123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813 |
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
- Changelog
- Yang Tse (2 May 2009)
- - Use a build-time configured curl_socklen_t data type instead of socklen_t.
- Yang Tse (1 May 2009)
- - Applied David McCreedy's patches "TPF-platform specific changes to various
- files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the
- former with minor edits.
- Daniel Stenberg (30 Apr 2009)
- - I was going to fix issue #59 in KNOWN_BUGS
- If the CURLOPT_PORT option is used on an FTP URL like
- "ftp://example.com/file;type=A" the ";type=A" is stripped off.
- I added test case 562 to verify, only to find out that I couldn't repeat
- this bug so I hereby consider it not a bug anymore!
- Daniel Stenberg (29 Apr 2009)
- - Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
- I've now made TFTP "connections" not being kept for re-use within libcurl.
- TFTP is UDP-based so the benefit was really low (if even existing) to begin
- with so instead of tracking down to fix this problem we instead removed the
- re-use. I also enabled test case 1099 that I wrote a few days ago to verify
- that this change fixes the reported problem.
- Daniel Stenberg (28 Apr 2009)
- - Constantine Sapuntzakis filed bug report #2783090
- (http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
- we need to grow the SO_SNDBUF buffer somewhat to get really good upload
- speeds. http://support.microsoft.com/kb/823764 has the details. Friends
- confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
- - Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
- Chen pointed out how curl couldn't upload with resume when reading from a
- pipe.
- This ended up with the introduction of a new return code for the
- CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
- that libcurl may try to resolve the situation anyway. In our case this means
- libcurl will attempt to instead read that much data from the stream instead
- of seeking and that way curl can now upload with resume when data is read
- from a stream!
- Daniel Stenberg (26 Apr 2009)
- - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
- Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
- interface and provided a patch that fixed the problem!
- Daniel Stenberg (24 Apr 2009)
- - Kamil Dudka fixed another NSS-related leak when client certs were used.
- - Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer
- Koenig pointed out that the man page didn't tell that the *_proxy
- environment variables can be specified lower case or UPPER CASE and the
- lower case takes precedence,
- Daniel Fandrich (21 Apr 2009)
- - Added new libcurl source files to Amiga, RiscOS and VC6 build files.
- Yang Tse (21 Apr 2009)
- - Moved potential inclusion of system's malloc.h and memory.h header files to
- setup_once.h. Inclusion of each header file is based on the definition of
- NEED_MALLOC_H and NEED_MEMORY_H respectively.
- Renamed libcurl's memory.h to curl_memory.h
- Daniel Stenberg (20 Apr 2009)
- - Leanic Lefever reported a crash and did some detailed research on why and
- how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
- conclusion was that if an error is detected and Curl_done() is called for
- the connection, ftp_done() could at times return another error code that
- then would take precedence and that new code confused existing logic that
- works for the first error code (CURLE_SEND_ERROR) only.
- - Gisle Vanem noticed that --libtool would produce bogus strings at times for
- OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
- within the app for setting plain string options to avoid the risk of this
- mistake happening.
- Daniel Stenberg (17 Apr 2009)
- - Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP
- proxy. libcurl would then wrongly close the connection after each
- request. In his case it had the weird side-effect that it killed NTLM auth
- for the proxy causing an inifinite loop!
- I added test case 1098 to verify this fix. The test case does however not
- properly verify that the transfers are done persistently - as I couldn't
- think of a clever way to achieve it right now - but you need to read the
- stderr output after a test run to see that it truly did the right thing.
- Daniel Stenberg (13 Apr 2009)
- - bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
- Storsjö pointed out how setting CURLOPT_NOBODY to 0 could be downright
- confusing as it set the method to either GET or HEAD. The example he showed
- looked like:
- curl_easy_setopt(curl, CURLOPT_PUT, 1);
- curl_easy_setopt(curl, CURLOPT_NOBODY, 0);
- The new way doesn't alter the method until the request is about to start. If
- CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
- 0 and the request happens to have been set to HEAD, it will then instead be
- set to GET. I believe this will be less surprising to users, and hopefully
- not hit any existing users badly.
- - Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
- out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
- is found in Redhat's bug tracker:
- https://bugzilla.redhat.com/show_bug.cgi?id=453612
- There are still memory leaks present, but they seem to have other reasons.
- Daniel Fandrich (11 Apr 2009)
- - Added new libcurl source files to Symbian OS build files.
- - Improved Symbian support for SSL.
- Yang Tse (10 Apr 2009)
- - Daniel Johnson improved the MacOSX-Framework shell script to now perform all
- the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
- libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
- Yang Tse (8 Apr 2009)
- - Removed Sun compilers preprocessor block from curlbuild.h.dist, this also
- removes it from the curlbuild.h file originally distributed by the cURL
- project as this file is intended for systems not capable of running the
- configure script. For those who have been building curl out of the source
- code curl distribution tarball provided by curl.haxx.se the change implies
- nothing. Previous change in this area committed 2 Apr becomes irrelevant.
- Daniel Stenberg (6 Apr 2009)
- - I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success
- and 1 on fatal errors. Previously it only mentioned non-zero on fatal
- errors. This is a slight change in meaning, but it follows what we've done
- elsewhere before and it opens up for LOTS of more useful return codes
- whenever we can think of them...
- Yang Tse (2 Apr 2009)
- - Fix curl_off_t definition for builds done using Sun compilers and a
- non-configured libcurl. In this case curl_off_t data type was gated
- to the off_t data type which depends on the _FILE_OFFSET_BITS. This
- configuration is exactly the unwanted configuration for our curl_off_t
- data type which must not depend on such setting. This breaks ABI for
- libcurl libraries built with Sun compilers which were built without
- having run the configure script with _FILE_OFFSET_BITS different than
- 64 and using the ILP32 data model.
- Daniel Stenberg (1 Apr 2009)
- - Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a
- strdup() call failed.
- Daniel Fandrich (31 Mar 2009)
- - Properly return an error code in curl_easy_recv (reported by Jim Freeman).
- Daniel Stenberg (18 Mar 2009)
- - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
- NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
- explicitly.
-
- Daniel Stenberg (13 Mar 2009)
- - Use libssh2_version() to present the libssh2 version in case the libssh2
- library is found to support it.
- Yang Tse (12 Mar 2009)
- - Added missing Curl_read() return code checking in TELNET transfers.
- - Pierre Brico found and fixed TELNET transfers not being aborted upon
- a write callback failure.
- Daniel Stenberg (11 Mar 2009)
- - Kamil Dudka made the curl tool properly call curl_global_init() before any
- other libcurl function.
- Yang Tse (11 Mar 2009)
- - Added missing TELNET timeout support for Windows builds. This issue was
- reported by Pierre Brico.
- Daniel Stenberg (9 Mar 2009)
- - Frank Hempel found out a bug and provided the fix:
-
- curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
- option. It only enabled the cookie engine in the destination handle if
- data->cookies is not NULL (where data is the source handle). In case of a
- newly initialized handle which just had the cookie support enabled by a
- curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
- still NULL because the setopt-call only appends the value to
- data->change.cookielist, hence duplicating this handle would not have the
- cookie engine switched on.
- We also concluded that the slist-functionality would be suitable for being
- put in its own module rather than simply hanging out in lib/sendf.c so I
- created lib/slist.[ch] for them.
- - Andreas Farber made the 'buildconf' script check for the presence of m4
- scripts to make it detect a bad checkout earlier. People with older
- checkouts who don't do cvs update with the -d option won't get the new dirs
- and then will get funny outputs that can be a bit hard to understand and
- fix.
-
- Daniel Stenberg (8 Mar 2009)
- - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
- allocation of the memory BIO was not being properly checked.
- - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
- in the gnutls code where we were checking for negative values for errors,
- when the man pages state that GNUTLS_E_SUCCESS is returned on success and
- other values indicate error conditions.
- - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
- curl didn't use sprintf() in a way that is documented to work in POSIX but
- since we use our own printf() code (from libcurl) that shouldn't be a
- problem. Nonetheless I modified the code to not rely on such particular
- features and to not cause further raised eyebrowse with no good reason.
- Daniel Fandrich (5 Mar 2009)
- - Expanded the security section of the libcurl-tutorial man page to cover
- more issues for authors to consider when writing robust libcurl-using
- applications.
- Yang Tse (5 Mar 2009)
- - Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
- issue was noticed by Chris Deidun.
- Daniel Fandrich (4 Mar 2009)
- - Fixed a problem with m4 quoting in the OpenSSL configure check reported
- by Daniel Johnson.
- Daniel Stenberg (3 Mar 2009)
- - David James brought a patch that make libcurl close (all) dead connections
- whenever you attempt to open a new connection.
- 1. After cleaning up a dead connection, "continue" instead of
- returning FALSE. This ensures that we clean up all dead connections,
- rather than just cleaning up the first dead connection.
- 2. Move up the cleanup for dead connections so that it occurs for
- all connections, rather than just the connections which have the same
- preferences as our current new connection.
- Version 7.19.4 (3 March 2009)
- Daniel Stenberg (3 Mar 2009)
- - David Kierznowski notified us about a security flaw
- (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
- which previous libcurl versions (by design) can be tricked to access an
- arbitrary local/different file instead of a remote one when
- CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
- together this the addition of two new setopt options for controlling this
- new behavior:
- o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
- follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
- excludes the FILE and SCP protocols and thus you nee to explicitly allow
- them in your app if you really want that behavior.
- o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
- using the primary URL option. This is useful if you want to allow a user or
- other outsiders control what URL to pass to libcurl and yet not allow all
- protocols libcurl may have been built to support.
- Daniel Stenberg (27 Feb 2009)
- - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
- CURLOPT_LOCALPORT were used together (the local port bind failed), and
- Markus Koetter provided the fix!
- Daniel Stenberg (25 Feb 2009)
- - As Daniel Fandrich figured out, we must do the GnuTLS initing in the
- curl_global_init() function to properly maintain the performing functions
- thread-safe. We've previously (28 April 2007) moved the init to a later time
- just to avoid it to fail very early when libgcrypt dislikes the situation,
- but that move was bad and the fix should rather be in libgcrypt or
- elsewhere.
-
- Daniel Stenberg (24 Feb 2009)
- - Brian J. Murrell found out that Negotiate proxy authentication didn't work.
- It happened because the code used the struct for server-based auth all the
- time for both proxy and server auth which of course was wrong.
- Daniel Stenberg (23 Feb 2009)
- - After a bug reported by James Cheng I've made curl_easy_getinfo() for
- CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
- -1 if the sizes aren't know. Previously these returned 0, make it impossible
- to detect the difference between actually zero and unknown.
- Yang Tse (23 Feb 2009)
- - Daniel Johnson provided a shell script that will perform all the steps needed
- to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework
- Daniel Stenberg (23 Feb 2009)
- - I renamed everything in the windows builds files that used the name 'curllib'
- to the proper 'libcurl' as clearly this caused confusion.
- Yang Tse (20 Feb 2009)
- - Do not halt compilation when using VS2008 to build a Windows 2000 target.
- Daniel Stenberg (20 Feb 2009)
- - Linus Nielsen Feltzing reported and helped me repeat and fix a problem with
- FTP with the multi interface: when a transfer fails, like when aborted by a
- write callback, the control connection was wrongly closed and thus not
- re-used properly.
- This change is also an attempt to cleanup the code somewhat in this area, as
- now the FTP code attempts to keep (better) track on pending responses
- necessary to get read in ftp_done().
- Daniel Stenberg (19 Feb 2009)
- - Patrik Thunstrom reported a problem and helped me repeat it. It turned out
- libcurl did a superfluous 1000ms wait when doing SFTP downloads!
