1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-08 18:45:05 -05:00
Commit Graph

11759 Commits

Author SHA1 Message Date
Daniel Stenberg
9274d31690 - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.
2009-03-08 22:42:50 +00:00
Dan Fandrich
983a539503 Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
2009-03-05 06:44:18 +00:00
Yang Tse
94bb7fe5cb Fix NTLM authentication memory leak on SSPI enabled Windows builds 2009-03-05 01:23:14 +00:00
Dan Fandrich
b98e0aa09b Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
2009-03-04 08:09:39 +00:00
Daniel Stenberg
49c6d7e32d Added test 1097 to verify the bug Axel Kuhn epidox posted on March 3 2009
on curl-users, it is also added to DISABLED since I don't have time to work
on it further right now.
2009-03-03 13:25:19 +00:00
Daniel Stenberg
ee73fc361b - David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
2009-03-03 11:01:24 +00:00
Daniel Stenberg
e84dbd28db 15 additional contributor from the 7.19.4 RELEASE-NOTES 2009-03-03 10:41:11 +00:00
Daniel Stenberg
02449d9aa5 Gah! We can't have 'curl' added here since even though it removes the curl
binary it also removes the include/curl subdir!
2009-03-03 10:02:26 +00:00
Patrick Monnerat
2876329f16 Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated definitions added to RPG binding 2009-03-03 09:57:21 +00:00
Daniel Stenberg
a1f455551f start over on the journey towards 7.19.5 2009-03-02 23:44:42 +00:00
Daniel Stenberg
042cc1f69e - David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
  which previous libcurl versions (by design) can be tricked to access an
  arbitrary local/different file instead of a remote one when
  CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
  together this the addition of two new setopt options for controlling this
  new behavior:

  o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
  follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
  excludes the FILE and SCP protocols and thus you nee to explicitly allow
  them in your app if you really want that behavior.

  o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
  using the primary URL option. This is useful if you want to allow a user or
  other outsiders control what URL to pass to libcurl and yet not allow all
  protocols libcurl may have been built to support.
2009-03-02 23:05:31 +00:00
Daniel Stenberg
90b804d3fa 7.19.4 won't get anything else 2009-03-02 10:43:46 +00:00
Daniel Stenberg
4bc603a0cc the Eiffel binding 2009-03-02 09:03:11 +00:00
Daniel Stenberg
6c3f74b946 nothing more left for 7.19.4, the issue #216 is moved to 7.19.5 since we're
too close to release now
2009-03-01 14:20:26 +00:00
Yang Tse
8d78a33e60 for portability reasons: s/inet_pton/Curl_inet_pton/ 2009-02-28 01:35:53 +00:00
Yang Tse
df07537ccf fix compiler warning 2009-02-28 01:11:57 +00:00
Daniel Stenberg
de25ed3f37 mention the '-o -' trick 2009-02-27 13:52:05 +00:00
Daniel Stenberg
40edf25866 217 - Dan Fandrich's "GnuTLS initialization thread safety"
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by
      Markus Koetter

Both are now committed
2009-02-27 12:11:08 +00:00
Daniel Stenberg
7b7db23633 - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
  Markus Koetter provided the fix!
2009-02-27 12:07:14 +00:00
Daniel Stenberg
794b4da840 Indentation fixes, untabify and related whitespace-cleanup. No code changed. 2009-02-27 08:53:10 +00:00
Daniel Stenberg
e9ea3ba4a2 corrected and clarified the top comment 2009-02-25 12:51:39 +00:00
Daniel Stenberg
d207ea1652 - As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
  thread-safe. We've previously (28 April 2007) moved the init to a later time
  just to avoid it to fail very early when libgcrypt dislikes the situation,
  but that move was bad and the fix should rather be in libgcrypt or
  elsewhere.
2009-02-25 12:51:17 +00:00
Daniel Stenberg
625d06ac79 improved 2009-02-24 09:42:39 +00:00
Daniel Stenberg
3460225590 A handy little helper file for doing recursive diffs on curl source/build trees
without involving CVS:

