1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

1216 Commits

Author SHA1 Message Date
Daniel Stenberg
43fefab2a1 IMAP, POP3 and SMTP support 2009-12-12 22:05:11 +00:00
Daniel Stenberg
296ebf382c - Siegfried Gyuricsko found out that the curl manual said --retry would retry
on FTP errors in the transient 5xx range. Transient FTP errors are in the
  4xx range. The code itself only tried on 5xx errors that occured _at login_.
  Now the retry code retries on all FTP transfer failures that ended with a
  4xx response.

  (http://curl.haxx.se/bug/view.cgi?id=2911279)
2009-12-10 21:02:11 +00:00
Daniel Stenberg
315253b367 - Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
  OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
  of cleaning things up. I fixed it.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-12-10 20:20:15 +00:00
Daniel Stenberg
ebe5339003 - Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
  larger than 1024 bytes.
2009-12-07 20:25:17 +00:00
Daniel Stenberg
f0826974f2 - If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
  data->state.expect100header accordingly - the current code (in 7.19.7 at
  least) doesn't handle this properly. Martin Storsjo provided the fix!
2009-12-01 12:04:54 +00:00
Daniel Stenberg
8a7231d7ae a binding for Falcon 2009-11-29 19:12:00 +00:00
Daniel Stenberg
448f6684bb 7.20.0 is the planned next version number 2009-11-27 23:53:50 +00:00
Daniel Stenberg
6e38cc9048 - Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
  be used non-blocking with the multi interface and more. BLKSIZE also works.

  The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
  the command line.
2009-11-27 23:46:29 +00:00
Yang Tse
405e18571e - David Byron modified Makefile.dist vc8 and vc9 targets in order to allow
finer granularity control when generating src and lib makefiles.
2009-11-23 16:48:31 +00:00
Daniel Stenberg
1fddcb3f88 - Bjorn Augustsson reported a bug which made curl not report any problems even
though it failed to write a very small download to disk (done in a single
  fwrite call). It turned out to be because fwrite() returned success, but
  there was insufficient error-checking for the fclose() call which tricked
  curl to believe things were fine.
2009-11-23 13:56:45 +00:00
Daniel Stenberg
504e6d7ae6 - Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
  socket. Detected to at least happen with OpenSSL builds.
2009-11-20 19:32:49 +00:00
Daniel Stenberg
a41493b3b0 - Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
  same proxy with the tunnel option disabled would still wrongly re-use that
  previous connection and the outcome would only be badness.
2009-11-20 13:27:21 +00:00
Daniel Stenberg
b32d1a9a1d - Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:

  1. Set up a first web server that redirects (307) to a http://server:port
     that's down
  2. Have curl connect to the first web server using curl multi

  After the curl_easy_cleanup call, there will be curl dns entries hanging
  around with in_use != 0.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-11-17 22:53:55 +00:00
Daniel Stenberg
4c8adc8fee - Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into
its pkg-config file.  So -Wl stuff ended up in the .pc file, which is really
  bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in
  PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592)
2009-11-17 18:11:06 +00:00
Claes Jakobsson
f7f76e17c3 Added '--configure' option to curl-config to display original configure arguments when curl was built 2009-11-14 19:23:26 +00:00
Daniel Stenberg
eb16c0e1eb - Claes Jakobsson restored the configure functionality to detect NSS when
--with-nss is set but not "yes".

