diff options
Diffstat (limited to 'CHANGES.0')
-rw-r--r-- | CHANGES.0 | 18002 |
1 files changed, 18002 insertions, 0 deletions
diff --git a/CHANGES.0 b/CHANGES.0 new file mode 100644 index 00000000..eab26da8 --- /dev/null +++ b/CHANGES.0 @@ -0,0 +1,18002 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Old Changelog + +Changes done to curl and libcurl from 1997 to 2010, edited manually. The most +recent changes are always generated into the CHANGES file straight from git. + +Kamil Dudka (17 June 2010) +- Improve test575 in order to not fail with threaded DNS resolver. + +Version 7.21.0 (16 June 2010) + +Daniel Stenberg (5 June 2010) +- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using + libcurl and OpenSSL. "I tracked it down to uncleared error state on the + OpenSSL error stack - patch attached deals with that." + +Daniel Stenberg (5 June 2010) +- Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and + CURLINFO_LOCAL_PORT to curl_easy_getinfo(). + +Yang Tse (4 June 2010) +- Enabled OpenLDAP support for cygwin builds. This support was disabled back + in 2008 due to incompatibilities between OpenSSL and OpenLDAP headers. + cygwin's OpenSSL 0.9.8l and OpenLDAP 2.3.43 versions on cygwin 1.5.25 + allow building an OpenLDAP enabled libcurl supporting back to Windows 95. + + Removed the non-functional CURL_LDAP_HYBRID code and references. + +Daniel Stenberg (2 June 2010) +- Jason McDonald posted bug report #3006786 when he found that the SFTP code + didn't timeout properly in several places in the code even if a timeout was + set properly. + + Based on his suggested patch, I wrote a different implementation that I + think addressed the issue better and also uses the connect timeout for the + initial part of the SSH/SFTP done during the "protocol connect" phase. + + (http://curl.haxx.se/bug/view.cgi?id=3006786) + +Yang Tse (2 June 2010) +- Added missing new libcurl files to non-configure targets. Adjusted + libcurl standard internal header inclusions in new files. Fixed an + SPNEGO related memory leak. Fixed several LDAP related compilation + issues, and fixed some compiler warnings. + +Daniel Stenberg (1 June 2010) +- Igor Novoseltsev reported a problem with the multi socket API and using + timeouts and timers. It boiled down to a problem with libcurl's use of + GetTickCount() interally to figure out the current time, while Igor's own + application code used another function call. + + It made his app call the socket API timeout function a bit _before_ libcurl + would consider the timeout to trigger, and that could easily lead to + timeouts or stalls in the app. It seems GetTickCount() in general often has + no better resolution than 16ms and switching to the alternative function + QueryPerformanceCounter has its share of problems: + http://www.virtualdub.org/blog/pivot/entry.php?id=106 + + We address this problem by simply having libcurl treat timers that already + has occured or will occur within 40ms subject for treatment. I'm confident + that there are other implementations and operating systems with similarly in + accurate timer functions so it makes sense to have applied generically and I + don't believe we sacrifice much by adding a 40ms inaccuracy on these + timeouts. + +Kamil Dudka (27 May 2010) +- added a new test for CRL support (test313) + +- Tor Arntsen changed the alternative definition of bool to use enum instead + of unsigned char. + +Daniel Stenberg (25 May 2010) +- Julien Chaffraix fixed the warning seen when compiling lib/rtmp.c: one + unused variables, several unused arguments and some missing #include. + +- Julien Chaffraix fixed 2 OOM errors: a missing NULL-check in + lib/http_negociate.c and a potential NULL dereferencing in lib/splay.c + +- Howard Chu brought a patch that makes the LDAP code much cleaner, nicer and + in general being a better libcurl citizen. If a new enough OpenLDAP version + is detect, the new and shiny lib/openldap.c code is then used instead of the + old cruft. + +Daniel Stenberg (21 May 2010) +- Eric Mertens posted bug #3003705: when we made TFTP use the correct timeout + option when sent to the server (fixed May 18th 2010) it became obvious that + libcurl used invalid timeout values (300 by default while the RFC allows + nothing above 255). While of course it is obvious that as TFTP has worked + thus far without being able to set timeout at all, just removing the setting + wouldn't make any difference in behavior. I decided to still keep it (but + fix the problem) as it now actually allows for easier (future) customization + of the timeout. + + (http://curl.haxx.se/bug/view.cgi?id=3003705) + +- Douglas Kilpatrick filed bug report #3004787 and pointed out that the TFTP + code didn't handle block id wraps correctly. His suggested fix inspired the + fix I committed. + + (http://curl.haxx.se/bug/view.cgi?id=3004787) + +Daniel Stenberg (20 May 2010) +- Tanguy Fautre brought a fix to allow curl to build with Microsoft VC10. + +Daniel Stenberg (18 May 2010) +- Eric Mertens posted bug report #3003005 pointing out that the libcurl TFTP + code was not sending the timeout option properly to the server, and + suggested a fix. + + (http://curl.haxx.se/bug/view.cgi?id=3003005) + +Kamil Dudka (16 May 2010) +- Pavel Raiskup introduced a new option CURLOPT_FNMATCH_DATA in order to pass + a custom data pointer to the callback specified by CURLOPT_FNMATCH_FUNCTION. + +Daniel Stenberg (14 May 2010) +- John-Mark Bell filed bug #3000052 that identified a problem (with an + associated patch) with the OpenSSL handshake state machine when the multi + interface is used: + + Performing an https request using a curl multi handle and using select or + epoll to wait for events results in a hang. It appears that the cause is the + fix for bug #2958179, which makes ossl_connect_common unconditionally return + from the step 2 loop when fetching from a multi handle. + + When ossl_connect_step2 has completed, it updates connssl->connecting_state + to ssl_connect_3. ossl_connect_common will then return to the caller, as a + multi handle is in use. Eventually, the client code will call + curl_multi_fdset to obtain an updated fdset to select or epoll on. For https + requests, curl_multi_fdset will cause https_getsock to be called. + https_getsock will only return a socket handle if the connecting_state is + ssl_connect_2_reading or ssl_connect_2_writing. Therefore, the client will + never obtain a valid fdset, and thus not drive the multi handle, resulting + in a hang. + + (http://curl.haxx.se/bug/view.cgi?id=3000052) + +- Sebastian V reported bug #3000056 identifying a problem with redirect + following. It showed that when curl followed redirects it didn't properly + ignore the response body of the 30X response if that response was using + compressed Content-Encoding! + + (http://curl.haxx.se/bug/view.cgi?id=3000056) + +Daniel Stenberg (12 May 2010) +- Howard Chu brought support for RTMP. This is powered by the underlying + librtmp library. It supports a range of variations and "sub-protocols" + within the RTMP family. + +- Pavel Raiskup brought support for FTP directory wildcard matching to allow + selective downloading. To provide that, a set of new options were added: + + CURLOPT_WILDCARDMATCH + CURLOPT_CHUNK_BGN_FUNCTION + CURLOPT_CHUNK_END_FUNCTION + CURLOPT_CHUNK_DATA + CURLOPT_FNMATCH_FUNCTION + + There were also a set of new tests added (574 - 577) to verify this. + +Kamil Dudka (11 May 2010) +- CRL support in libcurl-NSS has been completely broken. Now it works. Original + bug report: https://bugzilla.redhat.com/581926 + +Daniel Stenberg (7 May 2010) +- Dirk Manske reported a regression. When connecting with the multi interface, + there were situations where libcurl wouldn't store connect time correctly as + it used to (and is documented to) do. + + Using his fine sample program we could repeat it, and I wrote up test case + 573 using that code. The problem does not easily show itself using the local + test suite though. + + The fix, also as suggested by Dirk, is a bit on the ugly side as it adds yet + another call to Curl_verboseconnect() and setting the TIMER_CONNECT time. + That situation is subject for some closer inspection in the future. + +- Howard Chu split the I/O handling functions into private handlers. + + Howard Chu brought the bulk work of this patch that properly moves out the + sending and recving of data to the parts of the code that are properly + responsible for the various ways of doing so. + + Daniel Stenberg assisted with polishing a few bits and fixed some minor + flaws in the original patch. + + Another upside of this patch is that we now abuse CURLcodes less with the + "magic" -1 return codes and instead use CURLE_AGAIN more consistently. + +Daniel Stenberg (5 May 2010) +- Hoi-Ho Chan introduced support for using the PolarSSL library. You control + this with the new configure option --with-polarssl. + +Daniel Stenberg (29 Apr 2010) +- Ben Greear made telnet a lot better/easier to use by an application: + + The main change is to allow input from user-specified methods, when they are + specified with CURLOPT_READFUNCTION. All calls to fflush(stdout) in + telnet.c were removed, which makes using 'curl telnet://foo.com' painful + since prompts and other data are not always returned to the user promptly. + Use 'curl --no-buffer telnet://foo.com' instead. In general, the user + should have their CURLOPT_WRITEFUNCTION do a fflush for interactive use. + + Also fix assumption that reading from stdin never returns < 0. + Old code could crash in that case. + + Call progress functions in telnet main loop. + +Daniel Stenberg (26 Apr 2010) +- Make use of the libssh2_init/exit functions that libssh2 added in version + 1.2.5. Using them will improve how libcurl works in threaded situations when + SCP and SFTP are transfered. + +Daniel Stenberg (25 Apr 2010) +- Based on work by Kamil Dudka, I've introduced the new configure option + --enable-threaded-resolver. When used, the configure script will check for + pthreads and if around, it will build libcurl to use pthreads to do name + resolving in a threaded manner. Note that this is just a fix to offer an + option that can enable the code that already included. The threader resolver + code was mostly added on Jan 26 2010. + +Daniel Stenberg (24 Apr 2010) +- Alex Bligh introduced the --proto and -proto-redir options that limit what + protocols curl accepts for the requests and when following redirects. + +Kamil Dudka (24 Apr 2010) +- Fixed test536 in order to not fail with threaded DNS resolver and tweaked + comments in certain examples using curl_multi_fdset(). + +- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405 + to hang on a slow machine. + +Daniel Stenberg (21 Apr 2010) +- The -O option caused curl to crash on windows and DOS due to the tool + writing out of boundary memory. + +Yang Tse (20 Apr 2010) +- Ruslan Gazizov detected that MSVC makefiles were using wsock32.lib instead + of ws2_32.lib, this generated linking issues on MSVC IPv6 enabled builds + that were done using those makefiles. + +Daniel Stenberg (19 Apr 2010) +- -J/--remote-header-name didn't strip trailing carriage returns or linefeeds + properly, so they could be used in the file name. + +Daniel Stenberg (16 Apr 2010) +- Jerome Vouillon made the GnuTLS SSL handshake phase non-blocking. + +- The recent overhaul of the SSL recv function made the GnuTLS specific code + treat a zero returned from gnutls_record_recv() as an error, and this caused + our HTTPS test cases to fail. We leave it to upper layer code to detect if + an EOF is a problem or not. + +- I reverted the resolver fix from yesterday and instead removed all uses of + AI_CANONNAME all over libcurl and made the only user of that info (krb5.c) + use the host name from the URL instead. No reverse resolving is a good + thing. + +- Paul Howarth made configure properly detect GSS "on ancient Linux distros" + by editing in which order we use headers to detect GSS. + +Daniel Stenberg (15 Apr 2010) +- Rainer Canavan filed bug report #2987196 that identified libcurl doing + unnecesary reverse name lookups in many cases when built to use IPv4 and + getaddrinfo(). The logic for IPv6 is now used for IPv4 too. + + (http://curl.haxx.se/bug/view.cgi?id=2963679) + +Version 7.20.1 (14 April 2010) + +Daniel Stenberg (9 Apr 2010) +- Prefixing the FTP quote commands with an asterisk really only worked for the + postquote actions. This is now fixed and test case 227 has been extended to + verify. + +Kamil Dudka (4 Apr 2010) +- Eliminated a race condition in Curl_resolv_timeout(). + +- Refactorized interface of Curl_ssl_recv()/Curl_ssl_send(). + +- libcurl-NSS now provides more accurate messages and error codes in case of + client certificate problem. Either during connection, or transfer phase. + +Daniel Stenberg (1 Apr 2010) +- Matt Wixson found and fixed a bug in the SCP/SFTP area where the code + treated a 0 return code from libssh2 to be the same as EAGAIN while in + reality it isn't. The problem caused a hang in SFTP transfers from a + MessageWay server. + +Daniel Stenberg (28 Mar 2010) +- Ben Greear: If you pass a URL to pop3 that does not contain a message ID as + part of the URL, it would previously ask for 'INBOX' which just causes the + pop3 server to return an error. + + Now libcurl treats en empty message ID as a request for LIST (list of pop3 + message IDs). User's code could then parse this and download individual + messages as desired. + +Daniel Stenberg (27 Mar 2010) +- Ben Greear brought a patch that from now on allows all protocols to specify + name and user within the URL, in the same manner HTTP and FTP have been + allowed to in the past - although far from all of the libcurl supported + protocls actually have that feature in their URL definition spec. + +Daniel Stenberg (26 Mar 2010) +- Ben Greear brought code that makes the rate limiting code for the easy + interface a bit smoother as it introduces sub-second sleeps during it and it + also takes the buffer sizes into account. + +Daniel Stenberg (24 Mar 2010) +- Bob Richmond: There's an annoying situation where libcurl will read new HTTP + response data from a socket, then check if it's a timeout if one is set. If + the last packet received constitutes the end of the response body, libcurl + still treats it as a timeout condition and reports a message like: + + "Operation timed out after 3000 milliseconds with 876 out of 876 bytes + received" + + It should only a timeout if the timer lapsed and we DIDN'T receive the end + of the response body yet. + +- Christopher Conroy fixed a problem with RTSP and GET_PARAMETER reported + to us by Massimo Callegari. There's a new test case 572 that verifies this + now. + +- The 'ares' subtree has been removed from the source repository. It was + always a separate project that sort of piggybacked on the curl project since + the dawn of times and now the time has come for it to go stand on its own + legs and continue living its own life. All details on c-ares and its new + source code repository is found at http://c-ares.haxx.se/ + +Daniel Stenberg (23 Mar 2010) +- Kenny To filed the bug report #2963679 with patch to fix a problem he + experienced with doing multi interface HTTP POST over a proxy using + PROXYTUNNEL. He found a case where it would connect fine but bits.tcpconnect + was not set correct so libcurl didn't work properly. + + (http://curl.haxx.se/bug/view.cgi?id=2963679) + +- Akos Pasztory filed debian bug report #572276 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276 mentioning a problem + with a resource that returns chunked-encoded _and_ with a Content-Length + and libcurl failed to properly ignore the latter information. + +- Hauke Duden provided an example program that made the multi interface crash. + His example simply used the multi interface and did first one FTP transfer + and after completion it used a second easy handle and did another FTP + transfer on the same FTP server. + + This triggered a bug in the "delayed easy handle kill" system that curl + uses: when an FTP connection is left alive it must keep an easy handle + around internally - only for the purpose of having an easy handle when it + later disconnects it. The code assumed that when the easy handle was removed + and an internal reference was made, that version could be killed later on + when a new easy handle came using the same connection. This was wrong as + Hauke's example showed that the removed handle wasn't killed for real until + later. This caused a double close attempt => segfault. + +Daniel Stenberg (22 Mar 2010) +- Thomas Lopatic fixed the alarm()-based DNS timeout: + + Looking at the code of Curl_resolv_timeout() in hostip.c, I think that in + case of a timeout, the signal handler for SIGALRM never gets removed. I + think that in my case it gets executed at some point later on when execution + has long left Curl_resolv_timeout() or even the cURL library. + + The code that is jumped to with siglongjmp() simply sets the error message + to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess + that instead of simply returning without cleaning up, the code should have a + goto that jumps to the spot right after the call to Curl_resolv(). + +Kamil Dudka (22 Mar 2010) +- Douglas Steinwand contributed a patch fixing insufficient initialization in + Curl_clone_ssl_config() + +Daniel Stenberg (21 Mar 2010) +- Ben Greear improved TFTP: the error code returning and the treatment + of TSIZE == 0 when uploading. + +- We've switched from CVS to git. See http://curl.haxx.se/source.html + +Kamil Dudka (19 Mar 2010) +- Improved Curl_read() to not ignore the error returned from Curl_ssl_recv(). + +Daniel Stenberg (15 Mar 2010) +- Constantine Sapuntzakis brought a patch: + + The problem mentioned on Dec 10 2009 + (http://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed. + Partially because an easy handle can be associated with many connections in + the cache (e.g. if there is a redirect during the lifetime of the easy + handle). The previous patch only cleaned up the first one. The new fix now + removes the easy handle from all connections, not just the first one. + +Daniel Stenberg (6 Mar 2010) +- Ben Greear brought a patch that fixed the rate limiting logic for TFTP when + the easy interface was used. + +Daniel Stenberg (5 Mar 2010) +- Daniel Johnson provided fixes for building curl with the clang compiler. + +Yang Tse (5 Mar 2010) +- Constantine Sapuntzakis detected and fixed a double free in builds done + with threaded resolver enabled (Windows default configuration) that would + get triggered when a curl handle is closed while doing DNS resolution. + +Daniel Stenberg (2 Mar 2010) +- [Daniel Johnson] I've been trying to build libcurl with clang on Darwin and + ran into some issues with the GSSAPI tests in configure.ac. The tests first + try to determine the include dirs and libs and set CPPFLAGS and LIBS + accordingly. It then checks for the headers and finally sets LIBS a second + time, causing the libs to be included twice. The first setting of LIBS seems + redundant and should be left out, since the first part is otherwise just + about finding headers. + + My second issue is that 'krb5-config --libs gssapi' on Darwin is less than + useless and returns junk that, while it happens to work with gcc, causes + clang to choke. For example, --libs returns $CFLAGS along with the libs, + which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5 + -lresolv"' on Darwin is sufficient. + +- Based on patch provided by Jacob Moshenko, the transfer logic now properly + makes sure that when using sub-second timeouts, there's no final bad 1000ms + wait. Previously, a sub-second timeout would often make the elapsed time end + up the time rounded up to the nearest second (e.g. 1s for 200ms timeout) + +- Andrei Benea filed bug report #2956698 and pointed out that the + CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function + call. He provided the patch to fix it too. + + http://curl.haxx.se/bug/view.cgi?id=2956698 + +- Markus Duft pointed out in bug #2961796 that even though Interix has a + poll() function it doesn't quite work the way we want it so we must disable + it, and he also provided a patch for it. + + http://curl.haxx.se/bug/view.cgi?id=2961796 + +- Made the pingpong timeout code properly deal with the response timeout AND + the global timeout if set. Also, as was reported in the bug report #2956437 + by Ryan Chan, the time stamp to use as basis for the per command timeout was + not set properly in the DONE phase for FTP (and not for SMTP) so I fixed + that just now. This was a regression compared to 7.19.7 due to the + conversion of FTP code over to the generic pingpong concepts. + + http://curl.haxx.se/bug/view.cgi?id=2956437 + +Daniel Stenberg (1 Mar 2010) +- Ben Greear provided an update for TFTP that fixes upload. + +- Wesley Miaw reported bug #2958179 which identified a case of looping during + OpenSSL based SSL handshaking even though the multi interface was used and + there was no good reason for it. + + http://curl.haxx.se/bug/view.cgi?id=2958179 + +Daniel Stenberg (26 Feb 2010) +- Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a + chunked-encoding trailer. + + http://curl.haxx.se/bug/view.cgi?id=2958474 + +Daniel Fandrich (25 Feb 2010) +- Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code. + +Yang Tse (25 Feb 2010) +- I fixed bug report #2958074 indicating + (http://curl.haxx.se/bug/view.cgi?id=2958074) that curl on Windows with + option --trace-time did not use local time when timestamping trace lines. + This could also happen on other systems depending on time souurce. + +Patrick Monnerat (22 Feb 2010) +- Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account. +- SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required). +- Use of true local host name (i.e.: via gethostname()) when available, as + default argument to SMTP HELO/EHLO. +- Test case 804 for HELO fallback. + +Daniel Stenberg (20 Feb 2010) +- Fixed the SMTP compliance by making sure RCPT TO addresses are specified + properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now + get angle bracket wrapping automatically by libcurl unless the recipient + starts with an angle bracket as then the app is assumed to deal with that + properly on its own. + +- I made the SMTP code expect a 250 response back from the server after the + full DATA has been sent, and I modified the test SMTP server to also send + that response. As usual, the DONE operation that is made after a completed + transfer is still not doable in a non-blocking way so this waiting for 250 + is unfortunately made blockingly. + +Yang Tse (14 Feb 2010) +- Overhauled test suite getpart() function. Fixing potential out of bounds + stack and memory overwrites triggered with huge test case definitions. + +Daniel Stenberg (13 Feb 2010) +- Martin Hager reported and fixed a problem with a missing quote in libcurl.m4 + + (http://curl.haxx.se/bug/view.cgi?id=2951319) + +- Tom Donovan fixed the CURL_FORMAT_* defines when building with cmake. + + (http://curl.haxx.se/bug/view.cgi?id=2951269) + +Daniel Stenberg (12 Feb 2010) +- Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses + in the same RCPT TO line, when they should be sent in separate single + commands. I updated test case 802 to verify this. + +- I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl + tool which made it try to output it as string for the --libcurl feature + which could lead to crashes. + +Yang Tse (11 Feb 2010) +- Steven M. Schweda fixed VMS builder bad behavior when used in a batch job, + removed obsolete batch_compile.com and defines.com and updated VMS readme. + +Version 7.20.0 (9 February 2010) + +Daniel Stenberg (9 Feb 2010) +- When downloading compressed content over HTTP and the app asked libcurl to + automatically uncompress it with the CURLOPT_ENCODING option, libcurl could + wrongly provide the callback with more data than the maximum documented + amount. An application could thus get tricked into badness if the maximum + limit was trusted to be enforced by libcurl itself (as it is documented). + + This is further detailed and explained in the libcurl security advisory + 20100209 at + + http://curl.haxx.se/docs/adv_20100209.html + +Daniel Fandrich (3 Feb 2010) +- Changed the Watcom makefiles to make them easier to keep in sync with + Makefile.inc since that can't be included directly. + +Yang Tse (2 Feb 2010) +- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release, + symbol will not be available when building with CURL_NO_OLDIES defined. Use + of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0 + +Daniel Stenberg (1 Feb 2010) +- Using the multi_socket API, it turns out at times it seemed to "forget" + connections (which caused a hang). It turned out to be an existing (7.19.7) + bug in libcurl (that's been around for a long time) and it happened like + this: + + The app calls curl_multi_add_handle() to add a new easy handle, libcurl will + then set it to timeout in 1 millisecond so libcurl will tell the app about + it. + + The app's timeout fires off that there's a timeout, the app calls libcurl as + we so often document it: + + do { + res = curl_multi_socket_action(... TIMEOUT ...); + } while(CURLM_CALL_MULTI_PERFORM == res); + + And this is the problem number one: + + When curl_multi_socket_action() is called with no specific handle, but only + a timeout-action, it will *only* perform actions within libcurl that are + marked to run at this time. In this case, the request would go from INIT to + CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl + again, there's no timer set for this handle so it remains in the CONNECT + state. The CONNECT state is a transitional state in libcurl so it reports no + sockets there, and thus libcurl never tells the app anything more about that + easy handle/connection. + + libcurl _does_ set a 1ms timeout for the handle at the end of + multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop + is instant the new job is not ready to run at that point (and there's no + code that makes libcurl call the app to update the timout for this new + timeout). It will simply rely on that some other timeout will trigger later + on or that something else will update the timeout callback. This makes the + bug fairly hard to repeat. + + The fix made to adress this issue: + + We introduce a loop in lib/multi.c around all calls to multi_runsingle() and + simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added + benefit that this goes in line with my long-term wishes to get rid of the + CURLM_CALL_MULTI_PERFORM all together from the public API. + + The downside of this fix, is that the counter we return in 'running_handles' + in several of our public functions then gets a slightly new and possibly + confusing behavior during times: + + If an app adds a handle that fails to connect (very quickly) it may just + as well never appear as a 'running_handle' with this fix. Previously it + would first bump the counter only to get it decreased again at next call. + Even I have used that change in handle counter to signal "end of a + transfer". The only *good* way to find the end of a individual transfer + is calling curl_multi_info_read() to see if it returns one. + + Of course, if the app previously did the looping before it checked the + counter, it really shouldn't be any new effect. + +Yang Tse (26 Jan 2010) +- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months + relative to the asynchronous DNS lookups, along with with some integration + adjustments I have done are finally committed to CVS. + + Currently these enhancements will benefit builds done using c-ares on any + platform as well as Windows builds using the default threaded resolver. + + This release does not make generally available POSIX threaded DNS lookups + yet. There is no configure option to enable this feature yet. It is possible + to experimantally try this feature running configure with compiler flags that + make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and + HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones + are required to link and properly use pthread_* functions on each platform. + +Daniel Stenberg (26 Jan 2010) +- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the + proxy that cannot be resolved when using c-ares. This matches the behaviour + when not using c-ares. + +Björn Stenberg (23 Jan 2010) +- Added a new flag: -J/--remote-header-name. This option tells the + -O/--remote-name option to use the server-specified Content-Disposition + filename instead of extracting a filename from the URL. + +Daniel Stenberg (21 Jan 2010) +- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new + libcurl options for controlling what to get and how to receive posssibly + interleaved RTP data. + +Daniel Stenberg (20 Jan 2010) +- As was pointed out on the http-state mailing list, the order of cookies in a + HTTP Cookie: header _needs_ to be sorted on the path length in the cases + where two cookies using the same name are set more than once using + (overlapping) paths. Realizing this, identically named cookies must be + sorted correctly. But detecting only identically named cookies and take care + of them individually is harder than just to blindly and unconditionally sort + all cookies based on their path lengths. All major browsers also already do + this, so this makes our behavior one step closer to them in the cookie area. + + Test case 8 was the only one that broke due to this change and I updated it + accordingly. + +Daniel Stenberg (19 Jan 2010) +- David McCreedy brought a fix and a new test case (129) to make libcurl work + again when downloading files over FTP using ASCII and it turns out that the + final size of the file is not the same as the initial size the server + reported. This is very common since servers don't take the newline + conversions into account. + +Kamil Dudka (14 Jan 2010) +- Suppressed side effect of OpenSSL configure checks, which prevented NSS from + being properly detected under certain circumstances. It had been caused by + strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config + distinguishes among empty and non-existent environment variable in that case. + +Daniel Stenberg (12 Jan 2010) +- Gil Weber reported a peculiar flaw with the multi interface when doing SFTP + transfers: curl_multi_fdset() would return -1 and not set and file + descriptors several times during a transfer of a single file. It turned out + to be due to two different flaws now fixed. Gil's excellent recipe helped me + nail this. + +Daniel Stenberg (11 Jan 2010) +- Made sure that the progress callback is repeatedly called at a regular + interval even during very slow connects. + +- The tests/runtests.pl script now checks to see if the test case that runs is + present in the tests/data/Makefile.am and outputs a notice message on the + screen if not. Each test file has to be included in that Makefile.am to get + included in release archives and forgetting to add files there is a common + mistake. This is an attempt to make it harder to forget. + +Daniel Stenberg (9 Jan 2010) +- Johan van Selst found and fixed a OpenSSL session ref count leak: + + ossl_connect_step3() increments an SSL session handle reference counter on + each call. When sessions are re-used this reference counter may be + incremented many times, but it will be decremented only once when done (by + Curl_ossl_session_free()); and the internal OpenSSL data will not be freed + if this reference count remains positive. When a session is re-used the + reference counter should be corrected by explicitly calling + SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid + introducing a memory leak. + + (http://curl.haxx.se/bug/view.cgi?id=2926284) + +Daniel Stenberg (7 Jan 2010) +- Make sure the progress callback is called repeatedly even during very slow + name resolves when c-ares is used for resolving. + +Claes Jakobsson (6 Jan 2010) +- Julien Chaffraix fixed so that the fragment part in an URL is not sent + to the server anymore. + +Kamil Dudka (3 Jan 2010) +- Julien Chaffraix eliminated a duplicated initialization in singlesocket(). + +Daniel Stenberg (2 Jan 2010) +- Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific + versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to + control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old + option names are still working but the new ones are the ones listed and + documented. + +Daniel Stenberg (1 Jan 2010) +- Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This + command is a special "hack" used by the drftpd server, but even though it is + a custom extension I've deemed it fine to add to libcurl since this server + seems to survive and people keep using it and want libcurl to support + it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also + usable from the curl tool with --ftp-pret. Using this option on a server + that doesn't support this command will make libcurl fail. + + I added test cases 1107 and 1108 to verify the functionality. + + The PRET command is documented at + http://www.drftpd.org/index.php/Distributed_PASV + +Yang Tse (30 Dec 2009) +- Steven M. Schweda improved VMS build system, and Craig A. Berry helped + with the patch and testing. + +Daniel Stenberg (26 Dec 2009) +- Renato Botelho and Peter Pentchev brought a patch that makes the libcurl + headers work correctly even on FreeBSD systems before v8. + + (http://curl.haxx.se/bug/view.cgi?id=2916915) + +Daniel Stenberg (17 Dec 2009) +- David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when + available. + +- Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I + was a bit too quick and broke test case 1101 with that change. The order of + some of the setups is sensitive. I now changed it slightly again to make + sure we do them in this order: + + 1 - parse URL and figure out what protocol is used in the URL + 2 - prepend protocol:// to URL if missing + 3 - parse name+password off URL, which needs to know what protocol is used + (since only some allows for name+password in the URL) + 4 - figure out if a proxy should be used set by an option + 5 - if no proxy option, check proxy environment variables + 6 - run the protocol-specific setup function, which needs to have the proxy + already set + +Daniel Stenberg (15 Dec 2009) +- Jon Nelson found a regression that turned out to be a flaw in how libcurl + detects and uses proxies based on the environment variables. If the proxy + was given as an explicit option it worked, but due to the setup order + mistake proxies would not be used fine for a few protocols when picked up + from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added + test case 1106 that verifies this functionality. + + (http://curl.haxx.se/bug/view.cgi?id=2913886) + +Daniel Stenberg (12 Dec 2009) +- IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S + and SMTPS) are now supported. The current state may not yet be solid, but + the foundation is in place and the test suite has some initial support for + these protocols. Work will now persue to make them nice libcurl citizens + until release. + + The work with supporting these new protocols was sponsored by + networking4all.com - thanks! + +Daniel Stenberg (10 Dec 2009) +- Siegfried Gyuricsko found out that the curl manual said --retry would retry + on FTP errors in the transient 5xx range. Transient FTP errors are in the + 4xx range. The code itself only tried on 5xx errors that occured _at login_. + Now the retry code retries on all FTP transfer failures that ended with a + 4xx response. + + (http://curl.haxx.se/bug/view.cgi?id=2911279) + +- Constantine Sapuntzakis figured out a case which would lead to libcurl + accessing alredy freed memory and thus crash when using HTTPS (with + OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order + of cleaning things up. I fixed it. + + (http://curl.haxx.se/bug/view.cgi?id=2905220) + +Daniel Stenberg (7 Dec 2009) +- Martin Storsjo made libcurl use the Expect: 100-continue header for posts + with unknown size. Previously it was only used for posts with a known size + larger than 1024 bytes. + +Daniel Stenberg (1 Dec 2009) +- If the Expect: 100-continue header has been set by the application through + curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set + data->state.expect100header accordingly - the current code (in 7.19.7 at + least) doesn't handle this properly. Martin Storsjo provided the fix! + +Yang Tse (28 Nov 2009) +- Added Diffie-Hellman parameters to several test harness certificate files in + PEM format. Required by several stunnel versions used by our test harness. + +Daniel Stenberg (28 Nov 2009) +- Markus Koetter provided a polished and updated version of Chad Monroe's TFTP + rework patch that now integrates TFTP properly into libcurl so that it can + be used non-blocking with the multi interface and more. BLKSIZE also works. + + The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from + the command line. + +Daniel Stenberg (26 Nov 2009) +- Extended and fixed the change I did on Dec 11 for the the progress + meter/callback during FTP command/response sequences. It turned out it was + really lame before and now the progress meter SHOULD get called at least + once per second. + +Daniel Stenberg (23 Nov 2009) +- Bjorn Augustsson reported a bug which made curl not report any problems even + though it failed to write a very small download to disk (done in a single + fwrite call). It turned out to be because fwrite() returned success, but + there was insufficient error-checking for the fclose() call which tricked + curl to believe things were fine. + +Yang Tse (23 Nov 2009) +- David Byron modified Makefile.dist vc8 and vc9 targets in order to allow + finer granularity control when generating src and lib makefiles. + +Yang Tse (22 Nov 2009) +- I modified configure to force removal of the curlbuild.h file included in + distribution tarballs for use by non-configure systems. As intended, this + would get overwriten when doing in-tree builds. But VPATH builds would end + having two curlbuild.h files, one in the source tree and another in the + build tree. With the modification I introduced 5 Nov 2009 this could become + an issue when running libcurl's test suite. + +Daniel Stenberg (20 Nov 2009) +- Constantine Sapuntzakis identified a write after close, as the sockets were + closed by libcurl before the SSL lib were shutdown and they may write to its + socket. Detected to at least happen with OpenSSL builds. + +- Jad Chamcham pointed out a bug with connection re-use. If a connection had + CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the + same proxy with the tunnel option disabled would still wrongly re-use that + previous connection and the outcome would only be badness. + +Yang Tse (18 Nov 2009) +- I modified the memory tracking system to make it intolerant with zero sized + malloc(), calloc() and realloc() function calls. + +Daniel Stenberg (17 Nov 2009) +- Constantine Sapuntzakis provided another fix for the DNS cache that could + end up with entries that wouldn't time-out: + + 1. Set up a first web server that redirects (307) to a http://server:port + that's down + 2. Have curl connect to the first web server using curl multi + + After the curl_easy_cleanup call, there will be curl dns entries hanging + around with in_use != 0. + + (http://curl.haxx.se/bug/view.cgi?id=2891591) + +- Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into + its pkg-config file. So -Wl stuff ended up in the .pc file, which is really + bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in + PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592) + +Kamil Dudka (15 Nov 2009) +- David Byron improved the configure script to use pkg-config to find OpenSSL + (and in particular the list of required libraries) even if a path is given + as argument to --with-ssl + +Yang Tse (15 Nov 2009) +- I removed enable-thread / disable-thread configure option. These were only + placebo options. The library is always built as thread safe as possible on + every system. + +Claes Jakobsson (14 Nov 2009) +- curl-config now accepts '--configure' to see what arguments was + passed to the configure script when building curl. + +Daniel Stenberg (14 Nov 2009) +- Claes Jakobsson restored the configure functionality to detect NSS when + --with-nss is set but not "yes". + + I think we can still improve that to check for pkg-config in that path etc, + but at least this patch brings back the same functionality we had before. + +- Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for + the client certificate. It also disable the key name test as some engines + can select a private key/cert automatically (When there is only one key + and/or certificate on the hardware device used by the engine) + +Yang Tse (14 Nov 2009) +- Constantine Sapuntzakis provided the fix that ensures that an SSL connection + won't be reused unless protection level for peer and host verification match. + + I refactored how preprocessor symbol _THREAD_SAFE definition is done. + +Kamil Dudka (12 Nov 2009) +- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly + closed NSPR descriptor. The issue was hard to find, reported several times + before and always closed unresolved. More info at the RH bug: + https://bugzilla.redhat.com/534176 + +- libcurl-NSS now tries to reconnect with TLS disabled in case it detects + a broken TLS server. However it does not happen if SSL version is selected + manually. The approach was originally taken from PSM. Kaspar Brand helped me + to complete the patch. Original bug reports: + https://bugzilla.redhat.com/525496 + https://bugzilla.redhat.com/527771 + +Yang Tse (12 Nov 2009) +- I modified configure script to make the getaddrinfo function check also + verify if the function is thread safe. + +Yang Tse (11 Nov 2009) +- Marco Maggi reported that compilation failed when configured --with-gssapi + and GNU GSS installed due to a missing mutual exclusion of header files in + the Kerberos 5 code path. He also verified that my patch worked for him. + +Daniel Stenberg (11 Nov 2009) +- Constantine Sapuntzakis posted bug #2891595 + (http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry + in the DNS cache would linger too long if the request that added it was in + use that long. He also provided the patch that now makes libcurl capable of + still doing a request while the DNS hash entry may get timed out. + +- Christian Schmitz noticed that the progress meter/callback was not properly + used during the FTP connection phase (after the actual TCP connect), while + it of course should be. I also made the speed check get called correctly so + that really slow servers will trigger that properly too. + +Kamil Dudka (5 Nov 2009) +- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works + in non-blocking mode. + +Yang Tse (5 Nov 2009) +- I removed leading 'curl' path on the 'curlbuild.h' include statement in + curl.h, adjusting auto-makefiles include path, to enhance portability to + OS's without an orthogonal directory tree structure such as OS/400. + +Daniel Stenberg (4 Nov 2009) +- I fixed several problems with the transfer progress meter. It showed the + wrong percentage for small files, most notable for <1000 bytes and could + easily end up showing more than 100% at the end. It also didn't show any + percentage, transfer size or estimated transfer times when transferring + less than 100 bytes. + +Version 7.19.7 (4 November 2009) + +Daniel Stenberg (2 Nov 2009) +- As reported independent by both Stan van de Burgt and Didier Brisebourg, + CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when + getting data from ldap! + +Daniel Stenberg (31 Oct 2009) +- Gabriel Kuri reported a problem with CURLINFO_CONTENT_LENGTH_DOWNLOAD if the + download was 0 bytes, as libcurl would then return the size as unknown (-1) + and not 0. I wrote a fix and test case 566 to verify it. + +Daniel Stenberg (30 Oct 2009) +- Liza Alenchery mentioned a problem with re-used SCP connection when a bad + auth is used, as it caused a crash. I failed to repeat the issue, but still + made a change that now forces the TCP connection used for a freed SCP + session to get closed and not be re-used. + +- "Tom" posted a bug report that mentioned how libcurl did wrong when doing a + POST using a read callback, with Digest authentication and + "Transfer-Encoding: chunked" enforced. I would then cause the first request + to be wrongly sent and then basically hang until the server closed the + connection. I fixed the problem and added test case 565 to verify it. + +Daniel Stenberg (25 Oct 2009) +- Dima Barsky made the curl cookie parser accept cookies even with blank or + unparsable expiry dates and then treat them as session cookies - previously + libcurl would reject cookies with a date format it couldn't parse. Research + shows that the major browser treat such cookies as session cookies. I + modified test 8 and 31 to verify this. + +Daniel Stenberg (21 Oct 2009) +- Attempt to use pkg-config for finding out libssh2 installation details + during configure. + +- A patch in bug report #2883177 (http://curl.haxx.se/bug/view.cgi?id=2883177) + by Johan van Selst introduced the --crlfile option to curl, which makes curl + tell libcurl about a file with CRL (certificate revocation list) data to + read. + +Daniel Stenberg (18 Oct 2009) +- Ray Dassen provided a patch in Debian's bug tracker (bug number #551461) + that now makes curl_getdate(3) actually handles RFC 822 formatted dates that + use the "single letter military timezones". + http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details. + +- Fixed memory leak in the SCP/SFTP code as it never freed the knownhosts + data! + +- John Dennis filed bug report #2873666 + (http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem + which made libcurl loop infinitely when given incorrect credentials when + using HTTP GSS negotiate authentication. He also provided a small and simple + patch for it. + +- Kevin Baughman found a double close() problem with libcurl-NSS, as when + libcurl called NSS to close the SSL "session" it also closed the actual + socket. + +Yang Tse (17 Oct 2009) +- Bug report #2866724 indicated + (http://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed + when writing files whose file names originally contained characters which + are not valid for file names on Windows. Dan Fandrich provided an initial + patch and another revised one to fix this issue. + +Daniel Stenberg (1 Oct 2009) +- Tom Mueller correctly reported in bug report #2870221 + (http://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an + incorrect return code from the internal trynextip() function which caused + him grief. This is a regression that was introduced in 7.19.1 and I find it + strange it hasn't hit us harder, but I won't persue into figuring out + exactly why. + +- Constantine Sapuntzakis: The current implementation will always set + SO_SNDBUF to CURL_WRITE_SIZE even if the SO_SNDBUF starts out larger. The + patch doesn't do a setsockopt if SO_SNDBUF is already greater than + CURL_WRITE_SIZE. This should help folks who have set up their computer with + large send buffers. + +Daniel Stenberg (27 Sep 2009) +- I introduced a maximum limit for received HTTP headers. It is controlled by + the define CURL_MAX_HTTP_HEADER which is even exposed in the public header + file to allow for users to fairly easy rebuild libcurl with a modified + limit. The rationale for a fixed limit is that libcurl is realloc()ing a + buffer to be able to put a full header into it, so that it can call the + header callback with the entire header, but that also risk getting it into + trouble if a server by mistake or willingly sends a header that is more or + less without an end. The limit is set to 100K. + +Daniel Stenberg (26 Sep 2009) +- John P. McCaskey posted a bug report that showed how libcurl did wrong when + saving received cookies with no given path, if the path in the request had a + query part. That is means a question mark (?) and characters on the right + side of that. I wrote test case 1105 and fixed this problem. + +Kamil Dudka (26 Sep 2009) +- Implemented a protocol independent way to specify blocking direction, used by + transfer.c for blocking. It is currently used only by SCP and SFTP protocols. + This enhancement resolves an issue with 100% CPU usage during SFTP upload, + reported by Vourhey. + +Daniel Stenberg (25 Sep 2009) +- Chris Mumford filed bug report #2861587 + (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used + the OpenSSL function X509_load_crl_file() wrongly and failed if it would + load a CRL file with more than one certificate within. This is now fixed. + +Daniel Stenberg (16 Sep 2009) +- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL- + powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name + field in the certficate it had to match and so even if non-DNS and non-IP + entry was present it caused the verification to fail. + +Daniel Fandrich (15 Sep 2009) +- Moved the libssh2 checks after the SSL library checks. This helps when + statically linking since libssh2 needs the SSL library link flags to be + set up already to satisfy its dependencies. This wouldn't be necessary if + the libssh2 configure check was changed to use pkg-config since the + --static flag would add the dependencies automatically. + +Yang Tse (14 Sep 2009) +- Revert Joshua Kwan's patch committed 11 Sep 2009. + + Some systems poll function sets POLLHUP in revents without setting + POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some + libcurl code execution paths this could trigger busy wait loops with + high CPU usage until a timeout condition aborted the loop. + + The reverted patch addressed the above issue for a very specific case, + when awaiting c-ares to resolve. A libcurl-wide fix for Curl_poll now + superceeds this one. + +Guenter Knauf (11 Sep 2009) +- Joshua Kwan provided a patch to pass POLLERR / POLLHUP back to c-ares. + This fixes a loop problem with high CPU usage. + +Daniel Stenberg (10 Sep 2009) +- Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch + start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 + which internally then is treated as a session cookie. That particular date + is now made to get the value of 1. + +Daniel Stenberg (2 Sep 2009) +- Daniel Johnson found a flaw in the code converting sftp-errors to libcurl + errors. + +Daniel Stenberg (1 Sep 2009) +- Peter Sylvester made a debug feature for Curl_resolv() that now will force + libcurl to resolve 'localhost' whatever name you use in the URL *if* you set + the --interface option to (exactly) "LocalHost". This will enable us to + write tests for custom hosts names but still use a local host server. + +- configure now tries to use pkg-config for a number of sub-dependencies even + when cross-compiling. The key to success is then you properly setup + PKG_CONFIG_PATH before invoking configure. + + I also improved how NSS is detected by trying nss-config if pkg-config isn't + present, and as a last resort just use the lib name and force the user to + setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would + add a range of various libs that would almost never be quite correct. + +Daniel Stenberg (31 Aug 2009) +- When using the multi interface with FTP and you asked for NOBODY, you did no + QUOTE commands and the request used the same path as the connection had + already changed to, it would decide that no commands would be necessary for + the "DO" action and that was not handled properly but libcurl would instead + hang. + +Kamil Dudka (28 Aug 2009) +- Improved error message for not matching certificate subject name in + libcurl-NSS. Originally reported at: + https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9 + +Patrick Monnerat (24 Aug 2009) +- Introduced a SYST-based test to properly set-up name format when dealing + with the OS/400 FTP server. + +- Fixed an ftp_readresp() bug preventing detection of failing control socket + and causing FTP client to loop forever. + +Daniel Stenberg (24 Aug 2009) +- Marc de Bruin pointed out that configure --with-gnutls=PATH didn't work + properly and provided a fix. http://curl.haxx.se/bug/view.cgi?id=2843008 + +- Eric Wong introduced support for the new option -T. (dot) that makes curl + read stdin in a non-blocking fashion. This also brings back -T- (minus) to + the previous blocking behavior since it could break stuff for people at + times. + +Michal Marek (21 Aug 2009) +- With CURLOPT_PROXY_TRANSFER_MODE, avoid sending invalid URLs like + ftp://example.com;type=i if the user specified ftp://example.com without the + slash. + +Daniel Stenberg (21 Aug 2009) +- Andre Guibert de Bruet pointed out a missing return code check for a + strdup() that could lead to segfault if it returned NULL. I extended his + suggest patch to now have Curl_retry_request() return a regular return code + and better check that. + +- Lots of good work by Krister Johansen, mostly related to pipelining: + + Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks + Fix data corruption issue with re-connected transfers + Fix use after free if we're completed but easy_conn not NULL + +Kamil Dudka (13 Aug 2009) +- Changed NSS code to not ignore the value of ssl.verifyhost and produce more + verbose error messages. Originally reported at: + https://bugzilla.redhat.com/show_bug.cgi?id=516056 + +Daniel Stenberg (12 Aug 2009) +- Karl Moerder fixed the Makefile.vc* makefiles to include the new file + nonblock.c so that they work fine again + +- I expanded test 517 with a bunch of more dates that originate from the + Chrome browser test suite. It turns out most of them get parsed the same + way. + +Version 7.19.6 (12 August 2009) + +Daniel Stenberg (12 Aug 2009) +- Carsten Lange reported a bug and provided a patch for TFTP upload and the + sending of the TSIZE option. I don't like fixing bugs just hours before + a release, but since it was broken and the patch fixes this for him I decided + to get it in anyway. + +Daniel Stenberg (11 Aug 2009) +- Peter Sylvester made the HTTPS test server use specific certificates for + each test, so that the test suite can now be used to actually test the + verification of cert names etc. This made an error show up in the OpenSSL- + specific code where it would attempt to match the CN field even if a + subjectAltName exists that doesn't match. This is now fixed and verified + in test 311. + +- Benbuck Nason posted the bug report #2835196 + (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler + warnings when mixing ints and bools. + +Daniel Fandrich (10 Aug 2009) +- Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. + +Daniel Fandrich (9 Aug 2009) +- Fixed some memory leaks in the command-line tool that caused most of the + torture tests to fail. + +Daniel Stenberg (2 Aug 2009) +- Curt Bogmine reported a problem with SNI enabled on a particular server. We + should introduce an option to disable SNI, but as we're in feature freeze + now I've addressed the obvious bug here (pointed out by Peter Sylvester): we + shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. + Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular + option for SNI, or are we simply not using it? + +Daniel Stenberg (1 Aug 2009) +- Scott Cantor posted the bug report #2829955 + (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert + verification flaw found and exploited by Moxie Marlinspike. The presentation + he did at Black Hat is available here: + https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike + + Apparently at least one CA allowed a subjectAltName or CN that contain a + zero byte, and thus clients that assumed they would never have zero bytes + were exploited to OK a certificate that didn't actually match the site. Like + if the name in the cert was "example.com\0theatualsite.com", libcurl would + happily verify that cert for example.com. + + libcurl now better uses the length of the extracted name, not using the zero + termination for getting the string length. + + This fixing only made and needed in OpenSSL interfacing code. + +- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present + only in some OpenSSL installs - like on Windows) isn't thread-safe and we + agreed that moving it to the global_init() function is a decent way to deal + with this situation. + +- Alexander Beedie provided the patch for a noproxy problem: If I have set + CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually + could still end up using a proxy if a proxy environment variable was set. + +Daniel Stenberg (27 Jul 2009) +- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and + CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to + send when using FTP, as a sign that libcurl shall simply ignore the response + from the server instead of treating it as an error. Not treating a 400+ FTP + response code as an error means that failed commands will not abort the + chain of commands, nor will they cause the connection to get disconnected. + +Daniel Stenberg (26 Jul 2009) +- Johan van Selst posted bug report #2825989 + (http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that + OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and + provided the solution too: to use OpenSSL_add_all_algorithms() in addition + to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in + OpenSSL 0.9.5 + +Daniel Stenberg (23 Jul 2009) +- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. + They introduce known_host support for SSH keys to libcurl. See docs for + details. Note that this feature depends on a new enough libssh2 version, to + be supported in libssh2 1.2 and later (or current git repo at this time). + +Michal Marek (22 Jul 2009) +- David Binderman found a memory and fd leak in lib/gtls.c:load_file() + (https://bugzilla.novell.com/523919). When looking at the code, I found that + also the ptr pointer can leak. + +Kamil Dudka (20 Jul 2009) +- Claes Jakobsson improved the support for client certificates handling in + NSS-powered libcurl. Now the client certificates can be selected + automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 + slots is no more performed. It used to cause problems with HW tokens. + +- Fixed reference counting for NSS client certificates. Now the PEM reader + module should be always properly unloaded on Curl_nss_cleanup(). If the + unload fails though, libcurl will try to reuse the already loaded instance. + +Daniel Fandrich (15 Jul 2009) +- Added nonblock.c to the non-automake makefiles (note that the dependencies + in the Watcom makefiles aren't quite correct). + +Michal Marek (15 Jul 2009) +- Changed the description of CURLINFO_OS_ERRNO to make it clear that the + errno is not reset on success. + +Guenter Knauf (14 Jul 2009) +- renamed generated config.h to curl_config.h to avoid any future clashes + with config.h from other projects. + +Daniel Stenberg (9 Jul 2009) +- Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for + setting a file descriptor non-blocking. Used by the functionality Eric + himself brough on June 15th. + +Daniel Stenberg (8 Jul 2009) +- Constantine Sapuntzakis posted bug report #2813123 + (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the + problem: + + Url A is accessed using auth. Url A redirects to Url B (on a different + server0. Url B reuses a persistent connection. Url B has auth, even though + it's on a different server. + + Note: if Url B does not reuse a persistent connection, auth is not sent. + + reason: + + data->state.first_host is not initialized becuase Curl_http_connect is not + called when a connection is reused. + + Solution: + + move initialization of data->state.first_host to Curl_http. No code before + Curl_http uses data->state.first_host anyway. + +Guenter Knauf (4 Jul 2009) +- Markus Koetter provided a patch to avoid getnameinfo() usage which broke a + couple of both IPv4 and IPv6 autobuilds. + +Daniel Stenberg (29 Jun 2009) +- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port + range if given colon-separated after the host name/address part. Like + "192.168.0.1:2000-10000" + +- Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I + don't know how they got wrong in the first place, but using this output + format makes it possible to quite easily separate the string into an array + of multiple items. + +Daniel Fandrich (16 June 2009) +- Added a few more compiler warning options for gcc. + +Daniel Stenberg (16 Jun 2009) +- Reuven Wachtfogel made curl -o - properly produce a binary output on windows + (no newline translations). Use -B/--use-ascii if you rather get the ascii + approach. + +Michal Marek (16 Jun 2009) +- When doing non-anonymous ftp via http proxies and the password is not + provided in the url, add it there (squid needs this). + +Daniel Stenberg (15 Jun 2009) +- Eric Wong's patch: + + This allows curl(1) to be used as a client-side tunnel for arbitrary stream + protocols by abusing chunked transfer encoding in both the HTTP request and + HTTP response. This requires server support for sending a response while a + request is still being read, of course. + + If attempting to read from stdin returns EAGAIN, then we pause our sender. + This leaves curl to attempt to read from the socket while reading from stdin + (and thus sending) is paused. + + This change was needed to allow successfully tunneling the git protocol over + HTTP (--no-buffer is needed, as well). + +Patrick Monnerat (15 Jun 2009) +- Replaced use of standard C library rand()/srand() by our own pseudo-random + number generator. + +Yang Tse (11 Jun 2009) +- I adapted testcurl script to allow building test harness programs when + cross-compiling for a *-*-mingw* host. + +Daniel Stenberg (10 Jun 2009) +- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and + contributed a range of patches to fix them. + +Yang Tse (10 Jun 2009) +- I introduced configure script option --enable-curldebug which now allows + the decoupled enabling or disabling of the curl debug memory tracking + feature from the --enable-debug option which no longer controls this. + + curl --version will list 'Debug' feature for debug enabled builds, and + will list 'TrackMemory' feature for curl debug memory tracking capable + builds. These features are independent and can be controlled when running + the configure script. When --enable-debug is given both features will be + enabled, unless some restriction prevents memory tracking from being used. + + Internally, definition of preprocessor symbol DEBUGBUILD restricts code + which is only compiled for debug enabled builds. And symbol CURLDEBUG is + used to differentiate code which is _only_ used for memory tracking. + +Yang Tse (9 Jun 2009) +- Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not + initializing the fread callback pointer and this triggered a compiler + warning, also provided a friendly suggestion on how to fix it. + +Daniel Stenberg (8 Jun 2009) +- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount + issue with client certs that caused issues like segfaults. + http://curl.haxx.se/mail/lib-2009-05/0316.html + +- Triggered by bug report #2798852 and the patch in there, I fixed configure + to detect gnutls build options with pkg-config only and not libgnutls-config + anymore since GnuTLS has stopped distributing that tool. If an explicit path + is given to configure, we will instead guess on how to link and use that + lib. I did not use the patch from the bug report. + +Yang Tse (8 Jun 2009) +- Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers + included from Makefile.inc, and provided docs\INSTALL VxWorks section. + +- I removed buildconf.bat from release and daily snapshot archives. This + file is only for CVS tree checkout builds. + +Daniel Stenberg (8 Jun 2009) +- Eric Wong fixed --no-buffer to actually switch off output buffering. Been + broken since 7.19.0 + +Bill Hoffman (6 Jun 2009) +- Added some cmake docs and fixed socklen_t in the build. + +Yang Tse (5 Jun 2009) +- John E. Malmberg provided VMS specific patch: "This fixes an existing bug + in urlglob.c where it was not converting the Curl Unix exit code to a VMS + DCL compatible exit code. This fix required the enhancement described next. + This also adds an enhancement to main.c so that when curl is run under a + Unix shell like Bash on VMS, it will return the standard Unix exit codes + and messages." And another patch for docs/examples. + + I introduced os-specific.c and os-specific.h for use in curl tool code + and adjusted John E. Malmberg's patch placement to use these new files + as an effort to prevent main.c from growing ad infinitum. Code already + existing in main.c which is OS specific should be moved into these files. + +Daniel Stenberg (4 June 2009) +- Setting the Content-Length: header from your app when you do a POST or PUT + is almost always a VERY BAD IDEA. Yet there are still apps out there doing + this, and now recently it triggered a bug/side-effect in libcurl as when + libcurl sends a POST or PUT with NTLM, it sends an empty post first when it + knows it will just get a 401/407 back. If the app then replaced the + Content-Length header, it caused the server to wait for input that libcurl + wouldn't send. Aaron Oneal reported this problem in bug report #2799008 + (http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. + +Yang Tse (4 Jun 2009) +- Igor Novoseltsev provided patches and information, that after some + adjustments to better fit curl's way of doing things, have resulted + in the posibility of building libcurl for VxWorks. + +Daniel Fandrich (2 June 2009) +- Checked in a Google Android make file. To use it, you must first + create a config.h file by running configure in the Android environment, + which doesn't seem to be easy to do. If no easy way can be found, a + static config-android.h may need to be created and checked in to the + libcurl source tree. + +Daniel Stenberg (1 June 2009) +- Claes Jakobsson fixed the configure script to better find and use NSS + without pkg-config. + +Yang Tse (1 Jun 2009) +- John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed + out that the configure script was failing to detect the timeval struct on + VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition + taking place in socket.h instead of time.h. I have adjusted configure + script to also include this header when checking struct timeval. + +Daniel Stenberg (27 May 2009) +- Frank McGeough provided a small OpenSSL #include fix to make libcurl compile + fine with Nokia 5th edition 1.0 SDK for Symbian. + +- Andre Guibert de Bruet found a call to a OpenSSL function that didn't check + for a failure properly. + +- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear + the auth credentials back in 7.19.0 and earlier while now you have to set "" + to get the same effect. His patch brings back the ability to use NULL. + +- Claes Jakobsson fixed libcurl-NSS to build fine even without the + PK11_CreateGenericObject() function. + +Daniel Stenberg (25 May 2009) +- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed + out that the cookie parser would leak memory when it parses cookies that are + received with domain, path etc set multiple times in the same header. While + such a cookie is questionable, they occur in the wild and libcurl no longer + leaks memory for them. I added such a header to test case 8. + +Daniel Fandrich (22 May 2009) +- Removed some obsolete digest code that caused a valgrind error in test 551. + +Daniel Fandrich (20 May 2009) +- Added "non-existing host" test keywords to make it easy to skip those + tests on machines that have broken DNS configurations (such as + those configured to use OpenDNS). + +Daniel Stenberg (19 May 2009) +- Kamil Dudka brought the patch from the Redhat bug entry + https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing + a bad file descriptor when closing down the FTP data connection. Caolan + McNamara seems to be the original author of it. + +Version 7.19.5 (18 May 2009) + +Daniel Stenberg (17 May 2009) +- James Bursa posted a patch to the mailing list that fixed a problem with + no_proxy which made it not skip the proxy if the URL entered contained a + user name. I added test case 1101 to verify. + +Daniel Stenberg (11 May 2009) +- Balint Szilakszi reported a memory leak when libcurl did gzip decompression + of streams that had some parts (legitimately) missing. We now provide and use + a proper cleanup function for the content encoding submodule. + http://curl.haxx.se/mail/lib-2009-05/0092.html + +- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth + at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12 + + If an incorrect password is given while loading a private key, libcurl ends + up in an infinite loop consuming memory. The bug is critical. + +- I fixed the problem with doing NTLM, POST and then following a 302 redirect, + as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on + curl-library). The transfer was mistakenly marked to get more data to send + but since it didn't actually have that, it just hung there... + +Daniel Stenberg (10 May 2009) +- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted + byte in the digest code. + +Yang Tse (9 May 2009) +- Removed DOS and TPF package's subdirectory Makefile.am, it was only used + to include some files in the distribution tarball serving no other purpose. + Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST + of the Makefile in the parent subdirectory. + +Yang Tse (8 May 2009) +- Changed host name literal in several tests to one under the haxx.se domain. + +- Renamed vc6 workspace and project files to avoid filename clash when used + for conversion to later VS versions. + +Daniel Stenberg (8 May 2009) +- Constantine Sapuntzakis fixed bug report #2784055 + (http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to + connect to SOCKS proxies when using the multi interface. It turned out to + almost not work at all previously. We need to wait for the TCP connect to + be properly verified before doing the SOCKS magic. + + There's still a flaw in the FTP code for this. + +Daniel Stenberg (7 May 2009) +- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as + well. See change 28 Apr 2009. + +Yang Tse (7 May 2009) +- Fixed an issue affecting FTP transfers, introduced with the transfer.c + patch committed May 4. + +Daniel Stenberg (7 May 2009) +- Man page *roff problems fixed thanks to input from Colin Watson. Problems + reported in the Debian package. + +- Vijay G filed bug report #2723236 + (http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with + libcurl's TFTP code and its lack of dealing with the OACK packet. + +Yang Tse (5 May 2009) +- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and + reverted the change affecting test suite harness committed 4 May. + +Daniel Stenberg (5 May 2009) +- Inspired by Michael Smith's session id fix for OpenSSL, I did the + corresponding fix in the GnuTLS code: make sure to store the new session id + in case the previous re-used one is rejected. + +Daniel Stenberg (4 May 2009) +- Michael Smith posted bug report #2786255 + (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how + libcurl did not deal with SSL session ids properly if the server rejected a + re-use of one. Starting now, it will forget the rejected one and remember + the new. This change was for OpenSSL only, it is likely that other SSL lib + code needs similar fixes. + +Yang Tse (4 May 2009) +- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and + non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems: + 1) On non-ASCII platforms not all of the protocol portions of the PUT are + being translated to ASCII. 2) On all platforms the line endings of part of + the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or + data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV). + +- Applied David McCreedy's patch to fix test suite harness to allow test FTP + server and client on different machines, providing FTP client address when + running the FTP test server. + +Daniel Fandrich (3 May 2009) +- Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug + report failed to mention that a proxy must be used to reproduce it. + +Yang Tse (2 May 2009) +- Use a build-time configured curl_socklen_t data type instead of socklen_t. + +Yang Tse (1 May 2009) +- Applied David McCreedy's patches "TPF-platform specific changes to various + files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the + former with minor edits. + +Daniel Stenberg (30 Apr 2009) +- I was going to fix issue #59 in KNOWN_BUGS + + If the CURLOPT_PORT option is used on an FTP URL like + "ftp://example.com/file;type=A" the ";type=A" is stripped off. + + I added test case 562 to verify, only to find out that I couldn't repeat + this bug so I hereby consider it not a bug anymore! + +Daniel Stenberg (29 Apr 2009) +- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219) + I've now made TFTP "connections" not being kept for re-use within libcurl. + TFTP is UDP-based so the benefit was really low (if even existing) to begin + with so instead of tracking down to fix this problem we instead removed the + re-use. I also enabled test case 1099 that I wrote a few days ago to verify + that this change fixes the reported problem. + +Daniel Stenberg (28 Apr 2009) +- Constantine Sapuntzakis filed bug report #2783090 + (http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows + we need to grow the SO_SNDBUF buffer somewhat to get really good upload + speeds. http://support.microsoft.com/kb/823764 has the details. Friends + confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough. + +- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim + Chen pointed out how curl couldn't upload with resume when reading from a + pipe. + + This ended up with the introduction of a new return code for the + CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but + that libcurl may try to resolve the situation anyway. In our case this means + libcurl will attempt to instead read that much data from the stream instead + of seeking and that way curl can now upload with resume when data is read + from a stream! + +Daniel Stenberg (26 Apr 2009) +- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven + Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi + interface and provided a patch that fixed the problem! + +Daniel Stenberg (24 Apr 2009) +- Kamil Dudka fixed another NSS-related leak when client certs were used. + +- Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer + Koenig pointed out that the man page didn't tell that the *_proxy + environment variables can be specified lower case or UPPER CASE and the + lower case takes precedence, + +Daniel Fandrich (21 Apr 2009) +- Added new libcurl source files to Amiga, RiscOS and VC6 build files. + +Yang Tse (21 Apr 2009) +- Moved potential inclusion of system's malloc.h and memory.h header files to + setup_once.h. Inclusion of each header file is based on the definition of + NEED_MALLOC_H and NEED_MEMORY_H respectively. + + Renamed libcurl's memory.h to curl_memory.h + +Daniel Stenberg (20 Apr 2009) +- Leanic Lefever reported a crash and did some detailed research on why and + how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The + conclusion was that if an error is detected and Curl_done() is called for + the connection, ftp_done() could at times return another error code that + then would take precedence and that new code confused existing logic that + works for the first error code (CURLE_SEND_ERROR) only. + +- Gisle Vanem noticed that --libtool would produce bogus strings at times for + OBJECTPOINT options. Now we've introduced a new function - my_setopt_str - + within the app for setting plain string options to avoid the risk of this + mistake happening. + +Daniel Stenberg (17 Apr 2009) +- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP + proxy. libcurl would then wrongly close the connection after each + request. In his case it had the weird side-effect that it killed NTLM auth + for the proxy causing an inifinite loop! + + I added test case 1098 to verify this fix. The test case does however not + properly verify that the transfers are done persistently - as I couldn't + think of a clever way to achieve it right now - but you need to read the + stderr output after a test run to see that it truly did the right thing. + +Daniel Stenberg (13 Apr 2009) +- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin + Storsjö pointed out how setting CURLOPT_NOBODY to 0 could be downright + confusing as it set the method to either GET or HEAD. The example he showed + looked like: + + curl_easy_setopt(curl, CURLOPT_PUT, 1); + curl_easy_setopt(curl, CURLOPT_NOBODY, 0); + + The new way doesn't alter the method until the request is about to start. If + CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is + 0 and the request happens to have been set to HEAD, it will then instead be + set to GET. I believe this will be less surprising to users, and hopefully + not hit any existing users badly. + +- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned + out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue + is found in Redhat's bug tracker: + https://bugzilla.redhat.com/show_bug.cgi?id=453612 + + There are still memory leaks present, but they seem to have other reasons. + +Daniel Fandrich (11 Apr 2009) +- Added new libcurl source files to Symbian OS build files. +- Improved Symbian support for SSL. + +Yang Tse (10 Apr 2009) +- Daniel Johnson improved the MacOSX-Framework shell script to now perform all + the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64 + libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later. + +Yang Tse (8 Apr 2009) +- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also + removes it from the curlbuild.h file originally distributed by the cURL + project as this file is intended for systems not capable of running the + configure script. For those who have been building curl out of the source + code curl distribution tarball provided by curl.haxx.se the change implies + nothing. Previous change in this area committed 2 Apr becomes irrelevant. + +Daniel Stenberg (6 Apr 2009) +- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success + and 1 on fatal errors. Previously it only mentioned non-zero on fatal + errors. This is a slight change in meaning, but it follows what we've done + elsewhere before and it opens up for LOTS of more useful return codes + whenever we can think of them... + +Yang Tse (2 Apr 2009) +- Fix curl_off_t definition for builds done using Sun compilers and a + non-configured libcurl. In this case curl_off_t data type was gated + to the off_t data type which depends on the _FILE_OFFSET_BITS. This + configuration is exactly the unwanted configuration for our curl_off_t + data type which must not depend on such setting. This breaks ABI for + libcurl libraries built with Sun compilers which were built without + having run the configure script with _FILE_OFFSET_BITS different than + 64 and using the ILP32 data model. + +Daniel Stenberg (1 Apr 2009) +- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a + strdup() call failed. + +Daniel Fandrich (31 Mar 2009) +- Properly return an error code in curl_easy_recv (reported by Jim Freeman). + +Daniel Stenberg (18 Mar 2009) +- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when + NSS is used. These ciphers were added in NSS 3.4 and require to be enabled + explicitly. + +Daniel Stenberg (13 Mar 2009) +- Use libssh2_version() to present the libssh2 version in case the libssh2 + library is found to support it. + +Yang Tse (12 Mar 2009) +- Added missing Curl_read() return code checking in TELNET transfers. + +- Pierre Brico found and fixed TELNET transfers not being aborted upon + a write callback failure. + +Daniel Stenberg (11 Mar 2009) +- Kamil Dudka made the curl tool properly call curl_global_init() before any + other libcurl function. + +Yang Tse (11 Mar 2009) +- Added missing TELNET timeout support for Windows builds. This issue was + reported by Pierre Brico. + +Daniel Stenberg (9 Mar 2009) +- Frank Hempel found out a bug and provided the fix: + + curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE + option. It only enabled the cookie engine in the destination handle if + data->cookies is not NULL (where data is the source handle). In case of a + newly initialized handle which just had the cookie support enabled by a + curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was + still NULL because the setopt-call only appends the value to + data->change.cookielist, hence duplicating this handle would not have the + cookie engine switched on. + + We also concluded that the slist-functionality would be suitable for being + put in its own module rather than simply hanging out in lib/sendf.c so I + created lib/slist.[ch] for them. + +- Andreas Farber made the 'buildconf' script check for the presence of m4 + scripts to make it detect a bad checkout earlier. People with older + checkouts who don't do cvs update with the -d option won't get the new dirs + and then will get funny outputs that can be a bit hard to understand and + fix. + +Daniel Stenberg (8 Mar 2009) +- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the + allocation of the memory BIO was not being properly checked. + +- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places + in the gnutls code where we were checking for negative values for errors, + when the man pages state that GNUTLS_E_SUCCESS is returned on success and + other values indicate error conditions. + +- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that + curl didn't use sprintf() in a way that is documented to work in POSIX but + since we use our own printf() code (from libcurl) that shouldn't be a + problem. Nonetheless I modified the code to not rely on such particular + features and to not cause further raised eyebrowse with no good reason. + +Daniel Fandrich (5 Mar 2009) +- Expanded the security section of the libcurl-tutorial man page to cover + more issues for authors to consider when writing robust libcurl-using + applications. + +Yang Tse (5 Mar 2009) +- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This + issue was noticed by Chris Deidun. + +Daniel Fandrich (4 Mar 2009) +- Fixed a problem with m4 quoting in the OpenSSL configure check reported + by Daniel Johnson. + +Daniel Stenberg (3 Mar 2009) +- David James brought a patch that make libcurl close (all) dead connections + whenever you attempt to open a new connection. + + 1. After cleaning up a dead connection, "continue" instead of + returning FALSE. This ensures that we clean up all dead connections, + rather than just cleaning up the first dead connection. + 2. Move up the cleanup for dead connections so that it occurs for + all connections, rather than just the connections which have the same + preferences as our current new connection. + +Version 7.19.4 (3 March 2009) + +Daniel Stenberg (3 Mar 2009) +- David Kierznowski notified us about a security flaw + (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in + which previous libcurl versions (by design) can be tricked to access an + arbitrary local/different file instead of a remote one when + CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release + together this the addition of two new setopt options for controlling this + new behavior: + + o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to + follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option + excludes the FILE and SCP protocols and thus you nee to explicitly allow + them in your app if you really want that behavior. + + o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch + using the primary URL option. This is useful if you want to allow a user or + other outsiders control what URL to pass to libcurl and yet not allow all + protocols libcurl may have been built to support. + +Daniel Stenberg (27 Feb 2009) +- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and + CURLOPT_LOCALPORT were used together (the local port bind failed), and + Markus Koetter provided the fix! + +Daniel Stenberg (25 Feb 2009) +- As Daniel Fandrich figured out, we must do the GnuTLS initing in the + curl_global_init() function to properly maintain the performing functions + thread-safe. We've previously (28 April 2007) moved the init to a later time + just to avoid it to fail very early when libgcrypt dislikes the situation, + but that move was bad and the fix should rather be in libgcrypt or + elsewhere. + +Daniel Stenberg (24 Feb 2009) +- Brian J. Murrell found out that Negotiate proxy authentication didn't work. + It happened because the code used the struct for server-based auth all the + time for both proxy and server auth which of course was wrong. + +Daniel Stenberg (23 Feb 2009) +- After a bug reported by James Cheng I've made curl_easy_getinfo() for + CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return + -1 if the sizes aren't know. Previously these returned 0, make it impossible + to detect the difference between actually zero and unknown. + +Yang Tse (23 Feb 2009) +- Daniel Johnson provided a shell script that will perform all the steps needed + to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework + +Daniel Stenberg (23 Feb 2009) +- I renamed everything in the windows builds files that used the name 'curllib' + to the proper 'libcurl' as clearly this caused confusion. + +Yang Tse (20 Feb 2009) +- Do not halt compilation when using VS2008 to build a Windows 2000 target. + +Daniel Stenberg (20 Feb 2009) +- Linus Nielsen Feltzing reported and helped me repeat and fix a problem with + FTP with the multi interface: when a transfer fails, like when aborted by a + write callback, the control connection was wrongly closed and thus not + re-used properly. + + This change is also an attempt to cleanup the code somewhat in this area, as + now the FTP code attempts to keep (better) track on pending responses + necessary to get read in ftp_done(). + +Daniel Stenberg (19 Feb 2009) +- Patrik Thunstrom reported a problem and helped me repeat it. It turned out + libcurl did a superfluous 1000ms wait when doing SFTP downloads! + + We read data with libssh2 while doing the "DO" operation for SFTP and then + when we were about to start getting data for the actual file part, the + "TRANSFER" part, we waited for socket action (in 1000ms) before doing a + libssh2-read. But in this case libssh2 had already read and buffered the + data so we ended up always just waiting 1000ms before we get working on the + data! + +Patrick Monnerat (18 Feb 2009) +- FTP downloads (i.e.: RETR) ending with code 550 now return error + CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE. + +Daniel Stenberg (17 Feb 2009) +- Kamil Dudka made NSS-powered builds compile and run again! + +- A second follow-up change by Andre Guibert de Bruet to fix a related memory + leak like that fixed on the 14th. When zlib returns failure, we need to + cleanup properly before returning error. + +- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 for + plain FTP connections, and it will then allow MKD to fail once and retry the + CWD afterwards. This is especially useful if you're doing many simultanoes + connections against the same server and they all have this option enabled, + as then CWD may first fail but then another connection does MKD before this + connection and thus MKD fails but trying CWD works! The numbers can + (should?) now be set with the convenience enums now called + CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. + + Tests has proven that if you're making an application that uploads a set of + files to an ftp server, you will get a noticable gain in speed if you're + using multiple connections and this option will be then be very useful. + +Daniel Stenberg (14 Feb 2009) +- Andre Guibert de Bruet found and fixed a memory leak in the content encoding + code, which could happen on libz errors. + +Daniel Fandrich (12 Feb 2009) +- Added support for Digest and NTLM authentication using GnuTLS. + +Daniel Stenberg (11 Feb 2009) +- CURLINFO_CONDITION_UNMET was added to allow an application to get to know if + the condition in the previous request was unmet. This is typically a time + condition set with CURLOPT_TIMECONDITION and was previously not possible to + reliably figure out. From bug report #2565128 + (http://curl.haxx.se/bug/view.cgi?id=2565128) filed by Jocelyn Jaubert. + +Daniel Fandrich (4 Feb 2009) +- Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS + (respectively) when --with-ssl=/usr is used (patch based on FreeBSD). + +- Added an explicit buffer limit check in msdosify() (patch based on FreeBSD). + This couldn't ever overflow in curl, but might if the code were used + elsewhere or under different conditions. + +Daniel Stenberg (3 Feb 2009) +- Hidemoto Nakada provided a small fix that makes it possible to get the + CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with + CURLOPT_NOBODY set true. + +Daniel Stenberg (2 Feb 2009) +- Patrick Scott found a rather large memory leak when using the multi + interface and setting CURLMOPT_MAXCONNECTS to something less than the number + of handles you add to the multi handle. All the connections that didn't fit + in the cache would not be properly disconnected nor freed! + +- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP + version 1.1 instead of 1.0 like before. This change also introduces the new + proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to + switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 + option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. + + I updated all test cases cases that use CONNECT and I tried to do some using + --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run. + +Daniel Stenberg (31 Jan 2009) +- When building with c-ares 1.6.1 (not yet released) or later and IPv6 support + enabled, we can now take advantage of its brand new AF_UNSPEC support in + ares_gethostbyname(). This makes test case 241 finally run fine for me with + this setup since it now parses the "::1 ip6-localhost" line fine in my + /etc/hosts file! + +Daniel Stenberg (30 Jan 2009) +- Scott Cantor filed bug report #2550061 + (http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to + properly make sure that the VC9 makefiles got included in the latest + release. I've now fixed the release script and verified it so next release + will hopefully include them properly! + +Daniel Fandrich (30 Jan 2009) +- Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for + reporting. + +Yang Tse (29 Jan 2009) +- Introduced curl_sspi.c and curl_sspi.h for the implementation of functions + Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were + named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c + Also adjusted socks_sspi.c to remove the link-time dependency on the Windows + SSPI library using it now in the same way as it was done in http_ntlm.c. + +Daniel Stenberg (28 Jan 2009) +- Markus Moeller introduced two new options to libcurl: + CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl + to do GSS-style authentication with SOCKS5 proxies. The curl tool got the + options called --socks5-gssapi-service and --socks5-gssapi-nec to enable + these. + +Daniel Stenberg (26 Jan 2009) +- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app + to set desired block size to use for TFTP transfers instead of the default + 512 bytes. + +- The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to + disable "rfc4507bis session ticket support". rfc4507bis was later turned + into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077 + + The enabled extension concerns the session management. I wonder how often + libcurl stops a connection and then resumes a TLS session. also, sending the + session data is some overhead. .I suggest that you just use your proposed + patch (which explicitly disables TICKET). + + If someone writes an application with libcurl and openssl who wants to + enable the feature, one can do this in the SSL callback. + + Sharad Gupta brought this to my attention. Peter Sylvester helped me decide + on the proper action. + +- Alexey Borzov filed bug report #2535504 + (http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with + quoted quotation marks in HTTP Digest headers didn't work. I've now added + test case 1095 that verifies my fix. + +- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option. + They basically offer the same thing the NO_PROXY environment variable only + offered previously: list a set of host names that shall not use the proxy + even if one is specified. + +Daniel Fandrich (20 Jan 2009) +- Call setlocale() for libtest tests to test the effects of locale-induced + libc changes on libcurl. + +- Fixed a couple more locale-dependent toupper conversions, mainly for + clarity. This does fix one problem that causes ;type=i FTP URLs + to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is + used (test case 561) + +- Added tests 561 and 1091 through 1094 to test various combinations + of ;type= and ;mode= URLs that could potentially fail in the Turkish + locale. + +Daniel Stenberg (20 Jan 2009) +- Lisa Xu pointed out that the ssh.obj file was missing from the + lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too). + +Version 7.19.3 (19 January 2009) + +Daniel Stenberg (16 Jan 2009) +- Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both + 32 bit and 64 bit. + +Daniel Stenberg (15 Jan 2009) +- Tim Ansell fixed a compiler warning in lib/cookie.c + +Daniel Stenberg (14 Jan 2009) +- Grant Erickson fixed timeouts for TFTP such that specifying a + connect-timeout, a max-time or both options work correctly and as expected + by passing the correct boolean value to Curl_timeleft via the + 'duringconnect' parameter. + + With this small change, curl TFTP now behaves as expected (and likely as + originally-designed): + + 1) For non-existent or unreachable dotted IP addresses: + + a) With no options, follows the default curl 300s timeout... + b) With --connect-timeout only, follows that value... + c) With --max-time only, follows that value... + d) With both --connect-timeout and --max-time, follows the smaller value... + + and times out with a "curl: (7) Couldn't connect to server" error. + + 2) For transfers to/from a valid host: + + a) With no options, follows default curl 300s timeout for the + first XRQ/DATA/ACK transaction and the default TFTP 3600s + timeout for the remainder of the transfer... + + b) With --connect-time only, follows that value for the + first XRQ/DATA/ACK transaction and the default TFTP 3600s + timeout for the remainder of the transfer... + + c) With --max-time only, follows that value for the first + XRQ/DATA/ACK transaction and for the remainder of the + transfer... + + d) With both --connect-timeout and --max-time, follows the former + for the first XRQ/DATA/ACK transaction and the latter for the + remainder of the transfer... + + and times out with a "curl: (28) Timeout was reached" error as + appropriate. + +Daniel Stenberg (13 Jan 2009) +- Michael Wallner fixed a NULL pointer deref when calling + curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no + cookies data. + +- Stefan Teleman brought a patch to fix the default curlbuild.h file for the + SunPro compilers. + +Daniel Stenberg (12 Jan 2009) +- Based on bug report #2498665 (http://curl.haxx.se/bug/view.cgi?id=2498665) + by Daniel Black, I've now added magic to the configure script that makes it + use pkg-config to detect gnutls details as well if the existing method + (using libgnutls-config) fails. While doing this, I cleaned up and unified + the pkg-config usage when detecting openssl and nss as well. + +Daniel Stenberg (11 Jan 2009) +- Karl Moerder brought the patch that creates vc9 Makefiles, and I made + 'maketgz' now use the actual makefile targets to do the VC8 and VC9 + makefiles. + +Daniel Stenberg (10 Jan 2009) +- Emil Romanus fixed: + + When using the multi interface over HTTP and the server returns a Location + header, the running easy handle will get stuck in the CURLM_STATE_PERFORM + state, leaving the external event loop stuck waiting for data from the + ingoing socket (when using the curl_multi_socket_action stuff). While this + bug was pretty hard to find, it seems to require only a one-line fix. The + break statement on line 1374 in multi.c caused the function to skip the call + to multistate(). + + How to reproduce this bug? Well, that's another question. evhiperfifo.c in + the examples directory chokes on this bug only _sometimes_, probably + depending on how fast the URLs are added. One way of testing the bug out is + writing to hiper.fifo from more than one source at the same time. + +Daniel Fandrich (7 Jan 2009) +- Unified much of the SessionHandle initialization done in Curl_open() and + curl_easy_reset() by creating Curl_init_userdefined(). This had the side + effect of fixing curl_easy_reset() so it now also resets + CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE + +Daniel Stenberg (7 Jan 2009) +- Rob Crittenden did once again provide an NSS update: + + I have to jump through a few hoops now with the NSS library initialization + since another part of an application may have already initialized NSS by the + time Curl gets invoked. This patch is more careful to only shutdown the NSS + library if Curl did the initialization. + + It also adds in a bit of code to set the default ciphers if the app that + call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific + ciphers. One might argue that this lets other application developers get + lazy and/or they aren't using the NSS API correctly, and you'd be right. + But still, this will avoid terribly difficult-to-trace crashes and is + generally helpful. + +Daniel Stenberg (1 Jan 2009) +- 'reconf' is removed since we rather have users use 'buildconf' + +Daniel Stenberg (31 Dec 2008) +- Bas Mevissen reported http://curl.haxx.se/bug/view.cgi?id=2479030 pointing + out that 'reconf' didn't properly point out the m4 subdirectory when running + aclocal. + +Daniel Stenberg (29 Dec 2008) + - Phil Lisiecki filed bug report #2413067 + (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that + would cause libcurl to mark a DNS cache entry "in use" eternally if the + subsequence TCP connect failed. It would thus never get pruned and refreshed + as it should've been. + + Phil provided his own patch to this problem that while it seemed to work + wasn't complete and thus I wrote my own fix to the problem. + +Daniel Stenberg (28 Dec 2008) +- Peter Korsgaard fixed building libcurl with "configure --with-ssl + --disable-verbose". + +- Anthony Bryan fixed more language and spelling flaws in man pages. + +Daniel Stenberg (22 Dec 2008) +- Given a recent enough libssh2, libcurl can now seek/resume with SFTP even + on file indexes beyond 2 or 4GB. + +- Anthony Bryan provided a set of patches that cleaned up manual language, + corrected spellings and more. + +Daniel Stenberg (20 Dec 2008) +- Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing + pipelining, as libcurl could then easily get confused and A) work on the + handle that was not "first in queue" on a pipeline, or even B) tell the app + to REMOVE a socket while it was in use by a second handle in a pipeline. Both + errors caused hanging or stalling applications. + +Daniel Stenberg (19 Dec 2008) +- curl_multi_timeout() could return a timeout value of 0 even though nothing + was actually ready to get done, as the internal time resolution is higher + than the returned millisecond timer. Therefore it could cause applications + running on fast processors to do short bursts of busy-loops. + curl_multi_timeout() will now only return 0 if the timeout is actually + alreay triggered. + +- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl + now has an improved ability to do right when the multi interface (both + "regular" and multi_socket) is used for SCP and SFTP transfers. This should + result in (much) less busy-loop situations and thus less CPU usage with no + speed loss. + +Daniel Stenberg (17 Dec 2008) +- SCP and SFTP with the multi interface had the same flaw: the 'DONE' + operation didn't complete properly if the EAGAIN equivalent was returned but + libcurl would simply continue with a half-completed close operation + performed. This ruined persistent connection re-use and cause some + SSH-protocol errors in general. The correction is unfortunately adding a + blocking function - doing it entirely non-blocking should be considered for + a better fix. + +Gisle Vanem (16 Dec 2008) +- Added the possibility to use the Watt-32 tcp/ip stack under Windows. + The change simply involved adding a USE_WATT32 section in the + config-win32.h files (under ./lib and ./src). This section disables + the use of any Winsock headers. + +Daniel Stenberg (16 Dec 2008) +- libssh2_sftp_last_error() was wrongly used at some places in libcurl which + made libcurl sometimes not properly abort problematic SFTP transfers. + +Daniel Stenberg (12 Dec 2008) +- More work with Igor Novoseltsev to first fix the remaining stuff for + removing easy handles from multi handles when the easy handle is/was within + a HTTP pipeline. His bug report #2351653 + (http://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was + eventually fixed by a patch by Igor himself. + +Yang Tse (12 Dec 2008) +- Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting + OS/400 compilations with IPv6 enabled. + +Daniel Stenberg (12 Dec 2008) +- Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists + when using duphandle+curl_mutli" + (http://curl.haxx.se/bug/view.cgi?id=2416182) which showed that + curl_easy_duphandle() wrongly also copied the pointer to the connection + cache, which was plain wrong and caused a segfault if the handle would be + used in a different multi handle than the handle it was duplicated from. + +Daniel Stenberg (11 Dec 2008) +- Keshav Krity found out that libcurl failed to deal with dotted IPv6 + addresses if they were very long (>39 letters) due to a too strict address + validity parser. It now accepts addresses up to 45 bytes long. + +Daniel Stenberg (11 Dec 2008) +- Internet Explorer had a broken HTTP digest authentication before v7 and + there are servers "out there" that relies on the client doing this broken + Digest authentication. Apache even comes with an option to work with such + broken clients. + + The difference is only for URLs that contain a query-part (a '?'