Added test case 235 that makes a resumed upload of a file that isn't present
on the remote side. This then converts the operation to an ordinary STOR
upload. This was requested/pointed out by

Added test case 235 that makes a resumed upload of a file that isn't present
on the remote side. This then converts the operation to an ordinary STOR
upload. This was requested/pointed out by Ignacio Vazquez-Abrams.

It also proved (and I fixed) a bug in the newly rewritten ftp code (and
present in the 7.13.1 release) when trying to resume an upload and the servers
returns an error to the SIZE command. libcurl then loops and sends SIZE
commands infinitely.

show more ...

Reduced the length of data read from the random entropy file.

Don't try to read the whole of the random file because when /dev/urandom is
used, it slows initialization too much reading an infinitely long file!

7.13.2-CVS

starting over

stand clear for release time

Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.

killed trailing whitespace

killed trailing whitespace

Rene Rebe fixed a -# crash when more data than expected was retrieved.

new VB binding

VB binding, updated the .NET info

mention buffer overflows fixed

fix the distribution files

Fix for a base64 decode heap buffer overflow vulnerability.

Fixed some compiler warnings. Fixed a low incidence memory leak in the test server.

Updated as suggested by Samuel D�az Garc�a

krb4 fixed

Curl_base64_decode() now returns an allocated buffer

Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this.

Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042

show more ...

added test case 234 which is like 233 but uses --location-trusted instead so
thus the second request to the new host will use authentication fine

Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properl

Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.

show more ...

socket leak, mingw build

Based on Mike Dobbs' report, BUILDING_LIBCURL is now defined in here if it
runs to build with mingw.

close the socket properly when returning error due to failing localbind
Bug report #1124588 by David