curl/RELEASE-NOTES

Curl and libcurl 7.19.3

 Public curl releases:         109
 Command line options:         128
 curl_easy_setopt() options:   158
 Public functions in libcurl:  58
 Known libcurl bindings:       37
 Contributors:                 683

This release includes the following changes:

 o CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH

This release includes the following bugfixes:

 o build failure when disabling FTP but enabling GSS
 o fixed several calls to memory functions that didn't check return codes
 o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was
   used
 o re-use of connections with the multi interface when multiple handles used
   the same server
 o memory leak with HTTP GSS/kerberos authentication
 o removed the default use of "Pragma: no-cache"
 o fix SCP/SFTP busyloop by using a new libssh2 0.19 function
 o bad fclose() after a fatal error in cookie code
 o curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
 o GSS authentication infinite loop problem
 o 550 response from SIZE no longer treated as missing file
 o ftps:// control connections now use explicit protection level
 o dotted IPv6 addresses longer than 39 bytes failed
 o curl_easy_duphandle() doesn't try to duplicate the connection cache pointer
 o build failure on OS/400 when enabling IPv6
 o better detection of SFTP failures
 o improved connection re-use for subsequent SCP and SFTP trnasfers 

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

 Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
 Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,
 Fred Machado, Ken Hirsch, Keshav Krity, Patrick Monnerat, Mark Karpeles

        Thanks! (and sorry if I forgot to mention someone)
and we are now on the 7.19.3 road 2008-11-13 21:24:00 +08:00			`Curl and libcurl 7.19.3`
working draft of the upcoming 7.10.8 release notes 2003-09-23 05:38:52 +08:00
and we are now on the 7.19.3 road 2008-11-13 21:24:00 +08:00			`Public curl releases: 109`
- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames CURLOPT_POST301 (but adds a define for backwards compatibility for you who don't define CURL_NO_OLDIES). This option allows you to now also change the libcurl behavior for a HTTP response 302 after a POST to not use GET in the subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the patch somewhat before commit. The curl tool got a matching --post302 option. Test case 1076 was added to verify this. 2008-09-06 00:13:20 +08:00			`Command line options: 128`
- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding these new options is that they have no problems with the colon separator that the CURLOPT_PROXYUSERPWD option does. 2008-10-17 04:21:22 +08:00			`curl_easy_setopt() options: 158`
- Introducing curl_easy_send() and curl_easy_recv(). They can be used to send and receive data over a connection previously setup with curl_easy_perform() and its CURLOPT_CONNECT_ONLY option. The sendrecv.c example was added to show how they can be used. 2008-05-13 05:43:24 +08:00			`Public functions in libcurl: 58`
oops, counted one of them twice! 2008-10-08 02:14:11 +08:00			`Known libcurl bindings: 37`
and we are now on the 7.19.3 road 2008-11-13 21:24:00 +08:00			`Contributors: 683`
David Hull made the file: URL parser also accept the somewhat sloppy file syntax: file:/path. I added test case 203 to verify this. 2003-10-29 17:53:21 +08:00
Armel Asselin made the CURLOPT_PREQUOTE option work fine even when CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place in the command sequence as it would have run if there would've been a transfer. 2006-08-09 06:56:46 +08:00			`This release includes the following changes:`
mention the curl_off_t changes first 2008-09-01 22:27:24 +08:00
- Internet Explorer had a broken HTTP digest authentication before v7 and there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy. 2008-12-11 07:13:31 +08:00			`o CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH`
Armel Asselin made the CURLOPT_PREQUOTE option work fine even when CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place in the command sequence as it would have run if there would've been a transfer. 2006-08-09 06:56:46 +08:00
HTTP Digest auth fix on a re-used connection 2007-07-22 18:17:52 +08:00			`This release includes the following bugfixes:`

