_ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | | (__| |_| | _ <| |___ \___|\___/|_| \_\_____| Old Changelog Changes done to curl and libcurl from 1997 to 2006. The most recent changes are always kept in the CHANGES file. Daniel (29 December 2006) - Make curl_easy_duphandle() set the magic number in the new handle. Daniel (22 December 2006) - Robert Foreman provided a prime example snippet showing how libcurl would get confused and not acknowledge the 'no_proxy' variable properly once it had used the proxy and you re-used the same easy handle. I made sure the proxy name is properly stored in the connect struct rather than the sessionhandle/easy struct. - David McCreedy fixed a bad call to getsockname() that wrongly used a size_t variable to point to when it should be a socklen_t. - When setting a proxy with environment variables and (for example) running 'curl [URL]' with a URL without a protocol prefix, curl would not send a correct request as it failed to add the protocol prefix. Daniel (21 December 2006) - Robson Braga Araujo reported bug #1618359 (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 enters an infinite loop, while curl 7.16.1-20061218 does one additional unnecessary request. Fix: During the "Major overhaul introducing http pipelining support and shared connection cache within the multi handle." change, headerbytecount was moved to live in the Curl_transfer_keeper structure. But that structure is reset in the Transfer method, losing the information that we had about the header size. This patch moves it back to the connectdata struct. Daniel (16 December 2006) - Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE during certain conditions when GnuTLS is used. Daniel (11 December 2006) - Alexey Simak found out that when doing FTP with the multi interface and something went wrong like it got a bad response code back from the server, libcurl would leak memory. Added test case 538 to verify the fix. I also noted that the connection would get cached in that case, which doesn't make sense since it cannot be re-use when the authentication has failed. I fixed that issue too at the same time, and also that the path would be "remembered" in vain for cases where the connection was about to get closed. Daniel (6 December 2006) - Sebastien Willemijns reported bug #1603712 (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections getting cut off prematurely when --limit-rate is used. While I found no such problems in my tests nor in my reading of the code, I found that the --limit-rate code was severly flawed (since it was moved into the lib, since 7.15.5) when used with the easy interface and it didn't work as documented so I reworked it somewhat and now it works for my tests. Daniel (5 December 2006) - Stefan Krause pointed out a compiler warning with a picky MSCV compiler when passing a curl_off_t argument to the Curl_read_rewind() function which takes an size_t argument. Curl_read_rewind() also had debug code left in it and it was put in a different source file with no good reason when only used from one single spot. - Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is no code present in the library that receives the option. Since it was not possible to use, we know that no current users exist and thus we simply removed it from the docs and made the code always use the default path of the code. - Jared Lundell filed bug report #1604956 (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl will always internally use no less than 1 entry in the connection cache. - Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in the 7.16.0 release. - Martin Skinner brought back bug report #1230118 to haunt us once again. (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work properly for all input dates on Windows. It was mostly seen on some TZ time zones using DST. Luckily, Martin also provided a fix. - Alexey Simak filed bug report #1600447 (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active FTP connections don't work with the multi interface. The problem is here that the multi interface state machine has a state during which it can wait for the data connection to connect, but the active connection is not done in the same step in the sequence as the passive one is so it doesn't quite work for active. The active FTP code still use a blocking function to allow the remote server to connect. The fix (work-around is a better word) for this problem is to set the boolean prematurely that the data connection is completed, so that the "wait for connect" phase ends at once. The proper fix, left for the future, is of course to make the active FTP case to act in a non-blocking way too. - Matt Witherspoon fixed a problem case when the CPU load went to 100% when a HTTP upload was disconnected: "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is setting *only* POLLHUP on poll() when the conditions in my previous mail occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So basically what was happening, is poll() was returning immediately (with POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or POLLOUT was set. This still caused Curl_readwrite() to be called, which quickly returned. Then the transfer() loop kept continuing at full speed forever." Daniel (1 December 2006) - Toon Verwaest reported that there are servers that send the Content-Range: header in a third, not suppported by libcurl, format and we agreed that we could make the parser more forgiving to accept all the three found variations. Daniel (25 November 2006) - Venkat Akella found out that libcurl did not like HTTP responses that simply responded with a single status line and no headers nor body. Starting now, a HTTP response on a persistent connection (i.e not set to be closed after the response has been taken care of) must have Content-Length or chunked encoding set, or libcurl will simply assume that there is no body. To my horror I learned that we had no less than 57(!) test cases that did bad HTTP responses like this, and even the test http server (sws) responded badly when queried by the test system if it is the test system. So although the actual fix for the problem was tiny, going through all the newly failing test cases got really painful and boring. Daniel (24 November 2006) - James Housley did lots of work and introduced SFTP downloads. Daniel (13 November 2006) - Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed out a stack overwrite (and the corresponding fix) on 64bit Windows when dealing with HTTP chunked encoding. Daniel (9 November 2006) - Nir Soffer updated libcurl.framework.make: o fix symlinks, should link to Versions, not to ./Versions o indentation improvments - Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov 2006. It turned out we wrongly assumed that the connection cache was present when tearing down a connection. - Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the multi interface, but I could also repeat it doing multiple sequential ones with the easy interface. Using Ciprian's test case, I could fix it. Daniel (8 November 2006) - Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the SSL handshake. This is now stopped. Daniel (7 November 2006) - Olaf fixed a leftover problem with the CONNECT fix of his that would leave a wrong error message in the error message buffer. Daniel (3 November 2006) - Olaf Stueben provided a patch that I edited slightly. It fixes the notorious KNOWN_BUGS #25, which happens when a proxy closes the connection when libcurl has sent CONNECT, as part of an authentication negotiation. Starting now, libcurl will re-connect accordingly and continue the authentication as it should. Daniel (2 November 2006) - James Housley brought support for SCP transfers, based on the libssh2 library for the actual network protocol stuff. Added these new curl_easy_setopt() options: CURLOPT_SSH_AUTH_TYPES CURLOPT_SSH_PUBLIC_KEYFILE CURLOPT_SSH_PRIVATE_KEYFILE Version 7.16.0 (30 October 2006) Daniel (25 October 2006) - Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the case when 401 or 407 are returned, *IF* no auth credentials have been given. The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 and 407 cases when auth credentials is given, but we've now covered this somewhat more. You might get some amounts of headers transferred before this situation is detected, like for when a "100-continue" is received as a response to a POST/PUT and a 401 or 407 is received immediately afterwards. Added test 281 to verify this change. Daniel (23 October 2006) - Ravi Pratap provided a major update with pipelining fixes. We also no longer re-use connections (for pipelining) before the name resolving is done. Daniel (21 October 2006) - Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all the single test applications' link and dependences, so that you easier can override those from the command line when using make. - Armel Asselin separated CA cert verification problems from problems with reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. Daniel (18 October 2006) - Removed the "protocol-guessing" for URLs with host names starting with FTPS or TELNET since they are practically non-existant. This leaves us with only three different prefixes that would assume the protocol is anything but HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". Daniel (17 October 2006) - Bug report #1579171 pointed out code flaws detected with "prefast", and they were 1 - a too small memory clear with memset() in the threaded resolver and 2 - a range of potentially bad uses of the ctype family of is*() functions such as isdigit(), isalnum(), isprint() and more. The latter made me switch to using our own set of these functions/macros using uppercase letters, and with some extra set of crazy typecasts to avoid mistakingly passing in negative numbers to the underlying is*() functions. - With Jeff Pohlmeyer's help, I fixed the expire timer when using curl_multi_socket() during name resolves with c-ares and the LOW_SPEED options now work fine with curl_multi_socket() as well. Daniel (16 October 2006) - Added a check in configure that simply tries to run a program (not when cross-compiling) in order to detect problems with run-time libraries that otherwise would occur when the sizeof tests for curl_off_t would run and thus be much more confusing to users. The check of course should run after all lib-checks are done and before any other test is used that would run an executable built for testing-purposes. Dan F (13 October 2006) - The tagging of application/x-www-form-urlencoded POST body data sent to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously included as part of the header). A message was also added to the command line tool to show when data is being sent, enabled when --verbose is used. Daniel (12 October 2006) - Starting now, adding an easy handle to a multi stack that was already added to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. - Jeff Pohlmeyer has been working with the hiperfifo.c example source code, and while doing so it became apparent that the current timeout system for the socket API really was a bit awkward since it become quite some work to be sure we have the correct timeout set. Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another callback the app can set to get to know when the general timeout time changes and thus for an application like hiperfifo.c it makes everything a lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in good old libcurl tradition. Jeff has also updated the hiperfifo.c example code to use this news. Daniel (9 October 2006) - Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test case 535 and it now runs fine. Again a problem with the pipelining code not taking all possible (error) conditions into account. Daniel (6 October 2006) - Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to test case 533 and the test now runs fine. Daniel (4 October 2006) - Dmitriy Sergeyev provided an example source code that crashed CVS libcurl but that worked nicely in 7.15.5. I converted it into test case 532 and fixed the problem. Daniel (29 September 2006) - Removed a few other no-longer present options from the header file. - Support for FTP third party transfers was removed. Here's why: o The recent multi interface changes broke it and the design of the 3rd party transfers made it very hard to fix the problems o It was still blocking and thus nasty for the multi interface o It was a lot of extra code for a very rarely used feature o It didn't use the same code as for "plain" FTP transfers, so it didn't work fine for IPv6 and it didn't properly re-use connections and more o There's nobody around who's willing to work on and improve the existing code This does not mean that third party transfers are banned forever, only that they need to be done better if they are to be re-added in the future. The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* options from the command line tool. For this reason, I also bumped the version info for the lib. Daniel (28 September 2006) - Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl would crash if a bad function sequence was used when shutting down after using the multi interface (i.e using easy_cleanup after multi_cleanup) so precautions have been added to make sure it doesn't any more - test case 529 was added to verify. Daniel (27 September 2006) - The URL in the cookie jar file is now changed since it was giving a 404. Reported by Timothy Stone. The new URL will take the visitor to a curl web site mirror with the document. Daniel (24 September 2006) - Bernard Leak fixed configure --with-gssapi-libs. - Cory Nelson made libcurl use the WSAPoll() function if built for Windows Vista (_WIN32_WINNT >= 0x0600) Daniel (23 September 2006) - Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only encrypt the control connection and use the data connection "plain". - Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file. Daniel (21 September 2006) - Added test case 531 in an attempt to repeat bug report #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an FTP upload fails with the multi interface. It did not, but I made a failed upload still assume the control connection to be fine. Daniel (20 September 2006) - Armel Asselin fixed problems when you gave a proxy URL with user name and empty password or no password at all. Test case 278 and 279 were added to verify. Daniel (12 September 2006) - Added docs/examples/10-at-a-time.c by Michael Wallner - Added docs/examples/hiperfifo.c by Jeff Pohlmeyer Daniel (11 September 2006) - Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a handle that is part of a multi handle first removes the handle from the stack. - Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL session-ID re-use on demand since there obviously are broken servers out there that misbehave with session-IDs used. - Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a problem with it (SIGSEGV-style). It clearly showed that the existing socket-state and state-difference function wasn't good enough so I rewrote it and could then re-run Jeff's program without any crash. The previous version clearly could miss to tell the application when a handle changed from using one socket to using another. While I was at it (as I could use this as a means to track this problem down), I've now added a 'magic' number to the easy handle struct that is inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that we can use internally to detect that an easy handle seems to be fine, or at least not closed or freed (freeing in debug builds fill the area with 0x13 bytes but in normal builds we can of course not assume any particular data in the freed areas). Daniel (9 September 2006) - Michele Bini fixed how the hostname is put in NTLM packages. As servers don't expect fully qualified names we need to cut them off at the first dot. - Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some of them can be completetly removed though... Daniel (6 September 2006) - Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that handle will be attempted to get pipelined instead of done in parallell as they are performed otherwise. As a side-effect from this work, connections are now shared between all easy handles within a multi handle, so if you use N easy handles for transfers, each of them can pick up and re-use a connection that was previously used by any of the handles, be it the same or one of the others. This separation of the tight relationship between connections and easy handles is most noticable when you close easy handles that have been used in a multi handle and check amount of used memory or watch the debug output, as there are times when libcurl will keep the easy handle around for a while longer to be able to close it properly. Like for sending QUIT to close down an FTP connection. This is a major change. Daniel (4 September 2006) - Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a patch that while not fixing things very nicely, it does make the SOCKS5 proxy connection slightly better as it now acknowledges the timeout for connection and it no longer segfaults in the case when SOCKS requires authentication and you did not specify username:password. Daniel (31 August 2006) - Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch name resolves. It could get stuck in the wrong state. Gisle (29 August 2006) - Added support for other MS-DOS compilers (desides djgpp). All MS-DOS compiler now uses the same config.dos file (renamed to config.h by make). libcurl now builds fine using Watcom and Metaware's High-C using the Watt-32 tcp/ip-stack. Daniel (29 August 2006) - David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to allow applications to set their own socket options. Daniel (25 August 2006) - Armel Asselin reported that the 'running_handles' counter wasn't updated properly if you removed a "live" handle from a multi handle with curl_multi_remove_handle(). Daniel (22 August 2006) - David McCreedy fixed a remaining mistake from the August 19 TYPE change. - Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP code when doing pure ipv6 EPRT connections. Daniel (19 August 2006) - Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE command on subsequent requests on a re-used connection unless it has to. - Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and files in the root directory. - Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't send the whole request at once, even though the Expect: header was disabled by the application. An effect of this change is also that small (< 1024 bytes) POSTs are now always sent without Expect: header since we deem it more costly to bother about that than the risk that we send the data in vain. Daniel (9 August 2006) - Armel Asselin made the CURLOPT_PREQUOTE option work fine even when CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place in the command sequence as it would have run if there would've been a transfer. Daniel (8 August 2006) - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs on a persistent connection and allowed the first to use that header, you could not disable it for the second request. Daniel (7 August 2006) - Domenico Andreolfound a quick build error which happened because src/config.h.in was not a proper duplcate of lib/config.h.in which it should've been and this was due to the maketgz script not doing the cp properly. Version 7.15.5 (7 August 2006) Daniel (2 August 2006) - Mark Lentczner fixed how libcurl was not properly doing chunked encoding if the header "Transfer-Encoding: chunked" was set by the application. http://curl.haxx.se/bug/view.cgi?id=1531838 Daniel (1 August 2006) - Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() an unknown error number on glibc systems. http://curl.haxx.se/bug/view.cgi?id=1532289 Daniel (31 July 2006) - *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified prototypes: they both now provide the number of running handles back to the calling function. It makes the functions resemble the good old curl_multi_perform() more and provides a nice way to know when the multi handle goes empty. ALERT2: don't use the curl_multi_socket*() functionality in anything production-like until I say it's somewhat settled, as I suspect there might be some further API changes before I'm done... Daniel (28 July 2006) - Yves Lejeune fixed so that replacing Content-Type: when doing multipart formposts work exactly the way you want it (and the way you'd assume it works). Daniel (27 July 2006) - David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both control and data connection, as the existing --ftp-ssl option only requests it. - [Hiper-related work] Added a function called curl_multi_assign() that will set a private pointer added to the internal libcurl hash table for the particular socket passed in to this function: CURLMcode curl_multi_assign(CURLM *multi_handle, curl_socket_t sockfd, void *sockp); 'sockp' being a custom pointer set by the application to be associated with this socket. The socket has to be already existing and in-use by libcurl, like having already called the callback telling about its existance. The set hashp pointer will then be passed on to the callback in upcoming calls when this same socket is used (in the brand new 'socketp' argument). Daniel (26 July 2006) - Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl tool option named --ftp-alternative-to-user. It provides a mean to send a particular command if the normal USER/PASS approach fails. - Michael Jerris added magic that builds lib/curllib.vcproj automatically for newer MSVC. Daniel (25 July 2006) - Georg Horn made the transfer timeout error message include more details. Daniel (20 July 2006) - David McCreedy fixed a build error when building libcurl with HTTP disabled, problem added with the curl_formget() patch. Daniel (17 July 2006) - Jari Sundell did some excellent research and bug tracking, figured out that we did wrong and patched it: When nodes were removed from the splay tree, and we didn't properly remove it from the splay tree when an easy handle was removed from a multi stack and thus we could wrongly leave a node in the splay tree pointing to (bad) memory. Daniel (14 July 2006) - David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared for FTP ASCII transfers. Daniel (8 July 2006) - Ates Goral pointed out that libcurl's cookie parser did case insensitive string comparisons on the path which is incorrect and provided a patch that fixes this. I edited test case 8 to include details that test for this. - Ingmar Runge provided a source snippet that caused a crash. The reason for the crash was that libcurl internally was a bit confused about who owned the DNS cache at all times so if you created an easy handle that uses a shared DNS cache and added that to a multi handle it would crash. Now we keep more careful internal track of exactly what kind of DNS cache each easy handle uses: None, Private (allocated for and used only by this single handle), Shared (points to a cache held by a shared object), Global (points to the global cache) or Multi (points to the cache within the multi handle that is automatically shared between all easy handles that are added with private caches). Daniel (4 July 2006) - Toshiyuki Maezawa fixed a problem where you couldn't override the Proxy-Connection: header when using a proxy and not doing CONNECT. Daniel (24 June 2006) - Michael Wallner added curl_formget(), which allows an application to extract (serialise) a previously built formpost (as with curl_formadd()). Daniel (23 June 2006) - Arve Knudsen found a flaw in curl_multi_fdset() for systems where curl_socket_t is unsigned (like Windows) that could cause it to wrongly return a max fd of -1. Daniel (20 June 2006) - Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed to send or receive data. This kind of adds the the command line tool's option --limit-rate to the library. The rate limiting logic in the curl app is now removed and is instead provided by libcurl itself. Transfer rate limiting will now also work for -d and -F, which it didn't before. Daniel (19 June 2006) - Made -K on a file that couldn't be read cause a warning to be displayed. Daniel (13 June 2006) - Dan Fandrich implemented --enable-hidden-symbols configure option to enable -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl binary and speeds up dynamic linking by hiding all the internal symbols from the symbol table. Version 7.15.4 (12 June 2006) Daniel (8 June 2006) - Brian Dessent fixed the code for cygwin in three distinct ways: The first modifies {lib,src}/setup.h to not include the winsock headers under Cygwin. This fixes the reported build problem. Cygwin attempts as much as possible to emulate a posix environment under Windows. This means that WIN32 is *not* #defined and (to the extent possible) everything is done as it would be on a *ix type system. Thus is the proper include, and even though winsock2.h is present, including it just introduces a whole bunch of incompatible socket API stuff. The second is a patch I've included in the Cygwin binary packages for a while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The checks are innocuous and they do succeed, but they pollute LIBS with unnecessary stuff which gets recorded as such in the libcurl.la file, which brings them into the build of any libcurl-downstream. As far as I know these libs are really only necessary for mingw, so alternatively they could be designed to only run if $host matches *-*-mingw* but I took the safer route of skipping them for *-*-cygwin*. The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ with __CYGWIN__. Ref: . Daniel (7 June 2006) - Mikael Sennerholm provided a patch that added NTLM2 session response support to libcurl. The 21 NTLM test cases were again modified to comply... Daniel (27 May 2006) - Óscar Morales Vivó updated the libcurl.framework.make file. Daniel (26 May 2006) - Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to fail. When using the md5-sess, the result was not Md5 encoded and Base64 transformed. Daniel (25 May 2006) - Michael Wallner provided a patch that allows "SESS" to be set with CURLOPT_COOKIELIST, which then makes all session cookies get cleared. Daniel (24 May 2006) - Tor Arntsen made test 271 run fine again since the TFTP path fix. Daniel (23 May 2006) - Martin Michlmayr filed debian bug report #367954, but the same error also showed up in the autobuilds. It seems a rather long-since introduced shell script flaw in the configure script suddenly was detected by the bash version in Debian Unstable. It had previously passed undetected by all shells used so far... - David McCreedy updated lib/config-tpf.h Daniel (11 May 2006) - Fixed the configure's check for old-style SSLeay headers since I fell over a case with a duplicate file name (a krb4 implementation with an err.h file). I converted the check to manually make sure three of the headers are present before considering them fine. - David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions. Daniel (10 May 2006) - Fixed DICT in two aspects: 1 - allow properly URL-escaped words, like using %20 for spaces 2 - properly escape certain letters within a word to comply to the RFC2229 Daniel (9 May 2006) - Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU autotools project, which optionally (default=yes) uses libcurl on a system without a (usable) libcurl installation, but not specifying `--without-libcurl', configure determines correctly that no libcurl is available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' in the resulting Makefiles. David Shaw fixed the flaw. - Robson Braga Araujo fixed two problems in the recently added non-blocking SSL connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks. - Robson Braga Araujo fixed a memory leak when you added an easy handle to a multi stack and that easy handle had already been used to do one or more easy interface transfers, as then the code threw away the previously used DNS cache without properly freeing it. Daniel (8 May 2006) - Dan Fandrich went over the TFTP code and he pointed out and fixed numerous problems: * The received file is corrupted when a packet is lost and retransmitted (this is a serious problem!) * Transmitting a file aborts if a block is lost and retransmitted * Data is stored in the wrong location in the buffer for uploads, so uploads always fail (I don't see how it could have ever worked, but it did on x86 at least) * A number of calls are made to strerror instead of Curl_strerror, making the code not thread safe * There are references to errno instead of Curl_sockerrno(), causing incorrect error messages on Windows * The file name includes a leading / which violates RFC3617. Doing something similar to ftp, where two slashes after the host name means an absolute reference seems a reasonable extension to fix this. * Failures in EBCDIC conversion are not propagated up to the caller but are silently ignored - Fixed known bug #28. The TFTP code no longer assumes a packed struct and thus works reliably on more platforms. Daniel (5 May 2006) - Roland Blom filed bug report #1481217 (http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini and David Byron. libcurl previously wrongly used GetLastError() on windows to get error details after socket-related function calls, when it really should use WSAGetLastError() instead. When changing to this, the former function Curl_ourerrno() is now instead called Curl_sockerrno() as it is necessary to only use it to get errno from socket-related functions as otherwise it won't work as intended on Windows. Daniel (4 May 2006) - Mark Eichin submitted bug report #1480821 (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a problem with how libcurl dealt with GnuTLS and a case where gnutls returned GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected return code, making Curl_ssl_send() confuse the upper layer - causing random 28 bytes trash data to get inserted in the transfered stream. The proper fix was to make the Curl_gtls_send() function return the proper return codes that the callers would expect. The Curl_ossl_send() function already did this. Daniel (2 May 2006) - Added a --checkfor option to curl-config to allow users to easier write for example shell scripts that test for the presence of a new-enough libcurl version. If --checkfor is given a version string newer than what is currently installed, curl-config will return a non-zero exit code and output a string about the unfulfilled requirement. Daniel (26 April 2006) - David McCreedy brought initial line end conversions when doing FTP ASCII transfers. They are done on non-windows systems and translate CRLF to LF. I modified the 15 LIST-using test cases accordingly. The downside is that now we'll have even more trouble to get the tests to run on Windows since they should get CRLF newlines left intact which the *nix versions don't. I figure the only sane thing to do is to add some kind of [newline] macro for the test case files and have them expanded to the proper native line ending when the test cases are run. This is however left to implement. Daniel (25 April 2006) - Paul Querna fixed libcurl to better deal with deflate content encoding when the stream (wrongly) lacks a proper zlib header. This seems to be the case on too many actual server implementations. Daniel (21 April 2006) - Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. Daniel (19 April 2006) - Based on previous info from Tor Arntsen, I made configure detect the Intel ICC compiler to add a compiler option for it, in order for configure to properly be able to detect function prototypes. - Robson Braga Araujo provided a patch that makes libcurl less eager to close the control connection when using FTP, for example when you remove an easy handle from a multi stack. - Applied a patch by Ates Goral and Katie Wang that corrected my bad fix attempt from April 10. Daniel (11 April 2006) - #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) since the struct timeval field tv_sec is an int while time_t is 64bit. Daniel (10 April 2006) - Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL connection time-out! - I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main sources. See the lib/README.multi_socket for implementation story with details. Don't expect it to work fully yet. I don't intend to blow any whistles or ring any bells about it until I'm more convinced it works at least somewhat reliably. Daniel (7 April 2006) - David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() options (callbacks) were added: CONV_FROM_NETWORK_FUNCTION CONV_TO_NETWORK_FUNCTION CONV_FROM_UTF8_FUNCTION Daniel (5 April 2006) - Michele Bini modified the NTLM code to work for his "weird IIS case" (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk. Daniel (28 March 2006) - #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that occurred when asking libcurl to follow HTTP redirects and the original URL had more than one question mark (?). Added test case 276 to verify. Daniel (27 March 2006) - David Byron found a problem multiple -d options when libcurl was built with --enable-debug, as then curl used free() on memory allocated both with normal malloc() and with libcurl-provided functions, when the latter MUST be freed with curl_free() in debug builds. Daniel (26 March 2006) - Tor Arntsen figured out that TFTP was broken on a lot of systems since we called bind() with a too big argument in the 3rd parameter and at least Tru64, AIX and IRIX seem to be very picky about it. Daniel (21 March 2006) - David McCreedy added CURLINFO_FTP_ENTRY_PATH. - Xavier Bouchoux made the SSL connection non-blocking for the multi interface (when using OpenSSL). - Tor Arntsen fixed the AIX Toolbox RPM spec Daniel (20 March 2006) - David McCreedy fixed libcurl to no longer ignore AUTH failures and now it reacts properly according to the CURLOPT_FTP_SSL setting. - Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file whose length was a multiple of 512 bytes could have random garbage appended. Also, stop processing TFTP packets which are too short to be legal. - Ilja van Sprundel reported a possible crash in the curl tool when using "curl hostwithoutslash -d data -G" Version 7.15.3 (20 March 2006) Daniel (20 March 2006) - VULNERABILITY reported to us by Ulf Harnhammar. libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes. The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-1061 to this issue. Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. Daniel (14 March 2006) - David McCreedy fixed: a bad SSL error message when OpenSSL certificates are verified fine. a missing return code assignment in the FTP code Daniel (7 March 2006) - Markus Koetter filed debian bug report #355715 which identified a problem with the multi interface and multi-part formposts. The fix from February 22nd could make the Curl_done() function get called twice on the same connection and it was not designed for that and thus tried to call free() on an already freed memory area! - Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is used properly. Daniel (6 March 2006) - Lots of users on Windows have reported getting the "SSL: couldn't set callback" error message so I've now made the setting of that callback not be as critical as before. The function is only used for additional loggging/ trace anyway so a failure just means slightly less data. It should still be able to proceed and connect fine to the server. Daniel (4 March 2006) - Thomas Klausner provided a patch written by Todd Vierling in bug report #1442471 that fixes a build problem on Interix. Daniel (2 March 2006) - FTP upload without a file name part in the URL now causes curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the upload but named the file "(nil)" (without the quotes). Test case 524 verifies. - Added a check for getprotobyname in configure so that it'll be used, thanks to Gisle Vanem's change the other day. Daniel (28 February 2006) - Dan Fandrich prevented curl from getting stuck in an endless loop in case we are out of file handles very early in curl's code where it makes sure that 0, 1 and 2 aren't gonna be used by the lib for transfers. Daniel (27 February 2006) - Marty Kuhrt pointed out that there were two VMS-specific files missing in the release archive. Version 7.15.2 (27 February 2006) Daniel (22 February 2006) - Lots of work and analysis by "xbx___" in bug #1431750 (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two different but related bugs: 1) Removing an easy handle from a multi handle before the transfer is done could leave a connection in the connection cache for that handle that is in a state that isn't suitable for re-use. A subsequent re-use could then read from a NULL pointer and segfault. 2) When an easy handle was removed from the multi handle, there could be an outstanding c-ares DNS name resolve request. When the response arrived, it caused havoc since the connection struct it "belonged" to could've been freed already. Now Curl_done() is called when an easy handle is removed from a multi handle pre-maturely (that is, before the transfer was complteted). Curl_done() also makes sure to cancel all (if any) outstanding c-ares requests. Daniel (21 February 2006) - Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy type to the already provided type CURLPROXY_SOCKS4. I added a --socks4 option that works like the current --socks5 option but instead use the socks4 protocol. Daniel (20 February 2006) - Shmulik Regev fixed an issue with multi-pass authentication and compressed content when libcurl didn't honor the internal ignorebody flag. Daniel (18 February 2006) - Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate code. It should however not be the cause of any troubles. He also fixed a few similar problems in the HTTP test server code. Daniel (17 February 2006) - Shmulik Regev provided a fix for the DNS cache when using short life times, as previously it could be holding on to old cached entries longer than requested. Daniel (11 February 2006) - Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options that an app can use to let libcurl only connect to a remote host and then extract the socket from libcurl. libcurl will then not attempt to do any transfer at all after the connect is done. - Kent Boortz improved the configure check for GnuTLS to properly set LIBS instead of LDFLAGS. Daniel (8 February 2006) - Philippe Vaucher provided a brilliant piece of test code that show a problem with re-used FTP connections. If the second request on the same connection was set not to fetch a "body", libcurl could get confused and consider it an attempt to use a dead connection and would go acting mighty strange. Daniel (2 February 2006) - Make --limit-rate [num] mean bytes. It used to be that but it broke in my change done in November 2005. Daniel (30 January 2006) - Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the curl tool with --local-port. Plain and simply set the range of ports to bind the local end of connections to. Implemented on to popular demand. - Based on an error report by Philippe Vaucher, we no longer count a retried connection setup as a follow-redirect. It turns out 1) this fails when a FTP connection is re-setup and 2) it does make the max-redirs counter behave wrong. Daniel (24 January 2006) - Michal Marek provided a patch for FTP that makes libcurl continue to try PASV even after EPSV returned a positive response code, if libcurl failed to connect to the port number the EPSV response said. Obviously some people are going through protocol-sensitive firewalls (or similar) that don't understand EPSV and then they don't allow the second connection unless PASV was used. This also called for a minor fix of test case 238. Daniel (20 January 2006) - Duane Cathey was one of our friends who reported that curl -P [IP] (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a "native" IP while it works fine for ipv6-disabled builds! In the process of fixing this, I removed the support for LPRT since I can't think of many reasons to keep doing it and asking on the mailing list didn't reveal anyone else that could either. The code that sends EPRT and PORT is now also a lot simpler than before (IMHO). Daniel (19 January 2006) - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl (built ipv4-only) didn't work. Daniel (18 January 2006) - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), the configure script complained about a missing "missing" script if you ran configure within a path whose name included one or more spaces. This is due to a flaw in automake (1.9.6 and earlier). I've now worked around it by including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll be used instead of the one automake ships with. This kludge needs to be removed once we get an automake version with this problem corrected. Possibly we'll then need to convert this into a kludge depending on what automake version that is used and that is gonna be painful and I don't even want to think about that now...! Daniel (17 January 2006) - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with the latest features and protocols that libcurl supports and has a minor fix to better deal with the obscure case where someone has more than one libcurl installed at the same time. Daniel (16 January 2006) - David Shaw finally removed all traces of Gopher and we are now officially not supporting it. It hasn't been functioning for years anyway, so this is just finally stating what already was true. And a cleanup at the same time. - Bryan Henderson turned the 'initialized' variable for curl_global_init() into a counter, and thus you can now do multiple curl_global_init() and you are then supposed to do the same amount of calls to curl_global_cleanup(). Bryan has also updated the docs accordingly. Daniel (13 January 2006) - Andrew Benham fixed a race condition in the test suite that could cause the test script to kill all processes in the current process group! Daniel (12 January 2006) - Michael Jahn: Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru HTTP proxy. Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would previously overwrite internal memory and cause unpredicted behaviour! Daniel (11 January 2006) - I decided to document the "secret option" here now, as I've received *NO* feedback at all on my mailing list requests from November 2005: I'm looking for feedback and comments. I added some experimental code the other day, that allows a libcurl user to select what method libcurl should use to reach a file on a FTP(S) server. This functionality is available in CVS code and in recent daily snapshots. Let me explain... The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for the command line tool) and you set it to a long (there are currenly no defines for the argument values, just plain numericals). You can set three different "methods" that do this: 1 multicwd - like today, curl will do a single CWD operation for each path part in the given URL. For deep hierarchies this means very many commands. This is how RFC1738 says it should be done. This is the default. 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give a full path to the server. 3 singlecwd - make one CWD with the full target directory and then operate on the file "normally". (With the command line tool you do --ftp-method [METHOD], where [METHOD] is one of "multicwd", "nocwd" or "singlecwd".) What feedback I'm interested in: 1 - Do they work at all? Do you find servers where one of these don't work? 2 - What would proper names for the option and its arguments be, if we consider this feature good enough to get included and documented in upcoming releases? 3 - Should we make libcurl able to "walk through" these options in case of (path related) failures, or should it fail and let the user redo any possible retries? (This option is not documented in any man page just yet since I'm not sure these names will be used or if the functionality will end up exactly like this. And for the same reasons we have no test cases for these yet.) Daniel (10 January 2006) - When using a bad path over FTP, as in when libcurl couldn't CWD into all given subdirs, libcurl would still "remember" the full path as if it is the current directory libcurl is in so that the next curl_easy_perform() would get really confused if it tried the same path again - as it would not issue any CWD commands at all, assuming it is already in the "proper" dir. Starting now, a failed CWD command sets a flag that prevents the path to be "remembered" after returning. Daniel (7 January 2006) - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP proxy actually used a new connection and not sent the second request on the first socket! Daniel (6 January 2006) - Alexander Lazic made the buildconf run the buildconf in the ares dir if that is present instead of trying to mimic that script in curl's buildconf script. Daniel (3 January 2006) - Andres Garcia made the TFTP test server build with mingw. Daniel (16 December 2005) - Jean Jacques Drouin pointed out that you could only have a user name or password of 127 bytes or less embedded in a URL, where actually the code uses a 255 byte buffer for it! Modified now to use the full buffer size. Daniel (12 December 2005) - Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly Version 7.15.1 (7 December 2005) Daniel (6 December 2005) - Full text here: http://curl.haxx.se/docs/adv_20051207.html Pointed out by Stefan Esser. VULNERABILITY libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL. These overflows happen if you 1 - pass in a URL with no protocol (like "http://") prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of the malloced buffer. 2 - pass in a URL with only a question mark as separator (no slash) between the host and the query part of the URL. This leads to a single zero byte overflow of the malloced buffer. Both overflows can be made with the same input string, leading to two single zero byte overwrites. The affected flaw cannot be triggered by a redirect, but the long URL must be passed in "directly" to libcurl. It makes this a "local" problem. Of course, lots of programs may still pass in user-provided URLs to libcurl without doing much syntax checking of their own, allowing a user to exploit this vulnerability. There is no known exploit at the time of this writing. Daniel (2 December 2005) - Jamie Newton pointed out that libcurl's file:// code would close() a zero file descriptor if given a non-existing file. Daniel (24 November 2005) - Doug Kaufman provided a set of patches to make curl build fine on DJGPP again using configure. - Yang Tse provided a whole series of patches to clear up compiler warnings on MSVC 6. Daniel (17 November 2005) - I extended a patch from David Shaw to make libcurl _always_ provide an error string in the given error buffer to address the flaw mention on 21 sep 2005. Daniel (16 November 2005) - Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get installed on 'make install' time. Daniel (14 November 2005) - Quagmire reported that he needed to raise a NTLM buffer for SSPI to work properly for a case, and so we did. We raised it even for non-SSPI builds but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715 - Jan Kunder's debian bug report http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird error message for when you try to upload a file and the requested directory doesn't exist on the target server. - Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in lib/memdebug.h that showed up in his msvc builds. Daniel (13 November 2005) - Debian bug report 338681 by Jan Kunder: make curl better detect and report bad limit-rate units: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return error if a bad unit is used. - Thanks to this nice summary of poll() implementations: http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote connectin closure so we check for that case (too) and re-enable poll for cygwin builds. Daniel (12 November 2005) - Eugene Kotlyarov found out that cygwin's poll() function isn't doing things right: http://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable poll() and use select() on cygwin too (we already do the same choice on Mac OS X) - Dima Barsky patched problem #1348930: the GnuTLS code completely ignored client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930). Daniel (10 November 2005) - David Lang fixed IPv6 support for TFTP! - Introducing range stepping to the curl globbing support. Now you can specify step counter by adding :[num] within the brackets when specifying a range: [1-100:10] [a-z:2] If no step counter is set, it defaults to 1 as before: [1-100] [d-h] Daniel (8 November 2005) - Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since we really have no use for reverse lookups of the address. I truly hope these are the last reverse lookups we had lingering in the code! - Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll. However, under Windows NT 4.0 these functions are located in security.dll, under Windows 9x - in secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll just forwards calls to secur32.dll). Dmitry's patch loads proper library dynamically depending on Windows version. Function InitSecurityInterface() is used to obtain pointers to all of SSPI function in one structure. Daniel (31 October 2005) - Vilmos Nebehaj improved libcurl's LDAP abilities: The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary attributes in LDAP objects. So, I made a quick patch to address these problems. The solution is simple: if we connect to an LDAP server, first try LDAPv3 (which is the preferred protocol as of now) and then fall back to LDAPv2. In case of binary attributes, we first convert them to base64, just like the openldap client does. It uses ldap_get_values_len() instead of ldap_get_values() to be able to retrieve binary attributes correctly. I defined the necessary LDAP macros in lib/ldap.c to be able to compile libcurl without the presence of libldap Daniel (27 October 2005) - Nis Jorgensen filed bug report #1338648 (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a feature request, but anyway. It pointed out that --max-redirs did not allow it to be set to 0, which then would return an error code on the first Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS set to 0, or -1 for infinity. Added test case 274 to verify. - tommink[at]post.pl reported in bug report #1337723 (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload binary data from stdin on Windows if the data contained control-Z (hex 1a) since that is treated as end-of-file when read in text mode. Gisle Vanem pointed out the fix, and I made both -T and --data-binary take advantage of it. - Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described in the man page, curl would send an invalid HTTP Range: header. The correct way would be to use "-r [number]-" or even "-r -[number]". Starting now, curl will warn if this is discovered, and automatically append a dash to the range before passing it to libcurl. Daniel (25 October 2005) - Amol Pattekar reported a bug with great detail and a fine example in bug #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi interface and connecting to a host with multiple IP addresses, and one of the addresses fails to connect (the server must exist and respond, just not accept connections) libcurl leaks a socket descriptor. Thanks to the fine report, I could find and fix this. Daniel (22 October 2005) - Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL stream from a server and the server requests a "rehandshake", the current code simply returns this as an error. I have no good way to test this, but I've added a crude attempt of dealing with this situation slightly better - it makes a blocking handshake if this happens. Done like this because fixing this the "proper" way (that would handshake asynchronously) will require quite some work and I really need a good way to test this to do such a change. Daniel (21 October 2005) - "Ofer" reported a problem when libcurl re-used a connection and failed to do it, it could then accidentally actually crash. Presumably, this concerns FTP connections. http://curl.haxx.se/bug/view.cgi?id=1330310 - Temprimus improved the MSVC makefile so that the static debug SSL libs are linked to the executable and not to the libcurld.lib http://curl.haxx.se/bug/view.cgi?id=1326676 - Bradford Bruce made the windows resolver code properly return CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving errors (as documented). Daniel (20 October 2005) - Dave Dribin made libcurl understand and handle cases when the server (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should never happen in a sane world, libcurl previously got into an infinite loop when this occurred. Dave added test 273 to verify this. - Temprimus improved the MSVC makefile: "makes a build option available so if you set rtlibcfg=static for the make, then it would build with /MT. The default behaviour is /MD (the original)." http://curl.haxx.se/bug/view.cgi?id=1326665 Daniel (14 October 2005) - Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin reported, the define is used by the configure script and is assumed to use the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0 release version. Version 7.15.0 (13 October 2005) Daniel (12 October 2005) - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM code that would overflow a buffer if given a too long user name or domain name. This would happen if you enable NTLM authentication and either A - pass in a user name and domain name to libcurl that together are longer than 192 bytes B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a user name and domain name that together are longer than 192 bytes See http://curl.haxx.se/docs/security.html for further details and updates Daniel (5 October 2005) - Darryl House reported a problem with using -z to download files from FTP. It turned out that if the given time stamp was exact the same as the remote time stamp, the file would still wrongly be downloaded. Added test case 272 to verify. Daniel (4 October 2005) - Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes from the configure script. - Michael Wallner reported that the date parser had wrong offset stored for the MEST and CEST time zones. Daniel (27 September 2005) - David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem with Content-Range: headers with the 'bytes' keyword written in a different case than all lowercase! It would cause a segfault! - TJ Saunders of the proftpd project identified and pointed out problems with the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status. Daniel (21 September 2005) - Fixed "cut off" sentence in the libcurl-tutorial man page: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305 - Clarified in the curl_easy_setopt man page what the default CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311 - Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER sometimes doesn't fill in the buffer even though it is supposed to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313 - When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an error string set. Daniel (19 September 2005) - Dmitry Bartsevich made the SSPI support work on Windows 9x as well. Daniel (15 September 2005) - Added a TFTP server to the test suite and made the test suite capable of using it. Daniel (7 September 2005) - Ben Madsen's detailed reports that funnily enough only occurred with certain glibc versions turned out to be curl using an already closed file handle during certain conditions (like when saving FTP server "headers"). - Scott Davis helped me track down a problem in the test HTTP server that made test case 56 wrongly fail at times. It turned out it was due to the server finding the end of a chunked-encoded POST too early. Daniel (6 September 2005) - Now curl warns if an unknown variable is used in the -w/--writeout argument. Daniel (4 September 2005) - I applied Nicolas François' man page patch he posted to the Debian bug tracker. It corrected two lines that started with apostrophes, which isn't legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511 - Added --ftp-skip-pasv-ip to the command line tool, that sets the new CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control connection's IP address when setting up the data connection instead of extractting the IP address from the PASV response. It has turned out this feature is frequently needed by people to circumvent silly servers and silly firewalls, especially when FTPS is used and the PASV command-response is sent encrtyped. Sponsored by CU*Answers Daniel (1 September 2005) - John Kelly added TFTP support to libcurl. A bunch of new error codes was added. TODO: add them to docs. add TFTP server to test suite. add TFTP to list of protocols whereever those are mentioned. Version 7.14.1 (1 September 2005) Daniel (29 August 2005) - Kevin Lussier pointed out a problem with curllib.dsp and how to fix it. - Igor Polyakov fixed a rather nasty problem with the threaded name resolver for Windows, that could lead to an Access Violation when the multi interface was used due to an issue with how the resolver thread was and was not terminated. - Simon Josefsson brought a patch that allows curl to get built to use GNU GSS instead of MIT/Heimdal for GSS capabilities. Daniel (24 August 2005) - Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible from the command line tool with --ignore-content-length. This will make it easier to download files from Apache 1.x (and similar) servers that are still having problems serving files larger than 2 or 4 GB. When this option is enabled, curl will simply have to wait for the server to close the connection to signal end of transfer. I wrote test case 269 that runs a simple test to verify that this works. - (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed the --logfile command line option to --log-file, and thus the test script valgrind autodetection now has yet another version check to do and then it alters the valgrind command line accordingly. - Fixed CA cert verification using GnuTLS with the default bundle, which previously failed due to GnuTLS not allowing x509 v1 CA certs by default. Ralph Mitchell reported. Daniel (19 August 2005) - Norbert Novotny had problems with FTPS and he helped me work out a patch that made curl run fine in his end. The key was to make sure we do the SSL/TLS negotiation immediately after the TCP connect is done and not after a few other commands have been sent like we did previously. I don't consider this change necessary to obey the standards, I think this server is pickier than what the specs allow it to be, but I can't see how this modified libcurl code can add any problems to those who are interpreting the standards more liberally. Daniel (17 August 2005) - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to write the result to a given cookie jar and then never actually call curl_easy_perform() - the given file(s) to read was never read but the output file was written and thus it caused a "funny" result. - While doing some tests for the bug above, I noticed that Firefox generates large numbers (for the expire time) in the cookies.txt file and libcurl didn't treat them properly. Now it does. Daniel (15 August 2005) - Added more verbose "warning" messages to the curl client for cases where it fails to open/read files etc to help users diagnose why it doesn't do what you'd expect it to. Converted lots of old messages to use the new generic function I wrote for this purpose. Daniel (13 August 2005) - James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a site responds with bad HTTP response that doesn't contain any header at all, only a response body, and the write callback returns 0 to abort the transfer, it didn't have any real effect but the write callback would be called once more anyway. Daniel (12 August 2005) - Based on Richard Clayton's reports, I found out that using curl -d @filename when 'filename' was not possible to access made curl use a GET request instead. - The time condition illegal syntax warning is now inhibited if -s is used. Daniel (10 August 2005) - Mario Schroeder found out that one of the debug callbacks calls that regards SSL data with the CURLINFO_TEXT type claimed that the data was one byte larger than it actually is, thus falsely telling the application that the terminating zero was part of the data. Daniel (9 August 2005) - Christopher R. Palmer fixed the offsets used for date parsings when the time zone name of a daylight savings time was used. For example, PDT vs PDS. This flaw was introduced with the new date parser (11 sep 2004 - 7.12.2). Fortunately, no web server or cookie string etc should be using such time zone names thus limiting the effect of this bug. Daniel (8 August 2005) - Jon Grubbs filed bug report #1249962 (http://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly switches to pure HTTP internally when an HTTP proxy is used, even for FTP URLs. The problem would also occur with other multi-pass auth methods. Daniel (7 August 2005) - When curl is built with GnuTLS, curl-config didn't include "SSL" when --features was used. Daniel (28 July 2005) - If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is set to 1, CURLOPT_NOBODY will now automatically be set to 0. Daniel (27 July 2005) - Dan Fandrich changes over the last week: fixed numerous minor configure option parsing flaws: --without-gnutls, --without-spnego --without-gssapi and --without-krb4. Spellfixed several error messages. - Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a simple interface to extracting and setting cookies in libcurl's internal "cookie jar". See the new cookie_interface.c example code. Daniel (13 July 2005) - Diego Casorran provided patches to make curl build fine on Amiga again. Daniel (12 July 2005) - Adrian Schuur added trailer support in the chunked encoding stream. The trailer is then sent to the normal header callback/stream. I wrote up test case 266 to verify the basic functionality. Do note that test case 34 contains a flawed chunked encoding stream that still works the same. Daniel (5 July 2005) - Gisle Vanem came up with a nice little work-around for bug #1230118 (http://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC) libc time functions may return data one hour off if TZ is not set and automatic DST adjustment is enabled. This made curl_getdate() return wrong value, and it also concerned internal cookie expirations etc. Daniel (4 July 2005) - Andrew Bushnell provided enough info for me to tell that we badly needed to fix the CONNECT authentication code with multi-pass auth methods (such as NTLM) as it didn't previously properly ignore response-bodies - in fact it stopped reading after all response headers had been received. This could lead to libcurl sending the next request and reading the body from the first request as response to the second request. (I also renamed the function, which wasn't strictly necessary but...) The best fix would to once and for all make the CONNECT code use the ordinary request sending/receiving code, treating it as any ordinary request instead of the special-purpose function we have now. It should make it better for multi-interface too. And possibly lead to less code... Added test case 265 for this. It doesn't work as a _really_ good test case since the test proxy is too stupid, but the test case helps when running the debugger to verify. Daniel (30 June 2005) - Dan Fandrich improved the configure script's ability to figure out what kind of strerror_r() API that is used when cross-compiling. If __GLIB__ is defined, it assumes the glibc API. If not, it issues a notice as before that the user needs to manually edit lib/config.h for this. Daniel (23 June 2005) - David Shaw's fix that unifies proxy string treatment so that a proxy given with CURLOPT_PROXY can use a http:// prefix and user + password. The user and password fields are now also URL decoded properly. Test case 264 added to verify. Daniel (22 June 2005) - David Shaw updated libcurl.m4 Daniel (14 June 2005) - Gisle Vanem fixed a potential thread handle leak. Bug report #1216500 (http://curl.haxx.se/bug/view.cgi?id=1216500). Comment in http://curl.haxx.se/mail/lib-2005-06/0059.html Daniel (13 June 2005) - Made buildconf run libtoolize in the ares dir too (inspired by Tupone's reverted patch). Daniel (9 June 2005) - Incorporated Tupone's findtool fix in buildconf (slightly edited) - Incorporated Tupone's head -n fix in buildconf. Daniel (8 June 2005) - Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it in pieces, one by one and see what we need to adjust to work all over. Daniel (6 June 2005) - Tupone Alfredo fixed three problems in buildconf: 1) findtool does look per tool in PATH and think ./perl is the perl executable, while is just a local directory (I have . in the PATH) 2) I got several warning for head -1 deprecated in favour of head -n 1 3) ares directory is missing some file (missing is missing :-) ) because automake and friends is not run. Daniel (3 June 2005) - Added docs/libcurl/getinfo-times, based on feedback from 'Edi': http://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes - Andres Garcia provided yet another text mode patch for several test cases so that they do text comparisions better on Windows (newline-wise). Daniel (1 June 2005) - The configure check for c-ares now adds the cares lib before the other libs, to make it build fine with mingw. Inspired by Tupone Alfredo's bug report and patch: http://curl.haxx.se/bug/view.cgi?id=1212940 Daniel (31 May 2005) - Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6 address was not possible to use. It is now, but requires it written RFC2732-style, within brackets - which incidently is how you enter numerical IPv6 addresses in URLs. Test case 263 added to verify. Daniel (30 May 2005) - Eric Cooper reported about a problem with HTTP servers that responds with binary zeroes within the headers. They confused libcurl to do wrong so the downloaded headers become incomplete. The fix is now verified with test case 262. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948 Daniel (25 May 2005) - Fixed problems with the test suite, and in particular the FTP test cases since it previously was failing every now and then in a nonsense manner. - --trace-time now outputs the full microsecond, all 6 digits. Daniel (24 May 2005) - Andres Garcia provided a text mode patch for several test cases so that they do text comparisions better on Windows (newline-wise). - Any 2xx response (and not just 200) is now considered a fine response to TYPE, as some servers obviously sends a 226 there. Added test case 261 to verify. Based on a question/report by Georg Wicherski. Daniel (20 May 2005) - Improved runtests.pl to allow stdout tests to be mode=text as well, just as file comparisons already supports. Added this info to the FILEFORMAT docs. Daniel (18 May 2005) - John McGowan identified a problem in bug report #1204435 (http://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like "http://somehost?data" as it added a slash too much in the request ("GET /?data/"...). Added test case 260 to verify. - The configure check for strerror_r() failed to detect the proper API at times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc version if the posix define wasn't set (since it _had_ found a strerror_r). Daniel (16 May 2005) - The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail due to this. There's now a configure check that attempts to detect the bad function and not use it on such systems. Version 7.14.0 (16 May 2005) Daniel (13 May 2005) - Grigory Entin reported that curl's configure detects a fine poll() for Mac OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable doesn't work as good as if built without poll(). I've adjusted the configure to always skip the fine-poll() test on Mac OS X (darwin). Daniel (12 May 2005) - When doing a second request (after a disconnect) using the same easy handle, over a proxy that uses NTLM authentication, libcurl failed to use NTLM again properly (the auth method was accidentally reset to the same as had been set for host auth, which defaults to Basic). Bug report #1200661 (http://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and the fix. - If -z/--time-cond is used with an invalid date syntax, this is no longer silently discarded. Instead a proper warning message is diplayed that informs about it. But it still continues without the condition. Version 7.14.0-pre2 (11 May 2005) Daniel (11 May 2005) - Starting now, libcurl sends a little different set of headers in its default HTTP requests: A) Normal non-proxy HTTP: - no more "Pragma: no-cache" (this only makes sense to proxies) B) Non-CONNECT HTTP request over proxy: - "Pragma: no-cache" is used (like before) - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) C) CONNECT HTTP request over proxy: - "Host: [name]:[port]" - "Proxy-Connection: Keep-alive" The A) case is mostly to reduce the default header size and remove a pointless header. The B) is to address (rare) problems with HTTP 1.0 proxies The C) headers are both to address (rare) problems with some proxies. The code in libcurl that deals with CONNECT requests need a rewrite, but it feels like a too big a job for me to do now. Details are added in the code comments for now. Updated a large amount of test cases to reflect the news. Daniel (10 May 2005) - Half-baked attempt to bail out if select() returns _only_ errorfds when the transfer is in progress. An attempt to fix Allan's problem. See http://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread for details. I'm still not sure this is the right fix, but... Version 7.14.0-pre1 (9 May 2005) Daniel (2 May 2005) - Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At least it should no longer cause a compiler error. However, it does not have AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it (we use that for FTP PORT/EPRT)! So, I modified the configure check that checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then it'll fail on AIX 4.3 and it will automatically build with IPv6 support disabled. - Added --trace-time that when used adds a time stamp to each trace line that --trace, --trace-ascii and --verbose output. I also made the '>' display separate each line on the linefeed so that HTTP requests etc look nicer in the -v output. - Made curl recognize the environment variables Lynx (and others?) support for pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If CURL_CA_BUNDLE is not set, they are checked afterwards. Like before: on windows if none of these are set, it checks for the ca cert file like this: 1. application's directory 2. current working directory 3. Windows System directory (e.g. C:\windows\system32) 4. Windows Directory (e.g. C:\windows) 5. all directories along %PATH% Daniel (1 May 2005) - The runtests.pl script now starts test servers by doing fork() and exec() instead of the previous approach. This is less complicated and should hopefully lead to less "leaked" servers (servers that aren't stopped properly when the tests are stopped). - Alexander Zhuravlev found a case when you did "curl -I [URL]" and it complained on the chunked encoding, even though a HEAD should never return a body and thus it cannot be a chunked-encoding problem! Daniel (30 April 2005) - Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using --interface on an address that can't be bound. Daniel (28 April 2005) - Working on fixing up test cases to mark sections as 'mode=text' for things that curl writes as text files, since then they can get different line endings depending on OS. Andrés García helps me work this out. Did lots of other minor tweaks on the test scripts to work better and more reliably find test servers and also kill test servers. - Dan Fandrich pointed out how the runtests.pl script killed the HTTP server instead of the HTTPS server when closing it down. Daniel (27 April 2005) - Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two more places. First, CURL_HOME is a new environment variable that is used instead of HOME if it is set, to point out where the default config file lives. If there's no config file in the dir pointed out by one of the environment variables, the Windows version will instead check the same directory the executable curl is located in. Daniel (26 April 2005) - Cory Nelson's work on nuking compiler warnings when building on x64 with VS2005. Daniel (25 April 2005) - Fred New reported a bug where we used Basic auth and user name and password in .netrc, and when following a Location: the subsequent requests didn't properly use the auth as found in the netrc file. Added test case 257 to verify my fix. - Based on feedback from Cory Nelson, I added some preprocessor magic in */setup.h and */config-win32.h to build fine with VS2005 on x64. Daniel (23 April 2005) - Alex Suykov made the curl tool now assume that uploads using HTTP:// or HTTPS:// are the only ones that show output and thus motivates a switched off progress meter if the output is sent to the terminal. This makes FTP uploads without '>', -o or -O show the progress meter. Daniel (22 April 2005) - Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static library variants. - Andres Garcia fixed configure to set the proper define when building static libcurl on windows. - --retry-delay didn't work. Daniel (18 April 2005) - Olivier reported that even though he used CURLOPT_PORT, libcurl clearly still used the default port. He was right. I fixed the problem and added the test cases 521, 522 and 523 to verify the fix. - Toshiyuki Maezawa reported that when doing a POST with a read callback, libcurl didn't properly send an Expect: 100-continue header. It does now. - I committed by mig change in the test suite's FTP server that moves out all socket/TCP code to a separate C program named sockfilt. And added 4 new test cases for FTP over IPv6. Daniel (8 April 2005) - Cory Nelson reported a problem with a HTTP server that responded with a 304 response containing an "illegal" Content-Length: header, which was not properly ignored by libcurl. Now it is. Test case 249 verifies. Daniel (7 April 2005) - Added ability to build and run with GnuTLS as an alternative to OpenSSL for the secure layer. configure --with-gnutls enables with. Note that the previous OpenSSL check still has preference and if it first detects OpenSSL, it will not check for GnuTLS. You may need to explictly diable OpenSSL with --without-ssl. This work has been sponsored by The Written Word. Daniel (5 April 2005) - Christophe Legry fixed the post-upload check for FTP to not complain if the upload was skipped due to a time-condition as set with CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify. Version 7.13.2 (5 April 2005) Daniel (4 April 2005) - Marcelo Juchem fixed the MSVC makefile for libcurl - Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle was killed before the threading resolver (windows only) still hadn't completed. - Hardeep Singh reported a problem doing HTTP POST with Digest. (It was actually also affecting NTLM and Negotiate.) It turned out that if the server responded with 100 Continue before the initial 401 response, libcurl didn't take care of the response properly. Test case 245 and 246 added to verify this. Daniel (30 March 2005) - Andres Garcia modified the configure script to check for libgdi32 before libcrypto, to make the SSL check work fine on msys/mingw. Daniel (29 March 2005) - Tom Moers identified a flaw when you sent a POST with Digest authentication, as in the first request when curl sends a POST with Content-Length: 0, it still forcibly closed the connection before doing the next step in the auth negotiation. - Jesper Jensen found out that FTP-SSL didn't work since my FTP rewrite. Fixing that was easy, but it also revealed a much worse problem: the FTP server response reader function didn't properly deal with reading responses in multiple tiny chunks properly! I modified the FTP server to allow it to produce such split-up responses to make sure curl deals with them as it should. - Based on Augustus Saunders' comments and findings, the HTTP output auth function was fixed to use the proper proxy authentication when multiple ones are accepted. test 239 and test 243 were added to repeat the problems and verify the fixes. --proxy-anyauth was added to the curl tool Daniel (16 March 2005) - Tru64 and some IRIX boxes seem to not like test 237 as it is. Their inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted address which makes a different failure... Now I've modified the ipv4 resolve code to use inet_pton() instead in an attempt to make these systems better detect this as a bad IP address rather than creating a toally bogus address that is then passed on and used. Daniel (15 March 2005) - Dan Fandrich made the code properly use the uClibc's version of inet_ntoa_r() when built with it. - Added test 237 and 238: test EPSV and PASV response handling when they get well- formated data back but using illegal values. In 237 PASV gets an IP address that is way bad. In 238 EPSV gets a port that is way out of range. Daniel (14 March 2005) - Added a few missing features to the curl-config --features list - Modified testcurl.pl to now offer 1 - command line options for all info it previously only read from file: --name, --email, --desc and --configure 2 - --nocvsup makes it not attempt to do cvs update 3 - --crosscompile informs it and makes it not attempt things it can't do - Fixed numerous win32 compiler warnings. - Removed the lib/security.h file since it shadowed the mingw/win32 header with the same name which is needed for SSPI builds. The contents of the former security.h is now i krb4.h - configure --enable-sspi now enables SSPI in the build. It only works for windows builds (including cross-compiles for windows). Daniel (12 March 2005) - David Houlder added --form-string that adds that string to a multipart formpost part, without special characters having special meanings etc like --form features. Daniel (11 March 2005) - curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was built with SSPI support. - Christopher R. Palmer made it possible to build libcurl with the USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass on the current user and its password in the request. Daniel (9 March 2005) - Dan F improved the SSL lib setup in configure. - Nodak Sodak reported a crash when using a SOCKS4 proxy. - Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the multi interface code. - Adjusted the man page for the curl_getdate() return value for dates after year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it returns either the correct value or even -1 on some systems that still seem to not deal with this properly. Tor Arntsen found a 64bit AIX system for us that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on this problem in the first place. Daniel (8 March 2005) - Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP file got a Last-Modified: header written to the data stream, corrupting the actual data. This was because some conditions from the previous FTP code was not properly brought into the new FTP code. I fixed and I added test case 520 to verify. (This bug was introduced in 7.13.1) - Dan Fandrich fixed the configure --with-zlib option to always consider the given path before any standard paths. Daniel (6 March 2005) - Randy McMurchy was the first to report that valgrind.pm was missing from the release archive and thus 'make test' fails. Daniel (5 March 2005) - Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files. - Added test case 235 that makes a resumed upload of a file that isn't present on the remote side. This then converts the operation to an ordinary STOR upload. This was requested/pointed out by Ignacio Vazquez-Abrams. It also proved (and I fixed) a bug in the newly rewritten ftp code (and present in the 7.13.1 release) when trying to resume an upload and the servers returns an error to the SIZE command. libcurl then loops and sends SIZE commands infinitely. - Dan Fandrich fixed a SSL problem introduced on February 9th that made libcurl attempt to load the whole random file to seed the PRNG. This is really bad since this turns out to be using /dev/urandom at times... Version 7.13.1 (4 March 2005) Daniel (4 March 2005) - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate the cookie "engine" without having to provide an empty or non-existing file. - Rene Rebe fixed a -# crash when more data than expected was retrieved. Daniel (22 February 2005) - NTLM and ftp-krb4 buffer overflow fixed, as reported here: http://www.securityfocus.com/archive/1/391042 and the CAN report here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 If these security guys were serious, we'd been notified in advance and we could've saved a few of you a little surprise, but now we weren't. Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem. Daniel (18 February 2005) - Mike Dobbs reported a mingw build failure due to the lack of BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by configure when mingw is used. Daniel (17 February 2005) - David in bug report #1124588 found and fixed a socket leak when libcurl didn't close the socket properly when returning error due to failing localbind Daniel (16 February 2005) - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send. Daniel (14 February 2005) - The configure script didn't check for ENGINE_load_builtin_engines() so it was never used. Daniel (11 February 2005) - Removed all uses of strftime() since it uses the localised version of the week day names and month names and servers don't like that. Daniel (10 February 2005) - Now the test script disables valgrind-testing when the test suite runs if libcurl is built shared. Otherwise valgrind only tests the shell that runs the wrapper-script named 'curl' that is a front-end to curl in this case. This should also fix the huge amount of reports of false positives when valgrind has identified leaks in (ba)sh and not in curl and people report that as curl bugs. Bug report #1116672 is one example. Also, the valgrind report parser has been adapted to check that at least one of the sources in a stack strace is one of (lib)curl's source files or otherwise it will not consider the problem to concern (lib)curl. - Marty Kuhrt streamlined the VMS build. Daniel (9 February 2005) - David Byron fixed his SSL problems, initially mentioned here: http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use SSL_pending() as we should. - Converted lots of FTP code to a statemachine, so that the multi interface doesn't block while communicating commands-responses with an FTP server. I've added a comment like BLOCKING in the code on all spots I could find where we still have blocking operations. When we change curl_easy_perform() to use the multi interface, we'll also be able to simplify the code since there will only be one "internal interface". While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the new CURLE_LOGIN_DENIED. The first one is now access denied to a function, like changing directory or retrieving a file, while the second means that we were denied login. The CVS tag 'before_ftp_statemachine' was set just before this went in, in case of future need. - Gisle made the DICT code send CRLF and not just LF as the spec says so. Daniel (8 February 2005) - Gisle fixed problems when libcurl runs out of memory, and worked on making sure the proper error code is returned for those occations. Daniel (7 February 2005) - Maruko pointed out a problem with inflate decompressing exactly 64K contents. Daniel (5 February 2005) - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing PORT on ipv6-enabled hosts. - David Byron pointed out we could use BUFSIZE to read data (in lib/transfer.c) instead of using BUFSIZE -1. Version 7.13.0 (1 February 2005) Daniel (31 January 2005) - Added Lars Nilsson's htmltitle.cc example Daniel (30 January 2005) - Fixed a memory leak when using the multi interface and the DO operation failed (as in test case 205). - Fixed a valgrind warning for file:// operations. - Fixed a valgrind report in the url globbing code for the curl command line tool. - Bugfixed the parser that scans the valgrind report outputs (in runtests.pl). I noticed that it previously didn't detect and report the "Conditional jump or move depends on uninitialised value(s)" error. When I fixed this, I caught a few curl bugs with it. And then I had to spend time to make the test suite IGNORE these errors when OpenSSL is used since it produce massive amounts of valgrind warnings (but only of the "Conditional..." kind it seems). So, if a test that requires SSL is run, it ignores the "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead of "valgrind OK". Daniel (29 January 2005) - Using the multi interface, and doing a requsted a re-used connection that gets closed just after the request has been sent failed and did not re-issue a request on a fresh reconnect like the easy interface did. Now it does! - Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use my new curl_easy_perform() that uses the multi interface to run the request. It is a great testbed for the multi interface and I believe we shall do it this way for real in the future when we have a successor to curl_multi_fdset(). I've used this approach to detect and fix several of the recent multi-interfaces issues. - Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some bad assumptions. - multi interface: when a request is denied due to "Maximum redirects followed" libcurl leaked the last Location: URL. - Connect failures with the multi interface was often returned as "connect() timed out" even though the reason was different. Daniel (28 January 2005) - KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two curl_easy_perform() invokes. It was previously unlocked at disconnect, which could mean that it remained locked between multiple transfers. The DNS cache may not live as long as the connection cache does, as they are separate. To deal with the lack of DNS (host address) data availability in re-used connections, libcurl now keeps a copy of the IP adress as a string, to be able to show it even on subsequent requests on the same connection. The problem could be made to appear with this stunt: 1. create a multi handle 2. add an easy handle 3. fetch a URL that is persistent (leaves the connection alive) 4. remove the easy handle from the multi 5. kill the multi handle 6. create a multi handle 7. add the same easy handle to the new multi handle 8. fetch a URL from the same server as before (re-using the connection) - Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work when built ipv6-enabled. I've now made a fix for it. Writing test cases for custom port hosts turned too tricky so unfortunately there's none. Daniel (25 January 2005) - Ian Ford asked about support for the FTP command ACCT, and I discovered it is present in RFC959... so now (lib)curl supports it as well. --ftp-account and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an account string after PASS have been sent away. The client responds with "ACCT [account string]".) Added test case 228 and 229 to verify the functionality. Updated the test FTP server to support ACCT somewhat. - David Shaw contributed a fairly complete and detailed autoconf test you can use to detect libcurl and setup variables for the protocols the installed libcurl supports: docs/libcurl/libcurl.m4 Daniel (21 January 2005) - Major FTP third party transfer overhaul. These four options are now obsolete: CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before) and CURLOPT_PASV_HOST. These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE. The target-side didn't use the proper path with RETR, and thus this only worked correctly in the login path (i.e without doing any CWD). The source- side still uses a wrong path, but the fix for this will need to wait. Verify the flaw by using a source URL with included %XX-codes. Made CURLOPT_FTPPORT control weather the target operation should use PORT (or not). The other side thus uses passive (PASV) mode. Updated the ftp3rdparty.c example source to use the updated options. Added support for a second FTP server in the test suite. Named... ftp2. Added test cases 230, 231 and 232 as a few first basic tests of very simple 3rd party transfers. Changed the debug output to include 'target' and 'source' when a 3rd party is being made, to make it clearer what commands/responses came on what connection. Added three new command line options: --3p-url, --3p-user and --3p-quote. Documented the command line options and the curl_easy_setopt options related to third party transfers. (Temporarily) disabled the ability to re-use an existing connection for the source connection. This is because it needs to force a new in case the source and target is the same host, and the host name check is trickier now when the source is identified with a full URL instead of a plain host name like before. TODO (short-term) for 3rd party transfers: quote support. The options are there, we need to add test cases to verify their functionality. TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc) and SSL/TSL support. Daniel (20 January 2005) - Philippe Hameau found out that -Q "+[command]" didn't work, although some code was written for it. I fixed and added test case 227 to verify it. The curl.1 man page didn't mention the '+' so I added it. Daniel (19 January 2005) - Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL contains %0a or %0d in the user, password or CWD parts. (A future fix would include doing it for %00 as well - see KNOWN_BUGS for details.) Test case 225 and 226 were added to verify this - Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled: 1) the proxy environment variables are still read and used to set HTTP proxy 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was disabled). This is important since apps may want to disable HTTP proxy without actually knowing if libcurl was built to disable HTTP or not. Based on Stephan's patch, both these issues should now be fixed. Daniel (18 January 2005) - Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was applied. Daniel (16 January 2005) - Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl assumed this used the DICT protocol. While guessing protocols will remain fuzzy, I've now made sure that the host names must start with "[protocol]." for them to be a valid guessable name. I also removed "https" as a prefix that indicates HTTPS, since we hardly ever see any host names using that. Daniel (13 January 2005) - Inspired by Martijn Koster's patch and example source at http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the select() and poll() calls properly loop if they return -1 and errno is EINTR. glibc docs for this is found here: http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html This last link says BSD doesn't have this "effect". Will there be a problem if we do this unconditionally? Daniel (11 January 2005) - Dan Torop cleaned up a few no longer used variables from David Phillips' select() overhaul fix. - Cyrill Osterwalder posted a detailed analysis about a bug that occurs when using a custom Host: header and curl fails to send a request on a re-used persistent connection and thus creates a new connection and resends it. It then sent two Host: headers. Cyrill's analysis was posted here: http://curl.haxx.se/mail/archive-2005-01/0022.html - Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5 problem with the version byte and the check for bad versions. Bruce has lots of clues on this, and based on his suggestion I've now removed the check of that byte since it seems to be able to contain 1 or 5. Daniel (10 January 2005) - Pavel Orehov reported memory problems with the multi interface in bug report #1098843. In short, a shared DNS cache was setup for a multi handle and when the shared cache was deleted before the individual easy handles, the latter cleanups caused read/writes to already freed memory. - Hzhijun reported a memory leak in the SSL certificate code, that leaked the remote certificate name when it didn't match the used host name. Gisle (8 January 2005) - Added Makefile.Watcom files (src/lib). Updated Makefile.dist. Daniel (7 January 2005) - Improved the test script's valgrind log parser to actually work! Also added the ability to disable the log scanner for specific test cases. Test case 509 results in numerous problems and leaks in OpenSSL and has to get it disabled. Daniel (6 January 2005) - Fixed a single-byte read out of bounds in test case 39 in the curl tool code (i.e not in the library). - Bug report #1097019 identified a problem when doing -d "data" with -G and sending it to two URLs with {}. Added test 199 to verify the fix. Daniel (4 January 2005) - Marty Kuhrt adjusted a VMS build script slightly - Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on Win2000. Daniel (2 January 2005) - Alex Neblett updated the MSVC makefiles slightly. Daniel (25 December 2004) - Removed src/config.h.in from CVS, it is now copied from the (generated) lib/config.h.in instead, as they can very well be the same. This removes a "manual hassle". You may want to re-run buildconf now. - Werner Koch filed Debian bug report #286794, mentioning that curl contained non-free (by Debian's view) source code. This was Angus Mackay's src/getpass.c source code. I tried to contact him about it to quickly solve this issue, but his email addresses bounce and I got some time "over" and reimplemented the functionality once brought by Angus. We no longer use any of Angus' original code and the new function is much simpler (IMO). Issue solved. Daniel (24 December 2004) - David Shaw added --protocols to curl-config, so that it now lists all protocols libcurl was built to support. --feature no longer lists disabled protocols. Daniel (23 December 2004) - David Shaw fixed the configure --disable-[protocol] variables so that curl-config --feature now works correctly! Daniel (22 December 2004) - Rune Kleveland fixed a minor memory leak for received cookies with the (rare) version attribute set. - Marcin Konicki provided two configure fixes and a source fix to make curl build out-of-the-box on BeOS. Daniel (21 December 2004) - Added test case 217 that verified CURLINFO_HTTP_CONNECTCODE, and I made the -w option support 'http_connect' to make it easier to verify! - Fixed lib/select.c include order to build fine on FreeBSD - Fixed failf()'s reuse of the va_list variable that crashed on FreeBSD. Pointed out by Peter Pentchev. Version 7.12.3 (20 December 2004) Daniel (19 December 2004) - I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e, and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef named 'free_func' and the OpenSSL headers have a prototype that uses 'free_func' in one of its arguments. This is why the compile errors out. In other words, we need to include the openssl/pkcs12.h header before the zlib.h header and it builds fine. The configure script now checks for this file and it then gets included early in lib/urldata.h. Daniel (18 December 2004) - Samuel Listopad added support for PKCS12 formatted certificates. - Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well. Daniel (16 December 2004) - Gisle found and fixed a problem in the directory re-use for FTP. I added test case 215 and 216 to better verify the functionality. - Dinar in bug report #1086121, found a file handle leak when a multipart formpost (including a file upload part) was aborted before the whole file was sent. Daniel (15 December 2004) - Tom Lee found out that globbing of strings with backslashes didn't work as you'd expect. Backslashes are such a central part of windows file names that forcing backslashes to have to be escaped with backslashes is a bit too awkward to users. Starting now, you only need to escape globbing characters such as the five letters: "[]{},". Added test case 214 to verify this. Daniel (14 December 2004) - Harshal Pradhan patched a HTTP persistent connection flaw: if the user name and/or password were modified between two requests on a persistent connection, the second request were still made with the first setup! I added test case 519 to verify the fix. Daniel (13 December 2004) - Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app to list all available crypto ENGINES. - Gisle fixed bug report #1083542, which pointed out a problem with resuming large file (>4GB) file:// transfers on windows. Daniel (11 December 2004) - Made the test suite HTTP server (sws) capable of using IPv6, and then extended the test environment to support that and also added three test cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that didn't work before the 10 dec fix by Kai Sommerfeld. - Made a failed file:// resume output an error message - Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c - Dan Fandrich: simplified and consolidated the SSL checks in configure and the usage of the defines in lib/setup.h provided a first libcurl.pc.in file for pkg-config (but the result is not installed anywhere at this point) extended the cross compile section in the docs/INSTALL file Daniel (10 December 2004) - When providing user name in the URL and a IPv6-style IP-address (like in "ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted properly. Reported and fixed by Kai Sommerfeld. Daniel (9 December 2004) - Ton Voon provided a configure fix that should fix the notorious (mostly reported on Solaris) problem where the size_t check fails due to the SSL libs being found in a dir not searched through by the run-time linker. patch-tracker entry #1081707. - Bryan Henderson pointed out in bug report #1081788 that the curl-config --vernum output wasn't zero prefixed properly (as claimed in documentation). This is fixed in maketgz now. Daniel (8 December 2004) - Matt Veenstra updated the mach-O framework files for Mac OS X. - Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. This is not an exploitable buffer overflow. No need to get alarmed. Daniel (7 December 2004) - Fixed so that the final error message is sent to the verbose info "stream" even if no errorbuffer is set. Daniel (6 December 2004) - Dan Fandrich added the --disable-cookies option to configure to build libcurl without cookie support. This is mainly useful if you want to build a minimalistic libcurl with no cookies support at all. Like for embedded systems or similar. - Richard Atterer fixed libcurl's way of dealing with the EPSV response. Previously, libcurl would re-resolve the host name with the new port number and attempt to connect to that, while it should use the IP from the control channel. This bug made it hard to EPSV from an FTP server with multiple IP addresses! Daniel (3 December 2004) - Bug report #1078066: when a chunked transfer was pre-maturely closed exactly at a chunk boundary it was not considered an error and thus went unnoticed. Fixed by Maurice Barnum. Added test case 207 to verify. Daniel (2 December 2004) - Fixed the CONNECT loop to default timeout to 3600 seconds. Added test case 206 that makes CONNECT with Digest. Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user- agent field. Daniel (30 November 2004) - Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream - Dan also helped me with input data to create three more test cases for the --compressed option. Daniel (29 November 2004) - I improved the test suite to enable binary contents in the tests (by proving it base64 encoded), like for testing decompress etc. Added test 220 and 221 for this purpose. Tests can now also depend on libz to run. - As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285 (http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables the ability to transfer a file. Now, when connected to an FTP server with IPv6, these FTP commands can't be disabled even if asked to with the available libcurl options. Daniel (26 November 2004) - As reported in Mandrake's bug tracker bug 12289 (http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a newline to "finish" the progress meter after each redirect and not only after a completed transfer. Daniel (25 November 2004) - FTP improvements: If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on the same server again even if a following request is made using a persistent connection. If a second request is made to a server, requesting a file from the same directory as the previous request operated on, libcurl will no longer make that long series of CWD commands just to end up on the same spot. Note that this is only for *exactly* the same dir. There is still room for improvements to optimize the CWD-sending when the dirs are only slightly different. Added test 210, 211 and 212 to verify these changes. Had to improve the test script too and added a new primitive to the test file format. Daniel (24 November 2004) - Andrés García fixed the configure script to detect select properly when run with Msys/Mingw on Windows. Daniel (22 November 2004) - Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass auth negotiation (NTLM, Digest and Negotiate), but instead use the request keyword "properly". Details in lib/README.httpauth. This also introduces CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the "any" auth alternative as then libcurl may need to send the PUT/POST data more than once and thus may need to ask the app to "rewind" the read data stream to start. See also the new example using this: docs/examples/anyauthput.c - David Phillips enhanced test 518. I made it depend on a "feature" so that systems without getrlimit() won't attempt to test 518. configure now checks for getrlimit() and setrlimit() for this test case. Daniel (18 November 2004) - David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE file descriptors are in use. Test case 518 added to verify. Daniel (15 November 2004) - To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and num_redirects support to the -w writeout option for the command line tool. - Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as documented. Daniel (12 November 2004) - Gisle Vanem modigied the MSVC and Netware makefiles to build without libcurl.def - Dan Fandrich added the --disable-crypto-auth option to configure to allow libcurl to build without Digest support. (I figure it should also explicitly disable Negotiate and NTLM.) - *** Modified Behaviour Alert *** Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET. Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make a zero byte POST. Added test case 515 to verify this. Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516 to verify this. CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know". Setting it to zero simply says this is a zero byte POST. When providing POST data with a read callback, setting the size up front is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE. Daniel (11 November 2004) - Dan Fandrich added --disable-verbose to the configure script to allow builds without verbose strings in the code, to save some 12KB space. Makes sense only for systems with very little memory resources. - Jeff Phillips found out that a date string with a year beyond 2038 could crash the new date parser on systems with 32bit time_t. We now check for this case and deal with it. Daniel (10 November 2004) - I installed Heimdal on my Debian box (using the debian package) and noticed that configure --with-gssapi failed to create a nice build. Fixed now. Daniel (9 November 2004) - Gisle Vanem marked all external function calls with CURL_EXTERN so that now the Windows, Netware and other builds no longer need libcurl.def or similar files. Daniel (8 November 2004) - Made the configure script check for tld.h if libidn was detected, since libidn 0.3.X didn't have such a header and we don't work with anything before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version of libidn which makes the curl 7.12.2 build fail. Jean-Philippe Barrette-LaPierre helped pointing this out. - Ian Gulliver reported in debian bug report #278691: if curl is invoked in an environment where stderr is closed the -v output will still be sent to file descriptor 2 which then might be the network socket handle! Now we have a weird hack instead that attempts to make sure that file descriptor 2 is opened (with a call to pipe()) before libcurl is called to do the transfer. configure now checks for pipe() and systems without pipe don't get the weird hack done. Daniel (5 November 2004) - Tim Sneddon made libcurl send no more than 64K in a single first chunk when doing a huge POST on VMS, as this is a system limitation. Default on general systems is 100K. Daniel (4 November 2004) - Andres Garcia made it build on mingw againa, my --retry code broke the build. Daniel (2 November 2004) - Added --retry-max-time that allows a maximum time that may not have been reached for a retry to be made. If not set there is no maximum time, only the amount of retries set with --retry. - Paul Nolan provided a patch to make libcurl build nicely on Windows CE. Daniel (1 November 2004) - When cross-compiling, the configure script no longer attempts to use pkg-config on the build host in order to detect OpenSSL compiler options. Daniel (27 October 2004) - Dan Fandrich: An improvement to the gzip handling of libcurl. There were two problems with the old version: it was possible for a malicious gzip file to cause libcurl to leak memory, as a buffer was malloced to hold the header and never freed if the header ended with no file contents. The second problem is that the 64 KiB decompression buffer was allocated on the stack, which caused unexpectedly high stack usage and overflowed the stack on some systems (someone complained about that in the mailing list about a year ago). Both problems are fixed by this patch. The first one is fixed when a recent (1.2) version of zlib is used, as it takes care of gzip header parsing itself. A check for the version number is done at run-time and libcurl uses that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that can be commented out to save some code space if libcurl is guaranteed to be using a 1.2 version of zlib. The second problem is solved by dynamically allocating the memory buffer instead of storing it on the stack. The allocation/free is done for every incoming packet, which is suboptimal, but should be dwarfed by the actual decompression computation. I've also factored out some common code between deflate and gzip to reduce the code footprint somewhat. I've tested the gzip code on a few test files and I tried deflate using the freshmeat.net server, and it all looks OK. I didn't try running it with valgrind, however. - Added a --retry option to curl that takes a numerical option for the number of times the operation should be retried. It is retried if a transient error is detected or if a timeout occurred. By default, it will first wait one second between the retries and then double the delay time between each retry until the delay time is ten minutes which then will be the delay time between all forthcoming retries. You can set a static delay time with "--retry-delay [num]" where [num] is the number of seconds to wait between each retry. Daniel (25 October 2004) - Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a file that was already completely downloaded caused an error, while it doesn't if you don't use --fail! I added test case 194 to verify the fix. Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in libcurl v8 due to all the kludges needed to support it. - Mohun Biswas found out that formposting a zero-byte file didn't work very good. I fixed. Daniel (19 October 2004) - Alexander Krasnostavsky made it possible to make FTP 3rd party transfers with both source and destination being the same host. It can be useful if you want to move a file on a server or similar. - Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure out how many new connects a previous transfer required. I added %{num_connects} to the curl tool and added test case 192 and 193 to verify the new code. Daniel (18 October 2004) - Peter Wullinger pointed out that curl should call setlocale() properly to initiate the specific language operations, to make the IDN stuff work better. Version 7.12.2 (18 October 2004) Daniel (16 October 2004) - Alexander Krasnostavsky made the CURLOPT_FTP_CREATE_MISSING_DIRS option work fine even for third party transfers. - runekl at opoint.com found out (and provided a fix) that libcurl leaked memory for cookies with the "max-age" field set. Gisle (16 October 2004) - Issue 50 in TODO-RELEASE; Added Traian Nicolescu's patches for threaded resolver on Windows. Plugged some potential handle and memory leaks. Daniel (14 October 2004) - Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user name and password fields properly in URLs, like ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. Daniel (11 October 2004) - libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or later is one) to inhibit the SIGPIPE signal when writing to a socket while the peer dies. The same effect is provide by the MSG_NOSIGNAL parameter to send() on other systems. Alan Pinstein verified the fix. Daniel (10 October 2004) - Systems with 64bit longs no longer use strtoll() or our strtoll- replacement to parse 64 bit numbers. strtol() works fine. Added a configure check to detect if [constant]LL works and if so, use that in the strtoll replacement code to work around compiler warnings reported by Andy Cedilnik. Gisle (6 October 2004) - For USE_LIBIDN builds: Added Top-Level-Domain (TLD) check of host-name used in fix_hostname(). Checks if characters in 'host->name' (indirectly via 'ace_hostname') are legal according to the TLD tables in libidn. Daniel (6 October 2004) - Chih-Chung Chang reported that if you use CURLOPT_RESUME_FROM and enabled CURLOPT_FOLLOWLOCATION, libcurl reported error if a redirect happened even if the new URL would provide the resumed file. Test case 188 added to verify the fix (together with existing test 99). - Dan Fandrich fixed a configure flaw for systems that need both nsl and socket libs to use gethostbyname(). - Removed tabs and trailing whitespace from lots of source files. Daniel (5 October 2004) - Made configure --with-libidn=PATH try the given PATH before the default paths to make it possible to override. - If idna_strerror() is present in libidn, we can use that instead of our internal replacement. This function was added by Simon in libidn 0.5.6 and is detected by configure. - It seems basename() on IRIX is in the libgen library and since we don't use that, configure finds libgen.h but not basename and then we get a compiler error because our basename() replacement doesn't match the proto in libgen.h. Starting now, we don't include the file if basename wasn't found as well. Daniel (4 October 2004) - Chris found a race condition resulting in CURLE_COULDNT_RESOLVE_HOST and potential crash, in the windows threaded name resolver code. Daniel (3 October 2004) - Replaced the use of isspace() in cookie.c with our own version instead since we have most data as 'char *' and that makes us pass in negative values if there is 8bit data in the string. Changing to unsigned causes too much warnings or too many required typecasts to the normal string functions. Harshal Pradhan identified this problem. Daniel (2 October 2004) - Bertrand Demiddelaer found a case where libcurl could read already freed data when CURLOPT_VERBOSE is used and a (very) persistent connection. It happened when the dns cache entry for the connection was pruned while the connection was still alive and then again re-used. We worked together on this fix. - Gisle Vanem provided code that displays an error message when the (libidn based) IDN conversion fails. This is really due to a missing suitable function in the libidn API that I hope we can remove once libidn gets a function like this. Daniel (1 October 2004) - Aleksandar Milivojevic reported a problem in the Redhat bugzilla (see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134133) and not to anyone involved in the curl project! This happens when you try to curl a file from a proftpd site using SSL. It seems proftpd sends a somewhat unorthodox response code (232 instead of 230). I relaxed the response code check to deal with this and similar cases. - Based on Fedor Karpelevitch's formpost path basename patch, file parts in formposts no longer include the path part. If you _really_ want them, you must provide your preferred full file name with CURLFORM_FILENAME. Added detection for libgen.h and basename() to configure. My custom basename() replacement function for systems without it, might be a bit too naive... Updated 6 test cases to make them work with the stripped paths. Daniel (30 September 2004) - Larry Campbell added CURLINFO_OS_ERRNO to curl_easy_getinfo() that allows an app to retrieve the errno variable after a (connect) failure. It will make sense to provide this for more failures in a more generic way, but let's start like this. - Günter Knauf and Casey O'Donnell worked out an extra #if condition for the curl/multi.h header to work better in winsock-using apps. - Jean-Philippe Barrette-LaPierre made buildconf run better on Mac OS X by properly using glibtoolize instead of plain libtoolize. (This is made if glibtool was found and used instead of plain libtool.) Daniel (29 September 2004) - Bertrand Demiddelaer fixed curl_easy_reset() so that it doesn't mistakingly enable the progress meter. Daniel (28 September 2004) - "Mekonikum" found out that if you built curl without SSL support, although your current SSL installation supports Engine, the compile fails. Daniel (27 September 2004) - When --with-ssl=PATH is used to the configure script, it no longer uses pkg-config to figure out extra details. That is now only done if no PATH is included or if SSL is checked for by default without the --with-ssl option. Daniel (25 September 2004) - Peter Sylvester pointed out that CURLOPT_SSLENGINE couldn't even be set to NULL when no engine was supported. It can now. Daniel (22 September 2004) - Dan Fandrich fixed three test cases to no longer use "localhost" but instead use "127.0.0.1" to avoid requiring that localhost resolves nicely. - Jean-Claude Chauve fixed an LDAP crash when more than one record was retrieved. Daniel (19 September 2004) - Andreas Rieke pointed out that when attempting to connect to a host without a service on the specified port, curl_easy_perform() didn't properly provide an error message in the CURLOPT_ERRORBUFFER buffer. Daniel (16 September 2004) - Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl when "AUTH SSL" is issued (although the server responds fine and everything) but requires that curl issues "AUTH TLS" instead. See http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes Introducing CURLOPT_FTPSSLAUTH that allows the application to select which of the AUTH strings to attempt first. - Anonymous filed bug report #1029478 which identified a bug when you 1) used a URL without properly seperating the host name and the parameters with a slash. 