-letter and + text to the right of it). + + libcurl now supports this quirk, and you enable it by setting the + CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or + CURLOPT_PROXYAUTH options. They are thus individually controlled to server + and proxy. + + (note that there's no way to activate this with the curl tool yet) + +Daniel Fandrich (9 Dec 2008) +- Added test cases 1089 and 1090 to test --write-out after a redirect to + test a report that the size didn't work, but these test cases pass. + +- Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs. + +Daniel Stenberg (9 Dec 2008) +- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any + particular state for the control connection like it did before for implicit + FTPS (libcurl assumed such control connections to be encrypted while some + FTPS servers such as FileZilla assumes such connections to be clear + mode). Use the CURLOPT_USE_SSL option to set your desired level. + +Daniel Stenberg (8 Dec 2008) +- Fred Machado posted about a weird FTP problem on the curl-users list and when + researching it, it turned out he got a 550 response back from a SIZE command + and then I fell over the text in RFC3659 that says: + + The presence of the 550 error response to a SIZE command MUST NOT be taken + by the client as an indication that the file cannot be transferred in the + current MODE and TYPE. + + In other words: the change I did on September 30th 2008 and that has been + included in the last two releases were a regression and a bad idea. We MUST + NOT take a 550 response from SIZE as a hint that the file doesn't exist. + +- Christian Krause filed bug #2221237 + (http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite + loop during GSS authentication given some specific conditions. With his + patience and great feedback I managed to narrow down the problem and + eventually fix it although I can't test any of this myself! + +Daniel Fandrich (3 Dec 2008) +- Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6 + support (e.g. Minix) + +Daniel Stenberg (3 Dec 2008) +- Igor Novoseltsev filed bug #2351645 + (http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with + the multi interface that occured if you removed an easy handle while in + progress and the handle was used in a HTTP pipeline. + +- Pawel Kierski pointed out a mistake in the cookie code that could lead to a + bad fclose() after a fatal error had occured. + (http://curl.haxx.se/bug/view.cgi?id=2382219) + +Daniel Fandrich (25 Nov 2008) +- If a HTTP request is Basic and num is already >=1000, the HTTP test + server adds 1 to num to get the data section to return. This allows + testing authentication negotiations using the Basic authentication + method. + +- Added tests 1087 and 1088 to test Basic authentication on a redirect + with and without --location-trusted + +Daniel Stenberg (24 Nov 2008) +- Based on a patch by Vlad Grachov, libcurl now uses a new libssh2 0.19 + function when built to support SCP and SFTP that helps the library to know + in which direction a particular libssh2 operation would return EAGAIN so + that libcurl knows what socket conditions to wait for before trying the + function call again. Previously (and still when using libssh2 0.18 or + earlier), libcurl will busy-loop in this situation when the easy interface + is used! + +Daniel Fandrich (20 Nov 2008) +- Automatically detect OpenBSD's CA cert bundle. + +Daniel Stenberg (19 Nov 2008) +- I removed the default use of "Pragma: no-cache" from libcurl when a proxy is + used. It has been used since forever but it was never a good idea to use + unless explicitly asked for. + +- Josef Wolf's extension that allows a $TESTDIR/gdbinit$testnum file that when + you use runtests.pl -g, will be sourced by gdb to allow additional fancy or + whatever you see fit + +- Christian Krause reported and fixed a memory leak that would occur with HTTP + GSS/kerberos authentication (http://curl.haxx.se/bug/view.cgi?id=2284386) + +- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas got + when uploading files to a single FTP server using multiple easy handle + handles with the multi interface. Occasionally a handle would stall in + mysterious ways. + + The problem turned out to be a side-effect of the ConnectionExists() + function's eagerness to re-use a handle for HTTP pipelining so it would + select it even if already being in use, due to an inadequate check for its + chances of being used for pipelnining. + +Daniel Fandrich (17 Nov 2008) +- Added more compiler warning options for gcc 4.3 + +Yang Tse (17 Nov 2008) +- Fix a remaining problem in the inet_pton() runtime configure check. And + fix internal Curl_inet_pton() failures to reject certain malformed literals. + +- Make configure script check if ioctl with the SIOCGIFADDR command can be + used, and define HAVE_IOCTL_SIOCGIFADDR if appropriate. + +Daniel Stenberg (16 Nov 2008) +- Christian Krause fixed a build failure when building with gss support + enabled and FTP disabled. + +- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c + - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do + for example -O on a url with a file name part longer than PATH_MAX letters + +- lib/nss.c fixes based on the report by Jim Meyering: I went over and added + checks for return codes for all calls to malloc and strdup that were + missing. I also changed a few malloc(13) to use arrays on the stack and a + few malloc(PATH_MAX) to instead use aprintf() to lower memory use. + +- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is + in use. + +Daniel Fandrich (14 Nov 2008) +- Added .xml as one of the few common file extensions known by the multipart + form generator. + +- Added some #ifdefs around header files and change the EAGAIN test to + fix compilation on Cell (reported by Jeff Curley). + +Yang Tse (14 Nov 2008) +- Fixed several configure script issues affecting checks for inet_ntoa_r(), + inet_ntop(), inet_pton(), getifaddrs(), fcntl() and getaddrinfo(). + +Yang Tse (13 Nov 2008) +- Refactored configure script detection of functions used to set sockets into + non-blocking mode, and decouple function detection from function capability. + +Version 7.19.2 (13 November 2008) + +Michal Marek (13 Nov 2008) +- Fixed a potential data loss in Curl_client_write() when the transfer is + paused. + +Daniel Stenberg (11 Nov 2008) +- Rainer Canavan filed bug #2255627 + (http://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a + program using libcurl's multi interface to download a HTTPS page with a + libcurl built powered by OpenSSL, would easily get silly and instead hand + over SSL details as data instead of the actual HTTP headers and body. This + happened because libcurl would consider the connection handshake done too + early. This problem was introduced at September 22nd 2008 with my fix of the + bug #2107377 + + The correct fix is now instead done within the GnuTLS-handling code, as both + the OpenSSL and the NSS code already deal with this situation in similar + fashion. I added test case 560 in an attempt to verify this fix, but + unfortunately it didn't trigger it even before this fix! + +Yang Tse (11 Nov 2008) +- Related with bug #2230535 (http://curl.haxx.se/bug/view.cgi?id=2230535) + Daniel Fandrich noticed that curl_addrinfo was also missing in the build + process of other four non-configure platforms. Added now. + +Daniel Fandrich (7 Nov 2008) +- The getifaddrs() version of Curl_if2ip() crashed when used on a Linux + system with a TEQL load-balancing device configured, which doesn't + have an address. Thanks to Adam Sampson for spotting this (bug #2234923). + +Yang Tse (6 Nov 2008) +- Merged existing IPv4 and IPv6 Curl_ip2addr functions into a single one + which now also takes a protocol address family argument. + +- Bug #2230535 (http://curl.haxx.se/bug/view.cgi?id=2230535) pointed out a + problem with MSVC 6 makefile that caused a build failure. It was noted that + the curl_addrinfo.obj reference was missing. I took the opportunity to sort + the list in which this was missing. Issue submitted by John Wilkinson. + +Version 7.19.1 (5 November 2008) + +Daniel Stenberg (4 Nov 2008) +- CURLINFO_FILETIME now works for file:// transfers as well + +Daniel Stenberg (3 Nov 2008) +- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a + problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL + pointer read. I also took the opportunity to clean up this logic (storing of + the connection's IP address) somewhat as we had it stored in two different + places and ways previously and they are now unified. + +Yang Tse (3 Nov 2008) +- Fix undersized IPv6 address internal buffer. IPv6 address strings longer + than 35 characters would be truncated. + +Daniel Stenberg (2 Nov 2008) +- Daniel Johnson reported and fixed: + + When c-ares isn't enabled, libcurl by default calls getaddrinfo with family + set to PF_UNSPEC which causes getaddrinfo to return all available addresses, + both IPv4 and IPv6. Libcurl then tries each one until it can connect. If the + net connection doesn't support IPv6, libcurl can still fall back to IPv4. + + However, since c-ares doesn't support PF_UNSPEC, when it's used it defaults + to using family=PF_INET6 and therefore only returns IPv6 addresses when AAAA + records are available, even if IPv4 addresses are also available. The effect + is that since my ISP doesn't do IPv6, libcurl can't connect at all to a site + that has AAAA records. It will work if I explicitly use CURL_IPRESOLVE_V4 or + --ipv4 with the curl tool. I discovered this when curl would fail to connect + to seemingly random sites. It turns out they weren't random, they were sites + with AAAA records. + + So now libcurl defaults to PF_INET... until c-ares has been tought to offer + both. + +Yang Tse (31 Oct 2008) +- Tests 558 and 559 are stabilized. These two tests were initially introduced + to aid in the location of a seg-fault which was only triggered on non-debug + builds done with the icc 9.1 Intel compiler. Test 558 does not trigger the + problem, but test 559 does trigger it. As of today, it isn't yet absolutely + clear if it is a compiler optimizer issue or a memory corruption one. + +Yang Tse (30 Oct 2008) +- Use our Curl_addrinfo structure definition to handle address info data even + when a system addrinfo struct is available. Provide and use a wrapper around + systems getaddrinfo function, Curl_getaddrinfo_ex which returns a pointer to + a list of dynamically allocated Curl_addrinfo structs. + + Configure will check freeaddrinfo and getaddrinfo functions and define + preprocessor symbols HAVE_FREEADDRINFO and HAVE_GETADDRINFO when appropriate. + +Daniel Fandrich (29 Oct 2008) +- Fixed a bug that caused a few bytes of garbage to be sent after a + curl_easy_pause() during a chunky upload. Reported by Steve Roskowski. + +Daniel Fandrich (28 Oct 2008) +- Changed the "resolve" test precheck program to verify that an IPv6 socket + can be created before resolving the IPv6 name. In the context of running + a test, it doesn't make sense to run an IPv6 test when a host is resolvable + but IPv6 isn't usable. This should fix failures of test 1085 on hosts with + library and DNS support for IPv6 but where actual use of IPv6 has been + administratively disabled. + +Daniel Fandrich (24 Oct 2008) +- Added experimental support for zlib and OpenSSL on Symbian OS. + +Daniel Fandrich (21 Oct 2008) +- Fixed some problems with SFTP range support to fix test cases 634 through + 637. + +Daniel Fandrich (17 Oct 2008) +- Fixed a compile error reported by Albert Chin on AIX and IRIX when using + GTLS. + +Daniel Stenberg (16 Oct 2008) +- Igor Novoseltsev added CURLOPT_PROXYUSER and CURLOPT_PROXYPASSWORD that then + make CURLOPT_PROXYUSERPWD sort of deprecated. The primary motive for adding + these new options is that they have no problems with the colon separator + that the CURLOPT_PROXYUSERPWD option does. + +Daniel Stenberg (15 Oct 2008) +- Pascal Terjan filed bug #2154627 + (http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl + uses strcasecmp() in multiple places where it causes failures when the + Turkish locale is used. This is because 'i' and 'I' isn't the same letter so + strcasecmp() on those letters are different in Turkish than in English (or + just about all other languages). I thus introduced a totally new internal + function in libcurl (called Curl_raw_equal) for doing case insentive + comparisons for english-(ascii?) style strings that thus will make "file" + and "FILE" match even if the Turkish locale is selected. + +Daniel Fandrich (15 Oct 2008) +- A <precheck> command is considered to have failed if it returns a non-zero + return code. This way, if the precheck command can't be run at all for + whatever reason, it's treated as a precheck failure which causes the + test to be skipped. + +Daniel Stenberg (15 Oct 2008) +- John Wilkinson filed bug #2155496 + (http://curl.haxx.se/bug/view.cgi?id=2155496) pointing out an error case + without a proper human-readable error message. When a read callback returns + a too large value (like when trying to return a negative number) it would + trigger and the generic error message then makes the proplem slightly + different to track down. I've added an error message for this now. + +Daniel Fandrich (9 Oct 2008) +- Fixed the --interface option to work with IPv6 connections on glibc + systems supporting getifaddrs(). Also fixed a problem where an IPv6 + address could be chosen instead of an IPv4 one for --interface when it + involved a name lookup. + +Daniel Fandrich (8 Oct 2008) +- Added tests 1082 through 1085 to test symbolic --interface parameters + +- Added tests 633 through 637 to test the new file range support for SFTP. + All but the first test cause an infinite loop or other failure and so + are added to DISABLED. + +Daniel Stenberg (8 Oct 2008) +- John Wilkinson filed bug #2152270 + (http://curl.haxx.se/bug/view.cgi?id=2152270) which identified and fixed a + CURLINFO_REDIRECT_URL memory leak and an additional wrong-doing: + + Any subsequent transfer with a redirect leaks memory, eventually crashing + the process potentially. + + Any subsequent transfer WITHOUT a redirect causes the most recent redirect + that DID occur on some previous transfer to still be reported. + +- Igor Novoseltsev filed bug #2111613 + (http://curl.haxx.se/bug/view.cgi?id=2111613) that eventually identified a + flaw in how the multi_socket interface in some cases missed to call the + timeout callback when easy interfaces are removed and added within the same + millisecond. + +- Igor Novoseltsev brought a patch that introduced two new options to + curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of + deprecates the good old CURLOPT_USERPWD since they allow applications to set + the user name and password independently and perhaps more importantly allow + both to contain colon(s) which CURLOPT_USERPWD doesn't fully support. + +Daniel Fandrich (7 Oct 2008) +- Changed the handling of read/write errors in Curl_perform() to allow a + a fresh connection to be made in such cases and the request retransmitted. + This should fix test case 160. Added test case 1079 in an attempt to + test a similar connection dropping scenario, but as a race condition, it's + hard to test reliably. + +- Created test cases 1080 and 1081 to reproduce a problem of + CURLINFO_REDIRECT_URL leaking memory and returning incorrect results when + two URLs are requested. Reported by vmpdemo in bug #2152270 + +Daniel Stenberg (7 Oct 2008) +- Fixed CURLINFO_PRIMARY_IP: When libcurl created a connection to host A then + the app re-used the handle to do a connection to host B and then again + re-used the handle to host A, it would not update the info with host A's IP + address (due to the connection being re-used) but it would instead report + the info from host B. + +Yang Tse (7 Oct 2008) +- Added --enable-optimize configure option to enable and disable compiler + optimizations to allow decoupled setting from --enable-debug. + +Yang Tse (2 Oct 2008) +- Added --enable-warnings configure option to enable and disable strict + compiler warnings to allow decoupled setting from --enable-debug. + + runtests.pl will now run with picky compiler warnings enabled unless + explicitly disabled. + +Daniel Fandrich (1 Oct 2008) +- "make clean" now cleans out the docs and tests directories, too. + +Daniel Stenberg (30 Sep 2008) +- The libcurl FTP code now returns CURLE_REMOTE_FILE_NOT_FOUND error when SIZE + gets a 550 response back for the cases where a download (or NOBODY) is + wanted. It still allows a 550 as response if the SIZE is used as part of an + upload process (like if resuming an upload is requested and the file isn't + there before the upload). I also modified the FTP test server and a few test + cases accordingly to match this modified behavior. + +Daniel Stenberg (29 Sep 2008) +- Daniel Egger provided a patch that allows you to disable proxy support in + libcurl to somewhat reduce the size of the binary. Run configure + --disable-proxy. + +Daniel Fandrich (29 Sep 2008) +- Moved all signal-based name resolution timeout handling into a single new + Curl_resolv_timeout function to reduce coupling. + +Daniel Stenberg (29 Sep 2008) +- Ian Lynagh provided a patch that now makes CURLOPT_RANGE work fine for SFTP + downloads! + +- Maxim Ivanov filed bug report #2107803 + (http://curl.haxx.se/bug/view.cgi?id=2107803) "no CURLINFO_REDIRECT_URL in + multi mode" together with a patch that fixed the problem. + +Daniel Stenberg (25 Sep 2008) +- Emanuele Bovisio submitted bug report #2126435. We fixed the HTTP Digest + auth code to not behave badly when getting a blank realm with + realm="". http://curl.haxx.se/bug/view.cgi?id=2126435 + +Daniel Fandrich (23 Sep 2008) +- Make sure not to dereference the wrong UrlState proto union member when + switching from one protocol to another in a single request (e.g. + redirecting from HTTP to FTP as in test 1055) by resetting + state.expect100header before every request. + +Daniel Stenberg (23 Sep 2008) +- Introducing Jamie Lokier's function for date to epoch conversion used in the + date parser function. This makes our function less dependent on system- + provided functions and instead we do all the magic ourselves. We also no + longer depend on the TZ environment variable. Switching to our own converter + has some side-effect and they are noted here for future reference (taken + from a mail by mr Lokier): + + time_t is not measured in seconds in the ANSI C standard - or even counted + uniformly - weird platforms can use other numeric representations of dates + in time_t - hence the difftime() function. + + On POSIX time_t is measured in UTC seconds, which means not including leap + seconds. But it's mentioned in a few places that some old POSIX-ish + environments include leap seconds in their time_t counts... + + I'm pretty sure [the new implementation is] correct on anything truly POSIX. + And it's obviously a lot less dependent on platform quirks and corner cases + in many ways than the mktime() version. + +- Rob Crittenden brought a patch to "add some locking for thread-safety to NSS + implementation". + +Daniel Stenberg (22 Sep 2008) +- Made the SOCKS code use the new Curl_read_plain() function to fix the bug + Markus Moeller reported: http://curl.haxx.se/mail/archive-2008-09/0016.html + +- recv() errors other than those equal to EAGAIN now cause proper + CURLE_RECV_ERROR to get returned. This made test case 160 fail so I've now + disabled it until we can figure out another way to exercise that logic. + +- Michael Goffioul filed bug report #2107377 "Problem with multi + GnuTLS + + proxy" (http://curl.haxx.se/bug/view.cgi?id=2107377) that showed how a multi + interface using program didn't work when built with GnuTLS and a CONNECT + request was done over a proxy (basically test 502 over a proxy to a HTTPS + site). It turned out the ssl connect function would get called twice which + caused the second call to fail. + +Daniel Fandrich (22 Sep 2008) +- Fixed test 539 to handle an out of memory condition that shows up now + that memdebug.h is included in the test programs. + +Yang Tse (20 Sep 2008) +- Fix regression in configure script which affected OpenSSL builds on MSYS. + +Yang Tse (19 Sep 2008) +- configure script now checks availability of the alarm() function. + +Daniel Fandrich (18 Sep 2008) +- Don't bother to install a SIGALRM handler unless alarm() is available. + Also, leave the existing SIGALRM handler alone if the timeout is too small + to handle. + +Daniel Fandrich (17 Sep 2008) +- Removed reference to curl-ca-bundle.crt in the host verification failure + error message. + +Yang Tse (17 Sep 2008) +- Improve configure detection of gethostname(), localtime_r(), strstr(), + getservbyport_r(), gethostbyaddr_r() and gethostbyname_r(). + +Yang Tse (14 Sep 2008) +- Improve configure detection of strcasecmp(), strcasestr(), strcmpi(), + stricmp(), strlcat(), strncasecmp(), strncmpi() and strnicmp(). + +Yang Tse (13 Sep 2008) +- Disable tracking of fdopen() calls in the low-level memory leak tracking + code when fdopen() is not available, to avoid compiler error. + +Yang Tse (12 Sep 2008) +- Further adjust detection of strerror_r() in the configure process, and + ensure that errno is not modified inside Curl_strerror(). + +Yang Tse (10 Sep 2008) +- Improve detection of gmtime_r(), strtoll(), sigaction(), strtok_r(), + strdup() and ftruncate() in the configure process. + +Daniel Fandrich (9 Sep 2008) +- Mike Revi discovered some swapped speed switches documented in the curl man + page. + +- Checked in some documentation and code improvements and fixes that I + discovered in the FreeBSD ports system. + +Daniel Stenberg (8 Sep 2008) +- Dmitry Kurochkin patched a problem: I have found bug in pipelining through + proxy. I have a transparent proxy. When running with http_proxy environment + variable not set my test completes fine (it goes through transparent + proxy). When I set http_proxy variable my test hangs after the first + downloaded is complete. Looks like the second handle never gets out from + WAITDO state. + + The fix: It makes checkPendPipeline move 1 handler from pend pipe to send + pipe if pipelining is not supported by server but there are no handles in + send and recv pipes. + +- Stefan Krause pointed out that libcurl would wrongly send away cookies to + sites in cases where the cookie clearly has a very old expiry date. The + condition was simply that libcurl's date parser would fail to convert the + date and it would then count as a (timed-based) match. Starting now, a + missed date due to an unsupported date format or date range will now cause + the cookie to not match. + +Daniel Fandrich (5 Sep 2008) +- Improved the logic that decides whether to use HTTP 1.1 features or not in a + request. Setting a specific version with CURLOPT_HTTP_VERSION overrides + all other checks, but otherwise, a 1.0 request will be made if the server + is known to support only 1.0 because it previously responded so and the + connection was kept alive, or a response to a previous request on this handle + came back as 1.0. The latter could take place in cases like redirection or + authentication where several requests have to be made before the operation + is complete. If any one of the servers in a redirection chain supports only + 1.0, then remaining requests will be sent in 1.0 mode. + +- Detect cases where an upload must be sent chunked and the server supports + only HTTP 1.0 and return CURLE_UPLOAD_FAILED. + +Daniel Stenberg (5 Sep 2008) +- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames + CURLOPT_POST301 (but adds a define for backwards compatibility for you who + don't define CURL_NO_OLDIES). This option allows you to now also change the + libcurl behavior for a HTTP response 302 after a POST to not use GET in the + subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the + patch somewhat before commit. The curl tool got a matching --post302 + option. Test case 1076 was added to verify this. + +- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By + enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS + or FTPS), libcurl will gather lots of server certificate info and that info + can then get extracted by a client after the request has completed with + curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing + helped me test and smoothen out this feature. + + Unfortunately, this feature currently only works with libcurl built to use + OpenSSL. + + This feature was sponsored by networking4all.com - thanks! + +- Dmitriy Sergeyev pointed out that curl_easy_pause() didn't unpause properly + during certain conditions. I also changed this code to use realloc() based + on Daniel Fandrich's suggestion. + +Guenter Knauf (4 Sep 2008) +- MingW32 non-configure builds are now largefile feature enabled by default. + NetWare LIBC builds are also now largefile feature enabled by default. + +Yang Tse (4 Sep 2008) +- Several fixes related with print formatting string directives. + +Daniel Fandrich (3 Sep 2008) +- Search for the FreeBSD CA cert file /usr/local/share/certs/ca-root.crt + +Daniel Fandrich (2 Sep 2008) +- Fixed an out of memory problem that caused torture test failures in tests + 706 and 707. + +Daniel Stenberg (2 Sep 2008) +- Keith Mok added supported_protocols and supported_features to the pkg-config + file for libcurl, and while doing that fix he unified with curl-config.in + how the supported protocols and features are extracted and used, so both those + tools should now always be synced. + +Version 7.19.0 (1 September 2008) + +Daniel Fandrich (29 Aug 2008) +- Added tests 1071 through 1074 to test automatic downgrading from HTTP 1.1 + to HTTP 1.0 upon receiving a response from the HTTP server. Tests 1072 + and 1073 are similar to test 1069 in that they involve the impossible + scenario of sending chunked data to a HTTP 1.0 server. All these fail + and are added to DISABLED. + +- Added test 1075 to test --anyauth with Basic authentication. + +Daniel Stenberg (29 Aug 2008) +- When libcurl was doing a HTTP POST and the server would respond with + "Connection: close" and actually close the connection after the + response-body, libcurl could still have outstanding data to send and it + would not properly notice this and stop sending. This caused weirdness and + sad faces. http://curl.haxx.se/bug/view.cgi?id=2080222 + + Note that there are still reasons to consider libcurl's behavior when + getting a >= 400 response code while sending data, as Craig Perras' note + "http upload: how to stop on error" specifies: + http://curl.haxx.se/mail/archive-2008-08/0138.html + +Daniel Stenberg (28 Aug 2008) +- Dengminwen reported that libcurl would lock a (cookie) share twice (without + an unlock in between) for a certain case and that in fact works when using + regular windows mutexes but not with pthreads'! Locks should of course not + get locked again so this is now fixed. + http://curl.haxx.se/mail/lib-2008-08/0422.html + +- I'm abandoning the system with the web site mirrors (but keeping download + files bing mirrored) and thus I've changed the URL in the cookiejar header + to no longer use curlm.haxx.se but instead use the main site curl.haxx.se + +Daniel Fandrich (27 Aug 2008) +- Fixed test case 1065 by changing the handling of CURLOPT_UPLOAD to set + the HTTP method to GET (or HEAD) when given a value of 0. + +- Added test cases 1068 and 1069 to test a simple HTTP PUT from stdin. Test + case 1069 fails in a similar manner to test 1065 so is added to DISABLED. + +Yang Tse (27 Aug 2008) +- Fix generation of MS VC6 .dsp file to make it support compilation of either + dynamic (DLL) or static (LIB) libcurl libraries in debug and release modes. + +Daniel Fandrich (26 Aug 2008) +- Fixed out of memory problems that caused torture test failures in tests + 1021 and 1067. + +Yang Tse (26 Aug 2008) +- Added check and symbol definition for WIN32 file API usage in configure, + supporting configure's --disable-largefile option for WIN32 targets also. + +- Non-configure systems which do not use config-win32.h configuration file, + and want to use the WIN32 file API, must define USE_WIN32_LARGE_FILES or + USE_WIN32_SMALL_FILES as appropriate in their own configuration files. + +Daniel Stenberg (23 Aug 2008) +- Running 'make ca-firefox' in the root build dir will now run the new + firefox-db2pem.sh conversion script that converts a local Firefox db of ca + certs into PEM format, suitable for use with a OpenSSL or GnuTLS built + libcurl. + +- Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi + interface, and the proxy would send Connection: close during the + authentication phase. http://curl.haxx.se/bug/view.cgi?id=2069047 + +Daniel Fandrich (22 Aug 2008) +- Fixed a problem when --dump-header - was given with more than one URL, + which caused an error when the second header was dumped due to stdout + being closed. Added test case 1066 to verify. Also fixed a potential + problem where a closed file descriptor might be used for an upload + when more than one URL is given. + +Yang Tse (22 Aug 2008) +- Improved libcurl's internal curl_m*printf() functions integral data type + size and signedness handling. + +- Internal adjustments to better select/differentiate when large/small file + support is provided using WIN32 functions directly. + +Daniel Fandrich (20 Aug 2008) +- Added an edited version of Vincent Le Normand's documentation of SFTP quote + commands to the man pages. + +Daniel Stenberg (20 Aug 2008) +- Phil Pellouchoud pointed out that the windows version of libcurl had a + memory leak because it never called the OpenSSL function + CRYPTO_cleanup_all_ex_data() as it was supposed to. This was because of a + missing define in config-win32.h! + +Gisle Vanem (18 Aug 2008) +- Updated lib/Makefile.Watcom with the option to use c-ares (USE_ARES=1). + +Yang Tse (18 Aug 2008) +- Added test case 557 to verify libcurl's internal curl_m*printf() functions + formatting functionality when handling signed and unsigned longs, as well as + our curl_off_t data type. + +Yang Tse (17 Aug 2008) +- OpenSSl enabled NetWare builds are changed to use the 'openssl' subdirectory + when including the OpenSSL header files. This is the recommended setting, this + prevents the undesired inclusion of header files with the same name as those + of OpenSSL but which do not belong to the OpenSSL package. The visible change + from previously released libcurl versions is that now OpenSSl enabled NetWare + builds also define USE_OPENSSL in config files, and that OpenSSL header files + must be located in a subdirectory named 'openssl'. + +Yang Tse (16 Aug 2008) +- Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU + remain in use as internal curl_off_t print formatting strings for the internal + *printf functions which still cannot handle print formatting string directives + such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and + other DOS/Windows compilers. + +Daniel Fandrich (15 Aug 2008) +- Added test case 1063 to test invalid long file ranges with file: URLs and + 1064 to test multiple http PUTs. + +- Added test case 1065 to test a PUT with a single file but two URLs. This + was discovered to be problematic while investigating an incident reported by + Von back in May. curl in this case doesn't include a Content-Length: or + Transfer-Encoding: chunked header which is illegal. This test case is + added to DISABLED until a solution is found. + +Yang Tse (15 Aug 2008) +- C preprocessor macros used internally and equally available externally which + aid in the use of the curl_off_t data type are named: CURL_FORMAT_CURL_OFF_T, + CURL_FORMAT_CURL_OFF_TU, CURL_SIZEOF_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_T, + CURL_SUFFIX_CURL_OFF_TU, CURL_OFF_T_C and CURL_OFF_TU_C. + +Yang Tse (13 Aug 2008) +- The size of long is a build time characteristic and as such it is now recorded + in curlbuild.h as CURL_SIZEOF_LONG. Definition now done from configure process + and in CVS curlbuild.h.dist for non-configure systems. + +Daniel Fandrich (12 Aug 2008) +- Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur + when a server responded with long headers and data. Luckily, the buffer + overflowed into another unused buffer, so no actual harm was done. + Added test cases 1060 and 1061 to verify. + +Daniel Stenberg (12 Aug 2008) +- Andy Tsouladze fixed runtests.pl to not attempt to execute the stunnel + _directory_ if that happened to appear in the path! + +Yang Tse (12 Aug 2008) +- Added macros for minimum-width signed and unsigned curl_off_t integer + constants CURL_OFF_T_C and CURL_OFF_TU_C. The clever double helper macro + used internally to provide its functionality is thanks to Lars Nilsson. + +Daniel Fandrich (11 Aug 2008) +- Fixed a boundary condition error in ftp_readresp() whereby a non-terminal + line of a multiline FTP response whose last byte landed exactly at the end + of the BUFSIZE-length buffer would be treated as the terminal response + line. The following response code read in would then actually be the + end of the previous response line, and all responses from then on would + correspond to the wrong command. Test case 1062 verifies this. + +- Stop closing a never-opened ftp socket. + +Daniel Stenberg (11 Aug 2008) +- Constantine Sapuntzakis filed bug report #2042430 + (http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows + SSPI code is not thread safe". This was due to libcurl using static + variables to tell wether to load the necessary SSPI DLL, but now the loading + has been moved to the more suitable curl_global_init() call. + +- Constantine Sapuntzakis filed bug report #2042440 + (http://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a + problem when using NTLM over a proxy but the end-point does Basic, and then + libcurl would do wrong when the host sent "Connection: close" as the proxy's + NTLM state was erroneously cleared. + +Yang Tse (11 Aug 2008) +- Added missing signed and unsigned curl_off_t integer constant suffixes for + internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU. + +Daniel Fandrich (7 Aug 2008) +- Fixed an uninitialized variable in multi_runsingle() that could cause a + request to prematurely end. + +- Added test1059 to test the FTP proxy tunnel problem fixed July 11. + +Yang Tse (7 Aug 2008) +- Added curlbuild.h and curlrules.h header files to libcurl's public headers. + File curlbuild.h is a generated file on configure-capable systems. This is + a first step towards configure-based info in public headers. Currently only + used to provide support for a curl_off_t data type which is not gated to + off_t. Further details are documented inside these mentioned header files. + +- Fix CURL_CHECK_DEF so that when the expansion of the preprocessor symbol + results in a set of double-quoted strings, this macro will now return an + expansion which consists of a single double-quoted string as the result of + concatenating all of them. + +- Skip data type check in DO_CURL_OFF_T_CHECK macro when argument is empty. + +- Adjusted testcurl.pl to copy checked out curlbuild.h.dist as curlbuild.h + for non-configure targets when the host system doesn't run buildconf.bat. + +- Prevent buildconf from removing 'Makefile' and 'missing' files. This would + blow away our CVS checked files 'missing' and 'hiper/Makefile'. + +- Remove adjustment done to testcurl.pl to verify if change introduced by + Guenter Knauf in lib/Makefile.netware is enough to get the netware autobuilds + going again. + +Yang Tse (5 Aug 2008) +- Changes done to buildconf script. Validate that autom4te and autoconf, as + well as aclocal and automake, versions match. Improve removal of previous + run generated files. Remove verbose debug logging of aclocal on Solaris. + +Daniel Stenberg (5 Aug 2008) +- Yehoshua Hershberg found a problem that would make libcurl re-use a + connection with the multi interface even if a previous use of it caused a + CURLE_PEER_FAILED_VERIFICATION to get returned. I now make sure that failed + SSL connections properly close the connections. + +Daniel Stenberg (4 Aug 2008) +- Test cases 1051, 1052 and 1055 were added by Daniel Fandrich on July 30 and + proved how PUT and POST with a redirect could lead to a "hang" due to the + data stream not being rewound properly when it had to in order to get sent + properly (again) to the subsequent URL. This is now fixed and these test + cases are no longer disabled. + +Yang Tse (4 Aug 2008) +- Autoconf 2.62 has changed the behaviour of the AC_AIX macro which we use. + Prior versions of autoconf defined _ALL_SOURCE if _AIX was defined. 2.62 + version of AC_AIX defines _ALL_SOURCE and other four preprocessor symbols + no matter if the system is AIX or not. To keep the traditional behaviour, + and an uniform one across autoconf versions AC_AIX is replaced with our + own internal macro CURL_CHECK_AIX_ALL_SOURCE. + +Daniel Stenberg (4 Aug 2008) +- Test case 1041 (added by Daniel Fandrich July 14th) proved a bug where PUT + with -C - sent garbage in the Content-Range: header. I fixed this problem by + making sure libcurl always sets the size of the _entire_ upload if an app + attemps to do resumed uploads since libcurl simply cannot know the size of + what is currently at the server end. Test 1041 is no longer disabled. + +Yang Tse (2 Aug 2008) +- No longer test availability of the gdi32 library, nor use it for linking, even + when we have been doing this since revision 1.47 of configure.ac 4 years and + 5 months ago when cross-compiling a Windows target. We actually don't use any + function from the Windows GDI (Graphics Device Interface) related with drawing + or graphics-related operations. + +Daniel Fandrich (1 Aug 2008) +- Added support for --append on SFTP uploads. Unfortunately, OpenSSH doesn't + support this so it goes untested. + +Yang Tse (1 Aug 2008) +- Configure process now checks if the preprocessor _REENTRANT symbol is already + defined. If it isn't currently defined a set of checks are performed to test + if its definition is required to make visible to the compiler a set of *_r + functions. Finally, if _REENTRANT is already defined or needed it takes care + of making adjustments necessary to ensure that it is defined equally for the + configure process tests and generated config file. + +- Removed definition of CURL_CHECK_WORKING_RESOLVER from acinclude.m4 it has + not been in use since revision 1.81 of configure.in 6 years, 9 months ago. + +Daniel Fandrich (31 Jul 2008) +- Fixed parsing of an IPv6 proxy address to support a scope identifier, + as well as IPv4 addresses in IPv6 format. Also, better handle the case + of a malformatted IPv6 address (avoid empty and NULL strings). + +- Fixed a problem with any FTP URL or any URLs containing an IPv6 address + being mangled when passed to proxies when CURLOPT_PORT is also set + (reported by Pramod Sharma). + +- User names embedded in proxy URLs without a password were parsed + incorrectly--the host name is treated as part of the user name and the + port number becomes the password. This can be observed in test 279 + (was KNOWN_ISSUE #54). + +Daniel Stenberg (30 Jul 2008) +- Phil Blundell added the CURLOPT_ADDRESS_SCOPE option, as well as adjusted + the URL parser to allow numerical IPv6-addresses to be specified with the + scope given, as per RFC4007 - with a percent letter that itself needs to be + URL escaped. For example, for an address of fe80::1234%1 the HTTP URL is: + "http://[fe80::1234%251]/" + +- PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a + true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or + less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that + would set it to something non-zero would return before the assign in almost + all error cases. The internal variable is now set to non-zero from the start + of the function only to get cleared later on if things work out fine. + +- Made the curl tool's -w option support the %{ssl_verify_result} variable + +Daniel Fandrich (30 Jul 2008) +- Added test cases 1052 through 1055 to test uploading data from files + during redirects. Test cases 1052 and 1055 show problems (maybe the same + root cause as 1051) and are disabled. + +- Fixed a couple of buffer overflows in the MS-DOS port of the curl tool. + +Daniel Fandrich (29 Jul 2008) +- Fixed --use-ascii to properly convert text files on Symbian OS, MS-DOS + and OS/2. + +- Added test case 1051 to test Location: following with PUT, as reported + by Ben Sutcliffe. The test when run manually shows a problem in curl + so it's disabled. + +Daniel Fandrich (28 Jul 2008) +- Fixed display of the interface bind address in the trace output when it's + an IPv6 address. + +- Added test cases 1045 through 1049 as simple tests of --interface using the + localhost interface. + +- Added test case 1050 to test --ftp-port with an IPv6 address + +Daniel Stenberg (26 Jul 2008) +- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer + overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two + problems, and providing the fix for them: + + - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is + designed for but paused _receiving_ of data! + + - libcurl didn't internally set the read counter to zero when this return + code was detected, which would potentially lead to junk getting sent to + the server. + +Daniel Fandrich (26 Jul 2008) +- Added test 1044 to test large file support in ftp with -I. + +- Eliminate a unnecessary socket creation in Curl_getaddrinfo for an IPv4 + address in an IPv6 capable libcurl. + +- Added feature in runtests.pl to select tests based on key word. + +Daniel Fandrich (23 Jul 2008) +- Changed the long logfile elision code in runtests.pl to properly handle + lines ending in \r. + +- Changed references to TRUE and FALSE in the curl_easy_setopt man page to + 1 and zero, respectively, since TRUE and FALSE aren't part of the + libcurl API. + +Daniel Stenberg (23 Jul 2008) +- I went over the curl_easy_setopt man page and replaced most references to + non-zero with the fixed value of 1. We should strive at making options + support '1' for enabling them mentioned explicitly, as that then will allow + us for to extend them in the future without breaking older programs. + + Possibly we should even introduce a fancy define to use instead of '1' all + over... + +Yang Tse (21 Jul 2008) +- Use the sreadfrom() wrapper to replace recvfrom() in our code. + +Yang Tse (20 Jul 2008) +- when recvfrom prototype uses a void pointer for arguments 2, 5 or 6 this will + now cause the definition, as appropriate, of RECVFROM_TYPE_ARG2_IS_VOID, + RECVFROM_TYPE_ARG5_IS_VOID or RECVFROM_TYPE_ARG6_IS_VOID. + +Yang Tse (17 Jul 2008) +- RECVFROM_TYPE_ARG2, RECVFROM_TYPE_ARG5 and RECVFROM_TYPE_ARG6 are now defined + to the data type pointed by its respective argument and not the pointer type. + +Yang Tse (16 Jul 2008) +- Configure process now checks availability of recvfrom() socket function and + finds out its return type and the types of its arguments. Added definitions + for non-configure systems config files, and introduced macro sreadfrom which + will be used on udp sockets as a recvfrom() wrapper. + +Yang Tse (15 Jul 2008) +- Added description/comment to include paths used in several Makefile.am files. + Added automake option nostdinc to test servers makefile and modified libcurl + external headers include path for libtest programs. + +Daniel Fandrich (14 Jul 2008) +- Added test1040 through test1043 to test -C - on HTTP. Test 1041 failed so + it's added to DISABLED. + +Yang Tse (14 Jul 2008) +- HTTP_ONLY definition check in lib/setup.h is now done once that configuration + file has been included. In this way if symbol is defined in the config file + it will no longer be ignored. Removed inclusion of remaining system header + files from configuration files. Moved _REENTRANT definition up/earlier in + lib/setup.h + +Yang Tse (11 Jul 2008) +- Added missing multiple header inclusion prevention definition for header + file content_encoding.h + +Daniel Fandrich (11 Jul 2008) +- Fixed test 553 to pass the torture test. + +Daniel Stenberg (11 Jul 2008) +- Daniel Fandrich found out we didn't pass on the user-agent properly when + doing "proxy-tunnels" with non-HTTP prototols and that was simply because + the code assumed the user-agent was only needed for HTTP. + +Daniel Fandrich (10 Jul 2008) +- Changed slightly the SFTP quote commands chmod, chown and chgrp to only + set the attribute that has changed instead of all possible ones. Hopefully, + this will solve the "Permission denied" problem that Nagarajan Sreenivasan + reported when setting some modes, but regardless, it saves a protocol + round trip in the chmod case. + +- Added test cases 1038 and 1039 to test Adrian Kreher's report that ftp + uploads with -C - didn't resume properly, but the tests pass. + +Yang Tse (10 Jul 2008) +- Peter Lamberg filed bug report #2015126: "poll gives WSAEINVAL when POLLPRI + is set in fdset.events" (http://curl.haxx.se/bug/view.cgi?id=2015126) which + exactly pinpointed the problem only triggered on Windows Vista, provided + reference to docs and also a fix. There is much work behind Peter Lamberg's + excellent bug report. Thank You! + +Daniel Fandrich (9 Jul 2008) +- Added tests 1036 and 1037 to verify resumed ftp downloads with -C - + +Daniel Stenberg (9 Jul 2008) +- Andreas Schuldei improved Phil Blundell's patch for IPv6 using c-ares, and I + edited it slightly. Now you should be able to use IPv6 addresses fine even + with libcurl built to use c-ares. + +Daniel Fandrich (9 Jul 2008) +- Fixed an OOM handling problem that cause test 11 to fail the torture test. + +Daniel Fandrich (8 Jul 2008) +- Fixed test 554 to pass the torture test. + +Daniel Fandrich (7 Jul 2008) +- Added test cases 1034 & 1035 to test IDN name conversion failures. + +Daniel Stenberg (7 Jul 2008) +- Scott Barrett provided a test case for a segfault in the FTP code and the + fix for it. It occured when you did a FTP transfer using + CURLFTPMETHOD_SINGLECWD and then did another one on the same easy handle but + switched to CURLFTPMETHOD_NOCWD. Due to the "dir depth" variable not being + cleared properly. Scott's test case is now known as test 539 and it + verifies the fix. + +Daniel Stenberg (3 Jul 2008) +- Phil Blundell provided a fix for libcurl's treatment of unexpected 1xx + response codes. Previously libcurl would hang on such occurances. I added + test case 1033 to verify. + +- Introcuding a new timestamp for curl_easy_getinfo(): + CURLINFO_APPCONNECT_TIME. This is set with the "application layer" + handshake/connection is completed. Which typically is SSL, TLS or SSH and by + using this you can figure out the application layer's own connect time. You + can extract the time stamp using curl's -w option and the new variable named + 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar. + +Daniel Fandrich (2 Jul 2008) +- Support Open Watcom C on Linux (as well as Windows). + +Yang Tse (2 Jul 2008) +- The previously committed fix for bug report #1999181 prevented using the + monotonic clock on any system without an always supported POSIX compliant + implementation. Now the POSIX compliant configuration check is removed and + will fallback to gettimeofday when the monotonic clock is unavailable at + run-time. + +- The configure process will now halt when sed, grep, egrep or ar programs + can not be found among the directories in PATH variable. + +Daniel Stenberg (1 Jul 2008) +- Rolland Dudemaine provided fixes to get libcurl to build for the INTEGRITY + operating system. + +Daniel Stenberg (30 Jun 2008) +- Made the internal printf() support %llu properly to print unsigned long longs. + +- Stephen Collyer and Tor Arntsen helped identify a flaw in the range code + which output the range using a signed variable where it should rather use + unsigned. + +Yang Tse (29 Jun 2008) +- John Lightsey filed bug report #1999181: "CLOCK_MONOTONIC always fails on + some systems" (http://curl.haxx.se/bug/view.cgi?id=1999181). The problem was + that the configure script did not use the _POSIX_MONOTONIC_CLOCK feature test + macro when checking monotonic clock availability. This is now fixed and the + monotonic clock will not be used unless the feature test macro is defined + with a value greater than zero indicating always supported. + +Daniel Fandrich (25 Jun 2008) +- Honour --stderr with the -v option. + +- Fixed a file handle leak in the command line client if more than one + --stderr option was given. + +Daniel Stenberg (22 Jun 2008) +- Eduard Bloch filed the debian bug report #487567 + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487567) pointing out that + libcurl used Content-Range: instead of Range when doing a range request with + --head (CURLOPT_NOBODY). This is now fixed and test case 1032 was added to + verify. + +Daniel Fandrich (21 Jun 2008) +- Stopped using ranges in scanf character sequences (e.g. %[a-z]) since that + is not ANSI C, just a common extension. This caused problems on + at least Open Watcom C. + +Yang Tse (20 Jun 2008) +- Modified configuration script to actually verify if the compiler is good + enough at detecting compilation errors or at least it has been properly + configured to do so. Configuration heavily depends on this capability, so + if this compiler sanity check fails the configuration process will now fail. + +Daniel Stenberg (20 Jun 2008) +- Phil Pellouchoud found a case where libcurl built with NSS failed to + handshake with a SSLv2 server, and it turned out to be because it didn't + recognize the cipher named "rc4-md5". In our list that cipher was named + plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported + that it made things work for him again. + +- Hans-Jurgen May pointed out that trying SCP or SFTP over a SOCKS proxy + crashed libcurl. This is now addressed by making sure we use "plain send" + internally when doing the socks handshake instead of the Curl_write() + function which is designed to use the "target" protocol. That's then SCP or + SFTP in this case. I also took the opportunity and cleaned up some ssh- + related #ifdefs in the code for readability. + +Daniel Stenberg (19 Jun 2008) +- Christopher Palow fixed a curl_multi_socket() issue which previously caused + libcurl to not tell the app properly when a socket was closed (when the name + resolve done by c-ares is completed) and then immediately re-created and put + to use again (for the actual connection). Since the closure will make the + "watch status" get lost in several event-based systems libcurl will need to + tell the app about this close/re-create case. + +- Dengminwen found a bug in the connection re-use function when using the + multi interface with pipelining enabled as it would wrongly check for, + detect and close "dead connections" even though that connection was already + in use! + +Daniel Fandrich (18 Jun 2008) +- Added SSH failure test cases 628-632 + +- Fixed a memory leak in the command-line tool that caused a valgrind error. + +Daniel Stenberg (18 Jun 2008) +- Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer + always fire up a new connection rather than using the existing one when the + multi interface is used. Original bug report: + https://bugzilla.redhat.com/show_bug.cgi?id=450140 + +Yang Tse (18 Jun 2008) +- Internal configure script improvement. No longer break out of shell "for" + statements from inside AC_FOO_IFELSE macros, otherwise temporary macro files + are not properly removed. + +Daniel Fandrich (12 Jun 2008) +- Fixed curl-config --ca which wasn't being exported by configure. + +Daniel Stenberg (11 Jun 2008) +- I did a cleanup of the internal generic SSL layer and how the various SSL + libraries are supported. Starting now, each underlying SSL library support + code does a set of defines for the 16 functions the generic layer (sslgen.c) + uses (all these new function defines use the prefix "curlssl_"). This + greatly simplified the generic layer in readability by involving much less + #ifdefs and other preprocessor stuff and should make it easier for people to + make libcurl work with new SSL libraries. + + Hopefully I can later on document these 16 functions somewhat as well. + + I also made most of the internal SSL-dependent functions (using Curl_ssl_ + prefix) #defined to nothing when no SSL support is requested - previously + they would unnecessarily call mostly empty functions. + + I've built libcurl with OpenSSL and GnuTLS and without SSL to test this and + I've also tried building with NSS but the NSS support is a mystery to me and + I failed to build libcurl with the NSS libraries I have installed. We really + should A) improve our configure script to detect unsuitable NSS versions + already at configure time and B) document our requirements better for the + SSL libraries. + +Daniel Stenberg (10 Jun 2008) +- I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE + functionality killed it due to its unconditional use of + X509_STORE_set_flags... + +Daniel Stenberg (8 Jun 2008) +- Due to the three new libcurl changes and the massive command line option + change I decided we'll mark it by bumping the next release number to 7.19.0! + +- curl the tool now deals with its command line options somewhat differently! + All boolean options (such as -O, -I, -v etc), both short and long versions, + now always switch on/enable the option named. Using the same option multiple + times thus make no difference. To switch off one of those options, you need + to use the long version of the option and type --no-OPTION. Like to disable + verbose mode you use --no-verbose! + +- Added --remote-name-all to curl, which if used changes the default for all + given URLs to be dealt with as if -O is used. So if you want to disable that + for a specific URL after --remote-name-all has been used, you muse use -o - + or --no-remote-name. + +Daniel Stenberg (6 Jun 2008) +- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for + OpenSSL, NSS and GnuTLS-built libcurls. + +- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for + OpenSSL, NSS and GnuTLS-built libcurls. + +- Added CURLINFO_PRIMARY_IP as a new information retrievable with + curl_easy_getinfo. It returns a pointer to a string with the most recently + used IP address. Modified test case 500 to also verify this feature. The + implementing of this feature was sponsored by Lenny Rachitsky at NeuStar. + +Version 7.18.2 (4 June 2008) + +Daniel Fandrich (3 Jun 2008) +- Fixed a problem where telnet data would be lost if an EWOULDBLOCK + condition were encountered. + +Marty Kuhrt (1 Jun 2008) +- Updated main.c to return CURLE_OK if PARAM_HELP_REQUESTED was returned + from getparameter instead of CURLE_FAILED_INIT. No point in returning + an error if --help or --version were requested. + +Daniel Stenberg (28 May 2008) +- Emil Romanus found a problem and helped me repeat it. It occured when using + the curl_multi_socket() API with HTTP pipelining enabled and could lead to + the pipeline basically stalling for a very long period of time until it took + off again. + +- Jeff Weber reported memory leaks with aborted SCP and SFTP transfers and + provided excellent repeat recipes. I fixed the cases I managed to reproduce + but Jeff still got some (SCP) problems even after these fixes: + http://curl.haxx.se/mail/lib-2008-05/0342.html + +Daniel Stenberg (26 May 2008) +- Bug report #1973352 (http://curl.haxx.se/bug/view.cgi?id=1973352) identified + how the HTTP redirect following code didn't properly follow to a new URL if + the new url was but a query string such as "Location: ?moo=foo". Test case + 1031 was added to verify this fix. + +- Andreas Faerber and Scott McCreary made (lib)curl build for the Haiku OS. + +Yang Tse (26 May 2008) +- David Rosenstrauch reported that header files spnegohelp.h and + openssl/objects.h were needed to compile SPNEGO support. + +Daniel Fandrich (22 May 2008) +- Made sure to pass longs in to curl_easy_setopt where necessary in the + example programs and libtest code. + +Daniel Stenberg (19 May 2008) +- When trying to repeat a multi interface problem I fell over a few multi + interface problems: + + o with pipelining disabled, the state should never be set to WAITDO but + rather go straight to DO + + o we had multiple states for which the internal function returned no socket + at all to wait for, with the effect that libcurl calls the socket callback + (when curl_multi_socket() is used) with REMOVE prematurely (as it would be + added again within very shortly) + + o when in DO and DOING states, the HTTP and HTTPS protocol handler functions + didn't return that the socket should be waited for writing, but instead it + was treated as if no socket was needing monitoring so again REMOVE was + called prematurely. + +Daniel Stenberg (13 May 2008) +- Added test case 556 that uses curl_easy_send() and curl_easy_recv() + +Daniel Stenberg (9 May 2008) +- Introducing curl_easy_send() and curl_easy_recv(). They can be used to send + and receive data over a connection previously setup with curl_easy_perform() + and its CURLOPT_CONNECT_ONLY option. The sendrecv.c example was added to + show how they can be used. + +Yang Tse (9 May 2008) +- Internal time differences now use monotonic time source if available. + This also implies the removal of the winmm.lib dependency for WIN32. + +Daniel Stenberg (9 May 2008) +- Stefan Krause reported a busy-looping case when using the multi interface + and doing CONNECT to a proxy. The app would then busy-loop until the proxy + completed its response. + +Michal Marek (9 May 2008) +- Make Curl_write and it's callees accept a const pointer, in preparation + of tetetest's patch for curl_easy_send() + +Daniel Stenberg (7 May 2008) +- Liam Healy filed the debian bug report #480044 + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480044) identifying a + segfault when using krb5 ftp, but the krb4 code had the same problem. + +Yang Tse (7 May 2008) +- Christopher Palow provided the patch (edited by me) that introduces the + use of microsecond resolution keys for internal splay trees. + +Daniel Stenberg (4 May 2008) +- Yuriy Sosov pointed out a configure fix for detecting c-ares when that is + built debug-enabled. + +Daniel Stenberg (3 May 2008) +- Ben Van Hof filed bug report #1945240: "libcurl sometimes sends body twice + when using CURL_AUTH_ANY" (http://curl.haxx.se/bug/view.cgi?id=1945240). + The problem was that when libcurl rewound a stream meant for upload when it + would prepare for a second request, it could accidentally continue the + sending of the rewound data on the first request instead of on the second. + Ben also provided test case 1030 that verifies this fix. + +Daniel Stenberg (3 May 2008) +- Jean-Francois Bertrand reported a libcurl crash with CURLOPT_TCP_NODELAY + since libcurl used getprotobyname() and that isn't thread-safe. We now + switched to use IPPROTO_TCP unconditionally, but perhaps the proper fix is + to detect the thread-safe version of the function and use that. + http://curl.haxx.se/mail/lib-2008-05/0011.html + +Daniel Stenberg (1 May 2008) +- Bart Whiteley provided a patch that made libcurl work properly when an app + uses the CURLOPT_OPENSOCKETFUNCTION callback to create a unix domain socket + to a http server. + +Daniel Stenberg (29 Apr 2008) +- To make it easier for applications that want lots of magic stuff done on + redirections and thus cannot use CURLOPT_FOLLOWLOCATION easily, we now + introduce the new CURLINFO_REDIRECT_URL option that lets applications + extract the URL libcurl would've redirected to if it had been told to. This + then enables the application to continue to that URL as it thinks is + suitable, without having to re-implement the magic of creating the new URL + from the Location: header etc. Test 1029 verifies it. + +Yang Tse (29 Apr 2008) +- Improved easy interface resolving timeout handling in c-ares enabled builds + +Daniel Fandrich (28 Apr 2008) +- Added test 1028 to test an HTTP redirect to a FTP URL. + +Daniel Stenberg (28 Apr 2008) +- Norbert Frese filed bug report #1951588: "Problem with curlftpfs and + libcurl" (http://curl.haxx.se/bug/view.cgi?id=1951588) which seems to be an + identical report to what Denis Golovan reported in + http://curl.haxx.se/mail/lib-2008-02/0108.html The FTP code didn't reset the + user/password pointers properly even though there might've been a new + struct/cconnection getting used. + +Daniel Stenberg (26 Apr 2008) +- Reverted back to use automake 1.9.6 in the next release (from automake + 1.10.1) since it *still* suffers from Solaris-related bugs. Our previous + automake 1.10 problem was reported in bug #1701360 + (http://curl.haxx.se/bug/view.cgi?id=1701360) and this recent problem was + bug #1944825 (http://curl.haxx.se/bug/view.cgi?id=1944825). I have not + personally approached the automake team about either one of these but I + figure we need a Solaris 10 guy to do it! + +Yang Tse (25 Apr 2008) +- Added 'timeout' and 'delay' attributes support for the test harness + <command> subsection. + +Daniel Fandrich (24 Apr 2008) +- Made --stderr able to redirect all stderr messages. + +Yang Tse (23 Apr 2008) +- Improve synchronization between test harness runtests.pl script + and test harness servers to minimize risk of false test failures. + +Daniel Fandrich (22 Apr 2008) +- Added support for running on Symbian OS. + +Daniel Fandrich (18 Apr 2008) +- Added test cases 1026 and 1027 to do some rudimentary tests on the --manual + and --help options. + +Michal Marek (14 Apr 2008) +- allow disabling the typechecker by defining CURL_DISABLE_TYPECHECK, as + discussed in http://curl.haxx.se/mail/lib-2008-04/0291.html + +Daniel Stenberg (14 Apr 2008) +- Stefan Krause reported a case where the OpenSSL handshake phase wasn't + properly acknowledging the timeout values, like if you pulled the network + plug in the midst of it. + +- Andre Guibert de Bruet fixed a second case of not checking the malloc() + return code in the Negotiate code. + +- Sandor Feldi reported bug #1942022 + (http://curl.haxx.se/bug/view.cgi?id=1942022) pointing out a mistake in the + lib/Makefile.vc[68] makefiles' release-ssl-dll target. + +- Brock Noland reported that curl behaved differently depending on which order + you used -i and -I. + +Daniel Stenberg (12 Apr 2008) +- Andre Guibert de Bruet found and fixed a case where malloc() was called but + was not checked for a NULL return, in the Negotiate code. + +Daniel Fandrich (9 Apr 2008) +- Added test cases 1024 & 1025 to test a scenario similar to the one reported + by Ben Combee where libcurl would send the wrong cookie to a redirected + server. libcurl was doing the right thing in these test cases. + +Michal Marek (7 Apr 2008) +- Fix the MIT / Heimdal check for good: + Define HAVE_GSSMIT if <gssapi/{gssapi.h,gssapi_generic.h,gssapi_krb5.h}> are + available, otherwise define HAVE_GSSHEIMDAL if <gssapi.h> is available. + + Only define GSS_C_NT_HOSTBASED_SERVICE to gss_nt_service_name if + GSS_C_NT_HOSTBASED_SERVICE isn't declared by the gssapi headers. This should + avoid breakage in case we wrongly recognize Heimdal as MIT again. + +Daniel Stenberg (5 Apr 2008) +- Alexey Simak fixed curl_easy_reset() to reset the max redirect limit properly + +- Based on the Debian bug report #474224 that complained about the FTP error + message when libcurl doesn't get a 220 back immediately on connect, I now + changed it to be more specific on what the problem is. Also worth noticing: + while the bug report contains an example where the response is: + + 421 There are too many connected users, please try again later + + we cannot assume that the error message will always be this readable nor + that it fits within a particular boundary etc. + +Daniel Fandrich (3 Apr 2008) +- Added test627 to test SFTP with CURLOPT_NOBODY + +Daniel Stenberg (3 Apr 2008) +- Setting CURLOPT_NOBODY to FALSE will now switch the HTTP request method to + GET simply because previously when you set CURLOPT_NOBODY to TRUE first and + then FALSE you'd end up in a broken state where a HTTP request would do a + HEAD by still act a lot like for a GET and hang waiting for the content etc. + +- Scott Barrett added support for CURLOPT_NOBODY over SFTP + +Daniel Fandrich (3 Apr 2008) +- Made sure that curl_global_init is called in all the multithreaded + example programs. + +Michal Marek (31 Mar 2008) +- Removed the generated ca-bundle.h file. The verbatim value of $ca and + $capath is known to configure, so it can be defined in config.h instead. + +Daniel Stenberg (31 Mar 2008) +- Added CURLFORM_STREAM as a supported option to curl_formadd() to allow an + application to provide data for a multipart with the read callback. Note + that the size needs to be provided with CURLFORM_CONTENTSLENGTH when the + stream option is used. This feature is verified by the new test case + 554. This feature was sponsored by Xponaut. + +Daniel Fandrich (30 Mar 2008) +- Changed the makefile so the doc/examples/ programs are never built in a + normal build/install (only with the 'make check' target), so that a + build failure in the examples isn't fatal. + +Version 7.18.1 (30 March 2008) + +Daniel Stenberg (28 Mar 2008) +- Stephen Collyer pointed out that configure --with-libssh2 without a given + path didn't work properly. + +Daniel Stenberg (27 Mar 2008) +- As found out and reported by Dan Petitt, libcurl didn't show progress/call + the progress callback for the first (potentially huge) piece of body data + sent together with the POST request headers in the initial send(). + +Daniel Stenberg (25 Mar 2008) +- Made setting the CURLOPT_SSL_CTX_FUNCTION option return a failure in case + libcurl wasn't built to use OpenSSL as that is a prerequisite for this + option to function! + +Daniel Stenberg (22 Mar 2008) +- Fixed the problem with doing a zero byte SCP transfer, verified with test + case 617 (which was added by Daniel Fandrich 5 Mar 2008). + +Daniel Fandrich (20 Mar 2008) +- Fixed a problem where curl-config --protocols could erroneously show LDAPS + support when curl didn't even have regular LDAP support. It looks like + this could happen when the --enable-ldaps configure switch is given but + configure couldn't find the LDAP headers or libraries. + +Michal Marek (20 Mar 2008) +- Added --with-ca-path=DIRECTORY configure option to use an openSSL CApath by + default instead of a ca bundle. The configure script will also look for a + ca path if no ca bundle is found and no option given. + +- Fixed detection of previously installed curl-ca-bundle.crt + +Daniel Fandrich (18 Mar 2008) +- Added test 626 to reproduce an infinite loop when given an invalid + SFTP quote command reported by Vincent Le Normand, and fixed it. + +Michal Marek (18 Mar 2008) +- Added curl_easy_getinfo typechecker. + +- Added macros for curl_share_setopt and curl_multi_setopt to check at least + the correct number of arguments. + +Daniel Fandrich (13 Mar 2008) +- Added tests 622-625 to test SFTP/SCP uploads. Test 625 was an attempt to + reproduce the --ftp-create-dirs problem reported by Brian Ulm, but that + seems to need a call curl_easy_reset() which this test case doesn't do. + +Daniel Stenberg (13 Mar 2008) +- Brian Ulm figured out that if you did an SFTP upload with + CURLOPT_FTP_CREATE_MISSING_DIRS to create a directory, and then re-used the + handle and uploaded another file to another directory that needed to be + created, the second upload would fail. Another case of a state variable that + wasn't properly reset between requests. + +- I rewrote the 100-continue code to use a single state variable instead of + the previous two ones. I think it made the logic somewhat clearer. + +Daniel Stenberg (11 Mar 2008) +- Dmitry Popov filed bug report #1911069 + (http://curl.haxx.se/bug/view.cgi?id=1911069) that identified a race + condition in the name resolver code when the DNS cache is shared between + multiple easy handles, each running in simultaneous threads that could cause + crashes. + +- Added a macro for curl_easy_setopt() that accepts three arguments and simply + does nothing with them, just to make sure libcurl users always use three + arguments to this function. Due to its use of ... for the third argument, it + is otherwise hard to detect abuse. + +Michal Marek (11 Mar 2008) +- Added a type checking macro for curl_easy_setopt(), needs gcc-4.3 and only + works in C mode atm (http://curl.haxx.se/mail/lib-2008-02/0267.html , + http://curl.haxx.se/mail/lib-2008-02/0292.html ) + +Daniel Fandrich (10 Mar 2008) +- Added tests 618-621 to test SFTP/SCP transfers of more than one file + (test 620 tests the just-fixed problem reported by Brian Ulm). + +Daniel Stenberg (9 Mar 2008) +- Brian Ulm reported a crash when doing a second SFTP transfer on a re-used + easy handle if curl_easy_reset() was used between them. I fixed it and Brian + verified that it cured his problem. + +- Brian Ulm reported that if you first tried to download a non-existing SFTP + file and then fetched an existing one and re-used the handle, libcurl would + still report the second one as non-existing as well! I fixed it and Brian + verified that it cured his problem. + +Michal Marek (6 Mar 2008) +- Fix the gssapi configure check to detect newer MIT Kerberos (patch by + Michael Calmer) + +Yang Tse (6 Mar 2008) +- Fix regression on Curl_socket_ready() and Curl_poll() so that these will + again fail on select/poll errors different than EINTR. + +Daniel Fandrich (5 Mar 2008) +- Fixed the test harness so it will write out zero-length data files. + +- Added tests 616 and 617 to see how SFTP and SCP cope with zero-length + files, as questioned by Mike Protts. SFTP does for me but SCP doesn't + so test 617 is disabled for now. + +Daniel S (4 Mar 2008) +- Mike Protts brought a patch that makes resumed transfers work with SFTP. + +Daniel S (1 Mar 2008) +- Anatoli Tubman found and fixed a crash with Negotiate authentication used on + a re-used connection where both requests used Negotiate. + +Guenter Knauf (26 Feb 2008) +- Kaspar Brand provided a patch to support server name indication (RFC 4366). + +Daniel S (25 Feb 2008) +- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that + forces it to prefer SSLv3. + +Daniel S (23 Feb 2008) +- Sam Listopad provided a patch in feature-request #1900014 + http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to + use OpenSSL) support a full chain of certificates in a given PKCS12 + certificate. + +Daniel S (22 Feb 2008) +- Georg Lippitsch made the src/Makefile.vc6 makefile use the same memory model + options as the lib/Makefile.vc6 already did. + +Daniel S (21 Feb 2008) +- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which + happened if you set the connection cache size to 1 and for example failed to + login to an FTP site. Bug report #1896698 + (http://curl.haxx.se/bug/view.cgi?id=1896698) + +Daniel S (20 Feb 2008) +- Fixed test case 405 to not fail when libcurl is built with GnuTLS + +- Based on initial work done by Gautam Kachroo to address a bug, we now keep + better control at the exact state of the connection's SSL status so that we + know exactly when it has completed the SSL negotiation or not so that there + won't be accidental re-uses of connections that are wrongly believed to be + in SSL-completed-negotiate state. + +- We no longer support setting the CURLOPT_URL option from inside a callback + such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location: + following. The patch that introduced this feature was done for 7.11.0, but + this code and functionality has been broken since about 7.15.4 (March 2006) + with the introduction of non-blocking OpenSSL "connects". + + It was a hack to begin with and since it doesn't work and hasn't worked + correctly for a long time and nobody has even noticed, I consider it a very + suitable subject for plain removal. And so it was done. + +Guenter Knauf (19 Feb 2008) +- We do no longer support SSLv2 by default since it has known flaws. + Kaspar Brand provided a patch for all supported SSL toolkits. + +Daniel Fandrich (19 Feb 2008) +- Added test309 to test HTTP redirect to HTTPS URL + +Daniel S (18 Feb 2008) +- We're no longer providing a very old ca-bundle in the curl tarball. You can + get a fresh one downloaded and created with 'make ca-bundle' or you can get + one from here => http://curl.haxx.se/docs/caextract.html if you want a fresh + new one extracted from Mozilla's recent list of ca certs. + + The configure option --with-ca-bundle now lets you specify what file to use + as default ca bundle for your build. If not specified, the configure script + will check a few known standard places for a global ca cert to use. + +Daniel S (17 Feb 2008) +- Jerome Muffat-Meridol helped me fix Curl_done() to close the current + connection by force when it was called before the entire request is + completed, simply because we can't know if the connection really can be + re-used safely at that point. + +- Based on the same debugging logic, I've also made Curl_http_done() not + return CURLE_GOT_NOTHING if called "prematurely". This should have no real + effect to anything but the code makes more sense like this. + +Daniel S (15 Feb 2008) +- Made the gnutls code path not even try to get the server cert if no peer + verification is requested. Previously it would even return failure if gnutls + failed to get the server cert even though no verification was asked for. + Public server showing the problem: https://www.net222.caisse-epargne.fr + +- Fix my Curl_timeleft() leftover mistake in the gnutls code + +- Pooyan McSporran found and fixed a flaw where you first would do a normal + http request and then you'd reuse the handle and replace the Accept: header, + as then libcurl would send two Accept: headers! + +Daniel S (11 Feb 2008) +- Yang Tse pointed out a few remaining quirks from my timeout refactoring from + Feb 7 that didn't abort properly on timeouts. These are actually old + problems but now they should be fixed. + +Yang Tse (10 Feb 2008) +- Bug report #1888932 (http://curl.haxx.se/bug/view.cgi?id=1888932) points out + and provides test program that demonstrates that libcurl might not set error + description message for error CURLE_COULDNT_RESOLVE_HOST for Windows threaded + name resolver builds. Fixed now. + +Daniel Fandrich (8 Feb 2008) +- Added key words to all SSL-using tests so they can be skipped if necessary. + Removed a few unnecessary requires SSL statements. + +Daniel S (8 Feb 2008) +- Mike Hommey filed and fixed bug report #1889856 + (http://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl + layer, cleaning-up and reinitializing curl ends up with https requests + failing with "ASN1 parser: Element was not found" errors. Obviously a + regression added in 7.16.3. + +Yang Tse (8 Feb 2008) +- Improved test harness SCP/SFTP start up server verification, doing a real + connection to the sftp server, authenticating and running a simple sftp + pwd command using the test harness generated configuration and key files. + +Daniel S (8 Feb 2008) +- Günter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and + creates a suitable ca-bundle.crt file in PEM format for use with curl. The + recommended way to run it is to use 'make ca-bundle' in the build tree root. + +Daniel Fandrich (7 Feb 2008) +- Added tests 1022 and 1023 to validate output of curl-config --version and + --vernum + +Daniel S (7 Feb 2008) +- Refactored a lot of timeout code into a few functions in an attempt to make + them all use the same (hopefully correct) logic to make it less error-prone + and easier to introduce library-wide where it should be used. + +Yang Tse (6 Feb 2008) +- Fix an issue in strdup replacement function when dealing with absolutely + huge strings. Only systems without a standard strdup would be affected. + +Daniel S (3 Feb 2008) +- Dmitry Kurochkin cleaned up the pipelining code and removed the need for and + use of the "is_in_pipeline" struct field. + +- I wrote up and added the threaded-ssl.c example source code that shows how + to do multi-threaded downloads of HTTPS files with a libcurl that is built + with OpenSSL. It uses pthreads for the threading. + +Daniel S (31 Jan 2008) +- Niklas Angebrand made the cookie support in libcurl properly deal with the + "HttpOnly" feature introduced by Microsoft and apparently also supported by + Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly + is now supported when received from servers in HTTP headers, when written to + cookie jars and when read from existing cookie jars. + + I modified test case 31 and 46 to also do some basic HttpOnly testing. + +- Dmitry Kurochkin moved several struct fields from the connectdata struct to + the SingleRequest one to make pipelining better. It is a bit tricky to keep + them in the right place, to keep things related to the actual request or to + the actual connection in the right place. + +Daniel S (29 Jan 2008) +- Dmitry Kurochkin fixed Curl_done() for pipelining, as it could previously + crash! + +- Michal Marek fixed minor mistake in test case 553 that prevented it from + working on other IP-addresses or port numbers. + +Version 7.18.0 (28 January 2008) + +Daniel S (27 Jan 2008) +- Dmitry Kurochkin: In "real world" testing I found more bugs in + pipelining. Broken connection is not restored and we get into infinite + loop. It happens because of wrong is_in_pipeline values. + +Daniel S (26 Jan 2008) +- Kevin Reed filed bug report #1879375 + (http://curl.haxx.se/bug/view.cgi?id=1879375) which describes how libcurl + got lost in this scenario: proxy tunnel (or HTTPS over proxy), ask to do any + proxy authentication and the proxy replies with an auth (like NTLM) and then + closes the connection after that initial informational response. + + libcurl would not properly re-initialize the connection to the proxy and + continue the auth negotiation like supposed. It does now however, as it will + now detect if one or more authentication methods were available and asked + for, and will thus retry the connection and continue from there. + +- I made the progress callback get called properly during proxy CONNECT. + +Daniel S (23 Jan 2008) +- Igor Franchuk pointed out that CURLOPT_COOKIELIST set to "ALL" leaked + memory, and so did "SESS". Fixed now. + +Yang Tse (22 Jan 2008) +- Check poll.h at configuration time, and use it when sys/poll.h unavailable + +Daniel S (22 Jan 2008) +- Dmitry Kurochkin removed the cancelled state for pipelining, as we agreed + that it is bad anyway. Starting now, removing a handle that is in used in a + pipeline will break the pipeline - it'll be set back up again but still... + +Yang Tse (21 Jan 2008) +- Disable ldap support for cygwin builds, since it breaks whole build process. + Fixing it will affect other platforms, so it is postponed for another release. + +Daniel S (18 Jan 2008) +- Lau Hang Kin found and fixed a problem with the multi interface when doing + CONNECT over a proxy. curl_multi_fdset() didn't report back the socket + properly during that state, due to a missing case in the switch in the + multi_getsock() function. + +Yang Tse (17 Jan 2008) +- Don't abort tests 518 and 537 when unable to raise the open-file soft limit. + +Daniel S (16 Jan 2008) +- Nathan Coulter's patch that makes runtests.pl respect the PATH when figuring + out what valgrind to run. + +Yang Tse (16 Jan 2008) +- Improved handling of out of memory in the command line tool that afected + data url encoded HTTP POSTs when reading it from a file. + +Daniel S (16 Jan 2008) +- Dmitry Kurochkin worked a lot on improving the HTTP Pipelining support that + previously had a number of flaws, perhaps most notably when an application + fired up N transfers at once as then they wouldn't pipeline at all that + nicely as anyone would think... Test case 530 was also updated to take the + improved functionality into account. + +- Calls to Curl_failf() are not supposed to provide a trailing newline as the + function itself adds that. Fixed on 50 or something strings! + +Daniel S (15 Jan 2008) +- I made the torture test on test 530 go through. This was actually due to + silly code left from when we switched to let the multi handle "hold" the dns + cache when using the multi interface... Of course this only triggered when a + certain function call returned error at the correct moment. + +Daniel S (14 Jan 2008) +- Joe Malicki filed bug report #1871269 + (http://curl.haxx.se/bug/view.cgi?id=1871269) and we could fix his hang- + problem that occurred when doing a large HTTP POST request with the + response-body read from a callback. + +Daniel S (12 Jan 2008) +- I re-arranged the curl --help output. All the options are now sorted on + their long option names and all descriptions are one-liners. + +- Eric Landes provided the patch (edited by me) that introduces the + --keepalive-time to curl to set the keepalive probe interval. I also took + the opportunity to rename the recently added no-keep-alive option to + no-keepalive to keep a consistent naming and to avoid getting two dashes in + these option names. Eric also provided an update to the man page for the new + option. + +Daniel S (11 Jan 2008) +- Daniel Egger made CURLOPT_RANGE work on file:// URLs the very same way it + already worked for FTP:// URLs. + +- I made the curl tool switch from using CURLOPT_IOCTLFUNCTION to now use the + spanking new CURLOPT_SEEKFUNCTION simply to take advantage of the improved + performance for the upload resume cases where you want to upload the last + few bytes of a very large file. To implement this decently, I had to switch + the client code for uploading from fopen()/fread() to plain open()/read() so + that we can use lseek() to do >32bit seeks (as fseek() doesn't allow that) + on systems that offer support for that. + +Daniel S (10 Jan 2008) +- Michal Marek made curl-config --libs not include /usr/lib64 in the output + (it already before skipped /usr/lib). /usr/lib64 is the default library + directory on many 64bit systems and it's unlikely that anyone would use the + path privately on systems where it's not. + +- Georg Lippitsch brought CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA to allow + libcurl to seek in a given input stream. This is particularly important when + doing upload resumes when there's already a huge part of the file present + remotely. Before, and still if this callback isn't used, libcurl will read + and through away the entire file up to the point to where the resuming + begins (which of course can be a slow opereration depending on file size, + I/O bandwidth and more). This new function will also be preferred to get + used instead of the CURLOPT_IOCTLFUNCTION for seeking back in a stream when + doing multi-stage HTTP auth with POST/PUT. + +- Nikitinskit Dmitriy filed bug report #1868255 + (http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies + and fixes a problem with parsing WWW-Authenticate: headers with additional + spaces in the line that the parser wasn't written to deal with. + +Daniel S (8 Jan 2008) +- Introducing curl_easy_pause() and new magic return codes for both the read + and the write callbacks that now can make a connection's reading and/or + writing get paused. + +Daniel S (6 Jan 2008) +- Jeff Johnson filed bug report #1863171 + (http://curl.haxx.se/bug/view.cgi?id=1863171) where he pointed out that + libcurl's date parser didn't accept a +1300 time zone which actually is used + fairly often (like New Zealand's Dailight Savings Time), so I modified the + parser to now accept up to and including -1400 to +1400. + +Daniel S (5 Jan 2008) +- Based on further discussion on curl-library, I reverted yesterday's SOCKS5 + code to instead introduce support for a new proxy type called + CURLPROXY_SOCKS5_HOSTNAME that is used to send the host name to the proxy + instead of IP address and there's thus no longer any need for a new + curl_easy_setopt() option. + + The default SOCKS5 proxy is again back to sending the IP address to the + proxy. The new curl command line option for enabling sending host name to a + SOCKS5 proxy is now --socks5-hostname. + +Daniel S (4 Jan 2008) +- Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the + proxy do the host name resolving and only if --socks5ip (or + CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and + pass on the IP address only to the proxy. + +Yang Tse (3 Jan 2008) +- Modified test harness to allow SCP, SFTP and SOCKS4 tests to run with + OpenSSH 2.9.9, SunSSH 1.0 or later versions. SOCKS5 tests need OpenSSH + 3.7, SunSSH 1.0 or later. + +Daniel S (2 Jan 2008) +- I fixed two cases of missing return code checks when handling chunked + decoding where a write error (or abort return from a callback) didn't stop + libcurl's processing. + +- I removed the socklen_t use from the public curl/curl.h header and instead + made it an unsigned int. The type was only used in the curl_sockaddr struct + definition (only used by the curl_opensocket_callback). On all platforms I + could find information about, socklen_t is 32 unsigned bits large so I don't + think this will break the API or ABI. The main reason for this change is of + course for all the platforms that don't have a socklen_t definition in their + headers to build fine again. Providing our own configure magic and custom + definition of socklen_t on those systems proved to work but was a lot of + cruft, code and extra magic needed - when this very small change of type + seems harmless and still solves the missing socklen_t problem. + +- Richard Atterer brought a patch that added support for SOCKS4a proxies, + which is an inofficial PROXY4 variant that sends the hostname to the proxy + instead of the resolved address (which is already supported by SOCKS5). + --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can + now be set to CURLPROXY_SOCKS4A as well. + +Daniel S (1 Jan 2008) +- Mohun Biswas pointed out that --libcurl generated a source code with an int + function but without a return statement. While fixing that, I also took care + about adding some better comments for the generated code. + +Daniel S (27 Dec 2007) +- Dmitry Kurochkin mentioned a flaw + (http://curl.haxx.se/mail/lib-2007-12/0252.html) in detect_proxy() which + failed to set the bits.proxy variable properly when an environment variable + told libcurl to use a http proxy. + +Daniel S (26 Dec 2007) +- In an attempt to repeat the problem in bug report #1850730 + (http://curl.haxx.se/bug/view.cgi?id=1850730) I wrote up test case 552. The + test is doing a 70K POST with a read callback and an ioctl callback over a + proxy requiring Digest auth. The test case code is more or less identical to + the test recipe code provided by Spacen Jasset (who submitted the bug + report). + +Daniel S (25 Dec 2007) +- Gary Maxwell filed bug report #1856628 + (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the + (small) memory leak in the SSL session ID caching code. It happened when a + previous entry in the cache was re-used. + +Daniel Fandrich (19 Dec 2007) +- Ensure that nroff doesn't put anything but ASCII characters into the + --manual text. + +Yang Tse (18 Dec 2007) +- MSVC 9.0 (VS2008) does not support Windows build targets prior to WinXP, + and makes wrong asumptions of build target when it isn't specified. So, + if no build target has been defined we will target WinXP when building + curl/libcurl with MSVC 9.0 (VS2008). + +- (http://curl.haxx.se/mail/archive-2007-12/0039.html) reported and fixed + a file truncation problem on Windows build targets triggered when retrying + a download with curl. + +Daniel S (17 Dec 2007) +- Mateusz Loskot pointed out that MSVC 9.0 (VS2008) has the pollfd struct and + defines in winsock2.h somehow differently than previous versions and that + curl 7.17.1 would fail to compile out of the box. + +Daniel S (13 Dec 2007) +- David Wright filed bug report #1849764 + (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He + identified a problem for re-used connections that previously had sent + Expect: 100-continue and in some situations the subsequent POST (that didn't + use Expect:) still had the internal flag set for its use. David's fix (that + makes the setting of the flag in every single request unconditionally) is + fine and is now used! + +Daniel S (12 Dec 2007) +- Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and + added the --no-keep-alive option that can disable that on demand. + +Daniel S (9 Dec 2007) +- Andrew Moise filed bug report #1847501 + (http://curl.haxx.se/bug/view.cgi?id=1847501) and pointed out a memcpy() + that should be memmove() in the convert_lineends() function. + +Daniel S (8 Dec 2007) +- Renamed all internal static functions that had Curl_ prefixes to no longer + have them. The Curl_ prefix is exclusively used for library internal global + symbols. Static functions can be named anything, except for using Curl_ or + curl_ prefixes. This is for consistency and for easier maintainance and + overview. + +- Cleaned up and reformatted the TODO document to look like the FAQ and + CONTRIBUTE, which makes nicer web pages + +- Added test cases 549 and 550 that test CURLOPT_PROXY_TRANSFER_MODE. + +- Added keywords on a bunch of test cases + +- Fixed an OOM problem in the curl code that would lead to fclose on a bad + handle and crash + +Daniel S (5 Dec 2007) +- Spacen Jasset reported a problem with doing POST (with data read with a + callback) over a proxy when NTLM is used as auth with the proxy. The bug + also concerned Digest and was limited to using callback only. Spacen worked + with us to provide a useful patch. I added the test case 547 and 548 to + verify two variations of POST over proxy with NTLM. + +Daniel S (3 Dec 2007) +- Ray Pekowski filed bug report #1842029 + (http://curl.haxx.se/bug/view.cgi?id=1842029) in which he identified a + problem with SSL session caching that prevent it from working, and provided + the associated fix! + +- Now libcurl (built with OpenSSL) doesn't return error anymore if the remote + SSL-based server doesn't present a certificate when the request is told to + ignore certificate verification anyway. + +- Michal Marek introduced CURLOPT_PROXY_TRANSFER_MODE which is used to control + the appending of the "type=" thing on FTP URLs when they are passed to a + HTTP proxy. Some proxies just don't like that appending (which is done + unconditionally in 7.17.1), and some proxies treat binary/ascii transfers + better with the appending done! + +Daniel S (29 Nov 2007) +- A bug report on the curl-library list showed a HTTP Digest session going on + with a 700+ letter nonce. Previously libcurl only support 127 letter ones + and now I bumped it to 1023. + +- Fixed the resumed FTP upload loop to not require that the read callback + returns a full buffer on each invoke. + +Daniel S (25 Nov 2007) +- Added test case 1015 that tests --data-urlencode in multiple ways + +- Fixed --data-urlencode for when no @ or = are used + +- Extended the user-agent buffer curl uses, since we can hit the 128 byte + border with plenty development libraries used. Like my current set: "curl + 7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g + zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-CVS" + +Daniel S (24 Nov 2007) +- Internal rearrangements, so that the previous struct HandleData is no more. + It is now known as SingleRequest and the Curl_transfer_keeper struct within + that was remove entirely. This has the upside that there are less duplicate + struct members that made it hard to see and remember what struct that was + used to store what data. The transfer_keeper thing was once stored on a + per-connection basis and then it made sense to have the duplicate info but + since it was moved to the SessionHandle (in 7.16.0) it just added weirdness. + The SingleRequest struct is used by data that only is valid for this single + request. + +Yang Tse (22 Nov 2007) +- Provide a socklen_t definition in curl.h for Win32 API build targets + which don't have one. + +Daniel S (22 Nov 2007) +- Alessandro Vesely helped me improve the --data-urlencode's syntax, parser + and documentation. + +Daniel S (21 Nov 2007) +- While inspecting the Negotiate code, I noticed how the proxy auth was using + the same state struct as the host auth, so both could never be used at the + same time! I fixed it (without being able to check) to use two separate + structs to allow authentication using Negotiate on host and proxy + simultaneously. + +Daniel S (20 Nov 2007) +- Emil Romanus pointed out a bug that made an easy handle get the cookie + engine activated when set to use a share (even if the share doesn't share + cookies). I fixed it. + +- Fixed a very long-lasting mprintf() bug that occurred when we did "%.