  I think we can still improve that to check for pkg-config in that path etc,
  but at least this patch brings back the same functionality we had before.
2009-11-14 09:13:47 +00:00
Daniel Stenberg
9c49e51f7e - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
  can select a private key/cert automatically (When there is only one key
  and/or certificate on the hardware device used by the engine)
2009-11-14 07:53:34 +00:00
Yang Tse
90bc6ee8f3 - Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
2009-11-14 02:30:30 +00:00
Yang Tse
9b7e45e874 Add last change credit 2009-11-11 21:19:49 +00:00
Yang Tse
40c2c3270d - Marco Maggi reported that compilation failed when configured --with-gssapi
and GNU GSS installed due to a missing mutual exclusion of header files in
  the Kerberos 5 code path. He also verified that my patch worked for him.
2009-11-11 21:15:34 +00:00
Daniel Stenberg
fb5f332834 - Constantine Sapuntzakis posted bug #2891595
(http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
  in the DNS cache would linger too long if the request that added it was in
  use that long. He also provided the patch that now makes libcurl capable of
  still doing a request while the DNS hash entry may get timed out.
2009-11-11 09:31:37 +00:00
Daniel Stenberg
107c4d878a - Christian Schmitz noticed that the progress meter/callback was not properly
used during the FTP connection phase (after the actual TCP connect), while
  it of course should be. I also made the speed check get called correctly so
  that really slow servers will trigger that properly too.
2009-11-11 09:01:43 +00:00
Yang Tse
55e68ba333 I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.
2009-11-05 15:04:03 +00:00
Daniel Stenberg
257f2376d5 - I fixed several problems with the transfer progress meter. It showed the
wrong percentage for small files, most notable for <1000 bytes and could
  easily end up showing more than 100% at the end. It also didn't show any
  percentage, transfer size or estimated transfer times when transferring
  less than 100 bytes.
2009-11-04 23:09:17 +00:00
Daniel Stenberg
99e43046a7 start over towards 7.19.8 2009-11-04 13:11:43 +00:00
Daniel Stenberg
7d74e02519 syntax 2009-11-04 12:13:20 +00:00
Daniel Stenberg
b19dc0eeb0 - As reported independent by both Stan van de Burgt and Didier Brisebourg,
CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when
  getting data from ldap!
2009-11-02 18:49:56 +00:00
Daniel Stenberg
223d848104 - Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the
download was 0 bytes, as libcurl would then return the size as unknown (-1)
  and not 0. I wrote a fix and test case 566 to verify it.
2009-10-31 18:51:50 +00:00
Daniel Stenberg
a76f4ab7dd - Liza Alenchery mentioned a problem with re-used SCP connection when a bad
auth is used, as it caused a crash. I failed to repeat the issue, but still
  made a change that now forces the TCP connection used for a freed SCP
  session to get closed and not be re-used.
2009-10-30 22:28:56 +00:00
Daniel Stenberg
d68f215f03 - "Tom" posted a bug report that mentioned how libcurl did wrong when doing a
POST using a read callback, with Digest authentication and
  "Transfer-Encoding: chunked" enforced.  I would then cause the first request
  to be wrongly sent and then basically hang until the server closed the
  connection. I fixed the problem and added test case 565 to verify it.
2009-10-30 22:24:48 +00:00
Daniel Stenberg
448d2b5f49 - Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously
  libcurl would reject cookies with a date format it couldn't parse. Research
  shows that the major browser treat such cookies as session cookies. I
  modified test 8 and 31 to verify this.
2009-10-25 18:15:14 +00:00
Daniel Stenberg
1951cd1eee - Attempt to use pkg-config for finding out libssh2 installation details
during configure.
2009-10-21 14:56:25 +00:00
Daniel Stenberg
777134a07b s/koresh/Johan van Selst/ 2009-10-21 12:36:54 +00:00
Daniel Stenberg
051ab439a9 - A patch in bug report #2883177 (http://curl.haxx.se/bug/view.cgi?id=2883177)
by user 'koresh' introduced the --crlfile option to curl, which makes curl
  tell libcurl about a file with CRL (certificate revocation list) data to
  read.
2009-10-21 12:29:52 +00:00
Daniel Stenberg
6f4a5a4612 - Ray Dassen provided a patch in Debian's bug tracker (bug number #551461)
that now makes curl_getdate(3) actually handles RFC 822 formatted dates that
  use the "single letter military timezones".
  http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details.
2009-10-18 21:56:19 +00:00
Daniel Stenberg
86cec97b22 - Fixed memory leak in the SCP/SFTP code as it never freed the knownhosts
data!
2009-10-18 01:11:25 +00:00
Daniel Stenberg
e5ee822745 John Dennis filed bug report #2873666
(http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem which
made libcurl loop infinitely when given incorrect credentials when using HTTP
GSS negotiate authentication.
2009-10-18 00:18:27 +00:00
Daniel Stenberg
167a92810a - Kevin Baughman found a double close() problem with libcurl-NSS, as when
libcurl called NSS to close the SSL "session" it also closed the actual
  socket.
2009-10-18 00:10:13 +00:00
Yang Tse
e49d928ce4 Fix invalid file name characters handling on Windows 2009-10-17 17:33:19 +00:00
Daniel Stenberg
b233957885 - Tom Mueller correctly reported in bug report #2870221
(http://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an
  incorrect return code from the internal trynextip() function which caused
  him grief. This is a regression that was introduced in 7.19.1 and I find it
  strange it hasn't hit us harder, but I won't persue into figuring out
  exactly why.
2009-10-01 07:59:45 +00:00
Daniel Stenberg
5ed274d0b7 - Constantine Sapuntzakis: The current implementation will always set
SO_SNDBUF to CURL_WRITE_SIZE even if the SO_SNDBUF starts out larger.  The
  patch doesn't do a setsockopt if SO_SNDBUF is already greater than
  CURL_WRITE_SIZE. This should help folks who have set up their computer with
  large send buffers.
2009-10-01 07:05:07 +00:00
Daniel Stenberg
8646cecb78 - I introduced a maximum limit for received HTTP headers. It is controlled by
the define CURL_MAX_HTTP_HEADER which is even exposed in the public header
  file to allow for users to fairly easy rebuild libcurl with a modified
  limit. The rationale for a fixed limit is that libcurl is realloc()ing a
  buffer to be able to put a full header into it, so that it can call the
  header callback with the entire header, but that also risk getting it into
  trouble if a server by mistake or willingly sends a header that is more or
  less without an end. The limit is set to 100K.
2009-09-27 21:34:13 +00:00
Daniel Stenberg
4f47fc4e14 - John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
2009-09-26 20:51:51 +00:00
Daniel Stenberg
e3d623f190 - Chris Mumford filed bug report #2861587
(http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
  the OpenSSL function X509_load_crl_file() wrongly and failed if it would
  load a CRL file with more than one certificate within. This is now fixed.
2009-09-25 18:09:38 +00:00
Daniel Stenberg
f03130a36e revert HPUX change since it already works fine 2009-09-24 03:40:30 +00:00
Daniel Stenberg
a1d18227e5 builds thread-safer on HPUX 2009-09-23 22:16:29 +00:00
Daniel Stenberg
250ba99498 - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-
powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
  field in the certficate it had to match and so even if non-DNS and non-IP
  entry was present it caused the verification to fail.
2009-09-16 20:44:18 +00:00
Daniel Stenberg
7ff4b4f2b5 - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch
start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0
  which internally then is treated as a session cookie. That particular date
  is now made to get the value of 1.
2009-09-10 21:06:50 +00:00
Daniel Stenberg
7a642c8bf1 - Daniel Johnson founded a flaw in the code convering sftp-errors to libcurl
errors.
2009-09-02 21:05:47 +00:00
Daniel Stenberg
7e07da977c - Peter Sylvester made a debug featuer for Curl_resolv() that now will force
libcurl to resolve 'localhost' whatever name you use in the URL *if* you set
  the --interface option to (exactly) "LocalHost". This will enable us to
  write tests for custom hosts names but still use a local host server.
2009-09-01 14:27:01 +00:00
Daniel Stenberg
ceda7e98f8 - configure now tries to use pkg-config for a number of sub-dependencies even
when cross-compiling. The key to success is then you properly setup
  PKG_CONFIG_PATH before invoking configure.

