44 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
recht
|
4b51241df4 |
update to curl 7.15.3
Fixes a TFTP packet buffer overflow vulnerability. See http://curl.haxx.se/docs/adv_20060320.html for details. Changes: - added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD Bugfixes: - TFTP Packet Buffer Overflow Vulnerability - properly detecting problems with sending the FTP command USER - wrong error message shown when certificate verification failed - multi-part formpost with multi interface crash - the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged - "SSL: couldn't set callback" is now treated as a less serious problem - Interix build fix - fixed curl "hang" when out of file handles at start - prevent FTP uploads to URLs with trailing slash |
||
wiz
|
f948d3cb92 |
Update to 7.15.2:
Version 7.15.2 (27 February 2005) Daniel (22 February 2006) - Lots of work and analysis by "xbx___" in bug #1431750 (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two different but related bugs: 1) Removing an easy handle from a multi handle before the transfer is done could leave a connection in the connection cache for that handle that is in a state that isn't suitable for re-use. A subsequent re-use could then read from a NULL pointer and segfault. 2) When an easy handle was removed from the multi handle, there could be an outstanding c-ares DNS name resolve request. When the response arrived, it caused havoc since the connection struct it "belonged" to could've been freed already. Now Curl_done() is called when an easy handle is removed from a multi handle pre-maturely (that is, before the transfer was complteted). Curl_done() also makes sure to cancel all (if any) outstanding c-ares requests. Daniel (21 February 2006) - Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy type to the already provided type CURLPROXY_SOCKS4. I added a --socks4 option that works like the current --socks5 option but instead use the socks4 protocol. Daniel (20 February 2006) - Shmulik Regev fixed an issue with multi-pass authentication and compressed content when libcurl didn't honor the internal ignorebody flag. Daniel (18 February 2006) - Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate code. It should however not be the cause of any troubles. He also fixed a few similar problems in the HTTP test server code. Daniel (17 February 2006) - Shmulik Regev provided a fix for the DNS cache when using short life times, as previously it could be holding on to old cached entries longer than requested. Daniel (11 February 2006) - Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options that an app can use to let libcurl only connect to a remote host and then extract the socket from libcurl. libcurl will then not attempt to do any transfer at all after the connect is done. - Kent Boortz improved the configure check for GnuTLS to properly set LIBS instead of LDFLAGS. Daniel (8 February 2006) - Philippe Vaucher provided a brilliant piece of test code that show a problem with re-used FTP connections. If the second request on the same connection was set not to fetch a "body", libcurl could get confused and consider it an attempt to use a dead connection and would go acting mighty strange. Daniel (2 February 2006) - Make --limit-rate [num] mean bytes. It used to be that but it broke in my change done in November 2005. Daniel (30 January 2006) - Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the curl tool with --local-port. Plain and simply set the range of ports to bind the local end of connections to. Implemented on to popular demand. - Based on an error report by Philippe Vaucher, we no longer count a retried connection setup as a follow-redirect. It turns out 1) this fails when a FTP connection is re-setup and 2) it does make the max-redirs counter behave wrong. Daniel (24 January 2006) - Michal Marek provided a patch for FTP that makes libcurl continue to try PASV even after EPSV returned a positive response code, if libcurl failed to connect to the port number the EPSV response said. Obviously some people are going through protocol-sensitive firewalls (or similar) that don't understand EPSV and then they don't allow the second connection unless PASV was used. This also called for a minor fix of test case 238. Daniel (20 January 2006) - Duane Cathey was one of our friends who reported that curl -P [IP] (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a "native" IP while it works fine for ipv6-disabled builds! In the process of fixing this, I removed the support for LPRT since I can't think of many reasons to keep doing it and asking on the mailing list didn't reveal anyone else that could either. The code that sends EPRT and PORT is now also a lot simpler than before (IMHO). Daniel (19 January 2006) - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl (built ipv4-only) didn't work. Daniel (18 January 2006) - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742), the configure script complained about a missing "missing" script if you ran configure within a path whose name included one or more spaces. This is due to a flaw in automake (1.9.6 and earlier). I've now worked around it by including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll be used instead of the one automake ships with. This kludge needs to be removed once we get an automake version with this problem corrected. Possibly we'll then need to convert this into a kludge depending on what automake version that is used and that is gonna be painful and I don't even want to think about that now...! Daniel (17 January 2006) - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with the latest features and protocols that libcurl supports and has a minor fix to better deal with the obscure case where someone has more than one libcurl installed at the same time. Daniel (16 January 2006) - David Shaw finally removed all traces of Gopher and we are now officially not supporting it. It hasn't been functioning for years anyway, so this is just finally stating what already was true. And a cleanup at the same time. - Bryan Henderson turned the 'initialized' variable for curl_global_init() into a counter, and thus you can now do multiple curl_global_init() and you are then supposed to do the same amount of calls to curl_global_cleanup(). Bryan has also updated the docs accordingly. Daniel (13 January 2006) - Andrew Benham fixed a race condition in the test suite that could cause the test script to kill all processes in the current process group! Daniel (12 January 2006) - Michael Jahn: Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru HTTP proxy. Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would previously overwrite internal memory and cause unpredicted behaviour! Daniel (11 January 2006) - I decided to document the "secret option" here now, as I've received *NO* feedback at all on my mailing list requests from November 2005: I'm looking for feedback and comments. I added some experimental code the other day, that allows a libcurl user to select what method libcurl should use to reach a file on a FTP(S) server. This functionality is available in CVS code and in recent daily snapshots. Let me explain... The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for the command line tool) and you set it to a long (there are currenly no defines for the argument values, just plain numericals). You can set three different "methods" that do this: 1 multicwd - like today, curl will do a single CWD operation for each path part in the given URL. For deep hierarchies this means very many commands. This is how RFC1738 says it should be done. This is the default. 2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give a full path to the server. 3 singlecwd - make one CWD with the full target directory and then operate on the file "normally". (With the command line tool you do --ftp-method [METHOD], where [METHOD] is one of "multicwd", "nocwd" or "singlecwd".) What feedback I'm interested in: 1 - Do they work at all? Do you find servers where one of these don't work? 2 - What would proper names for the option and its arguments be, if we consider this feature good enough to get included and documented in upcoming releases? 3 - Should we make libcurl able to "walk through" these options in case of (path related) failures, or should it fail and let the user redo any possible retries? (This option is not documented in any man page just yet since I'm not sure these names will be used or if the functionality will end up exactly like this. And for the same reasons we have no test cases for these yet.) Daniel (10 January 2006) - When using a bad path over FTP, as in when libcurl couldn't CWD into all given subdirs, libcurl would still "remember" the full path as if it is the current directory libcurl is in so that the next curl_easy_perform() would get really confused if it tried the same path again - as it would not issue any CWD commands at all, assuming it is already in the "proper" dir. Starting now, a failed CWD command sets a flag that prevents the path to be "remembered" after returning. Daniel (7 January 2006) - Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP proxy actually used a new connection and not sent the second request on the first socket! Daniel (6 January 2006) - Alexander Lazic made the buildconf run the buildconf in the ares dir if that is present instead of trying to mimic that script in curl's buildconf script. Daniel (3 January 2006) - Andres Garcia made the TFTP test server build with mingw. Daniel (16 December 2005) - Jean Jacques Drouin pointed out that you could only have a user name or password of 127 bytes or less embedded in a URL, where actually the code uses a 255 byte buffer for it! Modified now to use the full buffer size. Daniel (12 December 2005) - Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly |
||
salo
|
a1bd5f9ac1 |
Update to version 7.15.1
Changes: - the libcurl.pc pkgconfig file now gets installed on make install - URL globbing now offers "range steps": [1-100:10] - LDAPv3 is now the preferred LDAP protocol version - --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects - improved MSVC makefile Bugfixes: - URL buffer overflow problem (CVE-2005-4077) - using file:// on non-existing files are properly handled - builds fine on DJGPP - CURLOPT_ERRORBUFFER is now always filled in on errors - curl outputs error on bad --limit-rate units - fixed libcurl's use of poll() on cygwin - the GnuTLS code didn't support client certificates - TFTP over IPv6 works - no reverse lookups on IP addresses when ipv6-enabled - SSPI compatibility fix: using the proper DLLs - binary LDAP properties are now shown base64 encoded - Windows uploads from stdin using curl can now contain ctrl-Z bytes - -r [num] would produce an invalid HTTP Range: header - multi interface with multi IP hosts could leak socket descriptors - the GnuTLS code didn't handle rehandshakes - re-use of a dead FTP connection - name resolve error codes fixed for Windows builds - double WWW-Authenticate Digest headers are now handled - curl-config --vernum fixed |
||
tv
|
a7fab54e2d |
Add <sys/socket.h> to pick up sockaddr on Interix (within the already
present __INTERIX block only). |
||
minskim
|
dba8939f37 |
Make "curl-config --vernum" work again. It was broken in 7.15.0.
