cURL cURL > Changes

Changelog

Related:

Fixed in 7.39.0 - November 5 2014

Changes:

  • SSLv3 is disabled by default
  • CURLOPT_COOKIELIST: Added "RELOAD" command
  • build: Added WinIDN build configuration options to Visual Studio projects
  • ssh: improve key file search
  • SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
  • vtls: remove QsoSSL support, use gskit!
  • mk-ca-bundle: added SHA-384 signature algorithm
  • docs: added many examples for libcurl opts and other doc improvements
  • build: Added VC ssh2 target to main Makefile
  • MinGW: Added support to build with nghttp2
  • NetWare: Added support to build with nghttp2
  • build: added Watcom support to build with WinSSL
  • build: Added optional specific version generation of VC project files

Bugfixes:

  • curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
  • openssl: build fix for versions < 0.9.8e
  • newlines: fix mixed newlines to LF-only
  • ntlm: Fixed HTTP proxy authentication when using Windows SSPI
  • sasl_sspi: Fixed Unicode build
  • file: reject paths using embedded %00
  • threaded-resolver: revert Curl_expire_latest() switch
  • configure: allow --with-ca-path with PolarSSL too
  • HTTP/2: Fix busy loop when EOF is encountered
  • CURLOPT_CAPATH: return failure if set without backend support
  • nss: do not fail if a CRL is already cached
  • smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
  • fixed 20+ nits/memory leaks identified by Coverity scans
  • curl_schannel.c: Fixed possible memory or handle leak
  • multi-uv.c: call curl_multi_info_read() better
  • cmake: Check for OpenSSL before OpenLDAP
  • cmake: Fix library list provided to cURL tests
  • cmake: Avoid cycle directory dependencies
  • cmake: Build with GSS-API libraries (MIT or Heimdal)
  • vtls: provide backend defines for internal source code
  • nss: fix a connection failure when FTPS handle is reused
  • tests/http_pipe.py: Python 3 support
  • cmake: build tool_hugehelp (ENABLE_MANUAL)
  • cmake: enable IPv6 by default if available
  • tests: move TESTCASES to Makefile.inc, add show for cmake
  • ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
  • ntlm: Fixed empty/bad base-64 decoded buffer return codes
  • ntlm: Fixed empty type-2 decoded message info text
  • cmake: add CMake/Macros.cmake to the release tarball
  • cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
  • cmake: use LIBCURL_VERSION from curlver.h
  • cmake: generate pkg-config and curl-config
  • fixed several superfluous variable assignements identified by cppcheck
  • cleanup of 'CURLcode result' return code
  • pipelining: only output "is not blacklisted" in debug builds
  • SSL: Remove SSLv3 from SSL default due to POODLE attack
  • gskit.c: remove SSLv3 from SSL default
  • darwinssl: detect possible future removal of SSLv3 from the framework
  • ntlm: Only define ntlm data structure when USE_NTLM is defined
  • ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
  • ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
  • sspi: Only call CompleteAuthToken() when complete is needed
  • http_negotiate: Fixed missing check for USE_SPNEGO
  • HTTP: return larger than 3 digit response codes too
  • openssl: Check for NPN / ALPN via OpenSSL version number
  • openssl: enable NPN separately from ALPN
  • sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
  • sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
  • resume: consider a resume from
  • sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
  • build-openssl.bat: Fix x64 release build
  • cmake: drop _BSD_SOURCE macro usage
  • cmake: fix gethostby{addr,name}_r in CurlTests
  • cmake: clean OtherTests, fixing -Werror
  • cmake: fix struct sockaddr_storage check
  • Curl_single_getsock: fix hold/pause sock handling
  • SSL: PolarSSL default min SSL version TLS 1.0
  • cmake: fix ZLIB_INCLUDE_DIRS use
  • buildconf: stop checking for libtool

Fixed in 7.38.0 - September 10 2014

Changes:

  • supports HTTP/2 draft-14
  • CURLE_HTTP2 is a new error code
  • CURLAUTH_NEGOTIATE is a new auth define
  • CURL_VERSION_GSSAPI is a new capability bit
  • no longer use fbopenssl for anything
  • schannel: use CryptGenRandom for random numbers
  • axtls: define curlssl_random using axTLS's PRNG
  • cyassl: use RNG_GenerateBlock to generate a good random number
  • findprotocol: show unsupported protocol within quotes
  • version: detect and show LibreSSL
  • version: detect and show BoringSSL
  • imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
  • http2: requires nghttp2 0.6.0 or later

Bugfixes:

Fixed in 7.37.1 - July 16 2014

Changes:

  • bits.close: introduce connection close tracking
  • darwinssl: Add support for --cacert
  • polarssl: add ALPN support
  • docs: Added new option man pages

Bugfixes:

Fixed in 7.37.0 - May 21 2014

Changes:

Bugfixes:

Fixed in 7.36.0 - March 26 2014

Release contains security-related bug fixes

Changes:

Bugfixes:

Fixed in 7.35.0 - January 29 2014

Release contains security-related bug fix

Changes:

  • imap/pop3/smtp: Added support for SASL authentication downgrades
  • imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
  • TheArtOfHttpScripting: major update, converted layout and more
  • mprintf: Added support for I, I32 and I64 size specifiers
  • makefile: Added support for VC7, VC11 and VC12

Bugfixes:

Fixed in 7.34.0 - December 17 2013

Release contains security-related bug fix

Changes:

Bugfixes:

Fixed in 7.33.0 - October 14 2013

Changes:

Bugfixes:

Fixed in 7.32.0 - August 12 2013

Changes:

  • curl: allow timeouts to accept decimal values
  • OS400: add slist and certinfo EBCDIC support
  • OS400: new SSL backend GSKit
  • CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
  • LIBCURL-STRUCTS: new document

Bugfixes:

Fixed in 7.31.0 - June 22 2013

Release contains security-related bug fix

Changes:

Bugfixes:

Fixed in 7.30.0 - April 12 2013

Release contains security-related bug fix

Changes:

Bugfixes:

Fixed in 7.29.0 - February 6 2013

Release contains security-related bug fix

Changes:

  • test: offer "automake" output and check for perl better
  • always-multi: always use non-blocking internals
  • imap: Added support for sasl digest-md5 authentication
  • imap: Added support for sasl cram-md5 authentication
  • imap: Added support for sasl ntlm authentication
  • imap: Added support for sasl login authentication
  • imap: Added support for sasl plain text authentication
  • imap: Added support for login disabled server capability
  • mk-ca-bundle: add -f, support passing to stdout and more
  • writeout: -w now supports remote_ip/port and local_ip/port

Bugfixes:

Fixed in 7.28.1 - November 20 2012

Changes:

Bugfixes:

Fixed in 7.28.0 - October 10 2012

Changes:

  • SSH: added agent based authentication
  • ftp: active conn, allow application to set sockopt after accept() call with CURLSOCKTYPE_ACCEPT
  • multi: add curl_multi_wait()
  • metalink: Added support for Microsoft Windows CryptoAPI
  • md5: Added support for Microsoft Windows CryptoAPI
  • parse_proxy: treat "socks://x" as a socks4 proxy
  • socks: Added support for IPv6 connections through SOCKSv5 proxy

Bugfixes:

Fixed in 7.27.0 - July 27 2012

Changes:

Bugfixes:

Fixed in 7.26.0 - May 24 2012

Changes:

  • nss: the minimal supported version of NSS bumped to 3.12.x
  • nss: human-readable names are now provided for NSS errors if available
  • add a manual page for mk-ca-bundle
  • added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
  • smtp: Add support for DIGEST-MD5 authentication
  • pop3: Added support for additional pop3 commands

Bugfixes:

Fixed in 7.25.0 - March 22 2012

Changes:

Bugfixes:

Fixed in 7.24.0 - January 24 2012

Release contains security-related bug fix

Changes:

Bugfixes:

Fixed in 7.23.1 - November 17 2011

Bugfixes:

  • Windows: curl would fail if it found no CA cert, unless -k was used. Even if a non-SSL protocol URL was used

Fixed in 7.23.0 - November 15 2011

Changes:

  • Empty headers can be sent in HTTP requests by terminating with a semicolon
  • SSL session sharing support added to curl_share_setopt()
  • Added support to MAIL FROM for the optional SIZE parameter
  • smtp: Added support for NTLM authentication
  • curl tool: code split into tool_*.[ch] files

Bugfixes:

  • handle HTTP redirects to "//hostname/path"
  • SMTP without --mail-from caused segfault
  • prevent extra progress meter headers between multiple files
  • allow Content-Length to be replaced when sending HTTP requests
  • curl now always sets postfieldsize to allow --data-binary and --data to be mixed in the same command line
  • curl_multi_fdset: avoid FD_SET out of bounds
  • lots of MinGW build tweaks
  • Curl_gethostname: return un-qualified machine name
  • fixed the openssl version number configure check
  • nss: certificates from files are no longer looked up by file base names
  • returning abort from the progress function when using the multi interface would not properly cancel the transfer and close the connection
  • fix libcurl.m4 to not fail with modern gcc versions
  • ftp: improved the failed PORT host name resolved error message
  • TFTP timeout and unexpected block adjustments
  • HTTP and GOPHER test server-side connection closing adjustments
  • fix endless loop upon transport connection timeout
  • don't clobber errno on failed connect
  • typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
  • formdata: ack read callback abort
  • make --show-error properly position independent
  • set the ipv6-connection boolean correctly on connect
  • SMTP: fix end-of-body string escaping
  • gtls: only call gnutls_transport_set_lowat with HTTP: handle multiple auths in a single WWW-Authenticate line
  • curl_multi_fdset: correct fdset with FTP PORT use
  • windbuild: fix the static build
  • fix builds with GnuTLS version 3
  • fix calling of OpenSSL's ERR_remove_state(0)
  • HTTP auth: fix proxy Negotiate bug when Negotiate not requested
  • ftp PORT: don't hang if bind() fails
  • -# would crash on terminals wider than 256 columns

Fixed in 7.22.0 - September 13 2011

Changes:

  • Added CURLOPT_GSSAPI_DELEGATION
  • Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
  • Display notes from setup file in testcurl.pl
  • BSD-style lwIP TCP/IP stack experimental support on Windows
  • OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
  • --delegation was added to set CURLOPT_GSSAPI_DELEGATION
  • nss: start with no database if the selected database is broken
  • telnet: allow programatic use on Windows

Bugfixes:

  • curl_getdate: detect some illegal dates better
  • when sending a request and an error is received before the (entire) request body is sent, stop sending the request and close the connection after having received the entire response. This is equally true if an Expect: 100-continue header was used.
  • When using both -J and a single -O with multiple URLs, a missing init could cause a segfault
  • -J fixed for escaped quotes
  • -J fixed for file names with semicolons
  • progress: reset flags at transfer start to avoid wrong CURLINFO_CONTENT_LENGTH_DOWNLOAD
  • curl_gssapi: Guard files with HAVE_GSSAPI and rename private header
  • silence picky compilers: mark unused parameters
  • help output: more gnu like output
  • libtests: stop checking for CURLM_CALL_MULTI_PERFORM
  • setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do proxy-like HTTP requests
  • CURLFORM_BUFFER: insert filename as documented (regression)
  • SOCKS: fix the connect timeout
  • ftp_doing: bail out on error properly while multi interfacing
  • improved Content-Encoded decoding error message
  • asyn-thread: check for dotted addresses before thread starts
  • cmake: find winsock when building on windows
  • Curl_retry_request: check return code
  • cookies: handle 'secure=' as if it was 'secure'
  • tests: break busy loops in tests 502, 555, and 573
  • FTP: fix proxy connect race condition with multi interface and SOCKS proxy
  • RTSP: GET_PARAMETER requests have a body
  • fixed several memory leaks in OOM situations
  • bad expire(0) caused multi_socket API to hang
  • Avoid ftruncate() static define with mingw64
  • mk-ca-bundle.pl: ignore untrusted certs
  • builds with PolarSSL 1.0.0

Fixed in 7.21.7 - June 23 2011

Release contains security-related bug fix

Changes:

  • recognize the [protocol]:// prefix in proxy hosts where the protocol is one of socks4, socks4a, socks5 or socks5h.
  • Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA

Bugfixes:

  • SECURITY ADVISORY: inappropriate GSSAPI delegation
  • NTLM: work with unicode
  • fix connect with SOCKS proxy when using the multi interface
  • anyauthput.c: stdint.h must not be included unconditionally
  • CMake: improved build
  • SCP/SFTP enable non-blocking earlier
  • GnuTLS handshake: fix timeout
  • cyassl: build without filesystem
  • HTTPS over HTTP proxy using the multi interface
  • speedcheck: invalid timeout event on a reused handle
  • Force connection close for HTTP 200 OK when time condition matched
  • curl_formget: fix FILE * leak
  • configure: improved OpenSSL detection
  • Android build: support gingerbread
  • CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
  • windows build: use correct MS CRT
  • pop3: remove extra space in LIST command

Fixed in 7.21.6 - April 22 2011

Changes:

  • Added --tr-encoding and CURLOPT_TRANSFER_ENCODING

Bugfixes:

  • curl-config: fix --version
  • curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
  • use HTTPS properly after CONNECT
  • SFTP: close file before post quote operations

Fixed in 7.21.5 - April 17 2011

Changes:

  • SOCKOPTFUNCTION: callback can say already-connected
  • Added --netrc-file
  • Added (new) support for cyassl
  • TSL-SRP: enabled with OpenSSL
  • Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION

Bugfixes:

  • nss: avoid memory leak on SSL connection failure
  • nss: do not ignore failure of SSL handshake
  • multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
  • runtests.pl: fix pid number concatenation that prevented it from killing the correct process at times
  • PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
  • curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
  • multi: close connection on timeout
  • IMAP in multi mode does SSL connections non-blocking
  • honours the --disable-ldaps configure option
  • Force setopt constants written by --libcurl to be long
  • ssh_connect: treat libssh2 return code better
  • SFTP upload could stall the state machine when the multi_socket API was used
  • SFTP and SCP could leak memory when used with the multi interface and the connection was closed
  • Added missing file to repair the MSVC makefiles
  • Fixed detection of recvfrom arguments on Android/bionic
  • GSS: handle reuse fix
  • transfer: avoid insane conversion of time_t
  • nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
  • SMTP-multi: non-blocking connect
  • SFTP-multi: set cselect for sftp and scp to fix "stall" risk
  • configure: removed wrongly claimed default paths
  • pop3: fixed torture tests to succeed
  • symbols-in-versions: many corrections
  • if a HTTP request gets retried because the connection was dead, rewind if any data was sent as part of it
  • only probe for working ipv6 once and then re-use that info for further requests
  • requests that are asked to bound to a local interface/port will no longer wrongly re-use connections that aren't
  • libcurl.m4: Add missing quotes in AC_LINK_IFELSE
  • progress output: don't print the last update on a separate line
  • POP3: the command to send is STLS, not STARTTLS
  • POP3: PASS command was not sent after upgrade to TLS
  • configure: fix libtool warning
  • nss: allow to use multiple client certificates for a single host
  • HTTP pipelining: Fix handling of zero-length responses
  • Don't list NTLM in curl-config when HTTP is disabled
  • curl_easy_setopt.3: CURLOPT_RESOLVE typo version
  • OpenSSL: build fine with no-sslv2 versions
  • checkconnection: don't call with NULL pointer with RTSP and multi interface
  • Borland makefile updates
  • configure: libssh2 link fix without pkg-config
  • certinfo crash
  • CCC crash

Fixed in 7.21.4 - February 17 2011

Changes:

  • CURLINFO_FTP_ENTRY_PATH now supports SFTP
  • introduced new framework for unit-testing
  • IDN: use win32 API if told to
  • ares: ask for both IPv4 and IPv6 addresses
  • HTTP: do Negotiate authentication using SSPI on windows
  • Windows build: alternative makefile
  • TLS-SRP: support added when using GnuTLS
  • added support for axTLS

Bugfixes:

  • SMTP: add brackets for MAIL FROM
  • ossl_seed: no more RAND_screen (on Windows)
  • multi: connect fail => use next IP address
  • use the timeout when using multiple IP addresses similar to how the easy interface does it
  • cookies: tricked dotcounter fixed
  • pubkey_show: allocate buffer to fit any-size result
  • Curl_nss_connect: avoid PATH_MAX
  • Curl_do: avoid using stale conn pointer
  • tftpd test server: avoid buffer overflow report from glibc
  • nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
  • nss: fix a bug in handling of CURLOPT_CAPATH
  • CMake: Use upstream CheckTypeSize module
  • OpenSSL get_cert_chain: support larger data sets
  • SCP/SFTP transfers: acknowledge speedcheck
  • GnuTLS builds: fix memory leak
  • connect problem: use UDP correctly
  • Borland C++ makefile tweaks
  • OpenSSL: improved error message on SSL_CTX_new failures
  • HTTP: memory leak on multiple Location:
  • ares_query_completed_cb: don't touch invalid data
  • ares: memory leak fix
  • mk-ca-bundle: use new cacert url
  • Curl_gmtime: added a portable gmtime and check for NULL
  • curl.1: typo in -v description
  • CURLOPT_SOCKOPTFUNCTION: return proper error code
  • --keepalive-time: warn if not supported properly
  • file: add support for CURLOPT_TIMECONDITION
  • nss: avoid memory leaks and failure of NSS shutdown
  • multi: fix CURLM_STATE_TOOFAST for multi_socket

Fixed in 7.21.3 - December 15 2010

Changes:

  • Added --noconfigure switch to testcurl.pl
  • Added --xattr option
  • Added CURLOPT_RESOLVE and --resolve
  • Added CURLAUTH_ONLY
  • Added version-check.pl to the examples dir

Bugfixes:

  • check for libcurl features for some command line options
  • Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
  • http_chunks: remove debug output
  • URL-parsing: consider ? a divider
  • SSH: avoid using the libssh2_ prefix
  • SSH: use libssh2_session_handshake() to work on win64
  • ftp: prevent server from hanging on closed data connection when stopping a transfer before the end of the full transfer (ranges)
  • LDAP: detect non-binary attributes properly
  • ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
  • gnutls->handshake: improved timeout handling
  • security: Pass the right parameter to init
  • krb5: Use GSS_ERROR to check for error
  • TFTP: resend the correct data
  • configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
  • GnuTLS: now detects socket errors on Windows
  • symbols-in-versions: updated en masse
  • added a couple examples that were missing from the tar ball
  • Curl_send/recv_plain: return errno on failure
  • Curl_wait_for_resolv (for c-ares): correct timeout
  • ossl_connect_common: detect connection re-use
  • configure: Prevent link errors with --librtmp
  • openldap: use remote port in URL passed to ldap_init_fd()
  • url: provide dead_connection flag in Curl_handler::disconnect
  • lots of compiler warning fixes
  • ssh: fix a download resume point calculation
  • fix getinfo CURLINFO_LOCAL* for reused connections
  • multi: the returned running handles conuter could turn negative
  • multi: only ever consider pipelining for connections doing HTTP(S)

Fixed in 7.21.2 - October 13 2010

Release contains security-related bug fix

Changes:

  • curl -T: ignore file size of special files
  • Added GOPHER protocol support
  • Added mk-ca-bundle.vbs script
  • c-ares build now requires c-ares >= 1.6.0

Bugfixes:

  • --remote-header-name security vulnerability fixed
  • multi: support the timeouts correctly, fixes known bug #62
  • multi: use timeouts properly for MAX_RECV/SEND_SPEED
  • negotiation: Wrong proxy authorization
  • multi: avoid sending multiple complete messages
  • cmdline: make -F type= accept ;charset=
  • RESUME_FROM: clarify what ftp uploads do
  • http: handle trailer headers in all chunked responses
  • Curl_is_connected: use correct errno
  • Added SSPI build to Watcom makefile
  • progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
  • linking problem on Fedora 13
  • Link curl and the test apps with -lrt explicitly when necessary
  • chunky parser: only rewind stream internally if needed
  • remote-header-name: don't output filename when NULL
  • Curl_timeleft: avoid returning "no timeout" by mistake
  • timeout: use the correct start value as offset
  • FTP: fix wrong timeout trigger
  • buildconf got better output on failures
  • rtsp: avoid SIGSEGV on malformed header
  • LDAP: Support for tunnelling queries through HTTP proxy
  • configure's --enable-werror had a bashism
  • test565: Don't hardcode IP:PORT
  • configure: check for gcrypt if using GnuTLS
  • configure: don't enable RTMP if the lib detect fails
  • curl_easy_duphandle: clone the c-ares handle correctly
  • MacOSX-Framework: updates for Snowleopard
  • support URL containing colon without trailing port number
  • parsedate: allow time specified without seconds
  • curl_easy_escape: don't escape "unreserved" characters
  • SFTP: avoid downloading negative sizes
  • Lots of GSS/KRB FTP fixes
  • TFTP: Work around tftpd-hpa upload bug
  • libcurl.m4: several fixes
  • HTTP: remove special case for 416
  • examples: use example.com in example URLs
  • globbing: fix crash on unballanced open brace
  • cmake: build fixed

Fixed in 7.21.1 - August 11 2010

Changes:

  • maketgz: produce CHANGES automatically
  • added support for NTLM authentication when compiled with NSS
  • build: Enable configure --enable-werror
  • curl-config: --built-shared returns shared info

Bugfixes:

  • configure: spell --disable-threaded-resolver correctly
  • multi: call the progress callback in all states
  • multi: unmark handle as used when no longer head of pipeline
  • sendrecv: treat all negative values from send/recv as errors
  • ftp-wildcard: avoid tight loop when used without any pattern
  • multi_socket: re-use of same socket without notifying app
  • ftp wildcard: FTP LIST parser FIX
  • urlglobbing backslash escaping bug
  • build: add enable IPV6 option for the VC makefiles
  • multi: CURLINFO_LASTSOCKET doesn't work after remove_handle
  • --libcurl: use *_LARGE options with typecasted constants
  • --libcurl: hide setopt() calls setting default options
  • curl: avoid setting libcurl options to its default
  • --libcurl: list the tricky options instead of using [REMARK]
  • http: don't enable chunked during authentication negotiations
  • upload: warn users trying to upload from stdin with anyauth
  • configure: allow environments variable to override internals
  • threaded resolver: fix timeout issue
  • multi: fix condition that remove timers before trigger
  • examples: add curl_multi_timeout
  • --retry: access violation with URL part sets continued
  • ssh: Fix compile error on 64-bit systems.
  • remote-header-name: chop filename at next semicolon
  • ftp: response timeout bug in "quote" sending
  • CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled
  • Watcom makefiles overhaul.
  • NTLM tests: boost coverage by forcing the hostname
  • multi: fix FTPS connecting the data connection with OpenSSL
  • retry: consider retrying even if -f is used
  • fix SOCKS problem when using multi interface
  • typecheck-gcc: add checks for recently added options
  • SCP: send large files properly with new enough libssh2
  • multi_socket: set timeout for 100-continue
  • ";type=" URL suffix over HTTP proxy
  • acknowledge progress callback error returns during connect
  • Watcom makefile fixes
  • runtests: clear old setenv remainders before test

Fixed in 7.21.0 - June 16 2010

Changes:

  • added the --proto and -proto-redir options
  • new configure option --enable-threaded-resolver
  • improve TELNET ability with libcurl
  • added support for PolarSSL
  • added support for FTP wildcard matching and downloads
  • added support for RTMP
  • introducing new LDAP code for new enough OpenLDAP
  • OpenLDAP support enabled for cygwin builds
  • added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT

Bugfixes:

  • prevent needless reverse name lookups
  • detect GSS on ancient Linux distros
  • GnuTLS: EOF caused error when it wasn't
  • GnuTLS: SSL handshake phase is non-blocking
  • -J/--remote-header-name strips CRLF
  • MSVC makefiles now use ws2_32.lib instead of wsock32.lib
  • -O crash on windows
  • SSL handshake timeout underflow in libcurl-NSS
  • multi interface missed storing connection time
  • broken CRL support in libcurl-NSS
  • ignore response-body on redirect even if compressed
  • OpenSSL handshake state-machine for multi interface
  • TFTP timeout option sent correctly
  • TFTP block id wrap
  • curl_multi_socket_action() timeout handles inaccuracy in timers better
  • SCP/SFTP failure to respect the timeout
  • spurious SSL connection aborts with OpenSSL

Fixed in 7.20.1 - April 14 2010

Changes:

  • The 'ares' subtree has been removed from the source repository
  • smoother rate limiting
  • allow user+password in the URL for all protocols
  • POP3: Get message listing if no mailbox in URL

Bugfixes:

  • VMS builder bad behavior when used in a batch job
  • multiple recepients with SMTP
  • fixed the CURL_FORMAT_* defines when building with cmake
  • missing quote in libcurl.m4
  • SMTP: now waits for 250 after the DATA transfer
  • SMTP: use angle brackets in RCPT TO
  • curl --trace-time not using local time
  • off-by-one in the chunked encoding trailer parser
  • superfluous blocking for OpenSSL-based SSL connects and multi interface
  • TFTP upload
  • FTP timeouts after file transferred completely
  • skip poll() on Interix
  • CURLOPT_CERTINFO memory leak
  • sub-second timeouts improvements
  • configure fixes for GSSAPI
  • threaded resolver double free when closing curl handle
  • configure fixes for building with the clang compiler
  • easy interix rate limiting logic
  • curl_multi_remove_handle() caused use after free
  • TFTP improved error codes
  • TFTP fixed TSIZE handling for uploads
  • SSL possible double free when reusing curl handle
  • alarm()-based DNS timeout bug
  • re-used FTP connection multi interface crash
  • chunked-encoding with Content-Length: header problem
  • multi interface HTTP POST over a proxy using PROXYTUNNEL
  • RTSP GET_PARAMETER
  • timeout after last data chunk was handled
  • SFTP download hang
  • FTP quote commands prefixed with '*' now can fail without aborting

Fixed in 7.20.0 - February 9 2010

Release
contains security-related bug fix

Changes:

  • support SSL_FILETYPE_ENGINE for client certificate
  • curl-config can now show the arguments used when building curl
  • non-blocking TFTP
  • send Expect: 100-continue for POSTs with unknown sizes
  • added support for IMAP(S), POP3(S), SMTP(S) and RTSP
  • added new curl_easy_setopt() options for SMTP and RTSP
  • added --mail-from and --mail-rcpt for SMTP
  • VMS build system enhancements
  • added support for the PRET ftp command
  • curl supports --ssl and --ssl-reqd
  • added -J/--remote-header-name for using server-provided filename with -O
  • enhanced asynchronous DNS lookups
  • symbol CURL_FORMAT_OFF_T is obsoleted

Bugfixes:

  • progress meter percentage and transfer time estimates fixes
  • portability enhancement for OS's without orthogonal directory tree structure
  • progress meter/callback during FTP connection
  • DNS cache timeout while transfer in progress
  • compilation when configured --with-gssapi having GNU GSS installed
  • SSL connection reused with mismatched protection level
  • configure --with-nss is set but not "yes"
  • don't store LDFLAGS in pkg-config file
  • never-pruned DNS cached entries
  • HTTP proxy tunnel re-used connection even if tunnel got disabled
  • SSL lib post-close write
  • curl failed to report write errors for tiny failed downloads
  • TFTP BLKSIZE
  • Expect: 100-continue handling when set by the application
  • multi interface with OpenSSL read already freed memory when closing down
  • --retry didn't do right for FTP transient errors
  • some *_proxy environment variables didn't function
  • libcurl-OpenSSL engine cleanup
  • header include fix for FreeBSD versions before v8
  • fragment part of URLs are no longer sent to the server
  • progress callback called repeatedly with c-ares for resolving
  • OpenSSL session id ref count leak
  • progress callback called repeatedly during slow connects
  • curl_multi_fdset() would return -1 too often during SCP/SFTP transfers
  • FTP file size checks with ASCII transfers
  • HTTP Cookie: headers sort cookies based on specified path lengths
  • CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls
  • libcurl data callback excessive length

Fixed in 7.19.7 - November 4 2009

Changes:

  • -T. is now for non-blocking uploading from stdin
  • SYST handling on FTP for OS/400 FTP server cases
  • libcurl refuses to read a single HTTP header longer than 100K
  • added the --crlfile option to curl

Bugfixes:

  • The windows makefiles work again
  • libcurl-NSS acknowledges verifyhost
  • SIGSEGV when pipelined pipe unexpectedly breaks
  • data corruption issue with re-connected transfers
  • use after free if we're completed but easy_conn not NULL (pipelined)
  • missing strdup() return code check
  • CURLOPT_PROXY_TRANSFER_MODE could pass along wrong syntax
  • configure --with-gnutls=PATH fixed
  • ftp response reader bug on failed control connections
  • improved NSS error message on failed host name verifications
  • ftp NOBODY on re-used connection hang
  • configure uses pkg-config for cross-compiles as well
  • improved NSS detection in configure
  • cookie expiry date at 1970-jan-1 00:00:00
  • libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
  • libcurl-OpenSSL can load CRL files with more than one certificate inside
  • received cookies without explicit path got saved wrong if the URL had a query part
  • don't shrink SO_SNDBUF on windows for those who have it set large already
  • connect next bug
  • invalid file name characters handling on Windows
  • double close() on the primary socket with libcurl-NSS
  • GSS negotiate infinite loop on bad credentials
  • memory leak in SCP/SFTP connections
  • use pkg-config to find out libssh2 installation details in configure
  • unparsable cookie expire dates make cookies get treated as session coookies
  • POST with Digest authentication and "Transfer-Encoding: chunked"
  • SCP connection re-use with wrong auth
  • CURLINFO_CONTENT_LENGTH_DOWNLOAD for 0 bytes transfers
  • CURLINFO_SIZE_DOWNLOAD for ldap transfers (-w size_download)

Fixed in 7.19.6 - August 12 2009

Release
contains security-related bug fix

Changes:

  • CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
  • Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
  • CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore error responses when used with FTP

Bugfixes:

  • crash on bad socket close with FTP
  • leaking cookie memory when duplicate domains or paths were used
  • build fix for Symbian
  • CURLOPT_USERPWD set to NULL clears auth credentials
  • libcurl-NSS build fixes
  • configure script fixed for VMS
  • set Content-Length: with POST and PUT failed with NTLM auth
  • allow building libcurl for VxWorks
  • curl tool exit codes fixed for VMS
  • --no-buffer treated correctly
  • djgpp build fix
  • configure detection of GnuTLS now based on pkg-config as well
  • libcurl-NSS client cert handling segfaults
  • curl uploading from stdin/pipes now works in non-blocking way so that it continues the downloading even when the read stalls
  • ftp credentials are added to the url if needed for http proxies
  • curl -o - sends data to stdout using binary mode on windows
  • fixed the separators for "array" style string that CURLINFO_CERTINFO returns
  • auth problem over several hosts with re-used connection
  • improved the support for client certificates in libcurl+NSS
  • fix leak in gtls code
  • missing algorithms in libcurl+OpenSSL
  • with noproxy set you could still get a proxy if a proxy env was set
  • rand seeding on libcurl on windows built with OpenSSL was not thread-safe
  • fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
  • don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
  • libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but subjectAltName didn't
  • TFTP upload sent illegal TSIZE packets

Fixed in 7.19.5 - May 18 2009

Changes:

  • libcurl now closes all dead connections whenever you attempt to open a new connection
  • libssh2's version number can now be figured out run-time instead of using the build-time fixed number
  • CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
  • curl can now upload with resume even when reading from a pipe
  • a build-time configured curl_socklen_t is now used instead of socklen_t

Bugfixes:

  • NTLM authentication memory leak on SSPI enabled Windows builds
  • fixed the GnuTLS-using code to do correct return code checks
  • an alloc-related call in the OpenSSL-using code didn't check the return value
  • curl_easy_duphandle() failed to duplicate cookies at times
  • missing TELNET timeout support in Windows builds
  • missing Curl_read() and write callback result checking in TELNET transfers
  • more ciphers enabled in libcurl built to use NSS
  • properly return an error code in curl_easy_recv
  • Sun compilers specific preprocessor block removed from curlbuild.h.dist
  • allow creation of four way fat libcurl Mac OS X Framework
  • several memory leaks in libcurl+NSS
  • improved the CURLOPT_NOBODY set to 0 confusions
  • persistent connections when doing FTP over a HTTP proxy
  • --libcurl bogus strings where other data was pointed to
  • crash related to FTP and "Re-used connection seems dead, get a new one"
  • CURLINFO_APPCONNECT_TIME with the multi interface
  • Enhanced upload speeds on Windows
  • TFTP problems after a failed transfer to the same host
  • improved out of the box TPF compatibility
  • HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
  • Rejected SSL session ids are killed properly (for OpenSSL and GnuTLS builds)
  • Deal with the TFTP OACK packet
  • fixed roff mistakes in man pages
  • use SOCKS proxy with the multi interface
  • fixed the Curl_getoff_all_pipelines SIGSEGV
  • POST, NTLM and following a redirect hang
  • libcurl+NSS endless loop on incorrect password for private key
  • gzip decompression memory leak
  • no_proxy flaw with user name in URL

Fixed in 7.19.4 - March 3 2009

Release
contains security-related bug fix

Changes:

  • Added CURLOPT_NOPROXY and the corresponding --noproxy
  • the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
  • Added CURLOPT_TFTP_BLKSIZE
  • Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options --socks5-gssapi-service and --socks5-gssapi-nec
  • Improved IPv6 support when built with with c-ares >= 1.6.1
  • Added CURLPROXY_HTTP_1_0 and --proxy1.0
  • Added docs/libcurl/symbols-in-versions
  • Added CURLINFO_CONDITION_UNMET
  • Added support for Digest and NTLM authentication using GnuTLS
  • CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
  • GnuTLS initing moved to curl_global_init()
  • Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, see also the security advisory

Bugfixes:

  • missing ssh.obj in VS makefiles
  • FTP ;type=i URLs now work with CURLOPT_PROXY_TRANSFER_MODE in Turkish locale
  • realms with quoted quotation marks in HTTP Digest headers
  • VC9 makefiles are now really included
  • multi interface memory leak with CURLMOPT_MAXCONNECTS set
  • CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with CURLOPT_NOBODY set true
  • memory leak on some libz errors for content encodings
  • NSS-enabled build is repaired
  • superfluous wait in SFTP downloads removed
  • FTP with the multi interface no longer kills the control connection as easily on transfer failures
  • compilation halting when using VS2008 to build a Windows 2000 target
  • ease creation of libcurl Mac OS X Framework
  • CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD are -1 if unknown
  • Negotiate proxy authentication
  • CURLOPT_INTERFACE and CURLOPT_LOCALPORT used together

Fixed in 7.19.3 - January 19 2009

Changes:

  • CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH
  • VC9 Makefiles were added to the release package

Bugfixes:

  • build failure when disabling FTP but enabling GSS
  • fixed several calls to memory functions that didn't check return codes
  • memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was used
  • re-use of connections with the multi interface when multiple handles used the same server
  • memory leak with HTTP GSS/kerberos authentication
  • removed the default use of "Pragma: no-cache"
  • fix SCP/SFTP busyloop by using a new libssh2 1.0 function
  • bad fclose() after a fatal error in cookie code
  • curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
  • GSS authentication infinite loop problem
  • 550 response from SIZE no longer treated as missing file
  • ftps:// control connections now use explicit protection level
  • dotted IPv6 addresses longer than 39 bytes failed
  • curl_easy_duphandle() doesn't try to duplicate the connection cache pointer
  • build failure on OS/400 when enabling IPv6
  • better detection of SFTP failures
  • improved connection re-use for subsequent SCP and SFTP transfers
  • multi interface does less busy-loops for SCP and SFTP transfers with libssh2 1.0 or later
  • curl_multi_timeout() no longer returns timeout 0 when there's still more than 0 but less than 999 microseconds left
  • the multi_socket API and HTTP pipelining now work a lot better when combined
  • SFTP seek/resume beyond 32bit file sizes
  • fixed breakage with --with-ssl --disable-verbose
  • TTL "leak" in the DNS cache
  • improved NSS initing
  • curl_easy_reset now resets more options
  • rare Location: follow bug with the multi interface
  • the configure script can now detect gnutls with pkg-config
  • curlbuild.h was adjusted for SunPro compilers
  • CURLOPT_COOKIELIST set to "SESS" on an easy handle with no cookies data
  • fixed timeouts for TFTP
  • fixed PPC builds

Fixed in 7.19.2 - November 13 2008

Bugfixes:

  • build failure when using MSVC 6 makefile and on four platforms more
  • crash when using --interface name on Linux systems with a TEQL device
  • using the multi interface to download a HTTPS page with libcurl built powered by OpenSSL could download "rubbish" instead of actual content

Fixed in 7.19.1 - November 5 2008

Changes:

  • pkg-config can now show supported_protocols and supported_features
  • Added CURLOPT_CERTINFO and CURLINFO_CERTINFO
  • Added CURLOPT_POSTREDIR
  • Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests on them
  • configure --disable-proxy disables proxy support
  • Added CURLOPT_USERNAME and CURLOPT_PASSWORD
  • --interface now works with IPv6 connections on glibc systems
  • Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD

Bugfixes:

  • MingW32 non-configure builds are now largefile feature enabled by default
  • NetWare LIBC builds are now largefile feature enabled by default
  • curl_easy_pause() could behave wrongly on unpause
  • cookies with invalid expire dates are now considered expired
  • HTTP pipelining over proxy
  • fix regression in configure script which affected OpenSSL builds on MSYS
  • GnuTLS-based multi interface doing HTTPS over proxy failed
  • recv() failures cause CURLE_RECV_ERROR
  • SFTP over SOCKS crash fixed
  • thread-safety issues addressed for NSS-powered libcurls
  • removed the use of mktime() and gmtime(_r)() in date parsing and conversions
  • HTTP Digest with a blank realm did wrong
  • CURLINFO_REDIRECT_URL didn't work with the multi interface
  • CURLOPT_RANGE now works for SFTP downloads
  • FTP SIZE response 550 now causes CURLE_REMOTE_FILE_NOT_FOUND
  • CURLINFO_PRIMARY_IP fixed for persistent connection re-use cases
  • remove_handle/add_handle multi interface timer callback flaw
  • CURLINFO_REDIRECT_URL memory leak and wrong-doing
  • case insensitive string matching works in Turkish too
  • Solaris builds get _REENTRANT defined properly and work again
  • Garbage sent on chunky upload after curl_easy_pause()
  • ipv4 name resolves when libcurl is built with ipv6-enabled c-ares
  • undersized IPv6 address internal buffer truncated long IPv6 addresses
  • CURLINFO_FILETIME works for file:// transfers as well

Fixed in 7.19.0 - September 1 2008

Changes:

  • curl_off_t gets its size/typedef somewhat differently than before. This _may_ cause an ABI change for you. See lib/README.curl_off_t for a full explanation.
  • Added CURLINFO_PRIMARY_IP
  • Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
  • Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
  • curl's option parser for boolean options reworked
  • Added --remote-name-all
  • Now builds for the INTEGRITY operating system
  • Added CURLINFO_APPCONNECT_TIME
  • Added test selection by key word in runtests.pl
  • the curl tool's -w option support the %{ssl_verify_result} variable
  • Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL according to RFC4007
  • Support --append on SFTP uploads (not with OpenSSH, though)
  • Added curlbuild.h and curlrules.h to the external library interface

Bugfixes:

  • Fixed curl-config --ca
  • Fixed the multi interface connection re-use with NSS-built libcurl
  • connection re-use when using the multi interface with pipelining enabled
  • curl_multi_socket() socket callback fix for close/re-create sockets case
  • SCP or SFTP over socks proxy crashed
  • RC4-MD5 cipher now works with NSS-built libcurl
  • range requests with --head are now done correctly
  • fallback to gettimeofday when monotonic clock is unavailable at run-time
  • range numbers could be made to wrongly get output as signed
  • unexpected 1xx responses hung transfers
  • FTP transfers segfault when using different CURLOPT_FTP_FILEMETHOD
  • c-ares powered libcurls can resolve/use IPv6 addresses
  • poll not working on Windows Vista due to POLLPRI being incorrectly used
  • user-agent in CONNECT with non-HTTP protocols
  • CURL_READFUNC_PAUSE problems fixed
  • --use-ascii now works on Symbian OS, MS-DOS and OS/2
  • CURLINFO_SSL_VERIFYRESULT is fixed
  • FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
  • a user name in a proxy URL without a password was parsed incorrectly
  • library will now be built with _REENTRANT symbol defined only if needed
  • no longer link with gdi32 on Windows cross-compiled targets
  • HTTP PUT with -C - sent bad Content-Range: header
  • HTTP PUT or POST with redirect could lead to hang
  • re-use of connections with failed SSL connects in the multi interface
  • NTLM over proxy state was wrongly cleared when host connection was closed
  • Windows SSPI DLL loading is now done in curl_global_init()
  • runtests.pl has an improved find-stunnel-and-invoke
  • FTP sessions could go out of sync on a long header boundary condition
  • potential buffer overflows in the MS-DOS command-line port fixed
  • --stderr is now honoured with the -v option
  • memory leak in libcurl on Windows built with OpenSSL
  • improved curl_m*printf() integral data type size and signedness handling
  • error when --dump-header - used with more than one URL
  • proxy closing connect during CONNECT with auth with the multi interface
  • CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
  • shared cookies could get locked twice
  • deal with closed connection while doing POST/PUT

Fixed in 7.18.2 - June 4 2008

Changes:

  • CURLFORM_STREAM was added
  • CURLOPT_NOBODY is now supported over SFTP
  • curl can now run on Symbian OS
  • curl -w redirect_url and CURLINFO_REDIRECT_URL
  • added curl_easy_send() and curl_easy_recv()

Bugfixes:

  • CURLOPT_NOBODY first set to TRUE and then FALSE for HTTP no longer causes the confusion that could lead to a hung transfer
  • curl_easy_reset() resets the max redirect limit properly
  • configure now correctly recognizes Heimdal and MIT gssapi libraries
  • malloc() failure check in Negotiate
  • -i and -I together now work the same no matter what order they're used
  • the typechecker can be bypassed by defining CURL_DISABLE_TYPECHECK
  • a pointer mixup could make the FTP code send bad user+password under rare circumstances (found when using curlftpfs)
  • CURLOPT_OPENSOCKETFUNCTION can now be used to create a unix domain socket
  • CURLOPT_TCP_NODELAY crash due to getprotobyname() use
  • libcurl sometimes sent body twice when using CURLAUTH_ANY
  • configure detecting debug-enabled c-ares
  • microsecond resolution keys for internal splay trees
  • krb4 and krb5 ftp segfault
  • multi interface busy loop for CONNECT requests
  • internal time differences now use monotonic time source if available
  • several curl_multi_socket() fixes
  • builds fine for Haiku OS
  • follow redirect with only a new query string
  • SCP and SFTP memory leaks on aborted transfers
  • curl_multi_socket() and HTTP pipelining transfer stalls
  • lost telnet data on an EWOULDBLOCK condition

Fixed in 7.18.1 - March 30 2008

Changes:

  • added support for HttpOnly cookies
  • 'make ca-bundle' downloads and generates an updated ca bundle file
  • we no longer distribute or install a ca cert bundle
  • SSLv2 is now disabled by default for SSL operations
  • the test509-style setting URL in callback is officially no longer supported
  • support a full chain of certificates in a given PKCS12 certificate
  • resumed transfers work with SFTP
  • added type checking macros for curl_easy_setopt() and curl_easy_getinfo(), watch out for new warnings in code using libcurl (needs gcc-4.3 and currently only works in C mode)
  • curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and curl_multi_setopt() uses are now checked to use exactly three arguments
  • --with-ca-path=DIR configure option allows to set an openSSL CApath instead of a default ca bundle.
  • supports server name indication (RFC 4366), aka SNI

Bugfixes:

  • improved pipelining
  • improved strdup replacement
  • GnuTLS-built libcurl failed when doing global cleanup and reinit
  • error message problem when unable to resolve a host on Windows
  • Accept: header replacing
  • not verifying server certs with GnuTLS still failed if gnutls had problems with the cert
  • when using the multi interface and a handle is removed while still having a transfer going on, the connection is now closed by force
  • bad re-use of SSL connections in non-complete state
  • test case 405 failures with GnuTLS builds
  • crash when connection cache size is 1 and Curl_do() failed
  • GnuTLS-built libcurl can now be forced to prefer SSLv3
  • crash when doing Negotiate again on a re-used connection
  • select/poll regression
  • better MIT kerberos configure check
  • curl_easy_reset() + SFTP re-used connection download crash
  • SFTP non-existing file + SFTP existing file error
  • sharing DNS cache between easy handles running in multiple threads could lead to crash
  • SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
  • SFTP infinite loop when given an invalid quote command
  • curl-config erroneously reported LDAPS support with missing LDAP libraries
  • SCP infinite loop when downloading a zero byte file
  • setting the CURLOPT_SSL_CTX_FUNCTION with libcurl built without OpenSSL now makes curl_easy_setopt() properly return failure
  • configure --with-libssh2 (with no given path)

Fixed in 7.18.0 - January 28 2008

Changes:

  • --data-urlencode
  • CURLOPT_PROXY_TRANSFER_MODE
  • --no-keepalive - now curl does connections with keep-alive enabled by default
  • --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
  • --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl)
  • curl_easy_pause()
  • CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA
  • --keepalive-time
  • curl --help output was re-ordered

Bugfixes:

  • curl-config --features and --protocols show the correct output when built with NSS, and also when SCP, SFTP and libz are not available
  • free problem in the curl tool for users with empty home dir
  • curl.h version 7.17.1 problem when building C++ apps with MSVC
  • SFTP and SCP use persistent connections
  • segfault on bad URL
  • variable wrapping when using absolutely huge send buffer sizes
  • variable wrapping when using debug callback and the HTTP request wasn't sent in one go
  • SSL connections with NSS done with the multi-interface
  • setting a share no longer activates cookies
  • Negotiate now works on auth and proxy simultanouesly
  • support HTTP Digest nonces up to 1023 letters
  • resumed ftp upload no longer requires the read callback to return full buffers
  • no longer default-appends ;type= on FTP URLs thru proxies
  • SSL session id caching
  • POST with callback over proxy requiring NTLM or Digest
  • Expect: 100-continue flaw on re-used connection with POSTs
  • build fix for MSVC 9.0 (VS2008)
  • Windows curl builds failed file truncation when retry downloading
  • SSL session ID cache memory leak
  • bad connection re-use check with environment variable-activated proxy use
  • --libcurl now generates a return statement as well
  • socklen_t is no longer used in the public includes
  • time zone offsets from -1400 to +1400 are now accepted by the date parser
  • allows more spaces in WWW/Proxy-Authenticate: headers
  • curl-config --libs skips /usr/lib64
  • range support for file:// transfers
  • libcurl hang with huge POST request and request-body read from callback
  • removed extra newlines from many error messages
  • improved pipelining
  • improved OOM handling for data url encoded HTTP POSTs when read from a file
  • test suite could pick wrong tool(s) if more than one existed in the PATH
  • curl_multi_fdset() failed to return socket while doing CONNECT over proxy
  • curl_multi_remove_handle() on a handle that is in used for a pipeline now break that pipeline
  • CURLOPT_COOKIELIST memory leaks
  • progress meter/callback during http proxy CONNECT requests
  • auth for http proxy when the proxy closes connection after first response

Fixed in 7.17.1 - October 29 2007

Changes:

  • automatically append ";type=" when using HTTP proxies for FTP urls
  • improved NSS support
  • added --proxy-negotiate
  • added --post301 and CURLOPT_POST301
  • builds with c-ares 1.5.0
  • added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
  • renamed CURLE_SSL_PEER_CERTIFICATE to CURLE_PEER_FAILED_VERIFICATION
  • added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
  • CULROPT_COOKIELIST supports "FLUSH"
  • added CURLOPT_COPYPOSTFIELDS
  • added --static-libs to curl-config

Bugfixes:

  • curl-config --protocols now properly reports LDAPS, SCP and SFTP
  • ldapv3 support on Windows
  • ldap builds with the MSVC makefiles
  • no HOME and no key given caused SSH auth failure
  • Negotiate authentication over proxy
  • --ftp-method nocwd on directory listings
  • FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE before SIZE
  • re-used handle transfers with SFTP
  • curl_easy_escape() problem with byte values >= 128
  • handles chunked-encoded CONNECT responses
  • misuse of ares_timeout() result
  • --local-port on TFTP transfers
  • CURLOPT_POSTFIELDS could fail to send binary data
  • specifying a proxy with a trailing slash didn't work (unless it also contained a port number)
  • redirect from HTTP to FTP or TFTP memory problems and leaks
  • re-used connections a bit too much when using non-SSL protocols tunneled over a HTTP proxy
  • embed the manifest in VC8 builds
  • use valgrind in the tests even when the lib is built shared with libtool
  • libcurl built with NSS can now ignore the peer verification even when the ca cert bundle is absent

Fixed in 7.17.0 - September 13 2007

Changes:

  • support for OS/400 Secure Sockets Layer library
  • curl_easy_setopt() now allocates strings passed to it
  • SCP and SFTP support now requires libssh2 0.16 or later
  • LDAP libraries are now linked "regularly" and not with dlopen
  • HTTP transfers have the download size info "available" earlier
  • FTP transfers have the download size info "available" earlier
  • builds and runs on OS/400
  • several error codes and options were marked as obsolete and subject to future removal (set CURL_NO_OLDIES to see if your application is using them)
  • SFTP errors can return more specific error codes

Bugfixes:

  • test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
  • problem with closed proxy connection during HTTP CONNECT auth negotiation
  • transfer-encoding skipping didn't ignore the 407 response bodies properly
  • CURLOPT_SSL_VERIFYHOST set to 1
  • CONNECT endless loop
  • krb5 support builds with Heimdal
  • added returned error string for connection refused case
  • re-use of dead FTP control connections
  • login to FTP servers that don't require (nor understand) PASS after the USER command
  • bad free of memory from libssh2
  • the SFTP PWD command works
  • HTTP Digest auth on a re-used connection
  • FTPS data connection close
  • AIX 4 and 5 get to use non-blocking sockets
  • small POST with NTLM
  • resumed file:// transfers
  • CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
  • memory leak when handling compressed data streams from broken servers
  • no NTLM unicode response
  • resume HTTP PUT using Digest authentication
  • FTP NOBODY requests on directories sent "SIZE (null)"
  • FTP NOBODY request on file crash
  • excessively long FTP server responses and response lines
  • file:// upload then FTP:// upload crash
  • TFTP error 0 is no longer treated as success
  • uploading empty file over FTP on re-used connection
  • superfluous CWD command on re-used FTP connections without subdirs used

Fixed in 7.16.4 - July 10 2007

Release
contains security-related bug fix

Changes:

  • added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
  • improved hashing of sockets for the multi_socket API
  • ftp kerberos5 support added

Bugfixes:

  • adjusted how libcurl treats HTTP 1.1 responses without content-lenth or chunked encoding
  • fixed the 10-at-a-time.c example
  • FTP over SOCKS proxy
  • improved error messages on SCP upload failures
  • security flaw in which libcurl failed to properly reject some outdated or not yet valid server certificates when built with GnuTLS

Fixed in 7.16.3 - June 25 2007

Changes:

  • added curl_multi_socket_action()
  • deprecated curl_multi_socket()
  • uses less memory in non-pipelined use cases
  • CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
  • more than one test harness can run at the same time without conflict
  • SFTP now supports quote commands before a transfer
  • CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
  • upload resume works for file:// URLs
  • asynchronous name resolves now require c-ares 1.4.0 or later
  • added SOCKS test cases
  • CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP operations as well

Bugfixes:

  • if2up too long interface name memory leak
  • test case 534 started to fail 2007-04-13 due to the existance of a new host on the net with the same silly domain the test was using for a host which was supposed not to exist.
  • test suite SSL certificate works better with newer stunnel
  • internal progress meter update frequency back to once per second
  • avoid some unnecessary calls to function gettimeofday
  • a double-free in the SSL-layer
  • GnuTLS free of NULL credentials
  • NSS-fix for closing down SSL
  • bad warning from configure when gnutls was selected
  • compilation on VMS 64-bit mode
  • SCP/SFTP downloads could hang on the last bytes of a transfer
  • curl_easy_duphandle() crash
  • curl -V / curl_version*() works even when GnuTLS is used on a system without a good random source
  • curl_multi_socket() not "noticing" newly added handles
  • lack of Content-Length and chunked encoding now requires HTTP 1.1 as well to be treated as without response body
  • connection cache growth in multi handles
  • better handling of out of memory conditions
  • overwriting an uploaded file with sftp now truncates it first
  • SFTP quote commands chmod, chown, chgrp can now set a value of 0
  • TFTP connect timouts less than 5 seconds
  • improved curl -w for TFTP transfers
  • memory leak when failed OpenSSL certificate CN field checking
  • memory leak when OpenSSL failed PKCS #12 parsing
  • FTP-SSL when built with NSS
  • out-of-boundary write in Curl_select()
  • -s/--silent can now be used to toggle off the silence again
  • builds fine on 64bit HP-UX
  • multi interface HTTP CONNECT glitch
  • list FTP root directories when login dir is not root
  • no longer slows down when getting very many URLs on the same command line
  • lock share before decreasing dirty counter
  • no-body FTP requests on re-used connections

Fixed in 7.16.2 - April 11 2007

Changes:

  • added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS
  • added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and --raw
  • added support for using the NSS library for TLS/SSL
  • changed default anonymous FTP password
  • changed the CURLOPT_FTP_SSL_CCC option to handle active and passive CCC shutdown
  • added the --ftp-ssl-ccc-mode command line option
  • includes VC8 Makefiles in the release archive
  • --ftp-ssl-control is now honoured on ftps:// URLs
  • added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
  • --key and new --pubkey options for SSH public key file logins
  • --pass now works for a SSH public key file, too
  • select (2) support no longer needed to build the library if poll() used
  • CURLOPT_POSTQUOTE works for SFTP

Bugfixes:

  • in testsuite, update test cookies expiration from 2007-Feb-1 to year 2035
  • socks5 works
  • builds fine with VC2005
  • CURLOPT_RANGE set to NULL resets the range for FTP
  • curl_multi_remove_handle() rare crash
  • passive FTP transfers work with SOCKS
  • multi interface HTTPS connection re-use memory leak
  • libcurl.m4's --with-libcurl is improved
  • curl-config --libs and libcurl.pc no longer list unnecessary dependencies
  • fixed an issue with CCC not working on some servers
  • several HTTP pipelining problems
  • HTTP CONNECT thru a proxy is now less blocking when the multi interface is used
  • HTTP Digest header parsing fix for unquoted last word ending with CRLF
  • CURLOPT_PORT, HTTP proxy, re-using connections and non-HTTP protocols
  • CURLOPT_INTERFACE for ipv6
  • use-after-free issue with HTTP transfers with the multi interface
  • the progress callback can get called more frequently
  • timeout would restart when signal caught while awaiting socket events
  • curl -f with user+password embedded in the URL
  • 26 flaws identified by coverity.com
  • builds on QNX 6 again

Fixed in 7.16.1 - January 29 2007

Changes:

  • Support for SCP and SFTP were added (powered by libssh2)
  • CURLOPT_CLOSEPOLICY is now deprecated
  • --ftp-ssl-ccc and CURLOPT_FTP_SSL_CCC were added
  • HTTP support for non-ASCII platforms
  • --libcurl was added

Bugfixes:

  • proxy close during CONNECT authentication is now dealt with nicely
  • the CURLOPT_DEBUGFUNCTION was sometimes called even when CURLOPT_VERBOSE was not enabled
  • multiple TFTP transfers on the same (easy or multi) handle could cause a crash
  • SIGSEGV when disconnecting on a transfer on a re-used handle when the host name didn't resolve
  • stack overwrite on 64bit Windows in the chunked decoding department
  • HTTP responses on persistent connections without Content-Length nor chunked encoding are now considered to be without response body
  • Content-Range: header parsing improved
  • CPU 100% load when HTTP upload connection broke
  • active FTP didn't work with multi interface
  • curl_getdate() could be off one hour for TZ time zones with DST, on windows
  • CURLOPT_FORBID_REUSE works again
  • CURLOPT_MAXCONNECTS set to zero caused libcurl to SIGSEGV
  • rate limiting works better
  • getting FTP response code errors when using the multi-interface caused libcurl to leak memory
  • no more SIGPIPE when GnuTLS is used
  • FTP downloading 2 zero byte files in a row
  • using proxy and URLs without protocol prefixes
  • first using a proxy and then accessing a site that 'no_proxy' matched, would still make libcurl use the proxy...
  • curl_easy_duphandle() now makes a handle that is valid for the multi interface since the magic number is set fine
  • libcurl.pc now uses Libs.private for "private" libs
  • --limit-rate (CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) now work on windows again
  • improved download performance by avoiding the unconditional "double copying"
  • base64 encoding/decoding works on non-ASCII platforms
  • large file downloads
  • CURLOPT_COOKIELIST set to "ALL" crash
  • easy handle removal from multi handle before completion
  • TFTP upload memory leak
  • curl_easy_reset() now resets the CA bundle path correctly
  • two User-Agent headers in CONNECT requests with custom User-Agent

Fixed in 7.16.0 - October 30 2006

Changes:

  • the SONAME on the shared library was bumped from 3 to 4
  • Added CURLE_SSL_CACERT_BADFILE
  • Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA
  • (FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command line options
  • curl_multi_socket() and family are suitable to start using
  • uses WSAPoll() on Windows Vista
  • (FTP) --ftp-ssl-control was added
  • CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid added
  • CURLMOPT_PIPELINING added for enabling HTTP pipelined transfers
  • multi handles now have a shared connection cache
  • Added support for other MS-DOS compilers (besides djgpp)
  • CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA were added
  • (FTP) libcurl avoids sending TYPE if the desired type was already set
  • (FTP) CURLOPT_PREQUOTE works even when CURLOPT_NOBODY is set true

Bugfixes:

  • (HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more reponse cases
  • curl_multi_socket() and the LOW_SPEED options
  • curl_multi_socket() expire timer during c-ares name resolves
  • curl_multi_add_handle on an already added handle now fails gracefully
  • multi interface crash if bad function call order was used for cleanup
  • put a new URL in saved cookie jar files
  • configure --with-gssapi-libs
  • SOCKS proxy connection fixes
  • (FTP) a failed upload does not invalidate the control connection
  • proxy URL with user name and empty password or no password at all now work
  • fixed a socket state problem with *multi_socket()
  • (HTTP) NTLM hostname fix
  • getsockname usage fixes
  • SOCKS5 proxy connects can now time-out
  • SOCKS5 connects that require auth no longer segfaults when auth not given
  • multi interface using asynch resolves could get stuck in wrong state
  • the 'running_handles' counter wasn't always updated properly when curl_multi_remove_handle() was used
  • (FTP) EPRT transfers with IPv6 didn't work properly
  • (FTP) SINGLECWD mode and using files in the root dir
  • (HTTP) Expect: header disabling work better
  • (HTTP) "Expect: 100-continue" disable on second POST on re-used connection
  • src/config.h.in is fixed
  • (HTTP) POST data logged to the debug callback function is now correctly tagged as data, not header

Fixed in 7.15.5 - August 7 2006

Changes:

  • added --ftp-ssl-reqd
  • modified the prototype for the socket callback set with CURLMOPT_SOCKETFUNCTION
  • added curl_multi_assign()
  • added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user
  • added a vcproj file for building libcurl
  • added curl_formget()
  • added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
  • added configure --enable-hidden-symbols
  • Made -K on a file that couldn't be read cause a warning to be displayed

Bugfixes:

  • chunked encoding when custom header "Transfer-Encoding: chunked" is set
  • Curl_strerror() crash on unknown errors
  • changing Content-Type when doing formposts
  • added CURL_EXTERN to a few recent multi functions that lacked them
  • splay-tree related problems for internal expire time handling
  • FTP ASCII CRLF counter reset
  • cookie parser now compares paths case sensitive
  • an easy handle with shared DNS cache added to a multi handle caused a crash
  • couldn't override the Proxy-Connection: header for non-CONNECT requests
  • curl_multi_fdset() could wrongly return -1 as max_fd value

Fixed in 7.15.4 - June 12 2006

Changes:

  • NTLM2 session response support
  • CURLOPT_COOKIELIST set to "SESS" clears all session cookies
  • CURLINFO_LASTSOCKET returned sockets are now checked more before returned
  • curl-config got a --checkfor option to compare version numbers
  • line end conversions for FTP ASCII transfers
  • curl_multi_socket() API added (still mostly untested)
  • conversion callback options for EBCDIC <=> ASCII conversions
  • added CURLINFO_FTP_ENTRY_PATH
  • less blocking for the multi interface during (Open)SSL connect negotiation

Bugfixes:

  • builds fine on cygwin
  • md5-sess with Digest authentication
  • dict with letters such as space in a word
  • dict with url-encoded words in the URL
  • libcurl.m4 when default=yes but no libcurl was found
  • numerous bugs fixed in the TFTP code
  • possible memory leak when adding easy handles to multi stack
  • TFTP works in a more portable fashion (== on more platforms)
  • WSAGetLastError() is now used (better) on Windows
  • GnuTLS non-block case that could cause data trashing
  • deflate code survives lack of zlib header
  • CURLOPT_INTERFACE works with hostname
  • configure runs fine with ICC
  • closed control connection with FTP when easy handle was removed from multi
  • curl --trace crash when built with VS2005
  • SSL connect time-out
  • improved NTLM functionality
  • following redirects with more than one question mark in source URL
  • fixed debug build crash with -d
  • generates a fine AIX Toolbox RPM spec
  • treat FTP AUTH failures properly
  • TFTP transfers could trash data
  • -d + -G combo crash

Fixed in 7.15.3 - March 20 2006

Release contains security-related bug fix

Changes:

  • added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD

Bugfixes:

  • TFTP Packet Buffer Overflow Vulnerability
  • properly detecting problems with sending the FTP command USER
  • wrong error message shown when certificate verification failed
  • multi-part formpost with multi interface crash
  • the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
  • "SSL: couldn't set callback" is now treated as a less serious problem
  • Interix build fix
  • fixed curl "hang" when out of file handles at start
  • prevent FTP uploads to URLs with trailing slash

Fixed in 7.15.2 - February 27 2006

Changes:

  • Support for SOCKS4 proxies (added --socks4)
  • CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET added
  • CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE (--local-port) added
  • Dropped support for the LPRT ftp command
  • Gopher is now officially abandoned as a protocol (lib)curl tries to support
  • curl_global_init() and curl_global_cleanup() are now using a refcount so that it is now legal to call them multiple times. See updated info for details

Bugfixes:

  • two bugs concerning using curl_multi_remove_handle() before the transfer was complete
  • multi-pass authentication and compressed content
  • minor format string mistake in the GSS/Negotiate code
  • cached DNS entries could remain in the cache too long
  • improved GnuTLS check in configure
  • re-used FTP connections when the second request didn't do a transfer
  • plain --limit-rate [num] means bytes
  • re-creating a dead connection is no longer counted internally as a followed redirect and thus prevents a weird error that would occur if a FTP connection died on an attempted re-use
  • Try PASV after failing to connect to the port the EPSV response contained
  • -P [IP] with non-local address with ipv6-enabled curl
  • -P [hostname] with ipv6-disabled curl
  • libcurl.m4 was updated
  • configure no longer warns if the current path contains a space
  • test suite kill race condition
  • FTP_SKIP_PASV_IP and FTP_USE_EPSV when doing FTP over HTTP proxy
  • Doing a second request with FTP on the same bath path, would make libcurl confuse what current working directory it had
  • FTP over HTTP proxy now sends the second CONNECT properly
  • numerous compiler warnings and build quirks for various compilers have been addressed
  • supports name and passwords up to 255 bytes long, embedded in URLs
  • the HTTP_ONLY define disables the TFTP support

Fixed in 7.15.1 - December 7 2005

Release contains security-related bug fix

Changes:

  • the libcurl.pc pkgconfig file now gets installed on make install
  • URL globbing now offers "range steps": [1-100:10]
  • LDAPv3 is now the preferred LDAP protocol version
  • --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
  • improved MSVC makefile

Bugfixes:

  • URL buffer overflow problem
  • using file:// on non-existing files are properly handled
  • builds fine on DJGPP
  • CURLOPT_ERRORBUFFER is now always filled in on errors
  • curl outputs error on bad --limit-rate units
  • fixed libcurl's use of poll() on cygwin
  • the GnuTLS code didn't support client certificates
  • TFTP over IPv6 works
  • no reverse lookups on IP addresses when ipv6-enabled
  • SSPI compatibility fix: using the proper DLLs
  • binary LDAP properties are now shown base64 encoded
  • Windows uploads from stdin using curl can now contain ctrl-Z bytes
  • -r [num] would produce an invalid HTTP Range: header
  • multi interface with multi IP hosts could leak socket descriptors
  • the GnuTLS code didn't handle rehandshakes
  • re-use of a dead FTP connection
  • name resolve error codes fixed for Windows builds
  • double WWW-Authenticate Digest headers are now handled
  • curl-config --vernum fixed

Fixed in 7.15.0 - October 13 2005

Release contains security-related bug fix

Changes:

  • --ftp-skip-pasv-ip / CURLOPT_FTP_SKIP_PASV_IP (sponsored by CU*Answers)
  • TFTP support added

Bugfixes:

  • user+domain name buffer overflow in the NTLM code (security flaw)
  • -z over FTP now considers equal timestamps "not modified since"
  • Weird characters removed from the configure script
  • Fixed time zone offsets for MEST and CEST for the time parser
  • HTTP Content-Range header parser crash
  • FTPS negotiation timeouts/errors
  • SSPI works even for Windows 9x
  • crash in --dump-header on FTP
  • test 56 runs better

Fixed in 7.14.1 - September 1 2005

Changes:

  • GNU GSS support
  • --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added
  • negotiates data connection SSL earlier when doing FTPS with PASV
  • CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
  • trailer support for chunked encoded data streams
  • -x/CURL_PROXY strings may now contain user+password
  • --trace-time now outputs the full microsecond, all 6 digits

Bugfixes:

  • MSVC build problem with the DSP file
  • windows threaded resolver access violation with multi interface
  • test suite works with valgrind 3
  • CA cert verification with GnuTLS builds
  • handles expiry times in cookie files that go beyond 32 bits in size
  • several client problems with files, such as doing -d @file when the file isn't readable now gets a warning displayed
  • write callback abort didn't always "take"
  • the curl -z "bad syntax" warning is now hidden when -s is used
  • curl -d @nonexisting no longer makes a GET
  • minor debug callback data size
  • date parsing of dates including daylight savings time zone names
  • using NTLM over proxy with an FTP URL
  • curl-config --features now displays SSL when built with GnuTLS too
  • CURLOPT_HTTPGET, CURLOPT_POST and CURLOPT_HTTPPOST reset CURLOPT_NOBODY
  • builds fine on AmigaOS again
  • corrected date parsing on Windows with auto-DST-adjust enabled
  • treats CONNECT 407 responses with bodies better during Digest/NTLM auth
  • improved strerror_r() API guessing when cross-compiling
  • debug builds work on Tru64
  • improved libcurl.m4
  • possible memory leak in windows name resolves
  • c-ares enabled build with mingw
  • proxy host set with numerical IPv6 address
  • better treatment of binary zeroes in HTTP response headers
  • fixed the notorious FTP server failure in the test suite
  • better checking of text output in the test suite on windows
  • FTP servers' TYPE command response check made less strict
  • URL-without-slash as in http://somehost?data
  • strerror_r() configure check for HP-UX 10.20 (and others)
  • time parse work-around on HP-UX 10.20 since its gmtime_r() is broken

Fixed in 7.14.0 - May 16 2005

Changes:

  • modified default HTTP request headers
  • curl --trace-time added for time stamping trace logs
  • curl now respects the SSL_CERT_DIR and SSL_CERT_PATH environment variables
  • more search paths for curl's default .curlrc config file check
  • GnuTLS support, use configure --with-gnutls. Work on this was sponsored by The Written Word.

Bugfixes:

  • uses select() instead of poll() even on Mac OS X 10.4
  • reconnected proxy use with NTLM auth on the same handle
  • warns about bad -z date syntax
  • docs/THANKS now contains all known contributors
  • builds out-of-the-box on (presumably ipv6-enabled) AIX 4.3 hosts
  • curl --head could wrongly complain on bad chunked-encoding
  • --interface SIGSEGVed on a bad address
  • kill the HTTPS server better when stopping the test suite
  • builds fine with VS2005 on x64
  • auth fix for HTTP redirects and .netrc usage
  • FTP uploads show the progress meter easier
  • MSVC makefile fixes for static libcurl builds
  • configure fix for static libcurl build on Windows
  • --retry-delay
  • POST with read callback now uses Expect: 100-continue
  • CURLOPT_PORT didn't actually use the set port number
  • HTTP 304 response with Content-Length: header
  • time-conditioned FTP uploads

Fixed in 7.13.2 - Apr 4 2005

Changes:

  • Added --form-string
  • libcurl can be built with SSPI support. curl_version_info() then returns a new feature bit: CURL_VERSION_SSPI. configure --enable-sspi added
  • Added --proxy-anyauth
  • Added runtests.1 and testcurl.1 man pages

Bugfixes:

  • the MSVC libcurl Makefile was fixed
  • libcurl on Windows crash if resolver was active when easy handle was killed
  • HTTP POST with auth and an initial 100 response before the 401/407
  • configure's SSL-detection for msys/mingw
  • better connection keep-alive when POSTing with HTTP Digest
  • FTP-SSL
  • reading FTP server response in multiple reads
  • picking one out of multiple proxy auth methods
  • inet_ntoa_r() when built with uClibc
  • the so name issue for the LDAP library dynamic load
  • crash when using SOCKS4 proxy
  • a debug printf() was removed
  • CURLOPT_FILETIME when downloading FTP corrupted data
  • FTP upload resume now works even if no file is present on the site
  • SSL seeding no longer attempts to read the whole random file

Fixed in 7.13.1 - Mar 4 2005

Release contains security-related bug fix

Changes:

  • CURLOPT_COOKIEFILE set to "" is now activating the cookie engine
  • FTP code overhaul => multi interface much less blocking
  • Added CURLE_LOGIN_DENIED to be returned when curl is denied login to FTP servers

Bugfixes:

  • -# crash when more data than expected was retrieved
  • NTLM/krb4 buffer overflow fixed
  • proxy auth bug when following redirects to another host
  • socket leak when local bind failed
  • HTTP POST with --anyauth picking NTLM
  • SSL problems when downloading exactly 16KB data
  • out of memory conditions preserve error codes better
  • a few crashes at out of memory
  • inflate buffer usage bugfix
  • better DICT protocol adherence
  • disable valgrind-checking while testing if libcurl is built shared
  • locale names in some date strings

Fixed in 7.13.0 - Feb 1 2005

Changes:

  • added --ftp-account and CURLOPT_FTP_ACCOUNT
  • added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE
  • obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT and CURLOPT_PASV_HOST
  • added --3p-url, --3p-user and --3p-quote
  • -Q "+[command]" was added
  • src/getpass.c license issue sorted (code was rewritten)
  • curl -w now supports 'http_connect' for the proxy's response to CONNECT
  • introducing "curl-config --protocols"

Bugfixes:

  • re-sending a request when retrying on a fresh connection with multi interface
  • improved valgrind report parser in the test suite
  • several valgrind reports
  • CURLOPT_FTPPORT and -P work when built ipv6-enabled
  • FTP third party transfers was much improved
  • proxy environment variables are now ignored when built HTTP-disabled
  • CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled
  • "curl dictionary.com" no longer assumes DICT protocol
  • re-invoke some system calls on EINTR
  • duplicate Host: when failed connection re-use
  • SOCKS5 version check
  • memory problem with cleaning up multi interface
  • SSL certificate name memory leak
  • -d with -G to multiple URLs crashed
  • double va_list access crash fixed
  • minor memory leak when "version" is set in a cookie header
  • builds fine on BeOS and NetBSD
  • builds and runs fine on FreeBSD

Fixed in 7.12.3 - Dec 20 2004

Changes:

  • PKCS12 certificate support added
  • added CURLINFO_SSL_ENGINES (and "--engine list")
  • new configure options: --disable-cookies, --disable-crypto-auth and --disable-verbose
  • persistent ftp request improvements
  • CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA added. If your app uses HTTP Digest, NTLM or Negotiate authentication, you will most likely want to use these
  • -w time_redirect and num_redirects
  • no longer uses libcurl.def for building on Windows, OS/2 and Netware
  • builds on Windows CE
  • request retrying, --retry and family added
  • FTP 3rd party transfers with source and dest on the same host now works
  • added CURLINFO_NUM_CONNECTS

Bugfixes:

  • curl -E on windows accepts "c:/path" with forward-slash
  • several improvements for large file support on windows
  • file handle leak in aborted multipart formpost file upload
  • -T upload multiple files with backslashes in file names
  • modified credentials between two requests on a persistent http connection
  • large file file:// resumes on Windows
  • URLs with username and IPv6 numerical addresses
  • configure works better with SSL libs in a "non-standard ld.so dir"
  • curl-config --vernum zero prefixed
  • bad memory access in the NTLM code
  • EPSV on multi-homed servers now works correctly
  • chunked-encoded transfers could get closed pre-maturely without error
  • proxy CONNECT now default timeouts after 3600 seconds
  • disabling EPSV or EPRT is ignored when connecting to an IPv6 FTP server
  • no extra progress meter newline output after each Location: followed
  • HTTP PUT/POST with Digest, NTLM or Negotiate no longer uses HEAD
  • works with or gracefully bails out when exceeding FD_SETSIZE file descriptors
  • CURLINFO_REDIRECT_TIME works
  • building with gssapi libs and hdeaders in the default dirs
  • curl_getdate() parsing of dates later than year 2037 with 32 bit time_t
  • curl -v when stderr is closed wrote debug messages to the network socket
  • build failure with libidn 0.3.X or older
  • huge POSTs on VMS
  • configure no longer uses pkg-config on cross-compiles
  • potential gzip decompress memory leak
  • "-C - --fail" on a HTTP page already downloaded
  • formposting a zero byte file
  • use setlocale() for better IDN functionality by default

Fixed in 7.12.2 - Oct 18 2004

Changes:

  • the IDN code now verifies that only TLD-legitmate letters are used in the name or a warning is displayed (when verbose is enabled)
  • provides error texts for IDN errors
  • file upload parts in formposts now get their directory names cut off
  • added CURLINFO_OS_ERRNO
  • added CURLOPT_FTPSSLAUTH to allow ftp connects to attempt "AUTH TLS" instead before "AUTH SSL"
  • curl_getdate() completely rewritten: may affect rare curl -z use cases

Bugfixes:

  • CURLOPT_FTP_CREATE_MISSING_DIRS works for third party transfers
  • memory leak for cookies received with max-age set
  • potential memory leaks in the window name resolver
  • URLs with ?-letters in the user name or password fields
  • libcurl error message is now provided when send() fails
  • no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms
  • HTTP resume was refused if redirected
  • configure's gethostbyname check when both nsl and socket libs are required
  • configure --with-libidn now checks the given path before defaults
  • a race condition sometimes resulting in CURLE_COULDNT_RESOLVE_HOST in the windows threaded name resolver code
  • isspace() invokes with negative values in the cookie code
  • a case of read-already-freed-data when CURLOPT_VERBOSE is used and a (very) persistent connection
  • now includes descriptive error messages for IDN errors
  • more forgivning PASS response code check for better working with proftpd
  • curl/multi.h works better included in winsock-using apps
  • curl_easy_reset() no longer enables the progress meter
  • build fix for SSL disabled curl with SSL Engine support present
  • configure --with-ssl=PATH now ignores pkg-config path info
  • CURLOPT_SSLENGINE can be set to NULL even if no engine support is available
  • LDAP crash when more than one record was received
  • connect failures properly stores an error message in the errorbuffer
  • Rare Location:-following problem with bad original URL
  • -F can now add Content-Type on non-file sections
  • double Host: header when following Location: with replaced Host:
  • curl_multi_add_handle() return code
  • "Proxy-Connection: close" is now understood and properly dealt with
  • curl_getdate() crash
  • downloading empty files now calls the write callback properly
  • no reverse DNS lookups for ip-only addresses with ipv6-enabled libcurl
  • file handler leak when getting an empty file:// URL
  • libcurl works better multi-threaded on AIX (when built with xlc)
  • cookies over proxy didn't match the path properly
  • MSVC makefile fixes to build better
  • FTP response 530 on 'PASS' now sends back a better error message

Fixed in 7.12.1 - Aug 10 2004

Changes:

  • the version string now only contains info about (sub) package versions, while for example krb4 and ipv6 now only are available as 'features'
  • added curl_easy_reset()
  • socks proxy support even when libcurl is built ipv6-enabled
  • read callbacks can stop the transfer by returning CURL_READFUNC_ABORT
  • libcurl-tutorial.3 is the new man page formerly known as libcurl-the-guide
  • additional SSL trace data might be sent to the debug callback using two new types: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT
  • multipart formposts can upload files larger than system memory
  • the curl tool continues with the next URL even if one transfer fails
  • FTP 3rd party transfer support - seven new setopt() options

Bugfixes:

  • UTF-8 encoded certificate names can now be verified properly
  • krb4 link problem
  • HTTP Negotiate service name now provided in uppercase
  • no longer accepts any cookies with domain set to just a TLD
  • HTTP Digest properties without quotes in the header
  • bad Host: header case on re-used connections over proxy
  • duplicate Host: header case on re-used connections
  • curl -o name#[num] now works when no globbing for [num] exists
  • test suite runs fine with valgrind 2.1.x
  • negative Content-Length is ignored
  • test 505 runs fine on windows
  • curl_share_cleanup() crash
  • --trace files now get the final info lines too
  • multi interface connects fine to multi-IP resolving hosts
  • --limit-rate works on Mac OS X (and other systems with bad poll()s)
  • cookies can now hold 4999 bytes of content
  • HTTP POST/PUT with NTLM/Digest/Negotiate to a URL returning 3XX
  • HTTPS POST/PUT over a proxy requiring NTLM/Digest/Negotiate
  • less restrictive libidn requirements, 0.4.1 or later is fine
  • HTTP POST or PUT with Digest/Negotiate/NTLM selected but the server didn't require any authentication
  • win32 file:// transfer free memory bug
  • configure --disable-http builds a libcurl without HTTP support
  • CURLOPT_FILETIME had wrong type in curl.h, it expects a long argument
  • builds fine with Borland on Windows
  • the msvc curllib.dsp now builds the libcurl.lib file
  • builds fine on VMS
  • builds fine on NetWare
  • HTTP Digest authentication with proxies uses correct user name + password
  • builds fine with lcc-win32

Fixed in 7.12.0 - Jun 2 2004

Changes:

  • added ability to "upload" to file:// URLs
  • added curl_global_init_mem()
  • removed curl_formparse()
  • the MSVC project file in the release archive is automatically built
  • curl --proxy-digest is a new command line option
  • the Windows version of libcurl can use wldap32.dll for LDAP
  • added curl_easy_strerror(), curl_multi_strerror() and curl_share_strerror()
  • IPv6-enabled Windows hosts now resolves names threaded/asynch as well
  • configure --with-libidn can be used to point out the root dir of a libidn installation (version 0.4.5 or later) for curl to use, then libcurl can resolve and use IDNA names (domain names with "international" letters)

Bugfixes:

