~ubuntu-branches/ubuntu/quantal/curl/quantal-updates

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.27.0 (27 Jul 2012)

Guenter Knauf (27 Jul 2012)
- Fixed compiler warning 'unused parameter'.

- Added prototypes to kill compiler warning.

- Added --with-winidn to configure.
  
  This needs another look from the configure experts. I tested that
  it works so far with MinGW64 cross-compiler; libcurl builds and
  links fine, but curl not yet ...

Daniel Stenberg (27 Jul 2012)
- [Ant Bryan brought this change]

  Update man page info on --metalink and typo.

- RELEASE-NOTES: remove mentioned of bug never in a release
  
  The --silent bug came with 7561a0fc834c435 which was never in a release.
  Pointed out by Kamil Dudka

- RELEASE-NOTES: synced with 33b815e894fb
  
  4 more bugfixes, 3 more contributors

Guenter Knauf (26 Jul 2012)
- Changed Windows IDN text to 'WinIDN'.
  
  Synced the output to the same short form as we now use for
  Windows SSL (WinSSL).

Daniel Stenberg (25 Jul 2012)
- [Nick Zitzmann brought this change]

  darwinssl: fixed freeze involving the multi interface
  
  Previously the curl_multi interface would freeze if darwinssl was
  enabled and at least one of the handles tried to connect to a Web site
  using HTTPS. Removed the "wouldblock" state darwinssl was using because
  I figured out a solution for our "would block but in which direction?"
  dilemma.

Guenter Knauf (25 Jul 2012)
- Added support for tls-srp to MinGW builds.

Daniel Stenberg (24 Jul 2012)
- curl_easy_setopt: fix typo
  
  Reported by: Santhana Todatry

- keepalive: multiply value for OS-specific units
  
  DragonFly uses milliseconds, while our API and Linux use full seconds.
  
  Reported by: John Marino
  Bug: http://curl.haxx.se/bug/view.cgi?id=3546257

Kamil Dudka (22 Jul 2012)
- http: print reason phrase from HTTP status line on error
  
  Bug: https://bugzilla.redhat.com/676596

- tool_operate: fix misplaced initialization of orig_noprogress
  
  ... and orig_isatty which caused --silent to be entirely ignored in case
  the standard output was redirected to a file!

Daniel Stenberg (21 Jul 2012)
- [Anton Yabchinskiy brought this change]

  Client's "qop" value should not be quoted (RFC2617, section 3.2.2).

Guenter Knauf (21 Jul 2012)
- Fixed typo.

Daniel Stenberg (20 Jul 2012)
- make: make distclean work again
  
  The clean-local hook needed some polish to make sure make distclean
  works. Added comment describing why.

- test Makefile: only feature 'unit' once in the list of dirs

Dan Fandrich (20 Jul 2012)
- Fixed some typos in documentation

Guenter Knauf (20 Jul 2012)
- Fixed CR issue with Win32 version on MSYS.
  
  Previous fix didnt work on Linux ...

- Fixed CR issue with Win32 version on MSYS.

- Fixed MSYS <-> Windows path convertion.
  
  Replaced the Windows real path from mount hack with a more
  reliable and simpler hack: the MSYS shell has a builtin pwd
  which understands a -W option which does convertion to Windows
  paths. Tested and confirmed that this works on all MSYS versions
  I have back to a 3 year old one.

- Follow-up fix to detect SSL libs with MinGW.
  
  1) the check for winssl needs to come before nss check
  2) the SSL checks must begin with a new if or else we will
  never find any SSL lib with MinGW.

- Tell git to not convert configure-related files.

- Trial to teach runtests.pl about WinSSL.

- Fixed warning 'uninitialized value in numeric gt'.
  
  This is a MSYS/MinGW-only warning; full warning text is:
  Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227.

Daniel Stenberg (15 Jul 2012)
- RELEASE-NOTES: synced with 9d11716933616
  
  Fixed 6 bugs, added 3 contributors

- multi_runsingle: added precaution against easy_conn NULL pointer
  
  In many states the easy_conn pointer is referenced and just assumed to
  be working. This is an added extra check since analyzing indicates
  there's a risk we can end up in these states with a NULL pointer there.

- getparam: fix the GetStr() macro
  
  It should return PARAM_NO_MEM if the strdup fails. Spotted by
  clang-analyzer

Guenter Knauf (15 Jul 2012)
- Tell git to not convert configure-related files.

Daniel Stenberg (13 Jul 2012)
- parse_proxy: remove dead assignment
  
  Spotted by clang-analyzer

- ftp_do_more: add missing check of return code
  
  Spotted by clang-analyzer. The return code was never checked, just
  stored.

- getinfo: use va_end and cut off Curl_ from static funcs
  
  va_end() needs to be used after va_start() and we don't normally use
  Curl_ prefixes for purely static functions.

- [Philip Craig brought this change]

  Split up Curl_getinfo
  
  This avoids false positives from clang's scan-build.

Guenter Knauf (12 Jul 2012)
- Added error checking for curl_global_init().

- Added curl_global_* functions.

- Minor fixes to MinGW makefiles.

Daniel Stenberg (12 Jul 2012)
- docs: mention CURL_GLOBAL_DEFAULT

Guenter Knauf (12 Jul 2012)
- Added curl_global_* functions.

Daniel Stenberg (12 Jul 2012)
- tests: verify the stricter numeric option parser
  
  Test 1409 and 1410 verifies the stricter numeric option parser
  introduced the other day in commit f2b6ebed7b.

- SWS: use of uninitialized memory fix
  
  I made "connmon" not get initialized properly before use, and I use the
  big hammer and make sure we always clear the entire struct to avoid any
  problem like this in the future.

- test48: verify that HEAD doesn't close extra
  
  Two commits ago, we fixed a bug where the connction would be closed
  prematurely after a HEAD. Now I added connection-monitor to test 48 and
  added a second HEAD and make sure that both are sent over the same
  connection.
  
  This triggered a failure before the bug fix and now works. Will help us
  avoid a future regression of this kind.

- connection-monitor: always log disconnect when enabled
  
  This makes verifying easier and makes us more sure curl closes the
  connection only at the correct point in time. Adjusted test 206 and 1008
  accordingly and updated the docs for it.

- HEAD: don't force-close after response-headers
  
  A HEAD response has no body length and gets the headers like the
  corresponding GET would so it should not get closed after the response
  based on the same rules. This mistake caused connections that did HEAD
  to get closed too often without a valid reason.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
  Reported by: Eelco Dolstra

Guenter Knauf (12 Jul 2012)
- Removed trailing empty strings from awk script.

- Cleaned up version awk script.

- Added project copyright header.

- Removed libcurl.imp from Makefile.am.
  
  Updated .gitignore for NetWare created files.

- Added missing dependency to export list.

- Fixed export list path.

- Changed NetWare build to generate export list.

- Added pointer to FAQ for linkage errors.

- Small NetWare makefile tweak.

- Changed MinGW makefiles to use WINSSL now.

Daniel Stenberg (10 Jul 2012)
- test231: fix wrong -C use!

- cmdline: parse numerical options stricter
  
  1 - str2offset() no longer accepts negative numbers since offsets are by
  nature positive.
  
  2 - introduced str2unum() for the command line parser that accepts
  numericals which are not supposed to be negative, so that it will
  properly complain on apparent bad uses and mistakes.
  
  Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html

- docs: switch to proper UTF-8 for text file encoding

Yang Tse (9 Jul 2012)
- Make Curl_schannel_version() return "WinSSL"
  
  Modification based on voting result:
  
  http://curl.haxx.se/mail/lib-2012-07/0104.html

Daniel Stenberg (9 Jul 2012)
- test 46: use different path lengths to get reliable sort order
  
  Since the order of the cookies is sorted by the length of the paths,
  having them on the same path length will make the test depend on what
  order the qsort() implementation will put them. As seen in the
  windows/msys output posted by Guenter in this posting:
  http://curl.haxx.se/mail/lib-2012-07/0105.html

- cookie: fixed typo in comment

- [Christian HÀgele brought this change]

  https_getsock: provided for schannel backend as well
  
  The function https_getsock was only implemented properly when USE_SSLEAY
  or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.
  
  The problem occurs when Curl_read_plain or Curl_write_plain returns
  CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
  the used socket is set to state CURL_POLL_REMOVE and the easy-state is
  set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
  should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
  where https_getsock is called and doesn't return any sockets.

- RELEASE-NOTES: added a URL reference to cookie docs

Guenter Knauf (8 Jul 2012)
- Removed obsolete include path to project root.

Daniel Stenberg (8 Jul 2012)
- TODO-RELEASE: issue 316 NTLM over proxy is fixed

- [Nick Zitzmann brought this change]

  darwinssl: don't use arc4random_buf
  
  Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
  function is not available prior to iOS 4.3 and OS X 10.7.

- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format

- KNOWN_BUGS: #79 - any RCPT TO failure makes and error

Marc Hoersken (8 Jul 2012)
- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help

- winbuild: Make USE_WINSSL depend on USE_SSPI
  
  Since WinSSL cannot be build without SSPI being enabled,
  USE_WINSSL now defaults to the value of USE_SSPI.
  
  The makefile does now raise an error if WinSSL is enabled
  while SSPI is disabled.

- winbuild: Aligned USE_SSPI with other USE_x defines
  
  Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no.
  Backwards compatible change: USE_SSPI can still be passed as external
  parameter with yes/no value as long as ENABLE_SSPI is not given.
  
  USE_x defines are passed around with true/false values internally,
  USE_SSPI is now aligned to this approach, but still accepts external
  values yes/no being passed, just like the other defines.

- winbuild: Clean up formatting and variable naming
  
  - Changed space usage to line up with the whole file
  - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be
    consistent with the other CFLAGS_x variables
  - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS)
    instead of appending directly to CFLAGS

Daniel Stenberg (7 Jul 2012)
- [Nick Zitzmann brought this change]

  darwinssl: output cipher with text, remove SNI warning
  
  The code was printing a warning when SNI was set up successfully. Oops.
  
  Printing the cipher number in verbose mode was something only TLS/SSL
  programmers might understand, so I had it print the name of the cipher,
  just like in the OpenSSL code. That'll be at least a little bit easier
  to understand. The SecureTransport API doesn't have a method of getting
  a string from a cipher like OpenSSL does, so I had to generate the
  strings manually.

- RELEASE-NOTES: synced with 5a99bce07d

- KNOWN_BUGS: NTLM with unicode works with schannel/winssl!
  
  Bug #75 updated with additional info, still remains for builds with
  other backends.

- code police: narrow source to < 80 columns

Yang Tse (5 Jul 2012)
- unicode NTLM SSPI: cleanup follow-up

- unicode NTLM SSPI: cleanup
  
  Reduce the number of #ifdef UNICODE directives used in source files.

Daniel Stenberg (5 Jul 2012)
- tests: use connection-monitor and verify results
  
  Test 1008 and 206 don't show the disconnect since it happens when SWS
  awaits a new request, but 503 does and so the verify section needs that
  string added.

- http-proxy: keep CONNECT connections alive (for NTLM)
  
  When doing CONNECT requests, libcurl must make sure the connection is
  alive as much as possible. NTLM requires it and it is generally good for
  other cases as well.
  
  NTLM over CONNECT requests has been broken since this regression I
  introduced in my CONNECT cleanup commits that started with 41b02378342,
  included since 7.25.0.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
  Reported by: Marcel Raad

- sws: support <servercmd> for CONNECT requests
  
  I moved out the servercmd parsing into a its own function called
  parse_servercmd() and made sure it gets used also when the test number
  is extracted from CONNECT requests. It turned out sws didn't do that
  previously!

- FILEFORMAT: provided a full description of connection-monitor

- lib503: enable verbose to ease debugging this

- sws: add 'connection-monitor' command support
  
  Using this, the server will output in the protocol log when the
  connection gets disconnected and thus we will verify correctly in the
  test cases that the connection doesn't get closed prematurely. This is
  important for example NTLM to work.
  
  Documentation added to FILEFORMAT, test 503 updated to use this.

Guenter Knauf (4 Jul 2012)
- Removed non-used variable.

- Added error checking for samples.

- Renamed vars to avoid shadow global declaration.

Daniel Stenberg (3 Jul 2012)
- docs: clarify how to start with curl_multi_socket_action
  
  Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical
  application.

Guenter Knauf (3 Jul 2012)
- Moved some patterns to subfolder's .gitignore.

- Merge branch 'master' of ssh://github.com/bagder/curl

- MinGW makefile tweaks for running from sh.
  
  Added function macros to make path converting easier.
  Added CROSSPREFIX to all compile tools.

Yang Tse (3 Jul 2012)
- [Marc Hoersken brought this change]

  curl_ntlm_msgs.c: Removed unused variable passwd

Guenter Knauf (3 Jul 2012)
- Added files generated by mingw32, eclipse and VC.
  
  Posted by Marc Hoersken.

Daniel Stenberg (3 Jul 2012)
- cookies: change the URL in the cookie jar file header

- HTTP-COOKIES: clarified and modified layout

- HTTP-COOKIES: use the FAQ document layout

- HTTP-COOKIES: added cookie documentation

Yang Tse (3 Jul 2012)
- curl_ntlm_msgs.c: include <tchar.h> for prototypes

- [Neil Bowers brought this change]

  testcurl.pl: fix missing semicolon

Daniel Stenberg (2 Jul 2012)
- [Christian HÀgele brought this change]

  unicode NTLM SSPI: heap corruption fixed
  
  When compiling libcurl with UNICODE defined and using unicode characters
  in username.

Yang Tse (2 Jul 2012)
- testcurl.pl: allow non in-tree c-ares enabled autobuild

- configure.ac: verify that libmetalink is new enough
  
  Enabling test2017 to test2022.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Added runtime version check for libmetalink

- [Tatsuhiro Tsujikawa brought this change]

  Include metalink/metalink.h for libmetalink functions

Daniel Stenberg (2 Jul 2012)
- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore

- release: cleaned up plans for this and coming release

Yang Tse (29 Jun 2012)
- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang
  
  Currently it is unknown if there is any version of clang that
  actually supports -Wstrict-aliasing. What is known is that there
  are several that don't support it.

- test2017 to test2022: more metalink tests
  
  With this commit, checks done in previous test2017 are now done in test2018.
  
  Whole range test2017 to test2022 DISABLED until configure is capable of
  requiring a new-enough metalink library.
  
  Don't try these without mentioned check in place!

- test2005 to test2016: improve failure detection

- lib582.c: fix conversion warning

- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes

- [Marc Hoersken brought this change]

  nss.c: Fixed size_t conversion warnings

- sslgen.c: cleanup temporary compile-time SSL-backend check

Daniel Stenberg (28 Jun 2012)
- schannel: provide two additional (dummy) API defines

Yang Tse (28 Jun 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Metalink: message updates
  
  Print "parsing (...) OK" only when no warnings are generated.  If
  no file is found in Metalink, treat it FAILED.
  
  If no digest is provided, print WARNING in parse_metalink().
  Also print validating FAILED after download.
  
  These changes make tests 2012 to 2016 pass.

Daniel Stenberg (27 Jun 2012)
- sslgen: avoid compiler error in SSPI builds

Yang Tse (27 Jun 2012)
- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
  
  Reported by Tatsuhiro Tsujikawa
  
  http://curl.haxx.se/mail/lib-2012-06/0371.html

- sslgen.c: add compile-time check for SSL-backend completeness

- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c

- build: add curl_schannel and curl_darwinssl files to other build systems

- tests: add five more Metalink test cases

- tests: update Metalink message format

- [Tatsuhiro Tsujikawa brought this change]

  Metalink: updated message format

- [Nick Zitzmann brought this change]

  DarwinSSL: allow using NTLM authentication
  
  Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.
  
  This uses CommonCrypto, a cryptography library that ships with all versions of
  iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
  less-common cyphers and doesn't have a big number data structure.

- curl_darwinssl.h: add newline at end of file

Daniel Stenberg (26 Jun 2012)
- ossl_seed: remove leftover RAND_screen check
  
  Before commit 2dded8fedba (dec 2010) there was logic that used
  RAND_screen() at times and now I remove the leftover #ifdef check for
  it.
  
  The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
  to keep since it hardly increases randomness but I fear I'll break
  something if I remove it now...

Yang Tse (26 Jun 2012)
- [Nick Zitzmann brought this change]

  DarwinSSL: several adjustments
  
  - Renamed st_ function prefix to darwinssl_
  - Renamed Curl_st_ function prefix to Curl_darwinssl_
  - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
  - Fixed a teensy little bug that made non-blocking connection attempts block
  - Made it so that it builds cleanly against the iOS 5.1 SDK

- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds

- [Marc Hoersken brought this change]

  sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
  
  Fixed warning: dereferencing pointer does break strict-aliasing rules
  by using a union inside the struct Curl_sockaddr_storage declaration.

Daniel Stenberg (26 Jun 2012)
- SSL cleanup: use crypto functions through the sslgen layer
  
  curl_ntlm_msgs.c would previously use an #ifdef maze and direct
  SSL-library calls instead of using the SSL layer we have for this
  purpose.

- [Nick Zitzmann brought this change]

  darwinssl: add support for native Mac OS X/iOS SSL

- RELEASE-NOTES: link to more metalink info

- RELEASE-NOTES: synced with d025af9bb576

Yang Tse (25 Jun 2012)
- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree()

- [Marc Hoersken brought this change]

  curl_schannel.c: Replace free() with Curl_safefree()

- [Tatsuhiro Tsujikawa brought this change]

  curl.1: Updated Metalink description in man page
  
  Documented that --include will be ignored if both --metalink
  and --include are specified.
  Also documented that a Metalink file in the local file system
  cannot be used if FILE protocol is disabled.

Steve Holme (24 Jun 2012)
- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
  
  Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
  Reported by: Nagai H

- smtp: Corrected result code for MAIL, RCPT and DATA commands
  
  Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
  Reported by: Dan

Daniel Stenberg (24 Jun 2012)
- [Ghennadi Procopciuc brought this change]

  test: Added test HTTP receive cookies over IPv6

Yang Tse (22 Jun 2012)
- tests: add another Metalink test case

- [Tatsuhiro Tsujikawa brought this change]

  tests: Enable test2010 and fixed hash value

- [Tatsuhiro Tsujikawa brought this change]

  Metalink: ignore --include if --metalink is used.
  
  Including headers in response body will break Metalink XML parser.
  If it is included in the file described in Metalink XML, hash check
  will fail. Therefore, --include should be ignored if --metalink is
  used.

- tests: add six Metalink test cases

- test 2005: add verification of hash checking outcome

- getpart.pm: remove misleading comment

- [Tatsuhiro Tsujikawa brought this change]

  curl: Prefixed all Metalink related messages with "Metalink: "

- [Tatsuhiro Tsujikawa brought this change]

  tests: Added Metalink test case # 2005

- [Tatsuhiro Tsujikawa brought this change]

  curl: Restore noprogress and isatty config values.
  
  The noprogress and isatty in Configurable are global, in a sense
  that they persist in one curl invocation. Currently once one
  download writes its response data to tty, they are set to FALSE
  and they are not restored on successive downloads.  This change
  first backups the current noprogress and isatty, and restores
  them when download does not write its data to tty.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Made --metalink option toggle Metalink functionality
  
  In this change, --metalink option no longer takes argument.  If
  it is specified, given URIs are processed as Metalink XML file.
  If given URIs are remote (e.g., http URI), curl downloads it
  first. Regardless URI is local file (e.g., file URI scheme) or
  remote, Metalink XML file is not written to local file system and
  the received data is fed into Metalink XML parser directly.  This
  means with --metalink option, filename related options like -O
  and -o are ignored.
  
  Usage examples:
  
  $ curl --metalink http://example.org/foo.metalink
  
  This will download foo.metalink and parse it and then download
  the URI described there.
  
  $ curl --metalink file://foo.metalink
  
  This will parse local file foo.metalink and then download the URI
  described there.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Refactored metalink_checksum
  
  When creating metalink_checksum from metalink_checksum_t, first
  check hex digest is valid for the given hash function.  We do
  this check in the order of digest_aliases so that first good
  match will be chosen (strongest hash function available).  As a
  result, the metalinkfile now only contains at most one
  metalink_checksum because other entries are just redundant.