Bump PKGREVISION. |
||
reed
|
2dfe2ecfe1 |
Update to version 7.15.0.
This is a security issue. http://curl.haxx.se/mail/lib-2005-10/0061.html Also update BUILDLINK_RECOMMENDED.curl. |
||
adam
|
b0fc62efc1 |
Changes 7.14.1:
* GNU GSS support * --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added * negotiates data connection SSL earlier when doing FTPS with PASV * CURLOPT_COOKIELIST and CURLINFO_COOKIELIST * trailer support for chunked encoded data streams * -x/CURL_PROXY strings may now contain user+password * --trace-time now outputs the full microsecond, all 6 digits * Bugfixes |
||
jmmv
|
2697615f3b |
Make the include/curl/multi.h self-contained to fix the build of packages
using it (such as the new drivel-2.0.0). Bump PKGREVISION to 1. The problem is that this header file requires the fd_set definitions, but it only pulls in <sys/select.h> on AIX and NETWARE systems. Instead, change the inclusion to only happen if configure script detected it during build time. |
||
|
adam
|
c2eddb74a1 |
Changes 7.14.0:
- Grigory Entin reported that curl's configure detects a fine poll() for Mac OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable doesn't work as good as if built without poll(). I've adjusted the configure to always skip the fine-poll() test on Mac OS X (darwin). - When doing a second request (after a disconnect) using the same easy handle, over a proxy that uses NTLM authentication, libcurl failed to use NTLM again properly (the auth method was accidentally reset to the same as had been set for host auth, which defaults to Basic). - If -z/--time-cond is used with an invalid date syntax, this is no longer silently discarded. Instead a proper warning message is diplayed that informs about it. But it still continues without the condition. |
||
|
adam
|
5f2aaf6fda |
Chyanges 7.13.2:
* Bug-fixes and improvements |
||
|
wiz
|
ca97fe250f |
Update to 7.13.1:
Version 7.13.1 (4 March 2005) Daniel (4 March 2005) - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate the cookie "engine" without having to provide an empty or non-existing file. - Rene Rebe fixed a -# crash when more data than expected was retrieved. Daniel (22 February 2005) - NTLM and ftp-krb4 buffer overflow fixed, as reported here: http://www.securityfocus.com/archive/1/391042 and the CAN report here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 If these security guys were serious, we'd been notified in advance and we could've saved a few of you a little surprise, but now we weren't. Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem. Daniel (18 February 2005) - Mike Dobbs reported a mingw build failure due to the lack of BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by configure when mingw is used. Daniel (17 February 2005) - David in bug report #1124588 found and fixed a socket leak when libcurl didn't close the socket properly when returning error due to failing localbind Daniel (16 February 2005) - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send. Daniel (14 February 2005) - The configure script didn't check for ENGINE_load_builtin_engines() so it was never used. Daniel (11 February 2005) - Removed all uses of strftime() since it uses the localised version of the week day names and month names and servers don't like that. Daniel (10 February 2005) - Now the test script disables valgrind-testing when the test suite runs if libcurl is built shared. Otherwise valgrind only tests the shell that runs the wrapper-script named 'curl' that is a front-end to curl in this case. This should also fix the huge amount of reports of false positives when valgrind has identified leaks in (ba)sh and not in curl and people report that as curl bugs. Bug report #1116672 is one example. Also, the valgrind report parser has been adapted to check that at least one of the sources in a stack strace is one of (lib)curl's source files or otherwise it will not consider the problem to concern (lib)curl. - Marty Kuhrt streamlined the VMS build. Daniel (9 February 2005) - David Byron fixed his SSL problems, initially mentioned here: http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use SSL_pending() as we should. - Converted lots of FTP code to a statemachine, so that the multi interface doesn't block while communicating commands-responses with an FTP server. I've added a comment like BLOCKING in the code on all spots I could find where we still have blocking operations. When we change curl_easy_perform() to use the multi interface, we'll also be able to simplify the code since there will only be one "internal interface". While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the new CURLE_LOGIN_DENIED. The first one is now access denied to a function, like changing directory or retrieving a file, while the second means that we were denied login. The CVS tag 'before_ftp_statemachine' was set just before this went in, in case of future need. - Gisle made the DICT code send CRLF and not just LF as the spec says so. Daniel (8 February 2005) - Gisle fixed problems when libcurl runs out of memory, and worked on making sure the proper error code is returned for those occations. Daniel (7 February 2005) - Maruko pointed out a problem with inflate decompressing exactly 64K contents. Daniel (5 February 2005) - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing PORT on ipv6-enabled hosts. - David Byron pointed out we could use BUFSIZE to read data (in lib/transfer.c) instead of using BUFSIZE -1. |
||
|
salo
|
c78c7ec44a |
Fix buffer overflow in the NTLM authentication code. Patch from curl cvs.
Bump PKGREVISION. |
||
|
wiz
|
809ad6f2f7 | Add RMD160 checksums. | ||
|
wiz
|
11a173cf00 |
Update to 7.13.0:
This release includes the following changes: o added --ftp-account and CURLOPT_FTP_ACCOUNT o added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE o obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT and CURLOPT_PASV_HOST o added --3p-url, --3p-user and --3p-quote o -Q "+[command]" was added o src/getpass.c license issue sorted (code was rewritten) o curl -w now supports 'http_connect' for the proxy's response to CONNECT o introducing "curl-config --protocols" This release includes the following bugfixes: o re-sending a request when retrying on a fresh connection with multi interface o improved valgrind report parser in the test suite o several valgrind reports o CURLOPT_FTPPORT and -P work when built ipv6-enabled o FTP third party transfers was much improved o proxy environment variables are now ignored when built HTTP-disabled o CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled o "curl dictionary.com" no longer assumes DICT protocol o re-invoke some system calls on EINTR o duplicate Host: when failed connection re-use o SOCKS5 version check o memory problem with cleaning up multi interface o SSL certificate name memory leak o -d with -G to multiple URLs crashed o double va_list access crash fixed o minor memory leak when "version" is set in a cookie header o builds fine on BeOS and NetBSD o builds and runs fine on FreeBSD |
||
cube
|
21752a9e5a |
Add a patch that re-orders inclusion of select.h to avoid compilation
errors on NetBSD 1.6. PKGREVISION++. PR#28859 by Gilles Gravier. |
||
|
wiz
|
6ad48c4f7b |
Update to 7.12.3. Enable libidn support.
