_once.h. Inclusion of each header file is based on the definition of - NEED_MALLOC_H and NEED_MEMORY_H respectively. - - Renamed libcurl's memory.h to curl_memory.h - -Daniel Stenberg (20 Apr 2009) -- Leanic Lefever reported a crash and did some detailed research on why and - how it occurs (https://curl.haxx.se/mail/lib-2009-04/0289.html). The - conclusion was that if an error is detected and Curl_done() is called for - the connection, ftp_done() could at times return another error code that - then would take precedence and that new code confused existing logic that - works for the first error code (CURLE_SEND_ERROR) only. - -- Gisle Vanem noticed that --libtool would produce bogus strings at times for - OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - - within the app for setting plain string options to avoid the risk of this - mistake happening. - -Daniel Stenberg (17 Apr 2009) -- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP - proxy. libcurl would then wrongly close the connection after each - request. In his case it had the weird side-effect that it killed NTLM auth - for the proxy causing an inifinite loop! - - I added test case 1098 to verify this fix. The test case does however not - properly verify that the transfers are done persistently - as I couldn't - think of a clever way to achieve it right now - but you need to read the - stderr output after a test run to see that it truly did the right thing. - -Daniel Stenberg (13 Apr 2009) -- bug report #2727981 (https://curl.haxx.se/bug/view.cgi?id=2727981) by Martin - Storsjö pointed out how setting CURLOPT_NOBODY to 0 could be downright - confusing as it set the method to either GET or HEAD. The example he showed - looked like: - - curl_easy_setopt(curl, CURLOPT_PUT, 1); - curl_easy_setopt(curl, CURLOPT_NOBODY, 0); - - The new way doesn't alter the method until the request is about to start. If - CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is - 0 and the request happens to have been set to HEAD, it will then instead be - set to GET. I believe this will be less surprising to users, and hopefully - not hit any existing users badly. - -- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned - out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue - is found in Redhat's bug tracker: - https://bugzilla.redhat.com/show_bug.cgi?id=453612 - - There are still memory leaks present, but they seem to have other reasons. - -Daniel Fandrich (11 Apr 2009) -- Added new libcurl source files to Symbian OS build files. -- Improved Symbian support for SSL. - -Yang Tse (10 Apr 2009) -- Daniel Johnson improved the MacOSX-Framework shell script to now perform all - the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 - libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later. - -Yang Tse (8 Apr 2009) -- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also - removes it from the curlbuild.h file originally distributed by the cURL - project as this file is intended for systems not capable of running the - configure script. For those who have been building curl out of the source - code curl distribution tarball provided by curl.haxx.se the change implies - nothing. Previous change in this area committed 2 Apr becomes irrelevant. - -Daniel Stenberg (6 Apr 2009) -- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success - and 1 on fatal errors. Previously it only mentioned non-zero on fatal - errors. This is a slight change in meaning, but it follows what we've done - elsewhere before and it opens up for LOTS of more useful return codes - whenever we can think of them... - -Yang Tse (2 Apr 2009) -- Fix curl_off_t definition for builds done using Sun compilers and a - non-configured libcurl. In this case curl_off_t data type was gated - to the off_t data type which depends on the _FILE_OFFSET_BITS. This - configuration is exactly the unwanted configuration for our curl_off_t - data type which must not depend on such setting. This breaks ABI for - libcurl libraries built with Sun compilers which were built without - having run the configure script with _FILE_OFFSET_BITS different than - 64 and using the ILP32 data model. - -Daniel Stenberg (1 Apr 2009) -- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a - strdup() call failed. - -Daniel Fandrich (31 Mar 2009) -- Properly return an error code in curl_easy_recv (reported by Jim Freeman). - -Daniel Stenberg (18 Mar 2009) -- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when - NSS is used. These ciphers were added in NSS 3.4 and require to be enabled - explicitly. - -Daniel Stenberg (13 Mar 2009) -- Use libssh2_version() to present the libssh2 version in case the libssh2 - library is found to support it. - -Yang Tse (12 Mar 2009) -- Added missing Curl_read() return code checking in TELNET transfers. - -- Pierre Brico found and fixed TELNET transfers not being aborted upon - a write callback failure. - -Daniel Stenberg (11 Mar 2009) -- Kamil Dudka made the curl tool properly call curl_global_init() before any - other libcurl function. - -Yang Tse (11 Mar 2009) -- Added missing TELNET timeout support for Windows builds. This issue was - reported by Pierre Brico. - -Daniel Stenberg (9 Mar 2009) -- Frank Hempel found out a bug and provided the fix: - - curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE - option. It only enabled the cookie engine in the destination handle if - data->cookies is not NULL (where data is the source handle). In case of a - newly initialized handle which just had the cookie support enabled by a - curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was - still NULL because the setopt-call only appends the value to - data->change.cookielist, hence duplicating this handle would not have the - cookie engine switched on. - - We also concluded that the slist-functionality would be suitable for being - put in its own module rather than simply hanging out in lib/sendf.c so I - created lib/slist.[ch] for them. - -- Andreas Farber made the 'buildconf' script check for the presence of m4 - scripts to make it detect a bad checkout earlier. People with older - checkouts who don't do cvs update with the -d option won't get the new dirs - and then will get funny outputs that can be a bit hard to understand and - fix. - -Daniel Stenberg (8 Mar 2009) -- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the - allocation of the memory BIO was not being properly checked. - -- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places - in the gnutls code where we were checking for negative values for errors, - when the man pages state that GNUTLS_E_SUCCESS is returned on success and - other values indicate error conditions. - -- Bill Egert pointed out (https://curl.haxx.se/bug/view.cgi?id=2671602) that - curl didn't use sprintf() in a way that is documented to work in POSIX but - since we use our own printf() code (from libcurl) that shouldn't be a - problem. Nonetheless I modified the code to not rely on such particular - features and to not cause further raised eyebrowse with no good reason. - -Daniel Fandrich (5 Mar 2009) -- Expanded the security section of the libcurl-tutorial man page to cover - more issues for authors to consider when writing robust libcurl-using - applications. - -Yang Tse (5 Mar 2009) -- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This - issue was noticed by Chris Deidun. - -Daniel Fandrich (4 Mar 2009) -- Fixed a problem with m4 quoting in the OpenSSL configure check reported - by Daniel Johnson. - -Daniel Stenberg (3 Mar 2009) -- David James brought a patch that make libcurl close (all) dead connections - whenever you attempt to open a new connection. - - 1. After cleaning up a dead connection, "continue" instead of - returning FALSE. This ensures that we clean up all dead connections, - rather than just cleaning up the first dead connection. - 2. Move up the cleanup for dead connections so that it occurs for - all connections, rather than just the connections which have the same - preferences as our current new connection. - -Version 7.19.4 (3 March 2009) - -Daniel Stenberg (3 Mar 2009) -- David Kierznowski notified us about a security flaw - (https://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in - which previous libcurl versions (by design) can be tricked to access an - arbitrary local/different file instead of a remote one when - CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release - together this the addition of two new setopt options for controlling this - new behavior: - - o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to - follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option - excludes the FILE and SCP protocols and thus you nee to explicitly allow - them in your app if you really want that behavior. - - o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch - using the primary URL option. This is useful if you want to allow a user or - other outsiders control what URL to pass to libcurl and yet not allow all - protocols libcurl may have been built to support. - -Daniel Stenberg (27 Feb 2009) -- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and - CURLOPT_LOCALPORT were used together (the local port bind failed), and - Markus Koetter provided the fix! - -Daniel Stenberg (25 Feb 2009) -- As Daniel Fandrich figured out, we must do the GnuTLS initing in the - curl_global_init() function to properly maintain the performing functions - thread-safe. We've previously (28 April 2007) moved the init to a later time - just to avoid it to fail very early when libgcrypt dislikes the situation, - but that move was bad and the fix should rather be in libgcrypt or - elsewhere. - -Daniel Stenberg (24 Feb 2009) -- Brian J. Murrell found out that Negotiate proxy authentication didn't work. - It happened because the code used the struct for server-based auth all the - time for both proxy and server auth which of course was wrong. - -Daniel Stenberg (23 Feb 2009) -- After a bug reported by James Cheng I've made curl_easy_getinfo() for - CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return - -1 if the sizes aren't know. Previously these returned 0, make it impossible - to detect the difference between actually zero and unknown. - -Yang Tse (23 Feb 2009) -- Daniel Johnson provided a shell script that will perform all the steps needed - to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework - -Daniel Stenberg (23 Feb 2009) -- I renamed everything in the windows builds files that used the name 'curllib' - to the proper 'libcurl' as clearly this caused confusion. - -Yang Tse (20 Feb 2009) -- Do not halt compilation when using VS2008 to build a Windows 2000 target. - -Daniel Stenberg (20 Feb 2009) -- Linus Nielsen Feltzing reported and helped me repeat and fix a problem with - FTP with the multi interface: when a transfer fails, like when aborted by a - write callback, the control connection was wrongly closed and thus not - re-used properly. - - This change is also an attempt to cleanup the code somewhat in this area, as - now the FTP code attempts to keep (better) track on pending responses - necessary to get read in ftp_done(). - -Daniel Stenberg (19 Feb 2009) -- Patrik Thunstrom reported a problem and helped me repeat it. It turned out - libcurl did a superfluous 1000ms wait when doing SFTP downloads! - - We read data with libssh2 while doing the "DO" operation for SFTP and then - when we were about to start getting data for the actual file part, the - "TRANSFER" part, we waited for socket action (in 1000ms) before doing a - libssh2-read. But in this case libssh2 had already read and buffered the - data so we ended up always just waiting 1000ms before we get working on the - data! - -Patrick Monnerat (18 Feb 2009) -- FTP downloads (i.e.: RETR) ending with code 550 now return error - CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. - -Daniel Stenberg (17 Feb 2009) -- Kamil Dudka made NSS-powered builds compile and run again! - -- A second follow-up change by Andre Guibert de Bruet to fix a related memory - leak like that fixed on the 14th. When zlib returns failure, we need to - cleanup properly before returning error. - -- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for - plain FTP connections, and it will then allow MKD to fail once and retry the - CWD afterwards. This is especially useful if you're doing many simultanoes - connections against the same server and they all have this option enabled, - as then CWD may first fail but then another connection does MKD before this - connection and thus MKD fails but trying CWD works! The numbers can - (should?) now be set with the convenience enums now called - CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. - - Tests has proven that if you're making an application that uploads a set of - files to an ftp server, you will get a noticable gain in speed if you're - using multiple connections and this option will be then be very useful. - -Daniel Stenberg (14 Feb 2009) -- Andre Guibert de Bruet found and fixed a memory leak in the content encoding - code, which could happen on libz errors. - -Daniel Fandrich (12 Feb 2009) -- Added support for Digest and NTLM authentication using GnuTLS. - -Daniel Stenberg (11 Feb 2009) -- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if - the condition in the previous request was unmet. This is typically a time - condition set with CURLOPT_TIMECONDITION and was previously not possible to - reliably figure out. From bug report #2565128 - (https://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert. - -Daniel Fandrich (4 Feb 2009) -- Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS - (respectively) when --with-ssl=/usr is used (patch based on FreeBSD). - -- Added an explicit buffer limit check in msdosify() (patch based on FreeBSD). - This couldn't ever overflow in curl, but might if the code were used - elsewhere or under different conditions. - -Daniel Stenberg (3 Feb 2009) -- Hidemoto Nakada provided a small fix that makes it possible to get the - CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with - CURLOPT_NOBODY set true. - -Daniel Stenberg (2 Feb 2009) -- Patrick Scott found a rather large memory leak when using the multi - interface and setting CURLMOPT_MAXCONNECTS to something less than the number - of handles you add to the multi handle. All the connections that didn't fit - in the cache would not be properly disconnected nor freed! - -- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP - version 1.1 instead of 1.0 like before. This change also introduces the new - proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to - switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 - option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. - - I updated all test cases cases that use CONNECT and I tried to do some using - --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run. - -Daniel Stenberg (31 Jan 2009) -- When building with c-ares 1.6.1 (not yet released) or later and IPv6 support - enabled, we can now take advantage of its brand new AF_UNSPEC support in - ares_gethostbyname(). This makes test case 241 finally run fine for me with - this setup since it now parses the "::1 ip6-localhost" line fine in my - /etc/hosts file! - -Daniel Stenberg (30 Jan 2009) -- Scott Cantor filed bug report #2550061 - (https://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to - properly make sure that the VC9 makefiles got included in the latest - release. I've now fixed the release script and verified it so next release - will hopefully include them properly! - -Daniel Fandrich (30 Jan 2009) -- Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for - reporting. - -Yang Tse (29 Jan 2009) -- Introduced curl_sspi.c and curl_sspi.h for the implementation of functions - Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were - named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c - Also adjusted socks_sspi.c to remove the link-time dependency on the Windows - SSPI library using it now in the same way as it was done in http_ntlm.c. - -Daniel Stenberg (28 Jan 2009) -- Markus Moeller introduced two new options to libcurl: - CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl - to do GSS-style authentication with SOCKS5 proxies. The curl tool got the - options called --socks5-gssapi-service and --socks5-gssapi-nec to enable - these. - -Daniel Stenberg (26 Jan 2009) -- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app - to set desired block size to use for TFTP transfers instead of the default - 512 bytes. - -- The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to - disable "rfc4507bis session ticket support". rfc4507bis was later turned - into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077 - - The enabled extension concerns the session management. I wonder how often - libcurl stops a connection and then resumes a TLS session. also, sending the - session data is some overhead. .I suggest that you just use your proposed - patch (which explicitly disables TICKET). - - If someone writes an application with libcurl and openssl who wants to - enable the feature, one can do this in the SSL callback. - - Sharad Gupta brought this to my attention. Peter Sylvester helped me decide - on the proper action. - -- Alexey Borzov filed bug report #2535504 - (https://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with - quoted quotation marks in HTTP Digest headers didn't work. I've now added - test case 1095 that verifies my fix. - -- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option. - They basically offer the same thing the NO_PROXY environment variable only - offered previously: list a set of host names that shall not use the proxy - even if one is specified. - -Daniel Fandrich (20 Jan 2009) -- Call setlocale() for libtest tests to test the effects of locale-induced - libc changes on libcurl. - -- Fixed a couple more locale-dependent toupper conversions, mainly for - clarity. This does fix one problem that causes ;type=i FTP URLs - to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is - used (test case 561) - -- Added tests 561 and 1091 through 1094 to test various combinations - of ;type= and ;mode= URLs that could potentially fail in the Turkish - locale. - -Daniel Stenberg (20 Jan 2009) -- Lisa Xu pointed out that the ssh.obj file was missing from the - lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too). - -Version 7.19.3 (19 January 2009) - -Daniel Stenberg (16 Jan 2009) -- Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both - 32 bit and 64 bit. - -Daniel Stenberg (15 Jan 2009) -- Tim Ansell fixed a compiler warning in lib/cookie.c - -Daniel Stenberg (14 Jan 2009) -- Grant Erickson fixed timeouts for TFTP such that specifying a - connect-timeout, a max-time or both options work correctly and as expected - by passing the correct boolean value to Curl_timeleft via the - 'duringconnect' parameter. - - With this small change, curl TFTP now behaves as expected (and likely as - originally-designed): - - 1) For non-existent or unreachable dotted IP addresses: - - a) With no options, follows the default curl 300s timeout... - b) With --connect-timeout only, follows that value... - c) With --max-time only, follows that value... - d) With both --connect-timeout and --max-time, follows the smaller value... - - and times out with a "curl: (7) Couldn't connect to server" error. - - 2) For transfers to/from a valid host: - - a) With no options, follows default curl 300s timeout for the - first XRQ/DATA/ACK transaction and the default TFTP 3600s - timeout for the remainder of the transfer... - - b) With --connect-time only, follows that value for the - first XRQ/DATA/ACK transaction and the default TFTP 3600s - timeout for the remainder of the transfer... - - c) With --max-time only, follows that value for the first - XRQ/DATA/ACK transaction and for the remainder of the - transfer... - - d) With both --connect-timeout and --max-time, follows the former - for the first XRQ/DATA/ACK transaction and the latter for the - remainder of the transfer... - - and times out with a "curl: (28) Timeout was reached" error as - appropriate. - -Daniel Stenberg (13 Jan 2009) -- Michael Wallner fixed a NULL pointer deref when calling - curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no - cookies data. - -- Stefan Teleman brought a patch to fix the default curlbuild.h file for the - SunPro compilers. - -Daniel Stenberg (12 Jan 2009) -- Based on bug report #2498665 (https://curl.haxx.se/bug/view.cgi?id=2498665) - by Daniel Black, I've now added magic to the configure script that makes it - use pkg-config to detect gnutls details as well if the existing method - (using libgnutls-config) fails. While doing this, I cleaned up and unified - the pkg-config usage when detecting openssl and nss as well. - -Daniel Stenberg (11 Jan 2009) -- Karl Moerder brought the patch that creates vc9 Makefiles, and I made - 'maketgz' now use the actual makefile targets to do the VC8 and VC9 - makefiles. - -Daniel Stenberg (10 Jan 2009) -- Emil Romanus fixed: - - When using the multi interface over HTTP and the server returns a Location - header, the running easy handle will get stuck in the CURLM_STATE_PERFORM - state, leaving the external event loop stuck waiting for data from the - ingoing socket (when using the curl_multi_socket_action stuff). While this - bug was pretty hard to find, it seems to require only a one-line fix. The - break statement on line 1374 in multi.c caused the function to skip the call - to multistate(). - - How to reproduce this bug? Well, that's another question. evhiperfifo.c in - the examples directory chokes on this bug only _sometimes_, probably - depending on how fast the URLs are added. One way of testing the bug out is - writing to hiper.fifo from more than one source at the same time. - -Daniel Fandrich (7 Jan 2009) -- Unified much of the SessionHandle initialization done in Curl_open() and - curl_easy_reset() by creating Curl_init_userdefined(). This had the side - effect of fixing curl_easy_reset() so it now also resets - CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE - -Daniel Stenberg (7 Jan 2009) -- Rob Crittenden did once again provide an NSS update: - - I have to jump through a few hoops now with the NSS library initialization - since another part of an application may have already initialized NSS by the - time Curl gets invoked. This patch is more careful to only shutdown the NSS - library if Curl did the initialization. - - It also adds in a bit of code to set the default ciphers if the app that - call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific - ciphers. One might argue that this lets other application developers get - lazy and/or they aren't using the NSS API correctly, and you'd be right. - But still, this will avoid terribly difficult-to-trace crashes and is - generally helpful. - -Daniel Stenberg (1 Jan 2009) -- 'reconf' is removed since we rather have users use 'buildconf' - -Daniel Stenberg (31 Dec 2008) -- Bas Mevissen reported https://curl.haxx.se/bug/view.cgi?id=2479030 pointing - out that 'reconf' didn't properly point out the m4 subdirectory when running - aclocal. - -Daniel Stenberg (29 Dec 2008) - - Phil Lisiecki filed bug report #2413067 - (https://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that - would cause libcurl to mark a DNS cache entry "in use" eternally if the - subsequence TCP connect failed. It would thus never get pruned and refreshed - as it should've been. - - Phil provided his own patch to this problem that while it seemed to work - wasn't complete and thus I wrote my own fix to the problem. - -Daniel Stenberg (28 Dec 2008) -- Peter Korsgaard fixed building libcurl with "configure --with-ssl - --disable-verbose". - -- Anthony Bryan fixed more language and spelling flaws in man pages. - -Daniel Stenberg (22 Dec 2008) -- Given a recent enough libssh2, libcurl can now seek/resume with SFTP even - on file indexes beyond 2 or 4GB. - -- Anthony Bryan provided a set of patches that cleaned up manual language, - corrected spellings and more. - -Daniel Stenberg (20 Dec 2008) -- Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing - pipelining, as libcurl could then easily get confused and A) work on the - handle that was not "first in queue" on a pipeline, or even B) tell the app - to REMOVE a socket while it was in use by a second handle in a pipeline. Both - errors caused hanging or stalling applications. - -Daniel Stenberg (19 Dec 2008) -- curl_multi_timeout() could return a timeout value of 0 even though nothing - was actually ready to get done, as the internal time resolution is higher - than the returned millisecond timer. Therefore it could cause applications - running on fast processors to do short bursts of busy-loops. - curl_multi_timeout() will now only return 0 if the timeout is actually - alreay triggered. - -- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl - now has an improved ability to do right when the multi interface (both - "regular" and multi_socket) is used for SCP and SFTP transfers. This should - result in (much) less busy-loop situations and thus less CPU usage with no - speed loss. - -Daniel Stenberg (17 Dec 2008) -- SCP and SFTP with the multi interface had the same flaw: the 'DONE' - operation didn't complete properly if the EAGAIN equivalent was returned but - libcurl would simply continue with a half-completed close operation - performed. This ruined persistent connection re-use and cause some - SSH-protocol errors in general. The correction is unfortunately adding a - blocking function - doing it entirely non-blocking should be considered for - a better fix. - -Gisle Vanem (16 Dec 2008) -- Added the possibility to use the Watt-32 tcp/ip stack under Windows. - The change simply involved adding a USE_WATT32 section in the - config-win32.h files (under ./lib and ./src). This section disables - the use of any Winsock headers. - -Daniel Stenberg (16 Dec 2008) -- libssh2_sftp_last_error() was wrongly used at some places in libcurl which - made libcurl sometimes not properly abort problematic SFTP transfers. - -Daniel Stenberg (12 Dec 2008) -- More work with Igor Novoseltsev to first fix the remaining stuff for - removing easy handles from multi handles when the easy handle is/was within - a HTTP pipeline. His bug report #2351653 - (https://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was - eventually fixed by a patch by Igor himself. - -Yang Tse (12 Dec 2008) -- Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting - OS/400 compilations with IPv6 enabled. - -Daniel Stenberg (12 Dec 2008) -- Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists - when using duphandle+curl_mutli" - (https://curl.haxx.se/bug/view.cgi?id=2416182) which showed that - curl_easy_duphandle() wrongly also copied the pointer to the connection - cache, which was plain wrong and caused a segfault if the handle would be - used in a different multi handle than the handle it was duplicated from. - -Daniel Stenberg (11 Dec 2008) -- Keshav Krity found out that libcurl failed to deal with dotted IPv6 - addresses if they were very long (>39 letters) due to a too strict address - validity parser. It now accepts addresses up to 45 bytes long. - -Daniel Stenberg (11 Dec 2008) -- Internet Explorer had a broken HTTP digest authentication before v7 and - there are servers "out there" that relies on the client doing this broken - Digest authentication. Apache even comes with an option to work with such - broken clients. - - The difference is only for URLs that contain a query-part (a '?'-letter and - text to the right of it). - - libcurl now supports this quirk, and you enable it by setting the - CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or - CURLOPT_PROXYAUTH options. They are thus individually controlled to server - and proxy. - - (note that there's no way to activate this with the curl tool yet) - -Daniel Fandrich (9 Dec 2008) -- Added test cases 1089 and 1090 to test --write-out after a redirect to - test a report that the size didn't work, but these test cases pass. - -- Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs. - -Daniel Stenberg (9 Dec 2008) -- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any - particular state for the control connection like it did before for implicit - FTPS (libcurl assumed such control connections to be encrypted while some - FTPS servers such as FileZilla assumes such connections to be clear - mode). Use the CURLOPT_USE_SSL option to set your desired level. - -Daniel Stenberg (8 Dec 2008) -- Fred Machado posted about a weird FTP problem on the curl-users list and when - researching it, it turned out he got a 550 response back from a SIZE command - and then I fell over the text in RFC3659 that says: - - The presence of the 550 error response to a SIZE command MUST NOT be taken - by the client as an indication that the file cannot be transferred in the - current MODE and TYPE. - - In other words: the change I did on September 30th 2008 and that has been - included in the last two releases were a regression and a bad idea. We MUST - NOT take a 550 response from SIZE as a hint that the file doesn't exist. - -- Christian Krause filed bug #2221237 - (https://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite - loop during GSS authentication given some specific conditions. With his - patience and great feedback I managed to narrow down the problem and - eventually fix it although I can't test any of this myself! - -Daniel Fandrich (3 Dec 2008) -- Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6 - support (e.g. Minix) - -Daniel Stenberg (3 Dec 2008) -- Igor Novoseltsev filed bug #2351645 - (https://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with - the multi interface that occured if you removed an easy handle while in - progress and the handle was used in a HTTP pipeline. - -- Pawel Kierski pointed out a mistake in the cookie code that could lead to a - bad fclose() after a fatal error had occured. - (https://curl.haxx.se/bug/view.cgi?id=2382219) - -Daniel Fandrich (25 Nov 2008) -- If a HTTP request is Basic and num is already >=1000, the HTTP test - server adds 1 to num to get the data section to return. This allows - testing authentication negotiations using the Basic authentication - method. - -- Added tests 1087 and 1088 to test Basic authentication on a redirect - with and without --location-trusted - -Daniel Stenberg (24 Nov 2008) -- Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19 - function when built to support SCP and SFTP that helps the library to know - in which direction a particular libssh2 operation would return EAGAIN so - that libcurl knows what socket conditions to wait for before trying the - function call again. Previously (and still when using libssh2 0.18 or - earlier), libcurl will busy-loop in this situation when the easy interface - is used! - -Daniel Fandrich (20 Nov 2008) -- Automatically detect OpenBSD's CA cert bundle. - -Daniel Stenberg (19 Nov 2008) -- I removed the default use of "Pragma: no-cache" from libcurl when a proxy is - used. It has been used since forever but it was never a good idea to use - unless explicitly asked for. - -- Josef Wolf's extension that allows a $TESTDIR/gdbinit$testnum file that when - you use runtests.pl -g, will be sourced by gdb to allow additional fancy or - whatever you see fit - -- Christian Krause reported and fixed a memory leak that would occur with HTTP - GSS/kerberos authentication (https://curl.haxx.se/bug/view.cgi?id=2284386) - -- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got - when uploading files to a single FTP server using multiple easy handle - handles with the multi interface. Occasionally a handle would stall in - mysterious ways. - - The problem turned out to be a side-effect of the ConnectionExists() - function's eagerness to re-use a handle for HTTP pipelining so it would - select it even if already being in use, due to an inadequate check for its - chances of being used for pipelnining. - -Daniel Fandrich (17 Nov 2008) -- Added more compiler warning options for gcc 4.3 - -Yang Tse (17 Nov 2008) -- Fix a remaining problem in the inet_pton() runtime configure check. And - fix internal Curl_inet_pton() failures to reject certain malformed literals. - -- Make configure script check if ioctl with the SIOCGIFADDR command can be - used, and define HAVE_IOCTL_SIOCGIFADDR if appropriate. - -Daniel Stenberg (16 Nov 2008) -- Christian Krause fixed a build failure when building with gss support - enabled and FTP disabled. - -- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c - - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do - for example -O on a url with a file name part longer than PATH_MAX letters - -- lib/nss.c fixes based on the report by Jim Meyering: I went over and added - checks for return codes for all calls to malloc and strdup that were - missing. I also changed a few malloc(13) to use arrays on the stack and a - few malloc(PATH_MAX) to instead use aprintf() to lower memory use. - -- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is - in use. - -Daniel Fandrich (14 Nov 2008) -- Added .xml as one of the few common file extensions known by the multipart - form generator. - -- Added some #ifdefs around header files and change the EAGAIN test to - fix compilation on Cell (reported by Jeff Curley). - -Yang Tse (14 Nov 2008) -- Fixed several configure script issues affecting checks for inet_ntoa_r(), - inet_ntop(), inet_pton(), getifaddrs(), fcntl() and getaddrinfo(). - -Yang Tse (13 Nov 2008) -- Refactored configure script detection of functions used to set sockets into - non-blocking mode, and decouple function detection from function capability. - -Version 7.19.2 (13 November 2008) - -Michal Marek (13 Nov 2008) -- Fixed a potential data loss in Curl_client_write() when the transfer is - paused. - -Daniel Stenberg (11 Nov 2008) -- Rainer Canavan filed bug #2255627 - (https://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a - program using libcurl's multi interface to download a HTTPS page with a - libcurl built powered by OpenSSL, would easily get silly and instead hand - over SSL details as data instead of the actual HTTP headers and body. This - happened because libcurl would consider the connection handshake done too - early. This problem was introduced at September 22nd 2008 with my fix of the - bug #2107377 - - The correct fix is now instead done within the GnuTLS-handling code, as both - the OpenSSL and the NSS code already deal with this situation in similar - fashion. I added test case 560 in an attempt to verify this fix, but - unfortunately it didn't trigger it even before this fix! - -Yang Tse (11 Nov 2008) -- Related with bug #2230535 (https://curl.haxx.se/bug/view.cgi?id=2230535) - Daniel Fandrich noticed that curl_addrinfo was also missing in the build - process of other four non-configure platforms. Added now. - -Daniel Fandrich (7 Nov 2008) -- The getifaddrs() version of Curl_if2ip() crashed when used on a Linux - system with a TEQL load-balancing device configured, which doesn't - have an address. Thanks to Adam Sampson for spotting this (bug #2234923). - -Yang Tse (6 Nov 2008) -- Merged existing IPv4 and IPv6 Curl_ip2addr functions into a single one - which now also takes a protocol address family argument. - -- Bug #2230535 (https://curl.haxx.se/bug/view.cgi?id=2230535) pointed out a - problem with MSVC 6 makefile that caused a build failure. It was noted that - the curl_addrinfo.obj reference was missing. I took the opportunity to sort - the list in which this was missing. Issue submitted by John Wilkinson. - -Version 7.19.1 (5 November 2008) - -Daniel Stenberg (4 Nov 2008) -- CURLINFO_FILETIME now works for file:// transfers as well - -Daniel Stenberg (3 Nov 2008) -- Bug #2218480 (https://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a - problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL - pointer read. I also took the opportunity to clean up this logic (storing of - the connection's IP address) somewhat as we had it stored in two different - places and ways previously and they are now unified. - -Yang Tse (3 Nov 2008) -- Fix undersized IPv6 address internal buffer. IPv6 address strings longer - than 35 characters would be truncated. - -Daniel Stenberg (2 Nov 2008) -- Daniel Johnson reported and fixed: - - When c-ares isn't enabled, libcurl by default calls getaddrinfo with family - set to PF_UNSPEC which causes getaddrinfo to return all available addresses, - both IPv4 and IPv6. Libcurl then tries each one until it can connect. If the - net connection doesn't support IPv6, libcurl can still fall back to IPv4. - - However, since c-ares doesn't support PF_UNSPEC, when it's used it defaults - to using family=PF_INET6 and therefore only returns IPv6 addresses when AAAA - records are available, even if IPv4 addresses are also available. The effect - is that since my ISP doesn't do IPv6, libcurl can't connect at all to a site - that has AAAA records. It will work if I explicitly use CURL_IPRESOLVE_V4 or - --ipv4 with the curl tool. I discovered this when curl would fail to connect - to seemingly random sites. It turns out they weren't random, they were sites - with AAAA records. - - So now libcurl defaults to PF_INET... until c-ares has been tought to offer - both. - -Yang Tse (31 Oct 2008) -- Tests 558 and 559 are stabilized. These two tests were initially introduced - to aid in the location of a seg-fault which was only triggered on non-debug - builds done with the icc 9.1 Intel compiler. Test 558 does not trigger the - problem, but test 559 does trigger it. As of today, it isn't yet absolutely - clear if it is a compiler optimizer issue or a memory corruption one. - -Yang Tse (30 Oct 2008) -- Use our Curl_addrinfo structure definition to handle address info data even - when a system addrinfo struct is available. Provide and use a wrapper around - systems getaddrinfo function, Curl_getaddrinfo_ex which returns a pointer to - a list of dynamically allocated Curl_addrinfo structs. - - Configure will check freeaddrinfo and getaddrinfo functions and define - preprocessor symbols HAVE_FREEADDRINFO and HAVE_GETADDRINFO when appropriate. - -Daniel Fandrich (29 Oct 2008) -- Fixed a bug that caused a few bytes of garbage to be sent after a - curl_easy_pause() during a chunky upload. Reported by Steve Roskowski. - -Daniel Fandrich (28 Oct 2008) -- Changed the "resolve" test precheck program to verify that an IPv6 socket - can be created before resolving the IPv6 name. In the context of running - a test, it doesn't make sense to run an IPv6 test when a host is resolvable - but IPv6 isn't usable. This should fix failures of test 1085 on hosts with - library and DNS support for IPv6 but where actual use of IPv6 has been - administratively disabled. - -Daniel Fandrich (24 Oct 2008) -- Added experimental support for zlib and OpenSSL on Symbian OS. - -Daniel Fandrich (21 Oct 2008) -- Fixed some problems with SFTP range support to fix test cases 634 through - 637. - -Daniel Fandrich (17 Oct 2008) -- Fixed a compile error reported by Albert Chin on AIX and IRIX when using - GTLS. - -Daniel Stenberg (16 Oct 2008) -- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then - make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding - these new options is that they have no problems with the colon separator - that the CURLOPT_PROXYUSERPWD option does. - -Daniel Stenberg (15 Oct 2008) -- Pascal Terjan filed bug #2154627 - (https://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl - uses strcasecmp() in multiple places where it causes failures when the - Turkish locale is used. This is because 'i' and 'I' isn't the same letter so - strcasecmp() on those letters are different in Turkish than in English (or - just about all other languages). I thus introduced a totally new internal - function in libcurl (called Curl_raw_equal) for doing case insentive - comparisons for english-(ascii?) style strings that thus will make "file" - and "FILE" match even if the Turkish locale is selected. - -Daniel Fandrich (15 Oct 2008) -- A command is considered to have failed if it returns a non-zero - return code. This way, if the precheck command can't be run at all for - whatever reason, it's treated as a precheck failure which causes the - test to be skipped. - -Daniel Stenberg (15 Oct 2008) -- John Wilkinson filed bug #2155496 - (https://curl.haxx.se/bug/view.cgi?id=2155496) pointing out an error case - without a proper human-readable error message. When a read callback returns - a too large value (like when trying to return a negative number) it would - trigger and the generic error message then makes the proplem slightly - different to track down. I've added an error message for this now. - -Daniel Fandrich (9 Oct 2008) -- Fixed the --interface option to work with IPv6 connections on glibc - systems supporting getifaddrs(). Also fixed a problem where an IPv6 - address could be chosen instead of an IPv4 one for --interface when it - involved a name lookup. - -Daniel Fandrich (8 Oct 2008) -- Added tests 1082 through 1085 to test symbolic --interface parameters - -- Added tests 633 through 637 to test the new file range support for SFTP. - All but the first test cause an infinite loop or other failure and so - are added to DISABLED. - -Daniel Stenberg (8 Oct 2008) -- John Wilkinson filed bug #2152270 - (https://curl.haxx.se/bug/view.cgi?id=2152270) which identified and fixed a - CURLINFO_REDIRECT_URL memory leak and an additional wrong-doing: - - Any subsequent transfer with a redirect leaks memory, eventually crashing - the process potentially. - - Any subsequent transfer WITHOUT a redirect causes the most recent redirect - that DID occur on some previous transfer to still be reported. - -- Igor Novoseltsev filed bug #2111613 - (https://curl.haxx.se/bug/view.cgi?id=2111613) that eventually identified a - flaw in how the multi_socket interface in some cases missed to call the - timeout callback when easy interfaces are removed and added within the same - millisecond. - -- Igor Novoseltsev brought a patch that introduced two new options to - curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of - deprecates the good old CURLOPT_USERPWD since they allow applications to set - the user name and password independently and perhaps more importantly allow - both to contain colon(s) which CURLOPT_USERPWD doesn't fully support. - -Daniel Fandrich (7 Oct 2008) -- Changed the handling of read/write errors in Curl_perform() to allow a - a fresh connection to be made in such cases and the request retransmitted. - This should fix test case 160. Added test case 1079 in an attempt to - test a similar connection dropping scenario, but as a race condition, it's - hard to test reliably. - -- Created test cases 1080 and 1081 to reproduce a problem of - CURLINFO_REDIRECT_URL leaking memory and returning incorrect results when - two URLs are requested. Reported by vmpdemo in bug #2152270 - -Daniel Stenberg (7 Oct 2008) -- Fixed CURLINFO_PRIMARY_IP: When libcurl created a connection to host A then - the app re-used the handle to do a connection to host B and then again - re-used the handle to host A, it would not update the info with host A's IP - address (due to the connection being re-used) but it would instead report - the info from host B. - -Yang Tse (7 Oct 2008) -- Added --enable-optimize configure option to enable and disable compiler - optimizations to allow decoupled setting from --enable-debug. - -Yang Tse (2 Oct 2008) -- Added --enable-warnings configure option to enable and disable strict - compiler warnings to allow decoupled setting from --enable-debug. - - runtests.pl will now run with picky compiler warnings enabled unless - explicitly disabled. - -Daniel Fandrich (1 Oct 2008) -- "make clean" now cleans out the docs and tests directories, too. - -Daniel Stenberg (30 Sep 2008) -- The libcurl FTP code now returns CURLE_REMOTE_FILE_NOT_FOUND error when SIZE - gets a 550 response back for the cases where a download (or NOBODY) is - wanted. It still allows a 550 as response if the SIZE is used as part of an - upload process (like if resuming an upload is requested and the file isn't - there before the upload). I also modified the FTP test server and a few test - cases accordingly to match this modified behavior. - -Daniel Stenberg (29 Sep 2008) -- Daniel Egger provided a patch that allows you to disable proxy support in - libcurl to somewhat reduce the size of the binary. Run configure - --disable-proxy. - -Daniel Fandrich (29 Sep 2008) -- Moved all signal-based name resolution timeout handling into a single new - Curl_resolv_timeout function to reduce coupling. - -Daniel Stenberg (29 Sep 2008) -- Ian Lynagh provided a patch that now makes CURLOPT_RANGE work fine for SFTP - downloads! - -- Maxim Ivanov filed bug report #2107803 - (https://curl.haxx.se/bug/view.cgi?id=2107803) "no CURLINFO_REDIRECT_URL in - multi mode" together with a patch that fixed the problem. - -Daniel Stenberg (25 Sep 2008) -- Emanuele Bovisio submitted bug report #2126435. We fixed the HTTP Digest - auth code to not behave badly when getting a blank realm with - realm="". https://curl.haxx.se/bug/view.cgi?id=2126435 - -Daniel Fandrich (23 Sep 2008) -- Make sure not to dereference the wrong UrlState proto union member when - switching from one protocol to another in a single request (e.g. - redirecting from HTTP to FTP as in test 1055) by resetting - state.expect100header before every request. - -Daniel Stenberg (23 Sep 2008) -- Introducing Jamie Lokier's function for date to epoch conversion used in the - date parser function. This makes our function less dependent on system- - provided functions and instead we do all the magic ourselves. We also no - longer depend on the TZ environment variable. Switching to our own converter - has some side-effect and they are noted here for future reference (taken - from a mail by mr Lokier): - - time_t is not measured in seconds in the ANSI C standard - or even counted - uniformly - weird platforms can use other numeric representations of dates - in time_t - hence the difftime() function. - - On POSIX time_t is measured in UTC seconds, which means not including leap - seconds. But it's mentioned in a few places that some old POSIX-ish - environments include leap seconds in their time_t counts... - - I'm pretty sure [the new implementation is] correct on anything truly POSIX. - And it's obviously a lot less dependent on platform quirks and corner cases - in many ways than the mktime() version. - -- Rob Crittenden brought a patch to "add some locking for thread-safety to NSS - implementation". - -Daniel Stenberg (22 Sep 2008) -- Made the SOCKS code use the new Curl_read_plain() function to fix the bug - Markus Moeller reported: https://curl.haxx.se/mail/archive-2008-09/0016.html - -- recv() errors other than those equal to EAGAIN now cause proper - CURLE_RECV_ERROR to get returned. This made test case 160 fail so I've now - disabled it until we can figure out another way to exercise that logic. - -- Michael Goffioul filed bug report #2107377 "Problem with multi + GnuTLS + - proxy" (https://curl.haxx.se/bug/view.cgi?id=2107377) that showed how a multi - interface using program didn't work when built with GnuTLS and a CONNECT - request was done over a proxy (basically test 502 over a proxy to a HTTPS - site). It turned out the ssl connect function would get called twice which - caused the second call to fail. - -Daniel Fandrich (22 Sep 2008) -- Fixed test 539 to handle an out of memory condition that shows up now - that memdebug.h is included in the test programs. - -Yang Tse (20 Sep 2008) -- Fix regression in configure script which affected OpenSSL builds on MSYS. - -Yang Tse (19 Sep 2008) -- configure script now checks availability of the alarm() function. - -Daniel Fandrich (18 Sep 2008) -- Don't bother to install a SIGALRM handler unless alarm() is available. - Also, leave the existing SIGALRM handler alone if the timeout is too small - to handle. - -Daniel Fandrich (17 Sep 2008) -- Removed reference to curl-ca-bundle.crt in the host verification failure - error message. - -Yang Tse (17 Sep 2008) -- Improve configure detection of gethostname(), localtime_r(), strstr(), - getservbyport_r(), gethostbyaddr_r() and gethostbyname_r(). - -Yang Tse (14 Sep 2008) -- Improve configure detection of strcasecmp(), strcasestr(), strcmpi(), - stricmp(), strlcat(), strncasecmp(), strncmpi() and strnicmp(). - -Yang Tse (13 Sep 2008) -- Disable tracking of fdopen() calls in the low-level memory leak tracking - code when fdopen() is not available, to avoid compiler error. - -Yang Tse (12 Sep 2008) -- Further adjust detection of strerror_r() in the configure process, and - ensure that errno is not modified inside Curl_strerror(). - -Yang Tse (10 Sep 2008) -- Improve detection of gmtime_r(), strtoll(), sigaction(), strtok_r(), - strdup() and ftruncate() in the configure process. - -Daniel Fandrich (9 Sep 2008) -- Mike Revi discovered some swapped speed switches documented in the curl man - page. - -- Checked in some documentation and code improvements and fixes that I - discovered in the FreeBSD ports system. - -Daniel Stenberg (8 Sep 2008) -- Dmitry Kurochkin patched a problem: I have found bug in pipelining through - proxy. I have a transparent proxy. When running with http_proxy environment - variable not set my test completes fine (it goes through transparent - proxy). When I set http_proxy variable my test hangs after the first - downloaded is complete. Looks like the second handle never gets out from - WAITDO state. - - The fix: It makes checkPendPipeline move 1 handler from pend pipe to send - pipe if pipelining is not supported by server but there are no handles in - send and recv pipes. - -- Stefan Krause pointed out that libcurl would wrongly send away cookies to - sites in cases where the cookie clearly has a very old expiry date. The - condition was simply that libcurl's date parser would fail to convert the - date and it would then count as a (timed-based) match. Starting now, a - missed date due to an unsupported date format or date range will now cause - the cookie to not match. - -Daniel Fandrich (5 Sep 2008) -- Improved the logic that decides whether to use HTTP 1.1 features or not in a - request. Setting a specific version with CURLOPT_HTTP_VERSION overrides - all other checks, but otherwise, a 1.0 request will be made if the server - is known to support only 1.0 because it previously responded so and the - connection was kept alive, or a response to a previous request on this handle - came back as 1.0. The latter could take place in cases like redirection or - authentication where several requests have to be made before the operation - is complete. If any one of the servers in a redirection chain supports only - 1.0, then remaining requests will be sent in 1.0 mode. - -- Detect cases where an upload must be sent chunked and the server supports - only HTTP 1.0 and return CURLE_UPLOAD_FAILED. - -Daniel Stenberg (5 Sep 2008) -- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames - CURLOPT_POST301 (but adds a define for backwards compatibility for you who - don't define CURL_NO_OLDIES). This option allows you to now also change the - libcurl behavior for a HTTP response 302 after a POST to not use GET in the - subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the - patch somewhat before commit. The curl tool got a matching --post302 - option. Test case 1076 was added to verify this. - -- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By - enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS - or FTPS), libcurl will gather lots of server certificate info and that info - can then get extracted by a client after the request has completed with - curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing - helped me test and smoothen out this feature. - - Unfortunately, this feature currently only works with libcurl built to use - OpenSSL. - - This feature was sponsored by networking4all.com - thanks! - -- Dmitriy Sergeyev pointed out that curl_easy_pause() didn't unpause properly - during certain conditions. I also changed this code to use realloc() based - on Daniel Fandrich's suggestion. - -Guenter Knauf (4 Sep 2008) -- MingW32 non-configure builds are now largefile feature enabled by default. - NetWare LIBC builds are also now largefile feature enabled by default. - -Yang Tse (4 Sep 2008) -- Several fixes related with print formatting string directives. - -Daniel Fandrich (3 Sep 2008) -- Search for the FreeBSD CA cert file /usr/local/share/certs/ca-root.crt - -Daniel Fandrich (2 Sep 2008) -- Fixed an out of memory problem that caused torture test failures in tests - 706 and 707. - -Daniel Stenberg (2 Sep 2008) -- Keith Mok added supported_protocols and supported_features to the pkg-config - file for libcurl, and while doing that fix he unified with curl-config.in - how the supported protocols and features are extracted and used, so both those - tools should now always be synced. - -Version 7.19.0 (1 September 2008) - -Daniel Fandrich (29 Aug 2008) -- Added tests 1071 through 1074 to test automatic downgrading from HTTP 1.1 - to HTTP 1.0 upon receiving a response from the HTTP server. Tests 1072 - and 1073 are similar to test 1069 in that they involve the impossible - scenario of sending chunked data to a HTTP 1.0 server. All these fail - and are added to DISABLED. - -- Added test 1075 to test --anyauth with Basic authentication. - -Daniel Stenberg (29 Aug 2008) -- When libcurl was doing a HTTP POST and the server would respond with - "Connection: close" and actually close the connection after the - response-body, libcurl could still have outstanding data to send and it - would not properly notice this and stop sending. This caused weirdness and - sad faces. https://curl.haxx.se/bug/view.cgi?id=2080222 - - Note that there are still reasons to consider libcurl's behavior when - getting a >= 400 response code while sending data, as Craig Perras' note - "http upload: how to stop on error" specifies: - https://curl.haxx.se/mail/archive-2008-08/0138.html - -Daniel Stenberg (28 Aug 2008) -- Dengminwen reported that libcurl would lock a (cookie) share twice (without - an unlock in between) for a certain case and that in fact works when using - regular windows mutexes but not with pthreads'! Locks should of course not - get locked again so this is now fixed. - https://curl.haxx.se/mail/lib-2008-08/0422.html - -- I'm abandoning the system with the web site mirrors (but keeping download - files bing mirrored) and thus I've changed the URL in the cookiejar header - to no longer use curlm.haxx.se but instead use the main site curl.haxx.se - -Daniel Fandrich (27 Aug 2008) -- Fixed test case 1065 by changing the handling of CURLOPT_UPLOAD to set - the HTTP method to GET (or HEAD) when given a value of 0. - -- Added test cases 1068 and 1069 to test a simple HTTP PUT from stdin. Test - case 1069 fails in a similar manner to test 1065 so is added to DISABLED. - -Yang Tse (27 Aug 2008) -- Fix generation of MS VC6 .dsp file to make it support compilation of either - dynamic (DLL) or static (LIB) libcurl libraries in debug and release modes. - -Daniel Fandrich (26 Aug 2008) -- Fixed out of memory problems that caused torture test failures in tests - 1021 and 1067. - -Yang Tse (26 Aug 2008) -- Added check and symbol definition for WIN32 file API usage in configure, - supporting configure's --disable-largefile option for WIN32 targets also. - -- Non-configure systems which do not use config-win32.h configuration file, - and want to use the WIN32 file API, must define USE_WIN32_LARGE_FILES or - USE_WIN32_SMALL_FILES as appropriate in their own configuration files. - -Daniel Stenberg (23 Aug 2008) -- Running 'make ca-firefox' in the root build dir will now run the new - firefox-db2pem.sh conversion script that converts a local Firefox db of ca - certs into PEM format, suitable for use with a OpenSSL or GnuTLS built - libcurl. - -- Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi - interface, and the proxy would send Connection: close during the - authentication phase. https://curl.haxx.se/bug/view.cgi?id=2069047 - -Daniel Fandrich (22 Aug 2008) -- Fixed a problem when --dump-header - was given with more than one URL, - which caused an error when the second header was dumped due to stdout - being closed. Added test case 1066 to verify. Also fixed a potential - problem where a closed file descriptor might be used for an upload - when more than one URL is given. - -Yang Tse (22 Aug 2008) -- Improved libcurl's internal curl_m*printf() functions integral data type - size and signedness handling. - -- Internal adjustments to better select/differentiate when large/small file - support is provided using WIN32 functions directly. - -Daniel Fandrich (20 Aug 2008) -- Added an edited version of Vincent Le Normand's documentation of SFTP quote - commands to the man pages. - -Daniel Stenberg (20 Aug 2008) -- Phil Pellouchoud pointed out that the windows version of libcurl had a - memory leak because it never called the OpenSSL function - CRYPTO_cleanup_all_ex_data() as it was supposed to. This was because of a - missing define in config-win32.h! - -Gisle Vanem (18 Aug 2008) -- Updated lib/Makefile.Watcom with the option to use c-ares (USE_ARES=1). - -Yang Tse (18 Aug 2008) -- Added test case 557 to verify libcurl's internal curl_m*printf() functions - formatting functionality when handling signed and unsigned longs, as well as - our curl_off_t data type. - -Yang Tse (17 Aug 2008) -- OpenSSl enabled NetWare builds are changed to use the 'openssl' subdirectory - when including the OpenSSL header files. This is the recommended setting, this - prevents the undesired inclusion of header files with the same name as those - of OpenSSL but which do not belong to the OpenSSL package. The visible change - from previously released libcurl versions is that now OpenSSl enabled NetWare - builds also define USE_OPENSSL in config files, and that OpenSSL header files - must be located in a subdirectory named 'openssl'. - -Yang Tse (16 Aug 2008) -- Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU - remain in use as internal curl_off_t print formatting strings for the internal - *printf functions which still cannot handle print formatting string directives - such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and - other DOS/Windows compilers. - -Daniel Fandrich (15 Aug 2008) -- Added test case 1063 to test invalid long file ranges with file: URLs and - 1064 to test multiple http PUTs. - -- Added test case 1065 to test a PUT with a single file but two URLs. This - was discovered to be problematic while investigating an incident reported by - Von back in May. curl in this case doesn't include a Content-Length: or - Transfer-Encoding: chunked header which is illegal. This test case is - added to DISABLED until a solution is found. - -Yang Tse (15 Aug 2008) -- C preprocessor macros used internally and equally available externally which - aid in the use of the curl_off_t data type are named: CURL_FORMAT_CURL_OFF_T, - CURL_FORMAT_CURL_OFF_TU, CURL_SIZEOF_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_T, - CURL_SUFFIX_CURL_OFF_TU, CURL_OFF_T_C and CURL_OFF_TU_C. - -Yang Tse (13 Aug 2008) -- The size of long is a build time characteristic and as such it is now recorded - in curlbuild.h as CURL_SIZEOF_LONG. Definition now done from configure process - and in CVS curlbuild.h.dist for non-configure systems. - -Daniel Fandrich (12 Aug 2008) -- Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur - when a server responded with long headers and data. Luckily, the buffer - overflowed into another unused buffer, so no actual harm was done. - Added test cases 1060 and 1061 to verify. - -Daniel Stenberg (12 Aug 2008) -- Andy Tsouladze fixed runtests.pl to not attempt to execute the stunnel - _directory_ if that happened to appear in the path! - -Yang Tse (12 Aug 2008) -- Added macros for minimum-width signed and unsigned curl_off_t integer - constants CURL_OFF_T_C and CURL_OFF_TU_C. The clever double helper macro - used internally to provide its functionality is thanks to Lars Nilsson. - -Daniel Fandrich (11 Aug 2008) -- Fixed a boundary condition error in ftp_readresp() whereby a non-terminal - line of a multiline FTP response whose last byte landed exactly at the end - of the BUFSIZE-length buffer would be treated as the terminal response - line. The following response code read in would then actually be the - end of the previous response line, and all responses from then on would - correspond to the wrong command. Test case 1062 verifies this. - -- Stop closing a never-opened ftp socket. - -Daniel Stenberg (11 Aug 2008) -- Constantine Sapuntzakis filed bug report #2042430 - (https://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows - SSPI code is not thread safe". This was due to libcurl using static - variables to tell wether to load the necessary SSPI DLL, but now the loading - has been moved to the more suitable curl_global_init() call. - -- Constantine Sapuntzakis filed bug report #2042440 - (https://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a - problem when using NTLM over a proxy but the end-point does Basic, and then - libcurl would do wrong when the host sent "Connection: close" as the proxy's - NTLM state was erroneously cleared. - -Yang Tse (11 Aug 2008) -- Added missing signed and unsigned curl_off_t integer constant suffixes for - internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU. - -Daniel Fandrich (7 Aug 2008) -- Fixed an uninitialized variable in multi_runsingle() that could cause a - request to prematurely end. - -- Added test1059 to test the FTP proxy tunnel problem fixed July 11. - -Yang Tse (7 Aug 2008) -- Added curlbuild.h and curlrules.h header files to libcurl's public headers. - File curlbuild.h is a generated file on configure-capable systems. This is - a first step towards configure-based info in public headers. Currently only - used to provide support for a curl_off_t data type which is not gated to - off_t. Further details are documented inside these mentioned header files. - -- Fix CURL_CHECK_DEF so that when the expansion of the preprocessor symbol - results in a set of double-quoted strings, this macro will now return an - expansion which consists of a single double-quoted string as the result of - concatenating all of them. - -- Skip data type check in DO_CURL_OFF_T_CHECK macro when argument is empty. - -- Adjusted testcurl.pl to copy checked out curlbuild.h.dist as curlbuild.h - for non-configure targets when the host system doesn't run buildconf.bat. - -- Prevent buildconf from removing 'Makefile' and 'missing' files. This would - blow away our CVS checked files 'missing' and 'hiper/Makefile'. - -- Remove adjustment done to testcurl.pl to verify if change introduced by - Guenter Knauf in lib/Makefile.netware is enough to get the netware autobuilds - going again. - -Yang Tse (5 Aug 2008) -- Changes done to buildconf script. Validate that autom4te and autoconf, as - well as aclocal and automake, versions match. Improve removal of previous - run generated files. Remove verbose debug logging of aclocal on Solaris. - -Daniel Stenberg (5 Aug 2008) -- Yehoshua Hershberg found a problem that would make libcurl re-use a - connection with the multi interface even if a previous use of it caused a - CURLE_PEER_FAILED_VERIFICATION to get returned. I now make sure that failed - SSL connections properly close the connections. - -Daniel Stenberg (4 Aug 2008) -- Test cases 1051, 1052 and 1055 were added by Daniel Fandrich on July 30 and - proved how PUT and POST with a redirect could lead to a "hang" due to the - data stream not being rewound properly when it had to in order to get sent - properly (again) to the subsequent URL. This is now fixed and these test - cases are no longer disabled. - -Yang Tse (4 Aug 2008) -- Autoconf 2.62 has changed the behaviour of the AC_AIX macro which we use. - Prior versions of autoconf defined _ALL_SOURCE if _AIX was defined. 2.62 - version of AC_AIX defines _ALL_SOURCE and other four preprocessor symbols - no matter if the system is AIX or not. To keep the traditional behaviour, - and an uniform one across autoconf versions AC_AIX is replaced with our - own internal macro CURL_CHECK_AIX_ALL_SOURCE. - -Daniel Stenberg (4 Aug 2008) -- Test case 1041 (added by Daniel Fandrich July 14th) proved a bug where PUT - with -C - sent garbage in the Content-Range: header. I fixed this problem by - making sure libcurl always sets the size of the _entire_ upload if an app - attemps to do resumed uploads since libcurl simply cannot know the size of - what is currently at the server end. Test 1041 is no longer disabled. - -Yang Tse (2 Aug 2008) -- No longer test availability of the gdi32 library, nor use it for linking, even - when we have been doing this since revision 1.47 of configure.ac 4 years and - 5 months ago when cross-compiling a Windows target. We actually don't use any - function from the Windows GDI (Graphics Device Interface) related with drawing - or graphics-related operations. - -Daniel Fandrich (1 Aug 2008) -- Added support for --append on SFTP uploads. Unfortunately, OpenSSH doesn't - support this so it goes untested. - -Yang Tse (1 Aug 2008) -- Configure process now checks if the preprocessor _REENTRANT symbol is already - defined. If it isn't currently defined a set of checks are performed to test - if its definition is required to make visible to the compiler a set of *_r - functions. Finally, if _REENTRANT is already defined or needed it takes care - of making adjustments necessary to ensure that it is defined equally for the - configure process tests and generated config file. - -- Removed definition of CURL_CHECK_WORKING_RESOLVER from acinclude.m4 it has - not been in use since revision 1.81 of configure.in 6 years, 9 months ago. - -Daniel Fandrich (31 Jul 2008) -- Fixed parsing of an IPv6 proxy address to support a scope identifier, - as well as IPv4 addresses in IPv6 format. Also, better handle the case - of a malformatted IPv6 address (avoid empty and NULL strings). - -- Fixed a problem with any FTP URL or any URLs containing an IPv6 address - being mangled when passed to proxies when CURLOPT_PORT is also set - (reported by Pramod Sharma). - -- User names embedded in proxy URLs without a password were parsed - incorrectly--the host name is treated as part of the user name and the - port number becomes the password. This can be observed in test 279 - (was KNOWN_ISSUE #54). - -Daniel Stenberg (30 Jul 2008) -- Phil Blundell added the CURLOPT_ADDRESS_SCOPE option, as well as adjusted - the URL parser to allow numerical IPv6-addresses to be specified with the - scope given, as per RFC4007 - with a percent letter that itself needs to be - URL escaped. For example, for an address of fe80::1234%1 the HTTP URL is: - "http://[fe80::1234%251]/" - -- PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a - true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or - less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that - would set it to something non-zero would return before the assign in almost - all error cases. The internal variable is now set to non-zero from the start - of the function only to get cleared later on if things work out fine. - -- Made the curl tool's -w option support the %{ssl_verify_result} variable - -Daniel Fandrich (30 Jul 2008) -- Added test cases 1052 through 1055 to test uploading data from files - during redirects. Test cases 1052 and 1055 show problems (maybe the same - root cause as 1051) and are disabled. - -- Fixed a couple of buffer overflows in the MS-DOS port of the curl tool. - -Daniel Fandrich (29 Jul 2008) -- Fixed --use-ascii to properly convert text files on Symbian OS, MS-DOS - and OS/2. - -- Added test case 1051 to test Location: following with PUT, as reported - by Ben Sutcliffe. The test when run manually shows a problem in curl - so it's disabled. - -Daniel Fandrich (28 Jul 2008) -- Fixed display of the interface bind address in the trace output when it's - an IPv6 address. - -- Added test cases 1045 through 1049 as simple tests of --interface using the - localhost interface. - -- Added test case 1050 to test --ftp-port with an IPv6 address - -Daniel Stenberg (26 Jul 2008) -- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer - overrun" (https://curl.haxx.se/bug/view.cgi?id=2026240) identifying two - problems, and providing the fix for them: - - - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is - designed for but paused _receiving_ of data! - - - libcurl didn't internally set the read counter to zero when this return - code was detected, which would potentially lead to junk getting sent to - the server. - -Daniel Fandrich (26 Jul 2008) -- Added test 1044 to test large file support in ftp with -I. - -- Eliminate a unnecessary socket creation in Curl_getaddrinfo for an IPv4 - address in an IPv6 capable libcurl. - -- Added feature in runtests.pl to select tests based on key word. - -Daniel Fandrich (23 Jul 2008) -- Changed the long logfile elision code in runtests.pl to properly handle - lines ending in \r. - -- Changed references to TRUE and FALSE in the curl_easy_setopt man page to - 1 and zero, respectively, since TRUE and FALSE aren't part of the - libcurl API. - -Daniel Stenberg (23 Jul 2008) -- I went over the curl_easy_setopt man page and replaced most references to - non-zero with the fixed value of 1. We should strive at making options - support '1' for enabling them mentioned explicitly, as that then will allow - us for to extend them in the future without breaking older programs. - - Possibly we should even introduce a fancy define to use instead of '1' all - over... - -Yang Tse (21 Jul 2008) -- Use the sreadfrom() wrapper to replace recvfrom() in our code. - -Yang Tse (20 Jul 2008) -- when recvfrom prototype uses a void pointer for arguments 2, 5 or 6 this will - now cause the definition, as appropriate, of RECVFROM_TYPE_ARG2_IS_VOID, - RECVFROM_TYPE_ARG5_IS_VOID or RECVFROM_TYPE_ARG6_IS_VOID. - -Yang Tse (17 Jul 2008) -- RECVFROM_TYPE_ARG2, RECVFROM_TYPE_ARG5 and RECVFROM_TYPE_ARG6 are now defined - to the data type pointed by its respective argument and not the pointer type. - -Yang Tse (16 Jul 2008) -- Configure process now checks availability of recvfrom() socket function and - finds out its return type and the types of its arguments. Added definitions - for non-configure systems config files, and introduced macro sreadfrom which - will be used on udp sockets as a recvfrom() wrapper. - -Yang Tse (15 Jul 2008) -- Added description/comment to include paths used in several Makefile.am files. - Added automake option nostdinc to test servers makefile and modified libcurl - external headers include path for libtest programs. - -Daniel Fandrich (14 Jul 2008) -- Added test1040 through test1043 to test -C - on HTTP. Test 1041 failed so - it's added to DISABLED. - -Yang Tse (14 Jul 2008) -- HTTP_ONLY definition check in lib/setup.h is now done once that configuration - file has been included. In this way if symbol is defined in the config file - it will no longer be ignored. Removed inclusion of remaining system header - files from configuration files. Moved _REENTRANT definition up/earlier in - lib/setup.h - -Yang Tse (11 Jul 2008) -- Added missing multiple header inclusion prevention definition for header - file content_encoding.h - -Daniel Fandrich (11 Jul 2008) -- Fixed test 553 to pass the torture test. - -Daniel Stenberg (11 Jul 2008) -- Daniel Fandrich found out we didn't pass on the user-agent properly when - doing "proxy-tunnels" with non-HTTP prototols and that was simply because - the code assumed the user-agent was only needed for HTTP. - -Daniel Fandrich (10 Jul 2008) -- Changed slightly the SFTP quote commands chmod, chown and chgrp to only - set the attribute that has changed instead of all possible ones. Hopefully, - this will solve the "Permission denied" problem that Nagarajan Sreenivasan - reported when setting some modes, but regardless, it saves a protocol - round trip in the chmod case. - -- Added test cases 1038 and 1039 to test Adrian Kreher's report that ftp - uploads with -C - didn't resume properly, but the tests pass. - -Yang Tse (10 Jul 2008) -- Peter Lamberg filed bug report #2015126: "poll gives WSAEINVAL when POLLPRI - is set in fdset.events" (https://curl.haxx.se/bug/view.cgi?id=2015126) which - exactly pinpointed the problem only triggered on Windows Vista, provided - reference to docs and also a fix. There is much work behind Peter Lamberg's - excellent bug report. Thank You! - -Daniel Fandrich (9 Jul 2008) -- Added tests 1036 and 1037 to verify resumed ftp downloads with -C - - -Daniel Stenberg (9 Jul 2008) -- Andreas Schuldei improved Phil Blundell's patch for IPv6 using c-ares, and I - edited it slightly. Now you should be able to use IPv6 addresses fine even - with libcurl built to use c-ares. - -Daniel Fandrich (9 Jul 2008) -- Fixed an OOM handling problem that cause test 11 to fail the torture test. - -Daniel Fandrich (8 Jul 2008) -- Fixed test 554 to pass the torture test. - -Daniel Fandrich (7 Jul 2008) -- Added test cases 1034 & 1035 to test IDN name conversion failures. - -Daniel Stenberg (7 Jul 2008) -- Scott Barrett provided a test case for a segfault in the FTP code and the - fix for it. It occured when you did a FTP transfer using - CURLFTPMETHOD_SINGLECWD and then did another one on the same easy handle but - switched to CURLFTPMETHOD_NOCWD. Due to the "dir depth" variable not being - cleared properly. Scott's test case is now known as test 539 and it - verifies the fix. - -Daniel Stenberg (3 Jul 2008) -- Phil Blundell provided a fix for libcurl's treatment of unexpected 1xx - response codes. Previously libcurl would hang on such occurances. I added - test case 1033 to verify. - -- Introcuding a new timestamp for curl_easy_getinfo(): - CURLINFO_APPCONNECT_TIME. This is set with the "application layer" - handshake/connection is completed. Which typically is SSL, TLS or SSH and by - using this you can figure out the application layer's own connect time. You - can extract the time stamp using curl's -w option and the new variable named - 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar. - -Daniel Fandrich (2 Jul 2008) -- Support Open Watcom C on Linux (as well as Windows). - -Yang Tse (2 Jul 2008) -- The previously committed fix for bug report #1999181 prevented using the - monotonic clock on any system without an always supported POSIX compliant - implementation. Now the POSIX compliant configuration check is removed and - will fallback to gettimeofday when the monotonic clock is unavailable at - run-time. - -- The configure process will now halt when sed, grep, egrep or ar programs - can not be found among the directories in PATH variable. - -Daniel Stenberg (1 Jul 2008) -- Rolland Dudemaine provided fixes to get libcurl to build for the INTEGRITY - operating system. - -Daniel Stenberg (30 Jun 2008) -- Made the internal printf() support %llu properly to print unsigned long longs. - -- Stephen Collyer and Tor Arntsen helped identify a flaw in the range code - which output the range using a signed variable where it should rather use - unsigned. - -Yang Tse (29 Jun 2008) -- John Lightsey filed bug report #1999181: "CLOCK_MONOTONIC always fails on - some systems" (https://curl.haxx.se/bug/view.cgi?id=1999181). The problem was - that the configure script did not use the _POSIX_MONOTONIC_CLOCK feature test - macro when checking monotonic clock availability. This is now fixed and the - monotonic clock will not be used unless the feature test macro is defined - with a value greater than zero indicating always supported. - -Daniel Fandrich (25 Jun 2008) -- Honour --stderr with the -v option. - -- Fixed a file handle leak in the command line client if more than one - --stderr option was given. - -Daniel Stenberg (22 Jun 2008) -- Eduard Bloch filed the debian bug report #487567 - (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487567) pointing out that - libcurl used Content-Range: instead of Range when doing a range request with - --head (CURLOPT_NOBODY). This is now fixed and test case 1032 was added to - verify. - -Daniel Fandrich (21 Jun 2008) -- Stopped using ranges in scanf character sequences (e.g. %[a-z]) since that - is not ANSI C, just a common extension. This caused problems on - at least Open Watcom C. - -Yang Tse (20 Jun 2008) -- Modified configuration script to actually verify if the compiler is good - enough at detecting compilation errors or at least it has been properly - configured to do so. Configuration heavily depends on this capability, so - if this compiler sanity check fails the configuration process will now fail. - -Daniel Stenberg (20 Jun 2008) -- Phil Pellouchoud found a case where libcurl built with NSS failed to - handshake with a SSLv2 server, and it turned out to be because it didn't - recognize the cipher named "rc4-md5". In our list that cipher was named - plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported - that it made things work for him again. - -- Hans-Jurgen May pointed out that trying SCP or SFTP over a SOCKS proxy - crashed libcurl. This is now addressed by making sure we use "plain send" - internally when doing the socks handshake instead of the Curl_write() - function which is designed to use the "target" protocol. That's then SCP or - SFTP in this case. I also took the opportunity and cleaned up some ssh- - related #ifdefs in the code for readability. - -Daniel Stenberg (19 Jun 2008) -- Christopher Palow fixed a curl_multi_socket() issue which previously caused - libcurl to not tell the app properly when a socket was closed (when the name - resolve done by c-ares is completed) and then immediately re-created and put - to use again (for the actual connection). Since the closure will make the - "watch status" get lost in several event-based systems libcurl will need to - tell the app about this close/re-create case. - -- Dengminwen found a bug in the connection re-use function when using the - multi interface with pipelining enabled as it would wrongly check for, - detect and close "dead connections" even though that connection was already - in use! - -Daniel Fandrich (18 Jun 2008) -- Added SSH failure test cases 628-632 - -- Fixed a memory leak in the command-line tool that caused a valgrind error. - -Daniel Stenberg (18 Jun 2008) -- Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer - always fire up a new connection rather than using the existing one when the - multi interface is used. Original bug report: - https://bugzilla.redhat.com/show_bug.cgi?id=450140 - -Yang Tse (18 Jun 2008) -- Internal configure script improvement. No longer break out of shell "for" - statements from inside AC_FOO_IFELSE macros, otherwise temporary macro files - are not properly removed. - -Daniel Fandrich (12 Jun 2008) -- Fixed curl-config --ca which wasn't being exported by configure. - -Daniel Stenberg (11 Jun 2008) -- I did a cleanup of the internal generic SSL layer and how the various SSL - libraries are supported. Starting now, each underlying SSL library support - code does a set of defines for the 16 functions the generic layer (sslgen.c) - uses (all these new function defines use the prefix "curlssl_"). This - greatly simplified the generic layer in readability by involving much less - #ifdefs and other preprocessor stuff and should make it easier for people to - make libcurl work with new SSL libraries. - - Hopefully I can later on document these 16 functions somewhat as well. - - I also made most of the internal SSL-dependent functions (using Curl_ssl_ - prefix) #defined to nothing when no SSL support is requested - previously - they would unnecessarily call mostly empty functions. - - I've built libcurl with OpenSSL and GnuTLS and without SSL to test this and - I've also tried building with NSS but the NSS support is a mystery to me and - I failed to build libcurl with the NSS libraries I have installed. We really - should A) improve our configure script to detect unsuitable NSS versions - already at configure time and B) document our requirements better for the - SSL libraries. - -Daniel Stenberg (10 Jun 2008) -- I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE - functionality killed it due to its unconditional use of - X509_STORE_set_flags... - -Daniel Stenberg (8 Jun 2008) -- Due to the three new libcurl changes and the massive command line option - change I decided we'll mark it by bumping the next release number to 7.19.0! - -- curl the tool now deals with its command line options somewhat differently! - All boolean options (such as -O, -I, -v etc), both short and long versions, - now always switch on/enable the option named. Using the same option multiple - times thus make no difference. To switch off one of those options, you need - to use the long version of the option and type --no-OPTION. Like to disable - verbose mode you use --no-verbose! - -- Added --remote-name-all to curl, which if used changes the default for all - given URLs to be dealt with as if -O is used. So if you want to disable that - for a specific URL after --remote-name-all has been used, you muse use -o - - or --no-remote-name. - -Daniel Stenberg (6 Jun 2008) -- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for - OpenSSL, NSS and GnuTLS-built libcurls. - -- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for - OpenSSL, NSS and GnuTLS-built libcurls. - -- Added CURLINFO_PRIMARY_IP as a new information retrievable with - curl_easy_getinfo. It returns a pointer to a string with the most recently - used IP address. Modified test case 500 to also verify this feature. The - implementing of this feature was sponsored by Lenny Rachitsky at NeuStar. - -Version 7.18.2 (4 June 2008) - -Daniel Fandrich (3 Jun 2008) -- Fixed a problem where telnet data would be lost if an EWOULDBLOCK - condition were encountered. - -Marty Kuhrt (1 Jun 2008) -- Updated main.c to return CURLE_OK if PARAM_HELP_REQUESTED was returned - from getparameter instead of CURLE_FAILED_INIT. No point in returning - an error if --help or --version were requested. - -Daniel Stenberg (28 May 2008) -- Emil Romanus found a problem and helped me repeat it. It occured when using - the curl_multi_socket() API with HTTP pipelining enabled and could lead to - the pipeline basically stalling for a very long period of time until it took - off again. - -- Jeff Weber reported memory leaks with aborted SCP and SFTP transfers and - provided excellent repeat recipes. I fixed the cases I managed to reproduce - but Jeff still got some (SCP) problems even after these fixes: - https://curl.haxx.se/mail/lib-2008-05/0342.html - -Daniel Stenberg (26 May 2008) -- Bug report #1973352 (https://curl.haxx.se/bug/view.cgi?id=1973352) identified - how the HTTP redirect following code didn't properly follow to a new URL if - the new url was but a query string such as "Location: ?moo=foo". Test case - 1031 was added to verify this fix. - -- Andreas Faerber and Scott McCreary made (lib)curl build for the Haiku OS. - -Yang Tse (26 May 2008) -- David Rosenstrauch reported that header files spnegohelp.h and - openssl/objects.h were needed to compile SPNEGO support. - -Daniel Fandrich (22 May 2008) -- Made sure to pass longs in to curl_easy_setopt where necessary in the - example programs and libtest code. - -Daniel Stenberg (19 May 2008) -- When trying to repeat a multi interface problem I fell over a few multi - interface problems: - - o with pipelining disabled, the state should never be set to WAITDO but - rather go straight to DO - - o we had multiple states for which the internal function returned no socket - at all to wait for, with the effect that libcurl calls the socket callback - (when curl_multi_socket() is used) with REMOVE prematurely (as it would be - added again within very shortly) - - o when in DO and DOING states, the HTTP and HTTPS protocol handler functions - didn't return that the socket should be waited for writing, but instead it - was treated as if no socket was needing monitoring so again REMOVE was - called prematurely. - -Daniel Stenberg (13 May 2008) -- Added test case 556 that uses curl_easy_send() and curl_easy_recv() - -Daniel Stenberg (9 May 2008) -- Introducing curl_easy_send() and curl_easy_recv(). They can be used to send - and receive data over a connection previously setup with curl_easy_perform() - and its CURLOPT_CONNECT_ONLY option. The sendrecv.c example was added to - show how they can be used. - -Yang Tse (9 May 2008) -- Internal time differences now use monotonic time source if available. - This also implies the removal of the winmm.lib dependency for WIN32. - -Daniel Stenberg (9 May 2008) -- Stefan Krause reported a busy-looping case when using the multi interface - and doing CONNECT to a proxy. The app would then busy-loop until the proxy - completed its response. - -Michal Marek (9 May 2008) -- Make Curl_write and it's callees accept a const pointer, in preparation - of tetetest's patch for curl_easy_send() - -Daniel Stenberg (7 May 2008) -- Liam Healy filed the debian bug report #480044 - (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480044) identifying a - segfault when using krb5 ftp, but the krb4 code had the same problem. - -Yang Tse (7 May 2008) -- Christopher Palow provided the patch (edited by me) that introduces the - use of microsecond resolution keys for internal splay trees. - -Daniel Stenberg (4 May 2008) -- Yuriy Sosov pointed out a configure fix for detecting c-ares when that is - built debug-enabled. - -Daniel Stenberg (3 May 2008) -- Ben Van Hof filed bug report #1945240: "libcurl sometimes sends body twice - when using CURL_AUTH_ANY" (https://curl.haxx.se/bug/view.cgi?id=1945240). - The problem was that when libcurl rewound a stream meant for upload when it - would prepare for a second request, it could accidentally continue the - sending of the rewound data on the first request instead of on the second. - Ben also provided test case 1030 that verifies this fix. - -Daniel Stenberg (3 May 2008) -- Jean-Francois Bertrand reported a libcurl crash with CURLOPT_TCP_NODELAY - since libcurl used getprotobyname() and that isn't thread-safe. We now - switched to use IPPROTO_TCP unconditionally, but perhaps the proper fix is - to detect the thread-safe version of the function and use that. - https://curl.haxx.se/mail/lib-2008-05/0011.html - -Daniel Stenberg (1 May 2008) -- Bart Whiteley provided a patch that made libcurl work properly when an app - uses the CURLOPT_OPENSOCKETFUNCTION callback to create a unix domain socket - to a http server. - -Daniel Stenberg (29 Apr 2008) -- To make it easier for applications that want lots of magic stuff done on - redirections and thus cannot use CURLOPT_FOLLOWLOCATION easily, we now - introduce the new CURLINFO_REDIRECT_URL option that lets applications - extract the URL libcurl would've redirected to if it had been told to. This - then enables the application to continue to that URL as it thinks is - suitable, without having to re-implement the magic of creating the new URL - from the Location: header etc. Test 1029 verifies it. - -Yang Tse (29 Apr 2008) -- Improved easy interface resolving timeout handling in c-ares enabled builds - -Daniel Fandrich (28 Apr 2008) -- Added test 1028 to test an HTTP redirect to a FTP URL. - -Daniel Stenberg (28 Apr 2008) -- Norbert Frese filed bug report #1951588: "Problem with curlftpfs and - libcurl" (https://curl.haxx.se/bug/view.cgi?id=1951588) which seems to be an - identical report to what Denis Golovan reported in - https://curl.haxx.se/mail/lib-2008-02/0108.html The FTP code didn't reset the - user/password pointers properly even though there might've been a new - struct/cconnection getting used. - -Daniel Stenberg (26 Apr 2008) -- Reverted back to use automake 1.9.6 in the next release (from automake - 1.10.1) since it *still* suffers from Solaris-related bugs. Our previous - automake 1.10 problem was reported in bug #1701360 - (https://curl.haxx.se/bug/view.cgi?id=1701360) and this recent problem was - bug #1944825 (https://curl.haxx.se/bug/view.cgi?id=1944825). I have not - personally approached the automake team about either one of these but I - figure we need a Solaris 10 guy to do it! - -Yang Tse (25 Apr 2008) -- Added 'timeout' and 'delay' attributes support for the test harness - subsection. - -Daniel Fandrich (24 Apr 2008) -- Made --stderr able to redirect all stderr messages. - -Yang Tse (23 Apr 2008) -- Improve synchronization between test harness runtests.pl script - and test harness servers to minimize risk of false test failures. - -Daniel Fandrich (22 Apr 2008) -- Added support for running on Symbian OS. - -Daniel Fandrich (18 Apr 2008) -- Added test cases 1026 and 1027 to do some rudimentary tests on the --manual - and --help options. - -Michal Marek (14 Apr 2008) -- allow disabling the typechecker by defining CURL_DISABLE_TYPECHECK, as - discussed in https://curl.haxx.se/mail/lib-2008-04/0291.html - -Daniel Stenberg (14 Apr 2008) -- Stefan Krause reported a case where the OpenSSL handshake phase wasn't - properly acknowledging the timeout values, like if you pulled the network - plug in the midst of it. - -- Andre Guibert de Bruet fixed a second case of not checking the malloc() - return code in the Negotiate code. - -- Sandor Feldi reported bug #1942022 - (https://curl.haxx.se/bug/view.cgi?id=1942022) pointing out a mistake in the - lib/Makefile.vc[68] makefiles' release-ssl-dll target. - -- Brock Noland reported that curl behaved differently depending on which order - you used -i and -I. - -Daniel Stenberg (12 Apr 2008) -- Andre Guibert de Bruet found and fixed a case where malloc() was called but - was not checked for a NULL return, in the Negotiate code. - -Daniel Fandrich (9 Apr 2008) -- Added test cases 1024 & 1025 to test a scenario similar to the one reported - by Ben Combee where libcurl would send the wrong cookie to a redirected - server. libcurl was doing the right thing in these test cases. - -Michal Marek (7 Apr 2008) -- Fix the MIT / Heimdal check for good: - Define HAVE_GSSMIT if are - available, otherwise define HAVE_GSSHEIMDAL if is available. - - Only define GSS_C_NT_HOSTBASED_SERVICE to gss_nt_service_name if - GSS_C_NT_HOSTBASED_SERVICE isn't declared by the gssapi headers. This should - avoid breakage in case we wrongly recognize Heimdal as MIT again. - -Daniel Stenberg (5 Apr 2008) -- Alexey Simak fixed curl_easy_reset() to reset the max redirect limit properly - -- Based on the Debian bug report #474224 that complained about the FTP error - message when libcurl doesn't get a 220 back immediately on connect, I now - changed it to be more specific on what the problem is. Also worth noticing: - while the bug report contains an example where the response is: - - 421 There are too many connected users, please try again later - - we cannot assume that the error message will always be this readable nor - that it fits within a particular boundary etc. - -Daniel Fandrich (3 Apr 2008) -- Added test627 to test SFTP with CURLOPT_NOBODY - -Daniel Stenberg (3 Apr 2008) -- Setting CURLOPT_NOBODY to FALSE will now switch the HTTP request method to - GET simply because previously when you set CURLOPT_NOBODY to TRUE first and - then FALSE you'd end up in a broken state where a HTTP request would do a - HEAD by still act a lot like for a GET and hang waiting for the content etc. - -- Scott Barrett added support for CURLOPT_NOBODY over SFTP - -Daniel Fandrich (3 Apr 2008) -- Made sure that curl_global_init is called in all the multithreaded - example programs. - -Michal Marek (31 Mar 2008) -- Removed the generated ca-bundle.h file. The verbatim value of $ca and - $capath is known to configure, so it can be defined in config.h instead. - -Daniel Stenberg (31 Mar 2008) -- Added CURLFORM_STREAM as a supported option to curl_formadd() to allow an - application to provide data for a multipart with the read callback. Note - that the size needs to be provided with CURLFORM_CONTENTSLENGTH when the - stream option is used. This feature is verified by the new test case - 554. This feature was sponsored by Xponaut. - -Daniel Fandrich (30 Mar 2008) -- Changed the makefile so the doc/examples/ programs are never built in a - normal build/install (only with the 'make check' target), so that a - build failure in the examples isn't fatal. - -Version 7.18.1 (30 March 2008) - -Daniel Stenberg (28 Mar 2008) -- Stephen Collyer pointed out that configure --with-libssh2 without a given - path didn't work properly. - -Daniel Stenberg (27 Mar 2008) -- As found out and reported by Dan Petitt, libcurl didn't show progress/call - the progress callback for the first (potentially huge) piece of body data - sent together with the POST request headers in the initial send(). - -Daniel Stenberg (25 Mar 2008) -- Made setting the CURLOPT_SSL_CTX_FUNCTION option return a failure in case - libcurl wasn't built to use OpenSSL as that is a prerequisite for this - option to function! - -Daniel Stenberg (22 Mar 2008) -- Fixed the problem with doing a zero byte SCP transfer, verified with test - case 617 (which was added by Daniel Fandrich 5 Mar 2008). - -Daniel Fandrich (20 Mar 2008) -- Fixed a problem where curl-config --protocols could erroneously show LDAPS - support when curl didn't even have regular LDAP support. It looks like - this could happen when the --enable-ldaps configure switch is given but - configure couldn't find the LDAP headers or libraries. - -Michal Marek (20 Mar 2008) -- Added --with-ca-path=DIRECTORY configure option to use an openSSL CApath by - default instead of a ca bundle. The configure script will also look for a - ca path if no ca bundle is found and no option given. - -- Fixed detection of previously installed curl-ca-bundle.crt - -Daniel Fandrich (18 Mar 2008) -- Added test 626 to reproduce an infinite loop when given an invalid - SFTP quote command reported by Vincent Le Normand, and fixed it. - -Michal Marek (18 Mar 2008) -- Added curl_easy_getinfo typechecker. - -- Added macros for curl_share_setopt and curl_multi_setopt to check at least - the correct number of arguments. - -Daniel Fandrich (13 Mar 2008) -- Added tests 622-625 to test SFTP/SCP uploads. Test 625 was an attempt to - reproduce the --ftp-create-dirs problem reported by Brian Ulm, but that - seems to need a call curl_easy_reset() which this test case doesn't do. - -Daniel Stenberg (13 Mar 2008) -- Brian Ulm figured out that if you did an SFTP upload with - CURLOPT_FTP_CREATE_MISSING_DIRS to create a directory, and then re-used the - handle and uploaded another file to another directory that needed to be - created, the second upload would fail. Another case of a state variable that - wasn't properly reset between requests. - -- I rewrote the 100-continue code to use a single state variable instead of - the previous two ones. I think it made the logic somewhat clearer. - -Daniel Stenberg (11 Mar 2008) -- Dmitry Popov filed bug report #1911069 - (https://curl.haxx.se/bug/view.cgi?id=1911069) that identified a race - condition in the name resolver code when the DNS cache is shared between - multiple easy handles, each running in simultaneous threads that could cause - crashes. - -- Added a macro for curl_easy_setopt() that accepts three arguments and simply - does nothing with them, just to make sure libcurl users always use three - arguments to this function. Due to its use of ... for the third argument, it - is otherwise hard to detect abuse. - -Michal Marek (11 Mar 2008) -- Added a type checking macro for curl_easy_setopt(), needs gcc-4.3 and only - works in C mode atm (https://curl.haxx.se/mail/lib-2008-02/0267.html , - https://curl.haxx.se/mail/lib-2008-02/0292.html ) - -Daniel Fandrich (10 Mar 2008) -- Added tests 618-621 to test SFTP/SCP transfers of more than one file - (test 620 tests the just-fixed problem reported by Brian Ulm). - -Daniel Stenberg (9 Mar 2008) -- Brian Ulm reported a crash when doing a second SFTP transfer on a re-used - easy handle if curl_easy_reset() was used between them. I fixed it and Brian - verified that it cured his problem. - -- Brian Ulm reported that if you first tried to download a non-existing SFTP - file and then fetched an existing one and re-used the handle, libcurl would - still report the second one as non-existing as well! I fixed it and Brian - verified that it cured his problem. - -Michal Marek (6 Mar 2008) -- Fix the gssapi configure check to detect newer MIT Kerberos (patch by - Michael Calmer) - -Yang Tse (6 Mar 2008) -- Fix regression on Curl_socket_ready() and Curl_poll() so that these will - again fail on select/poll errors different than EINTR. - -Daniel Fandrich (5 Mar 2008) -- Fixed the test harness so it will write out zero-length data files. - -- Added tests 616 and 617 to see how SFTP and SCP cope with zero-length - files, as questioned by Mike Protts. SFTP does for me but SCP doesn't - so test 617 is disabled for now. - -Daniel S (4 Mar 2008) -- Mike Protts brought a patch that makes resumed transfers work with SFTP. - -Daniel S (1 Mar 2008) -- Anatoli Tubman found and fixed a crash with Negotiate authentication used on - a re-used connection where both requests used Negotiate. - -Guenter Knauf (26 Feb 2008) -- Kaspar Brand provided a patch to support server name indication (RFC 4366). - -Daniel S (25 Feb 2008) -- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that - forces it to prefer SSLv3. - -Daniel S (23 Feb 2008) -- Sam Listopad provided a patch in feature-request #1900014 - https://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to - use OpenSSL) support a full chain of certificates in a given PKCS12 - certificate. - -Daniel S (22 Feb 2008) -- Georg Lippitsch made the src/Makefile.vc6 makefile use the same memory model - options as the lib/Makefile.vc6 already did. - -Daniel S (21 Feb 2008) -- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which - happened if you set the connection cache size to 1 and for example failed to - login to an FTP site. Bug report #1896698 - (https://curl.haxx.se/bug/view.cgi?id=1896698) - -Daniel S (20 Feb 2008) -- Fixed test case 405 to not fail when libcurl is built with GnuTLS - -- Based on initial work done by Gautam Kachroo to address a bug, we now keep - better control at the exact state of the connection's SSL status so that we - know exactly when it has completed the SSL negotiation or not so that there - won't be accidental re-uses of connections that are wrongly believed to be - in SSL-completed-negotiate state. - -- We no longer support setting the CURLOPT_URL option from inside a callback - such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location: - following. The patch that introduced this feature was done for 7.11.0, but - this code and functionality has been broken since about 7.15.4 (March 2006) - with the introduction of non-blocking OpenSSL "connects". - - It was a hack to begin with and since it doesn't work and hasn't worked - correctly for a long time and nobody has even noticed, I consider it a very - suitable subject for plain removal. And so it was done. - -Guenter Knauf (19 Feb 2008) -- We do no longer support SSLv2 by default since it has known flaws. - Kaspar Brand provided a patch for all supported SSL toolkits. - -Daniel Fandrich (19 Feb 2008) -- Added test309 to test HTTP redirect to HTTPS URL - -Daniel S (18 Feb 2008) -- We're no longer providing a very old ca-bundle in the curl tarball. You can - get a fresh one downloaded and created with 'make ca-bundle' or you can get - one from here => https://curl.haxx.se/docs/caextract.html if you want a fresh - new one extracted from Mozilla's recent list of ca certs. - - The configure option --with-ca-bundle now lets you specify what file to use - as default ca bundle for your build. If not specified, the configure script - will check a few known standard places for a global ca cert to use. - -Daniel S (17 Feb 2008) -- Jerome Muffat-Meridol helped me fix Curl_done() to close the current - connection by force when it was called before the entire request is - completed, simply because we can't know if the connection really can be - re-used safely at that point. - -- Based on the same debugging logic, I've also made Curl_http_done() not - return CURLE_GOT_NOTHING if called "prematurely". This should have no real - effect to anything but the code makes more sense like this. - -Daniel S (15 Feb 2008) -- Made the gnutls code path not even try to get the server cert if no peer - verification is requested. Previously it would even return failure if gnutls - failed to get the server cert even though no verification was asked for. - Public server showing the problem: https://www.net222.caisse-epargne.fr - -- Fix my Curl_timeleft() leftover mistake in the gnutls code - -- Pooyan McSporran found and fixed a flaw where you first would do a normal - http request and then you'd reuse the handle and replace the Accept: header, - as then libcurl would send two Accept: headers! - -Daniel S (11 Feb 2008) -- Yang Tse pointed out a few remaining quirks from my timeout refactoring from - Feb 7 that didn't abort properly on timeouts. These are actually old - problems but now they should be fixed. - -Yang Tse (10 Feb 2008) -- Bug report #1888932 (https://curl.haxx.se/bug/view.cgi?id=1888932) points out - and provides test program that demonstrates that libcurl might not set error - description message for error CURLE_COULDNT_RESOLVE_HOST for Windows threaded - name resolver builds. Fixed now. - -Daniel Fandrich (8 Feb 2008) -- Added key words to all SSL-using tests so they can be skipped if necessary. - Removed a few unnecessary requires SSL statements. - -Daniel S (8 Feb 2008) -- Mike Hommey filed and fixed bug report #1889856 - (https://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl - layer, cleaning-up and reinitializing curl ends up with https requests - failing with "ASN1 parser: Element was not found" errors. Obviously a - regression added in 7.16.3. - -Yang Tse (8 Feb 2008) -- Improved test harness SCP/SFTP start up server verification, doing a real - connection to the sftp server, authenticating and running a simple sftp - pwd command using the test harness generated configuration and key files. - -Daniel S (8 Feb 2008) -- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and - creates a suitable ca-bundle.crt file in PEM format for use with curl. The - recommended way to run it is to use 'make ca-bundle' in the build tree root. - -Daniel Fandrich (7 Feb 2008) -- Added tests 1022 and 1023 to validate output of curl-config --version and - --vernum - -Daniel S (7 Feb 2008) -- Refactored a lot of timeout code into a few functions in an attempt to make - them all use the same (hopefully correct) logic to make it less error-prone - and easier to introduce library-wide where it should be used. - -Yang Tse (6 Feb 2008) -- Fix an issue in strdup replacement function when dealing with absolutely - huge strings. Only systems without a standard strdup would be affected. - -Daniel S (3 Feb 2008) -- Dmitry Kurochkin cleaned up the pipelining code and removed the need for and - use of the "is_in_pipeline" struct field. - -- I wrote up and added the threaded-ssl.c example source code that shows how - to do multi-threaded downloads of HTTPS files with a libcurl that is built - with OpenSSL. It uses pthreads for the threading. - -Daniel S (31 Jan 2008) -- Niklas Angebrand made the cookie support in libcurl properly deal with the - "HttpOnly" feature introduced by Microsoft and apparently also supported by - Firefox: https://msdn.microsoft.com/en-us/library/ms533046.aspx . HttpOnly - is now supported when received from servers in HTTP headers, when written to - cookie jars and when read from existing cookie jars. - - I modified test case 31 and 46 to also do some basic HttpOnly testing. - -- Dmitry Kurochkin moved several struct fields from the connectdata struct to - the SingleRequest one to make pipelining better. It is a bit tricky to keep - them in the right place, to keep things related to the actual request or to - the actual connection in the right place. - -Daniel S (29 Jan 2008) -- Dmitry Kurochkin fixed Curl_done() for pipelining, as it could previously - crash! - -- Michal Marek fixed minor mistake in test case 553 that prevented it from - working on other IP-addresses or port numbers. - -Version 7.18.0 (28 January 2008) - -Daniel S (27 Jan 2008) -- Dmitry Kurochkin: In "real world" testing I found more bugs in - pipelining. Broken connection is not restored and we get into infinite - loop. It happens because of wrong is_in_pipeline values. - -Daniel S (26 Jan 2008) -- Kevin Reed filed bug report #1879375 - (https://curl.haxx.se/bug/view.cgi?id=1879375) which describes how libcurl - got lost in this scenario: proxy tunnel (or HTTPS over proxy), ask to do any - proxy authentication and the proxy replies with an auth (like NTLM) and then - closes the connection after that initial informational response. - - libcurl would not properly re-initialize the connection to the proxy and - continue the auth negotiation like supposed. It does now however, as it will - now detect if one or more authentication methods were available and asked - for, and will thus retry the connection and continue from there. - -- I made the progress callback get called properly during proxy CONNECT. - -Daniel S (23 Jan 2008) -- Igor Franchuk pointed out that CURLOPT_COOKIELIST set to "ALL" leaked - memory, and so did "SESS". Fixed now. - -Yang Tse (22 Jan 2008) -- Check poll.h at configuration time, and use it when sys/poll.h unavailable - -Daniel S (22 Jan 2008) -- Dmitry Kurochkin removed the cancelled state for pipelining, as we agreed - that it is bad anyway. Starting now, removing a handle that is in used in a - pipeline will break the pipeline - it'll be set back up again but still... - -Yang Tse (21 Jan 2008) -- Disable ldap support for cygwin builds, since it breaks whole build process. - Fixing it will affect other platforms, so it is postponed for another release. - -Daniel S (18 Jan 2008) -- Lau Hang Kin found and fixed a problem with the multi interface when doing - CONNECT over a proxy. curl_multi_fdset() didn't report back the socket - properly during that state, due to a missing case in the switch in the - multi_getsock() function. - -Yang Tse (17 Jan 2008) -- Don't abort tests 518 and 537 when unable to raise the open-file soft limit. - -Daniel S (16 Jan 2008) -- Nathan Coulter's patch that makes runtests.pl respect the PATH when figuring - out what valgrind to run. - -Yang Tse (16 Jan 2008) -- Improved handling of out of memory in the command line tool that afected - data url encoded HTTP POSTs when reading it from a file. - -Daniel S (16 Jan 2008) -- Dmitry Kurochkin worked a lot on improving the HTTP Pipelining support that - previously had a number of flaws, perhaps most notably when an application - fired up N transfers at once as then they wouldn't pipeline at all that - nicely as anyone would think... Test case 530 was also updated to take the - improved functionality into account. - -- Calls to Curl_failf() are not supposed to provide a trailing newline as the - function itself adds that. Fixed on 50 or something strings! - -Daniel S (15 Jan 2008) -- I made the torture test on test 530 go through. This was actually due to - silly code left from when we switched to let the multi handle "hold" the dns - cache when using the multi interface... Of course this only triggered when a - certain function call returned error at the correct moment. - -Daniel S (14 Jan 2008) -- Joe Malicki filed bug report #1871269 - (https://curl.haxx.se/bug/view.cgi?id=1871269) and we could fix his hang- - problem that occurred when doing a large HTTP POST request with the - response-body read from a callback. - -Daniel S (12 Jan 2008) -- I re-arranged the curl --help output. All the options are now sorted on - their long option names and all descriptions are one-liners. - -- Eric Landes provided the patch (edited by me) that introduces the - --keepalive-time to curl to set the keepalive probe interval. I also took - the opportunity to rename the recently added no-keep-alive option to - no-keepalive to keep a consistent naming and to avoid getting two dashes in - these option names. Eric also provided an update to the man page for the new - option. - -Daniel S (11 Jan 2008) -- Daniel Egger made CURLOPT_RANGE work on file:// URLs the very same way it - already worked for FTP:// URLs. - -- I made the curl tool switch from using CURLOPT_IOCTLFUNCTION to now use the - spanking new CURLOPT_SEEKFUNCTION simply to take advantage of the improved - performance for the upload resume cases where you want to upload the last - few bytes of a very large file. To implement this decently, I had to switch - the client code for uploading from fopen()/fread() to plain open()/read() so - that we can use lseek() to do >32bit seeks (as fseek() doesn't allow that) - on systems that offer support for that. - -Daniel S (10 Jan 2008) -- Michal Marek made curl-config --libs not include /usr/lib64 in the output - (it already before skipped /usr/lib). /usr/lib64 is the default library - directory on many 64bit systems and it's unlikely that anyone would use the - path privately on systems where it's not. - -- Georg Lippitsch brought CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA to allow - libcurl to seek in a given input stream. This is particularly important when - doing upload resumes when there's already a huge part of the file present - remotely. Before, and still if this callback isn't used, libcurl will read - and through away the entire file up to the point to where the resuming - begins (which of course can be a slow opereration depending on file size, - I/O bandwidth and more). This new function will also be preferred to get - used instead of the CURLOPT_IOCTLFUNCTION for seeking back in a stream when - doing multi-stage HTTP auth with POST/PUT. - -- Nikitinskit Dmitriy filed bug report #1868255 - (https://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies - and fixes a problem with parsing WWW-Authenticate: headers with additional - spaces in the line that the parser wasn't written to deal with. - -Daniel S (8 Jan 2008) -- Introducing curl_easy_pause() and new magic return codes for both the read - and the write callbacks that now can make a connection's reading and/or - writing get paused. - -Daniel S (6 Jan 2008) -- Jeff Johnson filed bug report #1863171 - (https://curl.haxx.se/bug/view.cgi?id=1863171) where he pointed out that - libcurl's date parser didn't accept a +1300 time zone which actually is used - fairly often (like New Zealand's Dailight Savings Time), so I modified the - parser to now accept up to and including -1400 to +1400. - -Daniel S (5 Jan 2008) -- Based on further discussion on curl-library, I reverted yesterday's SOCKS5 - code to instead introduce support for a new proxy type called - CURLPROXY_SOCKS5_HOSTNAME that is used to send the host name to the proxy - instead of IP address and there's thus no longer any need for a new - curl_easy_setopt() option. - - The default SOCKS5 proxy is again back to sending the IP address to the - proxy. The new curl command line option for enabling sending host name to a - SOCKS5 proxy is now --socks5-hostname. - -Daniel S (4 Jan 2008) -- Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the - proxy do the host name resolving and only if --socks5ip (or - CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and - pass on the IP address only to the proxy. - -Yang Tse (3 Jan 2008) -- Modified test harness to allow SCP, SFTP and SOCKS4 tests to run with - OpenSSH 2.9.9, SunSSH 1.0 or later versions. SOCKS5 tests need OpenSSH - 3.7, SunSSH 1.0 or later. - -Daniel S (2 Jan 2008) -- I fixed two cases of missing return code checks when handling chunked - decoding where a write error (or abort return from a callback) didn't stop - libcurl's processing. - -- I removed the socklen_t use from the public curl/curl.h header and instead - made it an unsigned int. The type was only used in the curl_sockaddr struct - definition (only used by the curl_opensocket_callback). On all platforms I - could find information about, socklen_t is 32 unsigned bits large so I don't - think this will break the API or ABI. The main reason for this change is of - course for all the platforms that don't have a socklen_t definition in their - headers to build fine again. Providing our own configure magic and custom - definition of socklen_t on those systems proved to work but was a lot of - cruft, code and extra magic needed - when this very small change of type - seems harmless and still solves the missing socklen_t problem. - -- Richard Atterer brought a patch that added support for SOCKS4a proxies, - which is an inofficial PROXY4 variant that sends the hostname to the proxy - instead of the resolved address (which is already supported by SOCKS5). - --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can - now be set to CURLPROXY_SOCKS4A as well. - -Daniel S (1 Jan 2008) -- Mohun Biswas pointed out that --libcurl generated a source code with an int - function but without a return statement. While fixing that, I also took care - about adding some better comments for the generated code. - -Daniel S (27 Dec 2007) -- Dmitry Kurochkin mentioned a flaw - (https://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which - failed to set the bits.proxy variable properly when an environment variable - told libcurl to use a http proxy. - -Daniel S (26 Dec 2007) -- In an attempt to repeat the problem in bug report #1850730 - (https://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The - test is doing a 70K POST with a read callback and an ioctl callback over a - proxy requiring Digest auth. The test case code is more or less identical to - the test recipe code provided by Spacen Jasset (who submitted the bug - report). - -Daniel S (25 Dec 2007) -- Gary Maxwell filed bug report #1856628 - (https://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the - (small) memory leak in the SSL session ID caching code. It happened when a - previous entry in the cache was re-used. - -Daniel Fandrich (19 Dec 2007) -- Ensure that nroff doesn't put anything but ASCII characters into the - --manual text. - -Yang Tse (18 Dec 2007) -- MSVC 9.0 (VS2008) does not support Windows build targets prior to WinXP, - and makes wrong asumptions of build target when it isn't specified. So, - if no build target has been defined we will target WinXP when building - curl/libcurl with MSVC 9.0 (VS2008). - -- (https://curl.haxx.se/mail/archive-2007-12/0039.html) reported and fixed - a file truncation problem on Windows build targets triggered when retrying - a download with curl. - -Daniel S (17 Dec 2007) -- Mateusz Loskot pointed out that MSVC 9.0 (VS2008) has the pollfd struct and - defines in winsock2.h somehow differently than previous versions and that - curl 7.17.1 would fail to compile out of the box. - -Daniel S (13 Dec 2007) -- David Wright filed bug report #1849764 - (https://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He - identified a problem for re-used connections that previously had sent - Expect: 100-continue and in some situations the subsequent POST (that didn't - use Expect:) still had the internal flag set for its use. David's fix (that - makes the setting of the flag in every single request unconditionally) is - fine and is now used! - -Daniel S (12 Dec 2007) -- Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and - added the --no-keep-alive option that can disable that on demand. - -Daniel S (9 Dec 2007) -- Andrew Moise filed bug report #1847501 - (https://curl.haxx.se/bug/view.cgi?id=1847501) and pointed out a memcpy() - that should be memmove() in the convert_lineends() function. - -Daniel S (8 Dec 2007) -- Renamed all internal static functions that had Curl_ prefixes to no longer - have them. The Curl_ prefix is exclusively used for library internal global - symbols. Static functions can be named anything, except for using Curl_ or - curl_ prefixes. This is for consistency and for easier maintainance and - overview. - -- Cleaned up and reformatted the TODO document to look like the FAQ and - CONTRIBUTE, which makes nicer web pages - -- Added test cases 549 and 550 that test CURLOPT_PROXY_TRANSFER_MODE. - -- Added keywords on a bunch of test cases - -- Fixed an OOM problem in the curl code that would lead to fclose on a bad - handle and crash - -Daniel S (5 Dec 2007) -- Spacen Jasset reported a problem with doing POST (with data read with a - callback) over a proxy when NTLM is used as auth with the proxy. The bug - also concerned Digest and was limited to using callback only. Spacen worked - with us to provide a useful patch. I added the test case 547 and 548 to - verify two variations of POST over proxy with NTLM. - -Daniel S (3 Dec 2007) -- Ray Pekowski filed bug report #1842029 - (https://curl.haxx.se/bug/view.cgi?id=1842029) in which he identified a - problem with SSL session caching that prevent it from working, and provided - the associated fix! - -- Now libcurl (built with OpenSSL) doesn't return error anymore if the remote - SSL-based server doesn't present a certificate when the request is told to - ignore certificate verification anyway. - -- Michal Marek introduced CURLOPT_PROXY_TRANSFER_MODE which is used to control - the appending of the "type=" thing on FTP URLs when they are passed to a - HTTP proxy. Some proxies just don't like that appending (which is done - unconditionally in 7.17.1), and some proxies treat binary/ascii transfers - better with the appending done! - -Daniel S (29 Nov 2007) -- A bug report on the curl-library list showed a HTTP Digest session going on - with a 700+ letter nonce. Previously libcurl only support 127 letter ones - and now I bumped it to 1023. - -- Fixed the resumed FTP upload loop to not require that the read callback - returns a full buffer on each invoke. - -Daniel S (25 Nov 2007) -- Added test case 1015 that tests --data-urlencode in multiple ways - -- Fixed --data-urlencode for when no @ or = are used - -- Extended the user-agent buffer curl uses, since we can hit the 128 byte - border with plenty development libraries used. Like my current set: "curl - 7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g - zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-CVS" - -Daniel S (24 Nov 2007) -- Internal rearrangements, so that the previous struct HandleData is no more. - It is now known as SingleRequest and the Curl_transfer_keeper struct within - that was remove entirely. This has the upside that there are less duplicate - struct members that made it hard to see and remember what struct that was - used to store what data. The transfer_keeper thing was once stored on a - per-connection basis and then it made sense to have the duplicate info but - since it was moved to the SessionHandle (in 7.16.0) it just added weirdness. - The SingleRequest struct is used by data that only is valid for this single - request. - -Yang Tse (22 Nov 2007) -- Provide a socklen_t definition in curl.h for Win32 API build targets - which don't have one. - -Daniel S (22 Nov 2007) -- Alessandro Vesely helped me improve the --data-urlencode's syntax, parser - and documentation. - -Daniel S (21 Nov 2007) -- While inspecting the Negotiate code, I noticed how the proxy auth was using - the same state struct as the host auth, so both could never be used at the - same time! I fixed it (without being able to check) to use two separate - structs to allow authentication using Negotiate on host and proxy - simultaneously. - -Daniel S (20 Nov 2007) -- Emil Romanus pointed out a bug that made an easy handle get the cookie - engine activated when set to use a share (even if the share doesn't share - cookies). I fixed it. - -- Fixed a very long-lasting mprintf() bug that occurred when we did "%.*s%s", - since the second %s would then wrongly used the numerical precision argument - instead and crash. - -- Introduced --data-urlencode to the curl tool for easier url encoding of the - data sent in a post. - -Daniel S (18 Nov 2007) -- Rob Crittenden fixed SSL connections with NSS done with the multi-interface - -Daniel S (17 Nov 2007) -- Michal Marek made the test suite remember what test servers that fail to - start so that subsequent tries are simply skipped. - -- Andres Garcia made the examples build fine on Windows (mingw + msys) when - the lib was built staticly. - -Daniel S (16 Nov 2007) -- Ates Goral identified a problem in http.c:add_buffer_send() when a debug - callback was used, as it could wrongly pass on a bad size for the outgoing - HTTP header. The bad size would be a very large value as it was a wrapped - size_t content. This happened when the whole HTTP request failed to get sent - in one single send. https://curl.haxx.se/mail/lib-2007-11/0165.html - -Daniel S (15 Nov 2007) -- Fixed yet another remaining problem with doing SFTP directory listings on a - re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing - list. - -- Michal Marek fixed the test suite to better deal with the case when the HTTP - IPv6 server can't run. - -Yang Tse (14 Nov 2007) -- Fix a variable potential wrapping in add_buffer() when using absolutely - huge send buffer sizes. - -Daniel S (13 Nov 2007) -- Fixed a remaining problem with doing SFTP directory listings on a re-used - persistent connection. Mentioned by Immanuel Gregoire on the mailing list. - -Daniel S (12 Nov 2007) -- Bug report #1830637 (https://curl.haxx.se/bug/view.cgi?id=1830637), which was - forwarded from the Gentoo bug tracker by Daniel Black and was originally - submitted by Robin Johnson, pointed out that libcurl would do bad memory - references when it failed and bailed out before the handler thing was - setup. My fix is not done like the provided patch does it, but instead I - make sure that there's never any chance for a NULL pointer in that struct - member. - -Yang Tse (10 Nov 2007) -- Vikram Saxena (https://curl.haxx.se/mail/lib-2007-11/0096.html) pointed out - that the pollfd struct was being multi defined when using VS2008. This is - now fixed in /curl/lib/select.h - -Daniel S (8 Nov 2007) -- Bug report #1823487 (https://curl.haxx.se/bug/view.cgi?id=1823487) pointed - out that SFTP requests didn't use persistent connections. Neither did SCP - ones. I gave the SSH code a good beating and now both SCP and SFTP should - use persistent connections fine. I also did a bunch of indent changes as - well as a bug fix for the "keyboard interactive" auth. - -Dan F (6 Nov 2007) -- Improved telnet support by drastically reducing the number of write - callbacks needed to pass a buffer to the user. Instead one per byte it - is now as little as one per segment. - -Yang Tse (6 Nov 2007) -- Bug report #1824894 (https://curl.haxx.se/bug/view.cgi?id=1824894) pointed - out a problem in curl.h when building C++ apps with MSVC. To fix it, the - inclusion of header files in curl.h is moved outside of the C++ extern "C" - linkage block. - -Daniel S (1 Nov 2007) -- Toby Peterson patched a memory problem in the command line tool that - happened when a user had a home dir as an empty string. curl would then do - free() on a wrong area. - -Dan F (1 Nov 2007) -- Fixed curl-config --features to not display libz when it wasn't used - due to a missing header file. - -Dan F (31 October 2007) -- Fixed the output of curl-config --protocols which showed SCP and SFTP - always, except when --without-libssh2 was given - -- Added test cases 1013 and 1014 to check that curl-config --protocols and - curl-config --features matches the output of curl --version - -Dan F (30 October 2007) -- Fixed an OOM problem with file: URLs - -- Moved Curl_file_connect into the protocol handler struct - -Dan F (29 October 2007) -- Added test case 546 to check that subsequent FTP transfers work after a - failed one using the multi interface - -Daniel S (29 October 2007) -- Based on one of those bug reports that are intercepted by a distro's bug - tracker (https://bugzilla.redhat.com/show_bug.cgi?id=316191), I now made - curl-config --features and --protocols show the correct output when built - with NSS. - -Version 7.17.1 (29 October 2007) - -Dan F (25 October 2007) -- Added the --static-libs option to curl-config - -Daniel S (25 October 2007) -- Made libcurl built with NSS possible to ignore the peer verification. - Previously it would fail if the ca bundle wasn't present, even if the code - ignored the verification results. - -Patrick M (25 October 2007) -- Fixed test server to allow null bytes in binary posts. -_ Added tests 35, 544 & 545 to check binary data posts, both static (in place) - and dynamic (copied). - -Daniel S (25 October 2007) -- Michal Marek fixed the test script to be able to use valgrind even when the - lib is built shared with libtool. - -- Fixed a few memory leaks when the same easy handle is re-used to request - URLs with different protocols. FTP and TFTP related leaks. Caught thanks to - Dan F's new test cases. - -Dan F (24 October 2007) -- Fixed the test FTP and TFTP servers to support the >10000 test number - notation - -- Added test cases 2000 through 2003 which test multiple protocols using the - same easy handle - -- Fixed the filecheck: make target to work outside the source tree - -Daniel S (24 October 2007) -- Vladimir Lazarenko pointed out that we should do some 'mt' magic when - building with VC8 to get the "manifest" embedded to make fine stand-alone - binaries. The maketgz and the src/Makefile.vc6 files were adjusted - accordingly. - -Daniel S (23 October 2007) -- Bug report #1812190 (https://curl.haxx.se/bug/view.cgi?id=1812190) points out - that libcurl tried to re-use connections a bit too much when using non-SSL - protocols tunneled over a HTTP proxy. - -Daniel S (22 October 2007) -- Michal Marek forwarded the bug report - https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to - FTP that caused memory havoc. His work together with my efforts created two - fixes: - - #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with - at connection cleanup, at which time the struct HandleData could be - used by another connection. - Also, the unused char *urlpath member is removed from struct FTP. - - #2 - provide a Curl_reset_reqproto() function that frees - data->reqdata.proto.* on connection setup if needed (that is if the - SessionHandle was used by a different connection). - - A long-term goal is of course to somehow get rid of how the reqdata struct - is used, as it is too error-prone. - -- Bug report #1815530 (https://curl.haxx.se/bug/view.cgi?id=1815530) points out - that specifying a proxy with a trailing slash didn't work (unless it also - contained a port number). - -Patrick M (15 October 2007) -- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again - and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode. - -Patrick M (12 October 2007) -- Added per-protocol callback static tables, replacing callback ptr storage - in the connectdata structure by a single handler table ptr. - -Dan F (11 October 2007) -- Fixed the -l option of runtests.pl - -- Added support for skipping tests based on key words. - -Daniel S (9 October 2007) -- Michal Marek removed the no longer existing return codes from the curl.1 - man page. - -Daniel S (7 October 2007) -- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with - a response that was larger than 16KB is now improved slightly so that now - the restriction at 16KB is for the headers only and it should be a rare - situation where the response-headers exceed 16KB. Thus, I consider #47 fixed - and the header limitation is now known as known bug #48. - -Daniel S (5 October 2007) -- Michael Wallner made the CULROPT_COOKIELIST option support a new magic - string: "FLUSH". Using that will cause libcurl to flush its cookies to the - CURLOPT_COOKIEJAR file. - -- The new file docs/libcurl/ABI describes how we view ABI breakages, soname - bumps and what the version number's significance to all that is. - -Daniel S (4 October 2007) -- I enabled test 1009 and made the --local-port use a wide range to reduce the - risk of failures. - -- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers. - This happened because the tftp code always uncondionally did a bind() - without caring if one already had been done and then it failed. I wrote a - test case (1009) to verify this, but it is a bit error-prone since it will - have to pick a fixed local port number and since the tests are run on so - many different hosts in different situations I'll add it in disabled state. - -Yang Tse (3 October 2007) -- Fixed issue related with the use of ares_timeout() result. - -Daniel S (3 October 2007) -- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and - CURLOPT_OPENSOCKETDATA to set a callback that allows an application to - replace the socket() call used by libcurl. It basically allows the app to - change address, protocol or whatever of the socket. - -- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to - CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made - this return code get used by the previous SSH MD5 fingerprint check in case - it fails. - -- Based on a patch brought by Johnny Luong, libcurl now offers - CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both - make the SCP or SFTP connection verify the remote host's md5 checksum of the - public key before doing a connect, to reduce the risk of a man-in-the-middle - attack. - -Daniel S (2 October 2007) -- libcurl now handles chunked-encoded CONNECT responses - -Daniel S (1 October 2007) -- Alex Fishman reported a curl_easy_escape() problem that was made the - function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a - signed / unsigned mistake in the code. I fixed it and added test case 543 to - verify. - -Daniel S (29 September 2007) -- Immanuel Gregoire fixed a problem with persistent transfers over SFTP. - -Daniel S (28 September 2007) -- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the - notifier callback(s). - -Dan F (26 September 2007) -- Enabled a few more gcc warnings with --enable-debug. Renamed a few - variables to avoid shadowing global declarations. - -Daniel S (26 September 2007) -- Philip Langdale provided the new CURLOPT_POST301 option for - curl_easy_setopt() that alters how libcurl functions when following - redirects. It makes libcurl obey the RFC2616 when a 301 response is received - after a non-GET request is made. Default libcurl behaviour is to change - method to GET in the subsequent request (like it does for response code 302 - - because that's what many/most browsers do), but with this CURLOPT_POST301 - option enabled it will do what the spec says and do the next request using - the same method again. I.e keep POST after 301. - - The curl tool got this option as --post301 - - Test case 1011 and 1012 were added to verify. - -- Max Katsev reported that when doing a libcurl FTP request with - CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE - before it does SIZE which makes it less useful. I walked over the code and - made it do this properly, and added test case 542 to verify it. - -Daniel S (24 September 2007) -- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle - URLs ending with a slash properly (it should list the contents of that - directory). Test case 351 brought back and also test 1010 was added. - -Daniel S (21 September 2007) -- Mark Davies fixed Negotiate authentication over proxy, and also introduced - the --proxy-negotiate command line option to allow a user to explicitly - select it. - -Daniel S (19 September 2007) -- Rob Crittenden provided an NSS update with the following highlights: - - o It looks for the NSS database first in the environment variable SSL_DIR, - then in /etc/pki/nssdb, then it initializes with no database if neither of - those exist. - - o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be - loaded, including the ca-bundle. If it is not available then only - certificates already in the NSS database are used. - - o Tries to detect whether a file or nickname is being passed in so the right - thing is done - - o Added a bit of code to make the output more like the OpenSSL module, - including displaying the certificate information when connecting in - verbose mode - - o Improved handling of certificate errors (expired, untrusted, etc) - - The libnsspem.so PKCS#11 module is currently only available in Fedora - 8/rawhide. Work will be done soon to upstream it. The NSS module will work - with or without it, all that changes is the source of the certificates and - keys. - -Daniel S (18 September 2007) -- Immanuel Gregoire pointed out that public key SSH auth failed if no - public/private key was specified and there was no HOME environment variable, - and then it didn't continue to try the other auth methods. Now it will - instead try to get the files id_dsa.pub and id_dsa from the current - directory if none of the two conditions were met. - -Dan F (17 September 2007) -- Added hooks to the test suite to make it possible to test a curl running - on a remote host. - -- Changed some FTP tests to validate the format of the PORT and EPRT commands - sent by curl, if not the addresses themselves. - -Daniel S (15 September 2007) -- Michal Marek made libcurl automatically append ";type=" when using HTTP - proxies for FTP urls. - -- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3 - support on Windows. - -Dan F (13 September 2007) -- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and - fixed some AC_SUBST configure entries. - -Version 7.17.0 (13 September 2007) - -Daniel S (12 September 2007) -- Bug report #1792649 (https://curl.haxx.se/bug/view.cgi?id=1792649) pointed - out a problem with doing an empty upload over FTP on a re-used connection. - I added test case 541 to reproduce it and to verify the fix. - -- I noticed while writing test 541 that the FTP code wrongly did a CWD on the - second transfer as it didn't store and remember the "" path from the - previous transfer so it would instead CWD to the entry path as stored. This - worked, but did a superfluous command. Thus, test case 541 now also verifies - this fix. - -Dan F (5 September 2007) -- Added test case 1007 to test permission problem when uploading with TFTP - (to validate bug #1790403). - -- TFTP now reports the "not defined" TFTP error code 0 as an error, - not success. - -Daniel S (5 September 2007) -- Continued the work on a fix for #1779054 - (https://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August - 24 was not complete (either) but could accidentally "forget" parts of a - server response which led to faulty server response time-out errors. - -Dan F (5 September 2007) -- Minix doesn't support getsockopt on UDP sockets or send/recv on TCP - sockets. - -Dan F (31 August 2007) -- Made some of the error strings returned by the *strerror functions more - generic, and more consistent with each other. - -- Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants, - creating macros for backward compatibility: - - CURLFTPSSL_NONE => CURLUSESSL_NONE - CURLFTPSSL_TRY => CURLUSESSL_TRY - CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL - CURLFTPSSL_ALL => CURLUSESSL_ALL - CURLFTPSSL_LAST => CURLUSESSL_LAST - -Dan F (30 August 2007) -- Renamed several libcurl error codes and options to make them more general - and allow reuse by multiple protocols. Several unused error codes were - removed. In all cases, macros were added to preserve source (and binary) - compatibility with the old names. These macros are subject to removal at - a future date, but probably not before 2009. An application can be - tested to see if it is using any obsolete code by compiling it with the - CURL_NO_OLDIES macro defined. - - The following unused error codes were removed: - - CURLE_BAD_CALLING_ORDER - CURLE_BAD_PASSWORD_ENTERED - CURLE_FTP_CANT_RECONNECT - CURLE_FTP_COULDNT_GET_SIZE - CURLE_FTP_COULDNT_SET_ASCII - CURLE_FTP_USER_PASSWORD_INCORRECT - CURLE_FTP_WEIRD_USER_REPLY - CURLE_FTP_WRITE_ERROR - CURLE_LIBRARY_NOT_FOUND - CURLE_MALFORMAT_USER - CURLE_OBSOLETE - CURLE_SHARE_IN_USE - CURLE_URL_MALFORMAT_USER - - The following error codes were renamed: - - CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED - CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE - CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED - CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR - CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL - CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS - CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR - - The following options were renamed: - - CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD - CURLOPT_FTPAPPEND => CURLOPT_APPEND - CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY - CURLOPT_FTP_SSL => CURLOPT_USE_SSL - - A few more changes will take place with the next SONAME bump of the - library. These are documented in docs/TODO - -- Documented some newer error codes in libcurl-error(3) - -- Added more accurate error code returns from SFTP operations. Added test - case 615 to test an SFTP upload failure. - -Dan F (28 August 2007) -- Some minor internal type and const changes based on a splint scan. - -Daniel S (24 August 2007) -- Bug report #1779054 (https://curl.haxx.se/bug/view.cgi?id=1779054) pointed - out that libcurl didn't deal with large responses from server commands, when - the single response was consisting of multiple lines but of a total size of - 16KB or more. Dan Fandrich improved the ftp test script and provided test - case 1006 to repeat the problem, and I fixed the code to make sure this new - test case runs fine. - -Patrick M (23 August 2007) -- OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*. - See packages/OS400/README.OS400. - -Daniel S (23 August 2007) -- Bug report #1779751 (https://curl.haxx.se/bug/view.cgi?id=1779751) pointed - out that doing first a file:// upload and then an FTP upload crashed libcurl - or at best caused furious valgrind complaints. Fixed now! - -Daniel S (22 August 2007) -- Bug report #1779054 (https://curl.haxx.se/bug/view.cgi?id=1779054) pointed - out that libcurl didn't deal with very long (>16K) FTP server response lines - properly. Starting now, libcurl will chop them off (thus the client app will - not get the full line) but survive and deal with them fine otherwise. Test - case 1003 was added to verify this. - -Daniel S (20 August 2007) -- Based on a patch by Christian Vogt, the FTP code now sets the upcoming - download transfer size much earlier to be possible to get read with - CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a - similar spirit to the HTTP size change from August 11 2007. - -Daniel S (18 August 2007) -- Robson Braga Araujo filed bug report #1776232 - (https://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling - Curl_client_write(), passing on a const string that the caller may not - modify and yet it does (on some platforms). - -- Robson Braga Araujo filed bug report #1776235 - (https://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY - on a directory would do a "SIZE (null)" request. This is now fixed and test - case 1000 was added to verify. - -Daniel S (17 August 2007) -- Song Ma provided a patch that cures a problem libcurl has when doing resume - HTTP PUT using Digest authentication. Test case 5320 and 5322 were also - added to verify the functionality. - -Daniel S (14 August 2007) -- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag - NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't - UNICODE encode the strings it packs into the NTLM authenticate packet. - -Daniel S (11 August 2007) -- Allen Pulsifer provided a patch that makes libcurl set the expected download - size earlier when doing HTTP downloads, so that applications and the - progress meter etc know get the info earlier in the flow than before. - -- Patrick Monnerat modified the LDAP code and approach in curl. Starting now, - the configure script checks for openldap and friends and we link with those - libs just like we link all other third party libraries, and we no longer - dlopen() those libraries. Our private header file lib/ldap.h was renamed to - lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix) - just before this commit, just in case. - -Dan F (8 August 2007) -- Song Ma noted a zlib memory leak in the illegal compressed header - countermeasures code path. - -Daniel S (4 August 2007) -- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on - non-ASCII systems. - -Daniel S (3 August 2007) -- I cut out support for libssh2 versions older than 0.16 to make our code a - lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define - that 1) didn't work properly since it was >32 bits and 2) is removed in - libssh2 0.16... - -Daniel S (2 August 2007) -- Scott Cantor filed bug report #1766320 - (https://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl - code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and - CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be - passed in as longs, and that makes a difference on 64 bit architectures. - -- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke - after 7.16.2. This is much due to the different treatment file:// gets - internally, but now I added test 231 to make it less likely to happen again - without us noticing! - -Daniel S (1 August 2007) -- Patrick Monnerat and I modified libcurl so that now it *copies* all strings - passed to it with curl_easy_setopt()! Previously it has always just refered - to the data, forcing the user to keep the data around until libcurl is done - with it. That is now history and libcurl will instead clone the given - strings and keep private copies. This is also part of Patrick Monnerat's - OS/400 port. - - Due to this being a somewhat interesting change API wise, I've decided to - bump the version of the upcoming release to 7.17.0. Older applications will - of course not notice this change nor do they have to care, but new - applications can be written to take advantage of this. - -- Greg Morse reported a problem with POSTing using ANYAUTH to a server - requiring NTLM, and he provided test code and a test server and we worked - out a bug fix. We failed to count sent body data at times, which then caused - internal confusions when libcurl tried to send the rest of the data in order - to maintain the same connection alive. - -Daniel S (31 July 2007) -- Peter O'Gorman pointed out (and fixed) that the non-blocking check in - configure made libcurl use blocking sockets on AIX 4 and 5, while that - wasn't the intention. - -Daniel S (29 July 2007) -- Jayesh A Shah filed bug report #1759542 - (https://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious - problem with FTPS: libcurl closed the data connection socket and then later - in the flow it would call the SSL layer to do SSL shutdown which then would - use a socket that had already been closed - so if the application had opened - a new one in the mean time, libcurl could send gibberish that way! I worked - with Greg Zavertnik to properly diagnose and fix this. The fix affects code - for all SSL libraries we support, but it has only been truly verified to - work fine for the OpenSSL version. The others have only been code reviewed. - -Daniel S (23 July 2007) -- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces - support for the OS/400 Secure Sockets Layer library. - -Dan F (23 July 2007) -- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed - some few internal identifiers to avoid conflicts, which could be useful on - other platforms. - -Daniel S (22 July 2007) -- HTTP Digest bug fix by Chris Flerackers: - - Scenario - - - Perfoming a POST request with body - - With authentication (only Digest) - - Re-using a connection - - libcurl would send a HTTP POST with an Authorization header but without - body. Our server would return 400 Bad Request in that case (because - authentication passed, but the body was empty). - - Cause - - 1) http_digest.c -> Curl_output_digest - - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is - filled in (and no errors) - - authp->done = TRUE if d->nonce is filled in - 2) http.c -> Curl_http - - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL - 3) http.c -> Curl_http, Curl_http_output_auth - - So what happens is that Curl_output_digest cannot yet update the - Authorization header (allocptr.userpwd) which results in authhost->done=0 -> - authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not - added. *However*, allocptr.userpwd is still used when building the request - -- Added test case 354 that makes a simple FTP retrieval without password, which - verifies the bug fix in #1757328. - -Daniel S (21 July 2007) -- To allow more flexibility in FTP test cases, I've removed the enforced states - from the test server code as they served no real purpose. The test server - is here to serve for the test cases, not to attempt to function as a real - server! While at it, I modified test case 141 to better test and verify - curl -I on a single FTP file. - -Daniel S (20 July 2007) -- James Housley fixed the SFTP PWD command to work. - -- Ralf S. Engelschall filed bug report #1757328 - (https://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It - turns out we broke login to FTP servers that don't require (nor understand) - PASS after the USER command. The breakage was done as part of the krb5 - commit so a krb-using person needs to verify that the current version now - works or if we need to fix it (in a different way of course). - -Dan F (17 July 2007) -- Fixed test cases 613 and 614 by improving the log postprocessor to handle - a new directory listing format that newer libssh2's can provide. This - is probably NOT sufficient to handle all directory listing formats that - server's can provide, and should be revisited. - -Daniel S (17 July 2007) -- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in - two places. - -- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made - a control connection that was deemed "dead" to yet be re-used in a following - request. - -Daniel S (13 July 2007) -- Colin Hogben filed bug report #1750274 - (https://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the - case where libcurl did a connect attempt to a non-listening port and didn't - provide a human readable error string back. - -- Daniel Cater fixes: - 1 - made 'make vc8' work on windows. - 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't - define the symbols for backwards source compatibility) - 3 - updated libcurl-errors.3 - 4 - added CURL_DISABLE_TFTP to docs/INSTALL - -Daniel S (12 July 2007) -- Made the krb5 code build with Heimdal's GSSAPI lib. - -Dan F (12 July 2007) -- Compile most of the example apps in docs/examples when doing a 'make check'. - Fixed some compile warnings and errors in those examples. - -- Removed the example program ftp3rdparty.c since libcurl doesn't support - 3rd party FTP transfers any longer. - -Daniel S (12 July 2007) -- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation - could in fact get stuck in an endless loop. - -- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: - fail to connect if there is no Common Name field found in the remote cert. - We should deprecate the support for this set to 1 anyway soon, since the - feature is pointless and most likely never really used by anyone. - -Daniel S (11 July 2007) -- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407 - error pages for proxy authentication. - -- Giancarlo Formicuccia reported and fixed a problem with a closed connection - to a proxy during CONNECT auth negotiation. - -Dan F (10 July 2007) -- Fixed a curl memory leak reported by Song Ma with a modified version - of the patch he suggested. Added his test case as test289 to verify. - -- Force the time zone to GMT in the cookie tests in case the user is - using one of the so-called 'right' time zones that take into account - leap seconds, which causes the tests to fail (as reported by - Daniel Black in bug report #1745964). - -Version 7.16.4 (10 July 2007) - -Daniel S (10 July 2007) -- Kees Cook notified us about a security flaw - (https://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to - properly reject some outdated or not yet valid server certificates when - built with GnuTLS. Kees also provided the patch. - -James H (5 July 2007) -- Gavrie Philipson provided a patch that will use a more specific error - message for an scp:// upload failure. If libssh2 has his matching - patch, then the error message return by the server will be used instead - of a more generic error. - -Daniel S (1 July 2007) -- Thomas J. Moore provided a patch that introduces Kerberos5 support in - libcurl. This also makes the options change name to --krb (from --krb4) and - CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still - -- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5 - proxy. - -Daniel S (27 June 2007) -- James Housley: Add two new options for the SFTP/SCP/FILE protocols: - CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the - premissions for files and directories created on the remote - server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and - CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755 - -- I corrected the 10-at-a-time.c example and applied a patch for it by James - Bursa. - -Daniel S (26 June 2007) -- Robert Iakobashvili re-arranged the internal hash code to work with a custom - hash function for different hashes, and also expanded the default size for - the socket hash table used in multi handles to greatly enhance speed when - very many connections are added and the socket API is used. - -- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory - listings as well - -Daniel S (25 June 2007) -- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or - chunked encoding (that also lacks "Connection: close"). It now simply - assumes that the connection WILL be closed to signal the end, as that is how - RFC2616 section 4.4 point #5 says we should behave. - -Version 7.16.3 (25 June 2007) - -Daniel S (23 June 2007) -- As reported by "Tro" in https://curl.haxx.se/mail/lib-2007-06/0161.html and - https://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do - no-body requests on FTP files on re-used connections properly, or at least - it didn't provide the info back in the header callback properly in the - subsequent requests. - -Daniel S (21 June 2007) -- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker - tool reports and it was indeed a legitimate one and it is one fixed. It was - a use of a share without doing the proper locking first. - -Daniel S (20 June 2007) -- Adam Piggott filed bug report #1740263 - (https://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when - getting a large amount of URLs with curl, they were fetched slower and - slower... which turned out to be because the --libcurl data collecting which - wrongly always was enabled, but no longer is... - -Daniel S (18 June 2007) -- Robson Braga Araujo filed bug report #1739100 - (https://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl - could not actually list the contents of the root directory of a given FTP - server if the login directory isn't root. I fixed the problem and added - three test cases (one is disabled for now since I identified KNOWN_BUGS #44, - we cannot use --ftp-method nocwd and list ftp directories). - -Daniel S (14 June 2007) -- Shmulik Regev: - - I've encountered (and hopefully fixed) a problem involving proxy CONNECT - requests and easy handles state management. The problem isn't simple to - reproduce since it depends on socket state. It only manifests itself when - working with non-blocking sockets. - - Here is the scenario: - - 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and - calls Curl_protocol_connect - - 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function - returns and conn->bits.tunnel_connecting is TRUE - - 3. when the call to Curl_protocol_connect returns the protocol_connect flag - is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which - isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT - should be used. - - I discovered this while performing an HTTPS request through a proxy (squid) - on my local network. The problem caused openssl to fail as it read the proxy - response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL - handshake (the exact openssl error was 'wrong ssl version' but this isn't - very important) - -- Dave Vasilevsky filed bug report #1736875 - (https://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan - Fandrich mentioned a related build problem on the libcurl mailing list: - https://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same - reason: the definitions of the POLL* defines and the pollfd struct in the - libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H. - -Daniel S (13 June 2007) -- Tom Regner provided a patch and worked together with James Housley, so now - CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP - ones. - -- Rich Rauenzahn filed bug report #1733119 - (https://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the - fix. The problem is that for 64bit HPUX builds, several socket-related - functions would still assume int (32 bit) arguments and not socklen_t (64 - bit) ones. - -Daniel S (12 June 2007) -- James Housley brought his revamped SSH code that is state-machine driven to - really take advantage of the now totally non-blocking libssh2 (in CVS). - -Dan F (8 June 2007) -- Incorporated Daniel Black's test706 and test707 SOCKS test cases. - -- Fixed a few problems when starting the SOCKS server. - -- Reverted some recent changes to runtests.pl that weren't compatible with - perl 5.0. - -- Fixed the test harness so that it actually kills the ssh being used as - the SOCKS server. - -Daniel S (6 June 2007) -- -s/--silent can now be used to toggle off the silence again if used a second - time. - -Daniel S (5 June 2007) -- Added Daniel Black's work that adds the first few SOCKS test cases. I also - fixed two minor SOCKS problems to make the test cases run fine. - -Daniel S (31 May 2007) -- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs. - -Daniel S (30 May 2007) -- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel - with a c-ares enabled build only to find that it crashed miserably, and this - was due to some select()isms left in the code. This was due to API - restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no - longer the case so now libcurl runs much better with c-ares and the multi - interface with > 1024 file descriptors in use. - - Extra note: starting now we require c-ares 1.4.0 for asynchronous name - resolves. - -- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting - the maximum size of the connection cache maximum size of the multi handle. - -Daniel S (27 May 2007) -- When working with a problem Stefan Becker had, I found an off-by-one buffer - overwrite in Curl_select(). While fixing it, I also improved its performance - somewhat by changing calloc to malloc and breaking out of a loop earlier - (when possible). - -Daniel S (25 May 2007) -- Rob Crittenden fixed bug #1705802 - (https://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel - Black identifying several FTP-SSL test cases fail when we build libcurl with - NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS. - -Daniel S (24 May 2007) -- Song Ma filed bug report #1724016 - (https://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading - glob-ranges for TFTP was broken in CVS. Fixed now. - -- 'mytx' in bug report #1723194 (https://curl.haxx.se/bug/view.cgi?id=1723194) - pointed out that the warnf() function in the curl tool didn't properly deal - with the cases when excessively long words were used in the string to chop - up. - -Daniel S (22 May 2007) -- Andre Guibert de Bruet fixed a memory leak in the function that verifies the - peer's name in the SSL certificate when built for OpenSSL. The leak happens - for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN - name from UTF8. He also fixed a leak when PKCS #12 parsing failed. - -Daniel S (18 May 2007) -- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report - #1715394 (https://curl.haxx.se/bug/view.cgi?id=1715394), and the - transfer-related info "variables" were indeed overwritten with zeroes - wrongly and have now been adjusted. The upload size still isn't accurate. - -Daniel S (17 May 2007) -- Feng Tu pointed out a division by zero error in the TFTP connect timeout - code for timeouts less than five seconds, and also provided a fix for it. - Bug report #1715392 (https://curl.haxx.se/bug/view.cgi?id=1715392) - -Dan F (16 May 2007) -- Added support for compiling under Minix 3.1.3 using ACK. - -Dan F (14 May 2007) -- Added SFTP directory listing test case 613. - -- Added support for quote commands before a transfer using SFTP and test - case 614. - -- Changed the post-quote commands to occur after the transferred file is - closed. - -- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0. - -Dan F (9 May 2007) -- Kristian Gunstone fixed a problem where overwriting an uploaded file with - sftp didn't truncate it first, which would corrupt the file if the new - file was shorter than the old. - -Dan F (8 May 2007) -- Added FTPS test cases 406 and 407 - -Daniel S (8 May 2007) -- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is - because I just made SCP uploads return this value if the file size of - the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to - reflect this news, and a define for the old name was added to the public - header file. - -Daniel S (7 May 2007) -- James Bursa fixed a bug in the multi handle code that made the connection - cache grow a bit too much, beyond the normal 4 * easy_handles. - -Daniel S (2 May 2007) -- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0 - when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is - not very nice if the client wants to be able to use _either_ a HTTP 1.1 - server or one within the aliases list... so starting now, libcurl will - simply consider 200-alias matches the to be HTTP 1.0 compliant. - -- Tobias Rundström reported a problem they experienced with xmms2 and recent - libcurls, which turned out to be the 25-nov-2006 change which treats HTTP - responses without Content-Length or chunked encoding as without bodies. We - now added the conditional that the above mentioned response is only without - body if the response is HTTP 1.1. - -- Jeff Pohlmeyer improved the hiperfifo.c example to use the - CURLMOPT_TIMERFUNCTION callback option. - -- Set the timeout for easy handles to expire really soon after addition or - when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform, - to make applications using only curl_multi_socket() to properly function - when adding easy handles "on the fly". Bug report and test app provided by - Michael Wallner. - -Dan F (30 April 2007) -- Improved the test harness to allow running test servers on other than - the default port numbers, allowing more than one test suite to run - simultaneously on the same host. - -Daniel S (28 April 2007) -- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before, - since it then inits libgcrypt and libgcrypt is being evil and EXITS the - application if it fails to get a fine random seed. That's really not a nice - thing to do by a library. - -- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had - been removed from a multi handle, and then fixed another flaw that prevented - curl_easy_duphandle() to work even after the first fix - the handle was - still marked as using the multi interface. - -Daniel S (26 April 2007) -- Peter O'Gorman found a problem with SCP downloads when the downloaded file - was 16385 bytes (16K+1) and it turned out we didn't properly always "suck - out" all data from libssh2. The effect being that libcurl would hang on the - socket waiting for data when libssh2 had in fact already read it all... - -Dan F (25 April 2007) -- Added support in runtests.pl for "!n" test numbers to disable individual - tests. Changed -t to only keep log files around when -k is specified, - to have the same behaviour as without -t. - -Daniel S (25 April 2007) -- Sonia Subramanian brought our attention to a problem that happens if you set - the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection - in the connection cache is closed to make room for the new one when you call - curl_easy_perform(). It would then wrongly free range-related data in the - connection close funtion. - -Yang Tse (25 April 2007) -- Steve Little fixed compilation on VMS 64-bit mode - -Daniel S (24 April 2007) -- Robert Iakobashvili made the 'master_buffer' get allocated first once it is - can/will be used as it then makes the common cases save 16KB of data for each - easy handle that isn't used for pipelining. - -Dan F (23 April 2007) -- Added support to the test harness. - -- Added tests 610-612 to test more SFTP post-quote commands. - -Daniel S (22 April 2007) -- Song Ma's warning if -r/--range is given with a "bad" range, also noted in - the man page now. - -- Daniel Black filed bug #1705177 - (https://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl - --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS - was found and used. - -Daniel S (21 April 2007) -- Daniel Black filed bug #1704675 - (https://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free - problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on - closedown after a failure and a bad #ifdef for NSS when closing down SSL. - -Yang Tse (20 April 2007) -- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of - Curl_socket_ready(), Curl_poll() and Curl_select() when these are called - with a zero timeout or a timeout value indicating a blocking call should - be performed. - -Daniel S (18 April 2007) -- James Housley made SFTP uploads use libssh2's non-blocking API - -- Prevent the internal progress meter from updating more frequently than once - per second. - -Dan F (17 April 2007) -- Added test cases 296, 297 and 298 to test --ftp-method handling - -Daniel S (16 April 2007) -- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a - function that deprecates the curl_multi_socket() function. Using the new - function the application tell libcurl what action that was found in the - socket that it passes in. This gives a significant performance boost as it - allows libcurl to avoid a call to poll()/select() for every call to - curl_multi_socket*(). - - I added a define in the public curl/multi.h header file that will make your - existing application automatically use curl_multi_socket_action() instead of - curl_multi_socket() when you recompile. But of course you'll get better - performance if you adjust your code manually and actually pass in the - correct action bitmask to this function. - -Daniel S (14 April 2007) -- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test - suite to make stunnel run better in some (most?) environments. - -Dan F (13 April 2007) -- Added test cases 294 and 295 to test --ftp-account handling - -- Improved handling of out of memory in ftp. - -Yang Tse (13 April 2007) -- Fix test case 534 which started to fail 2007-04-13 due to the existance - of a new host on the net with the same silly domain the test was using - for a host which was supposed not to exist. - -Daniel S (12 April 2007) -- Song Ma found a memory leak in the if2ip code if you pass in an interface - name longer than the name field of the ifreq struct (typically 6 bytes), as - then it wouldn't close the used dummy socket. Bug #1698974 - (https://curl.haxx.se/bug/view.cgi?id=1698974) - -Version 7.16.2 (11 April 2007) - -Yang Tse (10 April 2007) -- Ravi Pratap provided some fixes for HTTP pipelining - -- configure script will ignore --enable-sspi option for non-native Windows. - -Daniel S (9 April 2007) -- Nick Zitzmann did ssh.c cleanups - -Daniel S (3 April 2007) -- Rob Jones fixed better #ifdef'ing for a bunch of #include lines. - -Daniel S (2 April 2007) -- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The - accepted commands are as follows: - - chgrp (gid) (path) - Changes the group ID of the file or directory at (path) to (gid). (gid) - must be a number. - - chmod (perms) (path) - Changes the permissions of the file or directory at (path) to - (perms). (perms) must be a number in the format used by the chmod Unix - command. - - chown (uid) (path) - Changes the user ID of the file or directory at (path) to (uid). (uid) - must be a number. - - ln (source) (dest) - Creates a symbolic link at (dest) that points to the file located at - (source). - - mkdir (path) - Creates a new directory at (path). - - rename (source) (dest) - Moves the file or directory at (source) to (dest). - - rm (path) - Deletes the file located at (path). - - rmdir (path) - Deletes the directory located at (path). This command will raise an error - if the directory is not empty. - - symlink (source) (dest) - Same as ln. - -Daniel S (1 April 2007) -- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many - easy handles are added to a multi handle, by avoiding the looping over all - the handles to find which one to remove. - -- Matt Kraai provided a patch that makes curl build on QNX 6 fine again. - -Daniel S (31 March 2007) -- Fixed several minor issues detected by the coverity.com scanner. - -- "Pixel" fixed a problem that appeared when you used -f with user+password - embedded in the URL. - -Dan F (29 March 2007) -- Don't tear down the ftp connection if the maximum filesize was exceeded - and added tests 290 and 291 to check. - -- Added ftps upload and SSL required tests 401 and 402. - -- Send an EOF message before closing an SCP channel, as recommended by - RFC4254. Enable libssh2 tracing when ssh debugging is turned on. - -Yang Tse (27 March 2007) -- Internal function Curl_select() renamed to Curl_socket_ready() - - New Internal wrapper function Curl_select() around select (2), it - uses poll() when a fine poll() is available, so now libcurl can be - built without select() support at all if a fine poll() is available. - -Daniel S (25 March 2007) -- Daniel Johnson fixed multi code to traverse the easy handle list properly. - A left-over bug from the February 21 fix. - -Dan F (23 March 2007) -- Added --pubkey option to curl and made --key also work for SCP/SFTP, - plus made --pass work on an SSH private key as well. - -- Changed the test harness to attempt to gracefully shut down servers - before resorting to the kill -9 hammer. - -- Added test harness infrastructure to support scp/sftp tests, using - OpenSSH as the server. - -- Fixed a memory leak when specifying a proxy with a file: URL. - -Yang Tse (20 March 2007) -- Fixed: When a signal was caught awaiting for an event using Curl_select() - or Curl_poll() with a non-zero timeout both functions would restart the - specified timeout. This could even lead to the extreme case that if a - signal arrived with a frecuency lower to the specified timeout neither - function would ever exit. - - Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in - Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR - defined both functions will return as soon as a signal is caught. Use it - at your own risk, all calls to these functions in the library should be - revisited and checked before fully supporting this feature. - -Yang Tse (19 March 2007) -- Bryan Henderson fixed the progress function so that it can get called more - frequently allowing same calling frecuency for the client progress callback. - -Dan F (15 March 2007) -- Various memory leaks plugged and NULL pointer fixes made in the ssh code. - -Daniel (15 March 2007) -- Nick made the curl tool accept globbing ranges that only is one number, i.e - you can now use [1-1] without curl complaining. - -Daniel (10 March 2007) -- Eygene Ryabinkin: - - The problem is the following: when we're calling Curl_done and it decides to - keep the connection opened ('left intact'), then the caller is not notified - that the connection was done via the NULLifying of the pointer, so some easy - handle is keeping the pointer to this connection. - - Later ConnectionExists can select such connection for reuse even if we're - not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is - false and we can reuse this connection for another easy handle. But thus the - connection will be shared between two easy handles if the handle that wants - to take the ownership is not the same as was not notified of the connection - was done in Curl_done. And when some of these easy handles will get their - connection really freed the another one will still keep the pointer. - - My fix was rather trivial: I just added the NULLification to the 'else' - branch in the Curl_done. My tests with Git and ElectricFence showed no - problems both for HTTP pulling and cloning. Repository size is about 250 Mb, - so it was a considerable amount of Curl's work. - -Dan F (9 March 2007) -- Updated the test harness to add a new "crypto" feature check and updated the - appropriate test case to use it. For now, this is treated the same as the - "SSL" feature because curl doesn't list it separately. - -Daniel (9 March 2007) -- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6. - -- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct - machine type too. - -- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to - upload a file it couldn't open. Bug #1676581 - (https://curl.haxx.se/bug/view.cgi?id=1676581) - -Dan F (9 March 2007) -- Updated the test harness to check for protocol support before running each - test, fixing KNOWN_BUGS #11. - -Dan F (7 March 2007) -- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test - harness. It is very limited as it supports only ftps:// URLs with - --ftp-ssl-control specified, which implicitly encrypts the control - channel but not the data channels. That allows stunnel to be used with - an unmodified ftp server in exactly the same way that the test https - server is set up. - -Dan F (7 March 2007) -- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and - unencrypted data connections. - -Dan F (6 March 2007) -- Fixed a couple of improper pointer uses detected by valgrind in test - cases 181 & 216. - -Daniel (2 March 2007) -- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8 - makefiles that are included in the source release archives, generated from - the Makefile.vc6 files by the maketgz script. I also modified the root - Makefile to have a VC variable that defaults to vc6 but can be overridden to - allow it to be used for vc8 as well. Like this: - - nmake VC=vc8 vc - -Daniel (27 February 2007) -- Hang Kin Lau found and fixed: When I use libcurl to connect to an https - server through a proxy and have the remote https server port set using the - CURLOPT_PORT option, protocol gets reset to http from https after the first - request. - - User defined URL was modified internally by libcurl and subsequent reuse of - the easy handle may lead to connection using a different protocol (if not - originally http). - - I found that libcurl hardcoded the protocol to "http" when it tries to - regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as - follows and it's working fine so far - -Daniel (25 February 2007) -- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from - the multi interface. Note that it still does a part of the connection in a - blocking manner. - -Daniel (23 February 2007) -- Added warning outputs if the command line uses more than one of the options - -v, --trace and --trace-ascii, since it could really confuse the user. - Clarified this fact in the man page. - -Daniel (21 February 2007) -- Ravi Pratap provided work on libcurl making pipelining more robust and - fixing some bugs: - o Don't mix GET and POST requests in a pipeline - o Fix the order in which requests are dispatched from the pipeline - o Fixed several curl bugs with pipelining when the server is returning - chunked encoding: - * Added states to chunked parsing for final CRLF - * Rewind buffer after parsing chunk with data remaining - * Moved chunked header initializing to a spot just before receiving - headers - -Daniel (20 February 2007) -- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle - active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command - line option. - -Daniel (19 February 2007) -- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl. - -- Shmulik Regev found a memory leak in re-used HTTPS connections, at least - when the multi interface was used. - -- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and - 5). - -Daniel (18 February 2007) -- Jeff Pohlmeyer identified two problems: first a rather obscure problem with - the multi interface and connection re-use that could make a - curl_multi_remove_handle() ruin a pointer in another handle. - - The second problem was less of an actual problem but more of minor quirk: - the re-using of connections wasn't properly checking if the connection was - marked for closure. - -Daniel (16 February 2007) -- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting - CURLOPT_RANGE back to no range on an easy handle when using FTP. - -Dan F (14 February 2007) -- Fixed curl-config --libs so it doesn't list unnecessary libraries (and - therefore introduce unnecessary dependencies) when it's not needed. - Also, don't bother adding a library path of /usr/lib - -Daniel (13 February 2007) -- The default password for anonymous FTP connections is now changed to be - "ftp@example.com". - -- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have - gmtime_r() like the older VC versions. He also made use of some machine- - specific defines to differentiate the "OS" define. - -Daniel (12 February 2007) -- Rob Crittenden added support for NSS (Network Security Service) for the - SSL/TLS layer. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS - - This is the fourth supported library for TLS/SSL that libcurl supports! - -- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent - to the debug callback. - -- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and - CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's - internal decoding of content or transfer encoded content. This may be - preferable in cases where you use libcurl for proxy purposes or similar. The - command line tool got a --raw option to disable both at once. - -- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP - define set to hold the exact date and time of when the tarball was built, as - a human readable string using the UTC time zone. - -- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle - that has an easy handle present in the "closure" list pending closure. - -Daniel (6 February 2007) -- Regular file downloads wiht SFTP and SCP are now done using the non-blocking - API of libssh2, if the libssh2 headers seem to support them. This will make - SCP and SFTP much more responsive and better libcurl citizens when used with - the multi interface etc. - -Daniel (5 February 2007) -- Michael Wallner added support for CURLOPT_TIMEOUT_MS and - CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with - millisecond resolution. The only restriction to that is the alarm() - (sometimes) used to abort name resolves as that uses full seconds. I fixed - the FTP response timeout part of the patch. - - Internally we now count and keep the timeouts in milliseconds but it also - means we multiply set timeouts with 1000. The effect of this is that no - timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which - equals 24.86 days. We probably couldn't before either since the code did - *1000 on the timeout values on several places already. - -Daniel (3 February 2007) -- Yang Tse fixed the cookie expiry date in several test cases that started to - fail since they used "1 feb 2007"... - -- Manfred Schwarb reported that socks5 support was broken and help us pinpoint - the problem. The code now tries harder to use httproxy and proxy where - apppropriate, as not all proxies are HTTP... - -Version 7.16.1 (29 January 2007) - -Daniel (29 January 2007) -- Michael Wallner reported that when doing a CONNECT with a custom User-Agent - header, you got _two_ User-Agent headers in the CONNECT request...! Added - test case 287 to verify the fix. - -Daniel (28 January 2007) -- curl_easy_reset() now resets the CA bundle path correctly. - -- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII - platforms. - -Daniel (25 January 2007) -- Added the --libcurl [file] option to curl. Append this option to any - ordinary curl command line, and you will get a libcurl-using source code - written to the file that does the equivalent operation of what your command - line operation does! - -Dan F (24 January 2007) -- Fixed a dangling pointer problem that prevented the http_proxy environment - variable from being properly used in many cases (and caused test case 63 - to fail). - -Daniel (23 January 2007) -- David McCreedy did NTLM changes mainly for non-ASCII platforms: - - #1 - There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT - defined. I noticed this while testing various configurations. Line 867 of - the current http_ntlm.c is a closing bracket for an if/else pair that only - gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket - wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was - defined. Lines 198 and 140 of my patch wraps that closing bracket in an - #ifdef USE_NTLM2SESSION. - - #2 - I noticed several picky compiler warnings when DEBUG_ME is defined. I've - fixed them with casting. By the way, DEBUG_ME was a huge help in - understanding this code. - - #3 - Hopefully the last non-ASCII conversion patch for libcurl in a while. I - changed the "NTLMSSP" literal to hex since this signature must always be in - ASCII. - - Conversion code was strategically added where necessary. And the - Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c - creates are NOT translated on non-ASCII platforms. - -Dan F (22 January 2007) -- Converted (most of) the test data files into genuine XML. A handful still - are not, due mainly to the lack of support for XML character entities - (e.g. & => & ). This will make it easier to validate test files using - tools like xmllint, as well as to edit and view them using XML tools. - -Daniel (16 January 2007) -- Armel Asselin improved libcurl to behave a lot better when an easy handle - doing an FTP transfer is removed from a multi handle before completion. The - fix also fixed the "alive counter" to be correct on "premature removal" for - all protocols. - -Dan F (16 January 2007) -- Fixed a small memory leak in tftp uploads discovered by curl's memory leak - detector. Also changed tftp downloads to URL-unescape the downloaded - file name. - -Daniel (14 January 2007) -- David McCreedy provided libcurl changes for doing HTTP communication on - non-ASCII platforms. It does add some complexity, most notably with more - #ifdefs, but I want to see this supported added and I can't see how we can - add it without the extra stuff added. - -- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present, - libcurl would crash when trying to read a NULL pointer. - -Daniel (12 January 2007) -- Toby Peterson found a nasty bug that prevented (lib)curl from properly - downloading (most) things that were larger than 4GB on 32 bit systems. Matt - Witherspoon helped as narrow down the problem. - -Daniel (5 January 2007) -- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to - curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it - will make libcurl shutdown SSL/TLS after the authentication is done on a - FTP-SSL operation. - -Daniel (4 January 2007) -- David McCreedy made changes to allow base64 encoding/decoding to work on - non-ASCII platforms. - -Daniel (3 January 2007) -- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store - downloaded data in two buffers, just to be able to deal with a special HTTP - pipelining case. That is now only activated for pipelined transfers. In - Matt's case, it showed as a considerable performance difference, - -Daniel (2 January 2007) -- Victor Snezhko helped us fix bug report #1603712 - (https://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate - (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken - on Windows (since 7.16.0, but that's when they were introduced as previous - to that the limiting logic was made in the application only and not in the - library). It was actually also broken on select()-based systems (as apposed - to poll()) but we haven't had any such reports. We now use select(), Sleep() - or delay() properly to sleep a while without waiting for anything input or - output when the rate limiting is activated with the easy interface. - -- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs - to get built static. It has been mentioned before and was again brought to - our attention by Nathanael Nerode who filed debian bug report #405226 - (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226). - -Daniel (29 December 2006) -- Make curl_easy_duphandle() set the magic number in the new handle. - -Daniel (22 December 2006) -- Robert Foreman provided a prime example snippet showing how libcurl would - get confused and not acknowledge the 'no_proxy' variable properly once it - had used the proxy and you re-used the same easy handle. I made sure the - proxy name is properly stored in the connect struct rather than the - sessionhandle/easy struct. - -- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t - variable to point to when it should be a socklen_t. - -- When setting a proxy with environment variables and (for example) running - 'curl [URL]' with a URL without a protocol prefix, curl would not send a - correct request as it failed to add the protocol prefix. - -Daniel (21 December 2006) -- Robson Braga Araujo reported bug #1618359 - (https://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a - patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 - enters an infinite loop, while curl 7.16.1-20061218 does one additional - unnecessary request. - - Fix: During the "Major overhaul introducing http pipelining support and - shared connection cache within the multi handle." change, headerbytecount - was moved to live in the Curl_transfer_keeper structure. But that structure - is reset in the Transfer method, losing the information that we had about - the header size. This patch moves it back to the connectdata struct. - -Daniel (16 December 2006) -- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE - during certain conditions when GnuTLS is used. - -Daniel (11 December 2006) -- Alexey Simak found out that when doing FTP with the multi interface and - something went wrong like it got a bad response code back from the server, - libcurl would leak memory. Added test case 538 to verify the fix. - - I also noted that the connection would get cached in that case, which - doesn't make sense since it cannot be re-use when the authentication has - failed. I fixed that issue too at the same time, and also that the path - would be "remembered" in vain for cases where the connection was about to - get closed. - -Daniel (6 December 2006) -- Sebastien Willemijns reported bug #1603712 - (https://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections - getting cut off prematurely when --limit-rate is used. While I found no such - problems in my tests nor in my reading of the code, I found that the - --limit-rate code was severly flawed (since it was moved into the lib, since - 7.15.5) when used with the easy interface and it didn't work as documented - so I reworked it somewhat and now it works for my tests. - -Daniel (5 December 2006) -- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when - passing a curl_off_t argument to the Curl_read_rewind() function which takes - an size_t argument. Curl_read_rewind() also had debug code left in it and it - was put in a different source file with no good reason when only used from - one single spot. - -- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is - no code present in the library that receives the option. Since it was not - possible to use, we know that no current users exist and thus we simply - removed it from the docs and made the code always use the default path of - the code. - -- Jared Lundell filed bug report #1604956 - (https://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting - CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl - will always internally use no less than 1 entry in the connection cache. - -- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in - the 7.16.0 release. - -- Martin Skinner brought back bug report #1230118 to haunt us once again. - (https://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work - properly for all input dates on Windows. It was mostly seen on some TZ time - zones using DST. Luckily, Martin also provided a fix. - -- Alexey Simak filed bug report #1600447 - (https://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active - FTP connections don't work with the multi interface. The problem is here - that the multi interface state machine has a state during which it can wait - for the data connection to connect, but the active connection is not done in - the same step in the sequence as the passive one is so it doesn't quite work - for active. The active FTP code still use a blocking function to allow the - remote server to connect. - - The fix (work-around is a better word) for this problem is to set the - boolean prematurely that the data connection is completed, so that the "wait - for connect" phase ends at once. - - The proper fix, left for the future, is of course to make the active FTP - case to act in a non-blocking way too. - -- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a - HTTP upload was disconnected: - - "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is - setting *only* POLLHUP on poll() when the conditions in my previous mail - occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So - basically what was happening, is poll() was returning immediately (with - POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or - POLLOUT was set. This still caused Curl_readwrite() to be called, which - quickly returned. Then the transfer() loop kept continuing at full speed - forever." - -Daniel (1 December 2006) -- Toon Verwaest reported that there are servers that send the Content-Range: - header in a third, not suppported by libcurl, format and we agreed that we - could make the parser more forgiving to accept all the three found - variations. - -Daniel (25 November 2006) -- Venkat Akella found out that libcurl did not like HTTP responses that simply - responded with a single status line and no headers nor body. Starting now, a - HTTP response on a persistent connection (i.e not set to be closed after the - response has been taken care of) must have Content-Length or chunked - encoding set, or libcurl will simply assume that there is no body. - - To my horror I learned that we had no less than 57(!) test cases that did bad - HTTP responses like this, and even the test http server (sws) responded badly - when queried by the test system if it is the test system. So although the - actual fix for the problem was tiny, going through all the newly failing test - cases got really painful and boring. - -Daniel (24 November 2006) -- James Housley did lots of work and introduced SFTP downloads. - -Daniel (13 November 2006) -- Ron in bug #1595348 (https://curl.haxx.se/bug/view.cgi?id=1595348) pointed - out a stack overwrite (and the corresponding fix) on 64bit Windows when - dealing with HTTP chunked encoding. - -Daniel (9 November 2006) -- Nir Soffer updated libcurl.framework.make: - o fix symlinks, should link to Versions, not to ./Versions - o indentation improvments - -- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov - 2006. It turned out we wrongly assumed that the connection cache was present - when tearing down a connection. - -- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the - multi interface, but I could also repeat it doing multiple sequential ones - with the easy interface. Using Ciprian's test case, I could fix it. - -Daniel (8 November 2006) -- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without - CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the - SSL handshake. This is now stopped. - -Daniel (7 November 2006) -- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a - wrong error message in the error message buffer. - -Daniel (3 November 2006) -- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious - KNOWN_BUGS #25, which happens when a proxy closes the connection when - libcurl has sent CONNECT, as part of an authentication negotiation. Starting - now, libcurl will re-connect accordingly and continue the authentication as - it should. - -Daniel (2 November 2006) -- James Housley brought support for SCP transfers, based on the libssh2 library - for the actual network protocol stuff. - - Added these new curl_easy_setopt() options: - - CURLOPT_SSH_AUTH_TYPES - CURLOPT_SSH_PUBLIC_KEYFILE - CURLOPT_SSH_PRIVATE_KEYFILE - -Version 7.16.0 (30 October 2006) - -Daniel (25 October 2006) -- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the - case when 401 or 407 are returned, *IF* no auth credentials have been given. - The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 - and 407 cases when auth credentials is given, but we've now covered this - somewhat more. - - You might get some amounts of headers transferred before this situation is - detected, like for when a "100-continue" is received as a response to a - POST/PUT and a 401 or 407 is received immediately afterwards. - - Added test 281 to verify this change. - -Daniel (23 October 2006) -- Ravi Pratap provided a major update with pipelining fixes. We also no longer - re-use connections (for pipelining) before the name resolving is done. - -Daniel (21 October 2006) -- Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all - the single test applications' link and dependences, so that you easier can - override those from the command line when using make. - -- Armel Asselin separated CA cert verification problems from problems with - reading the (local) CA cert file to let users easier pinpoint the actual - problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. - -Daniel (18 October 2006) -- Removed the "protocol-guessing" for URLs with host names starting with FTPS - or TELNET since they are practically non-existant. This leaves us with only - three different prefixes that would assume the protocol is anything but - HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". - -Daniel (17 October 2006) -- Bug report #1579171 pointed out code flaws detected with "prefast", and they - were 1 - a too small memory clear with memset() in the threaded resolver and - 2 - a range of potentially bad uses of the ctype family of is*() functions - such as isdigit(), isalnum(), isprint() and more. The latter made me switch - to using our own set of these functions/macros using uppercase letters, and - with some extra set of crazy typecasts to avoid mistakingly passing in - negative numbers to the underlying is*() functions. - -- With Jeff Pohlmeyer's help, I fixed the expire timer when using - curl_multi_socket() during name resolves with c-ares and the LOW_SPEED - options now work fine with curl_multi_socket() as well. - -Daniel (16 October 2006) -- Added a check in configure that simply tries to run a program (not when - cross-compiling) in order to detect problems with run-time libraries that - otherwise would occur when the sizeof tests for curl_off_t would run and - thus be much more confusing to users. The check of course should run after - all lib-checks are done and before any other test is used that would run an - executable built for testing-purposes. - -Dan F (13 October 2006) -- The tagging of application/x-www-form-urlencoded POST body data sent - to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously - included as part of the header). A message was also added to the - command line tool to show when data is being sent, enabled when - --verbose is used. - -Daniel (12 October 2006) -- Starting now, adding an easy handle to a multi stack that was already added - to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. - -- Jeff Pohlmeyer has been working with the hiperfifo.c example source code, - and while doing so it became apparent that the current timeout system for - the socket API really was a bit awkward since it become quite some work to - be sure we have the correct timeout set. - - Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another - callback the app can set to get to know when the general timeout time - changes and thus for an application like hiperfifo.c it makes everything a - lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in - good old libcurl tradition. - - Jeff has also updated the hiperfifo.c example code to use this news. - -Daniel (9 October 2006) -- Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test - case 535 and it now runs fine. Again a problem with the pipelining code not - taking all possible (error) conditions into account. - -Daniel (6 October 2006) -- Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to - test case 533 and the test now runs fine. - -Daniel (4 October 2006) -- Dmitriy Sergeyev provided an example source code that crashed CVS libcurl - but that worked nicely in 7.15.5. I converted it into test case 532 and - fixed the problem. - -Daniel (29 September 2006) -- Removed a few other no-longer present options from the header file. - -- Support for FTP third party transfers was removed. Here's why: - - o The recent multi interface changes broke it and the design of the 3rd party - transfers made it very hard to fix the problems - o It was still blocking and thus nasty for the multi interface - o It was a lot of extra code for a very rarely used feature - o It didn't use the same code as for "plain" FTP transfers, so it didn't work - fine for IPv6 and it didn't properly re-use connections and more - o There's nobody around who's willing to work on and improve the existing - code - - This does not mean that third party transfers are banned forever, only that - they need to be done better if they are to be re-added in the future. - - The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* - options from the command line tool. For this reason, I also bumped the - version info for the lib. - -Daniel (28 September 2006) -- Reported in #1561470 (https://curl.haxx.se/bug/view.cgi?id=1561470), libcurl - would crash if a bad function sequence was used when shutting down after - using the multi interface (i.e using easy_cleanup after multi_cleanup) so - precautions have been added to make sure it doesn't any more - test case 529 - was added to verify. - -Daniel (27 September 2006) -- The URL in the cookie jar file is now changed since it was giving a 404. - Reported by Timothy Stone. The new URL will take the visitor to a curl web - site mirror with the document. - -Daniel (24 September 2006) -- Bernard Leak fixed configure --with-gssapi-libs. - -- Cory Nelson made libcurl use the WSAPoll() function if built for Windows - Vista (_WIN32_WINNT >= 0x0600) - -Daniel (23 September 2006) -- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only - encrypt the control connection and use the data connection "plain". - -- Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better - as it now will read the full data sent from servers. The SOCKS-related code - was also moved to the new lib/socks.c source file. - -Daniel (21 September 2006) -- Added test case 531 in an attempt to repeat bug report #1561470 - (https://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an - FTP upload fails with the multi interface. It did not, but I made a failed - upload still assume the control connection to be fine. - -Daniel (20 September 2006) -- Armel Asselin fixed problems when you gave a proxy URL with user name and - empty password or no password at all. Test case 278 and 279 were added to - verify. - -Daniel (12 September 2006) -- Added docs/examples/10-at-a-time.c by Michael Wallner - -- Added docs/examples/hiperfifo.c by Jeff Pohlmeyer - -Daniel (11 September 2006) -- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a - handle that is part of a multi handle first removes the handle from the - stack. - -- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL - session-ID re-use on demand since there obviously are broken servers out - there that misbehave with session-IDs used. - -- Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a - problem with it (SIGSEGV-style). It clearly showed that the existing - socket-state and state-difference function wasn't good enough so I rewrote - it and could then re-run Jeff's program without any crash. The previous - version clearly could miss to tell the application when a handle changed - from using one socket to using another. - - While I was at it (as I could use this as a means to track this problem - down), I've now added a 'magic' number to the easy handle struct that is - inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that - we can use internally to detect that an easy handle seems to be fine, or at - least not closed or freed (freeing in debug builds fill the area with 0x13 - bytes but in normal builds we can of course not assume any particular data - in the freed areas). - -Daniel (9 September 2006) -- Michele Bini fixed how the hostname is put in NTLM packages. As servers - don't expect fully qualified names we need to cut them off at the first dot. - -- Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some - of them can be completetly removed though... - -Daniel (6 September 2006) -- Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a - multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that - handle will be attempted to get pipelined instead of done in parallell as - they are performed otherwise. - - As a side-effect from this work, connections are now shared between all easy - handles within a multi handle, so if you use N easy handles for transfers, - each of them can pick up and re-use a connection that was previously used by - any of the handles, be it the same or one of the others. - - This separation of the tight relationship between connections and easy - handles is most noticable when you close easy handles that have been used in - a multi handle and check amount of used memory or watch the debug output, as - there are times when libcurl will keep the easy handle around for a while - longer to be able to close it properly. Like for sending QUIT to close down - an FTP connection. - - This is a major change. - -Daniel (4 September 2006) -- Dmitry Rechkin (https://curl.haxx.se/bug/view.cgi?id=1551412) provided a - patch that while not fixing things very nicely, it does make the SOCKS5 - proxy connection slightly better as it now acknowledges the timeout for - connection and it no longer segfaults in the case when SOCKS requires - authentication and you did not specify username:password. - -Daniel (31 August 2006) -- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch - name resolves. It could get stuck in the wrong state. - -Gisle (29 August 2006) -- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS - compiler now uses the same config.dos file (renamed to config.h by - make). libcurl now builds fine using Watcom and Metaware's High-C - using the Watt-32 tcp/ip-stack. - -Daniel (29 August 2006) -- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to - allow applications to set their own socket options. - -Daniel (25 August 2006) -- Armel Asselin reported that the 'running_handles' counter wasn't updated - properly if you removed a "live" handle from a multi handle with - curl_multi_remove_handle(). - -Daniel (22 August 2006) -- David McCreedy fixed a remaining mistake from the August 19 TYPE change. - -- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP - code when doing pure IPv6 EPRT connections. - -Daniel (19 August 2006) -- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE - command on subsequent requests on a re-used connection unless it has to. - -- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and - files in the root directory. - -- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't - send the whole request at once, even though the Expect: header was disabled - by the application. An effect of this change is also that small (< 1024 - bytes) POSTs are now always sent without Expect: header since we deem it - more costly to bother about that than the risk that we send the data in - vain. - -Daniel (9 August 2006) -- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when - CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place - in the command sequence as it would have run if there would've been a - transfer. - -Daniel (8 August 2006) -- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs - on a persistent connection and allowed the first to use that header, you - could not disable it for the second request. - -Daniel (7 August 2006) -- Domenico Andreolfound a quick build error which happened because - src/config.h.in was not a proper duplcate of lib/config.h.in which it - should've been and this was due to the maketgz script not doing the cp - properly. - -Version 7.15.5 (7 August 2006) - -Daniel (2 August 2006) -- Mark Lentczner fixed how libcurl was not properly doing chunked encoding - if the header "Transfer-Encoding: chunked" was set by the application. - https://curl.haxx.se/bug/view.cgi?id=1531838 - -Daniel (1 August 2006) -- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() - an unknown error number on glibc systems. - https://curl.haxx.se/bug/view.cgi?id=1532289 - -Daniel (31 July 2006) -- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified - prototypes: they both now provide the number of running handles back to the - calling function. It makes the functions resemble the good old - curl_multi_perform() more and provides a nice way to know when the multi - handle goes empty. - - ALERT2: don't use the curl_multi_socket*() functionality in anything - production-like until I say it's somewhat settled, as I suspect there might - be some further API changes before I'm done... - -Daniel (28 July 2006) -- Yves Lejeune fixed so that replacing Content-Type: when doing multipart - formposts work exactly the way you want it (and the way you'd assume it - works). - -Daniel (27 July 2006) -- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both - control and data connection, as the existing --ftp-ssl option only requests - it. - -- [Hiper-related work] Added a function called curl_multi_assign() that will - set a private pointer added to the internal libcurl hash table for the - particular socket passed in to this function: - - CURLMcode curl_multi_assign(CURLM *multi_handle, - curl_socket_t sockfd, - void *sockp); - - 'sockp' being a custom pointer set by the application to be associated with - this socket. The socket has to be already existing and in-use by libcurl, - like having already called the callback telling about its existance. - - The set hashp pointer will then be passed on to the callback in upcoming - calls when this same socket is used (in the brand new 'socketp' argument). - -Daniel (26 July 2006) -- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl - tool option named --ftp-alternative-to-user. It provides a mean to send a - particular command if the normal USER/PASS approach fails. - -- Michael Jerris added magic that builds lib/curllib.vcproj automatically for - newer MSVC. - -Daniel (25 July 2006) -- Georg Horn made the transfer timeout error message include more details. - -Daniel (20 July 2006) -- David McCreedy fixed a build error when building libcurl with HTTP disabled, - problem added with the curl_formget() patch. - -Daniel (17 July 2006) -- Jari Sundell did some excellent research and bug tracking, figured out that - we did wrong and patched it: When nodes were removed from the splay tree, - and we didn't properly remove it from the splay tree when an easy handle was - removed from a multi stack and thus we could wrongly leave a node in the - splay tree pointing to (bad) memory. - -Daniel (14 July 2006) -- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared - for FTP ASCII transfers. - -Daniel (8 July 2006) -- Ates Goral pointed out that libcurl's cookie parser did case insensitive - string comparisons on the path which is incorrect and provided a patch that - fixes this. I edited test case 8 to include details that test for this. - -- Ingmar Runge provided a source snippet that caused a crash. The reason for - the crash was that libcurl internally was a bit confused about who owned the - DNS cache at all times so if you created an easy handle that uses a shared - DNS cache and added that to a multi handle it would crash. Now we keep more - careful internal track of exactly what kind of DNS cache each easy handle - uses: None, Private (allocated for and used only by this single handle), - Shared (points to a cache held by a shared object), Global (points to the - global cache) or Multi (points to the cache within the multi handle that is - automatically shared between all easy handles that are added with private - caches). - -Daniel (4 July 2006) -- Toshiyuki Maezawa fixed a problem where you couldn't override the - Proxy-Connection: header when using a proxy and not doing CONNECT. - -Daniel (24 June 2006) -- Michael Wallner added curl_formget(), which allows an application to extract - (serialise) a previously built formpost (as with curl_formadd()). - -Daniel (23 June 2006) -- Arve Knudsen found a flaw in curl_multi_fdset() for systems where - curl_socket_t is unsigned (like Windows) that could cause it to wrongly - return a max fd of -1. - -Daniel (20 June 2006) -- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and - CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed - to send or receive data. This kind of adds the the command line tool's - option --limit-rate to the library. - - The rate limiting logic in the curl app is now removed and is instead - provided by libcurl itself. Transfer rate limiting will now also work for -d - and -F, which it didn't before. - -Daniel (19 June 2006) -- Made -K on a file that couldn't be read cause a warning to be displayed. - -Daniel (13 June 2006) -- Dan Fandrich implemented --enable-hidden-symbols configure option to enable - -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl - binary and speeds up dynamic linking by hiding all the internal symbols from - the symbol table. - -Version 7.15.4 (12 June 2006) - -Daniel (8 June 2006) -- Brian Dessent fixed the code for cygwin in three distinct ways: - - The first modifies {lib,src}/setup.h to not include the winsock headers - under Cygwin. This fixes the reported build problem. Cygwin attempts as - much as possible to emulate a posix environment under Windows. This means - that WIN32 is *not* #defined and (to the extent possible) everything is done - as it would be on a *ix type system. Thus is the proper - include, and even though winsock2.h is present, including it just introduces - a whole bunch of incompatible socket API stuff. - - The second is a patch I've included in the Cygwin binary packages for a - while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The - checks are innocuous and they do succeed, but they pollute LIBS with - unnecessary stuff which gets recorded as such in the libcurl.la file, which - brings them into the build of any libcurl-downstream. As far as I know - these libs are really only necessary for mingw, so alternatively they could - be designed to only run if $host matches *-*-mingw* but I took the safer - route of skipping them for *-*-cygwin*. - - The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ - with __CYGWIN__. Ref: . - -Daniel (7 June 2006) -- Mikael Sennerholm provided a patch that added NTLM2 session response support - to libcurl. The 21 NTLM test cases were again modified to comply... - -Daniel (27 May 2006) -- Óscar Morales Vivó updated the libcurl.framework.make file. - -Daniel (26 May 2006) -- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to - fail. When using the md5-sess, the result was not Md5 encoded and Base64 - transformed. - -Daniel (25 May 2006) -- Michael Wallner provided a patch that allows "SESS" to be set with - CURLOPT_COOKIELIST, which then makes all session cookies get cleared. - -Daniel (24 May 2006) -- Tor Arntsen made test 271 run fine again since the TFTP path fix. - -Daniel (23 May 2006) -- Martin Michlmayr filed debian bug report #367954, but the same error also - showed up in the autobuilds. It seems a rather long-since introduced shell - script flaw in the configure script suddenly was detected by the bash - version in Debian Unstable. It had previously passed undetected by all - shells used so far... - -- David McCreedy updated lib/config-tpf.h - -Daniel (11 May 2006) -- Fixed the configure's check for old-style SSLeay headers since I fell over a - case with a duplicate file name (a krb4 implementation with an err.h - file). I converted the check to manually make sure three of the headers are - present before considering them fine. - -- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended - checks on the to-be-returned socket to make sure it truly seems to be alive - and well. For SSL connection it (only) uses OpenSSL functions. - -Daniel (10 May 2006) -- Fixed DICT in two aspects: - - 1 - allow properly URL-escaped words, like using %20 for spaces - - 2 - properly escape certain letters within a word to comply to the RFC2229 - -Daniel (9 May 2006) -- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU - autotools project, which optionally (default=yes) uses libcurl on a system - without a (usable) libcurl installation, but not specifying - `--without-libcurl', configure determines correctly that no libcurl is - available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' - in the resulting Makefiles. - - David Shaw fixed the flaw. - -- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL - connects. The state machine was not reset properly so that subsequent - connects using the same handle would fail, and there were two memory leaks. - -- Robson Braga Araujo fixed a memory leak when you added an easy handle to a - multi stack and that easy handle had already been used to do one or more - easy interface transfers, as then the code threw away the previously used - DNS cache without properly freeing it. - -Daniel (8 May 2006) -- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous - problems: - - * The received file is corrupted when a packet is lost and retransmitted - (this is a serious problem!) - - * Transmitting a file aborts if a block is lost and retransmitted - - * Data is stored in the wrong location in the buffer for uploads, so uploads - always fail (I don't see how it could have ever worked, but it did on x86 - at least) - - * A number of calls are made to strerror instead of Curl_strerror, making - the code not thread safe - - * There are references to errno instead of Curl_sockerrno(), causing - incorrect error messages on Windows - - * The file name includes a leading / which violates RFC3617. Doing something - similar to ftp, where two slashes after the host name means an absolute - reference seems a reasonable extension to fix this. - - * Failures in EBCDIC conversion are not propagated up to the caller but are - silently ignored - -- Fixed known bug #28. The TFTP code no longer assumes a packed struct and - thus works reliably on more platforms. - -Daniel (5 May 2006) -- Roland Blom filed bug report #1481217 - (https://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele - Bini and David Byron. libcurl previously wrongly used GetLastError() on - windows to get error details after socket-related function calls, when it - really should use WSAGetLastError() instead. - - When changing to this, the former function Curl_ourerrno() is now instead - called Curl_sockerrno() as it is necessary to only use it to get errno from - socket-related functions as otherwise it won't work as intended on Windows. - -Daniel (4 May 2006) -- Mark Eichin submitted bug report #1480821 - (https://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a - problem with how libcurl dealt with GnuTLS and a case where gnutls returned - GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected - return code, making Curl_ssl_send() confuse the upper layer - causing random - 28 bytes trash data to get inserted in the transfered stream. - - The proper fix was to make the Curl_gtls_send() function return the proper - return codes that the callers would expect. The Curl_ossl_send() function - already did this. - -Daniel (2 May 2006) -- Added a --checkfor option to curl-config to allow users to easier - write for example shell scripts that test for the presence of a - new-enough libcurl version. If --checkfor is given a version string - newer than what is currently installed, curl-config will return a - non-zero exit code and output a string about the unfulfilled - requirement. - -Daniel (26 April 2006) -- David McCreedy brought initial line end conversions when doing FTP ASCII - transfers. They are done on non-windows systems and translate CRLF to LF. - - I modified the 15 LIST-using test cases accordingly. The downside is that now - we'll have even more trouble to get the tests to run on Windows since they - should get CRLF newlines left intact which the *nix versions don't. I figure - the only sane thing to do is to add some kind of [newline] macro for the test - case files and have them expanded to the proper native line ending when the - test cases are run. This is however left to implement. - -Daniel (25 April 2006) -- Paul Querna fixed libcurl to better deal with deflate content encoding - when the stream (wrongly) lacks a proper zlib header. This seems to be the - case on too many actual server implementations. - -Daniel (21 April 2006) -- Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. - -Daniel (19 April 2006) -- Based on previous info from Tor Arntsen, I made configure detect the Intel - ICC compiler to add a compiler option for it, in order for configure to - properly be able to detect function prototypes. - -- Robson Braga Araujo provided a patch that makes libcurl less eager to close - the control connection when using FTP, for example when you remove an easy - handle from a multi stack. - -- Applied a patch by Ates Goral and Katie Wang that corrected my bad fix - attempt from April 10. - -Daniel (11 April 2006) -- #1468330 (https://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad - typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) - since the struct timeval field tv_sec is an int while time_t is 64bit. - -Daniel (10 April 2006) -- Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and - CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL - connection time-out! - -- I merged my hiper patch (https://curl.haxx.se/libcurl/hiper/) into the main - sources. See the lib/README.multi_socket for implementation story with - details. Don't expect it to work fully yet. I don't intend to blow any - whistles or ring any bells about it until I'm more convinced it works at - least somewhat reliably. - -Daniel (7 April 2006) -- David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() - options (callbacks) were added: - - CONV_FROM_NETWORK_FUNCTION - CONV_TO_NETWORK_FUNCTION - CONV_FROM_UTF8_FUNCTION - -Daniel (5 April 2006) -- Michele Bini modified the NTLM code to work for his "weird IIS case" - (https://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash - function in addition to the LM one and making some other adjustments in the - order the different parts of the data block are sent in the Type-2 reply. - Inspiration for this work was taken from the Firefox NTLM implementation. - - I edited the existing 21(!) NTLM test cases to run fine with these news. Due - to the fact that we now properly include the host name in the Type-2 message - the test cases now only compare parts of that chunk. - -Daniel (28 March 2006) -- #1451929 (https://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that - occurred when asking libcurl to follow HTTP redirects and the original URL - had more than one question mark (?). Added test case 276 to verify. - -Daniel (27 March 2006) -- David Byron found a problem multiple -d options when libcurl was built with - --enable-debug, as then curl used free() on memory allocated both with - normal malloc() and with libcurl-provided functions, when the latter MUST be - freed with curl_free() in debug builds. - -Daniel (26 March 2006) -- Tor Arntsen figured out that TFTP was broken on a lot of systems since we - called bind() with a too big argument in the 3rd parameter and at least - Tru64, AIX and IRIX seem to be very picky about it. - -Daniel (21 March 2006) -- David McCreedy added CURLINFO_FTP_ENTRY_PATH. - -- Xavier Bouchoux made the SSL connection non-blocking for the multi interface - (when using OpenSSL). - -- Tor Arntsen fixed the AIX Toolbox RPM spec - -Daniel (20 March 2006) -- David McCreedy fixed libcurl to no longer ignore AUTH failures and now it - reacts properly according to the CURLOPT_FTP_SSL setting. - -- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file - whose length was a multiple of 512 bytes could have random garbage - appended. Also, stop processing TFTP packets which are too short to be - legal. - -- Ilja van Sprundel reported a possible crash in the curl tool when using - "curl hostwithoutslash -d data -G" - -Version 7.15.3 (20 March 2006) - -Daniel (20 March 2006) -- VULNERABILITY reported to us by Ulf Harnhammar. - - libcurl uses the given file part of a TFTP URL in a manner that allows a - malicious user to overflow a heap-based memory buffer due to the lack of - boundary check. - - This overflow happens if you pass in a URL with a TFTP protocol prefix - ("tftp://"), using a valid host and a path part that is longer than 512 - bytes. - - The affected flaw can be triggered by a redirect, if curl/libcurl is told to - follow redirects and an HTTP server points the client to a tftp URL with the - characteristics described above. - - The Common Vulnerabilities and Exposures (CVE) project has assigned the name - CVE-2006-1061 to this issue. - -Daniel (16 March 2006) -- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included - in the release archive. - -Daniel (14 March 2006) -- David McCreedy fixed: - - a bad SSL error message when OpenSSL certificates are verified fine. - - a missing return code assignment in the FTP code - -Daniel (7 March 2006) -- Markus Koetter filed debian bug report #355715 which identified a problem - with the multi interface and multi-part formposts. The fix from February - 22nd could make the Curl_done() function get called twice on the same - connection and it was not designed for that and thus tried to call free() on - an already freed memory area! - -- Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL - is used properly. - -Daniel (6 March 2006) -- Lots of users on Windows have reported getting the "SSL: couldn't set - callback" error message so I've now made the setting of that callback not be - as critical as before. The function is only used for additional loggging/ - trace anyway so a failure just means slightly less data. It should still be - able to proceed and connect fine to the server. - -Daniel (4 March 2006) -- Thomas Klausner provided a patch written by Todd Vierling in bug report - #1442471 that fixes a build problem on Interix. - -Daniel (2 March 2006) -- FTP upload without a file name part in the URL now causes - curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the - upload but named the file "(nil)" (without the quotes). Test case 524 - verifies. - -- Added a check for getprotobyname in configure so that it'll be used, thanks - to Gisle Vanem's change the other day. - -Daniel (28 February 2006) -- Dan Fandrich prevented curl from getting stuck in an endless loop in case we - are out of file handles very early in curl's code where it makes sure that - 0, 1 and 2 aren't gonna be used by the lib for transfers. - -Daniel (27 February 2006) -- Marty Kuhrt pointed out that there were two VMS-specific files missing in - the release archive. - -Version 7.15.2 (27 February 2006) - -Daniel (22 February 2006) -- Lots of work and analysis by "xbx___" in bug #1431750 - (https://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two - different but related bugs: - - 1) Removing an easy handle from a multi handle before the transfer is done - could leave a connection in the connection cache for that handle that is - in a state that isn't suitable for re-use. A subsequent re-use could then - read from a NULL pointer and segfault. - - 2) When an easy handle was removed from the multi handle, there could be an - outstanding c-ares DNS name resolve request. When the response arrived, - it caused havoc since the connection struct it "belonged" to could've - been freed already. - - Now Curl_done() is called when an easy handle is removed from a multi handle - pre-maturely (that is, before the transfer was complteted). Curl_done() also - makes sure to cancel all (if any) outstanding c-ares requests. - -Daniel (21 February 2006) -- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy - type to the already provided type CURLPROXY_SOCKS4. - - I added a --socks4 option that works like the current --socks5 option but - instead use the socks4 protocol. - -Daniel (20 February 2006) -- Shmulik Regev fixed an issue with multi-pass authentication and compressed - content when libcurl didn't honor the internal ignorebody flag. - -Daniel (18 February 2006) -- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate - code. It should however not be the cause of any troubles. He also fixed a - few similar problems in the HTTP test server code. - -Daniel (17 February 2006) -- Shmulik Regev provided a fix for the DNS cache when using short life times, - as previously it could be holding on to old cached entries longer than - requested. - -Daniel (11 February 2006) -- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options - that an app can use to let libcurl only connect to a remote host and then - extract the socket from libcurl. libcurl will then not attempt to do any - transfer at all after the connect is done. - -- Kent Boortz improved the configure check for GnuTLS to properly set LIBS - instead of LDFLAGS. - -Daniel (8 February 2006) -- Philippe Vaucher provided a brilliant piece of test code that show a problem - with re-used FTP connections. If the second request on the same connection - was set not to fetch a "body", libcurl could get confused and consider it an - attempt to use a dead connection and would go acting mighty strange. - -Daniel (2 February 2006) -- Make --limit-rate [num] mean bytes. It used to be that but it broke in my - change done in November 2005. - -Daniel (30 January 2006) -- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the - curl tool with --local-port. Plain and simply set the range of ports to bind - the local end of connections to. Implemented on to popular demand. - -- Based on an error report by Philippe Vaucher, we no longer count a retried - connection setup as a follow-redirect. It turns out 1) this fails when a FTP - connection is re-setup and 2) it does make the max-redirs counter behave - wrong. - -Daniel (24 January 2006) -- Michal Marek provided a patch for FTP that makes libcurl continue to try - PASV even after EPSV returned a positive response code, if libcurl failed to - connect to the port number the EPSV response said. Obviously some people are - going through protocol-sensitive firewalls (or similar) that don't - understand EPSV and then they don't allow the second connection unless PASV - was used. This also called for a minor fix of test case 238. - -Daniel (20 January 2006) -- Duane Cathey was one of our friends who reported that curl -P [IP] - (CURLOPT_FTPPORT) didn't work for IPv6-enabed curls if the IP wasn't a - "native" IP while it works fine for IPv6-disabled builds! - - In the process of fixing this, I removed the support for LPRT since I can't - think of many reasons to keep doing it and asking on the mailing list didn't - reveal anyone else that could either. The code that sends EPRT and PORT is - now also a lot simpler than before (IMHO). - -Daniel (19 January 2006) -- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl - (built IPv4-only) didn't work. - -Daniel (18 January 2006) -- As reported in bug #1408742 (https://curl.haxx.se/bug/view.cgi?id=1408742), - the configure script complained about a missing "missing" script if you ran - configure within a path whose name included one or more spaces. This is due - to a flaw in automake (1.9.6 and earlier). I've now worked around it by - including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll - be used instead of the one automake ships with. This kludge needs to be - removed once we get an automake version with this problem corrected. - Possibly we'll then need to convert this into a kludge depending on what - automake version that is used and that is gonna be painful and I don't even - want to think about that now...! - -Daniel (17 January 2006) -- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with - the latest features and protocols that libcurl supports and has a minor fix - to better deal with the obscure case where someone has more than one libcurl - installed at the same time. - -Daniel (16 January 2006) -- David Shaw finally removed all traces of Gopher and we are now officially - not supporting it. It hasn't been functioning for years anyway, so this is - just finally stating what already was true. And a cleanup at the same time. - -- Bryan Henderson turned the 'initialized' variable for curl_global_init() - into a counter, and thus you can now do multiple curl_global_init() and you - are then supposed to do the same amount of calls to curl_global_cleanup(). - Bryan has also updated the docs accordingly. - -Daniel (13 January 2006) -- Andrew Benham fixed a race condition in the test suite that could cause the - test script to kill all processes in the current process group! - -Daniel (12 January 2006) -- Michael Jahn: - - Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru - HTTP proxy. - - Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would - previously overwrite internal memory and cause unpredicted behaviour! - -Daniel (11 January 2006) -- I decided to document the "secret option" here now, as I've received *NO* - feedback at all on my mailing list requests from November 2005: - - I'm looking for feedback and comments. I added some experimental code the - other day, that allows a libcurl user to select what method libcurl should - use to reach a file on a FTP(S) server. - - This functionality is available in CVS code and in recent daily snapshots. - - Let me explain... - - The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for - the command line tool) and you set it to a long (there are currenly no - defines for the argument values, just plain numericals). You can set three - different "methods" that do this: - - 1 multicwd - like today, curl will do a single CWD operation for each path - part in the given URL. For deep hierarchies this means very many - commands. This is how RFC1738 says it should be done. This is the - default. - - 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give - a full path to the server. - - 3 singlecwd - make one CWD with the full target directory and then operate - on the file "normally". - - (With the command line tool you do --ftp-method [METHOD], where [METHOD] is - one of "multicwd", "nocwd" or "singlecwd".) - - What feedback I'm interested in: - - 1 - Do they work at all? Do you find servers where one of these don't work? - - 2 - What would proper names for the option and its arguments be, if we - consider this feature good enough to get included and documented in - upcoming releases? - - 3 - Should we make libcurl able to "walk through" these options in case of - (path related) failures, or should it fail and let the user redo any - possible retries? - - (This option is not documented in any man page just yet since I'm not sure - these names will be used or if the functionality will end up exactly like - this. And for the same reasons we have no test cases for these yet.) - -Daniel (10 January 2006) -- When using a bad path over FTP, as in when libcurl couldn't CWD into all - given subdirs, libcurl would still "remember" the full path as if it is the - current directory libcurl is in so that the next curl_easy_perform() would - get really confused if it tried the same path again - as it would not issue - any CWD commands at all, assuming it is already in the "proper" dir. - - Starting now, a failed CWD command sets a flag that prevents the path to be - "remembered" after returning. - -Daniel (7 January 2006) -- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP - proxy actually used a new connection and not sent the second request on the - first socket! - -Daniel (6 January 2006) -- Alexander Lazic made the buildconf run the buildconf in the ares dir if that - is present instead of trying to mimic that script in curl's buildconf - script. - -Daniel (3 January 2006) -- Andres Garcia made the TFTP test server build with mingw. -Daniel (16 December 2005) -- Jean Jacques Drouin pointed out that you could only have a user name or - password of 127 bytes or less embedded in a URL, where actually the code - uses a 255 byte buffer for it! Modified now to use the full buffer size. - -Daniel (12 December 2005) -- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly - -Version 7.15.1 (7 December 2005) - -Daniel (6 December 2005) -- Full text here: https://curl.haxx.se/docs/adv_20051207.html Pointed out by - Stefan Esser. - - VULNERABILITY - - libcurl's URL parser function can overflow a malloced buffer in two ways, if - given a too long URL. - - These overflows happen if you - - 1 - pass in a URL with no protocol (like "http://") prefix, using no slash - and the string is 256 bytes or longer. This leads to a single zero byte - overflow of the malloced buffer. - - 2 - pass in a URL with only a question mark as separator (no slash) between - the host and the query part of the URL. This leads to a single zero byte - overflow of the malloced buffer. - - Both overflows can be made with the same input string, leading to two single - zero byte overwrites. - - The affected flaw cannot be triggered by a redirect, but the long URL must - be passed in "directly" to libcurl. It makes this a "local" problem. Of - course, lots of programs may still pass in user-provided URLs to libcurl - without doing much syntax checking of their own, allowing a user to exploit - this vulnerability. - - There is no known exploit at the time of this writing. - - -Daniel (2 December 2005) -- Jamie Newton pointed out that libcurl's file:// code would close() a zero - file descriptor if given a non-existing file. - -Daniel (24 November 2005) -- Doug Kaufman provided a set of patches to make curl build fine on DJGPP - again using configure. - -- Yang Tse provided a whole series of patches to clear up compiler warnings on - MSVC 6. - -Daniel (17 November 2005) -- I extended a patch from David Shaw to make libcurl _always_ provide an error - string in the given error buffer to address the flaw mention on 21 sep 2005. - -Daniel (16 November 2005) -- Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get - installed on 'make install' time. - -Daniel (14 November 2005) -- Quagmire reported that he needed to raise a NTLM buffer for SSPI to work - properly for a case, and so we did. We raised it even for non-SSPI builds - but it should not do any harm. https://curl.haxx.se/bug/view.cgi?id=1356715 - -- Jan Kunder's debian bug report - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird - error message for when you try to upload a file and the requested directory - doesn't exist on the target server. - -- Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in - lib/memdebug.h that showed up in his msvc builds. - -Daniel (13 November 2005) -- Debian bug report 338681 by Jan Kunder: make curl better detect and report - bad limit-rate units: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return - error if a bad unit is used. - -- Thanks to this nice summary of poll() implementations: - http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene - Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote - connectin closure so we check for that case (too) and re-enable poll for - cygwin builds. - -Daniel (12 November 2005) -- Eugene Kotlyarov found out that cygwin's poll() function isn't doing things - right: https://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable - poll() and use select() on cygwin too (we already do the same choice on Mac - OS X) - -- Dima Barsky patched problem #1348930: the GnuTLS code completely ignored - client certificates! (https://curl.haxx.se/bug/view.cgi?id=1348930). - -Daniel (10 November 2005) -- David Lang fixed IPv6 support for TFTP! - -- Introducing range stepping to the curl globbing support. Now you can specify - step counter by adding :[num] within the brackets when specifying a range: - - [1-100:10] - [a-z:2] - - If no step counter is set, it defaults to 1 as before: - - [1-100] - [d-h] - -Daniel (8 November 2005) -- Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since - we really have no use for reverse lookups of the address. - - I truly hope these are the last reverse lookups we had lingering in the - code! - -- Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled - version of libcurl with different Windows versions. Current version of - libcurl imports SSPI functions from secur32.dll. However, under Windows NT - 4.0 these functions are located in security.dll, under Windows 9x - in - secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll - just forwards calls to secur32.dll). - - Dmitry's patch loads proper library dynamically depending on Windows - version. Function InitSecurityInterface() is used to obtain pointers to all - of SSPI function in one structure. - -Daniel (31 October 2005) -- Vilmos Nebehaj improved libcurl's LDAP abilities: - - The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary - attributes in LDAP objects. So, I made a quick patch to address these - problems. - - The solution is simple: if we connect to an LDAP server, first try LDAPv3 - (which is the preferred protocol as of now) and then fall back to LDAPv2. - In case of binary attributes, we first convert them to base64, just like the - openldap client does. It uses ldap_get_values_len() instead of - ldap_get_values() to be able to retrieve binary attributes correctly. I - defined the necessary LDAP macros in lib/ldap.c to be able to compile - libcurl without the presence of libldap - -Daniel (27 October 2005) -- Nis Jorgensen filed bug report #1338648 - (https://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a - feature request, but anyway. It pointed out that --max-redirs did not allow - it to be set to 0, which then would return an error code on the first - Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS - set to 0, or -1 for infinity. Added test case 274 to verify. - -- tommink[at]post.pl reported in bug report #1337723 - (https://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload - binary data from stdin on Windows if the data contained control-Z (hex 1a) - since that is treated as end-of-file when read in text mode. Gisle Vanem - pointed out the fix, and I made both -T and --data-binary take advantage of - it. - -- Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described - in the man page, curl would send an invalid HTTP Range: header. The correct - way would be to use "-r [number]-" or even "-r -[number]". Starting now, - curl will warn if this is discovered, and automatically append a dash to the - range before passing it to libcurl. - -Daniel (25 October 2005) -- Amol Pattekar reported a bug with great detail and a fine example in bug - #1326306 (https://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi - interface and connecting to a host with multiple IP addresses, and one of - the addresses fails to connect (the server must exist and respond, just not - accept connections) libcurl leaks a socket descriptor. Thanks to the fine - report, I could find and fix this. - -Daniel (22 October 2005) -- Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report - #1334338 (https://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL - stream from a server and the server requests a "rehandshake", the current - code simply returns this as an error. I have no good way to test this, but - I've added a crude attempt of dealing with this situation slightly better - - it makes a blocking handshake if this happens. Done like this because fixing - this the "proper" way (that would handshake asynchronously) will require - quite some work and I really need a good way to test this to do such a - change. - -Daniel (21 October 2005) -- "Ofer" reported a problem when libcurl re-used a connection and failed to do - it, it could then accidentally actually crash. Presumably, this concerns FTP - connections. https://curl.haxx.se/bug/view.cgi?id=1330310 - -- Temprimus improved the MSVC makefile so that the static debug SSL libs are - linked to the executable and not to the libcurld.lib - https://curl.haxx.se/bug/view.cgi?id=1326676 - -- Bradford Bruce made the windows resolver code properly return - CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving - errors (as documented). - -Daniel (20 October 2005) -- Dave Dribin made libcurl understand and handle cases when the server - (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should - never happen in a sane world, libcurl previously got into an infinite loop - when this occurred. Dave added test 273 to verify this. - -- Temprimus improved the MSVC makefile: "makes a build option available so if - you set rtlibcfg=static for the make, then it would build with /MT. The - default behaviour is /MD (the original)." - https://curl.haxx.se/bug/view.cgi?id=1326665 - -Daniel (14 October 2005) -- Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin - reported, the define is used by the configure script and is assumed to use - the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0 - release version. - -Version 7.15.0 (13 October 2005) - -Daniel (12 October 2005) -- Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM - code that would overflow a buffer if given a too long user name or domain - name. This would happen if you enable NTLM authentication and either - - A - pass in a user name and domain name to libcurl that together are longer - than 192 bytes - - B - allow (lib)curl to follow HTTP "redirects" (Location: and the - appropriate HTTP 30x response code) and the new URL contains a URL with - a user name and domain name that together are longer than 192 bytes - - See https://curl.haxx.se/docs/security.html for further details and updates - -Daniel (5 October 2005) -- Darryl House reported a problem with using -z to download files from FTP. - It turned out that if the given time stamp was exact the same as the remote - time stamp, the file would still wrongly be downloaded. Added test case 272 - to verify. - -Daniel (4 October 2005) -- Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes - from the configure script. - -- Michael Wallner reported that the date parser had wrong offset stored for - the MEST and CEST time zones. - -Daniel (27 September 2005) -- David Yan filed bug #1299181 (https://curl.haxx.se/bug/view.cgi?id=1299181) - that identified a silly problem with Content-Range: headers with the 'bytes' - keyword written in a different case than all lowercase! It would cause a - segfault! - -- TJ Saunders of the proftpd project identified and pointed out problems with - the modified FTPS negotiation change of August 19 2005. Thus, we revert the - change back to pre-7.14.1 status. - -Daniel (21 September 2005) -- Fixed "cut off" sentence in the libcurl-tutorial man page: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305 - -- Clarified in the curl_easy_setopt man page what the default - CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311 - -- Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER - sometimes doesn't fill in the buffer even though it is supposed to: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313 - -- When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an - error string set. - -Daniel (19 September 2005) -- Dmitry Bartsevich made the SSPI support work on Windows 9x as well. - -Daniel (15 September 2005) -- Added a TFTP server to the test suite and made the test suite capable of - using it. - -Daniel (7 September 2005) -- Ben Madsen's detailed reports that funnily enough only occurred with certain - glibc versions turned out to be curl using an already closed file handle - during certain conditions (like when saving FTP server "headers"). - -- Scott Davis helped me track down a problem in the test HTTP server that made - test case 56 wrongly fail at times. It turned out it was due to the server - finding the end of a chunked-encoded POST too early. - -Daniel (6 September 2005) -- Now curl warns if an unknown variable is used in the -w/--writeout argument. - -Daniel (4 September 2005) -- I applied Nicolas François' man page patch he posted to the Debian bug - tracker. It corrected two lines that started with apostrophes, which isn't - legal nroff format. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511 - -- Added --ftp-skip-pasv-ip to the command line tool, that sets the new - CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control - connection's IP address when setting up the data connection instead of - extractting the IP address from the PASV response. It has turned out this - feature is frequently needed by people to circumvent silly servers and silly - firewalls, especially when FTPS is used and the PASV command-response is - sent encrtyped. - - Sponsored by CU*Answers - -Daniel (1 September 2005) -- John Kelly added TFTP support to libcurl. A bunch of new error codes was - added. TODO: add them to docs. add TFTP server to test suite. add TFTP to - list of protocols whereever those are mentioned. - -Version 7.14.1 (1 September 2005) - -Daniel (29 August 2005) -- Kevin Lussier pointed out a problem with curllib.dsp and how to fix it. - -- Igor Polyakov fixed a rather nasty problem with the threaded name resolver - for Windows, that could lead to an Access Violation when the multi interface - was used due to an issue with how the resolver thread was and was not - terminated. - -- Simon Josefsson brought a patch that allows curl to get built to use GNU GSS - instead of MIT/Heimdal for GSS capabilities. - -Daniel (24 August 2005) -- Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible - from the command line tool with --ignore-content-length. This will make it - easier to download files from Apache 1.x (and similar) servers that are - still having problems serving files larger than 2 or 4 GB. When this option - is enabled, curl will simply have to wait for the server to close the - connection to signal end of transfer. I wrote test case 269 that runs a - simple test to verify that this works. - -- (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed - the --logfile command line option to --log-file, and thus the test script - valgrind autodetection now has yet another version check to do and then it - alters the valgrind command line accordingly. - -- Fixed CA cert verification using GnuTLS with the default bundle, which - previously failed due to GnuTLS not allowing x509 v1 CA certs by default. - Ralph Mitchell reported. - -Daniel (19 August 2005) -- Norbert Novotny had problems with FTPS and he helped me work out a patch - that made curl run fine in his end. The key was to make sure we do the - SSL/TLS negotiation immediately after the TCP connect is done and not after - a few other commands have been sent like we did previously. I don't consider - this change necessary to obey the standards, I think this server is pickier - than what the specs allow it to be, but I can't see how this modified - libcurl code can add any problems to those who are interpreting the - standards more liberally. - -Daniel (17 August 2005) -- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with - CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to - write the result to a given cookie jar and then never actually call - curl_easy_perform() - the given file(s) to read was never read but the - output file was written and thus it caused a "funny" result. - -- While doing some tests for the bug above, I noticed that Firefox generates - large numbers (for the expire time) in the cookies.txt file and libcurl - didn't treat them properly. Now it does. - -Daniel (15 August 2005) -- Added more verbose "warning" messages to the curl client for cases where it - fails to open/read files etc to help users diagnose why it doesn't do what - you'd expect it to. Converted lots of old messages to use the new generic - function I wrote for this purpose. - -Daniel (13 August 2005) -- James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a - site responds with bad HTTP response that doesn't contain any header at all, - only a response body, and the write callback returns 0 to abort the - transfer, it didn't have any real effect but the write callback would be - called once more anyway. - -Daniel (12 August 2005) -- Based on Richard Clayton's reports, I found out that using curl -d @filename - when 'filename' was not possible to access made curl use a GET request - instead. - -- The time condition illegal syntax warning is now inhibited if -s is used. - -Daniel (10 August 2005) -- Mario Schroeder found out that one of the debug callbacks calls that regards - SSL data with the CURLINFO_TEXT type claimed that the data was one byte - larger than it actually is, thus falsely telling the application that the - terminating zero was part of the data. - -Daniel (9 August 2005) -- Christopher R. Palmer fixed the offsets used for date parsings when the time - zone name of a daylight savings time was used. For example, PDT vs PDS. This - flaw was introduced with the new date parser (11 sep 2004 - 7.12.2). - Fortunately, no web server or cookie string etc should be using such time - zone names thus limiting the effect of this bug. - -Daniel (8 August 2005) -- Jon Grubbs filed bug report #1249962 - (https://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem - with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly - switches to pure HTTP internally when an HTTP proxy is used, even for FTP - URLs. The problem would also occur with other multi-pass auth methods. - -Daniel (7 August 2005) -- When curl is built with GnuTLS, curl-config didn't include "SSL" when - --features was used. - -Daniel (28 July 2005) -- If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is - set to 1, CURLOPT_NOBODY will now automatically be set to 0. - -Daniel (27 July 2005) -- Dan Fandrich changes over the last week: fixed numerous minor configure - option parsing flaws: --without-gnutls, --without-spnego --without-gssapi - and --without-krb4. Spellfixed several error messages. - -- Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a - simple interface to extracting and setting cookies in libcurl's internal - "cookie jar". See the new cookie_interface.c example code. - -Daniel (13 July 2005) -- Diego Casorran provided patches to make curl build fine on Amiga again. - -Daniel (12 July 2005) -- Adrian Schuur added trailer support in the chunked encoding stream. The - trailer is then sent to the normal header callback/stream. I wrote up test - case 266 to verify the basic functionality. Do note that test case 34 - contains a flawed chunked encoding stream that still works the same. - -Daniel (5 July 2005) -- Gisle Vanem came up with a nice little work-around for bug #1230118 - (https://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC) - libc time functions may return data one hour off if TZ is not set and - automatic DST adjustment is enabled. This made curl_getdate() return wrong - value, and it also concerned internal cookie expirations etc. - -Daniel (4 July 2005) -- Andrew Bushnell provided enough info for me to tell that we badly needed to - fix the CONNECT authentication code with multi-pass auth methods (such as - NTLM) as it didn't previously properly ignore response-bodies - in fact it - stopped reading after all response headers had been received. This could - lead to libcurl sending the next request and reading the body from the first - request as response to the second request. (I also renamed the function, - which wasn't strictly necessary but...) - - The best fix would to once and for all make the CONNECT code use the - ordinary request sending/receiving code, treating it as any ordinary request - instead of the special-purpose function we have now. It should make it - better for multi-interface too. And possibly lead to less code... - - Added test case 265 for this. It doesn't work as a _really_ good test case - since the test proxy is too stupid, but the test case helps when running the - debugger to verify. - -Daniel (30 June 2005) -- Dan Fandrich improved the configure script's ability to figure out what kind - of strerror_r() API that is used when cross-compiling. If __GLIB__ is - defined, it assumes the glibc API. If not, it issues a notice as before that - the user needs to manually edit lib/config.h for this. - -Daniel (23 June 2005) -- David Shaw's fix that unifies proxy string treatment so that a proxy given - with CURLOPT_PROXY can use a http:// prefix and user + password. The user - and password fields are now also URL decoded properly. Test case 264 added - to verify. - -Daniel (22 June 2005) -- David Shaw updated libcurl.m4 - -Daniel (14 June 2005) -- Gisle Vanem fixed a potential thread handle leak. Bug report #1216500 - (https://curl.haxx.se/bug/view.cgi?id=1216500). Comment in - https://curl.haxx.se/mail/lib-2005-06/0059.html - -Daniel (13 June 2005) -- Made buildconf run libtoolize in the ares dir too (inspired by Tupone's - reverted patch). - -Daniel (9 June 2005) -- Incorporated Tupone's findtool fix in buildconf (slightly edited) - -- Incorporated Tupone's head -n fix in buildconf. - -Daniel (8 June 2005) -- Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it - in pieces, one by one and see what we need to adjust to work all over. - -Daniel (6 June 2005) -- Tupone Alfredo fixed three problems in buildconf: - - 1) findtool does look per tool in PATH and think ./perl is the perl - executable, while is just a local directory (I have . in the PATH) - - 2) I got several warning for head -1 deprecated in favour of head -n 1 - - 3) ares directory is missing some file (missing is missing :-) ) because - automake and friends is not run. - -Daniel (3 June 2005) -- Added docs/libcurl/getinfo-times, based on feedback from 'Edi': - https://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes - -- Andres Garcia provided yet another text mode patch for several test cases so - that they do text comparisions better on Windows (newline-wise). - -Daniel (1 June 2005) -- The configure check for c-ares now adds the cares lib before the other libs, - to make it build fine with mingw. Inspired by Tupone Alfredo's bug report - and patch: https://curl.haxx.se/bug/view.cgi?id=1212940 - -Daniel (31 May 2005) -- Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6 - address was not possible to use. It is now, but requires it written - RFC2732-style, within brackets - which incidently is how you enter numerical - IPv6 addresses in URLs. Test case 263 added to verify. - -Daniel (30 May 2005) -- Eric Cooper reported about a problem with HTTP servers that responds with - binary zeroes within the headers. They confused libcurl to do wrong so the - downloaded headers become incomplete. The fix is now verified with test case - 262. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948 - -Daniel (25 May 2005) -- Fixed problems with the test suite, and in particular the FTP test cases - since it previously was failing every now and then in a nonsense manner. - -- --trace-time now outputs the full microsecond, all 6 digits. - -Daniel (24 May 2005) -- Andres Garcia provided a text mode patch for several test cases so that they - do text comparisions better on Windows (newline-wise). - -- Any 2xx response (and not just 200) is now considered a fine response to - TYPE, as some servers obviously sends a 226 there. Added test case 261 to - verify. Based on a question/report by Georg Wicherski. - -Daniel (20 May 2005) -- Improved runtests.pl to allow stdout tests to be mode=text as well, just - as file comparisons already supports. Added this info to the FILEFORMAT - docs. - -Daniel (18 May 2005) -- John McGowan identified a problem in bug report #1204435 - (https://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like - "http://somehost?data" as it added a slash too much in the request ("GET - /?data/"...). Added test case 260 to verify. - -- The configure check for strerror_r() failed to detect the proper API at - times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc - version if the posix define wasn't set (since it _had_ found a strerror_r). - -Daniel (16 May 2005) -- The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail - due to this. There's now a configure check that attempts to detect the bad - function and not use it on such systems. - -Version 7.14.0 (16 May 2005) - -Daniel (13 May 2005) -- Grigory Entin reported that curl's configure detects a fine poll() for Mac - OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable - doesn't work as good as if built without poll(). I've adjusted the configure - to always skip the fine-poll() test on Mac OS X (darwin). - -Daniel (12 May 2005) -- When doing a second request (after a disconnect) using the same easy handle, - over a proxy that uses NTLM authentication, libcurl failed to use NTLM again - properly (the auth method was accidentally reset to the same as had been set - for host auth, which defaults to Basic). Bug report #1200661 - (https://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and - the fix. - -- If -z/--time-cond is used with an invalid date syntax, this is no longer - silently discarded. Instead a proper warning message is diplayed that - informs about it. But it still continues without the condition. - -Version 7.14.0-pre2 (11 May 2005) - -Daniel (11 May 2005) -- Starting now, libcurl sends a little different set of headers in its default - HTTP requests: - - A) Normal non-proxy HTTP: - - no more "Pragma: no-cache" (this only makes sense to proxies) - - B) Non-CONNECT HTTP request over proxy: - - "Pragma: no-cache" is used (like before) - - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) - - C) CONNECT HTTP request over proxy: - - "Host: [name]:[port]" - - "Proxy-Connection: Keep-alive" - - The A) case is mostly to reduce the default header size and remove a - pointless header. - - The B) is to address (rare) problems with HTTP 1.0 proxies - - The C) headers are both to address (rare) problems with some proxies. The - code in libcurl that deals with CONNECT requests need a rewrite, but it - feels like a too big a job for me to do now. Details are added in the code - comments for now. - - Updated a large amount of test cases to reflect the news. - -Daniel (10 May 2005) -- Half-baked attempt to bail out if select() returns _only_ errorfds when the - transfer is in progress. An attempt to fix Allan's problem. See - https://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread - for details. - - I'm still not sure this is the right fix, but... - -Version 7.14.0-pre1 (9 May 2005) - -Daniel (2 May 2005) -- Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At - least it should no longer cause a compiler error. However, it does not have - AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it - (we use that for FTP PORT/EPRT)! So, I modified the configure check that - checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then - it'll fail on AIX 4.3 and it will automatically build with IPv6 support - disabled. - -- Added --trace-time that when used adds a time stamp to each trace line that - --trace, --trace-ascii and --verbose output. I also made the '>' display - separate each line on the linefeed so that HTTP requests etc look nicer in - the -v output. - -- Made curl recognize the environment variables Lynx (and others?) support for - pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If - CURL_CA_BUNDLE is not set, they are checked afterwards. - - Like before: on windows if none of these are set, it checks for the ca cert - file like this: - - 1. application's directory - 2. current working directory - 3. Windows System directory (e.g. C:\windows\system32) - 4. Windows Directory (e.g. C:\windows) - 5. all directories along %PATH% - -Daniel (1 May 2005) -- The runtests.pl script now starts test servers by doing fork() and exec() - instead of the previous approach. This is less complicated and should - hopefully lead to less "leaked" servers (servers that aren't stopped - properly when the tests are stopped). - -- Alexander Zhuravlev found a case when you did "curl -I [URL]" and it - complained on the chunked encoding, even though a HEAD should never return a - body and thus it cannot be a chunked-encoding problem! - -Daniel (30 April 2005) -- Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using - --interface on an address that can't be bound. - -Daniel (28 April 2005) -- Working on fixing up test cases to mark sections as 'mode=text' for things - that curl writes as text files, since then they can get different line - endings depending on OS. Andrés García helps me work this out. - - Did lots of other minor tweaks on the test scripts to work better and more - reliably find test servers and also kill test servers. - -- Dan Fandrich pointed out how the runtests.pl script killed the HTTP server - instead of the HTTPS server when closing it down. - -Daniel (27 April 2005) -- Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two - more places. First, CURL_HOME is a new environment variable that is used - instead of HOME if it is set, to point out where the default config file - lives. If there's no config file in the dir pointed out by one of the - environment variables, the Windows version will instead check the same - directory the executable curl is located in. - -Daniel (26 April 2005) -- Cory Nelson's work on nuking compiler warnings when building on x64 with - VS2005. - -Daniel (25 April 2005) -- Fred New reported a bug where we used Basic auth and user name and password - in .netrc, and when following a Location: the subsequent requests didn't - properly use the auth as found in the netrc file. Added test case 257 to - verify my fix. - -- Based on feedback from Cory Nelson, I added some preprocessor magic in - */setup.h and */config-win32.h to build fine with VS2005 on x64. - -Daniel (23 April 2005) -- Alex Suykov made the curl tool now assume that uploads using HTTP:// or - HTTPS:// are the only ones that show output and thus motivates a switched - off progress meter if the output is sent to the terminal. This makes FTP - uploads without '>', -o or -O show the progress meter. - -Daniel (22 April 2005) -- Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static - library variants. - -- Andres Garcia fixed configure to set the proper define when building static - libcurl on windows. - -- --retry-delay didn't work. - -Daniel (18 April 2005) -- Olivier reported that even though he used CURLOPT_PORT, libcurl clearly - still used the default port. He was right. I fixed the problem and added the - test cases 521, 522 and 523 to verify the fix. - -- Toshiyuki Maezawa reported that when doing a POST with a read callback, - libcurl didn't properly send an Expect: 100-continue header. It does now. - -- I committed by mig change in the test suite's FTP server that moves out all - socket/TCP code to a separate C program named sockfilt. And added 4 new - test cases for FTP over IPv6. - -Daniel (8 April 2005) -- Cory Nelson reported a problem with a HTTP server that responded with a 304 - response containing an "illegal" Content-Length: header, which was not - properly ignored by libcurl. Now it is. Test case 249 verifies. - -Daniel (7 April 2005) -- Added ability to build and run with GnuTLS as an alternative to OpenSSL for - the secure layer. configure --with-gnutls enables with. Note that the - previous OpenSSL check still has preference and if it first detects OpenSSL, - it will not check for GnuTLS. You may need to explictly diable OpenSSL with - --without-ssl. - - This work has been sponsored by The Written Word. - -Daniel (5 April 2005) -- Christophe Legry fixed the post-upload check for FTP to not complain if the - upload was skipped due to a time-condition as set with - CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify. - -Version 7.13.2 (5 April 2005) - -Daniel (4 April 2005) -- Marcelo Juchem fixed the MSVC makefile for libcurl - -- Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle - was killed before the threading resolver (windows only) still hadn't - completed. - -- Hardeep Singh reported a problem doing HTTP POST with Digest. (It was - actually also affecting NTLM and Negotiate.) It turned out that if the - server responded with 100 Continue before the initial 401 response, libcurl - didn't take care of the response properly. Test case 245 and 246 added to - verify this. - -Daniel (30 March 2005) -- Andres Garcia modified the configure script to check for libgdi32 before - libcrypto, to make the SSL check work fine on msys/mingw. - -Daniel (29 March 2005) -- Tom Moers identified a flaw when you sent a POST with Digest authentication, - as in the first request when curl sends a POST with Content-Length: 0, it - still forcibly closed the connection before doing the next step in the auth - negotiation. - -- Jesper Jensen found out that FTP-SSL didn't work since my FTP - rewrite. Fixing that was easy, but it also revealed a much worse problem: - the FTP server response reader function didn't properly deal with reading - responses in multiple tiny chunks properly! I modified the FTP server to - allow it to produce such split-up responses to make sure curl deals with - them as it should. - -- Based on Augustus Saunders' comments and findings, the HTTP output auth - function was fixed to use the proper proxy authentication when multiple ones - are accepted. test 239 and test 243 were added to repeat the problems and - verify the fixes. - - --proxy-anyauth was added to the curl tool - -Daniel (16 March 2005) -- Tru64 and some IRIX boxes seem to not like test 237 as it is. Their - inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted - address which makes a different failure... Now I've modified the IPv4 - resolve code to use inet_pton() instead in an attempt to make these systems - better detect this as a bad IP address rather than creating a toally bogus - address that is then passed on and used. - -Daniel (15 March 2005) -- Dan Fandrich made the code properly use the uClibc's version of - inet_ntoa_r() when built with it. - -- Added test 237 and 238: test EPSV and PASV response handling when they get - well- formated data back but using illegal values. In 237 PASV gets an IP - address that is way bad. In 238 EPSV gets a port that is way out of range. - -Daniel (14 March 2005) -- Added a few missing features to the curl-config --features list - -- Modified testcurl.pl to now offer - 1 - command line options for all info it previously only read from - file: --name, --email, --desc and --configure - 2 - --nocvsup makes it not attempt to do cvs update - 3 - --crosscompile informs it and makes it not attempt things it can't do - -- Fixed numerous win32 compiler warnings. - -- Removed the lib/security.h file since it shadowed the mingw/win32 header - with the same name which is needed for SSPI builds. The contents of the - former security.h is now i krb4.h - -- configure --enable-sspi now enables SSPI in the build. It only works for - windows builds (including cross-compiles for windows). - -Daniel (12 March 2005) -- David Houlder added --form-string that adds that string to a multipart - formpost part, without special characters having special meanings etc like - --form features. - -Daniel (11 March 2005) -- curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was - built with SSPI support. - -- Christopher R. Palmer made it possible to build libcurl with the - USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the - native way to do NTLM. SSPI also allows libcurl to pass on the current user - and its password in the request. - -Daniel (9 March 2005) -- Dan F improved the SSL lib setup in configure. - -- Nodak Sodak reported a crash when using a SOCKS4 proxy. - -- Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the - multi interface code. - -- Adjusted the man page for the curl_getdate() return value for dates after - year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it - returns either the correct value or even -1 on some systems that still seem - to not deal with this properly. Tor Arntsen found a 64bit AIX system for us - that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on - this problem in the first place. - -Daniel (8 March 2005) -- Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP - file got a Last-Modified: header written to the data stream, corrupting the - actual data. This was because some conditions from the previous FTP code was - not properly brought into the new FTP code. I fixed and I added test case - 520 to verify. (This bug was introduced in 7.13.1) - -- Dan Fandrich fixed the configure --with-zlib option to always consider the - given path before any standard paths. - -Daniel (6 March 2005) -- Randy McMurchy was the first to report that valgrind.pm was missing from the - release archive and thus 'make test' fails. - -Daniel (5 March 2005) -- Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files. - -- Added test case 235 that makes a resumed upload of a file that isn't present - on the remote side. This then converts the operation to an ordinary STOR - upload. This was requested/pointed out by Ignacio Vazquez-Abrams. - - It also proved (and I fixed) a bug in the newly rewritten ftp code (and - present in the 7.13.1 release) when trying to resume an upload and the - servers returns an error to the SIZE command. libcurl then loops and sends - SIZE commands infinitely. - -- Dan Fandrich fixed a SSL problem introduced on February 9th that made - libcurl attempt to load the whole random file to seed the PRNG. This is - really bad since this turns out to be using /dev/urandom at times... - -Version 7.13.1 (4 March 2005) - -Daniel (4 March 2005) -- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate - the cookie "engine" without having to provide an empty or non-existing file. - -- Rene Rebe fixed a -# crash when more data than expected was retrieved. - -Daniel (22 February 2005) -- NTLM and ftp-krb4 buffer overflow fixed, as reported here: - http://www.securityfocus.com/archive/1/391042 and the CAN report here: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 - - If these security guys were serious, we'd been notified in advance and we - could've saved a few of you a little surprise, but now we weren't. - -Daniel (19 February 2005) -- Ralph Mitchell reported a flaw when you used a proxy with auth, and you - requested data from a host and then followed a redirect to another - host. libcurl then didn't use the proxy-auth properly in the second request, - due to the host-only check for original host name wrongly being extended to - the proxy auth as well. Added test case 233 to verify the flaw and that the - fix removed the problem. - -Daniel (18 February 2005) -- Mike Dobbs reported a mingw build failure due to the lack of - BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by - configure when mingw is used. - -Daniel (17 February 2005) -- David in bug report #1124588 found and fixed a socket leak when libcurl - didn't close the socket properly when returning error due to failing - localbind - -Daniel (16 February 2005) -- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" - that picks NTLM. Thanks to David Byron letting me test NTLM against his - servers, I could quickly repeat and fix the problem. It turned out to be: - - When libcurl POSTs without knowing/using an authentication and it gets back - a list of types from which it picks NTLM, it needs to either continue - sending its data if it keeps the connection alive, or not send the data but - close the connection. Then do the first step in the NTLM auth. libcurl - didn't send the data nor close the connection but simply read the - response-body and then sent the first negotiation step. Which then failed - miserably of course. The fixed version forces a connection if there is more - than 2000 bytes left to send. - -Daniel (14 February 2005) -- The configure script didn't check for ENGINE_load_builtin_engines() so it - was never used. - -Daniel (11 February 2005) -- Removed all uses of strftime() since it uses the localised version of the - week day names and month names and servers don't like that. - -Daniel (10 February 2005) -- Now the test script disables valgrind-testing when the test suite runs if - libcurl is built shared. Otherwise valgrind only tests the shell that runs - the wrapper-script named 'curl' that is a front-end to curl in this case. - This should also fix the huge amount of reports of false positives when - valgrind has identified leaks in (ba)sh and not in curl and people report - that as curl bugs. Bug report #1116672 is one example. - - Also, the valgrind report parser has been adapted to check that at least one - of the sources in a stack strace is one of (lib)curl's source files or - otherwise it will not consider the problem to concern (lib)curl. - -- Marty Kuhrt streamlined the VMS build. - -Daniel (9 February 2005) -- David Byron fixed his SSL problems, initially mentioned here: - https://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use - SSL_pending() as we should. - -- Converted lots of FTP code to a statemachine, so that the multi interface - doesn't block while communicating commands-responses with an FTP server. - - I've added a comment like BLOCKING in the code on all spots I could find - where we still have blocking operations. When we change curl_easy_perform() - to use the multi interface, we'll also be able to simplify the code since - there will only be one "internal interface". - - While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the - new CURLE_LOGIN_DENIED. The first one is now access denied to a function, - like changing directory or retrieving a file, while the second means that we - were denied login. - - The CVS tag 'before_ftp_statemachine' was set just before this went in, in - case of future need. - -- Gisle made the DICT code send CRLF and not just LF as the spec says so. - -Daniel (8 February 2005) -- Gisle fixed problems when libcurl runs out of memory, and worked on making - sure the proper error code is returned for those occations. - -Daniel (7 February 2005) -- Maruko pointed out a problem with inflate decompressing exactly 64K - contents. - -Daniel (5 February 2005) -- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing - PORT on IPv6-enabled hosts. - -- David Byron pointed out we could use BUFSIZE to read data (in - lib/transfer.c) instead of using BUFSIZE -1. - -Version 7.13.0 (1 February 2005) - -Daniel (31 January 2005) -- Added Lars Nilsson's htmltitle.cc example - -Daniel (30 January 2005) -- Fixed a memory leak when using the multi interface and the DO operation - failed (as in test case 205). - -- Fixed a valgrind warning for file:// operations. - -- Fixed a valgrind report in the url globbing code for the curl command line - tool. - -- Bugfixed the parser that scans the valgrind report outputs (in runtests.pl). - I noticed that it previously didn't detect and report the "Conditional jump - or move depends on uninitialised value(s)" error. When I fixed this, I - caught a few curl bugs with it. And then I had to spend time to make the - test suite IGNORE these errors when OpenSSL is used since it produce massive - amounts of valgrind warnings (but only of the "Conditional..." kind it - seems). So, if a test that requires SSL is run, it ignores the - "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead - of "valgrind OK". - -Daniel (29 January 2005) -- Using the multi interface, and doing a requsted a re-used connection that - gets closed just after the request has been sent failed and did not re-issue - a request on a fresh reconnect like the easy interface did. Now it does! - -- Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use - my new curl_easy_perform() that uses the multi interface to run the - request. It is a great testbed for the multi interface and I believe we - shall do it this way for real in the future when we have a successor to - curl_multi_fdset(). I've used this approach to detect and fix several of the - recent multi-interfaces issues. - -- Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some - bad assumptions. - -- multi interface: when a request is denied due to "Maximum redirects - followed" libcurl leaked the last Location: URL. - -- Connect failures with the multi interface was often returned as "connect() - timed out" even though the reason was different. - -Daniel (28 January 2005) -- KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two - curl_easy_perform() invokes. It was previously unlocked at disconnect, which - could mean that it remained locked between multiple transfers. The DNS cache - may not live as long as the connection cache does, as they are separate. - - To deal with the lack of DNS (host address) data availability in re-used - connections, libcurl now keeps a copy of the IP adress as a string, to be - able to show it even on subsequent requests on the same connection. - - The problem could be made to appear with this stunt: - - 1. create a multi handle - 2. add an easy handle - 3. fetch a URL that is persistent (leaves the connection alive) - 4. remove the easy handle from the multi - 5. kill the multi handle - 6. create a multi handle - 7. add the same easy handle to the new multi handle - 8. fetch a URL from the same server as before (re-using the connection) - -- Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work - when built IPv6-enabled. I've now made a fix for it. Writing test cases for - custom port hosts turned too tricky so unfortunately there's none. - -Daniel (25 January 2005) -- Ian Ford asked about support for the FTP command ACCT, and I discovered it - is present in RFC959... so now (lib)curl supports it as well. --ftp-account - and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an - account string after PASS have been sent away. The client responds - with "ACCT [account string]".) Added test case 228 and 229 to verify the - functionality. Updated the test FTP server to support ACCT somewhat. - -- David Shaw contributed a fairly complete and detailed autoconf test you can - use to detect libcurl and setup variables for the protocols the installed - libcurl supports: docs/libcurl/libcurl.m4 - -Daniel (21 January 2005) -- Major FTP third party transfer overhaul. - - These four options are now obsolete: CURLOPT_SOURCE_HOST, - CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before) - and CURLOPT_PASV_HOST. - - These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE. - - The target-side didn't use the proper path with RETR, and thus this only - worked correctly in the login path (i.e without doing any CWD). The source- - side still uses a wrong path, but the fix for this will need to wait. Verify - the flaw by using a source URL with included %XX-codes. - - Made CURLOPT_FTPPORT control weather the target operation should use PORT - (or not). The other side thus uses passive (PASV) mode. - - Updated the ftp3rdparty.c example source to use the updated options. - - Added support for a second FTP server in the test suite. Named... ftp2. - Added test cases 230, 231 and 232 as a few first basic tests of very simple - 3rd party transfers. - - Changed the debug output to include 'target' and 'source' when a 3rd party - is being made, to make it clearer what commands/responses came on what - connection. - - Added three new command line options: --3p-url, --3p-user and --3p-quote. - - Documented the command line options and the curl_easy_setopt options related - to third party transfers. - - (Temporarily) disabled the ability to re-use an existing connection for the - source connection. This is because it needs to force a new in case the - source and target is the same host, and the host name check is trickier now - when the source is identified with a full URL instead of a plain host name - like before. - - TODO (short-term) for 3rd party transfers: quote support. The options are - there, we need to add test cases to verify their functionality. - - TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc) - and SSL/TSL support. - -Daniel (20 January 2005) -- Philippe Hameau found out that -Q "+[command]" didn't work, although some - code was written for it. I fixed and added test case 227 to verify it. - The curl.1 man page didn't mention the '+' so I added it. - -Daniel (19 January 2005) -- Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL - contains %0a or %0d in the user, password or CWD parts. (A future fix would - include doing it for %00 as well - see KNOWN_BUGS for details.) Test case - 225 and 226 were added to verify this - -- Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled: - - 1) the proxy environment variables are still read and used to set HTTP proxy - - 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was - disabled). This is important since apps may want to disable HTTP proxy - without actually knowing if libcurl was built to disable HTTP or not. - - Based on Stephan's patch, both these issues should now be fixed. - -Daniel (18 January 2005) -- Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was - applied. - -Daniel (16 January 2005) -- Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl - assumed this used the DICT protocol. While guessing protocols will remain - fuzzy, I've now made sure that the host names must start with "[protocol]." - for them to be a valid guessable name. I also removed "https" as a prefix - that indicates HTTPS, since we hardly ever see any host names using that. - -Daniel (13 January 2005) -- Inspired by Martijn Koster's patch and example source at - http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the - select() and poll() calls properly loop if they return -1 and errno is - EINTR. glibc docs for this is found here: - https://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html - - This last link says BSD doesn't have this "effect". Will there be a problem - if we do this unconditionally? - -Daniel (11 January 2005) -- Dan Torop cleaned up a few no longer used variables from David Phillips' - select() overhaul fix. - -- Cyrill Osterwalder posted a detailed analysis about a bug that occurs when - using a custom Host: header and curl fails to send a request on a re-used - persistent connection and thus creates a new connection and resends it. It - then sent two Host: headers. Cyrill's analysis was posted here: - https://curl.haxx.se/mail/archive-2005-01/0022.html - -- Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5 - problem with the version byte and the check for bad versions. Bruce has lots - of clues on this, and based on his suggestion I've now removed the check of - that byte since it seems to be able to contain 1 or 5. - -Daniel (10 January 2005) -- Pavel Orehov reported memory problems with the multi interface in bug report - #1098843. In short, a shared DNS cache was setup for a multi handle and when - the shared cache was deleted before the individual easy handles, the latter - cleanups caused read/writes to already freed memory. - -- Hzhijun reported a memory leak in the SSL certificate code, that leaked the - remote certificate name when it didn't match the used host name. - -Gisle (8 January 2005) -- Added Makefile.Watcom files (src/lib). Updated Makefile.dist. - -Daniel (7 January 2005) -- Improved the test script's valgrind log parser to actually work! Also added - the ability to disable the log scanner for specific test cases. Test case - 509 results in numerous problems and leaks in OpenSSL and has to get it - disabled. - -Daniel (6 January 2005) -- Fixed a single-byte read out of bounds in test case 39 in the curl tool code - (i.e not in the library). - -- Bug report #1097019 identified a problem when doing -d "data" with -G and - sending it to two URLs with {}. Added test 199 to verify the fix. - -Daniel (4 January 2005) -- Marty Kuhrt adjusted a VMS build script slightly - -- Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on - Win2000. - -Daniel (2 January 2005) -- Alex Neblett updated the MSVC makefiles slightly. -Daniel (25 December 2004) -- Removed src/config.h.in from CVS, it is now copied from the (generated) - lib/config.h.in instead, as they can very well be the same. This removes a - "manual hassle". You may want to re-run buildconf now. - -- Werner Koch filed Debian bug report #286794, mentioning that curl contained - non-free (by Debian's view) source code. This was Angus Mackay's - src/getpass.c source code. I tried to contact him about it to quickly solve - this issue, but his email addresses bounce and I got some time "over" and - reimplemented the functionality once brought by Angus. We no longer use any - of Angus' original code and the new function is much simpler (IMO). Issue - solved. - -Daniel (24 December 2004) -- David Shaw added --protocols to curl-config, so that it now lists all - protocols libcurl was built to support. --feature no longer lists disabled - protocols. - -Daniel (23 December 2004) -- David Shaw fixed the configure --disable-[protocol] variables so that - curl-config --feature now works correctly! - -Daniel (22 December 2004) -- Rune Kleveland fixed a minor memory leak for received cookies with the - (rare) version attribute set. - -- Marcin Konicki provided two configure fixes and a source fix to make curl - build out-of-the-box on BeOS. - -Daniel (21 December 2004) -- Added test case 217 that verified CURLINFO_HTTP_CONNECTCODE, and I made the - -w option support 'http_connect' to make it easier to verify! - -- Fixed lib/select.c include order to build fine on FreeBSD - -- Fixed failf()'s reuse of the va_list variable that crashed on FreeBSD. - Pointed out by Peter Pentchev. - -Version 7.12.3 (20 December 2004) - -Daniel (19 December 2004) -- I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e, - and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef - named 'free_func' and the OpenSSL headers have a prototype that uses - 'free_func' in one of its arguments. This is why the compile errors out. - - In other words, we need to include the openssl/pkcs12.h header before the - zlib.h header and it builds fine. The configure script now checks for this - file and it then gets included early in lib/urldata.h. - -Daniel (18 December 2004) -- Samuel Listopad added support for PKCS12 formatted certificates. - -- Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well. - -Daniel (16 December 2004) -- Gisle found and fixed a problem in the directory re-use for FTP. - - I added test case 215 and 216 to better verify the functionality. - -- Dinar in bug report #1086121, found a file handle leak when a multipart - formpost (including a file upload part) was aborted before the whole file - was sent. - -Daniel (15 December 2004) -- Tom Lee found out that globbing of strings with backslashes didn't work as - you'd expect. Backslashes are such a central part of windows file names that - forcing backslashes to have to be escaped with backslashes is a bit too - awkward to users. Starting now, you only need to escape globbing characters - such as the five letters: "[]{},". Added test case 214 to verify this. - -Daniel (14 December 2004) -- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name - and/or password were modified between two requests on a persistent - connection, the second request were still made with the first setup! - - I added test case 519 to verify the fix. - -Daniel (13 December 2004) -- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app - to list all available crypto ENGINES. - -- Gisle fixed bug report #1083542, which pointed out a problem with resuming - large file (>4GB) file:// transfers on windows. - -Daniel (11 December 2004) -- Made the test suite HTTP server (sws) capable of using IPv6, and then - extended the test environment to support that and also added three test - cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that - didn't work before the 10 dec fix by Kai Sommerfeld. - -- Made a failed file:// resume output an error message - -- Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c - -- Dan Fandrich: - - simplified and consolidated the SSL checks in configure and the usage of the - defines in lib/setup.h - - provided a first libcurl.pc.in file for pkg-config (but the result is not - installed anywhere at this point) - - extended the cross compile section in the docs/INSTALL file - -Daniel (10 December 2004) -- When providing user name in the URL and a IPv6-style IP-address (like in - "ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted - properly. Reported and fixed by Kai Sommerfeld. - -Daniel (9 December 2004) -- Ton Voon provided a configure fix that should fix the notorious (mostly - reported on Solaris) problem where the size_t check fails due to the SSL - libs being found in a dir not searched through by the run-time linker. - patch-tracker entry #1081707. - -- Bryan Henderson pointed out in bug report #1081788 that the curl-config - --vernum output wasn't zero prefixed properly (as claimed in documentation). - This is fixed in maketgz now. - -Daniel (8 December 2004) -- Matt Veenstra updated the mach-O framework files for Mac OS X. - -- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where - libcurl always and unconditionally overwrote a stack-based array with 3 zero - bytes. This is not an exploitable buffer overflow. No need to get alarmed. - -Daniel (7 December 2004) -- Fixed so that the final error message is sent to the verbose info "stream" - even if no errorbuffer is set. - -Daniel (6 December 2004) -- Dan Fandrich added the --disable-cookies option to configure to build - libcurl without cookie support. This is mainly useful if you want to build a - minimalistic libcurl with no cookies support at all. Like for embedded - systems or similar. - -- Richard Atterer fixed libcurl's way of dealing with the EPSV - response. Previously, libcurl would re-resolve the host name with the new - port number and attempt to connect to that, while it should use the IP from - the control channel. This bug made it hard to EPSV from an FTP server with - multiple IP addresses! - -Daniel (3 December 2004) -- Bug report #1078066: when a chunked transfer was pre-maturely closed exactly - at a chunk boundary it was not considered an error and thus went unnoticed. - Fixed by Maurice Barnum. - - Added test case 207 to verify. - -Daniel (2 December 2004) -- Fixed the CONNECT loop to default timeout to 3600 seconds. - - Added test case 206 that makes CONNECT with Digest. - - Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user- - agent field. - -Daniel (30 November 2004) -- Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream - -- Dan also helped me with input data to create three more test cases for the - --compressed option. - -Daniel (29 November 2004) -- I improved the test suite to enable binary contents in the tests (by proving - it base64 encoded), like for testing decompress etc. Added test 220 and 221 - for this purpose. Tests can now also depend on libz to run. - -- As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285 - (http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an - IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables - the ability to transfer a file. Now, when connected to an FTP server with - IPv6, these FTP commands can't be disabled even if asked to with the - available libcurl options. - -Daniel (26 November 2004) -- As reported in Mandrake's bug tracker bug 12289 - (http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a - newline to "finish" the progress meter after each redirect and not only - after a completed transfer. - -Daniel (25 November 2004) -- FTP improvements: - - If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on - the same server again even if a following request is made using a persistent - connection. - - If a second request is made to a server, requesting a file from the same - directory as the previous request operated on, libcurl will no longer make - that long series of CWD commands just to end up on the same spot. Note that - this is only for *exactly* the same dir. There is still room for improvements - to optimize the CWD-sending when the dirs are only slightly different. - - Added test 210, 211 and 212 to verify these changes. Had to improve the - test script too and added a new primitive to the test file format. - -Daniel (24 November 2004) -- Andrés García fixed the configure script to detect select properly when run - with Msys/Mingw on Windows. - -Daniel (22 November 2004) -- Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass - auth negotiation (NTLM, Digest and Negotiate), but instead use the request - keyword "properly". Details in lib/README.httpauth. This also introduces - CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the - "any" auth alternative as then libcurl may need to send the PUT/POST data - more than once and thus may need to ask the app to "rewind" the read data - stream to start. - - See also the new example using this: docs/examples/anyauthput.c - -- David Phillips enhanced test 518. I made it depend on a "feature" so that - systems without getrlimit() won't attempt to test 518. configure now checks - for getrlimit() and setrlimit() for this test case. - -Daniel (18 November 2004) -- David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE - file descriptors are in use. Test case 518 added to verify. - -Daniel (15 November 2004) -- To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and - num_redirects support to the -w writeout option for the command line tool. - -- Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as - documented. - -Daniel (12 November 2004) -- Gisle Vanem modigied the MSVC and Netware makefiles to build without - libcurl.def - -- Dan Fandrich added the --disable-crypto-auth option to configure to allow - libcurl to build without Digest support. (I figure it should also explicitly - disable Negotiate and NTLM.) - -- *** Modified Behaviour Alert *** - - Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET. - - Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting - CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make - a zero byte POST. Added test case 515 to verify this. - - Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516 - to verify this. - - CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know". - Setting it to zero simply says this is a zero byte POST. - - When providing POST data with a read callback, setting the size up front - is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE. - -Daniel (11 November 2004) -- Dan Fandrich added --disable-verbose to the configure script to allow builds - without verbose strings in the code, to save some 12KB space. Makes sense - only for systems with very little memory resources. - -- Jeff Phillips found out that a date string with a year beyond 2038 could - crash the new date parser on systems with 32bit time_t. We now check for - this case and deal with it. - -Daniel (10 November 2004) -- I installed Heimdal on my Debian box (using the debian package) and noticed - that configure --with-gssapi failed to create a nice build. Fixed now. - -Daniel (9 November 2004) -- Gisle Vanem marked all external function calls with CURL_EXTERN so that now - the Windows, Netware and other builds no longer need libcurl.def or similar - files. - -Daniel (8 November 2004) -- Made the configure script check for tld.h if libidn was detected, since - libidn 0.3.X didn't have such a header and we don't work with anything - before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version - of libidn which makes the curl 7.12.2 build fail. Jean-Philippe - Barrette-LaPierre helped pointing this out. - -- Ian Gulliver reported in debian bug report #278691: if curl is invoked in an - environment where stderr is closed the -v output will still be sent to file - descriptor 2 which then might be the network socket handle! Now we have a - weird hack instead that attempts to make sure that file descriptor 2 is - opened (with a call to pipe()) before libcurl is called to do the transfer. - configure now checks for pipe() and systems without pipe don't get the weird - hack done. - -Daniel (5 November 2004) -- Tim Sneddon made libcurl send no more than 64K in a single first chunk when - doing a huge POST on VMS, as this is a system limitation. Default on general - systems is 100K. - -Daniel (4 November 2004) -- Andres Garcia made it build on mingw againa, my --retry code broke the build. - -Daniel (2 November 2004) -- Added --retry-max-time that allows a maximum time that may not have been - reached for a retry to be made. If not set there is no maximum time, only - the amount of retries set with --retry. - -- Paul Nolan provided a patch to make libcurl build nicely on Windows CE. - -Daniel (1 November 2004) -- When cross-compiling, the configure script no longer attempts to use - pkg-config on the build host in order to detect OpenSSL compiler options. - -Daniel (27 October 2004) -- Dan Fandrich: - - An improvement to the gzip handling of libcurl. There were two problems with - the old version: it was possible for a malicious gzip file to cause libcurl - to leak memory, as a buffer was malloced to hold the header and never freed - if the header ended with no file contents. The second problem is that the - 64 KiB decompression buffer was allocated on the stack, which caused - unexpectedly high stack usage and overflowed the stack on some systems - (someone complained about that in the mailing list about a year ago). - - Both problems are fixed by this patch. The first one is fixed when a recent - (1.2) version of zlib is used, as it takes care of gzip header parsing - itself. A check for the version number is done at run-time and libcurl uses - that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that - can be commented out to save some code space if libcurl is guaranteed to be - using a 1.2 version of zlib. - - The second problem is solved by dynamically allocating the memory buffer - instead of storing it on the stack. The allocation/free is done for every - incoming packet, which is suboptimal, but should be dwarfed by the actual - decompression computation. - - I've also factored out some common code between deflate and gzip to reduce - the code footprint somewhat. I've tested the gzip code on a few test files - and I tried deflate using the freshmeat.net server, and it all looks OK. I - didn't try running it with valgrind, however. - -- Added a --retry option to curl that takes a numerical option for the number - of times the operation should be retried. It is retried if a transient error - is detected or if a timeout occurred. By default, it will first wait one - second between the retries and then double the delay time between each retry - until the delay time is ten minutes which then will be the delay time - between all forthcoming retries. You can set a static delay time with - "--retry-delay [num]" where [num] is the number of seconds to wait between - each retry. - -Daniel (25 October 2004) -- Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a - file that was already completely downloaded caused an error, while it - doesn't if you don't use --fail! I added test case 194 to verify the fix. - Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in - libcurl v8 due to all the kludges needed to support it. - -- Mohun Biswas found out that formposting a zero-byte file didn't work very - good. I fixed. - -Daniel (19 October 2004) -- Alexander Krasnostavsky made it possible to make FTP 3rd party transfers - with both source and destination being the same host. It can be useful if - you want to move a file on a server or similar. - -- Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure - out how many new connects a previous transfer required. - - I added %{num_connects} to the curl tool and added test case 192 and 193 - to verify the new code. - -Daniel (18 October 2004) -- Peter Wullinger pointed out that curl should call setlocale() properly to - initiate the specific language operations, to make the IDN stuff work - better. - -Version 7.12.2 (18 October 2004) - -Daniel (16 October 2004) -- Alexander Krasnostavsky made the CURLOPT_FTP_CREATE_MISSING_DIRS option work - fine even for third party transfers. - -- runekl at opoint.com found out (and provided a fix) that libcurl leaked - memory for cookies with the "max-age" field set. - -Gisle (16 October 2004) -- Issue 50 in TODO-RELEASE; Added Traian Nicolescu's patches for threaded - resolver on Windows. Plugged some potential handle and memory leaks. - -Daniel (14 October 2004) -- Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user - name and password fields properly in URLs, like - ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. - -Daniel (11 October 2004) -- libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or - later is one) to inhibit the SIGPIPE signal when writing to a socket while - the peer dies. The same effect is provide by the MSG_NOSIGNAL parameter to - send() on other systems. Alan Pinstein verified the fix. - -Daniel (10 October 2004) -- Systems with 64bit longs no longer use strtoll() or our strtoll- replacement - to parse 64 bit numbers. strtol() works fine. Added a configure check to - detect if [constant]LL works and if so, use that in the strtoll replacement - code to work around compiler warnings reported by Andy Cedilnik. - -Gisle (6 October 2004) -- For USE_LIBIDN builds: Added Top-Level-Domain (TLD) check of host-name - used in fix_hostname(). Checks if characters in 'host->name' (indirectly - via 'ace_hostname') are legal according to the TLD tables in libidn. - -Daniel (6 October 2004) -- Chih-Chung Chang reported that if you use CURLOPT_RESUME_FROM and enabled - CURLOPT_FOLLOWLOCATION, libcurl reported error if a redirect happened even - if the new URL would provide the resumed file. Test case 188 added to verify - the fix (together with existing test 99). - -- Dan Fandrich fixed a configure flaw for systems that need both nsl and socket - libs to use gethostbyname(). - -- Removed tabs and trailing whitespace from lots of source files. - -Daniel (5 October 2004) -- Made configure --with-libidn=PATH try the given PATH before the default - paths to make it possible to override. - -- If idna_strerror() is present in libidn, we can use that instead of our - internal replacement. This function was added by Simon in libidn 0.5.6 and - is detected by configure. - -- It seems basename() on IRIX is in the libgen library and since we don't use - that, configure finds libgen.h but not basename and then we get a compiler - error because our basename() replacement doesn't match the proto in - libgen.h. Starting now, we don't include the file if basename wasn't found - as well. - -Daniel (4 October 2004) -- Chris found a race condition resulting in CURLE_COULDNT_RESOLVE_HOST and - potential crash, in the windows threaded name resolver code. - -Daniel (3 October 2004) -- Replaced the use of isspace() in cookie.c with our own version instead since - we have most data as 'char *' and that makes us pass in negative values if - there is 8bit data in the string. Changing to unsigned causes too much - warnings or too many required typecasts to the normal string functions. - Harshal Pradhan identified this problem. - -Daniel (2 October 2004) -- Bertrand Demiddelaer found a case where libcurl could read already freed - data when CURLOPT_VERBOSE is used and a (very) persistent connection. It - happened when the dns cache entry for the connection was pruned while the - connection was still alive and then again re-used. We worked together on - this fix. - -- Gisle Vanem provided code that displays an error message when the (libidn - based) IDN conversion fails. This is really due to a missing suitable - function in the libidn API that I hope we can remove once libidn gets a - function like this. - -Daniel (1 October 2004) -- Aleksandar Milivojevic reported a problem in the Redhat bugzilla (see - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134133) and not to - anyone involved in the curl project! This happens when you try to curl a - file from a proftpd site using SSL. It seems proftpd sends a somewhat - unorthodox response code (232 instead of 230). I relaxed the response code - check to deal with this and similar cases. - -- Based on Fedor Karpelevitch's formpost path basename patch, file parts in - formposts no longer include the path part. If you _really_ want them, you - must provide your preferred full file name with CURLFORM_FILENAME. - - Added detection for libgen.h and basename() to configure. My custom - basename() replacement function for systems without it, might be a bit too - naive... - - Updated 6 test cases to make them work with the stripped paths. - -Daniel (30 September 2004) -- Larry Campbell added CURLINFO_OS_ERRNO to curl_easy_getinfo() that allows an - app to retrieve the errno variable after a (connect) failure. It will make - sense to provide this for more failures in a more generic way, but let's - start like this. - -- Günter Knauf and Casey O'Donnell worked out an extra #if condition for the - curl/multi.h header to work better in winsock-using apps. - -- Jean-Philippe Barrette-LaPierre made buildconf run better on Mac OS X by - properly using glibtoolize instead of plain libtoolize. (This is made if - glibtool was found and used instead of plain libtool.) - -Daniel (29 September 2004) -- Bertrand Demiddelaer fixed curl_easy_reset() so that it doesn't mistakingly - enable the progress meter. - -Daniel (28 September 2004) -- "Mekonikum" found out that if you built curl without SSL support, although - your current SSL installation supports Engine, the compile fails. - -Daniel (27 September 2004) -- When --with-ssl=PATH is used to the configure script, it no longer uses - pkg-config to figure out extra details. That is now only done if no PATH is - included or if SSL is checked for by default without the --with-ssl option. - -Daniel (25 September 2004) -- Peter Sylvester pointed out that CURLOPT_SSLENGINE couldn't even be set to - NULL when no engine was supported. It can now. - -Daniel (22 September 2004) -- Dan Fandrich fixed three test cases to no longer use "localhost" but instead - use "127.0.0.1" to avoid requiring that localhost resolves nicely. - -- Jean-Claude Chauve fixed an LDAP crash when more than one record was - retrieved. - -Daniel (19 September 2004) -- Andreas Rieke pointed out that when attempting to connect to a host without - a service on the specified port, curl_easy_perform() didn't properly provide - an error message in the CURLOPT_ERRORBUFFER buffer. - -Daniel (16 September 2004) -- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from - http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl - when "AUTH SSL" is issued (although the server responds fine and everything) - but requires that curl issues "AUTH TLS" instead. See - https://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes - - Introducing CURLOPT_FTPSSLAUTH that allows the application to select which - of the AUTH strings to attempt first. - -- Anonymous filed bug report #1029478 which identified a bug when you 1) used - a URL without properly seperating the host name and the parameters with a - slash. 2) the URL had parameters to the right of a ? that contains a slash - 3) curl was told to follow Location:s 4) the request got a response that - contained a Location: to redirect to "/dir". curl then appended the new path - on the wrong position of the original URL. - - Test case 187 was added to verify that this was fixed properly. - -Daniel (11 September 2004) -- Added parsedate.c that contains a rewrite of the date parser currently - provided by getdate.y. The new one is MUCH smaller and will allow us to run - away from the yacc/bison jungle. It is also slightly lacking in features - compared to the old one, but it supports parsing of all date formats HTTP - involves (and a fair bunch of others). - -Daniel (10 September 2004) -- As found out by Jonas Forsman, curl didn't allow -F to set Content-Type on - text-parts. Starting now, we can do -F "name=daniel;type=text/extra". Added - test case 186 to verify. - -- Bug report #1025986. When following a Location: with a custom Host: header - replacement, curl only replaced the Host: header on the initial request - and didn't replace it on the following ones. This resulted in requests with - two Host: headers. - - Now, curl checks if the location is on the same host as the initial request - and then continues to replace the Host: header. And when it moves to another - host, it doesn't replace the Host: header but it also doesn't make the - second Host: header get used in the request. - - This change is verified by the two new test cases 184 and 185. - -Daniel (8 September 2004) -- Modified the test suite to be able to use and run with customized port - numbers. This was always intended but never before possible. Now a simple - change in the runtests.pl script can make all tests use different ports. - The default ports in use from now on are 8990 to 8993. - -Daniel (2 September 2004) -- Minor modification of an SSL-related error message. - -Daniel (31 August 2004) -- David Tarendash found out that curl_multi_add_handle() returned - CURLM_CALL_MULTI_PERFORM instead of CURLM_OK. - -Daniel (30 August 2004) -- Make "Proxy-Connection: close" close the current proxy connection, as Roman - Koifman found out. - -Daniel (24 August 2004) -- Fixed a getdate problem by post-replacing the getdate.c file after the - bison/yacc process to add the fix Harshal Pradhan suggested. The problem - caused a crash on Windows when parsing some dates. - -Daniel (23 August 2004) -- Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs - even when told to use HTTP 1.0, which is not correct. Test case 180 and - 181 verify this. - -- Added test case 182 to verify that zero byte transfers call the callback - properly. - -Daniel (20 August 2004) -- Alexander Krasnostavsky made the write callback get called even when a zero - byte file is downloaded. - -Daniel (18 August 2004) -- Ling Thio pointed out that when libcurl is built IPv6-enabled, it still did - reverse DNS lookups when fed with a numerical IP-address (like - http://127.0.0.1/), although it doesn't when built IPv6-disabled. libcurl - should never do reverse lookups. - -Daniel (17 August 2004) -- Kjetil Jacobsen noticed that when transferring a file:// URL pointing to an - empty file, libcurl would return with the file still open. - -- Alexander Krasnostavsky pointed out that the configure script needs to define - _THREAD_SAFE for AIX systems to make libcurl built really thread-safe. - - Also added a check for the xlc compiler on AIX, and if that is detect we use - the -qthreaded compiler option - -Daniel (16 August 2004) -- libcurl now allows a custom "Accept-Encoding:" header override the - internally set one that gets set with CURLOPT_ENCODING. Pointed out by Alex. - -- Roland Krikava found and fixed a cookie problem when using a proxy (the - path matching was wrong). I added test case 179 to verify that we now do - right. - -Daniel (15 August 2004) -- Casey O'Donnell fixed some MSVC makefile targets to link properly. - -Daniel (11 August 2004) -- configure now defines _XOPEN_SOURCE to 500 on systems that need it to build - warning-free (the only known one so far is non-gcc builds on 64bit SGI - IRIX). (Reverted this change later as it caused compiler errors.) - -- the FTP code now includes the server response in the error message when the - server gives back a 530 after the password is provided, as it isn't - necessary because of a bad user name or password. - -Version 7.12.1 (10 August 2004) - -Daniel (10 August 2004) -- In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is - already UTF-8 encoded. This made the certificate verification fail if the - remote server used a certificate with the name UTF-8 encoded. - - Work-around brought by Alexis S. L. Carvalho. - -Daniel (9 August 2004) -- I fixed the configure script for krb4 to use -lcom_err as well, as I started - to get link problems with it unless I did that on my Solaris 2.7 box. I - don't understand why I started to get problems with this now! - -Daniel (5 August 2004) -- Enrico Scholz fixed the HTTP-Negotiate service name to be uppercase as - reported in bug report #1004105 - -Daniel (4 August 2004) -- Gisle Vanem provided a fix for the multi interface and connecting to a host - using multiple IP (bad) addresses. - -- Dylan Salisbury made libcurl no longer accept cookies set to a TLD only (it - previously allowed that on the seven three-letter domains). - -Daniel (31 July 2004) -- Joel Chen reported that the digest code assumed quotes around the contents a - bit too much. - -Daniel (28 July 2004) -- Bertrand Demiddelaer fixed the host name to get setup properly even when a - connection is re-used, when a proxy is in use. Previously the wrong Host: - header could get sent when re-using a proxy connection to a different target - host. - -- Fixed Brian Akins' reported problems with duplicate Host: headers on re-used - connections. If you attempted to replace the Host: header in the second - request, you got two such headers! - -- src/Makefile.am now includes the Makefile.inc file to get info about files - -Daniel (26 July 2004) -- Made "curl [URL] -o name#2" work as expected. If there's no globbing for the - #-number, it will simply be used as #2 in the file name. - -- Bertrand Demiddelaer fixed testing with valgrind 2.1.x and added two missing - newlines in the cookie informationals. - -Daniel (24 July 2004) -- I fixed the autobuilds with ares, since they now need to have buildconf run - in the ares dir before the configure script is run. - -- Added Casey O'Donnell's curl_easy_reset() function. It has a proto in - curl/curl.h but we have no man page yet. - -Daniel (20 July 2004) -- Added buildconf and buildconf.bat to the release archives, since they are - handy for rebuilding curl when using a daily snapshot (and not a pure CVS - checkout). - -Daniel (16 July 2004) -- As suggested by Toby Peterson, libcurl now ignores Content-Length data if the - given size is a negative number. Test case 178 verifies this. - -Daniel (14 July 2004) -- Günter Knauf has made the Netware builds do without the config-netware.h - files, so they are now removed from the dist packages. - -- Günter Knauf made curl and libcurl build with Borland again. - -- Andres Garcia fixed the common test 505 failures on windows. - -Daniel (6 July 2004) -- Andrés García found out why the windows tests failed on file:// "uploads". - -Daniel (2 July 2004) -- Andrés García reported a curl_share_cleanup() crash that occurs when no - lock/unlock callbacks have been set and the share is cleaned up. - -Daniel (1 July 2004) -- When using curl --trace or --trace-ascii, no trace messages that were sent - by curl_easy_cleanup() were included in the trace file. This made the - message "Closing connection #0" never appear in trace dumps. - -Daniel (30 June 2004) -- Niels van Tongeren found that setting CURLOPT_NOBODY to TRUE doesn't disable - a previously set POST request, making a very odd request get sent (unless - you disabled the POST) a HEAD request with a POST request-body. I've now - made CURLOPT_NOBODY enforce a proper HEAD. Added test case 514 for this. - -Daniel (29 June 2004) -- Günter Knauf made the testcurl.pl script capable of using a custom setup - file to easier run multiple autobuilds on the same source tree. - -- Gisle fixed the djgpp build and fixed a memory problem in some of the - reorged name resolved code. - -- Fixed code to allow connects done using the multi interface to attempt the - next IP when connecting to a host that resolves to multiple IPs and a - connect attempt fails. - -Daniel (27 June 2004) -- Based on Rob Stanzel's bug report #979480, I wrote a configure check that - checks if poll() can be used to wait on NULL as otherwise select() should be - used to do it. The select() usage was also fixed according to his report. - - Mac OS X 10.3 says "poll() functionality for Mac OS X is implemented via an - emulation layer on top of select(), not in the kernel directly. It is - recommended that programs running under OS X 10.3 prefer select() over - poll(). Configure scripts should look for the _POLL_EMUL_H_ define (instead - of _POLL_H_ or _SYS_POLL_H_) and avoid implementations where poll is not - implemented in the kernel." - - Yes, we can probably use select() on most platforms but today I prefered to - leave the code unaltered. - -Daniel (24 June 2004) -- The standard curl_version() string now only includes version info about - involved libraries and not about particular features. Thus it will no longer - include info about IPv6 nor GSS. That info is of course still available in - the feature bitmask curl_version_info() offers. - -- Replaced all occurances of sprintf() with snprintf(). This is mostly because - it is "A Good Thing" rather than actually fixing any known problem. This - will help preventing future possible mistakes to cause buffer overflows. - -- Major reorganization in the host resolve code (again). This time, I've - modified the code to now always use a linked list of Curl_addrinfo structs - to return resolved info in, no matter what resolver method or support that - is available on the platform. It makes it a lot easier to write code that - uses or depends on resolved data. - - Internally, this means amongst other things that we can stop doing the weird - "increase buffer size until it works" trick when resolving hosts on - IPv4-only with gethostbyname_r(), we support socks even on libcurls built - with IPv6 enabled (but only to socks servers that resolve to an IPv4 - address) and we no longer deep-copy or relocate hostent structs (we create - Curl_addrinfo chains instead). - - The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai() - and is slightly naive and simple, yet I believe it is functional enough to - work for libcurl. - -Daniel (22 June 2004) -- David Cohen pointed out that RFC2109 says clients should allow cookies to - contain least 4096 bytes while libcurl only allowed 2047. I raised the limit - to 4999 now and made the used buffer get malloc()ed instead of simply - allocated on stack as before. Extended test case 46 to include a cookie with - very huge content to verify the fix. - -- Günter Knauf fixed getdate.y to remove a few warnings. I removed the - ifdef'ed test we never ever use anyway. - -- Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter - anywhere in the wildcard string, support multiple '*'-letters in the - wildcard and to allow the '*'-letter to match a string that includes a dot. - -Daniel (21 June 2004) -- testcurl.sh is now removed completely, tests/testcurl.pl is the script to - use when autobuilding curl! - -- Kjetil Jacobsen brought my attention to the fact that you cannot properly - abort an upload with the readfunction callback, since returning 0 or -1 only - stops the upload and libcurl will continue waiting for downloaded data and - the server often waits for the rest of the upload data to arrive. - - Thus, I've now added the ability for read callbacks to return - CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop - the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code. - - Test case 513 was added to verify that it works. I had to improve the test - HTTP server too to dump the request to a file even when the client - disconnects prematurely. - -Daniel (19 June 2004) -- Luca Alteas provided a test case with a failing curl operation: when we POST - to a site with --digest (or similar) set, and the server responded with a 302 - Location: to the "authprobe" request, it was not treated correctly. We still - will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not - in the mood to dive into this right now and will leave it as-is for now. - Verified my fix with test case 177. - -Daniel (18 June 2004) -- Gisle Vanem's patch that provides more details from the SSL layers (if you - use an OpenSSL version that supports it). It also introduces two new types - of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and - CURLINFO_SSL_DATA_OUT. - -- With David Byron's test server I could repeat his problem and make sure that - POSTing over HTTPS:// with NTLM works fine now. There was a general problem - with multi-pass authentication with non-GET operations with CONNECT. - -Daniel (16 June 2004) -- Modified to keep the upload byte counter in an curl_off_t, not an int as - before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire - reported that makes 2GB FTP uploads to report error ("unaligned file sizes") - when completed. - -Daniel (15 June 2004) -- Luca Alteas reported a problem that I fixed: if you did a POST with - CURLAUTH_DIGEST set but the server didn't require any authentication, - libcurl would repeatedly send HEAD lots of times until it gives up. This was - actually the case for all multi-pass authentications. Added test case 174, - 175 and 176 to verify this. - -Daniel (14 June 2004) -- Multipart formposts uploading files no longer inserts the files themselves - into the huge prebuilt chunk. This enables libcurl to formpost files that is - larger than the amount of system memory. When the file given is passed on - stdin, libcurl still uses the old method of reading the full fill before the - upload takes place. This approach was selected in order to not alter the - behavior for existing applications, as when using stdin libcurl can't know - the size of the upload and chunked transfer-encoding can only be used on - HTTP 1.1 servers. - -Daniel (13 June 2004) -- Gisle found out that we did wildcard cert name checks wrong, so that parts - of the check wrongly was case sensitive. - -Daniel (11 June 2004) -- Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS - machine. He also had some interesting libcurl patches... they might be able - to do in a slightly nicer way. Discussions are in progress. - -Daniel (10 June 2004) -- Gisle Vanem brought code cleanupsm better verbose output and better connect - timeout handling when attempting to connect to a host that resolves to - multiple IP addresses. - -- Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the - path after a file:// transfer. - -Daniel (9 June 2004) -- Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl - without HTTP support. I added a new return code for curl_formadd() in case - libcurl is built with HTTP disable: CURL_FORMADD_DISABLED. - -- Alexander Krasnostavsky pointed out a missing file in the generated - curllib.dsp file, and now people building with this should get a libcurl.lib - file generated as it used to do before we generated this file. - -Daniel (8 June 2004) -- Marty Kuhrt fixed a minor build problem for VMS. - -Daniel (7 June 2004) -- Reverted the configure check from the 4th since it obviously didn't work. - Remade it in a different manner that hopefully works better. - -Daniel (4 June 2004) -- Günter Knauf brought patches to make curl build fine on NetWare again. - -- Made the configure checks for strerror_r() not exit the configure script - when built for cross-compiling. - -Daniel (3 June 2004) -- Chris Gaukroger pointed out that 'make test' attempts to run the tests even - if curl is built cross-compiled. I've now made it output a short message - instead, saying it isn't possible to do. - -- Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl. - You can now use libcurl to transfer files between two remote hosts using - FTP. There are a bunch of new options to control this with: - CURLOPT_SOURCE_HOST - CURLOPT_SOURCE_USERPWD - CURLOPT_SOURCE_PATH - CURLOPT_SOURCE_PORT - CURLOPT_PASV_HOST - CURLOPT_SOURCE_PREQUOTE - CURLOPT_SOURCE_POSTQUOTE - - (They still remain to be documented properly in the curl_easy_setopt man - page.) - - When using this, the ordinary CURLOPT_URL specifies the target URL, and you - specify the source data with these additional options. ftp3rdparty.c is a - new example source code showing how to use this. - -- Vincent Bronner fixed the HTTP Digest code to use the proxy user name and - password when doing proxy authentication, it previously always used the host - user name and password! - -Daniel (2 June 2004) -- CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which - fixes some old confusions on when which of these should be used and what the - differences are. - -- Applied Gisle's fixes to make curl build fine with lcc-win32 - -Version 7.12.0 (2 June 2004) - -Daniel (1 June 2004) -- I clarified the --create-dirs option somewhat in the curl man page. - -- Renaud Duhaut corrected the curl_unescape man page. - -- David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile - changes to now again use the mm lib by default. - -Daniel (26 May 2004) -- Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl - Makefile - -- David Byron reported a problem with proxy authentication when doing CONNECT, - like when accessing HTTPS sites wiht a proxy. This probably broke when I - rewrote the auth stuff recently. - -- I added fileupload.c in the examples directory, showing how an upload to a - file:// URL is made. - -Daniel (25 May 2004) -- Massimiliano Ziccardi updated the MSVC makefiles. - -Daniel (24 May 2004) -- libcurl now supports "uploading" to file:// URLs. Test 204 and 205 were - added to verify. - -- Simon Josefsson added a idn_free() function in libidn 0.4.5 as a reaction to - Gisle's previous mail. We now use this function, and thus we require libidn - 0.4.5 or later. No earlier version will do. - -- Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE could - not be used both in one request. Fixed it and added test case 172 to verify. - -Daniel (21 May 2004) -- While talking to host a.b.c, libcurl did wrongly not accept cookies that - were set to the domain .a.b.c (that is with a dot prefix). This is now fixed - and test case 171 verifies it. - -Daniel (20 May 2004) -- Jesse Noller reported that the upload speed info reported by libcurl was - wrong. The same was true for the download speed. Fixed now. - -Daniel (19 May 2004) -- David Byron added test case 170 - this used to crash the previous version of - curl. - -Daniel (17 May 2004) -- Peter Sylvester's patch that addresses two flaws in the peer certificate - name verification: - o when multiple common names are used (as in the curl tests), the last name - needs to be selected. - o allow comparing with encoded values, at least with BMP and ISO latin1 - encoded T61strings. - -- All 191 test cases run through the torture test OK! 'make test-torture' is - now available in the root makefile (on configure-based environments). - -Daniel (14 May 2004) -- With a slightly modified ftpserver.pl I've now run almost all tests through - with runtests.pl -t. This is goodness! - -- Since I have been unable to contact the CVS admins for several months, I've - decided that the current CVS hosting was not good enough. I've now moved the - CVS repo once again, see README for updated cvs checkout instructions. - -Daniel (13 May 2004) -- runtests.pl -t now runs fine all the way to test 100. I believe test case - 100 fails because of an FTP server problem. - -Daniel (12 May 2004) -- General cleanups all over to make libcurl survive and do well when a memory - function returns NULL. runtests.pl -t now works fine for the first 26 test - cases. - -Daniel (11 May 2004) -- Seshubabu Pasam provided a patch that introduces curl_global_init_mem() - - like normal curl_global_init() but allows the app to replace all memory - functions with its own set. I modified it slightly. - -- Based on Luca Alteas' comments, I modified the curllib.dsp generation code. - -Daniel (10 May 2004) -- Gisle mailed Simon Josefsson (of libidn fame) about the benefits of a - separate free()-function by that lib to make sure the memory is freed by the - same memory subsystem that allocated it. He responded positively and this - will likely cause us to require a newer version of libidn as soon as Simon - releases one with such a libidn_free() function. - -- James Bursa made runtests.pl's -t option work for any given test case, and I - edited to allow -g too. Not even test case 1 worked... - -- Luca Altea made the nc= field not use quotes in outgoing HTTP Digest headers. - -- Andrés García fixed a problem in the test script that made it fail to - recognize our own running HTTP server. - -Daniel (7 May 2004) -- James Bursa fixed the memanalyze.pl script to conder malloc(0) areas OK to - free() and he made two failed-resolve error messages use the new display- - name instead of the internally-used name. - -- Gisle Vanem tried curl with - www.etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com - which caused problems, and I fixed the single zero byte buffer overwrite - that occurred (due to a stupid protocol buffer size and parser). - -- Made the lib/curllib.dsp file get generated automaticly when a distribution - package is made, with the msvcproj.* files as templates and all - win32-sources added. I think this can be made to work better than the always - lagging-behind previous approach. I'm not sure this builds a working project - file right now though! - -Daniel (6 May 2004) -- Michael Benedict brought a fix that fills in the errorbuffer properly when - ares fails to resolve a name for a case not previously dealt with like this. - -Daniel (5 May 2004) -- Joe Halpin fixed the annoying typecast warning in lib/ldap.c - -- Gisle Vanem fixes: - o memdebug to not access NULL on several places - o libcurl.def; curl_formparse is gone. - o progress.c; fixed the percent values being trunced to 0. - o if2ip.*; constified the 'interface' argument. - -- Tor Arntsen reported that many of his autobuilds froze and I found and fixed - a problem introduced with the HTTP auth overhaul that could lead to a - never-ending internal request-loop due to un-initialized variables! - -- Removed several compiler warnings on various compilers/platforms. - -Daniel (4 May 2004) -- curl_formparse() has been removed from the library. It has been marked and - mentioned as deprecated for several years. - -Daniel (3 May 2004) -- Rewritten HTTP authentication code. The previous code could not properly - deal with the added test cases 167, 168 and 169. I've now rewritten the code - to better separate host and proxy authentication and not re-use the same - variables as much as before as it proved non working in the more involved - cases. All the current tests run OK now, and so do the new ones. The curl - tool got a new option named --proxy-digest to enable HTTP Digest - authentication with the proxy. I also made the library support it. - -- Gisle Vanem made the LDAP code work with wldap32.dll as supplied with - Win-98/ME/2000/XP, so no extra .dlls are required when curl/libcurl is used - on these Windows versions. - -Daniel (30 April 2004) -- runtests.pl now scans the valgrind log for valgrind-detected memory leaks - after each test case if valgrind was found and used. - -- I modified the app-code in curl to include the new lib/curlx.h and only - access those functions using the curlx_-prefix in preparation for the future - removal of several curl_-functions from the public libcurl API. - -- Introduced lib/curlx.h as a single header to provide the curlx_-functions - to apps. - -- Added notices in the man pages for curl_getenv, curl_mprintf, curl_strequal - and curl_strnequal that they are subject for removal in a future release. - STOP USING THESE FUNCTIONS. - -- Mihai Ionescu noticed he couldn't do formposts with whitespace in the file - names and yes, I broke that on April 23. Sigh. I fixed it now and added - test case 166 to verify it. - -- Luca Altea pointed out a mistake left from the Digest patch of yesterday. - -Daniel (29 April 2004) -- Made IDN domains work when sending requsts over HTTP proxy as well. Added - test case 165 to verify the functionality. - -- Fixed a bug in the new internal host name setup when re-using connections. - -- James Bursa found out that curl_easy_duphandle() with ares-built libcurl - created a bad handle that would crash in the first name resolve attempt. This - is now fixed and test case 512 was added to verify it. - -- Luca Altea provided a major HTTP Digest code fix and cleanup. We now follow - the Digest RFC a lot better. - -- Gisle Vanem made the SSL code use ERR_error_string_n() where applicable. - -Daniel (27 April 2004) -- I remodeled Gisle's IDN code slightly and now we convert both the host name - and proxy name to the ACE encoded version to use internally for resolves and - cookies etc. They are now using one 'struct hostname' each that keep both - the original name and the possibly encoded name. IDN resolves work for me - now using IPv6, IPv4 and ares resolving. Even cookies on IDN sites seem to - do right. I got some failures at first when CHARSET wasn't set at all which - confused libidn completely and it decided by encoding of choice was - 'ANSI_X3.4-1968'... - -- made 'configure --without-libidn' work - -Daniel (25 April 2004) -- Fixed the src/hugehelp.c file to include "setup.h" instead of "config.h" to - make the problems with USE_MANUAL on windows go away. - -- configure --without-ssl could still wrongly include some OpenSSL info in the - Makefiles if pkg-config had info about OpenSSL. Bug #941762 reported by - Martin. - -- Since we can now build and use quite a large set of 3rd party libraries, I - decided I would make configure produce a summary at the end showing what - libraries it uses and if not, what option to use to make it use that. I also - added some other random info that is nice in a "configure summary" output. - -- Applied TommyTam's patch that now make curl work with telnet and stdin - properly on Windows. - -- The changes for today below were made by me and Gisle Vanem. - - The file previously known as hostip.c has now undergone a huge cleanup and - split: - - hostip.c explained - ================== - - The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c - source file are these: - - CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use - that. The host may not be able to resolve IPv6, but we don't really have to - take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 - defined. - - CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous - name resolves. It cannot have ENABLE_IPV6 defined at the same time, as - c-ares has no IPv6 support. This can be Windows or *nix. - - CURLRES_THREADED - is defined if libcurl is built to run under (native) - Windows, and then the name resolve will be done in a new thread, and the - supported asynch API will be the same as for ares-builds. - - If any of the two previous are defined, CURLRES_ASYNCH is defined too. If - libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is - defined. - - The host*.c sources files are split up like this: - - hostip.c - method-independent resolver functions and utility functions - hostasyn.c - functions for asynchronous name resolves - hostsyn.c - functions for synchronous name resolves - hostares.c - functions for ares-using name resolves - hostthre.c - functions for threaded name resolves - hostip4.c - IPv4 specific functions - hostip6.c - IPv6 specific functions - - The hostip.h is the single united header file for all this. It defines the - CURLRES_* defines based on the config*.h and setup.h defines. - -- Added function header comments to many functions in an attempt to better - explain the purpose of them all. - -- configure --with-libidn is now supported. It makes the configure script - check for libidn libs and include files in the prefix path given. If you - say --with-libidn=/usr/local, it will check for the lib in /usr/local/lib - and the includes in /usr/local/include etc. - -- curl_version_info() now returns a struct aged CURLVERSION_THIRD including - libidn version info. The string curl_version() returns also includes libidn - version info, if available. - -Version 7.11.2 (26 April 2004) - -Daniel (25 April 2004) -- Erwin Authried pointed out that configure --disable-manual didn't do right - if you already had a src/hugehelp.c source file present (which most people - do I guess). It now uses the USE_MANUAL define properly. - -Daniel (23 April 2004) -- Gisle Vanem found and fixed a memory leak when doing (failing) Windows - threaded name resolves. - -- I also added test case 163 just to make sure -F "var=2GB files. curl -V now - outputs 'Largefile' in the Features: field if this is the case. Most systems - are likely to support this. - -- We offer a CURL_FORMAT_OFF_T define in the public header, which can be used - to printf() curl_off_t variables. We also modified the libcurl sources to - use this define instead of the previous %Od approach (although I've left the - O-flag functional in the code). This should also prevent compilers to warn - on the home-grown option. - -- Fixed the resume-check code to test for a working resume at the end of the - headers and not at the first body-byte. - -- CURLOPT_DNS_USE_GLOBAL_CACHE is now considered obsolete. Stop using it. If - you need a global DNS cache for whatever reason, use the share interface and - you'll get a global cache that works the way it should work. You can even - have any number of global caches, all at your command. This is now also - mentioned in the docs. - -- Made the *printf code support the z-flag to enable size_t printf() in a - manner similar to how glibc allows it. To make printfing of this work on - platforms with 64bit size_t and 32bit ints. If there even are any! ;-) - -- Christopher R. Palmer discovered that if you CURLOPT_FRESH_CONNECT and - CURLAUTH_NTLM (or CURLAUTH_ANY and libcurl then picked NTLM), libcurl would - loop without succeeding to authenticate due to the new connection that was - made for all round-trips in the authentication. Now, the FRESH_CONNECT is - remade to only matter for the first connection made with curl_easy_perform() - and all the rest that might follow due to FOLLOWLOCATION or HTTP - authentication are now ignoring that option. - -- Adjusted the QUIT code slightly since it could core-dump. - -- Corrected the test suite's FTP server to provide a correct size to the - 'verifiedserver' request. - -Daniel (27 February 2004) -- Joe Halpin made the FTP code send QUIT on the control connection before - disconnecting the TCP connection. This is what good-behaving ftp clients - should do. - -Daniel (26 February 2004) -- David Byron updated several files to make curl build fine on MSVC 6. He - also added the 'buildconf.bat' that works like the 'buildconf + configure' - combo does on unixes. - -- Gisle Vanem made the memdebug stuff support calloc() as well. - -- Tor Arntsen pointed out that testcurl.sh needed to remove the generated - files in order to have them re-generated in each build. - -- Andy Serpa found out that the share interface did not enjoy life when not - having the lock and unlock callbacks set, even though documented to be - OK. It still is OK, and now the code won't segfault anymore! - -Daniel (25 February 2004) -- Based on a patch by Greg Hewgill I modified how long long is used in the - mprintf code, as we can use a 64bit type with MSVC that is a long long - equivalent. This corrects some weird large file behaviors on windows. - -- Tor Arntsen helped me work out --enable-debug to work better with different - versions of the gcc and icc compilers. - -- Added CURLOPT_SHARE to the curl_easy_setopt.3 man page. - -Daniel (22 February 2004) -- Applied the final pieces of Gisle Vanem's patch that brings a working name - resolve timeout to the windows versions of curl! - -Daniel (21 February 2004) -- David Byron's fix to allow the speed-limit logic work even if you set - limit-rate. It does work on the expense of the rate limiter. - -Daniel (20 February 2004) -- configure --enable-debug with gcc now also tries to detect the icc compiler - (which somehow gets treated as if it is a gcc) to stop using all the gcc - options with it, and we also provide -isystem options for each extra -I - option the configure script has figured out (for OpenSSL, kerberos, zlib, - Heimdal etc). This of course to prevent warnings on headers we don't have - control of. - -Daniel (19 February 2004) -- Doug Porter made libcurl use the HOME environment variable before the - getpwuid results when looking for .netrc files. - -- If 'configure --enable-debug' is used with gcc, it now checks which gcc - version it is and uses as picky compiler options as possible for the - particular version. - -- Code that can be used in both the lib and in the curl app is now made to use - the curlx_ prefix. The first function to be available like this is the - curlx_strtoll() function. This is made to allow the app to use existing code, - but without polluting the libcurl API. Further explanations posted here: - - https://curl.haxx.se/mail/lib-2004-02/0215.html - -Daniel (18 February 2004) -- Fixed buildconf to not use "which" as AIX and Tru64 have what have been - referred to as "horribly broken 'which' programs". - -- Made sure dns cache timeout set to -1 really means caching forever. - -Daniel (17 February 2004) -- Made it possibly to build c-ares with the libcurl memdebug system to better - track memory. - -Daniel (16 February 2004) -- When using ares, we now initialize the ares 'channel' in curl_easy_init() - and re-use that same handle during the entire curl handle's life-time. It - improves performance. - -- Fixed a problem when displaying verbose for IPv6-enabled libcurls and - re-used connections. Problem reported and fix verified by Grigory Entin. - -- Jeff Lawson fixed the version-check in the SOCKS5 code. - -Daniel (15 February 2004) -- Fixed a case where a host cache entry was not flagged in-use properly when a - cached entry was used. - -- Andrés García's patch that checks for winmm in the configure script was - applied. - -Daniel (13 February 2004) -- Ben Greear's SO_BINDTODEVICE patch for the binding of the local end to a - specific network interface. - -- Greg Hewgill found out that the variable holding 'contentlength' wasn't big - enough to hold a large file! - -- Tor Arntsen fixed a 64bit-related problem in date-related code in the ftp - department, and there was another potential problem in the name resolve code - too. - -Daniel (11 February 2004) -- Removed a few variables that were only set but never used, as some compilers - warn about that and we do not like compiler warnings! - -- Removed the need for symlinks in the tests/data directory if curl is built - outside of the source directory and the 'make test' is used. This was done - by providing a "source dir path" to the scripts/servers. - -- Now, if the configure script can't find an nroff tool or an option to nroff - to use to convert man pages with, it will completely switch off the built-in - manual. - -- 'configure --disable-manual' completely disables the built-in manual from - the curl command tool. - -- Andrés García fixed the configure script and a minor source edit, and now - he has managed to get msys/mingw to run configure and then build! - -Daniel (9 February 2004) -- The default HTTP Accept: header was modified to the much simpler - "Accept: */*". - -- P R Schaffner updated the curl-ssl spec file for RPMs. - -- Dominick Meglio brought lots of documentation for the share interface's man - pages that were previously missing. - -- Tor Arntsen provided a patch that makes libcurl work-around a bug in the - AIX5 implementation of getaddrinfo(). This makes the FTP PORT stuff work on - IPv6-enabled AIX builds. - -- Ken Rastatter provided portability fixes for the curlgtk.c example, and now - it runs on windows with GTK as well! - -Daniel (6 February 2004) -- Andrés García made the configure script find gethostbyname() fine when run - with mingw on windows. - -- Modified the ldap code to use proper function pointers all over (instead of - mixed data and function pointers) to work-around the picky MIPSPro compiler - warnings. - -- A custom Host: header is only considered if the request is not made by - following a location. After discussions with Tim Baker. - -Daniel (5 February 2004) -- The libz part of the configure script now only set the two libz-related - define HAVE_ZLIB_H and HAVE_LIBZ if both the lib and the header is found. - If one is missing, none of the defines is set. - -- Andrés García fixed the Mingw makefiles. - -- Len Krause reported that curl 7.9.X could do uploading from stdin without - doing chunked encoding, which current curl cannot do even if you disable - the transfer-encoding chunked header. Now it can again, and test case 98 - verifies this functionality. - -- Tor Arntsen fixed a weird getaddrinfo() usage in the FTP code, preventing - the IPv6-code for PORT work on AIX 5.2. We now also provide (better) error - messages when bailing out in the that function. - -- Tor Arntsen now provides AIX and IRIX (using gcc, xlc and the MIPSPro - compilers) automated build logs (https://curl.haxx.se/auto/) and we've fixed - numerous minor quirks to make less warnings appear. - -Daniel (4 February 2004) -- Based on a patch by Gilad, we now use the custom timeouts when waiting for a - server to connect when using FTP PORT. Previously we always waited 10 - seconds, no more no less. We now also changed the default (if no timeout is - set) to wait 60 seconds for the connect before we fail. - -Daniel (3 February 2004) -- Modified to link with c-ares instead of ares. - -Daniel (2 February 2004) -- Added a configure test to check for which option the (g)nroff tool wants - to extract plain text from the man pages. Tor Arntsen told us the AIX - version of GNU gnroff doesn't support -man! - -- Added an undef of accept in memdebug.h to make curl build with --enable-debug - on AIX 5.2 which seems to have accept defined. Reported by Tor Arntsen. - -- curl_version() now includes c-ares version info, and curl_version_info() now - returns a struct with version SECOND that also includes that info. - -- We are now officially using c-ares for asynch name resolves. c-ares is the - new library, based on the existing ares but with an extended and slightly - modified API. - -- Dirk improved the ares timeout code, and now we also include the ares error - string when we fail to resolve a name. - -- Another tweak to make test case 91 run fine. Now we have another bit on a - connection that is set true if the connection is marked for 'retry'. That - makes the connection get closed and re-opened and the HTTP-done code must - not complain on the fact that no data was received. - -- Based on Dirk Manske's patch, I modified the name resolving with ares to - feature a timeout for really slow lookups. It now defaults to 300 seconds, - but is now adjusted to the CONNECTTIMEOUT/TIMOUE timeouts if one of them - is set. - -- Fixed the inclusion of ca-bundle.h to really use the one in the build dir - before the one in the source dir. Domenico Andreoli found out and reported. - -- Added test case 97, a simple POST with a custom Content-Type header - replacing the original application/x-www-form-urlencoded one. - -Daniel (30 January 2004) -- Added code that attempts to fix the test 91 failure. As has been figured out - by Patrick Smith, the error happens because we re-use a connection that the - server is just about to close and we even manage to send away the request - without seeing an error. On the first read attempt we get a ECONNRESET. - Starting now, we attempt to detect this and if so, we retry the request on a - fresh connection. - -- I added test case 510 which is a custom program that does a POST using a - read callback, with chunked transfer-encoding. - -- Adjusted one of the MPE/iX changes as it made test case 504 fail all over. - -- Added --socks as a recognized option. It works just like --proxy but sets a - SOCKS5 proxy to use. SOCKS5 support has been available in libcurl for a - while, just not provided by the curl tool. This does not currently work for - IPv6-enabled libcurls. - -Daniel (29 January 2004) -- Stadler Stephan pointed out that src/hugehelp.c included config.h without - checking the define if its present... - -- Ken Hirsch provided patches to make curl build fine on the MPE/iX operating - system. - -- Dan Fandrich compiled curl with lots of aggressively pedantic compiler - options and thus found a few minor errors and did some general cleanups to - avoid them. - -- Dirk Manske fixed a flaw in ares that prevented it to use non-blocking - sockets properly. - -Daniel (28 January 2004) -- Richard Bramante fixed chunked transfer-encoded "uploads" to send a final - CRLF combo properly. - -Daniel (27 January 2004) -- Made the response-headers