  I also improved how NSS is detected by trying nss-config if pkg-config isn't
  present, and as a last resort just use the lib name and force the user to
  setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would
  add a range of various libs that would almost never be quite correct.
2009-09-01 06:53:01 +00:00
Daniel Stenberg
4e9d3c26ed - When using the multi interface with FTP and you asked for NOBODY, you did no
QUOTE commands and the request used the same path as the connection had
  already changed to, it would decide that no commands would be necessary for
  the "DO" action and that was not handled properly but libcurl would instead
  hang.
2009-08-31 20:49:30 +00:00
Daniel Stenberg
0cb6f3053f - Marc de Bruin pointed out that configure --with-gnutls=PATH didn't work
properly and provided a fix. http://curl.haxx.se/bug/view.cgi?id=2843008
2009-08-24 11:38:59 +00:00
Daniel Stenberg
95c2b205a4 - Eric Wong introduced support for the new option -T. (dot) that makes curl
read stdin in a non-blocking fashion. This also brings back -T- (minus) to
  the previous blocking behavior since it could break stuff for people at
  times.
2009-08-24 10:57:17 +00:00
Daniel Stenberg
8b5102ca83 - Andre Guibert de Bruet pointed out a missing return code check for a
strdup() that could lead to segfault if it returned NULL. I extended his
  suggest patch to now have Curl_retry_request() return a regular return code
  and better check that.
2009-08-21 12:01:36 +00:00
Daniel Stenberg
1048043963 - Lots of good work by Krister Johansen, mostly related to pipelining:
Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks
  Fix data corruption issue with re-connected transfers
  Fix use after free if we're completed but easy_conn not NULL
2009-08-21 07:11:20 +00:00
Daniel Stenberg
5c716247aa mention yesterday's changes 2009-08-13 08:51:45 +00:00
Daniel Stenberg
c6712a0c6c start over fresh again towards 7.19.7 2009-08-12 11:24:52 +00:00
Daniel Stenberg
966cb698e6 - Carsten Lange reported a bug and provided a patch for TFTP upload and the
sending of the TSIZE option. I don't like fixing bugs just hours before
  a release, but since it was broken and the patch fixes this for him I decided
  to get it in anyway.
2009-08-12 08:19:39 +00:00
Daniel Stenberg
e73fe837a8 - Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
2009-08-11 21:48:58 +00:00
Daniel Stenberg
a9caeb1064 credit 2009-08-11 20:57:15 +00:00
Daniel Stenberg
2838362a7b clarified configure detection of GnuTLS 2009-08-02 22:38:15 +00:00
Daniel Stenberg
6d891d2a3b - Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
  now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
  shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
  Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
  option for SNI, or are we simply not using it?
2009-08-01 22:11:58 +00:00
Daniel Stenberg
c0e8bed5bf - Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
  verification flaw found and exploited by Moxie Marlinspike. The presentation
  he did at Black Hat is available here:
  https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike

  Apparently at least one CA allowed a subjectAltName or CN that contain a
  zero byte, and thus clients that assumed they would never have zero bytes
  were exploited to OK a certificate that didn't actually match the site. Like
  if the name in the cert was "example.com\0theatualsite.com", libcurl would
  happily verify that cert for example.com.

  libcurl now better use the length of the extracted name, not assuming it is
  zero terminated.
2009-08-01 21:56:59 +00:00
Daniel Stenberg
0dce2ff8a0 - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
  agreed that moving it to the global_init() function is a decent way to deal
  with this situation.
2009-08-01 11:09:02 +00:00
Daniel Stenberg
2642638fca - Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
  could still end up using a proxy if a proxy environment variable was set.
2009-08-01 11:02:10 +00:00
Daniel Stenberg
0684128209 - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
  send when using FTP, as a sign that libcurl shall simply ignore the response
  from the server instead of treating it as an error. Not treating a 400+ FTP
  response code as an error means that failed commands will not abort the
  chain of commands, nor will they cause the connection to get disconnected.
2009-07-27 18:36:56 +00:00
Daniel Stenberg
b347a7a96e - Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed
out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
  and provided the solution too: to use OpenSSL_add_all_algorithms() instead
  of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
  OpenSSL 0.9.5
2009-07-26 17:33:36 +00:00
Daniel Stenberg
47c392e135 - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.
They introduce known_host support for SSH keys to libcurl. See docs for
  details.
2009-07-22 22:49:01 +00:00
Michal Marek
4c207a004c - David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found
  that also the ptr pointer can leak.
2009-07-22 09:48:32 +00:00
Daniel Stenberg
5cf78472e1 - Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
  problem:

  Url A is accessed using auth. Url A redirects to Url B (on a different
  server0. Url B reuses a persistent connection. Url B has auth, even though
  it's on a different server.