- [Gisle Vanem brought this change]

  tool_doswin.c: fix djgpp function _use_lfn() used without a prototype
  
  http://curl.haxx.se/mail/archive-2012-06/0028.html

- build: fix RESOURCE bug in lib/Makefile.vc*
  
  Removed two, not intended to exist, RESOURCE declarations.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3535977
  
  And sorted configuration hunks to reflect same internal order
  as the one shown in the usage message.

Daniel Stenberg (20 Jun 2012)
- [Marc Hoersken brought this change]

  schannel: Implement new buffer size strategy
  
  Increase decrypted and encrypted cache buffers using limitted
  doubling strategy. More information on the mailinglist:
  http://curl.haxx.se/mail/lib-2012-06/0255.html
  
  It updates the two remaining reallocations that have already been there
  and fixes the other one to use the same "do we need to increase the
  buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
  renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
  is now.  Since we don't know how much more data we are going to read
  during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
  minimum free space required in the buffer for the next operation.
  CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
  we don't have a step size now, the define was renamed.

Yang Tse (20 Jun 2012)
- schannel SSL: fix compiler warning

- [Mark Salisbury brought this change]

  schannel SSL: fix for renegotiate problem
  
  In schannel_connect_step2() doread should be initialized based
  on connssl->connecting_state.

- [Tatsuhiro Tsujikawa brought this change]

  runtests.pl: make it support metalink feature

- getpart.pm: make test definition section/part parser more robust
  
  Test definition section parts which needed to include xml-lingo as contents
  of that part required that the xml-blurb was written as a single line. Now the
  xml-data inside the part can be written multiline making it more readable.
  
  Tested with <client><file> part which is written to disk before <command> runs.

Daniel Stenberg (20 Jun 2012)
- schannel_connect_step2: checksrc whitespace fix

Yang Tse (20 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: changes in schannel_connect_step2
  
  Process extra data buffer before returning from schannel_connect_step2.
  Without this change I've seen WinCE hang when schannel_connect_step2
  returns and calls Curl_socket_ready.
  
  If the encrypted handshake does not fit in the intial buffer (seen with
  large certificate chain), increasing the encrypted data buffer is necessary.
  
  Fixed warning in curl_schannel.c line 1215.

- [Mark Salisbury brought this change]

  config-win32ce.h: WinCE config adjustment
  
  process.h is not present on WinCE

- [Mark Salisbury brought this change]

  schannel SSL: Made send method handle unexpected cases better
  
  Implemented timeout loop in schannel_send while sending data.  This
  is as close as I think we can get to write buffering; I put a big
  comment in to explain my thinking.
  
  With some committer adjustments

Daniel Stenberg (19 Jun 2012)
- [Marc Hoersken brought this change]

  curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size

Yang Tse (19 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: Use standard Curl read/write methods
  
  Replaced calls to swrite with Curl_write_plain and calls to sread
  with Curl_read_plain.
  
  With some committer adjustments

- schannel SSL: make wording of some trace messages better reflect reality

Daniel Stenberg (19 Jun 2012)
- [Marc Hoersken brought this change]

  curl_schannel.h: Use BUFSIZE as the initial buffer size if available
  
  Make the Schannel implementation use libcurl's default buffer size
  for the initial received encrypted and decrypted data cache buffers.
  The implementation still needs to handle more data since more data
  might have already been received or decrypted during the handshake
  or a read operation which needs to be cached for the next read.

Guenter Knauf (19 Jun 2012)
- Fixed NetWare makefile broken from last commit.

Yang Tse (19 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: Implemented SSL shutdown
  
  curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
  shutdown the connection gracefully, I've seen schannel try to use a
  session ID for future connects and the server aborts the connection
  during the handshake.

- [Mark Salisbury brought this change]

  schannel SSL: certificate validation on WinCE
  
  curl_schannel.c - auto certificate validation doesn't seem to work
  right on CE.  I added a method to perform the certificate validation
  which uses CertGetCertificateChain and manually handles the result.

- [Mark Salisbury brought this change]

  schannel SSL: Added helper methods to simplify code
  
  Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
  easier to set up SecBuffer & SecBufferDesc structs.

Guenter Knauf (18 Jun 2012)
- Some more NetWare makefile tweaks for metalink.

Yang Tse (18 Jun 2012)
- tool_cb_see.c: WinCE build adjustment

- [Mark Salisbury brought this change]

  setup.h: WinCE build adjustment

- [Mark Salisbury brought this change]

  ftplistparser.c: do not compile if FTP protocol is not enabled

- Win32: downplay MS bazillion type synonyms game
  
  Avoid usage of some MS type synonyms to allow compilation with
  compiler headers that don't define these, using simpler synonyms.

Daniel Stenberg (15 Jun 2012)
- Curl_rtsp_parseheader: avoid useless malloc/free
  
  Coverity actually pointed out flawed logic in the previous call to
  Curl_strntoupper() where the code used sizeof() of a pointer to pass in
  a size argument. That code still worked since it only needed to
  uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
  was pointless since the code has already matched the string once in the
  condition that starts the block of code.

- curl_share_setopt: use va_end()
  
  As spotted by Coverity, va_end() was not used previously. To make it
  used I took away a bunch of return statements and made them into
  assignments instead.

Yang Tse (15 Jun 2012)
- SSPI related code: Unicode support for WinCE - kill compiler warnings

- [Mark Salisbury brought this change]

  SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up

- build: add curl_multibyte files to build systems

- [Mark Salisbury brought this change]

  SSPI related code: Unicode support for WinCE
  
  SSPI related code now compiles with ANSI and WCHAR versions of security
  methods (WinCE requires WCHAR versions of methods).
  
  Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.
  
  curl_sasl.c - include curl_memory.h to use correct memory functions.
  
  getenv.c and telnet.c - WinCE compatibility fix
  
  With some committer adjustments

Guenter Knauf (15 Jun 2012)
- Fixed typo.

Yang Tse (14 Jun 2012)
- winbuild/MakefileBuild.vc: convert line endings to DOS style
  
  As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html

- [Marc Hoersken brought this change]

  winbuild: Allow SSPI build with or without Schannel
  
  The changes introduced in commit 2bfa57bc32 are not enough
  to make it actually possible to use the USE_WINSSL option.
  Makefile.vc was not updated and the configuration name which is
  used in the build path did not match between both build files.
  
  This patch fixes those issues and introduces the following changes:
  
  - Replaced the -schannel name with -winssl in order to be consistent
  with the other options
  - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes)
  - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if
  USE_SSL is false and USE_WINSSL was not specified as a parameter
  - Separated WINSSL handling from SSPI handling to be consistent with
  the other options and their corresponding code path

- curl.1: 7.27.0 seems next release

- schannel: fix printf-style format strings

- Fix bad failf() and info() usage
  
  Calls to failf() are not supposed to provide trailing newline.
  Calls to infof() must provide trailing newline.
  
  Fixed 30 or so strings.

- schannel: fix unused parameter warnings

- schannel: fix comparisons between signed and unsigned

- schannel: fix discarding qualifier from pointer type

- schannel: fix shadowing of global declarations

- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations

- [Gisle Vanem brought this change]

  urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
  
  Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
  OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
  via <winldap.h> in ldap.c.
  
  http://curl.haxx.se/mail/lib-2012-06/0196.html

- MakefileBuild.vc: Allow building without SSL
  
  In order to use Windows native SSL support define 'USE_WINSSL'

- configure: new option --with-winssl
  
  This option may be used to build curl/libcurl using SSL/TLS support provided
  by MS windows system libraries. Option is mutually exclusive with any other
  SSL library. Default value is --without-winssl.
  
  --with-winssl option implies --with-sspi option.
  
  Option meaningful only for Windows builds.

Guenter Knauf (13 Jun 2012)
- Changed Schannel string to SSL-Windows-native.
  
  This is more descriptive for the user who might
  not even know what schannnel is at all.

Yang Tse (13 Jun 2012)
- schannel: remove version number and identify its use with 'schannel' literal
  
  Version number is removed in order to make this info consistent with
  how we do it with other MS and Linux system libraries for which we don't
  provide this info.
  
  Identifier changed from 'WinSSPI' to 'schannel' given that this is the
  actual provider of the SSL/TLS support. libcurl can still be built with
  SSPI and without SCHANNEL support.

Daniel Stenberg (12 Jun 2012)
- singlesocket: remove dead code
  
  No need to check if 'entry' is non-NULL in a spot where it is already checked
  and guaranteed to be non-NULL.
  
  (Spotted by a Coverity scan)

- netrc: remove dead code
  
  Remove two states from the enum and the corresponding code for them as
  these states were never reached or used.
  
  (Spotted by a Coverity scan)

Yang Tse (12 Jun 2012)
- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
  
  This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e.
  
  It didn't server its purpose, so lets go back to long-time working code.

- socks_sspi.c: further cleanup

- [Marc Hoersken brought this change]

  socks_sspi.c: Clean up and removal of obsolete minor status
  
  Removed obsolete minor status variable and parameter of status function
  which was never used or set at all. Also Curl_sspi_strerror does support
  only one status and there is no need for a second sub status.

Guenter Knauf (12 Jun 2012)
- Removed trailing whitespaces.

Yang Tse (12 Jun 2012)
- strerror.c: make Curl_sspi_strerror() always return code for errors

- curl_sspi.h: provide sspi status definitions missing in old headers

- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function

- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function

Daniel Stenberg (11 Jun 2012)
- Revert: 634f7cfee40d4658 partially
  
  Make sure CURL_VERSION_SSPI is present and works as in previous releases
  for ABI and API compatibility reasons.

- checksrc: shorten a few lines to comply

- cleanup: remove trailing whitespace

- [Marc Hoersken brought this change]

  winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI
  
  Removed specific WITH_SSL=schannel paramter that did not fit the general
  schema and complicated the parameters. For now Schannel will be enabled
  if SSPI is enabled and OpenSSL is disabled.

- [Steve Holme brought this change]

  Makefile.vc6: Added version.lib if built with SSPI

- [Marc Hoersken brought this change]

  winbuild: Updated winbuild scripts to add schannel

- [Marc Hoersken brought this change]

  mingw32: Fixed warning of USE_SSL being redefined

- [Marc Hoersken brought this change]

  sspi: Fixed incompatible parameter pointer type in Curl_sspi_version

- [Marc Hoersken brought this change]

  sspi: Updated RELEASE-NOTES, FEATURES and THANKS

- [Marc Hoersken brought this change]

  setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined

- [Marc Hoersken brought this change]

  version: Replaced SSPI feature information with version string details
  
  Added Windows SSPI version information to the curl version string when
  SCHANNEL SSL is not enabled, as the version of the library should also
  be included when SSPI is used to generate security contexts.
  
  Removed SSPI from the feature list as the features are GSS-Negotiate,
  NTLM and SSL depending on the usage of the SSPI library.

- [Steve Holme brought this change]

  sspi.c: Post Curl_sspi_version() rework code tidy up
  
  Removed duplicate blank lines.
  Removed spaces between the not and test in various if statements.
  Removed explicit test of NULL in an if statement.
  Placed function returns on same line as function declarations.
  Replaced the use of curl_maprintf() with aprintf() as it is the
  preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
  is set.

- [Steve Holme brought this change]

  sspi: Reworked Curl_sspi_version() to return version components
  
  Reworked the version function to return four version components rather
  than a string that has to be freed by the caller.

- [Guenter Knauf brought this change]

  configure.ac: Added -lversion if built with SSPI

- [Marc Hoersken brought this change]

  schannel: Code cleanup and bug fixes
  
  curl_sspi.c: Fixed mingw32-gcc compiler warnings
  curl_sspi.c: Fixed length of error code hex output
  
  The hex value was printed as signed 64-bit value on 64-bit systems:
  SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)
  
  It is now correctly printed as the following:
  SEC_E_WRONG_PRINCIPAL (0x80090322)
  
  curl_sspi.c: Fallback to security function table version number
  Instead of reporting an unknown version, the interface version is used.
  
  curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
  curl_schannel: Replaced static buffer sizes with defined names
  curl_schannel.c: First brace when declaring functions on column 0
  curl_schannel.c: Put the pointer sign directly at variable name
  curl_schannel.c: Use structs directly instead of typedef'ed structs
  curl_schannel.c: Removed space before opening brace
  curl_schannel.c: Fixed lines being longer than 80 chars

- [Marc Hoersken brought this change]

  curl_sspi: Added Curl_sspi_version function
  
  Added new function to get SSPI version as string.
  Added required library version.lib to makefiles.
  Changed curl_schannel.c to use Curl_sspi_version.

- [Guenter Knauf brought this change]

  schannel: Updated mingw32 makefiles

- [Marc Hoersken brought this change]

  schannel: Replace ASCII specific code with general defines

- [Marc Hoersken brought this change]

  schannel: Added definitions which are missing in mingw32

- [Marc Hoersken brought this change]

  schannel: Moved interal struct types to urldata.h
  
  Moved type definitions in order to avoid inclusion loop

- [Marc Hoersken brought this change]

  schannel: Fixed compiler warnings about pointer type assignments

- [Marc Hoersken brought this change]

  schannel: Fixed critical typo in conditions and added buffer length checks

- [Marc Hoersken brought this change]

  sspi: Refactored socks_sspi and schannel to use same error message functions
  
  Moved the error constant switch to curl_sspi.c and added two new helper
  functions to curl_sspi.[ch] which either return the constant or a fully
  translated message representing the SSPI security status.
  Updated socks_sspi.c and curl_schannel.c to use the new functions.

- [Marc Hoersken brought this change]

  schannel: Added special shutdown check for Windows 2000 Professional
  
  Windows 2000 Professional:  Schannel returns SEC_E_OK instead
  of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
  is zero and the first byte of the encrypted packet is 0x15,
  the application can safely assume that the message was a
  close_notify message and change the return value to
  SEC_I_CONTEXT_EXPIRED.
  
  Connection shutdown does not mean that there is no data to read
  Correctly handle incomplete message and ask curl to re-read
  Fixed buffer for decrypted being to small
  Re-structured read condition to be more effective
  Removed obsolete verbose messages
  Changed memory reduction method to keep a minimum buffer of size 4096

- [Marc Hoersken brought this change]

  schannel: Implemented SSL/TLS renegotiation
  
  Updated TODO information and added related MSDN articles

- [Marc Hoersken brought this change]

  schannel: Save session credential handles in session cache

- [Marc Hoersken brought this change]

  schannel: Code cleanup

- [Marc Hoersken brought this change]

  schannel: Check for required context attributes

- [Marc Hoersken brought this change]

  schannel: Allow certificate and revocation checks being deactivated

- [Marc Hoersken brought this change]

  schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI

- [Marc Hoersken brought this change]

  http: Replaced specific SSL libraries list in https_getsock fallback

- [Marc Hoersken brought this change]

  connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
  
  Fixed warning: dereferencing pointer does break strict-aliasing rules
  by using a union instead of separate pointer variables.
  Internal union sockaddr_u could probably be moved to generic header.
  Thanks to Paul Howarth for the hint about using unions for this.
  
  Important for winbuild: Separate declaration of sockaddr_u pointer.
  The pointer variable *sock cannot be declared and initialized right
  after the union declaration. Therefore it has to be a separate statement.

- [Marc Hoersken brought this change]

  curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated

Yang Tse (11 Jun 2012)
- tests: fix test definitions # 1355, 1363, 1385 and 1393
  
  -i without HTTP protocol shall not include headers in the output

Daniel Stenberg (10 Jun 2012)
- Curl_pgrsDone: return int and acknowledge return code
  
  Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
  abort instruction or similar we need to return that info back and
  subsequently properly handle return codes from Curl_pgrsDone() where
  used.
  
  (Spotted by a Coverity scan)

Steve Holme (10 Jun 2012)
- [Marc Hoersken brought this change]

  winbuild: Fixed environment variables being lost
  
  Fixed USE_IPV6 and USE_IDN not being passed
  from Makefile.vc to MakefileBuild.vc
  Fixed whitespace and formatting issues
  Fixed typo and format in help message

Guenter Knauf (9 Jun 2012)
- Added metalink support to NetWare builds.

Steve Holme (9 Jun 2012)
- smtp.c: Removed unused variable

- smtp: Post apop feature code tidy up

- pop3: Post apop feature code tidy up

- pop3: Added support for apop authentication

- pop3: Enhanced the extended authentication mechanism detection
  
  Enhanced the authentication type / mechanism detection in preparation
  for the introduction of APOP support.

- pop3.c: Fixed length of SASL check

Yang Tse (9 Jun 2012)
- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed

- tests: fix test definitions # 1370 and 1371
  
  -J without -O shall not honor C-D filename

Daniel Stenberg (9 Jun 2012)
- OpenSSL: support longer certificate subject names
  
  Previously it would use a 256 byte buffer and thus cut off very long
  subject names. The limit is now upped to the receive buffer size, 16K.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
  Reported by: Anthony G. Basile

Kamil Dudka (8 Jun 2012)
- ssl: fix duplicated SSL handshake with multi interface and proxy
  
  Bug: https://bugzilla.redhat.com/788526
  Reported by: Enrico Scholz

Daniel Stenberg (8 Jun 2012)
- tool_getparam.h: fix compiler error
  
  forward declare the Configurable struct

- metalink: restore some includes
  
  Commit eeeba1496cbca removed them and thus broke my Linux build

- openldap: OOM fixes
  
  when calloc fails, return error! (Detected by Fortify)
  
  Reported by: Robert B. Harris

Steve Holme (8 Jun 2012)
- sasl: Re-factored mechanism constants in preparation for APOP work

Yang Tse (8 Jun 2012)
- metalink: build fixes and adjustments II
  
  Additionally, make hash checking ability mandatory in order to allow metalink
  support in curl.
  
  A command line option could be introduced to skip hash checking at runtime,
  but the ability to check hashes should always be built-in when providing
  metalink support.

Guenter Knauf (8 Jun 2012)
- Added metalink support to MinGW builds.

Daniel Stenberg (7 Jun 2012)
- log2changes.pl: fix the Version output
  
  Previously it could easily wrongly get repeated

Yang Tse (7 Jun 2012)
- metalink: build fixes and adjustments I

Daniel Stenberg (7 Jun 2012)
- lib554.c: use curl_formadd() properly
  
  The length/size options take longs so make sure to pass on such types.
  
  Reported by: Neil Bowers
  Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html

Steve Holme (7 Jun 2012)
- smtp.c: Re-factored the smtp_state_*_resp() functions
  
  Re-factored the smtp_state_*_resp() functions to 1) Match the constants
  that were refactored in commit 00fddba6727c, 2) To be more readable and
  3) To match their counterparties in pop3.c.

Yang Tse (7 Jun 2012)
- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed

- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP

- tests 1348 to 1363: test definition polishing
  
  Verify that the "Saved to filename 'blabla'" message is only displayed when
  the 'blabla' filename being used _actually_ has been specified by the server
  in the Content-Disposition header.
  
  Use relative path for unintended file creation postcheck.

Steve Holme (6 Jun 2012)
- smtp: Re-factored the SMTP_AUTH* state machine constants
  
  Re-factored the SMTP_AUTH* constants, that are used by the state
  machine, to be clearer to read.

Guenter Knauf (6 Jun 2012)
- Added hint for pkg-config wrapper script.

- Updated Android section with recent NDK.
  
  The r7b had some bugs, and shouldnt be used.

Yang Tse (6 Jun 2012)
- Disable non-HTTP header related tests
  
  These now detect incompleate header data and fail

- tests 1348 to 1363: compleate header data part of test definition

- tests 1334 to 1363 revisited.
  
  Add a postcheck section to verify unintended file creation.
  
  Remove needless <file> checks in verify section. Renumbering where appropriate.

- tests: adjust file part behavior in test verify section.
  
  When a <file> part is now specified with no contents at all, this
  will actually verify that the specified file has no contents at all.
  Previously file contents would be ignored.

Steve Holme (5 Jun 2012)
- smtp.c: Removed whitespace

- pop3: Another small code tidy up
  
  Missed some comments that we identified during the SMTP tidy up earlier.

- smtp: Post authentication code tidy up
  
  Corrected lines longer than 78 characters.
  
  Removed unnecessary braces in smtp_state_helo_resp().
  
  Introduced some comments in data sending functions.
  
  Tidied up comments to match changes made in pop3.c.

Yang Tse (5 Jun 2012)
- tests 1348 to 1363: add a comma in test description

Steve Holme (5 Jun 2012)
- email: Removed duplicated header file

- sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
  
  For consistency with other SASL based functions renamed this function
  to Curl_sasl_create_ntlm_type3_message() which better describes its
  usage.