Version 7.12.3 (20 December 2004) Daniel (19 December 2004) - I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e, and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef named 'free_func' and the OpenSSL headers have a prototype that uses 'free_func' in one of its arguments. This is why the compile errors out. In other words, we need to include the openssl/pkcs12.h header before the zlib.h header and it builds fine. The configure script now checks for this file and it then gets included early in lib/urldata.h. Daniel (18 December 2004) - Samuel Listopad added support for PKCS12 formatted certificates. - Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well. Daniel (16 December 2004) - Gisle found and fixed a problem in the directory re-use for FTP. I added test case 215 and 216 to better verify the functionality. - Dinar in bug report #1086121, found a file handle leak when a multipart formpost (including a file upload part) was aborted before the whole file was sent. Daniel (15 December 2004) - Tom Lee found out that globbing of strings with backslashes didn't work as you'd expect. Backslashes are such a central part of windows file names that forcing backslashes to have to be escaped with backslashes is a bit too awkward to users. Starting now, you only need to escape globbing characters such as the five letters: "[]{},". Added test case 214 to verify this. Daniel (14 December 2004) - Harshal Pradhan patched a HTTP persistent connection flaw: if the user name and/or password were modified between two requests on a persistent connection, the second request were still made with the first setup! I added test case 519 to verify the fix. Daniel (13 December 2004) - Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app to list all available crypto ENGINES. - Gisle fixed bug report #1083542, which pointed out a problem with resuming large file (>4GB) file:// transfers on windows. Daniel (11 December 2004) - Made the test suite HTTP server (sws) capable of using IPv6, and then extended the test environment to support that and also added three test cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that didn't work before the 10 dec fix by Kai Sommerfeld. - Made a failed file:// resume output an error message - Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c - Dan Fandrich: simplified and consolidated the SSL checks in configure and the usage of the defines in lib/setup.h provided a first libcurl.pc.in file for pkg-config (but the result is not installed anywhere at this point) extended the cross compile section in the docs/INSTALL file Daniel (10 December 2004) - When providing user name in the URL and a IPv6-style IP-address (like in "ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted properly. Reported and fixed by Kai Sommerfeld. Daniel (9 December 2004) - Ton Voon provided a configure fix that should fix the notorious (mostly reported on Solaris) problem where the size_t check fails due to the SSL libs being found in a dir not searched through by the run-time linker. patch-tracker entry #1081707. - Bryan Henderson pointed out in bug report #1081788 that the curl-config --vernum output wasn't zero prefixed properly (as claimed in documentation). This is fixed in maketgz now. Daniel (8 December 2004) - Matt Veenstra updated the mach-O framework files for Mac OS X. - Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. This is not an exploitable buffer overflow. No need to get alarmed. Daniel (7 December 2004) - Fixed so that the final error message is sent to the verbose info "stream" even if no errorbuffer is set. Daniel (6 December 2004) - Dan Fandrich added the --disable-cookies option to configure to build libcurl without cookie support. This is mainly useful if you want to build a minimalistic libcurl with no cookies support at all. Like for embedded systems or similar. - Richard Atterer fixed libcurl's way of dealing with the EPSV response. Previously, libcurl would re-resolve the host name with the new port number and attempt to connect to that, while it should use the IP from the control channel. This bug made it hard to EPSV from an FTP server with multiple IP addresses! Daniel (3 December 2004) - Bug report #1078066: when a chunked transfer was pre-maturely closed exactly at a chunk boundary it was not considered an error and thus went unnoticed. Fixed by Maurice Barnum. Added test case 207 to verify. Daniel (2 December 2004) - Fixed the CONNECT loop to default timeout to 3600 seconds. Added test case 206 that makes CONNECT with Digest. Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user- agent field. Daniel (30 November 2004) - Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream - Dan also helped me with input data to create three more test cases for the --compressed option. Daniel (29 November 2004) - I improved the test suite to enable binary contents in the tests (by proving it base64 encoded), like for testing decompress etc. Added test 220 and 221 for this purpose. Tests can now also depend on libz to run. - As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285 (http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables the ability to transfer a file. Now, when connected to an FTP server with IPv6, these FTP commands can't be disabled even if asked to with the available libcurl options. Daniel (26 November 2004) - As reported in Mandrake's bug tracker bug 12289 (http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a newline to "finish" the progress meter after each redirect and not only after a completed transfer. Daniel (25 November 2004) - FTP improvements: If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on the same server again even if a following request is made using a persistent connection. If a second request is made to a server, requesting a file from the same directory as the previous request operated on, libcurl will no longer make that long series of CWD commands just to end up on the same spot. Note that this is only for *exactly* the same dir. There is still room for improvements to optimize the CWD-sending when the dirs are only slightly different. Added test 210, 211 and 212 to verify these changes. Had to improve the test script too and added a new primitive to the test file format. Daniel (24 November 2004) - Andrés García fixed the configure script to detect select properly when run with Msys/Mingw on Windows. Daniel (22 November 2004) - Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass auth negotiation (NTLM, Digest and Negotiate), but instead use the request keyword "properly". Details in lib/README.httpauth. This also introduces CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the "any" auth alternative as then libcurl may need to send the PUT/POST data more than once and thus may need to ask the app to "rewind" the read data stream to start. See also the new example using this: docs/examples/anyauthput.c - David Phillips enhanced test 518. I made it depend on a "feature" so that systems without getrlimit() won't attempt to test 518. configure now checks for getrlimit() and setrlimit() for this test case. Daniel (18 November 2004) - David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE file descriptors are in use. Test case 518 added to verify. Daniel (15 November 2004) - To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and num_redirects support to the -w writeout option for the command line tool. - Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as documented. Daniel (12 November 2004) - Gisle Vanem modigied the MSVC and Netware makefiles to build without libcurl.def - Dan Fandrich added the --disable-crypto-auth option to configure to allow libcurl to build without Digest support. (I figure it should also explicitly disable Negotiate and NTLM.) - *** Modified Behaviour Alert *** Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET. Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make a zero byte POST. Added test case 515 to verify this. Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516 to verify this. CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know". Setting it to zero simply says this is a zero byte POST. When providing POST data with a read callback, setting the size up front is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE. Daniel (11 November 2004) - Dan Fandrich added --disable-verbose to the configure script to allow builds without verbose strings in the code, to save some 12KB space. Makes sense only for systems with very little memory resources. - Jeff Phillips found out that a date string with a year beyond 2038 could crash the new date parser on systems with 32bit time_t. We now check for this case and deal with it. Daniel (10 November 2004) - I installed Heimdal on my Debian box (using the debian package) and noticed that configure --with-gssapi failed to create a nice build. Fixed now. Daniel (9 November 2004) - Gisle Vanem marked all external function calls with CURL_EXTERN so that now the Windows, Netware and other builds no longer need libcurl.def or similar files. Daniel (8 November 2004) - Made the configure script check for tld.h if libidn was detected, since libidn 0.3.X didn't have such a header and we don't work with anything before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version of libidn which makes the curl 7.12.2 build fail. Jean-Philippe Barrette-LaPierre helped pointing this out. - Ian Gulliver reported in debian bug report #278691: if curl is invoked in an environment where stderr is closed the -v output will still be sent to file descriptor 2 which then might be the network socket handle! Now we have a weird hack instead that attempts to make sure that file descriptor 2 is opened (with a call to pipe()) before libcurl is called to do the transfer. configure now checks for pipe() and systems without pipe don't get the weird hack done. Daniel (5 November 2004) - Tim Sneddon made libcurl send no more than 64K in a single first chunk when doing a huge POST on VMS, as this is a system limitation. Default on general systems is 100K. Daniel (4 November 2004) - Andres Garcia made it build on mingw againa, my --retry code broke the build. Daniel (2 November 2004) - Added --retry-max-time that allows a maximum time that may not have been reached for a retry to be made. If not set there is no maximum time, only the amount of retries set with --retry. - Paul Nolan provided a patch to make libcurl build nicely on Windows CE. Daniel (1 November 2004) - When cross-compiling, the configure script no longer attempts to use pkg-config on the build host in order to detect OpenSSL compiler options. Daniel (27 October 2004) - Dan Fandrich: An improvement to the gzip handling of libcurl. There were two problems with the old version: it was possible for a malicious gzip file to cause libcurl to leak memory, as a buffer was malloced to hold the header and never freed if the header ended with no file contents. The second problem is that the 64 KiB decompression buffer was allocated on the stack, which caused unexpectedly high stack usage and overflowed the stack on some systems (someone complained about that in the mailing list about a year ago). Both problems are fixed by this patch. The first one is fixed when a recent (1.2) version of zlib is used, as it takes care of gzip header parsing itself. A check for the version number is done at run-time and libcurl uses that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that can be commented out to save some code space if libcurl is guaranteed to be using a 1.2 version of zlib. The second problem is solved by dynamically allocating the memory buffer instead of storing it on the stack. The allocation/free is done for every incoming packet, which is suboptimal, but should be dwarfed by the actual decompression computation. I've also factored out some common code between deflate and gzip to reduce the code footprint somewhat. I've tested the gzip code on a few test files and I tried deflate using the freshmeat.net server, and it all looks OK. I didn't try running it with valgrind, however. - Added a --retry option to curl that takes a numerical option for the number of times the operation should be retried. It is retried if a transient error is detected or if a timeout occurred. By default, it will first wait one second between the retries and then double the delay time between each retry until the delay time is ten minutes which then will be the delay time between all forthcoming retries. You can set a static delay time with "--retry-delay [num]" where [num] is the number of seconds to wait between each retry. Daniel (25 October 2004) - Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a file that was already completely downloaded caused an error, while it doesn't if you don't use --fail! I added test case 194 to verify the fix. Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in libcurl v8 due to all the kludges needed to support it. - Mohun Biswas found out that formposting a zero-byte file didn't work very good. I fixed. Daniel (19 October 2004) - Alexander Krasnostavsky made it possible to make FTP 3rd party transfers with both source and destination being the same host. It can be useful if you want to move a file on a server or similar. - Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure out how many new connects a previous transfer required. I added %{num_connects} to the curl tool and added test case 192 and 193 to verify the new code. Daniel (18 October 2004) - Peter Wullinger pointed out that curl should call setlocale() properly to initiate the specific language operations, to make the IDN stuff work better. |
