1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-04 16:45:06 -05:00
Commit Graph

1138 Commits

Author SHA1 Message Date
Daniel Stenberg
06ae8ca5a6 - When downloading compressed content over HTTP and the app as asked libcurl
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
  could wrongly provide the callback with more data than what the maximum
  documented amount. An application could thus get tricked into badness if the
  maximum limit was trusted to be enforced by libcurl itself (as it is
  documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html
2010-02-09 09:35:48 +00:00
Yang Tse
49ba75af26 - Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release,
symbol will not be available when building with CURL_NO_OLDIES defined. Use
  of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0
2010-02-02 12:58:49 +00:00
Daniel Stenberg
55f1e787f3 We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
benefit that this goes in line with my long-term wishes to get rid of the
CURLM_CALL_MULTI_PERFORM all together from the public API.
2010-02-01 21:42:44 +00:00
Yang Tse
3cb76e5ebb mention asynchronous DNS lookups enhancements 2010-01-27 18:10:35 +00:00
Daniel Stenberg
c82a1f95eb - Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
proxy that cannot be resolved when using c-ares. This matches the behaviour
  when not using c-ares.
2010-01-26 22:59:43 +00:00
Bjorn Stenberg
94f33457d3 Mention -J change 2010-01-23 20:14:39 +00:00
Daniel Stenberg
bc4582b68a Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
libcurl options for controlling what to get and how to receive posssibly
interleaved RTP data. Initial commit.
2010-01-21 13:58:30 +00:00
Daniel Stenberg
877dad1e24 - As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
  where two cookies using the same name are set more than once using
  (overlapping) paths. Realizing this, identically named cookies must be
  sorted correctly. But detecting only identically named cookies and take care
  of them individually is harder than just to blindly and unconditionally sort
  all cookies based on their path lengths. All major browsers also already do
  this, so this makes our behavior one step closer to them in the cookie area.

  Test case 8 was the only one that broke due to this change and I updated it
  accordingly.
2010-01-19 23:19:59 +00:00
Daniel Stenberg
a5ca3f1754 - David McCreedy brought a fix and a new test case (129) to make libcurl work
again when downloading files over FTP using ASCII and it turns out that the
  final size of the file is not the same as the initial size the server
  reported. This is very common since servers don't take the newline
  conversions into account.
2010-01-19 21:39:10 +00:00
Daniel Stenberg
1647d64a4b - Gil Weber reported a peculiar flaw with the multi interface when doing SFTP
transfers: curl_multi_fdset() would return -1 and not set and file
  descriptors several times during a transfer of a single file. It turned out
  to be due to two different flaws now fixed. Gil's excellent recipe helped me
  nail this.
2010-01-11 23:15:10 +00:00
Daniel Stenberg
cb348a5b1f progress callback called repeatedly during slow connects 2010-01-11 21:38:35 +00:00
Daniel Stenberg
b90703f594 struct Curl_sh_entry's 'inuse' member was no longer used and is now removed 2010-01-09 00:03:33 +00:00
Daniel Stenberg
552c3de357 - Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
  each call. When sessions are re-used this reference counter may be
  incremented many times, but it will be decremented only once when done (by
  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
  if this reference count remains positive. When a session is re-used the
  reference counter should be corrected by explicitly calling
  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
  introducing a memory leak.

  (http://curl.haxx.se/bug/view.cgi?id=2926284)
2010-01-08 23:45:23 +00:00
Daniel Stenberg
88944eb13a - Make sure the progress callback is called repeatedly even during very slow
name resolves when c-ares is used for resolving.
2010-01-06 23:04:17 +00:00
Claes Jakobsson
9bd03483ce Julien Chaffraix fixed so that the fragment part in an URL is not sent to the server anymore 2010-01-06 16:01:48 +00:00
Daniel Stenberg
2c93ec5303 - Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific
versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to
  control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old
  option names are still working but the new ones are the prefered ones
  (listed and documented).
2010-01-02 22:09:31 +00:00
Daniel Stenberg
605bbfc4c0 - Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This
command is a special "hack" used by the drftpd server, but even though it is
  a custom extension I've deemed it fine to add to libcurl since this server
  seems to survive and people keep using it and want libcurl to support
  it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also
  usable from the curl tool with --ftp-pret. Using this option on a server
  that doesn't support this command will make libcurl fail.
2010-01-01 14:44:44 +00:00
Yang Tse
05488d63d0 VMS build system enhancements by Steven M. Schweda and Craig A. Berry 2009-12-30 19:37:53 +00:00
Daniel Stenberg
b89789d82f - Renato Botelho and Peter Pentchev brought a patch that makes the libcurl
headers work correctly even on FreeBSD systems before v8.
2009-12-25 23:32:01 +00:00
Daniel Stenberg
240fa29e94 fixed a precaution check in the cookie code, pointed out by Julien Chaffraix 2009-12-19 19:20:26 +00:00
Daniel Stenberg
10a11e3abe - David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
2009-12-17 13:29:41 +00:00
Daniel Stenberg
3111701c38 - Jon Nelson found a regression that turned out to be a flaw in how libcurl
detects and uses proxies based on the environment variables. If the proxy
  was given as an explicit option it worked, but due to the setup order
  mistake proxies would not be used fine for a few protocols when picked up
  from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added
  test case 1106 that verifies this functionality.

  (http://curl.haxx.se/bug/view.cgi?id=2913886)
2009-12-14 23:16:09 +00:00
Daniel Stenberg
43fefab2a1 IMAP, POP3 and SMTP support 2009-12-12 22:05:11 +00:00
Daniel Stenberg
296ebf382c - Siegfried Gyuricsko found out that the curl manual said --retry would retry
on FTP errors in the transient 5xx range. Transient FTP errors are in the
  4xx range. The code itself only tried on 5xx errors that occured _at login_.
  Now the retry code retries on all FTP transfer failures that ended with a
  4xx response.