- pop3: Post authentication code tidy up
  
  Corrected lines longer than 78 characters.
  
  Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
  AUTH command is no longer sent on its own.
  
  Introduced some comments in data sending functions.
  
  Another attempt at trying to rational code and comment style.

- pop3: Added support for sasl digest-md5 authentication

Yang Tse (4 Jun 2012)
- sasl: add reference for curl_sasl

- Makefile.inc: tab adjustment

Daniel Stenberg (4 Jun 2012)
- pop3 tests: CAPA instead of AUTH
  
  After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check
  for CAPA instead of AUTH.

Steve Holme (4 Jun 2012)
- sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
  
  Added a service type parameter to Curl_sasl_create_digest_md5_message()
  to allow the function to be used by different services rather than being
  hard coded to "smtp".

Yang Tse (4 Jun 2012)
- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol
  
  Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN.
  
  Currently 1363 fails, so disabled for now.

Steve Holme (4 Jun 2012)
- tests: Updated pop3 tests for change in auth mechanism detection

- pop3: Changed the sasl mechanism detection from auth to capa
  
  Not all SASL enabled POP3 servers support the AUTH command on its own
  when trying to detect the supported mechanisms. As such changed the
  mechanism detection to use the CAPA command instead.

Daniel Stenberg (4 Jun 2012)
- curl_easy_setopt.3: proto updates + cleanups
  
  - For all *FUNCTION options, they now all show the complete prototype in
    the description. Previously some of them would just refer to a
    typedef'ed function pointer in the curl.h header.
  
  - I made the phrasing of that "Pass a pointer to a function that matches
    the following prototype" the same for all *FUNCTION option descriptions.
  
  - I removed some uses of 'should'. I think I sometimes over-use this
    word as in many places I actually mean MUST or otherwise more specific
    and not-so-optional synonyms.

Yang Tse (4 Jun 2012)
- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol
  
  Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN.
  
  Currently 1355 fails, so disabled for now.

- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol

Steve Holme (4 Jun 2012)
- sasl: Small code tidy up
  
  Reworked variable names in Curl_sasl_create_cram_md5_message() to match
  those in Curl_sasl_create_digest_md5_message() as they are more
  appropriate.

- sasl: Moved digest-md5 authentication message creation from smtp.c
  
  Moved the digest-md5 message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- sasl: Small code tidy up before moving digest-md5 over
  
  Correction of comments and variable names.

- RELEASE-NOTES: Added missing addition of sasl login support

- pop3: Added support for sasl cram-md5 authentication

Daniel Stenberg (3 Jun 2012)
- Curl_sasl_create_plain_message: remove TAB

Steve Holme (3 Jun 2012)
- sasl: Small code tidy up
  
  Added some comments and removed an unreferenced variable.

- pop3.c: Added conditional compilation for NTLM function calls
  
  Added USE_NTLM condition compilation around the NTLM functions called
  from pop3_statemach_act() introduced in commit 69f7156ad96877.

- sasl: Moved cram-md5 authentication message creation from smtp.c
  
  Moved the cram-md5 message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- pop3: Fixed an issue with changes introduced in commit c267c53017bc
  
  Because pop3_endofresp() is called for each line of data yet is not
  passed the line and line length, so we have to use the data pointed to
  by pp->linestart_resp which contains the whole packet, the mechanisms
  were being detected in one call yet the function would be called for
  each line of data.
  
  Using curl with verbose mode enabled would show that one line of data
  would be received in response to the AUTH command, before the AUTH
  <mechanism> command was sent to the server and then the next few lines
  of the original AUTH command would be displayed before the response from
  the AUTH <mechanism> command. This would then cause problems when
  parsing the CRAM-MD5 challenge data as extra data was contained in the
  buffer.
  
  Changed the parsing so that each line is checked for the mechanisms
  and the function returns FALSE until the whole of the AUTH response has
  been processed.

Daniel Stenberg (3 Jun 2012)
- version: bump to 7.27.0 for next release
  
  Due to new features

- RELEASE-NOTES: synced with c4e3578e4bf
  
  Also bumped the contributor number and next release is to become 7.27.0

- THANKS: 16 new contributors from the 7.26.0 release

Steve Holme (3 Jun 2012)
- DOCS: Fixed list in Section 18.2 not displaying correctly on web site

- DOCS: Corrected missed heading renumbering from commit 530675a1ad7

- DOCS: Added IMAP and LDAP sections
  
  Added new sections 11. IMAP and 12. LDAP to document adding SASL based
  authentication.
  
  Renumbered current sections 11 to 17 as 13 to 19.
  
  Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option.

- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8
  
  Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
  is just a nop.

- pop3.c:Corrected typo in commit 69ba0da8272d

- pop3: Fixed the issue of having to supply the user name for all requests
  
  Previously it wasn't possible to connect to POP3 and not specify the
  user name as a CURLE_ACCESS_DENIED error would be returned. This error
  occurred because USER would be sent to the server with a blank user name
  if no mailbox user was specified as the server would reply with -ERR.
  
  This wasn't a problem prior to the 7.26.0 release but with the
  introduction of custom commands the user and/or application developer
  might want to issue a CAPA command without having to log in as a
  specific mailbox user.
  
  Additionally this fix won't send the newly introduced AUTH command if no
  user name is specified.

- pop3.c: Small code tidy up
  
  Corrected lines exceeding 78 characters.
  
  Repositioned some comments and added extra clarity.

- sasl: Corrected variable names in comments and parameters

- pop3: Added support for sasl ntlm authentication

- sasl: Small comment style tidy up following ntlm commit

- sasl: Moved ntlm authentication message handling from smtp.c
  
  Moved the ntlm message creation and decoding from smtp.c into the sasl
  module to allow for use by other modules such as pop3.

- pop3: Added support for sasl login authentication

Yang Tse (1 Jun 2012)
- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol

- tests: support test definitions with up to 5 file checks in <verify> section
  
  This is done introducing tags <file1> to <file4> besides existing <file> one,
  as well as corresponding <stripfile1> to <stripfile4> ones, that can be used
  in the <verify> section in the same way as the non-numbered ones.

Steve Holme (31 May 2012)
- sasl: Moved login authentication message creation from smtp.c
  
  Moved the login message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
  
  Rather than encoding the password message itself the
  smtp_state_authpasswd_resp() function now delegates the work to the same
  function that smtp_state_authlogin_resp() and smtp_authenticate() use
  when constructing the encoded user name.

- smtp.c: Re-factored smtp_auth_login_user() for use with passwords
  
  In preparation for moving to the SASL module re-factored the
  smtp_auth_login_user() function to smtp_auth_login() so that it can be
  used for both user names and passwords as sending both of these under
  the login authentication mechanism is the same.

- pop3: Added support for sasl plain text authentication

- curl_ntlm_msgs.c: Corrected small spelling mistake in comments

- sasl: Moved plain text authentication message creation from smtp.c
  
  Moved the plain text message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

Yang Tse (30 May 2012)
- configure: fix LDAPS disabling related misplaced closing parenthesis

- pop3 test server: allow pop3 test server verification to succeed again
  
  Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further
  pop3 test server expansion for tests that require CAPA or AUTH support,
  although this will need some extra work to make it fully functional.

Steve Holme (28 May 2012)
- pop3: Introduced the continue response in pop3_endofresp()

- pop3: Changed response code from O and E to + and -
  
  The POP3 protocol doesn't really have the concept of error codes and
  uses +, +OK and -ERR in response to commands to indicate continue,
  success and error.
  
  The AUTH command is one of those commands that requires multiple pieces
  of data to be sent to the server where the server will respond with + as
  part of the handshaking. This meant changing the values before
  continuing with the next stage of adding authentication support.

- pop3: Small code tidy up following authentication work so far
  
  Changed the order of the state machine to match the order of actual
  events.
  
  Reworked some comments and function parameter positioning that I missed
  the other day.

Kamil Dudka (28 May 2012)
- nss: use human-readable error messages provided by NSS
  
  Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html

Daniel Stenberg (27 May 2012)
- test1013.pl: filter out Metalink
  
  Since it isn't a feature supported by curl-config we can't compare that
  with the --version output

- pop3: remove variable-not-used warnings

Steve Holme (27 May 2012)
- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
  
  Additionally corrected another RFC link that I missed yesterday.

- pop3: Added support for SASL based authentication mechanism detection
  
  Added support for detecting the supported SASL authentication mechanisms
  via the AUTH command. There are two ways of detecting them, either by
  using the AUTH command, that will return -ERR if not supported or by
  using the CAPA command which will return SASL and the list of mechanisms
  if supported, not include SASL if SASL authentication is not supported
  or -ERR if the CAPA command is not supported. As such it seems simpler
  to use the AUTH command and fallback to normal clear text authentication
  if the the command is not supported.
  
  Additionally updated the test cases to return -ERR when the AUTH command
  is encountered. Additional test cases will be added when support for the
  individual authentication mechanisms is added.

Daniel Stenberg (27 May 2012)
- pop3: remove trailing whitespace

Steve Holme (27 May 2012)
- pop3: Code tidy up before the introduction of authentication code
  
  Moved EOB definition into header file.
  
  Switched the logic around in pop3_endofresp() to allow for the
  introduction of auth-mechanism detection.
  
  Repositioned second and third function variables where they will fit
  within the 78 character line limit.
  
  Tidied up some comments.

Guenter Knauf (27 May 2012)
- Enabled OpenSSL static linkage.

- Enabled OpenSSL static linkage.

- Try to detect OpenSSL build type automatically.

Daniel Stenberg (26 May 2012)
- metalink: fix build errors when disabled

- [Tatsuhiro Tsujikawa brought this change]

  Reduced #ifdef HAVE_METALINK

- [Tatsuhiro Tsujikawa brought this change]

  Disable hash check if neither OpenSSL nor GNUTLS is installed.

- [Tatsuhiro Tsujikawa brought this change]

  Format GETOUT_METALINK nicely

- [Tatsuhiro Tsujikawa brought this change]

  Minimize usage of structs from libmetalink

- [Tatsuhiro Tsujikawa brought this change]

  Check checksum of downloaded file if checksum is available
  
  Metalink file contains several hash types of checksums, such as
  md5, sha-1, sha-256, etc. To deal with these checksums, I created
  abstraction layer based on lib/curl_md5.h and
  lib/md5.c. Basically, they are almost the same but I changed the
  code so that it is not hash type dependent. Currently,
  GNUTLS(nettle or gcrypt) and OpenSSL functions are supported.
  
  Checksum checking is done by reopening download file.  If there
  is an I/O error, the current implementation just prints error
  message and does not try next resource.
  
  In this patch, the supported hash types are: md5, sha-1 and sha-256.

- [Tatsuhiro Tsujikawa brought this change]

  Always create directory hierarchy for Metalink.
  
  Filenames contained in Metalink file can include directory information.
  Filenames are unique in Metalink file, taking into account the directory
  information. So we need to create the directory hierarchy.
  
  Curl has --create-dirs option, but we create directory hierarchy for
  Metalink downloads regardless of the option value.
  
  This patch also put metalink int variable outside of HAVE_LIBMETALINK
  guard. This reduces the number of #ifdefs.

- [Tatsuhiro Tsujikawa brought this change]

  Fixed segmentation fault when Metalink has no valid file or no resource.

- [Tatsuhiro Tsujikawa brought this change]

  Support media-type parameter in Content-Type

- [Tatsuhiro Tsujikawa brought this change]

  Print "Metalink" in Features if Metalink support is enabled.

- [Tatsuhiro Tsujikawa brought this change]

  Removed trailing space

- [ant brought this change]

  Add --metalink to --help

- [ant brought this change]

  Add Metalink information and --metalink option to man page

- [ant brought this change]

  Add Metalink information and --metalink option to man page

- [ant brought this change]

  Adds Metalink information to INSTALL

- [Tatsuhiro Tsujikawa brought this change]

  --metalink option is available regardless of Metalink support.

- [Tatsuhiro Tsujikawa brought this change]

  metalink: parse downloaded Metalink file
  
  Parse downloaded Metalink file and add downloads described there. Fixed
  compile error without metalink support.

- [Tatsuhiro Tsujikawa brought this change]

  Fixed HAVE_LIBMETALINK conditional is always true

- [Tatsuhiro Tsujikawa brought this change]

  metalink: minor metalinkfile fix
  
  Don't update config->metalinkfile_last in operate(). Use local variable
  to point to the current metalinkfile.

- [Tatsuhiro Tsujikawa brought this change]

  metalink: show help message even if disabled
  
  Print message if --metalink is used while metalink support is not
  enabled. Migrated Metalink support in tool_operate.c and removed
  operatemetalink().

- [Tatsuhiro Tsujikawa brought this change]

  Applied patches from Daniel

- [Tatsuhiro Tsujikawa brought this change]

  Support Metalink.
  
  This change adds experimental Metalink support to curl.
  To enable Metalink support, run configure with --with-libmetalink.
  To feed Metalink file to curl, use --metalink option like this:
  
    $ curl -O --metalink foo.metalink
  
  We use libmetalink to parse Metalink files.

Steve Holme (26 May 2012)
- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL

- DOCS: Changed domain names in various examples to example.com
  
  Updated various references of real domain names to example.com as per
  RFC-2606.

- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
  
  Setting bit 2 for this value was documented as having a constant value
  defined as CURL_REDIR_POST_303 yet referenced a 302 request.
  
  Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
  bits and fixed problems with the bolding of keywords in this section.

- DOCS: Standardised how RFCs are referenced.
  
  Standardised how RFCs are referenced so that the website may autolink to
  the correct documentation on ietf.org. Additionally removed the one link
  to RFC3986 on curl.haxx.se.

Yang Tse (26 May 2012)
- Fix libcurl.pc and curl-config generation for static MingW* cross builds

Daniel Stenberg (25 May 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Made -D option work with -O and -J.
  
  To achieve this, first new structure HeaderData is defined to hold
  necessary data to perform header-related work.  Then tool_header_cb now
  receives HeaderData pointer as userdata.  All header-related work
  (currently, dumping header and Content-Disposition inspection) are done
  in this callback function.  HeaderData.outs->config is used to determine
  whether each work is done.
  
  Unit tests were also updated because after this change, curl code always
  sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA.
  
  Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine.

Steve Holme (25 May 2012)
- sasl: Re-factored auth-mechanism constants to be more generic

- smtp: Moved auth-mechanism constants into a separate header file
  
  Move the SMTP_AUTH constants into a separate header file in
  preparation for adding SASL based authentication to POP3 as the two
  protocols will need to share them.

Kamil Dudka (25 May 2012)
- nss: avoid using explicit casts of code pointers

Steve Holme (24 May 2012)
- DOCS: Added LDAP to the CURLOPT_URL section

- TODO: Removed DIGEST-MD5 authentication from SMTP to do list
  
  Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as
  the feature was added to SMTP in 7.26.0.
  
  Also corrected small spelling mistake.

Daniel Stenberg (24 May 2012)
- bump to 7.26.1: start working towards next release

Version 7.26.0 (24 May 2012)

Daniel Stenberg (24 May 2012)
- RELEASE-NOTES: synced with ef60fdbd73
  
  Just before 7.26.0 is about to ship

Steve Holme (22 May 2012)
- smtp: Fixed an issue with the multi-interface always sending postdata
  
  Due to the result code being reset to CURLE_OK when smtp_dophase_done()
  was called, postdata would incorrectly be sent to the server when the
  MAIL FROM or RCPT command was rejected.
  
  As such, libcurl would return the wrong result code from performing the
  operation and additionally set CURLINFO_RESPONSE_CODE to be that
  returned by the postdata command.
  
  Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
  Reported by: Gokhan Sengun

- DOCS: Updated version number for features added in the pending release

Daniel Stenberg (22 May 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Fixed compile error with GNUTLS+NETTLE
  
  In nettle/md5.h, md5_init and md5_update are defined as macros to
  nettle_md5_init and nettle_md5_update respectively.  This causes
  error when using MD5_params.md5_init and md5_update.  This patch
  renames these members as md5_init_func and md5_update_func to
  avoid name conflict. For completeness, MD5_params.md5_final was
  also renamed as md5_final_func.
  
  The changes in curl_ntlm_core.c is conversion error and fixed by
  casting to proper type.

- TODO-RELEASE: mention the pending biggies for 7.27.0

- [Jan Ehrhardt brought this change]

  winbuild: fix IPv6 enabled build
  
  The existing check was wrong so IPv6 support would never be enabled

- 7.26.0: will be the next release version

- RELEASE-NOTES: synced with 8ae1e657e82a
  
  And mention that this will become 7.26.0

Guenter Knauf (22 May 2012)
- Updated dependency libary versions.

Daniel Stenberg (20 May 2012)
- curl-config.1: fix curl-config usage in example
  
  The curl-config command must be used twice in the single command line to
  work properly in some environments.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3528241
  Reported by: Julian Taylor

Steve Holme (17 May 2012)
- smtp: Fixed non-escaping of dot character at beginning of line
  
  A dot character at the beginning of a line would not be escaped to a
  double dot as required by RFC-2821, instead it would be deleted by the
  mail server. Please see section 4.5.2 of the RFC for more information.
  
  Note: This fix also simplifies the detection of repeated CRLF.CRLF
  combinations, such as CRLF.CRLF.CRLF, a little rather than having to
  advance the eob counter to 2.

Daniel Stenberg (16 May 2012)
- FAQ: updated 1.10 How many are using curl?
  
  Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/

- disable-versioned-symbols: removed superfluous 'fi'
  
  The commit e315927a1a left this in

- MakefileBuild.vc: use the correct IDN variable
  
  The variable that control IDN enablement is called USE_IDN within these
  Makefiles

- [Pierre Chapuis brought this change]

  autoconf: improve handling of versioned symbols
  
  It checks whether versioned symbols should be enabled before checking
  whether it is possible (i.e. the linker supports --version-script) or
  not. This avoids a useless warning when building cURL on a platform that
  does not use GNU ld.
  
  Moreover, it fixes broken indentation of this chunk of code.

- curl.1: clarify -x usage
  
  1 - fix the syntax in the .IP line
  
  2 - Provided user names and passwords are URL decoded by libcurl
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3525935

- NTLM: is supported in GnuTLS builds too
  
  ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4

- TODO: happy eyeballs is now RFC6555

- my_useragent: shorten user-agent
  
  The built-in user-agent will now only say curl/[version] and nothing
  else in an attempt to decrease overhead in HTTP requests.

- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too

Claes Jakobsson (3 May 2012)
- Add note about default timeout in CURLOPT_TIMEOUT

Daniel Stenberg (2 May 2012)
- [Gokhan Sengun brought this change]

  MD5: OOM fix
  
  check whether md5 initialization succeeded before updating digest of
  buffers onto it

- REALEASE-NOTES: synced with 64f48e884e3c1

- [Jan Schaumann brought this change]

  add newly created manual page

- [Jan Schaumann brought this change]

  add a manual page for mk-ca-bundle

Guenter Knauf (26 Apr 2012)
- Updated dependency lib versions.

Daniel Stenberg (23 Apr 2012)
- URL parse: reject numerical IPv6 addresses outside brackets
  
  Roman Mamedov spotted (in
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
  not complain when given a URL with an IPv6 numerical address without
  brackets. It would simply cut off the last ":[hex]" part and thus not
  work correctly.
  
  That's a URL using an illegal syntax and now libcurl will instead return
  a clear error code and error message detailing the error.
  
  The above mentioned bug report claims this to be a regression but
  libcurl does not guarantee functionality when given URLs that aren't
  following the URL spec (RFC3986 mostly). I consider the fact that it
  used to handle this differently a mere coincidence.

- Curl_MD5_init: fix OOM memory leak
  
  Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
  Reported by: Michael Mueller

- [Gokhan Sengun brought this change]

  OpenSSL cert: provide more details when cert check fails
  
  curl needs to be more chatty regarding certificate verification failure
  during SSL handshake

Yang Tse (23 Apr 2012)
- Revert "sspi: Added version information"
  
  This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a.

- Revert "sspi - Small code tidy up"
  
  This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687.

- Revert "Fixed 'extra tokens at end of #endif directive'."
  
  This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6.

- Revert "Fixed 'Trailing whitespace' found by checksrc."
  
  This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523.

- Revert "sspi: Code tidy up to remove unused variable."
  
  This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac.

- Revert "Add -lversion if build with SSPI."
  
