Toby Peterson patched a memory problem in the command line tool that
happened when a user had a home dir as an empty string. curl would then do
free() on a wrong area.

Fixed curl-config --features to not display libz when it wasn't used
due to a missing header file.

Fixed the output of curl-config --protocols which showed SCP and SFTP
always, except when --without-libssh2 was given

contributor re-count (we'll break the 600 limit very very soon now) and I made
all the numericals at the top phrased "shorter" and I cut out the "number of
releases since the very beginning"

contributor re-count (we'll break the 600 limit very very soon now) and I made
all the numericals at the top phrased "shorter" and I cut out the "number of
releases since the very beginning" since that's just the number curl releases
+ 26 and not a very interesting number anyway.

show more ...

curl-config --features and --protocols show the correct output when built
with NSS

start working on 7.17.2

correct mirror count

http://curl.wetzlmayr.at/ is a new web mirror in Nuremberg, Germany

Added the --static-libs option to curl-config

oops

Made libcurl built with NSS possible to ignore the peer verification.
Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.

Michal Marek fixed the test script to be able to use valgrind even when the
lib is built shared with libtool.

Fixed a TFTP memory leak. Enabled test 2003 to verify this.

Vladimir Lazarenko pointed out that we should do some 'mt' magic when
building with VC8 to get the "manifest" embedded to make fine stand-alone
binaries. The maketgz and the src/Makefile.vc6

Vladimir Lazarenko pointed out that we should do some 'mt' magic when
building with VC8 to get the "manifest" embedded to make fine stand-alone
binaries. The maketgz and the src/Makefile.vc6 files were adjusted
accordingly.

show more ...

Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
that libcurl tried to re-use connections a bit too much when using non-SSL
protocols tunneled over a HTTP proxy.

Michal Marek forwarded the bug report
https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
FTP that caused memory havoc. His work together with my efforts created two

Michal Marek forwarded the bug report
https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
FTP that caused memory havoc. His work together with my efforts created two
fixes:

#1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
at connection cleanup, at which time the struct HandleData could be
used by another connection.
Also, the unused char *urlpath member is removed from struct FTP.

#2 - provide a Curl_reset_reqproto() function that frees
data->reqdata.proto.* on connection setup if needed (that is if the
SessionHandle was used by a different connection).

show more ...

mention Patrick Monnerat's recent work on the postfields problems

Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
that specifying a proxy with a trailing slash didn't work (unless it also
contained a port number).

Michael Wallner made the CULROPT_COOKIELIST option support a new magic
string: "FLUSH". Using that will cause libcurl to flush its cookies to the
CURLOPT_COOKIEJAR file.

Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
This happened because the tftp code always uncondionally did a bind()
without caring if one already had been done and

Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
This happened because the tftp code always uncondionally did a bind()
without caring if one already had been done and then it failed. I wrote a
test case (1009) to verify this, but it is a bit error-prone since it will
have to pick a fixed local port number and since the tests are run on so
many different hosts in different situations I add it in disabled state.

show more ...

Fix issue related with the use of ares_timeout() result.

recount contributors after the 7.17.0 release

Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
CURLOPT_OPENSOCKETDATA to set a callback that allows an application to replace
the socket() call used by libcurl. It basically all

Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
CURLOPT_OPENSOCKETDATA to set a callback that allows an application to replace
the socket() call used by libcurl. It basically allows the app to change
address, protocol or whatever of the socket. (I also did some whitespace
indent/cleanups in lib/url.c which kind of hides some of these changes, sorry
for mixing those in.)

show more ...

Based on a patch brought by Johnny Luong, libcurl now offers
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make
the SCP or SFTP connection verify the remote host's

Based on a patch brought by Johnny Luong, libcurl now offers
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make
the SCP or SFTP connection verify the remote host's md5 checksum of the public
key before doing a connect, to reduce the risk of a man-in-the-middle attack.

show more ...

known bug #46: chunked-encoded CONNECT responses from a http proxy now works.
Added test case 1008 to verify. Note that #47 is still there.