||
|
adam
|
879c81b726 |
Changes 7.12.2:
* the IDN code now verifies that only TLD-legitmate letters are used in the name or a warning is displayed (when verbose is enabled) * provides error texts for IDN errors * file upload parts in formposts now get their directory names cut off * added CURLINFO_OS_ERRNO * added CURLOPT_FTPSSLAUTH to allow ftp connects to attempt "AUTH TLS" instead before "AUTH SSL" * curl_getdate() completely rewritten: may affect rare curl -z use cases * bugfixes |
||
|
recht
|
00c6c189fc |
update to Curl 7.12.1
Changes:
* the version string now only contains info about (sub) package versions,
while for example krb4 and ipv6 now only are available as 'features'
* added curl_easy_reset()
* socks proxy support even when libcurl is built ipv6-enabled
* read callbacks can stop the transfer by returning CURL_READFUNC_ABORT
* libcurl-tutorial.3 is the new man page formerly known as
libcurl-the-guide
* additional SSL trace data might be sent to the debug callback using two
new types: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT
* multipart formposts can upload files larger than system memory
* the curl tool continues with the next URL even if one transfer fails
* FTP 3rd party transfer support - seven new setopt() options
Bugfixes:
* UTF-8 encoded certificate names can now be verified properly
* krb4 link problem
* HTTP Negotiate service name now provided in uppercase
* no longer accepts any cookies with domain set to just a TLD
* HTTP Digest properties without quotes in the header
* bad Host: header case on re-used connections over proxy
* duplicate Host: header case on re-used connections
* curl -o name#[num] now works when no globbing for [num] exists
* test suite runs fine with valgrind 2.1.x
* negative Content-Length is ignored
* test 505 runs fine on windows
* curl_share_cleanup() crash
* --trace files now get the final info lines too
* multi interface connects fine to multi-IP resolving hosts
* --limit-rate works on Mac OS X (and other systems with bad poll()s)
* cookies can now hold 4999 bytes of content
* HTTP POST/PUT with NTLM/Digest/Negotiate to a URL returning 3XX
* HTTPS POST/PUT over a proxy requiring NTLM/Digest/Negotiate
* less restrictive libidn requirements, 0.4.1 or later is fine
* HTTP POST or PUT with Digest/Negotiate/NTLM selected but the server
didn't require any authentication
* win32 file:// transfer free memory bug
* configure --disable-http builds a libcurl without HTTP support
* CURLOPT_FILETIME had wrong type in curl.h, it expects a long argument
* builds fine with Borland on Windows
* the msvc curllib.dsp now builds the libcurl.lib file
* builds fine on VMS
* builds fine on NetWare
* HTTP Digest authentication with proxies uses correct user name + password
* builds fine with lcc-win32
|
||
|
adam
|
4e4a139d0f |
Changes 7.12.0:
o added ability to "upload" to file:// URLs o added curl_global_init_mem() o removed curl_formparse() o the MSVC project file in the release archive is automatically built o curl --proxy-digest is a new command line option o the Windows version of libcurl can use wldap32.dll for LDAP o added curl_easy_strerror(), curl_multi_strerror() and curl_share_strerror() o IPv6-enabled Windows hosts now resolves names threaded/asynch as well o configure --with-libidn can be used to point out the root dir of a libidn installation (version 0.4.5 or later) for curl to use, then libcurl can resolve and use IDNA names (domain names with "international" letters) Bugfixes: o incoming cookies with domains set with a prefixed dot now works better o CURLOPT_COOKIEFILE and CURLOPT_COOKIE can be used in the same request o improved peer certificate name verification o allocation failures cause no leaks nor crashes o the progress meter display now handles file sizes up to full 8 exabytes (which is as high a signed 64 bit number can reach) o general HTTP authentication improvements o HTTP Digest authentication with the proxy works o mulipart formposting with -F and file names with spaces work again o curl_easy_duphandle() now works when ares-enabled o HTTP Digest authentication works a lot more like the RFC says o curl works with telnet and stdin properly on Windows o configure --without-ssl works even when pkg-config has OpenSSL details o src/hugehelp.c builds correct again in non-configure build environments |
||
|
adam
|
f5f9ec0e43 |
Changes 7.11.2:
* removed maximum user+password+hostname size limit * removed maximum dir depth limit for FTP * the ares build now requires c-ares 1.2.0 or later * --tcp-nodelay and CURLOPT_TCP_NODELAY were added * curl/curlver.h contains the libcurl version info now * bugfixes |
||
xtraeme
|
27b314cacb |
Update curl to 7.11.1, provided by Stefan Kruger in PR pkg/24916.
This release includes the following changes: o CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB o CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature large file support o libcurl only requires winsock 1.1 on windows now o when doing FTP, curl now sends QUIT before disconnecting o name resolves can now timeout on windows too o $HOME is now recognized better when looking for .netrc files o now re-uses the ares handle when re-using curl handles o SO_BINDTODEVICE is used for network interface binding o configure --disable-manual disables the built-in huge manual from the command line tool o the default Accept: header used in HTTP requests changed o asynch dns lookups now require the c-ares library o curl --socks can be used to set a SOCKS5 proxy to use o response-headers received after a (proxy) CONNECT request are now passed to the header callback just like other headers This release includes the following bugfixes: o builds and runs on Novell NetWare o Windows builds now report OS as "i386-pc-win32" o received signals during SSL connect is handled better o improved PUT/POST with NTLM/Digest authentication o following redirects and doing NTLM/Digest (where the first connection gets closed) with the multi interface work better now o file: progress meter and getinfo variables work now o CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together o share interface usage without (un)lock functions segfaulted o --limit-rate no longer cripples the --speed-limit feature o fixed verbose output problem with ipv6-enabled re-used connections o fixed the socks5 code to check version in the socks response properly o dns cache bug - fixed the 'inuse' counter o large file fix for Content-Length o better docs for the share interface o several configure fixes for mingw/msys o setting a Host: header is no longer affecting the Host: header used when libcurl follows a Location: o fixed numerous compiler warnings on several operating systems and compilers o PUTing from stdin couldn't disable chunked transfer-encoding o corrected the mingw makefiles o improved the configure libz detection o fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts o *nroff commands that only support -mandoc and not -man are now supported (for the built-in manual text in the command line tool) o fixed the unconditional #include of config.h in hugehelp.c o builds fine on MPE/iX o upload using chunked transfer-encoding now sends the last chunk properly teriminated with an extra CRLF o Fixed the progress meter display for files >2GB o persistant connections over a proxy messed up the proxy name/password o the socks5 code segfaulted if no username/password was set o the *_LARGE options now take curl_off_t types as parameters and this will make it possible to handle large files on windows too o builds with large file support even on systems without strtoll() |
||
|
recht
|
ffe8aa8bee |
update to curl-7.11.0
Fixed in 7.11.0 Changes: - allows the URL to be set by a callback when using the multi interface - large file support was added. Use one of the new options: INFILESIZE_LARGE, RESUME_FROM_LARGE and MAXFILESIZE_LARGE - the new --ftp-pasv overrides a previous --ftpport - CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way" (the curl tool now features the --ftp-ssl option) - The Windows DLLs are built with an added "resource file" - New LIBCURL_VERSION_* defines for easier checking version number - Included Mac OS X 'framework' makefile in the release archive - Removed the TRUE and FALSE #defines from the public curl header file - Added CURLOPT_NETRC_FILE For a complete list see the Changelog at http://curl.haxx.se/changes.html |
||
|
wiz
|
c8d22702b1 |
Update to 7.10.8:
7.10.8 SPNEGO support, Negotiate support, multiple -T flags work, IPv6 support on Windows, and more were added. More than 40 bugs were fixed. 7.10.7 This release supports NTLM for proxies, --ftp-create-dirs, and optional support for asynchronous name-resolving calls. It fixes an information leak, minor memory leaks, a 64bit problem, two cookie-related problems, URL globbing output using -o #[num], and more. |
||
|
wiz
|
3544a1a7e5 |
Update to 7.10.6:
Changes:
* CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
* multiple patches lets curl build and run on DOS
* libcurl now deals with spaces in Location: redirects and URLifies them
* curl --version shows more detailed info
* curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
* curl_version() includes "GSS" in the string if built with GSSAPI available
* Pick-best-authentication option added (--anyauth, using the CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
* NTLM authentication support (--ntlm and CURLAUTH_NTLM)
* GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
* Digest authentication support added (--digest and CURLAUTH_DIGEST)
* Allow curl to switch (back to) to Basic authentication (--basic)
* libcurl supports name and password in proxy environment variables
Bugs:
* double slash after the host name on a FTP URL again points out the root dir
* obscure and rare DNS cache problem was fixed
* multiple FTP connections to the same host with different user names didn't work properly
* no more CWD commands without arguments for ftp connections
* curl no longer uses setvbuf() due to portability problems
* VMS build fixes
* the curl tool has the -M manual compressed internally if built with libz
* url globbing syntax error could cause segfault
* Huge (>40-60KB) GET requests over HTTPS failed.