during a CONNECT request to a proxy get passed on - as regular headers, so they appear with -i/-I options and similar. - -- Based on a patch by Gisle Vanem, I've made the progress meter display - properly switch to a GB-display when more than 9999MB have been transfered. - -Daniel (23 January 2004) -- Gisle Vanem pointed out a curlrc parser problem/crash when an option with a - required didn't have one and was on the last line of a file. - -- More Windows fixes for large files. We now build and link with - ../lib/strtoofft.c in the app code since Curl_strtoll() is not a provided - libcurl function... Perhaps we should consider a 'common' dir or similar - where we put source code used in both the lib and the client. Or perhaps - we'll just make this function available in the library... - -- Vincent Bronner found out the socks5 code crashed when no username was - set. - -- Vincent Bronner spotted a problem with proxy username/password when re-using - a persistent connection. - -- Fixed the progress meter display for files larger than 2^31 bytes. Gisle - Vanem reported. - -Daniel (22 January 2004) -- Gisle Vanem made strtoll() get used when curl is built with the mingw - compiler. - -- Gisle Vanem fixed the compressed help text code to display properly. - -- Removed the '#define HttpPost' from the public header file, as curl_httppost - is the proper name and it has been for quite some time now. Fixes another - name space pollution. - -- Added 'curl_off_t' typedef in the public header file, to be used to provide - large file sizes to the *_LARGE options. Adjusted the code all over to use - this variable type instead of 'off_t'. This is an attempt to make the large - file support work on more platforms. The configure script now checks the - size of the curl_off_t instead of the plain off_t. - -Version 7.11.0 (22 January 2004) - -Daniel (21 January 2004) -- Removed the defines in the public header file with TIMECOND_ prefixes. They - have been obsolete since April 22nd 2002, and if this causes anyone any - problems now it is very easy to just add CURL_ to the names. This corrects - this name space pollution. - -Daniel (19 January 2004) -- David Byron cleaned up how --trace with no option was treated, and also - arguments in a config file without a required parameter! - -Daniel (16 January 2004) -- Gisle Vanem fixed a few issues where compilers warned about variables - possibly being used unassigned. - -- Minor Interix build problem fixed. - -Daniel (15 January 2004) -- Peter Sylvester pointed out some necessary escaping needed in the - acinclude.m4 file when automake 1.8 or later is used. - -Daniel (14 January 2004) -- Vincent Bronner fixed the Curl_resolv() return code. This extends the fix - Steve Green provided on december 3... - -Daniel (13 January 2004) -- Luke Call made the win32 version of the password prompting function support - backspace. - -- Dan Fandrich fixed the hugehelp source file to contain both a compressed and - an uncompressed version in the distribution, so that more people easier can - build curl with the compressed version. - -- Diego Casorran brought another AmigaOS build patch for native Amiga builds. - -- Matt Veenstra updated the Mac OS X framework files. - -- Brian R Duffy brought a section to the INSTALL file on how to build a - SSL-enabled curl using the free Borland C++ compiler. He also updated the - Borland lib/Makefile.b32. - -- I fixed the test case 509 which I broke yesterday. Now the libtest are - compiled with an include path that points to the library's source dir, so - that the libtests can include files from the source tree. This was made to - make it possible to use the USE_SSLEAY define in the library test files. - -Daniel (12 January 2004) -- Peter Sylvester brought code that now allows a callback to modified the URL - even when the multi interface is used, and then libcurl will simulate a - "follow location" to that new URL. Test 509 was added to test this feature. - -- Extended the time we retry servers in the test script, and I also made it - retry the https and ftps servers before they are considered bad. I believe - the previous approach could turn problematic on really slow hosts. - -Version 7.11.0-pre1 (12 January 2004) - -Daniel (11 January 2004) -- Dominick Meglio pointed out FTPS should use default port 990 according to - IANA. - -Daniel (8 January 2004) -- Fixed the SPNEGO configure check to not use -R or other non-portable options - in the LDFLAGS. Reported by Pierre in bug report #872930. - -Daniel (5 January 2004) -- Dan Fandrich provided a fix on our zlib usage. - -- David J Meyer's patch that introduce large file support to libcurl was - applied. New curl_easy_setopt options that accept 'off_t' arguments are: - - INFILESIZE_LARGE - RESUME_FROM_LARGE - MAXFILESIZE_LARGE - -Daniel (4 January 2004) -- Based on Dominick Meglio's comments, I made our private version of - gettimeofday() declared static. This would otherwise collide with the same - function in other libs (like ares for example). - -- Added Dominick Meglio's description on how to build libcurl with ares - on win32. -Daniel (19 December) -- CURLOPT_IPRESOLVE was not possible to set. - -- Gisle Vanem updated the djgpp build files. - -Daniel (18 December) -- John McGowan reported a redirect-problem that happened if a site used a URL - like "url.com?var=content" (without a proper slash) and from that address - redirected the user-agent to an absolute directory. - -- David Byron made libcurl build fine with both the .NET and VC6 versions of - MSVC - -Daniel (16 December) -- Updated test 506 since it started to fail after the cache prune change - yesterday. I also changed it slightly to feature a counter in each debug - output for easier tracing. - -Daniel (15 December) -- Old DNS cache entries are now only pruned after curl is done with a request, - and not in the actual name resolve call. - -- corrected the --enable-ares patch - -- Giuseppe Attardi found and fixed a problem within libcurl that re-used - already freed memory. - -Daniel (10 December) -- Gisle Vanem reported that the dict support was broken. I broke it during my - ftps-changes overhaul. I've now added a 'curlassert' function that can be - used to verify expressions, to prevent future errors of the same - kind. They're only present in debug-builds. - -- Diego Casorran made curl and libcurl possible to build natively (no more - need for the ixemul library) on AmigaOS. - -- Dominick Meglio made configure --enable-ares support a given path to the - installed ares lib, instead of always using it in the curl source tree. - This also fixed the curl-config --libs output. - -- Eric S. Raymond patched a very minor man page format error in - libcurl-errors.3 - -Daniel (8 December) -- Fixed the flaw that made -lz appear twice on the link command line. - -- After correspondence with Gisle Vanem, I changed the 'connection aborted' - error text when the FTP response reader failed to more specificly identify - what the problem is. - -- Based on a patch from Dominick Meglio, curl-config --feature now outputs - 'AsynchDNS' as a feature if libcurl was built with ares. The feature name - is the same that 'curl -V' outputs, for simplicity. - -Daniel (3 December) -- Marty Kuhrt made the build up-to-date on VMS, and moved most of the VMS- - specific stuff in the client code to a separate header file. - -- Steve Green fixed a return code bug in Curl_resolv(), that made the socks5 - code fail. - -- swalkaus at yahoo.com patched libcurl to ignore Content-Length: headers - when Transfer-Encoding: chunked is used, as mandated by RFC2616. - -Daniel (2 December) -- --ftp-pasv was added, which serves the only purpose of overriding a - previously set --ftpport option. Starting now, --ftp-port is a recognized - alias for --ftpport for consistency. - -- Giuseppe Attardi pointed out that we should use MSG_NOSIGNAL when we use - send() and recv(). I added checks for the define in the configure script and - adjusted the code accordingly. If the symbol is present, we won't attempt - to ignore the SIGPIPE signal. - -Daniel (1 December) -- Mathias Axelsson set up a bsdftpd-ssl server for me and I could make curl - run fine against its FTPS implementation. Now these FTPS-related things - work: - o explicit and implicit FTPS - o active (PORT) and passive (PASV) - o upload and download - o verified against bsdftpd-ssl and RaidenFTPD - -Daniel (27 November) -- James Clancy made the Borland Makefiles up to date. - -- Markus Moeller improved the SPNEGO detection in the configure script. - -Daniel (25 November) -- Dave May filed bug report #848371, identifying that if you'd do POST over a - proxy to a https server, libcurl didn't POST at all, it just made a GET! It - turned out to be because libcurl wrongly didn't consider the authentication - "negotiation phase" to be complete yet. - - I added test case 95 to verify my fix for this. - -Daniel (24 November) -- Thanks to Mathias Axelsson, I've been able to work on FTPS for libcurl and it - seems to work somewhat fine now. - - The FTPS stuff is based on RFC2228 and the murray-auth-ftp-ssl draft - (version 12). There seems to exist quite a few servers that have implemented - the server side of this. - - We can now use ftps:// URLs to explicitly switch on SSL/TSL for the control - connection and the data connection (dealing with two SSL connections forced - me to change a lot of stuff in libcurl). - - Alternatively, and what seems to be the recommended way, we can set the new - option CURLOPT_FTP_SSL to one of these values: - - CURLFTPSSL_NOPE, - do not attempt to use SSL - CURLFTPSSL_TRY - try using SSL, proceed anyway otherwise - CURLFTPSSL_CONTROL - SSL for the control connection or fail - CURLFTPSSL_ALL - SSL for all communication or fail - - Any failure to set the desired level will make libcurl fail with the error - code CURLE_FTP_SSL_FAILED. This new option makes a "normal" ftp:// transfer - attempt to be made securely. - - I've been able to login and get files (passively) from Mathias' server using - both ftps:// and CURLOPT_FTP_SSL. (I've made 'curl' understand the --ftp-ssl - option that sets CURLFTPSSL_TRY.) - -- Gaz Iqbal fixed a range string memory leak. - -- Gisle Vanem fixed the Windows builds. - -- Added the new FTPSSL defines in curl/curl.h - -Daniel (20 November) -- Josh Kapell filed bug report #845247 as he found an endless loop when - getting a 407 back from a proxy when no user+password was given. Added test - case 94 to verify the fix. - -Daniel (19 November) -- Kevin Roth fixed a progress-bar problem on Windows. - -- While working with Nicolas Croiset's bug report #843739, I noticed two minor - problems related to ftp partial downloads: if a partial transfer is - detected, we must close the connection as we cannot know in what state it is - anymore. This looks like a ProFTPD bug: - https://curl.haxx.se/mail/lib-2003-11/0079.html - -Daniel (17 November) -- Maciej W. Rozycki made the configure script use a cache variable for the - writable argv test. This way, the default can be overridden better (for - cross-compiles etc) - -Daniel (15 November) -- Mathias Axelsson found out libcurl sometimes freed the server certificate - twice, leading to crashes! - -Daniel (14 November) -- Siddhartha Prakash Jain found a case with a bad resolve that we didn't - properly bail out from, when using ares. - -Daniel (13 November) -- Default Content-Type for parts in multipart formposts has changed to - "application/octet-stream". This seems more appropriate, and I believe - mozilla and the likes do this. In the same area: .html files now get - text/html as Content-Type. (Pointed out in bug report #839806) - -- Gisle Vanem corrected the --progress-bar output by doing a flush of the - output, which apparently makes it look better on at least windows, but - possibly other platforms too. - -- Peter Sylvester identified a problem in the connect code, which made the - multi interface on a IPv6-enabled Solaris box do bad. Test case 504 to be - specific. I've spent some time to clean-up the Curl_connecthost() function - now to use less duplicated code for the two different sections: IPv6 and - IPv4. - -Daniel (11 November) -- Added CURLOPT_NETRC_FILE. Use this to tell libcurl which file to use instead - of trying to find a .netrc in the current user's home directory. The - existing .netrc file finder is somewhat naive and is far from perfect on - several platforms that aren't unix-style. If this option isn't set when - CURLOPT_NETRC is set, the previous approach will still be used. - - The current .netrc check code now also support longer than 256 bytes path - names. - -Daniel (10 November) -- Kang-Jin Lee pointed out that the generated ca-bundle.h file shouldn't be - written in the source dir if a different build dir is used. - -- After Sébastien Willemijns' bug report, we now check the separators properly - in the 229-reply servers respond on a EPSV command and bail out better if - the reply string is not RFC2428-compliant. - -Daniel (7 November) -- Based on Gisle Vanem's patch, I made curl try harder to get the home - directory of the current user, in order to find the default .curlrc file. - We're also considering moving out the HOME-dir code from libcurl, and - instead have the app pass in the path to the .netrc file (which is the only - logic left in libcurl that uses the HOME dir). Then curl can use the home - dir for that purpose too. - -- Ralph Mitchell's updated testcurl.sh to the script to take an existing - directory name and build/run/test curl in there instead of trying to update - from CVS. Using this approach, the script can now be used to test daily - tarballs etc. - -- Gisle Vanem added a "resource file" to the Windows DLL builds, to contain - information such as version number, library name, copyright info etc. - -Daniel (6 November) -- curl checks if the existing libcurl supports things like --ntlm, --negotiate - and --krb4 and returns error if not. - -- I added three new global defines in the curl/curl.h header: - LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. They - are the three numbers in the library's version number, separated for easier - usage. 'maketgz' was updated accordingly to generate these numbers properly - when building release-archives. - -- Uninitialized variable fix, reported by both Marty Kuhrt and Benjamin - Gerard. - -- Matt Veenstra provided build files to build libcurl as a "framework" under - Mac OS X. See the lib/libcurl.framework.make for details. - -- Removed the defines of TRUE and FALSE from the curl/curl.h header file. - They're not in our name space so we should not fiddle with them. - -Daniel (5 November) -- Replaced the man page to HTML converter program with a new one: roffit. - Makes nicer web pages. - -Daniel (4 November) -- Troels Walsted Hansen fixed the MSVC makefiles to let them build curl fine - on Windows. - -- Kevin Roth corrected the cygwin package generator and spell-fixed the - comment in the ca-bundle.h file. - -Version 7.10.8 (1 November 2003) - -Daniel (31 October) -- Assume that MDTM on an FTP server returns the timestamp using the UTC time - zone. This changes the time CURLINFO_FILETIME returns for a given file over - FTP, and will change existing uses of CURLOPT_TIMECONDITION. It will make - the functionality more similar to how the HTTP one is already working. - -- Command line options that take numerical parameters (such as -y, -Y, -C etc) - now report error and exit if the parameter isn't truly a number greater than - or equal to zero. This helps users to notice bad usage earlier. Before, when - a user forgot or missed to add a numerical parameter to an option, the - command line parser would simply "eat" the following option and it would - cause great confusion. - -Daniel (30 October) -- David Hull made libcurl deal with NOBODY and HEADER for file:// the same way - it already does for FTP: it provides HTTP-looking headers that provide info - only about the file, without doing the actual transfer. The curl tool then - lets --head do this. - -Daniel (29 October) -- runtests.pl now checks for and use valgrind if present. It will redirect the - valgrind results in log/valgrind[num] but it currently doesn't scan that - file for any errors or anything, that is still only made manually. - -- David Hull made the file: URL parser also accept the somewhat sloppy file - syntax: file:/path. I added test case 203 to verify this. - -Daniel (28 October) -- Dan C tracked down yet another weird behavior in the glibc gethostbyname_r() - function for some specific versions (reported on 2.2.5 and 2.1.1), and - provided a fix. On Linux machines with these glibc versions, non-IPv6 - builds of libcurl would often fail to resolve perfectly resolvable host - names. - -Daniel (26 October) -- James Bursa found out that curl_msnprintf() could write the trailing - zero-byte outside its given buffer size. This could happen if you generated - a very long error message as then libcurl would overwrite the ERRORBUFFER - with one byte. Using a non-existing very long local file:// name is one case - that could make this occur. - -Daniel (24 October) -- David Hull filed bug report #829827. It identified a problem with -C - if - the full file already was downloaded and thus the server responded with a - 416. libcurl would then wrongly use the Content-Length: header and expect - that size to get transfer, causing a "hang" until the server closed the - connection and then an error 18 ("still N bytes data left of the transfer"). - - Now we don't return any error at all, but I think libcurl should perhaps - return some kind of info since the requested range was out of the size of - the document. - -- Based on David Hull's fix in bug report #804599, we now check for solaris and - gcc in configure and set the -mimpure-text link flag for linking the lib - better. - -- I've introduced a -t option to the runtests.pl script. With that option set, - the script runs special "memory torture" tests. For each test command line - in that section, the script first runs the command line and counts the total - amount of allocations made. It then runs the exact same command line again, - forcing allocation number N to fail. It will try every N from 1 to the total - number of amounts made. For every invoke, it checks that no memory was - leaked as that would indicate a bad cleanup somewhere in the code. - - This is just beginning to work, and I've already made some corrections in - libcurl code. When this code works somewhat fine, I'll make sure 'make test' - in the root dir will run these tests as well. - -Daniel (23 October) -- Georg Horn fixed how the CA verification is made. Verifications can now be - made while at the same time the result of it can be ignored. This also - affects the curl tool as -k can now be used together with --cacert or - --capath. - -Daniel (22 October) -- Gisle Vanem found out --disable-eprt didn't work and patched it. - -- Test case 91 was modified and could now repeat the problem Kevin Roth has - reported, and the bug was fixed. - -- Dylan Ellicott added vc-libcurl-ssl-dll as a target to the root makefile - to build a static libcurl that links with a shared OpenSSL using MSVC. - -Daniel (21 October) -- Andrés García updated the mingw32 makefiles. - -Version 7.10.8-pre5 (21 October 2003) - -Daniel (19 October) -- Georg Horn made libcurl output more info on SSL failures when receiving - data. - -Version 7.10.8-pre4 (18 October 2003) - -Daniel (17 October) -- Dominick Meglio implemented CURLOPT_MAXFILESIZE and --max-filesize. - -- Made libcurl show verbose info about what auth type and user name that is - being sent in its HTTP request-headers. - -Daniel (16 October) -- Removed support for CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. libcurl - no longer prompt for passwords under any circumstances. Password prompting - was instead moved to curl, which now prompts for password if -u or -U lack - it. This solves the problem Kevin Roth reported when curl prompted for - password twice when doing NTLM authentication. - -- I rewrote the SSL subjectAltName check to avoid having to rely on OpenLDAP- - licensed derivate code. - -Daniel (15 October) -- Avoid doing getsockopt() on Windows to verify connects. It seems that this - hogs Windows machines when libcurl is being used multi-threaded (with > ~50 - threads). Andrew Fuller helped us verify and test this. - -Daniel (14 October) -- Kimmo Kinnunen fixed a crash with duphandle() when CURLDEBUG is set. - -- Gisle Vanem made libcurl build and work with IPv6 on Windows. - -Daniel (13 October) -- Giuseppe Attardi reported yet another segfault with ares and the multi - interface. Me fixed. - -- Domenico Andreoli removed the extra LDFLAGS assignment in lib/Makefile.am - that was reported about in the debian bug report #212086. - - Domenico also fixed two makefiles where we used 'gnroff' instead of the more - portable $(NROFF). - -Daniel (12 October) -- Dirk Manske made the share locking around DNS lookups slightly different to - allow the share system's DNS lookups to run somewhat more - independent/faster. - -Daniel (9 October) -- Lachlan O'Dea fixed a resume problem: "If I set CURLOPT_RESUME_FROM, perform - an HTTP download, then reset CURLOPT_RESUME_FROM to 0, the next download - still has a Range header with a garbage value." bug report #820502 - -- Dominick Meglio made the inet_pton.c file build fine using MSVC. - -- The 'sws' test suite web server now #include setup.h from the lib directory. - This makes it more portable easier. - -Version 7.10.8-pre3 (8 October 2003) - -Daniel (8 October) -- Frank Ticheler provided a patch that fixes how libcurl connects to multiple - addresses, if one of them fails (IPv4 code). - -Daniel (7 October) -- Neil Dunbar provided a patch that now makes libcurl check SSL - subjectAltNames when matching certs. This is apparently detailed in RFC2818 - as the right thing to do. I had to add configure checks for inet_pton() and - our own (strictly speaking, code from BIND written by Paul Vixie) provided - code for the function for platforms that miss it. - -- HTTP POST using the read callback didn't work, as Florian Schoppmann - reported. - -Daniel (5 October) -- Shared provided a few fixes to make libcurl build on BeOS - out-of-the-box. New code for BeOS-style non-blocking sockets, provided by - Shard and Jeremy Friesner. Modified the autoconf check for non-blocking - sockets to check for this kind too. - -Daniel (4 October) -- Vincent Bronner pointed out that if you set CURLOPT_COOKIE for a transfer - and then set it to NULL in a subsequent one, the previous cookie was still - sent off! - -- Jon Turner fixed a problem libcurl had when it failed on an FTP transfer due - to a bad path, it would cause the next transfer to use a bad path as well. - -- Siddhartha Prakash Jain provided a patch with a fix for libcurl with ares, - when working on IP-only names as we then could return "wait" status when the - name in fact already was resolved. I edited the patch slightly to not expose - asynch details to non-ares aware source code. - -Daniel (3 October) -- Neil Spring posted the debian bug report #213180, and pointed out that using - the name 'access' in a function prototype is not very wise as some compilers - complain. - -- Peter Sylvester provided his and Jean-Paul Merlin's curlx.c example source - code that shows how they use ssl and callbacks. - -Daniel (2 October) -- James MacMillan's patch makes curl build on QNX 6.2.x. - -Daniel (26 September) -- My daughter was born! - -Daniel (23 September) -- Added support for -4/--ipv4 and -6/--ipv6 to force names to resolve to that - particular IP version. They only work for IPv6-enabled libcurls. - -- curl -V now outputs 'SPNEGO' as a feature in case libcurl was built to - support that. - -Version 7.10.8-pre2 (22 September 2003) - -Daniel (22 September) -- Giuseppe Attardi found a segfault in libcurl when using the multi interface - with ares and doing repeated operations against a non-resolving host name. - -Daniel (19 September) -- Added the CURLOPT_IPRESOLVE option, that allows an application to select - what kind of IP addresses he wants to use when resolving host names. This - is only interesting when using host names that resolve addresses using more - than one version of IP. - -- Applied Markus Moeller's patch that introduces SPNEGO support if libcurl - is built with the FBopenssl libraries. curl_version_info() now returns - info on SPNEGO availability. The patch also made the GSSAPI stuff work fine - with the MIT GSS-library (the Heimdal one still works too). - -Daniel (16 September) -- Doing PUT with --digest failed, as reported in bug report #805853. - -- Using --anyauth that picked NTLM, and then a redirect closed the connection - and took curl to a second NTLM page made curl fail. Bug report #806328 - identified the problem, test case 90 was added to verify the fix. - -Daniel (14 September) -- codemastr brought a patch for ares to make the Windows portions of it work - properly on NT4. I uploaded a new diff and updated the docs on where to get - it etc. - -- Jeff Pohlmeyer tracked down a very hard-to-find bug where we removed a - cached DNS entry even though it may be in use, which caused "random" memory - to get overwritten and thus "random" crashes. - -Daniel (12 September) -- Based on a bug report by David Kimdon, I made the runtests.pl script clear - all possible proxy environment variables before the tests are run. - -- By default, easy handles within a multi handle now share DNS cache. - -- Tim Bartley brought a patch that makes the GSSNEGOTIATE option work for - Microsoft's "Negotiate" authentication as well. - -Daniel (11 September) -- A zero-length proxy string confused FTP transfers. - -- Bjorn Reese found a case with an uninitialized pointer, only present when - built for ares. - -Version 7.10.8-pre1 (8 September 2003) - -Daniel (7 September) -- Jurij Smakov found out that the non-OpenSSL MD5 code was not working on - Alpha (or ia64). Only the OpenSSL-version did. I made a fix I think corrects - the problem. - -Daniel (5 September) -- Kevin Fisk reported that configure --enable-thread didn't work. I fixed. - -- De-macrofied the lib/hash.c source code somewhat. - -Daniel (4 September) -- CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL added, Based on Joerg - Mueller-Tolk's patch, - -Early (4 September) -- Added CURLOPT_FTP_RESPONSE_TIMEOUT - allows user to set strict timeout - requirements on the FTP server's ability to respond to individual commands - without placing global requirements on transfer or connect time. Files - affected: - - include/curl/curl.h - Added option CURLOPT_FTP_RESPONSE_TIMEOUT - - lib/ftp.c - Added branch inside Curl_GetFTPResponse to check for - data->set.ftp_response_timeout - - lib/url.c - Modified Curl_setopt to recognize CURLOPT_FTP_RESPONSE_TIMEOUT - - lib/urldata.h - Added ftp_response_timeout to struct UserDefined - -Daniel (3 September) -- Peter Pentchev found and fixed two problems in the test suite's web server - code, that made it segfault at times. - -- Jörg Mueller-Tolk improved the proxy user+password handling, especially - when providing a blank password. - -Daniel (2 September) -- Fix for making CONNECT to proxies do the correct magic to allow NTLM, Digest - and similar to work. - -Daniel (1 September) -- Henrik Storner made libcurl work fine with OpenLDAP 2.1.22 (current). - -- Jeff Pohlmeyer added a proper error message for non-resolving hosts when - using ares for lookups. - -Daniel (25 August) -- John McGowan reported that curl -k still failed if the HTTPS server's CN - field wasn't obtainable. This was due to the CURLOPT_SSL_VERIFYHOST being - set to 1, and libcurl failed if the CN was missing. Starting now, having it - set to 1 will simply output a warning if no CN could be obtained (as having - a mismatch is OK). - -Daniel (21 August) -- Vincent Sanders provided a fix for name resolving when linked with uClibc. - -Daniel (20 August) -- Gerd v. Egidy provided a patch that makes libcurl store the FTP response - code from ftp servers. Using curl_easy_getinfo() with CURLINFO_HTTP_CODE - returns that data. The option is therefore now also known as - CURLINFO_RESPONSE_CODE. - -- Antoine Calando found a segfault when doing multi-part/formpost using - the multi interface. - -- Antoine Calando pointed out that curl_multi_info_read() didn't set the - msgs_in_queue to 0 properly when returning NULL. - -Daniel (19 August) -- I made curl support multiple -T options, as well as -T "{file1,file2}" - style globbing. One -T for each URL is supported. - -- Jeff Pohlmeyer found a segfault when using ares-enabled libcurl and the - multi interface when trying a non-existing host name. - -- Made the libcurl printf code support long longs if available. - -- Loren Kirkby pointed out that we did not clean up all SSL-allocated memory - in curl_global_cleanup(). - -Daniel (17 August) -- Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL will now make - them get the internal defaults restored. Previously this could cause a - segfault. We should aim at having all pointer-related options get restored - to default/safe values when set to NULL. - -Version 7.10.7 (15 August 2003) - -Daniel (14 August) -- I modified the memdebug system to return failure on memory allocation - functions after a set amount of successful ones. This enables us to test - out-of-memory situations in a controlled manner and we can make sure that - curl/libcurl behaves good in those. - - This made me find and fix several spots where we did not cleanup properly - when bailing out due to errors (low memory). - -- Corrected test case 74. Made using -o with bad #[num] codes complain and - bail out. Made #[num] support numbers larger than 9 as well. Added test - case 86 for a proper range globbing test as well. - -Version 7.10.7-pre4 (12 August 2003) - -Daniel (12 August) -- curl_version_info() now returns a flag if libcurl was built with asynch DNS - support, and this is now also displayed with 'curl -V'. - -- Added a few new man pages to the docs/libcurl dir: curl_share_init, - curl_share_setopt, curl_share_cleanup, libcurl-easy and libcurl-share. - -Daniel (11 August) -- Mike Cherepov made the local binding code work for Windows, which makes - the option CURLOPT_INTERFACE work on Windows as well. - -- Vincent Sanders updated the fopen.c example code a lot. - -- --proxy-ntlm is now supported by the curl tool. It forces the proxy - authentication to be made using NTLM. It does not yet work for HTTPS over - proxies (or other proxy-tunneling options). Test case 81 and 82 do some - simple initial ntlm testing. - -- Found and fixed a minor memory leak on re-used connections with - proxy-authentication. - -- I removed -@ and -Z as valid short options. They were very rarely used (@ - wasn't even documented). - -- Serge Semashko introduced CURLOPT_PROXYAUTH, and make it work when set to - CURLAUTH_NTLM and/or CURLAUTH_BASIC. The PROXAUTH is similar to HTTPAUTH, - but is for the proxy connection only, and HTTPAUTH is for the remote host. - -- Fixed loading of cookies with blank contents from a cookie jar. Also made the - cookie functions inform on added and skipped cookies (for cookie debugging). - -Version 7.10.7-pre3 (8 August 2003) - -Daniel (8 August) -- Applied David Byron's fix for file:// URLs with drive letters included. - -- I added the --ftp-create-dirs to the client code, which activates Early's - CURLOPT_FTP_CREATE_MISSING_DIRS option, and wrote test case 147 to verify - it. Added the option to the curl.1 man page too. Added the option to the - curl_easy_setopt.3 man page too. - -Daniel (7 August) -- Test case 60 failed on ia64 and AMD Opteron. Fixed now. - -- Fixed a printf problem that resulted in urlglobbing bugs (bug #203827 in the - debian bug tracker). Added test case 74 to verify the fix and to discover if - this breaks in the future. - -- "make distcheck" works again. - -Version 7.10.7-pre2 (6 August 2003) - -Daniel (5 August) -- Duncan Wilcox helped me verify that the latest incarnation of my ares patch - builds fine on Mac OS X (see the new lib/README.ares) file for all details. - -- Salvatore Sorrentino filed bug report #783116 and Early Ehlinger posted a - bug report to the libcurl list, both identifying a problem with FTP - persistent connections and how the dir hierarchy was not properly reset - between files. - -- David Byron's thoughts on a fixed Makefile in tests/ were applied. - -- Jan Sundin reported a case where curl ignored a cookie that browsers don't, - which turned up to be due to the number of dots in the 'domain'. I've now - made curl follow the the original netscape cookie spec less strict on that - part. - -Daniel (4 August) -- Dirk Manske added cookie support for the experimental, hidden and still - undocumented share feature! - -- Mark Fletcher provided an excellent bug report that identified a problem - with FOLLOWLOCATION and chunked transfer-encoding, as libcurl would not - properly ignore the body contents of 3XX response that included the - Location: header. - -Early (6 August) -- Added option CURLOPT_FTP_CREATE_MISSING_DIRS - This option will force the target file's path to be created if it - does not already exist on the remote system. - - Files affected: - - include/curl/curl.h - Added option CURLOPT_FTP_CREATE_MISSING_DIRS - - lib/ftp.c - Added function ftp_mkd, which issues a MKD command - Added function ftp_force_cwd, which attempts a CWD, - and does a MKD and retries the CWD if the original CWD - fails - Modified ftp_perform() to call its change directory function - through a pointer. The pointer points to ftp_cwd by default, - and is modified to point to ftp_force_cwd IFF - data->set.ftp_create_missing_dirs is not 0. - - lib/url.c - Modified Curl_setopt to recognize CURLOPT_FTP_CREATE_MISSING_DIRS - - lib/urldata.h - Added ftp_create_missing_dirs to struct UserDefined - -- Minor Bugfix for CURLOPT_TIMECONDITION with FTP - if the file was not - present to do the time comparison, it would fail. - Files affected: - - lib/ftp.c - In ftp_perform(), the call to ftp_getfiletime() used to be followed - by - if (result) - return result; - And then by the code that actually did the time comparison. - The code that did the comparison handled the case where the filetime - was not available (as indicated by info.filetime < 0 or set.timevalue - < 0), so I replaced the if (result) return result with a switch(result) - that allows CURLE_FTP_COULDNT_RETR_FILE to fall through to the - normal time comparison. - -Daniel (3 August) -- When proxy authentication is used in a CONNECT request (as used for all SSL - connects and otherwise enforced tunnel-thru-proxy requests), the same - authentication header is also wrongly sent to the remote host. - - This is a rather significant info leak. I've fixed it now and mailed a patch - and warning to the mailing lists. - -Daniel (1 August) -- David Byron provided a patch to make 7.10.6 build correctly with the - compressed hugehelp.c source file. - -Version 7.10.7-pre1 (31 July 2003) - -Daniel (30 July) -- Jörg Müller-Tolk updated the VC makefile. - -- Daniel Noguerol made the ftp code output "Accept-Ranges: bytes" in similar - style like other faked HTTP headers when NOBODY and HEADER are used. I - updated two corresponding test cases too. - -- Marty Kuhrt pointed out a compilation problem on VMS due to my having - changed a type from long to time_t, and I'm now changing it back to work - more portably... - - He also indicated that distributing the src/hugehelp.c in a compressed state - like I accidentally did may not be the smartest move... I've now fixed the - distribute procedure to automatically generate an uncompressed version when I - make release archives. - -Daniel (29 July) -- Gisle Vanem brought changes to the mkhelp script for the generation of the - compressed help text on some platforms. - -Version 7.10.6 (28 July 2003) - -Daniel (28 July) -- François Pons brought a patch that once again made curl deal with ftp and - "double slash" as indicating the root directory. In the RFC1738-fix of April - 30, that ability was removed (since it is not the "right" way). So, starting - now we can list the root dir of an ftp server both these ways: - - curl ftp://server.com/%2f as well as - curl ftp://server.com// - -Daniel (24 July) -- Henry Bland pointed out that we included sys/resource.h without good reason - in several source files. Without it included, QNX builds better... - -- Andrés García updated the mingw makefiles. - -Daniel (23 July) -- Tracy Boehrer experienced DNS cache problems and did some nice debugging - and tracking which made it easy for me to correct the problem and Tracy - could verify that it did cure the problem! When re-using a connection we - now make sure we don't re-use the 'connect_addr' struct. - -- Daniel Kouril corrected the GSS-Negotiate code. - -- Juan F. Codagnone provided fixes to allow curl to build fine on Windows - again. - -Daniel (22 July) -- Edited the curl/curl.h include file to build on Windows properly. - -Daniel (21 July) -- Moved the proxy credentials from the SessionHandle struct to the connectdata - struct, to make multiple proxy connections with differerent user names work. - -- Adjusted the NTLM code to support proxy functionality. - -- Made the krb4 stuff compile with the user+password fields moved. - -Version 7.10.6-pre4 (21 July 2003) - -Daniel (20 July) -- David Gardner pointed out in bug report 770755 that using the FTP command - CWD with a blank argument is a bad idea and I made libcurl skip empty path - segments starting now. - -Daniel (18 July) -- Cris pointed out that my fix on July 16th didn't work fully. His pointing - out this (and his patch) also made me realize that we have a very similar - bug in the FTP connection re-use code. We must store a separate user and - password field for each connection we keep (at least for FTP and HTTP+NTLM - connections, so I made us do this unconditionally). - -- Since NTLM authenticates connections instead of single requests, I had to - re-arrange how we store the NTLM data and I had to improve the test suite to - finally work properly with persistency to make the NTLM tests run fine - again. This also forced me to have to update lots of HTTP test cases. - -Daniel (16 July) -- Cris Bailiff's bug report 768275 pointed out that using Basic auth with - wrong user+password caused an endless loop. Fixed now. He also found out that - we didn't properly authenticate connections with NTLM. Fixed too. - -- Dan Winship provided fixes for the NTLM code. - -Daniel (5 July) -- Doug Kaufman provided additional fixes for the DOS port. - -Daniel (4 July) -- Rick Richardson pointed out that using setvbuf() to achieve non-buffering - on output is no-good for SCO Xenix and other unixes. We switched over to - using plain fflush() instead. - -- Dan Grayson pointed out that we set the CURL_CA_BUNDLE variable wrongly in - the configure script, and I had to change some build stuff to make the new - way work. - -- Peter Sylvester's patch was applied that introduces the following: - - CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the - OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If - anything but CURLE_OK is returned, that will also be returned by libcurl - all the way back. If this function changes the CURLOPT_URL, libcurl will - detect this and instead go use the new URL. - - CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set - with CURLOPT_SSL_CTX_FUNCTION. - -Daniel (1 July) -- David Byron provided a patch that allows a client to quit the test suite's - HTTP server. - -- Gisle Vanem found and patched a lib handle leak in the ldap code. - -Daniel (25 June) -- More NTLM-improvements. Less code. Smaller packets back and forth. - -Daniel (23 June) -- Eric Glass provided us with a better doc on NTLM details, and I added more - comments and clarified the current code more. Using the new knowledge, we - should be able to make the NTLM stuff work even better. - Eric's original URL: https://davenport.sourceforge.io/ntlm.html - Version stored and provided at curl site: https://curl.haxx.se/rfc/ntlm.html - -- Fixed the minor compile problems pre3 had if built without GSSAPI and/or - SSL. - -Version 7.10.6-pre3 (19 June 2003) - -Daniel (19 June) -- Made curl use curl_free() on memory returned by curl_getenv(), as this - should theoreticly make it possibly to build and run curl and libcurl with - different memory allocation schemes with no problems. - -Daniel (18 June) -- Improved the mkhelp.pl a bit further to make a nicer hugehelp text and to - include a better comment in the top for the gzip compressed version. - -Daniel (17 June) -- CURLOPT_HTTPAUTH is now a bitmask, in which you set which authentication - type(s) you want to use. If more than one is set, libcurl will use one of - the selected one and the one it considers is more secure. Test case 67 and - 68 (for NTLM) were fixed and we've reduced a round-trip for specific --ntlm - fetches, and test case 69 and 70 were added for testing authentication - "picking". --anyauth is the new command line tool option, and I also added - --basic for completeness (that's the default type). - -- Fixed the runtests.pl script to use the info provided by the new curl -V - output. - -- --enable-debug now sets the CURLDEBUG define instead of MALLOCDEBUG, as it - is meant to be a generic debug conditional. - -- curl_version_info() can now return CURL_VERSION_DEBUG as a feature bit, to - indicate that the library was built with CURLDEBUG set. - -- Ralph Mitchell found out that some web applications very badly uses white - spaces in Location: redirects, and apparently IE is a browser (the only - one?) that supports this abomination. Based on Ralph's patch, I added code - that now attempts to replace white spaces with the proper "%20" or "+". - Test case 40 and 42 were added to verify my changes. - -- curl -V now also outputs a list of features the available library offers (if - any). - -- The curl_version() string now includes "GSS" if libcurl is built with GSSAPI - support. - -- David Orrell reported that libcurl still crashed when sending HUGE requests - over HTTPS... I fixed. - -Version 7.10.6-pre2 (16 June 2003) - -Daniel (16 June) -- curl_version_info() now returns bitmasked information weather NTLM and - GSSNEGOTIATE are supported, since it is doomed to vary on different - installations. - -- I remade the HTTP Digest code to use the MD5-code provided by OpenSSL if - that is present, and only use our own MD5-code if it isn't. - -Daniel (13 June) -- More NTLM help, fixes and patches from Cris Bailiff. - -- Marty Kuhrt brought include fixes for making VMS builds warning-free. - -Daniel (12 June) -- NTLM authentication works somewhat against the test servers provided by - Mathias Axelsson and Cris Bailiff. Use by setting CURLOPT_HTTPAUTH to - CURLAUTH_NTLM to libcurl, or --ntlm for the curl tool. Test case 67 and 68 - were added for this. NTLM-support requires OpenSSL. - -- Dan Fandrich provided a patch, that granted that gzip and libz are available - at build-time, compresses the hugehelp text in the curl command line and - uncompresses it at request. Saves some ~60K in the final output executable. - -Daniel (11 June) -- Long day of fighting the NTLM demons. - -Daniel (10 June) -- Modified how to set auth type to libcurl. Now use CURLOPT_HTTPAUTH instead, - and pick method. Supported ones currently are: - CURLAUTH_BASIC - default selection - CURLAUTH_DIGEST - formerly CURLOPT_HTTPDIGEST - CURLAUTH_GSSNEGOTIATE - -- Daniel Kouril added HTTP GSS-Negotiate authentication support, as defined in - the IETF draft draft-brezak-spnego-http-04.txt. In use already by various - Microsoft web applications. --negotiate is the new family member. To take - advantage of this, you need one of these packages: - - o Heimdal Kerberos5 http://www.pdc.kth.se/heimdal/heimdal.html - o GSSAPI from Globus http://www.globus.org/ - o GSSAPI libraries from MIT Kerberos5 http://web.mit.edu/kerberos/www/ - -- A missing ending bracket (']') while doing URL globbing could lead to a - segfault. While fixing this, I also introduced better error reporting in the - globbing code. (All this is application code outside libcurl.) - -Daniel (6 June) -- David Orrell found out that sending a huge GET request over HTTPS could - make libcurl fail and return an error code. - -Daniel (2 June) -- Richard Bramante found out that "Content-Length: 0" was not properly used by - libcurl if the response-headers indicated that the connection would be - closed. - -- David Byron's patch was applied, that makes the --progress-bar take the - local size into account when doing resumed downloads. - -- Feedback from Serge Semashko made me change the error message returned when - CURLE_HTTP_RETURNED_ERROR is returned. - -- Anonymous in bug report #745122 pointed out that we should really be using - SSL_CTX_set_options(... SSL_OP_ALL) to work around flaws in existing SSL - implementations. - -Daniel (27 May) -- Andreas Ley and Rich Gray helped me point out that no version of HP-UX has - the sys/select.h header file so including it unconditionally in curl/multi.h - is not a good thing. Now we check for HPUX and avoid using that header on - such systems. - -- Rudy Koento experienced problems with curl's recent habit of POSTing data in - two separate send() calls, first the headers and then the data. I've now - made a fix that for static and known content that is less than 100K in size, - everything is now sent in one single system call again. This is also better - for network performance reasons. - -- I modified the main makefile to not build the test suite and a few other - unnecessary things by default. Now, the test suite is built when 'make test' - is run. This reduces build time for those who don't care for the test - suite, and it also reduces confusion for people using platforms where the - test suite build fails! - -Daniel (26 May) -- Chris Lewis pointed out a flaw in the #ifdefs in curl/multi.h for Windows, - which is now corrected. - -- Jis Joy found another flaw in the SOCK5 code, as libcurl treated the socks5 - proxy a little too much like as if it was a http proxy. - -Daniel (23 May) -- Ricardo Cadime found a socket leak when listing directories without - contents. Test cases 144 and 145 were added to verify the fix. - -- Rudy Koento found yet another problem when a HTTP server returns only a - single-line of contents without any headers at all. libcurl then failed to - count the data, thus returning error 52 "no contents". Test case 66 was - added to verify that we now do right. - -Version 7.10.6-pre1 (23 May 2003) - -Daniel (23 May) -- Jis in bug report #741841, fixed a bug in the SOCKS5 proxy-using code. - -Daniel (22 May) -- David Remahl set up a test-server for me providing Digest authentication, - and I wrote the first working code that support it. The test suite was - modified slightly as well to work better for it and --digest was added to - the command line options (and CURLOPT_HTTPDIGEST to the library)... RFC2617 - has all the gory details. - -Daniel (21 May) -- David Balazic pointed out that curl_unescape() didn't check that %-codes - were correctly followed by two hexadecimal digits when it unescape strings. - Now, we do the check and only %XX codes are unescaped if the X letters are - hexadecimals. - -- Gisle Vanem made curl build with djgpp on DOS. - -- Gisle Vanem improved the mkhelp.pl script to make a nicer manual that is - shown with curl -M. - -Daniel (20 May) -- Gisle Vanem provided a fix that makes libcurl more conservative, not - expecting h_aliases of the hostent struct to always be non-NULL. - -Daniel (19 May) -- As requested by Martin Michlmayr in Debian bug report #193630, libcurl now - supports user name and password in the proxy environment variables. Added - test case 63 to verify this. - -Version 7.10.5 (19 May 2003) - -Daniel (15 May) -- Changed the order for the in_addr_t testing, as 'unsigned long' seems to be - a very common type inet_addr() returns. - -Daniel (14 May) -- George Comninos provided a fix that calls the progress meter when waiting - for FTP command responses take >1 second. It'll make applications more - "responsive" even when dealing with very slow ftp servers. - -Daniel (12 May) -- George Comninos pointed out that libcurl uploads had two quirks: - o when using FTP PORT command, it used blocking sockets! - o it could loop a long time without doing progress meter updates - Both items are fixed now. - -Daniel (9 May) -- Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if - set to "". This frees the application from having to know which encodings - the library supports. - -- Dan Fandrich pointed out we had three unnecessary files in CVS that is - generated with libtoolize, so they're now removed and libtoolize is invoked - accordingly in the buildconf script. - -- Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the - given name is a network interface gave a real performance penalty on Linux, - so now we more appropriately first check if it is an IP number and if so - we don't check for a network interface with that name. - -- CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts - to use EPRT and LPRT before the traditional PORT command. The command line - tool sets this option with '--disable-eprt'. - -Version 7.10.5-pre2 (6 May 2003) - -Daniel (6 May) -- Kevin Delafield reported another case where we didn't correctly check for - EAGAIN but only EWOULDBLOCK, which caused badness on HPUX. - -Daniel (4 May) -- Ben Greear noticed that the check for 'writable argv' exited the configure - script when run for cross-compiling, which wasn't nice. Now it'll default to - no and output a warning about the fact that it was not checked for. - -Daniel (2 May) -- Added test case 62 and fixed some more on the cookie sending with a custom - Host: header set. - -Daniel (1 May) -- Andy Cedilnik fixed a few compiler warnings. - -- Made the "SSL read error: 5" error message more verbose, by adding code that - queries the OpenSSL library to fill in the error buffer. - -Daniel (30 Apr) -- Added sys/select.h include in the curl/multi.h file, after having been - reminded about this by Rich Gray. - -- I made each test set its own server requirements, thus abandoning the - previous system where the test number implied what server(s) to use for a - specific test. - -- David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so - that libcurl now uses one CWD command for each path part. A bunch of test - cases were fixed to work accordingly. - -- Cookie fixes: - - A. Save domains in jars like Mozilla does. It means all domains set in - Set-Cookie: headers are dot-prefixed. - B. Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars - (the second column). - C. Reject cookies using illegal domains in the Set-Cookie: line. Concerns - both domains with too few dots or domains that are outside the currently - operating server host's domain. - D. Set the path part by default to the one used in the request, if none was - set in the Set-Cookie line. - - To make item C really good, I also made libcurl notice custom Host: headers - and extract the host name set in there and use that as the host name for the - site we're getting the cookies from. This allows user to specify a site's - IP-address, but still be able to receive and send its cookies properly if - you provide a valid Host: name for the site. - -Daniel (29 Apr) -- Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine - when using the multi interface (too). - -Version 7.10.5-pre1 (23 Apr 2003) - -Daniel (23 Apr) -- Upgraded to libtool 1.5. - -Daniel (22 Apr) -- Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly) - return CURLE_OK no matter what happens. - -- Dan Fandrich fixed some gzip decompression bugs and flaws. - -Daniel (16 Apr) -- Fixed minor typo in man page, reported in the Debian bug tracker. - -Daniel (15 Apr) -- Fixed some FTP tests in the test suite that failed on my Solaris host, due - to the config.h not being included before the system headers. When done that - way, it did get a mixed sense of if big files are supported or not and then - stat() and fstat() (as used in test case 505) got confused and failed to - return a proper file size. - -- Formposting a file using a .html suffix is now properly set to Content-Type: text/html. - -Daniel (14 Apr) -- Fixed the SSL error handling to return proper SSL error messages again, they - broke in 7.10.4. I also attempt to track down CA cert problems and then - return the CURLE_SSL_CACERT error code. - -- The curl tool now intercepts the CURLE_SSL_CACERT error code and displays - a fairly big and explanatory error message. Kevin Roth helped me out with - the wording. - -Daniel (11 Apr) -- Nic Hines provided a second patch for gzip decompression, and fixed a bug - when deflate or gzip contents were downloaded using chunked encoding. - -- Dan Fandrich made libcurl support automatic decompression of gzip contents - (as an addition to the previous deflate support). - -- I made the CWD command during FTP session consider all 2xy codes to be OK - responses. - -Daniel (10 Apr) -- Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash - after the host name, but still had "?" and parameters appended, as in - "http://hostname.com?foobar=moo", were not properly parsed by libcurl. - -Daniel (9 Apr) -- Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as - for HTTP. This then made -z work for ftp transfers too. Added test case 139 - and 140 for verifying this. - -- Getting the file date of an ftp file used the wrong time zone when - displayed. It is supposedly always GMT. Added test case 141 for this. - -- Made the test suite's FTP server support MDTM. - -- The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs - CURLINFO_HEADER_IN data as well. The most notable effect from this is that - using curl -v, you get to see the incoming "headers" as well. This is - perhaps most useful when doing ftp. - -Daniel (8 Apr) -- James Bursa fixed a flaw in the Content-Type extraction code, which missed - the first letter if no space followed the colon. - -- Magnus Nilsson pointed out that share.c was missing in the MSVC project - file. - -Daniel (6 Apr) -- Ryan Weaver provided a patch that makes the CA cert bundle not get installed - anymore when 'configure --without-ssl' has been used. - -Daniel (4 Apr) -- Martijn Broenland found another cases where a server application didn't - like the boundary string used by curl when doing a multi-part/formpost. We - modified the boundary string to look like the one IE uses, as this is - probably gonna make curl work with more applications. - -Daniel (3 Apr) -- Kevin Roth reported that a bunch of tests fails on cygwin. One set fails - when using perl 5.8 (and they run fine with perl 5.6), and another set - failed because of an artifact in the test suite's FTP server that I - corrected. It turned out the FTP server code was still having a file opened - while the main test script removed it and invoked the HTTP server that - attempted to create the same file name of the file the FTP server kept open. - This operation works fine on unix, but not on cygwin. - -Version 7.10.4 (2 Apr 2003) - -Daniel (1 Apr) -- Added test case 505 to exercise FTP upload with rename done with libcurl, - and for that I had to extend the test suite's FTP server to deal with the - RNFR and RNTO commands. - -Daniel (31 Mar) -- Even more SSL config check modifications after Richard's testing. - -Version 7.10.4-pre6 (31 Mar 2003) - -Daniel (31 Mar) -- More fixes for the SSL session ID cache checks when SSL configs are changed - between connections. Based on tests and talks with Richard Bramante. - -- Guillaume Cottenceau provided a patch that added CURLOPT_UNRESTRICTED_AUTH. - When enabled, it will prevent libcurl from limiting to which host it sends - user+password to when following locations. By default, libcurl only sends - name and password to the original host used in the first URL, but with this - option set it will send the auth info to all hosts it follows location - headers to. The new tool command line option for this is named - "--location-trusted". - -- Frankie Fong reported a problem with libcurl if you re-used an easy handle - with a proxy, and you first made a https:// connection to a host and then - switched to a http:// one to the same host. libcurl would then wrongly re-use - the same connection for it and fail to get the second URL properly - -Daniel (29 Mar) -- Dan Shearer's fix that makes curl complain if invoked with nothing but "curl - -O" was applied. - -Daniel (26 Mar) -- Bryan Kemp was friendly enough to lend me an account on his Redhat 9 box and - I could fix the configure problems on redhat 8.1 and 9 in no time thanks to - this. Thanks a bunch Bryan! - -Daniel (25 Mar) -- Renamed configure.in to configure.ac - -Version 7.10.4-pre5 (25 Mar 2003) - -Daniel (25 Mar) -- Richard Bramante provided a fix for a handle re-use problem seen when you - change options on an SSL-enabled connection between requests. Previously, - changing peer verification or host verification and similar things was not - taken into account when a connection were checked for re-use and thus - enabling stricter check between requests on a re-used connection made no - difference and the connection would thus be used erroneously. - -Daniel (24 Mar) -- Götz Babin-Ebell pointed out that the ca-bundle.crt file contained a - certificate from Trustcenter that was a demo certificate only that was never - intended to be part of a CA bundle. - -Daniel (21 Mar) -- Life is a mystery. Within a time period of 17 hours, Tim Pope and Michael - Churchill filed one bug report each, both identifying problems with a second - transfer when doing persistent transfers re-using a connection. Tim's one is - #706624, labeled "Multiple uploads per handle fail" and Michael's #707003 - "Does not send Authorization: header when reusing connection". I could track - both down to the same piece of logic and it turned out libcurl was not using - new settings properly when re-using an existing connection. This concerned - both uploading and downloading and involved exactly those pieces these two - reports identified. This code has been this faulty since the day I - introduced persistent connection support in libcurl, more than 2 years ago. - -Daniel (20 Mar 2003) -- Five year anniversary. Today five years ago, the first ever curl release saw - the light of day. - -Daniel (17 Mar) -- Andy Cedilnik corrected flaws in some libcurl example-usage sources. - -Daniel (16 Mar) -- Juan F. Codagnone reported that the fix from March 2nd was incomplete. - -- Added code to the configure.in to check for select() argument types. I've - not made any code use the results just yet though. - -Daniel (15 Mar) -- Gisle Vanem provided two patches to build better on Windows. - -- Adjusted the test suite code to better make sure that the server(s) required - for a specific test is properly started before the test case is attempted. - Many tests now run a lot faster than before. - -Daniel (14 Mar) -- Another configure.in adjustment made the configure detect functions properly - on HPUX now. - -Daniel (13 Mar) -- Philippe Raoult fixed pre4-compile quirks for FreeBSD. - -Version 7.10.4-pre4 (13 Mar 2003) - -Daniel (13 Mar) -- Added a backup-check for functions that aren't found by AC_CHECK_FUNCS() - as I believe some checks on HPUX need this. At least some of the info given - to us by Rick Jones seemed to indicate this. - -Daniel (12 Mar) -- Thomas Tonino found out that if you used the curl tool to do PUT operations - as in 'curl www.foo.com/dir/ -T file' and the file name included for example - space or other characters that don't belong in URLs, curl did not properly - URL encode them before using them in the URL. - -- Added an option to configure called --enable-libgcc that simply adds -lgcc - to the LIBS variable, as this seems to be a common problem. - -- I modified the configure.in file, so that the headers are now checked in an - order of "viality". We must also make sure to use the "default headers" - parameter to AC_CHECK_HEADERS() so that headers are checked with the proper - prerequisites included (i.e all the major and generally important header - files are included there by default). This might be what we need for various - Sun, HP, AIX and Tru64 systems to behave good again on the header check - front. - -- Rick Jones pointed out a few compiler warnings on HP-UX that I addressed. - -- I made the configure --help output nicer by using AC_HELP_STRING() a lot - more. - -Daniel (11 Mar) -- Christophe Demory fixed the socket sending code to work better on HP-UX - when sending data to a socket that would block. It then returns EAGAIN, not - EWOULDBLOCK. - -- Richard Gorton improved the seeding function for systems without a good - and reliable random source. - -- Richard Gorton fixed a few warnings that popped up when you built curl - using the Sun compiler on a 64bit SPARC platform. - -- Martin C. Martin fixed a case where a connect failure using the multi - interface didn't produce a human readable error string. - -Daniel (10 Mar) -- Reverted ltmain.sh back to libtool 1.4.2 status again, as the 1.4.3 version - broke the build on numerous platforms. It seems that libtool 1.4.3 puts some - requirements on what versions of the other tools (autoconf + automake) that - I am not familiar with and thus I couldn't fulfill at this point. - - Yes, this is more than mildly frustrating. - -Daniel (7 Mar) -- Run libtoolize version 1.4.3. - -Version 7.10.4-pre3 (4 Mar 2003) - -Daniel (3 Mar) -- Added share.obj to the VC6 and Borland libcurl makefiles. - -- Troels Walsted Hansen found and investigated a problem with libcurl on AIX, - presumably only on 4.3 or later. gethostbyname_r() is not returning data - that is possible to "keep" and cache the way libcurl does. But instead these - versions of AIX uses a gethostbyname() that works thread-safely we can - instead use the ordinary gethostbyname() and our pack_hostent() approach to - achieve what we want. The configure script now attempts to detect AIX 4.3 or - later to adjust for this. - -Daniel (2 Mar) -- Juan F. Codagnone found a problem introduced in 7.10.3 when you first did a - POST and then back to a GET using the same easy handle. - -Daniel (28 Feb) -- Removed the strequal and strnequal defines from curl/curl.h header. They - were never meant for the public header anyway. Philippe Raoult brought it - up. - -- James Bursa fixed the RISC OS build. - -Daniel (27 Feb) -- Avery Fay pointed out the very misleading curl_multi_info_read man page, and - I updated it to become more accurate. - -- Salvatore Sorrentino found a problem with FTP downloading that turned out to - be his FTP server returning size zero (0 bytes) when SIZE was used on a file - while being in BINARY mode. We now make a second check for the actual size - by scanning the RETR reply anyway, even if the SIZE command returned 0. - -Daniel (26 Feb) -- Kyle Sallee reported a case where he would do a transfer that didn't update - the progress meter properly. It turned out to be a case where libcurl would - loop a little too eagerly in the transfer loop, which isn't really good for - the APIs, especially not the multi API. - -Version 7.10.4-pre2 (24 Feb 2003) - -Daniel (24 Feb) -- Kjetil Jacobsen found out that setting CURLOPT_MAXCONNECTS to a value higher - than 5 could cause a segfault. - -- I believe I fixed the 'Expect: 100-continue' behavior that has been broken - for a while (I think since my change dated Dec 10 2002). When this header is - used, libcurl should wait for a HTTP 100 (or timeout) before sending the - post/put data. - -Daniel (14 Feb) -- Matthew Clarke provided some info what to modify to make curl build - flawlessly on AIX 3.2.5. - -- Martin C. Martin found and fixed a problem in the multi interface when - running on Windows and trying to connect to a port without a listener. - -Daniel (13 Feb) -- Christopher R. Palmer fixed Curl_base64_encode() to deal with zeroes in the - data to encode. - -Daniel (4 Feb) -- Jean-Philippe added the first code that enables the 'share' system. This - should now enable sharing of DNS data between two curl easy handles. - -- Incorporated Nico Baggus' fixes to again compile flawlessly on VMS. - -- James Bursa corrected a bad comment in the public include file curl/multi.h - -- Peter Forret reported one of those error:00000000 cases in libcurl again - when connecting to a HTTPS site, and this time I did discover some oddities - in how curl reports SSL errors back. It could miss showing the actual error. - -Version 7.10.4-pre1 (3 Feb 2003) - -Daniel (3 Feb) -- Removed things in the docs saying capath doesn't work on Windows, as Julian - Noble told us it works fine. - -Daniel (31 Jan) -- Kevin Roth fixed the zlib build stuff in the Mingw32 makefile. - -Daniel (30 Jan) -- Kevin Roth found out that curl on Windows always checked for the CA cert - bundle using the environment variable and the path scan, even though - -k/--insecure was used. - -- Hamish Mackenzie pointed out that curl only did strict host name verifying - if capath or cainfo was used. Now it'll always do it unless -k / --insecure - is used! - -- Pavel Cenek pointed out that the Content-Type extraction was done wrongly - as the full string was not fetched. Added test case 57 to verify that curl - does it right now. - -Daniel (29 Jan) -- Jamie Wilkinson provided a patch that now makes curl attempt to clear out - "sensitive" command line arguments so that they don't appear in ps outputs - (only on platforms that allow writing to argv[]). - -- John McGowan found out that the DEBUGFUNCTION could be called with bad - arguments and thus cause the --trace outputs to go wrong. - -- Removed all the emacs local variables from all files. Mats Lidell provided - the new sample.emacs file (for a sample of what to include in your .emacs) - and the curl-style.el that sets a better c-style for editing curl sources. - -- Dave Halbakken found a problem with FTP downloads that could accidently - return CURLE_PARTIAL_FILE when curl_easy_perform() was called with NOBODY - set TRUE. - -Daniel (27 Jan) -- The fopen.c example was flawed as Nick Humfrey noticed, and I fixed it to - work again. - -Daniel (24 Jan) -- Bertrand Demiddelaer found and fixed a memory leak (the content-type string) - when following locations. - -Daniel (22 Jan 2003) -- Ian Wilkes and Legoff Vincent both independently provided fixes for making - curl/multi.h work properly when compiled with a C++ compiler. - -Daniel (20 Jan 2003) -- Fixed 'buildconf' to check version number of the required tools before - they're actually used. - -- Wrote 'testcurl.sh', a script targeted for automatic and distributed curl - tests on various platforms. - -- David Thiel pointed out that the .netrc file was not being dealt with - properly anymore. I broke this in the password prompting "fix". - -- Markus F.X.J. Oberhumer patched libcurl to allocate the scratch buffer only - on demand and thus we save 32KB in each curl handle that don't use that - buffer. This need appeared when some people started using thousands of - simultaneous curl handles... :-) - -Daniel (16 Jan 2003) -- Markus Oberhumer fixed curl-config --cflags when the includedir was not - /usr/include. - -- Markus Oberhumer fixed CURLINFO_PRIVATE to properly return NULL if it was - set to NULL! - -Version 7.10.3 (14 Jan 2003) - -Daniel (10 Jan 2003) -- Steve Oliphant pointed out that test case 105 did not work anymore and this - was due to a missing fix for the password prompting. - -Version 7.10.3-pre6 (10 Jan 2003) - -Daniel (9 Jan 2003) -- Bryan Kemp pointed out that curl -u could not provide a blank password - without prompting the user. It can now. -u username: makes the password - empty, while -u username makes curl prompt the user for a password. - -- Kjetil Jacobsen found a remaining connect problem in the multi interface on - ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed - his problems. - -- memanalyze.pl now reads a file name from the command line, and no longer - takes the data on stdin as before. - -Version 7.10.3-pre5 (9 Jan 2003) - -Daniel (9 Jan 2003) -- Fixed tests/memanalyze.pl to work with file names that contain colons (as on - Windows). - -- Kjetil Jacobsen quickly pointed out that lib/share.h was missing... - -Version 7.10.3-pre4 (9 Jan 2003) - -Daniel (9 Jan 2003) -- Updated lib/share.c quite a bit to match the design document at - https://curl.haxx.se/dev/sharing.txt a lot more. - - I'll try to update the document soonish. share.c is still not actually used - by libcurl, but the API is slowly getting there and we can start - implementing code that takes advantage of this system. - -Daniel (8 Jan 2003) -- Updated share stuff in curl/curl.h, including data types, structs and - function prototypes. The corresponding files in lib/ were also modified - of course to remain compilable. Based on input from Jean-Philippe and also - to make it more in line with the design document. - -- Jean-Philippe Barrette-LaPierre patched a very trivial memory leak in - curl_escape() that would happen when realloc() returns NULL... - -- Matthew Blain provided feedback to make the --create-dirs stuff build - properly on Windows. - -- Fixed the #include in tests/libtest/first.c as Legoff Vincent pointed out. - -Daniel (7 Jan 2003) -- Philippe Raoult provided a patch that now makes libcurl properly support - wildcard checks for certificate names. - -- Simon Liu added CURLOPT_HTTP200ALIASES, to let an application set other - strings recognized as "HTTP 200" to allow http-like protocols to get - downloaded fine by curl. - -- Now using autoconf 2.57 and automake 1.7.2 - -- Doing "curl -I ftp://domain/non-existing-file" still outputed a date! - Wayne Haigh reported. - -- The error message is now written properly with a newline in the --trace - file. - -Daniel (6 Jan 2003) -- Sterling Hughes fixed a possible bug: previously, if you called - curl_easy_perform and then set the global dns cache, the global cache - wouldn't be used. Pointed out by Jean-Philippe Barrette-LaPierre. - -- Matthew Blain's fixed the VC6 libcurl makefile to include better debug data - on debug builds. -Daniel (27 Dec 2002) -- Philippe Raoult reported a bug with HTTPS connections which I evidently - added in my 19 dec fix. I corrected it. - -Daniel (20 Dec) -- Idea from the Debian latest patch: use AM_MAINTAINER_MODE in the configure - script to make the default makefile less confusing "to the casual - installer". - -Version 7.10.3-pre3 (20 Dec) - -Daniel (19 Dec) -- Matthew Blain patched the Curl_base64_decode() function. - -- Evan Jordan reported in bug report #653022 that the SSL_read() usage was - wrong, and it certainly was. It could lead to curl using too much CPU due to - a stupid loop. - -Daniel (18 Dec) -- As suggested by Margus Freudenthal, CURLE_HTTP_NOT_FOUND was renamed to - CURLE_HTTP_RETURNED_ERROR since it is returned on any >= 400 code when - CURLOPT_FAILONERROR is set. - -Daniel (17 Dec) -- Bug reported #651464, reported by Christopher Palmer, provided an example - source code using the multi interface that hang when trying to connect to a - proxy on a localhost port where no proxy was listening. This bug was not - repeatable on libcurls that were IPv6-enabled. - -Daniel (16 Dec) -- Christopher Palmer also noticed what Vojtech Janota already was - experiencing: The attempted name resolve fix for glibc 2.2.93 caused libcurl - to crash when used on some older glibc versions. The problem is of course - the silliness of the 2.2.93. I committed a fix that hopefully should make - the binary run fine on either one of the versions, even though the solution - is not as nice as I'd like it to be. - -Daniel (13 Dec) -- Bug report #651460 by Christopher R. Palmer showed that when using libcurl - to for example go over a proxy on localhost, it would attempt to connect - through the proxy TWICE. - - I added test case 503 with which I managed to repeat this problem and I - fixed the code to not re-attempt any connects (which also made it a nicer - fix for the #650941 bug mentioned below). - - The sws server was extended to deal with CONNECT in order to make test - case 503 do good. - -- Evan Jordan posted bug report #650989 about a memory leak in the public key - retrieving code. He provided a suggested fix and I merely applied it! - -- Bug report #650941, posted by Christopher R. Palmer identified a problem - with the multi interface and getting file:// URLs. This was now fixed and - test case 502 was added to verify this. - -Daniel (12 Dec) -- Test case 500 and 501 are the first ever libcurl test cases that run. - -- Made "configure --enable-debug" cut off all -O* options to the compiler - -- Finally fixed the test suite's ftp server so that test case 402 doesn't - cause the following test case to fail anymore! - -Daniel (11 Dec) -- CURL_MAX_WRITE_SIZE is now decreased to 16KB since it makes the Windows - version perform uploads much faster!!! RBramante did lots of research on - this topic. - -- Fixed the #include in curl/curl.h to include the other files outside the - extern "C" scope. - -Daniel (10 Dec) -- Moved around and added more logic: - - First, POST data is never sent as part of the request headers in the http.c - code. It is always sent the "normal" read callback then send() way. This now - enables a plain HTTP POST to be sent chunked if we want to. This also - reduces the risk of having very big POSTs causing problems. - - Further, sending off the initial HTTP request is not done using a loop - anymore. If it wasn't all sent off in the first send(), the rest of the - request is sent off in the normal transfer select() loop. This makes several - things possible, but mainly it makes libcurl block less when used from the - multi interface and it also reduces the risk of problems with issuing very - large requests. - -Daniel (9 Dec) -- Moved the read callback pointer and data within the structs to a more - suitable place. This in preparation for a better HTTP-request sending code - without (a silly) loop. - -- The Dodds fix seems not to work. - -- Vojtech Janota tests proved that the resolve fix from oct 21st is not good - enough since obviously older glibcs might return EAGAIN without this meaning - that the buffer was too small. - -- [the other day] Made libcurl loop on recv() and send() now until done, and - then get back to select(). Previously it went back to select() more often - which really was a slight overhead. This was due to the reported performance - problems on HTTP PUT on Windows. I couldn't see any notable difference on - Linux... - -Version 7.10.3-pre2 (4 Dec 2002) - -Daniel (4 Dec 2002) -- Lots of work with Malcolm Dodds made me add a temporary code fix that now - shortens the timeout waiting for the 226 or 250 line after a completed - FTP transfer. - - If no data is received within 60 seconds, this is taken as a sign of a dead - control connection and we bail out. - -Daniel (3 Dec 2002) -- Ralph's bug report #644841 identified a problem in which curl returned a - timeout error code when in fact the problem was not a timeout. The proper - error should now be propagated better when they're detected in the FTP - response reading function. - -- Updated the Borland Makefiles. - -Daniel (2 Dec 2002) -- Nicolas Berloquin provided a patch that introduced --create-dirs to the - command line tool. When used in combination with -o, it lets curl create - [non-existing] directories used in -o, suitably used with #-combinations - such as: - - curl "www.images.com/{flowers,cities,parks,mountains}/pic_[1-100].jpg \ - -o "dir_#1/pic#2.jpg" --create-dirs - -Version 7.10.3-pre1 - -Daniel (28 Nov 2002) -- I visited Lars Nordgren and had a go with his problem, which lead me to - implement this fix. If libcurl detects the added custom header - "Transfer-Encoding: chunked", it will now enable a chunked transfer. - - Also, chunked transfer didn't quite work before but seems to do so now. - -- Kjetil Jacobsen pointed out that ./configure --disable-ipv6 --without-zlib - didn't work on any platform... - -Daniel (26 Nov 2002) -- Fixed a bad addrinfo free in the hostip.c code, hardly exposed anywhere - -- Dan Becker found and fixed a minor memory leak on persistent connnections - using CURLOPT_USERPWD. - -Daniel (22 Nov 2002) -- Based on Ralph Mitchell's excellent analysis I found a bug in the test suite - web server (sws) which now lets test case 306 run fine even in combination - with the other test cases. - -- Juan Ignacio Hervás found a crash in the verbose connect message that is - used on persistent connections. This bug was added in 7.10.2 due to the - rearranged name resolve code. - -Daniel (20 Nov 2002) -- Kjetil Jacobsen provided a patch that introduces: - - CURLOPT_PRIVATE stores a private pointer in the curl handle. - - CURLINFO_PRIVATE retrieves the private pointer from the curl handle. - -- Karol Pietrzak pointed out how curl-config --cflags didn't output a good - include dir so I've removed that for now. - -Version 7.10.2 (18 Nov 2002) - -Daniel (11 Nov 2002) -- Dave Halbakken added curl_version_info to lib/libcurl.def to make libcurl - properly build with MSVC on Windows. - -Daniel (8 Nov 2002) -- Doing HTTP PUT without a specified file size now makes libcurl use - Transfer-Encoding: chunked. - -Daniel (7 Nov 2002) -- Bug report #634625 identified how curl returned timeout immediately when - CURLOPT_CONNECTTIMEOUT was used and provided a fix. - -Version 7.10.2-pre4 (6 Nov 2002) - -Daniel (5 Nov 2002) -- Lehel Bernadt found out and fixed. libcurl sent error message to the debug - output when it stored the error message. - -- Avery Fay found some problems with the DNS cache (when the cache time was - set to 0 we got a memory leak, but when the leak was fixed he got a crash - when he used the CURLOPT_INTERFACE with that) that had me do some real - restructuring so that we now have a reference counter in the dns cache - entries to prevent an entry to get flushed while still actually in use. - - I also detected that we previously didn't update the time stamp when we - extracted an entry from the cache so that must've been a reason for some - very weird dns cache bugs. - -Version 7.10.2-pre3 - -Daniel (31 Oct 2002) -- Downgraded automake to 1.6.3 in an attempt to fix cygwin problems. (It - turned out this didn't help though.) - -- Disable the DNS cache (by setting the timeout to 0) made libcurl leak - memory. Avery Fay brought the example code that proved this. - -Version 7.10.2-pre2 - -Daniel (28 Oct 2002) -- Upgraded to autoconf 2.54 and automake 1.7 on the release-build host. - -- Kevin Roth made the command line tool check for a CURL_CA_BUNDLE environment - variable (if --cacert isn't used) and if not set, the Windows version will - check for a file named "curl-ca-bundle.crt" in the current directory or the - directory where curl is located. That file is then used as CA root cert - bundle. - -- Avery Fay pointed out that curl's configure scrip didn't get right if you - used autoconf newer than 2.52. This was due to some badly quoted code. - -Version 7.10.2-pre1 - -Daniel (23 Oct 2002) -- Emiliano Ida confirmed that we now build properly with the Borland C++ - compiler too. We needed yet another fix for the ISO cpp check in the curl.h - header file. - -- Yet another fix was needed to get the HTTP download without headers to work. - This time it was needed if the first "believed header" was read all in the - first read. Test 306 has not run properly since the 11th october fix. - -Daniel (21 Oct 2002) -- Zvi Har'El pointed out a problem with curl's name resolving on Redhat 8 - machines (running IPv6 disabled). Mats Lidell let me use an account on his - machine and I could verify that gethostbyname_r() has been changed to return - EAGAIN instead of ERANGE when the given buffer size is too small. This is - glibc 2.2.93. - -- Albert Chin helped me get the -no-undefined option corrected in - lib/Makefile.am since Cygwin builds want it there while Solaris builds don't - want it present. Kevin Roth helped me try it out on cygwin. - -- Nikita Schmidt provided a bug fix for a FOLLOWLOCATION bug introduced when - the ../ support got in (7.10.1). - -Daniel (18 Oct 2002) -- Fabrizio Ammollo pointed out a remaining problem with FOLLOWLOCATION in - the multi interface. - -Daniel (17 Oct 2002) -- Richard Cooper's experimenting proved that -j (CURLOPT_COOKIESESSION) didn't - work quite as supposed. You needed to set it *before* you use - CURLOPT_COOKIEFILE, and we dont' want that kind of dependencies. - -Daniel (15 Oct 2002) -- Andrés García provided corrections for erratas in four libcurl man pages. - -Daniel (13 Oct 2002) -- Starting now, we generate and include PDF versions of all the docs in the - release archives. - -Daniel (12 Oct 2002) -- Trying to connect to a host on a bad port number caused the multi interface - to never return failure and it appeared to keep on trying forever (it just - didn't do anything). - -Daniel (11 Oct 2002) -- Downloading HTTP without headers didn't work 100%, some of the initial data - got written twice. Kevin Roth reported. - -- Kevin Roth found out the "config file" parser in the client code could - segfault, like if DOS newlines were used. - -Version 7.10.1 (11 Oct 2002) - -Daniel (10 Oct 2002) -- Jeff Lawson fixed a few problems with connection re-use that remained when - you set CURLOPT_PROXY to "". - -Daniel (9 Oct 2002) -- Craig Davison found a terrible flaw and Cris Bailiff helped out in the - search. Getting HTTP data from servers when the headers are split up in - multiple reads, could cause junk data to get inserted among the saved - headers. This only concerns HTTP(S) headers. - -Daniel (8 Oct 2002) -- Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER - is set internally, the error text is sent to the debug function as well. - -- I fixed the telnet code to timeout properly as the option tells it to. On - non-windows platforms. - -Daniel (7 Oct 2002) -- John Crow pointed out that libcurl-the-guide wasn't included in the release - tarball! - -- Kevin Roth pointed out that make install didn't do right if build outside - the source tree (ca-bundle wise). - -- FOLLOWLOCATION bugfix for the multi interface - -Daniel (4 Oct 2002) -- Kevin Roth got problems with his cygwin build with -no-undefined was not - present in lib/Makefile.am so I put it back in there again. The poor one who - needs to remove it again must write a configure script to detect that need. - -- Ralph Mitchell pointed out that curl was a bit naive and didn't deal with ./ - or ../ stuff in the string passed back in a Location: header when following - locations. - -- Albert Chin helped me to work out a better configure.in check for zlib, and - both --without-zlib and -with-zlib seem to work rather well right now. - -- Zvi Har'El improvied the OpenSSL ENGINE check in the configure script to - become more accurate. - -Daniel (1 Oct 2002) -- Detlef Schmier pointed out the lack of a --without-libz option to configure, - so I added one. - -Version 7.10 (1 Oct 2002) - -Daniel (30 Sep 2002) -- Modified the curl_version_info() proto and returned struct once again, and - updated the man page accordingly. - -- Cris Bailiff found out that the pre-releases crashed on name lookups on - names such as "a:" or "baz:" (on Linux versions not being IPv6-enabled) due - to some weird return codes from gethostbyname_r(). I'll blame the complete - lack of docs in that department. Cris provided a fix, which I modified only - slightly. - -Daniel (27 Sep 2002) -- After a suggestion from Christian Kurz to Debian curl package maintainer - Domenico Andreoli, I made it possible to override the proxy environment - variables better. Now, by setting -x "" you can explicitly tell libcurl to - not use a proxy, no matter whan the environment variables say. - -Version 7.10-pre4 - -Daniel (26 Sep 2002) -- Extended curl_version_info() more and wrote a man page for it. - -Daniel (25 Sep 2002) -- libcurl could leak memory when downloading multiple files using http ranges, - reported and fixed by Jean-Luc Guevel. - -- Walter J. Mack provided code and docs for the new curl_free() function that - shall be used to free memory that is allocated by libcurl and returned back - to the application, as curl_escape() and curl_unescape() do. - -- Yarram Sunil pointed out a flaw in the multi interface where a failed - connection didn't close down properly and thus a second transfer using the - same handle failed. - -- Andrés García fixed a flaw that made (among other things) dict-fetches - return a random value. - -Daniel (24 Sep 2002) -- Wez Furlong brought his initial patch that introduced curl_version_info(). - We might need to tweak it somewhat before release. - -Daniel (20 Sep 2002) -- Craig Markwardt fixed another Tru64 IP resolve problem. - -Daniel (19 Sep 2002) -- Dolbneff A.V and Spiridonoff A.V made the file:// code work with resumes - in the same style other code does. - -- Ilguiz Latypov fixed a flaw in the client code when fetching multiple URLs - and -C - was used. The first file's resume position was then accidentally - reused on all the other files too. - -Daniel (18 Sep 2002) -- The curl_easy_setopt.3 man page was greatly modified and the options have - now been grouped in logical groups so that it should be somewhat easier to - read it and find things you search for. - -Daniel (13 Sep 2002) -- Kevin Roth pinpointed a scary flaw in libcurl, when the HTTP server doesn't - send any headers back, only raw content. Right, that is a violation of the - standard but still happens at times and we need to deal with it. Test case - 306 was added to verify that we do right now. - -Version 7.10-pre3 - -Daniel (11 Sep 2002) -- Lukasz Czekierda found out that curl didn't send a correct HTTP Host: header - when you specified the URL with an IPv6 IP-address. - -Daniel (4 Sep 2002) -- Sven Neuhaus made --silent being acknowledged even when multiple URLs - were used. It used to output "[1/2]: http://host/a.html.de --> a.html.d" etc - even when told to shut up. - -Daniel (3 Sep 2002) -- Updated all source code headers to use MIT-license references only, and - point to the COPYING file and the https://curl.haxx.se/docs/copyright.html - URL. I've cut out all references to MPL that I could find. - -- Corected the makefiles to not always use -lz when linking - -Version 7.10-pre2 - -Daniel (2 Sep 2002) -- James Gallagher added Content-Encoding support to libcurl so now curl and - libcurl-using apps can request