  Note: if Url B does not reuse a persistent connection, auth is not sent.
2009-07-08 07:00:40 +00:00
Daniel Stenberg
18f238dd53 my CURLINFO_CERTINFO fix 2009-06-29 20:46:50 +00:00
Daniel Stenberg
4f551259dd - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port
range if given colon-separated after the host name/address part. Like
  "192.168.0.1:2000-10000"
2009-06-29 20:46:01 +00:00
Daniel Stenberg
a0474685c1 - Reuven Wachtfogel made curl -o - properly produce a binary output on windows
(no newline translations). Use -B/--use-ascii if you rather get the ascii
  approach.
2009-06-16 18:03:28 +00:00
Michal Marek
0b317b72ae - When doing non-anonymous ftp via http proxies and the password is not
provided in the url, add it there (squid needs this).
2009-06-16 13:16:28 +00:00
Daniel Stenberg
4b6d3a2bfd - Eric Wong's patch:
This allows curl(1) to be used as a client-side tunnel for arbitrary stream
  protocols by abusing chunked transfer encoding in both the HTTP request and
  HTTP response.  This requires server support for sending a response while a
  request is still being read, of course.

  If attempting to read from stdin returns EAGAIN, then we pause our sender.
  This leaves curl to attempt to read from the socket while reading from stdin
  (and thus sending) is paused.
2009-06-15 21:13:00 +00:00
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Yang Tse
16ae283fb4 initialize fread callback pointer to avoid compiler warning 2009-06-09 00:49:34 +00:00
Daniel Stenberg
3e0c067e43 - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html
2009-06-08 21:25:16 +00:00
Daniel Stenberg
f90551ff41 - Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
  anymore since GnuTLS has stopped distributing that tool. If an explicit path
  is given to configure, we will instead guess on how to link and use that
  lib. I did not use the patch from the bug report.
2009-06-08 21:12:59 +00:00
Daniel Stenberg
f45500c612 djgpp build fix 2009-06-08 13:55:18 +00:00
Daniel Stenberg
e08f81c891 Bill Hoffman (6 June 2009)
- Added some cmake docs and fixed socklen_t in the build.
2009-06-07 22:26:44 +00:00
Daniel Stenberg
9324f1c29f - Eric Wong fixed --no-buffer to actually switch off output buffering. Been
broken since 7.19.0
2009-06-07 22:21:22 +00:00
Yang Tse
027cb376f3 mention last changes 2009-06-05 16:32:37 +00:00
Daniel Stenberg
ce1a58414a remove conflict markers 2009-06-05 06:19:29 +00:00
Daniel Stenberg
1012c5705a - Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
  this, and now recently it triggered a bug/side-effect in libcurl as when
  libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
  knows it will just get a 401/407 back. If the app then replaced the
  Content-Length header, it caused the server to wait for input that libcurl
  wouldn't send. Aaron Oneal reported this problem in bug report #2799008
  http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
2009-06-05 06:18:42 +00:00
Yang Tse
00883822be allow building libcurl for VxWorks 2009-06-04 19:11:11 +00:00
Daniel Stenberg
9dcc1b3370 - Claes Jakobsson fixed the configure script to better find and use NSS
without pkg-config.
2009-06-01 09:40:09 +00:00
Yang Tse
e3c37aac28 credit John E. Malmberg 2009-06-01 09:20:49 +00:00
Daniel Stenberg
0bf9c1e881 - Claes Jakobsson fixed libcurl-NSS to build fine even without the
PK11_CreateGenericObject() function.
2009-05-27 22:01:03 +00:00
Daniel Stenberg
bf07d37737 - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear
the auth credentials back in 7.19.0 and earlier while now you have to set ""
  to get the same effect. His patch brings back the ability to use NULL.
2009-05-27 21:45:12 +00:00
Daniel Stenberg
eecb713616 - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
2009-05-27 21:15:38 +00:00
Daniel Stenberg
bf085e2c4b - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
2009-05-27 21:11:11 +00:00
Daniel Stenberg
1cf6c15ab4 - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
  received with domain, path etc set multiple times in the same header. While
  such a cookie is questionable, they occur in the wild and libcurl no longer
  leaks memory for them. I added such a header to test case 8.
2009-05-25 12:23:22 +00:00
Daniel Stenberg
de7a14003c - Kamil Dudka brought the patch from the Redhat bug entry
https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing
  a bad file descriptor when closing down the FTP data connection.  Caolan
  McNamara seems to be the original author of it.
2009-05-19 20:54:31 +00:00
Daniel Stenberg
89fb7c85bf start climbing to 7.19.6 2009-05-18 07:58:00 +00:00
Daniel Stenberg
3cb06eb2b2 - James Bursa posted a patch to the mailing list that fixed a problem with
no_proxy which made it not skip the proxy if the URL entered contained a
  user name. I added test case 1101 to verify.
2009-05-17 14:47:50 +00:00
Daniel Stenberg
242a17b9e0 - Balint Szilakszi reported a memory leak when libcurl did gzip decompression
of streams that had some parts (legitimately) missing. We now provide and use
  a proper cleanup function for the content encoding submodule.
  http://curl.haxx.se/mail/lib-2009-05/0092.html
2009-05-11 09:55:28 +00:00
Daniel Stenberg
6e1632c606 - Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12