- We read data with libssh2 while doing the "DO" operation for SFTP and then
- when we were about to start getting data for the actual file part, the
- "TRANSFER" part, we waited for socket action (in 1000ms) before doing a
- libssh2-read. But in this case libssh2 had already read and buffered the
- data so we ended up always just waiting 1000ms before we get working on the
- data!
- Patrick Monnerat (18 Feb 2009)
- - FTP downloads (i.e.: RETR) ending with code 550 now return error
- CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.
- Daniel Stenberg (17 Feb 2009)
- - Kamil Dudka made NSS-powered builds compile and run again!
- - A second follow-up change by Andre Guibert de Bruet to fix a related memory
- leak like that fixed on the 14th. When zlib returns failure, we need to
- cleanup properly before returning error.
- - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for
- plain FTP connections, and it will then allow MKD to fail once and retry the
- CWD afterwards. This is especially useful if you're doing many simultanoes
- connections against the same server and they all have this option enabled,
- as then CWD may first fail but then another connection does MKD before this
- connection and thus MKD fails but trying CWD works! The numbers can
- (should?) now be set with the convenience enums now called
- CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.
- Tests has proven that if you're making an application that uploads a set of
- files to an ftp server, you will get a noticable gain in speed if you're
- using multiple connections and this option will be then be very useful.
- Daniel Stenberg (14 Feb 2009)
- - Andre Guibert de Bruet found and fixed a memory leak in the content encoding
- code, which could happen on libz errors.
- Daniel Fandrich (12 Feb 2009)
- - Added support for Digest and NTLM authentication using GnuTLS.
- Daniel Stenberg (11 Feb 2009)
- - CURLINFO_CONDITION_UNMET was added to allow an application to get to know if
- the condition in the previous request was unmet. This is typically a time
- condition set with CURLOPT_TIMECONDITION and was previously not possible to
- reliably figure out. From bug report #2565128
- (http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert.
- Daniel Fandrich (4 Feb 2009)
- - Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS
- (respectively) when --with-ssl=/usr is used (patch based on FreeBSD).
- - Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
- This couldn't ever overflow in curl, but might if the code were used
- elsewhere or under different conditions.
- Daniel Stenberg (3 Feb 2009)
- - Hidemoto Nakada provided a small fix that makes it possible to get the
- CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
- CURLOPT_NOBODY set true.
- Daniel Stenberg (2 Feb 2009)
- - Patrick Scott found a rather large memory leak when using the multi
- interface and setting CURLMOPT_MAXCONNECTS to something less than the number
- of handles you add to the multi handle. All the connections that didn't fit
- in the cache would not be properly disconnected nor freed!
- - Craig A West brought us: libcurl now defaults to do CONNECT with HTTP
- version 1.1 instead of 1.0 like before. This change also introduces the new
- proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to
- switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0
- option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0.
- I updated all test cases cases that use CONNECT and I tried to do some using
- --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.
- Daniel Stenberg (31 Jan 2009)
- - When building with c-ares 1.6.1 (not yet released) or later and IPv6 support
- enabled, we can now take advantage of its brand new AF_UNSPEC support in
- ares_gethostbyname(). This makes test case 241 finally run fine for me with
- this setup since it now parses the "::1 ip6-localhost" line fine in my
- /etc/hosts file!
- Daniel Stenberg (30 Jan 2009)
- - Scott Cantor filed bug report #2550061
- (http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to
- properly make sure that the VC9 makefiles got included in the latest
- release. I've now fixed the release script and verified it so next release
- will hopefully include them properly!
- Daniel Fandrich (30 Jan 2009)
- - Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for
- reporting.
- Yang Tse (29 Jan 2009)
- - Introduced curl_sspi.c and curl_sspi.h for the implementation of functions
- Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were
- named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c
- Also adjusted socks_sspi.c to remove the link-time dependency on the Windows
- SSPI library using it now in the same way as it was done in http_ntlm.c.