*s%s", + since the second %s would then wrongly used the numerical precision argument + instead and crash. + +- Introduced --data-urlencode to the curl tool for easier url encoding of the + data sent in a post. + +Daniel S (18 Nov 2007) +- Rob Crittenden fixed SSL connections with NSS done with the multi-interface + +Daniel S (17 Nov 2007) +- Michal Marek made the test suite remember what test servers that fail to + start so that subsequent tries are simply skipped. + +- Andres Garcia made the examples build fine on Windows (mingw + msys) when + the lib was built staticly. + +Daniel S (16 Nov 2007) +- Ates Goral identified a problem in http.c:add_buffer_send() when a debug + callback was used, as it could wrongly pass on a bad size for the outgoing + HTTP header. The bad size would be a very large value as it was a wrapped + size_t content. This happened when the whole HTTP request failed to get sent + in one single send. http://curl.haxx.se/mail/lib-2007-11/0165.html + +Daniel S (15 Nov 2007) +- Fixed yet another remaining problem with doing SFTP directory listings on a + re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing + list. + +- Michal Marek fixed the test suite to better deal with the case when the HTTP + IPv6 server can't run. + +Yang Tse (14 Nov 2007) +- Fix a variable potential wrapping in add_buffer() when using absolutely + huge send buffer sizes. + +Daniel S (13 Nov 2007) +- Fixed a remaining problem with doing SFTP directory listings on a re-used + persistent connection. Mentioned by Immanuel Gregoire on the mailing list. + +Daniel S (12 Nov 2007) +- Bug report #1830637 (http://curl.haxx.se/bug/view.cgi?id=1830637), which was + forwarded from the Gentoo bug tracker by Daniel Black and was originally + submitted by Robin Johnson, pointed out that libcurl would do bad memory + references when it failed and bailed out before the handler thing was + setup. My fix is not done like the provided patch does it, but instead I + make sure that there's never any chance for a NULL pointer in that struct + member. + +Yang Tse (10 Nov 2007) +- Vikram Saxena (http://curl.haxx.se/mail/lib-2007-11/0096.html) pointed out + that the pollfd struct was being multi defined when using VS2008. This is + now fixed in /curl/lib/select.h + +Daniel S (8 Nov 2007) +- Bug report #1823487 (http://curl.haxx.se/bug/view.cgi?id=1823487) pointed + out that SFTP requests didn't use persistent connections. Neither did SCP + ones. I gave the SSH code a good beating and now both SCP and SFTP should + use persistent connections fine. I also did a bunch of indent changes as + well as a bug fix for the "keyboard interactive" auth. + +Dan F (6 Nov 2007) +- Improved telnet support by drastically reducing the number of write + callbacks needed to pass a buffer to the user. Instead one per byte it + is now as little as one per segment. + +Yang Tse (6 Nov 2007) +- Bug report #1824894 (http://curl.haxx.se/bug/view.cgi?id=1824894) pointed + out a problem in curl.h when building C++ apps with MSVC. To fix it, the + inclusion of header files in curl.h is moved outside of the C++ extern "C" + linkage block. + +Daniel S (1 Nov 2007) +- Toby Peterson patched a memory problem in the command line tool that + happened when a user had a home dir as an empty string. curl would then do + free() on a wrong area. + +Dan F (1 Nov 2007) +- Fixed curl-config --features to not display libz when it wasn't used + due to a missing header file. + +Dan F (31 October 2007) +- Fixed the output of curl-config --protocols which showed SCP and SFTP + always, except when --without-libssh2 was given + +- Added test cases 1013 and 1014 to check that curl-config --protocols and + curl-config --features matches the output of curl --version + +Dan F (30 October 2007) +- Fixed an OOM problem with file: URLs + +- Moved Curl_file_connect into the protocol handler struct + +Dan F (29 October 2007) +- Added test case 546 to check that subsequent FTP transfers work after a + failed one using the multi interface + +Daniel S (29 October 2007) +- Based on one of those bug reports that are intercepted by a distro's bug + tracker (https://bugzilla.redhat.com/show_bug.cgi?id=316191), I now made + curl-config --features and --protocols show the correct output when built + with NSS. + +Version 7.17.1 (29 October 2007) + +Dan F (25 October 2007) +- Added the --static-libs option to curl-config + +Daniel S (25 October 2007) +- Made libcurl built with NSS possible to ignore the peer verification. + Previously it would fail if the ca bundle wasn't present, even if the code + ignored the verification results. + +Patrick M (25 October 2007) +- Fixed test server to allow null bytes in binary posts. +_ Added tests 35, 544 & 545 to check binary data posts, both static (in place) + and dynamic (copied). + +Daniel S (25 October 2007) +- Michal Marek fixed the test script to be able to use valgrind even when the + lib is built shared with libtool. + +- Fixed a few memory leaks when the same easy handle is re-used to request + URLs with different protocols. FTP and TFTP related leaks. Caught thanks to + Dan F's new test cases. + +Dan F (24 October 2007) +- Fixed the test FTP and TFTP servers to support the >10000 test number + notation + +- Added test cases 2000 through 2003 which test multiple protocols using the + same easy handle + +- Fixed the filecheck: make target to work outside the source tree + +Daniel S (24 October 2007) +- Vladimir Lazarenko pointed out that we should do some 'mt' magic when + building with VC8 to get the "manifest" embedded to make fine stand-alone + binaries. The maketgz and the src/Makefile.vc6 files were adjusted + accordingly. + +Daniel S (23 October 2007) +- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out + that libcurl tried to re-use connections a bit too much when using non-SSL + protocols tunneled over a HTTP proxy. + +Daniel S (22 October 2007) +- Michal Marek forwarded the bug report + https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to + FTP that caused memory havoc. His work together with my efforts created two + fixes: + + #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with + at connection cleanup, at which time the struct HandleData could be + used by another connection. + Also, the unused char *urlpath member is removed from struct FTP. + + #2 - provide a Curl_reset_reqproto() function that frees + data->reqdata.proto.* on connection setup if needed (that is if the + SessionHandle was used by a different connection). + + A long-term goal is of course to somehow get rid of how the reqdata struct + is used, as it is too error-prone. + +- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out + that specifying a proxy with a trailing slash didn't work (unless it also + contained a port number). + +Patrick M (15 October 2007) +- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again + and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode. + +Patrick M (12 October 2007) +- Added per-protocol callback static tables, replacing callback ptr storage + in the connectdata structure by a single handler table ptr. + +Dan F (11 October 2007) +- Fixed the -l option of runtests.pl + +- Added support for skipping tests based on key words. + +Daniel S (9 October 2007) +- Michal Marek removed the no longer existing return codes from the curl.1 + man page. + +Daniel S (7 October 2007) +- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with + a response that was larger than 16KB is now improved slightly so that now + the restriction at 16KB is for the headers only and it should be a rare + situation where the response-headers exceed 16KB. Thus, I consider #47 fixed + and the header limitation is now known as known bug #48. + +Daniel S (5 October 2007) +- Michael Wallner made the CULROPT_COOKIELIST option support a new magic + string: "FLUSH". Using that will cause libcurl to flush its cookies to the + CURLOPT_COOKIEJAR file. + +- The new file docs/libcurl/ABI describes how we view ABI breakages, soname + bumps and what the version number's significance to all that is. + +Daniel S (4 October 2007) +- I enabled test 1009 and made the --local-port use a wide range to reduce the + risk of failures. + +- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers. + This happened because the tftp code always uncondionally did a bind() + without caring if one already had been done and then it failed. I wrote a + test case (1009) to verify this, but it is a bit error-prone since it will + have to pick a fixed local port number and since the tests are run on so + many different hosts in different situations I'll add it in disabled state. + +Yang Tse (3 October 2007) +- Fixed issue related with the use of ares_timeout() result. + +Daniel S (3 October 2007) +- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and + CURLOPT_OPENSOCKETDATA to set a callback that allows an application to + replace the socket() call used by libcurl. It basically allows the app to + change address, protocol or whatever of the socket. + +- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to + CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made + this return code get used by the previous SSH MD5 fingerprint check in case + it fails. + +- Based on a patch brought by Johnny Luong, libcurl now offers + CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both + make the SCP or SFTP connection verify the remote host's md5 checksum of the + public key before doing a connect, to reduce the risk of a man-in-the-middle + attack. + +Daniel S (2 October 2007) +- libcurl now handles chunked-encoded CONNECT responses + +Daniel S (1 October 2007) +- Alex Fishman reported a curl_easy_escape() problem that was made the + function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a + signed / unsigned mistake in the code. I fixed it and added test case 543 to + verify. + +Daniel S (29 September 2007) +- Immanuel Gregoire fixed a problem with persistent transfers over SFTP. + +Daniel S (28 September 2007) +- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the + notifier callback(s). + +Dan F (26 September 2007) +- Enabled a few more gcc warnings with --enable-debug. Renamed a few + variables to avoid shadowing global declarations. + +Daniel S (26 September 2007) +- Philip Langdale provided the new CURLOPT_POST301 option for + curl_easy_setopt() that alters how libcurl functions when following + redirects. It makes libcurl obey the RFC2616 when a 301 response is received + after a non-GET request is made. Default libcurl behaviour is to change + method to GET in the subsequent request (like it does for response code 302 + - because that's what many/most browsers do), but with this CURLOPT_POST301 + option enabled it will do what the spec says and do the next request using + the same method again. I.e keep POST after 301. + + The curl tool got this option as --post301 + + Test case 1011 and 1012 were added to verify. + +- Max Katsev reported that when doing a libcurl FTP request with + CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE + before it does SIZE which makes it less useful. I walked over the code and + made it do this properly, and added test case 542 to verify it. + +Daniel S (24 September 2007) +- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle + URLs ending with a slash properly (it should list the contents of that + directory). Test case 351 brought back and also test 1010 was added. + +Daniel S (21 September 2007) +- Mark Davies fixed Negotiate authentication over proxy, and also introduced + the --proxy-negotiate command line option to allow a user to explicitly + select it. + +Daniel S (19 September 2007) +- Rob Crittenden provided an NSS update with the following highlights: + + o It looks for the NSS database first in the environment variable SSL_DIR, + then in /etc/pki/nssdb, then it initializes with no database if neither of + those exist. + + o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be + loaded, including the ca-bundle. If it is not available then only + certificates already in the NSS database are used. + + o Tries to detect whether a file or nickname is being passed in so the right + thing is done + + o Added a bit of code to make the output more like the OpenSSL module, + including displaying the certificate information when connecting in + verbose mode + + o Improved handling of certificate errors (expired, untrusted, etc) + + The libnsspem.so PKCS#11 module is currently only available in Fedora + 8/rawhide. Work will be done soon to upstream it. The NSS module will work + with or without it, all that changes is the source of the certificates and + keys. + +Daniel S (18 September 2007) +- Immanuel Gregoire pointed out that public key SSH auth failed if no + public/private key was specified and there was no HOME environment variable, + and then it didn't continue to try the other auth methods. Now it will + instead try to get the files id_dsa.pub and id_dsa from the current + directory if none of the two conditions were met. + +Dan F (17 September 2007) +- Added hooks to the test suite to make it possible to test a curl running + on a remote host. + +- Changed some FTP tests to validate the format of the PORT and EPRT commands + sent by curl, if not the addresses themselves. + +Daniel S (15 September 2007) +- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP + proxies for FTP urls. + +- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3 + support on Windows. + +Dan F (13 September 2007) +- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and + fixed some AC_SUBST configure entries. + +Version 7.17.0 (13 September 2007) + +Daniel S (12 September 2007) +- Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed + out a problem with doing an empty upload over FTP on a re-used connection. + I added test case 541 to reproduce it and to verify the fix. + +- I noticed while writing test 541 that the FTP code wrongly did a CWD on the + second transfer as it didn't store and remember the "" path from the + previous transfer so it would instead CWD to the entry path as stored. This + worked, but did a superfluous command. Thus, test case 541 now also verifies + this fix. + +Dan F (5 September 2007) +- Added test case 1007 to test permission problem when uploading with TFTP + (to validate bug #1790403). + +- TFTP now reports the "not defined" TFTP error code 0 as an error, + not success. + +Daniel S (5 September 2007) +- Continued the work on a fix for #1779054 + (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August + 24 was not complete (either) but could accidentally "forget" parts of a + server response which led to faulty server response time-out errors. + +Dan F (5 September 2007) +- Minix doesn't support getsockopt on UDP sockets or send/recv on TCP + sockets. + +Dan F (31 August 2007) +- Made some of the error strings returned by the *strerror functions more + generic, and more consistent with each other. + +- Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants, + creating macros for backward compatibility: + + CURLFTPSSL_NONE => CURLUSESSL_NONE + CURLFTPSSL_TRY => CURLUSESSL_TRY + CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL + CURLFTPSSL_ALL => CURLUSESSL_ALL + CURLFTPSSL_LAST => CURLUSESSL_LAST + +Dan F (30 August 2007) +- Renamed several libcurl error codes and options to make them more general + and allow reuse by multiple protocols. Several unused error codes were + removed. In all cases, macros were added to preserve source (and binary) + compatibility with the old names. These macros are subject to removal at + a future date, but probably not before 2009. An application can be + tested to see if it is using any obsolete code by compiling it with the + CURL_NO_OLDIES macro defined. + + The following unused error codes were removed: + + CURLE_BAD_CALLING_ORDER + CURLE_BAD_PASSWORD_ENTERED + CURLE_FTP_CANT_RECONNECT + CURLE_FTP_COULDNT_GET_SIZE + CURLE_FTP_COULDNT_SET_ASCII + CURLE_FTP_USER_PASSWORD_INCORRECT + CURLE_FTP_WEIRD_USER_REPLY + CURLE_FTP_WRITE_ERROR + CURLE_LIBRARY_NOT_FOUND + CURLE_MALFORMAT_USER + CURLE_OBSOLETE + CURLE_SHARE_IN_USE + CURLE_URL_MALFORMAT_USER + + The following error codes were renamed: + + CURLE_FTP_ACCESS_DENIED => CURLE_REMOTE_ACCESS_DENIED + CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE + CURLE_FTP_SSL_FAILED => CURLE_USE_SSL_FAILED + CURLE_FTP_QUOTE_ERROR => CURLE_QUOTE_ERROR + CURLE_TFTP_DISKFULL => CURLE_REMOTE_DISK_FULL + CURLE_TFTP_EXISTS => CURLE_REMOTE_FILE_EXISTS + CURLE_HTTP_RANGE_ERROR => CURLE_RANGE_ERROR + + The following options were renamed: + + CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD + CURLOPT_FTPAPPEND => CURLOPT_APPEND + CURLOPT_FTPLISTONLY => CURLOPT_DIRLISTONLY + CURLOPT_FTP_SSL => CURLOPT_USE_SSL + + A few more changes will take place with the next SONAME bump of the + library. These are documented in docs/TODO + +- Documented some newer error codes in libcurl-error(3) + +- Added more accurate error code returns from SFTP operations. Added test + case 615 to test an SFTP upload failure. + +Dan F (28 August 2007) +- Some minor internal type and const changes based on a splint scan. + +Daniel S (24 August 2007) +- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed + out that libcurl didn't deal with large responses from server commands, when + the single response was consisting of multiple lines but of a total size of + 16KB or more. Dan Fandrich improved the ftp test script and provided test + case 1006 to repeat the problem, and I fixed the code to make sure this new + test case runs fine. + +Patrick M (23 August 2007) +- OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*. + See packages/OS400/README.OS400. + +Daniel S (23 August 2007) +- Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed + out that doing first a file:// upload and then an FTP upload crashed libcurl + or at best caused furious valgrind complaints. Fixed now! + +Daniel S (22 August 2007) +- Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed + out that libcurl didn't deal with very long (>16K) FTP server response lines + properly. Starting now, libcurl will chop them off (thus the client app will + not get the full line) but survive and deal with them fine otherwise. Test + case 1003 was added to verify this. + +Daniel S (20 August 2007) +- Based on a patch by Christian Vogt, the FTP code now sets the upcoming + download transfer size much earlier to be possible to get read with + CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a + similar spirit to the HTTP size change from August 11 2007. + +Daniel S (18 August 2007) +- Robson Braga Araujo filed bug report #1776232 + (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling + Curl_client_write(), passing on a const string that the caller may not + modify and yet it does (on some platforms). + +- Robson Braga Araujo filed bug report #1776235 + (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY + on a directory would do a "SIZE (null)" request. This is now fixed and test + case 1000 was added to verify. + +Daniel S (17 August 2007) +- Song Ma provided a patch that cures a problem libcurl has when doing resume + HTTP PUT using Digest authentication. Test case 5320 and 5322 were also + added to verify the functionality. + +Daniel S (14 August 2007) +- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag + NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't + UNICODE encode the strings it packs into the NTLM authenticate packet. + +Daniel S (11 August 2007) +- Allen Pulsifer provided a patch that makes libcurl set the expected download + size earlier when doing HTTP downloads, so that applications and the + progress meter etc know get the info earlier in the flow than before. + +- Patrick Monnerat modified the LDAP code and approach in curl. Starting now, + the configure script checks for openldap and friends and we link with those + libs just like we link all other third party libraries, and we no longer + dlopen() those libraries. Our private header file lib/ldap.h was renamed to + lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix) + just before this commit, just in case. + +Dan F (8 August 2007) +- Song Ma noted a zlib memory leak in the illegal compressed header + countermeasures code path. + +Daniel S (4 August 2007) +- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on + non-ASCII systems. + +Daniel S (3 August 2007) +- I cut out support for libssh2 versions older than 0.16 to make our code a + lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define + that 1) didn't work properly since it was >32 bits and 2) is removed in + libssh2 0.16... + +Daniel S (2 August 2007) +- Scott Cantor filed bug report #1766320 + (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl + code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and + CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be + passed in as longs, and that makes a difference on 64 bit architectures. + +- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke + after 7.16.2. This is much due to the different treatment file:// gets + internally, but now I added test 231 to make it less likely to happen again + without us noticing! + +Daniel S (1 August 2007) +- Patrick Monnerat and I modified libcurl so that now it *copies* all strings + passed to it with curl_easy_setopt()! Previously it has always just refered + to the data, forcing the user to keep the data around until libcurl is done + with it. That is now history and libcurl will instead clone the given + strings and keep private copies. This is also part of Patrick Monnerat's + OS/400 port. + + Due to this being a somewhat interesting change API wise, I've decided to + bump the version of the upcoming release to 7.17.0. Older applications will + of course not notice this change nor do they have to care, but new + applications can be written to take advantage of this. + +- Greg Morse reported a problem with POSTing using ANYAUTH to a server + requiring NTLM, and he provided test code and a test server and we worked + out a bug fix. We failed to count sent body data at times, which then caused + internal confusions when libcurl tried to send the rest of the data in order + to maintain the same connection alive. + +Daniel S (31 July 2007) +- Peter O'Gorman pointed out (and fixed) that the non-blocking check in + configure made libcurl use blocking sockets on AIX 4 and 5, while that + wasn't the intention. + +Daniel S (29 July 2007) +- Jayesh A Shah filed bug report #1759542 + (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious + problem with FTPS: libcurl closed the data connection socket and then later + in the flow it would call the SSL layer to do SSL shutdown which then would + use a socket that had already been closed - so if the application had opened + a new one in the mean time, libcurl could send gibberish that way! I worked + with Greg Zavertnik to properly diagnose and fix this. The fix affects code + for all SSL libraries we support, but it has only been truly verified to + work fine for the OpenSSL version. The others have only been code reviewed. + +Daniel S (23 July 2007) +- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces + support for the OS/400 Secure Sockets Layer library. + +Dan F (23 July 2007) +- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed + some few internal identifiers to avoid conflicts, which could be useful on + other platforms. + +Daniel S (22 July 2007) +- HTTP Digest bug fix by Chris Flerackers: + + Scenario + + - Perfoming a POST request with body + - With authentication (only Digest) + - Re-using a connection + + libcurl would send a HTTP POST with an Authorization header but without + body. Our server would return 400 Bad Request in that case (because + authentication passed, but the body was empty). + + Cause + + 1) http_digest.c -> Curl_output_digest + - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is + filled in (and no errors) + - authp->done = TRUE if d->nonce is filled in + 2) http.c -> Curl_http + - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL + 3) http.c -> Curl_http, Curl_http_output_auth + + So what happens is that Curl_output_digest cannot yet update the + Authorization header (allocptr.userpwd) which results in authhost->done=0 -> + authhost->multi=1 -> conn->bits.authneg = TRUE. The body is not + added. *However*, allocptr.userpwd is still used when building the request + +- Added test case 354 that makes a simple FTP retrieval without password, which + verifies the bug fix in #1757328. + +Daniel S (21 July 2007) +- To allow more flexibility in FTP test cases, I've removed the enforced states + from the test server code as they served no real purpose. The test server + is here to serve for the test cases, not to attempt to function as a real + server! While at it, I modified test case 141 to better test and verify + curl -I on a single FTP file. + +Daniel S (20 July 2007) +- James Housley fixed the SFTP PWD command to work. + +- Ralf S. Engelschall filed bug report #1757328 + (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It + turns out we broke login to FTP servers that don't require (nor understand) + PASS after the USER command. The breakage was done as part of the krb5 + commit so a krb-using person needs to verify that the current version now + works or if we need to fix it (in a different way of course). + +Dan F (17 July 2007) +- Fixed test cases 613 and 614 by improving the log postprocessor to handle + a new directory listing format that newer libssh2's can provide. This + is probably NOT sufficient to handle all directory listing formats that + server's can provide, and should be revisited. + +Daniel S (17 July 2007) +- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in + two places. + +- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made + a control connection that was deemed "dead" to yet be re-used in a following + request. + +Daniel S (13 July 2007) +- Colin Hogben filed bug report #1750274 + (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the + case where libcurl did a connect attempt to a non-listening port and didn't + provide a human readable error string back. + +- Daniel Cater fixes: + 1 - made 'make vc8' work on windows. + 2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't + define the symbols for backwards source compatibility) + 3 - updated libcurl-errors.3 + 4 - added CURL_DISABLE_TFTP to docs/INSTALL + +Daniel S (12 July 2007) +- Made the krb5 code build with Heimdal's GSSAPI lib. + +Dan F (12 July 2007) +- Compile most of the example apps in docs/examples when doing a 'make check'. + Fixed some compile warnings and errors in those examples. + +- Removed the example program ftp3rdparty.c since libcurl doesn't support + 3rd party FTP transfers any longer. + +Daniel S (12 July 2007) +- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation + could in fact get stuck in an endless loop. + +- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: + fail to connect if there is no Common Name field found in the remote cert. + We should deprecate the support for this set to 1 anyway soon, since the + feature is pointless and most likely never really used by anyone. + +Daniel S (11 July 2007) +- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407 + error pages for proxy authentication. + +- Giancarlo Formicuccia reported and fixed a problem with a closed connection + to a proxy during CONNECT auth negotiation. + +Dan F (10 July 2007) +- Fixed a curl memory leak reported by Song Ma with a modified version + of the patch he suggested. Added his test case as test289 to verify. + +- Force the time zone to GMT in the cookie tests in case the user is + using one of the so-called 'right' time zones that take into account + leap seconds, which causes the tests to fail (as reported by + Daniel Black in bug report #1745964). + +Version 7.16.4 (10 July 2007) + +Daniel S (10 July 2007) +- Kees Cook notified us about a security flaw + (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to + properly reject some outdated or not yet valid server certificates when + built with GnuTLS. Kees also provided the patch. + +James H (5 July 2007) +- Gavrie Philipson provided a patch that will use a more specific error + message for an scp:// upload failure. If libssh2 has his matching + patch, then the error message return by the server will be used instead + of a more generic error. + +Daniel S (1 July 2007) +- Thomas J. Moore provided a patch that introduces Kerberos5 support in + libcurl. This also makes the options change name to --krb (from --krb4) and + CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still + +- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5 + proxy. + +Daniel S (27 June 2007) +- James Housley: Add two new options for the SFTP/SCP/FILE protocols: + CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the + premissions for files and directories created on the remote + server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and + CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755 + +- I corrected the 10-at-a-time.c example and applied a patch for it by James + Bursa. + +Daniel S (26 June 2007) +- Robert Iakobashvili re-arranged the internal hash code to work with a custom + hash function for different hashes, and also expanded the default size for + the socket hash table used in multi handles to greatly enhance speed when + very many connections are added and the socket API is used. + +- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory + listings as well + +Daniel S (25 June 2007) +- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or + chunked encoding (that also lacks "Connection: close"). It now simply + assumes that the connection WILL be closed to signal the end, as that is how + RFC2616 section 4.4 point #5 says we should behave. + +Version 7.16.3 (25 June 2007) + +Daniel S (23 June 2007) +- As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and + http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do + no-body requests on FTP files on re-used connections properly, or at least + it didn't provide the info back in the header callback properly in the + subsequent requests. + +Daniel S (21 June 2007) +- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker + tool reports and it was indeed a legitimate one and it is one fixed. It was + a use of a share without doing the proper locking first. + +Daniel S (20 June 2007) +- Adam Piggott filed bug report #1740263 + (http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when + getting a large amount of URLs with curl, they were fetched slower and + slower... which turned out to be because the --libcurl data collecting which + wrongly always was enabled, but no longer is... + +Daniel S (18 June 2007) +- Robson Braga Araujo filed bug report #1739100 + (http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl + could not actually list the contents of the root directory of a given FTP + server if the login directory isn't root. I fixed the problem and added + three test cases (one is disabled for now since I identified KNOWN_BUGS #44, + we cannot use --ftp-method nocwd and list ftp directories). + +Daniel S (14 June 2007) +- Shmulik Regev: + + I've encountered (and hopefully fixed) a problem involving proxy CONNECT + requests and easy handles state management. The problem isn't simple to + reproduce since it depends on socket state. It only manifests itself when + working with non-blocking sockets. + + Here is the scenario: + + 1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and + calls Curl_protocol_connect + + 2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function + returns and conn->bits.tunnel_connecting is TRUE + + 3. when the call to Curl_protocol_connect returns the protocol_connect flag + is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which + isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT + should be used. + + I discovered this while performing an HTTPS request through a proxy (squid) + on my local network. The problem caused openssl to fail as it read the proxy + response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL + handshake (the exact openssl error was 'wrong ssl version' but this isn't + very important) + +- Dave Vasilevsky filed bug report #1736875 + (http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan + Fandrich mentioned a related build problem on the libcurl mailing list: + http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same + reason: the definitions of the POLL* defines and the pollfd struct in the + libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H. + +Daniel S (13 June 2007) +- Tom Regner provided a patch and worked together with James Housley, so now + CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP + ones. + +- Rich Rauenzahn filed bug report #1733119 + (http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the + fix. The problem is that for 64bit HPUX builds, several socket-related + functions would still assume int (32 bit) arguments and not socklen_t (64 + bit) ones. + +Daniel S (12 June 2007) +- James Housley brought his revamped SSH code that is state-machine driven to + really take advantage of the now totally non-blocking libssh2 (in CVS). + +Dan F (8 June 2007) +- Incorporated Daniel Black's test706 and test707 SOCKS test cases. + +- Fixed a few problems when starting the SOCKS server. + +- Reverted some recent changes to runtests.pl that weren't compatible with + perl 5.0. + +- Fixed the test harness so that it actually kills the ssh being used as + the SOCKS server. + +Daniel S (6 June 2007) +- -s/--silent can now be used to toggle off the silence again if used a second + time. + +Daniel S (5 June 2007) +- Added Daniel Black's work that adds the first few SOCKS test cases. I also + fixed two minor SOCKS problems to make the test cases run fine. + +Daniel S (31 May 2007) +- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs. + +Daniel S (30 May 2007) +- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel + with a c-ares enabled build only to find that it crashed miserably, and this + was due to some select()isms left in the code. This was due to API + restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no + longer the case so now libcurl runs much better with c-ares and the multi + interface with > 1024 file descriptors in use. + + Extra note: starting now we require c-ares 1.4.0 for asynchronous name + resolves. + +- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting + the maximum size of the connection cache maximum size of the multi handle. + +Daniel S (27 May 2007) +- When working with a problem Stefan Becker had, I found an off-by-one buffer + overwrite in Curl_select(). While fixing it, I also improved its performance + somewhat by changing calloc to malloc and breaking out of a loop earlier + (when possible). + +Daniel S (25 May 2007) +- Rob Crittenden fixed bug #1705802 + (http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel + Black identifying several FTP-SSL test cases fail when we build libcurl with + NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS. + +Daniel S (24 May 2007) +- Song Ma filed bug report #1724016 + (http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading + glob-ranges for TFTP was broken in CVS. Fixed now. + +- 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194) + pointed out that the warnf() function in the curl tool didn't properly deal + with the cases when excessively long words were used in the string to chop + up. + +Daniel S (22 May 2007) +- Andre Guibert de Bruet fixed a memory leak in the function that verifies the + peer's name in the SSL certificate when built for OpenSSL. The leak happens + for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN + name from UTF8. He also fixed a leak when PKCS #12 parsing failed. + +Daniel S (18 May 2007) +- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report + #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the + transfer-related info "variables" were indeed overwritten with zeroes + wrongly and have now been adjusted. The upload size still isn't accurate. + +Daniel S (17 May 2007) +- Feng Tu pointed out a division by zero error in the TFTP connect timeout + code for timeouts less than five seconds, and also provided a fix for it. + Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392) + +Dan F (16 May 2007) +- Added support for compiling under Minix 3.1.3 using ACK. + +Dan F (14 May 2007) +- Added SFTP directory listing test case 613. + +- Added support for quote commands before a transfer using SFTP and test + case 614. + +- Changed the post-quote commands to occur after the transferred file is + closed. + +- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0. + +Dan F (9 May 2007) +- Kristian Gunstone fixed a problem where overwriting an uploaded file with + sftp didn't truncate it first, which would corrupt the file if the new + file was shorter than the old. + +Dan F (8 May 2007) +- Added FTPS test cases 406 and 407 + +Daniel S (8 May 2007) +- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is + because I just made SCP uploads return this value if the file size of + the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to + reflect this news, and a define for the old name was added to the public + header file. + +Daniel S (7 May 2007) +- James Bursa fixed a bug in the multi handle code that made the connection + cache grow a bit too much, beyond the normal 4 * easy_handles. + +Daniel S (2 May 2007) +- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0 + when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is + not very nice if the client wants to be able to use _either_ a HTTP 1.1 + server or one within the aliases list... so starting now, libcurl will + simply consider 200-alias matches the to be HTTP 1.0 compliant. + +- Tobias Rundström reported a problem they experienced with xmms2 and recent + libcurls, which turned out to be the 25-nov-2006 change which treats HTTP + responses without Content-Length or chunked encoding as without bodies. We + now added the conditional that the above mentioned response is only without + body if the response is HTTP 1.1. + +- Jeff Pohlmeyer improved the hiperfifo.c example to use the + CURLMOPT_TIMERFUNCTION callback option. + +- Set the timeout for easy handles to expire really soon after addition or + when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform, + to make applications using only curl_multi_socket() to properly function + when adding easy handles "on the fly". Bug report and test app provided by + Michael Wallner. + +Dan F (30 April 2007) +- Improved the test harness to allow running test servers on other than + the default port numbers, allowing more than one test suite to run + simultaneously on the same host. + +Daniel S (28 April 2007) +- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before, + since it then inits libgcrypt and libgcrypt is being evil and EXITS the + application if it fails to get a fine random seed. That's really not a nice + thing to do by a library. + +- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had + been removed from a multi handle, and then fixed another flaw that prevented + curl_easy_duphandle() to work even after the first fix - the handle was + still marked as using the multi interface. + +Daniel S (26 April 2007) +- Peter O'Gorman found a problem with SCP downloads when the downloaded file + was 16385 bytes (16K+1) and it turned out we didn't properly always "suck + out" all data from libssh2. The effect being that libcurl would hang on the + socket waiting for data when libssh2 had in fact already read it all... + +Dan F (25 April 2007) +- Added support in runtests.pl for "!n" test numbers to disable individual + tests. Changed -t to only keep log files around when -k is specified, + to have the same behaviour as without -t. + +Daniel S (25 April 2007) +- Sonia Subramanian brought our attention to a problem that happens if you set + the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection + in the connection cache is closed to make room for the new one when you call + curl_easy_perform(). It would then wrongly free range-related data in the + connection close funtion. + +Yang Tse (25 April 2007) +- Steve Little fixed compilation on VMS 64-bit mode + +Daniel S (24 April 2007) +- Robert Iakobashvili made the 'master_buffer' get allocated first once it is + can/will be used as it then makes the common cases save 16KB of data for each + easy handle that isn't used for pipelining. + +Dan F (23 April 2007) +- Added <postcheck> support to the test harness. + +- Added tests 610-612 to test more SFTP post-quote commands. + +Daniel S (22 April 2007) +- Song Ma's warning if -r/--range is given with a "bad" range, also noted in + the man page now. + +- Daniel Black filed bug #1705177 + (http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl + --with-gnutl outputs a warning about SSL not being enabled even though GnuTLS + was found and used. + +Daniel S (21 April 2007) +- Daniel Black filed bug #1704675 + (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free + problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on + closedown after a failure and a bad #ifdef for NSS when closing down SSL. + +Yang Tse (20 April 2007) +- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of + Curl_socket_ready(), Curl_poll() and Curl_select() when these are called + with a zero timeout or a timeout value indicating a blocking call should + be performed. + +Daniel S (18 April 2007) +- James Housley made SFTP uploads use libssh2's non-blocking API + +- Prevent the internal progress meter from updating more frequently than once + per second. + +Dan F (17 April 2007) +- Added test cases 296, 297 and 298 to test --ftp-method handling + +Daniel S (16 April 2007) +- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a + function that deprecates the curl_multi_socket() function. Using the new + function the application tell libcurl what action that was found in the + socket that it passes in. This gives a significant performance boost as it + allows libcurl to avoid a call to poll()/select() for every call to + curl_multi_socket*(). + + I added a define in the public curl/multi.h header file that will make your + existing application automatically use curl_multi_socket_action() instead of + curl_multi_socket() when you recompile. But of course you'll get better + performance if you adjust your code manually and actually pass in the + correct action bitmask to this function. + +Daniel S (14 April 2007) +- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test + suite to make stunnel run better in some (most?) environments. + +Dan F (13 April 2007) +- Added test cases 294 and 295 to test --ftp-account handling + +- Improved handling of out of memory in ftp. + +Yang Tse (13 April 2007) +- Fix test case 534 which started to fail 2007-04-13 due to the existance + of a new host on the net with the same silly domain the test was using + for a host which was supposed not to exist. + +Daniel S (12 April 2007) +- Song Ma found a memory leak in the if2ip code if you pass in an interface + name longer than the name field of the ifreq struct (typically 6 bytes), as + then it wouldn't close the used dummy socket. Bug #1698974 + (http://curl.haxx.se/bug/view.cgi?id=1698974) + +Version 7.16.2 (11 April 2007) + +Yang Tse (10 April 2007) +- Ravi Pratap provided some fixes for HTTP pipelining + +- configure script will ignore --enable-sspi option for non-native Windows. + +Daniel S (9 April 2007) +- Nick Zitzmann did ssh.c cleanups + +Daniel S (3 April 2007) +- Rob Jones fixed better #ifdef'ing for a bunch of #include lines. + +Daniel S (2 April 2007) +- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The + accepted commands are as follows: + + chgrp (gid) (path) + Changes the group ID of the file or directory at (path) to (gid). (gid) + must be a number. + + chmod (perms) (path) + Changes the permissions of the file or directory at (path) to + (perms). (perms) must be a number in the format used by the chmod Unix + command. + + chown (uid) (path) + Changes the user ID of the file or directory at (path) to (uid). (uid) + must be a number. + + ln (source) (dest) + Creates a symbolic link at (dest) that points to the file located at + (source). + + mkdir (path) + Creates a new directory at (path). + + rename (source) (dest) + Moves the file or directory at (source) to (dest). + + rm (path) + Deletes the file located at (path). + + rmdir (path) + Deletes the directory located at (path). This command will raise an error + if the directory is not empty. + + symlink (source) (dest) + Same as ln. + +Daniel S (1 April 2007) +- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many + easy handles are added to a multi handle, by avoiding the looping over all + the handles to find which one to remove. + +- Matt Kraai provided a patch that makes curl build on QNX 6 fine again. + +Daniel S (31 March 2007) +- Fixed several minor issues detected by the coverity.com scanner. + +- "Pixel" fixed a problem that appeared when you used -f with user+password + embedded in the URL. + +Dan F (29 March 2007) +- Don't tear down the ftp connection if the maximum filesize was exceeded + and added tests 290 and 291 to check. + +- Added ftps upload and SSL required tests 401 and 402. + +- Send an EOF message before closing an SCP channel, as recommended by + RFC4254. Enable libssh2 tracing when ssh debugging is turned on. + +Yang Tse (27 March 2007) +- Internal function Curl_select() renamed to Curl_socket_ready() + + New Internal wrapper function Curl_select() around select (2), it + uses poll() when a fine poll() is available, so now libcurl can be + built without select() support at all if a fine poll() is available. + +Daniel S (25 March 2007) +- Daniel Johnson fixed multi code to traverse the easy handle list properly. + A left-over bug from the February 21 fix. + +Dan F (23 March 2007) +- Added --pubkey option to curl and made --key also work for SCP/SFTP, + plus made --pass work on an SSH private key as well. + +- Changed the test harness to attempt to gracefully shut down servers + before resorting to the kill -9 hammer. + +- Added test harness infrastructure to support scp/sftp tests, using + OpenSSH as the server. + +- Fixed a memory leak when specifying a proxy with a file: URL. + +Yang Tse (20 March 2007) +- Fixed: When a signal was caught awaiting for an event using Curl_select() + or Curl_poll() with a non-zero timeout both functions would restart the + specified timeout. This could even lead to the extreme case that if a + signal arrived with a frecuency lower to the specified timeout neither + function would ever exit. + + Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in + Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR + defined both functions will return as soon as a signal is caught. Use it + at your own risk, all calls to these functions in the library should be + revisited and checked before fully supporting this feature. + +Yang Tse (19 March 2007) +- Bryan Henderson fixed the progress function so that it can get called more + frequently allowing same calling frecuency for the client progress callback. + +Dan F (15 March 2007) +- Various memory leaks plugged and NULL pointer fixes made in the ssh code. + +Daniel (15 March 2007) +- Nick made the curl tool accept globbing ranges that only is one number, i.e + you can now use [1-1] without curl complaining. + +Daniel (10 March 2007) +- Eygene Ryabinkin: + + The problem is the following: when we're calling Curl_done and it decides to + keep the connection opened ('left intact'), then the caller is not notified + that the connection was done via the NULLifying of the pointer, so some easy + handle is keeping the pointer to this connection. + + Later ConnectionExists can select such connection for reuse even if we're + not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is + false and we can reuse this connection for another easy handle. But thus the + connection will be shared between two easy handles if the handle that wants + to take the ownership is not the same as was not notified of the connection + was done in Curl_done. And when some of these easy handles will get their + connection really freed the another one will still keep the pointer. + + My fix was rather trivial: I just added the NULLification to the 'else' + branch in the Curl_done. My tests with Git and ElectricFence showed no + problems both for HTTP pulling and cloning. Repository size is about 250 Mb, + so it was a considerable amount of Curl's work. + +Dan F (9 March 2007) +- Updated the test harness to add a new "crypto" feature check and updated the + appropriate test case to use it. For now, this is treated the same as the + "SSL" feature because curl doesn't list it separately. + +Daniel (9 March 2007) +- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6. + +- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct + machine type too. + +- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to + upload a file it couldn't open. Bug #1676581 + (http://curl.haxx.se/bug/view.cgi?id=1676581) + +Dan F (9 March 2007) +- Updated the test harness to check for protocol support before running each + test, fixing KNOWN_BUGS #11. + +Dan F (7 March 2007) +- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test + harness. It is very limited as it supports only ftps:// URLs with + --ftp-ssl-control specified, which implicitly encrypts the control + channel but not the data channels. That allows stunnel to be used with + an unmodified ftp server in exactly the same way that the test https + server is set up. + +Dan F (7 March 2007) +- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and + unencrypted data connections. + +Dan F (6 March 2007) +- Fixed a couple of improper pointer uses detected by valgrind in test + cases 181 & 216. + +Daniel (2 March 2007) +- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8 + makefiles that are included in the source release archives, generated from + the Makefile.vc6 files by the maketgz script. I also modified the root + Makefile to have a VC variable that defaults to vc6 but can be overridden to + allow it to be used for vc8 as well. Like this: + + nmake VC=vc8 vc + +Daniel (27 February 2007) +- Hang Kin Lau found and fixed: When I use libcurl to connect to an https + server through a proxy and have the remote https server port set using the + CURLOPT_PORT option, protocol gets reset to http from https after the first + request. + + User defined URL was modified internally by libcurl and subsequent reuse of + the easy handle may lead to connection using a different protocol (if not + originally http). + + I found that libcurl hardcoded the protocol to "http" when it tries to + regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as + follows and it's working fine so far + +Daniel (25 February 2007) +- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from + the multi interface. Note that it still does a part of the connection in a + blocking manner. + +Daniel (23 February 2007) +- Added warning outputs if the command line uses more than one of the options + -v, --trace and --trace-ascii, since it could really confuse the user. + Clarified this fact in the man page. + +Daniel (21 February 2007) +- Ravi Pratap provided work on libcurl making pipelining more robust and + fixing some bugs: + o Don't mix GET and POST requests in a pipeline + o Fix the order in which requests are dispatched from the pipeline + o Fixed several curl bugs with pipelining when the server is returning + chunked encoding: + * Added states to chunked parsing for final CRLF + * Rewind buffer after parsing chunk with data remaining + * Moved chunked header initializing to a spot just before receiving + headers + +Daniel (20 February 2007) +- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle + active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command + line option. + +Daniel (19 February 2007) +- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl. + +- Shmulik Regev found a memory leak in re-used HTTPS connections, at least + when the multi interface was used. + +- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and + 5). + +Daniel (18 February 2007) +- Jeff Pohlmeyer identified two problems: first a rather obscure problem with + the multi interface and connection re-use that could make a + curl_multi_remove_handle() ruin a pointer in another handle. + + The second problem was less of an actual problem but more of minor quirk: + the re-using of connections wasn't properly checking if the connection was + marked for closure. + +Daniel (16 February 2007) +- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting + CURLOPT_RANGE back to no range on an easy handle when using FTP. + +Dan F (14 February 2007) +- Fixed curl-config --libs so it doesn't list unnecessary libraries (and + therefore introduce unnecessary dependencies) when it's not needed. + Also, don't bother adding a library path of /usr/lib + +Daniel (13 February 2007) +- The default password for anonymous FTP connections is now changed to be + "ftp@example.com". + +- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have + gmtime_r() like the older VC versions. He also made use of some machine- + specific defines to differentiate the "OS" define. + +Daniel (12 February 2007) +- Rob Crittenden added support for NSS (Network Security Service) for the + SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/ + + This is the fourth supported library for TLS/SSL that libcurl supports! + +- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent + to the debug callback. + +- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and + CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's + internal decoding of content or transfer encoded content. This may be + preferable in cases where you use libcurl for proxy purposes or similar. The + command line tool got a --raw option to disable both at once. + +- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP + define set to hold the exact date and time of when the tarball was built, as + a human readable string using the UTC time zone. + +- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle + that has an easy handle present in the "closure" list pending closure. + +Daniel (6 February 2007) +- Regular file downloads wiht SFTP and SCP are now done using the non-blocking + API of libssh2, if the libssh2 headers seem to support them. This will make + SCP and SFTP much more responsive and better libcurl citizens when used with + the multi interface etc. + +Daniel (5 February 2007) +- Michael Wallner added support for CURLOPT_TIMEOUT_MS and + CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with + millisecond resolution. The only restriction to that is the alarm() + (sometimes) used to abort name resolves as that uses full seconds. I fixed + the FTP response timeout part of the patch. + + Internally we now count and keep the timeouts in milliseconds but it also + means we multiply set timeouts with 1000. The effect of this is that no + timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which + equals 24.86 days. We probably couldn't before either since the code did + *1000 on the timeout values on several places already. + +Daniel (3 February 2007) +- Yang Tse fixed the cookie expiry date in several test cases that started to + fail since they used "1 feb 2007"... + +- Manfred Schwarb reported that socks5 support was broken and help us pinpoint + the problem. The code now tries harder to use httproxy and proxy where + apppropriate, as not all proxies are HTTP... + +Version 7.16.1 (29 January 2007) + +Daniel (29 January 2007) +- Michael Wallner reported that when doing a CONNECT with a custom User-Agent + header, you got _two_ User-Agent headers in the CONNECT request...! Added + test case 287 to verify the fix. + +Daniel (28 January 2007) +- curl_easy_reset() now resets the CA bundle path correctly. + +- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII + platforms. + +Daniel (25 January 2007) +- Added the --libcurl [file] option to curl. Append this option to any + ordinary curl command line, and you will get a libcurl-using source code + written to the file that does the equivalent operation of what your command + line operation does! + +Dan F (24 January 2007) +- Fixed a dangling pointer problem that prevented the http_proxy environment + variable from being properly used in many cases (and caused test case 63 + to fail). + +Daniel (23 January 2007) +- David McCreedy did NTLM changes mainly for non-ASCII platforms: + + #1 + There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT + defined. I noticed this while testing various configurations. Line 867 of + the current http_ntlm.c is a closing bracket for an if/else pair that only + gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket + wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was + defined. Lines 198 and 140 of my patch wraps that closing bracket in an + #ifdef USE_NTLM2SESSION. + + #2 + I noticed several picky compiler warnings when DEBUG_ME is defined. I've + fixed them with casting. By the way, DEBUG_ME was a huge help in + understanding this code. + + #3 + Hopefully the last non-ASCII conversion patch for libcurl in a while. I + changed the "NTLMSSP" literal to hex since this signature must always be in + ASCII. + + Conversion code was strategically added where necessary. And the + Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c + creates are NOT translated on non-ASCII platforms. + +Dan F (22 January 2007) +- Converted (most of) the test data files into genuine XML. A handful still + are not, due mainly to the lack of support for XML character entities + (e.g. & => & ). This will make it easier to validate test files using + tools like xmllint, as well as to edit and view them using XML tools. + +Daniel (16 January 2007) +- Armel Asselin improved libcurl to behave a lot better when an easy handle + doing an FTP transfer is removed from a multi handle before completion. The + fix also fixed the "alive counter" to be correct on "premature removal" for + all protocols. + +Dan F (16 January 2007) +- Fixed a small memory leak in tftp uploads discovered by curl's memory leak + detector. Also changed tftp downloads to URL-unescape the downloaded + file name. + +Daniel (14 January 2007) +- David McCreedy provided libcurl changes for doing HTTP communication on + non-ASCII platforms. It does add some complexity, most notably with more + #ifdefs, but I want to see this supported added and I can't see how we can + add it without the extra stuff added. + +- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present, + libcurl would crash when trying to read a NULL pointer. + +Daniel (12 January 2007) +- Toby Peterson found a nasty bug that prevented (lib)curl from properly + downloading (most) things that were larger than 4GB on 32 bit systems. Matt + Witherspoon helped as narrow down the problem. + +Daniel (5 January 2007) +- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to + curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it + will make libcurl shutdown SSL/TLS after the authentication is done on a + FTP-SSL operation. + +Daniel (4 January 2007) +- David McCreedy made changes to allow base64 encoding/decoding to work on + non-ASCII platforms. + +Daniel (3 January 2007) +- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store + downloaded data in two buffers, just to be able to deal with a special HTTP + pipelining case. That is now only activated for pipelined transfers. In + Matt's case, it showed as a considerable performance difference, + +Daniel (2 January 2007) +- Victor Snezhko helped us fix bug report #1603712 + (http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate + (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken + on Windows (since 7.16.0, but that's when they were introduced as previous + to that the limiting logic was made in the application only and not in the + library). It was actually also broken on select()-based systems (as apposed + to poll()) but we haven't had any such reports. We now use select(), Sleep() + or delay() properly to sleep a while without waiting for anything input or + output when the rate limiting is activated with the easy interface. + +- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs + to get built static. It has been mentioned before and was again brought to + our attention by Nathanael Nerode who filed debian bug report #405226 + (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226). + +Daniel (29 December 2006) +- Make curl_easy_duphandle() set the magic number in the new handle. + +Daniel (22 December 2006) +- Robert Foreman provided a prime example snippet showing how libcurl would + get confused and not acknowledge the 'no_proxy' variable properly once it + had used the proxy and you re-used the same easy handle. I made sure the + proxy name is properly stored in the connect struct rather than the + sessionhandle/easy struct. + +- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t + variable to point to when it should be a socklen_t. + +- When setting a proxy with environment variables and (for example) running + 'curl [URL]' with a URL without a protocol prefix, curl would not send a + correct request as it failed to add the protocol prefix. + +Daniel (21 December 2006) +- Robson Braga Araujo reported bug #1618359 + (http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a + patch for it: when downloading 2 zero byte files in a row, curl 7.16.0 + enters an infinite loop, while curl 7.16.1-20061218 does one additional + unnecessary request. + + Fix: During the "Major overhaul introducing http pipelining support and + shared connection cache within the multi handle." change, headerbytecount + was moved to live in the Curl_transfer_keeper structure. But that structure + is reset in the Transfer method, losing the information that we had about + the header size. This patch moves it back to the connectdata struct. + +Daniel (16 December 2006) +- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE + during certain conditions when GnuTLS is used. + +Daniel (11 December 2006) +- Alexey Simak found out that when doing FTP with the multi interface and + something went wrong like it got a bad response code back from the server, + libcurl would leak memory. Added test case 538 to verify the fix. + + I also noted that the connection would get cached in that case, which + doesn't make sense since it cannot be re-use when the authentication has + failed. I fixed that issue too at the same time, and also that the path + would be "remembered" in vain for cases where the connection was about to + get closed. + +Daniel (6 December 2006) +- Sebastien Willemijns reported bug #1603712 + (http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections + getting cut off prematurely when --limit-rate is used. While I found no such + problems in my tests nor in my reading of the code, I found that the + --limit-rate code was severly flawed (since it was moved into the lib, since + 7.15.5) when used with the easy interface and it didn't work as documented + so I reworked it somewhat and now it works for my tests. + +Daniel (5 December 2006) +- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when + passing a curl_off_t argument to the Curl_read_rewind() function which takes + an size_t argument. Curl_read_rewind() also had debug code left in it and it + was put in a different source file with no good reason when only used from + one single spot. + +- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is + no code present in the library that receives the option. Since it was not + possible to use, we know that no current users exist and thus we simply + removed it from the docs and made the code always use the default path of + the code. + +- Jared Lundell filed bug report #1604956 + (http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting + CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl + will always internally use no less than 1 entry in the connection cache. + +- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in + the 7.16.0 release. + +- Martin Skinner brought back bug report #1230118 to haunt us once again. + (http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work + properly for all input dates on Windows. It was mostly seen on some TZ time + zones using DST. Luckily, Martin also provided a fix. + +- Alexey Simak filed bug report #1600447 + (http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active + FTP connections don't work with the multi interface. The problem is here + that the multi interface state machine has a state during which it can wait + for the data connection to connect, but the active connection is not done in + the same step in the sequence as the passive one is so it doesn't quite work + for active. The active FTP code still use a blocking function to allow the + remote server to connect. + + The fix (work-around is a better word) for this problem is to set the + boolean prematurely that the data connection is completed, so that the "wait + for connect" phase ends at once. + + The proper fix, left for the future, is of course to make the active FTP + case to act in a non-blocking way too. + +- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a + HTTP upload was disconnected: + + "What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is + setting *only* POLLHUP on poll() when the conditions in my previous mail + occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So + basically what was happening, is poll() was returning immediately (with + POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or + POLLOUT was set. This still caused Curl_readwrite() to be called, which + quickly returned. Then the transfer() loop kept continuing at full speed + forever." + +Daniel (1 December 2006) +- Toon Verwaest reported that there are servers that send the Content-Range: + header in a third, not suppported by libcurl, format and we agreed that we + could make the parser more forgiving to accept all the three found + variations. + +Daniel (25 November 2006) +- Venkat Akella found out that libcurl did not like HTTP responses that simply + responded with a single status line and no headers nor body. Starting now, a + HTTP response on a persistent connection (i.e not set to be closed after the + response has been taken care of) must have Content-Length or chunked + encoding set, or libcurl will simply assume that there is no body. + + To my horror I learned that we had no less than 57(!) test cases that did bad + HTTP responses like this, and even the test http server (sws) responded badly + when queried by the test system if it is the test system. So although the + actual fix for the problem was tiny, going through all the newly failing test + cases got really painful and boring. + +Daniel (24 November 2006) +- James Housley did lots of work and introduced SFTP downloads. + +Daniel (13 November 2006) +- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed + out a stack overwrite (and the corresponding fix) on 64bit Windows when + dealing with HTTP chunked encoding. + +Daniel (9 November 2006) +- Nir Soffer updated libcurl.framework.make: + o fix symlinks, should link to Versions, not to ./Versions + o indentation improvments + +- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov + 2006. It turned out we wrongly assumed that the connection cache was present + when tearing down a connection. + +- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the + multi interface, but I could also repeat it doing multiple sequential ones + with the easy interface. Using Ciprian's test case, I could fix it. + +Daniel (8 November 2006) +- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without + CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the + SSL handshake. This is now stopped. + +Daniel (7 November 2006) +- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a + wrong error message in the error message buffer. + +Daniel (3 November 2006) +- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious + KNOWN_BUGS #25, which happens when a proxy closes the connection when + libcurl has sent CONNECT, as part of an authentication negotiation. Starting + now, libcurl will re-connect accordingly and continue the authentication as + it should. + +Daniel (2 November 2006) +- James Housley brought support for SCP transfers, based on the libssh2 library + for the actual network protocol stuff. + + Added these new curl_easy_setopt() options: + + CURLOPT_SSH_AUTH_TYPES + CURLOPT_SSH_PUBLIC_KEYFILE + CURLOPT_SSH_PRIVATE_KEYFILE + +Version 7.16.0 (30 October 2006) + +Daniel (25 October 2006) +- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the + case when 401 or 407 are returned, *IF* no auth credentials have been given. + The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 + and 407 cases when auth credentials is given, but we've now covered this + somewhat more. + + You might get some amounts of headers transferred before this situation is + detected, like for when a "100-continue" is received as a response to a + POST/PUT and a 401 or 407 is received immediately afterwards. + + Added test 281 to verify this change. + +Daniel (23 October 2006) +- Ravi Pratap provided a major update with pipelining fixes. We also no longer + re-use connections (for pipelining) before the name resolving is done. + +Daniel (21 October 2006) +- Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all + the single test applications' link and dependences, so that you easier can + override those from the command line when using make. + +- Armel Asselin separated CA cert verification problems from problems with + reading the (local) CA cert file to let users easier pinpoint the actual + problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code. + +Daniel (18 October 2006) +- Removed the "protocol-guessing" for URLs with host names starting with FTPS + or TELNET since they are practically non-existant. This leaves us with only + three different prefixes that would assume the protocol is anything but + HTTP, and they are host names starting with "ftp.", "dict." or "ldap.". + +Daniel (17 October 2006) +- Bug report #1579171 pointed out code flaws detected with "prefast", and they + were 1 - a too small memory clear with memset() in the threaded resolver and + 2 - a range of potentially bad uses of the ctype family of is*() functions + such as isdigit(), isalnum(), isprint() and more. The latter made me switch + to using our own set of these functions/macros using uppercase letters, and + with some extra set of crazy typecasts to avoid mistakingly passing in + negative numbers to the underlying is*() functions. + +- With Jeff Pohlmeyer's help, I fixed the expire timer when using + curl_multi_socket() during name resolves with c-ares and the LOW_SPEED + options now work fine with curl_multi_socket() as well. + +Daniel (16 October 2006) +- Added a check in configure that simply tries to run a program (not when + cross-compiling) in order to detect problems with run-time libraries that + otherwise would occur when the sizeof tests for curl_off_t would run and + thus be much more confusing to users. The check of course should run after + all lib-checks are done and before any other test is used that would run an + executable built for testing-purposes. + +Dan F (13 October 2006) +- The tagging of application/x-www-form-urlencoded POST body data sent + to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously + included as part of the header). A message was also added to the + command line tool to show when data is being sent, enabled when + --verbose is used. + +Daniel (12 October 2006) +- Starting now, adding an easy handle to a multi stack that was already added + to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned. + +- Jeff Pohlmeyer has been working with the hiperfifo.c example source code, + and while doing so it became apparent that the current timeout system for + the socket API really was a bit awkward since it become quite some work to + be sure we have the correct timeout set. + + Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another + callback the app can set to get to know when the general timeout time + changes and thus for an application like hiperfifo.c it makes everything a + lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in + good old libcurl tradition. + + Jeff has also updated the hiperfifo.c example code to use this news. + +Daniel (9 October 2006) +- Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test + case 535 and it now runs fine. Again a problem with the pipelining code not + taking all possible (error) conditions into account. + +Daniel (6 October 2006) +- Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to + test case 533 and the test now runs fine. + +Daniel (4 October 2006) +- Dmitriy Sergeyev provided an example source code that crashed CVS libcurl + but that worked nicely in 7.15.5. I converted it into test case 532 and + fixed the problem. + +Daniel (29 September 2006) +- Removed a few other no-longer present options from the header file. + +- Support for FTP third party transfers was removed. Here's why: + + o The recent multi interface changes broke it and the design of the 3rd party + transfers made it very hard to fix the problems + o It was still blocking and thus nasty for the multi interface + o It was a lot of extra code for a very rarely used feature + o It didn't use the same code as for "plain" FTP transfers, so it didn't work + fine for IPv6 and it didn't properly re-use connections and more + o There's nobody around who's willing to work on and improve the existing + code + + This does not mean that third party transfers are banned forever, only that + they need to be done better if they are to be re-added in the future. + + The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p* + options from the command line tool. For this reason, I also bumped the + version info for the lib. + +Daniel (28 September 2006) +- Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl + would crash if a bad function sequence was used when shutting down after + using the multi interface (i.e using easy_cleanup after multi_cleanup) so + precautions have been added to make sure it doesn't any more - test case 529 + was added to verify. + +Daniel (27 September 2006) +- The URL in the cookie jar file is now changed since it was giving a 404. + Reported by Timothy Stone. The new URL will take the visitor to a curl web + site mirror with the document. + +Daniel (24 September 2006) +- Bernard Leak fixed configure --with-gssapi-libs. + +- Cory Nelson made libcurl use the WSAPoll() function if built for Windows + Vista (_WIN32_WINNT >= 0x0600) + +Daniel (23 September 2006) +- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only + encrypt the control connection and use the data connection "plain". + +- Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better + as it now will read the full data sent from servers. The SOCKS-related code + was also moved to the new lib/socks.c source file. + +Daniel (21 September 2006) +- Added test case 531 in an attempt to repeat bug report #1561470 + (http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an + FTP upload fails with the multi interface. It did not, but I made a failed + upload still assume the control connection to be fine. + +Daniel (20 September 2006) +- Armel Asselin fixed problems when you gave a proxy URL with user name and + empty password or no password at all. Test case 278 and 279 were added to + verify. + +Daniel (12 September 2006) +- Added docs/examples/10-at-a-time.c by Michael Wallner + +- Added docs/examples/hiperfifo.c by Jeff Pohlmeyer + +Daniel (11 September 2006) +- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a + handle that is part of a multi handle first removes the handle from the + stack. + +- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL + session-ID re-use on demand since there obviously are broken servers out + there that misbehave with session-IDs used. + +- Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a + problem with it (SIGSEGV-style). It clearly showed that the existing + socket-state and state-difference function wasn't good enough so I rewrote + it and could then re-run Jeff's program without any crash. The previous + version clearly could miss to tell the application when a handle changed + from using one socket to using another. + + While I was at it (as I could use this as a means to track this problem + down), I've now added a 'magic' number to the easy handle struct that is + inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that + we can use internally to detect that an easy handle seems to be fine, or at + least not closed or freed (freeing in debug builds fill the area with 0x13 + bytes but in normal builds we can of course not assume any particular data + in the freed areas). + +Daniel (9 September 2006) +- Michele Bini fixed how the hostname is put in NTLM packages. As servers + don't expect fully qualified names we need to cut them off at the first dot. + +- Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some + of them can be completetly removed though... + +Daniel (6 September 2006) +- Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a + multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that + handle will be attempted to get pipelined instead of done in parallell as + they are performed otherwise. + + As a side-effect from this work, connections are now shared between all easy + handles within a multi handle, so if you use N easy handles for transfers, + each of them can pick up and re-use a connection that was previously used by + any of the handles, be it the same or one of the others. + + This separation of the tight relationship between connections and easy + handles is most noticable when you close easy handles that have been used in + a multi handle and check amount of used memory or watch the debug output, as + there are times when libcurl will keep the easy handle around for a while + longer to be able to close it properly. Like for sending QUIT to close down + an FTP connection. + + This is a major change. + +Daniel (4 September 2006) +- Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a + patch that while not fixing things very nicely, it does make the SOCKS5 + proxy connection slightly better as it now acknowledges the timeout for + connection and it no longer segfaults in the case when SOCKS requires + authentication and you did not specify username:password. + +Daniel (31 August 2006) +- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch + name resolves. It could get stuck in the wrong state. + +Gisle (29 August 2006) +- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS + compiler now uses the same config.dos file (renamed to config.h by + make). libcurl now builds fine using Watcom and Metaware's High-C + using the Watt-32 tcp/ip-stack. + +Daniel (29 August 2006) +- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to + allow applications to set their own socket options. + +Daniel (25 August 2006) +- Armel Asselin reported that the 'running_handles' counter wasn't updated + properly if you removed a "live" handle from a multi handle with + curl_multi_remove_handle(). + +Daniel (22 August 2006) +- David McCreedy fixed a remaining mistake from the August 19 TYPE change. + +- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP + code when doing pure IPv6 EPRT connections. + +Daniel (19 August 2006) +- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE + command on subsequent requests on a re-used connection unless it has to. + +- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and + files in the root directory. + +- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't + send the whole request at once, even though the Expect: header was disabled + by the application. An effect of this change is also that small (< 1024 + bytes) POSTs are now always sent without Expect: header since we deem it + more costly to bother about that than the risk that we send the data in + vain. + +Daniel (9 August 2006) +- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when + CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place + in the command sequence as it would have run if there would've been a + transfer. + +Daniel (8 August 2006) +- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs + on a persistent connection and allowed the first to use that header, you + could not disable it for the second request. + +Daniel (7 August 2006) +- Domenico Andreolfound a quick build error which happened because + src/config.h.in was not a proper duplcate of lib/config.h.in which it + should've been and this was due to the maketgz script not doing the cp + properly. + +Version 7.15.5 (7 August 2006) + +Daniel (2 August 2006) +- Mark Lentczner fixed how libcurl was not properly doing chunked encoding + if the header "Transfer-Encoding: chunked" was set by the application. + http://curl.haxx.se/bug/view.cgi?id=1531838 + +Daniel (1 August 2006) +- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror() + an unknown error number on glibc systems. + http://curl.haxx.se/bug/view.cgi?id=1532289 + +Daniel (31 July 2006) +- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified + prototypes: they both now provide the number of running handles back to the + calling function. It makes the functions resemble the good old + curl_multi_perform() more and provides a nice way to know when the multi + handle goes empty. + + ALERT2: don't use the curl_multi_socket*() functionality in anything + production-like until I say it's somewhat settled, as I suspect there might + be some further API changes before I'm done... + +Daniel (28 July 2006) +- Yves Lejeune fixed so that replacing Content-Type: when doing multipart + formposts work exactly the way you want it (and the way you'd assume it + works). + +Daniel (27 July 2006) +- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both + control and data connection, as the existing --ftp-ssl option only requests + it. + +- [Hiper-related work] Added a function called curl_multi_assign() that will + set a private pointer added to the internal libcurl hash table for the + particular socket passed in to this function: + + CURLMcode curl_multi_assign(CURLM *multi_handle, + curl_socket_t sockfd, + void *sockp); + + 'sockp' being a custom pointer set by the application to be associated with + this socket. The socket has to be already existing and in-use by libcurl, + like having already called the callback telling about its existance. + + The set hashp pointer will then be passed on to the callback in upcoming + calls when this same socket is used (in the brand new 'socketp' argument). + +Daniel (26 July 2006) +- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl + tool option named --ftp-alternative-to-user. It provides a mean to send a + particular command if the normal USER/PASS approach fails. + +- Michael Jerris added magic that builds lib/curllib.vcproj automatically for + newer MSVC. + +Daniel (25 July 2006) +- Georg Horn made the transfer timeout error message include more details. + +Daniel (20 July 2006) +- David McCreedy fixed a build error when building libcurl with HTTP disabled, + problem added with the curl_formget() patch. + +Daniel (17 July 2006) +- Jari Sundell did some excellent research and bug tracking, figured out that + we did wrong and patched it: When nodes were removed from the splay tree, + and we didn't properly remove it from the splay tree when an easy handle was + removed from a multi stack and thus we could wrongly leave a node in the + splay tree pointing to (bad) memory. + +Daniel (14 July 2006) +- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared + for FTP ASCII transfers. + +Daniel (8 July 2006) +- Ates Goral pointed out that libcurl's cookie parser did case insensitive + string comparisons on the path which is incorrect and provided a patch that + fixes this. I edited test case 8 to include details that test for this. + +- Ingmar Runge provided a source snippet that caused a crash. The reason for + the crash was that libcurl internally was a bit confused about who owned the + DNS cache at all times so if you created an easy handle that uses a shared + DNS cache and added that to a multi handle it would crash. Now we keep more + careful internal track of exactly what kind of DNS cache each easy handle + uses: None, Private (allocated for and used only by this single handle), + Shared (points to a cache held by a shared object), Global (points to the + global cache) or Multi (points to the cache within the multi handle that is + automatically shared between all easy handles that are added with private + caches). + +Daniel (4 July 2006) +- Toshiyuki Maezawa fixed a problem where you couldn't override the + Proxy-Connection: header when using a proxy and not doing CONNECT. + +Daniel (24 June 2006) +- Michael Wallner added curl_formget(), which allows an application to extract + (serialise) a previously built formpost (as with curl_formadd()). + +Daniel (23 June 2006) +- Arve Knudsen found a flaw in curl_multi_fdset() for systems where + curl_socket_t is unsigned (like Windows) that could cause it to wrongly + return a max fd of -1. + +Daniel (20 June 2006) +- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and + CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed + to send or receive data. This kind of adds the the command line tool's + option --limit-rate to the library. + + The rate limiting logic in the curl app is now removed and is instead + provided by libcurl itself. Transfer rate limiting will now also work for -d + and -F, which it didn't before. + +Daniel (19 June 2006) +- Made -K on a file that couldn't be read cause a warning to be displayed. + +Daniel (13 June 2006) +- Dan Fandrich implemented --enable-hidden-symbols configure option to enable + -fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl + binary and speeds up dynamic linking by hiding all the internal symbols from + the symbol table. + +Version 7.15.4 (12 June 2006) + +Daniel (8 June 2006) +- Brian Dessent fixed the code for cygwin in three distinct ways: + + The first modifies {lib,src}/setup.h to not include the winsock headers + under Cygwin. This fixes the reported build problem. Cygwin attempts as + much as possible to emulate a posix environment under Windows. This means + that WIN32 is *not* #defined and (to the extent possible) everything is done + as it would be on a *ix type system. Thus <sys/socket.h> is the proper + include, and even though winsock2.h is present, including it just introduces + a whole bunch of incompatible socket API stuff. + + The second is a patch I've included in the Cygwin binary packages for a + while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The + checks are innocuous and they do succeed, but they pollute LIBS with + unnecessary stuff which gets recorded as such in the libcurl.la file, which + brings them into the build of any libcurl-downstream. As far as I know + these libs are really only necessary for mingw, so alternatively they could + be designed to only run if $host matches *-*-mingw* but I took the safer + route of skipping them for *-*-cygwin*. + + The third patch replaces all uses of the ancient and obsolete __CYGWIN32__ + with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>. + +Daniel (7 June 2006) +- Mikael Sennerholm provided a patch that added NTLM2 session response support + to libcurl. The 21 NTLM test cases were again modified to comply... + +Daniel (27 May 2006) +- Óscar Morales Vivó updated the libcurl.framework.make file. + +Daniel (26 May 2006) +- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to + fail. When using the md5-sess, the result was not Md5 encoded and Base64 + transformed. + +Daniel (25 May 2006) +- Michael Wallner provided a patch that allows "SESS" to be set with + CURLOPT_COOKIELIST, which then makes all session cookies get cleared. + +Daniel (24 May 2006) +- Tor Arntsen made test 271 run fine again since the TFTP path fix. + +Daniel (23 May 2006) +- Martin Michlmayr filed debian bug report #367954, but the same error also + showed up in the autobuilds. It seems a rather long-since introduced shell + script flaw in the configure script suddenly was detected by the bash + version in Debian Unstable. It had previously passed undetected by all + shells used so far... + +- David McCreedy updated lib/config-tpf.h + +Daniel (11 May 2006) +- Fixed the configure's check for old-style SSLeay headers since I fell over a + case with a duplicate file name (a krb4 implementation with an err.h + file). I converted the check to manually make sure three of the headers are + present before considering them fine. + +- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended + checks on the to-be-returned socket to make sure it truly seems to be alive + and well. For SSL connection it (only) uses OpenSSL functions. + +Daniel (10 May 2006) +- Fixed DICT in two aspects: + + 1 - allow properly URL-escaped words, like using %20 for spaces + + 2 - properly escape certain letters within a word to comply to the RFC2229 + +Daniel (9 May 2006) +- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU + autotools project, which optionally (default=yes) uses libcurl on a system + without a (usable) libcurl installation, but not specifying + `--without-libcurl', configure determines correctly that no libcurl is + available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl' + in the resulting Makefiles. + + David Shaw fixed the flaw. + +- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL + connects. The state machine was not reset properly so that subsequent + connects using the same handle would fail, and there were two memory leaks. + +- Robson Braga Araujo fixed a memory leak when you added an easy handle to a + multi stack and that easy handle had already been used to do one or more + easy interface transfers, as then the code threw away the previously used + DNS cache without properly freeing it. + +Daniel (8 May 2006) +- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous + problems: + + * The received file is corrupted when a packet is lost and retransmitted + (this is a serious problem!) + + * Transmitting a file aborts if a block is lost and retransmitted + + * Data is stored in the wrong location in the buffer for uploads, so uploads + always fail (I don't see how it could have ever worked, but it did on x86 + at least) + + * A number of calls are made to strerror instead of Curl_strerror, making + the code not thread safe + + * There are references to errno instead of Curl_sockerrno(), causing + incorrect error messages on Windows + + * The file name includes a leading / which violates RFC3617. Doing something + similar to ftp, where two slashes after the host name means an absolute + reference seems a reasonable extension to fix this. + + * Failures in EBCDIC conversion are not propagated up to the caller but are + silently ignored + +- Fixed known bug #28. The TFTP code no longer assumes a packed struct and + thus works reliably on more platforms. + +Daniel (5 May 2006) +- Roland Blom filed bug report #1481217 + (http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele + Bini and David Byron. libcurl previously wrongly used GetLastError() on + windows to get error details after socket-related function calls, when it + really should use WSAGetLastError() instead. + + When changing to this, the former function Curl_ourerrno() is now instead + called Curl_sockerrno() as it is necessary to only use it to get errno from + socket-related functions as otherwise it won't work as intended on Windows. + +Daniel (4 May 2006) +- Mark Eichin submitted bug report #1480821 + (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a + problem with how libcurl dealt with GnuTLS and a case where gnutls returned + GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected + return code, making Curl_ssl_send() confuse the upper layer - causing random + 28 bytes trash data to get inserted in the transfered stream. + + The proper fix was to make the Curl_gtls_send() function return the proper + return codes that the callers would expect. The Curl_ossl_send() function + already did this. + +Daniel (2 May 2006) +- Added a --checkfor option to curl-config to allow users to easier + write for example shell scripts that test for the presence of a + new-enough libcurl version. If --checkfor is given a version string + newer than what is currently installed, curl-config will return a + non-zero exit code and output a string about the unfulfilled + requirement. + +Daniel (26 April 2006) +- David McCreedy brought initial line end conversions when doing FTP ASCII + transfers. They are done on non-windows systems and translate CRLF to LF. + + I modified the 15 LIST-using test cases accordingly. The downside is that now + we'll have even more trouble to get the tests to run on Windows since they + should get CRLF newlines left intact which the *nix versions don't. I figure + the only sane thing to do is to add some kind of [newline] macro for the test + case files and have them expanded to the proper native line ending when the + test cases are run. This is however left to implement. + +Daniel (25 April 2006) +- Paul Querna fixed libcurl to better deal with deflate content encoding + when the stream (wrongly) lacks a proper zlib header. This seems to be the + case on too many actual server implementations. + +Daniel (21 April 2006) +- Ale Vesely fixed CURLOPT_INTERFACE when using a hostname. + +Daniel (19 April 2006) +- Based on previous info from Tor Arntsen, I made configure detect the Intel + ICC compiler to add a compiler option for it, in order for configure to + properly be able to detect function prototypes. + +- Robson Braga Araujo provided a patch that makes libcurl less eager to close + the control connection when using FTP, for example when you remove an easy + handle from a multi stack. + +- Applied a patch by Ates Goral and Katie Wang that corrected my bad fix + attempt from April 10. + +Daniel (11 April 2006) +- #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad + typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least) + since the struct timeval field tv_sec is an int while time_t is 64bit. + +Daniel (10 April 2006) +- Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and + CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL + connection time-out! + +- I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main + sources. See the lib/README.multi_socket for implementation story with + details. Don't expect it to work fully yet. I don't intend to blow any + whistles or ring any bells about it until I'm more convinced it works at + least somewhat reliably. + +Daniel (7 April 2006) +- David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt() + options (callbacks) were added: + + CONV_FROM_NETWORK_FUNCTION + CONV_TO_NETWORK_FUNCTION + CONV_FROM_UTF8_FUNCTION + +Daniel (5 April 2006) +- Michele Bini modified the NTLM code to work for his "weird IIS case" + (http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash + function in addition to the LM one and making some other adjustments in the + order the different parts of the data block are sent in the Type-2 reply. + Inspiration for this work was taken from the Firefox NTLM implementation. + + I edited the existing 21(!) NTLM test cases to run fine with these news. Due + to the fact that we now properly include the host name in the Type-2 message + the test cases now only compare parts of that chunk. + +Daniel (28 March 2006) +- #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that + occurred when asking libcurl to follow HTTP redirects and the original URL + had more than one question mark (?). Added test case 276 to verify. + +Daniel (27 March 2006) +- David Byron found a problem multiple -d options when libcurl was built with + --enable-debug, as then curl used free() on memory allocated both with + normal malloc() and with libcurl-provided functions, when the latter MUST be + freed with curl_free() in debug builds. + +Daniel (26 March 2006) +- Tor Arntsen figured out that TFTP was broken on a lot of systems since we + called bind() with a too big argument in the 3rd parameter and at least + Tru64, AIX and IRIX seem to be very picky about it. + +Daniel (21 March 2006) +- David McCreedy added CURLINFO_FTP_ENTRY_PATH. + +- Xavier Bouchoux made the SSL connection non-blocking for the multi interface + (when using OpenSSL). + +- Tor Arntsen fixed the AIX Toolbox RPM spec + +Daniel (20 March 2006) +- David McCreedy fixed libcurl to no longer ignore AUTH failures and now it + reacts properly according to the CURLOPT_FTP_SSL setting. + +- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file + whose length was a multiple of 512 bytes could have random garbage + appended. Also, stop processing TFTP packets which are too short to be + legal. + +- Ilja van Sprundel reported a possible crash in the curl tool when using + "curl hostwithoutslash -d data -G" + +Version 7.15.3 (20 March 2006) + +Daniel (20 March 2006) +- VULNERABILITY reported to us by Ulf Harnhammar. + + libcurl uses the given file part of a TFTP URL in a manner that allows a + malicious user to overflow a heap-based memory buffer due to the lack of + boundary check. + + This overflow happens if you pass in a URL with a TFTP protocol prefix + ("tftp://"), using a valid host and a path part that is longer than 512 + bytes. + + The affected flaw can be triggered by a redirect, if curl/libcurl is told to + follow redirects and an HTTP server points the client to a tftp URL with the + characteristics described above. + + The Common Vulnerabilities and Exposures (CVE) project has assigned the name + CVE-2006-1061 to this issue. + +Daniel (16 March 2006) +- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included + in the release archive. + +Daniel (14 March 2006) +- David McCreedy fixed: + + a bad SSL error message when OpenSSL certificates are verified fine. + + a missing return code assignment in the FTP code + +Daniel (7 March 2006) +- Markus Koetter filed debian bug report #355715 which identified a problem + with the multi interface and multi-part formposts. The fix from February + 22nd could make the Curl_done() function get called twice on the same + connection and it was not designed for that and thus tried to call free() on + an already freed memory area! + +- Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL + is used properly. + +Daniel (6 March 2006) +- Lots of users on Windows have reported getting the "SSL: couldn't set + callback" error message so I've now made the setting of that callback not be + as critical as before. The function is only used for additional loggging/ + trace anyway so a failure just means slightly less data. It should still be + able to proceed and connect fine to the server. + +Daniel (4 March 2006) +- Thomas Klausner provided a patch written by Todd Vierling in bug report + #1442471 that fixes a build problem on Interix. + +Daniel (2 March 2006) +- FTP upload without a file name part in the URL now causes + curl_easy_perform() to return CURLE_URL_MALFORMAT. Previously it allowed the + upload but named the file "(nil)" (without the quotes). Test case 524 + verifies. + +- Added a check for getprotobyname in configure so that it'll be used, thanks + to Gisle Vanem's change the other day. + +Daniel (28 February 2006) +- Dan Fandrich prevented curl from getting stuck in an endless loop in case we + are