  If an incorrect password is given while loading a private key, libcurl ends
  up in an infinite loop consuming memory. The bug is critical.
2009-05-11 09:13:49 +00:00
Daniel Stenberg
56dab605f1 - I fixed the problem with doing NTLM, POST and then following a 302 redirect,
as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on
  curl-library). The transfer was mistakenly marked to get more data to send
  but since it didn't actually have that, it just hung there...
2009-05-11 08:55:58 +00:00
Daniel Stenberg
c92b996942 Ah, this was committed by mistake as part of my previous commit but it seems
to work so I'll let it remain and here's the comment about it! From Lenaic's
mail posted to curl-library Date: Fri, 1 May 2009 22:46:14 +0200.
2009-05-08 11:05:52 +00:00
Daniel Stenberg
e84c7db049 - Constantine Sapuntzakis fixed bug report #2784055
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to
  connect to SOCKS proxies when using the multi interface. It turned out to
  almost not work at all previously. We need to wait for the TCP connect to
  be properly verified before doing the SOCKS magic.

  There's still a flaw in the FTP code for this.
2009-05-08 10:59:40 +00:00
Daniel Stenberg
e93c81196f - Man page *roff problems fixed thanks to input from Colin Watson. Problems
reported in the Debian package.
2009-05-07 09:31:24 +00:00
Daniel Stenberg
7bdd14a994 - Vijay G filed bug report #2723236
(http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with
  libcurl's TFTP code and its lack of dealing with the OACK packet.
2009-05-07 08:30:43 +00:00
Daniel Stenberg
915dfb494e - Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
  in case the re-used one is rejected.
2009-05-04 22:20:09 +00:00
Daniel Stenberg
a16cca7680 - Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
2009-05-04 21:57:14 +00:00
Yang Tse
4422f80ae7 David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and non-ASCII platform HTTP requests" patch 2009-05-04 09:47:02 +00:00
Yang Tse
9137e717b0 Use build-time configured curl_socklen_t instead of socklen_t 2009-05-02 02:37:32 +00:00
Yang Tse
80a61616b1 Mention David McCreedy's patches applied today 2009-05-01 22:55:08 +00:00
Daniel Stenberg
e2c6e00570 - Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
I've now made TFTP "connections" not being kept for re-use within libcurl.
  TFTP is UDP-based so the benefit was really low (if even existing) to begin
  with so instead of tracking down to fix this problem we instead removed the
  re-use. I also enabled test case 1099 that I wrote a few days ago to verify
  that this change fixes the reported problem.
2009-04-29 11:30:03 +00:00
Daniel Stenberg
d068001102 - Constantine Sapuntzakis filed bug report #2783090
(http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
  we need to grow the SO_SNDBUF buffer somewhat to get really good upload
  speeds. http://support.microsoft.com/kb/823764 has the details. Friends
  confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
2009-04-28 20:27:06 +00:00
Daniel Stenberg
e01b7c1ede - Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
Chen pointed out how curl couldn't upload with resume when reading from a
  pipe.