  • incoming cookies with domains set with a prefixed dot now works better
  • CURLOPT_COOKIEFILE and CURLOPT_COOKIE can be used in the same request
  • improved peer certificate name verification
  • allocation failures cause no leaks nor crashes
  • the progress meter display now handles file sizes up to full 8 exabytes (which is as high a signed 64 bit number can reach)
  • general HTTP authentication improvements
  • HTTP Digest authentication with the proxy works
  • mulipart formposting with -F and file names with spaces work again
  • curl_easy_duphandle() now works when ares-enabled
  • HTTP Digest authentication works a lot more like the RFC says
  • curl works with telnet and stdin properly on Windows
  • configure --without-ssl works even when pkg-config has OpenSSL details
  • src/hugehelp.c builds correct again in non-configure build environments

Fixed in 7.11.2 - Apr 26 2004

Changes:

  • removed maximum user+password+hostname size limit
  • removed maximum dir depth limit for FTP
  • the ares build now requires c-ares 1.2.0 or later
  • --tcp-nodelay and CURLOPT_TCP_NODELAY were added
  • curl/curlver.h contains the libcurl version info now

Bugfixes:

  • configure --disable-manual works better
  • removed a memory leak when doing a windows threaded resolve and it failed
  • --proxy-ntlm now checks if libcurl supports NTLM before using it
  • minor --fail with authentication bugfix
  • CURLOPT_IPRESOLVE set to CURL_IPRESOLVE_V6 will now cause a returned error if the host only can resolve ipv4 addresses
  • curl -4/-6 now actually sets the requested option in libcurl
  • multi interface on Windows without ares works again
  • improved resolution for the CURLINFO_*_TIME info variables
  • getting only a 100 Continue response and nothing else, when talking HTTP, is now treated as an error by libcurl
  • fixed minor memory leak in libcurl for Windows when statically linked
  • POST/PUT using Digest/NTLM/Negotiate (including anyauth) now work better
  • --limit-rate with high speed rates is a lot more accurate now, and supports limiting to speeds >2GB/sec on systems with Large File support.
  • curl_strnqual.3 "refer-to" man page fix
  • fixed a minor very old progress meter final update bug
  • added checks for a working NI_WITHSCOPEID before that is used
  • fixed a flaw that prevented ares name resolve timeouts to occur
  • getting user name from http_proxy env variable works now
  • fixed too early name resolve timeouts with ares
  • HTTP Digest "re-negotiation" works now
  • CURLOPT_FAILONERROR (-f/--fail) works with all kinds of authentication
  • better thread-safety thanks to the internal strerror() replacement
  • better thread-safety on AIX thanks to better function detection
  • minor ipv6 build fix for windows
  • the test suite runs fine with mingw-built curl
  • the postit2.c example works now
  • better error message when --interface fails on windows
  • the progress meter now displays very long times better
  • CURLINFO_CONTENT_LENGTH_DOWNLOAD with CURLOPT_NOBODY set TRUE now works
  • passwords longer than 14 letters work with NTLM
  • 'make netware' in the root dir works now
  • builds fine on VMS again and even nicer than before

Fixed in 7.11.1 - Mar 19 2004

Changes:

  • CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB
  • CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature large file support
  • libcurl only requires winsock 1.1 on windows now
  • when doing FTP, curl now sends QUIT before disconnecting
  • name resolves can now timeout on windows too
  • $HOME is now recognized better when looking for .netrc files
  • now re-uses the ares handle when re-using curl handles
  • SO_BINDTODEVICE is used for network interface binding
  • configure --disable-manual disables the built-in huge manual from the command line tool
  • the default Accept: header used in HTTP requests changed
  • asynch dns lookups now require the c-ares library
  • curl --socks can be used to set a SOCKS5 proxy to use
  • response-headers received after a (proxy) CONNECT request are now passed to the header callback just like other headers

Bugfixes:

  • builds and runs on Novell NetWare
  • Windows builds now report OS as "i386-pc-win32"
  • received signals during SSL connect is handled better
  • improved PUT/POST with NTLM/Digest authentication
  • following redirects and doing NTLM/Digest (where the first connection gets closed) with the multi interface work better now
  • file: progress meter and getinfo variables work now
  • CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together
  • share interface usage without (un)lock functions segfaulted
  • --limit-rate no longer cripples the --speed-limit feature
  • fixed verbose output problem with ipv6-enabled re-used connections
  • fixed the socks5 code to check version in the socks response properly
  • dns cache bug - fixed the 'inuse' counter
  • large file fix for Content-Length
  • better docs for the share interface
  • several configure fixes for mingw/msys
  • setting a Host: header is no longer affecting the Host: header used when libcurl follows a Location:
  • fixed numerous compiler warnings on several operating systems and compilers
  • PUTing from stdin couldn't disable chunked transfer-encoding
  • corrected the mingw makefiles
  • improved the configure libz detection
  • fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts
  • *nroff commands that only support -mandoc and not -man are now supported (for the built-in manual text in the command line tool)
  • fixed the unconditional #include of config.h in hugehelp.c
  • builds fine on MPE/iX
  • upload using chunked transfer-encoding now sends the last chunk properly teriminated with an extra CRLF
  • Fixed the progress meter display for files >2GB
  • persistant connections over a proxy messed up the proxy name/password
  • the socks5 code segfaulted if no username/password was set
  • the *_LARGE options now take curl_off_t types as parameters and this will make it possible to handle large files on windows too
  • builds with large file support even on systems without strtoll()

Fixed in 7.11.0 - Jan 22 2004

Changes:

  • allows the URL to be set by a callback when using the multi interface
  • large file support was added. Use one of the new options: INFILESIZE_LARGE, RESUME_FROM_LARGE and MAXFILESIZE_LARGE
  • the new --ftp-pasv overrides a previous --ftpport
  • CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way" (the curl tool now features the --ftp-ssl option)
  • The Windows DLLs are built with an added "resource file"
  • New LIBCURL_VERSION_* defines for easier checking version number
  • Included Mac OS X 'framework' makefile in the release archive
  • Removed the TRUE and FALSE #defines from the public curl header file
  • Added CURLOPT_NETRC_FILE

Bugfixes:

  • improved config file parsing for options with required parameters
  • using --trace with a bad file name could crash
  • release archive contains compressed help text
  • the win32 password prompting supports backspace
  • builds natively on AmigaOS (without unix emulation)
  • ftps:// now uses port 990 by default
  • the "configure --with-spnego" action was improved
  • fixed a rare follow-redirect problem
  • curl-config --feature now outputs AsynchDNS if enabled
  • occational re-use of freed-memory problem fixed
  • curl-config --libs now include the ares link directory
  • configure --enable-ares now accepts a given path
  • -lz no longer appear twice on the link line
  • more descriptive error message if the FTP response reader fails
  • curl-config --feature now shows 'AsynchDNS' when built with ares
  • VMS build up-to-date and clarified source code
  • resolve bug caused socks5 to fail
  • Content-Length: is ignored when getting chunked Transfer-Encoding
  • POST over proxy to https server failed
  • improved how libcurl deals with persistant connections over FTP when a transfer fails
  • accessing a proxy that requires Basic auth without password caused a hang
  • a free free-twice problem in the server certificate code
  • minor memory leak when using ranges on persistant connections
  • formpost parts sending files with .html extensions now use "Content-Type: text/html"
  • formpost parts now default to "Content-Type: application/octet-stream"
  • --progress-bar was slightly improved
  • Failing to connect to localhost, using the multi interface on Solaris showed a connect problem now fixed.
  • The generated ca-bundle.h file is now generated in the build dir, not the source dir
  • The FTP-EPSV response parser for the 229 code was fixed
  • curl finds the user's home dir slightly different and hopefully better on Windows
  • testcurl.sh can now be used to autotest daily tarballs
  • a couple of command line options now check that the underlying library actually supports the features before trying to enable them
  • uninitialized variable fix
  • better html versions of the man pages

Fixed in 7.10.8 - Nov 1 2003

Changes:

  • --head now works on file:// URLs too
  • file: URLs with only one initial slash now works too
  • RELEASE-NOTES document added to the release archive to summarize the big and visible changes and bugfixes
  • CURLOPT_MAXFILESIZE was added, and --max-filesize
  • CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA are no longer supported
  • IPv6 is now supported on Windows builds too
  • CURLOPT_IPRESOLVE lets you select pure IPv6 or IPv4 resolved addresses (curl offers the command line options -4/--ipv4 and -6/--ipv6)
  • GSS-Negotiate works fine with the MIT kerberos library
  • SPNEGO support added, if libcurl is built with the FBopenssl libraries, curl_version_info() can return a feature bit for it and curl -V displays SPNEGO as a feature if libcurl is built with it enabled
  • easy handles added to a multi handle now share DNS cache automaticly
  • CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL were added
  • CURLOPT_FTP_RESPONSE_TIMEOUT was added
  • NTLM, Digest and GSS-Negotiate authentications also work for HTTPS over proxies
  • curl supports multiple -T flags to allow serveral uploaded files using a single command line
  • CURLINFO_RESPONSE_CODE can return the last FTP response code

Bugfixes:

  • added work-around for a name resolve problem on some glibc versions
  • a rare ERRORBUFFER single-byte overflow was fixed
  • HTTP-resuming an already downloaded file works better
  • builds better on Solaris 8+ with gcc
  • --disable-eprt works now
  • improved CA cert verification
  • --anyauth could bug when the first response had no body contents
  • double password prompting when doing NTLM fixed
  • improved performance when used multi-threaded on windows
  • share-locking during DNS lookups was modified
  • resume was not possible to switch off properly once enabled
  • fixed the ipv4 connect code when a DNS entry has multiple IPs
  • now checks subjectAltNames when matching certs
  • HTTP POST using read callback works again
  • builds fine on BeOS now
  • CURLOPT_COOKIE set to NULL no longer sends the previously set cookie
  • if an FTP transfer used a bad path, the next transfer could fail too
  • ares-built libcurl resolves IP-only names properly
  • changed the curl_lock_function proto to prevent warnings on some compilers
  • builds fine on QNX 6.2.x now
  • PUT with --digest works now
  • --anyauth that picks NTLM and then follows a redirect (and does NTLM again) works now
  • asynch resolves now work on NT4 too
  • a DNS cache trash (possible segfault) was fixed
  • runtests.pl clears all proxy environment variables before the test is run
  • Microsoft's "Negotiate" authentication is now supported by the existing GSSNEGOTIATE option
  • A set zero-length proxy name confused libcurl
  • Digest authentication works again without OpenSSL on 64bit architectures
  • configure --enable-thread works now
  • buffer problems in the test suite's web server were fixed
  • improved proxy password handling
  • LDAP is again working nicely with the current OpenLDAP
  • asynch name lookup for non-resolving hosts now return a proper error message
  • CURLOPT_SSL_VERIFYHOST set to 1 no longer aborts if no CN field is obtainable, it will merely warn about it
  • name resolve segfault with uClibc fixed
  • multi interface and multi-part/formpost could end in segfault
  • curl_multi_info_read() sets the msgs_in_queue to 0 when returning NULL
  • multi interface, ares and non-resolving host caused a segfault
  • minor single SSL memory leak fixed
  • Setting CURLOPT_WRITEFUNCTION or CURLOPT_READFUNCTION to NULL resets them to default

Fixed in 7.10.7 - Aug 15 2003

Changes:

  • CURLOPT_PROXYAUTH was added to allow different authentication methods on proxies (--proxy-ntlm was added to the curl tool).
  • --ftp-create-dirs and CURLOPT_FTP_CREATE_MISSING_DIRS were added
  • optional and still experimetal asynch name resolve support
  • getting headers-only and no-body from FTP can now reply "Accept-Ranges" if the server seems to suppport REST.

Bugfixes:

  • fixed a memory leak on re-used connections with proxy-authentication
  • cookies with no contents are sent off too now
  • 64bit-related bugfix for uploads
  • file:// URLs with drive letters now work on windows and OS/2
  • The output numbering (#[num]) on url globbing didn't work due to a bug in curl_msprintf()
  • FTP persitent download directory re-use problem fixed
  • cookie parser now only requires two dots in cookie domain
  • FOLLOWLOCATION (or -L) did not always ignore the redirect page properly
  • information leak fixed. When proxy authentication is used in a CONNECT request (as used for all SSL connects and otherwise enforced tunnel-thru-proxy requests), the same authentication header was also wrongly sent to the remote host.
  • the VC++ Makefiles were updated
  • builds better on VMS
  • src/hugehelp.c is now distributed uncompressed in the source package
  • the mkhelp script now compresses properly on DOS/Windows

Fixed in 7.10.6 - Jul 28 2003

Changes:

  • CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
  • multiple patches lets curl build and run on DOS
  • libcurl now deals with spaces in Location: redirects and URLifies them
  • curl --version shows more detailed info
  • curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
  • curl_version() includes "GSS" in the string if built with GSSAPI available
  • Pick-best-authentication option added (--anyauth, using the CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
  • NTLM authentication support (--ntlm and CURLAUTH_NTLM)
  • GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
  • Digest authentication support added (--digest and CURLAUTH_DIGEST)
  • Allow curl to switch (back to) to Basic authentication (--basic)
  • libcurl supports name and password in proxy environment variables

Bugfixes:

  • double slash after the host name on a FTP URL again points out the root dir
  • obscure and rare DNS cache problem was fixed
  • multiple FTP connections to the same host with different user names didn't work properly
  • no more CWD commands without arguments for ftp connections
  • curl no longer uses setvbuf() due to portability problems
  • VMS build fixes
  • the curl tool has the -M manual compressed internally if built with libz
  • url globbing syntax error could cause segfault
  • Huge (>40-60KB) GET requests over HTTPS failed.
  • Content-Length now overrides socket-closed as a means of knowing when the response body is complete.
  • --progress-bar takes the initial size into account when doing resumed downloads
  • work around SSL bugs better
  • libcurl typically issues POST requests with less send() calls
  • better main makefile
  • external headers improved portability
  • Listing FTP directories without contents could leak a socket
  • Getting HTTP contents in one line without headers failed
  • bugfixed the socks5-proxy usage (twice)
  • h_aliases name-lookup rare crash fixed
  • improved curl -M output
  • curl_unescape() now only unescapes valid %HH codes

Fixed in 7.10.5 - May 19 2003

Changes:

  • support for Content-Encoding: gzip was added
  • test cases modified to include server requirement in each test case file
  • CURLOPT_FTP_USE_EPRT was added, --disable-eprt with the tool
  • setting CURLOPT_ENCODING to "" automaticly enables all supported encodings

Bugfixes:

  • libcurl now calls the progress meter during slow ftp responses as well
  • a write loop resulting in badly updated progress meter was fixed
  • non-blocking sockets fix for PORT ftp downloads
  • CURLOPT_INTERFACE performance fix on Linux
  • EAGAIN-fix improves HPUX (at least) functionality
  • configure script fix for the writable argv check and cross-compiles
  • features more verbose error message when some OpenSSL read errors occur
  • improved ftp compliance with RFC1738, now performs individual CWD commands for each path part in the URL
  • cookie overhaul: fixed jarsaving, improved path treatment and stricter cookie receiving, adjusts to Hosts: headers
  • CURLINFO_CONNECT_TIME works with the multi interface too
  • curl_easy_setopt() now returns correct error codes
  • formposting .html files set Content-Type text/html now
  • curl reports a new huge and verbose error message on CA cert problems
  • libcurl now returns CURLE_SSL_CACERT on CA cert problems
  • chunked-transfer deflate downloads work
  • FTP-server responses to CWD are now more liberally treated
  • fixed url parsing when '?' is used after the host name without '/'.
  • curl -I on ftp files outputs the date with correct time zone (GMT)
  • curl -z now works for FTP files (CURLOPT_TIMECONDITION)
  • the default DEBUGFUNCTION outputs incoming headers as well
  • Content-Type extraction did wrong if there was no space after the colon
  • the MSVC project file was fixed
  • no longer installs the ca bundle when built --without-ssl
  • the boundary strings in formposts now look very similar to the ones IE uses
  • test suite runs on cygwin

Fixed in 7.10.4 - Apr 2 2003

Changes:

  • the curl tool now "clears" sensitive commands line args
  • no more emacs local variables in the source files
  • script for distributed, automatic, multi-platform testing added. Please join up and help us test the bleeding edge curl on various platforms!
  • the "scratch buffer" is now only allocated when actually needed
  • removed the strequal and strnequal macros from curl/curl.h
  • added CURLOPT_UNRESTRICTED_AUTH / --location-trusted

Bugfixes:

  • "curl -O" only, now outputs an error message accordingly
  • builds fine on Redhat Linux 9 (configure fix)
  • the CA cert bundle included a demo cert now removed
  • changing some attributes between two transfers when re-using a connection did not "take effect" properly
  • the test suite runs faster and hopefully a bit more reliably
  • improved configure check for presence of functions, needed for HPUX
  • the curl tool now makes a correct URL escaping when appending to the URL when using -T and the file name is appended to the URL.
  • configure --enable-libgcc now explicitly add -lgcc to the linker
  • better configure checks for headers (since some platforms got nasty warnings output previously)
  • configure --help looks nicer
  • data transfer bug on HP-UX systems
  • improved random seeding for systems without a reliable random source
  • 64bit Sparc compiler warnings removed
  • a case where a connect failure didn't return an error string
  • DNS cache problem in AIX 4.3 and later was fixed
  • a POST-then-GET problem when re-using the same handle in libcurl
  • extra precaution added for FTP servers returning 0 bytes to SIZE commands
  • looping issue in the receive function (i.e badly updated progress meter)
  • Fixed the 'Expect: 100-continue' behavior
  • CURLOPT_MAXCONNECTS segfault fixed
  • multi-interface connecting on Windows to non-listening ports fixed
  • Curl_base64_encode() now encodes zero-bytes too properly
  • fixed the infamous SSL error:00000000 outputs
  • zlib build fix in the mingw makefile
  • don't check for ca cert env variable if --insecure is used
  • always use strict cert name check unless --insecure is used
  • content-type extracting fixed
  • DEBUGFUNCTION could be called with wrong arguments in uploads
  • ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
  • the fopen.c example code didn't work
  • content-type extracting memory leak fixed
  • curl/multi.h was fixed for C++ compiles
  • .netrc file scanning for names+passwored fixed
  • curl-config --cflags works even when include dirs isn't /usr/include
  • CURLINFO_PRIVATE can return NULL properly

Fixed in 7.10.3 - Jan 14 2003

Changes:

  • Added CURLOPT_PRIVATE and CURLINFO_PRIVATE
  • Added CURLOPT_HTTP200ALIASES
  • Added --create-dirs
  • libcurl test cases have been added
  • configure --enable-maintainer-mode was added

Bugfixes:

  • Transfer-Encoding: chunked for uploads works
  • Test cases 306 and 402 now run fine
  • configure script bug related to CONTENT_ENCODING fixed
  • Borland Makefiles up-to-date
  • Name resolve fix to correct the 7.10.2-fix!
  • curl/curl.h now has a more proper extern "C" for C++
  • CURL_MAX_WRITE_SIZE lowered to 16KB: improves performance on Windows
  • configure --enable-debug now cuts off -O* options to the compiler
  • Using multi interface and proxy to non-listening port caused a hang
  • CURLOPT_USERPWD-imposed memory leak removed
  • Verbose connect message crash removed
  • curl-config --cflags
  • better SSL-reading with no CPU-eating loop left
  • A base64 decoding bug was fixed (affected kerberos4)
  • The MSVC++ Makefile for debug targets was improved
  • Initing the global DNS cache is now done better
  • "curl -I ftp://domain/non-existing-file" was flawed
  • fixed wildcard name checks in server certificates

Fixed in 7.10.2 - Nov 18 2002

Changes:

  • PDF versions of much documentation are included in the tarball
  • Transfer-Encoding: chunked for uploads are now supported

Bugfixes:

  • builds fine on MSVC again
  • CURLOPT_CONNECTTIMEOUT works better
  • name resolving failed with glibc 2.2.93
  • libtool build fix for -no-undefined
  • the follow location code could crash occasionally
  • multi interface and FOLLOWLOCATION didn't work properly
  • curl -j (CURLOPT_COOKIESESSION) didn't work properly
  • config file parser could crash on the presense of CRLF newlines
  • downloading HTTP without headers sometimes corrupted the data
  • connecting to a bad port number with the multi interface did wrong

Fixed in 7.10.1 - Oct 11 2002

Changes:

  • configure --without-zlib explicitly disables zlib in builds

Bugfixes:

  • junk data could get inserted when saving HTTP headers
  • telnet connections timeout properly
  • make install when built outside source tree works again
  • FOLLOW_LOCATION works for the multi interface too
  • HTTP Location following now deals with ./ and ../ cases
  • The OpenSSL ENGINE check was improved in the configure script

Fixed in 7.10 - Oct 1 2002

Changes:

  • curl -x "" now disables proxy-usage completely
  • The libcurl and thus the curl version string too are modified slightly
  • added curl_version_info() for various runtime version info
  • added curl_free() that allows freeing data libcurl malloced()
  • CURLOPT_ENCODING added, supports decompression of compressed downloaded data This is used with 'curl --compressed'. This feature uses the libz library, if present.
  • MIT-licensed only, no dual-stuff. That is history. Old. Gone. Forgotten.
  • libcurl does peer certificate verification by default. This needs to be disabled if you need to talk to SSL servers in an insecure way! (curl -k does this). See further details in the UPGRADE document.
  • SOCKS5-proxy support was added (somewhat flawed, see CHANGES for details)
  • More SSL error codes was added
  • CURLOPT_NOSIGNAL was added for multi-threaded programs to use
  • --limit-rate is now supported
  • CURLOPT_BUFFERSIZE sets a desired read buffer size
  • The FTP PORT command uses a better default IP address

Bugfixes:

  • transfer after a failed connect when using the multi interface
  • headerless HTTP downloads
  • "-C -" on multiple file downloads
  • resume on file:// downloads
  • memory leak in libcurl on repeated resume http downloads
  • crashes on 64bit machines solved
  • IPv6 IP-address only URLs sent bad Host: headers
  • --silent is more silent when doing URL globbing fetches
  • *multi_perform() now returns control properly when waiting for connect
  • curl_formadd man page was corrected
  • curl_escape() and curl_unescape() no longer deals with '+'
  • improved performance on persistent transfers on windows
  • no longer closes ftp connections unncessarily often
  • -N works again
  • the windows DLL now builds with the multi interface enabled
  • the internal password prompt now uses stderr instead of stdout
  • minor cookie parsing bug when no space came after the header colon
  • better #ifdef conditions in the global curl header files
  • the curl tool didn't allow POST of zero contents
  • literal RFC2732-style IPv6 addresses didn't work

Fixed in 7.9.8 - Jun 13 2002

Changes:

  • curl_formadd() can do file upload parts from buffer
  • libcurl can be built with specific protocols disabled
  • should build nicely with modified OpenSSL 0.9.7 API
  • win32 timers now use higher resolution
  • CURLOPT_CAPATH was added (--capath on the command line)
  • CURLOPT_NETRC now supports optional or required netrc mode
  • curl_formadd() now returns a CURLFORMcode type, not a plain int.

Bugfixes:

  • name resolves can now time-out properly (on unix-like systems)
  • an empty connect failure error message was filled in
  • when curl_easy_perform() failed on an ftp transfer, it could leak a socket
  • a curl_multi_remove_handle() crash was removed
  • windows versions will no longer complain on "weak seeding"
  • 64bit architectures could crash in the resolve code
  • CURLINFO_REQUEST_SIZE now works as documented
  • CURLINFO_REDIRECT_TIME returns a correct time now
  • getting an empty FTP file does not cause an error anymore
  • curl_multi_perform() works without curl_multi_fdset()
  • re-using a connection over a proxy could do bad Host: headers
  • CURLOPT_POST with a "" string could lead to a crash.
  • better certificate loading
  • Name resolve crash on platforms without *_r() functions removed
  • minor compiler problems on FreeBSD fixed

Fixed in 7.9.7 - May 10 2002

Changes:

  • CURLOPT_COOKIESESSION (-j with the client) starts a new cookie session
  • --trace or --trace-ascii dump a full network/debug dump to a given file
  • Added: curl_multi_info_read() is now implemented as documented
  • Added CURLINFO_REDIRECT_TIME and CURLINFO_REDIRECT_COUNT
Bugfixes:
  • CURLOPT_DEBUGFUNCTION gets called as documented
  • -D with multiple URLs will append all headers in the same file
  • multi interface transfers work better
  • multiple transfers reset download counters better in between
  • Pruning now prevents the DNS cache from growing out of proportions
  • no_proxy didn't work when URL contained port numbers
  • --interface didn't work for IPv6 enabled libcurls
  • the TIMECOND defines are now using CURL_ prefixes
  • Now uses less memory for name resolves on most operating systems
  • pack_hostent works with 64 bit pointers
  • Prunes old DNS cache entries
  • HTTP 301 response after a POST now treated differently
  • rfc1867-formposting a non-existent file now causes a failure

Fixed in 7.9.6 - Apr 14 2002

Changes:

  • Added CURLOPT_DEBUGFUNCTION
  • Added multi interface man pages, examples and public header files.
  • All CURLFORM_* options can now be given in an array
  • Added: -F supports filename= (using the new CURLFORM_FILENAME)

Bugfixes:

  • libcurl skips preceeding white spaces in cookie contents
  • CURLINFO_CONNECT_TIME is now set even when connect fails
  • -x didn't use the documented default port
  • RISC OS version now offers --environment
  • HTTP/1.0 304-replies are dealt with better
  • .curlrc is read from current directory if HOME isn't set
  • The include file curl/curl.h compiles on pre-ISO compilers
  • getting http headers-only could "hang" during 1 second extra
  • verbose passive ftp transfers on AIX could crash
  • improved re-use of dead proxy connections
  • binary HTTP POSTs on Windows did not work (client-code problem)
  • CRLF replacing in uploads was not working
  • -G and -d work together again
  • using verbose when doing ftp passive transfers could core dump
  • IPv6 name lookups work again
  • HTTP POST with data passed in with the read callback now works
  • curl -O segfault
  • --progress-bar
  • Bugfixed a missing newline after --progress-bar output

Fixed in 7.9.5 - Mar 7 2002

Changes:

  • Added CURLOPT_PREQUOTE
  • -w now supports %{content_type}

Bugfixes:

  • fixed the client-side backslash treatment in URLs
  • Mofied the file hierarchy in the archive somewhat
  • fixed the dowloaded header size counter
  • fixed the cookie parser
  • Replaced the former test HTTP server with a new one written in C
  • fixed the total time counter that could end up blank at times
  • Minor portability changes
  • Tweaked name resolves with getaddrinfo() to run faster on Linux
  • fixed big HTTP requests (such as big POSTs)
  • fixed connection timeouts
  • fixed Host: lines on multiple requests over proxy
  • fixed 64bit archtitecture builds.
  • fixed Expect: header disabling
  • Improved the Windows makefiles and install documentation
  • fixed multipart formposts
  • fixed CURLINFO_CONTENT_TYPE
  • fixed another SSL download problem

Fixed in 7.9.4 - Mar 4 2002

Changes:

  • Introduced CURLINFO_CONTENT_TYPE
  • CURLOPT_CUSTOMREQUEST can now be used with CURLOPT_POSTFIELDS

Bugfixes:

  • Improved the gethostbyname_r configure check for HP-UX 11.00
  • Bugfixed the DNS cache
  • Bugfixed SSL download (due to the non-blocking sockets)
  • Only seed SSL once for a program's life time
  • IPv4-only Linux machines could crash on name resolves
  • curl_getdate() is now fully reentrant
  • The header length counter is now reset in each curl_easy_perform()
  • Normal HTTP POSTs no longer append an extra set of CRLF
  • Location: following on persistant connections work
  • No longer installs the multi examples on make install.

Fixed in 7.9.3 - Jan 23 2002

Changes:

  • introduced a DNS lookup cache
  • OpenSSL ENGINE support (read CHANGES for full details)
  • CURLFORM_CONTENTHEADER let's you add headers in form posts

Bugfixes:

  • fixed multipart formposts with non-existing files
  • builds with OpenSSL versions prior to 0.9.5 again
  • SSL session cache crashed when filled
  • improved timeouts with HTTPS
  • bugfixed the cookie engine and parser
  • HTTP code 204 is now treated properly
  • libcurl now provides the FTP response lines to the header callback
  • 64bit-architecture fixes
  • bugfixed using proxy specified in an environment variable
  • made libcurl support FTP operations without any transfer
  • error messages are now stored without newlines
  • -T file names get the path stripped before used remotely
  • minor compiling problems fixed for some platforms

Fixed in 7.9.2 - Dec 5 2001

Changes:

  • --disable-epsv is a new option to the curl command line tool
  • added CURLOPT_FTP_USE_EPSV
  • added CURLINFO_STARTTRANSFER_TIME
  • added the -1/--TLSv1 option

Bugfixes:

  • compiles and builds on the good old Mac OS (in addition to Mac OS X)
  • bugfixed persistant connections over proxy with multiple protocols
  • bugfixed verbose ftp output on Tru64 unix
  • passive ftp download works with IPv6
  • always return proper error code on failed connects
  • bugfixed FTP response reader
  • bugfixed verbose telnet
  • bugfixed conditional HTTP fetches based on time
  • multiple calls to curl_global_init() is now treated better
  • bugfixed multiple ftp requests
  • made -p/--proxytunnel work for plain HTTP as well
  • "current speed" progress meter bugfix
  • improved the name resolver configure check
  • libcurl now restores signal handlers and timeouts properly
  • improved SSL over HTTP-proxy when using weird proxies(!)
  • bugfixed LDAP transfers

Fixed in 7.9.1 - Nov 4 2001

Changes:

  • CURLE_GOT_NOTHING is a new possible error code
  • -0/--http1.0 can now be used to set HTTP 1.0 operations
  • 'curl' no longer uses curl_formparse()
  • non-blocking connects

Bugfixes:

  • much better connection re-use validity check
  • bugfixed connection re-use for FTP urls containing name and password
  • LDAP transfers no longer "hang"
  • a memory leak in the cookie engine was removed
  • curl_easy_duphandle() now duplicates cookie parser status too
  • --fail now only returns error if HTTP code is >= 400
  • a possible memory leak when a transfer failed was removed
  • builds better in cygwin
  • "current speed" meter more accurate
  • -c without -b saves the cookies now
  • bugfixed libcurl for "thread-hopping" on Windows
  • removed memory leak in IPv6-enabled libcurl
  • bugfixed curl_formadd()
  • bugfixed CURLINFO_FILETIME
  • bugfixed cookiejar

Fixed in 7.9 - Sep 23 2001

Changes:

  • -R sets the timestamp of a downloaded file to the same as the remote file
  • -c writes all cookies to a specified file (based on the new libcurl option CURLOPT_COOKIEJAR)
  • SSL session ID caching is being done for multiple requests to the same hosts
  • displays certificate expire date with SSL and verbose output
  • curl_formadd() is a new function to replace the now deprecated curl_formparse() one, for building rfc1867 form posts.
  • release archive now includes all docs as HTML pages too

Bugfixes:

  • now properly returns an error code when connection to an SSL server with a non-legitimate certificate.
  • CURLOPT_COOKIEFILE can now be specified any number of times
  • fixed portability issue in the SSL code
  • -G improvements, now works with -I and on URLs including question mark.
  • various windows compile, build and makefile fixes
  • multiple curl_easy_perform() invokes when a previous invoke followed a Location: could lead to a crash
  • rfc1867-posts are now done including the Expect: 100-continue header.
  • flushes the progress meter stream to improve look on windows
  • fixed the configure script --with-ssl problem

Fixed in 7.8.1 - Aug 20 2001

Changes:

  • added CURLOPT_HTTPGET

Bugfixes:

  • the configure script now sets up socklen_t properly
  • added the -G option that converts -d posts to use GET requests
  • bugfix: CURLOPT_POST without postfields caused libcurl crash
  • bugfixed the URL parser for IPv6 IP addresses (RFC 2732)
  • corrected some minor size_t mixups in the code
  • rfc1867-style form posts no longer has any size-limit
  • bugfixed the redirected stderr feature
  • more test cases added
  • libcurl now verifies the CN name of server certificates when SSLing
  • curl -E supports file names with driver letters now on windows
  • curl-config --libs now includes the path to the installed libcurl
  • file:// with "relative" paths now work like other tools/libs
  • curl builds under RISC OS and OpenVMS now
  • libcurl groks the NCSA httpd 1.5.x weirdo (non-standard) replies
  • curl_escape() no longer tries to skip already encoded data
  • progress callback minor bugfix
  • bugfixed the main transfer select() loop!
  • corrected FTP range downloads
  • better treatment of cut off FTP transfers
  • corrected the libcurl shared library version number
  • improved configure --with-ssl handling
  • multiple file download with resume works better
  • formpost with field names containing space works now
  • the ftp tests now run OK on IPv6 enabled hosts
  • verifying certificates bugfixed

Fixed in 7.8 - Jun 7 2001

Changes:

  • 'curl-config --vernum' shows version number as a hexadecimal number
  • libcurl's got two new functions (for global init/cleanup)

Bugfixes:

  • SSL memory leak fixed
  • new file format for the tests in the test suite
  • netscape/mozilla cookie file parser bugfix
  • everything is now built with autoconf 2.50, libtool 1.4 and automake 1.4-p1
  • libcurl's own version of 'strlcat' no longer pollutes the name space
  • libcurl now treats an already completed resumed download as a successful operation, and not as an error like before
  • https and ftps test cases added to the test suite (depend on stunnel)
  • better white space awareness when parsing HTTP headers
  • curl -I now plays ball even if the ftp server doesn't grok SIZE
  • corrected resumed transfers on re-used persistent connections
  • FTP PORT works again when libcurl is IPv6-enabled
  • corrected path usage when doing multiple FTP transfers
  • several Location: header related bugs corrected

Fixed in 7.7.3 - May 4 2001

Bugfixes:

  • we've discovered that TELNET does not work under win32
  • HTTP Content-Length: 0 works better
  • HTTP 304-replies are better treated
  • persistent connections with mixed chunked and non-chunked transfers work now
  • connection re-use for non-proxy connections on non-default ports work
  • corrected the OpenSSL version string output

Fixed in 7.7.2 - Apr 22 2001

Changes:

Bugfixes:

  • The Perl interface is improved a lot
  • Fixed download resumes on persistent connections
  • connection timeouts work in windows
  • HTTP_PROXY in uppercase is no longer used
  • curl_escape() with a 0 length argument works now
  • the MSVC projects files were updated
  • the Borland makefiles were updated
  • displays OpenSSL 0.9.6a properly in the version string
  • The Host: headers could get wrong on persistent connections

Fixed in 7.7.1 - Apr 3 2001

Bugfixes:

  • location:-fix
  • two crash reasons removed
  • ftps:// support added
  • the perl interface corrected to work with 7.7
  • bugfixed the HTTP/1.0 persistent connection support
  • Passing a read-only URL to libcurl could make it crash on http redirects
  • HEAD responses are now always headers-only
  • curl could re-use connections a little too much
  • different treatment of HTTP error 302
  • following http redirects on persistent connections could reach the maxredirs amount accidentally
  • curl_escape() don't re-encode already encoded letters anymore

Fixed in 7.7 - Mar 22 2001

Changes:

  • supports HTTP proxy with IPv6
  • curl_escape and curl_unescape are now part of the official libcurl interface
  • libcurl speaks HTTP/1.1 lingo now
  • persistent connection support

Bugfixes:

  • the .netrc parser finds the home directory better
  • fixed a crash that could happen with redirects and authentication
  • improved random seeding for SSL connections
  • improved TELNET functionality

Fixed in 7.6.1 - Feb 9 2001

Changes:

  • partial IPv6 support (HTTP without proxy and only "active" FTP so far)
  • two new options to curl_easy_getinfo() for file sizes were added

Bugfixes:

  • following Location: when using Range: requests work
  • telnet works again (7.6 crashed)
  • Corrected the HTTP PUT resume
  • Better Location: and HTTP return code (3xx) treatment
  • Resumed transfer status is displayed in progress meter (though simple)
  • HTTP download resume again complains if Range isn't supported

Fixed in 7.6 - Jan 26 2001

Changes:

  • -g/--globoff was added to disable the URL globbing
  • command line options can be written "merged" -ofile equals -o file
  • initial but still basic IPv6 adjustments

Bugfixes:

  • fixed 'total time' counter to be more accurate
  • possible SSL-read problem fixed (which could make curl return empty HTML)
  • no length restrictions on URLs anywhere in the libcurl code
  • supports building outside the source-tree
  • includes make-target for 'automatic' RPM package creation
  • added multiple URL support on the command line
  • krb4-ftp fixed
  • massive symbol renaming of libcurl internals to decrease name pollution

Fixed in 7.5.2 - Jan 4 2001

Changes:

  • new licensing, MPL or MIT/X

Bugfixes:

  • updated man page
  • FTP commands are now sent in single write()s
  • removed a file descriptor leak when doing PORT ftp
  • improved quote command error checks (FTP)
  • misaligned free() crash removed (patch)

Fixed in 7.5.1 - Dec 11 2000

Changes:

  • added Borland makefiles

Bugfixes:

  • portability fixes for SCO and HPUX
  • using an -o file name that is longer than the URL works (patch)
  • multiple URLs and -o or -O works better! (patch)

Fixed in 7.5 - Dec 1 2000

Changes:

  • new --max-redirs option and corrresponding CURLOPT_MAXREDIRS libcurl option.
  • libcurl now supports getting the time of a remote file
  • --head on a ftp file shows the modification time if available
  • --cacert lets you specify a CA certificate to verify peer certificates against when doing HTTPS connections
  • curl_formfree() added to libcurl
  • added --url to allow URLs to be specified easier in the config file

Bugfixes:

  • the shared libcurl library gets a proper version number now
  • the MSVC++ makefiles are updated to work
  • the test suite is much extened and enhanced
  • supports any URL lengths
  • ftp CWD could use wrong directory name (with trailing slash)
  • ftp transfer failure could leak memory
  • curl_unescape() could return a too long string
  • deals with lowercase environment variables for proxy settings
  • corrected spelling in a few error messages
  • memory leaks removed
  • improved config file parser
  • config file parser crash fixed
  • in HTTP usernames or passwords made bad authorization headers.

Fixed in 7.4.2 - Nov 15 2000

Changes:

  • an initial attempt to make a test suite is included
  • binary/custom package information is added
  • possibility to verify the peer's certificate for HTTPS connections (libcurl)

Bugfixes:

  • configure now attempts to find openssl libs better
  • the Host: port number could be wrong on HTTPS requests
  • -T and -o can be used on the same command line (bugfix)
  • file:// bugfix (free() twice)
  • ftp --head now sets type first, as some servers report different sizes for different types
  • ftp upload resume could hang if the whole file was already uploaded
  • another cookie parser fix
  • added possibilty to replace the internal 'enter password' function (libcurl)
  • encoded username/password in URL is now supported
  • username in http-URL bugfix
  • fixed the timers when location: headers were followed
  • timeouts are now working as supposed (under unix)!
  • the interactive password input on win32 no longer echoes the password
  • config file parser bugfix
  • multiple -d options are now concatenated
  • the memory debug system compiles on more systems
  • passwords specified with -u can now properly contain @!
  • The Host: header no longer sets port number for default ports (HTTP) (as suggested)
  • -Y/-y bug fix (bug report)
  • more informative error message when https has not been built-in

Fixed in 7.4.1 - Oct 16 2000

Bugfixes:

  • Corrected the makefiles in the release archive!

Fixed in 7.4 - Oct 16 2000

Bugfixes:

  • possible buffer overflow by an evil ftp server fixed
  • removed typedef bool from the public include file
  • more PHP-friendly multi-part posts (no more Content-Transfer-Encoding header)
  • FTP forced ASCII transfers fixed
  • memory leaks removed
  • the --longoption parser was corrected
  • HTTP download resume bugfix
  • more information available with -w and curl_easy_getinfo()
  • the HTTP request is now sent in one shot (single write())
  • -w stuff moved out from the libcurl, the information is now served with the new library function curl_easy_getinfo()
  • uploading with curl uses a smaller buffer to start with, to make a better progress meter

Fixed in 7.3 - Sep 28 2000

Changes:

  • --proxytunnel, non-HTTP tunneled through a http proxy is added
  • --interface allows you to specify outgoing interface
  • --krb4 enables kerberos for ftp transfers

Bugfixes:

  • file:// was fixed
  • cookie parser bugfixed
  • OpenSSL 0.9.6 usage fixed
  • multiple downloaded files bugfix
  • more resolver fixes

Fixed in 7.2.1 - Aug 31 2000

Bugfixes:

  • Linux name resolve check in the configure script is fixed
  • -I on ftp was fixed
  • ftp files with + in the file name was corrected.

Fixed in 7.2 - Aug 30 2000

Changes:

  • --data-binary was added to allow fully binary -d style posts.

Bugfixes:

  • Name resolving problems fixed for AIX, HPUX, Digital Unix/Tru64...
  • Updated the VC++ makefile

Fixed in 7.1.1 - Aug 21 2000

Bugfixes:

  • No user but password in a URL is now working properly
  • curl now allows replacing of the Content-Type: and Content-Length: headers when doing -d posts
  • fixed a name resolving problem that appeared at times
  • rearranged the gethostbyname_r() configure test
  • -w did not do well when used with multiple URLs

Fixed in 7.1 - Aug 7 2000

Changes:

  • CURLOPT_PROXYPORT added to curl_easy_setopt() in the lib
  • Now features an 'auto referer' so that curl can set the "correct" referer when following location:
  • removed CURLOPT_PROGRESSMODE from the lib
  • libcurl offers a progress meter callback
  • Lots of symbol renamings in the libcurl public stuff.

Bugfixes:

  • builds libcurl as a shared library with libtool
  • JavaWebServer's incorrect Content-Range headers are supported
  • localtime_r() is now used if available instead of localtime()
  • 'make install' installs the include files properly
  • Replacing an internal HTTP header with one that has no content removes the header
  • user+password is now restricted and sent only to the first host when Location: is followed to another host
  • FTP command response reading now times out properly, even on win32
  • rfc1867 form-posting was extended for use with large text posts
  • FTP transfering (converted) ASCII could make curl wrongly believe the transfer was only partial, there is no way can tell the expected size of a file downloaded in FTP ASCII
  • various manual corrections
  • FTP transfers now accept 250 as well as 226 as a positive end-of-transfer result
  • The configure check for requiring the nsl and socket lib at once was re-added
  • Host: was not displaying the port number as supposed on non-standard ports
  • HTTPS connection failures could slip through and make curl attempt reading at a dead socket
  • Using -F, -I or -d in any weird mix now causes the curl client to alert
  • FTP PORT command bug fixed
  • HTTP POST and then following Location: now causes all except the first requests to become GET.
  • win32 now sends data binary to stdout unless -B / --use-ascii is specified
  • added a README.win32 file
  • Custom headers when doing location: works again
  • libcurl is much more threadsafe
  • Many portability issues have been smoothened out
  • The FTP range support were buggy and is now corrected
  • Major re-organisation of all library internals to allow for a new library interface.
  • A buffer overflow (with URLs larger than 4096 characters) was fixed
  • The FTP sessions are slightly modified and now they're using CWD to change to the directory where the operation is requested.
  • FTP URLs are now treated more like the RFC specifies (minor change)
  • now sends user agent string when talking ftp through a http proxy
  • made the progress meter nicer for sizes between 10 and 100 megabytes
  • no longer checks for install twice in the configure script
  • improved win32 headers for VC++ compiling
  • minor fix when using libcurl in a multi-threaded program
  • the OS/2 port was slightly adjusted
  • location following through a http proxy on a specified non-default port didn't work
  • location following to an absolute URL on a different port didn't work

Fixed in 6.5.2 - Mar 21 2000

Bugfixes:

  • corrected the -D mockup that caused 6.5.1 to crash

Fixed in 6.5.1 - Mar 20 2000

Bugfixes:

  • curl_unescape() buffer overrun removed
  • -w 'http_code' works!
  • OS/2 port
  • adjusted to compile smoothly with MS VC++
  • -D/--dump-header now only writes the file when needed, and not before

Fixed in 6.5 - Mar 13 2000

Changes:

  • -N now disables output buffering
  • the new -w/--write-out allows for script writers to specify what curl should output after a successful request

Bugfixes:

  • now sends cookies space separated
  • Corrected OpenSSL 0.9.5 compliance problems
  • the perl scripts are moved out from the distribution
  • Ultrix port
  • -K config files no longer have a max line length
  • new progress meter to better show both upload and download
  • MacOS X port
  • upload and download now performs simultaneously in case of need. This will make posting of big forms that are "echoed back" to finally work.
  • the cookie parser shouldn't crash on empty cookie names, nor should it send empty cookies to the server anymore.
  • -b now supports both @[filename] and @- for stdin
  • unlimited line lengths in the config file
  • Compiles on sunos4 again
  • Corrected the removed possibility to chose the progress bar
  • Made the max display width with progress bar 79 when the COLUMNS variable isn't set.

Fixed in 6.4 - Jan 17 2000

Changes:

  • Ability to run --quote commands after ftp transfers now, as well as before

Bugfixes:

  • Improved progress meter
  • Getting files with URL syntax codes (%-stuff) from a ftp server was not dealt with nicely
  • -b corrupted the cookie header lines when they were read off a server
  • Cleaned up the interface between the lib and the curl tool.
  • Made the -X's long option change name to --request and now you can specify full request command for ftp listings (like "LIST -l").
  • Improved the --stderr workings for win32.
  • BeOS port by Lars J. Aas!

Fixed in 6.3.1 - Nov 23 1999

Bugfixes:

  • posting an empty variable with -F, like "name=" did cause curl to hang
  • when the download from a http server gets cut off curl now warns about it
  • better error checks when fwrite()ing the output
  • minor fix that may correct the amiga-port problem
  • A lethal cookie bug was fixed.

Fixed in 6.3 - Nov 10 1999

Changes:

  • -b/--cookie is now capable of parsing and understanding the cookies saved in a netscape cookie file. This is useful when you want your script to better inherit the properties of your previous browser session.
  • -H/--header now is capable of replacing internal headers. If you add a header that would've been used internally, the added will be used instead.

Bugfixes:

  • -z (date-dependent HTTP fetches) now works better since we're doing a date comparison in the client as well.
  • Corrected several mistakes in the man page.
  • -I now works for ftp-files too. It merely shows the file size now.
  • Simple range support added for ftp downloads.
  • Following location: in a https:// header could lead to a crash.

Fixed in 6.2 - Oct 21 1999

Changes:

  • --stderr now supports redirecting the stderr stream to stdout or a file now. This is mainly for victims of Windows.
  • the configure script understands --without-ssl now!

Bugfixes:

  • another bug in loction: following with proxies when the protocol part isn't specified was fixed
  • fixed the lib Makefile to not include getpass twice when linking
  • removed core-dump due to bad free after download was complete in src/main.c
  • removed double text output when ftp-downloading
  • config.guess recognizes Mac OS X
  • HTTP headers are now parsed case insensitive!

Fixed in 6.1 - Oct 17 1999

Bugfixes:

  • zlib proved not to be as easy to add as I had anticipated. I'll keep it on hold for now.
  • moved the libcurl include files into a subdir named curl
  • #include zlib.h fixes
  • adjusted the maketgz script to reduce reruns of the configure when building

Fixed in 6.1 beta

Bugfixes:

  • -d now can get data from a file or stdin
  • HTTP: "Accept-Encoding: gzip,compress,deflate" - experiments
  • Misc: Multiple URL download capacity
  • HTTP: Made the -F form posting accept files from stdin as well.

Fixed in 6.0 - Sep 13 1999

Changes:

  • ldap:// with openldap
  • file:// works, for unix and win32

Bugfixes:

  • cookie matching when using HTTP proxy
  • better cookie sending (single line)
  • QUOT fix for ftp
  • ftp upload through http proxy is now allowed using HTTP PUT
  • improved configure openssl path specifier
  • enabled "custom" http requests (like DELETE or TRACE)

Earlier changes elsewhere