2) the URL had parameters to the right of a ? that contains a slash 3) curl was told to follow Location:s 4) the request got a response that contained a Location: to redirect to "/dir". curl then appended the new path on the wrong position of the original URL. Test case 187 was added to verify that this was fixed properly. Daniel (11 September 2004) - Added parsedate.c that contains a rewrite of the date parser currently provided by getdate.y. The new one is MUCH smaller and will allow us to run away from the yacc/bison jungle. It is also slightly lacking in features compared to the old one, but it supports parsing of all date formats HTTP involves (and a fair bunch of others). Daniel (10 September 2004) - As found out by Jonas Forsman, curl didn't allow -F to set Content-Type on text-parts. Starting now, we can do -F "name=daniel;type=text/extra". Added test case 186 to verify. - Bug report #1025986. When following a Location: with a custom Host: header replacement, curl only replaced the Host: header on the initial request and didn't replace it on the following ones. This resulted in requests with two Host: headers. Now, curl checks if the location is on the same host as the initial request and then continues to replace the Host: header. And when it moves to another host, it doesn't replace the Host: header but it also doesn't make the second Host: header get used in the request. This change is verified by the two new test cases 184 and 185. Daniel (8 September 2004) - Modified the test suite to be able to use and run with customized port numbers. This was always intended but never before possible. Now a simple change in the runtests.pl script can make all tests use different ports. The default ports in use from now on are 8990 to 8993. Daniel (2 September 2004) - Minor modification of an SSL-related error message. Daniel (31 August 2004) - David Tarendash found out that curl_multi_add_handle() returned CURLM_CALL_MULTI_PERFORM instead of CURLM_OK. Daniel (30 August 2004) - Make "Proxy-Connection: close" close the current proxy connection, as Roman Koifman found out. Daniel (24 August 2004) - Fixed a getdate problem by post-replacing the getdate.c file after the bison/yacc process to add the fix Harshal Pradhan suggested. The problem caused a crash on Windows when parsing some dates. Daniel (23 August 2004) - Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs even when told to use HTTP 1.0, which is not correct. Test case 180 and 181 verify this. - Added test case 182 to verify that zero byte transfers call the callback properly. Daniel (20 August 2004) - Alexander Krasnostavsky made the write callback get called even when a zero byte file is downloaded. Daniel (18 August 2004) - Ling Thio pointed out that when libcurl is built ipv6-enabled, it still did reverse DNS lookups when fed with a numerical IP-address (like http://127.0.0.1/), although it doesn't when built ipv6-disabled. libcurl should never do reverse lookups. Daniel (17 August 2004) - Kjetil Jacobsen noticed that when transferring a file:// URL pointing to an empty file, libcurl would return with the file still open. - Alexander Krasnostavsky pointed out that the configure script needs to define _THREAD_SAFE for AIX systems to make libcurl built really thread-safe. Also added a check for the xlc compiler on AIX, and if that is detect we use the -qthreaded compiler option Daniel (16 August 2004) - libcurl now allows a custom "Accept-Encoding:" header override the internally set one that gets set with CURLOPT_ENCODING. Pointed out by Alex. - Roland Krikava found and fixed a cookie problem when using a proxy (the path matching was wrong). I added test case 179 to verify that we now do right. Daniel (15 August 2004) - Casey O'Donnell fixed some MSVC makefile targets to link properly. Daniel (11 August 2004) - configure now defines _XOPEN_SOURCE to 500 on systems that need it to build warning-free (the only known one so far is non-gcc builds on 64bit SGI IRIX). (Reverted this change later as it caused compiler errors.) - the FTP code now includes the server response in the error message when the server gives back a 530 after the password is provided, as it isn't necessary because of a bad user name or password. Version 7.12.1 (10 August 2004) Daniel (10 August 2004) - In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is already UTF-8 encoded. This made the certificate verification fail if the remote server used a certificate with the name UTF-8 encoded. Work-around brought by Alexis S. L. Carvalho. Daniel (9 August 2004) - I fixed the configure script for krb4 to use -lcom_err as well, as I started to get link problems with it unless I did that on my Solaris 2.7 box. I don't understand why I started to get problems with this now! Daniel (5 August 2004) - Enrico Scholz fixed the HTTP-Negotiate service name to be uppercase as reported in bug report #1004105 Daniel (4 August 2004) - Gisle Vanem provided a fix for the multi interface and connecting to a host using multiple IP (bad) addresses. - Dylan Salisbury made libcurl no longer accept cookies set to a TLD only (it previously allowed that on the seven three-letter domains). Daniel (31 July 2004) - Joel Chen reported that the digest code assumed quotes around the contents a bit too much. Daniel (28 July 2004) - Bertrand Demiddelaer fixed the host name to get setup properly even when a connection is re-used, when a proxy is in use. Previously the wrong Host: header could get sent when re-using a proxy connection to a different target host. - Fixed Brian Akins' reported problems with duplicate Host: headers on re-used connections. If you attempted to replace the Host: header in the second request, you got two such headers! - src/Makefile.am now includes the Makefile.inc file to get info about files Daniel (26 July 2004) - Made "curl [URL] -o name#2" work as expected. If there's no globbing for the #-number, it will simply be used as #2 in the file name. - Bertrand Demiddelaer fixed testing with valgrind 2.1.x and added two missing newlines in the cookie informationals. Daniel (24 July 2004) - I fixed the autobuilds with ares, since they now need to have buildconf run in the ares dir before the configure script is run. - Added Casey O'Donnell's curl_easy_reset() function. It has a proto in curl/curl.h but we have no man page yet. Daniel (20 July 2004) - Added buildconf and buildconf.bat to the release archives, since they are handy for rebuilding curl when using a daily snapshot (and not a pure CVS checkout). Daniel (16 July 2004) - As suggested by Toby Peterson, libcurl now ignores Content-Length data if the given size is a negative number. Test case 178 verifies this. Daniel (14 July 2004) - Günter Knauf has made the Netware builds do without the config-netware.h files, so they are now removed from the dist packages. - Günter Knauf made curl and libcurl build with Borland again. - Andres Garcia fixed the common test 505 failures on windows. Daniel (6 July 2004) - Andrés García found out why the windows tests failed on file:// "uploads". Daniel (2 July 2004) - Andrés García reported a curl_share_cleanup() crash that occurs when no lock/unlock callbacks have been set and the share is cleaned up. Daniel (1 July 2004) - When using curl --trace or --trace-ascii, no trace messages that were sent by curl_easy_cleanup() were included in the trace file. This made the message "Closing connection #0" never appear in trace dumps. Daniel (30 June 2004) - Niels van Tongeren found that setting CURLOPT_NOBODY to TRUE doesn't disable a previously set POST request, making a very odd request get sent (unless you disabled the POST) a HEAD request with a POST request-body. I've now made CURLOPT_NOBODY enforce a proper HEAD. Added test case 514 for this. Daniel (29 June 2004) - Günter Knauf made the testcurl.pl script capable of using a custom setup file to easier run multiple autobuilds on the same source tree. - Gisle fixed the djgpp build and fixed a memory problem in some of the reorged name resolved code. - Fixed code to allow connects done using the multi interface to attempt the next IP when connecting to a host that resolves to multiple IPs and a connect attempt fails. Daniel (27 June 2004) - Based on Rob Stanzel's bug report #979480, I wrote a configure check that checks if poll() can be used to wait on NULL as otherwise select() should be used to do it. The select() usage was also fixed according to his report. Mac OS X 10.3 says "poll() functionality for Mac OS X is implemented via an emulation layer on top of select(), not in the kernel directly. It is recommended that programs running under OS X 10.3 prefer select() over poll(). Configure scripts should look for the _POLL_EMUL_H_ define (instead of _POLL_H_ or _SYS_POLL_H_) and avoid implementations where poll is not implemented in the kernel." Yes, we can probably use select() on most platforms but today I prefered to leave the code unaltered. Daniel (24 June 2004) - The standard curl_version() string now only includes version info about involved libraries and not about particular features. Thus it will no longer include info about ipv6 nor GSS. That info is of course still available in the feature bitmask curl_version_info() offers. - Replaced all occurances of sprintf() with snprintf(). This is mostly because it is "A Good Thing" rather than actually fixing any known problem. This will help preventing future possible mistakes to cause buffer overflows. - Major reorganization in the host resolve code (again). This time, I've modified the code to now always use a linked list of Curl_addrinfo structs to return resolved info in, no matter what resolver method or support that is available on the platform. It makes it a lot easier to write code that uses or depends on resolved data. Internally, this means amongst other things that we can stop doing the weird "increase buffer size until it works" trick when resolving hosts on ipv4-only with gethostbyname_r(), we support socks even on libcurls built with ipv6 enabled (but only to socks servers that resolve to an ipv4 address) and we no longer deep-copy or relocate hostent structs (we create Curl_addrinfo chains instead). The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai() and is slightly naive and simple, yet I believe it is functional enough to work for libcurl. Daniel (22 June 2004) - David Cohen pointed out that RFC2109 says clients should allow cookies to contain least 4096 bytes while libcurl only allowed 2047. I raised the limit to 4999 now and made the used buffer get malloc()ed instead of simply allocated on stack as before. Extended test case 46 to include a cookie with very huge content to verify the fix. - Günter Knauf fixed getdate.y to remove a few warnings. I removed the ifdef'ed test we never ever use anyway. - Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter anywhere in the wildcard string, support multiple '*'-letters in the wildcard and to allow the '*'-letter to match a string that includes a dot. Daniel (21 June 2004) - testcurl.sh is now removed completely, tests/testcurl.pl is the script to use when autobuilding curl! - Kjetil Jacobsen brought my attention to the fact that you cannot properly abort an upload with the readfunction callback, since returning 0 or -1 only stops the upload and libcurl will continue waiting for downloaded data and the server often waits for the rest of the upload data to arrive. Thus, I've now added the ability for read callbacks to return CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code. Test case 513 was added to verify that it works. I had to improve the test HTTP server too to dump the request to a file even when the client disconnects prematurely. Daniel (19 June 2004) - Luca Alteas provided a test case with a failing curl operation: when we POST to a site with --digest (or similar) set, and the server responded with a 302 Location: to the "authprobe" request, it was not treated correctly. We still will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not in the mood to dive into this right now and will leave it as-is for now. Verified my fix with test case 177. Daniel (18 June 2004) - Gisle Vanem's patch that provides more details from the SSL layers (if you use an OpenSSL version that supports it). It also introduces two new types of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT. - With David Byron's test server I could repeat his problem and make sure that POSTing over HTTPS:// with NTLM works fine now. There was a general problem with multi-pass authentication with non-GET operations with CONNECT. Daniel (16 June 2004) - Modified to keep the upload byte counter in an curl_off_t, not an int as before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire reported that makes 2GB FTP uploads to report error ("unaligned file sizes") when completed. Daniel (15 June 2004) - Luca Alteas reported a problem that I fixed: if you did a POST with CURLAUTH_DIGEST set but the server didn't require any authentication, libcurl would repeatedly send HEAD lots of times until it gives up. This was actually the case for all multi-pass authentications. Added test case 174, 175 and 176 to verify this. Daniel (14 June 2004) - Multipart formposts uploading files no longer inserts the files themselves into the huge prebuilt chunk. This enables libcurl to formpost files that is larger than the amount of system memory. When the file given is passed on stdin, libcurl still uses the old method of reading the full fill before the upload takes place. This approach was selected in order to not alter the behavior for existing applications, as when using stdin libcurl can't know the size of the upload and chunked transfer-encoding can only be used on HTTP 1.1 servers. Daniel (13 June 2004) - Gisle found out that we did wildcard cert name checks wrong, so that parts of the check wrongly was case sensitive. Daniel (11 June 2004) - Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS machine. He also had some interesting libcurl patches... they might be able to do in a slightly nicer way. Discussions are in progress. Daniel (10 June 2004) - Gisle Vanem brought code cleanupsm better verbose output and better connect timeout handling when attempting to connect to a host that resolves to multiple IP addresses. - Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the path after a file:// transfer. Daniel (9 June 2004) - Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl without HTTP support. I added a new return code for curl_formadd() in case libcurl is built with HTTP disable: CURL_FORMADD_DISABLED. - Alexander Krasnostavsky pointed out a missing file in the generated curllib.dsp file, and now people building with this should get a libcurl.lib file generated as it used to do before we generated this file. Daniel (8 June 2004) - Marty Kuhrt fixed a minor build problem for VMS. Daniel (7 June 2004) - Reverted the configure check from the 4th since it obviously didn't work. Remade it in a different manner that hopefully works better. Daniel (4 June 2004) - Günter Knauf brought patches to make curl build fine on NetWare again. - Made the configure checks for strerror_r() not exit the configure script when built for cross-compiling. Daniel (3 June 2004) - Chris Gaukroger pointed out that 'make test' attempts to run the tests even if curl is built cross-compiled. I've now made it output a short message instead, saying it isn't possible to do. - Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl. You can now use libcurl to transfer files between two remote hosts using FTP. There are a bunch of new options to control this with: CURLOPT_SOURCE_HOST CURLOPT_SOURCE_USERPWD CURLOPT_SOURCE_PATH CURLOPT_SOURCE_PORT CURLOPT_PASV_HOST CURLOPT_SOURCE_PREQUOTE CURLOPT_SOURCE_POSTQUOTE (They still remain to be documented properly in the curl_easy_setopt man page.) When using this, the ordinary CURLOPT_URL specifies the target URL, and you specify the source data with these additional options. ftp3rdparty.c is a new example source code showing how to use this. - Vincent Bronner fixed the HTTP Digest code to use the proxy user name and password when doing proxy authentication, it previously always used the host user name and password! Daniel (2 June 2004) - CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which fixes some old confusions on when which of these should be used and what the differences are. - Applied Gisle's fixes to make curl build fine with lcc-win32 Version 7.12.0 (2 June 2004) Daniel (1 June 2004) - I clarified the --create-dirs option somewhat in the curl man page. - Renaud Duhaut corrected the curl_unescape man page. - David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile changes to now again use the mm lib by default. Daniel (26 May 2004) - Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl Makefile - David Byron reported a problem with proxy authentication when doing CONNECT, like when accessing HTTPS sites wiht a proxy. This probably broke when I rewrote the auth stuff recently. - I added fileupload.c in the examples directory, showing how an upload to a file:// URL is made. Daniel (25 May 2004) - Massimiliano Ziccardi updated the MSVC makefiles. Daniel (24 May 2004) - libcurl now supports "uploading" to file:// URLs. Test 204 and 205 were added to verify. - Simon Josefsson added a idn_free() function in libidn 0.4.5 as a reaction to Gisle's previous mail. We now use this function, and thus we require libidn 0.4.5 or later. No earlier version will do. - Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE could not be used both in one request. Fixed it and added test case 172 to verify. Daniel (21 May 2004) - While talking to host a.b.c, libcurl did wrongly not accept cookies that were set to the domain .a.b.c (that is with a dot prefix). This is now fixed and test case 171 verifies it. Daniel (20 May 2004) - Jesse Noller reported that the upload speed info reported by libcurl was wrong. The same was true for the download speed. Fixed now. Daniel (19 May 2004) - David Byron added test case 170 - this used to crash the previous version of curl. Daniel (17 May 2004) - Peter Sylvester's patch that addresses two flaws in the peer certificate name verification: o when multiple common names are used (as in the curl tests), the last name needs to be selected. o allow comparing with encoded values, at least with BMP and ISO latin1 encoded T61strings. - All 191 test cases run through the torture test OK! 'make test-torture' is now available in the root makefile (on configure-based environments). Daniel (14 May 2004) - With a slightly modified ftpserver.pl I've now run almost all tests through with runtests.pl -t. This is goodness! - Since I have been unable to contact the CVS admins for several months, I've decided that the current CVS hosting was not good enough. I've now moved the CVS repo once again, see README for updated cvs checkout instructions. Daniel (13 May 2004) - runtests.pl -t now runs fine all the way to test 100. I believe test case 100 fails because of an FTP server problem. Daniel (12 May 2004) - General cleanups all over to make libcurl survive and do well when a memory function returns NULL. runtests.pl -t now works fine for the first 26 test cases. Daniel (11 May 2004) - Seshubabu Pasam provided a patch that introduces curl_global_init_mem() - like normal curl_global_init() but allows the app to replace all memory functions with its own set. I modified it slightly. - Based on Luca Alteas' comments, I modified the curllib.dsp generation code. Daniel (10 May 2004) - Gisle mailed Simon Josefsson (of libidn fame) about the benefits of a separate free()-function by that lib to make sure the memory is freed by the same memory subsystem that allocated it. He responded positively and this will likely cause us to require a newer version of libidn as soon as Simon releases one with such a libidn_free() function. - James Bursa made runtests.pl's -t option work for any given test case, and I edited to allow -g too. Not even test case 1 worked... - Luca Altea made the nc= field not use quotes in outgoing HTTP Digest headers. - Andrés García fixed a problem in the test script that made it fail to recognize our own running HTTP server. Daniel (7 May 2004) - James Bursa fixed the memanalyze.pl script to conder malloc(0) areas OK to free() and he made two failed-resolve error messages use the new display- name instead of the internally-used name. - Gisle Vanem tried curl with www.etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com which caused problems, and I fixed the single zero byte buffer overwrite that occurred (due to a stupid protocol buffer size and parser). - Made the lib/curllib.dsp file get generated automaticly when a distribution package is made, with the msvcproj.* files as templates and all win32-sources added. I think this can be made to work better than the always lagging-behind previous approach. I'm not sure this builds a working project file right now though! Daniel (6 May 2004) - Michael Benedict brought a fix that fills in the errorbuffer properly when ares fails to resolve a name for a case not previously dealt with like this. Daniel (5 May 2004) - Joe Halpin fixed the annoying typecast warning in lib/ldap.c - Gisle Vanem fixes: o memdebug to not access NULL on several places o libcurl.def; curl_formparse is gone. o progress.c; fixed the percent values being trunced to 0. o if2ip.*; constified the 'interface' argument. - Tor Arntsen reported that many of his autobuilds froze and I found and fixed a problem introduced with the HTTP auth overhaul that could lead to a never-ending internal request-loop due to un-initialized variables! - Removed several compiler warnings on various compilers/platforms. Daniel (4 May 2004) - curl_formparse() has been removed from the library. It has been marked and mentioned as deprecated for several years. Daniel (3 May 2004) - Rewritten HTTP authentication code. The previous code could not properly deal with the added test cases 167, 168 and 169. I've now rewritten the code to better separate host and proxy authentication and not re-use the same variables as much as before as it proved non working in the more involved cases. All the current tests run OK now, and so do the new ones. The curl tool got a new option named --proxy-digest to enable HTTP Digest authentication with the proxy. I also made the library support it. - Gisle Vanem made the LDAP code work with wldap32.dll as supplied with Win-98/ME/2000/XP, so no extra .dlls are required when curl/libcurl is used on these Windows versions. Daniel (30 April 2004) - runtests.pl now scans the valgrind log for valgrind-detected memory leaks after each test case if valgrind was found and used. - I modified the app-code in curl to include the new lib/curlx.h and only access those functions using the curlx_-prefix in preparation for the future removal of several curl_-functions from the public libcurl API. - Introduced lib/curlx.h as a single header to provide the curlx_-functions to apps. - Added notices in the man pages for curl_getenv, curl_mprintf, curl_strequal and curl_strnequal that they are subject for removal in a future release. STOP USING THESE FUNCTIONS. - Mihai Ionescu noticed he couldn't do formposts with whitespace in the file names and yes, I broke that on April 23. Sigh. I fixed it now and added test case 166 to verify it. - Luca Altea pointed out a mistake left from the Digest patch of yesterday. Daniel (29 April 2004) - Made IDN domains work when sending requsts over HTTP proxy as well. Added test case 165 to verify the functionality. - Fixed a bug in the new internal host name setup when re-using connections. - James Bursa found out that curl_easy_duphandle() with ares-built libcurl created a bad handle that would crash in the first name resolve attempt. This is now fixed and test case 512 was added to verify it. - Luca Altea provided a major HTTP Digest code fix and cleanup. We now follow the Digest RFC a lot better. - Gisle Vanem made the SSL code use ERR_error_string_n() where applicable. Daniel (27 April 2004) - I remodeled Gisle's IDN code slightly and now we convert both the host name and proxy name to the ACE encoded version to use internally for resolves and cookies etc. They are now using one 'struct hostname' each that keep both the original name and the possibly encoded name. IDN resolves work for me now using ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right. I got some failures at first when CHARSET wasn't set at all which confused libidn completely and it decided by encoding of choice was 'ANSI_X3.4-1968'... - made 'configure --without-libidn' work Daniel (25 April 2004) - Fixed the src/hugehelp.c file to include "setup.h" instead of "config.h" to make the problems with USE_MANUAL on windows go away. - configure --without-ssl could still wrongly include some OpenSSL info in the Makefiles if pkg-config had info about OpenSSL. Bug #941762 reported by Martin. - Since we can now build and use quite a large set of 3rd party libraries, I decided I would make configure produce a summary at the end showing what libraries it uses and if not, what option to use to make it use that. I also added some other random info that is nice in a "configure summary" output. - Applied TommyTam's patch that now make curl work with telnet and stdin properly on Windows. - The changes for today below were made by me and Gisle Vanem. The file previously known as hostip.c has now undergone a huge cleanup and split: hostip.c explained ================== The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c source file are these: CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use that. The host may not be able to resolve IPv6, but we don't really have to take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 defined. CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous name resolves. It cannot have ENABLE_IPV6 defined at the same time, as c-ares has no ipv6 support. This can be Windows or *nix. CURLRES_THREADED - is defined if libcurl is built to run under (native) Windows, and then the name resolve will be done in a new thread, and the supported asynch API will be the same as for ares-builds. If any of the two previous are defined, CURLRES_ASYNCH is defined too. If libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is defined. The host*.c sources files are split up like this: hostip.c - method-independent resolver functions and utility functions hostasyn.c - functions for asynchronous name resolves hostsyn.c - functions for synchronous name resolves hostares.c - functions for ares-using name resolves hostthre.c - functions for threaded name resolves hostip4.c - ipv4-specific functions hostip6.c - ipv6-specific functions The hostip.h is the single united header file for all this. It defines the CURLRES_* defines based on the config*.h and setup.h defines. - Added function header comments to many functions in an attempt to better explain the purpose of them all. - configure --with-libidn is now supported. It makes the configure script check for libidn libs and include files in the prefix path given. If you say --with-libidn=/usr/local, it will check for the lib in /usr/local/lib and the includes in /usr/local/include etc. - curl_version_info() now returns a struct aged CURLVERSION_THIRD including libidn version info. The string curl_version() returns also includes libidn version info, if available. Version 7.11.2 (26 April 2004) Daniel (25 April 2004) - Erwin Authried pointed out that configure --disable-manual didn't do right if you already had a src/hugehelp.c source file present (which most people do I guess). It now uses the USE_MANUAL define properly. Daniel (23 April 2004) - Gisle Vanem found and fixed a memory leak when doing (failing) Windows threaded name resolves. - I also added test case 163 just to make sure -F "var=2GB files. curl -V now outputs 'Largefile' in the Features: field if this is the case. Most systems are likely to support this. - We offer a CURL_FORMAT_OFF_T define in the public header, which can be used to printf() curl_off_t variables. We also modified the libcurl sources to use this define instead of the previous %Od approach (although I've left the O-flag functional in the code). This should also prevent compilers to warn on the home-grown option. - Fixed the resume-check code to test for a working resume at the end of the headers and not at the first body-byte. - CURLOPT_DNS_USE_GLOBAL_CACHE is now considered obsolete. Stop using it. If you need a global DNS cache for whatever reason, use the share interface and you'll get a global cache that works the way it should work. You can even have any number of global caches, all at your command. This is now also mentioned in the docs. - Made the *printf code support the z-flag to enable size_t printf() in a manner similar to how glibc allows it. To make printfing of this work on platforms with 64bit size_t and 32bit ints. If there even are any! ;-) - Christopher R. Palmer discovered that if you CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM (or CURLAUTH_ANY and libcurl then picked NTLM), libcurl would loop without succeeding to authenticate due to the new connection that was made for all round-trips in the authentication. Now, the FRESH_CONNECT is remade to only matter for the first connection made with curl_easy_perform() and all the rest that might follow due to FOLLOWLOCATION or HTTP authentication are now ignoring that option. - Adjusted the QUIT code slightly since it could core-dump. - Corrected the test suite's FTP server to provide a correct size to the 'verifiedserver' request. Daniel (27 February 2004) - Joe Halpin made the FTP code send QUIT on the control connection before disconnecting the TCP connection. This is what good-behaving ftp clients should do. Daniel (26 February 2004) - David Byron updated several files to make curl build fine on MSVC 6. He also added the 'buildconf.bat' that works like the 'buildconf + configure' combo does on unixes. - Gisle Vanem made the memdebug stuff support calloc() as well. - Tor Arntsen pointed out that testcurl.sh needed to remove the generated files in order to have them re-generated in each build. - Andy Serpa found out that the share interface did not enjoy life when not having the lock and unlock callbacks set, even though documented to be OK. It still is OK, and now the code won't segfault anymore! Daniel (25 February 2004) - Based on a patch by Greg Hewgill I modified how long long is used in the mprintf code, as we can use a 64bit type with MSVC that is a long long equivalent. This corrects some weird large file behaviors on windows. - Tor Arntsen helped me work out --enable-debug to work better with different versions of the gcc and icc compilers. - Added CURLOPT_SHARE to the curl_easy_setopt.3 man page. Daniel (22 February 2004) - Applied the final pieces of Gisle Vanem's patch that brings a working name resolve timeout to the windows versions of curl! Daniel (21 February 2004) - David Byron's fix to allow the speed-limit logic work even if you set limit-rate. It does work on the expense of the rate limiter. Daniel (20 February 2004) - configure --enable-debug with gcc now also tries to detect the icc compiler (which somehow gets treated as if it is a gcc) to stop using all the gcc options with it, and we also provide -isystem options for each extra -I option the configure script has figured out (for OpenSSL, kerberos, zlib, Heimdal etc). This of course to prevent warnings on headers we don't have control of. Daniel (19 February 2004) - Doug Porter made libcurl use the HOME environment variable before the getpwuid results when looking for .netrc files. - If 'configure --enable-debug' is used with gcc, it now checks which gcc version it is and uses as picky compiler options as possible for the particular version. - Code that can be used in both the lib and in the curl app is now made to use the curlx_ prefix. The first function to be available like this is the curlx_strtoll() function. This is made to allow the app to use existing code, but without polluting the libcurl API. Further explanations posted here: http://curl.haxx.se/mail/lib-2004-02/0215.html Daniel (18 February 2004) - Fixed buildconf to not use "which" as AIX and Tru64 have what have been referred to as "horribly broken 'which' programs". - Made sure dns cache timeout set to -1 really means caching forever. Daniel (17 February 2004) - Made it possibly to build c-ares with the libcurl memdebug system to better track memory. Daniel (16 February 2004) - When using ares, we now initialize the ares 'channel' in curl_easy_init() and re-use that same handle during the entire curl handle's life-time. It improves performance. - Fixed a problem when displaying verbose for ipv6-enabled libcurls and re-used connections. Problem reported and fix verified by Grigory Entin. - Jeff Lawson fixed the version-check in the SOCKS5 code. Daniel (15 February 2004) - Fixed a case where a host cache entry was not flagged in-use properly when a cached entry was used. - Andrés García's patch that checks for winmm in the configure script was applied. Daniel (13 February 2004) - Ben Greear's SO_BINDTODEVICE patch for the binding of the local end to a specific network interface. - Greg Hewgill found out that the variable holding 'contentlength' wasn't big enough to hold a large file! - Tor Arntsen fixed a 64bit-related problem in date-related code in the ftp department, and there was another potential problem in the name resolve code too. Daniel (11 February 2004) - Removed a few variables that were only set but never used, as some compilers warn about that and we do not like compiler warnings! - Removed the need for symlinks in the tests/data directory if curl is built outside of the source directory and the 'make test' is used. This was done by providing a "source dir path" to the scripts/servers. - Now, if the configure script can't find an nroff tool or an option to nroff to use to convert man pages with, it will completely switch off the built-in manual. - 'configure --disable-manual' completely disables the built-in manual from the curl command tool. - Andrés García fixed the configure script and a minor source edit, and now he has managed to get msys/mingw to run configure and then build! Daniel (9 February 2004) - The default HTTP Accept: header was modified to the much simpler "Accept: */*". - P R Schaffner updated the curl-ssl spec file for RPMs. - Dominick Meglio brought lots of documentation for the share interface's man pages that were previously missing. - Tor Arntsen provided a patch that makes libcurl work-around a bug in the AIX5 implementation of getaddrinfo(). This makes the FTP PORT stuff work on ipv6-enabled AIX builds. - Ken Rastatter provided portability fixes for the curlgtk.c example, and now it runs on windows with GTK as well! Daniel (6 February 2004) - Andrés García made the configure script find gethostbyname() fine when run with mingw on windows. - Modified the ldap code to use proper function pointers all over (instead of mixed data and function pointers) to work-around the picky MIPSPro compiler warnings. - A custom Host: header is only considered if the request is not made by following a location. After discussions with Tim Baker. Daniel (5 February 2004) - The libz part of the configure script now only set the two libz-related define HAVE_ZLIB_H and HAVE_LIBZ if both the lib and the header is found. If one is missing, none of the defines is set. - Andrés García fixed the Mingw makefiles. - Len Krause reported that curl 7.9.X could do uploading from stdin without doing chunked encoding, which current curl cannot do even if you disable the transfer-encoding chunked header. Now it can again, and test case 98 verifies this functionality. - Tor Arntsen fixed a weird getaddrinfo() usage in the FTP code, preventing the ipv6-code for PORT work on AIX 5.2. We now also provide (better) error messages when bailing out in the that function. - Tor Arntsen now provides AIX and IRIX (using gcc, xlc and the MIPSPro compilers) automated build logs (http://curl.haxx.se/auto/) and we've fixed numerous minor quirks to make less warnings appear. Daniel (4 February 2004) - Based on a patch by Gilad, we now use the custom timeouts when waiting for a server to connect when using FTP PORT. Previously we always waited 10 seconds, no more no less. We now also changed the default (if no timeout is set) to wait 60 seconds for the connect before we fail. Daniel (3 February 2004) - Modified to link with c-ares instead of ares. Daniel (2 February 2004) - Added a configure test to check for which option the (g)nroff tool wants to extract plain text from the man pages. Tor Arntsen told us the AIX version of GNU gnroff doesn't support -man! - Added an undef of accept in memdebug.h to make curl build with --enable-debug on AIX 5.2 which seems to have accept defined. Reported by Tor Arntsen. - curl_version() now includes c-ares version info, and curl_version_info() now returns a struct with version SECOND that also includes that info. - We are now officially using c-ares for asynch name resolves. c-ares is the new library, based on the existing ares but with an extended and slightly modified API. - Dirk improved the ares timeout code, and now we also include the ares error string when we fail to resolve a name. - Another tweak to make test case 91 run fine. Now we have another bit on a connection that is set true if the connection is marked for 'retry'. That makes the connection get closed and re-opened and the HTTP-done code must not complain on the fact that no data was received. - Based on Dirk Manske's patch, I modified the name resolving with ares to feature a timeout for really slow lookups. It now defaults to 300 seconds, but is now adjusted to the CONNECTTIMEOUT/TIMOUE timeouts if one of them is set. - Fixed the inclusion of ca-bundle.h to really use the one in the build dir before the one in the source dir. Domenico Andreoli found out and reported. - Added test case 97, a simple POST with a custom Content-Type header replacing the original application/x-www-form-urlencoded one. Daniel (30 January 2004) - Added code that attempts to fix the test 91 failure. As has been figured out by Patrick Smith, the error happens because we re-use a connection that the server is just about to close and we even manage to send away the request without seeing an error. On the first read attempt we get a ECONNRESET. Starting now, we attempt to detect this and if so, we retry the request on a fresh connection. - I added test case 510 which is a custom program that does a POST using a read callback, with chunked transfer-encoding. - Adjusted one of the MPE/iX changes as it made test case 504 fail all over. - Added --socks as a recognized option. It works just like --proxy but sets a SOCKS5 proxy to use. SOCKS5 support has been available in libcurl for a while, just not provided by the curl tool. This does not currently work for IPv6-enabled libcurls. Daniel (29 January 2004) - Stadler Stephan pointed out that src/hugehelp.c included config.h without checking the define if its present... - Ken Hirsch provided patches to make curl build fine on the MPE/iX operating system. - Dan Fandrich compiled curl with lots of aggressively pedantic compiler options and thus found a few minor errors and did some general cleanups to avoid them. - Dirk Manske fixed a flaw in ares that prevented it to use non-blocking sockets properly. Daniel (28 January 2004) - Richard Bramante fixed chunked transfer-encoded "uploads" to send a final CRLF combo properly. Daniel (27 January 2004) - Made the response-headers during a CONNECT request to a proxy get passed on as regular headers, so they appear with -i/-I options and similar. - Based on a patch by Gisle Vanem, I've made the progress meter display properly switch to a GB-display when more than 9999MB have been transfered. Daniel (23 January 2004) - Gisle Vanem pointed out a curlrc parser problem/crash when an option with a required didn't have one and was on the last line of a file. - More Windows fixes for large files. We now build and link with ../lib/strtoofft.c in the app code since Curl_strtoll() is not a provided libcurl function... Perhaps we should consider a 'common' dir or similar where we put source code used in both the lib and the client. Or perhaps we'll just make this function available in the library... - Vincent Bronner found out the socks5 code crashed when no username was set. - Vincent Bronner spotted a problem with proxy username/password when re-using a persistent connection. - Fixed the progress meter display for files larger than 2^31 bytes. Gisle Vanem reported. Daniel (22 January 2004) - Gisle Vanem made strtoll() get used when curl is built with the mingw compiler. - Gisle Vanem fixed the compressed help text code to display properly. - Removed the '#define HttpPost' from the public header file, as curl_httppost is the proper name and it has been for quite some time now. Fixes another name space pollution. - Added 'curl_off_t' typedef in the public header file, to be used to provide large file sizes to the *_LARGE options. Adjusted the code all over to use this variable type instead of 'off_t'. This is an attempt to make the large file support work on more platforms. The configure script now checks the size of the curl_off_t instead of the plain off_t. Version 7.11.0 (22 January 2004) Daniel (21 January 2004) - Removed the defines in the public header file with TIMECOND_ prefixes. They have been obsolete since April 22nd 2002, and if this causes anyone any problems now it is very easy to just add CURL_ to the names. This corrects this name space pollution. Daniel (19 January 2004) - David Byron cleaned up how --trace with no option was treated, and also arguments in a config file without a required parameter! Daniel (16 January 2004) - Gisle Vanem fixed a few issues where compilers warned about variables possibly being used unassigned. - Minor Interix build problem fixed. Daniel (15 January 2004) - Peter Sylvester pointed out some necessary escaping needed in the acinclude.m4 file when automake 1.8 or later is used. Daniel (14 January 2004) - Vincent Bronner fixed the Curl_resolv() return code. This extends the fix Steve Green provided on december 3... Daniel (13 January 2004) - Luke Call made the win32 version of the password prompting function support backspace. - Dan Fandrich fixed the hugehelp source file to contain both a compressed and an uncompressed version in the distribution, so that more people easier can build curl with the compressed version. - Diego Casorran brought another AmigaOS build patch for native Amiga builds. - Matt Veenstra updated the Mac OS X framework files. - Brian R Duffy brought a section to the INSTALL file on how to build a SSL-enabled curl using the free Borland C++ compiler. He also updated the Borland lib/Makefile.b32. - I fixed the test case 509 which I broke yesterday. Now the libtest are compiled with an include path that points to the library's source dir, so that the libtests can include files from the source tree. This was made to make it possible to use the USE_SSLEAY define in the library test files. Daniel (12 January 2004) - Peter Sylvester brought code that now allows a callback to modified the URL even when the multi interface is used, and then libcurl will simulate a "follow location" to that new URL. Test 509 was added to test this feature. - Extended the time we retry servers in the test script, and I also made it retry the https and ftps servers before they are considered bad. I believe the previous approach could turn problematic on really slow hosts. Version 7.11.0-pre1 (12 January 2004) Daniel (11 January 2004) - Dominick Meglio pointed out FTPS should use default port 990 according to IANA. Daniel (8 January 2004) - Fixed the SPNEGO configure check to not use -R or other non-portable options in the LDFLAGS. Reported by Pierre in bug report #872930. Daniel (5 January 2004) - Dan Fandrich provided a fix on our zlib usage. - David J Meyer's patch that introduce large file support to libcurl was applied. New curl_easy_setopt options that accept 'off_t' arguments are: INFILESIZE_LARGE RESUME_FROM_LARGE MAXFILESIZE_LARGE Daniel (4 January 2004) - Based on Dominick Meglio's comments, I made our private version of gettimeofday() declared static. This would otherwise collide with the same function in other libs (like ares for example). - Added Dominick Meglio's description on how to build libcurl with ares on win32. Daniel (19 December) - CURLOPT_IPRESOLVE was not possible to set. - Gisle Vanem updated the djgpp build files. Daniel (18 December) - John McGowan reported a redirect-problem that happened if a site used a URL like "url.com?var=content" (without a proper slash) and from that address redirected the user-agent to an absolute directory. - David Byron made libcurl build fine with both the .NET and VC6 versions of MSVC Daniel (16 December) - Updated test 506 since it started to fail after the cache prune change yesterday. I also changed it slightly to feature a counter in each debug output for easier tracing. Daniel (15 December) - Old DNS cache entries are now only pruned after curl is done with a request, and not in the actual name resolve call. - corrected the --enable-ares patch - Giuseppe Attardi found and fixed a problem within libcurl that re-used already freed memory. Daniel (10 December) - Gisle Vanem reported that the dict support was broken. I broke it during my ftps-changes overhaul. I've now added a 'curlassert' function that can be used to verify expressions, to prevent future errors of the same kind. They're only present in debug-builds. - Diego Casorran made curl and libcurl possible to build natively (no more need for the ixemul library) on AmigaOS. - Dominick Meglio made configure --enable-ares support a given path to the installed ares lib, instead of always using it in the curl source tree. This also fixed the curl-config --libs output. - Eric S. Raymond patched a very minor man page format error in libcurl-errors.3 Daniel (8 December) - Fixed the flaw that made -lz appear twice on the link command line. - After correspondence with Gisle Vanem, I changed the 'connection aborted' error text when the FTP response reader failed to more specificly identify what the problem is. - Based on a patch from Dominick Meglio, curl-config --feature now outputs 'AsynchDNS' as a feature if libcurl was built with ares. The feature name is the same that 'curl -V' outputs, for simplicity. Daniel (3 December) - Marty Kuhrt made the build up-to-date on VMS, and moved most of the VMS- specific stuff in the client code to a separate header file. - Steve Green fixed a return code bug in Curl_resolv(), that made the socks5 code fail. - swalkaus at yahoo.com patched libcurl to ignore Content-Length: headers when Transfer-Encoding: chunked is used, as mandated by RFC2616. Daniel (2 December) - --ftp-pasv was added, which serves the only purpose of overriding a previously set --ftpport option. Starting now, --ftp-port is a recognized alias for --ftpport for consistency. - Giuseppe Attardi pointed out that we should use MSG_NOSIGNAL when we use send() and recv(). I added checks for the define in the configure script and adjusted the code accordingly. If the symbol is present, we won't attempt to ignore the SIGPIPE signal. Daniel (1 December) - Mathias Axelsson set up a bsdftpd-ssl server for me and I could make curl run fine against its FTPS implementation. Now these FTPS-related things work: o explicit and implicit FTPS o active (PORT) and passive (PASV) o upload and download o verified against bsdftpd-ssl and RaidenFTPD Daniel (27 November) - James Clancy made the Borland Makefiles up to date. - Markus Moeller improved the SPNEGO detection in the configure script. Daniel (25 November) - Dave May filed bug report #848371, identifying that if you'd do POST over a proxy to a https server, libcurl didn't POST at all, it just made a GET! It turned out to be because libcurl wrongly didn't consider the authentication "negotiation phase" to be complete yet. I added test case 95 to verify my fix for this. Daniel (24 November) - Thanks to Mathias Axelsson, I've been able to work on FTPS for libcurl and it seems to work somewhat fine now. The FTPS stuff is based on RFC2228 and the murray-auth-ftp-ssl draft (version 12). There seems to exist quite a few servers that have implemented the server side of this. We can now use ftps:// URLs to explicitly switch on SSL/TSL for the control connection and the data connection (dealing with two SSL connections forced me to change a lot of stuff in libcurl). Alternatively, and what seems to be the recommended way, we can set the new option CURLOPT_FTP_SSL to one of these values: CURLFTPSSL_NOPE, - do not attempt to use SSL CURLFTPSSL_TRY - try using SSL, proceed anyway otherwise CURLFTPSSL_CONTROL - SSL for the control connection or fail CURLFTPSSL_ALL - SSL for all communication or fail Any failure to set the desired level will make libcurl fail with the error code CURLE_FTP_SSL_FAILED. This new option makes a "normal" ftp:// transfer attempt to be made securely. I've been able to login and get files (passively) from Mathias' server using both ftps:// and CURLOPT_FTP_SSL. (I've made 'curl' understand the --ftp-ssl option that sets CURLFTPSSL_TRY.) - Gaz Iqbal fixed a range string memory leak. - Gisle Vanem fixed the Windows builds. - Added the new FTPSSL defines in curl/curl.h Daniel (20 November) - Josh Kapell filed bug report #845247 as he found an endless loop when getting a 407 back from a proxy when no user+password was given. Added test case 94 to verify the fix. Daniel (19 November) - Kevin Roth fixed a progress-bar problem on Windows. - While working with Nicolas Croiset's bug report #843739, I noticed two minor problems related to ftp partial downloads: if a partial transfer is detected, we must close the connection as we cannot know in what state it is anymore. This looks like a ProFTPD bug: http://curl.haxx.se/mail/lib-2003-11/0079.html Daniel (17 November) - Maciej W. Rozycki made the configure script use a cache variable for the writable argv test. This way, the default can be overridden better (for cross-compiles etc) Daniel (15 November) - Mathias Axelsson found out libcurl sometimes freed the server certificate twice, leading to crashes! Daniel (14 November) - Siddhartha Prakash Jain found a case with a bad resolve that we didn't properly bail out from, when using ares. Daniel (13 November) - Default Content-Type for parts in multipart formposts has changed to "application/octet-stream". This seems more appropriate, and I believe mozilla and the likes do this. In the same area: .html files now get text/html as Content-Type. (Pointed out in bug report #839806) - Gisle Vanem corrected the --progress-bar output by doing a flush of the output, which apparently makes it look better on at least windows, but possibly other platforms too. - Peter Sylvester identified a problem in the connect code, which made the multi interface on a ipv6-enabled solaris box do bad. Test case 504 to be specific. I've spent some time to clean-up the Curl_connecthost() function now to use less duplicated code for the two different sections: ipv6 and ipv4. Daniel (11 November) - Added CURLOPT_NETRC_FILE. Use this to tell libcurl which file to use instead of trying to find a .netrc in the current user's home directory. The existing .netrc file finder is somewhat naive and is far from perfect on several platforms that aren't unix-style. If this option isn't set when CURLOPT_NETRC is set, the previous approach will still be used. The current .netrc check code now also support longer than 256 bytes path names. Daniel (10 November) - Kang-Jin Lee pointed out that the generated ca-bundle.h file shouldn't be written in the source dir if a different build dir is used. - After Sébastien Willemijns' bug report, we now check the separators properly in the 229-reply servers respond on a EPSV command and bail out better if the reply string is not RFC2428-compliant. Daniel (7 November) - Based on Gisle Vanem's patch, I made curl try harder to get the home directory of the current user, in order to find the default .curlrc file. We're also considering moving out the HOME-dir code from libcurl, and instead have the app pass in the path to the .netrc file (which is the only logic left in libcurl that uses the HOME dir). Then curl can use the home dir for that purpose too. - Ralph Mitchell's updated testcurl.sh to the script to take an existing directory name and build/run/test curl in there instead of trying to update from CVS. Using this approach, the script can now be used to test daily tarballs etc. - Gisle Vanem added a "resource file" to the Windows DLL builds, to contain information such as version number, library name, copyright info etc. Daniel (6 November) - curl checks if the existing libcurl supports things like --ntlm, --negotiate and --krb4 and returns error if not. - I added three new global defines in the curl/curl.h header: LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. They are the three numbers in the library's version number, separated for easier usage. 'maketgz' was updated accordingly to generate these numbers properly when building release-archives. - Uninitialized variable fix, reported by both Marty Kuhrt and Benjamin Gerard. - Matt Veenstra provided build files to build libcurl as a "framework" under Mac OS X. See the lib/libcurl.framework.make for details. - Removed the defines of TRUE and FALSE from the curl/curl.h header file. They're not in our name space so we should not fiddle with them. Daniel (5 November) - Replaced the man page to HTML converter program with a new one: roffit. Makes nicer web pages. Daniel (4 November) - Troels Walsted Hansen fixed the MSVC makefiles to let them build curl fine on Windows. - Kevin Roth corrected the cygwin package generator and spell-fixed the comment in the ca-bundle.h file. Version 7.10.8 (1 November 2003) Daniel (31 October) - Assume that MDTM on an FTP server returns the timestamp using the UTC time zone. This changes the time CURLINFO_FILETIME returns for a given file over FTP, and will change existing uses of CURLOPT_TIMECONDITION. It will make the functionality more similar to how the HTTP one is already working. - Command line options that take numerical parameters (such as -y, -Y, -C etc) now report error and exit if the parameter isn't truly a number greater than or equal to zero. This helps users to notice bad usage earlier. Before, when a user forgot or missed to add a numerical parameter to an option, the command line parser would simply "eat" the following option and it would cause great confusion. Daniel (30 October) - David Hull made libcurl deal with NOBODY and HEADER for file:// the same way it already does for FTP: it provides HTTP-looking headers that provide info only about the file, without doing the actual transfer. The curl tool then lets --head do this. Daniel (29 October) - runtests.pl now checks for and use valgrind if present. It will redirect the valgrind results in log/valgrind[num] but it currently doesn't scan that file for any errors or anything, that is still only made manually. - David Hull made the file: URL parser also accept the somewhat sloppy file syntax: file:/path. I added test case 203 to verify this. Daniel (28 October) - Dan C tracked down yet another weird behavior in the glibc gethostbyname_r() function for some specific versions (reported on 2.2.5 and 2.1.1), and provided a fix. On Linux machines with these glibc versions, non-ipv6 builds of libcurl would often fail to resolve perfectly resolvable host names. Daniel (26 October) - James Bursa found out that curl_msnprintf() could write the trailing zero-byte outside its given buffer size. This could happen if you generated a very long error message as then libcurl would overwrite the ERRORBUFFER with one byte. Using a non-existing very long local file:// name is one case that could make this occur. Daniel (24 October) - David Hull filed bug report #829827. It identified a problem with -C - if the full file already was downloaded and thus the server responded with a 416. libcurl would then wrongly use the Content-Length: header and expect that size to get transfer, causing a "hang" until the server closed the connection and then an error 18 ("still N bytes data left of the transfer"). Now we don't return any error at all, but I think libcurl should perhaps return some kind of info since the requested range was out of the size of the document. - Based on David Hull's fix in bug report #804599, we now check for solaris and gcc in configure and set the -mimpure-text link flag for linking the lib better. - I've introduced a -t option to the runtests.pl script. With that option set, the script runs special "memory torture" tests. For each test command line in that section, the script first runs the command line and counts the total amount of allocations made. It then runs the exact same command line again, forcing allocation number N to fail. It will try every N from 1 to the total number of amounts made. For every invoke, it checks that no memory was leaked as that would indicate a bad cleanup somewhere in the code. This is just beginning to work, and I've already made some corrections in libcurl code. When this code works somewhat fine, I'll make sure 'make test' in the root dir will run these tests as well. Daniel (23 October) - Georg Horn fixed how the CA verification is made. Verifications can now be made while at the same time the result of it can be ignored. This also affects the curl tool as -k can now be used together with --cacert or --capath. Daniel (22 October) - Gisle Vanem found out --disable-eprt didn't work and patched it. - Test case 91 was modified and could now repeat the problem Kevin Roth has reported, and the bug was fixed. - Dylan Ellicott added vc-libcurl-ssl-dll as a target to the root makefile to build a static libcurl that links with a shared OpenSSL using MSVC. Daniel (21 October) - Andrés García updated the mingw32 makefiles. Version 7.10.8-pre5 (21 October 2003) Daniel (19 October) - Georg Horn made libcurl output more info on SSL failures when receiving data. Version 7.10.8-pre4 (18 October 2003) Daniel (17 October) - Dominick Meglio implemented CURLOPT_MAXFILESIZE and --max-filesize. - Made libcurl show verbose info about what auth type and user name that is being sent in its HTTP request-headers. Daniel (16 October) - Removed support for CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. libcurl no longer prompt for passwords under any circumstances. Password prompting was instead moved to curl, which now prompts for password if -u or -U lack it. This solves the problem Kevin Roth reported when curl prompted for password twice when doing NTLM authentication. - I rewrote the SSL subjectAltName check to avoid having to rely on OpenLDAP- licensed derivate code. Daniel (15 October) - Avoid doing getsockopt() on Windows to verify connects. It seems that this hogs Windows machines when libcurl is being used multi-threaded (with > ~50 threads). Andrew Fuller helped us verify and test this. Daniel (14 October) - Kimmo Kinnunen fixed a crash with duphandle() when CURLDEBUG is set. - Gisle Vanem made libcurl build and work with IPv6 on Windows. Daniel (13 October) - Giuseppe Attardi reported yet another segfault with ares and the multi interface. Me fixed. - Domenico Andreoli removed the extra LDFLAGS assignment in lib/Makefile.am that was reported about in the debian bug report #212086. Domenico also fixed two makefiles where we used 'gnroff' instead of the more portable $(NROFF). Daniel (12 October) - Dirk Manske made the share locking around DNS lookups slightly different to allow the share system's DNS lookups to run somewhat more independent/faster. Daniel (9 October) - Lachlan O'Dea fixed a resume problem: "If I set CURLOPT_RESUME_FROM, perform an HTTP download, then reset CURLOPT_RESUME_FROM to 0, the next download still has a Range header with a garbage value." bug report #820502 - Dominick Meglio made the inet_pton.c file build fine using MSVC. - The 'sws' test suite web server now #include setup.h from the lib directory. This makes it more portable easier. Version 7.10.8-pre3 (8 October 2003) Daniel (8 October) - Frank Ticheler provided a patch that fixes how libcurl connects to multiple addresses, if one of them fails (ipv4-code). Daniel (7 October) - Neil Dunbar provided a patch that now makes libcurl check SSL subjectAltNames when matching certs. This is apparently detailed in RFC2818 as the right thing to do. I had to add configure checks for inet_pton() and our own (strictly speaking, code from BIND written by Paul Vixie) provided code for the function for platforms that miss it. - HTTP POST using the read callback didn't work, as Florian Schoppmann reported. Daniel (5 October) - Shared provided a few fixes to make libcurl build on BeOS out-of-the-box. New code for BeOS-style non-blocking sockets, provided by Shard and Jeremy Friesner. Modified the autoconf check for non-blocking sockets to check for this kind too. Daniel (4 October) - Vincent Bronner pointed out that if you set CURLOPT_COOKIE for a transfer and then set it to NULL in a subsequent one, the previous cookie was still sent off! - Jon Turner fixed a problem libcurl had when it failed on an FTP transfer due to a bad path, it would cause the next transfer to use a bad path as well. - Siddhartha Prakash Jain provided a patch with a fix for libcurl with ares, when working on IP-only names as we then could return "wait" status when the name in fact already was resolved. I edited the patch slightly to not expose asynch details to non-ares aware source code. Daniel (3 October) - Neil Spring posted the debian bug report #213180, and pointed out that using the name 'access' in a function prototype is not very wise as some compilers complain. - Peter Sylvester provided his and Jean-Paul Merlin's curlx.c example source code that shows how they use ssl and callbacks. Daniel (2 October) - James MacMillan's patch makes curl build on QNX 6.2.x. Daniel (26 September) - My daughter was born! Daniel (23 September) - Added support for -4/--ipv4 and -6/--ipv6 to force names to resolve to that particular IP version. They only work for IPv6-enabled libcurls. - curl -V now outputs 'SPNEGO' as a feature in case libcurl was built to support that. Version 7.10.8-pre2 (22 September 2003) Daniel (22 September) - Giuseppe Attardi found a segfault in libcurl when using the multi interface with ares and doing repeated operations against a non-resolving host name. Daniel (19 September) - Added the CURLOPT_IPRESOLVE option, that allows an application to select what kind of IP addresses he wants to use when resolving host names. This is only interesting when using host names that resolve addresses using more than one version of IP. - Applied Markus Moeller's patch that introduces SPNEGO support if libcurl is built with the FBopenssl libraries. curl_version_info() now returns info on SPNEGO availability. The patch also made the GSSAPI stuff work fine with the MIT GSS-library (the Heimdal one still works too). Daniel (16 September) - Doing PUT with --digest failed, as reported in bug report #805853. - Using --anyauth that picked NTLM, and then a redirect closed the connection and took curl to a second NTLM page made curl fail. Bug report #806328 identified the problem, test case 90 was added to verify the fix. Daniel (14 September) - codemastr brought a patch for ares to make the Windows portions of it work properly on NT4. I uploaded a new diff and updated the docs on where to get it etc. - Jeff Pohlmeyer tracked down a very hard-to-find bug where we removed a cached DNS entry even though it may be in use, which caused "random" memory to get overwritten and thus "random" crashes. Daniel (12 September) - Based on a bug report by David Kimdon, I made the runtests.pl script clear all possible proxy environment variables before the tests are run. - By default, easy handles within a multi handle now share DNS cache. - Tim Bartley brought a patch that makes the GSSNEGOTIATE option work for Microsoft's "Negotiate" authentication as well. Daniel (11 September) - A zero-length proxy string confused FTP transfers. - Bjorn Reese found a case with an uninitialized pointer, only present when built for ares. Version 7.10.8-pre1 (8 September 2003) Daniel (7 September) - Jurij Smakov found out that the non-OpenSSL MD5 code was not working on Alpha (or ia64). Only the OpenSSL-version did. I made a fix I think corrects the problem. Daniel (5 September) - Kevin Fisk reported that configure --enable-thread didn't work. I fixed. - De-macrofied the lib/hash.c source code somewhat. Daniel (4 September) - CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL added, Based on Joerg Mueller-Tolk's patch, Early (4 September) - Added CURLOPT_FTP_RESPONSE_TIMEOUT - allows user to set strict timeout requirements on the FTP server's ability to respond to individual commands without placing global requirements on transfer or connect time. Files affected: - include/curl/curl.h Added option CURLOPT_FTP_RESPONSE_TIMEOUT - lib/ftp.c Added branch inside Curl_GetFTPResponse to check for data->set.ftp_response_timeout - lib/url.c Modified Curl_setopt to recognize CURLOPT_FTP_RESPONSE_TIMEOUT - lib/urldata.h Added ftp_response_timeout to struct UserDefined Daniel (3 September) - Peter Pentchev found and fixed two problems in the test suite's web server code, that made it segfault at times. - Jörg Mueller-Tolk improved the proxy user+password handling, especially when providing a blank password. Daniel (2 September) - Fix for making CONNECT to proxies do the correct magic to allow NTLM, Digest and similar to work. Daniel (1 September) - Henrik Storner made libcurl work fine with OpenLDAP 2.1.22 (current). - Jeff Pohlmeyer added a proper error message for non-resolving hosts when using ares for lookups. Daniel (25 August) - John McGowan reported that curl -k still failed if the HTTPS server's CN field wasn't obtainable. This was due to the CURLOPT_SSL_VERIFYHOST being set to 1, and libcurl failed if the CN was missing. Starting now, having it set to 1 will simply output a warning if no CN could be obtained (as having a mismatch is OK). Daniel (21 August) - Vincent Sanders provided a fix for name resolving when linked with uClibc. Daniel (20 August) - Gerd v. Egidy provided a patch that makes libcurl store the FTP response code from ftp servers. Using curl_easy_getinfo() with CURLINFO_HTTP_CODE returns that data. The option is therefore now also known as CURLINFO_RESPONSE_CODE. - Antoine Calando found a segfault when doing multi-part/formpost using the multi interface. - Antoine Calando pointed out that curl_multi_info_read() didn't set the msgs_in_queue to 0 properly when returning NULL. Daniel (19 August) - I made curl support multiple -T options, as well as -T "{file1,file2}" style globbing. One -T for each URL is supported. - Jeff Pohlmeyer found a segfault when