out of file handles very early in curl's code where it makes sure that + 0, 1 and 2 aren't gonna be used by the lib for transfers. + +Daniel (27 February 2006) +- Marty Kuhrt pointed out that there were two VMS-specific files missing in + the release archive. + +Version 7.15.2 (27 February 2006) + +Daniel (22 February 2006) +- Lots of work and analysis by "xbx___" in bug #1431750 + (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two + different but related bugs: + + 1) Removing an easy handle from a multi handle before the transfer is done + could leave a connection in the connection cache for that handle that is + in a state that isn't suitable for re-use. A subsequent re-use could then + read from a NULL pointer and segfault. + + 2) When an easy handle was removed from the multi handle, there could be an + outstanding c-ares DNS name resolve request. When the response arrived, + it caused havoc since the connection struct it "belonged" to could've + been freed already. + + Now Curl_done() is called when an easy handle is removed from a multi handle + pre-maturely (that is, before the transfer was complteted). Curl_done() also + makes sure to cancel all (if any) outstanding c-ares requests. + +Daniel (21 February 2006) +- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy + type to the already provided type CURLPROXY_SOCKS4. + + I added a --socks4 option that works like the current --socks5 option but + instead use the socks4 protocol. + +Daniel (20 February 2006) +- Shmulik Regev fixed an issue with multi-pass authentication and compressed + content when libcurl didn't honor the internal ignorebody flag. + +Daniel (18 February 2006) +- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate + code. It should however not be the cause of any troubles. He also fixed a + few similar problems in the HTTP test server code. + +Daniel (17 February 2006) +- Shmulik Regev provided a fix for the DNS cache when using short life times, + as previously it could be holding on to old cached entries longer than + requested. + +Daniel (11 February 2006) +- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options + that an app can use to let libcurl only connect to a remote host and then + extract the socket from libcurl. libcurl will then not attempt to do any + transfer at all after the connect is done. + +- Kent Boortz improved the configure check for GnuTLS to properly set LIBS + instead of LDFLAGS. + +Daniel (8 February 2006) +- Philippe Vaucher provided a brilliant piece of test code that show a problem + with re-used FTP connections. If the second request on the same connection + was set not to fetch a "body", libcurl could get confused and consider it an + attempt to use a dead connection and would go acting mighty strange. + +Daniel (2 February 2006) +- Make --limit-rate [num] mean bytes. It used to be that but it broke in my + change done in November 2005. + +Daniel (30 January 2006) +- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the + curl tool with --local-port. Plain and simply set the range of ports to bind + the local end of connections to. Implemented on to popular demand. + +- Based on an error report by Philippe Vaucher, we no longer count a retried + connection setup as a follow-redirect. It turns out 1) this fails when a FTP + connection is re-setup and 2) it does make the max-redirs counter behave + wrong. + +Daniel (24 January 2006) +- Michal Marek provided a patch for FTP that makes libcurl continue to try + PASV even after EPSV returned a positive response code, if libcurl failed to + connect to the port number the EPSV response said. Obviously some people are + going through protocol-sensitive firewalls (or similar) that don't + understand EPSV and then they don't allow the second connection unless PASV + was used. This also called for a minor fix of test case 238. + +Daniel (20 January 2006) +- Duane Cathey was one of our friends who reported that curl -P [IP] + (CURLOPT_FTPPORT) didn't work for IPv6-enabed curls if the IP wasn't a + "native" IP while it works fine for IPv6-disabled builds! + + In the process of fixing this, I removed the support for LPRT since I can't + think of many reasons to keep doing it and asking on the mailing list didn't + reveal anyone else that could either. The code that sends EPRT and PORT is + now also a lot simpler than before (IMHO). + +Daniel (19 January 2006) +- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl + (built IPv4-only) didn't work. + +Daniel (18 January 2006) +- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), + the configure script complained about a missing "missing" script if you ran + configure within a path whose name included one or more spaces. This is due + to a flaw in automake (1.9.6 and earlier). I've now worked around it by + including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll + be used instead of the one automake ships with. This kludge needs to be + removed once we get an automake version with this problem corrected. + Possibly we'll then need to convert this into a kludge depending on what + automake version that is used and that is gonna be painful and I don't even + want to think about that now...! + +Daniel (17 January 2006) +- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with + the latest features and protocols that libcurl supports and has a minor fix + to better deal with the obscure case where someone has more than one libcurl + installed at the same time. + +Daniel (16 January 2006) +- David Shaw finally removed all traces of Gopher and we are now officially + not supporting it. It hasn't been functioning for years anyway, so this is + just finally stating what already was true. And a cleanup at the same time. + +- Bryan Henderson turned the 'initialized' variable for curl_global_init() + into a counter, and thus you can now do multiple curl_global_init() and you + are then supposed to do the same amount of calls to curl_global_cleanup(). + Bryan has also updated the docs accordingly. + +Daniel (13 January 2006) +- Andrew Benham fixed a race condition in the test suite that could cause the + test script to kill all processes in the current process group! + +Daniel (12 January 2006) +- Michael Jahn: + + Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru + HTTP proxy. + + Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would + previously overwrite internal memory and cause unpredicted behaviour! + +Daniel (11 January 2006) +- I decided to document the "secret option" here now, as I've received *NO* + feedback at all on my mailing list requests from November 2005: + + I'm looking for feedback and comments. I added some experimental code the + other day, that allows a libcurl user to select what method libcurl should + use to reach a file on a FTP(S) server. + + This functionality is available in CVS code and in recent daily snapshots. + + Let me explain... + + The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for + the command line tool) and you set it to a long (there are currenly no + defines for the argument values, just plain numericals). You can set three + different "methods" that do this: + + 1 multicwd - like today, curl will do a single CWD operation for each path + part in the given URL. For deep hierarchies this means very many + commands. This is how RFC1738 says it should be done. This is the + default. + + 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give + a full path to the server. + + 3 singlecwd - make one CWD with the full target directory and then operate + on the file "normally". + + (With the command line tool you do --ftp-method [METHOD], where [METHOD] is + one of "multicwd", "nocwd" or "singlecwd".) + + What feedback I'm interested in: + + 1 - Do they work at all? Do you find servers where one of these don't work? + + 2 - What would proper names for the option and its arguments be, if we + consider this feature good enough to get included and documented in + upcoming releases? + + 3 - Should we make libcurl able to "walk through" these options in case of + (path related) failures, or should it fail and let the user redo any + possible retries? + + (This option is not documented in any man page just yet since I'm not sure + these names will be used or if the functionality will end up exactly like + this. And for the same reasons we have no test cases for these yet.) + +Daniel (10 January 2006) +- When using a bad path over FTP, as in when libcurl couldn't CWD into all + given subdirs, libcurl would still "remember" the full path as if it is the + current directory libcurl is in so that the next curl_easy_perform() would + get really confused if it tried the same path again - as it would not issue + any CWD commands at all, assuming it is already in the "proper" dir. + + Starting now, a failed CWD command sets a flag that prevents the path to be + "remembered" after returning. + +Daniel (7 January 2006) +- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP + proxy actually used a new connection and not sent the second request on the + first socket! + +Daniel (6 January 2006) +- Alexander Lazic made the buildconf run the buildconf in the ares dir if that + is present instead of trying to mimic that script in curl's buildconf + script. + +Daniel (3 January 2006) +- Andres Garcia made the TFTP test server build with mingw. +Daniel (16 December 2005) +- Jean Jacques Drouin pointed out that you could only have a user name or + password of 127 bytes or less embedded in a URL, where actually the code + uses a 255 byte buffer for it! Modified now to use the full buffer size. + +Daniel (12 December 2005) +- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly + +Version 7.15.1 (7 December 2005) + +Daniel (6 December 2005) +- Full text here: http://curl.haxx.se/docs/adv_20051207.html Pointed out by + Stefan Esser. + + VULNERABILITY + + libcurl's URL parser function can overflow a malloced buffer in two ways, if + given a too long URL. + + These overflows happen if you + + 1 - pass in a URL with no protocol (like "http://") prefix, using no slash + and the string is 256 bytes or longer. This leads to a single zero byte + overflow of the malloced buffer. + + 2 - pass in a URL with only a question mark as separator (no slash) between + the host and the query part of the URL. This leads to a single zero byte + overflow of the malloced buffer. + + Both overflows can be made with the same input string, leading to two single + zero byte overwrites. + + The affected flaw cannot be triggered by a redirect, but the long URL must + be passed in "directly" to libcurl. It makes this a "local" problem. Of + course, lots of programs may still pass in user-provided URLs to libcurl + without doing much syntax checking of their own, allowing a user to exploit + this vulnerability. + + There is no known exploit at the time of this writing. + + +Daniel (2 December 2005) +- Jamie Newton pointed out that libcurl's file:// code would close() a zero + file descriptor if given a non-existing file. + +Daniel (24 November 2005) +- Doug Kaufman provided a set of patches to make curl build fine on DJGPP + again using configure. + +- Yang Tse provided a whole series of patches to clear up compiler warnings on + MSVC 6. + +Daniel (17 November 2005) +- I extended a patch from David Shaw to make libcurl _always_ provide an error + string in the given error buffer to address the flaw mention on 21 sep 2005. + +Daniel (16 November 2005) +- Applied Albert Chin's patch that makes the libcurl.pc pkgconfig file get + installed on 'make install' time. + +Daniel (14 November 2005) +- Quagmire reported that he needed to raise a NTLM buffer for SSPI to work + properly for a case, and so we did. We raised it even for non-SSPI builds + but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715 + +- Jan Kunder's debian bug report + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338680 identified a weird + error message for when you try to upload a file and the requested directory + doesn't exist on the target server. + +- Yang Tse fixed compiler warnings in lib/ssluse.c with OpenSSL 0.9.8 and in + lib/memdebug.h that showed up in his msvc builds. + +Daniel (13 November 2005) +- Debian bug report 338681 by Jan Kunder: make curl better detect and report + bad limit-rate units: + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338681 Now curl will return + error if a bad unit is used. + +- Thanks to this nice summary of poll() implementations: + http://www.greenend.org.uk/rjk/2001/06/poll.html and further tests by Eugene + Kotlyarov, we now know that cygwin's poll returns only POLLHUP on remote + connectin closure so we check for that case (too) and re-enable poll for + cygwin builds. + +Daniel (12 November 2005) +- Eugene Kotlyarov found out that cygwin's poll() function isn't doing things + right: http://curl.haxx.se/mail/archive-2005-11/0045.html so we now disable + poll() and use select() on cygwin too (we already do the same choice on Mac + OS X) + +- Dima Barsky patched problem #1348930: the GnuTLS code completely ignored + client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930). + +Daniel (10 November 2005) +- David Lang fixed IPv6 support for TFTP! + +- Introducing range stepping to the curl globbing support. Now you can specify + step counter by adding :[num] within the brackets when specifying a range: + + [1-100:10] + [a-z:2] + + If no step counter is set, it defaults to 1 as before: + + [1-100] + [d-h] + +Daniel (8 November 2005) +- Removed the use of AI_CANONNAME in the IPv6-enabled resolver functions since + we really have no use for reverse lookups of the address. + + I truly hope these are the last reverse lookups we had lingering in the + code! + +- Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled + version of libcurl with different Windows versions. Current version of + libcurl imports SSPI functions from secur32.dll. However, under Windows NT + 4.0 these functions are located in security.dll, under Windows 9x - in + secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll + just forwards calls to secur32.dll). + + Dmitry's patch loads proper library dynamically depending on Windows + version. Function InitSecurityInterface() is used to obtain pointers to all + of SSPI function in one structure. + +Daniel (31 October 2005) +- Vilmos Nebehaj improved libcurl's LDAP abilities: + + The LDAP code in libcurl can't handle LDAP servers of LDAPv3 nor binary + attributes in LDAP objects. So, I made a quick patch to address these + problems. + + The solution is simple: if we connect to an LDAP server, first try LDAPv3 + (which is the preferred protocol as of now) and then fall back to LDAPv2. + In case of binary attributes, we first convert them to base64, just like the + openldap client does. It uses ldap_get_values_len() instead of + ldap_get_values() to be able to retrieve binary attributes correctly. I + defined the necessary LDAP macros in lib/ldap.c to be able to compile + libcurl without the presence of libldap + +Daniel (27 October 2005) +- Nis Jorgensen filed bug report #1338648 + (http://curl.haxx.se/bug/view.cgi?id=1338648) which really is more of a + feature request, but anyway. It pointed out that --max-redirs did not allow + it to be set to 0, which then would return an error code on the first + Location: found. Based on Nis' patch, now libcurl supports CURLOPT_MAXREDIRS + set to 0, or -1 for infinity. Added test case 274 to verify. + +- tommink[at]post.pl reported in bug report #1337723 + (http://curl.haxx.se/bug/view.cgi?id=1337723) that curl could not upload + binary data from stdin on Windows if the data contained control-Z (hex 1a) + since that is treated as end-of-file when read in text mode. Gisle Vanem + pointed out the fix, and I made both -T and --data-binary take advantage of + it. + +- Jaz Fresh pointed out that if you used "-r [number]" as was wrongly described + in the man page, curl would send an invalid HTTP Range: header. The correct + way would be to use "-r [number]-" or even "-r -[number]". Starting now, + curl will warn if this is discovered, and automatically append a dash to the + range before passing it to libcurl. + +Daniel (25 October 2005) +- Amol Pattekar reported a bug with great detail and a fine example in bug + #1326306 (http://curl.haxx.se/bug/view.cgi?id=1326306). When using the multi + interface and connecting to a host with multiple IP addresses, and one of + the addresses fails to connect (the server must exist and respond, just not + accept connections) libcurl leaks a socket descriptor. Thanks to the fine + report, I could find and fix this. + +Daniel (22 October 2005) +- Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug report + #1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL + stream from a server and the server requests a "rehandshake", the current + code simply returns this as an error. I have no good way to test this, but + I've added a crude attempt of dealing with this situation slightly better - + it makes a blocking handshake if this happens. Done like this because fixing + this the "proper" way (that would handshake asynchronously) will require + quite some work and I really need a good way to test this to do such a + change. + +Daniel (21 October 2005) +- "Ofer" reported a problem when libcurl re-used a connection and failed to do + it, it could then accidentally actually crash. Presumably, this concerns FTP + connections. http://curl.haxx.se/bug/view.cgi?id=1330310 + +- Temprimus improved the MSVC makefile so that the static debug SSL libs are + linked to the executable and not to the libcurld.lib + http://curl.haxx.se/bug/view.cgi?id=1326676 + +- Bradford Bruce made the windows resolver code properly return + CURLE_COULDNT_RESOLVE_PROXY and CURLE_COULDNT_RESOLVE_HOST on resolving + errors (as documented). + +Daniel (20 October 2005) +- Dave Dribin made libcurl understand and handle cases when the server + (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should + never happen in a sane world, libcurl previously got into an infinite loop + when this occurred. Dave added test 273 to verify this. + +- Temprimus improved the MSVC makefile: "makes a build option available so if + you set rtlibcfg=static for the make, then it would build with /MT. The + default behaviour is /MD (the original)." + http://curl.haxx.se/bug/view.cgi?id=1326665 + +Daniel (14 October 2005) +- Reverted the LIBCURL_VERSION_NUM change from October 6. As Dave Dribin + reported, the define is used by the configure script and is assumed to use + the 0xYYXXZZ format. This made "curl-config --vernum" fail in the 7.15.0 + release version. + +Version 7.15.0 (13 October 2005) + +Daniel (12 October 2005) +- Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM + code that would overflow a buffer if given a too long user name or domain + name. This would happen if you enable NTLM authentication and either + + A - pass in a user name and domain name to libcurl that together are longer + than 192 bytes + + B - allow (lib)curl to follow HTTP "redirects" (Location: and the + appropriate HTTP 30x response code) and the new URL contains a URL with + a user name and domain name that together are longer than 192 bytes + + See http://curl.haxx.se/docs/security.html for further details and updates + +Daniel (5 October 2005) +- Darryl House reported a problem with using -z to download files from FTP. + It turned out that if the given time stamp was exact the same as the remote + time stamp, the file would still wrongly be downloaded. Added test case 272 + to verify. + +Daniel (4 October 2005) +- Domenico Andreoli fixed a man page malformat and removed odd (0xa0) bytes + from the configure script. + +- Michael Wallner reported that the date parser had wrong offset stored for + the MEST and CEST time zones. + +Daniel (27 September 2005) +- David Yan filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181) + that identified a silly problem with Content-Range: headers with the 'bytes' + keyword written in a different case than all lowercase! It would cause a + segfault! + +- TJ Saunders of the proftpd project identified and pointed out problems with + the modified FTPS negotiation change of August 19 2005. Thus, we revert the + change back to pre-7.14.1 status. + +Daniel (21 September 2005) +- Fixed "cut off" sentence in the libcurl-tutorial man page: + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305 + +- Clarified in the curl_easy_setopt man page what the default + CURLOPT_WRITEFUNCTION and CURLOPT_WRITEDATA mean: + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329311 + +- Clarified in the curl_easy_setopt man page that CURLOPT_ERRORBUFFER + sometimes doesn't fill in the buffer even though it is supposed to: + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329313 + +- When CURLE_URL_MALFORMAT is returned due to a missing URL, it now has an + error string set. + +Daniel (19 September 2005) +- Dmitry Bartsevich made the SSPI support work on Windows 9x as well. + +Daniel (15 September 2005) +- Added a TFTP server to the test suite and made the test suite capable of + using it. + +Daniel (7 September 2005) +- Ben Madsen's detailed reports that funnily enough only occurred with certain + glibc versions turned out to be curl using an already closed file handle + during certain conditions (like when saving FTP server "headers"). + +- Scott Davis helped me track down a problem in the test HTTP server that made + test case 56 wrongly fail at times. It turned out it was due to the server + finding the end of a chunked-encoded POST too early. + +Daniel (6 September 2005) +- Now curl warns if an unknown variable is used in the -w/--writeout argument. + +Daniel (4 September 2005) +- I applied Nicolas François' man page patch he posted to the Debian bug + tracker. It corrected two lines that started with apostrophes, which isn't + legal nroff format. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326511 + +- Added --ftp-skip-pasv-ip to the command line tool, that sets the new + CURLOPT_FTP_SKIP_PASV_IP option. It makes libcurl re-use the control + connection's IP address when setting up the data connection instead of + extractting the IP address from the PASV response. It has turned out this + feature is frequently needed by people to circumvent silly servers and silly + firewalls, especially when FTPS is used and the PASV command-response is + sent encrtyped. + + Sponsored by CU*Answers + +Daniel (1 September 2005) +- John Kelly added TFTP support to libcurl. A bunch of new error codes was + added. TODO: add them to docs. add TFTP server to test suite. add TFTP to + list of protocols whereever those are mentioned. + +Version 7.14.1 (1 September 2005) + +Daniel (29 August 2005) +- Kevin Lussier pointed out a problem with curllib.dsp and how to fix it. + +- Igor Polyakov fixed a rather nasty problem with the threaded name resolver + for Windows, that could lead to an Access Violation when the multi interface + was used due to an issue with how the resolver thread was and was not + terminated. + +- Simon Josefsson brought a patch that allows curl to get built to use GNU GSS + instead of MIT/Heimdal for GSS capabilities. + +Daniel (24 August 2005) +- Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible + from the command line tool with --ignore-content-length. This will make it + easier to download files from Apache 1.x (and similar) servers that are + still having problems serving files larger than 2 or 4 GB. When this option + is enabled, curl will simply have to wait for the server to close the + connection to signal end of transfer. I wrote test case 269 that runs a + simple test to verify that this works. + +- (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed + the --logfile command line option to --log-file, and thus the test script + valgrind autodetection now has yet another version check to do and then it + alters the valgrind command line accordingly. + +- Fixed CA cert verification using GnuTLS with the default bundle, which + previously failed due to GnuTLS not allowing x509 v1 CA certs by default. + Ralph Mitchell reported. + +Daniel (19 August 2005) +- Norbert Novotny had problems with FTPS and he helped me work out a patch + that made curl run fine in his end. The key was to make sure we do the + SSL/TLS negotiation immediately after the TCP connect is done and not after + a few other commands have been sent like we did previously. I don't consider + this change necessary to obey the standards, I think this server is pickier + than what the specs allow it to be, but I can't see how this modified + libcurl code can add any problems to those who are interpreting the + standards more liberally. + +Daniel (17 August 2005) +- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with + CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to + write the result to a given cookie jar and then never actually call + curl_easy_perform() - the given file(s) to read was never read but the + output file was written and thus it caused a "funny" result. + +- While doing some tests for the bug above, I noticed that Firefox generates + large numbers (for the expire time) in the cookies.txt file and libcurl + didn't treat them properly. Now it does. + +Daniel (15 August 2005) +- Added more verbose "warning" messages to the curl client for cases where it + fails to open/read files etc to help users diagnose why it doesn't do what + you'd expect it to. Converted lots of old messages to use the new generic + function I wrote for this purpose. + +Daniel (13 August 2005) +- James Bursa identified a libcurl HTTP bug and a good way to repeat it. If a + site responds with bad HTTP response that doesn't contain any header at all, + only a response body, and the write callback returns 0 to abort the + transfer, it didn't have any real effect but the write callback would be + called once more anyway. + +Daniel (12 August 2005) +- Based on Richard Clayton's reports, I found out that using curl -d @filename + when 'filename' was not possible to access made curl use a GET request + instead. + +- The time condition illegal syntax warning is now inhibited if -s is used. + +Daniel (10 August 2005) +- Mario Schroeder found out that one of the debug callbacks calls that regards + SSL data with the CURLINFO_TEXT type claimed that the data was one byte + larger than it actually is, thus falsely telling the application that the + terminating zero was part of the data. + +Daniel (9 August 2005) +- Christopher R. Palmer fixed the offsets used for date parsings when the time + zone name of a daylight savings time was used. For example, PDT vs PDS. This + flaw was introduced with the new date parser (11 sep 2004 - 7.12.2). + Fortunately, no web server or cookie string etc should be using such time + zone names thus limiting the effect of this bug. + +Daniel (8 August 2005) +- Jon Grubbs filed bug report #1249962 + (http://curl.haxx.se/bug/view.cgi?id=1249962) which identified a problem + with NTLM on a HTTP proxy if an FTP URL was given. libcurl now properly + switches to pure HTTP internally when an HTTP proxy is used, even for FTP + URLs. The problem would also occur with other multi-pass auth methods. + +Daniel (7 August 2005) +- When curl is built with GnuTLS, curl-config didn't include "SSL" when + --features was used. + +Daniel (28 July 2005) +- If any of the options CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST is + set to 1, CURLOPT_NOBODY will now automatically be set to 0. + +Daniel (27 July 2005) +- Dan Fandrich changes over the last week: fixed numerous minor configure + option parsing flaws: --without-gnutls, --without-spnego --without-gssapi + and --without-krb4. Spellfixed several error messages. + +- Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a + simple interface to extracting and setting cookies in libcurl's internal + "cookie jar". See the new cookie_interface.c example code. + +Daniel (13 July 2005) +- Diego Casorran provided patches to make curl build fine on Amiga again. + +Daniel (12 July 2005) +- Adrian Schuur added trailer support in the chunked encoding stream. The + trailer is then sent to the normal header callback/stream. I wrote up test + case 266 to verify the basic functionality. Do note that test case 34 + contains a flawed chunked encoding stream that still works the same. + +Daniel (5 July 2005) +- Gisle Vanem came up with a nice little work-around for bug #1230118 + (http://curl.haxx.se/bug/view.cgi?id=1230118). It seems the Windows (MSVC) + libc time functions may return data one hour off if TZ is not set and + automatic DST adjustment is enabled. This made curl_getdate() return wrong + value, and it also concerned internal cookie expirations etc. + +Daniel (4 July 2005) +- Andrew Bushnell provided enough info for me to tell that we badly needed to + fix the CONNECT authentication code with multi-pass auth methods (such as + NTLM) as it didn't previously properly ignore response-bodies - in fact it + stopped reading after all response headers had been received. This could + lead to libcurl sending the next request and reading the body from the first + request as response to the second request. (I also renamed the function, + which wasn't strictly necessary but...) + + The best fix would to once and for all make the CONNECT code use the + ordinary request sending/receiving code, treating it as any ordinary request + instead of the special-purpose function we have now. It should make it + better for multi-interface too. And possibly lead to less code... + + Added test case 265 for this. It doesn't work as a _really_ good test case + since the test proxy is too stupid, but the test case helps when running the + debugger to verify. + +Daniel (30 June 2005) +- Dan Fandrich improved the configure script's ability to figure out what kind + of strerror_r() API that is used when cross-compiling. If __GLIB__ is + defined, it assumes the glibc API. If not, it issues a notice as before that + the user needs to manually edit lib/config.h for this. + +Daniel (23 June 2005) +- David Shaw's fix that unifies proxy string treatment so that a proxy given + with CURLOPT_PROXY can use a http:// prefix and user + password. The user + and password fields are now also URL decoded properly. Test case 264 added + to verify. + +Daniel (22 June 2005) +- David Shaw updated libcurl.m4 + +Daniel (14 June 2005) +- Gisle Vanem fixed a potential thread handle leak. Bug report #1216500 + (http://curl.haxx.se/bug/view.cgi?id=1216500). Comment in + http://curl.haxx.se/mail/lib-2005-06/0059.html + +Daniel (13 June 2005) +- Made buildconf run libtoolize in the ares dir too (inspired by Tupone's + reverted patch). + +Daniel (9 June 2005) +- Incorporated Tupone's findtool fix in buildconf (slightly edited) + +- Incorporated Tupone's head -n fix in buildconf. + +Daniel (8 June 2005) +- Reverted Tupone's patch again, it broke numerous autobuilds. Let's apply it + in pieces, one by one and see what we need to adjust to work all over. + +Daniel (6 June 2005) +- Tupone Alfredo fixed three problems in buildconf: + + 1) findtool does look per tool in PATH and think ./perl is the perl + executable, while is just a local directory (I have . in the PATH) + + 2) I got several warning for head -1 deprecated in favour of head -n 1 + + 3) ares directory is missing some file (missing is missing :-) ) because + automake and friends is not run. + +Daniel (3 June 2005) +- Added docs/libcurl/getinfo-times, based on feedback from 'Edi': + http://curl.haxx.se/feedback/display.cgi?id=11178325798299&support=yes + +- Andres Garcia provided yet another text mode patch for several test cases so + that they do text comparisions better on Windows (newline-wise). + +Daniel (1 June 2005) +- The configure check for c-ares now adds the cares lib before the other libs, + to make it build fine with mingw. Inspired by Tupone Alfredo's bug report + and patch: http://curl.haxx.se/bug/view.cgi?id=1212940 + +Daniel (31 May 2005) +- Todd Kulesza reported a flaw in the proxy option, since a numerical IPv6 + address was not possible to use. It is now, but requires it written + RFC2732-style, within brackets - which incidently is how you enter numerical + IPv6 addresses in URLs. Test case 263 added to verify. + +Daniel (30 May 2005) +- Eric Cooper reported about a problem with HTTP servers that responds with + binary zeroes within the headers. They confused libcurl to do wrong so the + downloaded headers become incomplete. The fix is now verified with test case + 262. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=310948 + +Daniel (25 May 2005) +- Fixed problems with the test suite, and in particular the FTP test cases + since it previously was failing every now and then in a nonsense manner. + +- --trace-time now outputs the full microsecond, all 6 digits. + +Daniel (24 May 2005) +- Andres Garcia provided a text mode patch for several test cases so that they + do text comparisions better on Windows (newline-wise). + +- Any 2xx response (and not just 200) is now considered a fine response to + TYPE, as some servers obviously sends a 226 there. Added test case 261 to + verify. Based on a question/report by Georg Wicherski. + +Daniel (20 May 2005) +- Improved runtests.pl to allow stdout tests to be mode=text as well, just + as file comparisons already supports. Added this info to the FILEFORMAT + docs. + +Daniel (18 May 2005) +- John McGowan identified a problem in bug report #1204435 + (http://curl.haxx.se/bug/view.cgi?id=1204435) with malformed URLs like + "http://somehost?data" as it added a slash too much in the request ("GET + /?data/"...). Added test case 260 to verify. + +- The configure check for strerror_r() failed to detect the proper API at + times, like on HP-UX 10.20. Then lib/strerror.c badly assumed the glibc + version if the posix define wasn't set (since it _had_ found a strerror_r). + +Daniel (16 May 2005) +- The gmtime_r() function in HP-UX 10.20 is broken. About 13 test cases fail + due to this. There's now a configure check that attempts to detect the bad + function and not use it on such systems. + +Version 7.14.0 (16 May 2005) + +Daniel (13 May 2005) +- Grigory Entin reported that curl's configure detects a fine poll() for Mac + OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable + doesn't work as good as if built without poll(). I've adjusted the configure + to always skip the fine-poll() test on Mac OS X (darwin). + +Daniel (12 May 2005) +- When doing a second request (after a disconnect) using the same easy handle, + over a proxy that uses NTLM authentication, libcurl failed to use NTLM again + properly (the auth method was accidentally reset to the same as had been set + for host auth, which defaults to Basic). Bug report #1200661 + (http://curl.haxx.se/bug/view.cgi?id=1200661) identified the the problem and + the fix. + +- If -z/--time-cond is used with an invalid date syntax, this is no longer + silently discarded. Instead a proper warning message is diplayed that + informs about it. But it still continues without the condition. + +Version 7.14.0-pre2 (11 May 2005) + +Daniel (11 May 2005) +- Starting now, libcurl sends a little different set of headers in its default + HTTP requests: + + A) Normal non-proxy HTTP: + - no more "Pragma: no-cache" (this only makes sense to proxies) + + B) Non-CONNECT HTTP request over proxy: + - "Pragma: no-cache" is used (like before) + - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) + + C) CONNECT HTTP request over proxy: + - "Host: [name]:[port]" + - "Proxy-Connection: Keep-alive" + + The A) case is mostly to reduce the default header size and remove a + pointless header. + + The B) is to address (rare) problems with HTTP 1.0 proxies + + The C) headers are both to address (rare) problems with some proxies. The + code in libcurl that deals with CONNECT requests need a rewrite, but it + feels like a too big a job for me to do now. Details are added in the code + comments for now. + + Updated a large amount of test cases to reflect the news. + +Daniel (10 May 2005) +- Half-baked attempt to bail out if select() returns _only_ errorfds when the + transfer is in progress. An attempt to fix Allan's problem. See + http://curl.haxx.se/mail/lib-2005-05/0073.html and the rest of that thread + for details. + + I'm still not sure this is the right fix, but... + +Version 7.14.0-pre1 (9 May 2005) + +Daniel (2 May 2005) +- Sort of "fixed" KNOWN_BUGS #4: curl now builds IPv6 enabled on AIX 4.3. At + least it should no longer cause a compiler error. However, it does not have + AI_NUMERICHOST so we cannot getaddrinfo() any numerical addresses with it + (we use that for FTP PORT/EPRT)! So, I modified the configure check that + checks if the getaddrinfo() is working, to use AI_NUMERICHOST since then + it'll fail on AIX 4.3 and it will automatically build with IPv6 support + disabled. + +- Added --trace-time that when used adds a time stamp to each trace line that + --trace, --trace-ascii and --verbose output. I also made the '>' display + separate each line on the linefeed so that HTTP requests etc look nicer in + the -v output. + +- Made curl recognize the environment variables Lynx (and others?) support for + pointing out the CA cert path/file: SSL_CERT_DIR and SSL_CERT_FILE. If + CURL_CA_BUNDLE is not set, they are checked afterwards. + + Like before: on windows if none of these are set, it checks for the ca cert + file like this: + + 1. application's directory + 2. current working directory + 3. Windows System directory (e.g. C:\windows\system32) + 4. Windows Directory (e.g. C:\windows) + 5. all directories along %PATH% + +Daniel (1 May 2005) +- The runtests.pl script now starts test servers by doing fork() and exec() + instead of the previous approach. This is less complicated and should + hopefully lead to less "leaked" servers (servers that aren't stopped + properly when the tests are stopped). + +- Alexander Zhuravlev found a case when you did "curl -I [URL]" and it + complained on the chunked encoding, even though a HEAD should never return a + body and thus it cannot be a chunked-encoding problem! + +Daniel (30 April 2005) +- Alexander Zhuravlev found out that (lib)curl SIGSEGVed when using + --interface on an address that can't be bound. + +Daniel (28 April 2005) +- Working on fixing up test cases to mark sections as 'mode=text' for things + that curl writes as text files, since then they can get different line + endings depending on OS. Andrés García helps me work this out. + + Did lots of other minor tweaks on the test scripts to work better and more + reliably find test servers and also kill test servers. + +- Dan Fandrich pointed out how the runtests.pl script killed the HTTP server + instead of the HTTPS server when closing it down. + +Daniel (27 April 2005) +- Paul Moore made curl check for the .curlrc file (_curlrc on windows) on two + more places. First, CURL_HOME is a new environment variable that is used + instead of HOME if it is set, to point out where the default config file + lives. If there's no config file in the dir pointed out by one of the + environment variables, the Windows version will instead check the same + directory the executable curl is located in. + +Daniel (26 April 2005) +- Cory Nelson's work on nuking compiler warnings when building on x64 with + VS2005. + +Daniel (25 April 2005) +- Fred New reported a bug where we used Basic auth and user name and password + in .netrc, and when following a Location: the subsequent requests didn't + properly use the auth as found in the netrc file. Added test case 257 to + verify my fix. + +- Based on feedback from Cory Nelson, I added some preprocessor magic in + */setup.h and */config-win32.h to build fine with VS2005 on x64. + +Daniel (23 April 2005) +- Alex Suykov made the curl tool now assume that uploads using HTTP:// or + HTTPS:// are the only ones that show output and thus motivates a switched + off progress meter if the output is sent to the terminal. This makes FTP + uploads without '>', -o or -O show the progress meter. + +Daniel (22 April 2005) +- Dave Dribin's MSVC makefile fix: set CURL_STATICLIB when it builds static + library variants. + +- Andres Garcia fixed configure to set the proper define when building static + libcurl on windows. + +- --retry-delay didn't work. + +Daniel (18 April 2005) +- Olivier reported that even though he used CURLOPT_PORT, libcurl clearly + still used the default port. He was right. I fixed the problem and added the + test cases 521, 522 and 523 to verify the fix. + +- Toshiyuki Maezawa reported that when doing a POST with a read callback, + libcurl didn't properly send an Expect: 100-continue header. It does now. + +- I committed by mig change in the test suite's FTP server that moves out all + socket/TCP code to a separate C program named sockfilt. And added 4 new + test cases for FTP over IPv6. + +Daniel (8 April 2005) +- Cory Nelson reported a problem with a HTTP server that responded with a 304 + response containing an "illegal" Content-Length: header, which was not + properly ignored by libcurl. Now it is. Test case 249 verifies. + +Daniel (7 April 2005) +- Added ability to build and run with GnuTLS as an alternative to OpenSSL for + the secure layer. configure --with-gnutls enables with. Note that the + previous OpenSSL check still has preference and if it first detects OpenSSL, + it will not check for GnuTLS. You may need to explictly diable OpenSSL with + --without-ssl. + + This work has been sponsored by The Written Word. + +Daniel (5 April 2005) +- Christophe Legry fixed the post-upload check for FTP to not complain if the + upload was skipped due to a time-condition as set with + CURLOPT_TIMECONDITION. I added test case 247 and 248 to verify. + +Version 7.13.2 (5 April 2005) + +Daniel (4 April 2005) +- Marcelo Juchem fixed the MSVC makefile for libcurl + +- Gisle Vanem fixed a crash in libcurl, that could happen if the easy handle + was killed before the threading resolver (windows only) still hadn't + completed. + +- Hardeep Singh reported a problem doing HTTP POST with Digest. (It was + actually also affecting NTLM and Negotiate.) It turned out that if the + server responded with 100 Continue before the initial 401 response, libcurl + didn't take care of the response properly. Test case 245 and 246 added to + verify this. + +Daniel (30 March 2005) +- Andres Garcia modified the configure script to check for libgdi32 before + libcrypto, to make the SSL check work fine on msys/mingw. + +Daniel (29 March 2005) +- Tom Moers identified a flaw when you sent a POST with Digest authentication, + as in the first request when curl sends a POST with Content-Length: 0, it + still forcibly closed the connection before doing the next step in the auth + negotiation. + +- Jesper Jensen found out that FTP-SSL didn't work since my FTP + rewrite. Fixing that was easy, but it also revealed a much worse problem: + the FTP server response reader function didn't properly deal with reading + responses in multiple tiny chunks properly! I modified the FTP server to + allow it to produce such split-up responses to make sure curl deals with + them as it should. + +- Based on Augustus Saunders' comments and findings, the HTTP output auth + function was fixed to use the proper proxy authentication when multiple ones + are accepted. test 239 and test 243 were added to repeat the problems and + verify the fixes. + + --proxy-anyauth was added to the curl tool + +Daniel (16 March 2005) +- Tru64 and some IRIX boxes seem to not like test 237 as it is. Their + inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted + address which makes a different failure... Now I've modified the IPv4 + resolve code to use inet_pton() instead in an attempt to make these systems + better detect this as a bad IP address rather than creating a toally bogus + address that is then passed on and used. + +Daniel (15 March 2005) +- Dan Fandrich made the code properly use the uClibc's version of + inet_ntoa_r() when built with it. + +- Added test 237 and 238: test EPSV and PASV response handling when they get + well- formated data back but using illegal values. In 237 PASV gets an IP + address that is way bad. In 238 EPSV gets a port that is way out of range. + +Daniel (14 March 2005) +- Added a few missing features to the curl-config --features list + +- Modified testcurl.pl to now offer + 1 - command line options for all info it previously only read from + file: --name, --email, --desc and --configure + 2 - --nocvsup makes it not attempt to do cvs update + 3 - --crosscompile informs it and makes it not attempt things it can't do + +- Fixed numerous win32 compiler warnings. + +- Removed the lib/security.h file since it shadowed the mingw/win32 header + with the same name which is needed for SSPI builds. The contents of the + former security.h is now i krb4.h + +- configure --enable-sspi now enables SSPI in the build. It only works for + windows builds (including cross-compiles for windows). + +Daniel (12 March 2005) +- David Houlder added --form-string that adds that string to a multipart + formpost part, without special characters having special meanings etc like + --form features. + +Daniel (11 March 2005) +- curl_version_info() returns the feature bit CURL_VERSION_SSPI if it was + built with SSPI support. + +- Christopher R. Palmer made it possible to build libcurl with the + USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the + native way to do NTLM. SSPI also allows libcurl to pass on the current user + and its password in the request. + +Daniel (9 March 2005) +- Dan F improved the SSL lib setup in configure. + +- Nodak Sodak reported a crash when using a SOCKS4 proxy. + +- Jean-Marc Ranger pointed out an embarassing debug printf() leftover in the + multi interface code. + +- Adjusted the man page for the curl_getdate() return value for dates after + year 2038. For 32 bit time_t it returns 0x7fffffff but for 64bit time_t it + returns either the correct value or even -1 on some systems that still seem + to not deal with this properly. Tor Arntsen found a 64bit AIX system for us + that did the latter. Gwenole Beauchesne's Mandrake patch put the lights on + this problem in the first place. + +Daniel (8 March 2005) +- Dominick Meglio reported that using CURLOPT_FILETIME when transferring a FTP + file got a Last-Modified: header written to the data stream, corrupting the + actual data. This was because some conditions from the previous FTP code was + not properly brought into the new FTP code. I fixed and I added test case + 520 to verify. (This bug was introduced in 7.13.1) + +- Dan Fandrich fixed the configure --with-zlib option to always consider the + given path before any standard paths. + +Daniel (6 March 2005) +- Randy McMurchy was the first to report that valgrind.pm was missing from the + release archive and thus 'make test' fails. + +Daniel (5 March 2005) +- Dan Fandrich added HAVE_FTRUNCATE to several config-*.h files. + +- Added test case 235 that makes a resumed upload of a file that isn't present + on the remote side. This then converts the operation to an ordinary STOR + upload. This was requested/pointed out by Ignacio Vazquez-Abrams. + + It also proved (and I fixed) a bug in the newly rewritten ftp code (and + present in the 7.13.1 release) when trying to resume an upload and the + servers returns an error to the SIZE command. libcurl then loops and sends + SIZE commands infinitely. + +- Dan Fandrich fixed a SSL problem introduced on February 9th that made + libcurl attempt to load the whole random file to seed the PRNG. This is + really bad since this turns out to be using /dev/urandom at times... + +Version 7.13.1 (4 March 2005) + +Daniel (4 March 2005) +- Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate + the cookie "engine" without having to provide an empty or non-existing file. + +- Rene Rebe fixed a -# crash when more data than expected was retrieved. + +Daniel (22 February 2005) +- NTLM and ftp-krb4 buffer overflow fixed, as reported here: + http://www.securityfocus.com/archive/1/391042 and the CAN report here: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 + + If these security guys were serious, we'd been notified in advance and we + could've saved a few of you a little surprise, but now we weren't. + +Daniel (19 February 2005) +- Ralph Mitchell reported a flaw when you used a proxy with auth, and you + requested data from a host and then followed a redirect to another + host. libcurl then didn't use the proxy-auth properly in the second request, + due to the host-only check for original host name wrongly being extended to + the proxy auth as well. Added test case 233 to verify the flaw and that the + fix removed the problem. + +Daniel (18 February 2005) +- Mike Dobbs reported a mingw build failure due to the lack of + BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by + configure when mingw is used. + +Daniel (17 February 2005) +- David in bug report #1124588 found and fixed a socket leak when libcurl + didn't close the socket properly when returning error due to failing + localbind + +Daniel (16 February 2005) +- Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" + that picks NTLM. Thanks to David Byron letting me test NTLM against his + servers, I could quickly repeat and fix the problem. It turned out to be: + + When libcurl POSTs without knowing/using an authentication and it gets back + a list of types from which it picks NTLM, it needs to either continue + sending its data if it keeps the connection alive, or not send the data but + close the connection. Then do the first step in the NTLM auth. libcurl + didn't send the data nor close the connection but simply read the + response-body and then sent the first negotiation step. Which then failed + miserably of course. The fixed version forces a connection if there is more + than 2000 bytes left to send. + +Daniel (14 February 2005) +- The configure script didn't check for ENGINE_load_builtin_engines() so it + was never used. + +Daniel (11 February 2005) +- Removed all uses of strftime() since it uses the localised version of the + week day names and month names and servers don't like that. + +Daniel (10 February 2005) +- Now the test script disables valgrind-testing when the test suite runs if + libcurl is built shared. Otherwise valgrind only tests the shell that runs + the wrapper-script named 'curl' that is a front-end to curl in this case. + This should also fix the huge amount of reports of false positives when + valgrind has identified leaks in (ba)sh and not in curl and people report + that as curl bugs. Bug report #1116672 is one example. + + Also, the valgrind report parser has been adapted to check that at least one + of the sources in a stack strace is one of (lib)curl's source files or + otherwise it will not consider the problem to concern (lib)curl. + +- Marty Kuhrt streamlined the VMS build. + +Daniel (9 February 2005) +- David Byron fixed his SSL problems, initially mentioned here: + http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use + SSL_pending() as we should. + +- Converted lots of FTP code to a statemachine, so that the multi interface + doesn't block while communicating commands-responses with an FTP server. + + I've added a comment like BLOCKING in the code on all spots I could find + where we still have blocking operations. When we change curl_easy_perform() + to use the multi interface, we'll also be able to simplify the code since + there will only be one "internal interface". + + While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the + new CURLE_LOGIN_DENIED. The first one is now access denied to a function, + like changing directory or retrieving a file, while the second means that we + were denied login. + + The CVS tag 'before_ftp_statemachine' was set just before this went in, in + case of future need. + +- Gisle made the DICT code send CRLF and not just LF as the spec says so. + +Daniel (8 February 2005) +- Gisle fixed problems when libcurl runs out of memory, and worked on making + sure the proper error code is returned for those occations. + +Daniel (7 February 2005) +- Maruko pointed out a problem with inflate decompressing exactly 64K + contents. + +Daniel (5 February 2005) +- Eric Vergnaud found a use of an uninitialised variable in the ftp when doing + PORT on IPv6-enabled hosts. + +- David Byron pointed out we could use BUFSIZE to read data (in + lib/transfer.c) instead of using BUFSIZE -1. + +Version 7.13.0 (1 February 2005) + +Daniel (31 January 2005) +- Added Lars Nilsson's htmltitle.cc example + +Daniel (30 January 2005) +- Fixed a memory leak when using the multi interface and the DO operation + failed (as in test case 205). + +- Fixed a valgrind warning for file:// operations. + +- Fixed a valgrind report in the url globbing code for the curl command line + tool. + +- Bugfixed the parser that scans the valgrind report outputs (in runtests.pl). + I noticed that it previously didn't detect and report the "Conditional jump + or move depends on uninitialised value(s)" error. When I fixed this, I + caught a few curl bugs with it. And then I had to spend time to make the + test suite IGNORE these errors when OpenSSL is used since it produce massive + amounts of valgrind warnings (but only of the "Conditional..." kind it + seems). So, if a test that requires SSL is run, it ignores the + "Conditional..." errors, and you'll get a "valgrind PARTIAL" output instead + of "valgrind OK". + +Daniel (29 January 2005) +- Using the multi interface, and doing a requsted a re-used connection that + gets closed just after the request has been sent failed and did not re-issue + a request on a fresh reconnect like the easy interface did. Now it does! + +- Define CURL_MULTIEASY when building libcurl (lib/easy.c to be exact), to use + my new curl_easy_perform() that uses the multi interface to run the + request. It is a great testbed for the multi interface and I believe we + shall do it this way for real in the future when we have a successor to + curl_multi_fdset(). I've used this approach to detect and fix several of the + recent multi-interfaces issues. + +- Adjusted the KNOWN_BUGS #17 fix a bit more since the FTP code also did some + bad assumptions. + +- multi interface: when a request is denied due to "Maximum redirects + followed" libcurl leaked the last Location: URL. + +- Connect failures with the multi interface was often returned as "connect() + timed out" even though the reason was different. + +Daniel (28 January 2005) +- KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two + curl_easy_perform() invokes. It was previously unlocked at disconnect, which + could mean that it remained locked between multiple transfers. The DNS cache + may not live as long as the connection cache does, as they are separate. + + To deal with the lack of DNS (host address) data availability in re-used + connections, libcurl now keeps a copy of the IP adress as a string, to be + able to show it even on subsequent requests on the same connection. + + The problem could be made to appear with this stunt: + + 1. create a multi handle + 2. add an easy handle + 3. fetch a URL that is persistent (leaves the connection alive) + 4. remove the easy handle from the multi + 5. kill the multi handle + 6. create a multi handle + 7. add the same easy handle to the new multi handle + 8. fetch a URL from the same server as before (re-using the connection) + +- Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work + when built IPv6-enabled. I've now made a fix for it. Writing test cases for + custom port hosts turned too tricky so unfortunately there's none. + +Daniel (25 January 2005) +- Ian Ford asked about support for the FTP command ACCT, and I discovered it + is present in RFC959... so now (lib)curl supports it as well. --ftp-account + and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an + account string after PASS have been sent away. The client responds + with "ACCT [account string]".) Added test case 228 and 229 to verify the + functionality. Updated the test FTP server to support ACCT somewhat. + +- David Shaw contributed a fairly complete and detailed autoconf test you can + use to detect libcurl and setup variables for the protocols the installed + libcurl supports: docs/libcurl/libcurl.m4 + +Daniel (21 January 2005) +- Major FTP third party transfer overhaul. + + These four options are now obsolete: CURLOPT_SOURCE_HOST, + CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before) + and CURLOPT_PASV_HOST. + + These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE. + + The target-side didn't use the proper path with RETR, and thus this only + worked correctly in the login path (i.e without doing any CWD). The source- + side still uses a wrong path, but the fix for this will need to wait. Verify + the flaw by using a source URL with included %XX-codes. + + Made CURLOPT_FTPPORT control weather the target operation should use PORT + (or not). The other side thus uses passive (PASV) mode. + + Updated the ftp3rdparty.c example source to use the updated options. + + Added support for a second FTP server in the test suite. Named... ftp2. + Added test cases 230, 231 and 232 as a few first basic tests of very simple + 3rd party transfers. + + Changed the debug output to include 'target' and 'source' when a 3rd party + is being made, to make it clearer what commands/responses came on what + connection. + + Added three new command line options: --3p-url, --3p-user and --3p-quote. + + Documented the command line options and the curl_easy_setopt options related + to third party transfers. + + (Temporarily) disabled the ability to re-use an existing connection for the + source connection. This is because it needs to force a new in case the + source and target is the same host, and the host name check is trickier now + when the source is identified with a full URL instead of a plain host name + like before. + + TODO (short-term) for 3rd party transfers: quote support. The options are + there, we need to add test cases to verify their functionality. + + TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc) + and SSL/TSL support. + +Daniel (20 January 2005) +- Philippe Hameau found out that -Q "+[command]" didn't work, although some + code was written for it. I fixed and added test case 227 to verify it. + The curl.1 man page didn't mention the '+' so I added it. + +Daniel (19 January 2005) +- Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL + contains %0a or %0d in the user, password or CWD parts. (A future fix would + include doing it for %00 as well - see KNOWN_BUGS for details.) Test case + 225 and 226 were added to verify this + +- Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled: + + 1) the proxy environment variables are still read and used to set HTTP proxy + + 2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was + disabled). This is important since apps may want to disable HTTP proxy + without actually knowing if libcurl was built to disable HTTP or not. + + Based on Stephan's patch, both these issues should now be fixed. + +Daniel (18 January 2005) +- Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was + applied. + +Daniel (16 January 2005) +- Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl + assumed this used the DICT protocol. While guessing protocols will remain + fuzzy, I've now made sure that the host names must start with "[protocol]." + for them to be a valid guessable name. I also removed "https" as a prefix + that indicates HTTPS, since we hardly ever see any host names using that. + +Daniel (13 January 2005) +- Inspired by Martijn Koster's patch and example source at + http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the + select() and poll() calls properly loop if they return -1 and errno is + EINTR. glibc docs for this is found here: + http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html + + This last link says BSD doesn't have this "effect". Will there be a problem + if we do this unconditionally? + +Daniel (11 January 2005) +- Dan Torop cleaned up a few no longer used variables from David Phillips' + select() overhaul fix. + +- Cyrill Osterwalder posted a detailed analysis about a bug that occurs when + using a custom Host: header and curl fails to send a request on a re-used + persistent connection and thus creates a new connection and resends it. It + then sent two Host: headers. Cyrill's analysis was posted here: + http://curl.haxx.se/mail/archive-2005-01/0022.html + +- Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5 + problem with the version byte and the check for bad versions. Bruce has lots + of clues on this, and based on his suggestion I've now removed the check of + that byte since it seems to be able to contain 1 or 5. + +Daniel (10 January 2005) +- Pavel Orehov reported memory problems with the multi interface in bug report + #1098843. In short, a shared DNS cache was setup for a multi handle and when + the shared cache was deleted before the individual easy handles, the latter + cleanups caused read/writes to already freed memory. + +- Hzhijun reported a memory leak in the SSL certificate code, that leaked the + remote certificate name when it didn't match the used host name. + +Gisle (8 January 2005) +- Added Makefile.Watcom files (src/lib). Updated Makefile.dist. + +Daniel (7 January 2005) +- Improved the test script's valgrind log parser to actually work! Also added + the ability to disable the log scanner for specific test cases. Test case + 509 results in numerous problems and leaks in OpenSSL and has to get it + disabled. + +Daniel (6 January 2005) +- Fixed a single-byte read out of bounds in test case 39 in the curl tool code + (i.e not in the library). + +- Bug report #1097019 identified a problem when doing -d "data" with -G and + sending it to two URLs with {}. Added test 199 to verify the fix. + +Daniel (4 January 2005) +- Marty Kuhrt adjusted a VMS build script slightly + +- Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on + Win2000. + +Daniel (2 January 2005) +- Alex Neblett updated the MSVC makefiles slightly. +Daniel (25 December 2004) +- Removed src/config.h.in from CVS, it is now copied from the (generated) + lib/config.h.in instead, as they can very well be the same. This removes a + "manual hassle". You may want to re-run buildconf now. + +- Werner Koch filed Debian bug report #286794, mentioning that curl contained + non-free (by Debian's view) source code. This was Angus Mackay's + src/getpass.c source code. I tried to contact him about it to quickly solve + this issue, but his email addresses bounce and I got some time "over" and + reimplemented the functionality once brought by Angus. We no longer use any + of Angus' original code and the new function is much simpler (IMO). Issue + solved. + +Daniel (24 December 2004) +- David Shaw added --protocols to curl-config, so that it now lists all + protocols libcurl was built to support. --feature no longer lists disabled + protocols. + +Daniel (23 December 2004) +- David Shaw fixed the configure --disable-[protocol] variables so that + curl-config --feature now works correctly! + +Daniel (22 December 2004) +- Rune Kleveland fixed a minor memory leak for received cookies with the + (rare) version attribute set. + +- Marcin Konicki provided two configure fixes and a source fix to make curl + build out-of-the-box on BeOS. + +Daniel (21 December 2004) +- Added test case 217 that verified CURLINFO_HTTP_CONNECTCODE, and I made the + -w option support 'http_connect' to make it easier to verify! + +- Fixed lib/select.c include order to build fine on FreeBSD + +- Fixed failf()'s reuse of the va_list variable that crashed on FreeBSD. + Pointed out by Peter Pentchev. + +Version 7.12.3 (20 December 2004) + +Daniel (19 December 2004) +- I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e, + and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef + named 'free_func' and the OpenSSL headers have a prototype that uses + 'free_func' in one of its arguments. This is why the compile errors out. + + In other words, we need to include the openssl/pkcs12.h header before the + zlib.h header and it builds fine. The configure script now checks for this + file and it then gets included early in lib/urldata.h. + +Daniel (18 December 2004) +- Samuel Listopad added support for PKCS12 formatted certificates. + +- Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well. + +Daniel (16 December 2004) +- Gisle found and fixed a problem in the directory re-use for FTP. + + I added test case 215 and 216 to better verify the functionality. + +- Dinar in bug report #1086121, found a file handle leak when a multipart + formpost (including a file upload part) was aborted before the whole file + was sent. + +Daniel (15 December 2004) +- Tom Lee found out that globbing of strings with backslashes didn't work as + you'd expect. Backslashes are such a central part of windows file names that + forcing backslashes to have to be escaped with backslashes is a bit too + awkward to users. Starting now, you only need to escape globbing characters + such as the five letters: "[]{},". Added test case 214 to verify this. + +Daniel (14 December 2004) +- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name + and/or password were modified between two requests on a persistent + connection, the second request were still made with the first setup! + + I added test case 519 to verify the fix. + +Daniel (13 December 2004) +- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app + to list all available crypto ENGINES. + +- Gisle fixed bug report #1083542, which pointed out a problem with resuming + large file (>4GB) file:// transfers on windows. + +Daniel (11 December 2004) +- Made the test suite HTTP server (sws) capable of using IPv6, and then + extended the test environment to support that and also added three test + cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that + didn't work before the 10 dec fix by Kai Sommerfeld. + +- Made a failed file:// resume output an error message + +- Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c + +- Dan Fandrich: + + simplified and consolidated the SSL checks in configure and the usage of the + defines in lib/setup.h + + provided a first libcurl.pc.in file for pkg-config (but the result is not + installed anywhere at this point) + + extended the cross compile section in the docs/INSTALL file + +Daniel (10 December 2004) +- When providing user name in the URL and a IPv6-style IP-address (like in + "ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted + properly. Reported and fixed by Kai Sommerfeld. + +Daniel (9 December 2004) +- Ton Voon provided a configure fix that should fix the notorious (mostly + reported on Solaris) problem where the size_t check fails due to the SSL + libs being found in a dir not searched through by the run-time linker. + patch-tracker entry #1081707. + +- Bryan Henderson pointed out in bug report #1081788 that the curl-config + --vernum output wasn't zero prefixed properly (as claimed in documentation). + This is fixed in maketgz now. + +Daniel (8 December 2004) +- Matt Veenstra updated the mach-O framework files for Mac OS X. + +- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where + libcurl always and unconditionally overwrote a stack-based array with 3 zero + bytes. This is not an exploitable buffer overflow. No need to get alarmed. + +Daniel (7 December 2004) +- Fixed so that the final error message is sent to the verbose info "stream" + even if no errorbuffer is set. + +Daniel (6 December 2004) +- Dan Fandrich added the --disable-cookies option to configure to build + libcurl without cookie support. This is mainly useful if you want to build a + minimalistic libcurl with no cookies support at all. Like for embedded + systems or similar. + +- Richard Atterer fixed libcurl's way of dealing with the EPSV + response. Previously, libcurl would re-resolve the host name with the new + port number and attempt to connect to that, while it should use the IP from + the control channel. This bug made it hard to EPSV from an FTP server with + multiple IP addresses! + +Daniel (3 December 2004) +- Bug report #1078066: when a chunked transfer was pre-maturely closed exactly + at a chunk boundary it was not considered an error and thus went unnoticed. + Fixed by Maurice Barnum. + + Added test case 207 to verify. + +Daniel (2 December 2004) +- Fixed the CONNECT loop to default timeout to 3600 seconds. + + Added test case 206 that makes CONNECT with Digest. + + Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user- + agent field. + +Daniel (30 November 2004) +- Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream + +- Dan also helped me with input data to create three more test cases for the + --compressed option. + +Daniel (29 November 2004) +- I improved the test suite to enable binary contents in the tests (by proving + it base64 encoded), like for testing decompress etc. Added test 220 and 221 + for this purpose. Tests can now also depend on libz to run. + +- As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285 + (http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an + IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables + the ability to transfer a file. Now, when connected to an FTP server with + IPv6, these FTP commands can't be disabled even if asked to with the + available libcurl options. + +Daniel (26 November 2004) +- As reported in Mandrake's bug tracker bug 12289 + (http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a + newline to "finish" the progress meter after each redirect and not only + after a completed transfer. + +Daniel (25 November 2004) +- FTP improvements: + + If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on + the same server again even if a following request is made using a persistent + connection. + + If a second request is made to a server, requesting a file from the same + directory as the previous request operated on, libcurl will no longer make + that long series of CWD commands just to end up on the same spot. Note that + this is only for *exactly* the same dir. There is still room for improvements + to optimize the CWD-sending when the dirs are only slightly different. + + Added test 210, 211 and 212 to verify these changes. Had to improve the + test script too and added a new primitive to the test file format. + +Daniel (24 November 2004) +- Andrés García fixed the configure script to detect select properly when run + with Msys/Mingw on Windows. + +Daniel (22 November 2004) +- Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass + auth negotiation (NTLM, Digest and Negotiate), but instead use the request + keyword "properly". Details in lib/README.httpauth. This also introduces + CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the + "any" auth alternative as then libcurl may need to send the PUT/POST data + more than once and thus may need to ask the app to "rewind" the read data + stream to start. + + See also the new example using this: docs/examples/anyauthput.c + +- David Phillips enhanced test 518. I made it depend on a "feature" so that + systems without getrlimit() won't attempt to test 518. configure now checks + for getrlimit() and setrlimit() for this test case. + +Daniel (18 November 2004) +- David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE + file descriptors are in use. Test case 518 added to verify. + +Daniel (15 November 2004) +- To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and + num_redirects support to the -w writeout option for the command line tool. + +- Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as + documented. + +Daniel (12 November 2004) +- Gisle Vanem modigied the MSVC and Netware makefiles to build without + libcurl.def + +- Dan Fandrich added the --disable-crypto-auth option to configure to allow + libcurl to build without Digest support. (I figure it should also explicitly + disable Negotiate and NTLM.) + +- *** Modified Behaviour Alert *** + + Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET. + + Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting + CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make + a zero byte POST. Added test case 515 to verify this. + + Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516 + to verify this. + + CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know". + Setting it to zero simply says this is a zero byte POST. + + When providing POST data with a read callback, setting the size up front + is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE. + +Daniel (11 November 2004) +- Dan Fandrich added --disable-verbose to the configure script to allow builds + without verbose strings in the code, to save some 12KB space. Makes sense + only for systems with very little memory resources. + +- Jeff Phillips found out that a date string with a year beyond 2038 could + crash the new date parser on systems with 32bit time_t. We now check for + this case and deal with it. + +Daniel (10 November 2004) +- I installed Heimdal on my Debian box (using the debian package) and noticed + that configure --with-gssapi failed to create a nice build. Fixed now. + +Daniel (9 November 2004) +- Gisle Vanem marked all external function calls with CURL_EXTERN so that now + the Windows, Netware and other builds no longer need libcurl.def or similar + files. + +Daniel (8 November 2004) +- Made the configure script check for tld.h if libidn was detected, since + libidn 0.3.X didn't have such a header and we don't work with anything + before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version + of libidn which makes the curl 7.12.2 build fail. Jean-Philippe + Barrette-LaPierre helped pointing this out. + +- Ian Gulliver reported in debian bug report #278691: if curl is invoked in an + environment where stderr is closed the -v output will still be sent to file + descriptor 2 which then might be the network socket handle! Now we have a + weird hack instead that attempts to make sure that file descriptor 2 is + opened (with a call to pipe()) before libcurl is called to do the transfer. + configure now checks for pipe() and systems without pipe don't get the weird + hack done. + +Daniel (5 November 2004) +- Tim Sneddon made libcurl send no more than 64K in a single first chunk when + doing a huge POST on VMS, as this is a system limitation. Default on general + systems is 100K. + +Daniel (4 November 2004) +- Andres Garcia made it build on mingw againa, my --retry code broke the build. + +Daniel (2 November 2004) +- Added --retry-max-time that allows a maximum time that may not have been + reached for a retry to be made. If not set there is no maximum time, only + the amount of retries set with --retry. + +- Paul Nolan provided a patch to make libcurl build nicely on Windows CE. + +Daniel (1 November 2004) +- When cross-compiling, the configure script no longer attempts to use + pkg-config on the build host in order to detect OpenSSL compiler options. + +Daniel (27 October 2004) +- Dan Fandrich: + + An improvement to the gzip handling of libcurl. There were two problems with + the old version: it was possible for a malicious gzip file to cause libcurl + to leak memory, as a buffer was malloced to hold the header and never freed + if the header ended with no file contents. The second problem is that the + 64 KiB decompression buffer was allocated on the stack, which caused + unexpectedly high stack usage and overflowed the stack on some systems + (someone complained about that in the mailing list about a year ago). + + Both problems are fixed by this patch. The first one is fixed when a recent + (1.2) version of zlib is used, as it takes care of gzip header parsing + itself. A check for the version number is done at run-time and libcurl uses + that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that + can be commented out to save some code space if libcurl is guaranteed to be + using a 1.2 version of zlib. + + The second problem is solved by dynamically allocating the memory buffer + instead of storing it on the stack. The allocation/free is done for every + incoming packet, which is suboptimal, but should be dwarfed by the actual + decompression computation. + + I've also factored out some common code between deflate and gzip to reduce + the code footprint somewhat. I've tested the gzip code on a few test files + and I tried deflate using the freshmeat.net server, and it all looks OK. I + didn't try running it with valgrind, however. + +- Added a --retry option to curl that takes a numerical option for the number + of times the operation should be retried. It is retried if a transient error + is detected or if a timeout occurred. By default, it will first wait one + second between the retries and then double the delay time between each retry + until the delay time is ten minutes which then will be the delay time + between all forthcoming retries. You can set a static delay time with + "--retry-delay [num]" where [num] is the number of seconds to wait between + each retry. + +Daniel (25 October 2004) +- Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a + file that was already completely downloaded caused an error, while it + doesn't if you don't use --fail! I added test case 194 to verify the fix. + Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in + libcurl v8 due to all the kludges needed to support it. + +- Mohun Biswas found out that formposting a zero-byte file didn't work very + good. I fixed. + +Daniel (19 October 2004) +- Alexander Krasnostavsky made it possible to make FTP 3rd party transfers + with both source and destination being the same host. It can be useful if + you want to move a file on a server or similar. + +- Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure + out how many new connects a previous transfer required. + + I added %{num_connects} to the curl tool and added test case 192 and 193 + to verify the new code. + +Daniel (18 October 2004) +- Peter Wullinger pointed out that curl should call setlocale() properly to + initiate the specific language operations, to make the IDN stuff work + better. + +Version 7.12.2 (18 October 2004) + +Daniel (16 October 2004) +- Alexander Krasnostavsky made the CURLOPT_FTP_CREATE_MISSING_DIRS option work + fine even for third party transfers. + +- runekl at opoint.com found out (and provided a fix) that libcurl leaked + memory for cookies with the "max-age" field set. + +Gisle (16 October 2004) +- Issue 50 in TODO-RELEASE; Added Traian Nicolescu's patches for threaded + resolver on Windows. Plugged some potential handle and memory leaks. + +Daniel (14 October 2004) +- Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user + name and password fields properly in URLs, like + ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. + +Daniel (11 October 2004) +- libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or + later is one) to inhibit the SIGPIPE signal when writing to a socket while + the peer dies. The same effect is provide by the MSG_NOSIGNAL parameter to + send() on other systems. Alan Pinstein verified the fix. + +Daniel (10 October 2004) +- Systems with 64bit longs no longer use strtoll() or our strtoll- replacement + to parse 64 bit numbers. strtol() works fine. Added a configure check to + detect if [constant]LL works and if so, use that in the strtoll replacement + code to work around compiler warnings reported by Andy Cedilnik. + +Gisle (6 October 2004) +- For USE_LIBIDN builds: Added Top-Level-Domain (TLD) check of host-name + used in fix_hostname(). Checks if characters in 'host->name' (indirectly + via 'ace_hostname') are legal according to the TLD tables in libidn. + +Daniel (6 October 2004) +- Chih-Chung Chang reported that if you use CURLOPT_RESUME_FROM and enabled + CURLOPT_FOLLOWLOCATION, libcurl reported error if a redirect happened even + if the new URL would provide the resumed file. Test case 188 added to verify + the fix (together with existing test 99). + +- Dan Fandrich fixed a configure flaw for systems that need both nsl and socket + libs to use gethostbyname(). + +- Removed tabs and trailing whitespace from lots of source files. + +Daniel (5 October 2004) +- Made configure --with-libidn=PATH try the given PATH before the default + paths to make it possible to override. + +- If idna_strerror() is present in libidn, we can use that instead of our + internal replacement. This function was added by Simon in libidn 0.5.6 and + is detected by configure. + +- It seems basename() on IRIX is in the libgen library and since we don't use + that, configure finds libgen.h but not basename and then we get a compiler + error because our basename() replacement doesn't match the proto in + libgen.h. Starting now, we don't include the file if basename wasn't found + as well. + +Daniel (4 October 2004) +- Chris found a race condition resulting in CURLE_COULDNT_RESOLVE_HOST and + potential crash, in the windows threaded name resolver code. + +Daniel (3 October 2004) +- Replaced the use of isspace() in cookie.c with our own version instead since + we have most data as 'char *' and that makes us pass in negative values if + there is 8bit data in the string. Changing to unsigned causes too much + warnings or too many required typecasts to the normal string functions. + Harshal Pradhan identified this problem. + +Daniel (2 October 2004) +- Bertrand Demiddelaer found a case where libcurl could read already freed + data when CURLOPT_VERBOSE is used and a (very) persistent connection. It + happened when the dns cache entry for the connection was pruned while the + connection was still alive and then again re-used. We worked together on + this fix. + +- Gisle Vanem provided code that displays an error message when the (libidn + based) IDN conversion fails. This is really due to a missing suitable + function in the libidn API that I hope we can remove once libidn gets a + function like this. + +Daniel (1 October 2004) +- Aleksandar Milivojevic reported a problem in the Redhat bugzilla (see + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134133) and not to + anyone involved in the curl project! This happens when you try to curl a + file from a proftpd site using SSL. It seems proftpd sends a somewhat + unorthodox response code (232 instead of 230). I relaxed the response code + check to deal with this and similar cases. + +- Based on Fedor Karpelevitch's formpost path basename patch, file parts in + formposts no longer include the path part. If you _really_ want them, you + must provide your preferred full file name with CURLFORM_FILENAME. + + Added detection for libgen.h and basename() to configure. My custom + basename() replacement function for systems without it, might be a bit too + naive... + + Updated 6 test cases to make them work with the stripped paths. + +Daniel (30 September 2004) +- Larry Campbell added CURLINFO_OS_ERRNO to curl_easy_getinfo() that allows an + app to retrieve the errno variable after a (connect) failure. It will make + sense to provide this for more failures in a more generic way, but let's + start like this. + +- Günter Knauf and Casey O'Donnell worked out an extra #if condition for the + curl/multi.h header to work better in winsock-using apps. + +- Jean-Philippe Barrette-LaPierre made buildconf run better on Mac OS X by + properly using glibtoolize instead of plain libtoolize. (This is made if + glibtool was found and used instead of plain libtool.) + +Daniel (29 September 2004) +- Bertrand Demiddelaer fixed curl_easy_reset() so that it doesn't mistakingly + enable the progress meter. + +Daniel (28 September 2004) +- "Mekonikum" found out that if you built curl without SSL support, although + your current SSL installation supports Engine, the compile fails. + +Daniel (27 September 2004) +- When --with-ssl=PATH is used to the configure script, it no longer uses + pkg-config to figure out extra details. That is now only done if no PATH is + included or if SSL is checked for by default without the --with-ssl option. + +Daniel (25 September 2004) +- Peter Sylvester pointed out that CURLOPT_SSLENGINE couldn't even be set to + NULL when no engine was supported. It can now. + +Daniel (22 September 2004) +- Dan Fandrich fixed three test cases to no longer use "localhost" but instead + use "127.0.0.1" to avoid requiring that localhost resolves nicely. + +- Jean-Claude Chauve fixed an LDAP crash when more than one record was + retrieved. + +Daniel (19 September 2004) +- Andreas Rieke pointed out that when attempting to connect to a host without + a service on the specified port, curl_easy_perform() didn't properly provide + an error message in the CURLOPT_ERRORBUFFER buffer. + +Daniel (16 September 2004) +- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from + http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl + when "AUTH SSL" is issued (although the server responds fine and everything) + but requires that curl issues "AUTH TLS" instead. See + http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes + + Introducing CURLOPT_FTPSSLAUTH that allows the application to select which + of the AUTH strings to attempt first. + +- Anonymous filed bug report #1029478 which identified a bug when you 1) used + a URL without properly seperating the host name and the parameters with a + slash. 2) the URL had parameters to the right of a ? that contains a slash + 3) curl was told to follow Location:s 4) the request got a response that + contained a Location: to redirect to "/dir". curl then appended the new path + on the wrong position of the original URL. + + Test case 187 was added to verify that this was fixed properly. + +Daniel (11 September 2004) +- Added parsedate.c that contains a rewrite of the date parser currently + provided by getdate.y. The new one is MUCH smaller and will allow us to run + away from the yacc/bison jungle. It is also slightly lacking in features + compared to the old one, but it supports parsing of all date formats HTTP + involves (and a fair bunch of others). + +Daniel (10 September 2004) +- As found out by Jonas Forsman, curl didn't allow -F to set Content-Type on + text-parts. Starting now, we can do -F "name=daniel;type=text/extra". Added + test case 186 to verify. + +- Bug report #1025986. When following a Location: with a custom Host: header + replacement, curl only replaced the Host: header on the initial request + and didn't replace it on the following ones. This resulted in requests with + two Host: headers. + + Now, curl checks if the location is on the same host as the initial request + and then continues to replace the Host: header. And when it moves to another + host, it doesn't replace the Host: header but it also doesn't make the + second Host: header get used in the request. + + This change is verified by the two new test cases 184 and 185. + +Daniel (8 September 2004) +- Modified the test suite to be able to use and run with customized port + numbers. This was always intended but never before possible. Now a simple + change in the runtests.pl script can make all tests use different ports. + The default ports in use from now on are 8990 to 8993. + +Daniel (2 September 2004) +- Minor modification of an SSL-related error message. + +Daniel (31 August 2004) +- David Tarendash found out that curl_multi_add_handle() returned + CURLM_CALL_MULTI_PERFORM instead of CURLM_OK. + +Daniel (30 August 2004) +- Make "Proxy-Connection: close" close the current proxy connection, as Roman + Koifman found out. + +Daniel (24 August 2004) +- Fixed a getdate problem by post-replacing the getdate.c file after the + bison/yacc process to add the fix Harshal Pradhan suggested. The problem + caused a crash on Windows when parsing some dates. + +Daniel (23 August 2004) +- Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs + even when told to use HTTP 1.0, which is not correct. Test case 180 and + 181 verify this. + +- Added test case 182 to verify that zero byte transfers call the callback + properly. + +Daniel (20 August 2004) +- Alexander Krasnostavsky made the write callback get called even when a zero + byte file is downloaded. + +Daniel (18 August 2004) +- Ling Thio pointed out that when libcurl is built IPv6-enabled, it still did + reverse DNS lookups when fed with a numerical IP-address (like + http://127.0.0.1/), although it doesn't when built IPv6-disabled. libcurl + should never do reverse lookups. + +Daniel (17 August 2004) +- Kjetil Jacobsen noticed that when transferring a file:// URL pointing to an + empty file, libcurl would return with the file still open. + +- Alexander Krasnostavsky pointed out that the configure script needs to define + _THREAD_SAFE for AIX systems to make libcurl built really thread-safe. + + Also added a check for the xlc compiler on AIX, and if that is detect we use + the -qthreaded compiler option + +Daniel (16 August 2004) +- libcurl now allows a custom "Accept-Encoding:" header override the + internally set one that gets set with CURLOPT_ENCODING. Pointed out by Alex. + +- Roland Krikava found and fixed a cookie problem when using a proxy (the + path matching was wrong). I added test case 179 to verify that we now do + right. + +Daniel (15 August 2004) +- Casey O'Donnell fixed some MSVC makefile targets to link properly. + +Daniel (11 August 2004) +- configure now defines _XOPEN_SOURCE to 500 on systems that need it to build + warning-free (the only known one so far is non-gcc builds on 64bit SGI + IRIX). (Reverted this change later as it caused compiler errors.) + +- the FTP code now includes the server response in the error message when the + server gives back a 530 after the password is provided, as it isn't + necessary because of a bad user name or password. + +Version 7.12.1 (10 August 2004) + +Daniel (10 August 2004) +- In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is + already UTF-8 encoded. This made the certificate verification fail if the + remote server used a certificate with the name UTF-8 encoded. + + Work-around brought by Alexis S. L. Carvalho. + +Daniel (9 August 2004) +- I fixed the configure script for krb4 to use -lcom_err as well, as I started + to get link problems with it unless I did that on my Solaris 2.7 box. I + don't understand why I started to get problems with this now! + +Daniel (5 August 2004) +- Enrico Scholz fixed the HTTP-Negotiate service name to be uppercase as + reported in bug report #1004105 + +Daniel (4 August 2004) +- Gisle Vanem provided a fix for the multi interface and connecting to a host + using multiple IP (bad) addresses. + +- Dylan Salisbury made libcurl no longer accept cookies set to a TLD only (it + previously allowed that on the seven three-letter domains). + +Daniel (31 July 2004) +- Joel Chen reported that the digest code assumed quotes around the contents a + bit too much. + +Daniel (28 July 2004) +- Bertrand Demiddelaer fixed the host name to get setup properly even when a + connection is re-used, when a proxy is in use. Previously the wrong Host: + header could get sent when re-using a proxy connection to a different target + host. + +- Fixed Brian Akins' reported problems with duplicate Host: headers on re-used + connections. If you attempted to replace the Host: header in the second + request, you got two such headers! + +- src/Makefile.am now includes the Makefile.inc file to get info about files + +Daniel (26 July 2004) +- Made "curl [URL] -o name#2" work as expected. If there's no globbing for the + #-number, it will simply be used as #2 in the file name. + +- Bertrand Demiddelaer fixed testing with valgrind 2.1.x and added two missing + newlines in the cookie informationals. + +Daniel (24 July 2004) +- I fixed the autobuilds with ares, since they now need to have buildconf run + in the ares dir before the configure script is run. + +- Added Casey O'Donnell's curl_easy_reset() function. It has a proto in + curl/curl.h but we have no man page yet. + +Daniel (20 July 2004) +- Added buildconf and buildconf.bat to the release archives, since they are + handy for rebuilding curl when using a daily snapshot (and not a pure CVS + checkout). + +Daniel (16 July 2004) +- As suggested by Toby Peterson, libcurl now ignores Content-Length data if the + given size is a negative number. Test case 178 verifies this. + +Daniel (14 July 2004) +- Günter Knauf has made the Netware builds do without the config-netware.h + files, so they are now removed from the dist packages. + +- Günter Knauf made curl and libcurl build with Borland again. + +- Andres Garcia fixed the common test 505 failures on windows. + +Daniel (6 July 2004) +- Andrés García found out why the windows tests failed on file:// "uploads". + +Daniel (2 July 2004) +- Andrés García reported a curl_share_cleanup() crash that occurs when no + lock/unlock callbacks have been set and the share is cleaned up. + +Daniel (1 July 2004) +- When using curl --trace or --trace-ascii, no trace messages that were sent + by curl_easy_cleanup() were included in the trace file. This made the + message "Closing connection #0" never appear in trace dumps. + +Daniel (30 June 2004) +- Niels van Tongeren found that setting CURLOPT_NOBODY to TRUE doesn't disable + a previously set POST request, making a very odd request get sent (unless + you disabled the POST) a HEAD request with a POST request-body. I've now + made CURLOPT_NOBODY enforce a proper HEAD. Added test case 514 for this. + +Daniel (29 June 2004) +- Günter Knauf made the testcurl.pl script capable of using a custom setup + file to easier run multiple autobuilds on the same source tree. + +- Gisle fixed the djgpp build and fixed a memory problem in some of the + reorged name resolved code. + +- Fixed code to allow connects done using the multi interface to attempt the + next IP when connecting to a host that resolves to multiple IPs and a + connect attempt fails. + +Daniel (27 June 2004) +- Based on Rob Stanzel's bug report #979480, I wrote a configure check that + checks if poll() can be used to wait on NULL as otherwise select() should be + used to do it. The select() usage was also fixed according to his report. + + Mac OS X 10.3 says "poll() functionality for Mac OS X is implemented via an + emulation layer on top of select(), not in the kernel directly. It is + recommended that programs running under OS X 10.3 prefer select() over + poll(). Configure scripts should look for the _POLL_EMUL_H_ define (instead + of _POLL_H_ or _SYS_POLL_H_) and avoid implementations where poll is not + implemented in the kernel." + + Yes, we can probably use select() on most platforms but today I prefered to + leave the code unaltered. + +Daniel (24 June 2004) +- The standard curl_version() string now only includes version info about + involved libraries and not about particular features. Thus it will no longer + include info about IPv6 nor GSS. That info is of course still available in + the feature bitmask curl_version_info() offers. + +- Replaced all occurances of sprintf() with snprintf(). This is mostly because + it is "A Good Thing" rather than actually fixing any known problem. This + will help preventing future possible mistakes to cause buffer overflows. + +- Major reorganization in the host resolve code (again). This time, I've + modified the code to now always use a linked list of Curl_addrinfo structs + to return resolved info in, no matter what resolver method or support that + is available on the platform. It makes it a lot easier to write code that + uses or depends on resolved data. + + Internally, this means amongst other things that we can stop doing the weird + "increase buffer size until it works" trick when resolving hosts on + IPv4-only with gethostbyname_r(), we support socks even on libcurls built + with IPv6 enabled (but only to socks servers that resolve to an IPv4 + address) and we no longer deep-copy or relocate hostent structs (we create + Curl_addrinfo chains instead). + + The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai() + and is slightly naive and simple, yet I believe it is functional enough to + work for libcurl. + +Daniel (22 June 2004) +- David Cohen pointed out that RFC2109 says clients should allow cookies to + contain least 4096 bytes while libcurl only allowed 2047. I raised the limit + to 4999 now and made the used buffer get malloc()ed instead of simply + allocated on stack as before. Extended test case 46 to include a cookie with + very huge content to verify the fix. + +- Günter Knauf fixed getdate.y to remove a few warnings. I removed the + ifdef'ed test we never ever use anyway. + +- Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter + anywhere in the wildcard string, support multiple '*'-letters in the + wildcard and to allow the '*'-letter to match a string that includes a dot. + +Daniel (21 June 2004) +- testcurl.sh is now removed completely, tests/testcurl.pl is the script to + use when autobuilding curl! + +- Kjetil Jacobsen brought my attention to the fact that you cannot properly + abort an upload with the readfunction callback, since returning 0 or -1 only + stops the upload and libcurl will continue waiting for downloaded data and + the server often waits for the rest of the upload data to arrive. + + Thus, I've now added the ability for read callbacks to return + CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop + the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code. + + Test case 513 was added to verify that it works. I had to improve the test + HTTP server too to dump the request to a file even when the client + disconnects prematurely. + +Daniel (19 June 2004) +- Luca Alteas provided a test case with a failing curl operation: when we POST + to a site with --digest (or similar) set, and the server responded with a 302 + Location: to the "authprobe" request, it was not treated correctly. We still + will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not + in the mood to dive into this right now and will leave it as-is for now. + Verified my fix with test case 177. + +Daniel (18 June 2004) +- Gisle Vanem's patch that provides more details from the SSL layers (if you + use an OpenSSL version that supports it). It also introduces two new types + of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and + CURLINFO_SSL_DATA_OUT. + +- With David Byron's test server I could repeat his problem and make sure that + POSTing over HTTPS:// with NTLM works fine now. There was a general problem + with multi-pass authentication with non-GET operations with CONNECT. + +Daniel (16 June 2004) +- Modified to keep the upload byte counter in an curl_off_t, not an int as + before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire + reported that makes 2GB FTP uploads to report error ("unaligned file sizes") + when completed. + +Daniel (15 June 2004) +- Luca Alteas reported a problem that I fixed: if you did a POST with + CURLAUTH_DIGEST set but the server didn't require any authentication, + libcurl would repeatedly send HEAD lots of times until it gives up. This was + actually the case for all multi-pass authentications. Added test case 174, + 175 and 176 to verify this. + +Daniel (14 June 2004) +- Multipart formposts uploading files no longer inserts the files themselves + into the huge prebuilt chunk. This enables libcurl to formpost files that is + larger than the amount of system memory. When the file given is passed on + stdin, libcurl still uses the old method of reading the full fill before the + upload takes place. This approach was selected in order to not alter the + behavior for existing applications, as when using stdin libcurl can't know + the size of the upload and chunked transfer-encoding can only be used on + HTTP 1.1 servers. + +Daniel (13 June 2004) +- Gisle found out that we did wildcard cert name checks wrong, so that parts + of the check wrongly was case sensitive. + +Daniel (11 June 2004) +- Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS + machine. He also had some interesting libcurl patches... they might be able + to do in a slightly nicer way. Discussions are in progress. + +Daniel (10 June 2004) +- Gisle Vanem brought code cleanupsm better verbose output and better connect + timeout handling when attempting to connect to a host that resolves to + multiple IP addresses. + +- Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the + path after a file:// transfer. + +Daniel (9 June 2004) +- Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl + without HTTP support. I added a new return code for curl_formadd() in case + libcurl is built with HTTP disable: CURL_FORMADD_DISABLED. + +- Alexander Krasnostavsky pointed out a missing file in the generated + curllib.dsp file, and now people building with this should get a libcurl.lib + file generated as it used to do before we generated this file. + +Daniel (8 June 2004) +- Marty Kuhrt fixed a minor build problem for VMS. + +Daniel (7 June 2004) +- Reverted the configure check from the 4th since it obviously didn't work. + Remade it in a different manner that hopefully works better. + +Daniel (4 June 2004) +- Günter Knauf brought patches to make curl build fine on NetWare again. + +- Made the configure checks for strerror_r() not exit the configure script + when built for cross-compiling. + +Daniel (3 June 2004) +- Chris Gaukroger pointed out that 'make test' attempts to run the tests even + if curl is built cross-compiled. I've now made it output a short message + instead, saying it isn't possible to do. + +- Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl. + You can now use libcurl to transfer files between two remote hosts using + FTP. There are a bunch of new options to control this with: + CURLOPT_SOURCE_HOST + CURLOPT_SOURCE_USERPWD + CURLOPT_SOURCE_PATH + CURLOPT_SOURCE_PORT + CURLOPT_PASV_HOST + CURLOPT_SOURCE_PREQUOTE + CURLOPT_SOURCE_POSTQUOTE + + (They still remain to be documented properly in the curl_easy_setopt man + page.) + + When using this, the ordinary CURLOPT_URL specifies the target URL, and you + specify the source data with these additional options. ftp3rdparty.c is a + new example source code showing how to use this. + +- Vincent Bronner fixed the HTTP Digest code to use the proxy user name and + password when doing proxy authentication, it previously always used the host + user name and password! + +Daniel (2 June 2004) +- CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which + fixes some old confusions on when which of these should be used and what the + differences are. + +- Applied Gisle's fixes to make curl build fine with lcc-win32 + +Version 7.12.0 (2 June 2004) + +Daniel (1 June 2004) +- I clarified the --create-dirs option somewhat in the curl man page. + +- Renaud Duhaut corrected the curl_unescape man page. + +- David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile + changes to now again use the mm lib by default. + +Daniel (26 May 2004) +- Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl + Makefile + +- David Byron reported a problem with proxy authentication when doing CONNECT, + like when accessing HTTPS sites wiht a proxy. This probably broke when I + rewrote the auth stuff recently. + +- I added fileupload.c in the examples directory, showing how an upload to a + file:// URL is made. + +Daniel (25 May 2004) +- Massimiliano Ziccardi updated the MSVC makefiles. + +Daniel (24 May 2004) +- libcurl now supports "uploading" to file:// URLs. Test 204 and 205 were + added to verify. + +- Simon Josefsson added a idn_free() function in libidn 0.4.5 as a reaction to + Gisle's previous mail. We now use this function, and thus we require libidn + 0.4.5 or later. No earlier version will do. + +- Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE could + not be used both in one request. Fixed it and added test case 172 to verify. + +Daniel (21 May 2004) +- While talking to host a.b.c, libcurl did wrongly not accept cookies that + were set to the domain .a.b.c (that is with a dot prefix). This is now fixed + and test case 171 verifies it. + +Daniel (20 May 2004) +- Jesse Noller reported that the upload speed info reported by libcurl was + wrong. The same was true for the download speed. Fixed now. + +Daniel (19 May 2004) +- David Byron added test case 170 - this used to crash the previous version of + curl. + +Daniel (17 May 2004) +- Peter Sylvester's patch that addresses two flaws in the peer certificate + name verification: + o when multiple common names are used (as in the curl tests), the last name + needs to be selected. + o allow comparing with encoded values, at least with BMP and ISO latin1 + encoded T61strings. + +- All 191 test cases run through the torture test OK! 