Commit Graph

12081 Commits

Author SHA1 Message Date
Daniel Stenberg
1b6d18fcb0 removed useless comment 2009-03-20 12:42:29 +00:00
Yang Tse
57c32b709d Add a link to "Potential Errors Passing CRT Objects Across DLL Boundaries" 2009-03-18 13:58:29 +00:00
Daniel Stenberg
5f19822e37 - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.
2009-03-18 12:48:51 +00:00
Daniel Stenberg
9a0c9cd6e1 minor fix 2009-03-18 09:14:28 +00:00
Gisle Vanem
0ac8e1d80b If CURL_DISABLE_PROXY is defined, we must allow socks_sspi.c to call
Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.
2009-03-15 13:43:47 +00:00
Daniel Stenberg
744e55ec74 we use libssh2_version() now if available 2009-03-13 10:02:26 +00:00
Daniel Stenberg
74ba4d7950 - Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.
2009-03-13 09:58:15 +00:00
Yang Tse
fa96436661 Fix TELNET transfers not being aborted upon write callback failures 2009-03-12 13:18:25 +00:00
Yang Tse
d15b8273d6 Add Curl_read() return code checking 2009-03-12 02:12:05 +00:00
Daniel Stenberg
0a5cf3a928 Oops, make the memory magic debug stuff done before global init too just to
catch them all. The memory debug stuff is not in the public API anyway.
2009-03-11 23:00:31 +00:00
Daniel Stenberg
6173e38fdc - Kamil Dudka made the curl tool properly call curl_global_init() before any
other libcurl function.
2009-03-11 22:56:03 +00:00
Daniel Stenberg
34cd99d1d9 update the embedded copyright year 2009-03-11 09:00:34 +00:00
Yang Tse
0922a0fc3f s/u_long/unsigned long/ 2009-03-11 05:09:03 +00:00
Yang Tse
dd53b356ff fix previous commit misplaced break statement 2009-03-11 04:45:18 +00:00
Yang Tse
f1db505778 Added TELNET timeout support for Windows builds 2009-03-11 04:15:33 +00:00
Daniel Stenberg
662727ca3e Moved 7.19.2 and older entries from CHANGES to CHANGES.0 (the latter is not
shipped in release archives but is only in CVS)
2009-03-10 10:00:06 +00:00
Daniel Stenberg
bdec6f2b20 - Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
  option. It only enabled the cookie engine in the destination handle if
  data->cookies is not NULL (where data is the source handle). In case of a
  newly initialized handle which just had the cookie support enabled by a
  curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
  still NULL because the setopt-call only appends the value to
  data->change.cookielist, hence duplicating this handle would not have the
  cookie engine switched on.

  We also concluded that the slist-functionality would be suitable for being
  put in its own module rather than simply hanging out in lib/sendf.c so I
  created lib/slist.[ch] for them.
2009-03-09 12:21:46 +00:00
Daniel Stenberg
c86c294f55 - Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
  checkouts who don't do cvs update with the -d option won't get the new dirs
  and then will get funny outputs that can be a bit hard to understand and
  fix.
2009-03-09 09:24:31 +00:00
Dan Fandrich
a9a03b9708 Avoid a compile warning in --disable-proxy case 2009-03-09 04:32:51 +00:00
Daniel Stenberg
f4e8c406bb - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
2009-03-08 22:56:55 +00:00
Daniel Stenberg
12bfcb501c - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.
2009-03-08 22:52:05 +00:00
Daniel Stenberg
0fc1782dd4 Andre Guibert de Bruet fixed a typo in the error message 2009-03-08 22:45:59 +00:00
Daniel Stenberg
9274d31690 - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.
2009-03-08 22:42:50 +00:00
Dan Fandrich
983a539503 Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
2009-03-05 06:44:18 +00:00
Yang Tse
94bb7fe5cb Fix NTLM authentication memory leak on SSPI enabled Windows builds 2009-03-05 01:23:14 +00:00
Dan Fandrich
b98e0aa09b Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
2009-03-04 08:09:39 +00:00
Daniel Stenberg
49c6d7e32d Added test 1097 to verify the bug Axel Kuhn epidox posted on March 3 2009
on curl-users, it is also added to DISABLED since I don't have time to work
on it further right now.
2009-03-03 13:25:19 +00:00
Daniel Stenberg
ee73fc361b - David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
2009-03-03 11:01:24 +00:00
Daniel Stenberg
e84dbd28db 15 additional contributor from the 7.19.4 RELEASE-NOTES 2009-03-03 10:41:11 +00:00
Daniel Stenberg
02449d9aa5 Gah! We can't have 'curl' added here since even though it removes the curl
binary it also removes the include/curl subdir!
2009-03-03 10:02:26 +00:00
Patrick Monnerat
2876329f16 Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated definitions added to RPG binding 2009-03-03 09:57:21 +00:00
Daniel Stenberg
a1f455551f start over on the journey towards 7.19.5 2009-03-02 23:44:42 +00:00
Daniel Stenberg
042cc1f69e - David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
  which previous libcurl versions (by design) can be tricked to access an
  arbitrary local/different file instead of a remote one when
  CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
  together this the addition of two new setopt options for controlling this
  new behavior:

  o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
  follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
  excludes the FILE and SCP protocols and thus you nee to explicitly allow
  them in your app if you really want that behavior.

  o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
  using the primary URL option. This is useful if you want to allow a user or
  other outsiders control what URL to pass to libcurl and yet not allow all
  protocols libcurl may have been built to support.
2009-03-02 23:05:31 +00:00
Daniel Stenberg
90b804d3fa 7.19.4 won't get anything else 2009-03-02 10:43:46 +00:00
Daniel Stenberg
4bc603a0cc the Eiffel binding 2009-03-02 09:03:11 +00:00
Daniel Stenberg
6c3f74b946 nothing more left for 7.19.4, the issue #216 is moved to 7.19.5 since we're
too close to release now
2009-03-01 14:20:26 +00:00
Yang Tse
8d78a33e60 for portability reasons: s/inet_pton/Curl_inet_pton/ 2009-02-28 01:35:53 +00:00
Yang Tse
df07537ccf fix compiler warning 2009-02-28 01:11:57 +00:00
Daniel Stenberg
de25ed3f37 mention the '-o -' trick 2009-02-27 13:52:05 +00:00
Daniel Stenberg
40edf25866 217 - Dan Fandrich's "GnuTLS initialization thread safety"
218 - Senthil Raja Velu's "CURLOPT_LOCALPORT option broken", patch by
      Markus Koetter

Both are now committed
2009-02-27 12:11:08 +00:00
Daniel Stenberg
7b7db23633 - Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
  Markus Koetter provided the fix!
2009-02-27 12:07:14 +00:00
Daniel Stenberg
794b4da840 Indentation fixes, untabify and related whitespace-cleanup. No code changed. 2009-02-27 08:53:10 +00:00
Daniel Stenberg
e9ea3ba4a2 corrected and clarified the top comment 2009-02-25 12:51:39 +00:00
Daniel Stenberg
d207ea1652 - As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
  thread-safe. We've previously (28 April 2007) moved the init to a later time
  just to avoid it to fail very early when libgcrypt dislikes the situation,
  but that move was bad and the fix should rather be in libgcrypt or
  elsewhere.
2009-02-25 12:51:17 +00:00
Daniel Stenberg
625d06ac79 improved 2009-02-24 09:42:39 +00:00
Daniel Stenberg
3460225590 A handy little helper file for doing recursive diffs on curl source/build trees
without involving CVS:

diff -X diff-exclude -ru curl-old curl-patched
2009-02-24 09:35:55 +00:00
Daniel Stenberg
ea6531cf32 - Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
  time for both proxy and server auth which of course was wrong.
2009-02-24 08:30:09 +00:00
Daniel Stenberg
2afb88e2ce 4.17 Non-functional connect timeouts 2009-02-23 21:21:00 +00:00
Daniel Stenberg
6c9f37d263 - After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
  -1 if the sizes aren't know. Previously these returned 0, make it impossible
  to detect the difference between actually zero and unknown.
2009-02-23 18:45:00 +00:00
Daniel Stenberg
735955282b For 7.19.5 (due to feature freeze)
220 - Take advantage of libssh2_version() that's been added for the upcoming
      1.1, to extract the run-time version number properly.
2009-02-23 16:28:51 +00:00