- Daniel Stenberg (28 Jan 2009)
- - Markus Moeller introduced two new options to libcurl:
- CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl
- to do GSS-style authentication with SOCKS5 proxies. The curl tool got the
- options called --socks5-gssapi-service and --socks5-gssapi-nec to enable
- these.
- Daniel Stenberg (26 Jan 2009)
- - Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app
- to set desired block size to use for TFTP transfers instead of the default
- 512 bytes.
- - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
- disable "rfc4507bis session ticket support". rfc4507bis was later turned
- into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
- The enabled extension concerns the session management. I wonder how often
- libcurl stops a connection and then resumes a TLS session. also, sending the
- session data is some overhead. .I suggest that you just use your proposed
- patch (which explicitly disables TICKET).
- If someone writes an application with libcurl and openssl who wants to
- enable the feature, one can do this in the SSL callback.
- Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
- on the proper action.
- - Alexey Borzov filed bug report #2535504
- (http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with
- quoted quotation marks in HTTP Digest headers didn't work. I've now added
- test case 1095 that verifies my fix.
- - Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.
- They basically offer the same thing the NO_PROXY environment variable only
- offered previously: list a set of host names that shall not use the proxy
- even if one is specified.
- Daniel Fandrich (20 Jan 2009)
- - Call setlocale() for libtest tests to test the effects of locale-induced
- libc changes on libcurl.
- - Fixed a couple more locale-dependent toupper conversions, mainly for
- clarity. This does fix one problem that causes ;type=i FTP URLs
- to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
- used (test case 561)
- - Added tests 561 and 1091 through 1094 to test various combinations
- of ;type= and ;mode= URLs that could potentially fail in the Turkish
- locale.
- Daniel Stenberg (20 Jan 2009)
- - Lisa Xu pointed out that the ssh.obj file was missing from the
- lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too).
- Version 7.19.3 (19 January 2009)
- Daniel Stenberg (16 Jan 2009)
- - Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both
- 32 bit and 64 bit.
- Daniel Stenberg (15 Jan 2009)
- - Tim Ansell fixed a compiler warning in lib/cookie.c
- Daniel Stenberg (14 Jan 2009)
- - Grant Erickson fixed timeouts for TFTP such that specifying a
- connect-timeout, a max-time or both options work correctly and as expected
- by passing the correct boolean value to Curl_timeleft via the
- 'duringconnect' parameter.
- With this small change, curl TFTP now behaves as expected (and likely as
- originally-designed):
- 1) For non-existent or unreachable dotted IP addresses:
- a) With no options, follows the default curl 300s timeout...
- b) With --connect-timeout only, follows that value...
- c) With --max-time only, follows that value...
- d) With both --connect-timeout and --max-time, follows the smaller value...
- and times out with a "curl: (7) Couldn't connect to server" error.
- 2) For transfers to/from a valid host:
- a) With no options, follows default curl 300s timeout for the
- first XRQ/DATA/ACK transaction and the default TFTP 3600s
- timeout for the remainder of the transfer...
- b) With --connect-time only, follows that value for the
- first XRQ/DATA/ACK transaction and the default TFTP 3600s
- timeout for the remainder of the transfer...
- c) With --max-time only, follows that value for the first
- XRQ/DATA/ACK transaction and for the remainder of the
- transfer...
- d) With both --connect-timeout and --max-time, follows the former
- for the first XRQ/DATA/ACK transaction and the latter for the
- remainder of the transfer...
- and times out with a "curl: (28) Timeout was reached" error as
- appropriate.
- Daniel Stenberg (13 Jan 2009)
- - Michael Wallner fixed a NULL pointer deref when calling
- curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no
- cookies data.
- - Stefan Teleman brought a patch to fix the default curlbuild.h file for the
- SunPro compilers.
- Daniel Stenberg (12 Jan 2009)
- - Based on bug report #2498665 (http://curl.haxx.se/bug/view.cgi?id=2498665)
- by Daniel Black, I've now added magic to the configure script that makes it
- use pkg-config to detect gnutls details as well if the existing method
- (using libgnutls-config) fails. While doing this, I cleaned up and unified
- the pkg-config usage when detecting openssl and nss as well.