  This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85.

Guenter Knauf (23 Apr 2012)
- Add -lversion if build with SSPI.

Steve Holme (22 Apr 2012)
- sspi: Code tidy up to remove unused variable.

Guenter Knauf (22 Apr 2012)
- Fixed 'Trailing whitespace' found by checksrc.

- Fixed 'extra tokens at end of #endif directive'.

Steve Holme (22 Apr 2012)
- sspi - Small code tidy up

- sspi: Added version information
  
  Added version information for Windows SSPI to curl's main version
  string and removed SSPI from the features string.

Daniel Stenberg (20 Apr 2012)
- HTTP: empty chunked POST ended up in two zero size chunks
  
  When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
  size of the POST was zero length, it made libcurl first send a zero
  chunk and then the terminating one. This could confuse a receiver and it
  should rather just send the terminating chunk as it does with this fix.
  
  Test case 1333 is added to verify.
  
  Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
  Reported by: Arnaud Compan

Guenter Knauf (20 Apr 2012)
- Updated dependency lib versions.

Daniel Stenberg (19 Apr 2012)
- singleipconnect: return OK even when Curl_socket() fails
  
  Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0).
  
  The singleipconnect() function must not return an error if Curl_socket()
  returns an error. It should then simply return OK and pass a SOCKET_BAD
  back simply because that is how the user of this function expects it to
  work and something else is not fine.
  
  Reported by: Blaise Potard
  Bug: http://curl.haxx.se/bug/view.cgi?id=3516508

Yang Tse (19 Apr 2012)
- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
  
  MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
  SunPro compiler detected curl tool --libcurl option related missing adjustments.

- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
  
  Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.
  
  Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.

- Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
  
  Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
  'unsigned long' for proper handling and operating.

- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed
  
  Info: http://curl.haxx.se/mail/lib-2012-04/0170.html

- Some explicit conversion to 'long' of curl_easy_setopt() third argument
  
  Explicit conversion to 'long' of curl_easy_setopt() third argument for options
  CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are
  docummented to be used.

- build adjustments: commit 9e24b9c7 follow-up

Daniel Stenberg (17 Apr 2012)
- -# progress meter: avoid superfluous updates and duplicate lines
  
  By comparing if a different "progress point" is reached or not since the
  previous update, the progress function callback for this now avoids many
  superfluous screen updates. This has the nice side-effect that it fixes
  a problem that causes a second progress meter line.
  
  The second line output happened because when we use the -# progress
  meter, we force a newline output after the transfer in the main loop in
  curl, but when libcurl calls the progress callback from
  curl_easy_cleanup() it would then output the progress display
  again. Possibly the naive newline output is wrong but this optimization
  was suitable anyway...
  
  Reported by: Daniel Theron
  Bug: http://curl.haxx.se/bug/view.cgi?id=3517418

Yang Tse (16 Apr 2012)
- nss.c: fix compiler warning

- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds
  
  When building a Windows target with gcc 4.5 or newer and strict compiler
  warnings enabled use -Wno-pedantic-ms-format in addition to other flags.

Kamil Dudka (16 Apr 2012)
- tests/valgrind.pm: suppress memleaks of NSS_InitContext()
  
  Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224

Yang Tse (14 Apr 2012)
- setup_once.h: tighten requirements for stdbool.h header inclusion
  
  Include stdbool.h only when it is available and configure is capable of
  detecting a proper 'bool' data type when the header is included.
  
  Compilation fix for old or unpatched versions of XL C compiler.
  
  Report: http://curl.haxx.se/mail/archive-2012-04/0022.html

- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
  
  Usage in other code paths already protected and requiring even newer versions.

- [Jonathan Nieder brought this change]

  headers: surround GCC attribute names with double underscores
  
  This protects from attribute names being defined by third party's code.
  
  Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html

Guenter Knauf (13 Apr 2012)
- Updated copyright year.

Yang Tse (13 Apr 2012)
- testcurl.pl: build example programs for Android cross-compiles

- nss.c: fix compiler warning

- examples: fix compiler warnings

Kamil Dudka (13 Apr 2012)
- nss: provide human-readable names for NSS errors

- nss: use NSS_InitContext() to initialize NSS if available
  
  NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
  collisions on NSS initialization/shutdown with other libraries.
  
  Bug: https://bugzilla.redhat.com/738456

- nss: unconditionally require PK11_CreateGenericObject()
  
  This bumps the minimal supported version of NSS to 3.12.x.

Guenter Knauf (13 Apr 2012)
- Set batch mode to 755 to make Cygwin git pulls work.

- Added section for Android configure cross-compile.

- Added NetWare export.

Yang Tse (12 Apr 2012)
- testcurl.pl: build example programs for MinGW cross-compiles

- tool_operate.c: fix compiler warning

- url.c: fix compiler warning

Guenter Knauf (12 Apr 2012)
- Updated dependency lib versions (2nd try).

- Updated dependency lib versions.

Yang Tse (12 Apr 2012)
- tool_formparse.c: rename a couple of vars to avoid declaration shadowing

- OS400/initscript.sh: fix db2_name() module name generation
  
  Allow repeatable file name length reduction on file names with underscore or
  dash characters. This is done in order to better support libcurl's existing
  source file names and allow OS/400 package to build out of the box again.

- testcurl.pl: log more environment vars that modify configure and build behavior

- configure: NATIVE_WINDOWS no longer defined in config files

- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
  
  configure script now provides conditional definitions for Makefile.am
  that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
  when appropriate.
  
  Additionally, configure script option for symbol hiding control is now
  named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
  old option name --enable-hidden-symbols --disable-hidden-symbols will
  be deprecated in some future release.

- build adjustments: functionally revert commits 4d3fb91f and bbfe1182
  
  Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix.

- test servers: build adjustment
  
  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
  leak from lib/setup.h into source files where this should not be defined.

- libtests: build adjustment
  
  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
  leak from lib/setup.h into source files where this should not be defined.

- curl tool: make setup.h first header included in tool_setup.h again

- curl tool: use configuration files from lib directory - follow-up II
  
  lib/config-win32.h no longer copied to src/config-win32.h

- configure: Windows cross-compilation fixes
  
  BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
  configure will generate appropriate conditionals so that mentioned symbols
  get defined and used in Makefiles at compilation time

- curl tool: make curl.h first header included in tool_setup.h

- curl tool: use configuration files from lib directory - follow-up I
  
  amigaos.[ch] now integrates nicely with any libcurl build

- curl tool: use configuration files from lib directory
  
  Configuration files such as curl_config.h and all config-*.h no longer exist
  nor are generated/copied into 'src' directory, now these only exist in 'lib'
  directory from where curl tool sources uses them.
  
  Additionally old src/setup.h has been refactored into src/tool_setup.h which
  now pulls lib/setup.h
  
  The possibility of a makefile needing an include path adjustment exists.

Daniel Stenberg (6 Apr 2012)
- PolarSSL: correct return code for CRL matches
  
  When a server certificate matches one in the given CRL file, the code
  now returns CURLE_SSL_CACERT as test case 313 expects and verifies.

- PolarSSL: include version number in version string
  
  Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
  same style other libs and components do.

- test: added test 1332 that tests --post303

- curl: add --post303 to set the CURL_REDIR_POST_303 option

- [Andrei Cipu brought this change]

  CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
  
  As it turns out, some people do want that after all.

- test1331: cookies on a 407 response
  
  Verify that cookies are sent back even after a 407 response has been
  received

- [Dag Ekengren brought this change]

  PolarSSL: add support for asynchronous connect

- [Tim Heckman brought this change]

  Revert "access the CA source file using HTTPS"
  
  This reverts commit f7e2ab6.
  
  This change caused fetching of the certificates to become unreliable.
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
  Reported by: Tim Heckman

- [Andrei Cipu brought this change]

  IPv6 cookie domain: get rid of the first bracket before the second.
  
  Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
  character.

- MAIL-ETIQUETTE: Added "How to unsubscribe"
  
  ... as it seems to hard for some people

Yang Tse (4 Apr 2012)
- ftp.c: ftplistparser related OOM handling fix

- smtp.c: fix compiler warnings

- lib599.c: fix compiler warning

Daniel Stenberg (4 Apr 2012)
- runtests: yassl and polarssl are not openssl
  
  Don't set the "has_openssl" variable if yassl or polarssl is found as
  they will simply not work as 100% drop-in replacements for some of the
  stuff the "OpenSSL" feature is used for.
  
  I spotted this problem when doing test runs with PolarSSL builds.

- [Lijo Antony brought this change]

  connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
  
  Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
  returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
  conveys incorrect information to the user.

Steve Holme (2 Apr 2012)
- pop3: Reworked the command sending and handling
  
  Reworked the command sending from two specific LIST and RETR command
  functions into a single command based function as well as the two
  associated response handlers into a generic command handler.

Daniel Stenberg (1 Apr 2012)
- [Dave Reisner brought this change]

  curl tool: add filename_effective token for --write-out
  
  By modifying the parameter list for ourWriteOut() and passing the
  OutStruct that collects data in tool_operate, we get access to the
  remote name that we're writing to. Shell scripters should find this
  useful when used in conjuntion with the --remote-header-name option.

Steve Holme (1 Apr 2012)
- smtp.c: Code policing and tidy up

Daniel Stenberg (1 Apr 2012)
- [Armel Asselin brought this change]

  SSH: public key can now be an empty string
  
  If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
  pass no public key to libssh2 which then tries to compute it from the
  private key. This is known to work when libssh2 1.4.0+ is linked against
  OpenSSL.

- [Tatsuhiro Tsujikawa brought this change]

  OpenSSL: Made cert hostname check conform to RFC 6125
  
  This change replaces RFC 2818 based hostname check in OpenSSL build with
  RFC 6125 [1] based one.
  
  The hostname check in RFC 2818 is ambiguous and each project implements
  it in the their own way and they are slightly different. I check curl,
  gnutls, Firefox and Chrome and they are all different.
  
  I don't think there is a bug in current implementation of hostname
  check. But it is not as strict as the modern browsers do. Currently,
  curl allows multiple wildcard character '*' and it matches '.'. (as
  described in the comment in ssluse.c).
  
  Firefox implementation is also based on RFC 2818 but it only allows at
  most one wildcard character and it must be in the left-most label in the
  pattern and the wildcard must not be followed by any character in the
  label.[2] Chromium implementation is based on RFC 6125 as my patch does.
  Firefox and Chromium both require wildcard in the left-most label in the
  presented identifier.
  
  This patch is more strict than the current implementation, so there may
  be some cases where old curl works but new one does not. But at the same
  time I think it is good practice to follow the modern browsers do and
  follow the newer RFC.
  
  [1] http://tools.ietf.org/html/rfc6125#section-6.4.3
  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483

- HTTP: reset expected DL/UL sizes on redirects
  
  With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
  download size was known (like with a Content-Length header), but the
  subsequent URL (transfered after the 3xx page) was chunked encoded, then
  the previous "known download size" would linger and cause the progress
  meter to get incorrect information, ie the former value would remain
  being sent in. This could easily result in downloads that were WAY
  larger than "expected" and would cause >100% outputs with the curl
  command line tool.
  
  Test case 599 was created and it was used to repeat the bug and then
  verify the fix.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
  Reported by: Michael Wallner

Steve Holme (31 Mar 2012)
- [Gökhan ŞengÌn brought this change]

  smtp: Add support for DIGEST-MD5 authentication

- [Gökhan ŞengÌn brought this change]

  smtp: Cody tidy up of md5 digest length
  
  Replaced the hard coded md5 digest length (16) with a preprocessor
  constant

- [Gökhan ŞengÌn brought this change]

  md5: Add support for calculating the md5 sum of buffers incrementally
  
  It is now possible to calculate the md5 sum as the stream of buffers
  becomes known where as previously it was only possible to calculate the
  md5 sum of a pre-prepared buffer.

Daniel Stenberg (31 Mar 2012)
- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
  
  This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770.
  
  It turned out that "improvement" instead made the fetching of the
  certificates unreliable
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
  Reported by: Tim Heckman

Steve Holme (31 Mar 2012)
- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST

- pop3: Added support for additional pop3 commands
  
  This feature allows the user to specify and use additional POP3
  commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
  curl's -X command line option.

Yang Tse (30 Mar 2012)
- [tetetest tetetest brought this change]

  CMakeLists.txt: fix Windows LDAP/LDAPS option handling
  
  bug: http://curl.haxx.se/mail/lib-2012-03/0278.html

- [tetetest tetetest brought this change]

  CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix
  
  bug: http://curl.haxx.se/mail/lib-2012-03/0255.html

Steve Holme (28 Mar 2012)
- TODO: Corrected POP3 section heading

Yang Tse (28 Mar 2012)
- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
  
  Take in account that h_errno might be a modifiable lvalue not defined as
  a C preprocessor macro

Steve Holme (27 Mar 2012)
- TODO: Added SMTP and POP3 specific features

Yang Tse (27 Mar 2012)
- [Olaf Flebbe brought this change]

  tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0
  
  curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0
  
  bug: http://curl.haxx.se/bug/view.cgi?id=3511794

- test #1405: support HTTP disabled builds

Steve Holme (26 Mar 2012)
- test #809: Updated error code to match recent pop3 changes

Yang Tse (25 Mar 2012)
- ssh.c: code cleanup, Curl_safefree() already nullifies pointer

- fix some compiler warnings

Steve Holme (25 Mar 2012)
- pop3.c: Corrected problem with state() introduced in 01690ed2bce5

- pop.c: Small code tidy up

- pop3: Removed the need for the single message LIST command handler
  
  Simplified the code to remove the need for a separate "LIST <msg id>"
  command handler and state machine and instead use the LIST command
  handler for both operations.

- pop3.c: Code policing and tidy up
  
  Corrected character and line spacing and re-ordered list and retr
  functions based on the order of their state machines.

- email: Moved server greeting responses into separate functions
  
  Moved the server greeting response handling code from the statemach_act
  functions to separate response functions. This makes the code simpler
  to follow and provides consistency with the other responses that are
  handled here.

- pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
  
  Body data would be forwarded to the client application in both the RETR
  and LIST commands even if CURLOPT_NOBODY was specified.

Daniel Stenberg (23 Mar 2012)
- [Rodrigo Silva (MestreLion) brought this change]

  docs: clarify -z/--time-cond with filename (mention mtime)
  
  Original wording could lead users in thinking it tries to
  somehow parse the filename for a date expression (like
  news_2012_03_05.html). It never mentions that it actually
  reads the mtime of the file in filesystem.

Yang Tse (23 Mar 2012)
- tests #1316 #1319 #1320 #1321: add missing keywords

- test #598: add missing keywords

- version: start working on 7.25.1-DEV

Daniel Stenberg (22 Mar 2012)
- [Benjamin Johnson brought this change]

  configure: check for gethostbyname in the watt lib
  
  This allows building of libcurl on DOS using DJGPP 2.04 and Watt-32
  sockets. I know there's already Makefile.djgpp, but I find this more
  convenient since I'm used to using the ./configure script from other
  platforms

- THANKS: 8 new contributors from 7.25.0

Version 7.25.0 (22 Mar 2012)

Daniel Stenberg (22 Mar 2012)
- RELEASE-NOTES: synced with b8b2cf612b2

Yang Tse (22 Mar 2012)
- tests #1400 #1401: add missing keywords

- http_proxy.h: fix builds with proxy or http disabled

- parsedate.c: fix a numeric overflow

Daniel Stenberg (22 Mar 2012)
- [Andrei Cipu brought this change]

  cookies: strip the numerical ipv6 host properly
  
  The commit e650dbde86d4 that stripped off [brackets] from ipv6-only host
  headers for the sake of cookie parsing wrongly incremented the host
  pointer which would cause a bad free() call later on.

Yang Tse (22 Mar 2012)
- test #598: add to Makefile.am

- test #598: OOM handling fixes

- fix several compiler warnings

Daniel Stenberg (22 Mar 2012)
- CONNECT: fix multi interface regression
  
  The refactoring of HTTP CONNECT handling in commit 41b0237834232 that
  made it protocol independent broke it for the multi interface. This fix
  now introduce a better state handling and moved some logic to the
  http_proxy.c source file.
  
  Reported by: Yang Tse
  Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html

- SWS: refuse to serve CONNECT unless running as proxy

Yang Tse (21 Mar 2012)
- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
  
  Take in account that POSIX standard Issue 7 drops h_errno support. Now, we also
  consider getaddrinfo() to be thread-safe when (_POSIX_C_SOURCE >= 200809L) or
  (_XOPEN_SOURCE >= 700) independently of whether h_errno exists or not.

- fix several compiler warnings

- tests 140X: fix --libcurl generated source file reading mode for MSYS builds

- tool_easysrc.c: fix --libcurl option output file text translation mode
  
  Use fopen() with "w" mode instead of "wt" to fix cygwin builds.

- build: remove tool_cb_skt.[ch] references

Daniel Stenberg (18 Mar 2012)
- RELEASE-NOTES: synced with ad77420ac761b
  
  3 more bugs, 1 more contributor

- lwip: basic checks and macros for compatiblity

Yang Tse (17 Mar 2012)
- tool_setopt.c: more OOM handling fixes

Daniel Stenberg (16 Mar 2012)
- cmake: list_spaces_append_once fails with spaces in filename
  
  Windows standard libraries are located in C:/Program Files/Microsoft
  SDKs/[...]. They are already included in the default MSVC
  LIBPATH. Hence, find_library(WSOCK32_LIBRARY wsock32) and
  find_library(WS2_32_LIBRARY ws2_32) are not needed. They return the full
  path to the libraries including spaces. Of course,
  list_spaces_append_once will mangle the result and the build fails.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3494968

Yang Tse (16 Mar 2012)
- http_proxy.c: fix OOM handling

- tool_setopt.c: fix OOM handling

- fix several compiler warnings

- fix some compiler warnings

Daniel Stenberg (13 Mar 2012)
- [Maxim Prohorov brought this change]

  resolve with c-ares: don't resolve IPv6 when not working
  
  If the Curl_ipv6works() function says no, there is no reason to try AAAA
  names even if libcurl was built with IPv6 support enabled.
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0045.html

unknown (10 Mar 2012)
- [Steve Holme brought this change]

  smtp.c: Changed the curl error code for EHLO and HELO responses
  
  Changed the returned curl error codes for EHLO and HELO responses from
  CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response
  from these commands represents no service as opposed to a login error.

Daniel Stenberg (10 Mar 2012)
- RELEASE-NOTES: synced with e650dbde86
  
  New: 12 bugs, 3 changes, 6 contributors and updated counters at the top

- [Andrei Cipu brought this change]

  Curl_http: strip off [brackets] from ipv6-only host headers
  
  Since the host name is passed in to the cookie engine it will not work
  correctly if the brackets are left in the name.
  
  Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html

- [Armel Asselin brought this change]

  CURLSSH_OPT_AUTH: documented it has no effect

- [John Joseph Bachir brought this change]

  mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior.
  
  An alternative would be:
  
  1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE
  2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being
     used
  
  This question and answer explain:
  http://stackoverflow.com/questions/74358/

- [John Joseph Bachir brought this change]

  access the CA source file using HTTPS

- includes: remove inclusion of unused file http_proxy.h

- CONNECT: made generically not per-protocol
  
  Curl_protocol_connect() now does the tunneling through the HTTP proxy if
  requested instead of letting each protocol specific connection function
  do it.

- ssh_connect: tunnel through HTTP proxy if requested

- LWIP: don't consider HAVE_ERRNO_H to be winsock
  
  The check for Winsock definition was a bit too broad
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0046.html

- [Dave Reisner brought this change]

  curl-config: only provide libraries with --libs
  
  In line with the manpage, curl-config --libs should only provide the necessary
  library flags for the linker in order to compile software with libcurl. Also
  with this change, we match what the pkg-config file provides.

- CONTRIB: Please don't send pull requests

- libcurl docs: version corrections
  
  Correct some inconsistencies in which version some things were added.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3494091
  Reported by: "curlybugs"

- CONNECT: fix ipv6 address in the Request-Line
  
  Commit 466150bc64d fixed the Host: header with CONNECT, but I then
  forgot the preceeding request-line. Now this too uses [brackets]
  properly if a ipv6 numerical address was given.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3493129
  Reported by: "Blacat"

- [Steve Holme brought this change]

  SMTP: Added support for returning SMTP response codes
  
  Set the conn->data->info.httpcode variable in smtp_statemach_act() to
  allow Curl_getinfo() to return the SMTP response code via the
  CURLINFO_RESPONSE_CODE action.