* Content-Length now overrides socket-closed as a means of knowing when the response body is
complete.
* --progress-bar takes the initial size into account when doing resumed downloads
* work around SSL bugs better
* libcurl typically issues POST requests with less send() calls
* better main makefile
* external headers improved portability
* Listing FTP directories without contents could leak a socket
* Getting HTTP contents in one line without headers failed
* bugfixed the socks5-proxy usage (twice)
* h_aliases name-lookup rare crash fixed
* improved curl -M output
* curl_unescape() now only unescapes valid %HH codes
|
||
|
wiz
|
32ccb41203 |
Update to 7.10.5.
Extract of changes: - Changed the order for the in_addr_t testing, as 'unsigned long' seems to be a very common type inet_addr() returns. - George Comninos provided a fix that calls the progress meter when waiting for FTP command responses take >1 second. It'll make applications more "responsive" even when dealing with very slow ftp servers. - George Comninos pointed out that libcurl uploads had two quirks: o when using FTP PORT command, it used blocking sockets! o it could loop a long time without doing progress meter updates Both items are fixed now. - Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if set to "". This frees the application from having to know which encodings the library supports. - Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the given name is a network interface gave a real performance penalty on Linux, so now we more appropriately first check if it is an IP number and if so we don't check for a network interface with that name. - CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts to use EPRT and LPRT before the traditional PORT command. The command line tool sets this option with '--disable-eprt'. - Added test case 62 and fixed some more on the cookie sending with a custom Host: header set. - Made the "SSL read error: 5" error message more verbose, by adding code that queries the OpenSSL library to fill in the error buffer. - Added sys/select.h include in the curl/multi.h file, after having been reminded about this by Rich Gray. - I made each test set its own server requirements, thus abandoning the previous system where the test number implied what server(s) to use for a specific test. - David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so that libcurl now uses one CWD command for each path part. A bunch of test cases were fixed to work accordingly. - Cookie fixes. - Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine when using the multi interface (too). - Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly) return CURLE_OK no matter what happens. - Dan Fandrich fixed some gzip decompression bugs and flaws. - Formposting a file using a .html suffix is now properly set to Content-Type: text/html. - Fixed the SSL error handling to return proper SSL error messages again, they broke in 7.10.4. I also attempt to track down CA cert problems and then return the CURLE_SSL_CACERT error code. - The curl tool now intercepts the CURLE_SSL_CACERT error code and displays a fairly big and explanatory error message. Kevin Roth helped me out with the wording. - Nic Hines provided a second patch for gzip decompression, and fixed a bug when deflate or gzip contents were downloaded using chunked encoding. - Dan Fandrich made libcurl support automatic decompression of gzip contents (as an addition to the previous deflate support). - I made the CWD command during FTP session consider all 2xy codes to be OK responses. - Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash after the host name, but still had "?" and parameters appended, as in "http://hostname.com?foobar=moo", were not properly parsed by libcurl. - Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as for HTTP. This then made -z work for ftp transfers too. Added test case 139 and 140 for verifying this. - Getting the file date of an ftp file used the wrong time zone when displayed. It is supposedly always GMT. Added test case 141 for this. - Made the test suite's FTP server support MDTM. - The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs CURLINFO_HEADER_IN data as well. The most notable effect from this is that using curl -v, you get to see the incoming "headers" as well. This is perhaps most useful when doing ftp. - James Bursa fixed a flaw in the Content-Type extraction code, which missed the first letter if no space followed the colon. - Martijn Broenland found another cases where a server application didn't like the boundary string used by curl when foing a multi-part/formpost. We modified the boundary string to look like the one IE uses, as this is probably gonna make curl work with more applications. |
||
|
wiz
|
a0796a86bb |
Update to 7.10.4:
Changes:
* the curl tool now "clears" sensitive commands line args
* no more emacs local variables in the source files
* script for distributed, automatic, multi-platform testing added. Please join up and help us test
the bleeding edge curl on various platforms!
* the "scratch buffer" is now only allocated when actually needed
* removed the strequal and strnequal macros from curl/curl.h
* added CURLOPT_UNRESTRICTED_AUTH / --location-trusted
Bugs:
* "curl -O" only, now outputs an error message accordingly
* builds fine on Redhat Linux 9 (configure fix)
* the CA cert bundle included a demo cert now removed
* changing some attributes between two transfers when re-using a connection did not "take effect"
properly
* the test suite runs faster and hopefully a bit more reliably
* improved configure check for presence of functions, needed for HPUX
* the curl tool now makes a correct URL escaping when appending to the URL when using -T and the
file name is appended to the URL.
* configure --enable-libgcc now explicitly add -lgcc to the linker
* better configure checks for headers (since some platforms got nasty warnings output previously)
* configure --help looks nicer
* data transfer bug on HP-UX systems
* improved random seeding for systems without a reliable random source
* 64bit Sparc compiler warnings removed
* a case where a connect failure didn't return an error string
* DNS cache problem in AIX 4.3 and later was fixed
* a POST-then-GET problem when re-using the same handle in libcurl
* extra precaution added for FTP servers returning 0 bytes to SIZE commands
* looping issue in the receive function (i.e badly updated progress meter)
* Fixed the 'Expect: 100-continue' behavior
* CURLOPT_MAXCONNECTS segfault fixed
* multi-interface connecting on Windows to non-listening ports fixed
* Curl_base64_encode() now encodes zero-bytes too properly
* fixed the infamous SSL error:00000000 outputs
* zlib build fix in the mingw makefile
* don't check for ca cert env variable if --insecure is used
* always use strict cert name check unless --insecure is used
* content-type extracting fixed
* DEBUGFUNCTION could be called with wrong arguments in uploads
* ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
* the fopen.c example code didn't work
* content-type extracting memory leak fixed
* curl/multi.h was fixed for C++ compiles
* .netrc file scanning for names+passwored fixed
* curl-config --cflags works even when include dirs isn't /usr/include
* CURLINFO_PRIVATE can return NULL properly
|
||
shell
|
f1a04c5c7c |
Updated to curl-7.10.3
Patches by Adrian Portelli <adrianp@stindustries.net> (PR#20142) Changes : - Steve Oliphant pointed out that test case 105 did not work anymore and this was due to a missing fix for the password prompting. - Bryan Kemp pointed out that curl -u could not provide a blank password without prompting the user. It can now. -u username: makes the password empty, while -u username makes curl prompt the user for a password. - Kjetil Jacobsen found a remaining connect problem in the multi interface on ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed his problems. - memanalyze.pl now reads a file name from the command line, and no longer takes the data on stdin as before. - Fixed tests/memanalyze.pl to work with file names that contain colons (as on Windows). - Kjetil Jacobsen quickly pointed out that lib/share.h was missing... * For more, see CHANGES. |
||
|
jmmv
|
70adb306d2 |
Trivially update to curl 7.10.2.