using ares-enabled libcurl and the multi interface when trying a non-existing host name. - Made the libcurl printf code support long longs if available. - Loren Kirkby pointed out that we did not clean up all SSL-allocated memory in curl_global_cleanup(). Daniel (17 August) - Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL will now make them get the internal defaults restored. Previously this could cause a segfault. We should aim at having all pointer-related options get restored to default/safe values when set to NULL. Version 7.10.7 (15 August 2003) Daniel (14 August) - I modified the memdebug system to return failure on memory allocation functions after a set amount of successful ones. This enables us to test out-of-memory situations in a controlled manner and we can make sure that curl/libcurl behaves good in those. This made me find and fix several spots where we did not cleanup properly when bailing out due to errors (low memory). - Corrected test case 74. Made using -o with bad #[num] codes complain and bail out. Made #[num] support numbers larger than 9 as well. Added test case 86 for a proper range globbing test as well. Version 7.10.7-pre4 (12 August 2003) Daniel (12 August) - curl_version_info() now returns a flag if libcurl was built with asynch DNS support, and this is now also displayed with 'curl -V'. - Added a few new man pages to the docs/libcurl dir: curl_share_init, curl_share_setopt, curl_share_cleanup, libcurl-easy and libcurl-share. Daniel (11 August) - Mike Cherepov made the local binding code work for Windows, which makes the option CURLOPT_INTERFACE work on Windows as well. - Vincent Sanders updated the fopen.c example code a lot. - --proxy-ntlm is now supported by the curl tool. It forces the proxy authentication to be made using NTLM. It does not yet work for HTTPS over proxies (or other proxy-tunneling options). Test case 81 and 82 do some simple initial ntlm testing. - Found and fixed a minor memory leak on re-used connections with proxy-authentication. - I removed -@ and -Z as valid short options. They were very rarely used (@ wasn't even documented). - Serge Semashko introduced CURLOPT_PROXYAUTH, and make it work when set to CURLAUTH_NTLM and/or CURLAUTH_BASIC. The PROXAUTH is similar to HTTPAUTH, but is for the proxy connection only, and HTTPAUTH is for the remote host. - Fixed loading of cookies with blank contents from a cookie jar. Also made the cookie functions inform on added and skipped cookies (for cookie debugging). Version 7.10.7-pre3 (8 August 2003) Daniel (8 August) - Applied David Byron's fix for file:// URLs with drive letters included. - I added the --ftp-create-dirs to the client code, which activates Early's CURLOPT_FTP_CREATE_MISSING_DIRS option, and wrote test case 147 to verify it. Added the option to the curl.1 man page too. Added the option to the curl_easy_setopt.3 man page too. Daniel (7 August) - Test case 60 failed on ia64 and AMD Opteron. Fixed now. - Fixed a printf problem that resulted in urlglobbing bugs (bug #203827 in the debian bug tracker). Added test case 74 to verify the fix and to discover if this breaks in the future. - "make distcheck" works again. Version 7.10.7-pre2 (6 August 2003) Daniel (5 August) - Duncan Wilcox helped me verify that the latest incarnation of my ares patch builds fine on Mac OS X (see the new lib/README.ares) file for all details. - Salvatore Sorrentino filed bug report #783116 and Early Ehlinger posted a bug report to the libcurl list, both identifying a problem with FTP persistent connections and how the dir hierarchy was not properly reset between files. - David Byron's thoughts on a fixed Makefile in tests/ were applied. - Jan Sundin reported a case where curl ignored a cookie that browsers don't, which turned up to be due to the number of dots in the 'domain'. I've now made curl follow the the original netscape cookie spec less strict on that part. Daniel (4 August) - Dirk Manske added cookie support for the experimental, hidden and still undocumented share feature! - Mark Fletcher provided an excellent bug report that identified a problem with FOLLOWLOCATION and chunked transfer-encoding, as libcurl would not properly ignore the body contents of 3XX response that included the Location: header. Early (6 August) - Added option CURLOPT_FTP_CREATE_MISSING_DIRS This option will force the target file's path to be created if it does not already exist on the remote system. Files affected: - include/curl/curl.h Added option CURLOPT_FTP_CREATE_MISSING_DIRS - lib/ftp.c Added function ftp_mkd, which issues a MKD command Added function ftp_force_cwd, which attempts a CWD, and does a MKD and retries the CWD if the original CWD fails Modified ftp_perform() to call its change directory function through a pointer. The pointer points to ftp_cwd by default, and is modified to point to ftp_force_cwd IFF data->set.ftp_create_missing_dirs is not 0. - lib/url.c Modified Curl_setopt to recognize CURLOPT_FTP_CREATE_MISSING_DIRS - lib/urldata.h Added ftp_create_missing_dirs to struct UserDefined - Minor Bugfix for CURLOPT_TIMECONDITION with FTP - if the file was not present to do the time comparison, it would fail. Files affected: - lib/ftp.c In ftp_perform(), the call to ftp_getfiletime() used to be followed by if (result) return result; And then by the code that actually did the time comparison. The code that did the comparison handled the case where the filetime was not available (as indicated by info.filetime < 0 or set.timevalue < 0), so I replaced the if (result) return result with a switch(result) that allows CURLE_FTP_COULDNT_RETR_FILE to fall through to the normal time comparison. Daniel (3 August) - When proxy authentication is used in a CONNECT request (as used for all SSL connects and otherwise enforced tunnel-thru-proxy requests), the same authentication header is also wrongly sent to the remote host. This is a rather significant info leak. I've fixed it now and mailed a patch and warning to the mailing lists. Daniel (1 August) - David Byron provided a patch to make 7.10.6 build correctly with the compressed hugehelp.c source file. Version 7.10.7-pre1 (31 July 2003) Daniel (30 July) - Jörg Müller-Tolk updated the VC makefile. - Daniel Noguerol made the ftp code output "Accept-Ranges: bytes" in similar style like other faked HTTP headers when NOBODY and HEADER are used. I updated two corresponding test cases too. - Marty Kuhrt pointed out a compilation problem on VMS due to my having changed a type from long to time_t, and I'm now changing it back to work more portably... He also indicated that distributing the src/hugehelp.c in a compressed state like I accidentally did may not be the smartest move... I've now fixed the distribute procedure to automatically generate an uncompressed version when I make release archives. Daniel (29 July) - Gisle Vanem brought changes to the mkhelp script for the generation of the compressed help text on some platforms. Version 7.10.6 (28 July 2003) Daniel (28 July) - François Pons brought a patch that once again made curl deal with ftp and "double slash" as indicating the root directory. In the RFC1738-fix of April 30, that ability was removed (since it is not the "right" way). So, starting now we can list the root dir of an ftp server both these ways: curl ftp://server.com/%2f as well as curl ftp://server.com// Daniel (24 July) - Henry Bland pointed out that we included sys/resource.h without good reason in several source files. Without it included, QNX builds better... - Andrés García updated the mingw makefiles. Daniel (23 July) - Tracy Boehrer experienced DNS cache problems and did some nice debugging and tracking which made it easy for me to correct the problem and Tracy could verify that it did cure the problem! When re-using a connection we now make sure we don't re-use the 'connect_addr' struct. - Daniel Kouril corrected the GSS-Negotiate code. - Juan F. Codagnone provided fixes to allow curl to build fine on Windows again. Daniel (22 July) - Edited the curl/curl.h include file to build on Windows properly. Daniel (21 July) - Moved the proxy credentials from the SessionHandle struct to the connectdata struct, to make multiple proxy connections with differerent user names work. - Adjusted the NTLM code to support proxy functionality. - Made the krb4 stuff compile with the user+password fields moved. Version 7.10.6-pre4 (21 July 2003) Daniel (20 July) - David Gardner pointed out in bug report 770755 that using the FTP command CWD with a blank argument is a bad idea and I made libcurl skip empty path segments starting now. Daniel (18 July) - Cris pointed out that my fix on July 16th didn't work fully. His pointing out this (and his patch) also made me realize that we have a very similar bug in the FTP connection re-use code. We must store a separate user and password field for each connection we keep (at least for FTP and HTTP+NTLM connections, so I made us do this unconditionally). - Since NTLM authenticates connections instead of single requests, I had to re-arrange how we store the NTLM data and I had to improve the test suite to finally work properly with persistency to make the NTLM tests run fine again. This also forced me to have to update lots of HTTP test cases. Daniel (16 July) - Cris Bailiff's bug report 768275 pointed out that using Basic auth with wrong user+password caused an endless loop. Fixed now. He also found out that we didn't properly authenticate connections with NTLM. Fixed too. - Dan Winship provided fixes for the NTLM code. Daniel (5 July) - Doug Kaufman provided additional fixes for the DOS port. Daniel (4 July) - Rick Richardson pointed out that using setvbuf() to achieve non-buffering on output is no-good for SCO Xenix and other unixes. We switched over to using plain fflush() instead. - Dan Grayson pointed out that we set the CURL_CA_BUNDLE variable wrongly in the configure script, and I had to change some build stuff to make the new way work. - Peter Sylvester's patch was applied that introduces the following: CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If anything but CURLE_OK is returned, that will also be returned by libcurl all the way back. If this function changes the CURLOPT_URL, libcurl will detect this and instead go use the new URL. CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set with CURLOPT_SSL_CTX_FUNCTION. Daniel (1 July) - David Byron provided a patch that allows a client to quit the test suite's HTTP server. - Gisle Vanem found and patched a lib handle leak in the ldap code. Daniel (25 June) - More NTLM-improvements. Less code. Smaller packets back and forth. Daniel (23 June) - Eric Glass provided us with a better doc on NTLM details, and I added more comments and clarified the current code more. Using the new knowledge, we should be able to make the NTLM stuff work even better. Eric's original URL: http://davenport.sourceforge.net/ntlm.html Version stored and provided at curl site: http://curl.haxx.se/rfc/ntlm.html - Fixed the minor compile problems pre3 had if built without GSSAPI and/or SSL. Version 7.10.6-pre3 (19 June 2003) Daniel (19 June) - Made curl use curl_free() on memory returned by curl_getenv(), as this should theoreticly make it possibly to build and run curl and libcurl with different memory allocation schemes with no problems. Daniel (18 June) - Improved the mkhelp.pl a bit further to make a nicer hugehelp text and to include a better comment in the top for the gzip compressed version. Daniel (17 June) - CURLOPT_HTTPAUTH is now a bitmask, in which you set which authentication type(s) you want to use. If more than one is set, libcurl will use one of the selected one and the one it considers is more secure. Test case 67 and 68 (for NTLM) were fixed and we've reduced a round-trip for specific --ntlm fetches, and test case 69 and 70 were added for testing authentication "picking". --anyauth is the new command line tool option, and I also added --basic for completeness (that's the default type). - Fixed the runtests.pl script to use the info provided by the new curl -V output. - --enable-debug now sets the CURLDEBUG define instead of MALLOCDEBUG, as it is meant to be a generic debug conditional. - curl_version_info() can now return CURL_VERSION_DEBUG as a feature bit, to indicate that the library was built with CURLDEBUG set. - Ralph Mitchell found out that some web applications very badly uses white spaces in Location: redirects, and apparently IE is a browser (the only one?) that supports this abomination. Based on Ralph's patch, I added code that now attempts to replace white spaces with the proper "%20" or "+". Test case 40 and 42 were added to verify my changes. - curl -V now also outputs a list of features the available library offers (if any). - The curl_version() string now includes "GSS" if libcurl is built with GSSAPI support. - David Orrell reported that libcurl still crashed when sending HUGE requests over HTTPS... I fixed. Version 7.10.6-pre2 (16 June 2003) Daniel (16 June) - curl_version_info() now returns bitmasked information weather NTLM and GSSNEGOTIATE are supported, since it is doomed to vary on different installations. - I remade the HTTP Digest code to use the MD5-code provided by OpenSSL if that is present, and only use our own MD5-code if it isn't. Daniel (13 June) - More NTLM help, fixes and patches from Cris Bailiff. - Marty Kuhrt brought include fixes for making VMS builds warning-free. Daniel (12 June) - NTLM authentication works somewhat against the test servers provided by Mathias Axelsson and Cris Bailiff. Use by setting CURLOPT_HTTPAUTH to CURLAUTH_NTLM to libcurl, or --ntlm for the curl tool. Test case 67 and 68 were added for this. NTLM-support requires OpenSSL. - Dan Fandrich provided a patch, that granted that gzip and libz are available at build-time, compresses the hugehelp text in the curl command line and uncompresses it at request. Saves some ~60K in the final output executable. Daniel (11 June) - Long day of fighting the NTLM demons. Daniel (10 June) - Modified how to set auth type to libcurl. Now use CURLOPT_HTTPAUTH instead, and pick method. Supported ones currently are: CURLAUTH_BASIC - default selection CURLAUTH_DIGEST - formerly CURLOPT_HTTPDIGEST CURLAUTH_GSSNEGOTIATE - Daniel Kouril added HTTP GSS-Negotiate authentication support, as defined in the IETF draft draft-brezak-spnego-http-04.txt. In use already by various Microsoft web applications. --negotiate is the new family member. To take advantage of this, you need one of these packages: o Heimdal Kerberos5 http://www.pdc.kth.se/heimdal/heimdal.html o GSSAPI from Globus http://www.globus.org/ o GSSAPI libraries from MIT Kerberos5 http://web.mit.edu/kerberos/www/ - A missing ending bracket (']') while doing URL globbing could lead to a segfault. While fixing this, I also introduced better error reporting in the globbing code. (All this is application code outside libcurl.) Daniel (6 June) - David Orrell found out that sending a huge GET request over HTTPS could make libcurl fail and return an error code. Daniel (2 June) - Richard Bramante found out that "Content-Length: 0" was not properly used by libcurl if the response-headers indicated that the connection would be closed. - David Byron's patch was applied, that makes the --progress-bar take the local size into account when doing resumed downloads. - Feedback from Serge Semashko made me change the error message returned when CURLE_HTTP_RETURNED_ERROR is returned. - Anonymous in bug report #745122 pointed out that we should really be using SSL_CTX_set_options(... SSL_OP_ALL) to work around flaws in existing SSL implementations. Daniel (27 May) - Andreas Ley and Rich Gray helped me point out that no version of HP-UX has the sys/select.h header file so including it unconditionally in curl/multi.h is not a good thing. Now we check for HPUX and avoid using that header on such systems. - Rudy Koento experienced problems with curl's recent habit of POSTing data in two separate send() calls, first the headers and then the data. I've now made a fix that for static and known content that is less than 100K in size, everything is now sent in one single system call again. This is also better for network performance reasons. - I modified the main makefile to not build the test suite and a few other unnecessary things by default. Now, the test suite is built when 'make test' is run. This reduces build time for those who don't care for the test suite, and it also reduces confusion for people using platforms where the test suite build fails! Daniel (26 May) - Chris Lewis pointed out a flaw in the #ifdefs in curl/multi.h for Windows, which is now corrected. - Jis Joy found another flaw in the SOCK5 code, as libcurl treated the socks5 proxy a little too much like as if it was a http proxy. Daniel (23 May) - Ricardo Cadime found a socket leak when listing directories without contents. Test cases 144 and 145 were added to verify the fix. - Rudy Koento found yet another problem when a HTTP server returns only a single-line of contents without any headers at all. libcurl then failed to count the data, thus returning error 52 "no contents". Test case 66 was added to verify that we now do right. Version 7.10.6-pre1 (23 May 2003) Daniel (23 May) - Jis in bug report #741841, fixed a bug in the SOCKS5 proxy-using code. Daniel (22 May) - David Remahl set up a test-server for me providing Digest authentication, and I wrote the first working code that support it. The test suite was modified slightly as well to work better for it and --digest was added to the command line options (and CURLOPT_HTTPDIGEST to the library)... RFC2617 has all the gory details. Daniel (21 May) - David Balazic pointed out that curl_unescape() didn't check that %-codes were correctly followed by two hexadecimal digits when it unescape strings. Now, we do the check and only %XX codes are unescaped if the X letters are hexadecimals. - Gisle Vanem made curl build with djgpp on DOS. - Gisle Vanem improved the mkhelp.pl script to make a nicer manual that is shown with curl -M. Daniel (20 May) - Gisle Vanem provided a fix that makes libcurl more conservative, not expecting h_aliases of the hostent struct to always be non-NULL. Daniel (19 May) - As requested by Martin Michlmayr in Debian bug report #193630, libcurl now supports user name and password in the proxy environment variables. Added test case 63 to verify this. Version 7.10.5 (19 May 2003) Daniel (15 May) - Changed the order for the in_addr_t testing, as 'unsigned long' seems to be a very common type inet_addr() returns. Daniel (14 May) - George Comninos provided a fix that calls the progress meter when waiting for FTP command responses take >1 second. It'll make applications more "responsive" even when dealing with very slow ftp servers. Daniel (12 May) - George Comninos pointed out that libcurl uploads had two quirks: o when using FTP PORT command, it used blocking sockets! o it could loop a long time without doing progress meter updates Both items are fixed now. Daniel (9 May) - Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if set to "". This frees the application from having to know which encodings the library supports. - Dan Fandrich pointed out we had three unnecessary files in CVS that is generated with libtoolize, so they're now removed and libtoolize is invoked accordingly in the buildconf script. - Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the given name is a network interface gave a real performance penalty on Linux, so now we more appropriately first check if it is an IP number and if so we don't check for a network interface with that name. - CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts to use EPRT and LPRT before the traditional PORT command. The command line tool sets this option with '--disable-eprt'. Version 7.10.5-pre2 (6 May 2003) Daniel (6 May) - Kevin Delafield reported another case where we didn't correctly check for EAGAIN but only EWOULDBLOCK, which caused badness on HPUX. Daniel (4 May) - Ben Greear noticed that the check for 'writable argv' exited the configure script when run for cross-compiling, which wasn't nice. Now it'll default to no and output a warning about the fact that it was not checked for. Daniel (2 May) - Added test case 62 and fixed some more on the cookie sending with a custom Host: header set. Daniel (1 May) - Andy Cedilnik fixed a few compiler warnings. - Made the "SSL read error: 5" error message more verbose, by adding code that queries the OpenSSL library to fill in the error buffer. Daniel (30 Apr) - Added sys/select.h include in the curl/multi.h file, after having been reminded about this by Rich Gray. - I made each test set its own server requirements, thus abandoning the previous system where the test number implied what server(s) to use for a specific test. - David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so that libcurl now uses one CWD command for each path part. A bunch of test cases were fixed to work accordingly. - Cookie fixes: A. Save domains in jars like Mozilla does. It means all domains set in Set-Cookie: headers are dot-prefixed. B. Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars (the second column). C. Reject cookies using illegal domains in the Set-Cookie: line. Concerns both domains with too few dots or domains that are outside the currently operating server host's domain. D. Set the path part by default to the one used in the request, if none was set in the Set-Cookie line. To make item C really good, I also made libcurl notice custom Host: headers and extract the host name set in there and use that as the host name for the site we're getting the cookies from. This allows user to specify a site's IP-address, but still be able to receive and send its cookies properly if you provide a valid Host: name for the site. Daniel (29 Apr) - Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine when using the multi interface (too). Version 7.10.5-pre1 (23 Apr 2003) Daniel (23 Apr) - Upgraded to libtool 1.5. Daniel (22 Apr) - Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly) return CURLE_OK no matter what happens. - Dan Fandrich fixed some gzip decompression bugs and flaws. Daniel (16 Apr) - Fixed minor typo in man page, reported in the Debian bug tracker. Daniel (15 Apr) - Fixed some FTP tests in the test suite that failed on my Solaris host, due to the config.h not being included before the system headers. When done that way, it did get a mixed sense of if big files are supported or not and then stat() and fstat() (as used in test case 505) got confused and failed to return a proper file size. - Formposting a file using a .html suffix is now properly set to Content-Type: text/html. Daniel (14 Apr) - Fixed the SSL error handling to return proper SSL error messages again, they broke in 7.10.4. I also attempt to track down CA cert problems and then return the CURLE_SSL_CACERT error code. - The curl tool now intercepts the CURLE_SSL_CACERT error code and displays a fairly big and explanatory error message. Kevin Roth helped me out with the wording. Daniel (11 Apr) - Nic Hines provided a second patch for gzip decompression, and fixed a bug when deflate or gzip contents were downloaded using chunked encoding. - Dan Fandrich made libcurl support automatic decompression of gzip contents (as an addition to the previous deflate support). - I made the CWD command during FTP session consider all 2xy codes to be OK responses. Daniel (10 Apr) - Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash after the host name, but still had "?" and parameters appended, as in "http://hostname.com?foobar=moo", were not properly parsed by libcurl. Daniel (9 Apr) - Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as for HTTP. This then made -z work for ftp transfers too. Added test case 139 and 140 for verifying this. - Getting the file date of an ftp file used the wrong time zone when displayed. It is supposedly always GMT. Added test case 141 for this. - Made the test suite's FTP server support MDTM. - The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs CURLINFO_HEADER_IN data as well. The most notable effect from this is that using curl -v, you get to see the incoming "headers" as well. This is perhaps most useful when doing ftp. Daniel (8 Apr) - James Bursa fixed a flaw in the Content-Type extraction code, which missed the first letter if no space followed the colon. - Magnus Nilsson pointed out that share.c was missing in the MSVC project file. Daniel (6 Apr) - Ryan Weaver provided a patch that makes the CA cert bundle not get installed anymore when 'configure --without-ssl' has been used. Daniel (4 Apr) - Martijn Broenland found another cases where a server application didn't like the boundary string used by curl when doing a multi-part/formpost. We modified the boundary string to look like the one IE uses, as this is probably gonna make curl work with more applications. Daniel (3 Apr) - Kevin Roth reported that a bunch of tests fails on cygwin. One set fails when using perl 5.8 (and they run fine with perl 5.6), and another set failed because of an artifact in the test suite's FTP server that I corrected. It turned out the FTP server code was still having a file opened while the main test script removed it and invoked the HTTP server that attempted to create the same file name of the file the FTP server kept open. This operation works fine on unix, but not on cygwin. Version 7.10.4 (2 Apr 2003) Daniel (1 Apr) - Added test case 505 to exercise FTP upload with rename done with libcurl, and for that I had to extend the test suite's FTP server to deal with the RNFR and RNTO commands. Daniel (31 Mar) - Even more SSL config check modifications after Richard's testing. Version 7.10.4-pre6 (31 Mar 2003) Daniel (31 Mar) - More fixes for the SSL session ID cache checks when SSL configs are changed between connections. Based on tests and talks with Richard Bramante. - Guillaume Cottenceau provided a patch that added CURLOPT_UNRESTRICTED_AUTH. When enabled, it will prevent libcurl from limiting to which host it sends user+password to when following locations. By default, libcurl only sends name and password to the original host used in the first URL, but with this option set it will send the auth info to all hosts it follows location headers to. The new tool command line option for this is named "--location-trusted". - Frankie Fong reported a problem with libcurl if you re-used an easy handle with a proxy, and you first made a https:// connection to a host and then switched to a http:// one to the same host. libcurl would then wrongly re-use the same connection for it and fail to get the second URL properly Daniel (29 Mar) - Dan Shearer's fix that makes curl complain if invoked with nothing but "curl -O" was applied. Daniel (26 Mar) - Bryan Kemp was friendly enough to lend me an account on his Redhat 9 box and I could fix the configure problems on redhat 8.1 and 9 in no time thanks to this. Thanks a bunch Bryan! Daniel (25 Mar) - Renamed configure.in to configure.ac Version 7.10.4-pre5 (25 Mar 2003) Daniel (25 Mar) - Richard Bramante provided a fix for a handle re-use problem seen when you change options on an SSL-enabled connection between requests. Previously, changing peer verification or host verification and similar things was not taken into account when a connection were checked for re-use and thus enabling stricter check between requests on a re-used connection made no difference and the connection would thus be used erroneously. Daniel (24 Mar) - Götz Babin-Ebell pointed out that the ca-bundle.crt file contained a certificate from Trustcenter that was a demo certificate only that was never intended to be part of a CA bundle. Daniel (21 Mar) - Life is a mystery. Within a time period of 17 hours, Tim Pope and Michael Churchill filed one bug report each, both identifying problems with a second transfer when doing persistent transfers re-using a connection. Tim's one is #706624, labeled "Multiple uploads per handle fail" and Michael's #707003 "Does not send Authorization: header when reusing connection". I could track both down to the same piece of logic and it turned out libcurl was not using new settings properly when re-using an existing connection. This concerned both uploading and downloading and involved exactly those pieces these two reports identified. This code has been this faulty since the day I introduced persistent connection support in libcurl, more than 2 years ago. Daniel (20 Mar 2003) - Five year anniversary. Today five years ago, the first ever curl release saw the light of day. Daniel (17 Mar) - Andy Cedilnik corrected flaws in some libcurl example-usage sources. Daniel (16 Mar) - Juan F. Codagnone reported that the fix from March 2nd was incomplete. - Added code to the configure.in to check for select() argument types. I've not made any code use the results just yet though. Daniel (15 Mar) - Gisle Vanem provided two patches to build better on Windows. - Adjusted the test suite code to better make sure that the server(s) required for a specific test is properly started before the test case is attempted. Many tests now run a lot faster than before. Daniel (14 Mar) - Another configure.in adjustment made the configure detect functions properly on HPUX now. Daniel (13 Mar) - Philippe Raoult fixed pre4-compile quirks for FreeBSD. Version 7.10.4-pre4 (13 Mar 2003) Daniel (13 Mar) - Added a backup-check for functions that aren't found by AC_CHECK_FUNCS() as I believe some checks on HPUX need this. At least some of the info given to us by Rick Jones seemed to indicate this. Daniel (12 Mar) - Thomas Tonino found out that if you used the curl tool to do PUT operations as in 'curl www.foo.com/dir/ -T file' and the file name included for example space or other characters that don't belong in URLs, curl did not properly URL encode them before using them in the URL. - Added an option to configure called --enable-libgcc that simply adds -lgcc to the LIBS variable, as this seems to be a common problem. - I modified the configure.in file, so that the headers are now checked in an order of "viality". We must also make sure to use the "default headers" parameter to AC_CHECK_HEADERS() so that headers are checked with the proper prerequisites included (i.e all the major and generally important header files are included there by default). This might be what we need for various Sun, HP, AIX and Tru64 systems to behave good again on the header check front. - Rick Jones pointed out a few compiler warnings on HP-UX that I addressed. - I made the configure --help output nicer by using AC_HELP_STRING() a lot more. Daniel (11 Mar) - Christophe Demory fixed the socket sending code to work better on HP-UX when sending data to a socket that would block. It then returns EAGAIN, not EWOULDBLOCK. - Richard Gorton improved the seeding function for systems without a good and reliable random source. - Richard Gorton fixed a few warnings that popped up when you built curl using the Sun compiler on a 64bit SPARC platform. - Martin C. Martin fixed a case where a connect failure using the multi interface didn't produce a human readable error string. Daniel (10 Mar) - Reverted ltmain.sh back to libtool 1.4.2 status again, as the 1.4.3 version broke the build on numerous platforms. It seems that libtool 1.4.3 puts some requirements on what versions of the other tools (autoconf + automake) that I am not familiar with and thus I couldn't fulfill at this point. Yes, this is more than mildly frustrating. Daniel (7 Mar) - Run libtoolize version 1.4.3. Version 7.10.4-pre3 (4 Mar 2003) Daniel (3 Mar) - Added share.obj to the VC6 and Borland libcurl makefiles. - Troels Walsted Hansen found and investigated a problem with libcurl on AIX, presumably only on 4.3 or later. gethostbyname_r() is not returning data that is possible to "keep" and cache the way libcurl does. But instead these versions of AIX uses a gethostbyname() that works thread-safely we can instead use the ordinary gethostbyname() and our pack_hostent() approach to achieve what we want. The configure script now attempts to detect AIX 4.3 or later to adjust for this. Daniel (2 Mar) - Juan F. Codagnone found a problem introduced in 7.10.3 when you first did a POST and then back to a GET using the same easy handle. Daniel (28 Feb) - Removed the strequal and strnequal defines from curl/curl.h header. They were never meant for the public header anyway. Philippe Raoult brought it up. - James Bursa fixed the RISC OS build. Daniel (27 Feb) - Avery Fay pointed out the very misleading curl_multi_info_read man page, and I updated it to become more accurate. - Salvatore Sorrentino found a problem with FTP downloading that turned out to be his FTP server returning size zero (0 bytes) when SIZE was used on a file while being in BINARY mode. We now make a second check for the actual size by scanning the RETR reply anyway, even if the SIZE command returned 0. Daniel (26 Feb) - Kyle Sallee reported a case where he would do a transfer that didn't update the progress meter properly. It turned out to be a case where libcurl would loop a little too eagerly in the transfer loop, which isn't really good for the APIs, especially not the multi API. Version 7.10.4-pre2 (24 Feb 2003) Daniel (24 Feb) - Kjetil Jacobsen found out that setting CURLOPT_MAXCONNECTS to a value higher than 5 could cause a segfault. - I believe I fixed the 'Expect: 100-continue' behavior that has been broken for a while (I think since my change dated Dec 10 2002). When this header is used, libcurl should wait for a HTTP 100 (or timeout) before sending the post/put data. Daniel (14 Feb) - Matthew Clarke provided some info what to modify to make curl build flawlessly on AIX 3.2.5. - Martin C. Martin found and fixed a problem in the multi interface when running on Windows and trying to connect to a port without a listener. Daniel (13 Feb) - Christopher R. Palmer fixed Curl_base64_encode() to deal with zeroes in the data to encode. Daniel (4 Feb) - Jean-Philippe added the first code that enables the 'share' system. This should now enable sharing of DNS data between two curl easy handles. - Incorporated Nico Baggus' fixes to again compile flawlessly on VMS. - James Bursa corrected a bad comment in the public include file curl/multi.h - Peter Forret reported one of those error:00000000 cases in libcurl again when connecting to a HTTPS site, and this time I did discover some oddities in how curl reports SSL errors back. It could miss showing the actual error. Version 7.10.4-pre1 (3 Feb 2003) Daniel (3 Feb) - Removed things in the docs saying capath doesn't work on Windows, as Julian Noble told us it works fine. Daniel (31 Jan) - Kevin Roth fixed the zlib build stuff in the Mingw32 makefile. Daniel (30 Jan) - Kevin Roth found out that curl on Windows always checked for the CA cert bundle using the environment variable and the path scan, even though -k/--insecure was used. - Hamish Mackenzie pointed out that curl only did strict host name verifying if capath or cainfo was used. Now it'll always do it unless -k / --insecure is used! - Pavel Cenek pointed out that the Content-Type extraction was done wrongly as the full string was not fetched. Added test case 57 to verify that curl does it right now. Daniel (29 Jan) - Jamie Wilkinson provided a patch that now makes curl attempt to clear out "sensitive" command line arguments so that they don't appear in ps outputs (only on platforms that allow writing to argv[]). - John McGowan found out that the DEBUGFUNCTION could be called with bad arguments and thus cause the --trace outputs to go wrong. - Removed all the emacs local variables from all files. Mats Lidell provided the new sample.emacs file (for a sample of what to include in your .emacs) and the curl-style.el that sets a better c-style for editing curl sources. - Dave Halbakken found a problem with FTP downloads that could accidently return CURLE_PARTIAL_FILE when curl_easy_perform() was called with NOBODY set TRUE. Daniel (27 Jan) - The fopen.c example was flawed as Nick Humfrey noticed, and I fixed it to work again. Daniel (24 Jan) - Bertrand Demiddelaer found and fixed a memory leak (the content-type string) when following locations. Daniel (22 Jan 2003) - Ian Wilkes and Legoff Vincent both independently provided fixes for making curl/multi.h work properly when compiled with a C++ compiler. Daniel (20 Jan 2003) - Fixed 'buildconf' to check version number of the required tools before they're actually used. - Wrote 'testcurl.sh', a script targeted for automatic and distributed curl tests on various platforms. - David Thiel pointed out that the .netrc file was not being dealt with properly anymore. I broke this in the password prompting "fix". - Markus F.X.J. Oberhumer patched libcurl to allocate the scratch buffer only on demand and thus we save 32KB in each curl handle that don't use that buffer. This need appeared when some people started using thousands of simultaneous curl handles... :-) Daniel (16 Jan 2003) - Markus Oberhumer fixed curl-config --cflags when the includedir was not /usr/include. - Markus Oberhumer fixed CURLINFO_PRIVATE to properly return NULL if it was set to NULL! Version 7.10.3 (14 Jan 2003) Daniel (10 Jan 2003) - Steve Oliphant pointed out that test case 105 did not work anymore and this was due to a missing fix for the password prompting. Version 7.10.3-pre6 (10 Jan 2003) Daniel (9 Jan 2003) - Bryan Kemp pointed out that curl -u could not provide a blank password without prompting the user. It can now. -u username: makes the password empty, while -u username makes curl prompt the user for a password. - Kjetil Jacobsen found a remaining connect problem in the multi interface on ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed his problems. - memanalyze.pl now reads a file name from the command line, and no longer takes the data on stdin as before. Version 7.10.3-pre5 (9 Jan 2003) Daniel (9 Jan 2003) - Fixed tests/memanalyze.pl to work with file names that contain colons (as on Windows). - Kjetil Jacobsen quickly pointed out that lib/share.h was missing... Version 7.10.3-pre4 (9 Jan 2003) Daniel (9 Jan 2003) - Updated lib/share.c quite a bit to match the design document at http://curl.haxx.se/dev/sharing.txt a lot more. I'll try to update the document soonish. share.c is still not actually used by libcurl, but the API is slowly getting there and we can start implementing code that takes advantage of this system. Daniel (8 Jan 2003) - Updated share stuff in curl/curl.h, including data types, structs and function prototypes. The corresponding files in lib/ were also modified of course to remain compilable. Based on input from Jean-Philippe and also to make it more in line with the design document. - Jean-Philippe Barrette-LaPierre patched a very trivial memory leak in curl_escape() that would happen when realloc() returns NULL... - Matthew Blain provided feedback to make the --create-dirs stuff build properly on Windows. - Fixed the #include in tests/libtest/first.c as Legoff Vincent pointed out. Daniel (7 Jan 2003) - Philippe Raoult provided a patch that now makes libcurl properly support wildcard checks for certificate names. - Simon Liu added CURLOPT_HTTP200ALIASES, to let an application set other strings recognized as "HTTP 200" to allow http-like protocols to get downloaded fine by curl. - Now using autoconf 2.57 and automake 1.7.2 - Doing "curl -I ftp://domain/non-existing-file" still outputed a date! Wayne Haigh reported. - The error message is now written properly with a newline in the --trace file. Daniel (6 Jan 2003) - Sterling Hughes fixed a possible bug: previously, if you called curl_easy_perform and then set the global dns cache, the global cache wouldn't be used. Pointed out by Jean-Philippe Barrette-LaPierre. - Matthew Blain's fixed the VC6 libcurl makefile to include better debug data on debug builds. Daniel (27 Dec 2002) - Philippe Raoult reported a bug with HTTPS connections which I evidently added in my 19 dec fix. I corrected it. Daniel (20 Dec) - Idea from the Debian latest patch: use AM_MAINTAINER_MODE in the configure script to make the default makefile less confusing "to the casual installer". Version 7.10.3-pre3 (20 Dec) Daniel (19 Dec) - Matthew Blain patched the Curl_base64_decode() function. - Evan Jordan reported in bug report #653022 that the SSL_read() usage was wrong, and it certainly was. It could lead to curl using too much CPU due to a stupid loop. Daniel (18 Dec) - As suggested by Margus Freudenthal, CURLE_HTTP_NOT_FOUND was renamed to CURLE_HTTP_RETURNED_ERROR since it is returned on any >= 400 code when CURLOPT_FAILONERROR is set. Daniel (17 Dec) - Bug reported #651464, reported by Christopher Palmer, provided an example source code using the multi interface that hang when trying to connect to a proxy on a localhost port where no proxy was listening. This bug was not repeatable on libcurls that were IPv6-enabled. Daniel (16 Dec) - Christopher Palmer also noticed what Vojtech Janota already was experiencing: The attempted name resolve fix for glibc 2.2.93 caused libcurl to crash when used on some older glibc versions. The problem is of course the silliness of the 2.2.93. I committed a fix that hopefully should make the binary run fine on either one of the versions, even though the solution is not as nice as I'd like it to be. Daniel (13 Dec) - Bug report #651460 by Christopher R. Palmer showed that when using libcurl to for example go over a proxy on localhost, it would attempt to connect through the proxy TWICE. I added test case 503 with which I managed to repeat this problem and I fixed the code to not re-attempt any connects (which also made it a nicer fix for the #650941 bug mentioned below). The sws server was extended to deal with CONNECT in order to make test case 503 do good. - Evan Jordan posted bug report #650989 about a memory leak in the public key retrieving code. He provided a suggested fix and I merely applied it! - Bug report #650941, posted by Christopher R. Palmer identified a problem with the multi interface and getting file:// URLs. This was now fixed and test case 502 was added to verify this. Daniel (12 Dec) - Test case 500 and 501 are the first ever libcurl test cases that run. - Made "configure --enable-debug" cut off all -O* options to the compiler - Finally fixed the test suite's ftp server so that test case 402 doesn't cause the following test case to fail anymore! Daniel (11 Dec) - CURL_MAX_WRITE_SIZE is now decreased to 16KB since it makes the Windows version perform uploads much faster!!! RBramante did lots of research on this topic. - Fixed the #include in curl/curl.h to include the other files outside the extern "C" scope. Daniel (10 Dec) - Moved around and added more logic: First, POST data is never sent as part of the request headers in the http.c code. It is always sent the "normal" read callback then send() way. This now enables a plain HTTP POST to be sent chunked if we want to. This also reduces the risk of having very big POSTs causing problems. Further, sending off the initial HTTP request is not done using a loop anymore. If it wasn't all sent off in the first send(), the rest of the request is sent off in the normal transfer select() loop. This makes several things possible, but mainly it makes libcurl block less when used from the multi interface and it also reduces the risk of problems with issuing very large requests. Daniel (9 Dec) - Moved the read callback pointer and data within the structs to a more suitable place. This in preparation for a better HTTP-request sending code without (a silly) loop. - The Dodds fix seems not to work. - Vojtech Janota tests proved that the resolve fix from oct 21st is not good enough since obviously older glibcs might return EAGAIN without this meaning that the buffer was too small. - [the other day] Made libcurl loop on recv() and send() now until done, and then get back to select(). Previously it went back to select() more often which really was a slight overhead. This was due to the reported performance problems on HTTP PUT on Windows. I couldn't see any notable difference on Linux... Version 7.10.3-pre2 (4 Dec 2002) Daniel (4 Dec 2002) - Lots of work with Malcolm Dodds made me add a temporary code fix that now shortens the timeout waiting for the 226 or 250 line after a completed FTP transfer. If no data is received within 60 seconds, this is taken as a sign of a dead control connection and we bail out. Daniel (3 Dec 2002) - Ralph's bug report #644841 identified a problem in which curl returned a timeout error code when in fact the problem was not a timeout. The proper error should now be propagated better when they're detected in the FTP response reading function. - Updated the Borland Makefiles. Daniel (2 Dec 2002) - Nicolas Berloquin provided a patch that introduced --create-dirs to the command line tool. When used in combination with -o, it lets curl create [non-existing] directories used in -o, suitably used with #-combinations such as: curl "www.images.com/{flowers,cities,parks,mountains}/pic_[1-100].jpg \ -o "dir_#1/pic#2.jpg" --create-dirs Version 7.10.3-pre1 Daniel (28 Nov 2002) - I visited Lars Nordgren and had a go with his problem, which lead me to implement this fix. If libcurl detects the added custom header "Transfer-Encoding: chunked", it will now enable a chunked transfer. Also, chunked transfer didn't quite work before but seems to do so now. - Kjetil Jacobsen pointed out that ./configure --disable-ipv6 --without-zlib didn't work on any platform... Daniel (26 Nov 2002) - Fixed a bad addrinfo free in the hostip.c code, hardly exposed anywhere - Dan Becker found and fixed a minor memory leak on persistent connnections using CURLOPT_USERPWD. Daniel (22 Nov 2002) - Based on Ralph Mitchell's excellent analysis I found a bug in the test suite web server (sws) which now lets test case 306 run fine even in combination with the other test cases. - Juan Ignacio Hervás found a crash in the verbose connect message that is used on persistent connections. This bug was added in 7.10.2 due to the rearranged name resolve code. Daniel (20 Nov 2002) - Kjetil Jacobsen provided a patch that introduces: CURLOPT_PRIVATE stores a private pointer in the curl handle. CURLINFO_PRIVATE retrieves the private pointer from the curl handle. - Karol Pietrzak pointed out how curl-config --cflags didn't output a good include dir so I've removed that for now. Version 7.10.2 (18 Nov 2002) Daniel (11 Nov 2002) - Dave Halbakken added curl_version_info to lib/libcurl.def to make libcurl properly build with MSVC on Windows. Daniel (8 Nov 2002) - Doing HTTP PUT without a specified file size now makes libcurl use Transfer-Encoding: chunked. Daniel (7 Nov 2002) - Bug report #634625 identified how curl returned timeout immediately when CURLOPT_CONNECTTIMEOUT was used and provided a fix. Version 7.10.2-pre4 (6 Nov 2002) Daniel (5 Nov 2002) - Lehel Bernadt found out and fixed. libcurl sent error message to the debug output when it stored the error message. - Avery Fay found some problems with the DNS cache (when the cache time was set to 0 we got a memory leak, but when the leak was fixed he got a crash when he used the CURLOPT_INTERFACE with that) that had me do some real restructuring so that we now have a reference counter in the dns cache entries to prevent an entry to get flushed while still actually in use. I also detected that we previously didn't update the time stamp when we extracted an entry from the cache so that must've been a reason for some very weird dns cache bugs. Version 7.10.2-pre3 Daniel (31 Oct 2002) - Downgraded automake to 1.6.3 in an attempt to fix cygwin problems. (It turned out this didn't help though.) - Disable the DNS cache (by setting the timeout to 0) made libcurl leak memory. Avery Fay brought the example code that proved this. Version 7.10.2-pre2 Daniel (28 Oct 2002) - Upgraded to autoconf 2.54 and automake 1.7 on the release-build host. - Kevin Roth made the command line tool check for a CURL_CA_BUNDLE environment variable (if --cacert isn't used) and if not set, the Windows version will check for a file named "curl-ca-bundle.crt" in the current directory or the directory where curl is located. That file is then used as CA root cert bundle. - Avery Fay pointed out that curl's configure scrip didn't get right if you used autoconf newer than 2.52. This was due to some badly quoted code. Version 7.10.2-pre1 Daniel (23 Oct 2002) - Emiliano Ida confirmed that we now build properly with the Borland C++ compiler too. We needed yet another fix for the ISO cpp check in the curl.h header file. - Yet another fix was needed to get the HTTP download without headers to work. This time it was needed if the first "believed header" was read all in the first read. Test 306 has not run properly since the 11th october fix. Daniel (21 Oct 2002) - Zvi Har'El pointed out a problem with curl's name resolving on Redhat 8 machines (running IPv6 disabled). Mats Lidell let me use an account on his machine and I could verify that gethostbyname_r() has been changed to return EAGAIN instead of ERANGE when the given buffer size is too small. This is glibc 2.2.93. - Albert Chin helped me get the -no-undefined option corrected in lib/Makefile.am since Cygwin builds want it there while Solaris builds don't want it present. Kevin Roth helped me try it out on cygwin. - Nikita Schmidt provided a bug fix for a FOLLOWLOCATION bug introduced when the ../ support got in (7.10.1). Daniel (18 Oct 2002) - Fabrizio Ammollo pointed out a remaining problem with FOLLOWLOCATION in the multi interface. Daniel (17 Oct 2002) - Richard Cooper's experimenting proved that -j (CURLOPT_COOKIESESSION) didn't work quite as supposed. You needed to set it *before* you use CURLOPT_COOKIEFILE, and we dont' want that kind of dependencies. Daniel (15 Oct 2002) - Andrés García provided corrections for erratas in four libcurl man pages. Daniel (13 Oct 2002) - Starting now, we generate and include PDF versions of all the docs in the release archives. Daniel (12 Oct 2002) - Trying to connect to a host on a bad port number caused the multi interface to never return failure and it appeared to keep on trying forever (it just didn't do anything). Daniel (11 Oct 2002) - Downloading HTTP without headers didn't work 100%, some of the initial data got written twice. Kevin Roth reported. - Kevin Roth found out the "config file" parser in the client code could segfault, like if DOS newlines were used. Version 7.10.1 (11 Oct 2002) Daniel (10 Oct 2002) - Jeff Lawson fixed a few problems with connection re-use that remained when you set CURLOPT_PROXY to "". Daniel (9 Oct 2002) - Craig Davison found a terrible flaw and Cris Bailiff helped out in the search. Getting HTTP data from servers when the headers are split up in multiple reads, could cause junk data to get inserted among the saved headers. This only concerns HTTP(S) headers. Daniel (8 Oct 2002) - Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER is set internally, the error text is sent to the debug function as well. - I fixed the telnet code to timeout properly as the option tells it to. On non-windows platforms. Daniel (7 Oct 2002) - John Crow pointed out that libcurl-the-guide wasn't included in the release tarball! - Kevin Roth pointed out that make install didn't do right if build outside the source tree (ca-bundle wise). - FOLLOWLOCATION bugfix for the multi interface Daniel (4 Oct 2002) - Kevin Roth got problems with his cygwin build with -no-undefined was not present in lib/Makefile.am so I put it back in there again. The poor one who needs to remove it again must write a configure script to detect that need. - Ralph Mitchell pointed out that curl was a bit naive and didn't deal with ./ or ../ stuff in the string passed back in a Location: header when following locations. - Albert Chin helped me to work out a better configure.in check for zlib, and both --without-zlib and -with-zlib seem to work rather well right now. - Zvi Har'El improvied the OpenSSL ENGINE check in the configure script to become more accurate. Daniel (1 Oct 2002) - Detlef Schmier pointed out the lack of a --without-libz option to configure, so I added one. Version 7.10 (1 Oct 2002) Daniel (30 Sep 2002) - Modified the curl_version_info() proto and returned struct once again, and updated the man page accordingly. - Cris Bailiff found out that the pre-releases crashed on name lookups on names such as "a:" or "baz:" (on Linux versions not being ipv6-enabled) due to some weird return codes from gethostbyname_r(). I'll blame the complete lack of docs in that department. Cris provided a fix, which I modified only slightly. Daniel (27 Sep 2002) - After a suggestion from Christian Kurz to Debian curl package maintainer Domenico Andreoli, I made it possible to override the proxy environment variables better. Now, by setting -x "" you can explicitly tell libcurl to not use a proxy, no matter whan the environment variables say. Version 7.10-pre4 Daniel (26 Sep 2002) - Extended curl_version_info() more and wrote a man page for it. Daniel (25 Sep 2002) - libcurl could leak memory when downloading multiple files using http ranges, reported and fixed by Jean-Luc Guevel. - Walter J. Mack provided code and docs for the new curl_free() function that shall be used to free memory that is allocated by libcurl and returned back to the application, as curl_escape() and curl_unescape() do. - Yarram Sunil pointed out a flaw in the multi interface where a failed connection didn't close down properly and thus a second transfer using the same handle failed. - Andrés García fixed a flaw that made (among other things) dict-fetches return a random value. Daniel (24 Sep 2002) - Wez Furlong brought his initial patch that introduced curl_version_info(). We might need to tweak it somewhat before release. Daniel (20 Sep 2002) - Craig Markwardt fixed another Tru64 IP resolve problem. Daniel (19 Sep 2002) - Dolbneff A.V and Spiridonoff A.V made the file:// code work with resumes in the same style other code does. - Ilguiz Latypov fixed a flaw in the client code when fetching multiple URLs and -C - was used. The first file's resume position was then accidentally reused on all the other files too. Daniel (18 Sep 2002) - The curl_easy_setopt.3 man page was greatly modified and the options have now been grouped in logical groups so that it should be somewhat easier to read it and find things you search for. Daniel (13 Sep 2002) - Kevin Roth pinpointed a scary flaw in libcurl, when the HTTP server doesn't send any headers back, only raw content. Right, that is a violation of the standard but still happens at times and we need to deal with it. Test case 306 was added to verify that we do right now. Version 7.10-pre3 Daniel (11 Sep 2002) - Lukasz Czekierda found out that curl didn't send a correct HTTP Host: header when you specified the URL with an IPv6 IP-address. Daniel (4 Sep 2002) - Sven Neuhaus made --silent being acknowledged even when multiple URLs were used. It used to output "[1/2]: http://host/a.html.de --> a.html.d" etc even when told to shut up. Daniel (3 Sep 2002) - Updated all source code headers to use MIT-license references only, and point to the COPYING file and the http://curl.haxx.se/docs/copyright.html URL. I've cut out all references to MPL that I could find. - Corected the makefiles to not always use -lz when linking Version 7.10-pre2 Daniel (2 Sep 2002) - James Gallagher added Content-Encoding support to libcurl so now curl and libcurl-using apps can request compressed contents using the 'deflate' method. See the special file lib/README.encoding for details. curl --compressed is now used to request compressed contents. curl-config --feature will include 'libz' if this feature was around when the library was built. Daniel (30 Aug 2002) - Applied an anonymous SOCKS5-proxy patch. Not properly working in all situations though, as all getaddrinfo()-using libcurls will fail on this. This is because of the somewhat naive way the current code tries to extract the IP address of the proxy. - Fixed up the SSL cert fixes from the other day even more after more inputs from Cris. Added three new SSL error codes to make the CURLE_SSL_CONNECT_ERROR slightly less overloaded. Daniel (27 Aug 2002) - After lots of talk with Tom Zerucha, Nick Gimbrone and Cris Bailiff I decided to talk the bold path and I now made libcurl do CA certificate verification by default. Thus library users need to explicitly turn this off if you want to connect to sites without proper checking. We also install a CA cert bundle on 'make install' now. The curl tool now requires the -k/--insecure option in order to allow connections and operations on SSL sites that aren't properly verified with -cafile or --capath. curl-config --ca displays the built-in path to the CA cert bundle. Daniel (26 Aug 2002) - Andrew Francis cleaned up some code that now compiles fine without the need for ugly MSVC pragmas. - Keith MacDonald found a minor bug in src/main.c that made it close stdin instead of the actual file handle. It shouldn't have resulted in much trouble as most operating systems close all file handles on process exit anyway. Daniel (22 Aug 2002) - Markus Oberhumer provided some documentation for his previously provided CURLOPT_NOSIGNAL fix. - Patched the lib/Makefile.am to hopefully no longer complain on undefined symbols that seemed to occur on builds with shared OpenSSL libraries on Solaris lately... Daniel (20 Aug 2002) - Fixed compiler warnings on MSCV++ compiles. We're looking for help here: remove the pragmas from lib/config-win32.h and adjust the sources where the warnings occur. Hiding them with pragmas like this is not the correct way of dealing with compiler warnings. Daniel (13 Aug 2002) - Ulrich Zadow made the global include files in curl/* include themselves using "curl.h" instead of which thus allows people to more freely decide how to include curl and how to setup their include paths. - Sterling Hughes added the curl_share* interface, somewhat as discussed previously. - Jörn Hartroth pointed out that poll() was used in the pre1 source code and it isn't very portable, so now I check for it in the configure script and work around it. Version 7.9.9-pre1 Daniel (12 Aug 2002) - Applied my initial take on making the multi stuff more asynchronous. Connects should now return back without "hanging" until it has connected for real. This should also be the case for FTP-PASV connects. Daniel (9 Aug 2002) - Applied Markus F.X.J. Oberhumer's patch that introduces CURLOPT_NOSIGNAL, which effectively prevents libcurl from doing anything that may cause signals to get sent. This is basicly for multi-threaded applications that now can use timeouts properly, without risking any signals to burst in and ruin the party. Daniel (5 Aug 2002) - Lukasz Czekierda reported that RFC2732-style literal IPv6 addresses didn't work. When did that code vanish? Anyway, it's back again now and seems to work! - Jonatan Lander found out that POSTing an empty string didn't work with the command line tool. Daniel (3 Aug 2002) - Jörn Hartroth fixed the libcurl.def file to build the windows DLL with the multi interface enabled. Daniel (1 Aug 2002) - The ftp PORT command now uses a better default IP address, as it will extract and use the local IP address used by the control connection. - Modified the #include lines in curl/multi.h to work better on more platforms. Daniel (31 Jul 2002) - Attempted a fix for Ray DeGennaro's reported HP-UX host name resolve problems. Daniel (30 Jul 2002) - Priya Ramakrishnan and Ryan Jones compiles curl/curl.h with a C++ compiler and don't get __STDC__ defined, which required us to extend the preprocessor check for the ## operator usage. - Correct the description for CURLOPT_PASSWDFUNCTION, if set to NULL the internal default function will be put back. - danfuzz at milk.com found out that libcurl badly assumed a space after 'Set-Cookie:' so if it wasn't present, it caused the first letter of the cookie name to fall off! Daniel (29 Jul 2002) - The password prompt asking for user password used stdout and now uses stderr instead to better allow redirecting. It also leaked a fopen() file handle that is now fixed. Daniel (28 Jul 2002) - HAVE_SETVBUF was left out from src/main.c which made -N not work. Found out by M T. Daniel (26 Jun 2002) - Glen Nakamura solved a crash in the name resolving function for IP-only addresses on Alpha Linux (at least). - T. Bharath corrected the high resolution timer introduced in 7.9.8. Daniel (22 Jun 2002) - Andrés García pointed out man page errors in curl_formadd.3. I fixed. Daniel (19 Jun 2002) - Chris Combes pointed out a flaw in curl_escape(). I fixed. We no longer tries to generate nor parse '+' in URLs. Spaces become %20, and only %-codes are translated by