compressed contents using the 'deflate' - method. See the special file lib/README.encoding for details. - - curl --compressed is now used to request compressed contents. - - curl-config --feature will include 'libz' if this feature was around when - the library was built. - -Daniel (30 Aug 2002) -- Applied an anonymous SOCKS5-proxy patch. Not properly working in all - situations though, as all getaddrinfo()-using libcurls will fail on this. - This is because of the somewhat naive way the current code tries to extract - the IP address of the proxy. - -- Fixed up the SSL cert fixes from the other day even more after more inputs - from Cris. Added three new SSL error codes to make the - CURLE_SSL_CONNECT_ERROR slightly less overloaded. - -Daniel (27 Aug 2002) -- After lots of talk with Tom Zerucha, Nick Gimbrone and Cris Bailiff I - decided to talk the bold path and I now made libcurl do CA certificate - verification by default. Thus library users need to explicitly turn this off - if you want to connect to sites without proper checking. We also install a - CA cert bundle on 'make install' now. - - The curl tool now requires the -k/--insecure option in order to allow - connections and operations on SSL sites that aren't properly verified with - -cafile or --capath. - - curl-config --ca displays the built-in path to the CA cert bundle. - -Daniel (26 Aug 2002) -- Andrew Francis cleaned up some code that now compiles fine without the need - for ugly MSVC pragmas. - -- Keith MacDonald found a minor bug in src/main.c that made it close stdin - instead of the actual file handle. It shouldn't have resulted in much - trouble as most operating systems close all file handles on process exit - anyway. - -Daniel (22 Aug 2002) -- Markus Oberhumer provided some documentation for his previously provided - CURLOPT_NOSIGNAL fix. - -- Patched the lib/Makefile.am to hopefully no longer complain on undefined - symbols that seemed to occur on builds with shared OpenSSL libraries on - Solaris lately... - -Daniel (20 Aug 2002) -- Fixed compiler warnings on MSCV++ compiles. We're looking for help here: - remove the pragmas from lib/config-win32.h and adjust the sources where - the warnings occur. Hiding them with pragmas like this is not the correct - way of dealing with compiler warnings. - -Daniel (13 Aug 2002) -- Ulrich Zadow made the global include files in curl/* include themselves - using "curl.h" instead of which thus allows people to more - freely decide how to include curl and how to setup their include paths. - -- Sterling Hughes added the curl_share* interface, somewhat as discussed - previously. - -- Jörn Hartroth pointed out that poll() was used in the pre1 source code and - it isn't very portable, so now I check for it in the configure script and - work around it. - -Version 7.9.9-pre1 - -Daniel (12 Aug 2002) -- Applied my initial take on making the multi stuff more asynchronous. Connects - should now return back without "hanging" until it has connected for real. - This should also be the case for FTP-PASV connects. - -Daniel (9 Aug 2002) -- Applied Markus F.X.J. Oberhumer's patch that introduces CURLOPT_NOSIGNAL, - which effectively prevents libcurl from doing anything that may cause - signals to get sent. This is basicly for multi-threaded applications that - now can use timeouts properly, without risking any signals to burst in and - ruin the party. - -Daniel (5 Aug 2002) -- Lukasz Czekierda reported that RFC2732-style literal IPv6 addresses didn't - work. When did that code vanish? Anyway, it's back again now and seems to - work! - -- Jonatan Lander found out that POSTing an empty string didn't work with the - command line tool. - -Daniel (3 Aug 2002) -- Jörn Hartroth fixed the libcurl.def file to build the windows DLL with - the multi interface enabled. - -Daniel (1 Aug 2002) -- The ftp PORT command now uses a better default IP address, as it will - extract and use the local IP address used by the control connection. - -- Modified the #include lines in curl/multi.h to work better on more - platforms. - -Daniel (31 Jul 2002) -- Attempted a fix for Ray DeGennaro's reported HP-UX host name resolve - problems. - -Daniel (30 Jul 2002) -- Priya Ramakrishnan and Ryan Jones compiles curl/curl.h with a C++ compiler - and don't get __STDC__ defined, which required us to extend the preprocessor - check for the ## operator usage. - -- Correct the description for CURLOPT_PASSWDFUNCTION, if set to NULL the - internal default function will be put back. - -- danfuzz at milk.com found out that libcurl badly assumed a space after - 'Set-Cookie:' so if it wasn't present, it caused the first letter of the - cookie name to fall off! - -Daniel (29 Jul 2002) -- The password prompt asking for user password used stdout and now uses - stderr instead to better allow redirecting. It also leaked a fopen() file - handle that is now fixed. - -Daniel (28 Jul 2002) -- HAVE_SETVBUF was left out from src/main.c which made -N not work. Found out - by M T. - -Daniel (26 Jun 2002) -- Glen Nakamura solved a crash in the name resolving function for IP-only - addresses on Alpha Linux (at least). - -- T. Bharath corrected the high resolution timer introduced in 7.9.8. - -Daniel (22 Jun 2002) -- Andrés García pointed out man page errors in curl_formadd.3. I fixed. - -Daniel (19 Jun 2002) -- Chris Combes pointed out a flaw in curl_escape(). I fixed. We no longer - tries to generate nor parse '+' in URLs. Spaces become %20, and only %-codes - are translated by curl_unescape(). - -Daniel (15 Jun 2002) -- Added --limit-rate to the curl tool. Allows the user to set a maxmimum - upper limit to how much bandwidth to use for transfers. - -- CURLOPT_BUFFERSIZE was added to libcurl. This sets a prefered size for the - receive buffer in libcurl. The main point of this would be that the write - callback gets called more often and with smaller chunks. - -Daniel (14 Jun 2002) -- Yarram Sunil found out that the SocketIsDead() function performed a lot - faster on Windows when removing the 1 microsecond timeout. - -- Hanno L. Kranzhoff fixed the VC++ project files. - -- Tom Mattison found out that ftp transfers closed the connection a little - too often. - -- Miklos Nemeth posted a VC++ makefile fix and some INSTALL comments on how - to disable specific protocols when building for Windows. - -Version 7.9.8 - -Daniel (13 Jun 2002) -- Time to let this baby go. - -Daniel (12 Jun 2002) -- Chris Combes added three new options for curl_formadd(): CURLFORM_BUFFER, - CURLFORM_BUFFERPTR, CURLFORM_BUFFERLENGTH. They are used to create a - multipart that appears as a regular file upload, but the data is provided - with a pointer and length. - -- Nico Baggus made the VMS version use sigsetjmp() too. - -- Jörn Hartroth fixed the mingw32 build using the mm lib. - -- Applied patches by Kris Kennaway that correct format string problems in - lib/ftp.c and lib/ldap.c. - -Version 7.9.8-pre3 - -Daniel (11 Jun 2002) -- James Cone brought the idea of using sigsetjmp() in the signal handler to - make the time-out of name lookups to work, even when the underlying name - resolver library traps EINTR. The use of sigsetjmp() and siglongjmp() for - this may be a bit drastic, and also not likely to exist on all platforms. I - added careful checking for this in the configure script, even checks for it - being a macro (which seems to be the case in for example Linux). - - sigsetjmp() seems to be mentioned in the Single Unix specification. - -- Miklos Nemeth brought a patch that allows libcurl to get built with specific - protocols disabled. This is done by running ./configure - --disable-[protocol]. - -- FTP range downloads could make CURLE_FTP_WRITE_ERROR get returned. We now - make precautions to not return this for range downloads. - - Added test case 135 that makes an ftp range download. Had to tweak the - runtests.pl script a bit too. - -- Bug report #566835 identified a strlen() on a NULL pointer. Added additional - check to prevent this. - -Daniel (10 Jun 2002) -- Found and corrected a connect failure problem that didn't create a human - error text. - -- Added code to compile with OpenSSL 0.9.7. Based on patch from Jacob Meuser - and comments from Götz Babin-Ebell. - -- Gautam Mani found a socket descriptor leak that happened when FTP transfers - failed and you reinvoked curl_easy_perform(). - -Daniel (5 Jun 2002) -- Gustaf Hui corrected curl_multi_remove_handle() so that it won't crash no - matter when you decide to remove the CURL handle. - -- HAVE_RAND_STATUS was added to lib/config-win32.h by Andreas Olsson, as it - makes windows builds stop complaining about "weak seeding" when it in fact - isn't. - -- Another 64bit architecture crash that was introduced in 7.9.7 was now - removed, as bug report #564585 clarified. This happened due to our attempts - to only allocate only as much memory as is actually needed for name - resolving (using realloc) which called for a function that could 'move' a - hostent struct in memory. - -Version 7.9.8-pre2 - -Daniel (3 Jun 2002) -- T. Bharath fixed the CURLINFO_REDIRECT_TIME to return a correct time and - made the CURLINFO_REQUEST_SIZE return the correct total request size. He - also made the win32 timers use higher resolution than before. - -Daniel (29 May 2002) -- Renaud Chaillat made me aware of the fact that libcurl returned an error if - you tried to get an empty FTP file. This seemed like a wrong thing to do, so - now it no longer does that! I just hope that no one built anything fancy - upon this unexpected behavior... - -Daniel (28 May 2002) -- Cris Bailiff brought CURLOPT_CAPATH that works like CURLOPT_CAINFO but - specifies a path to a directory with certificates rather than a single file - with them all concatenated. --capath was added to the command line tool - for the same function. - - Windows users need to pay attention that the directory should be setup with - the c_rehash tool of the OpenSSL package, and that creates symlinks by - default that need to be replaced with actual copies to work on Windows. - -- Gustaf Hui provided new code that changes how curl_multi_info_read() - messages are stored, so that they don't have to be kept around for the multi - handle's entire life time. He also made it return failure codes properly - which it didn't do before. - -Daniel (27 May 2002) -- Gustaf Hui pointed out that running curl_multi_perform() without doing - curl_multi_fdset() first was not really a working combo. I added an internal - check for this and have some extra select() code without timeout to make the - library internals work identically nevertheless. We might need to somehow - either document that once you've used the *_fdset() you should remain using - them in select() or you should blank them somehow so that libcurl won't go - crazy. - -Version 7.9.8-pre1 - -Daniel (22 May 2002) -- James Cone brought an excellent patch, including several tests and docs! - CURLOPT_NETRC now takes an enum as argument instead of the previous boolean. - --netrc-optional was introduced as an addition to --netrc to allow the - command line client to take use of all that new netrc stuff. - -- Bug report #558888 showed a case where libcurl re-used the previous host - name when a connection over a proxy was re-used but to a different target - host. - -Daniel (21 May 2002) -- Edin Kadribasic helped me sort out a problem to made libcurl crash when - trying to HTTP POST an empty string. - -- Clarified that Juergen Wilke donated the original tests/server/sws.c code. - -- Jean-Philippe Barrette-LaPierre made curl_formadd() return a typedef named - CURLFORMcode instead of the previous 'int', and the various return codes are - now globally exported. It allows applications to better figure out what goes - wrong when curl_formadd() returns errors. - -Daniel (20 May 2002) -- Roland Zimmermann pointed out that SSL_CTX_use_certificate_chain_file() - is prefered to SSL_CTX_use_certificate_file(). - -Daniel (17 May 2002) -- Bug report #556869 pointed out that src/writeout.c didn't compile on freebsd - after my AIX fixes the other week. - -- Bug report #556930 pointed out a FreeBSD core dump introduced in 7.9.7 in - the DNS struct realloc stuff. Actually, this crash could happen on all - systems that made the pack_hostent() function get invoked. - -- I removed several compiler warnings in the test suite's HTTP server. - -Version 7.9.7 - -Daniel (10 May 2002) -- Kevin Roth adjusted the --trace-ascii output slightly. - -- Paul Harrington found out that src/writeout.c needed an additional header - file included for AIX builds - -Version 7.9.7-pre2 - -Daniel (7 May 2002) -- Updated the man page with --trace-ascii and -j/--junk-session-cookies. - -- Made --trace-ascii do pretty much the same as --trace but without the hex - part in the output. - -- Added CURLOPT_COOKIESESSION that when enabled makes libcurl ignore session - cookies read from a file. This option is enforced by the curl command line - tool using the new -j/--junk-session-cookies option. After discussions with - Kevin Roth. This makes it easier to use curl to fully emulate a browser's - behavior, even when it comes to "session cookies". Session cookies are - cookies that a normal browser discards when the browser is shut - down. They're identified by not having any expire date/time. - -- When CURLOPT_DEBUGDATA was set, it ruined the CURLOPT_STDERR setting and - this was discovered when --trace was made to crash. - -- Using -v and --trace at the same time confused matters. -v is now pretty - much ignored when --trace or --trace-ascii is used. - -- Made --trace (and --trace-ascii) support - as file name to pass output to - stdout instead. It makes it consistent with how other options work. - -Version 7.9.7-pre1 - -Daniel (6 May 2002) -- Added multi-post.c to the examples directory. I got the basic source for - this from Gustaf Hui. - -Daniel (3 May 2002) -- CURL_MAX_WRITE_SIZE is now an exported #define in the curl/curl.h header and - can be used to figure out the maximum buffer size your write callback can - get. - -- CURLOPT_READDATA is now an alias for CURLOPT_INFILE and CURLOPT_WRITEDATE is - an alias for CURLOPT_FILE. These two were added for conformity. Most other - callback function's userdata are provided with options using a similar name- - scheme. - -- Added "--trace [file]" to the command line tool. It makes a very detailed - trace dump get stored, with a full protocol dump that includes all received - and transmitted data. This could be a very effective tool for debugging what - goes wrong. This dump includes every byte the way it is sent to/received - from the server. The dump is the plain-text version, so SSL transfers will - still be readable. - -- I found out that the DEBUGFUNCTION was not called properly everywhere as we - wanted it to. I fixed it. - -- -D now stores all headers to the same file if multiple URLs are given on the - command line! Kevin Roth made me aware of that it didn't already do this! - -- Gustaf Hui wrote an excellent formpost example that used the multi - interface. Unfortunately, it didn't work due to several bugs in how - transfers were made when the multi interface was used. - -Daniel (2 May 2002) -- Hanno Kranzhoff found out that when doing multiple transfers on the same - easy handle, the progress meter would show a bad "currently downloaded - value" when the transfer starts. - -Daniel (1 May 2002) -- Applied another patch by Jacky Lam to make the name resolve info realloc() - stuff work properly. - -Daniel (28 April 2002) -- curl_multi_info_read() is now implemented! - -Daniel (27 April 2002) -- Updated BUGS, TODO, FAQ, INSTALL and added BINDINGS. - -- I think I fixed the DNS cache prune crach Jacky Lam found and reported. - -- I cleaned up the name prefix stuff in the hash and llist modules. - -- FTP responses should now be better on timing out properly. The timeout value - is maximum timeout for the entire request operation, but before this, the - timeout was used as a maximum allowed time between two reads... - -Daniel (26 April 2002) -- Fixed the test suite http server to not use snprintf() anymore due to better - portability. - -Daniel (25 April 2002) -- With Sterling Hughes' new DNS pruning, Jacky Lam asked if this wouldn't - cause problems since the pruning is only checking the entry time, and it - sure could cause problems. Therefor, I've now added and changed code so that - this should not be a problem. Nowhere in the code will be store name - resolved information around so that a sunsequent DNS cache prune should - cause a problem. This of course called for some mild internal changes. - -Daniel (23 April 2002) -- Improved the 'no_proxy' check, as using port numbers in the URL confused it - previously. Reported by Erwan Legrand in bug report #547484. - -- The --interface option now works even on IPv6 enabled builds. Reported by - 'thor'. - -Daniel (22 April 2002) -- The #defines names starting with TIMECOND now has CURL_ prefixes. (The old - names are still #defined too.) Pointed out by Robert Olson. - -- Jacky Lam brought code that lets the name resolve function only use as much - memory as it actually needs. This only works on certain operating systems, - but is totally transparant to all users. - -Daniel (19 April 2002) -- Bjorn Reese fixed pack_hostent to work properly with 64 bit pointers. - -Daniel (18 April 2002) -- Sterling Hughes added code to prune old DNS cache entries, since Jacky Lam - experienced very big caches. - -Daniel (17 April 2002) -- Dirk Manske patched the 301 response to work against the RFC but more like - common browsers do. If a POST get a 301 back, it'll switch to GET in the - next request (if location-following is enabled). - -Daniel (16 April 2002) -- Dirk Manske posted a patch originally written by Ingo Wilken that introduced - two new CURLINFO_* values: CURLINFO_REDIRECT_TIME and - CURLINFO_REDIRECT_COUNT. - -Daniel (15 April 2002) -- Jonatan Lander patched the verbose text 'Disables POST, goes with GET' to - reflect reality better, like when the first request isn't POST and when - the second isn't GET... :-) - -- Craig Davison pointed out that when curl_formadd()ing a file that doesn't - exist, libcurl doesn't return error. Now, curl_easy_perform() will return - CURLE_READ_ERROR if that is the case. Test 41 was added to verify this. - -Version 7.9.6 - -Daniel (14 April 2002) -- Dirk Manske brought a fix that makes libcurl strip off white spaces from the - beginning of cookie contents. - -- Had to patch include/curl/curl.h since MSVC doesn't set the __STDC__ define. - Moonesamy pointed out the problem, Bjorn Reese the solution. - -Version 7.9.6-pre5 - -Daniel (12 April 2002) -- Fixed the TIMER_CONNECT to be more accurate for FTP transfers. Previously - FTP transfers got the "connect done" time set after the initial FTP commands - and not directly after the TCP/IP connect as it should. - - I also made the time stamp get set even if the connect itself fails, which - it didn't do previously. - -- Jean-Philippe Barrette-LaPierre provided his patch that introduces - CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program to a set a - callback to receive debug/information data. That includes headers and data - that is received and sent. CURLOPT_VERBOSE still controls it. - - By default, there is an internal debugfunction that will make things look - and work as before if not changed. - -Daniel (10 April 2002) -- Sebastien Willemijns found out that -x didn't use the default port number as - is documented. It does now. - -- libcurl-errors.3 is a new man page attempting to document all libcurl error - codes - -- Added two new error codes and changed the behaviour of two old ones - slightly: - - CURLE_WRITE_ERROR - This error was returned *both* for errors that occured when writing - received data to a local file, as well as when we get problems writing data - to a remote server. CURLE_SEND_ERROR has now been added for the latter - error. - - CURLE_READ_ERROR - This error was similarly returned *both* for errors when reading a local - file, as well as when getting problems when reading network data. - CURLE_RECV_ERROR has now been added for the latter error. - - (Two test cases were adjusted accordingly.) - -Daniel (9 April 2002) -- runtests.pl now sets the HOME variable before running curl, to prevent any - actual ~/.curlrc file to fool the tests! - -Version 7.9.6-pre4 - -Daniel (8 April 2002) -- Michael Curtis provided new functionality for curl on some platforms. Using - the --environment option, curl will *set* a bunch of environment variables - to values. The names are the same ones as for the -w/--writeout option. - - For now, this only works on the RISC OS version, as this feature relies on - both OS support and that it matches OS paradigms. - -- Jacky Lam provided a fix for getting headers-only when the reply is HTTP/1.0 - and 304, I edited it slightly. - -Daniel (5 April 2002) -- As requested by Jay Graves, the '.curlrc' file (or _curlrc as it is called - when used in windows), is now loaded from the current directory if the HOME - environment variable isn't set (or if it is too long). I also enlarged the - array used to store the full file path in, to 512 bytes. - -- Kevin Roth pointed out to me why the "19 March" change regarding -G and -I - was stupid and the change was reverted. Added test case 48 to verify the - functionality. - -Version 7.9.6-pre3 - -Daniel (4 April 2002) -- Jonatan Lander brought a patch that makes curl/curl.h compile nicely on - pre-ISO compilers, like when using gcc -traditional. - -Daniel (3 April 2002) -- Jacky Lam identified a glitch when getting headers-only, where libcurl would - "hang" 1 second in vain in the select() loop before returning back. - -- Tor Arntsen brought a patch for multipart formposts. It turned out that the - "CGI_Lite Perl package" makes some bad assumptions on what letters that may - be used in boundary strings and thus curl could confuse it by including '+' - and '/'. While this is standards-compliant, we change the behavior to work - smoothly with existing software based on that package. - -Daniel (2 April 2002) -- Gerhard Herre filed bug report #536238 where he pointed out a crash in - verbose FTP passive transfers for AIX. - -- Clarence Gardner pointed out a minor flaw in how libcurl didn't properly - take care of all errors that SSL_read() could return. - -- Jacky Lam fixed a MALLOCDEBUG problem in lib/getinfo.c - -Daniel (27 March 2002) -- T. Bharath pointed out a flaw in the connection re-use function that didn't - check proxy connections properly for "deadness" before they were re-used. - -- Pedro Neves found out that HTTP POSTing with --data-binary did not properly - work under Windows as the file specified wasn't read fully binary! - -Daniel (25 March 2002) -- Jacky Lam brought a fix that improves treatment of cookies using identical - domains but with leading dots properly. - -Daniel (22 March 2002) -- Miklos Nemeth updated the windows section of the docs/INSTALL file and the - windows makefiles. - -- Jon Dillon provided us with several good-looking curl images for - promotion. View them here https://curl.haxx.se/icons.html - -Daniel (20 March 2002) -- Peter Verhas found out that CRLF replacement in uploads was not working. I - fixed it, and added test case 128 that verifies the functionality. - -- The list formerly known as curl-main is now named curl-users and is hosted - by sourceforge. Susbcribe to the new list, get off the old one. - -Version 7.9.6-pre2 - -Daniel (19 March 2002) -- Made -G and -I on the same command line cause an error. - -- Moved the multi.h file to the "public" include directory and made it get - included by curl.h so that no extra include files will be necessary to use - it. - - Added docs and man pages for the multi interface to the release archive. - Added the three example source codes too. - - Necessary steps in my campaign to sneak in the multi interface... ;-) - -- Updated the year in all copyright notices in all C and H files. - -Daniel (18 March 2002) -- Tomas Szepe found out that -d and -G didn't mix as they should. I broke this - in 7.9.5... Added test case 32 for this. - -Version 7.9.6-pre1 - -Daniel (16 March 2002) -- Peter Verhas pointed out that the curl_escape and curl_unscape man pages - contained factual errors. - -- Albert Choy found and corrected a problem with the verbose output when doing - PASV ftp transfers. It could make libcurl crash. - - Details in bug report #530562: - https://sourceforge.net/p/curl/bugs/178/ - -Daniel (15 March 2002) -- Jun-ichiro itojun Hagino filed bug report #530204 that clearly pointed out - the PF_INET fix from February 19 as a not-very-good fix as it broke IPv6 - capability! That patch is now reverted. - - The problem with slow name lookups with getaddrinfo() on non-IPv6 enabled - hosts are instead made by first checking if the stack is IPv6-enabled and if - not, the PF_INET is used and otherwise we go with the full PF_UNSPEC. - -- T. Bharath pointed out that when we return an "error" from a WRITEFUNCTION - as described in the man page, libcurl did not return the documented error - code (CURLE_WRITE_ERROR) but would instead return CURLE_READ_ERROR. This is - now corrected. - -Daniel (14 March 2002) -- Setting CURLOPT_POST without setting CURLOPT_POSTFIELDS now read the POST- - data from the callback. - -- The GOPHER support seems to be broken. I don't think I'll even start fixing - it until someone else finds out... :-) - -Daniel (13 March 2002) -- Trying 'curl -I ftp.sunet.se' or similar did a SIZE on a silly "(nil)" - string. If such a file would be present, curl returned the size of it! Now - we prevent this. - -- Curl_sendf() was fixed to deal with situation where Curl_write() would've - blocked and thus return -1. - -- Setting CURLOPT_PROGRESSFUNCTION to NULL now restores the internal function. - -- All CURLFORM_* options can now be used in a CURLFORM_ARRAY except the - CURLFORM_ARRAY itself. This was necessary since we couldn't expand the - CURLFORM_* list proprely and unrestricted until this was the case. It was - also a bit peculiar to users why some options could be used in an array - while others couldn't. - -- Removed some silly CRLF lines that had accidentally slipped into src/main.c - Nico Baggus pointed them out to me. - -Daniel (11 March 2002) -- CURLFORM_FILENAME was added. This can be set when creating a file upload - part, to set the 'filename' field to a custom value. If this isn't used, - the actually used filename will be included instead (as libcurl always has - done). curl was adjusted accordingly, and now -F accepts a 'filename=' field - too, and allows constructs such as: - - -F 'name=@filename;filename=/dev/null' - - and this can be combined with type= too, in a manner similar to: - - -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" - - Test case 39 was added to verify this functionality. - -- The struct formerly known as HttpPost is now named curl_httppost to properly - use the curl name space. I added a #define for the old name to make existing - programs compile even when this new include file is used. - -Daniel (8 March 2002) -- Clifford also discovered that if the client code failed early, as when doing - "curl -O" only, it would do fclose(NULL) which caused a segmentation fault - on some systems. - -- Clifford Wolf provided a patch that made --progress-bar work again. - -- I closed bug report #527032 by making sure that we add a newline after a - transfer when --progress-bar has been used. Before, without the newline, it - made the subsequent text come out wrong. - -Version 7.9.5 - -Daniel (7 March 2002) -- Added docs/KNOWN_BUGS to the release archive. - -Daniel (6 March 2002) -- Kevin Roth corrected a flaw in the curl client globbing code that made it - mess up backslashes. This was most notable on windows (cygwin) machines when - using file://. - -- Brad provided another fix for building outside the source-tree. - -- Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c - -Daniel (5 March 2002) -- I noticed that the typedef in curl.h for the progress callback prototype was - wrong and thus applications that used it would not get the proper input - data. It used size_t where the implementation actually uses doubles! - - I wish I could blame someone else, but this was my fault. Again. - -Version 7.9.5-pre6 - -Daniel (4 March 2002) -- Cut off the changes done during 2001 from this changelog file and put them - in a separate file (CHANGES.2001), available from CVS of course. - -- I removed the multi directory. The example sources were moved to the - docs/examples directory where they belong. - -- Wrote 7 new man pages for the current functions in the new multi interface. - They're all still pretty basic, but we can use them as a start and add more - contents to them when we figure out what to write. The large amount of man - pages for libcurl now present made me decide to put them in a new separate - subdirectory in the docs directory. Named libcurl. - -- Giuseppe Corbelli provided a template file for the EPM package manager, it - gets generated nicely by the configure script now. - -Version 7.9.5-pre5 - -Daniel (1 March 2002) -- Moved the memanalyze.pl script into the tests/ dir and added it to the - release archives. It was previously only present in the CVS tree. - -- Modified the February 17th Host: fix, as bug report #523718 pointed out that - it caused crashes! - -- Nico Baggus added more error codes to the VMS stuff. - -- Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE - option. It is just another FTP quote option that allows the user to specify - a list of FTP commands to issue *just before* the transfer command (RETR or - STOR etc). It has turned up a few systems that really need this. - - The curl command line tool can also take advantage of this by prefixing the - quote commands with a plus (+) in similar style that post transfer quote - commands are specified. - - This is not yet documented. There is no test case for this yet. - -Daniel (28 February 2002) -- Ralph Mitchell made some serious efforts and put a lot of sweat in setting - up scripts and things for me to be able to repeat his problems, and I - finally could. I found a problem with the header byte counter that wasn't - increased properly and thus we could return CURLE_GOT_NOTHING when we in - fact had received data. - -Daniel (27 February 2002) -- I had to revert the non-space parsing cookie fix I posted to the mailing - list. Expire dates do have spaces and still need to get parsed properly! - Instead we just ignore trailing white space and it seems to work... - -Daniel (26 February 2002) -- Made the cookie property 'Max-Age' work, just since we already tried to - support it, it is better to do it right. No one uses this anyway. - -- The cookie parser could crash if a really weird (illegal) cookie line was - received. I also made it better discard really oddly formatted lines better. - - Made the cookie jar store the second field from the left using the syntax - that Netscape and Mozilla probably like. Curl itself ignores it. - - Added test case 31 for these cases. - - Clay Loveless' email regarding some cookie issues started my cleanup. - -- Kevin Roth pointed out that my automake fiddles broke the ability to build - outside the source-tree and I posted a patch to the mailing list that brings - this ability back. - -Version 7.9.5-pre4 - -Daniel (25 February 2002) -- Fiddled with the automake files to make all source files in the lib - directory not have ../src in the include path, and the src sources shouldn't - have ../lib! - -- All 79 test cases ran OK under Linux and Solaris using the new HTTP server - in the test suite. The new HTTP server was first donated by Georg Horn and - subsequently modified to work with the test suite. It is currently still not - portable enough to run on "all over" but this is a start and I can run all - curl tests on my machines. This is an important requirement for the upcoming - public release. - -- Using -d and -I on the same command line now reports an error, as it implies - two different HTTP requests that can't be mixed. - -- Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option - support %{content_type} to get the content type of the recent download. - -- Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin, - and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure - out if we could include winsock.h which turns out not to be a wise choice to - do on cygwin since it has the file but can't include it! - -Daniel (22 February 2002) -- Added src/config-vms.h to the release archive. - -- Fixed the connection timeout value again, the change from February 18 wasn't - complete. - -Version 7.9.5-pre3 - -Daniel (21 February 2002) -- Kevin Roth and Andrés García both found out that lib/config.h.in was missing - in the pre-release archive and thus the configure script failed. - -Version 7.9.5-pre2 - -Daniel (20 February 2002) -- Andrés García provided a solution to bug report #515228. the total time - counter was not set correctly when -I was used during some conditions (all - headers were read in one single read). - -- Nico Baggus provided a huge patch with minor tweaks all over to make curl - compile nicely on VMS. - -Daniel (19 February 2002) -- Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the - getaddrinfo() calls, he could speed up some name resolving calls with an - order of magnitudes on his Redhat Linux 7.2. - -- Philip Gladstone found a second INADDR_NONE problem where we used long - intead of in_addr_t which caused 64bit problemos. We really shouldn't define - that on two different places. - -Daniel (18 February 2002) -- Philip Gladstone found a problem in how HTTP requests were sent if the - request couldn't be sent all at once. - -- Emil found and corrected a bad connection timeout comparison that made curl - use the longest of connect-timeout and timout as a timeout value, instead of - the shortest as it was supposed to! - -- Aron Roberts provided updated information about LDAP URL syntax to go into - the manual as a replacement for the old references. - -Daniel (17 February 2002) -- Philip Gladstone pointed out two missing include files that made curl core - dump on 64bit architectures. We need to pay more attention on these details. - It is *lethal* to for example forget the malloc() prototype, as 'int' is - 32bit and malloc() must return a 64bit pointer on these platforms. - -- Giaslas Georgios fixed a problem with Host: headers on repeated requests on - the same handle using a proxy. - -Daniel (8 February 2002) -- Hanno L. Kranzhoff accurately found out that disabling the Expect: header - when doing multipart formposts didn't work very well. It disabled other - parts of the request header too, resulting in a broken header. When I fixed - this, I also noticed that the Content-Type wasn't possible to disable. It is - now, even though it probably is really stupid to try to do this (because of - the boundary string that is included in the internally generated header, - used as form part separator.) - -Daniel (7 February 2002) -- I moved the config*.h files from the root directory to the lib/ directory. - -- I've added the new test suite HTTP server to the CVS repository, It seems to - work pretty good now, but we must make it get used by the test scripts - properly and then we need to make sure that it compiles, builds and runs on - most operating systems. - -Version 7.9.5-pre1 - -Daniel (6 February 2002) -- Miklos Nemeth provided updated windows makefiles and INSTALL docs. - -- Mr Larry Fahnoe found a problem with formposts and I managed to track down - and patch this bug. This was actually two bugs, as the posted size was also - said to be two bytes too large. - -- Brent Beardsley found out and brought a correction for the - CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I - accidentaly broke Giaslas Georgios' patch. - -Daniel (5 February 2002) -- Kevin Roth found yet another SSL download problem. - -Version 7.9.4 - -- no changes since pre-release - -Version 7.9.4-pre2 - -Daniel (3 February 2002) -- Eric Melville provided a few spelling corrections in the curl man page. - -Daniel (1 February 2002) -- Andreas Damm corrected the unconditional use of gmtime() in getdate, it now - uses gmtime_r() on all hosts that have it. - -Daniel (31 January 2002) -- An anonymous bug report identified a problem in the DNS caching which made it - sometimes allocate one byte too little to store the cache entry in. This - happened when the port number started with 1! - -- Albert Chin provided a patch that improves the gethostbyname_r() configure - check on HP-UX 11.00. - -Version 7.9.4-pre1 - -Daniel (30 January 2002) -- Georg Horn found another way the SSL reading failed due to the non-blocking - state of the sockets! I fixed. - -Daniel (29 January 2002) -- Multipart formposts now send the full request properly, including the CRLF. - They were previously treated as part of the post data. - -- The upload byte counter bugged. - -- T. Bharath pointed out that we seed SSL on every connect, which is a time- - consuming operation that should only be needed to do once. We patched - libcurl to now only seed on the first connect when unseeded. The seeded - status is global so it'll now only happen once during a program's life time. - - If the random_file or egdsocket is set, the seed will be re-made though. - -- Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets - curl_easy_getinfo() read the content-type from the previous request. - -Daniel (28 January 2002) -- Kjetil Jacobsen found a way to crash curl and after much debugging, it - turned out it was a IPv4-linux only problem introduced in 7.9.3 related to - name resolving. - -- Andreas Damm posted a huge patch that made the curl_getdate() function fully - reentrant! - -- Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with - CURLOPT_POSTFIELDS. You can now! - -Daniel (25 January 2002) -- Krishnendu Majumdar pointed out that the header length counter was not reset - between multiple requests on the same handle. - -- Pedro Neves rightfully questioned why curl always append \r\n to the data - that is sent in HTTP POST requests. Unfortunately, this broke the test suite - as the test HTTP server is lame enough not to deal with this... :-O - -- Following Location: headers when the connection didn't close didn't work as - libcurl didn't properly stop reading. This problem was added in 7.9.3 due to - the restructured internals. 'Frank' posted a bug report about this. - -Daniel (24 January 2002) -- Kevin Roth very quickly spotted that we wrongly installed the example - programs that were built in the multi directory, when 'make install' was - used. :-/ - -Version 7.9.3 - -Daniel (23 January 2002) -- Andrés García found a persistancy problem when doing HTTP HEAD, that made - curl "hang" until the connection was closed by the server. This problem has - been introduced in 7.9.3 due to internal rewrites, this was not present in - 7.9.2. - -Version 7.9.3-pre4 - -Daniel (19 January 2002) -- Antonio filed bug report #505514 and provided a fix! When doing multipart - formposts, libcurl would include an error text in the actual post if a - specified file wasn't found. This is not libcurl's job. Instead we add an - empty part. - -Daniel (18 January 2002) -- Played around with stricter compiler warnings for gcc (when ./configure - --enable-debug is used) and changed some minor things to stop the warnings. - -- Commented out the 'long long' and 'long double' checks in configure.in, as - we don't currently use them anyway and the code in lib/mprintf.c that use - them causes warnings. - -- Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how - to correct them. Two compiler warnings were removed as well. - -- Andrés García fixed two minor mingw32 building problems. - -Version 7.9.3-pre3 - -Daniel (17 January 2002) -- docs/libcurl-the-guide is a new tutorial for our libcurl programming - friends. - -- Richard Archer brought back the ability to compile and build with OpenSSL - versions before 0.9.5. - [https://sourceforge.net/p/curl/bugs/149/] - -- The DNS cache code didn't take the port number into account, which made it - work rather bad on IPv6-enabled hosts (especially when doing passive - FTP). Sterling fixed it. - -Daniel (16 January 2002) -- Georg Horn could make a transfer time-out without error text. I found it and - corrected it. - -- SSL writes didn't work, they return an uninitialized value that caused - havoc all over. Georg Horn experienced this. - -- Kevin Roth patched the curl_version() function to use the proper OpenSSL - function for version information. This way, curl will report the version of - the SSL library actually running right now, not the one that had its headers - installed when libcurl was built. Mainly intersting when running with shared - OpenSSL libraries. - -Version 7.9.3-pre2 - -Daniel (16 January 2002) -- Mofied the main transfer loop and related stuff to deal with non-blocking - sockets in the upload section. While doing this, I've now separated the - connection oriented buffers to have one for downloads and one for uploads - (as two can happen simultaneously). I also shrunk the buffers to 20K - each. As we have a scratch buffer twice the size of the upload buffer, we - arrived at 80K for buffers compared with the previous 150K. - -- Added the --cc option to curl-config command as it enables so very cool - one-liners. Have a go a this one, building the simple.c example: - - $ `curl-config --cc --cflags --libs` -o example simple.c - -Daniel (14 January 2002) -- I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we - only need to address all writes (send) too and then I'm ready for another - pre-release... - -- Stoned Elipot patched the in_addr_t configure test to make it work better on - more platforms. - -Daniel (9 January 2002) -- Cris Bailiff found out that filling up curl's SSL session cache caused a - crash! - -- Posted the curl questionnaire on the web site. If you haven't posted your - opinions there yet, go there and do it now while it is still there: - - https://curl.haxx.se/q/ - -- Georg Horn quickly found out that the SSL reading no longer worked as - supposed since the switch to non-blocking sockets. I've made a quick patch - (for reading only) but we should improve it even further. - -Version 7.9.3-pre1 - -Daniel (7 January 2002) -- I made the 'bool' typedef use an "unsigned char". It makes it the same on - all platforms, no matter what the platform thinks the default format for - char is. This was noticed since we made a silly comparison involving such a - bool variable, and only one compiler/platform combination (on Debian Linux) - complained about it (that happened to have its char unsigned by default). - -- Bug report #495290 identified a cookie parsing problem that was corrected. - When a Set-Cookie: line is received without a trailing semicolon, libcurl - didn't read the last "name=value" pair of the line, leading to confusions... - -- Sterling committed his updated DNS cache code. - -- I worked with Georg Horn and comments from Götz Babin-Ebell and switched - curl's socket operations completely over to non-blocking for the entire - operation (previously we used non-blocking only for the connection phase). - We had to do this to make the SSL connection phase timeout properly without - the use of signals. A little extra code to deal with this was added. - -- T. Bharath pointed out a slightly obscure cookie engine flaw. - -- Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should. - 204-replies never provides a response-body. This resulted in bad persistant - behavior when 204 was received. - -Daniel (5 January 2002) -- SM updated the VC++ library Makefiles for the new source files. - -Daniel (4 January 2002) -- I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in - two places in the source code). One happened with VERBOSE set on connects, - and the other when VERBOSE was on and krb4 over nat was used... I honestly - don't think anyone has suffered from these mistakes. - -- I replaced a lot of silly occurances of printf() to instead use the more - appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were - affected. - -- Philip Gladstone found a few more problems with 64-bit archs (the 64-bit - sparc on solaris 8). - -- After discussions on the libcurl list with Raoul Cridlig, I just made FTP - response lines get passed to the header callback if such a one is - registered. It'll make it possible for any application to get all the - responses an FTP server sends to libcurl. - -Daniel (3 January 2002) -- Sterling Hughes brought a few buckets of code. Now, libcurl will - automatically cache DNS lookups and re-use the previous results first if any - such is available. It greatly improves speed when doing many repeated - operations to the same host. - -- As the test case uses --include and then --head, I had to modify src/main.c - to deal with this situation slightly better than previously. When done, we - have 100% good tests again in the main branch. - -Daniel (2 January 2002) -- Made test case 25 run again in the multi-dev branch. But it seems that the - changes done on dec-20 made test case 104 cease to work (in both branches). - -- Philip Gladstone pointed out a few portability problems in the source code - that didn't compile on 64-bit sparcs using Sun's native compiler. -Daniel (20 December 2001) -- Björn Stenberg caught an unpleasent (but hard-to-find) bug that could cause - libcurl to hang on transfers over proxy, when the proxy was specified with - an environment variable! - -- Added code to make ftp operations treat the NO_BODY and HEADERS options - better: - - NO_BODY set TRUE and HEADERS set TRUE: - Return a set of headers with file info - - NO_BODY set FALSE - Transfer data as usual, HEADERS is ignored - - NO_BODY set TRUE and HEADERS set FALSE - Don't transfer any data, don't return any headers. Just perform the set - of FTP commands. - -Daniel (17 December 2001) -- Götz Babin-Ebell dove into the dark dungeons of the OpenSSL ENGINE stuff and - made libcurl support it! This allows libcurl to do SSL connections with the - private key stored in external hardware. - - To make this good, he had to add a bunch of new library options that'll be - useful to others as well: - - CURLOPT_SSLCERTTYPE set SSL cert type (PEM/DER) - CURLOPT_SSLKEY set SSL private key (file) - CURLOPT_SSLKEYTYPE: set SSL key type (PEM/DER/ENG) - CURLOPT_SSLKEYPASSWD: set the passphrase for your private key - (CURLOPT_SSLCERTPASSWD is an alias) - CURLOPT_SSLENGINE: set the name of the crypto engine - (returns CURLE_SSL_ENGINE_NOTFOUND on error) - CURLOPT_SSLENGINE_DEFAULT: set the default engine - - There are two new failure codes: - - CURLE_SSL_ENGINE_NOTFOUND - CURLE_SSL_ENGINE_SETFAILED - -Daniel (14 December 2001) -- We have "branched" the source-tree at a few places. Checkout the CVS sources - with the 'multi-dev' label to get the latest multi interface development - tree. The idea is to only branch affected files and to restrict the branch - to the v8 multi interface development only. - - *NOTE* that if we get bug reports and patches etc, we might need to apply - them in both branches! - - The multi-dev branch is what we are gonna use as main branch in the future - if it turns out successful. Thus, we must maintain both now in case we need - them. The current main branch will be used if we want to release a 7.9.3 or - perhaps a 7.10 release before version 8. Which is very likely. - -- Marcus Webster provided code for the new CURLFORM_CONTENTHEADER option for - curl_formadd(), that lets an application add a set of headers for that - particular part in a multipart/form-post. He also provided a section to the - man page that describes the new option. - -Daniel (11 December 2001) -- Ben Greear made me aware of the fact that the Curl_failf() usage internally - was a bit sloppy with adding newlines or not to the error messages. Let's - once and for all say that they do not belong there! - -- When uploading files with -T to give a local file name, and you end the URL - with a slash to have the local file name used remote too, we now no longer - use the local directory as well. Only the file part of the -T file name - will be appended to the right of the slash in the URL. - -Daniel (7 December 2001) -- Michal Bonino pointed out that Digital Unix doesn't have gmtime_r so the - link failed. Added a configure check and corrected source code. - -Version 7.9.2 - -Daniel (5 December 2001) -- Jon Travis found out that if you used libcurl and CURLOPT_UPLOAD and then - on the same handle used CURLOPT_HTTPGET it would still attempt to upload. - His suggested fix was perfect. - -Daniel (4 December 2001) -- Incorporated more macos fixes and added four specific files in a new - subdirectory below src. - -Daniel (3 December 2001) -- Eric Lavigne reported two problems: - - First one in the curl_strnequal() function. I think this problem is rather - macos 9 specific, as most platform provides a function to use instead of the - one provided by libcurl. - - A second, more important, was in the way we take care of FTP responses. The - code would read a large chunk of data and search for the end-of-response - line within that chunk. When found, it would just skip the rest of the - data. However, when the network connections are special, or perhaps the - server is, we could actually get more than one response in that chunk of - data so that when the next invoke to this function was done, the response - had already been read and thrown away. Now, we cache the data not used in - one call, as it could be useful in the subsequent call. Test case 126 was - added and the test ftp server modified, to exercise this particular case. - -Version 7.9.2-pre8 - -Daniel (2 December 2001) -- Bug report #487825 correctly identified a problem when using a proxy and - following a redirection from HTTP to HTTPS. libcurl then re-used the same - proxy connection but without doing a proper HTTPS request. - -- Fixed win32 compiling quirks. - -Version 7.9.2-pre7 - -Daniel (30 November 2001) -- Documented --disable-epsv and CURLOPT_FTP_USE_EPSV. - -Daniel (29 November 2001) -- Added --disable-epsv as an option. When used, curl won't attempt to use the - EPSV command when doing passive FTP downloads. Wrote a test case for it. - -- Eric provided a few more fixes for building on Macs. He also pointed out - a flaw in the signal handler restoration code. - -Daniel (28 November 2001) -- Fiddled with some Tru64 problems reported by Dimitris Sarris. They appeared - only when using VERBOSE ftp transfers. Do we use a too small buffer for - gethostbyaddr_r(), was the lack of using in_addr_t wrong or is it that the - hostent struct must be blanked before use? With Dimitris help and these - patches, the problems seem to be history. - -- CURLOPT_FTP_USE_EPSV was added and can be set to FALSE to prevent libcurl - from using the EPSV command before trying the normal PASV. Heikki Korpela - pointed out that some firewalls and similar don't like the EPSV so we must - be able to shut if off to work everywhere. - -- I added a configure check for 'in_addr_t' and made the ftp code use that to - receive the inet_addr() return code in. Works on Solaris and Linux at - least. The Linux man page for inet_addr() doesn't even mention in_addr_t... - -- Adjusted (almost) all FTP tests to the new command sequence. - -- FTP command sequence changes: - - EPSV is now always attempted before PASV. It is the final touch to make IPv6 - passive FTP downloads to work, but EPSV is not restricted to IPv6 but works - fine with IPv4 too on the servers that support it. - - SIZE is now always issued before RETR. It makes curl know the actual - download size before the download takes place, as it makes it less important - to find the size sent in RETR responses. Many sites don't include the size - in there. - - Both these changes made it necessary to change the test suite's ftp server - code, and all FTP test cases need to be checked and adjusted! - -Daniel (27 November 2001) -- Hans Steegers pointed out that the telnet code read from stdout, not stdin - as it is supposed to do! - -Version 7.9.2-pre6 - -Daniel (27 November 2001) -- Eric Lavigne's minor changes to build on MacOS before OS X were applied. - -- greep at mindspring.com provided a main index.html page for our release - archive docs directory. It just links to all the existing HTML files, but - I think it may come useful to people. - -- There's now some initial code to support the EPSV FTP command. That should - be used to do passive transfers IPv6-style. The code is still #if 0'ed in - lib/ftp.c as I have no IPv6 ftp server to test this with. - -Daniel (26 November 2001) -- Robert Schlabbach had problems to understand how to do resumed transfers, - and I clarified the man page -C section somewhat. - -Version 7.9.2-pre5 - -Daniel (22 November 2001) -- Andrés García helped me out to track down the roots of bug report #479537, - which was concerning curl returning the wrong error code when failing to - connect. This didn't happen on all systems, and more specificly I've so far - only seen this happen on IPv4-only Linux hosts. - -- I applied the fixes for the two bugs Eric Lavigne found when doing his MacOS - port. A missing comma in arpa_telnet.h and a pretty wild write in the FTP - response reader function. The latter write is however likely to occur in our - own buffer unless very big FTP server replies (>25K) are read. I've never - seen such a reply ever, so I think this is a relatively minor risk. - -Daniel (21 November 2001) -- Moonesamy provided code to prevent junk from being output when libcurl - returns an error code but no error description and that corrects how make is - run in the Makefile.dist file (that appears as root Makefile in release - archives). - -- Eric Lavigne mailed me bugfixes and patches for building libcurl on MacOS - (non-X). - -- Kevin Roth modified the cygwin files once again, now to build against the - shared OpenSSL DLLs. - -Version 7.9.2-pre4 - -Daniel (20 November 2001) -- Georg Horn brought a patch that introduced CURLINFO_STARTTRANSFER_TIME, - complete with man page updates! - -Daniel (19 November 2001) -- Miklos Nemeth provided details enough to update the Borland makefile - properly. - -- Lars M Gustafsson found a case with a bad free(). In fact, it was so bad I'm - amazed we never saw this before! - -- Kevin Roth patched the cygwin Makfile. - -Daniel (16 November 2001) -- Klevtsov Vadim fixed a bug in how time-conditionals were sent when doing - HTTP. - -Version 7.9.2-pre3 - -Daniel (14 November 2001) -- Samuel Listopad patched away the problem with SSL we got when someone call - curl_global_init() => curl_global_cleanup() => curl_global_init(). The - second init would not "take" and SSL would be unusable with curl from that - point. This doesn't change the fact that calling the functions that way is - wrong. curl_global_init() should be called exactly once and not more. - -Daniel (13 November 2001) -- Fixed some minor variable type mixups in ftp.c that caused compiler warnings - on HP-UX 11.00. - -- The FTP fix I did yesterday used an uninitialized variable that caused - spurious errors when doing FTP. - -Version 7.9.2-pre2 - -Daniel (12 November 2001) -- Ricardo Cadime fell over a multiple-requests problem when first a FTP - directory fetch failed and then a second request is made after that. The - second request happened to get the FTP server response back from the - previous request, when it did its initial CWD command. - -- Bjorn Reese pointed out that we could improve the time diff function to - prevent truncation a bit. - -- Kai-Uwe Rommel made me aware that -p (http proxy tunnel) silly enough didn't - work for plain HTTP requests! So I made that work. - -Version 7.9.2-pre1 - -Daniel (12 November 2001) -- Rewrote the Curl_ConnectHTTPProxyTunnel(). It should now not only work a lot - faster, it should also support such ("broken") proxies that John Lask - previously have reported problems with. His proxy sends a trailing zero byte - after the end of the (proxy-) headers. I've tested this myself and it seems - to work on a proxy the previous version also worked with...! This rewrite is - due to the problems John Lask previously experienced. - -- Andrés García found out why the "current speed" meter sometimes showed 2048K - for very quick transfers. It turned out the "time diff"-function returned a - zero millisecond diff. We now always say it is at least one millisecond! In - reality, these timers very rarely have that good resolution so even though - the time diff was longer than 1 millisecond, it was reported as no diff. - -- I also modified the getinfo() again when returning times, as Paul Harrington - reports that 7.9.1 only returns times with 1 second accuracy, which indeed - is wrong. - -Daniel (8 November 2001) -- Marcus Webster found out that curl_formadd() could read one byte outside a - buffer boundary, which then of course could lead to a crash. Marcus also - gracefully provided a patch for this this. - -- Glen Scott ran configure on his Cobalt Qube and it didn't figure out the - correct way of calling gethostbyname_r() and thus failed to resolve hosts. - This is two errors: it shouldn't continue the configure script if it finds - gethostbyname_r() but can't figure out how to use it, and it should really - figure out how to use it as it was running Linux and we know how that - works... - -Daniel (7 November 2001) -- docs/VERSIONS is a new file in the archive that explains the version number - system we use in the curl project. - -- Did some more fixes that now makes libcurl only ignore signals as long as - it needs to, and then restore (if any) previous signal handler again. - -Daniel (6 November 2001) -- Enrik Berkhan posted bug report #478780, in which he very correctly pointed - out two bad timeout matters in libcurl: we didn't restore the sigaction - struct (the alarm handler for SIGALRM) nor did we restore the previous - alarm() timeout that could've been set by a "parent" process or similar. - -- Kevin Roth made the cygwin binary get stripped before install. - -Daniel (5 November 2001) -- Detlef Schmier reported that curl didn't compile using Solaris 8 with the - native cc compiler. It was due to a bad function prototype. Fixed now. - Unfortunately, I can't enable the -Wstrict-prototypes in my debug builds - though, as gcc then complains like crazy on OpenSSL include files... :-( - -- John Lask provided SSL over HTTP proxy fixes. They'll need some tweaking - to work on all platforms. - -- John Lask added the -1/--TLSv1 options that forces SSL into using TLS - version 1 when speaking HTTPS. - -- John Lask brought a brand new VC++ makefile for the lib directory, that - works a lot better than the previous! - -- Ramana Mokkapati brought some clever insights on the LDAP failures (bug - report #475407), and his suggested changes are now applied. - -Version 7.9.1 - -Daniel (4 November 2001) -- I've added a number of new test cases the last few days. A few of them since - I got reports that hinted on problems on timeouts, so I added four tests - with timeouts for all sorts of protocols and stuff. I also came to think of - a few other error scenarios that we currently didn't test properly, so I - wrote up tests for a few of those too. - -Daniel (2 November 2001) -- Replaced read() and write() with recv() and send() for socket operations - even under normal unixes. - -Daniel (1 November 2001) -- When an FTP transfer was aborted due to a timeout, it wasn't really aware of - how many bytes that had been transferred and the error text always said 0 - bytes. I modified this to output the actually transferred amount! :-) - -- The FTP fixes in pre7 didn't compile on IPv6 enabled hosts. Does now. I also - added more comments in the lib/ftp.c source file. - -- Minor updates to the FAQ, added a brand new section to the web site about - the name issue (who owns "curl"? will someone sue us? etc etc): - https://curl.haxx.se/legal/thename.html - -Version 7.9.1-pre7 - -Daniel (31 October 2001) -- The curl_easy_getinfo() timers accidentally lost their subsecond accuracy as - the calculations used longs instead of doubles! Paul Harrington reported. - -- The SSL SocketIsDead() checks weren't good enough (as expected really), so I - had to add a generic internal try-it-out system. If the request on a re-used - connection seems to fail, then we go back and get a new (fresh) connection - and re-tries the request on that instead. It kind of makes the - SocketIsDead() check obsolete, but I think it is a quicker way for those - cases where it actually discovers that the connection is dead. - -- When fixing the above, I noticed that we did quite a few writes to sockets - in libcurl where we didn't check the return code (that it actually worked to - send the data). With the new "attempted request" system we must detect those - situations so I went over a bunch of functions, changed return types and - added checks for what they actually return. - -Version 7.9.1-pre6 - -Daniel (31 October 2001) -- Paul Harrington detected a problem with persistant SSL connections. Or to be - more exact, we didn't properly detect that the connection was dead and then - a second connection would try to re-use it wrongly. The solution to this - problem is still not very clear and I'm working on it. One OpenSSL insider - said there is no way to know if the SSL connection is alive or not without - actually trying an operation. - -Daniel (30 October 2001) -- If a cookie was read from a file, it could accidentally strdup() a NULL - pointer. Paul Harrington reported. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.25&r2=1.26] - -- The MANUAL file now documents -t correctly. I also fixed the -T description - in the curl.1 man page. - -Daniel (29 October 2001) -- John Janssen found out that curl_formadd was missing in the libcurl.def file - and that the docs stated the wrong return type for the function. - -- Andrés García found a bug with multiple files in the curl_formadd() function, - that I removed with this patch [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/formdata.c.diff?r1=1.25&r2=1.26]. - -- Kevin Roth brought another patch that moved the cygwin package files to the - packages/Win32/cygwin directory. - -- A bug in the connection re-use logic made repeated requests to the same FTP - server (when using name+pasword in the URL) sometimes use more than one - connection. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/url.c.diff?r1=1.166&r2=1.167] - -- Moonesamy tracked down and fixed a problem with the new 7.9.1 connect - code. This corrected the error Kevin Roth reported on the 7.9.1-pre5 release - (test 19)... - [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/connect.c.diff?r1=1.13&r2=1.14] - -Daniel (26 October 2001) -- Added test28 which verifies that "Location:"-following works even if the - contents is separated with more than one space. - -Daniel (25 October 2001) -- Ramana Mokkapati pointed out that LDAP transfers would 'hang' after the - correct data has been output. - -Version 7.9.1-pre5 - -Daniel (24 October 2001) -- T. Bharath found a memory leak in the cookie engine. When we update a cookie - that we already knew about, we lost a chunk of memory in the progress... The - brand new test case 27 now tests for this occurrence. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.24&r2=1.25] - -Daniel (23 October 2001) -- pack_hostent() didn't properly align some pointers, so at least SPARC CPUs - would core. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/hostip.c.diff?r1=1.34&r2=1.35] - -Daniel (22 October 2001) -- Tom Benoist reported that this SGI IRIX compiler didn't handle indented - preprocessor instructions, so they're no longer in the source code! - -- Applied Kevin Roth's patches to make it easier to build cygwin packages from - the out-of-the-box curl release archives. - -- I forgot to mention it below, but libcurl now closes connections that report - transfer failures. Unconditionally. This could be made more nicely in the - future if we set a flag or something that the connection is still good to be - used for the errors that know that for a fact. We have to close the - connection for the cases where we abort for example a HTTP transfer in the - middle, or otherwise we might re-use that connection later with lots of data - still being sent to us on it. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.63&r2=1.64] - -Daniel (19 October 2001) -- CURLE_GOT_NOTHING is now returned when a HTTP server doesn't return - anything, not even a header. test case 37 was added to test for this. - -- T. Bharath made curl_easy_duphandle() properly clone the cookie status as - well. - -Version 7.9.1-pre4 - -Daniel (18 October 2001) -- CURLOPT_FAILONERROR, set with "curl --fail" no longer returns an error if - the HTTP return code is below 400. - -Daniel (17 October 2001) -- The test suite now kills any running test http server when you re-start the - tests. - -- We had to remove 'use strict' from two perl scripts, as the cygwin - adjustments didn't play nicely otherwise for some reason. Any perl wizard - out there who can put the scrict back and still make it run good on unix and - cygwin? - -- A potential memory leak pointed out to us by Yanick Pelletier was removed. - It would occur when a http file transfer fails. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.60&r2=1.61] - -- The memory debugging system should no longer display anything to stderr - if the curl_memdebug() hasn't been used to explicitly say so. This makes it - easier to use the memory debug system and switch the logging on/off. - -Daniel (16 October 2001) -- Kevin Roth provided fixes for building curl nicer in cygwin environments. - -Daniel (12 October 2001) -- Cleaning up the progress meter/info code. The "current speed" is now more - accurate than before as we now use the true time spent between the measures, - and not just "assuming" every-second-update like before. The output should - now also be of the same width at all times, never to show "extra" zeroes on - the right edge. - -- After talking about possible Location: bugs on the mailing list, I modified - the "absolute URL" checker in lib/transfer.c to be more strict when checking - if the redirected URL is absolute. - -Daniel (11 October 2001) -- Kevin Roth provided patches that make the test suite run fine on Windows - 2000 running cygwin. - -Daniel (10 October 2001) -- Setting the -c or the CURLOPT_COOKIEJAR option now enables the cookie parser. - Previously -b or CURLOPT_COOKIEFILE was also required for the jar to work. - -Version 7.9.1-pre3 - -Daniel (9 October 2001) -- Added a new option to the command line client: -0/--http1.0. It uses the new - libcurl option CURLOPT_HTTP_VERSION to request that libcurl uses HTTP 1.0 - requests instead of the default version (1.1). It should only be used if you - really MUST do that because of a silly remote server. - -- Renamed the 'TimeCond' typedef in curl/curl.h to use a 'curl_' prefix as - all public curl-symbols should. - -- libcurl now explicitly ignores the SIGPIPE signal. - -Daniel (8 October 2001) -- Kevin Roth's change to the cookie-jar comment (in the stored file) was - applied. - -- Lucas Adamski's minor bug in the bind error code failf() was fixed. - -Daniel (5 October 2001) -- Moonesamy fixed the Curl_connecthost() function to not give compiler errors - on a bunch of compilers, due to the argument named 'socket'. - -- Moonesamy also provided updated VC++ makefiles and project files. - -Version 7.9.1-pre2 - -Daniel (4 October 2001) -- Albert Chin provided a configure patch that makes the script detect proper - gethostbyname_r() method without actually running any code, only compiling - is necessary. This also removes the need of having a resolving 'localhost' - name. - -- Found and removed memory leakage (name resolve data) in libcurl on - IPv6-enabled hosts. These could sneak through because we didn't have any - resource tracing on the IPv6-related functions. We do now. - -Daniel (3 October 2001) -- Keith McGuigan patched away a (mainly Windows-) problem with the name - resolver data being kept in the static memory area, which is removed when a - thread is killed. The curl handle itself though perfectly handles being - passed between threads. - -- Dirk Eddelbuettel reported an odd bug that turned out to be his proxy that - required an Authorization: header. Now, proxies are not supposed to require - that header, that is for true servers... - -- I accidentally ruined Georg's curl_formadd(). Uh, bad me. Corrected now. - -Version 7.9.1-pre1 - -Daniel (3 October 2001) -- Georg Huettenegger once again made an effort beyond the call of duty and not - only improved the curl_formadd() function, but also took care of adjusting - the curl command line client to use this new function instead of the - obsoleted curl_formparse. - -Daniel (2 October 2001) -- Major fix in how libcurl does TCP connects. It now does non-blocking - connects to enable good timeouts without signals, and it now tries all IP - addresses for any given host (if it resolves more than one and the first - one(s) don't connect). Added a new source file 'connect.c' to deal with all - the TCP connect stuff. - -- We now support IPv4-style IP-addresses in rfc2732-format, to better support - people writing scripts without knowing what address there is. - -Daniel (28 September 2001) -- Cleanups in the FTP source code. Divided the code into even more smaller - functions and generally tried to make the differences between IPv4 and IPv6 - get less noticable in the sources. - -- If the remote file time is not readable/accessable/understood by libcurl, - libcurl now returns -1 in the CURLINFO_FILETIME data, not 0 as it previously - did. This should make curl not touch the file data unless there was a known - remote date when -R is used. - -Daniel (27 September 2001) -- Working on getting non-blocking connects working platform independent. We - will also make curl try all IPs for a given host if the first one should - fail. - -Daniel (26 September 2001) -- Kevin Roth provided a cookie example that proved the cookie jar - functionality wasn't working properly. I added test case 46 and made it - work. - -Daniel (25 September 2001) -- Jörn Hartroth updated the mingw32 makefiles. - -Version 7.9 - -Daniel (23 September 2001) -- Found and removed a 'socket leak' that would occur on IPv6 enabled hosts - when FTP RETR failed. - -- Made the FTP upload tests run fine on machines with IPv6 enabled. - -Version 7.9-pre8 - -Daniel (19 September 2001) -- Vojtech Minarik set up a special-purpose test server and provided me with - test certificates in order for me to repeat the bug reports #440068 and - #440373. It turned out we didn't check all the error codes properly. We do - now, and connecting with a unacceptable certificate will make libcurl fail - to connect with an error code returned. - -- Ramana Mokkapati found a case when the Location: following code did wrong. - I wrote a test case for this (45). - -Version 7.9-pre7 - -Daniel (17 September 2001) -- Linus Nielsen Feltzing fixed telnet for win32. It makes libcurl require - winsock 2.0. - -Version 7.9-pre6 - -- libtool 1.4.2 is now in use! - -Version 7.9-pre5 - -Daniel (14 September 2001) -- Added another 14 ftp tests. - -Daniel (13 September 2001) -- Added curl_easy_duphandle() to the easy.h header file. It has now been - tested and proved to work in a real-world tests by T Bharath. We still need - to write up some docs for this function. - -- Added four more ftp tests to the test suite. - -Daniel (12 September 2001) -- CURLOPT_SSL_CIPHER_LIST was added, and the curl tool option is named - --ciphers. Use them to specify a list of ciphers to use in the SSL - connection. - -- T. Bharath found a memory leak in libcurl's windows version. It turned out - to be the new duphandle() that didn't quite work yet. - -Version 7.9-pre4 - -Daniel (11 September 2001) -- Added verbose output for SSL connections that output the server - certificate's start and expire dates. As suggested by Paul Harrington. - -- Heikki Korpela found problems in the perl ftp server used for the test - suite, when he runs on on OpenBSD with perl 5.6. Some changes have been - made, but nothing really certain. - -- T. Bharath has experienced problems with libcurl's stack usage on windows - and works on reducing it. - -Daniel (10 September 2001) -- Cris Bailiff fixed the perl interface. It stopped working since the changed - behavior with WRITEHEADER and NULL pointers. - -- The "output cookies" function could dump core if no cookies were enabled. - -Daniel (7 September 2001) -- SM pointed out that the SSL code didn't compile any longer if SSL was - disabled... Also, we needed to correct the #include for the utime stuff on - windows. - -Daniel (6 September 2001) -- T. Bharath pointed out a flaw in the SSL session cache code that made it - sometimes read from a NULL pointer. - -Version 7.9-pre3 - -Daniel (3 September 2001) -- Added the -R/--remote-time option, that uses the remote file's datestamp to - set the local file's datestamp. Thus, when you get a remote file your local - file will get the same time and date. Note that this only works when you use - -o or -O. - -- Installed libtool 1.4.1, libtoolized and everything. - -Daniel (1 September 2001) -- Heikki Korpela pointed out that I did not ship the proper libtool stuff in - the pre-releases, even though that was my intention. libtoolize has now - been re-run. - -- Heikki also patched away the bad use of 'make -C' in the test suite - makefile. make -C is not very portable and is now banned from here. - -Version 7.9-pre2 - -Daniel (31 August 2001) -- I just made a huge internal struct rehaul, and all the big internally used - structs have been renamed, redesigned and stuff have been moved around a bit - to make the source easier to follow, more logically grouped and to hopefully - decrease future bugs. I also hope that this will make new functions to get - easier to add, and make it less likely that we have bugs left like the URL- - free bug from August 23. - -Version 7.9-pre1 - -Daniel (29 August 2001) -- The new cookie code have enabled the brand new '-c/--cookie-jar' option. Use - that to specify the file name in which you want to have all cookies curl - knows of, dumped to. It'll be written using the netscape cookie format. - - This is internally done with the new CURLOPT_COOKIEJAR option to libcurl, - which in turn dumps this information when curl_easy_cleanup() is invoked. - There might be reasons to re-consider my choice of putting it there. Perhaps - it is better placed to get done just before *_perform() is done. It is all - of course depending on how you guys want to use this feature... - -- Added ftpupload.c in the source examples section, based on source code posted - by Erick Nuwendam. - -Daniel (28 August 2001) -- Now running libtool CVS branch-1-4 to generate stuff. Should fix problems - on OpenBSD and hopefully on FreeBSD as well! - -- Georg Huettenegger modified the curl_formadd() functionality slightly, and - added support for error code 417 when doing form post and using the Expect: - header. Great work! - -- Made some tests with cached SSL session IDs, and they seem to work. There - should be a significant speed improvement in the SSL connection phase, but - in my tiny tests it just isn't possible to notice any difference. Like other - caching in libcurl, you must reuse the same handle for the caching to take - effect. SSL session ID caching is done on a per host-name and destination - port number basis. - - Set verbose, and you'll get informational tests when libcurl detects and - uses a previous SSL session ID. - -- Upgraded to automake 1.5 on my development/release machine. - -Daniel (27 August 2001) -- Slowly started writing SSL session ID caching code - -Daniel (24 August 2001) -- T. Bharath removed compiler warnings on windows and updated the MS project - files. - -- Kevin Roth reported two kinds of command line constructs with the new -G that - curl didn't really deal with the way one would like. - -- Tim Costello patched away a use of strcasecmp() in the SSL code. We have our - own portable version named strequal() that should be used! - -- Tim also pointed out a problem in the lib/Makefile.vc6 file that made it mix - debug object modules causing confusions. - -Daniel (23 August 2001) -- T. Bharath accurately found a libcurl bug that would happen when doing a - second invoke of curl_easy_perform() with a new URL when the previous invoke - followed a Location: header. - -- Started the improvement work on the cookie engine: - - Now keeps cookies in the same order as the cookie file - - A write to the possibly static string was removed - - Added a function that can output all cookies - - Now supports reading multiple cookie files - -- Steve Lhomme corrected a DLL naming issue in the MSVC++ project file. - -- Split up the monster function in lib/ftp.c to use more smallish functions to - increase readability and maintainability. - -Daniel (21 August 2001) -- Georg Huettenegger's big patch was applied. Now we have: - o "Expect: 100-continue" support. We will from now on send that header in - all rfc1867-posts, as that makes us abort much faster when the server - rejects our POST. Posting without the Expect: header is still possible in - the standard replace-internal-header style. - o curl_formadd() is a new formpost building function that is introduced to - replace the now deprecated curl_formparse() function. The latter function - will still hang around for a while, but the curl_formadd() is the new way - and correct way to build form posts. - o Documentation has been updated to reflect these changes - - These changes are reason enough to name the next curl release 7.9... - -- We now convert man pages to HTML pages and include them in the release - archive. For the pleasure of everyone without nroff within reach. - -- Andrés García's suggested flushing of the progress meter output stream was - added. It should make the progress meter look better on Windows. - -- Troy Engel pointed out a mistake in the configure script that made it fail - on many Red Hat boxes! - -Daniel (20 August 2001) -- We need an updated libtool to make a better build environment for OpenBSD - as well as FreeBSD - -Version 7.8.1 - -Daniel (20 August 2001) -- Brad pointed out that we ship two extra libtool files in the tarballs that - we really don't need to! Removing them makes the gz-archive about 60K - smaller! - -- Albert Chin brought fixes for the configure script to detect socklen_t - properly as well as moving lots of our custom autoconf macros to - acinclude.m4. - -Daniel (19 August 2001) -- Moonesamy improved his -G feature for host names only URLs... - -Daniel (17 August 2001) -- Finally cleaned up the kerberos code to use Curl_ prefixes on all global - symbols and to not use global variables. - -Version 7.8.1-pre6 - -Daniel (16 August 2001) -- S. Moonesamy added the -G option to curl, that converts the data specified - with -d to a GET request. Default action when using -d is POST. When -G is - used, the -d specified data will be appended to the URL with a '?' - separator. As suggested previously by Kevin Roth. - -- curl-config --libs should now display all linker options required to link - with libcurl. It includes the path and options for libcurl itself. - curl-config --cflags displays the compiler option(s) needed to compile - source files that use libcurl functions. Basically, that sets the include - path correct. - -Daniel (15 August 2001) -- Arkadiusz Miskiewicz pointed out a mistake in how IPv6-style IP-addresses - were parsed and used. (RFC2732-format) - -- Bug #12733 over on php.net identified a problem in libcurl that made it core - dump if you used CURLOPT_POST without setting any data to post with - CURLOPT_POSTFIELDS! This is no longer the case. Not using CURLOPT_POSTFIELDS - now equals setting it to no data at all. - -- Ramana Mokkapati reported that curl with '-w %{http_code}' didn't work - properly when used for multiple URLs on a single command line. Indeed, the - variable was not reset between the requests. This is now fixed. - -- David James fixed the Borland makefile so that libcurl still compiles and - builds with that compiler. - -Daniel (14 August 2001) -- Oops. I ruined Nico's socklen_t define in config-vms.h, corrected it now. - -- An older item not mentioned here before: CURL_GLOBAL_WIN32 is a define for - windows users to curl_global_init(), that makes libcurl init the winsock - stuff. If libcurl is all socket stuff you do, then allowing it to fiddle - with this is a comfortable shortcut to fame. - -Version 7.8.1-pre5 - -Daniel (14 August 2001) -- Nico Baggus provided more feedback from his VMS porting efforts and a few - minor changes were necessary. - -- I modified configure.in so that --enable-debug sets more picky gcc options. - I then removed almost all the new warnings that appeared, and by doing so I - corrected the size_t-treated-as-signed problem that has been discussed on - the mailing list previously. I also removed a bunch of the just recently - added #ifdef VMS lines. - -- I removed the use of a global variable in the SSL code. It was once - necessary but hasn't been needed since OpenSSL 0.9.4. The old code should - (hopefully) still work if libcurl is built against an ancient version of - OpenSSL. - -Daniel (13 August 2001) -- Peter Todd posted a patch that now allows non-file rc1867-style form posts - to be larger than 4K. - -Daniel (10 August 2001) -- S. Moonesamy fixed bugs for building debug and SSL lib in VC makefile - -Daniel (9 August 2001) -- The redirected error stream was closed before the curl_easy_cleanup() call - was made, and when VERBOSE was enabled, the cleanup function tried to use - the stream. It could lead to a segmentation fault. Also, the stream was - closed even if we looped to get more files. Corrects Dustin Boswell's bug - report #441610 - -- Now generates the release configure script with autoconf 2.52 - -Version 7.8.1-pre4 - -Daniel (8 August 2001) -- curl -E uses a colon to separate a file name from a passphrase. This turned - out really bad for the windows people who wants to include a drive letter in - the file name like "c:\cert.pem". There's now a win32 work-around - implemented that tries work around that, when the colon seems to be used for - this kind of construct. - -- Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST, which makes curl - verify the server's CN field when talking https://. If --cacert is not used, - any failures in matching is only displayed as information (-v). - -Daniel (7 August 2001) -- Wrote up nine more test cases, more or less converted from the former test - suite. - -Daniel (6 August 2001) -- Heikki Korpela posted a patch that makes 'curl-config --libs' include the - directory in which libcurl itself is installed in. While this wasn't my - initial intention with this option, it makes sense and makes linking with - libcurl easier. - -- Stefan Ulrich pointed out to us that other tools and libraries treat file:// - URLs with only one slash after the host name slighly different than libcurl - does. Since all the others seem to agree, we better follow them. - -- Nico Baggus provided us with a huge set of fixes to make curl compile and - build under OpenVMS. - -Version 7.8.1-pre3 - -Daniel (6 August 2001) -- Jonathan Hseu noticed that you couldn't get a header callback unless you - set CURLOPT_WRITEHEADER to non-NULL, even if you didn't care about that - data. This is now fixed. - -Daniel (5 August 2001) -- Sergio Ballestrero provided a patch for reading responses from NCSA httpd - 1.5.x servers, as they return really screwed up response headers when asked - for with HTTP 1.1. - -- curl_escape() no longer treats already encoded characters in the input - string especially. - -Daniel (3 August 2001) -- I replaced the former lib/arpa_telnet.h file with one I wrote myself, to - avoid the BSD annoucement clause of the license in the former file. - -- Andrew Francis provided a new version of base64.c to work around the license - boiler plate that came with the previous one. I patched it, but the glory - should go to Andrew for his heads up. - -- Tomasz Lacki noticed that when you do repeated transfers with libcurl you - couldn't always reliably change HTTP request. This has now been fixed and a - new libcurl option was added: CURLOPT_HTTPGET, that can force the HTTP - requestr (back) to GET. - -- Linus Nielsen Feltzing pointed out that httpsserver.pl wasn't included in - release archives. It should be now. - -Daniel (2 August 2001) -- Frank Keeney pointed out a manual mistake for certificate convertions. - -- Tomasz Lacki pointed out a problem in the transfer loop that could make the - select() loop use far too much CPU. - -- Pawel A. Gajda pointed out an output mistake done when using libcurl's - progress callback. - -Daniel (29 June 2001) -- Naveen Noel noticed that the Borland library makefile wasn't updated. - -- Nic Roets brought a fix for the certificate verification when using SSL. - -Daniel (27 June 2001) -- Made the FTP tests run OK even on machines running curl IPv6-enabled. - -- Troy Engel corrected some RPM package details. - -Version 7.8.1-pre2 - -Daniel (25 June 2001) -- Björn Stenberg correctly identified a problem that occurred when downloading - several files with curl, and using resume. The first file's resume index was - then used for all files, resulting in weird results... - -- Anton Kalmykov provided a fix that makes curl work with form field names - with spaces like when -F is used. - -Version 7.8.1-pre1 - -Daniel (20 June 2001) -- Mike Bytnar provided a fine report that proved that the --with-ssl option - for configure needed tweaking. It no longer searches the default directories - for OpenSSL libs or directories when a specified path is given. - -Daniel (19 June 2001) -- When an FTP transfer is cut off during transfer, curl could present a truly - garbaged error message and in worst case dump core. Thanks to detailed - reports from Shawn Poulson we nailed this. - -Daniel (12 June 2001) -- Salvador Dávila provided a fix for FTP range downloads. - -- Added a few more test cases from the former test suite to the new file - format. We're now at a total of 26 tests. - -Daniel (11 June 2001) -- libcurl's version-info was wrong, as noted by both Domenico Andreoli and - David Odin. - -Daniel (7 June 2001) -- Jörn fixed the curl_unescape duplicate