- Daniel Stenberg (11 Jan 2009)
- - Karl Moerder brought the patch that creates vc9 Makefiles, and I made
- 'maketgz' now use the actual makefile targets to do the VC8 and VC9
- makefiles.
- Daniel Stenberg (10 Jan 2009)
- - Emil Romanus fixed:
- When using the multi interface over HTTP and the server returns a Location
- header, the running easy handle will get stuck in the CURLM_STATE_PERFORM
- state, leaving the external event loop stuck waiting for data from the
- ingoing socket (when using the curl_multi_socket_action stuff). While this
- bug was pretty hard to find, it seems to require only a one-line fix. The
- break statement on line 1374 in multi.c caused the function to skip the call
- to multistate().
- How to reproduce this bug? Well, that's another question. evhiperfifo.c in
- the examples directory chokes on this bug only _sometimes_, probably
- depending on how fast the URLs are added. One way of testing the bug out is
- writing to hiper.fifo from more than one source at the same time.
- Daniel Fandrich (7 Jan 2009)
- - Unified much of the SessionHandle initialization done in Curl_open() and
- curl_easy_reset() by creating Curl_init_userdefined(). This had the side
- effect of fixing curl_easy_reset() so it now also resets
- CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE
- Daniel Stenberg (7 Jan 2009)
- - Rob Crittenden did once again provide an NSS update:
- I have to jump through a few hoops now with the NSS library initialization
- since another part of an application may have already initialized NSS by the
- time Curl gets invoked. This patch is more careful to only shutdown the NSS
- library if Curl did the initialization.
- It also adds in a bit of code to set the default ciphers if the app that
- call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
- ciphers. One might argue that this lets other application developers get
- lazy and/or they aren't using the NSS API correctly, and you'd be right.
- But still, this will avoid terribly difficult-to-trace crashes and is
- generally helpful.
- Daniel Stenberg (1 Jan 2009)
- - 'reconf' is removed since we rather have users use 'buildconf'
- Daniel Stenberg (31 Dec 2008)
- - Bas Mevissen reported http://curl.haxx.se/bug/view.cgi?id=2479030 pointing
- out that 'reconf' didn't properly point out the m4 subdirectory when running
- aclocal.
- Daniel Stenberg (29 Dec 2008)
- - Phil Lisiecki filed bug report #2413067
- (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that
- would cause libcurl to mark a DNS cache entry "in use" eternally if the
- subsequence TCP connect failed. It would thus never get pruned and refreshed
- as it should've been.
- Phil provided his own patch to this problem that while it seemed to work
- wasn't complete and thus I wrote my own fix to the problem.
- Daniel Stenberg (28 Dec 2008)
- - Peter Korsgaard fixed building libcurl with "configure --with-ssl
- --disable-verbose".
-
- - Anthony Bryan fixed more language and spelling flaws in man pages.
- Daniel Stenberg (22 Dec 2008)
- - Given a recent enough libssh2, libcurl can now seek/resume with SFTP even
- on file indexes beyond 2 or 4GB.
- - Anthony Bryan provided a set of patches that cleaned up manual language,
- corrected spellings and more.
- Daniel Stenberg (20 Dec 2008)
- - Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing
- pipelining, as libcurl could then easily get confused and A) work on the
- handle that was not "first in queue" on a pipeline, or even B) tell the app
- to REMOVE a socket while it was in use by a second handle in a pipeline. Both
- errors caused hanging or stalling applications.
- Daniel Stenberg (19 Dec 2008)
- - curl_multi_timeout() could return a timeout value of 0 even though nothing
- was actually ready to get done, as the internal time resolution is higher
- than the returned millisecond timer. Therefore it could cause applications
- running on fast processors to do short bursts of busy-loops.
- curl_multi_timeout() will now only return 0 if the timeout is actually
- alreay triggered.
- - Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl
- now has an improved ability to do right when the multi interface (both
- "regular" and multi_socket) is used for SCP and SFTP transfers. This should
- result in (much) less busy-loop situations and thus less CPU usage with no
- speed loss.
- Daniel Stenberg (17 Dec 2008)
- - SCP and SFTP with the multi interface had the same flaw: the 'DONE'
- operation didn't complete properly if the EAGAIN equivalent was returned but
- libcurl would simply continue with a half-completed close operation
- performed. This ruined persistent connection re-use and cause some
- SSH-protocol errors in general. The correction is unfortunately adding a
- blocking function - doing it entirely non-blocking should be considered for
- a better fix.
- Gisle Vanem (16 Dec 2008)
- - Added the possibility to use the Watt-32 tcp/ip stack under Windows.
- The change simply involved adding a USE_WATT32 section in the
- config-win32.h files (under ./lib and ./src). This section disables
- the use of any Winsock headers.
- Daniel Stenberg (16 Dec 2008)
- - libssh2_sftp_last_error() was wrongly used at some places in libcurl which
- made libcurl sometimes not properly abort problematic SFTP transfers.
- Daniel Stenberg (12 Dec 2008)
- - More work with Igor Novoseltsev to first fix the remaining stuff for
- removing easy handles from multi handles when the easy handle is/was within
- a HTTP pipeline. His bug report #2351653
- (http://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was
- eventually fixed by a patch by Igor himself.
- Yang Tse (12 Dec 2008)
- - Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting
- OS/400 compilations with IPv6 enabled.
- Daniel Stenberg (12 Dec 2008)
- - Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists
- when using duphandle+curl_mutli"
- (http://curl.haxx.se/bug/view.cgi?id=2416182) which showed that
- curl_easy_duphandle() wrongly also copied the pointer to the connection
- cache, which was plain wrong and caused a segfault if the handle would be
- used in a different multi handle than the handle it was duplicated from.
- Daniel Stenberg (11 Dec 2008)
- - Keshav Krity found out that libcurl failed to deal with dotted IPv6
- addresses if they were very long (>39 letters) due to a too strict address
- validity parser. It now accepts addresses up to 45 bytes long.
- Daniel Stenberg (11 Dec 2008)
- - Internet Explorer had a broken HTTP digest authentication before v7 and
- there are servers "out there" that relies on the client doing this broken
- Digest authentication. Apache even comes with an option to work with such
- broken clients.
- The difference is only for URLs that contain a query-part (a '?'-letter and
- text to the right of it).
- libcurl now supports this quirk, and you enable it by setting the
- CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or
- CURLOPT_PROXYAUTH options. They are thus individually controlled to server
- and proxy.
- (note that there's no way to activate this with the curl tool yet)
- Daniel Fandrich (9 Dec 2008)
- - Added test cases 1089 and 1090 to test --write-out after a redirect to
- test a report that the size didn't work, but these test cases pass.
- - Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs.
- Daniel Stenberg (9 Dec 2008)
- - Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any
- particular state for the control connection like it did before for implicit
- FTPS (libcurl assumed such control connections to be encrypted while some
- FTPS servers such as FileZilla assumes such connections to be clear
- mode). Use the CURLOPT_USE_SSL option to set your desired level.
- Daniel Stenberg (8 Dec 2008)
- - Fred Machado posted about a weird FTP problem on the curl-users list and when
- researching it, it turned out he got a 550 response back from a SIZE command
- and then I fell over the text in RFC3659 that says:
- The presence of the 550 error response to a SIZE command MUST NOT be taken
- by the client as an indication that the file cannot be transferred in the
- current MODE and TYPE.
- In other words: the change I did on September 30th 2008 and that has been
- included in the last two releases were a regression and a bad idea. We MUST
- NOT take a 550 response from SIZE as a hint that the file doesn't exist.
- - Christian Krause filed bug #2221237
- (http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite
- loop during GSS authentication given some specific conditions. With his
- patience and great feedback I managed to narrow down the problem and
- eventually fix it although I can't test any of this myself!