Changes since 7.10.1: - Dave Halbakken added curl_version_info to lib/libcurl.def to make libcurl properly build with MSVC on Windows. - Doing HTTP PUT without a specified file size now makes libcurl use Transfer-Encoding: chunked. - Bug report #634625 identified how curl returned timeout immediately when CURLOPT_CONNECTTIMEOUT was used and provided a fix. - Lehel Bernadt found out and fixed. libcurl sent error message to the debug output when it stored the error message. - Avery Fay found some problems with the DNS cache (when the cache time was set to 0 we got a memory leak, but when the leak was fixed he got a crash when he used the CURLOPT_INTERFACE with that) that had me do some real restructuring so that we now have a reference counter in the dns cache entries to prevent an entry to get flushed while still actually in use. I also detected that we previously didn't update the time stamp when we extracted an entry from the cache so that must've been a reason for some very weird dns cache bugs. - Downgraded automake to 1.6.3 in an attempt to fix cygwin problems. (It turned out this didn't help though.) - Disable the DNS cache (by setting the timeout to 0) made libcurl leak memory. Avery Fay brought the example code that proved this. - Upgraded to autoconf 2.54 and automake 1.7 on the release-build host. - Kevin Roth made the command line tool check for a CURL_CA_BUNDLE environment variable (if --cacert isn't used) and if not set, the Windows version will check for a file named "curl-ca-bundle.crt" in the current directory or the directory where curl is located. That file is then used as CA root cert bundle. - Avery Fay pointed out that curl's configure scrip didn't get right if you used autoconf newer than 2.52. This was due to some badly quoted code. - Emiliano Ida confirmed that we now build properly with the Borland C++ compiler too. We needed yet another fix for the ISO cpp check in the curl.h header file. - Yet another fix was needed to get the HTTP download without headers to work. This time it was needed if the first "believed header" was read all in the first read. Test 306 has not run properly since the 11th october fix. - Zvi Har'El pointed out a problem with curl's name resolving on Redhat 8 machines (running IPv6 disabled). Mats Lidell let me use an account on his machine and I could verify that gethostbyname_r() has been changed to return EAGAIN instead of ERANGE when the given buffer size is too small. This is glibc 2.2.93. - Albert Chin helped me get the -no-undefined option corrected in lib/Makefile.am since Cygwin builds want it there while Solaris builds don't want it present. Kevin Roth helped me try it out on cygwin. - Nikita Schmidt provided a bug fix for a FOLLOWLOCATION bug introduced when the ../ support got in (7.10.1). - Fabrizio Ammollo pointed out a remaining problem with FOLLOWLOCATION in the multi interface. - Richard Cooper's experimenting proved that -j (CURLOPT_COOKIESESSION) didn't work quite as supposed. You needed to set it *before* you use CURLOPT_COOKIEFILE, and we dont' want that kind of dependencies. - Andrés García provided corrections for erratas in four libcurl man pages. - Starting now, we generate and include PDF versions of all the docs in the release archives. - Trying to connect to a host on a bad port number caused the multi interface to never return failure and it appeared to keep on trying forever (it just didn't do anything). - Downloading HTTP without headers didn't work 100%, some of the initial data got written twice. Kevin Roth reported. - Kevin Roth found out the "config file" parser in the client code could segfault, like if DOS newlines were used. |
||
|
shell
|
3ec7eb4542 |
Updated to curl-7.10.1
Changes : - Jeff Lawson fixed a few problems with connection re-use that remained when you set CURLOPT_PROXY to "". - Craig Davison found a terrible flaw and Cris Bailiff helped out in the search. Getting HTTP data from servers when the headers are split up in multiple reads, could cause junk data to get inserted among the saved headers. This only concerns HTTP(S) headers. - Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER is set internally, the error text is sent to the debug function as well. - Fixed the telnet code to timeout properly as the option tells it to. On non-windows platforms. - John Crow pointed out that libcurl-the-guide wasn't included in the release tarball! - Kevin Roth pointed out that make install didn't do right if build outside the source tree (ca-bundle wise). - FOLLOW_LOCATION bugfix for the multi interface [trim], more see CHANGES. |
||
jlam
|
a020ed9056 |
Merge packages from the buildlink2 branch back into the main trunk that
have been converted to USE_BUILDLINK2. |
||
mycroft
|
614d756310 | Gr, fix path again. | ||
|
mycroft
|
2e64fe73f4 | Fix LP64 botch. | ||
agc
|
2595399682 |
Make this package compile on -current:
include <sys/types.h> before <sys/select.h> |
||
|
shell
|
72d0dc8ad5 |
Updated to curl, from 7.9.6 to 7.9.7
Changes since 7.9.6 : - More -(option) support - Documentation updated - little bug fixed and preformance improved (please see CHANGES for more) |
||
|
shell
|
244022ae11 |
Updated to curl-7.9.6
- fmt on DESCR - Regen PLIST - Remove patch since it was applied Changes since curl-7.9.5 (Lots of change, here is the recently changes, see CHANGE for more) - Dirk Manske brought a fix that makes libcurl strip off white spaces from the beginning of cookie contents. - Had to patch include/curl/curl.h since MSVC doesn't set the __STDC__ define. Moonesamy pointed out the problem, Bjorn Reese the solution. - Fixed the TIMER_CONNECT to be more accurate for FTP transfers. Previously FTP transfers got the "connect done" time set after the initial FTP commands and not directly after the TCP/IP connect as it should. - Jean-Philippe Barrette-LaPierre provided his patch that introduces CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program to a set a callback to receive debug/information data. That includes headers and data that is received and sent. CURLOPT_VERBOSE still controls it. By default, there is an internal debugfunction that will make things look and work as before if not changed. - Sebastien Willemijns found out that -x didn't use the default port number as is documented. It does now. - libcurl-errors.3 is a new man page attempting to document all libcurl error codes |
||
itojun
|
7b30aa22a2 | re-enable IPv6. | ||
|
itojun
|
3abfb08e7c |
upgrade to 7.9.5.