- curl.1: updated --libcurl
  
  With Colin Hogben's recent work, --libcurl now also works with -F and
  more. Remove the previous caveat.

- test: --libcurl fixes
  
  The line endings broke when I saved the three recent patches (my fault,
  not Colin's) to 'git am' them.
  
  Adjusted the stripping of the test program for comparing to also exclude
  the SSH key file name as that will differ and use a local path name.

- [Colin Hogben brought this change]

  Add helper script convsrctest.pl to manipulate --libcurl tests.
  
  The intention is to take the output of curl's --libcurl option,
  as exercised in test 14xx, and generate a corresponding test15xx
  in which the generated code is compiled and run.  This will verify
  that the generated code behaves equivalently to the original
  invocation of the curl command.
  
  The script is not yet integrated into the configure / makefile
  machinery.

- [Colin Hogben brought this change]

  Add tests for curl's --libcurl output.
  
  These tests check the output of the --libcurl option of curl,
  including the improved option handling added in a related patch.

- [Colin Hogben brought this change]

  Generate lists and use symbols in --libcurl code output.
  
  This patch improves the output of curl's --libcurl option by
  generating code which builds curl_httppost and curl_slist lists, and
  uses symbolic names for enum and flag values.  Variants of the
  my_setopt macro in tool_setopt.h are added in order to pass extra type
  information to the code-generation step in tool_setopt.c.
  
  If curl is configured with --disable-libcurl-option then the macros
  call curl_easy_setopt directly.

- [Steve Holme brought this change]

  smtp.c: Fixed an issue with writing postdata
  
  Fixed a problem in smtp_done() when writing out the postdata as
  Curl_write() would periodically return zero bytes written.

- CURLOPT_MAIL_AUTH: added in 7.25.0
  
  Brought in commit 0cf0ab6f300

- pop3 test server: send terminating ".CRLF" only
  
  With commit 035ef06bda7 applied, the test pop3 server needs to send
  ".\r\n" as the body terminating sequence and there needs to be a final
  CRLF in the actual body in the test data file.

- [Steve Holme brought this change]

  pop3.c: Fixed drop of final CRLF in EOB checking
  
  Curl_pop3_write() would drop the final CRLF of a message as it was
  considered part of the EOB as opposed to part of the message. Whilst
  the EOB sequence needs to be searched for by the function only the
  final 3 characters should be removed as per RFC-1939 section 3.
  
  Reported by: Rich Gray
  Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html

- [Steve Holme brought this change]

  smtp.c: Fixed an issue with the EOB checking
  
  Curl_smtp_escape_eob() would leave off final CRLFs from emails ending
  in multiple blank lines additionally leaving the smtpc->eob variable
  with the character count in, which would cause problems for additional
  emails when sent through multiple calls to curl_easy_perform() after a
  CURLOPT_CONNECT_ONLY.

- CURLE_FTP_PRET_FAILED: listed twice
  
  Make sure it is mentioned once and with the correct description

- --mail-auth documented

- [Steve Holme brought this change]

  SMTP: Code policing and tidy up

- [Steve Holme brought this change]

  curl: Added support for --mail-auth
  
  Added an extra command-line argument to support the optional AUTH
  parameter in SMTPs MAIL FROM command.

Kamil Dudka (16 Feb 2012)
- docs: mention that NTLM works with NSS, too

Daniel Stenberg (15 Feb 2012)
- [Steve Holme brought this change]

  DOCS: Added information for CURLOPT_MAIL_AUTH.
  
  Added information relating to the new CURLOPT_MAIL_AUTH parameter and
  reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer.
  
  Fixed inconsistencies of "vocalisation of the abbreviation" versus
  "vocalisation of the first word" for all abbreviations.
  
  Corrected a typo in CURLOPT_NOPROXY.

- [Steve Holme brought this change]

  smtp.c: Fixed use of angled brackets in AUTH parameter.
  
  Fixed the use of angled brackets "<>" in the optional AUTH parameter as
  per RFC-2554 section 5. The address should not include them but an
  empty address should be replaced by them.

- [Steve Holme brought this change]

  smtp_mail: Added support to MAIL FROM for the optional AUTH parameter
  
  Added a new CURLOPT_MAIL_AUTH option that allows the calling program to
  set the optional AUTH parameter in the MAIL FROM command.
  
  When this option is specified and an authentication mechanism is used
  to communicate with the mail server then the AUTH parameter will be
  included in the MAIL FROM command. This is particularly useful when the
  calling program is acting as a relay in a trusted environment and
  performing server to server communication, as it allows the relaying
  server to specify the address of the mailbox that was used to
  authenticate and send the original email.

- [toddouska brought this change]

  cyassl: update to CyaSSL 2.0.x API
  
  Modify configure.ac to test for new CyaSSL Init function and remove
  default install path to system.  Change to CyaSSL OpenSSL header and
  proper Init in code as well.
  
  Note that this no longer detects or works with CyaSSL before v2

- LIBCURL_VERSION_NUM: 0x071900
  
  I accidentally left the lowest bits 01 before

- [Steve Holme brought this change]

  SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
  
  Fixed incorrect behavior in smtp_done() which would cause the end of
  block data to be sent to the SMTP server if libcurl was operating in
  connect only mode. This would cause the server to return an error as
  data would not be expected which in turn caused libcurl to return
  CURLE_RECV_ERROR.

- s/7.24.1/7.25.0
  
  We will go straight to 7.25.0 due to the new additions

- curlver.h: bumped to 7.25.0
  
  and updated the end year in the generic copyright string

- RELEASE-NOTES: synced with 2b26eb985
  
  9 bug fixes, 4 changes and numerous contributors
  
  Bumped release version and option counters

- [Colin Hogben brought this change]

  configure: add option disable --libcurl output

- [Alessandro Ghedini brought this change]

  curl tool: allow negative numbers as option values
  
  Fix the str2num() function to not check if the input string starts with a
  digit, since strtol() supports numbers prepended with '-' (and '+') too.
  This makes the --max-redirs option work as documented.

- parse_proxy: simply memory handling
  
  ... by making sure that the string is always freed after the invoke as
  parse_proxy will always copy the data and this way there's a single
  free() instead of multiple ones.

- parse_proxy: bail out on zero-length proxy names!
  
  The proxy parser function strips off trailing slashes off the proxy name
  which could lead to a mistaken zero length proxy name which would be
  treated as no proxy at all by subsequent functions!
  
  This is now detected and an error is returned. Verified by the new test
  1329.
  
  Reported by: Chandrakant Bagul
  Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html

Kamil Dudka (9 Feb 2012)
- nss: add support for the CURLSSLOPT_ALLOW_BEAST option
  
  ... and fix some typos from the 62d15f1 commit.

Daniel Stenberg (9 Feb 2012)
- [Rob Ward brought this change]

  configure: don't modify LD_LIBRARY_PATH for cross compiles

- --ssl-allow-beast added
  
  This new option tells curl to not work around a security flaw in the
  SSL3 and TLS1.0 protocols. It uses the new libcurl option
  CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.

- CURLOPT_SSL_OPTIONS: added
  
  Allow an appliction to set libcurl specific SSL options. The first and
  only options supported right now is CURLSSLOPT_ALLOW_BEAST.
  
  It will make libcurl to disable any work-arounds the underlying SSL
  library may have to address a known security flaw in the SSL3 and TLS1.0
  protocol versions.
  
  This is a reaction to us unconditionally removing that behavior after
  this security advisory:
  
  http://curl.haxx.se/docs/adv_20120124B.html
  
  ... it did however cause a lot of programs to fail because of old
  servers not liking this work-around. Now programs can opt to decrease
  the security in order to interoperate with old servers better.

- [Dave Reisner brought this change]

  curl: use new library-side TCP_KEEPALIVE options
  
  Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via
  the sockopt callback. If --keepalive-time is used, apply the value to
  CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL.

- [Dave Reisner brought this change]

  add library support for tuning TCP_KEEPALIVE
  
  This adds three new options to control the behavior of TCP keepalives:
  
  - CURLOPT_TCP_KEEPALIVE: enable/disable probes
  - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
  - CURLOPT_TCP_KEEPINTVL: delay between successive probes
  
  While not all operating systems support the TCP_KEEPIDLE and
  TCP_KEEPINTVL knobs, the library will still allow these options to be
  set by clients, silently ignoring the values.

- curl_easy_reset: reset the referer string
  
  When CURLOPT_REFERER has been used, curl_easy_reset() did not properly
  clear it.
  
  Verified with the new test 598
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3481551
  Reported by: Michael Day

Yang Tse (7 Feb 2012)
- curl tool: allow glob-loops to abort again upon critical errors
  
  This prevents clobbering of non recoverable error return codes while
  retaining intended functionality of commit 65103efe

Daniel Stenberg (6 Feb 2012)
- curl tool: don't abort glob-loop due to failures
  
  We want to continue to the next URL to try even on failures returned
  from libcurl. This makes -f with ranges still get subsequent URLs even
  if occasional ones return error. This was a regression as it used to
  work and broke in the 7.23.0 release.
  
  Added test case 1328 to verify the fix.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3481223
  Reported by: Juan Barreto

- CONNECT: send correct Host: with IPv6 numerical address
  
  When the target host was given as a IPv6 numerical address, it was not
  properly put within square brackets for the Host: header in the CONNECT
  request. The "normal" request did fine.
  
  Reported by: "zooloo"
  Bug: http://curl.haxx.se/bug/view.cgi?id=3482093

- [Martin Storsjo brought this change]

  Explicitly link to the nettle/gcrypt libraries
  
  When support for nettle was added in 64f328c787ab, I overlooked
  the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS
  if the check succeeded, if a custom success code block was present.
  (The previous version of the check had an empty block for
  successful checks, adding the lib to LIBS implicitly.)
  
  Therefore, explicitly add either nettle or gcrypt to LIBS, after
  deciding which one to use. Even if they can be linked in
  transitively, it is safer to actually link explicitly to them.
  
  This fixes building with gnutls with linkers that don't allow
  linking transitively, such as for windows.

- [Pierre Ynard brought this change]

  more resilient connection times among IP addresses
  
  When connecting to a domain with multiple IP addresses, allow different,
  decreasing connection timeout values. This should guarantee some
  connections attempts with sufficiently long timeouts, while still
  providing fallback.

- [Pierre Ynard brought this change]

  remove write-only variable

Pierre Joye (26 Jan 2012)
- Merge branch 'master' of github.com:bagder/curl

- - fix IPV6 and IDN options

Yang Tse (25 Jan 2012)
- TODO-RELEASE: added item #308

Daniel Stenberg (25 Jan 2012)
- THANKS: imported contributors from 7.24.0 RELEASE-NOTES

Yang Tse (25 Jan 2012)
- test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit

- version: start working on 7.24.1-DEV

Dan Fandrich (24 Jan 2012)
- curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions

Version 7.24.0 (24 Jan 2012)

Daniel Stenberg (24 Jan 2012)
- RELEASE-NOTES: synced with 70f71bb99f7ed9
  
  Synced and prepared for 7.24.0 release. Two security problems, one bug fix,
  two more contributors.

- gnutls: enforced use of SSLv3
  
  With advice from Nikos Mavrogiannopoulos, changed the priority string to
  add "actual priorities" and favour ARCFOUR. This makes libcurl work
  better when enforcing SSLv3 with GnuTLS. Both in the sense that the
  libmicrohttpd test is now working again but also that it mitigates a
  weakness in the older SSL/TLS protocols.
  
  Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html
  Reported by: Christian Grothoff

- tests: test CRLF in URLs
  
  Related to the security vulnerability: CVE-2012-0036
  
  Bug: http://curl.haxx.se/docs/adv_20120124.html

- URL sanitize: reject URLs containing bad data
  
  Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
  decoded manner now use the new Curl_urldecode() function to reject URLs
  with embedded control codes (anything that is or decodes to a byte value
  less than 32).
  
  URLs containing such codes could easily otherwise be used to do harm and
  allow users to do unintended actions with otherwise innocent tools and
  applications. Like for example using a URL like
  pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
  a mail and instead this would delete one.
  
  This flaw is considered a security vulnerability: CVE-2012-0036
  
  Security advisory at: http://curl.haxx.se/docs/adv_20120124.html
  
  Reported by: Dan Fandrich

- OpenSSL: don't disable security work-around
  
  OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
  (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
  to SSL_OP_ALL that _disables_ that work-around despite the fact that
  SSL_OP_ALL is documented to do "rather harmless" workarounds.
  
  The libcurl code uses the SSL_OP_ALL define and thus logically always
  disables the OpenSSL fix.
  
  In order to keep the secure work-around workding, the
  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
  makes sure of this.
  
  Reported by: product-security at Apple

- RELEASE-NOTES: synced with 6e2fd2c9ea
  
  3 more bugfixes, 3 more contributors

- CURLOPT_ACCEPTTIMEOUT_MS: spellfix

Dan Fandrich (20 Jan 2012)
- examples: updated README with two new example programs

Daniel Stenberg (20 Jan 2012)
- URL parse: user name with ipv6 numerical address
  
  Using a URL with embedded user name and password didn't work if the host
  was given as a numerical IPv6 string, like ftp://user:password@[::1]/
  
  Reported by: Brandon Wang
  Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html

Yang Tse (20 Jan 2012)
- telnet.c: fix OOM triggered segfault

- testtrace.c: fix compiler warning

- OpenSSL: follow-up for commit a20daf90e3
  
  avoid checking preprocessor definition official value

Pierre Joye (19 Jan 2012)
- - s, use, enable, for options name, avoiding conflicts with the names used in the makefile

Daniel Stenberg (19 Jan 2012)
- curl.1: improve --stderr wording
  
  As is pointed out in this bug report, there can indeed be situation
  where --stderr has a point even when the "real" stderr can be
  redirected. Remove the superfluous and wrong comment.
  
  bug: http://curl.haxx.se/bug/view.cgi?id=3476020

- KNOWN_BUGS: can't receive zero bytes file properly
  
  http://curl.haxx.se/bug/view.cgi?id=3438362

Yang Tse (18 Jan 2012)
- ssl session caching: fix compiler warnings

Daniel Stenberg (18 Jan 2012)
- polarssl: show cipher suite name correctly with 1.1.0
  
  Apparently ssl_get_ciphersuite() is needed to get the name of the used
  cipher suite.

- polarssl: show error code correctly
  
  The value was turned negative when it shouldn't have been

- polarssl: havege_rand is not present in version 1.1.0
  
  ... it is now named havege_random!
  
  Reported by: Robert Schumann
  Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html

- RELEASE-NOTES: synced with 5d70a61b94604
  
  5 more bug fixes, 1 more contributor

- [Colin Hogben brought this change]

  Add two tests for telnet: URLs
  
  Add simple telnet tests which (ab)use the http server.
  The second test checks for an input file handling bug.

- [Colin Hogben brought this change]

  Remove bogus optimisation of telnet upload.
  
  Remove wrongly implemented optimisation of telnet upload, apparently
  intended to allow the library to avoid manually polling for input.

- [Colin Hogben brought this change]

  Use correct file descriptor for telnet upload.
  
  Fix a bug where input was read from stdin even when a different FILE *
  had been configured via CURLOPT_READDATA

Yang Tse (18 Jan 2012)
- OpenLDAP: fix LDAP connection phase memory leak
  
  bug: http://curl.haxx.se/bug/view.cgi?id=3474308

- [Johannes Bauer brought this change]

  OpenSSL: fix PKCS#12 certificate parsing related memory leak
  
  Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
  and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.

- OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled
  
  SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull
  interoperability with web server Netscape Enterprise Server 2.0.1 released
  back in 1996 more than 15 years ago.
  
  Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
  become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
  CVE-2010-4180 when using previous OpenSSL versions we no longer enable
  this option regardless of OpenSSL version and SSL_OP_ALL definition.

- tests: enable time tracing on tests 500, 573 and 585

- tests: testtrace.[ch] provides debug callback for libtest usage
  
  Allows tests from the libtest subdir to generate log traces
  similar to those of curl with --tracetime and --trace-ascii
  options but with output going to stderr.

- sws.c: fix proxy mode secondary connection monitoring condition

- add LF termination to infof() trace string

- sws.c: improve proxy mode torture testing support - followup to 18c6c8a5

Daniel Stenberg (16 Jan 2012)
- url2file: new simple example
  
  Just showing how to download the contents of a given URL into a local
  file.
  
  Based on a suggestion and example code by Georg Potthast

- imap.c: a dead simple imap example
  
  Just to show that IMAP is used just like other protocols

Yang Tse (16 Jan 2012)
- sws.c: improve proxy mode torture testing support - followup to c731fc58

- sws.c: improve proxy mode torture testing support - followup to d4bf87dc

- Curl_proxyCONNECT() trace known bug #39

Daniel Stenberg (14 Jan 2012)
- test: verify HTTP response code 308
  
  This newly speced HTTP status code already works as intended in the new
  spec:
  http://greenbytes.de/tech/webdav/draft-reschke-http-status-308-02.html
  
  Test 1325 is added to verify that the method is kept after the redirect

Yang Tse (13 Jan 2012)
- http_negotiate_sspi.c: fix compiler warning

- ssh.c: fix compiler warning

- sws.c: improve proxy mode torture testing support

Daniel Stenberg (12 Jan 2012)
- RELEASE-NOTES: synced with 9f20379fe4
  
  5 bug fixes, 3 more contributors

- hostip: avoid getaddrinfo when c-ares is used
  
  Some functions using getaddrinfo and gethostbyname were still
  mistakingly being used/linked even if c-ares was selected as resolver
  backend.
  
  Reported by: Arthur Murray
  Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html

Yang Tse (9 Jan 2012)
- sws.c: replace sleep() usage with wait_ms()

Daniel Stenberg (9 Jan 2012)
- [gsengun brought this change]

  FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed
  
  Test 161 updated accordingly

Yang Tse (8 Jan 2012)
- sws.c: some compiler warning fixes

- lib/setup.h: portable symbolic names for Winsock shutdown() mode flags

- sws.c: 812fa73057 follow-up

- sws.c: some IPv6 proxy mode peparatory adjustments

Daniel Stenberg (5 Jan 2012)
- curl.h: provide backwards compatible symbols
  
  In commit c834213ad52 we re-used some obsolete error codes, and here are
  two defines that makes sure existing source codes that happen to use any
  of these deprecated ones will still compile.
  
  As usual, define CURL_NO_OLDIES to avoid getting these "precaution
  defines".

- win32-threaded-resolver: stop using a dummy socket
  
  Previously the code would create a dummy socket while resolving just to
  have curl_multi_fdset() return something but the non-win32 version
  doesn't do it this way and the creation and use of a socket that isn't
  made with the common create-socket callback can be confusing to apps
  using the multi_socket API etc.
  
  This change removes the dummy socket and thus will cause
  curl_multi_fdset() to return with maxfd == -1 more often.

- [Peter Sylvester brought this change]

  OpenSSL: remove reference to openssl internal struct
  
  With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN
  cflag. This flag might become the default in some distant future.

Yang Tse (4 Jan 2012)
- test1320 test1321: avoid User-Agent comparison

- httpserver.pl: reorder sws command line options
  
  make 'pidfile' and 'logfile' options appear first on command line in order
  to ensure that processing of other options which write to logfile do this
  to intended file and not the default one.

- sws.c: fix proxy mode segfault

- tool_formparse.c: fix compiler warning: enumerated type mixed with another type

- krb5.c: fix compiler warning: variable set but not used

Daniel Stenberg (4 Jan 2012)
- KNOWN_BUGS: #77 CURLOPT_FORBID_REUSE kills NTLM

- [Steve Holme brought this change]

  Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.
  
  Fixed a problem in POP3 and IMAP where a connection would fail when
  CURLUSESSL_TRY was specified for a server that didn't support
  SSL/TLS connections rather than continuing.

- [Steve Holme brought this change]

  Fixed incorrect error code being returned in STARTTLS
  
  The STARTTLS response code in SMTP, POP3 and IMAP would return
  CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
  was not available on the server.
  
  Reported by: Gokhan Sengun
  Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html

- curl_easy_setopt: refer to the most recent URI RFC

- RELEASE-NOTES: synced with 2f4a487a68
  
  Two bugfixes, two more contributors

- tests: test IMAP, POP3 and SMTP over HTTP proxy tunnel

- test proxy supports CONNECT
  
  There's a new 'http-proxy' server for tests that runs on a separate port
  and lets clients do HTTP CONNECT to other ports on the same host to
  allow us to test HTTP "tunneling" properly.
  