Christian Krause fixed a build failure when building with gss support enabled and FTP disabled. 2008-11-16 20:42:53 +08:00			`o build failure when disabling FTP but enabling GSS`
my recent changes 2008-11-16 07:47:01 +08:00			`o fixed several calls to memory functions that didn't check return codes`
			`o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was`
			`used`
- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got when uploading files to a single FTP server using multiple easy handle handles with the multi interface. Occasionally a handle would stall in mysterious ways. The problem turned out to be a side-effect of the ConnectionExists() function's eagerness to re-use a handle for HTTP pipelining so it would select it even if already being in use, due to an inadequate check for its chances of being used for pipelnining. 2008-11-19 18:15:19 +08:00			`o re-use of connections with the multi interface when multiple handles used`
			`the same server`
- Christian Krause reported and fixed a memory leak that would occur with HTTP GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386) 2008-11-19 22:22:01 +08:00			`o memory leak with HTTP GSS/kerberos authentication`
- I removed the default use of "Pragma: no-cache" from libcurl when a proxy is used. It has been used since forever but it was never a good idea to use unless explicitly asked for. 2008-11-20 06:00:14 +08:00			`o removed the default use of "Pragma: no-cache"`
- Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19 function when built to support SCP and SFTP that helps the library to know in which direction a particular libssh2 operation would return EAGAIN so that libcurl knows what socket conditions to wait for before trying the function call again. Previously (and still when using libssh2 0.18 or earlier), libcurl will busy-loop in this situation when the easy interface is used! 2008-11-24 21:59:51 +08:00			`o fix SCP/SFTP busyloop by using a new libssh2 0.19 function`
- Pawel Kierski pointed out a mistake in the cookie code that could lead to a bad fclose() after a fatal error had occured. (http://curl.haxx.se/bug/view.cgi?id=2382219) 2008-12-03 23:08:09 +08:00			`o bad fclose() after a fatal error in cookie code`
- Igor Novoseltsev filed bug #2351645 (http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with the multi interface that occured if you removed an easy handle while in progress and the handle was used in a HTTP pipeline. 2008-12-03 23:20:27 +08:00			`o curl_multi_remove_handle() when the handle was in use in a HTTP pipeline`
- Christian Krause filed bug #2221237 (http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite loop during GSS authentication given some specific conditions. With his patience and great feedback I managed to narrow down the problem and eventually fix it although I can't test any of this myself! 2008-12-08 21:52:20 +08:00			`o GSS authentication infinite loop problem`
- Fred Machado posted about a weird FTP problem on the curl-users list and when researching it, it turned out he got a 550 response back from a SIZE command and then I fell over the text in RFC3659 that says: The presence of the 550 error response to a SIZE command MUST NOT be taken by the client as an indication that the file cannot be transferred in the current MODE and TYPE. In other words: the change I did on September 30th 2008 and that has been included in the last two releases were a regression and a bad idea. We MUST NOT take a 550 response from SIZE as a hint that the file doesn't exist. 2008-12-09 04:20:51 +08:00			`o 550 response from SIZE no longer treated as missing file`
- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any particular state for the control connection like it did before for implicit FTPS (libcurl assumed such control connections to be encrypted while some FTPS servers such as FileZilla assumes such connections to be clear mode). Use the CURLOPT_USE_SSL option to set your desired level. 2008-12-09 23:02:37 +08:00			`o ftps:// control connections now use explicit protection level`
- Keshav Krity found out that libcurl failed to deal with dotted IPv6 addresses if they were very long (>39 letters) due to a too strict address validity parser. It now accepts addresses up to 45 bytes long. 2008-12-12 06:22:46 +08:00			`o dotted IPv6 addresses longer than 39 bytes failed`
- Bug report #2416182 titled "crash in ConnectionExists when using duphandle+curl_mutli" (http://curl.haxx.se/bug/view.cgi?id=2416182) showed that curl_easy_duphandle() wrongly also copied the pointer to the connection cache, which was plain wrong and caused a segfault if the handle would be used in a different multi handle than the handle it was duplicated from. 2008-12-12 07:52:56 +08:00			`o curl_easy_duphandle() doesn't try to duplicate the connection cache pointer`
Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting OS/400 compilations with IPv6 enabled. 2008-12-12 11:24:59 +08:00			`o build failure on OS/400 when enabling IPv6`
- libssh2_sftp_last_error() was wrongly used at some places in libcurl which made libcurl sometimes not properly abort problematic SFTP transfers. 2008-12-16 07:04:51 +08:00			`o better detection of SFTP failures`
- SCP and SFTP with the multi interface had the same flaw: the 'DONE' operation didn't complete properly if the EAGAIN equivalent was returned but libcurl would simply continue with a half-completed close operation performed. This ruined persistent connection re-use and cause some SSH-protocol errors in general. The correction is unfortunately adding a blocking function - doing it entirely non-blocking should be considered for a better fix. 2008-12-17 20:32:41 +08:00			`o improved connection re-use for subsequent SCP and SFTP trnasfers`
HTTP Digest auth fix on a re-used connection 2007-07-22 18:17:52 +08:00
			`This release includes the following known bugs:`

			`o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)`

			`This release would not have looked like this without help, code, reports and`
			`advice from friends like these:`

- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got when uploading files to a single FTP server using multiple easy handle handles with the multi interface. Occasionally a handle would stall in mysterious ways. The problem turned out to be a side-effect of the ConnectionExists() function's eagerness to re-use a handle for HTTP pipelining so it would select it even if already being in use, due to an inadequate check for its chances of being used for pipelnining. 2008-11-19 18:15:19 +08:00			`Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,`
- Fred Machado posted about a weird FTP problem on the curl-users list and when researching it, it turned out he got a 550 response back from a SIZE command and then I fell over the text in RFC3659 that says: The presence of the 550 error response to a SIZE command MUST NOT be taken by the client as an indication that the file cannot be transferred in the current MODE and TYPE. In other words: the change I did on September 30th 2008 and that has been included in the last two releases were a regression and a bad idea. We MUST NOT take a 550 response from SIZE as a hint that the file doesn't exist. 2008-12-09 04:20:51 +08:00			`Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,`
credit Mark Karpeles for his report and work 2008-12-12 16:36:56 +08:00			`Fred Machado, Ken Hirsch, Keshav Krity, Patrick Monnerat, Mark Karpeles`
start over on 7.18.1 2008-01-29 05:19:15 +08:00
working draft of the upcoming 7.10.8 release notes 2003-09-23 05:38:52 +08:00			`Thanks! (and sorry if I forgot to mention someone)`