diff -X diff-exclude -ru curl-old curl-patched
2009-02-24 09:35:55 +00:00
Daniel Stenberg
ea6531cf32 - Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
  time for both proxy and server auth which of course was wrong.
2009-02-24 08:30:09 +00:00
Daniel Stenberg
2afb88e2ce 4.17 Non-functional connect timeouts 2009-02-23 21:21:00 +00:00
Daniel Stenberg
6c9f37d263 - After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
  -1 if the sizes aren't know. Previously these returned 0, make it impossible
  to detect the difference between actually zero and unknown.
2009-02-23 18:45:00 +00:00
Daniel Stenberg
735955282b For 7.19.5 (due to feature freeze)
220 - Take advantage of libssh2_version() that's been added for the upcoming
      1.1, to extract the run-time version number properly.
2009-02-23 16:28:51 +00:00
Yang Tse
dd056e54e2 adjustment for new Mac OS X framework build script 2009-02-23 14:34:40 +00:00
Yang Tse
f5548973ab Daniel Johnson provided a shell script that will perform all the steps needed
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
2009-02-23 12:39:06 +00:00
Daniel Stenberg
07dc741e18 mention default port number 2009-02-23 10:40:36 +00:00
Daniel Stenberg
8b66981ce0 - I renamed everything in the windows builds files that used the name 'curllib'
to the proper 'libcurl' as clearly this caused confusion.
2009-02-23 09:36:54 +00:00
Daniel Stenberg
3a7e8c9f5f lzma compressed tarballs too for some testing, it does produce MUCH smaller
files
2009-02-23 09:36:08 +00:00
Yang Tse
fb90b43432 use the internal snprintf() function 2009-02-23 01:04:18 +00:00
Daniel Stenberg
0302c21253 mention 4 pending fixes/patches 2009-02-20 22:56:55 +00:00
Yang Tse
9182a46233 Mark Incley noticed VS2008 compilation halting when building for Windows 2000 2009-02-20 12:10:23 +00:00
Yang Tse
51b46f451f Do not halt compilation when using VS2008 to build a Windows 2000 target 2009-02-20 11:30:11 +00:00
Daniel Stenberg
11f3690201 clarified the FTP passive/active mode options somewhat 2009-02-20 09:14:25 +00:00
Daniel Stenberg
5784a37f91 the FTP multi interface bug 2009-02-20 08:19:19 +00:00
Daniel Stenberg
af91ff0e06 - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with
FTP with the multi interface: when a transfer fails, like when aborted by a
  write callback, the control connection was wrongly closed and thus not
  re-used properly.

  This change is also an attempt to cleanup the code somewhat in this area, as
  now the FTP code attempts to keep (better) track on pending responses
  necessary to get read in ftp_done().
2009-02-20 08:16:03 +00:00
Daniel Stenberg
be3a78f583 The C++ binding home was changed 2009-02-19 18:49:03 +00:00
Daniel Stenberg
7f22da5230 verify that a 550-response for a RETR returns 78 but also that the control
connection is kept alive afterwards
2009-02-19 13:47:06 +00:00
Daniel Stenberg
5af0629ba5 - Patrik Thunstrom reported a problem and helped me repeat it. It turned out
libcurl did a superfluous 1000ms wait when doing SFTP downloads!

  We read data with libssh2 while doing the "DO" operation for SFTP and then
  when we were about to start getting data for the actual file part, the
  "TRANSFER" part, we waited for socket action (in 1000ms) before doing a
  libssh2-read. But in this case libssh2 had already read and buffered the
  data so we ended up always just waiting 1000ms before we get working on the
  data!
2009-02-19 10:36:20 +00:00
Daniel Stenberg
a776e5ad31 spell-fixed comments and other minor non-code edits 2009-02-18 19:31:55 +00:00
Patrick Monnerat
6e422c447a FTP downloads (i.e.: RETR) ending with code 550 now return error CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. 2009-02-18 11:40:16 +00:00
Patrick Monnerat
4608d0157e Continue sync work on OS400 specific code and RPG binding. 2009-02-17 16:16:07 +00:00
Daniel Stenberg
a24fe59ee4 - Kamil Dudka made NSS-powered builds compile and run again! 2009-02-17 12:18:34 +00:00
Daniel Stenberg
4ad296c60b - A second follow-up change by Andre Guibert de Bruet to fix a related memory
leak like that fixed on the 14th. When zlib returns failure, we need to
  cleanup properly before returning error.
2009-02-17 12:14:41 +00:00
Daniel Stenberg
0517fa153c three new CURLFTP_CREATE_DIR* symbols 2009-02-17 09:43:27 +00:00
Daniel Stenberg
8f81fd6be5 - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for
plain FTP connections, and it will then allow MKD to fail once and retry the
  CWD afterwards. This is especially useful if you're doing many simultanoes
  connections against the same server and they all have this option enabled,
  as then CWD may first fail but then another connection does MKD before this
  connection and thus MKD fails but trying CWD works! The numbers can
  (should?) now be set with the convenience enums now called
  CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.

  Tests has proven that if you're making an application that uploads a set of
  files to an ftp server, you will get a noticable gain in speed if you're
  using multiple connections and this option will be then be very useful.
2009-02-17 09:07:25 +00:00