  This ended up with the introduction of a new return code for the
  CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
  that libcurl may try to resolve the situation anyway. In our case this means
  libcurl will attempt to instead read that much data from the stream instead
  of seeking and that way curl can now upload with resume when data is read
  from a stream!
2009-04-28 11:19:10 +00:00
Daniel Stenberg
14df44dd3f - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
  interface and provided a patch that fixed the problem!
2009-04-26 11:56:22 +00:00
Daniel Stenberg
828a26286d - Kamil Dudka fixed another NSS-related leak when client certs were used. 2009-04-24 21:55:18 +00:00
Daniel Stenberg
ab1e54375f for is docs remarks 2009-04-23 22:08:36 +00:00
Daniel Stenberg
b84876ba69 - Leanic Lefever reported a crash and did some detailed research on why and
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
  conclusion was that if an error is detected and Curl_done() is called for
  the connection, ftp_done() could at times return another error code that
  then would take precedence and that new code confused existing logic that
  works for the first error code (CURLE_SEND_ERROR) only.
2009-04-20 21:41:17 +00:00
Daniel Stenberg
0f1ca2939a - Gisle Vanem noticed that --libtool would produce bogus strings at times for
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
  within the app for setting plain string options to avoid the risk of this
  mistake happening.
2009-04-20 17:53:06 +00:00
Daniel Stenberg
f1b820e5fc mention Pramod Sharma and "persistent connections when doing FTP over a HTTP proxy" 2009-04-17 22:36:13 +00:00
Daniel Stenberg
379bfa5a36 - bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
Storsjo pointed out how setting CURLOPT_NOBODY to 0 could be downright
  confusing as it set the method to either GET or HEAD. The example he showed
  looked like:

   curl_easy_setopt(curl, CURLOPT_PUT, 1);
   curl_easy_setopt(curl, CURLOPT_NOBODY, 0);

  The new way doesn't alter the method until the request is about to start. If
  CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
  0 and the request happens to have been set to HEAD, it will then instead be
  set to GET. I believe this will be less surprising to users, and hopefully
  not hit any existing users badly.
2009-04-13 18:01:02 +00:00
Daniel Stenberg
235c0077b8 - Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
  is found in Redhat's bug tracker:
  https://bugzilla.redhat.com/show_bug.cgi?id=453612

  There are still memory leaks present, but they seem to have other reasons.
2009-04-13 17:42:10 +00:00
Yang Tse
eed4a13b3b Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework.  Four way fat framework requires OS X 10.5 SDK or later.
2009-04-10 02:50:21 +00:00
Yang Tse
ece891d6db Sun compilers specific preprocessor block removed from curlbuild.h.dist 2009-04-08 01:25:34 +00:00
Yang Tse
168fb3a8d8 Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSET_BITS. This
configuration is exactly the unwanted configuration for our curl_off_t
data type which must not depend on such setting. This breaks ABI for
libcurl libraries built with Sun compilers which were built without
having run the configure script with _FILE_OFFSET_BITS different than
64 and using the ILP32 data model.
2009-04-02 18:50:39 +00:00
Dan Fandrich
626f9bd8c2 Added the curl_easy_recv return code fix 2009-04-02 04:41:03 +00:00
Daniel Stenberg
5f19822e37 - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.
2009-03-18 12:48:51 +00:00
Daniel Stenberg
74ba4d7950 - Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.
2009-03-13 09:58:15 +00:00
Yang Tse
fa96436661 Fix TELNET transfers not being aborted upon write callback failures 2009-03-12 13:18:25 +00:00
Yang Tse
f1db505778 Added TELNET timeout support for Windows builds 2009-03-11 04:15:33 +00:00
Daniel Stenberg
bdec6f2b20 - Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
  option. It only enabled the cookie engine in the destination handle if
  data->cookies is not NULL (where data is the source handle). In case of a
  newly initialized handle which just had the cookie support enabled by a
  curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
  still NULL because the setopt-call only appends the value to
  data->change.cookielist, hence duplicating this handle would not have the
  cookie engine switched on.

