Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework. Four way fat framewo

Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.

show more ...

Sun compilers specific preprocessor block removed from curlbuild.h.dist

Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSE

Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSET_BITS. This
configuration is exactly the unwanted configuration for our curl_off_t
data type which must not depend on such setting. This breaks ABI for
libcurl libraries built with Sun compilers which were built without
having run the configure script with _FILE_OFFSET_BITS different than
64 and using the ILP32 data model.

show more ...

Added the curl_easy_recv return code fix

- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.

- Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.

Fix TELNET transfers not being aborted upon write callback failures

Added TELNET timeout support for Windows builds

- Frank Hempel found out a bug and provided the fix:

curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destina

- Frank Hempel found out a bug and provided the fix:

curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.

We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.

show more ...

- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d

- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.

show more ...

- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.

- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS

- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.

show more ...

- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (

- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.

show more ...

Fix NTLM authentication memory leak on SSPI enabled Windows builds

- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.

15 additional contributor from the 7.19.4 RELEASE-NOTES

start over on the journey towards 7.19.5

- David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
which previous libcurl versions (by design) can be tricke

- David Kierznowski notified us about a security flaw
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
which previous libcurl versions (by design) can be tricked to access an
arbitrary local/different file instead of a remote one when
CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
together this the addition of two new setopt options for controlling this
new behavior:

o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
excludes the FILE and SCP protocols and thus you nee to explicitly allow
them in your app if you really want that behavior.

o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
using the primary URL option. This is useful if you want to allow a user or
other outsiders control what URL to pass to libcurl and yet not allow all
protocols libcurl may have been built to support.

show more ...

the Eiffel binding

- Senthil Raja Velu reported a problem when CURLOPT_INTERFACE and
CURLOPT_LOCALPORT were used together (the local port bind failed), and
Markus Koetter provided the fix!

- As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 20

- As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
thread-safe. We've previously (28 April 2007) moved the init to a later time
just to avoid it to fail very early when libgcrypt dislikes the situation,
but that move was bad and the fix should rather be in libgcrypt or
elsewhere.

show more ...

- Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
time for both proxy and server aut

- Brian J. Murrell found out that Negotiate proxy authentication didn't work.
It happened because the code used the struct for server-based auth all the
time for both proxy and server auth which of course was wrong.

show more ...

- After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
-1 if the sizes aren't know. Previously

- After a bug reported by James Cheng I've made curl_easy_getinfo() for
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD return
-1 if the sizes aren't know. Previously these returned 0, make it impossible
to detect the difference between actually zero and unknown.

show more ...

Daniel Johnson provided a shell script that will perform all the steps needed
to build a Mac OS X fat ppc/i386 or ppc64/x86_64 libcurl.framework

Mark Incley noticed VS2008 compilation halting when building for Windows 2000