entry in lib/libcurl.def - -- I made SSL certificate failure messages to be more detailed. - -Version 7.8 - -Daniel (7 June 2001) -- SDavila provided a resumed download fix. - -Version 7.8-pre4 - -Daniel (1 June 2001) -- Sterling provided some new PHP examples. - -- Changed the CVS hierarchy and the older checkout instruction does no longer - work. We moved the entire source code into a CVS module named 'curl'. - -Daniel (31 May 2001) -- CURLOPT_MUTE does not exist anymore. It is still present in the include file - to not cause compiler errors for applications using it, but it isn't used - anywhere in the library. - -Version 7.8-pre3 - -Daniel (31 May 2001) -- Once and for all fixed the _REENTRANT mess for Solaris compiles to present - less warnings. - -- Sterling Hughes tirelessly points out and corrects my mistakes...! So, - curl_global_init() now lets the argument flags *SET* what parts to - init. CURL_GLOBAL_DEFAULT makes a nice default, CURL_GLOBAL_ALL inits all - known subsystems and CURL_GLOBAL_NONE inits nothing more than absolutely - necessary. Man page updated accordingly. - -- Fixed the strtok.h include file as it wouldn't compile on all platforms! - -Daniel (30 May 2001) -- Made libcurl by default act as if CURLOPT_MUTE and CURLOPT_NOPROGRESS were - set TRUE. Set them to FALSE to make libcurl more talkative. The *_MUTE - option is subject for complete removal... - -Version 7.8-pre2 - -Daniel (30 May 2001) -- Cris Bailiff wrote a makefile for building Solaris packages. - -- Sterling Hughes brought fixes for 'buildconf' (the build-from-CVS tool) and - we discussed and added a few CURL_GLOBAL_* flags in include/curl.h - -- Kjetil Jacobsen privately announced his python interface to libcurl, - available at http://pycurl.io/ - -Daniel (29 May 2001) -- Sterling Hughes fixed a strtok() problem in libcurl. It is not a thread- - safe function. Now configure checks for a thread-safe version, and - lib/strtok.c offers one for the systems that don't come with one included! - -- Mettgut Jamalla correctly pointed out that the -# progress bar was written - to stderr even though --stderr redirection was used. This is now corrected. - -- I moved out the list of contributors from the curl.1 man page and made a - separate docs/THANKS file. It makes the list easier to find, and made it - easier for me to make a separate web page with that same information. - - I really do want all you guys mentioned in there to feel you get the credit - you deserve. - -- lib/easy.c didn't compile properly in the 7.8-pre1 due to a silly mistake - -Version 7.8-pre1 - -Daniel (28 May 2001) -- curl-config now supports '--vernum' that outputs a plain hexadecimal version - of the libcurl version number (using 8 bits for each 3 numbers). Version - 7.7.4 appears as 070704 - -- Wrote man pages for curl_global_init and curl_global_cleanup... - -- T. Bharath brought news about the usage of the OpenSSL interface that was - not previously taken into consideration and thus caused libcurl to leak - memory. The only somewhat sane approach to fix this dilemma, is adding two - two new functions curl_global_init() and curl_global_cleanup() that should - be called *ONCE* by the application using libcurl. The init should be done - only at startup, no matter how many threads the application is gonna use, - and the cleanup should be called when the application has finished using - libcurl completely. - - *** UPGRADE NOTICE *** - - If you write applications using libcurl, you really want to use the two - functions mentioned above !!! - - I can't say I think this is a very beautiful solution, but as OpenSSL - insists on making lots of stuff on a "global" scope, we're forced to walk - the path they point us to. - -- Moving more test cases into the new file format. - -Version 7.7.4-pre3 - -Daniel (23 May 2001) -- Introduced a new file format for storing test cases, and thus I had to - modify all the perl test scripts and more (I added a new one). I have not - "ported" all the old test cases to the new format yet, but it'll come. - - The main advantage of this new format is that all test data for each test - case is stored in a single file. It gives a better overview for each test - case and a lot less files. - -- Andrés García brought a fix for the netscape/mozilla cookie file parsing - function, as it turns out it doesn't always store the path! - -Daniel (22 May 2001) -- As was reported anonymously, when FAILONERROR was used, the httpcode was - not stored properly and thus wasn't possibly to read after a transfer with - the curl_easy_getinfo() function. This is now corrected. - -- Installed and made use of the following tool versions: - autoconf 2.50 - libtool 1.4 - automake 1.4-p1 - - I wouldn't recommend any developer to try to generate things with older - versions than these. Building from CVS will probably more or less require - at least these versions. - - As a result of this, the configure script grew to more than double its - previous size! - - Arkadiusz Miskiewicz helped me by pointing out I had to remove my - acinclude.m4 file before I could get it working! - -Daniel (21 May 2001) -- I made ftps:// work. Added test case 400 to the release archive, as the - first ftps:// test case. Requires stunnel. - -- Also made the test cases that runs ssl tests not run if libcurl isn't built - with ssl support. - -Daniel (19 May 2001) -- Made the configure not add any extra -L LDFLAGS or -I CPPFLAGS unless they - are actually needed. Albert Chin's and Domenico Andreoli's suggestions - helped out. - -Version 7.7.4-pre2 - -Daniel (18 May 2001) -- Nicer configure-check for the OpenSSL headers, which then sets the proper - variable to have curl-config be good. (Albert Chin provided the fix) - -- For systems that don't have theiw own 'strlcat()' libcurl provides its own. - It was now renamed to prevent collides with other libs. (After discussions - with Sterling Hughes and the implications this had on PHP builds.) - -Daniel (17 May 2001) -- Colm Buckley posted a detailed bug report on (the debianized) 7.7.3, that - turned out to be a problem with the debian-built 7.7.3-package that - contained files from the 7.7.2 release! - -- I added the CURLE_ALREADY_COMPLETE again, but with a fake value, just to - make programs that use it, not fail when compiling against this version of - libcurl. - -Daniel (14 May 2001) -- Pawel A. Gajda fixed a problem with resumed transfers on re-used persistent - connections. - -Version 7.7.4-pre1 - -Daniel (14 May 2001) -- Jun-ichiro itojun Hagino fixed FTP PORT for IPv6-enabled libcurl. - -- Added the first HTTPS test to the test suite in the release archive. - -Daniel (12 May 2001) -- Jukka Pihl suggested that if (lib)curl is told to verify the peer's - certificate and the peer can't be verified, it should fail and return a - proper error code. I added a brand new error code named - CURLE_SSL_PEER_CERTIFICATE for this purpose. - -Daniel (11 May 2001) -- As was discussed with Frederic Lepied a while ago, I now made libcurl not - return error even though no data was transfered on upload/download resume - when the no transfer is needed. The CURLE_ALREADY_COMPLETE error was removed - from the header file to make any implemenator that uses that to be aware of - the fact that it can't be returned anymore! - -- Improved general header-parsing to better allow white spaces and more. - -- Rodney Simmons proved the fix I did yesterday was bad and I had to post - another one. - -- Ingo Wilken patched away two redirect problems more! - -Daniel (10 May 2001) -- Cris Bailiff correctly noted that the space-after-header problem with - Location: is present on several other places in the libcurl sources. - -- Ingo Wilken patched away a problem libcurl had when following Location: - headers with an extra space after the colon. - -- Rodney Simmons found out that multiple FTP transfers did not treat relative - directories correctly. - -Daniel (9 May 2001) -- Getting an FTP file with CURLOPT_NOBODY set (or -I from the command line), - makes curl use the non-standard ftp command "SIZE". If it failed, libcurl - returned error. Starting now, it just don't output the file size instead. - Anonymous bug report. - -- stunnel.pm was accidentally left out from the release archive, it is now - added (stunnel is needed to run the https-tests in the test suite) - -Daniel (7 May 2001) -- Corrected two minor compiler warnings due to the FILE * to void * conversion - that I missed at two places. Jörn Hartroth brought me patches. Sander Gates - filed a bug report on this. - -Version 7.7.3 - -Daniel (4 May 2001) -- All callback functions now take 'void *' instead of 'FILE *'. This is made - this way to make it more obvious to people that anything can be passed to - them (by using the apropriate option). After discussions with Sterling - Hughes. - -Daniel (3 May 2001) -- Cris Bailiff fixed a chunked transfer encoding problem with persistent - connection that made libcurl fail if the persistent connection used mixed - chunked and non-chunked transfers. - -- Cris Bailiff fixed a bad treatment of 304-replies, as they would not be - treated as content-length 0 replies but would cause a "hang" until the - server timed-out and closed the connection. - -- Brad Burdick found a minor problem in the docs/examples/Makefile.am - -Daniel (27 April 2001) -- Updated the INTERALS document again. It was lagging a bit. I think I made it - more easy to follow now as well. - -- Brad Burdick found a problem with persistent connections when curl received - a "Content-Length: 0" header. - -- Giuseppe D'Ambrosio was first out to report that TELNET doesn't work in curl - compiled/built on win32. It seems to work for unixes though! - -- Dave Hamilton reported weird problems with CURL/PHP that I really can't - explain at the moment. I'm hoping on some help from the PHP crew. - -Daniel (26 April 2001) -- I rewrote the FTP command response function. I had to do it to make ftps - work, as the OpenSSL read()-function didn't work the same way the normal - unix read() does, but it was also a huge performance boost. Previously the - function read one byte at a time, now it reads very large chunks, and it - makes a notable speed difference. - -Daniel (25 April 2001) -- Connection re-use when not using a proxy didn't work properly for - non-default port numbers. - -Daniel (24 April 2001) -- I've noticed that FTPS doesn't work. We attempt to use ssl even for the - data transfer, which causes the transfer to 'hang'... We need to fix this. - -- Improved the test suite to use 'stunnel' to do HTTPS and FTPS testing on - the alredy written perl servers easily. - -Daniel (23 April 2001) -- The OpenSSL version string recently modified didn't zero terminate one - of the generated strings properly, which could lead to a crash or simply - weird version string output! - -Version 7.7.2 - -Daniel (22 April 2001) -- Rosimildo da Silva updated the Makefiles for Borland/Windows. - -- Eric Rautman pointed out a problem with persistent connections that would - lead to broken Host: headers in the second HTTP request. - -Daniel (20 April 2001) -- Added man pages for the curl_strequal() and curl_mprintf() families. Wrote - a 'libcurl overview' man page. - -- Spell-fixed some documents. - -- S. Moonesamy corrected mistakes in the man page. - -- Cris Bailiff fixed the curl_slists options in the perl interface, present - separately in the Curl::easy 1.1.4 package. - -Daniel (19 April 2001) -- Linus Nielsen Feltzing removed the decimals from the size variables in the - --write-out output. We hardly ever get fraction of bytes! :-) - -Version 7.7.2-pre1 - -Daniel (19 April 2001) - -- Albert Chin provided a configure patch for the AC_SYS_LARGEFILE macro. - -Daniel (18 April 2001) -- Input from Michael Mealling made me add --feature to curl-config. It - displays a list of features that have been built-in in the current - libcurl. The currently available features that can be listed are: SSL, KRB4 - and IPv6. - -- I committed Cris and Georg's perl interface work. They've got callbacks - working and options that receives those slist pointers. - -- Puneet Pawaia detected a problem with resumed downloads that use persistent - connections and I made a rather large writeup to correct this. It is - important that all session-data is stored in the connectdata struct and not - in the main struct as this previously did. - -Daniel (17 April 2001) -- Frederic Lepied fixed a ftp resumed download problem and introduced a new - error code that lets applications be able to detect when a resumed download - actually didn't download anything since the whole file is already present. - Should this return OK instead? - -- I added 'curl-config.in' to the root dir and configure script. Now, a - curl-config script is made when curl is built. The script can be used to - figure out compile time options used when libcurl was built, which in turn - should be options YOU should use to build applications that use libcurl. - - This *-config style is not a new idea, but something that has been used - successfully in other (library based) projects. - -- Phil Karn pointed out that libcurl wrongly did not always use GMT time zone - for the If-Modified-Since style headers. - -- Georg Schwarz pointed out an extra needed #include file needed in src/main.c - for curl to build on Ultrix. - -Daniel (11 April 2001) -- Cris Bailiff pointed out two problems that I corrected. First, libcurl's use - of the environment variable HTTP_PROXY in uppercase may become a security - hazard when people use libcurl in a server/cgi situation where the server - sets the HTTP_*-variables according to incoming headers in the HTTP - request. Thus, a "Proxy:"-header would set that environment variable! - - Then, invoking curl_easy_perform() without having an URL set caused a crash. - -- S. Moonesamy brought a patch that make curl use non-blocking connects on - windows when connection timeout is set, as it allows windows users to set - that timeout! - -- Hirotaka Matsuyuki wrote a Ruby interface to libcurl! - -- Cris Bailiff, Forrest Cahoon and Georg Horn work on the Perl interface. - -- I've written a first shot at a Java interface to libcurl. Many thanks to - Daniel Marell for tirelessly answering to all my basic Java questions. It - works, but it is still very basic. - -Daniel (10 April 2001) -- The progress display could get silly when doing multiple file transfers, as - it wasn't properly reset between transfers! - -- Discussions with Cris Bailiff who writes a Perl interface to libcurl, made - me add CURLOPT_HEADERFUNCTION. It can be used to set a separate callback - function for writing headers. Previously you could only set a different FILE - * when headers are written from within libcurl. - -Daniel (7 April 2001) -- Andrés García fixed a problem in curl_escape() and pointed out a flaw in - the curl_easy_setopt man page. - -Daniel (6 April 2001) -- Adjusted the version code to properly display OpenSSL 0.9.6a. They sure - change their version define format often... - -- curl_formfree() now accepts a NULL pointer without crashing! - -Version 7.7.1 - -Daniel (3 April 2001) -- Puneet Pawaia pointed out two serious problems. Libcurl would attempt to - read bad memory during situations when an (ftp) connection attempt failed. - Also, the lib/Makefile.vc6 was corrected. - -- More investigations in the Location: following code made me realize that - it was not clean enough to work transparantly with persistent and non- - persistent connections. I think I've fixed it now. - -Daniel (29 March 2001) -- Georg Horn mailed me some corrections for the Curl::easy perl interface. - -- Experimental ftps:// support added. It is basically FTP over SSL for the - control connection. It still makes all data transfers going over unencrypted - connections. Rainer Weikusat's ftpd-ssl server hack supports this and I used - that to verify the functionality. - -Daniel (27 March 2001) -- Guenole Bescon discovered that if you set a CURLOPT_TIMEOUT and then tried - to get a file from a site and it fails, the SIGALRM would still be sent - after the timeout-time, quite inexpectedly! - -- I added an ftp transfer example to docs/examples/ and I also wrote a tiny - example makefile that can be used as a start when building one of the - examples. - -Version 7.7.1-beta1 - -Daniel (26 March 2001) -- Mohamed Lrhazi reported problems with 7.6.1 and persistent HTTP/1.0 - connections (when the server replied a Connection: Keep-Alive) and this - problem was not properly dealt with in 7.7 either. A patch was posted to the - curl-and-php mailing list. - -Daniel (24 March 2001) -- Colin Watson reported about a problem and brought a patch that corrected it, - which was about the man page and lines starting with a single quote (') in a - way that gnroff doesn't like. - -Daniel (23 March 2001) -- Peter Bray reported correctly that the root makefile used make instead of - $(MAKE) for the test target. - -- Corrected the Curl::easy perl interface to use curl_easy_setopt() and not - curl_setopt() which was removed in 7.7! - -- S. Moonesamy provided updates on three documents (MANUAL, INSTALL and FAQ). - -- When following a Location:, libcurl would sometimes write to the URL string - in a way it shouldn't. As the pointer is passed-in to libcurl from an - application, we can't be allowed to write to it. The particular bug report - from 'nk' that brought this up was because he had a read-only URL that then - caused a libcurl crash! - -- No longer reads HEAD responses longer than to the last header. Previously, - curl would read the full reply if the connection was a "close" one. - -- libcurl did re-use connections way too much. Doing "curl - http://www.{microsoft,ibm}.com" would make it re-use the connection which - made the second request return very odd results. - -Daniel (22 March 2001) -- Edin Kadribasic made me aware that curl should not re-send POST requests - when following 302-redirects. I made 302 work like 303 which means curl uses - GET in the following request(s). - -- libcurl now reset the "followed-location" counter on each invoke of - curl_easy_perform() as it otherwise would sum up all redirects on the same - connection and thus could reach the maxredirs counter wrongly. - -- Jim Drash suggested curl_escape() should not re-encode what already looks - like an encoded sequence and I think that's a fair suggestion. - -Version 7.7 - -Daniel (22 March 2001) -- The configure script now fails with an error message if gethostbyname_r() is - detected but it couldn't figure out how to invoke it (what amount of - arguments it is supposed to get). Reports from Andrés García made me aware - of this need. - -- Talking with Jim Drash made me finally put the curl_escape and curl_unescape - functions in the curl.h include file and write man pages for them. The - escape function was modified to use the same interface as the unescape one - had. - -- No bug reports at all on the latest betas. Release time coming up. - -Version 7.7-beta5 - -Daniel (19 March 2001) -- Georg Ottinger reported problems with using -C together with -L in the sense - that the -C info got lost when it was redirected. I could not repeat this - problem on the 7.7 branch why I leave this for the moment. Test case 39 was - added to do exactly this, and it seems to do right. - -- Christian Robottom Reis reported how his 7.7 beta didn't successfully do - form posts as elegantly as 7.6.1 did. Indeed, this was a flaw in the header - engine, as HTTP 1.1 has introduced a new 100 "transient" return code for PUT - and POST operations that I need to add support for. Section 8.2.3 in RFC2616 - has all the details. Seems to work now! - -Daniel (16 March 2001) -- After having experienced another machine break-down, we're back. - -- Georg Horn's perl interface Curl::easy is now included in the curl release - archive. The perl/ directory is now present. Please help me with docs, - examples and updates you think fit. - -- Made a new php/ directory in the release archive and moved the PHP examples - into a subdirectory in there. Not much PHP info yet, but I plan to. Please - help me here as well! - -- Made libcurl return error if a transfer is aborted in the middle of a - "chunk". It actually enables libcurl to discover premature transfer aborts - even if the Content-Length: size is unknown. - -Daniel (15 March 2001) -- Added --connect-timeout to curl, which sets the new CURLOPT_CONNECTTIMEOUT - option in libcurl. It limits the time curl is allowed to spend in the - connection phase. This differs from -m/--max-time that limits the entire - file transfer operation. Requested by Larry Fahnoe and others. - - I also updated the curl.1 and curl_easy_setopt.3 man pages and removed the - item from the TODO. - -Version 7.7-beta4 - -Daniel (14 March 2001) -- Made curl grok IPv6 with HTTP proxies and got everything to compile nicely - again when ENABLE_IPV6 is set. - - I need to remake things in the test suite. I can't test the FTP parts with - curl built for IPv6 as it uses a different set of FTP commands then! - -- I fell onto a bug report on php.net (posted by Lars Torben Wilson) that was - a report meant for our project. Anyway, it said the .netrc parsing didn't - work as supposed, and as I agreed with Lars, I made the netrc parser use - getpwuid() to figure out the home directory of the effective user and try - that netrc. It still uses the environment variable HOME for those that don't - have that function or if the user doesn't return valid pwd info. - -- Edin Kadribaic posted a bug report where he got a crash when a fetch with - user+password in the URL followed a Location: to a second URL (absolute, - without name+password). This bug has been around for a long while and - crashes due to a read at address zero. Fixed now. Wrote test case 38, that - tests this. - -- Modified the test suite's httpserver slightly to append all client request - data to its log file so that the test script now better can verify a range - of requests and not only the last one, as it did previously. - -- Updated the curl man page with --random-file and --egd-file details. - -Version 7.7-beta3 - -Daniel (14 March 2001) -- Björn Stenberg provided similar fixes as Jörn did and some additional patches - for non-SSL compiles. - -- I increased the interface number for libcurl as I've removed the low level - functions from the interface. I also took this opportunity to rename the - Curl_strequal function to curl_strequal and Curl_strnequal to - curl_strnequal, as they're public libcurl functions (even if they're still - undocumented). - - This will make older programs not capable of using the new libcurl with - just a drop-in replacement. - -- Jörn Hartroth updated stuff for win32 compiles: - o config-win32.h was fixed for socklen_t - o lib/ssluse.c had a bad #endif placement - o lib/file.c was made to compile on win32 again - o lib/Makefile.m32 was updated with the new files - o lib/libcurl.def matches the current interface state - -Daniel (13 March 2001) -- It only took an hour or so before Jörn Hartroth found a problem in the - chunked transfer-encoding. Given his fine example-site, I could easily spot - the problem and when I re-read the spec (the part I have pasted in the top - of the http_chunks.h file), I realized I had made my state-machine slightly - wrong and didn't expect/handle the trailing CRLF that comes after the data - in each chunk (and those extra two bytes sure feel wasted). - - Had to modify test case 34 to match this as well. - -Version 7.7-beta2 - -Daniel (13 March 2001) -- Added the policy stuff to the curl_easy_setopt man page for the two supported - policies. - -- Implemented some support for the CURLOPT_CLOSEPOLICY option. The policies - CURLCLOSEPOLICY_LEAST_RECENTLY_USED and CURLCLOSEPOLICY_OLDEST are now - supported, and the "least recently used" is used as default if no policy - is chosen. - -Daniel (12 March 2001) -- Added CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET to libcurl for seeding the - SSL random engine. The random seeding support was also brought to the curl - client with the new options --random-file and --egd-file . I - need some people to really test this to know they work as supposed. Remember - that libcurl now informs (if verbose is on) if the random seed is considered - weak (HTTPS connections). - -- Made the chunked transfer-encoding engine detected bad formatted data length - and return error if so (we can't possibly extract sensible data if this is - the case). Added a test case that detects this. Number 36. Now there are 60 - test cases. - -- Added 5 new libcurl options to curl/curl.h that can be used to control the - persistent connection support in libcurl. They're also documented (fairly - thoroughly) in the curl_easy_setopt.3 man page. Three of them are now - implemented, although not really tested at this point... Anyway, the new - implemented options are named CURLOPT_MAXCONNECTS, CURLOPT_FRESH_CONNECT, - CURLOPT_FORBID_REUSE. The ones still left to write code for are: - CURLOPT_CLOSEPOLICY and its related option CURLOPT_CLOSEFUNCTION. - -- Made curl (the actual command line tool) use the new libcurl 7.7 persistent - connection support by re-using the same curl handle for every specified file - transfer and after some more test case tweaking we have 100% test case OK. - I made some test cases return HTTP/1.0 now to make sure that works as well. - -- Had to add 'Connection: close' to the headers of a bunch of test cases so - that curl behaves "old-style" since the test http server doesn't do multiple - connections... Now I get 100% test case OK. - -- The curl.haxx.se site, the main curl mailing list and my personal email are - all dead today due to power blackout in the area where the main servers are - located. Horrible. - -- I've made persistance work over a squid HTTP proxy. I find it disturbing - that it uses headers that aren't present in any HTTP standard though - (Proxy-Connection:) and that makes me feel that I'm now on the edge of what - the standard actually defines. I need to get this code excercised on a lot - of different HTTP proxies before I feel safe. - - Now I'm facing the problem with my test suite servers (both FTP and HTTP) - not supporting persistent connections and libcurl is doing them now. I have - to fix the test servers to get all the test cases do OK. - -Daniel (8 March 2001) -- Guenole Bescon reported that libcurl did output errors to stderr even if - MUTE and NOPROGRESS was set. It turned out to be a bug and happens if - there's an error and no ERRORBUFFER is set. This is now corrected. - -Version 7.7-beta1 - -Daniel (8 March 2001) -- "Transfer-Encoding: chunked" is no longer any trouble for libcurl. I've - added two source files and I've run some test downloads that look fine. - -- HTTP HEAD works too, even on 1.1 servers. - -Daniel (5 March 2001) -- The current 57 test cases now pass OK. It would suggest that libcurl works - using the old-style with one connection per handle. The test suite doesn't - handle multiple connections yet so there are no test cases for this. - -- I patched the telnet.c heavily to not use any global variables anymore. It - should make it a lot nicer library-wise. - -- The file:// support was modified slightly to use the internal connect-first- - then-do approach. - -Daniel (4 March 2001) -- More bugs erased. - -Version 7.7-alpha2 - -Daniel (4 March 2001) -- Now, there's even a basic check that a re-used connection is still alive - before it is assumed so. A few first tests have proven that libcurl will - then re-connect instead of re-use the dead connection! - -Daniel (2 March 2001) -- Now they work intermixed as well. Major coolness! - -- More fiddling around, my 'tiny' client I have for testing purposes now has - proved to download both FTP and HTTP with persistent connections. They do - not work intermixed yet though. - -Daniel (1 March 2001) -- Wilfredo Sanchez pointed out a minor spelling mistake in a man page and that - curl_slist_append() should take a const char * as second argument. It does - now. - -Daniel (22 February 2001) -- The persistent connections start to look good for HTTP. On a subsequent - request, it seems that libcurl now can pick an already existing connection - if a suitable one exists, or it opens a new one. - -- Douglas R. Horner mailed me corrections to the curl_formparse() man page - that I applied. - -Daniel (20 February 2001) -- Added the docs/examples/win32sockets.c file for our windows friends. - -- Linus Nielsen Feltzing provided brand new TELNET functionality and - improvements: - - * Negotiation is now passive. Curl does not negotiate until the peer does. - * Possibility to set negotiation options on the command line, currently only - XDISPLOC, TTYPE and NEW_ENVIRON (called NEW_ENV). - * Now sends the USER environment variable if the -u switch is used. - * Use -t to set telnet options (Linus even updated the man page, awesome!) - -- Haven't done this big changes to curl for a while. Moved around a lot of - struct fields and stuff to make multiple connections get connection specific - data in separate structs so that they can co-exist in a nice way. See the - mailing lists for discussions around how this is gonna be implemented. Docs - and more will follow. - - Studied the HTTP RFC to find out better how persistent connections should - work. Seems cool enough. - -Daniel (19 February 2001) -- Bob Schader brought me two files that help set up a MS VC++ libcurl project - easier. He also provided me with an up-to-date libcurl.def file. - -- I moved a bunch of prototypes from the public file to the - library private urldata.h. This is because of the upcoming changes. The - low level interface is no longer being planned to become reality. - -Daniel (15 February 2001) -- CURLOPT_POST is not required anymore. Just setting the POST string with - CURLOPT_POSTFIELDS will switch on the HTTP POST. Most other things in - libcurl already works this way, i.e they require only the parameter to - switch on a feature so I think this works well with the rest. Setting a NULL - string switches off the POST again. - -- Excellent suggestions from Rich Gray, Rick Jones, Johan Nilsson and Bjorn - Reese helped me define a way how to incorporate persistent connections into - libcurl in a very smooth way. If done right, no change may have to be made - to older programs and they will just start using persistent connections when - applicable! - -Daniel (13 February 2001) -- Changed the word 'timeouted' to 'timed out' in two different error messages. - Suggested by Larry Fahnoe. - -Version 7.6.1 - -Daniel (9 February 2001) -- Frank Reid and Cain Hopwood provided information and research around a HTTPS - PUT/upload problem we seem to have. No solution found yet. - -Daniel (8 February 2001) -- An interesting discussion is how to specify an empty password without having - curl ask for it interactively? The current implmentation takes an empty - password as a request for a password prompt. However, I still want to - support a blank user field. Thus, today if you enter "-u :" (without user - and password) curl will prompt for the password. Tricky. How would you - specify you want the prompt otherwise? - -- Made the netrc parse result possible to use for other protocols than FTP and - HTTP (such as the upcoming TELNET fixes). - -- The previously mentioned "MSVC++ problems" turned out to be a non-issue. - -- Added a HTTP file upload code example in the docs/examples/ section on - request. - -- Adjusted the FTP response fix slightly. - -Version 7.6.1-pre3 - -Daniel (7 February 2001) -- S. Moonesamy found a flaw in the response reading function for FTP that - could make libcurl not get out of the loop properly when it should, if - libcurl got -1 returned when reading the socket. - -- I found a similar mistake in http.c when using a proxy and reading the - results from the proxy connection. - -Daniel (6 February 2001) -- S. Moonesamy pointed out that the VC makefile in src/ needed the libpath set - for the debug build to work. - -- Daniel Gehriger stepped in to assist with the VC++ stuff Robert Weaver - brought up yesterday. - -Daniel (5 February 2001) -- Jun-ichiro itojun Hagino brought a big patch that brings IPv6-awareness to - a bunch of different areas within libcurl. - -- Robert Weaver told me about the problems the MS VC++ 6.0 compiler has with - the 'static' keyword on a number of libcurl functions. I might need to add a - patch that redefines static when libcurl is compiled with that compiler. - How do I know when VC++ compiles, anyone? - -Daniel (4 February 2001) -- curl_getinfo() was extended with two new options: - CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD. They - return the full assumed content length of the transfer in the given - direction. The CURLINFO_CONTENT_LENGTH_DOWNLOAD will be the Content-Length: - size of a HTTP download. Added descriptions to the man page as well. This - was done after discussions with Bob Schader. - -Daniel (3 February 2001) -- Ingo Ralf Blum provided another fix that makes curl build under the more - recent cygwin installations. It seems they've changed the preset defines to - not include WIN32 anymore. - -Version 7.6.1-pre2 - -Daniel (31 January 2001) -- Curl_read() and curl_read() now return a ssize_t for the size, as it had to - be able to return -1. The telnet support crashed due to this and there was a - possibility to weird behavior all over. Linus Nielsen Feltzing helped me - find this. - -- Added a configure.in check for a working getaddrinfo() if IPv6 is requested. - I also made the configure script feature --enable-debug which sets a couple - of compiler options when used. It assumes gcc. - -Daniel (30 January 2001) -- I finally took a stab at the long-term FIXME item I've had on myself, and - now libcurl will properly work when doing a HTTP range-request that follows - a Location:. Previously that would make libcurl fail saying that the server - doesn't seem to support range requests. - -Daniel (29 January 2001) -- I added a test case for the HTTP PUT resume thing (test case 33). - -Version 7.6.1-pre1 - -Daniel (29 January 2001) -- Yet another Content-Range change. Ok now? Bob Schader checks from his end - and it works for him. - -Daniel (27 January 2001) -- So the HTTP PUT resume fix wasn't good. There should appearantly be a - Content-Range header when resuming a PUT. - -- I noticed I broke the download-check that verifies that a resumed HTTP - download is actually resumed. It got broke because my new 'httpreq' field - in the main curl struct. I should get slapped. I added a test case for - this now, so I won't be able to ruin this again without noticing. - -- Added a test case for content-length verifying when downloading HTTP. - -- Made the progress meter title say if the transfer is being transfered. It - makes the output slightly better for resumes. - -- When dealing with Location: and HTTP return codes, libcurl will not attempt - to follow the spirit of RFC2616 better. It means that when POSTing to a - URL that is being following to a second place, the standard will judge on - what to do. All HTTP codes except 303 and 305 will cause curl to make a - second POST operation. 303 will make a GET and 305 is not yet supported. - - I also wrote two test cases for this POST/GET/Location stuff. - -Version 7.6 - -Daniel (26 January 2001) -- Lots of mails back and forth with Bob Schader finally made me add a small - piece of code in the HTTP engine so that HTTP upload resume works. You can - now do an operation like 'curl -T file -C ' and curl will PUT - the ending part of the file starting at given offet to the specified URL. - -Version 7.6-pre4 - -Daniel (25 January 2001) -- I took hold of Rick Jones' question why we don't use recv() and send() for - reading/writing to the sockets and I've now modified the sread() and - swrite() macros to use them instead. If nothing else, they could be tested - in the next beta-round coming right up. - -- Jeff Morrow found a problem with libcurl's usage of SSL_read() and supplied - his research results in how to fix this. It turns out we have to invoke the - function several times in some cases. The same goes for the SSL_write(). - - I made some rather drastic changes all over libcurl to make all writes and - reads get done on one single place so that this repeated-attempts thing - would only have to be implemented at one point. - -- Rick Jones spotted that the 'total time' counter really didn't measure the - total time very accurate on subsecond levels. - -- Johan Nilsson pointed out the need to more clearly specify that the timeout - value you set for a download is for the *entire* download. There's currently - no option available that sets a timeout for the connection phase only. - -Daniel (24 January 2001) -- Ingo Ralf Blum submitted a series of patches required to get curl to compile - properly with cygwin. - -- Robert Weaver posted a fix for the win32 section of the curl_getenv() code - that corrected a potential memory leak. - -- Added comments in a few files in a sudden attempt to make the sources more - easy to read and understand! - -Daniel (23 January 2001) -- Added simple IPv6 detection in the configure script and made the version - string add 'ipv6' to the enable section in that case. ENABLE_IPV6 will be - set if curl is compiled with IPv6 support enabled. - -- Added a parser for IPv6-style specified IP-addresses in a URL. Thus, when - IPv6 gets enabled soon, we can use URLs like '[0::1]:80'... - -- Made the URL globbing in the client possible to fail silently if there's an - error in the globbing. It makes it almost intuitive, so when you don't - follow the syntax rules, globbing is simply switched off and the raw string - is used instead. - - I still think we'll get problems with IPv6-style IP-addresses when we *want* - globbing on parts of the URL as the initial part of the URL will for sure - seriously confuse the globber. - -Daniel (22 January 2001) -- Björn Stenberg supplied a progress meter patch that makes it look better even - during slow starts. Previously it made some silly assumptions... - -- Added two FTP tests for -Q and -Q - stuff since it was being discussed on - the mailing list. Had to correct the ftpserver.pl too as it bugged slightly. - -Daniel (19 January 2001) -- Made the Location: parsers deal with any-length URLs. Thus I removed the last - code that restricts the length of URLs that curl supports. - -- Added a --globoff test case (#28) and it quickly identified a memory problem - in src/main.c that I took care of. - -Version 7.6-pre3 - -Daniel (17 January 2001) -- Made the two former files lib/download.c and lib/highlevel.c become the new - lib/transfer.c which makes more sense. I also did the rename from Transfer() - to Curl_Transfer() in the other source files that use the transfer function - in the spirit of using Curl_ prefix for library-scoped global symbols. - -Daniel (11 January 2001) -- Added -g/--globoff that switches OFF the URL globbing and thus enables {}[] - letters to be part of the URL. Do note that RFC2396 section 2.4.3 explicitly - mention these letters to be escaped. This was posted as a feature request by - Jorge Gutierrez and as a bug by Terry. - -- Short options to curl that requires parameters can now be specified without - having the option and its parameter space separated. -ofile works as good as - -o file. -m20 is equal to -m 20. Do note that this goes for single-letter - options only, verbose --long-style options still must be separated with - space from their parameters. - -Daniel (8 January 2001) -- Francis Dagenais reported that the SCO compiler still fails when compiling - curl due to that getpass_r() prototype. I've now put it around #ifndef - HAVE_GETPASS_R in an attempt to please the SCO systems. - -- Made some minor corrections to get the client to cleanup properly and I made - the separator work again when getting multiple globbed URLs to stdout. - -- Worked with Loic Dachary to get the make dist and make distcheck work - correctly. The 'maketgz' script is now using the automake generated 'make - dist' when creating release archives. Loic successfully made 'make rpms' - automatically build RPMs! - -Loic Dachary (6 January 2001) -- Automated generation of rpm packages, no need to be root. - -- make distcheck generates a proper distribution (EXTRA_DIST - in all Makefile.am modified to match FILES). - -Daniel (5 January 2001) -- Huge client-side hack: now multiple URLs are supported. Any number of URLs - can be specified on the command line, and they'll all be downloaded. There - must be a corresponding -o or -O for each URL or the data will be written to - stdout. This needs more testing, time to release a 7.6-pre package. - -- The krb4 support was broken in the release. Fixed now. - -- Huge internal symbol rename operation. All non-static but still lib-internal - symbols should now be prefixed with 'Curl_' to prevent collisions with other - libs. All public symbols should be prefixed with 'curl_' and the rest should - be static and thus invisible to the outside world. I updated the INTERNALS - document to say this as well. - -Version 7.5.2 - -Daniel (4 January 2001) -- As Kevin P Roth suggested, I've added text to the man page for every command - line option and what happens when you specify that option more than - once. That hasn't been exactly crystal clear before. - -- Made the configure script possible to run from outside the source-tree. For - odd reasons I can't build curl properly outside though. It has to do with - curl's dependencies on libcurl... - -- Cut off all older (dated 1999 and earlier) CHANGES entries from this file. - The older piece is named CHANGES.0 and is added to the CVS repository in - case anyone would need it. - -- I added another file 'CVS-INFO' to the CVS. It contains information about - files in the CVS that aren't included in release archives and how to build - curl when you get the sources off CVS. - -- Updated CONTRIBUTE and FAQ due to the new license. - -Daniel (3 January 2001) -- Renamed README.libcurl to LIBCURL - -- Changed headers in all sources files to the new dual license concept of - curl: use the MIT/X derivate license *or* MPL. The LEGAL file was updated - accordingly and the MPL 1.1 and MIT/X derivate licenses are now part of the - release archive. -Daniel (30 December 2000) -- Made all FTP commands get sent with the trailing CRLF in one single write() - as splitting them up seems to confuse at least some firewalls (FW-1 being - one major). - -Daniel (19 December 2000) -- Added file desrciptor and FILE handle leak detection to the memdebug system - and thus I found and removed a file descriptor leakage in the ftp parts - that happened when you did PORTed downloads. - -- Added an include in since it uses FILE *. - -Daniel (12 December 2000) -- Multiple URL downloads with -O was still bugging. Not anymore I think or - hope, or at least I've tried... :-O - -- Francois Petitjean fixed another -O problem - -Version 7.5.1 - -Daniel (11 December 2000) -- Cleaned up a few of the makefiles to use unix-style newlines only. As Kevin - P Roth found out, at least one CVS client behaved wrongly when it found - different newline conventions within the same file. - -- Albert Chin-A-Young corrected the LDFLAGS use in the configure script for - the SSL stuff. - -Daniel (6 December 2000) -- Massimo Squillace correctly described how libcurl could use session ids when - doing SSL connections. - -- James Griffiths found out that curl would crash if the file you specify with - -o is shorter than the URL! This took some hours to fully hunt down, but it - is fixed now. - -Daniel (5 December 2000) -- Jaepil Kim sent us makefiles that build curl using the free windows borland - compiler. The root makefile now accepts 'make borland' to build curl with - that compiler. - -- Stefan Radman pointed out that the test makefiles didn't use the PERL - variable that the configure scripts figure out. Actually, you still need - perl in the path for the test suite to run ok. - -- Rich Gray found numerous portability problems: - * The SCO compiler got an error on the getpass_r() prototype in getpass.h - since the curl one differed from the SCO one - * The HPUX compiler got an error because of how curl did the sigaction - stuff and used a define HPUX doesn't have (or need). - * A few more problems remain to be researched. - -- Paul Harrington experienced a core dump using https. Not much details yet. - -Daniel (4 December 2000) -- Jörn Hartroth fixed a problem with multiple URLs and -o/-O. - -Version 7.5 - -Daniel (1 December 2000) -- Craig Davison gave us his updates on the VC++ makefiles, so now curl should - build fine with the Microsoft compiler on windows too. - -- Fixed the libcurl versioning so that we don't ruin old programs when - releasing new shared library interfaces. - -Daniel (30 November 2000) -- Renamed docs/README.curl to docs/MANUAL to better reflect what the document - actually contains. - -Daniel (29 November 2000) -- I removed a bunch of '#if 0' sections from the code. They only make things - harder to follow. After all, we do have all older versions in the CVS. - -Version 7.5-pre5 - -Daniel (28 November 2000) -- I filled in more error codes in the man page error code list that had been - lagging. - -- James Griffiths mailed me a fine patch that introduces the CURLOPT_MAXREDIRS - libcurl option. When used, it'll prevent location following more than the - set number of times. It is useful to break out of endless redirect-loops. - -Daniel (27 November 2000) -- Added two test cases for file://. - -Daniel (22 November 2000) -- Added the libcurl CURLOPT_FILETIME setopt, when set it tries to get the - modified time of the remote document. This is a special option since it - involves an extra set of commands on FTP servers. (Using the MDTM command - which is not in the RFC959) - - curl_easy_getinfo() got a corresponding CURLINFO_FILETIME to get the time - after a transfer. It'll return a zero if CURLOPT_FILETIME wasn't used or if - the time wasn't possible to get. - - --head/-I used on a FTP server will now present a 'Last-Modified:' header - if curl could get the time of the specified file. - -- Added the option '--cacert [file]' to curl, which allows a specified PEM - file to be used to verify the peer's certificate when doing HTTPS - connections. This has been requested, rather recently by Hulka Bohuslav but - others have asked for it before as well. - -Daniel (21 November 2000) -- Numerous fixes the test suite has brought into the daylight: - - * curl_unescape() could return a too long string - * on ftp transfer failures, there could be memory leaks - * ftp CWD could use bad directory names - * memdebug now uses the mprintf() routines for better portability - * free(NULL) removed when doing resumed transfers - -- Added a bunch of test cases for FTP. - -- General cleanups to make less warnings with gcc -Wall -pedantic. - -- I made the tests/ftpserver.pl work with the most commonly used ftp - operations. PORT, PASV, RETR, STOR, LIST, SIZE, USER, PASS all work now. Now - all I have to do is integrate the ftp server doings in the runtests.pl - script so that ftp tests can be run the same way http tests already run. - -Daniel (20 November 2000) -- Made libcurl capable of dealing with any-length URLs. The former limit of - 4096 bytes was a bit annoying when people wanted to use curl to really make - life tough on a web server. Now, the command line limit is the most annoying - but that can be circumvented by using a config file. - - NOTE: there is still a 4096-byte limit on URLs extracted from Location: - headers. - -- Corrected the spelling of 'resolve' in two error messages. - -- Alexander Kourakos posted a bug report and a patch that corrected it! It - turned out that lynx and wget support lowercase environment variable names - where curl only looked for the uppercase versions. Now curl will use the - lowercase versions if they exist, but if they don't, it'll use the uppercase - versions. - -Daniel (17 November 2000) -- curl_formfree() was added. How come no one missed that one before? I ran the - test suite with the malloc debug enabled and got lots of "nice" warnings on - memory leaks. The most serious one was this. There were also leaks in the - cookie handling, and a few errors when curl failed to connect and similar - things. More tests cases were added to cover up and to verify that these - problems have been removed. - -- Mucho updated config file parser (I'm dead tired of all the bug reports and - weird behaviour I get on the former one). It works slightly differently now, - although I doubt many people will notice the differences. The main - difference being that if you use options that require parameters, they must - both be specified on the same line. With this new parser, you can also - specify long options without '--' and you may separate options and - parameters with : or =. It makes a config file line could look like: - - user-agent = "foobar and something" - - Parameters within quotes may contain spaces. Without quotes, they're - expected to be a single non-space word. - - Had to patch the command line argument parser a little to make this work. - -- Added --url as an option to allow the URL to be specified this way. It makes - way nicer config files. The previous way of specifying URLs in the config - file doesn't work anymore. - -Daniel (15 November 2000) -- Using certain characters in usernames or passwords for HTTP authentication - failed. This was due to the mprintf() that had a silly check for letters, - and if they weren't isprint() they weren't outputed "as-is". This caused - passwords and usernames using '§' (for example) to fail. - -Version 7.4.2 - -Daniel (15 November 2000) -- 'tests/runtests.pl' now sorts the test cases properly when 'all' is used. - -Daniel (14 November 2000) -- I fell over the draft-ietf-ftpext-mlst-12.txt Internet Draft titled - "Extensions to FTP" that contains a defined way how the ftp command SIZE - could be assumed to work. - -- Laurent Papier posted a bug report about using "-C -" and FTP uploading a - file that isn't prsent on the server. The server might then return a 550 and - curl will fail. Should it instead as Laurent Papier suggests, start - uploading from the beginning as a normal upload? - -Daniel (13 November 2000) -- Fixed a crash with the followlocation counter. - -- While writing test cases for the test suite, I discovered an old limitation - that prevented -o and -T to be used at the same time. I removed this - immediately as this has no relevance in the current libcurl. - -- Chris Faherty fixed a free-twice problem in lib/file.c - -- I fixed the perl http server problem in the test suite. - -Version 7.4.2 pre4 - -Daniel (10 November 2000) -- I've (finally) started working on the curl test suite. It is in the new - tests/ directory. It requires sh and perl. There's a TCP server in perl and - most of the other stuff running a pretty simple shell script. - - I've only made four test cases so far, but it proves the system can work. - -- Laurent Papier noticed that curl didn't set TYPE when doing --head checks - for sizes on FTP servers. Some servers seem to return different sizes - depending on whether ASCII or BINARY is used! - -- Laurent Papier detected that if you appended a FTP upload and everything was - already uploaded, curl would hang. - -- Angus Mackay's getpass_r() in lib/getpass.c is now compliant with the - getpass_r() function it seems some systems actually have. - -- Venkataramana Mokkapati detected a bug in the cookie parser and corrected - it. If the cookie was set for the full host name (domain=full.host.com), - the cookie was never sent back because of a faulty length comparison between - the set domain length and the current host name. - -Daniel (9 November 2000) -- Added a configure check for gethostbyname in -lsocket (OS/2 seems to need - it). Added a check for RSAglue/rsaref for the cases where libcrypto is found - but libssl isn't. I haven't verified this fix yet though, as I have no - system that requires those libs to build. - -Version 7.4.2 pre3 - -Daniel (7 November 2000) -- Removed perror() outputs from getpass.c. Angus Mackay also agreed to a - slightly modified license of the getpass.c file as the prototype was changed. - -Daniel (6 November 2000) -- Added possibility to set a password callback to use instead of the built-in. - They're controled with curl_easy_setopt() of course, the tags are - CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. - -- Used T. Bharath's thinking and fixed the timers that showed terribly wrong - times when location: headers were followed. - -- Emmanuel Tychon discovered that curl didn't really like user names only in - the URL. I corrected this and I also fixed the since long living problem - with URL encoded user names and passwords in the URLs. They should work now. - -Daniel (2 November 2000) -- When I added --interface, the new error code that was added with it was - inserted in the wrong place and thus all error codes from 35 and upwards got - increased one step. This is now corrected, we're back at the previous - numbers. All new exit codes should be added at the end. - -Daniel (1 November 2000) -- Added a check for signal() in the configure script so that if sigaction() - isn't present, we can use signal() instead. - -- I'm having a license discussion going on privately. The issue is yet again - GPL-licensed programs that have problems with MPL. I am leaning towards - making a kind of dual-license that will solve this once and for all... - -Daniel (31 October 2000) -- Added the packages/ directory. I intend to let this contain some docs and - templates on how to generate custom-format packages for various platforms. - I've now removed the RPM related curl.spec files from the archive root. - -Daniel (30 October 2000) -- T. Bharath brought a set of patches that bring new functionality to - curl_easy_getinfo() and curl_easy_setopt(). Now you can request peer - certificate verification with the *setopt() CURLOPT_SSL_VERIFYPEER option - and then use the CURLOPT_CAINFO to set the certificate to verify the remote - peer against. After an such an operation with a verification request, the - *_getinfo() option CURLINFO_SSL_VERIFYRESULT will return information about - whether the verification succeeded or not. - -Daniel (27 October 2000) -- Georg Horn brought us a splendid patch that solves the long-standing - annoying problem with timeouts that made curl exit with silly exit codes - (which as been commented out lately). This solution is sigaction() based and - of course then only works for unixes (and only those unixes that actually - have the sigaction() function). - -Daniel (26 October 2000) -- Björn Stenberg supplied a patch that fixed the flaw mentioned by Kevin Roth - that made the password get echoed when prompted for interactively. The - getpass() function (now known as my_getpass()) was also fixed to not use any - static buffers. This also means we cannot use the "standard" getpass() - function even for those systems that have it, since it isn't thread-safe. - -- Kevin Roth found out that if you'd write a config file with '-v url', the - url would not be used as "default URL" as documented, although if you wrote - it 'url -v' it worked! This has been corrected now. - -- Kevin Roth's idea of using multiple -d options on the same command line was - just brilliant, and I couldn't really think of any reason why we shouldn't - support it! The append function always append '&' and then the new -d - chunk. This enables constructs like the following: - - curl -d name=daniel -d age=unknown foobarsite.com - -Daniel (24 October 2000) -- I fixed the lib/memdebug.c source so that it compiles on Linux and other - systems. It will be useful one day when someone else but me wants to run the - memory debugging system. - -Daniel (23 October 2000) -- I modified the maketgz and configure scripts, so that the configure script - will fetch the version number from the include/curl/curl.h header files, and - then the maketgz doesn't have to rebuild the configure script when I build - release-archives. - -- Björn Stenberg and Linus Nielsen correctly pointed out that curl was silly - enough to not allow @-letters in passwords when they were specified with the - -u or -U flags (CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD). This also - suggests that curl probably should url-decode the password piece of an URL - so that you could pass an encoded @-letter there... - -Daniel (20 October 2000) -- Yet another http server barfed on curl's request that include the port - number in the Host: header always. I now only include the port number if it - isn't the default (80 for HTTP, 443 for HTTPS). www.perl.com turned out to - run one of those nasty servers. - -- The PHP4 module for curl had problems with referer that seems to have been - corrected just yesterday. (Sterling Hughes of the PHP team confirmed this) - -Daniel (17 October 2000) -- Vladimir Oblomov reported that the -Y and -y options didn't work. They - didn't work for me either. This once again proves we should have that test - suite... - -- I finally changed the error message libcurl returns if you try a https:// - URL when the library wasn't build with SSL enabled. It will now return this - error: - "libcurl was built with SSL disabled, https: not supported!" - - I really hope it will make it a bit clearer to users where the actual - problem lies. - -Version 7.4.1 - -Daniel (16 October 2000) -- I forgot to remove some of the malloc debug defines from the makefiles in - the release archive (of course). - -Version 7.4 - -Daniel (16 October 2000) -- The buffer overflow mentioned below was posted to bugtraq on Friday 13th. - -Daniel (12 October 2000) -- Colin Robert Phipps elegantly corrected a buffer overflow. It could be used - by an evil ftp server to crash curl. I took the opportunity of replacing a - few other sprintf()s into snprintf()s as well. - -Daniel (11 October 2000) -- Found some more memory leaks. This new simple memory debugger has turned out - really useful! - -Version 7.4 pre6 - -Daniel (9 October 2000) -- Florian Koenig pointed out that the bool typedef in the curl/curl.h include - file was breaking PHP 4.0.3 compiling. The bool typedef is not used in the - public interface and was wrongly inserted in that header file. - -- Jörg Hartroth corrected a minor memory leak in the src/urlglob.c stuff. It - didn't harm anyone since the memory is free()ed on exit anyway. - -- Corrected the src/main.c. We use the _MPRINTF_REPLACE #define to use our - libcurl-printf() functions. This gives us snprintf() et al on all - platforms. I converted the allocated useragent string to one that uses a - local buffer. - -- I've set an #if 0 section around the Content-Transfer-Encoding header - generated in lib/formdata.c. This will hopefully make curl do more - PHP-friendly multi-part posts. - -Version 7.4 pre5 - -Daniel (9 October 2000) -- Nico Baggus found out that curl's ability to force a ASCII download when - using FTP was no longer working! I corrected this. This problem was probably - introduced when I redesigned libcurl for version 7. - -- Georg Horn provided a source example that proved a memory leak in libcurl. - I added simple memory debugging facilities and now we can make libcurl log - all memory fiddling functions. An additional perl script is used to analyze - the output logfile and to match malloc()s with free()s etc. The memory leak - Georg found turned out to be the main cookie struct that cookie_cleanup() - didn't free! The perl script is named memanalyze.pl and it is available in - the CVS respository, not in the release archive. - -Daniel (8 October 2000) -- Georg Horn found a GetHost() problem. It turned out it never assigned the - pointer in the third argument properly! This could make a crash, or at best - a memory leak! - -Version 7.4 pre4 - -Daniel (6 October 2000) -- Is the -F post following the RFC 1867 spec? We had this dicussion on the - mailing list since it appears curl can't post -F form posts to a PHP - receiver... I've been in touch with the PHP developers about this. - -- Domenico Andreoli found out that the long option '--proxy' wasn't working - anymore! The option parser got confused when I added the --proxytunnel for - 7.3. This was indeed a very old flaw that hasn't turned up until now... - -- Jörn Hartroth provided patches, updated makefiles and two new files for DLL - stuff on win32. He also pointed out that lib source files were compiled with - -I../src which isn't only wrong but plain stupid! - -- Troels Walsted Hansen fixed a problem with HTTP resume. Curl previously used - a local variable badly, that could lead to crashes. - -Version 7.4 pre3 - -Daniel (4 October 2000) -- More docs written. The curl_easy_getinfo.3 man page is now pretty accurate, - as is the -w section in curl.1. I added two options to enable the user to - get information about the received headers' size and the size of the HTTP - request. T. Bharath requested them. - -Daniel (3 October 2000) -- Corrected a sever free() before use in the new add_buffer_send()! ;-) - -Version 7.4 pre2 - -Daniel (3 October 2000) -- Jason S. Priebe sent me patches that changed the way curl issues HTTP - requests. The entire request is now issued in one single shot. It didn't do - this previously, and it has turned out that since the common browsers do it - this way, some sites have turned out to work with browsers but not with - curl! Although this is not a client-side problem, we want to be able to - fully emulate browsers, and thus we have now adjusted the networking layer - to slightly more appear as a browser. I adjusted Jason's patch, the faults - are probably mine. - -Daniel (2 October 2000) -- Anyone who ever uploaded data with curl on a slow link has noticed that the - progess meter is updated very infrequently. That is due to the large buffer - size curl is using. It reads 50Kb and sends it, updates the progress meter - and loops. 50Kb is very much on a slow link, although it is pretty neat to - use on a fast one. - - I've now made an adjustment that makes curl use a 2Kb buffer for uploads to - start with. If curl's average upload speed is faster than buffer size bytes - per second, curl will increase the used buffer size up to max 50Kb. It - should make the progress meter work better. - -Version 7.4 pre1 - -Daniel (29 September 2000) -- Ripped out the -w stuff from the library and put in the curl tool. It gets - all the relevant info from the library using the new curl_easy_getinfo() - function. - -- brad at openbsd.org mailed me a patch that corrected my kerberos mistake and - removed a compiler warning from hostip.c that OpenBSD people get. - -Daniel (28 September 2000) -- Of course (I should probably get punished somehow) I didn't properly correct - the #include lines for the base64 stuff in the kerberos sources in the just - released 7.3 package. They still include the *_krb.h files! Now, the error - is sooo very easy to spot and fix so I won't bother with a quick bug fix - release. I'll post a patch whenever one is needed instead. It'll be - available in the CVS in a few minutes anyway. - -Version 7.3 - -Daniel (28 September 2000) -- Removed the base64_krb.[ch] files. They've now replaced the former - base64.[ch] files. - -Daniel (26 September 2000) -- Updated some docs. - -- I changed the OpenSSL fix to work with older versions as well. The posted - patch was only working with 0.9.6 and no older ones. - -Version 7.3-pre8 - -Daniel (25 September 2000) -- Erdmut Pfeifer informed us that curl didn't build with OpenSSL 0.9.6 and - showed us what needed to get patched in order to make it build properly - again. - -- Dirk Kruschewski found a bug in the cookie parser. I made an alternative - approach to the solution Dirk himself suggested. The bug made a cookie - header that didn't end with a trailing semicolon to not get parsed. - -- I've marked -c and -t deprecated now. If you use any of them, curl will tell - you to use "-C -" or "-T -" instead. I don't think occupying two letters for - nearly identical functions is good use. Also, -T - kind of follows the curl - tradition of using - for stdin where a file name is expected. - -Daniel (23 September 2000) -- Martin Hedenfalk provided the patch that finally made the krb4 ftp upload - work! - -Daniel (21 September 2000) -- The kerberos code is not quite thread-safe yet. There are a few more globals - that need to be take care of. Let's get the upload working first! - -Daniel (20 September 2000) -- Richard Prescott solved another name lookup buffer size problem. I took this - opportunity to rewrite the GetHost() function. With these large buffer - sizes, I think keeping them as local arrays quickly turn ugly. I now use - malloc() to get the buffer memory. Thanks to this, I now can realloc() to a - large buffer in case of demand (errno == ERANGE) in case a solution like - that would become necessary. I still want to avoid that kind of nastiness. - -- Tried to compile and run curl on Linux for alpha and FreeBSD for alpha. Went - as smooth as it could. - -- Added a docs/examples directory with two tiny example sources that show how - to use libcurl. I hope users will supply me with more useful examples - further on. - -- Applied a patch by Jörn Hartroth to no longer use the word 'inteface' in the - config struct in the src/main.c file since certain compilers have that word - "reservered". I figure that is some kind of C++ decease. - -- Updated the curl.1 man page with --interface and --krb4. - -- Modified the base64Encode() function to work like the kerberos one, so that - I could remove the use of that. There is no need for *two* base64 encoding - functions! ;-) - -Version 7.3pre5 - -Daniel (19 September 2000) -- The kerberos4-layer source code that is much "influenced" by the original - krb4 source code, through yafc into curl, was using quite a lot of global - variables. libcurl can't work properly with globals like that why I had to - clean up almost every function in the new security.c to make them use - connection specific variables instead of the globals. I just hope I didn't - destroy anything now... :-) configure updated, version string now reflects - krb4 built-in. It almost works now. Only uploads are still being naughty. - -Version 7.3pre3 - -Daniel (18 September 2000) -- Martin Hedenfalk supplied a major patch that introduces krb4-ftp support to - curl. Martin is the primary author of the ftp client named yafc and he did - not hesitate to help us implement this when I asked him. Many and sincere - thanks to a splendid effort. It didn't even take many hours! - -- Stephen Kick supplied a big patch that introduces the --interface flag to - the curl tool and CURLOPT_INTERFACE for libcurl. It allows you to specify an - outgoing interface to use for your request. This may not work on all - platforms. This needs testing. - -- Richard Prescott noticed that curl on Tru64 unix could core dumped if the - name didn't resolve properly. This was due to the GetHost() function not - returning an error even though it failed on some platforms! - -Daniel (15 September 2000) -- Updated all sorts of documents in regards to the new proxytunnel support. - -Version 7.3pre2 - -Daniel (15 September 2000) -- Kai-Uwe Rommel pointed out a problem in the httpproxytunnel stuff for ftp. - Adjusted it. Added better info message when setting up the tunnel and the - pasv message when doing the second connect. - -Version 7.3pre1 - -Daniel (15 September 2000) -- libcurl now allows "httpproxytunnel" to an arbitrary host and port name. The - second connection on ftp needed that. - -- TheArtOfHTTPScripting was corrected all over. I both type and spell really - bad at times! - -Daniel (14 September 2000) -- -p/--proxytunnel was added to 'curl'. It uses the new - CURLOPT_HTTPPROXYTUNNEL libcurl option that allows "any" protocol to tunnel - through the specified http proxy. At the moment, this should work with ftp. - -Daniel (13 September 2000) -- Jochen Schaeuble found that file:// didn't work as expected. Corrected this - and mailed the patch to the mailing list. - -Daniel (7 September 2000) -- I changed the #define T() in curl.h since it turned out it wasn't really - a good symbol to use (when you compiled PHP with curl as a module, that - define collided with some IMAP define or something). This was posted to the - PHP bug tracker. - -- I added extern "C" stuff in two header files to better allow libcurl usage - in C++ sorces. Discussions on the libcurl list with Danny Horswell lead to - this. - -Version 7.2.1 - -Daniel (31 August 2000) -- Albert Chin-A-Young fixed the configure script *again* and now it seems to - detect Linux name resolving properly! (heard that before?) - -- Troels Walsted Hansen pointed out that downloading a file containing the - letter '+' from an ftp server didn't work. It did work from HTTP though and - the reason was my lame URL decoder. - -- I happened to notice that -I didn't at all work on ftp anymore. I corrected - that. - -Version 7.2 - -Daniel (30 August 2000) -- Understanding AIX is a hard task. I believe I'll never figure out why they - solve things so differently from the other unixes. Now, I'm left with the - AIX 4.3 run-time warnings about duplicate symbols that according to this - article (http://www.geocrawler.com/archives/3/405/1999/9/0/2593428/) is a - libtool flaw. I tried the mentioned patch, although that stops the linking - completely. - - So, if I select to ignore the ld warnings there are compiler warnings that - fill the screen pretty bad when curl compiles. It turns out that if I want - to '#include ', I can get tid of the warnings by include the - following three include files before that one: - - #include - #include - #include - - Now, is it really sane to add those include files before arpa/inet.h in all - the source files that include it? - - Thanks to Albert Chin-A-Young at thewrittenword.com who gave me the AIX - login to try everything on. - -Daniel (24 August 2000) -- Jan Schmidt supplied us a new VC6 makefile for Windows as the previous one - was not up to date but lacked several object files. - -- More work on the naming. - -- Albert Chin-A-Young provided a configure-check for large file support, as - some systems seem to need that for them to work. Had to change the position - for the config.h include file in every .c file in the libcurl dir... - -- As suggested on the mailing list (by Troy Engel), I did use a --data-binary - option instead of the messy way I've left described below. It seems to - work. The libcurl fix remained the same as yesterday. - -Daniel (23 August 2000) -- Back on the -d stripping newlines thing. The 'plain post' thing was added - when I had no thought of that one could actually post binary data with - it. Now, I have to add this functionality in a graceful manner and I think - I've managed to come up with a way: '-d @file;binary' will thus post the - file binary, exactly as its contents are. It is implemented with a new - *setopt() option (CURLOPT_POSTFIELDSIZE) to set the postfield size, since - libcurl can't strlen() the data in these cases. - -- Albert Chin-A-Young made some very serious efforts and all the name - resolving problems seem to have been sorted out now on all the platforms - that previously showed them. I'll make another release now anyday because of - this. - -- The FAQ was much enhanced when it comes to the licensing issues thanks to - Bjorn Reese. - -Daniel (21 August 2000) -- Rick Welykochy pointed out a problem when you use -d to post and you want to - keep the newlines, as curl strips them off as a bonus before posting... - This needs to be addressed. - -Version 7.1.1 - -Daniel (21 August 2000) -- Got more people involved in the gethostbyname_r() mess. Caolan McNamara sent - me configure-code that turned out to be very similar to my existing tests - which only make me more sure I'm on the right path. I changed the order of - the tests slightly, as it seems that some compilers don't yell error if a - function is used with too many parameters. Thus, the first tested function - will seem ok... Let's hope more compilers think of too-few parameters as bad - manners, as we're now trying the functions in that order; fewer first. I - should also add that Lars Hecking mailed me and volunteered to run tests on - a few odd systems. Coalan is keeping his work over at - http://www.csn.ul.ie/~caolan/publink/gethostbyname_r/. Might be handy in the - future as well. - -Daniel (18 August 2000) -- I noticed I hadn't increased the name lookup buffer in lib/ftp.c. I don't - think this is the reason for the continued trouble though. - -Daniel (17 August 2000) -- Fred Noz corrected my stupid mistakes in the gethostbyname_r() fluff. It - should affect some AIX, Digital Unix and HPUX 10 systems. - -Daniel (15 August 2000) -- Mathieu Legare compiled and build 7.1 without errors on both AIX 4.2 as well - as AIX 4.3. Now why did problems occur before? - -- Fred Noz reported a -w/--write-out bug that caused it to malfunction when - used combined with multiple URL retrievales. All but the first display got - screwed up! - -Daniel (11 August 2000) -- Jason Priebe and an anonymous friend found some host names the Linux version - of curl could not resolve. It turned out the buffer used to retrieve that - information was too small. Fixed. One could argue about the usefulness of - not having the slightest trace of a man page for gethostbyname_r() on my - Linux Redhat installation... - -Daniel (10 August 2000) -- Balaji S Rao was first in line to note the missing possibility to replace - the Content-Type: and Content-Length: headers when doing -d posts. I added - the possibility just now. It seems some people wants to do standard posts - using custom Content-Types. - -Daniel (8 August 2000) -- Mike Dowell correctly discovered that curl did not approve of URLs with no - user name but password. As in 'http://:foo@haxx.se'. I corrected this. - -Version 7.1 - -Daniel (7 August 2000) -- My AIX 4 fix does not work. I need help from a AIX 4 hacker. - -- I added my new document in the docs directory. It is aimed to become a sort - of tutorial on how to do HTTP scripting with curl. - -Daniel (4 August 2000) -- Working with Rich Gray on compiling curl for lots of different platforms. - My fix for AIX 3.2 was not good enough and was slightly changed, I had to - move an include file before another, as is now described in the source. - - AIX 4.2 (4.X?) has different gethostbyname_r() and gethostbyaddr_r() - functions that the configure script didn't check for and thus the compile - broke with an error. I have now changed the gethostbyname_r() check in the - configure file to support all three versions of both these functions. My - implementation that uses the AIX-style is though not yet verified and I may - get problems to fix it if it turns out to bug since I don't have access to - any system using that. - - For problems like that, I made the configure script allow --disable-thread - to completely switch off the check for threadsafe versions of a few - functions and thus go with the "good old versions" that tend to work - although will break thread-safeness for libcurl. Most people won't use - libcurl for other things than curl though, and curl doesn't need a - thread-safe lib. - -- Working on my big tutorial about HTTP scripting with curl. - -Daniel (1 August 2000) -- Rich Gray spotted a problem in src/setup.h caused by a #define strequal() - that was just a left-over from passed times. The strequal() is now a true - function supplied by libcurl for a portable case insensitive string - comparison. I added the prototypes in include/curl.h and removed the - now obsolete #define. - -- Igor Khristophorov made a fix to allow resumed download from Sun's - JavaWebServer/1.1.1. It seems that their server sends bad Content-Range - headers. - -- The makefiles forced a static library build, which is bad since we now use - libtool and thus have excellent shared library support! Albert Chin-A-Young - found out. - -Version 7.0.11beta - -Daniel (1 August 2000) -- Albert Chin-A-Young pointed out that 'make install' did not properly create - the header include directory, why it failed to install the header files as - it should. Automake isn't really equipped to deal with subdirectories - without Makefiles in any nice way. I had to run ahead and add Makefiles in - both include and include/curl before I managed to create a top-level - makefile that succeeds in install everything properly! - -- Ok, no more "features" added now. Let's just verify that there's no major - flaws added now. - -Daniel (31 July 2000) -- Both Jeff Schasny and Ketil Froyn asked me how to tell curl not to send one - of those internally generated headers. They didn't settle with the blank - ones you could tell curl to use. I rewrote the header-replace stuff a - little. Now, if you replace an internal header with your own and that new - one is a blank header you will only remove the internal one and not get any - blank. I couldn't figure out any case when you want that blank header. - -Daniel (29 July 2000) -- It struck me that the lib used localtime() which is not thread-safe, so now - I use localtime_r() in the systems that has it. - -- I went through this entire document and removed all email addresses and left - names only. I've really made an effort to always note who brought be bug - reports or fixes, but more and more people ask me to remove the email - addresses since they become victims for spams this way. Gordon Beaton got me - working on this. - -Daniel (27 July 2000) -- Jörn Hartroth found out that when you specified a HTTP proxy in an - environment variable and used -L, curl failed in the second fetch. I - corrected this problem and posted a patch to the list. No need for an extra - beta release just for this. - -Version 7.0.10beta - -Daniel (27 July 2000) -- So, libtool replaced two of my files with symbolic links and I forgot to add - the two new libtool files to the release archive (and they were added as - symlinks as well!) This of course lead to that the configure script failed - on 7.0.9... - -Version 7.0.9beta - -Daniel (25 July 2000) -- Kristian Köhntopp brought a fix that makes libcurl - libtoolified, just as we've wanted for a while now. He also made the - recently added man pages get installed properly on 'make install' and some - other nice cleanups. - -- In a discussion with Eetu Ojanen it struck me that if we use curl to get a - page using a password, and that page then sends a Location: to another - server that curl follows, curl will send the user name and password to that - server as well. - - Now, I'll never be able to make curl do Location: following all that perfect - and you're all sooner or later required to write a script to do several - fetches when you're doing advanced stuff, but now I've modified curl to at - least *only* send the user name and password to the original server. Which - means that if get a page from server A with a password, that forwards curl - to server B, curl won't use the password there. If server B then forwards - curl back to server A again, the password will be used again. - - This is not a perfect implementation, as in a browser case it would only use - the password if the left-prefix of the first path is the same. I just think - that this fix prevents a somewhat lurky "security hole". - - As a side-note in this subject: HTTP passwords are sent in cleartext and - will never be considered to be safe or secure. Use HTTPS for that. - -- As discussed on the mailing list, I converted the FTP response reading - function into using select() which then allows timeouts (even under win32!) - if the command-reply session gets too slow or dies completely. I made a - default timeout on 3600 seconds unless anything else is specified, since I - don't think anyone wants to wait more than that for a single character to - get received... - -- Torsten Foertsch brought a set of fixes for - the rfc1867 form posts. He introduced 'name=, when transferring - files to/from FTP using type ASCII curl should not expect the transfer to be - the exact size reported by the server as the file size. Since ASCII may very - well mean that the content is translated while transfered, the final size - may very well differ. Therefor, curl now ignores the file size when doing - ASCII transfers in FTP. - -Daniel (24 July 2000) -- Added CURLOPT_PROXYPORT to the curl_easy_setopt() call to allow the proxy - port number to be set separately from the proxy host name. - -- Andrew pointed out a netrc manual bug. - -- The FTP transfer code now accepts a 250-code as well as the previously - accepted 226, after a successful file transfer. Mohan pointed this out. - -- The check for *both* nsl and socket was never added in the v7 configure.in - when I moved the main branch. I re-added that check to configure.in. This was - discovered by Rich Gray. - -- Howard, Blaise pointed out a missing free() in - curl_disconnect() which of course meant libcurl ate memory. - -- Brian E. Gallew noted that the HTTP 'Host:' header curl sent did not - properly include the port number if non-default ports were used. This should - now have been fixed. - -- HTTP connect errors now return errors earlier. This was most notably causing - problems when the HTTPS certificate had problems and later caused a crash. - Many thanks to Gregory Nicholls for discovering - and suggesting a fix... - -Daniel (21 June 2000) -- After a "bug report" I received where the user was using both -F and -I in a - HTTP request (it severly confused the library I should add), I added some - checks to src/main.c that prevents setting more than one HTTP request - command, no matter what the user wants! ;-) - -Version 7.0.8beta - -Daniel (20 June 2000) -- I did a major replace in many files to use the new curl domain haxx.se - instead of the previous one. - -- As Eetu Ojanen suggested, I finally took the step and now libcurl no longer - makes a POST after it has followed a location. When the initial POST has - been done, it'll turned into a GET for the further requests. This is only - interesting when using -L/--location *and* doing a POST at the same time. - - While messing with this, I added another weird feature I call 'auto - referer'. If you append ';auto' to the right of a given referer string (or - only use that string as referer), libcurl will automatically set the - previoud URL as refered when it follows a Location: and gets a succeeding - document. - -- My hero Rich Gray found the very obscure FTP bug that happened to him only - when passing through a particular firewall and using the PORT command. It - turned out that PORT was the only command in the lib/ftp.c source that - didn't send a proper \r\n sequence but instead used the faulty \n which as - it seemed is supported by most major ftp servers... :-O - -Version 7.0.7beta - -Daniel (16 June 2000) -- I had avoided this long enough now, so I moved the alternative progress bar - stuff from the lib and added it to the client code. This is now using the - recently added progress callback and it seems to work pretty much like - before. Since it is only one progress bar and you and download and upload at - the same time, this bar shows the combined progress of both directions. This - code was just ported from the old place to this, Lars is still our saviour! - ;-) This also made the documentation more accurate since I never removed - this function from any docs! Although I now removed the CURLOPT_PROGRESSMODE - from the library since the lib has only one internal progress meter and it - will never get another. It is although likely that the internal one also - will be moved to the client code in the future (when I have other means of - getting the writeout data and move that too to the client). - -- I took the opportunity to verify that standard progress meter works and I - found out it didn't get inited properly. Grrr. I corrected that as well. - -Daniel (15 June 2000) -- I thought I'd better verify that the -F option still works in v7 and of - course it didn't... :-/ Anyway, I had the problems I could discover - corrected. About one month of beta testing and not a single person has used - this feature with v7? - -- Björn correctly pointed out that the --progress-bar still doesn't work in - v7. Hm. - -Daniel (14 June 2000) -- Tim Tassonis discovered that curl 7 didn't handle normal http POST as it - should. I corrected this. - -Version 7.0.6beta - -Daniel (14 June 2000) -- Björn Stenberg pointed out several problems (related to win32 compiling): - lib/strequal.c had a bad #ifdef for one of the string comparisons (win32) - src/main.c had several minor problems - lib/makefile.m32 had getpass.[co] twice - src/config-win32.h lacked the HAVE_FCNTL_H define - both config-win32.h files now only set the HAVE_UNISTD_H define if the - define MINGW32 is set, and I modified src/makefile.m32 and lib/makefile.m32 - to set it. - -Version 7.0.5beta - -Daniel (14 June 2000) -- Applied Luong Dinh Dung's comments about a few win32 compile problems. - -- Applied Björn Stenberg's suggested fix that turns the win32 stdout to - binary. It won't do it if the -B / --use-ascii option is used. That option - is now an extended version of the previous -B /--ftp--ascii. The flag was - already in use be the ldap as well so the new name fits pretty good. The - libcyrl CURLOPT_TRANSFERTEXT was also introduced as an alias to the now - obsolete CURLOPT_FTPASCII. Can't verify this fix myself as I have no win32 - compiler around. - -Daniel (13 June 2000) -- Luong Dinh Dung found a problem in curl_easy_cleanup() - since it free()ed the main curl struct *twice*. This is now corrected. - -Daniel (9 June 2000) -- Updated the RESOURCES file, added a README.win32 file. - -Daniel (8 June 2000) -- So I finally added the progress callback to the *setopt() options and it - should work now. I don't have the energy to write any test program for it - right now. -- Made the callback function typedefs public in curl/curl.h for comfort. Just - in case anyone wanna fiddle with such pointers. -- Updated the curl_easy_setopt() man page accordingly. - -Version 7.0.4beta - -Daniel (2 June 2000) -- I noticed that when doing Location: following, we lost custom headers in all - but the first request. -- Removed the 'HttpPost' struct and moved the header stuff to the more generic - curl_slist. -- Added some better slist-cleanups in src/main.c - -Version 7.0.3beta - -Daniel (31 May 2000) -- So I discovered that I released the 7.0.2beta without it being able to - compile under Linux. gethostbyname_r() and gethostbyaddr_r() turned out to - feature a different amount of arguments on different systems so I had to add - a configure check for this and adjust the code slightly. - -Version 7.0.2beta - -Daniel (29 May 2000) -- Corrected the bits.