  We also concluded that the slist-functionality would be suitable for being
  put in its own module rather than simply hanging out in lib/sendf.c so I
  created lib/slist.[ch] for them.
2009-03-09 12:21:46 +00:00
Daniel Stenberg
c86c294f55 - Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
  checkouts who don't do cvs update with the -d option won't get the new dirs
  and then will get funny outputs that can be a bit hard to understand and
  fix.
2009-03-09 09:24:31 +00:00
Daniel Stenberg
f4e8c406bb - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
2009-03-08 22:56:55 +00:00
Daniel Stenberg
12bfcb501c - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.
2009-03-08 22:52:05 +00:00
Daniel Stenberg
9274d31690 - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.
2009-03-08 22:42:50 +00:00
Yang Tse
94bb7fe5cb Fix NTLM authentication memory leak on SSPI enabled Windows builds 2009-03-05 01:23:14 +00:00
Daniel Stenberg
ee73fc361b - David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
2009-03-03 11:01:24 +00:00
Daniel Stenberg
e84dbd28db 15 additional contributor from the 7.19.4 RELEASE-NOTES 2009-03-03 10:41:11 +00:00
Daniel Stenberg
a1f455551f start over on the journey towards 7.19.5 2009-03-02 23:44:42 +00:00
Daniel Stenberg
042cc1f69e - David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
  which previous libcurl versions (by design) can be tricked to access an
  arbitrary local/different file instead of a remote one when
  CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
  together this the addition of two new setopt options for controlling this
  new behavior:

  o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
  follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
  excludes the FILE and SCP protocols and thus you nee to explicitly allow
  them in your app if you really want that behavior.

  o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
  using the primary URL option. This is useful if you want to allow a user or
  other outsiders control what URL to pass to libcurl and yet not allow all
  protocols libcurl may have been built to support.
2009-03-02 23:05:31 +00:00
Daniel Stenberg
4bc603a0cc the Eiffel binding 2009-03-02 09:03:11 +00:00
Daniel Stenberg
7b7db23633 - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
  Markus Koetter provided the fix!
2009-02-27 12:07:14 +00:00
Daniel Stenberg
d207ea1652 - As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
  thread-safe. We've previously (28 April 2007) moved the init to a later time
  just to avoid it to fail very early when libgcrypt dislikes the situation,
  but that move was bad and the fix should rather be in libgcrypt or
  elsewhere.
2009-02-25 12:51:17 +00:00
Daniel Stenberg
ea6531cf32 - Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
  time for both proxy and server auth which of course was wrong.
2009-02-24 08:30:09 +00:00
Daniel Stenberg
6c9f37d263 - After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
  -1 if the sizes aren't know. Previously these returned 0, make it impossible
  to detect the difference between actually zero and unknown.
2009-02-23 18:45:00 +00:00
Yang Tse
f5548973ab Daniel Johnson provided a shell script that will perform all the steps needed
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
2009-02-23 12:39:06 +00:00
Yang Tse
9182a46233 Mark Incley noticed VS2008 compilation halting when building for Windows 2000 2009-02-20 12:10:23 +00:00
Daniel Stenberg
5784a37f91 the FTP multi interface bug 2009-02-20 08:19:19 +00:00
Daniel Stenberg
af91ff0e06 - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with
FTP with the multi interface: when a transfer fails, like when aborted by a
  write callback, the control connection was wrongly closed and thus not
  re-used properly.

  This change is also an attempt to cleanup the code somewhat in this area, as
  now the FTP code attempts to keep (better) track on pending responses
  necessary to get read in ftp_done().
2009-02-20 08:16:03 +00:00
Daniel Stenberg
5af0629ba5 - Patrik Thunstrom reported a problem and helped me repeat it. It turned out
libcurl did a superfluous 1000ms wait when doing SFTP downloads!

  We read data with libssh2 while doing the "DO" operation for SFTP and then
  when we were about to start getting data for the actual file part, the
  "TRANSFER" part, we waited for socket action (in 1000ms) before doing a
  libssh2-read. But in this case libssh2 had already read and buffered the
  data so we ended up always just waiting 1000ms before we get working on the
  data!
2009-02-19 10:36:20 +00:00
Daniel Stenberg
a24fe59ee4 - Kamil Dudka made NSS-powered builds compile and run again! 2009-02-17 12:18:34 +00:00
Daniel Stenberg
8f81fd6be5 - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for
plain FTP connections, and it will then allow MKD to fail once and retry the
  CWD afterwards. This is especially useful if you're doing many simultanoes
  connections against the same server and they all have this option enabled,
  as then CWD may first fail but then another connection does MKD before this
  connection and thus MKD fails but trying CWD works! The numbers can
  (should?) now be set with the convenience enums now called
  CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.

  Tests has proven that if you're making an application that uploads a set of
  files to an ftp server, you will get a noticable gain in speed if you're
  using multiple connections and this option will be then be very useful.
2009-02-17 09:07:25 +00:00