  Test cases now have a <proxy> section in <verify> to check that the
  proxy protocol part matches correctly.
  
  Test case 80, 83, 95, 275, 503 and 1078 have been converted. Test 1316
  was added.

- curl_easy_strerror.3: minor synopsis edit of the look

Yang Tse (2 Jan 2012)
- hostip.c: fix potential write past the end of string buffer

- hostip.c: fix Curl_loadhostpairs() OOM handling

- runtests.pl: on test failure, don't show trace log files of other tests

Daniel Stenberg (1 Jan 2012)
- Curl_input_negotiate: use the correct buffer for input
  
  Unfortunately we have no test cases for this and I have no SSPI build or
  server to verify this with. The change seems simple enough though.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3466497
  Reported by: Patrice Guerin

- runtests: put trace outputs in log/trace[num] for all tests

- just a stupid typo

- SFTP dir: increase buffer size counter
  
  When the buffer gets realloced to hold the file name in the
  SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly.
  
  Reported by: Armel Asselin
  Patch by: Armel Asselin
  Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html

- RELEASE-NOTES: synced with 81ebdd9e287
  
  6 more bugfixes, 3 more contributors

- create_hostcache_id: use the key lower cased
  
  ... to make sure the DNS cache is properly case insensitive

- changed case: use new host name for subsequent HTTP requests
  
  When a HTTP connection is re-used for a subsequent request without
  proxy, it would always re-use the Host: header of the first request. As
  host names are case insensitive it would make curl send another host
  name case that what the particular request used.
  
  Now it will instead always use the most recent host name to always use
  the desired casing.
  
  Added test case 1318 to verify.
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html
  Reported by: Alex Vinnik

- CURLOPT_RESOLVE: avoid adding already present host names
  
  The load host names to DNS cache function was moved to hostip.c and it
  now makes sure to not add host names that already are present in the
  cache. It would previously lead to memory leaks when for example using
  the --resolve and multiple URLs on the command line.

Dan Fandrich (31 Dec 2011)
- runtests.pl: Use logmsg more consistently

Daniel Stenberg (30 Dec 2011)
- [Alessandro Ghedini brought this change]

  examples: update README, Makefile.inc and gitignore with pop3s examples

- [Alessandro Ghedini brought this change]

  examples: add a couple of simple pop3s examples
  
  These examples show how to fetch a single message (RETR command) and how to
  list all the messages in a given mailbox (LIST command), with authentication
  via SSL.
  
  They were both based on the https.c example.

Yang Tse (30 Dec 2011)
- removed execute file permission

- removed trailing whitespace

- ftpserver.pl: arbitrary application data splitting among TCP packets [II]
  
  Take in account that 'pingpong' server commands may arrive splitted among
  several sockfilt 'DATA' PDU's.

- ftpserver.pl: arbitrary application data splitting among TCP packets [I]
  
  Initial step in order to allow our pingpong server to better support arbitrary
  application data splitting among TCP packets. This first commit only addresses
  reasembly of data that sockfilter processes reads from soockets and pingpong
  server later reads from sockfilters stdout.

- testcurl.pl: 82c344a3 follow-up

- testcurl.pl: log ACLOCAL_FLAGS

- testcurl.pl: third party m4 warnings filtering adjustment
  
  Make testcurl.pl ignore messages pertaining to third party m4 files we don't
  care nor use on a file basis policy while retaining all other warnings.
  
  This closes temporary commit e71e226f

Kamil Dudka (25 Dec 2011)
- transfer: avoid unnecessary timeout event when waiting for 100-continue
  
  The commit 9dd85bc unintentionally changed the way we compute the time
  spent waiting for 100-continue.  In particular, when using a SSL client
  certificate, the time spent by SSL handshake was included and could
  cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up.
  
  Bug: https://bugzilla.redhat.com/767490
  Reported by: Mamoru Tasaka

Yang Tse (25 Dec 2011)
- transfer.c: move a logging statement placement

- hash.c: fix OOM triggered segfault

Daniel Stenberg (24 Dec 2011)
- ftp_do_more: don't return success until all is done
  
  ftp_do_more() returns after accepting the server connect however it
  needs to fall through and set "*complete" to TRUE before exit from the
  function.
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
  Reported by: Gokhan Sengun

- Curl_do_more: fix typo logic
  
  In the recent do_more fix the new logic was mistakenly checking the
  pointer instead of what it points to.
  
  Reported by: Gokhan Sengun
  Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html

- SFTP mkdir: use correct permission
  
  When sending quote command to a SFTP server and 'mkdir' was used, it
  would send fixed permissions and not use the CURLOPT_NEW_DIRECTORY_PERMS
  as it should.
  
  Reported by: Armel
  Patch by: Armel
  Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html

Yang Tse (23 Dec 2011)
- buildconf: minor tweaks commit 430527a1 follow-up

Daniel Stenberg (23 Dec 2011)
- [Colin Hogben brought this change]

  Require a less ancient version of perl
  
  The INTERNALS document suggested that compatibility should be
  maintained with perl version 4, but this was untrue - scripts such as
  chksource.pl and runtests.pl use perl5-isms.

- resolve: don't leak pre-populated dns entries
  
  CURLOPT_RESOLVE populates the DNS cache with entries that are marked as
  eternally in use. Those entries need to be taken care of when the cache
  is killed off.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3463121
  Reported by: "tw84452852"

- new test: verify --resolve
  
  Test 1317 verifies --resolve (leaked memory)
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3463121
  Reported by: "tw84452852"

Yang Tse (23 Dec 2011)
- testcurl.pl: temporary change
  
  Allow autobuilds to run a couple of days without filtering out aclocal
  underquoted definition warnings.

Daniel Stenberg (21 Dec 2011)
- operate: removed a single trailing space

Dan Fandrich (21 Dec 2011)
- --retry: Retry transfers on timeout and DNS errors

Yang Tse (21 Dec 2011)
- buildconf: minor tweaks

- formdata.c: OOM handling fixes

Daniel Stenberg (21 Dec 2011)
- TODO: 1.7 Happy Eyeball dual stack connect

Dan Fandrich (20 Dec 2011)
- runtests.pl: Fixed perl warning when using the -l option

Daniel Stenberg (20 Dec 2011)
- RELEASE-NOTES: added two references

- Curl_socket_check: enlarge poll struct array to 3
  
  This function was introduced in commit 5527417afae0 and as pointed out
  by Gokhan Sengun, the array with poll structs must large enough to hold
  3 sockets since that is what the function can accept. It could be noted
  that he had this fixed in his patch as posted in
  http://curl.haxx.se/mail/lib-2011-12/0179.html
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0228.html
  Reported by: Gokhan Sengun

- RELEASE-NOTES: synced with 380bade777
  
  5 new bugfixes, 2 new changes and 4 new contributors

- TODO: remove active FTP from section 2.1
  
  It is no longer done blocking in the multi interface

- libcurl docs: add the new FTP accept option + errors

- timeleft_accept: ack global timeout, moved to ftp.c
  
  First off the timeout for accepting a server connect back must of course
  respect a global timeout. Then the timeleft function is only used by ftp
  code so it was moved to ftp.c and made static.

- libcurl-tutorial.3: curl doesn't sent pragma no-cache
  
  It did a long time ago

- libcurl-multi.3: active FTP is no longer blocking!

- FTP: move FTP-specific struct field to ftpc_conn
  
  "wait_data_conn" was added to the connectionbits in commit c834213ad5 for
  handling active FTP connections but as it is purely FTP specific and now
  only ever accessed by ftp.c I moved it into the FTP connection struct.

- non-blocking active FTP: cleanup multi state usage
  
  Backpedaled out the funny double-change of state in the multi state
  machine by adding a new argument to the do_more() function to signal
  completion. This way it can remain in the DO_MORE state properly until
  done. Long term, the entire DO_MORE logic should be moved into the FTP
  code and be hidden from the multi code as the logic is only used for
  FTP.

- [Gokhan Sengun brought this change]

  FTP: perform active connections non-blocking
  
  1- Two new error codes are introduced.
  
  CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of
  FTP server connected.
  
  CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts.
  
  Neither of these errors are considered fatal and control connection
  remains OK because it could just be a firewall blocking server to
  connect to the client.
  
  2- One new setopt option was introduced.
  
  CURLOPT_ACCEPTTIMEOUT_MS
  
  It sets the maximum amount of time FTP client is going to wait for a
  server to connect. Internal default accept timeout is 60 seconds.

- sockets: new Curl_socket_check() can wait for 3 sockets
  
  This offers an alternative to the existing Curl_socket_ready() API which
  only checks one socket for read and one for write.

- [Cédric Deltheil brought this change]

  curl.h: add __ANDROID__ macro check
  
  When working with the Android Standalone Toolchain the compiler defines
  this macro:
  
    /path/to/arm-linux-androideabi-gcc -E -dM - < /dev/null \
    | grep -i android
    #define __ANDROID__ 1
  
  We really need to check both ANDROID and __ANDROID__ since I've observed
  that:
  
  * if you use Android.mk file(s) and the 'ndk-build' script (aka vanilla
  way), ANDROID is predefined (see -DANDROID extra C flag),
  
  * if you use the Android Standalone Toolchain, then __ANDROID__ is
  predefined as stated by the compiler

- lib500: verify timers relative each other
  
  As commit ce896875f8 fixed a timer that accidentally had been moved in
  code and then returned a bad timer, the lib500.c code (used in test 500
  and some others) now verifies 5 timers against each other to verify that
  they have the correct relative values. We cannot compare against
  absolute values as the timings will vary a lot.

- Curl_pgrsTime: store now in an auto variable
  
  It makes it easier to introduce debug outputs in this function, and
  everything in the function is using the value anyway so it might even be
  more efficient.

- timer: restore PRETRANSFER timing
  
  Regression introduced in 7.23.0 with commit 9dd85bce. The function in
  which the PRETRANSFER time stamp was recorded was moved in time causing
  it be stored very quickly after the start timestamp. On most systems
  shorter than 1 millisecond and thus it wouldn't even show with -w
  "%{time_pretransfer}" using the command line tool.
  
  Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html
  Reported by: Toni Moreno

- [Bernhard Reutner-Fischer brought this change]

  libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
  
  Parameters were underquoted, resulting in
  warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
  
  Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>

- gitignore: ignore the symbol versioning file

- tutorial: remove CURLM_CALL_MULTI_PERFORM add sharing
  
  The CURLM_CALL_MULTI_PERFORM reference is an old leftover I had to
  remove.
  
  I also added some blurb to the previously blank "sharing" section.

- [Alessandro Ghedini brought this change]

  configure: add symbols versioning option
  
  Allow, at configure time, the production of versioned symbols. The
  symbols will look like "CURL_<FLAVOUR>_<VERSION> <SYMBOL>", where
  <FLAVOUR> represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...),
  <VERSION> is the major SONAME version and <SYMBOL> is the actual symbol
  name. If no SSL library is enabled the symbols will be just
  "CURL_<VERSION> <SYMBOL>".

- [Sven Wegener brought this change]

  Use Curl_ssl_connect for non-blocking connect fallback
  
  This gets the appconnect time right for ssl backends, which don't
  support non-blocking connects.
  
  Signed-off-by: Sven Wegener <sven.wegener@stealer.net>

- RELEASE-NOTES: synced with af9bc1604c1
  
  One new feature, one bug fix. Introduced references in this file for
  mentioned issues after this discussion:
  http://curl.haxx.se/mail/lib-2011-12/0187.html
  
  The plan is to let the references get moved over to the changes.html
  file at release-time

- curl.1: minor white space cleanup

- [Alessandro Ghedini brought this change]

  docs: improve description of the --capath option
  
  Document the possibility of providing multiple values using the ":"
  separator, and the fact that the default value will be ignored if the
  option is used.

- [Steve Holme brought this change]

  DOCS: Added SMTP information to CURLOPT_INFILESIZE

- Curl_proxyCONNECT: use newlines in debug output

- curl -F: fix multiple file upload with custom type
  
  Test case 1315 was added to verify this functionality. When passing in
  multiple files to a single -F, the parser would get all confused if one
  of the specified files had a custom type= assigned.
  
  Reported by: Colin Hogben

- [Colin Hogben brought this change]

  New test for multiple file upload
  
  test 1315 checks correct behaviour when uploading multiple files.
  Buggy behaviour has been seen where only two attachments are sent.

Yang Tse (15 Dec 2011)
- configure: libtool 1.5 tweaks

Daniel Stenberg (15 Dec 2011)
- [Colin Hogben brought this change]

  Correct substitution var names
  
  Two variable names were wrong in the documentation.

- [Colin Hogben brought this change]

  Correct default upload mimetype in manual
  
  The default content-type for file uploads is application/octet-stream,
  not text/plain as stated in the MANUAL.

- [Alessandro Ghedini brought this change]

  docs: fix typo in curl_easy_setopt manpage

Yang Tse (13 Dec 2011)
- if2ip.[ch]: fix compilation with MinGW
  
  Avoid 'interface' literal that some MinGW versions define as a macro

- connect.c: fix compiler warning 'enumerated type is mixed with another type'

- if2ip.c: fix compiler warning 'unused parameter'

- pop3.c: fix compiler warning variable may be used uninitialized

- if2ip.c: fix compiler warning 'enumerated type is mixed with another type'

Daniel Stenberg (12 Dec 2011)
- [Jason Glasgow brought this change]

  CURLOPT_INTERFACE: avoid resolving interfaces names
  
  Do not try to resolve interfaces names via DNS by recognizing interface
  names in a few ways.  If the interface option argument has a prefix of
  "if!" then treat the argument as only an interface.  Similarly, if the
  interface argument is the name of an interface (even if it does not have
  an IP address assigned), treat it as an interface name.  Finally, if the
  interface argument is prefixed by "host!" treat it as a hostname that
  must be resolved by /etc/hosts or DNS.
  
  These changes allow a client using the multi interfaces to avoid
  blocking on name resolution if the interface loses its IP address or
  disappears.

- RELEASE-NOTES: synced with 1259ccf7474
  
  5 more bugfixes, 5 more contributors

- [Steve Holme brought this change]

  ConnectionExists: Fix reuse for TLS upgraded connections
  
  Fixed the connection reuse detection in ConnectionExists() when
  comparing a new connection that is non-SSL based against that of a SSL
  based connection that has become so by being upgraded via TLS.

- create_conn: don't switch to HTTP protocol if tunneling is enabled
  
  This is a regression since who knows when. When spotting that a HTTP
  proxy is used we must not uncondititionally enable the HTTP protocol
  since if we do tunneling through the proxy we're still using the target
  protocol.
  
  Reported by: Naveen Chandran

- FAQ: add --resolve details to question 3.19

- [Gokhan Sengun brought this change]

  Curl_closesocket: clear sock_accepted on close
  
  As a follow-up from commit d5b5f64bce3a8, clear the sock_accepted status
  when such a socket is closed to avoid a re-used connection to retain the
  state wrongly.
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0079.html

- static SSL windows builds: add more libs to the link
  
  Starting with some recent OpenSSL versions (1.0.0e was mentioned)
  linking with a static openssl requires a set of more libs to be linked
  on Windows.
  
  Thanks also to Steve Holme and Martin Storsjö for additional feedback.
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
  Reported by: Ward Willats

- [Gokhan Sengun brought this change]

  multi interface: fix block when CONNECT_ONLY option is used

Dan Fandrich (6 Dec 2011)
- Added some include files in a couple of example programs
  
  This improves portability of the examples.  This patch was
  submitted to the OpenBSD ports collection by naddy.

Daniel Stenberg (6 Dec 2011)
- MakefileBuild: fix the static build
  
  This is a left-over fix from commit b7e242de0e that Tom Wright
  suggested.
  
  Reported by: Ward Willats

- OpenSSL: check for the SSLv2 function in configure
  
  If no SSLv2 was detected in OpenSSL by configure, then we enforce the
  OPENSSL_NO_SSL2 define as it seems some people report it not being
  defined properly in the OpenSSL headers.

- CURLOPT_CONNECTTIMEOUT: default is 300 seconds
  
  If the option is set to 0, the default timeout will be used - which in
  modern libcurl versions equals 300 seconds (== 5 minutes).
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0051.html
  Reported by: Vladimir Grishchenko

- [Rob Ward brought this change]

  progress function example: include timed interval
  
  Adds a timer based off of CURLINFO_TOTAL_TIME that is used to perform
  certain actions after a minimum amount of time has passed using the
  progress function. As a consequence the curl handle is now also passed
  into the progress function. Progress example now also includes an
  example of how to retreive the TOTAL_TIME and print it out.

- RELEASE-NOTES: synced with 347f951c390
  
  8 more bugs, 5 more contributors

- SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
  
  When a 32 digit hex key is given as a hostkey md5 checksum, the code
  would still run it against the knownhost check and not properly
  acknowledge that the md5 should then be the sole guide for.
  
  The verbose output now includes the evaluated MD5 hostkey checksum.
  
  Some related source code comments were also updated.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3451592
  Reported by: Reza Arbab

- Curl_resolver_is_resolved: differentiate between host/proxy errors
  
  As there are different return codes for host vs proxy errors, this function
  now properly returns the code properly depending on what was attempted to get
  resolved.
  
  Bug: http://curl.haxx.se/mail/archive-2011-12/0010.html
  Reported by: Jason Liu

- c-ares: return proxy failure for all proxy types
  
  When making a distinction which return code to return, the code previously
  only regarded HTTP proxies to be proxies and thus return host-related errors
  for failures on other proxy types than HTTP. Now all proxy types will be
  considered proxies...

- FTP: close callback fix
  
  Keep track of which sockets that are the result of accept() calls and
  refuse to call the closesocket callback for those sockets. Test case 596
  now verifies that the open socket callback is called the same number of
  times as the closed socket callback for active FTP connections.
  
  Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html
  Reported by: Gokhan Sengun

- FTP: call opensocket callback properly
  
  When the new socket is created for an active connection, it is now done
  using the open socket callback.
  
  Test case 596 was modified to run fine, although it hides the fact that
  the close callback is still called too many times, as it also gets
  called for closing sockets that were created with accept().

- Curl_socket: internal replacement for socket()
  
  Moved out into a separate function to work as a "generic" socket()
  replacement.

- test: verify the opensocket callback for FTP
  
  test 595: for passive FTP
  test 596: for active FTP

- [Jason Glasgow brought this change]

  CURLOPT_DNS_SERVERS: set name servers if possible (fix)
  
  Ensure that CURLE_OK is returned if setting the name servers is successfull.

- multi interface: only use non-NULL function pointer!
  
  If the socket callback function pointer hasn't been set, we must not
  attempt to use it. Commit adc88ca20 made it more likely to occur.

- [Jason Glasgow brought this change]

  multi: handle timeouts on DNS servers by checking for new sockets
  
  If the first name server is not available, the multi interface does
  not invoke the socket_cb when the DNS request to the first name server
  timesout.  Ensure that the list of sockets are always updated after
  calling Curl_resolver_is_resolved.
  
  This bug can be reproduced if Curl is complied with --enable_ares and
  your code uses the multi socket interfaces and the
  CURLMOPT_SOCKETFUNCTION option.  To test try:
    iptables -I INPUT \
             -s $(sed -n -e '/name/{s/.* //p;q}' /etc/resolv.conf)/32 \
             -j REJECT
  and then run a program which uses the multi-interface.

- test 815: verify POP3 dot-first-on-line unescaping

- [Steve Holme brought this change]

  POP3: fixed escaped dot not being striped out
  
  Changed the eob detection to work across the whole of the buffer so that
  lines that begin with a dot (which the server will have escaped) are
  passed to the client application correctly.

Yang Tse (30 Nov 2011)
- buildconf: follow-up for commit 7e02f7fd

- buildconf: fix libtool 1.5.x warnings triggered with autoconf 2.6x or later
  
  Using libtool 1.5.x (x < 26) with autoconf 2.6x or later generates warnings
  due to some libtool variables not following naming convention for variables
  that will be cached.
  
  This is addressed renaming a couple of variables to make these follow expected
  naming convention.