curl_unescape(). Daniel (15 Jun 2002) - Added --limit-rate to the curl tool. Allows the user to set a maxmimum upper limit to how much bandwidth to use for transfers. - CURLOPT_BUFFERSIZE was added to libcurl. This sets a prefered size for the receive buffer in libcurl. The main point of this would be that the write callback gets called more often and with smaller chunks. Daniel (14 Jun 2002) - Yarram Sunil found out that the SocketIsDead() function performed a lot faster on Windows when removing the 1 microsecond timeout. - Hanno L. Kranzhoff fixed the VC++ project files. - Tom Mattison found out that ftp transfers closed the connection a little too often. - Miklos Nemeth posted a VC++ makefile fix and some INSTALL comments on how to disable specific protocols when building for Windows. Version 7.9.8 Daniel (13 Jun 2002) - Time to let this baby go. Daniel (12 Jun 2002) - Chris Combes added three new options for curl_formadd(): CURLFORM_BUFFER, CURLFORM_BUFFERPTR, CURLFORM_BUFFERLENGTH. They are used to create a multipart that appears as a regular file upload, but the data is provided with a pointer and length. - Nico Baggus made the VMS version use sigsetjmp() too. - Jörn Hartroth fixed the mingw32 build using the mm lib. - Applied patches by Kris Kennaway that correct format string problems in lib/ftp.c and lib/ldap.c. Version 7.9.8-pre3 Daniel (11 Jun 2002) - James Cone brought the idea of using sigsetjmp() in the signal handler to make the time-out of name lookups to work, even when the underlying name resolver library traps EINTR. The use of sigsetjmp() and siglongjmp() for this may be a bit drastic, and also not likely to exist on all platforms. I added careful checking for this in the configure script, even checks for it being a macro (which seems to be the case in for example Linux). sigsetjmp() seems to be mentioned in the Single Unix specification. - Miklos Nemeth brought a patch that allows libcurl to get built with specific protocols disabled. This is done by running ./configure --disable-[protocol]. - FTP range downloads could make CURLE_FTP_WRITE_ERROR get returned. We now make precautions to not return this for range downloads. Added test case 135 that makes an ftp range download. Had to tweak the runtests.pl script a bit too. - Bug report #566835 identified a strlen() on a NULL pointer. Added additional check to prevent this. Daniel (10 Jun 2002) - Found and corrected a connect failure problem that didn't create a human error text. - Added code to compile with OpenSSL 0.9.7. Based on patch from Jacob Meuser and comments from Götz Babin-Ebell. - Gautam Mani found a socket descriptor leak that happened when FTP transfers failed and you reinvoked curl_easy_perform(). Daniel (5 Jun 2002) - Gustaf Hui corrected curl_multi_remove_handle() so that it won't crash no matter when you decide to remove the CURL handle. - HAVE_RAND_STATUS was added to lib/config-win32.h by Andreas Olsson, as it makes windows builds stop complaining about "weak seeding" when it in fact isn't. - Another 64bit architecture crash that was introduced in 7.9.7 was now removed, as bug report #564585 clarified. This happened due to our attempts to only allocate only as much memory as is actually needed for name resolving (using realloc) which called for a function that could 'move' a hostent struct in memory. Version 7.9.8-pre2 Daniel (3 Jun 2002) - T. Bharath fixed the CURLINFO_REDIRECT_TIME to return a correct time and made the CURLINFO_REQUEST_SIZE return the correct total request size. He also made the win32 timers use higher resolution than before. Daniel (29 May 2002) - Renaud Chaillat made me aware of the fact that libcurl returned an error if you tried to get an empty FTP file. This seemed like a wrong thing to do, so now it no longer does that! I just hope that no one built anything fancy upon this unexpected behavior... Daniel (28 May 2002) - Cris Bailiff brought CURLOPT_CAPATH that works like CURLOPT_CAINFO but specifies a path to a directory with certificates rather than a single file with them all concatenated. --capath was added to the command line tool for the same function. Windows users need to pay attention that the directory should be setup with the c_rehash tool of the OpenSSL package, and that creates symlinks by default that need to be replaced with actual copies to work on Windows. - Gustaf Hui provided new code that changes how curl_multi_info_read() messages are stored, so that they don't have to be kept around for the multi handle's entire life time. He also made it return failure codes properly which it didn't do before. Daniel (27 May 2002) - Gustaf Hui pointed out that running curl_multi_perform() without doing curl_multi_fdset() first was not really a working combo. I added an internal check for this and have some extra select() code without timeout to make the library internals work identically nevertheless. We might need to somehow either document that once you've used the *_fdset() you should remain using them in select() or you should blank them somehow so that libcurl won't go crazy. Version 7.9.8-pre1 Daniel (22 May 2002) - James Cone brought an excellent patch, including several tests and docs! CURLOPT_NETRC now takes an enum as argument instead of the previous boolean. --netrc-optional was introduced as an addition to --netrc to allow the command line client to take use of all that new netrc stuff. - Bug report #558888 showed a case where libcurl re-used the previous host name when a connection over a proxy was re-used but to a different target host. Daniel (21 May 2002) - Edin Kadribasic helped me sort out a problem to made libcurl crash when trying to HTTP POST an empty string. - Clarified that Juergen Wilke donated the original tests/server/sws.c code. - Jean-Philippe Barrette-LaPierre made curl_formadd() return a typedef named CURLFORMcode instead of the previous 'int', and the various return codes are now globally exported. It allows applications to better figure out what goes wrong when curl_formadd() returns errors. Daniel (20 May 2002) - Roland Zimmermann pointed out that SSL_CTX_use_certificate_chain_file() is prefered to SSL_CTX_use_certificate_file(). Daniel (17 May 2002) - Bug report #556869 pointed out that src/writeout.c didn't compile on freebsd after my AIX fixes the other week. - Bug report #556930 pointed out a FreeBSD core dump introduced in 7.9.7 in the DNS struct realloc stuff. Actually, this crash could happen on all systems that made the pack_hostent() function get invoked. - I removed several compiler warnings in the test suite's HTTP server. Version 7.9.7 Daniel (10 May 2002) - Kevin Roth adjusted the --trace-ascii output slightly. - Paul Harrington found out that src/writeout.c needed an additional header file included for AIX builds Version 7.9.7-pre2 Daniel (7 May 2002) - Updated the man page with --trace-ascii and -j/--junk-session-cookies. - Made --trace-ascii do pretty much the same as --trace but without the hex part in the output. - Added CURLOPT_COOKIESESSION that when enabled makes libcurl ignore session cookies read from a file. This option is enforced by the curl command line tool using the new -j/--junk-session-cookies option. After discussions with Kevin Roth. This makes it easier to use curl to fully emulate a browser's behavior, even when it comes to "session cookies". Session cookies are cookies that a normal browser discards when the browser is shut down. They're identified by not having any expire date/time. - When CURLOPT_DEBUGDATA was set, it ruined the CURLOPT_STDERR setting and this was discovered when --trace was made to crash. - Using -v and --trace at the same time confused matters. -v is now pretty much ignored when --trace or --trace-ascii is used. - Made --trace (and --trace-ascii) support - as file name to pass output to stdout instead. It makes it consistent with how other options work. Version 7.9.7-pre1 Daniel (6 May 2002) - Added multi-post.c to the examples directory. I got the basic source for this from Gustaf Hui. Daniel (3 May 2002) - CURL_MAX_WRITE_SIZE is now an exported #define in the curl/curl.h header and can be used to figure out the maximum buffer size your write callback can get. - CURLOPT_READDATA is now an alias for CURLOPT_INFILE and CURLOPT_WRITEDATE is an alias for CURLOPT_FILE. These two were added for conformity. Most other callback function's userdata are provided with options using a similar name- scheme. - Added "--trace [file]" to the command line tool. It makes a very detailed trace dump get stored, with a full protocol dump that includes all received and transmitted data. This could be a very effective tool for debugging what goes wrong. This dump includes every byte the way it is sent to/received from the server. The dump is the plain-text version, so SSL transfers will still be readable. - I found out that the DEBUGFUNCTION was not called properly everywhere as we wanted it to. I fixed it. - -D now stores all headers to the same file if multiple URLs are given on the command line! Kevin Roth made me aware of that it didn't already do this! - Gustaf Hui wrote an excellent formpost example that used the multi interface. Unfortunately, it didn't work due to several bugs in how transfers were made when the multi interface was used. Daniel (2 May 2002) - Hanno Kranzhoff found out that when doing multiple transfers on the same easy handle, the progress meter would show a bad "currently downloaded value" when the transfer starts. Daniel (1 May 2002) - Applied another patch by Jacky Lam to make the name resolve info realloc() stuff work properly. Daniel (28 April 2002) - curl_multi_info_read() is now implemented! Daniel (27 April 2002) - Updated BUGS, TODO, FAQ, INSTALL and added BINDINGS. - I think I fixed the DNS cache prune crach Jacky Lam found and reported. - I cleaned up the name prefix stuff in the hash and llist modules. - FTP responses should now be better on timing out properly. The timeout value is maximum timeout for the entire request operation, but before this, the timeout was used as a maximum allowed time between two reads... Daniel (26 April 2002) - Fixed the test suite http server to not use snprintf() anymore due to better portability. Daniel (25 April 2002) - With Sterling Hughes' new DNS pruning, Jacky Lam asked if this wouldn't cause problems since the pruning is only checking the entry time, and it sure could cause problems. Therefor, I've now added and changed code so that this should not be a problem. Nowhere in the code will be store name resolved information around so that a sunsequent DNS cache prune should cause a problem. This of course called for some mild internal changes. Daniel (23 April 2002) - Improved the 'no_proxy' check, as using port numbers in the URL confused it previously. Reported by Erwan Legrand in bug report #547484. - The --interface option now works even on IPv6 enabled builds. Reported by 'thor'. Daniel (22 April 2002) - The #defines names starting with TIMECOND now has CURL_ prefixes. (The old names are still #defined too.) Pointed out by Robert Olson. - Jacky Lam brought code that lets the name resolve function only use as much memory as it actually needs. This only works on certain operating systems, but is totally transparant to all users. Daniel (19 April 2002) - Bjorn Reese fixed pack_hostent to work properly with 64 bit pointers. Daniel (18 April 2002) - Sterling Hughes added code to prune old DNS cache entries, since Jacky Lam experienced very big caches. Daniel (17 April 2002) - Dirk Manske patched the 301 response to work against the RFC but more like common browsers do. If a POST get a 301 back, it'll switch to GET in the next request (if location-following is enabled). Daniel (16 April 2002) - Dirk Manske posted a patch originally written by Ingo Wilken that introduced two new CURLINFO_* values: CURLINFO_REDIRECT_TIME and CURLINFO_REDIRECT_COUNT. Daniel (15 April 2002) - Jonatan Lander patched the verbose text 'Disables POST, goes with GET' to reflect reality better, like when the first request isn't POST and when the second isn't GET... :-) - Craig Davison pointed out that when curl_formadd()ing a file that doesn't exist, libcurl doesn't return error. Now, curl_easy_perform() will return CURLE_READ_ERROR if that is the case. Test 41 was added to verify this. Version 7.9.6 Daniel (14 April 2002) - Dirk Manske brought a fix that makes libcurl strip off white spaces from the beginning of cookie contents. - Had to patch include/curl/curl.h since MSVC doesn't set the __STDC__ define. Moonesamy pointed out the problem, Bjorn Reese the solution. Version 7.9.6-pre5 Daniel (12 April 2002) - Fixed the TIMER_CONNECT to be more accurate for FTP transfers. Previously FTP transfers got the "connect done" time set after the initial FTP commands and not directly after the TCP/IP connect as it should. I also made the time stamp get set even if the connect itself fails, which it didn't do previously. - Jean-Philippe Barrette-LaPierre provided his patch that introduces CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program to a set a callback to receive debug/information data. That includes headers and data that is received and sent. CURLOPT_VERBOSE still controls it. By default, there is an internal debugfunction that will make things look and work as before if not changed. Daniel (10 April 2002) - Sebastien Willemijns found out that -x didn't use the default port number as is documented. It does now. - libcurl-errors.3 is a new man page attempting to document all libcurl error codes - Added two new error codes and changed the behaviour of two old ones slightly: CURLE_WRITE_ERROR This error was returned *both* for errors that occured when writing received data to a local file, as well as when we get problems writing data to a remote server. CURLE_SEND_ERROR has now been added for the latter error. CURLE_READ_ERROR This error was similarly returned *both* for errors when reading a local file, as well as when getting problems when reading network data. CURLE_RECV_ERROR has now been added for the latter error. (Two test cases were adjusted accordingly.) Daniel (9 April 2002) - runtests.pl now sets the HOME variable before running curl, to prevent any actual ~/.curlrc file to fool the tests! Version 7.9.6-pre4 Daniel (8 April 2002) - Michael Curtis provided new functionality for curl on some platforms. Using the --environment option, curl will *set* a bunch of environment variables to values. The names are the same ones as for the -w/--writeout option. For now, this only works on the RISC OS version, as this feature relies on both OS support and that it matches OS paradigms. - Jacky Lam provided a fix for getting headers-only when the reply is HTTP/1.0 and 304, I edited it slightly. Daniel (5 April 2002) - As requested by Jay Graves, the '.curlrc' file (or _curlrc as it is called when used in windows), is now loaded from the current directory if the HOME environment variable isn't set (or if it is too long). I also enlarged the array used to store the full file path in, to 512 bytes. - Kevin Roth pointed out to me why the "19 March" change regarding -G and -I was stupid and the change was reverted. Added test case 48 to verify the functionality. Version 7.9.6-pre3 Daniel (4 April 2002) - Jonatan Lander brought a patch that makes curl/curl.h compile nicely on pre-ISO compilers, like when using gcc -traditional. Daniel (3 April 2002) - Jacky Lam identified a glitch when getting headers-only, where libcurl would "hang" 1 second in vain in the select() loop before returning back. - Tor Arntsen brought a patch for multipart formposts. It turned out that the "CGI_Lite Perl package" makes some bad assumptions on what letters that may be used in boundary strings and thus curl could confuse it by including '+' and '/'. While this is standards-compliant, we change the behavior to work smoothly with existing software based on that package. Daniel (2 April 2002) - Gerhard Herre filed bug report #536238 where he pointed out a crash in verbose FTP passive transfers for AIX. - Clarence Gardner pointed out a minor flaw in how libcurl didn't properly take care of all errors that SSL_read() could return. - Jacky Lam fixed a MALLOCDEBUG problem in lib/getinfo.c Daniel (27 March 2002) - T. Bharath pointed out a flaw in the connection re-use function that didn't check proxy connections properly for "deadness" before they were re-used. - Pedro Neves found out that HTTP POSTing with --data-binary did not properly work under Windows as the file specified wasn't read fully binary! Daniel (25 March 2002) - Jacky Lam brought a fix that improves treatment of cookies using identical domains but with leading dots properly. Daniel (22 March 2002) - Miklos Nemeth updated the windows section of the docs/INSTALL file and the windows makefiles. - Jon Dillon provided us with several good-looking curl images for promotion. View them here http://curl.haxx.se/icons.html Daniel (20 March 2002) - Peter Verhas found out that CRLF replacement in uploads was not working. I fixed it, and added test case 128 that verifies the functionality. - The list formerly known as curl-main is now named curl-users and is hosted by sourceforge. Susbcribe to the new list, get off the old one. Version 7.9.6-pre2 Daniel (19 March 2002) - Made -G and -I on the same command line cause an error. - Moved the multi.h file to the "public" include directory and made it get included by curl.h so that no extra include files will be necessary to use it. Added docs and man pages for the multi interface to the release archive. Added the three example source codes too. Necessary steps in my campaign to sneak in the multi interface... ;-) - Updated the year in all copyright notices in all C and H files. Daniel (18 March 2002) - Tomas Szepe found out that -d and -G didn't mix as they should. I broke this in 7.9.5... Added test case 32 for this. Version 7.9.6-pre1 Daniel (16 March 2002) - Peter Verhas pointed out that the curl_escape and curl_unscape man pages contained factual errors. - Albert Choy found and corrected a problem with the verbose output when doing PASV ftp transfers. It could make libcurl crash. Details in bug report #530562: http://sourceforge.net/tracker/?func=detail&atid=100976&aid=530562&group_id=976 Daniel (15 March 2002) - Jun-ichiro itojun Hagino filed bug report #530204 that clearly pointed out the PF_INET fix from February 19 as a not-very-good fix as it broke IPv6 capability! That patch is now reverted. The problem with slow name lookups with getaddrinfo() on non-IPv6 enabled hosts are instead made by first checking if the stack is IPv6-enabled and if not, the PF_INET is used and otherwise we go with the full PF_UNSPEC. - T. Bharath pointed out that when we return an "error" from a WRITEFUNCTION as described in the man page, libcurl did not return the documented error code (CURLE_WRITE_ERROR) but would instead return CURLE_READ_ERROR. This is now corrected. Daniel (14 March 2002) - Setting CURLOPT_POST without setting CURLOPT_POSTFIELDS now read the POST- data from the callback. - The GOPHER support seems to be broken. I don't think I'll even start fixing it until someone else finds out... :-) Daniel (13 March 2002) - Trying 'curl -I ftp.sunet.se' or similar did a SIZE on a silly "(nil)" string. If such a file would be present, curl returned the size of it! Now we prevent this. - Curl_sendf() was fixed to deal with situation where Curl_write() would've blocked and thus return -1. - Setting CURLOPT_PROGRESSFUNCTION to NULL now restores the internal function. - All CURLFORM_* options can now be used in a CURLFORM_ARRAY except the CURLFORM_ARRAY itself. This was necessary since we couldn't expand the CURLFORM_* list proprely and unrestricted until this was the case. It was also a bit peculiar to users why some options could be used in an array while others couldn't. - Removed some silly CRLF lines that had accidentally slipped into src/main.c Nico Baggus pointed them out to me. Daniel (11 March 2002) - CURLFORM_FILENAME was added. This can be set when creating a file upload part, to set the 'filename' field to a custom value. If this isn't used, the actually used filename will be included instead (as libcurl always has done). curl was adjusted accordingly, and now -F accepts a 'filename=' field too, and allows constructs such as: -F 'name=@filename;filename=/dev/null' and this can be combined with type= too, in a manner similar to: -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" Test case 39 was added to verify this functionality. - The struct formerly known as HttpPost is now named curl_httppost to properly use the curl name space. I added a #define for the old name to make existing programs compile even when this new include file is used. Daniel (8 March 2002) - Clifford also discovered that if the client code failed early, as when doing "curl -O" only, it would do fclose(NULL) which caused a segmentation fault on some systems. - Clifford Wolf provided a patch that made --progress-bar work again. - I closed bug report #527032 by making sure that we add a newline after a transfer when --progress-bar has been used. Before, without the newline, it made the subsequent text come out wrong. Version 7.9.5 Daniel (7 March 2002) - Added docs/KNOWN_BUGS to the release archive. Daniel (6 March 2002) - Kevin Roth corrected a flaw in the curl client globbing code that made it mess up backslashes. This was most notable on windows (cygwin) machines when using file://. - Brad provided another fix for building outside the source-tree. - Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c Daniel (5 March 2002) - I noticed that the typedef in curl.h for the progress callback prototype was wrong and thus applications that used it would not get the proper input data. It used size_t where the implementation actually uses doubles! I wish I could blame someone else, but this was my fault. Again. Version 7.9.5-pre6 Daniel (4 March 2002) - Cut off the changes done during 2001 from this changelog file and put them in a separate file (CHANGES.2001), available from CVS of course. - I removed the multi directory. The example sources were moved to the docs/examples directory where they belong. - Wrote 7 new man pages for the current functions in the new multi interface. They're all still pretty basic, but we can use them as a start and add more contents to them when we figure out what to write. The large amount of man pages for libcurl now present made me decide to put them in a new separate subdirectory in the docs directory. Named libcurl. - Giuseppe Corbelli provided a template file for the EPM package manager, it gets generated nicely by the configure script now. Version 7.9.5-pre5 Daniel (1 March 2002) - Moved the memanalyze.pl script into the tests/ dir and added it to the release archives. It was previously only present in the CVS tree. - Modified the February 17th Host: fix, as bug report #523718 pointed out that it caused crashes! - Nico Baggus added more error codes to the VMS stuff. - Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE option. It is just another FTP quote option that allows the user to specify a list of FTP commands to issue *just before* the transfer command (RETR or STOR etc). It has turned up a few systems that really need this. The curl command line tool can also take advantage of this by prefixing the quote commands with a plus (+) in similar style that post transfer quote commands are specified. This is not yet documented. There is no test case for this yet. Daniel (28 February 2002) - Ralph Mitchell made some serious efforts and put a lot of sweat in setting up scripts and things for me to be able to repeat his problems, and I finally could. I found a problem with the header byte counter that wasn't increased properly and thus we could return CURLE_GOT_NOTHING when we in fact had received data. Daniel (27 February 2002) - I had to revert the non-space parsing cookie fix I posted to the mailing list. Expire dates do have spaces and still need to get parsed properly! Instead we just ignore trailing white space and it seems to work... Daniel (26 February 2002) - Made the cookie property 'Max-Age' work, just since we already tried to support it, it is better to do it right. No one uses this anyway. - The cookie parser could crash if a really weird (illegal) cookie line was received. I also made it better discard really oddly formatted lines better. Made the cookie jar store the second field from the left using the syntax that Netscape and Mozilla probably like. Curl itself ignores it. Added test case 31 for these cases. Clay Loveless' email regarding some cookie issues started my cleanup. - Kevin Roth pointed out that my automake fiddles broke the ability to build outside the source-tree and I posted a patch to the mailing list that brings this ability back. Version 7.9.5-pre4 Daniel (25 February 2002) - Fiddled with the automake files to make all source files in the lib directory not have ../src in the include path, and the src sources shouldn't have ../lib! - All 79 test cases ran OK under Linux and Solaris using the new HTTP server in the test suite. The new HTTP server was first donated by Georg Horn and subsequently modified to work with the test suite. It is currently still not portable enough to run on "all over" but this is a start and I can run all curl tests on my machines. This is an important requirement for the upcoming public release. - Using -d and -I on the same command line now reports an error, as it implies two different HTTP requests that can't be mixed. - Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option support %{content_type} to get the content type of the recent download. - Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin, and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure out if we could include winsock.h which turns out not to be a wise choice to do on cygwin since it has the file but can't include it! Daniel (22 February 2002) - Added src/config-vms.h to the release archive. - Fixed the connection timeout value again, the change from February 18 wasn't complete. Version 7.9.5-pre3 Daniel (21 February 2002) - Kevin Roth and Andrés García both found out that lib/config.h.in was missing in the pre-release archive and thus the configure script failed. Version 7.9.5-pre2 Daniel (20 February 2002) - Andrés García provided a solution to bug report #515228. the total time counter was not set correctly when -I was used during some conditions (all headers were read in one single read). - Nico Baggus provided a huge patch with minor tweaks all over to make curl compile nicely on VMS. Daniel (19 February 2002) - Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the getaddrinfo() calls, he could speed up some name resolving calls with an order of magnitudes on his Redhat Linux 7.2. - Philip Gladstone found a second INADDR_NONE problem where we used long intead of in_addr_t which caused 64bit problemos. We really shouldn't define that on two different places. Daniel (18 February 2002) - Philip Gladstone found a problem in how HTTP requests were sent if the request couldn't be sent all at once. - Emil found and corrected a bad connection timeout comparison that made curl use the longest of connect-timeout and timout as a timeout value, instead of the shortest as it was supposed to! - Aron Roberts provided updated information about LDAP URL syntax to go into the manual as a replacement for the old references. Daniel (17 February 2002) - Philip Gladstone pointed out two missing include files that made curl core dump on 64bit architectures. We need to pay more attention on these details. It is *lethal* to for example forget the malloc() prototype, as 'int' is 32bit and malloc() must return a 64bit pointer on these platforms. - Giaslas Georgios fixed a problem with Host: headers on repeated requests on the same handle using a proxy. Daniel (8 February 2002) - Hanno L. Kranzhoff accurately found out that disabling the Expect: header when doing multipart formposts didn't work very well. It disabled other parts of the request header too, resulting in a broken header. When I fixed this, I also noticed that the Content-Type wasn't possible to disable. It is now, even though it probably is really stupid to try to do this (because of the boundary string that is included in the internally generated header, used as form part separator.) Daniel (7 February 2002) - I moved the config*.h files from the root directory to the lib/ directory. - I've added the new test suite HTTP server to the CVS repository, It seems to work pretty good now, but we must make it get used by the test scripts properly and then we need to make sure that it compiles, builds and runs on most operating systems. Version 7.9.5-pre1 Daniel (6 February 2002) - Miklos Nemeth provided updated windows makefiles and INSTALL docs. - Mr Larry Fahnoe found a problem with formposts and I managed to track down and patch this bug. This was actually two bugs, as the posted size was also said to be two bytes too large. - Brent Beardsley found out and brought a correction for the CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I accidentaly broke Giaslas Georgios' patch. Daniel (5 February 2002) - Kevin Roth found yet another SSL download problem. Version 7.9.4 - no changes since pre-release Version 7.9.4-pre2 Daniel (3 February 2002) - Eric Melville provided a few spelling corrections in the curl man page. Daniel (1 February 2002) - Andreas Damm corrected the unconditional use of gmtime() in getdate, it now uses gmtime_r() on all hosts that have it. Daniel (31 January 2002) - An anonymous bug report identified a problem in the DNS caching which made it sometimes allocate one byte too little to store the cache entry in. This happened when the port number started with 1! - Albert Chin provided a patch that improves the gethostbyname_r() configure check on HP-UX 11.00. Version 7.9.4-pre1 Daniel (30 January 2002) - Georg Horn found another way the SSL reading failed due to the non-blocking state of the sockets! I fixed. Daniel (29 January 2002) - Multipart formposts now send the full request properly, including the CRLF. They were previously treated as part of the post data. - The upload byte counter bugged. - T. Bharath pointed out that we seed SSL on every connect, which is a time- consuming operation that should only be needed to do once. We patched libcurl to now only seed on the first connect when unseeded. The seeded status is global so it'll now only happen once during a program's life time. If the random_file or egdsocket is set, the seed will be re-made though. - Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets curl_easy_getinfo() read the content-type from the previous request. Daniel (28 January 2002) - Kjetil Jacobsen found a way to crash curl and after much debugging, it turned out it was a IPv4-linux only problem introduced in 7.9.3 related to name resolving. - Andreas Damm posted a huge patch that made the curl_getdate() function fully reentrant! - Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with CURLOPT_POSTFIELDS. You can now! Daniel (25 January 2002) - Krishnendu Majumdar pointed out that the header length counter was not reset between multiple requests on the same handle. - Pedro Neves rightfully questioned why curl always append \r\n to the data that is sent in HTTP POST requests. Unfortunately, this broke the test suite as the test HTTP server is lame enough not to deal with this... :-O - Following Location: headers when the connection didn't close didn't work as libcurl didn't properly stop reading. This problem was added in 7.9.3 due to the restructured internals. 'Frank' posted a bug report about this. Daniel (24 January 2002) - Kevin Roth very quickly spotted that we wrongly installed the example programs that were built in the multi directory, when 'make install' was used. :-/ Version 7.9.3 Daniel (23 January 2002) - Andrés García found a persistancy problem when doing HTTP HEAD, that made curl "hang" until the connection was closed by the server. This problem has been introduced in 7.9.3 due to internal rewrites, this was not present in 7.9.2. Version 7.9.3-pre4 Daniel (19 January 2002) - Antonio filed bug report #505514 and provided a fix! When doing multipart formposts, libcurl would include an error text in the actual post if a specified file wasn't found. This is not libcurl's job. Instead we add an empty part. Daniel (18 January 2002) - Played around with stricter compiler warnings for gcc (when ./configure --enable-debug is used) and changed some minor things to stop the warnings. - Commented out the 'long long' and 'long double' checks in configure.in, as we don't currently use them anyway and the code in lib/mprintf.c that use them causes warnings. - Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how to correct them. Two compiler warnings were removed as well. - Andrés García fixed two minor mingw32 building problems. Version 7.9.3-pre3 Daniel (17 January 2002) - docs/libcurl-the-guide is a new tutorial for our libcurl programming friends. - Richard Archer brought back the ability to compile and build with OpenSSL versions before 0.9.5. [http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976] - The DNS cache code didn't take the port number into account, which made it work rather bad on IPv6-enabled hosts (especially when doing passive FTP). Sterling fixed it. Daniel (16 January 2002) - Georg Horn could make a transfer time-out without error text. I found it and corrected it. - SSL writes didn't work, they return an uninitialized value that caused havoc all over. Georg Horn experienced this. - Kevin Roth patched the curl_version() function to use the proper OpenSSL function for version information. This way, curl will report the version of the SSL library actually running right now, not the one that had its headers installed when libcurl was built. Mainly intersting when running with shared OpenSSL libraries. Version 7.9.3-pre2 Daniel (16 January 2002) - Mofied the main transfer loop and related stuff to deal with non-blocking sockets in the upload section. While doing this, I've now separated the connection oriented buffers to have one for downloads and one for uploads (as two can happen simultaneously). I also shrunk the buffers to 20K each. As we have a scratch buffer twice the size of the upload buffer, we arrived at 80K for buffers compared with the previous 150K. - Added the --cc option to curl-config command as it enables so very cool one-liners. Have a go a this one, building the simple.c example: $ `curl-config --cc --cflags --libs` -o example simple.c Daniel (14 January 2002) - I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we only need to address all writes (send) too and then I'm ready for another pre-release... - Stoned Elipot patched the in_addr_t configure test to make it work better on more platforms. Daniel (9 January 2002) - Cris Bailiff found out that filling up curl's SSL session cache caused a crash! - Posted the curl questionnaire on the web site. If you haven't posted your opinions there yet, go there and do it now while it is still there: http://curl.haxx.se/q/ - Georg Horn quickly found out that the SSL reading no longer worked as supposed since the switch to non-blocking sockets. I've made a quick patch (for reading only) but we should improve it even further. Version 7.9.3-pre1 Daniel (7 January 2002) - I made the 'bool' typedef use an "unsigned char". It makes it the same on all platforms, no matter what the platform thinks the default format for char is. This was noticed since we made a silly comparison involving such a bool variable, and only one compiler/platform combination (on Debian Linux) complained about it (that happened to have its char unsigned by default). - Bug report #495290 identified a cookie parsing problem that was corrected. When a Set-Cookie: line is received without a trailing semicolon, libcurl didn't read the last "name=value" pair of the line, leading to confusions... - Sterling committed his updated DNS cache code. - I worked with Georg Horn and comments from Götz Babin-Ebell and switched curl's socket operations completely over to non-blocking for the entire operation (previously we used non-blocking only for the connection phase). We had to do this to make the SSL connection phase timeout properly without the use of signals. A little extra code to deal with this was added. - T. Bharath pointed out a slightly obscure cookie engine flaw. - Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should. 204-replies never provides a response-body. This resulted in bad persistant behavior when 204 was received. Daniel (5 January 2002) - SM updated the VC++ library Makefiles for the new source files. Daniel (4 January 2002) - I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in two places in the source code). One happened with VERBOSE set on connects, and the other when VERBOSE was on and krb4 over nat was used... I honestly don't think anyone has suffered from these mistakes. - I replaced a lot of silly occurances of printf() to instead use the more appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were affected. - Philip Gladstone found a few more problems with 64-bit archs (the 64-bit sparc on solaris 8). - After discussions on the libcurl list with Raoul Cridlig, I just made FTP response lines get passed to the header callback if such a one is registered. It'll make it possible for any application to get all the responses an FTP server sends to libcurl. Daniel (3 January 2002) - Sterling Hughes brought a few buckets of code. Now, libcurl will automatically cache DNS lookups and re-use the previous results first if any such is available. It greatly improves speed when doing many repeated operations to the same host. - As the test case uses --include and then --head, I had to modify src/main.c to deal with this situation slightly better than previously. When done, we have 100% good tests again in the main branch. Daniel (2 January 2002) - Made test case 25 run again in the multi-dev branch. But it seems that the changes done on dec-20 made test case 104 cease to work (in both branches). - Philip Gladstone pointed out a few portability problems in the source code that didn't compile on 64-bit sparcs using Sun's native compiler. Daniel (20 December 2001) - Björn Stenberg caught an unpleasent (but hard-to-find) bug that could cause libcurl to hang on transfers over proxy, when the proxy was specified with an environment variable! - Added code to make ftp operations treat the NO_BODY and HEADERS options better: NO_BODY set TRUE and HEADERS set TRUE: Return a set of headers with file info NO_BODY set FALSE Transfer data as usual, HEADERS is ignored NO_BODY set TRUE and HEADERS set FALSE Don't transfer any data, don't return any headers. Just perform the set of FTP commands. Daniel (17 December 2001) - Götz Babin-Ebell dove into the dark dungeons of the OpenSSL ENGINE stuff and made libcurl support it! This allows libcurl to do SSL connections with the private key stored in external hardware. To make this good, he had to add a bunch of new library options that'll be useful to others as well: CURLOPT_SSLCERTTYPE set SSL cert type (PEM/DER) CURLOPT_SSLKEY set SSL private key (file) CURLOPT_SSLKEYTYPE: set SSL key type (PEM/DER/ENG) CURLOPT_SSLKEYPASSWD: set the passphrase for your private key (CURLOPT_SSLCERTPASSWD is an alias) CURLOPT_SSLENGINE: set the name of the crypto engine (returns CURLE_SSL_ENGINE_NOTFOUND on error) CURLOPT_SSLENGINE_DEFAULT: set the default engine There are two new failure codes: CURLE_SSL_ENGINE_NOTFOUND CURLE_SSL_ENGINE_SETFAILED Daniel (14 December 2001) - We have "branched" the source-tree at a few places. Checkout the CVS sources with the 'multi-dev' label to get the latest multi interface development tree. The idea is to only branch affected files and to restrict the branch to the v8 multi interface development only. *NOTE* that if we get bug reports and patches etc, we might need to apply them in both branches! The multi-dev branch is what we are gonna use as main branch in the future if it turns out successful. Thus, we must maintain both now in case we need them. The current main branch will be used if we want to release a 7.9.3 or perhaps a 7.10 release before version 8. Which is very likely. - Marcus Webster provided code for the new CURLFORM_CONTENTHEADER option for curl_formadd(), that lets an application add a set of headers for that particular part in a multipart/form-post. He also provided a section to the man page that describes the new option. Daniel (11 December 2001) - Ben Greear made me aware of the fact that the Curl_failf() usage internally was a bit sloppy with adding newlines or not to the error messages. Let's once and for all say that they do not belong there! - When uploading files with -T to give a local file name, and you end the URL with a slash to have the local file name used remote too, we now no longer use the local directory as well. Only the file part of the -T file name will be appended to the right of the slash in the URL. Daniel (7 December 2001) - Michal Bonino pointed out that Digital Unix doesn't have gmtime_r so the link failed. Added a configure check and corrected source code. Version 7.9.2 Daniel (5 December 2001) - Jon Travis found out that if you used libcurl and CURLOPT_UPLOAD and then on the same handle used CURLOPT_HTTPGET it would still attempt to upload. His suggested fix was perfect. Daniel (4 December 2001) - Incorporated more macos fixes and added four specific files in a new subdirectory below src. Daniel (3 December 2001) - Eric Lavigne reported two problems: First one in the curl_strnequal() function. I think this problem is rather macos 9 specific, as most platform provides a function to use instead of the one provided by libcurl. A second, more important, was in the way we take care of FTP responses. The code would read a large chunk of data and search for the end-of-response line within that chunk. When found, it would just skip the rest of the data. However, when the network connections are special, or perhaps the server is, we could actually get more than one response in that chunk of data so that when the next invoke to this function was done, the response had already been read and thrown away. Now, we cache the data not used in one call, as it could be useful in the subsequent call. Test case 126 was added and the test ftp server modified, to exercise this particular case. Version 7.9.2-pre8 Daniel (2 December 2001) - Bug report #487825 correctly identified a problem when using a proxy and following a redirection from HTTP to HTTPS. libcurl then re-used the same proxy connection but without doing a proper HTTPS request. - Fixed win32 compiling quirks. Version 7.9.2-pre7 Daniel (30 November 2001) - Documented --disable-epsv and CURLOPT_FTP_USE_EPSV. Daniel (29 November 2001) - Added --disable-epsv as an option. When used, curl won't attempt to use the EPSV command when doing passive FTP downloads. Wrote a test case for it. - Eric provided a few more fixes for building on Macs. He also pointed out a flaw in the signal handler restoration code. Daniel (28 November 2001) - Fiddled with some Tru64 problems reported by Dimitris Sarris. They appeared only when using VERBOSE ftp transfers. Do we use a too small buffer for gethostbyaddr_r(), was the lack of using in_addr_t wrong or is it that the hostent struct must be blanked before use? With Dimitris help and these patches, the problems seem to be history. - CURLOPT_FTP_USE_EPSV was added and can be set to FALSE to prevent libcurl from using the EPSV command before trying the normal PASV. Heikki Korpela pointed out that some firewalls and similar don't like the EPSV so we must be able to shut if off to work everywhere. - I added a configure check for 'in_addr_t' and made the ftp code use that to receive the inet_addr() return code in. Works on Solaris and Linux at least. The Linux man page for inet_addr() doesn't even mention in_addr_t... - Adjusted (almost) all FTP tests to the new command sequence. - FTP command sequence changes: EPSV is now always attempted before PASV. It is the final touch to make IPv6 passive FTP downloads to work, but EPSV is not restricted to IPv6 but works fine with IPv4 too on the servers that support it. SIZE is now always issued before RETR. It makes curl know the actual download size before the download takes place, as it makes it less important to find the size sent in RETR responses. Many sites don't include the size in there. Both these changes made it necessary to change the test suite's ftp server code, and all FTP test cases need to be checked and adjusted! Daniel (27 November 2001) - Hans Steegers pointed out that the telnet code read from stdout, not stdin as it is supposed to do! Version 7.9.2-pre6 Daniel (27 November 2001) - Eric Lavigne's minor changes to build on MacOS before OS X were applied. - greep at mindspring.com provided a main index.html page for our release archive docs directory. It just links to all the existing HTML files, but I think it may come useful to people. - There's now some initial code to support the EPSV FTP command. That should be used to do passive transfers IPv6-style. The code is still #if 0'ed in lib/ftp.c as I have no IPv6 ftp server to test this with. Daniel (26 November 2001) - Robert Schlabbach had problems to understand how to do resumed transfers, and I clarified the man page -C section somewhat. Version 7.9.2-pre5 Daniel (22 November 2001) - Andrés García helped me out to track down the roots of bug report #479537, which was concerning curl returning the wrong error code when failing to connect. This didn't happen on all systems, and more specificly I've so far only seen this happen on IPv4-only Linux hosts. - I applied the fixes for the two bugs Eric Lavigne found when doing his MacOS port. A missing comma in arpa_telnet.h and a pretty wild write in the FTP response reader function. The latter write is however likely to occur in our own buffer unless very big FTP server replies (>25K) are read. I've never seen such a reply ever, so I think this is a relatively minor risk. Daniel (21 November 2001) - Moonesamy provided code to prevent junk from being output when libcurl returns an error code but no error description and that corrects how make is run in the Makefile.dist file (that appears as root Makefile in release archives). - Eric Lavigne mailed me bugfixes and patches for building libcurl on MacOS (non-X). - Kevin Roth modified the cygwin files once again, now to build against the shared OpenSSL DLLs. Version 7.9.2-pre4 Daniel (20 November 2001) - Georg Horn brought a patch that introduced CURLINFO_STARTTRANSFER_TIME, complete with man page updates! Daniel (19 November 2001) - Miklos Nemeth provided details enough to update the Borland makefile properly. - Lars M Gustafsson found a case with a bad free(). In fact, it was so bad I'm amazed we never saw this before! - Kevin Roth patched the cygwin Makfile. Daniel (16 November 2001) - Klevtsov Vadim fixed a bug in how time-conditionals were sent when doing HTTP. Version 7.9.2-pre3 Daniel (14 November 2001) - Samuel Listopad patched away the problem with SSL we got when someone call curl_global_init() => curl_global_cleanup() => curl_global_init(). The second init would not "take" and SSL would be unusable with curl from that point. This doesn't change the fact that calling the functions that way is wrong. curl_global_init() should be called exactly once and not more. Daniel (13 November 2001) - Fixed some minor variable type mixups in ftp.c that caused compiler warnings on HP-UX 11.00. - The FTP fix I did yesterday used an uninitialized variable that caused spurious errors when doing FTP. Version 7.9.2-pre2 Daniel (12 November 2001) - Ricardo Cadime fell over a multiple-requests problem when first a FTP directory fetch failed and then a second request is made after that. The second request happened to get the FTP server response back from the previous request, when it did its initial CWD command. - Bjorn Reese pointed out that we could improve the time diff function to prevent truncation a bit. - Kai-Uwe Rommel made me aware that -p (http proxy tunnel) silly enough didn't work for plain HTTP requests! So I made that work. Version 7.9.2-pre1 Daniel (12 November 2001) - Rewrote the Curl_ConnectHTTPProxyTunnel(). It should now not only work a lot faster, it should also support such ("broken") proxies that John Lask previously have reported problems with. His proxy sends a trailing zero byte after the end of the (proxy-) headers. I've tested this myself and it seems to work on a proxy the previous version also worked with...! This rewrite is due to the problems John Lask previously experienced. - Andrés García found out why the "current speed" meter sometimes showed 2048K for very quick transfers. It turned out the "time diff"-function returned a zero millisecond diff. We now always say it is at least one millisecond! In reality, these timers very rarely have that good resolution so even though the time diff was longer than 1 millisecond, it was reported as no diff. - I also modified the getinfo() again when returning times, as Paul Harrington reports that 7.9.1 only returns times with 1 second accuracy, which indeed is wrong. Daniel (8 November 2001) - Marcus Webster found out that curl_formadd() could read one byte outside a buffer boundary, which then of course could lead to a crash. Marcus also gracefully provided a patch for this this. - Glen Scott ran configure on his Cobalt Qube and it didn't figure out the correct way of calling gethostbyname_r() and thus failed to resolve hosts. This is two errors: it shouldn't continue the configure script if it finds gethostbyname_r() but can't figure out how to use it, and it should really figure out how to use it as it was running Linux and we know how that works... Daniel (7 November 2001) - docs/VERSIONS is a new file in the archive that explains the version number system we use in the curl project. - Did some more fixes that now makes libcurl only ignore signals as long as it needs to, and then restore (if any) previous signal handler again. Daniel (6 November 2001) - Enrik Berkhan posted bug report #478780, in which he very correctly pointed out two bad timeout matters in libcurl: we didn't restore the sigaction struct (the alarm handler for SIGALRM) nor did we restore the previous alarm() timeout that could've been set by a "parent" process or similar. - Kevin Roth made the cygwin binary get stripped before install. Daniel (5 November 2001) - Detlef Schmier reported that curl didn't compile using Solaris 8 with the native cc compiler. It was due to a bad function prototype. Fixed now. Unfortunately, I can't enable the -Wstrict-prototypes in my debug builds though, as gcc then complains like crazy on OpenSSL include files... :-( - John Lask provided SSL over HTTP proxy fixes. They'll need some tweaking to work on all platforms. - John Lask added the -1/--TLSv1 options that forces SSL into using TLS version 1 when speaking HTTPS. - John Lask brought a brand new VC++ makefile for the lib directory, that works a lot better than the previous! - Ramana Mokkapati brought some clever insights on the LDAP failures (bug report #475407), and his suggested changes are now applied. Version 7.9.1 Daniel (4 November 2001) - I've added a number of new test cases the last few days. A few of them since I got reports that hinted on problems on timeouts, so I added four tests with timeouts for all sorts of protocols and stuff. I also came to think of a few other error scenarios that we currently didn't test properly, so I wrote up tests for a few of those too. Daniel (2 November 2001) - Replaced read() and write() with recv() and send() for socket operations even under normal unixes. Daniel (1 November 2001) - When an FTP transfer was aborted due to a timeout, it wasn't really aware of how many bytes that had been transferred and the error text always said 0 bytes. I modified this to output the actually transferred amount! :-) - The FTP fixes in pre7 didn't compile on IPv6 enabled hosts. Does now. I also added more comments in the lib/ftp.c source file. - Minor updates to the FAQ, added a brand new section to the web site about the name issue (who owns "curl"? will someone sue us? etc etc): http://curl.haxx.se/legal/thename.html Version 7.9.1-pre7 Daniel (31 October 2001) - The curl_easy_getinfo() timers accidentally lost their subsecond accuracy as the calculations used longs instead of doubles! Paul Harrington reported. - The SSL SocketIsDead() checks weren't good enough (as expected really), so I had to add a generic internal try-it-out system. If the request on a re-used connection seems to fail, then we go back and get a new (fresh) connection and re-tries the request on that instead. It kind of makes the SocketIsDead() check obsolete, but I think it is a quicker way for those cases where it actually discovers that the connection is dead. - When fixing the above, I noticed that we did quite a few writes to sockets in libcurl where we didn't check the return code (that it actually worked to send the data). With the new "attempted request" system we must detect those situations so I went over a bunch of functions, changed return types and added checks for what they actually return. Version 7.9.1-pre6 Daniel (31 October 2001) - Paul Harrington detected a problem with persistant SSL connections. Or to be more exact, we didn't properly detect that the connection was dead and then a second connection would try to re-use it wrongly. The solution to this problem is still not very clear and I'm working on it. One OpenSSL insider said there is no way to know if the SSL connection is alive or not without actually trying an operation. Daniel (30 October 2001) - If a cookie was read from a file, it could accidentally strdup() a NULL pointer. Paul Harrington reported. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.25&r2=1.26] - The MANUAL file now documents -t correctly. I also fixed the -T description in the curl.1 man page. Daniel (29 October 2001) - John Janssen found out that curl_formadd was missing in the libcurl.def file and that the docs stated the wrong return type for the function. - Andrés García found a bug with multiple files in the curl_formadd() function, that I removed with this patch [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/formdata.c.diff?r1=1.25&r2=1.26]. - Kevin Roth brought another patch that moved the cygwin package files to the packages/Win32/cygwin directory. - A bug in the connection re-use logic made repeated requests to the same FTP server (when using name+pasword in the URL) sometimes use more than one connection. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/url.c.diff?r1=1.166&r2=1.167] - Moonesamy tracked down and fixed a problem with the new 7.9.1 connect code. This corrected the error Kevin Roth reported on the 7.9.1-pre5 release (test 19)... [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/connect.c.diff?r1=1.13&r2=1.14] Daniel (26 October 2001) - Added test28 which verifies that "Location:"-following works even if the contents is separated with more than one space. Daniel (25 October 2001) - Ramana Mokkapati pointed out that LDAP transfers would 'hang' after the correct data has been output. Version 7.9.1-pre5 Daniel (24 October 2001) - T. Bharath found a memory leak in the cookie engine. When we update a cookie that we already knew about, we lost a chunk of memory in the progress... The brand new test case 27 now tests for this occurrence. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.24&r2=1.25] Daniel (23 October 2001) - pack_hostent() didn't properly align some pointers, so at least SPARC CPUs would core. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/hostip.c.diff?r1=1.34&r2=1.35] Daniel (22 October 2001) - Tom Benoist reported that this SGI IRIX compiler didn't handle indented preprocessor instructions, so they're no longer in the source code! - Applied Kevin Roth's patches to make it easier to build cygwin packages from the out-of-the-box curl release archives. - I forgot to mention it below, but libcurl now closes connections that report transfer failures. Unconditionally. This could be made more nicely in the future if we set a flag or something that the connection is still good to be used for the errors that know that for a fact. We have to close the connection for the cases where we abort for example a HTTP transfer in the middle, or otherwise we might re-use that connection later with lots of data still being sent to us on it. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.63&r2=1.64] Daniel (19 October 2001) - CURLE_GOT_NOTHING is now returned when a HTTP server doesn't return anything, not even a header. test case 37 was added to test for this. - T. Bharath made curl_easy_duphandle() properly clone the cookie status as well. Version 7.9.1-pre4 Daniel (18 October 2001) - CURLOPT_FAILONERROR, set with "curl --fail" no longer returns an error if the HTTP return code is below 400. Daniel (17 October 2001) - The test suite now kills any running test http server when you re-start the tests. - We had to remove 'use strict' from two perl scripts, as the cygwin adjustments didn't play nicely otherwise for some reason. Any perl wizard out there who can put the scrict back and still make it run good on unix and cygwin? - A potential memory leak pointed out to us by Yanick Pelletier was removed. It would occur when a http file transfer fails. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.60&r2=1.61] - The memory debugging system should no longer display anything to stderr if the curl_memdebug() hasn't been used to explicitly say so. This makes it easier to use the memory debug system and switch the logging on/off. Daniel (16 October 2001) - Kevin Roth provided fixes for building curl nicer in cygwin environments. Daniel (12 October 2001) - Cleaning up the progress meter/info code. The "current speed" is now more accurate than before as we now use the true time spent between the measures, and not just "assuming" every-second-update like before. The output should now also be of the same width at all times, never to show "extra" zeroes on the right edge. - After talking about possible Location: bugs on the mailing list, I modified the "absolute URL" checker in lib/transfer.c to be more strict when checking if the redirected URL is absolute. Daniel (11 October 2001) - Kevin Roth provided patches that make the test suite run fine on Windows 2000 running cygwin. Daniel (10 October 2001) - Setting the -c or the CURLOPT_COOKIEJAR option now enables the cookie parser. Previously -b or CURLOPT_COOKIEFILE was also required for the jar to work. Version 7.9.1-pre3 Daniel (9 October 2001) - Added a new option to the command line client: -0/--http1.0. It uses the new libcurl option CURLOPT_HTTP_VERSION to request that libcurl uses HTTP 1.0 requests instead of the default version (1.1). It should only be used if you really MUST do that because of a silly remote server. - Renamed the 'TimeCond' typedef in curl/curl.h to use a 'curl_' prefix as all public curl-symbols should. - libcurl now explicitly ignores the SIGPIPE signal. Daniel (8 October 2001) - Kevin Roth's change to the cookie-jar comment (in the stored file) was applied. - Lucas Adamski's minor bug in the bind error code failf() was fixed. Daniel (5 October 2001) - Moonesamy fixed the Curl_connecthost() function to not give compiler errors on a bunch of compilers, due to the argument named 'socket'. - Moonesamy also provided updated VC++ makefiles and project files. Version 7.9.1-pre2 Daniel (4 October 2001) - Albert Chin provided a configure patch that makes the script detect proper gethostbyname_r() method without actually running any code, only compiling is necessary. This also removes the need of having a resolving 'localhost' name. - Found and removed memory leakage (name resolve data) in libcurl on IPv6-enabled hosts. These could sneak through because we didn't have any resource tracing on the IPv6-related functions. We do now. Daniel (3 October 2001) - Keith McGuigan patched away a (mainly Windows-) problem with the name resolver data being kept in the static memory area, which is removed when a thread is killed. The curl handle itself though perfectly handles being passed between threads. - Dirk Eddelbuettel reported an odd bug that turned out to be his proxy that required an Authorization: header. Now, proxies are not supposed to require that header, that is for true servers... - I accidentally ruined Georg's curl_formadd(). Uh, bad me. Corrected now. Version 7.9.1-pre1 Daniel (3 October 2001) - Georg Huettenegger once again made an effort beyond the call of duty and not only improved the curl_formadd() function, but also took care of adjusting the curl command line client to use this new function instead of the obsoleted curl_formparse. Daniel (2 October 2001) - Major fix in how libcurl does TCP connects. It now does non-blocking connects to enable good timeouts without signals, and it now tries all IP addresses for any given host (if it resolves more than one and the first one(s) don't connect). Added a new source file 'connect.c' to deal with all the TCP connect stuff. - We now support IPv4-style IP-addresses in rfc2732-format, to better support people writing scripts without knowing what address there is. Daniel (28 September 2001) - Cleanups in the FTP source code. Divided the code into even more smaller functions and generally tried to make the differences between IPv4 and IPv6 get less noticable in the sources. - If the remote file time is not readable/accessable/understood by libcurl, libcurl now returns -1 in the CURLINFO_FILETIME data, not 0 as it previously did. This should make curl not touch the file data unless there was a known remote date when -R is used. Daniel (27 September 2001) - Working on getting non-blocking connects working platform independent. We will also make curl try all IPs for a given host if the first one should fail. Daniel (26 September 2001) - Kevin Roth provided a cookie example that proved the cookie jar functionality wasn't working properly. I added test case 46 and made it work. Daniel (25 September 2001) - Jörn Hartroth updated the mingw32 makefiles. Version 7.9 Daniel (23 September 2001) - Found and removed a 'socket leak' that would occur on IPv6 enabled hosts when FTP RETR failed. - Made the FTP upload tests run fine on machines with IPv6 enabled. Version 7.9-pre8 Daniel (19 September 2001) - Vojtech Minarik set up a special-purpose test server and provided me with test certificates in order for me to repeat the bug reports #440068 and #440373. It turned out we didn't check all the error codes properly. We do now, and connecting with a unacceptable certificate will make libcurl fail to connect with an error code returned. - Ramana Mokkapati found a case when the Location: following code did wrong. I wrote a test case for this (45). Version 7.9-pre7 Daniel (17 September 2001) - Linus Nielsen Feltzing fixed telnet for win32. It makes libcurl require winsock 2.0. Version 7.9-pre6 - libtool 1.4.2 is now in use! Version 7.9-pre5 Daniel (14 September 2001) - Added another 14 ftp tests. Daniel (13 September 2001) - Added curl_easy_duphandle() to the easy.h header file. It has now been tested and proved to work in a real-world tests by T Bharath. We still need to write up some docs for this function. - Added four more ftp tests to the test suite. Daniel (12 September 2001) - CURLOPT_SSL_CIPHER_LIST was added, and the curl tool option is named --ciphers. Use them to specify a list of ciphers to use in the SSL connection. - T. Bharath found a memory leak in libcurl's windows version. It turned out to be the new duphandle() that didn't quite work yet. Version 7.9-pre4 Daniel (11 September 2001) - Added verbose output for SSL connections that output the server certificate's start and expire dates. As suggested by Paul Harrington. - Heikki Korpela found problems in the perl ftp server used for the test suite, when he runs on on OpenBSD with perl 5.6. Some changes have been made, but nothing really certain. - T. Bharath has experienced problems with libcurl's stack usage on windows and works on reducing it. Daniel (10 September 2001) - Cris Bailiff fixed the perl interface. It stopped working since the changed behavior with WRITEHEADER and NULL pointers. - The "output cookies" function could dump core if no cookies were enabled. Daniel (7 September 2001) - SM pointed out that the SSL code didn't compile any longer if SSL was disabled... Also, we needed to correct the #include for the utime stuff on windows. Daniel (6 September 2001) - T. Bharath pointed out a flaw in the SSL session cache code that made it sometimes read from a NULL pointer. Version 7.9-pre3 Daniel (3 September 2001) - Added the -R/--remote-time option, that uses the remote file's datestamp to set the local file's datestamp. Thus, when you get a remote file your local file will get the same time and date. Note that this only works when you use -o or -O. - Installed libtool 1.4.1, libtoolized and everything. Daniel (1 September 2001) - Heikki Korpela pointed out that I did not ship the proper libtool stuff in the pre-releases, even though that was my intention. libtoolize has now been re-run. - Heikki also patched away the bad use of 'make -C' in the test suite makefile. make -C is not very portable and is now banned from here. Version 7.9-pre2 Daniel (31 August 2001) - I just made a huge internal struct rehaul, and all the big internally used structs have been renamed, redesigned and stuff have been moved around a bit to make the source easier to follow, more logically grouped and to hopefully decrease future bugs. I also hope that this will make new functions to get easier to add, and make it less likely that we have bugs left like the URL- free bug from August 23. Version 7.9-pre1 Daniel (29 August 2001) - The new cookie code have enabled the brand new '-c/--cookie-jar' option. Use that to specify the file name in which you want to have all cookies curl knows of, dumped to. It'll be written using the netscape cookie format. This is internally done with the new CURLOPT_COOKIEJAR option to libcurl, which in turn dumps this information when curl_easy_cleanup() is invoked. There might be reasons to re-consider my choice of putting it there. Perhaps it is better placed to get done just before *_perform() is done. It is all of course depending on how you guys want to use this feature... - Added ftpupload.c in the source examples section, based on source code posted by Erick Nuwendam. Daniel (28 August 2001) - Now running libtool CVS branch-1-4 to generate stuff. Should fix problems on OpenBSD and hopefully on FreeBSD as well! - Georg Huettenegger modified the curl_formadd() functionality slightly, and added support for error code 417 when doing form post and using the Expect: header. Great work! - Made some tests with cached SSL session IDs, and they seem to work. There should be a significant speed improvement in the SSL connection phase, but in my tiny tests it just isn't possible to notice any difference. Like other caching in libcurl, you must reuse the same handle for the caching to take effect. SSL session ID caching is done on a per host-name and destination port number basis. Set verbose, and you'll get informational tests when libcurl detects and uses a previous SSL session ID. - Upgraded to automake 1.5 on my development/release machine. Daniel (27 August 2001) - Slowly started writing SSL session ID caching code Daniel (24 August 2001) - T. Bharath removed compiler warnings on windows and updated the MS project files. - Kevin Roth reported two kinds of command line constructs with the new -G that curl didn't really deal with the way one would like. - Tim Costello patched away a use of strcasecmp() in the SSL code. We have our own portable version named strequal() that should be used! - Tim also pointed out a problem in the lib/Makefile.vc6 file that made it mix debug object modules causing confusions. Daniel (23 August 2001) - T. Bharath accurately found a libcurl bug that would happen when doing a second invoke of curl_easy_perform() with a new URL when the previous invoke followed a Location: header. - Started the improvement work on the cookie engine: - Now keeps cookies in the same order as the cookie file - A write to the possibly static string was removed - Added a function that can output all cookies - Now supports reading multiple cookie files - Steve Lhomme corrected a DLL naming issue in the MSVC++ project file. - Split up the monster function in lib/ftp.c to use more smallish functions to increase readability and maintainability. Daniel (21 August 2001) - Georg Huettenegger's big patch was applied. Now we have: o "Expect: 100-continue" support. We will from now on send that header in all rfc1867-posts, as that makes us abort much faster when the server rejects our POST. Posting without the Expect: header is still possible in the standard replace-internal-header style. o curl_formadd() is a new formpost building function that is introduced to replace the now deprecated curl_formparse() function. The latter function will still hang around for a while, but the curl_formadd() is the new way and correct way to build form posts. o Documentation has been updated to reflect these changes These changes are reason enough to name the next curl release 7.9... - We now convert man pages to HTML pages and include them in the release archive. For the pleasure of everyone without nroff within reach. - Andrés García's suggested flushing of the progress meter output stream was added. It should make the progress meter look better on Windows. - Troy Engel pointed out a mistake in the configure script that made it fail on many Red Hat boxes! Daniel (20 August 2001) - We need an updated libtool to make a better build environment for OpenBSD as well as FreeBSD Version 7.8.1 Daniel (20 August 2001) - Brad pointed out that we ship two extra libtool files in the tarballs that we really don't need to! Removing them makes the gz-archive about 60K smaller! - Albert Chin brought fixes for the configure script to detect socklen_t properly as well as moving lots of our custom autoconf macros to acinclude.m4. Daniel (19 August 2001) - Moonesamy improved his -G feature for host names only URLs... Daniel (17 August 2001) - Finally cleaned up the kerberos code to use Curl_ prefixes on all global symbols and to not use global variables. Version 7.8.1-pre6 Daniel (16 August 2001) - S. Moonesamy added the -G option to curl, that converts the data specified with -d to a GET request. Default action when using -d is POST. When -G is used, the -d specified data will be appended to the URL with a '?' separator. As suggested previously by Kevin Roth. - curl-config --libs should now display all linker options required to link with libcurl. It includes the path and options for libcurl itself. curl-config --cflags displays the compiler option(s) needed to compile source files that use libcurl functions. Basically, that sets the include path correct. Daniel (15 August 2001) - Arkadiusz Miskiewicz pointed out a mistake in how IPv6-style IP-addresses were parsed and used. (RFC2732-format) - Bug #12733 over on php.net identified a problem in libcurl that made it core dump if you used CURLOPT_POST without setting any data to post with CURLOPT_POSTFIELDS! This is no longer the case. Not using CURLOPT_POSTFIELDS now equals setting it to no data at all. - Ramana Mokkapati reported that curl with '-w %{http_code}' didn't work properly when used for multiple URLs on a single command line. Indeed, the variable was not reset between the requests. This is now fixed. - David James fixed the Borland makefile so that libcurl still compiles and builds with that compiler. Daniel (14 August 2001) - Oops. I ruined Nico's socklen_t define in config-vms.h, corrected it now. - An older item not mentioned here before: CURL_GLOBAL_WIN32 is a define for windows users to curl_global_init(), that makes libcurl init the winsock stuff. If libcurl is all socket stuff you do, then allowing it to fiddle with this is a comfortable shortcut to fame. Version 7.8.1-pre5 Daniel (14 August 2001) - Nico Baggus provided more feedback from his VMS porting efforts and a few minor changes were necessary. - I modified configure.in so that --enable-debug sets more picky gcc options. I then removed almost all the new warnings that appeared, and by doing so I corrected the size_t-treated-as-signed problem that has been discussed on the mailing list previously. I also removed a bunch of the just recently added #ifdef VMS lines. - I removed the use of a global variable in the SSL code. It was once necessary but hasn't been needed since OpenSSL 0.9.4. The old code should (hopefully) still work if libcurl is built against an ancient version of OpenSSL. Daniel (13 August 2001) - Peter Todd posted a patch that now allows non-file rc1867-style form posts to be larger than 4K. Daniel (10 August 2001) - S. Moonesamy fixed bugs for building debug and SSL lib in VC makefile Daniel (9 August 2001) - The redirected error stream was closed before the curl_easy_cleanup() call was made, and when VERBOSE was enabled, the cleanup function tried to use the stream. It could lead to a segmentation fault. Also, the stream was closed even if we looped to get more files. Corrects Dustin Boswell's bug report #441610 - Now generates the release configure script with autoconf 2.52 Version 7.8.1-pre4 Daniel (8 August 2001) - curl -E uses a colon to separate a file name from a passphrase. This turned out really bad for the windows people who wants to include a drive letter in the file name like "c:\cert.pem". There's now a win32 work-around implemented that tries work around that, when the colon seems to be used for this kind of construct. - Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST, which makes curl verify the server's CN field when talking https://. If --cacert is not used, any failures in matching is only displayed as information (-v). Daniel (7 August 2001) - Wrote up nine more test cases, more or less converted from the former test suite. Daniel (6 August 2001) - Heikki Korpela posted a patch that makes 'curl-config --libs' include the directory in which libcurl itself is installed in. While this wasn't my initial intention with this option, it makes sense and makes linking with libcurl easier. - Stefan Ulrich pointed out to us that other tools and libraries treat file:// URLs with only one slash after the host name slighly different than libcurl does. Since all the others seem to agree, we better follow them. - Nico Baggus provided us with a huge set of fixes to make curl compile and build under OpenVMS. Version 7.8.1-pre3 Daniel (6 August 2001) - Jonathan Hseu noticed that you couldn't get a header callback unless you set CURLOPT_WRITEHEADER to non-NULL, even if you didn't care about that data. This is now fixed. Daniel (5 August 2001) - Sergio Ballestrero provided a patch for reading responses from NCSA httpd 1.5.x servers, as they return really screwed up response headers when asked for with HTTP 1.1. - curl_escape() no longer treats already encoded characters in the input string especially. Daniel (3 August 2001) - I replaced the former lib/arpa_telnet.h file with one I wrote myself, to avoid the BSD annoucement clause of the license in the former file. - Andrew Francis provided a new version of base64.c to work around the license boiler plate that came with the previous one. I patched it, but the glory should go to Andrew for his heads up. - Tomasz Lacki noticed that when you do repeated transfers with libcurl you couldn't always reliably change HTTP request. This has now been fixed and a new libcurl option was added: CURLOPT_HTTPGET, that can force the HTTP requestr (back) to GET. - Linus Nielsen Feltzing pointed out that httpsserver.pl wasn't included in release archives. It should be now. Daniel (2 August 2001) - Frank Keeney pointed out a manual mistake for certificate convertions. - Tomasz Lacki pointed out a problem in the transfer loop that could make the select() loop use far too much CPU. - Pawel A. Gajda pointed out an output mistake done when using libcurl's progress callback. Daniel (29 June 2001) - Naveen Noel noticed that the Borland library makefile wasn't updated. - Nic Roets brought a fix for the certificate verification when using SSL. Daniel (27 June 2001) - Made the FTP tests run OK even on machines running curl IPv6-enabled. - Troy Engel corrected some RPM package details. Version 7.8.1-pre2 Daniel (25 June 2001) - Björn Stenberg correctly identified a problem that occurred when downloading several files with curl, and using resume. The first file's resume index was then used for all files, resulting in weird results... - Anton Kalmykov provided a fix that makes curl work with form field names with spaces like when -F is used. Version 7.8.1-pre1 Daniel (20 June 2001) - Mike Bytnar provided a fine report that proved that the --with-ssl option for configure needed tweaking. It no longer searches the default directories for OpenSSL libs or directories when a specified path is given. Daniel (19 June 2001) - When an FTP transfer is cut off during transfer, curl could present a truly garbaged error message and in worst case dump core. Thanks to detailed reports from Shawn Poulson we nailed this. Daniel (12 June 2001) - Salvador Dávila provided a fix for FTP range downloads. - Added a few more test cases from the former test suite to the new file format. We're now at a total of 26 tests. Daniel (11 June 2001) - libcurl's version-info was wrong, as noted by both Domenico Andreoli and David Odin. Daniel (7 June 2001) - Jörn fixed the curl_unescape duplicate entry in lib/libcurl.def - I made SSL certificate failure messages to be more detailed. Version 7.8 Daniel (7 June 2001) - SDavila provided a resumed download fix. Version 7.8-pre4 Daniel (1 June 2001) - Sterling provided some new PHP examples. - Changed the CVS hierarchy and the older checkout instruction does no longer work. We moved the entire source code into a CVS module named 'curl'. Daniel (31 May 2001) - CURLOPT_MUTE does not exist anymore. It is still present in the include file to not cause compiler errors for applications using it, but it isn't used anywhere in the library. Version 7.8-pre3 Daniel (31 May 2001) - Once and for all fixed the _REENTRANT mess for Solaris compiles to present less warnings. - Sterling Hughes tirelessly points out and corrects my mistakes...! So, curl_global_init() now lets the argument flags *SET* what parts to init. CURL_GLOBAL_DEFAULT makes a nice default, CURL_GLOBAL_ALL inits all known subsystems and CURL_GLOBAL_NONE inits nothing more than absolutely necessary. Man page updated accordingly. - Fixed the strtok.h include file as it wouldn't compile on all platforms! Daniel (30 May 2001) - Made libcurl by default act as if CURLOPT_MUTE and CURLOPT_NOPROGRESS were set TRUE. Set them to FALSE to make libcurl more talkative. The *_MUTE option is subject for complete removal... Version 7.8-pre2 Daniel (30 May 2001) - Cris Bailiff wrote a makefile for building Solaris packages. - Sterling Hughes brought fixes for 'buildconf' (the build-from-CVS tool) and we discussed and added a few CURL_GLOBAL_* flags in include/curl.h - Kjetil Jacobsen privately announced his python interface to libcurl, available at http://pycurl.sourceforge.net/ Daniel (29 May 2001) - Sterling Hughes fixed a strtok() problem in libcurl. It is not a thread- safe function. Now configure checks for a thread-safe version, and lib/strtok.c offers one for the systems that don't come with one included! - Mettgut Jamalla correctly pointed out that the -# progress bar was written to stderr even though --stderr redirection was used. This is now corrected. - I moved out the list of contributors from the curl.1 man page and made a separate docs/THANKS file. It makes the list easier to find, and made it easier for me to make a separate web page with that same information. I really do want all you guys mentioned in there to feel you get the credit you deserve. - lib/easy.c didn't compile properly in the 7.8-pre1 due to a silly mistake Version 7.8-pre1 Daniel (28 May 2001) - curl-config now supports '--vernum' that outputs a plain hexadecimal version of the libcurl version number (using 8 bits for each 3 numbers). Version 7.7.4 appears as 070704 - Wrote man pages for curl_global_init and curl_global_cleanup... - T. Bharath brought news about the usage of the OpenSSL interface that was not previously taken into consideration and thus caused libcurl to leak memory. The only somewhat sane approach to fix this dilemma, is adding two two new functions curl_global_init() and curl_global_cleanup() that should be called *ONCE* by the application using libcurl. The init should be done only at startup, no matter how many threads the application is gonna use, and the cleanup should be called when the application has finished using libcurl completely. *** UPGRADE NOTICE *** If you write applications using libcurl, you really want to use the two functions mentioned above !!! I can't say I think this is a very beautiful solution, but as OpenSSL insists on making lots of stuff on a "global" scope, we're forced to walk the path they point us to. - Moving more test cases into the new file format. Version 7.7.4-pre3 Daniel (23 May 2001) - Introduced a new file format for storing test cases, and thus I had to modify all the perl test scripts and more (I added a new one). I have not "ported" all the old test cases to the new format yet, but it'll come. The main advantage of this new format is that all test data for each test case is stored in a single file. It gives a better overview for each test case and a lot less files. - Andrés García brought a fix for the netscape/mozilla cookie file parsing function, as it turns out it doesn't always store the path! Daniel (22 May 2001) - As was reported anonymously, when FAILONERROR was used, the httpcode was not stored properly and thus wasn't possibly to read after a transfer with the curl_easy_getinfo() function. This is now corrected. - Installed and made use of the following tool versions: autoconf 2.50 libtool 1.4 automake 1.4-p1 I wouldn't recommend any developer to try to generate things with older versions than these. Building from CVS will probably more or less require at least these versions. As a result of this, the configure script grew to more than double its previous size! Arkadiusz Miskiewicz helped me by pointing out I had to remove my acinclude.m4 file before I could get it working! Daniel (21 May 2001) - I made ftps:// work. Added test case 400 to the release archive, as the first ftps:// test case. Requires stunnel. - Also made the test cases that runs ssl tests not run if libcurl isn't built with ssl support. Daniel (19 May 2001) - Made the configure not add any extra -L LDFLAGS or -I CPPFLAGS unless they are actually needed. Albert Chin's and Domenico Andreoli's suggestions helped out. Version 7.7.4-pre2 Daniel (18 May 2001) - Nicer configure-check for the OpenSSL headers, which then sets the proper variable to have curl-config be good. (Albert Chin provided the fix) - For systems that don't have theiw own 'strlcat()' libcurl provides its own. It was now renamed to prevent collides with other libs. (After discussions with Sterling Hughes and the implications this had on PHP builds.) Daniel (17 May 2001) - Colm Buckley posted a detailed bug report on (the debianized) 7.7.3, that turned out to be a problem with the debian-built 7.7.3-package that contained files from the 7.7.2 release! - I added the CURLE_ALREADY_COMPLETE again, but with a fake value, just to make programs that use it, not fail when compiling against this version of libcurl. Daniel (14 May 2001) - Pawel A. Gajda fixed a problem with resumed transfers on re-used persistent connections. Version 7.7.4-pre1 Daniel (14 May 2001) - Jun-ichiro itojun Hagino fixed FTP PORT for IPv6-enabled libcurl. - Added the first HTTPS test to the test suite in the release archive. Daniel (12 May 2001) - Jukka Pihl suggested that if (lib)curl is told to verify the peer's certificate and the peer can't be verified, it should fail and return a proper error code. I added a brand new error code named CURLE_SSL_PEER_CERTIFICATE for this purpose. Daniel (11 May 2001) - As was discussed with Frederic Lepied a while ago, I now made libcurl not return error even though no data was transfered on upload/download resume when the no transfer is needed. The CURLE_ALREADY_COMPLETE error was removed from the header file to make any implemenator that uses that to be aware of the fact that it can't be returned anymore! - Improved general header-parsing to better allow white spaces and more. - Rodney Simmons proved the fix I did yesterday was bad and I had to post another one. - Ingo Wilken patched away two redirect problems more! Daniel (10 May 2001) - Cris Bailiff correctly noted that the space-after-header problem with Location: is present on several other places in the libcurl sources. - Ingo Wilken patched away a problem libcurl had when following Location: headers with an extra space after the colon. - Rodney Simmons found out that multiple FTP transfers did not treat relative directories correctly. Daniel (9 May 2001) - Getting an FTP file with CURLOPT_NOBODY set (or -I from the command line), makes curl use the non-standard ftp command "SIZE". If it failed, libcurl returned error. Starting now, it just don't output the file size instead. Anonymous bug report. - stunnel.pm was accidentally left out from the release archive, it is now added (stunnel is needed to run the https-tests in the test suite) Daniel (7 May 2001) - Corrected two minor compiler warnings due to the FILE * to void * conversion that I missed at two places. Jörn Hartroth brought me patches. Sander Gates filed a bug report on this. Version 7.7.3 Daniel (4 May 2001) - All callback functions now take 'void *' instead of 'FILE *'. This is made this way to make it more obvious to people that anything can be passed to them (by using the apropriate option). After discussions with Sterling Hughes. Daniel (3 May 2001) - Cris Bailiff fixed a chunked transfer encoding problem with persistent connection that made libcurl fail if the persistent connection used mixed chunked and non-chunked transfers. - Cris Bailiff fixed a bad treatment of 304-replies, as they would not be treated as content-length 0 replies but would cause a "hang" until the server timed-out and closed the connection. - Brad Burdick found a minor problem in the docs/examples/Makefile.am Daniel (27 April 2001) - Updated the INTERALS document again. It was lagging a bit. I think I made it more easy to follow now as well. - Brad Burdick found a problem with persistent connections when curl received a "Content-Length: 0" header. - Giuseppe D'Ambrosio was first out to report that TELNET doesn't work in curl compiled/built on win32. It seems to work for unixes though! - Dave Hamilton reported weird problems with CURL/PHP that I really can't explain at the moment. I'm hoping on some help from the PHP crew. Daniel (26 April 2001) - I rewrote the FTP command response function. I had to do it to make ftps work, as the OpenSSL read()-function didn't work the same way the normal unix read() does, but it was also a huge performance boost. Previously the function read one byte at a time, now it reads very large chunks, and it makes a notable speed difference. Daniel (25 April 2001) - Connection re-use when not using a proxy didn't work properly for non-default port numbers. Daniel (24 April 2001) - I've noticed that FTPS doesn't work. We attempt to use ssl even for the data transfer, which causes the transfer to 'hang'... We need to fix this. - Improved the test suite to use 'stunnel' to do HTTPS and FTPS testing on the alredy written perl servers easily. Daniel (23 April 2001) - The OpenSSL version string recently modified didn't zero terminate one of the generated strings properly, which could lead to a crash or simply weird version string output! Version 7.7.2 Daniel (22 April 2001) - Rosimildo da Silva updated the Makefiles for Borland/Windows. - Eric Rautman pointed out a problem with persistent connections that would lead to broken Host: headers in the second HTTP request. Daniel (20 April 2001) - Added man pages for the curl_strequal() and curl_mprintf() families. Wrote a 'libcurl overview' man page. - Spell-fixed some documents. - S. Moonesamy corrected mistakes in the man page. - Cris Bailiff fixed the curl_slists options in the perl interface, present separately in the Curl::easy 1.1.4 package. Daniel (19 April 2001) - Linus Nielsen Feltzing removed the decimals from the size variables in the --write-out output. We hardly ever get fraction of bytes! :-) Version 7.7.2-pre1 Daniel (19 April 2001) - Albert Chin provided a configure patch for the AC_SYS_LARGEFILE macro. Daniel (18 April 2001) - Input from Michael Mealling made me add --feature to curl-config. It displays a list of features that have been built-in in the current libcurl. The currently available features that can be listed are: SSL, KRB4 and IPv6. - I committed Cris and Georg's perl interface work. They've got callbacks working and options that receives those slist pointers. - Puneet Pawaia detected a problem with resumed downloads that use persistent connections and I made a rather large writeup to correct this. It is important that all session-data is stored in the connectdata struct and not in the main struct as this previously did. Daniel (17 April 2001) - Frederic Lepied fixed a ftp resumed download problem and introduced a new error code that lets applications be able to detect when a resumed download actually didn't download anything since the whole file is already present. Should this return OK instead? - I added 'curl-config.in' to the root dir and configure script. Now, a curl-config script is made when curl is built. The script can be used to figure out compile time options used when libcurl was built, which in turn should be options YOU should use to build applications that use libcurl. This *-config style is not a new idea, but something that has been used successfully in other (library based) projects. - Phil Karn pointed out that libcurl wrongly did not always use GMT time zone for the If-Modified-Since style headers. - Georg Schwarz pointed out an extra needed #include file needed in src/main.c for curl to build on Ultrix. Daniel (11 April 2001) - Cris Bailiff pointed out two problems that I corrected. First, libcurl's use of the environment variable HTTP_PROXY in uppercase may become a security hazard when people use libcurl in a server/cgi situation where the server sets the HTTP_*-variables according to incoming headers in the HTTP request. Thus, a "Proxy:"-header would set that environment variable! Then, invoking curl_easy_perform() without having an URL set caused a crash. - S. Moonesamy brought a patch that make curl use non-blocking connects on windows when connection timeout is set, as it allows windows users to set that timeout! - Hirotaka Matsuyuki wrote a Ruby interface to libcurl! - Cris Bailiff, Forrest Cahoon and Georg Horn work on the Perl interface. - I've written a first shot at a Java interface to libcurl. Many thanks to Daniel Marell for tirelessly answering to all my basic Java questions. It works, but it is still very basic. Daniel (10 April 2001) - The progress display could get silly when doing multiple file transfers, as it wasn't properly reset between transfers! - Discussions with Cris Bailiff who writes a Perl interface to libcurl, made me add CURLOPT_HEADERFUNCTION. It can be used to set a separate callback function for writing headers. Previously you could only set a different FILE * when headers are written from within libcurl. Daniel (7 April 2001) - Andrés García fixed a problem in curl_escape() and pointed out a flaw in the curl_easy_setopt man page. Daniel (6 April 2001) - Adjusted the version code to properly display OpenSSL 0.9.6a. They sure change their version define format often... - curl_formfree() now accepts a NULL pointer without crashing! Version 7.7.1 Daniel (3 April 2001) - Puneet Pawaia pointed out two serious problems. Libcurl would attempt to read bad memory during situations when an (ftp) connection attempt failed. Also, the lib/Makefile.vc6 was corrected. - More investigations in the Location: following code made me realize that it was not clean enough to work transparantly with persistent and non- persistent connections. I think I've fixed it now. Daniel (29 March 2001) - Georg Horn mailed me some corrections for the Curl::easy perl interface. - Experimental ftps:// support added. It is basically FTP over SSL for the control connection. It still makes all data transfers going over unencrypted connections. Rainer Weikusat's ftpd-ssl server hack supports this and I used that to verify the functionality. Daniel (27 March 2001) - Guenole Bescon discovered that if you set a CURLOPT_TIMEOUT and then tried to get a file from a site and it fails, the SIGALRM would still be sent after the timeout-time, quite inexpectedly! - I added an ftp transfer example to docs/examples/ and I also wrote a tiny example makefile that can be used as a start when building one of the examples. Version 7.7.1-beta1 Daniel (26 March 2001) - Mohamed Lrhazi reported problems with 7.6.1 and persistent HTTP/1.0 connections (when the server replied a Connection: Keep-Alive) and this problem was not properly dealt with in 7.7 either. A patch was posted to the curl-and-php mailing list. Daniel (24 March 2001) - Colin Watson reported about a problem and brought a patch that corrected it, which was about the man page and lines starting with a single quote (') in a way that gnroff doesn't like. Daniel (23 March 2001) - Peter Bray reported correctly that the root makefile used make instead of $(MAKE) for the test target. - Corrected the Curl::easy perl interface to use curl_easy_setopt() and not curl_setopt() which was removed in 7.7! - S. Moonesamy provided updates on three documents (MANUAL, INSTALL and FAQ). - When following a Location:, libcurl would sometimes write to the URL string in a way it shouldn't. As the pointer is passed-in to libcurl from an application, we can't be allowed to write to it. The particular bug report from 'nk' that brought this up was because he had a read-only URL that then caused a libcurl crash! - No longer reads HEAD responses longer than to the last header. Previously, curl would read the full reply if the connection was a "close" one. - libcurl did re-use connections way too much. Doing "curl http://www.{microsoft,ibm}.com" would make it re-use the connection which made the second request return very odd results. Daniel (22 March 2001) - Edin Kadribasic made me aware that curl should not re-send POST requests when following 302-redirects. I made 302 work like 303 which means curl uses GET in the following request(s). - libcurl now reset the "followed-location" counter on each invoke of curl_easy_perform() as it otherwise would sum up all redirects on the same connection and thus could reach the maxredirs counter wrongly. - Jim Drash suggested curl_escape() should not re-encode what already looks like an encoded sequence and I think that's a fair suggestion. Version 7.7 Daniel (22 March 2001) - The configure script now fails with an error message if gethostbyname_r() is detected but it couldn't figure out how to invoke it (what amount of arguments it is supposed to get). Reports from Andrés García made me aware of this need. - Talking with Jim Drash made me finally put the curl_escape and curl_unescape functions in the curl.h include file and write man pages for them. The escape function was modified to use the same interface as the unescape one had. - No bug reports at all on the latest betas. Release time coming up. Version 7.7-beta5 Daniel (19 March 2001) - Georg Ottinger reported problems with using -C together with -L in the sense that the -C info got lost when it was redirected. I could not repeat this problem on the 7.7 branch why I leave this for the moment. Test case 39 was added to do exactly this, and it seems to do right. - Christian Robottom Reis reported how his 7.7 beta didn't successfully do form posts as elegantly as 7.6.1 did. Indeed, this was a flaw in the header engine, as HTTP 1.1 has introduced a new 100 "transient" return code for PUT and POST operations that I need to add support for. Section 8.2.3 in RFC2616 has all the details. Seems to work now! Daniel (16 March 2001) - After having experienced another machine break-down, we're back. - Georg Horn's perl interface Curl::easy is now included in the curl release archive. The perl/ directory is now present. Please help me with docs, examples and updates you think fit. - Made a new php/ directory in the release archive and moved the PHP examples into a subdirectory in there. Not much PHP info yet, but I plan to. Please help me here as well! - Made libcurl return error if a transfer is aborted in the middle of a "chunk". It actually enables libcurl to discover premature transfer aborts even if the Content-Length: size is unknown. Daniel (15 March 2001) - Added --connect-timeout to curl, which sets the new CURLOPT_CONNECTTIMEOUT option in libcurl. It limits the time curl is allowed to spend in the connection phase. This differs from -m/--max-time that limits the entire file transfer operation. Requested by Larry Fahnoe and others. I also updated the curl.1 and curl_easy_setopt.3 man pages and removed the item from the TODO. Version 7.7-beta4 Daniel (14 March 2001) - Made curl grok IPv6 with HTTP proxies and got everything to compile nicely again when ENABLE_IPV6 is set. I need to remake things in the test suite. I can't test the FTP parts with curl built for IPv6 as it uses a different set of FTP commands then! - I fell onto a bug report on php.net (posted by Lars Torben Wilson) that was a report meant for our project. Anyway, it said the .netrc parsing didn't work as supposed, and as I agreed with Lars, I made the netrc parser use getpwuid() to figure out the home directory of the effective user and try that netrc. It still uses the environment variable HOME for those that don't have that function or if the user doesn't return valid pwd info. - Edin Kadribaic posted a bug report where he got a crash when a fetch with user+password in the URL followed a Location: to a second URL (absolute, without name+password). This bug has been around for a long while and crashes due to a read at address zero. Fixed now. Wrote test case 38, that tests this. - Modified the test suite's httpserver slightly to append all client request data to its log file so that the test script now better can verify a range of requests and not only the last one, as it did previously. - Updated the curl man page with --random-file and --egd-file details. Version 7.7-beta3 Daniel (14 March 2001) - Björn Stenberg provided similar fixes as Jörn did and some additional patches for non-SSL compiles. - I increased the interface number for libcurl as I've removed the low level functions from the interface. I also took this opportunity to rename the Curl_strequal function to curl_strequal and Curl_strnequal to curl_strnequal, as they're public libcurl functions (even if they're still undocumented). This will make older programs not capable of using the new libcurl with just a drop-in replacement. - Jörn Hartroth updated stuff for win32 compiles: o config-win32.h was fixed for socklen_t o lib/ssluse.c had a bad #endif placement o lib/file.c was made to compile on win32 again o lib/Makefile.m32 was updated with the new files o lib/libcurl.def matches the current interface state Daniel (13 March 2001) - It only took an hour or so before Jörn Hartroth found a problem in the chunked transfer-encoding. Given his fine example-site, I could easily spot the problem and when I re-read the spec (the part I have pasted in the top of the http_chunks.h file), I realized I had made my state-machine slightly wrong and didn't expect/handle the trailing CRLF that comes after the data in each chunk (and those extra two bytes sure feel wasted). Had to modify test case 34 to match this as well. Version 7.7-beta2 Daniel (13 March 2001) - Added the policy stuff to the curl_easy_setopt man page for the two supported policies. - Implemented some support for the CURLOPT_CLOSEPOLICY option. The policies CURLCLOSEPOLICY_LEAST_RECENTLY_USED and CURLCLOSEPOLICY_OLDEST are now supported, and the "least recently used" is used as default if no policy is chosen. Daniel (12 March 2001) - Added CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET to libcurl for seeding the SSL random engine. The random seeding support was also brought to the curl client with the new options --random-file and --egd-file . I need some people to really test this to know they work as supposed. Remember that libcurl now informs (if verbose is on) if the random seed is considered weak (HTTPS connections). - Made the chunked transfer-encoding engine detected bad formatted data length and return error if so (we can't possibly extract sensible data if this is the case). Added a test case that detects this. Number 36. Now there are 60 test cases. - Added 5 new libcurl options to curl/curl.h that can be used to control the persistent connection support in libcurl. They're also documented (fairly thoroughly) in the curl_easy_setopt.3 man page. Three of them are now implemented, although not really tested at this point... Anyway, the new implemented options are named CURLOPT_MAXCONNECTS, CURLOPT_FRESH_CONNECT, CURLOPT_FORBID_REUSE. The ones still left to write code for are: CURLOPT_CLOSEPOLICY and its related option CURLOPT_CLOSEFUNCTION. - Made curl (the actual command line tool) use the new libcurl 7.7 persistent connection support by re-using the same curl handle for every specified file transfer and after some more test case tweaking we have 100% test case OK. I made some test cases return HTTP/1.0 now to make sure that works as well. - Had to add 'Connection: close' to the headers of a bunch of test cases so that curl behaves "old-style" since the test http server doesn't do multiple connections... Now I get 100% test case OK. - The curl.haxx.se site, the main curl mailing list and my personal email are all dead today due to power blackout in the area where the main servers are located. Horrible. - I've made persistance work over a squid HTTP proxy. I find it disturbing that it uses headers that aren't present in any HTTP standard though (Proxy-Connection:) and that makes me feel that I'm now on the edge of what the standard actually defines. I need to get this code excercised on a lot of different HTTP proxies before I feel safe. Now I'm facing the problem with my test suite servers (both FTP and HTTP) not supporting persistent connections and libcurl is doing them now. I have to fix the test servers to get all the test cases do OK. Daniel (8 March 2001) - Guenole Bescon reported that libcurl did output errors to stderr even if MUTE and NOPROGRESS was set. It turned out to be a bug and happens if there's an error and no ERRORBUFFER is set. This is now corrected. Version 7.7-beta1 Daniel (8 March 2001) - "Transfer-Encoding: chunked" is no longer any trouble for libcurl. I've added two source files and I've run some test downloads that look fine. - HTTP HEAD works too, even on 1.1 servers. Daniel (5 March 2001) - The current 57 test cases now pass OK. It would suggest that libcurl works using the old-style with one connection per handle. The test suite doesn't handle multiple connections yet so there are no test cases for this. - I patched the telnet.c heavily to not use any global variables anymore. It should make it a lot nicer library-wise. - The file:// support was modified slightly to use the internal connect-first- then-do approach. Daniel (4 March 2001) - More bugs erased. Version 7.7-alpha2 Daniel (4 March 2001) - Now, there's even a basic check that a re-used connection is still alive before it is assumed so. A few first tests have proven that libcurl will then re-connect instead of re-use the dead connection! Daniel (2 March 2001) - Now they work intermixed as well. Major coolness! - More fiddling around, my 'tiny' client I have for testing purposes now has proved to download both FTP and HTTP with persistent connections. They do not work intermixed yet though. Daniel (1 March 2001) - Wilfredo Sanchez pointed out a minor spelling mistake in a man page and that curl_slist_append() should take a const char * as second argument. It does now. Daniel (22 February 2001) - The persistent connections start to look good for HTTP. On a subsequent request, it seems that libcurl now can pick an already existing connection if a suitable one exists, or it opens a new one. - Douglas R. Horner mailed me corrections to the curl_formparse() man page that I applied. Daniel (20 February 2001) - Added the docs/examples/win32sockets.c file for our windows friends. - Linus Nielsen Feltzing provided brand new TELNET functionality and improvements: * Negotiation is now passive. Curl does not negotiate until the peer does. * Possibility to set negotiation options on the command line, currently only XDISPLOC, TTYPE and NEW_ENVIRON (called NEW_ENV). * Now sends the USER environment variable if the -u switch is used. * Use -t to set telnet options (Linus even updated the man page, awesome!) - Haven't done this big changes to curl for a while. Moved around a lot of struct fields and stuff to make multiple connections get connection specific data in separate structs so that they can co-exist in a nice way. See the mailing lists for discussions around how this is gonna be implemented. Docs and more will follow. Studied the HTTP RFC to find out better how persistent connections should work. Seems cool enough. Daniel (19 February 2001) - Bob Schader brought me two files that help set up a MS VC++ libcurl project easier. He also provided me with an up-to-date libcurl.def file. - I moved a bunch of prototypes from the public file to the library private urldata.h. This is because of the upcoming changes. The low level interface is no longer being planned to become reality. Daniel (15 February 2001) - CURLOPT_POST is not required anymore. Just setting the POST string with CURLOPT_POSTFIELDS will switch on the HTTP POST. Most other things in libcurl already works this way, i.e they require only the parameter to switch on a feature so I think this works well with the rest. Setting a NULL string switches off the POST again. - Excellent suggestions from Rich Gray, Rick Jones, Johan Nilsson and Bjorn Reese helped me define a way how to incorporate persistent connections into libcurl in a very smooth way. If done right, no change may have to be made to older programs and they will just start using persistent connections when applicable! Daniel (13 February 2001) - Changed the word 'timeouted' to 'timed out' in two different error messages. Suggested by Larry Fahnoe. Version 7.6.1 Daniel (9 February 2001) - Frank Reid and Cain Hopwood provided information and research around a HTTPS PUT/upload problem we seem to have. No solution found yet. Daniel (8 February 2001) - An interesting discussion is how to specify an empty password without having curl ask for it interactively? The current implmentation takes an empty password as a request for a password prompt. However, I still want to support a blank user field. Thus, today if you enter "-u :" (without user and password) curl will prompt for the password. Tricky. How would you specify you want the prompt otherwise? - Made the netrc parse result possible to use for other protocols than FTP and HTTP (such as the upcoming TELNET fixes). - The previously mentioned "MSVC++ problems" turned out to be a non-issue. - Added a HTTP file upload code example in the docs/examples/ section on request. - Adjusted the FTP response fix slightly. Version 7.6.1-pre3 Daniel (7 February 2001) - S. Moonesamy found a flaw in the response reading function for FTP that could make libcurl not get out of the loop properly when it should, if libcurl got -1 returned when reading the socket. - I found a similar mistake in http.c when using a proxy and reading the results from the proxy connection. Daniel (6 February 2001) - S. Moonesamy pointed out that the VC makefile in src/ needed the libpath set for the debug build to work. - Daniel Gehriger stepped in to assist with the VC++ stuff Robert Weaver brought up yesterday. Daniel (5 February 2001) - Jun-ichiro itojun Hagino brought a big patch that brings IPv6-awareness to a bunch of different areas within libcurl. - Robert Weaver told me about the problems the MS VC++ 6.0 compiler has with the 'static' keyword on a number of libcurl functions. I might need to add a patch that redefines static when libcurl is compiled with that compiler. How do I know when VC++ compiles, anyone? Daniel (4 February 2001) - curl_getinfo() was extended with two new options: CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD. They return the full assumed content length of the transfer in the given direction. The CURLINFO_CONTENT_LENGTH_DOWNLOAD will be the Content-Length: size of a HTTP download. Added descriptions to the man page as well. This was done after discussions with Bob Schader. Daniel (3 February 2001) - Ingo Ralf Blum provided another fix that makes curl build under the more recent cygwin installations. It seems they've changed the preset defines to not include WIN32 anymore. Version 7.6.1-pre2 Daniel (31 January 2001) - Curl_read() and curl_read() now return a ssize_t for the size, as it had to be able to return -1. The telnet support crashed due to this and there was a possibility to weird behavior all over. Linus Nielsen Feltzing helped me find this. - Added a configure.in check for a working getaddrinfo() if IPv6 is requested. I also made the configure script feature --enable-debug which sets a couple of compiler options when used. It assumes gcc. Daniel (30 January 2001) - I finally took a stab at the long-term FIXME item I've had on myself, and now libcurl will properly work when doing a HTTP range-request that follows a Location:. Previously that would make libcurl fail saying that the server doesn't seem to support range requests. Daniel (29 January 2001) - I added a test case for the HTTP PUT resume thing (test case 33). Version 7.6.1-pre1 Daniel (29 January 2001) - Yet another Content-Range change. Ok now? Bob Schader checks from his end and it works for him. Daniel (27 January 2001) - So the HTTP PUT resume fix wasn't good. There should appearantly be a Content-Range header when resuming a PUT. - I noticed I broke the download-check that verifies that a resumed HTTP download is actually resumed. It got broke because my new 'httpreq' field in the main curl struct. I should get slapped. I added a test case for this now, so I won't be able to ruin this again without noticing. - Added a test case for content-length verifying when downloading HTTP. - Made the progress meter title say if the transfer is being transfered. It makes the output slightly better for resumes. - When dealing with Location: and HTTP return codes, libcurl will not attempt to follow the spirit of RFC2616 better. It means that when POSTing to a URL that is being following to a second place, the standard will judge on what to do. All HTTP codes except 303 and 305 will cause curl to make a second POST operation. 303 will make a GET and 305 is not yet supported. I also wrote two test cases for this POST/GET/Location stuff. Version 7.6 Daniel (26 January 2001) - Lots of mails back and forth with Bob Schader finally made me add a small piece of code in the HTTP engine so that HTTP upload resume works. You can now do an operation like 'curl -T file -C ' and curl will PUT the ending part of the file starting at given offet to the specified URL. Version 7.6-pre4 Daniel (25 January 2001) - I took hold of Rick Jones' question why we don't use recv() and send() for reading/writing to the sockets and I've now modified the sread() and swrite() macros to use them instead. If nothing else, they could be tested in the next beta-round coming right up. - Jeff Morrow found a problem with libcurl's usage of SSL_read() and supplied his research results in how to fix this. It turns out we have to invoke the function several times in some cases. The same goes for the SSL_write(). I made some rather drastic changes all over libcurl to make all writes and reads get done on one single place so that this repeated-attempts thing would only have to be implemented at one point. - Rick Jones spotted that the 'total time' counter really didn't measure the total time very accurate on subsecond levels. - Johan Nilsson pointed out the need to more clearly specify that the timeout value you set for a download is for the *entire* download. There's currently no option available that sets a timeout for the connection phase only. Daniel (24 January 2001) - Ingo Ralf Blum submitted a series of patches required to get curl to compile properly with cygwin. - Robert Weaver posted a fix for the win32 section of the curl_getenv() code that corrected a potential memory leak. - Added comments in a few files in a sudden attempt to make the sources more easy to read and understand! Daniel (23 January 2001) - Added simple IPv6 detection in the configure script and made the version string add 'ipv6' to the enable section in that case. ENABLE_IPV6 will be set if curl is compiled with IPv6 support enabled. - Added a parser for IPv6-style specified IP-addresses in a URL. Thus, when IPv6 gets enabled soon, we can use URLs like '[0::1]:80'... - Made the URL globbing in the client possible to fail silently if there's an error in the globbing. It makes it almost intuitive, so when you don't follow the syntax rules, globbing is simply switched off and the raw string is used instead. I still think we'll get problems with IPv6-style IP-addresses when we *want* globbing on parts of the URL as the initial part of the URL will for sure seriously confuse the globber. Daniel (22 January 2001) - Björn Stenberg supplied a progress meter patch that makes it look better even during slow starts. Previously it made some silly assumptions... - Added two FTP tests for -Q and -Q - stuff since it was being discussed on the mailing list. Had to correct the ftpserver.pl too as it bugged slightly. Daniel (19 January 2001) - Made the Location: parsers deal with any-length URLs. Thus I removed the last code that restricts the length of URLs that curl supports. - Added a --globoff test case (#28) and it quickly identified a memory problem in src/main.c that I took care of. Version 7.6-pre3 Daniel (17 January 2001) - Made the two former files lib/download.c and lib/highlevel.c become the new lib/transfer.c which makes more sense. I also did the rename from Transfer() to Curl_Transfer() in the other source files that use the transfer function in the spirit of using Curl_ prefix for library-scoped global symbols. Daniel (11 January 2001) - Added -g/--globoff that switches OFF the URL globbing and thus enables {}[] letters to be part of the URL. Do note that RFC2396 section 2.4.3 explicitly mention these letters to be escaped. This was posted as a feature request by Jorge Gutierrez and as a bug by Terry. - Short options to curl that requires parameters can now be specified without having the option and its parameter space separated. -ofile works as good as -o file. -m20 is equal to -m 20. Do note that this goes for single-letter options only, verbose --long-style options still must be separated with space from their parameters. Daniel (8 January 2001) - Francis Dagenais reported that the SCO compiler still fails when compiling curl due to that getpass_r() prototype. I've now put it around #ifndef HAVE_GETPASS_R in an attempt to please the SCO systems. - Made some minor corrections to get the client to cleanup properly and I made the separator work again when getting multiple globbed URLs to stdout. - Worked with Loic Dachary to get the make dist and make distcheck work correctly. The 'maketgz' script is now using the automake generated 'make dist' when creating release archives. Loic successfully made 'make rpms' automatically build RPMs! Loic Dachary (6 January 2001) - Automated generation of rpm packages, no need to be root. - make distcheck generates a proper distribution (EXTRA_DIST in all Makefile.am modified to match FILES). Daniel (5 January 2001) - Huge client-side hack: now multiple URLs are supported. Any number of URLs can be specified on the command line, and they'll all be downloaded. There must be a corresponding -o or -O for each URL or the data will be written to stdout. This needs more testing, time to release a 7.6-pre package. - The krb4 support was broken in the release. Fixed now. - Huge internal symbol rename operation. All non-static but still lib-internal symbols should now be prefixed with 'Curl_' to prevent collisions with other libs. All public symbols should be prefixed with 'curl_' and the rest should be static and thus invisible to the outside world. I updated the INTERNALS document to say this as well. Version 7.5.2 Daniel (4 January 2001) - As Kevin P Roth suggested, I've added text to the man page for every command line option and what happens when you specify that option more than once. That hasn't been exactly crystal clear before. - Made the configure script possible to run from outside the source-tree. For odd reasons I can't build curl properly outside though. It has to do with curl's dependencies on libcurl... - Cut off all older (dated 1999 and earlier) CHANGES entries from this file. The older piece is named CHANGES.0 and is added to the CVS repository in case anyone would need it. - I added another file 'CVS-INFO' to the CVS. It contains information about files in the CVS that aren't included in release archives and how to build curl when you get the sources off CVS. - Updated CONTRIBUTE and FAQ due to the new license. Daniel (3 January 2001) - Renamed README.libcurl to LIBCURL - Changed headers in all sources files to the new dual license concept of curl: use the MIT/X derivate license *or* MPL. The LEGAL file was updated accordingly and the MPL 1.1 and MIT/X derivate licenses are now part of the release archive. Daniel (30 December 2000) - Made all FTP commands get sent with the trailing CRLF in one single write() as splitting them up seems to confuse at least some firewalls (FW-1 being one major). Daniel (19 December 2000) - Added file desrciptor and FILE handle leak detection to the memdebug system and thus I found and removed a file descriptor leakage in the ftp parts that happened when you did PORTed downloads. - Added an include in since it uses FILE *. Daniel (12 December 2000) - Multiple URL downloads with -O was still bugging. Not anymore I think or hope, or at least I've tried... :-O - Francois Petitjean fixed another -O problem Version 7.5.1 Daniel (11 December 2000) - Cleaned up a few of the makefiles to use unix-style newlines only. As Kevin P Roth found out, at least one CVS client behaved wrongly when it found different newline conventions within the same file. - Albert Chin-A-Young corrected the LDFLAGS use in the configure script for the SSL stuff. Daniel (6 December 2000) - Massimo Squillace correctly described how libcurl could use session ids when doing SSL connections. - James Griffiths found out that curl would crash if the file you specify with -o is shorter than the URL! This took some hours to fully hunt down, but it is fixed now. Daniel (5 December 2000) - Jaepil Kim sent us makefiles that build curl using the free windows borland compiler. The root makefile now accepts 'make borland' to build curl with that compiler. - Stefan Radman pointed out that the test makefiles didn't use the PERL variable that the configure scripts figure out. Actually, you still need perl in the path for the test suite to run ok. - Rich Gray found numerous portability problems: * The SCO compiler got an error on the getpass_r() prototype in getpass.h since the curl one differed from the SCO one * The HPUX compiler got an error because of how curl did the sigaction stuff and used a define HPUX doesn't have (or need). * A few more problems remain to be researched. - Paul Harrington experienced a core dump using https. Not much details yet. Daniel (4 December 2000) - Jörn Hartroth fixed a problem with multiple URLs and -o/-O. Version 7.5 Daniel (1 December 2000) - Craig Davison gave us his updates on the VC++ makefiles, so now curl should build fine with the Microsoft compiler on windows too. - Fixed the libcurl versioning so that we don't ruin old programs when releasing new shared library interfaces. Daniel (30 November 2000) - Renamed docs/README.curl to docs/MANUAL to better reflect what the document actually contains. Daniel (29 November 2000) - I removed a bunch of '#if 0' sections from the code. They only make things harder to follow. After all, we do have all older versions in the CVS. Version 7.5-pre5 Daniel (28 November 2000) - I filled in more error codes in the man page error code list that had been lagging. - James Griffiths mailed me a fine patch that introduces the CURLOPT_MAXREDIRS libcurl option. When used, it'll prevent location following more than the set number of