  (http://curl.haxx.se/bug/view.cgi?id=2911279)
2009-12-10 21:02:11 +00:00
Daniel Stenberg
315253b367 - Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
  OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
  of cleaning things up. I fixed it.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-12-10 20:20:15 +00:00
Daniel Stenberg
ebe5339003 - Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
  larger than 1024 bytes.
2009-12-07 20:25:17 +00:00
Daniel Stenberg
f0826974f2 - If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
  data->state.expect100header accordingly - the current code (in 7.19.7 at
  least) doesn't handle this properly. Martin Storsjo provided the fix!
2009-12-01 12:04:54 +00:00
Daniel Stenberg
8a7231d7ae a binding for Falcon 2009-11-29 19:12:00 +00:00
Daniel Stenberg
448f6684bb 7.20.0 is the planned next version number 2009-11-27 23:53:50 +00:00
Daniel Stenberg
6e38cc9048 - Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
  be used non-blocking with the multi interface and more. BLKSIZE also works.

  The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
  the command line.
2009-11-27 23:46:29 +00:00
Yang Tse
405e18571e - David Byron modified Makefile.dist vc8 and vc9 targets in order to allow
finer granularity control when generating src and lib makefiles.
2009-11-23 16:48:31 +00:00
Daniel Stenberg
1fddcb3f88 - Bjorn Augustsson reported a bug which made curl not report any problems even
though it failed to write a very small download to disk (done in a single
  fwrite call). It turned out to be because fwrite() returned success, but
  there was insufficient error-checking for the fclose() call which tricked
  curl to believe things were fine.
2009-11-23 13:56:45 +00:00
Daniel Stenberg
504e6d7ae6 - Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
  socket. Detected to at least happen with OpenSSL builds.
2009-11-20 19:32:49 +00:00
Daniel Stenberg
a41493b3b0 - Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
  same proxy with the tunnel option disabled would still wrongly re-use that
  previous connection and the outcome would only be badness.
2009-11-20 13:27:21 +00:00
Daniel Stenberg
b32d1a9a1d - Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:

  1. Set up a first web server that redirects (307) to a http://server:port
     that's down
  2. Have curl connect to the first web server using curl multi

  After the curl_easy_cleanup call, there will be curl dns entries hanging
  around with in_use != 0.

  (http://curl.haxx.se/bug/view.cgi?id=2891591)
2009-11-17 22:53:55 +00:00
Daniel Stenberg
4c8adc8fee - Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into
its pkg-config file.  So -Wl stuff ended up in the .pc file, which is really
  bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in
  PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592)
2009-11-17 18:11:06 +00:00
Claes Jakobsson
f7f76e17c3 Added '--configure' option to curl-config to display original configure arguments when curl was built 2009-11-14 19:23:26 +00:00
Daniel Stenberg
eb16c0e1eb - Claes Jakobsson restored the configure functionality to detect NSS when
--with-nss is set but not "yes".

  I think we can still improve that to check for pkg-config in that path etc,
  but at least this patch brings back the same functionality we had before.
2009-11-14 09:13:47 +00:00
Daniel Stenberg
9c49e51f7e - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
  can select a private key/cert automatically (When there is only one key
  and/or certificate on the hardware device used by the engine)
2009-11-14 07:53:34 +00:00
Yang Tse
90bc6ee8f3 - Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
2009-11-14 02:30:30 +00:00
Yang Tse
9b7e45e874 Add last change credit 2009-11-11 21:19:49 +00:00
Yang Tse
40c2c3270d - Marco Maggi reported that compilation failed when configured --with-gssapi
and GNU GSS installed due to a missing mutual exclusion of header files in
  the Kerberos 5 code path. He also verified that my patch worked for him.
2009-11-11 21:15:34 +00:00
Daniel Stenberg
fb5f332834 - Constantine Sapuntzakis posted bug #2891595
(http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
  in the DNS cache would linger too long if the request that added it was in
  use that long. He also provided the patch that now makes libcurl capable of
  still doing a request while the DNS hash entry may get timed out.
2009-11-11 09:31:37 +00:00
Daniel Stenberg
107c4d878a - Christian Schmitz noticed that the progress meter/callback was not properly
used during the FTP connection phase (after the actual TCP connect), while
  it of course should be. I also made the speed check get called correctly so
  that really slow servers will trigger that properly too.
2009-11-11 09:01:43 +00:00
Yang Tse
55e68ba333 I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.
2009-11-05 15:04:03 +00:00
Daniel Stenberg
257f2376d5 - I fixed several problems with the transfer progress meter. It showed the
wrong percentage for small files, most notable for <1000 bytes and could
  easily end up showing more than 100% at the end. It also didn't show any
  percentage, transfer size or estimated transfer times when transferring
  less than 100 bytes.
2009-11-04 23:09:17 +00:00
Daniel Stenberg
99e43046a7 start over towards 7.19.8 2009-11-04 13:11:43 +00:00
Daniel Stenberg
7d74e02519 syntax 2009-11-04 12:13:20 +00:00
Daniel Stenberg
b19dc0eeb0 - As reported independent by both Stan van de Burgt and Didier Brisebourg,
CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when
  getting data from ldap!
2009-11-02 18:49:56 +00:00
Daniel Stenberg
223d848104 - Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the
download was 0 bytes, as libcurl would then return the size as unknown (-1)
  and not 0. I wrote a fix and test case 566 to verify it.
2009-10-31 18:51:50 +00:00