Daniel Stenberg (30 Nov 2011)
- RELEASE-NOTES: synced with 1038d0aa1
  
  5 bugfixes and 1 new contributor

Yang Tse (29 Nov 2011)
- pop3.c: fix compiler warning

- configure: avoid usage of macro PKG_CHECK_MODULES
  
  libidn option adjusted in order to use pkg-config info when available
  in a similar way as we already do for other libraries.

Daniel Stenberg (29 Nov 2011)
- POP3: detect when LIST returns no mails
  
  By making sure the function can detect an "end of body" sequence
  immediately on the first line, test 811 is now enabled.

- ftpserver: output CRLF in logs
  
  Previously the log function would just filter out all CR and LF
  occurances from the log to make it more readable. This had the downside
  that it made it very hard to see CR LFs when they actually matters.
  
  Now, they're instead converted to "[CR]" and "[LR]" in the log to become
  apparent to readers.

- POP3: fix end of body detection
  
  Curl_pop3_write() now has a state machine that scans for the end of a
  POP3 body so that the CR LF '.' CR LF sequence can come in everything
  from one up to five subsequent packets.
  
  Test case 810 is modified to use SLOWDOWN which makes the server pause
  between each single byte and thus makes the POP3 body get sent to curl
  basically one byte at a time.

- test: added POP3 test with dot-prefixed line
  
  Test 815 is disabled for now since libcurl currently doesn't unescape
  such lines the way it should. See mail:
  
  http://curl.haxx.se/mail/lib-2011-11/0324.html

- configure: fix to make older pkg-config play well
  
  configure.ac:1349: error: possibly undefined macro: PKG_CONFIG_LIBDIR
  
  Obviously this is not a problem with pkg-config 0.26 but older versions
  seem to show this.
  
  Fix suggested by: Kamil Dudka
  Reported by: Guenter
  Bug: http://curl.haxx.se/mail/lib-2011-11/0298.html

- test 1211: FTP test to repeat bug #3429299
  
  "Active FTP hangs if server does not open data connection"
  
  The server first sends a 150 and then when libcurl waits for the data
  transfer, the server sends a 425.

- [Mark Brand brought this change]

  configure: add support for pkg-config detection of libidn

- FTP tests 1206 - 1209: don't expect QUIT
  
  The protocol parts for these tests do not include QUIT simply because
  the error is CURLE_OPERATION_TIMEDOUT (28) which is a generic timeout
  error without specificly saying for which connection it concerns, and
  for timeouts libcurl marks the control channel as "invalid". As this
  test case times out for the data connection it could still use the
  control channel.

Yang Tse (25 Nov 2011)
- CyaSSL 2.0+ library initialization adjustment

Daniel Stenberg (25 Nov 2011)
- [Jonas Schnelli brought this change]

  rectify comment

- SSLSESSION_SHARED: new macro to check if session is shared
  
  Added convenience macro to use to check if a handle is using a shared
  SSL session, and fixed so that Curl_ssl_close_all() doesn't lock when
  the session isn't shared.

Yang Tse (25 Nov 2011)
- telnet.c: fix MSVC compiler warning

- tvdiff_secs(): sub-zero time difference adjustment
  
  Skip a floating point addition operation when integral part of time difference
  is zero. This avoids potential floating point addition rounding problems while
  preserving decimal part value.

Daniel Stenberg (25 Nov 2011)
- telnet: fix macros to allow proper semicolon use
  
  Macros that look like function calls need to be made so that we can use
  semicolons properly for indentation and for reducing the risk for
  mistakes when using them.

- [Laurent Rabret brought this change]

  TELNET: improved treatment of options
  
  1) enables the Window Size option
  2) allows the server to enable the echo mode
  3) allows an app using libcurl to disable the default binary mode
  
  Signed-off-by: Laurent Rabret

- RELEASE-NOTES: synced with 2c905fd1f82

- [Jonas Schnelli brought this change]

  query-part: ignore the URI part for given protocols
  
  By setting PROTOPT_NOURLQUERY in the protocol handler struct, the
  protocol will get the "query part" of the URL cut off before the data is
  handled by the protocol-specific code. This makes libcurl adhere to
  RFC3986 section 2.2.
  
  Test 1220 is added to verify a file:// URL with query-part.

- symbols.pl: provide LIBCURL_HAS macro for apps
  
  Experience has shown that the symbols-in-versions file is very useful to
  applications that want to build with a wide range of libcurl versions.
  It is however easy to get it wrong and the source gets a bit messy with
  all the fixed numerical comparisions.
  
  The point of this script is to provide an easy-to-use macro for libcurl-
  using applications to do preprocessor checks for specific libcurl
  defines, and yet make the code clearly show what the macro is used for.

Yang Tse (24 Nov 2011)
- lib573.c: fix double data type variable comparison with zero

- getinfo.c: reset app connect time when clearing session-info time variables

- Fix unreleased regression when using windows gnutls versions older than 2.8

Daniel Stenberg (23 Nov 2011)
- [Mark Brand brought this change]

  gnutls: only translate winsock errors for old versions
  
  Bugfix: https handshake fails using gnutls 3 on windows
  http://sourceforge.net/tracker/index.php?func=detail&aid=3441084&group_id=976&atid=100976
  
  New gnutls versions have an error handler that knows about Winsock
  errors, which is why gnutls_transport_set_global_errno() was deprecated
  and then removed.
  
  This is a correction of commit f5bb370 (blame me) which meant to
  reimplement gnutls_transport_set_global_errno(), which is not necessary.

- protocol_connect: show verbose connect and set connect time
  
  Regression: commit b998d95b (shipped first in release 7.22.0) made the
  condition always equal false that should reset the TIMER_CONNECT timer
  and call the Curl_verboseconnect() function.
  
  Reported by: "Captain Basil"
  Bug: http://curl.haxx.se/mail/archive-2011-11/0035.html

- -J -O: use -O name if no Content-Disposition header comes!
  
  A regression between 7.22.0 and 7.23.0 -- downloading a file with the
  flags -O and -J results in the content being written to stdout if and
  only if there was no Content-Disposition header in the http response. If
  there is a C-D header with a filename attribute, the output is correctly
  written.
  
  Reported by: Dave Reisner
  Bug: http://curl.haxx.se/mail/archive-2011-11/0030.html

- [Martin Storsjo brought this change]

  Add support for using nettle instead of gcrypt as gnutls backend

- [Jonas Schnelli brought this change]

  test: SFTP quote commands with * prefix
  
  Related to the f64812ca63 commit

- CURLOPT_QUOTE: SFTP supports the '*'-prefix now

- [Jonas Schnelli brought this change]

  SFTP: support '*' prefix for quote operations
  
  prefixing a command with '*' means it is allowed to fail without
  aborting the chain actions

- getsessionid: don't ever return while locked
  
  Also, check for the session sharing bit instead of comparing pointers

- Curl_ssl_getsessionid: increase the value, not the pointer

- THANKS: one new contributor in 7.23.1

- [Alejandro Alvarez Ayllon brought this change]

  SSL session share: move the age counter to the share object
  
  Previously the age counter would be counted individually in each easy
  handle that shared SSL sessions!

- [Alejandro Alvarez Ayllon brought this change]

  libtest build: add the missing lib586

- [Jason Glasgow brought this change]

  CURLOPT_DNS_SERVERS: set name servers if possible

- RELEASE-NOTES: correct the release and contributor numbers

Version 7.23.1 (17 Nov 2011)

Daniel Stenberg (17 Nov 2011)
- FindWin32CACert: return OK even if CA cert isn't found
  
  Bug: http://curl.haxx.se/mail/lib-2011-11/0180.html
  Reported by: Mark Brand

Dan Fandrich (16 Nov 2011)
- curl has been built on many Android versions

Daniel Stenberg (15 Nov 2011)
- 7.24.0: start the work

- THANKS: added 18 new contributors from 7.23.0

Version 7.23.0 (14 Nov 2011)

Dan Fandrich (14 Nov 2011)
- curl_easy_setopt arguments should be of type long in the examples

Daniel Stenberg (12 Nov 2011)
- RELEASE-NOTES: synced with 10120e6a
  
  one more bug fix and contributor

- progress_cb: avoid buffer overflow
  
  The progress bar output function would blindly use the terminal width
  without bounds checking. When using a very wide terminal that caused a
  buffer overflow and segfault.
  
  We now limit the max bar with to 255 columns, and I simplified the code
  to avoid an extra snprintf and buffer.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3435710
  Reported by: Alexey Zakhlestin

Yang Tse (11 Nov 2011)
- Active mode FTP test cases with server not establishing data connection
  
  591 -> FTP multi PORT and 425 on upload
  592 -> FTP multi PORT and 421 on upload
  593 -> FTP multi PORT upload, no data conn and no transient neg. reply
  594 -> FTP multi PORT upload, no data conn and no positive prelim. reply
  
  1206 -> FTP PORT and 425 on download
  1207 -> FTP PORT and 421 on download
  1208 -> FTP PORT download, no data conn and no transient negative reply
  1209 -> FTP PORT download, no data conn and no positive preliminary reply

Guenter Knauf (8 Nov 2011)
- Fix to skip untrusted certs.

Daniel Stenberg (6 Nov 2011)
- RELEASE-NOTES: synced with e3166df1bb3
  
  4 new bugfixes, 2 more contributors

- ftp PORT: don't hang if bind() fails
  
  When the user requests PORT with a specific port or port range, the code
  could lock up in an endless loop. There's now an extra conditional that
  makes sure to special treat the error and try the local address only
  once so a second failure will abort the loop correctly.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3433968
  Reported by: Gokhan Sengun

- pingpong: change two comments wrongly referring "FTP"
  
  Just a sign of where the code originally was ripped out from. Now it is
  generic "pingpong".

- test 590: verify the bug fix in 4851dafcf1
  
  This test is created to verify Rene Bernhardt's patch which makes sure
  libcurl properly _not_ deals with Negotiate if not asked to even if the
  proxy says it can serve it.

- [Rene Bernhardt brought this change]

  HTTP auth: fix proxy Negotiate bug
  
  If a proxy offers several Authentication schemes where NTLM and
  Negotiate are offered by the proxy and you tell libcurl not to use the
  Negotiate scheme then the request never returns when the proxy answers
  with its HTTP 407 reply.
  
  It is reproducible by the following steps:
  
  - Use a proxy that offers NTLM and Negotiate ( CURLOPT_PROXY and
  CURLOPT_PROXYPORT )
  
  - Tell libcurl NOT to use Negotiate CURL_EASY_SETOPT(CURLOPT_PROXYAUTH,
  CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM )
  
  - Start the request
  
  The call to CURL_EASY_PERFORM never returns. If you switch on debug
  logging you can see that libcurl issues a new request As soon as it
  received the 407 reply. Instead it should return and set the response
  code to 407.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0323.html

Yang Tse (4 Nov 2011)
- ssluse.c: fix calling of OpenSSL's ERR_remove_state(0)
  
  Move calling of ERR_remove_state(0) a.k.a ERR_remove_thread_state(NULL)
  from Curl_ossl_close_all() to Curl_ossl_cleanup().
  
  In this way ERR_remove_state(0) is now only called in libcurl by
  curl_global_cleanup(). Previously it would get called by functions
  curl_easy_cleanup(), curl_multi_cleanup and potentially each time a
  connection was removed from a connection cache leading to premature
  destruction of OpenSSL's thread local state hash.
  
  Multi-threaded apps using OpenSSL enabled libcurl should still call
  function ERR_remove_state(0) or ERR_remove_thread_state(NULL) at the
  very end end of threads that do not call curl_global_cleanup().

- tool_cb_wrt.c: disambiguate warning message

- tool_cfgable.c: pending check done

- url.c and file.c: fix OOM triggered segfault

Daniel Stenberg (3 Nov 2011)
- rename ftp_ssl: the struct field is used for many protocols
  
  Now called 'use_ssl' instead, which better matches the current CURLOPT
  name and since the option is used for all pingpong protocols (at least)
  it makes sense to not use 'ftp' in the name.

Yang Tse (2 Nov 2011)
- [Daniel Stenberg brought this change]

  gtls_connect_step1: remove use of deprecated functions
  
  Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority().
  
  Remove the gnutls_certificate_type_set_priority() use since x509 is the
  default certificate type anyway.
  
  Reported by: Vincent Torri

- url.c and transfer.c: nullify connection pointer when free()'ed

- FTP test server: NODATACONN commands follow-up
  
  Make NODATACONN425 and NODATACONN421 return a 150 positive preliminary reply
  before 425 or 421.
  
  New NODATACONN150 returns 150 without further positive nor negative reply
  
  Now NODATACONN doesn't reply anything at all.

- multi.c: OOM handling fix

- FTP test server: NODATACONN commands follow-up
  
  Make NODATACONN custom commands apply to both active and passive FTP,
  and ensure 425 and 421 are not returned unless data channel usage is
  attempted.

- tool_cb_see.h: fix compiler warning

- setup.h: fix compiler warning

- FTP test server: NODATACONN commands commit c761fcb0 follow-up
  
  Adjustments that make NODATACONN custom commands fully usable.

Daniel Stenberg (30 Oct 2011)
- [Dave Reisner brought this change]

  doc/curl.1: fix sentence with ending for -# option
  
  Try to be a little more descriptive about the effect of this flag,
  rather than parroting what was said in the paragraph just above.

Yang Tse (30 Oct 2011)
- FTP test server: fix server unresponsiveness
  
  Some torture tests left FTP test server in an unresponsive state, resulting
  in torture tests that actually completed following unexpected code paths.
  
  Changes in this commit solely address this issue and some adjustments for
  ftpserver.pl logging relative to data channel establishment and tear down.
  Pending NODATACONN relative adjustments reserved for a further commit.

- runtests.pl: running server checks - commit 4464583a follow-up
  
  Ensure verification takes place with no server commands file.
  Ignore verbose setting for running server precheck.
  Tweak unresponsive server message, to allow detection by haxx.se scripts.

- gtls.c: gnutls_transport_set_global_errno() deprecated in version 2.12.3

- runtests.pl: running server checks - commit 3676ec96 follow-up
  
  Fix called sub when checking TFTP server, and adjust message.

- runtests.pl: running server checks - commit 4464583a follow-up
  
  Extended server checks to others in addition to pingpong when torture testing.

- lib589.c: add CURLOPT_READDATA missing stuff

- ftpserver.pl: three new custom FTP server commands to disable data channel
  
  NODATACONN421: applies only to active FTP mode, instructs server to not
  establish data connection back to client and reply with FTP 421.
  
  NODATACONN425: applies only to active FTP mode, instructs server to not
  establish data connection back to client and reply with FTP 425.
  
  NODATACONN: applies to both active and passive FTP modes, instructs server
  to not establish nor accept a data channel and fool client into believing
  that the data channel connection is possible.
  
  Some polishing probably required.

- multi.c: OOM handling fix
  
  Fix curl_multi_cleanup() segfault when using weird cleanup sequence.

Daniel Stenberg (27 Oct 2011)
- multi: start ftp state machine when switching to DO_MORE
  
  This extends the fix from commit d7934b8bd491
  
  When the multi state is changed within the multi_runsingle from DOING to
  DO_MORE, we didn't immediately start the FTP state machine again. That
  then left the FTP state in FTP_STOP. When curl_multi_fdset() was
  subsequently called, the ftp_domore_getsock() function would return the
  wrong fd info.
  
  Reported by: Gokhan Sengun

- libcurl-multi.3: update the list of areas still blocking

Yang Tse (26 Oct 2011)
- test 589: active FTP upload using multi timeout and EPRT disabled server

- multi tests: OOM handling fixes - commit 629d2e34 follow-up

Patrick Monnerat (26 Oct 2011)
- - Prepare the ILE/RPG binding and OS400 documentation for the upcoming release

Daniel Stenberg (25 Oct 2011)
- RELEASE-NOTES: synced with 4464583a6ed
  
  5 more bug fixes, 4 additional contributors

Yang Tse (25 Oct 2011)
- runtests.pl: running server checks
  
  When running torture tests, verify before each test case that required
  pingpong servers which are supposed to be alive are actually responsive.
  If found not responsive then restart them.

Daniel Stenberg (24 Oct 2011)
- dist: add test 587
  
  I created test 587 in commit 840eff44f2b but forgot to add the file to
  the tarball. Added now.

- test 588: verify active FTP with multi interface without EPRT
  
  This is using the verbatim 525 test code but it disables EPRT in the
  server and this should work just as well anyway.

- FTP server: allow EPRT by default
  
  EPRT is now supported by default by the server. To disable it, use the
  generic REPLY instruction in the <servercmd> tag. Test 116 now has it
  disabled. All other existing active FTP port tests strip out the port
  commands from the logs already so the change of the server isn't that
  noticable.

Yang Tse (24 Oct 2011)
- ftp.c: some OOM handling fixes

- ftpserver.pl: ensure integral number usage for passive mode string

Daniel Stenberg (24 Oct 2011)
- large headers: have curl accept >16K headers
  
  As commit 5850cc4808ab clarifies, libcurl can deliver header lines that
  are longer than CURL_MAX_WRITE_SIZE, only body data is limited to that
  size. The curl tool has check (when built debug-enabled) that made the
  wrong checks and this new test 1205 verifies that larger headers work.

- curl_easy_setopt.3: headers can be CURL_MAX_HTTP_HEADER bytes
  
  Mention this maximum header size for the header callback cases

- Merge pull request #25 from trtom/master
  
  make sure the static build uses the static build option!

- curl_easy_setopt.3: fix typo
  
  shoot, Dan Fandrich already had this pointed out...

- [Steve Holme brought this change]

  curl_easy_setopt: Added pop3 to CURLOPT_URL.
  
  Added pop3 username and password example as well as an explanation of
  how path part of the URL is used under pop3.
  
  Additionally have corrected a couple of typos.

Yang Tse (22 Oct 2011)
- tool_operate.c: OOM handling fix
  
  Move curl_easy_perform source code geneartion out of curl_easy_perform's loop
  for proper OOM handling and source code geneartion.

Daniel Stenberg (21 Oct 2011)
- curl_multi_fdset: correct fdset with FTP PORT use
  
  After a PORT has been issued, and the multi handle would switch to the
  CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would
  return the wrong fdset to wait for when curl_multi_fdset() is
  called. The code would blindly assume that it was waiting for a connect
  of the second connection, while that isn't true immediately after the
  PORT command.
  
  Also, the function multi.c:domore_getsock() was highly FTP-centric and
  therefore ugly to keep in protocol-agnostic code. I solved this problem
  by introducing a new function pointer in the Curl_handler struct called
  domore_getsock() which is only called during the DOMORE state for
  protocols that set that pointer.
  
  The new ftp.c:ftp_domore_getsock() function now returns fdset info about
  the control connection's command/response handling while such a state is
  in use, and goes over to waiting for a writable second connection first
  once the commands are done.
  
  The original problem could be seen by running test 525 and checking the
  time stamps in the FTP server log. I can verify that this fix at least
  fixes this problem.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html
  Reported by: Gokhan Sengun

Dan Fandrich (21 Oct 2011)
- Added some missing test case XML tags and keywords

Yang Tse (21 Oct 2011)
- file.c: OOM handling fix
  
  file_disconnect() free's resources for multi API

- multi.c: fix segfault

- runtests.pl: fix printing of multivalued error codes

- multi tests: OOM handling fixes
  
  Additionally, improved error checking and logging.

Dan Fandrich (20 Oct 2011)
- Fixed compilation when HTTP or cookies are disabled

Daniel Stenberg (20 Oct 2011)
- KNOWN_BUGS: #74 fixed
  
  Multiple auths in the same WWW-Authenticate header
  
  Fixed in commit 7d81e3f7193b8c

- Curl_http_input_auth: handle multiple auths in WWW-Authenticate
  
  The fix is pretty much the one Nick Zitzmann provided, just edited to do
  the right indent levels and with test case 1204 added to verify the fix.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0190.html
  Reported by: Nick Zitzmann

- Curl_smtp_escape_eob: first byte is index 0...
  
  Fix a bug with with commit 2621dd42a4d that happened due to my last
  second pre-commit cleanup of the change without proper testing
  afterwards!

- CURLM_CALL_MULTI_PERFORM: remove mention
  
  This return code has not been used since 7.20.0 so we can stop
  mentioning it for current libcurl.

Dan Fandrich (19 Oct 2011)
- Silenced a compiler warning about an unused variable

Daniel Stenberg (20 Oct 2011)
- [Tim Harder brought this change]

  gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
  
  The default lowat level for gnutls-2.12* is set to zero to avoid
  unnecessary system calls and the gnutls_transport_set_lowat function has
  been totally removed in >=gnutls-3 which causes build failures.
  