* assignments when using CURLOPT options that only - toggles one of those bits. - -- Applied the huge patches from David LeBlanc that add - usage of the gethostbyname_r() and similar functions in case they're around, - since that make libcurl much better threadsafe in many systems (such as - solaris). I added the checks for these functions to the configure script. - - I can't explain why, but the inet_ntoa_r() function did not appear in my - Solaris include files, I had to add my own include file for this for now. - -Daniel (22 May 2000) -- Jörn Hartroth brought me fixes to make the win32 version compile properly as - well as a rename of the 'interface' field in the urldata struct, as it seems - to be reserved in some gcc versions! - -- Rich Gray struck back with yet some portability reports. Data General DG/UX - needed a little fix in lib/ldap.c since it doesn't have RTLD_GLOBAL defined. - More fixes are expected as a result of Richies very helpful work. - -Version 7.0.1beta - -Daniel (21 May 2000) -- Updated lots of #defines, enums and variable type names in the library. No - more weird URG or URLTAG prefixes. All types and names should be curl- - prefixed to avoid name space clashes. The FLAGS-parameter to the former - curl_urlget() has been converted into a bunch of flags to use in separate - setopt calls. I'm still focusing on the easy-interface, as the curl tool is - now using that. - -- Bjorn Reese has provided me with an asynchronous name resolver that I plan - to use in upcoming versions of curl to be able to gracefully timeout name - lookups. - -Version 7.0beta - -Daniel (18 May 2000) -- Introduced LIBCURL_VERSION_NUM to the curl.h include file to better allow - source codes to be dependent on the lib version. This define is now set to - a dexadecimal number, with 8 bits each for major number, minor number and - patch number. In other words, version 1.2.3 would make it 0x010203. It also - makes a larger number a newer version. - -Daniel (17 May 2000) -- Martin Kammerhofer correctly pointed out several flaws in the FTP range - option. I corrected them. -- Removed the win32 winsock init crap from the lib to the src/main.c file - in the application instead. They can't be in the lib, especially not for - multithreaded purposes. - -Daniel (16 May 2000) -- Rewrote the src/main.c source to use the new easy-interface to libcurl 7. - There is still more work to do, but the first step is now taken. - is the include file to use. - -Daniel (14 May 2000) -- FTP URLs are now treated slightly different, more according to RFC 1738. -- FTP sessions are now performed differently, with CWD commands to change - directory instead of RETR/STOR/LIST with the full path. Discussions with - Rich Gray made me notice these problems. -- Janne Johansson discovered and corrected a buffer overflow in the - src/usrglob.c file. -- I had to add a lib/strequal.c file for doing case insensitive string - compares on all platforms. - -Daniel (8 May 2000): -- Been working lots on the new lib. -- Together with Rich Gray, I've tried to adjust the configure script to work - better on the NCR MP-RAS Unix. - -Daniel (2 May 2000): -- Albert Chin-A-Young pointed out that I had a few too many instructions in - configure.in that didn't do any good. - -Daniel (24 April 2000): -- Added a new paragraph to the FAQ about what to do when configure can't - find OpenSSL even though it is installed. Supplied by Bob Allison - -Daniel (12 April 2000): -- Started messing around big-time to convert the old library interface to a - better one... - -Daniel (8 April 2000): -- Made the progress bar look better for file sizes between 9999 kilobytes - and 100 megabytes. They're now displayed XX.XM. -- I also noticed that ftp fetches through HTTP proxies didn't add the user - agent string. It does now. -- Habibie supplied a pretty good way to build RPMs - on a Linux machine. It still a) requires me to be root to do it, b) leaves - the rpm packages laying at some odd place on my disk c) doesn't work to - build the ssl version of curl since I didn't install openssl from an rpm - package so now the rpm crap thinks I don't have openssl and refuses to build - a package that depends on ssl... Did I mention I don't get along with RPM? -- Once again I received a bug report about autoconf not setting -L prior to -l - on the command line when checking for libs. In this case it made the native - cc compiler on Solaris 7 to fail the OpenSSL check. This has previously been - reported to cause problems on HP-UX and is a known flaw in autoconf 2.13. It - is a pity there's no newer release around... - -Daniel (4 April 2000): -- Marco G. Salvagno supplied me with two fixes that - appearantly makes the OS/2 port work better with multiple URLs. - -Daniel (2 April 2000): -- Another Location: fix. This time, when curl connected to a port and then - followed a location with an absolute URL to another port, it misbehaved. - -Daniel (27 March 2000): -- H. Daphne Luong pointed out that curl was wrongly - messing up the proxy string when fetching a document through a http proxy, - which screwed up multiple fetches such as in location: followings. - -Daniel (23 March 2000): -- Marco G. Salvagno corrected my badly applied patch he - actually already told me about! - -- H. Daphne Luong brought me a fix that now makes curl - ignore select() errors in the download if errno is EINTR, which turns out to - happen every now and then when using libcurl multi-threaded... - -Daniel (22 March 2000): -- Wham Bang supplied a couple of win32 fixes. HAVE_UNAME - was accidentally #defined in config-win32.h, which it shouldn't have been. - The HAVE_UNISTD_H is not defined when compiling with the Makefile.vc6 - makefile for MS VC++. - -Daniel (21 March 2000): -- I removed the AC_PROG_INSTALL macro from configure.in, since it appears that - one of the AM_* macros searches for a BSD compatible install already. Janne - Johansson made me aware of this. - -Version 6.5.2 - -Daniel (21 March 2000): -- Paul Harrington quickly pointed out to me that 6.5.1 - crashes hard. I upload 6.5.2 now as quickly as possible! The problem was - the -D adjustments in src/main.c. - -Version 6.5.1 - -Daniel (20 March 2000): -- An anonymous post on sourceforge correctly pointed out a possible buffer - overflow in the curl_unescape() function for URL conversions. The main - problem with this bug is that the ftp download uses that function and this - single- byte overflow could lead to very odd bugs (as one reported by Janne - Johansson). - -Daniel (19 March 2000): -- Marco G. Salvagno supplied me with a series of patches - that now allows curl to get compiled on OS/2. It even includes a section in - the INSTALL file. Very nice job! - -Daniel (17 March 2000): -- Wham Bang supplied a patch for the lib/Makefile.vc6 - file. We still need some fixes for the config-win32.h since it appears that - VC++ and mingw32 have different opinions about (at least) unistd.h's - existence. - -Daniel (15 March 2000): -- I modified the -D/--dump-header workings so that it doesn't write anything - to the file until it needs to. This way, you can actually use -b and -D - on the same file if you want repeated invokes to store and read the cookies - in that one single file. - -- Poked around in lots of texts. Added the BUGS file for bug reporting stuff. - Added the classic HTTP POST question to the FAQ, removed some #ifdef WIN32 - stuff from the sources (they're covered by the config-win32.h now). - -- Pascal Gaudette fixed a missing ldap.c problem in the - Makefile.vc6 file. He also addressed a problem in src/config-win32.h. - -Daniel (14 March 2000): -- Paul Harrington pointed out that the 'http_code' variable in the -w output - was never written. I fixed it now. - -- Janne Johansson reported the complaints that OpenBSD does - when getdate.c #includes malloc.h. It claims stdlib.h should be included - instead. I added #ifdef HAVE_MALLOC_H code in getdate.y and two checks in - the configure.in for malloc.h and stdlib.h. - -Version 6.5 - -Daniel (13 March 2000): -- pointed out that the way curl sent cookies in a - single line wasn't enjoyed by IIS4.0 servers. In my view, that is not what - the standards say, but I added a white space between the name/value pairs to - perhaps make them work better. - -- Added the perl check back in the configure.in again since the mkhelp.pl - script needs it! - -- Made some beautifications in the curl man page. - -Daniel (3 March 2000): -- Jörn helped me update the config-win32.h files with HAVE_SETVBUF and - HAVE_STRDUP. - -Daniel (3 March 2000): -- Uploaded the 6.5pre2 package. - -Daniel (2 March 2000): -- Removed the perl-programs from the distribution, they never made many people - happy and I'll still keep them available on the web. - -- Added the -w and -N stuff to the man page. Documented the new progress meter - display in README.curl. - -- Jörn Hartroth, Chris and Ulf - Möller from the openssl development team helped bringing me the details for - fixing an OpenSSL usage flaw. It became apparent when they released openssl - 0.9.5 since that barfed on curl's bad behavior (not seeding a random number - thing). - -- Yet another option: -N/--no-buffer disables buffering in the output stream. - Probably most useful for very slow transfers when you really want to get - every byte curl receives within some preferred time. Andrew - suggested this. - -- Damien Adant mailed me his fixes for making curl compile on Ultrix. - -Daniel (24 February 2000): -- Applied Jörn Hartroth's fixes for config-win32.h and lib/Makefile.w32. - - I should also make a note here, if nothing else to myself, that when using - the %-syntax for variables in DOS command prompts, you must use two %- - letters for each one since that is an escape letter there! Maybe I should - use another letter instead! - -- Added more variables to -w: - - 'http_code' - 'time_namelookup' - 'time_connect' - 'time_pretransfer' - 'url_effective' - -- Made -w@filename read the syntax from a file and -w@- reads the syntax from - stdin in the good old "standard" curl way. - -Daniel (22 February 2000): -- Released a 6.5pre1 version to get some test and user feedback. - -Daniel (21 February 2000): - -- I added the -w/--write-out flag and some variables to go with it. -w is a - single string, whatever you enter there will be written out when curl has - completed a successful request. There are some variable substitutions and - they are specified as '%{variable}' (without the quotes). Variables that - exist as of this moment are: - - total_time - total transfer time in seconds (with 2 decimals) - size_download - total downloaded amount of bytes - size_upload - total uploaded amount of bytes - speed_download - the average speed of the entire download - speed_upload - the average speed of the entire upload - - I will of course add more variables, but I need input on these and others. - -- It struck me that the -# progress bar will be hard to just apply on the new - progress bar concept. I need some feedback on this before that'll get re- - introduced! :-/ - -Daniel (16 February 2000): -- Jörn Hartroth brought me some fixes for the progress meter and I continued - working on it. It seems to work for http download, http post, ftp download - and ftp upload. It should be a pretty good test it works generally good. - -- Still need to add the -# progress bar into the new style progress interface. - -- Gonna have a go at my new output option parameter next. - -Daniel (15 February 2000): -- The progress meter stuff is slowly taking place. There's more left before it - is working ok and everything is tested, but we're reaching there. Slowly! - -Daniel (11 February 2000): -- Paul Marquis fixed the config file parsing of curl to - deal with any-length lines, removing the previous limit of 4K. - -- Eetu Ojanen's suggestion of supporting the @-style for -b - is implemented. Now -b@ works as well as the old style. -b@- also - similarly reads the cookies from stdin. - -- Reminder: -D should not write to the file until it needs to, in the same way - -o does. That would enable curl to use -b and -D on the same file... - -- Ellis Pritchard made getdate.y work for MacOS X. - -- Paul Harrington helped me out finding the crash in the - cookie parser. He also pointed out curl's habit of sending empty cookies to - the server. - -Daniel (8 February 2000): - - Ron Zapp corrected a problem in src/urlglob.c that - prevented curl from getting compiled on sunos 4. The problem had to do - with the difference in sprintf() return code types. - - - Transfer() should now be able to download and upload simultaneously. Let's - do some progress meter fixes later this week. - -Daniel (31 January 2000): - - Paul Harrington found another core dump in the cookie - parser. Curl doesn't properly recognize the 'version' keyword and I think - that is what caused this. I need to refresh some specs on cookies and see - what else curl lacks to improve this a bit more once and for all. - - RFC 2109 clearly specifies how cookies should be dealt with when they are - compliant with that spec. I don't think many servers are though... - - - Mark W. Eichin found that while curl is uploading a form - to a web site, it doesn't read incoming data why it'll hang after a while - since the socket "pipe" becomes full. - - It took me two hours to rewrite Download() and Upload() into the new - single function Transfer(). It even seems to work! More testing is required - of course... I should get the header-sending together in a kind of queue - and let them get "uploaded" in Transfer() as well. - - - Zhibiao Wu pointed out a curl bug in the location: area, - although I did not get a reproducible way to do this why I have to wait - with fixing anything. - - - Bob Schader suggested I should implement resume - support for the HTTP PUT operation, and as I think it is a valid suggestion - I'll work on it. - -Daniel (25 January 2000): - - M Travis Obenhaus pointed out a manual mixup with -y and -Y that was - corrected. - - - Jens Schleusener pointed out a problem to compile - curl on AIX 4.1.4 and gave me a solution. This problem was already fixed - by Jörn's recent #include modifications! - -Daniel (19 January 2000): - - Oskar Liljeblad pointed out and corrected a problem - in the Location: following system that made curl following a location: to a - different protocol to fail. - - At January 31st I re-considered this fix and the surrounding source code. I - could not really see that the patch did any difference, why I removed it - again for further research and debugging. (It disabled location: following - on server not running on default ports.) - - - Jörn Hartroth brought a fix that once again - made it possible to select progress bar. - - - Jörn also fixed a few include problems. - -Version 6.4 - -Daniel (17 January 2000): - - Based on suggestions from Björn Stenberg, I made the - progress deal better with larger files and added a "Time" field which shows - the time spent on the download so far. - - I'm now using the CVS repository on sourceforge.net, which also allows web - browsing. - -Daniel (10 January 2000): - - Renumbered some enums in curl/curl.h since tag number 35 was used twice! - - Added "postquote" support to the ftp section that enables post-ftp-transfer - quote commands. - - Now made the -Q/--quote parameter recognize '-' as a prefix, which means - that command will be issued AFTER a successful ftp transfer. This can of - course be used to delete or rename a file after it has been uploaded or - downloaded. Use your imagination! ;-) - - Since I do the main development on solaris 2.6 now, I had to download and - install GNU groff to generate the hugehelp.c file. The solaris nroff cores - on the man page! So, in order to make the solaris configure script find a - better result I made gnroff get checked prior to the regular nroff. - - Added all the curl exit codes to the man page. - - Jim Gallagher properly tracked down a bug in autoconf - 2.13. The AC_CHECK_LIB() macro wrongfully uses the -l flag before the -L - flag to 'ld' which causes the HP-UX 10.20 flavour to fail on all libchecks - and therefore you can't make the configure script find the openssl libs! - -Daniel (28 December 1999): - - Tim Verhoeven correctly identified that curl - doesn't support URL formatted file names when getting ftp. Now, there's a - problem with getting very weird file names off FTP servers. RFC 959 defines - that the file name syntax to use should be the same as in the native OS of - the server. Since we don't know the peer server system we currently just - translate the URL syntax into plain letters. It is still better and with - the solaris 2.6-supplied ftp server it works with spaces in the file names. - -Daniel (27 December 1999): - - When curl parsed cookies straight off a remote site, it corrupted the input - data, which, if the downloaded headers were stored made very odd characters - in the saved data. Correctly identified and reported by Paul Harrington. - -Daniel (13 December 1999): - - General cleanups in the library interface. There had been some bad kludges - added during times of stress and I did my best to clean them off. It was - both regarding the lib API as well as include file confusions. - -Daniel (3 December 1999): - - A small --stderr bug was reported by Eetu Ojanen... - - - who also brought the suggestion of extending the -X flag to ftp list as - well. So, now it is and the long option is now --request instead. It is - only for ftp list for now (and the former http stuff too of course). - -Lars J. Aas (24 November 1999): - - Patched curl to compile and build under BeOS. Doesn't work yet though! - - - Corrected the Makefile.am files to allow putting object files in - different directories than the sources. - -Version 6.3.1 - -Daniel (23 November 1999): - - I've had this major disk crash. My good old trust-worthy source disk died - along with the machine that hosted it. Thank goodness most of all the - things I've done are either backed up elsewhere or stored in this CVS - server! - - - Michael S. Steuer pointed out a bug in the -F handling - that made curl hang if you posted an empty variable such as '-F name='. It - was one of those old bugs that never have worked properly... - - - Jason Baietto pointed out a general flaw in the HTTP - download. Curl didn't complain if it was prematurely aborted before the - entire download was completed. It does now. - -Daniel (19 November 1999): - - Chris Maltby very accurately criticized the lack of - return code checks on the fwrite() calls. I did a thorough check for all - occurrences and corrected this. - -Daniel (17 November 1999): - - Paul Harrington pointed out that the -m/--max-time option - doesn't work for the slow system calls like gethostbyname()... I don't have - any good fix yet, just a slightly less bad one that makes curl exit hard - when the timeout is reached. - - - Bjorn Reese helped me point out a possible problem that might be the reason - why Thomas Hurst experience problems in his Amiga version. - - Daniel (12 November 1999): - - I found a crash in the new cookie file parser. It crashed when you gave - a plain http header file as input... - -Version 6.3 - - Daniel (10 November 1999): - - I kind of found out that the HTTP time-conditional GETs (-z) aren't always - respected by the web server and the document is therefore sent in whole - again, even though it doesn't match the requested condition. After reading - section 13.3.4 of RFC 2616, I think I'm doing the right thing now when I do - my own check as well. If curl thinks the condition isn't met, the transfer - is aborted prematurely (after all the headers have been received). - - - After comments from Robert Linden I also rewrote some parts of the man page - to better describe how the -F works. - - - Michael Anti put up a new curl download mirror in - China: http://www.pshowing.com/curl/ - - - I added the list of download mirrors to the README file - - - I did add more explanations to the man page - - Daniel (8 November 1999): - - I made the -b/--cookie option capable of reading netscape formatted cookie - files as well as normal http-header files. It should be able to - transparently figure out what kind of file it got as input. - - Daniel (29 October 1999): - - Another one of Sebastiaan van Erk's ideas (that has been requested before - but I seem to have forgotten who it was), is to add support for ranges in - FTP downloads. As usual, one request is just a request, when they're two - it is a demand. I've added simple support for X-Y style fetches. X has to - be the lower number, though you may omit one of the numbers. Use the -r/ - --range switch (previously HTTP-only). - - - Sebastiaan van Erk suggested that curl should be - able to show the file size of a specified file. I think this is a splendid - idea and the -I flag is now working for FTP. It displays the file size in - this manner: - Content-Length: XXXX - As it resembles normal headers, and leaves us the opportunity to add more - info in that display if we can come up with more in the future! It also - makes sense since if you access ftp through a HTTP proxy, you'd get the - file size the same way. - - I changed the order of the QUOTE command executions. They're now executed - just after the login and before any other command. I made this to enable - quote commands to run before the -I stuff is done too. - - - I found out that -D/--dump-header and -V/--version weren't documented in - the man page. - - - Many HTTP/1.1 servers do not support ranges. Don't ask me why. I did add - some text about this in the man page for the range option. The thread in - the mailing list that started this was initiated by Michael Anti. - - - I get reports about nroff crashes on solaris 2.6+ when displaying the curl - man page. Switch to gnroff instead, it is reported to work(!). Adam Barclay - reported and brought the suggestion. - - - In a dialogue with Johannes G. Kristinsson we came - up with the idea to let -H/--header specified headers replace the - internally generated headers, if you happened to select to add a header - that curl normally uses by itself. The advantage with this is not entirely - obvious, but in Johannes' case it means that he can use another Host: than - the one curl would set. - - Daniel (27 October 1999): - - Jongki Suwandi brought a nice patch for (yet another) crash when following - a location:. This time you had to follow a https:// server's redirect to - get the core. - -Version 6.2 - - Daniel (21 October 1999): - - I think I managed to remove the suspicious (nil) that has been seen just - before the "Host:" in HTTP requests when -v was used. - - I found out that if you followed a location: when using a proxy, without - having specified http:// in the URL, the protocol part was added once again - when moving to the next URL! (The protocol part has to be added to the - URL when going through a proxy since it has no protocol-guessing system - such as curl has.) - - Benjamin Ritcey reported a core dump under solaris 2.6 - with OpenSSL 0.9.4. It turned out this was due to a bad free() in main.c - that occurred after the download was done and completed. - - Benjamin found ftp downloads to show the first line of the download meter - to get written twice, and I removed that problem. It was introduced with - the multiple URL support. - - Dan Zitter correctly pointed out that curl 6.1 and earlier versions didn't - honor RFC 2616 chapter 4 section 2, "Message Headers": "...Field names are - case-insensitive..." HTTP header parsing assumed a certain casing. Dan - also provided me with a patch that corrected this, which I took the liberty - of editing slightly. - - Dan Zitter also provided a nice patch for config.guess to better recognize - the Mac OS X - - Dan also corrected a minor problem in the lib/Makefile that caused linking - to fail on OS X. - - Daniel (19 October 1999): - - Len Marinaccio came up with some problems with curl. Since Windows has a - crippled shell, it can't redirect stderr and that causes trouble. I added - --stderr today which allows the user to redirect the stderr stream to a - file or stdout. - - Daniel (18 October 1999): - - The configure script now understands the '--without-ssl' flag, which now - totally disable SSL/https support. Previously it wasn't possible to force - the configure script to leave SSL alone. The previous functionality has - been retained. Troy Engel helped test this new one. - -Version 6.1 (October 17 1999) - - Daniel (17 October 1999): - - I ifdef'ed or commented all the zlib stuff in the sources and configure - script. It turned out we needed to mock more with zlib than I initially - thought, to make it capable of downloading compressed HTTP documents and - uncompress them on the fly. I didn't mean the zlib parts of curl to become - more than minor so this means I halt the zlib expedition for now and wait - until someone either writes the code or zlib gets updated and better - adjusted for this kind of usage. I won't get into details here, but a - short a summary is suitable: - - zlib can't automatically detect whether to use zlib or gzip - decompression methods. - - zlib is very neat for reading gzipped files from a file descriptor, - although not as nice for reading buffer-based data such as we would - want it. - - there are still some problems with the win32 version when reading from - a file descriptor if that is a socket - - Daniel (14 October 1999): - - Moved the (external) include files for libcurl into a subdirectory named - curl and adjusted all #include lines to use to maintain a - better name space and control of the headers. This has been requested. - - Daniel (12 October 1999): - - I modified the 'maketgz' script to perform a 'make' too before a release - archive is put together in an attempt to make the time stamps better and - hopefully avoid the double configure-running that use to occur. - - Daniel (11 October 1999): - - Applied Jörn's patches that fixes zlib for mingw32 compiles as well as - some other missing zlib #ifdef and more text on the multiple URL docs in - the man page. - -Version 6.1beta - - Daniel (6 October 1999): - - Douglas E. Wegscheid sent me a patch that made the exact same thing as I - just made: the -d switch is now capable of reading post data from a named - file or stdin. Use it similarly to the -F. To read the post data from a - given file: - - curl -d @path/to/filename www.postsite.com - - or let curl read it out from stdin: - - curl -d @- www.postit.com - - Jörn Hartroth (3 October 1999): - - Brought some more patches for multiple URL functionality. The MIME - separation ideas are almost scrapped now, and a custom separator is being - used instead. This is still compile-time "flagged". - - Daniel - - Updated curl.1 with multiple URL info. - - Daniel (30 September 1999): - - Felix von Leitner brought openssl-check fixes for configure.in to work - out-of-the-box when the openssl files are installed in the system default - dirs. - - Daniel (28 September 1999) - - Added libz functionality. This should enable decompressing gzip, compress - or deflate encoding HTTP documents. It also makes curl send an accept that - it accepts that kind of encoding. Compressed contents usually shortens - download time. I *need* someone to tell me a site that uses compressed HTTP - documents so that I can test this out properly. - - - As a result of the adding of zlib awareness, I changed the version string - a little. I plan to add openldap version reporting in there too. - - Daniel (17 September 1999) - - Made the -F option allow stdin when specifying files. By using '-' instead - of file name, the data will be read from stdin. - -Version 6.0 (September 14 1999) - - Daniel (13 September 1999) - - Added -X/--http-request to enable any HTTP command to be sent. - Do not that your server has to support the exact string you enter. This - should possibly a string like DELETE or TRACE. - - - Applied Douglas' mingw32-fixes for the makefiles. - - Daniel (10 September 1999) - - Douglas E. Wegscheid pointed out a problem. Curl didn't check the FTP - servers return code properly after the --quote commands were issued. It - took anything non 200 as an error, when all 2XX codes should be accepted as - OK. - - - Sending cookies to the same site in multiple lines like curl used to do - turned out to be bad and breaking the cookie specs. Curl now sends all - cookies on a single Cookie: line. Curl is not yet RFC 2109 compliant, but I - doubt that many servers do use that syntax (yet). - - Daniel (8 September 1999) - - Jörn helped me make sure it still compiles nicely with mingw32 under win32. - - Daniel (7 September 1999) - - FTP upload through proxy is now turned into a HTTP PUT. Requested by - Stefan Kanthak. - - - Added the ldap files to the .m32 makefile. - - Daniel (3 September 1999) - - Made cookie matching work while using HTTP proxy. - - Bjorn Reese (31 August 1999) - - Passed his ldap:// patch. Note that this requires the openldap shared - library to be installed and that LD_LIBRARY_PATH points to the - directory where the lib will be found when curl is run with a - ldap:// URL. - - Jörn Hartroth (31 August 1999) - - Made the Mingw32 makefiles into single files. - - Made file:// work for Win32. The same code is now used for unix as well for - performance reasons. - - Douglas E. Wegscheid (30 August 1999) - - Patched the Mingw32 makefiles for SSL builds. - - Matthew Clarke (30 August 1999) - - Made a cool patch for configure.in to allow --with-ssl to specify the - root dir of the openssl installation, as in - - ./configure --with-ssl=/usr/ssl_here - - - Corrected the 'reconf' script to work better with some shells. - - Jörn Hartroth (26 August 1999) - - Fixed the Mingw32 makefiles in lib/ and corrected the file.c for win32 - compiles. - -Version 5.11 - - Daniel (25 August 1999) - - John Weismiller pointed out a bug in the header-line - realloc() system in download.c. - - - I added lib/file.[ch] to offer a first, simple, file:// support. It - probably won't do much good on win32 system at this point, but I see it - as a start. - - - Made the release archives get a Makefile in the root dir, which can be - used to start the compiling/building process easier. I haven't really - changed any INSTALL text yet, I wanted to get some feed-back on this - first. - - Daniel (17 August 1999) - - Another Location: bug. Curl didn't do proper relative locations if the - original URL had cgi-parameters that contained a slash. Nusu's page - again. - - - Corrected the NO_PROXY usage. It is a list of substrings that if one of - them matches the tail of the host name it should connect to, curl should - not use a proxy to connect there. Pointed out to me by Douglas - E. Wegscheid. I also changed the README text a little regarding this. - - Daniel (16 August 1999) - - Fixed a memory bug with http-servers that sent Location: to a Location: - page. Nusu's page showed this too. - - - Made cookies work a lot better. Setting the same cookie name several times - used to add more cookies instead of replacing the former one which it - should've. Nusu brought me an URL that made this - painfully visible... - - Troy (15 August 1999) - - Brought new .spec files as well as a patch for configure.in that lets the - configure script find the openssl files better, even when the include - files are in /usr/include/openssl - -Version 5.10 - - Daniel (13 August 1999) - - SSL_CTX_set_default_passwd_cb() has been modified in the 0.9.4 version of - OpenSSL. Now why couldn't they simply add a *new* function instead of - modifying the parameters of an already existing function? This way, we get - a compiler warning if compiling with 0.9.4 but not with earlier. So, I had - to come up with a #if construction that deals with this... - - - Made curl output the SSL version number get displayed properly with 0.9.4. - - Troy (12 August 1999) - - Added MingW32 (GCC-2.95) support under Win32. The INSTALL file was also - a bit rearranged. - - Daniel (12 August 1999) - - I had to copy a good include file into the curl source - tree to enable the silly win32 systems to compile. The distribution rights - allows us to do that as long as the file remains unmodified. - - - I corrected a few minor things that made the compiler complain when - -Wall -pedantic was used. - - - I'm moving the official curl web page to curl.haxx.nu. I think it - will make it easier to remember as it is a lot shorter and less cryptic. - The old one still works and shows the same info. - - Daniel (11 August 1999) - - Albert Chin-A-Young mailed me another correction for NROFF in the - configure.in that is supposed to be better for IRIX users. - - Daniel (10 August 1999) - - Albert Chin-A-Young helped me with some stupid Makefile things, as well as - some fiddling with the getdate.c stuff that he had problems with under - HP-UX v10. getdate.y will now be compiled into getdate.c if the appropriate - yacc or bison is found by the configure script. Since this is slightly new, - we need to test the output getdate.c with win32 systems to make sure it - still compiles there. - - Daniel (5 August 1999) - - I've just setup a new mailing list with the intention to keep discussions - around libcurl development in it. I mainly expect it to be for thoughts and - brainstorming around a "next generation" library, rather than nitpicking - about the current implementation or details in the current libcurl. - - To join our happy bunch of future-looking geeks, enter 'subscribe -
' in the body of a mail and send it to - libcurl-request@listserv.fts.frontec.se. Curl bug reports, the usual curl - talk and everything else should still be kept in this mailing list. I've - started to archive this mailing list and have put the libcurl web page at - www.fts.frontec.se/~dast/libcurl/. - - - Stefan Kanthak contacted me regarding a few problems in the configure - script which he discovered when trying to make curl compile and build under - Siemens SINIX-Z V5.42B2004! - - - Marcus Klein very accurately informed me that src/version.h was not present - in the CVS repository. Oh, how silly... - - - Linus Nielsen rewrote the telnet:// part and now curl offers limited telnet - support. If you run curl like 'curl telnet://host' you'll get all output on - the screen and curl will read input from stdin. You'll be able to login and - run commands etc, but since the output is buffered, expect to get a little - weird output. - - This is still in its infancy and it might get changed. We need your - feed-back and input in how this is best done. - - WIN32 NOTE: I bet we'll get problems when trying to compile the current - lib/telnet.c on win32, but I think we can sort them out in time. - - - David Sanderson reported that FORCE_ALLOCA_H or HAVE_ALLOCA_H must be - defined for getdate.c to compile properly on HP-UX 11.0. I updated the - configure script to check for alloca.h which should make it. - - Daniel (4 August 1999) - - I finally got to understand Marcus Klein's ftp download resume problem, - which turns out to be due to different outputs from different ftp - servers. It makes ftp download resuming a little trickier, but I've made - some modifications I really believe will work for most ftp servers and I do - hope you report if you have problems with this! - - - Added text about file transfer resuming to README.curl. - - Daniel (2 August 1999) - - Applied a progress-bar patch from Lars J. Aas. It offers - a new styled progress bar enabled with -#/--progress-bar. - - T. Yamada (30 July 1999) - - It breaks with segfault when 1) curl is using .netrc to obtain - username/password (option '-n'), and 2) is automatically redirected to - another location (option '-L'). - - There is a small bug in lib/url.c (block starting from line 641), which - tries to take out username/password from user- supplied command-line - argument ('-u' option). This block is never executed on first attempt since - CONF_USERPWD bit isn't set at first, but curl later turns it on when it - checks for CONF_NETRC bit. So when curl tries to redo everything due to - redirection, it segfaults trying to access *data->userpwd. - -Version 5.9.1 - - Daniel (30 July 1999) - - Steve Walch pointed out that there is a memory leak in the formdata - functions. I added a FormFree() function that is now used and supposed to - correct this flaw. - - - Mark Wotton reported: - 'curl -L https://www.cwa.com.au/' core dumps. I managed to cure this by - correcting the cleanup procedure. The bug seems to be gone with my OpenSSL - 0.9.2b, although still occurs when I run the ~100 years old SSLeay 0.8.0. I - don't know whether it is curl or SSLeay that is to blame for that. - - - Marcus Klein: - Reported an FTP upload resume bug that I really can't repeat nor understand. - I leave it here so that it won't be forgotten. - - Daniel (29 July 1999) - - Costya Shulyupin suggested support for longer URLs when following Location: - and I could only agree and fix it! - - - Leigh Purdie found a problem in the upload/POST department. It turned out - that http.c accidentaly cleared the pointer instead of the byte counter - when supposed to. - - - Costya Shulyupin pointed out a problem with port numbers and Location:. If - you had a server at a non-standard port that redirected to an URL using a - standard port number, curl still used that first port number. - - - Ralph Beckmann pointed out a problem when using both CONF_FOLLOWLOCATION - and CONF_FAILONERROR simultaneously. Since the CONF_FAILONERROR exits on - the 302-code that the follow location header outputs it will never show any - html on location: pages. I have now made it look for >=400 codes if - CONF_FOLLOWLOCATION is set. - - - 'struct slist' is now renamed to 'struct curl_slist' (as suggested by Ralph - Beckmann). - - - Joshua Swink and Rick Welykochy were the first to point out to me that the - latest OpenSSL package now have moved the standard include path. It is now - in /usr/local/ssl/include/openssl and I have now modified the --enable-ssl - option for the configure script to use that as the primary path, and I - leave the former path too to work with older packages of OpenSSL too. - - Daniel (9 June 1999) - - I finally understood the IRIX problem and now it seem to compile on it! - I am gonna remove those #define strcasecmp() things once and for all now. - - Daniel (4 June 1999) - - I adjusted the FTP reply 227 parser to make the PASV command work better - with more ftp servers. Appearantly the Roxen Challanger server replied - something curl 5.9 could deal with! :-( Reported by Ashley Reid-Montanaro - and Mark Butler brought a solution for it. - - Daniel (26 May 1999) - - Rearranged. README is new, the old one is now README.curl and I added a - README.libcurl with text I got from Ralph Beckmann. - - - I also updated the INSTALL text. - - Daniel (25 May 1999) - - David Jonathan Lowsky correctly pointed out that curl didn't properly deal - with form posting where the variable shouldn't have any content, as in curl - -F "form=" www.site.com. It was now fixed. - -Version 5.9 (May 22 1999) - - Daniel (22 May 1999) - - I've got a bug report from Aaron Scarisbrick in which he states he has some - problems with -L under FreeBSD 3.0. I have previously got another bug - report from Stefan Grether which points at an error with similar sympthoms - when using win32. I made the allocation of the new url string a bit faster - and different, don't know if it actually improves anything though... - - Daniel (20 May 1999) - - Made the cookie parser deal with CRLF newlines too. - - Daniel (19 May 1999) - - Download() didn't properly deal with failing return codes from the sread() - function. Adam Coyne found the problem in the win32 version, and Troy Engel - helped me out isolating it. - - Daniel (16 May 1999) - - Richard Adams pointed out a bug I introduced in 5.8. --dump-header doesn't - work anymore! :-/ I fixed it now. - - - After a suggestion by Joshua Swink I added -S / --show-error to force curl - to display the error message in case of an error, even if -s/--silent was - used. - - Daniel (10 May 1999) - - I moved the stuff concerning HTTP, DICT and TELNET it their own source - files now. It is a beginning on my clean-up of the sources to make them - layer all those protocols better to enable more to be added easier in the - future! - - - Leon Breedt sent me some files I've not put into the main curl - archive. They're for creating the Debian package thingie. He also sent me a - debian package that I've made available for download at the web page - - Daniel (9 May 1999) - - Made it compile on cygwin too. - - Troy Engel (7 May 1999) - - Brought a series of patches to allow curl to compile smoothly on MSVC++ 6 - again! - - Daniel (6 May 1999) - - I changed the #ifdef HAVE_STRFTIME placement for the -z code so that it - will be easier to discover systems that don't have that function and thus - can't use -z successfully. Made the strftime() get used if WIN32 is defined - too. - -Version 5.8 - - Daniel (5 May 1999) - - I've had it with this autoconf/automake mess. It seems to work allright - for most people who don't have automake installed, but for those who have - there are problems all over. - - I've got like five different bug reports on this only the last - week... Claudio Neves and Federico Bianchi and root are some of them reporting this. - - Currently, I have no really good fix since I want to use automake myself to - generate the Makefile.in files. I've found out that the @SHELL@-problems - can often be fixed by manually invoking 'automake' in the archive root - before you run ./configure... I've hacked my maketgz script now to fiddle - a bit with this and my tests seem to work better than before at least! - - Daniel (4 May 1999) - - mkhelp.pl has been doing badly lately. I corrected a case problem in - the regexes. - - - I've now remade the -o option to not touch the file unless it needs to. - I had to do this to make -z option really fine, since now you can make a - curl fetch and use a local copy's time when downloading to that file, as - in: - - curl -z dump -o dump remote.site.com/file.html - - This will only get the file if the remote one is newer than the local. - I'm aware that this alters previous behaviour a little. Some scripts out - there may depend on that the file is always touched... - - - Corrected a bug in the SSLv2/v3 selection. - - - Felix von Leitner requested that curl should be able to send - "If-Modified-Since" headers, which indeed is a fair idea. I implemented it - right away! Try -z where expression is a full GNU date - expression or a file name to get the date from! - - Stephan Lagerholm (30 Apr 1999) - - Pointed out a problem with the src/Makefile for FreeBSD. The RM variable - isn't set and causes the make to fail. - - Daniel (26 April 1999) - - Am I silly or what? Irving Wolfe pointed out to me that the curl version - number was not set properly. Hasn't been since 5.6. This was due to a bug - in my maketgz script! - - David Eriksson (25 Apr 1999) - - Found a bug in cookies.c that made it crash at times. - -Version 5.7.1 - - Doug Kaufman (23 Apr 1999) - - Brought two sunos 4 fixes. One of them being the hostip.c fix mentioned - below and the other one a correction in include/stdcheaders.h - - - Added a paragraph about compiling with the US-version of openssl to the - INSTALL file. - - Daniel - - New mailing list address. Info updated on the web page as well as in the - README file - - Greg Onufer (20 Apr 1999) - - hostip.c didn't compile properly on SunOS 5.5.1. - It needs an #include - -Version 5.7 - - Daniel (Apr 20 1999) - - Decided to upload a non-beta version right now! - - - Made curl support any-length HTTP headers. The destination buffer is now - simply enlarged every time it turns out to be too small! - - - Added the FAQ file to the archive. Still a bit smallish, but it is a - start. - - Eric Thelin (15 Apr 1999) - - Made -D accept '-' instead of filename to write to stdout. - -Version 5.6.3beta - - Daniel (Apr 12 1999) - - - Changed two #ifdef WIN32 to better #ifdef when connect()ing - in url.c and ftp.c. Makes cygwin32 deal with them better too. We should - try to get some decent win32-replacement there. Anyone? - - - The old -3/--crlf option is now ONLY --crlf! - - - I changed the "SSL fix" to a more lame one, but that doesn't remove as - much functionality. Now I've enabled the lib to select what SSL version it - should try first. Appearantly some older SSL-servers don't like when you - talk v3 with them so you need to be able to force curl to talk v2 from the - start. The fix dated April 6 and posted on the mailing list forced curl to - use v2 at all times using a modern OpenSSL version, but we don't really - want such a crippled solution. - - - Marc Boucher sent me a patch that corrected a math error for the - "Curr.Speed" progress meter. - - - Eric Thelin sent me a patch that enables '-K -' to read a config file from - stdin. - - - I found out we didn't close the file properly before so I added it! - - Daniel (Apr 9 1999) - - Yu Xin pointed out a problem with ftp download resume. It didn't work at - all! ;-O - - Daniel (Apr 6 1999) - - Corrected the version string part generated for the SSL version. - - - I found a way to make some other SSL page work with openssl 0.9.1+ that - previously didn't (ssleay 0.8.0 works with it though!). Trying to get - some real info from the OpenSSL guys to see how I should do to behave the - best way. SSLeay 0.8.0 shouldn't be that much in use anyway these days! - -Version 5.6.2beta - - Daniel (Apr 4 1999) - - Finally have curl more cookie "aware". Now read carefully. This is how - it works. - To make curl read cookies from an already existing file, in plain header- - format (like from the headers of a previous fetch) invoke curl with the - -b flag like: - - curl -b file http://site/foo.html - - Curl will then use all cookies it finds matching. The old style that sets - a single cookie with -b is still supported and is used if the string - following -b includes a '=' letter, as in "-b name=daniel". - - To make curl read the cookies sent in combination with a location: (which - sites often do) point curl to read a non-existing file at first (i.e - to start with no existing cookies), like: - - curl -b nowhere http://site/setcookieandrelocate.html - - - Added a paragraph in the TODO file about the SSL problems recently - reported. Evidently, some kind of SSL-problem curl may need to address. - - - Better "Location:" following. - - Douglas E. Wegscheid (Tue, 30 Mar 1999) - - A subsecond display patch. - - Daniel (Mar 14 1999) - - I've separated the version number of libcurl and curl now. To make - things a little easier, I decided to start the curl numbering from - 5.6 and the former version number known as "curl" is now the one - set for libcurl. - - - Removed the 'enable-no-pass' from configure, I doubt anyone wanted - that. - - - Made lots of tiny adjustments to compile smoothly with cygwin under - win32. It's a killer for porting this to win32, bye bye VC++! ;-) - Compiles and builds out-of-the-box now. See the new wordings in - INSTALL for details. - - - Beginning experiments with downloading multiple document from a http - server while remaining connected. - -Version 5.6beta - - Daniel (Mar 13 1999) - - Since I've changed so much, I thought I'd just go ahead and implement the - suggestion from Douglas E. Wegscheid. -D or --dump-header is now storing - HTTP headers separately in the specified file. - - - Added new text to INSTALL on what to do to build this on win32 now. - - - Aaargh. I had to take a step back and prefix the shared #include files - in the sources with "../include/" to please VC++... - - Daniel (Mar 12 1999) - - Split the url.c source into many tiny sources for better readability - and smaller size. - - Daniel (Mar 11 1999) - - Started to change stuff for a move to make libcurl and a more separate - curl application that uses the libcurl. Made the libcurl sources into - the new lib directory while the curl application will remain in src as - before. New makefiles, adjusted configure script and so. - - libcurl.a built quickly and easily. I better make a better interface to - the lib functions though. - - The new root dir include/ is supposed to contain the public information - about the new libcurl. It is a little ugly so far :-) - - - Daniel (Mar 1 1999) - - Todd Kaufmann sent me a good link to Netscape's cookie spec as well as the - info that RFC 2109 specifies how to use them. The link is now in the - README and the RFC in the RESOURCES. - - Daniel (Feb 23 1999) - - Finally made configure accept --with-ssl to look for SSL libs and includes - in the "standard" place /usr/local/ssl... - - Daniel (Feb 22 1999) - - Verified that curl linked fine with OpenSSL 0.9.1c which seems to be - the most recent. - - Henri Gomez (Fri Feb 5 1999) - - Sent in an updated curl-ssl.spec. I still miss the script that builds an - RPM automatically... - -Version 5.5.1 - - Mark Butler (27 Jan 1999) - - Corrected problems in Download(). - - Danitel Stenberg (25 Jan 1999) - - Jeremie Petit pointed out a few flaws in the source that prevented it from - compile warning free with the native compiler under Digital Unix v4.0d. - -Version 5.5 - - Daniel Stenberg (15 Jan 1999) - - Added Bjorns small text to the README about the DICT protocol. - - Daniel Stenberg (11 Jan 1999) - - reported about the win32-versioin: "Doesn't use - ALL_PROXY environment variable". Turned out to be because of the static- - buffer nature of the win32 environment variable calls! - - Bjorn Reese (10 Jan 1999) - - I have attached a simple addition for the DICT protocol (RFC 2229). - It performs dictionary lookups. The output still needs to be better - formatted. - - To test it try (the exact format, and more examples are described in - the RFC) - - dict://dict.org/m:hello - dict://dict.org/m:hello::soundex - - - Vicente Garcia (10 Jan 1999) - - Corrected the progress meter for files larger than 20MB. - - Daniel Stenberg (7 Jan 1999) - - Corrected the -t and -T help texts. They claimed to be FTP only. - -Version 5.4 - - Daniel Stenberg - (7 Jan 1999) - - Irving Wolfe reported that curl -s didn't always supress the progress - reporting. It was the form post that autoamtically always switched it on - again. This is now corrected! - - (4 Jan 1999) - - Andreas Kostyrka suggested I'd add PUT and he helped me out to test it. If - you use -t or -T now on a http or https server, PUT will be used for file - upload. - - I removed the former use of -T with HTTP. I doubt anyone ever really used - that. - - (4 Jan 1999) - - Erik Jacobsen found a width bug in the mprintf() function. I corrected it - now. - - (4 Jan 1999) - - As John V. Chow pointed out to me, curl accepted very limited URL sizes. It - should now accept path parts that are up to at least 4096 bytes. - - - Somehow I screwed up when applying the AIX fix from Gilbert Ramirez, so - I redid that now. - -Version 5.3a (win32 only) - - Troy Engel - - Corrected a win32 bug in the environment variable part. - -Version 5.3 - - Gilbert Ramirez Jr. (21 Dec 1998) - - I have implemented the "quote" function of FTP clients. It allows you to - send arbitrary commands to the remote FTP server. I chose the -Q/--quote - command-line arguments. - - You can have more than one quoted string, and curl will apply them in - order. This is what I use for my MVS upload: - - curl -B --crlf -Q "site lrecl=80" -Q "site blk=8000" -T file ftp://os390/test - - Curl will send the two quoted "site" commands in the proper order. - - - Made it compile smoothly on AIX. - - Gilbert Ramirez Jr. (18 Dec 1998) - - Brought an MVS patch: -3/--mvs, for ftp upload to the MVS ftp server. - - Troy Engel (17 Dec 1998) - - Brought a correction that fixes the win32 curl bug. - - Daniel Stenberg - - A bug, pointed out to me by Dr H. T. Leung, caused curl to crash on the -A - flag on certain systems. Actually, all systems should've! - - - Added a few defines to make directories/file names get build nicer (with _ - instead of . and \ instead of / in win32). - - - steve reported a weird bug that occured if the - ftp server response line had a parenthesis on the line before the (size) - info. I hope it works better now! - -Version 5.2.1 - - Steven G. Johnson (Dec 14, 1998) - - Brought a fix that corrected a crash in 5.2 due to bad treatment of the - environment variables. - -Version 5.2 - - Daniel Stenberg (Dec 14, 1998) - - Rewrote the mkhelp script and now, the mkhelp.pl script generates the - hugehelp.c file from the README *and* the man page file curl.1. By using - both files, I no longer need to have double information in both the man - page and the README as well. So, win32-users will only have the hugehelp.c - file for all info, but then, they download the plain binary most times - anyway. - - - gcc2.8.1 with the -Wall flag complaints a lot on subscript has type `char' - if I don't explicitly typecast the argument to isdigit() or isspace() to - int. So I did to compile warning free with that too. - - - Added checks for 'long double' and 'long long' in the configure script. I - need those for the mprintf.c source to compile well on non long long - comforming systems! - -Version 5.1 (not publicly released) - - Daniel Stenberg (Dec 10, 1998) - - I got a request for a pre-compiled NT Alpha version. Anyone? - - - Added Lynx/CERN www lib proxy environment variable support. That means curl - now reads and understands the following environment variables: - - HTTP_PROXY, HTTPS_PROXY, FTP_PROXY, GOPHER_PROXY - - They should be set for protocol-specific proxies. General proxy should be - set with - - ALL_PROXY - - And a comma-separated list of host names that shouldn't go through any - proxy is set in (only an asterisk, '*' matches all hosts). - - NO_PROXY - - The usage of the -x/--proxy flag overrides the environment variables. - - - Proxy can now be specified with a procotol:// prefix. - - - Wrote the curl.1 man page. - - - Introduced a whole new dynamic buffer system for all sprintf()s. It is - based on the *printf() package by yours truly and Bjorn Reese. Hopefully, - there aren't that many buffer overflow risks left now. - - - Ah, I should mention I've compiled and built curl successfully under - solaris 2.6 with gcc now, gcc 2.7.2 won't work but 2.8.1 did ok. - - Oren Tirosh (Dec 3, 1998) - - Brought two .spec files, to use when creating (Linux) Redhat style RPM - packages. They're named curl.spec and curl-ssl.spec. - - Troy Engel - - Supplied the src/Makefile.vc6 for easy compiling with VC++ under Win32. - -Version 5.0 - - Daniel Stenberg (Dec 1, 1998) - - Not a single bug report in ages. - - Corrected getpass.c and main.c to compile warning and error free with the - Win32 VC++ crap. - -Version 5.0 beta 24 - - Daniel Stenberg (Nov 20, 1998) - - HOW TO BUILD A RELEASE ARCHIVE: - - * Pre-requisite software: - What To build what Reads data from - ==== ============= =============== - GNU automake Makefile.in, aclocal.m4 configure.in - GNU make(1) - " - - GNU gcc(1) - " - - GNU autoconf configure configure.in - GNU autoheader(2) config.h.in configure.in, acconfig.h - - * Make sure all files that should be part of the archive are put in FILES. - - * Run './maketgz' and enter version number of the new to become archive. - - maketgz does: - - - Enters the newly created version number in url.h. - - (If you don't have automake, this script will warn about that, but unless - you have changed the Makefile.am files, that is nothing to care about.) - If you have it, it'll run it. - - If you have autoconf, the configure.in will be edited to get the newly - created version number and autoconf will be run. - - Creates a new directory named curl-. (Actually, it uses the base - name of the current directory up to the first '-'.) - - Copies all files mentioned in FILES to the new directory. Saving - permissions and directory structure. - - Uses tar to create an archive of it all, named curl-.tar.gz - - gzips the archive - - Removes the new directory and all its contents. - - * When done, you have an archive stored in your directory named - curl-.tar.gz. - - Done! - - (1) They're required to make automake run properly. - (2) It is distributed as a part of the GNU autoconf archive. - - Daniel Stenberg (Nov 18, 1998) - - I changed the TAG-system. If you ever used urlget() from this package in - another product, you need to recompile with the new headers. I did this - new stuff to better deal with different compilers and system with different - variable sizes. I think it makes it a little more portable. This proves - to compile warning free with the problematic IRIX compiler! - - Win32 compiled with a silly error. Corrected now. - - Brian Chaplin reported yet another problem in - multiline FTP responses. I've tried to correct it. I mailed him a new - version and I hope he gets back soon with positive feedback! - - Improved the 'maketgz' to create a temporary directory tree which it makes - an archive from instead of the previous renaming of the current one. - - Mailing list opened (see README). - - Made -v more verbose on the PASV section of ftp transfers. Now it tells - host name and IP of the new host (and port number). I also added a section - about PORT vs PASV in the README. - -Version 5.0 beta 21 - - Angus Mackay (Nov 15, 1998) - - Introduced automake stuff. - - Daniel Stenberg (Nov 13, 1998) - - Just made a successful GET of a document from an SSL-server using my own - private certificate for authentication! The certificate has to be in PEM - format. You do that the easiest way (although not *that* easy) by - downloading the SSLyeay PKCS#12-patch by Dr Stephen N. Henson from his site - at: http://www.drh-consultancy.demon.co.uk/. Using his tool, you can - convert any modern Netscape or (even) MSIE certificate to PEM-format. Use - it with 'curl -E https://site.com'. If this isn't a - cool feature, then I don't know what cool features look like! ;-) - - Working slowly on telnet connections. #define TRY_TELNET to try it out. - (curl -u user:passwd "telnet://host.com/cat .login" is one example) I do - have problem to define how it should work. The prime purpose for this must - be to get (8bit clean) files via telnet, and it really isn't that easy to - get files this way. Still having problems with \n being converted to \r\n. - - Angus Mackay (Nov 12, 1998) - - Corrected another bug in the long parameter name parser. - - Modified getpass.c (NOTE: see the special licensing in the top of that - source file). - - Daniel Stenberg (Nov 12, 1998) - - We may have removed the silly warnings from url.c when compiled under IRIX. - Thanks again to Bjorn Reese and Martin Staael. - - Wrote formfind.pl which is a new perl script intended to help you find out - how a FORM submission should be done. This needs a little more work to get - really good. - - Daniel Stenberg (Nov 11, 1998) - - Made the HTTP header-checker accept white spaces before the HTTP/1.? line. - Appearantly some proxies/sites add such at times (my test proxy did when I - downloaded a gopher page with it)! - - Moved the former -h to -M and made -h show the short help text instead. I - had to enable a forced help text option. Now an even shorter help text will - be presented when an unknown option and similar, is used. - - stdcheaders.h didn't work with IRIX 6.4 native cc compiler. I hope my - changes don't make other versions go nuts instead. - - Daniel Stenberg (Nov 10, 1998) - - Added a weird check in the configure script to check for the silly AIX - warnings about my #define strcasecmp() stuff. I do that define to prevent - me and other contributors to accidentaly use that function name instead - of strequal()... - - I bugfixed Angus's getpass.c very little. - - Fixed the verbose flag names to getopt-style, i.e 'curl --loc' will be - sufficient instead of --location as "loc" is a unique prefix. Also, anything - after a '--' is treated as an URL. So if you do have a host with a weeeird - name you can do 'curl -- -host.com'. - - Another getopt-adjust; curl now accepts flags after the URL on the command - line. 'curl www.foo.com -O' is perfectly valid. - - Corrected the .curlrc parser so that strtok() is no longer used and I - believe it works better. Even URLs can be specified in it now. - - Angus Mackay (Nov 9, 1998) - - Replaced getpass.c with a newly written one, not under GPL license - - Changed OS to a #define in config.h instead of compiler flag - - Makefile now uses -DHAVE_CONFIG_H - - Daniel Stenberg (Nov 9, 1998) - - Ok, I expanded the tgz-target to update the version string on each occation - I build a release archive! - - I reacted on Angus Mackay's initiative and remade the parameter parser to - be more getopt compliant. Curl now supports "merged" flags as in - curl -lsv ftp.site.com - Do note that I had to move three short-names of the options. Parameters - that needs an additional string such as -x must be stand-alone or the - last in a merged sequence: - curl -lsx my-proxy ftp.site.com - is ok, but using the flags in a different order like '-lxs' would cause - unexpected results (as the 's' option would be skipped). - - I've changed the headers in all files that are subject to the MozPL - license, as they are supposed to look like when conforming. - - Made the configure script make the config.h. The former config.h is now - setup.h. - - The RESOURCES and TODO files have been added to the archive. - - Angus Mackay (Nov 5, 1998) - - Fixed getpass.c and various configure stuff - - Daniel Stenberg (Nov 3, 1998) - - Use -H/--header for custom HTTP-headers. Lets you pass on your own - specified headers to the remote server. I wouldn't recommend trying to use - a header with a defined usage according to standards. Use this flag once - for every custom header you want to add. - - Use -B/--ftp-ascii to force ftp to use ASCII mode when transfering files. - - Corrected the 'getlinks.pl' script, I accidentally left my silly proxy - usage in there! Since the introduction of the .curlrc file, it is easier to - write scripts that use curl since proxies and stuff should be in the - .curlrc file anyway. - - Introducing the new -F flag for HTTP POST. It supports multipart/form-data - which means it is gonna be possible to upload files etc through HTTP POST. - Shiraz Kanga asked for the feature and my brother, - Björn Stenberg helped me design the user - interface for this beast. This feature requires quite some docs, - since it has turned out not only quite capable, but also complicated! :-) - - A note here, since I've received mail about it. SSLeay versions prior to - 0.8 will *not* work with curl! - - Wil Langford reported a bug that occurred since curl - did not properly use CRLF when issuing ftp commands. I fixed it. - - Rearranged the order config files are read. .curlrc is now *always* read - first and before the command line flags. -K config files then act as - additional config items. - - Use -q AS THE FIRST OPTION specified to prevent .curlrc from being read. - - You can now disable a proxy by using -x "". Useful if the .curlrc file - specifies a proxy and you wanna fetch something without going through - that. - - I'm thinking of dropping the -p support. Its really not useful since ports - could (and should?) be specified as : appended on the host name - instead, both in URLs and to proxy host names. - - Martin Staael reports curl -L bugs under Windows NT - (test with URL http://come.to/scsde). This bug is not present in this - version anymore. - - Added support for the weird FTP URL type= thing. You can download a file - using ASCII transfer by appending ";type=A" to the right of it. Other - available types are type=D for dir-list (NLST) and type=I for binary - transfer. I can't say I've ever seen anyone use this kind of URL though! - :-) - - Troy Engel pointed out a bug in my getenv("HOME") - usage for win32 systems. I introduce getenv.c to better cope with - this. Mr Engel helps me with the details around that... - - A little note to myself and others, I should make the win32-binary built - with SSL support... - - Ryan Nelson sent me comments about building curl - with SSL under FreeBSD. See the Makefile for details. Using the configure - script, it should work better and automatically now... - - Cleaned up in the port number mess in the source. No longer stores and uses - proxy port number separate from normal port number. - - 'configure' script working. Confirmed compiles on: - Host SSL Compiler - SunOS 5.5 no gcc - SunOS 5.5.1 yes gcc - SunOS 5.6 no cc (with gcc, it has the "gcc include files" problem) - SunOS 4.1.3 no gcc (without ANSI C headers) - SunOS 4.1.2 no gcc (native compiler failed) - Linux 2.0.18 no gcc - Linux 2.0.32 yes gcc - Linux 2.0.35 no gcc (with glibc) - IRIX 6.2 no gcc (cc compiles generate a few warnings) - IRIX 6.4 no cc (generated warnings though) - Win32 no Borland - OSF4.0 no ? - - - Ooops. The 5beta (and 4.10) under win32 failed if the HOME variable wasn't - set. - - When using a proxy, curl now guesses and uses the protocol part in cases - like: - curl -x proxy:80 www.site.com - Proxies normally go nuts unless http:// is prepended to the host name, so - if curl is used like this, it guesses protocol and appends the protocol - string before passing it to the proxy. It already did this when used - without proxy. - - Better port usage with SSL through proxy now. If you specified a different - https-port when accessing through a proxy, it didn't use that number - correctly. I also rewrote the code that parses the stuff read from the - proxy when you wanna connect through it with SSL. - - Bjorn Reese helped me work around one of the compiler - warnings on IRIX native cc compiles. - -Version 4.10 (Oct 26, 1998) - Daniel Stenberg - - John A. Bristor suggested a config file switch, - and since I've been having that idea kind of in the background for a long - time I rewrote the parameter parsing function a little and now I introduce - the -K/--config flag. I also made curl *always* (unless -K is used) try to - load the .curlrc file for command line parameters. The syntax for the - config file is the standard command line argument style. Details in 'curl - -h' or the README. - - I removed the -k option. Keep-alive isn't really anything anyone would - want to enable with curl anyway. - - Martin Staael helped me add the 'irix' target. Now - "make irix" should build curl successfully on non-gcc SGI machines. - - Single switches now toggle behaviours. I.e if you use -v -v the second - will switch off the verbose mode the first one enabled. This is so that - you can disable a default setting a .curlrc file enables etc. - -Version 4.9 (Oct 7, 1998) - Daniel Stenberg - - Martin Staael suggested curl would support cookies. - I added -b/--cookie to enable free-text cookie data to be passed. There's - also a little blurb about general cookie stuff in the README/help text. - - dmh suggested HTTP resume capabilities. Although you could - manually get curl to resume HTTP documents, I made the -c resume flag work - for HTTP too (unless -r is used too, which would be very odd anyway). - - Added checklinks.pl to the archive. It is a still experimental perl script - that checks all links of a web page by using curl. - - Rearranged the archive hierarchy a little. Build the executable in the - src/ dir from now on! - - Version 4.9 and hereafter, is no longer released under the GPL license. - I have now updated the LEGAL file etc and now this is released using the - Mozilla Public License to avoid the plague known as "the GPL virus". You - must make the source available if you decide to change and/or redistribute - curl, but if you decide to use curl within something else you do not need - to offer the world the source to that too. - - Curl did not like HTTP servers that sent no headers at all on a GET - request. It is a violation of RFC2068 but appearantly some servers do - that anyway. Thanks to Gordon Beaton for the report! - - -L/--location was added after a suggestion from Martin Staael. This makes - curl ATTEMPT to follow the Location: redirect if one is present in the HTTP - headers. If -i or -I is used with this flag, you will see headers from all - sites the Location: points to. Do note that the first server can point to a - second that points to a third etc. It seems the Location: parameter (said - to be an AbsoluteURI in RFC2068) isn't always absolute.. :-/ Anyway, I've - made curl ATTEMPT to do the best it can to deal with the reality. - - Added getlinks.pl to the archive. getlinks.pl selectively downloads - files that a web page links to. - -Version 4.8.4 - Daniel Stenberg - - As Julian Romero Nieto reported, curl reported wrong version number. - - As Teemu Yli-Elsila pointed out, the win32 version of 4.8 (and probably all - other versions for win32) didn't work with binary files since I'm too used - to the Unix style fopen() where binary and text don't differ... - - Ralph Beckmann brought me some changes that lets curl compile error and - warning free with -Wall -pedantic with g++. I also took the opportunity to - clean off some unused variables and similar. - - Ralph Beckmann made me aware of a really odd bug now corrected. When curl - read a set of headers from a HTTP server, divided into more than one read - and the first read showed a full line *exactly* (i.e ending with a - newline), curl did not behave well. - -Version 4.8.3 - Daniel Stenberg - - I was too quick to release 4.8.2 with too little testing. One of the - changes is now reverted slightly to the 4.8.1 way since 4.8.2 couldn't - upload files. I still think both problems corrected in 4.8.2 remain - corrected. Reported by Julian Romero Nieto. - -Version 4.8.2 - Daniel Stenberg - - Bernhard Iselborn reported two FTP protocol errors curl did. They're now - corrected. Both appeared when getting files from a MS FTP server! :-) - -Version 4.8.1 - Daniel Stenberg - - Added a last update of the progress meter when the transfer is done. The - final output on the screen didn't have to be the final size transfered - which made it sometimes look odd. - - Thanks to David Long I got rid of a silly bug that happened if a HTTP-page - had nothing but header. Appearantly Solaris deals with negative sizes in - fwrite() calls a lot better than Linux does... =B-] - -Version 4.8 (Aug 31, 1998) - Daniel Stenberg - - Continue FTP file transfer. -c is the switch. Note that you need to - specify a file name if you wanna resume a download (you can't resume a - download sent to stdout). Resuming upload may be limited by the server - since curl is then using the non-RFC959 command SIZE to get the size of - the target file before upload begins (to figure out which offset to - use). Use -C to specify the offset yourself! -C is handy if you're doing - the output to something else but a plain file or when you just want to get - the end of a file. - - recursiveftpget.pl now features a maximum recursive level argument. - -Version 4.7 - Daniel Stenberg - - Added support to abort a download if the speed is below a certain amount - (speed-limit) bytes per second for a certain (speed-time) time. - - Wrote a perl script 'recursiveftpget.pl' to recursively use curl to get a - whole ftp directory tree. It is meant as an example of how curl can be - used. I agree it isn't the wisest thing to do to make a separate new - connection for each file and directory for this. - -Version 4.6 - Daniel Stenberg - - Added a first attempt to optionally parse the .netrc file for login user - and password. If used with http, it enables user authentication. -n is - the new switch. - - Removed the extra newlines on the default user-agent string. - - Corrected the missing ftp upload error messages when it failed without the - verbose flag set. Gary W. Swearingen found it. - - Now using alarm() to enable second-precision timeout even on the name - resolving/connecting phase. The timeout is although reset after that first - sequence. (This should be corrected.) Gary W. Swearingen reported. - - Now spells "Unknown" properly, as in "Unknown option 'z'"... :-) - - Added bug report email address in the README. - - Added a "current speed" field to the progress meter. It shows the average - speed the last 5 seconds. The other speed field shows the average speed of - the entire transfer so far. - -Version 4.5.1 - Linas Vepstas - - SSL through proxy fix - - Added -A to allow User-Agent: changes - - Daniel Stenberg - - Made the -A work when SSL-through-proxy. - -Version 4.5 - Linas Vepstas - - More SSL corrections - - I've added a port to AIX. - - running SSL through a proxy causes a chunk of code to be executred twice. - one of those blocks needs to be deleted. - - Daniel Stenberg - - Made -i and -I work again - -Version 4.4 - Linas Vepstas - - -x can now also specify proxyport when used as in 'proxyhost:proxyport' - - SSL fixes - -Version 4.3 - Daniel Stenberg - - Adjusted to compile under win32 (VisualC++ 5). The -P switch does not - support network interface names in win32. I couldn't figure out how! - -Version 4.2 - Linas Vepstas / Sampo Kellomaki - - Added SSL / SSLeay support (https://) - - Added the -T usage for HTTP POST. - - Daniel Stenberg - - Bugfixed the SSL implementation. - - Made -P a lot better to use other IP addresses. It now accepts a following - parameter that can be either - interface - i.e "eth0" to specify which interface's IP address you - want to use - IP address - i.e "192.168.10.1" to specify exact IP number - host name - i.e "my.host.domain" to specify machine - "-" - (any single-letter string) to make it pick the machine's - default - - The Makefile is now ready to compile for solaris, sunos4 and linux right - out of the box. - - Better generated version string seen with 'curl -V' - -Version 4.1 - Daniel Stenberg - - The IP number returned by the ftp server as a reply to PASV does no longer - have to DNS resolve. In fact, no IP-number-only addresses have to anymore. - - Binds better to available port when -P is used. - - Now LISTs ./ instead of / when used as in ftp://ftp.funet.fi/. The reason - for this is that exactly that site, ftp.funet.fi, does not allow LIST / - while LIST ./ is fine. Any objections? - -Version 4 (1998-03-20) - Daniel Stenberg - - I took another huge step and changed both version number and project name! - The reason for the new name is that there are just one too many programs - named urlget already and this program already can a lot more than merely - getting URLs, and the reason for the version number is that I did add the - pretty big change in -P and since I changed name I wanted to start with - something fresh! - - The --style flags are working better now. - - Listing directories with FTP often reported that the file transfer was - incomplete. Wrong assumptions were too common for directories, why no - size will be attempted to get compared on them from now on. - - Implemented the -P flag that let's the ftp control issue a PORT command - instead of the standard PASV. - - -a for appending FTP uploads works. - -*************************************************************************** - -Version 3.12 (14 March 1998) - Daniel Stenberg - - End-of-header tracking still lacked support for \r\n or just \n at the - end of the last header line. - Sergio Barresi - - Added PROXY authentication. - Rafael Sagula - - Fixed some little bugs. - -Version 3.11 - Daniel Stenberg - - The header parsing was still not correct since the 3.2 modification... - -Version 3.10 - Daniel Stenberg - - 3.7 and 3.9 were simultaneously developed and merged into this version. - - FTP upload did not work correctly since 3.2. - -Version 3.9 - Rafael Sagula - - Added the "-e / --referer " option where we can specify - the referer page. Obviously, this is necessary only to fool the - server, but... - -Version 3.7 - Daniel Stenberg - - Now checks the last error code sent from the ftp server after a file has - been received or uploaded. Wasn't done previously. - - When 'urlget ' is used without a 'protocol://' first in the host part, - it now checks for host names starting with ftp or gopher and if it does, - it uses that protocol by default instead of http. - -Version 3.6 - Daniel Stenberg - - Silly mistake made the POST bug. This has now also been tested to work with - proxy. - -Version 3.5 - Daniel Stenberg - - Highly inspired by Rafael Sagula's changes to the 3.1 that added an almost - functional POST, I applied his changes into this version and made them work. - (It seems POST requires the Content-Type and Content-Length headers.) It is - now usable with the -d switch. - -Version 3.3 - 3.4 - Passed to avoid confusions - -Version 3.2 - Daniel Stenberg - - Major rewrite of two crucial parts of this code: upload and download. - They are both now using a select() switch, that allows much better - progress meter and time control. - - alarm() usage removed completely - - FTP get can now list directory contents if the path ends with a slash '/'. - Urlget on a ftp-path that doesn't end with a slash means urlget will - attempt getting it as a file name. - - FTP directory view supports -l for "list-only" which lists the file names - only. - - All operations support -m for max time usage in seconds allowed. - - FTP upload now allows the size of the uploaded file to be provided, and - thus it can better check it actually uploaded the whole file. It also - makes the progress meter for uploads much better! - - Made the parameter parsing fail in cases like 'urlget -r 900' which - previously tried to connect to the host named '900'. - -Version 3.1 - Kjell Ericson - - Pointed out how to correct the 3 warnings in win32-compiles. - - Daniel Stenberg - - Removed all calls to exit(). - - Made the short help text get written to stdout instead of stderr. - - Made this file instead of keeping these comments in the source. - - Made two callback hooks, that enable external programs to use urlget() - easier and to grab the output/offer the input easier. - - It is evident that Win32-compiles are painful. I watched the output from - the Borland C++ v5 and it was awful. Just ignore all those warnings. - -Version 3.0 - Daniel Stenberg - - Added FTP upload capabilities. The name urlget gets a bit silly now - when we can put too... =) - - Restructured the source quite a lot. - Changed the urlget() interface. This way, we will survive changes much - better. New features can come and old can be removed without us needing - to change the interface. I've written a small explanation in urlget.h - that explains it. - - New flags include -t, -T, -O and -h. The -h text is generated by the new - mkhelp script. - -Version 2.9 - Remco van Hooff - - Added a fix to make it compile smoothly on Amiga using the SAS/C - compiler. - - Daniel Stenberg - - Believe it or not, but the STUPID Novell web server seems to require - that the Host: keyword is used, so well I use it and I (re-introduce) the - urlget User-Agent:. I still have to check that this Host: usage works with - proxies... 'Host:' is required for HTTP/1.1 GET according to RFC2068. - -Version 2.8 - Rafael Sagula - - some little modifications - -Version 2.7 - Daniel Stenberg - - Removed the -l option and introduced the -f option instead. Now I'll - rewrite the former -l kludge in an external script that'll use urlget to - fetch multipart files like that. - - '-f' is introduced, it means Fail without output in case of HTTP server - errors (return code >=400). - - Added support for -r, ranges. Specify which part of a document you - want, and only that part is returned. Only with HTTP/1.1-servers. - - Split up the source in 3 parts. Now all pure URL functions are in - urlget.c and stuff that deals with the stand-alone program is in main.c. - - I took a few minutes and wrote an embryo of a README file to explain - a few things. - -Version 2.6 - Daniel Stenberg - - Made the -l (loop) thing use the new CONF_FAILONERROR which makes - urlget() return error code if non-successful. It also won't output anything - then. Now finally removed the HTTP 1.0 and error 404 dependencies. - - Added -I which uses the HEAD request to get the header only from a - http-server. - -Version 2.5 - Rafael Sagula - - Made the progress meter use HHH:MM:SS instead of only seconds. - -Version 2.4 - Daniel Stenberg - - Added progress meter. It appears when downloading > BUFFER SIZE and - mute is not selected. I found out that when downloading large files from - really really slow sites, it is desirable to know the status of the - download. Do note that some downloads are done unawaring of the size, which - makes the progress meter less thrilling ;) If the output is sent to a tty, - the progress meter is shut off. - - Increased buffer size used for reading. - - Added length checks in the user+passwd parsing. - - Made it grok user+passwd for HTTP fetches. The trick is to base64 - encode the user+passwd and send an extra header line. Read chapter 11.1 in - RFC2068 for details. I added it to be used just like the ftp one. To get a - http document from a place that requires user and password, use an URL - like: - - http://user:passwd@www.site.to.leach/doc.html - - I also added the -u flag, since WHEN USING A PROXY YOU CAN'T SPECIFY THE - USER AND PASSWORD WITH HTTP LIKE THAT. The -u flag works for ftp too, but - not if used with proxy. To do the same as the above one, you can invoke: - - urlget -u user:passwd http://www.site.to.leach/doc.html - -Version 2.3 - Rafael Sagula - - Added "-o" option (output file) - - Added URG_HTTP_NOT_FOUND return code. - (Daniel's note:) - Perhaps we should detect all kinds of errors and instead of writing that - custom string for the particular 404-error, use the error text we actually - get from the server. See further details in RFC2068 (HTTP 1.1 - definition). The current way also relies on a HTTP/1.0 reply, which newer - servers might not do. - - Looping mode ("-l" option). It's easier to get various split files. - (Daniel's note:) - Use it like 'urlget -l 1 http://from.this.site/file%d.html', which will - make urlget to attempt to fetch all files named file1.html, file2.html etc - until no more files are found. This is only a modification of the - STAND_ALONE part, nothing in the urlget() function was modfified for this. - Daniel Stenberg - - Changed the -h to be -i instead. -h should be preserved to help use. - - Bjorn Reese indicated that Borland _might_ use '_WIN32' instead of the - VC++ WIN32 define and therefore I added a little fix for that. - -Version 2.2 - Johan Andersson - - The urlget function didn't set the path to url when using proxy. - - Fixed bug with IMC proxy. Now using (almost) complete GET command. - - Daniel Stenberg - - Made it compile on Solaris. Had to reorganize the includes a bit. - (so Win32, Linux, SunOS 4 and Solaris 2 compile fine.) - - Made Johan's keepalive keyword optional with the -k flag (since it - makes a lot of urlgets take a lot longer time). - - Made a '-h' switch in case you want the HTTP-header in the output. - -Version 2.1 - Daniel Stenberg and Kjell Ericson - - Win32-compilable - - No more global variables - - Mute option (no output at all to stderr) - - Full range of return codes from urlget(), which is now written to be a - function for easy-to-use in [other] programs. - - Define STAND_ALONE to compile the stand alone urlget program - - Now compiles with gcc options -ansi -Wall -pedantic ;) - -Version 2.0 - - Introducing ftp GET support. The FTP URL type is recognized and used. - - Renamed the project to 'urlget'. - - Supports the user+passwd in the FTP URL (otherwise it tries anonymous - login with a weird email address as password). - -Version 1.5 - Daniel Stenberg - - The skip_header() crap messed it up big-time. By simply removing that - one we can all of a sudden download anything ;) - - No longer requires a trailing slash on the URLs. - - If the given URL isn't prefixed with 'http://', HTTP is assumed and - given a try! - - 'void main()' is history. - -Version 1.4 - Daniel Stenberg - - The gopher source used the ppath variable instead of path which could - lead to disaster. - -Version 1.3 - Daniel Stenberg - - Well, I added a lame text about the time it took to get the data. I also - fought against Johan to prevent his -f option (to specify a file name - that should be written instead of stdout)! =) - - Made it write 'connection refused' for that particular connect() - problem. - - Renumbered the version. Let's not make silly 1.0.X versions, this is - a plain 1.3 instead. - -Version 1.2 - Johan Andersson - - Discovered and fixed the problem with getting binary files. puts() is - now replaced with fwrite(). (Daniel's note: this also fixed the buffer - overwrite problem I found in the previous version.) - - Rafael Sagula - - Let "-p" before "-x". - - Daniel Stenberg - - Bugfixed the proxy usage. It should *NOT* use nor strip the port number - from the URL but simply pass that information to the proxy. This also - made the user/password fields possible to use in proxy [ftp-] URLs. - (like in ftp://user:password@ftp.my.site:8021/README) - - Johan Andersson - - Implemented HTTP proxy support. - - Receive byte counter added. - - Bjorn Reese - - Implemented URLs (and skipped the old syntax). - - Output is written to stdout, so to achieve the above example, do: - httpget http://143.54.10.6/info_logo.gif > test.gif - -Version 1.1 - Daniel Stenberg - - Adjusted it slightly to accept named hosts on the command line. We - wouldn't wanna use IP numbers for the rest of our lifes, would we? - -Version 1.0 - Rafael Sagula - - Wrote the initial httpget, which started all this! diff --git a/GIT-INFO b/GIT-INFO index 6b703fef6..51df76ab4 100644 --- a/GIT-INFO +++ b/GIT-INFO @@ -10,15 +10,6 @@ This file is only present in git - never in release archives. It contains information about other files and things that the git repository keeps in its inner sanctum. -Compile and build instructions follow below. - - CHANGES.0 contains ancient changes - CHANGES contains the most recent changes - - Makefile.dist is included as the root Makefile in distribution archives - - perl/ is a subdirectory with various perl scripts - To build in environments that support configure, after having extracted everything from git, do this: