mirror of
https://github.com/curl/curl.git
synced 2024-11-21 01:16:58 +08:00
466d093a92
while not fixing things very nicely, it does make the SOCKS5 proxy connection slightly better as it now acknowledges the timeout for connection and it no longer segfaults in the case when SOCKS requires authentication and you did not specify username:password.
719 lines
31 KiB
Plaintext
719 lines
31 KiB
Plaintext
_ _ ____ _
|
||
___| | | | _ \| |
|
||
/ __| | | | |_) | |
|
||
| (__| |_| | _ <| |___
|
||
\___|\___/|_| \_\_____|
|
||
|
||
Changelog
|
||
|
||
|
||
Daniel (4 September 2006)
|
||
- "Dortik" (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a patch that
|
||
while not fixing things very nicely, it does make the SOCKS5 proxy
|
||
connection slightly better as it now acknowledges the timeout for connection
|
||
and it no longer segfaults in the case when SOCKS requires authentication
|
||
and you did not specify username:password.
|
||
|
||
Daniel (31 August 2006)
|
||
- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch
|
||
name resolves. It could get stuck in the wrong state.
|
||
|
||
Gisle (29 August 2006)
|
||
- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS
|
||
compiler now uses the same config.dos file (renamed to config.h by
|
||
make). libcurl now builds fine using Watcom and Metaware's High-C
|
||
using the Watt-32 tcp/ip-stack.
|
||
|
||
Daniel (29 August 2006)
|
||
- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to
|
||
allow applications to set their own socket options.
|
||
|
||
Daniel (25 August 2006)
|
||
- Armel Asselin reported that the 'running_handles' counter wasn't updated
|
||
properly if you removed a "live" handle from a multi handle with
|
||
curl_multi_remove_handle().
|
||
|
||
Daniel (22 August 2006)
|
||
- David McCreedy fixed a remaining mistake from the August 19 TYPE change.
|
||
|
||
- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP
|
||
code when doing pure ipv6 EPRT connections.
|
||
|
||
Daniel (19 August 2006)
|
||
- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE
|
||
command on subsequent requests on a re-used connection unless it has to.
|
||
|
||
- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and
|
||
files in the root directory.
|
||
|
||
- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
|
||
send the whole request at once, even though the Expect: header was disabled
|
||
by the application. An effect of this change is also that small (< 1024
|
||
bytes) POSTs are now always sent without Expect: header since we deem it
|
||
more costly to bother about that than the risk that we send the data in
|
||
vain.
|
||
|
||
Daniel (9 August 2006)
|
||
- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
|
||
CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
|
||
in the command sequence as it would have run if there would've been a
|
||
transfer.
|
||
|
||
Daniel (8 August 2006)
|
||
- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
|
||
on a persistent connection and allowed the first to use that header, you
|
||
could not disable it for the second request.
|
||
|
||
Daniel (7 August 2006)
|
||
- Domenico Andreolfound a quick build error which happened because
|
||
src/config.h.in was not a proper duplcate of lib/config.h.in which it
|
||
should've been and this was due to the maketgz script not doing the cp
|
||
properly.
|
||
|
||
Version 7.15.5 (7 August 2006)
|
||
|
||
Daniel (2 August 2006)
|
||
- Mark Lentczner fixed how libcurl was not properly doing chunked encoding
|
||
if the header "Transfer-Encoding: chunked" was set by the application.
|
||
http://curl.haxx.se/bug/view.cgi?id=1531838
|
||
|
||
Daniel (1 August 2006)
|
||
- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror()
|
||
an unknown error number on glibc systems.
|
||
http://curl.haxx.se/bug/view.cgi?id=1532289
|
||
|
||
Daniel (31 July 2006)
|
||
- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified
|
||
prototypes: they both now provide the number of running handles back to the
|
||
calling function. It makes the functions resemble the good old
|
||
curl_multi_perform() more and provides a nice way to know when the multi
|
||
handle goes empty.
|
||
|
||
ALERT2: don't use the curl_multi_socket*() functionality in anything
|
||
production-like until I say it's somewhat settled, as I suspect there might
|
||
be some further API changes before I'm done...
|
||
|
||
Daniel (28 July 2006)
|
||
- Yves Lejeune fixed so that replacing Content-Type: when doing multipart
|
||
formposts work exactly the way you want it (and the way you'd assume it
|
||
works).
|
||
|
||
Daniel (27 July 2006)
|
||
- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
|
||
control and data connection, as the existing --ftp-ssl option only requests
|
||
it.
|
||
|
||
- [Hiper-related work] Added a function called curl_multi_assign() that will
|
||
set a private pointer added to the internal libcurl hash table for the
|
||
particular socket passed in to this function:
|
||
|
||
CURLMcode curl_multi_assign(CURLM *multi_handle,
|
||
curl_socket_t sockfd,
|
||
void *sockp);
|
||
|
||
'sockp' being a custom pointer set by the application to be associated with
|
||
this socket. The socket has to be already existing and in-use by libcurl,
|
||
like having already called the callback telling about its existance.
|
||
|
||
The set hashp pointer will then be passed on to the callback in upcoming
|
||
calls when this same socket is used (in the brand new 'socketp' argument).
|
||
|
||
Daniel (26 July 2006)
|
||
- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl
|
||
tool option named --ftp-alternative-to-user. It provides a mean to send a
|
||
particular command if the normal USER/PASS approach fails.
|
||
|
||
- Michael Jerris added magic that builds lib/curllib.vcproj automatically for
|
||
newer MSVC.
|
||
|
||
Daniel (25 July 2006)
|
||
- Georg Horn made the transfer timeout error message include more details.
|
||
|
||
Daniel (20 July 2006)
|
||
- David McCreedy fixed a build error when building libcurl with HTTP disabled,
|
||
problem added with the curl_formget() patch.
|
||
|
||
Daniel (17 July 2006)
|
||
- Jari Sundell did some excellent research and bug tracking, figured out that
|
||
we did wrong and patched it: When nodes were removed from the splay tree,
|
||
and we didn't properly remove it from the splay tree when an easy handle was
|
||
removed from a multi stack and thus we could wrongly leave a node in the
|
||
splay tree pointing to (bad) memory.
|
||
|
||
Daniel (14 July 2006)
|
||
- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared
|
||
for FTP ASCII transfers.
|
||
|
||
Daniel (8 July 2006)
|
||
- Ates Goral pointed out that libcurl's cookie parser did case insensitive
|
||
string comparisons on the path which is incorrect and provided a patch that
|
||
fixes this. I edited test case 8 to include details that test for this.
|
||
|
||
- Ingmar Runge provided a source snippet that caused a crash. The reason for
|
||
the crash was that libcurl internally was a bit confused about who owned the
|
||
DNS cache at all times so if you created an easy handle that uses a shared
|
||
DNS cache and added that to a multi handle it would crash. Now we keep more
|
||
careful internal track of exactly what kind of DNS cache each easy handle
|
||
uses: None, Private (allocated for and used only by this single handle),
|
||
Shared (points to a cache held by a shared object), Global (points to the
|
||
global cache) or Multi (points to the cache within the multi handle that is
|
||
automatically shared between all easy handles that are added with private
|
||
caches).
|
||
|
||
Daniel (4 July 2006)
|
||
- Toshiyuki Maezawa fixed a problem where you couldn't override the
|
||
Proxy-Connection: header when using a proxy and not doing CONNECT.
|
||
|
||
Daniel (24 June 2006)
|
||
- Michael Wallner added curl_formget(), which allows an application to extract
|
||
(serialise) a previously built formpost (as with curl_formadd()).
|
||
|
||
Daniel (23 June 2006)
|
||
- Arve Knudsen found a flaw in curl_multi_fdset() for systems where
|
||
curl_socket_t is unsigned (like Windows) that could cause it to wrongly
|
||
return a max fd of -1.
|
||
|
||
Daniel (20 June 2006)
|
||
- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and
|
||
CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed
|
||
to send or receive data. This kind of adds the the command line tool's
|
||
option --limit-rate to the library.
|
||
|
||
The rate limiting logic in the curl app is now removed and is instead
|
||
provided by libcurl itself. Transfer rate limiting will now also work for -d
|
||
and -F, which it didn't before.
|
||
|
||
Daniel (19 June 2006)
|
||
- Made -K on a file that couldn't be read cause a warning to be displayed.
|
||
|
||
Daniel (13 June 2006)
|
||
- Dan Fandrich implemented --enable-hidden-symbols configure option to enable
|
||
-fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl
|
||
binary and speeds up dynamic linking by hiding all the internal symbols from
|
||
the symbol table.
|
||
|
||
Version 7.15.4 (12 June 2006)
|
||
|
||
Daniel (8 June 2006)
|
||
- Brian Dessent fixed the code for cygwin in three distinct ways:
|
||
|
||
The first modifies {lib,src}/setup.h to not include the winsock headers
|
||
under Cygwin. This fixes the reported build problem. Cygwin attempts as
|
||
much as possible to emulate a posix environment under Windows. This means
|
||
that WIN32 is *not* #defined and (to the extent possible) everything is done
|
||
as it would be on a *ix type system. Thus <sys/socket.h> is the proper
|
||
include, and even though winsock2.h is present, including it just introduces
|
||
a whole bunch of incompatible socket API stuff.
|
||
|
||
The second is a patch I've included in the Cygwin binary packages for a
|
||
while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The
|
||
checks are innocuous and they do succeed, but they pollute LIBS with
|
||
unnecessary stuff which gets recorded as such in the libcurl.la file, which
|
||
brings them into the build of any libcurl-downstream. As far as I know
|
||
these libs are really only necessary for mingw, so alternatively they could
|
||
be designed to only run if $host matches *-*-mingw* but I took the safer
|
||
route of skipping them for *-*-cygwin*.
|
||
|
||
The third patch replaces all uses of the ancient and obsolete __CYGWIN32__
|
||
with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>.
|
||
|
||
Daniel (7 June 2006)
|
||
- Mikael Sennerholm provided a patch that added NTLM2 session response support
|
||
to libcurl. The 21 NTLM test cases were again modified to comply...
|
||
|
||
Daniel (27 May 2006)
|
||
- <20>scar Morales Viv<69> updated the libcurl.framework.make file.
|
||
|
||
Daniel (26 May 2006)
|
||
- Olaf St<53>ben fixed a bug that caused Digest authentication with md5-sess to
|
||
fail. When using the md5-sess, the result was not Md5 encoded and Base64
|
||
transformed.
|
||
|
||
Daniel (25 May 2006)
|
||
- Michael Wallner provided a patch that allows "SESS" to be set with
|
||
CURLOPT_COOKIELIST, which then makes all session cookies get cleared.
|
||
|
||
Daniel (24 May 2006)
|
||
- Tor Arntsen made test 271 run fine again since the TFTP path fix.
|
||
|
||
Daniel (23 May 2006)
|
||
- Martin Michlmayr filed debian bug report #367954, but the same error also
|
||
showed up in the autobuilds. It seems a rather long-since introduced shell
|
||
script flaw in the configure script suddenly was detected by the bash
|
||
version in Debian Unstable. It had previously passed undetected by all
|
||
shells used so far...
|
||
|
||
- David McCreedy updated lib/config-tpf.h
|
||
|
||
Daniel (11 May 2006)
|
||
- Fixed the configure's check for old-style SSLeay headers since I fell over a
|
||
case with a duplicate file name (a krb4 implementation with an err.h
|
||
file). I converted the check to manually make sure three of the headers are
|
||
present before considering them fine.
|
||
|
||
- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
|
||
checks on the to-be-returned socket to make sure it truly seems to be alive
|
||
and well. For SSL connection it (only) uses OpenSSL functions.
|
||
|
||
Daniel (10 May 2006)
|
||
- Fixed DICT in two aspects:
|
||
|
||
1 - allow properly URL-escaped words, like using %20 for spaces
|
||
|
||
2 - properly escape certain letters within a word to comply to the RFC2229
|
||
|
||
Daniel (9 May 2006)
|
||
- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU
|
||
autotools project, which optionally (default=yes) uses libcurl on a system
|
||
without a (usable) libcurl installation, but not specifying
|
||
`--without-libcurl', configure determines correctly that no libcurl is
|
||
available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl'
|
||
in the resulting Makefiles.
|
||
|
||
David Shaw fixed the flaw.
|
||
|
||
- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
|
||
connects. The state machine was not reset properly so that subsequent
|
||
connects using the same handle would fail, and there were two memory leaks.
|
||
|
||
- Robson Braga Araujo fixed a memory leak when you added an easy handle to a
|
||
multi stack and that easy handle had already been used to do one or more
|
||
easy interface transfers, as then the code threw away the previously used
|
||
DNS cache without properly freeing it.
|
||
|
||
Daniel (8 May 2006)
|
||
- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous
|
||
problems:
|
||
|
||
* The received file is corrupted when a packet is lost and retransmitted
|
||
(this is a serious problem!)
|
||
|
||
* Transmitting a file aborts if a block is lost and retransmitted
|
||
|
||
* Data is stored in the wrong location in the buffer for uploads, so uploads
|
||
always fail (I don't see how it could have ever worked, but it did on x86
|
||
at least)
|
||
|
||
* A number of calls are made to strerror instead of Curl_strerror, making
|
||
the code not thread safe
|
||
|
||
* There are references to errno instead of Curl_sockerrno(), causing
|
||
incorrect error messages on Windows
|
||
|
||
* The file name includes a leading / which violates RFC3617. Doing something
|
||
similar to ftp, where two slashes after the host name means an absolute
|
||
reference seems a reasonable extension to fix this.
|
||
|
||
* Failures in EBCDIC conversion are not propagated up to the caller but are
|
||
silently ignored
|
||
|
||
- Fixed known bug #28. The TFTP code no longer assumes a packed struct and
|
||
thus works reliably on more platforms.
|
||
|
||
Daniel (5 May 2006)
|
||
- Roland Blom filed bug report #1481217
|
||
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele
|
||
Bini and David Byron. libcurl previously wrongly used GetLastError() on
|
||
windows to get error details after socket-related function calls, when it
|
||
really should use WSAGetLastError() instead.
|
||
|
||
When changing to this, the former function Curl_ourerrno() is now instead
|
||
called Curl_sockerrno() as it is necessary to only use it to get errno from
|
||
socket-related functions as otherwise it won't work as intended on Windows.
|
||
|
||
Daniel (4 May 2006)
|
||
- Mark Eichin submitted bug report #1480821
|
||
(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
|
||
problem with how libcurl dealt with GnuTLS and a case where gnutls returned
|
||
GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
|
||
return code, making Curl_ssl_send() confuse the upper layer - causing random
|
||
28 bytes trash data to get inserted in the transfered stream.
|
||
|
||
The proper fix was to make the Curl_gtls_send() function return the proper
|
||
return codes that the callers would expect. The Curl_ossl_send() function
|
||
already did this.
|
||
|
||
Daniel (2 May 2006)
|
||
- Added a --checkfor option to curl-config to allow users to easier
|
||
write for example shell scripts that test for the presence of a
|
||
new-enough libcurl version. If --checkfor is given a version string
|
||
newer than what is currently installed, curl-config will return a
|
||
non-zero exit code and output a string about the unfulfilled
|
||
requirement.
|
||
|
||
Daniel (26 April 2006)
|
||
- David McCreedy brought initial line end conversions when doing FTP ASCII
|
||
transfers. They are done on non-windows systems and translate CRLF to LF.
|
||
|
||
I modified the 15 LIST-using test cases accordingly. The downside is that now
|
||
we'll have even more trouble to get the tests to run on Windows since they
|
||
should get CRLF newlines left intact which the *nix versions don't. I figure
|
||
the only sane thing to do is to add some kind of [newline] macro for the test
|
||
case files and have them expanded to the proper native line ending when the
|
||
test cases are run. This is however left to implement.
|
||
|
||
Daniel (25 April 2006)
|
||
- Paul Querna fixed libcurl to better deal with deflate content encoding
|
||
when the stream (wrongly) lacks a proper zlib header. This seems to be the
|
||
case on too many actual server implementations.
|
||
|
||
Daniel (21 April 2006)
|
||
- Ale Vesely fixed CURLOPT_INTERFACE when using a hostname.
|
||
|
||
Daniel (19 April 2006)
|
||
- Based on previous info from Tor Arntsen, I made configure detect the Intel
|
||
ICC compiler to add a compiler option for it, in order for configure to
|
||
properly be able to detect function prototypes.
|
||
|
||
- Robson Braga Araujo provided a patch that makes libcurl less eager to close
|
||
the control connection when using FTP, for example when you remove an easy
|
||
handle from a multi stack.
|
||
|
||
- Applied a patch by Ates Goral and Katie Wang that corrected my bad fix
|
||
attempt from April 10.
|
||
|
||
Daniel (11 April 2006)
|
||
- #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad
|
||
typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least)
|
||
since the struct timeval field tv_sec is an int while time_t is 64bit.
|
||
|
||
Daniel (10 April 2006)
|
||
- Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
|
||
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
|
||
connection time-out!
|
||
|
||
- I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main
|
||
sources. See the lib/README.multi_socket for implementation story with
|
||
details. Don't expect it to work fully yet. I don't intend to blow any
|
||
whistles or ring any bells about it until I'm more convinced it works at
|
||
least somewhat reliably.
|
||
|
||
Daniel (7 April 2006)
|
||
- David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt()
|
||
options (callbacks) were added:
|
||
|
||
CONV_FROM_NETWORK_FUNCTION
|
||
CONV_TO_NETWORK_FUNCTION
|
||
CONV_FROM_UTF8_FUNCTION
|
||
|
||
Daniel (5 April 2006)
|
||
- Michele Bini modified the NTLM code to work for his "weird IIS case"
|
||
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash
|
||
function in addition to the LM one and making some other adjustments in the
|
||
order the different parts of the data block are sent in the Type-2 reply.
|
||
Inspiration for this work was taken from the Firefox NTLM implementation.
|
||
|
||
I edited the existing 21(!) NTLM test cases to run fine with these news. Due
|
||
to the fact that we now properly include the host name in the Type-2 message
|
||
the test cases now only compare parts of that chunk.
|
||
|
||
Daniel (28 March 2006)
|
||
- #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that
|
||
occurred when asking libcurl to follow HTTP redirects and the original URL
|
||
had more than one question mark (?). Added test case 276 to verify.
|
||
|
||
Daniel (27 March 2006)
|
||
- David Byron found a problem multiple -d options when libcurl was built with
|
||
--enable-debug, as then curl used free() on memory allocated both with
|
||
normal malloc() and with libcurl-provided functions, when the latter MUST be
|
||
freed with curl_free() in debug builds.
|
||
|
||
Daniel (26 March 2006)
|
||
- Tor Arntsen figured out that TFTP was broken on a lot of systems since we
|
||
called bind() with a too big argument in the 3rd parameter and at least
|
||
Tru64, AIX and IRIX seem to be very picky about it.
|
||
|
||
Daniel (21 March 2006)
|
||
- David McCreedy added CURLINFO_FTP_ENTRY_PATH.
|
||
|
||
- Xavier Bouchoux made the SSL connection non-blocking for the multi interface
|
||
(when using OpenSSL).
|
||
|
||
- Tor Arntsen fixed the AIX Toolbox RPM spec
|
||
|
||
Daniel (20 March 2006)
|
||
- David McCreedy fixed libcurl to no longer ignore AUTH failures and now it
|
||
reacts properly according to the CURLOPT_FTP_SSL setting.
|
||
|
||
- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
|
||
whose length was a multiple of 512 bytes could have random garbage
|
||
appended. Also, stop processing TFTP packets which are too short to be
|
||
legal.
|
||
|
||
- Ilja van Sprundel reported a possible crash in the curl tool when using
|
||
"curl hostwithoutslash -d data -G"
|
||
|
||
Version 7.15.3 (20 March 2006)
|
||
|
||
Daniel (20 March 2006)
|
||
- VULNERABILITY reported to us by Ulf Harnhammar.
|
||
|
||
libcurl uses the given file part of a TFTP URL in a manner that allows a
|
||
malicious user to overflow a heap-based memory buffer due to the lack of
|
||
boundary check.
|
||
|
||
This overflow happens if you pass in a URL with a TFTP protocol prefix
|
||
("tftp://"), using a valid host and a path part that is longer than 512
|
||
bytes.
|
||
|
||
The affected flaw can be triggered by a redirect, if curl/libcurl is told to
|
||
follow redirects and an HTTP server points the client to a tftp URL with the
|
||
characteristics described above.
|
||
|
||
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
|
||
CVE-2006-1061 to this issue.
|
||
|
||
Daniel (16 March 2006)
|
||
- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
|
||
in the release archive.
|
||
|
||
Daniel (14 March 2006)
|
||
- David McCreedy fixed:
|
||
|
||
a bad SSL error message when OpenSSL certificates are verified fine.
|
||
|
||
a missing return code assignment in the FTP code
|
||
|
||
Daniel (7 March 2006)
|
||
- Markus Koetter filed debian bug report #355715 which identified a problem
|
||
with the multi interface and multi-part formposts. The fix from February
|
||
22nd could make the Curl_done() function get called twice on the same
|
||
connection and it was not designed for that and thus tried to call free() on
|
||
an already freed memory area!
|
||
|
||
- Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL
|
||
is used properly.
|
||
|
||
Daniel (6 March 2006)
|
||
- Lots of users on Windows have reported getting the "SSL: couldn't set
|
||
callback" error message so I've now made the setting of that callback not be
|
||
as critical as before. The function is only used for additional loggging/
|
||
trace anyway so a failure just means slightly less data. It should still be
|
||
able to proceed and connect fine to the server.
|
||
|
||
Daniel (4 March 2006)
|
||
- Thomas Klausner provided a patch written by Todd Vierling in bug report
|
||
#1442471 that fixes a build problem on Interix.
|
||
|
||
Daniel (2 March 2006)
|
||
- FTP upload without a file name part in the URL now causes
|
||
curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the
|
||
upload but named the file "(nil)" (without the quotes). Test case 524
|
||
verifies.
|
||
|
||
- Added a check for getprotobyname in configure so that it'll be used, thanks
|
||
to Gisle Vanem's change the other day.
|
||
|
||
Daniel (28 February 2006)
|
||
- Dan Fandrich prevented curl from getting stuck in an endless loop in case we
|
||
are out of file handles very early in curl's code where it makes sure that
|
||
0, 1 and 2 aren't gonna be used by the lib for transfers.
|
||
|
||
Daniel (27 February 2006)
|
||
- Marty Kuhrt pointed out that there were two VMS-specific files missing in
|
||
the release archive.
|
||
|
||
Version 7.15.2 (27 February 2006)
|
||
|
||
Daniel (22 February 2006)
|
||
- Lots of work and analysis by "xbx___" in bug #1431750
|
||
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
|
||
different but related bugs:
|
||
|
||
1) Removing an easy handle from a multi handle before the transfer is done
|
||
could leave a connection in the connection cache for that handle that is
|
||
in a state that isn't suitable for re-use. A subsequent re-use could then
|
||
read from a NULL pointer and segfault.
|
||
|
||
2) When an easy handle was removed from the multi handle, there could be an
|
||
outstanding c-ares DNS name resolve request. When the response arrived,
|
||
it caused havoc since the connection struct it "belonged" to could've
|
||
been freed already.
|
||
|
||
Now Curl_done() is called when an easy handle is removed from a multi handle
|
||
pre-maturely (that is, before the transfer was complteted). Curl_done() also
|
||
makes sure to cancel all (if any) outstanding c-ares requests.
|
||
|
||
Daniel (21 February 2006)
|
||
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
|
||
type to the already provided type CURLPROXY_SOCKS4.
|
||
|
||
I added a --socks4 option that works like the current --socks5 option but
|
||
instead use the socks4 protocol.
|
||
|
||
Daniel (20 February 2006)
|
||
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
|
||
content when libcurl didn't honor the internal ignorebody flag.
|
||
|
||
Daniel (18 February 2006)
|
||
- Ulf H<>rnhammar fixed a format string (printf style) problem in the Negotiate
|
||
code. It should however not be the cause of any troubles. He also fixed a
|
||
few similar problems in the HTTP test server code.
|
||
|
||
Daniel (17 February 2006)
|
||
- Shmulik Regev provided a fix for the DNS cache when using short life times,
|
||
as previously it could be holding on to old cached entries longer than
|
||
requested.
|
||
|
||
Daniel (11 February 2006)
|
||
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
|
||
that an app can use to let libcurl only connect to a remote host and then
|
||
extract the socket from libcurl. libcurl will then not attempt to do any
|
||
transfer at all after the connect is done.
|
||
|
||
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
|
||
instead of LDFLAGS.
|
||
|
||
Daniel (8 February 2006)
|
||
- Philippe Vaucher provided a brilliant piece of test code that show a problem
|
||
with re-used FTP connections. If the second request on the same connection
|
||
was set not to fetch a "body", libcurl could get confused and consider it an
|
||
attempt to use a dead connection and would go acting mighty strange.
|
||
|
||
Daniel (2 February 2006)
|
||
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
|
||
change done in November 2005.
|
||
|
||
Daniel (30 January 2006)
|
||
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
|
||
curl tool with --local-port. Plain and simply set the range of ports to bind
|
||
the local end of connections to. Implemented on to popular demand.
|
||
|
||
- Based on an error report by Philippe Vaucher, we no longer count a retried
|
||
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
|
||
connection is re-setup and 2) it does make the max-redirs counter behave
|
||
wrong.
|
||
|
||
Daniel (24 January 2006)
|
||
- Michal Marek provided a patch for FTP that makes libcurl continue to try
|
||
PASV even after EPSV returned a positive response code, if libcurl failed to
|
||
connect to the port number the EPSV response said. Obviously some people are
|
||
going through protocol-sensitive firewalls (or similar) that don't
|
||
understand EPSV and then they don't allow the second connection unless PASV
|
||
was used. This also called for a minor fix of test case 238.
|
||
|
||
Daniel (20 January 2006)
|
||
- Duane Cathey was one of our friends who reported that curl -P [IP]
|
||
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
|
||
"native" IP while it works fine for ipv6-disabled builds!
|
||
|
||
In the process of fixing this, I removed the support for LPRT since I can't
|
||
think of many reasons to keep doing it and asking on the mailing list didn't
|
||
reveal anyone else that could either. The code that sends EPRT and PORT is
|
||
now also a lot simpler than before (IMHO).
|
||
|
||
Daniel (19 January 2006)
|
||
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
|
||
(built ipv4-only) didn't work.
|
||
|
||
Daniel (18 January 2006)
|
||
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
|
||
the configure script complained about a missing "missing" script if you ran
|
||
configure within a path whose name included one or more spaces. This is due
|
||
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
|
||
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
|
||
be used instead of the one automake ships with. This kludge needs to be
|
||
removed once we get an automake version with this problem corrected.
|
||
Possibly we'll then need to convert this into a kludge depending on what
|
||
automake version that is used and that is gonna be painful and I don't even
|
||
want to think about that now...!
|
||
|
||
Daniel (17 January 2006)
|
||
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
|
||
the latest features and protocols that libcurl supports and has a minor fix
|
||
to better deal with the obscure case where someone has more than one libcurl
|
||
installed at the same time.
|
||
|
||
Daniel (16 January 2006)
|
||
- David Shaw finally removed all traces of Gopher and we are now officially
|
||
not supporting it. It hasn't been functioning for years anyway, so this is
|
||
just finally stating what already was true. And a cleanup at the same time.
|
||
|
||
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
|
||
into a counter, and thus you can now do multiple curl_global_init() and you
|
||
are then supposed to do the same amount of calls to curl_global_cleanup().
|
||
Bryan has also updated the docs accordingly.
|
||
|
||
Daniel (13 January 2006)
|
||
- Andrew Benham fixed a race condition in the test suite that could cause the
|
||
test script to kill all processes in the current process group!
|
||
|
||
Daniel (12 January 2006)
|
||
- Michael Jahn:
|
||
|
||
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
|
||
HTTP proxy.
|
||
|
||
Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
|
||
previously overwrite internal memory and cause unpredicted behaviour!
|
||
|
||
Daniel (11 January 2006)
|
||
- I decided to document the "secret option" here now, as I've received *NO*
|
||
feedback at all on my mailing list requests from November 2005:
|
||
|
||
I'm looking for feedback and comments. I added some experimental code the
|
||
other day, that allows a libcurl user to select what method libcurl should
|
||
use to reach a file on a FTP(S) server.
|
||
|
||
This functionality is available in CVS code and in recent daily snapshots.
|
||
|
||
Let me explain...
|
||
|
||
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
|
||
the command line tool) and you set it to a long (there are currenly no
|
||
defines for the argument values, just plain numericals). You can set three
|
||
different "methods" that do this:
|
||
|
||
1 multicwd - like today, curl will do a single CWD operation for each path
|
||
part in the given URL. For deep hierarchies this means very many
|
||
commands. This is how RFC1738 says it should be done. This is the
|
||
default.
|
||
|
||
2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
|
||
a full path to the server.
|
||
|
||
3 singlecwd - make one CWD with the full target directory and then operate
|
||
on the file "normally".
|
||
|
||
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
|
||
one of "multicwd", "nocwd" or "singlecwd".)
|
||
|
||
What feedback I'm interested in:
|
||
|
||
1 - Do they work at all? Do you find servers where one of these don't work?
|
||
|
||
2 - What would proper names for the option and its arguments be, if we
|
||
consider this feature good enough to get included and documented in
|
||
upcoming releases?
|
||
|
||
3 - Should we make libcurl able to "walk through" these options in case of
|
||
(path related) failures, or should it fail and let the user redo any
|
||
possible retries?
|
||
|
||
(This option is not documented in any man page just yet since I'm not sure
|
||
these names will be used or if the functionality will end up exactly like
|
||
this. And for the same reasons we have no test cases for these yet.)
|
||
|
||
Daniel (10 January 2006)
|
||
- When using a bad path over FTP, as in when libcurl couldn't CWD into all
|
||
given subdirs, libcurl would still "remember" the full path as if it is the
|
||
current directory libcurl is in so that the next curl_easy_perform() would
|
||
get really confused if it tried the same path again - as it would not issue
|
||
any CWD commands at all, assuming it is already in the "proper" dir.
|
||
|
||
Starting now, a failed CWD command sets a flag that prevents the path to be
|
||
"remembered" after returning.
|
||
|
||
Daniel (7 January 2006)
|
||
- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
|
||
proxy actually used a new connection and not sent the second request on the
|
||
first socket!
|
||
|
||
Daniel (6 January 2006)
|
||
- Alexander Lazic made the buildconf run the buildconf in the ares dir if that
|
||
is present instead of trying to mimic that script in curl's buildconf
|
||
script.
|
||
|
||
Daniel (3 January 2006)
|
||
- Andres Garcia made the TFTP test server build with mingw.
|