times. It is useful to break out of endless redirect-loops. Daniel (27 November 2000) - Added two test cases for file://. Daniel (22 November 2000) - Added the libcurl CURLOPT_FILETIME setopt, when set it tries to get the modified time of the remote document. This is a special option since it involves an extra set of commands on FTP servers. (Using the MDTM command which is not in the RFC959) curl_easy_getinfo() got a corresponding CURLINFO_FILETIME to get the time after a transfer. It'll return a zero if CURLOPT_FILETIME wasn't used or if the time wasn't possible to get. --head/-I used on a FTP server will now present a 'Last-Modified:' header if curl could get the time of the specified file. - Added the option '--cacert [file]' to curl, which allows a specified PEM file to be used to verify the peer's certificate when doing HTTPS connections. This has been requested, rather recently by Hulka Bohuslav but others have asked for it before as well. Daniel (21 November 2000) - Numerous fixes the test suite has brought into the daylight: * curl_unescape() could return a too long string * on ftp transfer failures, there could be memory leaks * ftp CWD could use bad directory names * memdebug now uses the mprintf() routines for better portability * free(NULL) removed when doing resumed transfers - Added a bunch of test cases for FTP. - General cleanups to make less warnings with gcc -Wall -pedantic. - I made the tests/ftpserver.pl work with the most commonly used ftp operations. PORT, PASV, RETR, STOR, LIST, SIZE, USER, PASS all work now. Now all I have to do is integrate the ftp server doings in the runtests.pl script so that ftp tests can be run the same way http tests already run. Daniel (20 November 2000) - Made libcurl capable of dealing with any-length URLs. The former limit of 4096 bytes was a bit annoying when people wanted to use curl to really make life tough on a web server. Now, the command line limit is the most annoying but that can be circumvented by using a config file. NOTE: there is still a 4096-byte limit on URLs extracted from Location: headers. - Corrected the spelling of 'resolve' in two error messages. - Alexander Kourakos posted a bug report and a patch that corrected it! It turned out that lynx and wget support lowercase environment variable names where curl only looked for the uppercase versions. Now curl will use the lowercase versions if they exist, but if they don't, it'll use the uppercase versions. Daniel (17 November 2000) - curl_formfree() was added. How come no one missed that one before? I ran the test suite with the malloc debug enabled and got lots of "nice" warnings on memory leaks. The most serious one was this. There were also leaks in the cookie handling, and a few errors when curl failed to connect and similar things. More tests cases were added to cover up and to verify that these problems have been removed. - Mucho updated config file parser (I'm dead tired of all the bug reports and weird behaviour I get on the former one). It works slightly differently now, although I doubt many people will notice the differences. The main difference being that if you use options that require parameters, they must both be specified on the same line. With this new parser, you can also specify long options without '--' and you may separate options and parameters with : or =. It makes a config file line could look like: user-agent = "foobar and something" Parameters within quotes may contain spaces. Without quotes, they're expected to be a single non-space word. Had to patch the command line argument parser a little to make this work. - Added --url as an option to allow the URL to be specified this way. It makes way nicer config files. The previous way of specifying URLs in the config file doesn't work anymore. Daniel (15 November 2000) - Using certain characters in usernames or passwords for HTTP authentication failed. This was due to the mprintf() that had a silly check for letters, and if they weren't isprint() they weren't outputed "as-is". This caused passwords and usernames using '§' (for example) to fail. Version 7.4.2 Daniel (15 November 2000) - 'tests/runtests.pl' now sorts the test cases properly when 'all' is used. Daniel (14 November 2000) - I fell over the draft-ietf-ftpext-mlst-12.txt Internet Draft titled "Extensions to FTP" that contains a defined way how the ftp command SIZE could be assumed to work. - Laurent Papier posted a bug report about using "-C -" and FTP uploading a file that isn't prsent on the server. The server might then return a 550 and curl will fail. Should it instead as Laurent Papier suggests, start uploading from the beginning as a normal upload? Daniel (13 November 2000) - Fixed a crash with the followlocation counter. - While writing test cases for the test suite, I discovered an old limitation that prevented -o and -T to be used at the same time. I removed this immediately as this has no relevance in the current libcurl. - Chris Faherty fixed a free-twice problem in lib/file.c - I fixed the perl http server problem in the test suite. Version 7.4.2 pre4 Daniel (10 November 2000) - I've (finally) started working on the curl test suite. It is in the new tests/ directory. It requires sh and perl. There's a TCP server in perl and most of the other stuff running a pretty simple shell script. I've only made four test cases so far, but it proves the system can work. - Laurent Papier noticed that curl didn't set TYPE when doing --head checks for sizes on FTP servers. Some servers seem to return different sizes depending on whether ASCII or BINARY is used! - Laurent Papier detected that if you appended a FTP upload and everything was already uploaded, curl would hang. - Angus Mackay's getpass_r() in lib/getpass.c is now compliant with the getpass_r() function it seems some systems actually have. - Venkataramana Mokkapati detected a bug in the cookie parser and corrected it. If the cookie was set for the full host name (domain=full.host.com), the cookie was never sent back because of a faulty length comparison between the set domain length and the current host name. Daniel (9 November 2000) - Added a configure check for gethostbyname in -lsocket (OS/2 seems to need it). Added a check for RSAglue/rsaref for the cases where libcrypto is found but libssl isn't. I haven't verified this fix yet though, as I have no system that requires those libs to build. Version 7.4.2 pre3 Daniel (7 November 2000) - Removed perror() outputs from getpass.c. Angus Mackay also agreed to a slightly modified license of the getpass.c file as the prototype was changed. Daniel (6 November 2000) - Added possibility to set a password callback to use instead of the built-in. They're controled with curl_easy_setopt() of course, the tags are CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. - Used T. Bharath's thinking and fixed the timers that showed terribly wrong times when location: headers were followed. - Emmanuel Tychon discovered that curl didn't really like user names only in the URL. I corrected this and I also fixed the since long living problem with URL encoded user names and passwords in the URLs. They should work now. Daniel (2 November 2000) - When I added --interface, the new error code that was added with it was inserted in the wrong place and thus all error codes from 35 and upwards got increased one step. This is now corrected, we're back at the previous numbers. All new exit codes should be added at the end. Daniel (1 November 2000) - Added a check for signal() in the configure script so that if sigaction() isn't present, we can use signal() instead. - I'm having a license discussion going on privately. The issue is yet again GPL-licensed programs that have problems with MPL. I am leaning towards making a kind of dual-license that will solve this once and for all... Daniel (31 October 2000) - Added the packages/ directory. I intend to let this contain some docs and templates on how to generate custom-format packages for various platforms. I've now removed the RPM related curl.spec files from the archive root. Daniel (30 October 2000) - T. Bharath brought a set of patches that bring new functionality to curl_easy_getinfo() and curl_easy_setopt(). Now you can request peer certificate verification with the *setopt() CURLOPT_SSL_VERIFYPEER option and then use the CURLOPT_CAINFO to set the certificate to verify the remote peer against. After an such an operation with a verification request, the *_getinfo() option CURLINFO_SSL_VERIFYRESULT will return information about whether the verification succeeded or not. Daniel (27 October 2000) - Georg Horn brought us a splendid patch that solves the long-standing annoying problem with timeouts that made curl exit with silly exit codes (which as been commented out lately). This solution is sigaction() based and of course then only works for unixes (and only those unixes that actually have the sigaction() function). Daniel (26 October 2000) - Björn Stenberg supplied a patch that fixed the flaw mentioned by Kevin Roth that made the password get echoed when prompted for interactively. The getpass() function (now known as my_getpass()) was also fixed to not use any static buffers. This also means we cannot use the "standard" getpass() function even for those systems that have it, since it isn't thread-safe. - Kevin Roth found out that if you'd write a config file with '-v url', the url would not be used as "default URL" as documented, although if you wrote it 'url -v' it worked! This has been corrected now. - Kevin Roth's idea of using multiple -d options on the same command line was just brilliant, and I couldn't really think of any reason why we shouldn't support it! The append function always append '&' and then the new -d chunk. This enables constructs like the following: curl -d name=daniel -d age=unknown foobarsite.com Daniel (24 October 2000) - I fixed the lib/memdebug.c source so that it compiles on Linux and other systems. It will be useful one day when someone else but me wants to run the memory debugging system. Daniel (23 October 2000) - I modified the maketgz and configure scripts, so that the configure script will fetch the version number from the include/curl/curl.h header files, and then the maketgz doesn't have to rebuild the configure script when I build release-archives. - Björn Stenberg and Linus Nielsen correctly pointed out that curl was silly enough to not allow @-letters in passwords when they were specified with the -u or -U flags (CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD). This also suggests that curl probably should url-decode the password piece of an URL so that you could pass an encoded @-letter there... Daniel (20 October 2000) - Yet another http server barfed on curl's request that include the port number in the Host: header always. I now only include the port number if it isn't the default (80 for HTTP, 443 for HTTPS). www.perl.com turned out to run one of those nasty servers. - The PHP4 module for curl had problems with referer that seems to have been corrected just yesterday. (Sterling Hughes of the PHP team confirmed this) Daniel (17 October 2000) - Vladimir Oblomov reported that the -Y and -y options didn't work. They didn't work for me either. This once again proves we should have that test suite... - I finally changed the error message libcurl returns if you try a https:// URL when the library wasn't build with SSL enabled. It will now return this error: "libcurl was built with SSL disabled, https: not supported!" I really hope it will make it a bit clearer to users where the actual problem lies. Version 7.4.1 Daniel (16 October 2000) - I forgot to remove some of the malloc debug defines from the makefiles in the release archive (of course). Version 7.4 Daniel (16 October 2000) - The buffer overflow mentioned below was posted to bugtraq on Friday 13th. Daniel (12 October 2000) - Colin Robert Phipps elegantly corrected a buffer overflow. It could be used by an evil ftp server to crash curl. I took the opportunity of replacing a few other sprintf()s into snprintf()s as well. Daniel (11 October 2000) - Found some more memory leaks. This new simple memory debugger has turned out really useful! Version 7.4 pre6 Daniel (9 October 2000) - Florian Koenig pointed out that the bool typedef in the curl/curl.h include file was breaking PHP 4.0.3 compiling. The bool typedef is not used in the public interface and was wrongly inserted in that header file. - Jörg Hartroth corrected a minor memory leak in the src/urlglob.c stuff. It didn't harm anyone since the memory is free()ed on exit anyway. - Corrected the src/main.c. We use the _MPRINTF_REPLACE #define to use our libcurl-printf() functions. This gives us snprintf() et al on all platforms. I converted the allocated useragent string to one that uses a local buffer. - I've set an #if 0 section around the Content-Transfer-Encoding header generated in lib/formdata.c. This will hopefully make curl do more PHP-friendly multi-part posts. Version 7.4 pre5 Daniel (9 October 2000) - Nico Baggus found out that curl's ability to force a ASCII download when using FTP was no longer working! I corrected this. This problem was probably introduced when I redesigned libcurl for version 7. - Georg Horn provided a source example that proved a memory leak in libcurl. I added simple memory debugging facilities and now we can make libcurl log all memory fiddling functions. An additional perl script is used to analyze the output logfile and to match malloc()s with free()s etc. The memory leak Georg found turned out to be the main cookie struct that cookie_cleanup() didn't free! The perl script is named memanalyze.pl and it is available in the CVS respository, not in the release archive. Daniel (8 October 2000) - Georg Horn found a GetHost() problem. It turned out it never assigned the pointer in the third argument properly! This could make a crash, or at best a memory leak! Version 7.4 pre4 Daniel (6 October 2000) - Is the -F post following the RFC 1867 spec? We had this dicussion on the mailing list since it appears curl can't post -F form posts to a PHP receiver... I've been in touch with the PHP developers about this. - Domenico Andreoli found out that the long option '--proxy' wasn't working anymore! The option parser got confused when I added the --proxytunnel for 7.3. This was indeed a very old flaw that hasn't turned up until now... - Jörn Hartroth provided patches, updated makefiles and two new files for DLL stuff on win32. He also pointed out that lib source files were compiled with -I../src which isn't only wrong but plain stupid! - Troels Walsted Hansen fixed a problem with HTTP resume. Curl previously used a local variable badly, that could lead to crashes. Version 7.4 pre3 Daniel (4 October 2000) - More docs written. The curl_easy_getinfo.3 man page is now pretty accurate, as is the -w section in curl.1. I added two options to enable the user to get information about the received headers' size and the size of the HTTP request. T. Bharath requested them. Daniel (3 October 2000) - Corrected a sever free() before use in the new add_buffer_send()! ;-) Version 7.4 pre2 Daniel (3 October 2000) - Jason S. Priebe sent me patches that changed the way curl issues HTTP requests. The entire request is now issued in one single shot. It didn't do this previously, and it has turned out that since the common browsers do it this way, some sites have turned out to work with browsers but not with curl! Although this is not a client-side problem, we want to be able to fully emulate browsers, and thus we have now adjusted the networking layer to slightly more appear as a browser. I adjusted Jason's patch, the faults are probably mine. Daniel (2 October 2000) - Anyone who ever uploaded data with curl on a slow link has noticed that the progess meter is updated very infrequently. That is due to the large buffer size curl is using. It reads 50Kb and sends it, updates the progress meter and loops. 50Kb is very much on a slow link, although it is pretty neat to use on a fast one. I've now made an adjustment that makes curl use a 2Kb buffer for uploads to start with. If curl's average upload speed is faster than buffer size bytes per second, curl will increase the used buffer size up to max 50Kb. It should make the progress meter work better. Version 7.4 pre1 Daniel (29 September 2000) - Ripped out the -w stuff from the library and put in the curl tool. It gets all the relevant info from the library using the new curl_easy_getinfo() function. - brad at openbsd.org mailed me a patch that corrected my kerberos mistake and removed a compiler warning from hostip.c that OpenBSD people get. Daniel (28 September 2000) - Of course (I should probably get punished somehow) I didn't properly correct the #include lines for the base64 stuff in the kerberos sources in the just released 7.3 package. They still include the *_krb.h files! Now, the error is sooo very easy to spot and fix so I won't bother with a quick bug fix release. I'll post a patch whenever one is needed instead. It'll be available in the CVS in a few minutes anyway. Version 7.3 Daniel (28 September 2000) - Removed the base64_krb.[ch] files. They've now replaced the former base64.[ch] files. Daniel (26 September 2000) - Updated some docs. - I changed the OpenSSL fix to work with older versions as well. The posted patch was only working with 0.9.6 and no older ones. Version 7.3-pre8 Daniel (25 September 2000) - Erdmut Pfeifer informed us that curl didn't build with OpenSSL 0.9.6 and showed us what needed to get patched in order to make it build properly again. - Dirk Kruschewski found a bug in the cookie parser. I made an alternative approach to the solution Dirk himself suggested. The bug made a cookie header that didn't end with a trailing semicolon to not get parsed. - I've marked -c and -t deprecated now. If you use any of them, curl will tell you to use "-C -" or "-T -" instead. I don't think occupying two letters for nearly identical functions is good use. Also, -T - kind of follows the curl tradition of using - for stdin where a file name is expected. Daniel (23 September 2000) - Martin Hedenfalk provided the patch that finally made the krb4 ftp upload work! Daniel (21 September 2000) - The kerberos code is not quite thread-safe yet. There are a few more globals that need to be take care of. Let's get the upload working first! Daniel (20 September 2000) - Richard Prescott solved another name lookup buffer size problem. I took this opportunity to rewrite the GetHost() function. With these large buffer sizes, I think keeping them as local arrays quickly turn ugly. I now use malloc() to get the buffer memory. Thanks to this, I now can realloc() to a large buffer in case of demand (errno == ERANGE) in case a solution like that would become necessary. I still want to avoid that kind of nastiness. - Tried to compile and run curl on Linux for alpha and FreeBSD for alpha. Went as smooth as it could. - Added a docs/examples directory with two tiny example sources that show how to use libcurl. I hope users will supply me with more useful examples further on. - Applied a patch by Jörn Hartroth to no longer use the word 'inteface' in the config struct in the src/main.c file since certain compilers have that word "reservered". I figure that is some kind of C++ decease. - Updated the curl.1 man page with --interface and --krb4. - Modified the base64Encode() function to work like the kerberos one, so that I could remove the use of that. There is no need for *two* base64 encoding functions! ;-) Version 7.3pre5 Daniel (19 September 2000) - The kerberos4-layer source code that is much "influenced" by the original krb4 source code, through yafc into curl, was using quite a lot of global variables. libcurl can't work properly with globals like that why I had to clean up almost every function in the new security.c to make them use connection specific variables instead of the globals. I just hope I didn't destroy anything now... :-) configure updated, version string now reflects krb4 built-in. It almost works now. Only uploads are still being naughty. Version 7.3pre3 Daniel (18 September 2000) - Martin Hedenfalk supplied a major patch that introduces krb4-ftp support to curl. Martin is the primary author of the ftp client named yafc and he did not hesitate to help us implement this when I asked him. Many and sincere thanks to a splendid effort. It didn't even take many hours! - Stephen Kick supplied a big patch that introduces the --interface flag to the curl tool and CURLOPT_INTERFACE for libcurl. It allows you to specify an outgoing interface to use for your request. This may not work on all platforms. This needs testing. - Richard Prescott noticed that curl on Tru64 unix could core dumped if the name didn't resolve properly. This was due to the GetHost() function not returning an error even though it failed on some platforms! Daniel (15 September 2000) - Updated all sorts of documents in regards to the new proxytunnel support. Version 7.3pre2 Daniel (15 September 2000) - Kai-Uwe Rommel pointed out a problem in the httpproxytunnel stuff for ftp. Adjusted it. Added better info message when setting up the tunnel and the pasv message when doing the second connect. Version 7.3pre1 Daniel (15 September 2000) - libcurl now allows "httpproxytunnel" to an arbitrary host and port name. The second connection on ftp needed that. - TheArtOfHTTPScripting was corrected all over. I both type and spell really bad at times! Daniel (14 September 2000) - -p/--proxytunnel was added to 'curl'. It uses the new CURLOPT_HTTPPROXYTUNNEL libcurl option that allows "any" protocol to tunnel through the specified http proxy. At the moment, this should work with ftp. Daniel (13 September 2000) - Jochen Schaeuble found that file:// didn't work as expected. Corrected this and mailed the patch to the mailing list. Daniel (7 September 2000) - I changed the #define T() in curl.h since it turned out it wasn't really a good symbol to use (when you compiled PHP with curl as a module, that define collided with some IMAP define or something). This was posted to the PHP bug tracker. - I added extern "C" stuff in two header files to better allow libcurl usage in C++ sorces. Discussions on the libcurl list with Danny Horswell lead to this. Version 7.2.1 Daniel (31 August 2000) - Albert Chin-A-Young fixed the configure script *again* and now it seems to detect Linux name resolving properly! (heard that before?) - Troels Walsted Hansen pointed out that downloading a file containing the letter '+' from an ftp server didn't work. It did work from HTTP though and the reason was my lame URL decoder. - I happened to notice that -I didn't at all work on ftp anymore. I corrected that. Version 7.2 Daniel (30 August 2000) - Understanding AIX is a hard task. I believe I'll never figure out why they solve things so differently from the other unixes. Now, I'm left with the AIX 4.3 run-time warnings about duplicate symbols that according to this article (http://www.geocrawler.com/archives/3/405/1999/9/0/2593428/) is a libtool flaw. I tried the mentioned patch, although that stops the linking completely. So, if I select to ignore the ld warnings there are compiler warnings that fill the screen pretty bad when curl compiles. It turns out that if I want to '#include ', I can get tid of the warnings by include the following three include files before that one: #include #include #include Now, is it really sane to add those include files before arpa/inet.h in all the source files that include it? Thanks to Albert Chin-A-Young at thewrittenword.com who gave me the AIX login to try everything on. Daniel (24 August 2000) - Jan Schmidt supplied us a new VC6 makefile for Windows as the previous one was not up to date but lacked several object files. - More work on the naming. - Albert Chin-A-Young provided a configure-check for large file support, as some systems seem to need that for them to work. Had to change the position for the config.h include file in every .c file in the libcurl dir... - As suggested on the mailing list (by Troy Engel), I did use a --data-binary option instead of the messy way I've left described below. It seems to work. The libcurl fix remained the same as yesterday. Daniel (23 August 2000) - Back on the -d stripping newlines thing. The 'plain post' thing was added when I had no thought of that one could actually post binary data with it. Now, I have to add this functionality in a graceful manner and I think I've managed to come up with a way: '-d @file;binary' will thus post the file binary, exactly as its contents are. It is implemented with a new *setopt() option (CURLOPT_POSTFIELDSIZE) to set the postfield size, since libcurl can't strlen() the data in these cases. - Albert Chin-A-Young made some very serious efforts and all the name resolving problems seem to have been sorted out now on all the platforms that previously showed them. I'll make another release now anyday because of this. - The FAQ was much enhanced when it comes to the licensing issues thanks to Bjorn Reese. Daniel (21 August 2000) - Rick Welykochy pointed out a problem when you use -d to post and you want to keep the newlines, as curl strips them off as a bonus before posting... This needs to be addressed. Version 7.1.1 Daniel (21 August 2000) - Got more people involved in the gethostbyname_r() mess. Caolan McNamara sent me configure-code that turned out to be very similar to my existing tests which only make me more sure I'm on the right path. I changed the order of the tests slightly, as it seems that some compilers don't yell error if a function is used with too many parameters. Thus, the first tested function will seem ok... Let's hope more compilers think of too-few parameters as bad manners, as we're now trying the functions in that order; fewer first. I should also add that Lars Hecking mailed me and volunteered to run tests on a few odd systems. Coalan is keeping his work over at http://www.csn.ul.ie/~caolan/publink/gethostbyname_r/. Might be handy in the future as well. Daniel (18 August 2000) - I noticed I hadn't increased the name lookup buffer in lib/ftp.c. I don't think this is the reason for the continued trouble though. Daniel (17 August 2000) - Fred Noz corrected my stupid mistakes in the gethostbyname_r() fluff. It should affect some AIX, Digital Unix and HPUX 10 systems. Daniel (15 August 2000) - Mathieu Legare compiled and build 7.1 without errors on both AIX 4.2 as well as AIX 4.3. Now why did problems occur before? - Fred Noz reported a -w/--write-out bug that caused it to malfunction when used combined with multiple URL retrievales. All but the first display got screwed up! Daniel (11 August 2000) - Jason Priebe and an anonymous friend found some host names the Linux version of curl could not resolve. It turned out the buffer used to retrieve that information was too small. Fixed. One could argue about the usefulness of not having the slightest trace of a man page for gethostbyname_r() on my Linux Redhat installation... Daniel (10 August 2000) - Balaji S Rao was first in line to note the missing possibility to replace the Content-Type: and Content-Length: headers when doing -d posts. I added the possibility just now. It seems some people wants to do standard posts using custom Content-Types. Daniel (8 August 2000) - Mike Dowell correctly discovered that curl did not approve of URLs with no user name but password. As in 'http://:foo@haxx.se'. I corrected this. Version 7.1 Daniel (7 August 2000) - My AIX 4 fix does not work. I need help from a AIX 4 hacker. - I added my new document in the docs directory. It is aimed to become a sort of tutorial on how to do HTTP scripting with curl. Daniel (4 August 2000) - Working with Rich Gray on compiling curl for lots of different platforms. My fix for AIX 3.2 was not good enough and was slightly changed, I had to move an include file before another, as is now described in the source. AIX 4.2 (4.X?) has different gethostbyname_r() and gethostbyaddr_r() functions that the configure script didn't check for and thus the compile broke with an error. I have now changed the gethostbyname_r() check in the configure file to support all three versions of both these functions. My implementation that uses the AIX-style is though not yet verified and I may get problems to fix it if it turns out to bug since I don't have access to any system using that. For problems like that, I made the configure script allow --disable-thread to completely switch off the check for threadsafe versions of a few functions and thus go with the "good old versions" that tend to work although will break thread-safeness for libcurl. Most people won't use libcurl for other things than curl though, and curl doesn't need a thread-safe lib. - Working on my big tutorial about HTTP scripting with curl. Daniel (1 August 2000) - Rich Gray spotted a problem in src/setup.h caused by a #define strequal() that was just a left-over from passed times. The strequal() is now a true function supplied by libcurl for a portable case insensitive string comparison. I added the prototypes in include/curl.h and removed the now obsolete #define. - Igor Khristophorov made a fix to allow resumed download from Sun's JavaWebServer/1.1.1. It seems that their server sends bad Content-Range headers. - The makefiles forced a static library build, which is bad since we now use libtool and thus have excellent shared library support! Albert Chin-A-Young found out. Version 7.0.11beta Daniel (1 August 2000) - Albert Chin-A-Young pointed out that 'make install' did not properly create the header include directory, why it failed to install the header files as it should. Automake isn't really equipped to deal with subdirectories without Makefiles in any nice way. I had to run ahead and add Makefiles in both include and include/curl before I managed to create a top-level makefile that succeeds in install everything properly! - Ok, no more "features" added now. Let's just verify that there's no major flaws added now. Daniel (31 July 2000) - Both Jeff Schasny and Ketil Froyn asked me how to tell curl not to send one of those internally generated headers. They didn't settle with the blank ones you could tell curl to use. I rewrote the header-replace stuff a little. Now, if you replace an internal header with your own and that new one is a blank header you will only remove the internal one and not get any blank. I couldn't figure out any case when you want that blank header. Daniel (29 July 2000) - It struck me that the lib used localtime() which is not thread-safe, so now I use localtime_r() in the systems that has it. - I went through this entire document and removed all email addresses and left names only. I've really made an effort to always note who brought be bug reports or fixes, but more and more people ask me to remove the email addresses since they become victims for spams this way. Gordon Beaton got me working on this. Daniel (27 July 2000) - Jörn Hartroth found out that when you specified a HTTP proxy in an environment variable and used -L, curl failed in the second fetch. I corrected this problem and posted a patch to the list. No need for an extra beta release just for this. Version 7.0.10beta Daniel (27 July 2000) - So, libtool replaced two of my files with symbolic links and I forgot to add the two new libtool files to the release archive (and they were added as symlinks as well!) This of course lead to that the configure script failed on 7.0.9... Version 7.0.9beta Daniel (25 July 2000) - Kristian Köhntopp brought a fix that makes libcurl libtoolified, just as we've wanted for a while now. He also made the recently added man pages get installed properly on 'make install' and some other nice cleanups. - In a discussion with Eetu Ojanen it struck me that if we use curl to get a page using a password, and that page then sends a Location: to another server that curl follows, curl will send the user name and password to that server as well. Now, I'll never be able to make curl do Location: following all that perfect and you're all sooner or later required to write a script to do several fetches when you're doing advanced stuff, but now I've modified curl to at least *only* send the user name and password to the original server. Which means that if get a page from server A with a password, that forwards curl to server B, curl won't use the password there. If server B then forwards curl back to server A again, the password will be used again. This is not a perfect implementation, as in a browser case it would only use the password if the left-prefix of the first path is the same. I just think that this fix prevents a somewhat lurky "security hole". As a side-note in this subject: HTTP passwords are sent in cleartext and will never be considered to be safe or secure. Use HTTPS for that. - As discussed on the mailing list, I converted the FTP response reading function into using select() which then allows timeouts (even under win32!) if the command-reply session gets too slow or dies completely. I made a default timeout on 3600 seconds unless anything else is specified, since I don't think anyone wants to wait more than that for a single character to get received... - Torsten Foertsch brought a set of fixes for the rfc1867 form posts. He introduced 'name=, when transferring files to/from FTP using type ASCII curl should not expect the transfer to be the exact size reported by the server as the file size. Since ASCII may very well mean that the content is translated while transfered, the final size may very well differ. Therefor, curl now ignores the file size when doing ASCII transfers in FTP. Daniel (24 July 2000) - Added CURLOPT_PROXYPORT to the curl_easy_setopt() call to allow the proxy port number to be set separately from the proxy host name. - Andrew pointed out a netrc manual bug. - The FTP transfer code now accepts a 250-code as well as the previously accepted 226, after a successful file transfer. Mohan pointed this out. - The check for *both* nsl and socket was never added in the v7 configure.in when I moved the main branch. I re-added that check to configure.in. This was discovered by Rich Gray. - Howard, Blaise pointed out a missing free() in curl_disconnect() which of course meant libcurl ate memory. - Brian E. Gallew noted that the HTTP 'Host:' header curl sent did not properly include the port number if non-default ports were used. This should now have been fixed. - HTTP connect errors now return errors earlier. This was most notably causing problems when the HTTPS certificate had problems and later caused a crash. Many thanks to Gregory Nicholls for discovering and suggesting a fix... Daniel (21 June 2000) - After a "bug report" I received where the user was using both -F and -I in a HTTP request (it severly confused the library I should add), I added some checks to src/main.c that prevents setting more than one HTTP request command, no matter what the user wants! ;-) Version 7.0.8beta Daniel (20 June 2000) - I did a major replace in many files to use the new curl domain haxx.se instead of the previous one. - As Eetu Ojanen suggested, I finally took the step and now libcurl no longer makes a POST after it has followed a location. When the initial POST has been done, it'll turned into a GET for the further requests. This is only interesting when using -L/--location *and* doing a POST at the same time. While messing with this, I added another weird feature I call 'auto referer'. If you append ';auto' to the right of a given referer string (or only use that string as referer), libcurl will automatically set the previoud URL as refered when it follows a Location: and gets a succeeding document. - My hero Rich Gray found the very obscure FTP bug that happened to him only when passing through a particular firewall and using the PORT command. It turned out that PORT was the only command in the lib/ftp.c source that didn't send a proper \r\n sequence but instead used the faulty \n which as it seemed is supported by most major ftp servers... :-O Version 7.0.7beta Daniel (16 June 2000) - I had avoided this long enough now, so I moved the alternative progress bar stuff from the lib and added it to the client code. This is now using the recently added progress callback and it seems to work pretty much like before. Since it is only one progress bar and you and download and upload at the same time, this bar shows the combined progress of both directions. This code was just ported from the old place to this, Lars is still our saviour! ;-) This also made the documentation more accurate since I never removed this function from any docs! Although I now removed the CURLOPT_PROGRESSMODE from the library since the lib has only one internal progress meter and it will never get another. It is although likely that the internal one also will be moved to the client code in the future (when I have other means of getting the writeout data and move that too to the client). - I took the opportunity to verify that standard progress meter works and I found out it didn't get inited properly. Grrr. I corrected that as well. Daniel (15 June 2000) - I thought I'd better verify that the -F option still works in v7 and of course it didn't... :-/ Anyway, I had the problems I could discover corrected. About one month of beta testing and not a single person has used this feature with v7? - Björn correctly pointed out that the --progress-bar still doesn't work in v7. Hm. Daniel (14 June 2000) - Tim Tassonis discovered that curl 7 didn't handle normal http POST as it should. I corrected this. Version 7.0.6beta Daniel (14 June 2000) - Björn Stenberg pointed out several problems (related to win32 compiling): lib/strequal.c had a bad #ifdef for one of the string comparisons (win32) src/main.c had several minor problems lib/makefile.m32 had getpass.[co] twice src/config-win32.h lacked the HAVE_FCNTL_H define both config-win32.h files now only set the HAVE_UNISTD_H define if the define MINGW32 is set, and I modified src/makefile.m32 and lib/makefile.m32 to set it. Version 7.0.5beta Daniel (14 June 2000) - Applied Luong Dinh Dung's comments about a few win32 compile problems. - Applied Björn Stenberg's suggested fix that turns the win32 stdout to binary. It won't do it if the -B / --use-ascii option is used. That option is now an extended version of the previous -B /--ftp--ascii. The flag was already in use be the ldap as well so the new name fits pretty good. The libcyrl CURLOPT_TRANSFERTEXT was also introduced as an alias to the now obsolete CURLOPT_FTPASCII. Can't verify this fix myself as I have no win32 compiler around. Daniel (13 June 2000) - Luong Dinh Dung found a problem in curl_easy_cleanup() since it free()ed the main curl struct *twice*. This is now corrected. Daniel (9 June 2000) - Updated the RESOURCES file, added a README.win32 file. Daniel (8 June 2000) - So I finally added the progress callback to the *setopt() options and it should work now. I don't have the energy to write any test program for it right now. - Made the callback function typedefs public in curl/curl.h for comfort. Just in case anyone wanna fiddle with such pointers. - Updated the curl_easy_setopt() man page accordingly. Version 7.0.4beta Daniel (2 June 2000) - I noticed that when doing Location: following, we lost custom headers in all but the first request. - Removed the 'HttpPost' struct and moved the header stuff to the more generic curl_slist. - Added some better slist-cleanups in src/main.c Version 7.0.3beta Daniel (31 May 2000) - So I discovered that I released the 7.0.2beta without it being able to compile under Linux. gethostbyname_r() and gethostbyaddr_r() turned out to feature a different amount of arguments on different systems so I had to add a configure check for this and adjust the code slightly. Version 7.0.2beta Daniel (29 May 2000) - Corrected the bits.* assignments when using CURLOPT options that only toggles one of those bits. - Applied the huge patches from David LeBlanc that add usage of the gethostbyname_r() and similar functions in case they're around, since that make libcurl much better threadsafe in many systems (such as solaris). I added the checks for these functions to the configure script. I can't explain why, but the inet_ntoa_r() function did not appear in my Solaris include files, I had to add my own include file for this for now. Daniel (22 May 2000) - Jörn Hartroth brought me fixes to make the win32 version compile properly as well as a rename of the 'interface' field in the urldata struct, as it seems to be reserved in some gcc versions! - Rich Gray struck back with yet some portability reports. Data General DG/UX needed a little fix in lib/ldap.c since it doesn't have RTLD_GLOBAL defined. More fixes are expected as a result of Richies very helpful work. Version 7.0.1beta Daniel (21 May 2000) - Updated lots of #defines, enums and variable type names in the library. No more weird URG or URLTAG prefixes. All types and names should be curl- prefixed to avoid name space clashes. The FLAGS-parameter to the former curl_urlget() has been converted into a bunch of flags to use in separate setopt calls. I'm still focusing on the easy-interface, as the curl tool is now using that. - Bjorn Reese has provided me with an asynchronous name resolver that I plan to use in upcoming versions of curl to be able to gracefully timeout name lookups. Version 7.0beta Daniel (18 May 2000) - Introduced LIBCURL_VERSION_NUM to the curl.h include file to better allow source codes to be dependent on the lib version. This define is now set to a dexadecimal number, with 8 bits each for major number, minor number and patch number. In other words, version 1.2.3 would make it 0x010203. It also makes a larger number a newer version. Daniel (17 May 2000) - Martin Kammerhofer correctly pointed out several flaws in the FTP range option. I corrected them. - Removed the win32 winsock init crap from the lib to the src/main.c file in the application instead. They can't be in the lib, especially not for multithreaded purposes. Daniel (16 May 2000) - Rewrote the src/main.c source to use the new easy-interface to libcurl 7. There is still more work to do, but the first step is now taken. is the include file to use. Daniel (14 May 2000) - FTP URLs are now treated slightly different, more according to RFC 1738. - FTP sessions are now performed differently, with CWD commands to change directory instead of RETR/STOR/LIST with the full path. Discussions with Rich Gray made me notice these problems. - Janne Johansson discovered and corrected a buffer overflow in the src/usrglob.c file. - I had to add a lib/strequal.c file for doing case insensitive string compares on all platforms. Daniel (8 May 2000): - Been working lots on the new lib. - Together with Rich Gray, I've tried to adjust the configure script to work better on the NCR MP-RAS Unix. Daniel (2 May 2000): - Albert Chin-A-Young pointed out that I had a few too many instructions in configure.in that didn't do any good. Daniel (24 April 2000): - Added a new paragraph to the FAQ about what to do when configure can't find OpenSSL even though it is installed. Supplied by Bob Allison Daniel (12 April 2000): - Started messing around big-time to convert the old library interface to a better one... Daniel (8 April 2000): - Made the progress bar look better for file sizes between 9999 kilobytes and 100 megabytes. They're now displayed XX.XM. - I also noticed that ftp fetches through HTTP proxies didn't add the user agent string. It does now. - Habibie supplied a pretty good way to build RPMs on a Linux machine. It still a) requires me to be root to do it, b) leaves the rpm packages laying at some odd place on my disk c) doesn't work to build the ssl version of curl since I didn't install openssl from an rpm package so now the rpm crap thinks I don't have openssl and refuses to build a package that depends on ssl... Did I mention I don't get along with RPM? - Once again I received a bug report about autoconf not setting -L prior to -l on the command line when checking for libs. In this case it made the native cc compiler on Solaris 7 to fail the OpenSSL check. This has previously been reported to cause problems on HP-UX and is a known flaw in autoconf 2.13. It is a pity there's no newer release around... Daniel (4 April 2000): - Marco G. Salvagno supplied me with two fixes that appearantly makes the OS/2 port work better with multiple URLs. Daniel (2 April 2000): - Another Location: fix. This time, when curl connected to a port and then followed a location with an absolute URL to another port, it misbehaved. Daniel (27 March 2000): - H. Daphne Luong pointed out that curl was wrongly messing up the proxy string when fetching a document through a http proxy, which screwed up multiple fetches such as in location: followings. Daniel (23 March 2000): - Marco G. Salvagno corrected my badly applied patch he actually already told me about! - H. Daphne Luong brought me a fix that now makes curl ignore select() errors in the download if errno is EINTR, which turns out to happen every now and then when using libcurl multi-threaded... Daniel (22 March 2000): - Wham Bang supplied a couple of win32 fixes. HAVE_UNAME was accidentally #defined in config-win32.h, which it shouldn't have been. The HAVE_UNISTD_H is not defined when compiling with the Makefile.vc6 makefile for MS VC++. Daniel (21 March 2000): - I removed the AC_PROG_INSTALL macro from configure.in, since it appears that one of the AM_* macros searches for a BSD compatible install already. Janne Johansson made me aware of this. Version 6.5.2 Daniel (21 March 2000): - Paul Harrington quickly pointed out to me that 6.5.1 crashes hard. I upload 6.5.2 now as quickly as possible! The problem was the -D adjustments in src/main.c. Version 6.5.1 Daniel (20 March 2000): - An anonymous post on sourceforge correctly pointed out a possible buffer overflow in the curl_unescape() function for URL conversions. The main problem with this bug is that the ftp download uses that function and this single- byte overflow could lead to very odd bugs (as one reported by Janne Johansson). Daniel (19 March 2000): - Marco G. Salvagno supplied me with a series of patches that now allows curl to get compiled on OS/2. It even includes a section in the INSTALL file. Very nice job! Daniel (17 March 2000): - Wham Bang supplied a patch for the lib/Makefile.vc6 file. We still need some fixes for the config-win32.h since it appears that VC++ and mingw32 have different opinions about (at least) unistd.h's existence. Daniel (15 March 2000): - I modified the -D/--dump-header workings so that it doesn't write anything to the file until it needs to. This way, you can actually use -b and -D on the same file if you want repeated invokes to store and read the cookies in that one single file. - Poked around in lots of texts. Added the BUGS file for bug reporting stuff. Added the classic HTTP POST question to the FAQ, removed some #ifdef WIN32 stuff from the sources (they're covered by the config-win32.h now). - Pascal Gaudette fixed a missing ldap.c problem in the Makefile.vc6 file. He also addressed a problem in src/config-win32.h. Daniel (14 March 2000): - Paul Harrington pointed out that the 'http_code' variable in the -w output was never written. I fixed it now. - Janne Johansson reported the complaints that OpenBSD does when getdate.c #includes malloc.h. It claims stdlib.h should be included instead. I added #ifdef HAVE_MALLOC_H code in getdate.y and two checks in the configure.in for malloc.h and stdlib.h. Version 6.5 Daniel (13 March 2000): - pointed out that the way curl sent cookies in a single line wasn't enjoyed by IIS4.0 servers. In my view, that is not what the standards say, but I added a white space between the name/value pairs to perhaps make them work better. - Added the perl check back in the configure.in again since the mkhelp.pl script needs it! - Made some beautifications in the curl man page. Daniel (3 March 2000): - Jörn helped me update the config-win32.h files with HAVE_SETVBUF and HAVE_STRDUP. Daniel (3 March 2000): - Uploaded the 6.5pre2 package. Daniel (2 March 2000): - Removed the perl-programs from the distribution, they never made many people happy and I'll still keep them available on the web. - Added the -w and -N stuff to the man page. Documented the new progress meter display in README.curl. - Jörn Hartroth, Chris and Ulf Möller from the openssl development team helped bringing me the details for fixing an OpenSSL usage flaw. It became apparent when they released openssl 0.9.5 since that barfed on curl's bad behavior (not seeding a random number thing). - Yet another option: -N/--no-buffer disables buffering in the output stream. Probably most useful for very slow transfers when you really want to get every byte curl receives within some preferred time. Andrew suggested this. - Damien Adant mailed me his fixes for making curl compile on Ultrix. Daniel (24 February 2000): - Applied Jörn Hartroth's fixes for config-win32.h and lib/Makefile.w32. I should also make a note here, if nothing else to myself, that when using the %-syntax for variables in DOS command prompts, you must use two %- letters for each one since that is an escape letter there! Maybe I should use another letter instead! - Added more variables to -w: 'http_code' 'time_namelookup' 'time_connect' 'time_pretransfer' 'url_effective' - Made -w@filename read the syntax from a file and -w@- reads the syntax from stdin in the good old "standard" curl way. Daniel (22 February 2000): - Released a 6.5pre1 version to get some test and user feedback. Daniel (21 February 2000): - I added the -w/--write-out flag and some variables to go with it. -w is a single string, whatever you enter there will be written out when curl has completed a successful request. There are some variable substitutions and they are specified as '%{variable}' (without the quotes). Variables that exist as of this moment are: total_time - total transfer time in seconds (with 2 decimals) size_download - total downloaded amount of bytes size_upload - total uploaded amount of bytes speed_download - the average speed of the entire download speed_upload - the average speed of the entire upload I will of course add more variables, but I need input on these and others. - It struck me that the -# progress bar will be hard to just apply on the new progress bar concept. I need some feedback on this before that'll get re- introduced! :-/ Daniel (16 February 2000): - Jörn Hartroth brought me some fixes for the progress meter and I continued working on it. It seems to work for http download, http post, ftp download and ftp upload. It should be a pretty good test it works generally good. - Still need to add the -# progress bar into the new style progress interface. - Gonna have a go at my new output option parameter next. Daniel (15 February 2000): - The progress meter stuff is slowly taking place. There's more left before it is working ok and everything is tested, but we're reaching there. Slowly! Daniel (11 February 2000): - Paul Marquis fixed the config file parsing of curl to deal with any-length lines, removing the previous limit of 4K. - Eetu Ojanen's suggestion of supporting the @-style for -b is implemented. Now -b@ works as well as the old style. -b@- also similarly reads the cookies from stdin. - Reminder: -D should not write to the file until it needs to, in the same way -o does. That would enable curl to use -b and -D on the same file... - Ellis Pritchard made getdate.y work for MacOS X. - Paul Harrington helped me out finding the crash in the cookie parser. He also pointed out curl's habit of sending empty cookies to the server. Daniel (8 February 2000): - Ron Zapp corrected a problem in src/urlglob.c that prevented curl from getting compiled on sunos 4. The problem had to do with the difference in sprintf() return code types. - Transfer() should now be able to download and upload simultaneously. Let's do some progress meter fixes later this week. Daniel (31 January 2000): - Paul Harrington found another core dump in the cookie parser. Curl doesn't properly recognize the 'version' keyword and I think that is what caused this. I need to refresh some specs on cookies and see what else curl lacks to improve this a bit more once and for all. RFC 2109 clearly specifies how cookies should be dealt with when they are compliant with that spec. I don't think many servers are though... - Mark W. Eichin found that while curl is uploading a form to a web site, it doesn't read incoming data why it'll hang after a while since the socket "pipe" becomes full. It took me two hours to rewrite Download() and Upload() into the new single function Transfer(). It even seems to work! More testing is required of course... I should get the header-sending together in a kind of queue and let them get "uploaded" in Transfer() as well. - Zhibiao Wu pointed out a curl bug in the location: area, although I did not get a reproducible way to do this why I have to wait with fixing anything. - Bob Schader suggested I should implement resume support for the HTTP PUT operation, and as I think it is a valid suggestion I'll work on it. Daniel (25 January 2000): - M Travis Obenhaus pointed out a manual mixup with -y and -Y that was corrected. - Jens Schleusener pointed out a problem to compile curl on AIX 4.1.4 and gave me a solution. This problem was already fixed by Jörn's recent #include modifications! Daniel (19 January 2000): - Oskar Liljeblad pointed out and corrected a problem in the Location: following system that made curl following a location: to a different protocol to fail. At January 31st I re-considered this fix and the surrounding source code. I could not really see that the patch did any difference, why I removed it again for further research and debugging. (It disabled location: following on server not running on default ports.) - Jörn Hartroth brought a fix that once again made it possible to select progress bar. - Jörn also fixed a few include problems. Version 6.4 Daniel (17 January 2000): - Based on suggestions from Björn Stenberg, I made the progress deal better with larger files and added a "Time" field which shows the time spent on the download so far. - I'm now using the CVS repository on sourceforge.net, which also allows web browsing. See http://curl.haxx.nu. Daniel (10 January 2000): - Renumbered some enums in curl/curl.h since tag number 35 was used twice! - Added "postquote" support to the ftp section that enables post-ftp-transfer quote commands. - Now made the -Q/--quote parameter recognize '-' as a prefix, which means that command will be issued AFTER a successful ftp transfer. This can of course be used to delete or rename a file after it has been uploaded or downloaded. Use your imagination! ;-) - Since I do the main development on solaris 2.6 now, I had to download and install GNU groff to generate the hugehelp.c file. The solaris nroff cores on the man page! So, in order to make the solaris configure script find a better result I made gnroff get checked prior to the regular nroff. - Added all the curl exit codes to the man page. - Jim Gallagher properly tracked down a bug in autoconf 2.13. The AC_CHECK_LIB() macro wrongfully uses the -l flag before the -L flag to 'ld' which causes the HP-UX 10.20 flavour to fail on all libchecks and therefore you can't make the configure script find the openssl libs! Daniel (28 December 1999): - Tim Verhoeven correctly identified that curl doesn't support URL formatted file names when getting ftp. Now, there's a problem with getting very weird file names off FTP servers. RFC 959 defines that the file name syntax to use should be the same as in the native OS of the server. Since we don't know the peer server system we currently just translate the URL syntax into plain letters. It is still better and with the solaris 2.6-supplied ftp server it works with spaces in the file names. Daniel (27 December 1999): - When curl parsed cookies straight off a remote site, it corrupted the input data, which, if the downloaded headers were stored made very odd characters in the saved data. Correctly identified and reported by Paul Harrington. Daniel (13 December 1999): - General cleanups in the library interface. There had been some bad kludges added during times of stress and I did my best to clean them off. It was both regarding the lib API as well as include file confusions. Daniel (3 December 1999): - A small --stderr bug was reported by Eetu Ojanen... - who also brought the suggestion of extending the -X flag to ftp list as well. So, now it is and the long option is now --request instead. It is only for ftp list for now (and the former http stuff too of course). Lars J. Aas (24 November 1999): - Patched curl to compile and build under BeOS. Doesn't work yet though! - Corrected the Makefile.am files to allow putting object files in different directories than the sources. Version 6.3.1 Daniel (23 November 1999): - I've had this major disk crash. My good old trust-worthy source disk died along with the machine that hosted it. Thank goodness most of all the things I've done are either backed up elsewhere or stored in this CVS server! - Michael S. Steuer pointed out a bug in the -F handling that made curl hang if you posted an empty variable such as '-F name='. It was one of those old bugs that never have worked properly... - Jason Baietto pointed out a general flaw in the HTTP download. Curl didn't complain if it was prematurely aborted before the entire download was completed. It does now. Daniel (19 November 1999): - Chris Maltby very accurately criticized the lack of return code checks on the fwrite() calls. I did a thorough check for all occurrences and corrected this. Daniel (17 November 1999): - Paul Harrington pointed out that the -m/--max-time option doesn't work for the slow system calls like gethostbyname()... I don't have any good fix yet, just a slightly less bad one that makes curl exit hard when the timeout is reached. - Bjorn Reese helped me point out a possible problem that might be the reason why Thomas Hurst experience problems in his Amiga version. Daniel (12 November 1999): - I found a crash in the new cookie file parser. It crashed when you gave a plain http header file as input... Version 6.3 Daniel (10 November 1999): - I kind of found out that the HTTP time-conditional GETs (-z) aren't always respected by the web server and the document is therefore sent in whole again, even though it doesn't match the requested condition. After reading section 13.3.4 of RFC 2616, I think I'm doing the right thing now when I do my own check as well. If curl thinks the condition isn't met, the transfer is aborted prematurely (after all the headers have been received). - After comments from Robert Linden I also rewrote some parts of the man page to better describe how the -F works. - Michael Anti put up a new curl download mirror in China: http://www.pshowing.com/curl/ - I added the list of download mirrors to the README file - I did add more explanations to the man page Daniel (8 November 1999): - I made the -b/--cookie option capable of reading netscape formatted cookie files as well as normal http-header files. It should be able to transparently figure out what kind of file it got as input. Daniel (29 October 1999): - Another one of Sebastiaan van Erk's ideas (that has been requested before but I seem to have forgotten who it was), is to add support for ranges in FTP downloads. As usual, one request is just a request, when they're two it is a demand. I've added simple support for X-Y style fetches. X has to be the lower number, though you may omit one of the numbers. Use the -r/ --range switch (previously HTTP-only). - Sebastiaan van Erk suggested that curl should be able to show the file size of a specified file. I think this is a splendid idea and the -I flag is now working for FTP. It displays the file size in this manner: Content-Length: XXXX As it resembles normal headers, and leaves us the opportunity to add more info in that display if we can come up with more in the future! It also makes sense since if you access ftp through a HTTP proxy, you'd get the file size the same way. I changed the order of the QUOTE command executions. They're now executed just after the login and before any other command. I made this to enable quote commands to run before the -I stuff is done too. - I found out that -D/--dump-header and -V/--version weren't documented in the man page. - Many HTTP/1.1 servers do not support ranges. Don't ask me why. I did add some text about this in the man page for the range option. The thread in the mailing list that started this was initiated by Michael Anti. - I get reports about nroff crashes on solaris 2.6+ when displaying the curl man page. Switch to gnroff instead, it is reported to work(!). Adam Barclay reported and brought the suggestion. - In a dialogue with Johannes G. Kristinsson we came up with the idea to let -H/--header specified headers replace the internally generated headers, if you happened to select to add a header that curl normally uses by itself. The advantage with this is not entirely obvious, but in Johannes' case it means that he can use another Host: than the one curl would set. Daniel (27 October 1999): - Jongki Suwandi brought a nice patch for (yet another) crash when following a location:. This time you had to follow a https:// server's redirect to get the core. Version 6.2 Daniel (21 October 1999): - I think I managed to remove the suspicious (nil) that has been seen just before the "Host:" in HTTP requests when -v was used. - I found out that if you followed a location: when using a proxy, without having specified http:// in the URL, the protocol part was added once again when moving to the next URL! (The protocol part has to be added to the URL when going through a proxy since it has no protocol-guessing system such as curl has.) - Benjamin Ritcey reported a core dump under solaris 2.6 with OpenSSL 0.9.4. It turned out this was due to a bad free() in main.c that occurred after the download was done and completed. - Benjamin found ftp downloads to show the first line of the download meter to get written twice, and I removed that problem. It was introduced with the multiple URL support. - Dan Zitter correctly pointed out that curl 6.1 and earlier versions didn't honor RFC 2616 chapter 4 section 2, "Message Headers": "...Field names are case-insensitive..." HTTP header parsing assumed a certain casing. Dan also provided me with a patch that corrected this, which I took the liberty of editing slightly. - Dan Zitter also provided a nice patch for config.guess to better recognize the Mac OS X - Dan also corrected a minor problem in the lib/Makefile that caused linking to fail on OS X. Daniel (19 October 1999): - Len Marinaccio came up with some problems with curl. Since Windows has a crippled shell, it can't redirect stderr and that causes trouble. I added --stderr today which allows the user to redirect the stderr stream to a file or stdout. Daniel (18 October 1999): - The configure script now understands the '--without-ssl' flag, which now totally disable SSL/https support. Previously it wasn't possible to force the configure script to leave SSL alone. The previous functionality has been retained. Troy Engel helped test this new one. Version 6.1 Daniel (17 October 1999): - I ifdef'ed or commented all the zlib stuff in the sources and configure script. It turned out we needed to mock more with zlib than I initially thought, to make it capable of downloading compressed HTTP documents and uncompress them on the fly. I didn't mean the zlib parts of curl to become more than minor so this means I halt the zlib expedition for now and wait until someone either writes the code or zlib gets updated and better adjusted for this kind of usage. I won't get into details here, but a short a summary is suitable: - zlib can't automatically detect whether to use zlib or gzip decompression methods. - zlib is very neat for reading gzipped files from a file descriptor, although not as nice for reading buffer-based data such as we would want it. - there are still some problems with the win32 version when reading from a file descriptor if that is a socket Daniel (14 October 1999): - Moved the (external) include files for libcurl into a subdirectory named curl and adjusted all #include lines to use to maintain a better name space and control of the headers. This has been requested. Daniel (12 October 1999): - I modified the 'maketgz' script to perform a 'make' too before a release archive is put together in an attempt to make the time stamps better and hopefully avoid the double configure-running that use to occur. Daniel (11 October 1999): - Applied Jörn's patches that fixes zlib for mingw32 compiles as well as some other missing zlib #ifdef and more text on the multiple URL docs in the man page. Version 6.1beta Daniel (6 October 1999): - Douglas E. Wegscheid sent me a patch that made the exact same thing as I just made: the -d switch is now capable of reading post data from a named file or stdin. Use it similarly to the -F. To read the post data from a given file: curl -d @path/to/filename www.postsite.com or let curl read it out from stdin: curl -d @- www.postit.com Jörn Hartroth (3 October 1999): - Brought some more patches for multiple URL functionality. The MIME separation ideas are almost scrapped now, and a custom separator is being used instead. This is still compile-time "flagged". Daniel - Updated curl.1 with multiple URL info. Daniel (30 September 1999): - Felix von Leitner brought openssl-check fixes for configure.in to work out-of-the-box when the openssl files are installed in the system default dirs. Daniel (28 September 1999) - Added libz functionality. This should enable decompressing gzip, compress or deflate encoding HTTP documents. It also makes curl send an accept that it accepts that kind of encoding. Compressed contents usually shortens download time. I *need* someone to tell me a site that uses compressed HTTP documents so that I can test this out properly. - As a result of the adding of zlib awareness, I changed the version string a little. I plan to add openldap version reporting in there too. Daniel (17 September 1999) - Made the -F option allow stdin when specifying files. By using '-' instead of file name, the data will be read from stdin. Version 6.0 Daniel (13 September 1999) - Added -X/--http-request to enable any HTTP command to be sent. Do not that your server has to support the exact string you enter. This should possibly a string like DELETE or TRACE. - Applied Douglas' mingw32-fixes for the makefiles. Daniel (10 September 1999) - Douglas E. Wegscheid pointed out a problem. Curl didn't check the FTP servers return code properly after the --quote commands were issued. It took anything non 200 as an error, when all 2XX codes should be accepted as OK. - Sending cookies to the same site in multiple lines like curl used to do turned out to be bad and breaking the cookie specs. Curl now sends all cookies on a single Cookie: line. Curl is not yet RFC 2109 compliant, but I doubt that many servers do use that syntax (yet). Daniel (8 September 1999) - Jörn helped me make sure it still compiles nicely with mingw32 under win32. Daniel (7 September 1999) - FTP upload through proxy is now turned into a HTTP PUT. Requested by Stefan Kanthak. - Added the ldap files to the .m32 makefile. Daniel (3 September 1999) - Made cookie matching work while using HTTP proxy. Bjorn Reese (31 August 1999) - Passed his ldap:// patch. Note that this requires the openldap shared library to be installed and that LD_LIBRARY_PATH points to the directory where the lib will be found when curl is run with a ldap:// URL. Jörn Hartroth (31 August 1999) - Made the Mingw32 makefiles into single files. - Made file:// work for Win32. The same code is now used for unix as well for performance reasons. Douglas E. Wegscheid (30 August 1999) - Patched the Mingw32 makefiles for SSL builds. Matthew Clarke (30 August 1999) - Made a cool patch for configure.in to allow --with-ssl to specify the root dir of the openssl installation, as in ./configure --with-ssl=/usr/ssl_here - Corrected the 'reconf' script to work better with some shells. Jörn Hartroth (26 August 1999) - Fixed the Mingw32 makefiles in lib/ and corrected the file.c for win32 compiles. Version 5.11 Daniel (25 August 1999) - John Weismiller pointed out a bug in the header-line realloc() system in download.c. - I added lib/file.