  Therefore, the function shouldn't be used except for versions that
  require it, <gnutls-2.12.0.

- Curl_smtp_escape_eob: fix EOB escaping
  
  As the EOB string can come byte by byte over a series of writes we must
  match byte-wise.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html

- RELEASE-NOTES: synced with ecbb08cea3cd6

- singleipconnect: unstick the ipv6-connection boolean
  
  Previously the bit was set before the connection was found working so if
  it would first fail to an ipv6 address and then connect fine to a IPv4
  address the variable would still be TRUE.
  
  Reported by: Thomas L. Shinnick
  Bug: http://curl.haxx.se/bug/view.cgi?id=3421912

Kamil Dudka (17 Oct 2011)
- nss: avoid a SIGSEGV with immature version of NSS
  
  Bug: https://bugzilla.redhat.com/733685

- nss: big cleanup in nss_load_cert() and cert_stuff()

- nss: refactor fmt_nickname() -> dup_nickname()
  
  Do not use artificial nicknames for certificates from files.

- nss: select client certificates by DER
  
  ... instead of nicknames, which are not unique.

Daniel Stenberg (17 Oct 2011)
- --epsv: fix typo
  
  Reported by: Thomas L. Shinnick

- --show-error: position indepdenent
  
  Previously we required that -S/--show-error was used _after_
  -s/--silent. This was slightly confusing since we strive to make
  arguments as position independent as possible.
  
  Now, you can use them in any order and the result should still be the
  same.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3424286
  Reported by: Andreas Olsson

- curl_multi_fdset: clarify the max_fd == -1 case
  
  Elaborate what max_fd == -1 means
  
  Remove the reference to CURLM_CALL_MULTI_PERFORM as modern libcurl
  versions don't ever return that.

- formdata: ack read callback abort
  
  When doing a multipart formpost with a read callback, and that callback
  returns CURL_READFUNC_ABORT, that return code must be properly
  propagated back and handled accordingly. Previously it would be handled
  as a zero byte read which would cause a hang!
  
  Added test case 587 to verify. It uses the lib554.c source code with a
  small ifdef.
  
  Reported by: Anton Bychkov
  Bug: http://curl.haxx.se/mail/lib-2011-10/0097.html

- TODO: have form functions use CURL handle argument

- [Dave Reisner brought this change]

  typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
  
  There might be situations where a user would want to unset this option.
  Avoid forcing him/her to cast the NULL argument to (char *) in order to
  get past the compile time typecheck.

- singleipconnect: don't clobber errno
  
  Save the errno value immediately after a connect() failure so that it
  won't get reset to something else before we read it.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0066.html
  Reported by: Frank Van Uffelen and Fabian Hiernaux

- [Michal Marek brought this change]

  docs: --xattr

Yang Tse (14 Oct 2011)
- file.c: fix compiler warning

- url.c: fix endless loop upon transport connection timeout
  
  Jerry Wu detected and provided detailed info about this issue.

- sws.c: HTTP and GOPHER test server-side connection closing adjustment
  
  When, for a given test, server is instructed to close connection after
  server reply we now wait a very small amount of time (50ms) before doing
  so. This is done to allow client to, at least partially, read server
  reply before getting an ECONNRESET.
  
  The above is required to make test cases 1070, 1200, 1201 and 1202 pass
  with Cygwin 1.5.X on W2K.
  
  GOPHER test server closes connection after _every_ server-reply, as such,
  at some point it could require a bigger time or using shutdown() before
  a server-side initiated disconnection.

- curl_gethostname.c: fix signed/unsigned comparison and avoid a double copy
  
  both introduced in 42be24af

- curl_ntlm_msgs.c: fix variable shadowing declaration introduced in 185ed340

- [Marcin Adamski brought this change]

  tftp.c: TFTP timeout and unexpected block adjustments
  
  Set ACK timeout to 5 seconds.
  
  If we are waiting for block X and receive block Y that is the expected one, we
  should send ACK and increase X (which is already implemented). Otherwise drop
  the packet and don't increase retry counter.

- multi.c: OOM handling fixes
  
  Prevent modification of easy handle being added with curl_multi_add_handle()
  unless this function actually suceeds.
  
  Run Curl_posttransfer() to allow restoring of SIGPIPE handler when
  Curl_connect() fails early in multi_runsingle().

- url.c: make line shorter than 80 chars

- OOM handling/cleanup slight adjustments

- OOM handling/cleanup slight adjustments

- lib540.c: OOM handling fixes making test 540 pass torture testing

Dan Fandrich (8 Oct 2011)
- RELEASE-NOTES: Fixed a couple of typos

Yang Tse (8 Oct 2011)
- telnet.c: fix compiler warning

- libcurl: some OOM handling fixes

- multi.c: OOM handling fixes making torture tests 560 580 581 pass

- test harness: non-stunnel https server integration overhaul

- curl tool: reviewed code moved to tool_*.[ch] files

- buildconf: warn about autoconf 2.67 and 2.68 generating bad/unusable scripts

- curl tool: fix compiler warning

- curl tool: OOM handling fixes

- curl tool: reviewed code moved to tool_*.[ch] files

- curl tool: OOM handling fixes

- curl tool: OOM handling fixes

- curl tool: OOM handling fixes

- curl tool: header inclusion adjustment

- curl tool: symbol check adjustment

- curl tool: header inclusion adjustment

- curl tool: code moved to tool_*.[ch] files

Daniel Stenberg (4 Oct 2011)
- curl_share_cleanup: avoid compiler warning
  
  Move the variable declaration to within the #ifdef

- struct Curl_share: provide sslsession unconditionally
  
  It makes much nicer and less convuluted code everywhere if this struct
  member is always present even when libcurl is built without SSL support.
  
  This reverts parts of commit 15e3e451702396e

- ftp: improved the failed PORT host name resolved error message

- codepolicing

- sspi build fix
  
  define away Curl_ntlm_sspi_cleanup() when no windows SSPI build

- [Steve Holme brought this change]

  smtp: Added support for NTLM authentication
  
  Modified smtp_endofresp() to detect NTLM from the server specified list
  of supported authentication mechanisms.
  
  Modified smtp_authenticate() to start the sending of the NTLM data.
  
  Added smtp_auth_ntlm_type1_message() which creates a NTLM type-1
  message. This function is used by authenticate() to start the sending
  of data and by smtp_state_auth_ntlm_resp() when the AUTH command
  doesn't contain the type-1 message as part of the initial response.
  This lack of initial response can happen if an OOM error occurs or the
  type-1 message is longer than 504 characters. As the main AUTH command
  is limited to 512 character the data has to be transmitted in two
  parts; one containing the AUTH NTLM and the second containing the
  type-1 message.
  
  Added smtp_state_auth_ntlm_type2msg_resp() which handles the incoming
  type-2 message and sends an outgoing type-3 message. This type-2
  message is sent by the server in response to our type-1 message.
  
  Modified smtp_state_auth_resp() to handle the response to: the AUTH
  NTLM without the initial response and the type-2 response.
  
  Modified smtp_disconnect() to cleanup the NTLM SSPI stack.

- [Steve Holme brought this change]

  Curl_ntlm_create_typeX_message: Added the outlen parameter
  
  Added the output message length as a parameter to both
  Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message()
  for use by future functions that require it.
  
  Updated curl_ntlm.c to cater for the extra parameter on these two
  functions.

- [Steve Holme brought this change]

  smtp: General tidy up ready for adding NTLM support
  
  Changed the name of variable l, in several functions, which represents
  the length of strings being sent to the server, to len which is more
  meaningful and consistent with other code in smtp.c and elsewhere.
  
  Reworked smtp_authenticate() to be simpler and easier to follow.
  Variables and now initialised in their definitions and if no username
  and password are specified the function sets the state to SMTP_STOP and
  returns immediately, rather than being part of a huge if statement.

Yang Tse (3 Oct 2011)
- curl tool: reviewed code moved to tool_*.[ch] files

Daniel Stenberg (3 Oct 2011)
- [Steve Holme brought this change]

  smtp_mail: fixed another memory leak
  
  ... introduced in 7f304ab84f560c

- [Dominique Leuenberger brought this change]

  m4: Use x in order to avoid variable 'x' set but not used [-Werror=unused-but-set-variable]
  
  This error could be caused by configure scripts being run with -Werror
  -Wall, which would lead to libcurl being detected as unusable.

- share: don't use SSL unless enabled
  
  Don't even declare the struct members for disabled features
  
  Introducing the CURLSHE_NOT_BUILT_IN return code for the share interface
  when trying to set a sharing option that has been disabled (or not
  enabled) in the library.

- multi: progress function abort must close connection
  
  When the progress function returns to cancel the request, we must mark
  the connection to get closed and it must do to the DONE state.
  
  do_init() must be called as early as possible so that state variables
  for new connections are reset early. We could otherwise see that the old
  values were still there when a connection was to be disconnected very
  early and it would make it behave wrongly.
  
  Bug: http://curl.haxx.se/mail/lib-2011-10/0006.html
  Reported by: Vladimir Grishchenko

- tutorial: clarify the handle sharing when treaded
  
  Previously there was wording that made people uncertain of the exact
  rules.
  
  Feedback by: Julien Royer and Georg Lippitsch
  URL: http://curl.haxx.se/mail/lib-2011-09/0357.html

- multi_runsingle: change state on callback abort
  
  Reported by: Marcin Adamski
  Bug: http://curl.haxx.se/mail/lib-2011-09/0329.html

Yang Tse (30 Sep 2011)
- curl tool: fix some more OOM handling

- Fix SSL disabled builds broken with 'SSL session sharing' commit 5793bc37

Daniel Stenberg (29 Sep 2011)
- smtp_mail: fix memory leak
  
  ... introduced in 7f304ab84f560c

- [Steve Holme brought this change]

  smtp_mail: Added support to MAIL FROM for the optional SIZE parameter
  
  The size of the email can now be set via CURLOPT_INFILESIZE. This
  allows the email to be rejected by the server, if supported, and the
  maximum size has been configured on the server.

- curlverh.h: next release will be 7.23.0

- RELEASE-NOTES: synced with 5898a6a09b211fc7e2
  
  Bumped next release version to become 7.23.0 for the changes

Dan Fandrich (28 Sep 2011)
- curl_easy_setopt: Added scp and sftp to the URL section

Daniel Stenberg (28 Sep 2011)
- [Steve Holme brought this change]

  curl_easy_setopt: A brief tidy up
  
  Slight rewording of the CURLOPT_URL SMTP sub-section.
  
  Corrected the incorrect use of hyphens on the three uses of
  "zero-terminated" with "zero terminated" to match the rest of the
  document.
  
  Corrected the use of an out of place hyphen in CURLOPT_NOPROXY section.

- configure openssl version check: handle lack of L suffix
  
  It seems some versions of the OpenSSL version defines don't come with L
  appended to the number, so let's deal with that nicely.

- [Alejandro Alvarez brought this change]

  SSL session sharing support added
  
  With locking, plus test, plus documentation

Yang Tse (28 Sep 2011)
- curl tool: adjust header callback single call write limit warning
  
  Maximum amount of data a header callback is supposed to get in
  a single call from libcurl is limited by the lowest value of
  CURL_MAX_WRITE_SIZE and CURL_MAX_HTTP_HEADER.

Daniel Stenberg (28 Sep 2011)
- multi docs: extended the multi_socket API description

- tests/README: extended and reformatted

Yang Tse (27 Sep 2011)
- [Albert Chin brought this change]

  configure - m4: make CURL_CHECK_DEF ignore leading whitespace on symbol def
  
  When using Sun C compiler the preprocessor somehow inserts an extra space
  in front of replaced symbol, breaking CURL_CHECK_DEF macro. To workaround
  this, macro CURL_CHECK_DEF now ignores all leading whitespace in front of
  symbol substitution result.

Guenter Knauf (27 Sep 2011)
- Added SPNEGO to NetWare build.

Yang Tse (26 Sep 2011)
- curl tool: fix a compiler warning

- curl tool: fix some OOM handling - f4853db5 follow-up

- curl tool: fix some OOM handling

- remove short-lived CURL_WRITEFUNC_OUT_OF_MEMORY

Guenter Knauf (26 Sep 2011)
- Added unsigned char* to _curl_is_debug_cb.

Daniel Stenberg (26 Sep 2011)
- [Steve Holme brought this change]

  smtp_connect: use defined buffer length for hostname

- [Steve Holme brought this change]

  Curl_ntlm_create_type3_message: Tidied up the use of Curl_gethostname.
  
  Removed the code that striped off the domain name when Curl_gethostname
  returned the fully qualified domain name as the function has been
  updated to return the un-qualified host name.
  
  Replaced the use of HOSTNAME_MAX as the size of the buffer in the call
  to Curl_gethostname with sizeof(host) as this is safer should the buffer
  size ever be changed.

- [Steve Holme brought this change]

  HOSTNAME_MAX: Moved to curl_gethostname.h
  
  Moved HOSTNAME_MAX #define into curl_gethostname.h rather than being
  locally defined in curl_gethostname.c, curl_ntlm_msgs.c and smtp.c.

- RELEASE-NOTES: synced with d2a47021c0a6

Yang Tse (25 Sep 2011)
- Q&D fix header inclusion order

- allow write callbacks to indicate OOM to libcurl
  
  Allow (*curl_write_callback) write callbacks to return
  CURL_WRITEFUNC_OUT_OF_MEMORY to properly indicate libcurl of OOM conditions
  inside the callback itself.

Guenter Knauf (25 Sep 2011)
- Changed some main makefile targets.

Daniel Stenberg (25 Sep 2011)
- curl_multi_fdset: avoid FD_SET out of bounds
  
  If a socket is larger than FD_SETSIZE, avoid using FD_SET() on the
  platforms where this is possible.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3413274
  Reported by: Tim Starling

Guenter Knauf (25 Sep 2011)
- Fixed MinGW examples makefile.

- NetWare makefile tweaks to select different builds.

Daniel Stenberg (25 Sep 2011)
- POST: always set postfieldsize
  
  When we use binary posts and regular ones intermixed on a single command
  line, we cannot do strlen() etc on the data to figure out the length
  (when inserting '&' and more). We must therefore keep track of the post
  data length. Then we also end up setting the libcurl option with the
  known size, so that we don't risk that libcurl will do strlen() on the
  data.
  
  This has the minor side-effect that --libcurl source codes now always
  will use CURLOPT_POSTFIELDSIZE but I don't consider that terribly
  damaging.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3413181
  Reported by: Taneli Vähäkangas

Yang Tse (24 Sep 2011)
- curl tool: fix a compiler warning

- curl tool: reviewed code moved to tool_*.[ch] files

Guenter Knauf (24 Sep 2011)
- Added header to be included by dist script.
  
  Probably the wrong place, but I dont know better.

Yang Tse (24 Sep 2011)
- curl tool: fix some OOM handling issues

Daniel Stenberg (24 Sep 2011)
- http header: allow Content-Length to be replaced
  
  In some cases Content-Length: couldn't be replaced by an application
  
  Also, indented some code properly

Guenter Knauf (23 Sep 2011)
- MinGW64 has this prototype already.

- Fixed scanf format for WORD = unsigned short.

- Added Win32-only samples.

- Added a workaround for printing size_t.

Daniel Stenberg (22 Sep 2011)
- Curl_pgrsStartNow: keep HEADERS_OUT set
  
  To avoid that the progress meter headers get output between each
  transfer, make sure the bits gets kept when (re-)inited.
  
  Reported by: Christopher Stone

Yang Tse (22 Sep 2011)
- curl tool: fix some OOM handling issues

- curl tool: reviewed code moved to tool_*.[ch] files
  
  my_setopt and my_setopt_str no longer ignores curl_easy_setopt result.
  
  Fixed some OOM handling issues.

Guenter Knauf (22 Sep 2011)
- Added NetWare examples makefile.

Yang Tse (22 Sep 2011)
- NTLM_WB: fix disabling of NTLM_WB when NTLM is disabled

Daniel Stenberg (21 Sep 2011)
- test 814: smtp without --mail-from
  
  Verifies the fix from commit 322f3d5af7093

- [Gisle Vanem brought this change]

  smtp: without a MAIL_FROM, send blank MAIL FROM
  
  I think curl should ignore this case and smtp.c should test for this.
  Since RFC-2821 seems to allow a "null reverse-path". Ref.  "MAIL
  FROM:<>" in section 3.7, page 25.

- [Dave Reisner brought this change]

  lib/http: add missing whitespace in verbose output
  
  Example:
  * upload completely sent off: 35out of 35 bytes
  
  Should be:
  * upload completely sent off: 35 out of 35 bytes

Guenter Knauf (21 Sep 2011)
- Another MinGW example makefile tweak.

- Fixed sample to compile for Windows platform.

Yang Tse (21 Sep 2011)
- curl tool: make my_setopt ignore curl_easy_setopt result again.
  
  Related code not ready yet for this kind of checks.

Guenter Knauf (21 Sep 2011)
- Changed suffix rules to pattern rules.
  
  Suffix rules cannot have any prerequisites of their own.

- Added dependency so that curlbuild.h is created.

- Some more MinGW build tweaks.
  
  Added envvars to specify OpenSSL include, libpath and lib.
  Added rule to create curlbuild.h from curlbuild.h.dist.

Yang Tse (21 Sep 2011)
- curl tool: reviewed code moved to tool_*.[ch] files
  
  my_setopt and my_setopt_str no longer ignores curl_easy_setopt result.
  
  Fixed some OOM handling issues.

- curl tool: reviewed code moved to tool_*.[ch] files
  
  Overhauled FindWin32CACert()

Guenter Knauf (20 Sep 2011)
- A bunch of MinGW build tweaks.
  
  All paths to dependencies now quoted; synced examples makefile.

- Changed Windows 64bit OS define to x86_64.
  
  Also added check for __x86_64__ define since MinGW64 seems to define
  the _M_X64 macro through a header not available for config-win32.h.

- Also skip certs masked as CKT_NSS_TRUST_UNKNOWN.
  
  Fix posted by Tomas Hoger <thoger redhat com>.

- Added _WIN32_WINNT define for IPv6 builds.

Daniel Stenberg (20 Sep 2011)
- Curl_follow: handle redirects to "//hostname/path"

Yang Tse (19 Sep 2011)
- curl tool: truly fix compiler warning

- curl tool: fix compiler warning

- curl tool: reviewed code moved to tool_*.[ch] files

Daniel Stenberg (18 Sep 2011)
- CURLOPT_URL docs: no need to mention function names

- [Steve Holme brought this change]

  CURLOPT_URL: Expanded URL description
  
  Expanded the section about CURLOPT_URL to include the format of the URL
  and detailed information and examples relating to specific protocols.

- [Steve Holme brought this change]

  Curl_gethostname: return un-qualified machine name
  
  Fixed Curl_gethostname() so that it always returns the un-qualified
  machine name rather than being dependent on the socket provider.
  
  Note: The return of getenv("CURL_GETHOSTNAME") is also parsed in case
  the developer / test harness provided a fully qualified domain name as
  it's value as well.

Yang Tse (18 Sep 2011)
- curl tool: create tool_myfunc.[ch] which later on will hold my_* functions
  
  Additionally function my_useragent() now provides default User-Agent string

- curl tool: reorder free_config_fields() field handling
  
  Reorder handling of fields to match same order as the one given by current
  definition order of 'Configurable' struct fields. Fields currently not handled
  marked for further inspection.

Guenter Knauf (17 Sep 2011)
- Fixed MinGW WinIDN lib dependency.

Yang Tse (17 Sep 2011)
- tool_convert.c: fix no newline at end of file

- curl tool: add new files to Symbian's .mmp project file

- curl tool: move 'Configurable' and free_config_fields() to tool_cfgable.[ch]
  
  Reviewing fields being free'd in free_config_fields() still pending

- src/setup.h: add conditional include of assert.h

- curl tool: move so called 'multi_files' stuff into tool_mfiles.[ch]
  
  Additionally some code reorganization and direct OOM handling fixes,
  just another step towards fixing curl tool issues uncovered 2011-09-15

- curl tool: move convert_* functions into tool_convert.[ch]
  
  Additionally fix data type of result vars for iconv() calls

- main.c: convert GetStr() into a macro to ease leak debugging