'make test-torture' is + now available in the root makefile (on configure-based environments). + +Daniel (14 May 2004) +- With a slightly modified ftpserver.pl I've now run almost all tests through + with runtests.pl -t. This is goodness! + +- Since I have been unable to contact the CVS admins for several months, I've + decided that the current CVS hosting was not good enough. I've now moved the + CVS repo once again, see README for updated cvs checkout instructions. + +Daniel (13 May 2004) +- runtests.pl -t now runs fine all the way to test 100. I believe test case + 100 fails because of an FTP server problem. + +Daniel (12 May 2004) +- General cleanups all over to make libcurl survive and do well when a memory + function returns NULL. runtests.pl -t now works fine for the first 26 test + cases. + +Daniel (11 May 2004) +- Seshubabu Pasam provided a patch that introduces curl_global_init_mem() - + like normal curl_global_init() but allows the app to replace all memory + functions with its own set. I modified it slightly. + +- Based on Luca Alteas' comments, I modified the curllib.dsp generation code. + +Daniel (10 May 2004) +- Gisle mailed Simon Josefsson (of libidn fame) about the benefits of a + separate free()-function by that lib to make sure the memory is freed by the + same memory subsystem that allocated it. He responded positively and this + will likely cause us to require a newer version of libidn as soon as Simon + releases one with such a libidn_free() function. + +- James Bursa made runtests.pl's -t option work for any given test case, and I + edited to allow -g too. Not even test case 1 worked... + +- Luca Altea made the nc= field not use quotes in outgoing HTTP Digest headers. + +- Andrés García fixed a problem in the test script that made it fail to + recognize our own running HTTP server. + +Daniel (7 May 2004) +- James Bursa fixed the memanalyze.pl script to conder malloc(0) areas OK to + free() and he made two failed-resolve error messages use the new display- + name instead of the internally-used name. + +- Gisle Vanem tried curl with + www.etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com + which caused problems, and I fixed the single zero byte buffer overwrite + that occurred (due to a stupid protocol buffer size and parser). + +- Made the lib/curllib.dsp file get generated automaticly when a distribution + package is made, with the msvcproj.* files as templates and all + win32-sources added. I think this can be made to work better than the always + lagging-behind previous approach. I'm not sure this builds a working project + file right now though! + +Daniel (6 May 2004) +- Michael Benedict brought a fix that fills in the errorbuffer properly when + ares fails to resolve a name for a case not previously dealt with like this. + +Daniel (5 May 2004) +- Joe Halpin fixed the annoying typecast warning in lib/ldap.c + +- Gisle Vanem fixes: + o memdebug to not access NULL on several places + o libcurl.def; curl_formparse is gone. + o progress.c; fixed the percent values being trunced to 0. + o if2ip.*; constified the 'interface' argument. + +- Tor Arntsen reported that many of his autobuilds froze and I found and fixed + a problem introduced with the HTTP auth overhaul that could lead to a + never-ending internal request-loop due to un-initialized variables! + +- Removed several compiler warnings on various compilers/platforms. + +Daniel (4 May 2004) +- curl_formparse() has been removed from the library. It has been marked and + mentioned as deprecated for several years. + +Daniel (3 May 2004) +- Rewritten HTTP authentication code. The previous code could not properly + deal with the added test cases 167, 168 and 169. I've now rewritten the code + to better separate host and proxy authentication and not re-use the same + variables as much as before as it proved non working in the more involved + cases. All the current tests run OK now, and so do the new ones. The curl + tool got a new option named --proxy-digest to enable HTTP Digest + authentication with the proxy. I also made the library support it. + +- Gisle Vanem made the LDAP code work with wldap32.dll as supplied with + Win-98/ME/2000/XP, so no extra .dlls are required when curl/libcurl is used + on these Windows versions. + +Daniel (30 April 2004) +- runtests.pl now scans the valgrind log for valgrind-detected memory leaks + after each test case if valgrind was found and used. + +- I modified the app-code in curl to include the new lib/curlx.h and only + access those functions using the curlx_-prefix in preparation for the future + removal of several curl_-functions from the public libcurl API. + +- Introduced lib/curlx.h as a single header to provide the curlx_-functions + to apps. + +- Added notices in the man pages for curl_getenv, curl_mprintf, curl_strequal + and curl_strnequal that they are subject for removal in a future release. + STOP USING THESE FUNCTIONS. + +- Mihai Ionescu noticed he couldn't do formposts with whitespace in the file + names and yes, I broke that on April 23. Sigh. I fixed it now and added + test case 166 to verify it. + +- Luca Altea pointed out a mistake left from the Digest patch of yesterday. + +Daniel (29 April 2004) +- Made IDN domains work when sending requsts over HTTP proxy as well. Added + test case 165 to verify the functionality. + +- Fixed a bug in the new internal host name setup when re-using connections. + +- James Bursa found out that curl_easy_duphandle() with ares-built libcurl + created a bad handle that would crash in the first name resolve attempt. This + is now fixed and test case 512 was added to verify it. + +- Luca Altea provided a major HTTP Digest code fix and cleanup. We now follow + the Digest RFC a lot better. + +- Gisle Vanem made the SSL code use ERR_error_string_n() where applicable. + +Daniel (27 April 2004) +- I remodeled Gisle's IDN code slightly and now we convert both the host name + and proxy name to the ACE encoded version to use internally for resolves and + cookies etc. They are now using one 'struct hostname' each that keep both + the original name and the possibly encoded name. IDN resolves work for me + now using IPv6, IPv4 and ares resolving. Even cookies on IDN sites seem to + do right. I got some failures at first when CHARSET wasn't set at all which + confused libidn completely and it decided by encoding of choice was + 'ANSI_X3.4-1968'... + +- made 'configure --without-libidn' work + +Daniel (25 April 2004) +- Fixed the src/hugehelp.c file to include "setup.h" instead of "config.h" to + make the problems with USE_MANUAL on windows go away. + +- configure --without-ssl could still wrongly include some OpenSSL info in the + Makefiles if pkg-config had info about OpenSSL. Bug #941762 reported by + Martin. + +- Since we can now build and use quite a large set of 3rd party libraries, I + decided I would make configure produce a summary at the end showing what + libraries it uses and if not, what option to use to make it use that. I also + added some other random info that is nice in a "configure summary" output. + +- Applied TommyTam's patch that now make curl work with telnet and stdin + properly on Windows. + +- The changes for today below were made by me and Gisle Vanem. + + The file previously known as hostip.c has now undergone a huge cleanup and + split: + + hostip.c explained + ================== + + The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c + source file are these: + + CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use + that. The host may not be able to resolve IPv6, but we don't really have to + take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 + defined. + + CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous + name resolves. It cannot have ENABLE_IPV6 defined at the same time, as + c-ares has no IPv6 support. This can be Windows or *nix. + + CURLRES_THREADED - is defined if libcurl is built to run under (native) + Windows, and then the name resolve will be done in a new thread, and the + supported asynch API will be the same as for ares-builds. + + If any of the two previous are defined, CURLRES_ASYNCH is defined too. If + libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is + defined. + + The host*.c sources files are split up like this: + + hostip.c - method-independent resolver functions and utility functions + hostasyn.c - functions for asynchronous name resolves + hostsyn.c - functions for synchronous name resolves + hostares.c - functions for ares-using name resolves + hostthre.c - functions for threaded name resolves + hostip4.c - IPv4 specific functions + hostip6.c - IPv6 specific functions + + The hostip.h is the single united header file for all this. It defines the + CURLRES_* defines based on the config*.h and setup.h defines. + +- Added function header comments to many functions in an attempt to better + explain the purpose of them all. + +- configure --with-libidn is now supported. It makes the configure script + check for libidn libs and include files in the prefix path given. If you + say --with-libidn=/usr/local, it will check for the lib in /usr/local/lib + and the includes in /usr/local/include etc. + +- curl_version_info() now returns a struct aged CURLVERSION_THIRD including + libidn version info. The string curl_version() returns also includes libidn + version info, if available. + +Version 7.11.2 (26 April 2004) + +Daniel (25 April 2004) +- Erwin Authried pointed out that configure --disable-manual didn't do right + if you already had a src/hugehelp.c source file present (which most people + do I guess). It now uses the USE_MANUAL define properly. + +Daniel (23 April 2004) +- Gisle Vanem found and fixed a memory leak when doing (failing) Windows + threaded name resolves. + +- I also added test case 163 just to make sure -F "var=<file" works fine and + can pass on characters such as newlines, carriage-return and tabs. + +- When we added test case 162 without adding the necessary requirement field + in the test meta data we could see that curl didn't complain if you used + --proxy-ntlm even if the underlying libcurl it uses has no NTLM support! I + now made it check this first, and it now exists with a "the installed + libcurl version doesn't support this" message if it happens again. + +Daniel (22 April 2004) +- David Byron found and fixed a small bug with the --fail and authentication + stuff added a few weeks ago. Turns out that if you specify --proxy-ntlm and + communicate with a proxy that requires basic authentication, the proxy + properly returns a 407, but the failure detection code doesn't realize it + should give up, so curl returns with exit code 0. Test case 162 added to + verify the functionality. + +- allow newlines in the contents when doing -F "var=[contents]" + Robert Marlow reported. + +- If a transfer is found out to be only partial, libcurl will now treat that + as a problem serious enough to skip the final QUIT command before closing + the control connection. To avoid the risk that it will "hang" waiting for + the QUIT response. Added test case 161 to verify this. + +Daniel (21 April 2004) +- Modified the heuristics for dealing with the test 160 scenario. When a + connection is re-used and nothing at all is received from it (because the + server closes the connection), we will now retry the request on a fresh new + connection. The previous ECONNRESET stuff from January 30 was removed again + as it didn't detect the situation good enough. + +Daniel (20 April 2004) +- Added test case 160 to verify that curl works correctly when it gets a + connection reset when trying to re-use a connection. It should then simply + create a new connection and resend the request. + +Daniel (19 April 2004) +- No more 512 byte limit for host name (inclusing name + password) in libcurl. + An added bonus is that we use less memory for the typical (shorter URL) + case. + +- Cleaned up the sources to better use the terms 'hostname' and 'path' + internally when referring to that data. The buffers used for keep that info + is called 'namebuffer' and 'pathbuffer'. Much easier to read and understand + than the previous mess. + +Daniel (15 April 2004) +- Modified runtests.pl again to remove all log files in the log/ dir between + each test, and then made -p display all non-zero byte files in the log dir. + It should make that data more usable and contain less rubbish. + +- ftpserver.pl now produces log files more similar to how the sws ones look + and they now also contains a bit more details to help debugging ftp + problems. + +- Removed the fixed maximum amount of dir levels the FTP code supported. + Previously we had a fixed array for 100 levels, now we save space in each + handle by allocating only for a few level by default and then enlarging that + in case of need (with no maximum depth). Adjusted test case 142 to verify + that 150 dir levels work fine. An added bonus is that we use less memory + for the typical (not very deep) case. + +Daniel (14 April 2004) +- Asking for CURL_IPRESOLVE_V6 when IPv6 addresses can't be resolved will + now cause the resolve function to return NULL immediately. This flaw was + pointed out by Gisle Vanem. + +- Gisle Vanem made curl -4/-6 actually set the desired option to libcurl. + +- runtests.pl now has a new option (-p) that will display "interesting" log + files to stdout in case of a test failure. This is primarily intended to be + used in the 'full-test' make target that is used by the autobuild tests, as + we then get a much better chance to understand (remote) test failures based + on autobuild logs alone. + +Daniel (13 April 2004) +- Gisle Vanem made the multi interface work again on Windows even when built + without ares. Before this, select() would return -1 during the name resolve + phase since curl_multi_fdset() didn't return any fd_set at all which wasn't + appreciated! + +- curl_easy_duphandle() now duplicates the tcp_nodelay info as well. + +Daniel (11 April 2004) +- Applied David Byron's patch for the MSVC libcurl makefile for builds with + zlib. + +Daniel (9 April 2004) +- Dirk Manske improved the timer resolution for CURLINFO_*_TIME, it can now + be down to usec if the system sypports it. + +Daniel (7 April 2004) +- A request that sends "Expect: 100-continue" and gets nothing but a single + 100 response back will now return a CURLE_GOT_NOTHING. Test 158 verifies. + +- The strtoofft() macro is now named curlx_strtoofft() to use the curlx_* + approach fully. + +Daniel (6 April 2004) +- Gisle Vanem's fixed bug #927979 reported by Nathan O'Sullivan. The problem + made libcurl on Windows leak a small amount of memory in each name resolve + when not used as a DLL. + +- New authentication code added, particularly noticable when doing POST or PUT + with Digest or NTLM. libcurl will now use HEAD to negotiate the + authentication and when done perform the requested POST. Previously libcurl + sent POST immediately and expected the server to reply a final status code + with an error and then libcurl would not send the request-body but instead + send then next request in the sequence. + + The reason for this change is due to IIS6 barfing on libcurl when we attempt + to POST with NTLM authentication. The reason for the problems is found in + RFC2616 section 8.2.3 regarding how servers should deal with the 100 + continue request-header: + + If it responds with a final status code, it MAY close the transport + connection or it MAY continue to read and discard the rest of the + request. + + Previous versions of IIS clearly did close the connection in this case, + while this newer version decided it should "read and discard". That would've + forced us to send the whole POST (or PUT) data only to have it discarded and + then be forced to send it again. To avoid that huge penality, we switch to + using HEAD until we are authenticated and then send the POST. + + The only actual drawback I can think of (except for the odd sites that might + treat HEAD differently than they would treat POST/PUT when given the same + URL) is that if you do POST with CURLAUTH_ANY set and the site requires NO + authentication, libcurl will still use a HEAD in a first round and then do a + POST. + + If you do a HEAD or a GET on a site using CURLAUTH_ANY, libcurl will send + an un-authenticated request at once, which then is the only request if the + site requires no auth. + + Alan Pinstein helped me work out the protocol details by figuring out why + libcurl failed and what IIS6 expects. + +- The --limit-rate logic was corrected and now it works a lot better for + higher speeds, such as '10m' or similar. Reported in bug report #930249. + +- Introducing curlx_tvnow() and curlx_tvdiff() using the new curlx_* fashion. + #include "timeval.h" from the lib dir to get the protos etc. Note that + these are NOT part of the libcurl API. The curl app simply uses the same + source files as the library does and therefore the file needs to be compiled + and linked with curl too, not just when creating libcurl. + +- lib/strerror.c no longer uses sys_nerr on non-windows platforms since it + isn't portable enough + +Daniel (2 April 2004) +- In the curl_strnqual.3 man page, we now prepend the man3 dir to the file + name to work better. As pointed out by Robin Kay. + +- Andrés García updated the mingw makefiles. + +- Dirk Manske fixed a problem I recently added in the progress meter code that + broke subsecond resolution for CURLINFO_TOTAL_TIME. He also pointed out a + mistake in the code that produces the final update of the progress meter + that would often prevent it from actually being updated that final time. + +Daniel (1 April 2004) +- Dirk Manske fixed a memory leak that happened when we use ares for name + resolves and decides to time-out before ares does it. This fix uses the + brand new ares_cancel() function which is not present in c-ares 1.1.0. + + When told to enable ares, the configure script now checks for presence of + the ares_cancel function to alert users if they attempt to use a too old + c-ares library. + +Daniel (31 March 2004) +- Roy Shan fixed a flaw that prevented ares name resolve timeouts to occur! + +- Dirk Manske found out that libcurl timed out waiting for resolves far too + easy when libcurl was built to use (c-)ares for name resolving. + +- Further Digest fixing and a successful test case 153 now makes me believe + Mitz Wark's problems are fixed. + +- Andres Garcia figured out that test case 63, while working, only proved a + flaw in libcurl's 'http_proxy' parser when a user name and password is + provided. The user name was not extracted properly (and 'http' was always + used as user name). + +- Andrés García fixed compiler warnings in our ioctlsocket() usage. + +Daniel (30 March 2004) +- Joe Halpin faced problems with the getnameinfo() argument ai_flags and the + particular bit named 'NI_WITHSCOPEID' on Solaris 9 for Intel. I've now + written a configure test that checks for a working NI_WITHSCOPEID + implemenation. No code uses the result from this test yet, it is still + experimental. James Carlson wrote in comp.unix.solaris: "It's a bug + (5006623) -- it's not supported and shouldn't be in the header file." + +- I provided Mitz Wark with a first patch in order to fix libcurl's problems + to re-negotiate Digest authentication (when 'stale=true' is included in the + response header). + +- Roy Shan discovered that the multi interface didn't properly timeout name + lookups which could make handles get stuck in that state and thus never get + completed. I've produced a first test patch that attempts to correct this. + +- David Byron's patch was appplied to make CURLOPT_FAILONERROR work nicely + even with authentcations such as NTLM or Digest enabled. Test cases 150, 151 + and 152 were added to verify the functionality. + +Daniel (29 March 2004) +- Gisle Vanem updated files for the djgpp/MS-DOS build. + +- Andrés García helped me work out a fix for the runtests.pl script to make + the file:// tests run fine when tested with the mingw-built version of curl. + +- Fixed an include issue with netinet/tcp.h on AIX, based on input by Tor. + This also required a minor fix of the configure script. + +- The postit2.c source example used the wrong struct name for the post data. + +Daniel (26 March 2004) +- Gisle Vanem improved IPv6 support on Windows by making the curl build use + the correct getaddrinfo() function. + +Daniel (25 March 2004) +- It turned out that AIX, despite having a "thread-safe libc", doesn't offer + all traditional functions thread-safe. This URL is informative on this + subject: + + http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ + genprogc/thread_quick_ref.htm + + As a result of this, we now check for three *_r() functions on recent AIX + versions as well that the URL mentions aren't thread-safe in AIX 5.1. + +- renamed curl_strerror.[ch] to strerror.[ch] + +- Joe Halpin added CURLOPT_TCP_NODELAY and --tcp-nodelay to make it possible + for users to disable the Nagle algorthim-usage. + +- Tor Arntsen provided some interesting strerror_r() knowledge. glibc has its + own API which differs from the POSIX one. Daniel adjusted the configure + script to detect the version in use, and the code now uses the new defines + accordingly. + +- Fixed some build flaws with the new lib/curl_strerror.c source file. + +Daniel (24 March 2004) +- Gisle Vanem's fix to replace the bad use of strerror(). This introduces + Curl_strerror() that attempts to be thread-safe _and_ works on Windows too! + +- Tor Arntsen spell-fixed lots of libcurl man pages. + +- Tor Arntsen made testcurl.pl work with older perl 5 versions, and Daniel + made it not use chdir .. to go back, as that isn't very good when you've + setup a testdir containing symlinks. + +- Added a check for strerror_r() in the configure script. + +Daniel (23 March 2004) +- Added Greg Hewgill's testcurl.pl script to CVS. We have not moved over to + use this script for the real distributed testing just yet, but it is only + a matter of time. + +- Gisle Vanem provided code that makes curl report a better error message + if --interface fails on windows. + +- The regular progress meter is now fixed to never wrap due to long lines. All + fields are now static sized. If the time in the time fields get a time value + that would represent a time that is 100 hours or more (if not, it remains + using a HH:MM:SS display), it switches first to a "NNNd NNh" display (for + days and hours) and if that isn't enough it switches to a "NNNd" display if + it is more than 999 days. + + Several of the calculations were also moved to fixed-point math instead of + using doubles. + +Daniel (22 March 2004) +- Glen Nakamura noticed CURLINFO_CONTENT_LENGTH_DOWNLOAD didn't work as it + used to do if CURLOPT_NOBODY is set TRUE. + +- Kevin Roth patched the cygwin package makefile and README to adjust to + new cygwin packaging guidelines. + +- Enabled "NT responses" in the NTLM authentication. Doing this simply means + that we provide an extra chunk of data in each "type-3 message". The only + reason for doing this is that it seems that using only the "Lanmanager hash" + (as we've been doing until now) doesn't support passwords longer than 14 + characters and it turns out there are users out there who want to use + libcurl and NTLM with such passwords! ;-) Seven NTLM-related test cases were + updated accordingly. Mentioned as issue 29 in TODO-RELEASE, bug report + #915609 + +- Moved the generated libcurl version info to a new header file, named + curl/curlver.h. Now interested parties can include ONLY version info, should + anyone want that (and it seems at least some windows resource files would). + Mentioned as issue 27 in TODO-RELEASE. + +Daniel (21 March 2004) +- Fixed the root Makefile to use tabs for the netware target. Günter Knauf + pointed this out. + +- Marty Kuhrt's VMS cleanup + +- Thomas Schwinge made buildconf recognize ACLOCAL_FLAGS to invoke aclocal + with particular pre-determined options. + +Version 7.11.1 (19 March 2004) + +Daniel (18 March 2004) +- Tor Arntsen brought some info about SGI IRIX: + + IRIX supports 3 different executable/object formats, -32, -n32 and -64. + -n32 is default 32-bit format, -32 is the "old" 32-bit format, and -64 is + the 64-bit format. Libraries for the different formats are in lib, lib32 + and lib64 respectively. + + We've now adjusted the configure script to adapt to this when scanning for + 3rd party libs, such as OpenSSL. + +Daniel (17 March 2004) +- Watz pointed out a few missing files in the MSVC project description file. + +- Günter Knauf brought patches, code and makefiles to build curl on Novell + NetWare. + +Daniel (15 March 2004) +- Lots of libcurl man pages were updated to contain references to other man + pages the recognized way so that they appear as nice hyperlinks in the HTML + versions. + +- buildconf now checks the m4 version too, since autoconf requires a GNU m4 + version to build proper configure scripts. + +Daniel (12 March 2004) +- Added CURLOPT_POSTFIELDSIZE_LARGE, the large file version of + CURLOPT_POSTFIELDSIZE to allow POSTs larger than 2GB. + +- David Byron fixed an uninitialized variable case/crash. + +Daniel (10 March 2004) +- Jeff Lawson fixed the SSL connection to deal with received signals during the + connect. + +- Changed the OS string for win32 to become "i386-pc-win32". + +Daniel (9 March 2004) +- Changed the internals to use curl_socket_t for socket variable type. This + should enable us to build with less warnings on Windows, where SOCKET is + used which is an unsigned int, while most other platforms use a mere int. + +- Modified lib/config-win32.h to build fine on MSVC again. + +Version 7.11.1-pre1 (8 March 2004) + +Daniel (8 March 2004) +- Minor fix to make curl CURL_VERSION_LARGEFILE is only set if curl_off_t is + larger than 4 bytes. + +Daniel (4 March 2004) +- Improved PUT/POST with NTLM/Digest authentication, the so called issue 12. + +- Modified the test HTTP server a lot to work with the upcoming changes for + PUT/POST with NTLM/Digest authentication (like test case 88). Added Andrés + García's win32-changes. Improved the logging. + +- Fixed the file:-related progress/getinfo stuff a bit more. + +Daniel (4 March 2004) +- I corrected a problem with the multi interface when following a Location: + header or when doing multiple-request authentications. A subsequent request + could erroneously re-use a previous connection that was sent with + Connection: close. Christopher R. Palmer reported. + +- Andrés García patched curl to prevent warnings while compiling with mingw, + mainly because it is now possible to have both WIN32 and HAVE_CONFIG_H + defined. + +- When transferring files from a file: URL, the progress meter and other + transfer metrics were not updated properly. + +- David Byron provided a "version resource" file to the curl executable for + the windows builds. + +Daniel (3 March 2004) +- David Byron's work on making libcurl only require winsock 1.1 on Windows + machines. + +- More variable cleanups based on compiler warnings generated by Tor Arntsen's + autobuilds with MIPSPro. + +- Joe Halpin helped us fix some pedantic compiler warnings on FreeBSD. + +- Applied Tom Bates' patch to build on nsr-tandem-nsk. + +- Dan Fandrich corrected some flaws in the configure GSS detection. + +Daniel (2 March 2004) +- Fixed the libcurl code to use FORMAT_OFF_T for printf() formatting + curl_off_t types internally. + +Daniel (1 March 2004) +- Added CURL_VERSION_LARGEFILE as a feature-bit in the curl_version_info() + response, that signals if this libcurl supports >2GB files. curl -V now + outputs 'Largefile' in the Features: field if this is the case. Most systems + are likely to support this. + +- We offer a CURL_FORMAT_OFF_T define in the public header, which can be used + to printf() curl_off_t variables. We also modified the libcurl sources to + use this define instead of the previous %Od approach (although I've left the + O-flag functional in the code). This should also prevent compilers to warn + on the home-grown option. + +- Fixed the resume-check code to test for a working resume at the end of the + headers and not at the first body-byte. + +- CURLOPT_DNS_USE_GLOBAL_CACHE is now considered obsolete. Stop using it. If + you need a global DNS cache for whatever reason, use the share interface and + you'll get a global cache that works the way it should work. You can even + have any number of global caches, all at your command. This is now also + mentioned in the docs. + +- Made the *printf code support the z-flag to enable size_t printf() in a + manner similar to how glibc allows it. To make printfing of this work on + platforms with 64bit size_t and 32bit ints. If there even are any! ;-) + +- Christopher R. Palmer discovered that if you CURLOPT_FRESH_CONNECT and + CURLAUTH_NTLM (or CURLAUTH_ANY and libcurl then picked NTLM), libcurl would + loop without succeeding to authenticate due to the new connection that was + made for all round-trips in the authentication. Now, the FRESH_CONNECT is + remade to only matter for the first connection made with curl_easy_perform() + and all the rest that might follow due to FOLLOWLOCATION or HTTP + authentication are now ignoring that option. + +- Adjusted the QUIT code slightly since it could core-dump. + +- Corrected the test suite's FTP server to provide a correct size to the + 'verifiedserver' request. + +Daniel (27 February 2004) +- Joe Halpin made the FTP code send QUIT on the control connection before + disconnecting the TCP connection. This is what good-behaving ftp clients + should do. + +Daniel (26 February 2004) +- David Byron updated several files to make curl build fine on MSVC 6. He + also added the 'buildconf.bat' that works like the 'buildconf + configure' + combo does on unixes. + +- Gisle Vanem made the memdebug stuff support calloc() as well. + +- Tor Arntsen pointed out that testcurl.sh needed to remove the generated + files in order to have them re-generated in each build. + +- Andy Serpa found out that the share interface did not enjoy life when not + having the lock and unlock callbacks set, even though documented to be + OK. It still is OK, and now the code won't segfault anymore! + +Daniel (25 February 2004) +- Based on a patch by Greg Hewgill I modified how long long is used in the + mprintf code, as we can use a 64bit type with MSVC that is a long long + equivalent. This corrects some weird large file behaviors on windows. + +- Tor Arntsen helped me work out --enable-debug to work better with different + versions of the gcc and icc compilers. + +- Added CURLOPT_SHARE to the curl_easy_setopt.3 man page. + +Daniel (22 February 2004) +- Applied the final pieces of Gisle Vanem's patch that brings a working name + resolve timeout to the windows versions of curl! + +Daniel (21 February 2004) +- David Byron's fix to allow the speed-limit logic work even if you set + limit-rate. It does work on the expense of the rate limiter. + +Daniel (20 February 2004) +- configure --enable-debug with gcc now also tries to detect the icc compiler + (which somehow gets treated as if it is a gcc) to stop using all the gcc + options with it, and we also provide -isystem options for each extra -I + option the configure script has figured out (for OpenSSL, kerberos, zlib, + Heimdal etc). This of course to prevent warnings on headers we don't have + control of. + +Daniel (19 February 2004) +- Doug Porter made libcurl use the HOME environment variable before the + getpwuid results when looking for .netrc files. + +- If 'configure --enable-debug' is used with gcc, it now checks which gcc + version it is and uses as picky compiler options as possible for the + particular version. + +- Code that can be used in both the lib and in the curl app is now made to use + the curlx_ prefix. The first function to be available like this is the + curlx_strtoll() function. This is made to allow the app to use existing code, + but without polluting the libcurl API. Further explanations posted here: + + http://curl.haxx.se/mail/lib-2004-02/0215.html + +Daniel (18 February 2004) +- Fixed buildconf to not use "which" as AIX and Tru64 have what have been + referred to as "horribly broken 'which' programs". + +- Made sure dns cache timeout set to -1 really means caching forever. + +Daniel (17 February 2004) +- Made it possibly to build c-ares with the libcurl memdebug system to better + track memory. + +Daniel (16 February 2004) +- When using ares, we now initialize the ares 'channel' in curl_easy_init() + and re-use that same handle during the entire curl handle's life-time. It + improves performance. + +- Fixed a problem when displaying verbose for IPv6-enabled libcurls and + re-used connections. Problem reported and fix verified by Grigory Entin. + +- Jeff Lawson fixed the version-check in the SOCKS5 code. + +Daniel (15 February 2004) +- Fixed a case where a host cache entry was not flagged in-use properly when a + cached entry was used. + +- Andrés García's patch that checks for winmm in the configure script was + applied. + +Daniel (13 February 2004) +- Ben Greear's SO_BINDTODEVICE patch for the binding of the local end to a + specific network interface. + +- Greg Hewgill found out that the variable holding 'contentlength' wasn't big + enough to hold a large file! + +- Tor Arntsen fixed a 64bit-related problem in date-related code in the ftp + department, and there was another potential problem in the name resolve code + too. + +Daniel (11 February 2004) +- Removed a few variables that were only set but never used, as some compilers + warn about that and we do not like compiler warnings! + +- Removed the need for symlinks in the tests/data directory if curl is built + outside of the source directory and the 'make test' is used. This was done + by providing a "source dir path" to the scripts/servers. + +- Now, if the configure script can't find an nroff tool or an option to nroff + to use to convert man pages with, it will completely switch off the built-in + manual. + +- 'configure --disable-manual' completely disables the built-in manual from + the curl command tool. + +- Andrés García fixed the configure script and a minor source edit, and now + he has managed to get msys/mingw to run configure and then build! + +Daniel (9 February 2004) +- The default HTTP Accept: header was modified to the much simpler + "Accept: */*". + +- P R Schaffner updated the curl-ssl spec file for RPMs. + +- Dominick Meglio brought lots of documentation for the share interface's man + pages that were previously missing. + +- Tor Arntsen provided a patch that makes libcurl work-around a bug in the + AIX5 implementation of getaddrinfo(). This makes the FTP PORT stuff work on + IPv6-enabled AIX builds. + +- Ken Rastatter provided portability fixes for the curlgtk.c example, and now + it runs on windows with GTK as well! + +Daniel (6 February 2004) +- Andrés García made the configure script find gethostbyname() fine when run + with mingw on windows. + +- Modified the ldap code to use proper function pointers all over (instead of + mixed data and function pointers) to work-around the picky MIPSPro compiler + warnings. + +- A custom Host: header is only considered if the request is not made by + following a location. After discussions with Tim Baker. + +Daniel (5 February 2004) +- The libz part of the configure script now only set the two libz-related + define HAVE_ZLIB_H and HAVE_LIBZ if both the lib and the header is found. + If one is missing, none of the defines is set. + +- Andrés García fixed the Mingw makefiles. + +- Len Krause reported that curl 7.9.X could do uploading from stdin without + doing chunked encoding, which current curl cannot do even if you disable + the transfer-encoding chunked header. Now it can again, and test case 98 + verifies this functionality. + +- Tor Arntsen fixed a weird getaddrinfo() usage in the FTP code, preventing + the IPv6-code for PORT work on AIX 5.2. We now also provide (better) error + messages when bailing out in the that function. + +- Tor Arntsen now provides AIX and IRIX (using gcc, xlc and the MIPSPro + compilers) automated build logs (http://curl.haxx.se/auto/) and we've fixed + numerous minor quirks to make less warnings appear. + +Daniel (4 February 2004) +- Based on a patch by Gilad, we now use the custom timeouts when waiting for a + server to connect when using FTP PORT. Previously we always waited 10 + seconds, no more no less. We now also changed the default (if no timeout is + set) to wait 60 seconds for the connect before we fail. + +Daniel (3 February 2004) +- Modified to link with c-ares instead of ares. + +Daniel (2 February 2004) +- Added a configure test to check for which option the (g)nroff tool wants + to extract plain text from the man pages. Tor Arntsen told us the AIX + version of GNU gnroff doesn't support -man! + +- Added an undef of accept in memdebug.h to make curl build with --enable-debug + on AIX 5.2 which seems to have accept defined. Reported by Tor Arntsen. + +- curl_version() now includes c-ares version info, and curl_version_info() now + returns a struct with version SECOND that also includes that info. + +- We are now officially using c-ares for asynch name resolves. c-ares is the + new library, based on the existing ares but with an extended and slightly + modified API. + +- Dirk improved the ares timeout code, and now we also include the ares error + string when we fail to resolve a name. + +- Another tweak to make test case 91 run fine. Now we have another bit on a + connection that is set true if the connection is marked for 'retry'. That + makes the connection get closed and re-opened and the HTTP-done code must + not complain on the fact that no data was received. + +- Based on Dirk Manske's patch, I modified the name resolving with ares to + feature a timeout for really slow lookups. It now defaults to 300 seconds, + but is now adjusted to the CONNECTTIMEOUT/TIMOUE timeouts if one of them + is set. + +- Fixed the inclusion of ca-bundle.h to really use the one in the build dir + before the one in the source dir. Domenico Andreoli found out and reported. + +- Added test case 97, a simple POST with a custom Content-Type header + replacing the original application/x-www-form-urlencoded one. + +Daniel (30 January 2004) +- Added code that attempts to fix the test 91 failure. As has been figured out + by Patrick Smith, the error happens because we re-use a connection that the + server is just about to close and we even manage to send away the request + without seeing an error. On the first read attempt we get a ECONNRESET. + Starting now, we attempt to detect this and if so, we retry the request on a + fresh connection. + +- I added test case 510 which is a custom program that does a POST using a + read callback, with chunked transfer-encoding. + +- Adjusted one of the MPE/iX changes as it made test case 504 fail all over. + +- Added --socks as a recognized option. It works just like --proxy but sets a + SOCKS5 proxy to use. SOCKS5 support has been available in libcurl for a + while, just not provided by the curl tool. This does not currently work for + IPv6-enabled libcurls. + +Daniel (29 January 2004) +- Stadler Stephan pointed out that src/hugehelp.c included config.h without + checking the define if its present... + +- Ken Hirsch provided patches to make curl build fine on the MPE/iX operating + system. + +- Dan Fandrich compiled curl with lots of aggressively pedantic compiler + options and thus found a few minor errors and did some general cleanups to + avoid them. + +- Dirk Manske fixed a flaw in ares that prevented it to use non-blocking + sockets properly. + +Daniel (28 January 2004) +- Richard Bramante fixed chunked transfer-encoded "uploads" to send a final + CRLF combo properly. + +Daniel (27 January 2004) +- Made the response-headers during a CONNECT request to a proxy get passed on + as regular headers, so they appear with -i/-I options and similar. + +- Based on a patch by Gisle Vanem, I've made the progress meter display + properly switch to a GB-display when more than 9999MB have been transfered. + +Daniel (23 January 2004) +- Gisle Vanem pointed out a curlrc parser problem/crash when an option with a + required didn't have one and was on the last line of a file. + +- More Windows fixes for large files. We now build and link with + ../lib/strtoofft.c in the app code since Curl_strtoll() is not a provided + libcurl function... Perhaps we should consider a 'common' dir or similar + where we put source code used in both the lib and the client. Or perhaps + we'll just make this function available in the library... + +- Vincent Bronner found out the socks5 code crashed when no username was + set. + +- Vincent Bronner spotted a problem with proxy username/password when re-using + a persistent connection. + +- Fixed the progress meter display for files larger than 2^31 bytes. Gisle + Vanem reported. + +Daniel (22 January 2004) +- Gisle Vanem made strtoll() get used when curl is built with the mingw + compiler. + +- Gisle Vanem fixed the compressed help text code to display properly. + +- Removed the '#define HttpPost' from the public header file, as curl_httppost + is the proper name and it has been for quite some time now. Fixes another + name space pollution. + +- Added 'curl_off_t' typedef in the public header file, to be used to provide + large file sizes to the *_LARGE options. Adjusted the code all over to use + this variable type instead of 'off_t'. This is an attempt to make the large + file support work on more platforms. The configure script now checks the + size of the curl_off_t instead of the plain off_t. + +Version 7.11.0 (22 January 2004) + +Daniel (21 January 2004) +- Removed the defines in the public header file with TIMECOND_ prefixes. They + have been obsolete since April 22nd 2002, and if this causes anyone any + problems now it is very easy to just add CURL_ to the names. This corrects + this name space pollution. + +Daniel (19 January 2004) +- David Byron cleaned up how --trace with no option was treated, and also + arguments in a config file without a required parameter! + +Daniel (16 January 2004) +- Gisle Vanem fixed a few issues where compilers warned about variables + possibly being used unassigned. + +- Minor Interix build problem fixed. + +Daniel (15 January 2004) +- Peter Sylvester pointed out some necessary escaping needed in the + acinclude.m4 file when automake 1.8 or later is used. + +Daniel (14 January 2004) +- Vincent Bronner fixed the Curl_resolv() return code. This extends the fix + Steve Green provided on december 3... + +Daniel (13 January 2004) +- Luke Call made the win32 version of the password prompting function support + backspace. + +- Dan Fandrich fixed the hugehelp source file to contain both a compressed and + an uncompressed version in the distribution, so that more people easier can + build curl with the compressed version. + +- Diego Casorran brought another AmigaOS build patch for native Amiga builds. + +- Matt Veenstra updated the Mac OS X framework files. + +- Brian R Duffy brought a section to the INSTALL file on how to build a + SSL-enabled curl using the free Borland C++ compiler. He also updated the + Borland lib/Makefile.b32. + +- I fixed the test case 509 which I broke yesterday. Now the libtest are + compiled with an include path that points to the library's source dir, so + that the libtests can include files from the source tree. This was made to + make it possible to use the USE_SSLEAY define in the library test files. + +Daniel (12 January 2004) +- Peter Sylvester brought code that now allows a callback to modified the URL + even when the multi interface is used, and then libcurl will simulate a + "follow location" to that new URL. Test 509 was added to test this feature. + +- Extended the time we retry servers in the test script, and I also made it + retry the https and ftps servers before they are considered bad. I believe + the previous approach could turn problematic on really slow hosts. + +Version 7.11.0-pre1 (12 January 2004) + +Daniel (11 January 2004) +- Dominick Meglio pointed out FTPS should use default port 990 according to + IANA. + +Daniel (8 January 2004) +- Fixed the SPNEGO configure check to not use -R or other non-portable options + in the LDFLAGS. Reported by Pierre in bug report #872930. + +Daniel (5 January 2004) +- Dan Fandrich provided a fix on our zlib usage. + +- David J Meyer's patch that introduce large file support to libcurl was + applied. New curl_easy_setopt options that accept 'off_t' arguments are: + + INFILESIZE_LARGE + RESUME_FROM_LARGE + MAXFILESIZE_LARGE + +Daniel (4 January 2004) +- Based on Dominick Meglio's comments, I made our private version of + gettimeofday() declared static. This would otherwise collide with the same + function in other libs (like ares for example). + +- Added Dominick Meglio's description on how to build libcurl with ares + on win32. +Daniel (19 December) +- CURLOPT_IPRESOLVE was not possible to set. + +- Gisle Vanem updated the djgpp build files. + +Daniel (18 December) +- John McGowan reported a redirect-problem that happened if a site used a URL + like "url.com?var=content" (without a proper slash) and from that address + redirected the user-agent to an absolute directory. + +- David Byron made libcurl build fine with both the .NET and VC6 versions of + MSVC + +Daniel (16 December) +- Updated test 506 since it started to fail after the cache prune change + yesterday. I also changed it slightly to feature a counter in each debug + output for easier tracing. + +Daniel (15 December) +- Old DNS cache entries are now only pruned after curl is done with a request, + and not in the actual name resolve call. + +- corrected the --enable-ares patch + +- Giuseppe Attardi found and fixed a problem within libcurl that re-used + already freed memory. + +Daniel (10 December) +- Gisle Vanem reported that the dict support was broken. I broke it during my + ftps-changes overhaul. I've now added a 'curlassert' function that can be + used to verify expressions, to prevent future errors of the same + kind. They're only present in debug-builds. + +- Diego Casorran made curl and libcurl possible to build natively (no more + need for the ixemul library) on AmigaOS. + +- Dominick Meglio made configure --enable-ares support a given path to the + installed ares lib, instead of always using it in the curl source tree. + This also fixed the curl-config --libs output. + +- Eric S. Raymond patched a very minor man page format error in + libcurl-errors.3 + +Daniel (8 December) +- Fixed the flaw that made -lz appear twice on the link command line. + +- After correspondence with Gisle Vanem, I changed the 'connection aborted' + error text when the FTP response reader failed to more specificly identify + what the problem is. + +- Based on a patch from Dominick Meglio, curl-config --feature now outputs + 'AsynchDNS' as a feature if libcurl was built with ares. The feature name + is the same that 'curl -V' outputs, for simplicity. + +Daniel (3 December) +- Marty Kuhrt made the build up-to-date on VMS, and moved most of the VMS- + specific stuff in the client code to a separate header file. + +- Steve Green fixed a return code bug in Curl_resolv(), that made the socks5 + code fail. + +- swalkaus at yahoo.com patched libcurl to ignore Content-Length: headers + when Transfer-Encoding: chunked is used, as mandated by RFC2616. + +Daniel (2 December) +- --ftp-pasv was added, which serves the only purpose of overriding a + previously set --ftpport option. Starting now, --ftp-port is a recognized + alias for --ftpport for consistency. + +- Giuseppe Attardi pointed out that we should use MSG_NOSIGNAL when we use + send() and recv(). I added checks for the define in the configure script and + adjusted the code accordingly. If the symbol is present, we won't attempt + to ignore the SIGPIPE signal. + +Daniel (1 December) +- Mathias Axelsson set up a bsdftpd-ssl server for me and I could make curl + run fine against its FTPS implementation. Now these FTPS-related things + work: + o explicit and implicit FTPS + o active (PORT) and passive (PASV) + o upload and download + o verified against bsdftpd-ssl and RaidenFTPD + +Daniel (27 November) +- James Clancy made the Borland Makefiles up to date. + +- Markus Moeller improved the SPNEGO detection in the configure script. + +Daniel (25 November) +- Dave May filed bug report #848371, identifying that if you'd do POST over a + proxy to a https server, libcurl didn't POST at all, it just made a GET! It + turned out to be because libcurl wrongly didn't consider the authentication + "negotiation phase" to be complete yet. + + I added test case 95 to verify my fix for this. + +Daniel (24 November) +- Thanks to Mathias Axelsson, I've been able to work on FTPS for libcurl and it + seems to work somewhat fine now. + + The FTPS stuff is based on RFC2228 and the murray-auth-ftp-ssl draft + (version 12). There seems to exist quite a few servers that have implemented + the server side of this. + + We can now use ftps:// URLs to explicitly switch on SSL/TSL for the control + connection and the data connection (dealing with two SSL connections forced + me to change a lot of stuff in libcurl). + + Alternatively, and what seems to be the recommended way, we can set the new + option CURLOPT_FTP_SSL to one of these values: + + CURLFTPSSL_NOPE, - do not attempt to use SSL + CURLFTPSSL_TRY - try using SSL, proceed anyway otherwise + CURLFTPSSL_CONTROL - SSL for the control connection or fail + CURLFTPSSL_ALL - SSL for all communication or fail + + Any failure to set the desired level will make libcurl fail with the error + code CURLE_FTP_SSL_FAILED. This new option makes a "normal" ftp:// transfer + attempt to be made securely. + + I've been able to login and get files (passively) from Mathias' server using + both ftps:// and CURLOPT_FTP_SSL. (I've made 'curl' understand the --ftp-ssl + option that sets CURLFTPSSL_TRY.) + +- Gaz Iqbal fixed a range string memory leak. + +- Gisle Vanem fixed the Windows builds. + +- Added the new FTPSSL defines in curl/curl.h + +Daniel (20 November) +- Josh Kapell filed bug report #845247 as he found an endless loop when + getting a 407 back from a proxy when no user+password was given. Added test + case 94 to verify the fix. + +Daniel (19 November) +- Kevin Roth fixed a progress-bar problem on Windows. + +- While working with Nicolas Croiset's bug report #843739, I noticed two minor + problems related to ftp partial downloads: if a partial transfer is + detected, we must close the connection as we cannot know in what state it is + anymore. This looks like a ProFTPD bug: + http://curl.haxx.se/mail/lib-2003-11/0079.html + +Daniel (17 November) +- Maciej W. Rozycki made the configure script use a cache variable for the + writable argv test. This way, the default can be overridden better (for + cross-compiles etc) + +Daniel (15 November) +- Mathias Axelsson found out libcurl sometimes freed the server certificate + twice, leading to crashes! + +Daniel (14 November) +- Siddhartha Prakash Jain found a case with a bad resolve that we didn't + properly bail out from, when using ares. + +Daniel (13 November) +- Default Content-Type for parts in multipart formposts has changed to + "application/octet-stream". This seems more appropriate, and I believe + mozilla and the likes do this. In the same area: .html files now get + text/html as Content-Type. (Pointed out in bug report #839806) + +- Gisle Vanem corrected the --progress-bar output by doing a flush of the + output, which apparently makes it look better on at least windows, but + possibly other platforms too. + +- Peter Sylvester identified a problem in the connect code, which made the + multi interface on a IPv6-enabled Solaris box do bad. Test case 504 to be + specific. I've spent some time to clean-up the Curl_connecthost() function + now to use less duplicated code for the two different sections: IPv6 and + IPv4. + +Daniel (11 November) +- Added CURLOPT_NETRC_FILE. Use this to tell libcurl which file to use instead + of trying to find a .netrc in the current user's home directory. The + existing .netrc file finder is somewhat naive and is far from perfect on + several platforms that aren't unix-style. If this option isn't set when + CURLOPT_NETRC is set, the previous approach will still be used. + + The current .netrc check code now also support longer than 256 bytes path + names. + +Daniel (10 November) +- Kang-Jin Lee pointed out that the generated ca-bundle.h file shouldn't be + written in the source dir if a different build dir is used. + +- After Sébastien Willemijns' bug report, we now check the separators properly + in the 229-reply servers respond on a EPSV command and bail out better if + the reply string is not RFC2428-compliant. + +Daniel (7 November) +- Based on Gisle Vanem's patch, I made curl try harder to get the home + directory of the current user, in order to find the default .curlrc file. + We're also considering moving out the HOME-dir code from libcurl, and + instead have the app pass in the path to the .netrc file (which is the only + logic left in libcurl that uses the HOME dir). Then curl can use the home + dir for that purpose too. + +- Ralph Mitchell's updated testcurl.sh to the script to take an existing + directory name and build/run/test curl in there instead of trying to update + from CVS. Using this approach, the script can now be used to test daily + tarballs etc. + +- Gisle Vanem added a "resource file" to the Windows DLL builds, to contain + information such as version number, library name, copyright info etc. + +Daniel (6 November) +- curl checks if the existing libcurl supports things like --ntlm, --negotiate + and --krb4 and returns error if not. + +- I added three new global defines in the curl/curl.h header: + LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. They + are the three numbers in the library's version number, separated for easier + usage. 'maketgz' was updated accordingly to generate these numbers properly + when building release-archives. + +- Uninitialized variable fix, reported by both Marty Kuhrt and Benjamin + Gerard. + +- Matt Veenstra provided build files to build libcurl as a "framework" under + Mac OS X. See the lib/libcurl.framework.make for details. + +- Removed the defines of TRUE and FALSE from the curl/curl.h header file. + They're not in our name space so we should not fiddle with them. + +Daniel (5 November) +- Replaced the man page to HTML converter program with a new one: roffit. + Makes nicer web pages. + +Daniel (4 November) +- Troels Walsted Hansen fixed the MSVC makefiles to let them build curl fine + on Windows. + +- Kevin Roth corrected the cygwin package generator and spell-fixed the + comment in the ca-bundle.h file. + +Version 7.10.8 (1 November 2003) + +Daniel (31 October) +- Assume that MDTM on an FTP server returns the timestamp using the UTC time + zone. This changes the time CURLINFO_FILETIME returns for a given file over + FTP, and will change existing uses of CURLOPT_TIMECONDITION. It will make + the functionality more similar to how the HTTP one is already working. + +- Command line options that take numerical parameters (such as -y, -Y, -C etc) + now report error and exit if the parameter isn't truly a number greater than + or equal to zero. This helps users to notice bad usage earlier. Before, when + a user forgot or missed to add a numerical parameter to an option, the + command line parser would simply "eat" the following option and it would + cause great confusion. + +Daniel (30 October) +- David Hull made libcurl deal with NOBODY and HEADER for file:// the same way + it already does for FTP: it provides HTTP-looking headers that provide info + only about the file, without doing the actual transfer. The curl tool then + lets --head do this. + +Daniel (29 October) +- runtests.pl now checks for and use valgrind if present. It will redirect the + valgrind results in log/valgrind[num] but it currently doesn't scan that + file for any errors or anything, that is still only made manually. + +- David Hull made the file: URL parser also accept the somewhat sloppy file + syntax: file:/path. I added test case 203 to verify this. + +Daniel (28 October) +- Dan C tracked down yet another weird behavior in the glibc gethostbyname_r() + function for some specific versions (reported on 2.2.5 and 2.1.1), and + provided a fix. On Linux machines with these glibc versions, non-IPv6 + builds of libcurl would often fail to resolve perfectly resolvable host + names. + +Daniel (26 October) +- James Bursa found out that curl_msnprintf() could write the trailing + zero-byte outside its given buffer size. This could happen if you generated + a very long error message as then libcurl would overwrite the ERRORBUFFER + with one byte. Using a non-existing very long local file:// name is one case + that could make this occur. + +Daniel (24 October) +- David Hull filed bug report #829827. It identified a problem with -C - if + the full file already was downloaded and thus the server responded with a + 416. libcurl would then wrongly use the Content-Length: header and expect + that size to get transfer, causing a "hang" until the server closed the + connection and then an error 18 ("still N bytes data left of the transfer"). + + Now we don't return any error at all, but I think libcurl should perhaps + return some kind of info since the requested range was out of the size of + the document. + +- Based on David Hull's fix in bug report #804599, we now check for solaris and + gcc in configure and set the -mimpure-text link flag for linking the lib + better. + +- I've introduced a -t option to the runtests.pl script. With that option set, + the script runs special "memory torture" tests. For each test command line + in that section, the script first runs the command line and counts the total + amount of allocations made. It then runs the exact same command line again, + forcing allocation number N to fail. It will try every N from 1 to the total + number of amounts made. For every invoke, it checks that no memory was + leaked as that would indicate a bad cleanup somewhere in the code. + + This is just beginning to work, and I've already made some corrections in + libcurl code. When this code works somewhat fine, I'll make sure 'make test' + in the root dir will run these tests as well. + +Daniel (23 October) +- Georg Horn fixed how the CA verification is made. Verifications can now be + made while at the same time the result of it can be ignored. This also + affects the curl tool as -k can now be used together with --cacert or + --capath. + +Daniel (22 October) +- Gisle Vanem found out --disable-eprt didn't work and patched it. + +- Test case 91 was modified and could now repeat the problem Kevin Roth has + reported, and the bug was fixed. + +- Dylan Ellicott added vc-libcurl-ssl-dll as a target to the root makefile + to build a static libcurl that links with a shared OpenSSL using MSVC. + +Daniel (21 October) +- Andrés García updated the mingw32 makefiles. + +Version 7.10.8-pre5 (21 October 2003) + +Daniel (19 October) +- Georg Horn made libcurl output more info on SSL failures when receiving + data. + +Version 7.10.8-pre4 (18 October 2003) + +Daniel (17 October) +- Dominick Meglio implemented CURLOPT_MAXFILESIZE and --max-filesize. + +- Made libcurl show verbose info about what auth type and user name that is + being sent in its HTTP request-headers. + +Daniel (16 October) +- Removed support for CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. libcurl + no longer prompt for passwords under any circumstances. Password prompting + was instead moved to curl, which now prompts for password if -u or -U lack + it. This solves the problem Kevin Roth reported when curl prompted for + password twice when doing NTLM authentication. + +- I rewrote the SSL subjectAltName check to avoid having to rely on OpenLDAP- + licensed derivate code. + +Daniel (15 October) +- Avoid doing getsockopt() on Windows to verify connects. It seems that this + hogs Windows machines when libcurl is being used multi-threaded (with > ~50 + threads). Andrew Fuller helped us verify and test this. + +Daniel (14 October) +- Kimmo Kinnunen fixed a crash with duphandle() when CURLDEBUG is set. + +- Gisle Vanem made libcurl build and work with IPv6 on Windows. + +Daniel (13 October) +- Giuseppe Attardi reported yet another segfault with ares and the multi + interface. Me fixed. + +- Domenico Andreoli removed the extra LDFLAGS assignment in lib/Makefile.am + that was reported about in the debian bug report #212086. + + Domenico also fixed two makefiles where we used 'gnroff' instead of the more + portable $(NROFF). + +Daniel (12 October) +- Dirk Manske made the share locking around DNS lookups slightly different to + allow the share system's DNS lookups to run somewhat more + independent/faster. + +Daniel (9 October) +- Lachlan O'Dea fixed a resume problem: "If I set CURLOPT_RESUME_FROM, perform + an HTTP download, then reset CURLOPT_RESUME_FROM to 0, the next download + still has a Range header with a garbage value." bug report #820502 + +- Dominick Meglio made the inet_pton.c file build fine using MSVC. + +- The 'sws' test suite web server now #include setup.h from the lib directory. + This makes it more portable easier. + +Version 7.10.8-pre3 (8 October 2003) + +Daniel (8 October) +- Frank Ticheler provided a patch that fixes how libcurl connects to multiple + addresses, if one of them fails (IPv4 code). + +Daniel (7 October) +- Neil Dunbar provided a patch that now makes libcurl check SSL + subjectAltNames when matching certs. This is apparently detailed in RFC2818 + as the right thing to do. I had to add configure checks for inet_pton() and + our own (strictly speaking, code from BIND written by Paul Vixie) provided + code for the function for platforms that miss it. + +- HTTP POST using the read callback didn't work, as Florian Schoppmann + reported. + +Daniel (5 October) +- Shared provided a few fixes to make libcurl build on BeOS + out-of-the-box. New code for BeOS-style non-blocking sockets, provided by + Shard and Jeremy Friesner. Modified the autoconf check for non-blocking + sockets to check for this kind too. + +Daniel (4 October) +- Vincent Bronner pointed out that if you set CURLOPT_COOKIE for a transfer + and then set it to NULL in a subsequent one, the previous cookie was still + sent off! + +- Jon Turner fixed a problem libcurl had when it failed on an FTP transfer due + to a bad path, it would cause the next transfer to use a bad path as well. + +- Siddhartha Prakash Jain provided a patch with a fix for libcurl with ares, + when working on IP-only names as we then could return "wait" status when the + name in fact already was resolved. I edited the patch slightly to not expose + asynch details to non-ares aware source code. + +Daniel (3 October) +- Neil Spring posted the debian bug report #213180, and pointed out that using + the name 'access' in a function prototype is not very wise as some compilers + complain. + +- Peter Sylvester provided his and Jean-Paul Merlin's curlx.c example source + code that shows how they use ssl and callbacks. + +Daniel (2 October) +- James MacMillan's patch makes curl build on QNX 6.2.x. + +Daniel (26 September) +- My daughter was born! + +Daniel (23 September) +- Added support for -4/--ipv4 and -6/--ipv6 to force names to resolve to that + particular IP version. They only work for IPv6-enabled libcurls. + +- curl -V now outputs 'SPNEGO' as a feature in case libcurl was built to + support that. + +Version 7.10.8-pre2 (22 September 2003) + +Daniel (22 September) +- Giuseppe Attardi found a segfault in libcurl when using the multi interface + with ares and doing repeated operations against a non-resolving host name. + +Daniel (19 September) +- Added the CURLOPT_IPRESOLVE option, that allows an application to select + what kind of IP addresses he wants to use when resolving host names. This + is only interesting when using host names that resolve addresses using more + than one version of IP. + +- Applied Markus Moeller's patch that introduces SPNEGO support if libcurl + is built with the FBopenssl libraries. curl_version_info() now returns + info on SPNEGO availability. The patch also made the GSSAPI stuff work fine + with the MIT GSS-library (the Heimdal one still works too). + +Daniel (16 September) +- Doing PUT with --digest failed, as reported in bug report #805853. + +- Using --anyauth that picked NTLM, and then a redirect closed the connection + and took curl to a second NTLM page made curl fail. Bug report #806328 + identified the problem, test case 90 was added to verify the fix. + +Daniel (14 September) +- codemastr brought a patch for ares to make the Windows portions of it work + properly on NT4. I uploaded a new diff and updated the docs on where to get + it etc. + +- Jeff Pohlmeyer tracked down a very hard-to-find bug where we removed a + cached DNS entry even though it may be in use, which caused "random" memory + to get overwritten and thus "random" crashes. + +Daniel (12 September) +- Based on a bug report by David Kimdon, I made the runtests.pl script clear + all possible proxy environment variables before the tests are run. + +- By default, easy handles within a multi handle now share DNS cache. + +- Tim Bartley brought a patch that makes the GSSNEGOTIATE option work for + Microsoft's "Negotiate" authentication as well. + +Daniel (11 September) +- A zero-length proxy string confused FTP transfers. + +- Bjorn Reese found a case with an uninitialized pointer, only present when + built for ares. + +Version 7.10.8-pre1 (8 September 2003) + +Daniel (7 September) +- Jurij Smakov found out that the non-OpenSSL MD5 code was not working on + Alpha (or ia64). Only the OpenSSL-version did. I made a fix I think corrects + the problem. + +Daniel (5 September) +- Kevin Fisk reported that configure --enable-thread didn't work. I fixed. + +- De-macrofied the lib/hash.c source code somewhat. + +Daniel (4 September) +- CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL added, Based on Joerg + Mueller-Tolk's patch, + +Early (4 September) +- Added CURLOPT_FTP_RESPONSE_TIMEOUT - allows user to set strict timeout + requirements on the FTP server's ability to respond to individual commands + without placing global requirements on transfer or connect time. Files + affected: + - include/curl/curl.h + Added option CURLOPT_FTP_RESPONSE_TIMEOUT + - lib/ftp.c + Added branch inside Curl_GetFTPResponse to check for + data->set.ftp_response_timeout + - lib/url.c + Modified Curl_setopt to recognize CURLOPT_FTP_RESPONSE_TIMEOUT + - lib/urldata.h + Added ftp_response_timeout to struct UserDefined + +Daniel (3 September) +- Peter Pentchev found and fixed two problems in the test suite's web server + code, that made it segfault at times. + +- Jörg Mueller-Tolk improved the proxy user+password handling, especially + when providing a blank password. + +Daniel (2 September) +- Fix for making CONNECT to proxies do the correct magic to allow NTLM, Digest + and similar to work. + +Daniel (1 September) +- Henrik Storner made libcurl work fine with OpenLDAP 2.1.22 (current). + +- Jeff Pohlmeyer added a proper error message for non-resolving hosts when + using ares for lookups. + +Daniel (25 August) +- John McGowan reported that curl -k still failed if the HTTPS server's CN + field wasn't obtainable. This was due to the CURLOPT_SSL_VERIFYHOST being + set to 1, and libcurl failed if the CN was missing. Starting now, having it + set to 1 will simply output a warning if no CN could be obtained (as having + a mismatch is OK). + +Daniel (21 August) +- Vincent Sanders provided a fix for name resolving when linked with uClibc. + +Daniel (20 August) +- Gerd v. Egidy provided a patch that makes libcurl store the FTP response + code from ftp servers. Using curl_easy_getinfo() with CURLINFO_HTTP_CODE + returns that data. The option is therefore now also known as + CURLINFO_RESPONSE_CODE. + +- Antoine Calando found a segfault when doing multi-part/formpost using + the multi interface. + +- Antoine Calando pointed out that curl_multi_info_read() didn't set the + msgs_in_queue to 0 properly when returning NULL. + +Daniel (19 August) +- I made curl support multiple -T options, as well as -T "{file1,file2}" + style globbing. One -T for each URL is supported. + +- Jeff Pohlmeyer found a segfault when using ares-enabled libcurl and the + multi interface when trying a non-existing host name. + +- Made the libcurl printf code support long longs if available. + +- Loren Kirkby pointed out that we did not clean up all SSL-allocated memory + in curl_global_cleanup(). + +Daniel (17 August) +- Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL will now make + them get the internal defaults restored. Previously this could cause a + segfault. We should aim at having all pointer-related options get restored + to default/safe values when set to NULL. + +Version 7.10.7 (15 August 2003) + +Daniel (14 August) +- I modified the memdebug system to return failure on memory allocation + functions after a set amount of successful ones. This enables us to test + out-of-memory situations in a controlled manner and we can make sure that + curl/libcurl behaves good in those. + + This made me find and fix several spots where we did not cleanup properly + when bailing out due to errors (low memory). + +- Corrected test case 74. Made using -o with bad #[num] codes complain and + bail out. Made #[num] support numbers larger than 9 as well. Added test + case 86 for a proper range globbing test as well. + +Version 7.10.7-pre4 (12 August 2003) + +Daniel (12 August) +- curl_version_info() now returns a flag if libcurl was built with asynch DNS + support, and this is now also displayed with 'curl -V'. + +- Added a few new man pages to the docs/libcurl dir: curl_share_init, + curl_share_setopt, curl_share_cleanup, libcurl-easy and libcurl-share. + +Daniel (11 August) +- Mike Cherepov made the local binding code work for Windows, which makes + the option CURLOPT_INTERFACE work on Windows as well. + +- Vincent Sanders updated the fopen.c example code a lot. + +- --proxy-ntlm is now supported by the curl tool. It forces the proxy + authentication to be made using NTLM. It does not yet work for HTTPS over + proxies (or other proxy-tunneling options). Test case 81 and 82 do some + simple initial ntlm testing. + +- Found and fixed a minor memory leak on re-used connections with + proxy-authentication. + +- I removed -@ and -Z as valid short options. They were very rarely used (@ + wasn't even documented). + +- Serge Semashko introduced CURLOPT_PROXYAUTH, and make it work when set to + CURLAUTH_NTLM and/or CURLAUTH_BASIC. The PROXAUTH is similar to HTTPAUTH, + but is for the proxy connection only, and HTTPAUTH is for the remote host. + +- Fixed loading of cookies with blank contents from a cookie jar. Also made the + cookie functions inform on added and skipped cookies (for cookie debugging). + +Version 7.10.7-pre3 (8 August 2003) + +Daniel (8 August) +- Applied David Byron's fix for file:// URLs with drive letters included. + +- I added the --ftp-create-dirs to the client code, which activates Early's + CURLOPT_FTP_CREATE_MISSING_DIRS option, and wrote test case 147 to verify + it. Added the option to the curl.1 man page too. Added the option to the + curl_easy_setopt.3 man page too. + +Daniel (7 August) +- Test case 60 failed on ia64 and AMD Opteron. Fixed now. + +- Fixed a printf problem that resulted in urlglobbing bugs (bug #203827 in the + debian bug tracker). Added test case 74 to verify the fix and to discover if + this breaks in the future. + +- "make distcheck" works again. + +Version 7.10.7-pre2 (6 August 2003) + +Daniel (5 August) +- Duncan Wilcox helped me verify that the latest incarnation of my ares patch + builds fine on Mac OS X (see the new lib/README.ares) file for all details. + +- Salvatore Sorrentino filed bug report #783116 and Early Ehlinger posted a + bug report to the libcurl list, both identifying a problem with FTP + persistent connections and how the dir hierarchy was not properly reset + between files. + +- David Byron's thoughts on a fixed Makefile in tests/ were applied. + +- Jan Sundin reported a case where curl ignored a cookie that browsers don't, + which turned up to be due to the number of dots in the 'domain'. I've now + made curl follow the the original netscape cookie spec less strict on that + part. + +Daniel (4 August) +- Dirk Manske added cookie support for the experimental, hidden and still + undocumented share feature! + +- Mark Fletcher provided an excellent bug report that identified a problem + with FOLLOWLOCATION and chunked transfer-encoding, as libcurl would not + properly ignore the body contents of 3XX response that included the + Location: header. + +Early (6 August) +- Added option CURLOPT_FTP_CREATE_MISSING_DIRS + This option will force the target file's path to be created if it + does not already exist on the remote system. + + Files affected: + - include/curl/curl.h + Added option CURLOPT_FTP_CREATE_MISSING_DIRS + - lib/ftp.c + Added function ftp_mkd, which issues a MKD command + Added function ftp_force_cwd, which attempts a CWD, + and does a MKD and retries the CWD if the original CWD + fails + Modified ftp_perform() to call its change directory function + through a pointer. The pointer points to ftp_cwd by default, + and is modified to point to ftp_force_cwd IFF + data->set.ftp_create_missing_dirs is not 0. + - lib/url.c + Modified Curl_setopt to recognize CURLOPT_FTP_CREATE_MISSING_DIRS + - lib/urldata.h + Added ftp_create_missing_dirs to struct UserDefined + +- Minor Bugfix for CURLOPT_TIMECONDITION with FTP - if the file was not + present to do the time comparison, it would fail. + Files affected: + - lib/ftp.c + In ftp_perform(), the call to ftp_getfiletime() used to be followed + by + if (result) + return result; + And then by the code that actually did the time comparison. + The code that did the comparison handled the case where the filetime + was not available (as indicated by info.filetime < 0 or set.timevalue + < 0), so I replaced the if (result) return result with a switch(result) + that allows CURLE_FTP_COULDNT_RETR_FILE to fall through to the + normal time comparison. + +Daniel (3 August) +- When proxy authentication is used in a CONNECT request (as used for all SSL + connects and otherwise enforced tunnel-thru-proxy requests), the same + authentication header is also wrongly sent to the remote host. + + This is a rather significant info leak. I've fixed it now and mailed a patch + and warning to the mailing lists. + +Daniel (1 August) +- David Byron provided a patch to make 7.10.6 build correctly with the + compressed hugehelp.c source file. + +Version 7.10.7-pre1 (31 July 2003) + +Daniel (30 July) +- Jörg Müller-Tolk updated the VC makefile. + +- Daniel Noguerol made the ftp code output "Accept-Ranges: bytes" in similar + style like other faked HTTP headers when NOBODY and HEADER are used. I + updated two corresponding test cases too. + +- Marty Kuhrt pointed out a compilation problem on VMS due to my having + changed a type from long to time_t, and I'm now changing it back to work + more portably... + + He also indicated that distributing the src/hugehelp.c in a compressed state + like I accidentally did may not be the smartest move... I've now fixed the + distribute procedure to automatically generate an uncompressed version when I + make release archives. + +Daniel (29 July) +- Gisle Vanem brought changes to the mkhelp script for the generation of the + compressed help text on some platforms. + +Version 7.10.6 (28 July 2003) + +Daniel (28 July) +- François Pons brought a patch that once again made curl deal with ftp and + "double slash" as indicating the root directory. In the RFC1738-fix of April + 30, that ability was removed (since it is not the "right" way). So, starting + now we can list the root dir of an ftp server both these ways: + + curl ftp://server.com/%2f as well as + curl ftp://server.com// + +Daniel (24 July) +- Henry Bland pointed out that we included sys/resource.h without good reason + in several source files. Without it included, QNX builds better... + +- Andrés García updated the mingw makefiles. + +Daniel (23 July) +- Tracy Boehrer experienced DNS cache problems and did some nice debugging + and tracking which made it easy for me to correct the problem and Tracy + could verify that it did cure the problem! When re-using a connection we + now make sure we don't re-use the 'connect_addr' struct. + +- Daniel Kouril corrected the GSS-Negotiate code. + +- Juan F. Codagnone provided fixes to allow curl to build fine on Windows + again. + +Daniel (22 July) +- Edited the curl/curl.h include file to build on Windows properly. + +Daniel (21 July) +- Moved the proxy credentials from the SessionHandle struct to the connectdata + struct, to make multiple proxy connections with differerent user names work. + +- Adjusted the NTLM code to support proxy functionality. + +- Made the krb4 stuff compile with the user+password fields moved. + +Version 7.10.6-pre4 (21 July 2003) + +Daniel (20 July) +- David Gardner pointed out in bug report 770755 that using the FTP command + CWD with a blank argument is a bad idea and I made libcurl skip empty path + segments starting now. + +Daniel (18 July) +- Cris pointed out that my fix on July 16th didn't work fully. His pointing + out this (and his patch) also made me realize that we have a very similar + bug in the FTP connection re-use code. We must store a separate user and + password field for each connection we keep (at least for FTP and HTTP+NTLM + connections, so I made us do this unconditionally). + +- Since NTLM authenticates connections instead of single requests, I had to + re-arrange how we store the NTLM data and I had to improve the test suite to + finally work properly with persistency to make the NTLM tests run fine + again. This also forced me to have to update lots of HTTP test cases. + +Daniel (16 July) +- Cris Bailiff's bug report 768275 pointed out that using Basic auth with + wrong user+password caused an endless loop. Fixed now. He also found out that + we didn't properly authenticate connections with NTLM. Fixed too. + +- Dan Winship provided fixes for the NTLM code. + +Daniel (5 July) +- Doug Kaufman provided additional fixes for the DOS port. + +Daniel (4 July) +- Rick Richardson pointed out that using setvbuf() to achieve non-buffering + on output is no-good for SCO Xenix and other unixes. We switched over to + using plain fflush() instead. + +- Dan Grayson pointed out that we set the CURL_CA_BUNDLE variable wrongly in + the configure script, and I had to change some build stuff to make the new + way work. + +- Peter Sylvester's patch was applied that introduces the following: + + CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the + OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If + anything but CURLE_OK is returned, that will also be returned by libcurl + all the way back. If this function changes the CURLOPT_URL, libcurl will + detect this and instead go use the new URL. + + CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set + with CURLOPT_SSL_CTX_FUNCTION. + +Daniel (1 July) +- David Byron provided a patch that allows a client to quit the test suite's + HTTP server. + +- Gisle Vanem found and patched a lib handle leak in the ldap code. + +Daniel (25 June) +- More NTLM-improvements. Less code. Smaller packets back and forth. + +Daniel (23 June) +- Eric Glass provided us with a better doc on NTLM details, and I added more + comments and clarified the current code more. Using the new knowledge, we + should be able to make the NTLM stuff work even better. + Eric's original URL: http://davenport.sourceforge.net/ntlm.html + Version stored and provided at curl site: http://curl.haxx.se/rfc/ntlm.html + +- Fixed the minor compile problems pre3 had if built without GSSAPI and/or + SSL. + +Version 7.10.6-pre3 (19 June 2003) + +Daniel (19 June) +- Made curl use curl_free() on memory returned by curl_getenv(), as this + should theoreticly make it possibly to build and run curl and libcurl with + different memory allocation schemes with no problems. + +Daniel (18 June) +- Improved the mkhelp.pl a bit further to make a nicer hugehelp text and to + include a better comment in the top for the gzip compressed version. + +Daniel (17 June) +- CURLOPT_HTTPAUTH is now a bitmask, in which you set which authentication + type(s) you want to use. If more than one is set, libcurl will use one of + the selected one and the one it considers is more secure. Test case 67 and + 68 (for NTLM) were fixed and we've reduced a round-trip for specific --ntlm + fetches, and test case 69 and 70 were added for testing authentication + "picking". --anyauth is the new command line tool option, and I also added + --basic for completeness (that's the default type). + +- Fixed the runtests.pl script to use the info provided by the new curl -V + output. + +- --enable-debug now sets the CURLDEBUG define instead of MALLOCDEBUG, as it + is meant to be a generic debug conditional. + +- curl_version_info() can now return CURL_VERSION_DEBUG as a feature bit, to + indicate that the library was built with CURLDEBUG set. + +- Ralph Mitchell found out that some web applications very badly uses white + spaces in Location: redirects, and apparently IE is a browser (the only + one?) that supports this abomination. Based on Ralph's patch, I added code + that now attempts to replace white spaces with the proper "%20" or "+". + Test case 40 and 42 were added to verify my changes. + +- curl -V now also outputs a list of features the available library offers (if + any). + +- The curl_version() string now includes "GSS" if libcurl is built with GSSAPI + support. + +- David Orrell reported that libcurl still crashed when sending HUGE requests + over HTTPS... I fixed. + +Version 7.10.6-pre2 (16 June 2003) + +Daniel (16 June) +- curl_version_info() now returns bitmasked information weather NTLM and + GSSNEGOTIATE are supported, since it is doomed to vary on different + installations. + +- I remade the HTTP Digest code to use the MD5-code provided by OpenSSL if + that is present, and only use our own MD5-code if it isn't. + +Daniel (13 June) +- More NTLM help, fixes and patches from Cris Bailiff. + +- Marty Kuhrt brought include fixes for making VMS builds warning-free. + +Daniel (12 June) +- NTLM authentication works somewhat against the test servers provided by + Mathias Axelsson and Cris Bailiff. Use by setting CURLOPT_HTTPAUTH to + CURLAUTH_NTLM to libcurl, or --ntlm for the curl tool. Test case 67 and 68 + were added for this. NTLM-support requires OpenSSL. + +- Dan Fandrich provided a patch, that granted that gzip and libz are available + at build-time, compresses the hugehelp text in the curl command line and + uncompresses it at request. Saves some ~60K in the final output executable. + +Daniel (11 June) +- Long day of fighting the NTLM demons. + +Daniel (10 June) +- Modified how to set auth type to libcurl. Now use CURLOPT_HTTPAUTH instead, + and pick method. Supported ones currently are: + CURLAUTH_BASIC - default selection + CURLAUTH_DIGEST - formerly CURLOPT_HTTPDIGEST + CURLAUTH_GSSNEGOTIATE + +- Daniel Kouril added HTTP GSS-Negotiate authentication support, as defined in + the IETF draft draft-brezak-spnego-http-04.txt. In use already by various + Microsoft web applications. --negotiate is the new family member. To take + advantage of this, you need one of these packages: + + o Heimdal Kerberos5 http://www.pdc.kth.se/heimdal/heimdal.html + o GSSAPI from Globus http://www.globus.org/ + o GSSAPI libraries from MIT Kerberos5 http://web.mit.edu/kerberos/www/ + +- A missing ending bracket (']') while doing URL globbing could lead to a + segfault. While fixing this, I also introduced better error reporting in the + globbing code. (All this is application code outside libcurl.) + +Daniel (6 June) +- David Orrell found out that sending a huge GET request over HTTPS could + make libcurl fail and return an error code. + +Daniel (2 June) +- Richard Bramante found out that "Content-Length: 0" was not properly used by + libcurl if the response-headers indicated that the connection would be + closed. + +- David Byron's patch was applied, that makes the --progress-bar take the + local size into account when doing resumed downloads. + +- Feedback from Serge Semashko made me change the error message returned when + CURLE_HTTP_RETURNED_ERROR is returned. + +- Anonymous in bug report #745122 pointed out that we should really be using + SSL_CTX_set_options(... SSL_OP_ALL) to work around flaws in existing SSL + implementations. + +Daniel (27 May) +- Andreas Ley and Rich Gray helped me point out that no version of HP-UX has + the sys/select.h header file so including it unconditionally in curl/multi.h + is not a good thing. Now we check for HPUX and avoid using that header on + such systems. + +- Rudy Koento experienced problems with curl's recent habit of POSTing data in + two separate send() calls, first the headers and then the data. I've now + made a fix that for static and known content that is less than 100K in size, + everything is now sent in one single system call again. This is also better + for network performance reasons. + +- I modified the main makefile to not build the test suite and a few other + unnecessary things by default. Now, the test suite is built when 'make test' + is run. This reduces build time for those who don't care for the test + suite, and it also reduces confusion for people using platforms where the + test suite build fails! + +Daniel (26 May) +- Chris Lewis pointed out a flaw in the #ifdefs in curl/multi.h for Windows, + which is now corrected. + +- Jis Joy found another flaw in the SOCK5 code, as libcurl treated the socks5 + proxy a little too much like as if it was a http proxy. + +Daniel (23 May) +- Ricardo Cadime found a socket leak when listing directories without + contents. Test cases 144 and 145 were added to verify the fix. + +- Rudy Koento found yet another problem when a HTTP server returns only a + single-line of contents without any headers at all. libcurl then failed to + count the data, thus returning error 52 "no contents". Test case 66 was + added to verify that we now do right. + +Version 7.10.6-pre1 (23 May 2003) + +Daniel (23 May) +- Jis in bug report #741841, fixed a bug in the SOCKS5 proxy-using code. + +Daniel (22 May) +- David Remahl set up a test-server for me providing Digest authentication, + and I wrote the first working code that support it. The test suite was + modified slightly as well to work better for it and --digest was added to + the command line options (and CURLOPT_HTTPDIGEST to the library)... RFC2617 + has all the gory details. + +Daniel (21 May) +- David Balazic pointed out that curl_unescape() didn't check that %-codes + were correctly followed by two hexadecimal digits when it unescape strings. + Now, we do the check and only %XX codes are unescaped if the X letters are + hexadecimals. + +- Gisle Vanem made curl build with djgpp on DOS. + +- Gisle Vanem improved the mkhelp.pl script to make a nicer manual that is + shown with curl -M. + +Daniel (20 May) +- Gisle Vanem provided a fix that makes libcurl more conservative, not + expecting h_aliases of the hostent struct to always be non-NULL. + +Daniel (19 May) +- As requested by Martin Michlmayr in Debian bug report #193630, libcurl now + supports user name and password in the proxy environment variables. Added + test case 63 to verify this. + +Version 7.10.5 (19 May 2003) + +Daniel (15 May) +- Changed the order for the in_addr_t testing, as 'unsigned long' seems to be + a very common type inet_addr() returns. + +Daniel (14 May) +- George Comninos provided a fix that calls the progress meter when waiting + for FTP command responses take >1 second. It'll make applications more + "responsive" even when dealing with very slow ftp servers. + +Daniel (12 May) +- George Comninos pointed out that libcurl uploads had two quirks: + o when using FTP PORT command, it used blocking sockets! + o it could loop a long time without doing progress meter updates + Both items are fixed now. + +Daniel (9 May) +- Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if + set to "". This frees the application from having to know which encodings + the library supports. + +- Dan Fandrich pointed out we had three unnecessary files in CVS that is + generated with libtoolize, so they're now removed and libtoolize is invoked + accordingly in the buildconf script. + +- Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the + given name is a network interface gave a real performance penalty on Linux, + so now we more appropriately first check if it is an IP number and if so + we don't check for a network interface with that name. + +- CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts + to use EPRT and LPRT before the traditional PORT command. The command line + tool sets this option with '--disable-eprt'. + +Version 7.10.5-pre2 (6 May 2003) + +Daniel (6 May) +- Kevin Delafield reported another case where we didn't correctly check for + EAGAIN but only EWOULDBLOCK, which caused badness on HPUX. + +Daniel (4 May) +- Ben Greear noticed that the check for 'writable argv' exited the configure + script when run for cross-compiling, which wasn't nice. Now it'll default to + no and output a warning about the fact that it was not checked for. + +Daniel (2 May) +- Added test case 62 and fixed some more on the cookie sending with a custom + Host: header set. + +Daniel (1 May) +- Andy Cedilnik fixed a few compiler warnings. + +- Made the "SSL read error: 5" error message more verbose, by adding code that + queries the OpenSSL library to fill in the error buffer. + +Daniel (30 Apr) +- Added sys/select.h include in the curl/multi.h file, after having been + reminded about this by Rich Gray. + +- I made each test set its own server requirements, thus abandoning the + previous system where the test number implied what server(s) to use for a + specific test. + +- David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so + that libcurl now uses one CWD command for each path part. A bunch of test + cases were fixed to work accordingly. + +- Cookie fixes: + + A. Save domains in jars like Mozilla does. It means all domains set in + Set-Cookie: headers are dot-prefixed. + B. Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars + (the second column). + C. Reject cookies using illegal domains in the Set-Cookie: line. Concerns + both domains with too few dots or domains that are outside the currently + operating server host's domain. + D. Set the path part by default to the one used in the request, if none was + set in the Set-Cookie line. + + To make item C really good, I also made libcurl notice custom Host: headers + and extract the host name set in there and use that as the host name for the + site we're getting the cookies from. This allows user to specify a site's + IP-address, but still be able to receive and send its cookies properly if + you provide a valid Host: name for the site. + +Daniel (29 Apr) +- Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine + when using the multi interface (too). + +Version 7.10.5-pre1 (23 Apr 2003) + +Daniel (23 Apr) +- Upgraded to libtool 1.5. + +Daniel (22 Apr) +- Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly) + return CURLE_OK no matter what happens. + +- Dan Fandrich fixed some gzip decompression bugs and flaws. + +Daniel (16 Apr) +- Fixed minor typo in man page, reported in the Debian bug tracker. + +Daniel (15 Apr) +- Fixed some FTP tests in the test suite that failed on my Solaris host, due + to the config.h not being included before the system headers. When done that + way, it did get a mixed sense of if big files are supported or not and then + stat() and fstat() (as used in test case 505) got confused and failed to + return a proper file size. + +- Formposting a file using a .html suffix is now properly set to Content-Type: text/html. + +Daniel (14 Apr) +- Fixed the SSL error handling to return proper SSL error messages again, they + broke in 7.10.4. I also attempt to track down CA cert problems and then + return the CURLE_SSL_CACERT error code. + +- The curl tool now intercepts the CURLE_SSL_CACERT error code and displays + a fairly big and explanatory error message. Kevin Roth helped me out with + the wording. + +Daniel (11 Apr) +- Nic Hines provided a second patch for gzip decompression, and fixed a bug + when deflate or gzip contents were downloaded using chunked encoding. + +- Dan Fandrich made libcurl support automatic decompression of gzip contents + (as an addition to the previous deflate support). + +- I made the CWD command during FTP session consider all 2xy codes to be OK + responses. + +Daniel (10 Apr) +- Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash + after the host name, but still had "?" and parameters appended, as in + "http://hostname.com?foobar=moo", were not properly parsed by libcurl. + +Daniel (9 Apr) +- Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as + for HTTP. This then made -z work for ftp transfers too. Added test case 139 + and 140 for verifying this. + +- Getting the file date of an ftp file used the wrong time zone when + displayed. It is supposedly always GMT. Added test case 141 for this. + +- Made the test suite's FTP server support MDTM. + +- The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs + CURLINFO_HEADER_IN data as well. The most notable effect from this is that + using curl -v, you get to see the incoming "headers" as well. This is + perhaps most useful when doing ftp. + +Daniel (8 Apr) +- James Bursa fixed a flaw in the Content-Type extraction code, which missed + the first letter if no space followed the colon. + +- Magnus Nilsson pointed out that share.c was missing in the MSVC project + file. + +Daniel (6 Apr) +- Ryan Weaver provided a patch that makes the CA cert bundle not get installed + anymore when 'configure --without-ssl' has been used. + +Daniel (4 Apr) +- Martijn Broenland found another cases where a server application didn't + like the boundary string used by curl when doing a multi-part/formpost. We + modified the boundary string to look like the one IE uses, as this is + probably gonna make curl work with more applications. + +Daniel (3 Apr) +- Kevin Roth reported that a bunch of tests fails on cygwin. One set fails + when using perl 5.8 (and they run fine with perl 5.6), and another set + failed because of an artifact in the test suite's FTP server that I + corrected. It turned out the FTP server code was still having a file opened + while the main test script removed it and invoked the HTTP server that + attempted to create the same file name of the file the FTP server kept open. + This operation works fine on unix, but not on cygwin. + +Version 7.10.4 (2 Apr 2003) + +Daniel (1 Apr) +- Added test case 505 to exercise FTP upload with rename done with libcurl, + and for that I had to extend the test suite's FTP server to deal with the + RNFR and RNTO commands. + +Daniel (31 Mar) +- Even more SSL config check modifications after Richard's testing. + +Version 7.10.4-pre6 (31 Mar 2003) + +Daniel (31 Mar) +- More fixes for the SSL session ID cache checks when SSL configs are changed + between connections. Based on tests and talks with Richard Bramante. + +- Guillaume Cottenceau provided a patch that added CURLOPT_UNRESTRICTED_AUTH. + When enabled, it will prevent libcurl from limiting to which host it sends + user+password to when following locations. By default, libcurl only sends + name and password to the original host used in the first URL, but with this + option set it will send the auth info to all hosts it follows location + headers to. The new tool command line option for this is named + "--location-trusted". + +- Frankie Fong reported a problem with libcurl if you re-used an easy handle + with a proxy, and you first made a https:// connection to a host and then + switched to a http:// one to the same host. libcurl would then wrongly re-use + the same connection for it and fail to get the second URL properly + +Daniel (29 Mar) +- Dan Shearer's fix that makes curl complain if invoked with nothing but "curl + -O" was applied. + +Daniel (26 Mar) +- Bryan Kemp was friendly enough to lend me an account on his Redhat 9 box and + I could fix the configure problems on redhat 8.1 and 9 in no time thanks to + this. Thanks a bunch Bryan! + +Daniel (25 Mar) +- Renamed configure.in to configure.ac + +Version 7.10.4-pre5 (25 Mar 2003) + +Daniel (25 Mar) +- Richard Bramante provided a fix for a handle re-use problem seen when you + change options on an SSL-enabled connection between requests. Previously, + changing peer verification or host verification and similar things was not + taken into account when a connection were checked for re-use and thus + enabling stricter check between requests on a re-used connection made no + difference and the connection would thus be used erroneously. + +Daniel (24 Mar) +- Götz Babin-Ebell pointed out that the ca-bundle.crt file contained a + certificate from Trustcenter that was a demo certificate only that was never + intended to be part of a CA bundle. + +Daniel (21 Mar) +- Life is a mystery. Within a time period of 17 hours, Tim Pope and Michael + Churchill filed one bug report each, both identifying problems with a second + transfer when doing persistent transfers re-using a connection. Tim's one is + #706624, labeled "Multiple uploads per handle fail" and Michael's #707003 + "Does not send Authorization: header when reusing connection". I could track + both down to the same piece of logic and it turned out libcurl was not using + new settings properly when re-using an existing connection. This concerned + both uploading and downloading and involved exactly those pieces these two + reports identified. This code has been this faulty since the day I + introduced persistent connection support in libcurl, more than 2 years ago. + +Daniel (20 Mar 2003) +- Five year anniversary. Today five years ago, the first ever curl release saw + the light of day. + +Daniel (17 Mar) +- Andy Cedilnik corrected flaws in some libcurl example-usage sources. + +Daniel (16 Mar) +- Juan F. Codagnone reported that the fix from March 2nd was incomplete. + +- Added code to the configure.in to check for select() argument types. I've + not made any code use the results just yet though. + +Daniel (15 Mar) +- Gisle Vanem provided two patches to build better on Windows. + +- Adjusted the test suite code to better make sure that the server(s) required + for a specific test is properly started before the test case is attempted. + Many tests now run a lot faster than before. + +Daniel (14 Mar) +- Another configure.in adjustment made the configure detect functions properly + on HPUX now. + +Daniel (13 Mar) +- Philippe Raoult fixed pre4-compile quirks for FreeBSD. + +Version 7.10.4-pre4 (13 Mar 2003) + +Daniel (13 Mar) +- Added a backup-check for functions that aren't found by AC_CHECK_FUNCS() + as I believe some checks on HPUX need this. At least some of the info given + to us by Rick Jones seemed to indicate this. + +Daniel (12 Mar) +- Thomas Tonino found out that if you used the curl tool to do PUT operations + as in 'curl www.foo.com/dir/ -T file' and the file name included for example + space or other characters that don't belong in URLs, curl did not properly + URL encode them before using them in the URL. + +- Added an option to configure called --enable-libgcc that simply adds -lgcc + to the LIBS variable, as this seems to be a common problem. + +- I modified the configure.in file, so that the headers are now checked in an + order of "viality". We must also make sure to use the "default headers" + parameter to AC_CHECK_HEADERS() so that headers are checked with the proper + prerequisites included (i.e all the major and generally important header + files are included there by default). This might be what we need for various + Sun, HP, AIX and Tru64 systems to behave good again on the header check + front. + +- Rick Jones pointed out a few compiler warnings on HP-UX that I addressed. + +- I made the configure --help output nicer by using AC_HELP_STRING() a lot + more. + +Daniel (11 Mar) +- Christophe Demory fixed the socket sending code to work better on HP-UX + when sending data to a socket that would block. It then returns EAGAIN, not + EWOULDBLOCK. + +- Richard Gorton improved the seeding function for systems without a good + and reliable random source. + +- Richard Gorton fixed a few warnings that popped up when you built curl + using the Sun compiler on a 64bit SPARC platform. + +- Martin C. Martin fixed a case where a connect failure using the multi + interface didn't produce a human readable error string. + +Daniel (10 Mar) +- Reverted ltmain.sh back to libtool 1.4.2 status again, as the 1.4.3 version + broke the build on numerous platforms. It seems that libtool 1.4.3 puts some + requirements on what versions of the other tools (autoconf + automake) that + I am not familiar with and thus I couldn't fulfill at this point. + + Yes, this is more than mildly frustrating. + +Daniel (7 Mar) +- Run libtoolize version 1.4.3. + +Version 7.10.4-pre3 (4 Mar 2003) + +Daniel (3 Mar) +- Added share.obj to the VC6 and Borland libcurl makefiles. + +- Troels Walsted Hansen found and investigated a problem with libcurl on AIX, + presumably only on 4.3 or later. gethostbyname_r() is not returning data + that is possible to "keep" and cache the way libcurl does. But instead these + versions of AIX uses a gethostbyname() that works thread-safely we can + instead use the ordinary gethostbyname() and our pack_hostent() approach to + achieve what we want. The configure script now attempts to detect AIX 4.3 or + later to adjust for this. + +Daniel (2 Mar) +- Juan F. Codagnone found a problem introduced in 7.10.3 when you first did a + POST and then back to a GET using the same easy handle. + +Daniel (28 Feb) +- Removed the strequal and strnequal defines from curl/curl.h header. They + were never meant for the public header anyway. Philippe Raoult brought it + up. + +- James Bursa fixed the RISC OS build. + +Daniel (27 Feb) +- Avery Fay pointed out the very misleading curl_multi_info_read man page, and + I updated it to become more accurate. + +- Salvatore Sorrentino found a problem with FTP downloading that turned out to + be his FTP server returning size zero (0 bytes) when SIZE was used on a file + while being in BINARY mode. We now make a second check for the actual size + by scanning the RETR reply anyway, even if the SIZE command returned 0. + +Daniel (26 Feb) +- Kyle Sallee reported a case where he would do a transfer that didn't update + the progress meter properly. It turned out to be a case where libcurl would + loop a little too eagerly in the transfer loop, which isn't really good for + the APIs, especially not the multi API. + +Version 7.10.4-pre2 (24 Feb 2003) + +Daniel (24 Feb) +- Kjetil Jacobsen found out that setting CURLOPT_MAXCONNECTS to a value higher + than 5 could cause a segfault. + +- I believe I fixed the 'Expect: 100-continue' behavior that has been broken + for a while (I think since my change dated Dec 10 2002). When this header is + used, libcurl should wait for a HTTP 100 (or timeout) before sending the + post/put data. + +Daniel (14 Feb) +- Matthew Clarke provided some info what to modify to make curl build + flawlessly on AIX 3.2.5. + +- Martin C. Martin found and fixed a problem in the multi interface when + running on Windows and trying to connect to a port without a listener. + +Daniel (13 Feb) +- Christopher R. Palmer fixed Curl_base64_encode() to deal with zeroes in the + data to encode. + +Daniel (4 Feb) +- Jean-Philippe added the first code that enables the 'share' system. This + should now enable sharing of DNS data between two curl easy handles. + +- Incorporated Nico Baggus' fixes to again compile flawlessly on VMS. + +- James Bursa corrected a bad comment in the public include file curl/multi.h + +- Peter Forret reported one of those error:00000000 cases in libcurl again + when connecting to a HTTPS site, and this time I did discover some oddities + in how curl reports SSL errors back. It could miss showing the actual error. + +Version 7.10.4-pre1 (3 Feb 2003) + +Daniel (3 Feb) +- Removed things in the docs saying capath doesn't work on Windows, as Julian + Noble told us it works fine. + +Daniel (31 Jan) +- Kevin Roth fixed the zlib build stuff in the Mingw32 makefile. + +Daniel (30 Jan) +- Kevin Roth found out that curl on Windows always checked for the CA cert + bundle using the environment variable and the path scan, even though + -k/--insecure was used. + +- Hamish Mackenzie pointed out that curl only did strict host name verifying + if capath or cainfo was used. Now it'll always do it unless -k / --insecure + is used! + +- Pavel Cenek pointed out that the Content-Type extraction was done wrongly + as the full string was not fetched. Added test case 57 to verify that curl + does it right now. + +Daniel (29 Jan) +- Jamie Wilkinson provided a patch that now makes curl attempt to clear out + "sensitive" command line arguments so that they don't appear in ps outputs + (only on platforms that allow writing to argv[]). + +- John McGowan found out that the DEBUGFUNCTION could be called with bad + arguments and thus cause the --trace outputs to go wrong. + +- Removed all the emacs local variables from all files. Mats Lidell provided + the new sample.emacs file (for a sample of what to include in your .emacs) + and the curl-style.el that sets a better c-style for editing curl sources. + +- Dave Halbakken found a problem with FTP downloads that could accidently + return CURLE_PARTIAL_FILE when curl_easy_perform() was called with NOBODY + set TRUE. + +Daniel (27 Jan) +- The fopen.c example was flawed as Nick Humfrey noticed, and I fixed it to + work again. + +Daniel (24 Jan) +- Bertrand Demiddelaer found and fixed a memory leak (the content-type string) + when following locations. + +Daniel (22 Jan 2003) +- Ian Wilkes and Legoff Vincent both independently provided fixes for making + curl/multi.h work properly when compiled with a C++ compiler. + +Daniel (20 Jan 2003) +- Fixed 'buildconf' to check version number of the required tools before + they're actually used. + +- Wrote 'testcurl.sh', a script targeted for automatic and distributed curl + tests on various platforms. + +- David Thiel pointed out that the .netrc file was not being dealt with + properly anymore. I broke this in the password prompting "fix". + +- Markus F.X.J. Oberhumer patched libcurl to allocate the scratch buffer only + on demand and thus we save 32KB in each curl handle that don't use that + buffer. This need appeared when some people started using thousands of + simultaneous curl handles... :-) + +Daniel (16 Jan 2003) +- Markus Oberhumer fixed curl-config --cflags when the includedir was not + /usr/include. + +- Markus Oberhumer fixed CURLINFO_PRIVATE to properly return NULL if it was + set to NULL! + +Version 7.10.3 (14 Jan 2003) + +Daniel (10 Jan 2003) +- Steve Oliphant pointed out that test case 105 did not work anymore and this + was due to a missing fix for the password prompting. + +Version 7.10.3-pre6 (10 Jan 2003) + +Daniel (9 Jan 2003) +- Bryan Kemp pointed out that curl -u could not provide a blank password + without prompting the user. It can now. -u username: makes the password + empty, while -u username makes curl prompt the user for a password. + +- Kjetil Jacobsen found a remaining connect problem in the multi interface on + ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed + his problems. + +- memanalyze.pl now reads a file name from the command line, and no longer + takes the data on stdin as before. + +Version 7.10.3-pre5 (9 Jan 2003) + +Daniel (9 Jan 2003) +- Fixed tests/memanalyze.pl to work with file names that contain colons (as on + Windows). + +- Kjetil Jacobsen quickly pointed out that lib/share.h was missing... + +Version 7.10.3-pre4 (9 Jan 2003) + +Daniel (9 Jan 2003) +- Updated lib/share.c quite a bit to match the design document at + http://curl.haxx.se/dev/sharing.txt a lot more. + + I'll try to update the document soonish. share.c is still not actually used + by libcurl, but the API is slowly getting there and we can start + implementing code that takes advantage of this system. + +Daniel (8 Jan 2003) +- Updated share stuff in curl/curl.h, including data types, structs and + function prototypes. The corresponding files in lib/ were also modified + of course to remain compilable. Based on input from Jean-Philippe and also + to make it more in line with the design document. + +- Jean-Philippe Barrette-LaPierre patched a very trivial memory leak in + curl_escape() that would happen when realloc() returns NULL... + +- Matthew Blain provided feedback to make the --create-dirs stuff build + properly on Windows. + +- Fixed the #include in tests/libtest/first.c as Legoff Vincent pointed out. + +Daniel (7 Jan 2003) +- Philippe Raoult provided a patch that now makes libcurl properly support + wildcard checks for certificate names. + +- Simon Liu added CURLOPT_HTTP200ALIASES, to let an application set other + strings recognized as "HTTP 200" to allow http-like protocols to get + downloaded fine by curl. + +- Now using autoconf 2.57 and automake 1.7.2 + +- Doing "curl -I ftp://domain/non-existing-file" still outputed a date! + Wayne Haigh reported. + +- The error message is now written properly with a newline in the --trace + file. + +Daniel (6 Jan 2003) +- Sterling Hughes fixed a possible bug: previously, if you called + curl_easy_perform and then set the global dns cache, the global cache + wouldn't be used. Pointed out by Jean-Philippe Barrette-LaPierre. + +- Matthew Blain's fixed the VC6 libcurl makefile to include better debug data + on debug builds. +Daniel (27 Dec 2002) +- Philippe Raoult reported a bug with HTTPS connections which I evidently + added in my 19 dec fix. I corrected it. + +Daniel (20 Dec) +- Idea from the Debian latest patch: use AM_MAINTAINER_MODE in the configure + script to make the default makefile less confusing "to the casual + installer". + +Version 7.10.3-pre3 (20 Dec) + +Daniel (19 Dec) +- Matthew Blain patched the Curl_base64_decode() function. + +- Evan Jordan reported in bug report #653022 that the SSL_read() usage was + wrong, and it certainly was. It could lead to curl using too much CPU due to + a stupid loop. + +Daniel (18 Dec) +- As suggested by Margus Freudenthal, CURLE_HTTP_NOT_FOUND was renamed to + CURLE_HTTP_RETURNED_ERROR since it is returned on any >= 400 code when + CURLOPT_FAILONERROR is set. + +Daniel (17 Dec) +- Bug reported #651464, reported by Christopher Palmer, provided an example + source code using the multi interface that hang when trying to connect to a + proxy on a localhost port where no proxy was listening. This bug was not + repeatable on libcurls that were IPv6-enabled. + +Daniel (16 Dec) +- Christopher Palmer also noticed what Vojtech Janota already was + experiencing: The attempted name resolve fix for glibc 2.2.93 caused libcurl + to crash when used on some older glibc versions. The problem is of course + the silliness of the 2.2.93. I committed a fix that hopefully should make + the binary run fine on either one of the versions, even though the solution + is not as nice as I'd like it to be. + +Daniel (13 Dec) +- Bug report #651460 by Christopher R. Palmer showed that when using libcurl + to for example go over a proxy on localhost, it would attempt to connect + through the proxy TWICE. + + I added test case 503 with which I managed to repeat this problem and I + fixed the code to not re-attempt any connects (which also made it a nicer + fix for the #650941 bug mentioned below). + + The sws server was extended to deal with CONNECT in order to make test + case 503 do good. + +- Evan Jordan posted bug report #650989 about a memory leak in the public key + retrieving code. He provided a suggested fix and I merely applied it! + +- Bug report #650941, posted by Christopher R. Palmer identified a problem + with the multi interface and getting file:// URLs. This was now fixed and + test case 502 was added to verify this. + +Daniel (12 Dec) +- Test case 500 and 501 are the first ever libcurl test cases that run. + +- Made "configure --enable-debug" cut off all -O* options to the compiler + +- Finally fixed the test suite's ftp server so that test case 402 doesn't + cause the following test case to fail anymore! + +Daniel (11 Dec) +- CURL_MAX_WRITE_SIZE is now decreased to 16KB since it makes the Windows + version perform uploads much faster!!! RBramante did lots of research on + this topic. + +- Fixed the #include in curl/curl.h to include the other files outside the + extern "C" scope. + +Daniel (10 Dec) +- Moved around and added more logic: + + First, POST data is never sent as part of the request headers in the http.c + code. It is always sent the "normal" read callback then send() way. This now + enables a plain HTTP POST to be sent chunked if we want to. This also + reduces the risk of having very big POSTs causing problems. + + Further, sending off the initial HTTP request is not done using a loop + anymore. If it wasn't all sent off in the first send(), the rest of the + request is sent off in the normal transfer select() loop. This makes several + things possible, but mainly it makes libcurl block less when used from the + multi interface and it also reduces the risk of problems with issuing very + large requests. + +Daniel (9 Dec) +- Moved the read callback pointer and data within the structs to a more + suitable place. This in preparation for a better HTTP-request sending code + without (a silly) loop. + +- The Dodds fix seems not to work. + +- Vojtech Janota tests proved that the resolve fix from oct 21st is not good + enough since obviously older glibcs might return EAGAIN without this meaning + that the buffer was too small. + +- [the other day] Made libcurl loop on recv() and send() now until done, and + then get back to select(). Previously it went back to select() more often + which really was a slight overhead. This was due to the reported performance + problems on HTTP PUT on Windows. I couldn't see any notable difference on + Linux... + +Version 7.10.3-pre2 (4 Dec 2002) + +Daniel (4 Dec 2002) +- Lots of work with Malcolm Dodds made me add a temporary code fix that now + shortens the timeout waiting for the 226 or 250 line after a completed + FTP transfer. + + If no data is received within 60 seconds, this is taken as a sign of a dead + control connection and we bail out. + +Daniel (3 Dec 2002) +- Ralph's bug report #644841 identified a problem in which curl returned a + timeout error code when in fact the problem was not a timeout. The proper + error should now be propagated better when they're detected in the FTP + response reading function. + +- Updated the Borland Makefiles. + +Daniel (2 Dec 2002) +- Nicolas Berloquin provided a patch that introduced --create-dirs to the + command line tool. When used in combination with -o, it lets curl create + [non-existing] directories used in -o, suitably used with #-combinations + such as: + + curl "www.images.com/{flowers,cities,parks,mountains}/pic_[1-100].jpg \ + -o "dir_#1/pic#2.jpg" --create-dirs + +Version 7.10.3-pre1 + +Daniel (28 Nov 2002) +- I visited Lars Nordgren and had a go with his problem, which lead me to + implement this fix. If libcurl detects the added custom header + "Transfer-Encoding: chunked", it will now enable a chunked transfer. + + Also, chunked transfer didn't quite work before but seems to do so now. + +- Kjetil Jacobsen pointed out that ./configure --disable-ipv6 --without-zlib + didn't work on any platform... + +Daniel (26 Nov 2002) +- Fixed a bad addrinfo free in the hostip.c code, hardly exposed anywhere + +- Dan Becker found and fixed a minor memory leak on persistent connnections + using CURLOPT_USERPWD. + +Daniel (22 Nov 2002) +- Based on Ralph Mitchell's excellent analysis I found a bug in the test suite + web server (sws) which now lets test case 306 run fine even in combination + with the other test cases. + +- Juan Ignacio Hervás found a crash in the verbose connect message that is + used on persistent connections. This bug was added in 7.10.2 due to the + rearranged name resolve code. + +Daniel (20 Nov 2002) +- Kjetil Jacobsen provided a patch that introduces: + + CURLOPT_PRIVATE stores a private pointer in the curl handle. + + CURLINFO_PRIVATE retrieves the private pointer from the curl handle. + +- Karol Pietrzak pointed out how curl-config --cflags didn't output a good + include dir so I've removed that for now. + +Version 7.10.2 (18 Nov 2002) + +Daniel (11 Nov 2002) +- Dave Halbakken added curl_version_info to lib/libcurl.def to make libcurl + properly build with MSVC on Windows. + +Daniel (8 Nov 2002) +- Doing HTTP PUT without a specified file size now makes libcurl use + Transfer-Encoding: chunked. + +Daniel (7 Nov 2002) +- Bug report #634625 identified how curl returned timeout immediately when + CURLOPT_CONNECTTIMEOUT was used and provided a fix. + +Version 7.10.2-pre4 (6 Nov 2002) + +Daniel (5 Nov 2002) +- Lehel Bernadt found out and fixed. libcurl sent error message to the debug + output when it stored the error message. + +- Avery Fay found some problems with the DNS cache (when the cache time was + set to 0 we got a memory leak, but when the leak was fixed he got a crash + when he used the CURLOPT_INTERFACE with that) that had me do some real + restructuring so that we now have a reference counter in the dns cache + entries to prevent an entry to get flushed while still actually in use. + + I also detected that we previously didn't update the time stamp when we + extracted an entry from the cache so that must've been a reason for some + very weird dns cache bugs. + +Version 7.10.2-pre3 + +Daniel (31 Oct 2002) +- Downgraded automake to 1.6.3 in an attempt to fix cygwin problems. (It + turned out this didn't help though.) + +- Disable the DNS cache (by setting the timeout to 0) made libcurl leak + memory. Avery Fay brought the example code that proved this. + +Version 7.10.2-pre2 + +Daniel (28 Oct 2002) +- Upgraded to autoconf 2.54 and automake 1.7 on the release-build host. + +- Kevin Roth made the command line tool check for a CURL_CA_BUNDLE environment + variable (if --cacert isn't used) and if not set, the Windows version will + check for a file named "curl-ca-bundle.crt" in the current directory or the + directory where curl is located. That file is then used as CA root cert + bundle. + +- Avery Fay pointed out that curl's configure scrip didn't get right if you + used autoconf newer than 2.52. This was due to some badly quoted code. + +Version 7.10.2-pre1 + +Daniel (23 Oct 2002) +- Emiliano Ida confirmed that we now build properly with the Borland C++ + compiler too. We needed yet another fix for the ISO cpp check in the curl.h + header file. + +- Yet another fix was needed to get the HTTP download without headers to work. + This time it was needed if the first "believed header" was read all in the + first read. Test 306 has not run properly since the 11th october fix. + +Daniel (21 Oct 2002) +- Zvi Har'El pointed out a problem with curl's name resolving on Redhat 8 + machines (running IPv6 disabled). Mats Lidell let me use an account on his + machine and I could verify that gethostbyname_r() has been changed to return + EAGAIN instead of ERANGE when the given buffer size is too small. This is + glibc 2.2.93. + +- Albert Chin helped me get the -no-undefined option corrected in + lib/Makefile.am since Cygwin builds want it there while Solaris builds don't + want it present. Kevin Roth helped me try it out on cygwin. + +- Nikita Schmidt provided a bug fix for a FOLLOWLOCATION bug introduced when + the ../ support got in (7.10.1). + +Daniel (18 Oct 2002) +- Fabrizio Ammollo pointed out a remaining problem with FOLLOWLOCATION in + the multi interface. + +Daniel (17 Oct 2002) +- Richard Cooper's experimenting proved that -j (CURLOPT_COOKIESESSION) didn't + work quite as supposed. You needed to set it *before* you use + CURLOPT_COOKIEFILE, and we dont' want that kind of dependencies. + +Daniel (15 Oct 2002) +- Andrés García provided corrections for erratas in four libcurl man pages. + +Daniel (13 Oct 2002) +- Starting now, we generate and include PDF versions of all the docs in the + release archives. + +Daniel (12 Oct 2002) +- Trying to connect to a host on a bad port number caused the multi interface + to never return failure and it appeared to keep on trying forever (it just + didn't do anything). + +Daniel (11 Oct 2002) +- Downloading HTTP without headers didn't work 100%, some of the initial data + got written twice. Kevin Roth reported. + +- Kevin Roth found out the "config file" parser in the client code could + segfault, like if DOS newlines were used. + +Version 7.10.1 (11 Oct 2002) + +Daniel (10 Oct 2002) +- Jeff Lawson fixed a few problems with connection re-use that remained when + you set CURLOPT_PROXY to "". + +Daniel (9 Oct 2002) +- Craig Davison found a terrible flaw and Cris Bailiff helped out in the + search. Getting HTTP data from servers when the headers are split up in + multiple reads, could cause junk data to get inserted among the saved + headers. This only concerns HTTP(S) headers. + +Daniel (8 Oct 2002) +- Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER + is set internally, the error text is sent to the debug function as well. + +- I fixed the telnet code to timeout properly as the option tells it to. On + non-windows platforms. + +Daniel (7 Oct 2002) +- John Crow pointed out that libcurl-the-guide wasn't included in the release + tarball! + +- Kevin Roth pointed out that make install didn't do right if build outside + the source tree (ca-bundle wise). + +- FOLLOWLOCATION bugfix for the multi interface + +Daniel (4 Oct 2002) +- Kevin Roth got problems with his cygwin build with -no-undefined was not + present in lib/Makefile.am so I put it back in there again. The poor one who + needs to remove it again must write a configure script to detect that need. + +- Ralph Mitchell pointed out that curl was a bit naive and didn't deal with ./ + or ../ stuff in the string passed back in a Location: header when following + locations. + +- Albert Chin helped me to work out a better configure.in check for zlib, and + both --without-zlib and -with-zlib seem to work rather well right now. + +- Zvi Har'El improvied the OpenSSL ENGINE check in the configure script to + become more accurate. + +Daniel (1 Oct 2002) +- Detlef Schmier pointed out the lack of a --without-libz option to configure, + so I added one. + +Version 7.10 (1 Oct 2002) + +Daniel (30 Sep 2002) +- Modified the curl_version_info() proto and returned struct once again, and + updated the man page accordingly. + +- Cris Bailiff found out that the pre-releases crashed on name lookups on + names such as "a:" or "baz:" (on Linux versions not being IPv6-enabled) due + to some weird return codes from gethostbyname_r(). I'll blame the complete + lack of docs in that department. Cris provided a fix, which I modified only + slightly. + +Daniel (27 Sep 2002) +- After a suggestion from Christian Kurz to Debian curl package maintainer + Domenico Andreoli, I made it possible to override the proxy environment + variables better. Now, by setting -x "" you can explicitly tell libcurl to + not use a proxy, no matter whan the environment variables say. + +Version 7.10-pre4 + +Daniel (26 Sep 2002) +- Extended curl_version_info() more and wrote a man page for it. + +Daniel (25 Sep 2002) +- libcurl could leak memory when downloading multiple files using http ranges, + reported and fixed by Jean-Luc Guevel. + +- Walter J. Mack provided code and docs for the new curl_free() function that + shall be used to free memory that is allocated by libcurl and returned back + to the application, as curl_escape() and curl_unescape() do. + +- Yarram Sunil pointed out a flaw in the multi interface where a failed + connection didn't close down properly and thus a second transfer using the + same handle failed. + +- Andrés García fixed a flaw that made (among other things) dict-fetches + return a random value. + +Daniel (24 Sep 2002) +- Wez Furlong brought his initial patch that introduced curl_version_info(). + We might need to tweak it somewhat before release. + +Daniel (20 Sep 2002) +- Craig Markwardt fixed another Tru64 IP resolve problem. + +Daniel (19 Sep 2002) +- Dolbneff A.V and Spiridonoff A.V made the file:// code work with resumes + in the same style other code does. + +- Ilguiz Latypov fixed a flaw in the client code when fetching multiple URLs + and -C - was used. The first file's resume position was then accidentally + reused on all the other files too. + +Daniel (18 Sep 2002) +- The curl_easy_setopt.3 man page was greatly modified and the options have + now been grouped in logical groups so that it should be somewhat easier to + read it and find things you search for. + +Daniel (13 Sep 2002) +- Kevin Roth pinpointed a scary flaw in libcurl, when the HTTP server doesn't + send any headers back, only raw content. Right, that is a violation of the + standard but still happens at times and we need to deal with it. Test case + 306 was added to verify that we do right now. + +Version 7.10-pre3 + +Daniel (11 Sep 2002) +- Lukasz Czekierda found out that curl didn't send a correct HTTP Host: header + when you specified the URL with an IPv6 IP-address. + +Daniel (4 Sep 2002) +- Sven Neuhaus made --silent being acknowledged even when multiple URLs + were used. It used to output "[1/2]: http://host/a.html.de --> a.html.d" etc + even when told to shut up. + +Daniel (3 Sep 2002) +- Updated all source code headers to use MIT-license references only, and + point to the COPYING file and the http://curl.haxx.se/docs/copyright.html + URL. I've cut out all references to MPL that I could find. + +- Corected the makefiles to not always use -lz when linking + +Version 7.10-pre2 + +Daniel (2 Sep 2002) +- James Gallagher added Content-Encoding support to libcurl so now curl and + libcurl-using apps can request compressed contents using the 'deflate' + method. See the special file lib/README.encoding for details. + + curl --compressed is now used to request compressed contents. + + curl-config --feature will include 'libz' if this feature was around when + the library was built. + +Daniel (30 Aug 2002) +- Applied an anonymous SOCKS5-proxy patch. Not properly working in all + situations though, as all getaddrinfo()-using libcurls will fail on this. + This is because of the somewhat naive way the current code tries to extract + the IP address of the proxy. + +- Fixed up the SSL cert fixes from the other day even more after more inputs + from Cris. Added three new SSL error codes to make the + CURLE_SSL_CONNECT_ERROR slightly less overloaded. + +Daniel (27 Aug 2002) +- After lots of talk with Tom Zerucha, Nick Gimbrone and Cris Bailiff I + decided to talk the bold path and I now made libcurl do CA certificate + verification by default. Thus library users need to explicitly turn this off + if you want to connect to sites without proper checking. We also install a + CA cert bundle on 'make install' now. + + The curl tool now requires the -k/--insecure option in order to allow + connections and operations on SSL sites that aren't properly verified with + -cafile or --capath. + + curl-config --ca displays the built-in path to the CA cert bundle. + +Daniel (26 Aug 2002) +- Andrew Francis cleaned up some code that now compiles fine without the need + for ugly MSVC pragmas. + +- Keith MacDonald found a minor bug in src/main.c that made it close stdin + instead of the actual file handle. It shouldn't have resulted in much + trouble as most operating systems close all file handles on process exit + anyway. + +Daniel (22 Aug 2002) +- Markus Oberhumer provided some documentation for his previously provided + CURLOPT_NOSIGNAL fix. + +- Patched the lib/Makefile.am to hopefully no longer complain on undefined + symbols that seemed to occur on builds with shared OpenSSL libraries on + Solaris lately... + +Daniel (20 Aug 2002) +- Fixed compiler warnings on MSCV++ compiles. We're looking for help here: + remove the pragmas from lib/config-win32.h and adjust the sources where + the warnings occur. Hiding them with pragmas like this is not the correct + way of dealing with compiler warnings. + +Daniel (13 Aug 2002) +- Ulrich Zadow made the global include files in curl/* include themselves + using "curl.h" instead of <curl/curl.h> which thus allows people to more + freely decide how to include curl and how to setup their include paths. + +- Sterling Hughes added the curl_share* interface, somewhat as discussed + previously. + +- Jörn Hartroth pointed out that poll() was used in the pre1 source code and + it isn't very portable, so now I check for it in the configure script and + work around it. + +Version 7.9.9-pre1 + +Daniel (12 Aug 2002) +- Applied my initial take on making the multi stuff more asynchronous. Connects + should now return back without "hanging" until it has connected for real. + This should also be the case for FTP-PASV connects. + +Daniel (9 Aug 2002) +- Applied Markus F.X.J. Oberhumer's patch that introduces CURLOPT_NOSIGNAL, + which effectively prevents libcurl from doing anything that may cause + signals to get sent. This is basicly for multi-threaded applications that + now can use timeouts properly, without risking any signals to burst in and + ruin the party. + +Daniel (5 Aug 2002) +- Lukasz Czekierda reported that RFC2732-style literal IPv6 addresses didn't + work. When did that code vanish? Anyway, it's back again now and seems to + work! + +- Jonatan Lander found out that POSTing an empty string didn't work with the + command line tool. + +Daniel (3 Aug 2002) +- Jörn Hartroth fixed the libcurl.def file to build the windows DLL with + the multi interface enabled. + +Daniel (1 Aug 2002) +- The ftp PORT command now uses a better default IP address, as it will + extract and use the local IP address used by the control connection. + +- Modified the #include lines in curl/multi.h to work better on more + platforms. + +Daniel (31 Jul 2002) +- Attempted a fix for Ray DeGennaro's reported HP-UX host name resolve + problems. + +Daniel (30 Jul 2002) +- Priya Ramakrishnan and Ryan Jones compiles curl/curl.h with a C++ compiler + and don't get __STDC__ defined, which required us to extend the preprocessor + check for the ## operator usage. + +- Correct the description for CURLOPT_PASSWDFUNCTION, if set to NULL the + internal default function will be put back. + +- danfuzz at milk.com found out that libcurl badly assumed a space after + 'Set-Cookie:' so if it wasn't present, it caused the first letter of the + cookie name to fall off! + +Daniel (29 Jul 2002) +- The password prompt asking for user password used stdout and now uses + stderr instead to better allow redirecting. It also leaked a fopen() file + handle that is now fixed. + +Daniel (28 Jul 2002) +- HAVE_SETVBUF was left out from src/main.c which made -N not work. Found out + by M T. + +Daniel (26 Jun 2002) +- Glen Nakamura solved a crash in the name resolving function for IP-only + addresses on Alpha Linux (at least). + +- T. Bharath corrected the high resolution timer introduced in 7.9.8. + +Daniel (22 Jun 2002) +- Andrés García pointed out man page errors in curl_formadd.3. I fixed. + +Daniel (19 Jun 2002) +- Chris Combes pointed out a flaw in curl_escape(). I fixed. We no longer + tries to generate nor parse '+' in URLs. Spaces become %20, and only %-codes + are translated by curl_unescape(). + +Daniel (15 Jun 2002) +- Added --limit-rate to the curl tool. Allows the user to set a maxmimum + upper limit to how much bandwidth to use for transfers. + +- CURLOPT_BUFFERSIZE was added to libcurl. This sets a prefered size for the + receive buffer in libcurl. The main point of this would be that the write + callback gets called more often and with smaller chunks. + +Daniel (14 Jun 2002) +- Yarram Sunil found out that the SocketIsDead() function performed a lot + faster on Windows when removing the 1 microsecond timeout. + +- Hanno L. Kranzhoff fixed the VC++ project files. + +- Tom Mattison found out that ftp transfers closed the connection a little + too often. + +- Miklos Nemeth posted a VC++ makefile fix and some INSTALL comments on how + to disable specific protocols when building for Windows. + +Version 7.9.8 + +Daniel (13 Jun 2002) +- Time to let this baby go. + +Daniel (12 Jun 2002) +- Chris Combes added three new options for curl_formadd(): CURLFORM_BUFFER, + CURLFORM_BUFFERPTR, CURLFORM_BUFFERLENGTH. They are used to create a + multipart that appears as a regular file upload, but the data is provided + with a pointer and length. + +- Nico Baggus made the VMS version use sigsetjmp() too. + +- Jörn Hartroth fixed the mingw32 build using the mm lib. + +- Applied patches by Kris Kennaway that correct format string problems in + lib/ftp.c and lib/ldap.c. + +Version 7.9.8-pre3 + +Daniel (11 Jun 2002) +- James Cone brought the idea of using sigsetjmp() in the signal handler to + make the time-out of name lookups to work, even when the underlying name + resolver library traps EINTR. The use of sigsetjmp() and siglongjmp() for + this may be a bit drastic, and also not likely to exist on all platforms. I + added careful checking for this in the configure script, even checks for it + being a macro (which seems to be the case in for example Linux). + + sigsetjmp() seems to be mentioned in the Single Unix specification. + +- Miklos Nemeth brought a patch that allows libcurl to get built with specific + protocols disabled. This is done by running ./configure + --disable-[protocol]. + +- FTP range downloads could make CURLE_FTP_WRITE_ERROR get returned. We now + make precautions to not return this for range downloads. + + Added test case 135 that makes an ftp range download. Had to tweak the + runtests.pl script a bit too. + +- Bug report #566835 identified a strlen() on a NULL pointer. Added additional + check to prevent this. + +Daniel (10 Jun 2002) +- Found and corrected a connect failure problem that didn't create a human + error text. + +- Added code to compile with OpenSSL 0.9.7. Based on patch from Jacob Meuser + and comments from Götz Babin-Ebell. + +- Gautam Mani found a socket descriptor leak that happened when FTP transfers + failed and you reinvoked curl_easy_perform(). + +Daniel (5 Jun 2002) +- Gustaf Hui corrected curl_multi_remove_handle() so that it won't crash no + matter when you decide to remove the CURL handle. + +- HAVE_RAND_STATUS was added to lib/config-win32.h by Andreas Olsson, as it + makes windows builds stop complaining about "weak seeding" when it in fact + isn't. + +- Another 64bit architecture crash that was introduced in 7.9.7 was now + removed, as bug report #564585 clarified. This happened due to our attempts + to only allocate only as much memory as is actually needed for name + resolving (using realloc) which called for a function that could 'move' a + hostent struct in memory. + +Version 7.9.8-pre2 + +Daniel (3 Jun 2002) +- T. Bharath fixed the CURLINFO_REDIRECT_TIME to return a correct time and + made the CURLINFO_REQUEST_SIZE return the correct total request size. He + also made the win32 timers use higher resolution than before. + +Daniel (29 May 2002) +- Renaud Chaillat made me aware of the fact that libcurl returned an error if + you tried to get an empty FTP file. This seemed like a wrong thing to do, so + now it no longer does that! I just hope that no one built anything fancy + upon this unexpected behavior... + +Daniel (28 May 2002) +- Cris Bailiff brought CURLOPT_CAPATH that works like CURLOPT_CAINFO but + specifies a path to a directory with certificates rather than a single file + with them all concatenated. --capath was added to the command line tool + for the same function. + + Windows users need to pay attention that the directory should be setup with + the c_rehash tool of the OpenSSL package, and that creates symlinks by + default that need to be replaced with actual copies to work on Windows. + +- Gustaf Hui provided new code that changes how curl_multi_info_read() + messages are stored, so that they don't have to be kept around for the multi + handle's entire life time. He also made it return failure codes properly + which it didn't do before. + +Daniel (27 May 2002) +- Gustaf Hui pointed out that running curl_multi_perform() without doing + curl_multi_fdset() first was not really a working combo. I added an internal + check for this and have some extra select() code without timeout to make the + library internals work identically nevertheless. We might need to somehow + either document that once you've used the *_fdset() you should remain using + them in select() or you should blank them somehow so that libcurl won't go + crazy. + +Version 7.9.8-pre1 + +Daniel (22 May 2002) +- James Cone brought an excellent patch, including several tests and docs! + CURLOPT_NETRC now takes an enum as argument instead of the previous boolean. + --netrc-optional was introduced as an addition to --netrc to allow the + command line client to take use of all that new netrc stuff. + +- Bug report #558888 showed a case where libcurl re-used the previous host + name when a connection over a proxy was re-used but to a different target + host. + +Daniel (21 May 2002) +- Edin Kadribasic helped me sort out a problem to made libcurl crash when + trying to HTTP POST an empty string. + +- Clarified that Juergen Wilke donated the original tests/server/sws.c code. + +- Jean-Philippe Barrette-LaPierre made curl_formadd() return a typedef named + CURLFORMcode instead of the previous 'int', and the various return codes are + now globally exported. It allows applications to better figure out what goes + wrong when curl_formadd() returns errors. + +Daniel (20 May 2002) +- Roland Zimmermann pointed out that SSL_CTX_use_certificate_chain_file() + is prefered to SSL_CTX_use_certificate_file(). + +Daniel (17 May 2002) +- Bug report #556869 pointed out that src/writeout.c didn't compile on freebsd + after my AIX fixes the other week. + +- Bug report #556930 pointed out a FreeBSD core dump introduced in 7.9.7 in + the DNS struct realloc stuff. Actually, this crash could happen on all + systems that made the pack_hostent() function get invoked. + +- I removed several compiler warnings in the test suite's HTTP server. + +Version 7.9.7 + +Daniel (10 May 2002) +- Kevin Roth adjusted the --trace-ascii output slightly. + +- Paul Harrington found out that src/writeout.c needed an additional header + file included for AIX builds + +Version 7.9.7-pre2 + +Daniel (7 May 2002) +- Updated the man page with --trace-ascii and -j/--junk-session-cookies. + +- Made --trace-ascii do pretty much the same as --trace but without the hex + part in the output. + +- Added CURLOPT_COOKIESESSION that when enabled makes libcurl ignore session + cookies read from a file. This option is enforced by the curl command line + tool using the new -j/--junk-session-cookies option. After discussions with + Kevin Roth. This makes it easier to use curl to fully emulate a browser's + behavior, even when it comes to "session cookies". Session cookies are + cookies that a normal browser discards when the browser is shut + down. They're identified by not having any expire date/time. + +- When CURLOPT_DEBUGDATA was set, it ruined the CURLOPT_STDERR setting and + this was discovered when --trace was made to crash. + +- Using -v and --trace at the same time confused matters. -v is now pretty + much ignored when --trace or --trace-ascii is used. + +- Made --trace (and --trace-ascii) support - as file name to pass output to + stdout instead. It makes it consistent with how other options work. + +Version 7.9.7-pre1 + +Daniel (6 May 2002) +- Added multi-post.c to the examples directory. I got the basic source for + this from Gustaf Hui. + +Daniel (3 May 2002) +- CURL_MAX_WRITE_SIZE is now an exported #define in the curl/curl.h header and + can be used to figure out the maximum buffer size your write callback can + get. + +- CURLOPT_READDATA is now an alias for CURLOPT_INFILE and CURLOPT_WRITEDATE is + an alias for CURLOPT_FILE. These two were added for conformity. Most other + callback function's userdata are provided with options using a similar name- + scheme. + +- Added "--trace [file]" to the command line tool. It makes a very detailed + trace dump get stored, with a full protocol dump that includes all received + and transmitted data. This could be a very effective tool for debugging what + goes wrong. This dump includes every byte the way it is sent to/received + from the server. The dump is the plain-text version, so SSL transfers will + still be readable. + +- I found out that the DEBUGFUNCTION was not called properly everywhere as we + wanted it to. I fixed it. + +- -D now stores all headers to the same file if multiple URLs are given on the + command line! Kevin Roth made me aware of that it didn't already do this! + +- Gustaf Hui wrote an excellent formpost example that used the multi + interface. Unfortunately, it didn't work due to several bugs in how + transfers were made when the multi interface was used. + +Daniel (2 May 2002) +- Hanno Kranzhoff found out that when doing multiple transfers on the same + easy handle, the progress meter would show a bad "currently downloaded + value" when the transfer starts. + +Daniel (1 May 2002) +- Applied another patch by Jacky Lam to make the name resolve info realloc() + stuff work properly. + +Daniel (28 April 2002) +- curl_multi_info_read() is now implemented! + +Daniel (27 April 2002) +- Updated BUGS, TODO, FAQ, INSTALL and added BINDINGS. + +- I think I fixed the DNS cache prune crach Jacky Lam found and reported. + +- I cleaned up the name prefix stuff in the hash and llist modules. + +- FTP responses should now be better on timing out properly. The timeout value + is maximum timeout for the entire request operation, but before this, the + timeout was used as a maximum allowed time between two reads... + +Daniel (26 April 2002) +- Fixed the test suite http server to not use snprintf() anymore due to better + portability. + +Daniel (25 April 2002) +- With Sterling Hughes' new DNS pruning, Jacky Lam asked if this wouldn't + cause problems since the pruning is only checking the entry time, and it + sure could cause problems. Therefor, I've now added and changed code so that + this should not be a problem. Nowhere in the code will be store name + resolved information around so that a sunsequent DNS cache prune should + cause a problem. This of course called for some mild internal changes. + +Daniel (23 April 2002) +- Improved the 'no_proxy' check, as using port numbers in the URL confused it + previously. Reported by Erwan Legrand in bug report #547484. + +- The --interface option now works even on IPv6 enabled builds. Reported by + 'thor'. + +Daniel (22 April 2002) +- The #defines names starting with TIMECOND now has CURL_ prefixes. (The old + names are still #defined too.) Pointed out by Robert Olson. + +- Jacky Lam brought code that lets the name resolve function only use as much + memory as it actually needs. This only works on certain operating systems, + but is totally transparant to all users. + +Daniel (19 April 2002) +- Bjorn Reese fixed pack_hostent to work properly with 64 bit pointers. + +Daniel (18 April 2002) +- Sterling Hughes added code to prune old DNS cache entries, since Jacky Lam + experienced very big caches. + +Daniel (17 April 2002) +- Dirk Manske patched the 301 response to work against the RFC but more like + common browsers do. If a POST get a 301 back, it'll switch to GET in the + next request (if location-following is enabled). + +Daniel (16 April 2002) +- Dirk Manske posted a patch originally written by Ingo Wilken that introduced + two new CURLINFO_* values: CURLINFO_REDIRECT_TIME and + CURLINFO_REDIRECT_COUNT. + +Daniel (15 April 2002) +- Jonatan Lander patched the verbose text 'Disables POST, goes with GET' to + reflect reality better, like when the first request isn't POST and when + the second isn't GET... :-) + +- Craig Davison pointed out that when curl_formadd()ing a file that doesn't + exist, libcurl doesn't return error. Now, curl_easy_perform() will return + CURLE_READ_ERROR if that is the case. Test 41 was added to verify this. + +Version 7.9.6 + +Daniel (14 April 2002) +- Dirk Manske brought a fix that makes libcurl strip off white spaces from the + beginning of cookie contents. + +- Had to patch include/curl/curl.h since MSVC doesn't set the __STDC__ define. + Moonesamy pointed out the problem, Bjorn Reese the solution. + +Version 7.9.6-pre5 + +Daniel (12 April 2002) +- Fixed the TIMER_CONNECT to be more accurate for FTP transfers. Previously + FTP transfers got the "connect done" time set after the initial FTP commands + and not directly after the TCP/IP connect as it should. + + I also made the time stamp get set even if the connect itself fails, which + it didn't do previously. + +- Jean-Philippe Barrette-LaPierre provided his patch that introduces + CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program to a set a + callback to receive debug/information data. That includes headers and data + that is received and sent. CURLOPT_VERBOSE still controls it. + + By default, there is an internal debugfunction that will make things look + and work as before if not changed. + +Daniel (10 April 2002) +- Sebastien Willemijns found out that -x didn't use the default port number as + is documented. It does now. + +- libcurl-errors.3 is a new man page attempting to document all libcurl error + codes + +- Added two new error codes and changed the behaviour of two old ones + slightly: + + CURLE_WRITE_ERROR + This error was returned *both* for errors that occured when writing + received data to a local file, as well as when we get problems writing data + to a remote server. CURLE_SEND_ERROR has now been added for the latter + error. + + CURLE_READ_ERROR + This error was similarly returned *both* for errors when reading a local + file, as well as when getting problems when reading network data. + CURLE_RECV_ERROR has now been added for the latter error. + + (Two test cases were adjusted accordingly.) + +Daniel (9 April 2002) +- runtests.pl now sets the HOME variable before running curl, to prevent any + actual ~/.curlrc file to fool the tests! + +Version 7.9.6-pre4 + +Daniel (8 April 2002) +- Michael Curtis provided new functionality for curl on some platforms. Using + the --environment option, curl will *set* a bunch of environment variables + to values. The names are the same ones as for the -w/--writeout option. + + For now, this only works on the RISC OS version, as this feature relies on + both OS support and that it matches OS paradigms. + +- Jacky Lam provided a fix for getting headers-only when the reply is HTTP/1.0 + and 304, I edited it slightly. + +Daniel (5 April 2002) +- As requested by Jay Graves, the '.curlrc' file (or _curlrc as it is called + when used in windows), is now loaded from the current directory if the HOME + environment variable isn't set (or if it is too long). I also enlarged the + array used to store the full file path in, to 512 bytes. + +- Kevin Roth pointed out to me why the "19 March" change regarding -G and -I + was stupid and the change was reverted. Added test case 48 to verify the + functionality. + +Version 7.9.6-pre3 + +Daniel (4 April 2002) +- Jonatan Lander brought a patch that makes curl/curl.h compile nicely on + pre-ISO compilers, like when using gcc -traditional. + +Daniel (3 April 2002) +- Jacky Lam identified a glitch when getting headers-only, where libcurl would + "hang" 1 second in vain in the select() loop before returning back. + +- Tor Arntsen brought a patch for multipart formposts. It turned out that the + "CGI_Lite Perl package" makes some bad assumptions on what letters that may + be used in boundary strings and thus curl could confuse it by including '+' + and '/'. While this is standards-compliant, we change the behavior to work + smoothly with existing software based on that package. + +Daniel (2 April 2002) +- Gerhard Herre filed bug report #536238 where he pointed out a crash in + verbose FTP passive transfers for AIX. + +- Clarence Gardner pointed out a minor flaw in how libcurl didn't properly + take care of all errors that SSL_read() could return. + +- Jacky Lam fixed a MALLOCDEBUG problem in lib/getinfo.c + +Daniel (27 March 2002) +- T. Bharath pointed out a flaw in the connection re-use function that didn't + check proxy connections properly for "deadness" before they were re-used. + +- Pedro Neves found out that HTTP POSTing with --data-binary did not properly + work under Windows as the file specified wasn't read fully binary! + +Daniel (25 March 2002) +- Jacky Lam brought a fix that improves treatment of cookies using identical + domains but with leading dots properly. + +Daniel (22 March 2002) +- Miklos Nemeth updated the windows section of the docs/INSTALL file and the + windows makefiles. + +- Jon Dillon provided us with several good-looking curl images for + promotion. View them here http://curl.haxx.se/icons.html + +Daniel (20 March 2002) +- Peter Verhas found out that CRLF replacement in uploads was not working. I + fixed it, and added test case 128 that verifies the functionality. + +- The list formerly known as curl-main is now named curl-users and is hosted + by sourceforge. Susbcribe to the new list, get off the old one. + +Version 7.9.6-pre2 + +Daniel (19 March 2002) +- Made -G and -I on the same command line cause an error. + +- Moved the multi.h file to the "public" include directory and made it get + included by curl.h so that no extra include files will be necessary to use + it. + + Added docs and man pages for the multi interface to the release archive. + Added the three example source codes too. + + Necessary steps in my campaign to sneak in the multi interface... ;-) + +- Updated the year in all copyright notices in all C and H files. + +Daniel (18 March 2002) +- Tomas Szepe found out that -d and -G didn't mix as they should. I broke this + in 7.9.5... Added test case 32 for this. + +Version 7.9.6-pre1 + +Daniel (16 March 2002) +- Peter Verhas pointed out that the curl_escape and curl_unscape man pages + contained factual errors. + +- Albert Choy found and corrected a problem with the verbose output when doing + PASV ftp transfers. It could make libcurl crash. + + Details in bug report #530562: + http://sourceforge.net/tracker/?func=detail&atid=100976&aid=530562&group_id=976 + +Daniel (15 March 2002) +- Jun-ichiro itojun Hagino filed bug report #530204 that clearly pointed out + the PF_INET fix from February 19 as a not-very-good fix as it broke IPv6 + capability! That patch is now reverted. + + The problem with slow name lookups with getaddrinfo() on non-IPv6 enabled + hosts are instead made by first checking if the stack is IPv6-enabled and if + not, the PF_INET is used and otherwise we go with the full PF_UNSPEC. + +- T. Bharath pointed out that when we return an "error" from a WRITEFUNCTION + as described in the man page, libcurl did not return the documented error + code (CURLE_WRITE_ERROR) but would instead return CURLE_READ_ERROR. This is + now corrected. + +Daniel (14 March 2002) +- Setting CURLOPT_POST without setting CURLOPT_POSTFIELDS now read the POST- + data from the callback. + +- The GOPHER support seems to be broken. I don't think I'll even start fixing + it until someone else finds out... :-) + +Daniel (13 March 2002) +- Trying 'curl -I ftp.sunet.se' or similar did a SIZE on a silly "(nil)" + string. If such a file would be present, curl returned the size of it! Now + we prevent this. + +- Curl_sendf() was fixed to deal with situation where Curl_write() would've + blocked and thus return -1. + +- Setting CURLOPT_PROGRESSFUNCTION to NULL now restores the internal function. + +- All CURLFORM_* options can now be used in a CURLFORM_ARRAY except the + CURLFORM_ARRAY itself. This was necessary since we couldn't expand the + CURLFORM_* list proprely and unrestricted until this was the case. It was + also a bit peculiar to users why some options could be used in an array + while others couldn't. + +- Removed some silly CRLF lines that had accidentally slipped into src/main.c + Nico Baggus pointed them out to me. + +Daniel (11 March 2002) +- CURLFORM_FILENAME was added. This can be set when creating a file upload + part, to set the 'filename' field to a custom value. If this isn't used, + the actually used filename will be included instead (as libcurl always has + done). curl was adjusted accordingly, and now -F accepts a 'filename=' field + too, and allows constructs such as: + + -F 'name=@filename;filename=/dev/null' + + and this can be combined with type= too, in a manner similar to: + + -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" + + Test case 39 was added to verify this functionality. + +- The struct formerly known as HttpPost is now named curl_httppost to properly + use the curl name space. I added a #define for the old name to make existing + programs compile even when this new include file is used. + +Daniel (8 March 2002) +- Clifford also discovered that if the client code failed early, as when doing + "curl -O" only, it would do fclose(NULL) which caused a segmentation fault + on some systems. + +- Clifford Wolf provided a patch that made --progress-bar work again. + +- I closed bug report #527032 by making sure that we add a newline after a + transfer when --progress-bar has been used. Before, without the newline, it + made the subsequent text come out wrong. + +Version 7.9.5 + +Daniel (7 March 2002) +- Added docs/KNOWN_BUGS to the release archive. + +Daniel (6 March 2002) +- Kevin Roth corrected a flaw in the curl client globbing code that made it + mess up backslashes. This was most notable on windows (cygwin) machines when + using file://. + +- Brad provided another fix for building outside the source-tree. + +- Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c + +Daniel (5 March 2002) +- I noticed that the typedef in curl.h for the progress callback prototype was + wrong and thus applications that used it would not get the proper input + data. It used size_t where the implementation actually uses doubles! + + I wish I could blame someone else, but this was my fault. Again. + +Version 7.9.5-pre6 + +Daniel (4 March 2002) +- Cut off the changes done during 2001 from this changelog file and put them + in a separate file (CHANGES.2001), available from CVS of course. + +- I removed the multi directory. The example sources were moved to the + docs/examples directory where they belong. + +- Wrote 7 new man pages for the current functions in the new multi interface. + They're all still pretty basic, but we can use them as a start and add more + contents to them when we figure out what to write. The large amount of man + pages for libcurl now present made me decide to put them in a new separate + subdirectory in the docs directory. Named libcurl. + +- Giuseppe Corbelli provided a template file for the EPM package manager, it + gets generated nicely by the configure script now. + +Version 7.9.5-pre5 + +Daniel (1 March 2002) +- Moved the memanalyze.pl script into the tests/ dir and added it to the + release archives. It was previously only present in the CVS tree. + +- Modified the February 17th Host: fix, as bug report #523718 pointed out that + it caused crashes! + +- Nico Baggus added more error codes to the VMS stuff. + +- Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE + option. It is just another FTP quote option that allows the user to specify + a list of FTP commands to issue *just before* the transfer command (RETR or + STOR etc). It has turned up a few systems that really need this. + + The curl command line tool can also take advantage of this by prefixing the + quote commands with a plus (+) in similar style that post transfer quote + commands are specified. + + This is not yet documented. There is no test case for this yet. + +Daniel (28 February 2002) +- Ralph Mitchell made some serious efforts and put a lot of sweat in setting + up scripts and things for me to be able to repeat his problems, and I + finally could. I found a problem with the header byte counter that wasn't + increased properly and thus we could return CURLE_GOT_NOTHING when we in + fact had received data. + +Daniel (27 February 2002) +- I had to revert the non-space parsing cookie fix I posted to the mailing + list. Expire dates do have spaces and still need to get parsed properly! + Instead we just ignore trailing white space and it seems to work... + +Daniel (26 February 2002) +- Made the cookie property 'Max-Age' work, just since we already tried to + support it, it is better to do it right. No one uses this anyway. + +- The cookie parser could crash if a really weird (illegal) cookie line was + received. I also made it better discard really oddly formatted lines better. + + Made the cookie jar store the second field from the left using the syntax + that Netscape and Mozilla probably like. Curl itself ignores it. + + Added test case 31 for these cases. + + Clay Loveless' email regarding some cookie issues started my cleanup. + +- Kevin Roth pointed out that my automake fiddles broke the ability to build + outside the source-tree and I posted a patch to the mailing list that brings + this ability back. + +Version 7.9.5-pre4 + +Daniel (25 February 2002) +- Fiddled with the automake files to make all source files in the lib + directory not have ../src in the include path, and the src sources shouldn't + have ../lib! + +- All 79 test cases ran OK under Linux and Solaris using the new HTTP server + in the test suite. The new HTTP server was first donated by Georg Horn and + subsequently modified to work with the test suite. It is currently still not + portable enough to run on "all over" but this is a start and I can run all + curl tests on my machines. This is an important requirement for the upcoming + public release. + +- Using -d and -I on the same command line now reports an error, as it implies + two different HTTP requests that can't be mixed. + +- Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option + support %{content_type} to get the content type of the recent download. + +- Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin, + and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure + out if we could include winsock.h which turns out not to be a wise choice to + do on cygwin since it has the file but can't include it! + +Daniel (22 February 2002) +- Added src/config-vms.h to the release archive. + +- Fixed the connection timeout value again, the change from February 18 wasn't + complete. + +Version 7.9.5-pre3 + +Daniel (21 February 2002) +- Kevin Roth and Andrés García both found out that lib/config.h.in was missing + in the pre-release archive and thus the configure script failed. + +Version 7.9.5-pre2 + +Daniel (20 February 2002) +- Andrés García provided a solution to bug report #515228. the total time + counter was not set correctly when -I was used during some conditions (all + headers were read in one single read). + +- Nico Baggus provided a huge patch with minor tweaks all over to make curl + compile nicely on VMS. + +Daniel (19 February 2002) +- Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the + getaddrinfo() calls, he could speed up some name resolving calls with an + order of magnitudes on his Redhat Linux 7.2. + +- Philip Gladstone found a second INADDR_NONE problem where we used long + intead of in_addr_t which caused 64bit problemos. We really shouldn't define + that on two different places. + +Daniel (18 February 2002) +- Philip Gladstone found a problem in how HTTP requests were sent if the + request couldn't be sent all at once. + +- Emil found and corrected a bad connection timeout comparison that made curl + use the longest of connect-timeout and timout as a timeout value, instead of + the shortest as it was supposed to! + +- Aron Roberts provided updated information about LDAP URL syntax to go into + the manual as a replacement for the old references. + +Daniel (17 February 2002) +- Philip Gladstone pointed out two missing include files that made curl core + dump on 64bit architectures. We need to pay more attention on these details. + It is *lethal* to for example forget the malloc() prototype, as 'int' is + 32bit and malloc() must return a 64bit pointer on these platforms. + +- Giaslas Georgios fixed a problem with Host: headers on repeated requests on + the same handle using a proxy. + +Daniel (8 February 2002) +- Hanno L. Kranzhoff accurately found out that disabling the Expect: header + when doing multipart formposts didn't work very well. It disabled other + parts of the request header too, resulting in a broken header. When I fixed + this, I also noticed that the Content-Type wasn't possible to disable. It is + now, even though it probably is really stupid to try to do this (because of + the boundary string that is included in the internally generated header, + used as form part separator.) + +Daniel (7 February 2002) +- I moved the config*.h files from the root directory to the lib/ directory. + +- I've added the new test suite HTTP server to the CVS repository, It seems to + work pretty good now, but we must make it get used by the test scripts + properly and then we need to make sure that it compiles, builds and runs on + most operating systems. + +Version 7.9.5-pre1 + +Daniel (6 February 2002) +- Miklos Nemeth provided updated windows makefiles and INSTALL docs. + +- Mr Larry Fahnoe found a problem with formposts and I managed to track down + and patch this bug. This was actually two bugs, as the posted size was also + said to be two bytes too large. + +- Brent Beardsley found out and brought a correction for the + CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I + accidentaly broke Giaslas Georgios' patch. + +Daniel (5 February 2002) +- Kevin Roth found yet another SSL download problem. + +Version 7.9.4 + +- no changes since pre-release + +Version 7.9.4-pre2 + +Daniel (3 February 2002) +- Eric Melville provided a few spelling corrections in the curl man page. + +Daniel (1 February 2002) +- Andreas Damm corrected the unconditional use of gmtime() in getdate, it now + uses gmtime_r() on all hosts that have it. + +Daniel (31 January 2002) +- An anonymous bug report identified a problem in the DNS caching which made it + sometimes allocate one byte too little to store the cache entry in. This + happened when the port number started with 1! + +- Albert Chin provided a patch that improves the gethostbyname_r() configure + check on HP-UX 11.00. + +Version 7.9.4-pre1 + +Daniel (30 January 2002) +- Georg Horn found another way the SSL reading failed due to the non-blocking + state of the sockets! I fixed. + +Daniel (29 January 2002) +- Multipart formposts now send the full request properly, including the CRLF. + They were previously treated as part of the post data. + +- The upload byte counter bugged. + +- T. Bharath pointed out that we seed SSL on every connect, which is a time- + consuming operation that should only be needed to do once. We patched + libcurl to now only seed on the first connect when unseeded. The seeded + status is global so it'll now only happen once during a program's life time. + + If the random_file or egdsocket is set, the seed will be re-made though. + +- Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets + curl_easy_getinfo() read the content-type from the previous request. + +Daniel (28 January 2002) +- Kjetil Jacobsen found a way to crash curl and after much debugging, it + turned out it was a IPv4-linux only problem introduced in 7.9.3 related to + name resolving. + +- Andreas Damm posted a huge patch that made the curl_getdate() function fully + reentrant! + +- Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with + CURLOPT_POSTFIELDS. You can now! + +Daniel (25 January 2002) +- Krishnendu Majumdar pointed out that the header length counter was not reset + between multiple requests on the same handle. + +- Pedro Neves rightfully questioned why curl always append \r\n to the data + that is sent in HTTP POST requests. Unfortunately, this broke the test suite + as the test HTTP server is lame enough not to deal with this... :-O + +- Following Location: headers when the connection didn't close didn't work as + libcurl didn't properly stop reading. This problem was added in 7.9.3 due to + the restructured internals. 'Frank' posted a bug report about this. + +Daniel (24 January 2002) +- Kevin Roth very quickly spotted that we wrongly installed the example + programs that were built in the multi directory, when 'make install' was + used. :-/ + +Version 7.9.3 + +Daniel (23 January 2002) +- Andrés García found a persistancy problem when doing HTTP HEAD, that made + curl "hang" until the connection was closed by the server. This problem has + been introduced in 7.9.3 due to internal rewrites, this was not present in + 7.9.2. + +Version 7.9.3-pre4 + +Daniel (19 January 2002) +- Antonio filed bug report #505514 and provided a fix! When doing multipart + formposts, libcurl would include an error text in the actual post if a + specified file wasn't found. This is not libcurl's job. Instead we add an + empty part. + +Daniel (18 January 2002) +- Played around with stricter compiler warnings for gcc (when ./configure + --enable-debug is used) and changed some minor things to stop the warnings. + +- Commented out the 'long long' and 'long double' checks in configure.in, as + we don't currently use them anyway and the code in lib/mprintf.c that use + them causes warnings. + +- Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how + to correct them. Two compiler warnings were removed as well. + +- Andrés García fixed two minor mingw32 building problems. + +Version 7.9.3-pre3 + +Daniel (17 January 2002) +- docs/libcurl-the-guide is a new tutorial for our libcurl programming + friends. + +- Richard Archer brought back the ability to compile and build with OpenSSL + versions before 0.9.5. + [http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976] + +- The DNS cache code didn't take the port number into account, which made it + work rather bad on IPv6-enabled hosts (especially when doing passive + FTP). Sterling fixed it. + +Daniel (16 January 2002) +- Georg Horn could make a transfer time-out without error text. I found it and + corrected it. + +- SSL writes didn't work, they return an uninitialized value that caused + havoc all over. Georg Horn experienced this. + +- Kevin Roth patched the curl_version() function to use the proper OpenSSL + function for version information. This way, curl will report the version of + the SSL library actually running right now, not the one that had its headers + installed when libcurl was built. Mainly intersting when running with shared + OpenSSL libraries. + +Version 7.9.3-pre2 + +Daniel (16 January 2002) +- Mofied the main transfer loop and related stuff to deal with non-blocking + sockets in the upload section. While doing this, I've now separated the + connection oriented buffers to have one for downloads and one for uploads + (as two can happen simultaneously). I also shrunk the buffers to 20K + each. As we have a scratch buffer twice the size of the upload buffer, we + arrived at 80K for buffers compared with the previous 150K. + +- Added the --cc option to curl-config command as it enables so very cool + one-liners. Have a go a this one, building the simple.c example: + + $ `curl-config --cc --cflags --libs` -o example simple.c + +Daniel (14 January 2002) +- I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we + only need to address all writes (send) too and then I'm ready for another + pre-release... + +- Stoned Elipot patched the in_addr_t configure test to make it work better on + more platforms. + +Daniel (9 January 2002) +- Cris Bailiff found out that filling up curl's SSL session cache caused a + crash! + +- Posted the curl questionnaire on the web site. If you haven't posted your + opinions there yet, go there and do it now while it is still there: + + http://curl.haxx.se/q/ + +- Georg Horn quickly found out that the SSL reading no longer worked as + supposed since the switch to non-blocking sockets. I've made a quick patch + (for reading only) but we should improve it even further. + +Version 7.9.3-pre1 + +Daniel (7 January 2002) +- I made the 'bool' typedef use an "unsigned char". It makes it the same on + all platforms, no matter what the platform thinks the default format for + char is. This was noticed since we made a silly comparison involving such a + bool variable, and only one compiler/platform combination (on Debian Linux) + complained about it (that happened to have its char unsigned by default). + +- Bug report #495290 identified a cookie parsing problem that was corrected. + When a Set-Cookie: line is received without a trailing semicolon, libcurl + didn't read the last "name=value" pair of the line, leading to confusions... + +- Sterling committed his updated DNS cache code. + +- I worked with Georg Horn and comments from Götz Babin-Ebell and switched + curl's socket operations completely over to non-blocking for the entire + operation (previously we used non-blocking only for the connection phase). + We had to do this to make the SSL connection phase timeout properly without + the use of signals. A little extra code to deal with this was added. + +- T. Bharath pointed out a slightly obscure cookie engine flaw. + +- Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should. + 204-replies never provides a response-body. This resulted in bad persistant + behavior when 204 was received. + +Daniel (5 January 2002) +- SM updated the VC++ library Makefiles for the new source files. + +Daniel (4 January 2002) +- I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in + two places in the source code). One happened with VERBOSE set on connects, + and the other when VERBOSE was on and krb4 over nat was used... I honestly + don't think anyone has suffered from these mistakes. + +- I replaced a lot of silly occurances of printf() to instead use the more + appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were + affected. + +- Philip Gladstone found a few more problems with 64-bit archs (the 64-bit + sparc on solaris 8). + +- After discussions on the libcurl list with Raoul Cridlig, I just made FTP + response lines get passed to the header callback if such a one is + registered. It'll make it possible for any application to get all the + responses an FTP server sends to libcurl. + +Daniel (3 January 2002) +- Sterling Hughes brought a few buckets of code. Now, libcurl will + automatically cache DNS lookups and re-use the previous results first if any + such is available. It greatly improves speed when doing many repeated + operations to the same host. + +- As the test case uses --include and then --head, I had to modify src/main.c + to deal with this situation slightly better than previously. When done, we + have 100% good tests again in the main branch. + +Daniel (2 January 2002) +- Made test case 25 run again in the multi-dev branch. But it seems that the + changes done on dec-20 made test case 104 cease to work (in both branches). + +- Philip Gladstone pointed out a few portability problems in the source code + that didn't compile on 64-bit sparcs using Sun's native compiler. +Daniel (20 December 2001) +- Björn Stenberg caught an unpleasent (but hard-to-find) bug that could cause + libcurl to hang on transfers over proxy, when the proxy was specified with + an environment variable! + +- Added code to make ftp operations treat the NO_BODY and HEADERS options + better: + + NO_BODY set TRUE and HEADERS set TRUE: + Return a set of headers with file info + + NO_BODY set FALSE + Transfer data as usual, HEADERS is ignored + + NO_BODY set TRUE and HEADERS set FALSE + Don't transfer any data, don't return any headers. Just perform the set + of FTP commands. + +Daniel (17 December 2001) +- Götz Babin-Ebell dove into the dark dungeons of the OpenSSL ENGINE stuff and + made libcurl support it! This allows libcurl to do SSL connections with the + private key stored in external hardware. + + To make this good, he had to add a bunch of new library options that'll be + useful to others as well: + + CURLOPT_SSLCERTTYPE set SSL cert type (PEM/DER) + CURLOPT_SSLKEY set SSL private key (file) + CURLOPT_SSLKEYTYPE: set SSL key type (PEM/DER/ENG) + CURLOPT_SSLKEYPASSWD: set the passphrase for your private key + (CURLOPT_SSLCERTPASSWD is an alias) + CURLOPT_SSLENGINE: set the name of the crypto engine + (returns CURLE_SSL_ENGINE_NOTFOUND on error) + CURLOPT_SSLENGINE_DEFAULT: set the default engine + + There are two new failure codes: + + CURLE_SSL_ENGINE_NOTFOUND + CURLE_SSL_ENGINE_SETFAILED + +Daniel (14 December 2001) +- We have "branched" the source-tree at a few places. Checkout the CVS sources + with the 'multi-dev' label to get the latest multi interface development + tree. The idea is to only branch affected files and to restrict the branch + to the v8 multi interface development only. + + *NOTE* that if we get bug reports and patches etc, we might need to apply + them in both branches! + + The multi-dev branch is what we are gonna use as main branch in the future + if it turns out successful. Thus, we must maintain both now in case we need + them. The current main branch will be used if we want to release a 7.9.3 or + perhaps a 7.10 release before version 8. Which is very likely. + +- Marcus Webster provided code for the new CURLFORM_CONTENTHEADER option for + curl_formadd(), that lets an application add a set of headers for that + particular part in a multipart/form-post. He also provided a section to the + man page that describes the new option. + +Daniel (11 December 2001) +- Ben Greear made me aware of the fact that the Curl_failf() usage internally + was a bit sloppy with adding newlines or not to the error messages. Let's + once and for all say that they do not belong there! + +- When uploading files with -T to give a local file name, and you end the URL + with a slash to have the local file name used remote too, we now no longer + use the local directory as well. Only the file part of the -T file name + will be appended to the right of the slash in the URL. + +Daniel (7 December 2001) +- Michal Bonino pointed out that Digital Unix doesn't have gmtime_r so the + link failed. Added a configure check and corrected source code. + +Version 7.9.2 + +Daniel (5 December 2001) +- Jon Travis found out that if you used libcurl and CURLOPT_UPLOAD and then + on the same handle used CURLOPT_HTTPGET it would still attempt to upload. + His suggested fix was perfect. + +Daniel (4 December 2001) +- Incorporated more macos fixes and added four specific files in a new + subdirectory below src. + +Daniel (3 December 2001) +- Eric Lavigne reported two problems: + + First one in the curl_strnequal() function. I think this problem is rather + macos 9 specific, as most platform provides a function to use instead of the + one provided by libcurl. + + A second, more important, was in the way we take care of FTP responses. The + code would read a large chunk of data and search for the end-of-response + line within that chunk. When found, it would just skip the rest of the + data. However, when the network connections are special, or perhaps the + server is, we could actually get more than one response in that chunk of + data so that when the next invoke to this function was done, the response + had already been read and thrown away. Now, we cache the data not used in + one call, as it could be useful in the subsequent call. Test case 126 was + added and the test ftp server modified, to exercise this particular case. + +Version 7.9.2-pre8 + +Daniel (2 December 2001) +- Bug report #487825 correctly identified a problem when using a proxy and + following a redirection from HTTP to HTTPS. libcurl then re-used the same + proxy connection but without doing a proper HTTPS request. + +- Fixed win32 compiling quirks. + +Version 7.9.2-pre7 + +Daniel (30 November 2001) +- Documented --disable-epsv and CURLOPT_FTP_USE_EPSV. + +Daniel (29 November 2001) +- Added --disable-epsv as an option. When used, curl won't attempt to use the + EPSV command when doing passive FTP downloads. Wrote a test case for it. + +- Eric provided a few more fixes for building on Macs. He also pointed out + a flaw in the signal handler restoration code. + +Daniel (28 November 2001) +- Fiddled with some Tru64 problems reported by Dimitris Sarris. They appeared + only when using VERBOSE ftp transfers. Do we use a too small buffer for + gethostbyaddr_r(), was the lack of using in_addr_t wrong or is it that the + hostent struct must be blanked before use? With Dimitris help and these + patches, the problems seem to be history. + +- CURLOPT_FTP_USE_EPSV was added and can be set to FALSE to prevent libcurl + from using the EPSV command before trying the normal PASV. Heikki Korpela + pointed out that some firewalls and similar don't like the EPSV so we must + be able to shut if off to work everywhere. + +- I added a configure check for 'in_addr_t' and made the ftp code use that to + receive the inet_addr() return code in. Works on Solaris and Linux at + least. The Linux man page for inet_addr() doesn't even mention in_addr_t... + +- Adjusted (almost) all FTP tests to the new command sequence. + +- FTP command sequence changes: + + EPSV is now always attempted before PASV. It is the final touch to make IPv6 + passive FTP downloads to work, but EPSV is not restricted to IPv6 but works + fine with IPv4 too on the servers that support it. + + SIZE is now always issued before RETR. It makes curl know the actual + download size before the download takes place, as it makes it less important + to find the size sent in RETR responses. Many sites don't include the size + in there. + + Both these changes made it necessary to change the test suite's ftp server + code, and all FTP test cases need to be checked and adjusted! + +Daniel (27 November 2001) +- Hans Steegers pointed out that the telnet code read from stdout, not stdin + as it is supposed to do! + +Version 7.9.2-pre6 + +Daniel (27 November 2001) +- Eric Lavigne's minor changes to build on MacOS before OS X were applied. + +- greep at mindspring.com provided a main index.html page for our release + archive docs directory. It just links to all the existing HTML files, but + I think it may come useful to people. + +- There's now some initial code to support the EPSV FTP command. That should + be used to do passive transfers IPv6-style. The code is still #if 0'ed in + lib/ftp.c as I have no IPv6 ftp server to test this with. + +Daniel (26 November 2001) +- Robert Schlabbach had problems to understand how to do resumed transfers, + and I clarified the man page -C section somewhat. + +Version 7.9.2-pre5 + +Daniel (22 November 2001) +- Andrés García helped me out to track down the roots of bug report #479537, + which was concerning curl returning the wrong error code when failing to + connect. This didn't happen on all systems, and more specificly I've so far + only seen this happen on IPv4-only Linux hosts. + +- I applied the fixes for the two bugs Eric Lavigne found when doing his MacOS + port. A missing comma in arpa_telnet.h and a pretty wild write in the FTP + response reader function. The latter write is however likely to occur in our + own buffer unless very big FTP server replies (>25K) are read. I've never + seen such a reply ever, so I think this is a relatively minor risk. + +Daniel (21 November 2001) +- Moonesamy provided code to prevent junk from being output when libcurl + returns an error code but no error description and that corrects how make is + run in the Makefile.dist file (that appears as root Makefile in release + archives). + +- Eric Lavigne mailed me bugfixes and patches for building libcurl on MacOS + (non-X). + +- Kevin Roth modified the cygwin files once again, now to build against the + shared OpenSSL DLLs. + +Version 7.9.2-pre4 + +Daniel (20 November 2001) +- Georg Horn brought a patch that introduced CURLINFO_STARTTRANSFER_TIME, + complete with man page updates! + +Daniel (19 November 2001) +- Miklos Nemeth provided details enough to update the Borland makefile + properly. + +- Lars M Gustafsson found a case with a bad free(). In fact, it was so bad I'm + amazed we never saw this before! + +- Kevin Roth patched the cygwin Makfile. + +Daniel (16 November 2001) +- Klevtsov Vadim fixed a bug in how time-conditionals were sent when doing + HTTP. + +Version 7.9.2-pre3 + +Daniel (14 November 2001) +- Samuel Listopad patched away the problem with SSL we got when someone call + curl_global_init() => curl_global_cleanup() => curl_global_init(). The + second init would not "take" and SSL would be unusable with curl from that + point. This doesn't change the fact that calling the functions that way is + wrong. curl_global_init() should be called exactly once and not more. + +Daniel (13 November 2001) +- Fixed some minor variable type mixups in ftp.c that caused compiler warnings + on HP-UX 11.00. + +- The FTP fix I did yesterday used an uninitialized variable that caused + spurious errors when doing FTP. + +Version 7.9.2-pre2 + +Daniel (12 November 2001) +- Ricardo Cadime fell over a multiple-requests problem when first a FTP + directory fetch failed and then a second request is made after that. The + second request happened to get the FTP server response back from the + previous request, when it did its initial CWD command. + +- Bjorn Reese pointed out that we could improve the time diff function to + prevent truncation a bit. + +- Kai-Uwe Rommel made me aware that -p (http proxy tunnel) silly enough didn't + work for plain HTTP requests! So I made that work. + +Version 7.9.2-pre1 + +Daniel (12 November 2001) +- Rewrote the Curl_ConnectHTTPProxyTunnel(). It should now not only work a lot + faster, it should also support such ("broken") proxies that John Lask + previously have reported problems with. His proxy sends a trailing zero byte + after the end of the (proxy-) headers. I've tested this myself and it seems + to work on a proxy the previous version also worked with...! This rewrite is + due to the problems John Lask previously experienced. + +- Andrés García found out why the "current speed" meter sometimes showed 2048K + for very quick transfers. It turned out the "time diff"-function returned a + zero millisecond diff. We now always say it is at least one millisecond! In + reality, these timers very rarely have that good resolution so even though + the time diff was longer than 1 millisecond, it was reported as no diff. + +- I also modified the getinfo() again when returning times, as Paul Harrington + reports that 7.9.1 only returns times with 1 second accuracy, which indeed + is wrong. + +Daniel (8 November 2001) +- Marcus Webster found out that curl_formadd() could read one byte outside a + buffer boundary, which then of course could lead to a crash. Marcus also + gracefully provided a patch for this this. + +- Glen Scott ran configure on his Cobalt Qube and it didn't figure out the + correct way of calling gethostbyname_r() and thus failed to resolve hosts. + This is two errors: it shouldn't continue the configure script if it finds + gethostbyname_r() but can't figure out how to use it, and it should really + figure out how to use it as it was running Linux and we know how that + works... + +Daniel (7 November 2001) +- docs/VERSIONS is a new file in the archive that explains the version number + system we use in the curl project. + +- Did some more fixes that now makes libcurl only ignore signals as long as + it needs to, and then restore (if any) previous signal handler again. + +Daniel (6 November 2001) +- Enrik Berkhan posted bug report #478780, in which he very correctly pointed + out two bad timeout matters in libcurl: we didn't restore the sigaction + struct (the alarm handler for SIGALRM) nor did we restore the previous + alarm() timeout that could've been set by a "parent" process or similar. + +- Kevin Roth made the cygwin binary get stripped before install. + +Daniel (5 November 2001) +- Detlef Schmier reported that curl didn't compile using Solaris 8 with the + native cc compiler. It was due to a bad function prototype. Fixed now. + Unfortunately, I can't enable the -Wstrict-prototypes in my debug builds + though, as gcc then complains like crazy on OpenSSL include files... :-( + +- John Lask provided SSL over HTTP proxy fixes. They'll need some tweaking + to work on all platforms. + +- John Lask added the -1/--TLSv1 options that forces SSL into using TLS + version 1 when speaking HTTPS. + +- John Lask brought a brand new VC++ makefile for the lib directory, that + works a lot better than the previous! + +- Ramana Mokkapati brought some clever insights on the LDAP failures (bug + report #475407), and his suggested changes are now applied. + +Version 7.9.1 + +Daniel (4 November 2001) +- I've added a number of new test cases the last few days. A few of them since + I got reports that hinted on problems on timeouts, so I added four tests + with timeouts for all sorts of protocols and stuff. I also came to think of + a few other error scenarios that we currently didn't test properly, so I + wrote up tests for a few of those too. + +Daniel (2 November 2001) +- Replaced read() and write() with recv() and send() for socket operations + even under normal unixes. + +Daniel (1 November 2001) +- When an FTP transfer was aborted due to a timeout, it wasn't really aware of + how many bytes that had been transferred and the error text always said 0 + bytes. I modified this to output the actually transferred amount! :-) + +- The FTP fixes in pre7 didn't compile on IPv6 enabled hosts. Does now. I also + added more comments in the lib/ftp.c source file. + +- Minor updates to the FAQ, added a brand new section to the web site about + the name issue (who owns "curl"? will someone sue us? etc etc): + http://curl.haxx.se/legal/thename.html + +Version 7.9.1-pre7 + +Daniel (31 October 2001) +- The curl_easy_getinfo() timers accidentally lost their subsecond accuracy as + the calculations used longs instead of doubles! Paul Harrington reported. + +- The SSL SocketIsDead() checks weren't good enough (as expected really), so I + had to add a generic internal try-it-out system. If the request on a re-used + connection seems to fail, then we go back and get a new (fresh) connection + and re-tries the request on that instead. It kind of makes the + SocketIsDead() check obsolete, but I think it is a quicker way for those + cases where it actually discovers that the connection is dead. + +- When fixing the above, I noticed that we did quite a few writes to sockets + in libcurl where we didn't check the return code (that it actually worked to + send the data). With the new "attempted request" system we must detect those + situations so I went over a bunch of functions, changed return types and + added checks for what they actually return. + +Version 7.9.1-pre6 + +Daniel (31 October 2001) +- Paul Harrington detected a problem with persistant SSL connections. Or to be + more exact, we didn't properly detect that the connection was dead and then + a second connection would try to re-use it wrongly. The solution to this + problem is still not very clear and I'm working on it. One OpenSSL insider + said there is no way to know if the SSL connection is alive or not without + actually trying an operation. + +Daniel (30 October 2001) +- If a cookie was read from a file, it could accidentally strdup() a NULL + pointer. Paul Harrington reported. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.25&r2=1.26] + +- The MANUAL file now documents -t correctly. I also fixed the -T description + in the curl.1 man page. + +Daniel (29 October 2001) +- John Janssen found out that curl_formadd was missing in the libcurl.def file + and that the docs stated the wrong return type for the function. + +- Andrés García found a bug with multiple files in the curl_formadd() function, + that I removed with this patch [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/formdata.c.diff?r1=1.25&r2=1.26]. + +- Kevin Roth brought another patch that moved the cygwin package files to the + packages/Win32/cygwin directory. + +- A bug in the connection re-use logic made repeated requests to the same FTP + server (when using name+pasword in the URL) sometimes use more than one + connection. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/url.c.diff?r1=1.166&r2=1.167] + +- Moonesamy tracked down and fixed a problem with the new 7.9.1 connect + code. This corrected the error Kevin Roth reported on the 7.9.1-pre5 release + (test 19)... + [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/connect.c.diff?r1=1.13&r2=1.14] + +Daniel (26 October 2001) +- Added test28 which verifies that "Location:"-following works even if the + contents is separated with more than one space. + +Daniel (25 October 2001) +- Ramana Mokkapati pointed out that LDAP transfers would 'hang' after the + correct data has been output. + +Version 7.9.1-pre5 + +Daniel (24 October 2001) +- T. Bharath found a memory leak in the cookie engine. When we update a cookie + that we already knew about, we lost a chunk of memory in the progress... The + brand new test case 27 now tests for this occurrence. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/cookie.c.diff?r1=1.24&r2=1.25] + +Daniel (23 October 2001) +- pack_hostent() didn't properly align some pointers, so at least SPARC CPUs + would core. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/hostip.c.diff?r1=1.34&r2=1.35] + +Daniel (22 October 2001) +- Tom Benoist reported that this SGI IRIX compiler didn't handle indented + preprocessor instructions, so they're no longer in the source code! + +- Applied Kevin Roth's patches to make it easier to build cygwin packages from + the out-of-the-box curl release archives. + +- I forgot to mention it below, but libcurl now closes connections that report + transfer failures. Unconditionally. This could be made more nicely in the + future if we set a flag or something that the connection is still good to be + used for the errors that know that for a fact. We have to close the + connection for the cases where we abort for example a HTTP transfer in the + middle, or otherwise we might re-use that connection later with lots of data + still being sent to us on it. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.63&r2=1.64] + +Daniel (19 October 2001) +- CURLE_GOT_NOTHING is now returned when a HTTP server doesn't return + anything, not even a header. test case 37 was added to test for this. + +- T. Bharath made curl_easy_duphandle() properly clone the cookie status as + well. + +Version 7.9.1-pre4 + +Daniel (18 October 2001) +- CURLOPT_FAILONERROR, set with "curl --fail" no longer returns an error if + the HTTP return code is below 400. + +Daniel (17 October 2001) +- The test suite now kills any running test http server when you re-start the + tests. + +- We had to remove 'use strict' from two perl scripts, as the cygwin + adjustments didn't play nicely otherwise for some reason. Any perl wizard + out there who can put the scrict back and still make it run good on unix and + cygwin? + +- A potential memory leak pointed out to us by Yanick Pelletier was removed. + It would occur when a http file transfer fails. [http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/curl/curl/lib/transfer.c.diff?r1=1.60&r2=1.61] + +- The memory debugging system should no longer display anything to stderr + if the curl_memdebug() hasn't been used to explicitly say so. This makes it + easier to use the memory debug system and switch the logging on/off. + +Daniel (16 October 2001) +- Kevin Roth provided fixes for building curl nicer in cygwin environments. + +Daniel (12 October 2001) +- Cleaning up the progress meter/info code. The "current speed" is now more + accurate than before as we now use the true time spent between the measures, + and not just "assuming" every-second-update like before. The output should + now also be of the same width at all times, never to show "extra" zeroes on + the right edge. + +- After talking about possible Location: bugs on the mailing list, I modified + the "absolute URL" checker in lib/transfer.c to be more strict when checking + if the redirected URL is absolute. + +Daniel (11 October 2001) +- Kevin Roth provided patches that make the test suite run fine on Windows + 2000 running cygwin. + +Daniel (10 October 2001) +- Setting the -c or the CURLOPT_COOKIEJAR option now enables the cookie parser. + Previously -b or CURLOPT_COOKIEFILE was also required for the jar to work. + +Version 7.9.1-pre3 + +Daniel (9 October 2001) +- Added a new option to the command line client: -0/--http1.0. It uses the new + libcurl option CURLOPT_HTTP_VERSION to request that libcurl uses HTTP 1.0 + requests instead of the default version (1.1). It should only be used if you + really MUST do that because of a silly remote server. + +- Renamed the 'TimeCond' typedef in curl/curl.h to use a 'curl_' prefix as + all public curl-symbols should. + +- libcurl now explicitly ignores the SIGPIPE signal. + +Daniel (8 October 2001) +- Kevin Roth's change to the cookie-jar comment (in the stored file) was + applied. + +- Lucas Adamski's minor bug in the bind error code failf() was fixed. + +Daniel (5 October 2001) +- Moonesamy fixed the Curl_connecthost() function to not give compiler errors + on a bunch of compilers, due to the argument named 'socket'. + +- Moonesamy also provided updated VC++ makefiles and project files. + +Version 7.9.1-pre2 + +Daniel (4 October 2001) +- Albert Chin provided a configure patch that makes the script detect proper + gethostbyname_r() method without actually running any code, only compiling + is necessary. This also removes the need of having a resolving 'localhost' + name. + +- Found and removed memory leakage (name resolve data) in libcurl on + IPv6-enabled hosts. These could sneak through because we didn't have any + resource tracing on the IPv6-related functions. We do now. + +Daniel (3 October 2001) +- Keith McGuigan patched away a (mainly Windows-) problem with the name + resolver data being kept in the static memory area, which is removed when a + thread is killed. The curl handle itself though perfectly handles being + passed between threads. + +- Dirk Eddelbuettel reported an odd bug that turned out to be his proxy that + required an Authorization: header. Now, proxies are not supposed to require + that header, that is for true servers... + +- I accidentally ruined Georg's curl_formadd(). Uh, bad me. Corrected now. + +Version 7.9.1-pre1 + +Daniel (3 October 2001) +- Georg Huettenegger once again made an effort beyond the call of duty and not + only improved the curl_formadd() function, but also took care of adjusting + the curl command line client to use this new function instead of the + obsoleted curl_formparse. + +Daniel (2 October 2001) +- Major fix in how libcurl does TCP connects. It now does non-blocking + connects to enable good timeouts without signals, and it now tries all IP + addresses for any given host (if it resolves more than one and the first + one(s) don't connect). Added a new source file 'connect.c' to deal with all + the TCP connect stuff. + +- We now support IPv4-style IP-addresses in rfc2732-format, to better support + people writing scripts without knowing what address there is. + +Daniel (28 September 2001) +- Cleanups in the FTP source code. Divided the code into even more smaller + functions and generally tried to make the differences between IPv4 and IPv6 + get less noticable in the sources. + +- If the remote file time is not readable/accessable/understood by libcurl, + libcurl now returns -1 in the CURLINFO_FILETIME data, not 0 as it previously + did. This should make curl not touch the file data unless there was a known + remote date when -R is used. + +Daniel (27 September 2001) +- Working on getting non-blocking connects working platform independent. We + will also make curl try all IPs for a given host if the first one should + fail. + +Daniel (26 September 2001) +- Kevin Roth provided a cookie example that proved the cookie jar + functionality wasn't working properly. I added test case 46 and made it + work. + +Daniel (25 September 2001) +- Jörn Hartroth updated the mingw32 makefiles. + +Version 7.9 + +Daniel (23 September 2001) +- Found and removed a 'socket leak' that would occur on IPv6 enabled hosts + when FTP RETR failed. + +- Made the FTP upload tests run fine on machines with IPv6 enabled. + +Version 7.9-pre8 + +Daniel (19 September 2001) +- Vojtech Minarik set up a special-purpose test server and provided me with + test certificates in order for me to repeat the bug reports #440068 and + #440373. It turned out we didn't check all the error codes properly. We do + now, and connecting with a unacceptable certificate will make libcurl fail + to connect with an error code returned. + +- Ramana Mokkapati found a case when the Location: following code did wrong. + I wrote a test case for this (45). + +Version 7.9-pre7 + +Daniel (17 September 2001) +- Linus Nielsen Feltzing fixed telnet for win32. It makes libcurl require + winsock 2.0. + +Version 7.9-pre6 + +- libtool 1.4.2 is now in use! + +Version 7.9-pre5 + +Daniel (14 September 2001) +- Added another 14 ftp tests. + +Daniel (13 September 2001) +- Added curl_easy_duphandle() to the easy.h header file. It has now been + tested and proved to work in a real-world tests by T Bharath. We still need + to write up some docs for this function. + +- Added four more ftp tests to the test suite. + +Daniel (12 September 2001) +- CURLOPT_SSL_CIPHER_LIST was added, and the curl tool option is named + --ciphers. Use them to specify a list of ciphers to use in the SSL + connection. + +- T. Bharath found a memory leak in libcurl's windows version. It turned out + to be the new duphandle() that didn't quite work yet. + +Version 7.9-pre4 + +Daniel (11 September 2001) +- Added verbose output for SSL connections that output the server + certificate's start and expire dates. As suggested by Paul Harrington. + +- Heikki Korpela found problems in the perl ftp server used for the test + suite, when he runs on on OpenBSD with perl 5.6. Some changes have been + made, but nothing really certain. + +- T. Bharath has experienced problems with libcurl's stack usage on windows + and works on reducing it. + +Daniel (10 September 2001) +- Cris Bailiff fixed the perl interface. It stopped working since the changed + behavior with WRITEHEADER and NULL pointers. + +- The "output cookies" function could dump core if no cookies were enabled. + +Daniel (7 September 2001) +- SM pointed out that the SSL code didn't compile any longer if SSL was + disabled... Also, we needed to correct the #include for the utime stuff on + windows. + +Daniel (6 September 2001) +- T. Bharath pointed out a flaw in the SSL session cache code that made it + sometimes read from a NULL pointer. + +Version 7.9-pre3 + +Daniel (3 September 2001) +- Added the -R/--remote-time option, that uses the remote file's datestamp to + set the local file's datestamp. Thus, when you get a remote file your local + file will get the same time and date. Note that this only works when you use + -o or -O. + +- Installed libtool 1.4.1, libtoolized and everything. + +Daniel (1 September 2001) +- Heikki Korpela pointed out that I did not ship the proper libtool stuff in + the pre-releases, even though that was my intention. libtoolize has now + been re-run. + +- Heikki also patched away the bad use of 'make -C' in the test suite + makefile. make -C is not very portable and is now banned from here. + +Version 7.9-pre2 + +Daniel (31 August 2001) +- I just made a huge internal struct rehaul, and all the big internally used + structs have been renamed, redesigned and stuff have been moved around a bit + to make the source easier to follow, more logically grouped and to hopefully + decrease future bugs. I also hope that this will make new functions to get + easier to add, and make it less likely that we have bugs left like the URL- + free bug from August 23. + +Version 7.9-pre1 + +Daniel (29 August 2001) +- The new cookie code have enabled the brand new '-c/--cookie-jar' option. Use + that to specify the file name in which you want to have all cookies curl + knows of, dumped to. It'll be written using the netscape cookie format. + + This is internally done with the new CURLOPT_COOKIEJAR option to libcurl, + which in turn dumps this information when curl_easy_cleanup() is invoked. + There might be reasons to re-consider my choice of putting it there. Perhaps + it is better placed to get done just before *_perform() is done. It is all + of course depending on how you guys want to use this feature... + +- Added ftpupload.c in the source examples section, based on source code posted + by Erick Nuwendam. + +Daniel (28 August 2001) +- Now running libtool CVS branch-1-4 to generate stuff. Should fix problems + on OpenBSD and hopefully on FreeBSD as well! + +- Georg Huettenegger modified the curl_formadd() functionality slightly, and + added support for error code 417 when doing form post and using the Expect: + header. Great work! + +- Made some tests with cached SSL session IDs, and they seem to work. There + should be a significant speed improvement in the SSL connection phase, but + in my tiny tests it just isn't possible to notice any difference. Like other + caching in libcurl, you must reuse the same handle for the caching to take + effect. SSL session ID caching is done on a per host-name and destination + port number basis. + + Set verbose, and you'll get informational tests when libcurl detects and + uses a previous SSL session ID. + +- Upgraded to automake 1.5 on my development/release machine. + +Daniel (27 August 2001) +- Slowly started writing SSL session ID caching code + +Daniel (24 August 2001) +- T. Bharath removed compiler warnings on windows and updated the MS project + files. + +- Kevin Roth reported two kinds of command line constructs with the new -G that + curl didn't really deal with the way one would like. + +- Tim Costello patched away a use of strcasecmp() in the SSL code. We have our + own portable version named strequal() that should be used! + +- Tim also pointed out a problem in the lib/Makefile.vc6 file that made it mix + debug object modules causing confusions. + +Daniel (23 August 2001) +- T. Bharath accurately found a libcurl bug that would happen when doing a + second invoke of curl_easy_perform() with a new URL when the previous invoke + followed a Location: header. + +- Started the improvement work on the cookie engine: + - Now keeps cookies in the same order as the cookie file + - A write to the possibly static string was removed + - Added a function that can output all cookies + - Now supports reading multiple cookie files + +- Steve Lhomme corrected a DLL naming issue in the MSVC++ project file. + +- Split up the monster function in lib/ftp.c to use more smallish functions to + increase readability and maintainability. + +Daniel (21 August 2001) +- Georg Huettenegger's big patch was applied. Now we have: + o "Expect: 100-continue" support. We will from now on send that header in + all rfc1867-posts, as that makes us abort much faster when the server + rejects our POST. Posting without the Expect: header is still possible in + the standard replace-internal-header style. + o curl_formadd() is a new formpost building function that is introduced to + replace the now deprecated curl_formparse() function. The latter function + will still hang around for a while, but the curl_formadd() is the new way + and correct way to build form posts. + o Documentation has been updated to reflect these changes + + These changes are reason enough to name the next curl release 7.9... + +- We now convert man pages to HTML pages and include them in the release + archive. For the pleasure of everyone without nroff within reach. + +- Andrés García's suggested flushing of the progress meter output stream was + added. It should make the progress meter look better on Windows. + +- Troy Engel pointed out a mistake in the configure script that made it fail + on many Red Hat boxes! + +Daniel (20 August 2001) +- We need an updated libtool to make a better build environment for OpenBSD + as well as FreeBSD + +Version 7.8.1 + +Daniel (20 August 2001) +- Brad pointed out that we ship two extra libtool files in the tarballs that + we really don't need to! Removing them makes the gz-archive about 60K + smaller! + +- Albert Chin brought fixes for the configure script to detect socklen_t + properly as well as moving lots of our custom autoconf macros to + acinclude.m4. + +Daniel (19 August 2001) +- Moonesamy improved his -G feature for host names only URLs... + +Daniel (17 August 2001) +- Finally cleaned up the kerberos code to use Curl_ prefixes on all global + symbols and to not use global variables. + +Version 7.8.1-pre6 + +Daniel (16 August 2001) +- S. Moonesamy added the -G option to curl, that converts the data specified + with -d to a GET request. Default action when using -d is POST. When -G is + used, the -d specified data will be appended to the URL with a '?' + separator. As suggested previously by Kevin Roth. + +- curl-config --libs should now display all linker options required to link + with libcurl. It includes the path and options for libcurl itself. + curl-config --cflags displays the compiler option(s) needed to compile + source files that use libcurl functions. Basically, that sets the include + path correct. + +Daniel (15 August 2001) +- Arkadiusz Miskiewicz pointed out a mistake in how IPv6-style IP-addresses + were parsed and used. (RFC2732-format) + +- Bug #12733 over on php.net identified a problem in libcurl that made it core + dump if you used CURLOPT_POST without setting any data to post with + CURLOPT_POSTFIELDS! This is no longer the case. Not using CURLOPT_POSTFIELDS + now equals setting it to no data at all. + +- Ramana Mokkapati reported that curl with '-w %{http_code}' didn't work + properly when used for multiple URLs on a single command line. Indeed, the + variable was not reset between the requests. This is now fixed. + +- David James fixed the Borland makefile so that libcurl still compiles and + builds with that compiler. + +Daniel (14 August 2001) +- Oops. I ruined Nico's socklen_t define in config-vms.h, corrected it now. + +- An older item not mentioned here before: CURL_GLOBAL_WIN32 is a define for + windows users to curl_global_init(), that makes libcurl init the winsock + stuff. If libcurl is all socket stuff you do, then allowing it to fiddle + with this is a comfortable shortcut to fame. + +Version 7.8.1-pre5 + +Daniel (14 August 2001) +- Nico Baggus provided more feedback from his VMS porting efforts and a few + minor changes were necessary. + +- I modified configure.in so that --enable-debug sets more picky gcc options. + I then removed almost all the new warnings that appeared, and by doing so I + corrected the size_t-treated-as-signed problem that has been discussed on + the mailing list previously. I also removed a bunch of the just recently + added #ifdef VMS lines. + +- I removed the use of a global variable in the SSL code. It was once + necessary but hasn't been needed since OpenSSL 0.9.4. The old code should + (hopefully) still work if libcurl is built against an ancient version of + OpenSSL. + +Daniel (13 August 2001) +- Peter Todd posted a patch that now allows non-file rc1867-style form posts + to be larger than 4K. + +Daniel (10 August 2001) +- S. Moonesamy fixed bugs for building debug and SSL lib in VC makefile + +Daniel (9 August 2001) +- The redirected error stream was closed before the curl_easy_cleanup() call + was made, and when VERBOSE was enabled, the cleanup function tried to use + the stream. It could lead to a segmentation fault. Also, the stream was + closed even if we looped to get more files. Corrects Dustin Boswell's bug + report #441610 + +- Now generates the release configure script with autoconf 2.52 + +Version 7.8.1-pre4 + +Daniel (8 August 2001) +- curl -E uses a colon to separate a file name from a passphrase. This turned + out really bad for the windows people who wants to include a drive letter in + the file name like "c:\cert.pem". There's now a win32 work-around + implemented that tries work around that, when the colon seems to be used for + this kind of construct. + +- Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST, which makes curl + verify the server's CN field when talking https://. If --cacert is not used, + any failures in matching is only displayed as information (-v). + +Daniel (7 August 2001) +- Wrote up nine more test cases, more or less converted from the former test + suite. + +Daniel (6 August 2001) +- Heikki Korpela posted a patch that makes 'curl-config --libs' include the + directory in which libcurl itself is installed in. While this wasn't my + initial intention with this option, it makes sense and makes linking with + libcurl easier. + +- Stefan Ulrich pointed out to us that other tools and libraries treat file:// + URLs with only one slash after the host name slighly different than libcurl + does. Since all the others seem to agree, we better follow them. + +- Nico Baggus provided us with a huge set of fixes to make curl compile and + build under OpenVMS. + +Version 7.8.1-pre3 + +Daniel (6 August 2001) +- Jonathan Hseu noticed that you couldn't get a header callback unless you + set CURLOPT_WRITEHEADER to non-NULL, even if you didn't care about that + data. This is now fixed. + +Daniel (5 August 2001) +- Sergio Ballestrero provided a patch for reading responses from NCSA httpd + 1.5.x servers, as they return really screwed up response headers when asked + for with HTTP 1.1. + +- curl_escape() no longer treats already encoded characters in the input + string especially. + +Daniel (3 August 2001) +- I replaced the former lib/arpa_telnet.h file with one I wrote myself, to + avoid the BSD annoucement clause of the license in the former file. + +- Andrew Francis provided a new version of base64.c to work around the license + boiler plate that came with the previous one. I patched it, but the glory + should go to Andrew for his heads up. + +- Tomasz Lacki noticed that when you do repeated transfers with libcurl you + couldn't always reliably change HTTP request. This has now been fixed and a + new libcurl option was added: CURLOPT_HTTPGET, that can force the HTTP + requestr (back) to GET. + +- Linus Nielsen Feltzing pointed out that httpsserver.pl wasn't included in + release archives. It should be now. + +Daniel (2 August 2001) +- Frank Keeney pointed out a manual mistake for certificate convertions. + +- Tomasz Lacki pointed out a problem in the transfer loop that could make the + select() loop use far too much CPU. + +- Pawel A. Gajda pointed out an output mistake done when using libcurl's + progress callback. + +Daniel (29 June 2001) +- Naveen Noel noticed that the Borland library makefile wasn't updated. + +- Nic Roets brought a fix for the certificate verification when using SSL. + +Daniel (27 June 2001) +- Made the FTP tests run OK even on machines running curl IPv6-enabled. + +- Troy Engel corrected some RPM package details. + +Version 7.8.1-pre2 + +Daniel (25 June 2001) +- Björn Stenberg correctly identified a problem that occurred when downloading + several files with curl, and using resume. The first file's resume index was + then used for all files, resulting in weird results... + +- Anton Kalmykov provided a fix that makes curl work with form field names + with spaces like when -F is used. + +Version 7.8.1-pre1 + +Daniel (20 June 2001) +- Mike Bytnar provided a fine report that proved that the --with-ssl option + for configure needed tweaking. It no longer searches the default directories + for OpenSSL libs or directories when a specified path is given. + +Daniel (19 June 2001) +- When an FTP transfer is cut off during transfer, curl could present a truly + garbaged error message and in worst case dump core. Thanks to detailed + reports from Shawn Poulson we nailed this. + +Daniel (12 June 2001) +- Salvador Dávila provided a fix for FTP range downloads. + +- Added a few more test cases from the former test suite to the new file + format. We're now at a total of 26 tests. + +Daniel (11 June 2001) +- libcurl's version-info was wrong, as noted by both Domenico Andreoli and + David Odin. + +Daniel (7 June 2001) +- Jörn fixed the curl_unescape duplicate entry in lib/libcurl.def + +- I made SSL certificate failure messages to be more detailed. + +Version 7.8 + +Daniel (7 June 2001) +- SDavila provided a resumed download fix. + +Version 7.8-pre4 + +Daniel (1 June 2001) +- Sterling provided some new PHP examples. + +- Changed the CVS hierarchy and the older checkout instruction does no longer + work. We moved the entire source code into a CVS module named 'curl'. + +Daniel (31 May 2001) +- CURLOPT_MUTE does not exist anymore. It is still present in the include file + to not cause compiler errors for applications using it, but it isn't used + anywhere in the library. + +Version 7.8-pre3 + +Daniel (31 May 2001) +- Once and for all fixed the _REENTRANT mess for Solaris compiles to present + less warnings. + +- Sterling Hughes tirelessly points out and corrects my mistakes...! So, + curl_global_init() now lets the argument flags *SET* what parts to + init. CURL_GLOBAL_DEFAULT makes a nice default, CURL_GLOBAL_ALL inits all + known subsystems and CURL_GLOBAL_NONE inits nothing more than absolutely + necessary. Man page updated accordingly. + +- Fixed the strtok.h include file as it wouldn't compile on all platforms! + +Daniel (30 May 2001) +- Made libcurl by default act as if CURLOPT_MUTE and CURLOPT_NOPROGRESS were + set TRUE. Set them to FALSE to make libcurl more talkative. The *_MUTE + option is subject for complete removal... + +Version 7.8-pre2 + +Daniel (30 May 2001) +- Cris Bailiff wrote a makefile for building Solaris packages. + +- Sterling Hughes brought fixes for 'buildconf' (the build-from-CVS tool) and + we discussed and added a few CURL_GLOBAL_* flags in include/curl.h + +- Kjetil Jacobsen privately announced his python interface to libcurl, + available at http://pycurl.sourceforge.net/ + +Daniel (29 May 2001) +- Sterling Hughes fixed a strtok() problem in libcurl. It is not a thread- + safe function. Now configure checks for a thread-safe version, and + lib/strtok.c offers one for the systems that don't come with one included! + +- Mettgut Jamalla correctly pointed out that the -# progress bar was written + to stderr even though --stderr redirection was used. This is now corrected. + +- I moved out the list of contributors from the curl.1 man page and made a + separate docs/THANKS file. It makes the list easier to find, and made it + easier for me to make a separate web page with that same information. + + I really do want all you guys mentioned in there to feel you get the credit + you deserve. + +- lib/easy.c didn't compile properly in the 7.8-pre1 due to a silly mistake + +Version 7.8-pre1 + +Daniel (28 May 2001) +- curl-config now supports '--vernum' that outputs a plain hexadecimal version + of the libcurl version number (using 8 bits for each 3 numbers). Version + 7.7.4 appears as 070704 + +- Wrote man pages for curl_global_init and curl_global_cleanup... + +- T. Bharath brought news about the usage of the OpenSSL interface that was + not previously taken into consideration and thus caused libcurl to leak + memory. The only somewhat sane approach to fix this dilemma, is adding two + two new functions curl_global_init() and curl_global_cleanup() that should + be called *ONCE* by the application using libcurl. The init should be done + only at startup, no matter how many threads the application is gonna use, + and the cleanup should be called when the application has finished using + libcurl completely. + + *** UPGRADE NOTICE *** + + If you write applications using libcurl, you really want to use the two + functions mentioned above !!! + + I can't say I think this is a very beautiful solution, but as OpenSSL + insists on making lots of stuff on a "global" scope, we're forced to walk + the path they point us to. + +- Moving more test cases into the new file format. + +Version 7.7.4-pre3 + +Daniel (23 May 2001) +- Introduced a new file format for storing test cases, and thus I had to + modify all the perl test scripts and more (I added a new one). I have not + "ported" all the old test cases to the new format yet, but it'll come. + + The main advantage of this new format is that all test data for each test + case is stored in a single file. It gives a better overview for each test + case and a lot less files. + +- Andrés García brought a fix for the netscape/mozilla cookie file parsing + function, as it turns out it doesn't always store the path! + +Daniel (22 May 2001) +- As was reported anonymously, when FAILONERROR was used, the httpcode was + not stored properly and thus wasn't possibly to read after a transfer with + the curl_easy_getinfo() function. This is now corrected. + +- Installed and made use of the following tool versions: + autoconf 2.50 + libtool 1.4 + automake 1.4-p1 + + I wouldn't recommend any developer to try to generate things with older + versions than these. Building from CVS will probably more or less require + at least these versions. + + As a result of this, the configure script grew to more than double its + previous size! + + Arkadiusz Miskiewicz helped me by pointing out I had to remove my + acinclude.m4 file before I could get it working! + +Daniel (21 May 2001) +- I made ftps:// work. Added test case 400 to the release archive, as the + first ftps:// test case. Requires stunnel. + +- Also made the test cases that runs ssl tests not run if libcurl isn't built + with ssl support. + +Daniel (19 May 2001) +- Made the configure not add any extra -L LDFLAGS or -I CPPFLAGS unless they + are actually needed. Albert Chin's and Domenico Andreoli's suggestions + helped out. + +Version 7.7.4-pre2 + +Daniel (18 May 2001) +- Nicer configure-check for the OpenSSL headers, which then sets the proper + variable to have curl-config be good. (Albert Chin provided the fix) + +- For systems that don't have theiw own 'strlcat()' libcurl provides its own. + It was now renamed to prevent collides with other libs. (After discussions + with Sterling Hughes and the implications this had on PHP builds.) + +Daniel (17 May 2001) +- Colm Buckley posted a detailed bug report on (the debianized) 7.7.3, that + turned out to be a problem with the debian-built 7.7.3-package that + contained files from the 7.7.2 release! + +- I added the CURLE_ALREADY_COMPLETE again, but with a fake value, just to + make programs that use it, not fail when compiling against this version of + libcurl. + +Daniel (14 May 2001) +- Pawel A. Gajda fixed a problem with resumed transfers on re-used persistent + connections. + +Version 7.7.4-pre1 + +Daniel (14 May 2001) +- Jun-ichiro itojun Hagino fixed FTP PORT for IPv6-enabled libcurl. + +- Added the first HTTPS test to the test suite in the release archive. + +Daniel (12 May 2001) +- Jukka Pihl suggested that if (lib)curl is told to verify the peer's + certificate and the peer can't be verified, it should fail and return a + proper error code. I added a brand new error code named + CURLE_SSL_PEER_CERTIFICATE for this purpose. + +Daniel (11 May 2001) +- As was discussed with Frederic Lepied a while ago, I now made libcurl not + return error even though no data was transfered on upload/download resume + when the no transfer is needed. The CURLE_ALREADY_COMPLETE error was removed + from the header file to make any implemenator that uses that to be aware of + the fact that it can't be returned anymore! + +- Improved general header-parsing to better allow white spaces and more. + +- Rodney Simmons proved the fix I did yesterday was bad and I had to post + another one. + +- Ingo Wilken patched away two redirect problems more! + +Daniel (10 May 2001) +- Cris Bailiff correctly noted that the space-after-header problem with + Location: is present on several other places in the libcurl sources. + +- Ingo Wilken patched away a problem libcurl had when following Location: + headers with an extra space after the colon. + +- Rodney Simmons found out that multiple FTP transfers did not treat relative + directories correctly. + +Daniel (9 May 2001) +- Getting an FTP file with CURLOPT_NOBODY set (or -I from the command line), + makes curl use the non-standard ftp command "SIZE". If it failed, libcurl + returned error. Starting now, it just don't output the file size instead. + Anonymous bug report. + +- stunnel.pm was accidentally left out from the release archive, it is now + added (stunnel is needed to run the https-tests in the test suite) + +Daniel (7 May 2001) +- Corrected two minor compiler warnings due to the FILE * to void * conversion + that I missed at two places. Jörn Hartroth brought me patches. Sander Gates + filed a bug report on this. + +Version 7.7.3 + +Daniel (4 May 2001) +- All callback functions now take 'void *' instead of 'FILE *'. This is made + this way to make it more obvious to people that anything can be passed to + them (by using the apropriate option). After discussions with Sterling + Hughes. + +Daniel (3 May 2001) +- Cris Bailiff fixed a chunked transfer encoding problem with persistent + connection that made libcurl fail if the persistent connection used mixed + chunked and non-chunked transfers. + +- Cris Bailiff fixed a bad treatment of 304-replies, as they would not be + treated as content-length 0 replies but would cause a "hang" until the + server timed-out and closed the connection. + +- Brad Burdick found a minor problem in the docs/examples/Makefile.am + +Daniel (27 April 2001) +- Updated the INTERALS document again. It was lagging a bit. I think I made it + more easy to follow now as well. + +- Brad Burdick found a problem with persistent connections when curl received + a "Content-Length: 0" header. + +- Giuseppe D'Ambrosio was first out to report that TELNET doesn't work in curl + compiled/built on win32. It seems to work for unixes though! + +- Dave Hamilton reported weird problems with CURL/PHP that I really can't + explain at the moment. I'm hoping on some help from the PHP crew. + +Daniel (26 April 2001) +- I rewrote the FTP command response function. I had to do it to make ftps + work, as the OpenSSL read()-function didn't work the same way the normal + unix read() does, but it was also a huge performance boost. Previously the + function read one byte at a time, now it reads very large chunks, and it + makes a notable speed difference. + +Daniel (25 April 2001) +- Connection re-use when not using a proxy didn't work properly for + non-default port numbers. + +Daniel (24 April 2001) +- I've noticed that FTPS doesn't work. We attempt to use ssl even for the + data transfer, which causes the transfer to 'hang'... We need to fix this. + +- Improved the test suite to use 'stunnel' to do HTTPS and FTPS testing on + the alredy written perl servers easily. + +Daniel (23 April 2001) +- The OpenSSL version string recently modified didn't zero terminate one + of the generated strings properly, which could lead to a crash or simply + weird version string output! + +Version 7.7.2 + +Daniel (22 April 2001) +- Rosimildo da Silva updated the Makefiles for Borland/Windows. + +- Eric Rautman pointed out a problem with persistent connections that would + lead to broken Host: headers in the second HTTP request. + +Daniel (20 April 2001) +- Added man pages for the curl_strequal() and curl_mprintf() families. Wrote + a 'libcurl overview' man page. + +- Spell-fixed some documents. + +- S. Moonesamy corrected mistakes in the man page. + +- Cris Bailiff fixed the curl_slists options in the perl interface, present + separately in the Curl::easy 1.1.4 package. + +Daniel (19 April 2001) +- Linus Nielsen Feltzing removed the decimals from the size variables in the + --write-out output. We hardly ever get fraction of bytes! :-) + +Version 7.7.2-pre1 + +Daniel (19 April 2001) + +- Albert Chin provided a configure patch for the AC_SYS_LARGEFILE macro. + +Daniel (18 April 2001) +- Input from Michael Mealling made me add --feature to curl-config. It + displays a list of features that have been built-in in the current + libcurl. The currently available features that can be listed are: SSL, KRB4 + and IPv6. + +- I committed Cris and Georg's perl interface work. They've got callbacks + working and options that receives those slist pointers. + +- Puneet Pawaia detected a problem with resumed downloads that use persistent + connections and I made a rather large writeup to correct this. It is + important that all session-data is stored in the connectdata struct and not + in the main struct as this previously did. + +Daniel (17 April 2001) +- Frederic Lepied fixed a ftp resumed download problem and introduced a new + error code that lets applications be able to detect when a resumed download + actually didn't download anything since the whole file is already present. + Should this return OK instead? + +- I added 'curl-config.in' to the root dir and configure script. Now, a + curl-config script is made when curl is built. The script can be used to + figure out compile time options used when libcurl was built, which in turn + should be options YOU should use to build applications that use libcurl. + + This *-config style is not a new idea, but something that has been used + successfully in other (library based) projects. + +- Phil Karn pointed out that libcurl wrongly did not always use GMT time zone + for the If-Modified-Since style headers. + +- Georg Schwarz pointed out an extra needed #include file needed in src/main.c + for curl to build on Ultrix. + +Daniel (11 April 2001) +- Cris Bailiff pointed out two problems that I corrected. First, libcurl's use + of the environment variable HTTP_PROXY in uppercase may become a security + hazard when people use libcurl in a server/cgi situation where the server + sets the HTTP_*-variables according to incoming headers in the HTTP + request. Thus, a "Proxy:"-header would set that environment variable! + + Then, invoking curl_easy_perform() without having an URL set caused a crash. + +- S. Moonesamy brought a patch that make curl use non-blocking connects on + windows when connection timeout is set, as it allows windows users to set + that timeout! + +- Hirotaka Matsuyuki wrote a Ruby interface to libcurl! + +- Cris Bailiff, Forrest Cahoon and Georg Horn work on the Perl interface. + +- I've written a first shot at a Java interface to libcurl. Many thanks to + Daniel Marell for tirelessly answering to all my basic Java questions. It + works, but it is still very basic. + +Daniel (10 April 2001) +- The progress display could get silly when doing multiple file transfers, as + it wasn't properly reset between transfers! + +- Discussions with Cris Bailiff who writes a Perl interface to libcurl, made + me add CURLOPT_HEADERFUNCTION. It can be used to set a separate callback + function for writing headers. Previously you could only set a different FILE + * when headers are written from within libcurl. + +Daniel (7 April 2001) +- Andrés García fixed a problem in curl_escape() and pointed out a flaw in + the curl_easy_setopt man page. + +Daniel (6 April 2001) +- Adjusted the version code to properly display OpenSSL 0.9.6a. They sure + change their version define format often... + +- curl_formfree() now accepts a NULL pointer without crashing! + +Version 7.7.1 + +Daniel (3 April 2001) +- Puneet Pawaia pointed out two serious problems. Libcurl would attempt to + read bad memory during situations when an (ftp) connection attempt failed. + Also, the lib/Makefile.vc6 was corrected. + +- More investigations in the Location: following code made me realize that + it was not clean enough to work transparantly with persistent and non- + persistent connections. I think I've fixed it now. + +Daniel (29 March 2001) +- Georg Horn mailed me some corrections for the Curl::easy perl interface. + +- Experimental ftps:// support added. It is basically FTP over SSL for the + control connection. It still makes all data transfers going over unencrypted + connections. Rainer Weikusat's ftpd-ssl server hack supports this and I used + that to verify the functionality. + +Daniel (27 March 2001) +- Guenole Bescon discovered that if you set a CURLOPT_TIMEOUT and then tried + to get a file from a site and it fails, the SIGALRM would still be sent + after the timeout-time, quite inexpectedly! + +- I added an ftp transfer example to docs/examples/ and I also wrote a tiny + example makefile that can be used as a start when building one of the + examples. + +Version 7.7.1-beta1 + +Daniel (26 March 2001) +- Mohamed Lrhazi reported problems with 7.6.1 and persistent HTTP/1.0 + connections (when the server replied a Connection: Keep-Alive) and this + problem was not properly dealt with in 7.7 either. A patch was posted to the + curl-and-php mailing list. + +Daniel (24 March 2001) +- Colin Watson reported about a problem and brought a patch that corrected it, + which was about the man page and lines starting with a single quote (') in a + way that gnroff doesn't like. + +Daniel (23 March 2001) +- Peter Bray reported correctly that the root makefile used make instead of + $(MAKE) for the test target. + +- Corrected the Curl::easy perl interface to use curl_easy_setopt() and not + curl_setopt() which was removed in 7.7! + +- S. Moonesamy provided updates on three documents (MANUAL, INSTALL and FAQ). + +- When following a Location:, libcurl would sometimes write to the URL string + in a way it shouldn't. As the pointer is passed-in to libcurl from an + application, we can't be allowed to write to it. The particular bug report + from 'nk' that brought this up was because he had a read-only URL that then + caused a libcurl crash! + +- No longer reads HEAD responses longer than to the last header. Previously, + curl would read the full reply if the connection was a "close" one. + +- libcurl did re-use connections way too much. Doing "curl + http://www.{microsoft,ibm}.com" would make it re-use the connection which + made the second request return very odd results. + +Daniel (22 March 2001) +- Edin Kadribasic made me aware that curl should not re-send POST requests + when following 302-redirects. I made 302 work like 303 which means curl uses + GET in the following request(s). + +- libcurl now reset the "followed-location" counter on each invoke of + curl_easy_perform() as it otherwise would sum up all redirects on the same + connection and thus could reach the maxredirs counter wrongly. + +- Jim Drash suggested curl_escape() should not re-encode what already looks + like an encoded sequence and I think that's a fair suggestion. + +Version 7.7 + +Daniel (22 March 2001) +- The configure script now fails with an error message if gethostbyname_r() is + detected but it couldn't figure out how to invoke it (what amount of + arguments it is supposed to get). Reports from Andrés García made me aware + of this need. + +- Talking with Jim Drash made me finally put the curl_escape and curl_unescape + functions in the curl.h include file and write man pages for them. The + escape function was modified to use the same interface as the unescape one + had. + +- No bug reports at all on the latest betas. Release time coming up. + +Version 7.7-beta5 + +Daniel (19 March 2001) +- Georg Ottinger reported problems with using -C together with -L in the sense + that the -C info got lost when it was redirected. I could not repeat this + problem on the 7.7 branch why I leave this for the moment. Test case 39 was + added to do exactly this, and it seems to do right. + +- Christian Robottom Reis reported how his 7.7 beta didn't successfully do + form posts as elegantly as 7.6.1 did. Indeed, this was a flaw in the header + engine, as HTTP 1.1 has introduced a new 100 "transient" return code for PUT + and POST operations that I need to add support for. Section 8.2.3 in RFC2616 + has all the details. Seems to work now! + +Daniel (16 March 2001) +- After having experienced another machine break-down, we're back. + +- Georg Horn's perl interface Curl::easy is now included in the curl release + archive. The perl/ directory is now present. Please help me with docs, + examples and updates you think fit. + +- Made a new php/ directory in the release archive and moved the PHP examples + into a subdirectory in there. Not much PHP info yet, but I plan to. Please + help me here as well! + +- Made libcurl return error if a transfer is aborted in the middle of a + "chunk". It actually enables libcurl to discover premature transfer aborts + even if the Content-Length: size is unknown. + +Daniel (15 March 2001) +- Added --connect-timeout to curl, which sets the new CURLOPT_CONNECTTIMEOUT + option in libcurl. It limits the time curl is allowed to spend in the + connection phase. This differs from -m/--max-time that limits the entire + file transfer operation. Requested by Larry Fahnoe and others. + + I also updated the curl.1 and curl_easy_setopt.3 man pages and removed the + item from the TODO. + +Version 7.7-beta4 + +Daniel (14 March 2001) +- Made curl grok IPv6 with HTTP proxies and got everything to compile nicely + again when ENABLE_IPV6 is set. + + I need to remake things in the test suite. I can't test the FTP parts with + curl built for IPv6 as it uses a different set of FTP commands then! + +- I fell onto a bug report on php.net (posted by Lars Torben Wilson) that was + a report meant for our project. Anyway, it said the .netrc parsing didn't + work as supposed, and as I agreed with Lars, I made the netrc parser use + getpwuid() to figure out the home directory of the effective user and try + that netrc. It still uses the environment variable HOME for those that don't + have that function or if the user doesn't return valid pwd info. + +- Edin Kadribaic posted a bug report where he got a crash when a fetch with + user+password in the URL followed a Location: to a second URL (absolute, + without name+password). This bug has been around for a long while and + crashes due to a read at address zero. Fixed now. Wrote test case 38, that + tests this. + +- Modified the test suite's httpserver slightly to append all client request + data to its log file so that the test script now better can verify a range + of requests and not only the last one, as it did previously. + +- Updated the curl man page with --random-file and --egd-file details. + +Version 7.7-beta3 + +Daniel (14 March 2001) +- Björn Stenberg provided similar fixes as Jörn did and some additional patches + for non-SSL compiles. + +- I increased the interface number for libcurl as I've removed the low level + functions from the interface. I also took this opportunity to rename the + Curl_strequal function to curl_strequal and Curl_strnequal to + curl_strnequal, as they're public libcurl functions (even if they're still + undocumented). + + This will make older programs not capable of using the new libcurl with + just a drop-in replacement. + +- Jörn Hartroth updated stuff for win32 compiles: + o config-win32.h was fixed for socklen_t + o lib/ssluse.c had a bad #endif placement + o lib/file.c was made to compile on win32 again + o lib/Makefile.m32 was updated with the new files + o lib/libcurl.def matches the current interface state + +Daniel (13 March 2001) +- It only took an hour or so before Jörn Hartroth found a problem in the + chunked transfer-encoding. Given his fine example-site, I could easily spot + the problem and when I re-read the spec (the part I have pasted in the top + of the http_chunks.h file), I realized I had made my state-machine slightly + wrong and didn't expect/handle the trailing CRLF that comes after the data + in each chunk (and those extra two bytes sure feel wasted). + + Had to modify test case 34 to match this as well. + +Version 7.7-beta2 + +Daniel (13 March 2001) +- Added the policy stuff to the curl_easy_setopt man page for the two supported + policies. + +- Implemented some support for the CURLOPT_CLOSEPOLICY option. The policies + CURLCLOSEPOLICY_LEAST_RECENTLY_USED and CURLCLOSEPOLICY_OLDEST are now + supported, and the "least recently used" is used as default if no policy + is chosen. + +Daniel (12 March 2001) +- Added CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET to libcurl for seeding the + SSL random engine. The random seeding support was also brought to the curl + client with the new options --random-file <file> and --egd-file <file>. I + need some people to really test this to know they work as supposed. Remember + that libcurl now informs (if verbose is on) if the random seed is considered + weak (HTTPS connections). + +- Made the chunked transfer-encoding engine detected bad formatted data length + and return error if so (we can't possibly extract sensible data if this is + the case). Added a test case that detects this. Number 36. Now there are 60 + test cases. + +- Added 5 new libcurl options to curl/curl.h that can be used to control the + persistent connection support in libcurl. They're also documented (fairly + thoroughly) in the curl_easy_setopt.3 man page. Three of them are now + implemented, although not really tested at this point... Anyway, the new + implemented options are named CURLOPT_MAXCONNECTS, CURLOPT_FRESH_CONNECT, + CURLOPT_FORBID_REUSE. The ones still left to write code for are: + CURLOPT_CLOSEPOLICY and its related option CURLOPT_CLOSEFUNCTION. + +- Made curl (the actual command line tool) use the new libcurl 7.7 persistent + connection support by re-using the same curl handle for every specified file + transfer and after some more test case tweaking we have 100% test case OK. + I made some test cases return HTTP/1.0 now to make sure that works as well. + +- Had to add 'Connection: close' to the headers of a bunch of test cases so + that curl behaves "old-style" since the test http server doesn't do multiple + connections... Now I get 100% test case OK. + +- The curl.haxx.se site, the main curl mailing list and my personal email are + all dead today due to power blackout in the area where the main servers are + located. Horrible. + +- I've made persistance work over a squid HTTP proxy. I find it disturbing + that it uses headers that aren't present in any HTTP standard though + (Proxy-Connection:) and that makes me feel that I'm now on the edge of what + the standard actually defines. I need to get this code excercised on a lot + of different HTTP proxies before I feel safe. + + Now I'm facing the problem with my test suite servers (both FTP and HTTP) + not supporting persistent connections and libcurl is doing them now. I have + to fix the test servers to get all the test cases do OK. + +Daniel (8 March 2001) +- Guenole Bescon reported that libcurl did output errors to stderr even if + MUTE and NOPROGRESS was set. It turned out to be a bug and happens if + there's an error and no ERRORBUFFER is set. This is now corrected. + +Version 7.7-beta1 + +Daniel (8 March 2001) +- "Transfer-Encoding: chunked" is no longer any trouble for libcurl. I've + added two source files and I've run some test downloads that look fine. + +- HTTP HEAD works too, even on 1.1 servers. + +Daniel (5 March 2001) +- The current 57 test cases now pass OK. It would suggest that libcurl works + using the old-style with one connection per handle. The test suite doesn't + handle multiple connections yet so there are no test cases for this. + +- I patched the telnet.c heavily to not use any global variables anymore. It + should make it a lot nicer library-wise. + +- The file:// support was modified slightly to use the internal connect-first- + then-do approach. + +Daniel (4 March 2001) +- More bugs erased. + +Version 7.7-alpha2 + +Daniel (4 March 2001) +- Now, there's even a basic check that a re-used connection is still alive + before it is assumed so. A few first tests have proven that libcurl will + then re-connect instead of re-use the dead connection! + +Daniel (2 March 2001) +- Now they work intermixed as well. Major coolness! + +- More fiddling around, my 'tiny' client I have for testing purposes now has + proved to download both FTP and HTTP with persistent connections. They do + not work intermixed yet though. + +Daniel (1 March 2001) +- Wilfredo Sanchez pointed out a minor spelling mistake in a man page and that + curl_slist_append() should take a const char * as second argument. It does + now. + +Daniel (22 February 2001) +- The persistent connections start to look good for HTTP. On a subsequent + request, it seems that libcurl now can pick an already existing connection + if a suitable one exists, or it opens a new one. + +- Douglas R. Horner mailed me corrections to the curl_formparse() man page + that I applied. + +Daniel (20 February 2001) +- Added the docs/examples/win32sockets.c file for our windows friends. + +- Linus Nielsen Feltzing provided brand new TELNET functionality and + improvements: + + * Negotiation is now passive. Curl does not negotiate until the peer does. + * Possibility to set negotiation options on the command line, currently only + XDISPLOC, TTYPE and NEW_ENVIRON (called NEW_ENV). + * Now sends the USER environment variable if the -u switch is used. + * Use -t to set telnet options (Linus even updated the man page, awesome!) + +- Haven't done this big changes to curl for a while. Moved around a lot of + struct fields and stuff to make multiple connections get connection specific + data in separate structs so that they can co-exist in a nice way. See the + mailing lists for discussions around how this is gonna be implemented. Docs + and more will follow. + + Studied the HTTP RFC to find out better how persistent connections should + work. Seems cool enough. + +Daniel (19 February 2001) +- Bob Schader brought me two files that help set up a MS VC++ libcurl project + easier. He also provided me with an up-to-date libcurl.def file. + +- I moved a bunch of prototypes from the public <curl/curl.h> file to the + library private urldata.h. This is because of the upcoming changes. The + low level interface is no longer being planned to become reality. + +Daniel (15 February 2001) +- CURLOPT_POST is not required anymore. Just setting the POST string with + CURLOPT_POSTFIELDS will switch on the HTTP POST. Most other things in + libcurl already works this way, i.e they require only the parameter to + switch on a feature so I think this works well with the rest. Setting a NULL + string switches off the POST again. + +- Excellent suggestions from Rich Gray, Rick Jones, Johan Nilsson and Bjorn + Reese helped me define a way how to incorporate persistent connections into + libcurl in a very smooth way. If done right, no change may have to be made + to older programs and they will just start using persistent connections when + applicable! + +Daniel (13 February 2001) +- Changed the word 'timeouted' to 'timed out' in two different error messages. + Suggested by Larry Fahnoe. + +Version 7.6.1 + +Daniel (9 February 2001) +- Frank Reid and Cain Hopwood provided information and research around a HTTPS + PUT/upload problem we seem to have. No solution found yet. + +Daniel (8 February 2001) +- An interesting discussion is how to specify an empty password without having + curl ask for it interactively? The current implmentation takes an empty + password as a request for a password prompt. However, I still want to + support a blank user field. Thus, today if you enter "-u :" (without user + and password) curl will prompt for the password. Tricky. How would you + specify you want the prompt otherwise? + +- Made the netrc parse result possible to use for other protocols than FTP and + HTTP (such as the upcoming TELNET fixes). + +- The previously mentioned "MSVC++ problems" turned out to be a non-issue. + +- Added a HTTP file upload code example in the docs/examples/ section on + request. + +- Adjusted the FTP response fix slightly. + +Version 7.6.1-pre3 + +Daniel (7 February 2001) +- S. Moonesamy found a flaw in the response reading function for FTP that + could make libcurl not get out of the loop properly when it should, if + libcurl got -1 returned when reading the socket. + +- I found a similar mistake in http.c when using a proxy and reading the + results from the proxy connection. + +Daniel (6 February 2001) +- S. Moonesamy pointed out that the VC makefile in src/ needed the libpath set + for the debug build to work. + +- Daniel Gehriger stepped in to assist with the VC++ stuff Robert Weaver + brought up yesterday. + +Daniel (5 February 2001) +- Jun-ichiro itojun Hagino brought a big patch that brings IPv6-awareness to + a bunch of different areas within libcurl. + +- Robert Weaver told me about the problems the MS VC++ 6.0 compiler has with + the 'static' keyword on a number of libcurl functions. I might need to add a + patch that redefines static when libcurl is compiled with that compiler. + How do I know when VC++ compiles, anyone? + +Daniel (4 February 2001) +- curl_getinfo() was extended with two new options: + CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD. They + return the full assumed content length of the transfer in the given + direction. The CURLINFO_CONTENT_LENGTH_DOWNLOAD will be the Content-Length: + size of a HTTP download. Added descriptions to the man page as well. This + was done after discussions with Bob Schader. + +Daniel (3 February 2001) +- Ingo Ralf Blum provided another fix that makes curl build under the more + recent cygwin installations. It seems they've changed the preset defines to + not include WIN32 anymore. + +Version 7.6.1-pre2 + +Daniel (31 January 2001) +- Curl_read() and curl_read() now return a ssize_t for the size, as it had to + be able to return -1. The telnet support crashed due to this and there was a + possibility to weird behavior all over. Linus Nielsen Feltzing helped me + find this. + +- Added a configure.in check for a working getaddrinfo() if IPv6 is requested. + I also made the configure script feature --enable-debug which sets a couple + of compiler options when used. It assumes gcc. + +Daniel (30 January 2001) +- I finally took a stab at the long-term FIXME item I've had on myself, and + now libcurl will properly work when doing a HTTP range-request that follows + a Location:. Previously that would make libcurl fail saying that the server + doesn't seem to support range requests. + +Daniel (29 January 2001) +- I added a test case for the HTTP PUT resume thing (test case 33). + +Version 7.6.1-pre1 + +Daniel (29 January 2001) +- Yet another Content-Range change. Ok now? Bob Schader checks from his end + and it works for him. + +Daniel (27 January 2001) +- So the HTTP PUT resume fix wasn't good. There should appearantly be a + Content-Range header when resuming a PUT. + +- I noticed I broke the download-check that verifies that a resumed HTTP + download is actually resumed. It got broke because my new 'httpreq' field + in the main curl struct. I should get slapped. I added a test case for + this now, so I won't be able to ruin this again without noticing. + +- Added a test case for content-length verifying when downloading HTTP. + +- Made the progress meter title say if the transfer is being transfered. It + makes the output slightly better for resumes. + +- When dealing with Location: and HTTP return codes, libcurl will not attempt + to follow the spirit of RFC2616 better. It means that when POSTing to a + URL that is being following to a second place, the standard will judge on + what to do. All HTTP codes except 303 and 305 will cause curl to make a + second POST operation. 303 will make a GET and 305 is not yet supported. + + I also wrote two test cases for this POST/GET/Location stuff. + +Version 7.6 + +Daniel (26 January 2001) +- Lots of mails back and forth with Bob Schader finally made me add a small + piece of code in the HTTP engine so that HTTP upload resume works. You can + now do an operation like 'curl -T file -C <offset> <URL>' and curl will PUT + the ending part of the file starting at given offet to the specified URL. + +Version 7.6-pre4 + +Daniel (25 January 2001) +- I took hold of Rick Jones' question why we don't use recv() and send() for + reading/writing to the sockets and I've now modified the sread() and + swrite() macros to use them instead. If nothing else, they could be tested + in the next beta-round coming right up. + +- Jeff Morrow found a problem with libcurl's usage of SSL_read() and supplied + his research results in how to fix this. It turns out we have to invoke the + function several times in some cases. The same goes for the SSL_write(). + + I made some rather drastic changes all over libcurl to make all writes and + reads get done on one single place so that this repeated-attempts thing + would only have to be implemented at one point. + +- Rick Jones spotted that the 'total time' counter really didn't measure the + total time very accurate on subsecond levels. + +- Johan Nilsson pointed out the need to more clearly specify that the timeout + value you set for a download is for the *entire* download. There's currently + no option available that sets a timeout for the connection phase only. + +Daniel (24 January 2001) +- Ingo Ralf Blum submitted a series of patches required to get curl to compile + properly with cygwin. + +- Robert Weaver posted a fix for the win32 section of the curl_getenv() code + that corrected a potential memory leak. + +- Added comments in a few files in a sudden attempt to make the sources more + easy to read and understand! + +Daniel (23 January 2001) +- Added simple IPv6 detection in the configure script and made the version + string add 'ipv6' to the enable section in that case. ENABLE_IPV6 will be + set if curl is compiled with IPv6 support enabled. + +- Added a parser for IPv6-style specified IP-addresses in a URL. Thus, when + IPv6 gets enabled soon, we can use URLs like '[0::1]:80'... + +- Made the URL globbing in the client possible to fail silently if there's an + error in the globbing. It makes it almost intuitive, so when you don't + follow the syntax rules, globbing is simply switched off and the raw string + is used instead. + + I still think we'll get problems with IPv6-style IP-addresses when we *want* + globbing on parts of the URL as the initial part of the URL will for sure + seriously confuse the globber. + +Daniel (22 January 2001) +- Björn Stenberg supplied a progress meter patch that makes it look better even + during slow starts. Previously it made some silly assumptions... + +- Added two FTP tests for -Q and -Q - stuff since it was being discussed on + the mailing list. Had to correct the ftpserver.pl too as it bugged slightly. + +Daniel (19 January 2001) +- Made the Location: parsers deal with any-length URLs. Thus I removed the last + code that restricts the length of URLs that curl supports. + +- Added a --globoff test case (#28) and it quickly identified a memory problem + in src/main.c that I took care of. + +Version 7.6-pre3 + +Daniel (17 January 2001) +- Made the two former files lib/download.c and lib/highlevel.c become the new + lib/transfer.c which makes more sense. I also did the rename from Transfer() + to Curl_Transfer() in the other source files that use the transfer function + in the spirit of using Curl_ prefix for library-scoped global symbols. + +Daniel (11 January 2001) +- Added -g/--globoff that switches OFF the URL globbing and thus enables {}[] + letters to be part of the URL. Do note that RFC2396 section 2.4.3 explicitly + mention these letters to be escaped. This was posted as a feature request by + Jorge Gutierrez and as a bug by Terry. + +- Short options to curl that requires parameters can now be specified without + having the option and its parameter space separated. -ofile works as good as + -o file. -m20 is equal to -m 20. Do note that this goes for single-letter + options only, verbose --long-style options still must be separated with + space from their parameters. + +Daniel (8 January 2001) +- Francis Dagenais reported that the SCO compiler still fails when compiling + curl due to that getpass_r() prototype. I've now put it around #ifndef + HAVE_GETPASS_R in an attempt to please the SCO systems. + +- Made some minor corrections to get the client to cleanup properly and I made + the separator work again when getting multiple globbed URLs to stdout. + +- Worked with Loic Dachary to get the make dist and make distcheck work + correctly. The 'maketgz' script is now using the automake generated 'make + dist' when creating release archives. Loic successfully made 'make rpms' + automatically build RPMs! + +Loic Dachary (6 January 2001) +- Automated generation of rpm packages, no need to be root. + +- make distcheck generates a proper distribution (EXTRA_DIST + in all Makefile.am modified to match FILES). + +Daniel (5 January 2001) +- Huge client-side hack: now multiple URLs are supported. Any number of URLs + can be specified on the command line, and they'll all be downloaded. There + must be a corresponding -o or -O for each URL or the data will be written to + stdout. This needs more testing, time to release a 7.6-pre package. + +- The krb4 support was broken in the release. Fixed now. + +- Huge internal symbol rename operation. All non-static but still lib-internal + symbols should now be prefixed with 'Curl_' to prevent collisions with other + libs. All public symbols should be prefixed with 'curl_' and the rest should + be static and thus invisible to the outside world. I updated the INTERNALS + document to say this as well. + +Version 7.5.2 + +Daniel (4 January 2001) +- As Kevin P Roth suggested, I've added text to the man page for every command + line option and what happens when you specify that option more than + once. That hasn't been exactly crystal clear before. + +- Made the configure script possible to run from outside the source-tree. For + odd reasons I can't build curl properly outside though. It has to do with + curl's dependencies on libcurl... + +- Cut off all older (dated 1999 and earlier) CHANGES entries from this file. + The older piece is named CHANGES.0 and is added to the CVS repository in + case anyone would need it. + +- I added another file 'CVS-INFO' to the CVS. It contains information about + files in the CVS that aren't included in release archives and how to build + curl when you get the sources off CVS. + +- Updated CONTRIBUTE and FAQ due to the new license. + +Daniel (3 January 2001) +- Renamed README.libcurl to LIBCURL + +- Changed headers in all sources files to the new dual license concept of + curl: use the MIT/X derivate license *or* MPL. The LEGAL file was updated + accordingly and the MPL 1.1 and MIT/X derivate licenses are now part of the + release archive. +Daniel (30 December 2000) +- Made all FTP commands get sent with the trailing CRLF in one single write() + as splitting them up seems to confuse at least some firewalls (FW-1 being + one major). + +Daniel (19 December 2000) +- Added file desrciptor and FILE handle leak detection to the memdebug system + and thus I found and removed a file descriptor leakage in the ftp parts + that happened when you did PORTed downloads. + +- Added an include <stdio.h> in <curl/curl.h> since it uses FILE *. + +Daniel (12 December 2000) +- Multiple URL downloads with -O was still bugging. Not anymore I think or + hope, or at least I've tried... :-O + +- Francois Petitjean fixed another -O problem + +Version 7.5.1 + +Daniel (11 December 2000) +- Cleaned up a few of the makefiles to use unix-style newlines only. As Kevin + P Roth found out, at least one CVS client behaved wrongly when it found + different newline conventions within the same file. + +- Albert Chin-A-Young corrected the LDFLAGS use in the configure script for + the SSL stuff. + +Daniel (6 December 2000) +- Massimo Squillace correctly described how libcurl could use session ids when + doing SSL connections. + +- James Griffiths found out that curl would crash if the file you specify with + -o is shorter than the URL! This took some hours to fully hunt down, but it + is fixed now. + +Daniel (5 December 2000) +- Jaepil Kim sent us makefiles that build curl using the free windows borland + compiler. The root makefile now accepts 'make borland' to build curl with + that compiler. + +- Stefan Radman pointed out that the test makefiles didn't use the PERL + variable that the configure scripts figure out. Actually, you still need + perl in the path for the test suite to run ok. + +- Rich Gray found numerous portability problems: + * The SCO compiler got an error on the getpass_r() prototype in getpass.h + since the curl one differed from the SCO one + * The HPUX compiler got an error because of how curl did the sigaction + stuff and used a define HPUX doesn't have (or need). + * A few more problems remain to be researched. + +- Paul Harrington experienced a core dump using https. Not much details yet. + +Daniel (4 December 2000) +- Jörn Hartroth fixed a problem with multiple URLs and -o/-O. + +Version 7.5 + +Daniel (1 December 2000) +- Craig Davison gave us his updates on the VC++ makefiles, so now curl should + build fine with the Microsoft compiler on windows too. + +- Fixed the libcurl versioning so that we don't ruin old programs when + releasing new shared library interfaces. + +Daniel (30 November 2000) +- Renamed docs/README.curl to docs/MANUAL to better reflect what the document + actually contains. + +Daniel (29 November 2000) +- I removed a bunch of '#if 0' sections from the code. They only make things + harder to follow. After all, we do have all older versions in the CVS. + +Version 7.5-pre5 + +Daniel (28 November 2000) +- I filled in more error codes in the man page error code list that had been + lagging. + +- James Griffiths mailed me a fine patch that introduces the CURLOPT_MAXREDIRS + libcurl option. When used, it'll prevent location following more than the + set number of times. It is useful to break out of endless redirect-loops. + +Daniel (27 November 2000) +- Added two test cases for file://. + +Daniel (22 November 2000) +- Added the libcurl CURLOPT_FILETIME setopt, when set it tries to get the + modified time of the remote document. This is a special option since it + involves an extra set of commands on FTP servers. (Using the MDTM command + which is not in the RFC959) + + curl_easy_getinfo() got a corresponding CURLINFO_FILETIME to get the time + after a transfer. It'll return a zero if CURLOPT_FILETIME wasn't used or if + the time wasn't possible to get. + + --head/-I used on a FTP server will now present a 'Last-Modified:' header + if curl could get the time of the specified file. + +- Added the option '--cacert [file]' to curl, which allows a specified PEM + file to be used to verify the peer's certificate when doing HTTPS + connections. This has been requested, rather recently by Hulka Bohuslav but + others have asked for it before as well. + +Daniel (21 November 2000) +- Numerous fixes the test suite has brought into the daylight: + + * curl_unescape() could return a too long string + * on ftp transfer failures, there could be memory leaks + * ftp CWD could use bad directory names + * memdebug now uses the mprintf() routines for better portability + * free(NULL) removed when doing resumed transfers + +- Added a bunch of test cases for FTP. + +- General cleanups to make less warnings with gcc -Wall -pedantic. + +- I made the tests/ftpserver.pl work with the most commonly used ftp + operations. PORT, PASV, RETR, STOR, LIST, SIZE, USER, PASS all work now. Now + all I have to do is integrate the ftp server doings in the runtests.pl + script so that ftp tests can be run the same way http tests already run. + +Daniel (20 November 2000) +- Made libcurl capable of dealing with any-length URLs. The former limit of + 4096 bytes was a bit annoying when people wanted to use curl to really make + life tough on a web server. Now, the command line limit is the most annoying + but that can be circumvented by using a config file. + + NOTE: there is still a 4096-byte limit on URLs extracted from Location: + headers. + +- Corrected the spelling of 'resolve' in two error messages. + +- Alexander Kourakos posted a bug report and a patch that corrected it! It + turned out that lynx and wget support lowercase environment variable names + where curl only looked for the uppercase versions. Now curl will use the + lowercase versions if they exist, but if they don't, it'll use the uppercase + versions. + +Daniel (17 November 2000) +- curl_formfree() was added. How come no one missed that one before? I ran the + test suite with the malloc debug enabled and got lots of "nice" warnings on + memory leaks. The most serious one was this. There were also leaks in the + cookie handling, and a few errors when curl failed to connect and similar + things. More tests cases were added to cover up and to verify that these + problems have been removed. + +- Mucho updated config file parser (I'm dead tired of all the bug reports and + weird behaviour I get on the former one). It works slightly differently now, + although I doubt many people will notice the differences. The main + difference being that if you use options that require parameters, they must + both be specified on the same line. With this new parser, you can also + specify long options without '--' and you may separate options and + parameters with : or =. It makes a config file line could look like: + + user-agent = "foobar and something" + + Parameters within quotes may contain spaces. Without quotes, they're + expected to be a single non-space word. + + Had to patch the command line argument parser a little to make this work. + +- Added --url as an option to allow the URL to be specified this way. It makes + way nicer config files. The previous way of specifying URLs in the config + file doesn't work anymore. + +Daniel (15 November 2000) +- Using certain characters in usernames or passwords for HTTP authentication + failed. This was due to the mprintf() that had a silly check for letters, + and if they weren't isprint() they weren't outputed "as-is". This caused + passwords and usernames using '§' (for example) to fail. + +Version 7.4.2 + +Daniel (15 November 2000) +- 'tests/runtests.pl' now sorts the test cases properly when 'all' is used. + +Daniel (14 November 2000) +- I fell over the draft-ietf-ftpext-mlst-12.txt Internet Draft titled + "Extensions to FTP" that contains a defined way how the ftp command SIZE + could be assumed to work. + +- Laurent Papier posted a bug report about using "-C -" and FTP uploading a + file that isn't prsent on the server. The server might then return a 550 and + curl will fail. Should it instead as Laurent Papier suggests, start + uploading from the beginning as a normal upload? + +Daniel (13 November 2000) +- Fixed a crash with the followlocation counter. + +- While writing test cases for the test suite, I discovered an old limitation + that prevented -o and -T to be used at the same time. I removed this + immediately as this has no relevance in the current libcurl. + +- Chris Faherty fixed a free-twice problem in lib/file.c + +- I fixed the perl http server problem in the test suite. + +Version 7.4.2 pre4 + +Daniel (10 November 2000) +- I've (finally) started working on the curl test suite. It is in the new + tests/ directory. It requires sh and perl. There's a TCP server in perl and + most of the other stuff running a pretty simple shell script. + + I've only made four test cases so far, but it proves the system can work. + +- Laurent Papier noticed that curl didn't set TYPE when doing --head checks + for sizes on FTP servers. Some servers seem to return different sizes + depending on whether ASCII or BINARY is used! + +- Laurent Papier detected that if you appended a FTP upload and everything was + already uploaded, curl would hang. + +- Angus Mackay's getpass_r() in lib/getpass.c is now compliant with the + getpass_r() function it seems some systems actually have. + +- Venkataramana Mokkapati detected a bug in the cookie parser and corrected + it. If the cookie was set for the full host name (domain=full.host.com), + the cookie was never sent back because of a faulty length comparison between + the set domain length and the current host name. + +Daniel (9 November 2000) +- Added a configure check for gethostbyname in -lsocket (OS/2 seems to need + it). Added a check for RSAglue/rsaref for the cases where libcrypto is found + but libssl isn't. I haven't verified this fix yet though, as I have no + system that requires those libs to build. + +Version 7.4.2 pre3 + +Daniel (7 November 2000) +- Removed perror() outputs from getpass.c. Angus Mackay also agreed to a + slightly modified license of the getpass.c file as the prototype was changed. + +Daniel (6 November 2000) +- Added possibility to set a password callback to use instead of the built-in. + They're controled with curl_easy_setopt() of course, the tags are + CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA. + +- Used T. Bharath's thinking and fixed the timers that showed terribly wrong + times when location: headers were followed. + +- Emmanuel Tychon discovered that curl didn't really like user names only in + the URL. I corrected this and I also fixed the since long living problem + with URL encoded user names and passwords in the URLs. They should work now. + +Daniel (2 November 2000) +- When I added --interface, the new error code that was added with it was + inserted in the wrong place and thus all error codes from 35 and upwards got + increased one step. This is now corrected, we're back at the previous + numbers. All new exit codes should be added at the end. + +Daniel (1 November 2000) +- Added a check for signal() in the configure script so that if sigaction() + isn't present, we can use signal() instead. + +- I'm having a license discussion going on privately. The issue is yet again + GPL-licensed programs that have problems with MPL. I am leaning towards + making a kind of dual-license that will solve this once and for all... + +Daniel (31 October 2000) +- Added the packages/ directory. I intend to let this contain some docs and + templates on how to generate custom-format packages for various platforms. + I've now removed the RPM related curl.spec files from the archive root. + +Daniel (30 October 2000) +- T. Bharath brought a set of patches that bring new functionality to + curl_easy_getinfo() and curl_easy_setopt(). Now you can request peer + certificate verification with the *setopt() CURLOPT_SSL_VERIFYPEER option + and then use the CURLOPT_CAINFO to set the certificate to verify the remote + peer against. After an such an operation with a verification request, the + *_getinfo() option CURLINFO_SSL_VERIFYRESULT will return information about + whether the verification succeeded or not. + +Daniel (27 October 2000) +- Georg Horn brought us a splendid patch that solves the long-standing + annoying problem with timeouts that made curl exit with silly exit codes + (which as been commented out lately). This solution is sigaction() based and + of course then only works for unixes (and only those unixes that actually + have the sigaction() function). + +Daniel (26 October 2000) +- Björn Stenberg supplied a patch that fixed the flaw mentioned by Kevin Roth + that made the password get echoed when prompted for interactively. The + getpass() function (now known as my_getpass()) was also fixed to not use any + static buffers. This also means we cannot use the "standard" getpass() + function even for those systems that have it, since it isn't thread-safe. + +- Kevin Roth found out that if you'd write a config file with '-v url', the + url would not be used as "default URL" as documented, although if you wrote + it 'url -v' it worked! This has been corrected now. + +- Kevin Roth's idea of using multiple -d options on the same command line was + just brilliant, and I couldn't really think of any reason why we shouldn't + support it! The append function always append '&' and then the new -d + chunk. This enables constructs like the following: + + curl -d name=daniel -d age=unknown foobarsite.com + +Daniel (24 October 2000) +- I fixed the lib/memdebug.c source so that it compiles on Linux and other + systems. It will be useful one day when someone else but me wants to run the + memory debugging system. + +Daniel (23 October 2000) +- I modified the maketgz and configure scripts, so that the configure script + will fetch the version number from the include/curl/curl.h header files, and + then the maketgz doesn't have to rebuild the configure script when I build + release-archives. + +- Björn Stenberg and Linus Nielsen correctly pointed out that curl was silly + enough to not allow @-letters in passwords when they were specified with the + -u or -U flags (CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD). This also + suggests that curl probably should url-decode the password piece of an URL + so that you could pass an encoded @-letter there... + +Daniel (20 October 2000) +- Yet another http server barfed on curl's request that include the port + number in the Host: header always. I now only include the port number if it + isn't the default (80 for HTTP, 443 for HTTPS). www.perl.com turned out to + run one of those nasty servers. + +- The PHP4 module for curl had problems with referer that seems to have been + corrected just yesterday. (Sterling Hughes of the PHP team confirmed this) + +Daniel (17 October 2000) +- Vladimir Oblomov reported that the -Y and -y options didn't work. They + didn't work for me either. This once again proves we should have that test + suite... + +- I finally changed the error message libcurl returns if you try a https:// + URL when the library wasn't build with SSL enabled. It will now return this + error: + "libcurl was built with SSL disabled, https: not supported!" + + I really hope it will make it a bit clearer to users where the actual + problem lies. + +Version 7.4.1 + +Daniel (16 October 2000) +- I forgot to remove some of the malloc debug defines from the makefiles in + the release archive (of course). + +Version 7.4 + +Daniel (16 October 2000) +- The buffer overflow mentioned below was posted to bugtraq on Friday 13th. + +Daniel (12 October 2000) +- Colin Robert Phipps elegantly corrected a buffer overflow. It could be used + by an evil ftp server to crash curl. I took the opportunity of replacing a + few other sprintf()s into snprintf()s as well. + +Daniel (11 October 2000) +- Found some more memory leaks. This new simple memory debugger has turned out + really useful! + +Version 7.4 pre6 + +Daniel (9 October 2000) +- Florian Koenig pointed out that the bool typedef in the curl/curl.h include + file was breaking PHP 4.0.3 compiling. The bool typedef is not used in the + public interface and was wrongly inserted in that header file. + +- Jörg Hartroth corrected a minor memory leak in the src/urlglob.c stuff. It + didn't harm anyone since the memory is free()ed on exit anyway. + +- Corrected the src/main.c. We use the _MPRINTF_REPLACE #define to use our + libcurl-printf() functions. This gives us snprintf() et al on all + platforms. I converted the allocated useragent string to one that uses a + local buffer. + +- I've set an #if 0 section around the Content-Transfer-Encoding header + generated in lib/formdata.c. This will hopefully make curl do more + PHP-friendly multi-part posts. + +Version 7.4 pre5 + +Daniel (9 October 2000) +- Nico Baggus found out that curl's ability to force a ASCII download when + using FTP was no longer working! I corrected this. This problem was probably + introduced when I redesigned libcurl for version 7. + +- Georg Horn provided a source example that proved a memory leak in libcurl. + I added simple memory debugging facilities and now we can make libcurl log + all memory fiddling functions. An additional perl script is used to analyze + the output logfile and to match malloc()s with free()s etc. The memory leak + Georg found turned out to be the main cookie struct that cookie_cleanup() + didn't free! The perl script is named memanalyze.pl and it is available in + the CVS respository, not in the release archive. + +Daniel (8 October 2000) +- Georg Horn found a GetHost() problem. It turned out it never assigned the + pointer in the third argument properly! This could make a crash, or at best + a memory leak! + +Version 7.4 pre4 + +Daniel (6 October 2000) +- Is the -F post following the RFC 1867 spec? We had this dicussion on the + mailing list since it appears curl can't post -F form posts to a PHP + receiver... I've been in touch with the PHP developers about this. + +- Domenico Andreoli found out that the long option '--proxy' wasn't working + anymore! The option parser got confused when I added the --proxytunnel for + 7.3. This was indeed a very old flaw that hasn't turned up until now... + +- Jörn Hartroth provided patches, updated makefiles and two new files for DLL + stuff on win32. He also pointed out that lib source files were compiled with + -I../src which isn't only wrong but plain stupid! + +- Troels Walsted Hansen fixed a problem with HTTP resume. Curl previously used + a local variable badly, that could lead to crashes. + +Version 7.4 pre3 + +Daniel (4 October 2000) +- More docs written. The curl_easy_getinfo.3 man page is now pretty accurate, + as is the -w section in curl.1. I added two options to enable the user to + get information about the received headers' size and the size of the HTTP + request. T. Bharath requested them. + +Daniel (3 October 2000) +- Corrected a sever free() before use in the new add_buffer_send()! ;-) + +Version 7.4 pre2 + +Daniel (3 October 2000) +- Jason S. Priebe sent me patches that changed the way curl issues HTTP + requests. The entire request is now issued in one single shot. It didn't do + this previously, and it has turned out that since the common browsers do it + this way, some sites have turned out to work with browsers but not with + curl! Although this is not a client-side problem, we want to be able to + fully emulate browsers, and thus we have now adjusted the networking layer + to slightly more appear as a browser. I adjusted Jason's patch, the faults + are probably mine. + +Daniel (2 October 2000) +- Anyone who ever uploaded data with curl on a slow link has noticed that the + progess meter is updated very infrequently. That is due to the large buffer + size curl is using. It reads 50Kb and sends it, updates the progress meter + and loops. 50Kb is very much on a slow link, although it is pretty neat to + use on a fast one. + + I've now made an adjustment that makes curl use a 2Kb buffer for uploads to + start with. If curl's average upload speed is faster than buffer size bytes + per second, curl will increase the used buffer size up to max 50Kb. It + should make the progress meter work better. + +Version 7.4 pre1 + +Daniel (29 September 2000) +- Ripped out the -w stuff from the library and put in the curl tool. It gets + all the relevant info from the library using the new curl_easy_getinfo() + function. + +- brad at openbsd.org mailed me a patch that corrected my kerberos mistake and + removed a compiler warning from hostip.c that OpenBSD people get. + +Daniel (28 September 2000) +- Of course (I should probably get punished somehow) I didn't properly correct + the #include lines for the base64 stuff in the kerberos sources in the just + released 7.3 package. They still include the *_krb.h files! Now, the error + is sooo very easy to spot and fix so I won't bother with a quick bug fix + release. I'll post a patch whenever one is needed instead. It'll be + available in the CVS in a few minutes anyway. + +Version 7.3 + +Daniel (28 September 2000) +- Removed the base64_krb.[ch] files. They've now replaced the former + base64.[ch] files. + +Daniel (26 September 2000) +- Updated some docs. + +- I changed the OpenSSL fix to work with older versions as well. The posted + patch was only working with 0.9.6 and no older ones. + +Version 7.3-pre8 + +Daniel (25 September 2000) +- Erdmut Pfeifer informed us that curl didn't build with OpenSSL 0.9.6 and + showed us what needed to get patched in order to make it build properly + again. + +- Dirk Kruschewski found a bug in the cookie parser. I made an alternative + approach to the solution Dirk himself suggested. The bug made a cookie + header that didn't end with a trailing semicolon to not get parsed. + +- I've marked -c and -t deprecated now. If you use any of them, curl will tell + you to use "-C -" or "-T -" instead. I don't think occupying two letters for + nearly identical functions is good use. Also, -T - kind of follows the curl + tradition of using - for stdin where a file name is expected. + +Daniel (23 September 2000) +- Martin Hedenfalk provided the patch that finally made the krb4 ftp upload + work! + +Daniel (21 September 2000) +- The kerberos code is not quite thread-safe yet. There are a few more globals + that need to be take care of. Let's get the upload working first! + +Daniel (20 September 2000) +- Richard Prescott solved another name lookup buffer size problem. I took this + opportunity to rewrite the GetHost() function. With these large buffer + sizes, I think keeping them as local arrays quickly turn ugly. I now use + malloc() to get the buffer memory. Thanks to this, I now can realloc() to a + large buffer in case of demand (errno == ERANGE) in case a solution like + that would become necessary. I still want to avoid that kind of nastiness. + +- Tried to compile and run curl on Linux for alpha and FreeBSD for alpha. Went + as smooth as it could. + +- Added a docs/examples directory with two tiny example sources that show how + to use libcurl. I hope users will supply me with more useful examples + further on. + +- Applied a patch by Jörn Hartroth to no longer use the word 'inteface' in the + config struct in the src/main.c file since certain compilers have that word + "reservered". I figure that is some kind of C++ decease. + +- Updated the curl.1 man page with --interface and --krb4. + +- Modified the base64Encode() function to work like the kerberos one, so that + I could remove the use of that. There is no need for *two* base64 encoding + functions! ;-) + +Version 7.3pre5 + +Daniel (19 September 2000) +- The kerberos4-layer source code that is much "influenced" by the original + krb4 source code, through yafc into curl, was using quite a lot of global + variables. libcurl can't work properly with globals like that why I had to + clean up almost every function in the new security.c to make them use + connection specific variables instead of the globals. I just hope I didn't + destroy anything now... :-) configure updated, version string now reflects + krb4 built-in. It almost works now. Only uploads are still being naughty. + +Version 7.3pre3 + +Daniel (18 September 2000) +- Martin Hedenfalk supplied a major patch that introduces krb4-ftp support to + curl. Martin is the primary author of the ftp client named yafc and he did + not hesitate to help us implement this when I asked him. Many and sincere + thanks to a splendid effort. It didn't even take many hours! + +- Stephen Kick supplied a big patch that introduces the --interface flag to + the curl tool and CURLOPT_INTERFACE for libcurl. It allows you to specify an + outgoing interface to use for your request. This may not work on all + platforms. This needs testing. + +- Richard Prescott noticed that curl on Tru64 unix could core dumped if the + name didn't resolve properly. This was due to the GetHost() function not + returning an error even though it failed on some platforms! + +Daniel (15 September 2000) +- Updated all sorts of documents in regards to the new proxytunnel support. + +Version 7.3pre2 + +Daniel (15 September 2000) +- Kai-Uwe Rommel pointed out a problem in the httpproxytunnel stuff for ftp. + Adjusted it. Added better info message when setting up the tunnel and the + pasv message when doing the second connect. + +Version 7.3pre1 + +Daniel (15 September 2000) +- libcurl now allows "httpproxytunnel" to an arbitrary host and port name. The + second connection on ftp needed that. + +- TheArtOfHTTPScripting was corrected all over. I both type and spell really + bad at times! + +Daniel (14 September 2000) +- -p/--proxytunnel was added to 'curl'. It uses the new + CURLOPT_HTTPPROXYTUNNEL libcurl option that allows "any" protocol to tunnel + through the specified http proxy. At the moment, this should work with ftp. + +Daniel (13 September 2000) +- Jochen Schaeuble found that file:// didn't work as expected. Corrected this + and mailed the patch to the mailing list. + +Daniel (7 September 2000) +- I changed the #define T() in curl.h since it turned out it wasn't really + a good symbol to use (when you compiled PHP with curl as a module, that + define collided with some IMAP define or something). This was posted to the + PHP bug tracker. + +- I added extern "C" stuff in two header files to better allow libcurl usage + in C++ sorces. Discussions on the libcurl list with Danny Horswell lead to + this. + +Version 7.2.1 + +Daniel (31 August 2000) +- Albert Chin-A-Young fixed the configure script *again* and now it seems to + detect Linux name resolving properly! (heard that before?) + +- Troels Walsted Hansen pointed out that downloading a file containing the + letter '+' from an ftp server didn't work. It did work from HTTP though and + the reason was my lame URL decoder. + +- I happened to notice that -I didn't at all work on ftp anymore. I corrected + that. + +Version 7.2 + +Daniel (30 August 2000) +- Understanding AIX is a hard task. I believe I'll never figure out why they + solve things so differently from the other unixes. Now, I'm left with the + AIX 4.3 run-time warnings about duplicate symbols that according to this + article (http://www.geocrawler.com/archives/3/405/1999/9/0/2593428/) is a + libtool flaw. I tried the mentioned patch, although that stops the linking + completely. + + So, if I select to ignore the ld warnings there are compiler warnings that + fill the screen pretty bad when curl compiles. It turns out that if I want + to '#include <arpa/inet.h>', I can get tid of the warnings by include the + following three include files before that one: + + #include <net/if_dl.h> + #include <sys/mbuf.h> + #include <netinet/if_ether.h> + + Now, is it really sane to add those include files before arpa/inet.h in all + the source files that include it? + + Thanks to Albert Chin-A-Young at thewrittenword.com who gave me the AIX + login to try everything on. + +Daniel (24 August 2000) +- Jan Schmidt supplied us a new VC6 makefile for Windows as the previous one + was not up to date but lacked several object files. + +- More work on the naming. + +- Albert Chin-A-Young provided a configure-check for large file support, as + some systems seem to need that for them to work. Had to change the position + for the config.h include file in every .c file in the libcurl dir... + +- As suggested on the mailing list (by Troy Engel), I did use a --data-binary + option instead of the messy way I've left described below. It seems to + work. The libcurl fix remained the same as yesterday. + +Daniel (23 August 2000) +- Back on the -d stripping newlines thing. The 'plain post' thing was added + when I had no thought of that one could actually post binary data with + it. Now, I have to add this functionality in a graceful manner and I think + I've managed to come up with a way: '-d @file;binary' will thus post the + file binary, exactly as its contents are. It is implemented with a new + *setopt() option (CURLOPT_POSTFIELDSIZE) to set the postfield size, since + libcurl can't strlen() the data in these cases. + +- Albert Chin-A-Young made some very serious efforts and all the name + resolving problems seem to have been sorted out now on all the platforms + that previously showed them. I'll make another release now anyday because of + this. + +- The FAQ was much enhanced when it comes to the licensing issues thanks to + Bjorn Reese. + +Daniel (21 August 2000) +- Rick Welykochy pointed out a problem when you use -d to post and you want to + keep the newlines, as curl strips them off as a bonus before posting... + This needs to be addressed. + +Version 7.1.1 + +Daniel (21 August 2000) +- Got more people involved in the gethostbyname_r() mess. Caolan McNamara sent + me configure-code that turned out to be very similar to my existing tests + which only make me more sure I'm on the right path. I changed the order of + the tests slightly, as it seems that some compilers don't yell error if a + function is used with too many parameters. Thus, the first tested function + will seem ok... Let's hope more compilers think of too-few parameters as bad + manners, as we're now trying the functions in that order; fewer first. I + should also add that Lars Hecking mailed me and volunteered to run tests on + a few odd systems. Coalan is keeping his work over at + http://www.csn.ul.ie/~caolan/publink/gethostbyname_r/. Might be handy in the + future as well. + +Daniel (18 August 2000) +- I noticed I hadn't increased the name lookup buffer in lib/ftp.c. I don't + think this is the reason for the continued trouble though. + +Daniel (17 August 2000) +- Fred Noz corrected my stupid mistakes in the gethostbyname_r() fluff. It + should affect some AIX, Digital Unix and HPUX 10 systems. + +Daniel (15 August 2000) +- Mathieu Legare compiled and build 7.1 without errors on both AIX 4.2 as well + as AIX 4.3. Now why did problems occur before? + +- Fred Noz reported a -w/--write-out bug that caused it to malfunction when + used combined with multiple URL retrievales. All but the first display got + screwed up! + +Daniel (11 August 2000) +- Jason Priebe and an anonymous friend found some host names the Linux version + of curl could not resolve. It turned out the buffer used to retrieve that + information was too small. Fixed. One could argue about the usefulness of + not having the slightest trace of a man page for gethostbyname_r() on my + Linux Redhat installation... + +Daniel (10 August 2000) +- Balaji S Rao was first in line to note the missing possibility to replace + the Content-Type: and Content-Length: headers when doing -d posts. I added + the possibility just now. It seems some people wants to do standard posts + using custom Content-Types. + +Daniel (8 August 2000) +- Mike Dowell correctly discovered that curl did not approve of URLs with no + user name but password. As in 'http://:foo@haxx.se'. I corrected this. + +Version 7.1 + +Daniel (7 August 2000) +- My AIX 4 fix does not work. I need help from a AIX 4 hacker. + +- I added my new document in the docs directory. It is aimed to become a sort + of tutorial on how to do HTTP scripting with curl. + +Daniel (4 August 2000) +- Working with Rich Gray on compiling curl for lots of different platforms. + My fix for AIX 3.2 was not good enough and was slightly changed, I had to + move an include file before another, as is now described in the source. + + AIX 4.2 (4.X?) has different gethostbyname_r() and gethostbyaddr_r() + functions that the configure script didn't check for and thus the compile + broke with an error. I have now changed the gethostbyname_r() check in the + configure file to support all three versions of both these functions. My + implementation that uses the AIX-style is though not yet verified and I may + get problems to fix it if it turns out to bug since I don't have access to + any system using that. + + For problems like that, I made the configure script allow --disable-thread + to completely switch off the check for threadsafe versions of a few + functions and thus go with the "good old versions" that tend to work + although will break thread-safeness for libcurl. Most people won't use + libcurl for other things than curl though, and curl doesn't need a + thread-safe lib. + +- Working on my big tutorial about HTTP scripting with curl. + +Daniel (1 August 2000) +- Rich Gray spotted a problem in src/setup.h caused by a #define strequal() + that was just a left-over from passed times. The strequal() is now a true + function supplied by libcurl for a portable case insensitive string + comparison. I added the prototypes in include/curl.h and removed the + now obsolete #define. + +- Igor Khristophorov made a fix to allow resumed download from Sun's + JavaWebServer/1.1.1. It seems that their server sends bad Content-Range + headers. + +- The makefiles forced a static library build, which is bad since we now use + libtool and thus have excellent shared library support! Albert Chin-A-Young + found out. + +Version 7.0.11beta + +Daniel (1 August 2000) +- Albert Chin-A-Young pointed out that 'make install' did not properly create + the header include directory, why it failed to install the header files as + it should. Automake isn't really equipped to deal with subdirectories + without Makefiles in any nice way. I had to run ahead and add Makefiles in + both include and include/curl before I managed to create a top-level + makefile that succeeds in install everything properly! + +- Ok, no more "features" added now. Let's just verify that there's no major + flaws added now. + +Daniel (31 July 2000) +- Both Jeff Schasny and Ketil Froyn asked me how to tell curl not to send one + of those internally generated headers. They didn't settle with the blank + ones you could tell curl to use. I rewrote the header-replace stuff a + little. Now, if you replace an internal header with your own and that new + one is a blank header you will only remove the internal one and not get any + blank. I couldn't figure out any case when you want that blank header. + +Daniel (29 July 2000) +- It struck me that the lib used localtime() which is not thread-safe, so now + I use localtime_r() in the systems that has it. + +- I went through this entire document and removed all email addresses and left + names only. I've really made an effort to always note who brought be bug + reports or fixes, but more and more people ask me to remove the email + addresses since they become victims for spams this way. Gordon Beaton got me + working on this. + +Daniel (27 July 2000) +- Jörn Hartroth found out that when you specified a HTTP proxy in an + environment variable and used -L, curl failed in the second fetch. I + corrected this problem and posted a patch to the list. No need for an extra + beta release just for this. + +Version 7.0.10beta + +Daniel (27 July 2000) +- So, libtool replaced two of my files with symbolic links and I forgot to add + the two new libtool files to the release archive (and they were added as + symlinks as well!) This of course lead to that the configure script failed + on 7.0.9... + +Version 7.0.9beta + +Daniel (25 July 2000) +- Kristian Köhntopp <kris at koehntopp.de> brought a fix that makes libcurl + libtoolified, just as we've wanted for a while now. He also made the + recently added man pages get installed properly on 'make install' and some + other nice cleanups. + +- In a discussion with Eetu Ojanen it struck me that if we use curl to get a + page using a password, and that page then sends a Location: to another + server that curl follows, curl will send the user name and password to that + server as well. + + Now, I'll never be able to make curl do Location: following all that perfect + and you're all sooner or later required to write a script to do several + fetches when you're doing advanced stuff, but now I've modified curl to at + least *only* send the user name and password to the original server. Which + means that if get a page from server A with a password, that forwards curl + to server B, curl won't use the password there. If server B then forwards + curl back to server A again, the password will be used again. + + This is not a perfect implementation, as in a browser case it would only use + the password if the left-prefix of the first path is the same. I just think + that this fix prevents a somewhat lurky "security hole". + + As a side-note in this subject: HTTP passwords are sent in cleartext and + will never be considered to be safe or secure. Use HTTPS for that. + +- As discussed on the mailing list, I converted the FTP response reading + function into using select() which then allows timeouts (even under win32!) + if the command-reply session gets too slow or dies completely. I made a + default timeout on 3600 seconds unless anything else is specified, since I + don't think anyone wants to wait more than that for a single character to + get received... + +- Torsten Foertsch <torsten.foertsch at gmx.net> brought a set of fixes for + the rfc1867 form posts. He introduced 'name=<file' which brings a means to + suuply very large text chunks read from the given file name. It differs from + 'name=@file' in the way that this latter thing is marked in the uploaded + contents as a file upload, while the first is just text (as in a input or + textarea field). Torsten also corrected a bug that would happen if you used + %s or similar in a -F file name. + +- As discovered by Nico Baggus <Nico.Baggus at mail.ing.nl>, when transferring + files to/from FTP using type ASCII curl should not expect the transfer to be + the exact size reported by the server as the file size. Since ASCII may very + well mean that the content is translated while transfered, the final size + may very well differ. Therefor, curl now ignores the file size when doing + ASCII transfers in FTP. + +Daniel (24 July 2000) +- Added CURLOPT_PROXYPORT to the curl_easy_setopt() call to allow the proxy + port number to be set separately from the proxy host name. + +- Andrew <andrew at ugh.net.au> pointed out a netrc manual bug. + +- The FTP transfer code now accepts a 250-code as well as the previously + accepted 226, after a successful file transfer. Mohan <mnair at + evergreen-funds.com> pointed this out. + +- The check for *both* nsl and socket was never added in the v7 configure.in + when I moved the main branch. I re-added that check to configure.in. This was + discovered by Rich Gray. + +- Howard, Blaise <Blaise.Howard at factiva.com> pointed out a missing free() in + curl_disconnect() which of course meant libcurl ate memory. + +- Brian E. Gallew noted that the HTTP 'Host:' header curl sent did not + properly include the port number if non-default ports were used. This should + now have been fixed. + +- HTTP connect errors now return errors earlier. This was most notably causing + problems when the HTTPS certificate had problems and later caused a crash. + Many thanks to Gregory Nicholls <gnicholls at level8.com> for discovering + and suggesting a fix... + +Daniel (21 June 2000) +- After a "bug report" I received where the user was using both -F and -I in a + HTTP request (it severly confused the library I should add), I added some + checks to src/main.c that prevents setting more than one HTTP request + command, no matter what the user wants! ;-) + +Version 7.0.8beta + +Daniel (20 June 2000) +- I did a major replace in many files to use the new curl domain haxx.se + instead of the previous one. + +- As Eetu Ojanen suggested, I finally took the step and now libcurl no longer + makes a POST after it has followed a location. When the initial POST has + been done, it'll turned into a GET for the further requests. This is only + interesting when using -L/--location *and* doing a POST at the same time. + + While messing with this, I added another weird feature I call 'auto + referer'. If you append ';auto' to the right of a given referer string (or + only use that string as referer), libcurl will automatically set the + previoud URL as refered when it follows a Location: and gets a succeeding + document. + +- My hero Rich Gray found the very obscure FTP bug that happened to him only + when passing through a particular firewall and using the PORT command. It + turned out that PORT was the only command in the lib/ftp.c source that + didn't send a proper \r\n sequence but instead used the faulty \n which as + it seemed is supported by most major ftp servers... :-O + +Version 7.0.7beta + +Daniel (16 June 2000) +- I had avoided this long enough now, so I moved the alternative progress bar + stuff from the lib and added it to the client code. This is now using the + recently added progress callback and it seems to work pretty much like + before. Since it is only one progress bar and you and download and upload at + the same time, this bar shows the combined progress of both directions. This + code was just ported from the old place to this, Lars is still our saviour! + ;-) This also made the documentation more accurate since I never removed + this function from any docs! Although I now removed the CURLOPT_PROGRESSMODE + from the library since the lib has only one internal progress meter and it + will never get another. It is although likely that the internal one also + will be moved to the client code in the future (when I have other means of + getting the writeout data and move that too to the client). + +- I took the opportunity to verify that standard progress meter works and I + found out it didn't get inited properly. Grrr. I corrected that as well. + +Daniel (15 June 2000) +- I thought I'd better verify that the -F option still works in v7 and of + course it didn't... :-/ Anyway, I had the problems I could discover + corrected. About one month of beta testing and not a single person has used + this feature with v7? + +- Björn correctly pointed out that the --progress-bar still doesn't work in + v7. Hm. + +Daniel (14 June 2000) +- Tim Tassonis discovered that curl 7 didn't handle normal http POST as it + should. I corrected this. + +Version 7.0.6beta + +Daniel (14 June 2000) +- Björn Stenberg pointed out several problems (related to win32 compiling): + lib/strequal.c had a bad #ifdef for one of the string comparisons (win32) + src/main.c had several minor problems + lib/makefile.m32 had getpass.