--- Version 7.9.5 Daniel (7 March 2002) - Added docs/KNOWN_BUGS to the release archive. Daniel (6 March 2002) - Kevin Roth corrected a flaw in the curl client globbing code that made it mess up backslashes. This was most notable on windows (cygwin) machines when using file://. - Brad provided another fix for building outside the source-tree. - Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c Daniel (5 March 2002) - I noticed that the typedef in curl.h for the progress callback prototype was wrong and thus applications that used it would not get the proper input data. It used size_t where the implementation actually uses doubles! I wish I could blame someone else, but this was my fault. Again. Version 7.9.5-pre6 Daniel (4 March 2002) - Cut off the changes done during 2001 from this changelog file and put them in a separate file (CHANGES.2001), available from CVS of course. - I removed the multi directory. The example sources were moved to the docs/examples directory where they belong. - Wrote 7 new man pages for the current functions in the new multi interface. They're all still pretty basic, but we can use them as a start and add more contents to them when we figure out what to write. The large amount of man pages for libcurl now present made me decide to put them in a new separate subdirectory in the docs directory. Named libcurl. - Giuseppe Corbelli provided a template file for the EPM package manager, it gets generated nicely by the configure script now. Version 7.9.5-pre5 Daniel (1 March 2002) - Moved the memanalyze.pl script into the tests/ dir and added it to the release archives. It was previously only present in the CVS tree. - Modified the February 17th Host: fix, as bug report #523718 pointed out that it caused crashes! - Nico Baggus added more error codes to the VMS stuff. - Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE option. It is just another FTP quote option that allows the user to specify a list of FTP commands to issue *just before* the transfer command (RETR or STOR etc). It has turned up a few systems that really need this. The curl command line tool can also take advantage of this by prefixing the quote commands with a plus (+) in similar style that post transfer quote commands are specified. This is not yet documented. There is no test case for this yet. Daniel (28 February 2002) - Ralph Mitchell made some serious efforts and put a lot of sweat in setting up scripts and things for me to be able to repeat his problems, and I finally could. I found a problem with the header byte counter that wasn't increased properly and thus we could return CURLE_GOT_NOTHING when we in fact had received data. Daniel (27 February 2002) - I had to revert the non-space parsing cookie fix I posted to the mailing list. Expire dates do have spaces and still need to get parsed properly! Instead we just ignore trailing white space and it seems to work... Daniel (26 February 2002) - Made the cookie property 'Max-Age' work, just since we already tried to support it, it is better to do it right. No one uses this anyway. - The cookie parser could crash if a really weird (illegal) cookie line was received. I also made it better discard really oddly formatted lines better. Made the cookie jar store the second field from the left using the syntax that Netscape and Mozilla probably like. Curl itself ignores it. Added test case 31 for these cases. Clay Loveless' email regarding some cookie issues started my cleanup. - Kevin Roth pointed out that my automake fiddles broke the ability to build outside the source-tree and I posted a patch to the mailing list that brings this ability back. Version 7.9.5-pre4 Daniel (25 February 2002) - Fiddled with the automake files to make all source files in the lib directory not have ../src in the include path, and the src sources shouldn't have ../lib! - All 79 test cases ran OK under Linux and Solaris using the new HTTP server in the test suite. The new HTTP server was first donated by Georg Horn and subsequently modified to work with the test suite. It is currently still not portable enough to run on "all over" but this is a start and I can run all curl tests on my machines. This is an important requirement for the upcoming public release. - Using -d and -I on the same command line now reports an error, as it implies two different HTTP requests that can't be mixed. - Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option support %{content_type} to get the content type of the recent download. - Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin, and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure out if we could include winsock.h which turns out not to be a wise choice to do on cygwin since it has the file but can't include it! Daniel (22 February 2002) - Added src/config-vms.h to the release archive. - Fixed the connection timeout value again, the change from February 18 wasn't complete. Version 7.9.5-pre3 Daniel (21 February 2002) - Kevin Roth and Andrés García both found out that lib/config.h.in was missing in the pre-release archive and thus the configure script failed. Version 7.9.5-pre2 Daniel (20 February 2002) - Andrés García provided a solution to bug report #515228. the total time counter was not set correctly when -I was used during some conditions (all headers were read in one single read). - Nico Baggus provided a huge patch with minor tweaks all over to make curl compile nicely on VMS. Daniel (19 February 2002) - Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the getaddrinfo() calls, he could speed up some name resolving calls with an order of magnitudes on his Redhat Linux 7.2. - Philip Gladstone found a second INADDR_NONE problem where we used long intead of in_addr_t which caused 64bit problemos. We really shouldn't define that on two different places. Daniel (18 February 2002) - Philip Gladstone found a problem in how HTTP requests were sent if the request couldn't be sent all at once. - Emil found and corrected a bad connection timeout comparison that made curl use the longest of connect-timeout and timout as a timeout value, instead of the shortest as it was supposed to! - Aron Roberts provided updated information about LDAP URL syntax to go into the manual as a replacement for the old references. Daniel (17 February 2002) - Philip Gladstone pointed out two missing include files that made curl core dump on 64bit architectures. We need to pay more attention on these details. It is *lethal* to for example forget the malloc() prototype, as 'int' is 32bit and malloc() must return a 64bit pointer on these platforms. - Giaslas Georgios fixed a problem with Host: headers on repeated requests on the same handle using a proxy. Daniel (8 February 2002) - Hanno L. Kranzhoff accurately found out that disabling the Expect: header when doing multipart formposts didn't work very well. It disabled other parts of the request header too, resulting in a broken header. When I fixed this, I also noticed that the Content-Type wasn't possible to disable. It is now, even though it probably is really stupid to try to do this (because of the boundary string that is included in the internally generated header, used as form part separator.) Daniel (7 February 2002) - I moved the config*.h files from the root directory to the lib/ directory. - I've added the new test suite HTTP server to the CVS repository, It seems to work pretty good now, but we must make it get used by the test scripts properly and then we need to make sure that it compiles, builds and runs on most operating systems. Version 7.9.5-pre1 Daniel (6 February 2002) - Miklos Nemeth provided updated windows makefiles and INSTALL docs. - Mr Larry Fahnoe found a problem with formposts and I managed to track down and patch this bug. This was actually two bugs, as the posted size was also said to be two bytes too large. - Brent Beardsley found out and brought a correction for the CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I accidentaly broke Giaslas Georgios' patch. Daniel (5 February 2002) - Kevin Roth found yet another SSL download problem. Version 7.9.4 - no changes since pre-release Version 7.9.4-pre2 Daniel (3 February 2002) - Eric Melville provided a few spelling corrections in the curl man page. Daniel (1 February 2002) - Andreas Damm corrected the unconditional use of gmtime() in getdate, it now uses gmtime_r() on all hosts that have it. Daniel (31 January 2002) - An anonymous bug report identified a problem in the DNS caching which made it sometimes allocate one byte too little to store the cache entry in. This happened when the port number started with 1! - Albert Chin provided a patch that improves the gethostbyname_r() configure check on HP-UX 11.00. Version 7.9.4-pre1 Daniel (30 January 2002) - Georg Horn found another way the SSL reading failed due to the non-blocking state of the sockets! I fixed. Daniel (29 January 2002) - Multipart formposts now send the full request properly, including the CRLF. They were previously treated as part of the post data. - The upload byte counter bugged. - T. Bharath pointed out that we seed SSL on every connect, which is a time- consuming operation that should only be needed to do once. We patched libcurl to now only seed on the first connect when unseeded. The seeded status is global so it'll now only happen once during a program's life time. If the random_file or egdsocket is set, the seed will be re-made though. - Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets curl_easy_getinfo() read the content-type from the previous request. Daniel (28 January 2002) - Kjetil Jacobsen found a way to crash curl and after much debugging, it turned out it was a IPv4-linux only problem introduced in 7.9.3 related to name resolving. - Andreas Damm posted a huge patch that made the curl_getdate() function fully reentrant! - Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with CURLOPT_POSTFIELDS. You can now! Daniel (25 January 2002) - Krishnendu Majumdar pointed out that the header length counter was not reset between multiple requests on the same handle. - Pedro Neves rightfully questioned why curl always append \r\n to the data that is sent in HTTP POST requests. Unfortunately, this broke the test suite as the test HTTP server is lame enough not to deal with this... :-O - Following Location: headers when the connection didn't close didn't work as libcurl didn't properly stop reading. This problem was added in 7.9.3 due to the restructured internals. 'Frank' posted a bug report about this. Daniel (24 January 2002) - Kevin Roth very quickly spotted that we wrongly installed the example programs that were built in the multi directory, when 'make install' was used. :-/ Version 7.9.3 Daniel (23 January 2002) - Andrés García found a persistancy problem when doing HTTP HEAD, that made curl "hang" until the connection was closed by the server. This problem has been introduced in 7.9.3 due to internal rewrites, this was not present in 7.9.2. Version 7.9.3-pre4 Daniel (19 January 2002) - Antonio filed bug report #505514 and provided a fix! When doing multipart formposts, libcurl would include an error text in the actual post if a specified file wasn't found. This is not libcurl's job. Instead we add an empty part. Daniel (18 January 2002) - Played around with stricter compiler warnings for gcc (when ./configure --enable-debug is used) and changed some minor things to stop the warnings. - Commented out the 'long long' and 'long double' checks in configure.in, as we don't currently use them anyway and the code in lib/mprintf.c that use them causes warnings. - Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how to correct them. Two compiler warnings were removed as well. - Andrés García fixed two minor mingw32 building problems. Version 7.9.3-pre3 Daniel (17 January 2002) - docs/libcurl-the-guide is a new tutorial for our libcurl programming friends. - Richard Archer brought back the ability to compile and build with OpenSSL versions before 0.9.5. [http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976] - The DNS cache code didn't take the port number into account, which made it work rather bad on IPv6-enabled hosts (especially when doing passive FTP). Sterling fixed it. Daniel (16 January 2002) - Georg Horn could make a transfer time-out without error text. I found it and corrected it. - SSL writes didn't work, they return an uninitialized value that caused havoc all over. Georg Horn experienced this. - Kevin Roth patched the curl_version() function to use the proper OpenSSL function for version information. This way, curl will report the version of the SSL library actually running right now, not the one that had its headers installed when libcurl was built. Mainly intersting when running with shared OpenSSL libraries. Version 7.9.3-pre2 Daniel (16 January 2002) - Mofied the main transfer loop and related stuff to deal with non-blocking sockets in the upload section. While doing this, I've now separated the connection oriented buffers to have one for downloads and one for uploads (as two can happen simultaneously). I also shrunk the buffers to 20K each. As we have a scratch buffer twice the size of the upload buffer, we arrived at 80K for buffers compared with the previous 150K. - Added the --cc option to curl-config command as it enables so very cool one-liners. Have a go a this one, building the simple.c example: $ `curl-config --cc --cflags --libs` -o example simple.c Daniel (14 January 2002) - I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we only need to address all writes (send) too and then I'm ready for another pre-release... - Stoned Elipot patched the in_addr_t configure test to make it work better on more platforms. Daniel (9 January 2002) - Cris Bailiff found out that filling up curl's SSL session cache caused a crash! - Posted the curl questionnaire on the web site. If you haven't posted your opinions there yet, go there and do it now while it is still there: http://curl.haxx.se/q/ - Georg Horn quickly found out that the SSL reading no longer worked as supposed since the switch to non-blocking sockets. I've made a quick patch (for reading only) but we should improve it even further. Version 7.9.3-pre1 Daniel (7 January 2002) - I made the 'bool' typedef use an "unsigned char". It makes it the same on all platforms, no matter what the platform thinks the default format for char is. This was noticed since we made a silly comparison involving such a bool variable, and only one compiler/platform combination (on Debian Linux) complained about it (that happened to have its char unsigned by default). - Bug report #495290 identified a cookie parsing problem that was corrected. When a Set-Cookie: line is received without a trailing semicolon, libcurl didn't read the last "name=value" pair of the line, leading to confusions... - Sterling committed his updated DNS cache code. - I worked with Georg Horn and comments from Götz Babin-Ebell and switched curl's socket operations completely over to non-blocking for the entire operation (previously we used non-blocking only for the connection phase). We had to do this to make the SSL connection phase timeout properly without the use of signals. A little extra code to deal with this was added. - T. Bharath pointed out a slightly obscure cookie engine flaw. - Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should. 204-replies never provides a response-body. This resulted in bad persistant behavior when 204 was received. Daniel (5 January 2002) - SM updated the VC++ library Makefiles for the new source files. Daniel (4 January 2002) - I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in two places in the source code). One happened with VERBOSE set on connects, and the other when VERBOSE was on and krb4 over nat was used... I honestly don't think anyone has suffered from these mistakes. - I replaced a lot of silly occurances of printf() to instead use the more appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were affected. - Philip Gladstone found a few more problems with 64-bit archs (the 64-bit sparc on solaris 8). - After discussions on the libcurl list with Raoul Cridlig, I just made FTP response lines get passed to the header callback if such a one is registered. It'll make it possible for any application to get all the responses an FTP server sends to libcurl. Daniel (3 January 2002) - Sterling Hughes brought a few buckets of code. Now, libcurl will automatically cache DNS lookups and re-use the previous results first if any such is available. It greatly improves speed when doing many repeated operations to the same host. - As the test case uses --include and then --head, I had to modify src/main.c to deal with this situation slightly better than previously. When done, we have 100% good tests again in the main branch. Daniel (2 January 2002) - Made test case 25 run again in the multi-dev branch. But it seems that the changes done on dec-20 made test case 104 cease to work (in both branches). - Philip Gladstone pointed out a few portability problems in the source code that didn't compile on 64-bit sparcs using Sun's native |
||
seb
|
869bf22f50 |
Update to version 7.9.2. PR 15102 by Shell Hung <shell@shellhung.org>
Trivial patch on configure which fixes compilation on NetBSD/!i386 added. Fixed in 7.9.2 - compiles and builds on the good old Mac OS (in addition to Mac OS X) - bugfixed persistant connections over proxy with multiple protocols - --disable-epsv is a new option to the curl command line tool - bugfixed verbose ftp output on Tru64 unix - added CURLOPT_FTP_USE_EPSV - passive ftp download works with IPv6 - always return proper error code on failed connects - bugfixed FTP response reader - bugfixed verbose telnet - added CURLINFO_STARTTRANSFER_TIME - bugfixed conditional HTTP fetches based on time - multiple calls to curl_global_init() is now treated better - bugfixed multiple ftp requests - made -p/--proxytunnel work for plain HTTP as well - "current speed" progress meter bugfix - improved the name resolver configure check - libcurl now restores signal handlers and timeouts properly - improved SSL over HTTP-proxy when using weird proxies(!) - added the -1/--TLSv1 option - bugfixed LDAP transfers |
||
|
seb
|
96bd5a055b |
Upgrade to version 7.9.1
Fixed in 7.9.1 much better connection re-use validity check bugfixed connection re-use for FTP urls containing name and password LDAP transfers no longer "hang" a memory leak in the cookie engine was removed CURLE_GOT_NOTHING is a new possible error code curl_easy_duphandle() now duplicates cookie parser status too --fail now only returns error if HTTP code is >= 400 a possible memory leak when a transfer failed was removed builds better in cygwin "current speed" meter more accurate -c without -b saves the cookies now -0/--http1.0 can now be used to set HTTP 1.0 operations bugfixed libcurl for "thread-hopping" on Windows removed memory leak in IPv6-enabled libcurl 'curl' no longer uses curl_formparse() non-blocking connects bugfixed curl_formadd() bugfixed CURLINFO_FILETIME bugfixed cookiejar |
||
|
seb
|
e1024faef4 |
Upgrade to version 7.9
Fixed in 7.9 now properly returns an error code when connection to an SSL server with a non-legitimate certificate. displays certificate expire date with SSL and verbose output -R sets the timestamp of a downloaded file to the same as the remote file -c writes all cookies to a specified file (based on the new libcurl option CURLOPT_COOKIEJAR) SSL session ID caching is being done for multiple requests to the same hosts CURLOPT_COOKIEFILE can now be specified any number of times fixed portability issue in the SSL code -G improvements, now works with -I and on URLs including question mark. various windows compile, build and makefile fixes multiple curl_easy_perform() invokes when a previous invoke followed a Location: could lead to a crash curl_formadd() is a new function to replace the now deprecated curl_formparse() one, for building rfc1867 form posts. rfc1867-posts are now done including the Expect: 100-continue header. release archive now includes all docs as HTML pages too flushes the progress meter stream to improve look on windows fixed the configure script --with-ssl problem |
||
|
itojun
|
cca09ee07f |
upgrade to 7.8.1, per PR 14022.
Summarized list of changes can be grabbed from http://curl.haxx.se/changes.html |
||
nra
|
e4ee0aa228 |
Update www/curl to version 7.8. PR 13704 by Stoned Elipot.
Fixed 7.8
'curl-config --vernum' shows version number as a hexadecimal number
libcurl's got two new functions (for global init/cleanup)
SSL memory leak fixed
new file format for the tests in the test suite
netscape/mozilla cookie file parser bugfix
everything is now built with autoconf 2.50, libtool 1.4
and automake 1.4-p1
libcurl's own version of 'strlcat' no longer pollutes the name space
libcurl now treats an already completed resumed download as a
successful operation, and not as an error like before
https and ftps test cases added to the test suite (depend on stunnel)
better white space awareness when parsing HTTP headers
curl -I now plays ball even if the ftp server doesn't grok SIZE
corrected resumed transfers on re-used persistent connections
FTP PORT works again when libcurl is IPv6-enabled
corrected path usage when doing multiple FTP transfers
several Location: header related bugs corrected
|
||
|
wiz
|
d3c112794d | Add size. | ||
|
agc
|
8f972b049a |
+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo |
Renamed from www/curl/files/md5 (Browse further)