- Daniel Fandrich (3 Dec 2008)
- - Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6
- support (e.g. Minix)
- Daniel Stenberg (3 Dec 2008)
- - Igor Novoseltsev filed bug #2351645
- (http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with
- the multi interface that occured if you removed an easy handle while in
- progress and the handle was used in a HTTP pipeline.
- - Pawel Kierski pointed out a mistake in the cookie code that could lead to a
- bad fclose() after a fatal error had occured.
- (http://curl.haxx.se/bug/view.cgi?id=2382219)
- Daniel Fandrich (25 Nov 2008)
- - If a HTTP request is Basic and num is already >=1000, the HTTP test
- server adds 1 to num to get the data section to return. This allows
- testing authentication negotiations using the Basic authentication
- method.
- - Added tests 1087 and 1088 to test Basic authentication on a redirect
- with and without --location-trusted
- Daniel Stenberg (24 Nov 2008)
- - Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19
- function when built to support SCP and SFTP that helps the library to know
- in which direction a particular libssh2 operation would return EAGAIN so
- that libcurl knows what socket conditions to wait for before trying the
- function call again. Previously (and still when using libssh2 0.18 or
- earlier), libcurl will busy-loop in this situation when the easy interface
- is used!
- Daniel Fandrich (20 Nov 2008)
- - Automatically detect OpenBSD's CA cert bundle.
- Daniel Stenberg (19 Nov 2008)
- - I removed the default use of "Pragma: no-cache" from libcurl when a proxy is
- used. It has been used since forever but it was never a good idea to use
- unless explicitly asked for.
- - Josef Wolf's extension that allows a $TESTDIR/gdbinit$testnum file that when
- you use runtests.pl -g, will be sourced by gdb to allow additional fancy or
- whatever you see fit
- - Christian Krause reported and fixed a memory leak that would occur with HTTP
- GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386)
- - Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got
- when uploading files to a single FTP server using multiple easy handle
- handles with the multi interface. Occasionally a handle would stall in
- mysterious ways.
- The problem turned out to be a side-effect of the ConnectionExists()
- function's eagerness to re-use a handle for HTTP pipelining so it would
- select it even if already being in use, due to an inadequate check for its
- chances of being used for pipelnining.
- Daniel Fandrich (17 Nov 2008)
- - Added more compiler warning options for gcc 4.3
- Yang Tse (17 Nov 2008)
- - Fix a remaining problem in the inet_pton() runtime configure check. And
- fix internal Curl_inet_pton() failures to reject certain malformed literals.
- - Make configure script check if ioctl with the SIOCGIFADDR command can be
- used, and define HAVE_IOCTL_SIOCGIFADDR if appropriate.
- Daniel Stenberg (16 Nov 2008)
- - Christian Krause fixed a build failure when building with gss support
- enabled and FTP disabled.
- - Added check for NULL returns from strdup() in src/main.c and lib/formdata.c
- - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do
- for example -O on a url with a file name part longer than PATH_MAX letters
- - lib/nss.c fixes based on the report by Jim Meyering: I went over and added
- checks for return codes for all calls to malloc and strdup that were
- missing. I also changed a few malloc(13) to use arrays on the stack and a
- few malloc(PATH_MAX) to instead use aprintf() to lower memory use.
- - I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
- in use.
- Daniel Fandrich (14 Nov 2008)
- - Added .xml as one of the few common file extensions known by the multipart
- form generator.
- - Added some #ifdefs around header files and change the EAGAIN test to
- fix compilation on Cell (reported by Jeff Curley).
- Yang Tse (14 Nov 2008)
- - Fixed several configure script issues affecting checks for inet_ntoa_r(),
- inet_ntop(), inet_pton(), getifaddrs(), fcntl() and getaddrinfo().
- Yang Tse (13 Nov 2008)
- - Refactored configure script detection of functions used to set sockets into
- non-blocking mode, and decouple function detection from function capability.
|