[co] twice + src/config-win32.h lacked the HAVE_FCNTL_H define + both config-win32.h files now only set the HAVE_UNISTD_H define if the + define MINGW32 is set, and I modified src/makefile.m32 and lib/makefile.m32 + to set it. + +Version 7.0.5beta + +Daniel (14 June 2000) +- Applied Luong Dinh Dung's comments about a few win32 compile problems. + +- Applied Björn Stenberg's suggested fix that turns the win32 stdout to + binary. It won't do it if the -B / --use-ascii option is used. That option + is now an extended version of the previous -B /--ftp--ascii. The flag was + already in use be the ldap as well so the new name fits pretty good. The + libcyrl CURLOPT_TRANSFERTEXT was also introduced as an alias to the now + obsolete CURLOPT_FTPASCII. Can't verify this fix myself as I have no win32 + compiler around. + +Daniel (13 June 2000) +- Luong Dinh Dung <dung at sch.bme.hu> found a problem in curl_easy_cleanup() + since it free()ed the main curl struct *twice*. This is now corrected. + +Daniel (9 June 2000) +- Updated the RESOURCES file, added a README.win32 file. + +Daniel (8 June 2000) +- So I finally added the progress callback to the *setopt() options and it + should work now. I don't have the energy to write any test program for it + right now. +- Made the callback function typedefs public in curl/curl.h for comfort. Just + in case anyone wanna fiddle with such pointers. +- Updated the curl_easy_setopt() man page accordingly. + +Version 7.0.4beta + +Daniel (2 June 2000) +- I noticed that when doing Location: following, we lost custom headers in all + but the first request. +- Removed the 'HttpPost' struct and moved the header stuff to the more generic + curl_slist. +- Added some better slist-cleanups in src/main.c + +Version 7.0.3beta + +Daniel (31 May 2000) +- So I discovered that I released the 7.0.2beta without it being able to + compile under Linux. gethostbyname_r() and gethostbyaddr_r() turned out to + feature a different amount of arguments on different systems so I had to add + a configure check for this and adjust the code slightly. + +Version 7.0.2beta + +Daniel (29 May 2000) +- Corrected the bits.* assignments when using CURLOPT options that only + toggles one of those bits. + +- Applied the huge patches from David LeBlanc <dleblanc at qnx.com> that add + usage of the gethostbyname_r() and similar functions in case they're around, + since that make libcurl much better threadsafe in many systems (such as + solaris). I added the checks for these functions to the configure script. + + I can't explain why, but the inet_ntoa_r() function did not appear in my + Solaris include files, I had to add my own include file for this for now. + +Daniel (22 May 2000) +- Jörn Hartroth brought me fixes to make the win32 version compile properly as + well as a rename of the 'interface' field in the urldata struct, as it seems + to be reserved in some gcc versions! + +- Rich Gray struck back with yet some portability reports. Data General DG/UX + needed a little fix in lib/ldap.c since it doesn't have RTLD_GLOBAL defined. + More fixes are expected as a result of Richies very helpful work. + +Version 7.0.1beta + +Daniel (21 May 2000) +- Updated lots of #defines, enums and variable type names in the library. No + more weird URG or URLTAG prefixes. All types and names should be curl- + prefixed to avoid name space clashes. The FLAGS-parameter to the former + curl_urlget() has been converted into a bunch of flags to use in separate + setopt calls. I'm still focusing on the easy-interface, as the curl tool is + now using that. + +- Bjorn Reese has provided me with an asynchronous name resolver that I plan + to use in upcoming versions of curl to be able to gracefully timeout name + lookups. + +Version 7.0beta + +Daniel (18 May 2000) +- Introduced LIBCURL_VERSION_NUM to the curl.h include file to better allow + source codes to be dependent on the lib version. This define is now set to + a dexadecimal number, with 8 bits each for major number, minor number and + patch number. In other words, version 1.2.3 would make it 0x010203. It also + makes a larger number a newer version. + +Daniel (17 May 2000) +- Martin Kammerhofer correctly pointed out several flaws in the FTP range + option. I corrected them. +- Removed the win32 winsock init crap from the lib to the src/main.c file + in the application instead. They can't be in the lib, especially not for + multithreaded purposes. + +Daniel (16 May 2000) +- Rewrote the src/main.c source to use the new easy-interface to libcurl 7. + There is still more work to do, but the first step is now taken. + <curl/easy.h> is the include file to use. + +Daniel (14 May 2000) +- FTP URLs are now treated slightly different, more according to RFC 1738. +- FTP sessions are now performed differently, with CWD commands to change + directory instead of RETR/STOR/LIST with the full path. Discussions with + Rich Gray made me notice these problems. +- Janne Johansson discovered and corrected a buffer overflow in the + src/usrglob.c file. +- I had to add a lib/strequal.c file for doing case insensitive string + compares on all platforms. + +Daniel (8 May 2000): +- Been working lots on the new lib. +- Together with Rich Gray, I've tried to adjust the configure script to work + better on the NCR MP-RAS Unix. + +Daniel (2 May 2000): +- Albert Chin-A-Young pointed out that I had a few too many instructions in + configure.in that didn't do any good. + +Daniel (24 April 2000): +- Added a new paragraph to the FAQ about what to do when configure can't + find OpenSSL even though it is installed. Supplied by Bob Allison + +Daniel (12 April 2000): +- Started messing around big-time to convert the old library interface to a + better one... + +Daniel (8 April 2000): +- Made the progress bar look better for file sizes between 9999 kilobytes + and 100 megabytes. They're now displayed XX.XM. +- I also noticed that ftp fetches through HTTP proxies didn't add the user + agent string. It does now. +- Habibie <habibie at MailandNews.com> supplied a pretty good way to build RPMs + on a Linux machine. It still a) requires me to be root to do it, b) leaves + the rpm packages laying at some odd place on my disk c) doesn't work to + build the ssl version of curl since I didn't install openssl from an rpm + package so now the rpm crap thinks I don't have openssl and refuses to build + a package that depends on ssl... Did I mention I don't get along with RPM? +- Once again I received a bug report about autoconf not setting -L prior to -l + on the command line when checking for libs. In this case it made the native + cc compiler on Solaris 7 to fail the OpenSSL check. This has previously been + reported to cause problems on HP-UX and is a known flaw in autoconf 2.13. It + is a pity there's no newer release around... + +Daniel (4 April 2000): +- Marco G. Salvagno supplied me with two fixes that + appearantly makes the OS/2 port work better with multiple URLs. + +Daniel (2 April 2000): +- Another Location: fix. This time, when curl connected to a port and then + followed a location with an absolute URL to another port, it misbehaved. + +Daniel (27 March 2000): +- H. Daphne Luong pointed out that curl was wrongly + messing up the proxy string when fetching a document through a http proxy, + which screwed up multiple fetches such as in location: followings. + +Daniel (23 March 2000): +- Marco G. Salvagno corrected my badly applied patch he + actually already told me about! + +- H. Daphne Luong brought me a fix that now makes curl + ignore select() errors in the download if errno is EINTR, which turns out to + happen every now and then when using libcurl multi-threaded... + +Daniel (22 March 2000): +- Wham Bang supplied a couple of win32 fixes. HAVE_UNAME + was accidentally #defined in config-win32.h, which it shouldn't have been. + The HAVE_UNISTD_H is not defined when compiling with the Makefile.vc6 + makefile for MS VC++. + +Daniel (21 March 2000): +- I removed the AC_PROG_INSTALL macro from configure.in, since it appears that + one of the AM_* macros searches for a BSD compatible install already. Janne + Johansson made me aware of this. + +Version 6.5.2 + +Daniel (21 March 2000): +- Paul Harrington quickly pointed out to me that 6.5.1 + crashes hard. I upload 6.5.2 now as quickly as possible! The problem was + the -D adjustments in src/main.c. + +Version 6.5.1 + +Daniel (20 March 2000): +- An anonymous post on sourceforge correctly pointed out a possible buffer + overflow in the curl_unescape() function for URL conversions. The main + problem with this bug is that the ftp download uses that function and this + single- byte overflow could lead to very odd bugs (as one reported by Janne + Johansson). + +Daniel (19 March 2000): +- Marco G. Salvagno supplied me with a series of patches + that now allows curl to get compiled on OS/2. It even includes a section in + the INSTALL file. Very nice job! + +Daniel (17 March 2000): +- Wham Bang supplied a patch for the lib/Makefile.vc6 + file. We still need some fixes for the config-win32.h since it appears that + VC++ and mingw32 have different opinions about (at least) unistd.h's + existence. + +Daniel (15 March 2000): +- I modified the -D/--dump-header workings so that it doesn't write anything + to the file until it needs to. This way, you can actually use -b and -D + on the same file if you want repeated invokes to store and read the cookies + in that one single file. + +- Poked around in lots of texts. Added the BUGS file for bug reporting stuff. + Added the classic HTTP POST question to the FAQ, removed some #ifdef WIN32 + stuff from the sources (they're covered by the config-win32.h now). + +- Pascal Gaudette fixed a missing ldap.c problem in the + Makefile.vc6 file. He also addressed a problem in src/config-win32.h. + +Daniel (14 March 2000): +- Paul Harrington pointed out that the 'http_code' variable in the -w output + was never written. I fixed it now. + +- Janne Johansson reported the complaints that OpenBSD does + when getdate.c #includes malloc.h. It claims stdlib.h should be included + instead. I added #ifdef HAVE_MALLOC_H code in getdate.y and two checks in + the configure.in for malloc.h and stdlib.h. + +Version 6.5 + +Daniel (13 March 2000): +- <curl at spam.wolvesbane.net> pointed out that the way curl sent cookies in a + single line wasn't enjoyed by IIS4.0 servers. In my view, that is not what + the standards say, but I added a white space between the name/value pairs to + perhaps make them work better. + +- Added the perl check back in the configure.in again since the mkhelp.pl + script needs it! + +- Made some beautifications in the curl man page. + +Daniel (3 March 2000): +- Jörn helped me update the config-win32.h files with HAVE_SETVBUF and + HAVE_STRDUP. + +Daniel (3 March 2000): +- Uploaded the 6.5pre2 package. + +Daniel (2 March 2000): +- Removed the perl-programs from the distribution, they never made many people + happy and I'll still keep them available on the web. + +- Added the -w and -N stuff to the man page. Documented the new progress meter + display in README.curl. + +- Jörn Hartroth, Chris <cbayliss at csc.come> and Ulf + Möller from the openssl development team helped bringing me the details for + fixing an OpenSSL usage flaw. It became apparent when they released openssl + 0.9.5 since that barfed on curl's bad behavior (not seeding a random number + thing). + +- Yet another option: -N/--no-buffer disables buffering in the output stream. + Probably most useful for very slow transfers when you really want to get + every byte curl receives within some preferred time. Andrew <tmr at gci.net> + suggested this. + +- Damien Adant mailed me his fixes for making curl compile on Ultrix. + +Daniel (24 February 2000): +- Applied Jörn Hartroth's fixes for config-win32.h and lib/Makefile.w32. + + I should also make a note here, if nothing else to myself, that when using + the %-syntax for variables in DOS command prompts, you must use two %- + letters for each one since that is an escape letter there! Maybe I should + use another letter instead! + +- Added more variables to -w: + + 'http_code' + 'time_namelookup' + 'time_connect' + 'time_pretransfer' + 'url_effective' + +- Made -w@filename read the syntax from a file and -w@- reads the syntax from + stdin in the good old "standard" curl way. + +Daniel (22 February 2000): +- Released a 6.5pre1 version to get some test and user feedback. + +Daniel (21 February 2000): + +- I added the -w/--write-out flag and some variables to go with it. -w is a + single string, whatever you enter there will be written out when curl has + completed a successful request. There are some variable substitutions and + they are specified as '%{variable}' (without the quotes). Variables that + exist as of this moment are: + + total_time - total transfer time in seconds (with 2 decimals) + size_download - total downloaded amount of bytes + size_upload - total uploaded amount of bytes + speed_download - the average speed of the entire download + speed_upload - the average speed of the entire upload + + I will of course add more variables, but I need input on these and others. + +- It struck me that the -# progress bar will be hard to just apply on the new + progress bar concept. I need some feedback on this before that'll get re- + introduced! :-/ + +Daniel (16 February 2000): +- Jörn Hartroth brought me some fixes for the progress meter and I continued + working on it. It seems to work for http download, http post, ftp download + and ftp upload. It should be a pretty good test it works generally good. + +- Still need to add the -# progress bar into the new style progress interface. + +- Gonna have a go at my new output option parameter next. + +Daniel (15 February 2000): +- The progress meter stuff is slowly taking place. There's more left before it + is working ok and everything is tested, but we're reaching there. Slowly! + +Daniel (11 February 2000): +- Paul Marquis fixed the config file parsing of curl to + deal with any-length lines, removing the previous limit of 4K. + +- Eetu Ojanen's suggestion of supporting the @-style for -b + is implemented. Now -b@<filename> works as well as the old style. -b@- also + similarly reads the cookies from stdin. + +- Reminder: -D should not write to the file until it needs to, in the same way + -o does. That would enable curl to use -b and -D on the same file... + +- Ellis Pritchard made getdate.y work for MacOS X. + +- Paul Harrington helped me out finding the crash in the + cookie parser. He also pointed out curl's habit of sending empty cookies to + the server. + +Daniel (8 February 2000): + - Ron Zapp corrected a problem in src/urlglob.c that + prevented curl from getting compiled on sunos 4. The problem had to do + with the difference in sprintf() return code types. + + - Transfer() should now be able to download and upload simultaneously. Let's + do some progress meter fixes later this week. + +Daniel (31 January 2000): + - Paul Harrington found another core dump in the cookie + parser. Curl doesn't properly recognize the 'version' keyword and I think + that is what caused this. I need to refresh some specs on cookies and see + what else curl lacks to improve this a bit more once and for all. + + RFC 2109 clearly specifies how cookies should be dealt with when they are + compliant with that spec. I don't think many servers are though... + + - Mark W. Eichin found that while curl is uploading a form + to a web site, it doesn't read incoming data why it'll hang after a while + since the socket "pipe" becomes full. + + It took me two hours to rewrite Download() and Upload() into the new + single function Transfer(). It even seems to work! More testing is required + of course... I should get the header-sending together in a kind of queue + and let them get "uploaded" in Transfer() as well. + + - Zhibiao Wu pointed out a curl bug in the location: area, + although I did not get a reproducible way to do this why I have to wait + with fixing anything. + + - Bob Schader suggested I should implement resume + support for the HTTP PUT operation, and as I think it is a valid suggestion + I'll work on it. + +Daniel (25 January 2000): + - M Travis Obenhaus pointed out a manual mixup with -y and -Y that was + corrected. + + - Jens Schleusener pointed out a problem to compile + curl on AIX 4.1.4 and gave me a solution. This problem was already fixed + by Jörn's recent #include modifications! + +Daniel (19 January 2000): + - Oskar Liljeblad pointed out and corrected a problem + in the Location: following system that made curl following a location: to a + different protocol to fail. + + At January 31st I re-considered this fix and the surrounding source code. I + could not really see that the patch did any difference, why I removed it + again for further research and debugging. (It disabled location: following + on server not running on default ports.) + + - Jörn Hartroth brought a fix that once again + made it possible to select progress bar. + + - Jörn also fixed a few include problems. + +Version 6.4 + +Daniel (17 January 2000): + - Based on suggestions from Björn Stenberg, I made the + progress deal better with larger files and added a "Time" field which shows + the time spent on the download so far. + - I'm now using the CVS repository on sourceforge.net, which also allows web + browsing. See http://curl.haxx.nu. + +Daniel (10 January 2000): + - Renumbered some enums in curl/curl.h since tag number 35 was used twice! + - Added "postquote" support to the ftp section that enables post-ftp-transfer + quote commands. + - Now made the -Q/--quote parameter recognize '-' as a prefix, which means + that command will be issued AFTER a successful ftp transfer. This can of + course be used to delete or rename a file after it has been uploaded or + downloaded. Use your imagination! ;-) + - Since I do the main development on solaris 2.6 now, I had to download and + install GNU groff to generate the hugehelp.c file. The solaris nroff cores + on the man page! So, in order to make the solaris configure script find a + better result I made gnroff get checked prior to the regular nroff. + - Added all the curl exit codes to the man page. + - Jim Gallagher properly tracked down a bug in autoconf + 2.13. The AC_CHECK_LIB() macro wrongfully uses the -l flag before the -L + flag to 'ld' which causes the HP-UX 10.20 flavour to fail on all libchecks + and therefore you can't make the configure script find the openssl libs! + +Daniel (28 December 1999): + - Tim Verhoeven correctly identified that curl + doesn't support URL formatted file names when getting ftp. Now, there's a + problem with getting very weird file names off FTP servers. RFC 959 defines + that the file name syntax to use should be the same as in the native OS of + the server. Since we don't know the peer server system we currently just + translate the URL syntax into plain letters. It is still better and with + the solaris 2.6-supplied ftp server it works with spaces in the file names. + +Daniel (27 December 1999): + - When curl parsed cookies straight off a remote site, it corrupted the input + data, which, if the downloaded headers were stored made very odd characters + in the saved data. Correctly identified and reported by Paul Harrington. + +Daniel (13 December 1999): + - General cleanups in the library interface. There had been some bad kludges + added during times of stress and I did my best to clean them off. It was + both regarding the lib API as well as include file confusions. + +Daniel (3 December 1999): + - A small --stderr bug was reported by Eetu Ojanen... + + - who also brought the suggestion of extending the -X flag to ftp list as + well. So, now it is and the long option is now --request instead. It is + only for ftp list for now (and the former http stuff too of course). + +Lars J. Aas (24 November 1999): + - Patched curl to compile and build under BeOS. Doesn't work yet though! + + - Corrected the Makefile.am files to allow putting object files in + different directories than the sources. + +Version 6.3.1 + +Daniel (23 November 1999): + - I've had this major disk crash. My good old trust-worthy source disk died + along with the machine that hosted it. Thank goodness most of all the + things I've done are either backed up elsewhere or stored in this CVS + server! + + - Michael S. Steuer pointed out a bug in the -F handling + that made curl hang if you posted an empty variable such as '-F name='. It + was one of those old bugs that never have worked properly... + + - Jason Baietto pointed out a general flaw in the HTTP + download. Curl didn't complain if it was prematurely aborted before the + entire download was completed. It does now. + +Daniel (19 November 1999): + - Chris Maltby very accurately criticized the lack of + return code checks on the fwrite() calls. I did a thorough check for all + occurrences and corrected this. + +Daniel (17 November 1999): + - Paul Harrington pointed out that the -m/--max-time option + doesn't work for the slow system calls like gethostbyname()... I don't have + any good fix yet, just a slightly less bad one that makes curl exit hard + when the timeout is reached. + + - Bjorn Reese helped me point out a possible problem that might be the reason + why Thomas Hurst experience problems in his Amiga version. + + Daniel (12 November 1999): + - I found a crash in the new cookie file parser. It crashed when you gave + a plain http header file as input... + +Version 6.3 + + Daniel (10 November 1999): + - I kind of found out that the HTTP time-conditional GETs (-z) aren't always + respected by the web server and the document is therefore sent in whole + again, even though it doesn't match the requested condition. After reading + section 13.3.4 of RFC 2616, I think I'm doing the right thing now when I do + my own check as well. If curl thinks the condition isn't met, the transfer + is aborted prematurely (after all the headers have been received). + + - After comments from Robert Linden I also rewrote some parts of the man page + to better describe how the -F works. + + - Michael Anti put up a new curl download mirror in + China: http://www.pshowing.com/curl/ + + - I added the list of download mirrors to the README file + + - I did add more explanations to the man page + + Daniel (8 November 1999): + - I made the -b/--cookie option capable of reading netscape formatted cookie + files as well as normal http-header files. It should be able to + transparently figure out what kind of file it got as input. + + Daniel (29 October 1999): + - Another one of Sebastiaan van Erk's ideas (that has been requested before + but I seem to have forgotten who it was), is to add support for ranges in + FTP downloads. As usual, one request is just a request, when they're two + it is a demand. I've added simple support for X-Y style fetches. X has to + be the lower number, though you may omit one of the numbers. Use the -r/ + --range switch (previously HTTP-only). + + - Sebastiaan van Erk suggested that curl should be + able to show the file size of a specified file. I think this is a splendid + idea and the -I flag is now working for FTP. It displays the file size in + this manner: + Content-Length: XXXX + As it resembles normal headers, and leaves us the opportunity to add more + info in that display if we can come up with more in the future! It also + makes sense since if you access ftp through a HTTP proxy, you'd get the + file size the same way. + + I changed the order of the QUOTE command executions. They're now executed + just after the login and before any other command. I made this to enable + quote commands to run before the -I stuff is done too. + + - I found out that -D/--dump-header and -V/--version weren't documented in + the man page. + + - Many HTTP/1.1 servers do not support ranges. Don't ask me why. I did add + some text about this in the man page for the range option. The thread in + the mailing list that started this was initiated by Michael Anti. + + - I get reports about nroff crashes on solaris 2.6+ when displaying the curl + man page. Switch to gnroff instead, it is reported to work(!). Adam Barclay + reported and brought the suggestion. + + - In a dialogue with Johannes G. Kristinsson we came + up with the idea to let -H/--header specified headers replace the + internally generated headers, if you happened to select to add a header + that curl normally uses by itself. The advantage with this is not entirely + obvious, but in Johannes' case it means that he can use another Host: than + the one curl would set. + + Daniel (27 October 1999): + - Jongki Suwandi brought a nice patch for (yet another) crash when following + a location:. This time you had to follow a https:// server's redirect to + get the core. + +Version 6.2 + + Daniel (21 October 1999): + - I think I managed to remove the suspicious (nil) that has been seen just + before the "Host:" in HTTP requests when -v was used. + - I found out that if you followed a location: when using a proxy, without + having specified http:// in the URL, the protocol part was added once again + when moving to the next URL! (The protocol part has to be added to the + URL when going through a proxy since it has no protocol-guessing system + such as curl has.) + - Benjamin Ritcey reported a core dump under solaris 2.6 + with OpenSSL 0.9.4. It turned out this was due to a bad free() in main.c + that occurred after the download was done and completed. + - Benjamin found ftp downloads to show the first line of the download meter + to get written twice, and I removed that problem. It was introduced with + the multiple URL support. + - Dan Zitter correctly pointed out that curl 6.1 and earlier versions didn't + honor RFC 2616 chapter 4 section 2, "Message Headers": "...Field names are + case-insensitive..." HTTP header parsing assumed a certain casing. Dan + also provided me with a patch that corrected this, which I took the liberty + of editing slightly. + - Dan Zitter also provided a nice patch for config.guess to better recognize + the Mac OS X + - Dan also corrected a minor problem in the lib/Makefile that caused linking + to fail on OS X. + + Daniel (19 October 1999): + - Len Marinaccio came up with some problems with curl. Since Windows has a + crippled shell, it can't redirect stderr and that causes trouble. I added + --stderr today which allows the user to redirect the stderr stream to a + file or stdout. + + Daniel (18 October 1999): + - The configure script now understands the '--without-ssl' flag, which now + totally disable SSL/https support. Previously it wasn't possible to force + the configure script to leave SSL alone. The previous functionality has + been retained. Troy Engel helped test this new one. + +Version 6.1 (October 17 1999) + + Daniel (17 October 1999): + - I ifdef'ed or commented all the zlib stuff in the sources and configure + script. It turned out we needed to mock more with zlib than I initially + thought, to make it capable of downloading compressed HTTP documents and + uncompress them on the fly. I didn't mean the zlib parts of curl to become + more than minor so this means I halt the zlib expedition for now and wait + until someone either writes the code or zlib gets updated and better + adjusted for this kind of usage. I won't get into details here, but a + short a summary is suitable: + - zlib can't automatically detect whether to use zlib or gzip + decompression methods. + - zlib is very neat for reading gzipped files from a file descriptor, + although not as nice for reading buffer-based data such as we would + want it. + - there are still some problems with the win32 version when reading from + a file descriptor if that is a socket + + Daniel (14 October 1999): + - Moved the (external) include files for libcurl into a subdirectory named + curl and adjusted all #include lines to use <curl/XXXX> to maintain a + better name space and control of the headers. This has been requested. + + Daniel (12 October 1999): + - I modified the 'maketgz' script to perform a 'make' too before a release + archive is put together in an attempt to make the time stamps better and + hopefully avoid the double configure-running that use to occur. + + Daniel (11 October 1999): + - Applied Jörn's patches that fixes zlib for mingw32 compiles as well as + some other missing zlib #ifdef and more text on the multiple URL docs in + the man page. + +Version 6.1beta + + Daniel (6 October 1999): + - Douglas E. Wegscheid sent me a patch that made the exact same thing as I + just made: the -d switch is now capable of reading post data from a named + file or stdin. Use it similarly to the -F. To read the post data from a + given file: + + curl -d @path/to/filename www.postsite.com + + or let curl read it out from stdin: + + curl -d @- www.postit.com + + Jörn Hartroth (3 October 1999): + - Brought some more patches for multiple URL functionality. The MIME + separation ideas are almost scrapped now, and a custom separator is being + used instead. This is still compile-time "flagged". + + Daniel + - Updated curl.1 with multiple URL info. + + Daniel (30 September 1999): + - Felix von Leitner brought openssl-check fixes for configure.in to work + out-of-the-box when the openssl files are installed in the system default + dirs. + + Daniel (28 September 1999) + - Added libz functionality. This should enable decompressing gzip, compress + or deflate encoding HTTP documents. It also makes curl send an accept that + it accepts that kind of encoding. Compressed contents usually shortens + download time. I *need* someone to tell me a site that uses compressed HTTP + documents so that I can test this out properly. + + - As a result of the adding of zlib awareness, I changed the version string + a little. I plan to add openldap version reporting in there too. + + Daniel (17 September 1999) + - Made the -F option allow stdin when specifying files. By using '-' instead + of file name, the data will be read from stdin. + +Version 6.0 (September 14 1999) + + Daniel (13 September 1999) + - Added -X/--http-request <request> to enable any HTTP command to be sent. + Do not that your server has to support the exact string you enter. This + should possibly a string like DELETE or TRACE. + + - Applied Douglas' mingw32-fixes for the makefiles. + + Daniel (10 September 1999) + - Douglas E. Wegscheid pointed out a problem. Curl didn't check the FTP + servers return code properly after the --quote commands were issued. It + took anything non 200 as an error, when all 2XX codes should be accepted as + OK. + + - Sending cookies to the same site in multiple lines like curl used to do + turned out to be bad and breaking the cookie specs. Curl now sends all + cookies on a single Cookie: line. Curl is not yet RFC 2109 compliant, but I + doubt that many servers do use that syntax (yet). + + Daniel (8 September 1999) + - Jörn helped me make sure it still compiles nicely with mingw32 under win32. + + Daniel (7 September 1999) + - FTP upload through proxy is now turned into a HTTP PUT. Requested by + Stefan Kanthak. + + - Added the ldap files to the .m32 makefile. + + Daniel (3 September 1999) + - Made cookie matching work while using HTTP proxy. + + Bjorn Reese (31 August 1999) + - Passed his ldap:// patch. Note that this requires the openldap shared + library to be installed and that LD_LIBRARY_PATH points to the + directory where the lib will be found when curl is run with a + ldap:// URL. + + Jörn Hartroth (31 August 1999) + - Made the Mingw32 makefiles into single files. + - Made file:// work for Win32. The same code is now used for unix as well for + performance reasons. + + Douglas E. Wegscheid (30 August 1999) + - Patched the Mingw32 makefiles for SSL builds. + + Matthew Clarke (30 August 1999) + - Made a cool patch for configure.in to allow --with-ssl to specify the + root dir of the openssl installation, as in + + ./configure --with-ssl=/usr/ssl_here + + - Corrected the 'reconf' script to work better with some shells. + + Jörn Hartroth (26 August 1999) + - Fixed the Mingw32 makefiles in lib/ and corrected the file.c for win32 + compiles. + +Version 5.11 + + Daniel (25 August 1999) + - John Weismiller pointed out a bug in the header-line + realloc() system in download.c. + + - I added lib/file.[ch] to offer a first, simple, file:// support. It + probably won't do much good on win32 system at this point, but I see it + as a start. + + - Made the release archives get a Makefile in the root dir, which can be + used to start the compiling/building process easier. I haven't really + changed any INSTALL text yet, I wanted to get some feed-back on this + first. + + Daniel (17 August 1999) + - Another Location: bug. Curl didn't do proper relative locations if the + original URL had cgi-parameters that contained a slash. Nusu's page + again. + + - Corrected the NO_PROXY usage. It is a list of substrings that if one of + them matches the tail of the host name it should connect to, curl should + not use a proxy to connect there. Pointed out to me by Douglas + E. Wegscheid. I also changed the README text a little regarding this. + + Daniel (16 August 1999) + - Fixed a memory bug with http-servers that sent Location: to a Location: + page. Nusu's page showed this too. + + - Made cookies work a lot better. Setting the same cookie name several times + used to add more cookies instead of replacing the former one which it + should've. Nusu <nus at intergorj.ro> brought me an URL that made this + painfully visible... + + Troy (15 August 1999) + - Brought new .spec files as well as a patch for configure.in that lets the + configure script find the openssl files better, even when the include + files are in /usr/include/openssl + +Version 5.10 + + Daniel (13 August 1999) + - SSL_CTX_set_default_passwd_cb() has been modified in the 0.9.4 version of + OpenSSL. Now why couldn't they simply add a *new* function instead of + modifying the parameters of an already existing function? This way, we get + a compiler warning if compiling with 0.9.4 but not with earlier. So, I had + to come up with a #if construction that deals with this... + + - Made curl output the SSL version number get displayed properly with 0.9.4. + + Troy (12 August 1999) + - Added MingW32 (GCC-2.95) support under Win32. The INSTALL file was also + a bit rearranged. + + Daniel (12 August 1999) + - I had to copy a good <arpa/telnet.h> include file into the curl source + tree to enable the silly win32 systems to compile. The distribution rights + allows us to do that as long as the file remains unmodified. + + - I corrected a few minor things that made the compiler complain when + -Wall -pedantic was used. + + - I'm moving the official curl web page to http://curl.haxx.nu. I think it + will make it easier to remember as it is a lot shorter and less cryptic. + The old one still works and shows the same info. + + Daniel (11 August 1999) + - Albert Chin-A-Young mailed me another correction for NROFF in the + configure.in that is supposed to be better for IRIX users. + + Daniel (10 August 1999) + - Albert Chin-A-Young helped me with some stupid Makefile things, as well as + some fiddling with the getdate.c stuff that he had problems with under + HP-UX v10. getdate.y will now be compiled into getdate.c if the appropriate + yacc or bison is found by the configure script. Since this is slightly new, + we need to test the output getdate.c with win32 systems to make sure it + still compiles there. + + Daniel (5 August 1999) + - I've just setup a new mailing list with the intention to keep discussions + around libcurl development in it. I mainly expect it to be for thoughts and + brainstorming around a "next generation" library, rather than nitpicking + about the current implementation or details in the current libcurl. + + To join our happy bunch of future-looking geeks, enter 'subscribe + <address>' in the body of a mail and send it to + libcurl-request@listserv.fts.frontec.se. Curl bug reports, the usual curl + talk and everything else should still be kept in this mailing list. I've + started to archive this mailing list and have put the libcurl web page at + www.fts.frontec.se/~dast/libcurl/. + + - Stefan Kanthak contacted me regarding a few problems in the configure + script which he discovered when trying to make curl compile and build under + Siemens SINIX-Z V5.42B2004! + + - Marcus Klein very accurately informed me that src/version.h was not present + in the CVS repository. Oh, how silly... + + - Linus Nielsen rewrote the telnet:// part and now curl offers limited telnet + support. If you run curl like 'curl telnet://host' you'll get all output on + the screen and curl will read input from stdin. You'll be able to login and + run commands etc, but since the output is buffered, expect to get a little + weird output. + + This is still in its infancy and it might get changed. We need your + feed-back and input in how this is best done. + + WIN32 NOTE: I bet we'll get problems when trying to compile the current + lib/telnet.c on win32, but I think we can sort them out in time. + + - David Sanderson reported that FORCE_ALLOCA_H or HAVE_ALLOCA_H must be + defined for getdate.c to compile properly on HP-UX 11.0. I updated the + configure script to check for alloca.h which should make it. + + Daniel (4 August 1999) + - I finally got to understand Marcus Klein's ftp download resume problem, + which turns out to be due to different outputs from different ftp + servers. It makes ftp download resuming a little trickier, but I've made + some modifications I really believe will work for most ftp servers and I do + hope you report if you have problems with this! + + - Added text about file transfer resuming to README.curl. + + Daniel (2 August 1999) + - Applied a progress-bar patch from Lars J. Aas. It offers + a new styled progress bar enabled with -#/--progress-bar. + + T. Yamada <tai at imasy.or.jp> (30 July 1999) + - It breaks with segfault when 1) curl is using .netrc to obtain + username/password (option '-n'), and 2) is automatically redirected to + another location (option '-L'). + + There is a small bug in lib/url.c (block starting from line 641), which + tries to take out username/password from user- supplied command-line + argument ('-u' option). This block is never executed on first attempt since + CONF_USERPWD bit isn't set at first, but curl later turns it on when it + checks for CONF_NETRC bit. So when curl tries to redo everything due to + redirection, it segfaults trying to access *data->userpwd. + +Version 5.9.1 + + Daniel (30 July 1999) + - Steve Walch pointed out that there is a memory leak in the formdata + functions. I added a FormFree() function that is now used and supposed to + correct this flaw. + + - Mark Wotton reported: + 'curl -L https://www.cwa.com.au/' core dumps. I managed to cure this by + correcting the cleanup procedure. The bug seems to be gone with my OpenSSL + 0.9.2b, although still occurs when I run the ~100 years old SSLeay 0.8.0. I + don't know whether it is curl or SSLeay that is to blame for that. + + - Marcus Klein: + Reported an FTP upload resume bug that I really can't repeat nor understand. + I leave it here so that it won't be forgotten. + + Daniel (29 July 1999) + - Costya Shulyupin suggested support for longer URLs when following Location: + and I could only agree and fix it! + + - Leigh Purdie found a problem in the upload/POST department. It turned out + that http.c accidentaly cleared the pointer instead of the byte counter + when supposed to. + + - Costya Shulyupin pointed out a problem with port numbers and Location:. If + you had a server at a non-standard port that redirected to an URL using a + standard port number, curl still used that first port number. + + - Ralph Beckmann pointed out a problem when using both CONF_FOLLOWLOCATION + and CONF_FAILONERROR simultaneously. Since the CONF_FAILONERROR exits on + the 302-code that the follow location header outputs it will never show any + html on location: pages. I have now made it look for >=400 codes if + CONF_FOLLOWLOCATION is set. + + - 'struct slist' is now renamed to 'struct curl_slist' (as suggested by Ralph + Beckmann). + + - Joshua Swink and Rick Welykochy were the first to point out to me that the + latest OpenSSL package now have moved the standard include path. It is now + in /usr/local/ssl/include/openssl and I have now modified the --enable-ssl + option for the configure script to use that as the primary path, and I + leave the former path too to work with older packages of OpenSSL too. + + Daniel (9 June 1999) + - I finally understood the IRIX problem and now it seem to compile on it! + I am gonna remove those #define strcasecmp() things once and for all now. + + Daniel (4 June 1999) + - I adjusted the FTP reply 227 parser to make the PASV command work better + with more ftp servers. Appearantly the Roxen Challanger server replied + something curl 5.9 could deal with! :-( Reported by Ashley Reid-Montanaro + and Mark Butler brought a solution for it. + + Daniel (26 May 1999) + - Rearranged. README is new, the old one is now README.curl and I added a + README.libcurl with text I got from Ralph Beckmann. + + - I also updated the INSTALL text. + + Daniel (25 May 1999) + - David Jonathan Lowsky correctly pointed out that curl didn't properly deal + with form posting where the variable shouldn't have any content, as in curl + -F "form=" www.site.com. It was now fixed. + +Version 5.9 (May 22 1999) + + Daniel (22 May 1999) + - I've got a bug report from Aaron Scarisbrick in which he states he has some + problems with -L under FreeBSD 3.0. I have previously got another bug + report from Stefan Grether which points at an error with similar sympthoms + when using win32. I made the allocation of the new url string a bit faster + and different, don't know if it actually improves anything though... + + Daniel (20 May 1999) + - Made the cookie parser deal with CRLF newlines too. + + Daniel (19 May 1999) + - Download() didn't properly deal with failing return codes from the sread() + function. Adam Coyne found the problem in the win32 version, and Troy Engel + helped me out isolating it. + + Daniel (16 May 1999) + - Richard Adams pointed out a bug I introduced in 5.8. --dump-header doesn't + work anymore! :-/ I fixed it now. + + - After a suggestion by Joshua Swink I added -S / --show-error to force curl + to display the error message in case of an error, even if -s/--silent was + used. + + Daniel (10 May 1999) + - I moved the stuff concerning HTTP, DICT and TELNET it their own source + files now. It is a beginning on my clean-up of the sources to make them + layer all those protocols better to enable more to be added easier in the + future! + + - Leon Breedt sent me some files I've not put into the main curl + archive. They're for creating the Debian package thingie. He also sent me a + debian package that I've made available for download at the web page + + Daniel (9 May 1999) + - Made it compile on cygwin too. + + Troy Engel (7 May 1999) + - Brought a series of patches to allow curl to compile smoothly on MSVC++ 6 + again! + + Daniel (6 May 1999) + - I changed the #ifdef HAVE_STRFTIME placement for the -z code so that it + will be easier to discover systems that don't have that function and thus + can't use -z successfully. Made the strftime() get used if WIN32 is defined + too. + +Version 5.8 + + Daniel (5 May 1999) + - I've had it with this autoconf/automake mess. It seems to work allright + for most people who don't have automake installed, but for those who have + there are problems all over. + + I've got like five different bug reports on this only the last + week... Claudio Neves and Federico Bianchi and root <duggerj001 at + hawaii.rr.com> are some of them reporting this. + + Currently, I have no really good fix since I want to use automake myself to + generate the Makefile.in files. I've found out that the @SHELL@-problems + can often be fixed by manually invoking 'automake' in the archive root + before you run ./configure... I've hacked my maketgz script now to fiddle + a bit with this and my tests seem to work better than before at least! + + Daniel (4 May 1999) + - mkhelp.pl has been doing badly lately. I corrected a case problem in + the regexes. + + - I've now remade the -o option to not touch the file unless it needs to. + I had to do this to make -z option really fine, since now you can make a + curl fetch and use a local copy's time when downloading to that file, as + in: + + curl -z dump -o dump remote.site.com/file.html + + This will only get the file if the remote one is newer than the local. + I'm aware that this alters previous behaviour a little. Some scripts out + there may depend on that the file is always touched... + + - Corrected a bug in the SSLv2/v3 selection. + + - Felix von Leitner requested that curl should be able to send + "If-Modified-Since" headers, which indeed is a fair idea. I implemented it + right away! Try -z <expression> where expression is a full GNU date + expression or a file name to get the date from! + + Stephan Lagerholm (30 Apr 1999) + - Pointed out a problem with the src/Makefile for FreeBSD. The RM variable + isn't set and causes the make to fail. + + Daniel (26 April 1999) + - Am I silly or what? Irving Wolfe pointed out to me that the curl version + number was not set properly. Hasn't been since 5.6. This was due to a bug + in my maketgz script! + + David Eriksson (25 Apr 1999) + - Found a bug in cookies.c that made it crash at times. + +Version 5.7.1 + + Doug Kaufman (23 Apr 1999) + - Brought two sunos 4 fixes. One of them being the hostip.c fix mentioned + below and the other one a correction in include/stdcheaders.h + + - Added a paragraph about compiling with the US-version of openssl to the + INSTALL file. + + Daniel + - New mailing list address. Info updated on the web page as well as in the + README file + + Greg Onufer (20 Apr 1999) + - hostip.c didn't compile properly on SunOS 5.5.1. + It needs an #include <sys/types.h> + +Version 5.7 + + Daniel (Apr 20 1999) + - Decided to upload a non-beta version right now! + + - Made curl support any-length HTTP headers. The destination buffer is now + simply enlarged every time it turns out to be too small! + + - Added the FAQ file to the archive. Still a bit smallish, but it is a + start. + + Eric Thelin (15 Apr 1999) + - Made -D accept '-' instead of filename to write to stdout. + +Version 5.6.3beta + + Daniel (Apr 12 1999) + + - Changed two #ifdef WIN32 to better #ifdef <errorcode> when connect()ing + in url.c and ftp.c. Makes cygwin32 deal with them better too. We should + try to get some decent win32-replacement there. Anyone? + + - The old -3/--crlf option is now ONLY --crlf! + + - I changed the "SSL fix" to a more lame one, but that doesn't remove as + much functionality. Now I've enabled the lib to select what SSL version it + should try first. Appearantly some older SSL-servers don't like when you + talk v3 with them so you need to be able to force curl to talk v2 from the + start. The fix dated April 6 and posted on the mailing list forced curl to + use v2 at all times using a modern OpenSSL version, but we don't really + want such a crippled solution. + + - Marc Boucher sent me a patch that corrected a math error for the + "Curr.Speed" progress meter. + + - Eric Thelin sent me a patch that enables '-K -' to read a config file from + stdin. + + - I found out we didn't close the file properly before so I added it! + + Daniel (Apr 9 1999) + - Yu Xin pointed out a problem with ftp download resume. It didn't work at + all! ;-O + + Daniel (Apr 6 1999) + - Corrected the version string part generated for the SSL version. + + - I found a way to make some other SSL page work with openssl 0.9.1+ that + previously didn't (ssleay 0.8.0 works with it though!). Trying to get + some real info from the OpenSSL guys to see how I should do to behave the + best way. SSLeay 0.8.0 shouldn't be that much in use anyway these days! + +Version 5.6.2beta + + Daniel (Apr 4 1999) + - Finally have curl more cookie "aware". Now read carefully. This is how + it works. + To make curl read cookies from an already existing file, in plain header- + format (like from the headers of a previous fetch) invoke curl with the + -b flag like: + + curl -b file http://site/foo.html + + Curl will then use all cookies it finds matching. The old style that sets + a single cookie with -b is still supported and is used if the string + following -b includes a '=' letter, as in "-b name=daniel". + + To make curl read the cookies sent in combination with a location: (which + sites often do) point curl to read a non-existing file at first (i.e + to start with no existing cookies), like: + + curl -b nowhere http://site/setcookieandrelocate.html + + - Added a paragraph in the TODO file about the SSL problems recently + reported. Evidently, some kind of SSL-problem curl may need to address. + + - Better "Location:" following. + + Douglas E. Wegscheid (Tue, 30 Mar 1999) + - A subsecond display patch. + + Daniel (Mar 14 1999) + - I've separated the version number of libcurl and curl now. To make + things a little easier, I decided to start the curl numbering from + 5.6 and the former version number known as "curl" is now the one + set for libcurl. + + - Removed the 'enable-no-pass' from configure, I doubt anyone wanted + that. + + - Made lots of tiny adjustments to compile smoothly with cygwin under + win32. It's a killer for porting this to win32, bye bye VC++! ;-) + Compiles and builds out-of-the-box now. See the new wordings in + INSTALL for details. + + - Beginning experiments with downloading multiple document from a http + server while remaining connected. + +Version 5.6beta + + Daniel (Mar 13 1999) + - Since I've changed so much, I thought I'd just go ahead and implement the + suggestion from Douglas E. Wegscheid. -D or --dump-header is now storing + HTTP headers separately in the specified file. + + - Added new text to INSTALL on what to do to build this on win32 now. + + - Aaargh. I had to take a step back and prefix the shared #include files + in the sources with "../include/" to please VC++... + + Daniel (Mar 12 1999) + - Split the url.c source into many tiny sources for better readability + and smaller size. + + Daniel (Mar 11 1999) + - Started to change stuff for a move to make libcurl and a more separate + curl application that uses the libcurl. Made the libcurl sources into + the new lib directory while the curl application will remain in src as + before. New makefiles, adjusted configure script and so. + + libcurl.a built quickly and easily. I better make a better interface to + the lib functions though. + + The new root dir include/ is supposed to contain the public information + about the new libcurl. It is a little ugly so far :-) + + + Daniel (Mar 1 1999) + - Todd Kaufmann sent me a good link to Netscape's cookie spec as well as the + info that RFC 2109 specifies how to use them. The link is now in the + README and the RFC in the RESOURCES. + + Daniel (Feb 23 1999) + - Finally made configure accept --with-ssl to look for SSL libs and includes + in the "standard" place /usr/local/ssl... + + Daniel (Feb 22 1999) + - Verified that curl linked fine with OpenSSL 0.9.1c which seems to be + the most recent. + + Henri Gomez (Fri Feb 5 1999) + - Sent in an updated curl-ssl.spec. I still miss the script that builds an + RPM automatically... + +Version 5.5.1 + + Mark Butler (27 Jan 1999) + - Corrected problems in Download(). + + Danitel Stenberg (25 Jan 1999) + - Jeremie Petit pointed out a few flaws in the source that prevented it from + compile warning free with the native compiler under Digital Unix v4.0d. + +Version 5.5 + + Daniel Stenberg (15 Jan 1999) + - Added Bjorns small text to the README about the DICT protocol. + + Daniel Stenberg (11 Jan 1999) + - <jswink at softcom.net> reported about the win32-versioin: "Doesn't use + ALL_PROXY environment variable". Turned out to be because of the static- + buffer nature of the win32 environment variable calls! + + Bjorn Reese (10 Jan 1999) + - I have attached a simple addition for the DICT protocol (RFC 2229). + It performs dictionary lookups. The output still needs to be better + formatted. + + To test it try (the exact format, and more examples are described in + the RFC) + + dict://dict.org/m:hello + dict://dict.org/m:hello::soundex + + + Vicente Garcia (10 Jan 1999) + - Corrected the progress meter for files larger than 20MB. + + Daniel Stenberg (7 Jan 1999) + - Corrected the -t and -T help texts. They claimed to be FTP only. + +Version 5.4 + + Daniel Stenberg + (7 Jan 1999) + - Irving Wolfe reported that curl -s didn't always supress the progress + reporting. It was the form post that autoamtically always switched it on + again. This is now corrected! + + (4 Jan 1999) + - Andreas Kostyrka suggested I'd add PUT and he helped me out to test it. If + you use -t or -T now on a http or https server, PUT will be used for file + upload. + + I removed the former use of -T with HTTP. I doubt anyone ever really used + that. + + (4 Jan 1999) + - Erik Jacobsen found a width bug in the mprintf() function. I corrected it + now. + + (4 Jan 1999) + - As John V. Chow pointed out to me, curl accepted very limited URL sizes. It + should now accept path parts that are up to at least 4096 bytes. + + - Somehow I screwed up when applying the AIX fix from Gilbert Ramirez, so + I redid that now. + +Version 5.3a (win32 only) + + Troy Engel + - Corrected a win32 bug in the environment variable part. + +Version 5.3 + + Gilbert Ramirez Jr. (21 Dec 1998) + - I have implemented the "quote" function of FTP clients. It allows you to + send arbitrary commands to the remote FTP server. I chose the -Q/--quote + command-line arguments. + + You can have more than one quoted string, and curl will apply them in + order. This is what I use for my MVS upload: + + curl -B --crlf -Q "site lrecl=80" -Q "site blk=8000" -T file ftp://os390/test + + Curl will send the two quoted "site" commands in the proper order. + + - Made it compile smoothly on AIX. + + Gilbert Ramirez Jr. (18 Dec 1998) + - Brought an MVS patch: -3/--mvs, for ftp upload to the MVS ftp server. + + Troy Engel (17 Dec 1998) + - Brought a correction that fixes the win32 curl bug. + + Daniel Stenberg + - A bug, pointed out to me by Dr H. T. Leung, caused curl to crash on the -A + flag on certain systems. Actually, all systems should've! + + - Added a few defines to make directories/file names get build nicer (with _ + instead of . and \ instead of / in win32). + + - steve <fisk at polar.bowdoin.edu> reported a weird bug that occured if the + ftp server response line had a parenthesis on the line before the (size) + info. I hope it works better now! + +Version 5.2.1 + + Steven G. Johnson (Dec 14, 1998) + - Brought a fix that corrected a crash in 5.2 due to bad treatment of the + environment variables. + +Version 5.2 + + Daniel Stenberg (Dec 14, 1998) + - Rewrote the mkhelp script and now, the mkhelp.pl script generates the + hugehelp.c file from the README *and* the man page file curl.1. By using + both files, I no longer need to have double information in both the man + page and the README as well. So, win32-users will only have the hugehelp.c + file for all info, but then, they download the plain binary most times + anyway. + + - gcc2.8.1 with the -Wall flag complaints a lot on subscript has type `char' + if I don't explicitly typecast the argument to isdigit() or isspace() to + int. So I did to compile warning free with that too. + + - Added checks for 'long double' and 'long long' in the configure script. I + need those for the mprintf.c source to compile well on non long long + comforming systems! + +Version 5.1 (not publicly released) + + Daniel Stenberg (Dec 10, 1998) + - I got a request for a pre-compiled NT Alpha version. Anyone? + + - Added Lynx/CERN www lib proxy environment variable support. That means curl + now reads and understands the following environment variables: + + HTTP_PROXY, HTTPS_PROXY, FTP_PROXY, GOPHER_PROXY + + They should be set for protocol-specific proxies. General proxy should be + set with + + ALL_PROXY + + And a comma-separated list of host names that shouldn't go through any + proxy is set in (only an asterisk, '*' matches all hosts). + + NO_PROXY + + The usage of the -x/--proxy flag overrides the environment variables. + + - Proxy can now be specified with a procotol:// prefix. + + - Wrote the curl.1 man page. + + - Introduced a whole new dynamic buffer system for all sprintf()s. It is + based on the *printf() package by yours truly and Bjorn Reese. Hopefully, + there aren't that many buffer overflow risks left now. + + - Ah, I should mention I've compiled and built curl successfully under + solaris 2.6 with gcc now, gcc 2.7.2 won't work but 2.8.1 did ok. + + Oren Tirosh (Dec 3, 1998) + - Brought two .spec files, to use when creating (Linux) Redhat style RPM + packages. They're named curl.spec and curl-ssl.spec. + + Troy Engel + - Supplied the src/Makefile.vc6 for easy compiling with VC++ under Win32. + +Version 5.0 + + Daniel Stenberg (Dec 1, 1998) + - Not a single bug report in ages. + - Corrected getpass.c and main.c to compile warning and error free with the + Win32 VC++ crap. + +Version 5.0 beta 24 + + Daniel Stenberg (Nov 20, 1998) + + HOW TO BUILD A RELEASE ARCHIVE: + + * Pre-requisite software: + What To build what Reads data from + ==== ============= =============== + GNU automake Makefile.in, aclocal.m4 configure.in + GNU make(1) - " - + GNU gcc(1) - " - + GNU autoconf configure configure.in + GNU autoheader(2) config.h.in configure.in, acconfig.h + + * Make sure all files that should be part of the archive are put in FILES. + + * Run './maketgz' and enter version number of the new to become archive. + + maketgz does: + + - Enters the newly created version number in url.h. + - (If you don't have automake, this script will warn about that, but unless + you have changed the Makefile.am files, that is nothing to care about.) + If you have it, it'll run it. + - If you have autoconf, the configure.in will be edited to get the newly + created version number and autoconf will be run. + - Creates a new directory named curl-<version>. (Actually, it uses the base + name of the current directory up to the first '-'.) + - Copies all files mentioned in FILES to the new directory. Saving + permissions and directory structure. + - Uses tar to create an archive of it all, named curl-<version>.tar.gz + - gzips the archive + - Removes the new directory and all its contents. + + * When done, you have an archive stored in your directory named + curl-<version>.tar.gz. + + Done! + + (1) They're required to make automake run properly. + (2) It is distributed as a part of the GNU autoconf archive. + + Daniel Stenberg (Nov 18, 1998) + - I changed the TAG-system. If you ever used urlget() from this package in + another product, you need to recompile with the new headers. I did this + new stuff to better deal with different compilers and system with different + variable sizes. I think it makes it a little more portable. This proves + to compile warning free with the problematic IRIX compiler! + - Win32 compiled with a silly error. Corrected now. + - Brian Chaplin reported yet another problem in + multiline FTP responses. I've tried to correct it. I mailed him a new + version and I hope he gets back soon with positive feedback! + - Improved the 'maketgz' to create a temporary directory tree which it makes + an archive from instead of the previous renaming of the current one. + - Mailing list opened (see README). + - Made -v more verbose on the PASV section of ftp transfers. Now it tells + host name and IP of the new host (and port number). I also added a section + about PORT vs PASV in the README. + +Version 5.0 beta 21 + + Angus Mackay (Nov 15, 1998) + - Introduced automake stuff. + + Daniel Stenberg (Nov 13, 1998) + - Just made a successful GET of a document from an SSL-server using my own + private certificate for authentication! The certificate has to be in PEM + format. You do that the easiest way (although not *that* easy) by + downloading the SSLyeay PKCS#12-patch by Dr Stephen N. Henson from his site + at: http://www.drh-consultancy.demon.co.uk/. Using his tool, you can + convert any modern Netscape or (even) MSIE certificate to PEM-format. Use + it with 'curl -E <certificate:password> https://site.com'. If this isn't a + cool feature, then I don't know what cool features look like! ;-) + - Working slowly on telnet connections. #define TRY_TELNET to try it out. + (curl -u user:passwd "telnet://host.com/cat .login" is one example) I do + have problem to define how it should work. The prime purpose for this must + be to get (8bit clean) files via telnet, and it really isn't that easy to + get files this way. Still having problems with \n being converted to \r\n. + + Angus Mackay (Nov 12, 1998) + - Corrected another bug in the long parameter name parser. + - Modified getpass.c (NOTE: see the special licensing in the top of that + source file). + + Daniel Stenberg (Nov 12, 1998) + - We may have removed the silly warnings from url.c when compiled under IRIX. + Thanks again to Bjorn Reese and Martin Staael. + - Wrote formfind.pl which is a new perl script intended to help you find out + how a FORM submission should be done. This needs a little more work to get + really good. + + Daniel Stenberg (Nov 11, 1998) + - Made the HTTP header-checker accept white spaces before the HTTP/1.? line. + Appearantly some proxies/sites add such at times (my test proxy did when I + downloaded a gopher page with it)! + - Moved the former -h to -M and made -h show the short help text instead. I + had to enable a forced help text option. Now an even shorter help text will + be presented when an unknown option and similar, is used. + - stdcheaders.h didn't work with IRIX 6.4 native cc compiler. I hope my + changes don't make other versions go nuts instead. + + Daniel Stenberg (Nov 10, 1998) + - Added a weird check in the configure script to check for the silly AIX + warnings about my #define strcasecmp() stuff. I do that define to prevent + me and other contributors to accidentaly use that function name instead + of strequal()... + - I bugfixed Angus's getpass.c very little. + - Fixed the verbose flag names to getopt-style, i.e 'curl --loc' will be + sufficient instead of --location as "loc" is a unique prefix. Also, anything + after a '--' is treated as an URL. So if you do have a host with a weeeird + name you can do 'curl -- -host.com'. + - Another getopt-adjust; curl now accepts flags after the URL on the command + line. 'curl www.foo.com -O' is perfectly valid. + - Corrected the .curlrc parser so that strtok() is no longer used and I + believe it works better. Even URLs can be specified in it now. + + Angus Mackay (Nov 9, 1998) + - Replaced getpass.c with a newly written one, not under GPL license + - Changed OS to a #define in config.h instead of compiler flag + - Makefile now uses -DHAVE_CONFIG_H + + Daniel Stenberg (Nov 9, 1998) + - Ok, I expanded the tgz-target to update the version string on each occation + I build a release archive! + - I reacted on Angus Mackay's initiative and remade the parameter parser to + be more getopt compliant. Curl now supports "merged" flags as in + curl -lsv ftp.site.com + Do note that I had to move three short-names of the options. Parameters + that needs an additional string such as -x must be stand-alone or the + last in a merged sequence: + curl -lsx my-proxy ftp.site.com + is ok, but using the flags in a different order like '-lxs' would cause + unexpected results (as the 's' option would be skipped). + - I've changed the headers in all files that are subject to the MozPL + license, as they are supposed to look like when conforming. + - Made the configure script make the config.h. The former config.h is now + setup.h. + - The RESOURCES and TODO files have been added to the archive. + + Angus Mackay (Nov 5, 1998) + - Fixed getpass.c and various configure stuff + + Daniel Stenberg (Nov 3, 1998) + - Use -H/--header for custom HTTP-headers. Lets you pass on your own + specified headers to the remote server. I wouldn't recommend trying to use + a header with a defined usage according to standards. Use this flag once + for every custom header you want to add. + - Use -B/--ftp-ascii to force ftp to use ASCII mode when transfering files. + - Corrected the 'getlinks.pl' script, I accidentally left my silly proxy + usage in there! Since the introduction of the .curlrc file, it is easier to + write scripts that use curl since proxies and stuff should be in the + .curlrc file anyway. + - Introducing the new -F flag for HTTP POST. It supports multipart/form-data + which means it is gonna be possible to upload files etc through HTTP POST. + Shiraz Kanga asked for the feature and my brother, + Björn Stenberg helped me design the user + interface for this beast. This feature requires quite some docs, + since it has turned out not only quite capable, but also complicated! :-) + - A note here, since I've received mail about it. SSLeay versions prior to + 0.8 will *not* work with curl! + - Wil Langford reported a bug that occurred since curl + did not properly use CRLF when issuing ftp commands. I fixed it. + - Rearranged the order config files are read. .curlrc is now *always* read + first and before the command line flags. -K config files then act as + additional config items. + - Use -q AS THE FIRST OPTION specified to prevent .curlrc from being read. + - You can now disable a proxy by using -x "". Useful if the .curlrc file + specifies a proxy and you wanna fetch something without going through + that. + - I'm thinking of dropping the -p support. Its really not useful since ports + could (and should?) be specified as :<port> appended on the host name + instead, both in URLs and to proxy host names. + - Martin Staael reports curl -L bugs under Windows NT + (test with URL http://come.to/scsde). This bug is not present in this + version anymore. + - Added support for the weird FTP URL type= thing. You can download a file + using ASCII transfer by appending ";type=A" to the right of it. Other + available types are type=D for dir-list (NLST) and type=I for binary + transfer. I can't say I've ever seen anyone use this kind of URL though! + :-) + - Troy Engel pointed out a bug in my getenv("HOME") + usage for win32 systems. I introduce getenv.c to better cope with + this. Mr Engel helps me with the details around that... + - A little note to myself and others, I should make the win32-binary built + with SSL support... + - Ryan Nelson sent me comments about building curl + with SSL under FreeBSD. See the Makefile for details. Using the configure + script, it should work better and automatically now... + - Cleaned up in the port number mess in the source. No longer stores and uses + proxy port number separate from normal port number. + - 'configure' script working. Confirmed compiles on: + Host SSL Compiler + SunOS 5.5 no gcc + SunOS 5.5.1 yes gcc + SunOS 5.6 no cc (with gcc, it has the "gcc include files" problem) + SunOS 4.1.3 no gcc (without ANSI C headers) + SunOS 4.1.2 no gcc (native compiler failed) + Linux 2.0.18 no gcc + Linux 2.0.32 yes gcc + Linux 2.0.35 no gcc (with glibc) + IRIX 6.2 no gcc (cc compiles generate a few warnings) + IRIX 6.4 no cc (generated warnings though) + Win32 no Borland + OSF4.0 no ? + + - Ooops. The 5beta (and 4.10) under win32 failed if the HOME variable wasn't + set. + - When using a proxy, curl now guesses and uses the protocol part in cases + like: + curl -x proxy:80 www.site.com + Proxies normally go nuts unless http:// is prepended to the host name, so + if curl is used like this, it guesses protocol and appends the protocol + string before passing it to the proxy. It already did this when used + without proxy. + - Better port usage with SSL through proxy now. If you specified a different + https-port when accessing through a proxy, it didn't use that number + correctly. I also rewrote the code that parses the stuff read from the + proxy when you wanna connect through it with SSL. + - Bjorn Reese helped me work around one of the compiler + warnings on IRIX native cc compiles. + +Version 4.10 (Oct 26, 1998) + Daniel Stenberg + - John A. Bristor suggested a config file switch, + and since I've been having that idea kind of in the background for a long + time I rewrote the parameter parsing function a little and now I introduce + the -K/--config flag. I also made curl *always* (unless -K is used) try to + load the .curlrc file for command line parameters. The syntax for the + config file is the standard command line argument style. Details in 'curl + -h' or the README. + - I removed the -k option. Keep-alive isn't really anything anyone would + want to enable with curl anyway. + - Martin Staael helped me add the 'irix' target. Now + "make irix" should build curl successfully on non-gcc SGI machines. + - Single switches now toggle behaviours. I.e if you use -v -v the second + will switch off the verbose mode the first one enabled. This is so that + you can disable a default setting a .curlrc file enables etc. + +Version 4.9 (Oct 7, 1998) + Daniel Stenberg + - Martin Staael suggested curl would support cookies. + I added -b/--cookie to enable free-text cookie data to be passed. There's + also a little blurb about general cookie stuff in the README/help text. + - dmh <dmh at jet.es> suggested HTTP resume capabilities. Although you could + manually get curl to resume HTTP documents, I made the -c resume flag work + for HTTP too (unless -r is used too, which would be very odd anyway). + - Added checklinks.pl to the archive. It is a still experimental perl script + that checks all links of a web page by using curl. + - Rearranged the archive hierarchy a little. Build the executable in the + src/ dir from now on! + - Version 4.9 and hereafter, is no longer released under the GPL license. + I have now updated the LEGAL file etc and now this is released using the + Mozilla Public License to avoid the plague known as "the GPL virus". You + must make the source available if you decide to change and/or redistribute + curl, but if you decide to use curl within something else you do not need + to offer the world the source to that too. + - Curl did not like HTTP servers that sent no headers at all on a GET + request. It is a violation of RFC2068 but appearantly some servers do + that anyway. Thanks to Gordon Beaton for the report! + - -L/--location was added after a suggestion from Martin Staael. This makes + curl ATTEMPT to follow the Location: redirect if one is present in the HTTP + headers. If -i or -I is used with this flag, you will see headers from all + sites the Location: points to. Do note that the first server can point to a + second that points to a third etc. It seems the Location: parameter (said + to be an AbsoluteURI in RFC2068) isn't always absolute.. :-/ Anyway, I've + made curl ATTEMPT to do the best it can to deal with the reality. + - Added getlinks.pl to the archive. getlinks.pl selectively downloads + files that a web page links to. + +Version 4.8.4 + Daniel Stenberg + - As Julian Romero Nieto reported, curl reported wrong version number. + - As Teemu Yli-Elsila pointed out, the win32 version of 4.8 (and probably all + other versions for win32) didn't work with binary files since I'm too used + to the Unix style fopen() where binary and text don't differ... + - Ralph Beckmann brought me some changes that lets curl compile error and + warning free with -Wall -pedantic with g++. I also took the opportunity to + clean off some unused variables and similar. + - Ralph Beckmann made me aware of a really odd bug now corrected. When curl + read a set of headers from a HTTP server, divided into more than one read + and the first read showed a full line *exactly* (i.e ending with a + newline), curl did not behave well. + +Version 4.8.3 + Daniel Stenberg + - I was too quick to release 4.8.2 with too little testing. One of the + changes is now reverted slightly to the 4.8.1 way since 4.8.2 couldn't + upload files. I still think both problems corrected in 4.8.2 remain + corrected. Reported by Julian Romero Nieto. + +Version 4.8.2 + Daniel Stenberg + - Bernhard Iselborn reported two FTP protocol errors curl did. They're now + corrected. Both appeared when getting files from a MS FTP server! :-) + +Version 4.8.1 + Daniel Stenberg + - Added a last update of the progress meter when the transfer is done. The + final output on the screen didn't have to be the final size transfered + which made it sometimes look odd. + - Thanks to David Long I got rid of a silly bug that happened if a HTTP-page + had nothing but header. Appearantly Solaris deals with negative sizes in + fwrite() calls a lot better than Linux does... =B-] + +Version 4.8 (Aug 31, 1998) + Daniel Stenberg + - Continue FTP file transfer. -c is the switch. Note that you need to + specify a file name if you wanna resume a download (you can't resume a + download sent to stdout). Resuming upload may be limited by the server + since curl is then using the non-RFC959 command SIZE to get the size of + the target file before upload begins (to figure out which offset to + use). Use -C to specify the offset yourself! -C is handy if you're doing + the output to something else but a plain file or when you just want to get + the end of a file. + - recursiveftpget.pl now features a maximum recursive level argument. + +Version 4.7 + Daniel Stenberg + - Added support to abort a download if the speed is below a certain amount + (speed-limit) bytes per second for a certain (speed-time) time. + - Wrote a perl script 'recursiveftpget.pl' to recursively use curl to get a + whole ftp directory tree. It is meant as an example of how curl can be + used. I agree it isn't the wisest thing to do to make a separate new + connection for each file and directory for this. + +Version 4.6 + Daniel Stenberg + - Added a first attempt to optionally parse the .netrc file for login user + and password. If used with http, it enables user authentication. -n is + the new switch. + - Removed the extra newlines on the default user-agent string. + - Corrected the missing ftp upload error messages when it failed without the + verbose flag set. Gary W. Swearingen found it. + - Now using alarm() to enable second-precision timeout even on the name + resolving/connecting phase. The timeout is although reset after that first + sequence. (This should be corrected.) Gary W. Swearingen reported. + - Now spells "Unknown" properly, as in "Unknown option 'z'"... :-) + - Added bug report email address in the README. + - Added a "current speed" field to the progress meter. It shows the average + speed the last 5 seconds. The other speed field shows the average speed of + the entire transfer so far. + +Version 4.5.1 + Linas Vepstas + - SSL through proxy fix + - Added -A to allow User-Agent: changes + + Daniel Stenberg + - Made the -A work when SSL-through-proxy. + +Version 4.5 + Linas Vepstas + - More SSL corrections + - I've added a port to AIX. + - running SSL through a proxy causes a chunk of code to be executred twice. + one of those blocks needs to be deleted. + + Daniel Stenberg + - Made -i and -I work again + +Version 4.4 + Linas Vepstas + - -x can now also specify proxyport when used as in 'proxyhost:proxyport' + - SSL fixes + +Version 4.3 + Daniel Stenberg + - Adjusted to compile under win32 (VisualC++ 5). The -P switch does not + support network interface names in win32. I couldn't figure out how! + +Version 4.2 + Linas Vepstas / Sampo Kellomaki + - Added SSL / SSLeay support (https://) + - Added the -T usage for HTTP POST. + + Daniel Stenberg + - Bugfixed the SSL implementation. + - Made -P a lot better to use other IP addresses. It now accepts a following + parameter that can be either + interface - i.e "eth0" to specify which interface's IP address you + want to use + IP address - i.e "192.168.10.1" to specify exact IP number + host name - i.e "my.host.domain" to specify machine + "-" - (any single-letter string) to make it pick the machine's + default + - The Makefile is now ready to compile for solaris, sunos4 and linux right + out of the box. + - Better generated version string seen with 'curl -V' + +Version 4.1 + Daniel Stenberg + - The IP number returned by the ftp server as a reply to PASV does no longer + have to DNS resolve. In fact, no IP-number-only addresses have to anymore. + - Binds better to available port when -P is used. + - Now LISTs ./ instead of / when used as in ftp://ftp.funet.fi/. The reason + for this is that exactly that site, ftp.funet.fi, does not allow LIST / + while LIST ./ is fine. Any objections? + +Version 4 (1998-03-20) + Daniel Stenberg + - I took another huge step and changed both version number and project name! + The reason for the new name is that there are just one too many programs + named urlget already and this program already can a lot more than merely + getting URLs, and the reason for the version number is that I did add the + pretty big change in -P and since I changed name I wanted to start with + something fresh! + - The --style flags are working better now. + - Listing directories with FTP often reported that the file transfer was + incomplete. Wrong assumptions were too common for directories, why no + size will be attempted to get compared on them from now on. + - Implemented the -P flag that let's the ftp control issue a PORT command + instead of the standard PASV. + - -a for appending FTP uploads works. + +*************************************************************************** + +Version 3.12 (14 March 1998) + Daniel Stenberg + - End-of-header tracking still lacked support for \r\n or just \n at the + end of the last header line. + Sergio Barresi + - Added PROXY authentication. + Rafael Sagula + - Fixed some little bugs. + +Version 3.11 + Daniel Stenberg + - The header parsing was still not correct since the 3.2 modification... + +Version 3.10 + Daniel Stenberg + - 3.7 and 3.9 were simultaneously developed and merged into this version. + - FTP upload did not work correctly since 3.2. + +Version 3.9 + Rafael Sagula + - Added the "-e <url> / --referer <url>" option where we can specify + the referer page. Obviously, this is necessary only to fool the + server, but... + +Version 3.7 + Daniel Stenberg + - Now checks the last error code sent from the ftp server after a file has + been received or uploaded. Wasn't done previously. + - When 'urlget <host>' is used without a 'protocol://' first in the host part, + it now checks for host names starting with ftp or gopher and if it does, + it uses that protocol by default instead of http. + +Version 3.6 + Daniel Stenberg + - Silly mistake made the POST bug. This has now also been tested to work with + proxy. + +Version 3.5 + Daniel Stenberg + - Highly inspired by Rafael Sagula's changes to the 3.1 that added an almost + functional POST, I applied his changes into this version and made them work. + (It seems POST requires the Content-Type and Content-Length headers.) It is + now usable with the -d switch. + +Version 3.3 - 3.4 + Passed to avoid confusions + +Version 3.2 + Daniel Stenberg + - Major rewrite of two crucial parts of this code: upload and download. + They are both now using a select() switch, that allows much better + progress meter and time control. + - alarm() usage removed completely + - FTP get can now list directory contents if the path ends with a slash '/'. + Urlget on a ftp-path that doesn't end with a slash means urlget will + attempt getting it as a file name. + - FTP directory view supports -l for "list-only" which lists the file names + only. + - All operations support -m for max time usage in seconds allowed. + - FTP upload now allows the size of the uploaded file to be provided, and + thus it can better check it actually uploaded the whole file. It also + makes the progress meter for uploads much better! + - Made the parameter parsing fail in cases like 'urlget -r 900' which + previously tried to connect to the host named '900'. + +Version 3.1 + Kjell Ericson + - Pointed out how to correct the 3 warnings in win32-compiles. + + Daniel Stenberg + - Removed all calls to exit(). + - Made the short help text get written to stdout instead of stderr. + - Made this file instead of keeping these comments in the source. + - Made two callback hooks, that enable external programs to use urlget() + easier and to grab the output/offer the input easier. + - It is evident that Win32-compiles are painful. I watched the output from + the Borland C++ v5 and it was awful. Just ignore all those warnings. + +Version 3.0 + Daniel Stenberg + - Added FTP upload capabilities. The name urlget gets a bit silly now + when we can put too... =) + - Restructured the source quite a lot. + Changed the urlget() interface. This way, we will survive changes much + better. New features can come and old can be removed without us needing + to change the interface. I've written a small explanation in urlget.h + that explains it. + - New flags include -t, -T, -O and -h. The -h text is generated by the new + mkhelp script. + +Version 2.9 + Remco van Hooff + - Added a fix to make it compile smoothly on Amiga using the SAS/C + compiler. + + Daniel Stenberg + - Believe it or not, but the STUPID Novell web server seems to require + that the Host: keyword is used, so well I use it and I (re-introduce) the + urlget User-Agent:. I still have to check that this Host: usage works with + proxies... 'Host:' is required for HTTP/1.1 GET according to RFC2068. + +Version 2.8 + Rafael Sagula + - some little modifications + +Version 2.7 + Daniel Stenberg + - Removed the -l option and introduced the -f option instead. Now I'll + rewrite the former -l kludge in an external script that'll use urlget to + fetch multipart files like that. + - '-f' is introduced, it means Fail without output in case of HTTP server + errors (return code >=400). + - Added support for -r, ranges. Specify which part of a document you + want, and only that part is returned. Only with HTTP/1.1-servers. + - Split up the source in 3 parts. Now all pure URL functions are in + urlget.c and stuff that deals with the stand-alone program is in main.c. + - I took a few minutes and wrote an embryo of a README file to explain + a few things. + +Version 2.6 + Daniel Stenberg + - Made the -l (loop) thing use the new CONF_FAILONERROR which makes + urlget() return error code if non-successful. It also won't output anything + then. Now finally removed the HTTP 1.0 and error 404 dependencies. + - Added -I which uses the HEAD request to get the header only from a + http-server. + +Version 2.5 + Rafael Sagula + - Made the progress meter use HHH:MM:SS instead of only seconds. + +Version 2.4 + Daniel Stenberg + - Added progress meter. It appears when downloading > BUFFER SIZE and + mute is not selected. I found out that when downloading large files from + really really slow sites, it is desirable to know the status of the + download. Do note that some downloads are done unawaring of the size, which + makes the progress meter less thrilling ;) If the output is sent to a tty, + the progress meter is shut off. + - Increased buffer size used for reading. + - Added length checks in the user+passwd parsing. + - Made it grok user+passwd for HTTP fetches. The trick is to base64 + encode the user+passwd and send an extra header line. Read chapter 11.1 in + RFC2068 for details. I added it to be used just like the ftp one. To get a + http document from a place that requires user and password, use an URL + like: + + http://user:passwd@www.site.to.leach/doc.html + + I also added the -u flag, since WHEN USING A PROXY YOU CAN'T SPECIFY THE + USER AND PASSWORD WITH HTTP LIKE THAT. The -u flag works for ftp too, but + not if used with proxy. To do the same as the above one, you can invoke: + + urlget -u user:passwd http://www.site.to.leach/doc.html + +Version 2.3 + Rafael Sagula + - Added "-o" option (output file) + - Added URG_HTTP_NOT_FOUND return code. + (Daniel's note:) + Perhaps we should detect all kinds of errors and instead of writing that + custom string for the particular 404-error, use the error text we actually + get from the server. See further details in RFC2068 (HTTP 1.1 + definition). The current way also relies on a HTTP/1.0 reply, which newer + servers might not do. + - Looping mode ("-l" option). It's easier to get various split files. + (Daniel's note:) + Use it like 'urlget -l 1 http://from.this.site/file%d.html', which will + make urlget to attempt to fetch all files named file1.html, file2.html etc + until no more files are found. This is only a modification of the + STAND_ALONE part, nothing in the urlget() function was modfified for this. + Daniel Stenberg + - Changed the -h to be -i instead. -h should be preserved to help use. + - Bjorn Reese indicated that Borland _might_ use '_WIN32' instead of the + VC++ WIN32 define and therefore I added a little fix for that. + +Version 2.2 + Johan Andersson + - The urlget function didn't set the path to url when using proxy. + - Fixed bug with IMC proxy. Now using (almost) complete GET command. + + Daniel Stenberg + - Made it compile on Solaris. Had to reorganize the includes a bit. + (so Win32, Linux, SunOS 4 and Solaris 2 compile fine.) + - Made Johan's keepalive keyword optional with the -k flag (since it + makes a lot of urlgets take a lot longer time). + - Made a '-h' switch in case you want the HTTP-header in the output. + +Version 2.1 + Daniel Stenberg and Kjell Ericson + - Win32-compilable + - No more global variables + - Mute option (no output at all to stderr) + - Full range of return codes from urlget(), which is now written to be a + function for easy-to-use in [other] programs. + - Define STAND_ALONE to compile the stand alone urlget program + - Now compiles with gcc options -ansi -Wall -pedantic ;) + +Version 2.0 + - Introducing ftp GET support. The FTP URL type is recognized and used. + - Renamed the project to 'urlget'. + - Supports the user+passwd in the FTP URL (otherwise it tries anonymous + login with a weird email address as password). + +Version 1.5 + Daniel Stenberg + - The skip_header() crap messed it up big-time. By simply removing that + one we can all of a sudden download anything ;) + - No longer requires a trailing slash on the URLs. + - If the given URL isn't prefixed with 'http://', HTTP is assumed and + given a try! + - 'void main()' is history. + +Version 1.4 + Daniel Stenberg + - The gopher source used the ppath variable instead of path which could + lead to disaster. + +Version 1.3 + Daniel Stenberg + - Well, I added a lame text about the time it took to get the data. I also + fought against Johan to prevent his -f option (to specify a file name + that should be written instead of stdout)! =) + - Made it write 'connection refused' for that particular connect() + problem. + - Renumbered the version. Let's not make silly 1.0.X versions, this is + a plain 1.3 instead. + +Version 1.2 + Johan Andersson + - Discovered and fixed the problem with getting binary files. puts() is + now replaced with fwrite(). (Daniel's note: this also fixed the buffer + overwrite problem I found in the previous version.) + + Rafael Sagula + - Let "-p" before "-x". + + Daniel Stenberg + - Bugfixed the proxy usage. It should *NOT* use nor strip the port number + from the URL but simply pass that information to the proxy. This also + made the user/password fields possible to use in proxy [ftp-] URLs. + (like in ftp://user:password@ftp.my.site:8021/README) + + Johan Andersson + - Implemented HTTP proxy support. + - Receive byte counter added. + + Bjorn Reese + - Implemented URLs (and skipped the old syntax). + - Output is written to stdout, so to achieve the above example, do: + httpget http://143.54.10.6/info_logo.gif > test.gif + +Version 1.1 + Daniel Stenberg + - Adjusted it slightly to accept named hosts on the command line. We + wouldn't wanna use IP numbers for the rest of our lifes, would we? + +Version 1.0 + Rafael Sagula + - Wrote the initial httpget, which started all this! |