[ch] to offer a first, simple, file:// support. It probably won't do much good on win32 system at this point, but I see it as a start. - Made the release archives get a Makefile in the root dir, which can be used to start the compiling/building process easier. I haven't really changed any INSTALL text yet, I wanted to get some feed-back on this first. Daniel (17 August 1999) - Another Location: bug. Curl didn't do proper relative locations if the original URL had cgi-parameters that contained a slash. Nusu's page again. - Corrected the NO_PROXY usage. It is a list of substrings that if one of them matches the tail of the host name it should connect to, curl should not use a proxy to connect there. Pointed out to me by Douglas E. Wegscheid. I also changed the README text a little regarding this. Daniel (16 August 1999) - Fixed a memory bug with http-servers that sent Location: to a Location: page. Nusu's page showed this too. - Made cookies work a lot better. Setting the same cookie name several times used to add more cookies instead of replacing the former one which it should've. Nusu brought me an URL that made this painfully visible... Troy (15 August 1999) - Brought new .spec files as well as a patch for configure.in that lets the configure script find the openssl files better, even when the include files are in /usr/include/openssl Version 5.10 Daniel (13 August 1999) - SSL_CTX_set_default_passwd_cb() has been modified in the 0.9.4 version of OpenSSL. Now why couldn't they simply add a *new* function instead of modifying the parameters of an already existing function? This way, we get a compiler warning if compiling with 0.9.4 but not with earlier. So, I had to come up with a #if construction that deals with this... - Made curl output the SSL version number get displayed properly with 0.9.4. Troy (12 August 1999) - Added MingW32 (GCC-2.95) support under Win32. The INSTALL file was also a bit rearranged. Daniel (12 August 1999) - I had to copy a good include file into the curl source tree to enable the silly win32 systems to compile. The distribution rights allows us to do that as long as the file remains unmodified. - I corrected a few minor things that made the compiler complain when -Wall -pedantic was used. - I'm moving the official curl web page to http://curl.haxx.nu. I think it will make it easier to remember as it is a lot shorter and less cryptic. The old one still works and shows the same info. Daniel (11 August 1999) - Albert Chin-A-Young mailed me another correction for NROFF in the configure.in that is supposed to be better for IRIX users. Daniel (10 August 1999) - Albert Chin-A-Young helped me with some stupid Makefile things, as well as some fiddling with the getdate.c stuff that he had problems with under HP-UX v10. getdate.y will now be compiled into getdate.c if the appropriate yacc or bison is found by the configure script. Since this is slightly new, we need to test the output getdate.c with win32 systems to make sure it still compiles there. Daniel (5 August 1999) - I've just setup a new mailing list with the intention to keep discussions around libcurl development in it. I mainly expect it to be for thoughts and brainstorming around a "next generation" library, rather than nitpicking about the current implementation or details in the current libcurl. To join our happy bunch of future-looking geeks, enter 'subscribe
' in the body of a mail and send it to libcurl-request@listserv.fts.frontec.se. Curl bug reports, the usual curl talk and everything else should still be kept in this mailing list. I've started to archive this mailing list and have put the libcurl web page at www.fts.frontec.se/~dast/libcurl/. - Stefan Kanthak contacted me regarding a few problems in the configure script which he discovered when trying to make curl compile and build under Siemens SINIX-Z V5.42B2004! - Marcus Klein very accurately informed me that src/version.h was not present in the CVS repository. Oh, how silly... - Linus Nielsen rewrote the telnet:// part and now curl offers limited telnet support. If you run curl like 'curl telnet://host' you'll get all output on the screen and curl will read input from stdin. You'll be able to login and run commands etc, but since the output is buffered, expect to get a little weird output. This is still in its infancy and it might get changed. We need your feed-back and input in how this is best done. WIN32 NOTE: I bet we'll get problems when trying to compile the current lib/telnet.c on win32, but I think we can sort them out in time. - David Sanderson reported that FORCE_ALLOCA_H or HAVE_ALLOCA_H must be defined for getdate.c to compile properly on HP-UX 11.0. I updated the configure script to check for alloca.h which should make it. Daniel (4 August 1999) - I finally got to understand Marcus Klein's ftp download resume problem, which turns out to be due to different outputs from different ftp servers. It makes ftp download resuming a little trickier, but I've made some modifications I really believe will work for most ftp servers and I do hope you report if you have problems with this! - Added text about file transfer resuming to README.curl. Daniel (2 August 1999) - Applied a progress-bar patch from Lars J. Aas. It offers a new styled progress bar enabled with -#/--progress-bar. T. Yamada (30 July 1999) - It breaks with segfault when 1) curl is using .netrc to obtain username/password (option '-n'), and 2) is automatically redirected to another location (option '-L'). There is a small bug in lib/url.c (block starting from line 641), which tries to take out username/password from user- supplied command-line argument ('-u' option). This block is never executed on first attempt since CONF_USERPWD bit isn't set at first, but curl later turns it on when it checks for CONF_NETRC bit. So when curl tries to redo everything due to redirection, it segfaults trying to access *data->userpwd. Version 5.9.1 Daniel (30 July 1999) - Steve Walch pointed out that there is a memory leak in the formdata functions. I added a FormFree() function that is now used and supposed to correct this flaw. - Mark Wotton reported: 'curl -L https://www.cwa.com.au/' core dumps. I managed to cure this by correcting the cleanup procedure. The bug seems to be gone with my OpenSSL 0.9.2b, although still occurs when I run the ~100 years old SSLeay 0.8.0. I don't know whether it is curl or SSLeay that is to blame for that. - Marcus Klein: Reported an FTP upload resume bug that I really can't repeat nor understand. I leave it here so that it won't be forgotten. Daniel (29 July 1999) - Costya Shulyupin suggested support for longer URLs when following Location: and I could only agree and fix it! - Leigh Purdie found a problem in the upload/POST department. It turned out that http.c accidentaly cleared the pointer instead of the byte counter when supposed to. - Costya Shulyupin pointed out a problem with port numbers and Location:. If you had a server at a non-standard port that redirected to an URL using a standard port number, curl still used that first port number. - Ralph Beckmann pointed out a problem when using both CONF_FOLLOWLOCATION and CONF_FAILONERROR simultaneously. Since the CONF_FAILONERROR exits on the 302-code that the follow location header outputs it will never show any html on location: pages. I have now made it look for >=400 codes if CONF_FOLLOWLOCATION is set. - 'struct slist' is now renamed to 'struct curl_slist' (as suggested by Ralph Beckmann). - Joshua Swink and Rick Welykochy were the first to point out to me that the latest OpenSSL package now have moved the standard include path. It is now in /usr/local/ssl/include/openssl and I have now modified the --enable-ssl option for the configure script to use that as the primary path, and I leave the former path too to work with older packages of OpenSSL too. Daniel (9 June 1999) - I finally understood the IRIX problem and now it seem to compile on it! I am gonna remove those #define strcasecmp() things once and for all now. Daniel (4 June 1999) - I adjusted the FTP reply 227 parser to make the PASV command work better with more ftp servers. Appearantly the Roxen Challanger server replied something curl 5.9 could deal with! :-( Reported by Ashley Reid-Montanaro and Mark Butler brought a solution for it. Daniel (26 May 1999) - Rearranged. README is new, the old one is now README.curl and I added a README.libcurl with text I got from Ralph Beckmann. - I also updated the INSTALL text. Daniel (25 May 1999) - David Jonathan Lowsky correctly pointed out that curl didn't properly deal with form posting where the variable shouldn't have any content, as in curl -F "form=" www.site.com. It was now fixed. Version 5.9 Daniel (22 May 1999) - I've got a bug report from Aaron Scarisbrick in which he states he has some problems with -L under FreeBSD 3.0. I have previously got another bug report from Stefan Grether which points at an error with similar sympthoms when using win32. I made the allocation of the new url string a bit faster and different, don't know if it actually improves anything though... Daniel (20 May 1999) - Made the cookie parser deal with CRLF newlines too. Daniel (19 May 1999) - Download() didn't properly deal with failing return codes from the sread() function. Adam Coyne found the problem in the win32 version, and Troy Engel helped me out isolating it. Daniel (16 May 1999) - Richard Adams pointed out a bug I introduced in 5.8. --dump-header doesn't work anymore! :-/ I fixed it now. - After a suggestion by Joshua Swink I added -S / --show-error to force curl to display the error message in case of an error, even if -s/--silent was used. Daniel (10 May 1999) - I moved the stuff concerning HTTP, DICT and TELNET it their own source files now. It is a beginning on my clean-up of the sources to make them layer all those protocols better to enable more to be added easier in the future! - Leon Breedt sent me some files I've not put into the main curl archive. They're for creating the Debian package thingie. He also sent me a debian package that I've made available for download at the web page Daniel (9 May 1999) - Made it compile on cygwin too. Troy Engel (7 May 1999) - Brought a series of patches to allow curl to compile smoothly on MSVC++ 6 again! Daniel (6 May 1999) - I changed the #ifdef HAVE_STRFTIME placement for the -z code so that it will be easier to discover systems that don't have that function and thus can't use -z successfully. Made the strftime() get used if WIN32 is defined too. Version 5.8 Daniel (5 May 1999) - I've had it with this autoconf/automake mess. It seems to work allright for most people who don't have automake installed, but for those who have there are problems all over. I've got like five different bug reports on this only the last week... Claudio Neves and Federico Bianchi and root are some of them reporting this. Currently, I have no really good fix since I want to use automake myself to generate the Makefile.in files. I've found out that the @SHELL@-problems can often be fixed by manually invoking 'automake' in the archive root before you run ./configure... I've hacked my maketgz script now to fiddle a bit with this and my tests seem to work better than before at least! Daniel (4 May 1999) - mkhelp.pl has been doing badly lately. I corrected a case problem in the regexes. - I've now remade the -o option to not touch the file unless it needs to. I had to do this to make -z option really fine, since now you can make a curl fetch and use a local copy's time when downloading to that file, as in: curl -z dump -o dump remote.site.com/file.html This will only get the file if the remote one is newer than the local. I'm aware that this alters previous behaviour a little. Some scripts out there may depend on that the file is always touched... - Corrected a bug in the SSLv2/v3 selection. - Felix von Leitner requested that curl should be able to send "If-Modified-Since" headers, which indeed is a fair idea. I implemented it right away! Try -z where expression is a full GNU date expression or a file name to get the date from! Stephan Lagerholm (30 Apr 1999) - Pointed out a problem with the src/Makefile for FreeBSD. The RM variable isn't set and causes the make to fail. Daniel (26 April 1999) - Am I silly or what? Irving Wolfe pointed out to me that the curl version number was not set properly. Hasn't been since 5.6. This was due to a bug in my maketgz script! David Eriksson (25 Apr 1999) - Found a bug in cookies.c that made it crash at times. Version 5.7.1 Doug Kaufman (23 Apr 1999) - Brought two sunos 4 fixes. One of them being the hostip.c fix mentioned below and the other one a correction in include/stdcheaders.h - Added a paragraph about compiling with the US-version of openssl to the INSTALL file. Daniel - New mailing list address. Info updated on the web page as well as in the README file Greg Onufer (20 Apr 1999) - hostip.c didn't compile properly on SunOS 5.5.1. It needs an #include Version 5.7 Daniel (Apr 20 1999) - Decided to upload a non-beta version right now! - Made curl support any-length HTTP headers. The destination buffer is now simply enlarged every time it turns out to be too small! - Added the FAQ file to the archive. Still a bit smallish, but it is a start. Eric Thelin (15 Apr 1999) - Made -D accept '-' instead of filename to write to stdout. Version 5.6.3beta Daniel (Apr 12 1999) - Changed two #ifdef WIN32 to better #ifdef when connect()ing in url.c and ftp.c. Makes cygwin32 deal with them better too. We should try to get some decent win32-replacement there. Anyone? - The old -3/--crlf option is now ONLY --crlf! - I changed the "SSL fix" to a more lame one, but that doesn't remove as much functionality. Now I've enabled the lib to select what SSL version it should try first. Appearantly some older SSL-servers don't like when you talk v3 with them so you need to be able to force curl to talk v2 from the start. The fix dated April 6 and posted on the mailing list forced curl to use v2 at all times using a modern OpenSSL version, but we don't really want such a crippled solution. - Marc Boucher sent me a patch that corrected a math error for the "Curr.Speed" progress meter. - Eric Thelin sent me a patch that enables '-K -' to read a config file from stdin. - I found out we didn't close the file properly before so I added it! Daniel (Apr 9 1999) - Yu Xin pointed out a problem with ftp download resume. It didn't work at all! ;-O Daniel (Apr 6 1999) - Corrected the version string part generated for the SSL version. - I found a way to make some other SSL page work with openssl 0.9.1+ that previously didn't (ssleay 0.8.0 works with it though!). Trying to get some real info from the OpenSSL guys to see how I should do to behave the best way. SSLeay 0.8.0 shouldn't be that much in use anyway these days! Version 5.6.2beta Daniel (Apr 4 1999) - Finally have curl more cookie "aware". Now read carefully. This is how it works. To make curl read cookies from an already existing file, in plain header- format (like from the headers of a previous fetch) invoke curl with the -b flag like: curl -b file http://site/foo.html Curl will then use all cookies it finds matching. The old style that sets a single cookie with -b is still supported and is used if the string following -b includes a '=' letter, as in "-b name=daniel". To make curl read the cookies sent in combination with a location: (which sites often do) point curl to read a non-existing file at first (i.e to start with no existing cookies), like: curl -b nowhere http://site/setcookieandrelocate.html - Added a paragraph in the TODO file about the SSL problems recently reported. Evidently, some kind of SSL-problem curl may need to address. - Better "Location:" following. Douglas E. Wegscheid (Tue, 30 Mar 1999) - A subsecond display patch. Daniel (Mar 14 1999) - I've separated the version number of libcurl and curl now. To make things a little easier, I decided to start the curl numbering from 5.6 and the former version number known as "curl" is now the one set for libcurl. - Removed the 'enable-no-pass' from configure, I doubt anyone wanted that. - Made lots of tiny adjustments to compile smoothly with cygwin under win32. It's a killer for porting this to win32, bye bye VC++! ;-) Compiles and builds out-of-the-box now. See the new wordings in INSTALL for details. - Beginning experiments with downloading multiple document from a http server while remaining connected. Version 5.6beta Daniel (Mar 13 1999) - Since I've changed so much, I thought I'd just go ahead and implement the suggestion from Douglas E. Wegscheid. -D or --dump-header is now storing HTTP headers separately in the specified file. - Added new text to INSTALL on what to do to build this on win32 now. - Aaargh. I had to take a step back and prefix the shared #include files in the sources with "../include/" to please VC++... Daniel (Mar 12 1999) - Split the url.c source into many tiny sources for better readability and smaller size. Daniel (Mar 11 1999) - Started to change stuff for a move to make libcurl and a more separate curl application that uses the libcurl. Made the libcurl sources into the new lib directory while the curl application will remain in src as before. New makefiles, adjusted configure script and so. libcurl.a built quickly and easily. I better make a better interface to the lib functions though. The new root dir include/ is supposed to contain the public information about the new libcurl. It is a little ugly so far :-) Daniel (Mar 1 1999) - Todd Kaufmann sent me a good link to Netscape's cookie spec as well as the info that RFC 2109 specifies how to use them. The link is now in the README and the RFC in the RESOURCES. Daniel (Feb 23 1999) - Finally made configure accept --with-ssl to look for SSL libs and includes in the "standard" place /usr/local/ssl... Daniel (Feb 22 1999) - Verified that curl linked fine with OpenSSL 0.9.1c which seems to be the most recent. Henri Gomez (Fri Feb 5 1999) - Sent in an updated curl-ssl.spec. I still miss the script that builds an RPM automatically... Version 5.5.1 Mark Butler (27 Jan 1999) - Corrected problems in Download(). Danitel Stenberg (25 Jan 1999) - Jeremie Petit pointed out a few flaws in the source that prevented it from compile warning free with the native compiler under Digital Unix v4.0d. Version 5.5 Daniel Stenberg (15 Jan 1999) - Added Bjorns small text to the README about the DICT protocol. Daniel Stenberg (11 Jan 1999) - reported about the win32-versioin: "Doesn't use ALL_PROXY environment variable". Turned out to be because of the static- buffer nature of the win32 environment variable calls! Bjorn Reese (10 Jan 1999) - I have attached a simple addition for the DICT protocol (RFC 2229). It performs dictionary lookups. The output still needs to be better formatted. To test it try (the exact format, and more examples are described in the RFC) dict://dict.org/m:hello dict://dict.org/m:hello::soundex Vicente Garcia (10 Jan 1999) - Corrected the progress meter for files larger than 20MB. Daniel Stenberg (7 Jan 1999) - Corrected the -t and -T help texts. They claimed to be FTP only. Version 5.4 Daniel Stenberg (7 Jan 1999) - Irving Wolfe reported that curl -s didn't always supress the progress reporting. It was the form post that autoamtically always switched it on again. This is now corrected! (4 Jan 1999) - Andreas Kostyrka suggested I'd add PUT and he helped me out to test it. If you use -t or -T now on a http or https server, PUT will be used for file upload. I removed the former use of -T with HTTP. I doubt anyone ever really used that. (4 Jan 1999) - Erik Jacobsen found a width bug in the mprintf() function. I corrected it now. (4 Jan 1999) - As John V. Chow pointed out to me, curl accepted very limited URL sizes. It should now accept path parts that are up to at least 4096 bytes. - Somehow I screwed up when applying the AIX fix from Gilbert Ramirez, so I redid that now. Version 5.3a (win32 only) Troy Engel - Corrected a win32 bug in the environment variable part. Version 5.3 Gilbert Ramirez Jr. (21 Dec 1998) - I have implemented the "quote" function of FTP clients. It allows you to send arbitrary commands to the remote FTP server. I chose the -Q/--quote command-line arguments. You can have more than one quoted string, and curl will apply them in order. This is what I use for my MVS upload: curl -B --crlf -Q "site lrecl=80" -Q "site blk=8000" -T file ftp://os390/test Curl will send the two quoted "site" commands in the proper order. - Made it compile smoothly on AIX. Gilbert Ramirez Jr. (18 Dec 1998) - Brought an MVS patch: -3/--mvs, for ftp upload to the MVS ftp server. Troy Engel (17 Dec 1998) - Brought a correction that fixes the win32 curl bug. Daniel Stenberg - A bug, pointed out to me by Dr H. T. Leung, caused curl to crash on the -A flag on certain systems. Actually, all systems should've! - Added a few defines to make directories/file names get build nicer (with _ instead of . and \ instead of / in win32). - steve reported a weird bug that occured if the ftp server response line had a parenthesis on the line before the (size) info. I hope it works better now! Version 5.2.1 Steven G. Johnson (Dec 14, 1998) - Brought a fix that corrected a crash in 5.2 due to bad treatment of the environment variables. Version 5.2 Daniel Stenberg (Dec 14, 1998) - Rewrote the mkhelp script and now, the mkhelp.pl script generates the hugehelp.c file from the README *and* the man page file curl.1. By using both files, I no longer need to have double information in both the man page and the README as well. So, win32-users will only have the hugehelp.c file for all info, but then, they download the plain binary most times anyway. - gcc2.8.1 with the -Wall flag complaints a lot on subscript has type `char' if I don't explicitly typecast the argument to isdigit() or isspace() to int. So I did to compile warning free with that too. - Added checks for 'long double' and 'long long' in the configure script. I need those for the mprintf.c source to compile well on non long long comforming systems! Version 5.1 (not publicly released) Daniel Stenberg (Dec 10, 1998) - I got a request for a pre-compiled NT Alpha version. Anyone? - Added Lynx/CERN www lib proxy environment variable support. That means curl now reads and understands the following environment variables: HTTP_PROXY, HTTPS_PROXY, FTP_PROXY, GOPHER_PROXY They should be set for protocol-specific proxies. General proxy should be set with ALL_PROXY And a comma-separated list of host names that shouldn't go through any proxy is set in (only an asterisk, '*' matches all hosts). NO_PROXY The usage of the -x/--proxy flag overrides the environment variables. - Proxy can now be specified with a procotol:// prefix. - Wrote the curl.1 man page. - Introduced a whole new dynamic buffer system for all sprintf()s. It is based on the *printf() package by yours truly and Bjorn Reese. Hopefully, there aren't that many buffer overflow risks left now. - Ah, I should mention I've compiled and built curl successfully under solaris 2.6 with gcc now, gcc 2.7.2 won't work but 2.8.1 did ok. Oren Tirosh (Dec 3, 1998) - Brought two .spec files, to use when creating (Linux) Redhat style RPM packages. They're named curl.spec and curl-ssl.spec. Troy Engel - Supplied the src/Makefile.vc6 for easy compiling with VC++ under Win32. Version 5.0 Daniel Stenberg (Dec 1, 1998) - Not a single bug report in ages. - Corrected getpass.c and main.c to compile warning and error free with the Win32 VC++ crap. Version 5.0 beta 24 Daniel Stenberg (Nov 20, 1998) HOW TO BUILD A RELEASE ARCHIVE: * Pre-requisite software: What To build what Reads data from ==== ============= =============== GNU automake Makefile.in, aclocal.m4 configure.in GNU make(1) - " - GNU gcc(1) - " - GNU autoconf configure configure.in GNU autoheader(2) config.h.in configure.in, acconfig.h * Make sure all files that should be part of the archive are put in FILES. * Run './maketgz' and enter version number of the new to become archive. maketgz does: - Enters the newly created version number in url.h. - (If you don't have automake, this script will warn about that, but unless you have changed the Makefile.am files, that is nothing to care about.) If you have it, it'll run it. - If you have autoconf, the configure.in will be edited to get the newly created version number and autoconf will be run. - Creates a new directory named curl-. (Actually, it uses the base name of the current directory up to the first '-'.) - Copies all files mentioned in FILES to the new directory. Saving permissions and directory structure. - Uses tar to create an archive of it all, named curl-.tar.gz - gzips the archive - Removes the new directory and all its contents. * When done, you have an archive stored in your directory named curl-.tar.gz. Done! (1) They're required to make automake run properly. (2) It is distributed as a part of the GNU autoconf archive. Daniel Stenberg (Nov 18, 1998) - I changed the TAG-system. If you ever used urlget() from this package in another product, you need to recompile with the new headers. I did this new stuff to better deal with different compilers and system with different variable sizes. I think it makes it a little more portable. This proves to compile warning free with the problematic IRIX compiler! - Win32 compiled with a silly error. Corrected now. - Brian Chaplin reported yet another problem in multiline FTP responses. I've tried to correct it. I mailed him a new version and I hope he gets back soon with positive feedback! - Improved the 'maketgz' to create a temporary directory tree which it makes an archive from instead of the previous renaming of the current one. - Mailing list opened (see README). - Made -v more verbose on the PASV section of ftp transfers. Now it tells host name and IP of the new host (and port number). I also added a section about PORT vs PASV in the README. Version 5.0 beta 21 Angus Mackay (Nov 15, 1998) - Introduced automake stuff. Daniel Stenberg (Nov 13, 1998) - Just made a successful GET of a document from an SSL-server using my own private certificate for authentication! The certificate has to be in PEM format. You do that the easiest way (although not *that* easy) by downloading the SSLyeay PKCS#12-patch by Dr Stephen N. Henson from his site at: http://www.drh-consultancy.demon.co.uk/. Using his tool, you can convert any modern Netscape or (even) MSIE certificate to PEM-format. Use it with 'curl -E https://site.com'. If this isn't a cool feature, then I don't know what cool features look like! ;-) - Working slowly on telnet connections. #define TRY_TELNET to try it out. (curl -u user:passwd "telnet://host.com/cat .login" is one example) I do have problem to define how it should work. The prime purpose for this must be to get (8bit clean) files via telnet, and it really isn't that easy to get files this way. Still having problems with \n being converted to \r\n. Angus Mackay (Nov 12, 1998) - Corrected another bug in the long parameter name parser. - Modified getpass.c (NOTE: see the special licensing in the top of that source file). Daniel Stenberg (Nov 12, 1998) - We may have removed the silly warnings from url.c when compiled under IRIX. Thanks again to Bjorn Reese and Martin Staael. - Wrote formfind.pl which is a new perl script intended to help you find out how a FORM submission should be done. This needs a little more work to get really good. Daniel Stenberg (Nov 11, 1998) - Made the HTTP header-checker accept white spaces before the HTTP/1.? line. Appearantly some proxies/sites add such at times (my test proxy did when I downloaded a gopher page with it)! - Moved the former -h to -M and made -h show the short help text instead. I had to enable a forced help text option. Now an even shorter help text will be presented when an unknown option and similar, is used. - stdcheaders.h didn't work with IRIX 6.4 native cc compiler. I hope my changes don't make other versions go nuts instead. Daniel Stenberg (Nov 10, 1998) - Added a weird check in the configure script to check for the silly AIX warnings about my #define strcasecmp() stuff. I do that define to prevent me and other contributors to accidentaly use that function name instead of strequal()... - I bugfixed Angus's getpass.c very little. - Fixed the verbose flag names to getopt-style, i.e 'curl --loc' will be sufficient instead of --location as "loc" is a unique prefix. Also, anything after a '--' is treated as an URL. So if you do have a host with a weeeird name you can do 'curl -- -host.com'. - Another getopt-adjust; curl now accepts flags after the URL on the command line. 'curl www.foo.com -O' is perfectly valid. - Corrected the .curlrc parser so that strtok() is no longer used and I believe it works better. Even URLs can be specified in it now. Angus Mackay (Nov 9, 1998) - Replaced getpass.c with a newly written one, not under GPL license - Changed OS to a #define in config.h instead of compiler flag - Makefile now uses -DHAVE_CONFIG_H Daniel Stenberg (Nov 9, 1998) - Ok, I expanded the tgz-target to update the version string on each occation I build a release archive! - I reacted on Angus Mackay's initiative and remade the parameter parser to be more getopt compliant. Curl now supports "merged" flags as in curl -lsv ftp.site.com Do note that I had to move three short-names of the options. Parameters that needs an additional string such as -x must be stand-alone or the last in a merged sequence: curl -lsx my-proxy ftp.site.com is ok, but using the flags in a different order like '-lxs' would cause unexpected results (as the 's' option would be skipped). - I've changed the headers in all files that are subject to the MozPL license, as they are supposed to look like when conforming. - Made the configure script make the config.h. The former config.h is now setup.h. - The RESOURCES and TODO files have been added to the archive. Angus Mackay (Nov 5, 1998) - Fixed getpass.c and various configure stuff Daniel Stenberg (Nov 3, 1998) - Use -H/--header for custom HTTP-headers. Lets you pass on your own specified headers to the remote server. I wouldn't recommend trying to use a header with a defined usage according to standards. Use this flag once for every custom header you want to add. - Use -B/--ftp-ascii to force ftp to use ASCII mode when transfering files. - Corrected the 'getlinks.pl' script, I accidentally left my silly proxy usage in there! Since the introduction of the .curlrc file, it is easier to write scripts that use curl since proxies and stuff should be in the .curlrc file anyway. - Introducing the new -F flag for HTTP POST. It supports multipart/form-data which means it is gonna be possible to upload files etc through HTTP POST. Shiraz Kanga asked for the feature and my brother, Björn Stenberg helped me design the user interface for this beast. This feature requires quite some docs, since it has turned out not only quite capable, but also complicated! :-) - A note here, since I've received mail about it. SSLeay versions prior to 0.8 will *not* work with curl! - Wil Langford reported a bug that occurred since curl did not properly use CRLF when issuing ftp commands. I fixed it. - Rearranged the order config files are read. .curlrc is now *always* read first and before the command line flags. -K config files then act as additional config items. - Use -q AS THE FIRST OPTION specified to prevent .curlrc from being read. - You can now disable a proxy by using -x "". Useful if the .curlrc file specifies a proxy and you wanna fetch something without going through that. - I'm thinking of dropping the -p support. Its really not useful since ports could (and should?) be specified as : appended on the host name instead, both in URLs and to proxy host names. - Martin Staael reports curl -L bugs under Windows NT (test with URL http://come.to/scsde). This bug is not present in this version anymore. - Added support for the weird FTP URL type= thing. You can download a file using ASCII transfer by appending ";type=A" to the right of it. Other available types are type=D for dir-list (NLST) and type=I for binary transfer. I can't say I've ever seen anyone use this kind of URL though! :-) - Troy Engel pointed out a bug in my getenv("HOME") usage for win32 systems. I introduce getenv.c to better cope with this. Mr Engel helps me with the details around that... - A little note to myself and others, I should make the win32-binary built with SSL support... - Ryan Nelson sent me comments about building curl with SSL under FreeBSD. See the Makefile for details. Using the configure script, it should work better and automatically now... - Cleaned up in the port number mess in the source. No longer stores and uses proxy port number separate from normal port number. - 'configure' script working. Confirmed compiles on: Host SSL Compiler SunOS 5.5 no gcc SunOS 5.5.1 yes gcc SunOS 5.6 no cc (with gcc, it has the "gcc include files" problem) SunOS 4.1.3 no gcc (without ANSI C headers) SunOS 4.1.2 no gcc (native compiler failed) Linux 2.0.18 no gcc Linux 2.0.32 yes gcc Linux 2.0.35 no gcc (with glibc) IRIX 6.2 no gcc (cc compiles generate a few warnings) IRIX 6.4 no cc (generated warnings though) Win32 no Borland OSF4.0 no ? - Ooops. The 5beta (and 4.10) under win32 failed if the HOME variable wasn't set. - When using a proxy, curl now guesses and uses the protocol part in cases like: curl -x proxy:80 www.site.com Proxies normally go nuts unless http:// is prepended to the host name, so if curl is used like this, it guesses protocol and appends the protocol string before passing it to the proxy. It already did this when used without proxy. - Better port usage with SSL through proxy now. If you specified a different https-port when accessing through a proxy, it didn't use that number correctly. I also rewrote the code that parses the stuff read from the proxy when you wanna connect through it with SSL. - Bjorn Reese helped me work around one of the compiler warnings on IRIX native cc compiles. Version 4.10 (Oct 26, 1998) Daniel Stenberg - John A. Bristor suggested a config file switch, and since I've been having that idea kind of in the background for a long time I rewrote the parameter parsing function a little and now I introduce the -K/--config flag. I also made curl *always* (unless -K is used) try to load the .curlrc file for command line parameters. The syntax for the config file is the standard command line argument style. Details in 'curl -h' or the README. - I removed the -k option. Keep-alive isn't really anything anyone would want to enable with curl anyway. - Martin Staael helped me add the 'irix' target. Now "make irix" should build curl successfully on non-gcc SGI machines. - Single switches now toggle behaviours. I.e if you use -v -v the second will switch off the verbose mode the first one enabled. This is so that you can disable a default setting a .curlrc file enables etc. Version 4.9 (Oct 7, 1998) Daniel Stenberg - Martin Staael suggested curl would support cookies. I added -b/--cookie to enable free-text cookie data to be passed. There's also a little blurb about general cookie stuff in the README/help text. - dmh suggested HTTP resume capabilities. Although you could manually get curl to resume HTTP documents, I made the -c resume flag work for HTTP too (unless -r is used too, which would be very odd anyway). - Added checklinks.pl to the archive. It is a still experimental perl script that checks all links of a web page by using curl. - Rearranged the archive hierarchy a little. Build the executable in the src/ dir from now on! - Version 4.9 and hereafter, is no longer released under the GPL license. I have now updated the LEGAL file etc and now this is released using the Mozilla Public License to avoid the plague known as "the GPL virus". You must make the source available if you decide to change and/or redistribute curl, but if you decide to use curl within something else you do not need to offer the world the source to that too. - Curl did not like HTTP servers that sent no headers at all on a GET request. It is a violation of RFC2068 but appearantly some servers do that anyway. Thanks to Gordon Beaton for the report! - -L/--location was added after a suggestion from Martin Staael. This makes curl ATTEMPT to follow the Location: redirect if one is present in the HTTP headers. If -i or -I is used with this flag, you will see headers from all sites the Location: points to. Do note that the first server can point to a second that points to a third etc. It seems the Location: parameter (said to be an AbsoluteURI in RFC2068) isn't always absolute.. :-/ Anyway, I've made curl ATTEMPT to do the best it can to deal with the reality. - Added getlinks.pl to the archive. getlinks.pl selectively downloads files that a web page links to. Version 4.8.4 Daniel Stenberg - As Julian Romero Nieto reported, curl reported wrong version number. - As Teemu Yli-Elsila pointed out, the win32 version of 4.8 (and probably all other versions for win32) didn't work with binary files since I'm too used to the UNIX style fopen() where binary and text don't differ... - Ralph Beckmann brought me some changes that lets curl compile error and warning free with -Wall -pedantic with g++. I also took the opportunity to clean off some unused variables and similar. - Ralph Beckmann made me aware of a really odd bug now corrected. When curl read a set of headers from a HTTP server, divided into more than one read and the first read showed a full line *exactly* (i.e ending with a newline), curl did not behave well. Version 4.8.3 Daniel Stenberg - I was too quick to release 4.8.2 with too little testing. One of the changes is now reverted slightly to the 4.8.1 way since 4.8.2 couldn't upload files. I still think both problems corrected in 4.8.2 remain corrected. Reported by Julian Romero Nieto. Version 4.8.2 Daniel Stenberg - Bernhard Iselborn reported two FTP protocol errors curl did. They're now corrected. Both appeared when getting files from a MS FTP server! :-) Version 4.8.1 Daniel Stenberg - Added a last update of the progress meter when the transfer is done. The final output on the screen didn't have to be the final size transfered which made it sometimes look odd. - Thanks to David Long I got rid of a silly bug that happened if a HTTP-page had nothing but header. Appearantly Solaris deals with negative sizes in fwrite() calls a lot better than Linux does... =B-] Version 4.8 Daniel Stenberg - Continue FTP file transfer. -c is the switch. Note that you need to specify a file name if you wanna resume a download (you can't resume a download sent to stdout). Resuming upload may be limited by the server since curl is then using the non-RFC959 command SIZE to get the size of the target file before upload begins (to figure out which offset to use). Use -C to specify the offset yourself! -C is handy if you're doing the output to something else but a plain file or when you just want to get the end of a file. - recursiveftpget.pl now features a maximum recursive level argument. Version 4.7 Daniel Stenberg - Added support to abort a download if the speed is below a certain amount (speed-limit) bytes per second for a certain (speed-time) time. - Wrote a perl script 'recursiveftpget.pl' to recursively use curl to get a whole ftp directory tree. It is meant as an example of how curl can be used. I agree it isn't the wisest thing to do to make a separate new connection for each file and directory for this. Version 4.6 Daniel Stenberg - Added a first attempt to optionally parse the .netrc file for login user and password. If used with http, it enables user authentication. -n is the new switch. - Removed the extra newlines on the default user-agent string. - Corrected the missing ftp upload error messages when it failed without the verbose flag set. Gary W. Swearingen found it. - Now using alarm() to enable second-precision timeout even on the name resolving/connecting phase. The timeout is although reset after that first sequence. (This should be corrected.) Gary W. Swearingen reported. - Now spells "Unknown" properly, as in "Unknown option 'z'"... :-) - Added bug report email address in the README. - Added a "current speed" field to the progress meter. It shows the average speed the last 5 seconds. The other speed field shows the average speed of the entire transfer so far. Version 4.5.1 Linas Vepstas - SSL through proxy fix - Added -A to allow User-Agent: changes Daniel Stenberg - Made the -A work when SSL-through-proxy. Version 4.5 Linas Vepstas - More SSL corrections - I've added a port to AIX. - running SSL through a proxy causes a chunk of code to be executred twice. one of those blocks needs to be deleted. Daniel Stenberg - Made -i and -I work again Version 4.4 Linas Vepstas - -x can now also specify proxyport when used as in 'proxyhost:proxyport' - SSL fixes Version 4.3 Daniel Stenberg - Adjusted to compile under win32 (VisualC++ 5). The -P switch does not support network interface names in win32. I couldn't figure out how! Version 4.2 Linas Vepstas / Sampo Kellomaki - Added SSL / SSLeay support (https://) - Added the -T usage for HTTP POST. Daniel Stenberg - Bugfixed the SSL implementation. - Made -P a lot better to use other IP addresses. It now accepts a following parameter that can be either interface - i.e "eth0" to specify which interface's IP address you want to use IP address - i.e "192.168.10.1" to specify exact IP number host name - i.e "my.host.domain" to specify machine "-" - (any single-letter string) to make it pick the machine's default - The Makefile is now ready to compile for solaris, sunos4 and linux right out of the box. - Better generated version string seen with 'curl -V' Version 4.1 Daniel Stenberg - The IP number returned by the ftp server as a reply to PASV does no longer have to DNS resolve. In fact, no IP-number-only addresses have to anymore. - Binds better to available port when -P is used. - Now LISTs ./ instead of / when used as in ftp://ftp.funet.fi/. The reason for this is that exactly that site, ftp.funet.fi, does not allow LIST / while LIST ./ is fine. Any objections? Version 4 (1998-03-20) Daniel Stenberg - I took another huge step and changed both version number and project name! The reason for the new name is that there are just one too many programs named urlget already and this program already can a lot more than merely getting URLs, and the reason for the version number is that I did add the pretty big change in -P and since I changed name I wanted to start with something fresh! - The --style flags are working better now. - Listing directories with FTP often reported that the file transfer was incomplete. Wrong assumptions were too common for directories, why no size will be attempted to get compared on them from now on. - Implemented the -P flag that let's the ftp control issue a PORT command instead of the standard PASV. - -a for appending FTP uploads works. *************************************************************************** Version 3.12 (14 March 1998) Daniel Stenberg - End-of-header tracking still lacked support for \r\n or just \n at the end of the last header line. Sergio Barresi - Added PROXY authentication. Rafael Sagula - Fixed some little bugs. Version 3.11 Daniel Stenberg - The header parsing was still not correct since the 3.2 modification... Version 3.10 Daniel Stenberg - 3.7 and 3.9 were simultaneously developed and merged into this version. - FTP upload did not work correctly since 3.2. Version 3.9 Rafael Sagula - Added the "-e / --referer " option where we can specify the referer page. Obviously, this is necessary only to fool the server, but... Version 3.7 Daniel Stenberg - Now checks the last error code sent from the ftp server after a file has been received or uploaded. Wasn't done previously. - When 'urlget ' is used without a 'protocol://' first in the host part, it now checks for host names starting with ftp or gopher and if it does, it uses that protocol by default instead of http. Version 3.6 Daniel Stenberg - Silly mistake made the POST bug. This has now also been tested to work with proxy. Version 3.5 Daniel Stenberg - Highly inspired by Rafael Sagula's changes to the 3.1 that added an almost functional POST, I applied his changes into this version and made them work. (It seems POST requires the Content-Type and Content-Length headers.) It is now usable with the -d switch. Version 3.3 - 3.4 Passed to avoid confusions Version 3.2 Daniel Stenberg - Major rewrite of two crucial parts of this code: upload and download. They are both now using a select() switch, that allows much better progress meter and time control. - alarm() usage removed completely - FTP get can now list directory contents if the path ends with a slash '/'. Urlget on a ftp-path that doesn't end with a slash means urlget will attempt getting it as a file name. - FTP directory view supports -l for "list-only" which lists the file names only. - All operations support -m for max time usage in seconds allowed. - FTP upload now allows the size of the uploaded file to be provided, and thus it can better check it actually uploaded the whole file. It also makes the progress meter for uploads much better! - Made the parameter parsing fail in cases like 'urlget -r 900' which previously tried to connect to the host named '900'. Version 3.1 Kjell Ericson - Pointed out how to correct the 3 warnings in win32-compiles. Daniel Stenberg - Removed all calls to exit(). - Made the short help text get written to stdout instead of stderr. - Made this file instead of keeping these comments in the source. - Made two callback hooks, that enable external programs to use urlget() easier and to grab the output/offer the input easier. - It is evident that Win32-compiles are painful. I watched the output from the Borland C++ v5 and it was awful. Just ignore all those warnings. Version 3.0 Daniel Stenberg - Added FTP upload capabilities. The name urlget gets a bit silly now when we can put too... =) - Restructured the source quite a lot. Changed the urlget() interface. This way, we will survive changes much better. New features can come and old can be removed without us needing to change the interface. I've written a small explanation in urlget.h that explains it. - New flags include -t, -T, -O and -h. The -h text is generated by the new mkhelp script. Version 2.9 Remco van Hooff - Added a fix to make it compile smoothly on Amiga using the SAS/C compiler. Daniel Stenberg - Believe it or not, but the STUPID Novell web server seems to require that the Host: keyword is used, so well I use it and I (re-introduce) the urlget User-Agent:. I still have to check that this Host: usage works with proxies... 'Host:' is required for HTTP/1.1 GET according to RFC2068. Version 2.8 Rafael Sagula - some little modifications Version 2.7 Daniel Stenberg - Removed the -l option and introduced the -f option instead. Now I'll rewrite the former -l kludge in an external script that'll use urlget to fetch multipart files like that. - '-f' is introduced, it means Fail without output in case of HTTP server errors (return code >=300). - Added support for -r, ranges. Specify which part of a document you want, and only that part is returned. Only with HTTP/1.1-servers. - Split up the source in 3 parts. Now all pure URL functions are in urlget.c and stuff that deals with the stand-alone program is in main.c. - I took a few minutes and wrote an embryo of a README file to explain a few things. Version 2.6 Daniel Stenberg - Made the -l (loop) thing use the new CONF_FAILONERROR which makes urlget() return error code if non-successful. It also won't output anything then. Now finally removed the HTTP 1.0 and error 404 dependencies. - Added -I which uses the HEAD request to get the header only from a http-server. Version 2.5 Rafael Sagula - Made the progress meter use HHH:MM:SS instead of only seconds. Version 2.4 Daniel Stenberg - Added progress meter. It appears when downloading > BUFFER SIZE and mute is not selected. I found out that when downloading large files from really really slow sites, it is desirable to know the status of the download. Do note that some downloads are done unawaring of the size, which makes the progress meter less thrilling ;) If the output is sent to a tty, the progress meter is shut off. - Increased buffer size used for reading. - Added length checks in the user+passwd parsing. - Made it grok user+passwd for HTTP fetches. The trick is to base64 encode the user+passwd and send an extra header line. Read chapter 11.1 in RFC2068 for details. I added it to be used just like the ftp one. To get a http document from a place that requires user and password, use an URL like: http://user:passwd@www.site.to.leach/doc.html I also added the -u flag, since WHEN USING A PROXY YOU CAN'T SPECIFY THE USER AND PASSWORD WITH HTTP LIKE THAT. The -u flag works for ftp too, but not if used with proxy. To do the same as the above one, you can invoke: urlget -u user:passwd http://www.site.to.leach/doc.html Version 2.3 Rafael Sagula - Added "-o" option (output file) - Added URG_HTTP_NOT_FOUND return code. (Daniel's note:) Perhaps we should detect all kinds of errors and instead of writing that custom string for the particular 404-error, use the error text we actually get from the server. See further details in RFC2068 (HTTP 1.1 definition). The current way also relies on a HTTP/1.0 reply, which newer servers might not do. - Looping mode ("-l" option). It's easier to get various split files. (Daniel's note:) Use it like 'urlget -l 1 http://from.this.site/file%d.html', which will make urlget to attempt to fetch all files named file1.html, file2.html etc until no more files are found. This is only a modification of the STAND_ALONE part, nothing in the urlget() function was modfified for this. Daniel Stenberg - Changed the -h to be -i instead. -h should be preserved to help use. - Bjorn Reese indicated that Borland _might_ use '_WIN32' instead of the VC++ WIN32 define and therefore I added a little fix for that. Version 2.2 Johan Andersson - The urlget function didn't set the path to url when using proxy. - Fixed bug with IMC proxy. Now using (almost) complete GET command. Daniel Stenberg - Made it compile on Solaris. Had to reorganize the includes a bit. (so Win32, Linux, SunOS 4 and Solaris 2 compile fine.) - Made Johan's keepalive keyword optional with the -k flag (since it makes a lot of urlgets take a lot longer time). - Made a '-h' switch in case you want the HTTP-header in the output. Version 2.1 Daniel Stenberg and Kjell Ericson - Win32-compilable - No more global variables - Mute option (no output at all to stderr) - Full range of return codes from urlget(), which is now written to be a function for easy-to-use in [other] programs. - Define STAND_ALONE to compile the stand alone urlget program - Now compiles with gcc options -ansi -Wall -pedantic ;) Version 2.0 - Introducing ftp GET support. The FTP URL type is recognized and used. - Renamed the project to 'urlget'. - Supports the user+passwd in the FTP URL (otherwise it tries anonymous login with a weird email address as password). Version 1.5 Daniel Stenberg - The skip_header() crap messed it up big-time. By simply removing that one we can all of a sudden download anything ;) - No longer requires a trailing slash on the URLs. - If the given URL isn't prefixed with 'http://', HTTP is assumed and given a try! - 'void main()' is history. Version 1.4 Daniel Stenberg - The gopher source used the ppath variable instead of path which could lead to disaster. Version 1.3 Daniel Stenberg - Well, I added a lame text about the time it took to get the data. I also fought against Johan to prevent his -f option (to specify a file name that should be written instead of stdout)! =) - Made it write 'connection refused' for that particular connect() problem. - Renumbered the version. Let's not make silly 1.0.X versions, this is a plain 1.3 instead. Version 1.2 Johan Andersson - Discovered and fixed the problem with getting binary files. puts() is now replaced with fwrite(). (Daniel's note: this also fixed the buffer overwrite problem I found in the previous version.) Rafael Sagula - Let "-p" before "-x". Daniel Stenberg - Bugfixed the proxy usage. It should *NOT* use nor strip the port number from the URL but simply pass that information to the proxy. This also made the user/password fields possible to use in proxy [ftp-] URLs. (like in ftp://user:password@ftp.my.site:8021/README) Johan Andersson - Implemented HTTP proxy support. - Receive byte counter added. Bjorn Reese - Implemented URLs (and skipped the old syntax). - Output is written to stdout, so to achieve the above example, do: httpget http://143.54.10.6/info_logo.gif > test.gif Version 1.1 Daniel Stenberg - Adjusted it slightly to accept named hosts on the command line. We wouldn't wanna use IP numbers for the rest of our lifes, would we? Version 1.0 Rafael Sagula - Wrote the initial httpget, which started all this!